Create Interactive Tour

Windows Analysis Report
tinytask-1-77.exe

Overview

General Information

Sample Name:tinytask-1-77.exe
Analysis ID:588879
MD5:8fd3551654f0f5281ddbd7e32cb73054
SHA1:9b1c9722847cd57cd11e4de80cd9e8197c3c34cd
SHA256:75e06ac5b7c1adb01ab994633466685e3dcef31d635eba1734fe16c7893ffe12
Tags:exe
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Uses Windows timers to delay execution
Uses 32bit PE files
Contains functionality to retrieve information about pressed keystrokes
Sample file is different than original file name gathered from version info
PE file contains strange resources
Contains functionality to simulate keystroke presses
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Program does not show much activity (idle)
Contains functionality to simulate mouse events
Potential key logger detected (key state polling based)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • tinytask-1-77.exe (PID: 1396 cmdline: "C:\Users\user\Desktop\tinytask-1-77.exe" MD5: 8FD3551654F0F5281DDBD7E32CB73054)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: tinytask-1-77.exeVirustotal: Detection: 14%Perma Link
Source: tinytask-1-77.exeMetadefender: Detection: 20%Perma Link
Source: tinytask-1-77.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: C:\Users\user\Desktop\tinytask-1-77.exeCode function: 1_2_00403B09 CreateFileA,GetFileAttributesA,CreateFileA,CloseHandle,FindFirstFileA,FindClose,FindClose,FindNextFileA,FindClose,FindClose,1_2_00403B09
Source: tinytask-1-77.exeString found in binary or memory: https://www.tinytask.net
Source: C:\Users\user\Desktop\tinytask-1-77.exeCode function: 1_2_00402148 mouse_event,keybd_event,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,MapVirtualKeyA,keybd_event,SetKeyboardState,GetAsyncKeyState,GetKeyState,VkKeyScanA,VkKeyScanA,VkKeyScanA,MapVirtualKeyA,MapVirtualKeyA,keybd_event,MapVirtualKeyA,MapVirtualKeyA,keybd_event,MapVirtualKeyA,keybd_event,VkKeyScanA,MapVirtualKeyA,keybd_event,Sleep,GetCursorPos,GetKeyState,GetTickCount,SetTimer,KillTimer,GetTickCount,SetWindowTextA,InvalidateRect,DefWindowProcA,1_2_00402148
Source: C:\Users\user\Desktop\tinytask-1-77.exeCode function: 1_2_00401489 DestroyWindow,BeginPaint,CreateCompatibleDC,SelectObject,BitBlt,SelectObject,BitBlt,SelectObject,SelectObject,BitBlt,SelectObject,DeleteDC,EndPaint,GetWindowRect,DestroyCursor,DeleteObject,DeleteObject,DeleteObject,KillTimer,PostQuitMessage,GetModuleHandleA,CreateCursor,PostMessageA,GetCursor,SetCursor,KillTimer,KillTimer,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,Sleep,PostMessageA,GetTickCount,wsprintfA,GetTickCount,wsprintfA,GetWindowTextA,FindWindowExA,FindWindowExA,FindWindowExA,KillTimer,GetClientRect,GetVersion,GetVersion,CreateWindowExA,GetStockObject,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowLongA,SetWindowLongA,ShowWindow,UpdateWindow,UpdateWindow,InvalidateRect,InvalidateRect,UpdateWindow,InvalidateRect,UpdateWindow,SendMessageA,SetFocus,DeleteFileA,SetWindowTextA,GetModuleHandleA,GetModuleFileNameA,CopyFileA,CreateFileA,GetFileSize,SetFilePointer,ReadFile,wsprintfA,SetFilePointer,WriteFile,CloseHandle,wsprintfA,GetModuleHandleA,MessageBoxIndirectA,SetTimer,MessageBoxA,DefWindowProcA,1_2_00401489
Source: C:\Users\user\Desktop\tinytask-1-77.exeCode function: 1_2_004034C6 GetKeyState,GetKeyState,GetKeyState,GetSystemMetrics,mouse_event,mouse_event,mouse_event,GetSystemMetrics,GetSystemMetrics,mouse_event,SetCursorPos,MapVirtualKeyA,keybd_event,GetSystemMetrics,GetSystemMetrics,mouse_event,SetCursorPos,Sleep,SetTimer,GetDoubleClickTime,Sleep,PostMessageA,1_2_004034C6
Source: tinytask-1-77.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: tinytask-1-77.exe, 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameTinyTask.exe vs tinytask-1-77.exe
Source: tinytask-1-77.exeBinary or memory string: OriginalFilenameTinyTask.exe vs tinytask-1-77.exe
Source: tinytask-1-77.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: tinytask-1-77.exeVirustotal: Detection: 14%
Source: tinytask-1-77.exeMetadefender: Detection: 20%
Source: tinytask-1-77.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\tinytask-1-77.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: classification engineClassification label: mal52.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\tinytask-1-77.exeCode function: 1_2_00401000 GetModuleHandleA,GetModuleFileNameA,GetPrivateProfileIntA,GetPrivateProfileIntA,GetSystemMetrics,GetSystemMetrics,GetPrivateProfileIntA,GetPrivateProfileIntA,KiUserCallbackDispatcher,SetRect,GetDC,RectVisible,GetPrivateProfileIntA,GetPrivateProfileIntA,GetPrivateProfileIntA,GetPrivateProfileIntA,GetPrivateProfileIntA,GetPrivateProfileIntA,LoadIconA,RegisterClassExA,MessageBoxA,CreateWindowExA,ShowWindow,UpdateWindow,GetModuleHandleA,GetModuleFileNameA,PostMessageA,GetMessageA,KiUserCallbackDispatcher,TranslateMessage,DispatchMessageA,1_2_00401000
Source: C:\Users\user\Desktop\tinytask-1-77.exeCode function: 1_2_0040392F GetPrivateProfileIntA,GetPrivateProfileStringA,GetSystemMetrics,LoadImageA,GetObjectA,GetSystemMetrics,MessageBoxA,WritePrivateProfileStringA,DeleteObject,GetModuleHandleA,LoadImageA,DeleteObject,DeleteObject,GetObjectA,KiUserCallbackDispatcher,GetSystemMetrics,GetSystemMetrics,1_2_0040392F
Source: C:\Users\user\Desktop\tinytask-1-77.exeCode function: 1_2_00402D18 GetPrivateProfileStringA,WritePrivateProfileStringA,GetWindowLongA,SetWindowLongA,SetWindowPos,InvalidateRect,UpdateWindow,DefWindowProcA,1_2_00402D18

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\tinytask-1-77.exeUser Timer Set: Timeout: 50msJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\tinytask-1-77.exeCode function: 1_2_00403B09 CreateFileA,GetFileAttributesA,CreateFileA,CloseHandle,FindFirstFileA,FindClose,FindClose,FindNextFileA,FindClose,FindClose,1_2_00403B09
Source: C:\Users\user\Desktop\tinytask-1-77.exeAPI call chain: ExitProcess graph end nodegraph_1-1178
Source: C:\Users\user\Desktop\tinytask-1-77.exeCode function: 1_2_0040424C GetProcessHeap,HeapAlloc,1_2_0040424C
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\tinytask-1-77.exeCode function: 1_2_004034C6 GetKeyState,GetKeyState,GetKeyState,GetSystemMetrics,mouse_event,mouse_event,mouse_event,GetSystemMetrics,GetSystemMetrics,mouse_event,SetCursorPos,MapVirtualKeyA,keybd_event,GetSystemMetrics,GetSystemMetrics,mouse_event,SetCursorPos,Sleep,SetTimer,GetDoubleClickTime,Sleep,PostMessageA,1_2_004034C6
Source: C:\Users\user\Desktop\tinytask-1-77.exeCode function: 1_2_004034C6 GetKeyState,GetKeyState,GetKeyState,GetSystemMetrics,mouse_event,mouse_event,mouse_event,GetSystemMetrics,GetSystemMetrics,mouse_event,SetCursorPos,MapVirtualKeyA,keybd_event,GetSystemMetrics,GetSystemMetrics,mouse_event,SetCursorPos,Sleep,SetTimer,GetDoubleClickTime,Sleep,PostMessageA,1_2_004034C6
Source: C:\Users\user\Desktop\tinytask-1-77.exeCode function: 1_2_00401489 DestroyWindow,BeginPaint,CreateCompatibleDC,SelectObject,BitBlt,SelectObject,BitBlt,SelectObject,SelectObject,BitBlt,SelectObject,DeleteDC,EndPaint,GetWindowRect,DestroyCursor,DeleteObject,DeleteObject,DeleteObject,KillTimer,PostQuitMessage,GetModuleHandleA,CreateCursor,PostMessageA,GetCursor,SetCursor,KillTimer,KillTimer,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,Sleep,PostMessageA,GetTickCount,wsprintfA,GetTickCount,wsprintfA,GetWindowTextA,FindWindowExA,FindWindowExA,FindWindowExA,KillTimer,GetClientRect,GetVersion,GetVersion,CreateWindowExA,GetStockObject,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowLongA,SetWindowLongA,ShowWindow,UpdateWindow,UpdateWindow,InvalidateRect,InvalidateRect,UpdateWindow,InvalidateRect,UpdateWindow,SendMessageA,SetFocus,DeleteFileA,SetWindowTextA,GetModuleHandleA,GetModuleFileNameA,CopyFileA,CreateFileA,GetFileSize,SetFilePointer,ReadFile,wsprintfA,SetFilePointer,WriteFile,CloseHandle,wsprintfA,GetModuleHandleA,MessageBoxIndirectA,SetTimer,MessageBoxA,DefWindowProcA,1_2_00401489
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Virtualization/Sandbox Evasion
21
Input Capture
1
Security Software Discovery
Remote Services21
Input Capture
Exfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS Memory1
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account Manager1
File and Directory Discovery
SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDS2
System Information Discovery
Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 588879 Sample: tinytask-1-77.exe Startdate: 14/03/2022 Architecture: WINDOWS Score: 52 8 Multi AV Scanner detection for submitted file 2->8 5 tinytask-1-77.exe 2->5         started        process3 signatures4 10 Uses Windows timers to delay execution 5->10

