Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Overview

General Information

Sample Name:	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe
Analysis ID:	755946
MD5:	7b6dcd6fcd1c26b9abdba167929f4c82
SHA1:	04f11f07ef4a51b16383b5dde94f1af405893b45
SHA256:	e38f6fab27253171688423b0792d38be81e4c01cceb35c7bca05d2ebfc011ae9
Tags:	exe
Infos:

Detection

FormBook

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected FormBook

Malicious sample detected (through community Yara rule)

Yara detected AntiVM3

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Machine Learning detection for sample

Injects a PE file into a foreign processes

Tries to detect virtualization through RDTSC time measurements

C2 URLs / IPs found in malware configuration

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Antivirus or Machine Learning detection for unpacked file

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Found potential string decryption / allocating functions

Contains functionality to call native functions

Contains functionality for execution timing, often used to detect debuggers

Contains long sleeps (>= 3 min)

Enables debug privileges

Sample file is different than original file name gathered from version info

Contains functionality to read the PEB

Checks if the current process is being debugged

Binary contains a suspicious time stamp

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe (PID: 5448 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe MD5: 7B6DCD6FCD1C26B9ABDBA167929F4C82)

SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe (PID: 5572 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe MD5: 7B6DCD6FCD1C26B9ABDBA167929F4C82)

cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.imperiumtowns.xyz/b3es/"], "decoy": ["sweets.wtf", "apextama.com", "tygbs.com", "kumaoedu.com", "bestbathroomremodeling.club", "lnshykj.com", "nelsonanddima.com", "falunap.info", "codyhinrichs.com", "2797vip.com", "danutka.com", "3o2t307a.com", "kellymariewest.com", "profilelonn.online", "procan.website", "sopjimmy.com", "xn--skdarkae-55ac80i.net", "entitymanaged.com", "melitadahl.art", "joineguru.net", "good-meme.com", "creditconepts.com", "narafconstruction.com", "paspsichologa.com", "rancho365.com", "rimplefeel.com", "kingsub.online", "cnsrdns.com", "billythepainter.com", "clientevirtualpdf.net", "marycruzruiz.com", "renaultcikmaparca.xyz", "1600156.com", "paymallmart.info", "garafe.com", "fredrikk.net", "gogo-tunisia.space", "center-me.com", "xiaohuayhq.com", "xn--h49a60xt7azzcm91a.com", "unidiliobobo.info", "libertypolestore.com", "20111210.net", "atraofix.online", "furniron.com", "mingyun58.com", "shfesmua.com", "rdougdigital.life", "safsip.com", "melon.town", "sagihigaibengo.net", "ethnicsbyak.com", "designoffaitheventsllc.com", "dpmforensics.com", "ripple-us.net", "fuyouhin-happiness.com", "conceptweb.online", "l453.net", "zenars.com", "mepcoonlinebill.com", "oonn99.xyz", "dackus.energy", "articvas.com", "yayuanlin.com"]}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.260745770.0000000003051000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000000.00000002.265052163.0000000004196000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000000.00000002.265052163.0000000004196000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x65d1:$a1: 3C 30 50 4F 53 54 74 09 40 0x349f1:$a1: 3C 30 50 4F 53 54 74 09 40 0x61e11:$a1: 3C 30 50 4F 53 54 74 09 40 0x1cf10:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x4b330:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x78750:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xad4f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x3916f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x6658f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x15c37:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83 0x44057:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83 0x71477:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000000.00000002.265052163.0000000004196000.00000004.00000800.00020000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9c88:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9f02:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x380a8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x38322:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x654c8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x65742:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x15a35:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x43e55:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x71275:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x15521:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x43941:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x70d61:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x15b37:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x43f57:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x71377:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x15caf:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x440cf:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x714ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa91a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x38d3a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x6615a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
00000000.00000002.265052163.0000000004196000.00000004.00000800.00020000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18b99:$sqlite3step: 68 34 1C 7B E1 0x18cac:$sqlite3step: 68 34 1C 7B E1 0x46fb9:$sqlite3step: 68 34 1C 7B E1 0x470cc:$sqlite3step: 68 34 1C 7B E1 0x743d9:$sqlite3step: 68 34 1C 7B E1 0x744ec:$sqlite3step: 68 34 1C 7B E1 0x18bc8:$sqlite3text: 68 38 2A 90 C5 0x18ced:$sqlite3text: 68 38 2A 90 C5 0x46fe8:$sqlite3text: 68 38 2A 90 C5 0x4710d:$sqlite3text: 68 38 2A 90 C5 0x74408:$sqlite3text: 68 38 2A 90 C5 0x7452d:$sqlite3text: 68 38 2A 90 C5 0x18bdb:$sqlite3blob: 68 53 D8 7F 8C 0x18d03:$sqlite3blob: 68 53 D8 7F 8C 0x46ffb:$sqlite3blob: 68 53 D8 7F 8C 0x47123:$sqlite3blob: 68 53 D8 7F 8C 0x7441b:$sqlite3blob: 68 53 D8 7F 8C 0x74543:$sqlite3blob: 68 53 D8 7F 8C
00000001.00000000.257340997.0000000000401000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000001.00000000.257340997.0000000000401000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x5251:$a1: 3C 30 50 4F 53 54 74 09 40 0x1bb90:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x99cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x148b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000001.00000000.257340997.0000000000401000.00000040.00000400.00020000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x8b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x959a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1a8f7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1b8fa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000001.00000000.257340997.0000000000401000.00000040.00000400.00020000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x17819:$sqlite3step: 68 34 1C 7B E1 0x1792c:$sqlite3step: 68 34 1C 7B E1 0x17848:$sqlite3text: 68 38 2A 90 C5 0x1796d:$sqlite3text: 68 38 2A 90 C5 0x1785b:$sqlite3blob: 68 53 D8 7F 8C 0x17983:$sqlite3blob: 68 53 D8 7F 8C
Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe PID: 5448	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe PID: 5448	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x638e0:$a1: 3C 30 50 4F 53 54 74 09 40
Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe PID: 5572	Windows_Trojan_Formbook_1112e116	unknown	unknown	0xc753a:$a1: 3C 30 50 4F 53 54 74 09 40
Click to see the 7 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
1.0.SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe.400000.0.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
1.0.SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe.400000.0.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x5451:$a1: 3C 30 50 4F 53 54 74 09 40 0x1bd90:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x9bcf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x14ab7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
1.0.SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe.400000.0.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x8d82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x148b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x143a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x149b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x14b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x979a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1361c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa493:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1aaf7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1bafa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
1.0.SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe.400000.0.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x17a19:$sqlite3step: 68 34 1C 7B E1 0x17b2c:$sqlite3step: 68 34 1C 7B E1 0x17a48:$sqlite3text: 68 38 2A 90 C5 0x17b6d:$sqlite3text: 68 38 2A 90 C5 0x17a5b:$sqlite3blob: 68 53 D8 7F 8C 0x17b83:$sqlite3blob: 68 53 D8 7F 8C

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	ReversingLabs: Detection: 41%
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Virustotal: Detection: 45%			Perma Link

Yara detected FormBook

Source: Yara match	File source: 1.0.SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.265052163.0000000004196000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000000.257340997.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Machine Learning detection for sample

Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Joe Sandbox ML: detected

Source: 1.0.SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe.400000.0.unpack

Avira: Label: TR/Crypt.ZPACK.Gen

Source: 00000000.00000002.265052163.0000000004196000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: FormBook {"C2 list": ["www.imperiumtowns.xyz/b3es/"], "decoy": ["sweets.wtf", "apextama.com", "tygbs.com", "kumaoedu.com", "bestbathroomremodeling.club", "lnshykj.com", "nelsonanddima.com", "falunap.info", "codyhinrichs.com", "2797vip.com", "danutka.com", "3o2t307a.com", "kellymariewest.com", "profilelonn.online", "procan.website", "sopjimmy.com", "xn--skdarkae-55ac80i.net", "entitymanaged.com", "melitadahl.art", "joineguru.net", "good-meme.com", "creditconepts.com", "narafconstruction.com", "paspsichologa.com", "rancho365.com", "rimplefeel.com", "kingsub.online", "cnsrdns.com", "billythepainter.com", "clientevirtualpdf.net", "marycruzruiz.com", "renaultcikmaparca.xyz", "1600156.com", "paymallmart.info", "garafe.com", "fredrikk.net", "gogo-tunisia.space", "center-me.com", "xiaohuayhq.com", "xn--h49a60xt7azzcm91a.com", "unidiliobobo.info", "libertypolestore.com", "20111210.net", "atraofix.online", "furniron.com", "mingyun58.com", "shfesmua.com", "rdougdigital.life", "safsip.com", "melon.town", "sagihigaibengo.net", "ethnicsbyak.com", "designoffaitheventsllc.com", "dpmforensics.com", "ripple-us.net", "fuyouhin-happiness.com", "conceptweb.online", "l453.net", "zenars.com", "mepcoonlinebill.com", "oonn99.xyz", "dackus.energy", "articvas.com", "yayuanlin.com"]}

Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000001.00000003.257989308.0000000000CBF000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000001.00000003.260648591.0000000000E5F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000001.00000003.257989308.0000000000CBF000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000001.00000003.260648591.0000000000E5F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: www.imperiumtowns.xyz/b3es/

Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.248951472.0000000006016000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249535557.0000000006017000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.248773244.0000000006015000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249659691.000000000601C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249765760.000000000601C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.com
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250428092.0000000006028000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250339759.0000000006027000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comB.TTF1
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250551871.0000000006027000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250428092.0000000006028000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250339759.0000000006027000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comF
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250551871.0000000006027000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comF1
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250551871.0000000006027000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.258838031.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250428092.0000000006028000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266638604.0000000006027000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250339759.0000000006027000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.coma
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250551871.0000000006027000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comals
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.258838031.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266638604.0000000006027000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comce
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250428092.0000000006028000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250339759.0000000006027000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comessed
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250339759.0000000006027000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comi
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.258838031.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266638604.0000000006027000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comicom
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250428092.0000000006028000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comitue
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250339759.0000000006027000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comoitu
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250428092.0000000006028000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comt
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.247878242.0000000006028000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.cm
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.247855685.000000000601A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.247400149.000000000602B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.247855685.000000000601A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/-e
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250848136.0000000006027000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htmX
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249668471.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249560073.0000000006028000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.248773244.0000000006015000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249774268.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249059141.0000000006028000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249668471.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249560073.0000000006028000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.248773244.0000000006015000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249774268.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249059141.0000000006028000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/#
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249059141.0000000006028000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/F
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249668471.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249560073.0000000006028000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249774268.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249059141.0000000006028000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/Kal1
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249668471.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249560073.0000000006028000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/M
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249668471.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249560073.0000000006028000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249774268.0000000006022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/Y0/i
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249668471.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249560073.0000000006028000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249774268.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249059141.0000000006028000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/b
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249774268.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249059141.0000000006028000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249668471.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249774268.0000000006022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/or1
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.248773244.0000000006015000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/siv
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249668471.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249560073.0000000006028000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.248773244.0000000006015000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249774268.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249059141.0000000006028000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/vno
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266638604.0000000006027000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.monotype.
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 1.0.SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.265052163.0000000004196000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000000.257340997.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 1.0.SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 1.0.SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 1.0.SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.265052163.0000000004196000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.265052163.0000000004196000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000000.00000002.265052163.0000000004196000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000001.00000000.257340997.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000001.00000000.257340997.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000001.00000000.257340997.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe PID: 5448, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe PID: 5572, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 1.0.SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 1.0.SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 1.0.SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.265052163.0000000004196000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.265052163.0000000004196000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000000.00000002.265052163.0000000004196000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000001.00000000.257340997.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000001.00000000.257340997.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000001.00000000.257340997.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe PID: 5448, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe PID: 5572, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 0_2_015FC334	0_2_015FC334
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 0_2_015FE790	0_2_015FE790
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 0_2_015FE78A	0_2_015FE78A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102F900	1_2_0102F900
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01044120	1_2_01044120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01042990	1_2_01042990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010499BF	1_2_010499BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103C1C0	1_2_0103C1C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01026800	1_2_01026800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E1002	1_2_010E1002
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105701D	1_2_0105701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010FE824	1_2_010FE824
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A830	1_2_0104A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103B090	1_2_0103B090
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010520A0	1_2_010520A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F20A8	1_2_010F20A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F28EC	1_2_010F28EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E60F5	1_2_010E60F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E231B	1_2_010E231B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F2B28	1_2_010F2B28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010CCB4F	1_2_010CCB4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104AB40	1_2_0104AB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01043360	1_2_01043360
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010CEB8A	1_2_010CEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105138B	1_2_0105138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104EB9A	1_2_0104EB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105EBB0	1_2_0105EBB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E03DA	1_2_010E03DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EDBD2	1_2_010EDBD2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105ABD8	1_2_0105ABD8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010D23E3	1_2_010D23E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01078BE8	1_2_01078BE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010DFA2B	1_2_010DFA2B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104B236	1_2_0104B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E5A4F	1_2_010E5A4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F22AE	1_2_010F22AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F32A9	1_2_010F32A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EE2C5	1_2_010EE2C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E4AEF	1_2_010E4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F2D07	1_2_010F2D07
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01020D20	1_2_01020D20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01042D50	1_2_01042D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F1D55	1_2_010F1D55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01052581	1_2_01052581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E2D82	1_2_010E2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010565A0	1_2_010565A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F25DD	1_2_010F25DD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103D5E0	1_2_0103D5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103841F	1_2_0103841F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01042430	1_2_01042430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010ED466	1_2_010ED466
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104B477	1_2_0104B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010ECC77	1_2_010ECC77
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E4496	1_2_010E4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01054CD4	1_2_01054CD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010FDFCE	1_2_010FDFCE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E67E2	1_2_010E67E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F1FF1	1_2_010F1FF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01045600	1_2_01045600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010ED616	1_2_010ED616
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01046E30	1_2_01046E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010AAE60	1_2_010AAE60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010D1EB6	1_2_010D1EB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010506C0	1_2_010506C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F2EF7	1_2_010F2EF7

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: String function: 0102B150 appears 177 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: String function: 010B5720 appears 85 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: String function: 0107D08C appears 48 times

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069860 NtQuerySystemInformation,LdrInitializeThunk,	1_2_01069860
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069660 NtAllocateVirtualMemory,LdrInitializeThunk,	1_2_01069660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010696E0 NtFreeVirtualMemory,LdrInitializeThunk,	1_2_010696E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069910 NtAdjustPrivilegesToken,	1_2_01069910
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069950 NtQueueApcThread,	1_2_01069950
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010699A0 NtCreateSection,	1_2_010699A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010699D0 NtCreateProcessEx,	1_2_010699D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069820 NtEnumerateKey,	1_2_01069820
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069840 NtDelayExecution,	1_2_01069840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0106B040 NtSuspendThread,	1_2_0106B040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010698A0 NtWriteVirtualMemory,	1_2_010698A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010698F0 NtReadVirtualMemory,	1_2_010698F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069B00 NtSetValueKey,	1_2_01069B00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0106A3B0 NtGetContextThread,	1_2_0106A3B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069A00 NtProtectVirtualMemory,	1_2_01069A00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069A10 NtQuerySection,	1_2_01069A10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069A20 NtResumeThread,	1_2_01069A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069A50 NtCreateFile,	1_2_01069A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069A80 NtOpenDirectoryObject,	1_2_01069A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069520 NtWaitForSingleObject,	1_2_01069520
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0106AD30 NtSetContextThread,	1_2_0106AD30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069540 NtReadFile,	1_2_01069540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069560 NtWriteFile,	1_2_01069560
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010695D0 NtClose,	1_2_010695D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010695F0 NtQueryInformationFile,	1_2_010695F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0106A710 NtOpenProcessToken,	1_2_0106A710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069710 NtQueryInformationToken,	1_2_01069710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069730 NtQueryVirtualMemory,	1_2_01069730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069760 NtOpenProcess,	1_2_01069760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0106A770 NtOpenThread,	1_2_0106A770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069770 NtSetInformationFile,	1_2_01069770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069780 NtMapViewOfSection,	1_2_01069780
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010697A0 NtUnmapViewOfSection,	1_2_010697A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069FE0 NtCreateMutant,	1_2_01069FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069610 NtEnumerateValueKey,	1_2_01069610
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069650 NtQueryValueKey,	1_2_01069650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01069670 NtQueryInformationProcess,	1_2_01069670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010696D0 NtCreateKey,	1_2_010696D0

Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.267730037.00000000078D0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameCollins.dll8 vs SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.260335497.0000000003001000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePrecision.dll6 vs SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.260335497.0000000003001000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameInspector.dllN vs SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000001.00000002.264250960.000000000111F000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000001.00000003.261495799.0000000000F7E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000001.00000003.259043934.0000000000DD5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Binary or memory string: OriginalFilenamefzynaa.exe< vs SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	ReversingLabs: Detection: 41%
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Virustotal: Detection: 45%

Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe.log

Jump to behavior

Source: classification engine

Classification label: mal92.troj.evad.winEXE@3/1@0/0

Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Mutant created: \Sessions\1\BaseNamedObjects\wGtrYQj

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000001.00000003.257989308.0000000000CBF000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000001.00000003.260648591.0000000000E5F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000001.00000003.257989308.0000000000CBF000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000001.00000003.260648591.0000000000E5F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Code function: 1_2_0107D0D1 push ecx; ret

1_2_0107D0E4

Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Static PE information: 0xBF0A3116 [Sun Jul 26 06:03:02 2071 UTC]

Source: initial sample

Static PE information: section name: .text entropy: 7.830178117653337

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: 00000000.00000002.260745770.0000000003051000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe PID: 5448, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.260745770.0000000003051000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.260745770.0000000003051000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	RDTSC instruction interceptor: First address: 0000000000409904 second address: 000000000040990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	RDTSC instruction interceptor: First address: 0000000000409B7E second address: 0000000000409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe TID: 5464	Thread sleep time: -38122s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe TID: 5468	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe TID: 5576	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Code function: 1_2_01056B90 rdtsc

1_2_01056B90

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

API coverage: 0.5 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Thread delayed: delay time: 38122	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.260745770.0000000003051000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.260745770.0000000003051000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.260745770.0000000003051000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II
Source: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.260745770.0000000003051000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Code function: 1_2_01056B90 rdtsc

1_2_01056B90

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01029100 mov eax, dword ptr fs:[00000030h]	1_2_01029100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01029100 mov eax, dword ptr fs:[00000030h]	1_2_01029100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01029100 mov eax, dword ptr fs:[00000030h]	1_2_01029100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01030100 mov eax, dword ptr fs:[00000030h]	1_2_01030100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01030100 mov eax, dword ptr fs:[00000030h]	1_2_01030100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01030100 mov eax, dword ptr fs:[00000030h]	1_2_01030100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01044120 mov eax, dword ptr fs:[00000030h]	1_2_01044120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01044120 mov eax, dword ptr fs:[00000030h]	1_2_01044120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01044120 mov eax, dword ptr fs:[00000030h]	1_2_01044120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01044120 mov eax, dword ptr fs:[00000030h]	1_2_01044120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01044120 mov ecx, dword ptr fs:[00000030h]	1_2_01044120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01023138 mov ecx, dword ptr fs:[00000030h]	1_2_01023138
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105513A mov eax, dword ptr fs:[00000030h]	1_2_0105513A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105513A mov eax, dword ptr fs:[00000030h]	1_2_0105513A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104B944 mov eax, dword ptr fs:[00000030h]	1_2_0104B944
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104B944 mov eax, dword ptr fs:[00000030h]	1_2_0104B944
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102395E mov eax, dword ptr fs:[00000030h]	1_2_0102395E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102395E mov eax, dword ptr fs:[00000030h]	1_2_0102395E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E1951 mov eax, dword ptr fs:[00000030h]	1_2_010E1951
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102C962 mov eax, dword ptr fs:[00000030h]	1_2_0102C962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F8966 mov eax, dword ptr fs:[00000030h]	1_2_010F8966
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EE962 mov eax, dword ptr fs:[00000030h]	1_2_010EE962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102B171 mov eax, dword ptr fs:[00000030h]	1_2_0102B171
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102B171 mov eax, dword ptr fs:[00000030h]	1_2_0102B171
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105A185 mov eax, dword ptr fs:[00000030h]	1_2_0105A185
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104C182 mov eax, dword ptr fs:[00000030h]	1_2_0104C182
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EA189 mov eax, dword ptr fs:[00000030h]	1_2_010EA189
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EA189 mov ecx, dword ptr fs:[00000030h]	1_2_010EA189
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01028190 mov ecx, dword ptr fs:[00000030h]	1_2_01028190
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01052990 mov eax, dword ptr fs:[00000030h]	1_2_01052990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01054190 mov eax, dword ptr fs:[00000030h]	1_2_01054190
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102519E mov eax, dword ptr fs:[00000030h]	1_2_0102519E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102519E mov ecx, dword ptr fs:[00000030h]	1_2_0102519E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010361A7 mov eax, dword ptr fs:[00000030h]	1_2_010361A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010361A7 mov eax, dword ptr fs:[00000030h]	1_2_010361A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010361A7 mov eax, dword ptr fs:[00000030h]	1_2_010361A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010361A7 mov eax, dword ptr fs:[00000030h]	1_2_010361A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010561A0 mov eax, dword ptr fs:[00000030h]	1_2_010561A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010561A0 mov eax, dword ptr fs:[00000030h]	1_2_010561A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E49A4 mov eax, dword ptr fs:[00000030h]	1_2_010E49A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E49A4 mov eax, dword ptr fs:[00000030h]	1_2_010E49A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E49A4 mov eax, dword ptr fs:[00000030h]	1_2_010E49A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E49A4 mov eax, dword ptr fs:[00000030h]	1_2_010E49A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A69A6 mov eax, dword ptr fs:[00000030h]	1_2_010A69A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A51BE mov eax, dword ptr fs:[00000030h]	1_2_010A51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A51BE mov eax, dword ptr fs:[00000030h]	1_2_010A51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A51BE mov eax, dword ptr fs:[00000030h]	1_2_010A51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A51BE mov eax, dword ptr fs:[00000030h]	1_2_010A51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010599BC mov eax, dword ptr fs:[00000030h]	1_2_010599BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105C9BF mov eax, dword ptr fs:[00000030h]	1_2_0105C9BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105C9BF mov eax, dword ptr fs:[00000030h]	1_2_0105C9BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010FF1B5 mov eax, dword ptr fs:[00000030h]	1_2_010FF1B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010FF1B5 mov eax, dword ptr fs:[00000030h]	1_2_010FF1B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010499BF mov ecx, dword ptr fs:[00000030h]	1_2_010499BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010499BF mov ecx, dword ptr fs:[00000030h]	1_2_010499BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010499BF mov eax, dword ptr fs:[00000030h]	1_2_010499BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010499BF mov ecx, dword ptr fs:[00000030h]	1_2_010499BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010499BF mov ecx, dword ptr fs:[00000030h]	1_2_010499BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010499BF mov eax, dword ptr fs:[00000030h]	1_2_010499BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010499BF mov ecx, dword ptr fs:[00000030h]	1_2_010499BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010499BF mov ecx, dword ptr fs:[00000030h]	1_2_010499BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010499BF mov eax, dword ptr fs:[00000030h]	1_2_010499BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010499BF mov ecx, dword ptr fs:[00000030h]	1_2_010499BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010499BF mov ecx, dword ptr fs:[00000030h]	1_2_010499BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010499BF mov eax, dword ptr fs:[00000030h]	1_2_010499BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103C1C0 mov eax, dword ptr fs:[00000030h]	1_2_0103C1C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010399C7 mov eax, dword ptr fs:[00000030h]	1_2_010399C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010399C7 mov eax, dword ptr fs:[00000030h]	1_2_010399C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010399C7 mov eax, dword ptr fs:[00000030h]	1_2_010399C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010399C7 mov eax, dword ptr fs:[00000030h]	1_2_010399C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E31DC mov eax, dword ptr fs:[00000030h]	1_2_010E31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E31DC mov eax, dword ptr fs:[00000030h]	1_2_010E31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E31DC mov eax, dword ptr fs:[00000030h]	1_2_010E31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E31DC mov eax, dword ptr fs:[00000030h]	1_2_010E31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E31DC mov eax, dword ptr fs:[00000030h]	1_2_010E31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E31DC mov eax, dword ptr fs:[00000030h]	1_2_010E31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E31DC mov eax, dword ptr fs:[00000030h]	1_2_010E31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E31DC mov ecx, dword ptr fs:[00000030h]	1_2_010E31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E31DC mov ecx, dword ptr fs:[00000030h]	1_2_010E31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E31DC mov eax, dword ptr fs:[00000030h]	1_2_010E31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E31DC mov eax, dword ptr fs:[00000030h]	1_2_010E31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E31DC mov eax, dword ptr fs:[00000030h]	1_2_010E31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E31DC mov eax, dword ptr fs:[00000030h]	1_2_010E31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E19D8 mov eax, dword ptr fs:[00000030h]	1_2_010E19D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010231E0 mov eax, dword ptr fs:[00000030h]	1_2_010231E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010B41E8 mov eax, dword ptr fs:[00000030h]	1_2_010B41E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102B1E1 mov eax, dword ptr fs:[00000030h]	1_2_0102B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102B1E1 mov eax, dword ptr fs:[00000030h]	1_2_0102B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102B1E1 mov eax, dword ptr fs:[00000030h]	1_2_0102B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F89E7 mov eax, dword ptr fs:[00000030h]	1_2_010F89E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104D1EF mov eax, dword ptr fs:[00000030h]	1_2_0104D1EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01026800 mov eax, dword ptr fs:[00000030h]	1_2_01026800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01026800 mov eax, dword ptr fs:[00000030h]	1_2_01026800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01026800 mov eax, dword ptr fs:[00000030h]	1_2_01026800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105701D mov eax, dword ptr fs:[00000030h]	1_2_0105701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105701D mov eax, dword ptr fs:[00000030h]	1_2_0105701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105701D mov eax, dword ptr fs:[00000030h]	1_2_0105701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105701D mov eax, dword ptr fs:[00000030h]	1_2_0105701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105701D mov eax, dword ptr fs:[00000030h]	1_2_0105701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105701D mov eax, dword ptr fs:[00000030h]	1_2_0105701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F4015 mov eax, dword ptr fs:[00000030h]	1_2_010F4015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F4015 mov eax, dword ptr fs:[00000030h]	1_2_010F4015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A7016 mov eax, dword ptr fs:[00000030h]	1_2_010A7016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A7016 mov eax, dword ptr fs:[00000030h]	1_2_010A7016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A7016 mov eax, dword ptr fs:[00000030h]	1_2_010A7016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01054020 mov edi, dword ptr fs:[00000030h]	1_2_01054020
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105002D mov eax, dword ptr fs:[00000030h]	1_2_0105002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105002D mov eax, dword ptr fs:[00000030h]	1_2_0105002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105002D mov eax, dword ptr fs:[00000030h]	1_2_0105002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105002D mov eax, dword ptr fs:[00000030h]	1_2_0105002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105002D mov eax, dword ptr fs:[00000030h]	1_2_0105002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103B02A mov eax, dword ptr fs:[00000030h]	1_2_0103B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103B02A mov eax, dword ptr fs:[00000030h]	1_2_0103B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103B02A mov eax, dword ptr fs:[00000030h]	1_2_0103B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103B02A mov eax, dword ptr fs:[00000030h]	1_2_0103B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A830 mov eax, dword ptr fs:[00000030h]	1_2_0104A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A830 mov eax, dword ptr fs:[00000030h]	1_2_0104A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A830 mov eax, dword ptr fs:[00000030h]	1_2_0104A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A830 mov eax, dword ptr fs:[00000030h]	1_2_0104A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E1843 mov eax, dword ptr fs:[00000030h]	1_2_010E1843
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01025050 mov eax, dword ptr fs:[00000030h]	1_2_01025050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01025050 mov eax, dword ptr fs:[00000030h]	1_2_01025050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01025050 mov eax, dword ptr fs:[00000030h]	1_2_01025050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01040050 mov eax, dword ptr fs:[00000030h]	1_2_01040050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01040050 mov eax, dword ptr fs:[00000030h]	1_2_01040050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01027057 mov eax, dword ptr fs:[00000030h]	1_2_01027057
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104F86D mov eax, dword ptr fs:[00000030h]	1_2_0104F86D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F1074 mov eax, dword ptr fs:[00000030h]	1_2_010F1074
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E2073 mov eax, dword ptr fs:[00000030h]	1_2_010E2073
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01029080 mov eax, dword ptr fs:[00000030h]	1_2_01029080
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01023880 mov eax, dword ptr fs:[00000030h]	1_2_01023880
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01023880 mov eax, dword ptr fs:[00000030h]	1_2_01023880
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A3884 mov eax, dword ptr fs:[00000030h]	1_2_010A3884
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A3884 mov eax, dword ptr fs:[00000030h]	1_2_010A3884
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010520A0 mov eax, dword ptr fs:[00000030h]	1_2_010520A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010520A0 mov eax, dword ptr fs:[00000030h]	1_2_010520A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010520A0 mov eax, dword ptr fs:[00000030h]	1_2_010520A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010520A0 mov eax, dword ptr fs:[00000030h]	1_2_010520A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010520A0 mov eax, dword ptr fs:[00000030h]	1_2_010520A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010520A0 mov eax, dword ptr fs:[00000030h]	1_2_010520A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010578A0 mov eax, dword ptr fs:[00000030h]	1_2_010578A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010578A0 mov eax, dword ptr fs:[00000030h]	1_2_010578A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010578A0 mov eax, dword ptr fs:[00000030h]	1_2_010578A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010578A0 mov eax, dword ptr fs:[00000030h]	1_2_010578A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010578A0 mov eax, dword ptr fs:[00000030h]	1_2_010578A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010578A0 mov eax, dword ptr fs:[00000030h]	1_2_010578A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010578A0 mov eax, dword ptr fs:[00000030h]	1_2_010578A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010578A0 mov eax, dword ptr fs:[00000030h]	1_2_010578A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010578A0 mov eax, dword ptr fs:[00000030h]	1_2_010578A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010690AF mov eax, dword ptr fs:[00000030h]	1_2_010690AF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010328AE mov eax, dword ptr fs:[00000030h]	1_2_010328AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010328AE mov eax, dword ptr fs:[00000030h]	1_2_010328AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010328AE mov eax, dword ptr fs:[00000030h]	1_2_010328AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010328AE mov ecx, dword ptr fs:[00000030h]	1_2_010328AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010328AE mov eax, dword ptr fs:[00000030h]	1_2_010328AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010328AE mov eax, dword ptr fs:[00000030h]	1_2_010328AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105F0BF mov ecx, dword ptr fs:[00000030h]	1_2_0105F0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105F0BF mov eax, dword ptr fs:[00000030h]	1_2_0105F0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105F0BF mov eax, dword ptr fs:[00000030h]	1_2_0105F0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010270C0 mov eax, dword ptr fs:[00000030h]	1_2_010270C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010270C0 mov eax, dword ptr fs:[00000030h]	1_2_010270C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E18CA mov eax, dword ptr fs:[00000030h]	1_2_010E18CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EB0C7 mov eax, dword ptr fs:[00000030h]	1_2_010EB0C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EB0C7 mov eax, dword ptr fs:[00000030h]	1_2_010EB0C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010278D6 mov eax, dword ptr fs:[00000030h]	1_2_010278D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010278D6 mov eax, dword ptr fs:[00000030h]	1_2_010278D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010278D6 mov ecx, dword ptr fs:[00000030h]	1_2_010278D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010BB8D0 mov eax, dword ptr fs:[00000030h]	1_2_010BB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010BB8D0 mov ecx, dword ptr fs:[00000030h]	1_2_010BB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010BB8D0 mov eax, dword ptr fs:[00000030h]	1_2_010BB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010BB8D0 mov eax, dword ptr fs:[00000030h]	1_2_010BB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010BB8D0 mov eax, dword ptr fs:[00000030h]	1_2_010BB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010BB8D0 mov eax, dword ptr fs:[00000030h]	1_2_010BB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104B8E4 mov eax, dword ptr fs:[00000030h]	1_2_0104B8E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104B8E4 mov eax, dword ptr fs:[00000030h]	1_2_0104B8E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010240E1 mov eax, dword ptr fs:[00000030h]	1_2_010240E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010240E1 mov eax, dword ptr fs:[00000030h]	1_2_010240E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010240E1 mov eax, dword ptr fs:[00000030h]	1_2_010240E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010258EC mov eax, dword ptr fs:[00000030h]	1_2_010258EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E60F5 mov eax, dword ptr fs:[00000030h]	1_2_010E60F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E60F5 mov eax, dword ptr fs:[00000030h]	1_2_010E60F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E60F5 mov eax, dword ptr fs:[00000030h]	1_2_010E60F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E60F5 mov eax, dword ptr fs:[00000030h]	1_2_010E60F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010328FD mov eax, dword ptr fs:[00000030h]	1_2_010328FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010328FD mov eax, dword ptr fs:[00000030h]	1_2_010328FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010328FD mov eax, dword ptr fs:[00000030h]	1_2_010328FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309 mov eax, dword ptr fs:[00000030h]	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309 mov eax, dword ptr fs:[00000030h]	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309 mov eax, dword ptr fs:[00000030h]	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309 mov eax, dword ptr fs:[00000030h]	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309 mov eax, dword ptr fs:[00000030h]	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309 mov eax, dword ptr fs:[00000030h]	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309 mov eax, dword ptr fs:[00000030h]	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309 mov eax, dword ptr fs:[00000030h]	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309 mov eax, dword ptr fs:[00000030h]	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309 mov eax, dword ptr fs:[00000030h]	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309 mov eax, dword ptr fs:[00000030h]	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309 mov eax, dword ptr fs:[00000030h]	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309 mov eax, dword ptr fs:[00000030h]	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309 mov eax, dword ptr fs:[00000030h]	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309 mov eax, dword ptr fs:[00000030h]	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309 mov eax, dword ptr fs:[00000030h]	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309 mov eax, dword ptr fs:[00000030h]	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309 mov eax, dword ptr fs:[00000030h]	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309 mov eax, dword ptr fs:[00000030h]	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309 mov eax, dword ptr fs:[00000030h]	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A309 mov eax, dword ptr fs:[00000030h]	1_2_0104A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E131B mov eax, dword ptr fs:[00000030h]	1_2_010E131B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102DB40 mov eax, dword ptr fs:[00000030h]	1_2_0102DB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F8B58 mov eax, dword ptr fs:[00000030h]	1_2_010F8B58
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102F358 mov eax, dword ptr fs:[00000030h]	1_2_0102F358
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01053B5A mov eax, dword ptr fs:[00000030h]	1_2_01053B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01053B5A mov eax, dword ptr fs:[00000030h]	1_2_01053B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01053B5A mov eax, dword ptr fs:[00000030h]	1_2_01053B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01053B5A mov eax, dword ptr fs:[00000030h]	1_2_01053B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102DB60 mov ecx, dword ptr fs:[00000030h]	1_2_0102DB60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010B6365 mov eax, dword ptr fs:[00000030h]	1_2_010B6365
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010B6365 mov eax, dword ptr fs:[00000030h]	1_2_010B6365
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010B6365 mov eax, dword ptr fs:[00000030h]	1_2_010B6365
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01027B70 mov eax, dword ptr fs:[00000030h]	1_2_01027B70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103F370 mov eax, dword ptr fs:[00000030h]	1_2_0103F370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103F370 mov eax, dword ptr fs:[00000030h]	1_2_0103F370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103F370 mov eax, dword ptr fs:[00000030h]	1_2_0103F370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01053B7A mov eax, dword ptr fs:[00000030h]	1_2_01053B7A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01053B7A mov eax, dword ptr fs:[00000030h]	1_2_01053B7A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E138A mov eax, dword ptr fs:[00000030h]	1_2_010E138A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010CEB8A mov ecx, dword ptr fs:[00000030h]	1_2_010CEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010CEB8A mov eax, dword ptr fs:[00000030h]	1_2_010CEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010CEB8A mov eax, dword ptr fs:[00000030h]	1_2_010CEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010CEB8A mov eax, dword ptr fs:[00000030h]	1_2_010CEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01031B8F mov eax, dword ptr fs:[00000030h]	1_2_01031B8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01031B8F mov eax, dword ptr fs:[00000030h]	1_2_01031B8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010DD380 mov ecx, dword ptr fs:[00000030h]	1_2_010DD380
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105138B mov eax, dword ptr fs:[00000030h]	1_2_0105138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105138B mov eax, dword ptr fs:[00000030h]	1_2_0105138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105138B mov eax, dword ptr fs:[00000030h]	1_2_0105138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01052397 mov eax, dword ptr fs:[00000030h]	1_2_01052397
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105B390 mov eax, dword ptr fs:[00000030h]	1_2_0105B390
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01024B94 mov edi, dword ptr fs:[00000030h]	1_2_01024B94
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104EB9A mov eax, dword ptr fs:[00000030h]	1_2_0104EB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104EB9A mov eax, dword ptr fs:[00000030h]	1_2_0104EB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E1BA8 mov eax, dword ptr fs:[00000030h]	1_2_010E1BA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01054BAD mov eax, dword ptr fs:[00000030h]	1_2_01054BAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01054BAD mov eax, dword ptr fs:[00000030h]	1_2_01054BAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01054BAD mov eax, dword ptr fs:[00000030h]	1_2_01054BAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F5BA5 mov eax, dword ptr fs:[00000030h]	1_2_010F5BA5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F9BBE mov eax, dword ptr fs:[00000030h]	1_2_010F9BBE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F8BB6 mov eax, dword ptr fs:[00000030h]	1_2_010F8BB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A53CA mov eax, dword ptr fs:[00000030h]	1_2_010A53CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A53CA mov eax, dword ptr fs:[00000030h]	1_2_010A53CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010553C5 mov eax, dword ptr fs:[00000030h]	1_2_010553C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010503E2 mov eax, dword ptr fs:[00000030h]	1_2_010503E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010503E2 mov eax, dword ptr fs:[00000030h]	1_2_010503E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010503E2 mov eax, dword ptr fs:[00000030h]	1_2_010503E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010503E2 mov eax, dword ptr fs:[00000030h]	1_2_010503E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010503E2 mov eax, dword ptr fs:[00000030h]	1_2_010503E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010503E2 mov eax, dword ptr fs:[00000030h]	1_2_010503E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01021BE9 mov eax, dword ptr fs:[00000030h]	1_2_01021BE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104DBE9 mov eax, dword ptr fs:[00000030h]	1_2_0104DBE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010D23E3 mov ecx, dword ptr fs:[00000030h]	1_2_010D23E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010D23E3 mov ecx, dword ptr fs:[00000030h]	1_2_010D23E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010D23E3 mov eax, dword ptr fs:[00000030h]	1_2_010D23E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103BA00 mov eax, dword ptr fs:[00000030h]	1_2_0103BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103BA00 mov eax, dword ptr fs:[00000030h]	1_2_0103BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103BA00 mov eax, dword ptr fs:[00000030h]	1_2_0103BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103BA00 mov ecx, dword ptr fs:[00000030h]	1_2_0103BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103BA00 mov eax, dword ptr fs:[00000030h]	1_2_0103BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103BA00 mov eax, dword ptr fs:[00000030h]	1_2_0103BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103BA00 mov eax, dword ptr fs:[00000030h]	1_2_0103BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103BA00 mov eax, dword ptr fs:[00000030h]	1_2_0103BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103BA00 mov eax, dword ptr fs:[00000030h]	1_2_0103BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103BA00 mov eax, dword ptr fs:[00000030h]	1_2_0103BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103BA00 mov eax, dword ptr fs:[00000030h]	1_2_0103BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103BA00 mov eax, dword ptr fs:[00000030h]	1_2_0103BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103BA00 mov eax, dword ptr fs:[00000030h]	1_2_0103BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103BA00 mov eax, dword ptr fs:[00000030h]	1_2_0103BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01038A0A mov eax, dword ptr fs:[00000030h]	1_2_01038A0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01025210 mov eax, dword ptr fs:[00000030h]	1_2_01025210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01025210 mov ecx, dword ptr fs:[00000030h]	1_2_01025210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01025210 mov eax, dword ptr fs:[00000030h]	1_2_01025210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01025210 mov eax, dword ptr fs:[00000030h]	1_2_01025210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102AA16 mov eax, dword ptr fs:[00000030h]	1_2_0102AA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102AA16 mov eax, dword ptr fs:[00000030h]	1_2_0102AA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01043A1C mov eax, dword ptr fs:[00000030h]	1_2_01043A1C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EAA16 mov eax, dword ptr fs:[00000030h]	1_2_010EAA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EAA16 mov eax, dword ptr fs:[00000030h]	1_2_010EAA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01024A20 mov eax, dword ptr fs:[00000030h]	1_2_01024A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01024A20 mov eax, dword ptr fs:[00000030h]	1_2_01024A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E1229 mov eax, dword ptr fs:[00000030h]	1_2_010E1229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01064A2C mov eax, dword ptr fs:[00000030h]	1_2_01064A2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01064A2C mov eax, dword ptr fs:[00000030h]	1_2_01064A2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A229 mov eax, dword ptr fs:[00000030h]	1_2_0104A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A229 mov eax, dword ptr fs:[00000030h]	1_2_0104A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A229 mov eax, dword ptr fs:[00000030h]	1_2_0104A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A229 mov eax, dword ptr fs:[00000030h]	1_2_0104A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A229 mov eax, dword ptr fs:[00000030h]	1_2_0104A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A229 mov eax, dword ptr fs:[00000030h]	1_2_0104A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A229 mov eax, dword ptr fs:[00000030h]	1_2_0104A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A229 mov eax, dword ptr fs:[00000030h]	1_2_0104A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104A229 mov eax, dword ptr fs:[00000030h]	1_2_0104A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104B236 mov eax, dword ptr fs:[00000030h]	1_2_0104B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104B236 mov eax, dword ptr fs:[00000030h]	1_2_0104B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104B236 mov eax, dword ptr fs:[00000030h]	1_2_0104B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104B236 mov eax, dword ptr fs:[00000030h]	1_2_0104B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104B236 mov eax, dword ptr fs:[00000030h]	1_2_0104B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104B236 mov eax, dword ptr fs:[00000030h]	1_2_0104B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01028239 mov eax, dword ptr fs:[00000030h]	1_2_01028239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01028239 mov eax, dword ptr fs:[00000030h]	1_2_01028239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01028239 mov eax, dword ptr fs:[00000030h]	1_2_01028239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E5A4F mov eax, dword ptr fs:[00000030h]	1_2_010E5A4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E5A4F mov eax, dword ptr fs:[00000030h]	1_2_010E5A4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E5A4F mov eax, dword ptr fs:[00000030h]	1_2_010E5A4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E5A4F mov eax, dword ptr fs:[00000030h]	1_2_010E5A4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01029240 mov eax, dword ptr fs:[00000030h]	1_2_01029240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01029240 mov eax, dword ptr fs:[00000030h]	1_2_01029240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01029240 mov eax, dword ptr fs:[00000030h]	1_2_01029240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01029240 mov eax, dword ptr fs:[00000030h]	1_2_01029240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E1A5F mov eax, dword ptr fs:[00000030h]	1_2_010E1A5F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EEA55 mov eax, dword ptr fs:[00000030h]	1_2_010EEA55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010B4257 mov eax, dword ptr fs:[00000030h]	1_2_010B4257
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010DB260 mov eax, dword ptr fs:[00000030h]	1_2_010DB260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010DB260 mov eax, dword ptr fs:[00000030h]	1_2_010DB260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F8A62 mov eax, dword ptr fs:[00000030h]	1_2_010F8A62
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01065A69 mov eax, dword ptr fs:[00000030h]	1_2_01065A69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01065A69 mov eax, dword ptr fs:[00000030h]	1_2_01065A69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01065A69 mov eax, dword ptr fs:[00000030h]	1_2_01065A69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0106927A mov eax, dword ptr fs:[00000030h]	1_2_0106927A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105DA88 mov eax, dword ptr fs:[00000030h]	1_2_0105DA88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105DA88 mov eax, dword ptr fs:[00000030h]	1_2_0105DA88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105D294 mov eax, dword ptr fs:[00000030h]	1_2_0105D294
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105D294 mov eax, dword ptr fs:[00000030h]	1_2_0105D294
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E129A mov eax, dword ptr fs:[00000030h]	1_2_010E129A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01021AA0 mov eax, dword ptr fs:[00000030h]	1_2_01021AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010362A0 mov eax, dword ptr fs:[00000030h]	1_2_010362A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010362A0 mov eax, dword ptr fs:[00000030h]	1_2_010362A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010362A0 mov eax, dword ptr fs:[00000030h]	1_2_010362A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010362A0 mov eax, dword ptr fs:[00000030h]	1_2_010362A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01055AA0 mov eax, dword ptr fs:[00000030h]	1_2_01055AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01055AA0 mov eax, dword ptr fs:[00000030h]	1_2_01055AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010252A5 mov eax, dword ptr fs:[00000030h]	1_2_010252A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010252A5 mov eax, dword ptr fs:[00000030h]	1_2_010252A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010252A5 mov eax, dword ptr fs:[00000030h]	1_2_010252A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010252A5 mov eax, dword ptr fs:[00000030h]	1_2_010252A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010252A5 mov eax, dword ptr fs:[00000030h]	1_2_010252A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103AAB0 mov eax, dword ptr fs:[00000030h]	1_2_0103AAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103AAB0 mov eax, dword ptr fs:[00000030h]	1_2_0103AAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105FAB0 mov eax, dword ptr fs:[00000030h]	1_2_0105FAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010512BD mov esi, dword ptr fs:[00000030h]	1_2_010512BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010512BD mov eax, dword ptr fs:[00000030h]	1_2_010512BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010512BD mov eax, dword ptr fs:[00000030h]	1_2_010512BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01025AC0 mov eax, dword ptr fs:[00000030h]	1_2_01025AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01025AC0 mov eax, dword ptr fs:[00000030h]	1_2_01025AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01025AC0 mov eax, dword ptr fs:[00000030h]	1_2_01025AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01023ACA mov eax, dword ptr fs:[00000030h]	1_2_01023ACA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01052ACB mov eax, dword ptr fs:[00000030h]	1_2_01052ACB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F8ADD mov eax, dword ptr fs:[00000030h]	1_2_010F8ADD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010212D4 mov eax, dword ptr fs:[00000030h]	1_2_010212D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01052AE4 mov eax, dword ptr fs:[00000030h]	1_2_01052AE4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E4AEF mov eax, dword ptr fs:[00000030h]	1_2_010E4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E4AEF mov eax, dword ptr fs:[00000030h]	1_2_010E4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E4AEF mov eax, dword ptr fs:[00000030h]	1_2_010E4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E4AEF mov eax, dword ptr fs:[00000030h]	1_2_010E4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E4AEF mov eax, dword ptr fs:[00000030h]	1_2_010E4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E4AEF mov eax, dword ptr fs:[00000030h]	1_2_010E4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E4AEF mov eax, dword ptr fs:[00000030h]	1_2_010E4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E4AEF mov eax, dword ptr fs:[00000030h]	1_2_010E4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E4AEF mov eax, dword ptr fs:[00000030h]	1_2_010E4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E4AEF mov eax, dword ptr fs:[00000030h]	1_2_010E4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E4AEF mov eax, dword ptr fs:[00000030h]	1_2_010E4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E4AEF mov eax, dword ptr fs:[00000030h]	1_2_010E4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E4AEF mov eax, dword ptr fs:[00000030h]	1_2_010E4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E4AEF mov eax, dword ptr fs:[00000030h]	1_2_010E4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EB2E8 mov eax, dword ptr fs:[00000030h]	1_2_010EB2E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EB2E8 mov eax, dword ptr fs:[00000030h]	1_2_010EB2E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EB2E8 mov eax, dword ptr fs:[00000030h]	1_2_010EB2E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EB2E8 mov eax, dword ptr fs:[00000030h]	1_2_010EB2E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010CCD04 mov eax, dword ptr fs:[00000030h]	1_2_010CCD04
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E3518 mov eax, dword ptr fs:[00000030h]	1_2_010E3518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E3518 mov eax, dword ptr fs:[00000030h]	1_2_010E3518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E3518 mov eax, dword ptr fs:[00000030h]	1_2_010E3518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102751A mov eax, dword ptr fs:[00000030h]	1_2_0102751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102751A mov eax, dword ptr fs:[00000030h]	1_2_0102751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102751A mov eax, dword ptr fs:[00000030h]	1_2_0102751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102751A mov eax, dword ptr fs:[00000030h]	1_2_0102751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105F527 mov eax, dword ptr fs:[00000030h]	1_2_0105F527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105F527 mov eax, dword ptr fs:[00000030h]	1_2_0105F527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105F527 mov eax, dword ptr fs:[00000030h]	1_2_0105F527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102AD30 mov eax, dword ptr fs:[00000030h]	1_2_0102AD30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01033D34 mov eax, dword ptr fs:[00000030h]	1_2_01033D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01033D34 mov eax, dword ptr fs:[00000030h]	1_2_01033D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01033D34 mov eax, dword ptr fs:[00000030h]	1_2_01033D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01033D34 mov eax, dword ptr fs:[00000030h]	1_2_01033D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01033D34 mov eax, dword ptr fs:[00000030h]	1_2_01033D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01033D34 mov eax, dword ptr fs:[00000030h]	1_2_01033D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01033D34 mov eax, dword ptr fs:[00000030h]	1_2_01033D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01033D34 mov eax, dword ptr fs:[00000030h]	1_2_01033D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01033D34 mov eax, dword ptr fs:[00000030h]	1_2_01033D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01033D34 mov eax, dword ptr fs:[00000030h]	1_2_01033D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01033D34 mov eax, dword ptr fs:[00000030h]	1_2_01033D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01033D34 mov eax, dword ptr fs:[00000030h]	1_2_01033D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01033D34 mov eax, dword ptr fs:[00000030h]	1_2_01033D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EE539 mov eax, dword ptr fs:[00000030h]	1_2_010EE539
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F8D34 mov eax, dword ptr fs:[00000030h]	1_2_010F8D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010AA537 mov eax, dword ptr fs:[00000030h]	1_2_010AA537
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01054D3B mov eax, dword ptr fs:[00000030h]	1_2_01054D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01054D3B mov eax, dword ptr fs:[00000030h]	1_2_01054D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01054D3B mov eax, dword ptr fs:[00000030h]	1_2_01054D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01063D43 mov eax, dword ptr fs:[00000030h]	1_2_01063D43
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A3540 mov eax, dword ptr fs:[00000030h]	1_2_010A3540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010D8D47 mov eax, dword ptr fs:[00000030h]	1_2_010D8D47
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010D3D40 mov eax, dword ptr fs:[00000030h]	1_2_010D3D40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102354C mov eax, dword ptr fs:[00000030h]	1_2_0102354C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0102354C mov eax, dword ptr fs:[00000030h]	1_2_0102354C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01047D50 mov eax, dword ptr fs:[00000030h]	1_2_01047D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01064D51 mov eax, dword ptr fs:[00000030h]	1_2_01064D51
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01064D51 mov eax, dword ptr fs:[00000030h]	1_2_01064D51
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010DFD52 mov eax, dword ptr fs:[00000030h]	1_2_010DFD52
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01048D76 mov eax, dword ptr fs:[00000030h]	1_2_01048D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01048D76 mov eax, dword ptr fs:[00000030h]	1_2_01048D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01048D76 mov eax, dword ptr fs:[00000030h]	1_2_01048D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01048D76 mov eax, dword ptr fs:[00000030h]	1_2_01048D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01048D76 mov eax, dword ptr fs:[00000030h]	1_2_01048D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104C577 mov eax, dword ptr fs:[00000030h]	1_2_0104C577
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0104C577 mov eax, dword ptr fs:[00000030h]	1_2_0104C577
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01052581 mov eax, dword ptr fs:[00000030h]	1_2_01052581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01052581 mov eax, dword ptr fs:[00000030h]	1_2_01052581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01052581 mov eax, dword ptr fs:[00000030h]	1_2_01052581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01052581 mov eax, dword ptr fs:[00000030h]	1_2_01052581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01022D8A mov eax, dword ptr fs:[00000030h]	1_2_01022D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01022D8A mov eax, dword ptr fs:[00000030h]	1_2_01022D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01022D8A mov eax, dword ptr fs:[00000030h]	1_2_01022D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01022D8A mov eax, dword ptr fs:[00000030h]	1_2_01022D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01022D8A mov eax, dword ptr fs:[00000030h]	1_2_01022D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E2D82 mov eax, dword ptr fs:[00000030h]	1_2_010E2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E2D82 mov eax, dword ptr fs:[00000030h]	1_2_010E2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E2D82 mov eax, dword ptr fs:[00000030h]	1_2_010E2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E2D82 mov eax, dword ptr fs:[00000030h]	1_2_010E2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E2D82 mov eax, dword ptr fs:[00000030h]	1_2_010E2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E2D82 mov eax, dword ptr fs:[00000030h]	1_2_010E2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E2D82 mov eax, dword ptr fs:[00000030h]	1_2_010E2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EB581 mov eax, dword ptr fs:[00000030h]	1_2_010EB581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EB581 mov eax, dword ptr fs:[00000030h]	1_2_010EB581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EB581 mov eax, dword ptr fs:[00000030h]	1_2_010EB581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EB581 mov eax, dword ptr fs:[00000030h]	1_2_010EB581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01023591 mov eax, dword ptr fs:[00000030h]	1_2_01023591
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105FD9B mov eax, dword ptr fs:[00000030h]	1_2_0105FD9B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0105FD9B mov eax, dword ptr fs:[00000030h]	1_2_0105FD9B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F05AC mov eax, dword ptr fs:[00000030h]	1_2_010F05AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F05AC mov eax, dword ptr fs:[00000030h]	1_2_010F05AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010535A1 mov eax, dword ptr fs:[00000030h]	1_2_010535A1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010565A0 mov eax, dword ptr fs:[00000030h]	1_2_010565A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010565A0 mov eax, dword ptr fs:[00000030h]	1_2_010565A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010565A0 mov eax, dword ptr fs:[00000030h]	1_2_010565A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01051DB5 mov eax, dword ptr fs:[00000030h]	1_2_01051DB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01051DB5 mov eax, dword ptr fs:[00000030h]	1_2_01051DB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01051DB5 mov eax, dword ptr fs:[00000030h]	1_2_01051DB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A6DC9 mov eax, dword ptr fs:[00000030h]	1_2_010A6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A6DC9 mov eax, dword ptr fs:[00000030h]	1_2_010A6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A6DC9 mov eax, dword ptr fs:[00000030h]	1_2_010A6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A6DC9 mov ecx, dword ptr fs:[00000030h]	1_2_010A6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A6DC9 mov eax, dword ptr fs:[00000030h]	1_2_010A6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A6DC9 mov eax, dword ptr fs:[00000030h]	1_2_010A6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010215C1 mov eax, dword ptr fs:[00000030h]	1_2_010215C1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010DFDD3 mov eax, dword ptr fs:[00000030h]	1_2_010DFDD3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103D5E0 mov eax, dword ptr fs:[00000030h]	1_2_0103D5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_0103D5E0 mov eax, dword ptr fs:[00000030h]	1_2_0103D5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010B3DE3 mov ecx, dword ptr fs:[00000030h]	1_2_010B3DE3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010B3DE3 mov eax, dword ptr fs:[00000030h]	1_2_010B3DE3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010B3DE3 mov eax, dword ptr fs:[00000030h]	1_2_010B3DE3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010595EC mov eax, dword ptr fs:[00000030h]	1_2_010595EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EFDE2 mov eax, dword ptr fs:[00000030h]	1_2_010EFDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EFDE2 mov eax, dword ptr fs:[00000030h]	1_2_010EFDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EFDE2 mov eax, dword ptr fs:[00000030h]	1_2_010EFDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010EFDE2 mov eax, dword ptr fs:[00000030h]	1_2_010EFDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010295F0 mov eax, dword ptr fs:[00000030h]	1_2_010295F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010295F0 mov ecx, dword ptr fs:[00000030h]	1_2_010295F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010D8DF1 mov eax, dword ptr fs:[00000030h]	1_2_010D8DF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A6C0A mov eax, dword ptr fs:[00000030h]	1_2_010A6C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A6C0A mov eax, dword ptr fs:[00000030h]	1_2_010A6C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A6C0A mov eax, dword ptr fs:[00000030h]	1_2_010A6C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010A6C0A mov eax, dword ptr fs:[00000030h]	1_2_010A6C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F740D mov eax, dword ptr fs:[00000030h]	1_2_010F740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F740D mov eax, dword ptr fs:[00000030h]	1_2_010F740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F740D mov eax, dword ptr fs:[00000030h]	1_2_010F740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E1C06 mov eax, dword ptr fs:[00000030h]	1_2_010E1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E1C06 mov eax, dword ptr fs:[00000030h]	1_2_010E1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E1C06 mov eax, dword ptr fs:[00000030h]	1_2_010E1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E1C06 mov eax, dword ptr fs:[00000030h]	1_2_010E1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E1C06 mov eax, dword ptr fs:[00000030h]	1_2_010E1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E1C06 mov eax, dword ptr fs:[00000030h]	1_2_010E1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E1C06 mov eax, dword ptr fs:[00000030h]	1_2_010E1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E1C06 mov eax, dword ptr fs:[00000030h]	1_2_010E1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E1C06 mov eax, dword ptr fs:[00000030h]	1_2_010E1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E1C06 mov eax, dword ptr fs:[00000030h]	1_2_010E1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E1C06 mov eax, dword ptr fs:[00000030h]	1_2_010E1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E1C06 mov eax, dword ptr fs:[00000030h]	1_2_010E1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E1C06 mov eax, dword ptr fs:[00000030h]	1_2_010E1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010E1C06 mov eax, dword ptr fs:[00000030h]	1_2_010E1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_01028410 mov eax, dword ptr fs:[00000030h]	1_2_01028410
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Code function: 1_2_010F8C14 mov eax, dword ptr fs:[00000030h]	1_2_010F8C14

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Code function: 1_2_01069860 NtQuerySystemInformation,LdrInitializeThunk,

1_2_01069860

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Memory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 1.0.SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.265052163.0000000004196000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000000.257340997.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 1.0.SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.265052163.0000000004196000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000000.257340997.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	111 Process Injection	1 Masquerading	OS Credential Dumping	221 Security Software Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	111 Process Injection	NTDS	112 System Information Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	3 Obfuscated Files or Information	Cached Domain Credentials	System Owner/User Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	3 Software Packing	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	1 Timestomp	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	41%	ReversingLabs	Win32.Trojan.Lazy
SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	46%	Virustotal		Browse
SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
1.0.SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe.400000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen		Download File

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/siv	0%	URL Reputation	safe
http://www.fontbureau.comessed	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.carterandcone.com	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/#	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.fontbureau.comF	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/vno	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/M	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/F	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/jp/	0%	URL Reputation	safe
http://www.fontbureau.coma	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.fontbureau.comi	0%	URL Reputation	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://www.fontbureau.comoitu	0%	URL Reputation	safe
http://www.monotype.	0%	URL Reputation	safe
http://www.fontbureau.comt	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.fontbureau.comce	0%	URL Reputation	safe
http://www.fontbureau.comals	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/b	0%	URL Reputation	safe
www.imperiumtowns.xyz/b3es/	1%	Virustotal		Browse
http://www.jiyu-kobo.co.jp/Kal1	0%	Virustotal		Browse
http://www.jiyu-kobo.co.jp/Kal1	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/Y0/i	0%	Avira URL Cloud	safe
http://www.fontbureau.comF1	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/-e	0%	Avira URL Cloud	safe
www.imperiumtowns.xyz/b3es/	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/Y0/i	0%	Virustotal		Browse
http://www.founder.cm	0%	Avira URL Cloud	safe
http://www.fontbureau.comitue	0%	Avira URL Cloud	safe
http://www.fontbureau.comB.TTF1	0%	Avira URL Cloud	safe
http://www.galapagosdesign.com/staff/dennis.htmX	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/or1	0%	Avira URL Cloud	safe
http://www.fontbureau.comicom	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
www.imperiumtowns.xyz/b3es/	true	1%, Virustotal, Browse Avira URL Cloud: safe	low

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.fontbureau.com/designersG	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/?	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/bThe	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.com/designers?	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.tiro.com	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/siv	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.248773244.0000000006015000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/Kal1	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249668471.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249560073.0000000006028000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249774268.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249059141.0000000006028000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.comessed	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250428092.0000000006028000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250339759.0000000006027000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.goodfont.co.kr	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.com	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.248951472.0000000006016000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249535557.0000000006017000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.248773244.0000000006015000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249659691.000000000601C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249765760.000000000601C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netD	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://fontfabrik.com	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/-e	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.247855685.000000000601A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comF1	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250551871.0000000006027000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/Y0/i	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249668471.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249560073.0000000006028000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249774268.0000000006022000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/DPlease	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fonts.com	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.cm	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.247878242.0000000006028000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/#	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249668471.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249560073.0000000006028000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.248773244.0000000006015000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249774268.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249059141.0000000006028000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sakkal.com	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htmX	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250848136.0000000006027000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.comitue	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250428092.0000000006028000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comF	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250551871.0000000006027000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250428092.0000000006028000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250339759.0000000006027000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/or1	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249668471.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249774268.0000000006022000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/vno	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249668471.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249560073.0000000006028000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.248773244.0000000006015000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249774268.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249059141.0000000006028000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/M	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249668471.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249560073.0000000006028000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/F	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249059141.0000000006028000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/jp/	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249774268.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249059141.0000000006028000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.coma	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250551871.0000000006027000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.258838031.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250428092.0000000006028000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266638604.0000000006027000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250339759.0000000006027000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.coml	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.comi	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250339759.0000000006027000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.247855685.000000000601A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.247400149.000000000602B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-jones.html	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.comoitu	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250339759.0000000006027000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comB.TTF1	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250428092.0000000006028000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250339759.0000000006027000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.monotype.	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266638604.0000000006027000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comt	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250428092.0000000006028000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249668471.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249560073.0000000006028000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.248773244.0000000006015000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249774268.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249059141.0000000006028000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266762478.0000000007222000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.comce	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.258838031.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266638604.0000000006027000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comals	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.250551871.0000000006027000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/b	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249668471.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249560073.0000000006028000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249774268.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.249059141.0000000006028000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comicom	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000003.258838031.0000000006022000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe, 00000000.00000002.266638604.0000000006027000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	755946
Start date and time:	2022-11-29 10:44:30 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal92.troj.evad.winEXE@3/1@0/0
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 100% (good quality ratio 90.5%) Quality average: 75.2% Quality standard deviation: 30.7%
HCA Information:	Successful, ratio: 100% Number of executed functions: 16 Number of non-executed functions: 228
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Excluded domains from analysis (whitelisted): fs.microsoft.com
Report creation exceeded maximum time and may have missing disassembly code information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
10:45:31	API Interceptor	1x Sleep call for process: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe.log

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.355304211458859
Encrypted:	false
SSDEEP:	24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
MD5:	FED34146BF2F2FA59DCF8702FCC8232E
SHA1:	B03BFEA175989D989850CF06FE5E7BBF56EAA00A
SHA-256:	123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
SHA-512:	1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.824187241753943
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe
File size:	935424
MD5:	7b6dcd6fcd1c26b9abdba167929f4c82
SHA1:	04f11f07ef4a51b16383b5dde94f1af405893b45
SHA256:	e38f6fab27253171688423b0792d38be81e4c01cceb35c7bca05d2ebfc011ae9
SHA512:	0a12c658607c69b203f3674a6097b86b925e29d00003b4e1c975e5bd09894eba722af22ced22c0c01ca555657eaa7251a908f36e0fabfe2f521aad9124d6b942
SSDEEP:	12288:pe+QDdzoa1cfNv+/O/OW9HiiwdIvL94CsAH0vJHlAMMLOV8SWRdXZIQFhZMRR3im:qDdEPflOO/OW9CkL9/fDxiMR/phUz
TLSH:	3815026D32A45381E7190FB66BA7814853397DBFF8D1D71E2989B29F097CB908201F27
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....1................0..>...........\... ...`....@.. ....................................@................................

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General

Entrypoint:	0x4e5c9a
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xBF0A3116 [Sun Jul 26 06:03:02 2071 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xe5c48	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xe6000	0x390	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xe8000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xe5c2c	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xe3ca0	0xe3e00	False	0.8989110497805815	data	7.830178117653337	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xe6000	0x390	0x400	False	0.3779296875	data	2.88981025898553	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xe8000	0xc	0x200	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_VERSION	0xe6058	0x334	data

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exePID: 5448, Parent PID: 3320

General

Target ID:	0
Start time:	10:45:26
Start date:	29/11/2022
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe
Imagebase:	0xcc0000
File size:	935424 bytes
MD5 hash:	7B6DCD6FCD1C26B9ABDBA167929F4C82
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.260745770.0000000003051000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.265052163.0000000004196000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.265052163.0000000004196000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.265052163.0000000004196000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.265052163.0000000004196000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exePID: 5572, Parent PID: 5448

General

Target ID:	1
Start time:	10:45:33
Start date:	29/11/2022
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe
Imagebase:	0x520000
File size:	935424 bytes
MD5 hash:	7B6DCD6FCD1C26B9ABDBA167929F4C82
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000000.257340997.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000000.257340997.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000000.257340997.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000000.257340997.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exePID: 5448, Parent PID: 3320COMMON

Execution Graph

Execution Coverage:	9.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	91
Total number of Limit Nodes:	9

Executed Functions

Function 015FB8A2 Relevance: 6.1, APIs: 4, Instructions: 122
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 015FB910
GetCurrentThread.KERNEL32 ref: 015FB94D
GetCurrentProcess.KERNEL32 ref: 015FB98A
GetCurrentThreadId.KERNEL32 ref: 015FB9E3

Memory Dump Source

Source File: 00000000.00000002.259995512.00000000015F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15f0000_SecuriteInfo.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: db63913a3eee56b09e76b4424a4167327b23857685bd5411d8cf8bd463a9a10a
Instruction ID: 852c7aa8186db29905f5586df7ec4b135af719f2597704424b5f0f501370a48f
Opcode Fuzzy Hash: db63913a3eee56b09e76b4424a4167327b23857685bd5411d8cf8bd463a9a10a
Instruction Fuzzy Hash: D65122B09002098FDB14CFAAD688BAEBBF1FF48318F24845DE559B7250DB74A944CF65

Uniqueness

Uniqueness Score: -1.00%

Function 015FB8B0 Relevance: 6.1, APIs: 4, Instructions: 120
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 015FB910
GetCurrentThread.KERNEL32 ref: 015FB94D
GetCurrentProcess.KERNEL32 ref: 015FB98A
GetCurrentThreadId.KERNEL32 ref: 015FB9E3

Memory Dump Source

Source File: 00000000.00000002.259995512.00000000015F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15f0000_SecuriteInfo.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 31d33048f9bb417f0a29a94363aaefe18a2c1acf4b57d9f550293de28f2b88f6
Instruction ID: b80ee3ceb0bc1ec0636363253237e5acf53f1c2784e10156168ab1805a7c8073
Opcode Fuzzy Hash: 31d33048f9bb417f0a29a94363aaefe18a2c1acf4b57d9f550293de28f2b88f6
Instruction Fuzzy Hash: A55132B09002098FDB14CFAAD688BAEBBF1FB48318F24845DE519B7350DB74A944CF65

Uniqueness

Uniqueness Score: -1.00%

Function 015F95B0 Relevance: 1.7, APIs: 1, Instructions: 192
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 015F97F6

Memory Dump Source

Source File: 00000000.00000002.259995512.00000000015F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15f0000_SecuriteInfo.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 802e5f5f0b8f60355eb1935be5d847afa39f793b180b01db8176c174e06eb8a8
Instruction ID: 8db5ab6a19cecad6ee82df0021ddf2f117ee954a775f4fb731d94e42276c7ad3
Opcode Fuzzy Hash: 802e5f5f0b8f60355eb1935be5d847afa39f793b180b01db8176c174e06eb8a8
Instruction Fuzzy Hash: 32711770A00B058FD724DF6AD44479ABBF5FF89218F00892EE656DBA50DB34E845CF91

Uniqueness

Uniqueness Score: -1.00%

Function 015F5365 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 015F5421

Memory Dump Source

Source File: 00000000.00000002.259995512.00000000015F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15f0000_SecuriteInfo.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 1498aac37cc85ab14b65c32f5ec23d5b6e83f4939382903e5a01601dbe79da86
Instruction ID: 0c202e0d3e8dddf48ac5cac04154a5bff759b115dc6f22047d474524b5a180ea
Opcode Fuzzy Hash: 1498aac37cc85ab14b65c32f5ec23d5b6e83f4939382903e5a01601dbe79da86
Instruction Fuzzy Hash: D841F271D0061CCFDB24DFA9C884BDEBBB1BF88308F64805AD508AB251EB755945CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 015F3E4C Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 015F5421

Memory Dump Source

Source File: 00000000.00000002.259995512.00000000015F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15f0000_SecuriteInfo.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: bd778cc4ed492fc16dc617c8595bee2a35e3946ba9d4399fe7c34d9cc17953c2
Instruction ID: ddd54d44b890f49f8fd0e9a14aedd69f14d1d5354d83a7c81043f5a8cffc846b
Opcode Fuzzy Hash: bd778cc4ed492fc16dc617c8595bee2a35e3946ba9d4399fe7c34d9cc17953c2
Instruction Fuzzy Hash: 3141E271D0461CCFDB24DFA9C884B9DBBF1BF88308F64805AD509AB251EB756945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 015FBB9A Relevance: 1.6, APIs: 1, Instructions: 90
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 015FBB5F

Memory Dump Source

Source File: 00000000.00000002.259995512.00000000015F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15f0000_SecuriteInfo.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 0b4b1d7243786e489f271348630b791b7e5ded50efa110d9d04ae112ad7be4cd
Instruction ID: 67c4ce024fac1b1cd4dd5160f89c38c3ed498b561482fbcbef6b906dc13ad053
Opcode Fuzzy Hash: 0b4b1d7243786e489f271348630b791b7e5ded50efa110d9d04ae112ad7be4cd
Instruction Fuzzy Hash: DA317E796403489FE714CF64F84AB6A3BBAFB88301F14402EF9029B396DBB95C44DB11

Uniqueness

Uniqueness Score: -1.00%

Function 015F8938 Relevance: 1.6, APIs: 1, Instructions: 78
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,015F9871,00000800,00000000,00000000), ref: 015F9A82

Memory Dump Source

Source File: 00000000.00000002.259995512.00000000015F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15f0000_SecuriteInfo.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: bf84add3a60e5fd01bedc10f01f6d5e631122c12cf95f67dfc2344f4456fef8d
Instruction ID: 1a6d043788c2e038beb1bd22bd08b27509a896979ebe5b990ab3746ae97bbb91
Opcode Fuzzy Hash: bf84add3a60e5fd01bedc10f01f6d5e631122c12cf95f67dfc2344f4456fef8d
Instruction Fuzzy Hash: BD3196B28043498FDB10CFA9C484BDEBFF4BB5A358F15846EE195AB200D374A905CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 015FBAD2 Relevance: 1.6, APIs: 1, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 015FBB5F

Memory Dump Source

Source File: 00000000.00000002.259995512.00000000015F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15f0000_SecuriteInfo.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 910448847357ed1856d5f66642f5b2407a6aaf7f43843c6da887ca6755aa2286
Instruction ID: 92672fe1e2cebac21919cd5d1df0bec893b991826a2aab406b0fd0480b25479f
Opcode Fuzzy Hash: 910448847357ed1856d5f66642f5b2407a6aaf7f43843c6da887ca6755aa2286
Instruction Fuzzy Hash: E121E3B5900208AFDB10CFAAD884ADEBBF8FF48324F14841AE954A7310D374A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 015FBAD8 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 015FBB5F

Memory Dump Source

Source File: 00000000.00000002.259995512.00000000015F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15f0000_SecuriteInfo.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 75debf54d5ca5769c7f24a1b2792a43cc5dd4172a41195faac1866e064932784
Instruction ID: fe43a7247b57d3a1e46920c1ccb5228c80a8df25591f738477fb84a26f21eeec
Opcode Fuzzy Hash: 75debf54d5ca5769c7f24a1b2792a43cc5dd4172a41195faac1866e064932784
Instruction Fuzzy Hash: 7221C4B5900208DFDB10CFAAD484ADEBBF5FB48324F14841AE955A7350D374A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 015F8920 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,015F9871,00000800,00000000,00000000), ref: 015F9A82

Memory Dump Source

Source File: 00000000.00000002.259995512.00000000015F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15f0000_SecuriteInfo.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 33c67593d506a544aa2442884cc7490835ec6e21264cbd024bc66ec3328e351d
Instruction ID: 39b6d6de7647dd8373aad81eeaf4f16b63871d043705d1ec223b851b3e8efb70
Opcode Fuzzy Hash: 33c67593d506a544aa2442884cc7490835ec6e21264cbd024bc66ec3328e351d
Instruction Fuzzy Hash: EC1103B69002098FDF14CF9AD484BDEBBF4FB88324F14842EE555AB200C3B4A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 015F9A10 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,015F9871,00000800,00000000,00000000), ref: 015F9A82

Memory Dump Source

Source File: 00000000.00000002.259995512.00000000015F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15f0000_SecuriteInfo.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 68eae7b9a6a115a609166c3680c835830732a6bbc5cad91dc35064f17c308c75
Instruction ID: 263169b77fc54fdf9c2c4d65d6692610b7e670acf7a6062a30413deaecb5c87e
Opcode Fuzzy Hash: 68eae7b9a6a115a609166c3680c835830732a6bbc5cad91dc35064f17c308c75
Instruction Fuzzy Hash: D711F2B68002099FDB10CF9AD484BDEBBF8EB88228F14841EE559A7200C374A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 015F9790 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 015F97F6

Memory Dump Source

Source File: 00000000.00000002.259995512.00000000015F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15f0000_SecuriteInfo.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 1f432ebe4fedafae0085157a0ee23802e1bd9c9610a13450d10dc3225c6075c2
Instruction ID: 2e6f7414bd9d3e98dc6640f3192b9bd25e91eb44082de1889736167230281376
Opcode Fuzzy Hash: 1f432ebe4fedafae0085157a0ee23802e1bd9c9610a13450d10dc3225c6075c2
Instruction Fuzzy Hash: 6711DFB6C007498FDB14CF9AD444BDEFBF8AB89228F14842ED529B7600D378A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 015FE790 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.259995512.00000000015F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ba812c2b76ae4ef6faf5a9adb248535d069d2fc4e1fd06d2b9c7ae17e305f70
Instruction ID: 7768cebb20b8109ba5306870aa476b78645a436c2d003a58832aec678950173d
Opcode Fuzzy Hash: 2ba812c2b76ae4ef6faf5a9adb248535d069d2fc4e1fd06d2b9c7ae17e305f70
Instruction Fuzzy Hash: A512FAF24917468AD330CF65EC98188BB71F7C7328B58620BDA631AAD8D7B4016ACF44

Uniqueness

Uniqueness Score: -1.00%

Function 015FC334 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.259995512.00000000015F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c272224267dd02c20ff4648f546797e967d26403c93385f3db456ff2e8898f4a
Instruction ID: 101158962e98da49e5d50495ed9a92c25e9092cefae4ecfa3501f84bb3826cef
Opcode Fuzzy Hash: c272224267dd02c20ff4648f546797e967d26403c93385f3db456ff2e8898f4a
Instruction Fuzzy Hash: B3A17F32E0061A8FCF15DFA5C9449DEBBB2FF85300B15856AEA05AF261EB71A915CF40

Uniqueness

Uniqueness Score: -1.00%

Function 015FE78A Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.259995512.00000000015F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fb3babae1ed4db461fc579dbad0a8c2509bdbecfddf25cf0007d9ce48982e04
Instruction ID: d1c54859c2d4666f7ff543f824fe7e3dd2202d5e70112b6660e6af41d8387a44
Opcode Fuzzy Hash: 0fb3babae1ed4db461fc579dbad0a8c2509bdbecfddf25cf0007d9ce48982e04
Instruction Fuzzy Hash: B3C14CB24517468BD320CF65EC98189BB71FBC7328F58620BD6632B6D8D7B4146ACF84

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exePID: 5572, Parent PID: 5448COMMON

Execution Graph

Execution Coverage:	0%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	34.4%
Total number of Nodes:	32
Total number of Limit Nodes:	1

Executed Functions

Function 01069860 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0106986A

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c52e53d3c70cf7168588f3d49db6cb11f1392881e10cd5cb523b0113ebbeea6b
Instruction ID: c4cda8ad707ab5b2deb96e209e7c2ba582c137773815e457664959b2645da00e
Opcode Fuzzy Hash: c52e53d3c70cf7168588f3d49db6cb11f1392881e10cd5cb523b0113ebbeea6b
Instruction Fuzzy Hash: 1D90027160100913E111619985047070109ABD0281F91C412A0815558DD6968952B265

Uniqueness

Uniqueness Score: -1.00%

Function 01069660 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0106966A

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a90a62a5267bde67231b6ee0701687b10417c8f660792dbd998c7a84e8b1f6c5
Instruction ID: c2347d792c8935a6d60945efa5993d548a4a7cbd82b7dd73b4fb5c876b9b47d7
Opcode Fuzzy Hash: a90a62a5267bde67231b6ee0701687b10417c8f660792dbd998c7a84e8b1f6c5
Instruction Fuzzy Hash: D590027160100D02E1807199840464A0105ABD1341F91C015A0416654DCA558A5977E5

Uniqueness

Uniqueness Score: -1.00%

Function 010696E0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 010696EA

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5bc2a00537f1db96939678af4f5c5af999792e6d9c4d886102c33126367730d1
Instruction ID: eeac71630dfe6114d9472378a0ee4da4377d205c875c2051931f9fe054c61e8b
Opcode Fuzzy Hash: 5bc2a00537f1db96939678af4f5c5af999792e6d9c4d886102c33126367730d1
Instruction Fuzzy Hash: 6790027160108D02E1106199C40474A0105ABD0341F55C411A4815658DC6D588917265

Uniqueness

Uniqueness Score: -1.00%

Function 0106967A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01069694

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 61e753ea3b16b818f7267f71f7efcfa856327577621943e74bbc0c1288b50911
Instruction ID: 2709472ac30df6bb60d4c50ef82b7ea5ff70ec0a8a7b5e7808a70afd7c0f4123
Opcode Fuzzy Hash: 61e753ea3b16b818f7267f71f7efcfa856327577621943e74bbc0c1288b50911
Instruction Fuzzy Hash: 11B09B71D015C5C9E651D7A447087177A447BD4745F16C051E1420681B4778C491F6B5

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 010DB260 Relevance: 37.8, Strings: 30, Instructions: 262
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

*** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 010DB53F
The resource is owned exclusively by thread %p, xrefs: 010DB374
an invalid address, %p, xrefs: 010DB4CF
*** Resource timeout (%p) in %ws:%s, xrefs: 010DB352
The instruction at %p referenced memory at %p., xrefs: 010DB432
The critical section is owned by thread %p., xrefs: 010DB3B9
This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 010DB484
The resource is owned shared by %d threads, xrefs: 010DB37E
*** enter .cxr %p for the context, xrefs: 010DB50D
The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 010DB323
*** then kb to get the faulting stack, xrefs: 010DB51C
read from, xrefs: 010DB4AD, 010DB4B2
*** A stack buffer overrun occurred in %ws:%s, xrefs: 010DB2F3
This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 010DB305
write to, xrefs: 010DB4A6
The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 010DB38F
If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 010DB314
*** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 010DB2DC
This means that the I/O device reported an I/O error. Check your hardware., xrefs: 010DB476
*** An Access Violation occurred in %ws:%s, xrefs: 010DB48F
a NULL pointer, xrefs: 010DB4E0
*** Inpage error in %ws:%s, xrefs: 010DB418
*** enter .exr %p for the exception record, xrefs: 010DB4F1
This failed because of error %Ix., xrefs: 010DB446
<unknown>, xrefs: 010DB27E, 010DB2D1, 010DB350, 010DB399, 010DB417, 010DB48E
The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 010DB3D6
*** Critical Section Timeout (%p) in %ws:%s, xrefs: 010DB39B
The instruction at %p tried to %s , xrefs: 010DB4B6
Go determine why that thread has not released the critical section., xrefs: 010DB3C5
This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 010DB47D

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
API String ID: 0-108210295
Opcode ID: 37fe8f226ec186f735ea733bdc16873114481996a84a1c103656db29a9973439
Instruction ID: 479f599f9f6364176d8fdb48676e9cb9a8fc7c62495f8b1ed34724825d854a6d
Opcode Fuzzy Hash: 37fe8f226ec186f735ea733bdc16873114481996a84a1c103656db29a9973439
Instruction Fuzzy Hash: 55812335A40310FFDB22AE4ADC89EBF3B66BF57A51F424088F5841F116D76A8501DBB2

Uniqueness

Uniqueness Score: -1.00%

Function 010E1C06 Relevance: 31.4, Strings: 25, Instructions: 195
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 44%

			E010E1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x10048a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0102B150();
				} else {
					E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x111589c);
				E0102B150("Heap error detected at %p (heap handle %p)\n",  *0x11158a0);
				_t27 =  *0x1115898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M010E1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0102B150();
				} else {
					E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E0102B150("Error code: %d - %s\n",  *0x1115898);
				_t113 =  *0x11158a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0102B150();
					} else {
						E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0102B150("Parameter1: %p\n",  *0x11158a4);
				}
				_t115 =  *0x11158a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0102B150();
					} else {
						E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0102B150("Parameter2: %p\n",  *0x11158a8);
				}
				_t117 =  *0x11158ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0102B150();
					} else {
						E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0102B150("Parameter3: %p\n",  *0x11158ac);
				}
				_t119 =  *0x11158b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0102B150();
					} else {
						E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x11158b4);
					E0102B150("Last known valid blocks: before - %p, after - %p\n",  *0x11158b0);
				} else {
					_t120 =  *0x11158b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0102B150();
				} else {
					E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E0102B150("Stack trace available at %p\n", 0x11158c0);
			}

0x010e1c10
0x010e1c16
0x010e1c1e
0x010e1c3d
0x010e1c3e
0x010e1c20
0x010e1c35
0x010e1c3a
0x010e1c44
0x010e1c55
0x010e1c5a
0x010e1c65
0x010e1c67
0x00000000
0x010e1c6e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x010e1c67
0x010e1cdc
0x010e1ce5
0x010e1d04
0x010e1d05
0x010e1ce7
0x010e1cfc
0x010e1d01
0x010e1d0b
0x010e1d17
0x010e1d1f
0x010e1d25
0x010e1d30
0x010e1d4f
0x010e1d50
0x010e1d32
0x010e1d47
0x010e1d4c
0x010e1d61
0x010e1d67
0x010e1d68
0x010e1d6e
0x010e1d79
0x010e1d98
0x010e1d99
0x010e1d7b
0x010e1d90
0x010e1d95
0x010e1daa
0x010e1db0
0x010e1db1
0x010e1db7
0x010e1dc2
0x010e1de1
0x010e1de2
0x010e1dc4
0x010e1dd9
0x010e1dde
0x010e1df3
0x010e1df9
0x010e1dfa
0x010e1e00
0x010e1e0a
0x010e1e13
0x010e1e32
0x010e1e33
0x010e1e15
0x010e1e2a
0x010e1e2f
0x010e1e39
0x010e1e4a
0x010e1e02
0x010e1e02
0x010e1e08
0x00000000
0x00000000
0x010e1e08
0x010e1e5b
0x010e1e7a
0x010e1e7b
0x010e1e5d
0x010e1e72
0x010e1e77
0x010e1e95

Strings

heap_failure_buffer_underrun, xrefs: 010E1C9F
Stack trace available at %p, xrefs: 010E1E86
heap_failure_usage_after_free, xrefs: 010E1CBB
heap_failure_buffer_overrun, xrefs: 010E1C98
Heap error detected at %p (heap handle %p), xrefs: 010E1C50
heap_failure_listentry_corruption, xrefs: 010E1CD0
heap_failure_freelists_corruption, xrefs: 010E1CC9
heap_failure_unknown, xrefs: 010E1C75
HEAP[%wZ]: , xrefs: 010E1C30, 010E1CF7, 010E1D42, 010E1D8B, 010E1DD4, 010E1E25, 010E1E6D
heap_failure_multiple_entries_corruption, xrefs: 010E1C8A
heap_failure_lfh_bitmap_mismatch, xrefs: 010E1CD7
Parameter2: %p, xrefs: 010E1DA5
heap_failure_entry_corruption, xrefs: 010E1C83
heap_failure_invalid_argument, xrefs: 010E1CAD
HEAP: , xrefs: 010E1C16, 010E1C3D, 010E1D04, 010E1D4F, 010E1D98, 010E1DE1, 010E1E32, 010E1E7A
heap_failure_internal, xrefs: 010E1C6E
heap_failure_generic, xrefs: 010E1C7C
heap_failure_cross_heap_operation, xrefs: 010E1CC2
Parameter3: %p, xrefs: 010E1DEE
Error code: %d - %s, xrefs: 010E1D12
heap_failure_virtual_block_corruption, xrefs: 010E1C91
Parameter1: %p, xrefs: 010E1D5C
Last known valid blocks: before - %p, after - %p, xrefs: 010E1E45
heap_failure_invalid_allocation_type, xrefs: 010E1CB4
heap_failure_block_not_busy, xrefs: 010E1CA6

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
API String ID: 0-2897834094
Opcode ID: 9d49dd7fd3454559bf2348e1def81ad900d45754d15d824192dbfa95ab0c8539
Instruction ID: 9378a834cf88d65bb6ea48183bba5607937e76a7dcf7e5cf9902c4ec785abb77
Opcode Fuzzy Hash: 9d49dd7fd3454559bf2348e1def81ad900d45754d15d824192dbfa95ab0c8539
Instruction Fuzzy Hash: 2D610932514155DFD366AB8BE488E28B3E5EB44A30BD9807EFCC99F341D6399C908B09

Uniqueness

Uniqueness Score: -1.00%

Function 0105C9BF Relevance: 14.2, Strings: 11, Instructions: 412
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 77%

			E0105C9BF(signed int __ecx, signed int __edx, signed int _a4, intOrPtr _a12) {
				signed int _v12;
				char _v552;
				char _v1072;
				char _v1073;
				signed int _v1080;
				signed int _v1084;
				signed short _v1088;
				signed int _v1092;
				signed short _v1094;
				char _v1096;
				char _v1100;
				intOrPtr _v1104;
				signed int _v1108;
				char _v1112;
				char _v1116;
				signed short _v1120;
				char _v1124;
				char* _v1128;
				char _v1132;
				char _v1135;
				char _v1136;
				signed int _v1140;
				char _v1144;
				intOrPtr _v1148;
				short _v1150;
				char _v1152;
				signed int _v1156;
				char* _v1160;
				char _v1164;
				signed int _v1168;
				signed int _v1172;
				intOrPtr _v1176;
				intOrPtr _v1180;
				char _v1184;
				signed int _v1188;
				signed int _v1192;
				intOrPtr _v1196;
				char* _v1200;
				intOrPtr _v1204;
				char _v1208;
				char _v1216;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t166;
				void* _t184;
				signed short _t188;
				char _t199;
				intOrPtr _t200;
				signed int _t205;
				signed int _t207;
				intOrPtr _t218;
				short _t219;
				char _t236;
				char _t242;
				signed int _t253;
				intOrPtr _t258;
				void* _t260;
				signed int _t272;
				void* _t276;
				unsigned int _t277;
				signed short _t279;
				signed int _t280;
				void* _t281;
				void* _t305;

				_t271 = __edx;
				_v12 =  *0x111d360 ^ _t280;
				_t253 = _a4;
				_v1104 = _a12;
				_t272 = __ecx;
				_v1160 =  &_v1072;
				_v1168 = __ecx;
				_t166 = 0;
				_v1073 = 0;
				_v1084 = 0;
				_t274 = 0;
				_v1156 = 0;
				_v1164 = 0x2080000;
				_v1096 = 0;
				_v1092 = 0;
				_v1112 = 0;
				_v1108 = 0;
				_v1100 = 0;
				if(__ecx == 0) {
					L67:
					_push(_t166);
					_push(_t253);
					_push(_t271);
					_push(_t272);
					E010B5720(0x33, 0, "SXS: %s() bad parameters\nSXS:   Map                : %p\nSXS:   Data               : %p\nSXS:   AssemblyRosterIndex: 0x%lx\nSXS:   Map->AssemblyCount : 0x%lx\n", "RtlpResolveAssemblyStorageMapEntry");
					_t274 = 0xc000000d;
					L21:
					if(_v1073 == 0) {
						L23:
						if(_v1092 != 0) {
							E0102AD30(_v1092);
						}
						L24:
						if(_v1084 != 0) {
							_push(_v1084);
							E010695D0();
						}
						_t170 = _v1156;
						if(_v1156 != 0) {
							L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t170);
						}
						L26:
						return E0106B640(_t274, _t253, _v12 ^ _t280, _t271, _t272, _t274);
					}
					L22:
					_v1144 = _v1100;
					E0105CCC0(4,  &_v1144, _v1104);
					goto L23;
				}
				if(__edx == 0 || _t253 < 1 || _t253 >  *((intOrPtr*)(__ecx + 4))) {
					_t166 =  *((intOrPtr*)(_t272 + 4));
					goto L67;
				} else {
					if( *((intOrPtr*)( *((intOrPtr*)(__ecx + 8)) + _t253 * 4)) != 0) {
						goto L26;
					}
					asm("lfence");
					_t258 =  *((intOrPtr*)(__edx + 0x18));
					_t260 =  *((intOrPtr*)(_t258 + __edx + 0x10)) + __edx;
					_t276 =  *((intOrPtr*)(_t253 * 0x18 +  *((intOrPtr*)(_t258 + __edx + 0xc)) + __edx + 0x10)) + __edx;
					_t181 =  *((intOrPtr*)(_t276 + 0x50));
					if( *((intOrPtr*)(_t276 + 0x50)) > 0xfffe) {
						_push(__edx);
						E010B5720(0x33, 0, "SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p\n", _t181);
						_t274 = 0xc0000106;
						goto L23;
					}
					if(( *(_t276 + 4) & 0x00000010) != 0) {
						_v1080 =  &_v1164;
						_t272 =  *((intOrPtr*)(_t276 + 0x18)) + _t260;
						if(_t272 != 0) {
							_t184 = L010713D0(_t272, 0x5c);
							if(_t184 != 0) {
								_t188 = 0x00000004 + (_t184 - _t272 >> 0x00000001) * 0x00000002 & 0x0000ffff;
								_v1088 = _t188;
								_t277 = _t188 & 0x0000ffff;
								if(_t188 <= 0x208) {
									_t264 = _v1080;
									L39:
									E0106F3E0( *((intOrPtr*)(_t264 + 4)), _t272, _t277 - 2);
									_t281 = _t281 + 0xc;
									 *((short*)( *((intOrPtr*)(_v1080 + 4)) + (_t277 >> 1) * 2 - 2)) = 0;
									 *_v1080 = _v1088 + 0xfffffffe;
									L18:
									if(_v1084 == 0) {
										if(E01036A00( *((intOrPtr*)(_v1080 + 4)),  &_v1112, 0,  &_v1184) != 0) {
											_v1156 = _v1108;
											_t199 = _v1184;
											if(_t199 == 0) {
												_t200 = 0;
											} else {
												_v1112 = _t199;
												_v1108 = _v1180;
												_t200 = _v1176;
											}
											_v1192 = _v1192 & 0x00000000;
											_v1188 = _v1188 & 0x00000000;
											_v1204 = _t200;
											_push(0x21);
											_v1200 =  &_v1112;
											_push(3);
											_push( &_v1216);
											_v1208 = 0x18;
											_push( &_v1208);
											_push(0x100020);
											_v1196 = 0x40;
											_push( &_v1084);
											_t205 = E01069830();
											_t272 = _v1172;
											_t274 = _t205;
											if(_t272 != 0) {
												asm("lock xadd [edi], eax");
												if((_t205 | 0xffffffff) == 0) {
													_push( *((intOrPtr*)(_t272 + 4)));
													E010695D0();
													L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t272);
												}
											}
											if(_t274 >= 0) {
												goto L19;
											} else {
												_push(_t274);
												E010B5720(0x33, 0, "SXS: Unable to open assembly directory under storage root \"%S\"; Status = 0x%08lx\n",  *((intOrPtr*)(_v1080 + 4)));
												goto L21;
											}
										}
										E010B5720(0x33, 0, "SXS: Attempt to translate DOS path name \"%S\" to NT format failed\n",  *((intOrPtr*)(_v1080 + 4)));
										_t274 = 0xc000003a;
										goto L21;
									}
									L19:
									_t271 = _t253;
									_t207 = E0105CE6C(_v1168, _t253, _v1080,  &_v1084);
									_t274 = _t207;
									if(_t207 < 0) {
										E010B5720(0x33, 0, "SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx\n", _t274);
									} else {
										_t274 = 0;
									}
									goto L21;
								}
								_v1094 = _t188;
								_t218 = E01043A1C(_t277);
								_v1092 = _t218;
								if(_t218 != 0) {
									_t264 =  &_v1096;
									_v1080 =  &_v1096;
									goto L39;
								}
								_t274 = 0xc0000017;
								goto L24;
							}
							_t274 = 0xc00000e5;
							goto L23;
						}
						_t274 = 0xc00000e5;
						goto L26;
					}
					_v1080 = _v1080 & 0x00000000;
					_t219 =  *((intOrPtr*)(_t276 + 0x50));
					_v1152 = _t219;
					_v1150 = _t219;
					_v1144 = __edx;
					_v1148 =  *((intOrPtr*)(_t276 + 0x54)) + _t260;
					_v1140 = _t253;
					_v1128 =  &_v552;
					_v1136 = 0;
					_v1132 = 0x2160000;
					_v1124 = 0;
					_v1116 = 0;
					_v1120 = 0;
					E0105CCC0(1,  &_v1144, _v1104);
					if(_v1116 != 0) {
						_t274 = 0xc0000120;
						goto L23;
					}
					if(_v1124 != 0) {
						_t271 =  &_v1132;
						_t274 = E0105CF6A( &_v1132,  &_v1152,  &_v1164,  &_v1096,  &_v1080,  &_v1084);
						if(_t274 >= 0) {
							_t271 = _t253;
							_t274 = E0105CE6C(_t272, _t253,  &_v1132,  &_v1084);
							if(_t274 < 0) {
								_push(_t274);
								_push(_t253);
								_push("SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx\n");
								L44:
								_push(0);
								_push(0x33);
								E010B5720();
								goto L23;
							}
							_t274 = 0;
							goto L23;
						}
						_push(_t274);
						_push( &_v1132);
						_push("SXS: Attempt to probe known root of assembly storage (\"%wZ\") failed; Status = 0x%08lx\n");
						goto L44;
					}
					_t279 = _v1120;
					_t272 = 0;
					_t236 = _v1136;
					_v1100 = _t236;
					_v1088 = _t279;
					_v1073 = 1;
					if(_t279 == 0) {
						L16:
						_t305 = _t272 - _t279;
						L17:
						if(_t305 == 0) {
							L54:
							_push(_t272);
							E010B5720(0x33, 0, "SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries\n",  &_v1152);
							_t274 = 0xc0150004;
							goto L22;
						}
						goto L18;
					} else {
						goto L10;
					}
					while(1) {
						L10:
						_v1144 = _t236;
						_v1128 =  &_v552;
						_v1140 = _t272;
						_v1132 = 0x2160000;
						_v1136 = 0;
						E0105CCC0(2,  &_v1144, _v1104);
						if(_v1136 != 0) {
							break;
						}
						_t242 = _v1132;
						if(_v1135 != 0) {
							if(_t242 == 0) {
								goto L54;
							}
							_t119 = _t272 + 1; // 0x1
							_t279 = _t119;
							_v1088 = _t279;
						}
						if(_t242 == 0) {
							L27:
							_t272 = _t272 + 1;
							if(_t272 >= _t279) {
								goto L17;
							} else {
								_t236 = _v1100;
								continue;
							}
						}
						if(_v1084 != 0) {
							_push(_v1084);
							E010695D0();
							_v1084 = _v1084 & 0x00000000;
						}
						_t271 =  &_v1132;
						_t274 = E0105CF6A( &_v1132,  &_v1152,  &_v1164,  &_v1096,  &_v1080,  &_v1084);
						if(_t274 < 0) {
							if(_t274 != 0xc0150004) {
								_push(_t274);
								_push( &_v1152);
								E010B5720(0x33, 0, "SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx\n",  &_v1132);
								goto L22;
							}
							_t279 = _v1088;
							goto L27;
						} else {
							_t279 = _v1088;
							goto L16;
						}
					}
					_t274 = 0xc0000120;
					goto L22;
				}
			}

0x0105c9bf
0x0105c9d1
0x0105c9d8
0x0105c9dc
0x0105c9e9
0x0105c9eb
0x0105c9f3
0x0105c9f9
0x0105c9fb
0x0105ca01
0x0105ca07
0x0105ca09
0x0105ca0f
0x0105ca19
0x0105ca1f
0x0105ca25
0x0105ca2b
0x0105ca31
0x0105ca39
0x0109ac23
0x0109ac23
0x0109ac24
0x0109ac25
0x0109ac26
0x0109ac34
0x0109ac3c
0x0105cc3c
0x0105cc43
0x0105cc65
0x0105cc6c
0x0109ac4c
0x0109ac4c
0x0105cc72
0x0105cc79
0x0109ac56
0x0109ac5c
0x0109ac5c
0x0105cc7f
0x0105cc87
0x0109ac72
0x0109ac72
0x0105cc8d
0x0105cc9f
0x0105cc9f
0x0105cc45
0x0105cc51
0x0105cc60
0x00000000
0x0105cc60
0x0105ca41
0x0109ac20
0x00000000
0x0105ca59
0x0105ca5f
0x00000000
0x00000000
0x0105ca65
0x0105ca68
0x0105ca76
0x0105ca7c
0x0105ca7e
0x0105ca86
0x0109a8ea
0x0109a8f5
0x0109a8fd
0x00000000
0x0109a8fd
0x0105ca90
0x0109a90d
0x0109a916
0x0109a918
0x0109a927
0x0109a930
0x0109a94c
0x0109a94f
0x0109a955
0x0109a95b
0x0109a98c
0x0109a992
0x0109a99a
0x0109a9a9
0x0109a9af
0x0109a9c3
0x0105cc09
0x0105cc10
0x0109ab03
0x0109ab2f
0x0109ab35
0x0109ab3e
0x0109ab5a
0x0109ab40
0x0109ab40
0x0109ab4c
0x0109ab52
0x0109ab52
0x0109ab5c
0x0109ab63
0x0109ab6a
0x0109ab76
0x0109ab78
0x0109ab84
0x0109ab86
0x0109ab8d
0x0109ab97
0x0109ab98
0x0109aba3
0x0109abad
0x0109abae
0x0109abb3
0x0109abb9
0x0109abbd
0x0109abc2
0x0109abc6
0x0109abc8
0x0109abcb
0x0109abdc
0x0109abdc
0x0109abc6
0x0109abe3
0x00000000
0x0109abe9
0x0109abef
0x0109abfc
0x00000000
0x0109ac01
0x0109abe3
0x0109ab17
0x0109ab1f
0x00000000
0x0109ab1f
0x0105cc16
0x0105cc29
0x0105cc2b
0x0105cc30
0x0105cc34
0x0109ac13
0x0105cc3a
0x0105cc3a
0x0105cc3a
0x00000000
0x0105cc34
0x0109a95e
0x0109a965
0x0109a96a
0x0109a972
0x0109a97e
0x0109a984
0x00000000
0x0109a984
0x0109a974
0x00000000
0x0109a974
0x0109a932
0x00000000
0x0109a932
0x0109a91a
0x00000000
0x0109a91a
0x0105ca96
0x0105ca9d
0x0105caa7
0x0105caae
0x0105caba
0x0105cac0
0x0105cace
0x0105cad4
0x0105cae3
0x0105cae9
0x0105caf3
0x0105caf9
0x0105caff
0x0105cb05
0x0105cb11
0x0109a9cb
0x00000000
0x0109a9cb
0x0105cb1e
0x0109a9f8
0x0109aa03
0x0109aa07
0x0109aa36
0x0109aa47
0x0109aa4b
0x0109aa18
0x0109aa19
0x0109aa1a
0x0109aa1f
0x0109aa1f
0x0109aa21
0x0109aa23
0x00000000
0x0109aa28
0x0109aa4d
0x00000000
0x0109aa4d
0x0109aa09
0x0109aa10
0x0109aa11
0x00000000
0x0109aa11
0x0105cb24
0x0105cb2a
0x0105cb2c
0x0105cb32
0x0105cb38
0x0105cb3e
0x0105cb47
0x0105cc01
0x0105cc01
0x0105cc03
0x0105cc03
0x0109aac0
0x0109aac0
0x0109aad1
0x0109aad9
0x00000000
0x0109aad9
0x00000000
0x00000000
0x00000000
0x00000000
0x0105cb4d
0x0105cb4d
0x0105cb53
0x0105cb5f
0x0105cb6e
0x0105cb74
0x0105cb7e
0x0105cb87
0x0105cb93
0x00000000
0x00000000
0x0105cba0
0x0105cba7
0x0109aa57
0x00000000
0x00000000
0x0109aa59
0x0109aa59
0x0109aa5c
0x0109aa5c
0x0105cbb0
0x0105cca2
0x0105cca2
0x0105cca5
0x00000000
0x0105ccab
0x0105ccab
0x00000000
0x0105ccab
0x0105cca5
0x0105cbbd
0x0109aa67
0x0109aa6d
0x0109aa72
0x0109aa72
0x0105cbe6
0x0105cbf1
0x0105cbf5
0x0109aa84
0x0109aa91
0x0109aa98
0x0109aaa9
0x00000000
0x0109aaae
0x0109aa86
0x00000000
0x0105cbfb
0x0105cbfb
0x00000000
0x0105cbfb
0x0105cbf5
0x0109aab6
0x00000000
0x0109aab6

Strings

SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 0109AAA0
SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 0109ABF3
SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 0109AC0A
SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 0109AA11
SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 0109AAC8
SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 0109AC2C
SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 0109AB0E
SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 0109A8EC
SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 0109AA1A
@, xrefs: 0109ABA3
RtlpResolveAssemblyStorageMapEntry, xrefs: 0109AC27

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
API String ID: 0-4009184096
Opcode ID: f91d3fcf1a9a0b5900d318db8c7eebd047babc5fdfc7b59e919e5fa064a18d02
Instruction ID: bff6da763cc1462f7806dc710977b3c985a86ffea9d2b1af6469c91a924d82a2
Opcode Fuzzy Hash: f91d3fcf1a9a0b5900d318db8c7eebd047babc5fdfc7b59e919e5fa064a18d02
Instruction Fuzzy Hash: 3B026EF1E002299BEF61DB14CD80BDEB7B8AF54714F4041DAEA89A7241DB319E84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 010E4AEF Relevance: 11.8, Strings: 9, Instructions: 529
COMMONCrypto

Download Yara Rule

C-Code - Quality: 59%

			E010E4AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				void* _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				void* _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E0102B150();
						} else {
							E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E0102B150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0102B150();
					} else {
						E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E010DFA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E0102B150();
						} else {
							E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E0102B150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E0102B150();
								} else {
									E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E0102B150();
									} else {
										E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E0102B150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E010DFA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E0102B150();
										} else {
											E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E0107D540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E0102B150();
								} else {
									E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E010EA80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E0104E12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E010EA80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E0104E4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E0104A229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E0104A309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E0104BC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E010D23E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E01021F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}

0x010e4af7
0x010e4afb
0x010e4afd
0x010e4b01
0x010e4b03
0x010e4b08
0x010e4b0a
0x010e4b0f
0x010e4eb5
0x010e4eb5
0x010e4ebb
0x010e50d5
0x010e50d8
0x010e4ff6
0x00000000
0x010e4ff6
0x010e50de
0x010e50e4
0x010e50e8
0x010e5107
0x010e510c
0x010e50ea
0x010e50ff
0x010e5104
0x010e5112
0x010e5115
0x010e5118
0x010e5119
0x010e50cb
0x010e50cb
0x010e50af
0x00000000
0x010e50af
0x010e4ecb
0x010e50b6
0x010e50bb
0x010e4ed1
0x010e4ee6
0x010e4eeb
0x010e50c1
0x010e50c2
0x010e50c5
0x010e50c6
0x00000000
0x00000000
0x00000000
0x00000000
0x010e4b15
0x010e4b15
0x010e4b1c
0x010e4b1e
0x010e4b23
0x010e4b27
0x010e4b33
0x010e4b38
0x010e4b3a
0x010e4b3c
0x010e4b41
0x010e4b41
0x010e4b3a
0x010e4b52
0x010e5045
0x010e504b
0x010e504f
0x010e506e
0x010e5073
0x010e5051
0x010e5066
0x010e506b
0x010e5083
0x010e5088
0x010e5088
0x010e508a
0x010e5091
0x010e5099
0x010e5099
0x010e509d
0x010e50a7
0x010e50ad
0x010e50ad
0x010e50ad
0x00000000
0x010e509d
0x010e4b58
0x010e4b5b
0x010e4b5e
0x010e4b63
0x010e4b66
0x010e4b69
0x010e4b6f
0x010e4be4
0x010e4bf0
0x010e4bf2
0x010e4bf5
0x010e4dc3
0x010e4dc6
0x010e4dc9
0x010e4dce
0x010e4dce
0x010e4dd0
0x010e4dd0
0x010e4dd5
0x010e4def
0x010e4dd7
0x010e4de7
0x010e4de7
0x010e4df3
0x010e5001
0x010e5007
0x010e500b
0x010e502a
0x010e502f
0x010e500d
0x010e5022
0x010e5027
0x010e5039
0x010e503a
0x010e503b
0x00000000
0x010e4df9
0x010e4dfd
0x010e4e90
0x010e4e94
0x010e4e9e
0x010e4ea4
0x010e4ea4
0x010e4ea4
0x010e4ea6
0x010e4ea6
0x00000000
0x010e4ea6
0x010e4e03
0x010e4e08
0x010e4f88
0x010e4f92
0x010e4f99
0x010e4f9c
0x010e4fe0
0x010e4fe4
0x010e4fee
0x010e4ff4
0x010e4ff4
0x010e4ff4
0x00000000
0x010e4fe4
0x010e4f9e
0x010e4fa4
0x010e4fa8
0x010e4fc7
0x010e4fcc
0x010e4faa
0x010e4fbf
0x010e4fc4
0x010e4fd2
0x010e4fd5
0x010e4fd6
0x010e4f34
0x010e4f34
0x00000000
0x010e4f39
0x010e4e0e
0x010e4e14
0x010e4e1b
0x010e4e25
0x010e4e2b
0x010e4e2b
0x010e4e33
0x010e4e38
0x010e4e8a
0x010e4e8a
0x00000000
0x010e4e3a
0x010e4e3e
0x010e4e43
0x010e4e47
0x010e4e53
0x010e4e58
0x010e4e5a
0x010e4e5c
0x010e4e61
0x010e4e61
0x010e4e5a
0x010e4e6e
0x010e4f41
0x010e4f47
0x010e4f4b
0x010e4f6a
0x010e4f6f
0x010e4f4d
0x010e4f62
0x010e4f67
0x010e4f7f
0x010e4f80
0x010e4f81
0x00000000
0x010e4e74
0x010e4e78
0x010e4e82
0x010e4e88
0x010e4e88
0x00000000
0x010e4e78
0x010e4e6e
0x010e4e38
0x010e4df3
0x010e4bfe
0x010e4c01
0x010e4c04
0x010e4c07
0x010e4c09
0x010e4c0c
0x010e4c0e
0x010e4c0e
0x010e4c11
0x010e4c11
0x010e4c0c
0x010e4c14
0x010e4c17
0x010e4dae
0x010e4db2
0x010e4db7
0x010e4dba
0x010e4dbd
0x010e4ef1
0x010e4ef7
0x010e4efb
0x010e4f1a
0x010e4f1f
0x010e4efd
0x010e4f12
0x010e4f17
0x010e4f2b
0x010e4f2b
0x010e4f2d
0x010e4f2e
0x010e4f2f
0x00000000
0x010e4f2f
0x00000000
0x010e4c1d
0x010e4c1d
0x010e4c20
0x010e4c23
0x010e4c26
0x010e4c29
0x010e4c2c
0x010e4c2e
0x010e4d91
0x010e4d91
0x010e4d92
0x010e4d97
0x010e4d9e
0x00000000
0x010e4d9e
0x010e4c34
0x010e4c37
0x010e4c39
0x010e4c3c
0x00000000
0x00000000
0x010e4c45
0x010e4c48
0x010e4c4e
0x010e4c50
0x010e4c78
0x010e4c78
0x010e4c7b
0x010e4c7d
0x010e4c80
0x010e4c84
0x010e4cad
0x010e4cad
0x010e4cb0
0x010e4cb8
0x010e4cbb
0x010e4cbe
0x010e4cc1
0x010e4cc7
0x010e4cdc
0x010e4cc9
0x010e4cd2
0x010e4cd4
0x010e4cd4
0x010e4cde
0x010e4ce0
0x010e4d13
0x010e4d13
0x010e4d16
0x010e4d18
0x010e4d29
0x010e4d2a
0x010e4d2c
0x010e4d34
0x010e4d1a
0x010e4d1a
0x010e4d1a
0x010e4d1d
0x010e4d1f
0x010e4d22
0x010e4d24
0x010e4d24
0x010e4d3c
0x010e4d3f
0x010e4d45
0x010e4d47
0x010e4d6c
0x010e4d6c
0x010e4d70
0x010e4d7e
0x010e4d84
0x010e4d84
0x00000000
0x010e4d49
0x010e4d49
0x010e4d56
0x010e4d56
0x010e4d59
0x00000000
0x00000000
0x010e4d4e
0x010e4d50
0x010e4d52
0x010e4d8e
0x010e4d5d
0x010e4d5f
0x010e4d67
0x00000000
0x010e4d67
0x010e4d54
0x010e4d54
0x010e4d5b
0x00000000
0x010e4d5b
0x010e4ce2
0x010e4ce2
0x010e4ce5
0x010e4ce5
0x010e4ce7
0x010e4cfb
0x010e4ce9
0x010e4ce9
0x010e4cec
0x010e4cef
0x010e4cf1
0x010e4cf3
0x010e4cf3
0x010e4cf3
0x010e4cf6
0x010e4cf6
0x010e4d02
0x010e4d05
0x00000000
0x00000000
0x010e4d07
0x010e4d0f
0x010e4d11
0x00000000
0x00000000
0x00000000
0x010e4d11
0x00000000
0x010e4ce5
0x010e4ce0
0x010e4c8a
0x010e4c8f
0x010e4c91
0x00000000
0x00000000
0x010e4c9d
0x00000000
0x010e4c9d
0x010e4c52
0x010e4c5f
0x010e4c5f
0x010e4c62
0x00000000
0x00000000
0x010e4c57
0x010e4c59
0x010e4c5b
0x010e4caa
0x010e4c66
0x010e4c68
0x010e4c70
0x010e4c75
0x00000000
0x010e4c75
0x010e4c5d
0x010e4c5d
0x010e4c64
0x00000000
0x010e4c64
0x010e4c17
0x010e4b75
0x010e4bc4
0x010e4bc8
0x00000000
0x00000000
0x010e4bd9
0x00000000
0x00000000
0x00000000
0x010e4b77
0x010e4b7a
0x010e4b8c
0x010e4b7c
0x010e4b7e
0x010e4b83
0x010e4b86
0x010e4b86
0x010e4b90
0x010e4b93
0x00000000
0x00000000
0x010e4b95
0x010e4bab
0x010e4bb0
0x00000000
0x00000000
0x010e4bb2
0x010e4bb9
0x00000000
0x00000000
0x010e4bbb
0x010e4bbe
0x010e4bc1
0x010e4bc1
0x00000000
0x010e4bc1
0x010e4b97
0x010e4ba4
0x00000000
0x00000000
0x010e4ba6
0x00000000
0x010e4ba6
0x010e4ea9
0x010e4ea9
0x010e4eb2
0x00000000

Strings

Heap entry %p has incorrect PreviousSize field (%04x instead of %04x), xrefs: 010E508C
Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x), xrefs: 010E5119
Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x), xrefs: 010E50C6
Heap block at %p has incorrect segment offset (%x), xrefs: 010E503B
Free Heap block %p modified at %p after it was freed, xrefs: 010E4F2F
Heap block at %p is not last block in segment (%p), xrefs: 010E4FD6
HEAP: , xrefs: 010E4F1A, 010E4F6A, 010E4FC7, 010E502A, 010E506E, 010E50B6, 010E5107
Heap block at %p has corrupted PreviousSize (%lx), xrefs: 010E4F81
HEAP[%wZ]: , xrefs: 010E4EE1, 010E4F0D, 010E4F5D, 010E4FBA, 010E501D, 010E5061, 010E50FA

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
API String ID: 0-3591852110
Opcode ID: da6a09cb2131b68234228bfd1d05552ea1e3cd649dcd3985bf91d647e012bc50
Instruction ID: 00ee0d5ec1db304d654b9340efb54cb361f00b784be0dca433f348d264412a48
Opcode Fuzzy Hash: da6a09cb2131b68234228bfd1d05552ea1e3cd649dcd3985bf91d647e012bc50
Instruction Fuzzy Hash: 1912DF306046469FEB25DF6AC488BBABBF1FF48714F148499E5C6CB681D735E880CB90

Uniqueness

Uniqueness Score: -1.00%

Function 010E31DC Relevance: 10.2, Strings: 8, Instructions: 190
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Invalid ReserveSize parameter - %Ix, xrefs: 010E322C
Specified HeapBase (%p) != to BaseAddress (%p), xrefs: 010E3392
HEAP: , xrefs: 010E3220, 010E3287, 010E32D0, 010E3335, 010E3383, 010E33CA
Specified HeapBase (%p) is free or not writable, xrefs: 010E33D8
Invalid CommitSize parameter - %Ix, xrefs: 010E3295
Specified HeapBase (%p) invalid, Status = %lx, xrefs: 010E3344
HEAP[%wZ]: , xrefs: 010E3213, 010E327A, 010E32C3, 010E3328, 010E3376, 010E33BD
May not specify Lock parameter with HEAP_NO_SERIALIZE, xrefs: 010E32DB

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
API String ID: 0-2224505338
Opcode ID: 60b9d807aceb7d35c521bf13907577c86e2c432345f1713eeb6ac00268088ef9
Instruction ID: 905e22ef7033455cb198df115b8f4d62914b9652f6da55d6969fdb83348ea143
Opcode Fuzzy Hash: 60b9d807aceb7d35c521bf13907577c86e2c432345f1713eeb6ac00268088ef9
Instruction Fuzzy Hash: 1B51D432211245EFD722AB9BC889F6ABBE5FB44A20F54846DF4C69F341C6759880CB11

Uniqueness

Uniqueness Score: -1.00%

Function 010578A0 Relevance: 8.5, Strings: 6, Instructions: 989
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E010578A0(signed int __ecx, signed int __edx, signed int _a4, signed int _a8, intOrPtr _a12, signed int _a16, intOrPtr* _a20, intOrPtr _a24, signed int _a28, signed int _a32, signed int* _a36, signed int _a40, signed int _a44) {
				signed int _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				signed int _v32;
				signed short _v34;
				signed short _v36;
				char _v48;
				char _v64;
				signed int _v68;
				signed int _v72;
				char _v73;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed short _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				short _v148;
				signed int _v152;
				intOrPtr _v156;
				intOrPtr* _v160;
				signed int _v164;
				signed int _v168;
				signed short _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				intOrPtr _v204;
				intOrPtr _v208;
				signed int _v212;
				intOrPtr _v216;
				signed int* _v220;
				char* _v228;
				char _v232;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t462;
				signed int _t463;
				signed int* _t473;
				signed char* _t474;
				signed int _t475;
				signed char* _t476;
				signed int _t478;
				signed int _t480;
				intOrPtr _t484;
				signed int _t488;
				signed char* _t489;
				signed int _t490;
				signed char* _t491;
				signed int _t499;
				signed int _t501;
				signed int _t504;
				void* _t505;
				signed int _t506;
				signed int _t508;
				void* _t512;
				signed int _t514;
				signed int _t520;
				signed int _t524;
				signed int _t525;
				signed int _t530;
				signed int _t532;
				signed int _t533;
				signed int _t535;
				signed int _t537;
				signed int _t539;
				signed int _t541;
				signed int _t546;
				intOrPtr _t555;
				signed short _t557;
				signed int _t560;
				signed int _t562;
				signed int _t565;
				signed int _t567;
				signed int _t568;
				signed int _t571;
				signed int _t572;
				signed int _t573;
				signed int _t575;
				signed int _t577;
				signed int _t578;
				signed int _t580;
				signed int _t583;
				signed int _t587;
				signed int _t589;
				signed int _t591;
				signed int _t597;
				signed char _t601;
				signed int _t609;
				void* _t610;
				intOrPtr _t611;
				void* _t612;
				signed int _t613;
				signed int _t615;
				signed int _t616;
				signed int _t619;
				signed int _t620;
				signed int* _t621;
				signed int _t622;
				intOrPtr _t626;
				void* _t632;
				signed int _t634;
				signed int _t637;
				intOrPtr _t638;
				signed int _t641;
				signed int _t647;
				signed int _t649;
				signed int _t653;
				signed int _t667;
				signed int _t669;
				intOrPtr _t671;
				signed int _t672;
				signed int _t674;
				signed int _t689;
				signed int _t698;
				signed char _t702;
				intOrPtr _t708;
				void* _t712;
				signed int _t714;
				signed int _t716;
				signed int _t717;
				signed int _t719;
				void* _t720;
				signed int _t721;
				signed int _t723;
				signed int _t724;
				signed int _t725;
				intOrPtr* _t727;
				void* _t728;
				signed int _t729;
				signed int _t730;
				signed int _t731;
				signed int _t732;
				signed int _t733;
				signed int _t734;
				signed int _t743;
				void* _t744;
				signed int _t752;
				signed int _t775;
				void* _t783;

