Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Overview

General Information

Sample Name:	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Analysis ID:	756187
MD5:	2364501a86685f9a53d37d339549cee5
SHA1:	ebacf33c1e9f53048a8e808429671ed489dc285d
SHA256:	74a3379894a1b92cb381a128c7fe7c5f97e1a12df02588ec816d1a4fc5dc0a25
Tags:	exe
Infos:

Detection

FormBook

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected FormBook

Malicious sample detected (through community Yara rule)

Yara detected AntiVM3

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Machine Learning detection for sample

Tries to detect virtualization through RDTSC time measurements

C2 URLs / IPs found in malware configuration

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Antivirus or Machine Learning detection for unpacked file

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Found potential string decryption / allocating functions

Contains functionality to call native functions

Contains functionality for execution timing, often used to detect debuggers

Contains long sleeps (>= 3 min)

Enables debug privileges

Sample file is different than original file name gathered from version info

Contains functionality to read the PEB

Checks if the current process is being debugged

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe (PID: 2804 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe MD5: 2364501A86685F9A53D37D339549CEE5)

SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe (PID: 5964 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe MD5: 2364501A86685F9A53D37D339549CEE5)

SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe (PID: 5948 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe MD5: 2364501A86685F9A53D37D339549CEE5)

cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.imperiumtowns.xyz/b3es/"], "decoy": ["sweets.wtf", "apextama.com", "tygbs.com", "kumaoedu.com", "bestbathroomremodeling.club", "lnshykj.com", "nelsonanddima.com", "falunap.info", "codyhinrichs.com", "2797vip.com", "danutka.com", "3o2t307a.com", "kellymariewest.com", "profilelonn.online", "procan.website", "sopjimmy.com", "xn--skdarkae-55ac80i.net", "entitymanaged.com", "melitadahl.art", "joineguru.net", "good-meme.com", "creditconepts.com", "narafconstruction.com", "paspsichologa.com", "rancho365.com", "rimplefeel.com", "kingsub.online", "cnsrdns.com", "billythepainter.com", "clientevirtualpdf.net", "marycruzruiz.com", "renaultcikmaparca.xyz", "1600156.com", "paymallmart.info", "garafe.com", "fredrikk.net", "gogo-tunisia.space", "center-me.com", "xiaohuayhq.com", "xn--h49a60xt7azzcm91a.com", "unidiliobobo.info", "libertypolestore.com", "20111210.net", "atraofix.online", "furniron.com", "mingyun58.com", "shfesmua.com", "rdougdigital.life", "safsip.com", "melon.town", "sagihigaibengo.net", "ethnicsbyak.com", "designoffaitheventsllc.com", "dpmforensics.com", "ripple-us.net", "fuyouhin-happiness.com", "conceptweb.online", "l453.net", "zenars.com", "mepcoonlinebill.com", "oonn99.xyz", "dackus.energy", "articvas.com", "yayuanlin.com"]}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.258835814.00000000024C6000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000000.00000002.256915328.00000000023B1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x5251:$a1: 3C 30 50 4F 53 54 74 09 40 0x1bb90:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x99cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x148b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x8b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x959a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1a8f7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1b8fa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x17819:$sqlite3step: 68 34 1C 7B E1 0x1792c:$sqlite3step: 68 34 1C 7B E1 0x17848:$sqlite3text: 68 38 2A 90 C5 0x1796d:$sqlite3text: 68 38 2A 90 C5 0x1785b:$sqlite3blob: 68 53 D8 7F 8C 0x17983:$sqlite3blob: 68 53 D8 7F 8C
00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x116051:$a1: 3C 30 50 4F 53 54 74 09 40 0x144471:$a1: 3C 30 50 4F 53 54 74 09 40 0x171891:$a1: 3C 30 50 4F 53 54 74 09 40 0x12c990:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x15adb0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x1881d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x11a7cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x148bef:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x17600f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x1256b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83 0x153ad7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83 0x180ef7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x119708:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x119982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x147b28:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x147da2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x174f48:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x1751c2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x1254b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x1538d5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x180cf5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x124fa1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x1533c1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x1807e1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x1255b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1539d7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x180df7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x12572f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x153b4f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x180f6f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x11a39a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1487ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x175bda:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x128619:$sqlite3step: 68 34 1C 7B E1 0x12872c:$sqlite3step: 68 34 1C 7B E1 0x156a39:$sqlite3step: 68 34 1C 7B E1 0x156b4c:$sqlite3step: 68 34 1C 7B E1 0x183e59:$sqlite3step: 68 34 1C 7B E1 0x183f6c:$sqlite3step: 68 34 1C 7B E1 0x128648:$sqlite3text: 68 38 2A 90 C5 0x12876d:$sqlite3text: 68 38 2A 90 C5 0x156a68:$sqlite3text: 68 38 2A 90 C5 0x156b8d:$sqlite3text: 68 38 2A 90 C5 0x183e88:$sqlite3text: 68 38 2A 90 C5 0x183fad:$sqlite3text: 68 38 2A 90 C5 0x12865b:$sqlite3blob: 68 53 D8 7F 8C 0x128783:$sqlite3blob: 68 53 D8 7F 8C 0x156a7b:$sqlite3blob: 68 53 D8 7F 8C 0x156ba3:$sqlite3blob: 68 53 D8 7F 8C 0x183e9b:$sqlite3blob: 68 53 D8 7F 8C 0x183fc3:$sqlite3blob: 68 53 D8 7F 8C
Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe PID: 2804	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe PID: 2804	Windows_Trojan_Formbook_1112e116	unknown	unknown	0xcb496:$a1: 3C 30 50 4F 53 54 74 09 40
Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe PID: 5948	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x11a794:$a1: 3C 30 50 4F 53 54 74 09 40
Click to see the 8 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x5451:$a1: 3C 30 50 4F 53 54 74 09 40 0x1bd90:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x9bcf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x14ab7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x8d82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x148b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x143a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x149b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x14b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x979a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1361c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa493:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1aaf7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1bafa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x17a19:$sqlite3step: 68 34 1C 7B E1 0x17b2c:$sqlite3step: 68 34 1C 7B E1 0x17a48:$sqlite3text: 68 38 2A 90 C5 0x17b6d:$sqlite3text: 68 38 2A 90 C5 0x17a5b:$sqlite3blob: 68 53 D8 7F 8C 0x17b83:$sqlite3blob: 68 53 D8 7F 8C
0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x5e071:$a1: 3C 30 50 4F 53 54 74 09 40 0x8c491:$a1: 3C 30 50 4F 53 54 74 09 40 0xb98b1:$a1: 3C 30 50 4F 53 54 74 09 40 0x749b0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa2dd0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xd01f0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x627ef:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x90c0f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0xbe02f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x6d6d7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83 0x9baf7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83 0xc8f17:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x61728:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x619a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x8fb48:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x8fdc2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0xbcf68:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0xbd1e2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x6d4d5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x9b8f5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0xc8d15:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x6cfc1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x9b3e1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0xc8801:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x6d5d7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x9b9f7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0xc8e17:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x6d74f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x9bb6f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xc8f8f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x623ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x907da:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0xbdbfa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x70639:$sqlite3step: 68 34 1C 7B E1 0x7074c:$sqlite3step: 68 34 1C 7B E1 0x9ea59:$sqlite3step: 68 34 1C 7B E1 0x9eb6c:$sqlite3step: 68 34 1C 7B E1 0xcbe79:$sqlite3step: 68 34 1C 7B E1 0xcbf8c:$sqlite3step: 68 34 1C 7B E1 0x70668:$sqlite3text: 68 38 2A 90 C5 0x7078d:$sqlite3text: 68 38 2A 90 C5 0x9ea88:$sqlite3text: 68 38 2A 90 C5 0x9ebad:$sqlite3text: 68 38 2A 90 C5 0xcbea8:$sqlite3text: 68 38 2A 90 C5 0xcbfcd:$sqlite3text: 68 38 2A 90 C5 0x7067b:$sqlite3blob: 68 53 D8 7F 8C 0x707a3:$sqlite3blob: 68 53 D8 7F 8C 0x9ea9b:$sqlite3blob: 68 53 D8 7F 8C 0x9ebc3:$sqlite3blob: 68 53 D8 7F 8C 0xcbebb:$sqlite3blob: 68 53 D8 7F 8C 0xcbfe3:$sqlite3blob: 68 53 D8 7F 8C
0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.23f0738.1.raw.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.23f0738.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste	Detects executables potentially checking for WinJail sandbox window	ditekSHen	0xd0b2:$v1: SbieDll.dll 0xd0cc:$v2: USER 0xd0d8:$v3: SANDBOX 0xd0ea:$v4: VIRUS 0xd13a:$v4: VIRUS 0xd0f8:$v5: MALWARE 0xd10a:$v6: SCHMIDTI 0xd11e:$v7: CURRENTUSER
0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.23d2f68.0.raw.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.23d2f68.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste	Detects executables potentially checking for WinJail sandbox window	ditekSHen	0x2a882:$v1: SbieDll.dll 0x2a89c:$v2: USER 0x2a8a8:$v3: SANDBOX 0x2a8ba:$v4: VIRUS 0x2a90a:$v4: VIRUS 0x2a8c8:$v5: MALWARE 0x2a8da:$v6: SCHMIDTI 0x2a8ee:$v7: CURRENTUSER
0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0xed891:$a1: 3C 30 50 4F 53 54 74 09 40 0x11bcb1:$a1: 3C 30 50 4F 53 54 74 09 40 0x1490d1:$a1: 3C 30 50 4F 53 54 74 09 40 0x1041d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x1325f0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x15fa10:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xf200f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x12042f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x14d84f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0xfcef7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83 0x12b317:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83 0x158737:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0xf0f48:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0xf11c2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x11f368:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x11f5e2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x14c788:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x14ca02:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0xfccf5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x12b115:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x158535:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0xfc7e1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x12ac01:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x158021:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0xfcdf7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x12b217:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x158637:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0xfcf6f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x12b38f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x1587af:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xf1bda:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x11fffa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x14d41a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0xffe59:$sqlite3step: 68 34 1C 7B E1 0xfff6c:$sqlite3step: 68 34 1C 7B E1 0x12e279:$sqlite3step: 68 34 1C 7B E1 0x12e38c:$sqlite3step: 68 34 1C 7B E1 0x15b699:$sqlite3step: 68 34 1C 7B E1 0x15b7ac:$sqlite3step: 68 34 1C 7B E1 0xffe88:$sqlite3text: 68 38 2A 90 C5 0xfffad:$sqlite3text: 68 38 2A 90 C5 0x12e2a8:$sqlite3text: 68 38 2A 90 C5 0x12e3cd:$sqlite3text: 68 38 2A 90 C5 0x15b6c8:$sqlite3text: 68 38 2A 90 C5 0x15b7ed:$sqlite3text: 68 38 2A 90 C5 0xffe9b:$sqlite3blob: 68 53 D8 7F 8C 0xfffc3:$sqlite3blob: 68 53 D8 7F 8C 0x12e2bb:$sqlite3blob: 68 53 D8 7F 8C 0x12e3e3:$sqlite3blob: 68 53 D8 7F 8C 0x15b6db:$sqlite3blob: 68 53 D8 7F 8C 0x15b803:$sqlite3blob: 68 53 D8 7F 8C
Click to see the 11 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

ReversingLabs: Detection: 50%

Yara detected FormBook

Source: Yara match	File source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Machine Learning detection for sample

Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Joe Sandbox ML: detected

Source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack

Avira: Label: TR/Crypt.ZPACK.Gen

Source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: FormBook {"C2 list": ["www.imperiumtowns.xyz/b3es/"], "decoy": ["sweets.wtf", "apextama.com", "tygbs.com", "kumaoedu.com", "bestbathroomremodeling.club", "lnshykj.com", "nelsonanddima.com", "falunap.info", "codyhinrichs.com", "2797vip.com", "danutka.com", "3o2t307a.com", "kellymariewest.com", "profilelonn.online", "procan.website", "sopjimmy.com", "xn--skdarkae-55ac80i.net", "entitymanaged.com", "melitadahl.art", "joineguru.net", "good-meme.com", "creditconepts.com", "narafconstruction.com", "paspsichologa.com", "rancho365.com", "rimplefeel.com", "kingsub.online", "cnsrdns.com", "billythepainter.com", "clientevirtualpdf.net", "marycruzruiz.com", "renaultcikmaparca.xyz", "1600156.com", "paymallmart.info", "garafe.com", "fredrikk.net", "gogo-tunisia.space", "center-me.com", "xiaohuayhq.com", "xn--h49a60xt7azzcm91a.com", "unidiliobobo.info", "libertypolestore.com", "20111210.net", "atraofix.online", "furniron.com", "mingyun58.com", "shfesmua.com", "rdougdigital.life", "safsip.com", "melon.town", "sagihigaibengo.net", "ethnicsbyak.com", "designoffaitheventsllc.com", "dpmforensics.com", "ripple-us.net", "fuyouhin-happiness.com", "conceptweb.online", "l453.net", "zenars.com", "mepcoonlinebill.com", "oonn99.xyz", "dackus.energy", "articvas.com", "yayuanlin.com"]}

Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000003.256483159.0000000000E7B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000003.253297062.0000000000CD6000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000003.256483159.0000000000E7B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000003.253297062.0000000000CD6000.00000004.00000800.00020000.00000000.sdmp

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: www.imperiumtowns.xyz/b3es/

Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.237103546.00000000053AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://en.wikip
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241550871.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240670623.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comF
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241314930.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241336054.00000000053BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comFPx
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242284956.00000000053B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comFgx
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240742786.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240670623.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240603222.00000000053B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comOx
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241146831.00000000053B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.coma
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241550871.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241336054.00000000053BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comals
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241550871.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241314930.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241336054.00000000053BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comcoma
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241550871.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comdKx
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240742786.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comessedBx
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.254193387.00000000053B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comgrita
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240670623.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240603222.00000000053B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comlvfetPx
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.254193387.00000000053B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comm
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240742786.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240670623.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comoitu
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241550871.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240742786.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241336054.00000000053BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comyux
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.237766559.00000000053A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.c
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.237766559.00000000053A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.237783564.00000000053AE000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.237951551.00000000053AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/T
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.236833345.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/nt
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242944051.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242734447.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242880246.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.243359577.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.243191419.00000000053B7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.243076980.00000000053B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242734447.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242880246.00000000053B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239615103.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239980903.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239638756.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240051220.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239744541.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240088210.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239686574.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239850577.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239918940.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240133807.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239808719.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239830507.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239944814.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239899581.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239706031.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240110528.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240166526.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239615103.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239638756.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239744541.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239686574.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239850577.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239808719.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239830507.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239706031.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/(x
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/6x
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/Ox
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/Px
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/gx
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/Kx
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239615103.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239638756.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239686574.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/os
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/ux
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242595921.00000000053A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.monotype.
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.235284225.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.238183730.00000000053DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.23f0738.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables potentially checking for WinJail sandbox window Author: ditekSHen
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.23d2f68.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables potentially checking for WinJail sandbox window Author: ditekSHen
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe PID: 2804, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe PID: 5948, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.23f0738.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste author = ditekSHen, description = Detects executables potentially checking for WinJail sandbox window
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.23d2f68.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste author = ditekSHen, description = Detects executables potentially checking for WinJail sandbox window
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe PID: 2804, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe PID: 5948, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 0_2_00A7C164	0_2_00A7C164
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 0_2_00A7E5A2	0_2_00A7E5A2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 0_2_00A7E5B0	0_2_00A7E5B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103F900	2_2_0103F900
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01054120	2_2_01054120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010599BF	2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01036800	2_2_01036800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F1002	2_2_010F1002
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0110E824	2_2_0110E824
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A830	2_2_0105A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0104B090	2_2_0104B090
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010620A0	2_2_010620A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_011020A8	2_2_011020A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_011028EC	2_2_011028EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F231B	2_2_010F231B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01102B28	2_2_01102B28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010DCB4F	2_2_010DCB4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105AB40	2_2_0105AB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010DEB8A	2_2_010DEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106138B	2_2_0106138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105EB9A	2_2_0105EB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106EBB0	2_2_0106EBB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F03DA	2_2_010F03DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010FDBD2	2_2_010FDBD2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106ABD8	2_2_0106ABD8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01088BE8	2_2_01088BE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010E23E3	2_2_010E23E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010EFA2B	2_2_010EFA2B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B236	2_2_0105B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_011032A9	2_2_011032A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_011022AE	2_2_011022AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010FE2C5	2_2_010FE2C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4AEF	2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01102D07	2_2_01102D07
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01030D20	2_2_01030D20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01101D55	2_2_01101D55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01062581	2_2_01062581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F2D82	2_2_010F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010665A0	2_2_010665A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_011025DD	2_2_011025DD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0104D5E0	2_2_0104D5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0104841F	2_2_0104841F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010FD466	2_2_010FD466
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B477	2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4496	2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0110DFCE	2_2_0110DFCE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01101FF1	2_2_01101FF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F67E2	2_2_010F67E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01055600	2_2_01055600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010FD616	2_2_010FD616
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01056E30	2_2_01056E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010E1EB6	2_2_010E1EB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01102EF7	2_2_01102EF7

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: String function: 010C5720 appears 38 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: String function: 0103B150 appears 154 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: String function: 0108D08C appears 39 times

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079860 NtQuerySystemInformation,LdrInitializeThunk,	2_2_01079860
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079660 NtAllocateVirtualMemory,LdrInitializeThunk,	2_2_01079660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010796E0 NtFreeVirtualMemory,LdrInitializeThunk,	2_2_010796E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079910 NtAdjustPrivilegesToken,	2_2_01079910
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079950 NtQueueApcThread,	2_2_01079950
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010799A0 NtCreateSection,	2_2_010799A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010799D0 NtCreateProcessEx,	2_2_010799D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079820 NtEnumerateKey,	2_2_01079820
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079840 NtDelayExecution,	2_2_01079840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0107B040 NtSuspendThread,	2_2_0107B040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010798A0 NtWriteVirtualMemory,	2_2_010798A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010798F0 NtReadVirtualMemory,	2_2_010798F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079B00 NtSetValueKey,	2_2_01079B00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0107A3B0 NtGetContextThread,	2_2_0107A3B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079A00 NtProtectVirtualMemory,	2_2_01079A00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079A10 NtQuerySection,	2_2_01079A10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079A20 NtResumeThread,	2_2_01079A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079A50 NtCreateFile,	2_2_01079A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079A80 NtOpenDirectoryObject,	2_2_01079A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079520 NtWaitForSingleObject,	2_2_01079520
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0107AD30 NtSetContextThread,	2_2_0107AD30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079540 NtReadFile,	2_2_01079540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079560 NtWriteFile,	2_2_01079560
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010795D0 NtClose,	2_2_010795D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010795F0 NtQueryInformationFile,	2_2_010795F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0107A710 NtOpenProcessToken,	2_2_0107A710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079710 NtQueryInformationToken,	2_2_01079710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079730 NtQueryVirtualMemory,	2_2_01079730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079760 NtOpenProcess,	2_2_01079760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0107A770 NtOpenThread,	2_2_0107A770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079770 NtSetInformationFile,	2_2_01079770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079780 NtMapViewOfSection,	2_2_01079780
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010797A0 NtUnmapViewOfSection,	2_2_010797A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079FE0 NtCreateMutant,	2_2_01079FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079610 NtEnumerateValueKey,	2_2_01079610
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079650 NtQueryValueKey,	2_2_01079650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01079670 NtQueryInformationProcess,	2_2_01079670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010796D0 NtCreateKey,	2_2_010796D0

Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.256915328.00000000023B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePrecision.dll6 vs SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.256915328.00000000023B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameInspector.dllN vs SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.277100354.0000000006E70000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameCollins.dll8 vs SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCollins.dll8 vs SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000000.231950472.0000000000082000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamehlqt.exeB vs SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000003.258176308.0000000000F9A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000002.260500799.000000000112F000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000003.254473886.0000000000DEC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Binary or memory string: OriginalFilenamehlqt.exeB vs SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

ReversingLabs: Detection: 50%

Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.log

Jump to behavior

Source: classification engine

Classification label: mal88.troj.evad.winEXE@5/1@0/0

Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000000.231950472.0000000000082000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: insert into User_Transportation(UserID,TransportationID) values (@UserID,@TransID);
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000000.231950472.0000000000082000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: insert into TourPlace(Name,Location,TicketPrice) values (@name,@location,@ticket);
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000000.231950472.0000000000082000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: insert into User_TourPlace(UserID,TourPlaceID) values (@UserID,@TourplaceID);

Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Mutant created: \Sessions\1\BaseNamedObjects\hrCPkPTHlBkxv

Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.236688691.00000000053BB000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: a trademark of the Microsoft group of companies.slnt

Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	String found in binary or memory: AddUserButton'AddUserPhoneTextbox'AdduserEmailtextbox-Adduserpasswordtextbox
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	String found in binary or memory: Username:-AddusertextBoxUsernameCash

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000003.256483159.0000000000E7B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000003.253297062.0000000000CD6000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000003.256483159.0000000000E7B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000003.253297062.0000000000CD6000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Code function: 2_2_0108D0D1 push ecx; ret

2_2_0108D0E4

Source: initial sample

Static PE information: section name: .text entropy: 7.650390698554388

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.23f0738.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.23d2f68.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.258835814.00000000024C6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.256915328.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe PID: 2804, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.256915328.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.258835814.00000000024C6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.256915328.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.258835814.00000000024C6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	RDTSC instruction interceptor: First address: 0000000000409904 second address: 000000000040990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	RDTSC instruction interceptor: First address: 0000000000409B7E second address: 0000000000409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe TID: 6000	Thread sleep time: -38122s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe TID: 5984	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Code function: 2_2_01066B90 rdtsc

2_2_01066B90

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

API coverage: 0.6 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Thread delayed: delay time: 38122			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.258835814.00000000024C6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.258835814.00000000024C6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.258835814.00000000024C6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.258835814.00000000024C6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Code function: 2_2_01066B90 rdtsc

2_2_01066B90

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01039100 mov eax, dword ptr fs:[00000030h]	2_2_01039100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01039100 mov eax, dword ptr fs:[00000030h]	2_2_01039100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01039100 mov eax, dword ptr fs:[00000030h]	2_2_01039100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01054120 mov eax, dword ptr fs:[00000030h]	2_2_01054120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01054120 mov eax, dword ptr fs:[00000030h]	2_2_01054120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01054120 mov eax, dword ptr fs:[00000030h]	2_2_01054120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01054120 mov eax, dword ptr fs:[00000030h]	2_2_01054120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01054120 mov ecx, dword ptr fs:[00000030h]	2_2_01054120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01033138 mov ecx, dword ptr fs:[00000030h]	2_2_01033138
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106513A mov eax, dword ptr fs:[00000030h]	2_2_0106513A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106513A mov eax, dword ptr fs:[00000030h]	2_2_0106513A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B944 mov eax, dword ptr fs:[00000030h]	2_2_0105B944
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B944 mov eax, dword ptr fs:[00000030h]	2_2_0105B944
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103395E mov eax, dword ptr fs:[00000030h]	2_2_0103395E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103395E mov eax, dword ptr fs:[00000030h]	2_2_0103395E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F1951 mov eax, dword ptr fs:[00000030h]	2_2_010F1951
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103C962 mov eax, dword ptr fs:[00000030h]	2_2_0103C962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010FE962 mov eax, dword ptr fs:[00000030h]	2_2_010FE962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103B171 mov eax, dword ptr fs:[00000030h]	2_2_0103B171
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103B171 mov eax, dword ptr fs:[00000030h]	2_2_0103B171
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01108966 mov eax, dword ptr fs:[00000030h]	2_2_01108966
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106A185 mov eax, dword ptr fs:[00000030h]	2_2_0106A185
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010FA189 mov eax, dword ptr fs:[00000030h]	2_2_010FA189
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010FA189 mov ecx, dword ptr fs:[00000030h]	2_2_010FA189
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105C182 mov eax, dword ptr fs:[00000030h]	2_2_0105C182
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01062990 mov eax, dword ptr fs:[00000030h]	2_2_01062990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01064190 mov eax, dword ptr fs:[00000030h]	2_2_01064190
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103519E mov eax, dword ptr fs:[00000030h]	2_2_0103519E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103519E mov ecx, dword ptr fs:[00000030h]	2_2_0103519E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010661A0 mov eax, dword ptr fs:[00000030h]	2_2_010661A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010661A0 mov eax, dword ptr fs:[00000030h]	2_2_010661A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F49A4 mov eax, dword ptr fs:[00000030h]	2_2_010F49A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F49A4 mov eax, dword ptr fs:[00000030h]	2_2_010F49A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F49A4 mov eax, dword ptr fs:[00000030h]	2_2_010F49A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F49A4 mov eax, dword ptr fs:[00000030h]	2_2_010F49A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B69A6 mov eax, dword ptr fs:[00000030h]	2_2_010B69A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B51BE mov eax, dword ptr fs:[00000030h]	2_2_010B51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B51BE mov eax, dword ptr fs:[00000030h]	2_2_010B51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B51BE mov eax, dword ptr fs:[00000030h]	2_2_010B51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B51BE mov eax, dword ptr fs:[00000030h]	2_2_010B51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010599BF mov ecx, dword ptr fs:[00000030h]	2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010599BF mov ecx, dword ptr fs:[00000030h]	2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010599BF mov eax, dword ptr fs:[00000030h]	2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010599BF mov ecx, dword ptr fs:[00000030h]	2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010599BF mov ecx, dword ptr fs:[00000030h]	2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010599BF mov eax, dword ptr fs:[00000030h]	2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010599BF mov ecx, dword ptr fs:[00000030h]	2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010599BF mov ecx, dword ptr fs:[00000030h]	2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010599BF mov eax, dword ptr fs:[00000030h]	2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010599BF mov ecx, dword ptr fs:[00000030h]	2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010599BF mov ecx, dword ptr fs:[00000030h]	2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010599BF mov eax, dword ptr fs:[00000030h]	2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F19D8 mov eax, dword ptr fs:[00000030h]	2_2_010F19D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103B1E1 mov eax, dword ptr fs:[00000030h]	2_2_0103B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103B1E1 mov eax, dword ptr fs:[00000030h]	2_2_0103B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103B1E1 mov eax, dword ptr fs:[00000030h]	2_2_0103B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010331E0 mov eax, dword ptr fs:[00000030h]	2_2_010331E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010C41E8 mov eax, dword ptr fs:[00000030h]	2_2_010C41E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_011089E7 mov eax, dword ptr fs:[00000030h]	2_2_011089E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01036800 mov eax, dword ptr fs:[00000030h]	2_2_01036800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01036800 mov eax, dword ptr fs:[00000030h]	2_2_01036800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01036800 mov eax, dword ptr fs:[00000030h]	2_2_01036800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01104015 mov eax, dword ptr fs:[00000030h]	2_2_01104015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01104015 mov eax, dword ptr fs:[00000030h]	2_2_01104015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B7016 mov eax, dword ptr fs:[00000030h]	2_2_010B7016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B7016 mov eax, dword ptr fs:[00000030h]	2_2_010B7016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B7016 mov eax, dword ptr fs:[00000030h]	2_2_010B7016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01064020 mov edi, dword ptr fs:[00000030h]	2_2_01064020
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106002D mov eax, dword ptr fs:[00000030h]	2_2_0106002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106002D mov eax, dword ptr fs:[00000030h]	2_2_0106002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106002D mov eax, dword ptr fs:[00000030h]	2_2_0106002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106002D mov eax, dword ptr fs:[00000030h]	2_2_0106002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106002D mov eax, dword ptr fs:[00000030h]	2_2_0106002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0104B02A mov eax, dword ptr fs:[00000030h]	2_2_0104B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0104B02A mov eax, dword ptr fs:[00000030h]	2_2_0104B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0104B02A mov eax, dword ptr fs:[00000030h]	2_2_0104B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0104B02A mov eax, dword ptr fs:[00000030h]	2_2_0104B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A830 mov eax, dword ptr fs:[00000030h]	2_2_0105A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A830 mov eax, dword ptr fs:[00000030h]	2_2_0105A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A830 mov eax, dword ptr fs:[00000030h]	2_2_0105A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A830 mov eax, dword ptr fs:[00000030h]	2_2_0105A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F1843 mov eax, dword ptr fs:[00000030h]	2_2_010F1843
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01035050 mov eax, dword ptr fs:[00000030h]	2_2_01035050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01035050 mov eax, dword ptr fs:[00000030h]	2_2_01035050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01035050 mov eax, dword ptr fs:[00000030h]	2_2_01035050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01050050 mov eax, dword ptr fs:[00000030h]	2_2_01050050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01050050 mov eax, dword ptr fs:[00000030h]	2_2_01050050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01101074 mov eax, dword ptr fs:[00000030h]	2_2_01101074
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105F86D mov eax, dword ptr fs:[00000030h]	2_2_0105F86D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F2073 mov eax, dword ptr fs:[00000030h]	2_2_010F2073
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01039080 mov eax, dword ptr fs:[00000030h]	2_2_01039080
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01033880 mov eax, dword ptr fs:[00000030h]	2_2_01033880
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01033880 mov eax, dword ptr fs:[00000030h]	2_2_01033880
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B3884 mov eax, dword ptr fs:[00000030h]	2_2_010B3884
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B3884 mov eax, dword ptr fs:[00000030h]	2_2_010B3884
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010620A0 mov eax, dword ptr fs:[00000030h]	2_2_010620A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010620A0 mov eax, dword ptr fs:[00000030h]	2_2_010620A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010620A0 mov eax, dword ptr fs:[00000030h]	2_2_010620A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010620A0 mov eax, dword ptr fs:[00000030h]	2_2_010620A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010620A0 mov eax, dword ptr fs:[00000030h]	2_2_010620A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010620A0 mov eax, dword ptr fs:[00000030h]	2_2_010620A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010790AF mov eax, dword ptr fs:[00000030h]	2_2_010790AF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010428AE mov eax, dword ptr fs:[00000030h]	2_2_010428AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010428AE mov eax, dword ptr fs:[00000030h]	2_2_010428AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010428AE mov eax, dword ptr fs:[00000030h]	2_2_010428AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010428AE mov ecx, dword ptr fs:[00000030h]	2_2_010428AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010428AE mov eax, dword ptr fs:[00000030h]	2_2_010428AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010428AE mov eax, dword ptr fs:[00000030h]	2_2_010428AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106F0BF mov ecx, dword ptr fs:[00000030h]	2_2_0106F0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106F0BF mov eax, dword ptr fs:[00000030h]	2_2_0106F0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106F0BF mov eax, dword ptr fs:[00000030h]	2_2_0106F0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F18CA mov eax, dword ptr fs:[00000030h]	2_2_010F18CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010CB8D0 mov eax, dword ptr fs:[00000030h]	2_2_010CB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010CB8D0 mov ecx, dword ptr fs:[00000030h]	2_2_010CB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010CB8D0 mov eax, dword ptr fs:[00000030h]	2_2_010CB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010CB8D0 mov eax, dword ptr fs:[00000030h]	2_2_010CB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010CB8D0 mov eax, dword ptr fs:[00000030h]	2_2_010CB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010CB8D0 mov eax, dword ptr fs:[00000030h]	2_2_010CB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B8E4 mov eax, dword ptr fs:[00000030h]	2_2_0105B8E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B8E4 mov eax, dword ptr fs:[00000030h]	2_2_0105B8E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010340E1 mov eax, dword ptr fs:[00000030h]	2_2_010340E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010340E1 mov eax, dword ptr fs:[00000030h]	2_2_010340E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010340E1 mov eax, dword ptr fs:[00000030h]	2_2_010340E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010358EC mov eax, dword ptr fs:[00000030h]	2_2_010358EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010428FD mov eax, dword ptr fs:[00000030h]	2_2_010428FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010428FD mov eax, dword ptr fs:[00000030h]	2_2_010428FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010428FD mov eax, dword ptr fs:[00000030h]	2_2_010428FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h]	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h]	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h]	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h]	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h]	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h]	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h]	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h]	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h]	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h]	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h]	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h]	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h]	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h]	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h]	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h]	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h]	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h]	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h]	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h]	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h]	2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F131B mov eax, dword ptr fs:[00000030h]	2_2_010F131B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103DB40 mov eax, dword ptr fs:[00000030h]	2_2_0103DB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01108B58 mov eax, dword ptr fs:[00000030h]	2_2_01108B58
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103F358 mov eax, dword ptr fs:[00000030h]	2_2_0103F358
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01063B5A mov eax, dword ptr fs:[00000030h]	2_2_01063B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01063B5A mov eax, dword ptr fs:[00000030h]	2_2_01063B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01063B5A mov eax, dword ptr fs:[00000030h]	2_2_01063B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01063B5A mov eax, dword ptr fs:[00000030h]	2_2_01063B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103DB60 mov ecx, dword ptr fs:[00000030h]	2_2_0103DB60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0104F370 mov eax, dword ptr fs:[00000030h]	2_2_0104F370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0104F370 mov eax, dword ptr fs:[00000030h]	2_2_0104F370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0104F370 mov eax, dword ptr fs:[00000030h]	2_2_0104F370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01063B7A mov eax, dword ptr fs:[00000030h]	2_2_01063B7A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01063B7A mov eax, dword ptr fs:[00000030h]	2_2_01063B7A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F138A mov eax, dword ptr fs:[00000030h]	2_2_010F138A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010DEB8A mov ecx, dword ptr fs:[00000030h]	2_2_010DEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010DEB8A mov eax, dword ptr fs:[00000030h]	2_2_010DEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010DEB8A mov eax, dword ptr fs:[00000030h]	2_2_010DEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010DEB8A mov eax, dword ptr fs:[00000030h]	2_2_010DEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01041B8F mov eax, dword ptr fs:[00000030h]	2_2_01041B8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01041B8F mov eax, dword ptr fs:[00000030h]	2_2_01041B8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106138B mov eax, dword ptr fs:[00000030h]	2_2_0106138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106138B mov eax, dword ptr fs:[00000030h]	2_2_0106138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106138B mov eax, dword ptr fs:[00000030h]	2_2_0106138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010ED380 mov ecx, dword ptr fs:[00000030h]	2_2_010ED380
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01062397 mov eax, dword ptr fs:[00000030h]	2_2_01062397
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106B390 mov eax, dword ptr fs:[00000030h]	2_2_0106B390
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01034B94 mov edi, dword ptr fs:[00000030h]	2_2_01034B94
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105EB9A mov eax, dword ptr fs:[00000030h]	2_2_0105EB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105EB9A mov eax, dword ptr fs:[00000030h]	2_2_0105EB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01108BB6 mov eax, dword ptr fs:[00000030h]	2_2_01108BB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F1BA8 mov eax, dword ptr fs:[00000030h]	2_2_010F1BA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01064BAD mov eax, dword ptr fs:[00000030h]	2_2_01064BAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01064BAD mov eax, dword ptr fs:[00000030h]	2_2_01064BAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01064BAD mov eax, dword ptr fs:[00000030h]	2_2_01064BAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01109BBE mov eax, dword ptr fs:[00000030h]	2_2_01109BBE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01105BA5 mov eax, dword ptr fs:[00000030h]	2_2_01105BA5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B53CA mov eax, dword ptr fs:[00000030h]	2_2_010B53CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B53CA mov eax, dword ptr fs:[00000030h]	2_2_010B53CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010653C5 mov eax, dword ptr fs:[00000030h]	2_2_010653C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010603E2 mov eax, dword ptr fs:[00000030h]	2_2_010603E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010603E2 mov eax, dword ptr fs:[00000030h]	2_2_010603E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010603E2 mov eax, dword ptr fs:[00000030h]	2_2_010603E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010603E2 mov eax, dword ptr fs:[00000030h]	2_2_010603E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010603E2 mov eax, dword ptr fs:[00000030h]	2_2_010603E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010603E2 mov eax, dword ptr fs:[00000030h]	2_2_010603E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01031BE9 mov eax, dword ptr fs:[00000030h]	2_2_01031BE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105DBE9 mov eax, dword ptr fs:[00000030h]	2_2_0105DBE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010E23E3 mov ecx, dword ptr fs:[00000030h]	2_2_010E23E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010E23E3 mov ecx, dword ptr fs:[00000030h]	2_2_010E23E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010E23E3 mov eax, dword ptr fs:[00000030h]	2_2_010E23E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01048A0A mov eax, dword ptr fs:[00000030h]	2_2_01048A0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01035210 mov eax, dword ptr fs:[00000030h]	2_2_01035210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01035210 mov ecx, dword ptr fs:[00000030h]	2_2_01035210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01035210 mov eax, dword ptr fs:[00000030h]	2_2_01035210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01035210 mov eax, dword ptr fs:[00000030h]	2_2_01035210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103AA16 mov eax, dword ptr fs:[00000030h]	2_2_0103AA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103AA16 mov eax, dword ptr fs:[00000030h]	2_2_0103AA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01053A1C mov eax, dword ptr fs:[00000030h]	2_2_01053A1C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010FAA16 mov eax, dword ptr fs:[00000030h]	2_2_010FAA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010FAA16 mov eax, dword ptr fs:[00000030h]	2_2_010FAA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01034A20 mov eax, dword ptr fs:[00000030h]	2_2_01034A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01034A20 mov eax, dword ptr fs:[00000030h]	2_2_01034A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F1229 mov eax, dword ptr fs:[00000030h]	2_2_010F1229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01074A2C mov eax, dword ptr fs:[00000030h]	2_2_01074A2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01074A2C mov eax, dword ptr fs:[00000030h]	2_2_01074A2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A229 mov eax, dword ptr fs:[00000030h]	2_2_0105A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A229 mov eax, dword ptr fs:[00000030h]	2_2_0105A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A229 mov eax, dword ptr fs:[00000030h]	2_2_0105A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A229 mov eax, dword ptr fs:[00000030h]	2_2_0105A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A229 mov eax, dword ptr fs:[00000030h]	2_2_0105A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A229 mov eax, dword ptr fs:[00000030h]	2_2_0105A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A229 mov eax, dword ptr fs:[00000030h]	2_2_0105A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A229 mov eax, dword ptr fs:[00000030h]	2_2_0105A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105A229 mov eax, dword ptr fs:[00000030h]	2_2_0105A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B236 mov eax, dword ptr fs:[00000030h]	2_2_0105B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B236 mov eax, dword ptr fs:[00000030h]	2_2_0105B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B236 mov eax, dword ptr fs:[00000030h]	2_2_0105B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B236 mov eax, dword ptr fs:[00000030h]	2_2_0105B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B236 mov eax, dword ptr fs:[00000030h]	2_2_0105B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B236 mov eax, dword ptr fs:[00000030h]	2_2_0105B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01038239 mov eax, dword ptr fs:[00000030h]	2_2_01038239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01038239 mov eax, dword ptr fs:[00000030h]	2_2_01038239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01038239 mov eax, dword ptr fs:[00000030h]	2_2_01038239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01039240 mov eax, dword ptr fs:[00000030h]	2_2_01039240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01039240 mov eax, dword ptr fs:[00000030h]	2_2_01039240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01039240 mov eax, dword ptr fs:[00000030h]	2_2_01039240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01039240 mov eax, dword ptr fs:[00000030h]	2_2_01039240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F1A5F mov eax, dword ptr fs:[00000030h]	2_2_010F1A5F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010FEA55 mov eax, dword ptr fs:[00000030h]	2_2_010FEA55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010C4257 mov eax, dword ptr fs:[00000030h]	2_2_010C4257
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010EB260 mov eax, dword ptr fs:[00000030h]	2_2_010EB260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010EB260 mov eax, dword ptr fs:[00000030h]	2_2_010EB260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01075A69 mov eax, dword ptr fs:[00000030h]	2_2_01075A69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01075A69 mov eax, dword ptr fs:[00000030h]	2_2_01075A69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01075A69 mov eax, dword ptr fs:[00000030h]	2_2_01075A69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01108A62 mov eax, dword ptr fs:[00000030h]	2_2_01108A62
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0107927A mov eax, dword ptr fs:[00000030h]	2_2_0107927A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106D294 mov eax, dword ptr fs:[00000030h]	2_2_0106D294
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106D294 mov eax, dword ptr fs:[00000030h]	2_2_0106D294
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F129A mov eax, dword ptr fs:[00000030h]	2_2_010F129A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01031AA0 mov eax, dword ptr fs:[00000030h]	2_2_01031AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010352A5 mov eax, dword ptr fs:[00000030h]	2_2_010352A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010352A5 mov eax, dword ptr fs:[00000030h]	2_2_010352A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010352A5 mov eax, dword ptr fs:[00000030h]	2_2_010352A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010352A5 mov eax, dword ptr fs:[00000030h]	2_2_010352A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010352A5 mov eax, dword ptr fs:[00000030h]	2_2_010352A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01065AA0 mov eax, dword ptr fs:[00000030h]	2_2_01065AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01065AA0 mov eax, dword ptr fs:[00000030h]	2_2_01065AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0104AAB0 mov eax, dword ptr fs:[00000030h]	2_2_0104AAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0104AAB0 mov eax, dword ptr fs:[00000030h]	2_2_0104AAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106FAB0 mov eax, dword ptr fs:[00000030h]	2_2_0106FAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010612BD mov esi, dword ptr fs:[00000030h]	2_2_010612BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010612BD mov eax, dword ptr fs:[00000030h]	2_2_010612BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010612BD mov eax, dword ptr fs:[00000030h]	2_2_010612BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01035AC0 mov eax, dword ptr fs:[00000030h]	2_2_01035AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01035AC0 mov eax, dword ptr fs:[00000030h]	2_2_01035AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01035AC0 mov eax, dword ptr fs:[00000030h]	2_2_01035AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01033ACA mov eax, dword ptr fs:[00000030h]	2_2_01033ACA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01062ACB mov eax, dword ptr fs:[00000030h]	2_2_01062ACB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01108ADD mov eax, dword ptr fs:[00000030h]	2_2_01108ADD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010312D4 mov eax, dword ptr fs:[00000030h]	2_2_010312D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h]	2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h]	2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h]	2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h]	2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h]	2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h]	2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h]	2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h]	2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h]	2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h]	2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h]	2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h]	2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h]	2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h]	2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01062AE4 mov eax, dword ptr fs:[00000030h]	2_2_01062AE4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F3518 mov eax, dword ptr fs:[00000030h]	2_2_010F3518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F3518 mov eax, dword ptr fs:[00000030h]	2_2_010F3518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F3518 mov eax, dword ptr fs:[00000030h]	2_2_010F3518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106F527 mov eax, dword ptr fs:[00000030h]	2_2_0106F527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106F527 mov eax, dword ptr fs:[00000030h]	2_2_0106F527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106F527 mov eax, dword ptr fs:[00000030h]	2_2_0106F527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01108D34 mov eax, dword ptr fs:[00000030h]	2_2_01108D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h]	2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h]	2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h]	2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h]	2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h]	2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h]	2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h]	2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h]	2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h]	2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h]	2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h]	2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h]	2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h]	2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103AD30 mov eax, dword ptr fs:[00000030h]	2_2_0103AD30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010FE539 mov eax, dword ptr fs:[00000030h]	2_2_010FE539
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010BA537 mov eax, dword ptr fs:[00000030h]	2_2_010BA537
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01064D3B mov eax, dword ptr fs:[00000030h]	2_2_01064D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01064D3B mov eax, dword ptr fs:[00000030h]	2_2_01064D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01064D3B mov eax, dword ptr fs:[00000030h]	2_2_01064D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01073D43 mov eax, dword ptr fs:[00000030h]	2_2_01073D43
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B3540 mov eax, dword ptr fs:[00000030h]	2_2_010B3540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010E3D40 mov eax, dword ptr fs:[00000030h]	2_2_010E3D40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103354C mov eax, dword ptr fs:[00000030h]	2_2_0103354C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103354C mov eax, dword ptr fs:[00000030h]	2_2_0103354C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01057D50 mov eax, dword ptr fs:[00000030h]	2_2_01057D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01074D51 mov eax, dword ptr fs:[00000030h]	2_2_01074D51
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01074D51 mov eax, dword ptr fs:[00000030h]	2_2_01074D51
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105C577 mov eax, dword ptr fs:[00000030h]	2_2_0105C577
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105C577 mov eax, dword ptr fs:[00000030h]	2_2_0105C577
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01058D76 mov eax, dword ptr fs:[00000030h]	2_2_01058D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01058D76 mov eax, dword ptr fs:[00000030h]	2_2_01058D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01058D76 mov eax, dword ptr fs:[00000030h]	2_2_01058D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01058D76 mov eax, dword ptr fs:[00000030h]	2_2_01058D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01058D76 mov eax, dword ptr fs:[00000030h]	2_2_01058D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01062581 mov eax, dword ptr fs:[00000030h]	2_2_01062581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01062581 mov eax, dword ptr fs:[00000030h]	2_2_01062581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01062581 mov eax, dword ptr fs:[00000030h]	2_2_01062581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01062581 mov eax, dword ptr fs:[00000030h]	2_2_01062581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01032D8A mov eax, dword ptr fs:[00000030h]	2_2_01032D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01032D8A mov eax, dword ptr fs:[00000030h]	2_2_01032D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01032D8A mov eax, dword ptr fs:[00000030h]	2_2_01032D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01032D8A mov eax, dword ptr fs:[00000030h]	2_2_01032D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01032D8A mov eax, dword ptr fs:[00000030h]	2_2_01032D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F2D82 mov eax, dword ptr fs:[00000030h]	2_2_010F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F2D82 mov eax, dword ptr fs:[00000030h]	2_2_010F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F2D82 mov eax, dword ptr fs:[00000030h]	2_2_010F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F2D82 mov eax, dword ptr fs:[00000030h]	2_2_010F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F2D82 mov eax, dword ptr fs:[00000030h]	2_2_010F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F2D82 mov eax, dword ptr fs:[00000030h]	2_2_010F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F2D82 mov eax, dword ptr fs:[00000030h]	2_2_010F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010FB581 mov eax, dword ptr fs:[00000030h]	2_2_010FB581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010FB581 mov eax, dword ptr fs:[00000030h]	2_2_010FB581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010FB581 mov eax, dword ptr fs:[00000030h]	2_2_010FB581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010FB581 mov eax, dword ptr fs:[00000030h]	2_2_010FB581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01033591 mov eax, dword ptr fs:[00000030h]	2_2_01033591
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106FD9B mov eax, dword ptr fs:[00000030h]	2_2_0106FD9B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106FD9B mov eax, dword ptr fs:[00000030h]	2_2_0106FD9B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010665A0 mov eax, dword ptr fs:[00000030h]	2_2_010665A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010665A0 mov eax, dword ptr fs:[00000030h]	2_2_010665A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010665A0 mov eax, dword ptr fs:[00000030h]	2_2_010665A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010635A1 mov eax, dword ptr fs:[00000030h]	2_2_010635A1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01061DB5 mov eax, dword ptr fs:[00000030h]	2_2_01061DB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01061DB5 mov eax, dword ptr fs:[00000030h]	2_2_01061DB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01061DB5 mov eax, dword ptr fs:[00000030h]	2_2_01061DB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_011005AC mov eax, dword ptr fs:[00000030h]	2_2_011005AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_011005AC mov eax, dword ptr fs:[00000030h]	2_2_011005AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B6DC9 mov eax, dword ptr fs:[00000030h]	2_2_010B6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B6DC9 mov eax, dword ptr fs:[00000030h]	2_2_010B6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B6DC9 mov eax, dword ptr fs:[00000030h]	2_2_010B6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B6DC9 mov ecx, dword ptr fs:[00000030h]	2_2_010B6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B6DC9 mov eax, dword ptr fs:[00000030h]	2_2_010B6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B6DC9 mov eax, dword ptr fs:[00000030h]	2_2_010B6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010315C1 mov eax, dword ptr fs:[00000030h]	2_2_010315C1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010EFDD3 mov eax, dword ptr fs:[00000030h]	2_2_010EFDD3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0104D5E0 mov eax, dword ptr fs:[00000030h]	2_2_0104D5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0104D5E0 mov eax, dword ptr fs:[00000030h]	2_2_0104D5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010695EC mov eax, dword ptr fs:[00000030h]	2_2_010695EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010FFDE2 mov eax, dword ptr fs:[00000030h]	2_2_010FFDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010FFDE2 mov eax, dword ptr fs:[00000030h]	2_2_010FFDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010FFDE2 mov eax, dword ptr fs:[00000030h]	2_2_010FFDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010FFDE2 mov eax, dword ptr fs:[00000030h]	2_2_010FFDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010395F0 mov eax, dword ptr fs:[00000030h]	2_2_010395F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010395F0 mov ecx, dword ptr fs:[00000030h]	2_2_010395F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010E8DF1 mov eax, dword ptr fs:[00000030h]	2_2_010E8DF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B6C0A mov eax, dword ptr fs:[00000030h]	2_2_010B6C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B6C0A mov eax, dword ptr fs:[00000030h]	2_2_010B6C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B6C0A mov eax, dword ptr fs:[00000030h]	2_2_010B6C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B6C0A mov eax, dword ptr fs:[00000030h]	2_2_010B6C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01108C14 mov eax, dword ptr fs:[00000030h]	2_2_01108C14
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h]	2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h]	2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h]	2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h]	2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h]	2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h]	2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h]	2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h]	2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h]	2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h]	2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h]	2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h]	2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h]	2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h]	2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0110740D mov eax, dword ptr fs:[00000030h]	2_2_0110740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0110740D mov eax, dword ptr fs:[00000030h]	2_2_0110740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0110740D mov eax, dword ptr fs:[00000030h]	2_2_0110740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106BC2C mov eax, dword ptr fs:[00000030h]	2_2_0106BC2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0104B433 mov eax, dword ptr fs:[00000030h]	2_2_0104B433
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0104B433 mov eax, dword ptr fs:[00000030h]	2_2_0104B433
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0104B433 mov eax, dword ptr fs:[00000030h]	2_2_0104B433
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01063C3E mov eax, dword ptr fs:[00000030h]	2_2_01063C3E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01063C3E mov eax, dword ptr fs:[00000030h]	2_2_01063C3E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01063C3E mov eax, dword ptr fs:[00000030h]	2_2_01063C3E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01034439 mov eax, dword ptr fs:[00000030h]	2_2_01034439
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01108450 mov eax, dword ptr fs:[00000030h]	2_2_01108450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106A44B mov eax, dword ptr fs:[00000030h]	2_2_0106A44B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010CC450 mov eax, dword ptr fs:[00000030h]	2_2_010CC450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010CC450 mov eax, dword ptr fs:[00000030h]	2_2_010CC450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01108C75 mov eax, dword ptr fs:[00000030h]	2_2_01108C75
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105746D mov eax, dword ptr fs:[00000030h]	2_2_0105746D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h]	2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h]	2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h]	2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h]	2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h]	2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h]	2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h]	2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h]	2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h]	2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h]	2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h]	2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h]	2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01075C70 mov eax, dword ptr fs:[00000030h]	2_2_01075C70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h]	2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h]	2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h]	2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h]	2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h]	2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h]	2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h]	2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h]	2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h]	2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h]	2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h]	2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01031480 mov eax, dword ptr fs:[00000030h]	2_2_01031480
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103649B mov eax, dword ptr fs:[00000030h]	2_2_0103649B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103649B mov eax, dword ptr fs:[00000030h]	2_2_0103649B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h]	2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h]	2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h]	2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h]	2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h]	2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h]	2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h]	2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h]	2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h]	2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h]	2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h]	2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h]	2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h]	2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0104849B mov eax, dword ptr fs:[00000030h]	2_2_0104849B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01109CB3 mov eax, dword ptr fs:[00000030h]	2_2_01109CB3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01034CB0 mov eax, dword ptr fs:[00000030h]	2_2_01034CB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01108CD6 mov eax, dword ptr fs:[00000030h]	2_2_01108CD6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01032CDB mov eax, dword ptr fs:[00000030h]	2_2_01032CDB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F14FB mov eax, dword ptr fs:[00000030h]	2_2_010F14FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B6CF0 mov eax, dword ptr fs:[00000030h]	2_2_010B6CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B6CF0 mov eax, dword ptr fs:[00000030h]	2_2_010B6CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B6CF0 mov eax, dword ptr fs:[00000030h]	2_2_010B6CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106A70E mov eax, dword ptr fs:[00000030h]	2_2_0106A70E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106A70E mov eax, dword ptr fs:[00000030h]	2_2_0106A70E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105F716 mov eax, dword ptr fs:[00000030h]	2_2_0105F716
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01064710 mov eax, dword ptr fs:[00000030h]	2_2_01064710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010CFF10 mov eax, dword ptr fs:[00000030h]	2_2_010CFF10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010CFF10 mov eax, dword ptr fs:[00000030h]	2_2_010CFF10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0110070D mov eax, dword ptr fs:[00000030h]	2_2_0110070D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0110070D mov eax, dword ptr fs:[00000030h]	2_2_0110070D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01034F2E mov eax, dword ptr fs:[00000030h]	2_2_01034F2E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01034F2E mov eax, dword ptr fs:[00000030h]	2_2_01034F2E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01036730 mov eax, dword ptr fs:[00000030h]	2_2_01036730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01036730 mov eax, dword ptr fs:[00000030h]	2_2_01036730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01036730 mov eax, dword ptr fs:[00000030h]	2_2_01036730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01063F33 mov eax, dword ptr fs:[00000030h]	2_2_01063F33
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106E730 mov eax, dword ptr fs:[00000030h]	2_2_0106E730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B73D mov eax, dword ptr fs:[00000030h]	2_2_0105B73D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105B73D mov eax, dword ptr fs:[00000030h]	2_2_0105B73D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0104EF40 mov eax, dword ptr fs:[00000030h]	2_2_0104EF40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0103A745 mov eax, dword ptr fs:[00000030h]	2_2_0103A745
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0106DF4C mov eax, dword ptr fs:[00000030h]	2_2_0106DF4C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010F1751 mov eax, dword ptr fs:[00000030h]	2_2_010F1751
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0104FF60 mov eax, dword ptr fs:[00000030h]	2_2_0104FF60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105E760 mov eax, dword ptr fs:[00000030h]	2_2_0105E760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_0105E760 mov eax, dword ptr fs:[00000030h]	2_2_0105E760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01108F6A mov eax, dword ptr fs:[00000030h]	2_2_01108F6A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01048794 mov eax, dword ptr fs:[00000030h]	2_2_01048794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B7794 mov eax, dword ptr fs:[00000030h]	2_2_010B7794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B7794 mov eax, dword ptr fs:[00000030h]	2_2_010B7794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_010B7794 mov eax, dword ptr fs:[00000030h]	2_2_010B7794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01032FB0 mov eax, dword ptr fs:[00000030h]	2_2_01032FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01032FB0 mov eax, dword ptr fs:[00000030h]	2_2_01032FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01032FB0 mov eax, dword ptr fs:[00000030h]	2_2_01032FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01032FB0 mov ecx, dword ptr fs:[00000030h]	2_2_01032FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01032FB0 mov eax, dword ptr fs:[00000030h]	2_2_01032FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01032FB0 mov eax, dword ptr fs:[00000030h]	2_2_01032FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01032FB0 mov eax, dword ptr fs:[00000030h]	2_2_01032FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01032FB0 mov eax, dword ptr fs:[00000030h]	2_2_01032FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01032FB0 mov eax, dword ptr fs:[00000030h]	2_2_01032FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Code function: 2_2_01032FB0 mov eax, dword ptr fs:[00000030h]	2_2_01032FB0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Code function: 2_2_01079860 NtQuerySystemInformation,LdrInitializeThunk,

2_2_01079860

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	2 Command and Scripting Interpreter	Path Interception	11 Process Injection	1 Masquerading	OS Credential Dumping	221 Security Software Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	11 Process Injection	NTDS	112 System Information Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	3 Obfuscated Files or Information	Cached Domain Credentials	System Owner/User Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	3 Software Packing	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	50%	ReversingLabs	ByteCode-MSIL.Trojan.Taskun
SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen		Download File

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://www.fontbureau.comgrita	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.galapagosdesign.com/	0%	URL Reputation	safe
http://www.fontbureau.comF	0%	URL Reputation	safe
http://www.fontbureau.comcoma	0%	URL Reputation	safe
http://www.founder.com.c	0%	URL Reputation	safe
http://www.fontbureau.comlvfetPx	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/jp/	0%	URL Reputation	safe
http://www.fontbureau.comyux	0%	Avira URL Cloud	safe
http://www.fontbureau.coma	0%	URL Reputation	safe
http://www.fontbureau.comessedBx	0%	Avira URL Cloud	safe
http://en.wikip	0%	URL Reputation	safe
http://www.fontbureau.comFPx	0%	Avira URL Cloud	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://www.fontbureau.comoitu	0%	URL Reputation	safe
http://www.monotype.	0%	URL Reputation	safe
http://www.fontbureau.comm	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.fontbureau.comals	0%	URL Reputation	safe
http://www.fontbureau.comOx	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/jp/Kx	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/nt	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/(x	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/6x	0%	Avira URL Cloud	safe
http://www.fontbureau.comdKx	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/Ox	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/gx	0%	Avira URL Cloud	safe
www.imperiumtowns.xyz/b3es/	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/ux	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/T	0%	Avira URL Cloud	safe
http://www.fontbureau.comFgx	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/Px	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/os	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
www.imperiumtowns.xyz/b3es/	true	Avira URL Cloud: safe	low

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.jiyu-kobo.co.jp/jp/Kx	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designersG	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.comlvfetPx	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240670623.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240603222.00000000053B4000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/?	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/bThe	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/Ox	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers?	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.comyux	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241550871.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240742786.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241336054.00000000053BA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.tiro.com	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.238183730.00000000053DE000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.goodfont.co.kr	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/ux	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sajatypeworks.com	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.235284225.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netD	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242734447.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242880246.00000000053B8000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://fontfabrik.com	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comgrita	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.254193387.00000000053B6000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/gx	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comessedBx	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240742786.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/DPlease	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fonts.com	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sakkal.com	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comdKx	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241550871.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comFPx	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241314930.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241336054.00000000053BA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/6x	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241550871.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.galapagosdesign.com/	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242944051.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242734447.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242880246.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.243359577.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.243191419.00000000053B7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.243076980.00000000053B7000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comF	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240670623.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comcoma	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241550871.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241314930.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241336054.00000000053BA000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/(x	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239615103.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239638756.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239744541.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239686574.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239850577.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239808719.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239830507.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239706031.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.founder.com.c	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.237766559.00000000053A2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/nt	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.236833345.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comOx	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240742786.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240670623.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240603222.00000000053B4000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/jp/	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.coma	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241146831.00000000053B6000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/T	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.237783564.00000000053AE000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.237951551.00000000053AE000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://en.wikip	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.237103546.00000000053AB000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/os	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239615103.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239638756.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239686574.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.coml	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.jiyu-kobo.co.jp/Px	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.founder.com.cn/cn	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.237766559.00000000053A2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-jones.html	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.comFgx	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242284956.00000000053B6000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comoitu	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240742786.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240670623.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.monotype.	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242595921.00000000053A5000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comm	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.254193387.00000000053B6000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239615103.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239980903.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239638756.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240051220.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239744541.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240088210.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239686574.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239850577.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239918940.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240133807.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239808719.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239830507.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239944814.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239899581.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239706031.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240110528.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240166526.00000000053BB000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.comals	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241550871.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241336054.00000000053BA000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	756187
Start date and time:	2022-11-29 19:32:18 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 44s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal88.troj.evad.winEXE@5/1@0/0
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 100% (good quality ratio 90%) Quality average: 74.6% Quality standard deviation: 31.2%
HCA Information:	Successful, ratio: 99% Number of executed functions: 25 Number of non-executed functions: 237
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com
Report size getting too big, too many NtAllocateVirtualMemory calls found.
VT rate limit hit for: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Simulations

Behavior and APIs

Time	Type	Description
19:33:18	API Interceptor	1x Sleep call for process: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.log

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.355304211458859
Encrypted:	false
SSDEEP:	24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
MD5:	FED34146BF2F2FA59DCF8702FCC8232E
SHA1:	B03BFEA175989D989850CF06FE5E7BBF56EAA00A
SHA-256:	123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
SHA-512:	1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.643627342935855
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
File size:	926208
MD5:	2364501a86685f9a53d37d339549cee5
SHA1:	ebacf33c1e9f53048a8e808429671ed489dc285d
SHA256:	74a3379894a1b92cb381a128c7fe7c5f97e1a12df02588ec816d1a4fc5dc0a25
SHA512:	1210b67603986cfa62d6ac7df1ac3da1aeb03d80716f605465967e8895ec9fd39106918b5de5f865b7ce937cc2f111849b88450b517201cc6ea4b2af269e819d
SSDEEP:	12288:8SYqU+RPN8z0WC9ZG5MyVh+rpDhl6loeY7XccEKjxN4qwkqpUKPPDdzoa1cfN:/JKzOZl56lE7McE6xN44ZKPPDdEPf
TLSH:	FA15D0803366AF75F5686BF37521814827B63C6E95F1C2285ECDB0DE2A72B5049F0B27
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...f..c..............0..............9... ...@....@.. ....................................@................................

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General

Entrypoint:	0x4e39c2
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6385D466 [Tue Nov 29 09:44:06 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xe3970	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xe4000	0x388	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xe6000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xe19c8	0xe1a00	False	0.8235933171745152	data	7.650390698554388	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xe4000	0x388	0x400	False	0.3701171875	data	2.8531167057982127	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xe6000	0xc	0x200	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_VERSION	0xe4058	0x32c	data

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exePID: 2804, Parent PID: 3320

General

Target ID:	0
Start time:	19:33:11
Start date:	29/11/2022
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Imagebase:	0x80000
File size:	926208 bytes
MD5 hash:	2364501A86685F9A53D37D339549CEE5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.258835814.00000000024C6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.256915328.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exePID: 5964, Parent PID: 2804

General

Target ID:	1
Start time:	19:33:20
Start date:	29/11/2022
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Imagebase:	0x2b0000
File size:	926208 bytes
MD5 hash:	2364501A86685F9A53D37D339549CEE5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exePID: 5948, Parent PID: 2804

General

Target ID:	2
Start time:	19:33:20
Start date:	29/11/2022
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Imagebase:	0x490000
File size:	926208 bytes
MD5 hash:	2364501A86685F9A53D37D339549CEE5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exePID: 2804, Parent PID: 3320COMMON

Execution Graph

Execution Coverage:	11%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	110
Total number of Limit Nodes:	9

Executed Functions

Function 00A7B6C1 Relevance: 6.1, APIs: 4, Instructions: 124
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00A7B730
GetCurrentThread.KERNEL32 ref: 00A7B76D
GetCurrentProcess.KERNEL32 ref: 00A7B7AA
GetCurrentThreadId.KERNEL32 ref: 00A7B803

Memory Dump Source

Source File: 00000000.00000002.256560512.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a70000_SecuriteInfo.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: b7c5facc6237ae723448638cb13c19e8097e89f86a0d08bbf68d9c5ec5ce3dc4
Instruction ID: 47a131fbef22f6c830c63bbae10bcfd35f58073cb37b9b7c0ac0706d4c02aa7a
Opcode Fuzzy Hash: b7c5facc6237ae723448638cb13c19e8097e89f86a0d08bbf68d9c5ec5ce3dc4
Instruction Fuzzy Hash: 665155B0A153488FEB14CFA9C988BDEBBF1EF49314F20C069E019A7250D774A945CF66

Uniqueness

Uniqueness Score: -1.00%

Function 00A7B6D0 Relevance: 6.1, APIs: 4, Instructions: 120
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00A7B730
GetCurrentThread.KERNEL32 ref: 00A7B76D
GetCurrentProcess.KERNEL32 ref: 00A7B7AA
GetCurrentThreadId.KERNEL32 ref: 00A7B803

Memory Dump Source

Source File: 00000000.00000002.256560512.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a70000_SecuriteInfo.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 49756302f412b2b87a14f7e550b84ba1522f697cfb3c98f0d2a359ba863ca82a
Instruction ID: 477da6b6266b8e29b7e090e184ad642c57d9caf2be991383fd62bd18a7dddd7a
Opcode Fuzzy Hash: 49756302f412b2b87a14f7e550b84ba1522f697cfb3c98f0d2a359ba863ca82a
Instruction Fuzzy Hash: 4C5155B09153488FEB14CFA9C988BDEBBF1EB89314F20C469E019A7350D774A945CF66

Uniqueness

Uniqueness Score: -1.00%

Function 00A7FD2C Relevance: 1.6, APIs: 1, Instructions: 115
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00A7FE4A

Memory Dump Source

Source File: 00000000.00000002.256560512.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a70000_SecuriteInfo.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 84c360d12d94d8fc9681bfbe157d77db7a1e2c7202b30804bac14fefa5a58691
Instruction ID: 1596f4361289a171f1117c8dc2ae4791923d2b9e33e672e02fea710f72b09ef2
Opcode Fuzzy Hash: 84c360d12d94d8fc9681bfbe157d77db7a1e2c7202b30804bac14fefa5a58691
Instruction Fuzzy Hash: 9751CDB1D103499FDF14CFA9C884ADEFBB1BF88314F24812AE419AB211D7749986CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00A7FD38 Relevance: 1.6, APIs: 1, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00A7FE4A

Memory Dump Source

Source File: 00000000.00000002.256560512.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a70000_SecuriteInfo.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: dbb1a88f658a3408c95cab93c4bd4601df2765668a0f950f55cbf6d982842e25
Instruction ID: 584b3d93d6b09bd638d308b840dd098abc843b00da0dc8f9fa4290960c5e52a3
Opcode Fuzzy Hash: dbb1a88f658a3408c95cab93c4bd4601df2765668a0f950f55cbf6d982842e25
Instruction Fuzzy Hash: D241BEB1D103099FDB14CF99C884ADEFBB5FF88314F24812AE819AB251D7749985CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00A75364 Relevance: 1.6, APIs: 1, Instructions: 98
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00A75421

Memory Dump Source

Source File: 00000000.00000002.256560512.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a70000_SecuriteInfo.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: e29bff05e40c5fec21e943bf1e0b1db80bad629afab3aa204681c59095e5be80
Instruction ID: dc3f76e821ee4625fe0965c637e099b2a14cd2673ff427922cef751092692a8c
Opcode Fuzzy Hash: e29bff05e40c5fec21e943bf1e0b1db80bad629afab3aa204681c59095e5be80
Instruction Fuzzy Hash: D241E671D04619CFEB24CFA5C844BCEBBB1BF89305F24C169D408AB251DB756986CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00A73DE4 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00A75421

Memory Dump Source

Source File: 00000000.00000002.256560512.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a70000_SecuriteInfo.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: f5c6a65c451d97199983c056770a003926928deada1e823e546cde754f56c6e9
Instruction ID: 7136d16b3d410c4bdc34ffea71c351f121963b022a3bd82afce7f5087477ee71
Opcode Fuzzy Hash: f5c6a65c451d97199983c056770a003926928deada1e823e546cde754f56c6e9
Instruction Fuzzy Hash: 7841E571D04618CFEB24CFA9C844B9EBBB5BF89305F20C069D409AB251DBB56D86CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00A77DCA Relevance: 1.6, APIs: 1, Instructions: 83
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemMetrics.USER32(0000004B), ref: 00A77E3D

Memory Dump Source

Source File: 00000000.00000002.256560512.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a70000_SecuriteInfo.jbxd

Similarity

API ID: MetricsSystem
String ID:
API String ID: 4116985748-0
Opcode ID: d11d6836b70a84b75009bfe9328c93230386e635cd15e46e2cd12fecec8ceca7
Instruction ID: 019bba960a1593833a2c7d5fa1d15eee028a07da61e8bb252bf39d7efa4226e5
Opcode Fuzzy Hash: d11d6836b70a84b75009bfe9328c93230386e635cd15e46e2cd12fecec8ceca7
Instruction Fuzzy Hash: 2331D571904384CFEB12DF65E8443EA7FF8EB06314F448869D548A7282D7799985CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A79B30 Relevance: 1.6, APIs: 1, Instructions: 77
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00A79991,00000800,00000000,00000000), ref: 00A79BA2

Memory Dump Source

Source File: 00000000.00000002.256560512.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a70000_SecuriteInfo.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 8b4a5a9d9d4cb0b1f200164af08802af2244a4a2d9fb5b6c2efaa8d62b24593d
Instruction ID: 2aad445aa303ff61989e35c9dcc43c5db1c3d4d4badf74dc95a155efa8910569
Opcode Fuzzy Hash: 8b4a5a9d9d4cb0b1f200164af08802af2244a4a2d9fb5b6c2efaa8d62b24593d
Instruction Fuzzy Hash: C03144B6D053488FCB11CF99D844ADEFBB4EB89320F04C52AD519A7640C774A94ACFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A79842 Relevance: 1.6, APIs: 1, Instructions: 70
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00A79916

Memory Dump Source

Source File: 00000000.00000002.256560512.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a70000_SecuriteInfo.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: bed1e39dd048fdb0ed7433bf57cf591120e27ff7a732ee1825e78074289f4e6a
Instruction ID: af0233c454c2bb3f6b412f1369bcec97d0a323373bf34225983967df0e54838a
Opcode Fuzzy Hash: bed1e39dd048fdb0ed7433bf57cf591120e27ff7a732ee1825e78074289f4e6a
Instruction Fuzzy Hash: 67217CB18053958FEB11CF6AC8847DBFFB4EF46310F04C09AC459AB252C3349946CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00A7B8F2 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A7B97F

Memory Dump Source

Source File: 00000000.00000002.256560512.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a70000_SecuriteInfo.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 794bf3cfefe6ad1f106aefae0193a5a62f7b5f5b79a8130ef3316752ac45b758
Instruction ID: aaf8e15e63388219fcbb9ad190f5d304fcdae759e055d38c6fd26f0f53464a10
Opcode Fuzzy Hash: 794bf3cfefe6ad1f106aefae0193a5a62f7b5f5b79a8130ef3316752ac45b758
Instruction Fuzzy Hash: E421E4B59012599FDB10CF99D884BDEFBF4EB48320F14842AE918A7350D378A955CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A7B8F8 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A7B97F

Memory Dump Source

Source File: 00000000.00000002.256560512.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a70000_SecuriteInfo.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 2c1f1ed1ede3e4b14db5524a93be92db5b95afcd81f1f45cdffa306b027872c9
Instruction ID: 6c74dc98b8fe3af422b4bed2771c2945e26a214be5d222bd79f609dab4a7fb13
Opcode Fuzzy Hash: 2c1f1ed1ede3e4b14db5524a93be92db5b95afcd81f1f45cdffa306b027872c9
Instruction Fuzzy Hash: 0A21E2B5900208AFDB10CFA9D884BDEFBF8EB48320F14841AE918A3310D374A954CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A794B8 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00A79991,00000800,00000000,00000000), ref: 00A79BA2

Memory Dump Source

Source File: 00000000.00000002.256560512.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a70000_SecuriteInfo.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 4e7364884e4d33a0346c02015d842736837fdcfe43fc5218d0dd7347adb9f032
Instruction ID: 6748c2c76bfec58682de3d72645c5bbc899b5398b0aa39207883ab930d1fd118
Opcode Fuzzy Hash: 4e7364884e4d33a0346c02015d842736837fdcfe43fc5218d0dd7347adb9f032
Instruction Fuzzy Hash: F811C2B69042499FDB10CF9AD844BDEFBF8EB88324F14842AE519A7200C775A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A798B0 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00A79916

Memory Dump Source

Source File: 00000000.00000002.256560512.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a70000_SecuriteInfo.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: acf0c02dad7ab05f0fea5ebab0c0c1069909031608c00491b51aecc1036bc8b2
Instruction ID: 5a29808f27ad73f9bb01ff8248627347c6420ba4b3ecf85eb7e83293d171ef45
Opcode Fuzzy Hash: acf0c02dad7ab05f0fea5ebab0c0c1069909031608c00491b51aecc1036bc8b2
Instruction Fuzzy Hash: 7A11BCB69006498FDB10CF9AC844BDEFBF4AB89224F14C42AD529A7610D774A9458FA1

Uniqueness

Uniqueness Score: -1.00%

Function 006ED4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.255405175.00000000006ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 006ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ed000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52b964aa3f75ebb09dd403de6b2efb609ead80d125d9d0ae4f93a13f5c216726
Instruction ID: 4c4b3ad43337bb72e6b348e95e5435a24ec3253bf3220450f8f91720a60639e2
Opcode Fuzzy Hash: 52b964aa3f75ebb09dd403de6b2efb609ead80d125d9d0ae4f93a13f5c216726
Instruction Fuzzy Hash: 322103B1505380DFDB05DF14D9C0B66BB66FB98328F24C569E9054B246C336D856CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 006FD01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.255478799.00000000006FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fd000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e750b2ac44b9bd07f638c18012dfba2ff5814d6cb75a1a50f7d7781d03958817
Instruction ID: c67fe54506095b2dd213c7ec2891b33c6e4e47fa4dd248ebc5f0aa42400a58b8
Opcode Fuzzy Hash: e750b2ac44b9bd07f638c18012dfba2ff5814d6cb75a1a50f7d7781d03958817
Instruction Fuzzy Hash: 3821C575608248DFDB14DF14D5C4B26BB67FB84324F24C56DDA094B346CB36E847CA61

Uniqueness

Uniqueness Score: -1.00%

Function 006FD1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.255478799.00000000006FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fd000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d928ae4c986b713fac8e14b25606a1c4cc63a019bb24540027fe756a10beca0
Instruction ID: 8b4a1a6c59ea2e7a18181734fdbf284ac6575c70af497567a84a41bc02d86413
Opcode Fuzzy Hash: 4d928ae4c986b713fac8e14b25606a1c4cc63a019bb24540027fe756a10beca0
Instruction Fuzzy Hash: 3E21D371608208EFDB05CF14D5C0B26BB67FB84318F24C56DDA094B346C736E946CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 006FD006 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.255478799.00000000006FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fd000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdb84bad7f93a8288353b34711fa179dd26142c96c36ae85aec220f36a8b4de1
Instruction ID: ecc9839b71a7b12ecd90ec4d771197297fcfd71b8b1baebf096b65bdcfc39934
Opcode Fuzzy Hash: cdb84bad7f93a8288353b34711fa179dd26142c96c36ae85aec220f36a8b4de1
Instruction Fuzzy Hash: 672180755093C48FCB02CF20D990715BF72EB46314F28C5EAD8498B697C33A980ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 006ED4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.255405175.00000000006ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 006ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ed000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5d041c195b4e30d341d02aae4de4fdaf8836022265772e994b819b8081c2768
Instruction ID: d1ce4d58916321ca27b296e29db59724a511aef4dc3eeb34c551b3b37fd3cbd7
Opcode Fuzzy Hash: b5d041c195b4e30d341d02aae4de4fdaf8836022265772e994b819b8081c2768
Instruction Fuzzy Hash: 6611B176504380DFCB15CF10D9C4B56BF72FB94324F24C6A9D8450B656C336D856CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 006FD1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.255478799.00000000006FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fd000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc46bbbadcd43f176f0d0f7d055b99fd855f3bfde83ea12cd077d597a43a2c36
Instruction ID: 9753fd8f1c908b0896329b1379d3cf37fcb26fa45aa8764e9e00dde0d78ed751
Opcode Fuzzy Hash: dc46bbbadcd43f176f0d0f7d055b99fd855f3bfde83ea12cd077d597a43a2c36
Instruction Fuzzy Hash: 0E11BE75504284DFCB01CF10C5C0B65BB72FB84324F24C6AAD9494B756C33AE84ACB91

Uniqueness

Uniqueness Score: -1.00%

Function 006ED745 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.255405175.00000000006ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 006ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ed000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf16c520ce8576a42e9b05ec5f3ebfc9a20151941ed0cf6f57da202ac08d9082
Instruction ID: 82663f374af7cbf197ef00f5d8d84fd6bff61c7be3652a711295efa9d280bb26
Opcode Fuzzy Hash: bf16c520ce8576a42e9b05ec5f3ebfc9a20151941ed0cf6f57da202ac08d9082
Instruction Fuzzy Hash: A901F77110A3C09AEB108B26CDC4BA7BB99DF41334F18C51AEE045A386D7789C41CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 006ED744 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.255405175.00000000006ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 006ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ed000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0a937c67988f4a8d11f3fee433fe7fe1488d08818e48243607fb756179b0284
Instruction ID: ad4e4fdcd74200a8484aaab2e35bf6d527fc51caa45a1cccc82dcb79be3deaa2
Opcode Fuzzy Hash: e0a937c67988f4a8d11f3fee433fe7fe1488d08818e48243607fb756179b0284
Instruction Fuzzy Hash: BCF062714093849EEB148F16CC84BA3FBA8EB81734F18C55AED085B386C3799C44CAB1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00A7E5B0 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.256560512.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a70000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: effdeb6f90565ac482c056923cfceb8d54e832d8f10e3664a149efee076cad62
Instruction ID: 0324faf8ca4e841461387d42c511dfd126e3d2f5d27b112dad3151873277c742
Opcode Fuzzy Hash: effdeb6f90565ac482c056923cfceb8d54e832d8f10e3664a149efee076cad62
Instruction Fuzzy Hash: B912D9F1C917468AE313CF65E4981893B79F746328FD04A08D2611BAD1D7BA15EECF48

Uniqueness

Uniqueness Score: -1.00%

Function 00A7C164 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.256560512.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a70000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f00279e685fe7274b1dff63ef00ba0ceee3541ffe4f6025a696ee62f32087a7
Instruction ID: fa5991d0c94ad2148ee14ec8cc32b0252bf6e48c3608aef90f899b8d50728f74
Opcode Fuzzy Hash: 5f00279e685fe7274b1dff63ef00ba0ceee3541ffe4f6025a696ee62f32087a7
Instruction Fuzzy Hash: 56A15C32E002198FCF05DFA5C9449DEBBB6FF85310B15C56AE909BB261EB31AD55CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00A7E5A2 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.256560512.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a70000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0e54abc5b5ce97c05f4e8394620818f3074f1b59a4162f087d7954ce55624b9
Instruction ID: c09c8e45f26aaf11d60e38aa571ccef50bd376edeb0ab98cbb4227ce16e9d133
Opcode Fuzzy Hash: c0e54abc5b5ce97c05f4e8394620818f3074f1b59a4162f087d7954ce55624b9
Instruction Fuzzy Hash: B0C11DF1C917458EE713CF65E8881897B79FB46328F904A08D1616B6D0D7BA14EECF88

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exePID: 5948, Parent PID: 2804COMMON

Execution Graph

Execution Coverage:	0%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	34.6%
Total number of Nodes:	26
Total number of Limit Nodes:	1

Executed Functions

Function 01079860 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0107986A

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2911a76b4b5dd93838bb4455a8035e83188459da9b24242c4094b809881a7264
Instruction ID: 9db269099c855150cf9034aba6eee01b6af5b6376471926bc8ca4a2ea6d1278d
Opcode Fuzzy Hash: 2911a76b4b5dd93838bb4455a8035e83188459da9b24242c4094b809881a7264
Instruction Fuzzy Hash: 3590027120500913D1117199C504B071109A7D0281F91C512E0C1455CDD6968952B261

Uniqueness

Uniqueness Score: -1.00%

Function 01079660 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0107966A

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2a58b3cbc98b5bfe0350470fe74dc8e0565cfc581bd4ea395c32450cdbcd2db0
Instruction ID: f45d2a68b7d68b7501d5d9873d187f6964e1545a9cd3a6351fe50bc530aefef9
Opcode Fuzzy Hash: 2a58b3cbc98b5bfe0350470fe74dc8e0565cfc581bd4ea395c32450cdbcd2db0
Instruction Fuzzy Hash: 5D90027120500D02D1807199C404A4A1105A7D1341F91C115E0815658DCA558A5977E1

Uniqueness

Uniqueness Score: -1.00%

Function 010796E0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 010796EA

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1dbabc3ddb0cc96f27f619a460b3242f8750f1ad87c895f8d1cdf80a2985401e
Instruction ID: fc82355fc0ddcf1d3628c5e2ecb6c7fd250f6bc9273c76632009b919b04413b6
Opcode Fuzzy Hash: 1dbabc3ddb0cc96f27f619a460b3242f8750f1ad87c895f8d1cdf80a2985401e
Instruction Fuzzy Hash: 9B90027120508D02D1107199C404B4A1105A7D0341F55C511E4C1465CDC6D588917261

Uniqueness

Uniqueness Score: -1.00%

Function 0107967A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01079694

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 48a62baa5ab539ea3dd75fc55f070c90631c6f870922a5745ac0ea381e16ea92
Instruction ID: dfc752531b75bbf604c4fa3a6bd19c07911e0d010042a77f5cb09d2e1ce372c1
Opcode Fuzzy Hash: 48a62baa5ab539ea3dd75fc55f070c90631c6f870922a5745ac0ea381e16ea92
Instruction Fuzzy Hash: FFB09B71D054C5C5D651E7A48608F177A4077D4755F16C151D1820645B4778C091F6B5

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 010EB260 Relevance: 37.8, Strings: 30, Instructions: 262
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

*** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 010EB2DC
write to, xrefs: 010EB4A6
The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 010EB323
The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 010EB3D6
If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 010EB314
The resource is owned exclusively by thread %p, xrefs: 010EB374
a NULL pointer, xrefs: 010EB4E0
Go determine why that thread has not released the critical section., xrefs: 010EB3C5
*** An Access Violation occurred in %ws:%s, xrefs: 010EB48F
The resource is owned shared by %d threads, xrefs: 010EB37E
The instruction at %p tried to %s , xrefs: 010EB4B6
This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 010EB47D
This failed because of error %Ix., xrefs: 010EB446
This means that the I/O device reported an I/O error. Check your hardware., xrefs: 010EB476
This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 010EB484
<unknown>, xrefs: 010EB27E, 010EB2D1, 010EB350, 010EB399, 010EB417, 010EB48E
*** then kb to get the faulting stack, xrefs: 010EB51C
*** Critical Section Timeout (%p) in %ws:%s, xrefs: 010EB39B
*** enter .cxr %p for the context, xrefs: 010EB50D
The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 010EB38F
*** Inpage error in %ws:%s, xrefs: 010EB418
The critical section is owned by thread %p., xrefs: 010EB3B9
an invalid address, %p, xrefs: 010EB4CF
The instruction at %p referenced memory at %p., xrefs: 010EB432
This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 010EB305
read from, xrefs: 010EB4AD, 010EB4B2
*** A stack buffer overrun occurred in %ws:%s, xrefs: 010EB2F3
*** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 010EB53F
*** enter .exr %p for the exception record, xrefs: 010EB4F1
*** Resource timeout (%p) in %ws:%s, xrefs: 010EB352

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
API String ID: 0-108210295
Opcode ID: 02160460415bca90ec63d4f469634f0f52400e4995ac237daa6a9e3146a2041c
Instruction ID: 30fff9eb08fb4c45d9380ea9ea863a054611e2fc1f8aac6394b3fba6d329d7fa
Opcode Fuzzy Hash: 02160460415bca90ec63d4f469634f0f52400e4995ac237daa6a9e3146a2041c
Instruction Fuzzy Hash: 0E812475A40220FFDB226B5BDC4EEAF3BA6BF56A51F40408CF5C42F112D6619841CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 010F1C06 Relevance: 31.4, Strings: 25, Instructions: 195
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 44%

			E010F1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x10148a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0103B150();
				} else {
					E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x112589c);
				E0103B150("Heap error detected at %p (heap handle %p)\n",  *0x11258a0);
				_t27 =  *0x1125898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M010F1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0103B150();
				} else {
					E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E0103B150("Error code: %d - %s\n",  *0x1125898);
				_t113 =  *0x11258a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0103B150();
					} else {
						E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0103B150("Parameter1: %p\n",  *0x11258a4);
				}
				_t115 =  *0x11258a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0103B150();
					} else {
						E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0103B150("Parameter2: %p\n",  *0x11258a8);
				}
				_t117 =  *0x11258ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0103B150();
					} else {
						E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0103B150("Parameter3: %p\n",  *0x11258ac);
				}
				_t119 =  *0x11258b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0103B150();
					} else {
						E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x11258b4);
					E0103B150("Last known valid blocks: before - %p, after - %p\n",  *0x11258b0);
				} else {
					_t120 =  *0x11258b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0103B150();
				} else {
					E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E0103B150("Stack trace available at %p\n", 0x11258c0);
			}

0x010f1c10
0x010f1c16
0x010f1c1e
0x010f1c3d
0x010f1c3e
0x010f1c20
0x010f1c35
0x010f1c3a
0x010f1c44
0x010f1c55
0x010f1c5a
0x010f1c65
0x010f1c67
0x00000000
0x010f1c6e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x010f1c67
0x010f1cdc
0x010f1ce5
0x010f1d04
0x010f1d05
0x010f1ce7
0x010f1cfc
0x010f1d01
0x010f1d0b
0x010f1d17
0x010f1d1f
0x010f1d25
0x010f1d30
0x010f1d4f
0x010f1d50
0x010f1d32
0x010f1d47
0x010f1d4c
0x010f1d61
0x010f1d67
0x010f1d68
0x010f1d6e
0x010f1d79
0x010f1d98
0x010f1d99
0x010f1d7b
0x010f1d90
0x010f1d95
0x010f1daa
0x010f1db0
0x010f1db1
0x010f1db7
0x010f1dc2
0x010f1de1
0x010f1de2
0x010f1dc4
0x010f1dd9
0x010f1dde
0x010f1df3
0x010f1df9
0x010f1dfa
0x010f1e00
0x010f1e0a
0x010f1e13
0x010f1e32
0x010f1e33
0x010f1e15
0x010f1e2a
0x010f1e2f
0x010f1e39
0x010f1e4a
0x010f1e02
0x010f1e02
0x010f1e08
0x00000000
0x00000000
0x010f1e08
0x010f1e5b
0x010f1e7a
0x010f1e7b
0x010f1e5d
0x010f1e72
0x010f1e77
0x010f1e95

Strings

HEAP: , xrefs: 010F1C16, 010F1C3D, 010F1D04, 010F1D4F, 010F1D98, 010F1DE1, 010F1E32, 010F1E7A
Parameter1: %p, xrefs: 010F1D5C
heap_failure_lfh_bitmap_mismatch, xrefs: 010F1CD7
heap_failure_block_not_busy, xrefs: 010F1CA6
Stack trace available at %p, xrefs: 010F1E86
heap_failure_freelists_corruption, xrefs: 010F1CC9
HEAP[%wZ]: , xrefs: 010F1C30, 010F1CF7, 010F1D42, 010F1D8B, 010F1DD4, 010F1E25, 010F1E6D
heap_failure_cross_heap_operation, xrefs: 010F1CC2
Heap error detected at %p (heap handle %p), xrefs: 010F1C50
heap_failure_buffer_overrun, xrefs: 010F1C98
heap_failure_usage_after_free, xrefs: 010F1CBB
heap_failure_unknown, xrefs: 010F1C75
heap_failure_entry_corruption, xrefs: 010F1C83
Parameter3: %p, xrefs: 010F1DEE
heap_failure_listentry_corruption, xrefs: 010F1CD0
heap_failure_generic, xrefs: 010F1C7C
heap_failure_virtual_block_corruption, xrefs: 010F1C91
heap_failure_invalid_allocation_type, xrefs: 010F1CB4
heap_failure_internal, xrefs: 010F1C6E
Parameter2: %p, xrefs: 010F1DA5
heap_failure_invalid_argument, xrefs: 010F1CAD
heap_failure_multiple_entries_corruption, xrefs: 010F1C8A
heap_failure_buffer_underrun, xrefs: 010F1C9F
Error code: %d - %s, xrefs: 010F1D12
Last known valid blocks: before - %p, after - %p, xrefs: 010F1E45

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
API String ID: 0-2897834094
Opcode ID: 2b6f8790721c20a3b2ead0acb04e7907a1d2207b5024250686063e06df38de49
Instruction ID: 7e674072bc8ea89854d75634aaa1403fa745349e0aec487dd3b935f9ba50871e
Opcode Fuzzy Hash: 2b6f8790721c20a3b2ead0acb04e7907a1d2207b5024250686063e06df38de49
Instruction Fuzzy Hash: 82612633550155DFC271AB8AE886E7873E9EB44A30B4980BFF7C95FB40D6B498818F49

Uniqueness

Uniqueness Score: -1.00%

Function 010F4AEF Relevance: 11.8, Strings: 9, Instructions: 529
COMMONCrypto

Download Yara Rule

C-Code - Quality: 59%

			E010F4AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				void* _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				void* _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E0103B150();
						} else {
							E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E0103B150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0103B150();
					} else {
						E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E010EFA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E0103B150();
						} else {
							E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E0103B150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E0103B150();
								} else {
									E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E0103B150();
									} else {
										E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E0103B150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E010EFA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E0103B150();
										} else {
											E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E0108D540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E0103B150();
								} else {
									E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E010FA80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E0105E12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E010FA80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E0105E4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E0105A229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E0105A309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E0105BC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E010E23E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E01031F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}

0x010f4af7
0x010f4afb
0x010f4afd
0x010f4b01
0x010f4b03
0x010f4b08
0x010f4b0a
0x010f4b0f
0x010f4eb5
0x010f4eb5
0x010f4ebb
0x010f50d5
0x010f50d8
0x010f4ff6
0x00000000
0x010f4ff6
0x010f50de
0x010f50e4
0x010f50e8
0x010f5107
0x010f510c
0x010f50ea
0x010f50ff
0x010f5104
0x010f5112
0x010f5115
0x010f5118
0x010f5119
0x010f50cb
0x010f50cb
0x010f50af
0x00000000
0x010f50af
0x010f4ecb
0x010f50b6
0x010f50bb
0x010f4ed1
0x010f4ee6
0x010f4eeb
0x010f50c1
0x010f50c2
0x010f50c5
0x010f50c6
0x00000000
0x00000000
0x00000000
0x00000000
0x010f4b15
0x010f4b15
0x010f4b1c
0x010f4b1e
0x010f4b23
0x010f4b27
0x010f4b33
0x010f4b38
0x010f4b3a
0x010f4b3c
0x010f4b41
0x010f4b41
0x010f4b3a
0x010f4b52
0x010f5045
0x010f504b
0x010f504f
0x010f506e
0x010f5073
0x010f5051
0x010f5066
0x010f506b
0x010f5083
0x010f5088
0x010f5088
0x010f508a
0x010f5091
0x010f5099
0x010f5099
0x010f509d
0x010f50a7
0x010f50ad
0x010f50ad
0x010f50ad
0x00000000
0x010f509d
0x010f4b58
0x010f4b5b
0x010f4b5e
0x010f4b63
0x010f4b66
0x010f4b69
0x010f4b6f
0x010f4be4
0x010f4bf0
0x010f4bf2
0x010f4bf5
0x010f4dc3
0x010f4dc6
0x010f4dc9
0x010f4dce
0x010f4dce
0x010f4dd0
0x010f4dd0
0x010f4dd5
0x010f4def
0x010f4dd7
0x010f4de7
0x010f4de7
0x010f4df3
0x010f5001
0x010f5007
0x010f500b
0x010f502a
0x010f502f
0x010f500d
0x010f5022
0x010f5027
0x010f5039
0x010f503a
0x010f503b
0x00000000
0x010f4df9
0x010f4dfd
0x010f4e90
0x010f4e94
0x010f4e9e
0x010f4ea4
0x010f4ea4
0x010f4ea4
0x010f4ea6
0x010f4ea6
0x00000000
0x010f4ea6
0x010f4e03
0x010f4e08
0x010f4f88
0x010f4f92
0x010f4f99
0x010f4f9c
0x010f4fe0
0x010f4fe4
0x010f4fee
0x010f4ff4
0x010f4ff4
0x010f4ff4
0x00000000
0x010f4fe4
0x010f4f9e
0x010f4fa4
0x010f4fa8
0x010f4fc7
0x010f4fcc
0x010f4faa
0x010f4fbf
0x010f4fc4
0x010f4fd2
0x010f4fd5
0x010f4fd6
0x010f4f34
0x010f4f34
0x00000000
0x010f4f39
0x010f4e0e
0x010f4e14
0x010f4e1b
0x010f4e25
0x010f4e2b
0x010f4e2b
0x010f4e33
0x010f4e38
0x010f4e8a
0x010f4e8a
0x00000000
0x010f4e3a
0x010f4e3e
0x010f4e43
0x010f4e47
0x010f4e53
0x010f4e58
0x010f4e5a
0x010f4e5c
0x010f4e61
0x010f4e61
0x010f4e5a
0x010f4e6e
0x010f4f41
0x010f4f47
0x010f4f4b
0x010f4f6a
0x010f4f6f
0x010f4f4d
0x010f4f62
0x010f4f67
0x010f4f7f
0x010f4f80
0x010f4f81
0x00000000
0x010f4e74
0x010f4e78
0x010f4e82
0x010f4e88
0x010f4e88
0x00000000
0x010f4e78
0x010f4e6e
0x010f4e38
0x010f4df3
0x010f4bfe
0x010f4c01
0x010f4c04
0x010f4c07
0x010f4c09
0x010f4c0c
0x010f4c0e
0x010f4c0e
0x010f4c11
0x010f4c11
0x010f4c0c
0x010f4c14
0x010f4c17
0x010f4dae
0x010f4db2
0x010f4db7
0x010f4dba
0x010f4dbd
0x010f4ef1
0x010f4ef7
0x010f4efb
0x010f4f1a
0x010f4f1f
0x010f4efd
0x010f4f12
0x010f4f17
0x010f4f2b
0x010f4f2b
0x010f4f2d
0x010f4f2e
0x010f4f2f
0x00000000
0x010f4f2f
0x00000000
0x010f4c1d
0x010f4c1d
0x010f4c20
0x010f4c23
0x010f4c26
0x010f4c29
0x010f4c2c
0x010f4c2e
0x010f4d91
0x010f4d91
0x010f4d92
0x010f4d97
0x010f4d9e
0x00000000
0x010f4d9e
0x010f4c34
0x010f4c37
0x010f4c39
0x010f4c3c
0x00000000
0x00000000
0x010f4c45
0x010f4c48
0x010f4c4e
0x010f4c50
0x010f4c78
0x010f4c78
0x010f4c7b
0x010f4c7d
0x010f4c80
0x010f4c84
0x010f4cad
0x010f4cad
0x010f4cb0
0x010f4cb8
0x010f4cbb
0x010f4cbe
0x010f4cc1
0x010f4cc7
0x010f4cdc
0x010f4cc9
0x010f4cd2
0x010f4cd4
0x010f4cd4
0x010f4cde
0x010f4ce0
0x010f4d13
0x010f4d13
0x010f4d16
0x010f4d18
0x010f4d29
0x010f4d2a
0x010f4d2c
0x010f4d34
0x010f4d1a
0x010f4d1a
0x010f4d1a
0x010f4d1d
0x010f4d1f
0x010f4d22
0x010f4d24
0x010f4d24
0x010f4d3c
0x010f4d3f
0x010f4d45
0x010f4d47
0x010f4d6c
0x010f4d6c
0x010f4d70
0x010f4d7e
0x010f4d84
0x010f4d84
0x00000000
0x010f4d49
0x010f4d49
0x010f4d56
0x010f4d56
0x010f4d59
0x00000000
0x00000000
0x010f4d4e
0x010f4d50
0x010f4d52
0x010f4d8e
0x010f4d5d
0x010f4d5f
0x010f4d67
0x00000000
0x010f4d67
0x010f4d54
0x010f4d54
0x010f4d5b
0x00000000
0x010f4d5b
0x010f4ce2
0x010f4ce2
0x010f4ce5
0x010f4ce5
0x010f4ce7
0x010f4cfb
0x010f4ce9
0x010f4ce9
0x010f4cec
0x010f4cef
0x010f4cf1
0x010f4cf3
0x010f4cf3
0x010f4cf3
0x010f4cf6
0x010f4cf6
0x010f4d02
0x010f4d05
0x00000000
0x00000000
0x010f4d07
0x010f4d0f
0x010f4d11
0x00000000
0x00000000
0x00000000
0x010f4d11
0x00000000
0x010f4ce5
0x010f4ce0
0x010f4c8a
0x010f4c8f
0x010f4c91
0x00000000
0x00000000
0x010f4c9d
0x00000000
0x010f4c9d
0x010f4c52
0x010f4c5f
0x010f4c5f
0x010f4c62
0x00000000
0x00000000
0x010f4c57
0x010f4c59
0x010f4c5b
0x010f4caa
0x010f4c66
0x010f4c68
0x010f4c70
0x010f4c75
0x00000000
0x010f4c75
0x010f4c5d
0x010f4c5d
0x010f4c64
0x00000000
0x010f4c64
0x010f4c17
0x010f4b75
0x010f4bc4
0x010f4bc8
0x00000000
0x00000000
0x010f4bd9
0x00000000
0x00000000
0x00000000
0x010f4b77
0x010f4b7a
0x010f4b8c
0x010f4b7c
0x010f4b7e
0x010f4b83
0x010f4b86
0x010f4b86
0x010f4b90
0x010f4b93
0x00000000
0x00000000
0x010f4b95
0x010f4bab
0x010f4bb0
0x00000000
0x00000000
0x010f4bb2
0x010f4bb9
0x00000000
0x00000000
0x010f4bbb
0x010f4bbe
0x010f4bc1
0x010f4bc1
0x00000000
0x010f4bc1
0x010f4b97
0x010f4ba4
0x00000000
0x00000000
0x010f4ba6
0x00000000
0x010f4ba6
0x010f4ea9
0x010f4ea9
0x010f4eb2
0x00000000

Strings

Heap block at %p has corrupted PreviousSize (%lx), xrefs: 010F4F81
HEAP: , xrefs: 010F4F1A, 010F4F6A, 010F4FC7, 010F502A, 010F506E, 010F50B6, 010F5107
Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x), xrefs: 010F50C6
HEAP[%wZ]: , xrefs: 010F4EE1, 010F4F0D, 010F4F5D, 010F4FBA, 010F501D, 010F5061, 010F50FA
Heap block at %p has incorrect segment offset (%x), xrefs: 010F503B
Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x), xrefs: 010F5119
Free Heap block %p modified at %p after it was freed, xrefs: 010F4F2F
Heap block at %p is not last block in segment (%p), xrefs: 010F4FD6
Heap entry %p has incorrect PreviousSize field (%04x instead of %04x), xrefs: 010F508C

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
API String ID: 0-3591852110
Opcode ID: 6b3f9fa7e054077dbe60af2d9b1ae7864852a0c1e3882aa917bc904fb1e05d47
Instruction ID: 9f58f057d5948df5ede53febcf361f874f405d371bcf85764b66d2332567303c
Opcode Fuzzy Hash: 6b3f9fa7e054077dbe60af2d9b1ae7864852a0c1e3882aa917bc904fb1e05d47
Instruction Fuzzy Hash: A112BF306006469FD765DF29C486BBBBBE5EF48314F14849DEAC6CBA81D774E884CB90

Uniqueness

Uniqueness Score: -1.00%

Function 010F4496 Relevance: 10.4, Strings: 8, Instructions: 417
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 56%

			E010F4496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E010F49A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0x1126378 = _t267;
						asm("int3");
						 *0x1126378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E0106174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E0103B150();
							} else {
								E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E0103B150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E0103B150();
							} else {
								E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E0103B150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0x1126350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E01079660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E0106174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E0103B150();
										} else {
											E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_t148 = _t330 + 0x10; // 0x10
										_push( *((intOrPtr*)(_t330 + 8)));
										E0103B150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E0103B150();
									} else {
										E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E0103B150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E0103B150();
								} else {
									E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E0103B150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E0103B150();
							} else {
								E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E010F4AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E010EFA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E010E23E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}