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
tinytask-1-77.exe15%VirustotalBrowse
tinytask-1-77.exe20%MetadefenderBrowse
tinytask-1-77.exe10%ReversingLabs
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://www.tinytask.net1%VirustotalBrowse
https://www.tinytask.net0%Avira URL Cloudsafe
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
https://www.tinytask.nettinytask-1-77.exefalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
No contacted IP infos
Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:588879
Start date:14.03.2022
Start time:19:04:12
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 4m 48s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:tinytask-1-77.exe
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:21
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Detection:MAL
Classification:mal52.evad.winEXE@1/0@0/0
EGA Information:
  • Successful, ratio: 100%
HDC Information:
  • Successful, ratio: 98.4% (good quality ratio 88.5%)
  • Quality average: 76.5%
  • Quality standard deviation: 31.4%
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 25
  • Number of non-executed functions: 13
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • Found application associated with file extension: .exe
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 40.125.122.176, 20.54.89.106, 20.54.110.249
  • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, fs.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
  • Not all processes where analyzed, report is missing behavior information
No simulations
No context
No context
No context
No context
No context
No created / dropped files found
File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):6.577308655111805
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.94%
  • Clipper DOS Executable (2020/12) 0.02%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • VXD Driver (31/22) 0.00%
File name:tinytask-1-77.exe
File size:36352
MD5:8fd3551654f0f5281ddbd7e32cb73054
SHA1:9b1c9722847cd57cd11e4de80cd9e8197c3c34cd
SHA256:75e06ac5b7c1adb01ab994633466685e3dcef31d635eba1734fe16c7893ffe12
SHA512:a716f535e363fc1225b1665e1c24693e768d13699ea37bdf57effe4fea24b4b30a2181174f66c35e749b9c845b07f82eecbf282ee5972de0426f847293d46b4b
SSDEEP:768:sAzGzd0LnFjuwY6QlVwvHI1pSgNEl/MYoeAW:5zGzd0wXlVwv0SgNQXoeAW
File Content Preview:MZ......................@...................................X...........!..L.!?...$.....PE..L......].................8...Z.......F.......P....@..........................................................................R..x....p...=.........................
Icon Hash:d2ced6d6ced29ac2
Entrypoint:0x404680
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:0x5DC00002 [Mon Nov 4 10:40:02 2019 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:2eaf43a49d1a8bff951d9247e6d730d9
Instruction
push ebp
mov ebp, esp
sub esp, 44h
push esi
call dword ptr [00405078h]
mov esi, eax
mov al, byte ptr [esi]
cmp al, 22h
jne 00007F1C68C90EA6h
mov al, byte ptr [esi+01h]
inc esi
test al, al
je 00007F1C68C90E96h
cmp al, 22h
jne 00007F1C68C90E86h
cmp byte ptr [esi], 00000022h
jne 00007F1C68C90E9Fh
inc esi
jmp 00007F1C68C90E9Ch
cmp al, 20h
jle 00007F1C68C90E98h
inc esi
cmp byte ptr [esi], 00000020h
jnle 00007F1C68C90E8Ch
mov al, byte ptr [esi]
test al, al
je 00007F1C68C90E96h
cmp al, 20h
jle 00007F1C68C90E7Bh
and dword ptr [ebp-18h], 00000000h
lea eax, dword ptr [ebp-44h]
push eax
call dword ptr [00405074h]
call 00007F1C68C90EF2h
push 00406004h
push 00406000h
call 00007F1C68C90EC9h
test byte ptr [ebp-18h], 00000001h
pop ecx
pop ecx
je 00007F1C68C90E98h
movzx eax, word ptr [ebp-14h]
jmp 00007F1C68C90E95h
push 0000000Ah
pop eax
push eax
push esi
push 00000000h
push 00000000h
call dword ptr [004050A8h]
push eax
call 00007F1C68C8D793h
mov esi, eax
call 00007F1C68C90ED1h
push esi
call dword ptr [00405070h]
pop esi
leave
ret
push esi
mov esi, dword ptr [esp+08h]
cmp esi, dword ptr [esp+0Ch]
jnc 00007F1C68C90E9Fh
mov eax, dword ptr [esi]
test eax, eax
je 00007F1C68C90E94h
call eax
add esi, 04h
jmp 00007F1C68C90E7Fh
pop esi
ret
push 00000020h
pop eax
push 00000004h
push eax
mov dword ptr [00406FF4h], eax
call 00007F1C68C909A4h
pop ecx
pop ecx
mov dword ptr [00406FF0h], eax
ret
mov ecx, dword ptr [000000F8h]
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x52b80x78.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x70000x3de0.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x50000x1b8.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x37840x3800False0.586635044643data6.37623122636IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata0x50000xbc80xc00False0.4375data5.09857971028IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x60000xffc0xa00False0.451953125data4.80445386005IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc0x70000x3de00x3e00False0.587071572581data6.40401575537IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountry
RT_BITMAP0x8ec80x1972dataEnglishUnited States
RT_ICON0x71e00xea8dataEnglishUnited States
RT_ICON0x80880x8a8dataEnglishUnited States
RT_ICON0x89300x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_GROUP_ICON0x8e980x30dataEnglishUnited States
RT_VERSION0xa8400x370dataEnglishUnited States
RT_MANIFEST0xabb00x22fXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States
DLLImport
KERNEL32.dllSleep, FindNextFileA, FindClose, FindFirstFileA, GetFileAttributesA, GetFileAttributesExA, CreateDirectoryA, GetTickCount, HeapAlloc, GetProcessHeap, HeapReAlloc, HeapFree, HeapSize, ExitProcess, GetStartupInfoA, GetCommandLineA, GetVersion, DeleteFileA, CopyFileA, CreateFileA, GetFileSize, SetFilePointer, ReadFile, WriteFile, CloseHandle, GetPrivateProfileStringA, WritePrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, ExpandEnvironmentStringsA, GetPrivateProfileIntA
USER32.dllPtInRect, AppendMenuA, CreatePopupMenu, SetTimer, GetCursorPos, TrackPopupMenu, SetKeyboardState, MapVirtualKeyA, GetAsyncKeyState, keybd_event, mouse_event, MessageBoxIndirectA, SetWindowTextA, SetFocus, InvalidateRect, SetWindowLongA, GetWindowLongA, SendMessageA, GetClientRect, FindWindowExA, GetWindowTextA, wsprintfA, GetKeyState, SetCursor, GetCursor, CreateCursor, PostQuitMessage, KillTimer, DestroyCursor, GetWindowRect, EndPaint, BeginPaint, DestroyWindow, DrawTextA, IsWindow, CallWindowProcA, GetForegroundWindow, GetDoubleClickTime, SetCursorPos, LoadImageA, DestroyMenu, SetWindowPos, DefWindowProcA, GetSystemMetrics, SetRect, GetDC, LoadIconA, RegisterClassExA, MessageBoxA, CreateWindowExA, ShowWindow, UpdateWindow, PostMessageA, GetMessageA, TranslateMessage, DispatchMessageA, VkKeyScanA
GDI32.dllRectVisible, DeleteDC, BitBlt, SelectObject, CreateCompatibleDC, CreateFontIndirectA, GetObjectA, SetTextColor, SetBkMode, SetBkColor, GetPixel, CreateBitmap, GetStockObject, DeleteObject
comdlg32.dllGetSaveFileNameA, GetOpenFileNameA
SHELL32.dllShellExecuteA
DescriptionData
LegalCopyrightCopyright (c) 2019. All Rights Reserved.
InternalName
FileVersion1, 77, 0, 0
CompanyName
PrivateBuild
LegalTrademarks
Commentswww.tinytask.net
ProductNameTinyTask
SpecialBuild
ProductVersion1, 77, 0, 0
FileDescriptionwww.tinytask.net
OriginalFilenameTinyTask.exe
Translation0x0409 0x04b0
Language of compilation systemCountry where language is spokenMap
EnglishUnited States
No network behavior found
050100s020406080100