				_t699 = __edx;
				_push(0xfffffffe);
				_push(0x11000b0);
				_push(0x10717f0);
				_push( *[fs:0x0]);
				_t462 =  *0x111d360;
				_v12 = _v12 ^ _t462;
				_t463 = _t462 ^ _t743;
				_v32 = _t463;
				_push(_t463);
				 *[fs:0x0] =  &_v20;
				_v28 = _t744 - 0xd4;
				_v140 = __edx;
				_v100 = __ecx;
				_t609 = _a8;
				_v92 = _t609;
				_t626 = _a12;
				_v156 = _t626;
				_v164 = _a16;
				_t727 = _a20;
				_v160 = _t727;
				_v176 = _a28;
				_v200 = _a32;
				_v220 = _a36;
				_v108 = _a44;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v148 = 0;
				_v128 = 0;
				_v72 = 0;
				_v112 = 0;
				_v184 = 0x560054;
				_v180 = L"LdrpResSearchResourceInsideDirectory Enter";
				_v232 = 0x540052;
				_v228 = L"LdrpResSearchResourceInsideDirectory Exit";
				_t473 =  *( *[fs:0x30] + 0x50);
				if(_t473 != 0) {
					__eflags =  *_t473;
					if( *_t473 == 0) {
						goto L1;
					}
					_t474 =  *( *[fs:0x30] + 0x50) + 0x22b;
					L2:
					if(( *_t474 & 0x00000001) != 0) {
						_t475 = E01047D50();
						__eflags = _t475;
						if(_t475 == 0) {
							_t476 = 0x7ffe0384;
						} else {
							_t476 =  *( *[fs:0x30] + 0x50) + 0x22a;
						}
						_t699 =  *_t476 & 0x000000ff;
						E010B6715( &_v184,  *_t476 & 0x000000ff);
						_t626 = _v156;
					}
					if(_t609 == 0 || _t626 == 0 || _t727 == 0) {
						L196:
						_t478 = 0xc000000d;
						goto L70;
					} else {
						_t611 = _a24;
						_t37 = _t611 - 1; // 0x1004f83
						_t480 = _t37;
						if(_t480 > 3) {
							goto L196;
						}
						_t699 = _a40;
						_v104 = _t699;
						_t752 = _t699 & 0x00008000;
						if(_t752 != 0) {
							_t480 = _v140;
							__eflags = _t480;
							if(_t480 == 0) {
								goto L196;
							}
							__eflags = _t480 - 0xffffffff;
							if(_t480 == 0xffffffff) {
								goto L196;
							}
							__eflags = _v164;
							if(_v164 != 0) {
								goto L8;
							}
							goto L196;
						}
						L8:
						_t714 = _t699 & 0x00001000;
						_v84 = _t714;
						_v144 = _t480 & 0xffffff00 | _t752 != 0x00000000;
						if((_t699 & 0x00008800) == 0x8800) {
							_t632 = 1;
						} else {
							_t632 = 0;
						}
						_v73 = _t632;
						if(_t714 == 0 || _a4 != 0) {
							if(_t632 != 0 || _v100 != 0) {
								if(_t632 == 1) {
									__eflags = _v140;
									if(_v140 == 0) {
										goto L196;
									}
								}
								_v208 = _t727;
								_t484 = _t611;
								_v120 = _t484;
								_t729 = _v92;
								_v88 = 0;
								_v96 = 0;
								_v136 = 0;
								if(_v108 != 0) {
									 *_v108 = 0;
									_t611 = _t484;
									_t699 = _v104;
								}
								_v8 = 0;
								_v172 = _v112;
								while(1) {
									L18:
									_t716 = _v84;
									if(_t729 == 0) {
										break;
									}
									_t708 = _v120 - 1;
									_v120 = _t708;
									_v216 = _t708;
									_t699 = _v104;
									if(_t484 == 0) {
										L59:
										_t484 = _v120;
										break;
									}
									_v128 =  *_v160;
									if(_v120 == 0) {
										__eflags = _t611 - 3;
										if(_t611 != 3) {
											goto L21;
										}
										_v136 = _t729;
										_t597 = _v176;
										__eflags = _t597;
										if(_t597 == 0) {
											_v68 = 0xc000000d;
											L64:
											_t717 = _v72;
											L65:
											__eflags = _t717;
											if(_t717 != 0) {
												L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t717);
												_v72 = 0;
											}
											_t488 =  *( *[fs:0x30] + 0x50);
											__eflags = _t488;
											if(_t488 != 0) {
												__eflags =  *_t488;
												if( *_t488 == 0) {
													goto L67;
												}
												_t489 =  *( *[fs:0x30] + 0x50) + 0x22b;
												goto L68;
											} else {
												L67:
												_t489 = 0x7ffe0385;
												L68:
												__eflags =  *_t489 & 0x00000001;
												if(( *_t489 & 0x00000001) != 0) {
													_t490 = E01047D50();
													__eflags = _t490;
													if(_t490 == 0) {
														_t491 = 0x7ffe0384;
													} else {
														_t491 =  *( *[fs:0x30] + 0x50) + 0x22a;
													}
													_t699 =  *_t491 & 0x000000ff;
													E010B6715( &_v232,  *_t491 & 0x000000ff);
												}
												_v8 = 0xfffffffe;
												_t478 = _v68;
												L70:
												 *[fs:0x0] = _v20;
												_pop(_t712);
												_pop(_t728);
												_pop(_t610);
												__eflags = _v32 ^ _t743;
												return E0106B640(_t478, _t610, _v32 ^ _t743, _t699, _t712, _t728);
											}
										}
										_v148 =  *_t597;
										_v172 = 0;
										_v112 = 0;
										_t601 =  !_t699;
										__eflags = _t601 & 0x00000004;
										if((_t601 & 0x00000004) != 0) {
											_v128 =  *(_v176 + 4) & 0x0000ffff;
										}
									}
									L21:
									if(_t632 != 0) {
										_t699 = _t729;
										_t478 = E010B94CA(_v140,  &_v48, 0x10);
										_v68 = _t478;
										__eflags = _t478;
										if(_t478 < 0) {
											L270:
											_v8 = 0xfffffffe;
											goto L70;
										}
										_t632 = _v73;
										__eflags = _t632;
										if(_t632 == 0) {
											goto L22;
										}
										L203:
										_t546 = _v36 & 0x0000ffff;
										L28:
										_v116 = _t546;
										_v132 = _t546;
										if(_t546 != 0) {
											__eflags = _t716;
											if(_t716 == 0) {
												goto L29;
											}
											_t699 = _t546 * 8 >> 0x20;
											_t589 = E0105F3D5( &_v196, _t546 * 8, _t546 * 8 >> 0x20);
											__eflags = _t589;
											if(_t589 < 0) {
												_v68 = 0xc000007b;
												goto L64;
											}
											_t725 = _v196;
											_t699 = _t725 + 0x10;
											_t591 = E01021C45(_t729, _t725 + 0x10,  &_v80);
											__eflags = _t591;
											if(_t591 < 0) {
												_v68 = 0xc000007b;
												goto L64;
											}
											__eflags = _t725 + 0x10 + _t729 - (_v100 & 0xfffffffc) + _a4;
											if(_t725 + 0x10 + _t729 > (_v100 & 0xfffffffc) + _a4) {
												_v68 = 0xc000007b;
												goto L64;
											}
											_t546 = _v116;
											_t632 = _v73;
										}
										L29:
										_t77 = _t729 + 0x10; // 0x10
										_t721 = _t77;
										_v188 = _t721;
										_v152 = _t721;
										if((_v128 & 0xffff0000) != 0) {
											L40:
											L41:
											if(_t546 == 0) {
												_v124 = 0;
												_t484 = _v120;
												L62:
												_t612 = _t611 - _t484;
												__eflags = _t612 - 1;
												if(_t612 != 1) {
													_t613 = _t612 - 2;
													__eflags = _t613;
													if(_t613 != 0) {
														__eflags = _t613 == 1;
														if(_t613 == 1) {
															_v68 = 0xc0000204;
														} else {
															_v68 = 0xc000000d;
														}
													} else {
														_v68 = 0xc000008b;
													}
												} else {
													_v68 = 0xc000008a;
												}
												goto L64;
											}
											if(_v73 != 0) {
												_t667 = _v72;
												__eflags = _t667;
												if(_t667 != 0) {
													L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t667);
													_v72 = 0;
													_t546 = _v132;
												}
												_t738 = _t546 * 8;
												_t717 = E01044620(_t667,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t546 * 8);
												_v72 = _t717;
												__eflags = _t717;
												if(_t717 != 0) {
													_t699 = _v152;
													_t478 = E010B94CA(_v140, _t717, _t738);
													_v68 = _t478;
													__eflags = _t478;
													if(_t478 < 0) {
														goto L270;
													}
													_v188 = _t717;
													_v152 = _t717;
													_v104 = _a40;
													_v172 = _v112;
													_v160 = _v208;
													_v120 = _v216;
													_v88 = _v96;
													_t546 = _v132;
													_v116 = _t546;
													_t669 = _v84;
													goto L43;
												} else {
													_v68 = 0xc0000017;
													goto L65;
												}
											}
											L43:
											_t699 = _v104;
											L44:
											while(1) {
												L44:
												if(_v136 != 0) {
													__eflags = _t699 & 0x00000020;
													if((_t699 & 0x00000020) == 0) {
														while(1) {
															L46:
															_t729 = 0;
															_v124 = 0;
															_t622 = _t717;
															_v152 = _t622;
															_t105 = _t546 - 1; // 0x0
															_t671 = _t717 + _t105 * 8;
															_v204 = _t671;
															_v132 = _t546;
															while(1) {
																L47:
																_t783 = _t622 - _t671;
																if(_t783 > 0) {
																	break;
																}
																_t723 = _t546 >> 1;
																if(_t783 != 0) {
																	_t567 = _t546 & 0x00000001;
																	__eflags = _t567;
																	_v180 = _t567;
																	_t568 = _t622 + _t723 * 8;
																	_v168 = _t568;
																	if(_t567 == 0) {
																		_t568 = _t568 + 0xfffffff8;
																		__eflags = _t568;
																		_v168 = _t568;
																	}
																	_t699 = _v140;
																	_t478 = E01058379(_v100, _v140, _a4, _v128, _v92, _t568, _v140,  &_v192);
																	_v68 = _t478;
																	__eflags = _t478;
																	if(_t478 < 0) {
																		goto L270;
																	} else {
																		__eflags = _v192;
																		if(__eflags == 0) {
																			_t571 =  *(_v168 + 4);
																			__eflags = _t571;
																			if(_t571 >= 0) {
																				_t729 = 0;
																				_v124 = 0;
																				__eflags = _v84;
																				if(_v84 == 0) {
																					_t572 = _t571 + _v92;
																					L137:
																					_v96 = _t572;
																					_v88 = _t572;
																					break;
																				}
																				__eflags = _v136;
																				if(_v136 != 0) {
																					_t699 = _t571;
																					_t573 = E01021C45(_v92, _t571,  &_v80);
																					__eflags = _t573;
																					if(_t573 >= 0) {
																						L136:
																						_t572 = _v80;
																						goto L137;
																					}
																					_v68 = 0xc000007b;
																					goto L64;
																				}
																				_v68 = 0xc000007b;
																				goto L64;
																			}
																			__eflags = _v84 - _t729;
																			if(_v84 == _t729) {
																				_t729 = (_t571 & 0x7fffffff) + _v92;
																				_v124 = _t729;
																				break;
																			}
																			__eflags = _v136 - _t729;
																			if(_v136 != _t729) {
																				_v68 = 0xc000007b;
																				goto L64;
																			}
																			_t699 = _t571 & 0x7fffffff;
																			_t575 = E01021C45(_v92, _t571 & 0x7fffffff,  &_v80);
																			__eflags = _t575;
																			if(_t575 >= 0) {
																				L75:
																				_t729 = _v80;
																				_v124 = _t729;
																				break;
																			}
																			_v68 = 0xc000007b;
																			goto L64;
																		}
																		if(__eflags < 0) {
																			_t671 = _v168 + 0xfffffff8;
																			_v204 = _t671;
																			__eflags = _v180;
																			if(_v180 == 0) {
																				_t546 = _t723 - 1;
																				_v132 = _t546;
																				_t699 = _v104;
																			} else {
																				_v132 = _t723;
																				_t546 = _t723;
																				_t699 = _v104;
																			}
																		} else {
																			_t622 = _v168 + 8;
																			_v152 = _t622;
																			_v132 = _t723;
																			_t671 = _v204;
																			_t546 = _t723;
																			_t699 = _v104;
																		}
																		continue;
																	}
																}
																if(_t546 == 0) {
																	break;
																}
																_t724 = _v92;
																_t699 = _v140;
																_t478 = E01058379(_v100, _v140, _a4, _v128, _t724, _t622, _v140,  &_v192);
																_v68 = _t478;
																if(_t478 < 0) {
																	goto L270;
																}
																if(_v192 == _t729) {
																	_t577 =  *(_t622 + 4);
																	__eflags = _t577;
																	if(_t577 >= 0) {
																		__eflags = _v84 - _t729;
																		if(_v84 == _t729) {
																			_t572 = _t577 + _t724;
																			goto L137;
																		}
																		__eflags = _v136 - _t729;
																		if(_v136 == _t729) {
																			_v68 = 0xc000007b;
																			goto L64;
																		}
																		_t699 = _t577;
																		_t578 = E01021C45(_t724, _t577,  &_v80);
																		__eflags = _t578;
																		if(_t578 < 0) {
																			_v68 = 0xc000007b;
																			goto L64;
																		}
																		goto L136;
																	}
																	__eflags = _v84 - _t729;
																	if(_v84 == _t729) {
																		_t729 = (_t577 & 0x7fffffff) + _t724;
																		_v124 = _t729;
																		break;
																	}
																	__eflags = _v136 - _t729;
																	if(_v136 != _t729) {
																		_v68 = 0xc000007b;
																		goto L64;
																	}
																	_t699 = _t577 & 0x7fffffff;
																	_t580 = E01021C45(_t724, _t577 & 0x7fffffff,  &_v80);
																	__eflags = _t580;
																	if(_t580 < 0) {
																		_v68 = 0xc000007b;
																		goto L64;
																	}
																	goto L75;
																}
																break;
															}
															_t699 = _v104;
															if(_v136 != 0) {
																__eflags = _v88;
																if(_v88 != 0) {
																	goto L53;
																}
																__eflags = _t699 & 0x00000004;
																if((_t699 & 0x00000004) != 0) {
																	L58:
																	_t716 = _v84;
																	_t611 = _a24;
																	goto L59;
																}
																_t557 = _v172 + 1;
																_v172 = _t557;
																_v112 = _t557;
																_t672 = _t557 & 0x0000ffff;
																__eflags = _t672 - _v148;
																_t560 = _v176;
																if(_t672 >= _v148) {
																	__eflags =  *((char*)(_t560 + 0x204));
																	if( *((char*)(_t560 + 0x204)) != 0) {
																		goto L53;
																	}
																	_t699 = _t699 | 0x00000020;
																	_v104 = _t699;
																	_a40 = _t699;
																	_t546 = _v116;
																	_t717 = _v188;
																	_t669 = _v84;
																	goto L44;
																}
																_v128 =  *(_t560 + 4 + _t672 * 8) & 0x0000ffff;
																_t546 = _v116;
																_t717 = _v188;
																L46:
																_t729 = 0;
																_v124 = 0;
																_t622 = _t717;
																_v152 = _t622;
																_t105 = _t546 - 1; // 0x0
																_t671 = _t717 + _t105 * 8;
																_v204 = _t671;
																_v132 = _t546;
																goto L47;
															}
															L53:
															_t555 = _v160 + 4;
															_v160 = _t555;
															_v208 = _t555;
															_t611 = _a24;
															_t632 = _v73;
															_t484 = _v120;
															goto L18;
														}
													}
													_t729 = 0;
													_v124 = 0;
													__eflags = _t669;
													if(_t669 == 0) {
														_t562 =  *(_t717 + 4) + _v92;
														_v88 = _t562;
														_v96 = _t562;
														goto L57;
													} else {
														_t699 =  *(_t717 + 4);
														_t565 = E01021C45(_v92,  *(_t717 + 4),  &_v80);
														__eflags = _t565;
														if(_t565 < 0) {
															_v68 = 0xc000007b;
															goto L64;
														}
														_t674 = _v80;
														_v88 = _t674;
														_v96 = _t674;
														_t699 = _v104;
														L57:
														_v128 =  *_t717;
														goto L58;
													}
													L101:
													__eflags = _t699;
													if(_t699 != 0) {
														L61:
														__eflags = _t729;
														if(_t729 != 0) {
															__eflags = _t699;
															if(_t699 == 0) {
																goto L62;
															}
															__eflags = _t716;
															if(_t716 == 0) {
																_t699 = _v100 & 0xfffffffc;
																_t615 = _a4;
																L173:
																_t634 = _v200;
																__eflags = _t634;
																if(_t634 == 0) {
																	L178:
																	_v68 = 0;
																	goto L64;
																}
																__eflags = _t716;
																if(_t716 == 0) {
																	L177:
																	 *_t634 = _t729;
																	goto L178;
																}
																__eflags = _t729 - _t699;
																if(_t729 < _t699) {
																	L204:
																	_v68 = 0xc000007b;
																	goto L64;
																}
																__eflags = _t729 - _t699 + _t615;
																if(_t729 > _t699 + _t615) {
																	_v68 = 0xc000007b;
																	goto L64;
																}
																goto L177;
															}
															_t699 = 0x18;
															_t499 = E01021C45(_t729, 0x18,  &_v80);
															__eflags = _t499;
															if(_t499 < 0) {
																_v124 = 0;
																_v68 = 0xc000007b;
																goto L64;
															}
															_t699 = _v100 & 0xfffffffc;
															_t615 = _a4;
															__eflags = _t729 + 0x18 - _t699 + _t615;
															if(_t729 + 0x18 > _t699 + _t615) {
																_v124 = 0;
																_v68 = 0xc000007b;
																goto L64;
															}
															goto L173;
														}
														goto L62;
													}
													_t616 = _v92;
													__eflags = _t716;
													if(_t716 == 0) {
														_t702 = _v100;
														L105:
														_t637 = _v108;
														__eflags = _t637;
														if(_t637 != 0) {
															 *_t637 = _v128;
														}
														_t719 = _t702 & 0xfffffffc;
														__eflags = _t702 & 0x00000001;
														if((_t702 & 0x00000001) != 0) {
															L145:
															_t638 = _v156;
															_t501 =  *(_t638 + 0x18) & 0x0000ffff;
															_t699 = 0x10b;
															__eflags = _t501 - 0x10b;
															if(_t501 != 0x10b) {
																_t699 = 0x20b;
																__eflags = _t501 - 0x20b;
																if(_t501 != 0x20b) {
																	L255:
																	_v96 = 0;
																	_v68 = 0xc0000089;
																	goto L64;
																}
																_t730 =  *(_t638 + 0x98);
																L147:
																__eflags = _t730;
																if(_t730 == 0) {
																	goto L255;
																}
																__eflags = _v84;
																if(_v84 == 0) {
																	L152:
																	_t619 = _t730 - _v92 + _t719;
																	_v108 = _t619;
																	_v212 = _t619;
																	_t699 = _a4;
																	_t731 = E010247A3(_t719, _a4, _t638, _v164, _t730, _v144);
																	__eflags = _t731;
																	if(_t731 == 0) {
																		_v96 = 0;
																		_v68 = 0xc000007b;
																		goto L64;
																	}
																	__eflags = _v73;
																	if(_v73 != 0) {
																		_t699 = _v88;
																		_t478 = E010B94CA(_v140,  &_v64, 0x10);
																		_v68 = _t478;
																		__eflags = _t478;
																		if(_t478 < 0) {
																			goto L270;
																		}
																		_t504 =  &_v64;
																		_v88 = _t504;
																		_v96 = _t504;
																		L155:
																		_t505 =  *_t504;
																		__eflags = _t505 -  *((intOrPtr*)(_t731 + 8));
																		if(_t505 <=  *((intOrPtr*)(_t731 + 8))) {
																			goto L111;
																		}
																		_v108 =  *((intOrPtr*)(_t731 + 0xc));
																		_t699 = _a4;
																		_t524 = E010247A3(_t719, _a4, _v156, _v164, _t505, _v144);
																		__eflags = _t524;
																		if(_t524 == 0) {
																			_v96 = 0;
																			_v68 = 0xc000007b;
																			goto L64;
																		}
																		_t733 =  *((intOrPtr*)(_t524 + 0xc));
																		_v180 = _t733;
																		_t525 = E010247A3(_t719, _a4, _v156, _v164, _t733, _v144);
																		_v144 = _t525;
																		_t653 = _v84;
																		__eflags = _t525;
																		if(_t525 == 0) {
																			_t734 = 0;
																			L163:
																			__eflags = _t653;
																			if(_t653 == 0) {
																				L167:
																				_t619 = _t619 +  *((intOrPtr*)(_t525 + 0xc)) - _t734 - _v108 + _v92;
																				goto L110;
																			}
																			_t699 = _v108;
																			_t530 = E0105865D(_t525,  *((intOrPtr*)(_t525 + 0xc)), _v108,  &_v80);
																			__eflags = _t530;
																			if(_t530 < 0) {
																				_v68 = 0xc000007b;
																				goto L64;
																			}
																			_t699 = _t734 - _v92;
																			_t532 = E0105865D( &_v80, _v80, _t734 - _v92,  &_v80);
																			__eflags = _t532;
																			if(_t532 < 0) {
																				_v68 = 0xc000007b;
																				goto L64;
																			}
																			_t525 = _v144;
																			goto L167;
																		}
																		__eflags = _t653;
																		if(_t653 == 0) {
																			L162:
																			_t734 =  *((intOrPtr*)(_t525 + 0x14)) -  *((intOrPtr*)(_t525 + 0xc)) + _v180 + _t719;
																			__eflags = _t734;
																			goto L163;
																		}
																		_t699 = _t733 -  *((intOrPtr*)(_t525 + 0xc));
																		_t533 = E01021C45(_t719, _t733 -  *((intOrPtr*)(_t525 + 0xc)),  &_v80);
																		__eflags = _t533;
																		if(_t533 < 0) {
																			_v68 = 0xc000007b;
																			goto L64;
																		}
																		_t699 =  *(_v144 + 0x14);
																		_t535 = E01021C45(_v80,  *(_v144 + 0x14),  &_v80);
																		__eflags = _t535;
																		if(_t535 < 0) {
																			_v68 = 0xc000007b;
																			goto L64;
																		}
																		_t525 = _v144;
																		_t653 = _v84;
																		goto L162;
																	}
																	_t504 = _v88;
																	goto L155;
																}
																_t699 = _t730;
																_t537 = E01021C45(_t719, _t730,  &_v80);
																__eflags = _t537;
																if(_t537 < 0) {
																	_v68 = 0xc000007b;
																	goto L64;
																}
																_t699 = _t616;
																_t539 = E0105865D( &_v80, _v80, _t616,  &_v80);
																__eflags = _t539;
																if(_t539 < 0) {
																	_v68 = 0xc000007b;
																	goto L64;
																}
																_t638 = _v156;
																goto L152;
															}
															_t730 =  *(_t638 + 0x88);
															goto L147;
														} else {
															__eflags = _v73;
															if(_v73 != 0) {
																goto L145;
															}
															_t619 = 0;
															__eflags = 0;
															L110:
															_v212 = _t619;
															_v108 = _t619;
															L111:
															_t699 = _v88;
															_t732 =  *(_t699 + 4);
															_t506 = _v84;
															__eflags = _t506;
															if(_t506 == 0) {
																_t620 = 0;
																L119:
																_t641 = _v200;
																__eflags = _t641;
																if(_t641 == 0) {
																	L126:
																	_t621 = _v220;
																	__eflags = _t621;
																	if(_t621 == 0) {
																		L132:
																		_v68 = 0;
																		goto L64;
																	}
																	__eflags = _v84;
																	if(_v84 == 0) {
																		L131:
																		 *_t621 = _t732;
																		goto L132;
																	}
																	__eflags = _t641;
																	if(_t641 == 0) {
																		goto L131;
																	}
																	_t720 =  *_t641;
																	_t699 = _t732;
																	_t508 = E01021C45(_t720, _t732,  &_v80);
																	__eflags = _t508;
																	if(_t508 < 0) {
																		_v68 = 0xc000007b;
																		goto L64;
																	}
																	__eflags = _t732 + _t720 - (_v100 & 0xfffffffc) + _a4;
																	if(_t732 + _t720 > (_v100 & 0xfffffffc) + _a4) {
																		_v68 = 0xc000007b;
																		goto L64;
																	}
																	goto L131;
																}
																__eflags = _t506;
																if(_t506 == 0) {
																	_t512 =  *_t699 - _v108 + _t719;
																	L125:
																	 *_t641 = _t512;
																	goto L126;
																}
																_t699 = _t620;
																_t514 = E01021C45(_t719, _t620,  &_v80);
																__eflags = _t514;
																if(_t514 < 0) {
																	_v68 = 0xc000007b;
																	goto L64;
																}
																_t647 = _v80;
																__eflags = _t647 - _t719;
																if(_t647 < _t719) {
																	goto L204;
																}
																__eflags = _t647 - (_t719 & 0xfffffffc) + _a4;
																if(_t647 > (_t719 & 0xfffffffc) + _a4) {
																	goto L204;
																}
																_t512 = _t620 + _t719;
																_t641 = _v200;
																goto L125;
															}
															_t699 = _t619;
															_t520 = E0105865D(_v88,  *_v88, _t619,  &_v80);
															__eflags = _t520;
															if(_t520 < 0) {
																_v68 = 0xc000007b;
																goto L64;
															}
															_t620 = _v80;
															__eflags = _t620 - _v92 - _v100;
															if(_t620 < _v92 - _v100) {
																L236:
																_v96 = 0;
																_v68 = 0xc000007b;
																goto L64;
															}
															_t649 = _a4;
															__eflags = _t620 - _t649;
															if(_t620 > _t649) {
																goto L236;
															}
															__eflags = _t732;
															if(_t732 == 0) {
																goto L236;
															}
															__eflags = _t732 - _t649;
															if(_t732 > _t649) {
																goto L236;
															}
															__eflags = _t732 + _t620 - _t649;
															if(_t732 + _t620 > _t649) {
																_v96 = 0;
																_v68 = 0xc000007b;
																goto L64;
															}
															_t506 = _v84;
															_t699 = _v88;
															goto L119;
														}
													}
													_t541 = _v88;
													__eflags = _t541 - _t616;
													if(_t541 <= _t616) {
														goto L236;
													}
													_t699 = _v100;
													__eflags = _t541 + 0x10 - (_v100 & 0xfffffffc) + _a4;
													if(_t541 + 0x10 > (_v100 & 0xfffffffc) + _a4) {
														goto L236;
													}
													goto L105;
												}
												goto L46;
											}
										}
										if(_t546 != 0) {
											__eflags = _v84;
											if(_v84 == 0) {
												L98:
												_t717 = _t721 + _t546 * 8;
												_v188 = _t717;
												_v152 = _t717;
												_t632 = _v73;
												goto L31;
											}
											_t699 = _t546;
											_t587 = E01021C45(_t721, _t546,  &_v80);
											__eflags = _t587;
											if(_t587 < 0) {
												_v68 = 0xc000007b;
												goto L64;
											}
											_t546 = _v116;
											goto L98;
										}
										L31:
										if(_t632 != 0) {
											_t546 = _v34 & 0x0000ffff;
										} else {
											_t546 =  *(_t729 + 0xe) & 0x0000ffff;
										}
										_v116 = _t546;
										_v132 = _t546;
										_t669 = _v84;
										if(_t669 == 0) {
											goto L41;
										} else {
											_t699 = _t546 * 8 >> 0x20;
											_t583 = _t546 * 8;
											_v184 = _t583;
											_v180 = _t699;
											_t775 = _t699;
											if(_t775 < 0 || _t775 <= 0 && _t583 <= 0xffffffff) {
												_v196 = _t583;
												_t689 = _t583 + _t717;
												if(_t689 < _t717) {
													L205:
													_v80 = 0xffffffff;
													_v68 = 0xc000007b;
													goto L64;
												}
												_v80 = _t689;
												if(_t689 > (_v100 & 0xfffffffc) + _a4) {
													_v68 = 0xc000007b;
													goto L64;
												}
												_t546 = _v116;
												goto L40;
											} else {
												_v196 = 0xffffffff;
												_v68 = 0xc000007b;
												goto L64;
											}
										}
									}
									L22:
									if(_t716 == 0) {
										L26:
										if(_t632 != 0) {
											goto L203;
										}
										_t546 =  *(_t729 + 0xc) & 0x0000ffff;
										goto L28;
									}
									_t69 = _t729 + 0x18; // 0x18
									_t698 = _t69;
									if(_t698 < _t729) {
										goto L205;
									}
									_v80 = _t698;
									if(_t698 > (_v100 & 0xfffffffc) + _a4) {
										goto L204;
									} else {
										_t632 = _v73;
										goto L26;
									}
								}
								_t699 = _t699 & 0x00000002;
								__eflags = _v88;
								if(_v88 != 0) {
									goto L101;
								}
								goto L61;
							} else {
								goto L196;
							}
						} else {
							goto L196;
						}
					}
				}
				L1:
				_t474 = 0x7ffe0385;
				goto L2;
			}

0x010578a0
0x010578a5
0x010578a7
0x010578ac
0x010578b7
0x010578be
0x010578c3
0x010578c6
0x010578c8
0x010578ce
0x010578d2
0x010578d8
0x010578db
0x010578e1
0x010578e4
0x010578e7
0x010578ea
0x010578ed
0x010578f6
0x010578fc
0x010578ff
0x01057908
0x01057911
0x0105791a
0x01057923
0x0105792b
0x0105792c
0x0105792d
0x0105792e
0x01057931
0x01057938
0x0105793b
0x0105793e
0x01057942
0x0105794c
0x01057956
0x01057960
0x01057970
0x01057975
0x010988bf
0x010988c2
0x00000000
0x00000000
0x010988d1
0x01057980
0x01057983
0x010988db
0x010988e0
0x010988e2
0x010988f4
0x010988e4
0x010988ed
0x010988ed
0x010988f9
0x01098902
0x01098907
0x01098907
0x0105798b
0x0109892e
0x0109892e
0x00000000
0x010579a1
0x010579a1
0x010579a4
0x010579a4
0x010579aa
0x00000000
0x00000000
0x010579b0
0x010579b3
0x010579b6
0x010579bc
0x01098912
0x01098918
0x0109891a
0x00000000
0x00000000
0x0109891c
0x0109891f
0x00000000
0x00000000
0x01098921
0x01098928
0x00000000
0x00000000
0x00000000
0x01098928
0x010579c2
0x010579c4
0x010579ca
0x010579d0
0x010579e2
0x01098938
0x010579e8
0x010579e8
0x010579e8
0x010579ea
0x010579ef
0x010579fd
0x01057a0c
0x0109893f
0x01098946
0x00000000
0x00000000
0x01098948
0x01057a12
0x01057a18
0x01057a1a
0x01057a1d
0x01057a20
0x01057a27
0x01057a2e
0x01057a3c
0x01057a43
0x01057a46
0x01057a48
0x01057a48
0x01057a4b
0x01057a56
0x01057a5c
0x01057a5c
0x01057a5c
0x01057a61
0x00000000
0x00000000
0x01057a6a
0x01057a6b
0x01057a6e
0x01057a76
0x01057a79
0x01057c68
0x01057c68
0x00000000
0x01057c68
0x01057a87
0x01057a8e
0x01057e5b
0x01057e5e
0x00000000
0x00000000
0x01057e64
0x01057e6a
0x01057e70
0x01057e72
0x0109894d
0x01057c92
0x01057c92
0x01057c95
0x01057c95
0x01057c97
0x01098d23
0x01098d28
0x01098d28
0x01057ca3
0x01057ca6
0x01057ca8
0x01098d34
0x01098d37
0x00000000
0x00000000
0x01098d46
0x00000000
0x01057cae
0x01057cae
0x01057cae
0x01057cb3
0x01057cb3
0x01057cb6
0x01098d50
0x01098d55
0x01098d57
0x01098d69
0x01098d59
0x01098d62
0x01098d62
0x01098d6e
0x01098d77
0x01098d77
0x01057cbc
0x01057cc3
0x01057cc6
0x01057cc9
0x01057cd1
0x01057cd2
0x01057cd3
0x01057cd7
0x01057ce1
0x01057ce1
0x01057ca8
0x01057e7b
0x01057e84
0x01057e8a
0x01057e90
0x01057e92
0x01057e94
0x01057ea4
0x01057ea4
0x01057e94
0x01057a94
0x01057a96
0x0109895f
0x01098967
0x0109896c
0x0109896f
0x01098971
0x01098da0
0x01098da0
0x00000000
0x01098da0
0x01098977
0x0109897a
0x0109897c
0x00000000
0x00000000
0x01098982
0x01098982
0x01057ace
0x01057ace
0x01057ad1
0x01057ad6
0x01057dfa
0x01057dfc
0x00000000
0x00000000
0x01057e07
0x01057e11
0x01057e16
0x01057e18
0x010989aa
0x00000000
0x010989aa
0x01057e22
0x01057e28
0x01057e2d
0x01057e32
0x01057e34
0x010989b6
0x00000000
0x010989b6
0x01057e48
0x01057e4a
0x010989c2
0x00000000
0x010989c2
0x01057e50
0x01057e53
0x01057e53
0x01057adc
0x01057adc
0x01057adc
0x01057adf
0x01057ae5
0x01057af2
0x01057b63
0x01057b66
0x01057b68
0x0105828b
0x01058292
0x01057c80
0x01057c80
0x01057c82
0x01057c85
0x010580d1
0x010580d1
0x010580d4
0x01098cfa
0x01098cfd
0x01098d0b
0x01098cff
0x01098cff
0x01098cff
0x010580da
0x010580da
0x010580da
0x01057c8b
0x01057c8b
0x01057c8b
0x00000000
0x01057c85
0x01057b72
0x01098a05
0x01098a08
0x01098a0a
0x01098a18
0x01098a1d
0x01098a24
0x01098a24
0x01098a27
0x01098a3f
0x01098a41
0x01098a44
0x01098a46
0x01098a56
0x01098a62
0x01098a67
0x01098a6a
0x01098a6c
0x00000000
0x00000000
0x01098a72
0x01098a78
0x01098a81
0x01098a88
0x01098a94
0x01098aa0
0x01098aa6
0x01098aa9
0x01098aac
0x01098aaf
0x00000000
0x01098a48
0x01098a48
0x00000000
0x01098a48
0x01098a46
0x01057b78
0x01057b78
0x00000000
0x01057b80
0x01057b80
0x01057b87
0x01057ee1
0x01057ee4
0x01057b90
0x01057b90
0x01057b90
0x01057b92
0x01057b95
0x01057b97
0x01057b9d
0x01057ba0
0x01057ba3
0x01057ba9
0x01057bb0
0x01057bb0
0x01057bb0
0x01057bb2
0x00000000
0x00000000
0x01057bb6
0x01057bb8
0x01057d29
0x01057d29
0x01057d2b
0x01057d31
0x01057d34
0x01057d3a
0x01057d3c
0x01057d3c
0x01057d3f
0x01057d3f
0x01057d57
0x01057d60
0x01057d65
0x01057d68
0x01057d6a
0x00000000
0x01057d70
0x01057d76
0x01057d78
0x01058091
0x01058094
0x01058096
0x01098aee
0x01098af0
0x01098af3
0x01098af6
0x01098b31
0x01058080
0x01058080
0x01058083
0x00000000
0x01058083
0x01098af8
0x01098afe
0x01098b10
0x01098b15
0x01098b1a
0x01098b1c
0x0105807d
0x0105807d
0x00000000
0x0105807d
0x01098b22
0x00000000
0x01098b22
0x01098b00
0x00000000
0x01098b00
0x0105809c
0x0105809f
0x01098ae3
0x01098ae6
0x00000000
0x01098ae6
0x010580a5
0x010580ab
0x01098ac3
0x00000000
0x01098ac3
0x010580ba
0x010580bf
0x010580c4
0x010580c6
0x01057d1e
0x01057d1e
0x01057d21
0x00000000
0x01057d21
0x01098acf
0x00000000
0x01098acf
0x01057d7e
0x0105830e
0x01058311
0x01058317
0x0105831e
0x0105832d
0x01058330
0x01058333
0x01058320
0x01058320
0x01058323
0x01058325
0x01058325
0x01057d84
0x01057d8a
0x01057d8d
0x01057d93
0x01057d96
0x01057d9c
0x01057d9e
0x01057d9e
0x00000000
0x01057d7e
0x01057d6a
0x01057bc0
0x00000000
0x00000000
0x01057bcb
0x01057bd5
0x01057bde
0x01057be3
0x01057be8
0x00000000
0x00000000
0x01057bf4
0x01057ce4
0x01057ce7
0x01057ce9
0x01058053
0x01058056
0x01098b68
0x00000000
0x01098b68
0x0105805c
0x01058062
0x01098b50
0x00000000
0x01098b50
0x0105806c
0x01058070
0x01058075
0x01058077
0x01098b5c
0x00000000
0x01098b5c
0x00000000
0x01058077
0x01057cef
0x01057cf2
0x01058343
0x01058345
0x00000000
0x01058345
0x01057cf8
0x01057cfe
0x01098b38
0x00000000
0x01098b38
0x01057d0d
0x01057d11
0x01057d16
0x01057d18
0x01098b44
0x00000000
0x01098b44
0x00000000
0x01057d18
0x00000000
0x01057bf4
0x01057bfa
0x01057c04
0x01057da6
0x01057daa
0x00000000
0x00000000
0x01057db0
0x01057db3
0x01057c62
0x01057c62
0x01057c65
0x00000000
0x01057c65
0x01057dbf
0x01057dc1
0x01057dc7
0x01057dcb
0x01057dd6
0x01057dd8
0x01057dde
0x01098b6f
0x01098b76
0x00000000
0x00000000
0x01098b7c
0x01098b7f
0x01098b82
0x01098b85
0x01098b88
0x01098b8e
0x00000000
0x01098b8e
0x01057de9
0x01057dec
0x01057def
0x01057b90
0x01057b90
0x01057b92
0x01057b95
0x01057b97
0x01057b9d
0x01057ba0
0x01057ba3
0x01057ba9
0x00000000
0x01057ba9
0x01057c0a
0x01057c10
0x01057c13
0x01057c19
0x01057c1f
0x01057c22
0x01057c25
0x00000000
0x01057c25
0x01057b90
0x01057c2d
0x01057c2f
0x01057c32
0x01057c34
0x01058350
0x01058353
0x01058356
0x00000000
0x01057c3a
0x01057c3e
0x01057c44
0x01057c49
0x01057c4b
0x01098ab7
0x00000000
0x01098ab7
0x01057c51
0x01057c54
0x01057c57
0x01057c5a
0x01057c5d
0x01057c5f
0x00000000
0x01057c5f
0x01057eef
0x01057eef
0x01057ef1
0x01057c78
0x01057c78
0x01057c7a
0x0105829a
0x0105829c
0x00000000
0x00000000
0x010582a2
0x010582a4
0x01098ce3
0x01098ce6
0x010582d9
0x010582d9
0x010582df
0x010582e1
0x010582fc
0x010582fc
0x00000000
0x010582fc
0x010582e3
0x010582e5
0x010582fa
0x010582fa
0x00000000
0x010582fa
0x010582e7
0x010582e9
0x0109898b
0x0109898b
0x00000000
0x0109898b
0x010582f2
0x010582f4
0x01098cee
0x00000000
0x01098cee
0x00000000
0x010582f4
0x010582ae
0x010582b5
0x010582ba
0x010582bc
0x01098cba
0x01098cc1
0x00000000
0x01098cc1
0x010582c5
0x010582c8
0x010582d1
0x010582d3
0x01098ccd
0x01098cd4
0x00000000
0x01098cd4
0x00000000
0x010582d3
0x00000000
0x01057c7a
0x01057ef7
0x01057efa
0x01057efc
0x0105835e
0x01057f23
0x01057f23
0x01057f26
0x01057f28
0x01057f2d
0x01057f2d
0x01057f32
0x01057f35
0x01057f38
0x010580e6
0x010580e6
0x010580ec
0x010580f0
0x010580f5
0x010580f8
0x01098ba9
0x01098bae
0x01098bb1
0x01098ca7
0x01098ca7
0x01098cae
0x00000000
0x01098cae
0x01098bb7
0x01058104
0x01058104
0x01058106
0x00000000
0x00000000
0x0105810c
0x01058110
0x01058143
0x01058148
0x0105814a
0x0105814d
0x01058161
0x0105816b
0x0105816d
0x0105816f
0x01098bda
0x01098be1
0x00000000
0x01098be1
0x01058175
0x01058179
0x01098bf3
0x01098bfc
0x01098c01
0x01098c04
0x01098c06
0x00000000
0x00000000
0x01098c0c
0x01098c0f
0x01098c12
0x01058182
0x01058182
0x01058184
0x01058187
0x00000000
0x00000000
0x01058190
0x010581a6
0x010581ab
0x010581b0
0x010581b2
0x01098c1a
0x01098c21
0x00000000
0x01098c21
0x010581b8
0x010581bb
0x010581d9
0x010581de
0x010581e4
0x010581e7
0x010581e9
0x01098c45
0x0105823f
0x0105823f
0x01058241
0x01058279
0x01058284
0x00000000
0x01058284
0x01058247
0x0105824d
0x01058252
0x01058254
0x01098c4c
0x00000000
0x01098c4c
0x01058260
0x01058266
0x0105826b
0x0105826d
0x01098c58
0x00000000
0x01098c58
0x01058273
0x00000000
0x01058273
0x010581ef
0x010581f1
0x01058231
0x0105823d
0x0105823d
0x00000000
0x0105823d
0x010581f9
0x010581fe
0x01058203
0x01058205
0x01098c2d
0x00000000
0x01098c2d
0x01058215
0x0105821b
0x01058220
0x01058222
0x01098c39
0x00000000
0x01098c39
0x01058228
0x0105822e
0x00000000
0x0105822e
0x0105817f
0x00000000
0x0105817f
0x01058116
0x0105811a
0x0105811f
0x01058121
0x01098bc2
0x00000000
0x01098bc2
0x0105812b
0x01058130
0x01058135
0x01058137
0x01098bce
0x00000000
0x01098bce
0x0105813d
0x00000000
0x0105813d
0x010580fe
0x00000000
0x01057f3e
0x01057f3e
0x01057f42
0x00000000
0x00000000
0x01057f48
0x01057f48
0x01057f4a
0x01057f4a
0x01057f50
0x01057f53
0x01057f53
0x01057f56
0x01057f59
0x01057f5c
0x01057f5e
0x01058366
0x01057fb9
0x01057fb9
0x01057fbf
0x01057fc1
0x01058006
0x01058006
0x0105800c
0x0105800e
0x01058047
0x01058047
0x00000000
0x01058047
0x01058010
0x01058014
0x01058045
0x01058045
0x00000000
0x01058045
0x01058016
0x01058018
0x00000000
0x00000000
0x0105801a
0x01058020
0x01058024
0x01058029
0x0105802b
0x01098c8f
0x00000000
0x01098c8f
0x0105803d
0x0105803f
0x01098c9b
0x00000000
0x01098c9b
0x00000000
0x0105803f
0x01057fc3
0x01057fc5
0x01058372
0x01058004
0x01058004
0x00000000
0x01058004
0x01057fcf
0x01057fd3
0x01057fd8
0x01057fda
0x01098c83
0x00000000
0x01098c83
0x01057fe0
0x01057fe3
0x01057fe5
0x00000000
0x00000000
0x01057ff3
0x01057ff5
0x00000000
0x00000000
0x01057ffb
0x01057ffe
0x00000000
0x01057ffe
0x01057f68
0x01057f6f
0x01057f74
0x01057f76
0x01098c64
0x00000000
0x01098c64
0x01057f7c
0x01057f85
0x01057f87
0x01098b96
0x01098b96
0x01098b9d
0x00000000
0x01098b9d
0x01057f8d
0x01057f90
0x01057f92
0x00000000
0x00000000
0x01057f98
0x01057f9a
0x00000000
0x00000000
0x01057fa0
0x01057fa2
0x00000000
0x00000000
0x01057fab
0x01057fad
0x01098c70
0x01098c77
0x00000000
0x01098c77
0x01057fb3
0x01057fb6
0x00000000
0x01057fb6
0x01057f38
0x01057f02
0x01057f05
0x01057f07
0x00000000
0x00000000
0x01057f0d
0x01057f1b
0x01057f1d
0x00000000
0x00000000
0x00000000
0x01057f1d
0x00000000
0x01057b87
0x01057b80
0x01057af6
0x01057eac
0x01057eb0
0x01057eca
0x01057eca
0x01057ecd
0x01057ed3
0x01057ed9
0x00000000
0x01057ed9
0x01057eb6
0x01057eba
0x01057ebf
0x01057ec1
0x010989ce
0x00000000
0x010989ce
0x01057ec7
0x00000000
0x01057ec7
0x01057afc
0x01057afe
0x010989da
0x01057b04
0x01057b04
0x01057b04
0x01057b08
0x01057b0b
0x01057b0e
0x01057b13
0x00000000
0x01057b15
0x01057b1a
0x01057b1a
0x01057b1c
0x01057b22
0x01057b28
0x01057b2a
0x01057b3b
0x01057b41
0x01057b46
0x01098997
0x01098997
0x0109899e
0x00000000
0x0109899e
0x01057b4c
0x01057b5a
0x010989e3
0x00000000
0x010989e3
0x01057b60
0x00000000
0x010989ef
0x010989ef
0x010989f9
0x00000000
0x010989f9
0x01057b2a
0x01057b13
0x01057a9c
0x01057a9e
0x01057ac2
0x01057ac4
0x00000000
0x00000000
0x01057aca
0x00000000
0x01057aca
0x01057aa0
0x01057aa0
0x01057aa5
0x00000000
0x00000000
0x01057aab
0x01057ab9
0x00000000
0x01057abf
0x01057abf
0x00000000
0x01057abf
0x01057ab9
0x01057c6b
0x01057c6e
0x01057c72
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x010579ef
0x0105798b
0x0105797b
0x0105797b
0x00000000

Strings

LdrpResSearchResourceInsideDirectory Enter, xrefs: 0105794C
{, xrefs: 01098CEE
T, xrefs: 01057942
MUI, xrefs: 01057BCA
LdrpResSearchResourceInsideDirectory Exit, xrefs: 01057960
R, xrefs: 01057956

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$MUI$R$T${
API String ID: 0-2515562510
Opcode ID: c018354ecb216f64526ae64edb19895db0ec61bfb75da312a47bc9ae66001a00
Instruction ID: efe07e70f2a52eb433c140b4b5a9e0efc3d32e1fcdcc9a362d74507e80b4dc38
Opcode Fuzzy Hash: c018354ecb216f64526ae64edb19895db0ec61bfb75da312a47bc9ae66001a00
Instruction Fuzzy Hash: 93923870E0422DCFEFA5CF98C890BAEBBB5BF45304F54819AD999AB341D734A941DB40

Uniqueness

Uniqueness Score: -1.00%

Function 0104A309 Relevance: 8.2, Strings: 6, Instructions: 687
COMMONCrypto

Download Yara Rule

C-Code - Quality: 72%

			E0104A309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x1118a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E0104A830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E0104DF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E01029373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E0102A9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x1118748 - 1;
						if( *0x1118748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E0102B150();
								} else {
									E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E0102B150();
								__eflags =  *0x1117bc8;
								if( *0x1117bc8 == 0) {
									__eflags = 1;
									E010E2073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x1118748 - 1;
							if( *0x1118748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E0105174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E01047D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E010E14FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E01029373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E01029819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x1118748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E0102B150();
											} else {
												E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E0102B150();
											_pop(_t491);
											__eflags =  *0x1117bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E010E2073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E010EA80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E0104A830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E01047D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E01047D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E010E1411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E01047D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E01047D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x1118748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E0102B150();
							} else {
								E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E0102B150();
							__eflags =  *0x1117bc8;
							if( *0x1117bc8 == 0) {
								__eflags = 0;
								E010E2073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x1118748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E0102B150();
												} else {
													E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E0102B150();
												__eflags =  *0x1117bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E010E2073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E010EA80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E0104A830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E0104B73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E0104A830(_t553, _v64, _v24);
								_t286 = E01047D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E01047D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E010E1411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E01047D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E01047D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E010E1411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E0105174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E0104B73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E01047D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E010E14FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E010499BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E0104A830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E0105ABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}

0x0104a309
0x0104a316
0x0104a319
0x0104a31d
0x0104a32d
0x0104a331
0x01091e0d
0x01091e10
0x0104a3cb
0x0104a3cb
0x0104a3bd
0x0104a3c3
0x0104a3c3
0x0104a33a
0x01091e17
0x01091e1b
0x01091e1d
0x01091e2f
0x01091e34
0x01091e36
0x01091e3c
0x01091e3c
0x01091e3c
0x01091e3c
0x01091e36
0x01091e42
0x01091e45
0x01091e47
0x0104a3f8
0x0104a3f8
0x0104a3fb
0x0104a3fd
0x01091e50
0x0104a403
0x0104a411
0x0104a411
0x0104a411
0x0104a41e
0x0104a420
0x0104a424
0x0104a427
0x0104a7c9
0x0104a7cd
0x0104a7d2
0x0104a7d9
0x0104a7e0
0x0104a7e3
0x0104a7ed
0x0104a7f3
0x0104a7f9
0x0104a7ff
0x0104a802
0x0104a807
0x0104a809
0x0104a809
0x0104a809
0x0104a80f
0x0104a80f
0x0104a812
0x0104a81c
0x0104a821
0x0104a824
0x0104a42d
0x0104a42d
0x0104a42d
0x0104a42d
0x0104a42d
0x0104a436
0x0104a43a
0x0104a609
0x0104a60d
0x0104a612
0x0104a616
0x0104a61a
0x01091e57
0x01091e59
0x00000000
0x00000000
0x01091e5f
0x0104a620
0x0104a627
0x01091e64
0x01091e66
0x01091e6c
0x01091e72
0x01091e76
0x01091e95
0x01091e9a
0x01091e78
0x01091e8d
0x01091e92
0x01091ea0
0x01091ea5
0x01091eaa
0x01091eb2
0x01091eb6
0x01091eb9
0x01091eb9
0x01091ebe
0x01091ec2
0x01091ec2
0x01091e66
0x0104a62d
0x0104a633
0x0104a636
0x0104a63a
0x0104a63c
0x0104a640
0x0104a642
0x0104a644
0x0104a644
0x0104a644
0x0104a64d
0x0104a64d
0x0104a651
0x0104a655
0x01091eca
0x01091ed1
0x00000000
0x00000000
0x01091ed7
0x00000000
0x0104a65b
0x0104a669
0x0104a66e
0x0104a670
0x00000000
0x00000000
0x0104a676
0x0104a67b
0x0104a680
0x0104a682
0x01091f1a
0x0104a688
0x0104a688
0x0104a688
0x0104a68a
0x0104a68d
0x01091f24
0x01091f2a
0x01091f31
0x01091f43
0x01091f43
0x01091f31
0x0104a693
0x0104a697
0x0104a69d
0x0104a6a0
0x0104a6a6
0x0104a6a8
0x0104a6a8
0x0104a6a8
0x0104a6a8
0x0104a6b2
0x0104a6b7
0x0104a6c1
0x0104a6c6
0x0104a6d2
0x0104a6d9
0x0104a6e3
0x0104a6e6
0x0104a6eb
0x0104a6ed
0x0104a6ed
0x0104a6ed
0x0104a6ed
0x0104a6f3
0x0104a6f8
0x0104a702
0x0104a70a
0x0104a70e
0x0104a71a
0x0104a71e
0x01091fcb
0x01091fcf
0x01091fdd
0x01091fe3
0x01091fe3
0x0104a724
0x0104a728
0x0104a72a
0x0104a72d
0x0104a737
0x0104a73a
0x0104a73c
0x0104a742
0x0104a748
0x01091f4d
0x01091f50
0x01091f56
0x01091f5c
0x01091f5f
0x01091f7e
0x01091f83
0x01091f61
0x01091f76
0x01091f7b
0x01091f89
0x01091f8e
0x01091f93
0x01091f94
0x01091f9a
0x01091f9c
0x01091f9e
0x01091fa1
0x01091fa1
0x01091fa6
0x01091fa6
0x01091f50
0x0104a74e
0x0104a751
0x0104a754
0x0104a75d
0x0104a75e
0x0104a762
0x0104a767
0x01091faf
0x01091fb0
0x01091fb9
0x01091fbe
0x01091fc2
0x01091fc2
0x0104a76d
0x0104a76d
0x0104a775
0x0104a778
0x0104a77d
0x0104a77d
0x0104a71e
0x0104a782
0x0104a787
0x0104a789
0x01091ff3
0x0104a78f
0x0104a78f
0x0104a78f
0x0104a791
0x0104a794
0x01091ffd
0x01092006
0x0109200c
0x01092017
0x01092019
0x01092024
0x01092024
0x01092024
0x01092047
0x01092047
0x0109200c
0x0104a79a
0x0104a79f
0x0104a7a4
0x0104a7a9
0x0104a7ab
0x0109205a
0x0104a7b1
0x0104a7b1
0x0104a7b1
0x0104a7b3
0x0104a7b6
0x00000000
0x0104a7bc
0x01092066
0x01092068
0x01092073
0x01092073
0x01092073
0x01092078
0x01092079
0x0109207d
0x00000000
0x0109207d
0x0104a7b6
0x0104a440
0x0104a440
0x0104a440
0x0104a446
0x0104a44c
0x0104a44f
0x0104a453
0x0104a455
0x010920b3
0x010920b9
0x010920b9
0x0104a45d
0x0104a460
0x0104a464
0x0104a466
0x0104a46b
0x0104a46f
0x0104a471
0x0104a471
0x0104a471
0x0104a474
0x0104a479
0x0104a47d
0x0104a47f
0x01092229
0x0109222f
0x0104a3c8
0x0104a3c8
0x0104a3ca
0x0104a3ca
0x00000000
0x0104a3ca
0x01092235
0x0109223a
0x0109223a
0x00000000
0x00000000
0x01092240
0x01092246
0x0109224a
0x01092269
0x0109226e
0x0109224c
0x01092261
0x01092266
0x01092274
0x01092279
0x0109227e
0x01092286
0x01092288
0x0109228d
0x0109228d
0x01092292
0x01092292
0x01092295
0x01092295
0x00000000
0x01092295
0x0104a485
0x0104a489
0x0104a48b
0x0104a48f
0x0104a493
0x0104a497
0x0104a49b
0x0104a4bb
0x0104a4bb
0x0104a4bd
0x0104a4ff
0x0104a4ff
0x0104a501
0x0104a505
0x0104a50f
0x0104a517
0x0104a51b
0x0104a527
0x0104a52b
0x01092182
0x01092185
0x01092193
0x01092199
0x01092199
0x0104a531
0x0104a535
0x0104a538
0x0104a548
0x0104a54b
0x0104a54d
0x0104a553
0x0104a559
0x01092100
0x01092103
0x01092109
0x0109210f
0x01092112
0x01092131
0x01092136
0x01092114
0x01092129
0x0109212e
0x0109213c
0x01092141
0x01092147
0x0109214d
0x01092151
0x01092154
0x01092154
0x01092159
0x01092159
0x01092103
0x0104a55f
0x0104a562
0x0104a565
0x0104a567
0x01092162
0x0104a56d
0x0104a574
0x0104a575
0x0104a579
0x0104a57e
0x01092169
0x0109216a
0x01092170
0x01092175
0x01092179
0x01092179
0x0104a57e
0x0104a584
0x0104a58f
0x0104a58f
0x0104a52b
0x0104a5ad
0x0104a5bc
0x0104a5c1
0x0104a5c6
0x0104a5cb
0x0104a5cd
0x010921a9
0x0104a5d3
0x0104a5d3
0x0104a5d3
0x0104a5d5
0x0104a5d8
0x010921b3
0x010921bc
0x010921c2
0x010921cd
0x010921cf
0x010921da
0x010921da
0x010921da
0x010921f7
0x010921f7
0x010921c2
0x0104a5de
0x0104a5e3
0x0104a5e8
0x0104a5ea
0x0109220a
0x0104a5f0
0x0104a5f0
0x0104a5f0
0x0104a5f2
0x0104a5f5
0x01092219
0x0109221b
0x0109208c
0x0109208c
0x0109208c
0x01092095
0x01092096
0x01092097
0x01092098
0x010920a4
0x010920a5
0x010920a9
0x010920a9
0x00000000
0x0104a5f5
0x0104a4bf
0x0104a4d3
0x0104a4d8
0x0104a4da
0x01091ede
0x01091ede
0x01091ee4
0x01091ee9
0x00000000
0x00000000
0x01091f07
0x00000000
0x01091f07
0x0104a4e0
0x0104a4e5
0x0104a4e7
0x010920cb
0x0104a4ed
0x0104a4ed
0x0104a4ed
0x0104a4f2
0x0104a4f5
0x010920d5
0x010920de
0x010920e4
0x010920f6
0x010920f6
0x010920e4
0x0104a4fb
0x00000000
0x0104a4fb
0x0104a4a1
0x0104a4a4
0x0104a4a8
0x00000000
0x00000000
0x0104a4aa
0x0104a4ac
0x00000000
0x00000000
0x0104a4b2
0x0104a4b5
0x00000000
0x00000000
0x00000000
0x0104a4b5
0x0104a43a
0x0104a340
0x0104a346
0x0104a600
0x00000000
0x0104a600
0x0104a34f
0x0104a351
0x0104a358
0x0104a3c6
0x00000000
0x0104a371
0x0104a37a
0x0104a37f
0x0104a382
0x0104a384
0x0104a394
0x00000000
0x0104a396
0x0104a399
0x0104a3a7
0x0104a3b0
0x0104a3b4
0x0104a3bb
0x0104a3d2
0x0104a3da
0x0104a3df
0x0104a3e1
0x0104a3e5
0x0104a3ea
0x0104a3f0
0x0104a3f0
0x0104a3e1
0x00000000
0x0104a3bb
0x0104a394

Strings

(UCRBlock != NULL), xrefs: 01091EA0
(!TrailingUCR), xrefs: 01092274
(LONG)FreeEntry->Size > 1, xrefs: 0109213C
HEAP: , xrefs: 01091E95, 01091F7E, 01092131, 01092269
((LONG)FreeEntry->Size > 1), xrefs: 01091F89
HEAP[%wZ]: , xrefs: 01091E88, 01091F71, 01092124, 0109225C

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
API String ID: 0-523794902
Opcode ID: 3b3a5759d1cbd75f34c6678b3a0eecf494a86bf575d69dbba1d5e8ef8716c1cd
Instruction ID: 9ecddea81500253a59357344d900ebb915c8e5bad5784d2d7d4cc0f8d258e4a5
Opcode Fuzzy Hash: 3b3a5759d1cbd75f34c6678b3a0eecf494a86bf575d69dbba1d5e8ef8716c1cd
Instruction Fuzzy Hash: FE42EBB1308342EFDB15DF28C894A6ABBE5BF98214F0489ADF4C68B352D734D981CB51

Uniqueness

Uniqueness Score: -1.00%

Function 010E2D82 Relevance: 7.7, Strings: 6, Instructions: 228
COMMONCrypto

Download Yara Rule

C-Code - Quality: 64%

			E010E2D82(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t83;
				signed char _t89;
				intOrPtr _t90;
				signed char _t101;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				intOrPtr _t108;
				intOrPtr _t112;
				short* _t130;
				short _t131;
				signed int _t148;
				intOrPtr _t149;
				signed int* _t154;
				short* _t165;
				signed int _t171;
				void* _t182;

				_push(0x44);
				_push(0x1100e80);
				E0107D0E8(__ebx, __edi, __esi);
				_t177 = __edx;
				_t181 = __ecx;
				 *((intOrPtr*)(_t182 - 0x44)) = __ecx;
				 *((char*)(_t182 - 0x1d)) = 0;
				 *(_t182 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t182 - 4)) = 0;
					 *((intOrPtr*)(_t182 - 4)) = 1;
					_t83 = E010240E1("RtlAllocateHeap");
					__eflags = _t83;
					if(_t83 == 0) {
						L48:
						 *(_t182 - 0x24) = 0;
						L49:
						 *((intOrPtr*)(_t182 - 4)) = 0;
						 *((intOrPtr*)(_t182 - 4)) = 0xfffffffe;
						E010E30C4();
						goto L50;
					}
					_t89 =  *(__ecx + 0x44) | __edx | 0x10000100;
					 *(_t182 - 0x28) = _t89;
					 *(_t182 - 0x3c) = _t89;
					_t177 =  *(_t182 + 8);
					__eflags = _t177;
					if(_t177 == 0) {
						_t171 = 1;
						__eflags = 1;
					} else {
						_t171 = _t177;
					}
					_t148 =  *((intOrPtr*)(_t181 + 0x94)) + _t171 &  *(_t181 + 0x98);
					__eflags = _t148 - 0x10;
					if(_t148 < 0x10) {
						_t148 = 0x10;
					}
					_t149 = _t148 + 8;
					 *((intOrPtr*)(_t182 - 0x48)) = _t149;
					__eflags = _t149 - _t177;
					if(_t149 < _t177) {
						L44:
						_t90 =  *[fs:0x30];
						__eflags =  *(_t90 + 0xc);
						if( *(_t90 + 0xc) == 0) {
							_push("HEAP: ");
							E0102B150();
						} else {
							E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t181 + 0x78)));
						E0102B150("Invalid allocation size - %Ix (exceeded %Ix)\n", _t177);
						goto L48;
					} else {
						__eflags = _t149 -  *((intOrPtr*)(_t181 + 0x78));
						if(_t149 >  *((intOrPtr*)(_t181 + 0x78))) {
							goto L44;
						}
						__eflags = _t89 & 0x00000001;
						if((_t89 & 0x00000001) != 0) {
							_t178 =  *(_t182 - 0x28);
						} else {
							E0103EEF0( *((intOrPtr*)(_t181 + 0xc8)));
							 *((char*)(_t182 - 0x1d)) = 1;
							_t178 =  *(_t182 - 0x28) | 0x00000001;
							 *(_t182 - 0x3c) =  *(_t182 - 0x28) | 0x00000001;
						}
						E010E4496(_t181, 0);
						_t177 = E01044620(_t181, _t181, _t178,  *(_t182 + 8));
						 *(_t182 - 0x24) = _t177;
						_t173 = 1;
						E010E49A4(_t181);
						__eflags = _t177;
						if(_t177 == 0) {
							goto L49;
						} else {
							_t177 = _t177 + 0xfffffff8;
							__eflags =  *((char*)(_t177 + 7)) - 5;
							if( *((char*)(_t177 + 7)) == 5) {
								_t177 = _t177 - (( *(_t177 + 6) & 0x000000ff) << 3);
								__eflags = _t177;
							}
							_t154 = _t177;
							 *(_t182 - 0x40) = _t177;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *(_t177 + 3) - (_t154[0] ^ _t154[0] ^  *_t154);
								if(__eflags != 0) {
									_push(_t154);
									_t173 = _t177;
									E010DFA2B(0, _t181, _t177, _t177, _t181, __eflags);
								}
							}
							__eflags =  *(_t177 + 2) & 0x00000002;
							if(( *(_t177 + 2) & 0x00000002) == 0) {
								_t101 =  *(_t177 + 3);
								 *(_t182 - 0x29) = _t101;
								_t102 = _t101 & 0x000000ff;
							} else {
								_t130 = E01021F5B(_t177);
								 *((intOrPtr*)(_t182 - 0x30)) = _t130;
								__eflags =  *(_t181 + 0x40) & 0x08000000;
								if(( *(_t181 + 0x40) & 0x08000000) == 0) {
									 *_t130 = 0;
								} else {
									_t131 = E010516C7(1, _t173);
									_t165 =  *((intOrPtr*)(_t182 - 0x30));
									 *_t165 = _t131;
									_t130 = _t165;
								}
								_t102 =  *(_t130 + 2) & 0x0000ffff;
							}
							 *(_t182 - 0x34) = _t102;
							 *(_t182 - 0x28) = _t102;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *(_t177 + 3) =  *(_t177 + 2) ^  *(_t177 + 1) ^  *_t177;
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *_t177;
							}
							__eflags =  *(_t181 + 0x40) & 0x20000000;
							if(( *(_t181 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E010E4496(_t181, 0);
							}
							__eflags =  *(_t182 - 0x24) -  *0x1116360; // 0x0
							_t104 =  *[fs:0x30];
							if(__eflags != 0) {
								_t105 =  *(_t104 + 0x68);
								 *(_t182 - 0x4c) = _t105;
								__eflags = _t105 & 0x00000800;
								if((_t105 & 0x00000800) == 0) {
									goto L49;
								}
								_t106 =  *(_t182 - 0x34);
								__eflags = _t106;
								if(_t106 == 0) {
									goto L49;
								}
								__eflags = _t106 -  *0x1116364; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								__eflags =  *((intOrPtr*)(_t181 + 0x7c)) -  *0x1116366; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								_t108 =  *[fs:0x30];
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E0102B150();
								} else {
									E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E010CD455(_t181,  *(_t182 - 0x28)));
								_push( *(_t182 + 8));
								E0102B150("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t182 - 0x24));
								goto L34;
							} else {
								__eflags =  *(_t104 + 0xc);
								if( *(_t104 + 0xc) == 0) {
									_push("HEAP: ");
									E0102B150();
								} else {
									E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t182 + 8));
								E0102B150("Just allocated block at %p for %Ix bytes\n",  *0x1116360);
								L34:
								_t112 =  *[fs:0x30];
								__eflags =  *((char*)(_t112 + 2));
								if( *((char*)(_t112 + 2)) != 0) {
									 *0x1116378 = 1;
									 *0x11160c0 = 0;
									asm("int3");
									 *0x1116378 = 0;
								}
								goto L49;
							}
						}
					}
				} else {
					_t181 =  *0x1115708; // 0x0
					 *0x111b1e0(__ecx, __edx,  *(_t182 + 8));
					 *_t181();
					L50:
					return E0107D130(0, _t177, _t181);
				}
			}

0x010e2d82
0x010e2d84
0x010e2d89
0x010e2d8e
0x010e2d90
0x010e2d92
0x010e2d97
0x010e2d9a
0x010e2da4
0x010e2dc0
0x010e2dc3
0x010e2dd1
0x010e2dd6
0x010e2dd8
0x010e30a7
0x010e30a7
0x010e30aa
0x010e30aa
0x010e30ad
0x010e30b4
0x00000000
0x010e30b9
0x010e2de3
0x010e2de8
0x010e2deb
0x010e2dee
0x010e2df1
0x010e2df3
0x010e2dfb
0x010e2dfb
0x010e2df5
0x010e2df5
0x010e2df5
0x010e2e04
0x010e2e0a
0x010e2e0d
0x010e2e11
0x010e2e11
0x010e2e12
0x010e2e15
0x010e2e18
0x010e2e1a
0x010e3027
0x010e3027
0x010e302d
0x010e3030
0x010e304f
0x010e3054
0x010e3032
0x010e3047
0x010e304c
0x010e305a
0x010e3063
0x00000000
0x010e2e20
0x010e2e20
0x010e2e23
0x00000000
0x00000000
0x010e2e29
0x010e2e2b
0x010e2e47
0x010e2e2d
0x010e2e33
0x010e2e38
0x010e2e3f
0x010e2e42
0x010e2e42
0x010e2e4e
0x010e2e5d
0x010e2e5f
0x010e2e62
0x010e2e66
0x010e2e6b
0x010e2e6d
0x00000000
0x010e2e73
0x010e2e73
0x010e2e76
0x010e2e7a
0x010e2e83
0x010e2e83
0x010e2e83
0x010e2e85
0x010e2e87
0x010e2e8a
0x010e2e8d
0x010e2e92
0x010e2e9c
0x010e2e9f
0x010e2ea1
0x010e2ea2
0x010e2ea6
0x010e2ea6
0x010e2e9f
0x010e2eab
0x010e2eaf
0x010e2edf
0x010e2ee2
0x010e2ee5
0x010e2eb1
0x010e2eb3
0x010e2eb8
0x010e2ebd
0x010e2ec4
0x010e2ed6
0x010e2ec6
0x010e2ec7
0x010e2ecc
0x010e2ecf
0x010e2ed2
0x010e2ed2
0x010e2ed9
0x010e2ed9
0x010e2ee8
0x010e2eeb
0x010e2eef
0x010e2ef2
0x010e2efe
0x010e2f04
0x010e2f04
0x010e2f04
0x010e2f06
0x010e2f0d
0x010e2f0f
0x010e2f13
0x010e2f13
0x010e2f1b
0x010e2f21
0x010e2f27
0x010e2f95
0x010e2f98
0x010e2f9b
0x010e2fa0
0x00000000
0x00000000
0x010e2fa6
0x010e2fa9
0x010e2fac
0x00000000
0x00000000
0x010e2fb2
0x010e2fb9
0x00000000
0x00000000
0x010e2fc3
0x010e2fca
0x00000000
0x00000000
0x010e2fd0
0x010e2fd6
0x010e2fd9
0x010e2ff8
0x010e2ffd
0x010e2fdb
0x010e2ff0
0x010e2ff5
0x010e300e
0x010e300f
0x010e301a
0x00000000
0x010e2f29
0x010e2f29
0x010e2f2c
0x010e2f4b
0x010e2f50
0x010e2f2e
0x010e2f43
0x010e2f48
0x010e2f56
0x010e2f64
0x010e2f6c
0x010e2f6c
0x010e2f72
0x010e2f76
0x010e2f7c
0x010e2f83
0x010e2f89
0x010e2f8a
0x010e2f8a
0x00000000
0x010e2f76
0x010e2f27
0x010e2e6d
0x010e2da6
0x010e2dab
0x010e2db3
0x010e2db9
0x010e30bc
0x010e30c1
0x010e30c1

Strings

RtlAllocateHeap, xrefs: 010E2DCA
Just allocated block at %p for %Ix bytes, xrefs: 010E2F5F
Just allocated block at %p for 0x%Ix bytes with tag %ws, xrefs: 010E3015
HEAP: , xrefs: 010E2F4B, 010E2FF8, 010E304F
Invalid allocation size - %Ix (exceeded %Ix), xrefs: 010E305E
HEAP[%wZ]: , xrefs: 010E2F3E, 010E2FEB, 010E3042

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
API String ID: 0-1745908468
Opcode ID: b8ab5232177779e5119a333b04911371aac1aac2fd535984eb78386dfa4a91d5
Instruction ID: 3fec4882752a727dfc67ae3b536cde29554ca5e81487478a6237f1b142bc9d75
Opcode Fuzzy Hash: b8ab5232177779e5119a333b04911371aac1aac2fd535984eb78386dfa4a91d5
Instruction Fuzzy Hash: 759102316006559FDB26DFAAC458AEDBFF2BF89710F18806DE5C69B391C7729981CB00

Uniqueness

Uniqueness Score: -1.00%

Function 01033D34 Relevance: 6.7, Strings: 5, Instructions: 435
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E01033D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E01031B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E01031B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E01031B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E01031B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E01031B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = E01044620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0106F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E01071370(_t276, 0x1004e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0106BB40(0,  &_v68, _t170);
									if(L010343C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0106BB40(_t257,  &_v68, _t243);
								if(L010343C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E01071370(_t278, 0x1004e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = E01044620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0106F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E01071370(_v16, 0x1004e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0106BB40(_t262,  &_v68, _t244);
								if(L010343C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E01071370(_t282, 0x1004e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0106BB40(_t262,  &_v68, _t201);
							if(L010343C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = E01044620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0106F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E01071370(_t280, 0x1004e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0106BB40(_t267,  &_v68, _t245);
							if(L010343C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E01071370(_t284, 0x1004e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0106BB40(_t267,  &_v68, _t224);
						if(L010343C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}

0x01033d3c
0x01033d42
0x01033d44
0x01033d46
0x01033d49
0x01033d4c
0x01033d4f
0x01033d52
0x01033d55
0x01033d58
0x01033d5b
0x01033d5f
0x01033d61
0x01033d66
0x01088213
0x01088218
0x01034085
0x01034088
0x0103408e
0x01034094
0x0103409a
0x010340a0
0x010340a6
0x010340a9
0x010340af
0x010340b6
0x010340bd
0x010340bd
0x01033d83
0x0108821f
0x01088229
0x01088238
0x01088238
0x0108823d
0x0108823d
0x01033da0
0x01033daf
0x01033db5
0x01033dba
0x01033dba
0x01033dd4
0x01033e94
0x01033eab
0x01033f6d
0x01033f84
0x0103406b
0x0103406b
0x0103406e
0x0103406e
0x01034070
0x01034074
0x01088351
0x01088351
0x0103407a
0x0103407f
0x0108835d
0x01088370
0x01088377
0x01088379
0x0108837c
0x0108837c
0x0108835d
0x00000000
0x0103407f
0x01033f8a
0x01033f8d
0x01033f90
0x01033f95
0x0108830d
0x0108830f
0x01033f9b
0x01033fac
0x01033fae
0x01033fb1
0x01033fb1
0x01033fb6
0x01088317
0x0108831a
0x00000000
0x01033fbc
0x01033fc1
0x01033fc9
0x01033fd7
0x01033fda
0x01033fdd
0x01034021
0x01034021
0x01034029
0x01034030
0x01034044
0x01034046
0x01034046
0x01034044
0x01034049
0x01088327
0x01088334
0x01088339
0x0108833c
0x0103404f
0x0103404f
0x0103404f
0x01034051
0x01034056
0x01034063
0x01034063
0x01034068
0x00000000
0x01034068
0x01033fdf
0x01033fe2
0x01033fe4
0x01033fe7
0x01033fef
0x01034003
0x01034005
0x01034005
0x0103400c
0x01034013
0x01034016
0x01034017
0x0103401b
0x0103401e
0x00000000
0x0103401e
0x01033fb6
0x01033eb1
0x01033eb4
0x01033eb7
0x01033ebc
0x010882a9
0x010882ab
0x01033ec2
0x01033ed3
0x01033ed5
0x01033ed8
0x01033ed8
0x01033edd
0x010882b3
0x010882b6
0x00000000
0x01033ee3
0x01033ee8
0x01033eed
0x01033ef0
0x01033ef3
0x01033f02
0x01033f05
0x01033f08
0x010882c0
0x010882c3
0x010882c5
0x010882c8
0x010882d0
0x010882e4
0x010882e6
0x010882e6
0x010882ed
0x010882f4
0x010882f7
0x010882f8
0x010882fc
0x010882ff
0x010882ff
0x01033f0e
0x01033f11
0x01033f16
0x01033f1d
0x01033f31
0x01088307
0x01088307
0x01033f31
0x01033f39
0x01033f48
0x01033f4d
0x01033f50
0x01033f50
0x01033f53
0x01033f58
0x01033f65
0x01033f65
0x01033f6a
0x00000000
0x01033f6a
0x01033edd
0x01033dda
0x01033ddd
0x01033de0
0x01033de5
0x01088245
0x01033deb
0x01033df7
0x01033dfc
0x01033dfe
0x01033e01
0x01033e01
0x01033e06
0x0108824d
0x0108824f
0x01088254
0x00000000
0x01033e0c
0x01033e11
0x01033e16
0x01033e19
0x01033e29
0x01033e2c
0x01033e2f
0x0108825c
0x0108825f
0x01088261
0x01088264
0x0108826c
0x01088280
0x01088282
0x01088282
0x01088289
0x01088290
0x01088293
0x01088294
0x01088298
0x0108829b
0x0108829b
0x01033e35
0x01033e38
0x01033e3d
0x01033e44
0x01033e58
0x010882a3
0x010882a3
0x01033e58
0x01033e60
0x01033e6f
0x01033e74
0x01033e77
0x01033e77
0x01033e7a
0x01033e7f
0x01033e8c
0x01033e8c
0x01033e91
0x00000000
0x01033e91

Strings

Kernel-MUI-Language-Allowed, xrefs: 01033DC0
Kernel-MUI-Number-Allowed, xrefs: 01033D8C
Kernel-MUI-Language-Disallowed, xrefs: 01033E97
Kernel-MUI-Language-SKU, xrefs: 01033F70
WindowsExcludedProcs, xrefs: 01033D6F

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
API String ID: 0-258546922
Opcode ID: b1fb0e025c935349d588eca3c66c8ceec4b63d04384ef8e5e29f9b590b8dfc15
Instruction ID: 60146b1c525dd906d472a4de36ebcebb04d5a65f7877ded8e585f46d7b056159
Opcode Fuzzy Hash: b1fb0e025c935349d588eca3c66c8ceec4b63d04384ef8e5e29f9b590b8dfc15
Instruction Fuzzy Hash: 35F129B2D00619EBDB11DF98C980AEEBBFDFF58650F15406AE585EB250D7749E00CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 010240E1 Relevance: 6.3, Strings: 5, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 29%

			E010240E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0102B150();
					} else {
						E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0102B150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E0102B150(", passed to %s", _t29);
					}
					_push("\n");
					E0102B150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1116378 = 1;
						asm("int3");
						 *0x1116378 = 0;
					}
					return 0;
				}
				return 1;
			}

0x010240e6
0x010240e8
0x010240f1
0x0108042d
0x0108044c
0x01080451
0x0108042f
0x01080444
0x01080449
0x0108045d
0x01080466
0x0108046e
0x01080474
0x01080475
0x0108047a
0x0108048a
0x0108048c
0x01080493
0x01080494
0x01080494
0x00000000
0x0108049b
0x00000000

Strings

Invalid heap signature for heap at %p, xrefs: 01080458
RtlAllocateHeap, xrefs: 01080468
, passed to %s, xrefs: 01080469
HEAP: , xrefs: 0108044C
HEAP[%wZ]: , xrefs: 0108043F

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
API String ID: 0-188067316
Opcode ID: 1bb1f3b6e29dffbd1876cc936b528d97aeffafc205237c25a847ae8b8ceb9996
Instruction ID: c7d55ffbea7c689e93977091daa937b5edffb8a6c48ef5d4ddb4577aec6be9fd
Opcode Fuzzy Hash: 1bb1f3b6e29dffbd1876cc936b528d97aeffafc205237c25a847ae8b8ceb9996
Instruction Fuzzy Hash: 81014C72158A519EE33AA76DE40DF967BE4DB41B30F29406DF0C94B681CEE994C4C720

Uniqueness

Uniqueness Score: -1.00%

Function 0105701D Relevance: 5.6, Strings: 4, Instructions: 569
COMMONCrypto

Download Yara Rule

C-Code - Quality: 82%

			E0105701D(void* __ebx, signed int __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				short _t253;
				short _t254;
				signed int* _t256;
				signed int* _t257;
				signed int _t258;
				signed char* _t259;
				signed int* _t261;
				signed int _t263;
				signed int* _t267;
				signed int _t268;
				signed int _t275;
				signed char _t281;
				signed int _t290;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				signed int _t302;
				signed int _t303;
				signed int _t304;
				signed short _t308;
				signed int _t312;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t339;
				signed int _t348;
				signed int _t351;
				short _t357;
				signed char _t363;
				signed int _t366;
				signed char _t369;
				void* _t370;
				signed int _t371;
				signed int _t375;
				signed int _t386;
				signed int _t389;
				signed int* _t391;
				signed int _t398;
				signed int _t399;
				signed int _t401;
				signed int _t409;
				intOrPtr _t410;
				signed int _t414;
				signed int _t415;
				void* _t417;
				void* _t418;
				void* _t419;
				signed int _t426;
				void* _t428;

				_push(0x338);
				_push(0x1100060);
				E0107D0E8(__ebx, __edi, __esi);
				 *(_t418 - 0x2f4) = __edx;
				 *(_t418 - 0x2e8) = __ecx;
				 *(_t418 - 0x2f0) =  *(_t418 + 0xc);
				 *(_t418 - 0x304) =  *(_t418 + 0x14);
				 *(_t418 - 0x328) =  *(_t418 + 0x18);
				 *(_t418 - 0x30c) =  *(_t418 + 0x1c);
				 *(_t418 - 0x308) =  *(_t418 + 0x20);
				 *(_t418 - 0x2e4) = 0;
				 *((intOrPtr*)(_t418 - 0x31c)) = 0;
				 *((intOrPtr*)(_t418 - 0x318)) = 0;
				 *((intOrPtr*)(_t418 - 0x314)) = 0;
				 *((intOrPtr*)(_t418 - 0x310)) = 0;
				 *((char*)(_t418 - 0x2d9)) = 0;
				_t389 =  *(_t418 + 8);
				 *(_t418 - 0x334) = _t389 & 0x00000040;
				 *((char*)(_t418 - 0x2da)) = 0;
				 *((char*)(_t418 - 0x2db)) = 0;
				_t357 = 0x4a;
				 *((short*)(_t418 - 0x300)) = _t357;
				_t253 = 0x4c;
				 *((short*)(_t418 - 0x2fe)) = _t253;
				 *(_t418 - 0x2fc) = L"LdrpResSearchResourceMappedFile Enter";
				_t254 = 0x48;
				 *((short*)(_t418 - 0x348)) = _t254;
				 *((short*)(_t418 - 0x346)) = _t357;
				 *(_t418 - 0x344) = L"LdrpResSearchResourceMappedFile Exit";
				_t256 =  *( *[fs:0x30] + 0x50);
				if(_t256 != 0) {
					__eflags =  *_t256;
					if(__eflags == 0) {
						goto L1;
					}
					_t257 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
					L2:
					if(( *_t257 & 1) != 0) {
						_t258 = E01047D50();
						__eflags = _t258;
						if(_t258 == 0) {
							_t259 = 0x7ffe0384;
						} else {
							_t259 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
						}
						E010B6715(_t418 - 0x300,  *_t259 & 0x000000ff);
						_t389 =  *(_t418 + 8);
					}
					_t409 = 0;
					_t413 = _t389 & 0x00000080;
					if( *((intOrPtr*)(_t418 + 0x10)) == 3) {
						_t261 =  *(_t418 - 0x2f0);
						_t409 = _t261[2] & 0x0000ffff;
						 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
						__eflags =  *_t261 & 0xffff0000;
						if(( *_t261 & 0xffff0000) != 0) {
							__eflags = E0106E490( *_t261, L"MUI");
							if(__eflags != 0) {
								goto L41;
							}
							_t263 = 1;
							L42:
							 *((char*)(_t418 - 0x2d9)) = _t263;
							 *(_t418 - 4) = 0xfffffffe;
							_t389 =  *(_t418 + 8);
							goto L4;
						}
						L41:
						_t263 = 0;
						__eflags = 0;
						goto L42;
					} else {
						L4:
						_t348 = _t413;
						if((_t389 & 0x00000010) == 0) {
							_t348 = _t413;
							__eflags =  *((intOrPtr*)(_t418 + 0x10)) - 1;
							if(__eflags < 0) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(_t418 + 0x10)) - 3;
							if(__eflags > 0) {
								goto L5;
							}
							_t351 =  *(_t418 - 0x2f0);
							if(__eflags != 0) {
								_t386 = 0;
							} else {
								_t386 =  *(_t351 + 8) & 0x0000ffff;
							}
							__eflags =  *_t351 - 0x10;
							if( *_t351 != 0x10) {
								__eflags =  *_t351 - 0x18;
								if( *_t351 == 0x18) {
									goto L55;
								}
								__eflags =  *((char*)(_t418 - 0x2d9));
								if(__eflags == 0) {
									goto L56;
								}
								goto L55;
							} else {
								L55:
								__eflags =  !_t389 & 0x00000008;
								if(__eflags != 0) {
									__eflags = _t386;
									if(__eflags != 0) {
										__eflags = _t386 - 0x400;
										if(__eflags == 0) {
											goto L65;
										}
										__eflags = _t386 - 0x800;
										if(__eflags != 0) {
											goto L56;
										}
									}
									L65:
									_t389 = _t389 | 0x00000010;
									 *(_t418 + 8) = _t389;
									_t348 = _t413;
									goto L5;
								}
								L56:
								_push(1);
								_push(_t389);
								_push(0);
								_push( *(_t418 - 0x2f4));
								_push( *(_t418 - 0x2e8));
								_t339 = E010362A0(_t351, _t409, _t413, __eflags);
								 *(_t418 - 0x2d8) = _t339;
								__eflags = _t339;
								if(_t339 >= 0) {
									_t348 = E01027406( *(_t418 - 0x2e8), _t351, _t386,  *(_t418 + 8)) | _t413;
									L59:
									_t389 =  *(_t418 + 8);
									goto L5;
								}
								__eflags = _t339 - 0xc000008a;
								if(_t339 != 0xc000008a) {
									L95:
									_t363 = 1;
									L36:
									_t391 = 0x7ffe0385;
									_t96 = _t391 - 1; // 0x7ffe0384
									_t349 = _t96;
									_t267 =  *( *[fs:0x30] + 0x50);
									if(_t267 != 0) {
										__eflags =  *_t267;
										if( *_t267 != 0) {
											_t391 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
										}
									}
									if(( *_t391 & _t363) != 0) {
										_t268 = E01047D50();
										__eflags = _t268;
										if(_t268 != 0) {
											_t349 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											__eflags =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
										}
										E010B6715(_t418 - 0x348,  *_t349 & 0x000000ff);
										goto L38;
									} else {
										L38:
										L39:
										return E0107D130(_t349, _t409, _t413);
									}
								}
								_t348 = _t413 | 0x00080000;
								__eflags = _t348;
								goto L59;
							}
						}
						L5:
						if((_t348 & 0x00060000) == 0x60000) {
							 *(_t418 - 0x2d8) = 0xc000008a;
							goto L95;
						}
						_t366 =  !_t348;
						_t275 =  !_t389;
						_t426 = _t275 & 0x00000010;
						asm("bt ecx, 0x13");
						asm("bt ecx, 0x11");
						 *(_t418 - 0x2d1) = _t426 != 0;
						 *(_t418 - 0x2d0) = 1;
						 *((short*)(_t418 - 0x2cc)) = 0;
						if(((_t389 & 0xffffff00 | _t426 != 0x00000000) & (_t275 & 0xffffff00 | _t426 > 0x00000000) & ((_t275 & 0xffffff00 | _t426 > 0x00000000) & 0xffffff00 | _t426 > 0x00000000)) != 0) {
							L43:
							_t281 =  *(_t418 + 8);
							__eflags = _t281 & 0x00000010;
							if((_t281 & 0x00000010) != 0) {
								__eflags = _t281 & 0x00000020;
								if(__eflags == 0) {
									goto L44;
								}
								L8:
								_t413 =  *(_t418 - 0x2e8);
								_t409 =  *(_t418 - 0x2f4);
								L9:
								_t398 =  *(_t418 + 8);
								L10:
								asm("bt eax, 0x12");
								asm("bt ebx, 0x13");
								if(((( !_t349 & 0xffffff00 | _t428 >= 0x00000000) & 0xffffff00 | (_t398 & 0x00000010) == 0x00000000) & (_t366 & 0xffffff00 | _t428 >= 0x00000000) & ( !_t349 & 0xffffff00 | _t428 >= 0x00000000)) == 0) {
									_push(_t418 - 0x314);
									_push(_t418 - 0x31c);
									_push(_t398);
									_push(_t409);
									_push(_t413);
									_t290 = E01057620(_t349, _t409, _t413, __eflags);
									__eflags = _t290;
									if(_t290 >= 0) {
										do {
											goto L11;
											L34:
										} while (_t409 < 0 && _t299 != 0);
										goto L36;
									}
									goto L39;
								}
								L11:
								asm("sbb al, al");
								_t369 =  !( ~(_t349 & 0x00020000)) &  *(_t418 - 0x2d1);
								 *(_t418 - 0x2d1) = _t369;
								 *(_t418 - 0x2e9) = _t369;
								 *(_t418 - 0x2dc) = _t369;
								_t409 = 0;
								 *(_t418 - 0x2d8) = 0;
								 *(_t418 - 0x2e0) =  *(_t418 - 0x2e0) & 0;
								 *(_t418 - 0x2f8) = 0;
								_t414 = 0;
								while(1) {
									 *(_t418 - 0x2fc) = _t414;
									if(_t414 >= ( *(_t418 - 0x2d0) & 0x0000ffff)) {
										break;
									}
									if(_t369 != 0) {
										 *(_t418 - 0x2e4) =  *(_t418 - 0x2e4) & 0x00000000;
										 *(_t418 - 0x2e0) =  *(_t418 - 0x2e0) & 0x00000000;
										_t302 =  *(_t418 + _t414 * 8 - 0x2cc) & 0x0000ffff;
										__eflags = _t302;
										if(_t302 != 0) {
											__eflags =  *((intOrPtr*)(_t418 + _t414 * 8 - 0x2c8)) - 0xa;
											if( *((intOrPtr*)(_t418 + _t414 * 8 - 0x2c8)) == 0xa) {
												L68:
												_t409 = 0xc000000d;
												 *(_t418 - 0x2d8) = 0xc000000d;
												L121:
												_t414 = _t414 + 1;
												continue;
											}
											 *(_t418 - 0x2f8) = _t302;
											__eflags = _t369;
											if(__eflags == 0) {
												goto L14;
											}
											_push(_t349 | 0x00001000);
											_push(_t418 - 0x2e0);
											_push(_t418 - 0x2e4);
											_push( *(_t418 - 0x2f8));
											_push( *(_t418 - 0x2e8));
											_t409 = E0103BA00(_t349, _t409, _t414, __eflags);
											 *(_t418 - 0x2d8) = _t409;
											__eflags = _t409;
											if(_t409 < 0) {
												__eflags = _t409 - 0xc0000034;
												if(_t409 == 0xc0000034) {
													L106:
													_t409 = 0xc00b0001;
													 *(_t418 - 0x2d8) = 0xc00b0001;
													L120:
													_t369 =  *(_t418 - 0x2d1);
													goto L121;
												}
												__eflags = _t409 - 0xc000003a;
												if(_t409 != 0xc000003a) {
													goto L120;
												}
												goto L106;
											}
											 *((char*)(_t418 - 0x2da)) = 1;
											__eflags =  *(_t418 - 0x2e0);
											if(__eflags == 0) {
												_push(1);
												_push(0x200);
												_push(_t418 - 0x2e0);
												_push( *(_t418 - 0x2e4));
												_t409 = E010584E0(_t349, _t409, _t414, __eflags);
												 *(_t418 - 0x2d8) = _t409;
											}
											_t298 =  *(_t418 + 8);
											__eflags = _t298 & 0x00001000;
											if(__eflags == 0) {
												L76:
												_push(_t418 - 0x310);
												_push(_t418 - 0x318);
												_push(_t298);
												_push( *(_t418 - 0x2e0));
												_push( *(_t418 - 0x2e4));
												_t409 = E01057620(_t349, _t409, _t414, __eflags);
												 *(_t418 - 0x2d8) = _t409;
												_t369 =  *(_t418 - 0x2d1);
												__eflags = _t409;
												if(_t409 >= 0) {
													goto L14;
												}
												goto L121;
											} else {
												__eflags = _t409;
												if(__eflags < 0) {
													_t369 =  *(_t418 - 0x2d1);
													_t413 =  *(_t418 - 0x2f0);
													L29:
													if(_t369 != 0) {
														__eflags = _t298 & 0x00200000;
														if((_t298 & 0x00200000) == 0) {
															E01054CD4( *(_t418 - 0x2e4),  *(_t418 - 0x2e0), _t413,  *((intOrPtr*)(_t418 + 0x10)));
														}
													}
													if(_t409 >= 0) {
														L49:
														_t299 =  *(_t418 - 0x2d1);
														goto L32;
													} else {
														_t371 =  *(_t418 - 0x2e9);
														_t299 = _t371;
														 *(_t418 - 0x2d1) = _t299;
														if(_t371 != 0) {
															__eflags =  *((char*)(_t418 - 0x2db));
															if( *((char*)(_t418 - 0x2db)) != 0) {
																L137:
																_t370 = 0;
																__eflags = _t349 & 0x00040000;
																if((_t349 & 0x00040000) != 0) {
																	_t299 = 0;
																	__eflags = 0;
																} else {
																	_t349 = _t349 | 0x00020000;
																	_t299 =  *(_t418 - 0x2dc);
																}
																 *(_t418 - 0x2d1) = _t299;
																L33:
																_t363 = _t370 + 1;
																goto L34;
															}
															__eflags =  *((char*)(_t418 - 0x2da));
															if( *((char*)(_t418 - 0x2da)) != 0) {
																goto L137;
															}
															_t300 = L01026398( *(_t418 - 0x2e8));
															__eflags = _t300;
															if(_t300 < 0) {
																goto L137;
															}
															_t349 = _t349 | 0x00400000;
															_t363 = 1;
															 *((char*)(_t418 - 0x2db)) = 1;
															_t299 =  *(_t418 - 0x2dc);
															 *(_t418 - 0x2d1) = _t299;
															goto L34;
														}
														L32:
														_t370 = 0;
														goto L33;
													}
												}
												goto L76;
											}
										}
										__eflags =  *((intOrPtr*)(_t418 + _t414 * 8 - 0x2c8)) - 2;
										if( *((intOrPtr*)(_t418 + _t414 * 8 - 0x2c8)) == 2) {
											goto L121;
										}
										goto L68;
									}
									L14:
									 *(_t418 - 0x32c) =  *(_t418 - 0x32c) & 0x00000000;
									if(_t369 != 0) {
										 *(_t418 - 0x320) =  *(_t418 - 0x320) & 0x00000000;
									} else {
										 *(_t418 - 0x320) = _t418 - 0x2f8;
									}
									_t415 =  *(_t418 + 8);
									if(_t369 != 0) {
										_t415 = _t415 | 0x00000020;
									}
									_t303 =  *(_t418 - 0x328);
									if(_t303 == 0) {
										_t303 = _t418 - 0x32c;
									}
									 *(_t418 - 0x324) = _t303;
									_t410 =  *((intOrPtr*)(_t418 - 0x310));
									if(_t369 != 0) {
										_t399 =  *((intOrPtr*)(_t418 - 0x318));
									} else {
										_t410 =  *((intOrPtr*)(_t418 - 0x314));
										_t399 =  *((intOrPtr*)(_t418 - 0x31c));
									}
									_t304 =  *(_t418 - 0x2e0);
									if(_t369 != 0) {
										_t375 =  *(_t418 - 0x2e4);
									} else {
										_t304 =  *(_t418 - 0x2f4);
										_t375 =  *(_t418 - 0x2e8);
									}
									_t413 =  *(_t418 - 0x2f0);
									_t409 = E010578A0(_t375, 0, _t304, _t399, _t410, 0,  *(_t418 - 0x2f0),  *((intOrPtr*)(_t418 + 0x10)), _t418 - 0x2d0,  *(_t418 - 0x304),  *(_t418 - 0x324), _t415,  *(_t418 - 0x320));
									 *(_t418 - 0x2d8) = _t409;
									if( *(_t418 - 0x334) != 0) {
										__eflags =  !_t349 & 0x00040000;
										if(__eflags == 0) {
											goto L24;
										}
										_t369 =  *(_t418 - 0x2d1);
										__eflags = _t409;
										if(__eflags < 0) {
											goto L26;
										}
										_t404 =  *(_t418 - 0x304);
										__eflags =  *(_t418 - 0x304);
										if(__eflags == 0) {
											goto L25;
										}
										__eflags = _t369;
										if(__eflags == 0) {
											goto L25;
										}
										_t320 =  *(_t418 - 0x328);
										__eflags = _t320;
										if(_t320 == 0) {
											_t321 =  *(_t418 - 0x32c);
										} else {
											_t321 =  *_t320;
										}
										_t409 = E01060245( *(_t418 - 0x2e4),  *_t404, _t321,  *((intOrPtr*)(_t413 + 0xc)), 1);
										 *(_t418 - 0x2d8) = _t409;
										__eflags = _t409;
										if(__eflags < 0) {
											 *( *(_t418 - 0x304)) =  *( *(_t418 - 0x304)) & 0x00000000;
											__eflags = _t409 - 0xc000007b;
											if(__eflags == 0) {
												goto L95;
											}
										}
										goto L24;
									} else {
										L24:
										_t369 =  *(_t418 - 0x2d1);
										L25:
										if(_t409 >= 0) {
											L47:
											_t401 =  *(_t418 - 0x308);
											__eflags = _t401;
											if(_t401 == 0) {
												L28:
												_t298 =  *(_t418 + 8);
												goto L29;
											}
											_t308 =  *(_t418 - 0x2f8);
											__eflags = _t308;
											if(_t308 != 0) {
												 *((intOrPtr*)(_t418 - 0x33c)) = _t418 - 0xc8;
												 *((short*)(_t418 - 0x33e)) = 0xac;
												_t409 = E01034720(_t401, _t308 & 0x0000ffff, _t418 - 0x340, 2, 0);
												 *(_t418 - 0x2d8) = _t409;
												__eflags = _t409;
												if(_t409 < 0) {
													goto L95;
												}
												_t312 = ( *(_t418 - 0x340) & 0x0000ffff) >> 1;
												__eflags = _t312;
												_t401 =  *(_t418 - 0x308);
												goto L126;
											} else {
												_t312 = 0;
												 *((short*)(_t418 - 0xc8)) = 0;
												L126:
												 *(_t418 - 0x2fc) = _t312;
												_t363 = 1;
												 *(_t418 - 4) = 1;
												__eflags = _t312 -  *_t401;
												if(_t312 >=  *_t401) {
													L130:
													 *_t401 = _t312 + 1;
													 *(_t418 - 0x2d8) = 0xc0000023;
													 *(_t418 - 4) = 0xfffffffe;
													goto L36;
												}
												__eflags =  *(_t418 - 0x30c);
												if( *(_t418 - 0x30c) == 0) {
													goto L130;
												}
												_t417 = _t312 + _t312;
												E0106F3E0( *(_t418 - 0x30c), _t418 - 0xc8, _t417);
												_t419 = _t419 + 0xc;
												 *( *(_t418 - 0x308)) =  *(_t418 - 0x2fc) + 1;
												__eflags = 0;
												 *((short*)(_t417 +  *(_t418 - 0x30c))) = 0;
												 *(_t418 - 4) = 0xfffffffe;
												_t369 =  *(_t418 - 0x2d1);
												break;
											}
											goto L49;
										}
										L26:
										if(_t369 != 0) {
											_t319 = E010B9024(_t349,  *(_t418 - 0x2e8),  *(_t418 - 0x2f4), _t409, __eflags,  *(_t418 - 0x2e4),  *(_t418 - 0x2e0));
											__eflags = _t319;
											if(_t319 != 0) {
												_t369 =  *(_t418 - 0x2d1);
												goto L28;
											}
											_t414 =  *(_t418 - 0x2fc);
											goto L120;
										}
										if(_t409 >= 0) {
											goto L47;
										}
										goto L28;
									}
								}
								_t413 =  *(_t418 - 0x2f0);
								goto L28;
							}
							L44:
							__eflags = _t281 & 0x00000004;
							if((_t281 & 0x00000004) != 0) {
								_t349 = _t348 | 0x00000004;
							}
							_t409 =  *(_t418 - 0x2f4);
							_t413 =  *(_t418 - 0x2e8);
							_t366 = _t413;
							__eflags = E010399C7(_t366, _t409, _t409, _t349, _t418 - 0x2d0);
							if(__eflags >= 0) {
								goto L9;
							} else {
								_t398 =  *(_t418 + 8);
								__eflags = _t398 & 0x00001000;
								if(__eflags == 0) {
									goto L10;
								} else {
									goto L39;
								}
								goto L47;
							}
						}
						_t428 =  *((intOrPtr*)(_t418 + 0x10)) - 3;
						if(_t428 == 0) {
							goto L43;
						}
						goto L8;
					}
				}
				L1:
				_t257 = 0x7ffe0385;
				goto L2;
			}

0x0105701d
0x01057022
0x01057027
0x0105702c
0x01057032
0x0105703b
0x01057044
0x0105704d
0x01057056
0x0105705f
0x01057067
0x0105706d
0x01057073
0x01057079
0x0105707f
0x01057085
0x0105708b
0x01057093
0x01057099
0x0105709f
0x010570a7
0x010570a8
0x010570b1
0x010570b2
0x010570b9
0x010570c5
0x010570c6
0x010570cd
0x010570d4
0x010570e4
0x010570e9
0x0109841d
0x01098420
0x00000000
0x00000000
0x0109842f
0x010570f4
0x010570f9
0x01098439
0x0109843e
0x01098440
0x01098452
0x01098442
0x0109844b
0x0109844b
0x01098460
0x01098465
0x01098465
0x010570ff
0x01057103
0x0105710d
0x01057342
0x01057348
0x0105734c
0x01057350
0x01057356
0x010575ef
0x010575f1
0x00000000
0x00000000
0x010575f7
0x0105735e
0x0105735e
0x01057364
0x0105736b
0x00000000
0x0105736b
0x0105735c
0x0105735c
0x0105735c
0x00000000
0x01057113
0x01057113
0x01057113
0x01057118
0x010573cf
0x010573d1
0x010573d5
0x00000000
0x00000000
0x010573db
0x010573df
0x00000000
0x00000000
0x010573e5
0x010573eb
0x0109849c
0x010573f1
0x010573f1
0x010573f1
0x010573f5
0x010573f8
0x010575fe
0x01057601
0x00000000
0x00000000
0x01057607
0x0105760e
0x00000000
0x00000000
0x00000000
0x010573fe
0x010573fe
0x01057402
0x01057404
0x01057475
0x01057478
0x010984a8
0x010984ab
0x00000000
0x00000000
0x010984b6
0x010984b9
0x00000000
0x00000000
0x010984bf
0x0105747e
0x0105747e
0x01057481
0x01057484
0x00000000
0x01057484
0x01057406
0x01057406
0x01057408
0x01057409
0x0105740b
0x01057411
0x01057417
0x0105741c
0x01057422
0x01057424
0x010574d8
0x0105743d
0x0105743d
0x00000000
0x0105743d
0x0105742a
0x0105742f
0x01098494
0x01098496
0x01057313
0x01057313
0x01057318
0x01057318
0x01057321
0x01057326
0x0109876e
0x01098771
0x01098780
0x01098780
0x01098771
0x0105732e
0x0109878b
0x01098790
0x01098792
0x0109879d
0x0109879d
0x0109879d
0x010987ac
0x00000000
0x01057334
0x01057334
0x0105733a
0x0105733f
0x0105733f
0x0105732e
0x01057437
0x01057437
0x00000000
0x01057437
0x010573f8
0x0105711e
0x01057129
0x010984c4
0x00000000
0x010984c4
0x01057131
0x01057135
0x01057137
0x0105713c
0x01057145
0x0105714e
0x01057158
0x01057161
0x0105716a
0x01057373
0x01057373
0x01057376
0x01057378
0x01057468
0x0105746a
0x00000000
0x00000000
0x0105717a
0x0105717a
0x01057180
0x01057186
0x01057186
0x01057189
0x0105718d
0x01057194
0x010571a5
0x0105744b
0x01057452
0x01057453
0x01057454
0x01057455
0x01057456
0x0105745b
0x0105745d
0x010571ab
0x00000000
0x01057307
0x01057307
0x00000000
0x010571ab
0x00000000
0x01057463
0x010571ab
0x010571b4
0x010571be
0x010571c0
0x010571c6
0x010571cc
0x010571d2
0x010571d4
0x010571da
0x010571e2
0x010571e9
0x010571eb
0x010571eb
0x010571fa
0x00000000
0x00000000
0x01057202
0x0105748b
0x01057492
0x01057499
0x010574a1
0x010574a4
0x010574df
0x010574e7
0x010574b4
0x010574b4
0x010574b9
0x010985ea
0x010985ea
0x00000000
0x010985ea
0x010574e9
0x010574f0
0x010574f2
0x00000000
0x00000000
0x010574ff
0x01057506
0x0105750d
0x0105750e
0x01057514
0x0105751f
0x01057521
0x01057527
0x01057529
0x010984ec
0x010984f2
0x01098500
0x01098500
0x01098505
0x010985e4
0x010985e4
0x00000000
0x010985e4
0x010984f4
0x010984fa
0x00000000
0x00000000
0x00000000
0x010984fa
0x01057532
0x01057538
0x0105753f
0x01098510
0x01098511
0x0109851c
0x0109851d
0x01098528
0x0109852a
0x0109852a
0x01057545
0x01057548
0x0105754d
0x01057557
0x0105755d
0x01057564
0x01057565
0x01057566
0x0105756c
0x01057577
0x01057579
0x0105757f
0x01057585
0x01057587
0x00000000
0x00000000
0x00000000
0x0105754f
0x0105754f
0x01057551
0x010986ec
0x010986f2
0x010572de
0x010572e0
0x010575bc
0x010575c1
0x010575d7
0x010575d7
0x010575c1
0x010572e8
0x010573c4
0x010573c4
0x00000000
0x010572ee
0x010572ee
0x010572f4
0x010572f6
0x010572fe
0x01098708
0x0109870f
0x01098749
0x01098749
0x0109874b
0x01098751
0x01098761
0x01098761
0x01098753
0x01098753
0x01098759
0x01098759
0x01098763
0x01057306
0x01057306
0x00000000
0x01057306
0x01098711
0x01098718
0x00000000
0x00000000
0x01098720
0x01098725
0x01098727
0x00000000
0x00000000
0x01098729
0x01098731
0x01098732
0x01098738
0x0109873e
0x00000000
0x0109873e
0x01057304
0x01057304
0x00000000
0x01057304
0x010572e8
0x00000000
0x01057551
0x0105754d
0x010574a6
0x010574ae
0x00000000
0x00000000
0x00000000
0x010574ae
0x01057208
0x01057208
0x01057211
0x01057592
0x01057217
0x0105721d
0x0105721d
0x01057223
0x01057228
0x0105759e
0x0105759e
0x0105722e
0x01057236
0x01057238
0x01057238
0x0105723e
0x01057246
0x0105724c
0x010575a6
0x01057252
0x01057252
0x01057258
0x01057258
0x01057260
0x01057266
0x010575b1
0x0105726c
0x0105726c
0x01057272
0x01057272
0x01057295
0x010572a8
0x010572aa
0x010572b7
0x01098539
0x0109853e
0x00000000
0x00000000
0x01098544
0x0109854a
0x0109854c
0x00000000
0x00000000
0x01098552
0x01098558
0x0109855a
0x00000000
0x00000000
0x01098560
0x01098562
0x00000000
0x00000000
0x01098568
0x0109856e
0x01098570
0x01098576
0x01098572
0x01098572
0x01098572
0x0109858f
0x01098591
0x01098597
0x01098599
0x010985a5
0x010985a8
0x010985ae
0x00000000
0x00000000
0x010985b4
0x00000000
0x010572bd
0x010572bd
0x010572bd
0x010572c3
0x010572c5
0x010573b1
0x010573b1
0x010573b7
0x010573b9
0x010572db
0x010572db
0x00000000
0x010572db
0x010985f0
0x010985f7
0x010985fa
0x0109860d
0x01098618
0x01098633
0x01098635
0x0109863b
0x0109863d
0x00000000
0x00000000
0x0109864a
0x0109864a
0x0109864c
0x00000000
0x010985fc
0x010985fc
0x010985fe
0x01098652
0x01098652
0x0109865a
0x0109865b
0x0109865e
0x01098660
0x010986b7
0x010986b8
0x010986ba
0x010986c4
0x00000000
0x010986c4
0x01098662
0x01098669
0x00000000
0x00000000
0x0109866b
0x0109867c
0x01098681
0x01098691
0x01098693
0x0109869b
0x0109869f
0x010986a6
0x00000000
0x010986a6
0x00000000
0x010985fa
0x010572cb
0x010572cd
0x010985d1
0x010985d6
0x010985d8
0x010986fd
0x00000000
0x010986fd
0x010985de
0x00000000
0x010985de
0x010572d5
0x00000000
0x00000000
0x00000000
0x010572d5
0x010572b7
0x010986ac
0x00000000
0x010986ac
0x0105737e
0x0105737e
0x01057380
0x010984d0
0x010984d0
0x0105738f
0x01057397
0x0105739d
0x010573a4
0x010573a6
0x00000000
0x010573ac
0x010984d8
0x010984db
0x010984e1
0x00000000
0x010984e7
0x00000000
0x010984e7
0x00000000
0x010984e1
0x010573a6
0x01057170
0x01057174
0x00000000
0x00000000
0x00000000
0x01057174
0x0105710d
0x010570ef
0x010570ef
0x00000000

Strings

MUI, xrefs: 010575E1
LdrpResSearchResourceMappedFile Exit, xrefs: 010570D4
LdrpResSearchResourceMappedFile Enter, xrefs: 010570B9
#, xrefs: 010986BA

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: #$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
API String ID: 0-3266796247
Opcode ID: 874c105618306701823d7f8595d48cc6dd0b56b0de5d69f5b70813299b2c3319
Instruction ID: c3ca56ca24a47bebea45e50f6b683a27de3a41c7e415b710c68f83ff8b70d199
Opcode Fuzzy Hash: 874c105618306701823d7f8595d48cc6dd0b56b0de5d69f5b70813299b2c3319
Instruction Fuzzy Hash: BD32A3319002698BDFA6CF18C854BEEBBB5AF45340F5480EAED89A7252D7309F81DF54

Uniqueness

Uniqueness Score: -1.00%

Function 0104A830 Relevance: 5.4, Strings: 4, Instructions: 350
COMMONCrypto

Download Yara Rule

C-Code - Quality: 70%

			E0104A830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x1118748 - 1;
					if( *0x1118748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E0102B150();
									_t260 = _t257 + 4;
								} else {
									E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E0102B150();
								_t257 = _t260 + 4;
								__eflags =  *0x1117bc8;
								if(__eflags == 0) {
									E010E2073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E010EA80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E0107D5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E0104AB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E010EA80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E010EA80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x1118748 - 1;
					if( *0x1118748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E0102B150();
							} else {
								E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E0102B150();
							__eflags =  *0x1117bc8;
							if(__eflags == 0) {
								_t131 = E010E2073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}

0x0104a83a
0x0104a83c
0x0104a83e
0x0104a841
0x0104a844
0x0104a84a
0x0104aa53
0x0104aa59
0x0104aa59
0x0104a858
0x0104a85e
0x0104aaf5
0x0104aafc
0x0109229e
0x010922a2
0x010922a8
0x010922b3
0x010922b5
0x010922bb
0x010922c1
0x010922c5
0x010922e6
0x010922eb
0x010922f0
0x010922c7
0x010922dc
0x010922e1
0x010922e1
0x010922f3
0x010922f8
0x010922fd
0x01092300
0x01092307
0x0109230e
0x0109230e
0x01092313
0x01092313
0x010922b5
0x010922a2
0x0104aafc
0x0104a864
0x0104a869
0x0104aa5c
0x0104aa5e
0x0104a86f
0x0104a87f
0x0104a885
0x0104a885
0x0104a88b
0x0104a890
0x0104a896
0x0104ab0c
0x0104ab0f
0x0104ab15
0x01092320
0x01092320
0x0104ab1b
0x0104a89c
0x0104a89f
0x0104a8a2
0x0104a8a2
0x0104a8a5
0x0104a8af
0x0104a8b3
0x0104a8b8
0x0104aa66
0x0104a8be
0x0104a8c5
0x0104a8c6
0x0104a8ce
0x01092328
0x01092332
0x01092337
0x01092337
0x0104a8ce
0x0104a8d4
0x0104a8d8
0x0104a8db
0x0104a8de
0x0104a8e1
0x0104a8e5
0x0104a8e8
0x0104a8f0
0x0104a8f3
0x0109234c
0x01092350
0x01092355
0x01092359
0x01092359
0x0104a8f9
0x0104a901
0x0104aae4
0x0104aae4
0x0104aaea
0x00000000
0x0104a907
0x0104a90a
0x0104a91d
0x0104a91d
0x00000000
0x0104a910
0x0104a910
0x0104a910
0x0104a914
0x0104a924
0x0104a924
0x0104a924
0x0104a924
0x0104a916
0x0104a91b
0x00000000
0x00000000
0x00000000
0x0104a91b
0x0104a925
0x0104a925
0x0104a932
0x0104a936
0x0104a93c
0x0104a93c
0x0104a93c
0x0104ab22
0x0104ab24
0x0104ab27
0x0104ab27
0x0104a942
0x0104a944
0x0104aaba
0x0104aabd
0x0104aac0
0x0104aac0
0x0104aac2
0x0104ab2f
0x0104aac4
0x0104aac4
0x0104aac7
0x0104aaca
0x0104aacc
0x0104aace
0x0104aace
0x0104aace
0x0104aad1
0x0104aad1
0x0104aad7
0x0104aad9
0x00000000
0x00000000
0x01092361
0x01092369
0x0109236b
0x00000000
0x01092371
0x00000000
0x01092371
0x00000000
0x0109236b
0x0104aac0
0x0104a94a
0x0104a94a
0x0104a94d
0x0104a94d
0x0104a950
0x0104a954
0x01092376
0x01092380
0x0104a95a
0x0104a95a
0x0104a95c
0x0104a95f
0x0104a961
0x0104a961
0x0104a967
0x0104a96a
0x0104a972
0x0104aa02
0x0104aa06
0x0104aa10
0x0104aa16
0x0104aa16
0x0104aa1b
0x0104aa21
0x0104aa24
0x0104aa27
0x0104aa29
0x0104aa2c
0x0104aa32
0x00000000
0x00000000
0x00000000
0x00000000
0x0104a978
0x0104a978
0x0104a97b
0x0104a981
0x0104a996
0x0104a998
0x0104a99f
0x0104a9a2
0x0109238a
0x0104a9a8
0x0104a9a8
0x0104a9a8
0x0104a9aa
0x0104a9ad
0x0104a9b0
0x0104a9bb
0x0104a9be
0x0104a9c7
0x0104a9c9
0x0104a9c9
0x0104a9cc
0x0104a9d1
0x0104aa6d
0x0104aa70
0x0104aa73
0x0104aa75
0x0104aa79
0x0104aa7e
0x0104aa82
0x0104aa8f
0x0104aa94
0x0104aa96
0x01092392
0x010923a1
0x010923a1
0x0104aa9c
0x0104aa9f
0x0104aaa2
0x0104aaa2
0x0104aaa8
0x0104aaab
0x0104aaaf
0x00000000
0x0104aab5
0x00000000
0x0104aab5
0x0104a9d7
0x0104a9d7
0x0104a9da
0x0104a9e0
0x0104a9e3
0x0104a9e6
0x0104a9e9
0x0104a9eb
0x0104a9fd
0x0104a9fd
0x00000000
0x0104a9eb
0x00000000
0x00000000
0x00000000
0x0104a983
0x0104a983
0x0104a983
0x0104a987
0x0104a995
0x0104a995
0x0104a995
0x0104a995
0x0104a989
0x0104a98e
0x00000000
0x0104a990
0x00000000
0x0104a990
0x0104a98e
0x00000000
0x0104a983
0x0104a972
0x0104a90a
0x0104aa34
0x0104aa34
0x0104aa40
0x0104aa43
0x0104aa46
0x0104aa4d
0x010923ab
0x010923b2
0x010923b8
0x010923be
0x010923c3
0x010923c5
0x010923cb
0x010923d1
0x010923d5
0x010923f6
0x010923fb
0x010923d7
0x010923ec
0x010923f1
0x01092403
0x01092408
0x01092410
0x01092417
0x01092422
0x01092422
0x01092417
0x010923c5
0x010923b2
0x00000000

Strings

((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 010922F3
ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 01092403
HEAP: , xrefs: 010922E6, 010923F6
HEAP[%wZ]: , xrefs: 010922D7, 010923E7

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
API String ID: 0-1657114761
Opcode ID: 0f3400ae1611709e838a0244aad55e03b223bf598dff3aec29bc25495af6d34c
Instruction ID: f080a50d2ac7fc4466a239f8b84eada6b2697240b1cc36197650dc56d3df9260
Opcode Fuzzy Hash: 0f3400ae1611709e838a0244aad55e03b223bf598dff3aec29bc25495af6d34c
Instruction Fuzzy Hash: 4FD1ADB4B40246DFEB19CF68C590BAABBF1FF48200F1585B9D9D69B342E334A945CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0104D1EF Relevance: 5.2, Strings: 4, Instructions: 211
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E0104D1EF(signed int __ecx) {
				signed int _v8;
				intOrPtr _v68;
				intOrPtr _v72;
				char _v76;
				char _v92;
				char _v100;
				char _v104;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t88;
				intOrPtr _t100;
				signed int _t121;
				void* _t122;
				signed char _t126;
				void* _t128;
				void* _t131;
				void* _t133;
				signed int _t136;
				signed int _t138;

				_t123 = __ecx;
				_t138 = (_t136 & 0xfffffff8) - 0x64;
				_t83 =  *0x111d360 ^ _t138;
				_v8 =  *0x111d360 ^ _t138;
				_t121 = __ecx;
				if(__ecx == 0) {
					L15:
					_pop(_t128);
					_pop(_t133);
					_pop(_t122);
					return E0106B640(_t83, _t122, _v8 ^ _t138, _t126, _t128, _t133);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v104 = 0;
					_v100 = 0;
					_t88 = E0106F380( *[fs:0x18] + 0x19c,  &_v104, 8);
					_t138 = _t138 + 0xc;
					if(_t88 != 0) {
						_push(8);
						_push( &_v104);
						_push(0x2c);
						_push(0xfffffffe);
						if(E010695B0() >= 0) {
							_t123 =  *[fs:0x18];
							 *((intOrPtr*)(_t123 + 0x19c)) = _v104;
							 *((intOrPtr*)(_t123 + 0x1a0)) = _v100;
						}
					}
					if(( *(_t121 + 0x28) & 0x00000001) != 0) {
						if(( *(_t121 + 0x38) & 0x00000001) == 0) {
							_t123 = _t121;
							L010420A0(_t121);
							 *(_t121 + 0x28) =  *(_t121 + 0x28) & 0x000000fe;
						}
					}
					if( *((intOrPtr*)(_t121 + 0x2c)) != 0) {
						if(( *(_t121 + 0x38) & 0x00000002) == 0) {
							E01023E80(0);
							 *((intOrPtr*)(_t121 + 0x2c)) = 0;
						}
					}
					_t83 =  *(_t121 + 0x48);
					if(_t83 != 0 && ( *(_t83 + 0x10c) & 0x00000001) == 0) {
						_t83 =  *[fs:0x18];
						_t131 = 0x50;
						if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) != 0) {
							if(( *(_t121 + 0x38) & 0x00000004) == 0) {
								E0106FA60( &_v92, 0, _t131);
								_t138 = _t138 + 0xc;
								_v72 =  *((intOrPtr*)(_t121 + 0x30));
								_v68 =  *((intOrPtr*)(_t121 + 0x34));
								_push( &_v92);
								_v92 = 0xc0000710;
								_v76 = 2;
								L0107DEF0(_t123, _t126);
								_push(4);
								_v100 = 0;
								_push( &_v100);
								_push(5);
								_push(0xfffffffe);
								_t83 = E010695B0();
							}
						}
						_t126 =  *(_t121 + 0x38);
						if((_t126 & 0x00000010) == 0 && E0104D8FC() != 0) {
							_push( *((intOrPtr*)(_t121 + 0x34)));
							E010B5720(0x54, 0, "ThreadPool: callback %p(%p) returned with a transaction uncleared\n",  *((intOrPtr*)(_t121 + 0x30)));
							E0106FA60( &_v92, 0, _t131);
							_t138 = _t138 + 0x20;
							_v92 = 0xc000071d;
							_v76 = 0;
							_push( &_v92);
							_t83 = L0107DEF0(_t123, _t126);
							_t126 =  *(_t121 + 0x38);
						}
						if((_t126 & 0x00000020) == 0) {
							_t123 =  *[fs:0x18];
							_t100 =  *((intOrPtr*)( *[fs:0x30] + 0xa0));
							_t83 =  *(_t100 + 0xc);
							if( *(_t100 + 0xc) ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
								_push( *((intOrPtr*)(_t121 + 0x34)));
								E010B5720(0x54, 0, "ThreadPool: callback %p(%p) returned with the loader lock held\n",  *((intOrPtr*)(_t121 + 0x30)));
								E0106FA60( &_v92, 0, _t131);
								_t138 = _t138 + 0x20;
								_v92 = 0xc000071e;
								_v76 = 0;
								_push( &_v92);
								_t83 = L0107DEF0(_t123, _t126);
								_t126 =  *(_t121 + 0x38);
							}
						}
						if((_t126 & 0x00000040) == 0) {
							_t83 =  *[fs:0x18];
							if( *((intOrPtr*)( *[fs:0x18] + 0xfb8)) != 0) {
								_push( *((intOrPtr*)(_t121 + 0x34)));
								E010B5720(0x54, 0, "ThreadPool: callback %p(%p) returned with preferred languages set\n",  *((intOrPtr*)(_t121 + 0x30)));
								E0106FA60( &_v92, 0, _t131);
								_t138 = _t138 + 0x20;
								_v92 = 0xc000071f;
								_v76 = 0;
								_push( &_v92);
								_t83 = L0107DEF0(_t123, _t126);
								_t126 =  *(_t121 + 0x38);
							}
						}
						if(_t126 >= 0) {
							_t83 =  *[fs:0x18];
							if( *((intOrPtr*)( *[fs:0x18] + 0xf88)) != 0) {
								_push( *((intOrPtr*)(_t121 + 0x34)));
								E010B5720(0x54, 0, "ThreadPool: callback %p(%p) returned with background priorities set\n",  *((intOrPtr*)(_t121 + 0x30)));
								E0106FA60( &_v92, 0, _t131);
								_t138 = _t138 + 0x20;
								_v92 = 0xc0000720;
								_v76 = 0;
								_push( &_v92);
								_t83 = L0107DEF0(_t123, _t126);
							}
						}
					}
					goto L15;
				}
			}

0x0104d1ef
0x0104d1f7
0x0104d1ff
0x0104d201
0x0104d206
0x0104d20c
0x0104d2f8
0x0104d2fc
0x0104d2fd
0x0104d2fe
0x0104d309
0x0104d212
0x0104d232
0x0104d239
0x0104d23a
0x0104d23b
0x0104d23e
0x0104d242
0x0104d246
0x0104d24b
0x0104d250
0x01093380
0x01093386
0x01093387
0x01093389
0x01093392
0x01093398
0x010933a3
0x010933ad
0x010933ad
0x01093392
0x0104d25a
0x010933bc
0x010933c2
0x010933c4
0x010933c9
0x010933c9
0x010933bc
0x0104d263
0x010933d6
0x010933dd
0x010933e2
0x010933e2
0x010933d6
0x0104d269
0x0104d26e
0x0104d27d
0x0104d285
0x0104d28c
0x010933ee
0x010933fb
0x01093403
0x01093406
0x0109340d
0x01093415
0x01093416
0x0109341e
0x01093426
0x0109342b
0x01093431
0x01093435
0x01093436
0x01093438
0x0109343a
0x0109343a
0x010933ee
0x0104d292
0x0104d298
0x01093444
0x01093452
0x01093461
0x01093466
0x01093469
0x01093475
0x01093479
0x0109347a
0x0109347f
0x0109347f
0x0104d2aa
0x0104d2b2
0x0104d2b9
0x0104d2bf
0x0104d2c5
0x01093487
0x01093495
0x010934a4
0x010934a9
0x010934ac
0x010934b8
0x010934bc
0x010934bd
0x010934c2
0x010934c2
0x0104d2c5
0x0104d2ce
0x0104d2d0
0x0104d2dc
0x010934ca
0x010934d8
0x010934e7
0x010934ec
0x010934ef
0x010934fb
0x010934ff
0x01093500
0x01093505
0x01093505
0x0104d2dc
0x0104d2e4
0x0104d2e6
0x0104d2f2
0x0109350d
0x0109351b
0x0109352a
0x0109352f
0x01093532
0x0109353e
0x01093542
0x01093543
0x01093543
0x0104d2f2
0x0104d2e4
0x00000000
0x0104d26e

Strings

ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 0109348D
ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 010934D0
ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 0109344A
ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01093513

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
API String ID: 0-1468400865
Opcode ID: cae1410e8142ff741401de549c40de5fb0ed7c3e895681bb47e635dfa1313b05
Instruction ID: 4c59a7c83fc4a323eabab6b6f3094b75038ae12a654f9988649bd20d5e0f9ac7
Opcode Fuzzy Hash: cae1410e8142ff741401de549c40de5fb0ed7c3e895681bb47e635dfa1313b05
Instruction Fuzzy Hash: B071D0B1904305AFCB61DF94C9C4B9B7BE8AF65760F4048A8F9C98B242D734D588CBD2

Uniqueness

Uniqueness Score: -1.00%

Function 0104A229 Relevance: 5.2, Strings: 4, Instructions: 183
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E0104A229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E0104DF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E01069730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E010EA80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E01069660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E0102B150();
					} else {
						E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E0102B150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E01047D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E010E138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E01047D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E01047D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E010E1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E01047D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E01047D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E010E1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E0107D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}

0x0104a229
0x0104a231
0x0104a23f
0x0104a242
0x0104a244
0x0104a24c
0x0104a255
0x0104a25a
0x0104a25f
0x01091c76
0x01091c78
0x01091c7e
0x01091c7f
0x01091c81
0x01091c82
0x01091c84
0x01091c89
0x01091c8b
0x01091c9e
0x01091c9e
0x01091cab
0x01091cb2
0x00000000
0x01091cb2
0x01091c8d
0x01091c92
0x00000000
0x00000000
0x01091c94
0x01091c98
0x00000000
0x00000000
0x00000000
0x01091c98
0x0104a265
0x0104a265
0x0104a266
0x0104a26f
0x0104a270
0x0104a276
0x0104a277
0x0104a279
0x0104a27e
0x0104a282
0x01091db5
0x01091dbb
0x01091dc1
0x01091dc5
0x01091de4
0x01091de9
0x01091dc7
0x01091ddc
0x01091de1
0x01091def
0x01091df3
0x01091df7
0x01091dfe
0x01091e06
0x0104a302
0x0104a308
0x0104a308
0x0104a288
0x0104a28d
0x0104a294
0x01091cc1
0x0104a29a
0x0104a29a
0x0104a29a
0x0104a29f
0x01091ccb
0x01091cd1
0x01091cd8
0x01091cea
0x01091cea
0x01091cd8
0x0104a2a9
0x0104a2af
0x0104a2bc
0x01091cfd
0x0104a2c2
0x0104a2c2
0x0104a2c2
0x0104a2c7
0x01091d07
0x01091d0d
0x01091d14
0x01091d1f
0x01091d21
0x01091d2c
0x01091d2c
0x01091d2c
0x01091d47
0x01091d47
0x01091d14
0x0104a2cd
0x0104a2d2
0x0104a2d9
0x01091d5a
0x0104a2df
0x0104a2df
0x0104a2df
0x0104a2e4
0x01091d69
0x01091d6b
0x01091d76
0x01091d76
0x01091d76
0x01091d91
0x01091d91
0x0104a2ea
0x0104a2f0
0x0104a2f5
0x01091da8
0x01091dad
0x01091dad
0x0104a2fd
0x0104a300
0x00000000

Strings

ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 01091DF9
`, xrefs: 01091C8D
HEAP: , xrefs: 01091DE4
HEAP[%wZ]: , xrefs: 01091DD7

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID: InitializeThunk
String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
API String ID: 2994545307-2586055223
Opcode ID: f2fb18876d2deea4467a4f7101dd12671641086403d1c9cf584ad8a43e660bd1
Instruction ID: ea409de8c7a19b1838066667c5b0b3642cd8bf99864de8b28d11462b32ff8ce2
Opcode Fuzzy Hash: f2fb18876d2deea4467a4f7101dd12671641086403d1c9cf584ad8a43e660bd1
Instruction Fuzzy Hash: A45115B23456829FE722EB68C994F6B77E8EB84760F0404A4F5D28B291D735D800DB61

Uniqueness

Uniqueness Score: -1.00%

Function 010E49A4 Relevance: 5.1, Strings: 4, Instructions: 114COMMON

Download Yara Rule

Strings

This is located in the %s field of the heap header., xrefs: 010E4AD6
Heap %p - headers modified (%p is %lx instead of %lx), xrefs: 010E4A61
HEAP: , xrefs: 010E4A4A, 010E4A5D, 010E4A5F, 010E4AC4
HEAP[%wZ]: , xrefs: 010E4A3D, 010E4AB7

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID: InitializeThunk
String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
API String ID: 2994545307-336120773
Opcode ID: 2d7637c42c9c17fb4f78c9a1726a145ad688ed02ad973debd970bc9e16319dfd
Instruction ID: ddd5d7067ae987561c7b4c4e2eed386c6f9ce0116b15a29962716ecd967896fc
Opcode Fuzzy Hash: 2d7637c42c9c17fb4f78c9a1726a145ad688ed02ad973debd970bc9e16319dfd
Instruction Fuzzy Hash: 05310131200115EFD322DB9AC88DFAA77E9EF44630F2841A9F585DB281D671E884CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0102751A Relevance: 5.1, Strings: 4, Instructions: 101COMMON

Download Yara Rule

Strings

VirtualQuery Failed 0x%p %x, xrefs: 0108284E
VirtualProtect Failed 0x%p %x, xrefs: 01082811
HEAP: , xrefs: 01082804, 01082841
HEAP[%wZ]: , xrefs: 010827F7, 01082834

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
API String ID: 0-1391187441
Opcode ID: 0f679aaaa84e4247c83876b0adbf4f91f6f44f3207b664994b3439bd1afde66c
Instruction ID: b27cbaf2d82197f0974a524ef2d559a8abb6bd27371b5e05bbd2d868c32e2f1f
Opcode Fuzzy Hash: 0f679aaaa84e4247c83876b0adbf4f91f6f44f3207b664994b3439bd1afde66c
Instruction Fuzzy Hash: 2431C532901165EFDB11EB99C884FAEBBF9EB44630F5440A5F994AB291D7B0E940CA60

Uniqueness

Uniqueness Score: -1.00%

Function 010E3518 Relevance: 5.1, Strings: 4, Instructions: 55
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E010E3518(signed int* __ecx) {
				char _v8;
				void* _t11;
				signed int* _t34;

				_push(__ecx);
				_t34 = __ecx;
				if(__ecx !=  *((intOrPtr*)( *[fs:0x30] + 0x18))) {
					if(E010240E1("RtlDestroyHeap") == 0 || E010E4496(__ecx, 0) == 0) {
						goto L5;
					} else {
						_t32 = __ecx + 0x80;
						 *((intOrPtr*)(__ecx + 0x60)) = 0;
						if( *((intOrPtr*)(__ecx + 0x80)) != 0) {
							_v8 = 0;
							E0105174B(_t32,  &_v8, 0x8000);
						}
						_t11 = 1;
					}
				} else {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0102B150();
					} else {
						E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0102B150("May not destroy the process heap at %p\n", _t34);
					L5:
					_t11 = 0;
				}
				return _t11;
			}

0x010e351d
0x010e3525
0x010e352a
0x010e357d
0x00000000
0x010e358c
0x010e358e
0x010e3594
0x010e3599
0x010e359b
0x010e35a7
0x010e35a7
0x010e35ac
0x010e35ac
0x010e352c
0x010e3536
0x010e3555
0x010e355a
0x010e3538
0x010e354d
0x010e3552
0x010e3566
0x010e356d
0x010e356d
0x010e356d
0x010e35b2

Strings

RtlDestroyHeap, xrefs: 010E3571
HEAP: , xrefs: 010E3555
HEAP[%wZ]: , xrefs: 010E3548
May not destroy the process heap at %p, xrefs: 010E3561

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $May not destroy the process heap at %p$RtlDestroyHeap
API String ID: 0-4256168463
Opcode ID: c2339fe99becfdaacfe1400155cfa2d8fc77cdcbf8830b6d8cbb3b2e2722e886
Instruction ID: cde31874e3fc5b295e12dcefd2ea04bbd60b2e314cd56ea1e5a02eb583f70291
Opcode Fuzzy Hash: c2339fe99becfdaacfe1400155cfa2d8fc77cdcbf8830b6d8cbb3b2e2722e886
Instruction Fuzzy Hash: 290149331102059FCB61EB6EC448BD67BE9FF81620F108495E4C69F341DA75E844CB50

Uniqueness

Uniqueness Score: -1.00%

Function 010499BF Relevance: 4.3, Strings: 3, Instructions: 572
COMMONCrypto

Download Yara Rule

C-Code - Quality: 78%

			E010499BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E010DFA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E010EA80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E0107D540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E0102B150();
										} else {
											E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E0102B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x1116378 = 1;
											asm("int3");
											 *0x1116378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E0104A229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E0104A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E0104BC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E010EA80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E0104A229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E0104A309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E0107D540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E0102B150();
								} else {
									E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E0102B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x1116378 = 1;
									asm("int3");
									 *0x1116378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E010DFA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E010EA80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E0107D540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E0102B150();
													} else {
														E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E0102B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x1116378 = 1;
														asm("int3");
														 *0x1116378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E0104A229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E0104A309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E0104BC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E010EA80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E0107D540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E0102B150();
													} else {
														E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E0102B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x1116378 = 1;
														asm("int3");
														 *0x1116378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E0104A229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E0104A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E0104BC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E0104BC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}

0x010499ca
0x010499cc
0x010499df
0x010499e3
0x010499f8
0x010499fb
0x010499fb
0x00000000
0x01049a48
0x01049a48
0x01049a4c
0x01049a51
0x01049a55
0x01049a61
0x01049a66
0x01049a68
0x01091457
0x0109145c
0x0109145c
0x01049a68
0x01049a6e
0x01049a71
0x01049a74
0x01049a76
0x01091466
0x01091469
0x01091469
0x0109146c
0x0109146e
0x01091471
0x01091474
0x01091477
0x01091479
0x0109159c
0x0109159c
0x0109159d
0x010915a6
0x010915ab
0x010915ab
0x00000000
0x010915ab
0x0109147f
0x01091481
0x00000000
0x00000000
0x0109148a
0x0109148d
0x01091493
0x01091495
0x010914c0
0x010914c0
0x010914c3
0x010914c6
0x010914c8
0x010914cb
0x010914cf
0x010914f2
0x010914f2
0x010914f5
0x010914f8
0x01091501
0x01091508
0x0109150b
0x0109150e
0x01091510
0x01091513
0x01091515
0x01091515
0x01091518
0x01091518
0x01091513
0x01091521
0x01091525
0x0109152a
0x0109152d
0x01091530
0x01091532
0x01091539
0x0109153d
0x0109155d
0x01091562
0x0109153f
0x01091555
0x0109155a
0x01091570
0x01091577
0x0109157c
0x01091582
0x01091585
0x01091589
0x0109158b
0x01091592
0x01091593
0x01091593
0x01091589
0x01091530
0x00000000
0x010914f8
0x010914d5
0x010914da
0x010914dc
0x00000000
0x010914de
0x010914e8
0x00000000
0x010914e8
0x01091497
0x01091497
0x010914a4
0x010914a4
0x010914a7
0x010914a9
0x010914ab
0x010914ab
0x0109149c
0x0109149e
0x010914a0
0x010914b0
0x010914b0
0x00000000
0x010914a2
0x010914a2
0x00000000
0x010914a2
0x010914a0
0x010914b3
0x010914bb
0x00000000
0x010914bb
0x01091495
0x01049a7c
0x01049a7c
0x01049a7f
0x01049a7f
0x01049a82
0x01049a84
0x01049a87
0x01049a8a
0x01049a8d
0x01049a8f
0x0109166a
0x0109166a
0x0109166b
0x01091674
0x00000000
0x01091674
0x01049a95
0x01049a97
0x00000000
0x00000000
0x01049aa0
0x01049aa3
0x01049aa9
0x01049aab
0x01049ad7
0x01049ad7
0x01049ada
0x01049add
0x01049adf
0x01049ae2
0x01049ae6
0x01049b22
0x01049b27
0x01049b29
0x00000000
0x01049b2b
0x010915be
0x00000000
0x010915be
0x01049b29
0x01049ae8
0x01049ae8
0x01049aeb
0x01049aee
0x010915cb
0x010915d2
0x010915d5
0x010915d7
0x010915da
0x010915dc
0x010915dc
0x010915dc
0x010915da
0x010915e5
0x010915e9
0x010915ee
0x010915f1
0x010915f3
0x010915f9
0x01091600
0x01091604
0x01091624
0x01091629
0x01091606
0x0109161c
0x01091621
0x01091637
0x0109163e
0x01091643
0x01091649
0x0109164c
0x01091650
0x01091656
0x0109165d
0x0109165e
0x0109165e
0x01091650
0x010915f3
0x01049af4
0x01049af7
0x01049afc
0x01049b00
0x01049b04
0x01049b08
0x01049b14
0x010499fe
0x01049a04
0x01049a07
0x00000000
0x01049a29
0x0109169c
0x010916a0
0x010916a5
0x010916a9
0x010916b5
0x010916ba
0x010916bc
0x010916be
0x010916c3
0x010916c3
0x010916bc
0x010916c8
0x010916cc
0x0109181b
0x0109181b
0x0109181e
0x0109181e
0x01091821
0x01091823
0x01091826
0x01091829
0x0109182c
0x0109182e
0x01091688
0x01091688
0x01091689
0x0109168b
0x0109168c
0x0109168d
0x0109168f
0x01091692
0x00000000
0x01091692
0x01091834
0x01091836
0x00000000
0x00000000
0x0109183f
0x01091842
0x01091848
0x0109184a
0x01091875
0x01091875
0x01091878
0x0109187b
0x0109187d
0x01091880
0x01091884
0x010918a7
0x010918a7
0x010918aa
0x010918ad
0x010918b6
0x010918bd
0x010918c0
0x010918c3
0x010918c5
0x010918c8
0x010918ca
0x010918ca
0x010918cd
0x010918cd
0x010918c8
0x010918d5
0x010918da
0x010918df
0x010918e2
0x010918e5
0x010918e7
0x010918ee
0x010918f2
0x01091912
0x01091917
0x010918f4
0x0109190a
0x0109190f
0x01091925
0x0109192c
0x01091931
0x0109193a
0x0109193e
0x01091940
0x01091947
0x01091948
0x01091948
0x0109193e
0x010918e5
0x0109194f
0x01091952
0x01091956
0x0109195d
0x01091961
0x0109196d
0x00000000
0x0109196d
0x0109188a
0x0109188f
0x01091891
0x00000000
0x00000000
0x0109189d
0x00000000
0x0109189d
0x0109184c
0x01091859
0x01091859
0x0109185c
0x00000000
0x00000000
0x01091851
0x01091853
0x01091855
0x01091865
0x01091865
0x01091866
0x01091868
0x01091870
0x00000000
0x01091870
0x01091857
0x01091857
0x0109185e
0x00000000
0x010916d2
0x010916d2
0x010916d5
0x010916d5
0x010916d8
0x010916da
0x010916dd
0x010916e0
0x010916e3
0x010916e5
0x01091808
0x01091808
0x01091809
0x01091812
0x01091817
0x01091817
0x00000000
0x01091817
0x010916eb
0x010916ed
0x00000000
0x00000000
0x010916f6
0x010916f9
0x010916ff
0x01091701
0x0109172c
0x0109172c
0x0109172f
0x01091732
0x01091734
0x01091737
0x0109173b
0x0109175e
0x0109175e
0x01091761
0x01091764
0x0109176d
0x01091774
0x01091777
0x0109177a
0x0109177c
0x0109177f
0x01091781
0x01091781
0x01091784
0x01091784
0x0109177f
0x0109178c
0x01091791
0x01091796
0x01091799
0x0109179c
0x0109179e
0x010917a5
0x010917a9
0x010917c9
0x010917ce
0x010917ab
0x010917c1
0x010917c6
0x010917dc
0x010917e3
0x010917e8
0x010917ee
0x010917f1
0x010917f5
0x010917f7
0x010917fe
0x010917ff
0x010917ff
0x010917f5
0x0109179c
0x00000000
0x01091764
0x01091741
0x01091746
0x01091748
0x00000000
0x00000000
0x01091754
0x00000000
0x01091754
0x01091703
0x01091710
0x01091710
0x01091713
0x00000000
0x00000000
0x01091708
0x0109170a
0x0109170c
0x0109171c
0x0109171c
0x0109171d
0x0109171f
0x01091727
0x00000000
0x01091727
0x0109170e
0x0109170e
0x01091715
0x00000000
0x01091715
0x010916cc
0x01049a45
0x01049a45
0x01049a0e
0x01049a1c
0x01049a23
0x0109167e
0x0109167f
0x01091681
0x01091683
0x01091684
0x00000000
0x01091684
0x00000000
0x01049aad
0x01049aad
0x01049ab0
0x01049ab3
0x01049ab3
0x01049ab6
0x00000000
0x00000000
0x01049ab8
0x01049aba
0x01049abc
0x01049ac8
0x01049ac8
0x00000000
0x01049abe
0x01049abe
0x01049ac0
0x00000000
0x01049ac0
0x01049abc
0x01049ad2
0x00000000
0x01049ad2
0x01049aab

Strings

HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01091572, 01091639, 010917DE, 01091927
HEAP: , xrefs: 0109155D, 01091624, 010917C9, 01091912
HEAP[%wZ]: , xrefs: 01091550, 01091617, 010917BC, 01091905

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: ac9cd29101b9453885029c43ad358c0900c7a0f4fa7244d48a531b819e881d63
Instruction ID: bad787992899f96d32d78a5c69c4fa988b8b763285d6002e4b76fe5e73bc576a
Opcode Fuzzy Hash: ac9cd29101b9453885029c43ad358c0900c7a0f4fa7244d48a531b819e881d63
Instruction Fuzzy Hash: 3022E2707002469FEB25CF2DC4A4B7ABBF5EF49714F1885A9E4C68B282D771D881CB50

Uniqueness

Uniqueness Score: -1.00%

Function 010362A0 Relevance: 4.0, Strings: 3, Instructions: 291
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E010362A0(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				short _t93;
				short _t94;
				signed char* _t98;
				signed int _t99;
				signed char* _t100;
				signed int _t102;
				signed char* _t106;
				signed int _t107;
				signed char* _t108;
				signed int _t118;
				void* _t122;
				void* _t124;
				void* _t126;
				void* _t128;
				void* _t130;
				void* _t132;
				void* _t134;
				void* _t136;
				signed int _t137;
				signed int _t138;
				signed int _t139;
				signed int _t140;
				signed int _t141;
				signed int _t143;
				short _t148;
				intOrPtr _t156;
				intOrPtr _t157;
				intOrPtr _t158;
				intOrPtr _t159;
				intOrPtr _t160;
				intOrPtr _t161;
				intOrPtr _t162;
				intOrPtr _t163;
				signed int _t173;
				intOrPtr _t178;
				void* _t179;
				void* _t180;
				void* _t181;
				void* _t182;
				signed int _t187;
				signed int _t192;
				signed int _t193;
				signed int _t195;
				void* _t196;