0x010f44a1
0x010f44a3
0x010f44a7
0x010f44ac
0x010f44af
0x010f44b2
0x010f44b9
0x010f44bc
0x010f47f2
0x010f47f2
0x010f47f8
0x010f47fc
0x010f47fe
0x010f4804
0x010f4805
0x010f4805
0x010f480c
0x010f4810
0x010f4812
0x010f4812
0x010f4812
0x010f4822
0x010f4822
0x010f4827
0x010f4827
0x00000000
0x010f4827
0x010f44c4
0x010f44d3
0x010f44d9
0x010f44dc
0x010f44de
0x010f44e0
0x010f4560
0x010f4520
0x010f4522
0x010f4525
0x010f4528
0x010f452b
0x010f452e
0x010f4530
0x010f4697
0x010f469d
0x010f46a1
0x010f46c0
0x010f46c5
0x010f46a3
0x010f46b8
0x010f46bd
0x010f46cb
0x010f46d4
0x010f4677
0x010f4677
0x010f4679
0x010f467c
0x010f468a
0x010f4690
0x010f4690
0x010f47f1
0x010f47f1
0x010f47f1
0x00000000
0x010f47f1
0x010f4536
0x010f4539
0x010f453c
0x010f4636
0x010f463c
0x010f4640
0x010f465f
0x010f4664
0x010f4642
0x010f4657
0x010f465c
0x010f4670
0x00000000
0x010f4542
0x010f4542
0x010f4546
0x010f4548
0x010f454b
0x010f4555
0x010f455b
0x010f455b
0x010f455b
0x010f455d
0x010f455d
0x010f455d
0x00000000
0x010f455d
0x010f453c
0x010f4579
0x010f457c
0x010f4587
0x010f4589
0x010f4591
0x010f4592
0x010f4597
0x010f4598
0x010f45a1
0x010f45ab
0x010f45ab
0x010f45a1
0x010f45ae
0x010f45b4
0x010f45b9
0x010f45bd
0x010f4759
0x010f4759
0x010f475f
0x010f4761
0x010f4763
0x010f4765
0x010f4768
0x010f476b
0x010f476d
0x010f479c
0x010f479c
0x010f479f
0x010f47a2
0x010f47a4
0x010f4830
0x010f4833
0x010f4879
0x010f487d
0x010f48f1
0x010f48f3
0x010f48f3
0x00000000
0x010f48f3
0x010f487f
0x010f4885
0x010f4887
0x010f48a8
0x010f48a8
0x010f48ae
0x010f48b0
0x010f48dc
0x010f48dc
0x010f48dc
0x010f48dc
0x010f48ec
0x00000000
0x010f48ec
0x010f48b2
0x010f48bc
0x010f48be
0x010f48c1
0x00000000
0x00000000
0x00000000
0x00000000
0x010f48c3
0x010f48c3
0x010f48c6
0x010f48c9
0x010f48cc
0x010f48d1
0x010f48d4
0x00000000
0x00000000
0x010f48d6
0x010f48d7
0x010f48da
0x00000000
0x00000000
0x00000000
0x010f48da
0x010f494f
0x010f4955
0x010f4959
0x010f4978
0x010f497d
0x010f495b
0x010f4970
0x010f4975
0x010f4986
0x010f4987
0x010f498a
0x010f498d
0x010f4997
0x010f47ef
0x010f47ef
0x010f47ef
0x00000000
0x010f47ef
0x010f4890
0x010f4890
0x010f4891
0x010f4891
0x010f4894
0x010f4897
0x010f489d
0x010f48a0
0x00000000
0x00000000
0x010f48a2
0x010f48a3
0x010f48a6
0x00000000
0x00000000
0x00000000
0x010f48a6
0x010f48fb
0x010f4901
0x010f4905
0x010f4924
0x010f4929
0x010f4907
0x010f491c
0x010f4921
0x010f492f
0x010f4935
0x010f4936
0x010f4939
0x010f4942
0x00000000
0x010f4947
0x010f4835
0x010f483b
0x010f483f
0x010f485e
0x010f4863
0x010f4841
0x010f4856
0x010f485b
0x010f4869
0x010f486c
0x010f486f
0x010f47e7
0x010f47e7
0x00000000
0x010f47ec
0x010f47aa
0x010f47b0
0x010f47b4
0x010f47d3
0x010f47d8
0x010f47b6
0x010f47cb
0x010f47d0
0x010f47de
0x010f47df
0x010f47e2
0x00000000
0x00000000
0x00000000
0x00000000
0x010f476f
0x010f476f
0x010f4778
0x010f4785
0x010f4787
0x010f478c
0x010f478e
0x00000000
0x00000000
0x010f4790
0x010f4792
0x010f4794
0x00000000
0x00000000
0x010f4796
0x010f4799
0x00000000
0x010f4799
0x00000000
0x010f45c3
0x010f45c3
0x010f45c7
0x010f45c7
0x010f45ca
0x010f45cf
0x010f45d3
0x010f45df
0x010f45e4
0x010f45e6
0x010f45e8
0x010f45ed
0x010f45ed
0x010f45f2
0x010f45f2
0x010f45f7
0x010f45fc
0x010f4602
0x010f4606
0x010f4609
0x010f460f
0x010f46de
0x010f46e3
0x010f46e5
0x010f46ec
0x010f46ee
0x010f46f6
0x010f46f6
0x010f46f6
0x010f46f6
0x010f46ec
0x010f4615
0x010f4615
0x010f461d
0x010f462e
0x010f462e
0x010f461d
0x010f460f
0x010f4609
0x010f46fd
0x00000000
0x00000000
0x010f4710
0x010f471a
0x010f4720
0x010f4720
0x010f4722
0x010f472c
0x00000000
0x010f472e
0x010f472e
0x00000000
0x010f472e
0x010f472c
0x010f4738
0x010f473c
0x010f474b
0x010f4751
0x010f4751
0x00000000
0x010f473c
0x010f48f4
0x010f48f4
0x00000000
0x010f48f4

Strings

HEAP: , xrefs: 010F465F, 010F46C0, 010F47D3, 010F485E, 010F4924, 010F4978
Number of free blocks in arena (%ld) does not match number in the free lists (%ld), xrefs: 010F47E2
Pseudo Tag %04x size incorrect (%Ix != %Ix) %p, xrefs: 010F493D
Non-Dedicated free list element %p is out of order, xrefs: 010F466B
HEAP[%wZ]: , xrefs: 010F4652, 010F46B3, 010F47C6, 010F4851, 010F4917, 010F496B
dedicated (%04Ix) free list element %p is marked busy, xrefs: 010F46CF
Total size of free blocks in arena (%Id) does not match number total in heap header (%Id), xrefs: 010F486F
Tag %04x (%ws) size incorrect (%Ix != %Ix) %p, xrefs: 010F4992

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
API String ID: 0-1357697941
Opcode ID: 3c5b37b67ade0f9e484e646a8a90b16aff9ac6f31a114dffd950413eae53035b
Instruction ID: 58cbd7cb42116e2d3cc3165c30ef714f24d6d98d76ef6160c96b620bee14a1ba
Opcode Fuzzy Hash: 3c5b37b67ade0f9e484e646a8a90b16aff9ac6f31a114dffd950413eae53035b
Instruction Fuzzy Hash: 60F13E316002469FDB21CF69C485BABBBF5FF89304F04809EEAC6DBA41D774A985CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0105A309 Relevance: 8.2, Strings: 6, Instructions: 687
COMMONCrypto

Download Yara Rule

C-Code - Quality: 72%

			E0105A309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x1128a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E0105A830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E0105DF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E01039373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E0103A9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x1128748 - 1;
						if( *0x1128748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E0103B150();
								} else {
									E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E0103B150();
								__eflags =  *0x1127bc8;
								if( *0x1127bc8 == 0) {
									__eflags = 1;
									E010F2073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x1128748 - 1;
							if( *0x1128748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E0106174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E01057D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E010F14FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E01039373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E01039819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x1128748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E0103B150();
											} else {
												E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E0103B150();
											_pop(_t491);
											__eflags =  *0x1127bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E010F2073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E010FA80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E0105A830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E01057D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E01057D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E010F1411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E01057D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E01057D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x1128748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E0103B150();
							} else {
								E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E0103B150();
							__eflags =  *0x1127bc8;
							if( *0x1127bc8 == 0) {
								__eflags = 0;
								E010F2073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x1128748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E0103B150();
												} else {
													E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E0103B150();
												__eflags =  *0x1127bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E010F2073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E010FA80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E0105A830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E0105B73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E0105A830(_t553, _v64, _v24);
								_t286 = E01057D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E01057D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E010F1411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E01057D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E01057D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E010F1411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E0106174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E0105B73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E01057D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E010F14FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E010599BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E0105A830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E0106ABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}

0x0105a309
0x0105a316
0x0105a319
0x0105a31d
0x0105a32d
0x0105a331
0x010a1e0d
0x010a1e10
0x0105a3cb
0x0105a3cb
0x0105a3bd
0x0105a3c3
0x0105a3c3
0x0105a33a
0x010a1e17
0x010a1e1b
0x010a1e1d
0x010a1e2f
0x010a1e34
0x010a1e36
0x010a1e3c
0x010a1e3c
0x010a1e3c
0x010a1e3c
0x010a1e36
0x010a1e42
0x010a1e45
0x010a1e47
0x0105a3f8
0x0105a3f8
0x0105a3fb
0x0105a3fd
0x010a1e50
0x0105a403
0x0105a411
0x0105a411
0x0105a411
0x0105a41e
0x0105a420
0x0105a424
0x0105a427
0x0105a7c9
0x0105a7cd
0x0105a7d2
0x0105a7d9
0x0105a7e0
0x0105a7e3
0x0105a7ed
0x0105a7f3
0x0105a7f9
0x0105a7ff
0x0105a802
0x0105a807
0x0105a809
0x0105a809
0x0105a809
0x0105a80f
0x0105a80f
0x0105a812
0x0105a81c
0x0105a821
0x0105a824
0x0105a42d
0x0105a42d
0x0105a42d
0x0105a42d
0x0105a42d
0x0105a436
0x0105a43a
0x0105a609
0x0105a60d
0x0105a612
0x0105a616
0x0105a61a
0x010a1e57
0x010a1e59
0x00000000
0x00000000
0x010a1e5f
0x0105a620
0x0105a627
0x010a1e64
0x010a1e66
0x010a1e6c
0x010a1e72
0x010a1e76
0x010a1e95
0x010a1e9a
0x010a1e78
0x010a1e8d
0x010a1e92
0x010a1ea0
0x010a1ea5
0x010a1eaa
0x010a1eb2
0x010a1eb6
0x010a1eb9
0x010a1eb9
0x010a1ebe
0x010a1ec2
0x010a1ec2
0x010a1e66
0x0105a62d
0x0105a633
0x0105a636
0x0105a63a
0x0105a63c
0x0105a640
0x0105a642
0x0105a644
0x0105a644
0x0105a644
0x0105a64d
0x0105a64d
0x0105a651
0x0105a655
0x010a1eca
0x010a1ed1
0x00000000
0x00000000
0x010a1ed7
0x00000000
0x0105a65b
0x0105a669
0x0105a66e
0x0105a670
0x00000000
0x00000000
0x0105a676
0x0105a67b
0x0105a680
0x0105a682
0x010a1f1a
0x0105a688
0x0105a688
0x0105a688
0x0105a68a
0x0105a68d
0x010a1f24
0x010a1f2a
0x010a1f31
0x010a1f43
0x010a1f43
0x010a1f31
0x0105a693
0x0105a697
0x0105a69d
0x0105a6a0
0x0105a6a6
0x0105a6a8
0x0105a6a8
0x0105a6a8
0x0105a6a8
0x0105a6b2
0x0105a6b7
0x0105a6c1
0x0105a6c6
0x0105a6d2
0x0105a6d9
0x0105a6e3
0x0105a6e6
0x0105a6eb
0x0105a6ed
0x0105a6ed
0x0105a6ed
0x0105a6ed
0x0105a6f3
0x0105a6f8
0x0105a702
0x0105a70a
0x0105a70e
0x0105a71a
0x0105a71e
0x010a1fcb
0x010a1fcf
0x010a1fdd
0x010a1fe3
0x010a1fe3
0x0105a724
0x0105a728
0x0105a72a
0x0105a72d
0x0105a737
0x0105a73a
0x0105a73c
0x0105a742
0x0105a748
0x010a1f4d
0x010a1f50
0x010a1f56
0x010a1f5c
0x010a1f5f
0x010a1f7e
0x010a1f83
0x010a1f61
0x010a1f76
0x010a1f7b
0x010a1f89
0x010a1f8e
0x010a1f93
0x010a1f94
0x010a1f9a
0x010a1f9c
0x010a1f9e
0x010a1fa1
0x010a1fa1
0x010a1fa6
0x010a1fa6
0x010a1f50
0x0105a74e
0x0105a751
0x0105a754
0x0105a75d
0x0105a75e
0x0105a762
0x0105a767
0x010a1faf
0x010a1fb0
0x010a1fb9
0x010a1fbe
0x010a1fc2
0x010a1fc2
0x0105a76d
0x0105a76d
0x0105a775
0x0105a778
0x0105a77d
0x0105a77d
0x0105a71e
0x0105a782
0x0105a787
0x0105a789
0x010a1ff3
0x0105a78f
0x0105a78f
0x0105a78f
0x0105a791
0x0105a794
0x010a1ffd
0x010a2006
0x010a200c
0x010a2017
0x010a2019
0x010a2024
0x010a2024
0x010a2024
0x010a2047
0x010a2047
0x010a200c
0x0105a79a
0x0105a79f
0x0105a7a4
0x0105a7a9
0x0105a7ab
0x010a205a
0x0105a7b1
0x0105a7b1
0x0105a7b1
0x0105a7b3
0x0105a7b6
0x00000000
0x0105a7bc
0x010a2066
0x010a2068
0x010a2073
0x010a2073
0x010a2073
0x010a2078
0x010a2079
0x010a207d
0x00000000
0x010a207d
0x0105a7b6
0x0105a440
0x0105a440
0x0105a440
0x0105a446
0x0105a44c
0x0105a44f
0x0105a453
0x0105a455
0x010a20b3
0x010a20b9
0x010a20b9
0x0105a45d
0x0105a460
0x0105a464
0x0105a466
0x0105a46b
0x0105a46f
0x0105a471
0x0105a471
0x0105a471
0x0105a474
0x0105a479
0x0105a47d
0x0105a47f
0x010a2229
0x010a222f
0x0105a3c8
0x0105a3c8
0x0105a3ca
0x0105a3ca
0x00000000
0x0105a3ca
0x010a2235
0x010a223a
0x010a223a
0x00000000
0x00000000
0x010a2240
0x010a2246
0x010a224a
0x010a2269
0x010a226e
0x010a224c
0x010a2261
0x010a2266
0x010a2274
0x010a2279
0x010a227e
0x010a2286
0x010a2288
0x010a228d
0x010a228d
0x010a2292
0x010a2292
0x010a2295
0x010a2295
0x00000000
0x010a2295
0x0105a485
0x0105a489
0x0105a48b
0x0105a48f
0x0105a493
0x0105a497
0x0105a49b
0x0105a4bb
0x0105a4bb
0x0105a4bd
0x0105a4ff
0x0105a4ff
0x0105a501
0x0105a505
0x0105a50f
0x0105a517
0x0105a51b
0x0105a527
0x0105a52b
0x010a2182
0x010a2185
0x010a2193
0x010a2199
0x010a2199
0x0105a531
0x0105a535
0x0105a538
0x0105a548
0x0105a54b
0x0105a54d
0x0105a553
0x0105a559
0x010a2100
0x010a2103
0x010a2109
0x010a210f
0x010a2112
0x010a2131
0x010a2136
0x010a2114
0x010a2129
0x010a212e
0x010a213c
0x010a2141
0x010a2147
0x010a214d
0x010a2151
0x010a2154
0x010a2154
0x010a2159
0x010a2159
0x010a2103
0x0105a55f
0x0105a562
0x0105a565
0x0105a567
0x010a2162
0x0105a56d
0x0105a574
0x0105a575
0x0105a579
0x0105a57e
0x010a2169
0x010a216a
0x010a2170
0x010a2175
0x010a2179
0x010a2179
0x0105a57e
0x0105a584
0x0105a58f
0x0105a58f
0x0105a52b
0x0105a5ad
0x0105a5bc
0x0105a5c1
0x0105a5c6
0x0105a5cb
0x0105a5cd
0x010a21a9
0x0105a5d3
0x0105a5d3
0x0105a5d3
0x0105a5d5
0x0105a5d8
0x010a21b3
0x010a21bc
0x010a21c2
0x010a21cd
0x010a21cf
0x010a21da
0x010a21da
0x010a21da
0x010a21f7
0x010a21f7
0x010a21c2
0x0105a5de
0x0105a5e3
0x0105a5e8
0x0105a5ea
0x010a220a
0x0105a5f0
0x0105a5f0
0x0105a5f0
0x0105a5f2
0x0105a5f5
0x010a2219
0x010a221b
0x010a208c
0x010a208c
0x010a208c
0x010a2095
0x010a2096
0x010a2097
0x010a2098
0x010a20a4
0x010a20a5
0x010a20a9
0x010a20a9
0x00000000
0x0105a5f5
0x0105a4bf
0x0105a4d3
0x0105a4d8
0x0105a4da
0x010a1ede
0x010a1ede
0x010a1ee4
0x010a1ee9
0x00000000
0x00000000
0x010a1f07
0x00000000
0x010a1f07
0x0105a4e0
0x0105a4e5
0x0105a4e7
0x010a20cb
0x0105a4ed
0x0105a4ed
0x0105a4ed
0x0105a4f2
0x0105a4f5
0x010a20d5
0x010a20de
0x010a20e4
0x010a20f6
0x010a20f6
0x010a20e4
0x0105a4fb
0x00000000
0x0105a4fb
0x0105a4a1
0x0105a4a4
0x0105a4a8
0x00000000
0x00000000
0x0105a4aa
0x0105a4ac
0x00000000
0x00000000
0x0105a4b2
0x0105a4b5
0x00000000
0x00000000
0x00000000
0x0105a4b5
0x0105a43a
0x0105a340
0x0105a346
0x0105a600
0x00000000
0x0105a600
0x0105a34f
0x0105a351
0x0105a358
0x0105a3c6
0x00000000
0x0105a371
0x0105a37a
0x0105a37f
0x0105a382
0x0105a384
0x0105a394
0x00000000
0x0105a396
0x0105a399
0x0105a3a7
0x0105a3b0
0x0105a3b4
0x0105a3bb
0x0105a3d2
0x0105a3da
0x0105a3df
0x0105a3e1
0x0105a3e5
0x0105a3ea
0x0105a3f0
0x0105a3f0
0x0105a3e1
0x00000000
0x0105a3bb
0x0105a394

Strings

HEAP: , xrefs: 010A1E95, 010A1F7E, 010A2131, 010A2269
(LONG)FreeEntry->Size > 1, xrefs: 010A213C
HEAP[%wZ]: , xrefs: 010A1E88, 010A1F71, 010A2124, 010A225C
(!TrailingUCR), xrefs: 010A2274
(UCRBlock != NULL), xrefs: 010A1EA0
((LONG)FreeEntry->Size > 1), xrefs: 010A1F89

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
API String ID: 0-523794902
Opcode ID: e4083244b21e6e184e918483c34def734bf205929f890b0d54a14b3eb3032824
Instruction ID: 21ed83869d77ab9dfb0c94f3fdf0cd201ab0305e36cad8f7dd54d2622cf373fa
Opcode Fuzzy Hash: e4083244b21e6e184e918483c34def734bf205929f890b0d54a14b3eb3032824
Instruction Fuzzy Hash: CA42DC31608381DFD755CF68C884A6BBBE5BF98204F448AADF9C68B352D734D981CB51

Uniqueness

Uniqueness Score: -1.00%

Function 010F2D82 Relevance: 7.7, Strings: 6, Instructions: 228
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 64%

			E010F2D82(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t83;
				signed char _t89;
				intOrPtr _t90;
				signed char _t101;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				intOrPtr _t108;
				intOrPtr _t112;
				short* _t130;
				short _t131;
				signed int _t148;
				intOrPtr _t149;
				signed int* _t154;
				short* _t165;
				signed int _t171;
				void* _t182;

				_push(0x44);
				_push(0x1110e80);
				E0108D0E8(__ebx, __edi, __esi);
				_t177 = __edx;
				_t181 = __ecx;
				 *((intOrPtr*)(_t182 - 0x44)) = __ecx;
				 *((char*)(_t182 - 0x1d)) = 0;
				 *(_t182 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t182 - 4)) = 0;
					 *((intOrPtr*)(_t182 - 4)) = 1;
					_t83 = E010340E1("RtlAllocateHeap");
					__eflags = _t83;
					if(_t83 == 0) {
						L48:
						 *(_t182 - 0x24) = 0;
						L49:
						 *((intOrPtr*)(_t182 - 4)) = 0;
						 *((intOrPtr*)(_t182 - 4)) = 0xfffffffe;
						E010F30C4();
						goto L50;
					}
					_t89 =  *(__ecx + 0x44) | __edx | 0x10000100;
					 *(_t182 - 0x28) = _t89;
					 *(_t182 - 0x3c) = _t89;
					_t177 =  *(_t182 + 8);
					__eflags = _t177;
					if(_t177 == 0) {
						_t171 = 1;
						__eflags = 1;
					} else {
						_t171 = _t177;
					}
					_t148 =  *((intOrPtr*)(_t181 + 0x94)) + _t171 &  *(_t181 + 0x98);
					__eflags = _t148 - 0x10;
					if(_t148 < 0x10) {
						_t148 = 0x10;
					}
					_t149 = _t148 + 8;
					 *((intOrPtr*)(_t182 - 0x48)) = _t149;
					__eflags = _t149 - _t177;
					if(_t149 < _t177) {
						L44:
						_t90 =  *[fs:0x30];
						__eflags =  *(_t90 + 0xc);
						if( *(_t90 + 0xc) == 0) {
							_push("HEAP: ");
							E0103B150();
						} else {
							E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t181 + 0x78)));
						E0103B150("Invalid allocation size - %Ix (exceeded %Ix)\n", _t177);
						goto L48;
					} else {
						__eflags = _t149 -  *((intOrPtr*)(_t181 + 0x78));
						if(_t149 >  *((intOrPtr*)(_t181 + 0x78))) {
							goto L44;
						}
						__eflags = _t89 & 0x00000001;
						if((_t89 & 0x00000001) != 0) {
							_t178 =  *(_t182 - 0x28);
						} else {
							E0104EEF0( *((intOrPtr*)(_t181 + 0xc8)));
							 *((char*)(_t182 - 0x1d)) = 1;
							_t178 =  *(_t182 - 0x28) | 0x00000001;
							 *(_t182 - 0x3c) =  *(_t182 - 0x28) | 0x00000001;
						}
						E010F4496(_t181, 0);
						_t177 = E01054620(_t181, _t181, _t178,  *(_t182 + 8));
						 *(_t182 - 0x24) = _t177;
						_t173 = 1;
						E010F49A4(_t181);
						__eflags = _t177;
						if(_t177 == 0) {
							goto L49;
						} else {
							_t177 = _t177 + 0xfffffff8;
							__eflags =  *((char*)(_t177 + 7)) - 5;
							if( *((char*)(_t177 + 7)) == 5) {
								_t177 = _t177 - (( *(_t177 + 6) & 0x000000ff) << 3);
								__eflags = _t177;
							}
							_t154 = _t177;
							 *(_t182 - 0x40) = _t177;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *(_t177 + 3) - (_t154[0] ^ _t154[0] ^  *_t154);
								if(__eflags != 0) {
									_push(_t154);
									_t173 = _t177;
									E010EFA2B(0, _t181, _t177, _t177, _t181, __eflags);
								}
							}
							__eflags =  *(_t177 + 2) & 0x00000002;
							if(( *(_t177 + 2) & 0x00000002) == 0) {
								_t101 =  *(_t177 + 3);
								 *(_t182 - 0x29) = _t101;
								_t102 = _t101 & 0x000000ff;
							} else {
								_t130 = E01031F5B(_t177);
								 *((intOrPtr*)(_t182 - 0x30)) = _t130;
								__eflags =  *(_t181 + 0x40) & 0x08000000;
								if(( *(_t181 + 0x40) & 0x08000000) == 0) {
									 *_t130 = 0;
								} else {
									_t131 = E010616C7(1, _t173);
									_t165 =  *((intOrPtr*)(_t182 - 0x30));
									 *_t165 = _t131;
									_t130 = _t165;
								}
								_t102 =  *(_t130 + 2) & 0x0000ffff;
							}
							 *(_t182 - 0x34) = _t102;
							 *(_t182 - 0x28) = _t102;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *(_t177 + 3) =  *(_t177 + 2) ^  *(_t177 + 1) ^  *_t177;
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *_t177;
							}
							__eflags =  *(_t181 + 0x40) & 0x20000000;
							if(( *(_t181 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E010F4496(_t181, 0);
							}
							__eflags =  *(_t182 - 0x24) -  *0x1126360; // 0x0
							_t104 =  *[fs:0x30];
							if(__eflags != 0) {
								_t105 =  *(_t104 + 0x68);
								 *(_t182 - 0x4c) = _t105;
								__eflags = _t105 & 0x00000800;
								if((_t105 & 0x00000800) == 0) {
									goto L49;
								}
								_t106 =  *(_t182 - 0x34);
								__eflags = _t106;
								if(_t106 == 0) {
									goto L49;
								}
								__eflags = _t106 -  *0x1126364; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								__eflags =  *((intOrPtr*)(_t181 + 0x7c)) -  *0x1126366; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								_t108 =  *[fs:0x30];
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E0103B150();
								} else {
									E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E010DD455(_t181,  *(_t182 - 0x28)));
								_push( *(_t182 + 8));
								E0103B150("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t182 - 0x24));
								goto L34;
							} else {
								__eflags =  *(_t104 + 0xc);
								if( *(_t104 + 0xc) == 0) {
									_push("HEAP: ");
									E0103B150();
								} else {
									E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t182 + 8));
								E0103B150("Just allocated block at %p for %Ix bytes\n",  *0x1126360);
								L34:
								_t112 =  *[fs:0x30];
								__eflags =  *((char*)(_t112 + 2));
								if( *((char*)(_t112 + 2)) != 0) {
									 *0x1126378 = 1;
									 *0x11260c0 = 0;
									asm("int3");
									 *0x1126378 = 0;
								}
								goto L49;
							}
						}
					}
				} else {
					_t181 =  *0x1125708; // 0x0
					 *0x112b1e0(__ecx, __edx,  *(_t182 + 8));
					 *_t181();
					L50:
					return E0108D130(0, _t177, _t181);
				}
			}

0x010f2d82
0x010f2d84
0x010f2d89
0x010f2d8e
0x010f2d90
0x010f2d92
0x010f2d97
0x010f2d9a
0x010f2da4
0x010f2dc0
0x010f2dc3
0x010f2dd1
0x010f2dd6
0x010f2dd8
0x010f30a7
0x010f30a7
0x010f30aa
0x010f30aa
0x010f30ad
0x010f30b4
0x00000000
0x010f30b9
0x010f2de3
0x010f2de8
0x010f2deb
0x010f2dee
0x010f2df1
0x010f2df3
0x010f2dfb
0x010f2dfb
0x010f2df5
0x010f2df5
0x010f2df5
0x010f2e04
0x010f2e0a
0x010f2e0d
0x010f2e11
0x010f2e11
0x010f2e12
0x010f2e15
0x010f2e18
0x010f2e1a
0x010f3027
0x010f3027
0x010f302d
0x010f3030
0x010f304f
0x010f3054
0x010f3032
0x010f3047
0x010f304c
0x010f305a
0x010f3063
0x00000000
0x010f2e20
0x010f2e20
0x010f2e23
0x00000000
0x00000000
0x010f2e29
0x010f2e2b
0x010f2e47
0x010f2e2d
0x010f2e33
0x010f2e38
0x010f2e3f
0x010f2e42
0x010f2e42
0x010f2e4e
0x010f2e5d
0x010f2e5f
0x010f2e62
0x010f2e66
0x010f2e6b
0x010f2e6d
0x00000000
0x010f2e73
0x010f2e73
0x010f2e76
0x010f2e7a
0x010f2e83
0x010f2e83
0x010f2e83
0x010f2e85
0x010f2e87
0x010f2e8a
0x010f2e8d
0x010f2e92
0x010f2e9c
0x010f2e9f
0x010f2ea1
0x010f2ea2
0x010f2ea6
0x010f2ea6
0x010f2e9f
0x010f2eab
0x010f2eaf
0x010f2edf
0x010f2ee2
0x010f2ee5
0x010f2eb1
0x010f2eb3
0x010f2eb8
0x010f2ebd
0x010f2ec4
0x010f2ed6
0x010f2ec6
0x010f2ec7
0x010f2ecc
0x010f2ecf
0x010f2ed2
0x010f2ed2
0x010f2ed9
0x010f2ed9
0x010f2ee8
0x010f2eeb
0x010f2eef
0x010f2ef2
0x010f2efe
0x010f2f04
0x010f2f04
0x010f2f04
0x010f2f06
0x010f2f0d
0x010f2f0f
0x010f2f13
0x010f2f13
0x010f2f1b
0x010f2f21
0x010f2f27
0x010f2f95
0x010f2f98
0x010f2f9b
0x010f2fa0
0x00000000
0x00000000
0x010f2fa6
0x010f2fa9
0x010f2fac
0x00000000
0x00000000
0x010f2fb2
0x010f2fb9
0x00000000
0x00000000
0x010f2fc3
0x010f2fca
0x00000000
0x00000000
0x010f2fd0
0x010f2fd6
0x010f2fd9
0x010f2ff8
0x010f2ffd
0x010f2fdb
0x010f2ff0
0x010f2ff5
0x010f300e
0x010f300f
0x010f301a
0x00000000
0x010f2f29
0x010f2f29
0x010f2f2c
0x010f2f4b
0x010f2f50
0x010f2f2e
0x010f2f43
0x010f2f48
0x010f2f56
0x010f2f64
0x010f2f6c
0x010f2f6c
0x010f2f72
0x010f2f76
0x010f2f7c
0x010f2f83
0x010f2f89
0x010f2f8a
0x010f2f8a
0x00000000
0x010f2f76
0x010f2f27
0x010f2e6d
0x010f2da6
0x010f2dab
0x010f2db3
0x010f2db9
0x010f30bc
0x010f30c1
0x010f30c1

Strings

HEAP: , xrefs: 010F2F4B, 010F2FF8, 010F304F
Just allocated block at %p for 0x%Ix bytes with tag %ws, xrefs: 010F3015
RtlAllocateHeap, xrefs: 010F2DCA
HEAP[%wZ]: , xrefs: 010F2F3E, 010F2FEB, 010F3042
Invalid allocation size - %Ix (exceeded %Ix), xrefs: 010F305E
Just allocated block at %p for %Ix bytes, xrefs: 010F2F5F

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
API String ID: 0-1745908468
Opcode ID: fcf141ac92866e44d875ccb2adb3c98942ad3c692442f40c9c85db65dd8fbdd5
Instruction ID: c73e7ff2c3d4c913e23a75b23c77fd53913d77f832532ba71d09b9fe4ef80e43
Opcode Fuzzy Hash: fcf141ac92866e44d875ccb2adb3c98942ad3c692442f40c9c85db65dd8fbdd5
Instruction Fuzzy Hash: 9C910231510641DFDB26DF68C452AEDBBF2BF89710F5880AEE6C55BA91C7369881CB00

Uniqueness

Uniqueness Score: -1.00%

Function 01043D34 Relevance: 6.7, Strings: 5, Instructions: 435
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 96%

			E01043D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E01041B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E01041B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E01041B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E01041B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E01041B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = E01054620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0107F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E01081370(_t276, 0x1014e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0107BB40(0,  &_v68, _t170);
									if(L010443C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0107BB40(_t257,  &_v68, _t243);
								if(L010443C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E01081370(_t278, 0x1014e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = E01054620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0107F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E01081370(_v16, 0x1014e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0107BB40(_t262,  &_v68, _t244);
								if(L010443C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E01081370(_t282, 0x1014e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0107BB40(_t262,  &_v68, _t201);
							if(L010443C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = E01054620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0107F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E01081370(_t280, 0x1014e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0107BB40(_t267,  &_v68, _t245);
							if(L010443C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E01081370(_t284, 0x1014e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0107BB40(_t267,  &_v68, _t224);
						if(L010443C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}

0x01043d3c
0x01043d42
0x01043d44
0x01043d46
0x01043d49
0x01043d4c
0x01043d4f
0x01043d52
0x01043d55
0x01043d58
0x01043d5b
0x01043d5f
0x01043d61
0x01043d66
0x01098213
0x01098218
0x01044085
0x01044088
0x0104408e
0x01044094
0x0104409a
0x010440a0
0x010440a6
0x010440a9
0x010440af
0x010440b6
0x010440bd
0x010440bd
0x01043d83
0x0109821f
0x01098229
0x01098238
0x01098238
0x0109823d
0x0109823d
0x01043da0
0x01043daf
0x01043db5
0x01043dba
0x01043dba
0x01043dd4
0x01043e94
0x01043eab
0x01043f6d
0x01043f84
0x0104406b
0x0104406b
0x0104406e
0x0104406e
0x01044070
0x01044074
0x01098351
0x01098351
0x0104407a
0x0104407f
0x0109835d
0x01098370
0x01098377
0x01098379
0x0109837c
0x0109837c
0x0109835d
0x00000000
0x0104407f
0x01043f8a
0x01043f8d
0x01043f90
0x01043f95
0x0109830d
0x0109830f
0x01043f9b
0x01043fac
0x01043fae
0x01043fb1
0x01043fb1
0x01043fb6
0x01098317
0x0109831a
0x00000000
0x01043fbc
0x01043fc1
0x01043fc9
0x01043fd7
0x01043fda
0x01043fdd
0x01044021
0x01044021
0x01044029
0x01044030
0x01044044
0x01044046
0x01044046
0x01044044
0x01044049
0x01098327
0x01098334
0x01098339
0x0109833c
0x0104404f
0x0104404f
0x0104404f
0x01044051
0x01044056
0x01044063
0x01044063
0x01044068
0x00000000
0x01044068
0x01043fdf
0x01043fe2
0x01043fe4
0x01043fe7
0x01043fef
0x01044003
0x01044005
0x01044005
0x0104400c
0x01044013
0x01044016
0x01044017
0x0104401b
0x0104401e
0x00000000
0x0104401e
0x01043fb6
0x01043eb1
0x01043eb4
0x01043eb7
0x01043ebc
0x010982a9
0x010982ab
0x01043ec2
0x01043ed3
0x01043ed5
0x01043ed8
0x01043ed8
0x01043edd
0x010982b3
0x010982b6
0x00000000
0x01043ee3
0x01043ee8
0x01043eed
0x01043ef0
0x01043ef3
0x01043f02
0x01043f05
0x01043f08
0x010982c0
0x010982c3
0x010982c5
0x010982c8
0x010982d0
0x010982e4
0x010982e6
0x010982e6
0x010982ed
0x010982f4
0x010982f7
0x010982f8
0x010982fc
0x010982ff
0x010982ff
0x01043f0e
0x01043f11
0x01043f16
0x01043f1d
0x01043f31
0x01098307
0x01098307
0x01043f31
0x01043f39
0x01043f48
0x01043f4d
0x01043f50
0x01043f50
0x01043f53
0x01043f58
0x01043f65
0x01043f65
0x01043f6a
0x00000000
0x01043f6a
0x01043edd
0x01043dda
0x01043ddd
0x01043de0
0x01043de5
0x01098245
0x01043deb
0x01043df7
0x01043dfc
0x01043dfe
0x01043e01
0x01043e01
0x01043e06
0x0109824d
0x0109824f
0x01098254
0x00000000
0x01043e0c
0x01043e11
0x01043e16
0x01043e19
0x01043e29
0x01043e2c
0x01043e2f
0x0109825c
0x0109825f
0x01098261
0x01098264
0x0109826c
0x01098280
0x01098282
0x01098282
0x01098289
0x01098290
0x01098293
0x01098294
0x01098298
0x0109829b
0x0109829b
0x01043e35
0x01043e38
0x01043e3d
0x01043e44
0x01043e58
0x010982a3
0x010982a3
0x01043e58
0x01043e60
0x01043e6f
0x01043e74
0x01043e77
0x01043e77
0x01043e7a
0x01043e7f
0x01043e8c
0x01043e8c
0x01043e91
0x00000000
0x01043e91

Strings

Kernel-MUI-Language-Disallowed, xrefs: 01043E97
Kernel-MUI-Number-Allowed, xrefs: 01043D8C
Kernel-MUI-Language-SKU, xrefs: 01043F70
Kernel-MUI-Language-Allowed, xrefs: 01043DC0
WindowsExcludedProcs, xrefs: 01043D6F

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
API String ID: 0-258546922
Opcode ID: 9528dd823387004d10745d878999033eb10958ba62e2a8eb0f9828462e51f280
Instruction ID: 044a1e7096a7f5330a327eb86589008427a7957603ad48f71248ed5315eb8e0c
Opcode Fuzzy Hash: 9528dd823387004d10745d878999033eb10958ba62e2a8eb0f9828462e51f280
Instruction Fuzzy Hash: C6F13DB2D00619EFCB11DF98C980AEEBBF9FF08650F1540AAE985E7250D7749E01DB90

Uniqueness

Uniqueness Score: -1.00%

Function 010340E1 Relevance: 6.3, Strings: 5, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 29%

			E010340E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0103B150();
					} else {
						E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0103B150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E0103B150(", passed to %s", _t29);
					}
					_push("\n");
					E0103B150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1126378 = 1;
						asm("int3");
						 *0x1126378 = 0;
					}
					return 0;
				}
				return 1;
			}

0x010340e6
0x010340e8
0x010340f1
0x0109042d
0x0109044c
0x01090451
0x0109042f
0x01090444
0x01090449
0x0109045d
0x01090466
0x0109046e
0x01090474
0x01090475
0x0109047a
0x0109048a
0x0109048c
0x01090493
0x01090494
0x01090494
0x00000000
0x0109049b
0x00000000

Strings

HEAP: , xrefs: 0109044C
Invalid heap signature for heap at %p, xrefs: 01090458
RtlAllocateHeap, xrefs: 01090468
HEAP[%wZ]: , xrefs: 0109043F
, passed to %s, xrefs: 01090469

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
API String ID: 0-188067316
Opcode ID: 1822ffd44b492f2861a0f30abe19ec6d128379d663ed39449d1d68221eb6b33d
Instruction ID: a4e8ad3aadfdff32b2583fc06d84a4304ccef20d21a76291875b7365ef07fe3b
Opcode Fuzzy Hash: 1822ffd44b492f2861a0f30abe19ec6d128379d663ed39449d1d68221eb6b33d
Instruction Fuzzy Hash: C601FC32105241AED3399B69E85DF9677ECDBC1F34F1940AEF0894F685CEED9480D611

Uniqueness

Uniqueness Score: -1.00%

Function 0105A830 Relevance: 5.4, Strings: 4, Instructions: 350
COMMONCrypto

Download Yara Rule

C-Code - Quality: 70%

			E0105A830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x1128748 - 1;
					if( *0x1128748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E0103B150();
									_t260 = _t257 + 4;
								} else {
									E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E0103B150();
								_t257 = _t260 + 4;
								__eflags =  *0x1127bc8;
								if(__eflags == 0) {
									E010F2073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E010FA80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E0108D5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E0105AB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E010FA80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E010FA80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x1128748 - 1;
					if( *0x1128748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E0103B150();
							} else {
								E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E0103B150();
							__eflags =  *0x1127bc8;
							if(__eflags == 0) {
								_t131 = E010F2073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}

0x0105a83a
0x0105a83c
0x0105a83e
0x0105a841
0x0105a844
0x0105a84a
0x0105aa53
0x0105aa59
0x0105aa59
0x0105a858
0x0105a85e
0x0105aaf5
0x0105aafc
0x010a229e
0x010a22a2
0x010a22a8
0x010a22b3
0x010a22b5
0x010a22bb
0x010a22c1
0x010a22c5
0x010a22e6
0x010a22eb
0x010a22f0
0x010a22c7
0x010a22dc
0x010a22e1
0x010a22e1
0x010a22f3
0x010a22f8
0x010a22fd
0x010a2300
0x010a2307
0x010a230e
0x010a230e
0x010a2313
0x010a2313
0x010a22b5
0x010a22a2
0x0105aafc
0x0105a864
0x0105a869
0x0105aa5c
0x0105aa5e
0x0105a86f
0x0105a87f
0x0105a885
0x0105a885
0x0105a88b
0x0105a890
0x0105a896
0x0105ab0c
0x0105ab0f
0x0105ab15
0x010a2320
0x010a2320
0x0105ab1b
0x0105a89c
0x0105a89f
0x0105a8a2
0x0105a8a2
0x0105a8a5
0x0105a8af
0x0105a8b3
0x0105a8b8
0x0105aa66
0x0105a8be
0x0105a8c5
0x0105a8c6
0x0105a8ce
0x010a2328
0x010a2332
0x010a2337
0x010a2337
0x0105a8ce
0x0105a8d4
0x0105a8d8
0x0105a8db
0x0105a8de
0x0105a8e1
0x0105a8e5
0x0105a8e8
0x0105a8f0
0x0105a8f3
0x010a234c
0x010a2350
0x010a2355
0x010a2359
0x010a2359
0x0105a8f9
0x0105a901
0x0105aae4
0x0105aae4
0x0105aaea
0x00000000
0x0105a907
0x0105a90a
0x0105a91d
0x0105a91d
0x00000000
0x0105a910
0x0105a910
0x0105a910
0x0105a914
0x0105a924
0x0105a924
0x0105a924
0x0105a924
0x0105a916
0x0105a91b
0x00000000
0x00000000
0x00000000
0x0105a91b
0x0105a925
0x0105a925
0x0105a932
0x0105a936
0x0105a93c
0x0105a93c
0x0105a93c
0x0105ab22
0x0105ab24
0x0105ab27
0x0105ab27
0x0105a942
0x0105a944
0x0105aaba
0x0105aabd
0x0105aac0
0x0105aac0
0x0105aac2
0x0105ab2f
0x0105aac4
0x0105aac4
0x0105aac7
0x0105aaca
0x0105aacc
0x0105aace
0x0105aace
0x0105aace
0x0105aad1
0x0105aad1
0x0105aad7
0x0105aad9
0x00000000
0x00000000
0x010a2361
0x010a2369
0x010a236b
0x00000000
0x010a2371
0x00000000
0x010a2371
0x00000000
0x010a236b
0x0105aac0
0x0105a94a
0x0105a94a
0x0105a94d
0x0105a94d
0x0105a950
0x0105a954
0x010a2376
0x010a2380
0x0105a95a
0x0105a95a
0x0105a95c
0x0105a95f
0x0105a961
0x0105a961
0x0105a967
0x0105a96a
0x0105a972
0x0105aa02
0x0105aa06
0x0105aa10
0x0105aa16
0x0105aa16
0x0105aa1b
0x0105aa21
0x0105aa24
0x0105aa27
0x0105aa29
0x0105aa2c
0x0105aa32
0x00000000
0x00000000
0x00000000
0x00000000
0x0105a978
0x0105a978
0x0105a97b
0x0105a981
0x0105a996
0x0105a998
0x0105a99f
0x0105a9a2
0x010a238a
0x0105a9a8
0x0105a9a8
0x0105a9a8
0x0105a9aa
0x0105a9ad
0x0105a9b0
0x0105a9bb
0x0105a9be
0x0105a9c7
0x0105a9c9
0x0105a9c9
0x0105a9cc
0x0105a9d1
0x0105aa6d
0x0105aa70
0x0105aa73
0x0105aa75
0x0105aa79
0x0105aa7e
0x0105aa82
0x0105aa8f
0x0105aa94
0x0105aa96
0x010a2392
0x010a23a1
0x010a23a1
0x0105aa9c
0x0105aa9f
0x0105aaa2
0x0105aaa2
0x0105aaa8
0x0105aaab
0x0105aaaf
0x00000000
0x0105aab5
0x00000000
0x0105aab5
0x0105a9d7
0x0105a9d7
0x0105a9da
0x0105a9e0
0x0105a9e3
0x0105a9e6
0x0105a9e9
0x0105a9eb
0x0105a9fd
0x0105a9fd
0x00000000
0x0105a9eb
0x00000000
0x00000000
0x00000000
0x0105a983
0x0105a983
0x0105a983
0x0105a987
0x0105a995
0x0105a995
0x0105a995
0x0105a995
0x0105a989
0x0105a98e
0x00000000
0x0105a990
0x00000000
0x0105a990
0x0105a98e
0x00000000
0x0105a983
0x0105a972
0x0105a90a
0x0105aa34
0x0105aa34
0x0105aa40
0x0105aa43
0x0105aa46
0x0105aa4d
0x010a23ab
0x010a23b2
0x010a23b8
0x010a23be
0x010a23c3
0x010a23c5
0x010a23cb
0x010a23d1
0x010a23d5
0x010a23f6
0x010a23fb
0x010a23d7
0x010a23ec
0x010a23f1
0x010a2403
0x010a2408
0x010a2410
0x010a2417
0x010a2422
0x010a2422
0x010a2417
0x010a23c5
0x010a23b2
0x00000000

Strings

((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 010A22F3
HEAP: , xrefs: 010A22E6, 010A23F6
HEAP[%wZ]: , xrefs: 010A22D7, 010A23E7
ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 010A2403

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
API String ID: 0-1657114761
Opcode ID: c41fb8c00d35f52ae3a16b4d502259dfebde0ac15016413c224a6a9fb116d312
Instruction ID: cfb41a5e12f0d950d315deece6e1162c96a921a49411b8622d91b181923d8329
Opcode Fuzzy Hash: c41fb8c00d35f52ae3a16b4d502259dfebde0ac15016413c224a6a9fb116d312
Instruction Fuzzy Hash: 9FD19F34B00246DFDB69CF68C490BBAB7F1BF48200F1586A9D9DA9B746E334A945CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0105A229 Relevance: 5.2, Strings: 4, Instructions: 183
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E0105A229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E0105DF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E01079730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E010FA80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E01079660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E0103B150();
					} else {
						E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E0103B150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E01057D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E010F138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E01057D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E01057D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E010F1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E01057D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E01057D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E010F1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E0108D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}

0x0105a229
0x0105a231
0x0105a23f
0x0105a242
0x0105a244
0x0105a24c
0x0105a255
0x0105a25a
0x0105a25f
0x010a1c76
0x010a1c78
0x010a1c7e
0x010a1c7f
0x010a1c81
0x010a1c82
0x010a1c84
0x010a1c89
0x010a1c8b
0x010a1c9e
0x010a1c9e
0x010a1cab
0x010a1cb2
0x00000000
0x010a1cb2
0x010a1c8d
0x010a1c92
0x00000000
0x00000000
0x010a1c94
0x010a1c98
0x00000000
0x00000000
0x00000000
0x010a1c98
0x0105a265
0x0105a265
0x0105a266
0x0105a26f
0x0105a270
0x0105a276
0x0105a277
0x0105a279
0x0105a27e
0x0105a282
0x010a1db5
0x010a1dbb
0x010a1dc1
0x010a1dc5
0x010a1de4
0x010a1de9
0x010a1dc7
0x010a1ddc
0x010a1de1
0x010a1def
0x010a1df3
0x010a1df7
0x010a1dfe
0x010a1e06
0x0105a302
0x0105a308
0x0105a308
0x0105a288
0x0105a28d
0x0105a294
0x010a1cc1
0x0105a29a
0x0105a29a
0x0105a29a
0x0105a29f
0x010a1ccb
0x010a1cd1
0x010a1cd8
0x010a1cea
0x010a1cea
0x010a1cd8
0x0105a2a9
0x0105a2af
0x0105a2bc
0x010a1cfd
0x0105a2c2
0x0105a2c2
0x0105a2c2
0x0105a2c7
0x010a1d07
0x010a1d0d
0x010a1d14
0x010a1d1f
0x010a1d21
0x010a1d2c
0x010a1d2c
0x010a1d2c
0x010a1d47
0x010a1d47
0x010a1d14
0x0105a2cd
0x0105a2d2
0x0105a2d9
0x010a1d5a
0x0105a2df
0x0105a2df
0x0105a2df
0x0105a2e4
0x010a1d69
0x010a1d6b
0x010a1d76
0x010a1d76
0x010a1d76
0x010a1d91
0x010a1d91
0x0105a2ea
0x0105a2f0
0x0105a2f5
0x010a1da8
0x010a1dad
0x010a1dad
0x0105a2fd
0x0105a300
0x00000000

Strings

ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 010A1DF9
HEAP: , xrefs: 010A1DE4
`, xrefs: 010A1C8D
HEAP[%wZ]: , xrefs: 010A1DD7

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID: InitializeThunk
String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
API String ID: 2994545307-2586055223
Opcode ID: 80c07d75dfb55fd87dedbefbd420b51cb2d4ed3afd8e7786f20579d270a361d4
Instruction ID: eb310791495c42e554916a8e120dff34dea9077783ad9ec5a109d1152f47c8b0
Opcode Fuzzy Hash: 80c07d75dfb55fd87dedbefbd420b51cb2d4ed3afd8e7786f20579d270a361d4
Instruction Fuzzy Hash: E451F4322056819FD362EBACC845F6B7BE8FB84B50F0805A8F9D58B292D775D900CB61

Uniqueness

Uniqueness Score: -1.00%

Function 010F49A4 Relevance: 5.1, Strings: 4, Instructions: 114COMMON

Download Yara Rule

Strings

This is located in the %s field of the heap header., xrefs: 010F4AD6
HEAP: , xrefs: 010F4A4A, 010F4A5D, 010F4A5F, 010F4AC4
Heap %p - headers modified (%p is %lx instead of %lx), xrefs: 010F4A61
HEAP[%wZ]: , xrefs: 010F4A3D, 010F4AB7

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID: InitializeThunk
String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
API String ID: 2994545307-336120773
Opcode ID: 12c806d16c006fe3849e49c3f56243c6bb318fcb6bd52f78ec82a82e186fe4dc
Instruction ID: af339ea1bc0f2cc486a722dea75ce4974eedd3f0e1be2b3b4779399b810dabe9
Opcode Fuzzy Hash: 12c806d16c006fe3849e49c3f56243c6bb318fcb6bd52f78ec82a82e186fe4dc
Instruction Fuzzy Hash: DB313736200115EFD320DB69C886FAB77E8EF44624F14419EFBC5CB651EA75E888CB58

Uniqueness

Uniqueness Score: -1.00%

Function 010F3518 Relevance: 5.1, Strings: 4, Instructions: 55
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E010F3518(signed int* __ecx) {
				char _v8;
				void* _t11;
				signed int* _t34;

				_push(__ecx);
				_t34 = __ecx;
				if(__ecx !=  *((intOrPtr*)( *[fs:0x30] + 0x18))) {
					if(E010340E1("RtlDestroyHeap") == 0 || E010F4496(__ecx, 0) == 0) {
						goto L5;
					} else {
						_t32 = __ecx + 0x80;
						 *((intOrPtr*)(__ecx + 0x60)) = 0;
						if( *((intOrPtr*)(__ecx + 0x80)) != 0) {
							_v8 = 0;
							E0106174B(_t32,  &_v8, 0x8000);
						}
						_t11 = 1;
					}
				} else {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0103B150();
					} else {
						E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0103B150("May not destroy the process heap at %p\n", _t34);
					L5:
					_t11 = 0;
				}
				return _t11;
			}

0x010f351d
0x010f3525
0x010f352a
0x010f357d
0x00000000
0x010f358c
0x010f358e
0x010f3594
0x010f3599
0x010f359b
0x010f35a7
0x010f35a7
0x010f35ac
0x010f35ac
0x010f352c
0x010f3536
0x010f3555
0x010f355a
0x010f3538
0x010f354d
0x010f3552
0x010f3566
0x010f356d
0x010f356d
0x010f356d
0x010f35b2

Strings

HEAP: , xrefs: 010F3555
May not destroy the process heap at %p, xrefs: 010F3561
HEAP[%wZ]: , xrefs: 010F3548
RtlDestroyHeap, xrefs: 010F3571

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $May not destroy the process heap at %p$RtlDestroyHeap
API String ID: 0-4256168463
Opcode ID: e502d2344c7f4cee92138800ffaebb46c897b25e3f6638caa08f312c7af7aa65
Instruction ID: 197aa17bf22c073eb45f85f7f99446a5a34aa9c25102f1ef441704c2e349c5c2
Opcode Fuzzy Hash: e502d2344c7f4cee92138800ffaebb46c897b25e3f6638caa08f312c7af7aa65
Instruction Fuzzy Hash: 37014E321102019FCB61EB69C44AFDA73E8FBC2E30F04849DE5C59F741DA75E844CA50

Uniqueness

Uniqueness Score: -1.00%

Function 010599BF Relevance: 4.3, Strings: 3, Instructions: 572
COMMONCrypto

Download Yara Rule

C-Code - Quality: 78%

			E010599BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E010EFA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E010FA80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E0108D540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E0103B150();
										} else {
											E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E0103B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x1126378 = 1;
											asm("int3");
											 *0x1126378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E0105A229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E0105A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E0105BC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E010FA80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E0105A229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E0105A309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E0108D540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E0103B150();
								} else {
									E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E0103B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x1126378 = 1;
									asm("int3");
									 *0x1126378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E010EFA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E010FA80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E0108D540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E0103B150();
													} else {
														E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E0103B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x1126378 = 1;
														asm("int3");
														 *0x1126378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E0105A229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E0105A309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E0105BC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E010FA80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E0108D540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E0103B150();
													} else {
														E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E0103B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x1126378 = 1;
														asm("int3");
														 *0x1126378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E0105A229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E0105A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E0105BC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E0105BC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}

0x010599ca
0x010599cc
0x010599df
0x010599e3
0x010599f8
0x010599fb
0x010599fb
0x00000000
0x01059a48
0x01059a48
0x01059a4c
0x01059a51
0x01059a55
0x01059a61
0x01059a66
0x01059a68
0x010a1457
0x010a145c
0x010a145c
0x01059a68
0x01059a6e
0x01059a71
0x01059a74
0x01059a76
0x010a1466
0x010a1469
0x010a1469
0x010a146c
0x010a146e
0x010a1471
0x010a1474
0x010a1477
0x010a1479
0x010a159c
0x010a159c
0x010a159d
0x010a15a6
0x010a15ab
0x010a15ab
0x00000000
0x010a15ab
0x010a147f
0x010a1481
0x00000000
0x00000000
0x010a148a
0x010a148d
0x010a1493
0x010a1495
0x010a14c0
0x010a14c0
0x010a14c3
0x010a14c6
0x010a14c8
0x010a14cb
0x010a14cf
0x010a14f2
0x010a14f2
0x010a14f5
0x010a14f8
0x010a1501
0x010a1508
0x010a150b
0x010a150e
0x010a1510
0x010a1513
0x010a1515
0x010a1515
0x010a1518
0x010a1518
0x010a1513
0x010a1521
0x010a1525
0x010a152a
0x010a152d
0x010a1530
0x010a1532
0x010a1539
0x010a153d
0x010a155d
0x010a1562
0x010a153f
0x010a1555
0x010a155a
0x010a1570
0x010a1577
0x010a157c
0x010a1582
0x010a1585
0x010a1589
0x010a158b
0x010a1592
0x010a1593
0x010a1593
0x010a1589
0x010a1530
0x00000000
0x010a14f8
0x010a14d5
0x010a14da
0x010a14dc
0x00000000
0x010a14de
0x010a14e8
0x00000000
0x010a14e8
0x010a1497
0x010a1497
0x010a14a4
0x010a14a4
0x010a14a7
0x010a14a9
0x010a14ab
0x010a14ab
0x010a149c
0x010a149e
0x010a14a0
0x010a14b0
0x010a14b0
0x00000000
0x010a14a2
0x010a14a2
0x00000000
0x010a14a2
0x010a14a0
0x010a14b3
0x010a14bb
0x00000000
0x010a14bb
0x010a1495
0x01059a7c
0x01059a7c
0x01059a7f
0x01059a7f
0x01059a82
0x01059a84
0x01059a87
0x01059a8a
0x01059a8d
0x01059a8f
0x010a166a
0x010a166a
0x010a166b
0x010a1674
0x00000000
0x010a1674
0x01059a95
0x01059a97
0x00000000
0x00000000
0x01059aa0
0x01059aa3
0x01059aa9
0x01059aab
0x01059ad7
0x01059ad7
0x01059ada
0x01059add
0x01059adf
0x01059ae2
0x01059ae6
0x01059b22
0x01059b27
0x01059b29
0x00000000
0x01059b2b
0x010a15be
0x00000000
0x010a15be
0x01059b29
0x01059ae8
0x01059ae8
0x01059aeb
0x01059aee
0x010a15cb
0x010a15d2
0x010a15d5
0x010a15d7
0x010a15da
0x010a15dc
0x010a15dc
0x010a15dc
0x010a15da
0x010a15e5
0x010a15e9
0x010a15ee
0x010a15f1
0x010a15f3
0x010a15f9
0x010a1600
0x010a1604
0x010a1624
0x010a1629
0x010a1606
0x010a161c
0x010a1621
0x010a1637
0x010a163e
0x010a1643
0x010a1649
0x010a164c
0x010a1650
0x010a1656
0x010a165d
0x010a165e
0x010a165e
0x010a1650
0x010a15f3
0x01059af4
0x01059af7
0x01059afc
0x01059b00
0x01059b04
0x01059b08
0x01059b14
0x010599fe
0x01059a04
0x01059a07
0x00000000
0x01059a29
0x010a169c
0x010a16a0
0x010a16a5
0x010a16a9
0x010a16b5
0x010a16ba
0x010a16bc
0x010a16be
0x010a16c3
0x010a16c3
0x010a16bc
0x010a16c8
0x010a16cc
0x010a181b
0x010a181b
0x010a181e
0x010a181e
0x010a1821
0x010a1823
0x010a1826
0x010a1829
0x010a182c
0x010a182e
0x010a1688
0x010a1688
0x010a1689
0x010a168b
0x010a168c
0x010a168d
0x010a168f
0x010a1692
0x00000000
0x010a1692
0x010a1834
0x010a1836
0x00000000
0x00000000
0x010a183f
0x010a1842
0x010a1848
0x010a184a
0x010a1875
0x010a1875
0x010a1878
0x010a187b
0x010a187d
0x010a1880
0x010a1884
0x010a18a7
0x010a18a7
0x010a18aa
0x010a18ad
0x010a18b6
0x010a18bd
0x010a18c0
0x010a18c3
0x010a18c5
0x010a18c8
0x010a18ca
0x010a18ca
0x010a18cd
0x010a18cd
0x010a18c8
0x010a18d5
0x010a18da
0x010a18df
0x010a18e2
0x010a18e5
0x010a18e7
0x010a18ee
0x010a18f2
0x010a1912
0x010a1917
0x010a18f4
0x010a190a
0x010a190f
0x010a1925
0x010a192c
0x010a1931
0x010a193a
0x010a193e
0x010a1940
0x010a1947
0x010a1948
0x010a1948
0x010a193e
0x010a18e5
0x010a194f
0x010a1952
0x010a1956
0x010a195d
0x010a1961
0x010a196d
0x00000000
0x010a196d
0x010a188a
0x010a188f
0x010a1891
0x00000000
0x00000000
0x010a189d
0x00000000
0x010a189d
0x010a184c
0x010a1859
0x010a1859
0x010a185c
0x00000000
0x00000000
0x010a1851
0x010a1853
0x010a1855
0x010a1865
0x010a1865
0x010a1866
0x010a1868
0x010a1870
0x00000000
0x010a1870
0x010a1857
0x010a1857
0x010a185e
0x00000000
0x010a16d2
0x010a16d2
0x010a16d5
0x010a16d5
0x010a16d8
0x010a16da
0x010a16dd
0x010a16e0
0x010a16e3
0x010a16e5
0x010a1808
0x010a1808
0x010a1809
0x010a1812
0x010a1817
0x010a1817
0x00000000
0x010a1817
0x010a16eb
0x010a16ed
0x00000000
0x00000000
0x010a16f6
0x010a16f9
0x010a16ff
0x010a1701
0x010a172c
0x010a172c
0x010a172f
0x010a1732
0x010a1734
0x010a1737
0x010a173b
0x010a175e
0x010a175e
0x010a1761
0x010a1764
0x010a176d
0x010a1774
0x010a1777
0x010a177a
0x010a177c
0x010a177f
0x010a1781
0x010a1781
0x010a1784
0x010a1784
0x010a177f
0x010a178c
0x010a1791
0x010a1796
0x010a1799
0x010a179c
0x010a179e
0x010a17a5
0x010a17a9
0x010a17c9
0x010a17ce
0x010a17ab
0x010a17c1
0x010a17c6
0x010a17dc
0x010a17e3
0x010a17e8
0x010a17ee
0x010a17f1
0x010a17f5
0x010a17f7
0x010a17fe
0x010a17ff
0x010a17ff
0x010a17f5
0x010a179c
0x00000000
0x010a1764
0x010a1741
0x010a1746
0x010a1748
0x00000000
0x00000000
0x010a1754
0x00000000
0x010a1754
0x010a1703
0x010a1710
0x010a1710
0x010a1713
0x00000000
0x00000000
0x010a1708
0x010a170a
0x010a170c
0x010a171c
0x010a171c
0x010a171d
0x010a171f
0x010a1727
0x00000000
0x010a1727
0x010a170e
0x010a170e
0x010a1715
0x00000000
0x010a1715
0x010a16cc
0x01059a45
0x01059a45
0x01059a0e
0x01059a1c
0x01059a23
0x010a167e
0x010a167f
0x010a1681
0x010a1683
0x010a1684
0x00000000
0x010a1684
0x00000000
0x01059aad
0x01059aad
0x01059ab0
0x01059ab3
0x01059ab3
0x01059ab6
0x00000000
0x00000000
0x01059ab8
0x01059aba
0x01059abc
0x01059ac8
0x01059ac8
0x00000000
0x01059abe
0x01059abe
0x01059ac0
0x00000000
0x01059ac0
0x01059abc
0x01059ad2
0x00000000
0x01059ad2
0x01059aab

Strings

HEAP: , xrefs: 010A155D, 010A1624, 010A17C9, 010A1912
HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 010A1572, 010A1639, 010A17DE, 010A1927
HEAP[%wZ]: , xrefs: 010A1550, 010A1617, 010A17BC, 010A1905

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: 6dd9380bbf3ffc350974d5f323ddbaf0974aa8c1909560b0b5b23ee3b2e6477a
Instruction ID: 1734fc972ef3b16d4b16bf462ad970289ab2b645fac71be95d72a804d6b4d8c9
Opcode Fuzzy Hash: 6dd9380bbf3ffc350974d5f323ddbaf0974aa8c1909560b0b5b23ee3b2e6477a
Instruction Fuzzy Hash: 7722F270600246DFEB65CFACC484BBABBF5EF45704F5885A9E8C68B282D775D881CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0105B477 Relevance: 4.2, Strings: 3, Instructions: 405
COMMONCrypto

Download Yara Rule

C-Code - Quality: 67%

			E0105B477(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int* _v20;
				signed int _v24;
				char _v28;
				signed int _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t139;
				void* _t141;
				signed int* _t143;
				signed int* _t144;
				intOrPtr* _t147;
				char _t160;
				signed int* _t163;
				signed char* _t164;
				intOrPtr _t165;
				signed int* _t167;
				signed char* _t168;
				intOrPtr _t193;
				intOrPtr* _t195;
				signed int _t203;
				signed int _t209;
				signed int _t211;
				intOrPtr _t214;
				intOrPtr* _t231;
				intOrPtr* _t236;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t240;
				intOrPtr _t241;
				char _t243;
				signed int _t252;
				signed int _t254;
				signed char _t259;
				signed int _t264;
				signed int _t268;
				intOrPtr _t277;
				unsigned int _t279;
				signed int* _t283;
				intOrPtr* _t284;
				unsigned int _t287;
				signed int _t291;
				signed int _t293;

				_v8 =  *0x112d360 ^ _t293;
				_t223 = __edx;
				_v20 = __edx;
				_t291 = __ecx;
				_t276 =  *__edx;
				_t231 = E0105B8E4( *__edx);
				_t292 = __ecx + 0x8c;
				_v16 = _t231;
				if(_t231 == __ecx + 0x8c) {
					L38:
					_t131 = 0;
					L34:
					return E0107B640(_t131, _t223, _v8 ^ _t293, _t276, _t291, _t292);
				}
				if( *0x1128748 >= 1) {
					__eflags =  *((intOrPtr*)(_t231 + 0x14)) -  *__edx;
					if(__eflags < 0) {
						_t214 =  *[fs:0x30];
						__eflags =  *(_t214 + 0xc);
						if( *(_t214 + 0xc) == 0) {
							_push("HEAP: ");
							E0103B150();
						} else {
							E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(UCRBlock->Size >= *Size)");
						E0103B150();
						__eflags =  *0x1127bc8;
						if(__eflags == 0) {
							__eflags = 1;
							E010F2073(_t223, 1, _t291, 1);
						}
						_t231 = _v16;
					}
				}
				_t5 = _t231 - 8; // -8
				_t292 = _t5;
				_t134 =  *((intOrPtr*)(_t292 + 6));
				if(_t134 != 0) {
					_t223 = (_t292 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
				} else {
					_t223 = _t291;
				}
				_t276 = _v20;
				_v28 =  *((intOrPtr*)(_t231 + 0x10));
				_t139 =  *(_t291 + 0xcc) ^  *0x1128a68;
				_v12 = _t139;
				if(_t139 != 0) {
					 *0x112b1e0(_t291,  &_v28, _t276);
					_t141 = _v12();
					goto L8;
				} else {
					_t203 =  *((intOrPtr*)(_t231 + 0x14));
					_v12 = _t203;
					if(_t203 -  *_t276 <=  *(_t291 + 0x6c) << 3) {
						_t264 = _v12;
						__eflags = _t264 -  *(_t291 + 0x5c) << 3;
						if(__eflags < 0) {
							 *_t276 = _t264;
						}
					}
					_t209 =  *(_t291 + 0x40) & 0x00040000;
					asm("sbb ecx, ecx");
					_t268 = ( ~_t209 & 0x0000003c) + 4;
					_v12 = _t268;
					if(_t209 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v48);
						_push(3);
						_push(_t291);
						_push(0xffffffff);
						_t211 = E01079730();
						__eflags = _t211;
						if(_t211 < 0) {
							L56:
							_push(_t268);
							_t276 = _t291;
							E010FA80D(_t291, 1, _v44, 0);
							_t268 = 4;
							goto L7;
						}
						__eflags = _v44 & 0x00000060;
						if((_v44 & 0x00000060) == 0) {
							goto L56;
						}
						__eflags = _v48 - _t291;
						if(__eflags != 0) {
							goto L56;
						}
						_t268 = _v12;
					}
					L7:
					_push(_t268);
					_push(0x1000);
					_push(_v20);
					_push(0);
					_push( &_v28);
					_push(0xffffffff);
					_t141 = E01079660();
					 *((intOrPtr*)(_t291 + 0x20c)) =  *((intOrPtr*)(_t291 + 0x20c)) + 1;
					L8:
					if(_t141 < 0) {
						 *((intOrPtr*)(_t291 + 0x214)) =  *((intOrPtr*)(_t291 + 0x214)) + 1;
						goto L38;
					}
					_t143 =  *( *[fs:0x30] + 0x50);
					if(_t143 != 0) {
						__eflags =  *_t143;
						if(__eflags == 0) {
							goto L10;
						}
						_t144 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
						L11:
						if( *_t144 != 0) {
							__eflags =  *( *[fs:0x30] + 0x240) & 0x00000001;
							if(__eflags != 0) {
								E010F138A(_t223, _t291, _v28,  *_v20, 2);
							}
						}
						if( *((intOrPtr*)(_t291 + 0x4c)) != 0) {
							_t287 =  *(_t291 + 0x50) ^  *_t292;
							 *_t292 = _t287;
							_t259 = _t287 >> 0x00000010 ^ _t287 >> 0x00000008 ^ _t287;
							if(_t287 >> 0x18 != _t259) {
								_push(_t259);
								E010EFA2B(_t223, _t291, _t292, _t291, _t292, __eflags);
							}
						}
						_t147 = _v16 + 8;
						 *((char*)(_t292 + 2)) = 0;
						 *((char*)(_t292 + 7)) = 0;
						_t236 =  *((intOrPtr*)(_t147 + 4));
						_t277 =  *_t147;
						_v24 = _t236;
						_t237 =  *_t236;
						_v12 = _t237;
						_t238 = _v16;
						if(_t237 !=  *((intOrPtr*)(_t277 + 4)) || _v12 != _t147) {
							_push(_t238);
							_push(_v12);
							E010FA80D(0, 0xd, _t147,  *((intOrPtr*)(_t277 + 4)));
							_t238 = _v16;
						} else {
							_t195 = _v24;
							 *_t195 = _t277;
							 *((intOrPtr*)(_t277 + 4)) = _t195;
						}
						if( *(_t238 + 0x14) == 0) {
							L22:
							_t223[0x30] = _t223[0x30] - 1;
							_t223[0x2c] = _t223[0x2c] - ( *(_t238 + 0x14) >> 0xc);
							 *((intOrPtr*)(_t291 + 0x1e8)) =  *((intOrPtr*)(_t291 + 0x1e8)) +  *(_t238 + 0x14);
							 *((intOrPtr*)(_t291 + 0x1fc)) =  *((intOrPtr*)(_t291 + 0x1fc)) + 1;
							 *((intOrPtr*)(_t291 + 0x1f8)) =  *((intOrPtr*)(_t291 + 0x1f8)) - 1;
							_t279 =  *(_t238 + 0x14);
							if(_t279 >= 0x7f000) {
								 *((intOrPtr*)(_t291 + 0x1ec)) =  *((intOrPtr*)(_t291 + 0x1ec)) - _t279;
								_t279 =  *(_t238 + 0x14);
							}
							_t152 = _v20;
							_t240 =  *_v20;
							_v12 = _t240;
							_t241 = _v16;
							if(_t279 <= _t240) {
								__eflags =  *((intOrPtr*)(_t241 + 0x10)) + _t279 - _t223[0x28];
								if( *((intOrPtr*)(_t241 + 0x10)) + _t279 != _t223[0x28]) {
									 *_v20 = _v12 + ( *_t292 & 0x0000ffff) * 8;
									L26:
									_t243 = 0;
									 *((char*)(_t292 + 3)) = 0;
									_t276 = _t223[0x18];
									if(_t223[0x18] != _t223) {
										_t160 = (_t292 - _t223 >> 0x10) + 1;
										_v24 = _t160;
										__eflags = _t160 - 0xfe;
										if(_t160 >= 0xfe) {
											_push(0);
											_push(0);
											E010FA80D(_t276, 3, _t292, _t223);
											_t160 = _v24;
										}
										_t243 = _t160;
									}
									 *((char*)(_t292 + 6)) = _t243;
									_t163 =  *( *[fs:0x30] + 0x50);
									if(_t163 != 0) {
										__eflags =  *_t163;
										if( *_t163 == 0) {
											goto L28;
										}
										_t227 = 0x7ffe0380;
										_t164 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
										goto L29;
									} else {
										L28:
										_t227 = 0x7ffe0380;
										_t164 = 0x7ffe0380;
										L29:
										if( *_t164 != 0) {
											_t165 =  *[fs:0x30];
											__eflags =  *(_t165 + 0x240) & 0x00000001;
											if(( *(_t165 + 0x240) & 0x00000001) != 0) {
												__eflags = E01057D50();
												if(__eflags != 0) {
													_t227 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x89]);
												}
												_t276 = _t292;
												E010F1582(_t227, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t227 & 0x000000ff);
											}
										}
										_t223 = 0x7ffe038a;
										_t167 =  *( *[fs:0x30] + 0x50);
										if(_t167 != 0) {
											__eflags =  *_t167;
											if( *_t167 == 0) {
												goto L31;
											}
											_t168 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
											goto L32;
										} else {
											L31:
											_t168 = _t223;
											L32:
											if( *_t168 != 0) {
												__eflags = E01057D50();
												if(__eflags != 0) {
													_t223 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
												}
												_t276 = _t292;
												E010F1582(_t223, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t223 & 0x000000ff);
											}
											_t131 = _t292;
											goto L34;
										}
									}
								}
								_t152 = _v20;
							}
							E0105B73D(_t291, _t223,  *((intOrPtr*)(_t241 + 0x10)) + _v12 + 0xffffffe8, _t279 - _v12, _t292, _t152);
							 *_v20 =  *_v20 << 3;
							goto L26;
						} else {
							_t283 =  *(_t291 + 0xb8);
							if(_t283 != 0) {
								_t190 =  *(_t238 + 0x14) >> 0xc;
								while(1) {
									__eflags = _t190 - _t283[1];
									if(_t190 < _t283[1]) {
										break;
									}
									_t252 =  *_t283;
									__eflags = _t252;
									_v24 = _t252;
									_t238 = _v16;
									if(_t252 == 0) {
										_t190 = _t283[1] - 1;
										__eflags = _t283[1] - 1;
										L70:
										E0105BC04(_t291, _t283, 0, _t238, _t190,  *(_t238 + 0x14));
										_t238 = _v16;
										goto L19;
									}
									_t283 = _v24;
								}
								goto L70;
							}
							L19:
							_t193 =  *_t238;
							_t284 =  *((intOrPtr*)(_t238 + 4));
							_t254 =  *((intOrPtr*)(_t193 + 4));
							_v24 = _t254;
							_t238 = _v16;
							if( *_t284 != _t254 ||  *_t284 != _t238) {
								_push(_t238);
								_push( *_t284);
								E010FA80D(0, 0xd, _t238, _v24);
								_t238 = _v16;
							} else {
								 *_t284 = _t193;
								 *((intOrPtr*)(_t193 + 4)) = _t284;
							}
							goto L22;
						}
					}
					L10:
					_t144 = 0x7ffe0380;
					goto L11;
				}
			}

0x0105b486
0x0105b48a
0x0105b48e
0x0105b491
0x0105b493
0x0105b49a
0x0105b49c
0x0105b4a2
0x0105b4a7
0x0105b6fc
0x0105b6fc
0x0105b6b3
0x0105b6c3
0x0105b6c3
0x0105b4b4
0x010a294f
0x010a2951
0x010a2957
0x010a295d
0x010a2961
0x010a2980
0x010a2985
0x010a2963
0x010a2978
0x010a297d
0x010a298b
0x010a2990
0x010a2995
0x010a299d
0x010a29a1
0x010a29a2
0x010a29a2
0x010a29a7
0x010a29a7
0x010a2951
0x0105b4ba
0x0105b4ba
0x0105b4bd
0x0105b4c2
0x0105b6d4
0x0105b4c8
0x0105b4c8
0x0105b4c8
0x0105b4cd
0x0105b4d0
0x0105b4d9
0x0105b4df
0x0105b4e2
0x010a29b7
0x010a29bd
0x00000000
0x0105b4e8
0x0105b4e8
0x0105b4ef
0x0105b4fa
0x0105b703
0x0105b709
0x0105b70b
0x0105b711
0x0105b711
0x0105b70b
0x0105b503
0x0105b50c
0x0105b511
0x0105b514
0x0105b519
0x010a29c5
0x010a29c7
0x010a29cc
0x010a29cd
0x010a29cf
0x010a29d0
0x010a29d2
0x010a29d7
0x010a29d9
0x010a29ee
0x010a29ee
0x010a29f4
0x010a29fa
0x010a2a01
0x00000000
0x010a2a01
0x010a29db
0x010a29df
0x00000000
0x00000000
0x010a29e1
0x010a29e4
0x00000000
0x00000000
0x010a29e6
0x010a29e6
0x0105b51f
0x0105b51f
0x0105b520
0x0105b525
0x0105b52b
0x0105b52d
0x0105b52e
0x0105b530
0x0105b535
0x0105b53b
0x0105b53d
0x010a2a07
0x00000000
0x010a2a07
0x0105b549
0x0105b54e
0x010a2a12
0x010a2a15
0x00000000
0x00000000
0x010a2a24
0x0105b559
0x0105b55c
0x010a2a34
0x010a2a3b
0x010a2a4d
0x010a2a4d
0x010a2a3b
0x0105b566
0x0105b56b
0x0105b56f
0x0105b57b
0x0105b582
0x010a2a57
0x010a2a5c
0x010a2a5c
0x0105b582
0x0105b58b
0x0105b58e
0x0105b592
0x0105b596
0x0105b599
0x0105b59b
0x0105b59e
0x0105b5a3
0x0105b5a6
0x0105b5a9
0x010a2a66
0x010a2a67
0x010a2a73
0x010a2a78
0x0105b5b8
0x0105b5b8
0x0105b5bb
0x0105b5bd
0x0105b5bd
0x0105b5c4
0x0105b5f7
0x0105b5f7
0x0105b600
0x0105b606
0x0105b60c
0x0105b612
0x0105b618
0x0105b621
0x0105b623
0x0105b629
0x0105b629
0x0105b62c
0x0105b62f
0x0105b633
0x0105b636
0x0105b639
0x0105b71d
0x0105b720
0x0105b736
0x0105b660
0x0105b660
0x0105b662
0x0105b665
0x0105b66a
0x0105b6e6
0x0105b6e7
0x0105b6ea
0x0105b6ef
0x010a2ad1
0x010a2ad2
0x010a2ad8
0x010a2add
0x010a2add
0x0105b6f5
0x0105b6f5
0x0105b672
0x0105b675
0x0105b67a
0x010a2ae5
0x010a2ae8
0x00000000
0x00000000
0x010a2af4
0x010a2afc
0x00000000
0x0105b680
0x0105b680
0x0105b680
0x0105b685
0x0105b687
0x0105b68a
0x010a2b06
0x010a2b0c
0x010a2b13
0x010a2b1e
0x010a2b20
0x010a2b2b
0x010a2b2b
0x010a2b2b
0x010a2b34
0x010a2b45
0x010a2b45
0x010a2b13
0x0105b696
0x0105b69b
0x0105b6a0
0x010a2b4f
0x010a2b52
0x00000000
0x00000000
0x010a2b61
0x00000000
0x0105b6a6
0x0105b6a6
0x0105b6a6
0x0105b6a8
0x0105b6ab
0x010a2b70
0x010a2b72
0x010a2b7d
0x010a2b7d
0x010a2b7d
0x010a2b86
0x010a2b97
0x010a2b97
0x0105b6b1
0x00000000
0x0105b6b1
0x0105b6a0
0x0105b67a
0x0105b722
0x0105b722
0x0105b655
0x0105b65d
0x00000000
0x0105b5c6
0x0105b5c6
0x0105b5ce
0x010a2a83
0x010a2a97
0x010a2a97
0x010a2a9a
0x00000000
0x00000000
0x010a2a88
0x010a2a8a
0x010a2a8c
0x010a2a8f
0x010a2a92
0x010a2aa1
0x010a2aa1
0x010a2aa2
0x010a2aab
0x010a2ab0
0x00000000
0x010a2ab0
0x010a2a94
0x010a2a94
0x00000000
0x010a2a9c
0x0105b5d4
0x0105b5d4
0x0105b5d6
0x0105b5d9
0x0105b5de
0x0105b5e1
0x0105b5e4
0x010a2ab8
0x010a2ab9
0x010a2ac4
0x010a2ac9
0x0105b5f2
0x0105b5f2
0x0105b5f4
0x0105b5f4
0x00000000
0x0105b5e4
0x0105b5c4
0x0105b554
0x0105b554
0x00000000
0x0105b554

Strings

HEAP: , xrefs: 010A2980
(UCRBlock->Size >= *Size), xrefs: 010A298B
HEAP[%wZ]: , xrefs: 010A2973

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-4253913091
Opcode ID: 320f941255d6abba318eb91a160e04a649d05217a065234ef275b2b21b319996
Instruction ID: 6258f35f0a5d1b4f8e1cb5241206d0be35ec6dd335407ef7a4dacecfb83b3b3b
Opcode Fuzzy Hash: 320f941255d6abba318eb91a160e04a649d05217a065234ef275b2b21b319996
Instruction Fuzzy Hash: E7E18D70600205DFDB69CF68C894BBEBBF6FB48704F1481A9E9969B391D734E941CB60

Uniqueness

Uniqueness Score: -1.00%

Function 01032FB0 Relevance: 4.0, Strings: 3, Instructions: 262
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E01032FB0(signed int* _a4) {
				signed int _v8;
				void* _v36;
				void* _v62;
				void* _v68;
				void* _v72;
				signed int _v96;
				void* _v98;
				char _v100;
				void* _v104;
				void* _v108;
				void* _v112;
				void* _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int* _t62;
				intOrPtr _t64;
				signed int* _t83;
				signed int _t84;
				signed int _t88;
				char* _t89;
				intOrPtr _t93;
				void* _t99;
				signed int* _t102;
				intOrPtr _t103;
				void* _t104;
				signed int* _t107;
				signed int _t108;
				char* _t115;
				signed int _t118;
				signed int _t124;
				void* _t125;
				void* _t126;
				signed int _t127;
				intOrPtr* _t128;
				void* _t135;
				intOrPtr _t137;
				signed int* _t159;
				void* _t160;
				void* _t162;
				intOrPtr* _t164;
				void* _t167;
				signed int* _t168;
				signed int* _t169;
				signed int _t172;
				signed int _t174;

				_t174 = (_t172 & 0xfffffff8) - 0x64;
				_v8 =  *0x112d360 ^ _t174;
				_push(_t125);
				_t159 = _a4;
				if(_t159 == 0) {
					__eflags =  *0x1128748 - 2;
					if( *0x1128748 >= 2) {
						_t64 =  *[fs:0x30];
						__eflags =  *(_t64 + 0xc);
						if( *(_t64 + 0xc) == 0) {
							_push("HEAP: ");
							E0103B150();
						} else {
							E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(HeapHandle != NULL)");
						E0103B150();
						__eflags =  *0x1127bc8;
						if(__eflags == 0) {
							_t135 = 2;
							E010F2073(_t125, _t135, _t159, __eflags);
						}
					}
					L26:
					_t62 = 0;
					L27:
					_pop(_t160);
					_pop(_t162);
					_pop(_t126);
					return E0107B640(_t62, _t126, _v8 ^ _t174, _t155, _t160, _t162);
				}
				if( *((intOrPtr*)(_t159 + 8)) == 0xddeeddee) {
					_t137 =  *[fs:0x30];
					__eflags = _t159 -  *((intOrPtr*)(_t137 + 0x18));
					if(_t159 ==  *((intOrPtr*)(_t137 + 0x18))) {
						L30:
						_t62 = _t159;
						goto L27;
					}
					_t138 =  *(_t159 + 0x20);
					__eflags =  *(_t159 + 0x20);
					if( *(_t159 + 0x20) != 0) {
						_t155 = _t159;
						E010DCB1E(_t138, _t159, 0, 8, 0);
					}
					E010331B0(_t125, _t159, _t155);
					E010F274F(_t159);
					_t155 = 1;
					E01061249(_t159, 1, 0, 0);
					E010FB581(_t159);
					goto L26;
				}
				if(( *(_t159 + 0x44) & 0x01000000) != 0) {
					_t164 =  *0x1125718; // 0x0
					 *0x112b1e0(_t159);
					_t62 =  *_t164();
					goto L27;
				}
				_t144 =  *((intOrPtr*)(_t159 + 0x58));
				if( *((intOrPtr*)(_t159 + 0x58)) != 0) {
					_t155 = _t159;
					E010DCB1E(_t144, _t159, 0, 8, 0);
				}
				E010331B0(_t125, _t159, _t155);
				if(( *(_t159 + 0x40) & 0x61000000) != 0) {
					__eflags =  *(_t159 + 0x40) & 0x10000000;
					if(( *(_t159 + 0x40) & 0x10000000) != 0) {
						goto L5;
					}
					_t124 = E010F3518(_t159);
					__eflags = _t124;
					if(_t124 == 0) {
						goto L30;
					}
					goto L5;
				} else {
					L5:
					if(_t159 ==  *((intOrPtr*)( *[fs:0x30] + 0x18))) {
						goto L30;
					} else {
						_t155 = 1;
						E01061249(_t159, 1, 0, 0);
						_t83 = _t159 + 0x9c;
						_t127 =  *_t83;
						while(_t83 != _t127) {
							_t84 = _t127;
							_t155 =  &_v96;
							_t127 =  *_t127;
							_v96 = _t84 & 0xffff0000;
							_v100 = 0;
							E0106174B( &_v96,  &_v100, 0x8000);
							_t88 = E01057D50();
							__eflags = _t88;
							if(_t88 == 0) {
								_t89 = 0x7ffe0388;
							} else {
								_t89 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
							}
							__eflags =  *_t89;
							if(__eflags != 0) {
								_t155 = _v96;
								E010EFE3F(_t127, _t159, _v96, _v100);
							}
							_t83 = _t159 + 0x9c;
						}
						if( *((char*)(_t159 + 0xda)) == 2) {
							_t93 =  *((intOrPtr*)(_t159 + 0xd4));
						} else {
							_t93 = 0;
						}
						if(_t93 != 0) {
							 *((intOrPtr*)(_t174 + 0x1c)) = _t93;
							_t155 = _t174 + 0x1c;
							 *((intOrPtr*)(_t174 + 0x1c)) = 0;
							E0106174B(_t174 + 0x1c, _t174 + 0x1c, 0x8000);
						}
						_t128 = _t159 + 0x88;
						if( *_t128 != 0) {
							 *((intOrPtr*)(_t174 + 0x24)) = 0;
							_t155 = _t128;
							E0106174B(_t128, _t174 + 0x24, 0x8000);
							 *_t128 = 0;
						}
						if(( *(_t159 + 0x40) & 0x00000001) == 0) {
							 *((intOrPtr*)(_t159 + 0xc8)) = 0;
						}
						goto L16;
						L16:
						_t167 =  *((intOrPtr*)(_t159 + 0xa8)) - 0x10;
						E01033138(_t167);
						if(_t167 != _t159) {
							goto L16;
						} else {
							_t99 = E01057D50();
							_t168 = 0x7ffe0380;
							if(_t99 != 0) {
								_t102 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t102 = 0x7ffe0380;
							}
							if( *_t102 != 0) {
								_t103 =  *[fs:0x30];
								__eflags =  *(_t103 + 0x240) & 0x00000001;
								if(( *(_t103 + 0x240) & 0x00000001) != 0) {
									_t118 = E01057D50();
									__eflags = _t118;
									if(_t118 != 0) {
										_t168 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags = _t168;
									}
									 *((short*)(_t174 + 0x2a)) = 0x1023;
									_push(_t174 + 0x24);
									_push(4);
									_push(0x402);
									_push( *_t168 & 0x000000ff);
									 *((intOrPtr*)(_t174 + 0x54)) = _t159;
									E01079AE0();
								}
							}
							_t104 = E01057D50();
							_t169 = 0x7ffe038a;
							if(_t104 != 0) {
								_t107 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t107 = 0x7ffe038a;
							}
							if( *_t107 != 0) {
								_t108 = E01057D50();
								__eflags = _t108;
								if(_t108 != 0) {
									_t169 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
									__eflags = _t169;
								}
								 *((short*)(_t174 + 0x4e)) = 0x1023;
								_push(_t174 + 0x48);
								_push(4);
								_push(0x402);
								_push( *_t169 & 0x000000ff);
								 *((intOrPtr*)(_t174 + 0x78)) = _t159;
								E01079AE0();
							}
							if(E01057D50() != 0) {
								_t115 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
							} else {
								_t115 = 0x7ffe0388;
							}
							if( *_t115 != 0) {
								E010EFDD3(_t159);
							}
							goto L26;
						}
					}
				}
			}

0x01032fb8
0x01032fc2
0x01032fc6
0x01032fc9
0x01032fce
0x0108fb7d
0x0108fb84
0x0108fb8a
0x0108fb90
0x0108fb94
0x0108fbb3
0x0108fbb8
0x0108fb96
0x0108fbab
0x0108fbb0
0x0108fbbe
0x0108fbc3
0x0108fbc8
0x0108fbd0
0x0108fbd8
0x0108fbd9
0x0108fbd9
0x0108fbd0
0x010330ea
0x010330ea
0x010330ec
0x010330f0
0x010330f1
0x010330f2
0x010330fd
0x010330fd
0x01032fdb
0x0108fbe3
0x0108fbea
0x0108fbed
0x0103312b
0x0103312b
0x00000000
0x0103312b
0x0108fbf3
0x0108fbf8
0x0108fbfa
0x0108fc00
0x0108fc02
0x0108fc02
0x0108fc09
0x0108fc10
0x0108fc1b
0x0108fc1c
0x0108fc23
0x00000000
0x0108fc23
0x01032fe8
0x0108fc2d
0x0108fc36
0x0108fc3c
0x00000000
0x0108fc3c
0x01032fee
0x01032ff5
0x0108fc47
0x0108fc49
0x0108fc49
0x01032ffd
0x01033009
0x0108fc53
0x0108fc5a
0x00000000
0x00000000
0x0108fc62
0x0108fc67
0x0108fc69
0x00000000
0x00000000
0x00000000
0x0103300f
0x0103300f
0x01033018
0x00000000
0x0103301e
0x01033024
0x01033025
0x0103302a
0x01033030
0x01033032
0x0108fc74
0x0108fc76
0x0108fc7a
0x0108fc81
0x0108fc8f
0x0108fc93
0x0108fc98
0x0108fc9d
0x0108fc9f
0x0108fcb1
0x0108fca1
0x0108fcaa
0x0108fcaa
0x0108fcb6
0x0108fcb9
0x0108fcbf
0x0108fcc5
0x0108fcc5
0x0108fcca
0x0108fcca
0x01033041
0x01033100
0x01033047
0x01033047
0x01033047
0x0103304b
0x0103310b
0x0103310f
0x0103311c
0x01033121
0x01033121
0x01033051
0x01033059
0x0108fcde
0x0108fce3
0x0108fce5
0x0108fcea
0x0108fcea
0x01033063
0x01033075
0x01033075
0x00000000
0x0103307b
0x01033081
0x01033086
0x0103308d
0x00000000
0x0103308f
0x0103308f
0x01033094
0x010330a0
0x0108fcfa
0x010330a6
0x010330a6
0x010330a6
0x010330ab
0x0108fd01
0x0108fd07
0x0108fd0e
0x0108fd14
0x0108fd19
0x0108fd1b
0x0108fd26
0x0108fd26
0x0108fd26
0x0108fd2f
0x0108fd38
0x0108fd39
0x0108fd3b
0x0108fd43
0x0108fd44
0x0108fd48
0x0108fd48
0x0108fd0e
0x010330b1
0x010330b6
0x010330c2
0x0108fd5b
0x010330c8
0x010330c8
0x010330c8
0x010330cd
0x0108fd62
0x0108fd67
0x0108fd69
0x0108fd74
0x0108fd74
0x0108fd74
0x0108fd7d
0x0108fd86
0x0108fd87
0x0108fd89
0x0108fd91
0x0108fd92
0x0108fd96
0x0108fd96
0x010330da
0x0108fda9
0x010330e0
0x010330e0
0x010330e0
0x010330e8
0x01033131
0x01033131
0x00000000
0x010330e8
0x0103308d
0x01033018

Strings

HEAP: , xrefs: 0108FBB3
HEAP[%wZ]: , xrefs: 0108FBA6
(HeapHandle != NULL), xrefs: 0108FBBE

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
API String ID: 0-3610490719
Opcode ID: 7dab690d630ec639b01a270cf5d0b9158943ffd585bd631cfbd34d8731b6cdf8
Instruction ID: b40cf842a9ad6e54d0febe42da553ecb6f2f8a27e9d2a408d15cbc56a0817d49
Opcode Fuzzy Hash: 7dab690d630ec639b01a270cf5d0b9158943ffd585bd631cfbd34d8731b6cdf8
Instruction Fuzzy Hash: 9D910331708A429FD766EB28C994B6EB7E9FFC4710F044599FAC18B281DB34E844CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01048794 Relevance: 4.0, Strings: 3, Instructions: 255
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E01048794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E0104934A() != 0) {
								_t159 = E010BA9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x1125780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E010B5510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x1125780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E0104849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E01048999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E01048999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x1125c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x1125c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E01052280(_t92, 0x11286cc);
															_t94 = E01109DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E010661A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x1125c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E01048A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x1125c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x1125c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E0107F380(_t136, 0x1011184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E01052280(_t108, 0x11286cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E010661A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E01109D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E0104FFB0(_t118, _t156, 0x11286cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E01079A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}

0x01048799
0x0104879d
0x010487a1
0x010487a3
0x010487a8
0x010487c3
0x010487c3
0x010487c8
0x010487d1
0x010487d4
0x010487d8
0x010487e5
0x010487ec
0x01099bfe
0x01099c00
0x01099c02
0x01099c08
0x01099c0d
0x01099c0f
0x01099c14
0x01099c2d
0x01099c32
0x01099c37
0x01099c3a
0x01099c3c
0x01099c42
0x01099c42
0x01099c3c
0x01099c02
0x010487da
0x010487df
0x010487e3
0x00000000
0x00000000
0x010487e3
0x010487f2
0x00000000
0x010487fb
0x010487fd
0x010487fe
0x0104880e
0x0104880f
0x01048810
0x01048814
0x0104881a
0x0104881c
0x0104881f
0x01048821
0x01048822
0x01048824
0x01048826
0x0104882c
0x0104882e
0x01099c48
0x01099c48
0x01048834
0x01048834
0x01048837
0x00000000
0x00000000
0x01048837
0x0104882e
0x0104883d
0x01048840
0x01048843
0x01048846
0x01048849
0x0104884c
0x0104884e
0x01048850
0x01048852
0x01048854
0x01048857
0x010488b4
0x010488b6
0x010488b6
0x01048859
0x01048859
0x01048859
0x01048861
0x01048866
0x0104886a
0x0104893d
0x01048941
0x00000000
0x01048947
0x01048947
0x0104894a
0x0104894c
0x00000000
0x01048952
0x01048955
0x0104895a
0x0104895d
0x0104895d
0x0104895f
0x01048961
0x01048961
0x01048968
0x00000000
0x00000000
0x0104896a
0x0104896b
0x0104896e
0x00000000
0x01048970
0x01048970
0x01048970
0x01048970
0x01048972
0x01048972
0x01048974
0x00000000
0x0104897a
0x0104897a
0x0104897d
0x00000000
0x01048983
0x01099c65
0x01099c6d
0x01099c72
0x01099c75
0x01099c75
0x01099c82
0x01099c86
0x01099c87
0x01099c88
0x01099c89
0x01099c8c
0x01099c90
0x01099c95
0x01099c97
0x01099ca0
0x01099ca3
0x01099ca9
0x01099ca9
0x00000000
0x01099ca9
0x01099ca3
0x00000000
0x01099c97
0x0104897d
0x00000000
0x01048974
0x01048988
0x01048992
0x01048996
0x00000000
0x01048996
0x0104894c
0x00000000
0x01048870
0x0104887b
0x0104887d
0x0104887f
0x01048881
0x01048884
0x01048884
0x01048886
0x01048889
0x0104888c
0x0104888e
0x01048891
0x01048891
0x01048898
0x00000000
0x00000000
0x0104889a
0x0104889b
0x0104889e
0x00000000
0x00000000
0x010488a0
0x010488a8
0x010488b0
0x010488b2
0x010488d3
0x010488d5
0x00000000
0x010488d7
0x010488db
0x010488dc
0x010488e0
0x010488e8
0x010488ee
0x010488f0
0x010488f3
0x010488fc
0x01048901
0x01048906
0x0104890c
0x0104890c
0x0104890f
0x01048916
0x01048917
0x01048918
0x01048919
0x0104891a
0x0104891f
0x01048921
0x01099c52
0x01099c55
0x01099c5b
0x01099cac
0x01099cc0
0x01099cc0
0x01099c55
0x01048927
0x01048927
0x0104892f
0x01048933
0x00000000
0x010488f5
0x010488f5
0x00000000
0x010488f7
0x010488f7
0x010488fa
0x00000000
0x00000000
0x00000000
0x00000000
0x010488fa
0x010488f5
0x010488f3
0x00000000
0x010488d5
0x00000000
0x010488b2
0x010488c9
0x00000000
0x010488c9
0x0104887f
0x0104886a
0x01048857
0x01048852
0x010488bf
0x010488bf
0x010487aa
0x010487ad
0x010487ae
0x010487b4
0x010487b5
0x010487b6
0x010487b8
0x010487bd
0x010487c1
0x010487f4
0x010487fa
0x00000000
0x00000000
0x00000000
0x010487c1
0x00000000

Strings

LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 01099C18
minkernel\ntdll\ldrsnap.c, xrefs: 01099C28
LdrpDoPostSnapWork, xrefs: 01099C1E

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
API String ID: 0-1948996284
Opcode ID: 1f480f921755b3fcd579c7cd6e173155333cb222da5872966dff3c17d88410b3
Instruction ID: 73f285dbf9cf6ce40aeb7a8668b4d5dd85aedbb0be76b718e8e0435f8eb8907e
Opcode Fuzzy Hash: 1f480f921755b3fcd579c7cd6e173155333cb222da5872966dff3c17d88410b3
Instruction Fuzzy Hash: B19105B1A00206ABEF68DF99C8D09BA77F5FF44314B0485BEEA81AB140D730ED11CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01038239 Relevance: 4.0, Strings: 3, Instructions: 233
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E01038239(signed int* __ecx, char* __edx, signed int _a4) {
				signed int _v12;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				char _v560;
				signed int _v564;
				intOrPtr _v568;
				char _v572;
				intOrPtr _v576;
				short _v578;
				char _v580;
				signed int _v584;
				intOrPtr _v586;
				char _v588;
				char* _v592;
				intOrPtr _v596;
				intOrPtr _v600;
				char* _v604;
				signed int* _v608;
				intOrPtr _v612;
				short _v614;
				char _v616;
				signed int _v620;
				signed int _v624;
				intOrPtr _v628;
				char* _v632;
				signed int _v636;
				char _v640;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t94;
				char* _t99;
				intOrPtr _t118;
				intOrPtr _t122;
				intOrPtr _t125;
				short _t126;
				signed int* _t137;
				intOrPtr _t138;
				intOrPtr _t143;
				intOrPtr _t145;
				intOrPtr _t148;
				signed int _t150;
				signed int _t151;
				void* _t152;
				signed int _t154;

				_t149 = __edx;
				_v12 =  *0x112d360 ^ _t154;
				_v564 = _v564 & 0x00000000;
				_t151 = _a4;
				_t137 = __ecx;
				_v604 = __edx;
				_v608 = __ecx;
				_t150 = 0;
				_v568 = 0x220;
				_v592 =  &_v560;
				if(E01046D30( &_v580, L"UseFilter") < 0) {
					L4:
					return E0107B640(_t89, _t137, _v12 ^ _t154, _t149, _t150, _t151);
				}
				_push( &_v572);
				_push(0x220);
				_push( &_v560);
				_push(2);
				_push( &_v580);
				_push( *_t137);
				_t89 = E01079650();
				if(_t89 >= 0) {
					if(_v556 != 4 || _v552 != 4 || _v548 == 0) {
						L3:
						_t89 = 0;
					} else {
						_t94 =  *_t151;
						_t151 =  *(_t151 + 4);
						_v588 = _t94;
						_v584 = _t151;
						if(E01046D30( &_v580, L"\\??\\") < 0) {
							goto L4;
						}
						if(E0104AA20( &_v560,  &_v580,  &_v588, 1) != 0) {
							_v588 = _v588 + 0xfff8;
							_v586 = _v586 + 0xfff8;
							_v584 = _t151 + 8;
						}
						_t99 =  &_v560;
						_t143 = 0;
						_v596 = _t99;
						_v600 = 0;
						do {
							_t149 =  &_v572;
							_push( &_v572);
							_push(_v568);
							_push(_t99);
							_push(0);
							_push(_t143);
							_push( *_t137);
							_t151 = E01079820();
							if(_t151 < 0) {
								goto L37;
							}
							_t145 = _v596;
							_v580 =  *((intOrPtr*)(_t145 + 0xc));
							_v624 = _v624 & 0x00000000;
							_v620 = _v620 & 0x00000000;
							_v578 =  *((intOrPtr*)(_t145 + 0xc));
							_v576 = _t145 + 0x10;
							_v636 =  *_t137;
							_v632 =  &_v580;
							_push( &_v640);
							_push(_v604);
							_v640 = 0x18;
							_push( &_v564);
							_v628 = 0x240;
							_t151 = E01079600();
							if(_t151 < 0) {
								goto L37;
							}
							_t151 = E01046D30( &_v580, L"FilterFullPath");
							if(_t151 < 0) {
								L36:
								_push(_v564);
								E010795D0();
								goto L37;
							}
							_t138 = _v592;
							_t118 = _v568;
							do {
								_push( &_v572);
								_push(_t118);
								_push(_t138);
								_push(2);
								_push( &_v580);
								_push(_v564);
								_t152 = E01079650();
								if(_t152 == 0x80000005 || _t152 == 0xc0000023) {
									if(_t150 != 0) {
										L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t150);
									}
									_t147 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
									if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
										_t122 =  *0x1127b9c; // 0x0
										_t150 = E01054620(_t147, _t147, _t122 + 0x180000, _v572);
										if(_t150 == 0) {
											goto L25;
										}
										_t118 = _v572;
										_t138 = _t150;
										_v596 = _t150;
										_v568 = _t118;
										goto L27;
									} else {
										_t150 = 0;
										L25:
										_t151 = 0xc0000017;
										goto L26;
									}
								} else {
									L26:
									_t118 = _v568;
								}
								L27:
							} while (_t151 == 0x80000005 || _t151 == 0xc0000023);
							_v592 = _t138;
							_t137 = _v608;
							if(_t151 >= 0) {
								_t148 = _v592;
								if( *((intOrPtr*)(_t148 + 4)) != 1) {
									goto L36;
								}
								_t125 =  *((intOrPtr*)(_t148 + 8));
								if(_t125 > 0xfffe) {
									goto L36;
								}
								_t126 = _t125 + 0xfffffffe;
								_v616 = _t126;
								_v614 = _t126;
								_v612 = _t148 + 0xc;
								if(E01049660( &_v588,  &_v616, 1) == 0) {
									break;
								}
								goto L36;
							}
							_push(_v564);
							E010795D0();
							_t65 = _t151 + 0x3fffffcc; // 0x3fffffcc
							asm("sbb eax, eax");
							_t151 = _t151 &  ~_t65;
							L37:
							_t99 = _v596;
							_t143 = _v600 + 1;
							_v600 = _t143;
						} while (_t151 >= 0);
						if(_t150 != 0) {
							L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t150);
						}
						if(_t151 >= 0) {
							_push( *_t137);
							E010795D0();
							 *_t137 = _v564;
						}
						_t85 = _t151 + 0x7fffffe6; // 0x7fffffe6
						asm("sbb eax, eax");
						_t89 =  ~_t85 & _t151;
					}
					goto L4;
				}
				if(_t89 != 0xc0000034) {
					if(_t89 == 0xc0000023) {
						goto L3;
					}
					if(_t89 != 0x80000005) {
						goto L4;
					}
				}
				goto L3;
			}