Click to jump to process

050100s0.002468MB

Click to jump to process

Target ID:1
Start time:19:05:19
Start date:14/03/2022
Path:C:\Users\user\Desktop\tinytask-1-77.exe
Wow64 process (32bit):true
Commandline:"C:\Users\user\Desktop\tinytask-1-77.exe"
Imagebase:0x400000
File size:36352 bytes
MD5 hash:8FD3551654F0F5281DDBD7E32CB73054
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:16.4%
Dynamic/Decrypted Code Coverage:0%
Signature Coverage:55.2%
Total number of Nodes:469
Total number of Limit Nodes:15
Show Legend
Hide Nodes/Edges
execution_graph 1132 404680 GetCommandLineA 1133 404695 GetStartupInfoA 1132->1133 1142 40472d 1133->1142 1136 4046d0 1137 4046f0 GetModuleHandleA 1136->1137 1145 401000 1137->1145 1179 40424c GetProcessHeap HeapAlloc 1142->1179 1144 40473d 1144->1136 1146 40106f 1145->1146 1180 403c71 1146->1180 1149 40124f 1151 40125d LoadIconA RegisterClassExA 1149->1151 1150 4010cf GetModuleHandleA GetModuleFileNameA 1155 4010ee 1150->1155 1152 4012c0 CreateWindowExA 1151->1152 1153 4012a9 MessageBoxA 1151->1153 1152->1153 1160 40131a ShowWindow UpdateWindow 1152->1160 1157 4013f3 1153->1157 1156 40112a GetPrivateProfileIntA 1155->1156 1191 40392f 1156->1191 1175 404745 1157->1175 1164 401343 1160->1164 1165 4013b6 1160->1165 1162 4011e1 6 API calls 1162->1149 1163 4011d5 1163->1162 1164->1165 1170 40134c 1164->1170 1166 4013c3 GetModuleHandleA GetModuleFileNameA 1165->1166 1167 4013b1 1165->1167 1169 402f8e 23 API calls 1166->1169 1167->1157 1168 401457 KiUserCallbackDispatcher 1167->1168 1171 401462 TranslateMessage DispatchMessageA 1167->1171 1168->1157 1168->1167 1173 4013ef 1169->1173 1210 402f8e 1170->1210 1171->1168 1173->1157 1174 401433 PostMessageA 1173->1174 1174->1167 1176 40474f 1175->1176 1177 404294 2 API calls 1176->1177 1178 404709 ExitProcess 1176->1178 1177->1178 1179->1144 1181 403cc1 GetModuleHandleA GetModuleFileNameA 1180->1181 1182 403cac 1180->1182 1184 403cdb GetFileAttributesExA 1181->1184 1182->1181 1183 403cb0 1182->1183 1232 4041b8 1183->1232 1186 4010b3 1184->1186 1187 403cfb CreateFileA 1184->1187 1186->1149 1186->1150 1188 403d23 GetFileSize CloseHandle 1187->1188 1190 403d1f 1187->1190 1188->1190 1189 403cbd 1189->1184 1190->1186 1192 40114f 7 API calls 1191->1192 1193 403968 1191->1193 1192->1162 1192->1163 1193->1192 1194 403971 GetPrivateProfileStringA 1193->1194 1195 4039ab LoadImageA 1194->1195 1196 403a3e GetModuleHandleA LoadImageA 1194->1196 1197 4039f8 MessageBoxA WritePrivateProfileStringA 1195->1197 1198 4039cf GetObjectA 1195->1198 1199 403a5e 1196->1199 1197->1196 1201 403a2d DeleteObject 1197->1201 1198->1197 1200 4039e2 1198->1200 1202 403a67 DeleteObject 1199->1202 1203 403a6e 1199->1203 1200->1197 1204 4039f0 GetSystemMetrics 1200->1204 1205 403a39 1201->1205 1202->1203 1206 403a86 1203->1206 1207 403a7f DeleteObject 1203->1207 1204->1197 1204->1205 1205->1196 1205->1199 1236 403842 1206->1236 1207->1206 1211 403c71 7 API calls 1210->1211 1212 402fbe 1211->1212 1213 402fc6 wsprintfA 1212->1213 1216 402fff 1212->1216 1214 402ff3 MessageBoxA 1213->1214 1217 4030a2 1214->1217 1215 40300e 1244 40424c GetProcessHeap HeapAlloc 1215->1244 1216->1215 1241 404294 1216->1241 1217->1167 1220 403023 1221 403045 1220->1221 1222 40302e 1220->1222 1245 403d51 1221->1245 1222->1214 1225 403076 MessageBoxA 1226 403093 1225->1226 1227 4030ad 1225->1227 1226->1217 1229 404294 2 API calls 1226->1229 1264 4042af 1227->1264 1229->1217 1230 4030b8 1231 4030ef SetWindowTextA 1230->1231 1231->1217 1233 4041c1 1232->1233 1235 4041e8 1232->1235 1234 4041d6 ExpandEnvironmentStringsA 1233->1234 1233->1235 1234->1189 1235->1189 1237 403865 6 API calls 1236->1237 1238 40385e GetObjectA KiUserCallbackDispatcher GetSystemMetrics GetSystemMetrics 1236->1238 1239 4038c4 GetPixel 1237->1239 1240 4038cd 7 API calls 1237->1240 1238->1192 1239->1240 1240->1238 1242 40429b GetProcessHeap HeapFree 1241->1242 1243 4042ae 1241->1243 1242->1243 1243->1215 1244->1220 1246 403056 1245->1246 1247 403d8b 1245->1247 1246->1225 1246->1227 1247->1246 1248 4041b8 ExpandEnvironmentStringsA 1247->1248 1249 403da0 CreateFileA 1248->1249 1249->1246 1250 403dcd 1249->1250 1250->1246 1251 403df2 SetFilePointer 1250->1251 1252 403e04 CloseHandle 1251->1252 1253 403e0a 1251->1253 1252->1246 1255 403e14 GetFileSize 1253->1255 1256 403e0f 1253->1256 1255->1256 1256->1252 1257 403e47 ReadFile 1256->1257 1267 40424c GetProcessHeap HeapAlloc 1256->1267 1259 403e5d 1257->1259 1262 404294 2 API calls 1259->1262 1263 403e64 CloseHandle 1259->1263 1260 403e3f 1260->1252 1260->1257 1262->1263 1263->1246 1265 4042b7 GetProcessHeap HeapSize 1264->1265 1266 4042c9 1264->1266 1265->1266 1266->1230 1267->1260 1268 402462 1269 402472 mouse_event 1268->1269 1270 402f05 DefWindowProcA 1268->1270 1273 4024ba 1269->1273 1271 402f17 1270->1271 1274 402546 1273->1274 1275 4024cf GetAsyncKeyState 1273->1275 1276 40256e SetKeyboardState 1274->1276 1290 4024db 1275->1290 1278 402580 GetAsyncKeyState 1276->1278 1277 4024f3 GetAsyncKeyState 1277->1290 1278->1278 1279 402590 GetKeyState 1278->1279 1281 4025a3 VkKeyScanA VkKeyScanA 1279->1281 1282 402659 Sleep 1279->1282 1280 4024ea GetKeyState 1280->1290 1284 4025bc MapVirtualKeyA keybd_event 1281->1284 1293 4025d0 MapVirtualKeyA keybd_event 1281->1293 1285 4026a8 1282->1285 1286 40266c 1282->1286 1283 402529 MapVirtualKeyA keybd_event 1283->1273 1284->1293 1287 4026b0 PostMessageA 1285->1287 1288 4026bd 1285->1288 1286->1285 1289 402681 GetTickCount 1286->1289 1287->1288 1288->1270 1295 401e6b SetWindowTextA 1288->1295 1291 40269a SetTimer 1289->1291 1290->1273 1290->1277 1290->1280 1290->1283 1291->1270 1298 402611 MapVirtualKeyA keybd_event VkKeyScanA 1293->1298 1295->1270 1297 40264c MapVirtualKeyA keybd_event 1297->1282 1298->1282 1298->1297 1307 402b44 1308 402b61 1307->1308 1309 402b76 MessageBoxA 1307->1309 1310 402f05 DefWindowProcA 1308->1310 1309->1310 1312 402f17 1310->1312 1319 4026e5 1320 4026f0 CreatePopupMenu AppendMenuA AppendMenuA 1319->1320 1321 402f05 DefWindowProcA 1319->1321 1323 402743 AppendMenuA 1320->1323 1322 402f17 1321->1322 1325 402761 AppendMenuA wsprintfA 1323->1325 1327 40279a AppendMenuA AppendMenuA AppendMenuA AppendMenuA 1325->1327 1329 402805 1327->1329 1330 402808 28 API calls 1327->1330 1329->1330 1331 402a51 TrackPopupMenu DestroyMenu 1330->1331 1331->1321 1333 402148 mouse_event 1351 40215c 1333->1351 1334 4021e8 1336 402210 SetKeyboardState 1334->1336 1335 402171 GetAsyncKeyState 1335->1351 1338 402222 GetAsyncKeyState 1336->1338 1337 402195 GetAsyncKeyState 1337->1351 1338->1338 1339 402232 GetKeyState 1338->1339 1341 402245 VkKeyScanA VkKeyScanA 1339->1341 1342 4022fb Sleep 1339->1342 1340 40218c GetKeyState 1340->1351 1344 402272 MapVirtualKeyA keybd_event 1341->1344 1345 40225e MapVirtualKeyA keybd_event 1341->1345 1346 402384 KillTimer GetTickCount 1342->1346 1347 40230d 1342->1347 1343 4021cb MapVirtualKeyA keybd_event 1343->1351 1363 4022b3 MapVirtualKeyA keybd_event VkKeyScanA 1344->1363 1345->1344 1348 4023b6 1346->1348 1349 4023bb SetWindowTextA 1346->1349 1350 40232d GetCursorPos 1347->1350 1353 404294 2 API calls 1347->1353 1348->1349 1352 402f05 DefWindowProcA 1349->1352 1361 4023d2 1349->1361 1354 40234d GetKeyState 1350->1354 1351->1334 1351->1335 1351->1337 1351->1340 1351->1343 1356 402f17 1352->1356 1357 402326 1353->1357 1354->1354 1355 402363 GetTickCount SetTimer 1354->1355 1358 402451 InvalidateRect 1355->1358 1357->1350 1358->1352 1361->1358 1362 4022ee MapVirtualKeyA keybd_event 1362->1342 1363->1342 1363->1362 1364 403108 1365 403181 1364->1365 1366 40315f SetCursor 1364->1366 1368 403189 GetWindowLongA PostMessageA 1365->1368 1369 4031ad 1365->1369 1367 40316b DefWindowProcA 1366->1367 1376 40317b 1367->1376 1368->1367 1369->1367 1370 4031b2 11 API calls 1369->1370 1371 40325e 1370->1371 1372 403246 IsWindow 1370->1372 1374 403282 DrawTextA EndPaint 1371->1374 1372->1371 1373 403251 GetWindowLongA 1372->1373 1373->1371 1375 4032a4 DeleteObject 1374->1375 1374->1376 1375->1376 1299 402e89 1305 4043f5 1299->1305 1302 402eff KillTimer 1303 402f05 DefWindowProcA 1302->1303 1304 402f17 1303->1304 1306 402e9a SetTimer GetModuleHandleA MessageBoxIndirectA 1305->1306 1306->1302 1377 401489 1378 401502 1377->1378 1379 40181a 1377->1379 1380 401508 1378->1380 1415 4017e9 1378->1415 1381 401cb3 1379->1381 1382 401827 1379->1382 1383 4017b8 GetModuleHandleA CreateCursor 1380->1383 1384 40150f 1380->1384 1385 402f05 DefWindowProcA 1381->1385 1391 401ccc 1381->1391 1483 401d1d 1381->1483 1386 401893 1382->1386 1387 40182b 1382->1387 1388 40269a SetTimer 1383->1388 1389 401516 1384->1389 1390 401669 1384->1390 1394 4017b1 1385->1394 1392 4018b7 1386->1392 1393 40189f KillTimer 1386->1393 1395 401873 GetCursor 1387->1395 1387->1415 1388->1385 1399 401530 BeginPaint CreateCompatibleDC 1389->1399 1400 40151b 1389->1400 1396 401675 GetWindowRect 1390->1396 1397 401743 1390->1397 1391->1385 1555 404111 1391->1555 1403 4018c0 1392->1403 1404 4018e4 1392->1404 1518 4032fd 1393->1518 1395->1385 1398 401887 SetCursor 1395->1398 1514 4041f6 1396->1514 1410 401755 1397->1410 