				_push(0x44);
				_push(0x10ff958);
				E0107D0E8(__ebx, __edi, __esi);
				 *(_t196 - 0x34) =  *(_t196 + 8);
				 *(_t196 - 0x3c) =  *(_t196 + 0x10);
				 *((intOrPtr*)(_t196 - 0x28)) = L"MUI";
				 *((intOrPtr*)(_t196 - 0x24)) = 1;
				 *((intOrPtr*)(_t196 - 0x20)) = 0;
				 *(_t196 - 0x38) =  *(_t196 + 0xc);
				 *(_t196 - 0x30) = 0;
				_t148 = 0x2e;
				 *((short*)(_t196 - 0x4c)) = _t148;
				_t93 = 0x30;
				 *((short*)(_t196 - 0x4a)) = _t93;
				 *(_t196 - 0x48) = L"LdrResGetRCConfig Enter";
				_t94 = 0x2c;
				 *((short*)(_t196 - 0x54)) = _t94;
				 *((short*)(_t196 - 0x52)) = _t148;
				 *(_t196 - 0x50) = L"LdrResGetRCConfig Exit";
				_t187 =  *(_t196 + 0x14) & 0x00002000;
				asm("sbb esi, esi");
				_t192 = ( ~_t187 & 0x00001000) + 0x1030;
				if(E01047D50() != 0) {
					_t98 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
				} else {
					_t98 = 0x7ffe0385;
				}
				if(( *_t98 & 0x00000001) != 0) {
					_t99 = E01047D50();
					__eflags = _t99;
					if(_t99 == 0) {
						_t100 = 0x7ffe0384;
					} else {
						_t100 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					E010B6715(_t196 - 0x4c,  *_t100 & 0x000000ff);
				}
				_t102 =  *(_t196 - 0x34);
				if(_t102 == 0) {
					_t193 = 0xc000000d;
					goto L7;
				} else {
					if( *((intOrPtr*)(_t196 + 0x18)) == 0) {
						L17:
						__eflags =  *(_t196 + 0xc);
						if(__eflags == 0) {
							__eflags = _t187;
							if(__eflags != 0) {
								goto L18;
							}
							_push(0);
							_push( *(_t196 + 0x14));
							_push(_t196 - 0x38);
							_push(_t102);
							__eflags = E010584E0(0, _t187, _t192, __eflags);
							if(__eflags >= 0) {
								goto L18;
							}
							L12:
							return E0107D130(0, _t187, _t193);
						}
						L18:
						_t195 = E0105701D(0,  *(_t196 - 0x34),  *(_t196 - 0x38), _t187, _t192 | 0x00200000, __eflags, _t192 | 0x00200000, _t196 - 0x28, 3, _t196 - 0x30, _t196 - 0x40, 0, 0);
						 *(_t196 - 0x2c) = _t195;
						__eflags = _t195;
						if(_t195 >= 0) {
							 *((intOrPtr*)(_t196 - 4)) = 0;
							__eflags = _t187;
							_t187 =  *(_t196 - 0x30);
							if(__eflags != 0) {
								L55:
								 *((intOrPtr*)(_t196 - 4)) = 0xfffffffe;
								_t118 =  *(_t196 - 0x3c);
								__eflags = _t118;
								if(_t118 != 0) {
									 *_t118 = _t187;
								}
								_t193 = 0;
								 *(_t196 - 0x2c) = 0;
								L23:
								__eflags =  *((char*)(_t196 + 0x18));
								if( *((char*)(_t196 + 0x18)) != 0) {
									__eflags = _t187;
									if(__eflags == 0) {
										_t187 = _t187 | 0xffffffff;
										__eflags = _t187;
									}
									_push(0);
									_push(_t193);
									_push(2);
									_push(0);
									_push(_t187);
									_push(0);
									E0105DA88(0,  *(_t196 - 0x34), 0, _t187, _t193, __eflags);
								}
								L8:
								if(E01047D50() != 0) {
									_t106 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
									_t193 =  *(_t196 - 0x2c);
								} else {
									_t106 = 0x7ffe0385;
								}
								if(( *_t106 & 0x00000001) != 0) {
									_t107 = E01047D50();
									__eflags = _t107;
									if(_t107 == 0) {
										_t108 = 0x7ffe0384;
									} else {
										_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
										_t193 =  *(_t196 - 0x2c);
									}
									E010B6715(_t196 - 0x54,  *_t108 & 0x000000ff);
								}
								goto L12;
							}
							_t178 =  *((intOrPtr*)(_t187 + 4));
							__eflags = _t178 + _t187 - ( *(_t196 - 0x34) & 0xfffffffc) +  *(_t196 - 0x38);
							if(_t178 + _t187 > ( *(_t196 - 0x34) & 0xfffffffc) +  *(_t196 - 0x38)) {
								_t193 = 0xc000007b;
								 *(_t196 - 0x2c) = 0xc000007b;
								L61:
								 *((intOrPtr*)(_t196 - 4)) = 0xfffffffe;
								L21:
								__eflags = _t193;
								if(_t193 < 0) {
									_t187 = 0;
								}
								goto L23;
							}
							_t193 = 0xc00b0003;
							 *(_t196 - 0x2c) = 0xc00b0003;
							_t156 =  *((intOrPtr*)(_t187 + 0x44));
							_t122 =  *((intOrPtr*)(_t187 + 0x48)) + _t156;
							__eflags = _t122 - _t178;
							if(_t122 > _t178) {
								goto L61;
							}
							__eflags = _t122 - _t156;
							if(_t122 < _t156) {
								goto L61;
							}
							_t157 =  *((intOrPtr*)(_t187 + 0x4c));
							_t124 =  *((intOrPtr*)(_t187 + 0x50)) + _t157;
							__eflags = _t124 - _t178;
							if(_t124 > _t178) {
								goto L61;
							}
							__eflags = _t124 - _t157;
							if(_t124 < _t157) {
								goto L61;
							}
							_t158 =  *((intOrPtr*)(_t187 + 0x54));
							_t126 =  *((intOrPtr*)(_t187 + 0x58)) + _t158;
							__eflags = _t126 - _t178;
							if(_t126 > _t178) {
								goto L61;
							}
							__eflags = _t126 - _t158;
							if(_t126 < _t158) {
								goto L61;
							}
							_t159 =  *((intOrPtr*)(_t187 + 0x5c));
							_t128 =  *((intOrPtr*)(_t187 + 0x60)) + _t159;
							__eflags = _t128 - _t178;
							if(_t128 > _t178) {
								goto L61;
							}
							__eflags = _t128 - _t159;
							if(_t128 < _t159) {
								goto L61;
							}
							_t160 =  *((intOrPtr*)(_t187 + 0x64));
							_t130 =  *((intOrPtr*)(_t187 + 0x68)) + _t160;
							__eflags = _t130 - _t178;
							if(_t130 > _t178) {
								goto L61;
							}
							__eflags = _t130 - _t160;
							if(_t130 < _t160) {
								goto L61;
							}
							_t161 =  *((intOrPtr*)(_t187 + 0x6c));
							_t132 =  *((intOrPtr*)(_t187 + 0x70)) + _t161;
							__eflags = _t132 - _t178;
							if(_t132 > _t178) {
								goto L61;
							}
							__eflags = _t132 - _t161;
							if(_t132 < _t161) {
								goto L61;
							}
							_t162 =  *((intOrPtr*)(_t187 + 0x74));
							_t134 =  *((intOrPtr*)(_t187 + 0x78)) + _t162;
							__eflags = _t134 - _t178;
							if(_t134 > _t178) {
								goto L61;
							}
							__eflags = _t134 - _t162;
							if(_t134 < _t162) {
								goto L61;
							}
							_t163 =  *((intOrPtr*)(_t187 + 0x7c));
							_t136 =  *((intOrPtr*)(_t187 + 0x80)) + _t163;
							__eflags = _t136 - _t178;
							if(_t136 > _t178) {
								goto L61;
							}
							__eflags = _t136 - _t163;
							if(_t136 < _t163) {
								goto L61;
							}
							__eflags =  *_t187 - 0xfecdfecd;
							if( *_t187 != 0xfecdfecd) {
								goto L61;
							}
							__eflags = _t178 -  *((intOrPtr*)(_t196 - 0x40));
							if(_t178 !=  *((intOrPtr*)(_t196 - 0x40))) {
								goto L61;
							}
							__eflags =  *((intOrPtr*)(_t187 + 8)) - 0x10000;
							if( *((intOrPtr*)(_t187 + 8)) != 0x10000) {
								goto L61;
							}
							_t164 =  *(_t187 + 0xc);
							__eflags =  *(_t187 + 0xc);
							if( *(_t187 + 0xc) != 0) {
								_t179 = 7;
								_t137 = E010295C8(_t164, _t179);
								__eflags = _t137;
								if(_t137 == 0) {
									goto L61;
								}
							}
							_t180 = 3;
							_t138 = E010295C8( *(_t187 + 0x10) & 0xffffffcf, _t180);
							__eflags = _t138;
							if(_t138 == 0) {
								goto L61;
							}
							_t181 = 0x30;
							_t139 = E010295C8( *(_t187 + 0x10) & 0xfffffffc, _t181);
							__eflags = _t139;
							if(_t139 == 0) {
								goto L61;
							}
							__eflags =  *(_t187 + 0x10) & 0x00000001;
							if(( *(_t187 + 0x10) & 0x00000001) == 0) {
								L54:
								 *(_t196 - 0x2c) = 0;
								goto L55;
							}
							_t182 = 3;
							_t140 = E010295C8( *((intOrPtr*)(_t187 + 0x18)), _t182);
							__eflags = _t140;
							if(_t140 == 0) {
								goto L61;
							}
							_t170 =  *(_t187 + 0x14);
							__eflags =  *(_t187 + 0x14);
							if( *(_t187 + 0x14) != 0) {
								_t141 = E010295C8(_t170, 0x100);
								__eflags = _t141;
								if(_t141 == 0) {
									goto L61;
								}
							}
							goto L54;
						}
						_t187 =  *(_t196 - 0x30);
						__eflags = _t195 - 0xc000007b;
						if(_t195 != 0xc000007b) {
							_t193 = 0xc000008a;
							 *(_t196 - 0x2c) = 0xc000008a;
						}
						goto L21;
					}
					_t143 = E0103D1D0(_t102, 0, 0, 8);
					 *(_t196 - 0x30) = _t143;
					if(_t143 != 0xffffffff) {
						__eflags = _t143;
						if(_t143 == 0) {
							_t102 =  *(_t196 - 0x34);
							goto L17;
						}
						_t193 = 0;
						 *(_t196 - 0x2c) = 0;
						_t173 =  *(_t196 - 0x3c);
						__eflags = _t173;
						if(_t173 != 0) {
							 *_t173 = _t143;
						}
					} else {
						_t193 = 0xc000008a;
						L7:
						 *(_t196 - 0x2c) = _t193;
					}
					goto L8;
				}
			}

0x010362a0
0x010362a2
0x010362a7
0x010362af
0x010362b5
0x010362b8
0x010362bf
0x010362c8
0x010362ce
0x010362d1
0x010362d6
0x010362d7
0x010362dd
0x010362de
0x010362e2
0x010362eb
0x010362ec
0x010362f0
0x010362f4
0x010362fe
0x01036308
0x01036310
0x0103631d
0x0108903d
0x01036323
0x01036323
0x01036323
0x0103632b
0x01089047
0x0108904c
0x0108904e
0x01089060
0x01089050
0x01089059
0x01089059
0x0108906b
0x0108906b
0x01036331
0x01036336
0x01089075
0x00000000
0x0103633c
0x0103633f
0x01036399
0x01036399
0x0103639c
0x0103658b
0x0103658d
0x00000000
0x00000000
0x01036593
0x01036594
0x0103659a
0x0103659b
0x010365a1
0x010365a3
0x00000000
0x00000000
0x0103637a
0x0103637f
0x0103637f
0x010363a2
0x010363c4
0x010363c6
0x010363c9
0x010363cb
0x0103640d
0x01036410
0x01036412
0x01036415
0x01036571
0x01036571
0x01036578
0x0103657b
0x0103657d
0x0103657f
0x0103657f
0x01036581
0x01036583
0x010363e6
0x010363e6
0x010363ea
0x010363f0
0x010363f2
0x010363f4
0x010363f4
0x010363f4
0x010363f7
0x010363f8
0x010363f9
0x010363fb
0x010363fc
0x010363fd
0x01036403
0x01036403
0x0103635d
0x01036364
0x010890db
0x010890e0
0x0103636a
0x0103636a
0x0103636a
0x01036372
0x010890e8
0x010890ed
0x010890ef
0x01089104
0x010890f1
0x010890fa
0x010890ff
0x010890ff
0x0108910f
0x0108910f
0x00000000
0x01036378
0x0103641b
0x0103642a
0x0103642c
0x0108907f
0x01089084
0x010365ae
0x010365ae
0x010363e0
0x010363e0
0x010363e2
0x010363e4
0x010363e4
0x00000000
0x010363e2
0x01036432
0x01036437
0x0103643a
0x01036440
0x01036442
0x01036444
0x00000000
0x00000000
0x0103644a
0x0103644c
0x00000000
0x00000000
0x01036452
0x01036458
0x0103645a
0x0103645c
0x00000000
0x00000000
0x01036462
0x01036464
0x00000000
0x00000000
0x0103646a
0x01036470
0x01036472
0x01036474
0x00000000
0x00000000
0x0103647a
0x0103647c
0x00000000
0x00000000
0x01036482
0x01036488
0x0103648a
0x0103648c
0x00000000
0x00000000
0x01036492
0x01036494
0x00000000
0x00000000
0x0103649a
0x010364a0
0x010364a2
0x010364a4
0x00000000
0x00000000
0x010364aa
0x010364ac
0x00000000
0x00000000
0x010364b2
0x010364b8
0x010364ba
0x010364bc
0x00000000
0x00000000
0x010364c2
0x010364c4
0x00000000
0x00000000
0x010364ca
0x010364d0
0x010364d2
0x010364d4
0x00000000
0x00000000
0x010364da
0x010364dc
0x00000000
0x00000000
0x010364e2
0x010364eb
0x010364ed
0x010364ef
0x00000000
0x00000000
0x010364f5
0x010364f7
0x00000000
0x00000000
0x010364fd
0x01036503
0x00000000
0x00000000
0x01036509
0x0103650c
0x00000000
0x00000000
0x01036512
0x01036519
0x00000000
0x00000000
0x0103651f
0x01036522
0x01036524
0x0108908e
0x0108908f
0x01089094
0x01089096
0x00000000
0x00000000
0x0108909c
0x01036532
0x01036533
0x01036538
0x0103653a
0x00000000
0x00000000
0x01036544
0x01036545
0x0103654a
0x0103654c
0x00000000
0x00000000
0x0103654e
0x01036552
0x0103656e
0x0103656e
0x00000000
0x0103656e
0x01036556
0x0103655a
0x0103655f
0x01036561
0x00000000
0x00000000
0x01036563
0x01036566
0x01036568
0x010890a6
0x010890ab
0x010890ad
0x00000000
0x00000000
0x010890b3
0x00000000
0x01036568
0x010363cd
0x010363d0
0x010363d6
0x010363d8
0x010363dd
0x010363dd
0x00000000
0x010363d6
0x01036348
0x0103634d
0x01036353
0x01036382
0x01036384
0x01036396
0x00000000
0x01036396
0x01036386
0x01036388
0x0103638b
0x0103638e
0x01036390
0x01036392
0x01036392
0x01036355
0x01036355
0x0103635a
0x0103635a
0x0103635a
0x00000000
0x01036353

Strings

MUI, xrefs: 010362B8, 010363B7
LdrResGetRCConfig Exit, xrefs: 010362F4
LdrResGetRCConfig Enter, xrefs: 010362E2

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
API String ID: 0-1145731471
Opcode ID: 4344fe27541024b06f66cbce198853cfc3b926b2901c39b801c2ec18d94e4537
Instruction ID: 4c183e8899688f17c8130e7c76225dcc089ceae0ced59871fc53f13fd0a73b33
Opcode Fuzzy Hash: 4344fe27541024b06f66cbce198853cfc3b926b2901c39b801c2ec18d94e4537
Instruction Fuzzy Hash: D8B1C671E00615AFDF16DFA8C880BACB7B9BF84314F148169E991EB394D732D950CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01028239 Relevance: 4.0, Strings: 3, Instructions: 233
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E01028239(signed int* __ecx, char* __edx, signed int _a4) {
				signed int _v12;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				char _v560;
				signed int _v564;
				intOrPtr _v568;
				char _v572;
				intOrPtr _v576;
				short _v578;
				char _v580;
				signed int _v584;
				intOrPtr _v586;
				char _v588;
				char* _v592;
				intOrPtr _v596;
				intOrPtr _v600;
				char* _v604;
				signed int* _v608;
				intOrPtr _v612;
				short _v614;
				char _v616;
				signed int _v620;
				signed int _v624;
				intOrPtr _v628;
				char* _v632;
				signed int _v636;
				char _v640;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t94;
				char* _t99;
				intOrPtr _t118;
				intOrPtr _t122;
				intOrPtr _t125;
				short _t126;
				signed int* _t137;
				intOrPtr _t138;
				intOrPtr _t143;
				intOrPtr _t145;
				intOrPtr _t148;
				signed int _t150;
				signed int _t151;
				void* _t152;
				signed int _t154;

				_t149 = __edx;
				_v12 =  *0x111d360 ^ _t154;
				_v564 = _v564 & 0x00000000;
				_t151 = _a4;
				_t137 = __ecx;
				_v604 = __edx;
				_v608 = __ecx;
				_t150 = 0;
				_v568 = 0x220;
				_v592 =  &_v560;
				if(E01036D30( &_v580, L"UseFilter") < 0) {
					L4:
					return E0106B640(_t89, _t137, _v12 ^ _t154, _t149, _t150, _t151);
				}
				_push( &_v572);
				_push(0x220);
				_push( &_v560);
				_push(2);
				_push( &_v580);
				_push( *_t137);
				_t89 = E01069650();
				if(_t89 >= 0) {
					if(_v556 != 4 || _v552 != 4 || _v548 == 0) {
						L3:
						_t89 = 0;
					} else {
						_t94 =  *_t151;
						_t151 =  *(_t151 + 4);
						_v588 = _t94;
						_v584 = _t151;
						if(E01036D30( &_v580, L"\\??\\") < 0) {
							goto L4;
						}
						if(E0103AA20( &_v560,  &_v580,  &_v588, 1) != 0) {
							_v588 = _v588 + 0xfff8;
							_v586 = _v586 + 0xfff8;
							_v584 = _t151 + 8;
						}
						_t99 =  &_v560;
						_t143 = 0;
						_v596 = _t99;
						_v600 = 0;
						do {
							_t149 =  &_v572;
							_push( &_v572);
							_push(_v568);
							_push(_t99);
							_push(0);
							_push(_t143);
							_push( *_t137);
							_t151 = E01069820();
							if(_t151 < 0) {
								goto L37;
							}
							_t145 = _v596;
							_v580 =  *((intOrPtr*)(_t145 + 0xc));
							_v624 = _v624 & 0x00000000;
							_v620 = _v620 & 0x00000000;
							_v578 =  *((intOrPtr*)(_t145 + 0xc));
							_v576 = _t145 + 0x10;
							_v636 =  *_t137;
							_v632 =  &_v580;
							_push( &_v640);
							_push(_v604);
							_v640 = 0x18;
							_push( &_v564);
							_v628 = 0x240;
							_t151 = E01069600();
							if(_t151 < 0) {
								goto L37;
							}
							_t151 = E01036D30( &_v580, L"FilterFullPath");
							if(_t151 < 0) {
								L36:
								_push(_v564);
								E010695D0();
								goto L37;
							}
							_t138 = _v592;
							_t118 = _v568;
							do {
								_push( &_v572);
								_push(_t118);
								_push(_t138);
								_push(2);
								_push( &_v580);
								_push(_v564);
								_t152 = E01069650();
								if(_t152 == 0x80000005 || _t152 == 0xc0000023) {
									if(_t150 != 0) {
										L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t150);
									}
									_t147 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
									if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
										_t122 =  *0x1117b9c; // 0x0
										_t150 = E01044620(_t147, _t147, _t122 + 0x180000, _v572);
										if(_t150 == 0) {
											goto L25;
										}
										_t118 = _v572;
										_t138 = _t150;
										_v596 = _t150;
										_v568 = _t118;
										goto L27;
									} else {
										_t150 = 0;
										L25:
										_t151 = 0xc0000017;
										goto L26;
									}
								} else {
									L26:
									_t118 = _v568;
								}
								L27:
							} while (_t151 == 0x80000005 || _t151 == 0xc0000023);
							_v592 = _t138;
							_t137 = _v608;
							if(_t151 >= 0) {
								_t148 = _v592;
								if( *((intOrPtr*)(_t148 + 4)) != 1) {
									goto L36;
								}
								_t125 =  *((intOrPtr*)(_t148 + 8));
								if(_t125 > 0xfffe) {
									goto L36;
								}
								_t126 = _t125 + 0xfffffffe;
								_v616 = _t126;
								_v614 = _t126;
								_v612 = _t148 + 0xc;
								if(E01039660( &_v588,  &_v616, 1) == 0) {
									break;
								}
								goto L36;
							}
							_push(_v564);
							E010695D0();
							_t65 = _t151 + 0x3fffffcc; // 0x3fffffcc
							asm("sbb eax, eax");
							_t151 = _t151 &  ~_t65;
							L37:
							_t99 = _v596;
							_t143 = _v600 + 1;
							_v600 = _t143;
						} while (_t151 >= 0);
						if(_t150 != 0) {
							L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t150);
						}
						if(_t151 >= 0) {
							_push( *_t137);
							E010695D0();
							 *_t137 = _v564;
						}
						_t85 = _t151 + 0x7fffffe6; // 0x7fffffe6
						asm("sbb eax, eax");
						_t89 =  ~_t85 & _t151;
					}
					goto L4;
				}
				if(_t89 != 0xc0000034) {
					if(_t89 == 0xc0000023) {
						goto L3;
					}
					if(_t89 != 0x80000005) {
						goto L4;
					}
				}
				goto L3;
			}

0x01028239
0x0102824b
0x0102824e
0x0102825d
0x01028260
0x0102826e
0x01028275
0x0102827b
0x0102827d
0x01028287
0x01028294
0x010282ce
0x010282de
0x010282de
0x0102829c
0x0102829d
0x010282a8
0x010282a9
0x010282b1
0x010282b2
0x010282b4
0x010282bb
0x01082dfa
0x010282cc
0x010282cc
0x01082e19
0x01082e19
0x01082e1b
0x01082e1e
0x01082e30
0x01082e3d
0x00000000
0x00000000
0x01082e5a
0x01082e61
0x01082e68
0x01082e72
0x01082e72
0x01082e78
0x01082e7e
0x01082e80
0x01082e86
0x01082e8c
0x01082e8c
0x01082e92
0x01082e93
0x01082e99
0x01082e9a
0x01082e9c
0x01082e9d
0x01082ea4
0x01082ea8
0x00000000
0x00000000
0x01082eae
0x01082eb8
0x01082ec3
0x01082eca
0x01082ed1
0x01082edb
0x01082ee3
0x01082eef
0x01082efb
0x01082efc
0x01082f08
0x01082f12
0x01082f13
0x01082f22
0x01082f26
0x00000000
0x00000000
0x01082f3d
0x01082f41
0x01083069
0x01083069
0x0108306f
0x00000000
0x0108306f
0x01082f47
0x01082f4d
0x01082f53
0x01082f59
0x01082f5a
0x01082f5b
0x01082f5c
0x01082f64
0x01082f65
0x01082f70
0x01082f78
0x01082f84
0x01082f92
0x01082f92
0x01082f9d
0x01082fa2
0x01082fed
0x01083004
0x01083008
0x00000000
0x00000000
0x0108300a
0x01083010
0x01083012
0x01083018
0x00000000
0x01082fa4
0x01082fa4
0x01082fa6
0x01082fa6
0x00000000
0x01082fa6
0x01082fab
0x01082fab
0x01082fab
0x01082fab
0x01082fb1
0x01082fb1
0x01082fc1
0x01082fc7
0x01082fcf
0x01083020
0x0108302a
0x00000000
0x00000000
0x0108302c
0x01083034
0x00000000
0x00000000
0x01083036
0x01083039
0x01083040
0x0108304a
0x01083067
0x00000000
0x00000000
0x00000000
0x01083067
0x01082fd1
0x01082fd7
0x01082fdc
0x01082fe4
0x01082fe6
0x01083074
0x0108307a
0x01083080
0x01083081
0x01083087
0x01083091
0x0108309f
0x0108309f
0x010830a6
0x010830a8
0x010830aa
0x010830b5
0x010830b5
0x010830b7
0x010830bf
0x010830c1
0x010830c1
0x00000000
0x01082dfa
0x010282c6
0x01082ddd
0x00000000
0x00000000
0x01082de8
0x00000000
0x00000000
0x01082dee
0x00000000

Strings

FilterFullPath, xrefs: 01082F2C
UseFilter, xrefs: 01028263
\??\, xrefs: 01082E2A

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: FilterFullPath$UseFilter$\??\
API String ID: 0-2779062949
Opcode ID: f7fc089cc7b3b9ab6d1f2f8856530b4275064857a5cb777683a24a344b17725c
Instruction ID: b19bc962aba07037d83478c8dbea82b27f2fc5a41d6b6f8b092b15a124bfeb0f
Opcode Fuzzy Hash: f7fc089cc7b3b9ab6d1f2f8856530b4275064857a5cb777683a24a344b17725c
Instruction Fuzzy Hash: 11A16B759016299BDB31EF68CC88BE9B7B8FF44700F1101EAE988AB250D7359E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 010D23E3 Relevance: 3.9, Strings: 3, Instructions: 166
COMMONCrypto

Download Yara Rule

C-Code - Quality: 64%

			E010D23E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0x111874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0x111874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E0107D4F0(_t83, 0x1006c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0102B150();
					} else {
						E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E0102B150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1116378 = 1;
						asm("int3");
						 *0x1116378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}

0x010d23e3
0x010d23e8
0x010d23eb
0x010d23ee
0x010d23f3
0x010d259b
0x010d259b
0x010d259d
0x010d25a3
0x010d25a3
0x010d23fb
0x010d2424
0x010d244f
0x010d2460
0x010d2451
0x010d2451
0x010d2456
0x010d2458
0x010d2458
0x010d245b
0x010d245b
0x010d2426
0x010d2431
0x010d2436
0x010d2443
0x010d2438
0x010d2438
0x010d2438
0x010d2445
0x010d2445
0x010d2463
0x010d2469
0x010d246f
0x010d2480
0x010d2495
0x010d24a1
0x010d24ce
0x010d24df
0x010d24d0
0x010d24d0
0x010d24d5
0x010d24d7
0x010d24d7
0x010d24da
0x010d24da
0x010d24a3
0x010d24b0
0x010d24b5
0x010d24c2
0x010d24b7
0x010d24b7
0x010d24b7
0x010d24c4
0x010d24c4
0x010d24e8
0x010d2497
0x010d249a
0x010d249a
0x010d2482
0x010d2488
0x010d2488
0x010d2471
0x010d2479
0x010d2479
0x010d24ef
0x010d23fd
0x010d2401
0x010d2412
0x010d2403
0x010d2403
0x010d2408
0x010d240a
0x010d240a
0x010d240d
0x010d240d
0x010d241b
0x010d241b
0x010d24f1
0x010d24f6
0x010d2507
0x010d2510
0x00000000
0x010d2510
0x010d250b
0x00000000
0x010d24f8
0x010d24f8
0x010d24fc
0x010d2500
0x010d2512
0x010d2515
0x010d251a
0x010d2521
0x010d2524
0x010d2529
0x010d252f
0x00000000
0x00000000
0x010d253c
0x010d255c
0x010d2561
0x010d253e
0x010d2554
0x010d2559
0x010d256a
0x010d256d
0x010d2574
0x010d2586
0x010d2588
0x010d258f
0x010d2590
0x010d2590
0x010d2597
0x00000000
0x010d2597

Strings

Heap block at %p modified at %p past requested size of %Ix, xrefs: 010D256F
HEAP: , xrefs: 010D255C
HEAP[%wZ]: , xrefs: 010D254F

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
API String ID: 0-3815128232
Opcode ID: e2f30d9f02881d4c8a216bff9efbd1f54061e14643401d87fbe4cd1c3c1f5c8d
Instruction ID: a20fa453b16ef6e1afd03554602c4d4f1248ae4f70131b95a23fec907437ba30
Opcode Fuzzy Hash: e2f30d9f02881d4c8a216bff9efbd1f54061e14643401d87fbe4cd1c3c1f5c8d
Instruction Fuzzy Hash: 08514834100360CAE3B5CF1EC8447B67BF1EF44645F954899ECC68B285DA36D887DB20

Uniqueness

Uniqueness Score: -1.00%

Function 0104EB9A Relevance: 3.9, Strings: 3, Instructions: 156
COMMONCrypto

Download Yara Rule

C-Code - Quality: 75%

			E0104EB9A(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t62;
				signed int _t63;
				intOrPtr _t64;
				signed int _t65;
				intOrPtr _t77;
				signed int* _t91;
				intOrPtr _t92;
				signed int _t95;
				signed char _t109;
				signed int _t114;
				unsigned int _t119;
				intOrPtr* _t122;
				intOrPtr _t127;
				signed int _t130;
				void* _t135;

				_t92 = __ecx;
				_t122 = __edx;
				_v8 = __ecx;
				 *((intOrPtr*)(__ecx + 0xb4)) = __edx;
				if( *__edx != 0) {
					_t95 =  *((intOrPtr*)(__edx + 4)) -  *((intOrPtr*)(__edx + 0x14)) - 1;
					__eflags =  *(__edx + 8);
					if(__eflags != 0) {
						_t95 = _t95 + _t95;
					}
					 *( *((intOrPtr*)(_t122 + 0x20)) + _t95 * 4) =  *( *((intOrPtr*)(_t122 + 0x20)) + _t95 * 4) & 0x00000000;
					asm("btr eax, esi");
					_t92 = _v8;
				}
				_t62 = _t92 + 0xc0;
				_t127 =  *((intOrPtr*)(_t62 + 4));
				while(1) {
					L2:
					_v12 = _t127;
					if(_t62 == _t127) {
						break;
					}
					_t7 = _t127 - 8; // -8
					_t91 = _t7;
					if( *((intOrPtr*)(_t92 + 0x4c)) != 0) {
						_t119 =  *(_t92 + 0x50) ^  *_t91;
						 *_t91 = _t119;
						_t109 = _t119 >> 0x00000010 ^ _t119 >> 0x00000008 ^ _t119;
						if(_t119 >> 0x18 != _t109) {
							_push(_t109);
							E010DFA2B(_t91, _v8, _t91, _t122, _t127, __eflags);
						}
						_t92 = _v8;
					}
					_t114 =  *_t91 & 0x0000ffff;
					_t63 = _t122;
					_t135 = _t114 -  *((intOrPtr*)(_t122 + 4));
					while(1) {
						_v20 = _t63;
						if(_t135 < 0) {
							break;
						}
						_t130 =  *_t63;
						_v16 = _t130;
						_t127 = _v12;
						if(_t130 != 0) {
							_t63 = _v16;
							__eflags = _t114 -  *((intOrPtr*)(_t63 + 4));
							continue;
						}
						_v16 =  *((intOrPtr*)(_t63 + 4)) - 1;
						L10:
						if( *_t122 != 0) {
							_t64 =  *((intOrPtr*)(_t122 + 4));
							__eflags = _t114 - _t64;
							_t65 = _t64 - 1;
							__eflags = _t65;
							if(_t65 < 0) {
								_t65 = _t114;
							}
							E0104BC04(_t92, _t122, 1, _t127, _t65, _t114);
						}
						E0104E4A0(_v8, _v20, 1, _t127, _v16,  *_t91 & 0x0000ffff);
						if( *0x1118748 >= 1) {
							__eflags =  *( *((intOrPtr*)(_v20 + 0x1c)) + (_v16 -  *((intOrPtr*)(_v20 + 0x14)) >> 5) * 4) & 1 << (_v16 -  *((intOrPtr*)(_v20 + 0x14)) & 0x0000001f);
							if(__eflags == 0) {
								_t77 =  *[fs:0x30];
								__eflags =  *(_t77 + 0xc);
								if( *(_t77 + 0xc) == 0) {
									_push("HEAP: ");
									E0102B150();
								} else {
									E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))");
								E0102B150();
								__eflags =  *0x1117bc8;
								if(__eflags == 0) {
									__eflags = 1;
									E010E2073(_t91, 1, _t122, 1);
								}
							}
							_t127 = _v12;
						}
						_t92 = _v8;
						if( *((intOrPtr*)(_t92 + 0x4c)) != 0) {
							_t91[0] = _t91[0] ^ _t91[0] ^  *_t91;
							 *_t91 =  *_t91 ^  *(_t92 + 0x50);
						}
						_t127 =  *((intOrPtr*)(_t127 + 4));
						_t62 = _t92 + 0xc0;
						goto L2;
					}
					_v16 = _t114;
					goto L10;
				}
				return _t62;
			}

0x0104eb9a
0x0104eba5
0x0104eba7
0x0104ebaa
0x0104ebb3
0x0104eca0
0x0104eca1
0x0104eca5
0x0104ecd1
0x0104ecd1
0x0104ecaa
0x0104ecc3
0x0104ecc9
0x0104ecc9
0x0104ebb9
0x0104ebbf
0x0104ebc2
0x0104ebc2
0x0104ebc2
0x0104ebc7
0x00000000
0x00000000
0x0104ebd1
0x0104ebd1
0x0104ebd4
0x0104ebd9
0x0104ebdd
0x0104ebe9
0x0104ebf0
0x01094258
0x0109425e
0x0109425e
0x0104ebf6
0x0104ebf6
0x0104ebf9
0x0104ebfc
0x0104ebfe
0x0104ec01
0x0104ec01
0x0104ec04
0x00000000
0x00000000
0x0104ec0a
0x0104ec0e
0x0104ec11
0x0104ec14
0x0104ec8f
0x0104ec92
0x00000000
0x0104ec92
0x0104ec1a
0x0104ec1d
0x0104ec20
0x0104ec72
0x0104ec75
0x0104ec77
0x0104ec77
0x0104ec78
0x0104ec7a
0x0104ec7a
0x0104ec83
0x0104ec83
0x0104ec32
0x0104ec3e
0x01094281
0x01094284
0x01094286
0x0109428c
0x01094290
0x010942af
0x010942b4
0x01094292
0x010942a7
0x010942ac
0x010942ba
0x010942bf
0x010942c4
0x010942cc
0x010942d0
0x010942d1
0x010942d1
0x010942cc
0x010942d6
0x010942d6
0x0104ec44
0x0104ec4b
0x0104ec55
0x0104ec5b
0x0104ec5b
0x0104ec5d
0x0104ec60
0x00000000
0x0104ec60
0x0104ec8a
0x00000000
0x0104ec8a
0x0104ec71

Strings

RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 010942BA
HEAP: , xrefs: 010942AF
HEAP[%wZ]: , xrefs: 010942A2

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
API String ID: 0-1596344177
Opcode ID: f9d8a2569462a749a65f075350900dd29244daaa0607d6b236b5efb2119d7a95
Instruction ID: 1f8be80b7837a5c28341238de071672575b04024247892ca309994a20b8f968c
Opcode Fuzzy Hash: f9d8a2569462a749a65f075350900dd29244daaa0607d6b236b5efb2119d7a95
Instruction Fuzzy Hash: 6251C0B1A00519DFDB14DF58C594BAABBF2FF85310F1581E9D8859B342D735AC42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0104B8E4 Relevance: 3.8, Strings: 3, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E0104B8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0x1118748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E0102B150();
						} else {
							E0102B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E0102B150();
						__eflags =  *0x1117bc8;
						if(__eflags == 0) {
							E010E2073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E0104AB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}

0x0104b8f0
0x0104b8f2
0x0104b8f4
0x01092c4e
0x01092c50
0x01092c56
0x01092c5c
0x01092c60
0x01092c7f
0x01092c84
0x01092c62
0x01092c77
0x01092c7c
0x01092c8a
0x01092c8f
0x01092c94
0x01092c9c
0x01092ca5
0x01092ca5
0x01092c9c
0x01092c50
0x0104b8fa
0x0104b902
0x0104b921
0x0104b921
0x0104b924
0x0104b924
0x0104b927
0x00000000
0x00000000
0x0104b929
0x0104b92b
0x0104b92d
0x0104b940
0x00000000
0x0104b940
0x0104b932
0x0104b932
0x00000000
0x0104b932
0x00000000
0x0104b904
0x0104b904
0x0104b90a
0x0104b90c
0x0104b916
0x0104b919
0x0104b915
0x0104b915
0x0104b91b
0x0104b91b
0x00000000
0x0104b910

Strings

HEAP: , xrefs: 01092C7F
(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size), xrefs: 01092C8A
HEAP[%wZ]: , xrefs: 01092C72

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-2558761708
Opcode ID: 177a818437110aaf3bb8ce8fa4595f6df60acb641fb5ad64aacb5f53b98c2ce5
Instruction ID: b1f028d720881eb9202317a42cab9d927a9b41f29ec85d8bb48d0e0c7caf6933
Opcode Fuzzy Hash: 177a818437110aaf3bb8ce8fa4595f6df60acb641fb5ad64aacb5f53b98c2ce5
Instruction Fuzzy Hash: F811D0B53045029FEB69EB19C4D4B7AB7A5EB80620F24807DE4CACB282D630DC81DB41

Uniqueness

Uniqueness Score: -1.00%

Function 0103BA00 Relevance: 3.1, Strings: 2, Instructions: 614
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E0103BA00(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, signed int _a12, signed int _a16, signed int _a20, signed int _a24) {
				void* _v4;
				char _v88;
				char _v792;
				char _v1496;
				char _v1672;
				char _v2376;
				int _v2380;
				char _v2381;
				char _v2382;
				void* _v2388;
				short _v2390;
				char _v2392;
				intOrPtr _v2396;
				int _v2400;
				char _v2408;
				int _v2412;
				int _v2416;
				void* _v2420;
				char _v2424;
				signed int _v2428;
				signed int _v2432;
				char* _v2436;
				short _v2438;
				char _v2440;
				signed int _v2444;
				char _v2448;
				signed int _v2452;
				short _v2454;
				char _v2456;
				int _v2460;
				int _v2464;
				int _v2468;
				char _v2472;
				int _v2476;
				int _v2480;
				signed int _v2484;
				void* _v2488;
				intOrPtr _v2496;
				signed int _v2500;
				int _v2508;
				char _v2512;
				char* _v2516;
				char _v2520;
				char _v2528;
				char _v2556;
				char _v2560;
				char _v2564;
				intOrPtr _t254;
				void* _t257;
				signed int _t258;
				int _t264;
				signed int _t267;
				signed int _t270;
				signed int _t273;
				signed int _t277;
				signed char* _t280;
				signed int _t281;
				signed char* _t282;
				signed int _t291;
				signed int _t294;
				signed char* _t295;
				signed int _t296;
				signed char* _t297;
				signed int _t300;
				signed int _t309;
				signed int _t311;
				signed int _t317;
				int _t334;
				signed int _t337;
				intOrPtr* _t338;
				signed int _t339;
				signed int _t364;
				int _t374;
				signed int _t376;
				signed int _t378;
				signed int _t391;
				void* _t401;
				signed int _t403;
				intOrPtr _t406;
				signed int _t411;
				signed int _t416;
				signed int _t422;
				intOrPtr* _t430;
				signed int _t431;
				intOrPtr* _t438;
				signed int _t442;
				short _t454;
				void* _t458;
				void* _t464;
				void* _t467;
				signed int _t468;
				signed char* _t472;
				int _t477;
				signed int _t478;
				void* _t486;

				_push(0x9f4);
				_push(0x10ffa40);
				E0107D0E8(__ebx, __edi, __esi);
				_v2396 = _a8;
				_v2444 = _a12 & 0x0000ffff;
				_v2428 = _a16;
				_v2484 = _a20;
				_v2448 = 0;
				_v2480 = 0;
				_t477 = 0;
				_v2420 = 0;
				_v2412 = 0;
				_v2468 = 0;
				_v2408 = 0;
				_v2488 = 0;
				_v2382 = 0;
				_v2564 = 0x24;
				_v2560 = 1;
				_t403 = 7;
				_t467 =  &_v2556;
				memset(_t467, 0, _t403 << 2);
				_t468 = _t467 + _t403;
				_v2424 = 0;
				_v2464 = 0;
				_v2460 = 0;
				_v2381 = 1;
				_v2476 = 0;
				_v2432 =  &_v2376;
				_v2472 = 0x2be;
				_v2496 = 1;
				_v2416 = 1;
				_t254 = _v2396;
				if(_t254 == 0) {
					L99:
					goto L8;
				} else {
					_t405 = _v2444;
					if(_v2444 == 0) {
						goto L99;
					} else {
						_t468 = _v2428;
						if(_t468 == 0) {
							goto L99;
						} else {
							_t406 = _t254;
							_t257 = E0103D1D0(_t406, _t405,  &_v2408, 4);
							if(_t257 == 0xffffffff) {
								_t468 = _a24 & 0x00400000;
								__eflags = _t468;
								if(_t468 != 0) {
									goto L10;
								} else {
									 *_v2428 = 0;
									goto L8;
								}
							} else {
								if(_t257 == 0) {
									_t468 = _a24 & 0x00400000;
									__eflags = _t468;
									L10:
									_v2500 = _t468;
									_v2400 = 0;
									__eflags = _t468;
									if(_t468 != 0) {
										_t258 = 0xc0000039;
									} else {
										_t406 = _v2396;
										_t258 = E01058ED7(_t406,  &_v792, _t406,  &_v2480,  &_v2420,  &_v2412,  &_v2476);
										_t477 = _v2420;
									}
									__eflags = _t258;
									if(_t258 < 0) {
										_t406 = _v2396;
										_t478 = E010B6365(_t406,  &_v792, 0x2be,  &_v2480,  &_v2460,  &_v2412,  &_v2424);
										_v2380 = _t478;
										__eflags = _t478;
										if(_t478 < 0) {
											goto L30;
										} else {
											_t477 = _v2460;
											_v2420 = _t477;
											goto L13;
										}
									} else {
										L13:
										_t291 = _v2480 & 0xfffffffe;
										__eflags = _t291 - 0x2be;
										if(_t291 >= 0x2be) {
											E0106B75A();
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											_push(_t486);
											_push(_t406);
											_push(0);
											_push(_t477);
											_push(_t468);
											_t294 =  *( *[fs:0x30] + 0x50);
											_t472 = 0x7ffe0385;
											__eflags = _t294;
											if(_t294 != 0) {
												__eflags =  *_t294;
												if( *_t294 == 0) {
													goto L63;
												} else {
													_t295 =  *( *[fs:0x30] + 0x50) + 0x22b;
												}
											} else {
												L63:
												_t295 = _t472;
											}
											__eflags =  *_t295 & 0x00000001;
											_t481 = 0x7ffe0384;
											if(( *_t295 & 0x00000001) != 0) {
												_t296 = E01047D50();
												__eflags = _t296;
												if(_t296 == 0) {
													_t297 = 0x7ffe0384;
												} else {
													_t297 =  *( *[fs:0x30] + 0x50) + 0x22a;
												}
												E010B6715(0x1001b58,  *_t297 & 0x000000ff);
											}
											_t401 = E0103C1C0(_a4, _a8, _a12, 0, _a16);
											_t416 =  *( *[fs:0x30] + 0x50);
											__eflags = _t416;
											if(_t416 != 0) {
												__eflags =  *_t416;
												if( *_t416 != 0) {
													_t472 =  *( *[fs:0x30] + 0x50) + 0x22b;
												}
											}
											__eflags =  *_t472 & 0x00000001;
											if(( *_t472 & 0x00000001) != 0) {
												_t300 = E01047D50();
												__eflags = _t300;
												if(_t300 != 0) {
													_t481 =  *( *[fs:0x30] + 0x50) + 0x22a;
													__eflags =  *( *[fs:0x30] + 0x50) + 0x22a;
												}
												E010B6715(0x1001b48,  *_t481 & 0x000000ff);
											}
											return _t401;
										} else {
											 *((short*)(_t486 + _t291 - 0x318)) = 0;
											_t309 = L010713D0(_t477, 0x7e);
											__eflags = _t309;
											if(_t309 != 0) {
												_t311 = E010B5F5F( &_v792, _t477,  &_v2464);
												__eflags = _t311;
												if(_t311 < 0) {
													goto L15;
												} else {
													_t477 = _v2464;
													_v2420 = _t477;
													_t438 = _t477;
													_t464 = _t438 + 2;
													do {
														_t391 =  *_t438;
														_t438 = _t438 + 2;
														__eflags = _t391;
													} while (_t391 != 0);
													_t422 = (_t438 - _t464 >> 1) + (_t438 - _t464 >> 1);
													_v2412 = _t422;
													goto L16;
												}
												L33:
												__eflags = _t264;
												if(_t264 != 0) {
													_push(_v2408);
													_push(_t478);
													asm("sbb edi, edi");
													_t468 = ( ~_t468 & 0x00000020) + 1;
													__eflags = _t468;
													_push(_t468);
													_push(_v2444);
													_push(0);
													_push( &_v2448);
													E0105DA88(0, _v2396,  &_v2400, _t468, _t478, _t468);
												}
												__eflags = _v2400 - 0xffffffff;
												if(_v2400 == 0xffffffff) {
													 *_v2428 = 0;
												} else {
													_t277 = E01047D50();
													__eflags = _t277;
													if(_t277 != 0) {
														_t280 =  *( *[fs:0x30] + 0x50) + 0x22b;
													} else {
														_t280 = 0x7ffe0385;
													}
													__eflags =  *_t280 & 0x00000001;
													if(( *_t280 & 0x00000001) != 0) {
														_t281 = E01047D50();
														__eflags = _t281;
														if(_t281 == 0) {
															_t282 = 0x7ffe0384;
														} else {
															_t282 =  *( *[fs:0x30] + 0x50) + 0x22a;
														}
														E010B6715( &_v2392,  *_t282 & 0x000000ff);
													}
													_v4 = 2;
													 *_v2428 = _v2400;
													_t411 = _v2484;
													__eflags = _t411;
													if(_t411 != 0) {
														 *_t411 = _v2408;
													}
													_t477 = 0;
													_v2380 = 0;
													_v4 = 0xfffffffe;
												}
												__eflags = _v2460;
												if(_v2460 != 0) {
													L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v2460);
												}
												_t267 = _v2464;
												__eflags = _t267;
												if(_t267 != 0) {
													L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t267);
												}
												_t270 = _v2468;
												__eflags = _t270;
												if(_t270 != 0) {
													L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t270);
													_t477 = _v2380;
												}
												_t273 = _v2432;
												__eflags = _t273;
												if(_t273 != 0) {
													__eflags =  &_v2376 - _t273;
													if( &_v2376 != _t273) {
														L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t273);
														_t477 = _v2380;
													}
												}
												goto L8;
											} else {
												L15:
												_t422 = _v2412;
											}
											L16:
											_v2516 =  &_v1496;
											_v2520 = 0x2be0000;
											_v2508 = 0;
											_v2512 = 0;
											_t454 = 0x3c;
											__eflags = _t422 + 0xc - _t454;
											if(_t422 + 0xc > _t454) {
												_t317 = E01044620(_t422,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xa + _t422 * 2);
												_v2468 = _t317;
												__eflags = _t317;
												if(_t317 == 0) {
													_t478 = 0xc0000017;
													goto L89;
												} else {
													_v2452 = _t317;
													_v2454 = 0xa + _v2412 * 2;
													_t477 = _v2420;
													goto L18;
												}
											} else {
												_v2452 =  &_v88;
												_v2454 = _t454;
												L18:
												_v2456 = 0;
												_t478 = E0103A990(_t422,  &_v2456, _t477);
												_v2380 = _t478;
												__eflags = _t478;
												if(_t478 >= 0) {
													_t478 = E0103A990(_t422,  &_v2456, L".mui");
													_v2380 = _t478;
													__eflags = _t478;
													if(_t478 >= 0) {
														_t484 = _v2476;
														__eflags = _v2476;
														if(__eflags != 0) {
															E0103F540( &_v2564, _t484);
														}
														_v4 = 1;
														_t456 = _v2444;
														_t424 =  &_v2456;
														_v2380 = E01061CC7(0,  &_v2456, _v2444, _t468, _t484, __eflags,  &_v2520,  &_v2512,  &_v2488);
														_v4 = 0xfffffffe;
														E0103BFE4(_t329, _t484);
														__eflags = _v2380;
														if(_v2380 >= 0) {
															_v2382 = 1;
															_t424 = _v2488;
															_v2388 =  *((intOrPtr*)(_t424 + 4));
															_v2392 =  *_t424;
															_v2390 =  *((intOrPtr*)(_t424 + 2));
														}
														__eflags = _v2382;
														if(_v2382 != 0) {
															_v2436 = 0;
															_t334 = 0;
															_v2416 = 0;
															goto L28;
														} else {
															_v2388 =  &_v1496;
															_v2392 = 0x2be0000;
															E0103A990(_t424,  &_v2392,  &_v792);
															_v2436 =  &_v1672;
															_v2438 = 0xaa;
															_t364 = E01034720(_t456, _v2444 & 0x0000ffff,  &_v2440, 2, 0);
															__eflags = _t364;
															if(_t364 < 0) {
																_t478 = 0xc000000d;
																goto L89;
															} else {
																E01037B60(_t424,  &_v2392,  &_v2440);
																E0103A990(_t424,  &_v2392, "\\");
																E0103A990(_t424,  &_v2392, _v2452);
																_t434 = _v2436;
																_t374 = E0105FE34(_v2436, _v2388, __eflags,  &_v2472,  &_v2376);
																_v2380 = _t374;
																__eflags = _t374 - 0xc0000023;
																if(_t374 == 0xc0000023) {
																	_t376 = E01044620(_t434,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v2472);
																	_v2432 = _t376;
																	__eflags = _t376;
																	if(__eflags == 0) {
																		goto L26;
																	} else {
																		_v2380 = E0105FE34(_v2436, _v2388, __eflags,  &_v2472, _t376);
																		goto L25;
																	}
																	goto L33;
																} else {
																	L25:
																	_t376 = _v2432;
																}
																L26:
																__eflags = _v2380;
																if(_v2380 >= 0) {
																	_t378 = E01036D30( &_v2528, _t376);
																	__eflags = _t378;
																	if(_t378 < 0) {
																		goto L27;
																	} else {
																		_t478 = E0105D715(_v2396,  &_v2528, _v2424, _a24, _v2436, 2,  &_v2448,  &_v2408,  &_v2400);
																		_v2380 = _t478;
																		__eflags = _t478;
																		if(_t478 < 0) {
																			__eflags = _t478 - 0xc0000034;
																			if(__eflags != 0) {
																				E010A7632(_t478,  &_v2528, __eflags, _v2424, _a24,  &_v2440);
																			}
																			goto L27;
																		} else {
																			E01036D30( &_v2392, _v2432);
																		}
																	}
																} else {
																	L27:
																	_t334 = _v2416;
																	L28:
																	_t478 = E0105D715(_v2396,  &_v2392, _v2424, _a24, _v2436, _t334,  &_v2448,  &_v2408,  &_v2400);
																	_v2380 = _t478;
																	__eflags = _t478 - 0xc000003a;
																	if(_t478 == 0xc000003a) {
																		L50:
																		_t337 = E010630B8( &_v792,  &_v1496);
																		__eflags = _t337;
																		if(_t337 != 0) {
																			_t338 =  &_v1496;
																			_v2388 = _t338;
																			_t430 = _t338;
																			_t458 = _t430 + 2;
																			do {
																				_t339 =  *_t430;
																				_t430 = _t430 + 2;
																				__eflags = _t339;
																			} while (_t339 != 0);
																			_t431 = _t430 - _t458;
																			__eflags = _t431;
																			_t432 = _t431 >> 1;
																			_v2392 = (_t431 >> 1) + (_t431 >> 1);
																			_v2390 = 0x2be;
																			E0103A990(_t431 >> 1,  &_v2392, "\\");
																			E01037B60(_t432,  &_v2392,  &_v2440);
																			E0103A990(_t432,  &_v2392, "\\");
																			E0103A990(_t432,  &_v2392, _v2452);
																			_t478 = E0105D715(_v2396,  &_v2392, _v2424, _a24, _v2436, _v2416,  &_v2448,  &_v2408,  &_v2400);
																			L89:
																			_v2380 = _t478;
																		}
																	} else {
																		__eflags = _t478 - 0xc0000034;
																		if(_t478 == 0xc0000034) {
																			goto L50;
																		}
																	}
																}
															}
														}
													}
												}
											}
											L30:
											__eflags = _v2400;
											if(_v2400 == 0) {
												_v2400 = _v2400 | 0xffffffff;
											}
											__eflags = _t478;
											if(_t478 < 0) {
												__eflags = _t478 - 0xc000012d;
												if(_t478 == 0xc000012d) {
													L90:
													_t264 = 0;
												} else {
													__eflags = _t478 - 0xc00000a5;
													if(_t478 == 0xc00000a5) {
														goto L90;
													} else {
														__eflags = _t478 - 0xc0000017;
														if(_t478 != 0xc0000017) {
															goto L32;
														} else {
															goto L90;
														}
													}
												}
											} else {
												L32:
												_t264 = _v2381;
											}
											goto L33;
										}
									}
								} else {
									_v4 = 0;
									 *_t468 = _t257;
									_t442 = _v2484;
									if(_t442 != 0) {
										 *_t442 = _v2408;
									}
									_v2380 = 0;
									_v4 = 0xfffffffe;
									L8:
									return E0107D130(0, _t468, _t477);
								}
							}
						}
					}
				}
			}

0x0103ba00
0x0103ba05
0x0103ba0a
0x0103ba12
0x0103ba1c
0x0103ba25
0x0103ba2e
0x0103ba36
0x0103ba3c
0x0103ba42
0x0103ba44
0x0103ba4a
0x0103ba50
0x0103ba56
0x0103ba5c
0x0103ba62
0x0103ba68
0x0103ba75
0x0103ba7d
0x0103ba80
0x0103ba86
0x0103ba86
0x0103ba88
0x0103ba8e
0x0103ba94
0x0103ba9a
0x0103baa0
0x0103baac
0x0103bab2
0x0103babc
0x0103bac2
0x0103bac8
0x0103bad0
0x0108ad5b
0x00000000
0x0103bad6
0x0103bad6
0x0103badf
0x00000000
0x0103bae5
0x0103bae5
0x0103baed
0x00000000
0x0103baf3
0x0103bafe
0x0103bb00
0x0103bb08
0x0103beed
0x0103beed
0x0103bef3
0x00000000
0x0103bef9
0x0103beff
0x00000000
0x0103bf01
0x0103bb0e
0x0103bb10
0x0103bb43
0x0103bb43
0x0103bb49
0x0103bb49
0x0103bb4f
0x0103bb55
0x0103bb57
0x0108a9c0
0x0103bb5d
0x0103bb80
0x0103bb86
0x0103bb8b
0x0103bb8b
0x0103bb91
0x0103bb93
0x0108a9f1
0x0108a9fc
0x0108a9fe
0x0108aa04
0x0108aa06
0x00000000
0x0108aa0c
0x0108aa0c
0x0108aa12
0x00000000
0x0108aa12
0x0103bb99
0x0103bb99
0x0103bb9f
0x0103bba2
0x0103bba7
0x0103bff6
0x0103bffb
0x0103bffc
0x0103bffd
0x0103bffe
0x0103bfff
0x0103c002
0x0103c008
0x0103c00f
0x0103c010
0x0103c011
0x0103c012
0x0103c015
0x0103c01a
0x0103c01c
0x0108ad65
0x0108ad68
0x00000000
0x0108ad6e
0x0108ad77
0x0108ad77
0x0103c022
0x0103c022
0x0103c022
0x0103c022
0x0103c024
0x0103c027
0x0103c02c
0x0108ad81
0x0108ad86
0x0108ad88
0x0108ad9a
0x0108ad8a
0x0108ad93
0x0108ad93
0x0108ada4
0x0108ada4
0x0103c04c
0x0103c04e
0x0103c051
0x0103c053
0x0108adae
0x0108adb1
0x0108adc0
0x0108adc0
0x0108adb1
0x0103c059
0x0103c05c
0x0108adcb
0x0108add0
0x0108add2
0x0108addd
0x0108addd
0x0108addd
0x0108adeb
0x0108adeb
0x0103c06a
0x0103bbad
0x0103bbaf
0x0103bbba
0x0103bbc1
0x0103bbc3
0x0108aa2c
0x0108aa31
0x0108aa33
0x00000000
0x0108aa39
0x0108aa39
0x0108aa3f
0x0108aa45
0x0108aa47
0x0108aa4a
0x0108aa4a
0x0108aa4d
0x0108aa50
0x0108aa50
0x0108aa59
0x0108aa5b
0x00000000
0x0108aa5b
0x0103be11
0x0103be11
0x0103be13
0x0103be15
0x0103be1b
0x0103be1e
0x0103be23
0x0103be23
0x0103be24
0x0103be25
0x0103be2b
0x0103be32
0x0103be3f
0x0103be3f
0x0103be44
0x0103be4b
0x0103bf65
0x0103be51
0x0103be51
0x0103be56
0x0103be58
0x0108ac9c
0x0103be5e
0x0103be5e
0x0103be5e
0x0103be63
0x0103be66
0x0108aca6
0x0108acab
0x0108acad
0x0108acbf
0x0108acaf
0x0108acb8
0x0108acb8
0x0108accd
0x0108accd
0x0103be6c
0x0103be7f
0x0103be81
0x0103be87
0x0103be89
0x0103be91
0x0103be91
0x0103be93
0x0103be95
0x0103be9b
0x0103be9b
0x0103bea2
0x0103bea9
0x0108ad15
0x0108ad1a
0x0103beaf
0x0103beb5
0x0103beb7
0x0108ad30
0x0108ad35
0x0103bebd
0x0103bec3
0x0103bec5
0x0103bfc2
0x0103bfc7
0x0103bfc7
0x0103becb
0x0103bed1
0x0103bed3
0x0103bedb
0x0103bedd
0x0108ad4b
0x0108ad50
0x0108ad50
0x0103bedd
0x00000000
0x0103bbc9
0x0103bbc9
0x0103bbc9
0x0103bbc9
0x0103bbcf
0x0103bbd5
0x0103bbdb
0x0103bbe5
0x0103bbed
0x0103bbf8
0x0103bbf9
0x0103bbfb
0x0103bf7f
0x0103bf84
0x0103bf8a
0x0103bf8c
0x0108aa66
0x00000000
0x0103bf92
0x0103bf92
0x0103bfa5
0x0103bfac
0x00000000
0x0103bfac
0x0103bc01
0x0103bc04
0x0103bc0a
0x0103bc11
0x0103bc13
0x0103bc27
0x0103bc29
0x0103bc2f
0x0103bc31
0x0103bc48
0x0103bc4a
0x0103bc50
0x0103bc52
0x0103bc58
0x0103bc5e
0x0103bc60
0x0103bfda
0x0103bfda
0x0103bc66
0x0103bc82
0x0103bc88
0x0103bc93
0x0103bc99
0x0103bca0
0x0103bca5
0x0103bcac
0x0108aa97
0x0108aa9e
0x0108aaa7
0x0108aab0
0x0108aabb
0x0108aabb
0x0103bcb2
0x0103bcb9
0x0108abb7
0x0108abbd
0x0108abbf
0x00000000
0x0103bcbf
0x0103bcc5
0x0103bccb
0x0103bce3
0x0103bcee
0x0103bcf9
0x0103bd14
0x0103bd19
0x0103bd1b
0x0108abad
0x00000000
0x0103bd21
0x0103bd2f
0x0103bd40
0x0103bd52
0x0103bd6b
0x0103bd71
0x0103bd76
0x0103bd7c
0x0103bd81
0x0108aad8
0x0108aadd
0x0108aae3
0x0108aae5
0x00000000
0x0108aaeb
0x0108ab04
0x00000000
0x0108ab04
0x00000000
0x0103bd87
0x0103bd87
0x0103bd87
0x0103bd87
0x0103bd8d
0x0103bd8d
0x0103bd94
0x0108ab17
0x0108ab1c
0x0108ab1e
0x00000000
0x0108ab24
0x0108ab5b
0x0108ab5d
0x0108ab63
0x0108ab65
0x0108ab7f
0x0108ab85
0x0108aba3
0x0108aba3
0x00000000
0x0108ab67
0x0108ab75
0x0108ab75
0x0108ab65
0x0103bd9a
0x0103bd9a
0x0103bd9a
0x0103bda0
0x0103bdd6
0x0103bdd8
0x0103bdde
0x0103bde4
0x0103bf0b
0x0103bf18
0x0103bf1d
0x0103bf1f
0x0108abca
0x0108abd0
0x0108abd6
0x0108abd8
0x0108abdb
0x0108abdb
0x0108abde
0x0108abe1
0x0108abe1
0x0108abe6
0x0108abe6
0x0108abe8
0x0108abed
0x0108abf9
0x0108ac0d
0x0108ac20
0x0108ac2d
0x0108ac3f
0x0108ac7f
0x0108ac81
0x0108ac81
0x0108ac81
0x0103bdea
0x0103bdea
0x0103bdf0
0x00000000
0x00000000
0x0103bdf0
0x0103bde4
0x0103bd94
0x0103bd1b
0x0103bcb9
0x0103bc52
0x0103bc31
0x0103bdf6
0x0103bdf6
0x0103bdfd
0x0103bf2a
0x0103bf2a
0x0103be03
0x0103be05
0x0103bf36
0x0103bf3c
0x0108ac8c
0x0108ac8c
0x0103bf42
0x0103bf42
0x0103bf48
0x00000000
0x0103bf4e
0x0103bf4e
0x0103bf54
0x00000000
0x0103bf5a
0x00000000
0x0103bf5a
0x0103bf54
0x0103bf48
0x0103be0b
0x0103be0b
0x0103be0b
0x0103be0b
0x00000000
0x0103be05
0x0103bba7
0x0103bb12
0x0103bb12
0x0103bb15
0x0103bb17
0x0103bb1f
0x0103bb27
0x0103bb27
0x0103bb29
0x0103bb2f
0x0103bb38
0x0103bb3d
0x0103bb3d
0x0103bb10
0x0103bb08
0x0103baed
0x0103badf

Strings

.mui, xrefs: 0103BC37
$, xrefs: 0103BA68

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: $$.mui
API String ID: 0-2138749814
Opcode ID: 78bb33e993e8f9aa0a450af686027f339c6d538896792217d51807ed78e4303e
Instruction ID: 556eaacc0a00a206499c1ddd275e80ed9ce9296e0916f7241f65592e7d4afe6a
Opcode Fuzzy Hash: 78bb33e993e8f9aa0a450af686027f339c6d538896792217d51807ed78e4303e
Instruction Fuzzy Hash: 1C426F71A06669DFEB61DF58CC40BEAB7B8BF84314F0041DAD589A7252DB309E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 010399C7 Relevance: 2.8, Strings: 2, Instructions: 294
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E010399C7(signed int __ecx, signed int __edx, signed int _a4, signed int _a8, signed short* _a12) {
				char _v12;
				char* _v16;
				short _v18;
				char _v20;
				char* _v24;
				short _v26;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				void* _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				char _v77;
				void* _v80;
				signed int _v88;
				char _v89;
				short _t109;
				short _t110;
				void* _t111;
				signed char* _t114;
				signed int _t115;
				signed char* _t116;
				signed int _t118;
				signed int _t120;
				signed int _t125;
				signed int _t143;
				short _t146;
				signed int _t149;
				short* _t156;
				intOrPtr _t165;
				signed char* _t169;

				_v52 = __ecx;
				_t146 = 0x38;
				_t109 = 0x3a;
				_v26 = _t109;
				_t110 = 0x36;
				_v48 = __edx;
				_v28 = _t146;
				_v24 = L"LdrResFallbackLangList Enter";
				_v20 = _t110;
				_v18 = _t146;
				_v16 = L"LdrResFallbackLangList Exit";
				_t111 = E01047D50();
				_t169 = 0x7ffe0385;
				if(_t111 != 0) {
					_t114 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
				} else {
					_t114 = 0x7ffe0385;
				}
				_t140 = 0x7ffe0384;
				if(( *_t114 & 0x00000001) != 0) {
					_t115 = E01047D50();
					if(_t115 == 0) {
						_t116 = 0x7ffe0384;
					} else {
						_t116 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					E010B6715( &_v28,  *_t116 & 0x000000ff);
				}
				_t156 = _a12;
				if(_t156 == 0) {
					_t165 = 0xc000000d;
					goto L37;
				} else {
					 *_t156 = 0;
					_t149 = 0;
					 *((char*)(_t156 + 0x204)) = 0;
					_v60 = 0;
					_v64 = 0;
					_v77 = 0;
					_v56 = 0;
					while(1) {
						L5:
						_t125 = _t149;
						_t143 = _t149;
						_v68 = _t149 + 1;
						if(_t125 > 7) {
							break;
						}
						switch( *((intOrPtr*)(_t125 * 4 +  &M01039CEB))) {
							case 0:
								__si = _a4;
								goto L13;
							case 1:
								__eflags = _a8 & 0x00000004;
								if((_a8 & 0x00000004) != 0) {
									 *((char*)(__edx + 0x204)) = 1;
									goto L36;
								}
								__eflags = _a4 & 0x000003ff;
								if((_a4 & 0x000003ff) != 0) {
									 *((char*)(__edx + 0x204)) = 1;
									__edx =  &_v72;
									__eax = E0102649B(__ecx, __edx);
									__eflags = __eax;
									if(__eax < 0) {
										goto L36;
									}
									__si = _v72;
									__eflags = __si;
									if(__si != 0) {
										__ecx = __ebx;
									} else {
										__ecx = __ecx | 0xffffffff;
									}
									_v68 = __ecx;
									L26:
									_push(2);
									goto L13;
								}
								goto L26;
							case 2:
								_v76 = 0;
								_t127 = E0103ABEC();
								_t151 = _v60;
								if(_t127 == 0 || _t151 >= ( *( *( *[fs:0x18] + 0xfc0) + 4) & 0x0000ffff)) {
									_t173 = 0;
								} else {
									E0103AAC7(_t151,  *( *[fs:0x18] + 0xfc0), _t151,  &_v76,  &_v77);
									_t173 = _v88;
									_t151 = _v72;
								}
								if(_t173 == 0) {
									goto L21;
								} else {
									if(_v77 != 0) {
										__eflags = _a8 & 0x00100000;
										if((_a8 & 0x00100000) != 0) {
											_t173 = 0xeeee;
										}
									}
									_v60 = _t151 + 1;
									_t149 = _t143;
									_push(3);
									_pop(_t167);
									_v68 = _t149;
									goto L13;
								}
							case 3:
								__eax = _v52;
								__eflags = __eax;
								if(__eax == 0) {
									L32:
									goto L5;
								}
								__edx = _v48;
								 &_v36 =  &_v44;
								__ecx = __eax;
								__eax = E010361A7(__ecx, _v48,  &_v44,  &_v36, _a8);
								__eflags = __eax;
								if(__eax >= 0) {
									 &_v12 = E0106BB40(__ecx,  &_v12, _v44);
									 &_v48 =  &_v20;
									__eax = L010343C0( &_v20,  &_v48);
									__eflags = __al;
									if(__al == 0) {
										_v64 = 0xc00b0005;
										goto L31;
									}
									__eflags = _a8 & 0x00100000;
									__si = _v40;
									_v76 = _v40;
									if((_a8 & 0x00100000) != 0) {
										__edx =  *[fs:0x18];
										 &_v77 =  &_v76;
										__edx =  *( *[fs:0x18] + 0xfc0);
										__eax = E0103AAC7(__ecx, __edx, 0,  &_v76,  &_v77);
										__eflags = _v89;
										if(_v89 == 0) {
											__si = _v76;
										}
									}
									__eax = _v36;
									__al = __al & 0x00000001;
									asm("sbb edi, edi");
									goto L42;
								}
								L31:
								__ecx = _v68;
								__edx = _a12;
								goto L32;
							case 4:
								__eax = 0xeeee;
								_v76 = __ax;
								__eax = _a8;
								__eax =  !_a8;
								__eflags = __eax & 0x00080000;
								if((__eax & 0x00080000) != 0) {
									goto L36;
								}
								__eflags =  *[fs:0x18];
								if( *[fs:0x18] == 0) {
									__si = _v76;
									goto L5;
								}
								__eax =  *[fs:0x18];
								__si =  *((intOrPtr*)( *[fs:0x18] + 0xc4));
								goto L13;
							case 5:
								__eax =  &_v56;
								_push( &_v56);
								_push(1);
								__eax = E01069630();
								__edx = _a12;
								__ecx = __eax;
								_v72 = __ecx;
								__eflags = __ecx;
								__ecx = _v76;
								if(__eflags < 0) {
									goto L5;
								}
								__si = _v56;
								goto L42;
							case 6:
								__eax =  &_v32;
								_push( &_v32);
								_push(0);
								__eax = E01069630();
								__edx = _a12;
								__ecx = __eax;
								_v72 = __ecx;
								__eflags = __ecx;
								__ecx = _v76;
								if(__eflags < 0) {
									goto L5;
								}
								__eax = _v32;
								__eflags = _v32 - _v56;
								if(_v32 == _v56) {
									goto L5;
								}
								__si = __ax;
								L42:
								__ecx = _v68;
								goto L13;
							case 7:
								L13:
								_t159 = _a12;
								if(_t173 == 0xeeee) {
									goto L5;
								}
								_t144 =  *_t159 & 0x0000ffff;
								_t153 = 0;
								_t129 = _t144;
								if(_t129 == 0) {
									L19:
									if(_t144 >= 0x40) {
										goto L36;
									}
									 *(_t159 + 4 + _t129 * 8) = _t173;
									 *((intOrPtr*)(_t159 + 8 + ( *_t159 & 0x0000ffff) * 8)) = _t167;
									 *_t159 =  *_t159 + 1;
									L21:
									_t149 = _v68;
									goto L5;
								}
								_t162 =  &(_t159[2]);
								while( *_t162 != _t173) {
									_t153 = _t153 + 1;
									_t162 =  &(_t162[4]);
									if(_t153 < _t129) {
										continue;
									}
									break;
								}
								_t159 = _a12;
								_t149 = _v68;
								if(_t153 < _t129) {
									goto L5;
								}
								goto L19;
						}
					}
					L36:
					_t165 = _v64;
					_t169 = 0x7ffe0385;
					_t63 = _t169 - 1; // 0x7ffe0384
					_t140 = _t63;
					L37:
					_t118 = E01047D50();
					if(_t118 != 0) {
						_t169 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t169 & 0x00000001) != 0) {
						_t120 = E01047D50();
						if(_t120 != 0) {
							_t140 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						E010B6715( &_v20,  *_t140 & 0x000000ff);
					}
					return _t165;
				}
			}

0x010399d7
0x010399dd
0x010399e0
0x010399e3
0x010399e8
0x010399e9
0x010399ed
0x010399f2
0x010399fa
0x010399ff
0x01039a04
0x01039a0c
0x01039a11
0x01039a18
0x01089ff0
0x01039a1e
0x01039a1e
0x01039a1e
0x01039a23
0x01039a28
0x01089ffa
0x0108a001
0x0108a013
0x0108a003
0x0108a00c
0x0108a00c
0x0108a01c
0x0108a01c
0x01039a2e
0x01039a33
0x0108a026
0x00000000
0x01039a39
0x01039a3d
0x01039a40
0x01039a42
0x01039a48
0x01039a4c
0x01039a50
0x01039a54
0x01039a58
0x01039a58
0x01039a58
0x01039a5a
0x01039a5d
0x01039a64
0x00000000
0x00000000
0x01039a6a
0x00000000
0x01039b45
0x00000000
0x00000000
0x01039b4e
0x01039b52
0x0108a0cc
0x00000000
0x0108a0cc
0x01039b58
0x01039b5f
0x0108a030
0x0108a03a
0x0108a03e
0x0108a043
0x0108a045
0x00000000
0x00000000
0x0108a04b
0x0108a050
0x0108a053
0x0108a05a
0x0108a055
0x0108a055
0x0108a055
0x0108a05c
0x01039b6a
0x01039b6a
0x00000000
0x01039b6c
0x00000000
0x00000000
0x01039a73
0x01039a78
0x01039a7d
0x01039a83
0x01039b72
0x01039aa1
0x01039ab9
0x01039abe
0x01039ac3
0x01039ac3
0x01039aca
0x00000000
0x01039ad0
0x01039ad5
0x0108a065
0x0108a06c
0x0108a072
0x0108a072
0x0108a06c
0x01039adc
0x01039ae0
0x01039ae2
0x01039ae4
0x01039ae5
0x00000000
0x01039ae5
0x00000000
0x01039b83
0x01039b87
0x01039b89
0x01039bb2
0x00000000
0x01039bb2
0x01039b8e
0x01039b97
0x01039b9c
0x01039b9e
0x01039ba3
0x01039ba5
0x01039c9f
0x01039ca9
0x01039cae
0x01039cb3
0x01039cb5
0x0108a0b5
0x00000000
0x0108a0b5
0x01039cbb
0x01039cc2
0x01039cc7
0x01039ccc
0x0108a07c
0x0108a088
0x0108a08d
0x0108a095
0x0108a09a
0x0108a09f
0x0108a0ab
0x0108a0ab
0x0108a09f
0x01039cd2
0x01039cd6
0x01039cdd
0x00000000
0x01039ce2
0x01039bab
0x01039bab
0x01039baf
0x00000000
0x00000000
0x01039bbc
0x01039bc1
0x01039bc6
0x01039bc9
0x01039bcb
0x01039bd0
0x00000000
0x00000000
0x01039bd2
0x01039bda
0x0108a0c2
0x00000000
0x0108a0c2
0x01039be0
0x01039be6
0x00000000
0x00000000
0x01039c1f
0x01039c28
0x01039c29
0x01039c2b
0x01039c30
0x01039c33
0x01039c35
0x01039c39
0x01039c3b
0x01039c3f
0x00000000
0x00000000
0x01039c45
0x00000000
0x00000000
0x01039c53
0x01039c5c
0x01039c5d
0x01039c5f
0x01039c64
0x01039c67
0x01039c69
0x01039c6d
0x01039c6f
0x01039c73
0x00000000
0x00000000
0x01039c79
0x01039c7d
0x01039c81
0x00000000
0x00000000
0x01039c87
0x01039c4a
0x01039c4a
0x00000000
0x00000000
0x01039ae9
0x01039ae9
0x01039af4
0x00000000
0x00000000
0x01039afa
0x01039afd
0x01039aff
0x01039b03
0x01039b24
0x01039b27
0x00000000
0x00000000
0x01039b2d
0x01039b35
0x01039b39
0x01039b3c
0x01039b3c
0x00000000
0x01039b3c
0x01039b05
0x01039b08
0x01039b0d
0x01039b0e
0x01039b13
0x00000000
0x00000000
0x00000000
0x01039b13
0x01039b15
0x01039b1a
0x01039b1e
0x00000000
0x00000000
0x00000000
0x00000000
0x01039a6a
0x01039bf2
0x01039bf2
0x01039bf6
0x01039bfb
0x01039bfb
0x01039bfe
0x01039bfe
0x01039c05
0x0108a0e1
0x0108a0e1
0x01039c0e
0x0108a0ec
0x0108a0f3
0x0108a0fe
0x0108a0fe
0x0108a10b
0x0108a10b
0x01039c1c
0x01039c1c

Strings

LdrResFallbackLangList Enter, xrefs: 010399F2
LdrResFallbackLangList Exit, xrefs: 01039A04

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
API String ID: 0-1720564570
Opcode ID: 7077a27dfb772f7a203d38c4778192a66af9759e86882ab33fee6617071adb52
Instruction ID: 36a2140325ca08477766954bf7b282cfa313f80301e461b1ef0e42daf1d837dd
Opcode Fuzzy Hash: 7077a27dfb772f7a203d38c4778192a66af9759e86882ab33fee6617071adb52
Instruction Fuzzy Hash: E3B1EF72208386CBD714DF18C580BAAB7E8FFC5708F04896AF9C59B281D770C945CB92

Uniqueness

Uniqueness Score: -1.00%

Function 010EE539 Relevance: 2.8, Strings: 2, Instructions: 261
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E010EE539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E010EBBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E010EBCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E010EAFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E01069730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E010EA80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E010EA854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E01069730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E010EA80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E010EA854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E01042280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E0103B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E0103FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E01047D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E010DFEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}

0x010ee547
0x010ee549
0x010ee54f
0x010ee553
0x010ee557
0x010ee55a
0x010ee55c
0x010ee55f
0x010ee561
0x010ee567
0x010ee56b
0x010ee7e2
0x00000000
0x010ee571
0x010ee575
0x010ee577
0x010ee57b
0x010ee57c
0x010ee57d
0x010ee57e
0x010ee57f
0x010ee588
0x010ee58f
0x010ee591
0x010ee592
0x010ee592
0x010ee596
0x010ee59e
0x010ee5a0
0x010ee5a6
0x010ee61d
0x010ee61d
0x010ee621
0x010ee623
0x010ee630
0x010ee630
0x010ee7e6
0x010ee7eb
0x010ee7ed
0x010ee7f4
0x010ee7fa
0x010ee7ff
0x010ee7ff
0x010ee80a
0x010ee812
0x010ee812
0x010ee5ab
0x010ee5b4
0x010ee5b9
0x010ee5be
0x010ee5c0
0x010ee5c2
0x010ee5c8
0x010ee5c9
0x010ee5cb
0x010ee5cc
0x010ee5d5
0x010ee5e4
0x010ee5f1
0x010ee5f8
0x010ee5f8
0x010ee5d5
0x010ee602
0x010ee616
0x010ee63d
0x010ee644
0x010ee64d
0x010ee652
0x010ee657
0x010ee659
0x010ee65b
0x010ee661
0x010ee662
0x010ee664
0x010ee665
0x010ee66e
0x010ee67d
0x010ee68a
0x010ee691
0x010ee691
0x010ee66e
0x010ee6b0
0x00000000
0x010ee6b6
0x010ee6bd
0x010ee6c7
0x010ee6d7
0x010ee6d9
0x010ee6db
0x010ee6de
0x010ee6e3
0x010ee6f3
0x010ee6fc
0x010ee700
0x010ee700
0x010ee704
0x010ee70a
0x010ee70a
0x010ee713
0x010ee716
0x010ee719
0x010ee720
0x010ee761
0x010ee76b
0x010ee774
0x010ee77a
0x010ee77a
0x010ee78a
0x010ee791
0x010ee799
0x010ee79b
0x010ee79f
0x010ee7aa
0x010ee7c0
0x010ee7ac
0x010ee7b2
0x010ee7b9
0x010ee7b9
0x010ee7c7
0x010ee806
0x00000000
0x010ee7c9
0x010ee7d1
0x010ee7d8
0x00000000
0x010ee7d8
0x00000000
0x00000000
0x010ee722
0x010ee72e
0x010ee748
0x010ee74c
0x010ee754
0x010ee756
0x010ee75c
0x010ee75c
0x00000000
0x010ee75c
0x010ee758
0x010ee758
0x00000000
0x010ee758
0x010ee750
0x00000000
0x00000000
0x010ee752
0x00000000
0x010ee752
0x010ee730
0x010ee735
0x010ee73d
0x010ee73f
0x00000000
0x00000000
0x010ee741
0x010ee741
0x00000000
0x010ee741
0x010ee739
0x00000000
0x00000000
0x010ee73b
0x00000000
0x010ee73b
0x010ee722
0x010ee720
0x010ee6b0
0x010ee618
0x00000000
0x010ee618

Strings

`, xrefs: 010EE670
`, xrefs: 010EE5D7

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: `$`
API String ID: 0-197956300
Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
Instruction ID: da619803d8031383be82ff9f6dd042d2263821439f826b0898a4e4ac27dda725
Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
Instruction Fuzzy Hash: 6F91BF312043469FE764CE2AC948B5BBBE5BF88714F14896DF6D9CB290E774E804CB52

Uniqueness

Uniqueness Score: -1.00%

Function 010A51BE Relevance: 2.7, Strings: 2, Instructions: 173
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E010A51BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x11005f0);
				E0107D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E0103EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E010A53CA(0);
						return E0107D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0106F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E01043690(1, _t117, 0x1001810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0106AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = E01044620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0106AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E010A500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E01069860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}

0x010a51be
0x010a51c3
0x010a51c8
0x010a51cd
0x010a51d0
0x010a51d3
0x010a51d8
0x010a51db
0x010a51de
0x010a51e0
0x010a51e3
0x010a51e6
0x010a51e8
0x010a5342
0x010a5351
0x010a5356
0x010a535a
0x010a5360
0x010a5363
0x010a5366
0x010a5369
0x010a5369
0x010a536b
0x010a536b
0x010a5370
0x010a53a3
0x010a53a4
0x010a53a6
0x010a53ab
0x010a53ab
0x010a53ae
0x010a53ae
0x010a53b5
0x010a53bf
0x010a53bf
0x010a5375
0x010a5396
0x010a53a0
0x010a53a0
0x00000000
0x010a5396
0x010a5377
0x010a5379
0x010a537f
0x010a538c
0x010a5390
0x00000000
0x010a5390
0x010a51ee
0x010a51f1
0x010a5301
0x010a5310
0x010a5315
0x010a5318
0x010a531b
0x010a5320
0x010a532e
0x010a5331
0x00000000
0x010a5331
0x010a5328
0x010a5329
0x00000000
0x010a5329
0x010a51fa
0x010a5235
0x010a5236
0x010a5239
0x010a523f
0x010a5240
0x010a5241
0x010a5242
0x010a5246
0x010a5247
0x010a524e
0x010a5251
0x010a5267
0x010a5269
0x010a526e
0x010a527d
0x010a527e
0x010a5281
0x010a5282
0x010a5287
0x010a5288
0x010a528a
0x010a528f
0x010a5294
0x00000000
0x00000000
0x010a529a
0x010a529c
0x010a529e
0x010a529e
0x010a52a4
0x010a52b0
0x00000000
0x00000000
0x010a52ba
0x010a52bc
0x010a52bc
0x010a52d4
0x010a52d9
0x010a52dc
0x010a52e1
0x00000000
0x00000000
0x010a52e7
0x010a52f4
0x00000000
0x010a52f4
0x010a5270
0x00000000
0x010a5270
0x010a51fc
0x010a51fd
0x010a5202
0x010a5203
0x010a5205
0x010a520a
0x010a520f
0x00000000
0x00000000
0x010a521b
0x010a5226
0x010a522b
0x010a521d
0x010a521d
0x010a5222
0x010a5222
0x010a522d
0x00000000

Strings

Legacy, xrefs: 010A5226
UEFI, xrefs: 010A521D

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID: InitializeThunk
String ID: Legacy$UEFI
API String ID: 2994545307-634100481
Opcode ID: b7ecaeda6eff435310c9760c7658873b9c5fac535b8ef9c0b1618f7072d59296
Instruction ID: c2efe3c1619e53a2585086385737df12894278d2e2c4a6e7d2af62b75e78cfb2
Opcode Fuzzy Hash: b7ecaeda6eff435310c9760c7658873b9c5fac535b8ef9c0b1618f7072d59296
Instruction Fuzzy Hash: 1C515EB2A006099FDB25DFA8CD40BAEBBF8BF48740F54806DE689EB251D7719901CB50

Uniqueness

Uniqueness Score: -1.00%

Function 010361A7 Relevance: 2.6, Strings: 2, Instructions: 115
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010361A7(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, signed int* _a8, intOrPtr _a12) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				short _v22;
				char _v24;
				char* _v28;
				short _v30;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t33;
				short _t34;
				void* _t35;
				signed char* _t38;
				signed int _t39;
				signed char* _t40;
				intOrPtr* _t43;
				void* _t45;
				signed int _t46;
				signed int _t47;
				signed int _t49;
				signed int _t53;
				signed char* _t56;
				short _t59;
				intOrPtr* _t61;
				signed int _t69;
				signed int _t70;

				_v12 = __ecx;
				_t70 = 0;
				_t59 = 0x42;
				_t33 = 0x44;
				_v22 = _t33;
				_t34 = 0x40;
				_v16 = __edx;
				_v8 = 0;
				_v24 = _t59;
				_v20 = L"RtlpResUltimateFallbackInfo Enter";
				_v32 = _t34;
				_v30 = _t59;
				_v28 = L"RtlpResUltimateFallbackInfo Exit";
				_t35 = E01047D50();
				_t56 = 0x7ffe0385;
				if(_t35 != 0) {
					_t38 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
				} else {
					_t38 = 0x7ffe0385;
				}
				_t71 = 0x7ffe0384;
				if(( *_t38 & 0x00000001) != 0) {
					_t39 = E01047D50();
					__eflags = _t39;
					if(_t39 == 0) {
						_t40 = 0x7ffe0384;
					} else {
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					E010B6715( &_v24,  *_t40 & 0x000000ff);
				}
				_t67 = _v12;
				if(_v12 == 0) {
					L27:
					return 0xc000000d;
				} else {
					_t43 = _a4;
					if(_t43 == 0) {
						goto L27;
					}
					_t61 = _a8;
					_t77 = _t61;
					if(_t61 == 0) {
						goto L27;
					}
					 *_t43 = _t70;
					 *_t61 = _t70;
					_t45 = E010362A0(_t56, _t70, _t71, _t77, _t67, _v16,  &_v8, _a12, 1);
					if(_t45 >= 0) {
						_t46 = _v8;
						__eflags = _t46;
						if(_t46 == 0) {
							L17:
							_t70 = 0xc0000001;
							L14:
							_t47 = E01047D50();
							__eflags = _t47;
							if(_t47 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t56 & 0x00000001;
							if(( *_t56 & 0x00000001) != 0) {
								_t49 = E01047D50();
								__eflags = _t49;
								if(_t49 != 0) {
									_t71 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
									__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								E010B6715( &_v32,  *_t71 & 0x000000ff);
								goto L16;
							} else {
								L16:
								return _t70;
							}
						}
						__eflags = _t46 - 0xffffffff;
						if(_t46 == 0xffffffff) {
							goto L17;
						}
						__eflags =  *((intOrPtr*)(_t46 + 0x7c)) - _t70;
						if( *((intOrPtr*)(_t46 + 0x7c)) == _t70) {
							goto L17;
						}
						__eflags =  *((intOrPtr*)(_t46 + 0x80)) - _t70;
						if( *((intOrPtr*)(_t46 + 0x80)) == _t70) {
							goto L17;
						}
						_t69 =  *(_t46 + 0x18);
						__eflags = _t69;
						if(_t69 == 0) {
							goto L17;
						}
						_t53 = _t46 +  *((intOrPtr*)(_t46 + 0x7c));
						__eflags = _t53;
						 *_a8 = _t69;
						 *_a4 = _t53;
						goto L14;
					}
					return _t45;
				}
			}

0x010361b4
0x010361b7
0x010361b9
0x010361bc
0x010361bf
0x010361c3
0x010361c4
0x010361c7
0x010361ca
0x010361ce
0x010361d5
0x010361d9
0x010361dd
0x010361e4
0x010361e9
0x010361f0
0x01088fb9
0x010361f6
0x010361f6
0x010361f6
0x010361fb
0x01036200
0x01088fc3
0x01088fc8
0x01088fca
0x01088fdc
0x01088fcc
0x01088fd5
0x01088fd5
0x01088fe4
0x01088fe4
0x01036206
0x0103620b
0x0108902a
0x00000000
0x01036211
0x01036211
0x01036216
0x00000000
0x00000000
0x0103621c
0x0103621f
0x01036221
0x00000000
0x00000000
0x0103622c
0x01036235
0x01036238
0x0103623f
0x0103624a
0x0103624d
0x0103624f
0x01036291
0x01036291
0x01036277
0x01036277
0x0103627c
0x0103627e
0x01088ff7
0x01088ff7
0x01036284
0x01036287
0x01089002
0x01089007
0x01089009
0x01089014
0x01089014
0x01089014
0x01089020
0x00000000
0x0103628d
0x0103628d
0x00000000
0x0103628d
0x01036287
0x01036251
0x01036254
0x00000000
0x00000000
0x01036256
0x01036259
0x00000000
0x00000000
0x0103625b
0x01036261
0x00000000
0x00000000
0x01036263
0x01036266
0x01036268
0x00000000
0x00000000
0x0103626d
0x0103626d
0x01036270
0x01036275
0x00000000
0x01036275
0x01036247
0x01036247

Strings

RtlpResUltimateFallbackInfo Enter, xrefs: 010361CE
RtlpResUltimateFallbackInfo Exit, xrefs: 010361DD

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
API String ID: 0-2876891731
Opcode ID: 8e49570f50f8259a6e93bdba5ee659fcf1c7e41a45a20213e88207ce8fcceac6
Instruction ID: f2798983572095587fc718414b2cbf96b4186d5247c38b6ff3875244f2080389
Opcode Fuzzy Hash: 8e49570f50f8259a6e93bdba5ee659fcf1c7e41a45a20213e88207ce8fcceac6
Instruction Fuzzy Hash: E741C171604645AFEB11AFA9C844BBE7BF8FFC1304F1540A5EAC0DB291EB369A00CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0103C1C0 Relevance: 2.1, Strings: 1, Instructions: 876
COMMONCrypto

Download Yara Rule

C-Code - Quality: 94%

			E0103C1C0(signed int __ecx, signed int __edx, signed int _a4, signed int _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				char _v60;
				signed int _v64;
				signed int _v68;
				char _v69;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				char _v104;
				signed char _v105;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int* _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed short _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				char _v165;
				signed int _v172;
				signed int _v176;
				void* _v180;
				signed int _v184;
				char _v188;
				signed int _v192;
				signed int _v196;
				intOrPtr _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				void* _v216;
				signed int _v220;
				signed int* _v224;
				signed int* _v228;
				signed int _v236;
				char _v244;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* __ebp;
				signed int _t427;
				signed int _t428;
				signed int _t434;
				signed int _t439;
				void* _t441;
				signed int _t442;
				signed int _t443;
				signed char _t444;
				signed int _t452;
				signed int _t459;
				signed int _t460;
				signed int _t462;
				signed int _t463;
				signed char _t464;
				signed int _t470;
				signed short _t471;
				signed int _t474;
				signed int _t477;
				signed int _t479;
				signed int* _t483;
				signed short _t485;
				signed int _t486;
				signed int _t487;
				signed int _t490;
				signed int _t492;
				signed int _t500;
				signed int _t504;
				signed int _t511;
				signed int _t518;
				signed int _t527;
				signed int _t529;
				signed int _t531;
				signed int _t532;
				signed int _t536;
				signed int _t544;
				void* _t546;
				signed char _t548;
				signed short _t552;
				signed short* _t555;
				intOrPtr _t556;
				signed int _t557;
				signed int _t560;
				signed char _t565;
				signed int _t566;
				signed char _t568;
				intOrPtr* _t569;
				signed char _t575;
				signed int _t582;
				signed short _t583;
				signed int _t584;
				signed int _t588;
				signed int _t590;
				signed int _t591;
				signed int _t598;
				intOrPtr _t599;
				signed char _t601;
				intOrPtr* _t602;
				signed int _t605;
				intOrPtr* _t608;
				signed int _t618;
				void* _t620;
				signed int _t621;
				signed int _t622;
				signed int _t623;
				signed int _t626;
				signed int _t630;
				signed int _t631;
				signed int* _t633;
				void* _t634;
				signed int _t635;
				signed int _t636;
				signed int _t637;
				signed int* _t638;
				signed int _t641;
				void* _t642;
				intOrPtr _t643;

				_push(0xfffffffe);
				_push(0x10ffa78);
				_push(0x10717f0);
				_push( *[fs:0x0]);
				_t643 = _t642 - 0xe0;
				_t427 =  *0x111d360;
				_v12 = _v12 ^ _t427;
				_t428 = _t427 ^ _t641;
				_v32 = _t428;
				_push(_t428);
				 *[fs:0x0] =  &_v20;
				_v28 = _t643;
				_t633 = __edx;
				_v100 = __edx;
				_v96 = __ecx;
				_v164 = __edx;
				_v128 = _a12;
				_v160 = __edx;
				_v69 = 0;
				_v184 = 0;
				_t560 = _a4;
				_t594 = _a8;
				if(_t560 < 3) {
					__eflags = _t594 & 0x00000002;
					if((_t594 & 0x00000002) != 0) {
						goto L1;
					}
					L214:
					_t431 = 0xc00000f1;
					L92:
					 *[fs:0x0] = _v20;
					_pop(_t620);
					_pop(_t634);
					_pop(_t546);
					return E0106B640(_t431, _t546, _v32 ^ _t641, _t594, _t620, _t634);
				}
				L1:
				if(_t560 > 4) {
					goto L214;
				}
				_t434 = _t594 & 0x00000041;
				if(_t434 != 0) {
					__eflags = _t560 - 4;
					if(_t560 != 4) {
						goto L214;
					}
					L147:
					__eflags = _t434;
					if(_t434 == 0) {
						goto L214;
					}
					__eflags = _t560 - 4;
					if(_t560 == 4) {
						_t560 = 3;
					}
					L4:
					_v124 = _t560;
					_v136 = _t560;
					_v8 = 0;
					_t548 =  !_t594;
					if((_t548 & 0x00000010) == 0) {
						L30:
						_t549 = 1;
						_v104 = 1;
						_t565 = _v96;
						_t635 = _t565;
						_v208 = _t635;
						_v120 = 0;
						_t621 = 0;
						_v92 = 0;
						__eflags = _t565 & 0x00000003;
						if((_t565 & 0x00000003) != 0) {
							asm("sbb al, al");
							_t549 = 0x00000001 &  !( ~(_t565 & 0x00000001));
							_v104 = 1;
							_t635 = _t635 & 0xfffffffc;
							__eflags = _t635;
							_v208 = _t635;
						}
						_t594 = E0103E9C0(1, _t635, 0, 0,  &_v120);
						_t566 = _v120;
						__eflags = _t566;
						if(_t566 == 0) {
							L46:
							__eflags = _t594;
							if(_t594 < 0) {
								goto L207;
							}
							goto L47;
						} else {
							_t511 =  *(_t566 + 0x18) & 0x0000ffff;
							_t594 = 0x10b;
							__eflags = _t511 - 0x10b;
							if(_t511 != 0x10b) {
								_t594 = 0x20b;
								__eflags = _t511 - 0x20b;
								if(_t511 != 0x20b) {
									L207:
									_t621 = 0;
									L134:
									_v92 = _t621;
									L47:
									_v116 = _t621;
									__eflags = _t621;
									if(_t621 == 0) {
										_v8 = 0xfffffffe;
										_t431 = 0xc0000089;
										goto L92;
									}
									_v176 = _t621;
									_v84 = 0xeeee;
									_v112 = 0;
									_t636 = 0;
									_v156 = 0;
									_v148 = 0;
									__eflags = 0;
									_v68 = 0;
									_v64 = 0;
									_v88 = 0;
									_v180 = 0;
									_t594 = _v100;
									while(1) {
										L49:
										__eflags = _t621;
										if(_t621 == 0) {
											goto L112;
										}
										_t470 = _v136;
										_t566 = _t470 - 1;
										_v136 = _t566;
										__eflags = _t470;
										if(_t470 == 0) {
											goto L112;
										}
										__eflags = _t566;
										if(_t566 == 0) {
											__eflags = _v124 - 3;
											if(_v124 == 3) {
												_v148 = _t621;
											}
										}
										__eflags = _v148;
										if(_v148 != 0) {
											_t471 =  *((intOrPtr*)(_v160 + 8));
											_v88 = _t471;
											__eflags = 0x000003ff & _t471;
											_t189 =  &_v69;
											 *_t189 = (0x000003ff & _t471) == 0;
											__eflags =  *_t189;
											_t550 = _a8;
											goto L96;
										} else {
											L53:
											_t566 =  *((intOrPtr*)(_t621 + 0xc));
											_t109 = _t621 + 0x10; // 0x10
											_t638 = _t109;
											_v224 = _t638;
											_t459 =  *_t594;
											_v92 = _t459;
											_t460 = _t459 & 0xffff0000;
											__eflags = _t460;
											_v140 = _t460;
											if(_t460 == 0) {
												_t638 = _t638 + (_t566 & 0x0000ffff) * 8;
												_v224 = _t638;
												_t566 =  *((intOrPtr*)(_t621 + 0xe));
											}
											__eflags = _t566;
											if(_t566 == 0) {
												_t623 = _v124;
												_t462 = _t623 - _v136;
												__eflags = _t462 - 1;
												if(__eflags != 0) {
													_t462 = _t462 - 2;
													__eflags = _t462;
													if(__eflags == 0) {
														_t637 = 0xc000008b;
														L197:
														_v76 = _t637;
														_t550 = _a8;
														_t594 =  !_a8;
														asm("bt edx, 0x13");
														asm("bt edx, 0x11");
														_t463 = _t462 & 0xffffff00 | __eflags > 0x00000000;
														_t575 = (_t566 & 0xffffff00 | __eflags > 0x00000000) & _t463;
														__eflags =  !_a8 & 0x00000010;
														_t464 = _t463 & 0xffffff00 | ( !_a8 & 0x00000010) != 0x00000000;
														__eflags = _t464 & _t575;
														if((_t464 & _t575) == 0) {
															goto L91;
														}
														__eflags = _t623 - 3;
														if(_t623 != 3) {
															goto L91;
														} else {
															_t569 = _v160;
															_v48 =  *_t569;
															_v44 =  *((intOrPtr*)(_t569 + 4));
															_v40 =  *((intOrPtr*)(_t569 + 8));
															__eflags = _a4 - 4;
															if(_a4 != 4) {
																goto L191;
															}
															goto L247;
														}
														L199:
														__eflags = _t548 & 0x00000008;
														if((_t548 & 0x00000008) == 0) {
															L11:
															_v80 = 0;
															_v140 = 0;
															_v68 = 0;
															_t557 = _v96;
															_t631 = E0103D1D0(_t557, 0, 0, 8);
															_v68 = _t631;
															if(_t631 == 0xffffffff) {
																L169:
																_t529 = 0x80000;
																_v80 = 0x80000;
																L19:
																_t594 = _a8 | _t529;
																_a8 = _t594;
																if((_t594 & 0x00040000) == 0) {
																	goto L30;
																}
																_t431 = 0xc000008a;
																_v76 = 0xc000008a;
																if((_t594 & 0x00020000) == 0) {
																	_v48 =  *_t633;
																	_t588 = _v124;
																	if(_t588 < 2) {
																		_t531 = 0;
																	} else {
																		_t51 =  &(_t633[1]); // 0x49
																		_t531 =  *_t51;
																	}
																	_v44 = _t531;
																	if(_t588 != 3) {
																		_t532 = 0;
																	} else {
																		_t53 =  &(_t633[2]); // 0x64004c
																		_t532 =  *_t53;
																	}
																	_v40 = _t532;
																	if(_a4 == 4) {
																		_t318 =  &(_t633[3]); // 0x520072
																		_v36 =  *_t318;
																	}
																	_t594 =  &_v48;
																	_v76 = E0103B62E(_t557,  &_v48, _a4,  &_v48, _v128);
																}
																_v8 = 0xfffffffe;
																goto L92;
															}
															if(_t631 == 0) {
																_v60 = L"MUI";
																_v56 = 1;
																_v52 = 0;
																_t590 = _t557;
																_t536 = E0103C1C0(_t590,  &_v60, 3, 0x30,  &_v144);
																_v196 = _t536;
																__eflags = _t536;
																if(__eflags < 0) {
																	L193:
																	_t631 = 0;
																	_v68 = 0;
																	_t591 = _t590 | 0xffffffff;
																	L168:
																	_push(0);
																	_push(_t536);
																	_push(2);
																	_push(0);
																	_push(_t591);
																	_push(0);
																	E0105DA88(_t557, _t557, 0, _t631, _t633, __eflags);
																	__eflags = _t631;
																	if(_t631 != 0) {
																		goto L13;
																	}
																	goto L169;
																}
																_t590 = _t557;
																_t536 = E0103D9A0(_t590, _v144,  &_v68,  &_v140);
																_v196 = _t536;
																__eflags = _t536;
																if(__eflags < 0) {
																	goto L193;
																}
																_t631 = _v68;
																__eflags =  *_t631 - 0xfecdfecd;
																if(__eflags != 0) {
																	_t536 = 0xc000007b;
																	_v196 = 0xc000007b;
																	goto L193;
																}
																_v140 = 0;
																_t591 = _t631;
																goto L168;
															}
															L13:
															_push( &_v80);
															_push(_a8);
															_push( *_t633);
															_push(_t631);
															if(L0103ED40() < 0) {
																_t529 = 0x60000;
																L17:
																_v80 = _t529;
																L18:
																_t557 = _v96;
																goto L19;
															}
															_t529 = _v80;
															if(( *(_t631 + 0x14) & 0x00000100) != 0) {
																_t529 = _t529 | 0x00100000;
																_v80 = _t529;
															}
															if(( *(_t631 + 0x10) & 0x00000010) == 0) {
																goto L18;
															} else {
																_t529 = _t529 | 0x00200000;
																goto L17;
															}
														}
														__eflags = _t630;
														if(_t630 != 0) {
															__eflags = _t630 - 0x400;
															if(_t630 == 0x400) {
																goto L29;
															}
															__eflags = _t630 - 0x800;
															if(_t630 != 0x800) {
																goto L11;
															}
															goto L29;
														} else {
															L29:
															_t618 = _t594 | 0x00000010;
															__eflags = _t618;
															_a8 = _t618;
															goto L30;
														}
													}
													__eflags = _t462 == 1;
													if(_t462 == 1) {
														_t637 = 0xc0000204;
													} else {
														_t637 = 0xc000000d;
													}
													goto L90;
												}
												_t637 = 0xc000008a;
												goto L197;
											} else {
												__eflags = _v148;
												if(_v148 != 0) {
													_t550 = _a8;
													__eflags = _t550 & 0x00000020;
													if((_t550 & 0x00000020) == 0) {
														goto L57;
													}
													_t621 = 0;
													_v176 = 0;
													_v84 =  *_t638;
													_t636 = _t638[1] + _v116;
													__eflags = _t636;
													_v156 = _t636;
													L84:
													_t439 = _t550 & 0x00000002;
													__eflags = _t636;
													if(_t636 == 0) {
														L115:
														__eflags = _t621;
														if(_t621 != 0) {
															__eflags = _t439;
															if(_t439 == 0) {
																goto L116;
															}
															 *_v128 = _t621;
															_t637 = 0;
															L90:
															_v76 = _t637;
															L91:
															_v8 = 0xfffffffe;
															_t431 = _t637;
															goto L92;
														}
														L116:
														_t622 = _v124;
														_t441 = _t622 - _v136;
														__eflags = _t441 - 3;
														if(_t441 != 3) {
															_t442 = _t441 - 1;
															__eflags = _t442;
															if(__eflags != 0) {
																_t442 = _t442 - 1;
																__eflags = _t442;
																if(__eflags != 0) {
																	_t637 = 0xc000000d;
																	_v76 = 0xc000000d;
																	L227:
																	__eflags = _t637 - 0xc000008a;
																	if(__eflags == 0) {
																		L188:
																		_t594 =  !_t550;
																		asm("bt edx, 0x13");
																		asm("bt edx, 0x11");
																		_t443 = _t442 & 0xffffff00 | __eflags > 0x00000000;
																		_t568 = (_t566 & 0xffffff00 | __eflags > 0x00000000) & _t443;
																		__eflags =  !_t550 & 0x00000010;
																		_t444 = _t443 & 0xffffff00 | ( !_t550 & 0x00000010) != 0x00000000;
																		__eflags = _t444 & _t568;
																		if((_t444 & _t568) == 0) {
																			goto L91;
																		}
																		__eflags = _t622 - 3;
																		if(_t622 != 3) {
																			goto L91;
																		}
																		_t569 = _v160;
																		_v48 =  *_t569;
																		_v44 =  *((intOrPtr*)(_t569 + 4));
																		_v40 =  *((intOrPtr*)(_t569 + 8));
																		__eflags = _a4 - 4;
																		if(_a4 == 4) {
																			L247:
																			_v36 =  *((intOrPtr*)(_t569 + 0xc));
																		}
																		L191:
																		_t594 =  &_v48;
																		_t551 = _v96;
																		_t637 = E0103B62E(_v96,  &_v48, _a4, _t550, _v128);
																		_v76 = _t637;
																		__eflags = _t637;
																		if(_t637 >= 0) {
																			_t594 = 0;
																			E01054CD4(_t551, 0,  &_v48, _a4);
																		}
																		goto L91;
																	}
																	__eflags = _t637 - 0xc000008b;
																	if(__eflags != 0) {
																		goto L91;
																	}
																	goto L188;
																}
																_t637 = 0xc000008b;
																_v76 = 0xc000008b;
																goto L188;
															}
															_t637 = 0xc000008a;
															_v76 = 0xc000008a;
															goto L188;
														}
														_t637 = 0xc0000204;
														_v76 = 0xc0000204;
														__eflags = _v148;
														if(_v148 == 0) {
															goto L227;
														}
														_v156 = 0;
														L96:
														while(1) {
															L97:
															_t452 = _v112;
															_v112 = _v112 + 1;
															__eflags = _t452 - 0xc;
															if(__eflags > 0) {
																break;
															}
															switch( *((intOrPtr*)(_t452 * 4 +  &M0103CEB0))) {
																case 0:
																	__eflags = 0 - _v88;
																	if(0 == _v88) {
																		goto L119;
																	}
																	__eflags = _t550 & 0x00080000;
																	if((_t550 & 0x00080000) != 0) {
																		_t454 = _v88 & 0x0000ffff;
																		goto L102;
																	}
																	goto L101;
																case 1:
																	__edx = __ebx;
																	__edx =  !__ebx;
																	asm("bt edx, 0x13");
																	__ecx = __ecx & 0xffffff00 | __eflags > 0x00000000;
																	asm("bt edx, 0x11");
																	__eax = __eax & 0xffffff00 | __eflags > 0x00000000;
																	__cl = __cl & __al;
																	__eflags = __dl & 0x00000010;
																	__eax = __eax & 0xffffff00 | (__dl & 0x00000010) != 0x00000000;
																	__eflags = __al & __cl;
																	if((__al & __cl) == 0) {
																		goto L101;
																	}
																	__edx = _v160;
																	__eax =  *__edx;
																	_v48 =  *__edx;
																	__ecx = _v124;
																	__eflags = __ecx - 2;
																	if(__ecx < 2) {
																		__eax = 0;
																	} else {
																		__eax =  *(__edx + 4);
																	}
																	_v44 = __eax;
																	__eflags = __ecx - 3;
																	if(__ecx != 3) {
																		__eax = 0;
																	} else {
																		__eax =  *(__edx + 8);
																	}
																	_v40 = __eax;
																	__eflags = _a4 - 4;
																	if(_a4 == 4) {
																		__eax =  *(__edx + 0xc);
																		_v36 =  *(__edx + 0xc);
																	}
																	__edx =  &_v48;
																	__edi = _v96;
																	__ecx = __edi;
																	__eax = E0103B62E(__ecx, __edx, _a4, __ebx, _v128);
																	__esi = __eax;
																	_v76 = __esi;
																	__eflags = __esi;
																	if(__esi < 0) {
																		goto L101;
																	} else {
																		__eax =  &_v48;
																		__edx = 0;
																		__ecx = __edi;
																		__eax = E01054CD4(__ecx, 0,  &_v48, _a4);
																		goto L91;
																	}
																case 2:
																	__eflags = _v69;
																	if(_v69 != 0) {
																		goto L101;
																	}
																	__ax = _v88;
																	goto L102;
																case 3:
																	__eflags = __bl & 0x00000004;
																	if((__bl & 0x00000004) != 0) {
																		goto L145;
																	}
																	__eflags = _v69;
																	if(_v69 != 0) {
																		goto L101;
																	}
																	__edx =  &_v64;
																	__eax = E0102649B(__ecx, __edx);
																	__eflags = __eax;
																	if(__eax < 0) {
																		L119:
																		_t454 = 0;
																		goto L102;
																	}
																	__ax = _v64;
																	_v68 = __eax;
																	__eflags = _v64;
																	if(_v64 != 0) {
																		_v112 = _v112 - 1;
																	}
																	goto L104;
																case 4:
																	__eflags = _v69;
																	if(_v69 == 0) {
																		__ax = _v88;
																		__ecx = 0x3ff;
																		__ax = _v88 & __cx;
																	} else {
																		__eax = _v84 & 0x0000ffff;
																	}
																	goto L102;
																case 5:
																	__eflags = _v69;
																	if(_v69 != 0) {
																		goto L101;
																	}
																	goto L145;
																case 6:
																	__ax = _v84;
																	_v68 = __eax;
																	_v64 = __ax;
																	__eflags = __bl & 0x00000020;
																	if((__bl & 0x00000020) != 0) {
																		goto L104;
																	}
																	__eax = 0;
																	_v64 = __ax;
																	__eax = E0103ABEC();
																	__eflags = __al;
																	if(__al == 0) {
																		__eax = 0;
																		_v64 = __ax;
																		L173:
																		__eax = _v84 & 0x0000ffff;
																		goto L102;
																	}
																	 *[fs:0x18] =  *( *[fs:0x18] + 0xfc0);
																	__eax =  *( *( *[fs:0x18] + 0xfc0) + 4) & 0x0000ffff;
																	__eflags = _v184 - __eax;
																	if(_v184 >= __eax) {
																		__eax = 0;
																		__eflags = 0;
																		_v64 = __ax;
																		L172:
																		__ebx = _a8;
																		goto L173;
																	}
																	__edx =  *[fs:0x18];
																	 &_v165 =  &_v64;
																	__esi = _v184;
																	__edx =  *( *[fs:0x18] + 0xfc0);
																	__eax = E0103AAC7(__ecx, __edx, __esi,  &_v64,  &_v165);
																	__eax = _v64 & 0x0000ffff;
																	_v68 = __eax;
																	__eflags = __ax;
																	if(__ax == 0) {
																		goto L172;
																	}
																	__esi = __esi + 1;
																	_v184 = __esi;
																	_v112 = _v112 - 1;
																	__ebx = _a8;
																	goto L104;
																case 7:
																	__eax = __ebx;
																	__eax =  !__ebx;
																	__eflags = __eax & 0x00080000;
																	if((__eax & 0x00080000) == 0) {
																		L101:
																		_t454 = _v84;
																		goto L102;
																	}
																	__ecx = _v96;
																	__eax = E010360F7(__ecx, 0, 1);
																	__eflags = __eax;
																	if(__eax == 0) {
																		goto L101;
																	} else {
																		__eflags =  *__eax - 0xfecdfecd;
																		if( *__eax != 0xfecdfecd) {
																			goto L101;
																		}
																		__ecx =  *(__eax + 0x7c);
																		__eflags = __ecx;
																		if(__ecx == 0) {
																			goto L101;
																		}
																		 &_v244 = E0106BB40(__ecx,  &_v244,  &_v244);
																		 &_v216 =  &_v244;
																		__eax = L010343C0( &_v244,  &_v216);
																		__eflags = __al;
																		if(__al == 0) {
																			goto L101;
																		}
																		__ax = _v216;
																		goto L102;
																	}
																	goto L176;
																case 8:
																	L176:
																	__ax = _v84;
																	_v68 = __eax;
																	_v64 = _v84;
																	__eax = __ebx;
																	__eax =  !__ebx;
																	__eflags = __eax & 0x00080000;
																	if((__eax & 0x00080000) != 0) {
																		__ebx = __ebx | 0x00000020;
																		_a8 = __ebx;
																		goto L104;
																	}
																	__eflags =  *[fs:0x18];
																	if( *[fs:0x18] == 0) {
																		__ax = _v64;
																		__ebx = _a8;
																	} else {
																		__eax =  *[fs:0x18];
																		__ax =  *((intOrPtr*)(__eax + 0xc4));
																		_v64 =  *((intOrPtr*)(__eax + 0xc4));
																		__ebx = _a8;
																	}
																	goto L103;
																case 9:
																	_v68 = __esi;
																	_v64 = _v84;
																	__eax =  &_v180;
																	_push( &_v180);
																	_push(1);
																	__eax = E01069630();
																	_v76 = __eax;
																	__eflags = __eax;
																	if(__eax < 0) {
																		goto L104;
																	}
																	__ax = _v180;
																	goto L102;
																case 0xa:
																	__ax = _v84;
																	_v68 = __eax;
																	_v64 = _v84;
																	__eax =  &_v220;
																	_push( &_v220);
																	_push(0);
																	__eax = E01069630();
																	_v76 = __eax;
																	__eflags = __eax;
																	if(__eax < 0) {
																		goto L104;
																	}
																	__eax = _v220;
																	__eflags = __eax - _v180;
																	if(__eax == _v180) {
																		goto L104;
																	}
																	goto L102;
																case 0xb:
																	__eax = 0x409;
																	L102:
																	_v64 = _t454;
																	L103:
																	_v68 = _t454;
																	L104:
																	_t573 = _v68;
																	goto L105;
																case 0xc:
																	__ebx = __ebx | 0x00000020;
																	_a8 = __ebx;
																	L105:
																	_t456 =  !_t550;
																	__eflags = _t456 & 0x00000020;
																	if((_t456 & 0x00000020) == 0) {
																		L107:
																		_v84 = _v68 & 0x0000ffff;
																		_t594 =  &_v84;
																		_v100 = _t594;
																		_v164 = _t594;
																		_t621 = _v148;
																		_v176 = _t621;
																		goto L53;
																	}
																	__eflags = (_t573 & 0x0000ffff) - _v84;
																	if((_t573 & 0x0000ffff) == _v84) {
																		goto L97;
																	}
																	goto L107;
															}
														}
														L145:
														_v8 = 0xfffffffe;
														_t431 = 0xc0000204;
														goto L92;
													}
													__eflags = _t439;
													if(_t439 != 0) {
														goto L115;
													}
													 *_v128 = _t636;
													_t500 =  *[fs:0x18];
													__eflags =  *(_t500 + 0xfe0);
													if( *(_t500 + 0xfe0) == 0) {
														_v100 =  *[fs:0x18];
														 *((intOrPtr*)(_v100 + 0xfe0)) = E01044620(_t566,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xc);
													}
													_t504 =  *[fs:0x18];
													__eflags =  *(_t504 + 0xfe0);
													if( *(_t504 + 0xfe0) != 0) {
														_t594 = _v96;
														 *( *( *[fs:0x18] + 0xfe0)) = _t594;
														( *( *[fs:0x18] + 0xfe0))[1] = _v156;
														( *( *[fs:0x18] + 0xfe0))[2] = _t594;
													}
													_t637 = 0;
													__eflags = 0;
													goto L90;
												}
												L57:
												_v228 = _t638;
												_v152 = _t566;
												_t621 = 0;
												_v172 = 0;
												_v80 = 0;
												_v204 = 0;
												_t598 = (_t566 & 0x0000ffff) - 1;
												__eflags = _t598;
												_t599 = _t638 + _t598 * 8;
												_v200 = _t599;
												_v132 = _t566;
												while(1) {
													__eflags = _t638 - _t599;
													if(_t638 > _t599) {
														break;
													}
													_t601 = _v132;
													_t552 = _t566 >> 0x00000001 & 0x0000ffff;
													__eflags = _t552;
													if(_t552 == 0) {
														__eflags = _t566;
														if(_t566 == 0) {
															break;
														}
														_t474 =  *_t638;
														__eflags = _v140 - _t621;
														if(_v140 != _t621) {
															__eflags = _t474;
															if(_t474 >= 0) {
																break;
															}
															_t555 = (_t474 & 0x7fffffff) + _v116;
															_t477 = E010712B0(_v92,  &(_t555[1]),  *_t555 & 0x0000ffff);
															_t643 = _t643 + 0xc;
															_t566 = _t477;
															__eflags = _t566;
															if(_t566 != 0) {
																break;
															}
															_t602 = _v92;
															_v192 = _t602 + 2;
															do {
																_t479 =  *_t602;
																_t602 = _t602 + 2;
																__eflags = _t479;
															} while (_t479 != 0);
															__eflags = _t602 - _v192 >> 1 - ( *_t555 & 0x0000ffff);
															if(_t602 - _v192 >> 1 == ( *_t555 & 0x0000ffff)) {
																L77:
																__eflags = _t566;
																if(_t566 != 0) {
																	break;
																}
																_t566 = _t638[1];
																__eflags = _t566;
																if(_t566 >= 0) {
																	L111:
																	_t636 = _v116 + _t566;
																	_v204 = _t636;
																	L81:
																	_v176 = _t621;
																	_v156 = _t636;
																	_t594 = _v100 + 4;
																	_v100 = _t594;
																	_v164 = _t594;
																	goto L49;
																}
																L79:
																_t621 = (_t566 & 0x7fffffff) + _v116;
																__eflags = _t621;
																_v172 = _t621;
																break;
															}
															break;
														}
														__eflags = _t474;
														if(_t474 < 0) {
															break;
														}
														_t566 = _v92 - _t474;
														__eflags = _t566;
														goto L77;
													}
													_v105 = _v152 & 0x00000001;
													_t582 = _t552;
													_v192 = _t582;
													_t483 = _t638 + _t582 * 8;
													_v120 = _t483;
													__eflags = _t601 & 0x00000001;
													if((_t601 & 0x00000001) == 0) {
														_t483 =  &(_t483[0xfffffffffffffffe]);
														_v120 = _t483;
													}
													_t605 =  *_t483;
													__eflags = _v140 - _t621;
													if(_v140 != _t621) {
														__eflags = _t605;
														if(_t605 >= 0) {
															goto L67;
														}
														_t607 = (_t605 & 0x7fffffff) + _v116;
														_v144 = (_t605 & 0x7fffffff) + _v116;
														_t490 = E010712B0(_v92,  &(((_t605 & 0x7fffffff) + _v116)[1]),  *_t607 & 0x0000ffff);
														_t643 = _t643 + 0xc;
														_t584 = _t490;
														__eflags = _t584;
														if(_t584 != 0) {
															L163:
															_t483 = _v120;
															goto L64;
														}
														_t608 = _v92;
														_v188 = _t608 + 2;
														do {
															_t492 =  *_t608;
															_t608 = _t608 + 2;
															__eflags = _t492;
														} while (_t492 != 0);
														__eflags = _t608 - _v188 >> 1 - ( *_v144 & 0x0000ffff);
														if(_t608 - _v188 >> 1 != ( *_v144 & 0x0000ffff)) {
															_t483 = _v120;
															goto L72;
														}
														goto L163;
													} else {
														__eflags = _t605;
														if(_t605 < 0) {
															L72:
															_t638 =  &(_t483[2]);
															_v228 = _t638;
															_t486 = _t552;
															_v152 = _t486;
															_t599 = _v200;
															L70:
															_t487 = _t486 & 0x0000ffff;
															_v132 = _t487;
															_t566 = _t487;
															continue;
														}
														_t584 = _v92 - _t605;
														__eflags = _t584;
														L64:
														__eflags = _t584;
														if(__eflags == 0) {
															_t566 = _t483[1];
															__eflags = _t566;
															if(_t566 < 0) {
																goto L79;
															}
															_t621 = 0;
															__eflags = 0;
															_v172 = 0;
															goto L111;
														}
														if(__eflags >= 0) {
															goto L72;
														}
														_t582 = _v192;
														L67:
														_t599 = _t483 - 8;
														_v200 = _t599;
														__eflags = _v105;
														if(_v105 == 0) {
															_t583 = _t582 - 1;
															_v152 = _t583 & 0x0000ffff;
															_t485 = _t583 & 0x0000ffff;
														} else {
															_t485 = _t552;
															_v152 = _t485;
														}
														_t486 = _t485 & 0x0000ffff;
														goto L70;
													}
												}
												_t636 = _v80;
												goto L81;
											}
										}
										L112:
										_t550 = _a8;
										goto L84;
									}
								}
								_t566 = _t635;
								_t594 = L01022F47(_t566, _t549, 2,  &_v188, _t566,  &_v92);
								_t621 = _v92;
								goto L46;
							}
							__eflags =  *((intOrPtr*)(_t566 + 0x74)) - 2;
							if( *((intOrPtr*)(_t566 + 0x74)) <= 2) {
								goto L207;
							}
							_t626 =  *(_t566 + 0x88);
							_v132 = _t626;
							__eflags = _t626;
							if(_t626 == 0) {
								goto L207;
							}
							_v188 =  *((intOrPtr*)(_t566 + 0x8c));
							__eflags = _t549;
							if(_t549 != 0) {
								L133:
								_t621 = _t626 + _t635;
								__eflags = _t621;
								goto L134;
							}
							__eflags = _t626 -  *((intOrPtr*)(_t566 + 0x54));
							if(_t626 <  *((intOrPtr*)(_t566 + 0x54))) {
								goto L133;
							}
							_t82 = _v120 + 0x18; // 0x18
							_t594 = _t82 + ( *(_t566 + 0x14) & 0x0000ffff);
							_t518 =  *(_v120 + 6) & 0x0000ffff;
							_v144 = _t518;
							_t566 = 0;
							__eflags = 0;
							while(1) {
								_v236 = _t566;
								_v212 = _t594;
								__eflags = _t566 - _t518;
								if(_t566 >= _t518) {
									break;
								}
								_t556 =  *((intOrPtr*)(_t594 + 0xc));
								__eflags = _t626 - _t556;
								if(_t626 < _t556) {
									L114:
									_t594 = _t594 + 0x28;
									_t566 = _t566 + 1;
									continue;
								}
								__eflags = _t626 -  *((intOrPtr*)(_t594 + 0x10)) + _t556;
								if(_t626 >=  *((intOrPtr*)(_t594 + 0x10)) + _t556) {
									_t518 = _v144;
									goto L114;
								}
								__eflags = _t594;
								if(_t594 == 0) {
									break;
								}
								_t621 =  *((intOrPtr*)(_t594 + 0x14)) - _t556 + _v132 + _t635;
								__eflags = _t621;
								L44:
								_v92 = _t621;
								_v100 = _v164;
								__eflags = _t621;
								if(_t621 == 0) {
									goto L207;
								}
								_t594 = 0;
								__eflags = 0;
								goto L46;
							}
							_t621 = 0;
							goto L44;
						}
					}
					_t21 = _t560 - 1; // 0x2
					if(_t21 > 2) {
						goto L30;
					}
					if(_t560 != 3) {
						_t630 = 0;
					} else {
						_t22 =  &(_t633[2]); // 0x64004c
						_t630 =  *_t22 & 0x0000ffff;
					}
					_v88 = _t630;
					_t527 =  *_t633;
					if(_t527 == 0x10 || _t527 == 0x18) {
						goto L199;
					} else {
						if((_t527 & 0xffff0000) != 0) {
							_t544 = E0106E490(_t527, L"MUI");
							_t643 = _t643 + 8;
							__eflags = _t544;
							if(_t544 != 0) {
								goto L11;
							}
							_t594 = _a8;
							goto L199;
						}
						goto L11;
					}
				}
				if(_t560 == 4) {
					goto L147;
				}
				goto L4;
			}

0x0103c1c5
0x0103c1c7
0x0103c1cc
0x0103c1d7
0x0103c1d8
0x0103c1de
0x0103c1e3
0x0103c1e6
0x0103c1e8
0x0103c1ee
0x0103c1f2
0x0103c1f8
0x0103c1fb
0x0103c1fd
0x0103c200
0x0103c203
0x0103c20c
0x0103c20f
0x0103c215
0x0103c219
0x0103c223
0x0103c226
0x0103c22c
0x0103ce8b
0x0103ce8e
0x00000000
0x00000000
0x0108ae13
0x0108ae13
0x0103c762
0x0103c765
0x0103c76d
0x0103c76e
0x0103c76f
0x0103c77d
0x0103c77d
0x0103c232
0x0103c235
0x00000000
0x00000000
0x0103c23d
0x0103c240
0x0103ca53
0x0103ca56
0x00000000
0x00000000
0x0103ca5c
0x0103ca5c
0x0103ca5e
0x00000000
0x00000000
0x0103ca64
0x0103ca67
0x0103ca6d
0x0103ca6d
0x0103c24f
0x0103c24f
0x0103c252
0x0103c258
0x0103c261
0x0103c266
0x0103c39f
0x0103c39f
0x0103c3a1
0x0103c3a4
0x0103c3a7
0x0103c3a9
0x0103c3af
0x0103c3b6
0x0103c3b8
0x0103c3bb
0x0103c3be
0x0103c3c6
0x0103c3ca
0x0103c3cc
0x0103c3cf
0x0103c3cf
0x0103c3d2
0x0103c3d2
0x0103c3e8
0x0103c3ea
0x0103c3ed
0x0103c3ef
0x0103c4ae
0x0103c4ae
0x0103c4b0
0x00000000
0x00000000
0x00000000
0x0103c3f5
0x0103c3f5
0x0103c3f9
0x0103c3fe
0x0103c401
0x0103ca77
0x0103ca7c
0x0103ca7f
0x0103ce62
0x0103ce62
0x0103c9d3
0x0103c9d3
0x0103c4b6
0x0103c4b6
0x0103c4b9
0x0103c4bb
0x0103ce69
0x0103ce70
0x00000000
0x0103ce70
0x0103c4c1
0x0103c4c7
0x0103c4ce
0x0103c4d5
0x0103c4d7
0x0103c4dd
0x0103c4e3
0x0103c4e5
0x0103c4e8
0x0103c4ec
0x0103c4f0
0x0103c4f6
0x0103c500
0x0103c500
0x0103c500
0x0103c502
0x00000000
0x00000000
0x0103c508
0x0103c510
0x0103c511
0x0103c517
0x0103c519
0x00000000
0x00000000
0x0103c51f
0x0103c521
0x0103c780
0x0103c784
0x0103c78a
0x0103c78a
0x0103c784
0x0103c527
0x0103c52e
0x0103c79b
0x0103c79f
0x0103c7a8
0x0103c7ab
0x0103c7ab
0x0103c7ab
0x0103c7af
0x00000000
0x0103c534
0x0103c534
0x0103c534
0x0103c538
0x0103c538
0x0103c53b
0x0103c541
0x0103c543
0x0103c546
0x0103c546
0x0103c54b
0x0103c551
0x0103c556
0x0103c559
0x0103c55f
0x0103c55f
0x0103c563
0x0103c566
0x0103cdc9
0x0103cdce
0x0103cdd4
0x0103cdd7
0x0108af3f
0x0108af3f
0x0108af42
0x0108af5d
0x0103cde2
0x0103cde2
0x0103cde5
0x0103cdea
0x0103cdec
0x0103cdf3
0x0103cdf7
0x0103cdfa
0x0103cdfc
0x0103cdff
0x0103ce02
0x0103ce04
0x00000000
0x00000000
0x0108af67
0x0108af6a
0x00000000
0x0108af70
0x0108af70
0x0108af78
0x0108af7e
0x0108af84
0x0108af87
0x0108af8b
0x00000000
0x00000000
0x00000000
0x0108af8b
0x0103ce0f
0x0103ce0f
0x0103ce12
0x0103c2a8
0x0103c2a8
0x0103c2af
0x0103c2b9
0x0103c2c6
0x0103c2d0
0x0103c2d2
0x0103c2d8
0x0103cc01
0x0103cc01
0x0103cc06
0x0103c31f
0x0103c322
0x0103c324
0x0103c32d
0x00000000
0x00000000
0x0103c32f
0x0103c334
0x0103c33d
0x0103c341
0x0103c344
0x0103c34a
0x0108ae74
0x0103c350
0x0103c350
0x0103c350
0x0103c350
0x0103c353
0x0103c359
0x0108ae7b
0x0103c35f
0x0103c35f
0x0103c35f
0x0103c35f
0x0103c362
0x0103c369
0x0103cc0e
0x0103cc11
0x0103cc11
0x0103c377
0x0103c381
0x0103c381
0x0103c384
0x00000000
0x0103c384
0x0103c2e0
0x0103cb6d
0x0103cb74
0x0103cb7b
0x0103cb90
0x0103cb92
0x0103cb97
0x0103cb9d
0x0103cb9f
0x0103cd93
0x0103cd93
0x0103cd95
0x0103cd98
0x0103cbe6
0x0103cbe6
0x0103cbe8
0x0103cbe9
0x0103cbeb
0x0103cbed
0x0103cbee
0x0103cbf4
0x0103cbf9
0x0103cbfb
0x00000000
0x00000000
0x00000000
0x0103cbfb
0x0103cbb6
0x0103cbb8
0x0103cbbd
0x0103cbc3
0x0103cbc5
0x00000000
0x00000000
0x0103cbcb
0x0103cbce
0x0103cbd4
0x0108ae4d
0x0108ae52
0x00000000
0x0108ae52
0x0103cbda
0x0103cbe4
0x00000000
0x0103cbe4
0x0103c2e6
0x0103c2e9
0x0103c2ed
0x0103c2ee
0x0103c2f0
0x0103c2f8
0x0108ae5d
0x0103c319
0x0103c319
0x0103c31c
0x0103c31c
0x00000000
0x0103c31c
0x0103c2fe
0x0103c308
0x0108ae67
0x0108ae6c
0x0108ae6c
0x0103c312
0x00000000
0x0103c314
0x0103c314
0x00000000
0x0103c314
0x0103c312
0x0103c390
0x0103c393
0x0108ae31
0x0108ae34
0x00000000
0x00000000
0x0108ae3f
0x0108ae42
0x00000000
0x00000000
0x00000000
0x0103c399
0x0103c399
0x0103c399
0x0103c399
0x0103c39c
0x00000000
0x0103c39c
0x0103c393
0x0108af44
0x0108af47
0x0108af53
0x0108af49
0x0108af49
0x0108af49
0x00000000
0x0108af47
0x0103cddd
0x00000000
0x0103c56c
0x0103c56c
0x0103c573
0x0103c6be
0x0103c6c1
0x0103c6c4
0x00000000
0x00000000
0x0103c6ca
0x0103c6cc
0x0103c6d4
0x0103c6da
0x0103c6da
0x0103c6dd
0x0103c6e3
0x0103c6e5
0x0103c6e8
0x0103c6ea
0x0103c873
0x0103c873
0x0103c875
0x0103ce99
0x0103ce9b
0x00000000
0x00000000
0x0103cea4
0x0103cea6
0x0103c756
0x0103c756
0x0103c759
0x0103c759
0x0103c760
0x00000000
0x0103c760
0x0103c87b
0x0103c87b
0x0103c880
0x0103c886
0x0103c889
0x0103cd00
0x0103cd00
0x0103cd03
0x0103ce31
0x0103ce31
0x0103ce34
0x0108ae89
0x0108ae8e
0x0108ae91
0x0108ae91
0x0108ae97
0x0103cd11
0x0103cd13
0x0103cd15
0x0103cd1c
0x0103cd20
0x0103cd23
0x0103cd25
0x0103cd28
0x0103cd2b
0x0103cd2d
0x00000000
0x00000000
0x0103cd33
0x0103cd36
0x00000000
0x00000000
0x0103cd3c
0x0103cd44
0x0103cd4a
0x0103cd50
0x0103cd53
0x0103cd57
0x0108af91
0x0108af94
0x0108af94
0x0103cd5d
0x0103cd64
0x0103cd67
0x0103cd71
0x0103cd73
0x0103cd76
0x0103cd78
0x0103cd85
0x0103cd89
0x0103cd89
0x00000000
0x0103cd78
0x0108ae9d
0x0108aea3
0x00000000
0x00000000
0x00000000
0x0108aea9
0x0103ce3a
0x0103ce3f
0x00000000
0x0103ce3f
0x0103cd09
0x0103cd0e
0x00000000
0x0103cd0e
0x0103c88f
0x0103c894
0x0103c897
0x0103c89e
0x00000000
0x00000000
0x0103c8a4
0x0103c7b2
0x0103c7b5
0x0103c7b5
0x0103c7b5
0x0103c7b8
0x0103c7bb
0x0103c7be
0x00000000
0x00000000
0x0103c7c4
0x00000000
0x0103c7cd
0x0103c7d1
0x00000000
0x00000000
0x0103c7d7
0x0103c7dd
0x0103ce28
0x00000000
0x0103ce28
0x00000000
0x00000000
0x0103c8ba
0x0103c8bc
0x0103c8be
0x0103c8c2
0x0103c8c5
0x0103c8c9
0x0103c8cc
0x0103c8ce
0x0103c8d1
0x0103c8d4
0x0103c8d6
0x00000000
0x00000000
0x0103c8dc
0x0103c8e2
0x0103c8e4
0x0103c8e7
0x0103c8ea
0x0103c8ed
0x0108aeae
0x0103c8f3
0x0103c8f3
0x0103c8f3
0x0103c8f6
0x0103c8f9
0x0103c8fc
0x0108aeb5
0x0103c902
0x0103c902
0x0103c902
0x0103c905
0x0103c908
0x0103c90c
0x0103ce1d
0x0103ce20
0x0103ce20
0x0103c919
0x0103c91c
0x0103c91f
0x0103c921
0x0103c926
0x0103c928
0x0103c92b
0x0103c92d
0x00000000
0x0103c933
0x0103c936
0x0103c93a
0x0103c93c
0x0103c93e
0x00000000
0x0103c93e
0x00000000
0x0103c9db
0x0103c9df
0x00000000
0x00000000
0x0103c9e5
0x00000000
0x00000000
0x0103c9ee
0x0103c9f1
0x00000000
0x00000000
0x0103c9f3
0x0103c9f7
0x00000000
0x00000000
0x0103c9fd
0x0103ca00
0x0103ca05
0x0103ca07
0x0103c8b3
0x0103c8b3
0x00000000
0x0103c8b3
0x0103ca0d
0x0103ca11
0x0103ca14
0x0103ca17
0x0103ca1d
0x0103ca1d
0x00000000
0x00000000
0x0103ca25
0x0103ca29
0x0103ce7a
0x0103ce7e
0x0103ce83
0x0103ca2f
0x0103ca2f
0x0103ca2f
0x00000000
0x00000000
0x0103ca38
0x0103ca3c
0x00000000
0x00000000
0x00000000
0x00000000
0x0103c948
0x0103c94c
0x0103c94f
0x0103c953
0x0103c956
0x00000000
0x00000000
0x0103c95c
0x0103c95e
0x0103c962
0x0103c967
0x0103c969
0x0108aebc
0x0108aebe
0x0103cc22
0x0103cc22
0x00000000
0x0103cc22
0x0103c975
0x0103c97b
0x0103c97f
0x0103c985
0x0103cc19
0x0103cc19
0x0103cc1b
0x0103cc1f
0x0103cc1f
0x00000000
0x0103cc1f
0x0103c98b
0x0103c999
0x0103c99d
0x0103c9a4
0x0103c9aa
0x0103c9af
0x0103c9b3
0x0103c9b6
0x0103c9b9
0x00000000
0x00000000
0x0103c9bf
0x0103c9c0
0x0103c9c6
0x0103c9c9
0x00000000
0x00000000
0x0103cc2b
0x0103cc2d
0x0103cc2f
0x0103cc34
0x0103c7e3
0x0103c7e3
0x00000000
0x0103c7e3
0x0108aecb
0x0108aece
0x0108aed3
0x0108aed5
0x00000000
0x0108aedb
0x0108aedb
0x0108aee1
0x00000000
0x00000000
0x0108aee7
0x0108aeea
0x0108aeec
0x00000000
0x00000000
0x0108aefc
0x0108af08
0x0108af0f
0x0108af14
0x0108af16
0x00000000
0x00000000
0x0108af1c
0x00000000
0x0108af1c
0x00000000
0x00000000
0x0103cc3f
0x0103cc3f
0x0103cc43
0x0103cc46
0x0103cc4a
0x0103cc4c
0x0103cc4e
0x0103cc53
0x0108af28
0x0108af2b
0x00000000
0x0108af2b
0x0103cc59
0x0103cc61
0x0108af33
0x0108af37
0x0103cc67
0x0103cc67
0x0103cc6d
0x0103cc74
0x0103cc78
0x0103cc78
0x00000000
0x00000000
0x0103cc84
0x0103cc87
0x0103cc8b
0x0103cc91
0x0103cc92
0x0103cc94
0x0103cc99
0x0103cc9c
0x0103cc9e
0x00000000
0x00000000
0x0103cca4
0x00000000
0x00000000
0x0103ccb0
0x0103ccb4
0x0103ccb7
0x0103ccbb
0x0103ccc1
0x0103ccc2
0x0103ccc4
0x0103ccc9
0x0103cccc
0x0103ccce
0x00000000
0x00000000
0x0103ccd4
0x0103ccda
0x0103cce0
0x00000000
0x00000000
0x00000000
0x00000000
0x0103cceb
0x0103c7e7
0x0103c7e7
0x0103c7eb
0x0103c7eb
0x0103c7ee
0x0103c7ee
0x00000000
0x00000000
0x0103ccf5
0x0103ccf8
0x0103c7f1
0x0103c7f3
0x0103c7f5
0x0103c7f7
0x0103c801
0x0103c807
0x0103c80a
0x0103c80d
0x0103c810
0x0103c816
0x0103c81c
0x00000000
0x0103c81c
0x0103c7fc
0x0103c7ff
0x00000000
0x00000000
0x00000000
0x00000000
0x0103c7c4
0x0103ca42
0x0103ca42
0x0103ca49
0x00000000
0x0103ca49
0x0103c6f0
0x0103c6f2
0x00000000
0x00000000
0x0103c6fb
0x0103c6fd
0x0103c703
0x0103c70a
0x0103cda6
0x0103cdbe
0x0103cdbe
0x0103c710
0x0103c716
0x0103c71d
0x0103c72b
0x0103c72e
0x0103c742
0x0103c751
0x0103c751
0x0103c754
0x0103c754
0x00000000
0x0103c754
0x0103c579
0x0103c579
0x0103c57f
0x0103c586
0x0103c588
0x0103c590
0x0103c593
0x0103c59c
0x0103c59c
0x0103c59d
0x0103c5a0
0x0103c5a6
0x0103c5b0
0x0103c5b0
0x0103c5b2
0x00000000
0x00000000
0x0103c5b8
0x0103c5c1
0x0103c5c4
0x0103c5c7
0x0103c65f
0x0103c662
0x00000000
0x00000000
0x0103c664
0x0103c666
0x0103c66c
0x0103caa6
0x0103caa8
0x00000000
0x00000000
0x0103cab6
0x0103cac4
0x0103cac9
0x0103cacc
0x0103cace
0x0103cad0
0x00000000
0x00000000
0x0103cad6
0x0103cadc
0x0103cae2
0x0103cae2
0x0103cae5
0x0103cae8
0x0103cae8
0x0103caf8
0x0103cafa
0x0103c67b
0x0103c67b
0x0103c67d
0x00000000
0x00000000
0x0103c67f
0x0103c682
0x0103c684
0x0103c84c
0x0103c84f
0x0103c851
0x0103c69e
0x0103c69e
0x0103c6a4
0x0103c6ad
0x0103c6b0
0x0103c6b3
0x00000000
0x0103c6b3
0x0103c68a
0x0103c692
0x0103c692
0x0103c695
0x00000000
0x0103c695
0x00000000
0x0103cb00
0x0103c672
0x0103c674
0x00000000
0x00000000
0x0103c679
0x0103c679
0x00000000
0x0103c679
0x0103c5d5
0x0103c5d8
0x0103c5da
0x0103c5e0
0x0103c5e3
0x0103c5e6
0x0103c5e9
0x0103c63e
0x0103c641
0x0103c641
0x0103c5eb
0x0103c5ed
0x0103c5f3
0x0103cb05
0x0103cb07
0x00000000
0x00000000
0x0103cb13
0x0103cb16
0x0103cb27
0x0103cb2c
0x0103cb2f
0x0103cb31
0x0103cb33
0x0103cb65
0x0103cb65
0x00000000
0x0103cb65
0x0103cb35
0x0103cb3b
0x0103cb41
0x0103cb41
0x0103cb44
0x0103cb47
0x0103cb47
0x0103cb5d
0x0103cb5f
0x0108af9c
0x00000000
0x0108af9c
0x00000000
0x0103c5f9
0x0103c5f9
0x0103c5fb
0x0103c646
0x0103c646
0x0103c649
0x0103c64f
0x0103c651
0x0103c657
0x0103c630
0x0103c630
0x0103c633
0x0103c636
0x00000000
0x0103c636
0x0103c600
0x0103c600
0x0103c602
0x0103c602
0x0103c604
0x0103c839
0x0103c83c
0x0103c83e
0x00000000
0x00000000
0x0103c844
0x0103c844
0x0103c846
0x00000000
0x0103c846
0x0103c60a
0x00000000
0x00000000
0x0103c60c
0x0103c612
0x0103c612
0x0103c615
0x0103c61b
0x0103c61f
0x0103c827
0x0103c82b
0x0103c831
0x0103c625
0x0103c625
0x0103c627
0x0103c627
0x0103c62d
0x00000000
0x0103c62d
0x0103c5f3
0x0103c69b
0x00000000
0x0103c69b
0x0103c566
0x0103c85c
0x0103c85c
0x00000000
0x0103c85c
0x0103c500
0x0103ca95
0x0103ca9c
0x0103ca9e
0x00000000
0x0103ca9e
0x0103c407
0x0103c40b
0x00000000
0x00000000
0x0103c411
0x0103c417
0x0103c41a
0x0103c41c
0x00000000
0x00000000
0x0103c428
0x0103c42e
0x0103c430
0x0103c9d1
0x0103c9d1
0x0103c9d1
0x00000000
0x0103c9d1
0x0103c436
0x0103c439
0x00000000
0x00000000
0x0103c449
0x0103c44c
0x0103c44e
0x0103c452
0x0103c458
0x0103c458
0x0103c45a
0x0103c45a
0x0103c460
0x0103c466
0x0103c468
0x00000000
0x00000000
0x0103c46e
0x0103c471
0x0103c473
0x0103c86a
0x0103c86a
0x0103c86d
0x00000000
0x0103c86d
0x0103c47e
0x0103c480
0x0103c864
0x00000000
0x0103c864
0x0103c486
0x0103c488
0x00000000
0x00000000
0x0103c496
0x0103c496
0x0103c498
0x0103c498
0x0103c4a1
0x0103c4a4
0x0103c4a6
0x00000000
0x00000000
0x0103c4ac
0x0103c4ac
0x00000000
0x0103c4ac
0x0108ae82
0x00000000
0x0108ae82
0x0103c3ef
0x0103c26c
0x0103c272
0x00000000
0x00000000
0x0103c27b
0x0108ae1d
0x0103c281
0x0103c281
0x0103c281
0x0103c281
0x0103c285
0x0103c289
0x0103c28e
0x00000000
0x0103c29d
0x0103c2a2
0x0103ce4d
0x0103ce52
0x0103ce55
0x0103ce57
0x00000000
0x00000000
0x0108ae24
0x00000000
0x0108ae24
0x00000000
0x0103c2a2
0x0103c28e
0x0103c249
0x00000000
0x00000000
0x00000000