0x01038239
0x0103824b
0x0103824e
0x0103825d
0x01038260
0x0103826e
0x01038275
0x0103827b
0x0103827d
0x01038287
0x01038294
0x010382ce
0x010382de
0x010382de
0x0103829c
0x0103829d
0x010382a8
0x010382a9
0x010382b1
0x010382b2
0x010382b4
0x010382bb
0x01092dfa
0x010382cc
0x010382cc
0x01092e19
0x01092e19
0x01092e1b
0x01092e1e
0x01092e30
0x01092e3d
0x00000000
0x00000000
0x01092e5a
0x01092e61
0x01092e68
0x01092e72
0x01092e72
0x01092e78
0x01092e7e
0x01092e80
0x01092e86
0x01092e8c
0x01092e8c
0x01092e92
0x01092e93
0x01092e99
0x01092e9a
0x01092e9c
0x01092e9d
0x01092ea4
0x01092ea8
0x00000000
0x00000000
0x01092eae
0x01092eb8
0x01092ec3
0x01092eca
0x01092ed1
0x01092edb
0x01092ee3
0x01092eef
0x01092efb
0x01092efc
0x01092f08
0x01092f12
0x01092f13
0x01092f22
0x01092f26
0x00000000
0x00000000
0x01092f3d
0x01092f41
0x01093069
0x01093069
0x0109306f
0x00000000
0x0109306f
0x01092f47
0x01092f4d
0x01092f53
0x01092f59
0x01092f5a
0x01092f5b
0x01092f5c
0x01092f64
0x01092f65
0x01092f70
0x01092f78
0x01092f84
0x01092f92
0x01092f92
0x01092f9d
0x01092fa2
0x01092fed
0x01093004
0x01093008
0x00000000
0x00000000
0x0109300a
0x01093010
0x01093012
0x01093018
0x00000000
0x01092fa4
0x01092fa4
0x01092fa6
0x01092fa6
0x00000000
0x01092fa6
0x01092fab
0x01092fab
0x01092fab
0x01092fab
0x01092fb1
0x01092fb1
0x01092fc1
0x01092fc7
0x01092fcf
0x01093020
0x0109302a
0x00000000
0x00000000
0x0109302c
0x01093034
0x00000000
0x00000000
0x01093036
0x01093039
0x01093040
0x0109304a
0x01093067
0x00000000
0x00000000
0x00000000
0x01093067
0x01092fd1
0x01092fd7
0x01092fdc
0x01092fe4
0x01092fe6
0x01093074
0x0109307a
0x01093080
0x01093081
0x01093087
0x01093091
0x0109309f
0x0109309f
0x010930a6
0x010930a8
0x010930aa
0x010930b5
0x010930b5
0x010930b7
0x010930bf
0x010930c1
0x010930c1
0x00000000
0x01092dfa
0x010382c6
0x01092ddd
0x00000000
0x00000000
0x01092de8
0x00000000
0x00000000
0x01092dee
0x00000000

Strings

FilterFullPath, xrefs: 01092F2C
\??\, xrefs: 01092E2A
UseFilter, xrefs: 01038263

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: FilterFullPath$UseFilter$\??\
API String ID: 0-2779062949
Opcode ID: c8dc7f2b567a1f77bce3c7fffece6cb42a299ceeb8fb22985c3d7671a8681854
Instruction ID: a58cc070d5c063b95eb5a17a85d5d53102ca5adaa13c56ba6ccaaa61f0d05221
Opcode Fuzzy Hash: c8dc7f2b567a1f77bce3c7fffece6cb42a299ceeb8fb22985c3d7671a8681854
Instruction Fuzzy Hash: 39A16B719016299BDF71DB28CC98BEEB7B8EF44710F0002EAE948A7250E7359E84CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0106AC7B Relevance: 4.0, Strings: 3, Instructions: 205
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E0106AC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x8
					E0108D5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x1128a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1017
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x20
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E010796E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E010E3C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E010796E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E0103B150();
							} else {
								E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E0103B150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E010F14FB(_t132, _t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E01057D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E010F1411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E01057D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E010F1411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}

0x0106ac85
0x0106ac88
0x0106ac8a
0x0106ac8d
0x0106ac91
0x0106ac99
0x0106ac9c
0x010a9f57
0x010a9f5b
0x010a9f60
0x010a9f60
0x0106aca8
0x0106acae
0x0106acda
0x0106acde
0x0106ace8
0x0106aceb
0x0106acee
0x00000000
0x0106acee
0x0106acf6
0x0106acb0
0x0106acb0
0x0106acbb
0x0106acbd
0x0106acc0
0x0106acc5
0x0106adae
0x0106adb4
0x0106adb4
0x0106acd4
0x0106acd8
0x0106acf9
0x0106acff
0x0106ad04
0x0106ad08
0x0106ad09
0x0106ad10
0x0106ad12
0x0106ad18
0x010a9f6f
0x010a9f74
0x010a9f76
0x010a9f7c
0x010a9f84
0x010a9f88
0x010a9f89
0x010a9f90
0x010a9f90
0x010a9f76
0x0106ad1e
0x0106ad24
0x0106ad26
0x010aa097
0x010aa09b
0x010aa0ba
0x010aa0bf
0x010aa09d
0x010aa0b2
0x010aa0b7
0x010aa0c5
0x010aa0c8
0x010aa0cb
0x010aa0d2
0x00000000
0x0106ad2c
0x0106ad2c
0x0106ad2f
0x0106ad34
0x0106ad36
0x010a9f97
0x010a9f9a
0x00000000
0x00000000
0x010a9fa9
0x0106ad3e
0x0106ad3e
0x0106ad41
0x010a9fb3
0x010a9fb9
0x010a9fc0
0x010a9fd0
0x010a9fd0
0x010a9fc0
0x0106ad4a
0x0106ad50
0x0106ad5c
0x0106ad62
0x0106ad68
0x0106ad6b
0x0106ad6d
0x010a9fda
0x010a9fdd
0x00000000
0x00000000
0x010a9fec
0x00000000
0x0106ad73
0x0106ad73
0x0106ad73
0x0106ad75
0x0106ad75
0x0106ad78
0x010a9ff6
0x010a9ffc
0x010aa003
0x010aa00e
0x010aa010
0x010aa01b
0x010aa01b
0x010aa01b
0x010aa038
0x010aa038
0x010aa003
0x0106ad84
0x0106ad89
0x0106ad8c
0x0106ad8e
0x010aa042
0x010aa045
0x00000000
0x00000000
0x010aa054
0x00000000
0x0106ad94
0x0106ad94
0x0106ad94
0x0106ad96
0x0106ad96
0x0106ad99
0x010aa063
0x010aa065
0x010aa070
0x010aa070
0x010aa070
0x010aa08d
0x010aa08d
0x0106ada4
0x0106ada6
0x00000000
0x0106ada6
0x0106ad8e
0x0106ad6d
0x0106ad3c
0x0106ad3c
0x00000000
0x0106ad3c
0x00000000
0x00000000
0x00000000
0x0106acd8

Strings

HEAP: , xrefs: 010AA0BA
HEAP[%wZ]: , xrefs: 010AA0AD
RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 010AA0CD

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
API String ID: 0-1340214556
Opcode ID: aca8c936b88dc148d6375e21d32d164a1ef5dd79ed9b93b4ac8fdb3340907daf
Instruction ID: a5592f0b0866d6a88e65159eec6b7b0b42d0785359f479b1163c21575feb8591
Opcode Fuzzy Hash: aca8c936b88dc148d6375e21d32d164a1ef5dd79ed9b93b4ac8fdb3340907daf
Instruction Fuzzy Hash: 0981E631344684EFD726EBA8C894FAABBF8FF05714F0441A5E6D29B692D774E940CB10

Uniqueness

Uniqueness Score: -1.00%

Function 0105B73D Relevance: 3.9, Strings: 3, Instructions: 190
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E0105B73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E010FA80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0x1128748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E0103B150();
					} else {
						E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E0103B150();
					__eflags =  *0x1127bc8;
					if(__eflags == 0) {
						E010F2073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E010FA80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0x1128720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0x1128720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E0105B8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E010FA80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E0105E4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}

0x0105b746
0x0105b74b
0x0105b74d
0x0105b750
0x0105b755
0x0105b758
0x0105b758
0x0105b75e
0x0105b763
0x0105b764
0x0105b76a
0x0105b76d
0x0105b771
0x0105b776
0x0105b85c
0x0105b85d
0x0105b860
0x0105b865
0x010a2ba1
0x010a2ba2
0x010a2ba9
0x010a2bae
0x010a2bae
0x0105b77c
0x0105b77c
0x0105b77c
0x0105b785
0x0105b788
0x010a2bb6
0x010a2bb9
0x00000000
0x00000000
0x010a2bbf
0x010a2bc5
0x010a2bc9
0x010a2be8
0x010a2bed
0x010a2bcb
0x010a2be0
0x010a2be5
0x010a2bf3
0x010a2bf8
0x010a2bfd
0x010a2c05
0x010a2c0e
0x010a2c0e
0x00000000
0x0105b78e
0x0105b78e
0x0105b78e
0x0105b791
0x0105b791
0x0105b797
0x0105b797
0x0105b79f
0x0105b7a9
0x0105b7af
0x0105b7af
0x0105b7b1
0x0105b7b6
0x0105b7e2
0x0105b7e2
0x0105b7e7
0x0105b880
0x0105b7ed
0x0105b7ed
0x0105b7ed
0x0105b7ef
0x0105b7f2
0x0105b7f2
0x0105b7f5
0x0105b7fa
0x010a2c2d
0x010a2c2e
0x010a2c39
0x0105b800
0x0105b800
0x0105b802
0x0105b805
0x0105b808
0x0105b808
0x0105b80a
0x0105b80d
0x0105b816
0x0105b81c
0x0105b822
0x0105b82f
0x0105b88b
0x0105b892
0x0105b897
0x0105b899
0x0105b89b
0x0105b89e
0x0105b8a5
0x0105b8a8
0x0105b8aa
0x0105b8ac
0x0105b8ac
0x0105b8aa
0x0105b892
0x0105b831
0x0105b839
0x0105b83b
0x0105b83b
0x0105b844
0x0105b84b
0x0105b852
0x0105b7b8
0x0105b7ba
0x0105b7bf
0x0105b7c4
0x010a2c18
0x010a2c19
0x010a2c23
0x0105b7ca
0x0105b7ca
0x0105b7cc
0x0105b7cf
0x0105b7d1
0x0105b7d1
0x0105b7d4
0x0105b7dc
0x0105b8bb
0x0105b8bb
0x0105b8be
0x0105b8be
0x0105b8c1
0x00000000
0x00000000
0x0105b8c3
0x0105b8c5
0x0105b8c7
0x0105b8e0
0x00000000
0x0105b8e0
0x0105b8cc
0x0105b8cc
0x00000000
0x0105b8cc
0x0105b8d6
0x0105b8d6
0x00000000
0x0105b7dc
0x0105b7b6

Strings

HEAP: , xrefs: 010A2BE8
HEAP[%wZ]: , xrefs: 010A2BDB
((PHEAP_ENTRY)LastKnownEntry <= Entry), xrefs: 010A2BF3

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
API String ID: 0-1334570610
Opcode ID: c8051f9a40f7e479bf08a85713f496cc2e1f152613775c1e2f282565572ac39b
Instruction ID: 3bd570e37a52e1acf00f41a9ea68b3099800b46a2176bec56c42425495c1d0fd
Opcode Fuzzy Hash: c8051f9a40f7e479bf08a85713f496cc2e1f152613775c1e2f282565572ac39b
Instruction Fuzzy Hash: 4F61A170600245DFDBA9DF28C445BABBBE6FF44304F5885AEE8898B245D770F891CB91

Uniqueness

Uniqueness Score: -1.00%

Function 010E23E3 Relevance: 3.9, Strings: 3, Instructions: 166
COMMONCrypto

Download Yara Rule

C-Code - Quality: 64%

			E010E23E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0x112874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0x112874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E0108D4F0(_t83, 0x1016c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0103B150();
					} else {
						E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E0103B150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1126378 = 1;
						asm("int3");
						 *0x1126378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}

0x010e23e3
0x010e23e8
0x010e23eb
0x010e23ee
0x010e23f3
0x010e259b
0x010e259b
0x010e259d
0x010e25a3
0x010e25a3
0x010e23fb
0x010e2424
0x010e244f
0x010e2460
0x010e2451
0x010e2451
0x010e2456
0x010e2458
0x010e2458
0x010e245b
0x010e245b
0x010e2426
0x010e2431
0x010e2436
0x010e2443
0x010e2438
0x010e2438
0x010e2438
0x010e2445
0x010e2445
0x010e2463
0x010e2469
0x010e246f
0x010e2480
0x010e2495
0x010e24a1
0x010e24ce
0x010e24df
0x010e24d0
0x010e24d0
0x010e24d5
0x010e24d7
0x010e24d7
0x010e24da
0x010e24da
0x010e24a3
0x010e24b0
0x010e24b5
0x010e24c2
0x010e24b7
0x010e24b7
0x010e24b7
0x010e24c4
0x010e24c4
0x010e24e8
0x010e2497
0x010e249a
0x010e249a
0x010e2482
0x010e2488
0x010e2488
0x010e2471
0x010e2479
0x010e2479
0x010e24ef
0x010e23fd
0x010e2401
0x010e2412
0x010e2403
0x010e2403
0x010e2408
0x010e240a
0x010e240a
0x010e240d
0x010e240d
0x010e241b
0x010e241b
0x010e24f1
0x010e24f6
0x010e2507
0x010e2510
0x00000000
0x010e2510
0x010e250b
0x00000000
0x010e24f8
0x010e24f8
0x010e24fc
0x010e2500
0x010e2512
0x010e2515
0x010e251a
0x010e2521
0x010e2524
0x010e2529
0x010e252f
0x00000000
0x00000000
0x010e253c
0x010e255c
0x010e2561
0x010e253e
0x010e2554
0x010e2559
0x010e256a
0x010e256d
0x010e2574
0x010e2586
0x010e2588
0x010e258f
0x010e2590
0x010e2590
0x010e2597
0x00000000
0x010e2597

Strings

HEAP: , xrefs: 010E255C
Heap block at %p modified at %p past requested size of %Ix, xrefs: 010E256F
HEAP[%wZ]: , xrefs: 010E254F

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
API String ID: 0-3815128232
Opcode ID: e535a11ade0e1d5c9f892907605ed5760988d1ec06468b0d81dc79b97edf484c
Instruction ID: 909c4ca20102130a9a10b1091ac352205a6c634490465a0466c2d8cacf5cfa2f
Opcode Fuzzy Hash: e535a11ade0e1d5c9f892907605ed5760988d1ec06468b0d81dc79b97edf484c
Instruction Fuzzy Hash: 015126B51002508EF3B5CE1FC84C7767BF9EB84644F55489AE8D38F285DA7AD882DB60

Uniqueness

Uniqueness Score: -1.00%

Function 0105EB9A Relevance: 3.9, Strings: 3, Instructions: 156
COMMONCrypto

Download Yara Rule

C-Code - Quality: 75%

			E0105EB9A(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t62;
				signed int _t63;
				intOrPtr _t64;
				signed int _t65;
				intOrPtr _t77;
				signed int* _t91;
				intOrPtr _t92;
				signed int _t95;
				signed char _t109;
				signed int _t114;
				unsigned int _t119;
				intOrPtr* _t122;
				intOrPtr _t127;
				signed int _t130;
				void* _t135;

				_t92 = __ecx;
				_t122 = __edx;
				_v8 = __ecx;
				 *((intOrPtr*)(__ecx + 0xb4)) = __edx;
				if( *__edx != 0) {
					_t95 =  *((intOrPtr*)(__edx + 4)) -  *((intOrPtr*)(__edx + 0x14)) - 1;
					__eflags =  *(__edx + 8);
					if(__eflags != 0) {
						_t95 = _t95 + _t95;
					}
					 *( *((intOrPtr*)(_t122 + 0x20)) + _t95 * 4) =  *( *((intOrPtr*)(_t122 + 0x20)) + _t95 * 4) & 0x00000000;
					asm("btr eax, esi");
					_t92 = _v8;
				}
				_t62 = _t92 + 0xc0;
				_t127 =  *((intOrPtr*)(_t62 + 4));
				while(1) {
					L2:
					_v12 = _t127;
					if(_t62 == _t127) {
						break;
					}
					_t7 = _t127 - 8; // -8
					_t91 = _t7;
					if( *((intOrPtr*)(_t92 + 0x4c)) != 0) {
						_t119 =  *(_t92 + 0x50) ^  *_t91;
						 *_t91 = _t119;
						_t109 = _t119 >> 0x00000010 ^ _t119 >> 0x00000008 ^ _t119;
						if(_t119 >> 0x18 != _t109) {
							_push(_t109);
							E010EFA2B(_t91, _v8, _t91, _t122, _t127, __eflags);
						}
						_t92 = _v8;
					}
					_t114 =  *_t91 & 0x0000ffff;
					_t63 = _t122;
					_t135 = _t114 -  *((intOrPtr*)(_t122 + 4));
					while(1) {
						_v20 = _t63;
						if(_t135 < 0) {
							break;
						}
						_t130 =  *_t63;
						_v16 = _t130;
						_t127 = _v12;
						if(_t130 != 0) {
							_t63 = _v16;
							__eflags = _t114 -  *((intOrPtr*)(_t63 + 4));
							continue;
						}
						_v16 =  *((intOrPtr*)(_t63 + 4)) - 1;
						L10:
						if( *_t122 != 0) {
							_t64 =  *((intOrPtr*)(_t122 + 4));
							__eflags = _t114 - _t64;
							_t65 = _t64 - 1;
							__eflags = _t65;
							if(_t65 < 0) {
								_t65 = _t114;
							}
							E0105BC04(_t92, _t122, 1, _t127, _t65, _t114);
						}
						E0105E4A0(_v8, _v20, 1, _t127, _v16,  *_t91 & 0x0000ffff);
						if( *0x1128748 >= 1) {
							__eflags =  *( *((intOrPtr*)(_v20 + 0x1c)) + (_v16 -  *((intOrPtr*)(_v20 + 0x14)) >> 5) * 4) & 1 << (_v16 -  *((intOrPtr*)(_v20 + 0x14)) & 0x0000001f);
							if(__eflags == 0) {
								_t77 =  *[fs:0x30];
								__eflags =  *(_t77 + 0xc);
								if( *(_t77 + 0xc) == 0) {
									_push("HEAP: ");
									E0103B150();
								} else {
									E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))");
								E0103B150();
								__eflags =  *0x1127bc8;
								if(__eflags == 0) {
									__eflags = 1;
									E010F2073(_t91, 1, _t122, 1);
								}
							}
							_t127 = _v12;
						}
						_t92 = _v8;
						if( *((intOrPtr*)(_t92 + 0x4c)) != 0) {
							_t91[0] = _t91[0] ^ _t91[0] ^  *_t91;
							 *_t91 =  *_t91 ^  *(_t92 + 0x50);
						}
						_t127 =  *((intOrPtr*)(_t127 + 4));
						_t62 = _t92 + 0xc0;
						goto L2;
					}
					_v16 = _t114;
					goto L10;
				}
				return _t62;
			}

0x0105eb9a
0x0105eba5
0x0105eba7
0x0105ebaa
0x0105ebb3
0x0105eca0
0x0105eca1
0x0105eca5
0x0105ecd1
0x0105ecd1
0x0105ecaa
0x0105ecc3
0x0105ecc9
0x0105ecc9
0x0105ebb9
0x0105ebbf
0x0105ebc2
0x0105ebc2
0x0105ebc2
0x0105ebc7
0x00000000
0x00000000
0x0105ebd1
0x0105ebd1
0x0105ebd4
0x0105ebd9
0x0105ebdd
0x0105ebe9
0x0105ebf0
0x010a4258
0x010a425e
0x010a425e
0x0105ebf6
0x0105ebf6
0x0105ebf9
0x0105ebfc
0x0105ebfe
0x0105ec01
0x0105ec01
0x0105ec04
0x00000000
0x00000000
0x0105ec0a
0x0105ec0e
0x0105ec11
0x0105ec14
0x0105ec8f
0x0105ec92
0x00000000
0x0105ec92
0x0105ec1a
0x0105ec1d
0x0105ec20
0x0105ec72
0x0105ec75
0x0105ec77
0x0105ec77
0x0105ec78
0x0105ec7a
0x0105ec7a
0x0105ec83
0x0105ec83
0x0105ec32
0x0105ec3e
0x010a4281
0x010a4284
0x010a4286
0x010a428c
0x010a4290
0x010a42af
0x010a42b4
0x010a4292
0x010a42a7
0x010a42ac
0x010a42ba
0x010a42bf
0x010a42c4
0x010a42cc
0x010a42d0
0x010a42d1
0x010a42d1
0x010a42cc
0x010a42d6
0x010a42d6
0x0105ec44
0x0105ec4b
0x0105ec55
0x0105ec5b
0x0105ec5b
0x0105ec5d
0x0105ec60
0x00000000
0x0105ec60
0x0105ec8a
0x00000000
0x0105ec8a
0x0105ec71

Strings

HEAP: , xrefs: 010A42AF
HEAP[%wZ]: , xrefs: 010A42A2
RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 010A42BA

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
API String ID: 0-1596344177
Opcode ID: 04995b8509a19b029321d57d3083fdc6c795d5714077e2cd8d5ea63378be6609
Instruction ID: 76684bb2f5d8ea7c6d276faa160591c85f84ee2eac39f554d81e65b19b94e08e
Opcode Fuzzy Hash: 04995b8509a19b029321d57d3083fdc6c795d5714077e2cd8d5ea63378be6609
Instruction Fuzzy Hash: 7151DE31A00519EFDB58DF58C484AAEFBF2FF84300F5980A9D8859B342D770EA42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0105B8E4 Relevance: 3.8, Strings: 3, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E0105B8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0x1128748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E0103B150();
						} else {
							E0103B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E0103B150();
						__eflags =  *0x1127bc8;
						if(__eflags == 0) {
							E010F2073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E0105AB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}

0x0105b8f0
0x0105b8f2
0x0105b8f4
0x010a2c4e
0x010a2c50
0x010a2c56
0x010a2c5c
0x010a2c60
0x010a2c7f
0x010a2c84
0x010a2c62
0x010a2c77
0x010a2c7c
0x010a2c8a
0x010a2c8f
0x010a2c94
0x010a2c9c
0x010a2ca5
0x010a2ca5
0x010a2c9c
0x010a2c50
0x0105b8fa
0x0105b902
0x0105b921
0x0105b921
0x0105b924
0x0105b924
0x0105b927
0x00000000
0x00000000
0x0105b929
0x0105b92b
0x0105b92d
0x0105b940
0x00000000
0x0105b940
0x0105b932
0x0105b932
0x00000000
0x0105b932
0x00000000
0x0105b904
0x0105b904
0x0105b90a
0x0105b90c
0x0105b916
0x0105b919
0x0105b915
0x0105b915
0x0105b91b
0x0105b91b
0x00000000
0x0105b910

Strings

HEAP: , xrefs: 010A2C7F
HEAP[%wZ]: , xrefs: 010A2C72
(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size), xrefs: 010A2C8A

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-2558761708
Opcode ID: ef7f2e7bd7fdb7a3e0bd54ac6b06961f816a88ce0bf501f55fa73e1e4a199857
Instruction ID: 4c2568cefd5083c0f8d40c744c3b50f1f1bf26461aec0b89738ebb5965a662c0
Opcode Fuzzy Hash: ef7f2e7bd7fdb7a3e0bd54ac6b06961f816a88ce0bf501f55fa73e1e4a199857
Instruction Fuzzy Hash: C611E2313045029FDBA9DB19C484B7BB7F6EF80624F1481AEE8CACB241D674E880CB41

Uniqueness

Uniqueness Score: -1.00%

Function 010FE539 Relevance: 2.8, Strings: 2, Instructions: 261
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E010FE539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E010FBBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E010FBCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E010FAFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E01079730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E010FA80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E010FA854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E01079730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E010FA80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E010FA854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E01052280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E0104B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E0104FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E01057D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E010EFEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}

0x010fe547
0x010fe549
0x010fe54f
0x010fe553
0x010fe557
0x010fe55a
0x010fe55c
0x010fe55f
0x010fe561
0x010fe567
0x010fe56b
0x010fe7e2
0x00000000
0x010fe571
0x010fe575
0x010fe577
0x010fe57b
0x010fe57c
0x010fe57d
0x010fe57e
0x010fe57f
0x010fe588
0x010fe58f
0x010fe591
0x010fe592
0x010fe592
0x010fe596
0x010fe59e
0x010fe5a0
0x010fe5a6
0x010fe61d
0x010fe61d
0x010fe621
0x010fe623
0x010fe630
0x010fe630
0x010fe7e6
0x010fe7eb
0x010fe7ed
0x010fe7f4
0x010fe7fa
0x010fe7ff
0x010fe7ff
0x010fe80a
0x010fe812
0x010fe812
0x010fe5ab
0x010fe5b4
0x010fe5b9
0x010fe5be
0x010fe5c0
0x010fe5c2
0x010fe5c8
0x010fe5c9
0x010fe5cb
0x010fe5cc
0x010fe5d5
0x010fe5e4
0x010fe5f1
0x010fe5f8
0x010fe5f8
0x010fe5d5
0x010fe602
0x010fe616
0x010fe63d
0x010fe644
0x010fe64d
0x010fe652
0x010fe657
0x010fe659
0x010fe65b
0x010fe661
0x010fe662
0x010fe664
0x010fe665
0x010fe66e
0x010fe67d
0x010fe68a
0x010fe691
0x010fe691
0x010fe66e
0x010fe6b0
0x00000000
0x010fe6b6
0x010fe6bd
0x010fe6c7
0x010fe6d7
0x010fe6d9
0x010fe6db
0x010fe6de
0x010fe6e3
0x010fe6f3
0x010fe6fc
0x010fe700
0x010fe700
0x010fe704
0x010fe70a
0x010fe70a
0x010fe713
0x010fe716
0x010fe719
0x010fe720
0x010fe761
0x010fe76b
0x010fe774
0x010fe77a
0x010fe77a
0x010fe78a
0x010fe791
0x010fe799
0x010fe79b
0x010fe79f
0x010fe7aa
0x010fe7c0
0x010fe7ac
0x010fe7b2
0x010fe7b9
0x010fe7b9
0x010fe7c7
0x010fe806
0x00000000
0x010fe7c9
0x010fe7d1
0x010fe7d8
0x00000000
0x010fe7d8
0x00000000
0x00000000
0x010fe722
0x010fe72e
0x010fe748
0x010fe74c
0x010fe754
0x010fe756
0x010fe75c
0x010fe75c
0x00000000
0x010fe75c
0x010fe758
0x010fe758
0x00000000
0x010fe758
0x010fe750
0x00000000
0x00000000
0x010fe752
0x00000000
0x010fe752
0x010fe730
0x010fe735
0x010fe73d
0x010fe73f
0x00000000
0x00000000
0x010fe741
0x010fe741
0x00000000
0x010fe741
0x010fe739
0x00000000
0x00000000
0x010fe73b
0x00000000
0x010fe73b
0x010fe722
0x010fe720
0x010fe6b0
0x010fe618
0x00000000
0x010fe618

Strings

`, xrefs: 010FE5D7
`, xrefs: 010FE670

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: `$`
API String ID: 0-197956300
Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
Instruction ID: 2012e380e1fbb51b2323d581564a2b66f7c2d94fdca5cbb2f9cf95a343c96f26
Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
Instruction Fuzzy Hash: 7E919D312043429BE764CE29C842B5BBBE5BF84714F19896DF6D9CB690E774E804CB52

Uniqueness

Uniqueness Score: -1.00%

Function 010B51BE Relevance: 2.7, Strings: 2, Instructions: 173
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E010B51BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x11105f0);
				E0108D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E0104EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E010B53CA(0);
						return E0108D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0107F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E01053690(1, _t117, 0x1011810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0107AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = E01054620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0107AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E010B500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E01079860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}

0x010b51be
0x010b51c3
0x010b51c8
0x010b51cd
0x010b51d0
0x010b51d3
0x010b51d8
0x010b51db
0x010b51de
0x010b51e0
0x010b51e3
0x010b51e6
0x010b51e8
0x010b5342
0x010b5351
0x010b5356
0x010b535a
0x010b5360
0x010b5363
0x010b5366
0x010b5369
0x010b5369
0x010b536b
0x010b536b
0x010b5370
0x010b53a3
0x010b53a4
0x010b53a6
0x010b53ab
0x010b53ab
0x010b53ae
0x010b53ae
0x010b53b5
0x010b53bf
0x010b53bf
0x010b5375
0x010b5396
0x010b53a0
0x010b53a0
0x00000000
0x010b5396
0x010b5377
0x010b5379
0x010b537f
0x010b538c
0x010b5390
0x00000000
0x010b5390
0x010b51ee
0x010b51f1
0x010b5301
0x010b5310
0x010b5315
0x010b5318
0x010b531b
0x010b5320
0x010b532e
0x010b5331
0x00000000
0x010b5331
0x010b5328
0x010b5329
0x00000000
0x010b5329
0x010b51fa
0x010b5235
0x010b5236
0x010b5239
0x010b523f
0x010b5240
0x010b5241
0x010b5242
0x010b5246
0x010b5247
0x010b524e
0x010b5251
0x010b5267
0x010b5269
0x010b526e
0x010b527d
0x010b527e
0x010b5281
0x010b5282
0x010b5287
0x010b5288
0x010b528a
0x010b528f
0x010b5294
0x00000000
0x00000000
0x010b529a
0x010b529c
0x010b529e
0x010b529e
0x010b52a4
0x010b52b0
0x00000000
0x00000000
0x010b52ba
0x010b52bc
0x010b52bc
0x010b52d4
0x010b52d9
0x010b52dc
0x010b52e1
0x00000000
0x00000000
0x010b52e7
0x010b52f4
0x00000000
0x010b52f4
0x010b5270
0x00000000
0x010b5270
0x010b51fc
0x010b51fd
0x010b5202
0x010b5203
0x010b5205
0x010b520a
0x010b520f
0x00000000
0x00000000
0x010b521b
0x010b5226
0x010b522b
0x010b521d
0x010b521d
0x010b5222
0x010b5222
0x010b522d
0x00000000

Strings

UEFI, xrefs: 010B521D
Legacy, xrefs: 010B5226

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID: InitializeThunk
String ID: Legacy$UEFI
API String ID: 2994545307-634100481
Opcode ID: e531bd2cfab1230d607da76dbd9b96e6a11c82a4095c736ce0a5689dd1b002ef
Instruction ID: a0f17890f3da7ed7080685a14d20883048c013bb22e386cb8ce33f6ed47c6f53
Opcode Fuzzy Hash: e531bd2cfab1230d607da76dbd9b96e6a11c82a4095c736ce0a5689dd1b002ef
Instruction Fuzzy Hash: 50514D71E056099FDB24DFA8CD80BEEBBF4BB48700F1480ADE699EB251D7719941CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01034439 Relevance: 2.6, Strings: 2, Instructions: 129
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E01034439(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				signed int _v72;
				intOrPtr _v76;
				signed int _v84;
				signed int _v88;
				char _v92;
				signed int _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t64;
				signed int _t68;
				intOrPtr* _t72;
				signed int _t74;
				void* _t77;
				signed int _t83;
				signed int _t84;

				_t79 = __edx;
				_t54 =  *0x112d360 ^ _t84;
				_v8 =  *0x112d360 ^ _t84;
				_t82 = __ecx;
				_v96 = __edx;
				_t74 = __edx;
				if(__edx != 0 && ( *(__edx + 8) & 0x00000004) == 0) {
					_t82 = __ecx + 4;
					_t72 =  *_t82;
					while(_t72 != _t82) {
						_t83 = _t72 - 8;
						_t79 = 1;
						if( *_t83 != 0x74736c46) {
							_v84 = _v84 & 0x00000000;
							_push( &_v92);
							_v76 = 4;
							_v72 = 1;
							_v68 = 1;
							_v64 = _t82;
							_v60 = _t83;
							_v92 = 0xc0150015;
							_v88 = 1;
							L0108DEF0(_t74, 1);
							_t74 = _v96;
							_t79 = 1;
						}
						if( *(_t83 + 0x14) !=  !( *(_t83 + 4))) {
							_v84 = _v84 & 0x00000000;
							_push( &_v92);
							_v76 = 4;
							_v72 = _t79;
							_v68 = 2;
							_v64 = _t82;
							_v60 = _t83;
							_v92 = 0xc0150015;
							_v88 = _t79;
							L0108DEF0(_t74, _t79);
							_t74 = _v96;
						}
						_t9 = _t83 + 0x18; // 0x1c
						_t54 = _t9;
						if(_t74 < _t9) {
							L13:
							_t72 =  *_t72;
							continue;
						} else {
							_t10 = _t83 + 0x618; // 0x61c
							_t54 = _t10;
							if(_t74 >= _t10) {
								goto L13;
							} else {
								_v96 = 0x30;
								_t64 = _t74 - _t83 - 0x18;
								asm("cdq");
								_t79 = _t64 % _v96;
								_t54 = 0x18 + _t64 / _v96 * 0x30 + _t83;
								if(_t74 == 0x18 + _t64 / _v96 * 0x30 + _t83) {
									_t54 =  *(_t83 + 4);
									if(_t54 != 0) {
										_t68 = _t54 - 1;
										 *(_t83 + 4) = _t68;
										_t54 =  !_t68;
										 *(_t83 + 0x14) =  !_t68;
										 *((intOrPtr*)(_t74 + 8)) = 4;
										if( *(_t83 + 4) == 0) {
											_t54 =  *(_t72 + 4);
											if(_t54 != _t82) {
												do {
													_t83 =  *(_t54 + 4);
													_t79 = _t54 - 8;
													if( *((intOrPtr*)(_t54 - 8 + 4)) == 0) {
														_t77 =  *_t54;
														if( *(_t77 + 4) != _t54 ||  *_t83 != _t54) {
															_push(3);
															asm("int 0x29");
															return 0x3e5;
														}
														 *_t83 = _t77;
														 *(_t77 + 4) = _t83;
														L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t79);
													}
													_t54 = _t83;
												} while (_t83 != _t82);
											}
										}
									}
								}
							}
						}
						goto L12;
					}
				}
				L12:
				return E0107B640(_t54, _t72, _v8 ^ _t84, _t79, _t82, _t83);
			}

0x01034439
0x01034446
0x01034448
0x0103444e
0x01034450
0x01034453
0x01034457
0x01034467
0x0103446a
0x0103446c
0x01034472
0x01034475
0x0103447c
0x0109080d
0x01090814
0x01090815
0x0109081c
0x0109081f
0x01090822
0x01090825
0x01090828
0x0109082f
0x01090832
0x01090837
0x0109083c
0x0109083c
0x0103448a
0x01090842
0x01090849
0x0109084a
0x01090851
0x01090854
0x0109085b
0x0109085e
0x01090861
0x01090868
0x0109086b
0x01090870
0x01090870
0x01034490
0x01034490
0x01034495
0x010344f8
0x010344f8
0x00000000
0x01034497
0x01034497
0x01034497
0x0103449f
0x00000000
0x010344a1
0x010344a3
0x010344ac
0x010344af
0x010344b0
0x010344b9
0x010344bd
0x010344bf
0x010344c4
0x010344c6
0x010344c7
0x010344ca
0x010344cc
0x010344cf
0x010344da
0x010344dc
0x010344e1
0x01090878
0x01090878
0x0109087b
0x01090882
0x01090884
0x01090889
0x010908b0
0x010908b3
0x00000000
0x010908b5
0x01090896
0x0109089a
0x010908a0
0x010908a0
0x010908a5
0x010908a7
0x010908ab
0x010344e1
0x010344da
0x010344c4
0x010344bd
0x0103449f
0x00000000
0x01034495
0x0103446c
0x010344e7
0x010344f7

Strings

0, xrefs: 010344A3
Flst, xrefs: 01034476

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 0$Flst
API String ID: 0-758220159
Opcode ID: e4dd32ba7645bc8d766cf650fde413f2cb23d5ae9a46dce3680f929f965464d2
Instruction ID: ce4ab9a8965d9a8013f515b059390873b4542fce9c643ad3e18307187b4dbe19
Opcode Fuzzy Hash: e4dd32ba7645bc8d766cf650fde413f2cb23d5ae9a46dce3680f929f965464d2
Instruction Fuzzy Hash: C14149B1A00648CFDB25CF99D5806AEFBF9FF84314F14806AD18ADF645DB719986CB80

Uniqueness

Uniqueness Score: -1.00%

Function 010DEB8A Relevance: 1.8, Strings: 1, Instructions: 599
COMMONCrypto

Download Yara Rule

C-Code - Quality: 71%

			E010DEB8A(signed int __ecx, signed int __edx, char _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t258;
				signed int _t260;
				signed int _t261;
				signed char _t262;
				signed int _t263;
				char* _t264;
				signed int _t265;
				intOrPtr _t267;
				signed int _t271;
				signed char _t272;
				signed short _t273;
				signed int _t277;
				signed char _t281;
				signed short _t283;
				signed short _t288;
				signed char _t289;
				signed short _t290;
				signed short _t292;
				signed short _t294;
				signed char _t295;
				intOrPtr _t296;
				signed int _t297;
				signed char _t298;
				unsigned int _t302;
				intOrPtr* _t303;
				signed int _t304;
				unsigned int _t306;
				signed short _t307;
				signed short _t308;
				signed int _t311;
				signed short _t314;
				signed short _t326;
				signed char _t329;
				signed short _t330;
				signed int _t332;
				void* _t333;
				signed short _t337;
				signed int _t339;
				void* _t340;
				signed short _t344;
				signed int _t347;
				signed int _t349;
				signed int _t351;
				signed int _t359;
				signed short _t362;
				signed int _t369;
				signed int _t376;
				signed short _t377;
				signed short* _t378;
				signed short _t381;
				signed char _t383;
				signed short _t384;
				signed short _t385;
				signed int _t390;
				signed int _t393;
				void* _t400;
				signed short _t406;
				signed int _t407;
				signed short _t408;
				signed short _t409;
				signed short _t410;
				signed short _t411;
				intOrPtr _t415;
				signed int _t416;
				signed char _t417;
				signed int _t418;
				unsigned int _t423;
				unsigned int _t431;
				signed int _t437;
				signed int _t442;
				intOrPtr _t443;
				void* _t449;
				intOrPtr _t451;
				signed short _t453;
				signed int _t455;

				_t258 =  *0x112d360 ^ _t455;
				_v8 = _t258;
				_t452 = __ecx;
				_t395 = __edx;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					__eflags =  *(__ecx + 0x40) & 0x61000000;
					asm("bt dword [edi+0x40], 0x1c");
					__eflags = (_t258 & 0xffffff00 | ( *(__ecx + 0x40) & 0x61000000) >= 0x00000000) & (__ecx & 0xffffff00 | __eflags != 0x00000000);
					if(__eflags == 0) {
						L5:
						_v12 = _v12 & 0x00000000;
						_t260 =  *_t395;
						_push(2);
						__eflags = _t260;
						if(_t260 != 0) {
							_t399 =  *(_t395 + 0xa) & 0x0000ffff;
							__eflags = _t399 & 0x00001002;
							if((_t399 & 0x00001002) == 0) {
								goto L25;
							}
							_t441 = _t399 & 0x00000002;
							__eflags = _t441;
							if(_t441 == 0) {
								L14:
								__eflags = _a4;
								if(_a4 == 0) {
									L17:
									_t453 =  *(_t395 + 4) + _t260;
									__eflags = _t399 & 0x00001000;
									if((_t399 & 0x00001000) != 0) {
										_t441 = _t260 - 0x18;
										_t399 = _t452;
										_t260 = E010DD42F(_t452, _t260 - 0x18);
									}
									__eflags = _a4;
									if(_a4 == 0) {
										L21:
										_t451 =  *((intOrPtr*)(_t260 + 0x10));
										_t399 = 2;
										__eflags = _t451 - _t452 + 0xa4;
										if(_t451 == _t452 + 0xa4) {
											__eflags =  *((intOrPtr*)(_t452 + 0xda)) - _t399;
											if( *((intOrPtr*)(_t452 + 0xda)) != _t399) {
												goto L62;
											}
											_t441 =  *(_t452 + 0xd4);
											goto L63;
										}
										_t441 = _t451 + 0xfffffff0;
										goto L63;
									} else {
										__eflags = _t453 -  *((intOrPtr*)(_t260 + 0x28));
										if(_t453 <  *((intOrPtr*)(_t260 + 0x28))) {
											goto L82;
										}
										goto L21;
									}
								}
								__eflags = _t441;
								if(_t441 == 0) {
									goto L17;
								}
								_t453 =  *(_t260 + 0x24);
								goto L82;
							} else {
								__eflags =  *((char*)(_t452 + 0xda)) - 2;
								if( *((char*)(_t452 + 0xda)) != 2) {
									_t437 = 0;
									__eflags = 0;
								} else {
									_t437 =  *(_t452 + 0xd4);
								}
								__eflags = _t260 - _t437;
								if(_t260 == _t437) {
									goto L61;
								} else {
									_t399 =  *(_t395 + 0xa) & 0x0000ffff;
									goto L14;
								}
							}
						} else {
							_t441 = _t452;
							L63:
							_t453 = 0;
							__eflags = _t441;
							if(_t441 != 0) {
								__eflags =  *((intOrPtr*)(_t452 + 0xda)) - _t399;
								if( *((intOrPtr*)(_t452 + 0xda)) != _t399) {
									_t359 = 0;
									__eflags = 0;
								} else {
									_t359 =  *(_t452 + 0xd4);
								}
								__eflags = _t441 - _t359;
								if(_t441 == _t359) {
									_t441 = _t395;
									E010F6D15(_t452, _t395,  &_v12);
									goto L193;
								} else {
									 *_t395 = _t441;
									__eflags =  *(_t452 + 0x4c) - _t453;
									if( *(_t452 + 0x4c) == _t453) {
										_t362 =  *_t441 & 0x0000ffff;
									} else {
										_t377 =  *_t441;
										__eflags =  *(_t452 + 0x4c) & _t377;
										if(( *(_t452 + 0x4c) & _t377) != 0) {
											_t377 = _t377 ^  *(_t452 + 0x50);
											__eflags = _t377;
										}
										_t362 = _t377 & 0x0000ffff;
									}
									 *(_t395 + 4) = (_t362 & 0x0000ffff) << 3;
									 *(_t395 + 0xa) = _t399;
									 *(_t395 + 8) = _t453;
									 *(_t395 + 0xc) =  *((intOrPtr*)(_t441 + 0x20)) -  *(_t441 + 0x2c) << 0xc;
									_t369 =  *(_t441 + 0x2c) << 0xc;
									 *(_t395 + 0x10) = _t369;
									__eflags =  *(_t441 + 0xc) & _t399;
									if(( *(_t441 + 0xc) & _t399) != 0) {
										_t376 = _t369 + 0x1000;
										__eflags = _t376;
										 *(_t395 + 0x10) = _t376;
									}
									 *(_t395 + 0x14) =  *((intOrPtr*)(_t441 + 0x24)) + (( !( *( *((intOrPtr*)(_t441 + 0x24)) + 2)) & 0x00000001) + 1) * 8;
									 *((intOrPtr*)(_t395 + 0x18)) =  *((intOrPtr*)(_t441 + 0x28));
									L82:
									__eflags = _t453;
									if(_t453 == 0) {
										L193:
										_t263 = E01057D50();
										__eflags = _t263;
										if(_t263 == 0) {
											_t264 = 0x7ffe0380;
										} else {
											_t264 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										__eflags =  *_t264;
										if( *_t264 != 0) {
											_t267 =  *[fs:0x30];
											__eflags =  *(_t267 + 0x240) & 0x00000001;
											if(( *(_t267 + 0x240) & 0x00000001) != 0) {
												__eflags = _v12 - 0x8000001a;
												if(_v12 != 0x8000001a) {
													E010F1BA8(_t452);
												}
											}
										}
										_t265 = _v12;
										goto L201;
									}
									_t272 =  *((intOrPtr*)(_t453 + 7));
									__eflags = _t272 & 0x00000040;
									if((_t272 & 0x00000040) == 0) {
										__eflags = _t272 - 4;
										if(_t272 != 4) {
											_t273 = _t453;
											L89:
											 *_t395 = _t273 + 8;
											_t441 = 2;
											 *(_t395 + 0xa) = 1;
											__eflags =  *((intOrPtr*)(_t452 + 0xda)) - _t441;
											if( *((intOrPtr*)(_t452 + 0xda)) != _t441) {
												_t277 = 0;
												__eflags = 0;
											} else {
												_t277 =  *(_t452 + 0xd4);
											}
											__eflags = _t277;
											if(_t277 == 0) {
												L97:
												_t281 =  *(_t452 + 0x4c) >> 0x00000014 &  *(_t452 + 0x52) ^  *(_t453 + 2);
												__eflags = _t281 & 0x00000001;
												if((_t281 & 0x00000001) == 0) {
													 *_t395 = _t453 + 0x10;
													__eflags =  *(_t452 + 0x4c);
													if( *(_t452 + 0x4c) == 0) {
														_t283 =  *_t453 & 0x0000ffff;
													} else {
														_t288 =  *_t453;
														__eflags =  *(_t452 + 0x4c) & _t288;
														if(( *(_t452 + 0x4c) & _t288) != 0) {
															_t288 = _t288 ^  *(_t452 + 0x50);
															__eflags = _t288;
														}
														_t283 = _t288 & 0x0000ffff;
													}
													 *(_t395 + 4) = (_t283 & 0x0000ffff) * 8 - 0x10;
													 *((char*)(_t395 + 9)) =  *(_t453 + 6);
													 *(_t395 + 0xa) = 0;
													 *(_t395 + 8) = 0x10;
													 *(_t395 + 0x14) = 0x10;
													goto L193;
												}
												_t289 =  *((intOrPtr*)(_t453 + 7));
												__eflags = _t289 & 0x00000040;
												if((_t289 & 0x00000040) == 0) {
													__eflags = _t289 - 4;
													if(_t289 != 4) {
														_t290 = _t453;
														L104:
														 *_t395 = _t290 + 8;
														_t399 =  *((intOrPtr*)(_t453 + 7));
														__eflags = _t399 - 4;
														if(_t399 == 4) {
															__eflags =  *(_t452 + 0x4c);
															if( *(_t452 + 0x4c) == 0) {
																_t292 =  *_t453 & 0x0000ffff;
															} else {
																_t308 =  *_t453;
																__eflags =  *(_t452 + 0x4c) & _t308;
																if(( *(_t452 + 0x4c) & _t308) != 0) {
																	_t308 = _t308 ^  *(_t452 + 0x50);
																	__eflags = _t308;
																}
																_t292 = _t308 & 0x0000ffff;
															}
															 *((char*)(_t395 + 9)) = 0x40;
															_t294 = 0x4001;
															 *(_t395 + 4) =  *((intOrPtr*)(_t453 - 8)) - (_t292 & 0x0000ffff);
															 *(_t395 + 0xa) = 0x4001;
															__eflags =  *(_t452 + 0x4c);
															if( *(_t452 + 0x4c) == 0) {
																_t406 =  *_t453 & 0x0000ffff;
															} else {
																_t307 =  *_t453;
																__eflags =  *(_t452 + 0x4c) & _t307;
																if(( *(_t452 + 0x4c) & _t307) != 0) {
																	_t307 = _t307 ^  *(_t452 + 0x50);
																	__eflags = _t307;
																}
																_t406 = _t307 & 0x0000ffff;
																_t294 =  *(_t395 + 0xa) & 0x0000ffff;
															}
															_t407 = _t406 & 0x0000ffff;
															 *(_t395 + 8) = _t407;
															__eflags = _t441 & _t294;
															if((_t441 & _t294) == 0) {
																 *(_t395 + 0x14) = _t407;
															}
															_t408 = _t294 & 0x0000ffff;
															L166:
															__eflags =  *(_t452 + 0x4c);
															if( *(_t452 + 0x4c) == 0) {
																_t295 =  *(_t453 + 2);
																_t409 = _t408 & 0x0000ffff;
															} else {
																_t306 =  *_t453;
																__eflags =  *(_t452 + 0x4c) & _t306;
																if(( *(_t452 + 0x4c) & _t306) != 0) {
																	_t306 = _t306 ^  *(_t452 + 0x50);
																	__eflags = _t306;
																}
																_t409 =  *(_t395 + 0xa) & 0x0000ffff;
																_t295 = _t306 >> 0x10;
															}
															__eflags = _t441 & _t295;
															if((_t441 & _t295) == 0) {
																_t296 =  *[fs:0x30];
																_t410 = _t409 & 0x0000ffff;
																__eflags =  *(_t296 + 0x68) & 0x00000800;
																if(( *(_t296 + 0x68) & 0x00000800) != 0) {
																	_t297 =  *(_t453 + 3) & 0x000000ff;
																} else {
																	_t297 = 0;
																}
																 *(_t395 + 0x10) = _t297;
															} else {
																_t441 = _t453;
																_t303 = E010DD380(_t452, _t453);
																 *(_t395 + 0xc) =  *(_t303 + 4);
																 *((short*)(_t395 + 0x12)) =  *_t303;
																_t415 =  *[fs:0x30];
																__eflags =  *(_t415 + 0x68) & 0x00000800;
																if(( *(_t415 + 0x68) & 0x00000800) != 0) {
																	_t304 =  *(_t303 + 2) & 0x0000ffff;
																} else {
																	_t304 = 0;
																}
																 *(_t395 + 0x10) = _t304;
																 *(_t395 + 0xa) =  *(_t395 + 0xa) | 0x00000010;
																_t410 =  *(_t395 + 0xa) & 0x0000ffff;
															}
															__eflags =  *(_t452 + 0x4c);
															if( *(_t452 + 0x4c) == 0) {
																_t298 =  *(_t453 + 2);
																_t411 = _t410 & 0x0000ffff;
															} else {
																_t302 =  *_t453;
																__eflags =  *(_t452 + 0x4c) & _t302;
																if(( *(_t452 + 0x4c) & _t302) != 0) {
																	_t302 = _t302 ^  *(_t452 + 0x50);
																	__eflags = _t302;
																}
																_t411 =  *(_t395 + 0xa) & 0x0000ffff;
																_t298 = _t302 >> 0x10;
															}
															 *(_t395 + 0xa) = _t298 & 0xe0 | _t411;
															goto L193;
														}
														__eflags = _t399 - 3;
														if(_t399 == 3) {
															_t408 = 0x1000;
															 *_t395 =  *(_t453 + 0x18);
															 *(_t395 + 0x14) =  *(_t395 + 0x14) & 0x00000000;
															 *(_t395 + 4) =  *(_t453 + 0x1c);
															 *(_t395 + 8) = 0x10000000;
															goto L166;
														}
														__eflags = _t399 - 1;
														if(_t399 != 1) {
															_t442 =  *(_t452 + 0x4c);
															__eflags = _t442;
															if(_t442 == 0) {
																_t311 =  *_t453 & 0x0000ffff;
															} else {
																_t344 =  *_t453;
																_t442 =  *(_t452 + 0x4c);
																__eflags = _t344 & _t442;
																if((_t344 & _t442) != 0) {
																	_t344 = _t344 ^  *(_t452 + 0x50);
																	__eflags = _t344;
																}
																_t399 =  *((intOrPtr*)(_t453 + 7));
																_t311 = _t344 & 0x0000ffff;
															}
															_v20 = _t311;
															__eflags = _t399 - 5;
															if(_t399 != 5) {
																__eflags = _t399 & 0x00000040;
																if((_t399 & 0x00000040) == 0) {
																	__eflags = (_t399 & 0x0000003f) - 0x3f;
																	if((_t399 & 0x0000003f) == 0x3f) {
																		__eflags = _t399;
																		if(_t399 >= 0) {
																			__eflags = _t442;
																			if(_t442 == 0) {
																				_t314 =  *_t453 & 0x0000ffff;
																			} else {
																				_t337 =  *_t453;
																				__eflags =  *(_t452 + 0x4c) & _t337;
																				if(( *(_t452 + 0x4c) & _t337) != 0) {
																					_t337 = _t337 ^  *(_t452 + 0x50);
																					__eflags = _t337;
																				}
																				_t314 = _t337 & 0x0000ffff;
																			}
																		} else {
																			_t431 = _t453 >> 0x00000003 ^  *_t453 ^  *0x112874c ^ _t452;
																			__eflags = _t431;
																			if(_t431 == 0) {
																				_t339 = _t453 - (_t431 >> 0xd);
																				__eflags = _t339;
																				_t340 =  *_t339;
																			} else {
																				_t340 = 0;
																			}
																			_t314 =  *((intOrPtr*)(_t340 + 0x14));
																		}
																		_t416 =  *(_t453 + (_t314 & 0xffff) * 8 - 4);
																	} else {
																		_t416 = _t399 & 0x3f;
																	}
																} else {
																	_t416 =  *(_t453 + 4 + (_t399 & 0x3f) * 8) & 0x0000ffff;
																}
															} else {
																_t416 =  *(_t452 + 0x54) & 0x0000ffff ^  *(_t453 + 4) & 0x0000ffff;
															}
															 *(_t395 + 4) = ((_v20 & 0x0000ffff) << 3) - _t416;
															 *((char*)(_t395 + 9)) =  *(_t453 + 6);
															 *(_t395 + 0xa) = 1;
															_t417 =  *((intOrPtr*)(_t453 + 7));
															__eflags = _t417 - 5;
															if(_t417 != 5) {
																__eflags = _t417 & 0x00000040;
																if((_t417 & 0x00000040) == 0) {
																	__eflags = (_t417 & 0x0000003f) - 0x3f;
																	if((_t417 & 0x0000003f) == 0x3f) {
																		__eflags = _t417;
																		if(_t417 >= 0) {
																			__eflags =  *(_t452 + 0x4c);
																			if( *(_t452 + 0x4c) == 0) {
																				_t326 =  *_t453 & 0x0000ffff;
																			} else {
																				_t330 =  *_t453;
																				__eflags =  *(_t452 + 0x4c) & _t330;
																				if(( *(_t452 + 0x4c) & _t330) != 0) {
																					_t330 = _t330 ^  *(_t452 + 0x50);
																					__eflags = _t330;
																				}
																				_t326 = _t330 & 0x0000ffff;
																			}
																		} else {
																			_t423 = _t453 >> 0x00000003 ^  *_t453 ^  *0x112874c ^ _t452;
																			__eflags = _t423;
																			if(_t423 == 0) {
																				_t332 = _t453 - (_t423 >> 0xd);
																				__eflags = _t332;
																				_t333 =  *_t332;
																			} else {
																				_t333 = 0;
																			}
																			_t326 =  *((intOrPtr*)(_t333 + 0x14));
																		}
																		_t418 =  *(_t453 + (_t326 & 0xffff) * 8 - 4);
																	} else {
																		_t418 = _t417 & 0x3f;
																	}
																} else {
																	_t418 =  *(_t453 + 4 + (_t417 & 0x3f) * 8) & 0x0000ffff;
																}
															} else {
																_t418 =  *(_t452 + 0x54) & 0x0000ffff ^  *(_t453 + 4) & 0x0000ffff;
															}
															_t329 =  *(_t395 + 0xa) & 0x0000ffff;
															_t441 = 2;
															 *(_t395 + 8) = _t418;
															__eflags = _t441 & _t329;
															if((_t441 & _t329) == 0) {
																 *(_t395 + 0x14) = _t418;
															}
															_t408 = _t329;
															goto L166;
														}
														 *(_t395 + 0xa) = 1;
														goto L26;
													}
													_t347 =  *(_t453 + 6) & 0x000000ff;
													L100:
													_t290 = _t453 + _t347 * 8;
													goto L104;
												}
												_t347 = _t289 & 0x3f;
												__eflags = _t347;
												goto L100;
											} else {
												_t441 = _t395;
												_t399 = _t452;
												_t349 = E010F67E2(_t452, _t395, _t452);
												__eflags = _t349;
												if(_t349 == 0) {
													_t441 = 2;
													goto L97;
												}
												__eflags =  *(_t395 + 0xa) & 0x00002000;
												if(( *(_t395 + 0xa) & 0x00002000) == 0) {
													goto L193;
												}
												L25:
												_t441 = 2;
												L26:
												__eflags =  *((intOrPtr*)(_t452 + 0xda)) - _t441;
												if( *((intOrPtr*)(_t452 + 0xda)) != _t441) {
													_t261 = 0;
													__eflags = 0;
												} else {
													_t261 =  *(_t452 + 0xd4);
												}
												__eflags = _t261;
												if(_t261 == 0) {
													L32:
													__eflags =  *(_t395 + 0xa) & 0x00000001;
													_t400 =  *_t395;
													if(( *(_t395 + 0xa) & 0x00000001) == 0) {
														_t399 = _t400 + 0xfffffff0;
														__eflags =  *(_t452 + 0x4c);
														if( *(_t452 + 0x4c) == 0) {
															_t453 =  *_t399 & 0x0000ffff;
														} else {
															_t381 =  *_t399;
															__eflags =  *(_t452 + 0x4c) & _t381;
															if(( *(_t452 + 0x4c) & _t381) != 0) {
																_t381 = _t381 ^  *(_t452 + 0x50);
																__eflags = _t381;
															}
															_t453 = _t381 & 0x0000ffff;
														}
														_t262 =  *(_t399 + 6);
														__eflags = _t262;
														if(_t262 == 0) {
															_t441 = _t452;
														} else {
															_t441 = (_t399 & 0xffff0000) - ((_t262 & 0x000000ff) << 0x10) + 0x10000;
														}
														__eflags = _t441;
														if(_t441 == 0) {
															L192:
															_v12 = 0xc0000141;
															goto L193;
														} else {
															__eflags =  *((char*)(_t399 + 7)) - 3;
															if( *((char*)(_t399 + 7)) != 3) {
																_t271 = _t453 & 0x0000ffff;
																L81:
																_t453 = _t399 + _t271 * 8;
																goto L82;
															}
															L58:
															__eflags =  *(_t399 + 0x1c) + 0x20 + _t399 -  *((intOrPtr*)(_t441 + 0x28));
															if( *(_t399 + 0x1c) + 0x20 + _t399 <  *((intOrPtr*)(_t441 + 0x28))) {
																 *_t395 =  *(_t399 + 0x18);
																 *(_t395 + 0x14) =  *(_t395 + 0x14) & 0x00000000;
																_t453 = 0;
																 *(_t395 + 4) =  *(_t399 + 0x1c);
																 *(_t395 + 8) = 0x10000000;
																goto L82;
															}
															_t443 =  *((intOrPtr*)(_t441 + 0x10));
															__eflags = _t443 - _t452 + 0xa4;
															if(_t443 == _t452 + 0xa4) {
																L61:
																_t399 = 2;
																L62:
																_t441 = 0;
																__eflags = 0;
																goto L63;
															}
															_t441 = _t443 + 0xfffffff0;
															_t399 = 2;
															goto L63;
														}
													}
													_t399 = _t400 + 0xfffffff8;
													__eflags =  *((char*)(_t399 + 7)) - 5;
													if( *((char*)(_t399 + 7)) == 5) {
														_t399 = _t399 - (( *(_t399 + 6) & 0x000000ff) << 3);
														__eflags = _t399;
													}
													__eflags =  *((intOrPtr*)(_t399 + 7)) - 4;
													if( *((intOrPtr*)(_t399 + 7)) != 4) {
														_t383 =  *(_t399 + 6);
														__eflags = _t383;
														if(_t383 == 0) {
															_t441 = _t452;
														} else {
															_t449 = (_t399 & 0xffff0000) - ((_t383 & 0x000000ff) << 0x10);
															_t383 =  *((intOrPtr*)(_t399 + 7));
															_t441 = _t449 + 0x10000;
														}
														__eflags = _t441;
														if(_t441 == 0) {
															goto L192;
														} else {
															__eflags = _t383 - 3;
															if(_t383 == 3) {
																goto L58;
															}
															__eflags =  *(_t452 + 0x4c);
															if( *(_t452 + 0x4c) == 0) {
																_t384 =  *_t399 & 0x0000ffff;
															} else {
																_t385 =  *_t399;
																__eflags =  *(_t452 + 0x4c) & _t385;
																if(( *(_t452 + 0x4c) & _t385) != 0) {
																	_t385 = _t385 ^  *(_t452 + 0x50);
																	__eflags = _t385;
																}
																_t384 = _t385 & 0x0000ffff;
															}
															_t271 = _t384 & 0x0000ffff;
															goto L81;
														}
													} else {
														_t453 =  *(_t399 - 0x18);
														_t378 = _t452 + 0x9c;
														L65:
														__eflags = _t453 - _t378;
														if(_t453 == _t378) {
															_v12 = 0x8000001a;
															goto L193;
														}
														_t453 = _t453 + 0x18;
														goto L82;
													}
												} else {
													_t441 = _t395;
													_t390 = E010F67E2(_t452, _t395, _t399);
													__eflags = _t390;
													if(_t390 == 0) {
														goto L32;
													}
													__eflags =  *(_t395 + 0xa) & 0x00002000;
													if(( *(_t395 + 0xa) & 0x00002000) == 0) {
														goto L193;
													}
													goto L32;
												}
											}
										}
										_t351 =  *(_t453 + 6) & 0x000000ff;
										L85:
										_t273 = _t453 + _t351 * 8;
										goto L89;
									}
									_t351 = _t272 & 0x3f;
									__eflags = _t351;
									goto L85;
								}
							}
							_t378 = _t452 + 0x9c;
							_t453 =  *_t378;
							goto L65;
						}
					}
					_t393 = E010F433B(__edx, __ecx, __ecx, _t453, __eflags);
					__eflags = _t393;
					if(_t393 != 0) {
						goto L5;
					} else {
						_v12 = 0xc000000d;
						goto L193;
					}
				} else {
					_t453 =  *0x1125724; // 0x0
					 *0x112b1e0(__ecx, __edx);
					_t265 =  *_t453();
					L201:
					return E0107B640(_t265, _t395, _v8 ^ _t455, _t441, _t452, _t453);
				}
			}

0x010deb97
0x010deb99
0x010deb9f
0x010deba1
0x010debaa
0x010debc3
0x010debcd
0x010debd5
0x010debd7
0x010debf0
0x010debf0
0x010debf4
0x010debf6
0x010debf9
0x010debfb
0x010dec04
0x010dec08
0x010dec0e
0x00000000
0x00000000
0x010dec16
0x010dec16
0x010dec19
0x010dec3a
0x010dec3a
0x010dec3e
0x010dec4d
0x010dec50
0x010dec52
0x010dec58
0x010dec5a
0x010dec5d
0x010dec5f
0x010dec5f
0x010dec64
0x010dec68
0x010dec73
0x010dec73
0x010dec7e
0x010dec7f
0x010dec81
0x010dec8b
0x010dec91
0x00000000
0x00000000
0x010dec97
0x00000000
0x010dec97
0x010dec83
0x00000000
0x010dec6a
0x010dec6a
0x010dec6d
0x00000000
0x00000000
0x00000000
0x010dec6d
0x010dec68
0x010dec40
0x010dec43
0x00000000
0x00000000
0x010dec45
0x00000000
0x010dec1b
0x010dec1b
0x010dec22
0x010dec2c
0x010dec2c
0x010dec24
0x010dec24
0x010dec24
0x010dec2e
0x010dec30
0x00000000
0x010dec36
0x010dec36
0x00000000
0x010dec36
0x010dec30
0x010debfd
0x010debfd
0x010dedd2
0x010dedd2
0x010dedd4
0x010dedd6
0x010dedf0
0x010dedf6
0x010dee00
0x010dee00
0x010dedf8
0x010dedf8
0x010dedf8
0x010dee02
0x010dee04
0x010def6c
0x010def71
0x00000000
0x010dee0a
0x010dee0a
0x010dee0c
0x010dee0f
0x010dee20
0x010dee11
0x010dee11
0x010dee13
0x010dee16
0x010dee18
0x010dee18
0x010dee18
0x010dee1b
0x010dee1b
0x010dee29
0x010dee2c
0x010dee30
0x010dee3d
0x010dee43
0x010dee46
0x010dee49
0x010dee4c
0x010dee4e
0x010dee4e
0x010dee53
0x010dee53
0x010dee65
0x010dee6b
0x010dee90
0x010dee90
0x010dee92
0x010df23e
0x010df23e
0x010df243
0x010df245
0x010df257
0x010df247
0x010df250
0x010df250
0x010df25c
0x010df25f
0x010df261
0x010df267
0x010df26e
0x010df270
0x010df277
0x010df27b
0x010df27b
0x010df277
0x010df26e
0x010df280
0x00000000
0x010df280
0x010dee98
0x010dee9b
0x010dee9d
0x010deeaa
0x010deeac
0x010deeb4
0x010deeb6
0x010deeb9
0x010deec0
0x010deec1
0x010deec5
0x010deecb
0x010deed5
0x010deed5
0x010deecd
0x010deecd
0x010deecd
0x010deed7
0x010deed9
0x010def00
0x010def09
0x010def0c
0x010def0e
0x010df1f7
0x010df1f9
0x010df1fd
0x010df20e
0x010df1ff
0x010df1ff
0x010df201
0x010df204
0x010df206
0x010df206
0x010df206
0x010df209
0x010df209
0x010df21b
0x010df221
0x010df226
0x010df22a
0x010df22e
0x00000000
0x010df22e
0x010def14
0x010def17
0x010def19
0x010def26
0x010def28
0x010def30
0x010def32
0x010def35
0x010def37
0x010def3a
0x010def3d
0x010df0ea
0x010df0ee
0x010df0ff
0x010df0f0
0x010df0f0
0x010df0f2
0x010df0f5
0x010df0f7
0x010df0f7
0x010df0f7
0x010df0fa
0x010df0fa
0x010df10a
0x010df10e
0x010df113
0x010df116
0x010df11a
0x010df11e
0x010df133
0x010df120
0x010df120
0x010df122
0x010df125
0x010df127
0x010df127
0x010df127
0x010df12a
0x010df12d
0x010df12d
0x010df136
0x010df139
0x010df13c
0x010df13e
0x010df140
0x010df140
0x010df143
0x010df146
0x010df146
0x010df14a
0x010df15f
0x010df162
0x010df14c
0x010df14c
0x010df14e
0x010df151
0x010df153
0x010df153
0x010df153
0x010df156
0x010df15a
0x010df15a
0x010df165
0x010df167
0x010df1a9
0x010df1af
0x010df1b2
0x010df1b9
0x010df1bf
0x010df1bb
0x010df1bb
0x010df1bb
0x010df1c3
0x010df169
0x010df169
0x010df16d
0x010df175
0x010df17b
0x010df17f
0x010df186
0x010df18d
0x010df193
0x010df18f
0x010df18f
0x010df18f
0x010df197
0x010df19b
0x010df1a4
0x010df1a4
0x010df1c7
0x010df1cb
0x010df1e0
0x010df1e3
0x010df1cd
0x010df1cd
0x010df1cf
0x010df1d2
0x010df1d4
0x010df1d4
0x010df1d4
0x010df1d7
0x010df1db
0x010df1db
0x010df1ee
0x00000000
0x010df1ee
0x010def43
0x010def46
0x010df0d0
0x010df0d5
0x010df0da
0x010df0de
0x010df0e1
0x00000000
0x010df0e1
0x010def4c
0x010def4f
0x010def7b
0x010def7e
0x010def80
0x010def96
0x010def82
0x010def82
0x010def84
0x010def87
0x010def89
0x010def8b
0x010def8b
0x010def8b
0x010def8e
0x010def91
0x010def91
0x010def99
0x010def9c
0x010def9f
0x010defad
0x010defb0
0x010defc3
0x010defc5
0x010defcf
0x010defd1
0x010deffa
0x010deffc
0x010df00d
0x010deffe
0x010deffe
0x010df000
0x010df003
0x010df005
0x010df005
0x010df005
0x010df008
0x010df008
0x010defd3
0x010defe0
0x010defe2
0x010defe5
0x010deff0
0x010deff0
0x010deff2
0x010defe7
0x010defe7
0x010defe7
0x010deff4
0x010deff4
0x010df016
0x010defc7
0x010defca
0x010defca
0x010defb2
0x010defb8
0x010defb8
0x010defa1
0x010defa9
0x010defa9
0x010df025
0x010df02b
0x010df031
0x010df035
0x010df038
0x010df03b
0x010df049
0x010df04c
0x010df05f
0x010df061
0x010df06b
0x010df06d
0x010df096
0x010df09a
0x010df0ab
0x010df09c
0x010df09c
0x010df09e
0x010df0a1
0x010df0a3
0x010df0a3
0x010df0a3
0x010df0a6
0x010df0a6
0x010df06f
0x010df07c
0x010df07e
0x010df081
0x010df08c
0x010df08c
0x010df08e
0x010df083
0x010df083
0x010df083
0x010df090
0x010df090
0x010df0b4
0x010df063
0x010df066
0x010df066
0x010df04e
0x010df054
0x010df054
0x010df03d
0x010df045
0x010df045
0x010df0b8
0x010df0be
0x010df0bf
0x010df0c2
0x010df0c4
0x010df0c6
0x010df0c6
0x010df0c9
0x00000000
0x010df0c9
0x010def54
0x00000000
0x010def54
0x010def2a
0x010def21
0x010def21
0x00000000
0x010def21
0x010def1e
0x010def1e
0x00000000
0x010deedb
0x010deedc
0x010deede
0x010deee0
0x010deee5
0x010deee7
0x010deeff
0x00000000
0x010deeff
0x010deeee
0x010deef2
0x00000000
0x00000000
0x010deca2
0x010deca4
0x010deca5
0x010deca5
0x010decab
0x010decb5
0x010decb5
0x010decad
0x010decad
0x010decad
0x010decb7
0x010decb9
0x010decd8
0x010decd8
0x010decdc
0x010decde
0x010ded59
0x010ded5c
0x010ded60
0x010ded71
0x010ded62
0x010ded62
0x010ded64
0x010ded67
0x010ded69
0x010ded69
0x010ded69
0x010ded6c
0x010ded6c
0x010ded74
0x010ded77
0x010ded79
0x010ded93
0x010ded7b
0x010ded8b
0x010ded8b
0x010ded95
0x010ded97
0x010df237
0x010df237
0x00000000
0x010ded9d
0x010ded9d
0x010deda1
0x010dee8a
0x010dee8d
0x010dee8d
0x00000000
0x010dee8d
0x010deda7
0x010dedaf
0x010dedb2
0x010dee73
0x010dee78
0x010dee7c
0x010dee7e
0x010dee81
0x00000000
0x010dee81
0x010dedb8
0x010dedc1
0x010dedc3
0x010dedcd
0x010dedcf
0x010dedd0
0x010dedd0
0x010dedd0
0x00000000
0x010dedd0
0x010dedc7
0x010dedca
0x00000000
0x010dedca
0x010ded97
0x010dece0
0x010dece3
0x010dece7
0x010decf0
0x010decf0
0x010decf0
0x010decf5
0x010decf8
0x010ded08
0x010ded0b
0x010ded0d
0x010ded2a
0x010ded0f
0x010ded1d
0x010ded1f
0x010ded22
0x010ded22
0x010ded2c
0x010ded2e
0x00000000
0x010ded34
0x010ded34
0x010ded37
0x00000000
0x00000000
0x010ded39
0x010ded3d
0x010ded4e
0x010ded3f
0x010ded3f
0x010ded41
0x010ded44
0x010ded46
0x010ded46
0x010ded46
0x010ded49
0x010ded49
0x010ded51
0x00000000
0x010ded51
0x010decfa
0x010decfa
0x010decfd
0x010dede0
0x010dede0
0x010dede2
0x010def5d
0x00000000
0x010def5d
0x010dede8
0x00000000
0x010dede8
0x010decbb
0x010decbc
0x010decc0
0x010decc5
0x010decc7
0x00000000
0x00000000
0x010decce
0x010decd2
0x00000000
0x00000000
0x00000000
0x010decd2
0x010decb9
0x010deed9
0x010deeae
0x010deea5
0x010deea5
0x00000000
0x010deea5
0x010deea2
0x010deea2
0x00000000
0x010deea2
0x010dee04
0x010dedd8
0x010dedde
0x00000000
0x010dedde
0x010debfb
0x010debdb
0x010debe0
0x010debe2
0x00000000
0x010debe4
0x010debe4
0x00000000
0x010debe4
0x010debac
0x010debac
0x010debb6
0x010debbc
0x010df283
0x010df293
0x010df293

Strings

@, xrefs: 010DF10A

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 7c73587db42ae3ca72ce332938c4626767a720f42d7ec9e450d589f38268c5d6
Instruction ID: 5a667680831aaeca7d6e3e883687a6648e5163599dec8a0ab405c19d543506b0
Opcode Fuzzy Hash: 7c73587db42ae3ca72ce332938c4626767a720f42d7ec9e450d589f38268c5d6
Instruction Fuzzy Hash: 8332DF742047669BEB69CF2DC490376BBE1BF45304F08C49AE9C68F286D735E456CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0105B944 Relevance: 1.7, APIs: 1, Instructions: 166
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E0105B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x112d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E01057D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E01108CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E01079E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0107B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0107CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E01057D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E01108F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0107AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x1128628; // 0x0
								_v68 = _t77;
								_t78 =  *0x112862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x1128628; // 0x0
							_t116 =  *0x112862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}

0x0105b94c
0x0105b956
0x0105b95c
0x0105b95e
0x0105b964
0x0105b969
0x0105b96d
0x0105b96d
0x0105b970
0x0105b974
0x0105b97a
0x0105badf
0x0105badf
0x0105bae2
0x0105bae4
0x0105bae6
0x0105baf0
0x010a2cb8
0x0105baf6
0x0105baf6
0x0105baf6
0x0105bafd
0x0105bb1f
0x0105bb1f
0x0105baff
0x0105bb00
0x0105bb00
0x0105bb03
0x0105bb03
0x0105bacb
0x0105bacf
0x0105bad0
0x0105bad1
0x0105badc
0x0105badc
0x0105b980
0x0105b980
0x0105b988
0x0105b98b
0x0105b98d
0x0105b990
0x0105b993
0x0105b999
0x0105b99b
0x0105b9a1
0x0105b9a5
0x0105b9aa
0x0105b9b0
0x0105b9bb
0x0105b9c0
0x0105b9c3
0x0105b9ca
0x0105b9cc
0x0105b9cf
0x0105b9d3
0x0105b9d7
0x0105ba94
0x0105ba94
0x0105ba98
0x0105baa3
0x010a2ccb
0x0105baa9
0x0105baa9
0x0105baa9
0x0105bab1
0x010a2cd5
0x010a2cdd
0x010a2cdd
0x0105babb
0x0105babc
0x0105bac2
0x0105bac3
0x0105bac3
0x0105bac6
0x00000000
0x0105b9dd
0x0105b9dd
0x0105b9e7
0x0105b9e7
0x0105b9ec
0x0105b9ec
0x0105b9f1
0x0105b9f5
0x0105b9fa
0x0105ba00
0x0105ba0c
0x0105ba10
0x0105ba10
0x0105ba12
0x0105ba18
0x00000000
0x00000000
0x0105bb26
0x0105bb26
0x0105ba1e
0x0105ba1e
0x0105ba23
0x0105ba25
0x0105ba2c
0x0105ba30
0x0105ba35
0x0105ba35
0x0105ba41
0x0105ba46
0x0105ba4c
0x0105ba50
0x0105ba54
0x0105ba6a
0x0105ba6e
0x0105ba70
0x0105ba74
0x0105ba78
0x0105ba7a
0x0105ba7c
0x0105ba8e
0x0105ba90
0x0105ba92
0x0105bb14
0x0105bb14
0x0105bb16
0x0105bb16
0x00000000
0x0105ba7c
0x0105bb0a
0x0105bb0d
0x00000000
0x00000000
0x00000000
0x0105bb0f

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0105B9A5

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 885266447-0
Opcode ID: 623347439d52b069c4e4906ba6697e0be56aa027435c576139defc6150c81121
Instruction ID: f2784af07d3ad457ce3f06f548d4c657b4c4f5a504f84d1846d83dd700ac7259
Opcode Fuzzy Hash: 623347439d52b069c4e4906ba6697e0be56aa027435c576139defc6150c81121
Instruction Fuzzy Hash: B5515771A08341CFD7A5DF68C08092BBBF6BB88600F1489AEE9D587345D770E840CB92

Uniqueness

Uniqueness Score: -1.00%

Function 01062581 Relevance: 1.6, Strings: 1, Instructions: 329
COMMONCrypto

Download Yara Rule

C-Code - Quality: 83%

			E01062581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, intOrPtr _a35) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t240;
				signed int _t244;
				signed char _t245;
				void* _t247;
				signed int _t254;
				signed int _t256;
				intOrPtr _t258;
				signed int _t261;
				signed int _t268;
				signed int _t271;
				signed int _t279;
				intOrPtr _t285;
				signed int _t287;
				signed int _t289;
				void* _t290;
				signed int _t291;
				signed int _t292;
				unsigned int _t295;
				signed int _t299;
				signed int* _t300;
				signed int _t301;
				signed int _t305;
				intOrPtr _t317;
				signed int _t326;
				signed int _t328;
				signed int _t329;
				signed int _t333;
				signed int _t334;
				signed int _t336;
				signed int _t338;
				signed int _t340;
				void* _t341;
				signed char _t343;
				void* _t344;

				_t338 = _t340;
				_t341 = _t340 - 0x4c;
				_v8 =  *0x112d360 ^ _t338;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t333 = 0x112b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t295 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t344 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t285 = 0x48;
				_t315 = 0 | _t344 == 0x00000000;
				_t326 = 0;
				_v37 = _t344 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t285 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t334 = 0xc0000106;
						goto L32;
					} else {
						_t333 = E01054620(_t295,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t285);
						_v52 = _t333;
						__eflags = _t333;
						if(_t333 == 0) {
							_t334 = 0xc0000017;
							goto L32;
						} else {
							 *(_t333 + 0x44) =  *(_t333 + 0x44) & 0x00000000;
							_t50 = _t333 + 0x48; // 0x48
							_t328 = _t50;
							_t315 = _v32;
							 *((intOrPtr*)(_t333 + 0x3c)) = _t285;
							_t287 = 0;
							 *((short*)(_t333 + 0x30)) = _v48;
							__eflags = _t315;
							if(_t315 != 0) {
								 *(_t333 + 0x18) = _t328;
								__eflags = _t315 - 0x1128478;
								 *_t333 = ((0 | _t315 == 0x01128478) - 0x00000001 & 0xfffffffb) + 7;
								E0107F3E0(_t328,  *((intOrPtr*)(_t315 + 4)),  *_t315 & 0x0000ffff);
								_t315 = _v32;
								_t341 = _t341 + 0xc;
								_t287 = 1;
								__eflags = _a8;
								_t328 = _t328 + (( *_t315 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t279 = E010C39F2(_t328);
									_t315 = _v32;
									_t328 = _t279;
								}
							}
							_t299 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t334 = _v68;
								__eflags = 0;
								 *((short*)(_t328 - 2)) = 0;
								goto L32;
							} else {
								_t289 = _t333 + _t287 * 4;
								_v56 = _t289;
								do {
									__eflags = _t315;
									if(_t315 != 0) {
										_t240 =  *(_v60 + _t299 * 4);
										__eflags = _t240;
										if(_t240 == 0) {
											goto L30;
										} else {
											__eflags = _t240 == 5;
											if(_t240 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t289 =  *(_v60 + _t299 * 4);
										 *(_t289 + 0x18) = _t328;
										_t244 =  *(_v60 + _t299 * 4);
										__eflags = _t244 - 8;
										if(_t244 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t244 * 4 +  &M01062959))) {
												case 0:
													__ax =  *0x1128488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0107F3E0(__edi,  *0x112848c, __ax & 0x0000ffff);
														__eax =  *0x1128488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E0107F3E0(_t328, _v80, _v64);
													_t274 = _v64;
													goto L26;
												case 2:
													 *0x1128480 & 0x0000ffff = E0107F3E0(__edi,  *0x1128484,  *0x1128480 & 0x0000ffff);
													__eax =  *0x1128480 & 0x0000ffff;
													__eax = ( *0x1128480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0107F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0107F3E0(_t328, _v76, _v36);
														_t274 = _v36;
													}
													L26:
													_t341 = _t341 + 0xc;
													_t328 = _t328 + (_t274 >> 1) * 2 + 2;
													__eflags = _t328;
													L27:
													_push(0x3b);
													_pop(_t276);
													 *((short*)(_t328 - 2)) = _t276;
													goto L28;
												case 6:
													__ebx =  *0x112575c;
													__eflags = __ebx - 0x112575c;
													if(__ebx != 0x112575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0107F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x112575c;
														} while (__ebx != 0x112575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x1128478 & 0x0000ffff = E0107F3E0(__edi,  *0x112847c,  *0x1128478 & 0x0000ffff);
													__eax =  *0x1128478 & 0x0000ffff;
													__eax = ( *0x1128478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E010C39F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x1126e58 & 0x0000ffff = E0107F3E0(__edi,  *0x1126e5c,  *0x1126e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x1126e58 & 0x0000ffff;
													__eax = ( *0x1126e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t299 = _v16;
													_t315 = _v32;
													L29:
													_t289 = _t289 + 4;
													__eflags = _t289;
													_v56 = _t289;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t299 = _t299 + 1;
									_v16 = _t299;
									__eflags = _t299 - _v48;
								} while (_t299 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t244 =  *(_v60 + _t326 * 4);
						if(_t244 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t244 * 4 +  &M01062935))) {
							case 0:
								__ax =  *0x1128488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t315 =  &_v64;
								_v80 = E01062E3E(0,  &_v64);
								_t285 = _t285 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x1128480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1128480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E0104EEF0(0x11279a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E0104EB70(__ecx, 0x11279a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t218 = _v72;
											__eflags = _t218;
											if(_t218 != 0) {
												L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t218);
											}
											_t219 = _v52;
											__eflags = _t219;
											if(_t219 != 0) {
												__eflags = _t334;
												if(_t334 < 0) {
													L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t219);
													_t219 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t295 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x1127b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = E01054620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E0104EB70(__ecx, 0x11279a0);
										__eax = _v52;
										L36:
										_pop(_t327);
										_pop(_t335);
										__eflags = _v8 ^ _t338;
										_pop(_t286);
										return E0107B640(_t219, _t286, _v8 ^ _t338, _t315, _t327, _t335);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t281 = _v56;
								if(_v56 != 0) {
									_t315 =  &_v36;
									_t283 = E01062E3E(_t281,  &_v36);
									_t295 = _v36;
									_v76 = _t283;
								}
								if(_t295 == 0) {
									goto L44;
								} else {
									_t285 = _t285 + 2 + _t295;
								}
								goto L14;
							case 6:
								__eax =  *0x1125764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x1128478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1128478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x1126e58 & 0x0000ffff;
								__eax = ( *0x1126e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t326 = _t326 + 1;
								if(_t326 >= _v48) {
									goto L16;
								} else {
									_t315 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t300 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					_push(es);
					 *((intOrPtr*)(_t333 + 0x28)) =  *((intOrPtr*)(_t333 + 0x28)) + _t341;
					_push(es);
					_t245 = _t244 + _t341;
					asm("daa");
					_push(es);
					 *_t333 =  *_t333 + _t338;
					_push(es);
					 *((intOrPtr*)(_t333 + 0x28)) =  *((intOrPtr*)(_t333 + 0x28)) + _t245;
					 *0x1f010626 =  *0x1f010626 + _t245;
					_t290 = es;
					_t247 = _t341;
					_t343 = _t245 |  *_t300;
					 *_t333 =  *_t333 - _t247;
					 *0x2010a5b =  *0x2010a5b + _t333;
					 *_t333 =  *_t333 - _t247;
					 *((intOrPtr*)(_t247 - 0x9fef9d8)) =  *((intOrPtr*)(_t247 - 0x9fef9d8)) + _t247;
					asm("daa");
					_push(es);
					 *_t333 =  *_t333 + _t290;
					 *_t333 =  *_t333 - _t247;
					 *((intOrPtr*)(_t333 + 0x28)) =  *((intOrPtr*)(_t333 + 0x28)) + _t300;
					_push(es);
					_a35 = _a35 + _t290;
					_t291 = es;
					_push(es);
					 *((intOrPtr*)(_t343 + _t291 * 2)) =  *((intOrPtr*)(_t343 + _t291 * 2)) + _t333;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x110ff00);
					E0108D08C(_t291, _t328, _t333);
					_v44 =  *[fs:0x18];
					_t329 = 0;
					 *_a24 = 0;
					_t292 = _a12;
					__eflags = _t292;
					if(_t292 == 0) {
						_t254 = 0xc0000100;
					} else {
						_v8 = 0;
						_t336 = 0xc0000100;
						_v52 = 0xc0000100;
						_t256 = 4;
						while(1) {
							_v40 = _t256;
							__eflags = _t256;
							if(_t256 == 0) {
								break;
							}
							_t305 = _t256 * 0xc;
							_v48 = _t305;
							__eflags = _t292 -  *((intOrPtr*)(_t305 + 0x1011664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t271 = E0107E5C0(_a8,  *((intOrPtr*)(_t305 + 0x1011668)), _t292);
									_t343 = _t343 + 0xc;
									__eflags = _t271;
									if(__eflags == 0) {
										_t336 = E010B51BE(_t292,  *((intOrPtr*)(_v48 + 0x101166c)), _a16, _t329, _t336, __eflags, _a20, _a24);
										_v52 = _t336;
										break;
									} else {
										_t256 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t256 = _t256 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t336;
						__eflags = _t336;
						if(_t336 < 0) {
							__eflags = _t336 - 0xc0000100;
							if(_t336 == 0xc0000100) {
								_t301 = _a4;
								__eflags = _t301;
								if(_t301 != 0) {
									_v36 = _t301;
									__eflags =  *_t301 - _t329;
									if( *_t301 == _t329) {
										_t336 = 0xc0000100;
										goto L76;
									} else {
										_t317 =  *((intOrPtr*)(_v44 + 0x30));
										_t258 =  *((intOrPtr*)(_t317 + 0x10));
										__eflags =  *((intOrPtr*)(_t258 + 0x48)) - _t301;
										if( *((intOrPtr*)(_t258 + 0x48)) == _t301) {
											__eflags =  *(_t317 + 0x1c);
											if( *(_t317 + 0x1c) == 0) {
												L106:
												_t336 = E01062AE4( &_v36, _a8, _t292, _a16, _a20, _a24);
												_v32 = _t336;
												__eflags = _t336 - 0xc0000100;
												if(_t336 != 0xc0000100) {
													goto L69;
												} else {
													_t329 = 1;
													_t301 = _v36;
													goto L75;
												}
											} else {
												_t261 = E01046600( *(_t317 + 0x1c));
												__eflags = _t261;
												if(_t261 != 0) {
													goto L106;
												} else {
													_t301 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t336 = E01062C50(_t301, _a8, _t292, _a16, _a20, _a24, _t329);
											L76:
											_v32 = _t336;
											goto L69;
										}
									}
									goto L108;
								} else {
									E0104EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t336 = _a24;
									_t268 = E01062AE4( &_v36, _a8, _t292, _a16, _a20, _t336);
									_v32 = _t268;
									__eflags = _t268 - 0xc0000100;
									if(_t268 == 0xc0000100) {
										_v32 = E01062C50(_v36, _a8, _t292, _a16, _a20, _t336, 1);
									}
									_v8 = _t329;
									E01062ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t254 = _t336;
					}
					L70:
					return E0108D0D1(_t254);
				}
				L108:
			}

0x01062584
0x01062586
0x01062590
0x01062596
0x01062597
0x01062598
0x01062599
0x0106259e
0x010625a4
0x010625a9
0x010625ac
0x010625ae
0x010625b1
0x010625b2
0x010625b5
0x010625b8
0x010625bb
0x010625bc
0x010625bf
0x010625c2
0x010625c5
0x010625c6
0x010625cb
0x010625ce
0x010625d8
0x010625db
0x010625dd
0x010625de
0x010625e1
0x010625e3
0x010625e9
0x010626da
0x010626da
0x010626dd
0x010626e2
0x010a5b56
0x00000000
0x010626e8
0x010626f9
0x010626fb
0x010626fe
0x01062700
0x010a5b60
0x00000000
0x01062706
0x01062706
0x0106270a
0x0106270a
0x0106270d
0x01062713
0x01062716
0x01062718
0x0106271c
0x0106271e
0x010a5b6c
0x010a5b6f
0x010a5b7f
0x010a5b89
0x010a5b8e
0x010a5b93
0x010a5b96
0x010a5b9c
0x010a5ba0
0x010a5ba3
0x010a5bab
0x010a5bb0
0x010a5bb3
0x010a5bb3
0x010a5ba3
0x01062724
0x01062726
0x01062729
0x0106272c
0x0106279d
0x0106279d
0x010627a0
0x010627a2
0x00000000
0x0106272e
0x0106272e
0x01062731
0x01062734
0x01062734
0x01062736
0x010a5bc1
0x010a5bc1
0x010a5bc4
0x00000000
0x010a5bca
0x010a5bca
0x010a5bcd
0x00000000
0x010a5bd3
0x00000000
0x010a5bd3
0x010a5bcd
0x0106273c
0x0106273c
0x01062742
0x01062747
0x0106274a
0x0106274d
0x01062750
0x00000000
0x01062756
0x01062756
0x00000000
0x01062902
0x01062908
0x0106290b
0x00000000
0x01062911
0x0106291c
0x01062921
0x00000000
0x01062921
0x00000000
0x00000000
0x01062880
0x01062887
0x0106288c
0x00000000
0x00000000
0x01062805
0x0106280a
0x01062814
0x01062816
0x00000000
0x00000000
0x0106281e
0x01062821
0x01062823
0x00000000
0x01062829
0x01062829
0x01062831
0x0106283c
0x0106283e
0x00000000
0x0106283e
0x00000000
0x00000000
0x0106284e
0x01062850
0x01062851
0x01062854
0x01062857
0x0106285a
0x0106285c
0x0106285d
0x00000000
0x00000000
0x0106275d
0x01062761
0x00000000
0x01062767
0x0106276e
0x01062773
0x01062773
0x01062776
0x01062778
0x0106277e
0x0106277e
0x01062781
0x01062781
0x01062783
0x01062784
0x00000000
0x00000000
0x010a5bd8
0x010a5bde
0x010a5be4
0x010a5be6
0x010a5be8
0x010a5be9
0x010a5bee
0x010a5bf8
0x010a5bff
0x010a5c01
0x010a5c04
0x010a5c07
0x010a5c0b
0x010a5c0d
0x010a5c0d
0x010a5c15
0x010a5c18
0x010a5c1b
0x010a5c1b
0x010a5c1e
0x00000000
0x00000000
0x010628c3
0x010628c8
0x010628d2
0x010628d4
0x010628d8
0x010628db
0x010a5c26
0x010a5c28
0x010a5c2d
0x010a5c2d
0x00000000
0x00000000
0x010a5c34
0x010a5c36
0x010a5c49
0x010a5c4e
0x010a5c54
0x010a5c5b
0x010a5c5d
0x010a5c60
0x01062788
0x01062788
0x0106278b
0x0106278e
0x0106278e
0x0106278e
0x01062791
0x00000000
0x00000000
0x01062756
0x01062750
0x00000000
0x01062794
0x01062794
0x01062795
0x01062798
0x01062798
0x00000000
0x01062734
0x0106272c
0x01062700
0x010625ef
0x010625ef
0x010625ef
0x010625f2
0x010625f8
0x00000000
0x00000000
0x010625fe
0x00000000
0x010628e6
0x010628ec
0x010628ef
0x010628f5
0x010628f8
0x010628f8
0x00000000
0x010628f8
0x00000000
0x00000000
0x01062866
0x01062866
0x01062876
0x01062879
0x00000000
0x00000000
0x010627e0
0x010627e7
0x010627e9
0x010627eb
0x010a5afd
0x00000000
0x010a5afd
0x00000000
0x00000000
0x01062633
0x01062638
0x0106263b
0x0106263c
0x0106263e
0x01062640
0x01062642
0x01062647
0x01062649
0x0106264e
0x01062650
0x01062653
0x01062659
0x010626a2
0x010626a7
0x010626ac
0x010626b2
0x010a5b11
0x010a5b15
0x010a5b17
0x00000000
0x010626b8
0x010626b8
0x010626ba
0x010627a6
0x010627a6
0x010627a9
0x010627ab
0x010627b9
0x010627b9
0x010627be
0x010627c1
0x010627c3
0x010627c5
0x010627c7
0x010a5c74
0x010a5c79
0x010a5c79
0x010627c7
0x00000000
0x010626c0
0x010626c0
0x010626c3
0x010626c6
0x010626c6
0x010626c9
0x010626c9
0x00000000
0x010626c9
0x010626ba
0x0106265b
0x0106265b
0x0106265e
0x01062667
0x0106266d
0x01062677
0x0106267c
0x0106267f
0x01062681
0x010a5b49
0x010a5b4e
0x010627cd
0x010627d0
0x010627d1
0x010627d2
0x010627d4
0x010627dd
0x01062687
0x01062687
0x0106268a
0x0106268b
0x0106268e
0x0106268f
0x01062691
0x01062696
0x01062698
0x0106269d
0x0106269f
0x00000000
0x0106269f
0x01062681
0x00000000
0x00000000
0x01062846
0x00000000
0x00000000
0x01062605
0x0106260a
0x0106260c
0x01062611
0x01062616
0x01062619
0x01062619
0x0106261e
0x00000000
0x01062624
0x01062627
0x01062627
0x00000000
0x00000000
0x010a5b1f
0x00000000
0x00000000
0x01062894
0x0106289b
0x0106289d
0x010628a1
0x010a5b2b
0x010a5b2e
0x010a5b2e
0x010628a7
0x010628a9
0x010a5b04
0x010a5b09
0x010a5b09
0x010a5b09
0x00000000
0x00000000
0x010a5b35
0x010a5b3c
0x010628fb
0x010628fb
0x010626cc
0x010626cc
0x010626d0
0x00000000
0x010626d2
0x010626d2
0x00000000
0x010626d2
0x00000000
0x00000000
0x010625fe
0x0106292d
0x0106292f
0x01062930
0x01062935
0x01062937
0x01062938
0x0106293b
0x0106293c
0x0106293e
0x0106293f
0x01062940
0x01062942
0x01062944
0x01062948
0x0106294e
0x01062951
0x01062951
0x01062952
0x01062954
0x0106295a
0x0106295c
0x01062962
0x01062963
0x01062964
0x01062966
0x01062968
0x0106296b
0x0106296c
0x01062972
0x01062977
0x01062978
0x0106297d
0x0106297e
0x0106297f
0x01062980
0x01062981
0x01062982
0x01062983
0x01062984
0x01062985
0x01062986
0x01062987
0x01062988
0x01062989
0x0106298a
0x0106298b
0x0106298c
0x0106298d
0x0106298e
0x0106298f
0x01062990
0x01062992
0x01062997
0x010629a3
0x010629a6
0x010629ab
0x010629ad
0x010629b0
0x010629b2
0x010a5c80
0x010629b8
0x010629b8
0x010629bb
0x010629c0
0x010629c5
0x010629c6
0x010629c6
0x010629c9
0x010629cb
0x00000000
0x00000000
0x010629cd
0x010629d0
0x010629d9
0x010629db
0x010629dd
0x01062a7f
0x01062a84
0x01062a87
0x01062a89
0x010a5ca1
0x010a5ca3
0x00000000
0x01062a8f
0x01062a8f
0x00000000
0x01062a8f
0x00000000
0x010629e3
0x010629e3
0x010629e3
0x00000000
0x010629e3
0x010629dd
0x00000000
0x010629db
0x010629e6
0x010629e9
0x010629eb
0x010629ed
0x010629f3
0x010629f5
0x010629f8
0x010629fa
0x01062a97
0x01062a9a
0x01062a9d
0x01062add
0x00000000
0x01062a9f
0x01062aa2
0x01062aa5
0x01062aa8
0x01062aab
0x010a5cab
0x010a5caf
0x010a5cc5
0x010a5cda
0x010a5cdc
0x010a5cdf
0x010a5ce5
0x00000000
0x010a5ceb
0x010a5ced
0x010a5cee
0x00000000
0x010a5cee
0x010a5cb1
0x010a5cb4
0x010a5cb9
0x010a5cbb
0x00000000
0x010a5cbd
0x010a5cbd
0x00000000
0x010a5cbd
0x010a5cbb
0x01062ab1
0x01062ab1
0x01062ac4
0x01062ac6
0x01062ac6
0x00000000
0x01062ac6
0x01062aab
0x00000000
0x01062a00
0x01062a09
0x01062a0e
0x01062a21
0x01062a24
0x01062a35
0x01062a3a
0x01062a3d
0x01062a42
0x01062a59
0x01062a59
0x01062a5c
0x01062a5f
0x01062a5f
0x010629fa
0x010629f3
0x01062a64
0x01062a64
0x01062a6b
0x01062a6b
0x01062a6d
0x01062a72
0x01062a72
0x00000000

Strings

PATH, xrefs: 01062642, 01062691

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: PATH
API String ID: 0-1036084923
Opcode ID: e89c90f41c7d498e6c8fe00a4b0d2adaf7ce9f778668abe60abc3e03d2c13c33
Instruction ID: 1c169026651f7440d463e2c4bd0ccc05b1aa3a4871508a438b2588b838628be8
Opcode Fuzzy Hash: e89c90f41c7d498e6c8fe00a4b0d2adaf7ce9f778668abe60abc3e03d2c13c33
Instruction Fuzzy Hash: F5C18071E10219EFDB25DF99D880BEEBBF5FF48700F444069E991AB250D738A941CB64

Uniqueness

Uniqueness Score: -1.00%

Function 0106FAB0 Relevance: 1.6, Strings: 1, Instructions: 306
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E0106FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E0104EEF0(0x1127b60);
					_t134 =  *0x1127b84; // 0x77de7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x1127b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x1127b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E01046D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E010476E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E010D8938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0103B150();
													}
													_t116 = E010D6D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E010475CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x1128638; // 0x0
																	_t122 = L010438A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E010476E2(_t154);
																			goto L41;
																		}
																	} else {
																		E010476E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0106FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L010470F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0106FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0106FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0106FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0106FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0106FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x1127b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x1127b84 = _t75;
						_t73 = E0104EB70(_t134, 0x1127b60);
						if( *0x1127b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E0104FF60( *0x1127b20);
							}
						}
						goto L5;
					}
				}
			}