1416 404294 2 API calls 1397->1416 1398->1385 1413 40155e SelectObject 1399->1413 1400->1385 1409 401522 DestroyWindow 1400->1409 1401 4017fa PostMessageA 1401->1385 1403->1385 1414 4018cc KillTimer 1403->1414 1405 401b24 1404->1405 1406 4018ef 1404->1406 1405->1385 1432 401b47 FindWindowExA 1405->1432 1421 401902 GetKeyState 1406->1421 1422 401926 1406->1422 1407 401ea3 1407->1388 1427 402b88 MessageBoxA 1407->1427 1409->1385 1418 401772 1410->1418 1419 401765 DestroyCursor 1410->1419 1412 4018b2 1412->1385 1433 401572 1413->1433 1532 4034c6 GetKeyState 1414->1532 1415->1385 1415->1401 1416->1410 1417 401cf4 1417->1385 1445 402f8e 23 API calls 1417->1445 1425 401781 DeleteObject 1418->1425 1426 40178a 1418->1426 1419->1418 1421->1422 1428 40190b GetKeyState 1421->1428 1429 401938 1422->1429 1430 40192f GetKeyState 1422->1430 1424 401595 BitBlt SelectObject SelectObject 1424->1433 1425->1426 1434 401793 DeleteObject 1426->1434 1435 40179c KillTimer PostQuitMessage 1426->1435 1427->1385 1428->1422 1436 401914 GetKeyState 1428->1436 1438 401941 GetKeyState 1429->1438 1439 40194a 1429->1439 1430->1429 1437 40195c 1430->1437 1431 4041f6 WritePrivateProfileStringA 1440 4016ac 1431->1440 1441 401b74 KillTimer GetClientRect 1432->1441 1442 401b5a FindWindowExA 1432->1442 1433->1424 1446 401605 BitBlt SelectObject 1433->1446 1434->1435 1435->1394 1436->1422 1447 40191d GetKeyState 1436->1447 1451 4019ee PostMessageA 1437->1451 1438->1437 1438->1439 1448 401953 GetKeyState 1439->1448 1449 401967 1439->1449 1450 4041f6 WritePrivateProfileStringA 1440->1450 1443 401b94 GetVersion 1441->1443 1444 401bc9 GetVersion 1441->1444 1442->1385 1452 401b6f 1442->1452 1453 401c00 CreateWindowExA GetStockObject SendMessageA GetWindowLongA SetWindowLongA 1443->1453 1444->1453 1445->1412 1446->1413 1455 40164b DeleteDC EndPaint 1446->1455 1447->1422 1447->1437 1448->1437 1448->1449 1457 401993 1449->1457 1458 40196f GetKeyState 1449->1458 1456 4016bf 1450->1456 1454 4019fc 1451->1454 1452->1441 1460 401c44 1453->1460 1461 401c49 7 API calls 1453->1461 1464 401a08 GetTickCount wsprintfA 1454->1464 1465 401a4c 1454->1465 1455->1394 1466 4041f6 WritePrivateProfileStringA 1456->1466 1462 4019a5 1457->1462 1463 40199c GetKeyState 1457->1463 1458->1457 1467 401978 GetKeyState 1458->1467 1459 404111 4 API calls 1497 401db5 1459->1497 1460->1461 1461->1385 1470 401c94 SendMessageA SetFocus 1461->1470 1471 4019b7 1462->1471 1472 4019ae GetKeyState 1462->1472 1463->1462 1469 4019c9 Sleep 1463->1469 1473 401ae1 GetWindowTextA 1464->1473 1474 401a53 GetTickCount 1465->1474 1475 401ac6 1465->1475 1476 4016d2 1466->1476 1467->1457 1468 401981 GetKeyState 1467->1468 1468->1457 1477 40198a GetKeyState 1468->1477 1469->1451 1470->1385 1471->1454 1478 4019c0 GetKeyState 1471->1478 1472->1469 1472->1471 1502 401b09 1473->1502 1479 401a85 wsprintfA 1474->1479 1480 401a7e 1474->1480 1475->1473 1481 4041f6 WritePrivateProfileStringA 1476->1481 1477->1457 1477->1469 1478->1454 1478->1469 1479->1473 1480->1479 1482 4016ea 1481->1482 1484 4041f6 WritePrivateProfileStringA 1482->1484 1483->1385 1483->1407 1483->1459 1485 4016ff 1484->1485 1486 4041f6 WritePrivateProfileStringA 1485->1486 1487 401718 1486->1487 1489 4041f6 WritePrivateProfileStringA 1487->1489 1488 401e6b SetWindowTextA 1488->1385 1490 40172b 1489->1490 1491 4041f6 WritePrivateProfileStringA 1490->1491 1491->1397 1492 401e14 DeleteFileA 1493 401e23 1492->1493 1494 401e76 GetModuleHandleA GetModuleFileNameA CopyFileA 1492->1494 1563 403ea0 1493->1563 1494->1407 1496 401eb3 CreateFileA GetFileSize 1494->1496 1498 401ee0 1496->1498 1512 40201e 1496->1512 1497->1385 1497->1492 1584 40424c GetProcessHeap HeapAlloc 1498->1584 1500 403ea0 18 API calls 1505 40203b 1500->1505 1501 401eed SetFilePointer ReadFile 1509 401f12 1501->1509 1502->1385 1502->1488 1503 40204d 1507 4020da GetModuleHandleA MessageBoxIndirectA 1503->1507 1504 4020b4 wsprintfA 1504->1507 1505->1503 1505->1504 1506 401fd5 1508 401fed SetFilePointer WriteFile CloseHandle 1506->1508 1507->1385 1510 402018 1508->1510 1508->1512 1509->1506 1513 401f8e wsprintfA 1509->1513 1511 404294 2 API calls 1510->1511 1511->1512 1512->1500 1513->1509 1515 40169c 1514->1515 1516 404217 1514->1516 1515->1431 1516->1515 1517 40423c WritePrivateProfileStringA 1516->1517 1517->1515 1519 403324 1518->1519 1522 40332a 1518->1522 1521 4042af 2 API calls 1519->1521 1521->1522 1523 403359 1522->1523 1585 404266 1522->1585 1524 403364 GetAsyncKeyState 1523->1524 1525 403389 GetCursorPos 1523->1525 1524->1523 1524->1525 1527 4033a6 1525->1527 1529 4033d9 1525->1529 1527->1529 1531 4033b2 MapVirtualKeyA 1527->1531 1528 40343f GetForegroundWindow GetTickCount 1530 4034af SetTimer 1528->1530 1529->1528 1529->1530 1530->1412 1531->1529 1533 4034e1 GetKeyState 1532->1533 1535 4034ed 1532->1535 1533->1535 1534 403839 1534->1412 1536 4035af 1535->1536 1539 40354f 1535->1539 1544 4034fb 1535->1544 1547 40365e 1535->1547 1537 4042af 2 API calls 1536->1537 1540 4036ca 1537->1540 1538 403833 PostMessageA 1538->1534 1541 4035f0 GetSystemMetrics GetSystemMetrics mouse_event SetCursorPos 1539->1541 1542 40355c 1539->1542 1543 40380a 1540->1543 1546 4036f5 1540->1546 1541->1536 1542->1536 1548 40356a 1542->1548 1549 4035bd mouse_event 1542->1549 1543->1544 1545 403812 GetDoubleClickTime Sleep 1543->1545 1544->1534 1544->1538 1545->1544 1552 4037d1 SetTimer 1546->1552 1554 403746 GetSystemMetrics GetSystemMetrics mouse_event SetCursorPos Sleep 1546->1554 1547->1536 1551 40369a MapVirtualKeyA keybd_event 1547->1551 1548->1536 1550 403582 mouse_event 1548->1550 1549->1536 1550->1536 1551->1536 1552->1534 1554->1546 1556 404132 1555->1556 1562 40419b 1555->1562 1557 404150 GetForegroundWindow 1556->1557 1558 404140 IsWindow 1556->1558 1559 40414b 1557->1559 1558->1557 1558->1559 1560 404196 GetSaveFileNameA 1559->1560 1561 40418f GetOpenFileNameA 1559->1561 1560->1562 1561->1562 1562->1417 1564 403eed 1563->1564 1572 403f96 1563->1572 1565 4041b8 ExpandEnvironmentStringsA 1564->1565 1564->1572 1566 403f03 1565->1566 1567 403f9b CreateFileA 1566->1567 1571 403f36 1566->1571 1568 403fc4 1567->1568 1574 404069 1568->1574 1588 403b09 1568->1588 1570 403fd8 1570->1574 1579 404053 CreateFileA 1570->1579 1583 404022 CreateDirectoryA 1570->1583 1571->1572 1573 403f71 CreateDirectoryA 1571->1573 1572->1502 1573->1571 1574->1572 1576 404096 1574->1576 1577 4040b5 SetFilePointer 1574->1577 1578 4040a8 GetFileSize 1574->1578 1582 4040f1 CloseHandle 1574->1582 1576->1577 1580 4040da WriteFile 1577->1580 1581 4040ca CloseHandle 1577->1581 1578->1577 1579->1574 1580->1582 1581->1572 1582->1572 1583->1570 1584->1501 1586 404272 GetProcessHeap HeapReAlloc 1585->1586 1587 404285 GetProcessHeap HeapAlloc 1585->1587 1586->1523 1587->1523 1589 403b49 1588->1589 1590 403bc7 1588->1590 1589->1590 1591 4041b8 ExpandEnvironmentStringsA 1589->1591 1590->1570 1592 403b5e GetFileAttributesA 1591->1592 1592->1590 1593 403b72 1592->1593 1594 403bcf FindFirstFileA 1593->1594 1598 403b9a CreateFileA 1593->1598 1595 403be9 1594->1595 1596 403bfa 1595->1596 1602 403c08 1595->1602 1596->1590 1597 403bff FindClose 1596->1597 1597->1590 1598->1590 1599 403bc0 CloseHandle 1598->1599 1599->1590 1600 403c43 FindNextFileA 1601 403c55 FindClose 1600->1601 1600->1602 1601->1602 1602->1590 1602->1600 1603 403c5e 1602->1603 1603->1590 1604 403c62 FindClose 1603->1604 1604->1590 1608 402b6e 1609 402b88 MessageBoxA 1608->1609 1610 402f05 DefWindowProcA 1609->1610 1611 402f17 1610->1611 1618 402cd3 GetWindowRect 1619 402ce9 SetWindowPos InvalidateRect UpdateWindow 1618->1619 1621 402f05 DefWindowProcA 1619->1621 1622 402f17 1621->1622 1623 4032b3 GetWindowLongA 1624 4032da 1623->1624 1625 4032cc GetWindowTextA 1623->1625 1626 4032f1 DefWindowProcA 1624->1626 1627 4032e8 CallWindowProcA 1624->1627 1625->1624 1628 4032f7 1626->1628 1627->1628 1629 402b94 1630 402bb2 1629->1630 1631 402baa SetTimer 1629->1631 1632 402bb8 wsprintfA MessageBoxA 1630->1632 1633 402c1f wsprintfA MessageBoxA 1630->1633 1631->1630 1638 402bfb 1632->1638 1633->1638 1635 402eff KillTimer 1636 402f05 DefWindowProcA 1635->1636 1637 402f17 1636->1637 1638->1635 1639 402a95 1640 402f05 DefWindowProcA 1639->1640 1641 402f17 1640->1641 1642 402d18 1643 402d24 GetPrivateProfileStringA 1642->1643 1644 402dd9 WritePrivateProfileStringA 1642->1644 1648 402d52 1643->1648 1645 402dd4 1644->1645 1646 40392f 29 API calls 1645->1646 1647 402e03 GetWindowLongA 1646->1647 1649 402e1a SetWindowLongA 1647->1649 1651 404111 4 API calls 1648->1651 1652 402e3b SetWindowPos InvalidateRect UpdateWindow 1649->1652 1653 402db5 1651->1653 1654 402f05 DefWindowProcA 1652->1654 1653->1654 1655 4041f6 WritePrivateProfileStringA 1653->1655 1656 402f17 1654->1656 1655->1645 1660 402afa 1661 402b17 1660->1661 1662 402b88 MessageBoxA 1661->1662 1663 402f05 DefWindowProcA 1661->1663 1662->1663 1664 402f17 1663->1664 1665 402e5b ShellExecuteA 1666 402f05 DefWindowProcA 1665->1666 1667 402e75 1665->1667 1668 402f17 1666->1668 1667->1666 1669 402c9c SetWindowPos 1670 402f05 DefWindowProcA 1669->1670 1671 402f17 1670->1671