Strings

MUI, xrefs: 0103C2EE, 0103CB6D, 0103CE47

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: MUI
API String ID: 0-1339004836
Opcode ID: 3f399721f15615d15fb40ff205cec12ca86abb84b0179449f9116a15b6595e00
Instruction ID: 753a0666350d9c0301177d4db535e06d06c10f3dc85d190e16716722a0f66a27
Opcode Fuzzy Hash: 3f399721f15615d15fb40ff205cec12ca86abb84b0179449f9116a15b6595e00
Instruction Fuzzy Hash: 1D726D75E00219CBEB65CF68C9407ADBBF9BF88314F1481ABD999FB241D7309985CB50

Uniqueness

Uniqueness Score: -1.00%

Function 010CEB8A Relevance: 1.8, Strings: 1, Instructions: 599
COMMONCrypto

Download Yara Rule

C-Code - Quality: 71%

			E010CEB8A(signed int __ecx, signed int __edx, char _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t258;
				signed int _t260;
				signed int _t261;
				signed char _t262;
				signed int _t263;
				char* _t264;
				signed int _t265;
				intOrPtr _t267;
				signed int _t271;
				signed char _t272;
				signed short _t273;
				signed int _t277;
				signed char _t281;
				signed short _t283;
				signed short _t288;
				signed char _t289;
				signed short _t290;
				signed short _t292;
				signed short _t294;
				signed char _t295;
				intOrPtr _t296;
				signed int _t297;
				signed char _t298;
				unsigned int _t302;
				intOrPtr* _t303;
				signed int _t304;
				unsigned int _t306;
				signed short _t307;
				signed short _t308;
				signed int _t311;
				signed short _t314;
				signed short _t326;
				signed char _t329;
				signed short _t330;
				signed int _t332;
				void* _t333;
				signed short _t337;
				signed int _t339;
				void* _t340;
				signed short _t344;
				signed int _t347;
				signed int _t349;
				signed int _t351;
				signed int _t359;
				signed short _t362;
				signed int _t369;
				signed int _t376;
				signed short _t377;
				signed short* _t378;
				signed short _t381;
				signed char _t383;
				signed short _t384;
				signed short _t385;
				signed int _t390;
				signed int _t393;
				void* _t400;
				signed short _t406;
				signed int _t407;
				signed short _t408;
				signed short _t409;
				signed short _t410;
				signed short _t411;
				intOrPtr _t415;
				signed int _t416;
				signed char _t417;
				signed int _t418;
				unsigned int _t423;
				unsigned int _t431;
				signed int _t437;
				signed int _t442;
				intOrPtr _t443;
				void* _t449;
				intOrPtr _t451;
				signed short _t453;
				signed int _t455;

				_t258 =  *0x111d360 ^ _t455;
				_v8 = _t258;
				_t452 = __ecx;
				_t395 = __edx;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					__eflags =  *(__ecx + 0x40) & 0x61000000;
					asm("bt dword [edi+0x40], 0x1c");
					__eflags = (_t258 & 0xffffff00 | ( *(__ecx + 0x40) & 0x61000000) >= 0x00000000) & (__ecx & 0xffffff00 | __eflags != 0x00000000);
					if(__eflags == 0) {
						L5:
						_v12 = _v12 & 0x00000000;
						_t260 =  *_t395;
						_push(2);
						__eflags = _t260;
						if(_t260 != 0) {
							_t399 =  *(_t395 + 0xa) & 0x0000ffff;
							__eflags = _t399 & 0x00001002;
							if((_t399 & 0x00001002) == 0) {
								goto L25;
							}
							_t441 = _t399 & 0x00000002;
							__eflags = _t441;
							if(_t441 == 0) {
								L14:
								__eflags = _a4;
								if(_a4 == 0) {
									L17:
									_t453 =  *(_t395 + 4) + _t260;
									__eflags = _t399 & 0x00001000;
									if((_t399 & 0x00001000) != 0) {
										_t441 = _t260 - 0x18;
										_t399 = _t452;
										_t260 = E010CD42F(_t452, _t260 - 0x18);
									}
									__eflags = _a4;
									if(_a4 == 0) {
										L21:
										_t451 =  *((intOrPtr*)(_t260 + 0x10));
										_t399 = 2;
										__eflags = _t451 - _t452 + 0xa4;
										if(_t451 == _t452 + 0xa4) {
											__eflags =  *((intOrPtr*)(_t452 + 0xda)) - _t399;
											if( *((intOrPtr*)(_t452 + 0xda)) != _t399) {
												goto L62;
											}
											_t441 =  *(_t452 + 0xd4);
											goto L63;
										}
										_t441 = _t451 + 0xfffffff0;
										goto L63;
									} else {
										__eflags = _t453 -  *((intOrPtr*)(_t260 + 0x28));
										if(_t453 <  *((intOrPtr*)(_t260 + 0x28))) {
											goto L82;
										}
										goto L21;
									}
								}
								__eflags = _t441;
								if(_t441 == 0) {
									goto L17;
								}
								_t453 =  *(_t260 + 0x24);
								goto L82;
							} else {
								__eflags =  *((char*)(_t452 + 0xda)) - 2;
								if( *((char*)(_t452 + 0xda)) != 2) {
									_t437 = 0;
									__eflags = 0;
								} else {
									_t437 =  *(_t452 + 0xd4);
								}
								__eflags = _t260 - _t437;
								if(_t260 == _t437) {
									goto L61;
								} else {
									_t399 =  *(_t395 + 0xa) & 0x0000ffff;
									goto L14;
								}
							}
						} else {
							_t441 = _t452;
							L63:
							_t453 = 0;
							__eflags = _t441;
							if(_t441 != 0) {
								__eflags =  *((intOrPtr*)(_t452 + 0xda)) - _t399;
								if( *((intOrPtr*)(_t452 + 0xda)) != _t399) {
									_t359 = 0;
									__eflags = 0;
								} else {
									_t359 =  *(_t452 + 0xd4);
								}
								__eflags = _t441 - _t359;
								if(_t441 == _t359) {
									_t441 = _t395;
									E010E6D15(_t452, _t395,  &_v12);
									goto L193;
								} else {
									 *_t395 = _t441;
									__eflags =  *(_t452 + 0x4c) - _t453;
									if( *(_t452 + 0x4c) == _t453) {
										_t362 =  *_t441 & 0x0000ffff;
									} else {
										_t377 =  *_t441;
										__eflags =  *(_t452 + 0x4c) & _t377;
										if(( *(_t452 + 0x4c) & _t377) != 0) {
											_t377 = _t377 ^  *(_t452 + 0x50);
											__eflags = _t377;
										}
										_t362 = _t377 & 0x0000ffff;
									}
									 *(_t395 + 4) = (_t362 & 0x0000ffff) << 3;
									 *(_t395 + 0xa) = _t399;
									 *(_t395 + 8) = _t453;
									 *(_t395 + 0xc) =  *((intOrPtr*)(_t441 + 0x20)) -  *(_t441 + 0x2c) << 0xc;
									_t369 =  *(_t441 + 0x2c) << 0xc;
									 *(_t395 + 0x10) = _t369;
									__eflags =  *(_t441 + 0xc) & _t399;
									if(( *(_t441 + 0xc) & _t399) != 0) {
										_t376 = _t369 + 0x1000;
										__eflags = _t376;
										 *(_t395 + 0x10) = _t376;
									}
									 *(_t395 + 0x14) =  *((intOrPtr*)(_t441 + 0x24)) + (( !( *( *((intOrPtr*)(_t441 + 0x24)) + 2)) & 0x00000001) + 1) * 8;
									 *((intOrPtr*)(_t395 + 0x18)) =  *((intOrPtr*)(_t441 + 0x28));
									L82:
									__eflags = _t453;
									if(_t453 == 0) {
										L193:
										_t263 = E01047D50();
										__eflags = _t263;
										if(_t263 == 0) {
											_t264 = 0x7ffe0380;
										} else {
											_t264 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										__eflags =  *_t264;
										if( *_t264 != 0) {
											_t267 =  *[fs:0x30];
											__eflags =  *(_t267 + 0x240) & 0x00000001;
											if(( *(_t267 + 0x240) & 0x00000001) != 0) {
												__eflags = _v12 - 0x8000001a;
												if(_v12 != 0x8000001a) {
													E010E1BA8(_t452);
												}
											}
										}
										_t265 = _v12;
										goto L201;
									}
									_t272 =  *((intOrPtr*)(_t453 + 7));
									__eflags = _t272 & 0x00000040;
									if((_t272 & 0x00000040) == 0) {
										__eflags = _t272 - 4;
										if(_t272 != 4) {
											_t273 = _t453;
											L89:
											 *_t395 = _t273 + 8;
											_t441 = 2;
											 *(_t395 + 0xa) = 1;
											__eflags =  *((intOrPtr*)(_t452 + 0xda)) - _t441;
											if( *((intOrPtr*)(_t452 + 0xda)) != _t441) {
												_t277 = 0;
												__eflags = 0;
											} else {
												_t277 =  *(_t452 + 0xd4);
											}
											__eflags = _t277;
											if(_t277 == 0) {
												L97:
												_t281 =  *(_t452 + 0x4c) >> 0x00000014 &  *(_t452 + 0x52) ^  *(_t453 + 2);
												__eflags = _t281 & 0x00000001;
												if((_t281 & 0x00000001) == 0) {
													 *_t395 = _t453 + 0x10;
													__eflags =  *(_t452 + 0x4c);
													if( *(_t452 + 0x4c) == 0) {
														_t283 =  *_t453 & 0x0000ffff;
													} else {
														_t288 =  *_t453;
														__eflags =  *(_t452 + 0x4c) & _t288;
														if(( *(_t452 + 0x4c) & _t288) != 0) {
															_t288 = _t288 ^  *(_t452 + 0x50);
															__eflags = _t288;
														}
														_t283 = _t288 & 0x0000ffff;
													}
													 *(_t395 + 4) = (_t283 & 0x0000ffff) * 8 - 0x10;
													 *((char*)(_t395 + 9)) =  *(_t453 + 6);
													 *(_t395 + 0xa) = 0;
													 *(_t395 + 8) = 0x10;
													 *(_t395 + 0x14) = 0x10;
													goto L193;
												}
												_t289 =  *((intOrPtr*)(_t453 + 7));
												__eflags = _t289 & 0x00000040;
												if((_t289 & 0x00000040) == 0) {
													__eflags = _t289 - 4;
													if(_t289 != 4) {
														_t290 = _t453;
														L104:
														 *_t395 = _t290 + 8;
														_t399 =  *((intOrPtr*)(_t453 + 7));
														__eflags = _t399 - 4;
														if(_t399 == 4) {
															__eflags =  *(_t452 + 0x4c);
															if( *(_t452 + 0x4c) == 0) {
																_t292 =  *_t453 & 0x0000ffff;
															} else {
																_t308 =  *_t453;
																__eflags =  *(_t452 + 0x4c) & _t308;
																if(( *(_t452 + 0x4c) & _t308) != 0) {
																	_t308 = _t308 ^  *(_t452 + 0x50);
																	__eflags = _t308;
																}
																_t292 = _t308 & 0x0000ffff;
															}
															 *((char*)(_t395 + 9)) = 0x40;
															_t294 = 0x4001;
															 *(_t395 + 4) =  *((intOrPtr*)(_t453 - 8)) - (_t292 & 0x0000ffff);
															 *(_t395 + 0xa) = 0x4001;
															__eflags =  *(_t452 + 0x4c);
															if( *(_t452 + 0x4c) == 0) {
																_t406 =  *_t453 & 0x0000ffff;
															} else {
																_t307 =  *_t453;
																__eflags =  *(_t452 + 0x4c) & _t307;
																if(( *(_t452 + 0x4c) & _t307) != 0) {
																	_t307 = _t307 ^  *(_t452 + 0x50);
																	__eflags = _t307;
																}
																_t406 = _t307 & 0x0000ffff;
																_t294 =  *(_t395 + 0xa) & 0x0000ffff;
															}
															_t407 = _t406 & 0x0000ffff;
															 *(_t395 + 8) = _t407;
															__eflags = _t441 & _t294;
															if((_t441 & _t294) == 0) {
																 *(_t395 + 0x14) = _t407;
															}
															_t408 = _t294 & 0x0000ffff;
															L166:
															__eflags =  *(_t452 + 0x4c);
															if( *(_t452 + 0x4c) == 0) {
																_t295 =  *(_t453 + 2);
																_t409 = _t408 & 0x0000ffff;
															} else {
																_t306 =  *_t453;
																__eflags =  *(_t452 + 0x4c) & _t306;
																if(( *(_t452 + 0x4c) & _t306) != 0) {
																	_t306 = _t306 ^  *(_t452 + 0x50);
																	__eflags = _t306;
																}
																_t409 =  *(_t395 + 0xa) & 0x0000ffff;
																_t295 = _t306 >> 0x10;
															}
															__eflags = _t441 & _t295;
															if((_t441 & _t295) == 0) {
																_t296 =  *[fs:0x30];
																_t410 = _t409 & 0x0000ffff;
																__eflags =  *(_t296 + 0x68) & 0x00000800;
																if(( *(_t296 + 0x68) & 0x00000800) != 0) {
																	_t297 =  *(_t453 + 3) & 0x000000ff;
																} else {
																	_t297 = 0;
																}
																 *(_t395 + 0x10) = _t297;
															} else {
																_t441 = _t453;
																_t303 = E010CD380(_t452, _t453);
																 *(_t395 + 0xc) =  *(_t303 + 4);
																 *((short*)(_t395 + 0x12)) =  *_t303;
																_t415 =  *[fs:0x30];
																__eflags =  *(_t415 + 0x68) & 0x00000800;
																if(( *(_t415 + 0x68) & 0x00000800) != 0) {
																	_t304 =  *(_t303 + 2) & 0x0000ffff;
																} else {
																	_t304 = 0;
																}
																 *(_t395 + 0x10) = _t304;
																 *(_t395 + 0xa) =  *(_t395 + 0xa) | 0x00000010;
																_t410 =  *(_t395 + 0xa) & 0x0000ffff;
															}
															__eflags =  *(_t452 + 0x4c);
															if( *(_t452 + 0x4c) == 0) {
																_t298 =  *(_t453 + 2);
																_t411 = _t410 & 0x0000ffff;
															} else {
																_t302 =  *_t453;
																__eflags =  *(_t452 + 0x4c) & _t302;
																if(( *(_t452 + 0x4c) & _t302) != 0) {
																	_t302 = _t302 ^  *(_t452 + 0x50);
																	__eflags = _t302;
																}
																_t411 =  *(_t395 + 0xa) & 0x0000ffff;
																_t298 = _t302 >> 0x10;
															}
															 *(_t395 + 0xa) = _t298 & 0xe0 | _t411;
															goto L193;
														}
														__eflags = _t399 - 3;
														if(_t399 == 3) {
															_t408 = 0x1000;
															 *_t395 =  *(_t453 + 0x18);
															 *(_t395 + 0x14) =  *(_t395 + 0x14) & 0x00000000;
															 *(_t395 + 4) =  *(_t453 + 0x1c);
															 *(_t395 + 8) = 0x10000000;
															goto L166;
														}
														__eflags = _t399 - 1;
														if(_t399 != 1) {
															_t442 =  *(_t452 + 0x4c);
															__eflags = _t442;
															if(_t442 == 0) {
																_t311 =  *_t453 & 0x0000ffff;
															} else {
																_t344 =  *_t453;
																_t442 =  *(_t452 + 0x4c);
																__eflags = _t344 & _t442;
																if((_t344 & _t442) != 0) {
																	_t344 = _t344 ^  *(_t452 + 0x50);
																	__eflags = _t344;
																}
																_t399 =  *((intOrPtr*)(_t453 + 7));
																_t311 = _t344 & 0x0000ffff;
															}
															_v20 = _t311;
															__eflags = _t399 - 5;
															if(_t399 != 5) {
																__eflags = _t399 & 0x00000040;
																if((_t399 & 0x00000040) == 0) {
																	__eflags = (_t399 & 0x0000003f) - 0x3f;
																	if((_t399 & 0x0000003f) == 0x3f) {
																		__eflags = _t399;
																		if(_t399 >= 0) {
																			__eflags = _t442;
																			if(_t442 == 0) {
																				_t314 =  *_t453 & 0x0000ffff;
																			} else {
																				_t337 =  *_t453;
																				__eflags =  *(_t452 + 0x4c) & _t337;
																				if(( *(_t452 + 0x4c) & _t337) != 0) {
																					_t337 = _t337 ^  *(_t452 + 0x50);
																					__eflags = _t337;
																				}
																				_t314 = _t337 & 0x0000ffff;
																			}
																		} else {
																			_t431 = _t453 >> 0x00000003 ^  *_t453 ^  *0x111874c ^ _t452;
																			__eflags = _t431;
																			if(_t431 == 0) {
																				_t339 = _t453 - (_t431 >> 0xd);
																				__eflags = _t339;
																				_t340 =  *_t339;
																			} else {
																				_t340 = 0;
																			}
																			_t314 =  *((intOrPtr*)(_t340 + 0x14));
																		}
																		_t416 =  *(_t453 + (_t314 & 0xffff) * 8 - 4);
																	} else {
																		_t416 = _t399 & 0x3f;
																	}
																} else {
																	_t416 =  *(_t453 + 4 + (_t399 & 0x3f) * 8) & 0x0000ffff;
																}
															} else {
																_t416 =  *(_t452 + 0x54) & 0x0000ffff ^  *(_t453 + 4) & 0x0000ffff;
															}
															 *(_t395 + 4) = ((_v20 & 0x0000ffff) << 3) - _t416;
															 *((char*)(_t395 + 9)) =  *(_t453 + 6);
															 *(_t395 + 0xa) = 1;
															_t417 =  *((intOrPtr*)(_t453 + 7));
															__eflags = _t417 - 5;
															if(_t417 != 5) {
																__eflags = _t417 & 0x00000040;
																if((_t417 & 0x00000040) == 0) {
																	__eflags = (_t417 & 0x0000003f) - 0x3f;
																	if((_t417 & 0x0000003f) == 0x3f) {
																		__eflags = _t417;
																		if(_t417 >= 0) {
																			__eflags =  *(_t452 + 0x4c);
																			if( *(_t452 + 0x4c) == 0) {
																				_t326 =  *_t453 & 0x0000ffff;
																			} else {
																				_t330 =  *_t453;
																				__eflags =  *(_t452 + 0x4c) & _t330;
																				if(( *(_t452 + 0x4c) & _t330) != 0) {
																					_t330 = _t330 ^  *(_t452 + 0x50);
																					__eflags = _t330;
																				}
																				_t326 = _t330 & 0x0000ffff;
																			}
																		} else {
																			_t423 = _t453 >> 0x00000003 ^  *_t453 ^  *0x111874c ^ _t452;
																			__eflags = _t423;
																			if(_t423 == 0) {
																				_t332 = _t453 - (_t423 >> 0xd);
																				__eflags = _t332;
																				_t333 =  *_t332;
																			} else {
																				_t333 = 0;
																			}
																			_t326 =  *((intOrPtr*)(_t333 + 0x14));
																		}
																		_t418 =  *(_t453 + (_t326 & 0xffff) * 8 - 4);
																	} else {
																		_t418 = _t417 & 0x3f;
																	}
																} else {
																	_t418 =  *(_t453 + 4 + (_t417 & 0x3f) * 8) & 0x0000ffff;
																}
															} else {
																_t418 =  *(_t452 + 0x54) & 0x0000ffff ^  *(_t453 + 4) & 0x0000ffff;
															}
															_t329 =  *(_t395 + 0xa) & 0x0000ffff;
															_t441 = 2;
															 *(_t395 + 8) = _t418;
															__eflags = _t441 & _t329;
															if((_t441 & _t329) == 0) {
																 *(_t395 + 0x14) = _t418;
															}
															_t408 = _t329;
															goto L166;
														}
														 *(_t395 + 0xa) = 1;
														goto L26;
													}
													_t347 =  *(_t453 + 6) & 0x000000ff;
													L100:
													_t290 = _t453 + _t347 * 8;
													goto L104;
												}
												_t347 = _t289 & 0x3f;
												__eflags = _t347;
												goto L100;
											} else {
												_t441 = _t395;
												_t399 = _t452;
												_t349 = E010E67E2(_t452, _t395, _t452);
												__eflags = _t349;
												if(_t349 == 0) {
													_t441 = 2;
													goto L97;
												}
												__eflags =  *(_t395 + 0xa) & 0x00002000;
												if(( *(_t395 + 0xa) & 0x00002000) == 0) {
													goto L193;
												}
												L25:
												_t441 = 2;
												L26:
												__eflags =  *((intOrPtr*)(_t452 + 0xda)) - _t441;
												if( *((intOrPtr*)(_t452 + 0xda)) != _t441) {
													_t261 = 0;
													__eflags = 0;
												} else {
													_t261 =  *(_t452 + 0xd4);
												}
												__eflags = _t261;
												if(_t261 == 0) {
													L32:
													__eflags =  *(_t395 + 0xa) & 0x00000001;
													_t400 =  *_t395;
													if(( *(_t395 + 0xa) & 0x00000001) == 0) {
														_t399 = _t400 + 0xfffffff0;
														__eflags =  *(_t452 + 0x4c);
														if( *(_t452 + 0x4c) == 0) {
															_t453 =  *_t399 & 0x0000ffff;
														} else {
															_t381 =  *_t399;
															__eflags =  *(_t452 + 0x4c) & _t381;
															if(( *(_t452 + 0x4c) & _t381) != 0) {
																_t381 = _t381 ^  *(_t452 + 0x50);
																__eflags = _t381;
															}
															_t453 = _t381 & 0x0000ffff;
														}
														_t262 =  *(_t399 + 6);
														__eflags = _t262;
														if(_t262 == 0) {
															_t441 = _t452;
														} else {
															_t441 = (_t399 & 0xffff0000) - ((_t262 & 0x000000ff) << 0x10) + 0x10000;
														}
														__eflags = _t441;
														if(_t441 == 0) {
															L192:
															_v12 = 0xc0000141;
															goto L193;
														} else {
															__eflags =  *((char*)(_t399 + 7)) - 3;
															if( *((char*)(_t399 + 7)) != 3) {
																_t271 = _t453 & 0x0000ffff;
																L81:
																_t453 = _t399 + _t271 * 8;
																goto L82;
															}
															L58:
															__eflags =  *(_t399 + 0x1c) + 0x20 + _t399 -  *((intOrPtr*)(_t441 + 0x28));
															if( *(_t399 + 0x1c) + 0x20 + _t399 <  *((intOrPtr*)(_t441 + 0x28))) {
																 *_t395 =  *(_t399 + 0x18);
																 *(_t395 + 0x14) =  *(_t395 + 0x14) & 0x00000000;
																_t453 = 0;
																 *(_t395 + 4) =  *(_t399 + 0x1c);
																 *(_t395 + 8) = 0x10000000;
																goto L82;
															}
															_t443 =  *((intOrPtr*)(_t441 + 0x10));
															__eflags = _t443 - _t452 + 0xa4;
															if(_t443 == _t452 + 0xa4) {
																L61:
																_t399 = 2;
																L62:
																_t441 = 0;
																__eflags = 0;
																goto L63;
															}
															_t441 = _t443 + 0xfffffff0;
															_t399 = 2;
															goto L63;
														}
													}
													_t399 = _t400 + 0xfffffff8;
													__eflags =  *((char*)(_t399 + 7)) - 5;
													if( *((char*)(_t399 + 7)) == 5) {
														_t399 = _t399 - (( *(_t399 + 6) & 0x000000ff) << 3);
														__eflags = _t399;
													}
													__eflags =  *((intOrPtr*)(_t399 + 7)) - 4;
													if( *((intOrPtr*)(_t399 + 7)) != 4) {
														_t383 =  *(_t399 + 6);
														__eflags = _t383;
														if(_t383 == 0) {
															_t441 = _t452;
														} else {
															_t449 = (_t399 & 0xffff0000) - ((_t383 & 0x000000ff) << 0x10);
															_t383 =  *((intOrPtr*)(_t399 + 7));
															_t441 = _t449 + 0x10000;
														}
														__eflags = _t441;
														if(_t441 == 0) {
															goto L192;
														} else {
															__eflags = _t383 - 3;
															if(_t383 == 3) {
																goto L58;
															}
															__eflags =  *(_t452 + 0x4c);
															if( *(_t452 + 0x4c) == 0) {
																_t384 =  *_t399 & 0x0000ffff;
															} else {
																_t385 =  *_t399;
																__eflags =  *(_t452 + 0x4c) & _t385;
																if(( *(_t452 + 0x4c) & _t385) != 0) {
																	_t385 = _t385 ^  *(_t452 + 0x50);
																	__eflags = _t385;
																}
																_t384 = _t385 & 0x0000ffff;
															}
															_t271 = _t384 & 0x0000ffff;
															goto L81;
														}
													} else {
														_t453 =  *(_t399 - 0x18);
														_t378 = _t452 + 0x9c;
														L65:
														__eflags = _t453 - _t378;
														if(_t453 == _t378) {
															_v12 = 0x8000001a;
															goto L193;
														}
														_t453 = _t453 + 0x18;
														goto L82;
													}
												} else {
													_t441 = _t395;
													_t390 = E010E67E2(_t452, _t395, _t399);
													__eflags = _t390;
													if(_t390 == 0) {
														goto L32;
													}
													__eflags =  *(_t395 + 0xa) & 0x00002000;
													if(( *(_t395 + 0xa) & 0x00002000) == 0) {
														goto L193;
													}
													goto L32;
												}
											}
										}
										_t351 =  *(_t453 + 6) & 0x000000ff;
										L85:
										_t273 = _t453 + _t351 * 8;
										goto L89;
									}
									_t351 = _t272 & 0x3f;
									__eflags = _t351;
									goto L85;
								}
							}
							_t378 = _t452 + 0x9c;
							_t453 =  *_t378;
							goto L65;
						}
					}
					_t393 = E010E433B(__edx, __ecx, __ecx, _t453, __eflags);
					__eflags = _t393;
					if(_t393 != 0) {
						goto L5;
					} else {
						_v12 = 0xc000000d;
						goto L193;
					}
				} else {
					_t453 =  *0x1115724; // 0x0
					 *0x111b1e0(__ecx, __edx);
					_t265 =  *_t453();
					L201:
					return E0106B640(_t265, _t395, _v8 ^ _t455, _t441, _t452, _t453);
				}
			}

0x010ceb97
0x010ceb99
0x010ceb9f
0x010ceba1
0x010cebaa
0x010cebc3
0x010cebcd
0x010cebd5
0x010cebd7
0x010cebf0
0x010cebf0
0x010cebf4
0x010cebf6
0x010cebf9
0x010cebfb
0x010cec04
0x010cec08
0x010cec0e
0x00000000
0x00000000
0x010cec16
0x010cec16
0x010cec19
0x010cec3a
0x010cec3a
0x010cec3e
0x010cec4d
0x010cec50
0x010cec52
0x010cec58
0x010cec5a
0x010cec5d
0x010cec5f
0x010cec5f
0x010cec64
0x010cec68
0x010cec73
0x010cec73
0x010cec7e
0x010cec7f
0x010cec81
0x010cec8b
0x010cec91
0x00000000
0x00000000
0x010cec97
0x00000000
0x010cec97
0x010cec83
0x00000000
0x010cec6a
0x010cec6a
0x010cec6d
0x00000000
0x00000000
0x00000000
0x010cec6d
0x010cec68
0x010cec40
0x010cec43
0x00000000
0x00000000
0x010cec45
0x00000000
0x010cec1b
0x010cec1b
0x010cec22
0x010cec2c
0x010cec2c
0x010cec24
0x010cec24
0x010cec24
0x010cec2e
0x010cec30
0x00000000
0x010cec36
0x010cec36
0x00000000
0x010cec36
0x010cec30
0x010cebfd
0x010cebfd
0x010cedd2
0x010cedd2
0x010cedd4
0x010cedd6
0x010cedf0
0x010cedf6
0x010cee00
0x010cee00
0x010cedf8
0x010cedf8
0x010cedf8
0x010cee02
0x010cee04
0x010cef6c
0x010cef71
0x00000000
0x010cee0a
0x010cee0a
0x010cee0c
0x010cee0f
0x010cee20
0x010cee11
0x010cee11
0x010cee13
0x010cee16
0x010cee18
0x010cee18
0x010cee18
0x010cee1b
0x010cee1b
0x010cee29
0x010cee2c
0x010cee30
0x010cee3d
0x010cee43
0x010cee46
0x010cee49
0x010cee4c
0x010cee4e
0x010cee4e
0x010cee53
0x010cee53
0x010cee65
0x010cee6b
0x010cee90
0x010cee90
0x010cee92
0x010cf23e
0x010cf23e
0x010cf243
0x010cf245
0x010cf257
0x010cf247
0x010cf250
0x010cf250
0x010cf25c
0x010cf25f
0x010cf261
0x010cf267
0x010cf26e
0x010cf270
0x010cf277
0x010cf27b
0x010cf27b
0x010cf277
0x010cf26e
0x010cf280
0x00000000
0x010cf280
0x010cee98
0x010cee9b
0x010cee9d
0x010ceeaa
0x010ceeac
0x010ceeb4
0x010ceeb6
0x010ceeb9
0x010ceec0
0x010ceec1
0x010ceec5
0x010ceecb
0x010ceed5
0x010ceed5
0x010ceecd
0x010ceecd
0x010ceecd
0x010ceed7
0x010ceed9
0x010cef00
0x010cef09
0x010cef0c
0x010cef0e
0x010cf1f7
0x010cf1f9
0x010cf1fd
0x010cf20e
0x010cf1ff
0x010cf1ff
0x010cf201
0x010cf204
0x010cf206
0x010cf206
0x010cf206
0x010cf209
0x010cf209
0x010cf21b
0x010cf221
0x010cf226
0x010cf22a
0x010cf22e
0x00000000
0x010cf22e
0x010cef14
0x010cef17
0x010cef19
0x010cef26
0x010cef28
0x010cef30
0x010cef32
0x010cef35
0x010cef37
0x010cef3a
0x010cef3d
0x010cf0ea
0x010cf0ee
0x010cf0ff
0x010cf0f0
0x010cf0f0
0x010cf0f2
0x010cf0f5
0x010cf0f7
0x010cf0f7
0x010cf0f7
0x010cf0fa
0x010cf0fa
0x010cf10a
0x010cf10e
0x010cf113
0x010cf116
0x010cf11a
0x010cf11e
0x010cf133
0x010cf120
0x010cf120
0x010cf122
0x010cf125
0x010cf127
0x010cf127
0x010cf127
0x010cf12a
0x010cf12d
0x010cf12d
0x010cf136
0x010cf139
0x010cf13c
0x010cf13e
0x010cf140
0x010cf140
0x010cf143
0x010cf146
0x010cf146
0x010cf14a
0x010cf15f
0x010cf162
0x010cf14c
0x010cf14c
0x010cf14e
0x010cf151
0x010cf153
0x010cf153
0x010cf153
0x010cf156
0x010cf15a
0x010cf15a
0x010cf165
0x010cf167
0x010cf1a9
0x010cf1af
0x010cf1b2
0x010cf1b9
0x010cf1bf
0x010cf1bb
0x010cf1bb
0x010cf1bb
0x010cf1c3
0x010cf169
0x010cf169
0x010cf16d
0x010cf175
0x010cf17b
0x010cf17f
0x010cf186
0x010cf18d
0x010cf193
0x010cf18f
0x010cf18f
0x010cf18f
0x010cf197
0x010cf19b
0x010cf1a4
0x010cf1a4
0x010cf1c7
0x010cf1cb
0x010cf1e0
0x010cf1e3
0x010cf1cd
0x010cf1cd
0x010cf1cf
0x010cf1d2
0x010cf1d4
0x010cf1d4
0x010cf1d4
0x010cf1d7
0x010cf1db
0x010cf1db
0x010cf1ee
0x00000000
0x010cf1ee
0x010cef43
0x010cef46
0x010cf0d0
0x010cf0d5
0x010cf0da
0x010cf0de
0x010cf0e1
0x00000000
0x010cf0e1
0x010cef4c
0x010cef4f
0x010cef7b
0x010cef7e
0x010cef80
0x010cef96
0x010cef82
0x010cef82
0x010cef84
0x010cef87
0x010cef89
0x010cef8b
0x010cef8b
0x010cef8b
0x010cef8e
0x010cef91
0x010cef91
0x010cef99
0x010cef9c
0x010cef9f
0x010cefad
0x010cefb0
0x010cefc3
0x010cefc5
0x010cefcf
0x010cefd1
0x010ceffa
0x010ceffc
0x010cf00d
0x010ceffe
0x010ceffe
0x010cf000
0x010cf003
0x010cf005
0x010cf005
0x010cf005
0x010cf008
0x010cf008
0x010cefd3
0x010cefe0
0x010cefe2
0x010cefe5
0x010ceff0
0x010ceff0
0x010ceff2
0x010cefe7
0x010cefe7
0x010cefe7
0x010ceff4
0x010ceff4
0x010cf016
0x010cefc7
0x010cefca
0x010cefca
0x010cefb2
0x010cefb8
0x010cefb8
0x010cefa1
0x010cefa9
0x010cefa9
0x010cf025
0x010cf02b
0x010cf031
0x010cf035
0x010cf038
0x010cf03b
0x010cf049
0x010cf04c
0x010cf05f
0x010cf061
0x010cf06b
0x010cf06d
0x010cf096
0x010cf09a
0x010cf0ab
0x010cf09c
0x010cf09c
0x010cf09e
0x010cf0a1
0x010cf0a3
0x010cf0a3
0x010cf0a3
0x010cf0a6
0x010cf0a6
0x010cf06f
0x010cf07c
0x010cf07e
0x010cf081
0x010cf08c
0x010cf08c
0x010cf08e
0x010cf083
0x010cf083
0x010cf083
0x010cf090
0x010cf090
0x010cf0b4
0x010cf063
0x010cf066
0x010cf066
0x010cf04e
0x010cf054
0x010cf054
0x010cf03d
0x010cf045
0x010cf045
0x010cf0b8
0x010cf0be
0x010cf0bf
0x010cf0c2
0x010cf0c4
0x010cf0c6
0x010cf0c6
0x010cf0c9
0x00000000
0x010cf0c9
0x010cef54
0x00000000
0x010cef54
0x010cef2a
0x010cef21
0x010cef21
0x00000000
0x010cef21
0x010cef1e
0x010cef1e
0x00000000
0x010ceedb
0x010ceedc
0x010ceede
0x010ceee0
0x010ceee5
0x010ceee7
0x010ceeff
0x00000000
0x010ceeff
0x010ceeee
0x010ceef2
0x00000000
0x00000000
0x010ceca2
0x010ceca4
0x010ceca5
0x010ceca5
0x010cecab
0x010cecb5
0x010cecb5
0x010cecad
0x010cecad
0x010cecad
0x010cecb7
0x010cecb9
0x010cecd8
0x010cecd8
0x010cecdc
0x010cecde
0x010ced59
0x010ced5c
0x010ced60
0x010ced71
0x010ced62
0x010ced62
0x010ced64
0x010ced67
0x010ced69
0x010ced69
0x010ced69
0x010ced6c
0x010ced6c
0x010ced74
0x010ced77
0x010ced79
0x010ced93
0x010ced7b
0x010ced8b
0x010ced8b
0x010ced95
0x010ced97
0x010cf237
0x010cf237
0x00000000
0x010ced9d
0x010ced9d
0x010ceda1
0x010cee8a
0x010cee8d
0x010cee8d
0x00000000
0x010cee8d
0x010ceda7
0x010cedaf
0x010cedb2
0x010cee73
0x010cee78
0x010cee7c
0x010cee7e
0x010cee81
0x00000000
0x010cee81
0x010cedb8
0x010cedc1
0x010cedc3
0x010cedcd
0x010cedcf
0x010cedd0
0x010cedd0
0x010cedd0
0x00000000
0x010cedd0
0x010cedc7
0x010cedca
0x00000000
0x010cedca
0x010ced97
0x010cece0
0x010cece3
0x010cece7
0x010cecf0
0x010cecf0
0x010cecf0
0x010cecf5
0x010cecf8
0x010ced08
0x010ced0b
0x010ced0d
0x010ced2a
0x010ced0f
0x010ced1d
0x010ced1f
0x010ced22
0x010ced22
0x010ced2c
0x010ced2e
0x00000000
0x010ced34
0x010ced34
0x010ced37
0x00000000
0x00000000
0x010ced39
0x010ced3d
0x010ced4e
0x010ced3f
0x010ced3f
0x010ced41
0x010ced44
0x010ced46
0x010ced46
0x010ced46
0x010ced49
0x010ced49
0x010ced51
0x00000000
0x010ced51
0x010cecfa
0x010cecfa
0x010cecfd
0x010cede0
0x010cede0
0x010cede2
0x010cef5d
0x00000000
0x010cef5d
0x010cede8
0x00000000
0x010cede8
0x010cecbb
0x010cecbc
0x010cecc0
0x010cecc5
0x010cecc7
0x00000000
0x00000000
0x010cecce
0x010cecd2
0x00000000
0x00000000
0x00000000
0x010cecd2
0x010cecb9
0x010ceed9
0x010ceeae
0x010ceea5
0x010ceea5
0x00000000
0x010ceea5
0x010ceea2
0x010ceea2
0x00000000
0x010ceea2
0x010cee04
0x010cedd8
0x010cedde
0x00000000
0x010cedde
0x010cebfb
0x010cebdb
0x010cebe0
0x010cebe2
0x00000000
0x010cebe4
0x010cebe4
0x00000000
0x010cebe4
0x010cebac
0x010cebac
0x010cebb6
0x010cebbc
0x010cf283
0x010cf293
0x010cf293

Strings

@, xrefs: 010CF10A

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: e8bb19a9c73458183e53ff5be4b8d5b2110a39d08bdaa89a28fcf74197349e1c
Instruction ID: c35cf9b81a661da051f03114ac1630094f6ca0a77f3c94d96512645f5db4e28d
Opcode Fuzzy Hash: e8bb19a9c73458183e53ff5be4b8d5b2110a39d08bdaa89a28fcf74197349e1c
Instruction Fuzzy Hash: 5532D1702046528BE769CF2DC09037ABFE2BF45B40F18849EE9C68B286D735E456DF61

Uniqueness

Uniqueness Score: -1.00%

Function 0104B944 Relevance: 1.7, APIs: 1, Instructions: 166
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E0104B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x111d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E01047D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E010F8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E01069E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0106B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0106CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E01047D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E010F8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0106AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x1118628; // 0x0
								_v68 = _t77;
								_t78 =  *0x111862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x1118628; // 0x0
							_t116 =  *0x111862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}

0x0104b94c
0x0104b956
0x0104b95c
0x0104b95e
0x0104b964
0x0104b969
0x0104b96d
0x0104b96d
0x0104b970
0x0104b974
0x0104b97a
0x0104badf
0x0104badf
0x0104bae2
0x0104bae4
0x0104bae6
0x0104baf0
0x01092cb8
0x0104baf6
0x0104baf6
0x0104baf6
0x0104bafd
0x0104bb1f
0x0104bb1f
0x0104baff
0x0104bb00
0x0104bb00
0x0104bb03
0x0104bb03
0x0104bacb
0x0104bacf
0x0104bad0
0x0104bad1
0x0104badc
0x0104badc
0x0104b980
0x0104b980
0x0104b988
0x0104b98b
0x0104b98d
0x0104b990
0x0104b993
0x0104b999
0x0104b99b
0x0104b9a1
0x0104b9a5
0x0104b9aa
0x0104b9b0
0x0104b9bb
0x0104b9c0
0x0104b9c3
0x0104b9ca
0x0104b9cc
0x0104b9cf
0x0104b9d3
0x0104b9d7
0x0104ba94
0x0104ba94
0x0104ba98
0x0104baa3
0x01092ccb
0x0104baa9
0x0104baa9
0x0104baa9
0x0104bab1
0x01092cd5
0x01092cdd
0x01092cdd
0x0104babb
0x0104babc
0x0104bac2
0x0104bac3
0x0104bac3
0x0104bac6
0x00000000
0x0104b9dd
0x0104b9dd
0x0104b9e7
0x0104b9e7
0x0104b9ec
0x0104b9ec
0x0104b9f1
0x0104b9f5
0x0104b9fa
0x0104ba00
0x0104ba0c
0x0104ba10
0x0104ba10
0x0104ba12
0x0104ba18
0x00000000
0x00000000
0x0104bb26
0x0104bb26
0x0104ba1e
0x0104ba1e
0x0104ba23
0x0104ba25
0x0104ba2c
0x0104ba30
0x0104ba35
0x0104ba35
0x0104ba41
0x0104ba46
0x0104ba4c
0x0104ba50
0x0104ba54
0x0104ba6a
0x0104ba6e
0x0104ba70
0x0104ba74
0x0104ba78
0x0104ba7a
0x0104ba7c
0x0104ba8e
0x0104ba90
0x0104ba92
0x0104bb14
0x0104bb14
0x0104bb16
0x0104bb16
0x00000000
0x0104ba7c
0x0104bb0a
0x0104bb0d
0x00000000
0x00000000
0x00000000
0x0104bb0f

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0104B9A5

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 885266447-0
Opcode ID: 89745f0bf32bf020ebf93eb5608a2af8c6cab6eeb50534395894a6fa7e343a8e
Instruction ID: 3d7bc6a88aeda832596786323c596a9160f8d9aac91e257b81d2b708a1663265
Opcode Fuzzy Hash: 89745f0bf32bf020ebf93eb5608a2af8c6cab6eeb50534395894a6fa7e343a8e
Instruction Fuzzy Hash: C85143B1A08341CFC724DF6CC4C092ABBF9BB88600F1489AEEAD587355D770E844CB92

Uniqueness

Uniqueness Score: -1.00%

Function 01052581 Relevance: 1.6, Strings: 1, Instructions: 329
COMMONCrypto

Download Yara Rule

C-Code - Quality: 84%

			E01052581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t230;
				signed int _t234;
				void* _t237;
				signed int _t238;
				void* _t239;
				signed int _t247;
				signed int _t249;
				intOrPtr _t251;
				signed int _t254;
				signed int _t261;
				signed int _t264;
				signed int _t272;
				signed int _t278;
				signed int _t280;
				void* _t282;
				void* _t283;
				signed int _t284;
				unsigned int _t287;
				signed int _t291;
				signed int* _t292;
				signed int _t293;
				signed int _t297;
				intOrPtr _t309;
				signed int _t318;
				signed int _t320;
				signed int _t321;
				signed int _t325;
				signed int _t326;
				signed int _t329;
				signed int _t331;
				signed int _t333;
				void* _t334;
				void* _t337;

				_t331 = _t333;
				_t334 = _t333 - 0x4c;
				_v8 =  *0x111d360 ^ _t331;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t325 = 0x111b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t287 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t278 = 0x48;
				_t307 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t318 = 0;
				_v37 = _t307;
				if(_v48 <= 0) {
					L16:
					_t45 = _t278 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t326 = 0xc0000106;
						goto L32;
					} else {
						_t325 = E01044620(_t287,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t278);
						_v52 = _t325;
						__eflags = _t325;
						if(_t325 == 0) {
							_t326 = 0xc0000017;
							goto L32;
						} else {
							 *(_t325 + 0x44) =  *(_t325 + 0x44) & 0x00000000;
							_t50 = _t325 + 0x48; // 0x48
							_t320 = _t50;
							_t307 = _v32;
							 *(_t325 + 0x3c) = _t278;
							_t280 = 0;
							 *((short*)(_t325 + 0x30)) = _v48;
							__eflags = _t307;
							if(_t307 != 0) {
								 *(_t325 + 0x18) = _t320;
								__eflags = _t307 - 0x1118478;
								 *_t325 = ((0 | _t307 == 0x01118478) - 0x00000001 & 0xfffffffb) + 7;
								E0106F3E0(_t320,  *((intOrPtr*)(_t307 + 4)),  *_t307 & 0x0000ffff);
								_t307 = _v32;
								_t334 = _t334 + 0xc;
								_t280 = 1;
								__eflags = _a8;
								_t320 = _t320 + (( *_t307 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t272 = E010B39F2(_t320);
									_t307 = _v32;
									_t320 = _t272;
								}
							}
							_t291 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t326 = _v68;
								__eflags = 0;
								 *((short*)(_t320 - 2)) = 0;
								goto L32;
							} else {
								_t278 = _t325 + _t280 * 4;
								_v56 = _t278;
								do {
									__eflags = _t307;
									if(_t307 != 0) {
										_t230 =  *(_v60 + _t291 * 4);
										__eflags = _t230;
										if(_t230 == 0) {
											goto L30;
										} else {
											__eflags = _t230 == 5;
											if(_t230 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t278 =  *(_v60 + _t291 * 4);
										 *(_t278 + 0x18) = _t320;
										_t234 =  *(_v60 + _t291 * 4);
										__eflags = _t234 - 8;
										if(_t234 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t234 * 4 +  &M01052959))) {
												case 0:
													__ax =  *0x1118488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0106F3E0(__edi,  *0x111848c, __ax & 0x0000ffff);
														__eax =  *0x1118488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E0106F3E0(_t320, _v80, _v64);
													_t267 = _v64;
													goto L26;
												case 2:
													 *0x1118480 & 0x0000ffff = E0106F3E0(__edi,  *0x1118484,  *0x1118480 & 0x0000ffff);
													__eax =  *0x1118480 & 0x0000ffff;
													__eax = ( *0x1118480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0106F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0106F3E0(_t320, _v76, _v36);
														_t267 = _v36;
													}
													L26:
													_t334 = _t334 + 0xc;
													_t320 = _t320 + (_t267 >> 1) * 2 + 2;
													__eflags = _t320;
													L27:
													_push(0x3b);
													_pop(_t269);
													 *((short*)(_t320 - 2)) = _t269;
													goto L28;
												case 6:
													__ebx =  *0x111575c;
													__eflags = __ebx - 0x111575c;
													if(__ebx != 0x111575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0106F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x111575c;
														} while (__ebx != 0x111575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x1118478 & 0x0000ffff = E0106F3E0(__edi,  *0x111847c,  *0x1118478 & 0x0000ffff);
													__eax =  *0x1118478 & 0x0000ffff;
													__eax = ( *0x1118478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E010B39F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x1116e58 & 0x0000ffff = E0106F3E0(__edi,  *0x1116e5c,  *0x1116e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x1116e58 & 0x0000ffff;
													__eax = ( *0x1116e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t291 = _v16;
													_t307 = _v32;
													L29:
													_t278 = _t278 + 4;
													__eflags = _t278;
													_v56 = _t278;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t291 = _t291 + 1;
									_v16 = _t291;
									__eflags = _t291 - _v48;
								} while (_t291 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t234 =  *(_v60 + _t318 * 4);
						if(_t234 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t234 * 4 +  &M01052935))) {
							case 0:
								__ax =  *0x1118488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t307 =  &_v64;
								_v80 = E01052E3E(0,  &_v64);
								_t278 = _t278 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x1118480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1118480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E0103EEF0(0x11179a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E0103EB70(__ecx, 0x11179a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t208 = _v72;
											__eflags = _t208;
											if(_t208 != 0) {
												L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t208);
											}
											_t209 = _v52;
											__eflags = _t209;
											if(_t209 != 0) {
												__eflags = _t326;
												if(_t326 < 0) {
													L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t209);
													_t209 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t287 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x1117b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = E01044620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E0103EB70(__ecx, 0x11179a0);
										__eax = _v52;
										L36:
										_pop(_t319);
										_pop(_t327);
										__eflags = _v8 ^ _t331;
										_pop(_t279);
										return E0106B640(_t209, _t279, _v8 ^ _t331, _t307, _t319, _t327);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t274 = _v56;
								if(_v56 != 0) {
									_t307 =  &_v36;
									_t276 = E01052E3E(_t274,  &_v36);
									_t287 = _v36;
									_v76 = _t276;
								}
								if(_t287 == 0) {
									goto L44;
								} else {
									_t278 = _t278 + 2 + _t287;
								}
								goto L14;
							case 6:
								__eax =  *0x1115764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x1118478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1118478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x1116e58 & 0x0000ffff;
								__eax = ( *0x1116e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t318 = _t318 + 1;
								if(_t318 >= _v48) {
									goto L16;
								} else {
									_t307 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t292 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					asm("daa");
					_t237 = _t234 + 0x5286601 + _t334 + 0x5262e01;
					 *((intOrPtr*)(_t325 + 0x28)) =  *((intOrPtr*)(_t325 + 0x28)) + _t237;
					_t238 = _t237 + 0x5260501;
					 *_t320 =  *_t320 + _t278;
					_pop(_t282);
					 *_t292 =  *_t292 | _t238;
					_t239 = _t334;
					 *0x95b3501 =  *0x95b3501 - _t239;
					 *_t307 =  *_t307 + _t239;
					 *0x5288001 =  *0x5288001 - _t239;
					_t328 = _t325 + _t325;
					asm("daa");
					 *((intOrPtr*)(_t325 + _t325 + 0x28)) =  *((intOrPtr*)(_t325 + _t325 + 0x28)) + _t292;
					_pop(_t283);
					 *_t292 =  *_t292 | _t239 + 0xa4f7b02 + _t282;
					_t337 = _t292 + _t238;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x10fff00);
					E0107D08C(_t283, _t320, _t328);
					_v44 =  *[fs:0x18];
					_t321 = 0;
					 *_a24 = 0;
					_t284 = _a12;
					__eflags = _t284;
					if(_t284 == 0) {
						_t247 = 0xc0000100;
					} else {
						_v8 = 0;
						_t329 = 0xc0000100;
						_v52 = 0xc0000100;
						_t249 = 4;
						while(1) {
							_v40 = _t249;
							__eflags = _t249;
							if(_t249 == 0) {
								break;
							}
							_t297 = _t249 * 0xc;
							_v48 = _t297;
							__eflags = _t284 -  *((intOrPtr*)(_t297 + 0x1001664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t264 = E0106E5C0(_a8,  *((intOrPtr*)(_t297 + 0x1001668)), _t284);
									_t337 = _t337 + 0xc;
									__eflags = _t264;
									if(__eflags == 0) {
										_t329 = E010A51BE(_t284,  *((intOrPtr*)(_v48 + 0x100166c)), _a16, _t321, _t329, __eflags, _a20, _a24);
										_v52 = _t329;
										break;
									} else {
										_t249 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t249 = _t249 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t329;
						__eflags = _t329;
						if(_t329 < 0) {
							__eflags = _t329 - 0xc0000100;
							if(_t329 == 0xc0000100) {
								_t293 = _a4;
								__eflags = _t293;
								if(_t293 != 0) {
									_v36 = _t293;
									__eflags =  *_t293 - _t321;
									if( *_t293 == _t321) {
										_t329 = 0xc0000100;
										goto L76;
									} else {
										_t309 =  *((intOrPtr*)(_v44 + 0x30));
										_t251 =  *((intOrPtr*)(_t309 + 0x10));
										__eflags =  *((intOrPtr*)(_t251 + 0x48)) - _t293;
										if( *((intOrPtr*)(_t251 + 0x48)) == _t293) {
											__eflags =  *(_t309 + 0x1c);
											if( *(_t309 + 0x1c) == 0) {
												L106:
												_t329 = E01052AE4( &_v36, _a8, _t284, _a16, _a20, _a24);
												_v32 = _t329;
												__eflags = _t329 - 0xc0000100;
												if(_t329 != 0xc0000100) {
													goto L69;
												} else {
													_t321 = 1;
													_t293 = _v36;
													goto L75;
												}
											} else {
												_t254 = E01036600( *(_t309 + 0x1c));
												__eflags = _t254;
												if(_t254 != 0) {
													goto L106;
												} else {
													_t293 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t329 = E01052C50(_t293, _a8, _t284, _a16, _a20, _a24, _t321);
											L76:
											_v32 = _t329;
											goto L69;
										}
									}
									goto L108;
								} else {
									E0103EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t329 = _a24;
									_t261 = E01052AE4( &_v36, _a8, _t284, _a16, _a20, _t329);
									_v32 = _t261;
									__eflags = _t261 - 0xc0000100;
									if(_t261 == 0xc0000100) {
										_v32 = E01052C50(_v36, _a8, _t284, _a16, _a20, _t329, 1);
									}
									_v8 = _t321;
									E01052ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t247 = _t329;
					}
					L70:
					return E0107D0D1(_t247);
				}
				L108:
			}

0x01052584
0x01052586
0x01052590
0x01052596
0x01052597
0x01052598
0x01052599
0x0105259e
0x010525a4
0x010525a9
0x010525ac
0x010525ae
0x010525b1
0x010525b2
0x010525b5
0x010525b8
0x010525bb
0x010525bc
0x010525bf
0x010525c2
0x010525c5
0x010525c6
0x010525cb
0x010525ce
0x010525d8
0x010525dd
0x010525de
0x010525e1
0x010525e3
0x010525e9
0x010526da
0x010526da
0x010526dd
0x010526e2
0x01095b56
0x00000000
0x010526e8
0x010526f9
0x010526fb
0x010526fe
0x01052700
0x01095b60
0x00000000
0x01052706
0x01052706
0x0105270a
0x0105270a
0x0105270d
0x01052713
0x01052716
0x01052718
0x0105271c
0x0105271e
0x01095b6c
0x01095b6f
0x01095b7f
0x01095b89
0x01095b8e
0x01095b93
0x01095b96
0x01095b9c
0x01095ba0
0x01095ba3
0x01095bab
0x01095bb0
0x01095bb3
0x01095bb3
0x01095ba3
0x01052724
0x01052726
0x01052729
0x0105272c
0x0105279d
0x0105279d
0x010527a0
0x010527a2
0x00000000
0x0105272e
0x0105272e
0x01052731
0x01052734
0x01052734
0x01052736
0x01095bc1
0x01095bc1
0x01095bc4
0x00000000
0x01095bca
0x01095bca
0x01095bcd
0x00000000
0x01095bd3
0x00000000
0x01095bd3
0x01095bcd
0x0105273c
0x0105273c
0x01052742
0x01052747
0x0105274a
0x0105274d
0x01052750
0x00000000
0x01052756
0x01052756
0x00000000
0x01052902
0x01052908
0x0105290b
0x00000000
0x01052911
0x0105291c
0x01052921
0x00000000
0x01052921
0x00000000
0x00000000
0x01052880
0x01052887
0x0105288c
0x00000000
0x00000000
0x01052805
0x0105280a
0x01052814
0x01052816
0x00000000
0x00000000
0x0105281e
0x01052821
0x01052823
0x00000000
0x01052829
0x01052829
0x01052831
0x0105283c
0x0105283e
0x00000000
0x0105283e
0x00000000
0x00000000
0x0105284e
0x01052850
0x01052851
0x01052854
0x01052857
0x0105285a
0x0105285c
0x0105285d
0x00000000
0x00000000
0x0105275d
0x01052761
0x00000000
0x01052767
0x0105276e
0x01052773
0x01052773
0x01052776
0x01052778
0x0105277e
0x0105277e
0x01052781
0x01052781
0x01052783
0x01052784
0x00000000
0x00000000
0x01095bd8
0x01095bde
0x01095be4
0x01095be6
0x01095be8
0x01095be9
0x01095bee
0x01095bf8
0x01095bff
0x01095c01
0x01095c04
0x01095c07
0x01095c0b
0x01095c0d
0x01095c0d
0x01095c15
0x01095c18
0x01095c1b
0x01095c1b
0x01095c1e
0x00000000
0x00000000
0x010528c3
0x010528c8
0x010528d2
0x010528d4
0x010528d8
0x010528db
0x01095c26
0x01095c28
0x01095c2d
0x01095c2d
0x00000000
0x00000000
0x01095c34
0x01095c36
0x01095c49
0x01095c4e
0x01095c54
0x01095c5b
0x01095c5d
0x01095c60
0x01052788
0x01052788
0x0105278b
0x0105278e
0x0105278e
0x0105278e
0x01052791
0x00000000
0x00000000
0x01052756
0x01052750
0x00000000
0x01052794
0x01052794
0x01052795
0x01052798
0x01052798
0x00000000
0x01052734
0x0105272c
0x01052700
0x010525ef
0x010525ef
0x010525ef
0x010525f2
0x010525f8
0x00000000
0x00000000
0x010525fe
0x00000000
0x010528e6
0x010528ec
0x010528ef
0x010528f5
0x010528f8
0x010528f8
0x00000000
0x010528f8
0x00000000
0x00000000
0x01052866
0x01052866
0x01052876
0x01052879
0x00000000
0x00000000
0x010527e0
0x010527e7
0x010527e9
0x010527eb
0x01095afd
0x00000000
0x01095afd
0x00000000
0x00000000
0x01052633
0x01052638
0x0105263b
0x0105263c
0x0105263e
0x01052640
0x01052642
0x01052647
0x01052649
0x0105264e
0x01052650
0x01052653
0x01052659
0x010526a2
0x010526a7
0x010526ac
0x010526b2
0x01095b11
0x01095b15
0x01095b17
0x00000000
0x010526b8
0x010526b8
0x010526ba
0x010527a6
0x010527a6
0x010527a9
0x010527ab
0x010527b9
0x010527b9
0x010527be
0x010527c1
0x010527c3
0x010527c5
0x010527c7
0x01095c74
0x01095c79
0x01095c79
0x010527c7
0x00000000
0x010526c0
0x010526c0
0x010526c3
0x010526c6
0x010526c6
0x010526c9
0x010526c9
0x00000000
0x010526c9
0x010526ba
0x0105265b
0x0105265b
0x0105265e
0x01052667
0x0105266d
0x01052677
0x0105267c
0x0105267f
0x01052681
0x01095b49
0x01095b4e
0x010527cd
0x010527d0
0x010527d1
0x010527d2
0x010527d4
0x010527dd
0x01052687
0x01052687
0x0105268a
0x0105268b
0x0105268e
0x0105268f
0x01052691
0x01052696
0x01052698
0x0105269d
0x0105269f
0x00000000
0x0105269f
0x01052681
0x00000000
0x00000000
0x01052846
0x00000000
0x00000000
0x01052605
0x0105260a
0x0105260c
0x01052611
0x01052616
0x01052619
0x01052619
0x0105261e
0x00000000
0x01052624
0x01052627
0x01052627
0x00000000
0x00000000
0x01095b1f
0x00000000
0x00000000
0x01052894
0x0105289b
0x0105289d
0x010528a1
0x01095b2b
0x01095b2e
0x01095b2e
0x010528a7
0x010528a9
0x01095b04
0x01095b09
0x01095b09
0x01095b09
0x00000000
0x00000000
0x01095b35
0x01095b3c
0x010528fb
0x010528fb
0x010526cc
0x010526cc
0x010526d0
0x00000000
0x010526d2
0x010526d2
0x00000000
0x010526d2
0x00000000
0x00000000
0x010525fe
0x0105292d
0x0105292f
0x01052930
0x01052935
0x0105293e
0x0105293f
0x01052944
0x01052947
0x0105294c
0x0105294e
0x0105294f
0x01052951
0x01052952
0x01052958
0x0105295a
0x01052960
0x01052962
0x01052968
0x01052972
0x01052973
0x0105297c
0x0105297e
0x0105297f
0x01052980
0x01052981
0x01052982
0x01052983
0x01052984
0x01052985
0x01052986
0x01052987
0x01052988
0x01052989
0x0105298a
0x0105298b
0x0105298c
0x0105298d
0x0105298e
0x0105298f
0x01052990
0x01052992
0x01052997
0x010529a3
0x010529a6
0x010529ab
0x010529ad
0x010529b0
0x010529b2
0x01095c80
0x010529b8
0x010529b8
0x010529bb
0x010529c0
0x010529c5
0x010529c6
0x010529c6
0x010529c9
0x010529cb
0x00000000
0x00000000
0x010529cd
0x010529d0
0x010529d9
0x010529db
0x010529dd
0x01052a7f
0x01052a84
0x01052a87
0x01052a89
0x01095ca1
0x01095ca3
0x00000000
0x01052a8f
0x01052a8f
0x00000000
0x01052a8f
0x00000000
0x010529e3
0x010529e3
0x010529e3
0x00000000
0x010529e3
0x010529dd
0x00000000
0x010529db
0x010529e6
0x010529e9
0x010529eb
0x010529ed
0x010529f3
0x010529f5
0x010529f8
0x010529fa
0x01052a97
0x01052a9a
0x01052a9d
0x01052add
0x00000000
0x01052a9f
0x01052aa2
0x01052aa5
0x01052aa8
0x01052aab
0x01095cab
0x01095caf
0x01095cc5
0x01095cda
0x01095cdc
0x01095cdf
0x01095ce5
0x00000000
0x01095ceb
0x01095ced
0x01095cee
0x00000000
0x01095cee
0x01095cb1
0x01095cb4
0x01095cb9
0x01095cbb
0x00000000
0x01095cbd
0x01095cbd
0x00000000
0x01095cbd
0x01095cbb
0x01052ab1
0x01052ab1
0x01052ac4
0x01052ac6
0x01052ac6
0x00000000
0x01052ac6
0x01052aab
0x00000000
0x01052a00
0x01052a09
0x01052a0e
0x01052a21
0x01052a24
0x01052a35
0x01052a3a
0x01052a3d
0x01052a42
0x01052a59
0x01052a59
0x01052a5c
0x01052a5f
0x01052a5f
0x010529fa
0x010529f3
0x01052a64
0x01052a64
0x01052a6b
0x01052a6b
0x01052a6d
0x01052a72
0x01052a72
0x00000000

Strings

PATH, xrefs: 01052642, 01052691

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: PATH
API String ID: 0-1036084923
Opcode ID: ba3ad724d5d5d4802e0cf3634111327abb357beca0a5fe87e758b240f5e40035
Instruction ID: 480bdaa826f092402322af1dbb10f20bf4450ce5264cfdb409dc55f7b000037d
Opcode Fuzzy Hash: ba3ad724d5d5d4802e0cf3634111327abb357beca0a5fe87e758b240f5e40035
Instruction Fuzzy Hash: F0C19FB1E00219DBDB65DF99D890BEEBBF5FF58700F088069E981BB250D734A941CB60

Uniqueness

Uniqueness Score: -1.00%

Function 0105FAB0 Relevance: 1.6, Strings: 1, Instructions: 306
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E0105FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E0103EEF0(0x1117b60);
					_t134 =  *0x1117b84; // 0x77de7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x1117b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x1117b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E01036D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E010376E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E010C8938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0102B150();
													}
													_t116 = E010C6D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E010375CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x1118638; // 0x0
																	_t122 = L010338A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E010376E2(_t154);
																			goto L41;
																		}
																	} else {
																		E010376E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0105FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L010370F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0105FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0105FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0105FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0105FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0105FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x1117b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x1117b84 = _t75;
						_t73 = E0103EB70(_t134, 0x1117b60);
						if( *0x1117b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E0103FF60( *0x1117b20);
							}
						}
						goto L5;
					}
				}
			}

0x0105fab0
0x0105fab2
0x0105fab3
0x0105fab4
0x0105fabc
0x0105fac0
0x0105fb14
0x0105fb17
0x0105fac2
0x0105fac8
0x0105facd
0x0105fad3
0x0105fad3
0x0105fadd
0x0105fb18
0x0105fb1b
0x0105fb1d
0x0105fb1e
0x0105fb1f
0x0105fb20
0x0105fb21
0x0105fb22
0x0105fb23
0x0105fb24
0x0105fb25
0x0105fb26
0x0105fb27
0x0105fb28
0x0105fb29
0x0105fb2a
0x0105fb2b
0x0105fb2c
0x0105fb2d
0x0105fb2e
0x0105fb2f
0x0105fb3a
0x0105fb3b
0x0105fb3e
0x0105fb41
0x0105fb44
0x0105fb47
0x0105fb4a
0x0105fb4d
0x0105fb53
0x0109bdcb
0x0109bdcb
0x0105fb59
0x0105fb5b
0x0105fb5b
0x0105fb5e
0x0109bdd5
0x0109bdd8
0x00000000
0x0109bdda
0x00000000
0x0109bdda
0x0105fb64
0x0105fb64
0x0105fb64
0x0105fb67
0x0105fb6e
0x0105fb70
0x0105fb72
0x00000000
0x0105fb78
0x0105fb7a
0x0105fb7a
0x0105fb7d
0x0105fb80
0x0109bddf
0x0109bde1
0x00000000
0x0109bde3
0x00000000
0x0109bde3
0x0105fb86
0x0105fb86
0x0105fb86
0x0105fb8b
0x0105fb90
0x0105fb92
0x0105fb94
0x0105fb9a
0x0105fb9b
0x0105fba1
0x0109bde8
0x0109bdeb
0x0109bded
0x0109beb5
0x0109beb5
0x0109bebb
0x0109bebd
0x0109bec3
0x0109bed2
0x0109bedd
0x0109bedd
0x0109beed
0x00000000
0x0109bdf3
0x0109bdfe
0x0109be06
0x0109be0b
0x0109be0d
0x0109be0f
0x0109be14
0x0109be19
0x0109be20
0x0109be25
0x0109be27
0x0109be35
0x0109be39
0x0109be46
0x0109be4f
0x0109be54
0x0109be56
0x0109bef8
0x0109bef8
0x00000000
0x0109be5c
0x0109be5c
0x0109be60
0x00000000
0x0109be66
0x0109be66
0x0109be7f
0x0109be84
0x0109be87
0x0109be89
0x0109be8b
0x0109be99
0x0109be9d
0x0109bea0
0x0109beac
0x0109beaf
0x0109beb1
0x0109beb3
0x0109beb3
0x00000000
0x0109bea2
0x0109bea2
0x00000000
0x0109bea2
0x0109be8d
0x0109be8d
0x0109be92
0x00000000
0x0109be92
0x0109be8b
0x0109be60
0x0109be3b
0x0109be3b
0x0109be3e
0x00000000
0x0109be40
0x0109be40
0x0109be44
0x00000000
0x00000000
0x00000000
0x00000000
0x0109be44
0x0109be3e
0x0109be29
0x0109be29
0x00000000
0x0109be29
0x0109be27
0x00000000
0x0105fba7
0x0105fba7
0x0105fbab
0x0109bf02
0x0105fbb1
0x0105fbb1
0x0105fbb8
0x0105fbbd
0x0105fbbd
0x0105fbbf
0x0105fbbf
0x0105fbc5
0x0105fbcb
0x0105fbf8
0x0105fbf8
0x0105fbfa
0x00000000
0x0105fc00
0x0105fc00
0x0105fc03
0x00000000
0x0105fc09
0x0105fc09
0x0105fc0f
0x0105fc15
0x0105fc23
0x0105fc23
0x0105fc25
0x0105fc27
0x0105fc75
0x0105fc7c
0x0105fc84
0x00000000
0x0105fc29
0x0105fc29
0x0105fc2d
0x0105fc30
0x0109bf0f
0x00000000
0x0105fc36
0x0105fc38
0x0105fc3b
0x0105fc41
0x0109bf17
0x0109bf19
0x0109bf48
0x0109bf4b
0x00000000
0x0109bf1b
0x0109bf22
0x0109bf24
0x0109bf26
0x00000000
0x0109bf2c
0x0109bf37
0x0109bf39
0x0109bf3b
0x00000000
0x0109bf41
0x0109bf41
0x0109bf41
0x0109bf41
0x0109bf45
0x00000000
0x0109bf45
0x0109bf3b
0x0109bf26
0x00000000
0x0105fc47
0x0105fc47
0x0105fc49
0x0105fcb2
0x0105fcb4
0x0105fcb6
0x0105fcdc
0x0105fcdc
0x00000000
0x0105fcb8
0x0105fcc3
0x0105fcc5
0x0105fcc7
0x00000000
0x0105fcc9
0x0105fcc9
0x0105fccd
0x00000000
0x0105fccd
0x0105fcc7
0x00000000
0x0105fc4b
0x0105fc4b
0x0105fc4e
0x0105fc4e
0x0105fc51
0x0105fc51
0x0105fc54
0x0105fc5a
0x0105fc5c
0x0105fc5f
0x0105fc61
0x0105fc63
0x0105fc65
0x0105fc67
0x0105fc6e
0x0105fc72
0x0105fc72
0x0105fc72
0x0105fc72
0x0105fc67
0x0105fc61
0x00000000
0x0105fc5a
0x0105fc49
0x0105fc41
0x0105fc30
0x0105fc27
0x0105fc03
0x0105fbcd
0x0105fbd3
0x0105fbd9
0x0105fbdc
0x0105fbde
0x0105fc99
0x0105fc9b
0x0105fc9d
0x0105fcd5
0x0105fcd5
0x0105fc89
0x0105fc89
0x00000000
0x0105fc9f
0x0105fc9f
0x0105fca3
0x00000000
0x0105fca3
0x00000000
0x0105fbe4
0x0105fbe4
0x0105fbe4
0x0105fbe4
0x0105fbe9
0x0105fbf2
0x00000000
0x0105fbf2
0x0105fbde
0x0105fbcb
0x0105fbab
0x0105fc8b
0x0105fc8b
0x0105fc8c
0x0105fb80
0x0105fb72
0x0105fb5e
0x0105fc8d
0x0105fc91
0x0105fadf
0x0105fadf
0x0105fae1
0x0105fae4
0x0105fae7
0x0105faec
0x0105faf8
0x0105fb00
0x0105fb07
0x0105fb0f
0x0105fb0f
0x0105fb07
0x00000000
0x0105faf8
0x0105fadd

Strings

*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0109BE0F

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
API String ID: 0-865735534
Opcode ID: 169aed532caf0be026ae099dc3d98496fdabf2729a738b728d458ec69ec7790e
Instruction ID: b24a459373da84cf36ac57520fa1786dafe52f94d97cfe6e3f76d5275ab899aa
Opcode Fuzzy Hash: 169aed532caf0be026ae099dc3d98496fdabf2729a738b728d458ec69ec7790e
Instruction Fuzzy Hash: 09A1F771A00607CBEBA5DB68C560BAFBBE5AF44720F0445B9DDC6DB681DB38D841CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01022D8A Relevance: 1.4, Strings: 1, Instructions: 191
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E01022D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x1115350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x1117bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E010697C0();
				}
				if( *0x11179c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x11179c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E01051624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E01047D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E010BFE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E01069520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0105E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0107DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x1116901;
								_push(_t109);
								_v52 = _t98;
								if( *0x1116901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E01069980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E010695D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E01047D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E01047D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E010A7016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E010BFDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x1115350;
							if(_t109 != 0x1115350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E010BFFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E010B5720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}

0x01022d8a
0x01022d8a
0x01022d92
0x01022d96
0x01022d9e
0x01022da0
0x01022da3
0x01022da5
0x01022da8
0x01022dab
0x01022db2
0x0107f9aa
0x0107f9ab
0x0107f9ae
0x0107f9ae
0x01022db8
0x01022dc2
0x0107f9b9
0x0107f9be
0x0107f9bf
0x0107f9bf
0x01022dcf
0x0107f9c9
0x01022dd5
0x01022dd5
0x01022dd5
0x01022dde
0x01022de1
0x01022e70
0x01022e72
0x01022e72
0x01022de7
0x01022deb
0x01022e7c
0x01022e83
0x01022e85
0x01022e8b
0x01022e8d
0x01022e92
0x01022e92
0x01022e85
0x01022df1
0x01022df7
0x01022df9
0x01022df9
0x01022dfc
0x01022dff
0x01022e02
0x00000000
0x01022e05
0x01022e0c
0x0107f9d9
0x01022e12
0x01022e12
0x01022e12
0x01022e1a
0x0107f9e3
0x0107f9e9
0x0107f9f0
0x0107f9f6
0x0107f9f8
0x0107f9f8
0x0107f9f0
0x01022e23
0x0107fa02
0x0107fa03
0x0107fa05
0x0107fa06
0x00000000
0x01022e29
0x01022e29
0x01022e2e
0x01022e34
0x01022e3e
0x00000000
0x00000000
0x01022e44
0x01022e47
0x01022e4d
0x00000000
0x00000000
0x01022e4f
0x01022e54
0x00000000
0x00000000
0x01022e5a
0x01022e5f
0x01022e9a
0x01022ea4
0x01022ea5
0x01022ea8
0x01022eaf
0x01022eb2
0x01022eb5
0x0107fae9
0x0107faeb
0x0107faed
0x0107faef
0x0107faf7
0x0107faf8
0x0107fafd
0x0107faff
0x0107fb04
0x0107fb04
0x0107faff
0x01022ec0
0x01022ec4
0x01022ec6
0x01022ec8
0x0107fb14
0x0107fb18
0x0107fb1e
0x0107fb21
0x0107fb21
0x01022ece
0x01022ece
0x01022ece
0x01022ed7
0x01022e61
0x01022e63
0x0107fa6b
0x0107fa71
0x0107fa76
0x0107fa78
0x0107fa8a
0x0107fa7a
0x0107fa83
0x0107fa83
0x0107fa8f
0x0107fa91
0x0107fa97
0x0107fa9d
0x0107faa4
0x0107faaa
0x0107faaf
0x0107fab1
0x0107fac3
0x0107fab3
0x0107fabc
0x0107fabc
0x0107fac8
0x0107facb
0x0107fadf
0x0107fadf
0x0107facb
0x0107faa4
0x0107fa91
0x01022e6f
0x01022e6f
0x01022e5f
0x0107fa13
0x0107fa15
0x0107fa17
0x0107fa1f
0x0107fa21
0x0107fa22
0x0107fa25
0x0107fa28
0x0107fa2f
0x0107fa2f
0x0107fa2a
0x0107fa2a
0x0107fa2a
0x0107fa31
0x0107fa34
0x0107fa36
0x0107fa3c
0x0107fa3e
0x0107fa41
0x0107fa43
0x0107fa45
0x0107fa45
0x0107fa41
0x0107fa3c
0x0107fa4a
0x0107fa4f
0x0107fa51
0x0107fa53
0x0107fa56
0x0107fa5b
0x0107fa5e
0x00000000
0x0107fa5e
0x01022e23

Strings

RTL: Re-Waiting, xrefs: 0107FA4A

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: RTL: Re-Waiting
API String ID: 0-316354757
Opcode ID: 00388d611f3fe1bac58c637091b813678656423aeb057c80fd3b32a9b59c3b66
Instruction ID: e1fe808d1fee28f53b7b0ee85d9856a83c40ca2915f15ee59ff3bc3d48818097
Opcode Fuzzy Hash: 00388d611f3fe1bac58c637091b813678656423aeb057c80fd3b32a9b59c3b66
Instruction Fuzzy Hash: 48614771E00216AFDB32EFACC880BBEBBE5EB40314F1406A5D9E1972C1C7349940C795

Uniqueness

Uniqueness Score: -1.00%

Function 0105F0BF Relevance: 1.4, Strings: 1, Instructions: 137
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E0105F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E01044120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E01069830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E01069990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E010695D0();
							goto L11;
						} else {
							_t109 = E01044620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E0106F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E010695D0();
										L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

0x0105f0d3
0x0105f0d9
0x0105f0e0
0x0105f0e7
0x0105f0f2
0x0105f0f4
0x0105f0f8
0x0105f100
0x0105f108
0x0105f10d
0x0105f115
0x0105f116
0x0105f11f
0x0105f123
0x0105f124
0x0105f12c
0x0105f130
0x0105f134
0x0105f13d
0x0105f144
0x0105f14b
0x0105f152
0x0109bab0
0x0109bab0
0x0105f158
0x0105f158
0x0105f15a
0x0105f160
0x0105f165
0x0105f166
0x0105f16f
0x0105f173
0x0109baa7
0x0109baa7
0x0109baab
0x00000000
0x0105f179
0x0105f18d
0x0105f191
0x0109baa2
0x00000000
0x0105f197
0x0105f19b
0x0105f1a2
0x0105f1a9
0x0105f1af
0x0105f1b2
0x0105f1b6
0x0105f1b9
0x0105f1c4
0x0105f1d8
0x0105f1df
0x0105f1e3
0x0105f1eb
0x0105f1ee
0x0105f1f4
0x0105f20f
0x0109bab7
0x0109babb
0x0109bacc
0x0109bad1
0x0105f215
0x0105f218
0x0105f226
0x0105f22b
0x00000000
0x0105f22b
0x0105f1f6
0x0105f1f6
0x0105f1f9
0x0105f1fb
0x0105f1fb
0x0105f1f4
0x0105f191
0x0105f173
0x0105f152
0x0105f203

Strings

@, xrefs: 0105F124

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
Instruction ID: 05b1a41a9566a5865aaf8f0e8ff75537d7013bd526bd129959e262f0a2aa7ecb
Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
Instruction Fuzzy Hash: DF516B71504711AFC321DF69C840A6BBBF8FF48750F00892EFA9597690E7B4E914CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 010A3540 Relevance: 1.4, Strings: 1, Instructions: 130
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E010A3540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x111d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E01060BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E010A3706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0106FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E010A3540;
						E0106FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0107DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E010B0C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E010697C0();
					}
					return E0106B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E010A3971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E010A3884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0106FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E01069650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E010A3787(_a4,  &_v352, _t80);
						}
					}
					L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E010695D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}

0x010a3552
0x010a355a
0x010a355d
0x010a3566
0x010a3567
0x010a357e
0x010a358f
0x010a35a1
0x010a35a5
0x010a366b
0x010a366b
0x010a366d
0x010a3672
0x010a3679
0x010a3685
0x010a368d
0x010a369d
0x010a36a7
0x010a36b8
0x010a36c6
0x010a36c7
0x010a36dc
0x010a36e1
0x010a36e7
0x010a36e9
0x010a36e9
0x010a3703
0x010a3703
0x010a35b5
0x010a35c0
0x010a35c4
0x00000000
0x00000000
0x010a35ca
0x010a35d7
0x010a35e2
0x010a35e6
0x010a35e8
0x010a35f5
0x010a35fa
0x010a3603
0x010a3604
0x010a3609
0x010a360a
0x010a3612
0x010a3613
0x010a361e
0x010a3622
0x010a3628
0x010a362f
0x010a362f
0x010a3636
0x010a3638
0x010a363b
0x010a3642
0x010a3642
0x010a3636
0x010a3657
0x010a3657
0x010a365c
0x010a3662
0x010a3669
0x00000000
0x00000000
0x00000000
0x00000000

Strings

BinaryHash, xrefs: 010A358F

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: BinaryHash
API String ID: 0-2202222882
Opcode ID: edc8acfdebea2ef3b2e00e234533e6a505308c23b2dbb2bf3d8583dc20fa2702
Instruction ID: c48a113e3bc76463543bc9b9beb71244f62e161c45a40954cecb494625e6a383
Opcode Fuzzy Hash: edc8acfdebea2ef3b2e00e234533e6a505308c23b2dbb2bf3d8583dc20fa2702
Instruction Fuzzy Hash: 944134F1D0052D9BDB21DA90CC85FEEB77CAB54714F4085E5EA49AB240DB319E88CF94

Uniqueness

Uniqueness Score: -1.00%

Function 010F05AC Relevance: 1.4, Strings: 1, Instructions: 115
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E010F05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E010F07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E01069730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E010EA80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E010EA854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E010F1293(_t79, _v40, E010F07DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E01047D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E010E138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

0x010f05c5
0x010f05ca
0x010f05d3
0x010f06db
0x010f06db
0x010f06dd
0x010f06e3
0x010f06e3
0x010f05dd
0x010f05e7
0x010f05f6
0x010f0600
0x010f0607
0x010f0610
0x010f0615
0x010f061a
0x010f061c
0x010f061e
0x010f0624
0x010f0625
0x010f0627
0x010f0628
0x010f0631
0x010f0640
0x010f064d
0x010f0654
0x010f0654
0x010f0631
0x010f066d
0x010f0674
0x00000000
0x00000000
0x010f0692
0x010f069e
0x010f06b0
0x010f06a0
0x010f06a9
0x010f06a9
0x010f06b8
0x010f06d6
0x010f06d6
0x00000000

Strings

`, xrefs: 010F0633

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: `
API String ID: 0-2679148245
Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
Instruction ID: 00225f94fd5560be0ceafb77759a3712bdb464fefe541499a4238d610f74e8e0
Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
Instruction Fuzzy Hash: 89311332700346ABE710DE29CD86F9B7BDAABC8754F144228FB84DBA85D770E904C791

Uniqueness

Uniqueness Score: -1.00%

Function 01054020 Relevance: 1.4, Strings: 1, Instructions: 110
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E01054020(intOrPtr* _a4) {
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr* _t43;
				char _t70;
				intOrPtr _t77;
				intOrPtr* _t79;

				_t79 = _a4;
				_t70 = 0;
				_t77 =  *[fs:0x30];
				_v32 = 0;
				_v28 = 0;
				_v12 = 0;
				 *((intOrPtr*)(_t79 + 4)) =  *((intOrPtr*)(_t77 + 0xa4));
				 *((intOrPtr*)(_t79 + 8)) =  *((intOrPtr*)(_t77 + 0xa8));
				 *(_t79 + 0xc) =  *(_t77 + 0xac) & 0x0000ffff;
				 *((intOrPtr*)(_t79 + 0x10)) =  *((intOrPtr*)(_t77 + 0xb0));
				_t43 =  *((intOrPtr*)(_t77 + 0x1f4));
				if(_t43 == 0 ||  *_t43 == 0) {
					 *((short*)(_t79 + 0x14)) = 0;
				} else {
					if(E01034921(_t79 + 0x14, 0x100, _t43) < 0) {
						 *((short*)(_t79 + 0x14)) = 0;
					}
					_t70 = 0;
				}
				if( *_t79 != 0x11c) {
					if( *_t79 != 0x124) {
						goto L10;
					}
					goto L4;
				} else {
					L4:
					 *((short*)(_t79 + 0x114)) =  *(_t77 + 0xaf) & 0x000000ff;
					 *(_t79 + 0x116) =  *(_t77 + 0xae) & 0x000000ff;
					 *(_t79 + 0x118) = E01054190();
					if( *_t79 == 0x124) {
						 *(_t79 + 0x11c) = E01054190() & 0x0001ffff;
					}
					 *((char*)(_t79 + 0x11a)) = _t70;
					if(E01054710( &_v16) != 0) {
						 *((char*)(_t79 + 0x11a)) = _v16;
					}
					E0106BB40(0xff,  &_v32, L"TerminalServices-RemoteConnectionManager-AllowAppServerMode");
					_push( &_v24);
					_push(4);
					_push( &_v12);
					_push( &_v20);
					_push( &_v32);
					if(E0106A9B0() < 0) {
						L10:
						return 0;
					} else {
						if(_v12 == 1) {
							if(_v20 != 4 || _v24 != 4) {
								goto L9;
							} else {
								goto L10;
							}
						}
						L9:
						 *(_t79 + 0x118) =  *(_t79 + 0x118) & 0x0000ffef | 0x00000100;
						if( *_t79 == 0x124) {
							 *(_t79 + 0x11c) =  *(_t79 + 0x11c) & 0xfffdffef | 0x00000100;
						}
						goto L10;
					}
				}
			}

0x0105402a
0x0105402d
0x01054030
0x0105403c
0x0105403f
0x01054042
0x0105404b
0x01054054
0x0105405e
0x01054067
0x0105406a
0x01054072
0x0105407f
0x010963db
0x010963e8
0x010963ec
0x010963ec
0x010963f0
0x010963f0
0x01054089
0x0105414e
0x00000000
0x00000000
0x00000000
0x0105408f
0x0105408f
0x0105409b
0x010540ac
0x010540bd
0x010540c6
0x0105415f
0x0105415f
0x010540cf
0x010540dd
0x010540e2
0x010540e2
0x010540f1
0x010540f9
0x010540fa
0x010540ff
0x01054103
0x01054107
0x0105410f
0x0105413f
0x01054145
0x01054111
0x01054115
0x010963fb
0x00000000
0x0109640b
0x00000000
0x0109640b
0x010963fb
0x0105411b
0x01054132
0x0105413b
0x01054177
0x01054177
0x00000000
0x0105413b
0x0105410f

Strings

TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 010540E8

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
API String ID: 0-996340685
Opcode ID: 6b43d498a64b30a845a397b0409419de7efd47403c7ab98eadc61bd54e6677d3
Instruction ID: 97ebca75d483a62524d5a562466546d0aee4c40b71f66a4fc0d3938c96434a0a
Opcode Fuzzy Hash: 6b43d498a64b30a845a397b0409419de7efd47403c7ab98eadc61bd54e6677d3
Instruction Fuzzy Hash: A0418375A0074A9ADB65DFB8C4406EBF7F8EF55300F10492EDAEAC7240E330A585CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 010A3884 Relevance: 1.3, Strings: 1, Instructions: 95
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E010A3884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E01069650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = E01044620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E01069650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}

0x010a3893
0x010a3896
0x010a3899
0x010a389f
0x010a38a0
0x010a38a4
0x010a38a9
0x010a38ac
0x010a38ad
0x010a38ae
0x010a38af
0x010a38b1
0x010a38b4
0x010a38bb
0x010a38bc
0x010a38bd
0x010a38c4
0x010a38c8
0x010a38ca
0x010a38ca
0x010a38d5
0x010a393e
0x010a3940
0x010a3942
0x010a3952
0x010a3954
0x010a3961
0x010a3961
0x010a3967
0x010a396e
0x010a396e
0x010a3947
0x010a394c
0x00000000
0x010a394c
0x010a38ea
0x010a38ee
0x010a38f8
0x010a38f9
0x010a38ff
0x010a3900
0x010a3902
0x010a3903
0x010a390b
0x010a390f
0x010a3950
0x00000000
0x010a3950
0x010a3915
0x010a391d
0x010a391d
0x010a3922
0x010a3926
0x00000000
0x010a3928
0x010a392b
0x010a392b
0x010a3935
0x010a3937
0x010a3937
0x00000000
0x010a3935
0x010a3926
0x010a38f0
0x00000000

Strings

BinaryName, xrefs: 010A38B4

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: BinaryName
API String ID: 0-215506332
Opcode ID: d4141023577f32344350cac11370fc2a1519081c1b5d34f465f74ff2d5e52030
Instruction ID: b601a4f49e743724322f06da5dc902a1eae2ccec78d180ddc11cb1e023bc4e7a
Opcode Fuzzy Hash: d4141023577f32344350cac11370fc2a1519081c1b5d34f465f74ff2d5e52030
Instruction Fuzzy Hash: 0B31F772D0061ABFEB16DA98C945EBFFBB4FF44720F414169E994AB250D7319E04C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 0105D294 Relevance: 1.3, Strings: 1, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 33%

			E0105D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x111d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E01044120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0106B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E010698D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E010695D0();
					L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

0x0105d29c
0x0105d2a6
0x0105d2b1
0x0105d2b5
0x0105d2b6
0x0105d2bc
0x0105d2bd
0x0105d2be
0x0105d2bf
0x0105d2c2
0x0105d2c4
0x0105d2cc
0x0105d384
0x0105d34b
0x0105d34f
0x0105d350
0x0105d351
0x0105d35c
0x0105d35c
0x0105d2d6
0x0105d2da
0x0105d2e1
0x0105d361
0x0105d369
0x0105d36d
0x0105d2e3
0x0105d2e3
0x0105d2e3
0x0105d2e5
0x0105d2ed
0x0105d2f5
0x0105d2fa
0x0105d302
0x0105d303
0x0105d30b
0x0105d30f
0x0105d313
0x0105d318
0x0105d31c
0x0105d320
0x0105d379
0x0105d37d
0x00000000
0x00000000
0x0109affe
0x0109b001
0x0109b011
0x00000000
0x0105d322
0x0105d322
0x0105d330
0x0105d337
0x0105d35d
0x0105d339
0x0105d33f
0x0105d38c
0x0105d38c
0x0105d33f
0x0105d349
0x00000000
0x0105d349

Strings

@, xrefs: 0105D303

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: f80ae09f2d65cd3f62d42d650811ea3dcf99087392a47a67e5405f001eb515c0
Instruction ID: c3c756a2d396f2467bdd28c9c79d34cabd920e5a5af2a946ab3e08dc3e49637f
Opcode Fuzzy Hash: f80ae09f2d65cd3f62d42d650811ea3dcf99087392a47a67e5405f001eb515c0
Instruction Fuzzy Hash: 9831AFB15093059FC791DF68C9809AFBBE8FB99654F00492EF9D483251D635DD04CB92

Uniqueness

Uniqueness Score: -1.00%

Function 01031B8F Relevance: 1.3, Strings: 1, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E01031B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0106BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0106A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0106A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = E01044620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}

0x01031b8f
0x01031b9a
0x01031b9c
0x01031b9e
0x01031ba3
0x01087010
0x01087010
0x00000000
0x01031ba9
0x01031ba9
0x01031bae
0x00000000
0x01031bc5
0x01031bca
0x01031bcf
0x01031bd0
0x01031bd1
0x01031bd2
0x01031bd6
0x01031bdc
0x01031be0
0x01086ffc
0x01087000
0x00000000
0x01087006
0x01087009
0x01087009
0x01031be6
0x01031bec
0x01031c0b
0x01031c0b
0x01031c0c
0x01031c11
0x01031c12
0x01031c15
0x01031c1b
0x01031c1f
0x01031c31
0x01031c33
0x01087026
0x01087026
0x01031c21
0x01031c24
0x01031c24
0x01031bee
0x01031bee
0x01031bf2
0x01031c3a
0x01031bf4
0x01031bf4
0x01031c05
0x01031c05
0x01031c09
0x01031c3e
0x00000000
0x00000000
0x00000000
0x01031c09
0x01031bec
0x01031be0
0x01031bae
0x01031c2e

Strings

WindowsExcludedProcs, xrefs: 01031BC5

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: WindowsExcludedProcs
API String ID: 0-3583428290
Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
Instruction ID: 1ba38fbf95bd287cb1fdefcd757f92dac25741d295de6e65b68f4319cd65736a
Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
Instruction Fuzzy Hash: 2921F87A60011DEBDB22AA59C840F9F7BADAF88650F154865FAD49B204D634DC019BB0

Uniqueness

Uniqueness Score: -1.00%

Function 010D8DF1 Relevance: 1.3, Strings: 1, Instructions: 45
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E010D8DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x1100d50);
				E0107D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E010B5720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L0107DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L0107DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0107D130(_t34, _t39, _t40);
			}

0x010d8df1
0x010d8df1
0x010d8df1
0x010d8df1
0x010d8df1
0x010d8df1
0x010d8df3
0x010d8df8
0x010d8dfd
0x010d8e00
0x010d8e0e
0x010d8e2a
0x010d8e36
0x010d8e38
0x010d8e3c
0x010d8e46
0x010d8e46
0x010d8e36
0x010d8e50
0x010d8e56
0x010d8e59
0x010d8e5c
0x010d8e60
0x010d8e67
0x010d8e6d
0x010d8e73
0x010d8e74
0x010d8eb1
0x010d8ebd

Strings

Critical error detected %lx, xrefs: 010D8E21

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Critical error detected %lx
API String ID: 0-802127002
Opcode ID: fbbc143c38013c19fd8b86c91c26ff8c80a89e66b38f042c169750598582d658
Instruction ID: d3faf7b211a65a13344c5f99133aeee896f651409275935d092b948c6ec9160e
Opcode Fuzzy Hash: fbbc143c38013c19fd8b86c91c26ff8c80a89e66b38f042c169750598582d658
Instruction Fuzzy Hash: AA115771D54348EADF2ADFA889057DCBBB0BF14314F20825EE5A9AB282C3744602CF18

Uniqueness

Uniqueness Score: -1.00%

Function 010F5BA5 Relevance: .6, Instructions: 592
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E010F5BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x1101178);
				E0107D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E010F4C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0106D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E010F5542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x11160e8;
								if( *0x11160e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x11160e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E01069710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E01066DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0106F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0106F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0106F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0106FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0106FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0106F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0106F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E010F4CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0107D130(_t427, _t494, _t511);
				}
			}

0x010f5ba5
0x010f5baa
0x010f5baf
0x010f5bb4
0x010f5bb6
0x010f5bbc
0x010f5bbe
0x010f5bc4
0x010f5bcd
0x010f5bd3
0x010f5bd6
0x010f5bdc
0x010f5be0
0x010f5be3
0x010f5beb
0x010f5bf2
0x010f5bf8
0x010f5bfe
0x010f5c04
0x010f5c0e
0x010f5c18
0x010f5c1f
0x010f5c25
0x010f5c2a
0x010f5c2c
0x010f5c32
0x010f5c3a
0x010f5c3f
0x010f5c42
0x010f5c48
0x010f5c5b
0x010f5c5b
0x010f5c2c
0x010f5cb7
0x010f5cb9
0x010f5cbf
0x010f5cc2
0x010f5cca
0x010f5ccb
0x010f5ccb
0x010f5cd1
0x010f5cd7
0x010f5cda
0x010f5ce1
0x010f5ce4
0x010f5ce7
0x010f5ced
0x010f5cf3
0x010f5cf9
0x010f5cff
0x010f5d08
0x010f5d0a
0x010f5d0e
0x010f5d10
0x00000000
0x00000000
0x010f5d16
0x010f5d1a
0x00000000
0x00000000
0x010f5d20
0x010f5d22
0x010f5d25
0x010f5d2f
0x010f5d2f
0x010f5d33
0x010f5d3d
0x010f5d49
0x010f5d4b
0x00000000
0x00000000
0x010f5d5a
0x010f5d5d
0x010f5d60
0x00000000
0x00000000
0x010f5d66
0x010f5d69
0x00000000
0x00000000
0x010f5d6f
0x010f5d6f
0x010f5d73
0x010f5d79
0x010f5d7f
0x010f5d86
0x010f5d95
0x010f5d98
0x010f5dba
0x010f5dcb
0x010f5dce
0x010f5dd3
0x010f5dd6
0x010f5dd8
0x010f5de6
0x010f5dec
0x010f5dee
0x010f5df1
0x010f5df3
0x010f635a
0x010f635a
0x00000000
0x010f635a
0x010f5dfe
0x010f5e02
0x010f5e05
0x010f5e07
0x010f5e10
0x010f5e13
0x010f5e1b
0x010f5e1c
0x010f5e21
0x010f5e22
0x010f5e23
0x010f5e25
0x010f5e2a
0x010f5e2c
0x010f5e2e
0x010f5e36
0x010f5e39
0x010f5e42
0x010f5e47
0x010f5e4d
0x010f5e54
0x010f5e54
0x010f5e54
0x010f5e2e
0x010f5e5c
0x010f5e5f
0x010f5e62
0x010f5e64
0x010f5e6b
0x010f5e70
0x010f5e7a
0x010f5e7a
0x010f5e7a
0x010f5e6b
0x010f5e7e
0x010f5e7f
0x010f5e7f
0x010f5e81
0x010f5e87
0x010f5e8b
0x010f5e8c
0x010f5e8c
0x010f5e8c
0x010f5e9a
0x010f5e9c
0x010f5ea2
0x010f5ea6
0x010f5f50
0x010f5f50
0x010f5f57
0x010f5f66
0x010f5f66
0x010f5f66
0x010f5f68
0x010f5f6a
0x010f63d0
0x00000000
0x010f5f70
0x010f5f70
0x010f5f91
0x010f5f9c
0x010f5f9e
0x010f5fa4
0x010f5fa6
0x010f638c
0x010f6392
0x010f63a1
0x010f63a7
0x010f63af
0x010f63af
0x010f63bd
0x010f63d8
0x00000000
0x010f63d8
0x010f5fac
0x010f5fb2
0x010f5fb4
0x010f5fbd
0x010f5fc6
0x010f5fce
0x010f5fd4
0x010f5fdc
0x010f5fec
0x010f5fed
0x010f5fee
0x010f5fef
0x010f5ff9
0x010f5ffa
0x010f5ffb
0x010f5ffc
0x010f6000
0x010f6004
0x010f6012
0x010f6012
0x010f6018
0x010f6019
0x010f601a
0x010f601b
0x010f601c
0x010f6020
0x010f6059
0x010f605c
0x010f6061
0x010f6061
0x010f6022
0x010f6022
0x010f6022
0x010f6025
0x010f602a
0x010f602b
0x010f6031
0x010f6037
0x010f6038
0x010f603e
0x010f6048
0x010f6049
0x010f604a
0x010f604b
0x010f604c
0x010f604d
0x010f6053
0x010f6054
0x010f6054
0x010f6062
0x010f6065
0x010f6067
0x010f606a
0x010f6070
0x010f6075
0x010f6076
0x010f6081
0x010f6087
0x010f6095
0x010f6099
0x010f609e
0x010f60a4
0x010f60ae
0x010f60b0
0x010f60b3
0x010f60b6
0x010f60b8
0x010f60ba
0x010f60ba
0x010f60ba
0x010f60ba
0x010f60be
0x010f60c0
0x010f60c5
0x010f60c5
0x010f60c5
0x010f60c6
0x010f60cd
0x010f6114
0x010f60cf
0x010f60cf
0x010f60d4
0x010f60d5
0x010f60da
0x010f60db
0x010f60e1
0x010f60e2
0x010f60e8
0x010f60f8
0x010f60fd
0x010f60fe
0x010f6102
0x010f6104
0x010f6107
0x010f6109
0x010f610b
0x010f610b
0x010f610b
0x010f610b
0x010f610f
0x010f610f
0x010f6117
0x010f611a
0x010f611f
0x010f6125
0x010f6134
0x010f6139
0x010f613f
0x010f6146
0x010f6148
0x010f614b
0x010f614d
0x010f614f
0x010f614f
0x010f614f
0x010f614f
0x010f6153
0x010f6159
0x010f6159
0x010f615c
0x010f6163
0x010f6169
0x010f616c
0x010f6172
0x010f6181
0x010f6186
0x010f6187
0x010f618b
0x010f6191
0x010f6195
0x010f61a3
0x010f61bb
0x010f61c0
0x010f61c3
0x010f61cc
0x010f61d0
0x010f61dc
0x010f61de
0x010f61e1
0x010f61e4
0x010f61e6
0x010f61e8
0x010f61e8
0x010f61e8
0x010f61e8
0x010f61e6
0x010f61ec
0x010f61f3
0x010f6203
0x010f6209
0x010f620a
0x010f6216
0x010f621d
0x010f6227
0x010f6241
0x010f6246
0x010f624c
0x010f6257
0x010f6259
0x010f625c
0x010f625e
0x010f6260
0x010f6260
0x010f6260
0x010f6260
0x010f625e
0x010f6264
0x010f6267
0x010f6269
0x010f6315
0x010f6315
0x010f631b
0x010f631e
0x010f6324
0x010f6327
0x010f632f
0x010f6330
0x010f6333
0x010f633a
0x010f633c
0x010f6335
0x010f6335
0x010f6335
0x010f633f
0x010f6342
0x010f634c
0x010f6352
0x010f6355
0x010f6355
0x010f6359
0x00000000
0x010f626f
0x010f6275
0x010f6275
0x010f6278
0x010f627e
0x010f627e
0x010f6281
0x010f6287
0x010f628d
0x010f6298
0x010f629c
0x010f62a2
0x010f629e
0x010f629e
0x010f629e
0x010f62a7
0x010f62a7
0x010f62aa
0x010f62b0
0x010f62f0
0x010f62f0
0x010f62f2
0x010f62f8
0x010f62fd
0x010f62b2
0x010f62b2
0x010f62b2
0x010f62b5
0x010f62dd
0x010f62e2
0x010f62e5
0x010f62b7
0x010f62b8
0x010f62bb
0x010f62bd
0x010f62c0
0x010f62c4
0x010f62cd
0x010f62cd
0x010f62c0
0x010f62bb
0x010f62b5
0x010f6302
0x010f6303
0x010f6305
0x010f6305
0x010f6305
0x010f630c
0x010f630c
0x00000000
0x010f627e
0x010f6269
0x010f5eac
0x010f5ebb
0x010f5ebe
0x010f5ecb
0x010f5ecb
0x010f5ece
0x010f5ece
0x010f5ed4
0x010f5ed7
0x010f5ed9
0x010f5edb
0x010f5edb
0x010f5ee1
0x010f5ee1
0x010f5ee3
0x010f5f20
0x010f5f20
0x010f5ee5
0x010f5ee5
0x010f5ee5
0x010f5ee8
0x010f5f11
0x010f5f18
0x010f5eea
0x010f5eea
0x010f5eed
0x010f5ef2
0x010f5ef8
0x010f5efb
0x010f5f0a
0x010f5f0a
0x010f5eed
0x010f5ee8
0x010f5f22
0x010f5f28
0x00000000
0x00000000
0x010f5f30
0x010f5f31
0x010f5f37
0x010f5f3a
0x010f5f3d
0x010f5f44
0x00000000
0x00000000
0x00000000
0x010f5f46
0x010f5f48
0x010f5f4d
0x00000000
0x010f5f4d
0x010f5dda
0x010f5ddf
0x00000000
0x010f5ddf
0x010f5dd8
0x010f5da7
0x010f5da9
0x010f5dac
0x010f5dae
0x00000000
0x010f5db4
0x010f5db4
0x00000000
0x010f5db4
0x010f5dae
0x010f5d88
0x010f5d8d
0x010f6363
0x010f6369
0x010f636a
0x010f6370
0x010f6372
0x010f637a
0x010f637b
0x010f637d
0x00000000
0x00000000
0x010f637f
0x010f6385
0x00000000
0x010f6385
0x010f5d38
0x010f5d3b
0x00000000
0x00000000
0x00000000
0x010f5d3b
0x010f5d27
0x010f5d29
0x00000000
0x00000000
0x00000000
0x010f6360
0x00000000
0x010f6360
0x010f5c10
0x010f5c10
0x010f63da
0x010f63e5
0x010f63e5

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e2e804c63a78314af6b0539dba9aaa317bad6cefca469cf378d0bbbdd6b9a20
Instruction ID: 46483dc8bc6b311f8f4088eb23cde6a166adb5379ad382218ee442f7f3f26759
Opcode Fuzzy Hash: 9e2e804c63a78314af6b0539dba9aaa317bad6cefca469cf378d0bbbdd6b9a20
Instruction Fuzzy Hash: 0F4259759002298FDB64CF68C881BA9BBF1FF49304F1481EEDA8DAB642D7359985CF50

Uniqueness

Uniqueness Score: -1.00%

Function 010E5A4F Relevance: .6, Instructions: 581
COMMONCrypto

Download Yara Rule

C-Code - Quality: 90%

			E010E5A4F(intOrPtr* __ecx, signed int __edx) {
				intOrPtr* _v8;
				signed int** _v12;
				unsigned int* _v16;
				signed int _v20;
				signed int _v24;
				signed int* _v28;
				signed int _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				signed int** _t198;
				signed int* _t199;
				signed int _t201;
				signed int _t203;
				intOrPtr _t204;
				signed int _t213;
				char* _t215;
				signed int _t216;
				void* _t219;
				signed int _t228;
				signed int _t236;
				void* _t237;
				signed int _t245;
				signed int _t249;
				signed int _t251;
				signed int _t253;
				signed int _t268;
				void* _t271;
				intOrPtr _t280;
				intOrPtr* _t281;
				char* _t302;
				signed int _t307;
				intOrPtr* _t308;
				signed int _t309;
				intOrPtr* _t310;
				signed int _t316;
				signed int _t322;
				signed int _t323;
				signed int _t324;
				signed int _t325;
				signed int _t330;
				intOrPtr _t335;
				signed int _t340;
				unsigned int _t348;
				signed int _t364;
				signed int _t380;
				signed char _t409;
				signed int* _t410;
				void* _t411;
				signed char _t412;
				signed int _t414;
				signed int _t425;
				signed char _t428;
				signed int* _t429;
				signed int _t434;
				signed char _t436;
				signed int* _t438;
				signed int* _t447;
				intOrPtr* _t451;
				signed int* _t452;
				signed int _t455;
				signed int _t456;
				intOrPtr _t457;
				intOrPtr* _t458;
				signed char* _t459;
				unsigned int* _t460;
				signed int _t461;
				signed int _t463;
				signed int _t464;
				signed char* _t465;
				void* _t466;
				void* _t468;
				signed int* _t469;
				void* _t491;

				_t451 = __ecx;
				_v44 = __edx;
				_v8 = __ecx;
				_t198 = __ecx + 4;
				_v12 = _t198;
				while(1) {
					L4:
					_t409 = 1;
					while(1) {
						L5:
						_t199 =  *_t198;
						_v28 = _t199;
						if(_t199 == 0) {
							goto L35;
						} else {
							_v24 = _v24 & 0x00000000;
							_t460 =  &(_t199[4]);
							_t335 =  *_t451;
							_v16 = _t460;
							_t11 = _t335 + 0xc; // 0x8b147989
							_t309 =  *_t11;
							if(( *_t460 >> 0x00000010 & 0x00008000) != 0) {
								_t14 = _t451 + 0x5c; // 0x0
								_t464 =  *_t14 & 0x0000ffff;
								_v24 = _t409;
								if((_t409 &  *(_t309 + 0x1bf + _t464 * 4)) == 0 && E0105F3FD(_t309,  *(_t309 + 0x1be + _t464 * 4) & 0x000000ff) >= 0) {
									 *(_t309 + 0x1bf + _t464 * 4) =  *(_t309 + 0x1bf + _t464 * 4) & 0x000000ff | 1;
									if(E01047D50() == 0) {
										_t302 = 0x7ffe0380;
									} else {
										_t302 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									if( *_t302 != 0 && ( *( *[fs:0x30] + 0x240) & 1) != 0) {
										E010E1229( *((intOrPtr*)(_t309 + 0xc)),  *(_t309 + 0x1be + _t464 * 4) & 0x000000ff);
									}
								}
								_t460 = _v16;
							}
							asm("sbb eax, eax");
							_t414 = 0;
							_v32 = 0;
							goto L18;
						}
						L19:
						if(_t461 == 0) {
							L30:
							_t411 = 0;
							L31:
							if(_v24 != 0) {
								_t280 =  *0x1116244; // 0x0
								_t64 = _t280 + 1; // 0x1
								_t491 = _t64 -  *0x1116240; // 0x4
								if(_t491 < 0) {
									asm("lock cmpxchg [esi], ecx");
								}
							}
							if(_t411 != 0) {
								L134:
								return _t411;
							} else {
								goto L35;
							}
						}
						asm("lock cmpxchg [edi], ecx");
						_t451 = _v8;
						if(_t461 == _t461) {
							L23:
							if(_t461 == 0xffffffff) {
								goto L30;
							}
							_t281 = _v28;
							_t340 =  *((intOrPtr*)(_t281 + 4));
							_v20 = _t340;
							if(_t340 == 0 ||  *_t281 != _t451 || _t461 == 0) {
								 *_v16 = _t461;
							} else {
								_t49 = _t451 + 0x5c; // 0x0
								_t50 = ( *_t49 & 0x0000ffff) + 0x100b800; // 0x20202020
								_t455 = E010EA600(_v20 + 0x14,  *((E0102774A(_t340) & 0x0000ffff) + 0x1116120) & 0x000000ff,  *_t50 & 0x000000ff);
								_t463 = _v20;
								 *_v16 = (_t461 & 0x0000ffff) - 0x00000001 | _t455 << 0x00000010;
								_t55 = _t463 + 0x10; // 0x8b0c244c
								_t348 =  *_t55 ^  *0x111874c ^ _t463 ^ _t309;
								_t451 = _v8;
								_t411 = (_t348 & 0x0000ffff) + (_t348 >> 0x10) * _t455 + _t463;
								if(( *(_t411 + 7) & 0x0000003f) == 0) {
									goto L31;
								}
								_push(_t348);
								_push(0);
								E010EA80D( *((intOrPtr*)( *((intOrPtr*)( *_t451 + 0xc)) + 0xc)), 0xf, _t411, 0);
							}
							goto L30;
						}
						L21:
						_t414 = _t414 + 1;
						if(_t414 <= _v32) {
							_t460 = _v16;
							L18:
							_t461 =  *_t460;
							if((_t461 >> 0x00000010 & 0x00008000) != 0) {
								goto L21;
							}
							goto L19;
						}
						_t461 = _t461 | 0xffffffff;
						goto L23;
						L35:
						_v32 =  *_t451;
						_t68 = _t451 + 8; // 0x1116628
						_t201 = _t68;
						_v20 = _t201;
						while(1) {
							_t452 = 0;
							while(1) {
								L37:
								_t307 = 0;
								_v28 = 0x10;
								_v24 = _v24 & 0;
								_t330 = _t201;
								_v16 = _t330;
								do {
									L38:
									_t410 =  *_t330;
									_t457 = _v8;
									_v36 = _t410;
									if(_t410 != 0) {
										_t203 =  *(_t410 + 0x10) & 0x0000ffff;
										_v40 = _t203;
										if(_t203 > _v24) {
											_t271 = E01065A69(_t457, _t410);
											_t330 = _v16;
											if(_t271 == 0) {
												_t307 = _t330;
												_t452 = _v36;
												_v24 = _v40;
											}
										}
									}
									_t330 = _t330 + 4;
									_t83 =  &_v28;
									 *_t83 = _v28 - 1;
									_v16 = _t330;
								} while ( *_t83 != 0);
								_v28 = _t452;
								if(_t307 == 0) {
									_t452 = 0;
									L59:
									if(_t452 == 0) {
										_t204 = _v8;
										_t458 = 0;
										_t115 = _t204 + 0x5c; // 0x0
										_t208 =  *((intOrPtr*)( *((intOrPtr*)(_v32 + 0xc)) + 0x3c0 + ( *_t115 & 0x0000ffff) * 4)) + 0x48;
										_v20 = 0;
										_v28 = 0;
										_v24 =  *((intOrPtr*)( *((intOrPtr*)(_v32 + 0xc)) + 0x3c0 + ( *_t115 & 0x0000ffff) * 4)) + 0x48;
										while(1) {
											_t308 = E01051710(_t208);
											_v32 = _t308;
											if(_t308 == 0) {
												break;
											}
											_t125 = _t308 - 0x20; // -32
											_t452 = _t125;
											_t126 =  &(_t452[7]); // -4
											_t438 = _t126;
											if((1 &  *_t438) == 0) {
												_t322 = 0xfffffffd;
												_t245 =  *_t438;
												do {
													asm("lock cmpxchg [edx], ecx");
												} while ((_t245 & _t322) != 0);
												_t323 = _v32;
												if(_t245 != 2) {
													L91:
													_t208 = _v24;
													_t452 = 0;
													continue;
												}
												L90:
												 *_t452 =  *_t452 & 0x00000000;
												E01040010( *( *_t452), _t323);
												goto L91;
											}
											if(E01064D51(_t452, _v8) == 0) {
												_t249 = _v20;
												if(_t249 == 0) {
													_v28 = _t308;
												}
												 *_t308 = _t458;
												_t458 = _t308;
												_v20 = _t249 + 1;
												goto L91;
											}
											_t130 =  &(_t452[7]); // -4
											_t324 = 0xfffffffd;
											_t251 =  *_t130;
											do {
												asm("lock cmpxchg [edx], ecx");
											} while ((_t251 & _t324) != 0);
											_t323 = _v32;
											if(_t251 == 2) {
												goto L90;
											}
											if(E01048D76(_v8, _t452) == 0) {
												goto L91;
											}
											break;
										}
										_t334 = _v20;
										if(_v20 != 0) {
											E010B51C0(_v24, _t458, _v28, _t334);
										}
										L74:
										if(_t452 == 0) {
											_t411 = 0;
											goto L134;
										}
										_t137 =  &(_t452[7]); // 0x1c
										_t459 = _t137;
										_t452[6] = _v44;
										while(1) {
											_t412 =  *_t459;
											_t198 = _v12;
											if(_t412 == 0 || (_t412 & 0x00000006) != 0) {
												break;
											}
											asm("lock cmpxchg [esi], ecx");
											if(_t412 != _t412) {
												continue;
											}
											_t213 =  *_t452;
											_t310 = _v8;
											_v40 = _t213;
											if(_t213 == _t310) {
												if(E01047D50() == 0) {
													_t215 = 0x7ffe0380;
												} else {
													_t215 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
												}
												_t409 = 1;
												if( *_t215 != 0 && ( *( *[fs:0x30] + 0x240) & 1) != 0) {
													E010E17D2( *((intOrPtr*)( *((intOrPtr*)( *_t310 + 0xc)) + 0xc)), _t452[1]);
													_t409 = 1;
												}
												_t174 = _t310 + 4; // 0x1116624
												_t198 = _t174;
												_t175 = _t452;
												_t452 =  *_t198;
												 *_t198 = _t175;
												if(_t452 == 0) {
													L1:
													_t451 = _t310;
													goto L5;
												} else {
													_t176 =  &(_t452[7]); // 0x1c
													_t465 = _t176;
													_t425 = 0xfffffff9;
													_t216 =  *_t465;
													do {
														asm("lock cmpxchg [esi], ecx");
													} while ((_t216 & _t425) != 0);
													if(_t216 == 6) {
														L83:
														_t144 =  &(_t452[8]); // 0x20
														 *_t452 =  *_t452 & 0x00000000;
														E01040010( *( *_t452), _t144);
														_t451 = _t310;
														L132:
														_t198 = _v12;
														goto L4;
														do {
															while(1) {
																L4:
																_t409 = 1;
																L5:
																_t199 =  *_t198;
																_v28 = _t199;
																if(_t199 == 0) {
																	goto L35;
																} else {
																	_v24 = _v24 & 0x00000000;
																	_t460 =  &(_t199[4]);
																	_t335 =  *_t451;
																	_v16 = _t460;
																	_t11 = _t335 + 0xc; // 0x8b147989
																	_t309 =  *_t11;
																	if(( *_t460 >> 0x00000010 & 0x00008000) != 0) {
																		_t14 = _t451 + 0x5c; // 0x0
																		_t464 =  *_t14 & 0x0000ffff;
																		_v24 = _t409;
																		if((_t409 &  *(_t309 + 0x1bf + _t464 * 4)) == 0 && E0105F3FD(_t309,  *(_t309 + 0x1be + _t464 * 4) & 0x000000ff) >= 0) {
																			 *(_t309 + 0x1bf + _t464 * 4) =  *(_t309 + 0x1bf + _t464 * 4) & 0x000000ff | 1;
																			if(E01047D50() == 0) {
																				_t302 = 0x7ffe0380;
																			} else {
																				_t302 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
																			}
																			if( *_t302 != 0 && ( *( *[fs:0x30] + 0x240) & 1) != 0) {
																				E010E1229( *((intOrPtr*)(_t309 + 0xc)),  *(_t309 + 0x1be + _t464 * 4) & 0x000000ff);
																			}
																		}
																		_t460 = _v16;
																	}
																	asm("sbb eax, eax");
																	_t414 = 0;
																	_v32 = 0;
																	goto L18;
																}
															}
															L107:
															_t451 = _v8;
															_t166 = _t451 + 4; // 0x1116624
															_t198 = _t166;
														} while (_t228 != 2);
														 *_t429 =  *_t429 & 0x00000000;
														E01040010( *( *_t429),  &(_t429[8]));
														goto L132;
													}
													_t219 = E01048D76(_t310, _t452);
													_t177 = _t310 + 4; // 0x1116624
													_t198 = _t177;
													_t409 = 1;
													if(_t219 == 0) {
														goto L1;
													} else {
														goto L120;
													}
													while(1) {
														L120:
														_t428 =  *_t465;
														_t198 = _v12;
														if(_t428 == 0 || (_t428 & 0x00000002) != 0) {
															break;
														}
														asm("lock cmpxchg [esi], ecx");
														if(_t428 != _t428) {
															continue;
														}
														_t364 =  *_t452;
														_t466 = 0;
														_v32 = _t364;
														do {
															_t429 =  *(_t364 + ((( *(_t364 + 0x5e) & 0x0000ffff) + _t466 & 0x0000000f) + 2) * 4);
															if(_t429 != 0) {
																if((_t429[7] & 0x00000001) != 0) {
																	goto L130;
																}
																asm("lock cmpxchg [ebx], ecx");
																if(_t429 == _t429) {
																	L105:
																	_t164 =  &(_t429[7]); // 0x1d
																	_t316 = 0xfffffffd;
																	_t228 =  *_t164;
																	do {
																		asm("lock cmpxchg [esi], ecx");
																	} while ((_t228 & _t316) != 0);
																	goto L107;
																}
																L129:
																_t364 = _v32;
																goto L130;
															}
															asm("lock cmpxchg [ebx], ecx");
															_t198 = _v12;
															if(0 == 0) {
																goto L3;
															}
															goto L129;
															L130:
															_t466 = _t466 + 1;
														} while (_t466 < 0x10);
														L131:
														_t190 =  &(_t452[8]); // 0x20
														E01040010( *((intOrPtr*)( *((intOrPtr*)( *( *_t452) + 0xc)) + 0x3c0 + ( *( *_t452 + 0x5c) & 0x0000ffff) * 4)) + 0x48, _t190);
														_t451 = _v8;
														goto L132;
													}
													L2:
													_t451 = _t310;
													while(1) {
														L4:
														_t409 = 1;
														goto L5;
													}
												}
											}
											_t434 = 0xfffffff9;
											_t236 =  *_t459;
											do {
												asm("lock cmpxchg [esi], ecx");
											} while ((_t236 & _t434) != 0);
											if(_t236 != 6) {
												_t237 = E01048D76(_v40, _t452);
												_t198 = _v12;
												if(_t237 == 0) {
													goto L2;
												} else {
													goto L93;
												}
												while(1) {
													L93:
													_t436 =  *_t459;
													_t198 = _v12;
													if(_t436 == 0 || (_t436 & 0x00000002) != 0) {
														goto L2;
													}
													asm("lock cmpxchg [esi], ecx");
													if(_t436 != _t436) {
														continue;
													}
													_t380 =  *_t452;
													_t468 = 0;
													_v32 = _t380;
													do {
														_t429 =  *(_t380 + ((( *(_t380 + 0x5e) & 0x0000ffff) + _t468 & 0x0000000f) + 2) * 4);
														if(_t429 != 0) {
															if((_t429[7] & 0x00000001) != 0) {
																goto L103;
															}
															asm("lock cmpxchg [ebx], ecx");
															if(_t429 == _t429) {
																goto L105;
															}
															L102:
															_t380 = _v32;
															goto L103;
														}
														asm("lock cmpxchg [ebx], ecx");
														_t198 = _v12;
														if(0 == 0) {
															goto L3;
														}
														goto L102;
														L103:
														_t468 = _t468 + 1;
													} while (_t468 < 0x10);
													goto L131;
												}
												goto L2;
											}
											goto L83;
										}
										L3:
										_t451 = _v8;
										goto L4;
									}
									_t111 =  &(_t452[7]); // 0x1c
									_t325 = 0xfffffffd;
									_t253 =  *_t111;
									do {
										asm("lock cmpxchg [edx], ecx");
									} while ((_t253 & _t325) != 0);
									if(_t253 != 2) {
										goto L74;
									}
									_t112 =  &(_t452[8]); // 0x20
									 *_t452 =  *_t452 & 0x00000000;
									E01040010( *( *_t452), _t112);
									_t201 = _v20;
									_t452 = 0;
									L37:
									_t307 = 0;
									_v28 = 0x10;
									_v24 = _v24 & 0;
									_t330 = _t201;
									_v16 = _t330;
									goto L38;
								}
								_t88 = _t457 + 0x5c; // 0x0
								_t259 =  *((intOrPtr*)( *((intOrPtr*)(_v32 + 0xc)) + 0x3c0 + ( *_t88 & 0x0000ffff) * 4)) + 0x48;
								_v16 =  *((intOrPtr*)( *((intOrPtr*)(_v32 + 0xc)) + 0x3c0 + ( *_t88 & 0x0000ffff) * 4)) + 0x48;
								while(1) {
									_t469 = E01051710(_t259);
									_v24 = _t469;
									if(_t469 == 0) {
										break;
									}
									_t469 = _t469 - 0x20;
									_t95 =  &(_t469[7]); // -4
									_t447 = _t95;
									if((1 &  *_t447) != 0) {
										if(E01064D51(_t469, _v8) == 0) {
											E01040010(_v16, _v24);
											_t469 = 0;
										}
										break;
									}
									_t456 = 0xfffffffd;
									_t268 =  *_t447;
									do {
										asm("lock cmpxchg [edx], ecx");
									} while ((_t268 & _t456) != 0);
									_t452 = _v28;
									_t259 = _v16;
									if(_t268 == 2) {
										 *_t469 =  *_t469 & 0x00000000;
										E01040010( *( *_t469), _v24);
										_t259 = _v16;
									}
								}
								asm("lock cmpxchg [ebx], edx");
								if(_t452 == _t452) {
									if(_t469 == 0) {
										 *((short*)(_v8 + 0x5e)) = _t307 - _v8 - 0x00000008 >> 0x00000002 & 0x000000ff;
									}
									goto L59;
								}
								_t201 = _v20;
								if(_t469 != 0) {
									_t107 =  &(_t469[8]); // 0x20
									E01040010(_v16, _t107);
									_t201 = _v20;
								}
							}
						}
					}
				}
			}