0x0106fab0
0x0106fab2
0x0106fab3
0x0106fab4
0x0106fabc
0x0106fac0
0x0106fb14
0x0106fb17
0x0106fac2
0x0106fac8
0x0106facd
0x0106fad3
0x0106fad3
0x0106fadd
0x0106fb18
0x0106fb1b
0x0106fb1d
0x0106fb1e
0x0106fb1f
0x0106fb20
0x0106fb21
0x0106fb22
0x0106fb23
0x0106fb24
0x0106fb25
0x0106fb26
0x0106fb27
0x0106fb28
0x0106fb29
0x0106fb2a
0x0106fb2b
0x0106fb2c
0x0106fb2d
0x0106fb2e
0x0106fb2f
0x0106fb3a
0x0106fb3b
0x0106fb3e
0x0106fb41
0x0106fb44
0x0106fb47
0x0106fb4a
0x0106fb4d
0x0106fb53
0x010abdcb
0x010abdcb
0x0106fb59
0x0106fb5b
0x0106fb5b
0x0106fb5e
0x010abdd5
0x010abdd8
0x00000000
0x010abdda
0x00000000
0x010abdda
0x0106fb64
0x0106fb64
0x0106fb64
0x0106fb67
0x0106fb6e
0x0106fb70
0x0106fb72
0x00000000
0x0106fb78
0x0106fb7a
0x0106fb7a
0x0106fb7d
0x0106fb80
0x010abddf
0x010abde1
0x00000000
0x010abde3
0x00000000
0x010abde3
0x0106fb86
0x0106fb86
0x0106fb86
0x0106fb8b
0x0106fb90
0x0106fb92
0x0106fb94
0x0106fb9a
0x0106fb9b
0x0106fba1
0x010abde8
0x010abdeb
0x010abded
0x010abeb5
0x010abeb5
0x010abebb
0x010abebd
0x010abec3
0x010abed2
0x010abedd
0x010abedd
0x010abeed
0x00000000
0x010abdf3
0x010abdfe
0x010abe06
0x010abe0b
0x010abe0d
0x010abe0f
0x010abe14
0x010abe19
0x010abe20
0x010abe25
0x010abe27
0x010abe35
0x010abe39
0x010abe46
0x010abe4f
0x010abe54
0x010abe56
0x010abef8
0x010abef8
0x00000000
0x010abe5c
0x010abe5c
0x010abe60
0x00000000
0x010abe66
0x010abe66
0x010abe7f
0x010abe84
0x010abe87
0x010abe89
0x010abe8b
0x010abe99
0x010abe9d
0x010abea0
0x010abeac
0x010abeaf
0x010abeb1
0x010abeb3
0x010abeb3
0x00000000
0x010abea2
0x010abea2
0x00000000
0x010abea2
0x010abe8d
0x010abe8d
0x010abe92
0x00000000
0x010abe92
0x010abe8b
0x010abe60
0x010abe3b
0x010abe3b
0x010abe3e
0x00000000
0x010abe40
0x010abe40
0x010abe44
0x00000000
0x00000000
0x00000000
0x00000000
0x010abe44
0x010abe3e
0x010abe29
0x010abe29
0x00000000
0x010abe29
0x010abe27
0x00000000
0x0106fba7
0x0106fba7
0x0106fbab
0x010abf02
0x0106fbb1
0x0106fbb1
0x0106fbb8
0x0106fbbd
0x0106fbbd
0x0106fbbf
0x0106fbbf
0x0106fbc5
0x0106fbcb
0x0106fbf8
0x0106fbf8
0x0106fbfa
0x00000000
0x0106fc00
0x0106fc00
0x0106fc03
0x00000000
0x0106fc09
0x0106fc09
0x0106fc0f
0x0106fc15
0x0106fc23
0x0106fc23
0x0106fc25
0x0106fc27
0x0106fc75
0x0106fc7c
0x0106fc84
0x00000000
0x0106fc29
0x0106fc29
0x0106fc2d
0x0106fc30
0x010abf0f
0x00000000
0x0106fc36
0x0106fc38
0x0106fc3b
0x0106fc41
0x010abf17
0x010abf19
0x010abf48
0x010abf4b
0x00000000
0x010abf1b
0x010abf22
0x010abf24
0x010abf26
0x00000000
0x010abf2c
0x010abf37
0x010abf39
0x010abf3b
0x00000000
0x010abf41
0x010abf41
0x010abf41
0x010abf41
0x010abf45
0x00000000
0x010abf45
0x010abf3b
0x010abf26
0x00000000
0x0106fc47
0x0106fc47
0x0106fc49
0x0106fcb2
0x0106fcb4
0x0106fcb6
0x0106fcdc
0x0106fcdc
0x00000000
0x0106fcb8
0x0106fcc3
0x0106fcc5
0x0106fcc7
0x00000000
0x0106fcc9
0x0106fcc9
0x0106fccd
0x00000000
0x0106fccd
0x0106fcc7
0x00000000
0x0106fc4b
0x0106fc4b
0x0106fc4e
0x0106fc4e
0x0106fc51
0x0106fc51
0x0106fc54
0x0106fc5a
0x0106fc5c
0x0106fc5f
0x0106fc61
0x0106fc63
0x0106fc65
0x0106fc67
0x0106fc6e
0x0106fc72
0x0106fc72
0x0106fc72
0x0106fc72
0x0106fc67
0x0106fc61
0x00000000
0x0106fc5a
0x0106fc49
0x0106fc41
0x0106fc30
0x0106fc27
0x0106fc03
0x0106fbcd
0x0106fbd3
0x0106fbd9
0x0106fbdc
0x0106fbde
0x0106fc99
0x0106fc9b
0x0106fc9d
0x0106fcd5
0x0106fcd5
0x0106fc89
0x0106fc89
0x00000000
0x0106fc9f
0x0106fc9f
0x0106fca3
0x00000000
0x0106fca3
0x00000000
0x0106fbe4
0x0106fbe4
0x0106fbe4
0x0106fbe4
0x0106fbe9
0x0106fbf2
0x00000000
0x0106fbf2
0x0106fbde
0x0106fbcb
0x0106fbab
0x0106fc8b
0x0106fc8b
0x0106fc8c
0x0106fb80
0x0106fb72
0x0106fb5e
0x0106fc8d
0x0106fc91
0x0106fadf
0x0106fadf
0x0106fae1
0x0106fae4
0x0106fae7
0x0106faec
0x0106faf8
0x0106fb00
0x0106fb07
0x0106fb0f
0x0106fb0f
0x0106fb07
0x00000000
0x0106faf8
0x0106fadd

Strings

*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 010ABE0F

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
API String ID: 0-865735534
Opcode ID: 5f46275bb5ef2f5485acff2ae28ace5eb9edc785f9dcb452462c3755a9890c39
Instruction ID: a5cce893dd999f44442a7b41152ee5df401f5d04a4a0e7f6fe5ff2ee1048dab2
Opcode Fuzzy Hash: 5f46275bb5ef2f5485acff2ae28ace5eb9edc785f9dcb452462c3755a9890c39
Instruction Fuzzy Hash: 57A10571A006078BEB65DFA8D5607BEB7E9AF44720F0445B9DAD2DB685DB30D841CB80

Uniqueness

Uniqueness Score: -1.00%

Function 01032D8A Relevance: 1.4, Strings: 1, Instructions: 191
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E01032D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x1125350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x1127bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E010797C0();
				}
				if( *0x11279c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x11279c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E01061624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E01057D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E010CFE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E01079520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0106E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0108DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x1126901;
								_push(_t109);
								_v52 = _t98;
								if( *0x1126901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E01079980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E010795D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E01057D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E01057D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E010B7016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E010CFDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x1125350;
							if(_t109 != 0x1125350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E010CFFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E010C5720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}

0x01032d8a
0x01032d8a
0x01032d92
0x01032d96
0x01032d9e
0x01032da0
0x01032da3
0x01032da5
0x01032da8
0x01032dab
0x01032db2
0x0108f9aa
0x0108f9ab
0x0108f9ae
0x0108f9ae
0x01032db8
0x01032dc2
0x0108f9b9
0x0108f9be
0x0108f9bf
0x0108f9bf
0x01032dcf
0x0108f9c9
0x01032dd5
0x01032dd5
0x01032dd5
0x01032dde
0x01032de1
0x01032e70
0x01032e72
0x01032e72
0x01032de7
0x01032deb
0x01032e7c
0x01032e83
0x01032e85
0x01032e8b
0x01032e8d
0x01032e92
0x01032e92
0x01032e85
0x01032df1
0x01032df7
0x01032df9
0x01032df9
0x01032dfc
0x01032dff
0x01032e02
0x00000000
0x01032e05
0x01032e0c
0x0108f9d9
0x01032e12
0x01032e12
0x01032e12
0x01032e1a
0x0108f9e3
0x0108f9e9
0x0108f9f0
0x0108f9f6
0x0108f9f8
0x0108f9f8
0x0108f9f0
0x01032e23
0x0108fa02
0x0108fa03
0x0108fa05
0x0108fa06
0x00000000
0x01032e29
0x01032e29
0x01032e2e
0x01032e34
0x01032e3e
0x00000000
0x00000000
0x01032e44
0x01032e47
0x01032e4d
0x00000000
0x00000000
0x01032e4f
0x01032e54
0x00000000
0x00000000
0x01032e5a
0x01032e5f
0x01032e9a
0x01032ea4
0x01032ea5
0x01032ea8
0x01032eaf
0x01032eb2
0x01032eb5
0x0108fae9
0x0108faeb
0x0108faed
0x0108faef
0x0108faf7
0x0108faf8
0x0108fafd
0x0108faff
0x0108fb04
0x0108fb04
0x0108faff
0x01032ec0
0x01032ec4
0x01032ec6
0x01032ec8
0x0108fb14
0x0108fb18
0x0108fb1e
0x0108fb21
0x0108fb21
0x01032ece
0x01032ece
0x01032ece
0x01032ed7
0x01032e61
0x01032e63
0x0108fa6b
0x0108fa71
0x0108fa76
0x0108fa78
0x0108fa8a
0x0108fa7a
0x0108fa83
0x0108fa83
0x0108fa8f
0x0108fa91
0x0108fa97
0x0108fa9d
0x0108faa4
0x0108faaa
0x0108faaf
0x0108fab1
0x0108fac3
0x0108fab3
0x0108fabc
0x0108fabc
0x0108fac8
0x0108facb
0x0108fadf
0x0108fadf
0x0108facb
0x0108faa4
0x0108fa91
0x01032e6f
0x01032e6f
0x01032e5f
0x0108fa13
0x0108fa15
0x0108fa17
0x0108fa1f
0x0108fa21
0x0108fa22
0x0108fa25
0x0108fa28
0x0108fa2f
0x0108fa2f
0x0108fa2a
0x0108fa2a
0x0108fa2a
0x0108fa31
0x0108fa34
0x0108fa36
0x0108fa3c
0x0108fa3e
0x0108fa41
0x0108fa43
0x0108fa45
0x0108fa45
0x0108fa41
0x0108fa3c
0x0108fa4a
0x0108fa4f
0x0108fa51
0x0108fa53
0x0108fa56
0x0108fa5b
0x0108fa5e
0x00000000
0x0108fa5e
0x01032e23

Strings

RTL: Re-Waiting, xrefs: 0108FA4A

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: RTL: Re-Waiting
API String ID: 0-316354757
Opcode ID: 437daf8c6a70d3ce3e7c53dc65268ed4e064734397163fc3f2c6f9674aa0ec90
Instruction ID: bd4ed0a9a1f7b04aea0f071dfbacc28f7cf80d636ea2face771ecee267046802
Opcode Fuzzy Hash: 437daf8c6a70d3ce3e7c53dc65268ed4e064734397163fc3f2c6f9674aa0ec90
Instruction Fuzzy Hash: D9612771A04606AFDB32EF7CC844BBEB7E9EB84724F1406A9D9D1972C1C77499408791

Uniqueness

Uniqueness Score: -1.00%

Function 0106F0BF Relevance: 1.4, Strings: 1, Instructions: 137
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E0106F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E01054120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E01079830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E01079990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E010795D0();
							goto L11;
						} else {
							_t109 = E01054620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E0107F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E010795D0();
										L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

0x0106f0d3
0x0106f0d9
0x0106f0e0
0x0106f0e7
0x0106f0f2
0x0106f0f4
0x0106f0f8
0x0106f100
0x0106f108
0x0106f10d
0x0106f115
0x0106f116
0x0106f11f
0x0106f123
0x0106f124
0x0106f12c
0x0106f130
0x0106f134
0x0106f13d
0x0106f144
0x0106f14b
0x0106f152
0x010abab0
0x010abab0
0x0106f158
0x0106f158
0x0106f15a
0x0106f160
0x0106f165
0x0106f166
0x0106f16f
0x0106f173
0x010abaa7
0x010abaa7
0x010abaab
0x00000000
0x0106f179
0x0106f18d
0x0106f191
0x010abaa2
0x00000000
0x0106f197
0x0106f19b
0x0106f1a2
0x0106f1a9
0x0106f1af
0x0106f1b2
0x0106f1b6
0x0106f1b9
0x0106f1c4
0x0106f1d8
0x0106f1df
0x0106f1e3
0x0106f1eb
0x0106f1ee
0x0106f1f4
0x0106f20f
0x010abab7
0x010ababb
0x010abacc
0x010abad1
0x0106f215
0x0106f218
0x0106f226
0x0106f22b
0x00000000
0x0106f22b
0x0106f1f6
0x0106f1f6
0x0106f1f9
0x0106f1fb
0x0106f1fb
0x0106f1f4
0x0106f191
0x0106f173
0x0106f152
0x0106f203

Strings

@, xrefs: 0106F124

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
Instruction ID: 30f45229eb55ecd7d3f8c1d9be49ced25682215502e5bd061f2e7086ad607968
Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
Instruction Fuzzy Hash: B7519E71604711AFC320DF69C840AABBBF8FF58750F00892EFA9587690E7B4E944CB91

Uniqueness

Uniqueness Score: -1.00%

Function 010B3540 Relevance: 1.4, Strings: 1, Instructions: 130
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E010B3540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x112d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E01070BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E010B3706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0107FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E010B3540;
						E0107FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0108DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E010C0C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E010797C0();
					}
					return E0107B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E010B3971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E010B3884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0107FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E01079650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E010B3787(_a4,  &_v352, _t80);
						}
					}
					L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E010795D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}

0x010b3552
0x010b355a
0x010b355d
0x010b3566
0x010b3567
0x010b357e
0x010b358f
0x010b35a1
0x010b35a5
0x010b366b
0x010b366b
0x010b366d
0x010b3672
0x010b3679
0x010b3685
0x010b368d
0x010b369d
0x010b36a7
0x010b36b8
0x010b36c6
0x010b36c7
0x010b36dc
0x010b36e1
0x010b36e7
0x010b36e9
0x010b36e9
0x010b3703
0x010b3703
0x010b35b5
0x010b35c0
0x010b35c4
0x00000000
0x00000000
0x010b35ca
0x010b35d7
0x010b35e2
0x010b35e6
0x010b35e8
0x010b35f5
0x010b35fa
0x010b3603
0x010b3604
0x010b3609
0x010b360a
0x010b3612
0x010b3613
0x010b361e
0x010b3622
0x010b3628
0x010b362f
0x010b362f
0x010b3636
0x010b3638
0x010b363b
0x010b3642
0x010b3642
0x010b3636
0x010b3657
0x010b3657
0x010b365c
0x010b3662
0x010b3669
0x00000000
0x00000000
0x00000000
0x00000000

Strings

BinaryHash, xrefs: 010B358F

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: BinaryHash
API String ID: 0-2202222882
Opcode ID: 9b45f48ced298600020fae2b52f2a3a656624fbed1e8512c477328b8cd2e1335
Instruction ID: 132b4d8702b2a5942513447a7ccbf1abc91fa83dc61ce07c6d071bfb7709d47f
Opcode Fuzzy Hash: 9b45f48ced298600020fae2b52f2a3a656624fbed1e8512c477328b8cd2e1335
Instruction Fuzzy Hash: 084145F1D0052DABDB21DA50CC80FEEB77CAB54714F1085A5EA49AB240DB319E88CF98

Uniqueness

Uniqueness Score: -1.00%

Function 011005AC Relevance: 1.4, Strings: 1, Instructions: 115
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E011005AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E011007DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E01079730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E010FA80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E010FA854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E01101293(_t79, _v40, E011007DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E01057D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E010F138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

0x011005c5
0x011005ca
0x011005d3
0x011006db
0x011006db
0x011006dd
0x011006e3
0x011006e3
0x011005dd
0x011005e7
0x011005f6
0x01100600
0x01100607
0x01100610
0x01100615
0x0110061a
0x0110061c
0x0110061e
0x01100624
0x01100625
0x01100627
0x01100628
0x01100631
0x01100640
0x0110064d
0x01100654
0x01100654
0x01100631
0x0110066d
0x01100674
0x00000000
0x00000000
0x01100692
0x0110069e
0x011006b0
0x011006a0
0x011006a9
0x011006a9
0x011006b8
0x011006d6
0x011006d6
0x00000000

Strings

`, xrefs: 01100633

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: `
API String ID: 0-2679148245
Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
Instruction ID: 2d69bea7e16515ea5ef92d564044aac0df94414c297f2183e3f2a2be39812564
Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
Instruction Fuzzy Hash: 7E312632B00706ABE715DE18CC45F977BDAEBC8794F144129FA499B2C0D7B0E904C791

Uniqueness

Uniqueness Score: -1.00%

Function 01064020 Relevance: 1.4, Strings: 1, Instructions: 110
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E01064020(intOrPtr* _a4) {
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr* _t43;
				char _t70;
				intOrPtr _t77;
				intOrPtr* _t79;

				_t79 = _a4;
				_t70 = 0;
				_t77 =  *[fs:0x30];
				_v32 = 0;
				_v28 = 0;
				_v12 = 0;
				 *((intOrPtr*)(_t79 + 4)) =  *((intOrPtr*)(_t77 + 0xa4));
				 *((intOrPtr*)(_t79 + 8)) =  *((intOrPtr*)(_t77 + 0xa8));
				 *(_t79 + 0xc) =  *(_t77 + 0xac) & 0x0000ffff;
				 *((intOrPtr*)(_t79 + 0x10)) =  *((intOrPtr*)(_t77 + 0xb0));
				_t43 =  *((intOrPtr*)(_t77 + 0x1f4));
				if(_t43 == 0 ||  *_t43 == 0) {
					 *((short*)(_t79 + 0x14)) = 0;
				} else {
					if(E01044921(_t79 + 0x14, 0x100, _t43) < 0) {
						 *((short*)(_t79 + 0x14)) = 0;
					}
					_t70 = 0;
				}
				if( *_t79 != 0x11c) {
					if( *_t79 != 0x124) {
						goto L10;
					}
					goto L4;
				} else {
					L4:
					 *((short*)(_t79 + 0x114)) =  *(_t77 + 0xaf) & 0x000000ff;
					 *(_t79 + 0x116) =  *(_t77 + 0xae) & 0x000000ff;
					 *(_t79 + 0x118) = E01064190();
					if( *_t79 == 0x124) {
						 *(_t79 + 0x11c) = E01064190() & 0x0001ffff;
					}
					 *((char*)(_t79 + 0x11a)) = _t70;
					if(E01064710( &_v16) != 0) {
						 *((char*)(_t79 + 0x11a)) = _v16;
					}
					E0107BB40(0xff,  &_v32, L"TerminalServices-RemoteConnectionManager-AllowAppServerMode");
					_push( &_v24);
					_push(4);
					_push( &_v12);
					_push( &_v20);
					_push( &_v32);
					if(E0107A9B0() < 0) {
						L10:
						return 0;
					} else {
						if(_v12 == 1) {
							if(_v20 != 4 || _v24 != 4) {
								goto L9;
							} else {
								goto L10;
							}
						}
						L9:
						 *(_t79 + 0x118) =  *(_t79 + 0x118) & 0x0000ffef | 0x00000100;
						if( *_t79 == 0x124) {
							 *(_t79 + 0x11c) =  *(_t79 + 0x11c) & 0xfffdffef | 0x00000100;
						}
						goto L10;
					}
				}
			}

0x0106402a
0x0106402d
0x01064030
0x0106403c
0x0106403f
0x01064042
0x0106404b
0x01064054
0x0106405e
0x01064067
0x0106406a
0x01064072
0x0106407f
0x010a63db
0x010a63e8
0x010a63ec
0x010a63ec
0x010a63f0
0x010a63f0
0x01064089
0x0106414e
0x00000000
0x00000000
0x00000000
0x0106408f
0x0106408f
0x0106409b
0x010640ac
0x010640bd
0x010640c6
0x0106415f
0x0106415f
0x010640cf
0x010640dd
0x010640e2
0x010640e2
0x010640f1
0x010640f9
0x010640fa
0x010640ff
0x01064103
0x01064107
0x0106410f
0x0106413f
0x01064145
0x01064111
0x01064115
0x010a63fb
0x00000000
0x010a640b
0x00000000
0x010a640b
0x010a63fb
0x0106411b
0x01064132
0x0106413b
0x01064177
0x01064177
0x00000000
0x0106413b
0x0106410f

Strings

TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 010640E8

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
API String ID: 0-996340685
Opcode ID: 935d6037bc7984c00e86ac94466635072b975bd4a88a6743be301bb1775ba327
Instruction ID: 776dd8550ff29fcca66720c245480b5311ff957eb9f7f0437f35d9b0d987bb6f
Opcode Fuzzy Hash: 935d6037bc7984c00e86ac94466635072b975bd4a88a6743be301bb1775ba327
Instruction Fuzzy Hash: F7418D75A0074ADADB25DFB8C4406EAF7F8EF59300F00496EDAEAC7200E334A545CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 010B3884 Relevance: 1.3, Strings: 1, Instructions: 95
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E010B3884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E01079650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = E01054620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E01079650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}

0x010b3893
0x010b3896
0x010b3899
0x010b389f
0x010b38a0
0x010b38a4
0x010b38a9
0x010b38ac
0x010b38ad
0x010b38ae
0x010b38af
0x010b38b1
0x010b38b4
0x010b38bb
0x010b38bc
0x010b38bd
0x010b38c4
0x010b38c8
0x010b38ca
0x010b38ca
0x010b38d5
0x010b393e
0x010b3940
0x010b3942
0x010b3952
0x010b3954
0x010b3961
0x010b3961
0x010b3967
0x010b396e
0x010b396e
0x010b3947
0x010b394c
0x00000000
0x010b394c
0x010b38ea
0x010b38ee
0x010b38f8
0x010b38f9
0x010b38ff
0x010b3900
0x010b3902
0x010b3903
0x010b390b
0x010b390f
0x010b3950
0x00000000
0x010b3950
0x010b3915
0x010b391d
0x010b391d
0x010b3922
0x010b3926
0x00000000
0x010b3928
0x010b392b
0x010b392b
0x010b3935
0x010b3937
0x010b3937
0x00000000
0x010b3935
0x010b3926
0x010b38f0
0x00000000

Strings

BinaryName, xrefs: 010B38B4

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: BinaryName
API String ID: 0-215506332
Opcode ID: 08ce93547daa044a385a2e3560c381a0952f7cec8ea0f696d9c03d8f90a16c4c
Instruction ID: e801e3f47af5a2fd751d3c87372d5439370c4528657573edbdb439f86a98dcfb
Opcode Fuzzy Hash: 08ce93547daa044a385a2e3560c381a0952f7cec8ea0f696d9c03d8f90a16c4c
Instruction Fuzzy Hash: 8F31E832D0061ABFEB15DA58C985EEFBBB4FB44720F214169E995AB250D731DE00C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 0106D294 Relevance: 1.3, Strings: 1, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 33%

			E0106D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x112d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E01054120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0107B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E010798D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E010795D0();
					L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

0x0106d29c
0x0106d2a6
0x0106d2b1
0x0106d2b5
0x0106d2b6
0x0106d2bc
0x0106d2bd
0x0106d2be
0x0106d2bf
0x0106d2c2
0x0106d2c4
0x0106d2cc
0x0106d384
0x0106d34b
0x0106d34f
0x0106d350
0x0106d351
0x0106d35c
0x0106d35c
0x0106d2d6
0x0106d2da
0x0106d2e1
0x0106d361
0x0106d369
0x0106d36d
0x0106d2e3
0x0106d2e3
0x0106d2e3
0x0106d2e5
0x0106d2ed
0x0106d2f5
0x0106d2fa
0x0106d302
0x0106d303
0x0106d30b
0x0106d30f
0x0106d313
0x0106d318
0x0106d31c
0x0106d320
0x0106d379
0x0106d37d
0x00000000
0x00000000
0x010aaffe
0x010ab001
0x010ab011
0x00000000
0x0106d322
0x0106d322
0x0106d330
0x0106d337
0x0106d35d
0x0106d339
0x0106d33f
0x0106d38c
0x0106d38c
0x0106d33f
0x0106d349
0x00000000
0x0106d349

Strings

@, xrefs: 0106D303

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 0c14d1408712cd83076ea8e0c8048fe6e1a348efb966c6f81cd2055dea64988c
Instruction ID: 140544a0d34a10d13d146454aae9af65e6d567c0da70b8473a518afc6e0643de
Opcode Fuzzy Hash: 0c14d1408712cd83076ea8e0c8048fe6e1a348efb966c6f81cd2055dea64988c
Instruction Fuzzy Hash: 9831ADB1608315AFC361DF68C9809AFBBECEB99654F00492EF9D483250D634DD04CB92

Uniqueness

Uniqueness Score: -1.00%

Function 01041B8F Relevance: 1.3, Strings: 1, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E01041B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0107BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0107A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0107A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = E01054620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}

0x01041b8f
0x01041b9a
0x01041b9c
0x01041b9e
0x01041ba3
0x01097010
0x01097010
0x00000000
0x01041ba9
0x01041ba9
0x01041bae
0x00000000
0x01041bc5
0x01041bca
0x01041bcf
0x01041bd0
0x01041bd1
0x01041bd2
0x01041bd6
0x01041bdc
0x01041be0
0x01096ffc
0x01097000
0x00000000
0x01097006
0x01097009
0x01097009
0x01041be6
0x01041bec
0x01041c0b
0x01041c0b
0x01041c0c
0x01041c11
0x01041c12
0x01041c15
0x01041c1b
0x01041c1f
0x01041c31
0x01041c33
0x01097026
0x01097026
0x01041c21
0x01041c24
0x01041c24
0x01041bee
0x01041bee
0x01041bf2
0x01041c3a
0x01041bf4
0x01041bf4
0x01041c05
0x01041c05
0x01041c09
0x01041c3e
0x00000000
0x00000000
0x00000000
0x01041c09
0x01041bec
0x01041be0
0x01041bae
0x01041c2e

Strings

WindowsExcludedProcs, xrefs: 01041BC5

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: WindowsExcludedProcs
API String ID: 0-3583428290
Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
Instruction ID: c9659accd85b0cb8fb677425c8faafd0f531431c49a7667f665d68394796384f
Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
Instruction Fuzzy Hash: CB21F8BBA0411DEBDF629A59CC80F9F7BADAF84650F0544B5FE848B200D630EC509BA4

Uniqueness

Uniqueness Score: -1.00%

Function 0105F716 Relevance: 1.3, Strings: 1, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0105F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}

0x0105f71d
0x0105f722
0x0105f726
0x010a4770
0x0105f765
0x0105f769
0x0105f769
0x0105f732
0x010a477a
0x00000000
0x010a477a
0x0105f738
0x0105f73a
0x0105f73c
0x0105f73f
0x0105f746
0x0105f778
0x0105f7a9
0x0105f7a9
0x0105f754
0x0105f75a
0x0105f75d
0x0105f75f
0x0105f761
0x0105f76f
0x0105f771
0x0105f771
0x0105f76f
0x0105f763
0x00000000
0x0105f763
0x0105f77d
0x0105f7a3
0x0105f7a5
0x00000000
0x0105f7a5
0x0105f77f
0x0105f782
0x0105f784
0x0105f786
0x00000000
0x00000000
0x00000000
0x0105f788
0x0105f748
0x0105f74d
0x0105f78d
0x0105f793
0x0105f7b7
0x0105f7bc
0x00000000
0x0105f7bc
0x0105f798
0x00000000
0x00000000
0x0105f79d
0x0105f7b0
0x00000000
0x0105f7b0
0x0105f79f
0x00000000
0x0105f74f
0x0105f74f
0x00000000
0x0105f74f

Strings

Actx , xrefs: 0105F73F

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Actx
API String ID: 0-89312691
Opcode ID: 9d1c5f3cc8c752e772d08fd0cd5c045a14d693447b574e3d2186fc8fcbe334ff
Instruction ID: 624ed905517db5b3f501ca781536649b6b0099f71d756ecd6e1d13e785c87f43
Opcode Fuzzy Hash: 9d1c5f3cc8c752e772d08fd0cd5c045a14d693447b574e3d2186fc8fcbe334ff
Instruction Fuzzy Hash: 24119335344A0B8BE7E54E1D849073F76D6FB85664F24456AEDE2CB391D77CC8408340

Uniqueness

Uniqueness Score: -1.00%

Function 010E8DF1 Relevance: 1.3, Strings: 1, Instructions: 45
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E010E8DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x1110d50);
				E0108D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E010C5720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L0108DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L0108DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0108D130(_t34, _t39, _t40);
			}

0x010e8df1
0x010e8df1
0x010e8df1
0x010e8df1
0x010e8df1
0x010e8df1
0x010e8df3
0x010e8df8
0x010e8dfd
0x010e8e00
0x010e8e0e
0x010e8e2a
0x010e8e36
0x010e8e38
0x010e8e3c
0x010e8e46
0x010e8e46
0x010e8e36
0x010e8e50
0x010e8e56
0x010e8e59
0x010e8e5c
0x010e8e60
0x010e8e67
0x010e8e6d
0x010e8e73
0x010e8e74
0x010e8eb1
0x010e8ebd

Strings

Critical error detected %lx, xrefs: 010E8E21

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Critical error detected %lx
API String ID: 0-802127002
Opcode ID: 0ef9172b9fb279f267bcdbb936be403c6225e472c938054c4bb16ae0b0a829cb
Instruction ID: d56e4fcf5d2287ec4a927f9046d13d2c062cf9bc0932c4f9ae339d5bf64a1b09
Opcode Fuzzy Hash: 0ef9172b9fb279f267bcdbb936be403c6225e472c938054c4bb16ae0b0a829cb
Instruction Fuzzy Hash: AE112775D14348DADF29DFA98909BDCBBF0AB14714F20825EE5A96B392C7340602CF14

Uniqueness

Uniqueness Score: -1.00%

Function 010CFF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON

Download Yara Rule

Strings

NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 010CFF60

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
API String ID: 0-1911121157
Opcode ID: fbaef2dd2d61801fbaaad3a24b163c4bb84b51581d32fbd9c6bf5e94e162fb2b
Instruction ID: ad6a9339b8916b14572b1fc6e4c8c0078f68af2d6f8d18237ab67c829cdd434c
Opcode Fuzzy Hash: fbaef2dd2d61801fbaaad3a24b163c4bb84b51581d32fbd9c6bf5e94e162fb2b
Instruction Fuzzy Hash: 1C11CE71910146EFDB26EB94C948FDCBBB2FF08B14F148098E1886B2A1C7389991DF91

Uniqueness

Uniqueness Score: -1.00%

Function 01105BA5 Relevance: .6, Instructions: 592
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E01105BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x1111178);
				E0108D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E01104C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0107D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E01105542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x11260e8;
								if( *0x11260e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x11260e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E01079710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E01076DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0107F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0107F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0107F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0107FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0107FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0107F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0107F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E01104CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0108D130(_t427, _t494, _t511);
				}
			}

0x01105ba5
0x01105baa
0x01105baf
0x01105bb4
0x01105bb6
0x01105bbc
0x01105bbe
0x01105bc4
0x01105bcd
0x01105bd3
0x01105bd6
0x01105bdc
0x01105be0
0x01105be3
0x01105beb
0x01105bf2
0x01105bf8
0x01105bfe
0x01105c04
0x01105c0e
0x01105c18
0x01105c1f
0x01105c25
0x01105c2a
0x01105c2c
0x01105c32
0x01105c3a
0x01105c3f
0x01105c42
0x01105c48
0x01105c5b
0x01105c5b
0x01105c2c
0x01105cb7
0x01105cb9
0x01105cbf
0x01105cc2
0x01105cca
0x01105ccb
0x01105ccb
0x01105cd1
0x01105cd7
0x01105cda
0x01105ce1
0x01105ce4
0x01105ce7
0x01105ced
0x01105cf3
0x01105cf9
0x01105cff
0x01105d08
0x01105d0a
0x01105d0e
0x01105d10
0x00000000
0x00000000
0x01105d16
0x01105d1a
0x00000000
0x00000000
0x01105d20
0x01105d22
0x01105d25
0x01105d2f
0x01105d2f
0x01105d33
0x01105d3d
0x01105d49
0x01105d4b
0x00000000
0x00000000
0x01105d5a
0x01105d5d
0x01105d60
0x00000000
0x00000000
0x01105d66
0x01105d69
0x00000000
0x00000000
0x01105d6f
0x01105d6f
0x01105d73
0x01105d79
0x01105d7f
0x01105d86
0x01105d95
0x01105d98
0x01105dba
0x01105dcb
0x01105dce
0x01105dd3
0x01105dd6
0x01105dd8
0x01105de6
0x01105dec
0x01105dee
0x01105df1
0x01105df3
0x0110635a
0x0110635a
0x00000000
0x0110635a
0x01105dfe
0x01105e02
0x01105e05
0x01105e07
0x01105e10
0x01105e13
0x01105e1b
0x01105e1c
0x01105e21
0x01105e22
0x01105e23
0x01105e25
0x01105e2a
0x01105e2c
0x01105e2e
0x01105e36
0x01105e39
0x01105e42
0x01105e47
0x01105e4d
0x01105e54
0x01105e54
0x01105e54
0x01105e2e
0x01105e5c
0x01105e5f
0x01105e62
0x01105e64
0x01105e6b
0x01105e70
0x01105e7a
0x01105e7a
0x01105e7a
0x01105e6b
0x01105e7e
0x01105e7f
0x01105e7f
0x01105e81
0x01105e87
0x01105e8b
0x01105e8c
0x01105e8c
0x01105e8c
0x01105e9a
0x01105e9c
0x01105ea2
0x01105ea6
0x01105f50
0x01105f50
0x01105f57
0x01105f66
0x01105f66
0x01105f66
0x01105f68
0x01105f6a
0x011063d0
0x00000000
0x01105f70
0x01105f70
0x01105f91
0x01105f9c
0x01105f9e
0x01105fa4
0x01105fa6
0x0110638c
0x01106392
0x011063a1
0x011063a7
0x011063af
0x011063af
0x011063bd
0x011063d8
0x00000000
0x011063d8
0x01105fac
0x01105fb2
0x01105fb4
0x01105fbd
0x01105fc6
0x01105fce
0x01105fd4
0x01105fdc
0x01105fec
0x01105fed
0x01105fee
0x01105fef
0x01105ff9
0x01105ffa
0x01105ffb
0x01105ffc
0x01106000
0x01106004
0x01106012
0x01106012
0x01106018
0x01106019
0x0110601a
0x0110601b
0x0110601c
0x01106020
0x01106059
0x0110605c
0x01106061
0x01106061
0x01106022
0x01106022
0x01106022
0x01106025
0x0110602a
0x0110602b
0x01106031
0x01106037
0x01106038
0x0110603e
0x01106048
0x01106049
0x0110604a
0x0110604b
0x0110604c
0x0110604d
0x01106053
0x01106054
0x01106054
0x01106062
0x01106065
0x01106067
0x0110606a
0x01106070
0x01106075
0x01106076
0x01106081
0x01106087
0x01106095
0x01106099
0x0110609e
0x011060a4
0x011060ae
0x011060b0
0x011060b3
0x011060b6
0x011060b8
0x011060ba
0x011060ba
0x011060ba
0x011060ba
0x011060be
0x011060c0
0x011060c5
0x011060c5
0x011060c5
0x011060c6
0x011060cd
0x01106114
0x011060cf
0x011060cf
0x011060d4
0x011060d5
0x011060da
0x011060db
0x011060e1
0x011060e2
0x011060e8
0x011060f8
0x011060fd
0x011060fe
0x01106102
0x01106104
0x01106107
0x01106109
0x0110610b
0x0110610b
0x0110610b
0x0110610b
0x0110610f
0x0110610f
0x01106117
0x0110611a
0x0110611f
0x01106125
0x01106134
0x01106139
0x0110613f
0x01106146
0x01106148
0x0110614b
0x0110614d
0x0110614f
0x0110614f
0x0110614f
0x0110614f
0x01106153
0x01106159
0x01106159
0x0110615c
0x01106163
0x01106169
0x0110616c
0x01106172
0x01106181
0x01106186
0x01106187
0x0110618b
0x01106191
0x01106195
0x011061a3
0x011061bb
0x011061c0
0x011061c3
0x011061cc
0x011061d0
0x011061dc
0x011061de
0x011061e1
0x011061e4
0x011061e6
0x011061e8
0x011061e8
0x011061e8
0x011061e8
0x011061e6
0x011061ec
0x011061f3
0x01106203
0x01106209
0x0110620a
0x01106216
0x0110621d
0x01106227
0x01106241
0x01106246
0x0110624c
0x01106257
0x01106259
0x0110625c
0x0110625e
0x01106260
0x01106260
0x01106260
0x01106260
0x0110625e
0x01106264
0x01106267
0x01106269
0x01106315
0x01106315
0x0110631b
0x0110631e
0x01106324
0x01106327
0x0110632f
0x01106330
0x01106333
0x0110633a
0x0110633c
0x01106335
0x01106335
0x01106335
0x0110633f
0x01106342
0x0110634c
0x01106352
0x01106355
0x01106355
0x01106359
0x00000000
0x0110626f
0x01106275
0x01106275
0x01106278
0x0110627e
0x0110627e
0x01106281
0x01106287
0x0110628d
0x01106298
0x0110629c
0x011062a2
0x0110629e
0x0110629e
0x0110629e
0x011062a7
0x011062a7
0x011062aa
0x011062b0
0x011062f0
0x011062f0
0x011062f2
0x011062f8
0x011062fd
0x011062b2
0x011062b2
0x011062b2
0x011062b5
0x011062dd
0x011062e2
0x011062e5
0x011062b7
0x011062b8
0x011062bb
0x011062bd
0x011062c0
0x011062c4
0x011062cd
0x011062cd
0x011062c0
0x011062bb
0x011062b5
0x01106302
0x01106303
0x01106305
0x01106305
0x01106305
0x0110630c
0x0110630c
0x00000000
0x0110627e
0x01106269
0x01105eac
0x01105ebb
0x01105ebe
0x01105ecb
0x01105ecb
0x01105ece
0x01105ece
0x01105ed4
0x01105ed7
0x01105ed9
0x01105edb
0x01105edb
0x01105ee1
0x01105ee1
0x01105ee3
0x01105f20
0x01105f20
0x01105ee5
0x01105ee5
0x01105ee5
0x01105ee8
0x01105f11
0x01105f18
0x01105eea
0x01105eea
0x01105eed
0x01105ef2
0x01105ef8
0x01105efb
0x01105f0a
0x01105f0a
0x01105eed
0x01105ee8
0x01105f22
0x01105f28
0x00000000
0x00000000
0x01105f30
0x01105f31
0x01105f37
0x01105f3a
0x01105f3d
0x01105f44
0x00000000
0x00000000
0x00000000
0x01105f46
0x01105f48
0x01105f4d
0x00000000
0x01105f4d
0x01105dda
0x01105ddf
0x00000000
0x01105ddf
0x01105dd8
0x01105da7
0x01105da9
0x01105dac
0x01105dae
0x00000000
0x01105db4
0x01105db4
0x00000000
0x01105db4
0x01105dae
0x01105d88
0x01105d8d
0x01106363
0x01106369
0x0110636a
0x01106370
0x01106372
0x0110637a
0x0110637b
0x0110637d
0x00000000
0x00000000
0x0110637f
0x01106385
0x00000000
0x01106385
0x01105d38
0x01105d3b
0x00000000
0x00000000
0x00000000
0x01105d3b
0x01105d27
0x01105d29
0x00000000
0x00000000
0x00000000
0x01106360
0x00000000
0x01106360
0x01105c10
0x01105c10
0x011063da
0x011063e5
0x011063e5

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6db0f86abf0dc7b3035852347747cdcc33f81354ddab15738a012934ab4aa7a5
Instruction ID: fdae5dea0737ca6dbd889d14749e224352e11eabd35fecc1c2cbe03a20109ab6
Opcode Fuzzy Hash: 6db0f86abf0dc7b3035852347747cdcc33f81354ddab15738a012934ab4aa7a5
Instruction Fuzzy Hash: 62427E71D00229CFDB69CF68C880BA9BBB1FF49304F1581AAD94DEB282D7749995CF50

Uniqueness

Uniqueness Score: -1.00%

Function 01054120 Relevance: .4, Instructions: 444
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E01054120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x112d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0106F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E01056E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = E01054620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E01056E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M010545F8))) {
												case 0:
													_v568 = 0x1011078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x10111c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = E01054620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E0107F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E0107F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E010352A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E0104EB70(1, 0x11279a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E0104AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E010795D0();
																			L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E0107B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E01073D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E0107B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}

0x01054128
0x01054135
0x0105413c
0x01054141
0x01054145
0x01054147
0x0105414e
0x01054151
0x01054159
0x0105415c
0x01054160
0x01054164
0x01054168
0x0105416c
0x0105417f
0x01054181
0x0105446a
0x0105446a
0x0105418c
0x01054195
0x01054199
0x01054432
0x01054439
0x0105443d
0x01054442
0x01054447
0x00000000
0x0105419f
0x010541a3
0x010541b1
0x010541b9
0x010541bd
0x010545db
0x010545db
0x00000000
0x010541c3
0x010541c3
0x010541ce
0x010541d4
0x0109e138
0x0109e13e
0x0109e169
0x0109e16d
0x0109e19e
0x0109e16f
0x0109e16f
0x0109e175
0x0109e179
0x0109e18f
0x0109e193
0x00000000
0x0109e199
0x00000000
0x0109e199
0x0109e193
0x00000000
0x00000000
0x00000000
0x010541da
0x010541da
0x010541df
0x010541e4
0x010541ec
0x01054203
0x01054207
0x0109e1fd
0x01054222
0x01054226
0x0109e1f3
0x0109e1f3
0x0105422c
0x0105422c
0x01054233
0x0109e1ed
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x01054239
0x01054239
0x01054239
0x01054239
0x01054233
0x01054226
0x010541ee
0x010541ee
0x010541f4
0x01054575
0x0109e1b1
0x0109e1b1
0x00000000
0x0105457b
0x0105457b
0x01054582
0x0109e1ab
0x00000000
0x00000000
0x00000000
0x00000000
0x01054588
0x01054588
0x0105458c
0x0109e1c4
0x0109e1c4
0x00000000
0x01054592
0x01054592
0x01054599
0x0109e1be
0x00000000
0x00000000
0x00000000
0x00000000
0x0105459f
0x0105459f
0x010545a3
0x0109e1d7
0x0109e1e4
0x00000000
0x010545a9
0x010545a9
0x010545b0
0x0109e1d1
0x00000000
0x00000000
0x00000000
0x00000000
0x010545b6
0x010545b6
0x010545b6
0x00000000
0x010545b6
0x010545b0
0x010545a3
0x01054599
0x0105458c
0x01054582
0x00000000
0x00000000
0x00000000
0x00000000
0x010541f4
0x0105423e
0x01054241
0x010545c0
0x010545c4
0x00000000
0x010545ca
0x010545ca
0x00000000
0x0109e207
0x0109e20f
0x00000000
0x00000000
0x00000000
0x00000000
0x010545d1
0x00000000
0x00000000
0x010545ca
0x00000000
0x01054247
0x01054247
0x01054247
0x01054249
0x01054249
0x01054249
0x01054251
0x01054251
0x01054257
0x0105425f
0x0105426e
0x01054270
0x0105427a
0x0109e219
0x0109e219
0x01054280
0x01054282
0x01054456
0x010545ea
0x00000000
0x010545f0
0x0109e223
0x00000000
0x0109e223
0x0105445c
0x0105445c
0x00000000
0x0105445c
0x00000000
0x01054288
0x0105428c
0x0109e298
0x01054292
0x01054292
0x0105429e
0x010542a3
0x010542a7
0x010542ac
0x0109e22d
0x010542b2
0x010542b2
0x010542b9
0x010542bc
0x010542c2
0x010542ca
0x010542cd
0x010542cd
0x010542d4
0x0105433f
0x0105433f
0x010542d6
0x010542d6
0x010542d9
0x010542dd
0x010542eb
0x0109e23a
0x010542f1
0x01054305
0x0105430d
0x01054315
0x01054318
0x0105431f
0x01054322
0x0105432e
0x0105433b
0x0105433b
0x00000000
0x0105432e
0x010542eb
0x0105434c
0x0105434e
0x01054352
0x01054359
0x0105435e
0x01054361
0x0105436e
0x0105438a
0x0105438e
0x01054396
0x0105439e
0x010543a1
0x010543ad
0x010543bb
0x010543bb
0x010543ad
0x0105436e
0x010543bf
0x010543c5
0x01054463
0x01054463
0x010543ce
0x010543d5
0x010543d9
0x010543df
0x01054475
0x01054479
0x01054491
0x01054491
0x01054479
0x010543e5
0x010543eb
0x010543f4
0x010543f6
0x010543f9
0x010543fc
0x010543ff
0x010544e8
0x010544ed
0x010544f3
0x0109e247
0x00000000
0x010544f9
0x01054504
0x01054508
0x0105450f
0x0109e269
0x00000000
0x01054515
0x01054519
0x01054531
0x01054534
0x01054537
0x0105453e
0x01054541
0x0105454a
0x0109e255
0x0109e255
0x0109e25b
0x0109e25e
0x0109e261
0x0109e261
0x01054555
0x01054559
0x0105455d
0x0109e26d
0x0109e270
0x0109e274
0x0109e27a
0x0109e27d
0x0109e28e
0x0109e28e
0x01054563
0x01054563
0x01054569
0x01054569
0x00000000
0x0105455d
0x0105450f
0x00000000
0x010544f3
0x010543ff
0x01054405
0x01054405
0x01054405
0x010542ac
0x0105428c
0x01054282
0x01054407
0x0105440d
0x0109e2af
0x0109e2af
0x01054413
0x01054413
0x00000000
0x010541d4
0x00000000
0x010541c3
0x010541bd
0x01054415
0x01054415
0x01054416
0x01054417
0x01054429
0x0105416e
0x0105416e
0x01054175
0x01054498
0x0105449f
0x0109e12d
0x00000000
0x0109e133
0x00000000
0x0109e133
0x010544a5
0x010544a5
0x010544aa
0x00000000
0x010544bb
0x010544ca
0x010544d6
0x010544d7
0x010544d8
0x010544e3
0x010544e3
0x010544aa
0x0105417b
0x0105417b
0x0105417b
0x00000000
0x0105417b
0x01054175
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3581264ba3403091593fb043a137c44f002e880f7ea0272c8bc7776256934ae4
Instruction ID: ae17f044cc792eba17fa9e35ab7ab4c9a1e2c39b25ff4e1072c8c371b492645d
Opcode Fuzzy Hash: 3581264ba3403091593fb043a137c44f002e880f7ea0272c8bc7776256934ae4
Instruction Fuzzy Hash: 8FF17B706082518BCBA4CF18C494ABBBBE1FF88754F54896EF9C6CB251E734D881DB52

Uniqueness

Uniqueness Score: -1.00%

Function 010620A0 Relevance: .4, Instructions: 420
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E010620A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x1128714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E01062EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E01062EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E010358EC(_t240);
									_t221 =  *0x1125cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x1125cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E01074A2C(0x1126e40, 0x1074b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E01057D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x1015c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E0106F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E0106F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E010B7016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L01052400(_t267 + 0x20);
															}
															L01052400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E01062397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E01052280(_t134, 0x1128608);
									__eflags =  *0x1126e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E0104FFB0(_t198, _t241, 0x1128608);
										__eflags = _t253;
										if(_t253 != 0) {
											L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x1126e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x1128608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E01066B90(_t210,  &_v64);
										_t262 =  *0x1128608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E0106E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E010797C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E0107006A(0x1128608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x1128608);
												E0107B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x1126904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x1126e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E0104FFB0(_t198, _t240, 0x1128608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E010700C2(0x1128608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}

0x010620a0
0x010620a8
0x010620ad
0x010620b3
0x010620b8
0x010620c2
0x010620c7
0x010620cb
0x010620d2
0x01062263
0x01062266
0x010a5836
0x010a5836
0x00000000
0x0106226c
0x0106226c
0x01062270
0x01062274
0x010620e2
0x010620e2
0x010620e6
0x010620ee
0x010a57dc
0x010a57de
0x010a57ec
0x010a57ec
0x010a57f1
0x010a57f3
0x010a57f8
0x00000000
0x010a57f8
0x010a57e0
0x010a57e4
0x010a57ea
0x00000000
0x00000000
0x00000000
0x010a57ea
0x010620f4
0x010620f4
0x010620f8
0x010620f8
0x010620fc
0x01062100
0x01062106
0x01062201
0x01062206
0x0106220b
0x0106220e
0x010622a9
0x010622ac
0x00000000
0x00000000
0x010622b2
0x010622b5
0x010a5801
0x010a5806
0x00000000
0x00000000
0x010a5810
0x010a5815
0x010a5818
0x00000000
0x00000000
0x010a581e
0x010622bb
0x010622bb
0x01062218
0x01062218
0x0106221c
0x01062220
0x01062222
0x010622c2
0x010622c4
0x010622dc
0x010622dc
0x010622e1
0x00000000
0x00000000
0x00000000
0x010622e7
0x010622c8
0x010622cd
0x010622d3
0x010622d6
0x010a5823
0x010a5825
0x010a5827
0x00000000
0x00000000
0x010a582d
0x00000000
0x010a582d
0x00000000
0x01062228
0x01062228
0x00000000
0x01062228
0x01062222
0x01062214
0x01062214
0x00000000
0x01062114
0x01062114
0x01062114
0x0106211a
0x0106211c
0x01062348
0x0106234d
0x010a5840
0x010a5845
0x010a5848
0x010a584e
0x010a584e
0x010a5848
0x01062353
0x01062355
0x01062388
0x01062388
0x01062368
0x0106236a
0x0106236c
0x0106238f
0x00000000
0x0106236e
0x0106236e
0x0106218e
0x0106218e
0x01062191
0x01062195
0x010a5a03
0x010a5a06
0x010a5a0c
0x010a5a0f
0x010a5a11
0x010a5a13
0x010a5a13
0x010a5a19
0x010a5a1f
0x00000000
0x0106219b
0x0106219b
0x010621a0
0x01062282
0x01062284
0x01062284
0x01062284
0x01062284
0x010621a6
0x010621a9
0x010621ac
0x010621ae
0x010621b3
0x0106228b
0x01062290
0x01062379
0x01062296
0x01062298
0x01062298
0x01062290
0x010621b9
0x010621be
0x010622a2
0x010622a2
0x010621c4
0x010621c8
0x010621cc
0x010621d0
0x010621d4
0x010621de
0x010621e3
0x010a5a29
0x010a5a2c
0x00000000
0x00000000
0x010a5a3b
0x00000000
0x010621e9
0x010621e9
0x010621e9
0x010621ee
0x010621f1
0x010a5a45
0x010a5a4b
0x010a5a52
0x010a5a58
0x010a5a5d
0x010a5a5f
0x010a5a71
0x010a5a61
0x010a5a6a
0x010a5a6a
0x010a5a76
0x010a5a79
0x010a5a7f
0x010a5a83
0x010a5a85
0x010a5a87
0x010a5a87
0x010a5a8c
0x010a5a91
0x010a5a97
0x010a5a9f
0x010a5aa0
0x010a5aa1
0x010a5aa6
0x010a5aab
0x010a5ab1
0x010a5ab3
0x010a5ab9
0x010a5aca
0x010a5ad4
0x010a5ad4
0x010a5ade
0x010a5ade
0x010a5aab
0x010a5a79
0x010a5a52
0x010621f7
0x010621f9
0x010621fe
0x010621fe
0x010621e3
0x01062195
0x0106236c
0x01062122
0x01062122
0x01062124
0x01062231
0x01062236
0x01062236
0x01062238
0x01062238
0x01062240
0x01062242
0x01062244
0x010a59fc
0x0106218c
0x0106218c
0x00000000
0x0106218c
0x0106224a
0x0106224f
0x01062256
0x01062304
0x01062309
0x0106230f
0x0106231e
0x0106231e
0x0106231e
0x01062320
0x01062325
0x0106232a
0x0106232c
0x0106233e
0x0106233e
0x00000000
0x0106232c
0x01062311
0x01062317
0x0106231a
0x0106231c
0x01062380
0x01062380
0x01062380
0x01062384
0x00000000
0x00000000
0x01062386
0x00000000
0x0106231c
0x0106225c
0x0106225c
0x00000000
0x0106225c
0x0106212a
0x01062134
0x01062138
0x0106213d
0x010a5858
0x010a5863
0x010a5863
0x010a5867
0x010a586a
0x00000000
0x00000000
0x010a586c
0x010a586c
0x010a5871
0x010a5875
0x010a5877
0x010a5997
0x010a599c
0x010a59a1
0x010a59a7
0x010a59a7
0x00000000
0x010a59a7
0x010a587d
0x00000000
0x010a588b
0x010a588b
0x010a5890
0x010a5892
0x010a5894
0x010a5899
0x010a589b
0x010a58a0
0x010a58a0
0x010a58aa
0x010a58b2
0x010a58b6
0x010a58be
0x010a58c6
0x010a58c9
0x010a590d
0x010a5917
0x010a591a
0x010a591c
0x010a5920
0x010a5928
0x010a592a
0x010a592c
0x010a592e
0x010a592e
0x010a58cb
0x010a58cd
0x010a58d8
0x010a58e0
0x010a58f4
0x010a58fe
0x010a58fe
0x010a593a
0x010a593e
0x010a5940
0x010a5942
0x00000000
0x010a5944
0x010a5944
0x010a5949
0x010a594e
0x010a594e
0x010a5953
0x010a595b
0x010a5976
0x010a5976
0x010a597a
0x010a597f
0x00000000
0x00000000
0x00000000
0x00000000
0x010a5981
0x010a5981
0x010a5981
0x010a5983
0x010a5988
0x010a598d
0x010a5991
0x010a5991
0x00000000
0x010a595d
0x010a595d
0x010a5963
0x010a5965
0x00000000
0x00000000
0x00000000
0x00000000
0x010a5967
0x010a5967
0x010a596b
0x010a596d
0x00000000
0x00000000
0x010a596f
0x010a5971
0x010a5971
0x010a5974
0x00000000
0x00000000
0x00000000
0x010a5974
0x00000000
0x010a5967
0x010a595b
0x010a5942
0x010a5863
0x01062143
0x01062143
0x01062149
0x0106214f
0x010622f1
0x010622f6
0x00000000
0x01062173
0x01062173
0x0106217d
0x01062181
0x01062186
0x010a59ae
0x010a59b2
0x010a59b5
0x010a59b7
0x010a59ba
0x010a59cd
0x010a59d1
0x010a59d5
0x010a59d9
0x010a59db
0x00000000
0x00000000
0x010a59dd
0x010a59dd
0x010a59e1
0x010a59e4
0x010a59e7
0x010a59ee
0x010a59ee
0x010a59f3
0x010a59f3
0x00000000
0x01062186
0x0106214f
0x01062106
0x01062266
0x010620d8
0x010620da
0x010620e0
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33240e9ab22d61dba711c62b0a7e497bd195499b6ad850ffb5d5ed01429b2d38
Instruction ID: 18f37074f797ded9f150b0a0da63e98575b6f5d0fd0528b9976dd08c1f271b66
Opcode Fuzzy Hash: 33240e9ab22d61dba711c62b0a7e497bd195499b6ad850ffb5d5ed01429b2d38
Instruction Fuzzy Hash: 85F1E031A08342EFE766CF6CC84076A7BE9BF95324F0485ADE9D59B281D734D841CB92

Uniqueness

Uniqueness Score: -1.00%

Function 01036800 Relevance: .4, Instructions: 373
COMMONCrypto

Download Yara Rule

C-Code - Quality: 98%

			E01036800(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed short* _a8, intOrPtr _a12, signed short* _a16, signed short* _a20, intOrPtr _a24, intOrPtr* _a28, intOrPtr* _a32, intOrPtr* _a36, intOrPtr* _a40, signed char _a44) {
				char _v5;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _t124;
				void* _t125;
				void* _t126;
				void* _t127;
				void* _t129;
				void* _t130;
				void* _t131;
				intOrPtr* _t132;
				intOrPtr _t153;
				intOrPtr _t162;
				void* _t194;
				intOrPtr _t196;
				void* _t205;
				void* _t206;
				signed short* _t207;
				void* _t209;
				signed int _t211;
				intOrPtr* _t212;
				signed short* _t213;
				signed int _t215;
				signed short* _t217;
				void* _t219;
				intOrPtr _t228;
				intOrPtr _t229;
				signed int _t238;
				intOrPtr _t256;
				void* _t262;
				short _t268;
				signed int _t271;
				void* _t272;
				intOrPtr* _t273;
				void* _t275;
				intOrPtr* _t276;
				void* _t278;
				intOrPtr* _t279;

				_t275 = __esi;
				_t272 = __edi;
				_t205 = __ebx;
				if((_a44 & 0xfffffffe) != 0) {
					L61:
					return 0xc000000d;
				}
				_v24 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				if(E01036BF3(_a8) < 0) {
					goto L61;
				}
				_t256 = _a12;
				_t215 = 0;
				if(_t256 != 0) {
					_t124 = E01036BF3(_t256);
					_t215 = 0;
				} else {
					_t124 = 0;
				}
				if(_t124 < 0) {
					goto L61;
				} else {
					_push(_t205);
					_v5 = _t215;
					_v32 = _t215;
					_t217 = _a16;
					_t206 = 0x5c;
					if(_t217 == 0) {
						L12:
						_t207 = _a20;
						if(_t207 == 0) {
							_t125 = 0;
						} else {
							_t125 = E01036BF3(_t207);
						}
						if(_t125 < 0) {
							L65:
							_t126 = 0xc000000d;
							goto L53;
						} else {
							_t218 = _a28;
							if(_a28 == 0) {
								_t219 = 0;
								_t127 = 0;
							} else {
								_t127 = E01036BF3(_t218);
								_t219 = 0;
							}
							if(_t127 < 0) {
								goto L65;
							} else {
								_t128 = _a32;
								if(_a32 == 0) {
									_t129 = _t219;
								} else {
									_t129 = E01036BF3(_t128);
									_t219 = 0;
								}
								if(_t129 < 0) {
									goto L65;
								} else {
									_push(_t275);
									_t276 = _a36;
									if(_t276 == 0) {
										_t130 = _t219;
									} else {
										_t130 = E01036BF3(_t276);
										_t219 = 0;
									}
									if(_t130 < 0) {
										_t126 = 0xc000000d;
										goto L52;
									} else {
										_push(_t272);
										_t273 = _a40;
										if(_t273 == 0) {
											_t131 = _t219;
										} else {
											_t131 = E01036BF3(_t273);
										}
										if(_t131 < 0) {
											_t126 = 0xc000000d;
											goto L51;
										} else {
											if(_t207 == 0) {
												_t207 = _a8;
												_a20 = _t207;
											}
											_t132 = _a28;
											if(_t132 == 0) {
												_t132 = 0x1011ab0;
												_a28 = 0x1011ab0;
											}
											if(_a32 == 0) {
												_a32 = 0x1011ab0;
											}
											if(_t276 == 0) {
												_t276 = 0x1011ab0;
												_a36 = 0x1011ab0;
											}
											if(_t273 == 0) {
												_t273 = 0x1011ab0;
											}
											_t209 = 3;
											_t278 = 0;
											_t228 = (( *_t207 & 0x0000ffff) + 0x00000005 & 0xfffffffc) + (( *(_t132 + 2) & 0x0000ffff) + _t209 & 0xfffffffc) + (( *_a8 & 0x0000ffff) + 0x00000005 & 0xfffffffc) + (( *(_a32 + 2) & 0x0000ffff) + _t209 & 0xfffffffc) + 0x4ac + (( *(_t276 + 2) & 0x0000ffff) + _t209 & 0xfffffffc);
											_v16 = _t228;
											if( *_t273 != 0) {
												_t228 = _t228 + (( *(_t273 + 2) & 0x0000ffff) + _t209 & 0xfffffffc);
												_v16 = _t228;
											}
											if(_t256 != 0) {
												_t229 = _t228 + (( *(_t256 + 2) & 0x0000ffff) + _t209 & 0xfffffffc);
												_v16 = _t229;
											}
											if(_a24 != _t278) {
												_t153 = E0106585B(_a24, 1);
												_t229 = _v16;
											} else {
												_t153 =  *((intOrPtr*)(_v24 + 0x290));
											}
											_v20 = _t153;
											_t211 = _t153 + 0x00000003 & 0xfffffffc;
											if(_t211 < _t153) {
												L77:
												_t126 = 0xc0000095;
												goto L51;
											} else {
												while(1) {
													_t154 = _t211 + _t229;
													if(_t211 + _t229 < _t229) {
														goto L77;
													}
													_t279 = E01054620(_t229,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t278, _t154);
													if(_t279 == 0) {
														_t126 = 0xc000009a;
														L51:
														L52:
														L53:
														return _t126;
													}
													_t158 = _v16 + _t279;
													_v12 = _v16 + _t279;
													if(_a24 != 0) {
														E0107F3E0(_t158, _a24, _v20);
														L42:
														E0107FA60(_t279, 0, 0x2a4);
														_t162 = _v16;
														 *_t279 = _t162;
														 *((intOrPtr*)(_t279 + 4)) = _t162;
														 *(_t279 + 0x290) = _t211;
														 *((intOrPtr*)(_t279 + 0xc)) = 0;
														_t53 = _t279 + 0x24; // 0x24
														_t212 = _t53;
														 *((intOrPtr*)(_t279 + 0x2c)) = 0;
														 *((intOrPtr*)(_t279 + 0x48)) = _v12;
														_t57 = _t279 + 0x2a4; // 0x2a4
														_v12 = _t57;
														 *((intOrPtr*)(_t279 + 8)) = 1;
														 *(_t279 + 0x14) =  *(_v24 + 0x14) & 1;
														_t169 = _a16;
														if(_a16 == 0) {
															E0104EEF0(0x11279a0);
															E01036C14( &_v12, _t212, _v24 + 0x24, 0x208);
															E0104EB70( &_v12, 0x11279a0);
														} else {
															E01036C14( &_v12, _t212, _t169, 0x208);
															if(_v5 != 0) {
																_t268 = 0x5c;
																 *((short*)( *((intOrPtr*)(_t279 + 0x28)) + _v32 * 2)) = _t268;
																_t194 = 2;
																 *_t212 =  *_t212 + _t194;
															}
														}
														_t234 = _a12;
														if(_a12 != 0) {
															_t104 = _t279 + 0x30; // 0x30
															E01036C14( &_v12, _t104, _t234,  *(_t234 + 2) & 0x0000ffff);
														}
														_t72 = _t279 + 0x38; // 0x38
														E01036C14( &_v12, _t72, _a8, ( *_a8 & 0x0000ffff) + 2);
														_t213 = _a20;
														_t75 = _t279 + 0x40; // 0x40
														_t262 = _t75;
														_t238 =  *_t213 & 0x0000ffff;
														_t180 = _t213[1] & 0x0000ffff;
														if(_t238 != (_t213[1] & 0x0000ffff)) {
															_t180 = _t238 + 2;
														}
														E01036C14( &_v12, _t262, _t213, _t180);
														_t80 = _t279 + 0x70; // 0x70
														E01036C14( &_v12, _t80, _a28,  *(_a28 + 2) & 0x0000ffff);
														_t84 = _t279 + 0x78; // 0x78
														E01036C14( &_v12, _t84, _a32,  *(_a32 + 2) & 0x0000ffff);
														_t88 = _t279 + 0x80; // 0x80
														E01036C14( &_v12, _t88, _a36,  *(_a36 + 2) & 0x0000ffff);
														if( *_t273 != 0) {
															_t118 = _t279 + 0x88; // 0x88
															E01036C14( &_v12, _t118, _t273,  *(_t273 + 2) & 0x0000ffff);
														}
														if((_a44 & 0x00000001) == 0) {
															_t279 = E010BBCB0(_t279);
														}
														_t126 = 0;
														 *_a4 = _t279;
														goto L51;
													}
													E0104EEF0(0x11279a0);
													_t269 = _v24;
													_t196 =  *((intOrPtr*)(_v24 + 0x290));
													_v20 = _t196;
													_t251 = _t196 + 0x00000003 & 0xfffffffc;
													_v28 = _t196 + 0x00000003 & 0xfffffffc;
													if(_t196 > _t211) {
														E0104EB70(_t251, 0x11279a0);
														_t278 = 0;
														L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t279);
														_t211 = _v28;
														_t229 = _v16;
														if(_t211 >= _v20) {
															continue;
														}
														goto L77;
													}
													E0107F3E0(_v12,  *((intOrPtr*)(_t269 + 0x48)), _t196);
													E0104EB70(_t251, 0x11279a0);
													_t211 = _v28;
													goto L42;
												}
												goto L77;
											}
										}
									}
								}
							}
						}
					}
					_t271 = ( *_t217 & 0x0000ffff) >> 1;
					_v32 = _t271;
					if(E01036BF3(_t217) < 0 || _t271 == 0) {
						goto L65;
					} else {
						if( *((intOrPtr*)(_t217[2] + _t271 * 2 - 2)) == _t206) {
							L11:
							_t256 = _a12;
							goto L12;
						}
						if(_t271 > 0x103) {
							goto L65;
						}
						_v5 = 1;
						goto L11;
					}
				}
			}

0x01036800
0x01036800
0x01036800
0x0103680f
0x01091b26
0x00000000
0x01091b26
0x01036821
0x0103682b
0x00000000
0x00000000
0x01036831
0x01036834
0x01036838
0x01036b68
0x01036b6d
0x0103683e
0x0103683e
0x0103683e
0x01036842
0x00000000
0x01036848
0x01036848
0x01036849
0x0103684c
0x0103684f
0x01036854
0x01036857
0x01036893
0x01036893
0x01036898
0x01091b30
0x0103689e
0x010368a0
0x010368a0
0x010368a7
0x01091b47
0x01091b47
0x00000000
0x010368ad
0x010368ad
0x010368b2
0x01091b37
0x01091b39
0x010368b8
0x010368b8
0x010368bd
0x010368bd
0x010368c1
0x00000000
0x010368c7
0x010368c7
0x010368cc
0x01091b40
0x010368d2
0x010368d4
0x010368d9
0x010368d9
0x010368dd
0x00000000
0x010368e3
0x010368e3
0x010368e4
0x010368e9
0x01091b51
0x010368ef
0x010368f1
0x010368f6
0x010368f6
0x010368fa
0x01091b58
0x00000000
0x01036900
0x01036900
0x01036901
0x01036906
0x01091b62
0x0103690c
0x0103690e
0x0103690e
0x01036915
0x01091b69
0x00000000
0x0103691b
0x0103691d
0x01091b73
0x01091b76
0x01091b76
0x01036923
0x0103692d
0x01091b7e
0x01091b80
0x01091b80
0x01036937
0x01091b88
0x01091b88
0x0103693f
0x01091b90
0x01091b92
0x01091b92
0x01036947
0x01091b9a
0x01091b9a
0x01036959
0x0103698f
0x01036991
0x01036993
0x01036999
0x01091baa
0x01091bac
0x01091bac
0x010369a1
0x01036b7d
0x01036b7f
0x01036b7f
0x010369aa
0x01036b8d
0x01036b92
0x010369b0
0x010369b3
0x010369b3
0x010369bc
0x010369bf
0x010369c4
0x01091bdf
0x01091bdf
0x00000000
0x010369ca
0x010369ca
0x010369ca
0x010369cf
0x00000000
0x00000000
0x010369e5
0x010369e9
0x01091c0f
0x01036b5d
0x01036b5e
0x01036b5f
0x00000000
0x01036b5f
0x010369f2
0x010369f8
0x010369fb
0x01036ba1
0x01036a44
0x01036a4d
0x01036a52
0x01036a57
0x01036a5a
0x01036a62
0x01036a68
0x01036a6b
0x01036a6b
0x01036a6e
0x01036a74
0x01036a77
0x01036a7d
0x01036a83
0x01036a8b
0x01036a8e
0x01036a93
0x01036bb3
0x01036bc9
0x01036bd3
0x01036a99
0x01036aa4
0x01036aad
0x01036ab7
0x01036aba
0x01036abe
0x01036abf
0x01036abf
0x01036aad
0x01036ac2
0x01036ac7
0x01036be1
0x01036be9
0x01036be9
0x01036ad0
0x01036ade
0x01036ae3
0x01036ae6
0x01036ae6
0x01036ae9
0x01036aec
0x01036af3
0x01036af5
0x01036af5
0x01036afd
0x01036b05
0x01036b11
0x01036b19
0x01036b25
0x01036b2d
0x01036b3c
0x01036b46
0x01091bed
0x01091bf8
0x01091bf8
0x01036b50
0x01091c08
0x01091c08
0x01036b59
0x01036b5b
0x00000000
0x01036b5b
0x01036a06
0x01036a0b
0x01036a0e
0x01036a14
0x01036a1a
0x01036a1d
0x01036a22
0x01091bb9
0x01091bc5
0x01091bcb
0x01091bd0
0x01091bd3
0x01091bd9
0x00000000
0x00000000
0x00000000
0x01091bd9
0x01036a2f
0x01036a3c
0x01036a41
0x00000000
0x01036a41
0x00000000
0x010369ca
0x010369c4
0x01036915
0x010368fa
0x010368dd
0x010368c1
0x010368a7
0x0103685c
0x0103685e
0x01036868
0x00000000
0x01036876
0x0103687e
0x01036890
0x01036890
0x00000000
0x01036890
0x01036886
0x00000000
0x00000000
0x0103688c
0x00000000
0x0103688c
0x01036868

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f07585a4c925c056567a1c0ddca7ddb7e88ecc85553131e0b115e58b38b0a40
Instruction ID: dd2c96f14fbccd02b3695c5648bca6584501eb2bc8378626b4297ab882f1ed1a
Opcode Fuzzy Hash: 9f07585a4c925c056567a1c0ddca7ddb7e88ecc85553131e0b115e58b38b0a40
Instruction Fuzzy Hash: F0D1C371B00206ABCF18DF69C890AFE77E9EF98314F04416DE996DB290E735DA45CB60

Uniqueness

Uniqueness Score: -1.00%

Function 010665A0 Relevance: .4, Instructions: 368
COMMONCrypto

Download Yara Rule

C-Code - Quality: 91%

			E010665A0(signed int __ecx, unsigned int __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				intOrPtr* _v12;
				unsigned int _v16;
				intOrPtr _v20;
				signed int _v24;
				short _v26;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				void* __ebx;
				signed int _t189;
				signed int _t197;
				signed int _t202;
				signed int _t203;
				unsigned int _t205;
				signed int _t206;
				signed int _t223;
				signed int _t224;
				signed int _t226;
				intOrPtr _t227;
				signed int _t229;
				signed int* _t240;
				signed int _t251;
				signed int _t253;
				signed int _t256;
				signed int _t259;
				signed int _t264;
				signed int _t267;
				signed int _t271;
				intOrPtr _t278;
				intOrPtr _t279;
				signed int _t280;
				signed short _t283;
				signed int _t285;
				signed int _t290;
				signed char _t294;
				signed int _t295;
				intOrPtr _t296;
				intOrPtr* _t299;
				signed int _t300;
				signed int _t302;
				signed int _t309;
				signed int _t311;
				signed int _t319;
				void* _t323;
				unsigned int _t325;
				signed int _t330;
				signed int _t333;
				intOrPtr* _t334;
				intOrPtr* _t335;
				intOrPtr _t336;
				intOrPtr _t337;
				signed int _t343;
				signed int _t344;
				unsigned int _t345;
				signed int _t346;
				signed int _t347;
				unsigned int _t348;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed int _t367;
				intOrPtr* _t369;
				unsigned int _t371;
				signed int _t372;
				signed int _t376;

				_t325 = __edx;
				_t278 = _a16;
				_t189 =  *(_t278 + 2) & 0x000000ff;
				_t358 = __ecx;
				_t285 =  *(__edx + 0x1b) & 0x000000ff;
				_v16 = __edx;
				_v24 = __ecx;
				_v20 =  *((intOrPtr*)(__edx + 0x10));
				if(_t285 != 0) {
					_v12 =  *((intOrPtr*)(__ecx + 0x5c4 + _t189 * 4)) + 0xffffff98 + _t285 * 0x68;
				} else {
					_v12 =  *((intOrPtr*)(__ecx + 0x3c0 + _t189 * 4));
				}
				_t195 =  *(_t278 + 3) >> 0x00000001 & 0x00000003;
				if(( *(_t278 + 3) >> 0x00000001 & 0x00000003) != 0) {
					_t279 = _a12;
					_t197 = E010F56B6(_t358, _t325, _a4, _t195 & 0x000000ff, _a8, _t279, _t278);
					__eflags = _t197;
					if(_t197 == 0) {
						_t325 = _v16;
						goto L4;
					}
				} else {
					_t279 = _a12;
					L4:
					_t290 = _a8 + 8;
					_v40 = _t290;
					_v28 = _t290 >> 0x00000003 & 0x0000ffff;
					 *_a4 = _t325;
					_t202 = _t279 - 0x20;
					if(_t290 == 0x20) {
						_t203 = _t202 >> 5;
					} else {
						_t203 = _t202 / _t290;
					}
					_t280 = 0;
					_v8 = 0;
					_t330 = (_t203 + 0x0000001f >> 0x00000003 & 0x1ffffffc) + 0x00000020 & 0xfffffff8;
					_t205 = _a4 + _t330;
					_v44 = _t330;
					_t333 =  *0x112874c; // 0x52b28756
					_v32 = _t333;
					if(_t290 + _t205 <= _a12 + _a4) {
						_t376 = _a8 + 8;
						_v36 = _t376 << 0xd;
						_t367 = _t205 - _a4 << 0xd;
						do {
							_t283 = _v8;
							_t319 = _t205 >> 0x00000003 ^  *(_v24 + 0xc) ^ _t367;
							_t367 = _t367 + _v36;
							 *_t205 = _t319 ^ _t333;
							_t280 = _t283 + 1;
							_v8 = _t280;
							 *(_t205 + 4) = (_t283 & 0x0000ffff) << 0x00000008 |  *(_t205 + 4) & 0xff0000ff;
							 *((char*)(_t205 + 7)) = 0x80;
							_t205 = _t205 + _t376;
							_t323 = _t376 + _t205;
							_t376 = _v40;
							_t333 = _v32;
						} while (_t323 <= _a4 + _a12);
						_t358 = _v24;
					}
					_t206 = _a4;
					 *(_t206 + 0x14) = _t280;
					 *((intOrPtr*)(_t206 + 0x18)) = _t206 + 0x1c;
					_t51 = _t280 + 7; // 0x7
					E0107FA60(_t206 + 0x1c, 0, _t51 >> 3);
					_t294 = _t280 & 0x0000001f;
					if(_t294 != 0) {
						 *(_a4 + (_t280 >> 5) * 4 + 0x1c) =  *(_a4 + (_t280 >> 5) * 4 + 0x1c) |  !((1 << _t294) - 1);
					}
					_t334 = _v16;
					_t295 = _a4;
					 *((short*)(_t334 + 0x14)) = _v28;
					 *_t334 = _v12;
					 *(_t334 + 0x18) = _t280;
					 *((char*)(_t334 + 0x1a)) =  *((intOrPtr*)(_a16 + 2));
					 *((short*)(_t334 + 0x16)) = 0;
					 *(_t334 + 4) = _t295;
					 *((intOrPtr*)(_t334 + 8)) = 0;
					 *((intOrPtr*)(_t334 + 0xc)) = 0;
					_t335 = _v12;
					_v26 = _v28 << 3;
					_v28 = _v44;
					 *(_t295 + 0x10) = _v32 ^ _v28 ^ _t358 ^ _t295;
					if( *((intOrPtr*)(_t335 + 0x54)) == 0) {
						_t296 =  *_t335;
						_t223 =  *(_t296 + 0x14);
						__eflags = _t223 - 0x20;
						if(__eflags < 0) {
							_t224 = _t223 + 4;
							__eflags = _t224;
							goto L32;
						}
						goto L29;
					} else {
						 *((short*)(_t335 + 0x60)) =  *((short*)(_t335 + 0x60)) + 1;
						if( *((short*)(_t335 + 0x60)) > 0x1c) {
							_t296 =  *_t335;
							_t271 =  *(_t296 + 0x14);
							__eflags = _t271;
							if(__eflags != 0) {
								_t224 = _t271 + 0xfffffffc;
								L32:
								 *(_t296 + 0x14) = _t224;
							}
							L29:
							 *((short*)(_t335 + 0x60)) = 0;
						}
					}
					_t369 = _t335 + 0x50;
					do {
						_t226 =  *_t369;
						_t359 =  *((intOrPtr*)(_t369 + 4));
						_v40 = _t226;
						_v44 = _t226 + _t280;
						if(_t280 <= 0) {
						}
						_t336 = _t359;
						asm("lock cmpxchg8b [esi]");
						_t280 = _v8;
					} while (_t226 != _v40 || _t336 != _t359);
					_t299 = _v12;
					_t337 =  *[fs:0x18];
					_t227 =  *_t299;
					 *((intOrPtr*)(_t227 + 0x10)) =  *((intOrPtr*)(_t227 + 0x10)) + 1;
					 *((intOrPtr*)(_t299 + 0x58)) =  *((intOrPtr*)(_t227 + 0x10));
					_t229 =  *(_t337 + 0xfaa) & 0x0000ffff;
					_t300 = _t229 + 0x00000001 & 0x000000ff;
					 *(_t337 + 0xfaa) = _t300 + 0x00000001 & 0x000000ff;
					_t302 = _t280;
					_v32 = ( *(_t229 + 0x1126120) & 0x000000ff | ( *(_t300 + 0x1126120) & 0x000000ff) << 0x00000007 & 0x0000ffff) % _t302 << 0x10;
					_t341 = _v16;
					_v32 = _t302;
					_t303 = _v32;
					 *((intOrPtr*)(_v16 + 0x1c)) = 1;
					asm("lock cmpxchg [esi], ecx");
					if(( *0x11284b4 & 0x00000002) == 0) {
						_t394 =  *0x11284b8;
						_t371 =  *( *[fs:0x18] + 0xfaa) & 0xff;
						_v32 = _t371;
						if( *0x11284b8 == 0) {
							_push(0);
							_push(4);
							_push(0x11284b8);
							_push(0x24);
							_push(0xffffffff);
							__eflags = E01079670();
							if(__eflags < 0) {
								_t363 =  *0x7ffe0004;
								_v44 = _t363;
								__eflags = _t363 - 0x1000000;
								if(__eflags < 0) {
									_t280 = 0x7ffe0324;
									while(1) {
										_t311 =  *_t280;
										_t346 =  *0x7ffe0320;
										__eflags = _t311 -  *0x7ffe0328;
										if(_t311 ==  *0x7ffe0328) {
											break;
										}
										asm("pause");
									}
									_t371 = _v32;
									_t264 = _t346;
									_t347 = _t264 * _v44 >> 0x20;
									_t303 = (_t311 << 8) * _v44;
									_t341 = _t347 >> 0x18;
									_t267 = ((_t347 << 0x00000020 | _t264 * _v44) >> 0x18) + (_t311 << 8) * _v44;
									__eflags = _t267;
								} else {
									_t348 =  *0x7ffe0320 * _t363 >> 0x20;
									_t267 = (_t348 << 0x00000020 | 0x7ffe0320 * _t363) >> 0x18;
									_t341 = _t348 >> 0x18;
								}
								 *0x11284b8 = _t267;
							}
						}
						_t251 = E01065720(_t303, _t341, _t394, 0x11284b8);
						_t395 =  *0x11284b8;
						_t361 = _t251;
						_v40 = _t361;
						if( *0x11284b8 == 0) {
							_push(0);
							_push(4);
							_push(0x11284b8);
							_push(0x24);
							_push(0xffffffff);
							__eflags = E01079670();
							if(__eflags < 0) {
								_t280 =  *0x7ffe0004;
								_v44 = _t280;
								__eflags = _t280 - 0x1000000;
								if(__eflags < 0) {
									_t280 = 0x7ffe0320;
									while(1) {
										_t309 =  *0x7ffe0324;
										_t343 =  *_t280;
										__eflags = _t309 -  *0x7ffe0328;
										if(_t309 ==  *0x7ffe0328) {
											break;
										}
										asm("pause");
									}
									_t371 = _v32;
									_t256 = _t343;
									_t344 = _t256 * _v44 >> 0x20;
									_t361 = _v40;
									_t303 = (_t309 << 8) * _v44;
									_t341 = _t344 >> 0x18;
									_t259 = ((_t344 << 0x00000020 | _t256 * _v44) >> 0x18) + (_t309 << 8) * _v44;
									__eflags = _t259;
								} else {
									_t345 =  *0x7ffe0320 * _t280 >> 0x20;
									_t259 = (_t345 << 0x00000020 | 0x7ffe0320 * _t280) >> 0x18;
									_t341 = _t345 >> 0x18;
								}
								 *0x11284b8 = _t259;
							}
							L58:
						}
						_t253 = E01065720(_t303, _t341, _t395, 0x11284b8);
						_t341 = _v16;
						_t372 = _t371 >> 3;
						 *(0x1126120 + _t372 * 8) = _t253 & 0x7f7f7f7f;
						 *(0x1126124 + _t372 * 8) = _t361 & 0x7f7f7f7f;
					}
					_t240 =  *( *[fs:0x30] + 0x50);
					if(_t240 != 0) {
						__eflags =  *_t240;
						if( *_t240 == 0) {
							goto L24;
						} else {
							_t197 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
							goto L25;
						}
						goto L58;
					} else {
						L24:
						_t197 = 0x7ffe0380;
					}
					L25:
					if( *_t197 != 0) {
						_t197 =  *[fs:0x30];
						__eflags =  *(_t197 + 0x240) & 0x00000001;
						if(( *(_t197 + 0x240) & 0x00000001) != 0) {
							return E010F1A5F(_t280,  *(_v24 + 0xc),  *((intOrPtr*)(_t341 + 4)),  *(_t341 + 0x14) & 0x0000ffff,  *(_t341 + 0x18) & 0x0000ffff,  *(_t341 + 0x1b) & 0x000000ff);
						}
					}
				}
				return _t197;
				goto L58;
			}

0x010665a0
0x010665a9
0x010665b1
0x010665b5
0x010665b7
0x010665bb
0x010665be
0x010665c1
0x010665c6
0x010668b5
0x010665cc
0x010665d3
0x010665d3
0x010665db
0x010665dd
0x010a7d05
0x010a7d13
0x010a7d18
0x010a7d1a
0x010a7d20
0x00000000
0x010a7d20
0x010665e3
0x010665e3
0x010665e6
0x010665e9
0x010665ee
0x010665f7
0x010665fd
0x010665ff
0x01066605
0x01066889
0x0106660b
0x0106660d
0x0106660d
0x01066612
0x01066620
0x01066626
0x01066629
0x0106662b
0x01066638
0x0106663e
0x01066641
0x0106664b
0x01066653
0x01066656
0x01066660
0x0106666b
0x0106666e
0x01066670
0x01066675
0x01066686
0x01066689
0x0106668c
0x01066695
0x01066699
0x0106669b
0x0106669e
0x010666a3
0x010666a3
0x010666a8
0x010666a8
0x010666ab
0x010666b1
0x010666b4
0x010666b7
0x010666c1
0x010666cb
0x010666ce
0x010666e5
0x010666e5
0x010666e8
0x010666ee
0x010666f1
0x010666f8
0x010666fd
0x01066704
0x01066709
0x0106670d
0x01066710
0x01066713
0x01066719
0x0106671f
0x01066726
0x01066734
0x0106673c
0x01066891
0x01066893
0x01066896
0x01066899
0x010668bd
0x010668bd
0x00000000
0x010668bd
0x00000000
0x01066742
0x01066742
0x0106674b
0x010668c5
0x010668c7
0x010668ca
0x010668cc
0x010668ce
0x010668c0
0x010668c0
0x010668c0
0x0106689b
0x0106689d
0x0106689d
0x0106674b
0x01066751
0x01066754
0x01066754
0x01066756
0x01066759
0x0106675f
0x01066764
0x01066764
0x0106676d
0x01066772
0x01066776
0x01066779
0x01066782
0x01066785
0x0106678c
0x0106678e
0x01066794
0x01066797
0x010667a1
0x010667aa
0x010667ca
0x010667d4
0x010667d7
0x010667da
0x010667de
0x010667e1
0x010667eb
0x010667f6
0x010667fe
0x0106680c
0x0106680f
0x01066812
0x010a7d30
0x010a7d32
0x010a7d34
0x010a7d39
0x010a7d3b
0x010a7d42
0x010a7d44
0x010a7d4a
0x010a7d50
0x010a7d53
0x010a7d59
0x010a7d6d
0x010a7d7c
0x010a7d7c
0x010a7d7e
0x010a7d82
0x010a7d84
0x00000000
0x00000000
0x010a7d86
0x010a7d86
0x010a7d8a
0x010a7d8d
0x010a7d8f
0x010a7d95
0x010a7d9d
0x010a7da0
0x010a7da0
0x010a7d5b
0x010a7d62
0x010a7d64
0x010a7d68
0x010a7d68
0x010a7da2
0x010a7da2
0x010a7d44
0x0106681d
0x01066822
0x01066829
0x0106682b
0x0106682e
0x010a7dac
0x010a7dae
0x010a7db0
0x010a7db5
0x010a7db7
0x010a7dbe
0x010a7dc0
0x010a7dc6
0x010a7dcc
0x010a7dcf
0x010a7dd5
0x010a7dee
0x010a7df8
0x010a7df8
0x010a7dfa
0x010a7dfe
0x010a7e00
0x00000000
0x00000000
0x010a7e02
0x010a7e02
0x010a7e06
0x010a7e09
0x010a7e0b
0x010a7e0e
0x010a7e14
0x010a7e1c
0x010a7e1f
0x010a7e1f
0x010a7dd7
0x010a7dde
0x010a7de0
0x010a7de4
0x010a7de4
0x010a7e21
0x010a7e21
0x00000000
0x010a7dc0
0x01066839
0x0106683e
0x01066850
0x01066853
0x0106685a
0x0106685a
0x01066867
0x0106686c
0x010a7e2b
0x010a7e2e
0x00000000
0x010a7e34
0x010a7e3d
0x00000000
0x010a7e3d
0x00000000
0x01066872
0x01066872
0x01066872
0x01066872
0x01066877
0x0106687a
0x010a7e47
0x010a7e4d
0x010a7e54
0x00000000
0x010a7e75
0x010a7e54
0x0106687a
0x01066886
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e85800a0e9180ed68609e70789f2dd8c515a3ffcaae4db1b300d00bf5874f45
Instruction ID: 6de184dff3f0de057dd031a63e13be04e3378c931d9f495408bb4ed6268cd0d4
Opcode Fuzzy Hash: 4e85800a0e9180ed68609e70789f2dd8c515a3ffcaae4db1b300d00bf5874f45
Instruction Fuzzy Hash: FFE18075A00205DFCB18CF59C880BADB7F5FF48310F5481A9E995AB395D735E981CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0104D5E0 Relevance: .4, Instructions: 353
COMMONCrypto

Download Yara Rule

C-Code - Quality: 87%

			E0104D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x112d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E01046600(0x11252d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x1127b9c; // 0x0
							_t281 = E01054620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E0107F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x1127b90; // 0x77cd0000
								if(_t384 == 0) {
									_t353 =  *0x1127b8c; // 0xbd2bc0
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E01052280(_t200, 0x11284d8);
									_t277 =  *0x11285f4; // 0xbd30b0
									_t351 =  *0x11285f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0xbd3048
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E0104FFB0(_t287, _t353, 0x11284d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0108CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E01046600(0x11252d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E01047926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x112b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E010BE974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x1128472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0x112b1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0x112b218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E01052280(_t250, 0x11284d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L01073898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E0104FFB0(_t293, _t353, 0x11284d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E010737F5(_t353, 0);
																}
																E01070413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E01069B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E010602D6(_t174);
																}
																L010577F0( *0x1127b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E0106C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L0104EC7F(_t353);
										L010619B8(_t287, 0, _t353, 0);
										_t200 = E0103F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0x112b2f8 |  *0x112b2fc) == 0 || ( *0x112b2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E0107B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0x112b2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E010E6B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E010E6AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E0104E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L0104EAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E01079730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E0104E9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L01048F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E01073C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}

0x0104d5f2
0x0104d5f5
0x0104d5f5
0x0104d5fd
0x0104d600
0x0104d60a
0x0104d60d
0x0104d617
0x0104d61d
0x0104d627
0x0104d62e
0x0104d911
0x0104d913
0x00000000
0x0104d919
0x0104d919
0x0104d919
0x0104d634
0x0104d634
0x0104d634
0x0104d634
0x0104d640
0x0104d8bf
0x00000000
0x0104d646
0x0104d646
0x0104d64d
0x0104d652
0x0109b2fc
0x0109b2fc
0x0109b302
0x0109b33b
0x0109b341
0x00000000
0x0109b304
0x0109b304
0x0109b319
0x0109b31e
0x0109b324
0x0109b326
0x0109b332
0x0109b347
0x0109b34c
0x0109b351
0x0109b35a
0x00000000
0x0109b328
0x0109b328
0x00000000
0x0109b328
0x0109b326
0x0104d658
0x0104d658
0x0104d65b
0x0104d665
0x00000000
0x0104d66b
0x0104d66b
0x0104d66b
0x0104d66b
0x0104d66d
0x0104d672
0x0104d67a
0x00000000
0x00000000
0x0104d680
0x0104d686
0x0104d8ce
0x0104d8d4
0x0104d8dd
0x0104d8e0
0x0104d68c
0x0104d691
0x0104d69d
0x0104d6a2
0x0104d6a7
0x0104d6b0
0x0104d6b5
0x0104d6e0
0x0104d6b7
0x0104d6b7
0x0104d6b9
0x0104d6b9
0x0104d6bb
0x0104d6bd
0x0104d6ce
0x0104d6d0
0x0104d6d2
0x0109b363
0x0109b365
0x00000000
0x0109b36b
0x00000000
0x0109b36b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0104d6bf
0x0104d6bf
0x0104d6e5
0x0104d6e7
0x0104d6e9
0x0104d6ec
0x0104d6ec
0x0104d6ef
0x0104d6f5
0x0104d6f9
0x0104d6fb
0x0104d6fd
0x0104d701
0x0104d703
0x0104d70a
0x0104d70a
0x0104d701
0x0104d710
0x0104d710
0x0104d6c1
0x0104d6c1
0x0104d6c6
0x0109b36d
0x0109b36f
0x00000000
0x0109b375
0x0109b375
0x0109b375
0x00000000
0x0109b375
0x00000000
0x0104d6cc
0x0104d6d8
0x0104d6d8
0x0104d6d8
0x00000000
0x0104d6c6
0x0104d6bf
0x00000000
0x0104d6da
0x0104d6da
0x0104d716
0x0104d71b
0x0104d720
0x0104d726
0x0104d726
0x0104d72d
0x00000000
0x0104d733
0x0104d739
0x0104d742
0x0104d750
0x0104d758
0x0104d764
0x0104d776
0x0104d77a
0x0104d783
0x0104d928
0x0104d92c
0x0104d93d
0x0104d944
0x0104d94f
0x0104d954
0x0104d956
0x0104d95f
0x0104d961
0x0104d973
0x0104d973
0x0104d956
0x0104d944
0x0104d92c
0x0104d78b
0x0109b394
0x0104d791
0x0104d798
0x0109b3a3
0x0109b3bb
0x0109b3bb
0x0104d7a5
0x0104d866
0x0104d870
0x0104d892
0x0104d898
0x0104d89e
0x0104d8a0
0x0104d8a6
0x0104d8ac
0x0104d8ae
0x0104d8b4
0x0104d8b4
0x0104d8ae
0x0104d7a5
0x0104d78b
0x0104d7b1
0x0109b3c5
0x0109b3c5
0x0104d7c3
0x0104d7ca
0x0104d7e5
0x0104d7eb
0x0104d8eb
0x0104d8ed
0x00000000
0x0104d8f3
0x0104d8f3
0x0104d8f3
0x00000000
0x0104d8ed
0x0104d7cc
0x0104d7cc
0x0104d7d2
0x00000000
0x0104d7d4
0x0104d7d4
0x0104d7d7
0x0104d7df
0x0109b3d4
0x0109b3d9
0x0109b3dc
0x0109b3dc
0x0109b3df
0x0109b3e2
0x0109b468
0x0109b46d
0x0109b46f
0x0109b46f
0x0109b475
0x0104d8f8
0x0104d8f9
0x0104d8fd
0x0109b3e8
0x0109b3e8
0x0109b3eb
0x0109b3ed
0x00000000
0x0109b3ef
0x0109b3ef
0x0109b3f1
0x0109b3f4
0x0109b3fe
0x0109b404
0x0109b409
0x0109b40e
0x0109b410
0x0109b410
0x0109b414
0x0109b414
0x0109b41b
0x0109b420
0x0109b423
0x0109b425
0x0109b427
0x0109b42a
0x0109b42d
0x0109b42d
0x0109b42a
0x0109b432
0x0109b436
0x0109b438
0x0109b43b
0x0109b43b
0x0109b449
0x0109b44e
0x0109b454
0x0109b458
0x0109b458
0x0109b45d
0x00000000
0x0109b45d
0x0109b3ed
0x00000000
0x00000000
0x00000000
0x0104d7df
0x0104d7d2
0x0104d7ca
0x0109b37c
0x0109b37e
0x0109b385
0x0109b38a
0x00000000
0x0109b38a
0x0104d742
0x0104d7f1
0x0104d7f8
0x0109b49b
0x0109b49b
0x0104d800
0x0104d837
0x0104d843
0x0104d845
0x0104d847
0x0104d84a
0x0104d84b
0x0104d84e
0x0104d857
0x0104d818
0x0104d824
0x0104d831
0x0109b4a5
0x0109b4ab
0x0109b4b3
0x0109b4b8
0x0109b4bb
0x00000000
0x0109b4c1
0x0109b4c1
0x0109b4c8
0x00000000
0x0109b4ce
0x0109b4d4
0x0109b4e1
0x0109b4e3
0x0109b4e5
0x00000000
0x0109b4eb
0x0109b4f0
0x0109b4f2
0x0104dac9
0x0104dacc
0x0104dacf
0x0104dad1
0x0104dd78
0x0104dd78
0x0104dcf2
0x00000000
0x0104dad7
0x0104dad9
0x0104dadb
0x00000000
0x00000000
0x0104dae1
0x0104dae1
0x0104dae4
0x0104dae6
0x0109b4f9
0x0109b4f9
0x0109b500
0x0104daec
0x0104daec
0x0104daf5
0x0104daf8
0x0104dafb
0x0104db03
0x0104db11
0x0104db16
0x0104db19
0x0104db1b
0x0109b52c
0x0109b531
0x0109b534
0x0104db21
0x0104db21
0x0104db24
0x0104dcd9
0x0104dce2
0x0104dce5
0x0104dd6a
0x0104dd6d
0x00000000
0x0104dd73
0x0109b51a
0x0109b51c
0x0109b51f
0x0109b524
0x00000000
0x0109b524
0x0104dce7
0x0104dce7
0x0104dce7
0x00000000
0x0104dce7
0x00000000
0x0104db2a
0x0104db2c
0x0104db31
0x0104db33
0x0104db36
0x0104db39
0x0104db3b
0x0104db66
0x0104db66
0x0104db3d
0x0104db3d
0x0104db3e
0x0104db46
0x0104db47
0x0104db49
0x0104db4c
0x0104db53
0x0104db55
0x0104db58
0x0104db5a
0x0109b50a
0x0109b50f
0x0109b512
0x0104db60
0x0104db60
0x0104db63
0x0104db63
0x00000000
0x0104db63
0x0104db5a
0x0104db3b
0x0104db24
0x0104db69
0x0104db69
0x0104db6c
0x0104db6f
0x0104db74
0x0109b557
0x0109b557
0x0109b55e
0x0104db7a
0x0104db7c
0x0104db7f
0x0104db82
0x0104db85
0x00000000
0x0104db8b
0x0104db8b
0x0104db8d
0x0104db9b
0x0104db9b
0x0104db9d
0x0104dba0
0x0104dba2
0x0104dba4
0x0104dba7
0x0104dba9
0x0104dbae
0x0104dbae
0x0104dbb1
0x0104dbb4
0x0104dbb4
0x0104dbb7
0x0104dbba
0x0104dcd2
0x0104dcd4
0x00000000
0x0104dbc0
0x0104dbc0
0x0104dbd2
0x0104dbd7
0x0104dbda
0x0104dbdd
0x0104dbdf
0x00000000
0x0104dbe5
0x0104dbe5
0x0104dbee
0x0104dbf1
0x0109b541
0x0109b544
0x00000000
0x0109b546
0x0109b546
0x00000000
0x0109b546
0x0104dbf7
0x0104dbf7
0x0104dbfd
0x0104dbfd
0x0104dbff
0x0104dc0b
0x0104dc15
0x0104dc1b
0x0104dc1d
0x0104dc21
0x0104dc21
0x0104dc23
0x0104dc23
0x0104dc26
0x0104dc29
0x0104dc2b
0x00000000
0x00000000
0x0104dc31
0x0104dc34
0x0104dc36
0x0104dcbf
0x0104dcbf
0x0104dcc2
0x00000000
0x0104dc3c
0x0104dc41
0x0104dc43
0x00000000
0x0104dc45
0x0104dc45
0x0104dc47
0x00000000
0x0104dc4d
0x0104dc4d
0x0104dc50
0x0104dc52
0x0104dc55
0x0104dcfa
0x0104dcfe
0x0104dd08
0x0104dd0a
0x0104dd0c
0x00000000
0x0104dd12
0x0104dd15
0x0104dd2d
0x0104dd2f
0x0104dd32
0x0104dd35
0x00000000
0x0104dd35
0x0104dc5b
0x0104dc5b
0x0104dc5e
0x0104dc61
0x0104dc64
0x0104dc67
0x0104dc67
0x0104dc6a
0x0104dc6c
0x0104dc8e
0x0104dc8e
0x0104dc91
0x0104dc93
0x0104dcce
0x0104dcce
0x0104dc95
0x0104dc9c
0x0104dc6e
0x0104dc72
0x0104dc75
0x0104dc77
0x0104dc79
0x0109b551
0x0109b551
0x00000000
0x0104dc7f
0x0104dc7f
0x0104dc81
0x00000000
0x0104dc83
0x0104dc86
0x0104dc88
0x00000000
0x00000000
0x00000000
0x00000000
0x0104dc88
0x0104dc81
0x0104dc79
0x0104dc6c
0x0104dc55
0x0104dc47
0x0104dc43
0x00000000
0x0104dc36
0x0104dc23
0x00000000
0x0104dbff
0x0104dbf1
0x0104dbdf
0x0104db8f
0x0104db92
0x0104db95
0x00000000
0x00000000
0x00000000
0x00000000
0x0104db95
0x0104db8d
0x0104db85
0x0104db74
0x0104dc9f
0x0104dca2
0x0104dcb0
0x0104dcb0
0x0104dad1
0x0109b4e5
0x0109b4c8
0x00000000
0x00000000
0x00000000
0x0104d831
0x00000000
0x0104d800
0x0109b47f
0x0109b485
0x00000000
0x0109b485
0x0104d665
0x0104d652
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e38164e0f58937ddcf0231b0b5cda43dca55eb1e8f5d445b2e4e298deccc7663
Instruction ID: c19bb5f7da7b53b386bab032795f872d940a8bfbd94d206cd9f525a6e5549e7e
Opcode Fuzzy Hash: e38164e0f58937ddcf0231b0b5cda43dca55eb1e8f5d445b2e4e298deccc7663
Instruction Fuzzy Hash: D3E1E0B0A0035ADFEB75CF68C890BA9BBF2BF55314F0441F9D98997281DB30A981CB51

Uniqueness

Uniqueness Score: -1.00%

Function 01033ACA Relevance: .3, Instructions: 348
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E01033ACA(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t197;
				intOrPtr _t200;
				signed int _t201;
				signed int _t202;
				intOrPtr _t206;
				signed int _t207;
				intOrPtr _t209;
				intOrPtr _t217;
				signed int _t224;
				signed int _t226;
				signed int _t229;
				signed int _t230;
				signed int _t233;
				intOrPtr _t238;
				signed int _t246;
				signed int _t249;
				char* _t252;
				intOrPtr _t257;
				signed int _t272;
				intOrPtr _t280;
				intOrPtr _t281;
				signed char _t286;
				signed int _t291;
				signed int _t292;
				intOrPtr _t299;
				intOrPtr _t301;
				signed int _t307;
				intOrPtr* _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t312;
				signed int* _t313;
				intOrPtr _t315;
				signed int _t316;
				void* _t317;