Callgraph

Hide Legend
  • Executed
  • Not Executed
  • Opacity -> Relevance
  • Disassembly available
callgraph 0 Function_00403842 1 Function_00402B44 2 Function_00404745 37 Function_00404713 2->37 38 Function_00404294 2->38 3 Function_004034C6 54 Function_004042AF 3->54 4 Function_00402148 5 Function_004042CA 4->5 4->38 6 Function_0040424C 7 Function_0040454C 8 Function_00402ACD 9 Function_004044CF 10 Function_00403D51 10->6 10->38 57 Function_004041B8 10->57 11 Function_00402CD3 12 Function_004043D7 13 Function_00402E5B 14 Function_00402462 14->5 15 Function_00404464 16 Function_004026E5 17 Function_00404266 18 Function_00402B6E 19 Function_00402AEF 20 Function_00403C71 20->57 21 Function_004043F5 22 Function_004041F6 25 Function_0040457D 22->25 23 Function_00402AFA 24 Function_004032FD 24->17 24->54 51 Function_004045AA 25->51 26 Function_00404680 26->2 27 Function_00401000 26->27 26->37 52 Function_0040472D 26->52 27->5 27->12 27->15 27->20 33 Function_00402F8E 27->33 41 Function_00404617 27->41 43 Function_00404399 27->43 44 Function_0040441B 27->44 53 Function_0040392F 27->53 28 Function_00403108 28->12 29 Function_00401489 29->3 29->5 29->6 29->7 29->9 29->12 29->15 29->21 29->22 29->24 32 Function_0040430D 29->32 29->33 34 Function_0040448E 29->34 36 Function_00404111 29->36 29->38 46 Function_00403EA0 29->46 60 Function_0040433F 29->60 30 Function_00403B09 30->12 30->34 50 Function_00404525 30->50 30->57 31 Function_00402E89 31->21 33->6 33->7 33->10 33->20 33->21 33->38 33->54 35 Function_00404710 36->21 39 Function_00402B94 39->41 40 Function_00402A95 47 Function_00404622 41->47 42 Function_00402D18 42->12 42->15 42->22 42->36 42->53 43->32 45 Function_00402C9C 46->12 46->30 46->50 46->57 48 Function_00402AA4 49 Function_00402B24 52->6 53->0 55 Function_00402AAF 56 Function_004032B3 57->21 57->50 58 Function_00402B39 59 Function_00402ABD

Executed Functions

C-Code - Quality: 75%
			E00401489(struct HWND__* _a4, int _a8, struct HDC__* _a12, void* _a16, char _a12244997) {
				struct HWND__* _v8;
				CHAR* _v12;
				CHAR* _v16;
				signed int _v20;
				long _v24;
				struct tagPOINT _v32;
				struct tagRECT _v48;
				char _v52;
				char _v62;
				struct %anon392 _v92;
				void _v347;
				char _v348;
				struct tagPAINTSTRUCT _v412;
				void _v667;
				char _v668;
				char _v923;
				char _v924;
				signed int _t447;
				long _t448;
				struct HDC__* _t453;
				CHAR* _t454;
				int _t455;
				signed char _t462;
				int _t464;
				long _t470;
				signed char _t483;
				struct HWND__* _t486;
				int _t487;
				int _t492;
				CHAR* _t493;
				long _t497;
				long _t504;
				signed int _t506;
				signed short _t510;
				signed short _t513;
				signed short _t514;
				signed short _t515;
				signed short _t516;
				signed short _t517;
				signed short _t518;
				signed short _t519;
				signed short _t520;
				signed short _t521;
				signed short _t522;
				signed short _t523;
				signed short _t524;
				signed short _t525;
				struct HICON__* _t530;
				int _t534;
				struct HICON__* _t539;
				int _t541;
				struct HICON__* _t542;
				void* _t543;
				void* _t544;
				void* _t570;
				int _t571;
				void* _t577;
				int _t578;
				signed int _t589;
				int _t595;
				int _t596;
				int _t598;
				signed char _t604;
				long _t608;
				long _t613;
				int _t619;
				int _t620;
				struct HICON__* _t621;
				void* _t625;
				void* _t626;
				void* _t628;
				int _t644;
				int _t647;
				intOrPtr _t648;
				int _t651;
				intOrPtr _t652;
				void* _t664;
				signed int _t667;
				signed int _t677;
				signed int _t679;
				void* _t693;