0x010e5a5a
0x010e5a5c
0x010e5a5f
0x010e5a62
0x010e5a65
0x010e5a75
0x010e5a75
0x010e5a77
0x010e5a78
0x010e5a78
0x010e5a78
0x010e5a7a
0x010e5a7f
0x00000000
0x010e5a85
0x010e5a85
0x010e5a89
0x010e5a8e
0x010e5a93
0x010e5a96
0x010e5a96
0x010e5a9e
0x010e5aa4
0x010e5aa4
0x010e5aa8
0x010e5ab4
0x010e5ad8
0x010e5ae6
0x010e5af8
0x010e5ae8
0x010e5af1
0x010e5af1
0x010e5b00
0x010e5b1e
0x010e5b1e
0x010e5b00
0x010e5b23
0x010e5b23
0x010e5b30
0x010e5b35
0x010e5b37
0x00000000
0x010e5b37
0x010e5b4d
0x010e5b50
0x010e5c21
0x010e5c21
0x010e5c23
0x010e5c27
0x010e5c29
0x010e5c2e
0x010e5c31
0x010e5c37
0x010e5c45
0x010e5c45
0x010e5c37
0x010e5c4b
0x010e60ee
0x010e60f4
0x00000000
0x00000000
0x00000000
0x010e5c4b
0x010e5b63
0x010e5b67
0x010e5b6c
0x010e5b77
0x010e5b7a
0x00000000
0x00000000
0x010e5b80
0x010e5b83
0x010e5b86
0x010e5b8b
0x010e5c1f
0x010e5b9e
0x010e5b9e
0x010e5ba2
0x010e5bca
0x010e5bd3
0x010e5bdd
0x010e5bdf
0x010e5bea
0x010e5bf7
0x010e5bfc
0x010e5c02
0x00000000
0x00000000
0x010e5c06
0x010e5c07
0x010e5c15
0x010e5c15
0x00000000
0x010e5b8b
0x010e5b6e
0x010e5b6e
0x010e5b72
0x010e5b3c
0x010e5b3f
0x010e5b3f
0x010e5b4b
0x00000000
0x00000000
0x00000000
0x010e5b4b
0x010e5b74
0x00000000
0x010e5c51
0x010e5c53
0x010e5c56
0x010e5c56
0x010e5c59
0x010e5c5c
0x010e5c5c
0x010e5c5e
0x010e5c5e
0x010e5c5e
0x010e5c60
0x010e5c67
0x010e5c6a
0x010e5c6c
0x010e5c6f
0x010e5c6f
0x010e5c6f
0x010e5c71
0x010e5c74
0x010e5c79
0x010e5c7f
0x010e5c82
0x010e5c88
0x010e5c8c
0x010e5c91
0x010e5c96
0x010e5c9b
0x010e5c9d
0x010e5ca0
0x010e5ca0
0x010e5c96
0x010e5c88
0x010e5ca3
0x010e5ca6
0x010e5ca6
0x010e5caa
0x010e5caa
0x010e5caf
0x010e5cb4
0x010e5d7b
0x010e5d7d
0x010e5d7f
0x010e5db3
0x010e5db6
0x010e5db8
0x010e5dcb
0x010e5dce
0x010e5dd1
0x010e5dd4
0x010e5dd7
0x010e5dde
0x010e5de0
0x010e5de5
0x00000000
0x00000000
0x010e5de7
0x010e5de7
0x010e5dec
0x010e5dec
0x010e5df4
0x010e5ed8
0x010e5ed9
0x010e5edb
0x010e5edf
0x010e5edf
0x010e5ee5
0x010e5eeb
0x010e5efb
0x010e5efb
0x010e5efe
0x00000000
0x010e5efe
0x010e5eed
0x010e5ef3
0x010e5ef6
0x00000000
0x010e5ef6
0x010e5e06
0x010e5ec2
0x010e5ec7
0x010e5ec9
0x010e5ec9
0x010e5ecd
0x010e5ecf
0x010e5ed1
0x00000000
0x010e5ed1
0x010e5e0e
0x010e5e11
0x010e5e12
0x010e5e14
0x010e5e18
0x010e5e18
0x010e5e1e
0x010e5e24
0x00000000
0x00000000
0x010e5e36
0x00000000
0x00000000
0x00000000
0x010e5e36
0x010e5e3c
0x010e5e41
0x010e5e4d
0x010e5e4d
0x010e5e52
0x010e5e54
0x010e60ea
0x00000000
0x010e60ea
0x010e5e5d
0x010e5e5d
0x010e5e60
0x010e5e63
0x010e5e63
0x010e5e65
0x010e5e6a
0x00000000
0x00000000
0x010e5e80
0x010e5e86
0x00000000
0x00000000
0x010e5e88
0x010e5e8a
0x010e5e8d
0x010e5e92
0x010e5fcd
0x010e5fdf
0x010e5fcf
0x010e5fd8
0x010e5fd8
0x010e5fe6
0x010e5fea
0x010e6005
0x010e600c
0x010e600c
0x010e600d
0x010e600d
0x010e6010
0x010e6010
0x010e6010
0x010e6014
0x010e5a6a
0x010e5a6a
0x00000000
0x010e601a
0x010e601c
0x010e601c
0x010e601f
0x010e6020
0x010e6022
0x010e6026
0x010e6026
0x010e602f
0x010e5eac
0x010e5eae
0x010e5eb3
0x010e5eb6
0x010e5ebb
0x010e60e2
0x010e60e2
0x010e60e5
0x010e5a75
0x010e5a75
0x010e5a75
0x010e5a77
0x010e5a78
0x010e5a78
0x010e5a7a
0x010e5a7f
0x00000000
0x010e5a85
0x010e5a85
0x010e5a89
0x010e5a8e
0x010e5a93
0x010e5a96
0x010e5a96
0x010e5a9e
0x010e5aa4
0x010e5aa4
0x010e5aa8
0x010e5ab4
0x010e5ad8
0x010e5ae6
0x010e5af8
0x010e5ae8
0x010e5af1
0x010e5af1
0x010e5b00
0x010e5b1e
0x010e5b1e
0x010e5b00
0x010e5b23
0x010e5b23
0x010e5b30
0x010e5b35
0x010e5b37
0x00000000
0x010e5b37
0x010e5a7f
0x010e5fa3
0x010e5fa3
0x010e5fa9
0x010e5fa9
0x010e5fa9
0x010e5fb6
0x010e5fbc
0x00000000
0x010e5fbc
0x010e6039
0x010e6042
0x010e6042
0x010e6045
0x010e6046
0x00000000
0x00000000
0x00000000
0x00000000
0x010e604c
0x010e604c
0x010e604c
0x010e604e
0x010e6053
0x00000000
0x00000000
0x010e6069
0x010e606f
0x00000000
0x00000000
0x010e6071
0x010e6073
0x010e6075
0x010e6078
0x010e6087
0x010e608b
0x010e60a7
0x00000000
0x00000000
0x010e60ad
0x010e60b3
0x010e5f91
0x010e5f93
0x010e5f96
0x010e5f97
0x010e5f99
0x010e5f9d
0x010e5f9d
0x00000000
0x010e5f99
0x010e60b9
0x010e60b9
0x00000000
0x010e60b9
0x010e6091
0x010e6097
0x010e609a
0x00000000
0x00000000
0x00000000
0x010e60bc
0x010e60bc
0x010e60bd
0x010e60c2
0x010e60c4
0x010e60da
0x010e60df
0x00000000
0x010e60df
0x010e5a6e
0x010e5a6e
0x010e5a75
0x010e5a75
0x010e5a77
0x00000000
0x010e5a77
0x010e5a75
0x010e6014
0x010e5e9a
0x010e5e9b
0x010e5e9d
0x010e5ea1
0x010e5ea1
0x010e5eaa
0x010e5f0a
0x010e5f11
0x010e5f14
0x00000000
0x00000000
0x00000000
0x00000000
0x010e5f1a
0x010e5f1a
0x010e5f1a
0x010e5f1c
0x010e5f21
0x00000000
0x00000000
0x010e5f37
0x010e5f3d
0x00000000
0x00000000
0x010e5f3f
0x010e5f41
0x010e5f43
0x010e5f46
0x010e5f55
0x010e5f59
0x010e5f75
0x00000000
0x00000000
0x010e5f7b
0x010e5f81
0x00000000
0x00000000
0x010e5f83
0x010e5f83
0x00000000
0x010e5f83
0x010e5f5f
0x010e5f65
0x010e5f68
0x00000000
0x00000000
0x00000000
0x010e5f86
0x010e5f86
0x010e5f87
0x00000000
0x010e5f8c
0x00000000
0x010e5f1a
0x00000000
0x010e5eaa
0x010e5a72
0x010e5a72
0x00000000
0x010e5a72
0x010e5d83
0x010e5d86
0x010e5d87
0x010e5d89
0x010e5d8d
0x010e5d8d
0x010e5d96
0x00000000
0x00000000
0x010e5d9e
0x010e5da3
0x010e5da6
0x010e5dab
0x010e5c5c
0x010e5c5e
0x010e5c5e
0x010e5c60
0x010e5c67
0x010e5c6a
0x010e5c6c
0x00000000
0x010e5c6c
0x010e5cbd
0x010e5ccb
0x010e5cce
0x010e5cd1
0x010e5cd8
0x010e5cda
0x010e5cdf
0x00000000
0x00000000
0x010e5ce1
0x010e5ce7
0x010e5ce7
0x010e5cee
0x010e5d2a
0x010e5d32
0x010e5d37
0x010e5d37
0x00000000
0x010e5d2a
0x010e5cf2
0x010e5cf3
0x010e5cf5
0x010e5cf9
0x010e5cf9
0x010e5cff
0x010e5d05
0x010e5d08
0x010e5d11
0x010e5d14
0x010e5d19
0x010e5d19
0x010e5d08
0x010e5d3d
0x010e5d43
0x010e5d65
0x010e5d75
0x010e5d75
0x00000000
0x010e5d65
0x010e5d45
0x010e5d4a
0x010e5d53
0x010e5d56
0x010e5d5b
0x010e5d5b
0x010e5d4a
0x010e5c5e
0x010e5c5c
0x010e5a78

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2e2896320f2abc75450e0ffc888a33d892a52d234bfd42c704cf87621ad865f
Instruction ID: ea6a6c64d01879c3f2a331242b450fbbc9c86d655756cdf4b9a28c87482bbbef
Opcode Fuzzy Hash: a2e2896320f2abc75450e0ffc888a33d892a52d234bfd42c704cf87621ad865f
Instruction Fuzzy Hash: F4229539A002168FDB59CF5EC8946AEB7F1FF88318F1889ADD591DB341DB319942CB90

Uniqueness

Uniqueness Score: -1.00%

Function 010E60F5 Relevance: .6, Instructions: 558
COMMONCrypto

Download Yara Rule

C-Code - Quality: 84%

			E010E60F5(intOrPtr __ecx) {
				char _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int* _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed char _v40;
				intOrPtr _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int** _v60;
				intOrPtr _v64;
				intOrPtr _v72;
				void* __ebx;
				signed int _t200;
				char* _t203;
				unsigned int _t214;
				signed short _t224;
				char* _t228;
				signed int* _t233;
				signed int _t241;
				signed int _t253;
				signed int* _t256;
				signed int* _t257;
				signed int _t262;
				signed int _t263;
				signed int _t266;
				signed short _t271;
				void* _t275;
				signed int _t279;
				signed int*** _t287;
				signed int _t294;
				signed char _t307;
				intOrPtr _t309;
				intOrPtr* _t310;
				unsigned int _t312;
				signed int _t313;
				signed char* _t315;
				signed int _t321;
				signed int _t322;
				signed int* _t326;
				void* _t327;
				signed int _t328;
				signed char _t331;
				signed int _t332;
				signed int _t340;
				intOrPtr _t349;
				unsigned int _t354;
				signed int _t356;
				signed int* _t367;
				signed int** _t370;
				signed int _t387;
				intOrPtr _t392;
				unsigned int _t398;
				signed int _t403;
				signed int _t410;
				void* _t411;
				signed char _t413;
				signed int _t414;
				signed int** _t415;
				intOrPtr _t417;
				intOrPtr _t420;
				signed int _t423;
				signed int _t425;
				signed int** _t426;
				signed int** _t427;
				intOrPtr* _t430;
				signed int _t433;
				intOrPtr* _t434;
				signed int** _t436;
				signed int**** _t441;
				signed int _t445;
				intOrPtr* _t447;
				signed int _t448;
				signed int _t451;
				signed int _t452;
				signed int* _t453;
				void* _t454;
				signed int _t457;
				signed int* _t458;
				void* _t459;
				signed int _t460;

				_t433 = 0;
				_t309 = __ecx;
				_t403 = 0;
				_v64 = __ecx;
				_v32 = 0;
				_v36 = 0;
				_t331 = 1;
				do {
					if((_t331 &  *(_t309 + 0x1bf + _t403 * 4)) != 0) {
						if(( *(_t309 + 0x1b8) & _t331) != 0) {
							goto L2;
						}
						_t307 =  *0x1116240; // 0x4
						_v40 = _t307;
						if(_t307 == 0) {
							goto L37;
						}
						L5:
						_t332 = _t433;
						_v56 = _t433;
						do {
							if(_t332 != 0) {
								_t445 = _t332 * 0x68;
								_t332 = _v56;
								_t447 = _t445 + 0xffffff98 +  *((intOrPtr*)(_t309 + 0x5c4 + _t403 * 4));
							} else {
								_t447 =  *((intOrPtr*)(_t309 + 0x3c0 + _t403 * 4));
							}
							if(_t447 != 0 &&  *((intOrPtr*)(_t447 + 0x54)) == 1) {
								_t214 = E010E5A4F(_t447, _t332);
								_t312 = _t214;
								if(_t312 == 0) {
									L34:
									_t403 = _v36;
									_t332 = _v56;
									_t309 = _v64;
									goto L35;
								}
								 *( *_t447 + 0x14) = _t433;
								_t349 = _v64;
								_t408 =  *(_t349 + 0xc);
								_t354 = _t312 >> 0x00000003 ^  *0x111874c ^  *(_t349 + 0xc) ^  *_t312;
								if(_t354 != 0) {
									L17:
									_push(_t354);
									_push(_t433);
									E010EA80D(_t408, 3, _t312, _t433);
									goto L34;
								}
								_t354 = _t354 >> 0xd;
								_t436 =  *(_t214 - _t354);
								_v60 = _t436;
								if(_t436 == 0) {
									L16:
									_t433 = 0;
									goto L17;
								}
								_t356 = _t436[1];
								_v44 = 0;
								_t410 =  *(_t312 + 4) >> 0x00000008 & 0x0000ffff;
								_v52 = _t356;
								_v48 = _t410;
								_t451 =  *( *( *_t436) + 0xc);
								_t224 =  *(_t356 + 0x10) ^ _t451 ^  *0x111874c ^ _t356;
								_t354 = (_t224 >> 0x10) * _t410 + _v52;
								if((_t224 & 0x0000ffff) + _t354 == _t312) {
									if(E01047D50() == 0) {
										_t228 = 0x7ffe0380;
									} else {
										_t228 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									if( *_t228 != 0 && ( *( *[fs:0x30] + 0x240) & 1) != 0) {
										_t41 = _t312 + 8; // 0x8
										E010E1608( *(_t451 + 0xc), _t41, 2);
									}
									asm("sbb eax, eax");
									_v20 = 0;
									_t411 = 0;
									_t43 =  &(_t436[4]); // 0x10
									_t233 = _t43;
									_v24 = _t233;
									while(1) {
										_t452 =  *_t233;
										_v28 = _t452;
										if((_t452 >> 0x00000010 & 0x00008000) != 0) {
											goto L28;
										}
										L27:
										asm("lock cmpxchg [edi], ecx");
										_t436 = _v60;
										if(_t452 == _t452) {
											L30:
											 *((char*)(_t312 + 7)) = 0x80;
											if(_t452 != 0xffffffff) {
												_t313 = _v48;
												asm("btr [eax], ebx");
												if(_t436[3] == 0) {
													L49:
													_t453 =  *_t436;
													_t241 = (_t452 & 0x0000ffff) + _v44 + 0x00000001 | _t313 << 0x00000010;
													if(_t241 != _t436[6]) {
														L86:
														_t315 =  &(_t436[7]);
														_t436[4] = _t241;
														if(( *_t315 & 0x00000002) != 0 || E01048D76(_t453, _t436) == 0) {
															L33:
															_t433 = 0;
															goto L34;
														} else {
															while(1) {
																_t413 =  *_t315;
																if(_t413 == 0 || (_t413 & 0x00000002) != 0) {
																	goto L33;
																}
																asm("lock cmpxchg [ebx], ecx");
																if(_t413 != _t413) {
																	continue;
																}
																_t367 =  *_t436;
																_v28 = _t367;
																_t454 = 0;
																do {
																	_t414 = _t367[((_t367[0x17] & 0x0000ffff) + _t454 & 0x0000000f) + 2];
																	if(_t414 != 0) {
																		if(( *(_t414 + 0x1c) & 0x00000001) != 0) {
																			goto L98;
																		}
																		asm("lock cmpxchg [ebx], ecx");
																		if(_t414 == _t414) {
																			_t321 = 0xfffffffd;
																			_t253 =  *(_t414 + 0x1c);
																			do {
																				asm("lock cmpxchg [esi], ecx");
																			} while ((_t253 & _t321) != 0);
																			_t433 = 0;
																			if(_t253 == 2) {
																				 *_t414 = 0;
																				E01040010( *((intOrPtr*)( *_t414)), _t414 + 0x20);
																			}
																			goto L34;
																		}
																		L97:
																		_t367 = _v28;
																		goto L98;
																	}
																	asm("lock cmpxchg [ebx], ecx");
																	if(0 == 0) {
																		goto L33;
																	}
																	goto L97;
																	L98:
																	_t454 = _t454 + 1;
																} while (_t454 < 0x10);
																_t415 =  &(_t436[8]);
																_t370 =  *((intOrPtr*)( *( *( *_t436) + 0xc) + 0x3c0 + (( *_t436)[0x17] & 0x0000ffff) * 4)) + 0x48;
																L32:
																E01040010(_t370, _t415);
																goto L33;
															}
															goto L33;
														}
													}
													_t322 = _t453[0x16];
													_t417 =  *((intOrPtr*)( *_t453 + 0x10));
													_t377 = _t453[0x15];
													if(_t453[0x15] != 1 || _t417 < _t322) {
														L53:
														_t256 =  *_t436;
														_v48 = _t256;
														_t257 =  &(_t256[1]);
														_t457 =  *_t257;
														 *_t257 = 0;
														if(_t457 == 0) {
															L73:
															_t458 =  *_t436;
															_t323 =  *( *_v48 + 0xc);
															_v24 =  *( *_v48 + 0xc);
															if((_t436[5] & 0x00000003) != 0) {
																_v12 =  &(_t436[1][0x407]) & 0xfffff000;
																_t271 = E010E5634(_t436);
																_push( &_v8);
																_t387 = (_t436[6] & 0x0000ffff) * (_t271 & 0x0000ffff) << 3;
																_v16 = _t387;
																_t275 = E01050678(_t323[3], 1);
																_t377 = _t387;
																_push(_t275);
																_push( &_v16);
																_push( &_v12);
																_push(0xffffffff);
																E01069A00();
															}
															_t436[1][3] = 0;
															E010497ED(_t323, _t436[1], _t377);
															_t262 = _t436[6] & 0x0000ffff;
															_v48 = _t262;
															_t137 =  &(_t458[0x14]); // 0x50
															_t263 = _t137;
															_v48 =  ~_t262;
															_v52 = _t263;
															do {
																_t459 =  *_t263;
																_t420 =  *((intOrPtr*)(_t263 + 4));
																_v20 = _t420;
																asm("lock cmpxchg8b [edi]");
																_t263 = _v48;
															} while (_t459 != _t459 || _t420 != _v20);
															_t441 = _v60;
															_t441[1] = 0;
															asm("lock inc dword [eax+0x20]");
															_t441[4] = 0;
															_t460 = 0xfffffffe;
															_t266 = _t441[7];
															do {
																asm("lock cmpxchg [edx], ecx");
															} while ((_t266 & _t460) != 0);
															if(_t266 != 1) {
																goto L33;
															}
															_t415 =  &(_t441[8]);
															_t370 =  *( *_t441);
															 *_t441 = 0;
															goto L32;
														}
														_t95 = _t457 + 0x1c; // 0x1c
														_t326 = _t95;
														_t423 = 0xfffffff9;
														_t279 =  *_t326;
														do {
															asm("lock cmpxchg [ebx], ecx");
														} while ((_t279 & _t423) != 0);
														if(_t279 != 6) {
															_t377 = _v48;
															if(E01048D76(_v48, _t457) == 0) {
																goto L73;
															} else {
																goto L59;
															}
															while(1) {
																L59:
																_t425 =  *_t326;
																if(_t425 == 0 || (_t425 & 0x00000002) != 0) {
																	goto L73;
																}
																_t377 = _t425 | 0x00000002;
																asm("lock cmpxchg [ebx], ecx");
																if(_t425 != _t425) {
																	continue;
																}
																_t392 =  *_t457;
																_v44 = _t392;
																_t327 = 0;
																do {
																	_t287 = _t392 + ((( *(_t392 + 0x5e) & 0x0000ffff) + _t327 & 0x0000000f) + 2) * 4;
																	_t426 =  *_t287;
																	_v28 = _t287;
																	if(_t426 != 0) {
																		if((_t426[7] & 0x00000001) != 0) {
																			goto L69;
																		}
																		asm("lock cmpxchg [edi], ecx");
																		_t436 = _v60;
																		if(_t426 == _t426) {
																			_t328 = 0xfffffffd;
																			_t294 = _t426[7];
																			do {
																				_t377 = _t294 & _t328;
																				asm("lock cmpxchg [esi], ecx");
																			} while ((_t294 & _t328) != 0);
																			if(_t294 != 2) {
																				goto L73;
																			}
																			_t377 =  *( *_t426);
																			 *_t426 = 0;
																			_t427 =  &(_t426[8]);
																			L72:
																			E01040010(_t377, _t427);
																			goto L73;
																		}
																		L68:
																		_t392 = _v44;
																		goto L69;
																	}
																	_t377 = _t457;
																	asm("lock cmpxchg [edx], ecx");
																	if(0 == 0) {
																		goto L73;
																	}
																	goto L68;
																	L69:
																	_t327 = _t327 + 1;
																} while (_t327 < 0x10);
																_t377 =  *((intOrPtr*)( *((intOrPtr*)( *( *_t457) + 0xc)) + 0x3c0 + (( *_t457)[0x17] & 0x0000ffff) * 4)) + 0x48;
																L71:
																_t116 = _t457 + 0x20; // 0x20
																_t427 = _t116;
																goto L72;
															}
															goto L73;
														}
														_t377 =  *( *_t457);
														 *_t457 = 0;
														goto L71;
													} else {
														_t377 =  *_t453;
														if(_t417 - _t322 <  *((intOrPtr*)( *_t453 + 0x14))) {
															goto L86;
														}
														goto L53;
													}
												}
												_t430 = E010B5208( &(_t436[2]));
												if(_t430 == 0) {
													goto L49;
												}
												do {
													_t398 =  *(_t430 - 4);
													_t430 =  *_t430;
													asm("btr [eax], edi");
													_v44 = _v44 + 1;
													_v48 = _t398 >> 0x00000008 & 0x0000ffff;
												} while (_t430 != 0);
												_t452 = _v28;
												_t436 = _v60;
												_t313 = _v48;
												goto L49;
											}
											_t54 = _t312 + 8; // 0x8
											_t415 = _t54;
											_t370 =  &(_t436[2]);
											goto L32;
										}
										L28:
										_t411 = _t411 + 1;
										if(_t411 <= _v20) {
											_t45 =  &(_t436[4]); // 0x10
											_t233 = _t45;
											_t452 =  *_t233;
											_v28 = _t452;
											if((_t452 >> 0x00000010 & 0x00008000) != 0) {
												goto L28;
											}
											goto L27;
										}
										_t452 = _t452 | 0xffffffff;
										_v28 = _t452;
										goto L30;
									}
								}
								_t408 =  *(_t451 + 0xc);
								goto L16;
							}
							L35:
							_t332 = _t332 + 1;
							_v56 = _t332;
						} while (_t332 < _v40);
						_t331 = 1;
						goto L37;
					}
					L2:
					_v40 = _t331;
					goto L5;
					L37:
					_t403 = _t403 + 1;
					_v36 = _t403;
				} while (_t403 < 0x81);
				_t62 = _t309 + 0x38; // 0x38
				_t195 = _t62;
				_v40 = 0xc;
				_v36 = _t62;
				do {
					_t448 = _t433;
					_t434 = E010B5208(_t195);
					if(_t434 == 0) {
						goto L112;
					} else {
						goto L40;
					}
					do {
						L40:
						_t310 = _t434;
						_t434 =  *_t434;
						_t200 = 1 <<  *(_t310 + 8);
						if(1 > 0x78000) {
							_t200 = 0x78000;
						}
						_t340 = ( *(_t310 + 0xa) & 0x0000ffff) + _t200;
						_v32 = _v32 + _t340;
						_v28 = _t340;
						E0104C111( *((intOrPtr*)(_v64 + 0xc)), _t310, _t340);
						_t448 = _t448 + 1;
						if(E01047D50() == 0) {
							_t203 = 0x7ffe0380;
						} else {
							_t203 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t203 == 0 || ( *( *[fs:0x30] + 0x240) & 1) == 0) {
							_t309 = _v64;
						} else {
							E010E18CA(_t310,  *((intOrPtr*)(_v64 + 0xc)), _t310, _v28, 0);
							_t309 = _v72;
							E010E1951(_t309,  *((intOrPtr*)(_t309 + 0xc)), _t310, _v36, 0);
						}
					} while (_t434 != 0);
					if(_t448 != 0) {
						asm("lock xadd [eax], esi");
					}
					L112:
					_t195 = _v36 + 0x20;
					_t188 =  &_v40;
					 *_t188 = _v40 - 1;
					_v36 = _t195;
					_t433 = 0;
				} while ( *_t188 != 0);
				if(_v32 != 0) {
					_t192 = _t309 + 0x2c; // 0x2c
					_t195 = _t192;
					asm("lock xadd [eax], ecx");
				}
				return _t195;
			}

0x010e6103
0x010e6105
0x010e6107
0x010e6109
0x010e610f
0x010e6113
0x010e6117
0x010e6118
0x010e6121
0x010e612f
0x00000000
0x00000000
0x010e6131
0x010e6136
0x010e613c
0x00000000
0x00000000
0x010e6142
0x010e6142
0x010e6144
0x010e6148
0x010e614a
0x010e6155
0x010e6158
0x010e615f
0x010e614c
0x010e614c
0x010e614c
0x010e6168
0x010e617e
0x010e6183
0x010e6187
0x010e62cd
0x010e62cd
0x010e62d1
0x010e62d5
0x00000000
0x010e62d5
0x010e618f
0x010e6192
0x010e6196
0x010e61a6
0x010e61ab
0x010e6204
0x010e6204
0x010e6205
0x010e620b
0x00000000
0x010e620b
0x010e61ad
0x010e61b2
0x010e61b4
0x010e61ba
0x010e6202
0x010e6202
0x00000000
0x010e6202
0x010e61c1
0x010e61c7
0x010e61cb
0x010e61d0
0x010e61d4
0x010e61da
0x010e61e8
0x010e61f5
0x010e61fd
0x010e621c
0x010e622e
0x010e621e
0x010e6227
0x010e6227
0x010e6236
0x010e624c
0x010e6251
0x010e6251
0x010e6260
0x010e6265
0x010e626b
0x010e626d
0x010e626d
0x010e6270
0x010e6279
0x010e6279
0x010e6280
0x010e6289
0x00000000
0x00000000
0x010e628b
0x010e6299
0x010e629d
0x010e62a3
0x010e62b3
0x010e62b3
0x010e62ba
0x010e6377
0x010e637e
0x010e6387
0x010e63c4
0x010e63cc
0x010e63d3
0x010e63d9
0x010e660c
0x010e660c
0x010e660f
0x010e6616
0x010e62cb
0x010e62cb
0x00000000
0x010e662d
0x010e662d
0x010e662d
0x010e6631
0x00000000
0x00000000
0x010e6647
0x010e664d
0x00000000
0x00000000
0x010e664f
0x010e6653
0x010e6657
0x010e6659
0x010e6668
0x010e666c
0x010e6685
0x00000000
0x00000000
0x010e668b
0x010e6691
0x010e66bf
0x010e66c0
0x010e66c2
0x010e66c6
0x010e66c6
0x010e66cc
0x010e66d1
0x010e66db
0x010e66e0
0x010e66e0
0x00000000
0x010e66d1
0x010e6693
0x010e6693
0x00000000
0x010e6693
0x010e6672
0x010e6678
0x00000000
0x00000000
0x00000000
0x010e6697
0x010e6697
0x010e6698
0x010e669f
0x010e66b2
0x010e62c6
0x010e62c6
0x00000000
0x010e62c6
0x00000000
0x010e662d
0x010e6616
0x010e63e1
0x010e63e4
0x010e63e7
0x010e63ed
0x010e6400
0x010e6400
0x010e6404
0x010e6408
0x010e640b
0x010e640b
0x010e640f
0x010e64e9
0x010e64f1
0x010e64f5
0x010e64f8
0x010e64fc
0x010e650d
0x010e6511
0x010e6524
0x010e6527
0x010e652a
0x010e6535
0x010e653a
0x010e653b
0x010e6540
0x010e6545
0x010e6546
0x010e6548
0x010e6548
0x010e6555
0x010e655b
0x010e6560
0x010e6566
0x010e656c
0x010e656c
0x010e656f
0x010e6573
0x010e6577
0x010e6577
0x010e6579
0x010e657e
0x010e658c
0x010e6596
0x010e6596
0x010e65a2
0x010e65ac
0x010e65af
0x010e65b5
0x010e65bb
0x010e65bc
0x010e65be
0x010e65c2
0x010e65c2
0x010e65cd
0x00000000
0x00000000
0x010e65d5
0x010e65d8
0x010e65da
0x00000000
0x010e65da
0x010e6417
0x010e6417
0x010e641a
0x010e641b
0x010e641d
0x010e6421
0x010e6421
0x010e642a
0x010e6439
0x010e6446
0x00000000
0x00000000
0x00000000
0x00000000
0x010e644c
0x010e644c
0x010e644c
0x010e6450
0x00000000
0x00000000
0x010e6463
0x010e6466
0x010e646c
0x00000000
0x00000000
0x010e646e
0x010e6472
0x010e6476
0x010e6478
0x010e6484
0x010e6487
0x010e6489
0x010e648f
0x010e64a8
0x00000000
0x00000000
0x010e64b2
0x010e64b6
0x010e64bc
0x010e65e6
0x010e65e7
0x010e65e9
0x010e65eb
0x010e65ed
0x010e65ed
0x010e65f6
0x00000000
0x00000000
0x010e65fe
0x010e6602
0x010e6604
0x010e64e4
0x010e64e4
0x00000000
0x010e64e4
0x010e64c2
0x010e64c2
0x00000000
0x010e64c2
0x010e6495
0x010e6499
0x010e649f
0x00000000
0x00000000
0x00000000
0x010e64c6
0x010e64c6
0x010e64c7
0x010e64de
0x010e64e1
0x010e64e1
0x010e64e1
0x00000000
0x010e64e1
0x00000000
0x010e644c
0x010e642e
0x010e6432
0x00000000
0x010e63f3
0x010e63f3
0x010e63fa
0x00000000
0x00000000
0x00000000
0x010e63fa
0x010e63ed
0x010e6391
0x010e6395
0x00000000
0x00000000
0x010e639b
0x010e639b
0x010e63a1
0x010e63a9
0x010e63ac
0x010e63b0
0x010e63b4
0x010e63b8
0x010e63bc
0x010e63c0
0x00000000
0x010e63c0
0x010e62c0
0x010e62c0
0x010e62c3
0x00000000
0x010e62c3
0x010e62a5
0x010e62a5
0x010e62aa
0x010e6276
0x010e6276
0x010e6279
0x010e6280
0x010e6289
0x00000000
0x00000000
0x00000000
0x010e6289
0x010e62ac
0x010e62af
0x00000000
0x010e62af
0x010e6279
0x010e61ff
0x00000000
0x010e61ff
0x010e62d9
0x010e62d9
0x010e62da
0x010e62de
0x010e62ea
0x00000000
0x010e62ea
0x010e6123
0x010e6123
0x00000000
0x010e62eb
0x010e62eb
0x010e62ec
0x010e62f0
0x010e62fc
0x010e62fc
0x010e62ff
0x010e6307
0x010e630b
0x010e630d
0x010e6314
0x010e6318
0x00000000
0x00000000
0x00000000
0x00000000
0x010e631e
0x010e631e
0x010e631e
0x010e6322
0x010e6328
0x010e6331
0x010e6333
0x010e6333
0x010e633b
0x010e633d
0x010e6341
0x010e634d
0x010e6352
0x010e635a
0x010e66ea
0x010e6360
0x010e6369
0x010e6369
0x010e66f2
0x010e6731
0x010e6705
0x010e6715
0x010e671e
0x010e672a
0x010e672a
0x010e6735
0x010e673f
0x010e674a
0x010e674a
0x010e674e
0x010e6752
0x010e6755
0x010e6755
0x010e675c
0x010e6760
0x010e6760
0x010e676d
0x010e6771
0x010e6771
0x010e6774
0x010e6774
0x010e677e

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2d8d4a7836cab8cef1a1cc1bc41b78e76707073bd9a95122711fd20b70c03fe
Instruction ID: 85b02e63d8c990a0327c3efc7ef205a8b489b7c0936aab2e4579827de3a6a3b5
Opcode Fuzzy Hash: f2d8d4a7836cab8cef1a1cc1bc41b78e76707073bd9a95122711fd20b70c03fe
Instruction Fuzzy Hash: 0522D1716047018FDB59CF1AD494A2AB7E2FF98314F148AADE9D6CB351DB31E841CB81

Uniqueness

Uniqueness Score: -1.00%

Function 01044120 Relevance: .4, Instructions: 444
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E01044120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x111d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0105F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E01046E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = E01044620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E01046E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M010445F8))) {
												case 0:
													_v568 = 0x1001078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x10011c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = E01044620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E0106F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E0106F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E010252A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E0103EB70(1, 0x11179a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E0103AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E010695D0();
																			L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E0106B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E01063D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E0106B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}

0x01044128
0x01044135
0x0104413c
0x01044141
0x01044145
0x01044147
0x0104414e
0x01044151
0x01044159
0x0104415c
0x01044160
0x01044164
0x01044168
0x0104416c
0x0104417f
0x01044181
0x0104446a
0x0104446a
0x0104418c
0x01044195
0x01044199
0x01044432
0x01044439
0x0104443d
0x01044442
0x01044447
0x00000000
0x0104419f
0x010441a3
0x010441b1
0x010441b9
0x010441bd
0x010445db
0x010445db
0x00000000
0x010441c3
0x010441c3
0x010441ce
0x010441d4
0x0108e138
0x0108e13e
0x0108e169
0x0108e16d
0x0108e19e
0x0108e16f
0x0108e16f
0x0108e175
0x0108e179
0x0108e18f
0x0108e193
0x00000000
0x0108e199
0x00000000
0x0108e199
0x0108e193
0x00000000
0x00000000
0x00000000
0x010441da
0x010441da
0x010441df
0x010441e4
0x010441ec
0x01044203
0x01044207
0x0108e1fd
0x01044222
0x01044226
0x0108e1f3
0x0108e1f3
0x0104422c
0x0104422c
0x01044233
0x0108e1ed
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x01044239
0x01044239
0x01044239
0x01044239
0x01044233
0x01044226
0x010441ee
0x010441ee
0x010441f4
0x01044575
0x0108e1b1
0x0108e1b1
0x00000000
0x0104457b
0x0104457b
0x01044582
0x0108e1ab
0x00000000
0x00000000
0x00000000
0x00000000
0x01044588
0x01044588
0x0104458c
0x0108e1c4
0x0108e1c4
0x00000000
0x01044592
0x01044592
0x01044599
0x0108e1be
0x00000000
0x00000000
0x00000000
0x00000000
0x0104459f
0x0104459f
0x010445a3
0x0108e1d7
0x0108e1e4
0x00000000
0x010445a9
0x010445a9
0x010445b0
0x0108e1d1
0x00000000
0x00000000
0x00000000
0x00000000
0x010445b6
0x010445b6
0x010445b6
0x00000000
0x010445b6
0x010445b0
0x010445a3
0x01044599
0x0104458c
0x01044582
0x00000000
0x00000000
0x00000000
0x00000000
0x010441f4
0x0104423e
0x01044241
0x010445c0
0x010445c4
0x00000000
0x010445ca
0x010445ca
0x00000000
0x0108e207
0x0108e20f
0x00000000
0x00000000
0x00000000
0x00000000
0x010445d1
0x00000000
0x00000000
0x010445ca
0x00000000
0x01044247
0x01044247
0x01044247
0x01044249
0x01044249
0x01044249
0x01044251
0x01044251
0x01044257
0x0104425f
0x0104426e
0x01044270
0x0104427a
0x0108e219
0x0108e219
0x01044280
0x01044282
0x01044456
0x010445ea
0x00000000
0x010445f0
0x0108e223
0x00000000
0x0108e223
0x0104445c
0x0104445c
0x00000000
0x0104445c
0x00000000
0x01044288
0x0104428c
0x0108e298
0x01044292
0x01044292
0x0104429e
0x010442a3
0x010442a7
0x010442ac
0x0108e22d
0x010442b2
0x010442b2
0x010442b9
0x010442bc
0x010442c2
0x010442ca
0x010442cd
0x010442cd
0x010442d4
0x0104433f
0x0104433f
0x010442d6
0x010442d6
0x010442d9
0x010442dd
0x010442eb
0x0108e23a
0x010442f1
0x01044305
0x0104430d
0x01044315
0x01044318
0x0104431f
0x01044322
0x0104432e
0x0104433b
0x0104433b
0x00000000
0x0104432e
0x010442eb
0x0104434c
0x0104434e
0x01044352
0x01044359
0x0104435e
0x01044361
0x0104436e
0x0104438a
0x0104438e
0x01044396
0x0104439e
0x010443a1
0x010443ad
0x010443bb
0x010443bb
0x010443ad
0x0104436e
0x010443bf
0x010443c5
0x01044463
0x01044463
0x010443ce
0x010443d5
0x010443d9
0x010443df
0x01044475
0x01044479
0x01044491
0x01044491
0x01044479
0x010443e5
0x010443eb
0x010443f4
0x010443f6
0x010443f9
0x010443fc
0x010443ff
0x010444e8
0x010444ed
0x010444f3
0x0108e247
0x00000000
0x010444f9
0x01044504
0x01044508
0x0104450f
0x0108e269
0x00000000
0x01044515
0x01044519
0x01044531
0x01044534
0x01044537
0x0104453e
0x01044541
0x0104454a
0x0108e255
0x0108e255
0x0108e25b
0x0108e25e
0x0108e261
0x0108e261
0x01044555
0x01044559
0x0104455d
0x0108e26d
0x0108e270
0x0108e274
0x0108e27a
0x0108e27d
0x0108e28e
0x0108e28e
0x01044563
0x01044563
0x01044569
0x01044569
0x00000000
0x0104455d
0x0104450f
0x00000000
0x010444f3
0x010443ff
0x01044405
0x01044405
0x01044405
0x010442ac
0x0104428c
0x01044282
0x01044407
0x0104440d
0x0108e2af
0x0108e2af
0x01044413
0x01044413
0x00000000
0x010441d4
0x00000000
0x010441c3
0x010441bd
0x01044415
0x01044415
0x01044416
0x01044417
0x01044429
0x0104416e
0x0104416e
0x01044175
0x01044498
0x0104449f
0x0108e12d
0x00000000
0x0108e133
0x00000000
0x0108e133
0x010444a5
0x010444a5
0x010444aa
0x00000000
0x010444bb
0x010444ca
0x010444d6
0x010444d7
0x010444d8
0x010444e3
0x010444e3
0x010444aa
0x0104417b
0x0104417b
0x0104417b
0x00000000
0x0104417b
0x01044175
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6aa222ceee61b430f6a6e9e64c01e0f6edfb491e1c2a9d0358c4f36034b03641
Instruction ID: 96a479ec935a8d50d1a568e359a0f18a0bd261c7d563b16c4ca6bebc4c3b8893
Opcode Fuzzy Hash: 6aa222ceee61b430f6a6e9e64c01e0f6edfb491e1c2a9d0358c4f36034b03641
Instruction Fuzzy Hash: 6CF16BB06082118BDB64DF19C480B7AB7E1FF98714F55896EF9C6CB291EB34D881CB52

Uniqueness

Uniqueness Score: -1.00%

Function 010520A0 Relevance: .4, Instructions: 420
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E010520A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x1118714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E01052EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E01052EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E010258EC(_t240);
									_t221 =  *0x1115cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x1115cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E01064A2C(0x1116e40, 0x1064b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E01047D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x1005c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E0105F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E0105F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E010A7016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L01042400(_t267 + 0x20);
															}
															L01042400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E01052397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E01042280(_t134, 0x1118608);
									__eflags =  *0x1116e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E0103FFB0(_t198, _t241, 0x1118608);
										__eflags = _t253;
										if(_t253 != 0) {
											L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x1116e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x1118608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E01056B90(_t210,  &_v64);
										_t262 =  *0x1118608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E0105E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E010697C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E0106006A(0x1118608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x1118608);
												E0106B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x1116904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x1116e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E0103FFB0(_t198, _t240, 0x1118608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E010600C2(0x1118608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}

0x010520a0
0x010520a8
0x010520ad
0x010520b3
0x010520b8
0x010520c2
0x010520c7
0x010520cb
0x010520d2
0x01052263
0x01052266
0x01095836
0x01095836
0x00000000
0x0105226c
0x0105226c
0x01052270
0x01052274
0x010520e2
0x010520e2
0x010520e6
0x010520ee
0x010957dc
0x010957de
0x010957ec
0x010957ec
0x010957f1
0x010957f3
0x010957f8
0x00000000
0x010957f8
0x010957e0
0x010957e4
0x010957ea
0x00000000
0x00000000
0x00000000
0x010957ea
0x010520f4
0x010520f4
0x010520f8
0x010520f8
0x010520fc
0x01052100
0x01052106
0x01052201
0x01052206
0x0105220b
0x0105220e
0x010522a9
0x010522ac
0x00000000
0x00000000
0x010522b2
0x010522b5
0x01095801
0x01095806
0x00000000
0x00000000
0x01095810
0x01095815
0x01095818
0x00000000
0x00000000
0x0109581e
0x010522bb
0x010522bb
0x01052218
0x01052218
0x0105221c
0x01052220
0x01052222
0x010522c2
0x010522c4
0x010522dc
0x010522dc
0x010522e1
0x00000000
0x00000000
0x00000000
0x010522e7
0x010522c8
0x010522cd
0x010522d3
0x010522d6
0x01095823
0x01095825
0x01095827
0x00000000
0x00000000
0x0109582d
0x00000000
0x0109582d
0x00000000
0x01052228
0x01052228
0x00000000
0x01052228
0x01052222
0x01052214
0x01052214
0x00000000
0x01052114
0x01052114
0x01052114
0x0105211a
0x0105211c
0x01052348
0x0105234d
0x01095840
0x01095845
0x01095848
0x0109584e
0x0109584e
0x01095848
0x01052353
0x01052355
0x01052388
0x01052388
0x01052368
0x0105236a
0x0105236c
0x0105238f
0x00000000
0x0105236e
0x0105236e
0x0105218e
0x0105218e
0x01052191
0x01052195
0x01095a03
0x01095a06
0x01095a0c
0x01095a0f
0x01095a11
0x01095a13
0x01095a13
0x01095a19
0x01095a1f
0x00000000
0x0105219b
0x0105219b
0x010521a0
0x01052282
0x01052284
0x01052284
0x01052284
0x01052284
0x010521a6
0x010521a9
0x010521ac
0x010521ae
0x010521b3
0x0105228b
0x01052290
0x01052379
0x01052296
0x01052298
0x01052298
0x01052290
0x010521b9
0x010521be
0x010522a2
0x010522a2
0x010521c4
0x010521c8
0x010521cc
0x010521d0
0x010521d4
0x010521de
0x010521e3
0x01095a29
0x01095a2c
0x00000000
0x00000000
0x01095a3b
0x00000000
0x010521e9
0x010521e9
0x010521e9
0x010521ee
0x010521f1
0x01095a45
0x01095a4b
0x01095a52
0x01095a58
0x01095a5d
0x01095a5f
0x01095a71
0x01095a61
0x01095a6a
0x01095a6a
0x01095a76
0x01095a79
0x01095a7f
0x01095a83
0x01095a85
0x01095a87
0x01095a87
0x01095a8c
0x01095a91
0x01095a97
0x01095a9f
0x01095aa0
0x01095aa1
0x01095aa6
0x01095aab
0x01095ab1
0x01095ab3
0x01095ab9
0x01095aca
0x01095ad4
0x01095ad4
0x01095ade
0x01095ade
0x01095aab
0x01095a79
0x01095a52
0x010521f7
0x010521f9
0x010521fe
0x010521fe
0x010521e3
0x01052195
0x0105236c
0x01052122
0x01052122
0x01052124
0x01052231
0x01052236
0x01052236
0x01052238
0x01052238
0x01052240
0x01052242
0x01052244
0x010959fc
0x0105218c
0x0105218c
0x00000000
0x0105218c
0x0105224a
0x0105224f
0x01052256
0x01052304
0x01052309
0x0105230f
0x0105231e
0x0105231e
0x0105231e
0x01052320
0x01052325
0x0105232a
0x0105232c
0x0105233e
0x0105233e
0x00000000
0x0105232c
0x01052311
0x01052317
0x0105231a
0x0105231c
0x01052380
0x01052380
0x01052380
0x01052384
0x00000000
0x00000000
0x01052386
0x00000000
0x0105231c
0x0105225c
0x0105225c
0x00000000
0x0105225c
0x0105212a
0x01052134
0x01052138
0x0105213d
0x01095858
0x01095863
0x01095863
0x01095867
0x0109586a
0x00000000
0x00000000
0x0109586c
0x0109586c
0x01095871
0x01095875
0x01095877
0x01095997
0x0109599c
0x010959a1
0x010959a7
0x010959a7
0x00000000
0x010959a7
0x0109587d
0x00000000
0x0109588b
0x0109588b
0x01095890
0x01095892
0x01095894
0x01095899
0x0109589b
0x010958a0
0x010958a0
0x010958aa
0x010958b2
0x010958b6
0x010958be
0x010958c6
0x010958c9
0x0109590d
0x01095917
0x0109591a
0x0109591c
0x01095920
0x01095928
0x0109592a
0x0109592c
0x0109592e
0x0109592e
0x010958cb
0x010958cd
0x010958d8
0x010958e0
0x010958f4
0x010958fe
0x010958fe
0x0109593a
0x0109593e
0x01095940
0x01095942
0x00000000
0x01095944
0x01095944
0x01095949
0x0109594e
0x0109594e
0x01095953
0x0109595b
0x01095976
0x01095976
0x0109597a
0x0109597f
0x00000000
0x00000000
0x00000000
0x00000000
0x01095981
0x01095981
0x01095981
0x01095983
0x01095988
0x0109598d
0x01095991
0x01095991
0x00000000
0x0109595d
0x0109595d
0x01095963
0x01095965
0x00000000
0x00000000
0x00000000
0x00000000
0x01095967
0x01095967
0x0109596b
0x0109596d
0x00000000
0x00000000
0x0109596f
0x01095971
0x01095971
0x01095974
0x00000000
0x00000000
0x00000000
0x01095974
0x00000000
0x01095967
0x0109595b
0x01095942
0x01095863
0x01052143
0x01052143
0x01052149
0x0105214f
0x010522f1
0x010522f6
0x00000000
0x01052173
0x01052173
0x0105217d
0x01052181
0x01052186
0x010959ae
0x010959b2
0x010959b5
0x010959b7
0x010959ba
0x010959cd
0x010959d1
0x010959d5
0x010959d9
0x010959db
0x00000000
0x00000000
0x010959dd
0x010959dd
0x010959e1
0x010959e4
0x010959e7
0x010959ee
0x010959ee
0x010959f3
0x010959f3
0x00000000
0x01052186
0x0105214f
0x01052106
0x01052266
0x010520d8
0x010520da
0x010520e0
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e46ff12cdaef810358d8ba87a01d40a352361a48beb5302547a74f2b4e8bb53
Instruction ID: e0442b542e826a75072c2b09a86139e69a3dbc7b7e880809d2a12364652f0acb
Opcode Fuzzy Hash: 3e46ff12cdaef810358d8ba87a01d40a352361a48beb5302547a74f2b4e8bb53
Instruction Fuzzy Hash: 96F11135608301DFEBA6CB2DC85076BBBE5AF85310F0489AEEDD59B281D734D841CB82

Uniqueness

Uniqueness Score: -1.00%

Function 01026800 Relevance: .4, Instructions: 373
COMMONCrypto

Download Yara Rule

C-Code - Quality: 98%

			E01026800(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed short* _a8, intOrPtr _a12, signed short* _a16, signed short* _a20, intOrPtr _a24, intOrPtr* _a28, intOrPtr* _a32, intOrPtr* _a36, intOrPtr* _a40, signed char _a44) {
				char _v5;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _t124;
				void* _t125;
				void* _t126;
				void* _t127;
				void* _t129;
				void* _t130;
				void* _t131;
				intOrPtr* _t132;
				intOrPtr _t153;
				intOrPtr _t162;
				void* _t194;
				intOrPtr _t196;
				void* _t205;
				void* _t206;
				signed short* _t207;
				void* _t209;
				signed int _t211;
				intOrPtr* _t212;
				signed short* _t213;
				signed int _t215;
				signed short* _t217;
				void* _t219;
				intOrPtr _t228;
				intOrPtr _t229;
				signed int _t238;
				intOrPtr _t256;
				void* _t262;
				short _t268;
				signed int _t271;
				void* _t272;
				intOrPtr* _t273;
				void* _t275;
				intOrPtr* _t276;
				void* _t278;
				intOrPtr* _t279;

				_t275 = __esi;
				_t272 = __edi;
				_t205 = __ebx;
				if((_a44 & 0xfffffffe) != 0) {
					L61:
					return 0xc000000d;
				}
				_v24 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				if(E01026BF3(_a8) < 0) {
					goto L61;
				}
				_t256 = _a12;
				_t215 = 0;
				if(_t256 != 0) {
					_t124 = E01026BF3(_t256);
					_t215 = 0;
				} else {
					_t124 = 0;
				}
				if(_t124 < 0) {
					goto L61;
				} else {
					_push(_t205);
					_v5 = _t215;
					_v32 = _t215;
					_t217 = _a16;
					_t206 = 0x5c;
					if(_t217 == 0) {
						L12:
						_t207 = _a20;
						if(_t207 == 0) {
							_t125 = 0;
						} else {
							_t125 = E01026BF3(_t207);
						}
						if(_t125 < 0) {
							L65:
							_t126 = 0xc000000d;
							goto L53;
						} else {
							_t218 = _a28;
							if(_a28 == 0) {
								_t219 = 0;
								_t127 = 0;
							} else {
								_t127 = E01026BF3(_t218);
								_t219 = 0;
							}
							if(_t127 < 0) {
								goto L65;
							} else {
								_t128 = _a32;
								if(_a32 == 0) {
									_t129 = _t219;
								} else {
									_t129 = E01026BF3(_t128);
									_t219 = 0;
								}
								if(_t129 < 0) {
									goto L65;
								} else {
									_push(_t275);
									_t276 = _a36;
									if(_t276 == 0) {
										_t130 = _t219;
									} else {
										_t130 = E01026BF3(_t276);
										_t219 = 0;
									}
									if(_t130 < 0) {
										_t126 = 0xc000000d;
										goto L52;
									} else {
										_push(_t272);
										_t273 = _a40;
										if(_t273 == 0) {
											_t131 = _t219;
										} else {
											_t131 = E01026BF3(_t273);
										}
										if(_t131 < 0) {
											_t126 = 0xc000000d;
											goto L51;
										} else {
											if(_t207 == 0) {
												_t207 = _a8;
												_a20 = _t207;
											}
											_t132 = _a28;
											if(_t132 == 0) {
												_t132 = 0x1001ab0;
												_a28 = 0x1001ab0;
											}
											if(_a32 == 0) {
												_a32 = 0x1001ab0;
											}
											if(_t276 == 0) {
												_t276 = 0x1001ab0;
												_a36 = 0x1001ab0;
											}
											if(_t273 == 0) {
												_t273 = 0x1001ab0;
											}
											_t209 = 3;
											_t278 = 0;
											_t228 = (( *_t207 & 0x0000ffff) + 0x00000005 & 0xfffffffc) + (( *(_t132 + 2) & 0x0000ffff) + _t209 & 0xfffffffc) + (( *_a8 & 0x0000ffff) + 0x00000005 & 0xfffffffc) + (( *(_a32 + 2) & 0x0000ffff) + _t209 & 0xfffffffc) + 0x4ac + (( *(_t276 + 2) & 0x0000ffff) + _t209 & 0xfffffffc);
											_v16 = _t228;
											if( *_t273 != 0) {
												_t228 = _t228 + (( *(_t273 + 2) & 0x0000ffff) + _t209 & 0xfffffffc);
												_v16 = _t228;
											}
											if(_t256 != 0) {
												_t229 = _t228 + (( *(_t256 + 2) & 0x0000ffff) + _t209 & 0xfffffffc);
												_v16 = _t229;
											}
											if(_a24 != _t278) {
												_t153 = E0105585B(_a24, 1);
												_t229 = _v16;
											} else {
												_t153 =  *((intOrPtr*)(_v24 + 0x290));
											}
											_v20 = _t153;
											_t211 = _t153 + 0x00000003 & 0xfffffffc;
											if(_t211 < _t153) {
												L77:
												_t126 = 0xc0000095;
												goto L51;
											} else {
												while(1) {
													_t154 = _t211 + _t229;
													if(_t211 + _t229 < _t229) {
														goto L77;
													}
													_t279 = E01044620(_t229,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t278, _t154);
													if(_t279 == 0) {
														_t126 = 0xc000009a;
														L51:
														L52:
														L53:
														return _t126;
													}
													_t158 = _v16 + _t279;
													_v12 = _v16 + _t279;
													if(_a24 != 0) {
														E0106F3E0(_t158, _a24, _v20);
														L42:
														E0106FA60(_t279, 0, 0x2a4);
														_t162 = _v16;
														 *_t279 = _t162;
														 *((intOrPtr*)(_t279 + 4)) = _t162;
														 *(_t279 + 0x290) = _t211;
														 *((intOrPtr*)(_t279 + 0xc)) = 0;
														_t53 = _t279 + 0x24; // 0x24
														_t212 = _t53;
														 *((intOrPtr*)(_t279 + 0x2c)) = 0;
														 *((intOrPtr*)(_t279 + 0x48)) = _v12;
														_t57 = _t279 + 0x2a4; // 0x2a4
														_v12 = _t57;
														 *((intOrPtr*)(_t279 + 8)) = 1;
														 *(_t279 + 0x14) =  *(_v24 + 0x14) & 1;
														_t169 = _a16;
														if(_a16 == 0) {
															E0103EEF0(0x11179a0);
															E01026C14( &_v12, _t212, _v24 + 0x24, 0x208);
															E0103EB70( &_v12, 0x11179a0);
														} else {
															E01026C14( &_v12, _t212, _t169, 0x208);
															if(_v5 != 0) {
																_t268 = 0x5c;
																 *((short*)( *((intOrPtr*)(_t279 + 0x28)) + _v32 * 2)) = _t268;
																_t194 = 2;
																 *_t212 =  *_t212 + _t194;
															}
														}
														_t234 = _a12;
														if(_a12 != 0) {
															_t104 = _t279 + 0x30; // 0x30
															E01026C14( &_v12, _t104, _t234,  *(_t234 + 2) & 0x0000ffff);
														}
														_t72 = _t279 + 0x38; // 0x38
														E01026C14( &_v12, _t72, _a8, ( *_a8 & 0x0000ffff) + 2);
														_t213 = _a20;
														_t75 = _t279 + 0x40; // 0x40
														_t262 = _t75;
														_t238 =  *_t213 & 0x0000ffff;
														_t180 = _t213[1] & 0x0000ffff;
														if(_t238 != (_t213[1] & 0x0000ffff)) {
															_t180 = _t238 + 2;
														}
														E01026C14( &_v12, _t262, _t213, _t180);
														_t80 = _t279 + 0x70; // 0x70
														E01026C14( &_v12, _t80, _a28,  *(_a28 + 2) & 0x0000ffff);
														_t84 = _t279 + 0x78; // 0x78
														E01026C14( &_v12, _t84, _a32,  *(_a32 + 2) & 0x0000ffff);
														_t88 = _t279 + 0x80; // 0x80
														E01026C14( &_v12, _t88, _a36,  *(_a36 + 2) & 0x0000ffff);
														if( *_t273 != 0) {
															_t118 = _t279 + 0x88; // 0x88
															E01026C14( &_v12, _t118, _t273,  *(_t273 + 2) & 0x0000ffff);
														}
														if((_a44 & 0x00000001) == 0) {
															_t279 = E010ABCB0(_t279);
														}
														_t126 = 0;
														 *_a4 = _t279;
														goto L51;
													}
													E0103EEF0(0x11179a0);
													_t269 = _v24;
													_t196 =  *((intOrPtr*)(_v24 + 0x290));
													_v20 = _t196;
													_t251 = _t196 + 0x00000003 & 0xfffffffc;
													_v28 = _t196 + 0x00000003 & 0xfffffffc;
													if(_t196 > _t211) {
														E0103EB70(_t251, 0x11179a0);
														_t278 = 0;
														L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t279);
														_t211 = _v28;
														_t229 = _v16;
														if(_t211 >= _v20) {
															continue;
														}
														goto L77;
													}
													E0106F3E0(_v12,  *((intOrPtr*)(_t269 + 0x48)), _t196);
													E0103EB70(_t251, 0x11179a0);
													_t211 = _v28;
													goto L42;
												}
												goto L77;
											}
										}
									}
								}
							}
						}
					}
					_t271 = ( *_t217 & 0x0000ffff) >> 1;
					_v32 = _t271;
					if(E01026BF3(_t217) < 0 || _t271 == 0) {
						goto L65;
					} else {
						if( *((intOrPtr*)(_t217[2] + _t271 * 2 - 2)) == _t206) {
							L11:
							_t256 = _a12;
							goto L12;
						}
						if(_t271 > 0x103) {
							goto L65;
						}
						_v5 = 1;
						goto L11;
					}
				}
			}

0x01026800
0x01026800
0x01026800
0x0102680f
0x01081b26
0x00000000
0x01081b26
0x01026821
0x0102682b
0x00000000
0x00000000
0x01026831
0x01026834
0x01026838
0x01026b68
0x01026b6d
0x0102683e
0x0102683e
0x0102683e
0x01026842
0x00000000
0x01026848
0x01026848
0x01026849
0x0102684c
0x0102684f
0x01026854
0x01026857
0x01026893
0x01026893
0x01026898
0x01081b30
0x0102689e
0x010268a0
0x010268a0
0x010268a7
0x01081b47
0x01081b47
0x00000000
0x010268ad
0x010268ad
0x010268b2
0x01081b37
0x01081b39
0x010268b8
0x010268b8
0x010268bd
0x010268bd
0x010268c1
0x00000000
0x010268c7
0x010268c7
0x010268cc
0x01081b40
0x010268d2
0x010268d4
0x010268d9
0x010268d9
0x010268dd
0x00000000
0x010268e3
0x010268e3
0x010268e4
0x010268e9
0x01081b51
0x010268ef
0x010268f1
0x010268f6
0x010268f6
0x010268fa
0x01081b58
0x00000000
0x01026900
0x01026900
0x01026901
0x01026906
0x01081b62
0x0102690c
0x0102690e
0x0102690e
0x01026915
0x01081b69
0x00000000
0x0102691b
0x0102691d
0x01081b73
0x01081b76
0x01081b76
0x01026923
0x0102692d
0x01081b7e
0x01081b80
0x01081b80
0x01026937
0x01081b88
0x01081b88
0x0102693f
0x01081b90
0x01081b92
0x01081b92
0x01026947
0x01081b9a
0x01081b9a
0x01026959
0x0102698f
0x01026991
0x01026993
0x01026999
0x01081baa
0x01081bac
0x01081bac
0x010269a1
0x01026b7d
0x01026b7f
0x01026b7f
0x010269aa
0x01026b8d
0x01026b92
0x010269b0
0x010269b3
0x010269b3
0x010269bc
0x010269bf
0x010269c4
0x01081bdf
0x01081bdf
0x00000000
0x010269ca
0x010269ca
0x010269ca
0x010269cf
0x00000000
0x00000000
0x010269e5
0x010269e9
0x01081c0f
0x01026b5d
0x01026b5e
0x01026b5f
0x00000000
0x01026b5f
0x010269f2
0x010269f8
0x010269fb
0x01026ba1
0x01026a44
0x01026a4d
0x01026a52
0x01026a57
0x01026a5a
0x01026a62
0x01026a68
0x01026a6b
0x01026a6b
0x01026a6e
0x01026a74
0x01026a77
0x01026a7d
0x01026a83
0x01026a8b
0x01026a8e
0x01026a93
0x01026bb3
0x01026bc9
0x01026bd3
0x01026a99
0x01026aa4
0x01026aad
0x01026ab7
0x01026aba
0x01026abe
0x01026abf
0x01026abf
0x01026aad
0x01026ac2
0x01026ac7
0x01026be1
0x01026be9
0x01026be9
0x01026ad0
0x01026ade
0x01026ae3
0x01026ae6
0x01026ae6
0x01026ae9
0x01026aec
0x01026af3
0x01026af5
0x01026af5
0x01026afd
0x01026b05
0x01026b11
0x01026b19
0x01026b25
0x01026b2d
0x01026b3c
0x01026b46
0x01081bed
0x01081bf8
0x01081bf8
0x01026b50
0x01081c08
0x01081c08
0x01026b59
0x01026b5b
0x00000000
0x01026b5b
0x01026a06
0x01026a0b
0x01026a0e
0x01026a14
0x01026a1a
0x01026a1d
0x01026a22
0x01081bb9
0x01081bc5
0x01081bcb
0x01081bd0
0x01081bd3
0x01081bd9
0x00000000
0x00000000
0x00000000
0x01081bd9
0x01026a2f
0x01026a3c
0x01026a41
0x00000000
0x01026a41
0x00000000
0x010269ca
0x010269c4
0x01026915
0x010268fa
0x010268dd
0x010268c1
0x010268a7
0x0102685c
0x0102685e
0x01026868
0x00000000
0x01026876
0x0102687e
0x01026890
0x01026890
0x00000000
0x01026890
0x01026886
0x00000000
0x00000000
0x0102688c
0x00000000
0x0102688c
0x01026868

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dae0475ebfd229998da7d88052e3c21e6052be8d1e799c7359df81d3ac2b6c1e
Instruction ID: 98e0feaa99569af8127e857cba5a20545965b29b66021428e069898c36a59513
Opcode Fuzzy Hash: dae0475ebfd229998da7d88052e3c21e6052be8d1e799c7359df81d3ac2b6c1e
Instruction Fuzzy Hash: CDD1A071A042269FCB15EF68C890BFEB7E4AF44314F048269EDD6D7280E735D986CB60

Uniqueness

Uniqueness Score: -1.00%

Function 010565A0 Relevance: .4, Instructions: 368
COMMONCrypto

Download Yara Rule

C-Code - Quality: 91%

			E010565A0(signed int __ecx, unsigned int __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				intOrPtr* _v12;
				unsigned int _v16;
				intOrPtr _v20;
				signed int _v24;
				short _v26;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				void* __ebx;
				signed int _t189;
				signed int _t197;
				signed int _t202;
				signed int _t203;
				unsigned int _t205;
				signed int _t206;
				signed int _t223;
				signed int _t224;
				signed int _t226;
				intOrPtr _t227;
				signed int _t229;
				signed int* _t240;
				signed int _t251;
				signed int _t253;
				signed int _t256;
				signed int _t259;
				signed int _t264;
				signed int _t267;
				signed int _t271;
				intOrPtr _t278;
				intOrPtr _t279;
				signed int _t280;
				signed short _t283;
				signed int _t285;
				signed int _t290;
				signed char _t294;
				signed int _t295;
				intOrPtr _t296;
				intOrPtr* _t299;
				signed int _t300;
				signed int _t302;
				signed int _t309;
				signed int _t311;
				signed int _t319;
				void* _t323;
				unsigned int _t325;
				signed int _t330;
				signed int _t333;
				intOrPtr* _t334;
				intOrPtr* _t335;
				intOrPtr _t336;
				intOrPtr _t337;
				signed int _t343;
				signed int _t344;
				unsigned int _t345;
				signed int _t346;
				signed int _t347;
				unsigned int _t348;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed int _t367;
				intOrPtr* _t369;
				unsigned int _t371;
				signed int _t372;
				signed int _t376;

				_t325 = __edx;
				_t278 = _a16;
				_t189 =  *(_t278 + 2) & 0x000000ff;
				_t358 = __ecx;
				_t285 =  *(__edx + 0x1b) & 0x000000ff;
				_v16 = __edx;
				_v24 = __ecx;
				_v20 =  *((intOrPtr*)(__edx + 0x10));
				if(_t285 != 0) {
					_v12 =  *((intOrPtr*)(__ecx + 0x5c4 + _t189 * 4)) + 0xffffff98 + _t285 * 0x68;
				} else {
					_v12 =  *((intOrPtr*)(__ecx + 0x3c0 + _t189 * 4));
				}
				_t195 =  *(_t278 + 3) >> 0x00000001 & 0x00000003;
				if(( *(_t278 + 3) >> 0x00000001 & 0x00000003) != 0) {
					_t279 = _a12;
					_t197 = E010E56B6(_t358, _t325, _a4, _t195 & 0x000000ff, _a8, _t279, _t278);
					__eflags = _t197;
					if(_t197 == 0) {
						_t325 = _v16;
						goto L4;
					}
				} else {
					_t279 = _a12;
					L4:
					_t290 = _a8 + 8;
					_v40 = _t290;
					_v28 = _t290 >> 0x00000003 & 0x0000ffff;
					 *_a4 = _t325;
					_t202 = _t279 - 0x20;
					if(_t290 == 0x20) {
						_t203 = _t202 >> 5;
					} else {
						_t203 = _t202 / _t290;
					}
					_t280 = 0;
					_v8 = 0;
					_t330 = (_t203 + 0x0000001f >> 0x00000003 & 0x1ffffffc) + 0x00000020 & 0xfffffff8;
					_t205 = _a4 + _t330;
					_v44 = _t330;
					_t333 =  *0x111874c; // 0x289e7bbb
					_v32 = _t333;
					if(_t290 + _t205 <= _a12 + _a4) {
						_t376 = _a8 + 8;
						_v36 = _t376 << 0xd;
						_t367 = _t205 - _a4 << 0xd;
						do {
							_t283 = _v8;
							_t319 = _t205 >> 0x00000003 ^  *(_v24 + 0xc) ^ _t367;
							_t367 = _t367 + _v36;
							 *_t205 = _t319 ^ _t333;
							_t280 = _t283 + 1;
							_v8 = _t280;
							 *(_t205 + 4) = (_t283 & 0x0000ffff) << 0x00000008 |  *(_t205 + 4) & 0xff0000ff;
							 *((char*)(_t205 + 7)) = 0x80;
							_t205 = _t205 + _t376;
							_t323 = _t376 + _t205;
							_t376 = _v40;
							_t333 = _v32;
						} while (_t323 <= _a4 + _a12);
						_t358 = _v24;
					}
					_t206 = _a4;
					 *(_t206 + 0x14) = _t280;
					 *((intOrPtr*)(_t206 + 0x18)) = _t206 + 0x1c;
					_t51 = _t280 + 7; // 0x7
					E0106FA60(_t206 + 0x1c, 0, _t51 >> 3);
					_t294 = _t280 & 0x0000001f;
					if(_t294 != 0) {
						 *(_a4 + (_t280 >> 5) * 4 + 0x1c) =  *(_a4 + (_t280 >> 5) * 4 + 0x1c) |  !((1 << _t294) - 1);
					}
					_t334 = _v16;
					_t295 = _a4;
					 *((short*)(_t334 + 0x14)) = _v28;
					 *_t334 = _v12;
					 *(_t334 + 0x18) = _t280;
					 *((char*)(_t334 + 0x1a)) =  *((intOrPtr*)(_a16 + 2));
					 *((short*)(_t334 + 0x16)) = 0;
					 *(_t334 + 4) = _t295;
					 *((intOrPtr*)(_t334 + 8)) = 0;
					 *((intOrPtr*)(_t334 + 0xc)) = 0;
					_t335 = _v12;
					_v26 = _v28 << 3;
					_v28 = _v44;
					 *(_t295 + 0x10) = _v32 ^ _v28 ^ _t358 ^ _t295;
					if( *((intOrPtr*)(_t335 + 0x54)) == 0) {
						_t296 =  *_t335;
						_t223 =  *(_t296 + 0x14);
						__eflags = _t223 - 0x20;
						if(__eflags < 0) {
							_t224 = _t223 + 4;
							__eflags = _t224;
							goto L32;
						}
						goto L29;
					} else {
						 *((short*)(_t335 + 0x60)) =  *((short*)(_t335 + 0x60)) + 1;
						if( *((short*)(_t335 + 0x60)) > 0x1c) {
							_t296 =  *_t335;
							_t271 =  *(_t296 + 0x14);
							__eflags = _t271;
							if(__eflags != 0) {
								_t224 = _t271 + 0xfffffffc;
								L32:
								 *(_t296 + 0x14) = _t224;
							}
							L29:
							 *((short*)(_t335 + 0x60)) = 0;
						}
					}
					_t369 = _t335 + 0x50;
					do {
						_t226 =  *_t369;
						_t359 =  *((intOrPtr*)(_t369 + 4));
						_v40 = _t226;
						_v44 = _t226 + _t280;
						if(_t280 <= 0) {
						}
						_t336 = _t359;
						asm("lock cmpxchg8b [esi]");
						_t280 = _v8;
					} while (_t226 != _v40 || _t336 != _t359);
					_t299 = _v12;
					_t337 =  *[fs:0x18];
					_t227 =  *_t299;
					 *((intOrPtr*)(_t227 + 0x10)) =  *((intOrPtr*)(_t227 + 0x10)) + 1;
					 *((intOrPtr*)(_t299 + 0x58)) =  *((intOrPtr*)(_t227 + 0x10));
					_t229 =  *(_t337 + 0xfaa) & 0x0000ffff;
					_t300 = _t229 + 0x00000001 & 0x000000ff;
					 *(_t337 + 0xfaa) = _t300 + 0x00000001 & 0x000000ff;
					_t302 = _t280;
					_v32 = ( *(_t229 + 0x1116120) & 0x000000ff | ( *(_t300 + 0x1116120) & 0x000000ff) << 0x00000007 & 0x0000ffff) % _t302 << 0x10;
					_t341 = _v16;
					_v32 = _t302;
					_t303 = _v32;
					 *((intOrPtr*)(_v16 + 0x1c)) = 1;
					asm("lock cmpxchg [esi], ecx");
					if(( *0x11184b4 & 0x00000002) == 0) {
						_t394 =  *0x11184b8;
						_t371 =  *( *[fs:0x18] + 0xfaa) & 0xff;
						_v32 = _t371;
						if( *0x11184b8 == 0) {
							_push(0);
							_push(4);
							_push(0x11184b8);
							_push(0x24);
							_push(0xffffffff);
							__eflags = E01069670();
							if(__eflags < 0) {
								_t363 =  *0x7ffe0004;
								_v44 = _t363;
								__eflags = _t363 - 0x1000000;
								if(__eflags < 0) {
									_t280 = 0x7ffe0324;
									while(1) {
										_t311 =  *_t280;
										_t346 =  *0x7ffe0320;
										__eflags = _t311 -  *0x7ffe0328;
										if(_t311 ==  *0x7ffe0328) {
											break;
										}
										asm("pause");
									}
									_t371 = _v32;
									_t264 = _t346;
									_t347 = _t264 * _v44 >> 0x20;
									_t303 = (_t311 << 8) * _v44;
									_t341 = _t347 >> 0x18;
									_t267 = ((_t347 << 0x00000020 | _t264 * _v44) >> 0x18) + (_t311 << 8) * _v44;
									__eflags = _t267;
								} else {
									_t348 =  *0x7ffe0320 * _t363 >> 0x20;
									_t267 = (_t348 << 0x00000020 | 0x7ffe0320 * _t363) >> 0x18;
									_t341 = _t348 >> 0x18;
								}
								 *0x11184b8 = _t267;
							}
						}
						_t251 = E01055720(_t303, _t341, _t394, 0x11184b8);
						_t395 =  *0x11184b8;
						_t361 = _t251;
						_v40 = _t361;
						if( *0x11184b8 == 0) {
							_push(0);
							_push(4);
							_push(0x11184b8);
							_push(0x24);
							_push(0xffffffff);
							__eflags = E01069670();
							if(__eflags < 0) {
								_t280 =  *0x7ffe0004;
								_v44 = _t280;
								__eflags = _t280 - 0x1000000;
								if(__eflags < 0) {
									_t280 = 0x7ffe0320;
									while(1) {
										_t309 =  *0x7ffe0324;
										_t343 =  *_t280;
										__eflags = _t309 -  *0x7ffe0328;
										if(_t309 ==  *0x7ffe0328) {
											break;
										}
										asm("pause");
									}
									_t371 = _v32;
									_t256 = _t343;
									_t344 = _t256 * _v44 >> 0x20;
									_t361 = _v40;
									_t303 = (_t309 << 8) * _v44;
									_t341 = _t344 >> 0x18;
									_t259 = ((_t344 << 0x00000020 | _t256 * _v44) >> 0x18) + (_t309 << 8) * _v44;
									__eflags = _t259;
								} else {
									_t345 =  *0x7ffe0320 * _t280 >> 0x20;
									_t259 = (_t345 << 0x00000020 | 0x7ffe0320 * _t280) >> 0x18;
									_t341 = _t345 >> 0x18;
								}
								 *0x11184b8 = _t259;
							}
							L58:
						}
						_t253 = E01055720(_t303, _t341, _t395, 0x11184b8);
						_t341 = _v16;
						_t372 = _t371 >> 3;
						 *(0x1116120 + _t372 * 8) = _t253 & 0x7f7f7f7f;
						 *(0x1116124 + _t372 * 8) = _t361 & 0x7f7f7f7f;
					}
					_t240 =  *( *[fs:0x30] + 0x50);
					if(_t240 != 0) {
						__eflags =  *_t240;
						if( *_t240 == 0) {
							goto L24;
						} else {
							_t197 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
							goto L25;
						}
						goto L58;
					} else {
						L24:
						_t197 = 0x7ffe0380;
					}
					L25:
					if( *_t197 != 0) {
						_t197 =  *[fs:0x30];
						__eflags =  *(_t197 + 0x240) & 0x00000001;
						if(( *(_t197 + 0x240) & 0x00000001) != 0) {
							return E010E1A5F(_t280,  *(_v24 + 0xc),  *((intOrPtr*)(_t341 + 4)),  *(_t341 + 0x14) & 0x0000ffff,  *(_t341 + 0x18) & 0x0000ffff,  *(_t341 + 0x1b) & 0x000000ff);
						}
					}
				}
				return _t197;
				goto L58;
			}

0x010565a0
0x010565a9
0x010565b1
0x010565b5
0x010565b7
0x010565bb
0x010565be
0x010565c1
0x010565c6
0x010568b5
0x010565cc
0x010565d3
0x010565d3
0x010565db
0x010565dd
0x01097d05
0x01097d13
0x01097d18
0x01097d1a
0x01097d20
0x00000000
0x01097d20
0x010565e3
0x010565e3
0x010565e6
0x010565e9
0x010565ee
0x010565f7
0x010565fd
0x010565ff
0x01056605
0x01056889
0x0105660b
0x0105660d
0x0105660d
0x01056612
0x01056620
0x01056626
0x01056629
0x0105662b
0x01056638
0x0105663e
0x01056641
0x0105664b
0x01056653
0x01056656
0x01056660
0x0105666b
0x0105666e
0x01056670
0x01056675
0x01056686
0x01056689
0x0105668c
0x01056695
0x01056699
0x0105669b
0x0105669e
0x010566a3
0x010566a3
0x010566a8
0x010566a8
0x010566ab
0x010566b1
0x010566b4
0x010566b7
0x010566c1
0x010566cb
0x010566ce
0x010566e5
0x010566e5
0x010566e8
0x010566ee
0x010566f1
0x010566f8
0x010566fd
0x01056704
0x01056709
0x0105670d
0x01056710
0x01056713
0x01056719
0x0105671f
0x01056726
0x01056734
0x0105673c
0x01056891
0x01056893
0x01056896
0x01056899
0x010568bd
0x010568bd
0x00000000
0x010568bd
0x00000000
0x01056742
0x01056742
0x0105674b
0x010568c5
0x010568c7
0x010568ca
0x010568cc
0x010568ce
0x010568c0
0x010568c0
0x010568c0
0x0105689b
0x0105689d
0x0105689d
0x0105674b
0x01056751
0x01056754
0x01056754
0x01056756
0x01056759
0x0105675f
0x01056764
0x01056764
0x0105676d
0x01056772
0x01056776
0x01056779
0x01056782
0x01056785
0x0105678c
0x0105678e
0x01056794
0x01056797
0x010567a1
0x010567aa
0x010567ca
0x010567d4
0x010567d7
0x010567da
0x010567de
0x010567e1
0x010567eb
0x010567f6
0x010567fe
0x0105680c
0x0105680f
0x01056812
0x01097d30
0x01097d32
0x01097d34
0x01097d39
0x01097d3b
0x01097d42
0x01097d44
0x01097d4a
0x01097d50
0x01097d53
0x01097d59
0x01097d6d
0x01097d7c
0x01097d7c
0x01097d7e
0x01097d82
0x01097d84
0x00000000
0x00000000
0x01097d86
0x01097d86
0x01097d8a
0x01097d8d
0x01097d8f
0x01097d95
0x01097d9d
0x01097da0
0x01097da0
0x01097d5b
0x01097d62
0x01097d64
0x01097d68
0x01097d68
0x01097da2
0x01097da2
0x01097d44
0x0105681d
0x01056822
0x01056829
0x0105682b
0x0105682e
0x01097dac
0x01097dae
0x01097db0
0x01097db5
0x01097db7
0x01097dbe
0x01097dc0
0x01097dc6
0x01097dcc
0x01097dcf
0x01097dd5
0x01097dee
0x01097df8
0x01097df8
0x01097dfa
0x01097dfe
0x01097e00
0x00000000
0x00000000
0x01097e02
0x01097e02
0x01097e06
0x01097e09
0x01097e0b
0x01097e0e
0x01097e14
0x01097e1c
0x01097e1f
0x01097e1f
0x01097dd7
0x01097dde
0x01097de0
0x01097de4
0x01097de4
0x01097e21
0x01097e21
0x00000000
0x01097dc0
0x01056839
0x0105683e
0x01056850
0x01056853
0x0105685a
0x0105685a
0x01056867
0x0105686c
0x01097e2b
0x01097e2e
0x00000000
0x01097e34
0x01097e3d
0x00000000
0x01097e3d
0x00000000
0x01056872
0x01056872
0x01056872
0x01056872
0x01056877
0x0105687a
0x01097e47
0x01097e4d
0x01097e54
0x00000000
0x01097e75
0x01097e54
0x0105687a
0x01056886
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d65c6f2f21c11af69457b202fa5babc8efd56ec14b16975d91a8a1dd1c27576
Instruction ID: aa62b36d372c63ebaef7e7cef5abfc9fe82c17eb7752c9886cf526a5bb6fbe9a
Opcode Fuzzy Hash: 7d65c6f2f21c11af69457b202fa5babc8efd56ec14b16975d91a8a1dd1c27576
Instruction Fuzzy Hash: 27E18175A00205CFDB58CF59C890BAEBBF1FF48310F5481A9E995AB395D734E981CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0103D5E0 Relevance: .4, Instructions: 353
COMMONCrypto

Download Yara Rule

C-Code - Quality: 87%

			E0103D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x111d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E01036600(0x11152d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L110:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L115;
						} else {
							_t283 =  *0x1117b9c; // 0x0
							_t281 = E01044620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L115:
								E0106F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L110;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x1117b90; // 0x77cd0000
								if(_t384 == 0) {
									_t353 =  *0x1117b8c; // 0xbb2bb8
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E01042280(_t200, 0x11184d8);
									_t277 =  *0x11185f4; // 0xbb30a8
									_t351 =  *0x11185f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L119;
												}
												goto L153;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0xbb3040
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L119:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L153;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E0103FFB0(_t287, _t353, 0x11184d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0107CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E01036600(0x11152d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E01037926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x111b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E010AE974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x1118472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0x111b1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0x111b218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L137;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E01042280(_t250, 0x11184d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L136:
															asm("int 0x29");
															L137:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L01063898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L136;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E0103FFB0(_t293, _t353, 0x11184d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E010637F5(_t353, 0);
																}
																E01060413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E01059B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E010502D6(_t174);
																}
																L010477F0( *0x1117b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E0105C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L0103EC7F(_t353);
										L010519B8(_t287, 0, _t353, 0);
										_t200 = E0102F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0x111b2f8 |  *0x111b2fc) == 0 || ( *0x111b2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E0106B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0x111b2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E010D6B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E010D6AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L109:
														_t356 = 0;
														_v44 = 0;
														goto L64;
													} else {
														__eflags = 0;
														__eflags = 0;
														if(0 < 0) {
															goto L109;
														}
														L64:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L145:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E0103E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L103;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L72;
																		}
																	} else {
																		L103:
																		_t307 =  *(_t306 + 0x50);
																		goto L70;
																	}
																	goto L153;
																} else {
																	_t239 = E0103EAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L71:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E01069730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L70:
																			_v48 = _t307;
																			goto L71;
																		}
																	}
																}
															}
															L72:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L152:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L152;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L76:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L92;
																		} else {
																			_v64 = 0;
																			E0103E9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L145;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L145;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L84;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L84:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t115 = _v64 + 0x18; // 0x18
																						_t348 = _t115 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_v64 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L145;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L99:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L99;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L145;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L01038F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L145;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E01063C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L92;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L92:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L96:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L151:
																													 *_t358 = 0;
																													goto L152;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L96;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L151;
																														} else {
																															goto L96;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L98;
																						}
																					}
																					goto L145;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L152;
																		} else {
																			goto L76;
																		}
																	}
																}
															}
														}
														L98:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L153;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L153:
			}

0x0103d5f2
0x0103d5f5
0x0103d5f5
0x0103d5fd
0x0103d600
0x0103d60a
0x0103d60d
0x0103d617
0x0103d61d
0x0103d627
0x0103d62e
0x0103d911
0x0103d913
0x00000000
0x0103d919
0x0103d919
0x0103d919
0x0103d634
0x0103d634
0x0103d634
0x0103d634
0x0103d640
0x0103d8bf
0x00000000
0x0103d646
0x0103d646
0x0103d64d
0x0103d652
0x0108b2fc
0x0108b2fc
0x0108b302
0x0108b33b
0x0108b341
0x00000000
0x0108b304
0x0108b304
0x0108b319
0x0108b31e
0x0108b324
0x0108b326
0x0108b332
0x0108b347
0x0108b34c
0x0108b351
0x0108b35a
0x00000000
0x0108b328
0x0108b328
0x00000000
0x0108b328
0x0108b326
0x0103d658
0x0103d658
0x0103d65b
0x0103d665
0x00000000
0x0103d66b
0x0103d66b
0x0103d66b
0x0103d66b
0x0103d66d
0x0103d672
0x0103d67a
0x00000000
0x00000000
0x0103d680
0x0103d686
0x0103d8ce
0x0103d8d4
0x0103d8dd
0x0103d8e0
0x0103d68c
0x0103d691
0x0103d69d
0x0103d6a2
0x0103d6a7
0x0103d6b0
0x0103d6b5
0x0103d6e0
0x0103d6b7
0x0103d6b7
0x0103d6b9
0x0103d6b9
0x0103d6bb
0x0103d6bd
0x0103d6ce
0x0103d6d0
0x0103d6d2
0x0108b363
0x0108b365
0x00000000
0x0108b36b
0x00000000
0x0108b36b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0103d6bf
0x0103d6bf
0x0103d6e5
0x0103d6e7
0x0103d6e9
0x0103d6ec
0x0103d6ec
0x0103d6ef
0x0103d6f5
0x0103d6f9
0x0103d6fb
0x0103d6fd
0x0103d701
0x0103d703
0x0103d70a
0x0103d70a
0x0103d701
0x0103d710
0x0103d710
0x0103d6c1
0x0103d6c1
0x0103d6c6
0x0108b36d
0x0108b36f
0x00000000
0x0108b375
0x0108b375
0x0108b375
0x00000000
0x0108b375
0x00000000
0x0103d6cc
0x0103d6d8
0x0103d6d8
0x0103d6d8
0x00000000
0x0103d6c6
0x0103d6bf
0x00000000
0x0103d6da
0x0103d6da
0x0103d716
0x0103d71b
0x0103d720
0x0103d726
0x0103d726
0x0103d72d
0x00000000
0x0103d733
0x0103d739
0x0103d742
0x0103d750
0x0103d758
0x0103d764
0x0103d776
0x0103d77a
0x0103d783
0x0103d928
0x0103d92c
0x0103d93d
0x0103d944
0x0103d94f
0x0103d954
0x0103d956
0x0103d95f
0x0103d961
0x0103d973
0x0103d973
0x0103d956
0x0103d944
0x0103d92c
0x0103d78b
0x0108b394
0x0103d791
0x0103d798
0x0108b3a3
0x0108b3bb
0x0108b3bb
0x0103d7a5
0x0103d866
0x0103d870
0x0103d892
0x0103d898
0x0103d89e
0x0103d8a0
0x0103d8a6
0x0103d8ac
0x0103d8ae
0x0103d8b4
0x0103d8b4
0x0103d8ae
0x0103d7a5
0x0103d78b
0x0103d7b1
0x0108b3c5
0x0108b3c5
0x0103d7c3
0x0103d7ca
0x0103d7e5
0x0103d7eb
0x0103d8eb
0x0103d8ed
0x00000000
0x0103d8f3
0x0103d8f3
0x0103d8f3
0x00000000
0x0103d8ed
0x0103d7cc
0x0103d7cc
0x0103d7d2
0x00000000
0x0103d7d4
0x0103d7d4
0x0103d7d7
0x0103d7df
0x0108b3d4
0x0108b3d9
0x0108b3dc
0x0108b3dc
0x0108b3df
0x0108b3e2
0x0108b468
0x0108b46d
0x0108b46f
0x0108b46f
0x0108b475
0x0103d8f8
0x0103d8f9
0x0103d8fd
0x0108b3e8
0x0108b3e8
0x0108b3eb
0x0108b3ed
0x00000000
0x0108b3ef
0x0108b3ef
0x0108b3f1
0x0108b3f4
0x0108b3fe
0x0108b404
0x0108b409
0x0108b40e
0x0108b410
0x0108b410
0x0108b414
0x0108b414
0x0108b41b
0x0108b420
0x0108b423
0x0108b425
0x0108b427
0x0108b42a
0x0108b42d
0x0108b42d
0x0108b42a
0x0108b432
0x0108b436
0x0108b438
0x0108b43b
0x0108b43b
0x0108b449
0x0108b44e
0x0108b454
0x0108b458
0x0108b458
0x0108b45d
0x00000000
0x0108b45d
0x0108b3ed
0x00000000
0x00000000
0x00000000
0x0103d7df
0x0103d7d2
0x0103d7ca
0x0108b37c
0x0108b37e
0x0108b385
0x0108b38a
0x00000000
0x0108b38a
0x0103d742
0x0103d7f1
0x0103d7f8
0x0108b49b
0x0108b49b
0x0103d800
0x0103d837
0x0103d843
0x0103d845
0x0103d847
0x0103d84a
0x0103d84b
0x0103d84e
0x0103d857
0x0103d818
0x0103d824
0x0103d831
0x0108b4a5
0x0108b4ab
0x0108b4b3
0x0108b4b8
0x0108b4bb
0x00000000
0x0108b4c1
0x0108b4c1
0x0108b4c8
0x00000000
0x0108b4ce
0x0108b4d4
0x0108b4e1
0x0108b4e3
0x0108b4e5
0x00000000
0x0108b4eb
0x0108b4f0
0x0108b4f2
0x0103dac9
0x0103dacc
0x0103dacf
0x0103dad1
0x0103dd78
0x0103dd78
0x0103dcf2
0x00000000
0x0103dad7
0x0103dad7
0x0103dad9
0x0103dadb
0x00000000
0x00000000
0x0103dae1
0x0103dae1
0x0103dae4
0x0103dae6
0x0108b4f9
0x0108b4f9
0x0108b500
0x0103daec
0x0103daec
0x0103daf5
0x0103daf8
0x0103dafb
0x0103db03
0x0103db11
0x0103db16
0x0103db19
0x0103db1b
0x0108b52c
0x0108b531
0x0108b534
0x0103db21
0x0103db21
0x0103db24
0x0103dcd9
0x0103dce2
0x0103dce5
0x0103dd6a
0x0103dd6d
0x00000000
0x0103dd73
0x0108b51a
0x0108b51c
0x0108b51f
0x0108b524
0x00000000
0x0108b524
0x0103dce7
0x0103dce7
0x0103dce7
0x00000000
0x0103dce7
0x00000000
0x0103db2a
0x0103db2c
0x0103db31
0x0103db33
0x0103db36
0x0103db39
0x0103db3b
0x0103db66
0x0103db66
0x0103db3d
0x0103db3d
0x0103db3e
0x0103db46
0x0103db47
0x0103db49
0x0103db4c
0x0103db53
0x0103db55
0x0103db58
0x0103db5a
0x0108b50a
0x0108b50f
0x0108b512
0x0103db60
0x0103db60
0x0103db63
0x0103db63
0x00000000
0x0103db63
0x0103db5a
0x0103db3b
0x0103db24
0x0103db69
0x0103db69
0x0103db6c
0x0103db6f
0x0103db74
0x0108b557
0x0108b557
0x0108b55e
0x0103db7a
0x0103db7c
0x0103db7f
0x0103db82
0x0103db85
0x00000000
0x0103db8b
0x0103db8b
0x0103db8d
0x0103db9b
0x0103db9b
0x0103db9d
0x0103dba0
0x0103dba2
0x0103dba4
0x0103dba7
0x0103dba9
0x0103dbae
0x0103dbae
0x0103dbb1
0x0103dbb4
0x0103dbb4
0x0103dbb7
0x0103dbba
0x0103dcd2
0x0103dcd4
0x00000000
0x0103dbc0
0x0103dbc0
0x0103dbd2
0x0103dbd7
0x0103dbda
0x0103dbdd
0x0103dbdf
0x00000000
0x0103dbe5
0x0103dbe5
0x0103dbee
0x0103dbf1
0x0108b541
0x0108b544
0x00000000
0x0108b546
0x0108b546
0x00000000
0x0108b546
0x0103dbf7
0x0103dbf7
0x0103dbfd
0x0103dbfd
0x0103dbff
0x0103dc0b
0x0103dc18
0x0103dc1b
0x0103dc1d
0x0103dc21
0x0103dc21
0x0103dc23
0x0103dc23
0x0103dc26
0x0103dc29
0x0103dc2b
0x00000000
0x00000000
0x0103dc31
0x0103dc34
0x0103dc36
0x0103dcbf
0x0103dcbf
0x0103dcc2
0x00000000
0x0103dc3c
0x0103dc41
0x0103dc43
0x00000000
0x0103dc45
0x0103dc45
0x0103dc47
0x00000000
0x0103dc4d
0x0103dc4d
0x0103dc50
0x0103dc52
0x0103dc55
0x0103dcfa
0x0103dcfe
0x0103dd08
0x0103dd0a
0x0103dd0c
0x00000000
0x0103dd12
0x0103dd15
0x0103dd2d
0x0103dd2f
0x0103dd32
0x0103dd35
0x00000000
0x0103dd35
0x0103dc5b
0x0103dc5b
0x0103dc5e
0x0103dc61
0x0103dc64
0x0103dc67
0x0103dc67
0x0103dc6a
0x0103dc6c
0x0103dc8e
0x0103dc8e
0x0103dc91
0x0103dc93
0x0103dcce
0x0103dcce
0x0103dc95
0x0103dc9c
0x0103dc6e
0x0103dc72
0x0103dc75
0x0103dc77
0x0103dc79
0x0108b551
0x0108b551
0x00000000
0x0103dc7f
0x0103dc7f
0x0103dc81
0x00000000
0x0103dc83
0x0103dc86
0x0103dc88
0x00000000
0x00000000
0x00000000
0x00000000
0x0103dc88
0x0103dc81
0x0103dc79
0x0103dc6c
0x0103dc55
0x0103dc47
0x0103dc43
0x00000000
0x0103dc36
0x0103dc23
0x00000000
0x0103dbff
0x0103dbf1
0x0103dbdf
0x0103db8f
0x0103db92
0x0103db95
0x00000000
0x00000000
0x00000000
0x00000000
0x0103db95
0x0103db8d
0x0103db85
0x0103db74
0x0103dc9f
0x0103dca2
0x0103dcb0
0x0103dcb0
0x0103dad1
0x0108b4e5
0x0108b4c8
0x00000000
0x00000000
0x00000000
0x0103d831
0x00000000
0x0103d800
0x0108b47f
0x0108b485
0x00000000
0x0108b485
0x0103d665
0x0103d652
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00460f3ba64886ec2b097b850431b4b021a95a3638321fb8e272d88be4b56100
Instruction ID: cf46aa0c4453c2071efe1bc5f5771a96f8d00193dc344628a5b80982cddb796f
Opcode Fuzzy Hash: 00460f3ba64886ec2b097b850431b4b021a95a3638321fb8e272d88be4b56100
Instruction Fuzzy Hash: F8E1F030A0435A8FEB75DF58C980BADBBFABF85304F4441E9D9C997291DB30A981CB41

Uniqueness

Uniqueness Score: -1.00%

Function 01023ACA Relevance: .3, Instructions: 348
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E01023ACA(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t197;
				intOrPtr _t200;
				signed int _t201;
				signed int _t202;
				intOrPtr _t206;
				signed int _t207;
				intOrPtr _t209;
				intOrPtr _t217;
				signed int _t224;
				signed int _t226;
				signed int _t229;
				signed int _t230;
				signed int _t233;
				intOrPtr _t238;
				signed int _t246;
				signed int _t249;
				char* _t252;
				intOrPtr _t257;
				signed int _t272;
				intOrPtr _t280;
				intOrPtr _t281;
				signed char _t286;
				signed int _t291;
				signed int _t292;
				intOrPtr _t299;
				intOrPtr _t301;
				signed int _t307;
				intOrPtr* _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t312;
				signed int* _t313;
				intOrPtr _t315;
				signed int _t316;
				void* _t317;

				_push(0x84);
				_push(0x10ff4d0);
				E0107D0E8(__ebx, __edi, __esi);
				_t312 = __edx;
				 *((intOrPtr*)(_t317 - 0x38)) = __edx;
				 *((intOrPtr*)(_t317 - 0x20)) = __ecx;
				_t307 = 0;
				 *(_t317 - 0x74) = 0;
				 *((intOrPtr*)(_t317 - 0x78)) = 0;
				_t272 = 0;
				 *(_t317 - 0x60) = 0;
				 *((intOrPtr*)(_t317 - 0x68)) =  *((intOrPtr*)(__ecx + 0x2c)) + __ecx;
				_t197 = __edx + 0x28;
				 *((intOrPtr*)(_t317 - 0x7c)) = _t197;
				 *((intOrPtr*)(_t317 - 0x88)) = _t197;
				E01042280(_t197, _t197);
				_t280 =  *((intOrPtr*)(_t312 + 0x2c));
				 *((intOrPtr*)(_t317 - 0x34)) = _t280;
				L1:
				while(1) {
					if(_t280 == _t312 + 0x2c) {
						E0103FFB0(_t272, _t307,  *((intOrPtr*)(_t317 - 0x7c)));
						asm("sbb ebx, ebx");
						return E0107D130( ~_t272 & 0xc000022d, _t307, _t312);
					}
					_t15 = _t280 - 4; // -4
					_t200 = _t15;
					 *((intOrPtr*)(_t317 - 0x70)) = _t200;
					 *((intOrPtr*)(_t317 - 0x8c)) = _t200;
					 *((intOrPtr*)(_t317 - 0x6c)) = _t200;
					_t308 = 0x7ffe0010;
					_t313 = 0x7ffe03b0;
					goto L4;
					do {
						do {
							do {
								do {
									L4:
									_t201 =  *0x1118628; // 0x0
									 *(_t317 - 0x30) = _t201;
									_t202 =  *0x111862c; // 0x0
									 *(_t317 - 0x44) = _t202;
									 *(_t317 - 0x28) =  *_t313;
									 *(_t317 - 0x58) = _t313[1];
									while(1) {
										_t301 =  *0x7ffe000c;
										_t281 =  *0x7ffe0008;
										__eflags = _t301 -  *_t308;
										if(_t301 ==  *_t308) {
											goto L6;
										}
										asm("pause");
									}
									L6:
									_t313 = 0x7ffe03b0;
									_t309 =  *0x7ffe03b0;
									 *(_t317 - 0x40) = _t309;
									_t206 =  *0x7FFE03B4;
									 *((intOrPtr*)(_t317 - 0x3c)) = _t206;
									__eflags =  *(_t317 - 0x28) - _t309;
									_t308 = 0x7ffe0010;
								} while ( *(_t317 - 0x28) != _t309);
								__eflags =  *(_t317 - 0x58) - _t206;
							} while ( *(_t317 - 0x58) != _t206);
							_t207 =  *0x1118628; // 0x0
							_t310 =  *0x111862c; // 0x0
							 *(_t317 - 0x28) = _t310;
							__eflags =  *(_t317 - 0x30) - _t207;
							_t308 = 0x7ffe0010;
						} while ( *(_t317 - 0x30) != _t207);
						__eflags =  *(_t317 - 0x44) -  *(_t317 - 0x28);
					} while ( *(_t317 - 0x44) !=  *(_t317 - 0x28));
					_t315 =  *((intOrPtr*)(_t317 - 0x6c));
					_t307 = 0;
					_t272 =  *(_t317 - 0x60);
					asm("sbb edx, [ebp-0x3c]");
					asm("sbb edx, eax");
					 *(_t317 - 0x28) = _t281 -  *(_t317 - 0x40) -  *(_t317 - 0x30) + 0x7a120;
					asm("adc edx, edi");
					asm("lock inc dword [esi+0x2c]");
					_t209 =  *((intOrPtr*)(_t317 - 0x20));
					_t286 =  *(_t315 + 0x24) &  *(_t209 + 0x18);
					 *(_t317 - 0x40) = _t286;
					__eflags =  *(_t315 + 0x34);
					if( *(_t315 + 0x34) != 0) {
						L37:
						 *((intOrPtr*)(_t317 - 0x34)) =  *((intOrPtr*)( *((intOrPtr*)(_t317 - 0x34))));
						E0105DF4C(_t317 - 0x78, _t315, _t317 - 0x74, _t317 - 0x78);
						_t316 =  *(_t317 - 0x74);
						__eflags = _t316;
						_t280 =  *((intOrPtr*)(_t317 - 0x34));
						if(_t316 != 0) {
							 *0x111b1e0( *((intOrPtr*)(_t317 - 0x78)));
							 *_t316();
							_t280 =  *((intOrPtr*)(_t317 - 0x34));
						}
						_t312 =  *((intOrPtr*)(_t317 - 0x38));
						continue;
					}
					__eflags = _t286;
					if(_t286 == 0) {
						goto L37;
					}
					 *(_t317 - 0x5c) = _t286;
					_t45 = _t317 - 0x5c;
					 *_t45 =  *(_t317 - 0x5c) & 0x00000001;
					__eflags =  *_t45;
					if( *_t45 == 0) {
						L40:
						__eflags = _t286 & 0xfffffffe;
						if((_t286 & 0xfffffffe) != 0) {
							__eflags =  *((intOrPtr*)(_t315 + 0x64)) - _t307;
							if( *((intOrPtr*)(_t315 + 0x64)) == _t307) {
								L14:
								__eflags =  *(_t315 + 0x40) - _t307;
								if( *(_t315 + 0x40) != _t307) {
									__eflags = _t301 -  *(_t315 + 0x4c);
									if(__eflags > 0) {
										goto L15;
									}
									if(__eflags < 0) {
										L59:
										_t299 =  *((intOrPtr*)(_t317 - 0x20));
										__eflags =  *(_t315 + 0x5c) -  *((intOrPtr*)(_t299 + 0x10));
										if( *(_t315 + 0x5c) >=  *((intOrPtr*)(_t299 + 0x10))) {
											goto L37;
										}
										goto L15;
									}
									__eflags =  *(_t317 - 0x28) -  *(_t315 + 0x48);
									if( *(_t317 - 0x28) >=  *(_t315 + 0x48)) {
										goto L15;
									}
									goto L59;
								}
								L15:
								__eflags =  *((intOrPtr*)(_t317 + 8)) - _t307;
								if( *((intOrPtr*)(_t317 + 8)) != _t307) {
									__eflags =  *((intOrPtr*)(_t315 + 0x58)) - _t307;
									if( *((intOrPtr*)(_t315 + 0x58)) != _t307) {
										goto L16;
									}
									goto L37;
								}
								L16:
								 *(_t317 - 0x24) = _t307;
								 *(_t317 - 0x30) = _t307;
								 *((intOrPtr*)(_t317 - 0x2c)) =  *((intOrPtr*)(_t315 + 0x10));
								_t217 =  *((intOrPtr*)(_t315 + 0xc));
								 *((intOrPtr*)(_t317 - 0x4c)) =  *((intOrPtr*)(_t217 + 0x10));
								 *((intOrPtr*)(_t317 - 0x48)) =  *((intOrPtr*)(_t217 + 0x14));
								 *(_t317 - 0x58) =  *(_t217 + 0x24);
								 *((intOrPtr*)(_t317 - 0x3c)) =  *((intOrPtr*)(_t315 + 0x14));
								 *((intOrPtr*)(_t317 - 0x64)) =  *((intOrPtr*)(_t315 + 0x18));
								 *(_t315 + 0x60) =  *( *[fs:0x18] + 0x24);
								_t224 =  *((intOrPtr*)(_t317 - 0x38)) + 0x28;
								 *(_t317 - 0x94) = _t224;
								_t291 = _t224;
								 *(_t317 - 0x28) = _t291;
								 *(_t317 - 0x90) = _t291;
								E0103FFB0(_t272, _t307, _t224);
								_t292 = _t307;
								 *(_t317 - 0x54) = _t292;
								_t226 = _t307;
								 *(_t317 - 0x50) = _t226;
								 *(_t317 - 0x44) = _t226;
								__eflags =  *(_t315 + 0x28);
								if(__eflags != 0) {
									asm("lock bts dword [eax], 0x0");
									_t229 = 0;
									_t230 = _t229 & 0xffffff00 | __eflags >= 0x00000000;
									 *(_t317 - 0x50) = _t230;
									 *(_t317 - 0x44) = _t230;
									__eflags = _t230;
									if(_t230 != 0) {
										goto L17;
									}
									__eflags =  *((intOrPtr*)(_t317 + 8)) - 1;
									if( *((intOrPtr*)(_t317 + 8)) == 1) {
										E01042280( *(_t315 + 0x28) + 0x10,  *(_t315 + 0x28) + 0x10);
										_t230 = 1;
										 *(_t317 - 0x50) = 1;
										 *(_t317 - 0x44) = 1;
										goto L17;
									}
									_t233 = _t230 + 1;
									L35:
									 *( *((intOrPtr*)(_t317 - 0x70)) + 0x58) = _t233;
									__eflags = _t292;
									if(_t292 == 0) {
										E01042280(_t233,  *(_t317 - 0x28));
									}
									 *(_t315 + 0x60) = _t307;
									goto L37;
								}
								L17:
								__eflags =  *(_t315 + 0x34) - _t307;
								if( *(_t315 + 0x34) != _t307) {
									L26:
									__eflags =  *(_t317 - 0x50);
									if( *(_t317 - 0x50) != 0) {
										_t230 = E0103FFB0(_t272, _t307,  *(_t315 + 0x28) + 0x10);
									}
									__eflags =  *(_t317 - 0x30);
									if( *(_t317 - 0x30) == 0) {
										L71:
										_t292 =  *(_t317 - 0x54);
										L34:
										_t233 = _t307;
										goto L35;
									}
									E01042280(_t230,  *(_t317 - 0x94));
									_t292 = 1;
									 *(_t317 - 0x54) = 1;
									__eflags =  *(_t317 - 0x24) - 0xc000022d;
									if( *(_t317 - 0x24) == 0xc000022d) {
										L69:
										__eflags =  *(_t315 + 0x20) & 0x00000004;
										if(( *(_t315 + 0x20) & 0x00000004) == 0) {
											goto L34;
										}
										_t272 = 1;
										__eflags = 1;
										 *(_t317 - 0x60) = 1;
										E010B30AE(_t315,  *(_t317 - 0x24),  *( *((intOrPtr*)(_t317 - 0x20)) + 0x10));
										goto L71;
									}
									__eflags =  *(_t317 - 0x24) - 0xc0000017;
									if( *(_t317 - 0x24) == 0xc0000017) {
										goto L69;
									}
									__eflags =  *(_t315 + 0x1c);
									if( *(_t315 + 0x1c) != 0) {
										_t238 =  *((intOrPtr*)(_t317 - 0x20));
										__eflags =  *((intOrPtr*)(_t238 + 0x10)) -  *(_t315 + 0x1c);
										if( *((intOrPtr*)(_t238 + 0x10)) -  *(_t315 + 0x1c) > 0) {
											goto L31;
										}
										L32:
										__eflags =  *(_t315 + 0x20) & 0x00000004;
										if(( *(_t315 + 0x20) & 0x00000004) != 0) {
											__eflags =  *(_t315 + 0x50) - _t307;
											if( *(_t315 + 0x50) > _t307) {
												 *(_t315 + 0x40) = _t307;
												 *(_t315 + 0x54) = _t307;
												 *(_t315 + 0x48) = _t307;
												 *(_t315 + 0x4c) = _t307;
												 *(_t315 + 0x50) = _t307;
												 *(_t315 + 0x5c) = _t307;
											}
										}
										goto L34;
									}
									L31:
									 *(_t315 + 0x1c) =  *( *((intOrPtr*)(_t317 - 0x20)) + 0x10);
									goto L32;
								}
								 *(_t317 - 0x30) = 1;
								 *((intOrPtr*)(_t317 - 0x80)) = 1;
								 *((intOrPtr*)(_t317 - 0x64)) = E01023E80( *((intOrPtr*)(_t317 - 0x64)));
								 *(_t317 - 4) = _t307;
								__eflags =  *(_t317 - 0x5c);
								if( *(_t317 - 0x5c) != 0) {
									_t257 =  *((intOrPtr*)(_t317 - 0x20));
									 *0x111b1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)),  *((intOrPtr*)(_t257 + 0x10)),  *(_t317 - 0x58),  *((intOrPtr*)(_t317 - 0x3c)),  *((intOrPtr*)(_t317 - 0x68)),  *((intOrPtr*)(_t257 + 0x14)));
									 *(_t317 - 0x24) =  *((intOrPtr*)(_t317 - 0x2c))();
								}
								_t246 =  *(_t317 - 0x40);
								__eflags = _t246 & 0x00000010;
								if((_t246 & 0x00000010) != 0) {
									__eflags =  *(_t315 + 0x34) - _t307;
									if( *(_t315 + 0x34) != _t307) {
										goto L21;
									}
									__eflags =  *(_t317 - 0x24);
									if( *(_t317 - 0x24) >= 0) {
										L64:
										 *0x111b1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)), _t307,  *(_t317 - 0x58),  *((intOrPtr*)(_t317 - 0x3c)), _t307, _t307);
										 *((intOrPtr*)(_t317 - 0x2c))();
										 *(_t317 - 0x24) = _t307;
										_t246 =  *(_t317 - 0x40);
										goto L21;
									}
									__eflags =  *(_t315 + 0x20) & 0x00000004;
									if(( *(_t315 + 0x20) & 0x00000004) != 0) {
										goto L21;
									}
									goto L64;
								} else {
									L21:
									__eflags = _t246 & 0xffffffee;
									if((_t246 & 0xffffffee) != 0) {
										 *(_t317 - 0x24) = _t307;
										 *0x111b1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)),  *((intOrPtr*)(_t317 - 0x3c)), _t246);
										 *((intOrPtr*)(_t317 - 0x2c))();
									}
									_t249 = E01047D50();
									__eflags = _t249;
									if(_t249 != 0) {
										_t252 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x234;
									} else {
										_t252 = 0x7ffe038e;
									}
									__eflags =  *_t252;
									if( *_t252 != 0) {
										_t252 = E010B2E14( *( *((intOrPtr*)(_t317 - 0x20)) + 0x10), _t315,  *((intOrPtr*)(_t317 - 0x38)),  *((intOrPtr*)(_t317 - 0x2c)),  *(_t317 - 0x40),  *(_t317 - 0x24),  *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)));
									}
									 *(_t317 - 4) = 0xfffffffe;
									E01023E6B(_t252);
									_t230 = E01023E80( *((intOrPtr*)(_t317 - 0x64)));
									goto L26;
								}
							}
						}
						__eflags = _t286 & 0x00000010;
						if((_t286 & 0x00000010) == 0) {
							goto L37;
						}
						goto L14;
					}
					__eflags =  *(_t315 + 0x1c);
					if( *(_t315 + 0x1c) != 0) {
						__eflags =  *((intOrPtr*)(_t209 + 0x10)) -  *(_t315 + 0x1c);
						if( *((intOrPtr*)(_t209 + 0x10)) -  *(_t315 + 0x1c) > 0) {
							goto L14;
						}
						goto L40;
					}
					goto L14;
				}
			}

0x01023aca
0x01023acf
0x01023ad4
0x01023ad9
0x01023adb
0x01023ae0
0x01023ae3
0x01023ae5
0x01023ae8
0x01023aeb
0x01023aed
0x01023af5
0x01023af8
0x01023afb
0x01023afe
0x01023b05
0x01023b0a
0x01023b0d
0x00000000
0x01023b10
0x01023b15
0x01023b1a
0x01023b21
0x01023b30
0x01023b30
0x01023b33
0x01023b33
0x01023b36
0x01023b39
0x01023b3f
0x01023b47
0x01023b4a
0x01023b4a
0x01023b4f
0x01023b4f
0x01023b4f
0x01023b4f
0x01023b4f
0x01023b4f
0x01023b54
0x01023b57
0x01023b5c
0x01023b61
0x01023b67
0x01023b6f
0x01023b6f
0x01023b71
0x01023b75
0x01023b77
0x00000000
0x00000000
0x01023e6c
0x01023e6c
0x01023b7d
0x01023b7d
0x01023b82
0x01023b84
0x01023b87
0x01023b8a
0x01023b8d
0x01023b90
0x01023b90
0x01023b97
0x01023b97
0x01023b9c
0x01023ba1
0x01023ba7
0x01023baa
0x01023bad
0x01023bad
0x01023bb7
0x01023bb7
0x01023bbc
0x01023bbf
0x01023bc1
0x01023bc7
0x01023bcd
0x01023bd5
0x01023bd8
0x01023bda
0x01023be1
0x01023be4
0x01023be7
0x01023bea
0x01023bed
0x01023d97
0x01023d9c
0x01023da8
0x01023dad
0x01023db0
0x01023db2
0x01023db5
0x0108020b
0x01080211
0x01080213
0x01080213
0x01023dbb
0x00000000
0x01023dbb
0x01023bf3
0x01023bf5
0x00000000
0x00000000
0x01023bfb
0x01023bfe
0x01023bfe
0x01023bfe
0x01023c02
0x01023dd1
0x01023dd1
0x01023dd7
0x010800c1
0x010800c4
0x01023c11
0x01023c11
0x01023c14
0x010800cf
0x010800d2
0x00000000
0x00000000
0x010800d8
0x010800e6
0x010800e9
0x010800ec
0x010800ef
0x00000000
0x00000000
0x00000000
0x010800f5
0x010800dd
0x010800e0
0x00000000
0x00000000
0x00000000
0x010800e0
0x01023c1a
0x01023c1a
0x01023c1d
0x01023e20
0x01023e23
0x00000000
0x00000000
0x00000000
0x01023e29
0x01023c23
0x01023c23
0x01023c26
0x01023c2c
0x01023c2f
0x01023c35
0x01023c3b
0x01023c41
0x01023c47
0x01023c4d
0x01023c59
0x01023c5f
0x01023c62
0x01023c68
0x01023c6a
0x01023c6d
0x01023c74
0x01023c79
0x01023c7b
0x01023c7e
0x01023c80
0x01023c83
0x01023c89
0x01023c8b
0x01023dea
0x01023df1
0x01023df2
0x01023df5
0x01023df8
0x01023dfb
0x01023dfd
0x00000000
0x00000000
0x01023e03
0x01023e07
0x01023e42
0x01023e49
0x01023e4a
0x01023e4d
0x00000000
0x01023e4d
0x01023e09
0x01023d86
0x01023d89
0x01023d8c
0x01023d8e
0x01023e31
0x01023e31
0x01023d94
0x00000000
0x01023d94
0x01023c91
0x01023c91
0x01023c94
0x01023d23
0x01023d23
0x01023d27
0x01023e16
0x01023e16
0x01023d2d
0x01023d31
0x010801fe
0x010801fe
0x01023d84
0x01023d84
0x00000000
0x01023d84
0x01023d3d
0x01023d44
0x01023d45
0x01023d48
0x01023d4f
0x010801de
0x010801de
0x010801e2
0x00000000
0x00000000
0x010801ea
0x010801ea
0x010801eb
0x010801f9
0x00000000
0x010801f9
0x01023d55
0x01023d5c
0x00000000
0x00000000
0x01023d62
0x01023d66
0x01023e55
0x01023e5e
0x01023e60
0x00000000
0x00000000
0x01023d75
0x01023d75
0x01023d79
0x01023d7b
0x01023d7e
0x010801c7
0x010801ca
0x010801cd
0x010801d0
0x010801d3
0x010801d6
0x010801d6
0x01023d7e
0x00000000
0x01023d79
0x01023d6c
0x01023d72
0x00000000
0x01023d72
0x01023c9d
0x01023ca0
0x01023cab
0x01023cae
0x01023cb1
0x01023cb5
0x01023cb7
0x01023cd2
0x01023cdb
0x01023cdb
0x01023cde
0x01023ce1
0x01023ce3
0x010800fa
0x010800fd
0x00000000
0x00000000
0x01080103
0x01080107
0x01080113
0x01080125
0x0108012b
0x0108012e
0x01080131
0x00000000
0x01080131
0x01080109
0x0108010d
0x00000000
0x00000000
0x00000000
0x01023ce9
0x01023ce9
0x01023ce9
0x01023cee
0x01080139
0x01080149
0x0108014f
0x0108014f
0x01023cf4
0x01023cf9
0x01023cfb
0x01080160
0x01023d01
0x01023d01
0x01023d01
0x01023d06
0x01023d09
0x01080184
0x01080184
0x01023d0f
0x01023d16
0x01023d1e
0x00000000
0x01023d1e
0x01023ce3
0x010800ca
0x01023ddd
0x01023de0
0x00000000
0x00000000
0x00000000
0x01023de2
0x01023c08
0x01023c0b
0x01023dc9
0x01023dcb
0x00000000
0x00000000
0x00000000
0x01023dcb
0x00000000
0x01023c0b

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56aa17c8f26401a662b3a27b29c418f659a1251f69e7d7f661174020c470886a
Instruction ID: 5606f72754d604c4dfe0251418263948b0ac9ee98a3af566a8fc565df0c3d87b
Opcode Fuzzy Hash: 56aa17c8f26401a662b3a27b29c418f659a1251f69e7d7f661174020c470886a
Instruction Fuzzy Hash: DDE10170E00628DFCF66DFA9D984A9DFBF1BF48310F20456AE586AB261D734A841CF10

Uniqueness

Uniqueness Score: -1.00%

Function 0104B236 Relevance: .3, Instructions: 305
COMMONCrypto

Download Yara Rule

C-Code - Quality: 86%

			E0104B236(signed int __ecx, intOrPtr __edx) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				unsigned int _t94;
				signed int _t96;
				intOrPtr _t97;
				unsigned int _t101;
				char _t103;
				signed int _t114;
				signed int _t115;
				signed char* _t118;
				intOrPtr _t119;
				signed int _t120;
				signed char* _t123;
				signed int _t129;
				char* _t132;
				unsigned int _t147;
				signed int _t157;
				unsigned int _t158;
				signed int _t159;
				signed int _t165;
				signed int _t168;
				signed char _t175;
				signed char _t185;
				unsigned int _t197;
				unsigned int _t206;
				unsigned int* _t214;
				signed int _t218;

				_t156 = __edx;
				_v24 = __edx;
				_t218 = __ecx;
				_t3 = _t156 + 0xfff; // 0xfff
				_t210 = 0;
				_v16 = _t3 & 0xfffff000;
				if(E0104B477(__ecx,  &_v16) == 0) {
					__eflags =  *(__ecx + 0x40) & 0x00000002;
					if(( *(__ecx + 0x40) & 0x00000002) == 0) {
						L32:
						__eflags =  *(_t218 + 0x40) & 0x00000080;
						if(( *(_t218 + 0x40) & 0x00000080) != 0) {
							_t210 = E010CCB4F(_t218);
							__eflags = _t210;
							if(_t210 == 0) {
								goto L33;
							}
							__eflags = ( *_t210 & 0x0000ffff) - _t156;
							if(( *_t210 & 0x0000ffff) < _t156) {
								goto L33;
							}
							_t157 = _t210;
							goto L3;
						}
						L33:
						_t157 = 0;
						__eflags = _t210;
						if(_t210 != 0) {
							__eflags =  *(_t218 + 0x4c);
							if( *(_t218 + 0x4c) != 0) {
								 *(_t210 + 3) =  *(_t210 + 2) ^  *(_t210 + 1) ^  *_t210;
								 *_t210 =  *_t210 ^  *(_t218 + 0x50);
							}
						}
						goto L3;
					}
					_v12 = _v12 & 0;
					_t158 = __edx + 0x2000;
					_t94 =  *((intOrPtr*)(__ecx + 0x64));
					__eflags = _t158 - _t94;
					if(_t158 > _t94) {
						_t94 = _t158;
					}
					__eflags =  *((char*)(_t218 + 0xda)) - 2;
					if( *((char*)(_t218 + 0xda)) != 2) {
						_t165 = 0;
					} else {
						_t165 =  *(_t218 + 0xd4);
					}
					__eflags = _t165;
					if(_t165 == 0) {
						__eflags = _t94 - 0x3f4000;
						if(_t94 >= 0x3f4000) {
							 *(_t218 + 0x48) =  *(_t218 + 0x48) | 0x20000000;
						}
					}
					_t96 = _t94 + 0x0000ffff & 0xffff0000;
					_v8 = _t96;
					__eflags = _t96 - 0xfd0000;
					if(_t96 >= 0xfd0000) {
						_v8 = 0xfd0000;
					}
					_t97 = E01050678(_t218, 1);
					_push(_t97);
					_push(0x2000);
					_v28 = _t97;
					_push( &_v8);
					_push(0);
					_push( &_v12);
					_push(0xffffffff);
					_t168 = E01069660();
					__eflags = _t168;
					if(_t168 < 0) {
						while(1) {
							_t101 = _v8;
							__eflags = _t101 - _t158;
							if(_t101 == _t158) {
								break;
							}
							_t147 = _t101 >> 1;
							_v8 = _t147;
							__eflags = _t147 - _t158;
							if(_t147 < _t158) {
								_v8 = _t158;
							}
							_push(_v28);
							_push(0x2000);
							_push( &_v8);
							_push(0);
							_push( &_v12);
							_push(0xffffffff);
							_t168 = E01069660();
							__eflags = _t168;
							if(_t168 < 0) {
								continue;
							} else {
								_t101 = _v8;
								break;
							}
						}
						__eflags = _t168;
						if(_t168 >= 0) {
							goto L12;
						}
						 *((intOrPtr*)(_t218 + 0x214)) =  *((intOrPtr*)(_t218 + 0x214)) + 1;
						goto L60;
					} else {
						_t101 = _v8;
						L12:
						 *((intOrPtr*)(_t218 + 0x64)) =  *((intOrPtr*)(_t218 + 0x64)) + _t101;
						_t103 = _v24 + 0x1000;
						__eflags = _t103 -  *((intOrPtr*)(_t218 + 0x68));
						if(_t103 <=  *((intOrPtr*)(_t218 + 0x68))) {
							_t103 =  *((intOrPtr*)(_t218 + 0x68));
						}
						_push(_v28);
						_v20 = _t103;
						_push(0x1000);
						_push( &_v20);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						_t159 = E01069660();
						__eflags = _t159;
						if(_t159 < 0) {
							L59:
							E0105174B( &_v12,  &_v8, 0x8000);
							L60:
							_t156 = _v24;
							goto L32;
						} else {
							_t114 = E0105138B(_t218, _v12, 0x40, _t168, 2, _v12, _v20 + _v12, _v8 + 0xfffff000 + _t192);
							__eflags = _t114;
							if(_t114 == 0) {
								_t159 = 0xc0000017;
							}
							__eflags = _t159;
							if(_t159 < 0) {
								goto L59;
							} else {
								_t115 = E01047D50();
								_t212 = 0x7ffe0380;
								__eflags = _t115;
								if(_t115 != 0) {
									_t118 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t118 = 0x7ffe0380;
								}
								__eflags =  *_t118;
								if( *_t118 != 0) {
									_t119 =  *[fs:0x30];
									__eflags =  *(_t119 + 0x240) & 0x00000001;
									if(( *(_t119 + 0x240) & 0x00000001) != 0) {
										E010E138A(0x226, _t218, _v12, _v20, 4);
										__eflags = E01047D50();
										if(__eflags != 0) {
											_t212 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E010E1582(0x226, _t218,  *(_v12 + 0x24), __eflags, _v20,  *(_t218 + 0x74) << 3,  *_t212 & 0x000000ff);
									}
								}
								_t120 = E01047D50();
								_t213 = 0x7ffe038a;
								__eflags = _t120;
								if(_t120 != 0) {
									_t123 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t123 = 0x7ffe038a;
								}
								__eflags =  *_t123;
								if( *_t123 != 0) {
									__eflags = E01047D50();
									if(__eflags != 0) {
										_t213 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
									}
									E010E1582(0x230, _t218,  *(_v12 + 0x24), __eflags, _v20,  *(_t218 + 0x74) << 3,  *_t213 & 0x000000ff);
								}
								_t129 = E01047D50();
								__eflags = _t129;
								if(_t129 != 0) {
									_t132 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								} else {
									_t132 = 0x7ffe0388;
								}
								__eflags =  *_t132;
								if( *_t132 != 0) {
									E010DFEC0(0x230, _t218, _v12, _v8);
								}
								__eflags =  *(_t218 + 0x4c);
								_t214 =  *(_v12 + 0x24);
								if( *(_t218 + 0x4c) != 0) {
									_t197 =  *(_t218 + 0x50) ^  *_t214;
									 *_t214 = _t197;
									_t175 = _t197 >> 0x00000010 ^ _t197 >> 0x00000008 ^ _t197;
									__eflags = _t197 >> 0x18 - _t175;
									if(__eflags != 0) {
										_push(_t175);
										E010DFA2B(0x230, _t218, _t214, _t214, _t218, __eflags);
									}
								}
								_t157 =  *(_v12 + 0x24);
								goto L3;
							}
						}
					}
				} else {
					_v16 = _v16 >> 3;
					_t157 = E010499BF(__ecx, _t87,  &_v16, 0);
					E0104A830(__ecx, _t157, _v16);
					if( *(_t218 + 0x4c) != 0) {
						_t206 =  *(_t218 + 0x50) ^  *_t157;
						 *_t157 = _t206;
						_t185 = _t206 >> 0x00000010 ^ _t206 >> 0x00000008 ^ _t206;
						if(_t206 >> 0x18 != _t185) {
							_push(_t185);
							E010DFA2B(_t157, _t218, _t157, 0, _t218, __eflags);
						}
					}
					L3:
					return _t157;
				}
			}

0x0104b23f
0x0104b246
0x0104b249
0x0104b24b
0x0104b251
0x0104b258
0x0104b262
0x0104b2b2
0x0104b2b6
0x0104b456
0x0104b456
0x0104b45a
0x01092912
0x01092914
0x01092916
0x00000000
0x00000000
0x0109291f
0x01092921
0x00000000
0x00000000
0x01092927
0x00000000
0x01092927
0x0104b460
0x0104b460
0x0104b462
0x0104b464
0x0109292e
0x01092931
0x0109293f
0x01092945
0x01092945
0x01092931
0x00000000
0x0104b464
0x0104b2bc
0x0104b2bf
0x0104b2c5
0x0104b2c8
0x0104b2ca
0x010927af
0x010927af
0x0104b2d0
0x0104b2d7
0x0104b437
0x0104b2dd
0x0104b2dd
0x0104b2dd
0x0104b2e3
0x0104b2e5
0x0104b43e
0x0104b443
0x010927b6
0x010927b6
0x0104b443
0x0104b2f5
0x0104b2fa
0x0104b2fd
0x0104b2ff
0x0104b46f
0x0104b46f
0x0104b30a
0x0104b30f
0x0104b310
0x0104b315
0x0104b31b
0x0104b31c
0x0104b321
0x0104b322
0x0104b329
0x0104b32b
0x0104b32d
0x010927c2
0x010927c2
0x010927c5
0x010927c7
0x00000000
0x00000000
0x010927c9
0x010927cb
0x010927ce
0x010927d0
0x010927d2
0x010927d2
0x010927d5
0x010927db
0x010927e0
0x010927e1
0x010927e6
0x010927e7
0x010927ee
0x010927f0
0x010927f2
0x00000000
0x010927f4
0x010927f4
0x00000000
0x010927f4
0x010927f2
0x010927f7
0x010927f9
0x00000000
0x00000000
0x010927ff
0x00000000
0x0104b333
0x0104b333
0x0104b336
0x0104b336
0x0104b33c
0x0104b341
0x0104b344
0x0104b44e
0x0104b44e
0x0104b34a
0x0104b34d
0x0104b353
0x0104b358
0x0104b359
0x0104b35e
0x0104b35f
0x0104b366
0x0104b368
0x0104b36a
0x010928f2
0x010928fe
0x01092903
0x01092903
0x00000000
0x0104b370
0x0104b38c
0x0104b391
0x0104b393
0x0109280a
0x0109280a
0x0104b399
0x0104b39b
0x00000000
0x0104b3a1
0x0104b3a1
0x0104b3a6
0x0104b3b0
0x0104b3b2
0x0109281d
0x0104b3b8
0x0104b3b8
0x0104b3b8
0x0104b3ba
0x0104b3bd
0x01092824
0x0109282a
0x01092831
0x01092841
0x0109284b
0x0109284d
0x01092858
0x01092858
0x01092858
0x01092870
0x01092870
0x01092831
0x0104b3c3
0x0104b3c8
0x0104b3d2
0x0104b3d4
0x01092883
0x0104b3da
0x0104b3da
0x0104b3da
0x0104b3dc
0x0104b3df
0x0109288f
0x01092891
0x0109289c
0x0109289c
0x0109289c
0x010928b4
0x010928b4
0x0104b3e5
0x0104b3ea
0x0104b3ec
0x010928c7
0x0104b3f2
0x0104b3f2
0x0104b3f2
0x0104b3f7
0x0104b3fa
0x010928d9
0x010928d9
0x0104b400
0x0104b407
0x0104b40a
0x0104b40f
0x0104b413
0x0104b41f
0x0104b424
0x0104b426
0x010928e3
0x010928e8
0x010928e8
0x0104b426
0x0104b42f
0x00000000
0x0104b42f
0x0104b39b
0x0104b36a
0x0104b264
0x0104b264
0x0104b279
0x0104b27f
0x0104b287
0x0104b28c
0x0104b290
0x0104b29c
0x0104b2a3
0x010927a0
0x010927a5
0x010927a5
0x0104b2a3
0x0104b2a9
0x0104b2b1
0x0104b2b1

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
Instruction ID: d9b90b4515af77cb3bdd52e72ece2f1f95b833863bd74a68bb5c25e1d215344e
Opcode Fuzzy Hash: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
Instruction Fuzzy Hash: 67B1A171B00606AFDB15DBA9C9D0BBEBBF5AF88200F1445B9E6D29B381DB30D941CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0105513A Relevance: .3, Instructions: 258
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E0105513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x111d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E0106D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E01042280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = E01044620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E0106F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E0103FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x111b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E0106B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}

0x01055142
0x0105514c
0x01055150
0x01055157
0x01055159
0x0105515e
0x01055165
0x01055169
0x0105516c
0x01055172
0x01055176
0x0105517a
0x0105517a
0x0105517a
0x0105517f
0x01096d8b
0x01096d8e
0x01096d91
0x01096d95
0x01096d98
0x01096d9c
0x01096da0
0x01096da3
0x01096da7
0x01096e26
0x01096e26
0x01096e2a
0x010551f9
0x010551f9
0x010551fe
0x01096e33
0x01096e33
0x01096e39
0x01096e3d
0x01096e46
0x01096e50
0x00000000
0x00000000
0x01096e52
0x01096e53
0x01096e56
0x01096e5d
0x00000000
0x00000000
0x00000000
0x01096e5f
0x01096e67
0x01096e77
0x01096e7f
0x01096e80
0x01096e88
0x01096e90
0x01096e9f
0x01096ea5
0x01096ea9
0x01096eb1
0x01096ebf
0x00000000
0x00000000
0x01096ecf
0x01096ed3
0x00000000
0x00000000
0x01096edb
0x01096ede
0x01096ee1
0x01096ee8
0x01096eeb
0x01096eed
0x01096ef0
0x01096ef4
0x01096ef8
0x01096efc
0x00000000
0x00000000
0x01096f0d
0x01096f11
0x01096f32
0x01096f37
0x01096f3b
0x01096f3e
0x01096f41
0x01096f46
0x00000000
0x00000000
0x01096f4c
0x01096f50
0x01096f50
0x01096f54
0x01096f62
0x01096f65
0x01096f6d
0x01096f7b
0x01096f7b
0x01096f93
0x01096f98
0x01096fa0
0x01096fa6
0x01096fb3
0x01096fb6
0x01096fbf
0x01096fc1
0x01096fd5
0x01096fda
0x01096fda
0x01096fdd
0x01096fe2
0x01096fe7
0x01096feb
0x01096fef
0x01096ff3
0x0105520c
0x0105520c
0x0105520f
0x01055215
0x01055234
0x0105523a
0x0105523a
0x01055244
0x01055245
0x01055246
0x01055251
0x01055251
0x01096f13
0x01096f17
0x01096f17
0x01096f18
0x01096f1b
0x01096f1f
0x01096f23
0x00000000
0x01096f28
0x01055204
0x01055204
0x01055208
0x00000000
0x01055208
0x01055185
0x01055188
0x0105518a
0x0105518e
0x01055195
0x01096db1
0x01096db5
0x01096db9
0x0105519b
0x0105519b
0x0105519e
0x010551a7
0x010551a9
0x010551a9
0x010551b5
0x010551b8
0x010551bb
0x010551be
0x010551c1
0x010551c5
0x010551c9
0x010551cd
0x010551cd
0x010551d8
0x010551dc
0x010551e0
0x01096dcc
0x01096dd0
0x01096dd5
0x01096ddd
0x01096de1
0x01096de1
0x01096de5
0x01096deb
0x01096df1
0x01096df7
0x01096dfd
0x01096e01
0x01096e05
0x01096e09
0x01096e0d
0x01096e11
0x01096e11
0x010551eb
0x01096e1a
0x01096e1f
0x01096e21
0x01096e23
0x00000000
0x010551f1
0x010551f1
0x00000000
0x010551f1