				_push(0x84);
				_push(0x110f4d0);
				E0108D0E8(__ebx, __edi, __esi);
				_t312 = __edx;
				 *((intOrPtr*)(_t317 - 0x38)) = __edx;
				 *((intOrPtr*)(_t317 - 0x20)) = __ecx;
				_t307 = 0;
				 *(_t317 - 0x74) = 0;
				 *((intOrPtr*)(_t317 - 0x78)) = 0;
				_t272 = 0;
				 *(_t317 - 0x60) = 0;
				 *((intOrPtr*)(_t317 - 0x68)) =  *((intOrPtr*)(__ecx + 0x2c)) + __ecx;
				_t197 = __edx + 0x28;
				 *((intOrPtr*)(_t317 - 0x7c)) = _t197;
				 *((intOrPtr*)(_t317 - 0x88)) = _t197;
				E01052280(_t197, _t197);
				_t280 =  *((intOrPtr*)(_t312 + 0x2c));
				 *((intOrPtr*)(_t317 - 0x34)) = _t280;
				L1:
				while(1) {
					if(_t280 == _t312 + 0x2c) {
						E0104FFB0(_t272, _t307,  *((intOrPtr*)(_t317 - 0x7c)));
						asm("sbb ebx, ebx");
						return E0108D130( ~_t272 & 0xc000022d, _t307, _t312);
					}
					_t15 = _t280 - 4; // -4
					_t200 = _t15;
					 *((intOrPtr*)(_t317 - 0x70)) = _t200;
					 *((intOrPtr*)(_t317 - 0x8c)) = _t200;
					 *((intOrPtr*)(_t317 - 0x6c)) = _t200;
					_t308 = 0x7ffe0010;
					_t313 = 0x7ffe03b0;
					goto L4;
					do {
						do {
							do {
								do {
									L4:
									_t201 =  *0x1128628; // 0x0
									 *(_t317 - 0x30) = _t201;
									_t202 =  *0x112862c; // 0x0
									 *(_t317 - 0x44) = _t202;
									 *(_t317 - 0x28) =  *_t313;
									 *(_t317 - 0x58) = _t313[1];
									while(1) {
										_t301 =  *0x7ffe000c;
										_t281 =  *0x7ffe0008;
										__eflags = _t301 -  *_t308;
										if(_t301 ==  *_t308) {
											goto L6;
										}
										asm("pause");
									}
									L6:
									_t313 = 0x7ffe03b0;
									_t309 =  *0x7ffe03b0;
									 *(_t317 - 0x40) = _t309;
									_t206 =  *0x7FFE03B4;
									 *((intOrPtr*)(_t317 - 0x3c)) = _t206;
									__eflags =  *(_t317 - 0x28) - _t309;
									_t308 = 0x7ffe0010;
								} while ( *(_t317 - 0x28) != _t309);
								__eflags =  *(_t317 - 0x58) - _t206;
							} while ( *(_t317 - 0x58) != _t206);
							_t207 =  *0x1128628; // 0x0
							_t310 =  *0x112862c; // 0x0
							 *(_t317 - 0x28) = _t310;
							__eflags =  *(_t317 - 0x30) - _t207;
							_t308 = 0x7ffe0010;
						} while ( *(_t317 - 0x30) != _t207);
						__eflags =  *(_t317 - 0x44) -  *(_t317 - 0x28);
					} while ( *(_t317 - 0x44) !=  *(_t317 - 0x28));
					_t315 =  *((intOrPtr*)(_t317 - 0x6c));
					_t307 = 0;
					_t272 =  *(_t317 - 0x60);
					asm("sbb edx, [ebp-0x3c]");
					asm("sbb edx, eax");
					 *(_t317 - 0x28) = _t281 -  *(_t317 - 0x40) -  *(_t317 - 0x30) + 0x7a120;
					asm("adc edx, edi");
					asm("lock inc dword [esi+0x2c]");
					_t209 =  *((intOrPtr*)(_t317 - 0x20));
					_t286 =  *(_t315 + 0x24) &  *(_t209 + 0x18);
					 *(_t317 - 0x40) = _t286;
					__eflags =  *(_t315 + 0x34);
					if( *(_t315 + 0x34) != 0) {
						L37:
						 *((intOrPtr*)(_t317 - 0x34)) =  *((intOrPtr*)( *((intOrPtr*)(_t317 - 0x34))));
						E0106DF4C(_t317 - 0x78, _t315, _t317 - 0x74, _t317 - 0x78);
						_t316 =  *(_t317 - 0x74);
						__eflags = _t316;
						_t280 =  *((intOrPtr*)(_t317 - 0x34));
						if(_t316 != 0) {
							 *0x112b1e0( *((intOrPtr*)(_t317 - 0x78)));
							 *_t316();
							_t280 =  *((intOrPtr*)(_t317 - 0x34));
						}
						_t312 =  *((intOrPtr*)(_t317 - 0x38));
						continue;
					}
					__eflags = _t286;
					if(_t286 == 0) {
						goto L37;
					}
					 *(_t317 - 0x5c) = _t286;
					_t45 = _t317 - 0x5c;
					 *_t45 =  *(_t317 - 0x5c) & 0x00000001;
					__eflags =  *_t45;
					if( *_t45 == 0) {
						L40:
						__eflags = _t286 & 0xfffffffe;
						if((_t286 & 0xfffffffe) != 0) {
							__eflags =  *((intOrPtr*)(_t315 + 0x64)) - _t307;
							if( *((intOrPtr*)(_t315 + 0x64)) == _t307) {
								L14:
								__eflags =  *(_t315 + 0x40) - _t307;
								if( *(_t315 + 0x40) != _t307) {
									__eflags = _t301 -  *(_t315 + 0x4c);
									if(__eflags > 0) {
										goto L15;
									}
									if(__eflags < 0) {
										L59:
										_t299 =  *((intOrPtr*)(_t317 - 0x20));
										__eflags =  *(_t315 + 0x5c) -  *((intOrPtr*)(_t299 + 0x10));
										if( *(_t315 + 0x5c) >=  *((intOrPtr*)(_t299 + 0x10))) {
											goto L37;
										}
										goto L15;
									}
									__eflags =  *(_t317 - 0x28) -  *(_t315 + 0x48);
									if( *(_t317 - 0x28) >=  *(_t315 + 0x48)) {
										goto L15;
									}
									goto L59;
								}
								L15:
								__eflags =  *((intOrPtr*)(_t317 + 8)) - _t307;
								if( *((intOrPtr*)(_t317 + 8)) != _t307) {
									__eflags =  *((intOrPtr*)(_t315 + 0x58)) - _t307;
									if( *((intOrPtr*)(_t315 + 0x58)) != _t307) {
										goto L16;
									}
									goto L37;
								}
								L16:
								 *(_t317 - 0x24) = _t307;
								 *(_t317 - 0x30) = _t307;
								 *((intOrPtr*)(_t317 - 0x2c)) =  *((intOrPtr*)(_t315 + 0x10));
								_t217 =  *((intOrPtr*)(_t315 + 0xc));
								 *((intOrPtr*)(_t317 - 0x4c)) =  *((intOrPtr*)(_t217 + 0x10));
								 *((intOrPtr*)(_t317 - 0x48)) =  *((intOrPtr*)(_t217 + 0x14));
								 *(_t317 - 0x58) =  *(_t217 + 0x24);
								 *((intOrPtr*)(_t317 - 0x3c)) =  *((intOrPtr*)(_t315 + 0x14));
								 *((intOrPtr*)(_t317 - 0x64)) =  *((intOrPtr*)(_t315 + 0x18));
								 *(_t315 + 0x60) =  *( *[fs:0x18] + 0x24);
								_t224 =  *((intOrPtr*)(_t317 - 0x38)) + 0x28;
								 *(_t317 - 0x94) = _t224;
								_t291 = _t224;
								 *(_t317 - 0x28) = _t291;
								 *(_t317 - 0x90) = _t291;
								E0104FFB0(_t272, _t307, _t224);
								_t292 = _t307;
								 *(_t317 - 0x54) = _t292;
								_t226 = _t307;
								 *(_t317 - 0x50) = _t226;
								 *(_t317 - 0x44) = _t226;
								__eflags =  *(_t315 + 0x28);
								if(__eflags != 0) {
									asm("lock bts dword [eax], 0x0");
									_t229 = 0;
									_t230 = _t229 & 0xffffff00 | __eflags >= 0x00000000;
									 *(_t317 - 0x50) = _t230;
									 *(_t317 - 0x44) = _t230;
									__eflags = _t230;
									if(_t230 != 0) {
										goto L17;
									}
									__eflags =  *((intOrPtr*)(_t317 + 8)) - 1;
									if( *((intOrPtr*)(_t317 + 8)) == 1) {
										E01052280( *(_t315 + 0x28) + 0x10,  *(_t315 + 0x28) + 0x10);
										_t230 = 1;
										 *(_t317 - 0x50) = 1;
										 *(_t317 - 0x44) = 1;
										goto L17;
									}
									_t233 = _t230 + 1;
									L35:
									 *( *((intOrPtr*)(_t317 - 0x70)) + 0x58) = _t233;
									__eflags = _t292;
									if(_t292 == 0) {
										E01052280(_t233,  *(_t317 - 0x28));
									}
									 *(_t315 + 0x60) = _t307;
									goto L37;
								}
								L17:
								__eflags =  *(_t315 + 0x34) - _t307;
								if( *(_t315 + 0x34) != _t307) {
									L26:
									__eflags =  *(_t317 - 0x50);
									if( *(_t317 - 0x50) != 0) {
										_t230 = E0104FFB0(_t272, _t307,  *(_t315 + 0x28) + 0x10);
									}
									__eflags =  *(_t317 - 0x30);
									if( *(_t317 - 0x30) == 0) {
										L71:
										_t292 =  *(_t317 - 0x54);
										L34:
										_t233 = _t307;
										goto L35;
									}
									E01052280(_t230,  *(_t317 - 0x94));
									_t292 = 1;
									 *(_t317 - 0x54) = 1;
									__eflags =  *(_t317 - 0x24) - 0xc000022d;
									if( *(_t317 - 0x24) == 0xc000022d) {
										L69:
										__eflags =  *(_t315 + 0x20) & 0x00000004;
										if(( *(_t315 + 0x20) & 0x00000004) == 0) {
											goto L34;
										}
										_t272 = 1;
										__eflags = 1;
										 *(_t317 - 0x60) = 1;
										E010C30AE(_t315,  *(_t317 - 0x24),  *( *((intOrPtr*)(_t317 - 0x20)) + 0x10));
										goto L71;
									}
									__eflags =  *(_t317 - 0x24) - 0xc0000017;
									if( *(_t317 - 0x24) == 0xc0000017) {
										goto L69;
									}
									__eflags =  *(_t315 + 0x1c);
									if( *(_t315 + 0x1c) != 0) {
										_t238 =  *((intOrPtr*)(_t317 - 0x20));
										__eflags =  *((intOrPtr*)(_t238 + 0x10)) -  *(_t315 + 0x1c);
										if( *((intOrPtr*)(_t238 + 0x10)) -  *(_t315 + 0x1c) > 0) {
											goto L31;
										}
										L32:
										__eflags =  *(_t315 + 0x20) & 0x00000004;
										if(( *(_t315 + 0x20) & 0x00000004) != 0) {
											__eflags =  *(_t315 + 0x50) - _t307;
											if( *(_t315 + 0x50) > _t307) {
												 *(_t315 + 0x40) = _t307;
												 *(_t315 + 0x54) = _t307;
												 *(_t315 + 0x48) = _t307;
												 *(_t315 + 0x4c) = _t307;
												 *(_t315 + 0x50) = _t307;
												 *(_t315 + 0x5c) = _t307;
											}
										}
										goto L34;
									}
									L31:
									 *(_t315 + 0x1c) =  *( *((intOrPtr*)(_t317 - 0x20)) + 0x10);
									goto L32;
								}
								 *(_t317 - 0x30) = 1;
								 *((intOrPtr*)(_t317 - 0x80)) = 1;
								 *((intOrPtr*)(_t317 - 0x64)) = E01033E80( *((intOrPtr*)(_t317 - 0x64)));
								 *(_t317 - 4) = _t307;
								__eflags =  *(_t317 - 0x5c);
								if( *(_t317 - 0x5c) != 0) {
									_t257 =  *((intOrPtr*)(_t317 - 0x20));
									 *0x112b1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)),  *((intOrPtr*)(_t257 + 0x10)),  *(_t317 - 0x58),  *((intOrPtr*)(_t317 - 0x3c)),  *((intOrPtr*)(_t317 - 0x68)),  *((intOrPtr*)(_t257 + 0x14)));
									 *(_t317 - 0x24) =  *((intOrPtr*)(_t317 - 0x2c))();
								}
								_t246 =  *(_t317 - 0x40);
								__eflags = _t246 & 0x00000010;
								if((_t246 & 0x00000010) != 0) {
									__eflags =  *(_t315 + 0x34) - _t307;
									if( *(_t315 + 0x34) != _t307) {
										goto L21;
									}
									__eflags =  *(_t317 - 0x24);
									if( *(_t317 - 0x24) >= 0) {
										L64:
										 *0x112b1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)), _t307,  *(_t317 - 0x58),  *((intOrPtr*)(_t317 - 0x3c)), _t307, _t307);
										 *((intOrPtr*)(_t317 - 0x2c))();
										 *(_t317 - 0x24) = _t307;
										_t246 =  *(_t317 - 0x40);
										goto L21;
									}
									__eflags =  *(_t315 + 0x20) & 0x00000004;
									if(( *(_t315 + 0x20) & 0x00000004) != 0) {
										goto L21;
									}
									goto L64;
								} else {
									L21:
									__eflags = _t246 & 0xffffffee;
									if((_t246 & 0xffffffee) != 0) {
										 *(_t317 - 0x24) = _t307;
										 *0x112b1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)),  *((intOrPtr*)(_t317 - 0x3c)), _t246);
										 *((intOrPtr*)(_t317 - 0x2c))();
									}
									_t249 = E01057D50();
									__eflags = _t249;
									if(_t249 != 0) {
										_t252 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x234;
									} else {
										_t252 = 0x7ffe038e;
									}
									__eflags =  *_t252;
									if( *_t252 != 0) {
										_t252 = E010C2E14( *( *((intOrPtr*)(_t317 - 0x20)) + 0x10), _t315,  *((intOrPtr*)(_t317 - 0x38)),  *((intOrPtr*)(_t317 - 0x2c)),  *(_t317 - 0x40),  *(_t317 - 0x24),  *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)));
									}
									 *(_t317 - 4) = 0xfffffffe;
									E01033E6B(_t252);
									_t230 = E01033E80( *((intOrPtr*)(_t317 - 0x64)));
									goto L26;
								}
							}
						}
						__eflags = _t286 & 0x00000010;
						if((_t286 & 0x00000010) == 0) {
							goto L37;
						}
						goto L14;
					}
					__eflags =  *(_t315 + 0x1c);
					if( *(_t315 + 0x1c) != 0) {
						__eflags =  *((intOrPtr*)(_t209 + 0x10)) -  *(_t315 + 0x1c);
						if( *((intOrPtr*)(_t209 + 0x10)) -  *(_t315 + 0x1c) > 0) {
							goto L14;
						}
						goto L40;
					}
					goto L14;
				}
			}

0x01033aca
0x01033acf
0x01033ad4
0x01033ad9
0x01033adb
0x01033ae0
0x01033ae3
0x01033ae5
0x01033ae8
0x01033aeb
0x01033aed
0x01033af5
0x01033af8
0x01033afb
0x01033afe
0x01033b05
0x01033b0a
0x01033b0d
0x00000000
0x01033b10
0x01033b15
0x01033b1a
0x01033b21
0x01033b30
0x01033b30
0x01033b33
0x01033b33
0x01033b36
0x01033b39
0x01033b3f
0x01033b47
0x01033b4a
0x01033b4a
0x01033b4f
0x01033b4f
0x01033b4f
0x01033b4f
0x01033b4f
0x01033b4f
0x01033b54
0x01033b57
0x01033b5c
0x01033b61
0x01033b67
0x01033b6f
0x01033b6f
0x01033b71
0x01033b75
0x01033b77
0x00000000
0x00000000
0x01033e6c
0x01033e6c
0x01033b7d
0x01033b7d
0x01033b82
0x01033b84
0x01033b87
0x01033b8a
0x01033b8d
0x01033b90
0x01033b90
0x01033b97
0x01033b97
0x01033b9c
0x01033ba1
0x01033ba7
0x01033baa
0x01033bad
0x01033bad
0x01033bb7
0x01033bb7
0x01033bbc
0x01033bbf
0x01033bc1
0x01033bc7
0x01033bcd
0x01033bd5
0x01033bd8
0x01033bda
0x01033be1
0x01033be4
0x01033be7
0x01033bea
0x01033bed
0x01033d97
0x01033d9c
0x01033da8
0x01033dad
0x01033db0
0x01033db2
0x01033db5
0x0109020b
0x01090211
0x01090213
0x01090213
0x01033dbb
0x00000000
0x01033dbb
0x01033bf3
0x01033bf5
0x00000000
0x00000000
0x01033bfb
0x01033bfe
0x01033bfe
0x01033bfe
0x01033c02
0x01033dd1
0x01033dd1
0x01033dd7
0x010900c1
0x010900c4
0x01033c11
0x01033c11
0x01033c14
0x010900cf
0x010900d2
0x00000000
0x00000000
0x010900d8
0x010900e6
0x010900e9
0x010900ec
0x010900ef
0x00000000
0x00000000
0x00000000
0x010900f5
0x010900dd
0x010900e0
0x00000000
0x00000000
0x00000000
0x010900e0
0x01033c1a
0x01033c1a
0x01033c1d
0x01033e20
0x01033e23
0x00000000
0x00000000
0x00000000
0x01033e29
0x01033c23
0x01033c23
0x01033c26
0x01033c2c
0x01033c2f
0x01033c35
0x01033c3b
0x01033c41
0x01033c47
0x01033c4d
0x01033c59
0x01033c5f
0x01033c62
0x01033c68
0x01033c6a
0x01033c6d
0x01033c74
0x01033c79
0x01033c7b
0x01033c7e
0x01033c80
0x01033c83
0x01033c89
0x01033c8b
0x01033dea
0x01033df1
0x01033df2
0x01033df5
0x01033df8
0x01033dfb
0x01033dfd
0x00000000
0x00000000
0x01033e03
0x01033e07
0x01033e42
0x01033e49
0x01033e4a
0x01033e4d
0x00000000
0x01033e4d
0x01033e09
0x01033d86
0x01033d89
0x01033d8c
0x01033d8e
0x01033e31
0x01033e31
0x01033d94
0x00000000
0x01033d94
0x01033c91
0x01033c91
0x01033c94
0x01033d23
0x01033d23
0x01033d27
0x01033e16
0x01033e16
0x01033d2d
0x01033d31
0x010901fe
0x010901fe
0x01033d84
0x01033d84
0x00000000
0x01033d84
0x01033d3d
0x01033d44
0x01033d45
0x01033d48
0x01033d4f
0x010901de
0x010901de
0x010901e2
0x00000000
0x00000000
0x010901ea
0x010901ea
0x010901eb
0x010901f9
0x00000000
0x010901f9
0x01033d55
0x01033d5c
0x00000000
0x00000000
0x01033d62
0x01033d66
0x01033e55
0x01033e5e
0x01033e60
0x00000000
0x00000000
0x01033d75
0x01033d75
0x01033d79
0x01033d7b
0x01033d7e
0x010901c7
0x010901ca
0x010901cd
0x010901d0
0x010901d3
0x010901d6
0x010901d6
0x01033d7e
0x00000000
0x01033d79
0x01033d6c
0x01033d72
0x00000000
0x01033d72
0x01033c9d
0x01033ca0
0x01033cab
0x01033cae
0x01033cb1
0x01033cb5
0x01033cb7
0x01033cd2
0x01033cdb
0x01033cdb
0x01033cde
0x01033ce1
0x01033ce3
0x010900fa
0x010900fd
0x00000000
0x00000000
0x01090103
0x01090107
0x01090113
0x01090125
0x0109012b
0x0109012e
0x01090131
0x00000000
0x01090131
0x01090109
0x0109010d
0x00000000
0x00000000
0x00000000
0x01033ce9
0x01033ce9
0x01033ce9
0x01033cee
0x01090139
0x01090149
0x0109014f
0x0109014f
0x01033cf4
0x01033cf9
0x01033cfb
0x01090160
0x01033d01
0x01033d01
0x01033d01
0x01033d06
0x01033d09
0x01090184
0x01090184
0x01033d0f
0x01033d16
0x01033d1e
0x00000000
0x01033d1e
0x01033ce3
0x010900ca
0x01033ddd
0x01033de0
0x00000000
0x00000000
0x00000000
0x01033de2
0x01033c08
0x01033c0b
0x01033dc9
0x01033dcb
0x00000000
0x00000000
0x00000000
0x01033dcb
0x00000000
0x01033c0b

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8226442ecce7d583f8615fe2ab2408ee58c99f4b18a984da4c554d9a26a01f51
Instruction ID: f4059729e23278cc6c57c4526ad1a622e671db785dddfa27d5db780d352d6a0b
Opcode Fuzzy Hash: 8226442ecce7d583f8615fe2ab2408ee58c99f4b18a984da4c554d9a26a01f51
Instruction Fuzzy Hash: FCE10270D00608DFCF65DFA9D984A9DFBF9BF88300F14456AE586AB265D730A881CF10

Uniqueness

Uniqueness Score: -1.00%

Function 0105B236 Relevance: .3, Instructions: 305
COMMONCrypto

Download Yara Rule

C-Code - Quality: 86%

			E0105B236(signed int __ecx, intOrPtr __edx) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				unsigned int _t94;
				signed int _t96;
				intOrPtr _t97;
				unsigned int _t101;
				char _t103;
				signed int _t114;
				signed int _t115;
				signed char* _t118;
				intOrPtr _t119;
				signed int _t120;
				signed char* _t123;
				signed int _t129;
				char* _t132;
				unsigned int _t147;
				signed int _t157;
				unsigned int _t158;
				signed int _t159;
				signed int _t165;
				signed int _t168;
				signed char _t175;
				signed char _t185;
				unsigned int _t197;
				unsigned int _t206;
				unsigned int* _t214;
				signed int _t218;

				_t156 = __edx;
				_v24 = __edx;
				_t218 = __ecx;
				_t3 = _t156 + 0xfff; // 0xfff
				_t210 = 0;
				_v16 = _t3 & 0xfffff000;
				if(E0105B477(__ecx,  &_v16) == 0) {
					__eflags =  *(__ecx + 0x40) & 0x00000002;
					if(( *(__ecx + 0x40) & 0x00000002) == 0) {
						L32:
						__eflags =  *(_t218 + 0x40) & 0x00000080;
						if(( *(_t218 + 0x40) & 0x00000080) != 0) {
							_t210 = E010DCB4F(_t218);
							__eflags = _t210;
							if(_t210 == 0) {
								goto L33;
							}
							__eflags = ( *_t210 & 0x0000ffff) - _t156;
							if(( *_t210 & 0x0000ffff) < _t156) {
								goto L33;
							}
							_t157 = _t210;
							goto L3;
						}
						L33:
						_t157 = 0;
						__eflags = _t210;
						if(_t210 != 0) {
							__eflags =  *(_t218 + 0x4c);
							if( *(_t218 + 0x4c) != 0) {
								 *(_t210 + 3) =  *(_t210 + 2) ^  *(_t210 + 1) ^  *_t210;
								 *_t210 =  *_t210 ^  *(_t218 + 0x50);
							}
						}
						goto L3;
					}
					_v12 = _v12 & 0;
					_t158 = __edx + 0x2000;
					_t94 =  *((intOrPtr*)(__ecx + 0x64));
					__eflags = _t158 - _t94;
					if(_t158 > _t94) {
						_t94 = _t158;
					}
					__eflags =  *((char*)(_t218 + 0xda)) - 2;
					if( *((char*)(_t218 + 0xda)) != 2) {
						_t165 = 0;
					} else {
						_t165 =  *(_t218 + 0xd4);
					}
					__eflags = _t165;
					if(_t165 == 0) {
						__eflags = _t94 - 0x3f4000;
						if(_t94 >= 0x3f4000) {
							 *(_t218 + 0x48) =  *(_t218 + 0x48) | 0x20000000;
						}
					}
					_t96 = _t94 + 0x0000ffff & 0xffff0000;
					_v8 = _t96;
					__eflags = _t96 - 0xfd0000;
					if(_t96 >= 0xfd0000) {
						_v8 = 0xfd0000;
					}
					_t97 = E01060678(_t218, 1);
					_push(_t97);
					_push(0x2000);
					_v28 = _t97;
					_push( &_v8);
					_push(0);
					_push( &_v12);
					_push(0xffffffff);
					_t168 = E01079660();
					__eflags = _t168;
					if(_t168 < 0) {
						while(1) {
							_t101 = _v8;
							__eflags = _t101 - _t158;
							if(_t101 == _t158) {
								break;
							}
							_t147 = _t101 >> 1;
							_v8 = _t147;
							__eflags = _t147 - _t158;
							if(_t147 < _t158) {
								_v8 = _t158;
							}
							_push(_v28);
							_push(0x2000);
							_push( &_v8);
							_push(0);
							_push( &_v12);
							_push(0xffffffff);
							_t168 = E01079660();
							__eflags = _t168;
							if(_t168 < 0) {
								continue;
							} else {
								_t101 = _v8;
								break;
							}
						}
						__eflags = _t168;
						if(_t168 >= 0) {
							goto L12;
						}
						 *((intOrPtr*)(_t218 + 0x214)) =  *((intOrPtr*)(_t218 + 0x214)) + 1;
						goto L60;
					} else {
						_t101 = _v8;
						L12:
						 *((intOrPtr*)(_t218 + 0x64)) =  *((intOrPtr*)(_t218 + 0x64)) + _t101;
						_t103 = _v24 + 0x1000;
						__eflags = _t103 -  *((intOrPtr*)(_t218 + 0x68));
						if(_t103 <=  *((intOrPtr*)(_t218 + 0x68))) {
							_t103 =  *((intOrPtr*)(_t218 + 0x68));
						}
						_push(_v28);
						_v20 = _t103;
						_push(0x1000);
						_push( &_v20);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						_t159 = E01079660();
						__eflags = _t159;
						if(_t159 < 0) {
							L59:
							E0106174B( &_v12,  &_v8, 0x8000);
							L60:
							_t156 = _v24;
							goto L32;
						} else {
							_t114 = E0106138B(_t218, _v12, 0x40, _t168, 2, _v12, _v20 + _v12, _v8 + 0xfffff000 + _t192);
							__eflags = _t114;
							if(_t114 == 0) {
								_t159 = 0xc0000017;
							}
							__eflags = _t159;
							if(_t159 < 0) {
								goto L59;
							} else {
								_t115 = E01057D50();
								_t212 = 0x7ffe0380;
								__eflags = _t115;
								if(_t115 != 0) {
									_t118 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t118 = 0x7ffe0380;
								}
								__eflags =  *_t118;
								if( *_t118 != 0) {
									_t119 =  *[fs:0x30];
									__eflags =  *(_t119 + 0x240) & 0x00000001;
									if(( *(_t119 + 0x240) & 0x00000001) != 0) {
										E010F138A(0x226, _t218, _v12, _v20, 4);
										__eflags = E01057D50();
										if(__eflags != 0) {
											_t212 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E010F1582(0x226, _t218,  *(_v12 + 0x24), __eflags, _v20,  *(_t218 + 0x74) << 3,  *_t212 & 0x000000ff);
									}
								}
								_t120 = E01057D50();
								_t213 = 0x7ffe038a;
								__eflags = _t120;
								if(_t120 != 0) {
									_t123 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t123 = 0x7ffe038a;
								}
								__eflags =  *_t123;
								if( *_t123 != 0) {
									__eflags = E01057D50();
									if(__eflags != 0) {
										_t213 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
									}
									E010F1582(0x230, _t218,  *(_v12 + 0x24), __eflags, _v20,  *(_t218 + 0x74) << 3,  *_t213 & 0x000000ff);
								}
								_t129 = E01057D50();
								__eflags = _t129;
								if(_t129 != 0) {
									_t132 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								} else {
									_t132 = 0x7ffe0388;
								}
								__eflags =  *_t132;
								if( *_t132 != 0) {
									E010EFEC0(0x230, _t218, _v12, _v8);
								}
								__eflags =  *(_t218 + 0x4c);
								_t214 =  *(_v12 + 0x24);
								if( *(_t218 + 0x4c) != 0) {
									_t197 =  *(_t218 + 0x50) ^  *_t214;
									 *_t214 = _t197;
									_t175 = _t197 >> 0x00000010 ^ _t197 >> 0x00000008 ^ _t197;
									__eflags = _t197 >> 0x18 - _t175;
									if(__eflags != 0) {
										_push(_t175);
										E010EFA2B(0x230, _t218, _t214, _t214, _t218, __eflags);
									}
								}
								_t157 =  *(_v12 + 0x24);
								goto L3;
							}
						}
					}
				} else {
					_v16 = _v16 >> 3;
					_t157 = E010599BF(__ecx, _t87,  &_v16, 0);
					E0105A830(__ecx, _t157, _v16);
					if( *(_t218 + 0x4c) != 0) {
						_t206 =  *(_t218 + 0x50) ^  *_t157;
						 *_t157 = _t206;
						_t185 = _t206 >> 0x00000010 ^ _t206 >> 0x00000008 ^ _t206;
						if(_t206 >> 0x18 != _t185) {
							_push(_t185);
							E010EFA2B(_t157, _t218, _t157, 0, _t218, __eflags);
						}
					}
					L3:
					return _t157;
				}
			}

0x0105b23f
0x0105b246
0x0105b249
0x0105b24b
0x0105b251
0x0105b258
0x0105b262
0x0105b2b2
0x0105b2b6
0x0105b456
0x0105b456
0x0105b45a
0x010a2912
0x010a2914
0x010a2916
0x00000000
0x00000000
0x010a291f
0x010a2921
0x00000000
0x00000000
0x010a2927
0x00000000
0x010a2927
0x0105b460
0x0105b460
0x0105b462
0x0105b464
0x010a292e
0x010a2931
0x010a293f
0x010a2945
0x010a2945
0x010a2931
0x00000000
0x0105b464
0x0105b2bc
0x0105b2bf
0x0105b2c5
0x0105b2c8
0x0105b2ca
0x010a27af
0x010a27af
0x0105b2d0
0x0105b2d7
0x0105b437
0x0105b2dd
0x0105b2dd
0x0105b2dd
0x0105b2e3
0x0105b2e5
0x0105b43e
0x0105b443
0x010a27b6
0x010a27b6
0x0105b443
0x0105b2f5
0x0105b2fa
0x0105b2fd
0x0105b2ff
0x0105b46f
0x0105b46f
0x0105b30a
0x0105b30f
0x0105b310
0x0105b315
0x0105b31b
0x0105b31c
0x0105b321
0x0105b322
0x0105b329
0x0105b32b
0x0105b32d
0x010a27c2
0x010a27c2
0x010a27c5
0x010a27c7
0x00000000
0x00000000
0x010a27c9
0x010a27cb
0x010a27ce
0x010a27d0
0x010a27d2
0x010a27d2
0x010a27d5
0x010a27db
0x010a27e0
0x010a27e1
0x010a27e6
0x010a27e7
0x010a27ee
0x010a27f0
0x010a27f2
0x00000000
0x010a27f4
0x010a27f4
0x00000000
0x010a27f4
0x010a27f2
0x010a27f7
0x010a27f9
0x00000000
0x00000000
0x010a27ff
0x00000000
0x0105b333
0x0105b333
0x0105b336
0x0105b336
0x0105b33c
0x0105b341
0x0105b344
0x0105b44e
0x0105b44e
0x0105b34a
0x0105b34d
0x0105b353
0x0105b358
0x0105b359
0x0105b35e
0x0105b35f
0x0105b366
0x0105b368
0x0105b36a
0x010a28f2
0x010a28fe
0x010a2903
0x010a2903
0x00000000
0x0105b370
0x0105b38c
0x0105b391
0x0105b393
0x010a280a
0x010a280a
0x0105b399
0x0105b39b
0x00000000
0x0105b3a1
0x0105b3a1
0x0105b3a6
0x0105b3b0
0x0105b3b2
0x010a281d
0x0105b3b8
0x0105b3b8
0x0105b3b8
0x0105b3ba
0x0105b3bd
0x010a2824
0x010a282a
0x010a2831
0x010a2841
0x010a284b
0x010a284d
0x010a2858
0x010a2858
0x010a2858
0x010a2870
0x010a2870
0x010a2831
0x0105b3c3
0x0105b3c8
0x0105b3d2
0x0105b3d4
0x010a2883
0x0105b3da
0x0105b3da
0x0105b3da
0x0105b3dc
0x0105b3df
0x010a288f
0x010a2891
0x010a289c
0x010a289c
0x010a289c
0x010a28b4
0x010a28b4
0x0105b3e5
0x0105b3ea
0x0105b3ec
0x010a28c7
0x0105b3f2
0x0105b3f2
0x0105b3f2
0x0105b3f7
0x0105b3fa
0x010a28d9
0x010a28d9
0x0105b400
0x0105b407
0x0105b40a
0x0105b40f
0x0105b413
0x0105b41f
0x0105b424
0x0105b426
0x010a28e3
0x010a28e8
0x010a28e8
0x0105b426
0x0105b42f
0x00000000
0x0105b42f
0x0105b39b
0x0105b36a
0x0105b264
0x0105b264
0x0105b279
0x0105b27f
0x0105b287
0x0105b28c
0x0105b290
0x0105b29c
0x0105b2a3
0x010a27a0
0x010a27a5
0x010a27a5
0x0105b2a3
0x0105b2a9
0x0105b2b1
0x0105b2b1

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
Instruction ID: fda156e4fb1d24e6e7e38a375a6554380757b44fb1fc8fbdb2ffb59f594d6444
Opcode Fuzzy Hash: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
Instruction Fuzzy Hash: ABB1B431B006069FDB65DBA9C890BBFBBF6AF44600F5441A9EAC2D7381DB70E941CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0104849B Relevance: .3, Instructions: 290
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E0104849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x110f9c0);
				E0108D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x1127b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E0104CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E01052280( *[fs:0x30], 0x1128550);
						_t139 =  *0x1127b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E0106F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E0104FFB0(_t193, _t235, 0x1128550);
								L5:
								return E0108D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E01031C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x1127b9c; // 0x0
							_t235 = E01054620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x1127b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E0106A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E0104FFB0(_t193, _t235, 0x1128550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L010577F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L010577F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x1127b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x1127b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E010737C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x1127b9c; // 0x0
									_t214 = E01054620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E010737F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x1127b10 =  *0x1127b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x1127b04 =  *0x1127b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L010577F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L010577F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x1127b08 =  *0x1127b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E010757C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E0107F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L010577F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E0106A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L010577F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E010796C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

0x0104849b
0x0104849b
0x0104849b
0x0104849b
0x0104849d
0x010484a2
0x010484a7
0x010484b1
0x010484d8
0x00000000
0x010484b3
0x010484c4
0x010484c9
0x010484cd
0x010484cf
0x010484cf
0x010484d6
0x010484e6
0x010484e9
0x010484ec
0x010484ef
0x010484f2
0x010484f4
0x010484fc
0x01048501
0x01048506
0x01048509
0x010486e0
0x010486e5
0x010486e8
0x010486ed
0x010486f0
0x010486f2
0x01099afd
0x01099b02
0x010484da
0x010484df
0x010484df
0x010486fa
0x010486fd
0x010486fe
0x01048701
0x01048706
0x01048709
0x0104870b
0x00000000
0x00000000
0x01048711
0x01048725
0x01048727
0x0104872a
0x0104872c
0x01099af0
0x01099af5
0x01048732
0x01048732
0x01048732
0x01048735
0x01048737
0x01048515
0x01048515
0x01048518
0x0104851d
0x01048523
0x01048527
0x0104852b
0x01048537
0x01048539
0x0104853c
0x0104853e
0x0104868c
0x01048691
0x01048699
0x0104869b
0x01048744
0x01048748
0x010486a1
0x010486a1
0x010486a1
0x010486a4
0x010486a8
0x01099bdf
0x01099bdf
0x010486ae
0x010486b0
0x00000000
0x010486b6
0x00000000
0x01099be9
0x010486b0
0x01048544
0x0104854a
0x0104854d
0x01048551
0x0104876e
0x01048778
0x0104877b
0x01048780
0x01048557
0x01048557
0x0104855d
0x0104855d
0x0104856b
0x0104856e
0x01048570
0x01048573
0x01048576
0x01048576
0x01048579
0x0104857b
0x00000000
0x00000000
0x01048581
0x010485a0
0x010485a2
0x010485a5
0x010485a7
0x01099b1b
0x01099b1b
0x0104862e
0x0104862e
0x01048631
0x01048631
0x01048634
0x01048636
0x01048669
0x01048669
0x0104866b
0x01099bbf
0x01099bc4
0x01099bc8
0x01099bce
0x01099bce
0x01048671
0x01048671
0x01048674
0x01048676
0x01099bae
0x01099bae
0x01048676
0x0104867c
0x0104867e
0x01048688
0x01048688
0x00000000
0x0104867e
0x01048638
0x01048638
0x0104863b
0x0104863e
0x0104863f
0x01048642
0x01048645
0x01048648
0x0104864d
0x01099b69
0x01099b6e
0x01099b7b
0x01099b81
0x01099b85
0x01099b89
0x01099ba7
0x01099b8b
0x01099b91
0x01099b9a
0x01099b9f
0x01099b9f
0x01048788
0x0104878d
0x01048763
0x01048763
0x01048766
0x00000000
0x01048766
0x01099b70
0x00000000
0x01099b70
0x01048656
0x0104865a
0x0104865c
0x01048752
0x01048756
0x00000000
0x00000000
0x0104875e
0x00000000
0x0104875e
0x01048662
0x01048662
0x01048662
0x01048666
0x00000000
0x01048666
0x010485b7
0x010485b9
0x010485bc
0x010485bf
0x010485cc
0x010485d1
0x010485d4
0x010485db
0x010485de
0x010485e0
0x01099b5f
0x00000000
0x01099b5f
0x010485e6
0x010485ea
0x010486c3
0x010486c5
0x010486c8
0x010486ca
0x01099b16
0x00000000
0x01099b16
0x010486d6
0x010485f6
0x010485f6
0x010485f9
0x01048602
0x01048606
0x0104860a
0x0104860b
0x0104860e
0x01048611
0x00000000
0x01048611
0x010485f3
0x00000000
0x010485f3
0x01048619
0x0104861e
0x0104861e
0x01048621
0x01048622
0x01048623
0x01048625
0x0104862c
0x00000000
0x0104873d
0x00000000
0x0104873d
0x01048737
0x0104850f
0x01048512
0x00000000
0x01048512
0x00000000
0x010484d6

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 303d377275ed42f9dad52eeb5d10b81e6c68f6e42b9bff7a29b72ce64039bce6
Instruction ID: fdd31765b54800b66ae5f2ac3b48ff022cb7d4a64a7b405d430e110cd714f942
Opcode Fuzzy Hash: 303d377275ed42f9dad52eeb5d10b81e6c68f6e42b9bff7a29b72ce64039bce6
Instruction Fuzzy Hash: 38B17BB0E0020ADFDB69DFD8C994AAEBBF5FF48304F10852AE545AB245D774A841CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0106513A Relevance: .3, Instructions: 258
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E0106513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x112d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E0107D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E01052280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = E01054620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E0107F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E0104FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x112b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E0107B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}

0x01065142
0x0106514c
0x01065150
0x01065157
0x01065159
0x0106515e
0x01065165
0x01065169
0x0106516c
0x01065172
0x01065176
0x0106517a
0x0106517a
0x0106517a
0x0106517f
0x010a6d8b
0x010a6d8e
0x010a6d91
0x010a6d95
0x010a6d98
0x010a6d9c
0x010a6da0
0x010a6da3
0x010a6da7
0x010a6e26
0x010a6e26
0x010a6e2a
0x010651f9
0x010651f9
0x010651fe
0x010a6e33
0x010a6e33
0x010a6e39
0x010a6e3d
0x010a6e46
0x010a6e50
0x00000000
0x00000000
0x010a6e52
0x010a6e53
0x010a6e56
0x010a6e5d
0x00000000
0x00000000
0x00000000
0x010a6e5f
0x010a6e67
0x010a6e77
0x010a6e7f
0x010a6e80
0x010a6e88
0x010a6e90
0x010a6e9f
0x010a6ea5
0x010a6ea9
0x010a6eb1
0x010a6ebf
0x00000000
0x00000000
0x010a6ecf
0x010a6ed3
0x00000000
0x00000000
0x010a6edb
0x010a6ede
0x010a6ee1
0x010a6ee8
0x010a6eeb
0x010a6eed
0x010a6ef0
0x010a6ef4
0x010a6ef8
0x010a6efc
0x00000000
0x00000000
0x010a6f0d
0x010a6f11
0x010a6f32
0x010a6f37
0x010a6f3b
0x010a6f3e
0x010a6f41
0x010a6f46
0x00000000
0x00000000
0x010a6f4c
0x010a6f50
0x010a6f50
0x010a6f54
0x010a6f62
0x010a6f65
0x010a6f6d
0x010a6f7b
0x010a6f7b
0x010a6f93
0x010a6f98
0x010a6fa0
0x010a6fa6
0x010a6fb3
0x010a6fb6
0x010a6fbf
0x010a6fc1
0x010a6fd5
0x010a6fda
0x010a6fda
0x010a6fdd
0x010a6fe2
0x010a6fe7
0x010a6feb
0x010a6fef
0x010a6ff3
0x0106520c
0x0106520c
0x0106520f
0x01065215
0x01065234
0x0106523a
0x0106523a
0x01065244
0x01065245
0x01065246
0x01065251
0x01065251
0x010a6f13
0x010a6f17
0x010a6f17
0x010a6f18
0x010a6f1b
0x010a6f1f
0x010a6f23
0x00000000
0x010a6f28
0x01065204
0x01065204
0x01065208
0x00000000
0x01065208
0x01065185
0x01065188
0x0106518a
0x0106518e
0x01065195
0x010a6db1
0x010a6db5
0x010a6db9
0x0106519b
0x0106519b
0x0106519e
0x010651a7
0x010651a9
0x010651a9
0x010651b5
0x010651b8
0x010651bb
0x010651be
0x010651c1
0x010651c5
0x010651c9
0x010651cd
0x010651cd
0x010651d8
0x010651dc
0x010651e0
0x010a6dcc
0x010a6dd0
0x010a6dd5
0x010a6ddd
0x010a6de1
0x010a6de1
0x010a6de5
0x010a6deb
0x010a6df1
0x010a6df7
0x010a6dfd
0x010a6e01
0x010a6e05
0x010a6e09
0x010a6e0d
0x010a6e11
0x010a6e11
0x010651eb
0x010a6e1a
0x010a6e1f
0x010a6e21
0x010a6e23
0x00000000
0x010651f1
0x010651f1
0x00000000
0x010651f1

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab7325016f6e0d3c464dd910ff2a34e249987dd83840ba79ee8a694348ce91ce
Instruction ID: 716ecf83feb1d89d47457048269c35a26433731fad00b3759d76b8c61439e00b
Opcode Fuzzy Hash: ab7325016f6e0d3c464dd910ff2a34e249987dd83840ba79ee8a694348ce91ce
Instruction Fuzzy Hash: CCC100755083818FD354CF68C480A5ABBF1BF89304F584AAEF9D98B352D771E985CB82

Uniqueness

Uniqueness Score: -1.00%

Function 010603E2 Relevance: .3, Instructions: 254
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E010603E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x112d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E01060548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E0107B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E0104B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x1127c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E01057D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E01057D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E010B7016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E01079830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E010B69A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x1127c04 != 0) {
						_t118 = _v12;
						_t120 = E010BA7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x1127bd8;
						if( *0x1127bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E010795D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E010799A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E010B3540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E0103B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E0107AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x1128474 - 3;
										if( *0x1128474 != 3) {
											 *0x11279dc =  *0x11279dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E01057D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E01057D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E010B7016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x1128708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x1127b00; // 0x0
							asm("ror esi, cl");
							 *0x112b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E010795D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E01047F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}

0x010603f1
0x010603f7
0x010603f9
0x010603fb
0x010603fd
0x01060400
0x0106040a
0x010a4c7a
0x01060537
0x01060547
0x01060410
0x01060410
0x01060414
0x01060417
0x0106041a
0x01060421
0x01060424
0x0106042b
0x0106043b
0x0106043e
0x0106043f
0x0106043f
0x01060446
0x01060449
0x0106044c
0x0106044f
0x01060459
0x010a4c8d
0x0106045f
0x0106045f
0x0106045f
0x01060467
0x010a4c97
0x010a4c9d
0x010a4ca4
0x010a4caa
0x010a4caf
0x010a4cb1
0x010a4cc3
0x010a4cb3
0x010a4cbc
0x010a4cbc
0x010a4cc8
0x010a4ccb
0x010a4cd7
0x010a4cda
0x010a4cdf
0x010a4cdf
0x010a4ccb
0x010a4ca4
0x0106046d
0x0106046f
0x0106046f
0x01060471
0x01060476
0x0106047a
0x0106047b
0x01060483
0x01060489
0x0106048d
0x00000000
0x00000000
0x010a4ce9
0x010a4cef
0x010a4d22
0x010a4d22
0x00000000
0x010a4d22
0x010a4cf1
0x010a4cf7
0x00000000
0x00000000
0x010a4cf9
0x010a4cff
0x00000000
0x00000000
0x010a4d05
0x010a4d07
0x00000000
0x00000000
0x010a4d0d
0x010a4d0f
0x010a4d14
0x010a4d16
0x00000000
0x00000000
0x010a4d1c
0x010a4d1c
0x01060499
0x01060535
0x01060535
0x00000000
0x01060535
0x010604a6
0x010a4d2c
0x010a4d37
0x010a4d39
0x010a4d3b
0x00000000
0x00000000
0x010a4d41
0x010a4d48
0x01060527
0x0106052b
0x0106052d
0x01060530
0x01060530
0x00000000
0x0106052b
0x010a4d4e
0x010604ac
0x010604ac
0x010604af
0x010604b2
0x010604b7
0x010604b9
0x010604bb
0x010604bd
0x010604bf
0x010604c5
0x010604c9
0x010a4d53
0x010a4d59
0x010a4db9
0x010a4dba
0x010a4dbf
0x010a4dc2
0x010a4dc4
0x010a4dc7
0x010a4dce
0x00000000
0x010a4dce
0x010a4d5b
0x010a4d61
0x00000000
0x00000000
0x010a4d63
0x010a4d69
0x00000000
0x00000000
0x010a4d6b
0x010a4d6e
0x010a4d74
0x010a4d76
0x010a4d7c
0x010a4d7e
0x010a4d84
0x010a4d89
0x010a4d8c
0x010a4d8d
0x010a4d92
0x010a4d95
0x010a4d96
0x010a4d98
0x010a4d9a
0x010a4d9f
0x010a4da4
0x010a4da6
0x010a4da8
0x010a4daf
0x010a4db1
0x010a4db1
0x010a4daf
0x010a4da6
0x010a4d84
0x010a4d7c
0x00000000
0x010a4d74
0x010604d6
0x010a4de1
0x010604dc
0x010604dc
0x010604dc
0x010604e4
0x010a4deb
0x010a4df1
0x010a4df8
0x010a4dfe
0x010a4e03
0x010a4e05
0x010a4e17
0x010a4e07
0x010a4e10
0x010a4e10
0x010a4e1c
0x010a4e1f
0x010a4e35
0x010a4e35
0x010a4e1f
0x010a4df8
0x010604f1
0x010604fa
0x010a4e3f
0x010a4e47
0x010a4e5b
0x010a4e61
0x010a4e67
0x010a4e69
0x010a4e71
0x010a4e73
0x01060500
0x01060500
0x01060500
0x010604fa
0x01060508
0x0106051d
0x0106051d
0x0106051f
0x01060524
0x00000000
0x01060524
0x01060515
0x01060517
0x010a4e7a
0x010a4e7c
0x00000000
0x00000000
0x010a4e85
0x00000000
0x010a4e85
0x00000000
0x01060517

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 987f09e9d4cc1bd96193dca3832909ce96028ce54c00895e9d666899c423283c
Instruction ID: bd1638eae9cd8d534d716229b4676fa07c658a481f9e840272f0babc852694d1
Opcode Fuzzy Hash: 987f09e9d4cc1bd96193dca3832909ce96028ce54c00895e9d666899c423283c
Instruction Fuzzy Hash: CB913C75E40215AFEB319BACC844BAE7BE8AB01714F1902A1FAD1E72D5DBB49D40C7C1

Uniqueness

Uniqueness Score: -1.00%

Function 01035AC0 Relevance: .2, Instructions: 222
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E01035AC0(signed char _a4, char _a8, signed int _a12, intOrPtr _a16, char _a20) {
				signed int _v8;
				char _v1036;
				char _v1037;
				char _v1038;
				signed int _v1044;
				char _v1048;
				char _v1052;
				signed int _v1056;
				char _v1060;
				intOrPtr _v1064;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t76;
				char _t80;
				signed int _t81;
				void* _t92;
				char _t108;
				signed int _t111;
				char _t121;
				signed char _t122;
				signed int _t136;
				signed int _t137;
				char _t144;
				char _t145;
				signed int _t147;

				_v8 =  *0x112d360 ^ _t147;
				_t76 = _a16;
				_t140 = _a12;
				_t145 = _a8;
				_v1064 = _t76;
				_t144 = _a20;
				_v1060 = _t144;
				if(_t145 == 0 || _t144 == 0 ||  *_t144 < 0 || _t140 < 0xffffffff ||  *_t144 > 0 && _t76 == 0) {
					L46:
					_t77 = 0xc000000d;
					goto L18;
				} else {
					_t122 = _a4;
					if((_t122 & 0xfffffff0) != 0) {
						goto L46;
					}
					if(_t140 == 0xffffffff) {
						_t140 = 0x203;
						_t80 = E0104347D(_t145, 0x203,  &_v1056);
						__eflags = _t80;
						if(_t80 < 0) {
							L23:
							_t77 = 0xc0000716;
							L18:
							return E0107B640(_t77, _t122, _v8 ^ _t147, _t140, _t144, _t145);
						}
						_t140 = _v1056 + 1;
					}
					_t81 =  *(_t145 + _t140 * 2 - 2) & 0x0000ffff;
					_v1044 = _t81;
					if(_t81 == 0) {
						_t140 = _t140 - 1;
					}
					_v1048 = 0x1ff;
					_v1056 = _t122 & 0x00000004;
					if(E01035C07(_t145, _t140,  &_v1036,  &_v1048, (_t122 >> 0x00000001 & 0 | (_t122 & 0x00000004) != 0x00000000) & 0x000000ff, _t122 >> 0x00000001 & 1,  &_v1038,  &_v1052) < 0) {
						goto L18;
					} else {
						_t145 = _v1048;
						if(_v1044 == 0) {
							__eflags = _t145 - 0x1ff;
							if(_t145 >= 0x1ff) {
								goto L23;
							}
							_t92 = _t145 + _t145;
							_t145 = _t145 + 1;
							_v1048 = _t145;
							__eflags = _t92 - 0x3fe;
							if(_t92 >= 0x3fe) {
								E0107B75A();
								L29:
								__eflags = _v1056;
								if(_v1056 == 0) {
									L32:
									_t140 = _v1052 -  &_v1036 >> 1;
									__eflags = _v1044;
									_t134 = 0 | __eflags == 0x00000000;
									if(__eflags >= 0) {
										L13:
										_t135 = _v1064;
										if(_v1064 == 0 ||  *_t144 == 0) {
											L17:
											 *_t144 = _t145;
											_t77 = 0;
											goto L18;
										} else {
											if(_t145 >  *_t144) {
												_t77 = 0xc0000023;
												goto L18;
											}
											E0107F3E0(_t135,  &_v1036, _t145 + _t145);
											goto L17;
										}
									}
									__eflags = _v1044;
									_t145 = _t145 - (0 | _v1044 == 0x00000000) + 1 - _t140;
									_v1044 = _v1052 + 2;
									_t144 = E01054620(_t134,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t145);
									__eflags = _t144;
									if(_t144 != 0) {
										_t140 = _v1044;
										_t136 = 0;
										__eflags = _t145;
										if(_t145 <= 0) {
											L39:
											_t108 = E010EB0D0(_t136, _t122, _t140, _t145,  &_v1037);
											__eflags = _t108;
											if(_t108 < 0) {
												L22:
												L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t144);
												goto L23;
											}
											__eflags = _v1037;
											if(_v1037 == 0) {
												goto L22;
											}
											_t111 = 0;
											__eflags = _t145;
											if(_t145 <= 0) {
												L45:
												L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t144);
												_t145 = _v1048;
												_t144 = _v1060;
												goto L13;
											} else {
												goto L42;
											}
											do {
												L42:
												__eflags =  *((char*)(_t111 + _t144)) - 1;
												if( *((char*)(_t111 + _t144)) == 1) {
													_t137 = _v1044;
													_t140 = 0xffe0;
													_t67 = _t137 + _t111 * 2;
													 *_t67 =  *((intOrPtr*)(_t137 + _t111 * 2)) + 0xffe0;
													__eflags =  *_t67;
												}
												_t111 = _t111 + 1;
												__eflags = _t111 - _t145;
											} while (_t111 < _t145);
											goto L45;
										} else {
											goto L36;
										}
										do {
											L36:
											__eflags = ( *(_t140 + _t136 * 2) & 0x0000ffff) + 0xffffffbf - 0x19;
											if(( *(_t140 + _t136 * 2) & 0x0000ffff) + 0xffffffbf <= 0x19) {
												_t58 = _t140 + _t136 * 2;
												 *_t58 =  *(_t140 + _t136 * 2) + 0x20;
												__eflags =  *_t58;
												 *((char*)(_t136 + _t144)) = 1;
											}
											_t136 = _t136 + 1;
											__eflags = _t136 - _t145;
										} while (_t136 < _t145);
										goto L39;
									}
									_t77 = 0xc0000017;
									goto L18;
								}
								_t121 = E010EB0D0( &_v1036, 1,  &_v1036, _v1052 -  &_v1036 >> 1,  &_v1037);
								__eflags = _t121;
								if(_t121 < 0) {
									goto L23;
								}
								__eflags = _v1037;
								if(_v1037 == 0) {
									goto L23;
								}
								goto L32;
							}
							 *((short*)(_t147 + _t92 - 0x408)) = 0;
						}
						if((_t122 & 0x00000008) != 0 || _v1038 != 0) {
							goto L13;
						} else {
							goto L29;
						}
					}
				}
			}

0x01035ad2
0x01035ad5
0x01035ad8
0x01035add
0x01035ae0
0x01035ae7
0x01035aea
0x01035af2
0x010912e6
0x010912e6
0x00000000
0x01035b1f
0x01035b1f
0x01035b28
0x00000000
0x00000000
0x01035b31
0x01091142
0x0109114a
0x0109114f
0x01091151
0x01091170
0x01091170
0x01035bed
0x01035bfd
0x01035bfd
0x01091159
0x01091159
0x01035b37
0x01035b3e
0x01035b47
0x0109117a
0x0109117a
0x01035b53
0x01035b70
0x01035b9a
0x00000000
0x01035b9c
0x01035ba4
0x01035baa
0x01091180
0x01091186
0x00000000
0x00000000
0x01091188
0x0109118b
0x0109118c
0x01091192
0x01091197
0x010911a8
0x010911ad
0x010911ad
0x010911b4
0x010911e5
0x010911f5
0x010911f9
0x01091200
0x01091207
0x01035bc2
0x01035bc2
0x01035bca
0x01035be9
0x01035be9
0x01035beb
0x00000000
0x01035bd1
0x01035bd3
0x01035c00
0x00000000
0x01035c00
0x01035be1
0x00000000
0x01035be6
0x01035bca
0x0109120f
0x01091225
0x01091227
0x0109123e
0x01091240
0x01091242
0x0109124e
0x01091254
0x01091256
0x01091258
0x01091275
0x0109128a
0x0109128f
0x01091291
0x0109115f
0x0109116b
0x00000000
0x0109116b
0x01091297
0x0109129e
0x00000000
0x00000000
0x010912a4
0x010912a6
0x010912a8
0x010912c4
0x010912d0
0x010912d5
0x010912db
0x00000000
0x00000000
0x00000000
0x00000000
0x010912aa
0x010912aa
0x010912aa
0x010912ae
0x010912b0
0x010912b6
0x010912bb
0x010912bb
0x010912bb
0x010912bb
0x010912bf
0x010912c0
0x010912c0
0x00000000
0x00000000
0x00000000
0x00000000
0x0109125a
0x0109125a
0x01091261
0x01091265
0x01091267
0x01091267
0x01091267
0x0109126c
0x0109126c
0x01091270
0x01091271
0x01091271
0x00000000
0x0109125a
0x01091244
0x00000000
0x01091244
0x010911d3
0x010911d8
0x010911da
0x00000000
0x00000000
0x010911dc
0x010911e3
0x00000000
0x00000000
0x00000000
0x010911e3
0x0109119b
0x0109119b
0x01035bb3
0x00000000
0x00000000
0x00000000
0x00000000
0x01035bb3
0x01035b9a

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4178b21d071a80054e2749b5b127f61e4fd8f7a7be50d8adf70983f0a0f38d5
Instruction ID: fd4177ca75176b1897cd1cfb55420bbdb8bcd6784bf4d2674117806bbf02f639
Opcode Fuzzy Hash: b4178b21d071a80054e2749b5b127f61e4fd8f7a7be50d8adf70983f0a0f38d5
Instruction Fuzzy Hash: 6781D5B1B0021A9BDF249A28CD50BEA77B8EF44314F0441F9EA95E3291E774DEC18B94

Uniqueness

Uniqueness Score: -1.00%

Function 0106138B Relevance: .2, Instructions: 206
COMMONCrypto

Download Yara Rule

C-Code - Quality: 85%

			E0106138B(signed int __ecx, signed int* __edx, intOrPtr _a4, signed int _a12, signed int _a16, char _a20, intOrPtr _a24) {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				signed int _t97;
				signed int _t102;
				void* _t105;
				char* _t112;
				signed int _t113;
				signed int _t117;
				signed int _t119;
				signed int* _t122;
				signed int _t124;
				signed int _t130;
				signed int _t136;
				char _t150;
				intOrPtr _t153;
				signed int _t161;
				signed int _t163;
				signed int _t170;
				signed int _t175;
				signed int _t176;
				signed int _t182;
				signed int* _t183;
				signed int* _t184;

				_t182 = __ecx;
				_t153 = _a24;
				_t183 = __edx;
				_v24 =  *((intOrPtr*)( *[fs:0x30] + 0x68));
				_t97 = _t153 - _a16;
				if(_t97 > 0xfffff000) {
					L19:
					return 0;
				}
				asm("cdq");
				_t150 = _a20;
				_v16 = _t97 / 0x1000;
				_t102 = _a4 + 0x00000007 & 0xfffffff8;
				_t170 = _t102 + __edx;
				_v20 = _t102 >> 0x00000003 & 0x0000ffff;
				_t105 = _t170 + 0x28;
				_v12 = _t170;
				if(_t105 >= _t150) {
					if(_t105 >= _t153) {
						goto L19;
					}
					_v8 = _t170 - _t150 + 8;
					_push(E01060678(__ecx, 1));
					_push(0x1000);
					_push( &_v8);
					_push(0);
					_push( &_a20);
					_push(0xffffffff);
					if(E01079660() < 0) {
						 *((intOrPtr*)(_t182 + 0x214)) =  *((intOrPtr*)(_t182 + 0x214)) + 1;
						goto L19;
					}
					if(E01057D50() == 0) {
						_t112 = 0x7ffe0380;
					} else {
						_t112 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t112 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E010F138A(_t150, _t182, _a20, _v8, 3);
					}
					_t150 = _a20 + _v8;
					_t153 = _a24;
					_a20 = _t150;
				}
				_t183[0] = 1;
				_t113 = _t153 - _t150;
				_t183[1] = 1;
				asm("cdq");
				_t175 = _t113 % 0x1000;
				_v28 = _t113 / 0x1000;
				 *_t183 = _v20;
				_t183[1] =  *(_t182 + 0x54);
				if((_v24 & 0x00001000) != 0) {
					_t117 = E010616C7(1, _t175);
					_t150 = _a20;
					_t183[0xd] = _t117;
				}
				_t183[0xb] = _t183[0xb] & 0x00000000;
				_t176 = _v12;
				_t183[3] = _a12;
				_t119 = _a16;
				_t183[7] = _t119;
				_t161 = _v16 << 0xc;
				_t183[6] = _t182;
				_t183[0xa] = _t119 + _t161;
				_t183[8] = _v16;
				_t122 =  &(_t183[0xe]);
				_t183[2] = 0xffeeffee;
				_t183[9] = _t176;
				 *((intOrPtr*)(_t182 + 0x1e8)) =  *((intOrPtr*)(_t182 + 0x1e8)) + _t161;
				 *((intOrPtr*)(_t182 + 0x1e4)) =  *((intOrPtr*)(_t182 + 0x1e4)) + _t161;
				_t122[1] = _t122;
				 *_t122 = _t122;
				if(_t183[6] != _t183) {
					_t124 = 1;
				} else {
					_t124 = 0;
				}
				_t183[1] = _t124;
				 *(_t176 + 4) =  *_t183 ^  *(_t182 + 0x54);
				if(_t183[6] != _t183) {
					_t130 = (_t176 - _t183 >> 0x10) + 1;
					_v24 = _t130;
					if(_t130 >= 0xfe) {
						_push(_t161);
						_push(0);
						E010FA80D(_t183[6], 3, _t176, _t183);
						_t150 = _a20;
						_t176 = _v12;
						_t130 = _v24;
					}
				} else {
					_t130 = 0;
				}
				 *(_t176 + 6) = _t130;
				E0105B73D(_t182, _t183, _t150 - 0x18, _v28 << 0xc, _t176,  &_v8);
				if( *((intOrPtr*)(_t182 + 0x4c)) != 0) {
					_t183[0] = _t183[0] ^  *_t183 ^ _t183[0];
					 *_t183 =  *_t183 ^  *(_t182 + 0x50);
				}
				if(_v8 != 0) {
					E0105A830(_t182, _v12, _v8);
				}
				_t136 = _t182 + 0xa4;
				_t184 =  &(_t183[4]);
				_t163 =  *(_t136 + 4);
				if( *_t163 != _t136) {
					_push(_t163);
					_push( *_t163);
					E010FA80D(0, 0xd, _t136, 0);
				} else {
					 *_t184 = _t136;
					_t184[1] = _t163;
					 *_t163 = _t184;
					 *(_t136 + 4) = _t184;
				}
				 *((intOrPtr*)(_t182 + 0x1f4)) =  *((intOrPtr*)(_t182 + 0x1f4)) + 1;
				return 1;
			}

0x0106139f
0x010613a1
0x010613a4
0x010613a6
0x010613ab
0x010613b3
0x010a5522
0x00000000
0x010a5522
0x010613b9
0x010613c1
0x010613c4
0x010613cd
0x010613d0
0x010613d9
0x010613dc
0x010613df
0x010613e4
0x010a552b
0x00000000
0x00000000
0x010a5534
0x010a553f
0x010a5545
0x010a5549
0x010a554a
0x010a554f
0x010a5550
0x010a5559
0x010a551c
0x00000000
0x010a551c
0x010a5562
0x010a5574
0x010a5564
0x010a556d
0x010a556d
0x010a557c
0x010a5597
0x010a5597
0x010a559f
0x010a55a2
0x010a55a5
0x010a55a5
0x010613ec
0x010613f2
0x010613f4
0x010613f8
0x010613fe
0x01061400
0x01061406
0x01061412
0x01061419
0x010a55b0
0x010a55b5
0x010a55b8
0x010a55b8
0x01061425
0x01061429
0x0106142c
0x0106142f
0x01061432
0x01061435
0x0106143a
0x0106143d
0x01061443
0x01061446
0x01061449
0x01061450
0x01061453
0x01061459
0x0106145f
0x01061462
0x01061467
0x010614fa
0x0106146d
0x0106146d
0x0106146d
0x0106146f
0x01061479
0x01061480
0x01061507
0x01061508
0x01061510
0x010a55c1
0x010a55c2
0x010a55cc
0x010a55d1
0x010a55d4
0x010a55d7
0x010a55d7
0x01061482
0x01061482
0x01061482
0x01061484
0x0106149b
0x010614a4
0x010614ae
0x010614b4
0x010614b4
0x010614ba
0x010614c4
0x010614c4
0x010614c9
0x010614cf
0x010614d2
0x010614d7
0x010a55df
0x010a55e0
0x010a55ea
0x010614dd
0x010614dd
0x010614df
0x010614e2
0x010614e4
0x010614e4
0x010614e7
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
Instruction ID: 9e6df25432f085f1a06fa555332a2354e571089683c3b50275f5ca954df4ebc0
Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
Instruction Fuzzy Hash: C9817975A00745EFCB25CF68C841AEABBF9FF48310F14856AE996C7651D730EA41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 010CB8D0 Relevance: .2, Instructions: 199
COMMON

Download Yara Rule

C-Code - Quality: 39%

			E010CB8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x1127b9c; // 0x0
				_t124 = E01054620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E01079800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E010795B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E010795D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L010577F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E01079910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E010795D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x1127b9c; // 0x0
									_t92 = E01054620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E01079910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E0103A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E010CE7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E010CE7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E010795B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}

0x010cb8d9
0x010cb8e4
0x00000000
0x010cb8e6
0x010cb8f3
0x010cb8f5
0x010cb8f5
0x010cb8f8
0x010cb920
0x010cb924
0x010cb936
0x010cb939
0x010cb93d
0x010cb948
0x010cb9a0
0x010cb9a0
0x010cb9a4
0x010cb9bf
0x010cb9c4
0x010cb9c6
0x010cb9cd
0x010cb9d1
0x010cbad4
0x010cbad8
0x010cbada
0x010cbadc
0x010cbadc
0x010cbadf
0x010cbae0
0x010cbae2
0x010cbae4
0x010cbaec
0x010cbaee
0x010cbaf0
0x010cbaf0
0x010cbaec
0x010cbafb
0x010cbafc
0x010cbafe
0x010cbb01
0x010cbb01
0x00000000
0x010cbb06
0x010cb9d7
0x010cb9db
0x010cb9db
0x010cb9de
0x010cb9de
0x010cb9e4
0x010cb9e7
0x010cb9ea
0x010cb9ec
0x010cb9ef
0x010cb9f3
0x010cba1b
0x010cba1b
0x010cba23
0x010cba24
0x010cba27
0x010cba2a
0x010cba2b
0x010cba2e
0x010cba30
0x010cba37
0x010cba3f
0x010cba9c
0x010cbaa2
0x010cbb13
0x010cbb15
0x010cbaae
0x010cbaae
0x010cbab3
0x010cbab5
0x010cbaba
0x010cbac8
0x010cbac8
0x010cbaba
0x010cbacd
0x010cbacf
0x00000000
0x010cbacf
0x010cbb1a
0x00000000
0x010cbb1c
0x010cbaa7
0x010cbb11
0x00000000
0x010cbb11
0x010cbaa9
0x00000000
0x00000000
0x00000000
0x00000000
0x010cba41
0x010cba41
0x010cba41
0x010cba58
0x010cba5d
0x010cba62
0x00000000
0x00000000
0x010cba64
0x010cba67
0x010cba68
0x010cba69
0x010cba6c
0x010cba6f
0x010cba71
0x010cba78
0x010cba80
0x00000000
0x00000000
0x010cba90
0x010cba90
0x010cba97
0x00000000
0x010cba97
0x010cb9f5
0x010cb9f7
0x010cb9f7
0x010cb9fa
0x010cba03
0x010cba07
0x010cba0c
0x010cba10
0x010cba17
0x00000000
0x010cb9f7
0x010cb9a6
0x010cb9a8
0x010cb9af
0x010cb9b3
0x00000000
0x00000000
0x010cb9b9
0x00000000
0x010cb9b9
0x010cb94d
0x010cb98f
0x010cb995
0x010cb999
0x010cb960
0x010cb967
0x010cb968
0x010cb96a
0x00000000
0x010cb96a
0x010cb99b
0x010cb99e
0x00000000
0x00000000
0x00000000
0x010cb99e
0x010cb951
0x010cb954
0x010cb95a
0x010cb95e
0x010cb972
0x010cb979
0x010cb97d
0x010cb97f
0x010cb980
0x010cb982
0x010cb984
0x00000000
0x010cb984
0x00000000
0x010cb926
0x00000000
0x010cb926

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 210bbb073070091a100d8d28a4a9addc5c2c3861c83729f8e872ba459912e429
Instruction ID: 97ea9ee9d0fb1797e7c6bfc1a22325d02f27d9fc1516146078d5a08d2b518bc2
Opcode Fuzzy Hash: 210bbb073070091a100d8d28a4a9addc5c2c3861c83729f8e872ba459912e429
Instruction Fuzzy Hash: CD71F032240702EFE7329F18C842FAABBE5EB44BA1F14452CE6D5876A0DB71E940CF50

Uniqueness

Uniqueness Score: -1.00%

Function 010B6DC9 Relevance: .2, Instructions: 199
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E010B6DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = E01054620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E010B6B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E01057D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E01079AE0();
					_t87 = L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E010B795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E010B795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E010B795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E010B795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = E01054620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E010B6B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E010B6B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E010B6B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E010B6B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E01057D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E01079AE0();
								L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L01052400( &_v36);
							if(_v24 >= 0) {
								_t87 = L01052400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L01052400( &_v52);
							}
							if(_v28 >= 0) {
								return L01052400( &_v60);
							}
						}
					}
				}
				return _t87;
			}

0x010b6dd4
0x010b6dde
0x010b6de1
0x010b6de3
0x010b6de6
0x010b6de9
0x010b6dec
0x010b6def
0x010b6df2
0x010b6df5
0x010b6dfe
0x010b6e04
0x010b6e09
0x010b6e0d
0x010b6e18
0x010b6e1b
0x010b6e22
0x010b6e2d
0x010b6e30
0x010b6e36
0x010b6e42
0x010b6e4d
0x010b6e50
0x010b6e55
0x010b6e5c
0x010b6e6e
0x010b6e5e
0x010b6e67
0x010b6e67
0x010b6e73
0x010b6e74
0x010b6e77
0x010b6e7c
0x010b6e7d
0x010b6e8e
0x010b6e93
0x010b6e9c
0x010b6ea8
0x010b6eab
0x010b6eac
0x010b6eb3
0x010b6ecd
0x010b6edc
0x010b6ee2
0x010b6ee5
0x010b6ef2
0x010b6efb
0x010b6f01
0x010b6f06
0x010b6f0b
0x010b6f11
0x010b6f1a
0x010b6f22
0x010b6f26
0x010b6f26
0x010b6f33
0x010b6f41
0x010b6f44
0x010b6f47
0x010b6f54
0x010b6f65
0x010b6f77
0x010b6f7c
0x010b6f82
0x010b6f91
0x010b6f99
0x010b6fa3
0x010b6fae
0x010b6fae
0x010b6fba
0x010b6fbb
0x010b6fbc
0x010b6fc1
0x010b6fc2
0x010b6fd3
0x010b6fd8
0x010b6fd8
0x010b6fdf
0x010b6fe8
0x010b6fee
0x010b6fee
0x010b6ff5
0x010b6ffb
0x010b6ffb
0x010b7004
0x00000000
0x010b700a
0x010b7004
0x010b6eb3
0x010b6e9c
0x010b7015

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
Instruction ID: 964cec5134cc4171bd4bdc24dee72dd46d81a954892173280e77b1045fe3e1e6
Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
Instruction Fuzzy Hash: 44716171D0021AEFDB11DFA5C984EEEBBB9FF48710F104069E545E7290DB34AA41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0104F370 Relevance: .2, Instructions: 194
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E0104F370(intOrPtr __ecx, signed int __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				unsigned int _v24;
				unsigned int _v28;
				void* __ebx;
				void* __edi;
				unsigned int _t65;
				signed int _t75;
				signed int _t76;
				intOrPtr* _t101;
				char* _t102;
				unsigned int _t115;
				signed int _t119;
				unsigned int _t124;
				void* _t134;
				signed int _t135;
				unsigned int _t137;
				signed int _t141;
				signed int _t148;
				void* _t152;
				intOrPtr* _t155;
				intOrPtr* _t156;
				unsigned int _t159;

				_v12 = __ecx;
				_v5 = __edx;
				_t65 = ((__edx & 0x000000ff) << 5) + __ecx;
				_t115 = _t65 - 0xa8;
				_v28 = _t65;
				_v24 = _t115;
				 *(_t115 + 0x14) = ( *(_t115 + 0x14) & 0x0000ffff) + 1;
				_v16 = 0x1126dc0 + (_t115 >> 0x00000002 & 0x0000001f) * 4;
				E01052280(_t115 >> 0x00000002 & 0x0000001f, 0x1126dc0 + (_t115 >> 0x00000002 & 0x0000001f) * 4);
				_t155 =  *_t115;
				if(_t155 != 0) {
					 *_t115 =  *_t155;
					 *((intOrPtr*)(_t115 + 4)) =  *((intOrPtr*)(_t115 + 4)) + 0xffff;
				}
				asm("lock cmpxchg [edi], ecx");
				_t119 = 1;
				if(1 != 1) {
					while(1) {
						_t75 = _t119 & 0x00000006;
						_v20 = _t75;
						_t76 = _t119;
						_t134 = (0 | _t75 == 0x00000002) * 4 - 1 + _t119;
						asm("lock cmpxchg [ebx], edi");
						if(_t76 == _t119) {
							break;
						}
						_t119 = _t76;
					}
					_t115 = _v24;
					if(_v20 == 2) {
						E010700C2(_v16, 0, _t134);
					}
					_t135 = 1;
				}
				if(_t155 == 0) {
					_t77 = _v5;
					if(_v5 <= 7) {
						L17:
						_t156 = E0104B433( *((intOrPtr*)(_v12 + 0xc)), _t77, _a4, _a8);
						if(_t156 != 0) {
							asm("lock inc dword [eax]");
						}
						L11:
						_t137 =  *(_t115 + 0x14) & 0x0000ffff;
						if(_t137 > 0x40) {
							_t148 =  *(_t115 + 0x18) & 0x0000ffff;
							if(_t137 >= (( *(_t115 + 0x16) & 0x0000ffff) >> 1) + ( *(_t115 + 0x16) & 0x0000ffff) || _t148 >= _t137 - (_t137 >> 1)) {
								L23:
								 *(_t115 + 0x14) = 0;
								 *(_t115 + 0x16) = 0;
								 *(_t115 + 0x18) = 0;
								goto L12;
							} else {
								if( *((intOrPtr*)(_t115 + 0xc)) >= 2) {
									if( *((intOrPtr*)(_t115 + 0x10)) <= 2) {
										goto L23;
									}
									L26:
									asm("lock cmpxchg [edx], ecx");
									goto L23;
								}
								goto L26;
							}
						}
						L12:
						return _t156;
					}
					_t159 = _v28 + 0xffffff38;
					_v28 = _t159;
					_t150 = 0x1126dc0 + (_t159 >> 0x00000002 & 0x0000001f) * 4;
					E01052280(_t159 >> 0x00000002 & 0x0000001f, 0x1126dc0 + (_t159 >> 0x00000002 & 0x0000001f) * 4);
					_t156 =  *_t159;
					if(_t156 != 0) {
						_t124 = _v28;
						 *_t124 =  *_t156;
						 *((intOrPtr*)(_t124 + 4)) =  *((intOrPtr*)(_t124 + 4)) + 0xffff;
					}
					E0104FFB0(_t115, _t150, _t150);
					if(_t156 != 0) {
						_v5 = _v5 - 1;
						_t135 = 1;
						L5:
						if(_t156 == 0) {
							goto L16;
						}
						_t141 = _t135 <<  *(_t156 + 8);
						if(_t141 > 0x78000) {
							_t141 = 0x78000;
						}
						_t152 = ( *(_t156 + 0xa) & 0x0000ffff) + _t141;
						_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
						if(_t101 != 0) {
							if( *_t101 == 0) {
								goto L8;
							}
							_t102 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							goto L9;
						} else {
							L8:
							_t102 = 0x7ffe0380;
							L9:
							if( *_t102 != 0) {
								if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
									E010F18CA(_t115,  *((intOrPtr*)(_v12 + 0xc)), _t156, _t152, _a4);
								}
							}
							asm("lock xadd [eax], edi");
							goto L11;
						}
					} else {
						L16:
						_t77 = _v5;
						goto L17;
					}
				}
				 *(_t115 + 0x18) = ( *(_t115 + 0x18) & 0x0000ffff) + 1;
				goto L5;
			}

0x0104f37a
0x0104f37d
0x0104f386
0x0104f389
0x0104f38f
0x0104f39a
0x0104f39d
0x0104f3b3
0x0104f3b6
0x0104f3bb
0x0104f3bf
0x0104f3c3
0x0104f3ca
0x0104f3ca
0x0104f3d7
0x0104f3db
0x0104f3df
0x0109bc33
0x0109bc37
0x0109bc3d
0x0109bc40
0x0109bc4c
0x0109bc50
0x0109bc56
0x00000000
0x00000000
0x0109bc58
0x0109bc58
0x0109bc60
0x0109bc63
0x0109bc6b
0x0109bc6b
0x0109bc70
0x0109bc70
0x0104f3e7
0x0104f45a
0x0104f45f
0x0104f495
0x0104f4a8
0x0104f4ac
0x0104f4ba
0x0104f4ba
0x0104f43f
0x0104f443
0x0104f449
0x0104f4e2
0x0104f4ee
0x0104f4fa
0x0104f4fc
0x0104f500
0x0104f504
0x00000000
0x0104f50d
0x0104f516
0x0104f52a
0x00000000
0x00000000
0x0104f51b
0x0104f51b
0x00000000
0x0104f51b
0x00000000
0x0104f518
0x0104f4ee
0x0104f44f
0x0104f457
0x0104f457
0x0104f464
0x0104f46c
0x0104f475
0x0104f47d
0x0104f482
0x0104f486
0x0104f4bf
0x0104f4c4
0x0104f4cb
0x0104f4cb
0x0104f489
0x0104f490
0x0104f4d1
0x0104f4d4
0x0104f3f5
0x0104f3f7
0x00000000
0x00000000
0x0104f400
0x0104f408
0x0109bc7a
0x0109bc7a
0x0104f418
0x0104f41a
0x0104f41f
0x0109bc87
0x00000000
0x00000000
0x0109bc96
0x00000000
0x0104f425
0x0104f425
0x0104f425
0x0104f42a
0x0104f42d
0x0109bcad
0x0109bcbf
0x0109bcbf
0x0109bcad
0x0104f43b
0x00000000
0x0104f43b
0x0104f492
0x0104f492
0x0104f492
0x00000000
0x0104f492
0x0104f490
0x0104f3f1
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bcdeac72791c4137b45aeae9933111fd745f4191d3f8dd05567b406715deee9
Instruction ID: 93e0dad719923a29443057b6c58d76f165567b23d2e6c38c0155860502b3b619
Opcode Fuzzy Hash: 8bcdeac72791c4137b45aeae9933111fd745f4191d3f8dd05567b406715deee9
Instruction Fuzzy Hash: 3F61FFB6A042569BCB65CF5CC4C06AEBBB1EF85310B1880B9ED95DB385DE34D942C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 0103395E Relevance: .2, Instructions: 172
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E0103395E(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t54;
				intOrPtr _t57;
				intOrPtr _t67;
				intOrPtr _t74;
				void* _t77;
				intOrPtr* _t81;
				signed int _t93;
				void* _t94;
				intOrPtr* _t97;
				intOrPtr* _t104;
				intOrPtr _t109;
				signed int _t112;
				intOrPtr* _t113;
				signed int _t114;
				void* _t123;

				_v8 =  *0x112d360 ^ _t114;
				_t54 =  *0x11284cc; // 0x0
				_v16 = __edx;
				_t93 = 0;
				_t112 = __ecx;
				_v12 = _v12 & 0;
				L0105FAD0(_t54 + 4);
				_t109 =  *0x11284cc; // 0x0
				_t110 = _t109 + 8;
				_t97 =  *_t110;
				while(_t97 != _t110) {
					_t113 = _t97 - 0x1c;
					_t67 =  *((intOrPtr*)(_t112 + 0xc));
					if( *((intOrPtr*)(_t113 + 0x10)) !=  *((intOrPtr*)(_t112 + 8)) ||  *((intOrPtr*)(_t113 + 0x14)) != _t67 ||  *((intOrPtr*)(_t113 + 8)) !=  *_t112) {
						L21:
						_t97 =  *_t97;
						continue;
					} else {
						_t69 =  *((intOrPtr*)(_t113 + 0xc));
						if( *((intOrPtr*)(_t113 + 0xc)) !=  *((intOrPtr*)(_t112 + 4))) {
							goto L21;
						}
						_t94 = _t113 + 0x28;
						E01052280(_t69, _t94);
						if( *(_t113 + 0x5c) == 2) {
							__eflags = _v16;
							if(_v16 == 0) {
								L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *(_t113 + 0x58));
								 *(_t113 + 0x58) =  *(_t113 + 0x58) & 0x00000000;
								 *(_t113 + 0x5c) =  *(_t113 + 0x5c) & 0x00000000;
								L8:
								asm("lock inc dword [esi+0x50]");
								 *(_t113 + 0x5c) = 1;
								E0104FFB0(_t94, _t112, _t94);
								_t74 =  *0x11284cc; // 0x0
								_t123 = _t74 + 4;
								E0105FA00(_t94, _t97, _t112, _t74 + 4);
								while(1) {
									_t95 = 0;
									_t77 = E01033ACA(0, _t112, _t113, _t112, _t113, _t123, 0);
									_t124 = _t77 - 0xc000022d;
									if(_t77 == 0xc000022d) {
										_t95 = 0xc000022d;
									}
									_t110 = _t113;
									if(E01033ACA(_t95, _t112, _t113, _t112, _t113, _t124, 1) == 0xc000022d) {
										_t93 = 0xc000022d;
									}
									E01052280(_t113 + 0x28, _t113 + 0x28);
									_v12 = _v12 + 1;
									_t104 = _t113 + 0x2c;
									_t81 =  *_t104;
									while(_t81 != _t104) {
										 *(_t81 + 0x60) =  *(_t81 + 0x60) & 0x00000000;
										_t81 =  *_t81;
									}
									if( *(_t113 + 0x58) != 0) {
										_t112 =  *(_t113 + 0x58);
										 *(_t113 + 0x58) =  *(_t113 + 0x58) & 0x00000000;
										E0104FFB0(_t93, _t112, _t113 + 0x28);
										continue;
									}
									if(_t93 != 0) {
										__eflags = _t93 - 0xc000022d;
										if(_t93 == 0xc000022d) {
											 *(_t113 + 0x58) = _t112;
											 *(_t113 + 0x5c) = 2;
											E010C2DA1(_t113);
										}
										L17:
										E0104FFB0(_t93, _t112, _t113 + 0x28);
										E0106DE9E(_t113);
										L18:
										if(_v12 > 1) {
											_t113 = 0;
											_t49 = _t112 + 8; // 0x8
											_push(0);
											_push(0);
											_push(_t93);
											_push( *((intOrPtr*)(_t112 + 0x18)));
											_push(_t112);
											E0107A3A0();
											__eflags = _t93;
											if(_t93 == 0) {
												L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t112);
											}
											_t93 = 0x80;
										}
										return E0107B640(_t93, _t93, _v8 ^ _t114, _t110, _t112, _t113);
									}
									 *(_t113 + 0x5c) =  *(_t113 + 0x5c) & _t93;
									if( *((intOrPtr*)(_t113 + 0x18)) != _t93) {
										__eflags =  *((intOrPtr*)(_t112 + 0x10)) -  *((intOrPtr*)(_t113 + 0x18));
										if( *((intOrPtr*)(_t112 + 0x10)) -  *((intOrPtr*)(_t113 + 0x18)) > 0) {
											goto L16;
										}
										goto L17;
									}
									L16:
									 *((intOrPtr*)(_t113 + 0x18)) =  *((intOrPtr*)(_t112 + 0x10));
									goto L17;
								}
							}
							_push(_t94);
							L27:
							E0104FFB0(_t94, _t112);
							_t93 = 0x80;
							break;
						}
						if( *(_t113 + 0x5c) == 1) {
							__eflags = _v16;
							_push(_t94);
							if(_v16 != 0) {
								goto L27;
							}
							 *(_t113 + 0x58) = _t112;
							E0104FFB0(_t94, _t112);
							_t93 = 0x103;
							break;
						}
						goto L8;
					}
				}
				_t57 =  *0x11284cc; // 0x0
				E0105FA00(_t93, _t97, _t112, _t57 + 4);
				goto L18;
			}

0x0103396d
0x01033970
0x0103397b
0x0103397e
0x01033980
0x01033982
0x01033986
0x0103398b
0x01033991
0x01033994
0x01033996
0x010339a1
0x010339a7
0x010339aa
0x01033aa7
0x01033aa7
0x00000000
0x010339c4
0x010339c4
0x010339ca
0x00000000
0x00000000
0x010339d0
0x010339d4
0x010339dd
0x0108fffc
0x01090000
0x01090020
0x01090025
0x01090029
0x010339ed
0x010339ed
0x010339f2
0x010339f9
0x010339fe
0x01033a03
0x01033a07
0x01033a0c
0x01033a0c
0x01033a13
0x01033a1d
0x01033a1f
0x0109004b
0x0109004b
0x01033a27
0x01033a37
0x01090052
0x01090052
0x01033a41
0x01033a46
0x01033a49
0x01033a4c
0x01033a4e
0x01033a9f
0x01033aa3
0x01033aa3
0x01033a56
0x01090059
0x0109005f
0x01090064
0x00000000
0x01090064
0x01033a5e
0x01090073
0x01090075
0x0109007d
0x01090080
0x01090087
0x01090087
0x01033a72
0x01033a76
0x01033a7d
0x01033a82
0x01033a86
0x01090091
0x01090093
0x01090096
0x01090097
0x01090098
0x01090099
0x0109009c
0x0109009e
0x010900a3
0x010900a5
0x010900b2
0x010900b2
0x010900b7
0x010900b7
0x01033a9e
0x01033a9e
0x01033a64
0x01033a6a
0x01033ac4
0x01033ac6
0x00000000
0x00000000
0x00000000
0x01033ac8
0x01033a6c
0x01033a6f
0x00000000
0x01033a6f
0x01033a0c
0x01090002
0x01090003
0x01090003
0x01090008
0x00000000
0x01090008
0x010339e7
0x01090032
0x01090036
0x01090037
0x00000000
0x00000000
0x01090039
0x0109003c
0x01090041
0x00000000
0x01090041
0x00000000
0x010339e7
0x010339aa
0x01033aae
0x01033ab7
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ee2341d4470251a08cd08ac7e247921fb32aeb02233bfc8453f60644785b6c1
Instruction ID: 85da4f757e67dbb7ade07b2ac0fd98113bbfec4d7e6e75d955556ea8fca2ffc6
Opcode Fuzzy Hash: 2ee2341d4470251a08cd08ac7e247921fb32aeb02233bfc8453f60644785b6c1
Instruction Fuzzy Hash: 17517C71A00B469FDB24EF59C8C4A6BB7ECBF94309F10486DE5868B611DB74E885CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0103B171 Relevance: .2, Instructions: 166
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 78%

			E0103B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x110f7a8);
				E0108D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0108D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0107D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0107F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0108DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0107B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0107B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0107E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0107A890() != 0) {
					goto L6;
				}
				goto L3;
			}

0x0103b171
0x0103b171
0x0103b171
0x0103b171
0x0103b171
0x0103b176
0x0103b17b
0x0103b180
0x0103b186
0x0103b18f
0x0103b198
0x0103b1a4
0x0103b1aa
0x01094802
0x01094802
0x01094805
0x0109480c
0x0109480e
0x0103b1d1
0x0103b1d3
0x0103b1de
0x0103b1de
0x01094817
0x0109481e
0x01094820
0x01094822
0x01094822
0x01094824
0x01094824
0x0109482a
0x00000000
0x00000000
0x01094835
0x0109483a
0x0109483d
0x0109483f
0x01094842
0x01094842
0x01094842
0x01094846
0x0109484c
0x0109484e
0x01094851
0x01094851
0x01094853
0x01094854
0x01094854
0x01094858
0x0109485a
0x0109485a
0x0109485d
0x0109485f
0x01094861
0x01094861
0x01094866
0x0109486b
0x0109486e
0x01094871
0x01094876
0x01094876
0x01094878
0x0109487b
0x01094884
0x01094884
0x00000000
0x0109487d
0x0109487d
0x01094882
0x01094889
0x01094889
0x0109488f
0x01094891
0x010948e0
0x010948e2
0x010948e4
0x010948e4
0x010948e7
0x010948e7
0x010948ed
0x010948f4
0x010948f6
0x01094951
0x01094951
0x01094953
0x01094953
0x01094956
0x01094956
0x01094958
0x01094959
0x01094959
0x0109495d
0x0109495d
0x0109495f
0x0109495f
0x01094965
0x01094969
0x010949ba
0x010949ba
0x010949c1
0x010949c5
0x010949cc
0x010949d4
0x010949d7
0x010949da
0x010949e4
0x010949e5
0x010949f3
0x01094a02
0x00000000
0x01094a02
0x01094972
0x01094974
0x00000000
0x00000000
0x01094976
0x01094979
0x01094982
0x01094983
0x01094984
0x0109498b
0x0109498d
0x01094991
0x01094993
0x01094999
0x0109499d
0x010949a2
0x010949a2
0x010949a2
0x01094999
0x010949ac
0x00000000
0x010949b3
0x010948f8
0x010948fe
0x00000000
0x00000000
0x00000000
0x010948fe
0x01094895
0x0109489c
0x010948ad
0x010948b2
0x010948b5
0x010948b7
0x010948ba
0x010948bc
0x010948c6
0x010948c6
0x010948cb
0x010948d1
0x010948d4
0x010948d8
0x010948d8
0x00000000
0x010948d8
0x010948be
0x010948c0
0x00000000
0x00000000
0x010948c2
0x00000000
0x00000000
0x00000000
0x010948c4
0x00000000
0x01094882
0x0109487b
0x01094904
0x01094906
0x00000000
0x00000000
0x01094908
0x0109490e
0x00000000
0x00000000
0x01094910
0x01094917
0x01094917
0x00000000
0x01094917
0x0103b1ba
0x010947f9
0x010947fc
0x00000000
0x00000000
0x00000000
0x010947fc
0x0103b1c0
0x0103b1c0
0x0103b1c3
0x0103b1cb
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6086e47d4f8a165572f17d636ff18f00df67be28144df15d691d2025042f5f6c
Instruction ID: 62c0b2c1c7318172b9a31b395711080364f36a0f302a11c211b708dfcf09f3bb
Opcode Fuzzy Hash: 6086e47d4f8a165572f17d636ff18f00df67be28144df15d691d2025042f5f6c
Instruction Fuzzy Hash: 9051B071D002598ADF72DF688A54BAEBBF0AF00714F1041A9E8D9EB282D7714946EB91

Uniqueness

Uniqueness Score: -1.00%

Function 010695EC Relevance: .2, Instructions: 165
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E010695EC(intOrPtr __ecx, signed int __edx, intOrPtr _a4) {
				intOrPtr _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v20;
				signed int _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t55;
				signed int _t59;
				signed int* _t62;
				void* _t68;
				intOrPtr _t86;
				void* _t90;
				signed int _t91;
				signed int _t92;
				signed int _t95;
				signed int _t111;
				signed int _t114;
				signed int _t116;

				_v8 =  *0x112d360 ^ _t116;
				_t114 = __edx;
				_v28 = __ecx;
				_v24 = 0;
				_v20 = 0;
				_t115 =  *((intOrPtr*)(__edx + 0x58));
				if(_t115 != 0) {
					_push( &_v20);
					_push(0);
					_push(0);
					E01073720(_t90, __edx, __edx, _t115, __eflags);
				}
				_t91 = _t114 + 0x8c;
				_t95 =  *_t91;
				do {
					_t111 = _t95;
					_t55 = _t95 >> 1;
					if(_t55 == 0) {
						_v16 = _v16 & 0x00000000;
						_v12 = _v12 & 0x00000000;
					} else {
						_v16 = 1;
						_v12 = 1;
						if((_t95 & 0x00000001 | _t55 * 0x00000002 - 0x00000002) < 2) {
							_v12 = _v12 & 0x00000000;
						}
					}
					asm("lock cmpxchg [ebx], ecx");
					_t95 = _t111;
				} while (_t95 != _t111);
				_t92 = _t91 | 0xffffffff;
				if(_t115 != 0) {
					__eflags = _v16;
					if(__eflags != 0) {
						__eflags = E0106EAA0(_t95, 0, _t115);
						if(__eflags >= 0) {
							_t86 = _v28;
							_t35 = _t86 + 0x50;
							 *_t35 =  *(_t86 + 0x50) | 0x00000100;
							__eflags =  *_t35;
							 *((intOrPtr*)(_t86 + 0x64)) = _t115;
						} else {
							_v16 = _v16 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							_v24 = 1;
						}
					}
					_push(_v20);
					_push(0);
					E01074520(_t92, _t114, _t115, __eflags);
					__eflags = _v24;
					if(_v24 != 0) {
						_t113 = _t92;
						E01069ED0(_t114 + 0x20, _t92, 0);
						E01108450(_t114);
					}
				}
				if(_v12 != 0) {
					_push(2);
					asm("lock xadd [edi], eax");
					_t59 = E01057D50();
					__eflags = _t59;
					if(_t59 != 0) {
						_t62 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t62 = 0x7ffe0386;
					}
					__eflags =  *_t62;
					if( *_t62 != 0) {
						E01108A62( *(_t114 + 0x5c), _t114 + 0x78,  *((intOrPtr*)(_t114 + 0x30)),  *((intOrPtr*)(_t114 + 0x34)),  *((intOrPtr*)(_t114 + 0x3c)));
					}
					_t113 =  *(_t114 + 0x5c);
					E01069702(_t92, _t114 + 0x78,  *(_t114 + 0x5c),  *((intOrPtr*)(_t114 + 0x74)), 0);
					asm("lock xadd [edi], eax");
					if(__eflags == 0) {
						_t115 =  *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))));
						 *0x112b1e0(_t114);
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))))))();
					}
				}
				if(_a4 != 0) {
					_t113 = 0;
					__eflags = E0106992F(0);
					if(__eflags != 0) {
						 *((intOrPtr*)(_t114 + 0x70)) = _v0;
						asm("lock xadd [edi], eax");
						if(__eflags == 0) {
							_t115 =  *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))));
							 *0x112b1e0(_t114);
							 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))))))();
						}
					}
				}
				if(_v16 == 0) {
					asm("lock xadd [edi], ebx");
					_t92 = _t92 - 1;
					__eflags = _t92;
					if(_t92 == 0) {
						_t115 =  *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))));
						 *0x112b1e0(_t114);
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))))))();
					}
					_t68 = 0;
				} else {
					_t113 = _t114;
					E0105E63F(_v28, _t114);
					_t68 = 1;
				}
				return E0107B640(_t68, _t92, _v8 ^ _t116, _t113, _t114, _t115);
			}

0x010695fb
0x01069601
0x01069603
0x01069608
0x0106960b
0x0106960e
0x01069613
0x010a967f
0x010a9680
0x010a9681
0x010a9682
0x010a9682
0x01069619
0x0106961f
0x01069621
0x01069623
0x01069625
0x01069627
0x010a968c
0x010a9690
0x0106962d
0x01069634
0x01069643
0x01069649
0x0106964b
0x0106964f
0x01069649
0x01069653
0x01069657
0x01069659
0x0106965d
0x01069662
0x010a969c
0x010a96a0
0x010a96aa
0x010a96ac
0x010a96bf
0x010a96c2
0x010a96c2
0x010a96c2
0x010a96c9
0x010a96ae
0x010a96ae
0x010a96b2
0x010a96b6
0x010a96b6
0x010a96ac
0x010a96cc
0x010a96cf
0x010a96d1
0x010a96d6
0x010a96da
0x010a96e5
0x010a96e7
0x010a96ed
0x010a96ed
0x010a96da
0x0106966c
0x0106969e
0x010696a1
0x010696a5
0x010696aa
0x010696ac
0x010a9700
0x010696b2
0x010696b2
0x010696b2
0x010696b9
0x010696bb
0x010a9719
0x010a9719
0x010696c1
0x010696cc
0x010696d3
0x010696d7
0x010a9727
0x010a972b
0x010a9731
0x010a9731
0x010696d7
0x01069672
0x010696de
0x010696e7
0x010696e9
0x010696ee
0x010696f3
0x010696f7
0x010a973c
0x010a9740
0x010a9746
0x010a9746
0x010696f7
0x010696e9
0x01069678
0x010a974d
0x010a9751
0x010a9751
0x010a9752
0x010a9758
0x010a975c
0x010a9762
0x010a9762
0x010a9764
0x0106967e
0x01069681
0x01069683
0x0106968a
0x0106968a
0x0106969b

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b66dbb0f4528292495527a59184249f54a5dd778c91fdf5f5a475223971fca20
Instruction ID: 97bfcc77764b4fb6dc89fdc71f5de002ade5c4749d312b0aa02e3ff3f9502383
Opcode Fuzzy Hash: b66dbb0f4528292495527a59184249f54a5dd778c91fdf5f5a475223971fca20
Instruction Fuzzy Hash: 1251F271A0070AEFDB15DFA8C844BBEBBF8FF58319F104169E59297A90DB749910CB90

Uniqueness

Uniqueness Score: -1.00%

Function 010FB581 Relevance: .2, Instructions: 163
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E010FB581(char __ecx) {
				signed int _v8;
				signed int _v11;
				intOrPtr _v15;
				short _v41;
				char _v47;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v55;
				signed int _v56;
				char _v60;
				intOrPtr _v63;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t54;
				signed int _t60;
				char* _t66;
				void* _t67;
				signed int _t87;
				signed int _t88;
				void* _t89;
				signed char _t91;
				intOrPtr* _t98;
				signed int _t107;
				signed int _t108;
				signed int _t114;
				signed int _t115;
				char _t117;
				void* _t120;
				signed int* _t123;
				void* _t124;
				signed int _t128;
				signed int _t129;

				_t131 = (_t129 & 0xfffffff8) - 0x3c;
				_v8 =  *0x112d360 ^ (_t129 & 0xfffffff8) - 0x0000003c;
				_t117 = __ecx;
				_v60 = __ecx;
				_t91 =  *((intOrPtr*)(__ecx + 0x38));
				_t54 =  *(__ecx + 0x34);
				_t87 = _t91 & 1;
				if(_t54 == 0) {
					L17:
					 *(_t117 + 0x34) =  *(_t117 + 0x34) & 0x00000000;
					 *(_t117 + 0x38) =  *(_t117 + 0x38) & 0x00000000;
					if((_t91 & 0x00000001) != 0) {
						 *(_t117 + 0x38) = 1;
					}
					_t118 = _v60;
					_t88 = _v60 + 0xe8;
					while(1) {
						_t122 =  *_t88;
						if( *_t88 == 0) {
							break;
						}
						E01102EF7(_t118 + 0xd8, _t122 ^ _t88);
						E01103209(_t118 + 0xd8, _t122 ^ _t88, 1);
					}
					E010FCB82(_v60 + 0x118);
					E010FFA96();
					E010FFA96();
					_t98 = _v60;
					_v48 =  *((intOrPtr*)(_t98 + 4));
					_t60 =  *((intOrPtr*)(_t98 + 0xd4)) - _t98;
					_v52 =  *_t98;
					_v56 = _t60;
					_push( *((intOrPtr*)(_t98 + 4)));
					_push( *_t98);
					if(( *(_t98 + 0x2c) & 0x00000001) == 0) {
						asm("sbb eax, eax");
						_push((_t60 & 0x01000000) + 0x8000);
						E010FAFDE( &_v60,  &_v56);
					} else {
						E010FBCD2(_t98);
					}
					E010FC23A( &_v55, 0);
					if(E01057D50() == 0) {
						_t66 = 0x7ffe0388;
					} else {
						_t66 = ( *[fs:0x30])[0x14] + 0x22e;
					}
					if( *_t66 != 0) {
						E010EFDD3(_v63);
					}
					_t67 = E01057D50();
					_t123 = 0x7ffe0380;
					if(_t67 == 0) {
						_t68 = 0x7ffe0380;
					} else {
						_t68 = ( *[fs:0x30])[0x14] + 0x226;
					}
					if( *_t68 != 0) {
						_t68 =  *[fs:0x30];
						if((( *[fs:0x30])[0x90] & 0x00000001) != 0) {
							if(E01057D50() != 0) {
								_t123 = ( *[fs:0x30])[0x14] + 0x226;
							}
							_v15 = _v63;
							_v41 = 0x1023;
							_push( &_v47);
							_push(4);
							_push(0x402);
							_push( *_t123 & 0x000000ff);
							_t68 = E01079AE0();
						}
					}
					_pop(_t120);
					_pop(_t124);
					_pop(_t89);
					return E0107B640(_t68, _t89, _v11 ^ _t131, 0, _t120, _t124);
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t107 =  *_t54;
					if(_t107 != 0) {
						break;
					}
					_t108 =  *(_t54 + 4);
					if(_t108 == 0) {
						_t128 =  *(_t54 + 8) & 0xfffffffc;
						if(_t87 != 0 && _t128 != 0) {
							_t128 = _t128 ^ _t54;
						}
						E010FE962(_t87, _t108, _t54, _t117);
						if(_t128 == 0) {
							_t91 =  *(_t117 + 0x38);
							goto L17;
						} else {
							_t54 = _t128;
							continue;
						}
					}
					_t115 = _t54;
					if(_t87 == 0) {
						_t54 = _t108;
					} else {
						_t54 = _t54 ^ _t108;
					}
					 *(_t115 + 4) =  *(_t115 + 4) & 0x00000000;
				}
				_t114 = _t54;
				if(_t87 == 0) {
					_t54 = _t107;
				} else {
					_t54 = _t54 ^ _t107;
				}
				 *_t114 =  *_t114 & 0x00000000;
				goto L1;
			}