				_t589 = 0xf;
				_v412.hdc = 0;
				_v48.left = 0;
				memset( &(_v412.fErase), 0, _t589 << 2);
				_v32.x = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_push(0x3f);
				_v348 = 0;
				memset( &_v347, 0, 0 << 2);
				asm("stosw");
				asm("stosb");
				_push(0x3f);
				_v668 = 0;
				_v20 = 0;
				memset( &_v667, 0, 0 << 2);
				_t595 = _a8;
				_v52 = 0;
				asm("stosw");
				asm("stosb");
				_v24 = 0;
				_t693 = _t595 - 0x100;
				_v16 = 0;
				if(_t693 > 0) {
					_t596 = _t595 - 0x111;
					__eflags = _t596;
					if(_t596 == 0) {
						_t447 = (_a12 & 0x0000ffff) + 0xffff8000;
						__eflags = _t447 - 0x1b;
						if(__eflags > 0) {
							L393:
							_t448 = DefWindowProcA(_a4, _a8, _a12, _a16); // executed
							return _t448;
						}
						switch( *((intOrPtr*)(_t447 * 4 +  &M00402F1E))) {
							case 0:
								__eflags =  *0x406a08;
								if( *0x406a08 == 0) {
									_v348 = 0;
									_t450 = E00404111(_a4,  &_v348, "Recording Files (*.rec)", 1);
									__eflags = _t450;
									if(_t450 != 0) {
										__eflags = _v348;
										if(_v348 != 0) {
											E00402F8E( &_v348, 0);
										}
									}
								}
								goto L393;
							case 1:
								__eflags =  *0x406a08;
								if( *0x406a08 != 0) {
									goto L393;
								}
								__eflags =  *0x4069f0 - __ebx; // 0x0
								if(__eflags == 0) {
									L163:
									_push(0x10040);
									goto L164;
								}
								__eflags =  *0x4069f4 - 1;
								if( *0x4069f4 < 1) {
									goto L163;
								}
								__edi = 0x406a18;
								 &_v348 = E004043F5( &_v348, 0x406a18);
								__eflags = _a12 - 0x8004;
								_pop(__ecx);
								_pop(__ecx);
								if(_a12 != 0x8004) {
									__eax = "Recording Files (*.rec)";
								} else {
									__eax =  &_v348;
									__esi =  &_v348;
									__esi =  &_v348 - 4;
									E004043D7( &_v348) = __esi + __eax;
									__eax = E004044CF(__eax, ".rec");
									_pop(__ecx);
									__eflags = __eax;
									_pop(__ecx);
									if(__eax == 0) {
										__eax =  &_v348;
										 *(E004043D7( &_v348) + __esi) = __bl;
									}
									__eax = "Program Files (*.exe)";
								}
								__eax =  &_v348;
								__eax = E00404111(_a4,  &_v348,  &_v348, 2);
								__eflags = __eax;
								if(__eax == 0) {
									goto L393;
								} else {
									 &_v348 = E004043F5(__edi,  &_v348);
									__eflags = _a12 - 0x8004;
									_pop(__ecx);
									__esi = ".exe";
									_pop(__ecx);
									__eax = ".exe";
									if(_a12 != 0x8004) {
										__eax = ".rec";
									}
									__eax = E004043D7(__edi);
									__edi = __edi - 4;
									__eax = __edi - 4 + __eax;
									__eax = E004044CF(__eax, __eax);
									_pop(__ecx);
									__eflags = __eax;
									_pop(__ecx);
									if(__eax != 0) {
										__eflags = _a12 - 0x8004;
										if(_a12 != 0x8004) {
											__esi = ".rec";
										}
										__eax = E00404464(__edi, __esi);
										_pop(__ecx);
										_pop(__ecx);
									}
									__eax = DeleteFileA(__edi);
									__eflags = _a12 - 0x8001;
									if(_a12 != 0x8001) {
										__eax =  &_v348;
										GetModuleHandleA(__ebx) = GetModuleFileNameA(__eax,  &_v348, 0xff);
										__eax =  &_v348;
										__eax = CopyFileA( &_v348, __edi, __ebx);
										__eflags = __eax;
										if(__eax != 0) {
											__eax = CreateFileA(__edi, 0xc0000000, 3, __ebx, 4, 0x80, __ebx);
											_v8 = __eax;
											__eax = GetFileSize(__eax, __ebx);
											__eflags = __eax - __ebx;
											_v24 = __eax;
											if(__eax == __ebx) {
												L151:
												__eax =  *0x4069f4; // 0x0
												__eax = __eax << 2;
												__eax = E00403EA0(__edi, 0xffffffff,  *0x4069f0, __eax, __ebx, __ebx);
												__ecx =  *0x406a10; // 0x8e00
												__eax = __eax + __ecx;
												__eflags = __eax - __ecx;
												_v20 = __eax;
												if(__eax > __ecx) {
													__ecx =  *0x406a04; // 0x0
													_push(1);
													_pop(__edx);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__eflags = __ecx - __ebx;
														_v16 = 0x406e20;
														_v12 = __edx;
														if(__ecx == __ebx) {
															L157:
															__ecx = 0x100000;
															__esi = " MB";
															__eflags = __eax - 0x100000;
															if(__eax <= 0x100000) {
																__esi = "KB";
															}
															__eflags = __eax - __ecx;
															asm("cdq");
															if(__eax <= __ecx) {
																__ecx = 0x400;
															}
															_t237 = __eax % __ecx;
															__eflags = _t237;
															__eax = __eax / __ecx;
															__edx = _t237;
															_t240 =  &_v16; // 0x406e20
															 &_v668 = wsprintfA( &_v668, "  Compile successful\t\n\n  \"%s\"   (%d %s)\n\nProgram attributes:\n----------------------------------\n  Execution Speed:\t %d%sx\n  Repeat Loops:\t %d", __edi,  &_v668, __esi, _v12,  *_t240,  *0x40600c);
															__esp = __esp + 0x20;
															L162:
															_push(9);
															__eax = 0;
															_pop(__ecx);
															__edi =  &(_v92.hwndOwner);
															__eax = memset(__edi, 0, __ecx << 2);
															__edi = __edi + __ecx;
															__ecx = 0;
															_v92.cbSize = 0x28;
															_v92.hInstance = GetModuleHandleA(__ebx);
															__eax = _a4;
															_v92.hwndOwner = _a4;
															__eax =  &_v668;
															_v92.lpszText =  &_v668;
															__eax =  *0x406a00; // 0x0
															__eax = __eax | 0x00010080;
															_v92.lpszCaption = "TinyTask";
															_v92.dwStyle = __eax;
															__eax =  &_v92;
															_v92.lpszIcon = 0xfa1;
															__eax = MessageBoxIndirectA( &_v92);
															goto L393;
														}
														L156:
														_v12 = __ecx;
														goto L157;
													}
													_v16 = "/2";
													goto L156;
												}
												 &_v668 = E004043F5( &_v668, "  Compile Error\n\n");
												 &_v668 = E00404464( &_v668, __edi);
												goto L162;
											}
											__eflags = __eax;
											__eax = E0040424C(__eax, 1);
											_pop(__ecx);
											__esi = __eax;
											_pop(__ecx);
											SetFilePointer(_v8, __ebx, __ebx, __ebx) =  &_v24;
											__eax = ReadFile(_v8, __esi, _v24,  &_v24, __ebx);
											_v20 = __ebx;
											do {
												__eflags = _v20 - __ebx;
												__eax = __eax & 0xffffff00 | _v20 != __ebx;
												__eax = __eax - 1;
												__al =  &_v348;
												__eax = E004042CA( &_v348, __al, 5);
												__eflags = _v24 - __ebx;
												_v12 = __ebx;
												if(_v24 <= __ebx) {
													goto L146;
												}
												__eax = __ebx;
												do {
													__eflags = _v16 - __ebx;
													if(_v16 == __ebx) {
														__eflags =  *((char*)(__esi + __eax)) - 0x50;
														if( *((char*)(__esi + __eax)) == 0x50) {
															__eflags =  *((char*)(__esi + __eax + 1)) - 0x45;
															if( *((char*)(__esi + __eax + 1)) == 0x45) {
																_v16 = __eax;
															}
														}
													}
													__eax = _v12;
													__ecx =  &_v348;
													__eax =  &(_v12[__esi]);
													__eax = E0040433F( &(_v12[__esi]),  &_v348, 5);
													__eflags = __eax;
													if(__eax == 0) {
														__eflags = _v20 - __ebx;
														__ecx =  *0x40600c; // 0x1
														if(_v20 != __ebx) {
															__ecx =  *0x406a04; // 0x0
														}
														__eax = 0x1869f;
														__eflags = __ecx - 0x1869f;
														if(__ecx < 0x1869f) {
															__eax = __ecx;
														}
														 &_v668 = wsprintfA( &_v668, "%05d",  &_v668);
														 &_v668 = _v12;
														__eax =  &(_v12[__esi]);
														__eflags =  &(_v12[__esi]);
														__eax = E0040430D( &(_v12[__esi]),  &_v668, 5);
													}
													__eax = _v12;
													__eax =  &(_v12[1]);
													__eflags = __eax - _v24;
													_v12 = __eax;
												} while (__eax < _v24);
												L146:
												_v20 = _v20 + 1;
												__eflags = _v20 - 2;
											} while (_v20 < 2);
											__eflags = _v16 - __ebx;
											if(_v16 != __ebx) {
												_t221 =  &(_v16[0x58]); // 0x58
												__esi + _t221 = E004042CA(__esi + _t221, __ebx, 4);
											}
											SetFilePointer(_v8, __ebx, __ebx, __ebx) =  &_v24;
											WriteFile(_v8, __esi, _v24,  &_v24, __ebx) = CloseHandle(_v8);
											__eflags = __esi - __ebx;
											if(__esi != __ebx) {
												__eax = E00404294(__esi);
											}
											goto L151;
										}
										_push(0x10030);
										_push(__edi);
										_push("Unable to write file");
										goto L165;
									} else {
										__eax =  *0x4069f4; // 0x0
										__eax = E00403EA0(__edi, __ebx,  *0x4069f0, __eax, __ebx, __ebx);
										 *0x406b18 = __bl;
										__eax = E0040454C(__edi, 0x5c);
										__eflags = __eax - __ebx;
										if(__eax != __ebx) {
											_t185 = __eax + 1; // 0x1
											__edi = _t185;
										}
										__esi = 0x406b18;
										__eax = E004043F5(0x406b18, __edi);
										_pop(__ecx);
										_pop(__ecx);
										_push(0x406b18);
										_push( *0x4069e0); // executed
										goto L128;
									}
								}
							case 2:
								mouse_event(4, 0, 0, 0, 0);
								__esi = keybd_event;
								__edi = 0;
								__eflags = 0;
								do {
									__eflags = __edi - 0x14;
									if(__edi == 0x14) {
										goto L186;
									}
									__eflags = __edi - 0x90;
									if(__edi == 0x90) {
										goto L186;
									}
									__eflags = __edi - 0x91;
									if(__edi == 0x91) {
										goto L186;
									}
									__eax = GetAsyncKeyState(__edi);
									__eflags = __ah & 0x00000080;
									if((__ah & 0x00000080) != 0) {