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a269dcd2298541698060e55f5d28213b06f0ef3dc32c1de48824ff7bfc56abd9
Instruction ID: 731c50441344fc09c604242a502e04363fad4a486b6c85018d56a2afcc593476
Opcode Fuzzy Hash: a269dcd2298541698060e55f5d28213b06f0ef3dc32c1de48824ff7bfc56abd9
Instruction Fuzzy Hash: E2C121755083818FD754CF28C590A5AFBE1BF88304F144AAEF9D98B352D771E845CB42

Uniqueness

Uniqueness Score: -1.00%

Function 010503E2 Relevance: .3, Instructions: 254
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E010503E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x111d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E01050548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E0106B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E0103B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x1117c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E01047D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E01047D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E010A7016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E01069830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E010A69A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x1117c04 != 0) {
						_t118 = _v12;
						_t120 = E010AA7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x1117bd8;
						if( *0x1117bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E010695D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E010699A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E010A3540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E0102B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E0106AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x1118474 - 3;
										if( *0x1118474 != 3) {
											 *0x11179dc =  *0x11179dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E01047D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E01047D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E010A7016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x1118708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x1117b00; // 0x0
							asm("ror esi, cl");
							 *0x111b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E010695D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E01037F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}

0x010503f1
0x010503f7
0x010503f9
0x010503fb
0x010503fd
0x01050400
0x0105040a
0x01094c7a
0x01050537
0x01050547
0x01050410
0x01050410
0x01050414
0x01050417
0x0105041a
0x01050421
0x01050424
0x0105042b
0x0105043b
0x0105043e
0x0105043f
0x0105043f
0x01050446
0x01050449
0x0105044c
0x0105044f
0x01050459
0x01094c8d
0x0105045f
0x0105045f
0x0105045f
0x01050467
0x01094c97
0x01094c9d
0x01094ca4
0x01094caa
0x01094caf
0x01094cb1
0x01094cc3
0x01094cb3
0x01094cbc
0x01094cbc
0x01094cc8
0x01094ccb
0x01094cd7
0x01094cda
0x01094cdf
0x01094cdf
0x01094ccb
0x01094ca4
0x0105046d
0x0105046f
0x0105046f
0x01050471
0x01050476
0x0105047a
0x0105047b
0x01050483
0x01050489
0x0105048d
0x00000000
0x00000000
0x01094ce9
0x01094cef
0x01094d22
0x01094d22
0x00000000
0x01094d22
0x01094cf1
0x01094cf7
0x00000000
0x00000000
0x01094cf9
0x01094cff
0x00000000
0x00000000
0x01094d05
0x01094d07
0x00000000
0x00000000
0x01094d0d
0x01094d0f
0x01094d14
0x01094d16
0x00000000
0x00000000
0x01094d1c
0x01094d1c
0x01050499
0x01050535
0x01050535
0x00000000
0x01050535
0x010504a6
0x01094d2c
0x01094d37
0x01094d39
0x01094d3b
0x00000000
0x00000000
0x01094d41
0x01094d48
0x01050527
0x0105052b
0x0105052d
0x01050530
0x01050530
0x00000000
0x0105052b
0x01094d4e
0x010504ac
0x010504ac
0x010504af
0x010504b2
0x010504b7
0x010504b9
0x010504bb
0x010504bd
0x010504bf
0x010504c5
0x010504c9
0x01094d53
0x01094d59
0x01094db9
0x01094dba
0x01094dbf
0x01094dc2
0x01094dc4
0x01094dc7
0x01094dce
0x00000000
0x01094dce
0x01094d5b
0x01094d61
0x00000000
0x00000000
0x01094d63
0x01094d69
0x00000000
0x00000000
0x01094d6b
0x01094d6e
0x01094d74
0x01094d76
0x01094d7c
0x01094d7e
0x01094d84
0x01094d89
0x01094d8c
0x01094d8d
0x01094d92
0x01094d95
0x01094d96
0x01094d98
0x01094d9a
0x01094d9f
0x01094da4
0x01094da6
0x01094da8
0x01094daf
0x01094db1
0x01094db1
0x01094daf
0x01094da6
0x01094d84
0x01094d7c
0x00000000
0x01094d74
0x010504d6
0x01094de1
0x010504dc
0x010504dc
0x010504dc
0x010504e4
0x01094deb
0x01094df1
0x01094df8
0x01094dfe
0x01094e03
0x01094e05
0x01094e17
0x01094e07
0x01094e10
0x01094e10
0x01094e1c
0x01094e1f
0x01094e35
0x01094e35
0x01094e1f
0x01094df8
0x010504f1
0x010504fa
0x01094e3f
0x01094e47
0x01094e5b
0x01094e61
0x01094e67
0x01094e69
0x01094e71
0x01094e73
0x01050500
0x01050500
0x01050500
0x010504fa
0x01050508
0x0105051d
0x0105051d
0x0105051f
0x01050524
0x00000000
0x01050524
0x01050515
0x01050517
0x01094e7a
0x01094e7c
0x00000000
0x00000000
0x01094e85
0x00000000
0x01094e85
0x00000000
0x01050517

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bf8baa0b74c77b16cb432caec4b4e4e6344371e0172d73f25a86e98710e4a43
Instruction ID: 52f85fa19f1d15120158afa51c7fffe486b425e5caa615b1b098eb7c71e3987e
Opcode Fuzzy Hash: 4bf8baa0b74c77b16cb432caec4b4e4e6344371e0172d73f25a86e98710e4a43
Instruction Fuzzy Hash: 28911571E00615AFEF719A6CC954BAEBBE4AB01714F0502A1FED0EB2D5DB749C41CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0105DA88 Relevance: .3, Instructions: 253
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E0105DA88(void* __ebx, signed short* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t111;
				signed int _t116;
				signed int _t120;
				signed int _t121;
				signed int _t132;
				signed int _t133;
				signed int _t135;
				signed int _t137;
				signed int _t141;
				signed int _t142;
				intOrPtr _t146;
				signed int _t150;
				signed int _t152;
				signed int _t154;
				signed char _t162;
				signed int _t163;
				signed int* _t164;
				void* _t166;
				signed int _t170;
				signed int _t171;
				signed int _t173;
				signed int _t175;
				signed int _t176;
				signed int _t178;
				void* _t181;
				signed int _t185;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				void* _t193;
				void* _t200;

				_t165 = __ecx;
				_push(0x20);
				_push(0x1100268);
				E0107D08C(__ebx, __edi, __esi);
				 *(_t193 - 0x1c) = __edx;
				 *(_t193 - 0x24) = __ecx;
				if(__ecx == 0) {
					L23:
					_t111 = 0;
					L22:
					return E0107D0D1(_t111);
				}
				_t162 =  *(_t193 + 0x14);
				if((_t162 & 0xffffffcc) != 0 || (_t162 & 0x00000003) == 3) {
					goto L23;
				} else {
					_t116 = _t162 & 0x00000001;
					 *(_t193 - 0x28) = _t116;
					if(_t116 != 0) {
						__eflags = __edx;
						if(__edx != 0) {
							goto L4;
						} else {
							goto L23;
						}
					}
					L4:
					E01042280(_t116, 0x111861c);
					_t187 = 0;
					 *((intOrPtr*)(_t193 - 4)) = 0;
					_t189 = 0;
					while(1) {
						 *(_t193 - 0x20) = _t189;
						_t200 = _t189 -  *0x1116da4; // 0x0
						if(_t200 >= 0) {
							break;
						}
						_t173 = _t189 << 5;
						 *(_t193 - 0x2c) = _t173;
						_t165 = _t173 +  *0x1116da0;
						if(_t165[2] ==  *(_t193 - 0x24)) {
							__eflags = _t162 & 0x00000002;
							if((_t162 & 0x00000002) != 0) {
								__eflags = _t165[4] - _t187;
								if(_t165[4] != _t187) {
									L21:
									 *((intOrPtr*)(_t193 - 4)) = 0xfffffffe;
									E0105DCE8();
									_t111 = 1;
									goto L22;
								} else {
									goto L27;
								}
							}
							L27:
							__eflags =  *(_t193 - 0x28);
							if( *(_t193 - 0x28) == 0) {
								goto L8;
							}
							__eflags = _t165[8];
							if(_t165[8] == 0) {
								goto L8;
							}
							_t152 =  *((intOrPtr*)(_t193 + 0x10));
							__eflags = _t152;
							if(_t152 == 0) {
								goto L8;
							}
							__eflags =  *_t165 - _t152;
							if( *_t165 != _t152) {
								goto L8;
							}
							_t154 =  *( *(_t193 - 0x1c));
							__eflags = _t154 - 0xffffffff;
							if(_t154 == 0xffffffff) {
								L57:
								_t185 =  *0x1116da0; // 0x0
								_t192 =  *(_t193 - 0x2c);
								 *( *(_t193 - 0x1c)) =  *(_t192 + _t185 + 0x10);
								_t175 =  *(_t193 + 8);
								__eflags = _t175;
								if(_t175 != 0) {
									 *_t175 =  *((intOrPtr*)(_t192 + _t185 + 0x14));
								}
								goto L21;
							} else {
								__eflags = _t162 & 0x00000020;
								if((_t162 & 0x00000020) == 0) {
									_push(_t154 & 0xfffffffc);
									_push(0xffffffff);
									E010697A0();
									_t176 =  *(_t193 + 8);
									__eflags = _t176;
									if(_t176 != 0) {
										_push( *_t176);
										E010695D0();
									}
									goto L57;
								}
								__eflags = _t165[8] - 0xffffffff;
								if(_t165[8] == 0xffffffff) {
									_t165[8] = _t187;
								}
								break;
							}
							L32:
							__eflags = _t162 & 0x00000002;
							if((_t162 & 0x00000002) != 0) {
								__eflags = _t165[4] - _t187;
								if(_t165[4] != _t187) {
									goto L33;
								}
								_t165[4] =  *(_t193 + 0xc);
								_t165[0xe] =  *(_t193 + 0x18);
								goto L21;
							}
							L33:
							__eflags = _t162 & 0x00000001;
							if((_t162 & 0x00000001) == 0) {
								L15:
								_t190 = _t190 + 1;
								while(1) {
									L13:
									 *(_t193 - 0x20) = _t190;
									__eflags = _t190 -  *0x1116da4; // 0x0
									if(__eflags >= 0) {
										_t121 = E0103B060(_t165, _t178 & 0xfffffffc);
										__eflags = _t121;
										if(_t121 != 0) {
											 *((short*)(_t181 + _t166)) =  *((intOrPtr*)(_t193 + 0x10));
											 *(_t181 + _t166 + 0xc) =  *(_t193 - 0x2c);
											 *(_t181 + _t166 + 0x1c) =  *(_t193 + 0x18);
											__eflags =  *0x1116db0;
											if( *0x1116db0 != 0) {
												__eflags = _t163;
												if(_t163 != 0) {
													_t191 = _t190 << 5;
													_t132 = E010B6652(_t166 + _t191, 1);
													__eflags = _t132;
													if(_t132 >= 0) {
														__eflags =  *0x1116db0 & 0x00000002;
														if(( *0x1116db0 & 0x00000002) != 0) {
															_t133 =  *0x1116da0; // 0x0
															__eflags =  *((intOrPtr*)(_t191 + _t133 + 0x1c)) - 0xc0000019;
															if( *((intOrPtr*)(_t191 + _t133 + 0x1c)) == 0xc0000019) {
																 *( *(_t193 - 0x1c)) =  *(_t191 + _t133 + 0x10);
															}
														}
													}
												}
											}
											 *0x1116da4 =  *0x1116da4 + 1;
											__eflags =  *0x1116da4;
										}
										goto L21;
									}
									_t170 = _t190 << 5;
									 *(_t193 - 0x2c) = _t170;
									_t165 = _t170 +  *0x1116da0;
									__eflags = _t165[2] - _t178;
									if(_t165[2] == _t178) {
										goto L32;
									}
									goto L15;
								}
								goto L21;
							}
							__eflags = _t165[8] - _t187;
							if(_t165[8] != _t187) {
								goto L15;
							}
							_t135 =  *_t165 & 0x0000ffff;
							__eflags = _t135 -  *((intOrPtr*)(_t193 + 0x10));
							if(_t135 ==  *((intOrPtr*)(_t193 + 0x10))) {
								L37:
								_t164 =  *(_t193 - 0x1c);
								_t165[8] =  *_t164;
								_t137 =  *(_t193 + 8);
								__eflags = _t137;
								if(_t137 != 0) {
									_t187 =  *_t137;
								}
								_t165[0xa] = _t187;
								 *_t165 =  *((intOrPtr*)(_t193 + 0x10));
								_t165[0xe] =  *(_t193 + 0x18);
								_t165[0xc] =  *(_t193 + 0x1c);
								__eflags =  *0x1116db0;
								if( *0x1116db0 != 0) {
									_t141 = E010B6652(_t165, 1);
									__eflags = _t141;
									if(_t141 >= 0) {
										__eflags =  *0x1116db0 & 0x00000002;
										if(( *0x1116db0 & 0x00000002) != 0) {
											_t171 =  *0x1116da0; // 0x0
											_t142 =  *(_t193 - 0x2c);
											__eflags =  *((intOrPtr*)(_t142 + _t171 + 0x1c)) - 0xc0000019;
											if( *((intOrPtr*)(_t142 + _t171 + 0x1c)) == 0xc0000019) {
												 *_t164 =  *(_t142 + _t171 + 0x10);
											}
										}
									}
								}
								goto L21;
							}
							__eflags = _t135;
							if(_t135 != 0) {
								goto L15;
							}
							goto L37;
						} else {
							if((_t162 & 0x00000010) != 0) {
								__eflags =  *0x1116db0;
								if( *0x1116db0 != 0) {
									__eflags = _t165[0xa];
									if(_t165[0xa] != 0) {
										__eflags = _t165[0xa] - 0xffffffff;
										if(_t165[0xa] != 0xffffffff) {
											E010B6652(_t165, 0);
										}
									}
								}
							}
							L8:
							_t189 = _t189 + 1;
							continue;
						}
					}
					__eflags = _t162 & 0x00000010;
					if((_t162 & 0x00000010) != 0) {
						goto L21;
					}
					__eflags =  *0x1116da0;
					if( *0x1116da0 == 0) {
						_t120 = E01044620(_t165,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x400);
						__eflags = _t120;
						if(_t120 == 0) {
							goto L21;
						} else {
							 *0x1116da0 = _t120;
							 *0x1116da8 = 0x20;
							L12:
							_t190 = _t187;
							_t178 =  *(_t193 - 0x24);
							goto L13;
						}
					}
					_t146 =  *0x1116da8; // 0x0
					__eflags =  *0x1116da4 - _t146; // 0x0
					if(__eflags >= 0) {
						_t150 = L01048E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *0x1116da0, _t146 + 0x20 << 5);
						__eflags = _t150;
						if(_t150 == 0) {
							goto L21;
						}
						 *0x1116da0 = _t150;
						 *0x1116da8 =  *0x1116da8 + 0x20;
					}
					goto L12;
				}
			}

0x0105da88
0x0105da88
0x0105da8a
0x0105da8f
0x0105da94
0x0105da99
0x0105da9e
0x0105dbe5
0x0105dbe5
0x0105dbdd
0x0105dbe2
0x0105dbe2
0x0105daa4
0x0105daad
0x00000000
0x0105dac0
0x0105dac2
0x0105dac5
0x0105dac8
0x0105dbe9
0x0105dbeb
0x00000000
0x0105dbf1
0x00000000
0x0105dbf1
0x0105dbeb
0x0105dace
0x0105dad3
0x0105dad8
0x0105dada
0x0105dadd
0x0105dadf
0x0105dadf
0x0105dae2
0x0105dae8
0x00000000
0x00000000
0x0105daec
0x0105daef
0x0105daf2
0x0105dafe
0x0105dbf3
0x0105dbf6
0x0109b242
0x0109b245
0x0105dbcf
0x0105dbcf
0x0105dbd6
0x0105dbdb
0x00000000
0x0109b24b
0x00000000
0x0109b24b
0x0109b245
0x0105dbfc
0x0105dbfc
0x0105dc00
0x00000000
0x00000000
0x0105dc06
0x0105dc0a
0x00000000
0x00000000
0x0105dc10
0x0105dc14
0x0105dc17
0x00000000
0x00000000
0x0105dc1d
0x0105dc20
0x00000000
0x00000000
0x0109b253
0x0109b255
0x0109b258
0x0109b28a
0x0109b28a
0x0109b290
0x0109b29a
0x0109b29c
0x0109b29f
0x0109b2a1
0x0109b2ab
0x0109b2ab
0x00000000
0x0109b25a
0x0109b25a
0x0109b25d
0x0109b274
0x0109b275
0x0109b277
0x0109b27c
0x0109b27f
0x0109b281
0x0109b283
0x0109b285
0x0109b285
0x00000000
0x0109b281
0x0109b25f
0x0109b263
0x0109b269
0x0109b269
0x00000000
0x0109b263
0x0105dc2b
0x0105dc2b
0x0105dc2e
0x0109b315
0x0109b318
0x00000000
0x00000000
0x0109b321
0x0109b327
0x00000000
0x0109b327
0x0105dc34
0x0105dc34
0x0105dc37
0x0105db5e
0x0105db5e
0x0105db3c
0x0105db3c
0x0105db3c
0x0105db3f
0x0105db45
0x0105db65
0x0105db6a
0x0105db6c
0x0105dbaa
0x0105dbb1
0x0105dbb8
0x0105dbbc
0x0105dbc3
0x0109b36d
0x0109b36f
0x0109b375
0x0109b37c
0x0109b381
0x0109b383
0x0109b389
0x0109b390
0x0109b396
0x0109b39b
0x0109b3a3
0x0109b3b0
0x0109b3b0
0x0109b3a3
0x0109b390
0x0109b383
0x0109b36f
0x0105dbc9
0x0105dbc9
0x0105dbc9
0x00000000
0x0105db6c
0x0105db49
0x0105db4c
0x0105db4f
0x0105db55
0x0105db58
0x00000000
0x00000000
0x00000000
0x0105db58
0x00000000
0x0105db3c
0x0105dc3d
0x0105dc40
0x00000000
0x00000000
0x0105dc46
0x0105dc49
0x0105dc4d
0x0105dc58
0x0105dc58
0x0105dc5d
0x0105dc60
0x0105dc63
0x0105dc65
0x0105dc67
0x0105dc67
0x0105dc69
0x0105dc70
0x0105dc76
0x0105dc7c
0x0105dc7f
0x0105dc86
0x0109b331
0x0109b336
0x0109b338
0x0109b33e
0x0109b345
0x0109b34b
0x0109b351
0x0109b354
0x0109b35c
0x0109b366
0x0109b366
0x0109b35c
0x0109b345
0x0109b338
0x00000000
0x0105dc86
0x0105dc4f
0x0105dc52
0x00000000
0x00000000
0x00000000
0x0105db04
0x0105db07
0x0109b2b2
0x0109b2b9
0x0109b2bf
0x0109b2c3
0x0109b2c9
0x0109b2cd
0x0109b2d5
0x0109b2d5
0x0109b2cd
0x0109b2c3
0x0109b2b9
0x0105db0d
0x0105db0d
0x00000000
0x0105db0d
0x0105dafe
0x0105db10
0x0105db13
0x00000000
0x00000000
0x0105db19
0x0105db20
0x0105dca1
0x0105dca6
0x0105dca8
0x00000000
0x0105dcae
0x0105dcae
0x0105dcb3
0x0105db37
0x0105db37
0x0105db39
0x00000000
0x0105db39
0x0105dca8
0x0105db26
0x0105db2b
0x0105db31
0x0109b2f7
0x0109b2fc
0x0109b2fe
0x00000000
0x00000000
0x0109b304
0x0109b309
0x0109b309
0x00000000
0x0105db31

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed0250706b38705fb00fafe75657dfb7128754ff28b781ec67ca4f684fb7522b
Instruction ID: ecd8609198e34b7a9b7cbc1e2fa35c7675a703112f4920dd85afaeb8e71b7082
Opcode Fuzzy Hash: ed0250706b38705fb00fafe75657dfb7128754ff28b781ec67ca4f684fb7522b
Instruction Fuzzy Hash: EBA17F74900206CFEFA5DF98C5807AEBBE2FF08354F5445AADDA19B292D771D882CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01025AC0 Relevance: .2, Instructions: 222
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E01025AC0(signed char _a4, char _a8, signed int _a12, intOrPtr _a16, char _a20) {
				signed int _v8;
				char _v1036;
				char _v1037;
				char _v1038;
				signed int _v1044;
				char _v1048;
				char _v1052;
				signed int _v1056;
				char _v1060;
				intOrPtr _v1064;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t76;
				char _t80;
				signed int _t81;
				void* _t92;
				char _t108;
				signed int _t111;
				char _t121;
				signed char _t122;
				signed int _t136;
				signed int _t137;
				char _t144;
				char _t145;
				signed int _t147;

				_v8 =  *0x111d360 ^ _t147;
				_t76 = _a16;
				_t140 = _a12;
				_t145 = _a8;
				_v1064 = _t76;
				_t144 = _a20;
				_v1060 = _t144;
				if(_t145 == 0 || _t144 == 0 ||  *_t144 < 0 || _t140 < 0xffffffff ||  *_t144 > 0 && _t76 == 0) {
					L46:
					_t77 = 0xc000000d;
					goto L18;
				} else {
					_t122 = _a4;
					if((_t122 & 0xfffffff0) != 0) {
						goto L46;
					}
					if(_t140 == 0xffffffff) {
						_t140 = 0x203;
						_t80 = E0103347D(_t145, 0x203,  &_v1056);
						__eflags = _t80;
						if(_t80 < 0) {
							L23:
							_t77 = 0xc0000716;
							L18:
							return E0106B640(_t77, _t122, _v8 ^ _t147, _t140, _t144, _t145);
						}
						_t140 = _v1056 + 1;
					}
					_t81 =  *(_t145 + _t140 * 2 - 2) & 0x0000ffff;
					_v1044 = _t81;
					if(_t81 == 0) {
						_t140 = _t140 - 1;
					}
					_v1048 = 0x1ff;
					_v1056 = _t122 & 0x00000004;
					if(E01025C07(_t145, _t140,  &_v1036,  &_v1048, (_t122 >> 0x00000001 & 0 | (_t122 & 0x00000004) != 0x00000000) & 0x000000ff, _t122 >> 0x00000001 & 1,  &_v1038,  &_v1052) < 0) {
						goto L18;
					} else {
						_t145 = _v1048;
						if(_v1044 == 0) {
							__eflags = _t145 - 0x1ff;
							if(_t145 >= 0x1ff) {
								goto L23;
							}
							_t92 = _t145 + _t145;
							_t145 = _t145 + 1;
							_v1048 = _t145;
							__eflags = _t92 - 0x3fe;
							if(_t92 >= 0x3fe) {
								E0106B75A();
								L29:
								__eflags = _v1056;
								if(_v1056 == 0) {
									L32:
									_t140 = _v1052 -  &_v1036 >> 1;
									__eflags = _v1044;
									_t134 = 0 | __eflags == 0x00000000;
									if(__eflags >= 0) {
										L13:
										_t135 = _v1064;
										if(_v1064 == 0 ||  *_t144 == 0) {
											L17:
											 *_t144 = _t145;
											_t77 = 0;
											goto L18;
										} else {
											if(_t145 >  *_t144) {
												_t77 = 0xc0000023;
												goto L18;
											}
											E0106F3E0(_t135,  &_v1036, _t145 + _t145);
											goto L17;
										}
									}
									__eflags = _v1044;
									_t145 = _t145 - (0 | _v1044 == 0x00000000) + 1 - _t140;
									_v1044 = _v1052 + 2;
									_t144 = E01044620(_t134,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t145);
									__eflags = _t144;
									if(_t144 != 0) {
										_t140 = _v1044;
										_t136 = 0;
										__eflags = _t145;
										if(_t145 <= 0) {
											L39:
											_t108 = E010DB0D0(_t136, _t122, _t140, _t145,  &_v1037);
											__eflags = _t108;
											if(_t108 < 0) {
												L22:
												L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t144);
												goto L23;
											}
											__eflags = _v1037;
											if(_v1037 == 0) {
												goto L22;
											}
											_t111 = 0;
											__eflags = _t145;
											if(_t145 <= 0) {
												L45:
												L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t144);
												_t145 = _v1048;
												_t144 = _v1060;
												goto L13;
											} else {
												goto L42;
											}
											do {
												L42:
												__eflags =  *((char*)(_t111 + _t144)) - 1;
												if( *((char*)(_t111 + _t144)) == 1) {
													_t137 = _v1044;
													_t140 = 0xffe0;
													_t67 = _t137 + _t111 * 2;
													 *_t67 =  *((intOrPtr*)(_t137 + _t111 * 2)) + 0xffe0;
													__eflags =  *_t67;
												}
												_t111 = _t111 + 1;
												__eflags = _t111 - _t145;
											} while (_t111 < _t145);
											goto L45;
										} else {
											goto L36;
										}
										do {
											L36:
											__eflags = ( *(_t140 + _t136 * 2) & 0x0000ffff) + 0xffffffbf - 0x19;
											if(( *(_t140 + _t136 * 2) & 0x0000ffff) + 0xffffffbf <= 0x19) {
												_t58 = _t140 + _t136 * 2;
												 *_t58 =  *(_t140 + _t136 * 2) + 0x20;
												__eflags =  *_t58;
												 *((char*)(_t136 + _t144)) = 1;
											}
											_t136 = _t136 + 1;
											__eflags = _t136 - _t145;
										} while (_t136 < _t145);
										goto L39;
									}
									_t77 = 0xc0000017;
									goto L18;
								}
								_t121 = E010DB0D0( &_v1036, 1,  &_v1036, _v1052 -  &_v1036 >> 1,  &_v1037);
								__eflags = _t121;
								if(_t121 < 0) {
									goto L23;
								}
								__eflags = _v1037;
								if(_v1037 == 0) {
									goto L23;
								}
								goto L32;
							}
							 *((short*)(_t147 + _t92 - 0x408)) = 0;
						}
						if((_t122 & 0x00000008) != 0 || _v1038 != 0) {
							goto L13;
						} else {
							goto L29;
						}
					}
				}
			}

0x01025ad2
0x01025ad5
0x01025ad8
0x01025add
0x01025ae0
0x01025ae7
0x01025aea
0x01025af2
0x010812e6
0x010812e6
0x00000000
0x01025b1f
0x01025b1f
0x01025b28
0x00000000
0x00000000
0x01025b31
0x01081142
0x0108114a
0x0108114f
0x01081151
0x01081170
0x01081170
0x01025bed
0x01025bfd
0x01025bfd
0x01081159
0x01081159
0x01025b37
0x01025b3e
0x01025b47
0x0108117a
0x0108117a
0x01025b53
0x01025b70
0x01025b9a
0x00000000
0x01025b9c
0x01025ba4
0x01025baa
0x01081180
0x01081186
0x00000000
0x00000000
0x01081188
0x0108118b
0x0108118c
0x01081192
0x01081197
0x010811a8
0x010811ad
0x010811ad
0x010811b4
0x010811e5
0x010811f5
0x010811f9
0x01081200
0x01081207
0x01025bc2
0x01025bc2
0x01025bca
0x01025be9
0x01025be9
0x01025beb
0x00000000
0x01025bd1
0x01025bd3
0x01025c00
0x00000000
0x01025c00
0x01025be1
0x00000000
0x01025be6
0x01025bca
0x0108120f
0x01081225
0x01081227
0x0108123e
0x01081240
0x01081242
0x0108124e
0x01081254
0x01081256
0x01081258
0x01081275
0x0108128a
0x0108128f
0x01081291
0x0108115f
0x0108116b
0x00000000
0x0108116b
0x01081297
0x0108129e
0x00000000
0x00000000
0x010812a4
0x010812a6
0x010812a8
0x010812c4
0x010812d0
0x010812d5
0x010812db
0x00000000
0x00000000
0x00000000
0x00000000
0x010812aa
0x010812aa
0x010812aa
0x010812ae
0x010812b0
0x010812b6
0x010812bb
0x010812bb
0x010812bb
0x010812bb
0x010812bf
0x010812c0
0x010812c0
0x00000000
0x00000000
0x00000000
0x00000000
0x0108125a
0x0108125a
0x01081261
0x01081265
0x01081267
0x01081267
0x01081267
0x0108126c
0x0108126c
0x01081270
0x01081271
0x01081271
0x00000000
0x0108125a
0x01081244
0x00000000
0x01081244
0x010811d3
0x010811d8
0x010811da
0x00000000
0x00000000
0x010811dc
0x010811e3
0x00000000
0x00000000
0x00000000
0x010811e3
0x0108119b
0x0108119b
0x01025bb3
0x00000000
0x00000000
0x00000000
0x00000000
0x01025bb3
0x01025b9a

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c72b16b222b0823f69cd40d7a51cc5bd2ac015e7154a015af0c7aca6643e444c
Instruction ID: 122e8467b640b21d00dd67fa9dd98193a895624d52ed2bf314b55f44d9029abf
Opcode Fuzzy Hash: c72b16b222b0823f69cd40d7a51cc5bd2ac015e7154a015af0c7aca6643e444c
Instruction Fuzzy Hash: E881D6B1A041298FDB259A18CD40BEA77B8EF44314F0445E9DAD5E3281EB74DEC28B98

Uniqueness

Uniqueness Score: -1.00%

Function 0105138B Relevance: .2, Instructions: 206
COMMONCrypto

Download Yara Rule

C-Code - Quality: 85%

			E0105138B(signed int __ecx, signed int* __edx, intOrPtr _a4, signed int _a12, signed int _a16, char _a20, intOrPtr _a24) {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				signed int _t97;
				signed int _t102;
				void* _t105;
				char* _t112;
				signed int _t113;
				signed int _t117;
				signed int _t119;
				signed int* _t122;
				signed int _t124;
				signed int _t130;
				signed int _t136;
				char _t150;
				intOrPtr _t153;
				signed int _t161;
				signed int _t163;
				signed int _t170;
				signed int _t175;
				signed int _t176;
				signed int _t182;
				signed int* _t183;
				signed int* _t184;

				_t182 = __ecx;
				_t153 = _a24;
				_t183 = __edx;
				_v24 =  *((intOrPtr*)( *[fs:0x30] + 0x68));
				_t97 = _t153 - _a16;
				if(_t97 > 0xfffff000) {
					L19:
					return 0;
				}
				asm("cdq");
				_t150 = _a20;
				_v16 = _t97 / 0x1000;
				_t102 = _a4 + 0x00000007 & 0xfffffff8;
				_t170 = _t102 + __edx;
				_v20 = _t102 >> 0x00000003 & 0x0000ffff;
				_t105 = _t170 + 0x28;
				_v12 = _t170;
				if(_t105 >= _t150) {
					if(_t105 >= _t153) {
						goto L19;
					}
					_v8 = _t170 - _t150 + 8;
					_push(E01050678(__ecx, 1));
					_push(0x1000);
					_push( &_v8);
					_push(0);
					_push( &_a20);
					_push(0xffffffff);
					if(E01069660() < 0) {
						 *((intOrPtr*)(_t182 + 0x214)) =  *((intOrPtr*)(_t182 + 0x214)) + 1;
						goto L19;
					}
					if(E01047D50() == 0) {
						_t112 = 0x7ffe0380;
					} else {
						_t112 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t112 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E010E138A(_t150, _t182, _a20, _v8, 3);
					}
					_t150 = _a20 + _v8;
					_t153 = _a24;
					_a20 = _t150;
				}
				_t183[0] = 1;
				_t113 = _t153 - _t150;
				_t183[1] = 1;
				asm("cdq");
				_t175 = _t113 % 0x1000;
				_v28 = _t113 / 0x1000;
				 *_t183 = _v20;
				_t183[1] =  *(_t182 + 0x54);
				if((_v24 & 0x00001000) != 0) {
					_t117 = E010516C7(1, _t175);
					_t150 = _a20;
					_t183[0xd] = _t117;
				}
				_t183[0xb] = _t183[0xb] & 0x00000000;
				_t176 = _v12;
				_t183[3] = _a12;
				_t119 = _a16;
				_t183[7] = _t119;
				_t161 = _v16 << 0xc;
				_t183[6] = _t182;
				_t183[0xa] = _t119 + _t161;
				_t183[8] = _v16;
				_t122 =  &(_t183[0xe]);
				_t183[2] = 0xffeeffee;
				_t183[9] = _t176;
				 *((intOrPtr*)(_t182 + 0x1e8)) =  *((intOrPtr*)(_t182 + 0x1e8)) + _t161;
				 *((intOrPtr*)(_t182 + 0x1e4)) =  *((intOrPtr*)(_t182 + 0x1e4)) + _t161;
				_t122[1] = _t122;
				 *_t122 = _t122;
				if(_t183[6] != _t183) {
					_t124 = 1;
				} else {
					_t124 = 0;
				}
				_t183[1] = _t124;
				 *(_t176 + 4) =  *_t183 ^  *(_t182 + 0x54);
				if(_t183[6] != _t183) {
					_t130 = (_t176 - _t183 >> 0x10) + 1;
					_v24 = _t130;
					if(_t130 >= 0xfe) {
						_push(_t161);
						_push(0);
						E010EA80D(_t183[6], 3, _t176, _t183);
						_t150 = _a20;
						_t176 = _v12;
						_t130 = _v24;
					}
				} else {
					_t130 = 0;
				}
				 *(_t176 + 6) = _t130;
				E0104B73D(_t182, _t183, _t150 - 0x18, _v28 << 0xc, _t176,  &_v8);
				if( *((intOrPtr*)(_t182 + 0x4c)) != 0) {
					_t183[0] = _t183[0] ^  *_t183 ^ _t183[0];
					 *_t183 =  *_t183 ^  *(_t182 + 0x50);
				}
				if(_v8 != 0) {
					E0104A830(_t182, _v12, _v8);
				}
				_t136 = _t182 + 0xa4;
				_t184 =  &(_t183[4]);
				_t163 =  *(_t136 + 4);
				if( *_t163 != _t136) {
					_push(_t163);
					_push( *_t163);
					E010EA80D(0, 0xd, _t136, 0);
				} else {
					 *_t184 = _t136;
					_t184[1] = _t163;
					 *_t163 = _t184;
					 *(_t136 + 4) = _t184;
				}
				 *((intOrPtr*)(_t182 + 0x1f4)) =  *((intOrPtr*)(_t182 + 0x1f4)) + 1;
				return 1;
			}

0x0105139f
0x010513a1
0x010513a4
0x010513a6
0x010513ab
0x010513b3
0x01095522
0x00000000
0x01095522
0x010513b9
0x010513c1
0x010513c4
0x010513cd
0x010513d0
0x010513d9
0x010513dc
0x010513df
0x010513e4
0x0109552b
0x00000000
0x00000000
0x01095534
0x0109553f
0x01095545
0x01095549
0x0109554a
0x0109554f
0x01095550
0x01095559
0x0109551c
0x00000000
0x0109551c
0x01095562
0x01095574
0x01095564
0x0109556d
0x0109556d
0x0109557c
0x01095597
0x01095597
0x0109559f
0x010955a2
0x010955a5
0x010955a5
0x010513ec
0x010513f2
0x010513f4
0x010513f8
0x010513fe
0x01051400
0x01051406
0x01051412
0x01051419
0x010955b0
0x010955b5
0x010955b8
0x010955b8
0x01051425
0x01051429
0x0105142c
0x0105142f
0x01051432
0x01051435
0x0105143a
0x0105143d
0x01051443
0x01051446
0x01051449
0x01051450
0x01051453
0x01051459
0x0105145f
0x01051462
0x01051467
0x010514fa
0x0105146d
0x0105146d
0x0105146d
0x0105146f
0x01051479
0x01051480
0x01051507
0x01051508
0x01051510
0x010955c1
0x010955c2
0x010955cc
0x010955d1
0x010955d4
0x010955d7
0x010955d7
0x01051482
0x01051482
0x01051482
0x01051484
0x0105149b
0x010514a4
0x010514ae
0x010514b4
0x010514b4
0x010514ba
0x010514c4
0x010514c4
0x010514c9
0x010514cf
0x010514d2
0x010514d7
0x010955df
0x010955e0
0x010955ea
0x010514dd
0x010514dd
0x010514df
0x010514e2
0x010514e4
0x010514e4
0x010514e7
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
Instruction ID: e256817bc0579f702db9ed38dcc8b09a650fd08e49f059951ecf76e22e367c47
Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
Instruction Fuzzy Hash: A6818B71A00345AFDB25CF69C894BAABBF5FF48300F14856AE996C7651D730EA41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 010EB2E8 Relevance: .2, Instructions: 206
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E010EB2E8(signed int __ecx, signed int __edx, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				char _v12;
				char _v28;
				char _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				signed int _v92;
				intOrPtr _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t75;
				signed int _t79;
				char _t80;
				signed int _t95;
				signed int _t96;
				intOrPtr* _t97;
				signed int _t98;
				signed char* _t99;
				intOrPtr _t100;
				signed int _t101;
				void* _t119;
				signed int _t120;
				void* _t143;
				intOrPtr _t144;
				signed int _t150;
				signed int _t151;
				void* _t152;
				signed int _t157;

				_t135 = __edx;
				_t159 = (_t157 & 0xfffffff8) - 0x5c;
				_v8 =  *0x111d360 ^ (_t157 & 0xfffffff8) - 0x0000005c;
				_v92 = _a8;
				_v56 = __edx;
				_v88 = _a12;
				_t150 = __ecx;
				_v80 = __ecx;
				if(__edx <= 0x7fffffff) {
					_t135 = 1;
					_t75 = E010EC23A( &_v92, 1);
					__eflags = _t75;
					if(_t75 < 0) {
						goto L1;
					}
					_push(0);
					_push(0x2c);
					_push( &_v52);
					_push(0);
					_t79 = E01069860();
					__eflags = _t79;
					if(_t79 >= 0) {
						_t80 = _v12;
					} else {
						_t80 = 1;
						_v12 = 1;
					}
					_t144 = _v88;
					_t120 = E010EB0C7(_t150, _t80, _v92, _t144);
					__eflags = _t120;
					if(_t120 != 0) {
						_t16 = _t120 + 0xd8; // 0xd8
						 *(_t120 + 0xc) = _t150;
						_t18 = _t120 + 0x44; // 0x44
						_t19 = _t120 + 0x10; // 0x10
						 *_t120 = _v92;
						_t20 = _t120 + 0x118; // 0x118
						 *((intOrPtr*)(_t120 + 4)) = _t144;
						 *((intOrPtr*)(_t120 + 8)) = 0xddeeddee;
						E010EFC01(_t18, _t120, _t20, _t16, _t19, _v92, _t144);
						_t24 = _t120 + 0x84; // 0x84
						_t127 = _t24;
						E010EFC01(_t24, _t120, 0, 0, _t19, _v116, _t144);
						 *((intOrPtr*)(_t120 + 0x30)) = 0;
						 *((intOrPtr*)(_t120 + 0x34)) = 0;
						 *((intOrPtr*)(_t120 + 0x38)) = 0;
						__eflags =  *(_t120 + 0xc) & 0x20000000;
						 *((intOrPtr*)(_t120 + 0xc8)) = 0;
						if(( *(_t120 + 0xc) & 0x20000000) != 0) {
							_t127 = 0x10e20e0;
							 *(_t120 + 0x20) = E010DFD06(0x10e20e0) & 0x0000ffff;
						}
						asm("stosd");
						_t34 = _t120 + 0x44; // 0x44
						_t35 = _t120 + 0xd8; // 0xd8
						asm("stosd");
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_v60 = 0;
						_v76 = 0x10f12e0;
						_v72 = 0x10f0200;
						_v68 = 0x10f0100;
						_v64 = 0x10f0150;
						E010F2C75(_t35, _t34,  &_v76, _v92 & 1, _t127, 0x111a748);
						asm("stosd");
						_t44 = _t120 + 0x44; // 0x44
						_t45 = _t120 + 0x118; // 0x118
						asm("stosd");
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_t46 = _t120 + 0x10; // 0x10
						_v92 = 0x10f00b0;
						_v88 = 0x10f0200;
						_v84 = 0x10f0100;
						_v80 = 0x10f0150;
						_v76 = 0x10f00e0;
						E010ECC77(_t45, _t44, _v28, _v92 & 1,  &_v92, _t46, 0x111a73c);
						_t135 = _v92;
						_t56 = _t120 + 0x44; // 0x44
						 *(_t120 + 0xc4) =  *(_t120 + 0xc4) & 0x00000000;
						_t95 = E010EFC94(_t56, _v92, _a4);
						__eflags = _t95;
						if(_t95 >= 0) {
							_t151 = _t120;
							_t120 = 0;
							_t96 = E01047D50();
							__eflags = _t96;
							if(_t96 == 0) {
								_t97 = 0x7ffe0388;
							} else {
								_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
							}
							__eflags =  *_t97 - _t120;
							if( *_t97 != _t120) {
								_t135 =  *((intOrPtr*)(_t151 + 0xd4)) - _t151;
								__eflags =  *((intOrPtr*)(_t151 + 0xd4)) - _t151;
								E010DFD52(_t120, _t151,  *((intOrPtr*)(_t151 + 0xd4)) - _t151, _v80);
							}
							_t98 = E01047D50();
							_t147 = 0x7ffe0380;
							__eflags = _t98;
							if(_t98 == 0) {
								_t99 = 0x7ffe0380;
							} else {
								_t99 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							}
							__eflags =  *_t99 - _t120;
							if( *_t99 == _t120) {
								goto L27;
							} else {
								_t100 =  *[fs:0x30];
								__eflags =  *(_t100 + 0x240) & 0x00000001;
								if(( *(_t100 + 0x240) & 0x00000001) == 0) {
									goto L27;
								}
								_t101 = E01047D50();
								__eflags = _t101;
								if(_t101 != 0) {
									_t147 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								_t135 = _v80;
								__eflags =  *((intOrPtr*)(_t151 + 0xd4)) - _t151;
								E010E14A0(_t120, _t151, _v80, _t147,  *((intOrPtr*)(_t151 + 0xd4)) - _t151,  *((intOrPtr*)(_t151 + 0xd4)) - _t151,  *((intOrPtr*)(_t151 + 0xd0)) - _t151,  *_t147 & 0x000000ff);
								goto L25;
							}
						} else {
							_t151 = 0;
							L25:
							__eflags = _t120;
							if(_t120 != 0) {
								E010EB581(_t120);
							}
							goto L27;
						}
					} else {
						_t135 = 0;
						_t151 = 0;
						E010EC23A( &_v92, 0);
						L27:
						_pop(_t143);
						_pop(_t152);
						_pop(_t119);
						return E0106B640(_t151, _t119, _v8 ^ _t159, _t135, _t143, _t152);
					}
				}
				L1:
				_t151 = 0;
				goto L27;
			}

0x010eb2e8
0x010eb2f0
0x010eb2fa
0x010eb301
0x010eb308
0x010eb30c
0x010eb312
0x010eb314
0x010eb31f
0x010eb32e
0x010eb32f
0x010eb334
0x010eb336
0x00000000
0x00000000
0x010eb338
0x010eb33a
0x010eb340
0x010eb341
0x010eb343
0x010eb348
0x010eb34a
0x010eb354
0x010eb34c
0x010eb34c
0x010eb34e
0x010eb34e
0x010eb358
0x010eb36b
0x010eb36d
0x010eb36f
0x010eb387
0x010eb38f
0x010eb392
0x010eb395
0x010eb398
0x010eb39c
0x010eb3a2
0x010eb3a7
0x010eb3ae
0x010eb3b8
0x010eb3b8
0x010eb3c4
0x010eb3c9
0x010eb3cc
0x010eb3cf
0x010eb3d2
0x010eb3d9
0x010eb3df
0x010eb3e1
0x010eb3ee
0x010eb3ee
0x010eb3f7
0x010eb3f8
0x010eb401
0x010eb407
0x010eb408
0x010eb409
0x010eb40a
0x010eb40f
0x010eb41d
0x010eb427
0x010eb42f
0x010eb437
0x010eb43f
0x010eb44a
0x010eb44b
0x010eb453
0x010eb459
0x010eb45a
0x010eb45b
0x010eb45c
0x010eb45d
0x010eb465
0x010eb475
0x010eb47d
0x010eb485
0x010eb48d
0x010eb495
0x010eb49d
0x010eb4a1
0x010eb4a4
0x010eb4ab
0x010eb4b0
0x010eb4b2
0x010eb4bb
0x010eb4bd
0x010eb4bf
0x010eb4c4
0x010eb4c6
0x010eb4d8
0x010eb4c8
0x010eb4d1
0x010eb4d1
0x010eb4dd
0x010eb4df
0x010eb4ed
0x010eb4ed
0x010eb4ef
0x010eb4ef
0x010eb4f4
0x010eb4f9
0x010eb4fe
0x010eb500
0x010eb512
0x010eb502
0x010eb50b
0x010eb50b
0x010eb514
0x010eb516
0x00000000
0x010eb518
0x010eb518
0x010eb51e
0x010eb525
0x00000000
0x00000000
0x010eb527
0x010eb52c
0x010eb52e
0x010eb539
0x010eb539
0x010eb539
0x010eb544
0x010eb558
0x010eb55b
0x00000000
0x010eb55b
0x010eb4b4
0x010eb4b4
0x010eb560
0x010eb560
0x010eb562
0x010eb566
0x010eb566
0x00000000
0x010eb562
0x010eb371
0x010eb371
0x010eb377
0x010eb379
0x010eb56b
0x010eb571
0x010eb572
0x010eb573
0x010eb57e
0x010eb57e
0x010eb36f
0x010eb321
0x010eb321
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1e88ea3005b7f72afe6c0df07768625654bd98ef7dd825d58f420c5b102c490
Instruction ID: f629d233629bbadc9f6d9fdbc6457d2014734df0d36fe8e7ca8b8f9c5b4b1795
Opcode Fuzzy Hash: c1e88ea3005b7f72afe6c0df07768625654bd98ef7dd825d58f420c5b102c490
Instruction Fuzzy Hash: D671B272104341AFD751DF6AC989BABBBE9EF88740F04496DFDC58B215DA30D404CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 010BB8D0 Relevance: .2, Instructions: 199
COMMON

Download Yara Rule

C-Code - Quality: 39%

			E010BB8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x1117b9c; // 0x0
				_t124 = E01044620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E01069800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E010695B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E010695D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L010477F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E01069910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E010695D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x1117b9c; // 0x0
									_t92 = E01044620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E01069910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E0102A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E010BE7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E010BE7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E010695B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}

0x010bb8d9
0x010bb8e4
0x00000000
0x010bb8e6
0x010bb8f3
0x010bb8f5
0x010bb8f5
0x010bb8f8
0x010bb920
0x010bb924
0x010bb936
0x010bb939
0x010bb93d
0x010bb948
0x010bb9a0
0x010bb9a0
0x010bb9a4
0x010bb9bf
0x010bb9c4
0x010bb9c6
0x010bb9cd
0x010bb9d1
0x010bbad4
0x010bbad8
0x010bbada
0x010bbadc
0x010bbadc
0x010bbadf
0x010bbae0
0x010bbae2
0x010bbae4
0x010bbaec
0x010bbaee
0x010bbaf0
0x010bbaf0
0x010bbaec
0x010bbafb
0x010bbafc
0x010bbafe
0x010bbb01
0x010bbb01
0x00000000
0x010bbb06
0x010bb9d7
0x010bb9db
0x010bb9db
0x010bb9de
0x010bb9de
0x010bb9e4
0x010bb9e7
0x010bb9ea
0x010bb9ec
0x010bb9ef
0x010bb9f3
0x010bba1b
0x010bba1b
0x010bba23
0x010bba24
0x010bba27
0x010bba2a
0x010bba2b
0x010bba2e
0x010bba30
0x010bba37
0x010bba3f
0x010bba9c
0x010bbaa2
0x010bbb13
0x010bbb15
0x010bbaae
0x010bbaae
0x010bbab3
0x010bbab5
0x010bbaba
0x010bbac8
0x010bbac8
0x010bbaba
0x010bbacd
0x010bbacf
0x00000000
0x010bbacf
0x010bbb1a
0x00000000
0x010bbb1c
0x010bbaa7
0x010bbb11
0x00000000
0x010bbb11
0x010bbaa9
0x00000000
0x00000000
0x00000000
0x00000000
0x010bba41
0x010bba41
0x010bba41
0x010bba58
0x010bba5d
0x010bba62
0x00000000
0x00000000
0x010bba64
0x010bba67
0x010bba68
0x010bba69
0x010bba6c
0x010bba6f
0x010bba71
0x010bba78
0x010bba80
0x00000000
0x00000000
0x010bba90
0x010bba90
0x010bba97
0x00000000
0x010bba97
0x010bb9f5
0x010bb9f7
0x010bb9f7
0x010bb9fa
0x010bba03
0x010bba07
0x010bba0c
0x010bba10
0x010bba17
0x00000000
0x010bb9f7
0x010bb9a6
0x010bb9a8
0x010bb9af
0x010bb9b3
0x00000000
0x00000000
0x010bb9b9
0x00000000
0x010bb9b9
0x010bb94d
0x010bb98f
0x010bb995
0x010bb999
0x010bb960
0x010bb967
0x010bb968
0x010bb96a
0x00000000
0x010bb96a
0x010bb99b
0x010bb99e
0x00000000
0x00000000
0x00000000
0x010bb99e
0x010bb951
0x010bb954
0x010bb95a
0x010bb95e
0x010bb972
0x010bb979
0x010bb97d
0x010bb97f
0x010bb980
0x010bb982
0x010bb984
0x00000000
0x010bb984
0x00000000
0x010bb926
0x00000000
0x010bb926

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2400a8add1e29ec337547e63819776f1654efcfa653996c80f3214bce62e6be
Instruction ID: 4dd51685c14735868e0c39e2fd892e84c3e3c06b96ae106a676bca1061228d47
Opcode Fuzzy Hash: a2400a8add1e29ec337547e63819776f1654efcfa653996c80f3214bce62e6be
Instruction Fuzzy Hash: 3571EF72600702EFE732DF18C884FAABBE5EF44720F144968E695876A0DBB1E940CB50

Uniqueness

Uniqueness Score: -1.00%

Function 010A6DC9 Relevance: .2, Instructions: 199
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E010A6DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = E01044620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E010A6B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E01047D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E01069AE0();
					_t87 = L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E010A795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E010A795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E010A795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E010A795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = E01044620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E010A6B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E010A6B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E010A6B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E010A6B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E01047D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E01069AE0();
								L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L01042400( &_v36);
							if(_v24 >= 0) {
								_t87 = L01042400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L01042400( &_v52);
							}
							if(_v28 >= 0) {
								return L01042400( &_v60);
							}
						}
					}
				}
				return _t87;
			}

0x010a6dd4
0x010a6dde
0x010a6de1
0x010a6de3
0x010a6de6
0x010a6de9
0x010a6dec
0x010a6def
0x010a6df2
0x010a6df5
0x010a6dfe
0x010a6e04
0x010a6e09
0x010a6e0d
0x010a6e18
0x010a6e1b
0x010a6e22
0x010a6e2d
0x010a6e30
0x010a6e36
0x010a6e42
0x010a6e4d
0x010a6e50
0x010a6e55
0x010a6e5c
0x010a6e6e
0x010a6e5e
0x010a6e67
0x010a6e67
0x010a6e73
0x010a6e74
0x010a6e77
0x010a6e7c
0x010a6e7d
0x010a6e8e
0x010a6e93
0x010a6e9c
0x010a6ea8
0x010a6eab
0x010a6eac
0x010a6eb3
0x010a6ecd
0x010a6edc
0x010a6ee2
0x010a6ee5
0x010a6ef2
0x010a6efb
0x010a6f01
0x010a6f06
0x010a6f0b
0x010a6f11
0x010a6f1a
0x010a6f22
0x010a6f26
0x010a6f26
0x010a6f33
0x010a6f41
0x010a6f44
0x010a6f47
0x010a6f54
0x010a6f65
0x010a6f77
0x010a6f7c
0x010a6f82
0x010a6f91
0x010a6f99
0x010a6fa3
0x010a6fae
0x010a6fae
0x010a6fba
0x010a6fbb
0x010a6fbc
0x010a6fc1
0x010a6fc2
0x010a6fd3
0x010a6fd8
0x010a6fd8
0x010a6fdf
0x010a6fe8
0x010a6fee
0x010a6fee
0x010a6ff5
0x010a6ffb
0x010a6ffb
0x010a7004
0x00000000
0x010a700a
0x010a7004
0x010a6eb3
0x010a6e9c
0x010a7015

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
Instruction ID: c38acfd9269ee45d9b7fc0f77e85e485f0ff0fb65bcc1ade442956c263a873fc
Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
Instruction Fuzzy Hash: 53717B71A0020AEFDB11DFA8C984EEEBBB9FF48714F544469E645E7250DB31AA41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0103F370 Relevance: .2, Instructions: 194
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E0103F370(intOrPtr __ecx, signed int __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				unsigned int _v24;
				unsigned int _v28;
				void* __ebx;
				void* __edi;
				unsigned int _t65;
				signed int _t75;
				signed int _t76;
				intOrPtr* _t101;
				char* _t102;
				unsigned int _t115;
				signed int _t119;
				unsigned int _t124;
				void* _t134;
				signed int _t135;
				unsigned int _t137;
				signed int _t141;
				signed int _t148;
				void* _t152;
				intOrPtr* _t155;
				intOrPtr* _t156;
				unsigned int _t159;

				_v12 = __ecx;
				_v5 = __edx;
				_t65 = ((__edx & 0x000000ff) << 5) + __ecx;
				_t115 = _t65 - 0xa8;
				_v28 = _t65;
				_v24 = _t115;
				 *(_t115 + 0x14) = ( *(_t115 + 0x14) & 0x0000ffff) + 1;
				_v16 = 0x1116dc0 + (_t115 >> 0x00000002 & 0x0000001f) * 4;
				E01042280(_t115 >> 0x00000002 & 0x0000001f, 0x1116dc0 + (_t115 >> 0x00000002 & 0x0000001f) * 4);
				_t155 =  *_t115;
				if(_t155 != 0) {
					 *_t115 =  *_t155;
					 *((intOrPtr*)(_t115 + 4)) =  *((intOrPtr*)(_t115 + 4)) + 0xffff;
				}
				asm("lock cmpxchg [edi], ecx");
				_t119 = 1;
				if(1 != 1) {
					while(1) {
						_t75 = _t119 & 0x00000006;
						_v20 = _t75;
						_t76 = _t119;
						_t134 = (0 | _t75 == 0x00000002) * 4 - 1 + _t119;
						asm("lock cmpxchg [ebx], edi");
						if(_t76 == _t119) {
							break;
						}
						_t119 = _t76;
					}
					_t115 = _v24;
					if(_v20 == 2) {
						E010600C2(_v16, 0, _t134);
					}
					_t135 = 1;
				}
				if(_t155 == 0) {
					_t77 = _v5;
					if(_v5 <= 7) {
						L17:
						_t156 = E0103B433( *((intOrPtr*)(_v12 + 0xc)), _t77, _a4, _a8);
						if(_t156 != 0) {
							asm("lock inc dword [eax]");
						}
						L11:
						_t137 =  *(_t115 + 0x14) & 0x0000ffff;
						if(_t137 > 0x40) {
							_t148 =  *(_t115 + 0x18) & 0x0000ffff;
							if(_t137 >= (( *(_t115 + 0x16) & 0x0000ffff) >> 1) + ( *(_t115 + 0x16) & 0x0000ffff) || _t148 >= _t137 - (_t137 >> 1)) {
								L23:
								 *(_t115 + 0x14) = 0;
								 *(_t115 + 0x16) = 0;
								 *(_t115 + 0x18) = 0;
								goto L12;
							} else {
								if( *((intOrPtr*)(_t115 + 0xc)) >= 2) {
									if( *((intOrPtr*)(_t115 + 0x10)) <= 2) {
										goto L23;
									}
									L26:
									asm("lock cmpxchg [edx], ecx");
									goto L23;
								}
								goto L26;
							}
						}
						L12:
						return _t156;
					}
					_t159 = _v28 + 0xffffff38;
					_v28 = _t159;
					_t150 = 0x1116dc0 + (_t159 >> 0x00000002 & 0x0000001f) * 4;
					E01042280(_t159 >> 0x00000002 & 0x0000001f, 0x1116dc0 + (_t159 >> 0x00000002 & 0x0000001f) * 4);
					_t156 =  *_t159;
					if(_t156 != 0) {
						_t124 = _v28;
						 *_t124 =  *_t156;
						 *((intOrPtr*)(_t124 + 4)) =  *((intOrPtr*)(_t124 + 4)) + 0xffff;
					}
					E0103FFB0(_t115, _t150, _t150);
					if(_t156 != 0) {
						_v5 = _v5 - 1;
						_t135 = 1;
						L5:
						if(_t156 == 0) {
							goto L16;
						}
						_t141 = _t135 <<  *(_t156 + 8);
						if(_t141 > 0x78000) {
							_t141 = 0x78000;
						}
						_t152 = ( *(_t156 + 0xa) & 0x0000ffff) + _t141;
						_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
						if(_t101 != 0) {
							if( *_t101 == 0) {
								goto L8;
							}
							_t102 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							goto L9;
						} else {
							L8:
							_t102 = 0x7ffe0380;
							L9:
							if( *_t102 != 0) {
								if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
									E010E18CA(_t115,  *((intOrPtr*)(_v12 + 0xc)), _t156, _t152, _a4);
								}
							}
							asm("lock xadd [eax], edi");
							goto L11;
						}
					} else {
						L16:
						_t77 = _v5;
						goto L17;
					}
				}
				 *(_t115 + 0x18) = ( *(_t115 + 0x18) & 0x0000ffff) + 1;
				goto L5;
			}

0x0103f37a
0x0103f37d
0x0103f386
0x0103f389
0x0103f38f
0x0103f39a
0x0103f39d
0x0103f3b3
0x0103f3b6
0x0103f3bb
0x0103f3bf
0x0103f3c3
0x0103f3ca
0x0103f3ca
0x0103f3d7
0x0103f3db
0x0103f3df
0x0108bc33
0x0108bc37
0x0108bc3d
0x0108bc40
0x0108bc4c
0x0108bc50
0x0108bc56
0x00000000
0x00000000
0x0108bc58
0x0108bc58
0x0108bc60
0x0108bc63
0x0108bc6b
0x0108bc6b
0x0108bc70
0x0108bc70
0x0103f3e7
0x0103f45a
0x0103f45f
0x0103f495
0x0103f4a8
0x0103f4ac
0x0103f4ba
0x0103f4ba
0x0103f43f
0x0103f443
0x0103f449
0x0103f4e2
0x0103f4ee
0x0103f4fa
0x0103f4fc
0x0103f500
0x0103f504
0x00000000
0x0103f50d
0x0103f516
0x0103f52a
0x00000000
0x00000000
0x0103f51b
0x0103f51b
0x00000000
0x0103f51b
0x00000000
0x0103f518
0x0103f4ee
0x0103f44f
0x0103f457
0x0103f457
0x0103f464
0x0103f46c
0x0103f475
0x0103f47d
0x0103f482
0x0103f486
0x0103f4bf
0x0103f4c4
0x0103f4cb
0x0103f4cb
0x0103f489
0x0103f490
0x0103f4d1
0x0103f4d4
0x0103f3f5
0x0103f3f7
0x00000000
0x00000000
0x0103f400
0x0103f408
0x0108bc7a
0x0108bc7a
0x0103f418
0x0103f41a
0x0103f41f
0x0108bc87
0x00000000
0x00000000
0x0108bc96
0x00000000
0x0103f425
0x0103f425
0x0103f425
0x0103f42a
0x0103f42d
0x0108bcad
0x0108bcbf
0x0108bcbf
0x0108bcad
0x0103f43b
0x00000000
0x0103f43b
0x0103f492
0x0103f492
0x0103f492
0x00000000
0x0103f492
0x0103f490
0x0103f3f1
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfab2f210e7e66f330521996db1fba3f0c8589254d16cefcd4f84e932a9ef10a
Instruction ID: 122a3f7ccc4134f3c8fdf4fe0b742726a7e754ec97be17b31ded2ce7b95c9fcc
Opcode Fuzzy Hash: cfab2f210e7e66f330521996db1fba3f0c8589254d16cefcd4f84e932a9ef10a
Instruction Fuzzy Hash: 8B610F36E042169BCB65CF5CC4802AEBBF5EF85300B1881A9E8D5DB345DB34D952CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0102395E Relevance: .2, Instructions: 172
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E0102395E(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t54;
				intOrPtr _t57;
				intOrPtr _t67;
				intOrPtr _t74;
				void* _t77;
				intOrPtr* _t81;
				signed int _t93;
				void* _t94;
				intOrPtr* _t97;
				intOrPtr* _t104;
				intOrPtr _t109;
				signed int _t112;
				intOrPtr* _t113;
				signed int _t114;
				void* _t123;

				_v8 =  *0x111d360 ^ _t114;
				_t54 =  *0x11184cc; // 0x0
				_v16 = __edx;
				_t93 = 0;
				_t112 = __ecx;
				_v12 = _v12 & 0;
				L0104FAD0(_t54 + 4);
				_t109 =  *0x11184cc; // 0x0
				_t110 = _t109 + 8;
				_t97 =  *_t110;
				while(_t97 != _t110) {
					_t113 = _t97 - 0x1c;
					_t67 =  *((intOrPtr*)(_t112 + 0xc));
					if( *((intOrPtr*)(_t113 + 0x10)) !=  *((intOrPtr*)(_t112 + 8)) ||  *((intOrPtr*)(_t113 + 0x14)) != _t67 ||  *((intOrPtr*)(_t113 + 8)) !=  *_t112) {
						L21:
						_t97 =  *_t97;
						continue;
					} else {
						_t69 =  *((intOrPtr*)(_t113 + 0xc));
						if( *((intOrPtr*)(_t113 + 0xc)) !=  *((intOrPtr*)(_t112 + 4))) {
							goto L21;
						}
						_t94 = _t113 + 0x28;
						E01042280(_t69, _t94);
						if( *(_t113 + 0x5c) == 2) {
							__eflags = _v16;
							if(_v16 == 0) {
								L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *(_t113 + 0x58));
								 *(_t113 + 0x58) =  *(_t113 + 0x58) & 0x00000000;
								 *(_t113 + 0x5c) =  *(_t113 + 0x5c) & 0x00000000;
								L8:
								asm("lock inc dword [esi+0x50]");
								 *(_t113 + 0x5c) = 1;
								E0103FFB0(_t94, _t112, _t94);
								_t74 =  *0x11184cc; // 0x0
								_t123 = _t74 + 4;
								E0104FA00(_t94, _t97, _t112, _t74 + 4);
								while(1) {
									_t95 = 0;
									_t77 = E01023ACA(0, _t112, _t113, _t112, _t113, _t123, 0);
									_t124 = _t77 - 0xc000022d;
									if(_t77 == 0xc000022d) {
										_t95 = 0xc000022d;
									}
									_t110 = _t113;
									if(E01023ACA(_t95, _t112, _t113, _t112, _t113, _t124, 1) == 0xc000022d) {
										_t93 = 0xc000022d;
									}
									E01042280(_t113 + 0x28, _t113 + 0x28);
									_v12 = _v12 + 1;
									_t104 = _t113 + 0x2c;
									_t81 =  *_t104;
									while(_t81 != _t104) {
										 *(_t81 + 0x60) =  *(_t81 + 0x60) & 0x00000000;
										_t81 =  *_t81;
									}
									if( *(_t113 + 0x58) != 0) {
										_t112 =  *(_t113 + 0x58);
										 *(_t113 + 0x58) =  *(_t113 + 0x58) & 0x00000000;
										E0103FFB0(_t93, _t112, _t113 + 0x28);
										continue;
									}
									if(_t93 != 0) {
										__eflags = _t93 - 0xc000022d;
										if(_t93 == 0xc000022d) {
											 *(_t113 + 0x58) = _t112;
											 *(_t113 + 0x5c) = 2;
											E010B2DA1(_t113);
										}
										L17:
										E0103FFB0(_t93, _t112, _t113 + 0x28);
										E0105DE9E(_t113);
										L18:
										if(_v12 > 1) {
											_t113 = 0;
											_t49 = _t112 + 8; // 0x8
											_push(0);
											_push(0);
											_push(_t93);
											_push( *((intOrPtr*)(_t112 + 0x18)));
											_push(_t112);
											E0106A3A0();
											__eflags = _t93;
											if(_t93 == 0) {
												L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t112);
											}
											_t93 = 0x80;
										}
										return E0106B640(_t93, _t93, _v8 ^ _t114, _t110, _t112, _t113);
									}
									 *(_t113 + 0x5c) =  *(_t113 + 0x5c) & _t93;
									if( *((intOrPtr*)(_t113 + 0x18)) != _t93) {
										__eflags =  *((intOrPtr*)(_t112 + 0x10)) -  *((intOrPtr*)(_t113 + 0x18));
										if( *((intOrPtr*)(_t112 + 0x10)) -  *((intOrPtr*)(_t113 + 0x18)) > 0) {
											goto L16;
										}
										goto L17;
									}
									L16:
									 *((intOrPtr*)(_t113 + 0x18)) =  *((intOrPtr*)(_t112 + 0x10));
									goto L17;
								}
							}
							_push(_t94);
							L27:
							E0103FFB0(_t94, _t112);
							_t93 = 0x80;
							break;
						}
						if( *(_t113 + 0x5c) == 1) {
							__eflags = _v16;
							_push(_t94);
							if(_v16 != 0) {
								goto L27;
							}
							 *(_t113 + 0x58) = _t112;
							E0103FFB0(_t94, _t112);
							_t93 = 0x103;
							break;
						}
						goto L8;
					}
				}
				_t57 =  *0x11184cc; // 0x0
				E0104FA00(_t93, _t97, _t112, _t57 + 4);
				goto L18;
			}

0x0102396d
0x01023970
0x0102397b
0x0102397e
0x01023980
0x01023982
0x01023986
0x0102398b
0x01023991
0x01023994
0x01023996
0x010239a1
0x010239a7
0x010239aa
0x01023aa7
0x01023aa7
0x00000000
0x010239c4
0x010239c4
0x010239ca
0x00000000
0x00000000
0x010239d0
0x010239d4
0x010239dd
0x0107fffc
0x01080000
0x01080020
0x01080025
0x01080029
0x010239ed
0x010239ed
0x010239f2
0x010239f9
0x010239fe
0x01023a03
0x01023a07
0x01023a0c
0x01023a0c
0x01023a13
0x01023a1d
0x01023a1f
0x0108004b
0x0108004b
0x01023a27
0x01023a37
0x01080052
0x01080052
0x01023a41
0x01023a46
0x01023a49
0x01023a4c
0x01023a4e
0x01023a9f
0x01023aa3
0x01023aa3
0x01023a56
0x01080059
0x0108005f
0x01080064
0x00000000
0x01080064
0x01023a5e
0x01080073
0x01080075
0x0108007d
0x01080080
0x01080087
0x01080087
0x01023a72
0x01023a76
0x01023a7d
0x01023a82
0x01023a86
0x01080091
0x01080093
0x01080096
0x01080097
0x01080098
0x01080099
0x0108009c
0x0108009e
0x010800a3
0x010800a5
0x010800b2
0x010800b2
0x010800b7
0x010800b7
0x01023a9e
0x01023a9e
0x01023a64
0x01023a6a
0x01023ac4
0x01023ac6
0x00000000
0x00000000
0x00000000
0x01023ac8
0x01023a6c
0x01023a6f
0x00000000
0x01023a6f
0x01023a0c
0x01080002
0x01080003
0x01080003
0x01080008
0x00000000
0x01080008
0x010239e7
0x01080032
0x01080036
0x01080037
0x00000000
0x00000000
0x01080039
0x0108003c
0x01080041
0x00000000
0x01080041
0x00000000
0x010239e7
0x010239aa
0x01023aae
0x01023ab7
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e66c22ed5eaeb4dabd8543ce12dd45afd96460b3f87596f7c744e66c60280799
Instruction ID: 3174c7b9a7a8235584696a358e886b7cd7d35fb2d8411cf82eed133eff879f29
Opcode Fuzzy Hash: e66c22ed5eaeb4dabd8543ce12dd45afd96460b3f87596f7c744e66c60280799
Instruction Fuzzy Hash: BF518071A007529FDB24EF59C484B6AB7F9BF59309F00486DE1C28B611CB78E849CF80

Uniqueness

Uniqueness Score: -1.00%

Function 0102B171 Relevance: .2, Instructions: 166
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 78%

			E0102B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x10ff7a8);
				E0107D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0107D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0106D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0106F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0107DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0106B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0106B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0106E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0106A890() != 0) {
					goto L6;
				}
				goto L3;
			}

0x0102b171
0x0102b171
0x0102b171
0x0102b171
0x0102b171
0x0102b176
0x0102b17b
0x0102b180
0x0102b186
0x0102b18f
0x0102b198
0x0102b1a4
0x0102b1aa
0x01084802
0x01084802
0x01084805
0x0108480c
0x0108480e
0x0102b1d1
0x0102b1d3
0x0102b1de
0x0102b1de
0x01084817
0x0108481e
0x01084820
0x01084822
0x01084822
0x01084824
0x01084824
0x0108482a
0x00000000
0x00000000
0x01084835
0x0108483a
0x0108483d
0x0108483f
0x01084842
0x01084842
0x01084842
0x01084846
0x0108484c
0x0108484e
0x01084851
0x01084851
0x01084853
0x01084854
0x01084854
0x01084858
0x0108485a
0x0108485a
0x0108485d
0x0108485f
0x01084861
0x01084861
0x01084866
0x0108486b
0x0108486e
0x01084871
0x01084876
0x01084876
0x01084878
0x0108487b
0x01084884
0x01084884
0x00000000
0x0108487d
0x0108487d
0x01084882
0x01084889
0x01084889
0x0108488f
0x01084891
0x010848e0
0x010848e2
0x010848e4
0x010848e4
0x010848e7
0x010848e7
0x010848ed
0x010848f4
0x010848f6
0x01084951
0x01084951
0x01084953
0x01084953
0x01084956
0x01084956
0x01084958
0x01084959
0x01084959
0x0108495d
0x0108495d
0x0108495f
0x0108495f
0x01084965
0x01084969
0x010849ba
0x010849ba
0x010849c1
0x010849c5
0x010849cc
0x010849d4
0x010849d7
0x010849da
0x010849e4
0x010849e5
0x010849f3
0x01084a02
0x00000000
0x01084a02
0x01084972
0x01084974
0x00000000
0x00000000
0x01084976
0x01084979
0x01084982
0x01084983
0x01084984
0x0108498b
0x0108498d
0x01084991
0x01084993
0x01084999
0x0108499d
0x010849a2
0x010849a2
0x010849a2
0x01084999
0x010849ac
0x00000000
0x010849b3
0x010848f8
0x010848fe
0x00000000
0x00000000
0x00000000
0x010848fe
0x01084895
0x0108489c
0x010848ad
0x010848b2
0x010848b5
0x010848b7
0x010848ba
0x010848bc
0x010848c6
0x010848c6
0x010848cb
0x010848d1
0x010848d4
0x010848d8
0x010848d8
0x00000000
0x010848d8
0x010848be
0x010848c0
0x00000000
0x00000000
0x010848c2
0x00000000
0x00000000
0x00000000
0x010848c4
0x00000000
0x01084882
0x0108487b
0x01084904
0x01084906
0x00000000
0x00000000
0x01084908
0x0108490e
0x00000000
0x00000000
0x01084910
0x01084917
0x01084917
0x00000000
0x01084917
0x0102b1ba
0x010847f9
0x010847fc
0x00000000
0x00000000
0x00000000
0x010847fc
0x0102b1c0
0x0102b1c0
0x0102b1c3
0x0102b1cb
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1534d65dfe17949156d75db2611c494255bae94c6b3f43a3c5a62dadb875bf5
Instruction ID: f0ae59541a0f79cc527558a15f1d3965f62e3dfbe1695e07d44ffb82a36f1cff
Opcode Fuzzy Hash: a1534d65dfe17949156d75db2611c494255bae94c6b3f43a3c5a62dadb875bf5
Instruction Fuzzy Hash: 8651C271D1826ACEDB72EF68C844BAEBBF0BF04710F1141A9D8D9EB282D7714945CB91

Uniqueness

Uniqueness Score: -1.00%

Function 010595EC Relevance: .2, Instructions: 165
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E010595EC(intOrPtr __ecx, signed int __edx, intOrPtr _a4) {
				intOrPtr _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v20;
				signed int _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t55;
				signed int _t59;
				signed int* _t62;
				void* _t68;
				intOrPtr _t86;
				void* _t90;
				signed int _t91;
				signed int _t92;
				signed int _t95;
				signed int _t111;
				signed int _t114;
				signed int _t116;

				_v8 =  *0x111d360 ^ _t116;
				_t114 = __edx;
				_v28 = __ecx;
				_v24 = 0;
				_v20 = 0;
				_t115 =  *((intOrPtr*)(__edx + 0x58));
				if(_t115 != 0) {
					_push( &_v20);
					_push(0);
					_push(0);
					E01063720(_t90, __edx, __edx, _t115, __eflags);
				}
				_t91 = _t114 + 0x8c;
				_t95 =  *_t91;
				do {
					_t111 = _t95;
					_t55 = _t95 >> 1;
					if(_t55 == 0) {
						_v16 = _v16 & 0x00000000;
						_v12 = _v12 & 0x00000000;
					} else {
						_v16 = 1;
						_v12 = 1;
						if((_t95 & 0x00000001 | _t55 * 0x00000002 - 0x00000002) < 2) {
							_v12 = _v12 & 0x00000000;
						}
					}
					asm("lock cmpxchg [ebx], ecx");
					_t95 = _t111;
				} while (_t95 != _t111);
				_t92 = _t91 | 0xffffffff;
				if(_t115 != 0) {
					__eflags = _v16;
					if(__eflags != 0) {
						__eflags = E0105EAA0(_t95, 0, _t115);
						if(__eflags >= 0) {
							_t86 = _v28;
							_t35 = _t86 + 0x50;
							 *_t35 =  *(_t86 + 0x50) | 0x00000100;
							__eflags =  *_t35;
							 *((intOrPtr*)(_t86 + 0x64)) = _t115;
						} else {
							_v16 = _v16 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							_v24 = 1;
						}
					}
					_push(_v20);
					_push(0);
					E01064520(_t92, _t114, _t115, __eflags);
					__eflags = _v24;
					if(_v24 != 0) {
						_t113 = _t92;
						E01059ED0(_t114 + 0x20, _t92, 0);
						E010F8450(_t114);
					}
				}
				if(_v12 != 0) {
					_push(2);
					asm("lock xadd [edi], eax");
					_t59 = E01047D50();
					__eflags = _t59;
					if(_t59 != 0) {
						_t62 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t62 = 0x7ffe0386;
					}
					__eflags =  *_t62;
					if( *_t62 != 0) {
						E010F8A62( *(_t114 + 0x5c), _t114 + 0x78,  *((intOrPtr*)(_t114 + 0x30)),  *((intOrPtr*)(_t114 + 0x34)),  *((intOrPtr*)(_t114 + 0x3c)));
					}
					_t113 =  *(_t114 + 0x5c);
					E01059702(_t92, _t114 + 0x78,  *(_t114 + 0x5c),  *((intOrPtr*)(_t114 + 0x74)), 0);
					asm("lock xadd [edi], eax");
					if(__eflags == 0) {
						_t115 =  *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))));
						 *0x111b1e0(_t114);
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))))))();
					}
				}
				if(_a4 != 0) {
					_t113 = 0;
					__eflags = E0105992F(0);
					if(__eflags != 0) {
						 *((intOrPtr*)(_t114 + 0x70)) = _v0;
						asm("lock xadd [edi], eax");
						if(__eflags == 0) {
							_t115 =  *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))));
							 *0x111b1e0(_t114);
							 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))))))();
						}
					}
				}
				if(_v16 == 0) {
					asm("lock xadd [edi], ebx");
					_t92 = _t92 - 1;
					__eflags = _t92;
					if(_t92 == 0) {
						_t115 =  *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))));
						 *0x111b1e0(_t114);
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))))))();
					}
					_t68 = 0;
				} else {
					_t113 = _t114;
					E0104E63F(_v28, _t114);
					_t68 = 1;
				}
				return E0106B640(_t68, _t92, _v8 ^ _t116, _t113, _t114, _t115);
			}

0x010595fb
0x01059601
0x01059603
0x01059608
0x0105960b
0x0105960e
0x01059613
0x0109967f
0x01099680
0x01099681
0x01099682
0x01099682
0x01059619
0x0105961f
0x01059621
0x01059623
0x01059625
0x01059627
0x0109968c
0x01099690
0x0105962d
0x01059634
0x01059643
0x01059649
0x0105964b
0x0105964f
0x01059649
0x01059653
0x01059657
0x01059659
0x0105965d
0x01059662
0x0109969c
0x010996a0
0x010996aa
0x010996ac
0x010996bf
0x010996c2
0x010996c2
0x010996c2
0x010996c9
0x010996ae
0x010996ae
0x010996b2
0x010996b6
0x010996b6
0x010996ac
0x010996cc
0x010996cf
0x010996d1
0x010996d6
0x010996da
0x010996e5
0x010996e7
0x010996ed
0x010996ed
0x010996da
0x0105966c
0x0105969e
0x010596a1
0x010596a5
0x010596aa
0x010596ac
0x01099700
0x010596b2
0x010596b2
0x010596b2
0x010596b9
0x010596bb
0x01099719
0x01099719
0x010596c1
0x010596cc
0x010596d3
0x010596d7
0x01099727
0x0109972b
0x01099731
0x01099731
0x010596d7
0x01059672
0x010596de
0x010596e7
0x010596e9
0x010596ee
0x010596f3
0x010596f7
0x0109973c
0x01099740
0x01099746
0x01099746
0x010596f7
0x010596e9
0x01059678
0x0109974d
0x01099751
0x01099751
0x01099752
0x01099758
0x0109975c
0x01099762
0x01099762
0x01099764
0x0105967e
0x01059681
0x01059683
0x0105968a
0x0105968a
0x0105969b

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf8d692726d32535c43593c9886ca17a06f139c9874e2ad4f129b3a6d36ccbe3
Instruction ID: 7d2a36e8f97cd5578c4e93737c36d85e0b365f5ff1cbc6fe8703b97c1c79ded4
Opcode Fuzzy Hash: bf8d692726d32535c43593c9886ca17a06f139c9874e2ad4f129b3a6d36ccbe3
Instruction Fuzzy Hash: F751CE70A0060AEFDF56DF68C954BBEBBB4BF18318F00416DE99297290EB749914CB90

Uniqueness

Uniqueness Score: -1.00%

Function 010EB581 Relevance: .2, Instructions: 163
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E010EB581(char __ecx) {
				signed int _v8;
				signed int _v11;
				intOrPtr _v15;
				short _v41;
				char _v47;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v55;
				signed int _v56;
				char _v60;
				intOrPtr _v63;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t54;
				signed int _t60;
				char* _t66;
				void* _t67;
				signed int _t87;
				signed int _t88;
				void* _t89;
				signed char _t91;
				intOrPtr* _t98;
				signed int _t107;
				signed int _t108;
				signed int _t114;
				signed int _t115;
				char _t117;
				void* _t120;
				signed int* _t123;
				void* _t124;
				signed int _t128;
				signed int _t129;

				_t131 = (_t129 & 0xfffffff8) - 0x3c;
				_v8 =  *0x111d360 ^ (_t129 & 0xfffffff8) - 0x0000003c;
				_t117 = __ecx;
				_v60 = __ecx;
				_t91 =  *((intOrPtr*)(__ecx + 0x38));
				_t54 =  *(__ecx + 0x34);
				_t87 = _t91 & 1;
				if(_t54 == 0) {
					L17:
					 *(_t117 + 0x34) =  *(_t117 + 0x34) & 0x00000000;
					 *(_t117 + 0x38) =  *(_t117 + 0x38) & 0x00000000;
					if((_t91 & 0x00000001) != 0) {
						 *(_t117 + 0x38) = 1;
					}
					_t118 = _v60;
					_t88 = _v60 + 0xe8;
					while(1) {
						_t122 =  *_t88;
						if( *_t88 == 0) {
							break;
						}
						E010F2EF7(_t118 + 0xd8, _t122 ^ _t88);
						E010F3209(_t118 + 0xd8, _t122 ^ _t88, 1);
					}
					E010ECB82(_v60 + 0x118);
					E010EFA96();
					E010EFA96();
					_t98 = _v60;
					_v48 =  *((intOrPtr*)(_t98 + 4));
					_t60 =  *((intOrPtr*)(_t98 + 0xd4)) - _t98;
					_v52 =  *_t98;
					_v56 = _t60;
					_push( *((intOrPtr*)(_t98 + 4)));
					_push( *_t98);
					if(( *(_t98 + 0x2c) & 0x00000001) == 0) {
						asm("sbb eax, eax");
						_push((_t60 & 0x01000000) + 0x8000);
						E010EAFDE( &_v60,  &_v56);
					} else {
						E010EBCD2(_t98);
					}
					E010EC23A( &_v55, 0);
					if(E01047D50() == 0) {
						_t66 = 0x7ffe0388;
					} else {
						_t66 = ( *[fs:0x30])[0x14] + 0x22e;
					}
					if( *_t66 != 0) {
						E010DFDD3(_v63);
					}
					_t67 = E01047D50();
					_t123 = 0x7ffe0380;
					if(_t67 == 0) {
						_t68 = 0x7ffe0380;
					} else {
						_t68 = ( *[fs:0x30])[0x14] + 0x226;
					}
					if( *_t68 != 0) {
						_t68 =  *[fs:0x30];
						if((( *[fs:0x30])[0x90] & 0x00000001) != 0) {
							if(E01047D50() != 0) {
								_t123 = ( *[fs:0x30])[0x14] + 0x226;
							}
							_v15 = _v63;
							_v41 = 0x1023;
							_push( &_v47);
							_push(4);
							_push(0x402);
							_push( *_t123 & 0x000000ff);
							_t68 = E01069AE0();
						}
					}
					_pop(_t120);
					_pop(_t124);
					_pop(_t89);
					return E0106B640(_t68, _t89, _v11 ^ _t131, 0, _t120, _t124);
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t107 =  *_t54;
					if(_t107 != 0) {
						break;
					}
					_t108 =  *(_t54 + 4);
					if(_t108 == 0) {
						_t128 =  *(_t54 + 8) & 0xfffffffc;
						if(_t87 != 0 && _t128 != 0) {
							_t128 = _t128 ^ _t54;
						}
						E010EE962(_t87, _t108, _t54, _t117);
						if(_t128 == 0) {
							_t91 =  *(_t117 + 0x38);
							goto L17;
						} else {
							_t54 = _t128;
							continue;
						}
					}
					_t115 = _t54;
					if(_t87 == 0) {
						_t54 = _t108;
					} else {
						_t54 = _t54 ^ _t108;
					}
					 *(_t115 + 4) =  *(_t115 + 4) & 0x00000000;
				}
				_t114 = _t54;
				if(_t87 == 0) {
					_t54 = _t107;
				} else {
					_t54 = _t54 ^ _t107;
				}
				 *_t114 =  *_t114 & 0x00000000;
				goto L1;
			}

0x010eb589
0x010eb593
0x010eb59a
0x010eb59c
0x010eb5a0
0x010eb5a3
0x010eb5a9
0x010eb5ae
0x010eb602
0x010eb602
0x010eb606
0x010eb60d
0x010eb60f
0x010eb60f
0x010eb613
0x010eb617
0x010eb61d
0x010eb61d
0x010eb621
0x00000000
0x00000000
0x010eb62d
0x010eb63c
0x010eb63c
0x010eb64d
0x010eb659
0x010eb668
0x010eb66d
0x010eb676
0x010eb680
0x010eb682
0x010eb686
0x010eb68e
0x010eb691
0x010eb693
0x010eb6a7
0x010eb6b3
0x010eb6b4
0x010eb695
0x010eb695
0x010eb695
0x010eb6bf
0x010eb6cb
0x010eb6dd
0x010eb6cd
0x010eb6d6
0x010eb6d6
0x010eb6e5
0x010eb6eb
0x010eb6eb
0x010eb6f0
0x010eb6f5
0x010eb701
0x010eb710
0x010eb703
0x010eb70c
0x010eb70c
0x010eb715
0x010eb717
0x010eb724
0x010eb72d
0x010eb738
0x010eb738
0x010eb740
0x010eb749
0x010eb752
0x010eb753
0x010eb755
0x010eb75d
0x010eb75e
0x010eb75e
0x010eb724
0x010eb767
0x010eb768
0x010eb769
0x010eb774
0x00000000
0x00000000
0x00000000
0x010eb5b0
0x010eb5b0
0x010eb5b0
0x010eb5b4
0x00000000
0x00000000
0x010eb5c7
0x010eb5cc
0x010eb5e3
0x010eb5e8
0x010eb5ee
0x010eb5ee
0x010eb5f2
0x010eb5f9
0x010eb5ff
0x00000000
0x010eb5fb
0x010eb5fb
0x00000000
0x010eb5fb
0x010eb5f9
0x010eb5ce
0x010eb5d2
0x010eb5d8
0x010eb5d4
0x010eb5d4
0x010eb5d4
0x010eb5da
0x010eb5da
0x010eb5b6
0x010eb5ba
0x010eb5c0
0x010eb5bc
0x010eb5bc
0x010eb5bc
0x010eb5c2
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5064b6b333183f224f7651b74e69a753985b3b5aebe703d9a1b376863da2ff1c
Instruction ID: e7e27a89b3fb88fb5ff0358b8446d3ba5266e334ca8f5253b3bec30a5e271ca9
Opcode Fuzzy Hash: 5064b6b333183f224f7651b74e69a753985b3b5aebe703d9a1b376863da2ff1c
Instruction Fuzzy Hash: A15104326047438FE355DF2AC598BAABBE0BF94304F1804ADE9C58B690EB34D805CBC1

Uniqueness

Uniqueness Score: -1.00%

Function 010252A5 Relevance: .2, Instructions: 161
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E010252A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E0103EEF0(0x11179a0);
					_t104 =  *0x1118210; // 0xbb2d88
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E0103EB70(_t93, 0x11179a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E01069890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E0103EEF0(0x11179a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E0103EB70(0, 0x11179a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0xbb2d95
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E0105F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E0103EEF0(0x11179a0);
									__eflags =  *0x1118210 - _t104; // 0xbb2d88
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x1118210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E010A4888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E0103EB70(_t95, 0x11179a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E010695D0();
											L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E010695D0();
											L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E0103EB70(_t93, 0x11179a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E010695D0();
										L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E010695D0();
										L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E0105F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

0x010252a5
0x010252ad
0x010252b0
0x010252b3
0x010252b7
0x010252ba
0x010252bf
0x010252c4
0x010252cc
0x00000000
0x00000000
0x010252ce
0x010252d9
0x010252dd
0x010252e7
0x010252f7
0x010252f9
0x010252fd
0x01080dcf
0x01080dd5
0x01080dd6
0x01080dd7
0x01080dd8
0x01080dd9
0x01080dde
0x01080ddf
0x01080de0
0x01080de1
0x01080de2
0x01080de5
0x01080dea
0x01080dec
0x01080f60
0x01080f64
0x01080f70
0x01080f76
0x01080f79
0x01080f79
0x00000000
0x01080f64
0x01080df2
0x01080df7
0x01080e04
0x01080e0d
0x01080e0d
0x01080e10
0x01080e1a
0x01080e1c
0x01080e4c
0x01080e52
0x01080e61
0x01080e67
0x01080e6b
0x01080e70
0x01080e76
0x01080ed7
0x01080edc
0x01080ee0
0x01080ee6
0x01080eea
0x01080eed
0x01080ef0
0x01080ef3
0x01080ef6
0x01080ef9
0x01080efe
0x01080f01
0x01080f01
0x01080f0b
0x01080f12
0x01080f16
0x01080f18
0x01080f1b
0x01080f2c
0x01080f31
0x01080f31
0x01080f35
0x01080f39
0x01080f3a
0x01080f3c
0x01080f3f
0x01080f50
0x01080f55
0x01080f55
0x01080f59
0x010252eb
0x010252f1
0x010252f1
0x01080e7d
0x01080e84
0x01080e88
0x01080e8a
0x01080e8d
0x01080e9e
0x01080ea3
0x01080ea3
0x01080ea7
0x01080eaf
0x01080eb3
0x01080eb9
0x01080eb9
0x01080ebc
0x01080ecd
0x01080ecd
0x00000000
0x01080eb3
0x01080e21
0x01080e2b
0x01080e2f
0x01080e30
0x01080e3a
0x01080e3f
0x01080e41
0x00000000
0x00000000
0x01080e47
0x00000000
0x01080e47
0x01080df9
0x01080dfe
0x00000000
0x00000000
0x00000000
0x01080dfe
0x01025303
0x01025307
0x00000000
0x01025309
0x00000000
0x01025309
0x01025307
0x010252e9
0x010252e9
0x00000000
0x010252e9
0x0102530e
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42e053980cfe6676f9aa686369b5ed3e957cb59efcf8fd67ef761ef8ad30b7a8
Instruction ID: aa29e6113d0a73b713cbc994a92fb09d567bf926b281f136052454cda8bbc89a
Opcode Fuzzy Hash: 42e053980cfe6676f9aa686369b5ed3e957cb59efcf8fd67ef761ef8ad30b7a8
Instruction Fuzzy Hash: 1451DC702057429BD722EF28C841BABBBE8FF91710F14492EF4D583A91E770E848C796

Uniqueness

Uniqueness Score: -1.00%

Function 01052AE4 Relevance: .2, Instructions: 159
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01052AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x1118204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x1118208; // 0x1118207
				_t8 = _t57 + 0x1118208; // 0x1118207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x1118450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x111821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x1116d5c; // 0x7f340654
							_t72 =  *0x1116d5c; // 0x7f340654
							_t75 =  *0x1116d5c; // 0x7f340654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x1116d5c; // 0x7f340654
							_t84 =  *0x1116d5c; // 0x7f340654
							_t87 =  *0x1116d5c; // 0x7f340654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E0106F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}

0x01052ae4
0x01052aec
0x01052aef
0x01052af4
0x01052af7
0x01052afd
0x01052b92
0x01052b92
0x01052b97
0x01052b9c
0x01052b9c
0x01052b03
0x01052b06
0x01052b09
0x01052b09
0x01052b0f
0x01052b15
0x01052b15
0x01052b1b
0x01052b1e
0x01052b21
0x01052b26
0x01052b29
0x01052b81
0x01052b84
0x01052c0e
0x01052c15
0x01052c24
0x01052c24
0x01052b8a
0x01052b8a
0x01052b8a
0x01052b8a
0x01052b90
0x00000000
0x00000000
0x00000000
0x00000000
0x01052b4a
0x01052b4a
0x01052b4d
0x01052b53
0x00000000
0x00000000
0x01052b55
0x01052b58
0x01052bb7
0x01095d1b
0x01095d37
0x01095d47
0x01095d53
0x01052bbd
0x01052bbd
0x01052bbd
0x01052bb7
0x01052b5d
0x01052c2f
0x01095d5b
0x01095d77
0x01095d87
0x01095d93
0x01052c35
0x01052c35
0x01052c35
0x01052c2f
0x01052b65
0x01052b9f
0x01052ba2
0x01052b67
0x01052b67
0x01052b69
0x01052b6b
0x01052b6e
0x01052bc9
0x01052bcc
0x01052bcf
0x01052bd4
0x01052bd6
0x01052bd6
0x01052bdb
0x01052c02
0x01052c05
0x01052c07
0x00000000
0x01052c07
0x01052be0
0x01052c00
0x01052c3f
0x01052c3f
0x00000000
0x01052c00
0x01052be5
0x01052be7
0x01052bec
0x01052bf4
0x01052bf6
0x00000000
0x01052bf6
0x01052b70
0x01052b76
0x01052b2b
0x01052b2b
0x01052b2d
0x01052b2f
0x01052b32
0x01052b35
0x01052b3a
0x00000000
0x01052b40
0x01052b43
0x01052b45
0x01052b47
0x01052b4a
0x01052b4d
0x01052b53
0x00000000
0x00000000
0x00000000
0x01052b53
0x01052b78
0x01052b78
0x01052b7b
0x01052b7e
0x00000000
0x01052b7e
0x01052b76
0x01052ba5
0x01052ba5
0x01052ba8
0x01052bad
0x00000000
0x00000000
0x01052baf
0x01052baf
0x01052bc2
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6f3b948885348f3f74e724d1df5450c2f2a91d22da5a08ccafe15bce2dc680d
Instruction ID: 878be8e77ee052ecd6f08b4415e08d76365ccacf7d2e218e85b617b71ad31ba4
Opcode Fuzzy Hash: e6f3b948885348f3f74e724d1df5450c2f2a91d22da5a08ccafe15bce2dc680d
Instruction Fuzzy Hash: AF51A176A00125CFDB59CF1CC8909BEB7F1FF88700715855AEC96AB315D730AA91CB90

Uniqueness

Uniqueness Score: -1.00%

Function 010EB0C7 Relevance: .2, Instructions: 156
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E010EB0C7(signed int __ecx, signed int __edx, unsigned int _a4, intOrPtr _a8) {
				signed int _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				void* __ebx;
				char* _t67;
				signed int _t87;
				char _t96;
				unsigned int _t97;
				signed int _t105;
				signed int _t113;
				signed int _t115;
				signed int _t120;

				_t105 = __edx;
				_v8 = _v8 & 0x00000000;
				_t115 = __ecx;
				if(__edx > 0x40) {
					_t105 = 0x40;
				}
				_push(_a8);
				_t4 = _t105 + 3; // 0x43
				_t113 = 0x1000;
				_v16 = 0x1000;
				_t7 = 0x1fd0 + ((_t4 & 0xfffffffc) + _t105 * 0x24) * 0x81 - 1; // -8078
				_t96 = 0x1fd0 + ((_t4 & 0xfffffffc) + _t105 * 0x24) * 0x81 - (_t7 & 0x00000fff) + 0xfff;
				_v20 = _t96;
				_t87 = 0;
				_v12 = _t96;
				_t97 = _a4;
				if( *((intOrPtr*)(E010EBD32(_t97))) == 0 || ( *0x1115cb8 & 0x00000008) != 0 || (_t115 & 0x40000000) != 0 || _t97 >> 0x10 != 0) {
					asm("sbb ebx, ebx");
					_t87 = _t87 & 0x01000000;
					asm("sbb esi, esi");
					_t119 = ( ~(_t115 & 0x40000000) & 0x0000003c) + 4;
					if(E010EA854( &_v8,  &_v12, 0, _t87 | 0x00002000, ( ~(_t115 & 0x40000000) & 0x0000003c) + 4, 0, _t97, _a8) >= 0) {
						if(E010EA854( &_v8,  &_v16, 0, _t87 | _t113, _t119, 0, _a4, _a8) < 0) {
							goto L9;
						} else {
							if(E01047D50() == 0) {
								_t67 = 0x7ffe0380;
							} else {
								_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							}
							if( *_t67 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0) {
								_t113 = _v16;
							} else {
								_t113 = _v16;
								E010E138A(_t87, _v8, _v8, _t113, 0xb);
							}
							_v16 = _v16 & 0x00000000;
							_t120 = _v8;
							_v8 = _v8 & 0x00000000;
							goto L19;
						}
					} else {
						L9:
						_t120 = 0;
					}
				} else {
					_v16 = 1;
					_t120 = E010EBBBB(_v20, 0x1000, 1, _t97, _a8);
					if(_t120 != 0) {
						L19:
						E0106FA60(_t120, 0, 0x398);
						_t37 = _t120 + 0x398; // 0x398
						 *((intOrPtr*)(_t120 + 0xcc)) = _t37;
						 *((intOrPtr*)(_t120 + 0xd0)) = _t120 + _t113;
						 *((intOrPtr*)(_t120 + 0xd4)) = _v12 + _t120;
						 *(_t120 + 0x2c) =  *(_t120 + 0x2c) & 0xfffffffe | _v16;
						asm("lock xadd [eax], ecx");
						asm("lock xadd [eax], edi");
					}
				}
				if(_v8 != 0) {
					_push(_a8);
					_push(_a4);
					_push(_t87 | 0x00008000);
					E010EAFDE( &_v8,  &_v12);
				}
				return _t120;
			}

0x010eb0c7
0x010eb0cf
0x010eb0d5
0x010eb0db
0x010eb0df
0x010eb0df
0x010eb0e0
0x010eb0e6
0x010eb0f3
0x010eb0fc
0x010eb105
0x010eb10c
0x010eb110
0x010eb113
0x010eb115
0x010eb118
0x010eb123
0x010eb16a
0x010eb175
0x010eb180
0x010eb18a
0x010eb19a
0x010eb1c0
0x00000000
0x010eb1c2
0x010eb1c9
0x010eb1db
0x010eb1cb
0x010eb1d4
0x010eb1d4
0x010eb1e3
0x010eb206
0x010eb1f4
0x010eb1f9
0x010eb1ff
0x010eb1ff
0x010eb209
0x010eb20d
0x010eb210
0x00000000
0x010eb210
0x010eb19c
0x010eb19c
0x010eb19c
0x010eb19c
0x010eb13f
0x010eb14c
0x010eb154
0x010eb158
0x010eb214
0x010eb21c
0x010eb221
0x010eb22a
0x010eb233
0x010eb23e
0x010eb24d
0x010eb259
0x010eb263
0x010eb263
0x010eb158
0x010eb26b
0x010eb26d
0x010eb279
0x010eb27f
0x010eb280
0x010eb280
0x010eb28d

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 867426ef7638efccf272c517bcd077274d1fd28fa4c6c53deaeab2574693fc7e
Instruction ID: ec37c184bbfca6bb8493351e4488e8969e03ecdda8b0f7b964b04c81abe3ab5b
Opcode Fuzzy Hash: 867426ef7638efccf272c517bcd077274d1fd28fa4c6c53deaeab2574693fc7e
Instruction Fuzzy Hash: 8C51E872E00209AFDB15CF99CD44BEEB7F5EF44310F0485A9E996AB190D774DA04CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0104DBE9 Relevance: .1, Instructions: 149
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E0104DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E0102CC50(E01024510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E01047D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E010F8ED6(_t102, _t98);
						}
						_t76 = _v44;
						E01042280(_t58, _v44);
						E0104DD82(_v44, _t102, _t98);
						E0104B944(_t102, _v5);
						return E0103FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x1118628; // 0x0
							_v28 = _t67;
							_t68 =  *0x111862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x1118628; // 0x0
						_t105 = _v28;
						_t80 =  *0x111862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x10efb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}

0x0104dbe9
0x0104dbf2
0x0104dbf7
0x0104dbf9
0x0104dbfc
0x0104dc00
0x0104dc03
0x0104dc14
0x0104dd54
0x0104dd54
0x0104dd54
0x0104dc18
0x0104dc1d
0x0104dc1d
0x0104dc32
0x0104dc3b
0x0104dc3e
0x0104dc46
0x0104dd5b
0x0104dd62
0x0104dd64
0x0104dd67
0x0104dd69
0x0104dd6b
0x0104dd6e
0x0104dd70
0x0104dd73
0x0104dd73
0x00000000
0x0104dc4c
0x0104dc4e
0x01093ae3
0x01093ae8
0x01093aea
0x0104dce7
0x0104dce9
0x0104dcec
0x0104dcee
0x0104dcf0
0x0104dcf3
0x0104dcf5
0x01093af2
0x01093af5
0x01093af5
0x0104dd06
0x0104dd08
0x0104dd0b
0x0104dd12
0x01093b08
0x0104dd18
0x0104dd18
0x0104dd18
0x0104dd20
0x0104dd23
0x01093b16
0x01093b16
0x0104dd29
0x0104dd2d
0x0104dd36
0x0104dd40
0x0104dd51
0x0104dd51
0x0104dc54
0x0104dc59
0x0104dc59
0x0104dc5e
0x0104dc5e
0x0104dc63
0x0104dc66
0x0104dc6b
0x0104dc78
0x0104dc7b
0x0104dc81
0x0104dc81
0x0104dc83
0x0104dc89
0x00000000
0x00000000
0x0104dd7b
0x0104dd7b
0x0104dc8f
0x0104dc8f
0x0104dc92
0x0104dc99
0x0104dc9f
0x0104dca5
0x0104dcaa
0x0104dcaa
0x0104dcb3
0x0104dcb8
0x0104dcbb
0x0104dcc1
0x0104dccf
0x0104dcd2
0x0104dcd5
0x0104dcd7
0x0104dcda
0x0104dcdc
0x0104dcdc
0x0104dce2
0x0104dce4
0x00000000
0x0104dce4

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83c99810abd7a8cf1f4814f3ba1576a0d1027a567dfb54c70a6b932cf2d72131
Instruction ID: 74e1cb539b00c7b18492639a5f4095bbff9ceff30ac0f7237a8f7bbb9489743b
Opcode Fuzzy Hash: 83c99810abd7a8cf1f4814f3ba1576a0d1027a567dfb54c70a6b932cf2d72131
Instruction Fuzzy Hash: DB51AFB1A00216DFCB15DFA8C4D0A9EFBF1BF58310F2085AAD5D5AB345DB30A944CB90

Uniqueness

Uniqueness Score: -1.00%

Function 010F740D Relevance: .1, Instructions: 141
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E010F740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0107D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E0106F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = E01044620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = E01044620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E0106F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = E01044620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}

0x010f740d
0x010f740d
0x010f7412
0x010f7413
0x010f7416
0x010f7418
0x010f741c
0x010f741f
0x010f7422
0x010f7422
0x010f7428
0x010f742a
0x010f742a
0x010f7451
0x010f7432
0x010f744f
0x010f744f
0x00000000
0x010f7434
0x010f7438
0x010f7443
0x010f7517
0x010f7517
0x010f751a
0x010f7535
0x010f7520
0x010f7527
0x010f752c
0x010f7531
0x010f7533
0x00000000
0x010f7533
0x00000000
0x010f7531
0x010f754b
0x010f754f
0x010f755c
0x010f755c
0x010f755f
0x010f7560
0x010f7561
0x010f7562
0x010f7563
0x010f7568
0x010f756a
0x010f756c
0x010f756d
0x010f756d
0x010f756f
0x010f7572
0x010f7574
0x010f7577
0x010f757c
0x010f757f
0x00000000
0x010f7551
0x010f7551
0x010f7551
0x010f7553
0x010f7553
0x010f7449
0x010f7449
0x010f744c
0x010f744c
0x00000000
0x010f744c
0x010f7443
0x010f750e
0x010f7514
0x010f7514
0x010f7455
0x010f7469
0x010f746d
0x00000000
0x010f7473
0x010f7473
0x010f7476
0x010f7480
0x010f7484
0x010f748e
0x010f7493
0x010f7493
0x010f7496
0x010f7499
0x010f74a1
0x010f74b1
0x010f74b5
0x00000000
0x010f74bb
0x010f74c1
0x010f74c1
0x010f74c4
0x010f74c5
0x010f74c6
0x010f74c7
0x010f74c8
0x010f74cd
0x00000000
0x010f74d3
0x010f74d3
0x010f74d6
0x010f74d8
0x010f74db
0x010f74dd
0x010f74e0
0x010f74e7
0x010f74ee
0x010f74ee
0x010f74f4
0x010f74f9
0x00000000
0x010f74fb
0x010f74fb
0x010f74fd
0x010f7500
0x010f7503
0x010f7505
0x010f7505
0x010f74f9
0x00000000
0x010f74cd
0x010f74b5
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
Instruction ID: c0010dbd785ed5e288e39dad24c78880ab0b5d942b047e908b6837f7ef003af9
Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
Instruction Fuzzy Hash: DB51AD71600646EFDB16CF18C885A96BBF5FF44704F18C0AAEA489F212E7B1E945CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01064D51 Relevance: .1, Instructions: 139
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E01064D51(intOrPtr* __ecx, intOrPtr* __edx) {
				signed int _v8;
				intOrPtr* _v12;
				intOrPtr* _v16;
				signed int _v20;
				signed int* _v24;
				signed int _v28;
				intOrPtr _v32;
				void* __ebx;
				signed int* _t57;
				signed int _t63;
				intOrPtr _t68;
				char* _t72;
				signed int _t80;
				signed int _t89;
				signed int _t91;
				intOrPtr* _t97;
				intOrPtr _t99;
				signed int _t100;
				signed int _t101;
				signed int _t105;
				void* _t107;
				intOrPtr* _t108;
				signed int _t113;

				_t97 = __ecx;
				_v16 = __edx;
				_v12 = __ecx;
				if( *__ecx != __edx) {
					asm("sbb eax, eax");
					_t105 = 0;
					_v8 = 0;
					_t80 = 0;
					_t4 = _t97 + 0x10; // 0x10
					_t57 = _t4;
					_v24 = _t57;
					while(1) {
						_t113 =  *_t57;
						_v20 = _t113;
						if((_t113 >> 0x00000010 & 0x00008000) != 0) {
							goto L23;
						}
						if(_t113 == 0) {
							L20:
							goto L2;
						}
						asm("lock cmpxchg [edx], ecx");
						_t97 = _v12;
						if(_t113 != _t113) {
							goto L23;
						}
						L7:
						if(_t113 == 0xffffffff) {
							goto L20;
						}
						if(_t113 == 0) {
							L19:
							 *_v24 = _t113;
							goto L20;
						}
						_t63 =  *_t97 + 0x50;
						_v28 =  ~( *(_t97 + 0x18) & 0x0000ffff);
						_v8 = _t63;
						do {
							_t107 =  *_t63;
							_t99 =  *((intOrPtr*)(_t63 + 4));
							_v32 = _t99;
							asm("lock cmpxchg8b [esi]");
							_t63 = _v8;
						} while (_t107 != _t107 || _t99 != _v32);
						_t113 = _v20;
						_t100 =  *(_v12 + 0x18) & 0x0000ffff;
						_v8 = _t100;
						_t108 = _v16 + 0x50;
						do {
							_t68 =  *_t108;
							_t89 =  *(_t108 + 4);
							_v32 = _t68;
							_v28 = _t89;
							_t31 = _t89 + 1; // 0x1
							_t101 = _t31;
							if(_t100 == 0) {
								_t40 = _t89 - 1; // -1
								_t101 = _t40;
							}
							_v20 = _t101;
							asm("lock cmpxchg8b [edi]");
							_t91 = _t89;
							_t100 = _v8;
						} while (_t68 != _v32 || _t91 != _v28);
						_t84 = _v12;
						 *_v12 = _v16;
						_t105 = 1;
						if(E01047D50() != 0) {
							_t72 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						} else {
							_t72 = 0x7ffe0380;
						}
						if( *_t72 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
								E010E129A(_t84,  *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0xc)) + 0xc)),  *((intOrPtr*)(_t84 + 4)), ( *( *[fs:0x18] + 0xfa8) & 0x0000ffff) - 1);
							}
						}
						goto L19;
						L23:
						_t80 = _t80 + 1;
						if(_t80 <= _v8) {
							_t41 = _t97 + 0x10; // 0x10
							_t57 = _t41;
							continue;
						}
						_t113 = _t113 | 0xffffffff;
						_v20 = _t113;
						goto L7;
					}
				} else {
					_t105 = 1;
					L2:
					return _t105;
				}
			}

0x01064d5b
0x01064d5e
0x01064d61
0x01064d66
0x01064d7d
0x01064d82
0x01064d84
0x01064d87
0x01064d89
0x01064d89
0x01064d8d
0x01064d90
0x01064d90
0x01064d97
0x01064d9f
0x00000000
0x00000000
0x01064da8
0x01064e82
0x00000000
0x01064e83
0x01064dbb
0x01064dbf
0x01064dc4
0x00000000
0x00000000
0x01064dca
0x01064dcd
0x00000000
0x00000000
0x01064dd5
0x01064e7d
0x01064e80
0x00000000
0x01064e80
0x01064de3
0x01064de6
0x01064de9
0x01064dec
0x01064dec
0x01064dee
0x01064df3
0x01064dff
0x01064e08
0x01064e08
0x01064e15
0x01064e18
0x01064e22
0x01064e25
0x01064e27
0x01064e27
0x01064e2b
0x01064e2e
0x01064e31
0x01064e37
0x01064e37
0x01064e3a
0x01064e89
0x01064e89
0x01064e89
0x01064e3c
0x01064e44
0x01064e48
0x01064e4a
0x01064e4d
0x01064e57
0x01064e5d
0x01064e61
0x01064e69
0x0109f2a8
0x01064e6f
0x01064e6f
0x01064e6f
0x01064e77
0x0109f2bf
0x0109f2e2
0x0109f2e2
0x0109f2bf
0x00000000
0x0109f28e
0x0109f28e
0x0109f292
0x0109f286
0x0109f286
0x00000000
0x0109f286
0x0109f294
0x0109f297
0x00000000
0x0109f297
0x01064d68
0x01064d6a
0x01064d6b
0x01064d71
0x01064d71

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57c987ef142df1584dd8d639fa8fc84791a5094b44c6db83ae1c023477dd8020
Instruction ID: 9df841a22f2db6165062b4dfe6f84d83b4779e0cb4fec26176bf76c55adea18c
Opcode Fuzzy Hash: 57c987ef142df1584dd8d639fa8fc84791a5094b44c6db83ae1c023477dd8020
Instruction Fuzzy Hash: 44514535E00615CFCB55DF88C880AAEB7F9BF88714F2481A9D895EB251D730AE81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01052990 Relevance: .1, Instructions: 133
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E01052990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x10fff00);
				E0107D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x1001664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E0106E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x1001668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E010A51BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x100166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E01052AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E01036600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E01052C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E0103EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E01052AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E01052C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E01052ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0107D0D1(_t62);
				goto L28;
			}

0x01052990
0x01052992
0x01052997
0x010529a3
0x010529a6
0x010529ab
0x010529ad
0x010529b2
0x01095c80
0x010529b8
0x010529b8
0x010529bb
0x010529c0
0x010529c5
0x010529c6
0x010529c6
0x010529cb
0x00000000
0x00000000
0x010529cd
0x010529d0
0x010529d9
0x010529db
0x010529dd
0x01052a7f
0x01052a84
0x01052a87
0x01052a89
0x01095ca1
0x01095ca3
0x00000000
0x01052a8f
0x01052a8f
0x00000000
0x01052a8f
0x00000000
0x010529e3
0x010529e3
0x010529e3
0x00000000
0x010529e3
0x010529dd
0x00000000
0x010529db
0x010529e6
0x010529e9
0x010529eb
0x010529ed
0x010529f3
0x010529f5
0x010529f8
0x010529fa
0x01052a97
0x01052a9a
0x01052a9d
0x01052add
0x00000000
0x01052a9f
0x01052aa2
0x01052aa5
0x01052aa8
0x01052aab
0x01095cab
0x01095caf
0x01095cc5
0x01095cda
0x01095cdc
0x01095cdf
0x01095ce5
0x00000000
0x01095ceb
0x01095ced
0x01095cee
0x00000000
0x01095cee
0x01095cb1
0x01095cb4
0x01095cb9
0x01095cbb
0x00000000
0x01095cbd
0x01095cbd
0x00000000
0x01095cbd
0x01095cbb
0x01052ab1
0x01052ab1
0x01052ac4
0x01052ac6
0x01052ac6
0x00000000
0x01052ac6
0x01052aab
0x00000000
0x01052a00
0x01052a09
0x01052a0e
0x01052a21
0x01052a24
0x01052a35
0x01052a3a
0x01052a3d
0x01052a42
0x01052a59
0x01052a59
0x01052a5c
0x01052a5f
0x01052a5f
0x010529fa
0x010529f3
0x01052a64
0x01052a64
0x01052a6b
0x01052a6b
0x01052a6d
0x01052a72
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9041e6202a742c7237e07cbcda6e971db23c6490717dd549cf0a1c0b54d2b041
Instruction ID: 6b4a5a70792879b85afff3b460ff781e7384229e5d8717049badb793816fa633
Opcode Fuzzy Hash: 9041e6202a742c7237e07cbcda6e971db23c6490717dd549cf0a1c0b54d2b041
Instruction Fuzzy Hash: 88515871A0020ADFDFA6CF99C880ADFBBB5BF48350F058155ED85AB220C3319952CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 01025050 Relevance: .1, Instructions: 133
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E01025050(void* _a4) {
				char _v24;
				signed int _v28;
				void* _v30;
				intOrPtr _v32;
				void* _v44;
				void* _v46;
				void* _v48;
				void* _v52;
				void* _v60;
				void* _v72;
				intOrPtr _t34;
				short _t36;
				signed int _t38;
				signed short _t41;
				signed int _t51;
				short _t60;
				intOrPtr _t68;
				intOrPtr _t73;
				signed int _t77;
				short _t78;
				short _t79;
				intOrPtr _t80;
				signed int _t81;
				void* _t83;

				_t83 = (_t81 & 0xfffffff8) - 0x1c;
				_t34 =  *[fs:0x30];
				_t58 =  *((intOrPtr*)(_t34 + 0x18));
				_t73 =  *((intOrPtr*)(_t34 + 0x10));
				_v28 =  *((intOrPtr*)(_t34 + 0x18));
				if(E0102519E(_a4) != 0) {
					_t36 = 0;
					L14:
					return _t36;
				}
				_t62 = _a4;
				if(E010474C0(_a4) != 0) {
					_t36 = 0xc0000103;
				} else {
					_t77 =  *(_t73 + 0x26) & 0x0000ffff;
					while(1) {
						_t38 = E01044620(_t62, _t58, 0, _t77);
						_v28 = _t38;
						if(_t38 == 0) {
							break;
						}
						 *((short*)(_t83 + 0x18)) = 0;
						if(_t77 > 0xffff) {
							 *(_t83 + 0x1a) = 0xffff;
							L25:
							_t78 = 0xc0000095;
							L26:
							L010477F0(_t58, 0, _t38);
							_t36 = _t78;
							goto L14;
						}
						 *(_t83 + 0x1a) = _t77;
						_t79 = E01046E30(_a4, _t77, _t38, 0, 0, _t83 + 0x20);
						if(_t79 == 0) {
							_t78 = 0xc0000033;
							L23:
							_t38 =  *((intOrPtr*)(_t83 + 0x1c));
							goto L26;
						}
						_t41 =  *(_t83 + 0x1a);
						_t62 = (_t41 & 0x0000ffff) - 4;
						if(_t79 > (_t41 & 0x0000ffff) - 4) {
							__eflags =  *((char*)( *[fs:0x30] + 3));
							if(__eflags >= 0) {
								_t41 =  *(_t83 + 0x1a);
								goto L7;
							}
							L010477F0(_t58, 0,  *((intOrPtr*)(_t83 + 0x1c)));
							_t77 = _t79 + 4;
							continue;
						}
						L7:
						_t71 = _t41 & 0x0000ffff;
						if(_t79 > (_t41 & 0x0000ffff)) {
							_t78 = 0xc0000106;
							goto L23;
						}
						_t91 = _t79 - 0xffff;
						if(_t79 > 0xffff) {
							 *((short*)(_t83 + 0x18)) = 0xffff;
							_t38 =  *((intOrPtr*)(_t83 + 0x1c));
							goto L25;
						}
						 *((short*)(_t83 + 0x18)) = _t79;
						_t60 = E0105F0BF(_t83 + 0x1c, _t71, _t91,  &_v24);
						L010477F0(_v32, 0,  *((intOrPtr*)(_t83 + 0x1c)));
						if(_t60 >= 0) {
							E0103EEF0(0x11179a0);
							_t68 = _v28;
							_t80 =  *0x1118210; // 0xbb2d88
							 *((intOrPtr*)(_t73 + 0x2c)) =  *((intOrPtr*)(_t68 + 4));
							 *((intOrPtr*)(_t73 + 0x28)) =  *((intOrPtr*)(_t68 + 0x10));
							 *((short*)(_t73 + 0x24)) =  *((intOrPtr*)(_t68 + 0xc));
							 *0x1118210 = _t68;
							_t51 = E0103EB70(_t68, 0x11179a0);
							if(_t80 != 0) {
								asm("lock xadd [esi], eax");
								if((_t51 | 0xffffffff) == 0) {
									_push( *((intOrPtr*)(_t80 + 4)));
									E010695D0();
									L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t80);
								}
							}
						}
						_t36 = _t60;
						goto L14;
					}
					_t36 = 0xc0000017;
				}
			}

0x01025058
0x0102505b
0x01025066
0x0102506a
0x0102506d
0x01025078
0x0102519a
0x01025191
0x01025197
0x01025197
0x0102507e
0x01025088
0x01080c21
0x0102508e
0x0102508e
0x01025092
0x01025096
0x0102509b
0x010250a1
0x00000000
0x00000000
0x010250ae
0x010250b5
0x01080c72
0x01080c77
0x01080c77
0x01080c7c
0x01080c80
0x01080c85
0x00000000
0x01080c85
0x010250bf
0x010250d4
0x010250d8
0x01080c67
0x01080c6c
0x01080c6c
0x00000000
0x01080c6c
0x010250de
0x010250e6
0x010250eb
0x01080c31
0x01080c35
0x01080c4b
0x00000000
0x01080c4b
0x01080c3e
0x01080c43
0x00000000
0x01080c43
0x010250f1
0x010250f1
0x010250f6
0x01080c55
0x00000000
0x01080c55
0x01025101
0x01025103
0x01080c5c
0x01080c61
0x00000000
0x01080c61
0x0102510d
0x01025120
0x01025128
0x0102512f
0x01025136
0x0102513b
0x0102513f
0x0102514d
0x01025153
0x0102515a
0x0102515e
0x01025164
0x0102516b
0x01025170
0x01025174
0x01025176
0x01025179
0x0102518a
0x0102518a
0x01025174
0x0102516b
0x0102518f
0x00000000
0x0102518f
0x01080c8c
0x01080c8c

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2df31af712e1adc7f4a1a69c941c7907ed55ac297388e42ee2a220abfa5bb498
Instruction ID: 1f2161d49bc154767c3beffc1fff3744fbb7f0f854a56567977f69c1df33acb5
Opcode Fuzzy Hash: 2df31af712e1adc7f4a1a69c941c7907ed55ac297388e42ee2a220abfa5bb498
Instruction Fuzzy Hash: 3441E0766083129BD320EF28CC80BAABBA4AF54710F114929F9D59B391E770DC49C7D9

Uniqueness

Uniqueness Score: -1.00%

Function 01054BAD Relevance: .1, Instructions: 131
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E01054BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x111d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E0102CC50(_t86);
					L11:
					return E0106B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x1118504
				E01042280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E0106FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E0106B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = E01044620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E0102CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x1118504
								E0103FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E01054F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}

0x01054bad
0x01054bbf
0x01054bc2
0x01054bc6
0x01054bcd
0x01054bd9
0x010967fe
0x01096800
0x01054ccc
0x01054ccd
0x01054cb7
0x01054cc9
0x01054cc9
0x01054bdf
0x01054be5
0x00000000
0x00000000
0x01054beb
0x01054bef
0x00000000
0x00000000
0x01054bf5
0x01054bf9
0x01054c06
0x01054c0b
0x01054c17
0x01054c1c
0x01054c1f
0x01054c25
0x01054c33
0x01054c3d
0x01054c40
0x01054c43
0x01054c47
0x01054c4d
0x01054c53
0x01054c54
0x01054c55
0x01054c56
0x01054c5b
0x01054c5c
0x01054c63
0x01054c6b
0x00000000
0x00000000
0x01096776
0x01096784
0x01096784
0x0109679f
0x010967a7
0x010967af
0x010967ce
0x00000000
0x010967b1
0x010967b7
0x010967b8
0x010967c1
0x010967d3
0x010967d9
0x010967dd
0x01054c94
0x01054c94
0x01054c98
0x01054c9c
0x01054ca3
0x010967f4
0x010967f4
0x01054cb5
0x00000000
0x00000000
0x00000000
0x00000000
0x01054cb5
0x01054c79
0x01054c7e
0x01054c89
0x01054c8b
0x01054c8f
0x01054c8f
0x00000000
0x01054c89
0x010967c3
0x00000000
0x010967c3
0x010967af
0x01054c73
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79c8fb078712f1090907df7b233b8f354d0cbc132f42ac56363b770dd193df3e
Instruction ID: ca5891809a2bdf2a4f704c1c56811cac05ed5d4f912fdf5fe23e3969c13128c9
Opcode Fuzzy Hash: 79c8fb078712f1090907df7b233b8f354d0cbc132f42ac56363b770dd193df3e
Instruction Fuzzy Hash: D1418275A002299BDFA1DF68C940BEEB7F4FF45710F4100A5E988EB241EB759E84CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01054D3B Relevance: .1, Instructions: 131
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E01054D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x111d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E0106FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x1117bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E0106B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = E01044620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E0102CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E0106B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E0106F380(_t67 + 0xc, 0x1005138, 0x10) == 0) {
								 *0x11160d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E01054F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E01054E70(0x11186b0, 0x1055690, 0, 0) != 0) {
					_t46 = E0102CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}

0x01054d3b
0x01054d4d
0x01054d53
0x01054d58
0x01054d65
0x01054d6c
0x01054d71
0x01054d77
0x01054d7f
0x01054d8c
0x01054d8e
0x01054dad
0x01054db0
0x01054db7
0x01054db8
0x01054db9
0x01054dba
0x01054dbb
0x01054dc1
0x01054dc8
0x01054dcc
0x01054dd5
0x01054dde
0x01054ddf
0x01054de0
0x01054de1
0x01054de6
0x01054de7
0x01054de9
0x01054df3
0x00000000
0x00000000
0x01096c7c
0x01096c8a
0x01096c8a
0x01096c9d
0x01096ca7
0x01096cac
0x01096cb2
0x01096cb9
0x00000000
0x01096cbf
0x01096cbf
0x00000000
0x01096cbf
0x01096cb9
0x01054dfb
0x01096ccf
0x01096cd3
0x01054e32
0x01054e39
0x01096ce0
0x01096cf2
0x01096cf2
0x01096ce0
0x01054e3f
0x01054e41
0x01054e51
0x01054e51
0x01054e03
0x01054e03
0x01054e09
0x01054e0f
0x01054e57
0x00000000
0x00000000
0x01054e1b
0x01054e30
0x01054e5b
0x01054e5b
0x00000000
0x01054e30
0x01054e11
0x01054e11
0x01054e16
0x00000000
0x01054e16
0x01054e01
0x00000000
0x01054e01
0x01054da5
0x01096c6b
0x00000000
0x01054dab
0x01054dab
0x00000000
0x01054dab

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad2f36deef1f73dafc90a5c4e7792fe20ea3185ebbb43853673eb80cbb0890e1
Instruction ID: a5356748359cdb4f4092e068211db4ac1495eb8c429e3021a09a72294ffa6be3
Opcode Fuzzy Hash: ad2f36deef1f73dafc90a5c4e7792fe20ea3185ebbb43853673eb80cbb0890e1
Instruction Fuzzy Hash: B741B3B1A443189FEB62DF14CC80BEBB7A9EB54710F0044A9ED85D7281E771ED84CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0104F86D Relevance: .1, Instructions: 124
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E0104F86D(void* __ebx, signed int __ecx, unsigned int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t31;
				signed int _t40;
				signed int _t45;
				signed int _t46;
				signed int _t48;
				signed int _t50;
				signed int _t53;
				unsigned int* _t60;
				signed int* _t66;
				signed int _t67;
				signed int* _t70;
				void* _t71;

				_t64 = __edx;
				_t61 = __ecx;
				_push(0x1c);
				_push(0x10ffeb8);
				E0107D08C(__ebx, __edi, __esi);
				_t60 = __edx;
				 *((intOrPtr*)(_t71 - 0x28)) = __edx;
				_t70 = __ecx;
				 *((intOrPtr*)(_t71 - 0x2c)) = __ecx;
				_t66 =  *(_t71 + 8);
				if(_t66 == 0 || __ecx == 0 || __edx == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					E010F88F5(_t60, _t61, _t64, _t66, _t70, __eflags);
					_t31 = 0xc000000d;
					goto L9;
				} else {
					if( *__ecx == 0) {
						L10:
						 *(_t71 - 0x20) =  *(_t71 - 0x20) & 0x00000000;
						_t67 = E01053E70(_t71 - 0x20, 0);
						 *(_t71 - 0x24) = _t67;
						__eflags = _t67;
						if(_t67 < 0) {
							L24:
							_t31 = _t67;
							L9:
							return E0107D0D1(_t31);
						}
						E01042280(_t36, _t60);
						 *(_t71 - 4) = 1;
						__eflags =  *_t70;
						if( *_t70 != 0) {
							asm("lock inc dword [eax]");
							L21:
							 *(_t71 - 4) = 0xfffffffe;
							E0104F9DD(_t60);
							_t40 =  *(_t71 - 0x20);
							__eflags = _t40;
							if(__eflags != 0) {
								_push(_t40);
								E01029100(_t60, _t61, _t67, _t70, __eflags);
							}
							__eflags = _t67;
							if(_t67 >= 0) {
								 *( *(_t71 + 8)) =  *_t70;
							}
							goto L24;
						}
						__eflags = _t70 - 0x11186c0;
						if(_t70 != 0x11186c0) {
							__eflags = _t70 - 0x11186b8;
							if(_t70 != 0x11186b8) {
								L20:
								 *_t70 =  *(_t71 - 0x20);
								_t20 = _t71 - 0x20;
								 *_t20 =  *(_t71 - 0x20) & 0x00000000;
								__eflags =  *_t20;
								goto L21;
							}
							E01055AA0(_t61,  *(_t71 - 0x20), 1);
							_t45 = E010295F0( *(_t71 - 0x20), 1);
							L27:
							_t67 = _t45;
							__eflags = _t67;
							 *(_t71 - 0x24) = _t67;
							if(_t67 >= 0) {
								goto L20;
							}
							goto L21;
						}
						_t46 =  *0x1118754; // 0x0
						__eflags = _t46;
						if(_t46 != 0) {
							E01055AA0(_t61,  *(_t71 - 0x20), _t46);
						} else {
							_t50 =  *0x7ffe03c0 << 3;
							__eflags = _t50 - 0x300;
							if(_t50 < 0x300) {
								_t50 = 0x300;
							}
							E01055AA0(0x300,  *(_t71 - 0x20), _t50);
							_t53 =  *0x7ffe03c0 << 2;
							_t61 = 0x180;
							__eflags = _t53 - 0x180;
							if(_t53 < 0x180) {
								_t53 = 0x180;
							}
							E01065C70( *(_t71 - 0x20), _t53);
						}
						_t48 =  *0x1118750; // 0x0
						__eflags = _t48;
						if(_t48 != 0) {
							_t45 = E0102B8F0( *(_t71 - 0x20), _t48);
							goto L27;
						} else {
							goto L20;
						}
					}
					 *((char*)(_t71 - 0x19)) = 0;
					L0104FAD0(__edx);
					 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
					if( *_t70 != 0) {
						asm("lock inc dword [eax]");
						 *_t66 =  *_t70;
						 *((char*)(_t71 - 0x19)) = 1;
					}
					 *(_t71 - 4) = 0xfffffffe;
					E0104F9D6(_t60);
					if( *((char*)(_t71 - 0x19)) == 0) {
						goto L10;
					} else {
						_t31 = 0;
						goto L9;
					}
				}
			}

0x0104f86d
0x0104f86d
0x0104f86d
0x0104f86f
0x0104f874
0x0104f879
0x0104f87b
0x0104f87e
0x0104f880
0x0104f883
0x0104f888
0x010947c9
0x010947ce
0x00000000
0x0104f8b1
0x0104f8b4
0x0104f8f1
0x0104f8f1
0x0104f900
0x0104f902
0x0104f905
0x0104f907
0x0104f9a9
0x0104f9a9
0x0104f8e9
0x0104f8ee
0x0104f8ee
0x0104f90e
0x0104f913
0x0104f91c
0x0104f91e
0x0104f9e4
0x0104f98b
0x0104f98b
0x0104f992
0x0104f997
0x0104f99a
0x0104f99c
0x0104f9e9
0x0104f9ea
0x0104f9ea
0x0104f99e
0x0104f9a0
0x0104f9a7
0x0104f9a7
0x00000000
0x0104f9a0
0x0104f924
0x0104f92a
0x0104f9b0
0x0104f9b6
0x0104f982
0x0104f985
0x0104f987
0x0104f987
0x0104f987
0x00000000
0x0104f987
0x0104f9be
0x0104f9c6
0x0104f9cb
0x0104f9cb
0x0104f9cd
0x0104f9cf
0x0104f9d2
0x00000000
0x00000000
0x00000000
0x0104f9d4
0x0104f930
0x0104f935
0x0104f937
0x010947a3
0x0104f93d
0x0104f942
0x0104f94a
0x0104f94c
0x0104f94e
0x0104f94e
0x0104f954
0x0104f95e
0x0104f961
0x0104f966
0x0104f968
0x0104f96a
0x0104f96a
0x0104f970
0x0104f970
0x0104f975
0x0104f97a
0x0104f97c
0x010947b1
0x00000000
0x00000000
0x00000000
0x00000000
0x0104f97c
0x0104f8b6
0x0104f8bb
0x0104f8c0
0x0104f8c8
0x0104f8ca
0x0104f8cf
0x0104f8d1
0x0104f8d1
0x0104f8d5
0x0104f8dc
0x0104f8e5
0x00000000
0x0104f8e7
0x0104f8e7
0x00000000
0x0104f8e7
0x0104f8e5

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74f269aecefa7133464e8bb3249e45f25b8dbd73c650e89684edbd6e86dbe730
Instruction ID: 302c4136a1df2c981384bebfcdef5c33dfd3d2c16638219b1d6ac7e2c9f0fd9a
Opcode Fuzzy Hash: 74f269aecefa7133464e8bb3249e45f25b8dbd73c650e89684edbd6e86dbe730
Instruction Fuzzy Hash: 6141AEB5A00217AFEB62AFACC880BEEB7F5BF59714F140469E5C0EB251D7759C408B60

Uniqueness

Uniqueness Score: -1.00%

Function 010B6365 Relevance: .1, Instructions: 123
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E010B6365(void* __ecx, void* __edx, signed short _a4, signed int* _a8, intOrPtr* _a12, intOrPtr* _a16, char* _a20) {
				intOrPtr _v8;
				void* _v12;
				void* _v16;
				intOrPtr _t30;
				intOrPtr _t36;
				intOrPtr _t39;
				intOrPtr* _t40;
				signed int* _t41;
				char* _t42;
				void* _t45;
				void* _t47;
				intOrPtr* _t49;
				signed int _t52;
				intOrPtr* _t53;
				intOrPtr _t56;
				void* _t61;
				void* _t62;
				void* _t63;
				void* _t64;
				signed int _t65;
				void* _t67;
				void* _t68;