0x010fb589
0x010fb593
0x010fb59a
0x010fb59c
0x010fb5a0
0x010fb5a3
0x010fb5a9
0x010fb5ae
0x010fb602
0x010fb602
0x010fb606
0x010fb60d
0x010fb60f
0x010fb60f
0x010fb613
0x010fb617
0x010fb61d
0x010fb61d
0x010fb621
0x00000000
0x00000000
0x010fb62d
0x010fb63c
0x010fb63c
0x010fb64d
0x010fb659
0x010fb668
0x010fb66d
0x010fb676
0x010fb680
0x010fb682
0x010fb686
0x010fb68e
0x010fb691
0x010fb693
0x010fb6a7
0x010fb6b3
0x010fb6b4
0x010fb695
0x010fb695
0x010fb695
0x010fb6bf
0x010fb6cb
0x010fb6dd
0x010fb6cd
0x010fb6d6
0x010fb6d6
0x010fb6e5
0x010fb6eb
0x010fb6eb
0x010fb6f0
0x010fb6f5
0x010fb701
0x010fb710
0x010fb703
0x010fb70c
0x010fb70c
0x010fb715
0x010fb717
0x010fb724
0x010fb72d
0x010fb738
0x010fb738
0x010fb740
0x010fb749
0x010fb752
0x010fb753
0x010fb755
0x010fb75d
0x010fb75e
0x010fb75e
0x010fb724
0x010fb767
0x010fb768
0x010fb769
0x010fb774
0x00000000
0x00000000
0x00000000
0x010fb5b0
0x010fb5b0
0x010fb5b0
0x010fb5b4
0x00000000
0x00000000
0x010fb5c7
0x010fb5cc
0x010fb5e3
0x010fb5e8
0x010fb5ee
0x010fb5ee
0x010fb5f2
0x010fb5f9
0x010fb5ff
0x00000000
0x010fb5fb
0x010fb5fb
0x00000000
0x010fb5fb
0x010fb5f9
0x010fb5ce
0x010fb5d2
0x010fb5d8
0x010fb5d4
0x010fb5d4
0x010fb5d4
0x010fb5da
0x010fb5da
0x010fb5b6
0x010fb5ba
0x010fb5c0
0x010fb5bc
0x010fb5bc
0x010fb5bc
0x010fb5c2
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c51603d8477e8f8832d7f70aa510361dcdf309f6afd3e0d638b5d931cbd92e92
Instruction ID: b4df969a697ab5fc3296c8f33e8aa9cad26cc657fe05561782d63ec75c42efa6
Opcode Fuzzy Hash: c51603d8477e8f8832d7f70aa510361dcdf309f6afd3e0d638b5d931cbd92e92
Instruction Fuzzy Hash: 4551F4316047428BE355DF28C556BAABBE0BF94704F1844ADAAC58BA91EB38D805CB91

Uniqueness

Uniqueness Score: -1.00%

Function 010352A5 Relevance: .2, Instructions: 161
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E010352A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E0104EEF0(0x11279a0);
					_t104 =  *0x1128210; // 0xbd2d90
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E0104EB70(_t93, 0x11279a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E01079890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E0104EEF0(0x11279a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E0104EB70(0, 0x11279a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0xbd2d9d
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E0106F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E0104EEF0(0x11279a0);
									__eflags =  *0x1128210 - _t104; // 0xbd2d90
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x1128210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E010B4888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E0104EB70(_t95, 0x11279a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E010795D0();
											L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E010795D0();
											L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E0104EB70(_t93, 0x11279a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E010795D0();
										L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E010795D0();
										L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E0106F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

0x010352a5
0x010352ad
0x010352b0
0x010352b3
0x010352b7
0x010352ba
0x010352bf
0x010352c4
0x010352cc
0x00000000
0x00000000
0x010352ce
0x010352d9
0x010352dd
0x010352e7
0x010352f7
0x010352f9
0x010352fd
0x01090dcf
0x01090dd5
0x01090dd6
0x01090dd7
0x01090dd8
0x01090dd9
0x01090dde
0x01090ddf
0x01090de0
0x01090de1
0x01090de2
0x01090de5
0x01090dea
0x01090dec
0x01090f60
0x01090f64
0x01090f70
0x01090f76
0x01090f79
0x01090f79
0x00000000
0x01090f64
0x01090df2
0x01090df7
0x01090e04
0x01090e0d
0x01090e0d
0x01090e10
0x01090e1a
0x01090e1c
0x01090e4c
0x01090e52
0x01090e61
0x01090e67
0x01090e6b
0x01090e70
0x01090e76
0x01090ed7
0x01090edc
0x01090ee0
0x01090ee6
0x01090eea
0x01090eed
0x01090ef0
0x01090ef3
0x01090ef6
0x01090ef9
0x01090efe
0x01090f01
0x01090f01
0x01090f0b
0x01090f12
0x01090f16
0x01090f18
0x01090f1b
0x01090f2c
0x01090f31
0x01090f31
0x01090f35
0x01090f39
0x01090f3a
0x01090f3c
0x01090f3f
0x01090f50
0x01090f55
0x01090f55
0x01090f59
0x010352eb
0x010352f1
0x010352f1
0x01090e7d
0x01090e84
0x01090e88
0x01090e8a
0x01090e8d
0x01090e9e
0x01090ea3
0x01090ea3
0x01090ea7
0x01090eaf
0x01090eb3
0x01090eb9
0x01090eb9
0x01090ebc
0x01090ecd
0x01090ecd
0x00000000
0x01090eb3
0x01090e21
0x01090e2b
0x01090e2f
0x01090e30
0x01090e3a
0x01090e3f
0x01090e41
0x00000000
0x00000000
0x01090e47
0x00000000
0x01090e47
0x01090df9
0x01090dfe
0x00000000
0x00000000
0x00000000
0x01090dfe
0x01035303
0x01035307
0x00000000
0x01035309
0x00000000
0x01035309
0x01035307
0x010352e9
0x010352e9
0x00000000
0x010352e9
0x0103530e
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c10218031484bfbe4d7cf9a967c97b8d9470a6e7854771eb794e2dc1d976cd24
Instruction ID: 4f6547dc92fb6a7c4ee067549fac983463fcc27fa10de8aa770213a13ea5f1f3
Opcode Fuzzy Hash: c10218031484bfbe4d7cf9a967c97b8d9470a6e7854771eb794e2dc1d976cd24
Instruction Fuzzy Hash: 0A51BF71205742ABDB21EF68C881B6BBBE8FFA4710F14092EF4D587661E774E844C792

Uniqueness

Uniqueness Score: -1.00%

Function 01062AE4 Relevance: .2, Instructions: 159
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01062AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x1128204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x1128208; // 0x1128207
				_t8 = _t57 + 0x1128208; // 0x1128207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x1128450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x112821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x1126d5c; // 0x7f440654
							_t72 =  *0x1126d5c; // 0x7f440654
							_t75 =  *0x1126d5c; // 0x7f440654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x1126d5c; // 0x7f440654
							_t84 =  *0x1126d5c; // 0x7f440654
							_t87 =  *0x1126d5c; // 0x7f440654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E0107F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}

0x01062ae4
0x01062aec
0x01062aef
0x01062af4
0x01062af7
0x01062afd
0x01062b92
0x01062b92
0x01062b97
0x01062b9c
0x01062b9c
0x01062b03
0x01062b06
0x01062b09
0x01062b09
0x01062b0f
0x01062b15
0x01062b15
0x01062b1b
0x01062b1e
0x01062b21
0x01062b26
0x01062b29
0x01062b81
0x01062b84
0x01062c0e
0x01062c15
0x01062c24
0x01062c24
0x01062b8a
0x01062b8a
0x01062b8a
0x01062b8a
0x01062b90
0x00000000
0x00000000
0x00000000
0x00000000
0x01062b4a
0x01062b4a
0x01062b4d
0x01062b53
0x00000000
0x00000000
0x01062b55
0x01062b58
0x01062bb7
0x010a5d1b
0x010a5d37
0x010a5d47
0x010a5d53
0x01062bbd
0x01062bbd
0x01062bbd
0x01062bb7
0x01062b5d
0x01062c2f
0x010a5d5b
0x010a5d77
0x010a5d87
0x010a5d93
0x01062c35
0x01062c35
0x01062c35
0x01062c2f
0x01062b65
0x01062b9f
0x01062ba2
0x01062b67
0x01062b67
0x01062b69
0x01062b6b
0x01062b6e
0x01062bc9
0x01062bcc
0x01062bcf
0x01062bd4
0x01062bd6
0x01062bd6
0x01062bdb
0x01062c02
0x01062c05
0x01062c07
0x00000000
0x01062c07
0x01062be0
0x01062c00
0x01062c3f
0x01062c3f
0x00000000
0x01062c00
0x01062be5
0x01062be7
0x01062bec
0x01062bf4
0x01062bf6
0x00000000
0x01062bf6
0x01062b70
0x01062b76
0x01062b2b
0x01062b2b
0x01062b2d
0x01062b2f
0x01062b32
0x01062b35
0x01062b3a
0x00000000
0x01062b40
0x01062b43
0x01062b45
0x01062b47
0x01062b4a
0x01062b4d
0x01062b53
0x00000000
0x00000000
0x00000000
0x01062b53
0x01062b78
0x01062b78
0x01062b7b
0x01062b7e
0x00000000
0x01062b7e
0x01062b76
0x01062ba5
0x01062ba5
0x01062ba8
0x01062bad
0x00000000
0x00000000
0x01062baf
0x01062baf
0x01062bc2
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a87d926c5b79ebc6235b9d9b02173bd6832b964a0d10f243f0d2e7defd53e6b9
Instruction ID: 2c9c7c0bd5c4c8a717c229b54a7a31b1a54f341749c2c5cea6d949e91f410f61
Opcode Fuzzy Hash: a87d926c5b79ebc6235b9d9b02173bd6832b964a0d10f243f0d2e7defd53e6b9
Instruction Fuzzy Hash: 8951B476F00119DFCB28CF1CC8909BDB7F5FB88700719856AE896AB355D734AA91CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01063C3E Relevance: .2, Instructions: 153
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E01063C3E(void* __ecx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v32;
				intOrPtr _v36;
				void* _v40;
				void* _v44;
				void* _v52;
				void* __ebx;
				signed char _t59;
				intOrPtr _t65;
				signed int _t67;
				void* _t75;
				signed char* _t78;
				intOrPtr _t79;
				signed int _t91;
				signed int _t104;
				void* _t127;
				signed int _t134;
				void* _t136;

				_t136 = (_t134 & 0xfffffff8) - 0x14;
				_t127 = __ecx;
				_v20 = 0;
				E01064E70(0x11286d0, 0x1065330, 0, 0);
				if(E01063FCD( &_v24) < 0 ||  *((intOrPtr*)(_t136 + 0x1c)) > 0xa) {
					_t59 = _v20;
				} else {
					_t59 = 3;
					_v20 = _t59;
				}
				_v20 = E01063F33(_t127, _t59);
				_v28 = 0;
				_push(E01060678(_t127, 1));
				_push(0x2000);
				_push( &_v20);
				_push(0);
				_push( &_v28);
				_push(0xffffffff);
				if(E01079660() < 0) {
					L16:
					_t65 = 0;
					goto L13;
				} else {
					if((_v20 & 0x00000001) != 0) {
						_t67 = 1;
					} else {
						_t67 =  *0x1126240; // 0x4
					}
					_t104 = _t67 * 0x18;
					_t12 = _t104 + 0x7d0; // 0x7d1
					 *((intOrPtr*)(_t136 + 0x18)) = _t12;
					_push(E01060678(_t127, 1));
					_push(0x1000);
					_push(_t136 + 0x20);
					_push(0);
					_push( &_v24);
					_push(0xffffffff);
					if(E01079660() < 0) {
						 *((intOrPtr*)(_t136 + 0x18)) = 0;
						E0106174B( &_v24, _t136 + 0x18, 0x8000);
						goto L16;
					} else {
						_t75 = E01057D50();
						_t132 = 0x7ffe0380;
						if(_t75 != 0) {
							_t78 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						} else {
							_t78 = 0x7ffe0380;
						}
						if( *_t78 != 0) {
							_t79 =  *[fs:0x30];
							__eflags =  *(_t79 + 0x240) & 0x00000001;
							if(( *(_t79 + 0x240) & 0x00000001) == 0) {
								goto L10;
							}
							__eflags = E01057D50();
							if(__eflags != 0) {
								_t132 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							}
							E010F1582(_t104, _t127, _v24, __eflags,  *((intOrPtr*)(_t136 + 0x20)),  *(_t127 + 0x74) << 3,  *_t132 & 0x000000ff);
							E010F138A(_t104, _t127, _v36, _v24, 9);
							goto L10;
						} else {
							L10:
							E01063EA8(_t127, _v24, _v20);
							 *((intOrPtr*)( *((intOrPtr*)(_v28 + 0xc)) + 0x1e4)) =  *((intOrPtr*)( *((intOrPtr*)(_v28 + 0xc)) + 0x1e4)) + _v20;
							 *((intOrPtr*)( *((intOrPtr*)(_v28 + 0xc)) + 0x1e8)) =  *((intOrPtr*)( *((intOrPtr*)(_v28 + 0xc)) + 0x1e8)) +  *((intOrPtr*)(_t136 + 0x18));
							 *((intOrPtr*)(_v28 + 0x18)) = _v20 + _v28;
							 *((intOrPtr*)(_v28 + 0x14)) =  *((intOrPtr*)(_t136 + 0x18)) + _v28;
							_t35 = _v28 + 0x7d0; // 0x7d0
							 *((intOrPtr*)(_v28 + 0x10)) = _t35 + _t104;
							_t91 =  *0x11284b4; // 0x0
							if((_t91 & 0x00000003) == 0) {
								 *0x11284b4 = _t91 | 0x00000001;
								E01061129();
							}
							 *(_v24 + 0x1b8) = _v20;
							_t65 = _v24;
							L13:
							return _t65;
						}
					}
				}
			}

0x01063c46
0x01063c4e
0x01063c5c
0x01063c60
0x01063c70
0x01063c7d
0x010a62a2
0x010a62a4
0x010a62a5
0x010a62a5
0x01063c8b
0x01063c90
0x01063c99
0x01063c9a
0x01063ca3
0x01063ca4
0x01063ca9
0x01063caa
0x01063cb3
0x010a62c5
0x010a62c5
0x00000000
0x01063cb9
0x01063cbe
0x010a62ce
0x01063cc4
0x01063cc4
0x01063cc4
0x01063cc9
0x01063cd1
0x01063cd7
0x01063ce0
0x01063ce1
0x01063cea
0x01063ceb
0x01063cf0
0x01063cf1
0x01063cfa
0x010a62b7
0x010a62c0
0x00000000
0x01063d00
0x01063d00
0x01063d05
0x01063d0c
0x010a62dd
0x01063d12
0x01063d12
0x01063d12
0x01063d17
0x010a62e7
0x010a62ed
0x010a62f4
0x00000000
0x00000000
0x010a62ff
0x010a6301
0x010a630c
0x010a630c
0x010a630c
0x010a6327
0x010a6338
0x00000000
0x01063d1d
0x01063d1d
0x01063d27
0x01063d37
0x01063d48
0x01063d58
0x01063d65
0x01063d6c
0x01063d74
0x01063d77
0x01063d7e
0x01063d83
0x01063d88
0x01063d88
0x01063d95
0x01063d9b
0x01063d9f
0x01063da5
0x01063da5
0x01063d17
0x01063cfa

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16a8a6cad78f647a8b50e17529625885d560ba70ed1d2bc506a2619e45a58a2a
Instruction ID: dec7d7c345c75db971f2ee2b3f03aa61252049dc8db145abdb70a9947b26c05b
Opcode Fuzzy Hash: 16a8a6cad78f647a8b50e17529625885d560ba70ed1d2bc506a2619e45a58a2a
Instruction Fuzzy Hash: 02518E71608341AFC740DF69D844AAABBECFF98224F14496DF8D9CB281D731D905CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0105DBE9 Relevance: .1, Instructions: 149
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E0105DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E0103CC50(E01034510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E01057D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E01108ED6(_t102, _t98);
						}
						_t76 = _v44;
						E01052280(_t58, _v44);
						E0105DD82(_v44, _t102, _t98);
						E0105B944(_t102, _v5);
						return E0104FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x1128628; // 0x0
							_v28 = _t67;
							_t68 =  *0x112862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x1128628; // 0x0
						_t105 = _v28;
						_t80 =  *0x112862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x10ffb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}

0x0105dbe9
0x0105dbf2
0x0105dbf7
0x0105dbf9
0x0105dbfc
0x0105dc00
0x0105dc03
0x0105dc14
0x0105dd54
0x0105dd54
0x0105dd54
0x0105dc18
0x0105dc1d
0x0105dc1d
0x0105dc32
0x0105dc3b
0x0105dc3e
0x0105dc46
0x0105dd5b
0x0105dd62
0x0105dd64
0x0105dd67
0x0105dd69
0x0105dd6b
0x0105dd6e
0x0105dd70
0x0105dd73
0x0105dd73
0x00000000
0x0105dc4c
0x0105dc4e
0x010a3ae3
0x010a3ae8
0x010a3aea
0x0105dce7
0x0105dce9
0x0105dcec
0x0105dcee
0x0105dcf0
0x0105dcf3
0x0105dcf5
0x010a3af2
0x010a3af5
0x010a3af5
0x0105dd06
0x0105dd08
0x0105dd0b
0x0105dd12
0x010a3b08
0x0105dd18
0x0105dd18
0x0105dd18
0x0105dd20
0x0105dd23
0x010a3b16
0x010a3b16
0x0105dd29
0x0105dd2d
0x0105dd36
0x0105dd40
0x0105dd51
0x0105dd51
0x0105dc54
0x0105dc59
0x0105dc59
0x0105dc5e
0x0105dc5e
0x0105dc63
0x0105dc66
0x0105dc6b
0x0105dc78
0x0105dc7b
0x0105dc81
0x0105dc81
0x0105dc83
0x0105dc89
0x00000000
0x00000000
0x0105dd7b
0x0105dd7b
0x0105dc8f
0x0105dc8f
0x0105dc92
0x0105dc99
0x0105dc9f
0x0105dca5
0x0105dcaa
0x0105dcaa
0x0105dcb3
0x0105dcb8
0x0105dcbb
0x0105dcc1
0x0105dccf
0x0105dcd2
0x0105dcd5
0x0105dcd7
0x0105dcda
0x0105dcdc
0x0105dcdc
0x0105dce2
0x0105dce4
0x00000000
0x0105dce4

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a25ad6fadaf083826a42729a6218b84e27bfba6f9401a0eb6d60ad848b59a4b
Instruction ID: f3074f66ddab6047c0025ab414f628c21a221a0d6714509e9db97b730b75a6e1
Opcode Fuzzy Hash: 6a25ad6fadaf083826a42729a6218b84e27bfba6f9401a0eb6d60ad848b59a4b
Instruction Fuzzy Hash: EF51B371A00616DFCB65DFA8C49069EFBF5BF48310F20815AD995AB345DB30A944CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0104EF40 Relevance: .1, Instructions: 147
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E0104EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E01039080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x77cdc21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E01032D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}

0x0104ef4b
0x0104ef4d
0x0104ef57
0x0104f0bd
0x0104f0c2
0x0104f0d2
0x0104f0d2
0x0104f0c2
0x0104ef5d
0x0104ef5f
0x0104ef67
0x0104ef6a
0x0104ef6d
0x0104ef74
0x0104ef7f
0x0104ef82
0x0104ef82
0x0104ef86
0x0104ef88
0x0104ef8c
0x0104ef8f
0x0104ef8f
0x0104ef8f
0x00000000
0x0104ef91
0x0104ef93
0x0104efc4
0x0104efc4
0x0104efc4
0x0104efca
0x0104efd0
0x0104f0a6
0x00000000
0x00000000
0x0104f0af
0x0109bb06
0x0109bb0a
0x0104f0b5
0x0104f0b5
0x0104f0b5
0x0104f0b5
0x00000000
0x0104efd6
0x0104efd9
0x0104f0de
0x0104f0e2
0x0104efdf
0x0104efdf
0x0104efdf
0x0104efe5
0x0109bafc
0x0109bafc
0x0104efe5
0x0104efeb
0x0104efed
0x0104f00f
0x0104f011
0x0104f01a
0x0104f01d
0x0104f021
0x0104f028
0x0104f029
0x0104f029
0x0104f02c
0x00000000
0x0104f02c
0x0104eff3
0x0104eff9
0x0104f0ea
0x0104f0ed
0x0104f0ef
0x00000000
0x0104f0ef
0x0104f003
0x0109bb12
0x0104f045
0x0104f049
0x0104f051
0x0104f09e
0x0104f0a0
0x0104f0a0
0x0104f09e
0x0104f053
0x0104f064
0x0104f064
0x0104f06b
0x0109bb1a
0x0109bb1a
0x0104f071
0x0104f071
0x0104f07d
0x0104f082
0x0104f08f
0x0104f08f
0x0104f009
0x0104f00d
0x00000000
0x0104f00d
0x0104efd0
0x0104ef97
0x0104efa5
0x0104efaa
0x00000000
0x0104efac
0x0104efac
0x0104efac
0x00000000
0x0104efb2
0x0104f036
0x0104f03a
0x0104f040
0x0104f090
0x00000000
0x0104f092
0x0104f042
0x00000000
0x0104f042
0x0104efb7
0x0104efb9
0x0104efbc
0x0104efb0
0x0104efb0
0x00000000
0x0104efbe
0x0104efbe
0x0104efc1
0x00000000
0x0104efc1
0x0104efbc
0x0104efaa
0x0104ef91

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
Instruction ID: c70e3c40a4866d80d3733933bc20c8653a6a90ddaa5a279dcdcac770bb1fce06
Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
Instruction Fuzzy Hash: 8D51F5B0A0424A9FDB61CB6CC0D47AEBBF1BF45314F1481F8D5C553282C379A989C741

Uniqueness

Uniqueness Score: -1.00%

Function 0110740D Relevance: .1, Instructions: 141
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E0110740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0108D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E0107F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = E01054620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = E01054620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E0107F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = E01054620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}

0x0110740d
0x0110740d
0x01107412
0x01107413
0x01107416
0x01107418
0x0110741c
0x0110741f
0x01107422
0x01107422
0x01107428
0x0110742a
0x0110742a
0x01107451
0x01107432
0x0110744f
0x0110744f
0x00000000
0x01107434
0x01107438
0x01107443
0x01107517
0x01107517
0x0110751a
0x01107535
0x01107520
0x01107527
0x0110752c
0x01107531
0x01107533
0x00000000
0x01107533
0x00000000
0x01107531
0x0110754b
0x0110754f
0x0110755c
0x0110755c
0x0110755f
0x01107560
0x01107561
0x01107562
0x01107563
0x01107568
0x0110756a
0x0110756c
0x0110756d
0x0110756d
0x0110756f
0x01107572
0x01107574
0x01107577
0x0110757c
0x0110757f
0x00000000
0x01107551
0x01107551
0x01107551
0x01107553
0x01107553
0x01107449
0x01107449
0x0110744c
0x0110744c
0x00000000
0x0110744c
0x01107443
0x0110750e
0x01107514
0x01107514
0x01107455
0x01107469
0x0110746d
0x00000000
0x01107473
0x01107473
0x01107476
0x01107480
0x01107484
0x0110748e
0x01107493
0x01107493
0x01107496
0x01107499
0x011074a1
0x011074b1
0x011074b5
0x00000000
0x011074bb
0x011074c1
0x011074c1
0x011074c4
0x011074c5
0x011074c6
0x011074c7
0x011074c8
0x011074cd
0x00000000
0x011074d3
0x011074d3
0x011074d6
0x011074d8
0x011074db
0x011074dd
0x011074e0
0x011074e7
0x011074ee
0x011074ee
0x011074f4
0x011074f9
0x00000000
0x011074fb
0x011074fb
0x011074fd
0x01107500
0x01107503
0x01107505
0x01107505
0x011074f9
0x00000000
0x011074cd
0x011074b5
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
Instruction ID: ed5209c3dc8e989e4dd998bdd25f73ec197ef608af22ca0c203888d3c3bcb65b
Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
Instruction Fuzzy Hash: B051C171900646DFDB1ACF18C480A92BBF5FF44304F15C1AAE948DF292E3B2E945CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 01074D51 Relevance: .1, Instructions: 139
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E01074D51(intOrPtr* __ecx, intOrPtr* __edx) {
				signed int _v8;
				intOrPtr* _v12;
				intOrPtr* _v16;
				signed int _v20;
				signed int* _v24;
				signed int _v28;
				intOrPtr _v32;
				void* __ebx;
				signed int* _t57;
				signed int _t63;
				intOrPtr _t68;
				char* _t72;
				signed int _t80;
				signed int _t89;
				signed int _t91;
				intOrPtr* _t97;
				intOrPtr _t99;
				signed int _t100;
				signed int _t101;
				signed int _t105;
				void* _t107;
				intOrPtr* _t108;
				signed int _t113;

				_t97 = __ecx;
				_v16 = __edx;
				_v12 = __ecx;
				if( *__ecx != __edx) {
					asm("sbb eax, eax");
					_t105 = 0;
					_v8 = 0;
					_t80 = 0;
					_t4 = _t97 + 0x10; // 0x10
					_t57 = _t4;
					_v24 = _t57;
					while(1) {
						_t113 =  *_t57;
						_v20 = _t113;
						if((_t113 >> 0x00000010 & 0x00008000) != 0) {
							goto L23;
						}
						if(_t113 == 0) {
							L20:
							goto L2;
						}
						asm("lock cmpxchg [edx], ecx");
						_t97 = _v12;
						if(_t113 != _t113) {
							goto L23;
						}
						L7:
						if(_t113 == 0xffffffff) {
							goto L20;
						}
						if(_t113 == 0) {
							L19:
							 *_v24 = _t113;
							goto L20;
						}
						_t63 =  *_t97 + 0x50;
						_v28 =  ~( *(_t97 + 0x18) & 0x0000ffff);
						_v8 = _t63;
						do {
							_t107 =  *_t63;
							_t99 =  *((intOrPtr*)(_t63 + 4));
							_v32 = _t99;
							asm("lock cmpxchg8b [esi]");
							_t63 = _v8;
						} while (_t107 != _t107 || _t99 != _v32);
						_t113 = _v20;
						_t100 =  *(_v12 + 0x18) & 0x0000ffff;
						_v8 = _t100;
						_t108 = _v16 + 0x50;
						do {
							_t68 =  *_t108;
							_t89 =  *(_t108 + 4);
							_v32 = _t68;
							_v28 = _t89;
							_t31 = _t89 + 1; // 0x1
							_t101 = _t31;
							if(_t100 == 0) {
								_t40 = _t89 - 1; // -1
								_t101 = _t40;
							}
							_v20 = _t101;
							asm("lock cmpxchg8b [edi]");
							_t91 = _t89;
							_t100 = _v8;
						} while (_t68 != _v32 || _t91 != _v28);
						_t84 = _v12;
						 *_v12 = _v16;
						_t105 = 1;
						if(E01057D50() != 0) {
							_t72 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						} else {
							_t72 = 0x7ffe0380;
						}
						if( *_t72 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
								E010F129A(_t84,  *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0xc)) + 0xc)),  *((intOrPtr*)(_t84 + 4)), ( *( *[fs:0x18] + 0xfa8) & 0x0000ffff) - 1);
							}
						}
						goto L19;
						L23:
						_t80 = _t80 + 1;
						if(_t80 <= _v8) {
							_t41 = _t97 + 0x10; // 0x10
							_t57 = _t41;
							continue;
						}
						_t113 = _t113 | 0xffffffff;
						_v20 = _t113;
						goto L7;
					}
				} else {
					_t105 = 1;
					L2:
					return _t105;
				}
			}

0x01074d5b
0x01074d5e
0x01074d61
0x01074d66
0x01074d7d
0x01074d82
0x01074d84
0x01074d87
0x01074d89
0x01074d89
0x01074d8d
0x01074d90
0x01074d90
0x01074d97
0x01074d9f
0x00000000
0x00000000
0x01074da8
0x01074e82
0x00000000
0x01074e83
0x01074dbb
0x01074dbf
0x01074dc4
0x00000000
0x00000000
0x01074dca
0x01074dcd
0x00000000
0x00000000
0x01074dd5
0x01074e7d
0x01074e80
0x00000000
0x01074e80
0x01074de3
0x01074de6
0x01074de9
0x01074dec
0x01074dec
0x01074dee
0x01074df3
0x01074dff
0x01074e08
0x01074e08
0x01074e15
0x01074e18
0x01074e22
0x01074e25
0x01074e27
0x01074e27
0x01074e2b
0x01074e2e
0x01074e31
0x01074e37
0x01074e37
0x01074e3a
0x01074e89
0x01074e89
0x01074e89
0x01074e3c
0x01074e44
0x01074e48
0x01074e4a
0x01074e4d
0x01074e57
0x01074e5d
0x01074e61
0x01074e69
0x010af2a8
0x01074e6f
0x01074e6f
0x01074e6f
0x01074e77
0x010af2bf
0x010af2e2
0x010af2e2
0x010af2bf
0x00000000
0x010af28e
0x010af28e
0x010af292
0x010af286
0x010af286
0x00000000
0x010af286
0x010af294
0x010af297
0x00000000
0x010af297
0x01074d68
0x01074d6a
0x01074d6b
0x01074d71
0x01074d71

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57c987ef142df1584dd8d639fa8fc84791a5094b44c6db83ae1c023477dd8020
Instruction ID: 791a39bda82cd54544977b66492771a66fcc9937f051329b9986da7ffe10e02f
Opcode Fuzzy Hash: 57c987ef142df1584dd8d639fa8fc84791a5094b44c6db83ae1c023477dd8020
Instruction Fuzzy Hash: 8B513435E00615CFCB55CF88C480AADB7F5FF88720F2485A9D8A5EB251D730AE81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01062990 Relevance: .1, Instructions: 133
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E01062990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x110ff00);
				E0108D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x1011664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E0107E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x1011668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E010B51BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x101166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E01062AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E01046600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E01062C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E0104EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E01062AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E01062C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E01062ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0108D0D1(_t62);
				goto L28;
			}

0x01062990
0x01062992
0x01062997
0x010629a3
0x010629a6
0x010629ab
0x010629ad
0x010629b2
0x010a5c80
0x010629b8
0x010629b8
0x010629bb
0x010629c0
0x010629c5
0x010629c6
0x010629c6
0x010629cb
0x00000000
0x00000000
0x010629cd
0x010629d0
0x010629d9
0x010629db
0x010629dd
0x01062a7f
0x01062a84
0x01062a87
0x01062a89
0x010a5ca1
0x010a5ca3
0x00000000
0x01062a8f
0x01062a8f
0x00000000
0x01062a8f
0x00000000
0x010629e3
0x010629e3
0x010629e3
0x00000000
0x010629e3
0x010629dd
0x00000000
0x010629db
0x010629e6
0x010629e9
0x010629eb
0x010629ed
0x010629f3
0x010629f5
0x010629f8
0x010629fa
0x01062a97
0x01062a9a
0x01062a9d
0x01062add
0x00000000
0x01062a9f
0x01062aa2
0x01062aa5
0x01062aa8
0x01062aab
0x010a5cab
0x010a5caf
0x010a5cc5
0x010a5cda
0x010a5cdc
0x010a5cdf
0x010a5ce5
0x00000000
0x010a5ceb
0x010a5ced
0x010a5cee
0x00000000
0x010a5cee
0x010a5cb1
0x010a5cb4
0x010a5cb9
0x010a5cbb
0x00000000
0x010a5cbd
0x010a5cbd
0x00000000
0x010a5cbd
0x010a5cbb
0x01062ab1
0x01062ab1
0x01062ac4
0x01062ac6
0x01062ac6
0x00000000
0x01062ac6
0x01062aab
0x00000000
0x01062a00
0x01062a09
0x01062a0e
0x01062a21
0x01062a24
0x01062a35
0x01062a3a
0x01062a3d
0x01062a42
0x01062a59
0x01062a59
0x01062a5c
0x01062a5f
0x01062a5f
0x010629fa
0x010629f3
0x01062a64
0x01062a64
0x01062a6b
0x01062a6b
0x01062a6d
0x01062a72
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13f21ca99688e9bc1408db645b795ddf5842c3ba4eb550d6f94a8d31911c7fe8
Instruction ID: d9426ecf246818cec1adfb6070059f66715049fba3acd460d4c0f53d3877b026
Opcode Fuzzy Hash: 13f21ca99688e9bc1408db645b795ddf5842c3ba4eb550d6f94a8d31911c7fe8
Instruction Fuzzy Hash: 9C518D71A0020ADFDF25DF99C880AEEBBB9FF48350F158155E984AB260C3759D52CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 01035050 Relevance: .1, Instructions: 133
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E01035050(void* _a4) {
				char _v24;
				signed int _v28;
				void* _v30;
				intOrPtr _v32;
				void* _v44;
				void* _v46;
				void* _v48;
				void* _v52;
				void* _v60;
				void* _v72;
				intOrPtr _t34;
				short _t36;
				signed int _t38;
				signed short _t41;
				signed int _t51;
				short _t60;
				intOrPtr _t68;
				intOrPtr _t73;
				signed int _t77;
				short _t78;
				short _t79;
				intOrPtr _t80;
				signed int _t81;
				void* _t83;

				_t83 = (_t81 & 0xfffffff8) - 0x1c;
				_t34 =  *[fs:0x30];
				_t58 =  *((intOrPtr*)(_t34 + 0x18));
				_t73 =  *((intOrPtr*)(_t34 + 0x10));
				_v28 =  *((intOrPtr*)(_t34 + 0x18));
				if(E0103519E(_a4) != 0) {
					_t36 = 0;
					L14:
					return _t36;
				}
				_t62 = _a4;
				if(E010574C0(_a4) != 0) {
					_t36 = 0xc0000103;
				} else {
					_t77 =  *(_t73 + 0x26) & 0x0000ffff;
					while(1) {
						_t38 = E01054620(_t62, _t58, 0, _t77);
						_v28 = _t38;
						if(_t38 == 0) {
							break;
						}
						 *((short*)(_t83 + 0x18)) = 0;
						if(_t77 > 0xffff) {
							 *(_t83 + 0x1a) = 0xffff;
							L25:
							_t78 = 0xc0000095;
							L26:
							L010577F0(_t58, 0, _t38);
							_t36 = _t78;
							goto L14;
						}
						 *(_t83 + 0x1a) = _t77;
						_t79 = E01056E30(_a4, _t77, _t38, 0, 0, _t83 + 0x20);
						if(_t79 == 0) {
							_t78 = 0xc0000033;
							L23:
							_t38 =  *((intOrPtr*)(_t83 + 0x1c));
							goto L26;
						}
						_t41 =  *(_t83 + 0x1a);
						_t62 = (_t41 & 0x0000ffff) - 4;
						if(_t79 > (_t41 & 0x0000ffff) - 4) {
							__eflags =  *((char*)( *[fs:0x30] + 3));
							if(__eflags >= 0) {
								_t41 =  *(_t83 + 0x1a);
								goto L7;
							}
							L010577F0(_t58, 0,  *((intOrPtr*)(_t83 + 0x1c)));
							_t77 = _t79 + 4;
							continue;
						}
						L7:
						_t71 = _t41 & 0x0000ffff;
						if(_t79 > (_t41 & 0x0000ffff)) {
							_t78 = 0xc0000106;
							goto L23;
						}
						_t91 = _t79 - 0xffff;
						if(_t79 > 0xffff) {
							 *((short*)(_t83 + 0x18)) = 0xffff;
							_t38 =  *((intOrPtr*)(_t83 + 0x1c));
							goto L25;
						}
						 *((short*)(_t83 + 0x18)) = _t79;
						_t60 = E0106F0BF(_t83 + 0x1c, _t71, _t91,  &_v24);
						L010577F0(_v32, 0,  *((intOrPtr*)(_t83 + 0x1c)));
						if(_t60 >= 0) {
							E0104EEF0(0x11279a0);
							_t68 = _v28;
							_t80 =  *0x1128210; // 0xbd2d90
							 *((intOrPtr*)(_t73 + 0x2c)) =  *((intOrPtr*)(_t68 + 4));
							 *((intOrPtr*)(_t73 + 0x28)) =  *((intOrPtr*)(_t68 + 0x10));
							 *((short*)(_t73 + 0x24)) =  *((intOrPtr*)(_t68 + 0xc));
							 *0x1128210 = _t68;
							_t51 = E0104EB70(_t68, 0x11279a0);
							if(_t80 != 0) {
								asm("lock xadd [esi], eax");
								if((_t51 | 0xffffffff) == 0) {
									_push( *((intOrPtr*)(_t80 + 4)));
									E010795D0();
									L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t80);
								}
							}
						}
						_t36 = _t60;
						goto L14;
					}
					_t36 = 0xc0000017;
				}
			}

0x01035058
0x0103505b
0x01035066
0x0103506a
0x0103506d
0x01035078
0x0103519a
0x01035191
0x01035197
0x01035197
0x0103507e
0x01035088
0x01090c21
0x0103508e
0x0103508e
0x01035092
0x01035096
0x0103509b
0x010350a1
0x00000000
0x00000000
0x010350ae
0x010350b5
0x01090c72
0x01090c77
0x01090c77
0x01090c7c
0x01090c80
0x01090c85
0x00000000
0x01090c85
0x010350bf
0x010350d4
0x010350d8
0x01090c67
0x01090c6c
0x01090c6c
0x00000000
0x01090c6c
0x010350de
0x010350e6
0x010350eb
0x01090c31
0x01090c35
0x01090c4b
0x00000000
0x01090c4b
0x01090c3e
0x01090c43
0x00000000
0x01090c43
0x010350f1
0x010350f1
0x010350f6
0x01090c55
0x00000000
0x01090c55
0x01035101
0x01035103
0x01090c5c
0x01090c61
0x00000000
0x01090c61
0x0103510d
0x01035120
0x01035128
0x0103512f
0x01035136
0x0103513b
0x0103513f
0x0103514d
0x01035153
0x0103515a
0x0103515e
0x01035164
0x0103516b
0x01035170
0x01035174
0x01035176
0x01035179
0x0103518a
0x0103518a
0x01035174
0x0103516b
0x0103518f
0x00000000
0x0103518f
0x01090c8c
0x01090c8c

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5393ef11f7cc239a65efb74e2e44a8d550e3ba9c1abc7eaffdf53a6748696073
Instruction ID: 7777474afa9af40d500478d9930be99ffabd7a73b244ca1040e92447d733c598
Opcode Fuzzy Hash: 5393ef11f7cc239a65efb74e2e44a8d550e3ba9c1abc7eaffdf53a6748696073
Instruction Fuzzy Hash: F641F076604352ABC720EF28CC90BABBBA8AF94710F000929FDD59B2A1E730DC41D7D5

Uniqueness

Uniqueness Score: -1.00%

Function 01064BAD Relevance: .1, Instructions: 131
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E01064BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x112d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E0103CC50(_t86);
					L11:
					return E0107B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x1128504
				E01052280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E0107FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E0107B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = E01054620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E0103CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x1128504
								E0104FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E01064F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}

0x01064bad
0x01064bbf
0x01064bc2
0x01064bc6
0x01064bcd
0x01064bd9
0x010a67fe
0x010a6800
0x01064ccc
0x01064ccd
0x01064cb7
0x01064cc9
0x01064cc9
0x01064bdf
0x01064be5
0x00000000
0x00000000
0x01064beb
0x01064bef
0x00000000
0x00000000
0x01064bf5
0x01064bf9
0x01064c06
0x01064c0b
0x01064c17
0x01064c1c
0x01064c1f
0x01064c25
0x01064c33
0x01064c3d
0x01064c40
0x01064c43
0x01064c47
0x01064c4d
0x01064c53
0x01064c54
0x01064c55
0x01064c56
0x01064c5b
0x01064c5c
0x01064c63
0x01064c6b
0x00000000
0x00000000
0x010a6776
0x010a6784
0x010a6784
0x010a679f
0x010a67a7
0x010a67af
0x010a67ce
0x00000000
0x010a67b1
0x010a67b7
0x010a67b8
0x010a67c1
0x010a67d3
0x010a67d9
0x010a67dd
0x01064c94
0x01064c94
0x01064c98
0x01064c9c
0x01064ca3
0x010a67f4
0x010a67f4
0x01064cb5
0x00000000
0x00000000
0x00000000
0x00000000
0x01064cb5
0x01064c79
0x01064c7e
0x01064c89
0x01064c8b
0x01064c8f
0x01064c8f
0x00000000
0x01064c89
0x010a67c3
0x00000000
0x010a67c3
0x010a67af
0x01064c73
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1fd8a5205a4585f63087d98472fa408fbcd99b7cf7c29f47cb495127d33aa25
Instruction ID: 582a657616f9c60915aa77e46a84e82985571d5beba43abd71a2bd58f53fcea3
Opcode Fuzzy Hash: d1fd8a5205a4585f63087d98472fa408fbcd99b7cf7c29f47cb495127d33aa25
Instruction Fuzzy Hash: 3C41A035A0022D9BDB61DF68C940BEE7BF8FF45710F4500A5E988EB341EA759E80CB95

Uniqueness

Uniqueness Score: -1.00%

Function 01064D3B Relevance: .1, Instructions: 131
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E01064D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x112d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E0107FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x1127bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E0107B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = E01054620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E0103CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E0107B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E0107F380(_t67 + 0xc, 0x1015138, 0x10) == 0) {
								 *0x11260d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E01064F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E01064E70(0x11286b0, 0x1065690, 0, 0) != 0) {
					_t46 = E0103CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}

0x01064d3b
0x01064d4d
0x01064d53
0x01064d58
0x01064d65
0x01064d6c
0x01064d71
0x01064d77
0x01064d7f
0x01064d8c
0x01064d8e
0x01064dad
0x01064db0
0x01064db7
0x01064db8
0x01064db9
0x01064dba
0x01064dbb
0x01064dc1
0x01064dc8
0x01064dcc
0x01064dd5
0x01064dde
0x01064ddf
0x01064de0
0x01064de1
0x01064de6
0x01064de7
0x01064de9
0x01064df3
0x00000000
0x00000000
0x010a6c7c
0x010a6c8a
0x010a6c8a
0x010a6c9d
0x010a6ca7
0x010a6cac
0x010a6cb2
0x010a6cb9
0x00000000
0x010a6cbf
0x010a6cbf
0x00000000
0x010a6cbf
0x010a6cb9
0x01064dfb
0x010a6ccf
0x010a6cd3
0x01064e32
0x01064e39
0x010a6ce0
0x010a6cf2
0x010a6cf2
0x010a6ce0
0x01064e3f
0x01064e41
0x01064e51
0x01064e51
0x01064e03
0x01064e03
0x01064e09
0x01064e0f
0x01064e57
0x00000000
0x00000000
0x01064e1b
0x01064e30
0x01064e5b
0x01064e5b
0x00000000
0x01064e30
0x01064e11
0x01064e11
0x01064e16
0x00000000
0x01064e16
0x01064e01
0x00000000
0x01064e01
0x01064da5
0x010a6c6b
0x00000000
0x01064dab
0x01064dab
0x00000000
0x01064dab

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fee54a668ec8114f4990699fa43c36ea31872eafd694297bbe341007df0a842f
Instruction ID: 8b735c41db2757845623c5d075ae771b48f840d83e8d60fac318d9e7e16882ad
Opcode Fuzzy Hash: fee54a668ec8114f4990699fa43c36ea31872eafd694297bbe341007df0a842f
Instruction Fuzzy Hash: B341E371A40318AFEB72DF18CC80FAAB7E9EB54710F0440AAE985DB281D775DD80CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0105F86D Relevance: .1, Instructions: 124
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E0105F86D(void* __ebx, signed int __ecx, unsigned int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t31;
				signed int _t40;
				signed int _t45;
				signed int _t46;
				signed int _t48;
				signed int _t50;
				signed int _t53;
				unsigned int* _t60;
				signed int* _t66;
				signed int _t67;
				signed int* _t70;
				void* _t71;

				_t64 = __edx;
				_t61 = __ecx;
				_push(0x1c);
				_push(0x110feb8);
				E0108D08C(__ebx, __edi, __esi);
				_t60 = __edx;
				 *((intOrPtr*)(_t71 - 0x28)) = __edx;
				_t70 = __ecx;
				 *((intOrPtr*)(_t71 - 0x2c)) = __ecx;
				_t66 =  *(_t71 + 8);
				if(_t66 == 0 || __ecx == 0 || __edx == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					E011088F5(_t60, _t61, _t64, _t66, _t70, __eflags);
					_t31 = 0xc000000d;
					goto L9;
				} else {
					if( *__ecx == 0) {
						L10:
						 *(_t71 - 0x20) =  *(_t71 - 0x20) & 0x00000000;
						_t67 = E01063E70(_t71 - 0x20, 0);
						 *(_t71 - 0x24) = _t67;
						__eflags = _t67;
						if(_t67 < 0) {
							L24:
							_t31 = _t67;
							L9:
							return E0108D0D1(_t31);
						}
						E01052280(_t36, _t60);
						 *(_t71 - 4) = 1;
						__eflags =  *_t70;
						if( *_t70 != 0) {
							asm("lock inc dword [eax]");
							L21:
							 *(_t71 - 4) = 0xfffffffe;
							E0105F9DD(_t60);
							_t40 =  *(_t71 - 0x20);
							__eflags = _t40;
							if(__eflags != 0) {
								_push(_t40);
								E01039100(_t60, _t61, _t67, _t70, __eflags);
							}
							__eflags = _t67;
							if(_t67 >= 0) {
								 *( *(_t71 + 8)) =  *_t70;
							}
							goto L24;
						}
						__eflags = _t70 - 0x11286c0;
						if(_t70 != 0x11286c0) {
							__eflags = _t70 - 0x11286b8;
							if(_t70 != 0x11286b8) {
								L20:
								 *_t70 =  *(_t71 - 0x20);
								_t20 = _t71 - 0x20;
								 *_t20 =  *(_t71 - 0x20) & 0x00000000;
								__eflags =  *_t20;
								goto L21;
							}
							E01065AA0(_t61,  *(_t71 - 0x20), 1);
							_t45 = E010395F0( *(_t71 - 0x20), 1);
							L27:
							_t67 = _t45;
							__eflags = _t67;
							 *(_t71 - 0x24) = _t67;
							if(_t67 >= 0) {
								goto L20;
							}
							goto L21;
						}
						_t46 =  *0x1128754; // 0x0
						__eflags = _t46;
						if(_t46 != 0) {
							E01065AA0(_t61,  *(_t71 - 0x20), _t46);
						} else {
							_t50 =  *0x7ffe03c0 << 3;
							__eflags = _t50 - 0x300;
							if(_t50 < 0x300) {
								_t50 = 0x300;
							}
							E01065AA0(0x300,  *(_t71 - 0x20), _t50);
							_t53 =  *0x7ffe03c0 << 2;
							_t61 = 0x180;
							__eflags = _t53 - 0x180;
							if(_t53 < 0x180) {
								_t53 = 0x180;
							}
							E01075C70( *(_t71 - 0x20), _t53);
						}
						_t48 =  *0x1128750; // 0x0
						__eflags = _t48;
						if(_t48 != 0) {
							_t45 = E0103B8F0( *(_t71 - 0x20), _t48);
							goto L27;
						} else {
							goto L20;
						}
					}
					 *((char*)(_t71 - 0x19)) = 0;
					L0105FAD0(__edx);
					 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
					if( *_t70 != 0) {
						asm("lock inc dword [eax]");
						 *_t66 =  *_t70;
						 *((char*)(_t71 - 0x19)) = 1;
					}
					 *(_t71 - 4) = 0xfffffffe;
					E0105F9D6(_t60);
					if( *((char*)(_t71 - 0x19)) == 0) {
						goto L10;
					} else {
						_t31 = 0;
						goto L9;
					}
				}
			}

0x0105f86d
0x0105f86d
0x0105f86d
0x0105f86f
0x0105f874
0x0105f879
0x0105f87b
0x0105f87e
0x0105f880
0x0105f883
0x0105f888
0x010a47c9
0x010a47ce
0x00000000
0x0105f8b1
0x0105f8b4
0x0105f8f1
0x0105f8f1
0x0105f900
0x0105f902
0x0105f905
0x0105f907
0x0105f9a9
0x0105f9a9
0x0105f8e9
0x0105f8ee
0x0105f8ee
0x0105f90e
0x0105f913
0x0105f91c
0x0105f91e
0x0105f9e4
0x0105f98b
0x0105f98b
0x0105f992
0x0105f997
0x0105f99a
0x0105f99c
0x0105f9e9
0x0105f9ea
0x0105f9ea
0x0105f99e
0x0105f9a0
0x0105f9a7
0x0105f9a7
0x00000000
0x0105f9a0
0x0105f924
0x0105f92a
0x0105f9b0
0x0105f9b6
0x0105f982
0x0105f985
0x0105f987
0x0105f987
0x0105f987
0x00000000
0x0105f987
0x0105f9be
0x0105f9c6
0x0105f9cb
0x0105f9cb
0x0105f9cd
0x0105f9cf
0x0105f9d2
0x00000000
0x00000000
0x00000000
0x0105f9d4
0x0105f930
0x0105f935
0x0105f937
0x010a47a3
0x0105f93d
0x0105f942
0x0105f94a
0x0105f94c
0x0105f94e
0x0105f94e
0x0105f954
0x0105f95e
0x0105f961
0x0105f966
0x0105f968
0x0105f96a
0x0105f96a
0x0105f970
0x0105f970
0x0105f975
0x0105f97a
0x0105f97c
0x010a47b1
0x00000000
0x00000000
0x00000000
0x00000000
0x0105f97c
0x0105f8b6
0x0105f8bb
0x0105f8c0
0x0105f8c8
0x0105f8ca
0x0105f8cf
0x0105f8d1
0x0105f8d1
0x0105f8d5
0x0105f8dc
0x0105f8e5
0x00000000
0x0105f8e7
0x0105f8e7
0x00000000
0x0105f8e7
0x0105f8e5

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69fb225ac8d5355145e674aa4f0f738f89673dda8c8bfa21ed8aed03642138df
Instruction ID: f92a400784bea6f4f0dbe655fc0de37b2f9b52c79e7fd2e44104ed0493181bfd
Opcode Fuzzy Hash: 69fb225ac8d5355145e674aa4f0f738f89673dda8c8bfa21ed8aed03642138df
Instruction Fuzzy Hash: 5241C071A00607AFEBA19FACC840BEFBAF9BF58714F140159E9C0E7251D77898408B60

Uniqueness

Uniqueness Score: -1.00%

Function 01031AA0 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1a7370b56a08231ee134f13a4b803da5b209042f7814c29e042afade973f4ff
Instruction ID: 676167e735400420849253670c5fdb0ce7db053b7ce558871b9f27343d0eee36
Opcode Fuzzy Hash: e1a7370b56a08231ee134f13a4b803da5b209042f7814c29e042afade973f4ff
Instruction Fuzzy Hash: D9414F71A00605EFDB24CF99D980AAEBBF9FF4C710B1045ADE596D7650E730EA44CB60

Uniqueness

Uniqueness Score: -1.00%

Function 0103649B Relevance: .1, Instructions: 123
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E0103649B(signed int __ecx, signed int __edx) {
				signed int _v8;
				char _v40;
				void* _v80;
				short _v82;
				char _v84;
				short _v88;
				char _v92;
				void* _v96;
				void* _v98;
				void* _v100;
				void* _v104;
				void* _v106;
				void* _v108;
				void* _v112;
				void* _v120;
				void* _v122;
				void* _v124;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t37;
				short _t41;
				void* _t43;
				short _t45;
				void* _t65;
				short* _t71;
				void* _t72;
				void* _t74;
				void* _t76;
				signed int _t77;
				signed int _t79;

				_t69 = __edx;
				_t79 = (_t77 & 0xfffffff8) - 0x5c;
				_v8 =  *0x112d360 ^ _t79;
				_t71 = __edx;
				_v92 = 0;
				_v88 = 0;
				_v84 = 0;
				_v80 = 0;
				if(__edx == 0) {
					_t37 = 0xc000000d;
					L7:
					_pop(_t72);
					_pop(_t74);
					_pop(_t65);
					return E0107B640(_t37, _t65, _v8 ^ _t79, _t69, _t72, _t74);
				}
				_t75 = __ecx & 0x0000ffff;
				 *((short*)(__edx)) = 0;
				_v80 =  &_v40;
				_t41 = 0x1e;
				_v82 = _t41;
				_t43 = E01044720(__edx, __ecx & 0x0000ffff,  &_v84, 2, 0);
				if(_t43 < 0) {
					if(_t43 == 0xc0000023) {
						_v80 = 0;
						_v82 = 0;
						_t43 = E01044720(__edx, _t75,  &_v84, 2, 1);
					}
					if(_t43 >= 0) {
						goto L2;
					} else {
						_t76 = 0xc000000d;
						L4:
						if(_v88 != _t79 + 0x24) {
							L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v88);
						}
						if(_v80 !=  &_v40) {
							L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v80);
						}
						_t37 = _t76;
						goto L7;
					}
				}
				L2:
				_v88 = _t79 + 0x28;
				_t45 = 0x1e;
				 *((short*)(_t79 + 0x16)) = _t45;
				_t76 = E01042EB0(_t69, _v80,  &_v92, 6, 0);
				if(_t76 < 0) {
					if(_t76 == 0xc0000023) {
						_v88 = 0;
						 *((short*)(_t79 + 0x16)) = 0;
						_t76 = E01042EB0(_t69, _v80,  &_v92, 6, 1);
					}
					if(_t76 < 0) {
						goto L4;
					} else {
						goto L3;
					}
				}
				L3:
				if(0 != _v92) {
					_t76 = E01044570(_t69, _v88, _t79 + 0x24, 3);
					if(_t76 >= 0) {
						 *_t71 =  *((intOrPtr*)(_t79 + 0x20));
					}
				}
				goto L4;
			}

0x0103649b
0x010364a3
0x010364ad
0x010364b6
0x010364b8
0x010364bc
0x010364c0
0x010364c4
0x010364ca
0x01091905
0x01036550
0x01036554
0x01036555
0x01036556
0x01036561
0x01036561
0x010364d2
0x010364d5
0x010364de
0x010364e2
0x010364e4
0x010364f1
0x010364f8
0x01091914
0x01091918
0x0109191e
0x0109192b
0x0109192b
0x01091932
0x00000000
0x01091938
0x01091938
0x01036532
0x0103653a
0x01091984
0x01091984
0x01036548
0x0109199c
0x0109199c
0x0103654e
0x00000000
0x0103654e
0x01091932
0x010364fe
0x01036504
0x01036508
0x0103650a
0x0103651f
0x01036523
0x01091948
0x0109194c
0x01091952
0x01091967
0x01091967
0x0109196b
0x00000000
0x01091971
0x00000000
0x01091971
0x0109196b
0x01036529
0x01036530
0x01036572
0x01036576
0x0103657d
0x0103657d
0x01036576
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a55a236f828c5aed8888cb56e1445c859fbfd3f41f724d852dcc0af6cd2a5214
Instruction ID: 18c1e9cdcaf1bf51a45e1c6f90621f8ade5916c8a2d4d67c4858e18d1a73e62a
Opcode Fuzzy Hash: a55a236f828c5aed8888cb56e1445c859fbfd3f41f724d852dcc0af6cd2a5214
Instruction Fuzzy Hash: E2414C72608306AFD712DF64D840A6BB6E9FF88A54F00097AF9D0D7250E731DE558B93

Uniqueness

Uniqueness Score: -1.00%

Function 01048A0A Relevance: .1, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E01048A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x112d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E0107B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E0104E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x1011180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E01061DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E01073C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E01048999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}

0x01048a0a
0x01048a1c
0x01048a23
0x01048a2e
0x01048a30
0x01048a36
0x01048a3c
0x01048a3e
0x01048a4a
0x01048a52
0x01048a9c
0x01048aae
0x01048a58
0x01048a5e
0x01048a6a
0x01048a6f
0x01048a75
0x01048a7d
0x01048a85
0x01048a86
0x01048a89
0x01048a93
0x01048a99
0x01048a9b
0x00000000
0x01048aaf
0x01048abe
0x01048ac3
0x01048acb
0x01048ad7
0x01048ae0
0x01048af1
0x00000000
0x01048af1
0x01048acd
0x01048ad5
0x01048afb
0x01048afd
0x01048aff
0x01048b07
0x01048b22
0x01048b24
0x01048b2a
0x01048b2e
0x01048b3f
0x01048b78
0x01048b41
0x01048b52
0x01048b54
0x01048b5c
0x01048b74
0x01048b74
0x01048b5c
0x01048b3f
0x01048b5e
0x01048b61
0x01048b64
0x01048b64
0x01048b6c
0x01048b6c
0x01048b11
0x01099cd5
0x01099cd5
0x01048b17
0x01048b1a
0x01048b1a
0x00000000
0x01048ad5
0x01048a89

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc4d8cce74cd456d3407cccf62dbfd16b2a234fa1f5150695769298bf88308d8
Instruction ID: 50cae9fc8f999da0eb09afd7e900a237f364a5d48ca1c2dacf336d05bf57a1c4
Opcode Fuzzy Hash: cc4d8cce74cd456d3407cccf62dbfd16b2a234fa1f5150695769298bf88308d8
Instruction Fuzzy Hash: 80414FF4A002299BDB64DF59C8C8AA9B7F4EB54300F1089EAD95997242E7709E80CF90

Uniqueness

Uniqueness Score: -1.00%

Function 010FAA16 Relevance: .1, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010FAA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E010FABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E010FAB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E010FAC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E010DCB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L010577F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E01057D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E010F131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E010DCB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}

0x010faa1f
0x010faa21
0x010faa23
0x010faa2b
0x010faa30
0x010faa36
0x010faa39
0x010faa42
0x010faa75
0x010faa7a
0x010faa7c
0x010faa7c
0x010faa88
0x010faa8a
0x010faa8f
0x010fab02
0x010fab04
0x010faa99
0x010faaa8
0x010faaaf
0x010faab3
0x010faacc
0x010faad1
0x010faad6
0x010faae0
0x010faaf3
0x010faaf9
0x010faafe
0x010faafe
0x010faaf3
0x010faad6
0x010faab3
0x010fab07
0x010fab0a
0x010fab11
0x010fab23
0x010fab13
0x010fab1c
0x010fab1c
0x010fab2b
0x010fab44
0x010fab44
0x010fab51
0x010fab51
0x010faa44
0x010faa47
0x010faa4c
0x00000000
0x00000000
0x010faa5a
0x010faa64
0x010faa72
0x00000000
0x010faa66
0x010faa66
0x010faa68
0x010faa6a
0x00000000
0x010faa6a

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
Instruction ID: 4cc3447527de5a93b4d1a48fffa73a503cfab37534c4e5d3e1651556ddb2c68b
Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
Instruction Fuzzy Hash: 4F31EB31F00109ABEB159B69CC46BAFFBB6DF84210F0584ADEA89A7652DB74DD04C750

Uniqueness

Uniqueness Score: -1.00%

Function 010FFDE2 Relevance: .1, Instructions: 116
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E010FFDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E010FFD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E01100A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E01057D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E010F1608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E01102B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E010FC8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E010FDBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E01057D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E010FA80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}

0x010ffde7
0x010ffde8
0x010ffdec
0x010ffdee
0x010ffdf5
0x010ffdf7
0x010ffdfc
0x010ffe19
0x010ffe22
0x010ffe26
0x010ffec6
0x010ffecd
0x010ffed5
0x010ffee7
0x010ffed7
0x010ffee0
0x010ffee0
0x010ffeef
0x010fff00
0x010fff02
0x010fff07
0x010fff07
0x00000000
0x010ffeef
0x010ffe33
0x010ffe55
0x010ffe59
0x010ffe5b
0x010ffe5e
0x010ffe69
0x010ffe6d
0x010ffe6d
0x010ffe69
0x010ffe35
0x010ffe41
0x010ffe41
0x010ffe79
0x010ffe8b
0x010ffe7b
0x010ffe84
0x010ffe84
0x010ffe93
0x00000000
0x010ffea8
0x010ffeba
0x00000000
0x010ffeba
0x010ffdfe
0x010ffe01
0x010ffe02
0x010ffe08
0x010fff0c
0x010fff14
0x010fff14

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
Instruction ID: ac39cbe762ae024842e6117242aa35b9fd664bcb0c4077e5d7710f05f8d6065c
Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
Instruction Fuzzy Hash: C331E733200642AFD7669B68C846F6A7BE5EF85750F18409CE7C58BB42DA74DC41C760

Uniqueness

Uniqueness Score: -1.00%

Function 010FEA55 Relevance: .1, Instructions: 111
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E010FEA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E01052280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E010FE815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E0103F900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E0104FFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E010FAFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E010FBCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E01057D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E010EFE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E0104FFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E010FA80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}

0x010fea55
0x010fea66
0x010fea68
0x010fea6c
0x010fea6f
0x010fea72
0x010fea75
0x010fea7a
0x010fea7a
0x010fea7e
0x010fea80
0x010fea85
0x010fea8b
0x010feab5
0x010feabc
0x010feabf
0x010feabf
0x010feaca
0x010feace
0x010fead0
0x010feae4
0x010feaeb
0x010feaf0
0x010feaf5
0x010feb09
0x010feb0d
0x010feb1d
0x010feb2d
0x010feb38
0x010feb3d
0x010feb41
0x010feb4a
0x010feb60
0x010feb4c
0x010feb52
0x010feb59
0x010feb59
0x010feb68
0x010feb71
0x010feb71
0x010fea8d
0x010fea8f
0x010fea92
0x010fea97
0x010fea97
0x010fea9b
0x010fea9c
0x010fea9e
0x010feaa6
0x010feaa6
0x010feb7e

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
Instruction ID: 6eaa58153c6b41fca6017aedcfd214a1a912ca9e93df7f8173a9c7e381a91f3a
Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
Instruction Fuzzy Hash: C431C8726047069BC719DF28C881A9BB7E9FFC4310F05496DF69687751DE34E809C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 0104B433 Relevance: .1, Instructions: 109
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E0104B433(intOrPtr __ecx, signed int __edx, intOrPtr _a4, char _a8) {
				char _v5;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				char _v24;
				void* __ebx;
				short _t48;
				intOrPtr* _t51;
				char* _t52;
				signed int _t61;
				void* _t63;
				signed int _t71;
				intOrPtr _t73;
				void* _t74;

				_t73 = __ecx;
				_v5 = __edx;
				_v12 = __ecx;
				_t65 = __edx;
				_t71 = 1 << __edx;
				if(1 > 0x78000) {
					_t71 = 0x78000;
				}
				_t58 = _t71;
				if(_a8 != 0) {
					_t13 = _t71 + 0x2000; // 0x2001
					_t58 = _t13;
				}
				E0104EEF0( *((intOrPtr*)(_t73 + 0xc8)));
				_t74 = E01054620(_t65, _t73, 0x800001, _t58);
				if(_t74 == 0) {
					E0104EB70(_t65,  *((intOrPtr*)(_v12 + 0xc8)));
					L8:
					return _t74;
				}
				if(_a8 != 0) {
					_t15 = _t74 + 0xfff; // 0xfff
					_t61 = _t15 + _t71 & 0xfffff000;
					_v20 = _t61;
					_t63 = _t61 - _t74 + 0x1000;
					_t74 = L01058E10(_v12, 0x800001, _t74, _t63);
					E0104EB70(_t65,  *((intOrPtr*)(_v12 + 0xc8)));
					_v16 = 0x1000;
					_push( &_v24);
					_push(1);
					_push( &_v16);
					_push( &_v20);
					_push(0xffffffff);
					E01079A00();
					_t58 = _t63 - 0x1000;
					 *((char*)(_t74 + 9)) = 1;
					_t48 = _t63 - 0x1000 - _t71;
					_t72 = _v12;
				} else {
					_t72 = _v12;
					E0104EB70(_t65,  *((intOrPtr*)(_v12 + 0xc8)));
					_t48 = 0;
					 *((char*)(_t74 + 9)) = 0;
				}
				 *((short*)(_t74 + 0xa)) = _t48;
				 *((char*)(_t74 + 8)) = _v5;
				_t51 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t51 != 0) {
					if( *_t51 == 0) {
						goto L6;
					}
					_t52 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					goto L7;
				} else {
					L6:
					_t52 = 0x7ffe0380;
					L7:
					if( *_t52 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							E010F1843(_t58, _t72, _t74, _t58, _a4);
						}
					}
					goto L8;
				}
			}

0x0104b442
0x0104b444
0x0104b448
0x0104b44b
0x0104b452
0x0104b456
0x0109a7da
0x0109a7da
0x0104b460
0x0104b462
0x0104b4d2
0x0104b4d2
0x0104b4d2
0x0104b46a
0x0104b47b
0x0104b47f
0x0109a7ea
0x0104b4c8
0x0104b4cf
0x0104b4cf
0x0104b489
0x0104b4dd
0x0104b4e5
0x0104b4eb
0x0104b4f0
0x0104b503
0x0104b50e
0x0104b516
0x0104b51d
0x0104b51e
0x0104b523
0x0104b527
0x0104b528
0x0104b52a
0x0104b52f
0x0104b535
0x0104b53b
0x0104b53d
0x0104b48b
0x0104b48b
0x0104b494
0x0104b499
0x0104b49b
0x0104b49b
0x0104b49e
0x0104b4a5
0x0104b4ae
0x0104b4b3
0x0109a7f7
0x00000000
0x00000000
0x0109a806
0x00000000
0x0104b4b9
0x0104b4b9
0x0104b4b9
0x0104b4be
0x0104b4c1
0x0109a81d
0x0109a82b
0x0109a82b
0x0109a81d
0x00000000
0x0104b4c1

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ce7baec8dd61d033a2283f6c29e1c0cbcb02c42f85a1c7a17e92119e31cdb3b
Instruction ID: 443e93e78fab52e39d2e7d231a515f71fc11bd6fa04b77313390cd60779c30f2
Opcode Fuzzy Hash: 9ce7baec8dd61d033a2283f6c29e1c0cbcb02c42f85a1c7a17e92119e31cdb3b
Instruction Fuzzy Hash: 2B411771604645AFDB21CBACCC84BDFBBF9AF50350F0485B6E49597352C674E944CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 010B69A6 Relevance: .1, Instructions: 108
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E010B69A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x112d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L01046C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E010B6BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E01079980() >= 0) {
							E01052280(_t56, 0x1128778);
							_t77 = 1;
							_t68 = 1;
							if( *0x1128774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x1128774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E0103B6F0(0x101c338, 0x101c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E01079520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E010795D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E0104FFB0(_t68, _t77, 0x1128778);
				}
				_pop(_t78);
				return E0107B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}

0x010b69b5
0x010b69be
0x010b69c3
0x010b69c9
0x010b69cc
0x010b69d1
0x010b69d3
0x010b69de
0x010b69e1
0x010b69ea
0x010b69f6
0x010b69fe
0x010b6a13
0x010b6a14
0x010b6a15
0x010b6a16
0x010b6a1e
0x010b6a26
0x010b6a31
0x010b6a36
0x010b6a37
0x010b6a40
0x010b6a49
0x010b6a4a
0x010b6a53
0x010b6a59
0x010b6a5d
0x010b6a5e
0x010b6a64
0x010b6a67
0x010b6a6a
0x010b6a6d
0x010b6a70
0x010b6a77
0x010b6a7d
0x010b6a86
0x010b6a89
0x010b6a9c
0x010b6a9f
0x010b6aa2
0x010b6aa5
0x010b6aaf
0x010b6ab1
0x010b6ab8
0x010b6ab9
0x010b6abb
0x010b6abe
0x010b6ac5
0x010b6ac5
0x010b6aaf
0x010b6a40
0x010b6a26
0x010b69fe
0x010b6ace
0x010b6ad0
0x010b6ad3
0x010b6ad8
0x010b6adf
0x010b6adf
0x010b6ae8
0x010b6aef
0x010b6aef
0x010b6af9
0x010b6b06

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e27baec007abceb30c65342f61a7d1c5b25671eb1464a95a31ce7599a30bb6ea
Instruction ID: 887d018e0b70069b21c759485c17b8b7abe50e45639d57c6940a79e5927b340a
Opcode Fuzzy Hash: e27baec007abceb30c65342f61a7d1c5b25671eb1464a95a31ce7599a30bb6ea
Instruction Fuzzy Hash: 57418CB1D00209AFDB24DFA9D980BFEBBF8EF48714F14816AE994A7240DB759905CF50

Uniqueness

Uniqueness Score: -1.00%

Function 01035210 Relevance: .1, Instructions: 107
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E01035210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E010352A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E010795D0();
							L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E0104EB70(_t54, 0x11279a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E010795D0();
								L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E0104EB70(_t54, 0x11279a0);
						}
						return _t52;
					}
					L5:
					_t33 = E0107F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E0104EB70(_t54, 0x11279a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E010795D0();
							L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}

0x01035220
0x01035224
0x01090d13
0x01090d16
0x01090d19
0x0103522a
0x0103522a
0x0103522d
0x0103522d
0x01035231
0x01035235
0x01035239
0x01090d5c
0x01090d62
0x00000000
0x00000000
0x01090d6a
0x01090d7b
0x01090d7f
0x01090d81
0x01090d84
0x01090d95
0x01090d95
0x01090d6c
0x01090d71
0x01090d71
0x01090d9a
0x00000000
0x0103524a
0x0103524a
0x01035250
0x01090d24
0x01090d35
0x01090d39
0x01090d3b
0x01090d3e
0x01090d50
0x01090d50
0x01090d26
0x01090d2b
0x01090d2b
0x00000000
0x01090d55
0x01035256
0x0103525b
0x01035265
0x01090da7
0x0103526b
0x0103526e
0x01035272
0x01090db1
0x01090db4
0x01090dc5
0x01090dc5
0x01035272
0x01035278
0x0103527e
0x0103528a
0x0103528c
0x0103528d
0x00000000
0x01035280
0x01035282
0x01035288
0x0103529f
0x01035292
0x00000000
0x01035292
0x00000000
0x01035288
0x0103527e

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46e0c5f5261d94cdfb7c4fe36f42e1ef9855f8f111ce311b1d6a2e79c4845df9
Instruction ID: e56ed28dcea4eb319d6edd738238d6980bfeb3be527cba43fb58f164e5ebda66
Opcode Fuzzy Hash: 46e0c5f5261d94cdfb7c4fe36f42e1ef9855f8f111ce311b1d6a2e79c4845df9
Instruction Fuzzy Hash: EC312631642611EBCB66AB18CC90BAE7BBDFF61760F114629F8D54B1A4EB30E800D7D0

Uniqueness

Uniqueness Score: -1.00%

Function 01073D43 Relevance: .1, Instructions: 106
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01073D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E01047B60(0, _t61, 0x10111c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E01047B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = E01054620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}

0x01073d4c
0x01073d50
0x01073d55
0x01073d5e
0x010ae79a
0x00000000
0x010ae79a
0x01073d68
0x010ae789
0x01073d9d
0x01073da3
0x01073daf
0x01073db5
0x01073dbc
0x01073dc4
0x01073dc9
0x01073dce
0x010ae7ae
0x010ae7ae
0x01073dde
0x01073de2
0x01073de7
0x01073e0d
0x01073e13
0x01073e16
0x01073e1e
0x01073e25
0x01073e28
0x00000000
0x00000000
0x01073e2a
0x01073e2f
0x01073e37
0x01073e37
0x00000000
0x01073e37
0x01073e31
0x00000000
0x01073e31
0x01073e20
0x01073e20
0x01073e35
0x00000000
0x01073de9
0x01073de9
0x01073de9
0x01073dee
0x01073dfd
0x01073dff
0x01073e02
0x01073e05
0x01073e05
0x00000000
0x01073df0
0x01073de7
0x010ae78f
0x010ae794
0x01073d79
0x01073d84
0x01073d89
0x01073d8e
0x00000000
0x010ae7a4
0x01073d96
0x01073d9a
0x00000000
0x01073d9a
0x00000000
0x010ae794
0x01073d6e
0x01073d73
0x00000000
0x010ae7b5
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e15620a08f5a954e74b93ae887c18e9f9b13586a1b7791c9e8370fdd5b72178
Instruction ID: 4069246fe4987cb7ba51f2cff9f97780c73f9c9b7fdacae8998fd2a74b2c50a7
Opcode Fuzzy Hash: 3e15620a08f5a954e74b93ae887c18e9f9b13586a1b7791c9e8370fdd5b72178
Instruction Fuzzy Hash: E931DC71A00615DBE7299F2DD881A6FBBE5FF45700B0584AAE98ACF390E730DC40E795

Uniqueness

Uniqueness Score: -1.00%

Function 0105C182 Relevance: .1, Instructions: 104
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E0105C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E01057D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E01108D34(_v8, _t80);
					}
					E01052280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E0104FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E01108833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E0104FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E0107B180();
						if(_a4 != 0) {
							E01052280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E0105BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E0105BB2D(_t16, _t15);
						E0105B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E0104FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E0104FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E0104FFB0(0, __ecx, _t24);
				}
				return 0;
			}

0x0105c18d
0x0105c18f
0x0105c191
0x0105c19b
0x0105c1a0
0x0105c1d4
0x0105c1de
0x010a2d6e
0x0105c1e4
0x0105c1e4
0x0105c1e4
0x0105c1ec
0x010a2d7d
0x010a2d7d
0x0105c1f3
0x0105c1ff
0x010a2d88
0x010a2d8d
0x010a2d94
0x010a2d94
0x010a2d9f
0x010a2da4
0x010a2dab
0x010a2db0
0x010a2db2
0x010a2db3
0x010a2db4
0x010a2dbc
0x010a2dc3
0x010a2dc3
0x0105c205
0x0105c205
0x0105c208
0x0105c20e
0x0105c211
0x0105c216
0x0105c219
0x0105c21f
0x0105c222
0x0105c22c
0x0105c234
0x0105c23a
0x0105c23f
0x0105c245
0x0105c24b
0x0105c251
0x0105c25a
0x0105c276
0x0105c27d
0x0105c27d
0x0105c25c
0x0105c25c
0x00000000
0x0105c25e
0x0105c1a4
0x0105c1aa
0x0105c1b3
0x0105c265
0x0105c26c
0x0105c26c
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
Instruction ID: d731a3ed2b1a52041b951e327819463e5ab3fef18e58ab7c0ed15f7092ae478d
Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
Instruction Fuzzy Hash: 16314B71A01647BFE785EBB8C580BEEFB98BF52244F04816AC89C47201DB746A45C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 010B7016 Relevance: .1, Instructions: 104
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E010B7016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x112d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E010B6B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E010B6B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E01057D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E01079AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E0107B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = E01054620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}

0x010b7016
0x010b701e
0x010b702b
0x010b7033
0x010b7037
0x010b703c
0x010b703e
0x010b7041
0x010b7045
0x010b704a
0x010b7050
0x010b7055
0x010b705a
0x010b7062
0x010b7062
0x010b705a
0x010b7064
0x010b7064
0x010b7067
0x010b7071
0x010b7096
0x010b709b
0x010b70a2
0x010b70a6
0x010b70a7
0x010b70ad
0x010b70b3
0x010b70b6
0x010b70bb
0x010b70c3
0x010b70c3
0x010b70c6
0x010b70cd
0x010b70dd
0x010b70e0
0x010b70e2
0x010b70e2
0x010b70ee
0x010b7101
0x010b70f0
0x010b70f9
0x010b70f9
0x010b710a
0x010b710e
0x010b7112
0x010b7117
0x010b7118
0x010b7118
0x010b70bb
0x010b711d
0x010b7123
0x010b7131
0x010b7131
0x010b7136
0x010b713d
0x010b713e
0x010b713f
0x010b714a
0x010b714a
0x010b7084
0x010b7088
0x00000000
0x010b708e
0x010b708e
0x010b7092
0x00000000
0x010b7092

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25272ab213b2d3f3c12bfbf4c072c9a06b3f1d5afaf9f3dfac57f21b35209c41
Instruction ID: b9f67358b187d3756eb305103146ea0a2d84ef10bc7d19f224a5177dd8dc1549
Opcode Fuzzy Hash: 25272ab213b2d3f3c12bfbf4c072c9a06b3f1d5afaf9f3dfac57f21b35209c41
Instruction Fuzzy Hash: E63192766047519BC320DF6CC980AAAB7E5BFC8700F044A69F99597690E730E914C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 010653C5 Relevance: .1, Instructions: 98
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E010653C5(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				signed int _t56;
				unsigned int _t58;
				char _t63;
				unsigned int _t72;
				signed int _t77;
				intOrPtr _t79;
				void* _t80;

				_push(0x18);
				_push(0x110ff80);
				E0108D08C(__ebx, __edi, __esi);
				_t79 = __ecx;
				 *((intOrPtr*)(_t80 - 0x28)) = __ecx;
				 *((char*)(_t80 - 0x1a)) = 0;
				 *((char*)(_t80 - 0x19)) = 0;
				 *((intOrPtr*)(_t80 - 0x20)) = 0;
				 *((intOrPtr*)(_t80 - 4)) = 0;
				if(( *(__ecx + 0x40) & 0x75010f61) != 0 || ( *(__ecx + 0x40) & 0x00000002) == 0 || ( *( *[fs:0x30] + 0x68) & 0x00000800) != 0) {
					_t47 = 0;
					_t63 = 1;
				} else {
					_t63 = 1;
					_t47 = 1;
				}
				if(_t47 == 0) {
					_t77 = 0xc000000d;
					goto L18;
				} else {
					E0104EEF0( *((intOrPtr*)(_t79 + 0xc8)));
					 *((char*)(_t80 - 0x19)) = _t63;
					if( *((char*)(_t79 + 0xda)) == 2) {
						_t47 =  *(_t79 + 0xd4);
					} else {
						_t47 = 0;
					}
					if(_t47 != 0) {
						_t77 = 0;
						goto L18;
					} else {
						if( *((intOrPtr*)(_t79 + 0xd8)) != 0) {
							_t77 = 0xc000001e;
							L18:
							 *((intOrPtr*)(_t80 - 0x20)) = _t77;
							L19:
							_t64 = 0xffff;
							L14:
							 *((intOrPtr*)(_t80 - 4)) = 0xfffffffe;
							E01065520(_t47, _t64, _t79);
							return E0108D0D1(_t77);
						}
						 *((short*)(_t79 + 0xd8)) = _t63;
						 *((char*)(_t80 - 0x1a)) = _t63;
						_t72 =  *0x1125cb4; // 0x4000
						_t69 = _t79;
						_t77 = E010655C8(_t79, (_t72 >> 3) + 2);
						 *((intOrPtr*)(_t80 - 0x20)) = _t77;
						if(_t77 < 0) {
							goto L19;
						}
						E01065539(_t79,  *((intOrPtr*)(_t79 + 0xb4)), _t69);
						 *(_t79 + 0xd4) =  *(_t79 + 0xd4) & 0x00000000;
						 *((char*)(_t79 + 0xda)) = 0;
						E0104EB70(_t79,  *((intOrPtr*)(_t79 + 0xc8)));
						 *((char*)(_t80 - 0x19)) = 0;
						_t71 = _t79;
						 *(_t80 - 0x24) = E01063C3E(_t79);
						E0104EEF0( *((intOrPtr*)(_t79 + 0xc8)));
						 *((char*)(_t80 - 0x19)) = _t63;
						_t56 =  *(_t80 - 0x24);
						if(_t56 == 0) {
							_t77 = 0xc0000017;
							 *((intOrPtr*)(_t80 - 0x20)) = 0xc0000017;
						} else {
							 *(_t79 + 0xd4) = _t56;
							 *((short*)(_t79 + 0xda)) = 0x202;
							if((E01064190() & 0x00010000) == 0) {
								_t58 =  *0x1125cb4; // 0x4000
								 *(_t79 + 0x6c) = _t58 >> 3;
							}
						}
						_t64 = 0xffff;
						 *((intOrPtr*)(_t79 + 0xd8)) =  *((intOrPtr*)(_t79 + 0xd8)) + 0xffff;
						 *((char*)(_t80 - 0x1a)) = 0;
						 *((char*)(_t80 - 0x19)) = 0;
						_t47 = E0104EB70(_t71,  *((intOrPtr*)(_t79 + 0xc8)));
						goto L14;
					}
				}
			}

0x010653c5
0x010653c7
0x010653cc
0x010653d1
0x010653d3
0x010653d8
0x010653db
0x010653de
0x010653e1
0x010653eb
0x010a70b0
0x010a70b4
0x0106540e
0x01065410
0x01065411
0x01065411
0x01065415
0x010a70ba
0x00000000
0x0106541b
0x01065421
0x01065426
0x01065432
0x010a70d3
0x01065438
0x01065438
0x01065438
0x0106543c
0x010a70de
0x00000000
0x01065442
0x01065449
0x010a70c1
0x010a70c6
0x010a70c6
0x010a70c9
0x010a70c9
0x0106550c
0x0106550c
0x01065513
0x0106551f
0x0106551f
0x0106544f
0x01065456
0x01065459
0x01065465
0x0106546c
0x0106546e
0x01065473
0x00000000
0x00000000
0x01065482
0x01065487
0x0106548e
0x0106549b
0x010654a0
0x010654a4
0x010654ab
0x010654b4
0x010654b9
0x010654bc
0x010654c1
0x010a70e2
0x010a70e7
0x010654c7
0x010654c7
0x010654cd
0x010654e0
0x010654e2
0x010654ea
0x010654ea
0x010654e0
0x010654ed
0x010654f2
0x010654f9
0x010654fd
0x01065507
0x00000000
0x01065507
0x0106543c

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54882c32f1e7990a1e850549a99389a21c5e78f214f16a64b560d113c4dffecd
Instruction ID: 325f03b44178250bd3d85da09ced847697fb74cfaae6d39b716d210dd855bcb9
Opcode Fuzzy Hash: 54882c32f1e7990a1e850549a99389a21c5e78f214f16a64b560d113c4dffecd
Instruction Fuzzy Hash: C5410230A04745CBDB329BB8C8507EFBAE2BF51304F14456ED0C6AB241DB364905CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 010E3D40 Relevance: .1, Instructions: 98
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E010E3D40(intOrPtr __ecx, char* __edx) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed char _v24;
				char _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char _t34;
				intOrPtr* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				char* _t55;
				char _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				char* _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x112d360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E01052280(_t34, 0x1128a6c);
				_t64 =  *0x1125768; // 0x77de5768
				if(_t64 != 0x1125768) {
					while(1) {
						_t8 = _t64 + 8; // 0x77de5770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E0104FFB0(_t53, _t64, 0x1128a6c);
						 *0x112b1e0(_v24, _t67);
						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
							_v37 = 1;
						}
						E01052280(_t45, 0x1128a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t48 =  *((intOrPtr*)(_t53 + 4));
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x1125768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E0104FFB0(_t51, _t64, 0x1128a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E0107B640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

0x010e3d40
0x010e3d48
0x010e3d52
0x010e3d59
0x010e3d5d
0x010e3d61
0x010e3d63
0x010e3d67
0x010e3d69
0x010e3d72
0x010e3d76
0x010e3d7a
0x010e3d7f
0x010e3d8b
0x010e3d91
0x010e3d91
0x010e3d91
0x010e3d94
0x010e3d96
0x010e3d9d
0x010e3da1
0x010e3db0
0x010e3dba
0x010e3dbc
0x010e3dbc
0x010e3dc6
0x010e3dcb
0x010e3dcf
0x010e3dd1
0x010e3dd4
0x00000000
0x00000000
0x010e3dd9
0x010e3e0c
0x010e3e0c
0x010e3e0f
0x010e3ddb
0x010e3ddb
0x010e3de0
0x00000000
0x010e3de2
0x010e3de2
0x010e3de4
0x010e3de8
0x010e3deb
0x010e3df1
0x00000000
0x010e3df3
0x010e3df3
0x010e3df5
0x010e3df8
0x010e3dfa
0x00000000
0x010e3dfa
0x010e3df1
0x010e3de0
0x010e3e11
0x010e3e11
0x00000000
0x010e3dfe
0x010e3e04
0x010e3e06
0x00000000
0x010e3e06
0x00000000
0x010e3e04
0x010e3d91
0x010e3e15
0x010e3e1a
0x010e3e1f
0x010e3e1f
0x010e3e23
0x010e3e29
0x00000000
0x00000000
0x010e3e2e
0x00000000
0x010e3e30
0x010e3e30
0x010e3e35
0x00000000
0x010e3e37
0x010e3e3e
0x010e3e42
0x010e3e48
0x010e3e4e
0x00000000
0x010e3e4e
0x010e3e35
0x00000000
0x010e3e2e
0x010e3e5b
0x010e3e5c
0x010e3e5d
0x010e3e68
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d57263b63f5604dcfaa0511df6285c43f277e79ac3b0dc660b0053b63f51208f
Instruction ID: 37d29cd9c99ab9fa4672db64db51ffce1e829723f7dd4f6fb19e01893fbea0c3
Opcode Fuzzy Hash: d57263b63f5604dcfaa0511df6285c43f277e79ac3b0dc660b0053b63f51208f
Instruction Fuzzy Hash: 3F31AA71509312DFCB18DF19D58455ABFE1FF85704F0448AEE8889B381D730E914CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 01033880 Relevance: .1, Instructions: 97
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E01033880(signed int _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				signed int _t28;
				signed int _t30;
				signed int* _t42;
				signed int _t45;
				signed int* _t46;
				void* _t47;

				_v20 = _v20 | 0xffffffff;
				_t28 = 0;
				_t42 = 0;
				_v24 = 0xfd050f80;
				_t46 = 0;
				_v16 = 0;
				_t45 = 0;
				_v12 = 0;
				_v8 = 0;
				_t47 =  *0x11284cc - _t28; // 0x0
				if(_t47 != 0) {
					E0105ECE0(_a12, _a8, 0, 0);
					_t30 = 0;
					L2:
					while(1) {
						do {
							L2:
							while(1) {
								if(_t46 != 0) {
									L5:
									_push(0x1030);
									_push(_t46);
									_push(_t45);
									_push(_t30);
									_push( &_v16);
									_push(_t42);
									if(E0107A3A0() >= 0) {
										_t43 = _t46;
										_t45 = E0103395E(_t46, 0);
										if(_t45 == 0x103) {
											_t42 = 0;
											_t30 = 0;
											_v16 = _v16 & 0;
											_t45 = 0;
											_v12 = _v12 & 0;
											_t46 = 0;
											_v8 = 0;
											continue;
										} else {
											break;
										}
										goto L9;
									}
								} else {
									_t46 = E01054620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t46, 0x1030);
									if(_t46 == 0) {
										_t28 = 0xc0000017;
									} else {
										_t30 = _v8;
										goto L5;
									}
								}
								if(_t28 != 0x8000001a) {
									_t28 = E0105ECE0(_a12, _a8,  &_v24, 0);
								}
								if(_t46 != 0) {
									return L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t46);
								}
								goto L9;
							}
							_t13 =  &(_t46[2]); // 0x8
							_t42 = _t13;
							_v16 =  *_t46;
							_v12 = _t46[1];
							_t30 = _t46[6];
							_v8 = _t30;
						} while (_t45 != 0xc000022d);
						E010C2D0B(_t43);
						_t30 = _v8;
						_t46 = 0;
					}
				}
				L9:
				return _t28;
			}

0x01033888
0x0103388c
0x0103388f
0x01033891
0x01033899
0x0103389b
0x0103389f
0x010338a1
0x010338a4
0x010338a7
0x010338ad
0x010338b7
0x010338bc
0x00000000
0x010338be
0x010338be
0x00000000
0x010338be
0x010338c0
0x010338e3
0x010338e3
0x010338e8
0x010338e9
0x010338ea
0x010338ee
0x010338ef
0x010338f7
0x01033924
0x0103392b
0x01033933
0x0108ffb7
0x0108ffb9
0x0108ffbb
0x0108ffbe
0x0108ffc0
0x0108ffc3
0x0108ffc5
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x01033933
0x010338c2
0x010338d6
0x010338da
0x0108ffdc
0x010338e0
0x010338e0
0x00000000
0x010338e0
0x010338da
0x010338fe
0x0108fff2
0x0108fff2
0x01033906
0x00000000
0x01033914
0x00000000
0x01033906
0x0103393b
0x0103393b
0x0103393e
0x01033944
0x01033947
0x0103394a
0x0103394d
0x0108ffcd
0x0108ffd2
0x0108ffd5
0x0108ffd5
0x010338be
0x0103391f
0x0103391f

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2379520b9e49a905748b8b006d1cf780e84744096f8f4bb3a3e90e4d5f7f211a
Instruction ID: a5ad84989f3c56983118d8f2dd3d59188f0696cb6f368a0cd118cf6e7f5bf80e
Opcode Fuzzy Hash: 2379520b9e49a905748b8b006d1cf780e84744096f8f4bb3a3e90e4d5f7f211a
Instruction Fuzzy Hash: E7319232E0021AEFDB61DFA9C880AAEBBFCBF44650F014566E995DB250D6709A408B90

Uniqueness

Uniqueness Score: -1.00%

Function 010FA189 Relevance: .1, Instructions: 96
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E010FA189(signed int __ecx, signed char __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* __ebx;
				void* __edi;
				intOrPtr _t29;
				intOrPtr* _t30;
				intOrPtr _t40;
				void* _t44;
				signed int _t50;
				intOrPtr* _t51;
				intOrPtr _t52;

				_v20 = __edx;
				_t50 = __ecx;
				if(__edx != 0) {
					E01052280(__edx, 0x1126220);
					_t42 = _t50;
					_t40 = E010FA166(_t50);
					if(_t40 != 0) {
						L15:
						E0104FFB0(_t40, _t50, 0x1126220);
						 *_v20 = _t40;
						return 0;
					}
					_t44 = E010FA166(_t42 ^ 0x00000100);
					if(_t44 != 0) {
						_v12 =  *((intOrPtr*)(_t44 + 4));
						_v8 =  *((intOrPtr*)(_t44 + 8));
						L7:
						_t51 = E01054620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x50);
						if(_t51 != 0) {
							_t10 = _t51 + 0xc; // 0xc
							_t40 = _t10;
							_t29 = E010EA708(_t50, _v12, _v8, _t40);
							_v16 = _t29;
							if(_t29 >= 0) {
								 *(_t51 + 8) = _t50;
								_t30 =  *0x11253d4; // 0x77de53d0
								if( *_t30 != 0x11253d0) {
									0x11253d0 = 3;
									asm("int 0x29");
								}
								 *_t51 = 0x11253d0;
								 *((intOrPtr*)(_t51 + 4)) = _t30;
								 *_t30 = _t51;
								 *0x11253d4 = _t51;
								goto L15;
							}
							L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t51);
							_t52 = _v16;
							L11:
							E0104FFB0(_t40, _t50, 0x1126220);
							return _t52;
						}
						_t52 = 0xc0000017;
						goto L11;
					}
					_push( &_v8);
					_push( &_v12);
					_push(_t44);
					_push(_t50 & 0xfffffeff);
					_push(0xc);
					_t52 = E0107A420();
					if(_t52 >= 0) {
						goto L7;
					}
					goto L11;
				}
				return 0xc00000f0;
			}

0x010fa194
0x010fa199
0x010fa19d
0x010fa1ae
0x010fa1b3
0x010fa1ba
0x010fa1be
0x010fa27e
0x010fa283
0x010fa28b
0x00000000
0x010fa28d
0x010fa1cf
0x010fa1d3
0x010fa1f8
0x010fa1fe
0x010fa201
0x010fa213
0x010fa217
0x010fa223
0x010fa223
0x010fa22c
0x010fa231
0x010fa236
0x010fa25b
0x010fa263
0x010fa26a
0x010fa26e
0x010fa26f
0x010fa26f
0x010fa271
0x010fa273
0x010fa276
0x010fa278
0x00000000
0x010fa278
0x010fa245
0x010fa24a
0x010fa24d
0x010fa252
0x00000000
0x010fa257
0x010fa219
0x00000000
0x010fa219
0x010fa1d8
0x010fa1dc
0x010fa1dd
0x010fa1e5
0x010fa1e6
0x010fa1ed
0x010fa1f1
0x00000000
0x00000000
0x00000000
0x010fa1f3
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bab738735b9cf7f0cf688648c3865831af20ddb34243c344f60d17955f96ab2
Instruction ID: 1cfaffdd79bf40ad607bdc0b132d3814cf8d7505df13f853fc3d62788667416e
Opcode Fuzzy Hash: 9bab738735b9cf7f0cf688648c3865831af20ddb34243c344f60d17955f96ab2
Instruction Fuzzy Hash: 4C31E275B00216EBCB66DF9DD841BAEBBF9AF45710F11006DEA89EB740DA71DD008B90

Uniqueness

Uniqueness Score: -1.00%

Function 0106A70E Relevance: .1, Instructions: 96
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E0106A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x1127b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x1127b10 = 8;
					 *0x1127b14 = 0x1127b0c;
					 *0x1127b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E0106A990(0x1127b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L0106A840(__edx, __ecx, __ecx, _t52, 0x1127b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x1127b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x1127b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x1127b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = E01054620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x1127b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E0107F3E0(_t50,  *0x1127b14, _t8 >> 3);
						_t28 =  *0x1127b14; // 0x0
						__eflags = _t28 - 0x1127b0c;
						if(_t28 != 0x1127b0c) {
							L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x1127b14 = _t50;
						_t48 = _v12;
						 *0x1127b10 = _t9;
						goto L6;
					}
					 *0x1127b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}

0x0106a713
0x0106a714
0x0106a717
0x0106a71d
0x0106a720
0x0106a722
0x0106a727
0x0106a74a
0x0106a754
0x0106a75e
0x0106a768
0x0106a76a
0x0106a773
0x0106a78b
0x0106a790
0x0106a792
0x0106a741
0x0106a741
0x0106a743
0x0106a749
0x0106a749
0x0106a732
0x0106a73a
0x0106a797
0x0106a79d
0x0106a7a3
0x0106a7a9
0x0106a7b6
0x0106a7bc
0x0106a7ca
0x0106a7e0
0x0106a7e2
0x0106a7e4
0x010a9bf2
0x00000000
0x010a9bf2
0x0106a7ed
0x0106a7f2
0x0106a800
0x0106a805
0x0106a80d
0x0106a812
0x010a9c08
0x010a9c08
0x0106a818
0x0106a81b
0x0106a821
0x0106a824
0x00000000
0x0106a824
0x0106a7ae
0x00000000
0x0106a7ae
0x0106a73c
0x0106a73e
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a985654459fa472b578aa781cc8ada4e3ec6ffec1a991af9edc3e9068aea594a
Instruction ID: 39b6b5d579da3074d6f8d5de256171f389f5b431644f55ad55b3d67ee687464e
Opcode Fuzzy Hash: a985654459fa472b578aa781cc8ada4e3ec6ffec1a991af9edc3e9068aea594a
Instruction Fuzzy Hash: 5A31BEB1700201EBC739DF08EC80F5A7BF9FBA4710F144969E265A7284D37499A1CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 010661A0 Relevance: .1, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E010661A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E01065E50(0x10167cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E01109D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E0103F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}

0x010661b3
0x010661b5
0x010661bd
0x010661c3
0x010661c7
0x010661d2
0x010661ff
0x010661ff
0x01066201
0x01066207
0x01066207
0x010661d4
0x010661d9
0x00000000
0x00000000
0x010661df
0x010661e2
0x00000000
0x00000000
0x010661e6
0x010661e8
0x010661ee
0x010661ee
0x010661f9
0x010a762f
0x010a7632
0x010a7635
0x010a7639
0x010a7640
0x010a766e
0x010a7675
0x00000000
0x00000000
0x010a7681
0x010a7689
0x010a768d
0x010a7691
0x010a7695
0x010a7699
0x010a76af
0x010a76b5
0x010a76b7
0x010a76b7
0x010a76d7
0x010a76dc
0x00000000
0x010a76dc
0x010a76a2
0x010a76a9
0x010a7651
0x010a7653
0x010a7653
0x010a7656
0x010a7656
0x00000000
0x010a7656
0x010a7644
0x010a7646
0x010a7648
0x010a7648
0x00000000
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc2bc33e91c176dfddd1f576949c8c7de46d5c0df904488b61b3a4fb680965b0
Instruction ID: c58233465e7a21e2f1276dcb82361451143eb35c1558130f27ffee5cd328da20
Opcode Fuzzy Hash: cc2bc33e91c176dfddd1f576949c8c7de46d5c0df904488b61b3a4fb680965b0
Instruction Fuzzy Hash: 5A317E716057018FE360CF5DC900B2ABBE8FB88B04F4589ADE9D49B351E7B2D844CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0103AA16 Relevance: .1, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E0103AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x112d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x1127b9c; // 0x0
					_t53 = E01054620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E0107B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E0107F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L01046C59(_t53, _t51, _t58) != 0) {
							_t28 = E01065E50(0x101c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E0106B230(_v32, _v28, 0x101c2d8, 1,  &_v24);
								_t28 = E0103F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}

0x0103aa25
0x0103aa29
0x0103aa2d
0x0103aa30
0x0103aa37
0x0103aa3c
0x01094458
0x01094458
0x01094472
0x01094474
0x01094476
0x0103aa64
0x0103aa74
0x0109447c
0x01094483
0x01094492
0x0103aa52
0x0103aa54
0x0103aa5e
0x010944a8
0x010944ad
0x010944af
0x010944b6
0x010944b6
0x010944b9
0x010944bc
0x010944cd
0x010944d3
0x010944d6
0x010944e1
0x010944e1
0x010944e6
0x010944e8
0x010944fb
0x010944fb
0x010944e8
0x00000000
0x0103aa5e
0x01094476
0x0103aa42
0x0103aa46
0x0103aa48
0x0103aa4c
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4c7ab9f98d0c42e840c8532a5be397a6c7501d29f59d21fc6d551368ca7d813
Instruction ID: 8379e7799363849fed635eec636d713f44a2d40fc5c3ccfbb2285a6e852e0165
Opcode Fuzzy Hash: b4c7ab9f98d0c42e840c8532a5be397a6c7501d29f59d21fc6d551368ca7d813
Instruction Fuzzy Hash: B931F772A0061AEBCF159F68CE41ABFB7B8FF54700F014069F981DB150EB749951DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 01074A2C Relevance: .1, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E01074A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x112d360 ^ _t62;
				_v8 =  *0x112d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E01052280(_t26, 0x1128608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E0104FFB0(_t41, _t51, 0x1128608);
						L2:
						 *0x112b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E0107B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E01052280(_t28, 0x1128608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E0104FFB0(_t42, _t53, 0x1128608);
							if(_t53 != 0) {
								L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E0104FFB0(_t41, _t51, 0x1128608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}

0x01074a2c
0x01074a34
0x01074a3c
0x01074a3e
0x01074a48
0x01074a4b
0x01074a4d
0x01074a51
0x01074a9c
0x00000000
0x00000000
0x01074aa3
0x01074aa8
0x01074aad
0x01074ab1
0x01074ade
0x01074ae3
0x01074a5a
0x01074a62
0x01074a6a
0x01074a6e
0x010af203
0x01074a84
0x01074a88
0x01074a89
0x01074a8a
0x01074a95
0x01074a95
0x01074a79
0x01074a80
0x01074af2
0x01074af4
0x01074af9
0x01074aff
0x01074b01
0x01074b03
0x01074b08
0x010af20a
0x010af212
0x010af216
0x010af216
0x01074b08
0x01074b13
0x01074b1a
0x010af229
0x010af229
0x01074b1a
0x01074a82
0x00000000
0x01074a82
0x01074ab7
0x01074acd
0x01074acd
0x01074ad5
0x01074ada
0x00000000
0x01074ada
0x01074ac2
0x01074acb
0x00000000
0x00000000
0x00000000
0x01074acb
0x01074a53
0x01074a53
0x01074a58
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0472517d33b0f2e8540b13187f83d267b8e4574d9a564cb439b467f12b77d99a
Instruction ID: 06cf1101c07a8c3ac71d21ccae6955ff8c33ce7c71ee02c15363b04aa4db72b2
Opcode Fuzzy Hash: 0472517d33b0f2e8540b13187f83d267b8e4574d9a564cb439b467f12b77d99a
Instruction Fuzzy Hash: 7C31E232A05351ABC772EF58C984B6BBBE4FF84710F444569E9D687641CB70E810CB89

Uniqueness

Uniqueness Score: -1.00%

Function 01036730 Relevance: .1, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E01036730(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				void* _v24;
				void* _v40;
				void* _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t32;
				char* _t35;
				char* _t42;
				char* _t51;
				void* _t52;
				signed int _t67;
				void* _t68;
				void* _t71;
				signed int _t73;