										L177:
										__eflags = __edi - 0x21;
										if(__edi < 0x21) {
											L179:
											__eflags = __edi - 0x11;
											if(__edi == 0x11) {
												L184:
												_push(1);
												_pop(__eax);
												L185:
												__al = __al | 0x00000002;
												__eflags = __al;
												_push(__ebx);
												_push(__eax);
												_push(MapVirtualKeyA(__edi, __ebx));
												_push(__edi);
												__eax = __esi->i();
												goto L186;
											}
											__eflags = __edi - 0x5b;
											if(__edi == 0x5b) {
												goto L184;
											}
											__eflags = __edi - 0x5c;
											if(__edi == 0x5c) {
												goto L184;
											}
											__eflags = __edi - 0x5d;
											if(__edi == 0x5d) {
												goto L184;
											}
											__eax = 0;
											goto L185;
										}
										__eflags = __edi - 0x2e;
										if(__edi <= 0x2e) {
											goto L184;
										}
										goto L179;
									}
									__eflags = __edi - 1;
									if(__edi == 1) {
										L175:
										__eax = GetAsyncKeyState(__edi);
										L176:
										__eax = __eax >> 0xf;
										__eax = __eax & 0x00000001;
										__eflags = __eax - __ebx;
										if(__eax == __ebx) {
											goto L186;
										}
										goto L177;
									}
									__eflags = __edi - 2;
									if(__edi == 2) {
										goto L175;
									}
									__eflags = __edi - 4;
									if(__edi == 4) {
										goto L175;
									}
									__eax = GetKeyState(__edi);
									goto L176;
									L186:
									__edi = __edi + 1;
									__eflags = __edi - 0x100;
								} while (__edi < 0x100);
								_push(0x3f);
								__eax = 0;
								_pop(__ecx);
								__edi =  &_v923;
								_v924 = __bl;
								__eax = memset(__edi, 0, __ecx << 2);
								__edi = __edi + __ecx;
								__ecx = 0;
								asm("stosw");
								asm("stosb");
								 &_v924 = E004042CA( &_v924, __ebx, 0x100);
								 &_v924 = SetKeyboardState( &_v924);
								__edi = 0;
								__eflags = 0;
								do {
									__eax = GetAsyncKeyState(__edi);
									__edi = __edi + 1;
									__eflags = __edi - 0xff;
								} while (__edi < 0xff);
								__eax = GetKeyState(0x91);
								__eflags = __al & 0x00000001;
								if((__al & 0x00000001) == 0) {
									L211:
									_push(1);
									_pop(__esi);
									Sleep(__esi);
									__eflags =  *0x406a08 - __ebx; // 0x0
									if(__eflags != 0) {
										__eax = KillTimer(_a4, 0x3e9);
										__eax = GetTickCount();
										__eax = __eax -  *0x4069f8;
										__eflags =  *0x406b18 - __bl; // 0x0
										 *0x406a08 = __ebx;
										 *0x4069fc = __eax;
										__eax = 0x406b18;
										if(__eflags == 0) {
											__eax = "TinyTask";
										}
										__eax = SetWindowTextA(_a4, __eax);
										__eax =  *0x4069f0; // 0x0
										__eflags = __eax - __ebx;
										if(__eax == __ebx) {
											goto L393;
										} else {
											__edx =  *0x4069f4; // 0x0
											__edx =  ~__edx;
											_t278 = __edx - 1; // -1
											__esi = _t278;
											asm("sbb ecx, ecx");
											__ecx =  ~__edx & _t278;
											__eflags = __ecx;
											_v20 = __ecx;
											if(__ecx <= 0) {
												L225:
												__eflags = __ecx - __ebx;
												if(__ecx != __ebx) {
													__edx = __ecx;
													 *0x4069f4 = __edx;
												}
												__ecx = __edx;
												__edx = __edx + 3;
												__eflags = __ecx - __edx;
												_v24 = __ecx;
												if(__ecx >= __edx) {
													L231:
													__eax = InvalidateRect(_a4, __ebx, 1);
													goto L393;
												} else {
													while(1) {
														__eax = E004042CA(__eax, __ebx, 0x14);
														__ecx = _v24;
														__eax =  *0x4069f4; // 0x0
														__ecx = _v24 + 1;
														__eax = __eax + 3;
														_v24 = __ecx;
														__eflags = __ecx - __eax;
														if(__ecx >= __eax) {
															goto L231;
														}
														__eax =  *0x4069f0; // 0x0
													}
													goto L231;
												}
											} else {
												goto L221;
											}
											while(1) {
												L221:
												__esi = __ecx + __ecx * 4;
												__edi =  *(__eax + __esi * 4);
												__esi = __eax + __esi * 4;
												__eflags = __edi - __ebx;
												if(__edi == __ebx) {
													goto L225;
												}
												__eflags = __edi - 0x201;
												if(__edi != 0x201) {
													L224:
													__ecx = __ecx - 1;
													__eflags = __ecx - __ebx;
													_v20 = __ecx;
													if(__ecx > __ebx) {
														continue;
													}
													goto L225;
												}
												__esi =  *(__esi + 0x10);
												__eflags = __esi - _a4;
												if(__esi == _a4) {
													goto L225;
												}
												goto L224;
											}
											goto L225;
										}
									}
									__eax =  *0x4069f0; // 0x0
									 *0x406a08 = 0x8002;
									__eflags = __eax - __ebx;
									if(__eax != __ebx) {
										__eax = E00404294(__eax);
										 *0x4069f0 = __ebx;
									}
									__eax =  &_v32;
									 *0x4069f4 = __ebx;
									__eax = GetCursorPos( &_v32);
									__al = _v32.y;
									__edi = 0xfe;
									__al = _v32.y + _v32.x;
									__eflags = __al;
									 *0x406d20 = __al;
									do {
										GetKeyState(__esi) = __eax >> 0xf;
										__al = __al & 0x00000001;
										 *(__esi + 0x406d20) = __al;
										__esi =  &(__esi->i);
										__edi = __edi - 1;
										__eflags = __edi;
									} while (__edi != 0);
									 *0x4069f8 = GetTickCount();
									__eax = SetTimer(_a4, 0x3e9, 0xa, __ebx);
									goto L231;
								}
								__edi = VkKeyScanA;
								__eax = VkKeyScanA(0xffffff91);
								_v16 = __al;
								__eax = VkKeyScanA(0xffffff91);
								__ecx = 0;
								__cl = __ah;
								__eflags = __ah;
								if(__ah == 0) {
									__edi = MapVirtualKeyA;
								} else {
									__edi = MapVirtualKeyA;
									_push(__ebx);
									_push(__ebx);
									_push(MapVirtualKeyA(0x10, __ebx));
									_push(0x10);
									__eax = __esi->i();
								}
								__al = _v16;
								__eflags = __al - 0x21;
								if(__al < 0x21) {
									L195:
									__eflags = __al - 0x11;
									if(__al == 0x11) {
										goto L200;
									}
									__eflags = __al - 0x5b;
									if(__al == 0x5b) {
										goto L200;
									}
									__eflags = __al - 0x5c;
									if(__al == 0x5c) {
										goto L200;
									}
									__eflags = __al - 0x5d;
									if(__al == 0x5d) {
										goto L200;
									}
									__ecx = 0;
									goto L201;
								} else {
									__eflags = __al - 0x2e;
									if(__al <= 0x2e) {
										L200:
										_push(1);
										_pop(__ecx);
										L201:
										__eax = __al & 0x000000ff;
										_push(__ebx);
										_push(__ecx);
										_v12 = __eax;
										_push(__eax);
										_push(_v16);
										__eax = __esi->i();
										__al = _v16;
										__eflags = __al - 0x21;
										if(__al < 0x21) {
											L203:
											__eflags = __al - 0x11;
											if(__al == 0x11) {
												L208:
												_push(1);
												_pop(__eax);
												L209:
												__al = __al | 0x00000002;
												_push(__ebx);
												_push(__eax);
												_push(MapVirtualKeyA(_v12, __ebx));
												_push(_v16);
												__esi->i() = VkKeyScanA(0xffffff91);
												__ecx = 0;
												__cl = __ah;
												__eflags = __ah;
												if(__ah != 0) {
													_push(__ebx);
													_push(2);
													_push(MapVirtualKeyA(0x10, __ebx));
													_push(0x10);
													__eax = __esi->i();
												}
												goto L211;
											}
											__eflags = __al - 0x5b;
											if(__al == 0x5b) {
												goto L208;
											}
											__eflags = __al - 0x5c;
											if(__al == 0x5c) {
												goto L208;
											}
											__eflags = __al - 0x5d;
											if(__al == 0x5d) {
												goto L208;
											}
											__eax = 0;
											goto L209;
										}
										__eflags = __al - 0x2e;
										if(__al <= 0x2e) {
											goto L208;
										}
										goto L203;
									}
									goto L195;
								}
							case 3:
								__eax =  *0x406a08; // 0x0
								__eflags = __eax - 0x8002;
								if(__eax == 0x8002) {
									goto L393;
								}
								__eflags =  *0x4069f0 - __ebx; // 0x0
								if(__eflags != 0) {
									__eflags = __eax;
									if(__eax != 0) {
										 *0x406a0c =  *0x406a0c + 1;
										__eflags =  *0x406a0c;
									} else {
										 *0x406a0c = 0;
										 *0x406a08 = 0x8003;
									}
									mouse_event(4, __ebx, __ebx, __ebx, __ebx);
									__esi = keybd_event;
									__edi = 0;
									__eflags = 0;
									do {
										__eflags = __edi - 0x14;
										if(__edi == 0x14) {
											goto L258;
										}
										__eflags = __edi - 0x90;
										if(__edi == 0x90) {
											goto L258;
										}
										__eflags = __edi - 0x91;
										if(__edi == 0x91) {
											goto L258;
										}
										__eax = GetAsyncKeyState(__edi);
										__eflags = __ah & 0x00000080;
										if((__ah & 0x00000080) != 0) {
											L249:
											__eflags = __edi - 0x21;
											if(__edi < 0x21) {
												L251:
												__eflags = __edi - 0x11;
												if(__edi == 0x11) {
													L256:
													_push(1);
													_pop(__eax);
													L257:
													__al = __al | 0x00000002;
													__eflags = __al;
													_push(__ebx);
													_push(__eax);
													_push(MapVirtualKeyA(__edi, __ebx));
													_push(__edi);
													__eax = __esi->i();
													goto L258;
												}
												__eflags = __edi - 0x5b;
												if(__edi == 0x5b) {