				_t65 = _a4 & 0x0000ffff;
				_v12 = __edx;
				_t63 = __ecx;
				_t47 = E01044620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t65);
				_t30 = 0;
				_v8 = 0;
				if(_t47 == 0) {
					_t64 = 0xc0000017;
					L8:
					if(_t47 != 0) {
						L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t30, _t47);
					}
					return _t64;
				}
				_push( &_v16);
				_push(_t65);
				_push(_t47);
				_push(2);
				_push(_t63);
				_push(0xffffffff);
				_t64 = E01069730();
				if(_t64 < 0) {
					L7:
					_t30 = 0;
					goto L8;
				}
				_t49 =  *((intOrPtr*)(_t47 + 4));
				_t61 = _t49 + 2;
				do {
					_t36 =  *_t49;
					_t49 = _t49 + 2;
				} while (_t36 != _v8);
				_t52 = 2 + (_t49 - _t61 >> 1) * 2;
				_v16 = _t52;
				if(_t52 >= _t65) {
					_t64 = 0x80000005;
					goto L7;
				}
				E0106F3E0(_v12,  *((intOrPtr*)(_t47 + 4)), _t52);
				_t67 = L010713D0(_v12, 0x5c);
				if(_t67 != 0) {
					_t68 = _t67 + 2;
					_t53 = _t68;
					_t15 = _t53 + 2; // 0x0
					_t62 = _t15;
					do {
						_t39 =  *_t53;
						_t53 = _t53 + 2;
					} while (_t39 != _v8);
					_t56 = (_t53 - _t62 >> 1) + (_t53 - _t62 >> 1);
					_v8 = _t56;
					if(_a12 == 0) {
						L17:
						_t40 = _a16;
						if(_t40 != 0) {
							 *_t40 = _t56;
						}
						_t41 = _a8;
						if(_t41 != 0) {
							 *_t41 = _t68 - _v12 & 0xfffffffe;
						}
						_t42 = _a20;
						if(_t42 != 0) {
							 *_t42 = 1;
						}
						goto L7;
					}
					_t19 = _t56 + 2; // -2
					_t45 = E01044620(_t56,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
					 *_a12 = _t45;
					if(_t45 != 0) {
						E0106F3E0(_t45, _t68, _v8 + 2);
						_t56 = _v8;
						goto L17;
					}
					_t64 = 0xc0000017;
					goto L7;
				}
				_t64 = 0xc0000039;
				goto L7;
			}

0x010b6375
0x010b6380
0x010b6383
0x010b638a
0x010b638c
0x010b638e
0x010b6393
0x010b64ab
0x010b63fc
0x010b63fe
0x010b640b
0x010b640b
0x010b6418
0x010b6418
0x010b639c
0x010b639d
0x010b639e
0x010b639f
0x010b63a1
0x010b63a2
0x010b63a9
0x010b63ad
0x010b63fa
0x010b63fa
0x00000000
0x010b63fa
0x010b63af
0x010b63b2
0x010b63b5
0x010b63b5
0x010b63b8
0x010b63bb
0x010b63c5
0x010b63cc
0x010b63d1
0x010b64a1
0x00000000
0x010b64a1
0x010b63df
0x010b63ec
0x010b63f3
0x010b641b
0x010b641e
0x010b6420
0x010b6420
0x010b6423
0x010b6423
0x010b6426
0x010b6429
0x010b6433
0x010b6439
0x010b643c
0x010b6476
0x010b6476
0x010b647b
0x010b647d
0x010b647d
0x010b647f
0x010b6484
0x010b648c
0x010b648c
0x010b648e
0x010b6493
0x010b6499
0x010b6499
0x00000000
0x010b6493
0x010b643e
0x010b644d
0x010b6455
0x010b6459
0x010b646b
0x010b6470
0x00000000
0x010b6473
0x010b645b
0x00000000
0x010b645b
0x010b63f5
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
Instruction ID: 9d1ca185485aa855cf5c22ef624c51b4733fe5df3ddf879cc0bdf0246a435daa
Opcode Fuzzy Hash: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
Instruction Fuzzy Hash: 7241D376A00505EBDB15DF68C890BEF7BB9EF44B10F1980B8EA469B240DB76DD01C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 01021AA0 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1a7370b56a08231ee134f13a4b803da5b209042f7814c29e042afade973f4ff
Instruction ID: 0a6c6e3603bbb74def413254374d1f0f4b86b527cc03a1112a2994108862c80a
Opcode Fuzzy Hash: e1a7370b56a08231ee134f13a4b803da5b209042f7814c29e042afade973f4ff
Instruction Fuzzy Hash: 5D414071A00715EFDB25CF99C980AAEBBF9FF18700B2045ADE596D7650E330EA44CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01030100 Relevance: .1, Instructions: 122
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E01030100(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				signed char _t37;
				char _t38;
				intOrPtr _t42;
				signed int* _t43;
				signed int _t44;
				signed int _t48;
				char _t59;
				intOrPtr* _t61;
				intOrPtr _t62;
				signed int _t65;
				intOrPtr _t67;
				signed int _t70;
				signed int _t72;
				void* _t73;

				_push(0x1c);
				_push(0x10ff848);
				_t37 = E0107D08C(__ebx, __edi, __esi);
				_t59 = 0;
				 *((char*)(_t73 - 0x19)) = 0;
				if( *((intOrPtr*)(_t73 + 8)) == 0) {
					_t38 = 0;
					L7:
					return E0107D0D1(_t38);
				}
				E01042280(_t37, 0x111861c);
				 *(_t73 - 4) =  *(_t73 - 4) & 0x00000000;
				_t72 =  *0x1116da4; // 0x0
				if(_t72 == 0) {
					_t59 = 1;
					L26:
					 *((char*)(_t73 - 0x19)) = _t59;
					L6:
					 *(_t73 - 4) = 0xfffffffe;
					E0103021A();
					_t38 = _t59;
					goto L7;
				}
				_t70 = _t72;
				 *(_t73 - 0x24) = _t70;
				_t42 =  *0x1116da0; // 0x0
				 *((intOrPtr*)(_t73 - 0x20)) = _t42;
				while(_t70 > 0) {
					_t65 = _t70 << 5;
					if( *((intOrPtr*)(_t65 + _t42 - 0x1c)) ==  *((intOrPtr*)(_t73 + 8))) {
						_t12 = _t42 - 0x20; // -32
						_t61 = _t12 + _t65;
						 *((intOrPtr*)(_t73 - 0x28)) = _t61;
						_t14 = _t61 + 0x10; // -16
						_t43 = _t14;
						 *(_t73 - 0x2c) = _t43;
						_t44 =  *_t43;
						if(_t44 == 0) {
							L21:
							_t62 =  *((intOrPtr*)(_t73 - 0x20));
							L16:
							if(_t70 != _t72) {
								_t27 = _t70 - 1; // -1
								E01029FF0(_t27);
							}
							_t72 = _t72 - 1;
							 *0x1116da4 = _t72;
							if(_t72 == 0) {
								L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t62);
								_t42 = 0;
								 *((intOrPtr*)(_t73 - 0x20)) = 0;
								 *0x1116da0 = 0;
								 *0x1116da8 =  *0x1116da8 & 0;
								L32:
								_t70 =  *(_t73 - 0x24);
								_t72 =  *0x1116da4; // 0x0
								L20:
								_t59 = 1;
								 *((char*)(_t73 - 0x19)) = 1;
								goto L5;
							}
							_t48 =  *0x1116da8; // 0x0
							_t49 = _t48 + 0xffffffe0;
							if(_t72 < _t48 + 0xffffffe0) {
								_t42 = L01048E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t62, _t49 << 5);
								 *((intOrPtr*)(_t73 - 0x20)) = _t42;
								if(_t42 != 0) {
									 *0x1116da0 = _t42;
									 *0x1116da8 =  *0x1116da8 - 0x20;
									goto L32;
								}
								_t59 = 0;
								goto L26;
							}
							_t42 =  *((intOrPtr*)(_t73 - 0x20));
							goto L20;
						}
						_t67 =  *((intOrPtr*)(_t73 + 0xc));
						if(_t67 != 0) {
							if(_t67 !=  *_t61) {
								goto L21;
							}
						}
						if(_t44 == 0xffffffff) {
							goto L21;
						}
						_push(_t44 & 0xfffffffc);
						if( *((intOrPtr*)(_t61 + 0x1c)) == 0xc0000019) {
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							L010477F0();
							_t70 =  *(_t73 - 0x24);
							_t61 =  *((intOrPtr*)(_t73 - 0x28));
						} else {
							_push(0xffffffff);
							E010697A0();
						}
						if( *(_t61 + 0x14) != 0) {
							_push( *(_t61 + 0x14));
							E010695D0();
							 *(_t61 + 0x14) =  *(_t61 + 0x14) & 0x00000000;
						}
						 *( *(_t73 - 0x2c)) =  *( *(_t73 - 0x2c)) & 0x00000000;
						_t72 =  *0x1116da4; // 0x0
						_t62 =  *0x1116da0; // 0x0
						 *((intOrPtr*)(_t73 - 0x20)) = _t62;
						goto L16;
					}
					L5:
					_t70 = _t70 - 1;
					 *(_t73 - 0x24) = _t70;
				}
				goto L6;
			}

0x01030100
0x01030102
0x01030107
0x0103010c
0x0103010e
0x01030115
0x01086127
0x0103016a
0x0103016f
0x0103016f
0x01030120
0x01030125
0x01030129
0x01030131
0x0108612e
0x01086134
0x01086134
0x0103015c
0x0103015c
0x01030163
0x01030168
0x00000000
0x01030168
0x01030137
0x01030139
0x0103013c
0x01030141
0x01030144
0x0103014a
0x01030154
0x01030172
0x01030175
0x01030177
0x0103017a
0x0103017a
0x0103017d
0x01030180
0x01030184
0x0103020b
0x0103020b
0x010301db
0x010301dd
0x01030210
0x01030213
0x01030213
0x010301df
0x010301e2
0x010301e8
0x01086171
0x01086176
0x01086178
0x0108617b
0x01086180
0x01086194
0x01086194
0x01086197
0x01030201
0x01030201
0x01030203
0x00000000
0x01030203
0x010301ee
0x010301f3
0x010301f8
0x010861b2
0x010861b7
0x010861bc
0x01086188
0x0108618d
0x00000000
0x0108618d
0x01086132
0x00000000
0x01086132
0x010301fe
0x00000000
0x010301fe
0x0103018a
0x01030191
0x0108613f
0x00000000
0x00000000
0x01086145
0x0103019a
0x00000000
0x00000000
0x0103019f
0x010301a7
0x0108614a
0x01086152
0x01086155
0x0108615a
0x0108615d
0x010301ad
0x010301ad
0x010301af
0x010301af
0x010301b8
0x010301ba
0x010301bd
0x010301c2
0x010301c2
0x010301c9
0x010301cc
0x010301d2
0x010301d8
0x00000000
0x010301d8
0x01030156
0x01030156
0x01030157
0x01030157
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d3cc8f43562dfa7f9b5cb67a860ad35b6e4bb407cbbb1be01b7f7857d5565ed
Instruction ID: edeb60cbfbf9f85110e7c506d2969c9413ca85370a36c036b5806554391f1a70
Opcode Fuzzy Hash: 6d3cc8f43562dfa7f9b5cb67a860ad35b6e4bb407cbbb1be01b7f7857d5565ed
Instruction Fuzzy Hash: 6441E231946205CFCFA5DF68C9907EEBBB4BF54314F490165E4E16B39AC3768980CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01038A0A Relevance: .1, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E01038A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x111d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E0106B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E0103E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x1001180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E01051DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E01063C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E01038999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}

0x01038a0a
0x01038a1c
0x01038a23
0x01038a2e
0x01038a30
0x01038a36
0x01038a3c
0x01038a3e
0x01038a4a
0x01038a52
0x01038a9c
0x01038aae
0x01038a58
0x01038a5e
0x01038a6a
0x01038a6f
0x01038a75
0x01038a7d
0x01038a85
0x01038a86
0x01038a89
0x01038a93
0x01038a99
0x01038a9b
0x00000000
0x01038aaf
0x01038abe
0x01038ac3
0x01038acb
0x01038ad7
0x01038ae0
0x01038af1
0x00000000
0x01038af1
0x01038acd
0x01038ad5
0x01038afb
0x01038afd
0x01038aff
0x01038b07
0x01038b22
0x01038b24
0x01038b2a
0x01038b2e
0x01038b3f
0x01038b78
0x01038b41
0x01038b52
0x01038b54
0x01038b5c
0x01038b74
0x01038b74
0x01038b5c
0x01038b3f
0x01038b5e
0x01038b61
0x01038b64
0x01038b64
0x01038b6c
0x01038b6c
0x01038b11
0x01089cd5
0x01089cd5
0x01038b17
0x01038b1a
0x01038b1a
0x00000000
0x01038ad5
0x01038a89

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e66ab948b0fd6f269ec78a2630736569875793bdee59cd98e01f6ef1da576422
Instruction ID: e3dfb97eb3a9286d5cded9393f158ace6f45bc9f6243a68d84460c0bcc795287
Opcode Fuzzy Hash: e66ab948b0fd6f269ec78a2630736569875793bdee59cd98e01f6ef1da576422
Instruction Fuzzy Hash: D6417AB1A0022D9BDB64DF59CC88AE9B7F8FB94300F1086E6E959D7241D7709E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 010EAA16 Relevance: .1, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010EAA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E010EABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E010EAB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E010EAC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E010CCB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L010477F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E01047D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E010E131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E010CCB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}

0x010eaa1f
0x010eaa21
0x010eaa23
0x010eaa2b
0x010eaa30
0x010eaa36
0x010eaa39
0x010eaa42
0x010eaa75
0x010eaa7a
0x010eaa7c
0x010eaa7c
0x010eaa88
0x010eaa8a
0x010eaa8f
0x010eab02
0x010eab04
0x010eaa99
0x010eaaa8
0x010eaaaf
0x010eaab3
0x010eaacc
0x010eaad1
0x010eaad6
0x010eaae0
0x010eaaf3
0x010eaaf9
0x010eaafe
0x010eaafe
0x010eaaf3
0x010eaad6
0x010eaab3
0x010eab07
0x010eab0a
0x010eab11
0x010eab23
0x010eab13
0x010eab1c
0x010eab1c
0x010eab2b
0x010eab44
0x010eab44
0x010eab51
0x010eab51
0x010eaa44
0x010eaa47
0x010eaa4c
0x00000000
0x00000000
0x010eaa5a
0x010eaa64
0x010eaa72
0x00000000
0x010eaa66
0x010eaa66
0x010eaa68
0x010eaa6a
0x00000000
0x010eaa6a

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
Instruction ID: 2083e0870f88e0049298db739665346e90954ae5647068c052adf5af00e2a908
Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
Instruction Fuzzy Hash: 1C31C731B00205EFEF159B6AC889BAFFBE6DF88610F0944A9E985A7252DB749D00C650

Uniqueness

Uniqueness Score: -1.00%

Function 010599BC Relevance: .1, Instructions: 117
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E010599BC(void* __ebx, intOrPtr __ecx, signed int __edi, void* __esi, void* __eflags, signed int _a12) {
				signed int _v4;
				intOrPtr _v128;
				intOrPtr* _v132;
				char _v180;
				intOrPtr _v184;
				signed int _t40;
				void* _t65;
				intOrPtr _t69;
				signed int _t70;
				signed int _t71;
				signed int _t72;
				signed int _t76;
				intOrPtr _t77;
				intOrPtr* _t78;
				void* _t79;
				signed int _t80;
				signed int _t82;
				signed int _t84;
				intOrPtr* _t85;
				intOrPtr _t88;
				signed int _t89;
				void* _t103;

				_t65 = __ebx;
				_push(0xa8);
				_push(0x1100198);
				E0107D0E8(__ebx, __edi, __esi);
				_t88 = __ecx;
				_v184 = __ecx;
				if( *((intOrPtr*)(__ecx + 8)) != 0) {
					E0102716E(__ebx, __ecx, __edi, __ecx, __eflags);
					_t69 =  *((intOrPtr*)(__ecx + 8));
					_t82 = __edi | 0xffffffff;
					__eflags = _t82;
					asm("lock xadd [ecx], eax");
					if(_t82 == 0) {
						L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)),  *0x11184c4, _t69);
					}
				} else {
					_t82 = __edi | 0xffffffff;
				}
				if( *((intOrPtr*)(_t88 + 0x38)) != _t82) {
					_push( *((intOrPtr*)(_t88 + 0x38)));
					L20();
				}
				_t38 =  *((intOrPtr*)(_t88 + 0x5c));
				if( *((intOrPtr*)(_t88 + 0x5c)) == 0) {
					E01042280(_t38, 0x111a74c);
					_v4 = 1;
					_t40 = _t88 + 0x60;
					_t79 =  *_t40;
					_t70 =  *(_t40 + 4);
					__eflags =  *(_t79 + 4) - _t40;
					if( *(_t79 + 4) != _t40) {
						goto L19;
					} else {
						__eflags =  *_t70 - _t40;
						if( *_t70 != _t40) {
							goto L19;
						} else {
							 *_t70 = _t79;
							 *(_t79 + 4) = _t70;
							 *(_t40 + 4) = _t40;
							 *_t40 = _t40;
							_v4 = 0xfffffffe;
							E010997DE();
							goto L10;
						}
					}
				} else {
					E01042280(_t38 + 0x2c, _t38 + 0x2c);
					_v4 = _v4 & 0x00000000;
					_t40 = _t88 + 0x60;
					_t79 =  *_t40;
					_t76 =  *(_t40 + 4);
					if( *(_t79 + 4) != _t40 ||  *_t76 != _t40) {
						L19:
						_t71 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(_t65);
						_push(_t88);
						_t89 = _a12;
						_push(_t82);
						__eflags = _t89;
						if(_t89 != 0) {
							_t40 = _t89 - 0x00000001 | 0x00000007;
							__eflags = _t40 - 0xffffffff;
							if(_t40 != 0xffffffff) {
								__eflags =  *_t89;
								if( *_t89 > 0) {
									__eflags =  *_t89 - 0x7fffffff;
									if( *_t89 != 0x7fffffff) {
										while(1) {
											_t80 =  *_t89;
											__eflags = _t80 - 0x7fffffff;
											if(_t80 == 0x7fffffff) {
												break;
											}
											_t84 = _t80 - 1;
											_t40 = _t80;
											_t71 = _t84;
											asm("lock cmpxchg [esi], ecx");
											__eflags = _t40 - _t80;
											if(_t40 != _t80) {
												continue;
											}
											L26:
											__eflags =  *0x111871c;
											if( *0x111871c != 0) {
												asm("lock xadd [esi+0xe8], eax");
												_t40 = E01058690(_t71, 1, 4, 0xbadc99 + _t89, 0);
											}
											__eflags = _t84;
											if(_t84 == 0) {
												__eflags =  *0x111871d;
												_t72 = _t89;
												if(__eflags != 0) {
													_t40 = E010B4257(0x7fffffff, _t72, _t84, _t89, __eflags);
												} else {
													_t40 = L01027055(_t72);
												}
											}
											goto L28;
										}
										_t84 = 0x7fffffff;
										goto L26;
									}
								}
							}
						}
						L28:
						return _t40;
					} else {
						 *_t76 = _t79;
						 *(_t79 + 4) = _t76;
						 *(_t40 + 4) = _t40;
						 *_t40 = _t40;
						_v4 = 0xfffffffe;
						E01059AF3(_t88);
						_t77 =  *((intOrPtr*)(_t88 + 0x5c));
						_t103 = _t77 -  *0x11186c0; // 0xbb07b0
						if(_t103 != 0) {
							__eflags = _t77 -  *0x11186b8; // 0x0
							if(__eflags == 0) {
								_t79 = 0x11186bc;
								_t78 = 0x11186b8;
								goto L9;
							} else {
								asm("lock xadd [ecx], edi");
								_t86 = _t82 - 1;
								__eflags = _t82 - 1;
								if(__eflags == 0) {
									E01029240(_t65, _t77, _t86, _t88, __eflags);
								}
							}
						} else {
							_t79 = 0x11186c4;
							_t78 = 0x11186c0;
							L9:
							E01059B82(_t65, _t78, _t79, _t82, _t88, _t103);
						}
						L10:
						_t85 =  *((intOrPtr*)(_t88 + 0x10));
						if(_t85 != 0) {
							E0106FA60( &_v180, 0, 0x98);
							_v132 = _t85;
							_t88 =  *((intOrPtr*)(_t88 + 0x34));
							_v128 = _t88;
							E0104DB6D( &_v180);
							 *0x111b1e0( &_v180, _t88);
							 *_t85();
							E0104CFEB( &_v180, _t79);
						}
						return E0107D130(_t65, _t85, _t88);
					}
				}
			}

0x010599bc
0x010599bc
0x010599c1
0x010599c6
0x010599cb
0x010599cd
0x010599d7
0x01059aab
0x01059ab0
0x01059ab3
0x01059ab3
0x01059ab8
0x01059abc
0x0109977b
0x0109977b
0x010599dd
0x010599dd
0x010599dd
0x010599e3
0x010599e5
0x010599e8
0x010599e8
0x010599ed
0x010599f2
0x01099798
0x0109979d
0x010997a4
0x010997a7
0x010997a9
0x010997ac
0x010997af
0x00000000
0x010997b5
0x010997b5
0x010997b7
0x00000000
0x010997bd
0x010997bd
0x010997bf
0x010997c2
0x010997c5
0x010997c7
0x010997ce
0x00000000
0x010997ce
0x010997b7
0x010599f8
0x010599fc
0x01059a01
0x01059a05
0x01059a08
0x01059a0a
0x01059a10
0x01059b00
0x01059b02
0x01059b03
0x01059b05
0x01059b06
0x01059b07
0x01059b08
0x01059b09
0x01059b0a
0x01059b0b
0x01059b0c
0x01059b0d
0x01059b0e
0x01059b0f
0x01059b15
0x01059b16
0x01059b17
0x01059b1a
0x01059b1b
0x01059b1d
0x01059b22
0x01059b25
0x01059b28
0x01059b2a
0x01059b2d
0x01059b34
0x01059b36
0x01059b38
0x01059b38
0x01059b3a
0x01059b3c
0x00000000
0x00000000
0x01059b3e
0x01059b41
0x01059b43
0x01059b45
0x01059b49
0x01059b4b
0x00000000
0x00000000
0x01059b4d
0x01059b4d
0x01059b54
0x010997ec
0x01099809
0x01099809
0x01059b5a
0x01059b5c
0x01059b65
0x01059b6c
0x01059b6e
0x01059b7b
0x01059b70
0x01059b70
0x01059b70
0x01059b6e
0x00000000
0x01059b5c
0x01059b77
0x00000000
0x01059b77
0x01059b36
0x01059b2d
0x01059b28
0x01059b5e
0x01059b62
0x01059a1e
0x01059a1e
0x01059a20
0x01059a23
0x01059a26
0x01059a28
0x01059a2f
0x01059a34
0x01059a37
0x01059a3d
0x01059ac7
0x01059acd
0x01059ae4
0x01059ae9
0x00000000
0x01059acf
0x01059acf
0x01059ad3
0x01059ad3
0x01059ad4
0x01059ada
0x01059ada
0x01059ad4
0x01059a43
0x01059a43
0x01059a48
0x01059a4d
0x01059a4d
0x01059a4d
0x01059a52
0x01059a52
0x01059a57
0x01059a6d
0x01059a75
0x01059a7b
0x01059a7e
0x01059a87
0x01059a96
0x01059a9c
0x01059aa4
0x01059aa4
0x01059a5e
0x01059a5e
0x01059a10

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c58489a26fa211605c909380359b31b0675294ed833acc6595ebc43e72804f65
Instruction ID: 1ba78ec4ab883748e24f6a947147f45975b376906abb1d5968a1c5ba809af272
Opcode Fuzzy Hash: c58489a26fa211605c909380359b31b0675294ed833acc6595ebc43e72804f65
Instruction Fuzzy Hash: E441E4B0501701CFDBA5EF28CA40B5AB7F5FF54318F1586ADD4869B2A1EB309A40CB91

Uniqueness

Uniqueness Score: -1.00%

Function 010EFDE2 Relevance: .1, Instructions: 116
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E010EFDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E010EFD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E010F0A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E01047D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E010E1608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E010F2B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E010EC8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E010EDBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E01047D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E010EA80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}

0x010efde7
0x010efde8
0x010efdec
0x010efdee
0x010efdf5
0x010efdf7
0x010efdfc
0x010efe19
0x010efe22
0x010efe26
0x010efec6
0x010efecd
0x010efed5
0x010efee7
0x010efed7
0x010efee0
0x010efee0
0x010efeef
0x010eff00
0x010eff02
0x010eff07
0x010eff07
0x00000000
0x010efeef
0x010efe33
0x010efe55
0x010efe59
0x010efe5b
0x010efe5e
0x010efe69
0x010efe6d
0x010efe6d
0x010efe69
0x010efe35
0x010efe41
0x010efe41
0x010efe79
0x010efe8b
0x010efe7b
0x010efe84
0x010efe84
0x010efe93
0x00000000
0x010efea8
0x010efeba
0x00000000
0x010efeba
0x010efdfe
0x010efe01
0x010efe02
0x010efe08
0x010eff0c
0x010eff14
0x010eff14

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
Instruction ID: 01960c56b7bdb5b142e061f2d62102aaaf7d3d0cbec761285b86614bcb3dd674
Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
Instruction Fuzzy Hash: DE312832300642AFD3229B6EC84DFAA7BEAEFC5750F184499E5C58B742DA74EC41C750

Uniqueness

Uniqueness Score: -1.00%

Function 01027B70 Relevance: .1, Instructions: 113
COMMON

Download Yara Rule

C-Code - Quality: 98%

			E01027B70(signed int _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16) {
				void* __ebx;
				void* __edi;
				void* __ebp;
				intOrPtr _t26;
				signed int _t28;
				signed int _t39;
				signed int _t43;
				signed int _t44;
				void* _t46;
				signed int _t49;
				signed int _t50;
				signed int _t53;
				void* _t59;

				_t26 = _a8;
				if(_t26 == 0x80000002) {
					_t54 = _a12;
					__eflags = _a12;
					if(_a12 == 0) {
						L16:
						return 0xc0000001;
					}
					__eflags = _a16 - 0x1c;
					if(_a16 != 0x1c) {
						goto L16;
					}
					_t28 = E010CC4C1(_a4, _t54);
					L12:
					__eflags = _t28;
					if(_t28 >= 0) {
						L4:
						return 0;
					}
					return _t28;
				}
				if(_t26 == 0) {
					__eflags = _a16 - 4;
					if(_a16 < 4) {
						return 0xc0000023;
					}
					__eflags =  *_a12 - 2;
					if( *_a12 != 2) {
						goto L16;
					}
					_t49 = _a4;
					__eflags =  *((intOrPtr*)(_t49 + 8)) - 0xddeeddee;
					if( *((intOrPtr*)(_t49 + 8)) == 0xddeeddee) {
						goto L4;
					}
					__eflags = ( *(_t49 + 0x40) & 0x75010f63) - 2;
					if(( *(_t49 + 0x40) & 0x75010f63) != 2) {
						L15:
						return 0xc000000d;
					}
					__eflags =  *( *[fs:0x30] + 0x68) & 0x00000800;
					if(__eflags != 0) {
						goto L15;
					}
					_t28 = E01027BFA(_t46, _t49, 0, _t59, __eflags);
					goto L12;
				}
				if(_t26 != 1) {
					__eflags = _t26 - 3;
					if(_t26 == 3) {
						_t50 = _a12;
						__eflags = _t50;
						if(_t50 == 0) {
							goto L15;
						}
						__eflags = _a16 - 4;
						if(_a16 < 4) {
							goto L15;
						}
						__eflags =  *_t50 != 1;
						if( *_t50 != 1) {
							goto L15;
						}
						__eflags = _a16 - 8;
						if(_a16 != 8) {
							goto L15;
						}
						__eflags =  *(_t50 + 4);
						if( *(_t50 + 4) != 0) {
							goto L15;
						}
						__eflags = _a4;
						if(__eflags != 0) {
							E0103EEF0(0x1116620);
							_t51 = _a4;
							_t39 = E01027C8D(_a4);
							__eflags = _t39;
							if(_t39 == 0) {
								E010D25D1(_t51);
							}
							E0103EB70(_t51, 0x1116620);
							goto L4;
						}
						_push(0);
						E010CCD04(_t46, 0x10cd290, 0, 0, _t59, __eflags);
						goto L4;
					}
					__eflags = _t26 - 4;
					if(_t26 == 4) {
						__eflags =  *0x1118724 & 0x00000001;
						if(( *0x1118724 & 0x00000001) == 0) {
							goto L15;
						}
						_t43 = E01054E70(0x11186a4, 0x10e2ca0, 0x11165a0, 0);
						__eflags = _t43;
						if(_t43 < 0) {
							return _t43;
						}
						 *0x1118724 =  *0x1118724 | 0x00000002;
						goto L4;
					}
					__eflags = _t26 - 5;
					if(_t26 != 5) {
						goto L4;
					}
					_t53 = _a12;
					__eflags = _t53;
					if(_t53 == 0) {
						goto L15;
					}
					__eflags = _a16 - 8;
					if(_a16 < 8) {
						goto L15;
					}
					__eflags =  *_t53 - 1;
					if( *_t53 != 1) {
						goto L15;
					}
					_t44 =  *(_t53 + 2) & 0x0000ffff;
					__eflags = _t44 & 0xfffffffe;
					if((_t44 & 0xfffffffe) != 0) {
						goto L15;
					}
					E010E079E(_t53, 0);
					goto L4;
				}
				 *0x111849c = 0;
				goto L4;
			}

0x01027b75
0x01027b81
0x01082b81
0x01082b84
0x01082b86
0x01027bf3
0x00000000
0x01027bf3
0x01082b8c
0x01082b90
0x00000000
0x00000000
0x01082b99
0x01027bdf
0x01027bdf
0x01027be1
0x01027b9c
0x00000000
0x01027b9c
0x00000000
0x01027be1
0x01027b89
0x01027ba4
0x01027ba8
0x00000000
0x01027be5
0x01027bad
0x01027bb0
0x00000000
0x00000000
0x01027bb2
0x01027bb5
0x01027bbc
0x00000000
0x00000000
0x01027bc6
0x01027bc9
0x01027bec
0x00000000
0x01027bec
0x01027bd1
0x01027bd8
0x00000000
0x00000000
0x01027bda
0x00000000
0x01027bda
0x01027b90
0x01082a90
0x01082a93
0x01082b10
0x01082b13
0x01082b15
0x00000000
0x00000000
0x01082b1b
0x01082b1f
0x00000000
0x00000000
0x01082b27
0x01082b2a
0x00000000
0x00000000
0x01082b30
0x01082b34
0x00000000
0x00000000
0x01082b3a
0x01082b3d
0x00000000
0x00000000
0x01082b43
0x01082b46
0x01082b60
0x01082b65
0x01082b68
0x01082b6d
0x01082b6f
0x01082b71
0x01082b71
0x01082b77
0x00000000
0x01082b77
0x01082b48
0x01082b50
0x00000000
0x01082b50
0x01082a95
0x01082a98
0x01082ada
0x01082ae1
0x00000000
0x00000000
0x01082af7
0x01082afc
0x01082afe
0x01027ba1
0x01027ba1
0x01082b04
0x00000000
0x01082b04
0x01082a9a
0x01082a9d
0x00000000
0x00000000
0x01082aa3
0x01082aa6
0x01082aa8
0x00000000
0x00000000
0x01082aae
0x01082ab2
0x00000000
0x00000000
0x01082ab8
0x01082abb
0x00000000
0x00000000
0x01082ac1
0x01082ac5
0x01082aca
0x00000000
0x00000000
0x01082ad0
0x00000000
0x01082ad0
0x01027b96
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75a18b414a9d4c821ca9b5c991f7ddf5fd80fc5c92e4cc8d584a97d7aab26ec9
Instruction ID: e74208bd5591c2b42fccec4ac225e8c5ac3fef111049b37c658a2ecbf933bea0
Opcode Fuzzy Hash: 75a18b414a9d4c821ca9b5c991f7ddf5fd80fc5c92e4cc8d584a97d7aab26ec9
Instruction Fuzzy Hash: DC31E53020A225CBEB679E2DCD407AE37D9FFA165AF14846AEBD287111C731C881CB52

Uniqueness

Uniqueness Score: -1.00%

Function 010EEA55 Relevance: .1, Instructions: 111
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E010EEA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E01042280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E010EE815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E0102F900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E0103FFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E010EAFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E010EBCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E01047D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E010DFE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E0103FFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E010EA80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}

0x010eea55
0x010eea66
0x010eea68
0x010eea6c
0x010eea6f
0x010eea72
0x010eea75
0x010eea7a
0x010eea7a
0x010eea7e
0x010eea80
0x010eea85
0x010eea8b
0x010eeab5
0x010eeabc
0x010eeabf
0x010eeabf
0x010eeaca
0x010eeace
0x010eead0
0x010eeae4
0x010eeaeb
0x010eeaf0
0x010eeaf5
0x010eeb09
0x010eeb0d
0x010eeb1d
0x010eeb2d
0x010eeb38
0x010eeb3d
0x010eeb41
0x010eeb4a
0x010eeb60
0x010eeb4c
0x010eeb52
0x010eeb59
0x010eeb59
0x010eeb68
0x010eeb71
0x010eeb71
0x010eea8d
0x010eea8f
0x010eea92
0x010eea97
0x010eea97
0x010eea9b
0x010eea9c
0x010eea9e
0x010eeaa6
0x010eeaa6
0x010eeb7e

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
Instruction ID: d75d00a28b19f28ab4d22ca88bdad6d28b1d15c4bc3f7121ec8993c4ee30a8da
Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
Instruction Fuzzy Hash: F831B47260470AAFC719DF29C884A9BB7E9FFC4310F04492DF59687645DE30E805C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 010A69A6 Relevance: .1, Instructions: 108
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E010A69A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x111d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L01036C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E010A6BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E01069980() >= 0) {
							E01042280(_t56, 0x1118778);
							_t77 = 1;
							_t68 = 1;
							if( *0x1118774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x1118774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E0102B6F0(0x100c338, 0x100c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E01069520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E010695D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E0103FFB0(_t68, _t77, 0x1118778);
				}
				_pop(_t78);
				return E0106B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}

0x010a69b5
0x010a69be
0x010a69c3
0x010a69c9
0x010a69cc
0x010a69d1
0x010a69d3
0x010a69de
0x010a69e1
0x010a69ea
0x010a69f6
0x010a69fe
0x010a6a13
0x010a6a14
0x010a6a15
0x010a6a16
0x010a6a1e
0x010a6a26
0x010a6a31
0x010a6a36
0x010a6a37
0x010a6a40
0x010a6a49
0x010a6a4a
0x010a6a53
0x010a6a59
0x010a6a5d
0x010a6a5e
0x010a6a64
0x010a6a67
0x010a6a6a
0x010a6a6d
0x010a6a70
0x010a6a77
0x010a6a7d
0x010a6a86
0x010a6a89
0x010a6a9c
0x010a6a9f
0x010a6aa2
0x010a6aa5
0x010a6aaf
0x010a6ab1
0x010a6ab8
0x010a6ab9
0x010a6abb
0x010a6abe
0x010a6ac5
0x010a6ac5
0x010a6aaf
0x010a6a40
0x010a6a26
0x010a69fe
0x010a6ace
0x010a6ad0
0x010a6ad3
0x010a6ad8
0x010a6adf
0x010a6adf
0x010a6ae8
0x010a6aef
0x010a6aef
0x010a6af9
0x010a6b06

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ceacf667a6d22f6492b1a0937c241200262b9455bcee3a4033e39e77f9040070
Instruction ID: eccb56b528335dc2111e059be9ead30fc0d83bc665f902e78f0fe64437f938b4
Opcode Fuzzy Hash: ceacf667a6d22f6492b1a0937c241200262b9455bcee3a4033e39e77f9040070
Instruction Fuzzy Hash: AB417BB1D00609AFDB24DFE9D940BFEBBF8EF58714F08816AE994A7240DB719905CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01025210 Relevance: .1, Instructions: 107
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E01025210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E010252A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E010695D0();
							L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E0103EB70(_t54, 0x11179a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E010695D0();
								L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E0103EB70(_t54, 0x11179a0);
						}
						return _t52;
					}
					L5:
					_t33 = E0106F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E0103EB70(_t54, 0x11179a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E010695D0();
							L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}

0x01025220
0x01025224
0x01080d13
0x01080d16
0x01080d19
0x0102522a
0x0102522a
0x0102522d
0x0102522d
0x01025231
0x01025235
0x01025239
0x01080d5c
0x01080d62
0x00000000
0x00000000
0x01080d6a
0x01080d7b
0x01080d7f
0x01080d81
0x01080d84
0x01080d95
0x01080d95
0x01080d6c
0x01080d71
0x01080d71
0x01080d9a
0x00000000
0x0102524a
0x0102524a
0x01025250
0x01080d24
0x01080d35
0x01080d39
0x01080d3b
0x01080d3e
0x01080d50
0x01080d50
0x01080d26
0x01080d2b
0x01080d2b
0x00000000
0x01080d55
0x01025256
0x0102525b
0x01025265
0x01080da7
0x0102526b
0x0102526e
0x01025272
0x01080db1
0x01080db4
0x01080dc5
0x01080dc5
0x01025272
0x01025278
0x0102527e
0x0102528a
0x0102528c
0x0102528d
0x00000000
0x01025280
0x01025282
0x01025288
0x0102529f
0x01025292
0x00000000
0x01025292
0x00000000
0x01025288
0x0102527e

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86ccbee298c5f0afae70182694cceba90e3741c02ae1eaf192f5ad4fd496e21d
Instruction ID: 837040f605f3c7556756f2de0f8534c77fdb6dc7c7c12fef6a3d3278bc32910e
Opcode Fuzzy Hash: 86ccbee298c5f0afae70182694cceba90e3741c02ae1eaf192f5ad4fd496e21d
Instruction Fuzzy Hash: 0831F631245711EBC726BF18CC81BAEB7A9FF51760F11462AF5D50B6D4EB70E808C694

Uniqueness

Uniqueness Score: -1.00%

Function 01063D43 Relevance: .1, Instructions: 106
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01063D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E01037B60(0, _t61, 0x10011c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E01037B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						_t12 =  &(_t61[2]); // 0x3
						 *((short*)( *_t12 + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = E01044620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}

0x01063d4c
0x01063d50
0x01063d55
0x01063d5e
0x0109e79a
0x00000000
0x0109e79a
0x01063d68
0x0109e789
0x01063d9d
0x01063da3
0x01063daf
0x01063db5
0x01063dbc
0x01063dc4
0x01063dc9
0x01063dce
0x0109e7ae
0x0109e7ae
0x01063dd9
0x01063dde
0x01063de2
0x01063de7
0x01063e0d
0x01063e13
0x01063e16
0x01063e1e
0x01063e25
0x01063e28
0x00000000
0x00000000
0x01063e2a
0x01063e2f
0x01063e37
0x01063e37
0x00000000
0x01063e37
0x01063e31
0x00000000
0x01063e31
0x01063e20
0x01063e20
0x01063e35
0x00000000
0x01063de9
0x01063de9
0x01063de9
0x01063dee
0x01063dfd
0x01063dff
0x01063e02
0x01063e05
0x01063e05
0x00000000
0x01063df0
0x01063de7
0x0109e78f
0x0109e794
0x01063d79
0x01063d84
0x01063d89
0x01063d8e
0x00000000
0x0109e7a4
0x01063d96
0x01063d9a
0x00000000
0x01063d9a
0x00000000
0x0109e794
0x01063d6e
0x01063d73
0x00000000
0x0109e7b5
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f3f2c5f153ab7b7ba93a912b4219ba696a9c432369b135c8ca1da61f439d539
Instruction ID: 71593b288ba1a540a8210b39423ebd216baeef65026e857724282a52a10dfe5c
Opcode Fuzzy Hash: 1f3f2c5f153ab7b7ba93a912b4219ba696a9c432369b135c8ca1da61f439d539
Instruction Fuzzy Hash: C4318B316006159BDB299F2DD841A6EBBE9FF95700B0580AEE98ACF290E730D840C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 0104C182 Relevance: .1, Instructions: 104
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E0104C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E01047D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E010F8D34(_v8, _t80);
					}
					E01042280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E0103FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E010F8833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E0103FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E0106B180();
						if(_a4 != 0) {
							E01042280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E0104BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E0104BB2D(_t16, _t15);
						E0104B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E0103FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E0103FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E0103FFB0(0, __ecx, _t24);
				}
				return 0;
			}

0x0104c18d
0x0104c18f
0x0104c191
0x0104c19b
0x0104c1a0
0x0104c1d4
0x0104c1de
0x01092d6e
0x0104c1e4
0x0104c1e4
0x0104c1e4
0x0104c1ec
0x01092d7d
0x01092d7d
0x0104c1f3
0x0104c1ff
0x01092d88
0x01092d8d
0x01092d94
0x01092d94
0x01092d9f
0x01092da4
0x01092dab
0x01092db0
0x01092db2
0x01092db3
0x01092db4
0x01092dbc
0x01092dc3
0x01092dc3
0x0104c205
0x0104c205
0x0104c208
0x0104c20e
0x0104c211
0x0104c216
0x0104c219
0x0104c21f
0x0104c222
0x0104c22c
0x0104c234
0x0104c23a
0x0104c23f
0x0104c245
0x0104c24b
0x0104c251
0x0104c25a
0x0104c276
0x0104c27d
0x0104c27d
0x0104c25c
0x0104c25c
0x00000000
0x0104c25e
0x0104c1a4
0x0104c1aa
0x0104c1b3
0x0104c265
0x0104c26c
0x0104c26c
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
Instruction ID: e86036ec1a5434a3eca0131c8734d30cabd47fb122a612bfdec1b791676385db
Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
Instruction Fuzzy Hash: 873148B1B06547BFE745EBB4C5C0BE9FB98BF52204F0441AAD49C87201DB746A05D7E1

Uniqueness

Uniqueness Score: -1.00%

Function 010A7016 Relevance: .1, Instructions: 104
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E010A7016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x111d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E010A6B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E010A6B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E01047D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E01069AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E0106B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = E01044620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}

0x010a7016
0x010a701e
0x010a702b
0x010a7033
0x010a7037
0x010a703c
0x010a703e
0x010a7041
0x010a7045
0x010a704a
0x010a7050
0x010a7055
0x010a705a
0x010a7062
0x010a7062
0x010a705a
0x010a7064
0x010a7064
0x010a7067
0x010a7071
0x010a7096
0x010a709b
0x010a70a2
0x010a70a6
0x010a70a7
0x010a70ad
0x010a70b3
0x010a70b6
0x010a70bb
0x010a70c3
0x010a70c3
0x010a70c6
0x010a70cd
0x010a70dd
0x010a70e0
0x010a70e2
0x010a70e2
0x010a70ee
0x010a7101
0x010a70f0
0x010a70f9
0x010a70f9
0x010a710a
0x010a710e
0x010a7112
0x010a7117
0x010a7118
0x010a7118
0x010a70bb
0x010a711d
0x010a7123
0x010a7131
0x010a7131
0x010a7136
0x010a713d
0x010a713e
0x010a713f
0x010a714a
0x010a714a
0x010a7084
0x010a7088
0x00000000
0x010a708e
0x010a708e
0x010a7092
0x00000000
0x010a7092

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff78aa48f8d54a6c9fbfa7a8effe2a82b0271d52c6051b32e8525762ae6e0033
Instruction ID: e2c2358ba333bf7e7f05ad7702ef827fcee463a1d36b27779986ce5054bada0f
Opcode Fuzzy Hash: ff78aa48f8d54a6c9fbfa7a8effe2a82b0271d52c6051b32e8525762ae6e0033
Instruction Fuzzy Hash: D43191726047519BC320DF6CC990AAAB7F9BF88600F448A69F9D587690E731E904C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 010553C5 Relevance: .1, Instructions: 98
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E010553C5(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				signed int _t56;
				unsigned int _t58;
				char _t63;
				unsigned int _t72;
				signed int _t77;
				intOrPtr _t79;
				void* _t80;

				_push(0x18);
				_push(0x10fff80);
				E0107D08C(__ebx, __edi, __esi);
				_t79 = __ecx;
				 *((intOrPtr*)(_t80 - 0x28)) = __ecx;
				 *((char*)(_t80 - 0x1a)) = 0;
				 *((char*)(_t80 - 0x19)) = 0;
				 *((intOrPtr*)(_t80 - 0x20)) = 0;
				 *((intOrPtr*)(_t80 - 4)) = 0;
				if(( *(__ecx + 0x40) & 0x75010f61) != 0 || ( *(__ecx + 0x40) & 0x00000002) == 0 || ( *( *[fs:0x30] + 0x68) & 0x00000800) != 0) {
					_t47 = 0;
					_t63 = 1;
				} else {
					_t63 = 1;
					_t47 = 1;
				}
				if(_t47 == 0) {
					_t77 = 0xc000000d;
					goto L18;
				} else {
					E0103EEF0( *((intOrPtr*)(_t79 + 0xc8)));
					 *((char*)(_t80 - 0x19)) = _t63;
					if( *((char*)(_t79 + 0xda)) == 2) {
						_t47 =  *(_t79 + 0xd4);
					} else {
						_t47 = 0;
					}
					if(_t47 != 0) {
						_t77 = 0;
						goto L18;
					} else {
						if( *((intOrPtr*)(_t79 + 0xd8)) != 0) {
							_t77 = 0xc000001e;
							L18:
							 *((intOrPtr*)(_t80 - 0x20)) = _t77;
							L19:
							_t64 = 0xffff;
							L14:
							 *((intOrPtr*)(_t80 - 4)) = 0xfffffffe;
							E01055520(_t47, _t64, _t79);
							return E0107D0D1(_t77);
						}
						 *((short*)(_t79 + 0xd8)) = _t63;
						 *((char*)(_t80 - 0x1a)) = _t63;
						_t72 =  *0x1115cb4; // 0x4000
						_t69 = _t79;
						_t77 = E010555C8(_t79, (_t72 >> 3) + 2);
						 *((intOrPtr*)(_t80 - 0x20)) = _t77;
						if(_t77 < 0) {
							goto L19;
						}
						E01055539(_t79,  *((intOrPtr*)(_t79 + 0xb4)), _t69);
						 *(_t79 + 0xd4) =  *(_t79 + 0xd4) & 0x00000000;
						 *((char*)(_t79 + 0xda)) = 0;
						E0103EB70(_t79,  *((intOrPtr*)(_t79 + 0xc8)));
						 *((char*)(_t80 - 0x19)) = 0;
						_t71 = _t79;
						 *(_t80 - 0x24) = E01053C3E(_t79);
						E0103EEF0( *((intOrPtr*)(_t79 + 0xc8)));
						 *((char*)(_t80 - 0x19)) = _t63;
						_t56 =  *(_t80 - 0x24);
						if(_t56 == 0) {
							_t77 = 0xc0000017;
							 *((intOrPtr*)(_t80 - 0x20)) = 0xc0000017;
						} else {
							 *(_t79 + 0xd4) = _t56;
							 *((short*)(_t79 + 0xda)) = 0x202;
							if((E01054190() & 0x00010000) == 0) {
								_t58 =  *0x1115cb4; // 0x4000
								 *(_t79 + 0x6c) = _t58 >> 3;
							}
						}
						_t64 = 0xffff;
						 *((intOrPtr*)(_t79 + 0xd8)) =  *((intOrPtr*)(_t79 + 0xd8)) + 0xffff;
						 *((char*)(_t80 - 0x1a)) = 0;
						 *((char*)(_t80 - 0x19)) = 0;
						_t47 = E0103EB70(_t71,  *((intOrPtr*)(_t79 + 0xc8)));
						goto L14;
					}
				}
			}

0x010553c5
0x010553c7
0x010553cc
0x010553d1
0x010553d3
0x010553d8
0x010553db
0x010553de
0x010553e1
0x010553eb
0x010970b0
0x010970b4
0x0105540e
0x01055410
0x01055411
0x01055411
0x01055415
0x010970ba
0x00000000
0x0105541b
0x01055421
0x01055426
0x01055432
0x010970d3
0x01055438
0x01055438
0x01055438
0x0105543c
0x010970de
0x00000000
0x01055442
0x01055449
0x010970c1
0x010970c6
0x010970c6
0x010970c9
0x010970c9
0x0105550c
0x0105550c
0x01055513
0x0105551f
0x0105551f
0x0105544f
0x01055456
0x01055459
0x01055465
0x0105546c
0x0105546e
0x01055473
0x00000000
0x00000000
0x01055482
0x01055487
0x0105548e
0x0105549b
0x010554a0
0x010554a4
0x010554ab
0x010554b4
0x010554b9
0x010554bc
0x010554c1
0x010970e2
0x010970e7
0x010554c7
0x010554c7
0x010554cd
0x010554e0
0x010554e2
0x010554ea
0x010554ea
0x010554e0
0x010554ed
0x010554f2
0x010554f9
0x010554fd
0x01055507
0x00000000
0x01055507
0x0105543c

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f4d5a4ea558a8170ddee22fa241e82bf0708bd7400d185ccb3e4c81c4205bbf
Instruction ID: 6a9faa529f5ff21657213a43e910c37febba5f4541344742e09268265434402f
Opcode Fuzzy Hash: 8f4d5a4ea558a8170ddee22fa241e82bf0708bd7400d185ccb3e4c81c4205bbf
Instruction Fuzzy Hash: 9C41E231A04745CBDB628FB8C8203EFBAE2AF91304F14056ED4C6AB341DB355945DBA9

Uniqueness

Uniqueness Score: -1.00%

Function 010D3D40 Relevance: .1, Instructions: 98
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E010D3D40(intOrPtr __ecx, char* __edx) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed char _v24;
				char _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char _t34;
				intOrPtr* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				char* _t55;
				char _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				char* _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x111d360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E01042280(_t34, 0x1118a6c);
				_t64 =  *0x1115768; // 0x77de5768
				if(_t64 != 0x1115768) {
					while(1) {
						_t8 = _t64 + 8; // 0x77de5770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E0103FFB0(_t53, _t64, 0x1118a6c);
						 *0x111b1e0(_v24, _t67);
						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
							_v37 = 1;
						}
						E01042280(_t45, 0x1118a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t48 =  *((intOrPtr*)(_t53 + 4));
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x1115768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E0103FFB0(_t51, _t64, 0x1118a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E0106B640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

0x010d3d40
0x010d3d48
0x010d3d52
0x010d3d59
0x010d3d5d
0x010d3d61
0x010d3d63
0x010d3d67
0x010d3d69
0x010d3d72
0x010d3d76
0x010d3d7a
0x010d3d7f
0x010d3d8b
0x010d3d91
0x010d3d91
0x010d3d91
0x010d3d94
0x010d3d96
0x010d3d9d
0x010d3da1
0x010d3db0
0x010d3dba
0x010d3dbc
0x010d3dbc
0x010d3dc6
0x010d3dcb
0x010d3dcf
0x010d3dd1
0x010d3dd4
0x00000000
0x00000000
0x010d3dd9
0x010d3e0c
0x010d3e0c
0x010d3e0f
0x010d3ddb
0x010d3ddb
0x010d3de0
0x00000000
0x010d3de2
0x010d3de2
0x010d3de4
0x010d3de8
0x010d3deb
0x010d3df1
0x00000000
0x010d3df3
0x010d3df3
0x010d3df5
0x010d3df8
0x010d3dfa
0x00000000
0x010d3dfa
0x010d3df1
0x010d3de0
0x010d3e11
0x010d3e11
0x00000000
0x010d3dfe
0x010d3e04
0x010d3e06
0x00000000
0x010d3e06
0x00000000
0x010d3e04
0x010d3d91
0x010d3e15
0x010d3e1a
0x010d3e1f
0x010d3e1f
0x010d3e23
0x010d3e29
0x00000000
0x00000000
0x010d3e2e
0x00000000
0x010d3e30
0x010d3e30
0x010d3e35
0x00000000
0x010d3e37
0x010d3e3e
0x010d3e42
0x010d3e48
0x010d3e4e
0x00000000
0x010d3e4e
0x010d3e35
0x00000000
0x010d3e2e
0x010d3e5b
0x010d3e5c
0x010d3e5d
0x010d3e68
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1daf16424f4d1975132ffb322cc150daae65fa139b42b7e123a29fa83b71a2be
Instruction ID: cc29c7161883eab57a62b6e30fed9d882149c03f120a4feea78e9e965be0ecd2
Opcode Fuzzy Hash: 1daf16424f4d1975132ffb322cc150daae65fa139b42b7e123a29fa83b71a2be
Instruction Fuzzy Hash: F13148B2A09302DFC718DF18E58195AFBE1FF85704F4489AEE4989B295D730DD04CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 01023880 Relevance: .1, Instructions: 97
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E01023880(signed int _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				signed int _t28;
				signed int _t30;
				signed int* _t42;
				signed int _t45;
				signed int* _t46;
				void* _t47;

				_v20 = _v20 | 0xffffffff;
				_t28 = 0;
				_t42 = 0;
				_v24 = 0xfd050f80;
				_t46 = 0;
				_v16 = 0;
				_t45 = 0;
				_v12 = 0;
				_v8 = 0;
				_t47 =  *0x11184cc - _t28; // 0x0
				if(_t47 != 0) {
					E0104ECE0(_a12, _a8, 0, 0);
					_t30 = 0;
					L2:
					while(1) {
						do {
							L2:
							while(1) {
								if(_t46 != 0) {
									L5:
									_push(0x1030);
									_push(_t46);
									_push(_t45);
									_push(_t30);
									_push( &_v16);
									_push(_t42);
									if(E0106A3A0() >= 0) {
										_t43 = _t46;
										_t45 = E0102395E(_t46, 0);
										if(_t45 == 0x103) {
											_t42 = 0;
											_t30 = 0;
											_v16 = _v16 & 0;
											_t45 = 0;
											_v12 = _v12 & 0;
											_t46 = 0;
											_v8 = 0;
											continue;
										} else {
											break;
										}
										goto L9;
									}
								} else {
									_t46 = E01044620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t46, 0x1030);
									if(_t46 == 0) {
										_t28 = 0xc0000017;
									} else {
										_t30 = _v8;
										goto L5;
									}
								}
								if(_t28 != 0x8000001a) {
									_t28 = E0104ECE0(_a12, _a8,  &_v24, 0);
								}
								if(_t46 != 0) {
									return L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t46);
								}
								goto L9;
							}
							_t13 =  &(_t46[2]); // 0x8
							_t42 = _t13;
							_v16 =  *_t46;
							_v12 = _t46[1];
							_t30 = _t46[6];
							_v8 = _t30;
						} while (_t45 != 0xc000022d);
						E010B2D0B(_t43);
						_t30 = _v8;
						_t46 = 0;
					}
				}
				L9:
				return _t28;
			}

0x01023888
0x0102388c
0x0102388f
0x01023891
0x01023899
0x0102389b
0x0102389f
0x010238a1
0x010238a4
0x010238a7
0x010238ad
0x010238b7
0x010238bc
0x00000000
0x010238be
0x010238be
0x00000000
0x010238be
0x010238c0
0x010238e3
0x010238e3
0x010238e8
0x010238e9
0x010238ea
0x010238ee
0x010238ef
0x010238f7
0x01023924
0x0102392b
0x01023933
0x0107ffb7
0x0107ffb9
0x0107ffbb
0x0107ffbe
0x0107ffc0
0x0107ffc3
0x0107ffc5
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x01023933
0x010238c2
0x010238d6
0x010238da
0x0107ffdc
0x010238e0
0x010238e0
0x00000000
0x010238e0
0x010238da
0x010238fe
0x0107fff2
0x0107fff2
0x01023906
0x00000000
0x01023914
0x00000000
0x01023906
0x0102393b
0x0102393b
0x0102393e
0x01023944
0x01023947
0x0102394a
0x0102394d
0x0107ffcd
0x0107ffd2
0x0107ffd5
0x0107ffd5
0x010238be
0x0102391f
0x0102391f

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0ab0a411d39d1433d7fcba0179c0da300310dc47d0908bffd2f5afe18acf44c
Instruction ID: c358ea1d0958bf8bf577be92c18bcb2fbccfc9cca079550620bca9d45a3e0e9f
Opcode Fuzzy Hash: e0ab0a411d39d1433d7fcba0179c0da300310dc47d0908bffd2f5afe18acf44c
Instruction Fuzzy Hash: 9C31A672E0022AAFD721DEA9C880AEEFBF9FF09750F014565E995DB250D6749E00CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 010EA189 Relevance: .1, Instructions: 96
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E010EA189(signed int __ecx, signed char __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* __ebx;
				void* __edi;
				intOrPtr _t29;
				intOrPtr* _t30;
				signed int* _t40;
				void* _t44;
				signed int _t50;
				intOrPtr* _t51;
				intOrPtr _t52;

				_v20 = __edx;
				_t50 = __ecx;
				if(__edx != 0) {
					E01042280(__edx, 0x1116220);
					_t42 = _t50;
					_t40 = E010EA166(_t50);
					if(_t40 != 0) {
						L15:
						E0103FFB0(_t40, _t50, 0x1116220);
						 *_v20 = _t40;
						return 0;
					}
					_t44 = E010EA166(_t42 ^ 0x00000100);
					if(_t44 != 0) {
						_v12 =  *((intOrPtr*)(_t44 + 4));
						_v8 =  *((intOrPtr*)(_t44 + 8));
						L7:
						_t51 = E01044620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x50);
						if(_t51 != 0) {
							_t10 = _t51 + 0xc; // 0xc
							_t40 = _t10;
							_t29 = E010DA708(_t50, _v12, _v8, _t40);
							_v16 = _t29;
							if(_t29 >= 0) {
								 *(_t51 + 8) = _t50;
								_t30 =  *0x11153d4; // 0x77de53d0
								if( *_t30 != 0x11153d0) {
									0x11153d0 = 3;
									asm("int 0x29");
								}
								 *_t51 = 0x11153d0;
								 *((intOrPtr*)(_t51 + 4)) = _t30;
								 *_t30 = _t51;
								 *0x11153d4 = _t51;
								goto L15;
							}
							L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t51);
							_t52 = _v16;
							L11:
							E0103FFB0(_t40, _t50, 0x1116220);
							return _t52;
						}
						_t52 = 0xc0000017;
						goto L11;
					}
					_push( &_v8);
					_push( &_v12);
					_push(_t44);
					_push(_t50 & 0xfffffeff);
					_push(0xc);
					_t52 = E0106A420();
					if(_t52 >= 0) {
						goto L7;
					}
					goto L11;
				}
				return 0xc00000f0;
			}

0x010ea194
0x010ea199
0x010ea19d
0x010ea1ae
0x010ea1b3
0x010ea1ba
0x010ea1be
0x010ea27e
0x010ea283
0x010ea28b
0x00000000
0x010ea28d
0x010ea1cf
0x010ea1d3
0x010ea1f8
0x010ea1fe
0x010ea201
0x010ea213
0x010ea217
0x010ea223
0x010ea223
0x010ea22c
0x010ea231
0x010ea236
0x010ea25b
0x010ea263
0x010ea26a
0x010ea26e
0x010ea26f
0x010ea26f
0x010ea271
0x010ea273
0x010ea276
0x010ea278
0x00000000
0x010ea278
0x010ea245
0x010ea24a
0x010ea24d
0x010ea252
0x00000000
0x010ea257
0x010ea219
0x00000000
0x010ea219
0x010ea1d8
0x010ea1dc
0x010ea1dd
0x010ea1e5
0x010ea1e6
0x010ea1ed
0x010ea1f1
0x00000000
0x00000000
0x00000000
0x010ea1f3
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88b77ffa8614d6a9dfa8fcc4d05eb9e3fc77e808b9e32289e7ffb3c09d834c1a
Instruction ID: 2b21953286ddcacf73e8e78b18876801393c5a6dec9f7932e2b0d584d8292e42
Opcode Fuzzy Hash: 88b77ffa8614d6a9dfa8fcc4d05eb9e3fc77e808b9e32289e7ffb3c09d834c1a
Instruction Fuzzy Hash: ED31C271B00216EFCB169B9ED840BAEBBF9AF89750F1000BDE595EB250DBB1DD008790

Uniqueness

Uniqueness Score: -1.00%

Function 010561A0 Relevance: .1, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E010561A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E01055E50(0x10067cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E010F9D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E0102F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}

0x010561b3
0x010561b5
0x010561bd
0x010561c3
0x010561c7
0x010561d2
0x010561ff
0x010561ff
0x01056201
0x01056207
0x01056207
0x010561d4
0x010561d9
0x00000000
0x00000000
0x010561df
0x010561e2
0x00000000
0x00000000
0x010561e6
0x010561e8
0x010561ee
0x010561ee
0x010561f9
0x0109762f
0x01097632
0x01097635
0x01097639
0x01097640
0x0109766e
0x01097675
0x00000000
0x00000000
0x01097681
0x01097689
0x0109768d
0x01097691
0x01097695
0x01097699
0x010976af
0x010976b5
0x010976b7
0x010976b7
0x010976d7
0x010976dc
0x00000000
0x010976dc
0x010976a2
0x010976a9
0x01097651
0x01097653
0x01097653
0x01097656
0x01097656
0x00000000
0x01097656
0x01097644
0x01097646
0x01097648
0x01097648
0x00000000
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a69157516fdc72c90acc71fff937a6c6465e8f96bb0a74f2a8f49417a3b7464d
Instruction ID: 7a139f37796b9c67012ddc92d61c7904a80029c681407c07d696ea3a33f8f913
Opcode Fuzzy Hash: a69157516fdc72c90acc71fff937a6c6465e8f96bb0a74f2a8f49417a3b7464d
Instruction Fuzzy Hash: 0D317C726157018FE7A0CF0DC810B2ABBE4FB88B00F4449ADE9D897351E771E804CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0102AA16 Relevance: .1, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E0102AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x111d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x1117b9c; // 0x0
					_t53 = E01044620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E0106B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E0106F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L01036C59(_t53, _t51, _t58) != 0) {
							_t28 = E01055E50(0x100c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E0105B230(_v32, _v28, 0x100c2d8, 1,  &_v24);
								_t28 = E0102F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}

0x0102aa25
0x0102aa29
0x0102aa2d
0x0102aa30
0x0102aa37
0x0102aa3c
0x01084458
0x01084458
0x01084472
0x01084474
0x01084476
0x0102aa64
0x0102aa74
0x0108447c
0x01084483
0x01084492
0x0102aa52
0x0102aa54
0x0102aa5e
0x010844a8
0x010844ad
0x010844af
0x010844b6
0x010844b6
0x010844b9
0x010844bc
0x010844cd
0x010844d3
0x010844d6
0x010844e1
0x010844e1
0x010844e6
0x010844e8
0x010844fb
0x010844fb
0x010844e8
0x00000000
0x0102aa5e
0x01084476
0x0102aa42
0x0102aa46
0x0102aa48
0x0102aa4c
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: becea4cfd46c38475c780a6df150c660c931e3dffb96328d22275121eb2c1485
Instruction ID: 90cf3e97cd978a0b0556a9fc36ec425413a70772282b1fbe72d83d6aa884b3cd
Opcode Fuzzy Hash: becea4cfd46c38475c780a6df150c660c931e3dffb96328d22275121eb2c1485
Instruction Fuzzy Hash: 8431E571A0022AEBDF15AF68CD81ABFB7B8FF04700F0144A9F981D7140EB74AA10C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 01064A2C Relevance: .1, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E01064A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x111d360 ^ _t62;
				_v8 =  *0x111d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E01042280(_t26, 0x1118608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E0103FFB0(_t41, _t51, 0x1118608);
						L2:
						 *0x111b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E0106B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E01042280(_t28, 0x1118608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E0103FFB0(_t42, _t53, 0x1118608);
							if(_t53 != 0) {
								L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E0103FFB0(_t41, _t51, 0x1118608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}

0x01064a2c
0x01064a34
0x01064a3c
0x01064a3e
0x01064a48
0x01064a4b
0x01064a4d
0x01064a51
0x01064a9c
0x00000000
0x00000000
0x01064aa3
0x01064aa8
0x01064aad
0x01064ab1
0x01064ade
0x01064ae3
0x01064a5a
0x01064a62
0x01064a6a
0x01064a6e
0x0109f203
0x01064a84
0x01064a88
0x01064a89
0x01064a8a
0x01064a95
0x01064a95
0x01064a79
0x01064a80
0x01064af2
0x01064af4
0x01064af9
0x01064aff
0x01064b01
0x01064b03
0x01064b08
0x0109f20a
0x0109f212
0x0109f216
0x0109f216
0x01064b08
0x01064b13
0x01064b1a
0x0109f229
0x0109f229
0x01064b1a
0x01064a82
0x00000000
0x01064a82
0x01064ab7
0x01064acd
0x01064acd
0x01064ad5
0x01064ada
0x00000000
0x01064ada
0x01064ac2
0x01064acb
0x00000000
0x00000000
0x00000000
0x01064acb
0x01064a53
0x01064a53
0x01064a58
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18ee8f35b7b42d4b45ed7057798006aed9877a105f632037411c66f756ab0dd9
Instruction ID: 6f08c53f84bb8aed488d06d0d313ba4746c94efc7b259ce508df527306599185
Opcode Fuzzy Hash: 18ee8f35b7b42d4b45ed7057798006aed9877a105f632037411c66f756ab0dd9
Instruction Fuzzy Hash: 6331E232605351AFC7629F58C984B6EFBE8FFC4B10F0445A9E9D687651CB70D800CB96

Uniqueness

Uniqueness Score: -1.00%

Function 010278D6 Relevance: .1, Instructions: 91
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E010278D6(intOrPtr* __ecx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4) {
				void* _v8;
				intOrPtr* _v12;
				void* __ebp;
				void* _t29;
				void* _t56;
				intOrPtr _t58;
				signed int _t65;
				void* _t67;
				intOrPtr* _t69;
				void* _t71;

				_t57 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t69 = __ecx;
				_push(__edx);
				_v8 = __edx;
				_v12 = __ecx;
				if(E0103A860(__eflags) == 0) {
					_t29 = 0xc000000d;
				} else {
					_t56 =  *_t69;
					_t65 = 0x00000017 + ( *(__edx + 1) & 0x000000ff) * 0x00000004 & 0xfffffff8;
					_t32 =  *((intOrPtr*)(_t56 + 8)) + _t65;
					if( *((intOrPtr*)(_t56 + 8)) + _t65 < _t65) {
						_t29 = 0xc0000173;
					} else {
						_t71 = E01044620(_t57,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t32);
						if(_t71 == 0) {
							_t29 = 0xc000009a;
						} else {
							E0106F3E0(_t71, _t56,  *((intOrPtr*)(_t56 + 8)));
							 *((intOrPtr*)(_t71 + 8)) =  *((intOrPtr*)(_t56 + 8)) + _t65;
							 *((intOrPtr*)(_t71 + 4)) =  *((intOrPtr*)(_t56 + 4)) + 1;
							_t58 =  *((intOrPtr*)(_t56 + 8));
							 *((intOrPtr*)(_t58 + _t71)) = (0 | _a4 != 0x00000000) + 2;
							 *(_t58 + _t71 + 4) = _t65;
							E0106F3E0(_t58 + 8 + _t71, _v8, 8 + ( *(_v8 + 1) & 0x000000ff) * 4);
							_t67 = E01027672(_t71);
							if(_t67 < 0) {
								L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t71);
								_t29 = _t67;
							} else {
								L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
								 *_v12 = _t71;
								_t29 = 0;
							}
						}
					}
				}
				return _t29;
			}

0x010278d6
0x010278db
0x010278dc
0x010278e1
0x010278e3
0x010278e4
0x010278e7
0x010278f1
0x010829b5
0x010278f7
0x010278fb
0x01027908
0x0102790b
0x0102790f
0x010829bf
0x01027915
0x01027926
0x0102792a
0x010829c9
0x01027930
0x01027935
0x01027942
0x01027949
0x01027951
0x0102795a
0x0102795d
0x01027974
0x01027983
0x01027987
0x010829e0
0x010829e5
0x0102798d
0x01027999
0x010279a1
0x010279a3
0x010279a3
0x01027987
0x0102792a
0x010279a5
0x010279ab

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9a6e3358202fe57e4d6c011c4744451192f56deb94866768f281c596d07d196
Instruction ID: 29fdc1f4a545772dc49b9aaf2a02269974953b463d0bb08b2d9acf7eb8c4c8b9
Opcode Fuzzy Hash: e9a6e3358202fe57e4d6c011c4744451192f56deb94866768f281c596d07d196
Instruction Fuzzy Hash: C531D2B2600624AFD711DF58CC80B9ABBA9EF99650F1880A9E5C8CB351DA35DD41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 01029100 Relevance: .1, Instructions: 87
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E01029100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x10ff6e8);
				E0107D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E010F88F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0107D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x11186c0; // 0xbb07b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x11186b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E01042280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E010F88F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E0106AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x111b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x11184c0;
										if(_t69 >=  *0x11184c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E010F9063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0102922A(_t82);
							_t53 = E01047D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E010F8B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x11186c0; // 0xbb07b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x11186b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x11186bc;
										_t72 = 0x11186b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E01029240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x11186c4;
									_t72 = 0x11186c0;
									L18:
									E01059B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}

0x01029100
0x01029100
0x01029100
0x01029100
0x01029102
0x01029107
0x0102910c
0x01029110
0x01029115
0x01029136
0x01029143
0x010837e4
0x010837e4
0x01029149
0x0102914e
0x0102914e
0x01029117
0x0102911d
0x00000000
0x00000000
0x0102911f
0x01029125
0x00000000
0x01029151
0x01029158
0x0102915d
0x01029161
0x01029168
0x01083715
0x00000000
0x0102916e
0x0102916e
0x01029175
0x01029177
0x0102917e
0x0102917f
0x01029182
0x01029182
0x01029187
0x01029187
0x0102918a
0x0102918d
0x0102918f
0x01029192
0x01029195
0x01029198
0x01029198
0x01029198
0x0102919a
0x00000000
0x00000000
0x0108371f
0x01083721
0x01083727
0x0108372f
0x01083733
0x01083735
0x01083738
0x0108373b
0x0108373d
0x01083740
0x00000000
0x00000000
0x01083746
0x01083749
0x00000000
0x00000000
0x0108374f
0x01083751
0x00000000
0x00000000
0x01083757
0x01083759
0x0108375c
0x0108375c
0x0108375e
0x0108375e
0x01083761
0x01083764
0x00000000
0x00000000
0x01083766
0x01083768
0x010837a3
0x010837a3
0x010837a5
0x010837a7
0x010837ad
0x010837b0
0x010837b2
0x010837bc
0x010837c2
0x010837c2
0x010837b2
0x01029187
0x01029187
0x0102918a
0x0102918d
0x0102918f
0x01029192
0x01029195
0x00000000
0x01029195
0x00000000
0x01029187
0x0108376a
0x0108376a
0x0108376c
0x0108376c
0x0108376f
0x01083775
0x00000000
0x00000000
0x01083777
0x01083779
0x00000000
0x00000000
0x01083782
0x01083787
0x01083789
0x01083790
0x01083790
0x0108378b
0x0108378b
0x0108378b
0x01083792
0x01083795
0x01083795
0x01083798
0x01083798
0x0108379b
0x0108379b
0x010291a3
0x010291a9
0x010291b0
0x010291b4
0x010291b4
0x010291bb
0x010291c0
0x010291c5
0x010291c7
0x010837da
0x010291cd
0x010291cd
0x010291cd
0x010291d2
0x010291d5
0x01029239
0x01029239
0x010291d7
0x010291db
0x010291e1
0x010291e7
0x010291fd
0x01029203
0x0102921e
0x01029223
0x00000000
0x01029223
0x01029205
0x01029208
0x0102920c
0x01029214
0x01029214
0x010291e9
0x010291e9
0x010291ee
0x010291f3
0x010291f3
0x010291f3
0x010291e7
0x00000000
0x010291db
0x01029187
0x01029168

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee938d56fd63716aa2ce99ddeb50581088734ac311d8a8294eb90cad1c4b8eb4
Instruction ID: d907c859e710179d8733fcf1ef7e0a406a5762b79e5ef2a859026d03f1c6e732
Opcode Fuzzy Hash: ee938d56fd63716aa2ce99ddeb50581088734ac311d8a8294eb90cad1c4b8eb4
Instruction Fuzzy Hash: 0B310671A00265DFEB66EF6DC5887DCBBF1BF89318F28819DC58467241C330A980CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0105F527 Relevance: .1, Instructions: 87
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E0105F527(void* __ecx, void* __edx, signed int* _a4) {
				char _v8;
				signed int _v12;
				void* __ebx;
				signed int _t28;
				signed int _t32;
				signed int _t34;
				signed char* _t37;
				intOrPtr _t38;
				intOrPtr* _t50;
				signed int _t53;
				void* _t69;

				_push(__ecx);
				_push(__ecx);
				_t69 = __ecx;
				_t53 =  *(__ecx + 0x10);
				_t50 = __ecx + 0x14;
				_t28 = _t53 + __edx;
				_v12 = _t28;
				if(_t28 >  *_t50) {
					_v8 = _t28 -  *_t50;
					_push(E01050678( *((intOrPtr*)(__ecx + 0xc)), 1));
					_push(0x1000);
					_push( &_v8);
					_push(0);
					_push(_t50);
					_push(0xffffffff);
					_t32 = E01069660();
					__eflags = _t32;
					if(_t32 < 0) {
						 *_a4 =  *_a4 & 0x00000000;
						L2:
						return _t32;
					}
					 *((intOrPtr*)( *((intOrPtr*)(_t69 + 0xc)) + 0x1e8)) =  *((intOrPtr*)( *((intOrPtr*)(_t69 + 0xc)) + 0x1e8)) + _v8;
					_t34 = E01047D50();
					_t66 = 0x7ffe0380;
					__eflags = _t34;
					if(_t34 != 0) {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					} else {
						_t37 = 0x7ffe0380;
					}
					__eflags =  *_t37;
					if( *_t37 != 0) {
						_t38 =  *[fs:0x30];
						__eflags =  *(_t38 + 0x240) & 0x00000001;
						if(( *(_t38 + 0x240) & 0x00000001) == 0) {
							goto L7;
						}
						__eflags = E01047D50();
						if(__eflags != 0) {
							_t66 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E010E1582(_t50,  *((intOrPtr*)(_t69 + 0xc)),  *_t50, __eflags, _v8,  *( *((intOrPtr*)(_t69 + 0xc)) + 0x74) << 3,  *_t66 & 0x000000ff);
						E010E138A(_t50,  *((intOrPtr*)(_t69 + 0xc)),  *_t50, _v8, 9);
						goto L7;
					} else {
						L7:
						 *_t50 =  *_t50 + _v8;
						_t53 =  *(_t69 + 0x10);
						goto L1;
					}
				}
				L1:
				 *_a4 = _t53;
				 *(_t69 + 0x10) = _v12;
				_t32 = 0;
				goto L2;
			}

0x0105f52c
0x0105f52d
0x0105f530
0x0105f533
0x0105f536
0x0105f539
0x0105f53c
0x0105f541
0x0105f561
0x0105f569
0x0105f56a
0x0105f572
0x0105f573
0x0105f575
0x0105f576
0x0105f578
0x0105f57d
0x0105f57f
0x0105f5b7
0x0105f550
0x0105f556
0x0105f556
0x0105f587
0x0105f58d
0x0105f592
0x0105f597
0x0105f599
0x0109bcc9
0x0105f59f
0x0105f59f
0x0105f59f
0x0105f5a1
0x0105f5a4
0x0109bcd3
0x0109bcd9
0x0109bce0
0x00000000
0x00000000
0x0109bceb
0x0109bced
0x0109bcf8
0x0109bcf8
0x0109bcf8
0x0109bd11
0x0109bd20
0x00000000
0x0105f5aa
0x0105f5aa
0x0105f5ad
0x0105f5af
0x00000000
0x0105f5af
0x0105f5a4
0x0105f543
0x0105f546
0x0105f54b
0x0105f54e
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
Instruction ID: 3baddb85e6e07222fd03ed5c024fd9b675294fd2e155bdabdf7eb0e5c1f2a6ba
Opcode Fuzzy Hash: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
Instruction Fuzzy Hash: 31319A71600649EFDB61CF68C884F6AB7F9EF44314F1045A9EA958B290E734EE01CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01051DB5 Relevance: .1, Instructions: 87
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E01051DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E0104F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = E01044620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E0104F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}

0x01051dc2
0x01051dc5
0x01051dc7
0x01051dcc
0x01051dce
0x01051dd6
0x01051ddf
0x01051de0
0x01051de1
0x01051de5
0x01051de8
0x01051def
0x01051df0
0x01051df6
0x01051df7
0x01051dfe
0x01051e1a
0x00000000
0x00000000
0x01051e0b
0x01051e12
0x01051e12
0x01051e00
0x01051e00
0x01051e05
0x01051e1e
0x01051e23
0x0109570f
0x01095713
0x00000000
0x00000000
0x01095719
0x01095719
0x01051e2c
0x01051e2d
0x01051e2e
0x01051e2f
0x01051e31
0x01051e32
0x01051e35
0x01051e3d
0x01095723
0x0109573d
0x0109573d
0x00000000
0x01095723
0x01051e49
0x01051e4e
0x01051e4e
0x01051e09
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
Instruction ID: 8d70c3fdaa864b851eeba135e28cd0fcde24148ae649e4a8145b77ecf6a2afe4
Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
Instruction Fuzzy Hash: B2219C72600219FBD761CF99CC84FABBBBDEF89740F1140A5EA8197210D674AE01DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 01048D76 Relevance: .1, Instructions: 82
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E01048D76(intOrPtr* __ecx, void* __edx) {
				void* __ebx;
				signed int _t24;
				intOrPtr* _t26;
				char* _t27;
				intOrPtr* _t32;
				char* _t33;
				signed char _t43;
				signed char _t44;
				signed char _t52;
				void* _t56;
				intOrPtr* _t57;

				_t56 = __edx;
				_t57 = __ecx;
				if(( *(__edx + 0x10) & 0x0000ffff) == 0) {
					L14:
					_t52 = 0;
				} else {
					_t52 = 1;
					if(( *0x11184b4 & 0x00000004) == 0) {
						_t24 =  *(__ecx + 0x5c) & 0x0000ffff;
						if(_t24 > 0x70 ||  *((intOrPtr*)(__ecx + 0x50)) < ( *(0x100ade8 + _t24 * 2) & 0x0000ffff) << 4) {
							goto L2;
						} else {
							asm("sbb bl, bl");
							_t44 = _t43 & 1;
							goto L3;
						}
						goto L10;
					} else {
						L2:
						_t44 = 0;
					}
					L3:
					_t26 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
					if(_t26 != 0) {
						if( *_t26 == 0) {
							goto L4;
						} else {
							_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							goto L5;
						}
						L23:
					} else {
						L4:
						_t27 = 0x7ffe038a;
					}
					L5:
					if( *_t27 != 0) {
						L21:
						if(_t44 != 0) {
							E010E1751(_t44,  *((intOrPtr*)( *((intOrPtr*)( *_t57 + 0xc)) + 0xc)),  *((intOrPtr*)(_t56 + 4)),  *(_t57 + 0x5c) & 0x0000ffff);
							_t52 = 1;
							goto L9;
						}
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
						if(_t32 != 0) {
							if( *_t32 == 0) {
								goto L7;
							} else {
								_t33 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								goto L8;
							}
							goto L23;
						} else {
							L7:
							_t33 = 0x7ffe0380;
						}
						L8:
						if( *_t33 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000001) == 0) {
								goto L9;
							} else {
								goto L21;
							}
						} else {
							L9:
							if(_t44 != 0) {
								goto L14;
							}
						}
					}
				}
				L10:
				return _t52;
				goto L23;
			}

0x01048d7b
0x01048d7d
0x01048d89
0x01048e01
0x01048e01
0x01048d8b
0x01048d8d
0x01048d95
0x01048de1
0x01048de8
0x00000000
0x01048dfc
0x01090592
0x01090594
0x00000000
0x01090594
0x00000000
0x01048d97
0x01048d97
0x01048d97
0x01048d97
0x01048d99
0x01048d9f
0x01048da4
0x0109059e
0x00000000
0x010905a4
0x010905ad
0x00000000
0x010905ad
0x00000000
0x01048daa
0x01048daa
0x01048daa
0x01048daa
0x01048daf
0x01048db2
0x010905e6
0x010905e8
0x010905fe
0x01090605
0x00000000
0x01090605
0x01048db8
0x01048dbe
0x01048dc3
0x010905ba
0x00000000
0x010905c0
0x010905c9
0x00000000
0x010905c9
0x00000000
0x01048dc9
0x01048dc9
0x01048dc9
0x01048dc9
0x01048dce
0x01048dd1
0x010905e0
0x00000000
0x00000000
0x00000000
0x00000000
0x01048dd7
0x01048dd7
0x01048dd9
0x00000000
0x00000000
0x01048dd9
0x01048dd1
0x01048db2
0x01048ddd
0x01048de0
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c6d96911908b1d284cdc890532d9e1043402287888a26b1a9fe061419dfac36
Instruction ID: 00b368934158510644468cf85244332ba1ec175fe277d0599674d95032fc0410
Opcode Fuzzy Hash: 5c6d96911908b1d284cdc890532d9e1043402287888a26b1a9fe061419dfac36
Instruction Fuzzy Hash: 1321E4B8242A80CFE7A6DB5DC0E4B7677E8FB51704F0888A7E9C28B655C739D881D710

Uniqueness

Uniqueness Score: -1.00%

Function 01040050 Relevance: .1, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E01040050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x111d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E01059ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E0106B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E010F8A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E01059702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x111b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}

0x01040055
0x0104005d
0x01040062
0x0104006c
0x0104006f
0x01040074
0x0104007a
0x0104007a
0x01040080
0x01040080
0x01040087
0x0104008d
0x0104008f
0x01040093
0x01040095
0x0104009b
0x010400f8
0x010400fb
0x010400fc
0x010400ff
0x01040108
0x01040108
0x010400a2
0x010400a6
0x010400b3
0x010400bc
0x010400c5
0x010400ca
0x0108c01e
0x00000000
0x00000000
0x0108c02d
0x010400d5
0x010400d9
0x0108c03d
0x0108c046
0x0108c046
0x010400df
0x010400e2
0x010400ea
0x010400ef
0x010400f2
0x010400f6
0x01040111
0x01040117
0x01040117
0x00000000
0x010400f6
0x010400d0
0x010400d0
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d29120d7d4ba10cbb29fbcdae36a0b330e1aa74b9fe033b1876446c490ec7d21
Instruction ID: 99eacf25dbfed62175831f26f408d1bf033f05aac9dfee8986c845bb1d897fe1
Opcode Fuzzy Hash: d29120d7d4ba10cbb29fbcdae36a0b330e1aa74b9fe033b1876446c490ec7d21
Instruction Fuzzy Hash: 4031CC71201B04CFD762CB28C980B9AB3E5FF88314F1485ADF69697A94EB31A801CB90

Uniqueness

Uniqueness Score: -1.00%

Function 010CCD04 Relevance: .1, Instructions: 79
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E010CCD04(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t44;
				intOrPtr _t49;
				intOrPtr _t51;
				intOrPtr _t52;
				intOrPtr _t54;
				intOrPtr _t57;
				signed char _t60;
				intOrPtr _t66;
				signed int _t68;
				signed int _t70;
				void* _t72;

				_t66 = __edx;
				_push(0x24);
				_push(0x1100c68);
				E0107D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t72 - 0x2c)) = __edx;
				 *((intOrPtr*)(_t72 - 0x20)) = __ecx;
				_t44 =  *[fs:0x30];
				 *((intOrPtr*)(_t72 - 0x28)) = _t44;
				_t70 = 0;
				 *((intOrPtr*)(_t72 - 0x30)) = 0;
				_t60 =  *(_t72 + 8);
				if((_t60 & 0x00000001) == 0) {
					E0103EEF0(0x1116620);
					_t44 =  *((intOrPtr*)(_t72 - 0x28));
					_t66 =  *((intOrPtr*)(_t72 - 0x2c));
				}
				 *(_t72 - 4) = _t70;
				_t68 = _t70;
				 *(_t72 - 0x24) = _t68;
				while(_t68 <  *((intOrPtr*)(_t44 + 0x88))) {
					 *0x111b1e0( *((intOrPtr*)( *((intOrPtr*)(_t44 + 0x90)) + _t68 * 4)), _t66);
					_t57 =  *((intOrPtr*)(_t72 - 0x20))();
					 *((intOrPtr*)(_t72 - 0x30)) = _t57;
					if(_t57 >= 0) {
						_t68 = _t68 + 1;
						 *(_t72 - 0x24) = _t68;
						_t44 =  *((intOrPtr*)(_t72 - 0x28));
						_t66 =  *((intOrPtr*)(_t72 - 0x2c));
						continue;
					}
					L15:
					 *(_t72 - 4) = 0xfffffffe;
					E010CCDFD(_t60);
					return E0107D130(_t60, _t68, _t70);
				}
				if((_t60 & 0x00000002) != 0) {
					_t68 = _t70;
					while(1) {
						 *(_t72 - 0x24) = _t68;
						if(_t68 >= ( *0x1118498 & 0x0000ffff)) {
							goto L11;
						}
						_t52 =  *0x11156f4; // 0x77de6640
						 *0x111b1e0( *((intOrPtr*)(_t52 + _t68 * 4)), _t66);
						_t54 =  *((intOrPtr*)(_t72 - 0x20))();
						 *((intOrPtr*)(_t72 - 0x30)) = _t54;
						if(_t54 >= 0) {
							_t68 = _t68 + 1;
							_t66 =  *((intOrPtr*)(_t72 - 0x2c));
							continue;
						}
						goto L15;
					}
					while(1) {
						L11:
						 *(_t72 - 0x24) = _t70;
						if(_t70 >= 3) {
							goto L15;
						}
						_t49 =  *((intOrPtr*)(0x111a724 + _t70 * 8));
						 *((intOrPtr*)(_t72 - 0x28)) = _t49;
						if(_t49 == 0) {
							L14:
							_t70 =  *(_t72 - 0x24) + 1;
							_t66 =  *((intOrPtr*)(_t72 - 0x2c));
							continue;
						} else {
							 *0x111b1e0(_t49, _t66);
							_t51 =  *((intOrPtr*)(_t72 - 0x20))();
							 *((intOrPtr*)(_t72 - 0x30)) = _t51;
							if(_t51 >= 0) {
								goto L14;
							}
						}
						goto L15;
					}
				}
				goto L15;
			}

0x010ccd04
0x010ccd04
0x010ccd06
0x010ccd0b
0x010ccd10
0x010ccd13
0x010ccd16
0x010ccd1c
0x010ccd1f
0x010ccd21
0x010ccd24
0x010ccd2a
0x010ccd31
0x010ccd39
0x010ccd3c
0x010ccd3c
0x010ccd3f
0x010ccd42
0x010ccd44
0x010ccd47
0x010ccd59
0x010ccd5f
0x010ccd62
0x010ccd67
0x010ccd69
0x010ccd6a
0x010ccd70
0x010ccd73
0x00000000
0x010ccd73
0x010ccde3
0x010ccde3
0x010ccdea
0x010ccdf7
0x010ccdf7
0x010ccd7b
0x010ccd7d
0x010ccd7f
0x010ccd7f
0x010ccd8b
0x00000000
0x00000000
0x010ccd8e
0x010ccd96
0x010ccd9c
0x010ccd9f
0x010ccda4
0x010ccda6
0x010ccdaa
0x00000000
0x010ccdaa
0x00000000
0x010ccda4
0x010ccdaf
0x010ccdaf
0x010ccdaf
0x010ccdb5
0x00000000
0x00000000
0x010ccdb7
0x010ccdbe
0x010ccdc3
0x010ccdd7
0x010ccdda
0x010ccdde
0x00000000
0x010ccdc5
0x010ccdc7
0x010ccdcd
0x010ccdd0
0x010ccdd5
0x00000000
0x00000000
0x010ccdd5
0x00000000
0x010ccdc3
0x010ccdaf
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de38700bc90ea4816101037eb022787f25fada7e7d2ff232cc3f6a1e1931b738
Instruction ID: 59d8422e32d101ba0aebac1987e4dd53cb32b44fb96159d3bdf248510f91e5ff
Opcode Fuzzy Hash: de38700bc90ea4816101037eb022787f25fada7e7d2ff232cc3f6a1e1931b738
Instruction Fuzzy Hash: 23310670E102299BDB15EFA8DA44AECFBF5BF8CA40F154169E845B7214C7709840CF64

Uniqueness

Uniqueness Score: -1.00%

Function 010A6C0A Relevance: .1, Instructions: 79
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E010A6C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E01047D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x1117b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = E01044620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E0106F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E01047D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E01069AE0();
						_t23 = L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}

0x010a6c0a
0x010a6c0f
0x010a6c10
0x010a6c13
0x010a6c15
0x010a6c19
0x010a6c1c
0x010a6c21
0x010a6c28
0x010a6c3a
0x010a6c2a
0x010a6c33
0x010a6c33
0x010a6c3f
0x010a6c48
0x010a6c4d
0x010a6c60
0x010a6c65
0x010a6c69
0x010a6c73
0x010a6c79
0x010a6c7f
0x010a6c86
0x010a6c90
0x010a6c94
0x010a6ca6
0x010a6cb2
0x010a6cbd
0x010a6cbd
0x010a6cc3
0x010a6cc7
0x010a6ccb
0x010a6cd0
0x010a6cd1
0x010a6ce2
0x010a6ce2
0x010a6c69
0x010a6ced

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f436a3d2f10537c735e92b2a578d73f8104cb26369a1da18da2049e27342d84
Instruction ID: 65ebfd44adad9c06c69c8cfc51bbbc911c76e06ca663257955c4be636d64c3ed
Opcode Fuzzy Hash: 8f436a3d2f10537c735e92b2a578d73f8104cb26369a1da18da2049e27342d84
Instruction Fuzzy Hash: E8219CB1A00645AFD715DFA8D880E6AB7B8FF48700F0440A9F944CB790D735E910CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 010FF1B5 Relevance: .1, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E010FF1B5(intOrPtr __ecx, intOrPtr __edx, intOrPtr* _a4, void* _a8, intOrPtr* _a12) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _t26;
				intOrPtr* _t32;
				intOrPtr* _t34;
				void* _t36;
				void* _t38;
				void* _t39;

				_v8 = _v8 & 0x00000000;
				_t32 = _a12;
				_v12 = __edx;
				_v16 = __ecx;
				if(_t32 != 0) {
					_t38 =  *_t32 + 0xc;
					_t36 = E01044620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t38);
					if(_t36 != 0) {
						_t39 =  *0x1006cd4(_v16, _v12, 2, _t36, _t38,  &_v8);
						if(_t39 < 0) {
							L12:
							if(_t39 == 0x80000005 || _t39 == 0xc0000023) {
								L14:
								_t39 = 0xc0000023;
								 *_t32 =  *((intOrPtr*)(_t36 + 8));
								goto L15;
							} else {
								L15:
								L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
								return _t39;
							}
						}
						_t26 =  *((intOrPtr*)(_t36 + 8));
						if(_t26 != 0) {
							if(_t26 >  *_t32) {
								goto L14;
							}
							 *_t32 = _t26;
							if(_a8 != 0) {
								_t12 = _t36 + 0xc; // 0xc
								E0106F3E0(_a8, _t12, _t26);
							}
							_t34 = _a4;
							if(_t34 != 0) {
								 *_t34 =  *((intOrPtr*)(_t36 + 4));
							}
							goto L12;
						}
						_t39 = 0xc000000d;
						goto L15;
					}
					return 0xc000009a;
				}
				return 0xc000000d;
			}

0x010ff1bd
0x010ff1c2
0x010ff1c5
0x010ff1c8
0x010ff1cf
0x010ff1e3
0x010ff1f1
0x010ff1f5
0x010ff212
0x010ff216
0x010ff24e
0x010ff254
0x010ff25e
0x010ff261
0x010ff266
0x00000000
0x010ff268
0x010ff268
0x010ff274
0x00000000
0x010ff279
0x010ff254
0x010ff218
0x010ff21d
0x010ff228
0x00000000
0x00000000
0x010ff22e
0x010ff230
0x010ff233
0x010ff23a
0x010ff23f
0x010ff242
0x010ff247
0x010ff24c
0x010ff24c
0x00000000
0x010ff247
0x010ff21f
0x00000000
0x010ff21f
0x00000000
0x010ff1f7
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a1231af140e47ad7232ab1a59658c74a9c84beabad2e2aa34829ae26f7035cb
Instruction ID: abfd4adb0e8c764ec4f415b39d26620bcc63cbeeec6e1c205844026ae57441a2
Opcode Fuzzy Hash: 8a1231af140e47ad7232ab1a59658c74a9c84beabad2e2aa34829ae26f7035cb
Instruction Fuzzy Hash: 2421007BA00516ABEB62DF49C885F9ABBB8FF45710F0540A9EA44DBA10D331AD00CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01024A20 Relevance: .1, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E01024A20(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				void* __ebp;
				char* _t21;
				void* _t32;
				intOrPtr* _t34;
				intOrPtr _t36;
				void* _t37;
				void* _t38;
				intOrPtr _t40;
				void* _t50;

				if(E01047D50() != 0) {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				} else {
					_t21 = 0x7ffe0386;
				}
				_t40 = _a4;
				if( *_t21 != 0) {
					E010F9BBE(_t40,  *((intOrPtr*)(_t40 + 0x20)),  *((intOrPtr*)(_t40 + 0x24)),  *((intOrPtr*)(_t40 + 0x34)));
				}
				if(_a8 == 0 && ( *(_t40 + 0x1c) & 0x000000c0) != 0) {
					_push(2);
					_pop(0);
				}
				_t34 =  *((intOrPtr*)(_t40 + 0x14));
				_t36 =  *0x11186b8; // 0x0
				if(_t34 == 0) {
					_t34 = _t36;
					if(0 == 0) {
						_t34 =  *0x11186c0; // 0xbb07b0
					}
				}
				_t50 = _t34 -  *0x11186c0; // 0xbb07b0
				if(_t50 != 0) {
					__eflags = _t34 - _t36;
					if(__eflags != 0) {
						__eflags = 0xffffffff;
						asm("lock xadd [ecx], eax");
						if(0xffffffff == 0) {
							E01029240(_t32, _t34, _t38, _t40, 0xffffffff);
						}
						L11:
						if( *((intOrPtr*)(_t40 + 0x18)) != 0) {
							_push( *((intOrPtr*)(_t40 + 0x18)));
							E010695D0();
						}
						if( *((intOrPtr*)(_t40 + 0x28)) != 0xffffffff) {
							E01059B10( *((intOrPtr*)(_t40 + 0x28)));
						}
						if( *((intOrPtr*)(_t40 + 0x2c)) != 0) {
							E01030840(_t34,  *((intOrPtr*)(_t40 + 0x2c)));
						}
						return L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t40);
					}
					_t37 = 0x11186bc;
					_t34 = 0x11186b8;
					L10:
					E01059B82(_t32, _t34, _t37, _t38, _t40, _t50);
					goto L11;
				}
				_t37 = 0x11186c4;
				_t34 = 0x11186c0;
				goto L10;
			}

0x01024a31
0x01080a89
0x01024a37
0x01024a37
0x01024a37
0x01024a3f
0x01024a42
0x01080a9e
0x01080a9e
0x01024a4d
0x01024abf
0x01024ac1
0x01024ac1
0x01024a55
0x01024a58
0x01024a60
0x01024a62
0x01024a66
0x01024a68
0x01024a68
0x01024a66
0x01024a6e
0x01024a74
0x01080aa8
0x01080aaa
0x01080abb
0x01080abe
0x01080ac2
0x01080ac8
0x01080ac8
0x01024a89
0x01024a8d
0x01080ad2
0x01080ad5
0x01080ad5
0x01024a97
0x01080ae2
0x01080ae2
0x01024aa1
0x01080aef
0x01080aef
0x01024abc
0x01024abc
0x01080aac
0x01080ab1
0x01024a84
0x01024a84
0x00000000
0x01024a84
0x01024a7a
0x01024a7f
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81958dd40e7ce822a78433f420008bb9bfbbf16cef371cab6f08217b71713cf9
Instruction ID: 8978e7609f245f42fe055e4d094eef1ff3ba7cfcbf48bee7efebcb3845b15222
Opcode Fuzzy Hash: 81958dd40e7ce822a78433f420008bb9bfbbf16cef371cab6f08217b71713cf9
Instruction Fuzzy Hash: 4C212831604A11DFCB76AF28D910B2BB7E5FF50224F108B69E4D6869E9E730E841CB95

Uniqueness

Uniqueness Score: -1.00%

Function 010690AF Relevance: .1, Instructions: 76
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E010690AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0107D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E0105E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = E01044620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E0106F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E0105A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}

0x010690af
0x010690b8
0x010690bb
0x010690bf
0x010690c2
0x010690c2
0x010690c8
0x010690cb
0x010690cd
0x010a14d7
0x010a14eb
0x010a14eb
0x00000000
0x010a14eb
0x010a14db
0x010a14e6
0x00000000
0x010a14f2
0x010a14e8
0x00000000
0x010a14e8
0x010690d8
0x010690da
0x010690dd
0x010690e5
0x00000000
0x01069139
0x010690fa
0x010690fe
0x01069142
0x00000000
0x01069142
0x01069104
0x01069107
0x0106910b
0x01069110
0x01069118
0x01069147
0x01069148
0x0106914f
0x01069150
0x01069151
0x01069152
0x01069156
0x0106915d
0x01069160
0x01069168
0x0106916c
0x010691bc
0x010691be
0x00000000
0x010691be
0x0106916e
0x01069173
0x01069176
0x00000000
0x00000000
0x0106917c
0x01069180
0x010691b5
0x00000000
0x010691b5
0x01069182
0x01069185
0x01069189
0x00000000
0x00000000
0x0106918e
0x01069190
0x01069198
0x00000000
0x00000000
0x010691a0
0x00000000
0x010691ad
0x010691ad
0x010691b0
0x010691b1
0x00000000
0x01069185
0x0106911a
0x0106911c
0x0106911f
0x01069125
0x01069127
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
Instruction ID: 4fc158dabec22952def9c45f8f01473341b2dc90dfeb19bfdd060ab53fe36222
Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
Instruction Fuzzy Hash: 01218071A00205EFDB21DF99C844AAAFBFCEF54714F1488AAE985AB600D730ED00CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01053B7A Relevance: .1, Instructions: 75
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E01053B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x11184c4; // 0x0
				_v12 = 1;
				_v8 =  *0x11184c0 * 0x4c;
				_t41 = __ecx;
				_t35 = E01044620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x11184c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E0106AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E0106FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x11184c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x11184c4; // 0x0
					L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}

0x01053b89
0x01053b96
0x01053ba1
0x01053bab
0x01053bb5
0x01053bb9
0x01096298
0x01053bbf
0x01053bc2
0x01053bc3
0x01053bc9
0x01053bca
0x01053bcc
0x01053bcd
0x01053bd4
0x01053bd6
0x01053bdb
0x01053bea
0x01053bf7
0x01053bfb
0x01053bff
0x01053c09
0x01053c0a
0x01053c0b
0x01053c0f
0x01053c14
0x01053c18
0x01053c18
0x01053bfb
0x01053c1b
0x01053c30
0x01053c30
0x01053c3d

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58a21f1f742312b5b548bc59a4fd432719d875e90491e66bcd9eb2de61f7a27b
Instruction ID: 5c3e4acee5daf8c220ab06f4b1c53afabcffaf8d2551d29d7e03d83d15731856
Opcode Fuzzy Hash: 58a21f1f742312b5b548bc59a4fd432719d875e90491e66bcd9eb2de61f7a27b
Instruction Fuzzy Hash: 2F219FB2A00109AFD714DF58CE81B9EBBBDFB44748F1540B8EA08AB251D771ED41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01024B94 Relevance: .1, Instructions: 74
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01024B94(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _t38;
				intOrPtr _t39;
				intOrPtr _t41;
				signed int _t42;
				intOrPtr* _t46;
				intOrPtr* _t47;
				signed short _t50;
				intOrPtr _t51;
				signed int _t52;
				signed int _t54;
				intOrPtr _t56;
				signed int _t57;
				intOrPtr _t58;
				intOrPtr* _t59;

				_t58 = __ecx;
				_t56 =  *[fs:0x30];
				_v20 = __ecx;
				_v16 = _t56;
				if( *((intOrPtr*)(__ecx + 8)) == 0xddeeddee) {
					_t50 =  *(__ecx + 0x24) & 0x0000ffff;
				} else {
					_t50 =  *(__ecx + 0x7c) & 0x0000ffff;
				}
				_t38 =  *(_t56 + 0x88);
				if(_t38 == 0 || _t50 == 0) {
					L8:
					return _t38;
				} else {
					_t54 = _t50 & 0x0000ffff;
					if(_t54 > _t38) {
						goto L8;
					}
					_t51 =  *((intOrPtr*)(_t56 + 0x90));
					_v8 = _t38;
					_t46 = _t51 + _t54 * 4;
					_v12 = _t46;
					_t47 = _t46 + 0xfffffffc;
					_t11 =  &_v8;
					 *_t11 = _v8 - _t54;
					if( *_t11 != 0) {
						_t59 = _v12;
						_t57 = _v8;
						do {
							_t39 =  *_t59;
							_t59 = _t59 + 4;
							 *_t47 = _t39;
							if( *((intOrPtr*)(_t39 + 8)) == 0xddeeddee) {
								_t52 =  *(_t39 + 0x24) & 0x0000ffff;
							} else {
								_t52 =  *(_t39 + 0x7c) & 0x0000ffff;
							}
							E01024C73(_t39, _t52, _t52 - 1);
							_t41 =  *_t47;
							if( *((intOrPtr*)(_t41 + 8)) == 0xddeeddee) {
								 *((intOrPtr*)(_t41 + 0x24)) =  *((intOrPtr*)(_t41 + 0x24)) + 0xffff;
							} else {
								 *((intOrPtr*)(_t41 + 0x7c)) =  *((intOrPtr*)(_t41 + 0x7c)) + 0xffff;
							}
							_t47 = _t47 + 4;
							_t57 = _t57 - 1;
						} while (_t57 != 0);
						_t56 = _v16;
						_t58 = _v20;
						_t38 =  *(_t56 + 0x88);
						_t51 =  *((intOrPtr*)(_t56 + 0x90));
					}
					_t42 = _t38 - 1;
					 *(_t56 + 0x88) = _t42;
					 *(_t51 + _t42 * 4) =  *(_t51 + _t42 * 4) & 0x00000000;
					if( *((intOrPtr*)(_t58 + 8)) == 0xddeeddee) {
						 *((short*)(_t58 + 0x24)) = 0;
						return 0;
					}
					 *((short*)(_t58 + 0x7c)) = 0;
					return 0;
				}
			}

0x01024b9d
0x01024ba0
0x01024ba7
0x01024bb1
0x01024bb4
0x01080b4d
0x01024bba
0x01024bba
0x01024bba
0x01024bbe
0x01024bc6
0x01024c0c
0x01024c0c
0x01024bcd
0x01024bcd
0x01024bd2
0x00000000
0x00000000
0x01024bd4
0x01024bdb
0x01024bde
0x01024be1
0x01024be4
0x01024be7
0x01024be7
0x01024bea
0x01024c0d
0x01024c10
0x01024c13
0x01024c13
0x01024c15
0x01024c18
0x01024c21
0x01024c5f
0x01024c23
0x01024c23
0x01024c23
0x01024c2a
0x01024c2f
0x01024c3d
0x01024c65
0x01024c3f
0x01024c3f
0x01024c3f
0x01024c43
0x01024c46
0x01024c46
0x01024c4b
0x01024c4e
0x01024c51
0x01024c57
0x01024c57
0x01024bec
0x01024bed
0x01024bf4
0x01024bff
0x01024c6d
0x00000000
0x01024c6d
0x01024c03
0x00000000
0x01024c03

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
Instruction ID: 201d2c53bc495435ad3467c9a7d66152c00348c365f8f779c069c9077350dcb8
Opcode Fuzzy Hash: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
Instruction Fuzzy Hash: FC31CE31900A39DFD7A8CF6CC4806B9F7F4FF44214F2586A9C8AAD7660E770A940CB40

Uniqueness

Uniqueness Score: -1.00%

Function 010328AE Relevance: .1, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010328AE(signed int __edx) {
				void* _t14;
				char* _t17;
				signed char* _t27;
				void* _t31;
				signed int _t35;
				signed char* _t37;
				char* _t39;

				_t35 = __edx;
				_t14 = E01047D50();
				_t39 = 0x7ffe0384;
				if(_t14 != 0) {
					_t17 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t17 = 0x7ffe0384;
				}
				_t37 = 0x7ffe0385;
				if( *_t17 != 0) {
					if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
						if(E01047D50() == 0) {
							_t27 = 0x7ffe0385;
						} else {
							_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t27 & 0x00000020) != 0) {
							E010A7016(0x1480, _t35, 0xffffffff, 0xffffffff, 0, 0);
						}
					}
				}
				_t31 = E0103EEF0(0x1115350);
				if(E01047D50() != 0) {
					_t39 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t39 != 0) {
					if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
						if(E01047D50() != 0) {
							_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t37 & 0x00000020) != 0) {
							E010A7016(0x1481, _t35 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
						}
					}
				}
				return _t31;
			}

0x010328ae
0x010328b3
0x010328b8
0x010328bf
0x01087692
0x010328c5
0x010328c5
0x010328c5
0x010328ca
0x010328cf
0x010876a9
0x010876b6
0x010876c8
0x010876b8
0x010876c1
0x010876c1
0x010876cd
0x010876e3
0x010876e3
0x010876cd
0x010876a9
0x010328df
0x010328e8
0x010876f7
0x010876f7
0x010328f1
0x0108770f
0x0108771c
0x01087727
0x01087727
0x01087730
0x01087746
0x01087746
0x01087730
0x0108770f
0x010328fc

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 636bb1c697a2091fde71c60a74d327c91ec312070ed4aaadc9b6644c2ed3e7a6
Instruction ID: 6dacabcc4129914122b9cad4fea1154d12077ee89f305f39045ee58f37ff07bf
Opcode Fuzzy Hash: 636bb1c697a2091fde71c60a74d327c91ec312070ed4aaadc9b6644c2ed3e7a6
Instruction Fuzzy Hash: 0D21FC7261A681ABF722676C8D44F243BD8AB85774F2907B0FAE0976E2D7689440C210

Uniqueness

Uniqueness Score: -1.00%

Function 0102519E Relevance: .1, Instructions: 70
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E0102519E(signed short* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _t17;
				signed int _t18;
				char _t27;
				signed short _t32;
				signed short* _t34;
				void* _t35;

				_t34 = __ecx;
				_t27 = 0;
				_t29 = 0;
				_t35 = E010252A5(0);
				if(_t35 == 0) {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_v12 =  *((intOrPtr*)(_t29 + 0x24));
					_t17 =  *((intOrPtr*)(_t29 + 0x28));
				} else {
					_v12 =  *((intOrPtr*)(_t35 + 0xc));
					_t17 =  *((intOrPtr*)(_t35 + 0x10));
				}
				_t32 = _v12;
				_v8 = _t17;
				_t18 =  *_t34 & 0x0000ffff;
				if(_t32 <= 6) {
					if(_t32 != _t18) {
						goto L4;
					}
					goto L10;
				} else {
					_t29 = (_t32 & 0x0000ffff) - 2;
					if((_t32 & 0x0000ffff) - 2 == _t18) {
						_v12 = _t32 + 0xfffe;
						L10:
						_t18 = E01049DA0(_t29,  &_v12, _t34, 1);
						if(_t18 != 0) {
							_t27 = 1;
						}
					}
					L4:
					if(_t35 == 0) {
						E0103EB70(_t29, 0x11179a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t18 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t35 + 4)));
							E010695D0();
							L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t35);
						}
					}
					return _t27;
				}
			}

0x010251a9
0x010251ab
0x010251ad
0x010251b4
0x010251b8
0x01080c9c
0x01080ca2
0x01080ca5
0x010251be
0x010251c1
0x010251c4
0x010251c4
0x010251c7
0x010251cb
0x010251ce
0x010251d5
0x01080cbe
0x00000000
0x00000000
0x00000000
0x010251db
0x010251de
0x010251e3
0x01080cb5
0x01080cc4
0x01080ccb
0x01080cd2
0x01080cd8
0x01080cd8
0x01080cd2
0x010251e9
0x010251eb
0x01080ce4
0x010251f1
0x010251f4
0x010251f8
0x01080cee
0x01080cf1
0x01080d03
0x01080d03
0x010251f8
0x01025206
0x01025206

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b044fc5e00f32731f13fcf1878082d5736ffdb9c4d642cbab9cef7d7d8c8dd27
Instruction ID: bb6ce9311516ed4105103977580bb98bfa46bd409326b6e64e16a36fd5c8d8ed
Opcode Fuzzy Hash: b044fc5e00f32731f13fcf1878082d5736ffdb9c4d642cbab9cef7d7d8c8dd27
Instruction Fuzzy Hash: 3A110375901329ABCB70AF68C840AFABFE5EF15720F2401AAF9CA97784E631C845C650

Uniqueness

Uniqueness Score: -1.00%

Function 010212D4 Relevance: .1, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E010212D4(intOrPtr __ecx, intOrPtr* _a4) {
				char _v8;
				char _v12;
				void* _t20;
				intOrPtr _t32;
				signed int _t35;
				void* _t39;
				void* _t41;
				intOrPtr* _t44;

				_push(__ecx);
				_push(__ecx);
				_t41 = 0;
				_t32 = __ecx;
				if( *_a4 != 0) {
					L8:
					_t20 = _t41;
					L9:
					return _t20;
				}
				if(__ecx <= 1) {
					_t32 = 0x25;
				}
				_t35 = 0x10;
				_t2 = _t32 - 1; // 0x24
				_t20 = E0105F3D5( &_v12, _t2 * _t35, _t2 * _t35 >> 0x20);
				if(_t20 < 0) {
					goto L9;
				} else {
					_t37 = _v12;
					_push( &_v8);
					_t39 = 0x34;
					_t41 = E01021C45(_v12, _t39);
					if(_t41 >= 0) {
						_t44 = E01044620(_t37,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
						if(_t44 == 0) {
							_t41 = 0xc0000017;
						} else {
							E0106FA60(_t44, 0, _v8);
							 *((intOrPtr*)(_t44 + 0x2c)) = _t32;
							_t14 = _t44 + 0xc; // 0xc
							E010658F0(0x3fff, 0x80000008, _t14);
							 *(_t44 + 8) =  *(_t44 + 8) & 0x00000000;
							 *_t44 = 0x6d6f7441;
							 *((intOrPtr*)(_t44 + 4)) = 1;
							 *_a4 = _t44;
						}
					}
					goto L8;
				}
			}

0x010212d9
0x010212da
0x010212e0
0x010212e2
0x010212e6
0x01021374
0x01021374
0x01021376
0x0102137b
0x0102137b
0x010212ef
0x010212f3
0x010212f3
0x010212f6
0x010212f7
0x01021301
0x01021308
0x00000000
0x0102130a
0x0102130a
0x01021310
0x01021313
0x01021319
0x0102131d
0x01021333
0x01021337
0x0102137e
0x01021339
0x0102133f
0x01021347
0x0102134a
0x01021358
0x01021360
0x01021364
0x0102136a
0x01021371
0x01021371
0x01021373
0x00000000
0x0102131d

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
Instruction ID: 24ad3e3966dcd8897818133743a4b8e929f36a3182a8fa473c7c47f1eefc26c9
Opcode Fuzzy Hash: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
Instruction Fuzzy Hash: C511E6B2600619EFE7219E54DC40FDABBBDEB84760F104069FA458F580D671ED45C750

Uniqueness

Uniqueness Score: -1.00%

Function 0105FD9B Relevance: .1, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E0105FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E010376E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = E01044620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}

0x0105fd9b
0x0105fda0
0x0105fda1
0x0105fdab
0x0105fdad
0x0105fdb0
0x0105fdb8
0x0105fe0f
0x0105fde6
0x0105fde9
0x0105fdec
0x0109c0c0
0x0105fdfe
0x0105fe06
0x0105fe06
0x0109c0c8
0x0105fe2d
0x0105fe2d
0x00000000
0x0105fe2d
0x0109c0d1
0x0109c0e0
0x0109c0e5
0x0109c0e5
0x0109c0e8
0x00000000
0x0109c0e8
0x0105fdf4
0x00000000
0x00000000
0x0105fdf6
0x0105fdfa
0x0105fe1a
0x0105fe1f
0x0105fe1f
0x0105fdfc
0x00000000
0x0105fdfc
0x0105fdcc
0x0105fdd0
0x0105fe26
0x00000000
0x0105fe26
0x0105fdd8
0x0105fddb
0x0105fddd
0x0105fde0
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
Instruction ID: 1f45c2fe6a87e839cd7e8a8a76ada8b5d5f182ade6472e34caac1d8271930187
Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
Instruction Fuzzy Hash: 48217C72A00642DBD7B1DF0DC640E67B7EAEB94B10F2485BEE98687611D7389C00DB90

Uniqueness

Uniqueness Score: -1.00%

Function 010512BD Relevance: .1, Instructions: 67
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E010512BD(intOrPtr __ecx) {
				signed int _v8;
				signed int _t22;
				signed int _t23;
				intOrPtr _t37;
				signed int _t40;
				signed int _t41;
				signed int _t44;
				intOrPtr _t47;

				_push(__ecx);
				_t47 =  *[fs:0x30];
				_t37 = __ecx;
				_t40 =  *(_t47 + 0x88);
				_t44 = ( *0x1118498 & 0x0000ffff) + _t40;
				if(_t44 >= 0xfffe) {
					L4:
					return _t22;
				}
				_t23 =  *(_t47 + 0x8c);
				if(_t44 == _t23) {
					 *(_t47 + 0x8c) = _t23 + _t23;
					_t22 = E01044620(_t40,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t23 + _t23 << 2);
					_t41 = _t22;
					_v8 = _t41;
					if(_t41 == 0) {
						 *(_t47 + 0x8c) = _t44;
						goto L4;
					}
					E0106F3E0(_t41,  *(_t47 + 0x90),  *(_t47 + 0x88) << 2);
					_t30 =  *(_t47 + 0x90);
					if( *(_t47 + 0x90) != 0x1116660) {
						L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t30);
					}
					_t40 =  *(_t47 + 0x88);
					 *(_t47 + 0x90) = _v8;
				}
				 *((intOrPtr*)( *(_t47 + 0x90) + _t40 * 4)) = _t37;
				_t22 =  *(_t47 + 0x88) + 1;
				 *(_t47 + 0x88) = _t22;
				if( *((intOrPtr*)(_t37 + 8)) == 0xddeeddee) {
					 *(_t37 + 0x24) = _t22;
				} else {
					 *(_t37 + 0x7c) = _t22;
				}
				goto L4;
			}

0x010512c2
0x010512c5
0x010512cc
0x010512d6
0x010512dc
0x010512e4
0x01051313
0x01051319
0x01051319
0x010512e6
0x010512ee
0x0105131c
0x01051331
0x01051336
0x01051338
0x0105133d
0x0105137d
0x00000000
0x0105137d
0x01051350
0x01051355
0x01051363
0x01095512
0x01095512
0x0105136c
0x01051372
0x01051372
0x010512f6
0x010512ff
0x01051300
0x0105130d
0x01051385
0x0105130f
0x0105130f
0x0105130f
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21bc0d6e4648eb2e7275939f8aecf18f46b1962155b25a3e9da897a2ab3f7e6d
Instruction ID: 71de096c798ec89cda33918156cc7cced51fee6f39fc14b48d75c9861acfd0cf
Opcode Fuzzy Hash: 21bc0d6e4648eb2e7275939f8aecf18f46b1962155b25a3e9da897a2ab3f7e6d
Instruction Fuzzy Hash: A1216A71600600EFD7B4CF28C890FAAB7E9FB48250F00886DE9DEC7652DA70A840CB60

Uniqueness

Uniqueness Score: -1.00%

Function 01065A69 Relevance: .1, Instructions: 64
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E01065A69(intOrPtr* __ecx, void* __edx) {
				void* __ebx;
				signed int _t18;
				char* _t22;
				char* _t28;
				signed char _t34;
				signed char _t35;
				void* _t47;
				intOrPtr* _t48;

				_t47 = __edx;
				_t48 = __ecx;
				if(( *0x11184b4 & 0x00000004) == 0) {
					_t18 =  *(__ecx + 0x5c) & 0x0000ffff;
					if(_t18 > 0x70 ||  *((intOrPtr*)(__ecx + 0x50)) < ( *(0x100ade8 + _t18 * 2) & 0x0000ffff) << 4) {
						goto L1;
					} else {
						asm("sbb bl, bl");
						_t35 = _t34 & 0x00000001;
						L2:
						if(E01047D50() != 0) {
							_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						} else {
							_t22 = 0x7ffe038a;
						}
						if( *_t22 != 0) {
							L16:
							if(_t35 != 0) {
								E010E1751(_t35,  *((intOrPtr*)( *((intOrPtr*)( *_t48 + 0xc)) + 0xc)),  *((intOrPtr*)(_t47 + 4)),  *(_t48 + 0x5c) & 0x0000ffff);
							}
							goto L8;
						} else {
							if(E01047D50() != 0) {
								_t28 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t28 = 0x7ffe0380;
							}
							if( *_t28 != 0) {
								if(( *( *[fs:0x30] + 0x240) & 0x00000001) == 0) {
									goto L8;
								}
								goto L16;
							} else {
								L8:
								return _t35;
							}
						}
					}
				}
				L1:
				_t35 = 0;
				goto L2;
			}

0x01065a73
0x01065a75
0x01065a77
0x01065ab7
0x01065abe
0x00000000
0x01065ad2
0x0109fb3a
0x0109fb3c
0x01065a7b
0x01065a82
0x0109fb4c
0x01065a88
0x01065a88
0x01065a88
0x01065a90
0x0109fb7c
0x0109fb7e
0x0109fb94
0x0109fb94
0x00000000
0x01065a96
0x01065a9d
0x0109fb5f
0x01065aa3
0x01065aa3
0x01065aa3
0x01065aab
0x0109fb76
0x00000000
0x00000000
0x00000000
0x01065ab3
0x01065ab3
0x01065ab6
0x01065ab6
0x01065aab
0x01065a90
0x01065abe
0x01065a79
0x01065a79
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32f3166a906a2f295ef8fe621088f3927bb88525cad56a4aebb617dab9c9e460
Instruction ID: 3ac52f38c9556a386469652656203a847b69ac37816f6b75160782f4ba95dc83
Opcode Fuzzy Hash: 32f3166a906a2f295ef8fe621088f3927bb88525cad56a4aebb617dab9c9e460
Instruction Fuzzy Hash: 24112279242652CFE7259B2CC9F07B9B7E8EB05798F0804AAE8C2CB751D369DC80D750

Uniqueness

Uniqueness Score: -1.00%

Function 0105B390 Relevance: .1, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E0105B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E01042280(_t12, 0x1118608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E010600C2(0x1118608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}

0x0105b395
0x0105b3a2
0x0105b3a5
0x0105b3aa
0x0105b3b2
0x0105b3ba
0x0105b3bd
0x0105b3c0
0x0105b3c4
0x0105b3c9
0x0109a3e9
0x0109a3ed
0x0109a3f0
0x0109a3ff
0x0109a403
0x0109a409
0x00000000
0x00000000
0x0109a40b
0x0109a40b
0x0109a40f
0x0109a415
0x0109a423
0x0109a423
0x0109a415
0x0105b3d1
0x0105b3e8
0x0105b3e8
0x0105b3d9

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8cf4f98d19c02f9fb335e8f09c6ac0741680fba59accf7f98e41c57f82cf91a
Instruction ID: 2c96c5e4e8c3e80835c9a35a8d297b37bc74a030dcabf90fb34d4717e7e98179
Opcode Fuzzy Hash: f8cf4f98d19c02f9fb335e8f09c6ac0741680fba59accf7f98e41c57f82cf91a
Instruction Fuzzy Hash: 5B116B333011109FCB19DA188E81A6FB6A7EBC5370B24C179EE56E7381CA31AC02C690

Uniqueness

Uniqueness Score: -1.00%

Function 01029240 Relevance: .1, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E01029240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x10ff708);
				E0107D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E010695D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E010695D0();
				_t33 =  *0x11184c4; // 0x0
				L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x11184c4; // 0x0
				L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x11184c4; // 0x0
				E01042280(L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x11186b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E010695D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E010695D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E01029325();
					_t50 =  *0x11184c4; // 0x0
					return E0107D0D1(L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}

0x01029240
0x01029242
0x01029247
0x0102924c
0x0102924e
0x01029255
0x01029257
0x0102925a
0x0102925f
0x0102925f
0x01029266
0x01029271
0x01029276
0x01029279
0x0102927e
0x01029295
0x0102929a
0x010292b1
0x010292b6
0x010292d7
0x010292dc
0x010292e0
0x010292e6
0x010292e8
0x010292ee
0x01029332
0x01029333
0x01029337
0x01029338
0x0102933a
0x0102933a
0x0102933d
0x01029342
0x01029342
0x01029345
0x01029349
0x0102934e
0x01029352
0x01029357
0x010292f4
0x010292f4
0x010292f6
0x010292f9
0x01029300
0x01029306
0x01029324
0x01029324

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfb16af19872b2d35bc3aac9f6f693ecc777a083a156172c3f2bc5f6eebe931e
Instruction ID: 30b031fe0f5e53b39916735683677539fd06c2040b098a0ef007731e5ddd8e07
Opcode Fuzzy Hash: cfb16af19872b2d35bc3aac9f6f693ecc777a083a156172c3f2bc5f6eebe931e
Instruction Fuzzy Hash: C5214F72541611DFC726EF68CA80F95B7F9FF18708F1485ACE18987AA1CB34E941CB88

Uniqueness

Uniqueness Score: -1.00%

Function 01023138 Relevance: .1, Instructions: 62
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E01023138(void* __ecx) {
				signed int _v8;
				char _v12;
				void* _t18;
				intOrPtr _t19;
				void* _t26;
				intOrPtr* _t28;
				char* _t32;
				intOrPtr* _t34;
				intOrPtr _t41;
				void* _t43;
				void* _t45;

				_push(__ecx);
				_push(__ecx);
				_t43 = __ecx;
				if(( *(__ecx + 0xc) & 0x00000001) != 0) {
					_t18 = 0;
				} else {
					_t34 = __ecx + 0x10;
					_t19 =  *_t34;
					_t28 =  *((intOrPtr*)(_t34 + 4));
					_t40 =  *((intOrPtr*)(_t19 + 4));
					if( *_t28 !=  *((intOrPtr*)(_t19 + 4)) ||  *_t28 != _t34) {
						_push(_t28);
						_push( *_t28);
						E010EA80D(0, 0xd, _t34, _t40);
					} else {
						 *_t28 = _t19;
						 *((intOrPtr*)(_t19 + 4)) = _t28;
					}
					_t41 =  *((intOrPtr*)(_t43 + 0x18));
					_v8 = _v8 & 0x00000000;
					_v12 =  *((intOrPtr*)(_t43 + 0x1c));
					_t45 = E0105174B( &_v12,  &_v8, 0x8000);
					if(E01047D50() != 0) {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					} else {
						_t32 = 0x7ffe0388;
					}
					if( *_t32 != 0) {
						E010DFE3F(_t26, _t41, _v12, _v8);
					}
					_t18 = _t45;
				}
				return _t18;
			}

0x0102313d
0x0102313e
0x01023140
0x01023147
0x010231ac
0x01023149
0x01023149
0x0102314c
0x0102314e
0x01023151
0x01023156
0x0107fdb3
0x0107fdb4
0x0107fdbd
0x01023164
0x01023164
0x01023166
0x01023166
0x0102316f
0x01023172
0x01023176
0x01023187
0x01023190
0x0107fdd1
0x01023196
0x01023196
0x01023196
0x0102319e
0x0107fde4
0x0107fde4
0x010231a4
0x010231a4
0x010231ab

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
Instruction ID: fefe65d90fe1ea7a060823ba0b53a24b3e72c2fe02d63af205cdb18094e5b10d
Opcode Fuzzy Hash: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
Instruction Fuzzy Hash: AA119071A01305EFDB25DF64C844F6AB7FAFB89314F248599E4919B241EBB5AC02CB90

Uniqueness

Uniqueness Score: -1.00%

Function 010EE962 Relevance: .1, Instructions: 62
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E010EE962(void* __ebx, void* __ecx, intOrPtr _a4, char* _a8) {
				char _v8;
				signed int _v12;
				char* _t26;
				void* _t31;
				unsigned int _t33;
				intOrPtr _t49;

				_t31 = __ebx;
				_push(__ecx);
				_push(__ecx);
				_t49 = _a4;
				_v12 =  *(_t49 + 0xc) & 0xffff0000;
				_t33 =  *(_t49 + 0x10);
				_t44 = 1 << (_t33 >> 0x00000002 & 0x0000003f);
				_t5 = _t44 - 1; // 0x0
				_t6 = _t44 - 1; // 0x0
				_t57 = _a8;
				_v8 = ((_t33 >> 0x00000001 & 1) + (_t33 >> 0xc) << 0xc) - 1 + (1 << (_t33 >> 0x00000002 & 0x0000003f)) - (_t5 + ((_t33 >> 0x00000001 & 1) + (_t33 >> 0x0000000c) << 0x0000000c) & _t6);
				E010EAFDE( &_v12,  &_v8, 0x8000,  *_a8,  *((intOrPtr*)(_a8 + 4)));
				if(E01047D50() == 0) {
					_t26 = 0x7ffe0388;
				} else {
					_t26 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t26 != 0) {
					E010DFE3F(_t31, _t57, _v12, _v8);
				}
				return E010EBCD2(_t49,  *_t57,  *((intOrPtr*)(_t57 + 4)));
			}

0x010ee962
0x010ee967
0x010ee968
0x010ee96b
0x010ee976
0x010ee979
0x010ee990
0x010ee997
0x010ee99a
0x010ee9a4
0x010ee9b1
0x010ee9be
0x010ee9ca
0x010ee9dc
0x010ee9cc
0x010ee9d5
0x010ee9d5
0x010ee9e4
0x010ee9ee
0x010ee9ee
0x010eea04

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
Instruction ID: 3450eb2365213e9281cbe3de46a3da34b66cbbcfdd8eae187d84346af905135f
Opcode Fuzzy Hash: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
Instruction Fuzzy Hash: 9311C432600519AFDB19CF59CC05AADFBF5EF84310F058269EC8597350DA31AD51CB80

Uniqueness

Uniqueness Score: -1.00%

Function 010B4257 Relevance: .1, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E010B4257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x11008d0);
				E0107D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E010B41E8(__ebx, __edi, __ecx, _t39);
				E0103EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x11187e4;
					_t18 =  *0x11187e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x1115cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x11187e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x11187e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L01027055(_t31 + 0xfffffff8);
								_t24 =  *0x11187e0; // 0x0
								_t18 = _t24 - 1;
								 *0x11187e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x1115cd0;
				if( *0x1115cd0 <= 0) {
					L01027055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x11187e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x11187e8 = _t30;
						 *0x11187e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0107D0D1(L010B4320());
			}

0x010b4257
0x010b4257
0x010b4257
0x010b4259
0x010b425e
0x010b4263
0x010b4265
0x010b4273
0x010b4278
0x010b427c
0x010b427f
0x010b4281
0x010b4287
0x010b42d7
0x010b42d7
0x010b42da
0x010b428d
0x010b428d
0x010b428f
0x010b4292
0x010b4297
0x010b429c
0x010b42a0
0x010b42a6
0x010b42a8
0x010b42ae
0x010b42b3
0x00000000
0x010b42ba
0x010b42ba
0x010b42bf
0x010b42c5
0x010b42ca
0x010b42cf
0x010b42d0
0x00000000
0x010b42d0
0x010b42b3
0x00000000
0x010b42a6
0x010b429c
0x010b42dc
0x010b42dc
0x010b42e3
0x010b4309
0x010b42e5
0x010b42e5
0x010b42e8
0x010b42ee
0x010b42f0
0x00000000
0x010b42f2
0x010b42f2
0x010b42f4
0x010b42f7
0x010b42f9
0x010b4300
0x010b4300
0x010b42f0
0x010b430e
0x010b431f

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59582aa44b44e10e879d28e73287a92a7fed887b0b5487845443c3bfaaf366fc
Instruction ID: 82e8cbd00c08b3e70b40e505c197ba6803eb5c707c8cad691ca82a531c45f975
Opcode Fuzzy Hash: 59582aa44b44e10e879d28e73287a92a7fed887b0b5487845443c3bfaaf366fc
Instruction Fuzzy Hash: A1219D70901A11CFC76ADF68D280698BBF1FB85354B94C2BED1A6CB39AD7308691CB40

Uniqueness

Uniqueness Score: -1.00%

Function 010328FD Relevance: .1, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010328FD(char __edx, signed int _a4) {
				void* __ecx;
				void* _t8;
				char* _t13;
				signed char* _t17;
				void* _t21;
				void* _t22;
				char _t28;

				_t28 = __edx;
				_t8 = E0103EB70(_t22, 0x1115350);
				_t23 = _a4;
				_t21 = _t8;
				if( !_a4 >= 0) {
					E0102B1E1(_t23, 0x14a2, _t28, 0);
				}
				if(E01047D50() != 0) {
					_t13 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
						if(E01047D50() == 0) {
							_t17 = 0x7ffe0385;
						} else {
							_t17 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t17 & 0x00000020) != 0) {
							E010A7016(0x14a2, 0, 0, _t28, 0, 0);
						}
					}
				}
				return _t21;
			}

0x0103290b
0x0103290d
0x01032912
0x01032915
0x0103291d
0x01087758
0x01087758
0x0103292a
0x0108776b
0x01032930
0x01032930
0x01032930
0x01032938
0x01087782
0x0108778f
0x010877a1
0x01087791
0x0108779a
0x0108779a
0x010877a9
0x010877bd
0x010877bd
0x010877a9
0x01087782
0x01032945

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 806a70cdc7312559630ce806c380f193a5c11c243e81da56431b59728176bf3a
Instruction ID: 2cedf11e0b2139e965bd9b2d85f8ac6206b1f6b15efff97a961902fe138e9811
Opcode Fuzzy Hash: 806a70cdc7312559630ce806c380f193a5c11c243e81da56431b59728176bf3a
Instruction Fuzzy Hash: 0511DB39748640AFF326B76DCD44F667BDCEFD5B90F2400A6BAC19B2D1DA94D800C161

Uniqueness

Uniqueness Score: -1.00%

Function 01052397 Relevance: .1, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 34%

			E01052397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x111848c != 0) {
					L0104FAD0(0x1118610);
					if( *0x111848c == 0) {
						E0104FA00(0x1118610, _t19, _t27, 0x1118610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E01052581(0x1118610, 0x10050a0, _t26, _t27, _t28);
						E0104FA00(0x1118610, 0x10050a0, _t27, 0x1118610);
					}
				} else {
					L1:
					_t11 =  *0x1118614; // 0x0
					if(_t11 == 0) {
						_t11 = E01064886(0x1001088, 1, 0x1118614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E01052581(0x1118610, (_t11 << 4) + 0x1005070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}

0x010523b0
0x010523b6
0x01052409
0x01052415
0x01095ae9
0x00000000
0x0105241b
0x0105241b
0x0105241d
0x01052427
0x0105242e
0x01052430
0x01052430
0x010523b8
0x010523b8
0x010523b8
0x010523bf
0x010523fc
0x010523fc
0x010523c1
0x010523c3
0x010523d0
0x010523d8
0x010523d8
0x010523dc
0x010523de
0x010523e1
0x010523e1
0x010523ec

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa0fd64f0b37b5d872699e1b1a1f391017475df0eac81d1942866562ebaadfa0
Instruction ID: fb915eecf8b20c17c1cd131a9bcfaaad154fa548b94448e1e28457846fe1c8f6
Opcode Fuzzy Hash: fa0fd64f0b37b5d872699e1b1a1f391017475df0eac81d1942866562ebaadfa0
Instruction Fuzzy Hash: 9C112B71744301ABE7B59A2DEC84B5AB6DDBFA0610F14C47AFAC2A7181CAB0E840C754