				_t75 = (_t73 & 0xfffffff8) - 0xc;
				_v8 =  *0x112d360 ^ (_t73 & 0xfffffff8) - 0x0000000c;
				_t70 = _a8;
				_t67 = _a8 - 0x78;
				_t32 = E01057D50();
				_t51 = 0x7ffe0386;
				if(_t32 != 0) {
					_t35 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				} else {
					_t35 = 0x7ffe0386;
				}
				if( *_t35 != 0) {
					E011089E7( *((intOrPtr*)(_t67 + 0x5c)), _t70,  *((intOrPtr*)(_t67 + 0x30)),  *((intOrPtr*)(_t67 + 0x34)),  *((intOrPtr*)(_t67 + 0x3c)));
				}
				_t64 = _t67;
				if(E010695EC(_a4, _t67, 1) != 0) {
					if(E01057D50() != 0) {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t42 = _t51;
					}
					if( *_t42 != 0) {
						E01109CB3( *((intOrPtr*)(_t67 + 0x5c)), _t70,  *((intOrPtr*)(_t67 + 0x30)),  *((intOrPtr*)(_t67 + 0x34)),  *((intOrPtr*)(_t67 + 0x3c)));
					}
					_t64 =  *((intOrPtr*)(_t67 + 0x30));
					E0105C677(_t75 + 0x14,  *((intOrPtr*)(_t67 + 0x30)),  *((intOrPtr*)(_t67 + 0x34)),  *((intOrPtr*)(_t67 + 0x3c)));
					 *0x112b1e0(_a4,  *((intOrPtr*)(_t67 + 0x34)));
					 *((intOrPtr*)( *((intOrPtr*)(_t67 + 0x30))))();
					if(E01057D50() != 0) {
						_t51 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					}
					if( *_t51 != 0) {
						_t64 = _a8;
						E01108ADD( *((intOrPtr*)(_t67 + 0x5c)), _a8,  *((intOrPtr*)(_t67 + 0x30)),  *((intOrPtr*)(_t67 + 0x34)),  *((intOrPtr*)(_t67 + 0x3c)));
					}
					_t37 = E0105C5F8( *((intOrPtr*)(_t75 + 0x10)));
				}
				_pop(_t68);
				_pop(_t71);
				_pop(_t52);
				return E0107B640(_t37, _t52, _v8 ^ _t75, _t64, _t68, _t71);
			}

0x01036738
0x01036742
0x01036748
0x0103674c
0x0103674f
0x01036754
0x0103675b
0x01091aac
0x01036761
0x01036761
0x01036761
0x01036766
0x01091ac4
0x01091ac4
0x0103676f
0x0103677a
0x01036783
0x01091ad7
0x01036789
0x01036789
0x01036789
0x0103678e
0x01091aef
0x01091aef
0x01036797
0x010367a1
0x010367b1
0x010367b7
0x010367c0
0x01091b02
0x01091b02
0x010367c9
0x01091b10
0x01091b1c
0x01091b1c
0x010367d3
0x010367d3
0x010367dc
0x010367dd
0x010367de
0x010367e9

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73a9a0d65bf388f550bd3824433eef44e85ca76b13181f82a6106d177bb4acab
Instruction ID: 0ddf8ac0602e531165f4ac58be85c46f070fb040170076a44554ee134d5e98c3
Opcode Fuzzy Hash: 73a9a0d65bf388f550bd3824433eef44e85ca76b13181f82a6106d177bb4acab
Instruction Fuzzy Hash: FD31F335704A06BFDB56AF24CA50A9ABBE6FF84310F405065EC8147A61D735ED30DB81

Uniqueness

Uniqueness Score: -1.00%

Function 0106E730 Relevance: .1, Instructions: 89
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E0106E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E01079670() < 0) {
					L0108DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x1127b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = E01054620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M0106E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

0x0106e730
0x0106e736
0x0106e738
0x0106e73d
0x0106e73e
0x0106e740
0x0106e749
0x0106e765
0x0106e76a
0x0106e76b
0x0106e76c
0x0106e76d
0x0106e76e
0x0106e76f
0x0106e775
0x0106e777
0x0106e77e
0x010ab675
0x0106e784
0x0106e784
0x0106e789
0x0106e7a8
0x0106e7ac
0x0106e807
0x0106e7ae
0x0106e7ae
0x0106e7b1
0x0106e7b4
0x0106e7b9
0x0106e7c0
0x0106e7c4
0x0106e7ca
0x0106e7cc
0x00000000
0x0106e7d3
0x0106e7d6
0x00000000
0x00000000
0x0106e7ff
0x0106e802
0x00000000
0x00000000
0x0106e7f9
0x0106e7fc
0x00000000
0x00000000
0x0106e7f3
0x0106e7f6
0x00000000
0x00000000
0x0106e7ed
0x0106e7f0
0x00000000
0x00000000
0x0106e7e7
0x0106e7ea
0x00000000
0x00000000
0x010ab685
0x010ab688
0x00000000
0x00000000
0x010ab682
0x00000000
0x00000000
0x0106e7cc
0x0106e7d9
0x0106e7dc
0x0106e7de
0x0106e7de
0x0106e7ac
0x0106e7e4
0x0106e74b
0x0106e751
0x0106e759
0x0106e761
0x0106e761

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2286259b378458ac190b548363734ee360be5eab3c4c9e23981f8cd70511d6b
Instruction ID: 3fcdd169ff1c8013645da3beefb8b93a79a87fb46805c21a2e1d6d5f4ede1e0f
Opcode Fuzzy Hash: a2286259b378458ac190b548363734ee360be5eab3c4c9e23981f8cd70511d6b
Instruction Fuzzy Hash: 50318C79A14349EFD744CF58C841B9ABBE8FB08214F1482A6F948CB341E635E890CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0106BC2C Relevance: .1, Instructions: 88
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E0106BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x1126100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E01052280(0xd, 0x55bf1a0);
				_t41 =  *0x11260f8; // 0x0
				if(_t41 != 0) {
					 *0x11260f8 =  *_t41;
					 *0x11260fc =  *0x11260fc + 0xffff;
				}
				E0104FFB0(_t41, 0x800, 0x55bf1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x11260f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = E01054620(0x1126100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x1126100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}

0x0106bc36
0x0106bc42
0x0106bc45
0x0106bc4a
0x0106bd35
0x00000000
0x00000000
0x00000000
0x00000000
0x0106bc50
0x0106bc50
0x0106bc58
0x0106bc5a
0x0106bc60
0x00000000
0x00000000
0x010aa4f2
0x010aa4f6
0x00000000
0x00000000
0x00000000
0x010aa4fc
0x0106bc79
0x0106bc7e
0x0106bc86
0x0106bd16
0x0106bd20
0x0106bd20
0x0106bc8d
0x0106bc94
0x0106bcbd
0x0106bcca
0x0106bccb
0x0106bccc
0x0106bccd
0x0106bcce
0x0106bcd4
0x0106bcea
0x0106bcee
0x0106bcf2
0x0106bd00
0x0106bd04
0x00000000
0x0106bc96
0x0106bcab
0x0106bcaf
0x0106bd2c
0x0106bd2c
0x0106bd09
0x00000000
0x0106bd09
0x0106bcb1
0x0106bcb5
0x0106bcbb
0x00000000
0x00000000
0x00000000
0x0106bcbb

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b8639aee15cb6218d2b03236123e39dd498c7be0d0ac902ae730f24d4e64f3a
Instruction ID: 1414de92f7f7272d2595a6c4d87b6cc93b44647b2ff9bb56be135aaa98954c1c
Opcode Fuzzy Hash: 2b8639aee15cb6218d2b03236123e39dd498c7be0d0ac902ae730f24d4e64f3a
Instruction Fuzzy Hash: B63103B6700656ABCB61EF58C4807AA77B8FF28310F144074ED94DF245EB74DA45CB85

Uniqueness

Uniqueness Score: -1.00%

Function 01039100 Relevance: .1, Instructions: 87
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E01039100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x110f6e8);
				E0108D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E011088F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0108D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x11286c0; // 0xbd07b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x11286b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E01052280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E011088F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E0107AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x112b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x11284c0;
										if(_t69 >=  *0x11284c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E01109063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0103922A(_t82);
							_t53 = E01057D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E01108B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x11286c0; // 0xbd07b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x11286b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x11286bc;
										_t72 = 0x11286b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E01039240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x11286c4;
									_t72 = 0x11286c0;
									L18:
									E01069B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}

0x01039100
0x01039100
0x01039100
0x01039100
0x01039102
0x01039107
0x0103910c
0x01039110
0x01039115
0x01039136
0x01039143
0x010937e4
0x010937e4
0x01039149
0x0103914e
0x0103914e
0x01039117
0x0103911d
0x00000000
0x00000000
0x0103911f
0x01039125
0x00000000
0x01039151
0x01039158
0x0103915d
0x01039161
0x01039168
0x01093715
0x00000000
0x0103916e
0x0103916e
0x01039175
0x01039177
0x0103917e
0x0103917f
0x01039182
0x01039182
0x01039187
0x01039187
0x0103918a
0x0103918d
0x0103918f
0x01039192
0x01039195
0x01039198
0x01039198
0x01039198
0x0103919a
0x00000000
0x00000000
0x0109371f
0x01093721
0x01093727
0x0109372f
0x01093733
0x01093735
0x01093738
0x0109373b
0x0109373d
0x01093740
0x00000000
0x00000000
0x01093746
0x01093749
0x00000000
0x00000000
0x0109374f
0x01093751
0x00000000
0x00000000
0x01093757
0x01093759
0x0109375c
0x0109375c
0x0109375e
0x0109375e
0x01093761
0x01093764
0x00000000
0x00000000
0x01093766
0x01093768
0x010937a3
0x010937a3
0x010937a5
0x010937a7
0x010937ad
0x010937b0
0x010937b2
0x010937bc
0x010937c2
0x010937c2
0x010937b2
0x01039187
0x01039187
0x0103918a
0x0103918d
0x0103918f
0x01039192
0x01039195
0x00000000
0x01039195
0x00000000
0x01039187
0x0109376a
0x0109376a
0x0109376c
0x0109376c
0x0109376f
0x01093775
0x00000000
0x00000000
0x01093777
0x01093779
0x00000000
0x00000000
0x01093782
0x01093787
0x01093789
0x01093790
0x01093790
0x0109378b
0x0109378b
0x0109378b
0x01093792
0x01093795
0x01093795
0x01093798
0x01093798
0x0109379b
0x0109379b
0x010391a3
0x010391a9
0x010391b0
0x010391b4
0x010391b4
0x010391bb
0x010391c0
0x010391c5
0x010391c7
0x010937da
0x010391cd
0x010391cd
0x010391cd
0x010391d2
0x010391d5
0x01039239
0x01039239
0x010391d7
0x010391db
0x010391e1
0x010391e7
0x010391fd
0x01039203
0x0103921e
0x01039223
0x00000000
0x01039223
0x01039205
0x01039208
0x0103920c
0x01039214
0x01039214
0x010391e9
0x010391e9
0x010391ee
0x010391f3
0x010391f3
0x010391f3
0x010391e7
0x00000000
0x010391db
0x01039187
0x01039168

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76b671572fdda3cd71985916566e9cf7a3c5e5e0aa3c9c69a4df4e8a17325aff
Instruction ID: 9ec60c0c1cc16f49e197d9ac14f01bc2693997b67f75fb3f5b56697ba3e4bafa
Opcode Fuzzy Hash: 76b671572fdda3cd71985916566e9cf7a3c5e5e0aa3c9c69a4df4e8a17325aff
Instruction Fuzzy Hash: 9B31F275A04645DFEBB6DF6CC088BACBBF5BB88318F18819DC58477281C3B0A980CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0106F527 Relevance: .1, Instructions: 87
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E0106F527(void* __ecx, void* __edx, signed int* _a4) {
				char _v8;
				signed int _v12;
				void* __ebx;
				signed int _t28;
				signed int _t32;
				signed int _t34;
				signed char* _t37;
				intOrPtr _t38;
				intOrPtr* _t50;
				signed int _t53;
				void* _t69;

				_push(__ecx);
				_push(__ecx);
				_t69 = __ecx;
				_t53 =  *(__ecx + 0x10);
				_t50 = __ecx + 0x14;
				_t28 = _t53 + __edx;
				_v12 = _t28;
				if(_t28 >  *_t50) {
					_v8 = _t28 -  *_t50;
					_push(E01060678( *((intOrPtr*)(__ecx + 0xc)), 1));
					_push(0x1000);
					_push( &_v8);
					_push(0);
					_push(_t50);
					_push(0xffffffff);
					_t32 = E01079660();
					__eflags = _t32;
					if(_t32 < 0) {
						 *_a4 =  *_a4 & 0x00000000;
						L2:
						return _t32;
					}
					 *((intOrPtr*)( *((intOrPtr*)(_t69 + 0xc)) + 0x1e8)) =  *((intOrPtr*)( *((intOrPtr*)(_t69 + 0xc)) + 0x1e8)) + _v8;
					_t34 = E01057D50();
					_t66 = 0x7ffe0380;
					__eflags = _t34;
					if(_t34 != 0) {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					} else {
						_t37 = 0x7ffe0380;
					}
					__eflags =  *_t37;
					if( *_t37 != 0) {
						_t38 =  *[fs:0x30];
						__eflags =  *(_t38 + 0x240) & 0x00000001;
						if(( *(_t38 + 0x240) & 0x00000001) == 0) {
							goto L7;
						}
						__eflags = E01057D50();
						if(__eflags != 0) {
							_t66 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E010F1582(_t50,  *((intOrPtr*)(_t69 + 0xc)),  *_t50, __eflags, _v8,  *( *((intOrPtr*)(_t69 + 0xc)) + 0x74) << 3,  *_t66 & 0x000000ff);
						E010F138A(_t50,  *((intOrPtr*)(_t69 + 0xc)),  *_t50, _v8, 9);
						goto L7;
					} else {
						L7:
						 *_t50 =  *_t50 + _v8;
						_t53 =  *(_t69 + 0x10);
						goto L1;
					}
				}
				L1:
				 *_a4 = _t53;
				 *(_t69 + 0x10) = _v12;
				_t32 = 0;
				goto L2;
			}

0x0106f52c
0x0106f52d
0x0106f530
0x0106f533
0x0106f536
0x0106f539
0x0106f53c
0x0106f541
0x0106f561
0x0106f569
0x0106f56a
0x0106f572
0x0106f573
0x0106f575
0x0106f576
0x0106f578
0x0106f57d
0x0106f57f
0x0106f5b7
0x0106f550
0x0106f556
0x0106f556
0x0106f587
0x0106f58d
0x0106f592
0x0106f597
0x0106f599
0x010abcc9
0x0106f59f
0x0106f59f
0x0106f59f
0x0106f5a1
0x0106f5a4
0x010abcd3
0x010abcd9
0x010abce0
0x00000000
0x00000000
0x010abceb
0x010abced
0x010abcf8
0x010abcf8
0x010abcf8
0x010abd11
0x010abd20
0x00000000
0x0106f5aa
0x0106f5aa
0x0106f5ad
0x0106f5af
0x00000000
0x0106f5af
0x0106f5a4
0x0106f543
0x0106f546
0x0106f54b
0x0106f54e
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
Instruction ID: 0d89ef5335c9319fa4db0aecb5a9f07af8f2008c1565d9fffef7353c2e3f2117
Opcode Fuzzy Hash: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
Instruction Fuzzy Hash: 51319831600649EFD721CFA8C890FAAB7F9FF44314F1045A9EA958B690EB70EE01CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01061DB5 Relevance: .1, Instructions: 87
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E01061DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E0105F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = E01054620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E0105F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}

0x01061dc2
0x01061dc5
0x01061dc7
0x01061dcc
0x01061dce
0x01061dd6
0x01061ddf
0x01061de0
0x01061de1
0x01061de5
0x01061de8
0x01061def
0x01061df0
0x01061df6
0x01061df7
0x01061dfe
0x01061e1a
0x00000000
0x00000000
0x01061e0b
0x01061e12
0x01061e12
0x01061e00
0x01061e00
0x01061e05
0x01061e1e
0x01061e23
0x010a570f
0x010a5713
0x00000000
0x00000000
0x010a5719
0x010a5719
0x01061e2c
0x01061e2d
0x01061e2e
0x01061e2f
0x01061e31
0x01061e32
0x01061e35
0x01061e3d
0x010a5723
0x010a573d
0x010a573d
0x00000000
0x010a5723
0x01061e49
0x01061e4e
0x01061e4e
0x01061e09
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
Instruction ID: 3ca3a42e7f0e2be46105ae2a4bbcd1d5172fcd7840828a0da22d4db86344fda3
Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
Instruction Fuzzy Hash: A6216B72640219EBD721CF99DC80EABBBBDEF89741F114095EA8597220D674EE11CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 01058D76 Relevance: .1, Instructions: 82
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E01058D76(intOrPtr* __ecx, void* __edx) {
				void* __ebx;
				signed int _t24;
				intOrPtr* _t26;
				char* _t27;
				intOrPtr* _t32;
				char* _t33;
				signed char _t43;
				signed char _t44;
				signed char _t52;
				void* _t56;
				intOrPtr* _t57;

				_t56 = __edx;
				_t57 = __ecx;
				if(( *(__edx + 0x10) & 0x0000ffff) == 0) {
					L14:
					_t52 = 0;
				} else {
					_t52 = 1;
					if(( *0x11284b4 & 0x00000004) == 0) {
						_t24 =  *(__ecx + 0x5c) & 0x0000ffff;
						if(_t24 > 0x70 ||  *((intOrPtr*)(__ecx + 0x50)) < ( *(0x101ade8 + _t24 * 2) & 0x0000ffff) << 4) {
							goto L2;
						} else {
							asm("sbb bl, bl");
							_t44 = _t43 & 1;
							goto L3;
						}
						goto L10;
					} else {
						L2:
						_t44 = 0;
					}
					L3:
					_t26 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
					if(_t26 != 0) {
						if( *_t26 == 0) {
							goto L4;
						} else {
							_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							goto L5;
						}
						L23:
					} else {
						L4:
						_t27 = 0x7ffe038a;
					}
					L5:
					if( *_t27 != 0) {
						L21:
						if(_t44 != 0) {
							E010F1751(_t44,  *((intOrPtr*)( *((intOrPtr*)( *_t57 + 0xc)) + 0xc)),  *((intOrPtr*)(_t56 + 4)),  *(_t57 + 0x5c) & 0x0000ffff);
							_t52 = 1;
							goto L9;
						}
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
						if(_t32 != 0) {
							if( *_t32 == 0) {
								goto L7;
							} else {
								_t33 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								goto L8;
							}
							goto L23;
						} else {
							L7:
							_t33 = 0x7ffe0380;
						}
						L8:
						if( *_t33 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000001) == 0) {
								goto L9;
							} else {
								goto L21;
							}
						} else {
							L9:
							if(_t44 != 0) {
								goto L14;
							}
						}
					}
				}
				L10:
				return _t52;
				goto L23;
			}

0x01058d7b
0x01058d7d
0x01058d89
0x01058e01
0x01058e01
0x01058d8b
0x01058d8d
0x01058d95
0x01058de1
0x01058de8
0x00000000
0x01058dfc
0x010a0592
0x010a0594
0x00000000
0x010a0594
0x00000000
0x01058d97
0x01058d97
0x01058d97
0x01058d97
0x01058d99
0x01058d9f
0x01058da4
0x010a059e
0x00000000
0x010a05a4
0x010a05ad
0x00000000
0x010a05ad
0x00000000
0x01058daa
0x01058daa
0x01058daa
0x01058daa
0x01058daf
0x01058db2
0x010a05e6
0x010a05e8
0x010a05fe
0x010a0605
0x00000000
0x010a0605
0x01058db8
0x01058dbe
0x01058dc3
0x010a05ba
0x00000000
0x010a05c0
0x010a05c9
0x00000000
0x010a05c9
0x00000000
0x01058dc9
0x01058dc9
0x01058dc9
0x01058dc9
0x01058dce
0x01058dd1
0x010a05e0
0x00000000
0x00000000
0x00000000
0x00000000
0x01058dd7
0x01058dd7
0x01058dd9
0x00000000
0x00000000
0x01058dd9
0x01058dd1
0x01058db2
0x01058ddd
0x01058de0
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81a0c8d95eefefffca8bc9cd43f658b6ccdc1759f713997fab17dc5badb4d913
Instruction ID: 02894a9e39a8baacd4b116458a1fc847814ca696226a4c58dafe782b6cc5877d
Opcode Fuzzy Hash: 81a0c8d95eefefffca8bc9cd43f658b6ccdc1759f713997fab17dc5badb4d913
Instruction Fuzzy Hash: 6621CC39201A80CFE3E6AB2EC494B7777E4EB51704F0884A6EDC28B651D328D881C620

Uniqueness

Uniqueness Score: -1.00%

Function 01050050 Relevance: .1, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E01050050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x112d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E01069ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E0107B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E01108A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E01069702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x112b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}

0x01050055
0x0105005d
0x01050062
0x0105006c
0x0105006f
0x01050074
0x0105007a
0x0105007a
0x01050080
0x01050080
0x01050087
0x0105008d
0x0105008f
0x01050093
0x01050095
0x0105009b
0x010500f8
0x010500fb
0x010500fc
0x010500ff
0x01050108
0x01050108
0x010500a2
0x010500a6
0x010500b3
0x010500bc
0x010500c5
0x010500ca
0x0109c01e
0x00000000
0x00000000
0x0109c02d
0x010500d5
0x010500d9
0x0109c03d
0x0109c046
0x0109c046
0x010500df
0x010500e2
0x010500ea
0x010500ef
0x010500f2
0x010500f6
0x01050111
0x01050117
0x01050117
0x00000000
0x010500f6
0x010500d0
0x010500d0
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff4b6b4cb2a9e97324cb6e9638b146d99b0b4056d8688a9a60aadf035c80d884
Instruction ID: 3371f22046a97548028d6323c893dd4043b2cb8980d0f5ff4adeb04e21f01885
Opcode Fuzzy Hash: ff4b6b4cb2a9e97324cb6e9638b146d99b0b4056d8688a9a60aadf035c80d884
Instruction Fuzzy Hash: 5C31BD31601B04CFDB66CF28C840B9BB3E5FF88714F1445ADF99687A94EB35A801CB90

Uniqueness

Uniqueness Score: -1.00%

Function 010B6C0A Relevance: .1, Instructions: 79
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E010B6C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E01057D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x1127b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = E01054620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E0107F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E01057D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E01079AE0();
						_t23 = L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}

0x010b6c0a
0x010b6c0f
0x010b6c10
0x010b6c13
0x010b6c15
0x010b6c19
0x010b6c1c
0x010b6c21
0x010b6c28
0x010b6c3a
0x010b6c2a
0x010b6c33
0x010b6c33
0x010b6c3f
0x010b6c48
0x010b6c4d
0x010b6c60
0x010b6c65
0x010b6c69
0x010b6c73
0x010b6c79
0x010b6c7f
0x010b6c86
0x010b6c90
0x010b6c94
0x010b6ca6
0x010b6cb2
0x010b6cbd
0x010b6cbd
0x010b6cc3
0x010b6cc7
0x010b6ccb
0x010b6cd0
0x010b6cd1
0x010b6ce2
0x010b6ce2
0x010b6c69
0x010b6ced

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca3aeaf8d9491861de91deff6fcda12c135187e61d8283d2a26229d11a5d013f
Instruction ID: 6c60b164b6b931eac92822e268d0ac3c361b5fdd12b616bdaf47e23831c02fa6
Opcode Fuzzy Hash: ca3aeaf8d9491861de91deff6fcda12c135187e61d8283d2a26229d11a5d013f
Instruction Fuzzy Hash: 7721AB71A00649AFD715DF68D880FAAB7B8FF48700F1440A9F948CB791D635ED50CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 01034A20 Relevance: .1, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E01034A20(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				void* __ebp;
				char* _t21;
				void* _t32;
				intOrPtr* _t34;
				intOrPtr _t36;
				void* _t37;
				void* _t38;
				intOrPtr _t40;
				void* _t50;

				if(E01057D50() != 0) {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				} else {
					_t21 = 0x7ffe0386;
				}
				_t40 = _a4;
				if( *_t21 != 0) {
					E01109BBE(_t40,  *((intOrPtr*)(_t40 + 0x20)),  *((intOrPtr*)(_t40 + 0x24)),  *((intOrPtr*)(_t40 + 0x34)));
				}
				if(_a8 == 0 && ( *(_t40 + 0x1c) & 0x000000c0) != 0) {
					_push(2);
					_pop(0);
				}
				_t34 =  *((intOrPtr*)(_t40 + 0x14));
				_t36 =  *0x11286b8; // 0x0
				if(_t34 == 0) {
					_t34 = _t36;
					if(0 == 0) {
						_t34 =  *0x11286c0; // 0xbd07b0
					}
				}
				_t50 = _t34 -  *0x11286c0; // 0xbd07b0
				if(_t50 != 0) {
					__eflags = _t34 - _t36;
					if(__eflags != 0) {
						__eflags = 0xffffffff;
						asm("lock xadd [ecx], eax");
						if(0xffffffff == 0) {
							E01039240(_t32, _t34, _t38, _t40, 0xffffffff);
						}
						L11:
						if( *((intOrPtr*)(_t40 + 0x18)) != 0) {
							_push( *((intOrPtr*)(_t40 + 0x18)));
							E010795D0();
						}
						if( *((intOrPtr*)(_t40 + 0x28)) != 0xffffffff) {
							E01069B10( *((intOrPtr*)(_t40 + 0x28)));
						}
						if( *((intOrPtr*)(_t40 + 0x2c)) != 0) {
							E01040840(_t34,  *((intOrPtr*)(_t40 + 0x2c)));
						}
						return L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t40);
					}
					_t37 = 0x11286bc;
					_t34 = 0x11286b8;
					L10:
					E01069B82(_t32, _t34, _t37, _t38, _t40, _t50);
					goto L11;
				}
				_t37 = 0x11286c4;
				_t34 = 0x11286c0;
				goto L10;
			}

0x01034a31
0x01090a89
0x01034a37
0x01034a37
0x01034a37
0x01034a3f
0x01034a42
0x01090a9e
0x01090a9e
0x01034a4d
0x01034abf
0x01034ac1
0x01034ac1
0x01034a55
0x01034a58
0x01034a60
0x01034a62
0x01034a66
0x01034a68
0x01034a68
0x01034a66
0x01034a6e
0x01034a74
0x01090aa8
0x01090aaa
0x01090abb
0x01090abe
0x01090ac2
0x01090ac8
0x01090ac8
0x01034a89
0x01034a8d
0x01090ad2
0x01090ad5
0x01090ad5
0x01034a97
0x01090ae2
0x01090ae2
0x01034aa1
0x01090aef
0x01090aef
0x01034abc
0x01034abc
0x01090aac
0x01090ab1
0x01034a84
0x01034a84
0x00000000
0x01034a84
0x01034a7a
0x01034a7f
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffccebc1cd206480720b18304aafbb3bd0a82aa823d0a94786fccb51f3868eb7
Instruction ID: 18632e4d2d4bd24fc520bce0bd8ead240213c02c1426f7e6b70d30d8a21cc868
Opcode Fuzzy Hash: ffccebc1cd206480720b18304aafbb3bd0a82aa823d0a94786fccb51f3868eb7
Instruction Fuzzy Hash: 4B213831200E01DFCF76AE28C910B2B37EDFB90224F104769E4D69A9E5E734A852DB95

Uniqueness

Uniqueness Score: -1.00%

Function 010790AF Relevance: .1, Instructions: 76
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E010790AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0108D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E0106E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = E01054620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E0107F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E0106A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}

0x010790af
0x010790b8
0x010790bb
0x010790bf
0x010790c2
0x010790c2
0x010790c8
0x010790cb
0x010790cd
0x010b14d7
0x010b14eb
0x010b14eb
0x00000000
0x010b14eb
0x010b14db
0x010b14e6
0x00000000
0x010b14f2
0x010b14e8
0x00000000
0x010b14e8
0x010790d8
0x010790da
0x010790dd
0x010790e5
0x00000000
0x01079139
0x010790fa
0x010790fe
0x01079142
0x00000000
0x01079142
0x01079104
0x01079107
0x0107910b
0x01079110
0x01079118
0x01079147
0x01079148
0x0107914f
0x01079150
0x01079151
0x01079152
0x01079156
0x0107915d
0x01079160
0x01079168
0x0107916c
0x010791bc
0x010791be
0x00000000
0x010791be
0x0107916e
0x01079173
0x01079176
0x00000000
0x00000000
0x0107917c
0x01079180
0x010791b5
0x00000000
0x010791b5
0x01079182
0x01079185
0x01079189
0x00000000
0x00000000
0x0107918e
0x01079190
0x01079198
0x00000000
0x00000000
0x010791a0
0x00000000
0x010791ad
0x010791ad
0x010791b0
0x010791b1
0x00000000
0x01079185
0x0107911a
0x0107911c
0x0107911f
0x01079125
0x01079127
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
Instruction ID: 5aab9bd2dbd898f8ec7d21934833d80b0b072820e9df869478212e6326085822
Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
Instruction Fuzzy Hash: A9218375A00205EFDB21DF59D444E9AFBF8EB54324F14886AE98597210D770ED50CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01063B7A Relevance: .1, Instructions: 75
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E01063B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x11284c4; // 0x0
				_v12 = 1;
				_v8 =  *0x11284c0 * 0x4c;
				_t41 = __ecx;
				_t35 = E01054620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x11284c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E0107AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E0107FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x11284c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x11284c4; // 0x0
					L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}

0x01063b89
0x01063b96
0x01063ba1
0x01063bab
0x01063bb5
0x01063bb9
0x010a6298
0x01063bbf
0x01063bc2
0x01063bc3
0x01063bc9
0x01063bca
0x01063bcc
0x01063bcd
0x01063bd4
0x01063bd6
0x01063bdb
0x01063bea
0x01063bf7
0x01063bfb
0x01063bff
0x01063c09
0x01063c0a
0x01063c0b
0x01063c0f
0x01063c14
0x01063c18
0x01063c18
0x01063bfb
0x01063c1b
0x01063c30
0x01063c30
0x01063c3d

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2c057c89e04e1bfcfbb1c000f3cf7f60547a3c21e529ae450bda83f2415729b
Instruction ID: 90225b27bd3049cf06552c968484c7e18e9ce4233381102c44f3e909e3b57c37
Opcode Fuzzy Hash: c2c057c89e04e1bfcfbb1c000f3cf7f60547a3c21e529ae450bda83f2415729b
Instruction Fuzzy Hash: 7C218E72A00109AFD714DF98CD81B9ABBBDFB44718F190078EA09AB251D371AD51CB94

Uniqueness

Uniqueness Score: -1.00%

Function 01034B94 Relevance: .1, Instructions: 74
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01034B94(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _t38;
				intOrPtr _t39;
				intOrPtr _t41;
				signed int _t42;
				intOrPtr* _t46;
				intOrPtr* _t47;
				signed short _t50;
				intOrPtr _t51;
				signed int _t52;
				signed int _t54;
				intOrPtr _t56;
				signed int _t57;
				intOrPtr _t58;
				intOrPtr* _t59;

				_t58 = __ecx;
				_t56 =  *[fs:0x30];
				_v20 = __ecx;
				_v16 = _t56;
				if( *((intOrPtr*)(__ecx + 8)) == 0xddeeddee) {
					_t50 =  *(__ecx + 0x24) & 0x0000ffff;
				} else {
					_t50 =  *(__ecx + 0x7c) & 0x0000ffff;
				}
				_t38 =  *(_t56 + 0x88);
				if(_t38 == 0 || _t50 == 0) {
					L8:
					return _t38;
				} else {
					_t54 = _t50 & 0x0000ffff;
					if(_t54 > _t38) {
						goto L8;
					}
					_t51 =  *((intOrPtr*)(_t56 + 0x90));
					_v8 = _t38;
					_t46 = _t51 + _t54 * 4;
					_v12 = _t46;
					_t47 = _t46 + 0xfffffffc;
					_t11 =  &_v8;
					 *_t11 = _v8 - _t54;
					if( *_t11 != 0) {
						_t59 = _v12;
						_t57 = _v8;
						do {
							_t39 =  *_t59;
							_t59 = _t59 + 4;
							 *_t47 = _t39;
							if( *((intOrPtr*)(_t39 + 8)) == 0xddeeddee) {
								_t52 =  *(_t39 + 0x24) & 0x0000ffff;
							} else {
								_t52 =  *(_t39 + 0x7c) & 0x0000ffff;
							}
							E01034C73(_t39, _t52, _t52 - 1);
							_t41 =  *_t47;
							if( *((intOrPtr*)(_t41 + 8)) == 0xddeeddee) {
								 *((intOrPtr*)(_t41 + 0x24)) =  *((intOrPtr*)(_t41 + 0x24)) + 0xffff;
							} else {
								 *((intOrPtr*)(_t41 + 0x7c)) =  *((intOrPtr*)(_t41 + 0x7c)) + 0xffff;
							}
							_t47 = _t47 + 4;
							_t57 = _t57 - 1;
						} while (_t57 != 0);
						_t56 = _v16;
						_t58 = _v20;
						_t38 =  *(_t56 + 0x88);
						_t51 =  *((intOrPtr*)(_t56 + 0x90));
					}
					_t42 = _t38 - 1;
					 *(_t56 + 0x88) = _t42;
					 *(_t51 + _t42 * 4) =  *(_t51 + _t42 * 4) & 0x00000000;
					if( *((intOrPtr*)(_t58 + 8)) == 0xddeeddee) {
						 *((short*)(_t58 + 0x24)) = 0;
						return 0;
					}
					 *((short*)(_t58 + 0x7c)) = 0;
					return 0;
				}
			}

0x01034b9d
0x01034ba0
0x01034ba7
0x01034bb1
0x01034bb4
0x01090b4d
0x01034bba
0x01034bba
0x01034bba
0x01034bbe
0x01034bc6
0x01034c0c
0x01034c0c
0x01034bcd
0x01034bcd
0x01034bd2
0x00000000
0x00000000
0x01034bd4
0x01034bdb
0x01034bde
0x01034be1
0x01034be4
0x01034be7
0x01034be7
0x01034bea
0x01034c0d
0x01034c10
0x01034c13
0x01034c13
0x01034c15
0x01034c18
0x01034c21
0x01034c5f
0x01034c23
0x01034c23
0x01034c23
0x01034c2a
0x01034c2f
0x01034c3d
0x01034c65
0x01034c3f
0x01034c3f
0x01034c3f
0x01034c43
0x01034c46
0x01034c46
0x01034c4b
0x01034c4e
0x01034c51
0x01034c57
0x01034c57
0x01034bec
0x01034bed
0x01034bf4
0x01034bff
0x01034c6d
0x00000000
0x01034c6d
0x01034c03
0x00000000
0x01034c03

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
Instruction ID: e3372bfc2ed6206f4b302ebe5578844bd163ed623a3ccf0a7d21fe71086a03ae
Opcode Fuzzy Hash: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
Instruction Fuzzy Hash: AB31D031910629DFD7A8CF69C4806B9F7F8FF84210F1586A9C8A9DB661E770B940CB40

Uniqueness

Uniqueness Score: -1.00%

Function 010B6CF0 Relevance: .1, Instructions: 74
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E010B6CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E01057D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E01057D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x1015c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E0106F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E0106F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E010B7016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L01052400( &_v52);
								}
								_t21 = L01052400( &_v28);
							}
						}
					}
				}
				return _t21;
			}

0x010b6cfb
0x010b6d00
0x010b6d02
0x010b6d06
0x010b6d0a
0x010b6d0e
0x010b6d19
0x010b6d2b
0x010b6d1b
0x010b6d24
0x010b6d24
0x010b6d33
0x010b6d39
0x010b6d46
0x010b6d4f
0x010b6d61
0x010b6d51
0x010b6d5a
0x010b6d5a
0x010b6d69
0x010b6d6b
0x010b6d6d
0x010b6d6f
0x010b6d6f
0x010b6d74
0x010b6d79
0x010b6d7a
0x010b6d7f
0x010b6d82
0x010b6d88
0x010b6d89
0x010b6d90
0x010b6d94
0x010b6da7
0x010b6db1
0x010b6db1
0x010b6dbb
0x010b6dbb
0x010b6d90
0x010b6d69
0x010b6d46
0x010b6dc6

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65a0f310a3a5a7603906753e37816073e293f5cb5c3c3448811cc65bcb6a5713
Instruction ID: f0790f780850e34435fe1a4d7df4a7e2007f7c40d2ff63ae32774ba05dbc0c2e
Opcode Fuzzy Hash: 65a0f310a3a5a7603906753e37816073e293f5cb5c3c3448811cc65bcb6a5713
Instruction Fuzzy Hash: CA21C5729042459BD711EF29C984BEBBBECEF91640F0409A6FEC0C7251EB35D948C6A2

Uniqueness

Uniqueness Score: -1.00%

Function 010428AE Relevance: .1, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010428AE(signed int __edx) {
				void* _t14;
				char* _t17;
				signed char* _t27;
				void* _t31;
				signed int _t35;
				signed char* _t37;
				char* _t39;

				_t35 = __edx;
				_t14 = E01057D50();
				_t39 = 0x7ffe0384;
				if(_t14 != 0) {
					_t17 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t17 = 0x7ffe0384;
				}
				_t37 = 0x7ffe0385;
				if( *_t17 != 0) {
					if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
						if(E01057D50() == 0) {
							_t27 = 0x7ffe0385;
						} else {
							_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t27 & 0x00000020) != 0) {
							E010B7016(0x1480, _t35, 0xffffffff, 0xffffffff, 0, 0);
						}
					}
				}
				_t31 = E0104EEF0(0x1125350);
				if(E01057D50() != 0) {
					_t39 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t39 != 0) {
					if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
						if(E01057D50() != 0) {
							_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t37 & 0x00000020) != 0) {
							E010B7016(0x1481, _t35 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
						}
					}
				}
				return _t31;
			}

0x010428ae
0x010428b3
0x010428b8
0x010428bf
0x01097692
0x010428c5
0x010428c5
0x010428c5
0x010428ca
0x010428cf
0x010976a9
0x010976b6
0x010976c8
0x010976b8
0x010976c1
0x010976c1
0x010976cd
0x010976e3
0x010976e3
0x010976cd
0x010976a9
0x010428df
0x010428e8
0x010976f7
0x010976f7
0x010428f1
0x0109770f
0x0109771c
0x01097727
0x01097727
0x01097730
0x01097746
0x01097746
0x01097730
0x0109770f
0x010428fc

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccd05b8dc3c3480a6298b2d468175cb0c47da379558ce13e731589362154aa98
Instruction ID: b524a974bfa787fea5b9f8e674997b23bcb74bba0052ea0823729ed6ccad9081
Opcode Fuzzy Hash: ccd05b8dc3c3480a6298b2d468175cb0c47da379558ce13e731589362154aa98
Instruction Fuzzy Hash: 7D216B727166819BF722532CDC94F683BD4AF05774F1903F4FAE09B6E2DB689800D610

Uniqueness

Uniqueness Score: -1.00%

Function 0110070D Relevance: .1, Instructions: 72
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E0110070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E011007DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E010FAFDE( &_v8,  &_v12);
					E01101293(_t38, _v28, _t60);
					if(E01057D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E010F14FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}

0x0110071b
0x01100724
0x01100734
0x01100738
0x0110074b
0x0110074b
0x01100753
0x01100753
0x01100759
0x0110075d
0x01100774
0x01100779
0x0110077d
0x01100789
0x01100795
0x011007a7
0x01100797
0x011007a0
0x011007a0
0x011007af
0x011007c4
0x011007cd
0x011007cd
0x011007af
0x011007dc

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
Instruction ID: dc85d8b453dc80d6453ed8c52db404d5d1332618343bece7dc3b44833c322b59
Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
Instruction Fuzzy Hash: 2A210436604600AFD70ADF58C880BAABBA5EFD4390F04856DF9958B781DB74D909CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0103519E Relevance: .1, Instructions: 70
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E0103519E(signed short* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _t17;
				signed int _t18;
				char _t27;
				signed short _t32;
				signed short* _t34;
				void* _t35;

				_t34 = __ecx;
				_t27 = 0;
				_t29 = 0;
				_t35 = E010352A5(0);
				if(_t35 == 0) {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_v12 =  *((intOrPtr*)(_t29 + 0x24));
					_t17 =  *((intOrPtr*)(_t29 + 0x28));
				} else {
					_v12 =  *((intOrPtr*)(_t35 + 0xc));
					_t17 =  *((intOrPtr*)(_t35 + 0x10));
				}
				_t32 = _v12;
				_v8 = _t17;
				_t18 =  *_t34 & 0x0000ffff;
				if(_t32 <= 6) {
					if(_t32 != _t18) {
						goto L4;
					}
					goto L10;
				} else {
					_t29 = (_t32 & 0x0000ffff) - 2;
					if((_t32 & 0x0000ffff) - 2 == _t18) {
						_v12 = _t32 + 0xfffe;
						L10:
						_t18 = E01059DA0(_t29,  &_v12, _t34, 1);
						if(_t18 != 0) {
							_t27 = 1;
						}
					}
					L4:
					if(_t35 == 0) {
						E0104EB70(_t29, 0x11279a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t18 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t35 + 4)));
							E010795D0();
							L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t35);
						}
					}
					return _t27;
				}
			}

0x010351a9
0x010351ab
0x010351ad
0x010351b4
0x010351b8
0x01090c9c
0x01090ca2
0x01090ca5
0x010351be
0x010351c1
0x010351c4
0x010351c4
0x010351c7
0x010351cb
0x010351ce
0x010351d5
0x01090cbe
0x00000000
0x00000000
0x00000000
0x010351db
0x010351de
0x010351e3
0x01090cb5
0x01090cc4
0x01090ccb
0x01090cd2
0x01090cd8
0x01090cd8
0x01090cd2
0x010351e9
0x010351eb
0x01090ce4
0x010351f1
0x010351f4
0x010351f8
0x01090cee
0x01090cf1
0x01090d03
0x01090d03
0x010351f8
0x01035206
0x01035206

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91ddd9e94eb2d56a28b548f1c92d93b10578cc6b75f06580905ee3259c87ea57
Instruction ID: da2910072cacc45bb3db9d73639d25cd32e08faca8ff758d1da1db8eb7f58925
Opcode Fuzzy Hash: 91ddd9e94eb2d56a28b548f1c92d93b10578cc6b75f06580905ee3259c87ea57
Instruction Fuzzy Hash: A111E475901315ABCF70AB68C850AAABBF9AF55710F1401AAF8C697690D631C841D650

Uniqueness

Uniqueness Score: -1.00%

Function 010B7794 Relevance: .1, Instructions: 70
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E010B7794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x1127b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = E01054620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E0107F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E01057D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E01079AE0();
					_t24 = L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}

0x010b7799
0x010b779a
0x010b779b
0x010b77a3
0x010b77ab
0x010b77ae
0x010b77b1
0x010b77b1
0x010b77bf
0x010b77c4
0x010b77c8
0x010b77ce
0x010b77d4
0x010b77e0
0x010b77e0
0x010b77d6
0x010b77d6
0x010b77de
0x00000000
0x00000000
0x010b77de
0x010b77e5
0x010b77f0
0x010b77f3
0x010b77f6
0x010b77fd
0x010b7800
0x010b780c
0x010b7818
0x010b782b
0x010b781a
0x010b7823
0x010b7823
0x010b7830
0x010b7831
0x010b7838
0x010b783d
0x010b783e
0x010b784f
0x010b784f
0x010b785a

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cad87c3b38ea9f9a359f99bc3496a8546f0434254eae07bba33c7f662acefe8
Instruction ID: 3d8c143e112d086364d32d9159825474ee7845328e8b4dc0cc73d331cb3cf9c4
Opcode Fuzzy Hash: 0cad87c3b38ea9f9a359f99bc3496a8546f0434254eae07bba33c7f662acefe8
Instruction Fuzzy Hash: 36219F72900604ABC725DF69D880EABBBB8EF88740F10456DFA4AC7690D634E900CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 010312D4 Relevance: .1, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E010312D4(intOrPtr __ecx, intOrPtr* _a4) {
				char _v8;
				char _v12;
				void* _t20;
				intOrPtr _t32;
				signed int _t35;
				void* _t39;
				void* _t41;
				intOrPtr* _t44;

				_push(__ecx);
				_push(__ecx);
				_t41 = 0;
				_t32 = __ecx;
				if( *_a4 != 0) {
					L8:
					_t20 = _t41;
					L9:
					return _t20;
				}
				if(__ecx <= 1) {
					_t32 = 0x25;
				}
				_t35 = 0x10;
				_t2 = _t32 - 1; // 0x24
				_t20 = E0106F3D5( &_v12, _t2 * _t35, _t2 * _t35 >> 0x20);
				if(_t20 < 0) {
					goto L9;
				} else {
					_t37 = _v12;
					_push( &_v8);
					_t39 = 0x34;
					_t41 = E01031C45(_v12, _t39);
					if(_t41 >= 0) {
						_t44 = E01054620(_t37,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
						if(_t44 == 0) {
							_t41 = 0xc0000017;
						} else {
							E0107FA60(_t44, 0, _v8);
							 *((intOrPtr*)(_t44 + 0x2c)) = _t32;
							_t14 = _t44 + 0xc; // 0xc
							E010758F0(0x3fff, 0x80000008, _t14);
							 *(_t44 + 8) =  *(_t44 + 8) & 0x00000000;
							 *_t44 = 0x6d6f7441;
							 *((intOrPtr*)(_t44 + 4)) = 1;
							 *_a4 = _t44;
						}
					}
					goto L8;
				}
			}

0x010312d9
0x010312da
0x010312e0
0x010312e2
0x010312e6
0x01031374
0x01031374
0x01031376
0x0103137b
0x0103137b
0x010312ef
0x010312f3
0x010312f3
0x010312f6
0x010312f7
0x01031301
0x01031308
0x00000000
0x0103130a
0x0103130a
0x01031310
0x01031313
0x01031319
0x0103131d
0x01031333
0x01031337
0x0103137e
0x01031339
0x0103133f
0x01031347
0x0103134a
0x01031358
0x01031360
0x01031364
0x0103136a
0x01031371
0x01031371
0x01031373
0x00000000
0x0103131d

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
Instruction ID: 4b31b3b5cc7c0624e13784f0c5c73e71621e55e5860cdd9978d910af76d35476
Opcode Fuzzy Hash: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
Instruction Fuzzy Hash: 9911E6B2600609FFD7229E58DC40FDABBBCEB88750F104069EA858B580D671ED44C754

Uniqueness

Uniqueness Score: -1.00%

Function 0106FD9B Relevance: .1, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E0106FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E010476E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = E01054620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}

0x0106fd9b
0x0106fda0
0x0106fda1
0x0106fdab
0x0106fdad
0x0106fdb0
0x0106fdb8
0x0106fe0f
0x0106fde6
0x0106fde9
0x0106fdec
0x010ac0c0
0x0106fdfe
0x0106fe06
0x0106fe06
0x010ac0c8
0x0106fe2d
0x0106fe2d
0x00000000
0x0106fe2d
0x010ac0d1
0x010ac0e0
0x010ac0e5
0x010ac0e5
0x010ac0e8
0x00000000
0x010ac0e8
0x0106fdf4
0x00000000
0x00000000
0x0106fdf6
0x0106fdfa
0x0106fe1a
0x0106fe1f
0x0106fe1f
0x0106fdfc
0x00000000
0x0106fdfc
0x0106fdcc
0x0106fdd0
0x0106fe26
0x00000000
0x0106fe26
0x0106fdd8
0x0106fddb
0x0106fddd
0x0106fde0
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
Instruction ID: 7b1af8c07c60dd8afa71cfa63469670813b302e33edae50bd57c4773381adc85
Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
Instruction Fuzzy Hash: A621B071640642DFD731CF4DE650E66FBEAEBA4B10F2180BEE9868B611D730AD00CB80

Uniqueness

Uniqueness Score: -1.00%

Function 010612BD Relevance: .1, Instructions: 67
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E010612BD(intOrPtr __ecx) {
				signed int _v8;
				signed int _t22;
				signed int _t23;
				intOrPtr _t37;
				signed int _t40;
				signed int _t41;
				signed int _t44;
				intOrPtr _t47;

				_push(__ecx);
				_t47 =  *[fs:0x30];
				_t37 = __ecx;
				_t40 =  *(_t47 + 0x88);
				_t44 = ( *0x1128498 & 0x0000ffff) + _t40;
				if(_t44 >= 0xfffe) {
					L4:
					return _t22;
				}
				_t23 =  *(_t47 + 0x8c);
				if(_t44 == _t23) {
					 *(_t47 + 0x8c) = _t23 + _t23;
					_t22 = E01054620(_t40,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t23 + _t23 << 2);
					_t41 = _t22;
					_v8 = _t41;
					if(_t41 == 0) {
						 *(_t47 + 0x8c) = _t44;
						goto L4;
					}
					E0107F3E0(_t41,  *(_t47 + 0x90),  *(_t47 + 0x88) << 2);
					_t30 =  *(_t47 + 0x90);
					if( *(_t47 + 0x90) != 0x1126660) {
						L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t30);
					}
					_t40 =  *(_t47 + 0x88);
					 *(_t47 + 0x90) = _v8;
				}
				 *((intOrPtr*)( *(_t47 + 0x90) + _t40 * 4)) = _t37;
				_t22 =  *(_t47 + 0x88) + 1;
				 *(_t47 + 0x88) = _t22;
				if( *((intOrPtr*)(_t37 + 8)) == 0xddeeddee) {
					 *(_t37 + 0x24) = _t22;
				} else {
					 *(_t37 + 0x7c) = _t22;
				}
				goto L4;
			}

0x010612c2
0x010612c5
0x010612cc
0x010612d6
0x010612dc
0x010612e4
0x01061313
0x01061319
0x01061319
0x010612e6
0x010612ee
0x0106131c
0x01061331
0x01061336
0x01061338
0x0106133d
0x0106137d
0x00000000
0x0106137d
0x01061350
0x01061355
0x01061363
0x010a5512
0x010a5512
0x0106136c
0x01061372
0x01061372
0x010612f6
0x010612ff
0x01061300
0x0106130d
0x01061385
0x0106130f
0x0106130f
0x0106130f
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abe430b8670b4e6ed8f573a6106faf0dddf4d983855de3e6e942d599e145d097
Instruction ID: d8971eea76112e60d1b72359e44101fb075ad28266cd4704725eba3676cd0172
Opcode Fuzzy Hash: abe430b8670b4e6ed8f573a6106faf0dddf4d983855de3e6e942d599e145d097
Instruction Fuzzy Hash: 5F214A71600650EFD774CF68C881BAAB7E9FF88250F10886DE9EFC7651DA70A850CB60

Uniqueness

Uniqueness Score: -1.00%

Function 01075A69 Relevance: .1, Instructions: 64
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E01075A69(intOrPtr* __ecx, void* __edx) {
				void* __ebx;
				signed int _t18;
				char* _t22;
				char* _t28;
				signed char _t34;
				signed char _t35;
				void* _t47;
				intOrPtr* _t48;

				_t47 = __edx;
				_t48 = __ecx;
				if(( *0x11284b4 & 0x00000004) == 0) {
					_t18 =  *(__ecx + 0x5c) & 0x0000ffff;
					if(_t18 > 0x70 ||  *((intOrPtr*)(__ecx + 0x50)) < ( *(0x101ade8 + _t18 * 2) & 0x0000ffff) << 4) {
						goto L1;
					} else {
						asm("sbb bl, bl");
						_t35 = _t34 & 0x00000001;
						L2:
						if(E01057D50() != 0) {
							_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						} else {
							_t22 = 0x7ffe038a;
						}
						if( *_t22 != 0) {
							L16:
							if(_t35 != 0) {
								E010F1751(_t35,  *((intOrPtr*)( *((intOrPtr*)( *_t48 + 0xc)) + 0xc)),  *((intOrPtr*)(_t47 + 4)),  *(_t48 + 0x5c) & 0x0000ffff);
							}
							goto L8;
						} else {
							if(E01057D50() != 0) {
								_t28 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t28 = 0x7ffe0380;
							}
							if( *_t28 != 0) {
								if(( *( *[fs:0x30] + 0x240) & 0x00000001) == 0) {
									goto L8;
								}
								goto L16;
							} else {
								L8:
								return _t35;
							}
						}
					}
				}
				L1:
				_t35 = 0;
				goto L2;
			}

0x01075a73
0x01075a75
0x01075a77
0x01075ab7
0x01075abe
0x00000000
0x01075ad2
0x010afb3a
0x010afb3c
0x01075a7b
0x01075a82
0x010afb4c
0x01075a88
0x01075a88
0x01075a88
0x01075a90
0x010afb7c
0x010afb7e
0x010afb94
0x010afb94
0x00000000
0x01075a96
0x01075a9d
0x010afb5f
0x01075aa3
0x01075aa3
0x01075aa3
0x01075aab
0x010afb76
0x00000000
0x00000000
0x00000000
0x01075ab3
0x01075ab3
0x01075ab6
0x01075ab6
0x01075aab
0x01075a90
0x01075abe
0x01075a79
0x01075a79
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35a8e7e18416e4525da8b7f3905734362749b5886575ad44656446444a5643f6
Instruction ID: 8bffd81b269d29d3b7ba13af2cf43ec1a5fb7a303fc2a2261d184b94bb5521c5
Opcode Fuzzy Hash: 35a8e7e18416e4525da8b7f3905734362749b5886575ad44656446444a5643f6
Instruction Fuzzy Hash: 14112679652752EFE365AB6CC8E0BF973E4EB05704F4844AAE8C287741D369DC80C764

Uniqueness

Uniqueness Score: -1.00%

Function 0106B390 Relevance: .1, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E0106B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E01052280(_t12, 0x1128608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E010700C2(0x1128608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}

0x0106b395
0x0106b3a2
0x0106b3a5
0x0106b3aa
0x0106b3b2
0x0106b3ba
0x0106b3bd
0x0106b3c0
0x0106b3c4
0x0106b3c9
0x010aa3e9
0x010aa3ed
0x010aa3f0
0x010aa3ff
0x010aa403
0x010aa409
0x00000000
0x00000000
0x010aa40b
0x010aa40b
0x010aa40f
0x010aa415
0x010aa423
0x010aa423
0x010aa415
0x0106b3d1
0x0106b3e8
0x0106b3e8
0x0106b3d9

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23b860ccc2dc46cecf86760fc93fbb63a0ecbf249086035b649484a9fe664989
Instruction ID: e0bbf4aa462d0da43fe98829769258e006403917e8ea1680771e6f01addf236e
Opcode Fuzzy Hash: 23b860ccc2dc46cecf86760fc93fbb63a0ecbf249086035b649484a9fe664989
Instruction Fuzzy Hash: 89116B737011209FCB29CA588E81A6F76EAFFC5330B248169ED56D7380CA319C02C6D4

Uniqueness

Uniqueness Score: -1.00%

Function 01039240 Relevance: .1, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E01039240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x110f708);
				E0108D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E010795D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E010795D0();
				_t33 =  *0x11284c4; // 0x0
				L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x11284c4; // 0x0
				L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x11284c4; // 0x0
				E01052280(L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x11286b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E010795D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E010795D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E01039325();
					_t50 =  *0x11284c4; // 0x0
					return E0108D0D1(L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}

0x01039240
0x01039242
0x01039247
0x0103924c
0x0103924e
0x01039255
0x01039257
0x0103925a
0x0103925f
0x0103925f
0x01039266
0x01039271
0x01039276
0x01039279
0x0103927e
0x01039295
0x0103929a
0x010392b1
0x010392b6
0x010392d7
0x010392dc
0x010392e0
0x010392e6
0x010392e8
0x010392ee
0x01039332
0x01039333
0x01039337
0x01039338
0x0103933a
0x0103933a
0x0103933d
0x01039342
0x01039342
0x01039345
0x01039349
0x0103934e
0x01039352
0x01039357
0x010392f4
0x010392f4
0x010392f6
0x010392f9
0x01039300
0x01039306
0x01039324
0x01039324

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc4682914c27f0727f4329775f624697f566f052faa2f20640b9c99b8f21055c
Instruction ID: 61cf0bcd6002a8770b8324d4619a458b2e0cda348babe2a3ccb6ec07c4c73b76
Opcode Fuzzy Hash: fc4682914c27f0727f4329775f624697f566f052faa2f20640b9c99b8f21055c
Instruction Fuzzy Hash: 39216A71140A41EFC766EF68CA40F9AB7F9FF28708F44856CE089876A2CB74E951DB44

Uniqueness

Uniqueness Score: -1.00%

Function 01033138 Relevance: .1, Instructions: 62
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E01033138(void* __ecx) {
				signed int _v8;
				char _v12;
				void* _t18;
				intOrPtr _t19;
				void* _t26;
				intOrPtr* _t28;
				char* _t32;
				intOrPtr* _t34;
				intOrPtr _t41;
				void* _t43;
				void* _t45;

				_push(__ecx);
				_push(__ecx);
				_t43 = __ecx;
				if(( *(__ecx + 0xc) & 0x00000001) != 0) {
					_t18 = 0;
				} else {
					_t34 = __ecx + 0x10;
					_t19 =  *_t34;
					_t28 =  *((intOrPtr*)(_t34 + 4));
					_t40 =  *((intOrPtr*)(_t19 + 4));
					if( *_t28 !=  *((intOrPtr*)(_t19 + 4)) ||  *_t28 != _t34) {
						_push(_t28);
						_push( *_t28);
						E010FA80D(0, 0xd, _t34, _t40);
					} else {
						 *_t28 = _t19;
						 *((intOrPtr*)(_t19 + 4)) = _t28;
					}
					_t41 =  *((intOrPtr*)(_t43 + 0x18));
					_v8 = _v8 & 0x00000000;
					_v12 =  *((intOrPtr*)(_t43 + 0x1c));
					_t45 = E0106174B( &_v12,  &_v8, 0x8000);
					if(E01057D50() != 0) {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					} else {
						_t32 = 0x7ffe0388;
					}
					if( *_t32 != 0) {
						E010EFE3F(_t26, _t41, _v12, _v8);
					}
					_t18 = _t45;
				}
				return _t18;
			}

0x0103313d
0x0103313e
0x01033140
0x01033147
0x010331ac
0x01033149
0x01033149
0x0103314c
0x0103314e
0x01033151
0x01033156
0x0108fdb3
0x0108fdb4
0x0108fdbd
0x01033164
0x01033164
0x01033166
0x01033166
0x0103316f
0x01033172
0x01033176
0x01033187
0x01033190
0x0108fdd1
0x01033196
0x01033196
0x01033196
0x0103319e
0x0108fde4
0x0108fde4
0x010331a4
0x010331a4
0x010331ab

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
Instruction ID: 5e34584d07c655b15c329934e049b9d14d5bd1a7ebfa7349b9ab8eca17e94180
Opcode Fuzzy Hash: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
Instruction Fuzzy Hash: 8611BE31A05305EFDB25EF64C844F6AB7FAFBC5314F108599E4818B241EA71A802CB90

Uniqueness

Uniqueness Score: -1.00%

Function 010FE962 Relevance: .1, Instructions: 62
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E010FE962(void* __ebx, void* __ecx, intOrPtr _a4, char* _a8) {
				char _v8;
				signed int _v12;
				char* _t26;
				void* _t31;
				unsigned int _t33;
				intOrPtr _t49;

				_t31 = __ebx;
				_push(__ecx);
				_push(__ecx);
				_t49 = _a4;
				_v12 =  *(_t49 + 0xc) & 0xffff0000;
				_t33 =  *(_t49 + 0x10);
				_t44 = 1 << (_t33 >> 0x00000002 & 0x0000003f);
				_t5 = _t44 - 1; // 0x0
				_t6 = _t44 - 1; // 0x0
				_t57 = _a8;
				_v8 = ((_t33 >> 0x00000001 & 1) + (_t33 >> 0xc) << 0xc) - 1 + (1 << (_t33 >> 0x00000002 & 0x0000003f)) - (_t5 + ((_t33 >> 0x00000001 & 1) + (_t33 >> 0x0000000c) << 0x0000000c) & _t6);
				E010FAFDE( &_v12,  &_v8, 0x8000,  *_a8,  *((intOrPtr*)(_a8 + 4)));
				if(E01057D50() == 0) {
					_t26 = 0x7ffe0388;
				} else {
					_t26 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t26 != 0) {
					E010EFE3F(_t31, _t57, _v12, _v8);
				}
				return E010FBCD2(_t49,  *_t57,  *((intOrPtr*)(_t57 + 4)));
			}

0x010fe962
0x010fe967
0x010fe968
0x010fe96b
0x010fe976
0x010fe979
0x010fe990
0x010fe997
0x010fe99a
0x010fe9a4
0x010fe9b1
0x010fe9be
0x010fe9ca
0x010fe9dc
0x010fe9cc
0x010fe9d5
0x010fe9d5
0x010fe9e4
0x010fe9ee
0x010fe9ee
0x010fea04

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
Instruction ID: ef312b16c3d1fa6f379b4679e1630c0aa4b59f3899ae3fd2e165cde4ec51edc3
Opcode Fuzzy Hash: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
Instruction Fuzzy Hash: F711C432600519AFDB19DB58CC05AAEBBF5EF84310F058269ED8597750DA31AD51CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0106DF4C Relevance: .1, Instructions: 62
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E0106DF4C(signed int __eax, void* __ecx, signed int* __edx, signed int* _a4) {
				char _v8;
				signed int _v32;
				signed int _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				void* _v49;
				void* _v50;
				void* __ebx;
				void* __edi;
				intOrPtr* _t71;
				signed int _t74;
				signed int _t75;
				intOrPtr _t80;
				intOrPtr* _t81;
				signed int _t87;
				signed int* _t92;
				signed int* _t99;
				signed int _t102;
				signed int _t104;
				unsigned int _t109;
				signed int _t113;
				signed int _t114;
				signed int _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				intOrPtr* _t119;
				char _t124;
				signed int _t125;
				signed int _t130;
				signed int _t132;
				void* _t134;
				signed int _t136;
				signed int _t137;
				intOrPtr* _t138;
				void* _t141;
				signed int _t144;
				signed int _t146;
				signed int _t150;
				void* _t152;

				_push(__ecx);
				_push(__ecx);
				_push(_t134);
				_t94 = __edx;
				_t141 = __ecx;
				asm("lock xadd [esi+0x2c], eax");
				if((__eax | 0xffffffff) == 1) {
					_t108 =  *((intOrPtr*)(__ecx + 0x28));
					if( *((intOrPtr*)(__ecx + 0x28)) != 0) {
						E0103A745(__edx, _t108, __edx, _t134);
					}
					_t71 = _t141 + 4;
					_t124 =  *_t71;
					if( *((intOrPtr*)(_t124 + 4)) != _t71) {
						L9:
						_t109 = 3;
						asm("int 0x29");
						_t152 = (_t150 & 0xfffffff8) - 0x1c;
						_v36 = _v36 & 0x00000000;
						_push(_t94);
						 *((char*)(_t152 + 0xb)) = _t124;
						 *(_t152 + 0x18) = _t109;
						_push(_t141);
						_push(_t134);
						_t99 =  *((intOrPtr*)( *[fs:0x18] + 0x30)) + ((_t109 >> 0x00000005 & 0x0000007f) + 0x97) * 4;
						_t74 = 0;
						_t125 =  *_t99;
						 *(_t152 + 0x1c) = _t99;
						 *(_t152 + 0x12) = 0;
						if(_t125 != 0) {
							while((_t125 & 0x00000001) == 0) {
								_t74 = _t125;
								if((_t125 & 0x00000002) != 0) {
									asm("lock cmpxchg [ebx], ecx");
									if(_t74 != _t125) {
										goto L40;
									}
								} else {
									_t144 = _t125 | 0x00000002;
									asm("lock cmpxchg [ebx], ecx");
									if(_t74 != _t125) {
										L40:
										_t125 = _t74;
										if(_t74 != 0) {
											continue;
										} else {
										}
									} else {
										while(1) {
											L14:
											_t102 = _t144 & 0xfffffffc;
											 *(_t152 + 0x24) = _t102;
											_t136 = _t102;
											if( *((intOrPtr*)(_t102 + 0x10)) == 0) {
												goto L42;
											}
											L15:
											_t137 =  *((intOrPtr*)(_t136 + 0x10));
											 *((intOrPtr*)(_t102 + 0x10)) = _t137;
											while(_t137 != 0) {
												_t130 =  *((intOrPtr*)(_t137 + 0xc));
												_v32 = _t130;
												if( *_t137 !=  *((intOrPtr*)(_t152 + 0x20))) {
													L46:
													_t137 = _t130;
													continue;
												} else {
													_t114 =  *(_t137 + 8);
													if(_t137 != _t102) {
														 *(_t130 + 8) = _t114;
														_t115 =  *(_t137 + 8);
														_t80 =  *((intOrPtr*)(_t137 + 0xc));
														if(_t115 != 0) {
															 *((intOrPtr*)(_t115 + 0xc)) = _t80;
														} else {
															 *((intOrPtr*)(_t102 + 0x10)) = _t80;
															 *((intOrPtr*)( *((intOrPtr*)(_t137 + 0xc)) + 0x10)) =  *((intOrPtr*)(_t137 + 0xc));
														}
														goto L23;
													} else {
														if(_t114 != 0) {
															_t114 = _t114 ^ (_t114 ^ _t144) & 0x00000003;
														}
														_t87 = _t144;
														asm("lock cmpxchg [ebx], edx");
														_t102 =  *(_t152 + 0x24);
														if(_t87 != _t144) {
															_t144 = _t87;
															goto L14;
														} else {
															_t132 =  *(_t137 + 8);
															_t118 = _t114 & 0xffffff00 | _t114 == 0x00000000;
															 *(_t152 + 0x12) = _t118;
															if(_t132 != 0) {
																 *(_t132 + 0xc) =  *(_t132 + 0xc) & 0x00000000;
																 *((intOrPtr*)(_t132 + 0x10)) =  *((intOrPtr*)(_t137 + 0x10));
																 *(_t152 + 0x12) = _t118;
															}
															_t130 = _v32;
															L23:
															_t116 = 2;
															_t41 = _t137 + 0x14; // 0x14
															_t81 = _t41;
															_t117 =  *_t81;
															 *_t81 = _t116;
															if(_t117 == 2) {
																goto L46;
															} else {
																if(_t117 == 0) {
																	 *(_t137 + 8) = _v36;
																	_v36 = _t137;
																}
																if( *((char*)(_t152 + 0x13)) != 0) {
																	goto L46;
																}
															}
														}
													}
												}
												break;
											}
											_t74 = _v36;
											if(_t74 != 0) {
												do {
													_push( *((intOrPtr*)(_t74 + 4)));
													_t146 =  *(_t74 + 8);
													E01079BF0();
													_t74 = _t146;
												} while (_t146 != 0);
											}
											if( *(_t152 + 0x12) == 0) {
												_t113 =  *( *(_t152 + 0x1c));
												while(1) {
													_t104 = _t113 & 0x00000001;
													asm("sbb edx, edx");
													_t74 = _t113;
													asm("lock cmpxchg [esi], edx");
													if(_t74 == _t113) {
														break;
													}
													_t113 = _t74;
												}
												if(_t104 != 0) {
													_t74 = E010ECF30(_t74);
												}
											}
											goto L30;
											do {
												L42:
												_t75 = _t136;
												_t136 =  *(_t136 + 8);
												 *(_t136 + 0xc) = _t75;
											} while ( *((intOrPtr*)(_t136 + 0x10)) == 0);
											goto L15;
										}
									}
								}
								goto L30;
							}
						}
						L30:
						return _t74;
					} else {
						_t119 =  *((intOrPtr*)(_t71 + 4));
						if( *_t119 != _t71) {
							goto L9;
						} else {
							 *_t119 = _t124;
							 *((intOrPtr*)(_t124 + 4)) = _t119;
							_t138 =  *((intOrPtr*)(_t141 + 0x30));
							 *_t94 =  *((intOrPtr*)(_t141 + 0x38));
							 *_a4 =  *(_t141 + 0x3c);
							_t92 = L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t141);
							if(_t138 != 0) {
								 *_t138 = 1;
								_t92 =  &_v8;
								asm("lock or [eax], ecx");
								_push(0);
								L10();
							}
							goto L2;
						}
					}
				} else {
					_t92 = _a4;
					 *__edx =  *__edx & 0x00000000;
					 *_t92 =  *_t92 & 0x00000000;
					L2:
					return _t92;
				}
			}

0x0106df51
0x0106df52
0x0106df55
0x0106df56
0x0106df58
0x0106df5d
0x0106df63
0x0106df77
0x0106df7c
0x0106dfd3
0x0106dfd3
0x0106df7e
0x0106df81
0x0106df86
0x0106dfda
0x0106dfdc
0x0106dfdd
0x0106dfe7
0x0106dff0
0x0106dff5
0x0106dff8
0x0106e005
0x0106e00f
0x0106e010
0x0106e011
0x0106e014
0x0106e016
0x0106e018
0x0106e01c
0x0106e022
0x0106e028
0x0106e031
0x0106e036
0x010ab47d
0x010ab483
0x00000000
0x00000000
0x0106e03c
0x0106e03e
0x0106e043
0x0106e049
0x010ab489
0x010ab489
0x010ab48d
0x00000000
0x00000000
0x010ab493
0x00000000
0x0106e04f
0x0106e04f
0x0106e051
0x0106e054
0x0106e058
0x0106e05e
0x00000000
0x00000000
0x0106e064
0x0106e064
0x0106e067
0x0106e06a
0x0106e076
0x0106e079
0x0106e07f
0x010ab4cc
0x010ab4cc
0x00000000
0x0106e085
0x0106e085
0x0106e08a
0x0106e11c
0x0106e11f
0x0106e122
0x0106e127
0x0106e164
0x0106e129
0x0106e129
0x0106e12f
0x0106e12f
0x00000000
0x0106e090
0x0106e092
0x010ab4b2
0x010ab4b2
0x0106e09e
0x0106e0a0
0x0106e0a4
0x0106e0aa
0x010ab4d3
0x00000000
0x0106e0b0
0x0106e0b0
0x0106e0b5
0x0106e0b8
0x0106e0be
0x010ab4b9
0x010ab4c0
0x010ab4c3
0x010ab4c3
0x0106e0c4
0x0106e0c8
0x0106e0ca
0x0106e0cb
0x0106e0cb
0x0106e0ce
0x0106e0ce
0x0106e0d3
0x00000000
0x0106e0d9
0x0106e0db
0x0106e0e1
0x0106e0e4
0x0106e0e4
0x0106e0ed
0x00000000
0x00000000
0x0106e0ed
0x0106e0d3
0x0106e0aa
0x0106e08a
0x00000000
0x0106e07f
0x0106e0f3
0x0106e0f9
0x0106e0fb
0x0106e0fb
0x0106e0fe
0x0106e101
0x0106e106
0x0106e108
0x0106e0fb
0x0106e111
0x0106e138
0x0106e13a
0x0106e13e
0x0106e148
0x0106e14e
0x0106e150
0x0106e156
0x00000000
0x00000000
0x0106e16c
0x0106e16c
0x0106e15a
0x0106e15d
0x0106e15d
0x0106e15a
0x00000000
0x010ab498
0x010ab498
0x010ab498
0x010ab49a
0x010ab49d
0x010ab4a0
0x00000000
0x010ab4a6
0x0106e04f
0x0106e049
0x00000000
0x0106e036
0x0106e028
0x0106e113
0x0106e119
0x0106df88
0x0106df88
0x0106df8d
0x00000000
0x0106df8f
0x0106df8f
0x0106df91
0x0106df97
0x0106df9a
0x0106dfa5
0x0106dfb0
0x0106dfb7
0x0106dfb9
0x0106dfbf
0x0106dfc4
0x0106dfc7
0x0106dfcc
0x0106dfcc
0x00000000
0x0106dfb7
0x0106df8d
0x0106df65
0x0106df65
0x0106df68
0x0106df6b
0x0106df6e
0x0106df74
0x0106df74

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb68034816a1b22d4d42b68bfa87daaead973648ca8f5c3e9f107cae683dcf72
Instruction ID: 7e722ff55d84aec6fb1f21870583055419d3827bc04f0ea9d124870b6114132d
Opcode Fuzzy Hash: eb68034816a1b22d4d42b68bfa87daaead973648ca8f5c3e9f107cae683dcf72
Instruction Fuzzy Hash: 40118E712016059FD769CF59C840F66BBFAFF85321F0581A9E58A8B6A0E770EC01CB90

Uniqueness

Uniqueness Score: -1.00%

Function 010C4257 Relevance: .1, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E010C4257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x11108d0);
				E0108D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E010C41E8(__ebx, __edi, __ecx, _t39);
				E0104EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x11287e4;
					_t18 =  *0x11287e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x1125cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x11287e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x11287e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L01037055(_t31 + 0xfffffff8);
								_t24 =  *0x11287e0; // 0x0
								_t18 = _t24 - 1;
								 *0x11287e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x1125cd0;
				if( *0x1125cd0 <= 0) {
					L01037055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x11287e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x11287e8 = _t30;
						 *0x11287e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0108D0D1(L010C4320());
			}

0x010c4257
0x010c4257
0x010c4257
0x010c4259
0x010c425e
0x010c4263
0x010c4265
0x010c4273
0x010c4278
0x010c427c
0x010c427f
0x010c4281
0x010c4287
0x010c42d7
0x010c42d7
0x010c42da
0x010c428d
0x010c428d
0x010c428f
0x010c4292
0x010c4297
0x010c429c
0x010c42a0
0x010c42a6
0x010c42a8
0x010c42ae
0x010c42b3
0x00000000
0x010c42ba
0x010c42ba
0x010c42bf
0x010c42c5
0x010c42ca
0x010c42cf
0x010c42d0
0x00000000
0x010c42d0
0x010c42b3
0x00000000
0x010c42a6
0x010c429c
0x010c42dc
0x010c42dc
0x010c42e3
0x010c4309
0x010c42e5
0x010c42e5
0x010c42e8
0x010c42ee
0x010c42f0
0x00000000
0x010c42f2
0x010c42f2
0x010c42f4
0x010c42f7
0x010c42f9
0x010c4300
0x010c4300
0x010c42f0
0x010c430e
0x010c431f

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3786a38e047fb8fb6af67d08d41ed4be7e635bab1891b74be0e5b7354d1e1cd
Instruction ID: 6ed788c36c3f22051513ab2efddb35ce92c3a8def5fc111740a2edbbf84867fc
Opcode Fuzzy Hash: b3786a38e047fb8fb6af67d08d41ed4be7e635bab1891b74be0e5b7354d1e1cd
Instruction Fuzzy Hash: C8216D70901A01EFC779DF68D050658BBF2FB85754B50C2BED1A5CB299D73194A1CF00

Uniqueness

Uniqueness Score: -1.00%

Function 010428FD Relevance: .1, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010428FD(char __edx, signed int _a4) {
				void* __ecx;
				void* _t8;
				char* _t13;
				signed char* _t17;
				void* _t21;
				void* _t22;
				char _t28;

				_t28 = __edx;
				_t8 = E0104EB70(_t22, 0x1125350);
				_t23 = _a4;
				_t21 = _t8;
				if( !_a4 >= 0) {
					E0103B1E1(_t23, 0x14a2, _t28, 0);
				}
				if(E01057D50() != 0) {
					_t13 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
						if(E01057D50() == 0) {
							_t17 = 0x7ffe0385;
						} else {
							_t17 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t17 & 0x00000020) != 0) {
							E010B7016(0x14a2, 0, 0, _t28, 0, 0);
						}
					}
				}
				return _t21;
			}

0x0104290b
0x0104290d
0x01042912
0x01042915
0x0104291d
0x01097758
0x01097758
0x0104292a
0x0109776b
0x01042930
0x01042930
0x01042930
0x01042938
0x01097782
0x0109778f
0x010977a1
0x01097791
0x0109779a
0x0109779a
0x010977a9
0x010977bd
0x010977bd
0x010977a9
0x01097782
0x01042945

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0153ab2b93575d8f4d0d426e3d4038ebb8f2926726987d612192159486ade1f9
Instruction ID: 6ddfb2deb927ef04cb4cd08bb97bde10ff1c09dd952beff09a1341843ecdc782
Opcode Fuzzy Hash: 0153ab2b93575d8f4d0d426e3d4038ebb8f2926726987d612192159486ade1f9
Instruction Fuzzy Hash: 1B11663A344640ABF366932DDC84F6ABBE8EF84B90F0400B6BDC18B2D1DAA4DC00C121

Uniqueness

Uniqueness Score: -1.00%

Function 01062397 Relevance: .1, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 29%

			E01062397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x112848c != 0) {
					L0105FAD0(0x1128610);
					if( *0x112848c == 0) {
						E0105FA00(0x1128610, _t19, _t27, 0x1128610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E01062581(0x1128610, 0x10150a0, _t26, _t27, _t28);
						E0105FA00(0x1128610, 0x10150a0, _t27, 0x1128610);
					}
				} else {
					L1:
					_t11 =  *0x1128614; // 0x0
					if(_t11 == 0) {
						_t11 = E01074886(0x1011088, 1, 0x1128614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E01062581(0x1128610, (_t11 << 4) + 0x1015070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}

0x010623b0
0x010623b6
0x01062409
0x01062415
0x010a5ae9
0x00000000
0x0106241b
0x0106241b
0x0106241d
0x01062427
0x0106242e
0x01062430
0x01062430
0x010623b8
0x010623b8
0x010623b8
0x010623bf
0x010623fc
0x010623fc
0x010623c1
0x010623c3
0x010623d0
0x010623d8
0x010623d8
0x010623dc
0x010623de
0x010623e1
0x010623e1
0x010623ec

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d78aceb6111385764c15c8acebe75fdb05b436097379e99f739e7a1492d9def
Instruction ID: 49244d33d2f4b48eee58d29b10f1e22b7a24d3646e4c5dc4e71b168e3d48f3a1
Opcode Fuzzy Hash: 0d78aceb6111385764c15c8acebe75fdb05b436097379e99f739e7a1492d9def
Instruction Fuzzy Hash: 26112B7170036167E3759A29EC40B5AB6DCBBA0610F14846AFAC2A7240DBB8E840C754

Uniqueness

Uniqueness Score: -1.00%

Function 0103C962 Relevance: .1, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 42%

			E0103C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				char _t22;
				void* _t26;
				void* _t27;
				char _t32;
				char _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x112d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E0104EEF0(0x11270a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E010BF625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E0104EB70(_t29, 0x11270a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E0107B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E010BF1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x11270c0; // 0x0
					while(_t38 != 0x11270c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x112b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}

0x0103c96a
0x0103c974
0x0103c988
0x0103c98a
0x010a7c9d
0x010a7c9f
0x010a7ca4
0x010a7cae
0x010a7cf0
0x010a7cf5
0x010a7cfa
0x0103c992
0x0103c996
0x0103c997
0x0103c998
0x0103c9a3
0x0103c9a3
0x010a7cb0
0x010a7cb7
0x010a7cbb
0x00000000
0x00000000
0x010a7cbd
0x010a7ce8
0x010a7cc5
0x010a7cc8
0x010a7cca
0x010a7cd0
0x010a7cd6
0x010a7cde
0x010a7ce4
0x010a7ce4
0x010a7cd0
0x00000000
0x010a7ce8
0x0103c990
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aebf11ad8043b3eafdd837160750800e1b33821677130aa7e20e482286c428ec
Instruction ID: a6150e54f877b5b831dcf74f4b06fd6738fe66a5773d457b4b04cf8250f712de
Opcode Fuzzy Hash: aebf11ad8043b3eafdd837160750800e1b33821677130aa7e20e482286c428ec
Instruction Fuzzy Hash: 3211213130070AABC764AFACDC84AAB77E5BB98210F40053DEAC183690DB25ED64C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 01034CB0 Relevance: .1, Instructions: 56
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E01034CB0(void* __ecx, intOrPtr _a4, intOrPtr _a8, signed int _a12, void* _a16) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t21;
				intOrPtr _t22;
				intOrPtr _t23;
				void* _t26;
				void* _t32;
				void* _t37;
				intOrPtr _t38;
				intOrPtr _t41;

				_t35 = __ecx;
				_push(__ecx);
				_push(_t32);
				_t41 = _a4;
				_push(_t38);
				if(_t41 == 0) {
					L8:
					E011088F5(_t32, _t35, _t37, _t38, _t41, __eflags);
					_t21 = 0xc000000d;
					L6:
					return _t21;
				}
				_t22 =  *((intOrPtr*)(_t41 + 0x4c));
				if(_t22 == 0) {
					goto L8;
				}
				_t38 = _a8;
				if( *((intOrPtr*)(_t22 + 0xa8)) != _t38 || ( *(_t41 + 0x84) & 0x00000001) != 0) {
					goto L8;
				} else {
					_t34 = _a16;
					_t23 =  *0x11284c4; // 0x0
					_t36 =  *(_a16 + 2) & 0x0000ffff;
					_v8 =  *(_a16 + 2) & 0x0000ffff;
					_t26 = E01054620( *(_a16 + 2) & 0x0000ffff,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t23 + 0x80000, _t36);
					 *((intOrPtr*)(_t41 + 0x78)) = _t26;
					if(_t26 == 0) {
						_t21 = 0xc0000017;
					} else {
						E0107F3E0(_t26, _t34, _v8);
						 *((intOrPtr*)(_t41 + 0x7c)) = _t38;
						asm("lock inc dword [eax]");
						 *(_t41 + 0x84) =  *(_t41 + 0x84) | 0x00000001;
						 *(_t41 + 0x80) = _a12 | 0x00040000;
						_t21 = 0;
					}
					goto L6;
				}
			}

0x01034cb0
0x01034cb5
0x01034cb6
0x01034cb8
0x01034cbb
0x01034cbe
0x01034d50
0x01034d50
0x01034d55
0x01034d40
0x01034d46
0x01034d46
0x01034cc4
0x01034cc9
0x00000000
0x00000000
0x01034ccf
0x01034cd8
0x00000000
0x01034ce3
0x01034ce3
0x01034ce6
0x01034cf0
0x01034cfc
0x01034d02
0x01034d07
0x01034d0c
0x01034d49
0x01034d0e
0x01034d13
0x01034d18
0x01034d26
0x01034d2c
0x01034d38
0x01034d3e
0x01034d3e
0x00000000
0x01034d0c

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9ac9be57dd0afe24e30283170e476c3752536d5cc7fcef5a9d9e007c8f6f969
Instruction ID: 7b958aca9043be46121841135c4d2bf8560c0ccc448a86619384b49a50ca24ff
Opcode Fuzzy Hash: e9ac9be57dd0afe24e30283170e476c3752536d5cc7fcef5a9d9e007c8f6f969
Instruction Fuzzy Hash: CB119E71A00605AFE722DF59E845BA777ECEB85314F0144A9EA99CB211DB31E8408BA0

Uniqueness

Uniqueness Score: -1.00%

Function 0106002D Relevance: .1, Instructions: 55
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0106002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E01057D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E01057D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E01057D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E01057D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}

0x01060032
0x01060037
0x01060043
0x010a4b3a
0x01060049
0x01060049
0x01060049
0x0106004e
0x01060053
0x010a4b48
0x010a4b5a
0x010a4b4a
0x010a4b53
0x010a4b53
0x010a4b5f
0x00000000
0x010a4b61
0x00000000
0x010a4b61
0x01060059
0x01060059
0x01060060
0x010a4b6f
0x010a4b6f
0x01060069
0x010a4b83
0x00000000
0x00000000
0x010a4b90
0x010a4b9b
0x010a4b9b
0x010a4ba4
0x00000000
0x00000000
0x010a4baa
0x00000000
0x0106006f
0x0106006f
0x00000000
0x0106006f
0x01060069

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
Instruction ID: a24b91de586598d05315273586f041ea659d0f99aa1ec765aa6084624990f8ac
Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
Instruction Fuzzy Hash: A311E5366616818FE76397ACC944B3A77E8AB40754F4D00E0FD84C76A2D369D841C260

Uniqueness

Uniqueness Score: -1.00%

Function 0103A745 Relevance: .1, Instructions: 55
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E0103A745(void* __ebx, void* __ecx, void* __edx, void* __edi) {
				signed int _v12;
				void* __esi;
				intOrPtr _t7;
				signed int _t9;
				intOrPtr* _t12;
				intOrPtr _t15;
				void* _t19;
				intOrPtr _t20;
				void* _t23;
				intOrPtr* _t28;
				intOrPtr _t30;
				void* _t32;
				void* _t34;
				void* _t35;
				signed int _t37;

				_push(__ecx);
				_t7 =  *0x11284cc; // 0x0
				_t34 = __ecx;
				_t9 = E01052280(_t7 + 0x18, _t7 + 0x18);
				asm("lock xadd [esi+0x14], eax");
				if((_t9 | 0xffffffff) == 1) {
					_t2 = _t34 + 8; // 0x8
					_t12 = _t2;
					_t30 =  *_t12;
					if( *((intOrPtr*)(_t30 + 4)) != _t12) {
						L7:
						asm("int 0x29");
						_t32 = 3;
						_pop(_t35);
						_pop(_t23);
						return E0107B640(0xc00000f0, _t23, _v12 ^ _t37, _t30, _t32, _t35);
					} else {
						_t28 =  *((intOrPtr*)(_t12 + 4));
						if( *_t28 != _t12) {
							goto L7;
						} else {
							_t15 =  *0x11284cc; // 0x0
							 *_t28 = _t30;
							 *((intOrPtr*)(_t30 + 4)) = _t28;
							E0104FFB0(__ebx, __edi, _t15 + 0x18);
							_t19 = L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t34);
							goto L2;
						}
					}
				} else {
					_t20 =  *0x11284cc; // 0x0
					_t19 = E0104FFB0(__ebx, __edi, _t20 + 0x18);
					L2:
					return _t19;
				}
			}

0x0103a74a
0x0103a74b
0x0103a754
0x0103a757
0x0103a75f
0x0103a765
0x0109440f
0x0109440f
0x01094412
0x01094417
0x01094449
0x0109444c
0x0103a86a
0x0103a86b
0x0103a86e
0x0103a877
0x01094419
0x01094419
0x0109441e
0x00000000
0x01094420
0x01094420
0x01094428
0x0109442b
0x0109442e
0x0109443f
0x00000000
0x0109443f
0x0109441e
0x0103a76b
0x0103a76b
0x0103a774
0x0103a779
0x0103a77d
0x0103a77d

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5eb9c659c73c0a1c06aa9aaf7f45feec423561ed0d0e70c8d58928f32d1b01c
Instruction ID: 5825499eea006ec050a4ffd15d674509f7402517d33fe038cb5b67fcb204df67
Opcode Fuzzy Hash: f5eb9c659c73c0a1c06aa9aaf7f45feec423561ed0d0e70c8d58928f32d1b01c
Instruction Fuzzy Hash: 7A019672601206DBD724EF6DEC40B6AB7E8EF41325B0442AEE585CB251DE35D951C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 01039080 Relevance: .1, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E01039080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x11285ec;
				E01052280(_t48, 0x11285ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E0104FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x112538c; // 0x77de6828
					if( *_t84 != 0x1125388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x110f6e8);
						E0108D0E8(0x11285ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E011088F5(_t80, _t85, 0x1125388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x11286c0; // 0xbd07b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x11286b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E01052280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E011088F5(0x11285ec, _t85, 0x1125388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E0107AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x112b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x11284c0;
																			if(_t82 >=  *0x11284c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E01109063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0103922A(_t99);
										_t64 = E01057D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E01108B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x11286c0; // 0xbd07b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x11286b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x11286bc;
													_t87 = 0x11286b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E01039240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x11286c4;
												_t87 = 0x11286c0;
												L27:
												E01069B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0108D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x1125388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x112538c = _t51;
						goto L6;
					}
				}
			}

0x01039082
0x01039083
0x01039084
0x01039085
0x01039087
0x01039096
0x01039098
0x01039098
0x0103909e
0x010390a8
0x010390e7
0x010390e7
0x010390aa
0x010390b0
0x010390b7
0x010390bd
0x010390dd
0x010390e6
0x010390bf
0x010390bf
0x010390c7
0x010390cf
0x010390f1
0x010390f2
0x010390f4
0x010390f5
0x010390f6
0x010390f7
0x010390f8
0x010390f9
0x010390fa
0x010390fb
0x010390fc
0x010390fd
0x010390fe
0x010390ff
0x01039100
0x01039102
0x01039107
0x0103910c
0x01039110
0x01039113
0x01039115
0x01039136
0x0103913f
0x01039143
0x010937e4
0x010937e4
0x01039117
0x01039117
0x0103911d
0x00000000
0x0103911f
0x0103911f
0x01039125
0x00000000
0x01039127
0x0103912d
0x01039130
0x01039134
0x01039158
0x0103915d
0x01039161
0x01039168
0x01093715
0x0103916e
0x0103916e
0x01039175
0x01039177
0x0103917e
0x0103917f
0x01039182
0x01039182
0x01039187
0x01039187
0x0103918a
0x0103918d
0x0103918f
0x01039192
0x01039195
0x01039198
0x01039198
0x01039198
0x0103919a
0x00000000
0x00000000
0x0109371f
0x01093721
0x01093727
0x0109372f
0x01093733
0x01093735
0x01093738
0x0109373b
0x0109373d
0x01093740
0x00000000
0x01093746
0x01093746
0x01093749
0x00000000
0x0109374f
0x0109374f
0x01093751
0x01093757
0x01093759
0x0109375c
0x0109375c
0x0109375e
0x0109375e
0x01093761
0x01093764
0x00000000
0x00000000
0x01093766
0x01093768
0x010937a3
0x010937a3
0x010937a5
0x010937a7
0x010937ad
0x010937b0
0x010937b2
0x010937bc
0x010937c2
0x010937c2
0x010937b2
0x01039187
0x01039187
0x0103918a
0x0103918d
0x0103918f
0x01039192
0x01039195
0x00000000
0x01039195
0x00000000
0x0109376a
0x0109376a
0x0109376a
0x0109376c
0x0109376c
0x0109376f
0x01093775
0x00000000
0x00000000
0x01093777
0x01093779
0x01093782
0x01093787
0x01093789
0x01093790
0x01093790
0x0109378b
0x0109378b
0x0109378b
0x01093792
0x01093795
0x00000000
0x01093795
0x00000000
0x01093779
0x01093798
0x00000000
0x01093798
0x00000000
0x01093768
0x0109379b
0x0109379b
0x01093751
0x01093749
0x00000000
0x01093740
0x010391a0
0x010391a3
0x010391a9
0x010391b0
0x00000000
0x010391b0
0x01039187
0x010391b4
0x010391b4
0x010391bb
0x010391c0
0x010391c5
0x010391c7
0x010937da
0x010391cd
0x010391cd
0x010391cd
0x010391d2
0x010391d5
0x01039239
0x01039239
0x010391d7
0x010391db
0x010391e1
0x010391e7
0x010391fd
0x01039203
0x0103921e
0x01039223
0x00000000
0x01039205
0x01039205
0x01039208
0x0103920c
0x01039214
0x01039214
0x0103920c
0x010391e9
0x010391e9
0x010391ee
0x010391f3
0x010391f3
0x010391f3
0x010391e7
0x00000000
0x00000000
0x00000000
0x01039134
0x01039125
0x0103911d
0x0103914e
0x010390d1
0x010390d1
0x010390d3
0x010390d6
0x010390d8
0x00000000
0x010390d8
0x010390cf

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e78f388f3b7819de4925b42d0ccb6140198834d65a23d66aab4bd43fb972e89
Instruction ID: e4f5f256dcc52fe50a2e7ba00cb30c5dd3641c424738d9c9fe52f01529d50966
Opcode Fuzzy Hash: 1e78f388f3b7819de4925b42d0ccb6140198834d65a23d66aab4bd43fb972e89
Instruction Fuzzy Hash: F401F472905600DFD3698F08D880B12BBE9EF81324F218076E5519B692C3B0DC81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 010CC450 Relevance: .1, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E010CC450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E01079910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E010795B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E010795D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E010795D0();
				return L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}

0x010cc458
0x010cc45d
0x010cc466
0x010cc468
0x010cc469
0x010cc46a
0x010cc46b
0x010cc46e
0x010cc46f
0x010cc471
0x010cc476
0x010cc476
0x010cc47c
0x010cc47e
0x010cc480
0x010cc480
0x010cc483
0x010cc484
0x010cc486
0x010cc488
0x010cc48f
0x010cc491
0x010cc493
0x010cc493
0x010cc48f
0x010cc498
0x010cc49e
0x010cc4ad
0x010cc4ad
0x010cc4b2
0x010cc4b4
0x010cc4cd

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
Instruction ID: b21ae60ad4c64c442d4c897d272586a775a6c8469e1a3968be1cb3435fb4f4b5
Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
Instruction Fuzzy Hash: D401847114050ABFE711AF69CD80EA7FB7DFB54764F108529F29442560CB31ACA0CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 01063B5A Relevance: .1, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01063B5A(void* __eax, intOrPtr __ebx, void* __edi, intOrPtr __esi) {
				void* _t14;
				intOrPtr _t15;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t23;
				intOrPtr _t27;
				intOrPtr _t31;
				intOrPtr _t37;
				void* _t39;

				_t37 = __esi;
				_t31 = __ebx;
				_t14 = __eax;
				if( *((intOrPtr*)(_t39 - 0x40)) != __ebx || __edi < 0) {
					if(_t37 == 0) {
						goto L2;
					}
					_t32 =  *((intOrPtr*)(_t39 - 0x24));
					if( *((intOrPtr*)(_t39 - 0x24)) != 0) {
						_t27 =  *0x11284c4; // 0x0
						L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27 + 0xc0000, _t32);
						_t37 =  *((intOrPtr*)(_t39 - 0x20));
					}
					_t33 =  *((intOrPtr*)(_t37 + 0x1c));
					if( *((intOrPtr*)(_t37 + 0x1c)) != 0) {
						_t23 =  *0x11284c4; // 0x0
						L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t23 + 0xc0000, _t33);
						_t37 =  *((intOrPtr*)(_t39 - 0x20));
					}
					_t34 =  *((intOrPtr*)(_t37 + 0x20));
					if( *((intOrPtr*)(_t37 + 0x20)) != 0) {
						_t19 =  *0x11284c4; // 0x0
						L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t19 + 0xc0000, _t34);
						_t37 =  *((intOrPtr*)(_t39 - 0x20));
					}
					_t15 =  *0x11284c4; // 0x0
					_t18 = L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t15 + 0xc0000, _t37);
					 *((intOrPtr*)(_t39 - 0x20)) = _t31;
					return _t18;
				} else {
					L2:
					return _t14;
				}
			}

0x01063b5a
0x01063b5a
0x01063b5a
0x01063b5d
0x010a61e6
0x00000000
0x00000000
0x010a61ec
0x010a61f1
0x010a61f3
0x010a6208
0x010a620d
0x010a620d
0x010a6210
0x010a6215
0x010a6217
0x010a622c
0x010a6231
0x010a6231
0x010a6234
0x010a6239
0x010a623b
0x010a6250
0x010a6255
0x010a6255
0x010a6258
0x010a626d
0x010a6274
0x00000000
0x01063b6b
0x01063b6b
0x01063b6b
0x01063b6b

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87c5c3118448df74cf66f721d32a4f087e2bf92823d627c941f294e21971e53b
Instruction ID: b5fce89d17165d80b327b2bbb9a72e049f2eda5bd75e69d8bed636b5b2426838
Opcode Fuzzy Hash: 87c5c3118448df74cf66f721d32a4f087e2bf92823d627c941f294e21971e53b
Instruction Fuzzy Hash: B8111C36601554DFCB69DF88CA40F6A7BF9FB08600F9901ACE945A7752C329FC10CB94

Uniqueness

Uniqueness Score: -1.00%

Function 010F1A5F Relevance: .0, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E010F1A5F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				void* _t23;
				signed char* _t24;
				intOrPtr _t30;
				void* _t36;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t39;
				intOrPtr _t40;
				intOrPtr _t41;
				signed int _t42;

				_t35 = __edx;
				_t30 = __ebx;
				_v8 =  *0x112d360 ^ _t42;
				_t37 = __edx;
				_t40 = __ecx;
				E0107FA60( &_v60, 0, 0x34);
				_v28 = _t40;
				_v54 = 0x1035;
				_v20 = _a4;
				_v16 = _a8;
				_v24 = _t37;
				_v12 = _a12;
				_t23 = E01057D50();
				_t38 = _t36;
				_t41 = _t39;
				if(_t23 == 0) {
					_t24 = 0x7ffe0380;
				} else {
					_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v60);
				_push(0x14);
				_push(0x20402);
				_push( *_t24 & 0x000000ff);
				return E0107B640(E01079AE0(), _t30, _v8 ^ _t42, _t35, _t38, _t41);
			}

0x010f1a5f
0x010f1a5f
0x010f1a6e
0x010f1a78
0x010f1a7d
0x010f1a7f
0x010f1a89
0x010f1a8c
0x010f1a96
0x010f1a9c
0x010f1aa2
0x010f1aa5
0x010f1aa8
0x010f1aad
0x010f1aae
0x010f1ab1
0x010f1ac3
0x010f1ab3
0x010f1abc
0x010f1abc
0x010f1ace
0x010f1acf
0x010f1ad1
0x010f1ad6
0x010f1ae9

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aeff497c5779359d4dc622928a4d1a4fc63a28a3125bea19a9d02f8349143e7d
Instruction ID: 1c87e3514f7aefb3e43f4ab9c65181de17c2d163efcf655f9e3e6ef99eb01b2f
Opcode Fuzzy Hash: aeff497c5779359d4dc622928a4d1a4fc63a28a3125bea19a9d02f8349143e7d
Instruction Fuzzy Hash: 53115B71E01249ABCB10EFA9D846EAEBBF8EF44710F44406AF954EB380D674DA04CB94

Uniqueness

Uniqueness Score: -1.00%

Function 010331E0 Relevance: .0, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010331E0(intOrPtr _a4, intOrPtr _a8) {
				char* _t12;
				signed int* _t13;
				signed int _t26;
				intOrPtr _t28;

				_t28 = _a4;
				_t26 = 0;
				_t12 = E0103354C(_t28, 0);
				if(_t12 == 0) {
					L3:
					return _t12;
				}
				if(_a8 != 0) {
					_t13 = _t28 + 0xa8;
					_t26 =  *_t13;
					 *_t13 = 0;
				}
				_t12 = E01069ED0(_t28 + 0x20,  ~_t26, 1);
				if(_t26 != 0) {
					if(E01057D50() == 0) {
						_t12 = 0x7ffe0386;
					} else {
						_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					}
					if( *_t12 == 0) {
						goto L3;
					}
					return E01108966( *((intOrPtr*)(_t28 + 0x5c)), _t28 + 0x78, _t28 + 0x30,  *((intOrPtr*)(_t28 + 0x34)),  *((intOrPtr*)(_t28 + 0x3c)), _t26);
				} else {
					goto L3;
				}
			}

0x010331e6
0x010331ec
0x010331f1
0x010331f8
0x0103321c
0x0103321c
0x0103321c
0x010331fd
0x0108fe1e
0x0108fe24
0x0108fe24
0x0108fe24
0x0103320c
0x01033213
0x0108fe32
0x0108fe44
0x0108fe34
0x0108fe3d
0x0108fe3d
0x0108fe4c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
Instruction ID: 393d45c6c7148c8806fa1608b093bbfd68f910f6655c72650dd1c0e989a3c206
Opcode Fuzzy Hash: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
Instruction Fuzzy Hash: 0A01FC32600B029FEB63E67BD940EA777EDFFD1714F044459AAC68B591DA70E841C750

Uniqueness

Uniqueness Score: -1.00%

Function 01104015 Relevance: .0, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E01104015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E01052280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E01052280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x11286ac);
					E0103F900(0x11286d4, _t28);
					E0104FFB0(0x11286ac, _t28, 0x11286ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E0104FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}

0x0110401a
0x0110401e
0x01104023
0x01104028
0x01104029
0x0110402b
0x0110402f
0x01104043
0x01104046
0x01104051
0x01104057
0x0110405f
0x01104062
0x01104067
0x0110406f
0x0110407c
0x0110407c
0x0110408c
0x0110408c
0x01104097

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4eb298318f81cc8ffaf65722906338b4d54c81c167aa7602605a06afbd7ea800
Instruction ID: ef34a1f5fb531e624c28d03a83263c7be3113d5beec2ddca5b9fa57cde9cca68
Opcode Fuzzy Hash: 4eb298318f81cc8ffaf65722906338b4d54c81c167aa7602605a06afbd7ea800
Instruction Fuzzy Hash: B5018F72601A46BFD365AB69CD80E93BBACFF55660B000229FA4893A51CB24EC11C6E4

Uniqueness

Uniqueness Score: -1.00%

Function 010F1951 Relevance: .0, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E010F1951(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x112d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0107FA60( &_v60, 0, 0x30);
				_v28 = _t34;
				_v54 = 0x1030;
				_v20 = _a4;
				_v24 = _t33;
				_v16 = _a8;
				if(E01057D50() == 0) {
					_t21 = 0x7ffe0380;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0107B640(E01079AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x010f1951
0x010f1951
0x010f1960
0x010f196a
0x010f196f
0x010f1971
0x010f197b
0x010f197e
0x010f1988
0x010f198e
0x010f1991
0x010f199b
0x010f19ad
0x010f199d
0x010f19a6
0x010f19a6
0x010f19b8
0x010f19b9
0x010f19bb
0x010f19c0
0x010f19d5

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f5c49c3bf3fa9fa25061801ec4e6e07d93f6def66857850140382309d2407a3
Instruction ID: fe535b45dfbecb67912d4ee1883a471141589e5e5c0162f0402cfe957157db55
Opcode Fuzzy Hash: 5f5c49c3bf3fa9fa25061801ec4e6e07d93f6def66857850140382309d2407a3
Instruction Fuzzy Hash: 50015271E01259AFDB14EFA9D846EAFBBB8EF44710F00406AF950EB380D6749A40C7D5

Uniqueness

Uniqueness Score: -1.00%

Function 010F19D8 Relevance: .0, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E010F19D8(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x112d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0107FA60( &_v60, 0, 0x30);
				_v28 = _t34;
				_v54 = 0x1032;
				_v20 = _a4;
				_v24 = _t33;
				_v16 = _a8;
				if(E01057D50() == 0) {
					_t21 = 0x7ffe0380;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0107B640(E01079AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x010f19d8
0x010f19d8
0x010f19e7
0x010f19f1
0x010f19f6
0x010f19f8
0x010f1a02
0x010f1a05
0x010f1a0f
0x010f1a15
0x010f1a18
0x010f1a22
0x010f1a34
0x010f1a24
0x010f1a2d
0x010f1a2d
0x010f1a3f
0x010f1a40
0x010f1a42
0x010f1a47
0x010f1a5c

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2756e32155ae81ce69dbbedd6e305fd6128509d8ea815e013c54f310f17f0ae2
Instruction ID: 010d5f347cb54e037fff10cddcba4bb81194e5b05ce19a00e2db10552fc97bca
Opcode Fuzzy Hash: 2756e32155ae81ce69dbbedd6e305fd6128509d8ea815e013c54f310f17f0ae2
Instruction Fuzzy Hash: C3019271E01259AFCB14EFA9D846EEFBBB8EF44710F40406AF950EB380D6749A01CB94

Uniqueness

Uniqueness Score: -1.00%

Function 010F1843 Relevance: .0, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E010F1843(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x112d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0107FA60( &_v60, 0, 0x30);
				_v28 = _t34;
				_v54 = 0x102f;
				_v20 = _a4;
				_v24 = _t33;
				_v16 = _a8;
				if(E01057D50() == 0) {
					_t21 = 0x7ffe0380;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0107B640(E01079AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x010f1843
0x010f1843
0x010f1852
0x010f185c
0x010f1861
0x010f1863
0x010f186d
0x010f1870
0x010f187a
0x010f1880
0x010f1883
0x010f188d
0x010f189f
0x010f188f
0x010f1898
0x010f1898
0x010f18aa
0x010f18ab
0x010f18ad
0x010f18b2
0x010f18c7

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b93da01f598e271d49eceda456ac59fdbe962a1d6a9dc6633576e152263c19e
Instruction ID: 3efd6d2a5db0f2090d5e131c0c7f01e184365e6826524d86f35d921c51a5d21b
Opcode Fuzzy Hash: 9b93da01f598e271d49eceda456ac59fdbe962a1d6a9dc6633576e152263c19e
Instruction Fuzzy Hash: CB019271E01249AFCB14EFA8D846EEFBBB8EF44710F04406AF940EB380D6749A00C794

Uniqueness

Uniqueness Score: -1.00%

Function 010F18CA Relevance: .0, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E010F18CA(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x112d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0107FA60( &_v60, 0, 0x30);
				_v28 = _t34;
				_v54 = 0x1031;
				_v20 = _a4;
				_v24 = _t33;
				_v16 = _a8;
				if(E01057D50() == 0) {
					_t21 = 0x7ffe0380;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0107B640(E01079AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x010f18ca
0x010f18ca
0x010f18d9
0x010f18e3
0x010f18e8
0x010f18ea
0x010f18f4
0x010f18f7
0x010f1901
0x010f1907
0x010f190a
0x010f1914
0x010f1926
0x010f1916
0x010f191f
0x010f191f
0x010f1931
0x010f1932
0x010f1934
0x010f1939
0x010f194e

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af54996bf58b3e08217b38f80a75a387f7d2f1c7b60705772b8dec2c2b628023
Instruction ID: d43423c53369cf6dbd776e9947c37590504c3726203f7895f353e0c5da02098f
Opcode Fuzzy Hash: af54996bf58b3e08217b38f80a75a387f7d2f1c7b60705772b8dec2c2b628023
Instruction Fuzzy Hash: D3019271E01249BFCB14EFA9D846EAFBBB8EF44710F00406AF951EB380D6749A00C794

Uniqueness

Uniqueness Score: -1.00%

Function 010F138A Relevance: .0, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E010F138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x112d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0107FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E01057D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0107B640(E01079AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x010f138a
0x010f138a
0x010f1399
0x010f13a3
0x010f13a8
0x010f13aa
0x010f13b5
0x010f13bb
0x010f13c3
0x010f13c6
0x010f13c9
0x010f13d4
0x010f13e6
0x010f13d6
0x010f13df
0x010f13df
0x010f13f1
0x010f13f2
0x010f13f4
0x010f13f9
0x010f140e

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9298b59cd94987a31a9b47572455ff78d6165fc68f192311a4b9c952dbdf86e4
Instruction ID: 35f86a8c6ef299266bd82b73c39c2ee45dbb09f88d611fdb269d83fec87c1caa
Opcode Fuzzy Hash: 9298b59cd94987a31a9b47572455ff78d6165fc68f192311a4b9c952dbdf86e4
Instruction Fuzzy Hash: 7B019271E00219AFCB14EFA8D842EAEBBB8EF44710F00406AF940EB280D6749A00C794

Uniqueness

Uniqueness Score: -1.00%

Function 01108450 Relevance: .0, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E01108450(intOrPtr _a4) {
				void* __ecx;
				unsigned int _t10;
				unsigned int* _t20;

				_t28 = _a4;
				_t20 = _a4 + 0x8c;
				_t10 =  *_t20;
				if(_t10 >= 2) {
					_t10 =  *_t20;
					do {
						asm("lock cmpxchg [edx], ecx");
					} while ((_t10 & 1) != 0);
					_t27 = _t10 >> 1;
					if(_t10 >> 1 != 0) {
						E01069ED0(_t28 + 0x20,  ~_t27, 0);
						if(E01057D50() == 0) {
							_t10 = 0x7ffe0386;
						} else {
							_t10 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						}
						if( *_t10 != 0) {
							return E01108966( *((intOrPtr*)(_t28 + 0x5c)), _t28 + 0x78,  *((intOrPtr*)(_t28 + 0x30)),  *((intOrPtr*)(_t28 + 0x34)),  *((intOrPtr*)(_t28 + 0x3c)), _t27);
						}
					}
				}
				return _t10;
			}

0x01108457
0x0110845b
0x01108461
0x01108466
0x0110846b
0x0110846d
0x01108471
0x01108471
0x01108479
0x0110847b
0x01108486
0x01108492
0x011084a4
0x01108494
0x0110849d
0x0110849d
0x011084ac
0x00000000
0x011084be
0x011084ac
0x0110847b
0x011084c7

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fab0c485f60ad926169880dc8cf1c2acbb4a6bb70ced4fcaa2074de596fe31cb
Instruction ID: 7df90e5d55cfa5bebecfb9529d1b06dcdc8506f5373677bdf91c5cdd21ca5a59
Opcode Fuzzy Hash: fab0c485f60ad926169880dc8cf1c2acbb4a6bb70ced4fcaa2074de596fe31cb
Instruction Fuzzy Hash: 2801D832A046019FD72A9A69D800F97B7EAFFC5210F05441DE646CB790DBB0F840C750

Uniqueness

Uniqueness Score: -1.00%

Function 010F14FB Relevance: .0, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E010F14FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x112d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0107FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E01057D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0107B640(E01079AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x010f14fb
0x010f14fb
0x010f150a
0x010f1514
0x010f1519
0x010f151b
0x010f1526
0x010f152c
0x010f1534
0x010f1537
0x010f153a
0x010f1545
0x010f1557
0x010f1547
0x010f1550
0x010f1550
0x010f1562
0x010f1563
0x010f1565
0x010f156a
0x010f157f

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15283611d15ffe62c0a19e01753e425e436de05028b4d3c9b24ba25d78cafc2e
Instruction ID: 1df51eac69265eb77841203cabc803bc7ad74d979d86beb423d1c895d3739034
Opcode Fuzzy Hash: 15283611d15ffe62c0a19e01753e425e436de05028b4d3c9b24ba25d78cafc2e
Instruction Fuzzy Hash: D1019271E01249EFCB14EFA8D846EEEBBB8EF44710F44406AF954EB280D674DA00CB94

Uniqueness

Uniqueness Score: -1.00%

Function 010358EC Relevance: .0, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E010358EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x112d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x1015c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E01035943() != 0 &&  *0x1125320 > 5) {
					E010B7B5E( &_v44, _t27);
					_t22 =  &_v28;
					E010B7B5E( &_v28, _t28);
					_t11 = E010B7B9C(0x1125320, 0x101bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E0107B640(_t11, _t17, _v8 ^ _t29, 0x101bf15, _t27, _t28);
			}

0x010358fb
0x010358fe
0x01035906
0x0103590a
0x0103593c
0x0103593c
0x0103590c
0x0103590c
0x01035911
0x00000000
0x01035913
0x01035913
0x01035913
0x01035911
0x0103591d
0x01091035
0x0109103c
0x0109103f
0x01091056
0x01091056
0x0103593b

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9866e56a17792067b1813c18f2eb8c62a4a5c253b2bcf400513a26ee2bc1734e
Instruction ID: 34ed64b4a3c7503321aa2328e500c854b3c3b82a34d1c5551bba450ad782692e
Opcode Fuzzy Hash: 9866e56a17792067b1813c18f2eb8c62a4a5c253b2bcf400513a26ee2bc1734e
Instruction Fuzzy Hash: 6901F731B00109AFC714EE29DC50AFE77ACEFC5130F5400AADA8597294DE31DD02C790

Uniqueness

Uniqueness Score: -1.00%

Function 010395F0 Relevance: .0, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E010395F0(intOrPtr _a4, char _a8) {
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t10;
				void* _t17;
				void* _t18;
				char* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				intOrPtr _t29;

				_t29 = _a4;
				_push(_t25);
				if(_t29 == 0 || _a8 < 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					E011088F5(_t17, _t18, _t23, _t25, _t29, __eflags);
					_t10 = 0xc000000d;
				} else {
					_push(4);
					_push( &_a8);
					_push(4);
					_push( *((intOrPtr*)(_t29 + 0x24)));
					_t27 = E0107AE70();
					if(E01057D50() != 0) {
						_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t21 = 0x7ffe0386;
					}
					if( *_t21 != 0) {
						__eflags = _t27;
						if(_t27 >= 0) {
							E01108C75(_t29, _a8);
						}
					}
					_t10 = _t27;
				}
				return _t10;
			}

0x010395f9
0x010395fc
0x010395ff
0x0103964d
0x01039652
0x01039616
0x01039616
0x0103961b
0x0103961c
0x0103961e
0x01039626
0x0103962f
0x01093a8b
0x01039635
0x01039635
0x01039635
0x0103963d
0x01093a96
0x01093a98
0x01093aa3
0x01093aa3
0x01093a98
0x01039643
0x01039643
0x0103964a

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
Instruction ID: fbd6036ce6700635f3fe859fedb876683b07934d76a62e3bfc6d85340e9a9138
Opcode Fuzzy Hash: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
Instruction Fuzzy Hash: 6E017B32E06140DFDB129B69C810F6933ADABD8738F104155EE858F291DBB4ED00DB94

Uniqueness

Uniqueness Score: -1.00%

Function 01108966 Relevance: .0, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 55%

			E01108966(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t21;
				signed int _t35;

				_t32 = __edx;
				_v8 =  *0x112d360 ^ _t35;
				_t34 = _a8;
				_t33 = _a12;
				_v28 = _a4;
				_v62 = 0x1c24;
				_v36 = __ecx;
				_v32 = __edx;
				_v24 = _a8;
				_v20 = _a12;
				_v16 = _a16;
				if(E01057D50() == 0) {
					_t21 = 0x7ffe0386;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x18);
				_push(0x403);
				_push( *_t21 & 0x000000ff);
				return E0107B640(E01079AE0(), 0x1c24, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x01108966
0x01108975
0x0110897d
0x01108986
0x01108989
0x0110898f
0x01108993
0x01108996
0x01108999
0x0110899c
0x0110899f
0x011089a9
0x011089bb
0x011089ab
0x011089b4
0x011089b4
0x011089c6
0x011089c7
0x011089c9
0x011089ce
0x011089e4

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17f249750420eb91f37da7775c27b8c46c54b7a6e5b5b03222206da63cdbf971
Instruction ID: 4f72550e981c70d2714709cf708242cbf9f6fa802f9908a3f0492fc1d56958e9
Opcode Fuzzy Hash: 17f249750420eb91f37da7775c27b8c46c54b7a6e5b5b03222206da63cdbf971
Instruction Fuzzy Hash: DE0129B1E0021DABCB04DFA9D9419EEB7B8FF58310F10446AE901E7380E7749A00CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0104B02A Relevance: .0, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0104B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E01057D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E010B7016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}

0x0104b037
0x0104b039
0x0104b03b
0x0104b040
0x0109a60e
0x00000000
0x00000000
0x0109a61d
0x0104b04b
0x0104b04e
0x0109a627
0x0109a634
0x00000000
0x00000000
0x0109a641
0x0109a653
0x0109a643
0x0109a64c
0x0109a64c
0x0109a65b
0x00000000
0x00000000
0x00000000
0x0109a66c
0x0104b057
0x0104b057
0x0104b057
0x0104b046
0x0104b046
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
Instruction ID: 14abdcce970eb73a44eaffd74629dd34f4c9afd572c66248e0cf7d5ce1d1296f
Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
Instruction Fuzzy Hash: 4B018F72300980DFE722C71DC998F6A7BE8EB85750F0900F1FA59CBA91D628DC40D660

Uniqueness

Uniqueness Score: -1.00%

Function 01101074 Relevance: .0, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01101074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0110165E(__ebx, 0x1128ae4, (__edx -  *0x1128b04 >> 0x14) + (__edx -  *0x1128b04 >> 0x14), __edi, __ecx, (__edx -  *0x1128b04 >> 0x14) + (__edx -  *0x1128b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E010FAFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E01057D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E010EFE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}

0x01101074
0x01101080
0x01101082
0x0110108a
0x0110108f
0x01101093
0x011010ab
0x011010ab
0x011010c3
0x011010cf
0x011010e1
0x011010d1
0x011010da
0x011010da
0x011010e9
0x011010f5
0x011010f5
0x011010fe

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88b0dad79b78a722a8e9065649b1dc56a1a986ba02f9dfb78cefc64b94dec546
Instruction ID: 5d1cd80c6ec1a5dfa6dabf3268da0e722a2f6fd3cb803a871277b5250180c009
Opcode Fuzzy Hash: 88b0dad79b78a722a8e9065649b1dc56a1a986ba02f9dfb78cefc64b94dec546
Instruction Fuzzy Hash: FC016832A04342AFC319EF28C800B1A7BE5AB84300F00C529F9C5836D4DF74D440CB92

Uniqueness

Uniqueness Score: -1.00%

Function 010F129A Relevance: .0, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E010F129A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				void* __edi;
				void* __esi;
				void* _t17;
				signed char* _t18;
				intOrPtr _t24;
				void* _t30;
				intOrPtr _t31;
				intOrPtr _t32;
				void* _t33;
				intOrPtr _t34;
				intOrPtr _t35;
				signed int _t36;

				_t29 = __edx;
				_t24 = __ebx;
				_v8 =  *0x112d360 ^ _t36;
				_t31 = __edx;
				_t34 = __ecx;
				E0107FA60( &_v52, 0, 0x2c);
				_v20 = _t34;
				_v46 = 0x1039;
				_v16 = _t31;
				_v12 = _a4;
				_t17 = E01057D50();
				_t32 = _t30;
				_t35 = _t33;
				if(_t17 == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0107B640(E01079AE0(), _t24, _v8 ^ _t36, _t29, _t32, _t35);
			}

0x010f129a
0x010f129a
0x010f12a9
0x010f12b3
0x010f12b8
0x010f12ba
0x010f12c4
0x010f12ca
0x010f12d1
0x010f12d4
0x010f12d7
0x010f12dc
0x010f12dd
0x010f12e0
0x010f12f2
0x010f12e2
0x010f12eb
0x010f12eb
0x010f12fd
0x010f12fe
0x010f1300
0x010f1305
0x010f1318

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71b278ed0762d538b862cf41a7a1a4594c591f7de73acd7c95bfed8edccadd83
Instruction ID: c6c7adfe288b522ecafae730fa66d41257ef9feca6c165bc539ee1cee3fa1bcf
Opcode Fuzzy Hash: 71b278ed0762d538b862cf41a7a1a4594c591f7de73acd7c95bfed8edccadd83
Instruction Fuzzy Hash: 7D01D471E00258EBDB10EFE9D806EAFBBB8EF54700F00406AF940EB280D674DA00C794

Uniqueness

Uniqueness Score: -1.00%

Function 010F1751 Relevance: .0, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E010F1751(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				void* __edi;
				void* __esi;
				void* _t17;
				signed char* _t18;
				intOrPtr _t24;
				void* _t30;
				intOrPtr _t31;
				intOrPtr _t32;
				void* _t33;
				intOrPtr _t34;
				intOrPtr _t35;
				signed int _t36;

				_t29 = __edx;
				_t24 = __ebx;
				_v8 =  *0x112d360 ^ _t36;
				_t31 = __edx;
				_t34 = __ecx;
				E0107FA60( &_v52, 0, 0x2c);
				_v20 = _t34;
				_v46 = 0x103a;
				_v16 = _t31;
				_v12 = _a4;
				_t17 = E01057D50();
				_t32 = _t30;
				_t35 = _t33;
				if(_t17 == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0107B640(E01079AE0(), _t24, _v8 ^ _t36, _t29, _t32, _t35);
			}

0x010f1751
0x010f1751
0x010f1760
0x010f176a
0x010f176f
0x010f1771
0x010f177b
0x010f1781
0x010f1788
0x010f178b
0x010f178e
0x010f1793
0x010f1794
0x010f1797
0x010f17a9
0x010f1799
0x010f17a2
0x010f17a2
0x010f17b4
0x010f17b5
0x010f17b7
0x010f17bc
0x010f17cf

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3e86adfd2b652304d5a6e0fd4affd46bd976fc69308002cdce8a68b18e3ea12
Instruction ID: f58c72c30c83d1dfc8142b87cd968dcde10fadf548105051923306fe90779406
Opcode Fuzzy Hash: b3e86adfd2b652304d5a6e0fd4affd46bd976fc69308002cdce8a68b18e3ea12
Instruction Fuzzy Hash: 67018871E01219EBD710EFA5D805EAF77B8EF54700F04406AF955DB280D5749900C794

Uniqueness

Uniqueness Score: -1.00%

Function 011089E7 Relevance: .0, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E011089E7(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x112d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c21;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E01057D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x403);
				_push( *_t18 & 0x000000ff);
				return E0107B640(E01079AE0(), 0x1c21, _v12 ^ _t32, _t29, _t30, _t31);
			}

0x011089e7
0x011089f6
0x011089fe
0x01108a07
0x01108a0a
0x01108a0e
0x01108a11
0x01108a14
0x01108a17
0x01108a1a
0x01108a24
0x01108a36
0x01108a26
0x01108a2f
0x01108a2f
0x01108a41
0x01108a42
0x01108a44
0x01108a49
0x01108a5f

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9059511e18e3470c940208be21e9d42acbcf77643f7f3cfb4c7e530e2433a2b9
Instruction ID: 62f1126ffbfec04d3e889b74523c6e4d1cddf34771877935eb6c89c0d471741c
Opcode Fuzzy Hash: 9059511e18e3470c940208be21e9d42acbcf77643f7f3cfb4c7e530e2433a2b9
Instruction Fuzzy Hash: 690121B1E0521DAFDB04DFA9D9419EEBBB8EF58310F50405AF905E7340D7749A01CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 01108A62 Relevance: .0, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E01108A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x112d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E01057D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0107B640(E01079AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}

0x01108a62
0x01108a71
0x01108a79
0x01108a82
0x01108a85
0x01108a89
0x01108a8c
0x01108a8f
0x01108a92
0x01108a95
0x01108a9f
0x01108ab1
0x01108aa1
0x01108aaa
0x01108aaa
0x01108abc
0x01108abd
0x01108abf
0x01108ac4
0x01108ada

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0232ab8e697b467f1cf53718e524ba049ead966edb49da09f351621687f84337
Instruction ID: e2296d9d80e197d52ba1ab63f4791e843e0b70e46a767949e5905c94ed6ff3d8
Opcode Fuzzy Hash: 0232ab8e697b467f1cf53718e524ba049ead966edb49da09f351621687f84337
Instruction Fuzzy Hash: 24012171E0521DAFCB04DFA9D9419EEB7B8EF58310F10405AF904E7341D774A900CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 01108ADD Relevance: .0, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E01108ADD(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x112d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c23;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E01057D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x403);
				_push( *_t18 & 0x000000ff);
				return E0107B640(E01079AE0(), 0x1c23, _v12 ^ _t32, _t29, _t30, _t31);
			}

0x01108add
0x01108aec
0x01108af4
0x01108afd
0x01108b00
0x01108b04
0x01108b07
0x01108b0a
0x01108b0d
0x01108b10
0x01108b1a
0x01108b2c
0x01108b1c
0x01108b25
0x01108b25
0x01108b37
0x01108b38
0x01108b3a
0x01108b3f
0x01108b55

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f01296938531ebcea4617c96cc1d3732204506b0d5071b6c7837d259e2727fb6
Instruction ID: f70a614dea8741fe5dda72fdc7b71f6e1df19cee720c41aadc6770b85fbf0a55
Opcode Fuzzy Hash: f01296938531ebcea4617c96cc1d3732204506b0d5071b6c7837d259e2727fb6
Instruction Fuzzy Hash: BF011EB1E05619AFDB04DFA9D9419EEBBB8EF58310F10405AF904E7340D6749A01CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 01109CB3 Relevance: .0, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E01109CB3(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x112d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c22;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E01057D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E0107B640(E01079AE0(), 0x1c22, _v12 ^ _t32, _t29, _t30, _t31);
			}

0x01109cb3
0x01109cc2
0x01109cca
0x01109cd3
0x01109cd6
0x01109cda
0x01109cdd
0x01109ce0
0x01109ce3
0x01109ce6
0x01109cf0
0x01109d02
0x01109cf2
0x01109cfb
0x01109cfb
0x01109d0d
0x01109d0e
0x01109d10
0x01109d15
0x01109d2b

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fb1897cac61853d3519b2a5b6cb00d4f4c3bd322a959e83911d7642d9f96a94
Instruction ID: 9e9a2a23d665f17e310bf417be0d0e84e592861ab7ee5d1cfe2f5480e5840522
Opcode Fuzzy Hash: 2fb1897cac61853d3519b2a5b6cb00d4f4c3bd322a959e83911d7642d9f96a94
Instruction Fuzzy Hash: F9011EB1E0121DAFDB04DFA9D945AEEB7B8EF58314F50405AF904E7381D674A900CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0103DB60 Relevance: .0, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0103DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E0103DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E0103E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L0103E8B0(__ecx, _t14, 0xfff);
							L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}

0x0103db64
0x0103db66
0x0103db6b
0x0103dbaa
0x0103db71
0x0103db76
0x0103db7a
0x0103dba3
0x0103db7c
0x0103db87
0x0103db8b
0x01094fa1
0x01094fb3
0x01094fb8
0x0103db91
0x0103db96
0x0103db98
0x0103db98
0x0103db8b
0x0103db7a
0x0103db9d
0x0103dba2

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
Instruction ID: 27718e33d922e65f2b82dd25853260a5db898ac11f83f17dd59b5000f4e88b48
Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
Instruction Fuzzy Hash: 9CF0F633605663DBD7376AD98890F6BBA9D9FD1A60F560035F7859B344CA708C0297E0

Uniqueness

Uniqueness Score: -1.00%

Function 0103B1E1 Relevance: .0, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0103B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E01057D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E01057D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E010B7016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}

0x0103b1e8
0x0103b1ea
0x0103b1f3
0x01094a17
0x0103b1f9
0x0103b1f9
0x0103b1f9
0x0103b201
0x01094a21
0x01094a2e
0x00000000
0x00000000
0x01094a3b
0x01094a4d
0x01094a3d
0x01094a46
0x01094a46
0x01094a55
0x00000000
0x00000000
0x00000000
0x0103b20a
0x0103b20a
0x0103b20a
0x0103b20a

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
Instruction ID: 63717294f3b9c6b16b9bc238cfca83f4b7de8cb2ca15d7ceeb9c77a42a5d15fa
Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
Instruction Fuzzy Hash: CB01A432200A84DBD722A75DC944FAA7BDDEF91754F0940A1FE94CB6B2D679C801D325

Uniqueness

Uniqueness Score: -1.00%

Function 01109BBE Relevance: .0, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E01109BBE(intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v66;
				char _v72;
				void* __edi;
				void* __esi;
				signed char* _t19;
				intOrPtr _t25;
				signed int _t33;

				_t30 = __edx;
				_v12 =  *0x112d360 ^ _t33;
				_v40 = _v40 & 0x00000000;
				_t32 = _a12;
				_v36 = __edx;
				_v66 = 0x1c21;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E01057D50() == 0) {
					_t19 = 0x7ffe0386;
				} else {
					_t19 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x403);
				_push( *_t19 & 0x000000ff);
				return E0107B640(E01079AE0(), _t25, _v12 ^ _t33, _t30, 0x1c21, _t32);
			}

0x01109bbe
0x01109bcd
0x01109bd6
0x01109bdb
0x01109be4
0x01109be7
0x01109beb
0x01109bee
0x01109bf1
0x01109bfb
0x01109c0d
0x01109bfd
0x01109c06
0x01109c06
0x01109c18
0x01109c19
0x01109c1b
0x01109c20
0x01109c35

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52e78f2a361bf5e8cfb8f1591cc68e69089f2ae65fa747980821e65294fae5dc
Instruction ID: 76e9655dd78e71287691459b0eb05c6aff5feeb9073c58db392f1c02a1cd8d30
Opcode Fuzzy Hash: 52e78f2a361bf5e8cfb8f1591cc68e69089f2ae65fa747980821e65294fae5dc
Instruction Fuzzy Hash: 0E017171E0020DAFCB04DFA8D541AEEB7B4AF58310F140059F905A7280D7749A00CB98

Uniqueness

Uniqueness Score: -1.00%

Function 010F1229 Relevance: .0, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E010F1229(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				void* __edi;
				void* __esi;
				signed char* _t16;
				intOrPtr _t22;
				signed int _t24;
				intOrPtr _t29;
				void* _t30;
				intOrPtr _t31;
				intOrPtr _t32;
				signed int _t33;

				_t29 = __edx;
				_v8 =  *0x112d360 ^ _t33;
				_t32 = __ecx;
				_t30 =  &_v48;
				_t24 = 0xa;
				memset(_t30, 0, _t24 << 2);
				_t31 = _t30 + _t24;
				_v16 = _t32;
				_v42 = 0x1036;
				_v12 = _t29;
				if(E01057D50() == 0) {
					_t16 = 0x7ffe0380;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t16 & 0x000000ff);
				return E0107B640(E01079AE0(), _t22, _v8 ^ _t33, _t29, _t31, _t32);
			}

0x010f1229
0x010f1238
0x010f123d
0x010f123f
0x010f1246
0x010f1247
0x010f1247
0x010f124e
0x010f1251
0x010f1255
0x010f125f
0x010f1271
0x010f1261
0x010f126a
0x010f126a
0x010f127c
0x010f127d
0x010f127f
0x010f1284
0x010f1299

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5495272784402411b026f820d52917271acc7b71412e762cb946eb25e34da2a
Instruction ID: ce669767a862aa6af0e6f687e422647aa6953ddba0d580c12501ea3ea1c39ada
Opcode Fuzzy Hash: b5495272784402411b026f820d52917271acc7b71412e762cb946eb25e34da2a
Instruction Fuzzy Hash: 8801A976E01258EFDB14EFF9D4059EFB7B8EF54710F0080AAE951E7290D97499108794

Uniqueness

Uniqueness Score: -1.00%

Function 01031480 Relevance: .0, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01031480(intOrPtr* __ecx, intOrPtr __edx) {
				void* _v8;
				void* _v12;
				char _v16;
				void* _t12;
				intOrPtr* _t18;
				intOrPtr _t23;
				intOrPtr* _t25;

				_v8 = __ecx;
				_t23 = __edx;
				_t12 = E0103187D(__edx, __ecx + 0xe, __ecx,  &_v12, 0,  &_v16,  &_v8);
				if(_t12 >= 0) {
					_t25 = _v8;
					if(_t25 != 0) {
						_t18 = _v12;
						if(_t18 != 0) {
							 *_t18 =  *_t25;
						}
						E010314DE(_t23, _t25);
						_t12 = L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t25);
					}
					return _t12;
				}
				return _t12;
			}

0x0103148c
0x01031493
0x010314a2
0x010314a9
0x010314ac
0x010314b1
0x010314b3
0x010314b8
0x010314bc
0x010314bc
0x010314c2
0x010314d3
0x010314d3
0x00000000
0x010314d8
0x010314dd

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf7d4663d62046aefbf398c2601a6ef7ccf85a2c444bb44e9c472d1d2916286d
Instruction ID: da3dd20c4640384e97737b9916a13c58a0bb3bb81c8d36e0d8eb8082afe56ce1
Opcode Fuzzy Hash: cf7d4663d62046aefbf398c2601a6ef7ccf85a2c444bb44e9c472d1d2916286d
Instruction Fuzzy Hash: 6EF08C36B01108ABDB25DB49D840EFEBBADEBC8600F1401AAA945E7640DA31EE018790

Uniqueness

Uniqueness Score: -1.00%

Function 01065AA0 Relevance: .0, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E01065AA0(void* __ecx, intOrPtr _a4, char _a8) {
				void* __esi;
				void* __ebp;
				char* _t9;
				void* _t17;
				void* _t20;
				void* _t22;
				intOrPtr _t24;

				_t18 = __ecx;
				_push(__ecx);
				_t24 = _a4;
				if(_t24 == 0 || _a8 < 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					_t9 = E011088F5(_t17, _t18, _t20, _t22, _t24, __eflags);
				} else {
					_push(4);
					_push( &_a8);
					_push(5);
					_push( *((intOrPtr*)(_t24 + 0x24)));
					E0107AE70();
					if(E01057D50() != 0) {
						_t9 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t9 = 0x7ffe0386;
					}
					if( *_t9 != 0) {
						_t9 = E01108C14(_t24, _a8);
					}
				}
				return _t9;
			}

0x01065aa0
0x01065aa8
0x01065aaa
0x01065aaf
0x01065af8
0x01065ac6
0x01065ac6
0x01065acb
0x01065acc
0x01065ace
0x01065ad1
0x01065add
0x010a71de
0x01065ae3
0x01065ae3
0x01065ae3
0x01065aeb
0x010a71ed
0x010a71ed
0x01065aeb
0x01065af5

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2029a114c36bb4c92c887f33788b343d8ca89f1f3266e36f8717b5269d555587
Instruction ID: 5484dae073c82fa822edb4b9cb4544790fff9a662fb2428e36b256fdc8512bf3
Opcode Fuzzy Hash: 2029a114c36bb4c92c887f33788b343d8ca89f1f3266e36f8717b5269d555587
Instruction Fuzzy Hash: AA01D171A44646AFDB229B18CC84F6E37ECAB00760F048191FD948B291D7B4E9408795

Uniqueness

Uniqueness Score: -1.00%

Function 01033591 Relevance: .0, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E01033591(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				char _v12;
				char _v20;
				void* __esi;
				void* __ebp;
				void* _t16;
				void* _t19;
				void* _t25;
				intOrPtr _t26;

				_t22 = __edx;
				_t20 = __ecx;
				if(__ecx == 0 || __edx == 0) {
					L7:
					E011088F5(_t19, _t20, _t22, _t25, _t26, __eflags);
					return 0xc000000d;
				}
				_t26 = _a4;
				if(_t26 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L7;
				}
				_push(0x1e);
				_v12 =  *((intOrPtr*)(_t26 + 0x28));
				_push(8);
				_push( &_v12);
				_v8 = __edx;
				_push( &_v20);
				_push(__ecx);
				_t16 = E01079770();
				if(_t16 >= 0) {
					E0105F0AE(_t26, 1);
					return 0;
				}
				return _t16;
			}

0x01033591
0x01033591
0x0103359c
0x010335ea
0x010335ea
0x00000000
0x010335ef
0x010335a2
0x010335a7
0x00000000
0x00000000
0x010335bb
0x010335bd
0x010335c3
0x010335c5
0x010335c9
0x010335cc
0x010335cd
0x010335ce
0x010335d5
0x010335dc
0x00000000
0x010335e1
0x010335e7

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
Instruction ID: 448daa2bef687fedba380f395ab191715150122e868e9f934a8734c27197ae38
Opcode Fuzzy Hash: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
Instruction Fuzzy Hash: E5F0C871E012059BE755DB698890BEABBECFBD4610F048195EE81DB180DA71DA408690

Uniqueness

Uniqueness Score: -1.00%

Function 010EFDD3 Relevance: .0, Instructions: 39
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E010EFDD3(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				void* __edi;
				signed char* _t15;
				intOrPtr _t21;
				signed int _t23;
				intOrPtr _t28;
				void* _t29;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_v8 =  *0x112d360 ^ _t32;
				_t28 = __ecx;
				_t29 =  &_v52;
				_t23 = 0xa;
				memset(_t29, 0, _t23 << 2);
				_t30 = _t29 + _t23;
				_v20 = _t28;
				_v46 = 0x268;
				if(E01057D50() == 0) {
					_t15 = 0x7ffe0388;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v52);
				_push(8);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E0107B640(E01079AE0(), _t21, _v8 ^ _t32, _t28, _t30, _t31);
			}

0x010efde2
0x010efde6
0x010efde8
0x010efdef
0x010efdf0
0x010efdf0
0x010efdf7
0x010efdfa
0x010efe05
0x010efe17
0x010efe07
0x010efe10
0x010efe10
0x010efe22
0x010efe23
0x010efe25
0x010efe2a
0x010efe3e

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bda31eeef360f51a0194bd7b6c70a208e696ff456f490d6a1ab2b0f3ee94d6b
Instruction ID: 97695685112bb381b8fdc7f8b0bb330563e881ede1a981e0f12f6473b2b3ba78
Opcode Fuzzy Hash: 9bda31eeef360f51a0194bd7b6c70a208e696ff456f490d6a1ab2b0f3ee94d6b
Instruction Fuzzy Hash: 9FF0C271B05259AFDB04EBA9D806EBEB3F4EF44700F400069F941EB690EA30E911C795

Uniqueness

Uniqueness Score: -1.00%

Function 01031BE9 Relevance: .0, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E01031BE9(void* __ecx, signed int** __edx, void* __eflags) {
				char _v8;
				signed int* _t9;
				signed int* _t12;
				void* _t14;
				signed int* _t15;
				signed int** _t22;

				_push(__ecx);
				_v8 = 0x10;
				_push( &_v8);
				_t22 = __edx;
				_t14 = 0x10;
				if(E01031C45(_t14, __ecx) < 0) {
					L4:
					_t9 = 0;
				} else {
					_t15 = E01054620(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					if(_t15 == 0) {
						goto L4;
					} else {
						 *_t15 =  *_t15 & 0x00000000;
						_t5 =  &(_t15[2]); // 0x8
						_t12 = _t5;
						 *_t12 = 1;
						_t15[2] = 0;
						 *_t22 = _t12;
						_t9 = _t15;
					}
				}
				return _t9;
			}

0x01031bee
0x01031bf3
0x01031bfa
0x01031bfb
0x01031c01
0x01031c09
0x01031c41
0x01031c41
0x01031c0b
0x01031c1e
0x01031c22
0x00000000
0x01031c24
0x01031c24
0x01031c27
0x01031c27
0x01031c2d
0x01031c32
0x01031c36
0x01031c38
0x01031c38
0x01031c22
0x01031c3e

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
Instruction ID: a2f77149a5232d697247ce6ad05868b4097c4380b735be1019260eaea5a989af
Opcode Fuzzy Hash: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
Instruction Fuzzy Hash: C8F0F031624208ABE719CB2ACC00B96B7EDEF9C300F1080B89989C7260FAB2ED01D354

Uniqueness

Uniqueness Score: -1.00%

Function 010F131B Relevance: .0, Instructions: 36
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E010F131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x112d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E01057D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0107B640(E01079AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}

0x010f131b
0x010f132a
0x010f1330
0x010f1336
0x010f133e
0x010f1341
0x010f1344
0x010f134f
0x010f1361
0x010f1351
0x010f135a
0x010f135a
0x010f136c
0x010f136d
0x010f136f
0x010f1374
0x010f1387

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19a8ebece59da324edca0502f450090c3f7594e1e57f4dfdcf04c71732b4f1a5
Instruction ID: cbf9acb1a031a794aedbfc4b618cc42d9b637dd9ecf892c7171951e5d2dd06f6
Opcode Fuzzy Hash: 19a8ebece59da324edca0502f450090c3f7594e1e57f4dfdcf04c71732b4f1a5
Instruction Fuzzy Hash: 8D013C71E01249AFCB44EFA9D546AAEB7F4FF18700F508069F945EB381E6349A00CB94

Uniqueness

Uniqueness Score: -1.00%

Function 01066B90 Relevance: .0, Instructions: 36
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E01066B90(void* __ecx, intOrPtr* _a4) {
				signed int _v8;
				signed int _t11;
				signed int _t12;
				intOrPtr _t19;
				void* _t20;
				intOrPtr* _t21;

				_t21 = _a4;
				_t19 =  *_t21;
				if(_t19 != 0) {
					if(_t19 < 0x1fff) {
						_t19 = _t19 + _t19;
					}
					L3:
					 *_t21 = _t19;
					asm("rdtsc");
					_v8 = 0;
					_t12 = _t11 & _t19 - 0x00000001;
					_t20 = _t19 + _t12;
					if(_t20 == 0) {
						L5:
						return _t12;
					} else {
						goto L4;
					}
					do {
						L4:
						asm("pause");
						_t12 = _v8 + 1;
						_v8 = _t12;
					} while (_t12 < _t20);
					goto L5;
				}
				_t12 =  *( *[fs:0x18] + 0x30);
				if( *((intOrPtr*)(_t12 + 0x64)) == 1) {
					goto L5;
				}
				_t19 = 0x40;
				goto L3;
			}

0x01066b96
0x01066b99
0x01066b9d
0x01066be9
0x01066beb
0x01066beb
0x01066bb3
0x01066bb3
0x01066bb5
0x01066bba
0x01066bc1
0x01066bc3
0x01066bc5
0x01066be0
0x01066be0
0x00000000
0x00000000
0x00000000
0x01066bc7
0x01066bc7
0x01066bd0
0x01066bd5
0x01066bd6
0x01066bd9
0x00000000
0x01066bc7
0x01066ba5
0x01066bac
0x00000000
0x00000000
0x01066bae
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
Instruction ID: d2b6ec5bb2e67b53fb67c765e9935723696eb085b81d859cb2d0b2046cdb7cd1
Opcode Fuzzy Hash: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
Instruction Fuzzy Hash: A0F04975A00208DFDB58CE48C690AACBBB9EB44310F2450A8E5469B700D63AAE80DB40

Uniqueness

Uniqueness Score: -1.00%

Function 01108F6A Relevance: .0, Instructions: 36
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E01108F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x112d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E01057D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E0107B640(E01079AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}

0x01108f6a
0x01108f79
0x01108f81
0x01108f84
0x01108f8b
0x01108f91
0x01108f94
0x01108f9e
0x01108fb0
0x01108fa0
0x01108fa9
0x01108fa9
0x01108fbb
0x01108fbc
0x01108fbe
0x01108fc3
0x01108fd6

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d84e57eb9224ebbeb7ad7deadf354baf7c5c08446ad8de76d962b31d123f73fb
Instruction ID: c1cf63d7977753e5de3784aa91c129f930594c0fb33b36d55c876dee0cb50a16
Opcode Fuzzy Hash: d84e57eb9224ebbeb7ad7deadf354baf7c5c08446ad8de76d962b31d123f73fb
Instruction Fuzzy Hash: 02013C74E05209AFDB04EFB8D545AAEB7B4EF18300F504069B945EB380EA74DA00CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0105C577 Relevance: .0, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0105C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E0105C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x10111cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E011088F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}

0x0105c577
0x0105c57d
0x0105c581
0x0105c5b5
0x0105c5b9
0x0105c5ce
0x0105c5ce
0x0105c5ca
0x00000000
0x0105c5ca
0x0105c5c4
0x0105c5c8
0x00000000
0x00000000
0x00000000
0x0105c5ad
0x00000000
0x0105c5af

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62dbe24918106bffcebaacbfa12973e21503b7c70277798791f1140b36a5c33b
Instruction ID: 23178cc76268a17cb29a8571d9508830839c609f2fa566eaecd0835a625cde3f
Opcode Fuzzy Hash: 62dbe24918106bffcebaacbfa12973e21503b7c70277798791f1140b36a5c33b
Instruction Fuzzy Hash: 5EF067B29557909AF7E686A88204B23BFEC9B0566CF4484A6DD8687242C6A4DCC0C250

Uniqueness

Uniqueness Score: -1.00%

Function 010F2073 Relevance: .0, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E010F2073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E010EFD22(__ecx);
				_t19 =  *0x112849c - _t3; // 0x7a49b728
				if(_t19 == 0) {
					__eflags = _t17 -  *0x1128748; // 0x0
					if(__eflags <= 0) {
						E010F1C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x1128724 & 0x00000004;
							if(( *0x1128724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x1128724; // 0x0
					return E010E8DF1(__ebx, 0xc0000374, 0x1125890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}

0x010f2076
0x010f2078
0x010f207d
0x010f2083
0x010f20a4
0x010f20aa
0x010f20ac
0x010f20b7
0x010f20ba
0x010f20bc
0x010f20c9
0x010f20c9
0x010f20d0
0x010f20d2
0x00000000
0x010f20d2
0x010f20be
0x010f20c3
0x010f20c5
0x010f20c7
0x00000000
0x00000000
0x010f20c7
0x010f20bc
0x010f20d4
0x010f2085
0x010f2085
0x010f20a3
0x010f20a3

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c15d4ae095b0adb0f8e37194da344120eceb51e24a5f5f004157b4f6dca9c1f4
Instruction ID: 56af34d4ae6a0a3adeb4142b19660fa108d543ce927306c176b7ce12931e01e4
Opcode Fuzzy Hash: c15d4ae095b0adb0f8e37194da344120eceb51e24a5f5f004157b4f6dca9c1f4
Instruction Fuzzy Hash: 03F0202B4155C58BEEBA6F2D71023E17FD2D755110B4940EAE6E017A0AC939C8E3CB20

Uniqueness

Uniqueness Score: -1.00%

Function 0107927A Relevance: .0, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E0107927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = E01054620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E0107FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E010792C6(_t11, _t14);
				}
				return _t11;
			}

0x01079295
0x01079299
0x0107929f
0x010792aa
0x010792ad
0x010792ae
0x010792af
0x010792b0
0x010792b4
0x010792bb
0x010792bb
0x010792c5

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
Instruction ID: e605f8bb2d8f9d06bf4a34ac1abe0b738a858afcbd7106b43e999c689313666a
Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
Instruction Fuzzy Hash: DBE02232740A016BE721AE0ACC80F8737ADEF92734F044078B9005E282CAE6DC0987B8

Uniqueness

Uniqueness Score: -1.00%

Function 01108D34 Relevance: .0, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E01108D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x112d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E01057D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0107B640(E01079AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}

0x01108d34
0x01108d43
0x01108d4b
0x01108d4e
0x01108d52
0x01108d5c
0x01108d6e
0x01108d5e
0x01108d67
0x01108d67
0x01108d79
0x01108d7a
0x01108d7c
0x01108d81
0x01108d94

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e3dc6a6e1a2f0e0a125f063348e308d73ec75509ddcdb2797df20388046bb87
Instruction ID: 08acc3fca387e394d3ca15196652dfa05dc00ac3dd13af11dc97a029fb2fd76f
Opcode Fuzzy Hash: 9e3dc6a6e1a2f0e0a125f063348e308d73ec75509ddcdb2797df20388046bb87
Instruction Fuzzy Hash: B5F0B470E04648AFDB18EFB8D441AAE77B4EF18300F5080A9E905EB380EA34D900C794

Uniqueness

Uniqueness Score: -1.00%

Function 01108C14 Relevance: .0, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E01108C14(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x112d360 ^ _t26;
				_v20 = __ecx;
				_v46 = 0x1c28;
				_v16 = __edx;
				if(E01057D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0107B640(E01079AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}

0x01108c14
0x01108c23
0x01108c2b
0x01108c2e
0x01108c32
0x01108c3c
0x01108c4e
0x01108c3e
0x01108c47
0x01108c47
0x01108c59
0x01108c5a
0x01108c5c
0x01108c61
0x01108c74

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1a673b4cb5025ed660546b56a2bc8efbfe2d8888217c31171adfa1c7eba41f6
Instruction ID: 343615efedb8f49b166f5a27b603f6cb1750a91cd2bb01094d190a8bac146a22
Opcode Fuzzy Hash: f1a673b4cb5025ed660546b56a2bc8efbfe2d8888217c31171adfa1c7eba41f6
Instruction Fuzzy Hash: 0CF0B470E05249AFDB18EFB8D901AAE77B4FF14300F404469A915EB380EA74D900C794

Uniqueness

Uniqueness Score: -1.00%

Function 01108C75 Relevance: .0, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E01108C75(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x112d360 ^ _t26;
				_v20 = __ecx;
				_v46 = 0x1c27;
				_v16 = __edx;
				if(E01057D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0107B640(E01079AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}

0x01108c75
0x01108c84
0x01108c8c
0x01108c8f
0x01108c93
0x01108c9d
0x01108caf
0x01108c9f
0x01108ca8
0x01108ca8
0x01108cba
0x01108cbb
0x01108cbd
0x01108cc2
0x01108cd5

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51639b71f67d862346199c32f51b8ebff609b5cc0c856f5ee01cbd693ff05c20
Instruction ID: 32c35f994983390314b52aea4e49b5c849734734b7e916bfbc7ae6bfc8fa3aa9
Opcode Fuzzy Hash: 51639b71f67d862346199c32f51b8ebff609b5cc0c856f5ee01cbd693ff05c20
Instruction Fuzzy Hash: 8BF0B470E15249AFDB18EFB8D901EAEB7B4EF14300F004069A905DB381EB34D900C794

Uniqueness

Uniqueness Score: -1.00%

Function 01108B58 Relevance: .0, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 36%

			E01108B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x112d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E01057D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0107B640(E01079AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}

0x01108b67
0x01108b6f
0x01108b72
0x01108b7d
0x01108b8f
0x01108b7f
0x01108b88
0x01108b88
0x01108b9a
0x01108b9b
0x01108b9d
0x01108ba2
0x01108bb5

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fe530505c80fcdcc27236e4e77e38de2fd0f8ba01d34dd2e5c9b339fb093727
Instruction ID: 7a4fe8c3a6bdd9d11a77c9c12bd919ac3a19aca25769f4797dd88b50e8717929
Opcode Fuzzy Hash: 6fe530505c80fcdcc27236e4e77e38de2fd0f8ba01d34dd2e5c9b339fb093727
Instruction Fuzzy Hash: 3AF082B0E14659AFDB14EBA8D906EBE77B4EF04300F540469BA45DB3C0EB74D900C798

Uniqueness

Uniqueness Score: -1.00%

Function 01108BB6 Relevance: .0, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 36%

			E01108BB6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x112d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c25;
				if(E01057D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x20402);
				_push( *_t11 & 0x000000ff);
				return E0107B640(E01079AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}

0x01108bc5
0x01108bcd
0x01108bd0
0x01108bdb
0x01108bed
0x01108bdd
0x01108be6
0x01108be6
0x01108bf8
0x01108bf9
0x01108bfb
0x01108c00
0x01108c13

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d0b4b92b5bec0ea4b36ca228ca1158d116ef6ea24122ac8f2944f888c09f3bc
Instruction ID: fb6155f0f9b6bc711381b66c0e6407240acd2b12a8662c785028fb6a3e012300
Opcode Fuzzy Hash: 6d0b4b92b5bec0ea4b36ca228ca1158d116ef6ea24122ac8f2944f888c09f3bc
Instruction Fuzzy Hash: 1FF08970E04659AFDB14EFA8D505EAF77B4EF04300F540059B955DB2C1EA74D900C798

Uniqueness

Uniqueness Score: -1.00%

Function 010F1BA8 Relevance: .0, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 36%

			E010F1BA8(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x112d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x102e;
				if(E01057D50() == 0) {
					_t11 = 0x7ffe0380;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v44);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0107B640(E01079AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}

0x010f1bb7
0x010f1bbf
0x010f1bc2
0x010f1bcd
0x010f1bdf
0x010f1bcf
0x010f1bd8
0x010f1bd8
0x010f1bea
0x010f1beb
0x010f1bed
0x010f1bf2
0x010f1c05

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfff5745a99b372e7604125c827f340839393d0c04bfac850e3efd91fb269d94
Instruction ID: be7ebdc9b16d76dc10bab4df51fe6e93270a95e912c4ad5871b07d38af6b9046
Opcode Fuzzy Hash: bfff5745a99b372e7604125c827f340839393d0c04bfac850e3efd91fb269d94
Instruction Fuzzy Hash: C3F08271A0524DEFDB14EBE9D446AAE77B4EF18304F4000A9EA45EB280E974D900C798

Uniqueness

Uniqueness Score: -1.00%

Function 0105746D Relevance: .0, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E0105746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E0104EB70(__ecx, 0x11279a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E010795D0();
							L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}

0x0105746d
0x0105746d
0x0105746d
0x01057471
0x01057488
0x0109f92d
0x0105748e
0x01057491
0x01057495
0x0109f937
0x0109f93a
0x0109f94e
0x0109f953
0x0109f956
0x0109f956
0x01057495
0x00000000
0x01057488
0x01057473
0x01057478
0x0105747d
0x01057481
0x00000000
0x01057481
0x0105747d
0x0105747a
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acffdd3a42bffd561bb02df968939355421cad0c4d7bd249ee82f04d7de5e493
Instruction ID: 54fc38c1dc6bbcc8f00359ef0d05f7241920ca4c28234edb55be5ce9e873b46e
Opcode Fuzzy Hash: acffdd3a42bffd561bb02df968939355421cad0c4d7bd249ee82f04d7de5e493
Instruction Fuzzy Hash: 79F0E934A00145AADFCA9B6CC440BBF7FB1FF14210F840155DCD1A7151EB649802EF85

Uniqueness

Uniqueness Score: -1.00%

Function 01108CD6 Relevance: .0, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 36%

			E01108CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x112d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E01057D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0107B640(E01079AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}

0x01108ce5
0x01108ced
0x01108cf0
0x01108cfb
0x01108d0d
0x01108cfd
0x01108d06
0x01108d06
0x01108d18
0x01108d19
0x01108d1b
0x01108d20
0x01108d33

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f649e712acab93eaae0f76fbcdfcbbb19ca84d03b0b70817bc42a6ebb149df39
Instruction ID: 0dff7a827fe1870a736a10e629448192eeb19fa1e5cd4b95c0557dedd7f46d28
Opcode Fuzzy Hash: f649e712acab93eaae0f76fbcdfcbbb19ca84d03b0b70817bc42a6ebb149df39
Instruction Fuzzy Hash: 92F08970D05149AFDF04EBA8D545EAE77B4EF18300F500159F955EB2C0DA34D900C758

Uniqueness

Uniqueness Score: -1.00%

Function 01034F2E Relevance: .0, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01034F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E011088F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E0105C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x1011030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}

0x01034f2e
0x01034f34
0x01034f38
0x01090b85
0x01090b85
0x01090b89
0x01090b9a
0x01090b9a
0x01090b9f
0x00000000
0x01090b9f
0x01090b94
0x01090b98
0x00000000
0x00000000
0x00000000
0x01090b98
0x01034f3e
0x01034f48
0x00000000
0x01034f6e
0x00000000
0x01034f70

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e6c8e4bd52a5df613798a7281a4f00a4e2051cc0d8b6da76424e9bc3510636a
Instruction ID: 92d1f9aec810353bc62e71006535eeaebbf5a00b7d37d2d0ee88ef6f07fe9d1d
Opcode Fuzzy Hash: 7e6c8e4bd52a5df613798a7281a4f00a4e2051cc0d8b6da76424e9bc3510636a
Instruction Fuzzy Hash: 93F0E9319256848FDBB2DB1CC154B1277ECAB00778F0484A5E995C7516C774DC40C640

Uniqueness

Uniqueness Score: -1.00%

Function 0103354C Relevance: .0, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0103354C(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t16;
				void* _t18;
				void* _t19;
				void* _t20;

				_t17 = __ecx;
				_t20 = __ecx;
				if(__ecx == 0 || E0105C5D5(__ecx, _t18) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x1011008 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E011088F5(_t16, _t17, _t18, _t19, _t20, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				} else {
					return 1;
				}
			}

0x0103354c
0x01033552
0x01033556
0x0108fef1
0x0108fef5
0x0108ff06
0x0108ff06
0x0108ff0b
0x00000000
0x0108ff0b
0x0108ff00
0x0108ff04
0x00000000
0x00000000
0x00000000
0x01033589
0x00000000
0x0103358b

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 067249ed054a123c34f6786ce3e095b074aa320b5fb4698c47183a7244e7addc
Instruction ID: fd9b072ea27008427ad990e89e9aa6fd15b6c0faf0eae969d1ec802c94944b48
Opcode Fuzzy Hash: 067249ed054a123c34f6786ce3e095b074aa320b5fb4698c47183a7244e7addc
Instruction Fuzzy Hash: FEF0E23191968A8FD7A2E33CC140B12BBD8DB01B70F1540E1E9C587983CB68C880C680

Uniqueness

Uniqueness Score: -1.00%

Function 0106A44B Relevance: .0, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0106A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x1127b9c; // 0x0
				_t15 = __ecx;
				_t16 = E01054620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E0107FA60(_t17, 0, _t15 << 2);
				return _t17;
			}

0x0106a44b
0x0106a453
0x0106a472
0x0106a476
0x00000000
0x0106a493
0x0106a47a
0x0106a47f
0x0106a486
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c51021827679238d2207b1ef2ff67217549da7b0d332465f0627d32606da1f84
Instruction ID: f4510818012cd5c078aef36d6851f9f8b05ad755d3cc8185d6a8e28629465722
Opcode Fuzzy Hash: c51021827679238d2207b1ef2ff67217549da7b0d332465f0627d32606da1f84
Instruction Fuzzy Hash: 92E09272B01422EBD3216E18AC00FA7B39DDBE4651F094035EA45D7254DA68DD51C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 0103F358 Relevance: .0, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E0103F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E0106F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = E01054620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}

0x0103f35d
0x0103f361
0x0103f367
0x0103f372
0x0103f38c
0x0103f38c
0x0103f394

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
Instruction ID: 01cca1b682383ed7ca13c298e4b9c007a2ebd6b4903e1fac1344a821bca073b6
Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
Instruction Fuzzy Hash: 41E06F32A01129FBCB20AACC9E01FABBFACDB88AA0F008091FA04D7050D5649E00C2D2

Uniqueness

Uniqueness Score: -1.00%

Function 010315C1 Relevance: .0, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010315C1(intOrPtr* __ecx, intOrPtr* __edx, intOrPtr _a4) {
				intOrPtr* _t17;

				_t14 = __ecx;
				_t17 = __ecx;
				if(( *(__edx + 2) & 0x00000001) != 0) {
					L5:
					return 0;
				}
				 *__edx =  *__edx + 0xffff;
				if( *__edx != 0) {
					goto L5;
				}
				_t4 = _t17 + 8; // 0x8
				if(__edx != _t4) {
					L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __edx);
					_t14 = _t17;
				}
				E01031480(_t14, _a4);
				return 1;
			}

0x010315c1
0x010315cb
0x010315cd
0x010315f3
0x00000000
0x010315f3
0x010315d4
0x010315d7
0x00000000
0x00000000
0x010315d9
0x010315de
0x0108ef10
0x0108ef15
0x0108ef15
0x010315e7
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
Instruction ID: 3ca302a8bee8b420cffd70dfde16ae91788eb3d43a5bc6cd9261bfb11598f5db
Opcode Fuzzy Hash: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
Instruction Fuzzy Hash: B2E0ED31200286D3CB62AB48C400BEAB7ADABE5700F0880B1E8828B182DA709842C3E0

Uniqueness

Uniqueness Score: -1.00%

Function 01064710 Relevance: .0, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01064710(intOrPtr* _a4) {
				void* _t5;
				intOrPtr _t12;
				intOrPtr* _t14;

				_t5 = E01057D50();
				if(_t5 != 0) {
					_t12 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x10));
					L3:
					 *_a4 = _t12;
					L4:
					return 1;
				}
				if( *0x7ffe0268 == _t5) {
					_t14 = _a4;
					if(E010E64FB(_t14) >= 0) {
						goto L4;
					}
					 *_t14 = 1;
					return 0;
				}
				_t12 =  *0x7ffe0264;
				goto L3;
			}

0x01064716
0x0106471d
0x010a6655
0x01064735
0x01064738
0x0106473a
0x00000000
0x0106473a
0x01064729
0x010a662d
0x010a6639
0x00000000
0x00000000
0x010a6641
0x00000000
0x010a6641
0x0106472f
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0df256ba2b9307f516b5a4f7d47ef3065f2fd7a7a153fc2d55d4bb558cf3f2de
Instruction ID: fcc8e56fde6ce05eef3e41e3a6fdc72bc32a29205c474a3265e70dd708a75349
Opcode Fuzzy Hash: 0df256ba2b9307f516b5a4f7d47ef3065f2fd7a7a153fc2d55d4bb558cf3f2de
Instruction Fuzzy Hash: A1F0ED7A2043009FCB06DF6AE040AE93BF9BB5A360F040094ECC18B311DB36E881DB40

Uniqueness

Uniqueness Score: -1.00%

Function 0105E760 Relevance: .0, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0105E760(void* __ecx, void* __eflags, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t16;
				void* _t18;
				void* _t19;
				void* _t20;

				_t17 = __ecx;
				_t20 = __ecx;
				if(E0105C5D5(__ecx, _t18) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x10111dc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L7:
						E011088F5(_t16, _t17, _t18, _t19, _t20, __eflags);
						L8:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L8;
					}
					goto L7;
				} else {
					return 1;
				}
			}

0x0105e760
0x0105e766
0x0105e76f
0x010a4014
0x010a4018
0x010a4029
0x010a4029
0x010a402e
0x00000000
0x010a402e
0x010a4023
0x010a4027
0x00000000
0x00000000
0x00000000
0x0105e795
0x00000000
0x0105e797

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abc798358cce863579889a67cc55df08cc8d6d8f3bcdd2d7d8a911c366f90219
Instruction ID: 22e05d89f27f1dfa3b5d9a3d24a0a41a54a0e4b44036cda3bfafb218a60ea992
Opcode Fuzzy Hash: abc798358cce863579889a67cc55df08cc8d6d8f3bcdd2d7d8a911c366f90219
Instruction Fuzzy Hash: BBF0E535994384DFEBA2D7ACD148F62BBD8AB04374F5845A5EA85C7152C7F4D880D260

Uniqueness

Uniqueness Score: -1.00%

Function 01075C70 Relevance: .0, Instructions: 22
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E01075C70(intOrPtr _a4, char _a8) {
				void* __ebp;
				void* _t12;
				intOrPtr _t13;
				void* _t14;
				void* _t15;
				void* _t16;

				_t13 = _a4;
				if(_t13 == 0 || _a8 < 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E011088F5(_t12, _t13, _t14, _t15, _t16, __eflags);
				} else {
					_push(4);
					_push( &_a8);
					_push(0xe);
					_push( *((intOrPtr*)(_t13 + 0x24)));
					return E0107AE70();
				}
			}

0x01075c75
0x01075c7a
0x00000000
0x01075c91
0x01075c91
0x01075c96
0x01075c97
0x01075c99
0x00000000
0x01075c9c

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 315252d8d3e5e1fdd0d3f6bd8f50884039f61c830c14d95a10b54c942d48fd22
Instruction ID: f500440e8ae87b44b62f10cf66318bf98e677aedb3346ee252e1db84fc10f195
Opcode Fuzzy Hash: 315252d8d3e5e1fdd0d3f6bd8f50884039f61c830c14d95a10b54c942d48fd22
Instruction Fuzzy Hash: D6E04F71A0024CEFFB15DB45CD44FA93FA9AB44724F04C155A7598B1A1C774D984CB49

Uniqueness

Uniqueness Score: -1.00%

Function 01063F33 Relevance: .0, Instructions: 22
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01063F33(void* __ecx, signed char _a4) {
				signed int _t12;

				if(( *(__ecx + 0x40) & 0x75010f63) != 2 || ( *( *[fs:0x30] + 0x68) & 0x00000800) != 0) {
					return 0;
				} else {
					if((_a4 & 0x00000001) != 0) {
						_t12 = 1;
					} else {
						_t12 =  *0x1126240; // 0x4
					}
					return 0x7d0 + _t12 * 0x3480;
				}
			}

0x01063f43
0x00000000
0x01063f54
0x01063f58
0x01063f70
0x01063f5a
0x01063f5a
0x01063f5a
0x00000000
0x01063f65

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fa411169de7e0fdfef25202567253ed0110f7e5fea99e871302509cc6183f86
Instruction ID: a9e6b0ae621287f7792a295a5f5e0cdc5fc03416f74f9b7b759c74abeb90265a
Opcode Fuzzy Hash: 5fa411169de7e0fdfef25202567253ed0110f7e5fea99e871302509cc6183f86
Instruction Fuzzy Hash: D8E02633514244ABC7629B18D98372637FCF761758F204465E8CECF482D268E591C6C8

Uniqueness

Uniqueness Score: -1.00%

Function 0104FF60 Relevance: .0, Instructions: 22
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0104FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x10111a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E011088F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E01050050(_t14);
				}
			}

0x0104ff66
0x0104ff6b
0x00000000
0x0104ff8f
0x00000000
0x0104ff8f

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f32cdc5309f06af25fe570c391abd2fab60e96cde2d5fc01888f438352fd8902
Instruction ID: baf23460a96ec3240443ac051b23216c64010b82f5ae4d3215e77f68b48ad23b
Opcode Fuzzy Hash: f32cdc5309f06af25fe570c391abd2fab60e96cde2d5fc01888f438352fd8902
Instruction Fuzzy Hash: 7DE0D8F05052469FD779D75DD0C0F1A77D89F51721F1940ADF44847902C661D840C685

Uniqueness

Uniqueness Score: -1.00%

Function 010C41E8 Relevance: .0, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E010C41E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x11108f0);
				_t5 = E0108D08C(__ebx, __edi, __esi);
				if( *0x11287ec == 0) {
					E0104EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x11287ec == 0) {
						 *0x11287f0 = 0x11287ec;
						 *0x11287ec = 0x11287ec;
						 *0x11287e8 = 0x11287e4;
						 *0x11287e4 = 0x11287e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L010C4248();
				}
				return E0108D0D1(_t5);
			}

0x010c41e8
0x010c41ea
0x010c41ef
0x010c41fb
0x010c4206
0x010c420b
0x010c4216
0x010c421d
0x010c4222
0x010c422c
0x010c4231
0x010c4231
0x010c4236
0x010c423d
0x010c423d
0x010c4247

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dda62c4a47cf4fabd7c477fef1df4474547c2d8bd9d0aa999eccf8a0b03f5ad2
Instruction ID: c97effe8a1e152b571b52c8a312e4322862b0ade39127bc4575109b88a95a734
Opcode Fuzzy Hash: dda62c4a47cf4fabd7c477fef1df4474547c2d8bd9d0aa999eccf8a0b03f5ad2
Instruction Fuzzy Hash: 86F0F274810B01AFDBBAEFA9950174836E5F758721F40827AE1A0862C8C73444B1CF01

Uniqueness

Uniqueness Score: -1.00%

Function 010ED380 Relevance: .0, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010ED380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L0103E8B0(__ecx, _a4, 0xfff);
					L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}

0x010ed38a
0x010ed39b
0x010ed3b1
0x00000000
0x010ed3b6
0x00000000

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
Instruction ID: bcd503a399c8aac184234a350144b2f4ef6002909e959a04c9d393701a0e3057
Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
Instruction Fuzzy Hash: E0E0CD31244205BBDB225E54CC00FA97B55DB50790F104031FD485A690C5719C51D7C4

Uniqueness

Uniqueness Score: -1.00%

Function 01032CDB Relevance: .0, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E01032CDB(intOrPtr* __ecx) {
				intOrPtr* _t9;

				_t9 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x2c)) != 0) {
					_push(0);
					_push( *((intOrPtr*)(__ecx + 0x2c)));
					E010795C0();
				}
				if( *_t9 != 0) {
					_push( *_t9);
					E010795D0();
				}
				return L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t9);
			}

0x01032cde
0x01032ce4
0x0108f970
0x0108f972
0x0108f975
0x0108f975
0x01032ced
0x01032d02
0x01032d04
0x01032d04
0x01032d01

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2301cbb80807bd86986fb20a83a6222ed7f6f329ba40549649f5f350f115ca8
Instruction ID: e570d1a506c39c6c06df6c65a9d0c1e37888cd68569dae639609aaceda2e40d4
Opcode Fuzzy Hash: a2301cbb80807bd86986fb20a83a6222ed7f6f329ba40549649f5f350f115ca8
Instruction Fuzzy Hash: 9FE0C231460225EFDB323F38EC04F967AF9BF90721F110469E0C1050B4CB709881DB44

Uniqueness

Uniqueness Score: -1.00%

Function 0106A185 Relevance: .0, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0106A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x11267e4 >= 0xa) {
					if(_t5 < 0x1126800 || _t5 >= 0x1126900) {
						return L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E01050010(0x11267e0, _t5);
				}
			}

0x0106a190
0x0106a1a6
0x0106a1c2
0x00000000
0x00000000
0x00000000
0x0106a192
0x0106a192
0x0106a19f
0x0106a19f

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9380ae08ec5cb1d4d0046fd696c242dca0648c6340381a7bc55d5b35106c823f
Instruction ID: bb1096393edd0240a539f84a6bb7b28e30329c8b6da469ea83bd59f7a0a4f145
Opcode Fuzzy Hash: 9380ae08ec5cb1d4d0046fd696c242dca0648c6340381a7bc55d5b35106c823f
Instruction Fuzzy Hash: A2D05B71361450DAC72D7710AE54BA73616F784750F34845DFA876F5D4EF5088F4D118

Uniqueness

Uniqueness Score: -1.00%

Function 010B53CA Relevance: .0, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010B53CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E0104EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}

0x010b53ca
0x010b53ce
0x010b53d9
0x010b53de
0x010b53e1
0x010b53e1
0x010b53e6
0x010b53f3
0x00000000
0x010b53f8
0x010b53fb

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
Instruction ID: ecc5b3b0c1c3482016d00913f1dfdb8b20002ee66e758902702ae7e79e26ef2d
Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
Instruction Fuzzy Hash: CBE08C719007849BCF52EB88CA90F8EBBF5FB84B00F140094A5485B720C628AC00CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0104AAB0 Relevance: .0, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0104AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}

0x0104aab6
0x0104aabb
0x0109a442
0x00000000
0x0109a448
0x0109a454
0x0109a454
0x0104aac1
0x0104aac1
0x0104aac6
0x0104aac6

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
Instruction ID: 698746aefbdc840052f8e85a52f61f348eecf9205a0f5f19de83f38793d4f2f5
Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
Instruction Fuzzy Hash: 36D0E975352980CFDB57CB1DC9A8B1577E4BB44B44FC504E0E541CB762EB2CD954CA00

Uniqueness

Uniqueness Score: -1.00%

Function 010635A1 Relevance: .0, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010635A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E0104EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}

0x010635a1
0x010635a1
0x010635a5
0x010635ab
0x010635ab
0x010635b5
0x00000000
0x010635c1
0x010635b7

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
Instruction ID: da854546cc4be4cd154b978db43a4db5c3bb7570a56127e5c91a06e921d02e4b
Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
Instruction Fuzzy Hash: A2D0A9314011829AEB82AB54C2387ACBBBABB00208F5820A580CB0F852C33A4A0AC681

Uniqueness

Uniqueness Score: -1.00%

Function 0103DB40 Relevance: .0, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0103DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = E01054620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}

0x0103db4d
0x0103db54
0x0103db5f
0x0103db56
0x0103db56
0x0103db5c
0x0103db5c

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
Instruction ID: bc4124aab0b6b83f17a3c0e84b597aa8a3e650b00e0cb02973e8236d6d75a023
Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
Instruction Fuzzy Hash: 2AC08C30280A01EAEB661F20CD01B813AA5BB51B41F8400A06741DA0F0EBB8D801E610

Uniqueness

Uniqueness Score: -1.00%

Function 010BA537 Relevance: .0, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010BA537(intOrPtr _a4, intOrPtr _a8) {

				return L01058E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}

0x010ba553

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
Instruction ID: 37cdbeadd8c6ae1256114ec03b5bcd9f6dc3713d7a82cc7dd643a73ec0fc7b13
Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
Instruction Fuzzy Hash: D5C01232080248BBCB126E82CC00F467B2AEBA4B60F008011BA480A5608632E970EA84

Uniqueness

Uniqueness Score: -1.00%

Function 01053A1C Relevance: .0, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01053A1C(intOrPtr _a4) {
				void* _t5;

				return E01054620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}

0x01053a35

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
Instruction ID: a2f4290af9953ba52c28ff2adbb26aac738391d0a6650caf95869cb6ee3cf645
Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
Instruction Fuzzy Hash: 76C08C32080248BBC7126E41DC00F427B29E7A4B60F000020BA040A5608572ECA0D598

Uniqueness

Uniqueness Score: -1.00%

Function 0103AD30 Relevance: .0, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0103AD30(intOrPtr _a4) {

				return L010577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}

0x0103ad49

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
Instruction ID: 89c211820b265b7a63d4f9e5736abe1c7ae2cb481d9281b8ddcfbae85bc0a8c3
Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
Instruction Fuzzy Hash: B1C08C32080248BBC7126A45DD00F027F29E7A0B60F000020FA040A6618932E860E588

Uniqueness

Uniqueness Score: -1.00%

Function 01064190 Relevance: .0, Instructions: 9
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01064190() {

				if(E01057D50() != 0) {
					return  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x14));
				} else {
					return  *0x7ffe02d0;
				}
			}

0x01064197
0x010a641c
0x0106419d
0x010641a2
0x010641a2

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
Instruction ID: 428b46d97f998f9acb5968b8eee1e24e95dc66228d16b0356fff80d6b2482d2e
Opcode Fuzzy Hash: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
Instruction Fuzzy Hash: 52C04C357515418FCF55DB69C284F5637F4B744744F5508D0E845CB721DA24E840DA10

Uniqueness

Uniqueness Score: -1.00%

Function 01057D50 Relevance: .0, Instructions: 7
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01057D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}

0x01057d56
0x01057d5b
0x01057d60
0x01057d5d
0x01057d5d
0x01057d5d

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
Instruction ID: 0920a154f4ec7e532319598255b4a491a642c422670d459040ded86843156ad3
Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
Instruction Fuzzy Hash: 52B092353019408FCFA6EF18C080B1633F4BB44A40B8400D0E800CBA21D229E8009900

Uniqueness

Uniqueness Score: -1.00%

Function 01062ACB Relevance: .0, Instructions: 5
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01062ACB() {
				void* _t5;

				return E0104EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}

0x01062adc

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
Instruction ID: d9ee24842bee0e80dbb7b263125ca37b28a5e1272ece60a416fb7645253b1f7e
Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
Instruction Fuzzy Hash: D1B01232C10841CFCF02EF80C650B5A7331FB40750F0544A0900127930C22CAC01CB80

Uniqueness

Uniqueness Score: -1.00%

Function 01079910 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c06b1a0bbcb3fc1dfe60924eae252849020f6ed9b6258cf848431695a2ced3d0
Instruction ID: a71b70d1a35f0595f27565392e50d8cecf9f732dc53b06db029aac864a020e61
Opcode Fuzzy Hash: c06b1a0bbcb3fc1dfe60924eae252849020f6ed9b6258cf848431695a2ced3d0
Instruction Fuzzy Hash: F69002B120500902D1407199C404B461105A7D0341F51C111E5854558EC6998DD577A5

Uniqueness

Uniqueness Score: -1.00%

Function 01079950 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b9b19dffdefabf0f819b561438b22cfd6898674619e8fc814ce360755eebdc3
Instruction ID: c3e1d392522e2cfb8d6270edba8370431ce280164be268478f8b0563d967c22c
Opcode Fuzzy Hash: 8b9b19dffdefabf0f819b561438b22cfd6898674619e8fc814ce360755eebdc3
Instruction Fuzzy Hash: 219002A120540903D1407599C804A071105A7D0342F51C111E2854559ECA698C517275

Uniqueness

Uniqueness Score: -1.00%

Function 010799A0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5afcd42ffbf8dc6d72671fe44b48d5b2ba15397671983fb02545aaa4ea7eecbf
Instruction ID: 345516f05ab160d3acffb44d48f1de2d1262e8f58d05506537a0d2f2d0b3d479
Opcode Fuzzy Hash: 5afcd42ffbf8dc6d72671fe44b48d5b2ba15397671983fb02545aaa4ea7eecbf
Instruction Fuzzy Hash: 399002A134500942D1007199C414F061105E7E1341F51C115E1854558DC659CC527266

Uniqueness

Uniqueness Score: -1.00%

Function 010799D0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c287e18281818825569a1dd0c477596b8733a8696996754447d80913ff5341c9
Instruction ID: 8740f465dc1f4b8c4792f626238bf1c6322615bdd292ccbd6314ffce8b483ec5
Opcode Fuzzy Hash: c287e18281818825569a1dd0c477596b8733a8696996754447d80913ff5341c9
Instruction Fuzzy Hash: 1D9002A121500542D1047199C404B061145A7E1241F51C112E2944558CC5698C616265

Uniqueness

Uniqueness Score: -1.00%

Function 01079820 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e97ce9dcd083daed4e25866d999d66b8b1d47ae3a70a8c14cc34a8dbd33dabc9
Instruction ID: ddd70889887a1b9dcc5c0787151d1d59da0254c7bbb2342d9d49d4153503c968
Opcode Fuzzy Hash: e97ce9dcd083daed4e25866d999d66b8b1d47ae3a70a8c14cc34a8dbd33dabc9
Instruction Fuzzy Hash: 5990027124500902D1417199C404A061109B7D0281F91C112E0C14558EC6958A56BBA1

Uniqueness

Uniqueness Score: -1.00%

Function 01079840 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caf732238c7de1aab0aac52096919a5e679877843844e8702c3fc807fd7ae852
Instruction ID: 94000080aa4ecaf47a8c9bedd134fc873346c13ebc5135b919fd727fb0939cea
Opcode Fuzzy Hash: caf732238c7de1aab0aac52096919a5e679877843844e8702c3fc807fd7ae852
Instruction Fuzzy Hash: 72900261246046525545B199C4049075106B7E0281791C112E1C04954CC5669856E761

Uniqueness

Uniqueness Score: -1.00%

Function 0107B040 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: decea135c49902da2d6ebc53b4e2c9ddb09edbef2cb9fd23d69a0ee23726c71a
Instruction ID: 533491d78d4ac8c31d72239b33ed257d8bedebaffa5c1e08b64e5e4281134958
Opcode Fuzzy Hash: decea135c49902da2d6ebc53b4e2c9ddb09edbef2cb9fd23d69a0ee23726c71a
Instruction Fuzzy Hash: 249002A1605145434540B199C8048066115B7E1341391C221E0C44564CC6A88855A3A5

Uniqueness

Uniqueness Score: -1.00%

Function 010798A0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99513d53eec6c543e5a395a4081404a3c0a8d330a93f873e3a715670910147c1
Instruction ID: 7a0e0d5fcadf1f6ae3ee06aeb23701702df00523fa4e7f159f3fc8638101f451
Opcode Fuzzy Hash: 99513d53eec6c543e5a395a4081404a3c0a8d330a93f873e3a715670910147c1
Instruction Fuzzy Hash: 8490026130500902D1027199C414A061109E7D1385F91C112E1C14559DC6658953B272

Uniqueness

Uniqueness Score: -1.00%

Function 010798F0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f49a5f33be365c7c4829a69ed4056a1083206a35905b9afd1ccd2dc1e2aa9f58
Instruction ID: 14a6c4e660d94400120aa8776edb018d5313b06561acab4bd9abbe8e173b9935
Opcode Fuzzy Hash: f49a5f33be365c7c4829a69ed4056a1083206a35905b9afd1ccd2dc1e2aa9f58
Instruction Fuzzy Hash: B590026160500A02D1017199C404A16110AA7D0281F91C122E1814559ECA658992B271

Uniqueness

Uniqueness Score: -1.00%

Function 01079B00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a36683d7af3da2ab8c909d1b2e4282012c5b0e7d671a035ba81b4a2e09c85845
Instruction ID: 1a21b0b931227499fd8a1da7a883cd3cdf00813b20ca62988865cf4277b9d3f0
Opcode Fuzzy Hash: a36683d7af3da2ab8c909d1b2e4282012c5b0e7d671a035ba81b4a2e09c85845
Instruction Fuzzy Hash: 6890026124500D02D1407199C414B071106E7D0641F51C111E0814558DC656896577F1

Uniqueness

Uniqueness Score: -1.00%

Function 0107A3B0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d8b792a65cdac785c468e4e9b83f0637c5ae460e66b93f99c0b49e704701927
Instruction ID: 57ed2c25def87dd6e398d8bdcc1dd0c1e1076297370337896cce17510b071f26
Opcode Fuzzy Hash: 7d8b792a65cdac785c468e4e9b83f0637c5ae460e66b93f99c0b49e704701927
Instruction Fuzzy Hash: E990027120544502D1407199C444A0B6105B7E0341F51C511E0C15558CC6558856A361

Uniqueness

Uniqueness Score: -1.00%

Function 01079A00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f87bc9a0654d6cb940cd40f1504734c6debce5c554700b5236ae0f1eb8fe285
Instruction ID: 3367bfa7f4c873739c7ed03ba830398f43cf48eed1cac86a967627ecfef26a0d
Opcode Fuzzy Hash: 4f87bc9a0654d6cb940cd40f1504734c6debce5c554700b5236ae0f1eb8fe285
Instruction Fuzzy Hash: 0390027120540902D1007199C814B0B1105A7D0342F51C111E1954559DC665885176B1

Uniqueness

Uniqueness Score: -1.00%

Function 01079A10 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed4bd41bca258c4420f0b712174be9590385c04e15e4310cc174c07134830598
Instruction ID: 5535eacf711c8168cb3e9c1b5ba675349fb46573d3da4bf4a7180f1537f427e0
Opcode Fuzzy Hash: ed4bd41bca258c4420f0b712174be9590385c04e15e4310cc174c07134830598
Instruction Fuzzy Hash: AF90027120540902D1007199C808B471105A7D0342F51C111E5954559EC6A5C8917671

Uniqueness

Uniqueness Score: -1.00%

Function 01079A20 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2933e342a68e46af2fc70928dc99742bcf65527f42aa9ce4dac83eaac024ae31
Instruction ID: cc1f409264d054df1c0ea29137b3fe04ea51e706aafaaf51eac2ffe0d736cb58
Opcode Fuzzy Hash: 2933e342a68e46af2fc70928dc99742bcf65527f42aa9ce4dac83eaac024ae31
Instruction Fuzzy Hash: 0990026160500542414071A9C844D065105BBE1251751C221E0D88554DC599886567A5

Uniqueness

Uniqueness Score: -1.00%

Function 01079A50 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d036468213d1dae8950d0b16cb7406d92c9a673fb5390eb2216421b4a9a29135
Instruction ID: 068ad1a1cfb6f291b122416d7b8a4d58a944778c0a4e90bc421d3facc786efbf
Opcode Fuzzy Hash: d036468213d1dae8950d0b16cb7406d92c9a673fb5390eb2216421b4a9a29135
Instruction Fuzzy Hash: A290026121580542D20075A9CC14F071105A7D0343F51C215E0944558CC95588616661

Uniqueness

Uniqueness Score: -1.00%

Function 01079A80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6f2e1e35cbbc2b47c852b93624d819c15fa8946daffed747a443883472ab8e4
Instruction ID: 522c6c1492c6acd1b30bb60a8072f87e294ebda5439b11718d08424465e5904c
Opcode Fuzzy Hash: f6f2e1e35cbbc2b47c852b93624d819c15fa8946daffed747a443883472ab8e4
Instruction Fuzzy Hash: 1890026120544942D1407299C804F0F5205A7E1242F91C119E4946558CC95588556761

Uniqueness

Uniqueness Score: -1.00%

Function 01079520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9b8178d45195a6e5f39424c32274879fc084b377d57dcc8e96baec99d3a1be8
Instruction ID: 06f2de827f1ea44a8d75dd7442f9126429fea6e5a7ec93f01930c6e221324c8b
Opcode Fuzzy Hash: a9b8178d45195a6e5f39424c32274879fc084b377d57dcc8e96baec99d3a1be8
Instruction Fuzzy Hash: 019002E1205145924500B299C404F0A5605A7E0241B51C116E1844564CC5658851A275

Uniqueness

Uniqueness Score: -1.00%

Function 0107AD30 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8c6c571003b88106ccdbc890b02f4546666201f306252db33f023aa3c57bd8f
Instruction ID: ffe83e02eb0e9ff7f60ae4ecb278719b24fa82632306b1d6643b5c7b53d28dd0
Opcode Fuzzy Hash: f8c6c571003b88106ccdbc890b02f4546666201f306252db33f023aa3c57bd8f
Instruction Fuzzy Hash: 42900271A090051291407199C814A465106B7E0781B55C111E0D04558CC9948A5563E1

Uniqueness

Uniqueness Score: -1.00%

Function 01079540 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 400f851200f67d10349e9eeec7e74209c28ba84dd4e811bb0d1dda27a77b8033
Instruction ID: 5d0307cb85d6d4153a61783d2aa04afc3d60bcaf2e1a772e00dd17b672695de8
Opcode Fuzzy Hash: 400f851200f67d10349e9eeec7e74209c28ba84dd4e811bb0d1dda27a77b8033
Instruction Fuzzy Hash: 7F900265215005030105B59987049071146A7D5391351C121F1805554CD66188616261

Uniqueness

Uniqueness Score: -1.00%

Function 01079560 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f355763ff30bbd2156a6395e106d8cd6dbbe129b59dedfce7aa5330e95624054
Instruction ID: ad5d54d040b5059532f982ef8c22dba12a666405474b153c0113467793ad21e2
Opcode Fuzzy Hash: f355763ff30bbd2156a6395e106d8cd6dbbe129b59dedfce7aa5330e95624054
Instruction Fuzzy Hash: E9900265225005020145B599860490B1545B7D6391391C115F1C06594CC66188656361

Uniqueness

Uniqueness Score: -1.00%

Function 010795D0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1df65eca2f3f173e7e12ea3e7119ae1664397d6c93bcc85f5e70859711e16cc
Instruction ID: 7c6c1ade68c6f1889d97a0a1d9ce2140a26e1a20076882e8e01e9bf535d89698
Opcode Fuzzy Hash: a1df65eca2f3f173e7e12ea3e7119ae1664397d6c93bcc85f5e70859711e16cc
Instruction Fuzzy Hash: C19002A12060050341057199C414A16510AA7E0241B51C121E1804594DC56588917265

Uniqueness

Uniqueness Score: -1.00%

Function 010795F0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e90622d6c62bbf7941f6915cd470775529003d2538a62d44acb6bd1de4c66b6
Instruction ID: 64f22656d408b6510983250d096e6bd72c7a19a059c392805de9ba3b2ef256dd
Opcode Fuzzy Hash: 7e90622d6c62bbf7941f6915cd470775529003d2538a62d44acb6bd1de4c66b6
Instruction Fuzzy Hash: 6690027120500D02D1047199C804A861105A7D0341F51C111E6814659ED6A588917271

Uniqueness

Uniqueness Score: -1.00%

Function 0107A710 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ac4afe067728ac18b8d3cad0593c214e4c298134d573ce5f97cd0b825a181bb
Instruction ID: 434893c4e95c298edac70d8f47c07ffc8d0a251b3f7c738e3b2da84f6616b0d0
Opcode Fuzzy Hash: 7ac4afe067728ac18b8d3cad0593c214e4c298134d573ce5f97cd0b825a181bb
Instruction Fuzzy Hash: D7900271305005529500B6D9D804E4A5205A7F0341B51D115E4804558CC59488616261

Uniqueness

Uniqueness Score: -1.00%

Function 01079710 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4af57929777639bfc2cc83facf71e0d3f46010dbd7604e3899952168e2ee274e
Instruction ID: 8154b57ba51b5c95fadb00b3631c482bc38a52055982575524b7a7786c8a728c
Opcode Fuzzy Hash: 4af57929777639bfc2cc83facf71e0d3f46010dbd7604e3899952168e2ee274e
Instruction Fuzzy Hash: 3590027120500902D10075D9D408A461105A7E0341F51D111E5814559EC6A588917271

Uniqueness

Uniqueness Score: -1.00%

Function 01079730 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e94e55de0092ff7924d5b71264896acfc7737954ccfa074f8ecfac187d8c4c84
Instruction ID: 1d2874648716f51abb4fdc9761020b707d30d960a2754d51a24194e7e6738d54
Opcode Fuzzy Hash: e94e55de0092ff7924d5b71264896acfc7737954ccfa074f8ecfac187d8c4c84
Instruction Fuzzy Hash: 3090026160900902D1407199D418B061115A7D0241F51D111E0814558DC6998A5577E1

Uniqueness

Uniqueness Score: -1.00%

Function 01079760 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95ff8f105531246937f4ee3638e7de5f8afc63370d241cb4b0a412e24e6b0165
Instruction ID: 46a11413406357ea2daa839ad78b578292d7c8fbe09e8d63336dbc01f74ab68f
Opcode Fuzzy Hash: 95ff8f105531246937f4ee3638e7de5f8afc63370d241cb4b0a412e24e6b0165
Instruction Fuzzy Hash: 8A90027120500903D1007199D508B071105A7D0241F51D511E0C1455CDD69688517261

Uniqueness

Uniqueness Score: -1.00%

Function 0107A770 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b548b47f95c9e62b0214dc450c698d08f04c543ffdafe429dc1ef97864ef162
Instruction ID: 5333a174e55b4df9770e1dc8249cc9ccd0099c2d98e06fa39eabf637af896026
Opcode Fuzzy Hash: 6b548b47f95c9e62b0214dc450c698d08f04c543ffdafe429dc1ef97864ef162
Instruction Fuzzy Hash: E990027520904942D5007599D804E871105A7D0345F51D511E0C1459CDC6948861B261

Uniqueness

Uniqueness Score: -1.00%

Function 01079770 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5b6898ce9f065c99c5d8ff21f59f0392826d8daafacf068c2f1d13287f33c8e
Instruction ID: 2d784c1e2fae1839afd1ac14bbf1801cf4d9576db5af8870d667212547585a13
Opcode Fuzzy Hash: b5b6898ce9f065c99c5d8ff21f59f0392826d8daafacf068c2f1d13287f33c8e
Instruction Fuzzy Hash: 3B90026120904942D1007599D408E061105A7D0245F51D111E1854599DC6758851B271

Uniqueness

Uniqueness Score: -1.00%

Function 01079780 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a450eb0d0a7e4ed64dc1c71be8ee78c74b0e46252a3bc4a6ed76f42279f79a41
Instruction ID: df959646dad39cdef3ee1eb466b88dbeb33f060c6a56d2e88ba96be0462786d5
Opcode Fuzzy Hash: a450eb0d0a7e4ed64dc1c71be8ee78c74b0e46252a3bc4a6ed76f42279f79a41
Instruction Fuzzy Hash: 3490026921700502D1807199D408A0A1105A7D1242F91D515E080555CCC95588696361

Uniqueness

Uniqueness Score: -1.00%

Function 010797A0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cf2f9803e38b4ef6a5fe4dea9d0f601cbf95e98258e150772df712a059f0d61
Instruction ID: 71d455f1a4df04fabcb6651442d6af5b7857e4e105388b19709bbc02a463e1cd
Opcode Fuzzy Hash: 2cf2f9803e38b4ef6a5fe4dea9d0f601cbf95e98258e150772df712a059f0d61
Instruction Fuzzy Hash: 7A90026130500503D1407199D418A065105F7E1341F51D111E0C04558CD95588566362

Uniqueness

Uniqueness Score: -1.00%

Function 01079FE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60203dd72f117ade406f5bf4d7f482eb44cdaa1736b5b6b358ff034f06b63ad8
Instruction ID: d81a06540f2a78a5d693166b1565c9020327da7509178b356eecd02a317a25db
Opcode Fuzzy Hash: 60203dd72f117ade406f5bf4d7f482eb44cdaa1736b5b6b358ff034f06b63ad8
Instruction Fuzzy Hash: C590027131514902D1107199C404B061105A7D1241F51C511E0C1455CDC6D588917262

Uniqueness

Uniqueness Score: -1.00%

Function 01079610 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7caf5213afd16f1f16cc54fa1bb91b9c3d581fd04ae781c9dab124b607f0190
Instruction ID: 46353c6333241d16e087444b0501a26dc2797bd4834cdd2d57a26f59688e57f4
Opcode Fuzzy Hash: f7caf5213afd16f1f16cc54fa1bb91b9c3d581fd04ae781c9dab124b607f0190
Instruction Fuzzy Hash: 6290027160900D02D1507199C414B461105A7D0341F51C111E0814658DC7958A5577E1

Uniqueness

Uniqueness Score: -1.00%

Function 01079650 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49f761ba0d048693f8c7f0f79363c47e8a44cf75b2df06f7dbc2ba9e2fecab75
Instruction ID: 9a8a568c219f8c5c660a6417dabea8ec3529bf2c54b06ed3cd02819b473e5448
Opcode Fuzzy Hash: 49f761ba0d048693f8c7f0f79363c47e8a44cf75b2df06f7dbc2ba9e2fecab75
Instruction Fuzzy Hash: 2090027120904D42D1407199C404E461115A7D0345F51C111E0854698DD6658D55B7A1

Uniqueness

Uniqueness Score: -1.00%

Function 010796D0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e0219764fd97239b8953bccb5ec82800acffd1d4009e6791c99d27067368f6d
Instruction ID: e7c5eaf6ac754d59122aa509f3a7dce81202ba50c8e020f2b91b490a23d97469
Opcode Fuzzy Hash: 4e0219764fd97239b8953bccb5ec82800acffd1d4009e6791c99d27067368f6d
Instruction Fuzzy Hash: A790027120500D42D1007199C404F461105A7E0341F51C116E0914658DC655C8517661

Uniqueness

Uniqueness Score: -1.00%

Function 01079670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction ID: 70d69c9708321436d48d2755b7b101d7e267528541e46e621984155fed801ba4
Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 010340FD Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 195
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 63%

			E010340FD(void* __ecx) {
				signed int _v8;
				char _v548;
				unsigned int _v552;
				unsigned int _v556;
				unsigned int _v560;
				char _v564;
				char _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t49;
				signed char _t53;
				unsigned int _t55;
				unsigned int _t56;
				unsigned int _t65;
				unsigned int _t66;
				void* _t68;
				unsigned int _t73;
				unsigned int _t77;
				unsigned int _t85;
				char* _t98;
				unsigned int _t102;
				signed int _t103;
				void* _t105;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t112;

				_t45 =  *0x112d360 ^ _t107;
				_v8 =  *0x112d360 ^ _t107;
				_t105 = __ecx;
				if( *0x11284d4 == 0) {
					L5:
					return E0107B640(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
				}
				_t85 = 0;
				E0104E9C0(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
				if(( *0x7ffe02d5 & 0x00000003) == 0) {
					_t45 = 0;
				} else {
					_t45 =  *(_v564 + 0x5f) & 0x00000001;
				}
				if(_t45 == 0) {
					_v552 = _t85;
					_t49 = E010342EB(_t105);
					__eflags = _t49;
					if(_t49 != 0) {
						L15:
						_t103 = 2;
						_v552 = _t103;
						L10:
						__eflags = ( *0x7ffe02d5 & 0x0000000c) - 4;
						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
							_t45 = 1;
						} else {
							_t53 = E010341EA(_v564);
							asm("sbb al, al");
							_t45 =  ~_t53 + 1;
							__eflags = _t45;
						}
						__eflags = _t45;
						if(_t45 == 0) {
							_t102 = _t103 | 0x00000040;
							_v552 = _t102;
						}
						__eflags = _t102;
						if(_t102 != 0) {
							L33:
							_push(4);
							_push( &_v552);
							_push(0x22);
							_push(0xffffffff);
							_t45 = E010796C0();
						}
						goto L4;
					}
					_v556 = _t85;
					_t102 =  &_v556;
					_t55 = E0103429E(_t105 + 0x2c, _t102);
					__eflags = _t55;
					if(_t55 >= 0) {
						__eflags = _v556 - _t85;
						if(_v556 == _t85) {
							goto L8;
						}
						_t85 = _t105 + 0x24;
						E010C5720(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v556);
						_v560 = 0x214;
						E0107FA60( &_v548, 0, 0x214);
						_t106 =  *0x11284d4;
						_t110 = _t108 + 0x20;
						 *0x112b1e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
						_t65 =  *((intOrPtr*)( *0x11284d4))();
						__eflags = _t65;
						if(_t65 == 0) {
							goto L8;
						}
						_t66 = _v560;
						__eflags = _t66;
						if(_t66 == 0) {
							goto L8;
						}
						__eflags = _t66 - 0x214;
						if(_t66 >= 0x214) {
							goto L8;
						}
						_t68 = (_t66 >> 1) * 2 - 2;
						__eflags = _t68 - 0x214;
						if(_t68 >= 0x214) {
							E0107B75A();
							goto L33;
						}
						_push(_t85);
						 *((short*)(_t107 + _t68 - 0x220)) = 0;
						E010C5720(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
						_t111 = _t110 + 0x14;
						_t73 = E01081480( &_v548, L"Execute=1");
						_push(_t85);
						__eflags = _t73;
						if(_t73 == 0) {
							E010C5720(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
							_t106 =  &_v548;
							_t98 =  &_v548;
							_t112 = _t111 + 0x14;
							_t77 = _v560 + _t98;
							_v556 = _t77;
							__eflags = _t98 - _t77;
							if(_t98 >= _t77) {
								goto L8;
							} else {
								goto L27;
							}
							do {
								L27:
								_t85 = E01081150(_t106, 0x20);
								__eflags = _t85;
								if(__eflags != 0) {
									__eflags = 0;
									 *_t85 = 0;
								}
								E010C5720(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
								_t112 = _t112 + 0x10;
								E010B3E13(_t105, _t106, __eflags);
								__eflags = _t85;
								if(_t85 == 0) {
									goto L8;
								}
								_t41 = _t85 + 2; // 0x2
								_t106 = _t41;
								__eflags = _t106 - _v556;
							} while (_t106 < _v556);
							goto L8;
						}
						_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
						_push(3);
						_push(0x55);
						E010C5720();
						goto L15;
					}
					L8:
					_t56 = E010341F7(_t105);
					__eflags = _t56;
					if(_t56 != 0) {
						goto L15;
					}
					_t103 = _v552;
					goto L10;
				} else {
					L4:
					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
					goto L5;
				}
			}

0x0103410d
0x0103410f
0x0103411c
0x0103411e
0x01034158
0x01034168
0x01034168
0x01034126
0x01034130
0x0103413c
0x010904a2
0x01034142
0x0103414b
0x0103414b
0x0103414f
0x0103416b
0x01034171
0x01034176
0x01034178
0x010341d0
0x010341d2
0x010341d3
0x010341a7
0x010341ae
0x010341b0
0x010341db
0x010341b2
0x010341b8
0x010341bf
0x010341c1
0x010341c1
0x010341c1
0x010341c3
0x010341c5
0x010341df
0x010341e2
0x010341e2
0x010341c7
0x010341c9
0x01090628
0x01090628
0x01090630
0x01090631
0x01090633
0x01090635
0x01090635
0x00000000
0x010341c9
0x0103417d
0x01034183
0x01034189
0x0103418e
0x01034190
0x010904a9
0x010904af
0x00000000
0x00000000
0x010904b5
0x010904c8
0x010904d5
0x010904e5
0x010904ea
0x010904f6
0x01090518
0x0109051e
0x01090520
0x01090522
0x00000000
0x00000000
0x01090528
0x0109052e
0x01090530
0x00000000
0x00000000
0x0109053b
0x0109053d
0x00000000
0x00000000
0x01090545
0x0109054c
0x0109054e
0x01090623
0x00000000
0x01090623
0x01090556
0x01090557
0x0109056f
0x01090574
0x01090583
0x0109058a
0x0109058b
0x0109058d
0x010905b5
0x010905c0
0x010905c6
0x010905c8
0x010905cb
0x010905cd
0x010905d3
0x010905d5
0x00000000
0x00000000
0x00000000
0x00000000
0x010905db
0x010905db
0x010905e3
0x010905e7
0x010905e9
0x010905eb
0x010905ed
0x010905ed
0x010905fa
0x010905ff
0x01090606
0x0109060b
0x0109060d
0x00000000
0x00000000
0x01090613
0x01090613
0x01090616
0x01090616
0x00000000
0x0109061e
0x0109058f
0x01090594
0x01090596
0x01090598
0x00000000
0x0109059d
0x01034196
0x01034198
0x0103419d
0x0103419f
0x00000000
0x00000000
0x010341a1
0x00000000
0x01034151
0x01034151
0x01034151
0x00000000
0x01034151

Strings

Execute=1, xrefs: 0109057D
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 0109058F
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 010905AC
CLIENT(ntdll): Processing section info %ws..., xrefs: 010905F1
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01090566
ExecuteOptions, xrefs: 0109050A
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 010904BF

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: 376af05193029c5117719563f49bb450c9726154af1df97d54b54899be0e9764
Instruction ID: d88187b85f05956580e7afda11b4e764244e376faabb4b2bd4bbc5c6a4d928d6
Opcode Fuzzy Hash: 376af05193029c5117719563f49bb450c9726154af1df97d54b54899be0e9764
Instruction Fuzzy Hash: D5611C71B40619BAEF209A54EC95FED77ACAF68700F0401E9E585DB181D7709A418F64

Uniqueness

Uniqueness Score: -1.00%

Function 010CFDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E010CFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0107CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E010C5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E010C5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}

0x010cfdda
0x010cfde2
0x010cfde5
0x010cfdec
0x010cfdfa
0x010cfdff
0x010cfe0a
0x010cfe0f
0x010cfe17
0x010cfe1e
0x010cfe19
0x010cfe19
0x010cfe19
0x010cfe20
0x010cfe21
0x010cfe22
0x010cfe25
0x010cfe40

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010CFDFA

Strings

RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 010CFE01
RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 010CFE2B

Memory Dump Source

Source File: 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1010000_SecuriteInfo.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
API String ID: 885266447-3903918235
Opcode ID: 4118f780775f80337c2454b0e0c47040626b2a0b099d9ec6a286bc606e2dc896
Instruction ID: 2419f5acab3cad70f630ab109c3d59f00e2134780fc4660ea7dcad0f6530d11b
Opcode Fuzzy Hash: 4118f780775f80337c2454b0e0c47040626b2a0b099d9ec6a286bc606e2dc896
Instruction Fuzzy Hash: 0DF0FC36600102BFE6201B85DC05F677F5AEB44B30F244319F694561D1D962F8608AF5

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: FormBook

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Windows Analysis Report
SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Function 00A7B6C1 Relevance: 6.1, APIs: 4, Instructions: 124
threadCOMMON

Function 00A7B6D0 Relevance: 6.1, APIs: 4, Instructions: 120
threadCOMMON

Function 00A7FD2C Relevance: 1.6, APIs: 1, Instructions: 115
COMMON

Function 00A7FD38 Relevance: 1.6, APIs: 1, Instructions: 113
COMMON

Function 00A75364 Relevance: 1.6, APIs: 1, Instructions: 98
COMMON

Function 00A73DE4 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 00A77DCA Relevance: 1.6, APIs: 1, Instructions: 83
COMMON

Function 00A79B30 Relevance: 1.6, APIs: 1, Instructions: 77
libraryCOMMON

Function 00A79842 Relevance: 1.6, APIs: 1, Instructions: 70
COMMON

Function 00A7B8F2 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Function 00A7B8F8 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Function 00A794B8 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Function 00A798B0 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Function 01079860 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Function 01079660 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Function 010796E0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Function 0107967A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMONLIBRARYCODE

Function 010EB260 Relevance: 37.8, Strings: 30, Instructions: 262
COMMONLIBRARYCODE

Function 010F1C06 Relevance: 31.4, Strings: 25, Instructions: 195
COMMON

Function 010F4AEF Relevance: 11.8, Strings: 9, Instructions: 529
COMMONCrypto