Uniqueness

Uniqueness Score: -1.00%

Function 0102C962 Relevance: .1, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 42%

			E0102C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x111d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E0103EEF0(0x11170a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E010AF625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E0103EB70(_t29, 0x11170a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E0106B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E010AF1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x11170c0; // 0x0
					while(_t38 != 0x11170c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x111b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}

0x0102c96a
0x0102c974
0x0102c988
0x0102c98a
0x01097c9d
0x01097c9f
0x01097ca4
0x01097cae
0x01097cf0
0x01097cf5
0x01097cfa
0x0102c992
0x0102c996
0x0102c997
0x0102c998
0x0102c9a3
0x0102c9a3
0x01097cb0
0x01097cb7
0x01097cbb
0x00000000
0x00000000
0x01097cbd
0x01097ce8
0x01097cc5
0x01097cc8
0x01097cca
0x01097cd0
0x01097cd6
0x01097cde
0x01097ce4
0x01097ce4
0x01097cd0
0x00000000
0x01097ce8
0x0102c990
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31e2a584b92fd70f5b089f27b5ae02b5d3ab7ef98a49906644320fb76c7cbf07
Instruction ID: 314e19709845751f905466f6ccdfceb786cdcbb7d161d53aa43ee28c051a5371
Opcode Fuzzy Hash: 31e2a584b92fd70f5b089f27b5ae02b5d3ab7ef98a49906644320fb76c7cbf07
Instruction Fuzzy Hash: 3611217231074A9BCB65AF2CDD94A6BB7E5BF89210B00063CF9C193690DB20EC40DBD1

Uniqueness

Uniqueness Score: -1.00%

Function 0105002D Relevance: .1, Instructions: 55
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0105002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E01047D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E01047D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E01047D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E01047D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}

0x01050032
0x01050037
0x01050043
0x01094b3a
0x01050049
0x01050049
0x01050049
0x0105004e
0x01050053
0x01094b48
0x01094b5a
0x01094b4a
0x01094b53
0x01094b53
0x01094b5f
0x00000000
0x01094b61
0x00000000
0x01094b61
0x01050059
0x01050059
0x01050060
0x01094b6f
0x01094b6f
0x01050069
0x01094b83
0x00000000
0x00000000
0x01094b90
0x01094b9b
0x01094b9b
0x01094ba4
0x00000000
0x00000000
0x01094baa
0x00000000
0x0105006f
0x0105006f
0x00000000
0x0105006f
0x01050069

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
Instruction ID: 2a26635f1b343f837ceaaffe8b2d498cd23c4645428ad7ce68a52d66500547bb
Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
Instruction Fuzzy Hash: 3911E5722056819FEBA39B2CCA64B3A37E4AB40754F0900E0FDC4C7692D329D842D650

Uniqueness

Uniqueness Score: -1.00%

Function 01029080 Relevance: .1, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E01029080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x11185ec;
				E01042280(_t48, 0x11185ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E0103FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x111538c; // 0x77de6828
					if( *_t84 != 0x1115388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x10ff6e8);
						E0107D0E8(0x11185ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E010F88F5(_t80, _t85, 0x1115388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x11186c0; // 0xbb07b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x11186b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E01042280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E010F88F5(0x11185ec, _t85, 0x1115388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E0106AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x111b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x11184c0;
																			if(_t82 >=  *0x11184c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E010F9063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0102922A(_t99);
										_t64 = E01047D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E010F8B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x11186c0; // 0xbb07b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x11186b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x11186bc;
													_t87 = 0x11186b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E01029240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x11186c4;
												_t87 = 0x11186c0;
												L27:
												E01059B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0107D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x1115388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x111538c = _t51;
						goto L6;
					}
				}
			}

0x01029082
0x01029083
0x01029084
0x01029085
0x01029087
0x01029096
0x01029098
0x01029098
0x0102909e
0x010290a8
0x010290e7
0x010290e7
0x010290aa
0x010290b0
0x010290b7
0x010290bd
0x010290dd
0x010290e6
0x010290bf
0x010290bf
0x010290c7
0x010290cf
0x010290f1
0x010290f2
0x010290f4
0x010290f5
0x010290f6
0x010290f7
0x010290f8
0x010290f9
0x010290fa
0x010290fb
0x010290fc
0x010290fd
0x010290fe
0x010290ff
0x01029100
0x01029102
0x01029107
0x0102910c
0x01029110
0x01029113
0x01029115
0x01029136
0x0102913f
0x01029143
0x010837e4
0x010837e4
0x01029117
0x01029117
0x0102911d
0x00000000
0x0102911f
0x0102911f
0x01029125
0x00000000
0x01029127
0x0102912d
0x01029130
0x01029134
0x01029158
0x0102915d
0x01029161
0x01029168
0x01083715
0x0102916e
0x0102916e
0x01029175
0x01029177
0x0102917e
0x0102917f
0x01029182
0x01029182
0x01029187
0x01029187
0x0102918a
0x0102918d
0x0102918f
0x01029192
0x01029195
0x01029198
0x01029198
0x01029198
0x0102919a
0x00000000
0x00000000
0x0108371f
0x01083721
0x01083727
0x0108372f
0x01083733
0x01083735
0x01083738
0x0108373b
0x0108373d
0x01083740
0x00000000
0x01083746
0x01083746
0x01083749
0x00000000
0x0108374f
0x0108374f
0x01083751
0x01083757
0x01083759
0x0108375c
0x0108375c
0x0108375e
0x0108375e
0x01083761
0x01083764
0x00000000
0x00000000
0x01083766
0x01083768
0x010837a3
0x010837a3
0x010837a5
0x010837a7
0x010837ad
0x010837b0
0x010837b2
0x010837bc
0x010837c2
0x010837c2
0x010837b2
0x01029187
0x01029187
0x0102918a
0x0102918d
0x0102918f
0x01029192
0x01029195
0x00000000
0x01029195
0x00000000
0x0108376a
0x0108376a
0x0108376a
0x0108376c
0x0108376c
0x0108376f
0x01083775
0x00000000
0x00000000
0x01083777
0x01083779
0x01083782
0x01083787
0x01083789
0x01083790
0x01083790
0x0108378b
0x0108378b
0x0108378b
0x01083792
0x01083795
0x00000000
0x01083795
0x00000000
0x01083779
0x01083798
0x00000000
0x01083798
0x00000000
0x01083768
0x0108379b
0x0108379b
0x01083751
0x01083749
0x00000000
0x01083740
0x010291a0
0x010291a3
0x010291a9
0x010291b0
0x00000000
0x010291b0
0x01029187
0x010291b4
0x010291b4
0x010291bb
0x010291c0
0x010291c5
0x010291c7
0x010837da
0x010291cd
0x010291cd
0x010291cd
0x010291d2
0x010291d5
0x01029239
0x01029239
0x010291d7
0x010291db
0x010291e1
0x010291e7
0x010291fd
0x01029203
0x0102921e
0x01029223
0x00000000
0x01029205
0x01029205
0x01029208
0x0102920c
0x01029214
0x01029214
0x0102920c
0x010291e9
0x010291e9
0x010291ee
0x010291f3
0x010291f3
0x010291f3
0x010291e7
0x00000000
0x00000000
0x00000000
0x01029134
0x01029125
0x0102911d
0x0102914e
0x010290d1
0x010290d1
0x010290d3
0x010290d6
0x010290d8
0x00000000
0x010290d8
0x010290cf

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44d8adf6900267814ea7cd41b19e505e6d2224c7bda829da85c360eb398b7e22
Instruction ID: 763dd0b7f26248131ebeeece8c1d3a66ec10b63961eb7a7aa0a6d24719acb9a5
Opcode Fuzzy Hash: 44d8adf6900267814ea7cd41b19e505e6d2224c7bda829da85c360eb398b7e22
Instruction Fuzzy Hash: 0D01F4726152288FD3699F08D980B11BBE9EF82324F218176F6419B696C378DC81CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 01028190 Relevance: .1, Instructions: 52
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E01028190(void* __ecx, void* __eflags, intOrPtr _a4) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				intOrPtr _t15;
				intOrPtr* _t24;
				void* _t26;
				intOrPtr* _t27;

				E01042280(_t10, 0x111864c);
				_t27 = E0102820E(_a4);
				if(_t27 == 0) {
					_t26 = 0xc000002a;
				} else {
					_t2 = _t27 + 0x10;
					 *_t2 =  *((intOrPtr*)(_t27 + 0x10)) - 1;
					if( *_t2 != 0) {
						L8:
						_t26 = 0;
					} else {
						_t15 =  *_t27;
						if( *((intOrPtr*)(_t15 + 4)) != _t27) {
							L7:
							_push(3);
							asm("int 0x29");
							goto L8;
						} else {
							_t24 =  *((intOrPtr*)(_t27 + 4));
							if( *_t24 != _t27) {
								goto L7;
							} else {
								 *_t24 = _t15;
								 *((intOrPtr*)(_t15 + 4)) = _t24;
								_t7 = _t27 + 0xc; // 0xc
								_push(1);
								_t8 = _t27 + 8; // 0x8
								_push(0xffffffff);
								_t26 = E0106B130();
								L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t27);
							}
						}
					}
				}
				E0103FFB0(0x111864c, _t26, 0x111864c);
				return _t26;
			}

0x0102819e
0x010281ab
0x010281af
0x010281fe
0x010281b1
0x010281b1
0x010281b1
0x010281b5
0x0102820a
0x0102820a
0x010281b7
0x010281b7
0x010281bc
0x01028205
0x01028205
0x01028208
0x00000000
0x010281be
0x010281be
0x010281c3
0x00000000
0x010281c5
0x010281c5
0x010281c7
0x010281ca
0x010281cd
0x010281d0
0x010281d4
0x010281e2
0x010281ea
0x010281ea
0x010281c3
0x010281bc
0x010281b5
0x010281f0
0x010281fb

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bc48943ecee27a2aeb57b84aaa95e99f991c425035360914a25d88da7685d90
Instruction ID: 6251e4260d20c33f56de62cb9f01504b0bfbddf401962ef8fb01dd7ddd0e4140
Opcode Fuzzy Hash: 7bc48943ecee27a2aeb57b84aaa95e99f991c425035360914a25d88da7685d90
Instruction Fuzzy Hash: 0A012876201625ABC3229A14CC40E67B7DDEF91760F21C17AF5A58B681CB30DC01C790

Uniqueness

Uniqueness Score: -1.00%

Function 01053B5A Relevance: .1, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01053B5A(void* __eax, intOrPtr __ebx, void* __edi, intOrPtr __esi) {
				void* _t14;
				intOrPtr _t15;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t23;
				intOrPtr _t27;
				intOrPtr _t31;
				intOrPtr _t37;
				void* _t39;

				_t37 = __esi;
				_t31 = __ebx;
				_t14 = __eax;
				if( *((intOrPtr*)(_t39 - 0x40)) != __ebx || __edi < 0) {
					if(_t37 == 0) {
						goto L2;
					}
					_t32 =  *((intOrPtr*)(_t39 - 0x24));
					if( *((intOrPtr*)(_t39 - 0x24)) != 0) {
						_t27 =  *0x11184c4; // 0x0
						L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27 + 0xc0000, _t32);
						_t37 =  *((intOrPtr*)(_t39 - 0x20));
					}
					_t33 =  *((intOrPtr*)(_t37 + 0x1c));
					if( *((intOrPtr*)(_t37 + 0x1c)) != 0) {
						_t23 =  *0x11184c4; // 0x0
						L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t23 + 0xc0000, _t33);
						_t37 =  *((intOrPtr*)(_t39 - 0x20));
					}
					_t34 =  *((intOrPtr*)(_t37 + 0x20));
					if( *((intOrPtr*)(_t37 + 0x20)) != 0) {
						_t19 =  *0x11184c4; // 0x0
						L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t19 + 0xc0000, _t34);
						_t37 =  *((intOrPtr*)(_t39 - 0x20));
					}
					_t15 =  *0x11184c4; // 0x0
					_t18 = L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t15 + 0xc0000, _t37);
					 *((intOrPtr*)(_t39 - 0x20)) = _t31;
					return _t18;
				} else {
					L2:
					return _t14;
				}
			}

0x01053b5a
0x01053b5a
0x01053b5a
0x01053b5d
0x010961e6
0x00000000
0x00000000
0x010961ec
0x010961f1
0x010961f3
0x01096208
0x0109620d
0x0109620d
0x01096210
0x01096215
0x01096217
0x0109622c
0x01096231
0x01096231
0x01096234
0x01096239
0x0109623b
0x01096250
0x01096255
0x01096255
0x01096258
0x0109626d
0x01096274
0x00000000
0x01053b6b
0x01053b6b
0x01053b6b
0x01053b6b

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44b03497617226c33fece58ad391ab8696d552e4316500391f3e04bbba1d5cd2
Instruction ID: c9ec11d4e871c27bc9c5a5e3ef1f59b5a179de679d7b60c2aab01ef06a7e23a0
Opcode Fuzzy Hash: 44b03497617226c33fece58ad391ab8696d552e4316500391f3e04bbba1d5cd2
Instruction Fuzzy Hash: 0F115A76641950DFDF69DF48CA90F6AB7B9FF08A00F0900ACE945A7752C729EC00CB94

Uniqueness

Uniqueness Score: -1.00%

Function 010E1A5F Relevance: .0, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E010E1A5F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				void* _t23;
				signed char* _t24;
				intOrPtr _t30;
				void* _t36;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t39;
				intOrPtr _t40;
				intOrPtr _t41;
				signed int _t42;

				_t35 = __edx;
				_t30 = __ebx;
				_v8 =  *0x111d360 ^ _t42;
				_t37 = __edx;
				_t40 = __ecx;
				E0106FA60( &_v60, 0, 0x34);
				_v28 = _t40;
				_v54 = 0x1035;
				_v20 = _a4;
				_v16 = _a8;
				_v24 = _t37;
				_v12 = _a12;
				_t23 = E01047D50();
				_t38 = _t36;
				_t41 = _t39;
				if(_t23 == 0) {
					_t24 = 0x7ffe0380;
				} else {
					_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v60);
				_push(0x14);
				_push(0x20402);
				_push( *_t24 & 0x000000ff);
				return E0106B640(E01069AE0(), _t30, _v8 ^ _t42, _t35, _t38, _t41);
			}

0x010e1a5f
0x010e1a5f
0x010e1a6e
0x010e1a78
0x010e1a7d
0x010e1a7f
0x010e1a89
0x010e1a8c
0x010e1a96
0x010e1a9c
0x010e1aa2
0x010e1aa5
0x010e1aa8
0x010e1aad
0x010e1aae
0x010e1ab1
0x010e1ac3
0x010e1ab3
0x010e1abc
0x010e1abc
0x010e1ace
0x010e1acf
0x010e1ad1
0x010e1ad6
0x010e1ae9

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adce71dba9625e6c1c021cae459b7ac71929a54d43849667e2fe18cab310e3b7
Instruction ID: badd4493cdf9b1cfdec39faec215ae8db024226fd0b97854b1cf0793714e610b
Opcode Fuzzy Hash: adce71dba9625e6c1c021cae459b7ac71929a54d43849667e2fe18cab310e3b7
Instruction Fuzzy Hash: 8E1180B1A01219AFCB10DFA9D845EAFBBF8EF54710F04406AF954EB380DA74DA40CB90

Uniqueness

Uniqueness Score: -1.00%

Function 010231E0 Relevance: .0, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010231E0(intOrPtr _a4, intOrPtr _a8) {
				char* _t12;
				signed int* _t13;
				signed int _t26;
				intOrPtr _t28;

				_t28 = _a4;
				_t26 = 0;
				_t12 = E0102354C(_t28, 0);
				if(_t12 == 0) {
					L3:
					return _t12;
				}
				if(_a8 != 0) {
					_t13 = _t28 + 0xa8;
					_t26 =  *_t13;
					 *_t13 = 0;
				}
				_t12 = E01059ED0(_t28 + 0x20,  ~_t26, 1);
				if(_t26 != 0) {
					if(E01047D50() == 0) {
						_t12 = 0x7ffe0386;
					} else {
						_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					}
					if( *_t12 == 0) {
						goto L3;
					}
					return E010F8966( *((intOrPtr*)(_t28 + 0x5c)), _t28 + 0x78, _t28 + 0x30,  *((intOrPtr*)(_t28 + 0x34)),  *((intOrPtr*)(_t28 + 0x3c)), _t26);
				} else {
					goto L3;
				}
			}

0x010231e6
0x010231ec
0x010231f1
0x010231f8
0x0102321c
0x0102321c
0x0102321c
0x010231fd
0x0107fe1e
0x0107fe24
0x0107fe24
0x0107fe24
0x0102320c
0x01023213
0x0107fe32
0x0107fe44
0x0107fe34
0x0107fe3d
0x0107fe3d
0x0107fe4c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
Instruction ID: 703c4587e1950015fad07025c3a103a1b7e47b6f1901209ad9e70e04287b33f5
Opcode Fuzzy Hash: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
Instruction Fuzzy Hash: 88012832600712AFEB62DA6AD900EA777EDFFC5710F044859EAD68B501DA34E805CB50

Uniqueness

Uniqueness Score: -1.00%

Function 010F4015 Relevance: .0, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E010F4015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E01042280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E01042280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x11186ac);
					E0102F900(0x11186d4, _t28);
					E0103FFB0(0x11186ac, _t28, 0x11186ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E0103FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}

0x010f401a
0x010f401e
0x010f4023
0x010f4028
0x010f4029
0x010f402b
0x010f402f
0x010f4043
0x010f4046
0x010f4051
0x010f4057
0x010f405f
0x010f4062
0x010f4067
0x010f406f
0x010f407c
0x010f407c
0x010f408c
0x010f408c
0x010f4097

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d515ab23752493a3b2fe5fc59b733a09d3f378e5cdde72eb1cd5a7e677800257
Instruction ID: cad9654c34e0152b8946182649fbb56b4be09e6660fe745fc403f44865a643ba
Opcode Fuzzy Hash: d515ab23752493a3b2fe5fc59b733a09d3f378e5cdde72eb1cd5a7e677800257
Instruction Fuzzy Hash: C0018FB27019467FD251AB69CE80E97F7ACFF95660B000629FA4883A21CB34EC11C6E4

Uniqueness

Uniqueness Score: -1.00%

Function 010E1951 Relevance: .0, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E010E1951(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x111d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0106FA60( &_v60, 0, 0x30);
				_v28 = _t34;
				_v54 = 0x1030;
				_v20 = _a4;
				_v24 = _t33;
				_v16 = _a8;
				if(E01047D50() == 0) {
					_t21 = 0x7ffe0380;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0106B640(E01069AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x010e1951
0x010e1951
0x010e1960
0x010e196a
0x010e196f
0x010e1971
0x010e197b
0x010e197e
0x010e1988
0x010e198e
0x010e1991
0x010e199b
0x010e19ad
0x010e199d
0x010e19a6
0x010e19a6
0x010e19b8
0x010e19b9
0x010e19bb
0x010e19c0
0x010e19d5

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1edf81477d29164028d310888ec5c6f1edf20db781eedb61d6c387a5c35b9cab
Instruction ID: 62fa67a6c0a2ceac5256317f035910b6229a649d0a1dc3fda0b1bbca814d6100
Opcode Fuzzy Hash: 1edf81477d29164028d310888ec5c6f1edf20db781eedb61d6c387a5c35b9cab
Instruction Fuzzy Hash: 61015E71A11219AFDB14EFA9D845EAFBBF8EF54710F004066B990EB380DA749A40CB91

Uniqueness

Uniqueness Score: -1.00%

Function 010E19D8 Relevance: .0, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E010E19D8(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x111d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0106FA60( &_v60, 0, 0x30);
				_v28 = _t34;
				_v54 = 0x1032;
				_v20 = _a4;
				_v24 = _t33;
				_v16 = _a8;
				if(E01047D50() == 0) {
					_t21 = 0x7ffe0380;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0106B640(E01069AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x010e19d8
0x010e19d8
0x010e19e7
0x010e19f1
0x010e19f6
0x010e19f8
0x010e1a02
0x010e1a05
0x010e1a0f
0x010e1a15
0x010e1a18
0x010e1a22
0x010e1a34
0x010e1a24
0x010e1a2d
0x010e1a2d
0x010e1a3f
0x010e1a40
0x010e1a42
0x010e1a47
0x010e1a5c

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d5ef723220c488f1c5b559cfd7f57404689ed0e7402b8d0520538e7001bca09
Instruction ID: 5a73328866bdd489eb652756cf3b26dbc51a07dbb1333116f7dfcee2a3884e38
Opcode Fuzzy Hash: 7d5ef723220c488f1c5b559cfd7f57404689ed0e7402b8d0520538e7001bca09
Instruction Fuzzy Hash: 47019E71A01219AFCB14EFA9D845EEEBBF8EF44710F04406AB950EB380DA749A01CB90

Uniqueness

Uniqueness Score: -1.00%

Function 010E1843 Relevance: .0, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E010E1843(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x111d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0106FA60( &_v60, 0, 0x30);
				_v28 = _t34;
				_v54 = 0x102f;
				_v20 = _a4;
				_v24 = _t33;
				_v16 = _a8;
				if(E01047D50() == 0) {
					_t21 = 0x7ffe0380;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0106B640(E01069AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x010e1843
0x010e1843
0x010e1852
0x010e185c
0x010e1861
0x010e1863
0x010e186d
0x010e1870
0x010e187a
0x010e1880
0x010e1883
0x010e188d
0x010e189f
0x010e188f
0x010e1898
0x010e1898
0x010e18aa
0x010e18ab
0x010e18ad
0x010e18b2
0x010e18c7

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f10d9e5d47dd0448418747146a2ec7d040469d87bd662100a2475671677050f
Instruction ID: bb50e4b3256ad007020a59c14f7639375dd8bccfa70d456a51903ff31b4c6a0d
Opcode Fuzzy Hash: 3f10d9e5d47dd0448418747146a2ec7d040469d87bd662100a2475671677050f
Instruction Fuzzy Hash: C4018C71A01219AFCB14EFA9D945AEEBBF8EF44710F044066B940EB280DA749A00CB90

Uniqueness

Uniqueness Score: -1.00%

Function 010270C0 Relevance: .0, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E010270C0(signed int* __ecx) {
				signed int _t27;
				intOrPtr _t34;
				signed int _t38;
				signed int* _t40;

				_t40 = __ecx;
				if(__ecx == 0) {
					return _t27;
				}
				_t38 = 0;
				if( *((intOrPtr*)(__ecx + 4)) <= 0) {
					L6:
					if(( *_t40 & 0x00000001) != 0) {
						_t27 = L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t40[2]);
					}
					_t40[2] = _t40[2] & 0x00000000;
					_t40[1] = _t40[1] & 0x00000000;
					 *_t40 =  *_t40 & 0x00000000;
					return _t27;
				}
				do {
					_t27 = _t40[2];
					_t34 =  *((intOrPtr*)(_t27 + _t38 * 4));
					if(_t34 != 0) {
						 *(_t34 + 8) =  *(_t34 + 8) & 0;
						 *((intOrPtr*)(_t34 + 4)) = 0;
						if( *(_t34 + 0xc) != 0) {
							_push( *(_t34 + 0xc));
							E010695D0();
							 *(_t34 + 0xc) =  *(_t34 + 0xc) & 0x00000000;
						}
						 *(_t40[2] + _t38 * 4) =  *(_t40[2] + _t38 * 4) & 0x00000000;
						_t27 = L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t34);
					}
					_t38 = _t38 + 1;
				} while (_t38 < _t40[1]);
				goto L6;
			}

0x010270c3
0x010270c7
0x010270f9
0x010270f9
0x010270ca
0x010270cf
0x010270e3
0x010270e7
0x010822e0
0x010822e0
0x010270ed
0x010270f1
0x010270f5
0x00000000
0x010270f5
0x010270d2
0x010270d2
0x010270d5
0x010270da
0x010270fc
0x010270ff
0x01027105
0x01027107
0x0102710a
0x0102710f
0x0102710f
0x01027119
0x01027126
0x01027126
0x010270dc
0x010270dd
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
Instruction ID: f09729fdf701ced79c219b31f5e929aa27727e22aed9b9a3bd30c690d3296c0b
Opcode Fuzzy Hash: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
Instruction Fuzzy Hash: 7411AD72410B12DFD7329F19C8C0B22B7E1FF20722F15C8A9E5C94A962C778E884CB10

Uniqueness

Uniqueness Score: -1.00%

Function 010E18CA Relevance: .0, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E010E18CA(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x111d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0106FA60( &_v60, 0, 0x30);
				_v28 = _t34;
				_v54 = 0x1031;
				_v20 = _a4;
				_v24 = _t33;
				_v16 = _a8;
				if(E01047D50() == 0) {
					_t21 = 0x7ffe0380;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0106B640(E01069AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x010e18ca
0x010e18ca
0x010e18d9
0x010e18e3
0x010e18e8
0x010e18ea
0x010e18f4
0x010e18f7
0x010e1901
0x010e1907
0x010e190a
0x010e1914
0x010e1926
0x010e1916
0x010e191f
0x010e191f
0x010e1931
0x010e1932
0x010e1934
0x010e1939
0x010e194e

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1eb81b60003fb0d004aee2ce8d21d6db4c08ac73062e50c20da65ccf275c3bdb
Instruction ID: 01329cf3b96bef1cfed411bcef1b30ff37d604e44b9488cbd2b5cb9274a575eb
Opcode Fuzzy Hash: 1eb81b60003fb0d004aee2ce8d21d6db4c08ac73062e50c20da65ccf275c3bdb
Instruction Fuzzy Hash: E8015271A01219AFDB14EFA9E845EAEBBF8EF54710F004066F955EB380DA749A41C790

Uniqueness

Uniqueness Score: -1.00%

Function 010E138A Relevance: .0, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E010E138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x111d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0106FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E01047D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0106B640(E01069AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x010e138a
0x010e138a
0x010e1399
0x010e13a3
0x010e13a8
0x010e13aa
0x010e13b5
0x010e13bb
0x010e13c3
0x010e13c6
0x010e13c9
0x010e13d4
0x010e13e6
0x010e13d6
0x010e13df
0x010e13df
0x010e13f1
0x010e13f2
0x010e13f4
0x010e13f9
0x010e140e

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fb4f4933002853a914690085485450e098ebd8ccad2d3cfcfa1f4cdc8bea34e
Instruction ID: 93eb5a82b0656df2ea69504c32b424ecc4ed8107d9ab2148032bd58c9b58f68b
Opcode Fuzzy Hash: 1fb4f4933002853a914690085485450e098ebd8ccad2d3cfcfa1f4cdc8bea34e
Instruction Fuzzy Hash: 90015271A00319AFDB14DFA9D845EAEBBF8EF54710F004066B954EB280DA749A41C794

Uniqueness

Uniqueness Score: -1.00%

Function 010258EC Relevance: .0, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E010258EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x111d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x1005c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E01025943() != 0 &&  *0x1115320 > 5) {
					E010A7B5E( &_v44, _t27);
					_t22 =  &_v28;
					E010A7B5E( &_v28, _t28);
					_t11 = E010A7B9C(0x1115320, 0x100bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E0106B640(_t11, _t17, _v8 ^ _t29, 0x100bf15, _t27, _t28);
			}

0x010258fb
0x010258fe
0x01025906
0x0102590a
0x0102593c
0x0102593c
0x0102590c
0x0102590c
0x01025911
0x00000000
0x01025913
0x01025913
0x01025913
0x01025911
0x0102591d
0x01081035
0x0108103c
0x0108103f
0x01081056
0x01081056
0x0102593b

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fdb0e2c428565cb6f3ab4c4bd6198c535b33c5847a5c5eb20702ff26fff6f5e
Instruction ID: 5c8beedb0fe6321fc5c29c8433410a75b1c527204ae377ae9b37b492751f9ffa
Opcode Fuzzy Hash: 6fdb0e2c428565cb6f3ab4c4bd6198c535b33c5847a5c5eb20702ff26fff6f5e
Instruction Fuzzy Hash: 0F01F271B10119ABD714EA68DC00AFEB7E9EF82220F9440A9EA85E7284DE31DD02C794

Uniqueness

Uniqueness Score: -1.00%

Function 010295F0 Relevance: .0, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E010295F0(intOrPtr _a4, char _a8) {
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t10;
				void* _t17;
				void* _t18;
				char* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				intOrPtr _t29;

				_t29 = _a4;
				_push(_t25);
				if(_t29 == 0 || _a8 < 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					E010F88F5(_t17, _t18, _t23, _t25, _t29, __eflags);
					_t10 = 0xc000000d;
				} else {
					_push(4);
					_push( &_a8);
					_push(4);
					_push( *((intOrPtr*)(_t29 + 0x24)));
					_t27 = E0106AE70();
					if(E01047D50() != 0) {
						_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t21 = 0x7ffe0386;
					}
					if( *_t21 != 0) {
						__eflags = _t27;
						if(_t27 >= 0) {
							E010F8C75(_t29, _a8);
						}
					}
					_t10 = _t27;
				}
				return _t10;
			}

0x010295f9
0x010295fc
0x010295ff
0x0102964d
0x01029652
0x01029616
0x01029616
0x0102961b
0x0102961c
0x0102961e
0x01029626
0x0102962f
0x01083a8b
0x01029635
0x01029635
0x01029635
0x0102963d
0x01083a96
0x01083a98
0x01083aa3
0x01083aa3
0x01083a98
0x01029643
0x01029643
0x0102964a

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
Instruction ID: 00f35c98b6209d8547762c4c91857aef2e355503f188d583f0c997767f096e10
Opcode Fuzzy Hash: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
Instruction Fuzzy Hash: F1014C72A04164DBD7319A58C804FA977D99F88B28F144159EED58F290DB34DD00C784

Uniqueness

Uniqueness Score: -1.00%

Function 010F8966 Relevance: .0, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 55%

			E010F8966(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t21;
				signed int _t35;

				_t32 = __edx;
				_v8 =  *0x111d360 ^ _t35;
				_t34 = _a8;
				_t33 = _a12;
				_v28 = _a4;
				_v62 = 0x1c24;
				_v36 = __ecx;
				_v32 = __edx;
				_v24 = _a8;
				_v20 = _a12;
				_v16 = _a16;
				if(E01047D50() == 0) {
					_t21 = 0x7ffe0386;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x18);
				_push(0x403);
				_push( *_t21 & 0x000000ff);
				return E0106B640(E01069AE0(), 0x1c24, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x010f8966
0x010f8975
0x010f897d
0x010f8986
0x010f8989
0x010f898f
0x010f8993
0x010f8996
0x010f8999
0x010f899c
0x010f899f
0x010f89a9
0x010f89bb
0x010f89ab
0x010f89b4
0x010f89b4
0x010f89c6
0x010f89c7
0x010f89c9
0x010f89ce
0x010f89e4

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec06ee24ea49e5efdc3305ebe5345a65f034e4e525a1e959009f366da2235d85
Instruction ID: d33890590b5e6867d6bc2528bedd2993d66ac7028bf2f6a3954fb15b96af5e41
Opcode Fuzzy Hash: ec06ee24ea49e5efdc3305ebe5345a65f034e4e525a1e959009f366da2235d85
Instruction Fuzzy Hash: 430129B1A0021DABCB00DFA9D9419EEB7F8FF58300F14446AE941E7340D7749A00CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0103B02A Relevance: .0, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0103B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E01047D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E010A7016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}

0x0103b037
0x0103b039
0x0103b03b
0x0103b040
0x0108a60e
0x00000000
0x00000000
0x0108a61d
0x0103b04b
0x0103b04e
0x0108a627
0x0108a634
0x00000000
0x00000000
0x0108a641
0x0108a653
0x0108a643
0x0108a64c
0x0108a64c
0x0108a65b
0x00000000
0x00000000
0x00000000
0x0108a66c
0x0103b057
0x0103b057
0x0103b057
0x0103b046
0x0103b046
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
Instruction ID: c1ea5d020a0e7ceefa281dcef8172c4bace4c9f2d152d7c98cc130acbb997ac6
Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
Instruction Fuzzy Hash: 54018472308980DFE322975DC984F6ABBDCEBC5758F0940E2FA95CBA51D728DC40CA20

Uniqueness

Uniqueness Score: -1.00%

Function 010F1074 Relevance: .0, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010F1074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E010F165E(__ebx, 0x1118ae4, (__edx -  *0x1118b04 >> 0x14) + (__edx -  *0x1118b04 >> 0x14), __edi, __ecx, (__edx -  *0x1118b04 >> 0x14) + (__edx -  *0x1118b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E010EAFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E01047D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E010DFE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}

0x010f1074
0x010f1080
0x010f1082
0x010f108a
0x010f108f
0x010f1093
0x010f10ab
0x010f10ab
0x010f10c3
0x010f10cf
0x010f10e1
0x010f10d1
0x010f10da
0x010f10da
0x010f10e9
0x010f10f5
0x010f10f5
0x010f10fe

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d385fbc983d910b4ff9f49d37f33a7f0beb87265deeeed6cc5a429e914381e8
Instruction ID: a64b67b7a28d5fc9f9227827896caa6634b7db0b204ae202975d606508d62f86
Opcode Fuzzy Hash: 3d385fbc983d910b4ff9f49d37f33a7f0beb87265deeeed6cc5a429e914381e8
Instruction Fuzzy Hash: 4B012872604742DFC750EF68C945B5ABBE5AB84310F04C929FAC583690DE70D441CB92

Uniqueness

Uniqueness Score: -1.00%

Function 010E129A Relevance: .0, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E010E129A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				void* __edi;
				void* __esi;
				void* _t17;
				signed char* _t18;
				intOrPtr _t24;
				void* _t30;
				intOrPtr _t31;
				intOrPtr _t32;
				void* _t33;
				intOrPtr _t34;
				intOrPtr _t35;
				signed int _t36;

				_t29 = __edx;
				_t24 = __ebx;
				_v8 =  *0x111d360 ^ _t36;
				_t31 = __edx;
				_t34 = __ecx;
				E0106FA60( &_v52, 0, 0x2c);
				_v20 = _t34;
				_v46 = 0x1039;
				_v16 = _t31;
				_v12 = _a4;
				_t17 = E01047D50();
				_t32 = _t30;
				_t35 = _t33;
				if(_t17 == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0106B640(E01069AE0(), _t24, _v8 ^ _t36, _t29, _t32, _t35);
			}

0x010e129a
0x010e129a
0x010e12a9
0x010e12b3
0x010e12b8
0x010e12ba
0x010e12c4
0x010e12ca
0x010e12d1
0x010e12d4
0x010e12d7
0x010e12dc
0x010e12dd
0x010e12e0
0x010e12f2
0x010e12e2
0x010e12eb
0x010e12eb
0x010e12fd
0x010e12fe
0x010e1300
0x010e1305
0x010e1318

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a9d7ee3058330b00a20990b3ffdecc1876fd0845c903862e9e747b5c5cb298b
Instruction ID: 17e2077bb972289ed13b57fc33de2807cbee46c13e73018e15a535ec8ae659eb
Opcode Fuzzy Hash: 6a9d7ee3058330b00a20990b3ffdecc1876fd0845c903862e9e747b5c5cb298b
Instruction Fuzzy Hash: A50184B1A00259AFDB14EFA9D845EAFBBB8EF54700F04406AF955EB280DA74DA01C794

Uniqueness

Uniqueness Score: -1.00%

Function 010DFD52 Relevance: .0, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E010DFD52(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x111d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0106FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x265;
				if(E01047D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0106B640(E01069AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}

0x010dfd52
0x010dfd52
0x010dfd61
0x010dfd6b
0x010dfd70
0x010dfd72
0x010dfd7d
0x010dfd85
0x010dfd88
0x010dfd8b
0x010dfd96
0x010dfda8
0x010dfd98
0x010dfda1
0x010dfda1
0x010dfdb3
0x010dfdb4
0x010dfdb6
0x010dfdbb
0x010dfdd0

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f118de08ca9099594ec3316872a9f37d59ad009f282e2c23fa8dddbc75911a7
Instruction ID: 6dc5dacfdb63486a2c2effd5a36f5ae98f853840c2f8fd9dd4b6d74b95e3e36e
Opcode Fuzzy Hash: 7f118de08ca9099594ec3316872a9f37d59ad009f282e2c23fa8dddbc75911a7
Instruction Fuzzy Hash: F701A771E10219AFDB14EFA9D845FAEBBBCEF54700F004066B951EB380DA74DA01C794

Uniqueness

Uniqueness Score: -1.00%

Function 010F89E7 Relevance: .0, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E010F89E7(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x111d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c21;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E01047D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x403);
				_push( *_t18 & 0x000000ff);
				return E0106B640(E01069AE0(), 0x1c21, _v12 ^ _t32, _t29, _t30, _t31);
			}

0x010f89e7
0x010f89f6
0x010f89fe
0x010f8a07
0x010f8a0a
0x010f8a0e
0x010f8a11
0x010f8a14
0x010f8a17
0x010f8a1a
0x010f8a24
0x010f8a36
0x010f8a26
0x010f8a2f
0x010f8a2f
0x010f8a41
0x010f8a42
0x010f8a44
0x010f8a49
0x010f8a5f

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3feffeaa64fb86abb7af93cc11b61afa351d4c655e574f924bc85f9a35ab69e6
Instruction ID: ff36a877baee070c516a51e676074adfb6699a4131173b2afc960dbfaf9e49b9
Opcode Fuzzy Hash: 3feffeaa64fb86abb7af93cc11b61afa351d4c655e574f924bc85f9a35ab69e6
Instruction Fuzzy Hash: F70121B1A0021DAFDB00DFA9D9819EEBBF8EF58310F10405AF945E7340D6349A01CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 010F8A62 Relevance: .0, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E010F8A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x111d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E01047D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0106B640(E01069AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}

0x010f8a62
0x010f8a71
0x010f8a79
0x010f8a82
0x010f8a85
0x010f8a89
0x010f8a8c
0x010f8a8f
0x010f8a92
0x010f8a95
0x010f8a9f
0x010f8ab1
0x010f8aa1
0x010f8aaa
0x010f8aaa
0x010f8abc
0x010f8abd
0x010f8abf
0x010f8ac4
0x010f8ada

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56a54c9ec54c503af44c7eed411fa0700c77d951a97dd1ea1c8a9ed993421e52
Instruction ID: 20429ccbc55965698ae263e4f656bd9c3ca431f39908b2506b7319da53a2b59e
Opcode Fuzzy Hash: 56a54c9ec54c503af44c7eed411fa0700c77d951a97dd1ea1c8a9ed993421e52
Instruction Fuzzy Hash: 1C0121B1A0021DAFDB04DFA9D9419EEB7F8EF58310F10405AFA44E7341D634A900CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 010F8ADD Relevance: .0, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E010F8ADD(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x111d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c23;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E01047D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x403);
				_push( *_t18 & 0x000000ff);
				return E0106B640(E01069AE0(), 0x1c23, _v12 ^ _t32, _t29, _t30, _t31);
			}

0x010f8add
0x010f8aec
0x010f8af4
0x010f8afd
0x010f8b00
0x010f8b04
0x010f8b07
0x010f8b0a
0x010f8b0d
0x010f8b10
0x010f8b1a
0x010f8b2c
0x010f8b1c
0x010f8b25
0x010f8b25
0x010f8b37
0x010f8b38
0x010f8b3a
0x010f8b3f
0x010f8b55

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f4ff7594f449042bf147ba7338d77476ec60bea1b1cc6129020cff2aed27b22
Instruction ID: cfb24ee5163dfa3a67b0b85fb2a13b8828ee104a9b243f01bd2e38014d82bbaf
Opcode Fuzzy Hash: 3f4ff7594f449042bf147ba7338d77476ec60bea1b1cc6129020cff2aed27b22
Instruction Fuzzy Hash: DC0121B1A0021DAFDB00DFA9D9459EEBBF8FF58310F10405AF944E7340D6349A01CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0102DB60 Relevance: .0, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0102DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E0102DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E0102E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L0102E8B0(__ecx, _t14, 0xfff);
							L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}

0x0102db64
0x0102db66
0x0102db6b
0x0102dbaa
0x0102db71
0x0102db76
0x0102db7a
0x0102dba3
0x0102db7c
0x0102db87
0x0102db8b
0x01084fa1
0x01084fb3
0x01084fb8
0x0102db91
0x0102db96
0x0102db98
0x0102db98
0x0102db8b
0x0102db7a
0x0102db9d
0x0102dba2

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
Instruction ID: 65992c549bbac38fc3feb60eb1e2765e695aceea89db83555b8c6063ca49bf98
Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
Instruction Fuzzy Hash: 21F09C33245533DBD7336AD988E4F9BBA959FD2A60F150475F3859B344CA608C0297D1

Uniqueness

Uniqueness Score: -1.00%

Function 0102B1E1 Relevance: .0, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0102B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E01047D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E01047D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E010A7016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}

0x0102b1e8
0x0102b1ea
0x0102b1f3
0x01084a17
0x0102b1f9
0x0102b1f9
0x0102b1f9
0x0102b201
0x01084a21
0x01084a2e
0x00000000
0x00000000
0x01084a3b
0x01084a4d
0x01084a3d
0x01084a46
0x01084a46
0x01084a55
0x00000000
0x00000000
0x00000000
0x0102b20a
0x0102b20a
0x0102b20a
0x0102b20a

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
Instruction ID: 7098a071065916ff26efebeb347ca513dc2264588299848402b88b2d2dbdb0e7
Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
Instruction Fuzzy Hash: B001A432244691EBD322A75DC844FA9BBD9EF52754F0944E1FAD4CB6B2D779C800C315

Uniqueness

Uniqueness Score: -1.00%

Function 01027057 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 687b1aac334de22c574872cc662f5ea3de968120ffa56f7f78b7e218aab7e9e4
Instruction ID: 3d7288a4bab827932bb8bb61bef0de493642216adc177aba347cc893dbd14855
Opcode Fuzzy Hash: 687b1aac334de22c574872cc662f5ea3de968120ffa56f7f78b7e218aab7e9e4
Instruction Fuzzy Hash: A301AD31200618ABD735DF58DD45FABFBF9EF58600F1005ADF94583190CBA5AA04C791

Uniqueness

Uniqueness Score: -1.00%

Function 010F9BBE Relevance: .0, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E010F9BBE(intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v66;
				char _v72;
				void* __edi;
				void* __esi;
				signed char* _t19;
				intOrPtr _t25;
				signed int _t33;

				_t30 = __edx;
				_v12 =  *0x111d360 ^ _t33;
				_v40 = _v40 & 0x00000000;
				_t32 = _a12;
				_v36 = __edx;
				_v66 = 0x1c21;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E01047D50() == 0) {
					_t19 = 0x7ffe0386;
				} else {
					_t19 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x403);
				_push( *_t19 & 0x000000ff);
				return E0106B640(E01069AE0(), _t25, _v12 ^ _t33, _t30, 0x1c21, _t32);
			}

0x010f9bbe
0x010f9bcd
0x010f9bd6
0x010f9bdb
0x010f9be4
0x010f9be7
0x010f9beb
0x010f9bee
0x010f9bf1
0x010f9bfb
0x010f9c0d
0x010f9bfd
0x010f9c06
0x010f9c06
0x010f9c18
0x010f9c19
0x010f9c1b
0x010f9c20
0x010f9c35

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3aefbcccc7c047a282c51d4be1dbcbee3c8e853b7e01115b9ad1b2e2a8dc1811
Instruction ID: 3df991ceb8fea31aed0f5bb588caddcbe42a9cd34a9ae67a7bd59a07d9afbc3d
Opcode Fuzzy Hash: 3aefbcccc7c047a282c51d4be1dbcbee3c8e853b7e01115b9ad1b2e2a8dc1811
Instruction Fuzzy Hash: 7A012171A0061D9FDB04DFA9D545AEEB7F8AF58310F144059F945A7250D7349A01CB94

Uniqueness

Uniqueness Score: -1.00%

Function 010E1229 Relevance: .0, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E010E1229(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				void* __edi;
				void* __esi;
				signed char* _t16;
				intOrPtr _t22;
				signed int _t24;
				intOrPtr _t29;
				void* _t30;
				intOrPtr _t31;
				intOrPtr _t32;
				signed int _t33;

				_t29 = __edx;
				_v8 =  *0x111d360 ^ _t33;
				_t32 = __ecx;
				_t30 =  &_v48;
				_t24 = 0xa;
				memset(_t30, 0, _t24 << 2);
				_t31 = _t30 + _t24;
				_v16 = _t32;
				_v42 = 0x1036;
				_v12 = _t29;
				if(E01047D50() == 0) {
					_t16 = 0x7ffe0380;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t16 & 0x000000ff);
				return E0106B640(E01069AE0(), _t22, _v8 ^ _t33, _t29, _t31, _t32);
			}

0x010e1229
0x010e1238
0x010e123d
0x010e123f
0x010e1246
0x010e1247
0x010e1247
0x010e124e
0x010e1251
0x010e1255
0x010e125f
0x010e1271
0x010e1261
0x010e126a
0x010e126a
0x010e127c
0x010e127d
0x010e127f
0x010e1284
0x010e1299

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 147765a44d31045d5505d31c68df1d7fd9d89908f83cd9ca8bfe839a7f59524c
Instruction ID: 4d06a3d165edf0e5619bc0ac33009734942068fe33381404de1aa9885094a405
Opcode Fuzzy Hash: 147765a44d31045d5505d31c68df1d7fd9d89908f83cd9ca8bfe839a7f59524c
Instruction Fuzzy Hash: 0B01A972A10218AFDB14DFF9D9059EFB7F8EF54710F0080AAF551E7290DA7499008790

Uniqueness

Uniqueness Score: -1.00%

Function 010B3DE3 Relevance: .0, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010B3DE3(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				signed char _t4;
				void* _t9;
				void* _t13;
				void* _t19;
				void* _t20;

				E01042280(_t4, 0x1118608);
				_t13 = E0105F6B2(0x1116e48);
				_t19 = E0105F6B2(0x1116e4c);
				_t20 = E0105F6B2(0x1116e44);
				_t9 = E0103FFB0(_t13, _t19, 0x1118608);
				if(_t13 != 0) {
					_t9 = L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t13);
				}
				if(_t19 != 0) {
					_t9 = L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t19);
				}
				if(_t20 != 0) {
					return L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t20);
				}
				return _t9;
			}

0x010b3ded
0x010b3e01
0x010b3e0d
0x010b3e19
0x010b3e1b
0x010b3e22
0x010b3e31
0x010b3e31
0x010b3e38
0x010b3e46
0x010b3e46
0x010b3e4d
0x00000000
0x010b3e5b
0x010b3e63

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6611085d4f8e2d354b426f02a738df23015457555525f84c79ea955528975679
Instruction ID: cbc5bfe9f2ab02661ab48275273ae623559ec6376f93f3ce4b1884b2b911e2b5
Opcode Fuzzy Hash: 6611085d4f8e2d354b426f02a738df23015457555525f84c79ea955528975679
Instruction Fuzzy Hash: DEF0A43324255267D626B6B58E94F976965FBE4A40F140438E7809F2A0CF658C02C294

Uniqueness

Uniqueness Score: -1.00%

Function 01055AA0 Relevance: .0, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E01055AA0(void* __ecx, intOrPtr _a4, char _a8) {
				void* __esi;
				void* __ebp;
				char* _t9;
				void* _t17;
				void* _t20;
				void* _t22;
				intOrPtr _t24;

				_t18 = __ecx;
				_push(__ecx);
				_t24 = _a4;
				if(_t24 == 0 || _a8 < 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					_t9 = E010F88F5(_t17, _t18, _t20, _t22, _t24, __eflags);
				} else {
					_push(4);
					_push( &_a8);
					_push(5);
					_push( *((intOrPtr*)(_t24 + 0x24)));
					E0106AE70();
					if(E01047D50() != 0) {
						_t9 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t9 = 0x7ffe0386;
					}
					if( *_t9 != 0) {
						_t9 = E010F8C14(_t24, _a8);
					}
				}
				return _t9;
			}

0x01055aa0
0x01055aa8
0x01055aaa
0x01055aaf
0x01055af8
0x01055ac6
0x01055ac6
0x01055acb
0x01055acc
0x01055ace
0x01055ad1
0x01055add
0x010971de
0x01055ae3
0x01055ae3
0x01055ae3
0x01055aeb
0x010971ed
0x010971ed
0x01055aeb
0x01055af5

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2029a114c36bb4c92c887f33788b343d8ca89f1f3266e36f8717b5269d555587
Instruction ID: f63d5ed4f99901eede2613eb6cf6f9a1d3f67f84b67caaba3c7073e60b47f0ea
Opcode Fuzzy Hash: 2029a114c36bb4c92c887f33788b343d8ca89f1f3266e36f8717b5269d555587
Instruction Fuzzy Hash: 2501D17265064AAFDB61AB18CC85FAA37E8AF00720F008192FD949B291D7B4D980CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01023591 Relevance: .0, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E01023591(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				char _v12;
				char _v20;
				void* __esi;
				void* __ebp;
				void* _t16;
				void* _t19;
				void* _t25;
				intOrPtr _t26;

				_t22 = __edx;
				_t20 = __ecx;
				if(__ecx == 0 || __edx == 0) {
					L7:
					E010F88F5(_t19, _t20, _t22, _t25, _t26, __eflags);
					return 0xc000000d;
				}
				_t26 = _a4;
				if(_t26 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L7;
				}
				_push(0x1e);
				_v12 =  *((intOrPtr*)(_t26 + 0x28));
				_push(8);
				_push( &_v12);
				_v8 = __edx;
				_push( &_v20);
				_push(__ecx);
				_t16 = E01069770();
				if(_t16 >= 0) {
					E0104F0AE(_t26, 1);
					return 0;
				}
				return _t16;
			}

0x01023591
0x01023591
0x0102359c
0x010235ea
0x010235ea
0x00000000
0x010235ef
0x010235a2
0x010235a7
0x00000000
0x00000000
0x010235bb
0x010235bd
0x010235c3
0x010235c5
0x010235c9
0x010235cc
0x010235cd
0x010235ce
0x010235d5
0x010235dc
0x00000000
0x010235e1
0x010235e7

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
Instruction ID: d977b908b89f7afcc2b8beed055a01faeaad0ac24d26694daec6b07b75d1ec41
Opcode Fuzzy Hash: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
Instruction Fuzzy Hash: D4F0FC71A013359FEB14DB698850FEA7BE8FF98710F048195FE89DF100DA3ADA418790

Uniqueness

Uniqueness Score: -1.00%

Function 010DFDD3 Relevance: .0, Instructions: 39
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E010DFDD3(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				void* __edi;
				signed char* _t15;
				intOrPtr _t21;
				signed int _t23;
				intOrPtr _t28;
				void* _t29;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_v8 =  *0x111d360 ^ _t32;
				_t28 = __ecx;
				_t29 =  &_v52;
				_t23 = 0xa;
				memset(_t29, 0, _t23 << 2);
				_t30 = _t29 + _t23;
				_v20 = _t28;
				_v46 = 0x268;
				if(E01047D50() == 0) {
					_t15 = 0x7ffe0388;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v52);
				_push(8);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E0106B640(E01069AE0(), _t21, _v8 ^ _t32, _t28, _t30, _t31);
			}

0x010dfde2
0x010dfde6
0x010dfde8
0x010dfdef
0x010dfdf0
0x010dfdf0
0x010dfdf7
0x010dfdfa
0x010dfe05
0x010dfe17
0x010dfe07
0x010dfe10
0x010dfe10
0x010dfe22
0x010dfe23
0x010dfe25
0x010dfe2a
0x010dfe3e

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d541f17e9c7c179aa14218fa98727209b91ba142bea4393e980af77ef80a815
Instruction ID: 72b94b297c7fbad73ca94da1223cf11835aa28d37c64dd7d988ace0f4c43ee5f
Opcode Fuzzy Hash: 3d541f17e9c7c179aa14218fa98727209b91ba142bea4393e980af77ef80a815
Instruction Fuzzy Hash: C8F0C271B14359ABDB04EBA9E905EBEB3F8EF54700F004069B941EB690EE30DD01C741

Uniqueness

Uniqueness Score: -1.00%

Function 01021BE9 Relevance: .0, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E01021BE9(void* __ecx, signed int** __edx, void* __eflags) {
				char _v8;
				signed int* _t9;
				signed int* _t12;
				void* _t14;
				signed int* _t15;
				signed int** _t22;

				_push(__ecx);
				_v8 = 0x10;
				_push( &_v8);
				_t22 = __edx;
				_t14 = 0x10;
				if(E01021C45(_t14, __ecx) < 0) {
					L4:
					_t9 = 0;
				} else {
					_t15 = E01044620(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					if(_t15 == 0) {
						goto L4;
					} else {
						 *_t15 =  *_t15 & 0x00000000;
						_t5 =  &(_t15[2]); // 0x8
						_t12 = _t5;
						 *_t12 = 1;
						_t15[2] = 0;
						 *_t22 = _t12;
						_t9 = _t15;
					}
				}
				return _t9;
			}

0x01021bee
0x01021bf3
0x01021bfa
0x01021bfb
0x01021c01
0x01021c09
0x01021c41
0x01021c41
0x01021c0b
0x01021c1e
0x01021c22
0x00000000
0x01021c24
0x01021c24
0x01021c27
0x01021c27
0x01021c2d
0x01021c32
0x01021c36
0x01021c38
0x01021c38
0x01021c22
0x01021c3e

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
Instruction ID: 4e438734269b434676a519b94b79b1d69b6eb52b8effbaa9b499a27b5a190ba9
Opcode Fuzzy Hash: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
Instruction Fuzzy Hash: F3F09071614209ABE718DB29CC01B96B7EDEF98310F2480B9D989D7260EAB2ED11D754

Uniqueness

Uniqueness Score: -1.00%

Function 010E131B Relevance: .0, Instructions: 36
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E010E131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x111d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E01047D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0106B640(E01069AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}

0x010e131b
0x010e132a
0x010e1330
0x010e1336
0x010e133e
0x010e1341
0x010e1344
0x010e134f
0x010e1361
0x010e1351
0x010e135a
0x010e135a
0x010e136c
0x010e136d
0x010e136f
0x010e1374
0x010e1387

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9b1a0b46904f1ebd962357fc2c3c573a9e376466642ae38abdb3a49afb7f14f
Instruction ID: 468004ecc1cbfcc359ad255bddabbe17569545efbd587402af3973c8176ead3a
Opcode Fuzzy Hash: a9b1a0b46904f1ebd962357fc2c3c573a9e376466642ae38abdb3a49afb7f14f
Instruction Fuzzy Hash: 460144B1A0120DAFCB04EFA9D545AAEB7F4FF18700F108069F955EB341E634DA00CB54

Uniqueness

Uniqueness Score: -1.00%

Function 01056B90 Relevance: .0, Instructions: 36
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E01056B90(void* __ecx, intOrPtr* _a4) {
				signed int _v8;
				signed int _t11;
				signed int _t12;
				intOrPtr _t19;
				void* _t20;
				intOrPtr* _t21;

				_t21 = _a4;
				_t19 =  *_t21;
				if(_t19 != 0) {
					if(_t19 < 0x1fff) {
						_t19 = _t19 + _t19;
					}
					L3:
					 *_t21 = _t19;
					asm("rdtsc");
					_v8 = 0;
					_t12 = _t11 & _t19 - 0x00000001;
					_t20 = _t19 + _t12;
					if(_t20 == 0) {
						L5:
						return _t12;
					} else {
						goto L4;
					}
					do {
						L4:
						asm("pause");
						_t12 = _v8 + 1;
						_v8 = _t12;
					} while (_t12 < _t20);
					goto L5;
				}
				_t12 =  *( *[fs:0x18] + 0x30);
				if( *((intOrPtr*)(_t12 + 0x64)) == 1) {
					goto L5;
				}
				_t19 = 0x40;
				goto L3;
			}

0x01056b96
0x01056b99
0x01056b9d
0x01056be9
0x01056beb
0x01056beb
0x01056bb3
0x01056bb3
0x01056bb5
0x01056bba
0x01056bc1
0x01056bc3
0x01056bc5
0x01056be0
0x01056be0
0x00000000
0x00000000
0x00000000
0x01056bc7
0x01056bc7
0x01056bd0
0x01056bd5
0x01056bd6
0x01056bd9
0x00000000
0x01056bc7
0x01056ba5
0x01056bac
0x00000000
0x00000000
0x01056bae
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
Instruction ID: af736973fc8c206dcb051a37b897aade71c146deace1bcd825d35c193673f4f3
Opcode Fuzzy Hash: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
Instruction Fuzzy Hash: 05F04F75A00209DFEB98CE48C590BAEB7B5EB44310F6441A8E9469B710D63A9E80DB40

Uniqueness

Uniqueness Score: -1.00%

Function 0104C577 Relevance: .0, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0104C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E0104C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x10011cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E010F88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}

0x0104c577
0x0104c57d
0x0104c581
0x0104c5b5
0x0104c5b9
0x0104c5ce
0x0104c5ce
0x0104c5ca
0x00000000
0x0104c5ca
0x0104c5c4
0x0104c5c8
0x00000000
0x00000000
0x00000000
0x0104c5ad
0x00000000
0x0104c5af

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dca8583bc9e501682eb761679325d64dd25504b80939bd34ee360896db06867
Instruction ID: c8ed50820c8b9df11d5435b5701af91ff23aadf6f9f5637864969e40f42c1c1e
Opcode Fuzzy Hash: 6dca8583bc9e501682eb761679325d64dd25504b80939bd34ee360896db06867
Instruction Fuzzy Hash: C3F06DF29176909BF76686188284B697FD49B05660F4484B6D58687542D6A4ECC0C2D0

Uniqueness

Uniqueness Score: -1.00%

Function 010E2073 Relevance: .0, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E010E2073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E010DFD22(__ecx);
				_t19 =  *0x111849c - _t3; // 0x4b2f1b29
				if(_t19 == 0) {
					__eflags = _t17 -  *0x1118748; // 0x0
					if(__eflags <= 0) {
						E010E1C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x1118724 & 0x00000004;
							if(( *0x1118724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x1118724; // 0x0
					return E010D8DF1(__ebx, 0xc0000374, 0x1115890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}

0x010e2076
0x010e2078
0x010e207d
0x010e2083
0x010e20a4
0x010e20aa
0x010e20ac
0x010e20b7
0x010e20ba
0x010e20bc
0x010e20c9
0x010e20c9
0x010e20d0
0x010e20d2
0x00000000
0x010e20d2
0x010e20be
0x010e20c3
0x010e20c5
0x010e20c7
0x00000000
0x00000000
0x010e20c7
0x010e20bc
0x010e20d4
0x010e2085
0x010e2085
0x010e20a3
0x010e20a3

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b95a872807615b231d4aac721383b74f0e3d475295acc5071cd9894b600e8d0
Instruction ID: b0dc2732285a94a29fe11d624235fe16742609cdf1f7051fe2f000e39ae46a60
Opcode Fuzzy Hash: 7b95a872807615b231d4aac721383b74f0e3d475295acc5071cd9894b600e8d0
Instruction Fuzzy Hash: 34F027364116854FDE7A6B2E22093D1BFEAD795110B0980D5E8E01724AC93488D3CB14

Uniqueness

Uniqueness Score: -1.00%

Function 0106927A Relevance: .0, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E0106927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = E01044620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E0106FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E010692C6(_t11, _t14);
				}
				return _t11;
			}

0x01069295
0x01069299
0x0106929f
0x010692aa
0x010692ad
0x010692ae
0x010692af
0x010692b0
0x010692b4
0x010692bb
0x010692bb
0x010692c5

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
Instruction ID: fb9a420f8b93797ac71cf95e13af43418e17e47fdc6b99684eeebb3af73a1553
Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
Instruction Fuzzy Hash: F2E02B723405026BE7519E09DCC0F57379DEF92724F044078B5005E242C6F5DC0887A0

Uniqueness

Uniqueness Score: -1.00%

Function 010F8D34 Relevance: .0, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E010F8D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x111d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E01047D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0106B640(E01069AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}

0x010f8d34
0x010f8d43
0x010f8d4b
0x010f8d4e
0x010f8d52
0x010f8d5c
0x010f8d6e
0x010f8d5e
0x010f8d67
0x010f8d67
0x010f8d79
0x010f8d7a
0x010f8d7c
0x010f8d81
0x010f8d94

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 755b6ca0efedda0a61f56a2459548768a3ac10d7f815d6430d8ae5c0e3c22fa0
Instruction ID: 5a16462bb5dc5f8c15c40b3e28b8a77904a2e2d86a9e648dcf152794062b8355
Opcode Fuzzy Hash: 755b6ca0efedda0a61f56a2459548768a3ac10d7f815d6430d8ae5c0e3c22fa0
Instruction Fuzzy Hash: BFF0B470A04608AFDB14EFB8D546AAEB7F8EF18300F1080A9E945EB280EA34D900C754

Uniqueness

Uniqueness Score: -1.00%

Function 010F8C14 Relevance: .0, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E010F8C14(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x111d360 ^ _t26;
				_v20 = __ecx;
				_v46 = 0x1c28;
				_v16 = __edx;
				if(E01047D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0106B640(E01069AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}

0x010f8c14
0x010f8c23
0x010f8c2b
0x010f8c2e
0x010f8c32
0x010f8c3c
0x010f8c4e
0x010f8c3e
0x010f8c47
0x010f8c47
0x010f8c59
0x010f8c5a
0x010f8c5c
0x010f8c61
0x010f8c74

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f6215f9fb1e353f4c417bb5780204e4945107c51911363e09c48a6fecafc45d
Instruction ID: 7747011f091b423d052c866f3e4ef7144723b255c43f60e10129d976a0f22012
Opcode Fuzzy Hash: 4f6215f9fb1e353f4c417bb5780204e4945107c51911363e09c48a6fecafc45d
Instruction Fuzzy Hash: 69F0B470A1421DAFDB14EFB8D906AAEB7F8FF14300F0084A9B955EB280EA34D900C780

Uniqueness

Uniqueness Score: -1.00%

Function 010F8B58 Relevance: .0, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 36%

			E010F8B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x111d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E01047D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0106B640(E01069AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}

0x010f8b67
0x010f8b6f
0x010f8b72
0x010f8b7d
0x010f8b8f
0x010f8b7f
0x010f8b88
0x010f8b88
0x010f8b9a
0x010f8b9b
0x010f8b9d
0x010f8ba2
0x010f8bb5

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f35dff4d21aa11f7a1c00206e23e4146875a39ffcb65d4b8d3d37b6b56ad8b8
Instruction ID: 527533949c5149810362393114810b09da3410fd7f87bd75dc7cba8bf63b5f51
Opcode Fuzzy Hash: 5f35dff4d21aa11f7a1c00206e23e4146875a39ffcb65d4b8d3d37b6b56ad8b8
Instruction Fuzzy Hash: BAF082B0A1425DAFDB14EBA8D906EAEB7F8EF14300F0444A9BA45DB380EB34D900C794

Uniqueness

Uniqueness Score: -1.00%

Function 010E1BA8 Relevance: .0, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 36%

			E010E1BA8(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x111d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x102e;
				if(E01047D50() == 0) {
					_t11 = 0x7ffe0380;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v44);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0106B640(E01069AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}

0x010e1bb7
0x010e1bbf
0x010e1bc2
0x010e1bcd
0x010e1bdf
0x010e1bcf
0x010e1bd8
0x010e1bd8
0x010e1bea
0x010e1beb
0x010e1bed
0x010e1bf2
0x010e1c05

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8540b75b9e859c80bd207875e7960cd9ec351949881c98896e7a4de3b6fa818
Instruction ID: dc0a96228f9f103b323e05b413b3a1fbc9712ba27e0756b7af45d99ffc0fa106
Opcode Fuzzy Hash: e8540b75b9e859c80bd207875e7960cd9ec351949881c98896e7a4de3b6fa818
Instruction Fuzzy Hash: 61F05EB1A05248AFDF14EBA9D54AAAEB7F8AF18204F0000A9E545EB280E974D900C754

Uniqueness

Uniqueness Score: -1.00%

Function 010F8BB6 Relevance: .0, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 36%

			E010F8BB6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x111d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c25;
				if(E01047D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x20402);
				_push( *_t11 & 0x000000ff);
				return E0106B640(E01069AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}

0x010f8bc5
0x010f8bcd
0x010f8bd0
0x010f8bdb
0x010f8bed
0x010f8bdd
0x010f8be6
0x010f8be6
0x010f8bf8
0x010f8bf9
0x010f8bfb
0x010f8c00
0x010f8c13

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79d94110a4ced91fa890177c1edcde6cab78b0a19afae7aca3e49b42026d6ef7
Instruction ID: 7938723f202f81c3ce203510fe41fa5a4a5cf1ad16b5601b9ecc07bdc9745c97
Opcode Fuzzy Hash: 79d94110a4ced91fa890177c1edcde6cab78b0a19afae7aca3e49b42026d6ef7
Instruction Fuzzy Hash: B3F089B0A1425DAFDB14EFA8D906EAEB7F8EF14300F044459BA55DB281EA34D900C754

Uniqueness

Uniqueness Score: -1.00%

Function 0102354C Relevance: .0, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0102354C(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t16;
				void* _t18;
				void* _t19;
				void* _t20;

				_t17 = __ecx;
				_t20 = __ecx;
				if(__ecx == 0 || E0104C5D5(__ecx, _t18) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x1001008 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E010F88F5(_t16, _t17, _t18, _t19, _t20, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				} else {
					return 1;
				}
			}

0x0102354c
0x01023552
0x01023556
0x0107fef1
0x0107fef5
0x0107ff06
0x0107ff06
0x0107ff0b
0x00000000
0x0107ff0b
0x0107ff00
0x0107ff04
0x00000000
0x00000000
0x00000000
0x01023589
0x00000000
0x0102358b

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c4b201476831015fcb804562ba388c30082d591a30c9b7d33809518a3a3e51a
Instruction ID: a6cbfff6d5a861651f654aa0dd78ef819c6781b30af3c0438826df03dba578c8
Opcode Fuzzy Hash: 5c4b201476831015fcb804562ba388c30082d591a30c9b7d33809518a3a3e51a
Instruction Fuzzy Hash: 98F02731D1129A8FE7A2C31CC140F15BBD49B05B30F1584A5E5D587903CB38CCC0C288

Uniqueness

Uniqueness Score: -1.00%

Function 0102F358 Relevance: .0, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E0102F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E0105F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = E01044620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}

0x0102f35d
0x0102f361
0x0102f367
0x0102f372
0x0102f38c
0x0102f38c
0x0102f394

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
Instruction ID: 2c0d28991451811998eedb77b761bceaf8152311302f5f76c0d2c9957eaee9bb
Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
Instruction Fuzzy Hash: D1E0DF32A40129FBDB61AAD99E05FABBFFCEB58AE0F0081A5FA04D7150D5659E00C2D0

Uniqueness

Uniqueness Score: -1.00%

Function 010215C1 Relevance: .0, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010215C1(intOrPtr* __ecx, intOrPtr* __edx, intOrPtr _a4) {
				intOrPtr* _t17;

				_t14 = __ecx;
				_t17 = __ecx;
				if(( *(__edx + 2) & 0x00000001) != 0) {
					L5:
					return 0;
				}
				 *__edx =  *__edx + 0xffff;
				if( *__edx != 0) {
					goto L5;
				}
				_t4 = _t17 + 8; // 0x8
				if(__edx != _t4) {
					L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __edx);
					_t14 = _t17;
				}
				E01021480(_t14, _a4);
				return 1;
			}

0x010215c1
0x010215cb
0x010215cd
0x010215f3
0x00000000
0x010215f3
0x010215d4
0x010215d7
0x00000000
0x00000000
0x010215d9
0x010215de
0x0107ef10
0x0107ef15
0x0107ef15
0x010215e7
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
Instruction ID: fc58e510a96a8283ba2e215a4d92f5435b3ec83ca1b8f9f5724ca9837935f621
Opcode Fuzzy Hash: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
Instruction Fuzzy Hash: 49E02B31600176D3CF31AA48C440BB7B3D9AF51700F0880F1E4428B542DB74DC42C3D0

Uniqueness

Uniqueness Score: -1.00%

Function 010B41E8 Relevance: .0, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E010B41E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x11008f0);
				_t5 = E0107D08C(__ebx, __edi, __esi);
				if( *0x11187ec == 0) {
					E0103EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x11187ec == 0) {
						 *0x11187f0 = 0x11187ec;
						 *0x11187ec = 0x11187ec;
						 *0x11187e8 = 0x11187e4;
						 *0x11187e4 = 0x11187e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L010B4248();
				}
				return E0107D0D1(_t5);
			}

0x010b41e8
0x010b41ea
0x010b41ef
0x010b41fb
0x010b4206
0x010b420b
0x010b4216
0x010b421d
0x010b4222
0x010b422c
0x010b4231
0x010b4231
0x010b4236
0x010b423d
0x010b423d
0x010b4247

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcac47dc4c3d0f92cc0735c19a4625670000b8711e65c7f83c376c0dd327b0d4
Instruction ID: f70e6093f2d996f0a6c69c327eb09eb06d02a45c25e89d27a8b6192f9cd7ac15
Opcode Fuzzy Hash: bcac47dc4c3d0f92cc0735c19a4625670000b8711e65c7f83c376c0dd327b0d4
Instruction Fuzzy Hash: ECF01574910B11CECBBAEFA9D640794B6A4FB54311F40C17AD1A1872C9C77446A1DF15

Uniqueness

Uniqueness Score: -1.00%

Function 010DD380 Relevance: .0, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010DD380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L0102E8B0(__ecx, _a4, 0xfff);
					L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}

0x010dd38a
0x010dd39b
0x010dd3b1
0x00000000
0x010dd3b6
0x00000000

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
Instruction ID: a712dec6f8b7c55ff529ab1e595b174ccf84912f4f44e340faf34057ae7c8b26
Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
Instruction Fuzzy Hash: 7FE0C231280315BBDB225E84CC00FA97B56EB507A0F108031FE889A6D0CAB19C91DBC4

Uniqueness

Uniqueness Score: -1.00%

Function 0105A185 Relevance: .0, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0105A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x11167e4 >= 0xa) {
					if(_t5 < 0x1116800 || _t5 >= 0x1116900) {
						return L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E01040010(0x11167e0, _t5);
				}
			}

0x0105a190
0x0105a1a6
0x0105a1c2
0x00000000
0x00000000
0x00000000
0x0105a192
0x0105a192
0x0105a19f
0x0105a19f

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03646bb5d58ed70a15a7b3fbd52c1e2b0de8d810b318fca12253368a92b32bf7
Instruction ID: fc61e2ef0e57d4e15eb140835aec65455f5f60f1f170055a710e65e963118e31
Opcode Fuzzy Hash: 03646bb5d58ed70a15a7b3fbd52c1e2b0de8d810b318fca12253368a92b32bf7
Instruction Fuzzy Hash: DDD02BB12210009BC72D53108E54BA37212F780750F34893CF3831F598EBD188D0C10C

Uniqueness

Uniqueness Score: -1.00%

Function 010A53CA Relevance: .0, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010A53CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E0103EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}

0x010a53ca
0x010a53ce
0x010a53d9
0x010a53de
0x010a53e1
0x010a53e1
0x010a53e6
0x010a53f3
0x00000000
0x010a53f8
0x010a53fb

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
Instruction ID: e54a7af6a1e884ef1f77b5d906b2d819cf261abbf204dc4111d72604614341e6
Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
Instruction Fuzzy Hash: 9AE08C729006809FCF12DB88CA90F8EBBF9FB84B00F140454A5485F620C624EC00CB00

Uniqueness

Uniqueness Score: -1.00%

Function 01028410 Relevance: .0, Instructions: 14
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E01028410(intOrPtr _a4) {
				void* __ebp;
				intOrPtr _t5;
				void* _t9;
				void* _t11;
				void* _t12;
				void* _t13;

				E010599BC(_t9, _a4, _t11, _t12, _t13);
				_t5 =  *0x11184c4; // 0x0
				return L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t5 + 0x200000, _a4);
			}

0x01028418
0x01028420
0x0102843a

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b23faececfe555b49b0444257a6ee3ee37b27a54239a5e52df76e0cfb253e5c
Instruction ID: a0fba39ce70e3b5a18ede105b78f39dc5a4196a81906ff8d7b508d6dbff63e80
Opcode Fuzzy Hash: 1b23faececfe555b49b0444257a6ee3ee37b27a54239a5e52df76e0cfb253e5c
Instruction Fuzzy Hash: 01D0A932080208ABCB11FF0CDE80F467BAEEBA4700F004034F90887662CB30ECA0CA88

Uniqueness

Uniqueness Score: -1.00%

Function 0103AAB0 Relevance: .0, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0103AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}

0x0103aab6
0x0103aabb
0x0108a442
0x00000000
0x0108a448
0x0108a454
0x0108a454
0x0103aac1
0x0103aac1
0x0103aac6
0x0103aac6

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
Instruction ID: 2720c8ecaef0a899160a3b5f03e4dc186bdbb43c8c70205251099e0b3173fb8f
Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
Instruction Fuzzy Hash: DCD0C235352980CFDA569B1DC554B1577A8BB44A44FC504D0E581CBB62E669D945CA00

Uniqueness

Uniqueness Score: -1.00%

Function 010535A1 Relevance: .0, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010535A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E0103EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}

0x010535a1
0x010535a1
0x010535a5
0x010535ab
0x010535ab
0x010535b5
0x00000000
0x010535c1
0x010535b7

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
Instruction ID: dae68f050e33919d4a4331728b8e2face819795ac7084fd5d07241a9fe6f30de
Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
Instruction Fuzzy Hash: 57D0A73140118199DBC2AB14C1347AEB7B1BF0038CF58309588C30D452C3354909C600

Uniqueness

Uniqueness Score: -1.00%

Function 0102DB40 Relevance: .0, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0102DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = E01044620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}

0x0102db4d
0x0102db54
0x0102db5f
0x0102db56
0x0102db56
0x0102db5c
0x0102db5c

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
Instruction ID: 8999c152385704f5cc6cf7565315892511d4aab3da4d998402d5ce26cc39fd26
Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
Instruction Fuzzy Hash: 57C08C70280A01EBEB222F20CD01B403AA0BB10B01F8400E0A340DA0F0DBB8DC01E600

Uniqueness

Uniqueness Score: -1.00%

Function 010AA537 Relevance: .0, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010AA537(intOrPtr _a4, intOrPtr _a8) {

				return L01048E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}

0x010aa553

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
Instruction ID: 99a82d27fb66f6f521ae1176a23538471ae4e680b4d862905cc0a527e303bac7
Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
Instruction Fuzzy Hash: 1BC01232080248BBCB226E82CC00F467B2AEBA4B60F008421BA480A5608632E970EA84

Uniqueness

Uniqueness Score: -1.00%

Function 01043A1C Relevance: .0, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01043A1C(intOrPtr _a4) {
				void* _t5;

				return E01044620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}

0x01043a35

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
Instruction ID: 3def8f39eaaa98451f67e98869850986c3d256eb1a075af609ecc206827d3898
Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
Instruction Fuzzy Hash: 12C08C32080248BBC7126E41DC00F017B29E7A4B60F000020B6040A5608572EC60D588

Uniqueness

Uniqueness Score: -1.00%

Function 0102AD30 Relevance: .0, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0102AD30(intOrPtr _a4) {

				return L010477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}

0x0102ad49

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
Instruction ID: 5fc022a2d3e2b5b10c7a3d50377d441caeb9fab8427975d0c748898dbddc53e6
Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
Instruction Fuzzy Hash: 1FC08C32080248BBC712AA45CD40F017B29E7A0B60F000020F6040A6618A32E860D588

Uniqueness

Uniqueness Score: -1.00%

Function 01054190 Relevance: .0, Instructions: 9
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01054190() {

				if(E01047D50() != 0) {
					return  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x14));
				} else {
					return  *0x7ffe02d0;
				}
			}

0x01054197
0x0109641c
0x0105419d
0x010541a2
0x010541a2

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
Instruction ID: ce6a8d86cd5cece87f29d5eff7c0ad0d05cf2a5b57322a9b9cf105e2dd07b281
Opcode Fuzzy Hash: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
Instruction Fuzzy Hash: 11C04C757155418FCF15DF69C2D4F5537F4B754744F1508E0E845CB721DB24E840DA10

Uniqueness

Uniqueness Score: -1.00%

Function 010D8D47 Relevance: .0, Instructions: 9
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010D8D47() {
				intOrPtr _t5;

				_t5 =  *((intOrPtr*)( *[fs:0x30] + 2));
				if(_t5 == 0) {
					return  *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003;
				}
				return _t5;
			}

0x010d8d4d
0x010d8d52
0x00000000
0x010d8d5d
0x010d8d60

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
Instruction ID: 5ce7c46889f2ad5cc9bffe7bfc43abae2fdff4e27c24f6845af6969046e0f509
Opcode Fuzzy Hash: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
Instruction Fuzzy Hash: 90C04C1E1556C949CD279F2442127D5BFA0D7429D0F1954C2D4D11F552C11445139625

Uniqueness

Uniqueness Score: -1.00%

Function 01047D50 Relevance: .0, Instructions: 7
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01047D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}

0x01047d56
0x01047d5b
0x01047d60
0x01047d5d
0x01047d5d
0x01047d5d

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
Instruction ID: a81a955b805b66874bb81f73e7a228e0924461f5fcb2c44588243bde60050665
Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
Instruction Fuzzy Hash: 15B092353119409FCE56EF28C080B1533F4BB44A40B8400E0E440CBA21D329E8008900

Uniqueness

Uniqueness Score: -1.00%

Function 01052ACB Relevance: .0, Instructions: 5
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01052ACB() {
				void* _t5;

				return E0103EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}

0x01052adc

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
Instruction ID: 9b7c92bbd3768cf9e3f08583344254235685d7dfab92330fbf69ae75b30e5192
Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
Instruction Fuzzy Hash: A3B01232C10441CFCF07EF40C610B5A7335FF80750F054490900127930C228EC01CB40

Uniqueness

Uniqueness Score: -1.00%

Function 01069910 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d519f1c8f1787d322d508da717bc7587bda67b870d07fc4f4a32e1481abb25b5
Instruction ID: 004ecb267636dbe73c3e0e91a6a53aa0b63280d67e2cda9a4fb3aad885f8da91
Opcode Fuzzy Hash: d519f1c8f1787d322d508da717bc7587bda67b870d07fc4f4a32e1481abb25b5
Instruction Fuzzy Hash: 9C9002B160100902E140719984047460105ABD0341F51C011A5455554EC6998DD577A9

Uniqueness

Uniqueness Score: -1.00%

Function 01069950 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bc8d2e7528df56627730e5033f14e2dd83a438e15fc32615deee5b97728487e
Instruction ID: 2381ddd9aaf5483ed9f2151f7be5e19b27f4299c6bbc49d8d0e785f15eb05d04
Opcode Fuzzy Hash: 0bc8d2e7528df56627730e5033f14e2dd83a438e15fc32615deee5b97728487e
Instruction Fuzzy Hash: EE9002A160140903E140659988046070105ABD0342F51C011A2455555ECA698C517279

Uniqueness

Uniqueness Score: -1.00%

Function 010699A0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb8ed1b04ebded09eaae291ea9ddd2cda1cb9c687bed2adec18d8aefced4c30b
Instruction ID: 5988747cd2e3619a8f6472ce6af2943dace05e3c400b7c4628f846bebbefc3f8
Opcode Fuzzy Hash: eb8ed1b04ebded09eaae291ea9ddd2cda1cb9c687bed2adec18d8aefced4c30b
Instruction Fuzzy Hash: A79002A174100942E10061998414B060105EBE1341F51C015E1455554DC659CC52726A

Uniqueness

Uniqueness Score: -1.00%

Function 010699D0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0af73dcf83ef118638e3d1dfdaa026b3f31fd46654254bbadfc5d73946465e33
Instruction ID: a0ec2bf77d5ed30a75dccddf735b2858dd0288e2b6deeb9aa81c85db6eb8ca2f
Opcode Fuzzy Hash: 0af73dcf83ef118638e3d1dfdaa026b3f31fd46654254bbadfc5d73946465e33
Instruction Fuzzy Hash: 859002A161100542E104619984047060145ABE1241F51C012A2545554CC5698C616269

Uniqueness

Uniqueness Score: -1.00%

Function 01069820 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0792f9b621b5dde30c99101ce88fccd76a73b243db6607ef5ef97e378bab9213
Instruction ID: 608184b77bff1a053af4663bf2ba2ba1c8507451a32db43d86dabf9cb2461692
Opcode Fuzzy Hash: 0792f9b621b5dde30c99101ce88fccd76a73b243db6607ef5ef97e378bab9213
Instruction Fuzzy Hash: B390027164100902E141719984046060109BBD0281F91C012A0815554EC6958A56BBA5

Uniqueness

Uniqueness Score: -1.00%

Function 01069840 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e03d4bc9331a2adc40a7a449c73b3606912da04885f8a50aa503670fa62d0dd6
Instruction ID: a64f13a1fa551d2bec7e3cb77fd5d7654c4e1fb64c7a5ea840db203c1db4dce3
Opcode Fuzzy Hash: e03d4bc9331a2adc40a7a449c73b3606912da04885f8a50aa503670fa62d0dd6
Instruction Fuzzy Hash: 9F900261642046526545B19984045074106BBE0281791C012A1805950CC5669856E765

Uniqueness

Uniqueness Score: -1.00%

Function 0106B040 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b4c5a7cd32e7ac639a4a9adc5f7ab53ee3b1e91fb4d2b4866e036c903cf684b
Instruction ID: 8c54f798115af29da322fbee396a638ab940161219e4d5156bf1510584ac2ac5
Opcode Fuzzy Hash: 8b4c5a7cd32e7ac639a4a9adc5f7ab53ee3b1e91fb4d2b4866e036c903cf684b
Instruction Fuzzy Hash: DE9002A1A01145435540B19988044065115BBE1341391C121A0845560CC6A88855A3A9

Uniqueness

Uniqueness Score: -1.00%

Function 010698A0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8182760c4051e091ddae41e7221d5abf57693f3fbe92ee44c4949b604cf83616
Instruction ID: 4d311fcbcbbb3d5d71a6cf8682eeab553e357bbc3860ca6668b12407fc3bcc6f
Opcode Fuzzy Hash: 8182760c4051e091ddae41e7221d5abf57693f3fbe92ee44c4949b604cf83616
Instruction Fuzzy Hash: 1A90026170100902E102619984146060109EBD1385F91C012E1815555DC6658953B276

Uniqueness

Uniqueness Score: -1.00%

Function 010698F0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 072f0a1fb28278d14867b46e803ea79ad1dc1c5ed82f3b4442af69301842e855
Instruction ID: c329f43e370390487ac01fe29f00585036207b36b574c20fbbf5820e799270fb
Opcode Fuzzy Hash: 072f0a1fb28278d14867b46e803ea79ad1dc1c5ed82f3b4442af69301842e855
Instruction Fuzzy Hash: F9900261A0100A02E10171998404616010AABD0281F91C022A1415555ECA658992B275

Uniqueness

Uniqueness Score: -1.00%

Function 01069B00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e82d416bf726ba2596faf5c94a02304d34e73b42bbcf99594a1a6867a1d280a0
Instruction ID: 24cf3f60d80e2a32d02c76fef0288abb78bc48c3512d0ec0ca88ba4c5e9cd4da
Opcode Fuzzy Hash: e82d416bf726ba2596faf5c94a02304d34e73b42bbcf99594a1a6867a1d280a0
Instruction Fuzzy Hash: A290026164100D02E1407199C4147070106EBD0641F51C011A0415554DC656896577F5

Uniqueness

Uniqueness Score: -1.00%

Function 0106A3B0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2c6433bce9f01496355c36a138db4d9b619a6ed0fa80adaee903aedc7688b36
Instruction ID: 2a3203dc527bb9a765facca05ee548280d9ee981a40ce57278bc268251a8dfba
Opcode Fuzzy Hash: c2c6433bce9f01496355c36a138db4d9b619a6ed0fa80adaee903aedc7688b36
Instruction Fuzzy Hash: 9290027160144502E1407199C44460B5105BBE0341F51C411E0816554CC6558856A365

Uniqueness

Uniqueness Score: -1.00%

Function 01069A00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5ee9778657ee743db9abbc475a7b4f5dc6489afbba7e1f9a5cbfd0fe5c014d5
Instruction ID: a3c45d738c448e958b7b92d535593ef502b82475119d9f2884d57707499bb2b6
Opcode Fuzzy Hash: d5ee9778657ee743db9abbc475a7b4f5dc6489afbba7e1f9a5cbfd0fe5c014d5
Instruction Fuzzy Hash: 6190027160140902E1006199881470B0105ABD0342F51C011A1555555DC665885176B5

Uniqueness

Uniqueness Score: -1.00%

Function 01069A10 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2535b4d120d54b0373e8a889131ff8fa09165a5fadca040d1714cc2336486d09
Instruction ID: abfd45ce93f13242da843fdaa2e2e64f6055c97700e4a71f841188d3aad1f565
Opcode Fuzzy Hash: 2535b4d120d54b0373e8a889131ff8fa09165a5fadca040d1714cc2336486d09
Instruction Fuzzy Hash: 0890027160140902E100619988087470105ABD0342F51C011A5555555EC6A5C8917675

Uniqueness

Uniqueness Score: -1.00%

Function 01069A20 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b163ff133ba5fd64ef13b5bed2092d8d8a6f4b0c3d5d0d319b44900eba4f1245
Instruction ID: cd617c9f997a3591c5c608cd2a0cfc8c0e800b1969bcc47118585bdc4cd461ce
Opcode Fuzzy Hash: b163ff133ba5fd64ef13b5bed2092d8d8a6f4b0c3d5d0d319b44900eba4f1245
Instruction Fuzzy Hash: CD900261A0100542514071A9C8449064105BFE1251751C121A0D89550DC599886567A9

Uniqueness

Uniqueness Score: -1.00%

Function 01069A50 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54fc202017c17eeed87423fefaa6f0dcc04cf722077be0e46e2b3df26d6247e3
Instruction ID: c8b1818ee8ab5b28ecffba795c330e6d8456908bd41a60f2faeccbad66082c88
Opcode Fuzzy Hash: 54fc202017c17eeed87423fefaa6f0dcc04cf722077be0e46e2b3df26d6247e3
Instruction Fuzzy Hash: 6B90026161180542E20065A98C14B070105ABD0343F51C115A0545554CC95588616665

Uniqueness

Uniqueness Score: -1.00%

Function 01069A80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77369c66509eb903d0fb437dfba61331b8e45c67acd76d73ac21938365881b3b
Instruction ID: a2876ea36a9ea5c52c1c8d300c56ac2888601029b34465863fd1743d25cfabc9
Opcode Fuzzy Hash: 77369c66509eb903d0fb437dfba61331b8e45c67acd76d73ac21938365881b3b
Instruction Fuzzy Hash: B790026160144942E14062998804B0F4205ABE1242F91C019A4547554CC95588556765

Uniqueness

Uniqueness Score: -1.00%

Function 01069520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20457c9454881411cb73a506ed310f9a45bc3ce2f07755a5eeef8c371d8d3bfa
Instruction ID: 0f08ba1bc92c3bee651567545e5c115b0136e54190a745307e2bf793fec16b6a
Opcode Fuzzy Hash: 20457c9454881411cb73a506ed310f9a45bc3ce2f07755a5eeef8c371d8d3bfa
Instruction Fuzzy Hash: 019002E1601145925500A299C404B0A4605ABE0241B51C016E1445560CC5658851A279

Uniqueness

Uniqueness Score: -1.00%

Function 0106AD30 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd0825a4ff5fcc9875be8269b70773d4697680e4cf8e9796215f41b594af3d0b
Instruction ID: 82002a9df28716dd90a5484499cfa8e597d85501a25fec0ccdab568207ec9406
Opcode Fuzzy Hash: fd0825a4ff5fcc9875be8269b70773d4697680e4cf8e9796215f41b594af3d0b
Instruction Fuzzy Hash: 68900271E0500512A140719988146464106BBE0781B55C011A0905554CC9948A5563E5

Uniqueness

Uniqueness Score: -1.00%

Function 01069540 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1636b6512cc8000313647bca5f01899c3ad2ce8a15ffe7da9f37a813012a5c0b
Instruction ID: f3683d69db5527981e3395d7812806ca845e8a5ad56235fd789b88df397c9a8b
Opcode Fuzzy Hash: 1636b6512cc8000313647bca5f01899c3ad2ce8a15ffe7da9f37a813012a5c0b
Instruction Fuzzy Hash: FC900265611005031105A59947045070146ABD5391351C021F1406550CD66188616265

Uniqueness

Uniqueness Score: -1.00%

Function 01069560 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df9272b08a23acf0c1f7d721a3c5dbc37b414f606998d0ac6ce8a3a7acf85cd5
Instruction ID: e62b3403d636b524eadef1e313656fcaeef3d619bee00812f37edb404c032b44
Opcode Fuzzy Hash: df9272b08a23acf0c1f7d721a3c5dbc37b414f606998d0ac6ce8a3a7acf85cd5
Instruction Fuzzy Hash: 79900265621005021145A599460450B0545BBD6391391C015F1807590CC66188656365

Uniqueness

Uniqueness Score: -1.00%

Function 010695D0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 199b17471c702b18bf7de8466ac7724919c19beced74ba86467bf3d4e3cb72f5
Instruction ID: 4222daacdf53fe01744fb5b0e7384d4b4c3f50d0bb7c879608212d89dffe18b6
Opcode Fuzzy Hash: 199b17471c702b18bf7de8466ac7724919c19beced74ba86467bf3d4e3cb72f5
Instruction Fuzzy Hash: C99002A160200503510571998414616410AABE0241B51C021E1405590DC56588917269

Uniqueness

Uniqueness Score: -1.00%

Function 010695F0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc22c5cdd46972253150f803d02a551daa03d6596507b833ae931fc200ce8036
Instruction ID: 5916d8e72dbb308937e1856f17a2ebc1a5817942ae26d3b98f82b9faa12b23dc
Opcode Fuzzy Hash: fc22c5cdd46972253150f803d02a551daa03d6596507b833ae931fc200ce8036
Instruction Fuzzy Hash: 6890027160100D02E104619988046860105ABD0341F51C011A6415655ED6A588917275

Uniqueness

Uniqueness Score: -1.00%

Function 0106A710 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b4eaf5aaa03638d14a0cfa8dd97a88f131030be3c92446853a1cca943fc6ff0
Instruction ID: 1f1dfd32cd3af6f9c06e41a0f5b480228e769dcbef853bc8d66e0c4f6bb34c6e
Opcode Fuzzy Hash: 1b4eaf5aaa03638d14a0cfa8dd97a88f131030be3c92446853a1cca943fc6ff0
Instruction Fuzzy Hash: 9690027170100552A500A6D99804A4A4205ABF0341B51D015A4405554CC59488616265

Uniqueness

Uniqueness Score: -1.00%

Function 01069710 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e982b18d690496fb2a6f8f560138d8adc64ac3c98a89cf37ca0c158b57ea7f9
Instruction ID: 64933a370445f54bc73a15efa622e224e88b81d5eee963e9203651cae7db7868
Opcode Fuzzy Hash: 8e982b18d690496fb2a6f8f560138d8adc64ac3c98a89cf37ca0c158b57ea7f9
Instruction Fuzzy Hash: 2690027160100902E10065D994086460105ABE0341F51D011A5415555EC6A588917275

Uniqueness

Uniqueness Score: -1.00%

Function 01069730 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22bcbad401f11620c78531de0b3cbe8d597316667a08f020084d2ee4418ca760
Instruction ID: 2c40b7651ece0956c193fd493bcf3f7d80b5c8ebb717f40ea7069d3e7d561ecc
Opcode Fuzzy Hash: 22bcbad401f11620c78531de0b3cbe8d597316667a08f020084d2ee4418ca760
Instruction Fuzzy Hash: B8900261A0500902E140719994187060115ABD0241F51D011A0415554DC6998A5577E5

Uniqueness

Uniqueness Score: -1.00%

Function 01069760 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a13003fabe1cf538aa8fe6d29d0f6659ed1d0232e5a1c2b30d06b2e4716879a9
Instruction ID: ff3a7cbd540a7eff6b5fa0253ea76c4cc59c22c61fef97e5880c85b7920993d4
Opcode Fuzzy Hash: a13003fabe1cf538aa8fe6d29d0f6659ed1d0232e5a1c2b30d06b2e4716879a9
Instruction Fuzzy Hash: 8690027160100903E100619995087070105ABD0241F51D411A0815558DD69688517265

Uniqueness

Uniqueness Score: -1.00%

Function 0106A770 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee5c90f5940500d95b20625473e7ddd58e536ea1bba0db3c940b06e54c2ce4ab
Instruction ID: 39a0f214c273f1fb45a2d32d2053aa7a2336f2795370b30003382fb790487ec9
Opcode Fuzzy Hash: ee5c90f5940500d95b20625473e7ddd58e536ea1bba0db3c940b06e54c2ce4ab
Instruction Fuzzy Hash: 2590027560504942E50065999804A870105ABD0345F51D411A081559CDC6948861B265

Uniqueness

Uniqueness Score: -1.00%

Function 01069770 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3593d4e905cd0e3e3b8dfcca176b3fd187010eded5cd6b35bed5c2c3d8d610a1
Instruction ID: 2b8f505b755fe6cb06e28a1432cafabc572581e3d332cf3aff841acb4ec95868
Opcode Fuzzy Hash: 3593d4e905cd0e3e3b8dfcca176b3fd187010eded5cd6b35bed5c2c3d8d610a1
Instruction Fuzzy Hash: C790026160504942E10065999408A060105ABD0245F51D011A1455595DC6758851B275

Uniqueness

Uniqueness Score: -1.00%

Function 01069780 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26503b10b3e667b1544c29eda3c3fa19f709d1b958e40c6cd6121fad787c4e83
Instruction ID: 4e13c5a882f075d607823e63d25b110f164c1d245caf94862ad8d0dcad4e32c3
Opcode Fuzzy Hash: 26503b10b3e667b1544c29eda3c3fa19f709d1b958e40c6cd6121fad787c4e83
Instruction Fuzzy Hash: DF90026961300502E1807199940860A0105ABD1242F91D415A0406558CC95588696365

Uniqueness

Uniqueness Score: -1.00%

Function 010697A0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d022028066d3a2501170f55d925d552463c767d71ce7520cf4bee4f04ceb599
Instruction ID: 04a880e91c1d92947423f4ff2800da5ab50008b5e3b13312ad9c04bba261d08c
Opcode Fuzzy Hash: 4d022028066d3a2501170f55d925d552463c767d71ce7520cf4bee4f04ceb599
Instruction Fuzzy Hash: B590026170100503E140719994186064105FBE1341F51D011E0805554CD95588566366

Uniqueness

Uniqueness Score: -1.00%

Function 01069FE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a006502dbf34aa808e871e5660ef873363d9b6f9a69d0f0561dd1636d2add7c1
Instruction ID: 8f46ff6e62cde4c5de00d6ce969fa2bb5f05fce3449c2824acf628294cef8f59
Opcode Fuzzy Hash: a006502dbf34aa808e871e5660ef873363d9b6f9a69d0f0561dd1636d2add7c1
Instruction Fuzzy Hash: EA90027171114902E1106199C4047060105ABD1241F51C411A0C15558DC6D588917266

Uniqueness

Uniqueness Score: -1.00%

Function 01069610 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9587e86c2ae1d417cad3dc696ff0938fe9d12711fc096934db6bdf8e4c891c1a
Instruction ID: 7f380bf4c80433ba590dd020445637b30d255cfeb284a48112301998547cce14
Opcode Fuzzy Hash: 9587e86c2ae1d417cad3dc696ff0938fe9d12711fc096934db6bdf8e4c891c1a
Instruction Fuzzy Hash: 95900271A0500D02E150719984147460105ABD0341F51C011A0415654DC7958A5577E5

Uniqueness

Uniqueness Score: -1.00%

Function 01069650 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ca23f4cc1384fe1f0dffd39e4a9752f38ab9e6793f22c3a7a42a810776e53f0
Instruction ID: 1e650c20430bf226c2261c68a82403f0fcd3ce6192ff0cd8e79e6a57cc62b63a
Opcode Fuzzy Hash: 7ca23f4cc1384fe1f0dffd39e4a9752f38ab9e6793f22c3a7a42a810776e53f0
Instruction Fuzzy Hash: F290027160504D42E14071998404A460115ABD0345F51C011A0455694DD6658D55B7A5

Uniqueness

Uniqueness Score: -1.00%

Function 010696D0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbed6e9f9eebd05ec818133d217ce9fbd52881876ecb04df78c52ace5c955573
Instruction ID: 2deaa102c0f9d2aed04b422eb4553d56f688d9dfe3341ddef65ad2ef8e18f77b
Opcode Fuzzy Hash: bbed6e9f9eebd05ec818133d217ce9fbd52881876ecb04df78c52ace5c955573
Instruction Fuzzy Hash: 3890027160100D42E10061998404B460105ABE0341F51C016A0515654DC655C8517665

Uniqueness

Uniqueness Score: -1.00%

Function 01069670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction ID: 7c39900aa57e8b4ec2231b9f1576321d9881a2bd1375611769a6b70c66d2a51a
Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 01027CC0 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 198
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 41%

			E01027CC0(intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _t60;
				signed int _t65;
				void* _t70;
				void* _t73;
				signed int _t86;
				void* _t92;
				signed int _t94;
				intOrPtr _t101;
				signed int _t102;
				intOrPtr _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t115;
				intOrPtr _t116;
				signed char _t117;
				void* _t118;
				intOrPtr* _t120;
				signed int _t121;
				void* _t122;

				_t101 = _a8;
				_t120 = _a4;
				_t121 = 0;
				_t104 = _t101 + 0x2e;
				_v24 = 8;
				_v16 = _t104;
				if( *_t120 == 0) {
					__eflags =  *(_t120 + 2);
					if( *(_t120 + 2) != 0) {
						goto L1;
					}
					__eflags =  *(_t120 + 4);
					if( *(_t120 + 4) != 0) {
						goto L1;
					}
					__eflags =  *(_t120 + 6);
					if( *(_t120 + 6) != 0) {
						goto L1;
					}
					_t117 =  *(_t120 + 0xc) & 0x0000ffff;
					_v20 = _t117 >> 8;
					__eflags = _t117;
					if(_t117 == 0) {
						goto L1;
					}
					_t86 =  *(_t120 + 8) & 0x0000ffff;
					__eflags = _t86;
					if(_t86 != 0) {
						_v12 = 0xffff;
						__eflags = _t86 - _v12;
						if(_t86 != _v12) {
							goto L1;
						}
						__eflags =  *(_t120 + 0xa);
						if( *(_t120 + 0xa) != 0) {
							goto L1;
						}
						__eflags = _t104 - _t101;
						_push( *(_t120 + 0xf) & 0x000000ff);
						_push( *(_t120 + 0xe) & 0x000000ff);
						_push(_v20 & 0x000000ff);
						_t92 = E01076B30(_t101, _t104 - _t101, "::ffff:0:%u.%u.%u.%u", _t117 & 0x000000ff);
						L29:
						return _t92 + _t101;
					}
					_t94 =  *(_t120 + 0xa) & 0x0000ffff;
					__eflags = _t94;
					if(_t94 == 0) {
						_t118 = 0x10048a4;
						L27:
						_push( *(_t120 + 0xf) & 0x000000ff);
						_push( *(_t120 + 0xe) & 0x000000ff);
						_push(_v20 & 0x000000ff);
						_push( *(_t120 + 0xc) & 0xff);
						_t92 = E01076B30(_t101, _t104 - _t101, "::%hs%u.%u.%u.%u", _t118);
						goto L29;
					}
					__eflags = _t94 - 0xffff;
					if(_t94 != 0xffff) {
						goto L1;
					}
					_t118 = 0x101d700;
					goto L27;
				}
				L1:
				_t105 = _t121;
				_t60 = _t121;
				_v8 = _t105;
				_v20 = _t60;
				if(( *(_t120 + 8) & 0x0000fffd) == 0) {
					__eflags =  *(_t120 + 0xa) - 0xfe5e;
					if( *(_t120 + 0xa) == 0xfe5e) {
						_v24 = 6;
					}
				}
				_t115 = _t121;
				_t102 = _t60;
				do {
					if( *((intOrPtr*)(_t120 + _t115 * 2)) == _t121) {
						__eflags = _t115 - _t60 + 1 - _v8 - _t102;
						_t60 = _v20;
						if(__eflags <= 0) {
							_t105 = _v8;
						} else {
							_t49 = _t115 + 1; // 0x1
							_t105 = _t49;
							_t102 = _t60;
							_v8 = _t105;
						}
					} else {
						_t13 = _t115 + 1; // 0x1
						_t60 = _t13;
						_v20 = _t60;
					}
					_t115 = _t115 + 1;
				} while (_t115 < _v24);
				_v12 = _t102;
				_t103 = _a8;
				if(_t105 - _t102 > 1) {
					_t65 = _v12;
				} else {
					_t105 = _t121;
					_t65 = _t121;
					_v8 = _t105;
					_v12 = _t65;
				}
				do {
					if(_t121 < _t105) {
						__eflags = _t65 - _t121;
						if(_t65 > _t121) {
							goto L9;
						}
						_push("::");
						_push(_v16 - _t103);
						_push(_t103);
						_t70 = E01076B30();
						_t105 = _v8;
						_t122 = _t122 + 0xc;
						_t121 = _t105 - 1;
						goto L13;
					}
					L9:
					if(_t121 != 0 && _t121 != _t105) {
						_push(":");
						_push(_v16 - _t103);
						_push(_t103);
						_t73 = E01076B30();
						_t122 = _t122 + 0xc;
						_t103 = _t103 + _t73;
					}
					_t70 = E01076B30(_t103, _v16 - _t103, "%x",  *(_t120 + _t121 * 2) & 0x0000ffff);
					_t105 = _v8;
					_t122 = _t122 + 0x10;
					L13:
					_t116 = _v24;
					_t103 = _t103 + _t70;
					_t65 = _v12;
					_t121 = _t121 + 1;
				} while (_t121 < _t116);
				if(_t116 < 8) {
					_push( *(_t120 + 0xf) & 0x000000ff);
					_push( *(_t120 + 0xe) & 0x000000ff);
					_push( *(_t120 + 0xd) & 0x000000ff);
					_t103 = _t103 + E01076B30(_t103, _v16 - _t103, ":%u.%u.%u.%u",  *(_t120 + 0xc) & 0x000000ff);
				}
				return _t103;
			}

0x01027cc9
0x01027cce
0x01027cd1
0x01027cd3
0x01027cd6
0x01027cdd
0x01027ce3
0x01082bbb
0x01082bbf
0x00000000
0x00000000
0x01082bc5
0x01082bc9
0x00000000
0x00000000
0x01082bcf
0x01082bd3
0x00000000
0x00000000
0x01082bd9
0x01082be2
0x01082be5
0x01082be8
0x00000000
0x00000000
0x01082bee
0x01082bf2
0x01082bf5
0x01082c74
0x01082c7b
0x01082c7f
0x00000000
0x00000000
0x01082c85
0x01082c89
0x00000000
0x00000000
0x01082c4b
0x01082c4d
0x01082c52
0x01082c59
0x01082c65
0x01082c6d
0x00000000
0x01082c6d
0x01082bf7
0x01082bfb
0x01082bfe
0x01082c15
0x01082c1a
0x01082c20
0x01082c25
0x01082c2c
0x01082c34
0x01082c3d
0x00000000
0x01082c42
0x01082c05
0x01082c08
0x00000000
0x00000000
0x01082c0e
0x00000000
0x01082c0e
0x01027ce9
0x01027cee
0x01027cf0
0x01027cf2
0x01027cf5
0x01027cfc
0x01082c96
0x01082c9a
0x01082ca0
0x01082ca0
0x01082c9a
0x01027d02
0x01027d04
0x01027d06
0x01027d0a
0x01082cb6
0x01082cb8
0x01082cbb
0x01082cca
0x01082cbd
0x01082cbd
0x01082cbd
0x01082cc0
0x01082cc2
0x01082cc2
0x01027d10
0x01027d10
0x01027d10
0x01027d13
0x01027d13
0x01027d16
0x01027d17
0x01027d1e
0x01027d23
0x01027d29
0x01027d9f
0x01027d2b
0x01027d2b
0x01027d2d
0x01027d2f
0x01027d32
0x01027d32
0x01027d35
0x01027d37
0x01082cd2
0x01082cd4
0x00000000
0x00000000
0x01082cdd
0x01082ce4
0x01082ce5
0x01082ce6
0x01082ceb
0x01082cee
0x01082cf1
0x00000000
0x01082cf1
0x01027d3d
0x01027d3f
0x01027d48
0x01027d4f
0x01027d50
0x01027d51
0x01027d56
0x01027d59
0x01027d59
0x01027d73
0x01027d78
0x01027d7b
0x01027d7e
0x01027d7e
0x01027d81
0x01027d83
0x01027d86
0x01027d87
0x01027d8e
0x01082cfd
0x01082d02
0x01082d07
0x01082d21
0x01082d21
0x00000000

APIs

___swprintf_l.LIBCMT ref: 01027D51
___swprintf_l.LIBCMT ref: 01027D73
___swprintf_l.LIBCMT ref: 01082C3D

Strings

::%hs%u.%u.%u.%u, xrefs: 01082C36
ffff:, xrefs: 01082C0E, 01082C35
::ffff:0:%u.%u.%u.%u, xrefs: 01082C5E
:%u.%u.%u.%u, xrefs: 01082D10

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 9fa68d6bb4427d438fbb2dece3f268d6640befa41fb3e1b5db289dd4a8104e2b
Instruction ID: e8135e19a3751981c061af44ff450d68fe20796b66975eeb7a13782aef60c106
Opcode Fuzzy Hash: 9fa68d6bb4427d438fbb2dece3f268d6640befa41fb3e1b5db289dd4a8104e2b
Instruction Fuzzy Hash: 9861F8B6A0412AAFDB14EFADC88097EF7F8FB58200B10816AE8D5D7641D774DE50C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 010240FD Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 195
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 63%

			E010240FD(void* __ecx) {
				signed int _v8;
				char _v548;
				unsigned int _v552;
				unsigned int _v556;
				unsigned int _v560;
				char _v564;
				char _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t49;
				signed char _t53;
				unsigned int _t55;
				unsigned int _t56;
				unsigned int _t65;
				unsigned int _t66;
				void* _t68;
				unsigned int _t73;
				unsigned int _t77;
				unsigned int _t85;
				char* _t98;
				unsigned int _t102;
				signed int _t103;
				void* _t105;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t112;

				_t45 =  *0x111d360 ^ _t107;
				_v8 =  *0x111d360 ^ _t107;
				_t105 = __ecx;
				if( *0x11184d4 == 0) {
					L5:
					return E0106B640(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
				}
				_t85 = 0;
				E0103E9C0(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
				if(( *0x7ffe02d5 & 0x00000003) == 0) {
					_t45 = 0;
				} else {
					_t45 =  *(_v564 + 0x5f) & 0x00000001;
				}
				if(_t45 == 0) {
					_v552 = _t85;
					_t49 = E010242EB(_t105);
					__eflags = _t49;
					if(_t49 != 0) {
						L15:
						_t103 = 2;
						_v552 = _t103;
						L10:
						__eflags = ( *0x7ffe02d5 & 0x0000000c) - 4;
						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
							_t45 = 1;
						} else {
							_t53 = E010241EA(_v564);
							asm("sbb al, al");
							_t45 =  ~_t53 + 1;
							__eflags = _t45;
						}
						__eflags = _t45;
						if(_t45 == 0) {
							_t102 = _t103 | 0x00000040;
							_v552 = _t102;
						}
						__eflags = _t102;
						if(_t102 != 0) {
							L33:
							_push(4);
							_push( &_v552);
							_push(0x22);
							_push(0xffffffff);
							_t45 = E010696C0();
						}
						goto L4;
					}
					_v556 = _t85;
					_t102 =  &_v556;
					_t55 = E0102429E(_t105 + 0x2c, _t102);
					__eflags = _t55;
					if(_t55 >= 0) {
						__eflags = _v556 - _t85;
						if(_v556 == _t85) {
							goto L8;
						}
						_t85 = _t105 + 0x24;
						E010B5720(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v556);
						_v560 = 0x214;
						E0106FA60( &_v548, 0, 0x214);
						_t106 =  *0x11184d4;
						_t110 = _t108 + 0x20;
						 *0x111b1e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
						_t65 =  *((intOrPtr*)( *0x11184d4))();
						__eflags = _t65;
						if(_t65 == 0) {
							goto L8;
						}
						_t66 = _v560;
						__eflags = _t66;
						if(_t66 == 0) {
							goto L8;
						}
						__eflags = _t66 - 0x214;
						if(_t66 >= 0x214) {
							goto L8;
						}
						_t68 = (_t66 >> 1) * 2 - 2;
						__eflags = _t68 - 0x214;
						if(_t68 >= 0x214) {
							E0106B75A();
							goto L33;
						}
						_push(_t85);
						 *((short*)(_t107 + _t68 - 0x220)) = 0;
						E010B5720(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
						_t111 = _t110 + 0x14;
						_t73 = E01071480( &_v548, L"Execute=1");
						_push(_t85);
						__eflags = _t73;
						if(_t73 == 0) {
							E010B5720(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
							_t106 =  &_v548;
							_t98 =  &_v548;
							_t112 = _t111 + 0x14;
							_t77 = _v560 + _t98;
							_v556 = _t77;
							__eflags = _t98 - _t77;
							if(_t98 >= _t77) {
								goto L8;
							} else {
								goto L27;
							}
							do {
								L27:
								_t85 = E01071150(_t106, 0x20);
								__eflags = _t85;
								if(__eflags != 0) {
									__eflags = 0;
									 *_t85 = 0;
								}
								E010B5720(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
								_t112 = _t112 + 0x10;
								E010A3E13(_t105, _t106, __eflags);
								__eflags = _t85;
								if(_t85 == 0) {
									goto L8;
								}
								_t41 = _t85 + 2; // 0x2
								_t106 = _t41;
								__eflags = _t106 - _v556;
							} while (_t106 < _v556);
							goto L8;
						}
						_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
						_push(3);
						_push(0x55);
						E010B5720();
						goto L15;
					}
					L8:
					_t56 = E010241F7(_t105);
					__eflags = _t56;
					if(_t56 != 0) {
						goto L15;
					}
					_t103 = _v552;
					goto L10;
				} else {
					L4:
					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
					goto L5;
				}
			}

0x0102410d
0x0102410f
0x0102411c
0x0102411e
0x01024158
0x01024168
0x01024168
0x01024126
0x01024130
0x0102413c
0x010804a2
0x01024142
0x0102414b
0x0102414b
0x0102414f
0x0102416b
0x01024171
0x01024176
0x01024178
0x010241d0
0x010241d2
0x010241d3
0x010241a7
0x010241ae
0x010241b0
0x010241db
0x010241b2
0x010241b8
0x010241bf
0x010241c1
0x010241c1
0x010241c1
0x010241c3
0x010241c5
0x010241df
0x010241e2
0x010241e2
0x010241c7
0x010241c9
0x01080628
0x01080628
0x01080630
0x01080631
0x01080633
0x01080635
0x01080635
0x00000000
0x010241c9
0x0102417d
0x01024183
0x01024189
0x0102418e
0x01024190
0x010804a9
0x010804af
0x00000000
0x00000000
0x010804b5
0x010804c8
0x010804d5
0x010804e5
0x010804ea
0x010804f6
0x01080518
0x0108051e
0x01080520
0x01080522
0x00000000
0x00000000
0x01080528
0x0108052e
0x01080530
0x00000000
0x00000000
0x0108053b
0x0108053d
0x00000000
0x00000000
0x01080545
0x0108054c
0x0108054e
0x01080623
0x00000000
0x01080623
0x01080556
0x01080557
0x0108056f
0x01080574
0x01080583
0x0108058a
0x0108058b
0x0108058d
0x010805b5
0x010805c0
0x010805c6
0x010805c8
0x010805cb
0x010805cd
0x010805d3
0x010805d5
0x00000000
0x00000000
0x00000000
0x00000000
0x010805db
0x010805db
0x010805e3
0x010805e7
0x010805e9
0x010805eb
0x010805ed
0x010805ed
0x010805fa
0x010805ff
0x01080606
0x0108060b
0x0108060d
0x00000000
0x00000000
0x01080613
0x01080613
0x01080616
0x01080616
0x00000000
0x0108061e
0x0108058f
0x01080594
0x01080596
0x01080598
0x00000000
0x0108059d
0x01024196
0x01024198
0x0102419d
0x0102419f
0x00000000
0x00000000
0x010241a1
0x00000000
0x01024151
0x01024151
0x01024151
0x00000000
0x01024151

Strings

CLIENT(ntdll): Processing section info %ws..., xrefs: 010805F1
ExecuteOptions, xrefs: 0108050A
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 010804BF
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 010805AC
Execute=1, xrefs: 0108057D
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 0108058F
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01080566

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: d08d96193f8193ceda6082bb69c5f0f6f766de2f8a32cd37775bf0516e46e116
Instruction ID: 7690d4d910c4f466f223f6057758c794b35aee59cf61463000fcede53f91aa96
Opcode Fuzzy Hash: d08d96193f8193ceda6082bb69c5f0f6f766de2f8a32cd37775bf0516e46e116
Instruction Fuzzy Hash: B4613D71B40229BAEF21EE54EC95FED77A8BF28700F1401E9E685D71C1DB709E458B60

Uniqueness

Uniqueness Score: -1.00%

Function 010277A0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 99
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E010277A0(void* __ecx, void* __edx, intOrPtr _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t16;
				char _t17;
				char _t21;
				void* _t23;
				char _t28;
				intOrPtr* _t30;
				char _t32;
				intOrPtr _t34;
				void* _t37;
				intOrPtr _t39;
				char _t42;
				signed int _t49;
				signed int _t50;
				void* _t51;

				_t37 = __edx;
				_t50 = _t49 & 0xfffffff8;
				_push(__ecx);
				_t39 = _a4;
				_t30 = _t39 + 0x28;
				_t42 =  *_t30;
				if(_t42 < 0) {
					_t34 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t39 + 0x2c)) -  *((intOrPtr*)(_t34 + 0x24));
					if( *((intOrPtr*)(_t39 + 0x2c)) !=  *((intOrPtr*)(_t34 + 0x24))) {
						while(1) {
							L7:
							__eflags = _t42;
							if(_t42 >= 0) {
								goto L1;
							}
							__eflags = _a8;
							if(_a8 == 0) {
								L19:
								_t17 = 0;
								L3:
								return _t17;
							}
							_t18 =  *((intOrPtr*)(_t39 + 0x34));
							_t36 = _t39 + 0x1c;
							 *((intOrPtr*)(_t18 + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t39 + 0x34)) + 0x14)) + 1;
							asm("lock inc dword [ecx]");
							_t42 =  *_t30;
							__eflags = _t42;
							if(_t42 < 0) {
								L11:
								_t32 = 0;
								__eflags = 0;
								while(1) {
									asm("sbb esi, esi");
									_t47 =  !( ~( *(_t39 + 0x30) & 1)) & 0x011179c8;
									_push( !( ~( *(_t39 + 0x30) & 1)) & 0x011179c8);
									_push(0);
									_push( *((intOrPtr*)(_t39 + 0x18)));
									_t21 = E01069520();
									__eflags = _t21 - 0x102;
									if(_t21 != 0x102) {
										break;
									}
									_t23 = E0106CE00( *_t47,  *((intOrPtr*)(_t47 + 4)), 0xff676980, 0xffffffff);
									_push(_t37);
									_push(_t23);
									E010B5720(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t32);
									E010B5720(0x65, 0, "RTL: Resource at %p\n", _t39);
									_t51 = _t50 + 0x28;
									_t32 = _t32 + 1;
									__eflags = _t32 - 2;
									if(__eflags > 0) {
										_t36 = _t39;
										E010BFFB9(_t32, _t39, _t37, _t39, 0, __eflags);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E010B5720();
									_t50 = _t51 + 0xc;
								}
								_t30 = _t39 + 0x28;
								__eflags = _t21;
								if(_t21 < 0) {
									L0107DF30(_t36, _t37, _t21);
									goto L19;
								}
								_t42 =  *_t30;
								continue;
							}
							_t28 = E010647E7(_t36);
							__eflags = _t28;
							if(_t28 != 0) {
								continue;
							}
							goto L11;
						}
						goto L1;
					}
					asm("lock dec dword [ebx]");
					L2:
					_t17 = 1;
					goto L3;
				}
				L1:
				_t16 = _t42;
				asm("lock cmpxchg [ebx], ecx");
				if(_t16 != _t42) {
					_t42 = _t16;
					goto L7;
				}
				goto L2;
			}

0x010277a0
0x010277a5
0x010277a8
0x010277ac
0x010277af
0x010277b2
0x010277b6
0x010277d4
0x010277de
0x010277e1
0x010828f2
0x010828f2
0x010828f2
0x010828f4
0x00000000
0x00000000
0x010828fa
0x010828fe
0x010829ae
0x010829ae
0x010277cb
0x010277d1
0x010277d1
0x01082904
0x01082907
0x0108290a
0x0108290d
0x01082910
0x01082912
0x01082914
0x0108291f
0x0108291f
0x0108291f
0x01082921
0x0108292b
0x0108292f
0x01082935
0x01082936
0x01082938
0x0108293b
0x01082940
0x01082945
0x00000000
0x00000000
0x01082953
0x01082958
0x01082959
0x01082965
0x01082973
0x01082978
0x0108297b
0x0108297c
0x0108297f
0x01082981
0x01082983
0x01082983
0x01082988
0x0108298d
0x0108298e
0x01082990
0x01082995
0x01082995
0x0108299a
0x0108299d
0x0108299f
0x010829a9
0x00000000
0x010829a9
0x010829a1
0x00000000
0x010829a1
0x01082916
0x0108291b
0x0108291d
0x00000000
0x00000000
0x00000000
0x0108291d
0x00000000
0x010828f2
0x010277e7
0x010277c9
0x010277c9
0x00000000
0x010277c9
0x010277b8
0x010277bb
0x010277bd
0x010277c3
0x010828f0
0x00000000
0x010828f0
0x00000000

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01082953

Strings

RTL: Resource at %p, xrefs: 0108296B
RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 0108295B
RTL: Re-Waiting, xrefs: 01082988

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-605551621
Opcode ID: 30868c5d62e05f7b9fcabd317c52714ec8f9197b3780be6dbc9c2892665a3a6f
Instruction ID: b99d4d69e9e6ba09ffc9ccf7fcbce2336c27e511e5e5349bc252496c9817ff90
Opcode Fuzzy Hash: 30868c5d62e05f7b9fcabd317c52714ec8f9197b3780be6dbc9c2892665a3a6f
Instruction Fuzzy Hash: 94314031A45632BBDB226A15CC80F9B7BA5FF11760F100259EDD56B681DB22FC11C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 01061CC7 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 193
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E01061CC7(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t91;
				intOrPtr _t95;
				short _t96;
				intOrPtr _t104;
				intOrPtr _t111;
				short _t119;
				signed int _t131;
				intOrPtr _t134;
				intOrPtr _t138;
				intOrPtr* _t144;
				intOrPtr* _t147;
				intOrPtr* _t149;
				void* _t151;

				_t139 = __edx;
				_push(0x154);
				_push(0x1100348);
				E0107D0E8(__ebx, __edi, __esi);
				 *(_t151 - 0xf0) = __edx;
				_t147 = __ecx;
				 *((intOrPtr*)(_t151 - 0xfc)) = __ecx;
				 *((intOrPtr*)(_t151 - 0xf8)) =  *((intOrPtr*)(_t151 + 8));
				 *((intOrPtr*)(_t151 - 0xe8)) =  *((intOrPtr*)(_t151 + 0xc));
				 *((intOrPtr*)(_t151 - 0xf4)) =  *((intOrPtr*)(_t151 + 0x10));
				 *((intOrPtr*)(_t151 - 0xe4)) = 0;
				 *((intOrPtr*)(_t151 - 0xdc)) = 0;
				 *((intOrPtr*)(_t151 - 0xd8)) = 0;
				 *(_t151 - 0xe0) = 0;
				 *((intOrPtr*)(_t151 - 0x140)) = 0x40;
				E0106FA60(_t151 - 0x13c, 0, 0x3c);
				 *((intOrPtr*)(_t151 - 0x164)) = 0x24;
				 *((intOrPtr*)(_t151 - 0x160)) = 1;
				_t131 = 7;
				memset(_t151 - 0x15c, 0, _t131 << 2);
				_t144 =  *((intOrPtr*)(_t151 - 0xe8));
				_t91 = E01042430(1, _t147, 0,  *((intOrPtr*)(_t151 - 0xf8)), _t144,  *((intOrPtr*)(_t151 - 0xf4)), _t151 - 0xe0, 0, 0);
				_t148 = _t91;
				if(_t91 >= 0) {
					if( *0x1118460 != 0 && ( *(_t151 - 0xe0) & 0x00000001) == 0) {
						_t95 = E01042D50(7, 0, 2,  *((intOrPtr*)(_t151 - 0xfc)), _t151 - 0x140);
						_t148 = _t95;
						if(_t95 < 0) {
							goto L1;
						}
						if( *((intOrPtr*)(_t151 - 0x13c)) == 1) {
							if(( *(_t151 - 0x118) & 0x00000001) == 0) {
								if(( *(_t151 - 0x118) & 0x00000002) != 0) {
									 *(_t151 - 0x120) = 0xfffffffc;
								}
							} else {
								 *(_t151 - 0x120) =  *(_t151 - 0x120) & 0x00000000;
							}
							_t134 =  *((intOrPtr*)(_t151 - 0x114));
							_t96 =  *((intOrPtr*)(_t134 + 0x5c));
							 *((short*)(_t151 - 0xda)) = _t96;
							 *((short*)(_t151 - 0xdc)) = _t96;
							 *((intOrPtr*)(_t151 - 0xd8)) =  *((intOrPtr*)(_t134 + 0x60)) +  *((intOrPtr*)(_t151 - 0x110));
							 *((intOrPtr*)(_t151 - 0xe8)) = _t151 - 0xd0;
							 *((short*)(_t151 - 0xea)) = 0xaa;
							_t104 = E01034720(_t139,  *(_t151 - 0xf0) & 0x0000ffff, _t151 - 0xec, 2, 0);
							_t148 = _t104;
							if(_t104 < 0 || E01039660(_t151 - 0xdc, _t151 - 0xec, 1) == 0) {
								goto L1;
							} else {
								_t149 =  *0x1118460; // 0x7729ff90
								 *0x111b1e0( *(_t151 - 0x120),  *(_t151 - 0xf0), _t151 - 0xe4);
								_t148 =  *_t149();
								 *((intOrPtr*)(_t151 - 0xd4)) = _t148;
								if(_t148 < 0) {
									goto L1;
								}
								_t111 =  *((intOrPtr*)(_t151 - 0xe4));
								if(_t111 == 0xffffffff) {
									L25:
									 *((intOrPtr*)(_t151 - 4)) = 1;
									_t144 =  *0x1118468;
									if(_t144 != 0) {
										 *0x111b1e0(_t111);
										 *_t144();
									}
									 *((intOrPtr*)(_t151 - 4)) = 0xfffffffe;
									goto L1;
								}
								E0103F540(_t151 - 0x164, _t111);
								 *((intOrPtr*)(_t151 - 4)) = 0;
								if( *((intOrPtr*)(_t144 + 4)) != 0) {
									L01042400(_t144);
								}
								_t145 =  *((intOrPtr*)(_t151 - 0xfc));
								_t148 = E01042430(0,  *((intOrPtr*)(_t151 - 0xfc)), 0,  *((intOrPtr*)(_t151 - 0xf8)), _t144,  *((intOrPtr*)(_t151 - 0xf4)), _t151 - 0xe0, 0, 0);
								 *((intOrPtr*)(_t151 - 0xd4)) = _t148;
								if(_t148 < 0) {
									L24:
									 *((intOrPtr*)(_t151 - 4)) = 0xfffffffe;
									_t111 = E0109D704();
									goto L25;
								} else {
									_t148 = E01042D50(7, 0, 2, _t145, _t151 - 0x140);
									 *((intOrPtr*)(_t151 - 0xd4)) = _t148;
									if(_t148 < 0) {
										goto L24;
									}
									if( *((intOrPtr*)(_t151 - 0x13c)) == 1) {
										_t138 =  *((intOrPtr*)(_t151 - 0x114));
										_t119 =  *((intOrPtr*)(_t138 + 0x5c));
										 *((short*)(_t151 - 0xda)) = _t119;
										 *((short*)(_t151 - 0xdc)) = _t119;
										 *((intOrPtr*)(_t151 - 0xd8)) =  *((intOrPtr*)(_t138 + 0x60)) +  *((intOrPtr*)(_t151 - 0x110));
										if(E01039660(_t151 - 0xdc, _t151 - 0xec, 1) == 0) {
											goto L24;
										}
										_t148 = 0xc0150004;
										L23:
										 *((intOrPtr*)(_t151 - 0xd4)) = _t148;
										goto L24;
									}
									_t148 = 0xc0150005;
									goto L23;
								}
							}
						}
						_t148 = 0xc0150005;
					}
				}
				L1:
				return E0107D130(1, _t144, _t148);
			}

0x01061cc7
0x01061cc7
0x01061ccc
0x01061cd1
0x01061cd6
0x01061cdc
0x01061cde
0x01061ce7
0x01061cf0
0x01061cf9
0x01061d01
0x01061d09
0x01061d0f
0x01061d15
0x01061d1b
0x01061d2f
0x01061d37
0x01061d44
0x01061d4c
0x01061d55
0x01061d68
0x01061d78
0x01061d7d
0x01061d81
0x0109d4e3
0x0109d509
0x0109d50e
0x0109d512
0x00000000
0x00000000
0x0109d51e
0x0109d531
0x0109d543
0x0109d545
0x0109d545
0x0109d533
0x0109d533
0x0109d533
0x0109d54f
0x0109d555
0x0109d559
0x0109d560
0x0109d570
0x0109d57c
0x0109d587
0x0109d5a3
0x0109d5a8
0x0109d5ac
0x00000000
0x0109d5ce
0x0109d5e1
0x0109d5e9
0x0109d5f1
0x0109d5f3
0x0109d5fb
0x00000000
0x00000000
0x0109d601
0x0109d60a
0x0109d6e1
0x0109d6e1
0x0109d6e4
0x0109d6ec
0x0109d6f1
0x0109d6f7
0x0109d6f7
0x0109d730
0x00000000
0x0109d730
0x0109d618
0x0109d61f
0x0109d625
0x0109d628
0x0109d628
0x0109d644
0x0109d651
0x0109d653
0x0109d65b
0x0109d6d5
0x0109d6d5
0x0109d6dc
0x00000000
0x0109d65d
0x0109d670
0x0109d672
0x0109d67a
0x00000000
0x00000000
0x0109d682
0x0109d68b
0x0109d691
0x0109d695
0x0109d69c
0x0109d6ac
0x0109d6c8
0x00000000
0x00000000
0x0109d6ca
0x0109d6cf
0x0109d6cf
0x00000000
0x0109d6cf
0x0109d684
0x00000000
0x0109d684
0x0109d65b
0x0109d5ac
0x0109d520
0x0109d520
0x0109d4e3
0x01061d87
0x01061d8e

Strings

@, xrefs: 01061D1B
$, xrefs: 01061D37

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: $$@
API String ID: 0-1194432280
Opcode ID: 1b8ec9cb6e3dce1ebbf18993ffa58dd33b3f162715b74f282c35f447d75124f1
Instruction ID: a23088700cfc2446cb43dbed40934579b9e6c535db0d25d9a6d7c79990450161
Opcode Fuzzy Hash: 1b8ec9cb6e3dce1ebbf18993ffa58dd33b3f162715b74f282c35f447d75124f1
Instruction Fuzzy Hash: 0A813A71D402699BDB71DF94CC40BEEBAB8AF48704F0041EAAA5DB7280D7705E85DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 010BFDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E010BFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0106CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E010B5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E010B5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}

0x010bfdda
0x010bfde2
0x010bfde5
0x010bfdec
0x010bfdfa
0x010bfdff
0x010bfe0a
0x010bfe0f
0x010bfe17
0x010bfe1e
0x010bfe19
0x010bfe19
0x010bfe19
0x010bfe20
0x010bfe21
0x010bfe22
0x010bfe25
0x010bfe40

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010BFDFA

Strings

RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 010BFE2B
RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 010BFE01

Memory Dump Source

Source File: 00000001.00000002.262649793.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_SecuriteInfo.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
API String ID: 885266447-3903918235
Opcode ID: 754a5a1c1c8dd3fe90726f6fa87520f478b0a5653fa4169d1274ba39d2d7f614
Instruction ID: 02704cb3e6974a949aa3607262c7b87853cde2fda7754586b8d972a03e140798
Opcode Fuzzy Hash: 754a5a1c1c8dd3fe90726f6fa87520f478b0a5653fa4169d1274ba39d2d7f614
Instruction Fuzzy Hash: 2FF0F632240202BFE6211E45DC42FB3BF6AEB45B30F240354F6A85A1D1DA62F83087F4

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: FormBook

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Windows Analysis Report
SecuriteInfo.com.Win32.PWSX-gen.27251.20675.exe

Function 015FB8A2 Relevance: 6.1, APIs: 4, Instructions: 122
threadCOMMON

Function 015FB8B0 Relevance: 6.1, APIs: 4, Instructions: 120
threadCOMMON

Function 015F95B0 Relevance: 1.7, APIs: 1, Instructions: 192
COMMON

Function 015F5365 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 015F3E4C Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 015FBB9A Relevance: 1.6, APIs: 1, Instructions: 90
COMMON

Function 015F8938 Relevance: 1.6, APIs: 1, Instructions: 78
libraryCOMMON

Function 015FBAD2 Relevance: 1.6, APIs: 1, Instructions: 64
COMMON

Function 015FBAD8 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Function 015F8920 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Function 015F9A10 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Function 015F9790 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Function 01069860 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Function 01069660 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Function 010696E0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Function 0106967A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMONLIBRARYCODE

Function 010DB260 Relevance: 37.8, Strings: 30, Instructions: 262
COMMONLIBRARYCODE

Function 010E1C06 Relevance: 31.4, Strings: 25, Instructions: 195
COMMON

Function 0105C9BF Relevance: 14.2, Strings: 11, Instructions: 412
COMMON

Function 010E4AEF Relevance: 11.8, Strings: 9, Instructions: 529
COMMONCrypto

Function 010E31DC Relevance: 10.2, Strings: 8, Instructions: 190
COMMON

Function 010578A0 Relevance: 8.5, Strings: 6, Instructions: 989
COMMON

Function 0104A309 Relevance: 8.2, Strings: 6, Instructions: 687
COMMONCrypto

Function 010E2D82 Relevance: 7.7, Strings: 6, Instructions: 228
COMMONCrypto

Function 01033D34 Relevance: 6.7, Strings: 5, Instructions: 435
COMMON

Function 010240E1 Relevance: 6.3, Strings: 5, Instructions: 51
COMMON

Function 0105701D Relevance: 5.6, Strings: 4, Instructions: 569
COMMONCrypto

Function 0104A830 Relevance: 5.4, Strings: 4, Instructions: 350
COMMONCrypto

Function 0104D1EF Relevance: 5.2, Strings: 4, Instructions: 211
COMMON

Function 0104A229 Relevance: 5.2, Strings: 4, Instructions: 183
COMMON