													goto L256;
												}
												__eflags = __edi - 0x5c;
												if(__edi == 0x5c) {
													goto L256;
												}
												__eflags = __edi - 0x5d;
												if(__edi == 0x5d) {
													goto L256;
												}
												__eax = 0;
												goto L257;
											}
											__eflags = __edi - 0x2e;
											if(__edi <= 0x2e) {
												goto L256;
											}
											goto L251;
										}
										__eflags = __edi - 1;
										if(__edi == 1) {
											L247:
											__eax = GetAsyncKeyState(__edi);
											L248:
											__eax = __eax >> 0xf;
											__eax = __eax & 0x00000001;
											__eflags = __eax - __ebx;
											if(__eax == __ebx) {
												goto L258;
											}
											goto L249;
										}
										__eflags = __edi - 2;
										if(__edi == 2) {
											goto L247;
										}
										__eflags = __edi - 4;
										if(__edi == 4) {
											goto L247;
										}
										__eax = GetKeyState(__edi);
										goto L248;
										L258:
										__edi = __edi + 1;
										__eflags = __edi - 0x100;
									} while (__edi < 0x100);
									_push(0x3f);
									__eax = 0;
									_pop(__ecx);
									__edi =  &_v923;
									_v924 = __bl;
									__eax = memset(__edi, 0, __ecx << 2);
									__edi = __edi + __ecx;
									__ecx = 0;
									asm("stosw");
									asm("stosb");
									 &_v924 = E004042CA( &_v924, __ebx, 0x100);
									 &_v924 = SetKeyboardState( &_v924);
									__edi = 0;
									__eflags = 0;
									do {
										__eax = GetAsyncKeyState(__edi);
										__edi = __edi + 1;
										__eflags = __edi - 0xff;
									} while (__edi < 0xff);
									__eax = GetKeyState(0x91);
									__eflags = __al & 0x00000001;
									if((__al & 0x00000001) == 0) {
										L283:
										Sleep(1);
										_a12 = _a12 >> 0x10;
										__eflags = __ax;
										if(__ax != 0) {
											L288:
											__eflags =  *0x406d1d - __bl; // 0x0
											if(__eflags != 0) {
												__eax = PostMessageA(_a4, 0x10, __ebx, __ebx);
											}
											__eflags =  *0x406b18 - __bl; // 0x0
											 *0x406a0c = __ebx;
											 *0x406a08 = __ebx;
											__eax = 0x406b18;
											L291:
											if(__eflags == 0) {
												_t493 = "TinyTask";
											}
											_push(_t493);
											_push(_a4);
											L128:
											SetWindowTextA(); // executed
											goto L393;
										}
										__eax =  *0x406a0c; // 0x0
										__eflags = __eax -  *0x40600c; // 0x1
										if(__eflags < 0) {
											L286:
											__eax = GetTickCount();
											_push(__ebx);
											_push(0x19);
											 *0x4069f8 = __eax;
											 *0x4069f4 = __ebx;
											_push(0x3ea);
											L287:
											SetTimer(_a4, ??, ??, ??); // executed
											goto L393;
										}
										__eflags =  *0x406d1a - __bl; // 0x0
										if(__eflags == 0) {
											goto L288;
										}
										goto L286;
									}
									__edi = VkKeyScanA;
									__eax = VkKeyScanA(0xffffff91);
									_v16 = __al;
									__eax = VkKeyScanA(0xffffff91);
									__ecx = 0;
									__cl = __ah;
									__eflags = __ah;
									if(__ah == 0) {
										__edi = MapVirtualKeyA;
									} else {
										__edi = MapVirtualKeyA;
										_push(__ebx);
										_push(__ebx);
										_push(MapVirtualKeyA(0x10, __ebx));
										_push(0x10);
										__eax = __esi->i();
									}
									__al = _v16;
									__eflags = __al - 0x21;
									if(__al < 0x21) {
										L267:
										__eflags = __al - 0x11;
										if(__al == 0x11) {
											goto L272;
										}
										__eflags = __al - 0x5b;
										if(__al == 0x5b) {
											goto L272;
										}
										__eflags = __al - 0x5c;
										if(__al == 0x5c) {
											goto L272;
										}
										__eflags = __al - 0x5d;
										if(__al == 0x5d) {
											goto L272;
										}
										__ecx = 0;
										goto L273;
									} else {
										__eflags = __al - 0x2e;
										if(__al <= 0x2e) {
											L272:
											_push(1);
											_pop(__ecx);
											L273:
											__eax = __al & 0x000000ff;
											_push(__ebx);
											_push(__ecx);
											_v12 = __eax;
											_push(__eax);
											_push(_v16);
											__eax = __esi->i();
											__al = _v16;
											__eflags = __al - 0x21;
											if(__al < 0x21) {
												L275:
												__eflags = __al - 0x11;
												if(__al == 0x11) {
													L280:
													_push(1);
													_pop(__eax);
													L281:
													__al = __al | 0x00000002;
													_push(__ebx);
													_push(__eax);
													_push(MapVirtualKeyA(_v12, __ebx));
													_push(_v16);
													__esi->i() = VkKeyScanA(0xffffff91);
													__ecx = 0;
													__cl = __ah;
													__eflags = __ah;
													if(__ah != 0) {
														_push(__ebx);
														_push(2);
														_push(MapVirtualKeyA(0x10, __ebx));
														_push(0x10);
														__eax = __esi->i();
													}
													goto L283;
												}
												__eflags = __al - 0x5b;
												if(__al == 0x5b) {
													goto L280;
												}
												__eflags = __al - 0x5c;
												if(__al == 0x5c) {
													goto L280;
												}
												__eflags = __al - 0x5d;
												if(__al == 0x5d) {
													goto L280;
												}
												__eax = 0;
												goto L281;
											}
											__eflags = __al - 0x2e;
											if(__al <= 0x2e) {
												goto L280;
											}
											goto L275;
										}
										goto L267;
									}
								}
								__eax =  *0x406a00; // 0x0
								_push(__eax);
								L164:
								_push("TinyTask");
								_push("Nothing Recorded\n\nPress the blue button to start a new recording");
								L165:
								_push( *0x4069e0);
								goto L345;
							case 4:
								__eflags =  *0x406a08;
								asm("sbb eax, 0x406a08");
								if(__eflags != 0) {
									goto L393;
								} else {
									__edi = CreatePopupMenu();
									__eax =  *0x406a04; // 0x0
									__eax = __eax - 1;
									__esi = AppendMenuA;
									__eax =  ~__eax;
									asm("sbb eax, eax");
									__al = __al & 0x000000f8;
									__eax = __eax + 8;
									_v8 = __edi;
									__eax = AppendMenuA(__edi, __eax, 0x8006, 0x40649c);
									__eax =  *0x406a04; // 0x0
									__eax =  ~__eax;
									asm("sbb eax, eax");
									__al = __al & 0x000000f8;
									__eax = AppendMenuA(__edi, __eax, 0x8007, "Play Speed:   &1x");
									__eflags =  *0x406a04 - 2;
									if( *0x406a04 != 2) {
										__eax = 0;
										__eflags = 0;
									} else {
										_push(8);
										_pop(__eax);
									}
									__eax = AppendMenuA(__edi, __eax, 0x8008, "Play Speed:   &2x");
									__eflags =  *0x406a04 - 0x64;
									if( *0x406a04 != 0x64) {
										__eax = 0;
										__eflags = 0;
									} else {
										_push(8);
										_pop(__eax);
									}
									 &_v348 = wsprintfA( &_v348, "&Play Custom Speed:  %dx",  *0x406008);
									__eax =  *0x406a04; // 0x0
									__esp = __esp + 0xc;
									__eflags = __eax - __ebx;
									if(__eax == __ebx) {
										L307:
										__eax = 0;
										__eflags = 0;
										goto L308;
									} else {
										__eflags = __eax - 1;
										if(__eax == 1) {
											goto L307;
										}
										__eflags = __eax - 2;
										if(__eax == 2) {
											goto L307;
										}
										__eflags = __eax - 0x64;
										if(__eax == 0x64) {
											goto L307;
										}
										_push(8);
										_pop(__eax);
										L308:
										__ecx =  &_v348;
										__eax = AppendMenuA(_v8, __ebx, 0x8019, "&Set Custom Speed...");
										__edi = 0x800;
										__eax = AppendMenuA(_v8, 0x800, __ebx, __ebx);
										__al =  *0x406d1a; // 0x0
										__al =  ~__al;
										asm("sbb eax, eax");
										__eax = AppendMenuA(_v8, __eax, 0x800b, "&Continuous Playback");
										__eax =  *0x40600c; // 0x1
										__eflags = __eax - 1;
										if(__eax <= 1) {
											_push(1);
											_pop(__eax);
										}
										 &_v348 = wsprintfA( &_v348, "&Set Playback Loops...  (%d)",  &_v348);
										__esp = __esp + 0xc;
										 &_v348 = AppendMenuA(_v8, __ebx, 0x800c,  &_v348);
										__eax = AppendMenuA(_v8, __edi, __ebx, __ebx);
										__eax = CreatePopupMenu();
										_v16 = __eax;
										__eax = AppendMenuA(_v8, 0x10, __eax, "Recording &Hotkey");
										__al =  *0x406d1b; // 0x0
										__al =  ~__al;
										asm("sbb eax, eax");
										__al = __al & 0x000000f8;
										__eax = __eax + 8;
										__eax = AppendMenuA(_v16, __eax, 0x800f, "Control + Shift + Alt + R");
										__al =  *0x406d1b; // 0x0
										__al = __al - 1;
										__al =  ~__al;
										asm("sbb eax, eax");
										__al = __al & 0x000000f8;
										__eax = __eax + 8;
										__eax = AppendMenuA(_v16, __eax, 0x8010, "Print Screen");
										__al =  *0x406d1b; // 0x0
										__al = __al - 8;
										__al =  ~__al;
										asm("sbb eax, eax");
										__al = __al & 0x000000f8;
										__eax = __eax + 8;
										__eax = AppendMenuA(_v16, __eax, 0x8011, "F8");
										__al =  *0x406d1b; // 0x0
										__al = __al - 0xc;
										__al =  ~__al;
										asm("sbb eax, eax");
										__al = __al & 0x000000f8;
										__eax = AppendMenuA(_v16, __eax, 0x8012, "F12");
										__eax = CreatePopupMenu();
										_v12 = __eax;
										__eax = AppendMenuA(_v8, 0x10, __eax, "Playback Hot&key");
										__al =  *0x406d1c; // 0x0
										__al =  ~__al;
										asm("sbb eax, eax");
										__al = __al & 0x000000f8;
										__eax = __eax + 8;
										__eax = AppendMenuA(_v12, __eax, 0x8013, "Control + Shift + Alt + P");
										__al =  *0x406d1c; // 0x0
										__al = __al - 1;
										__al =  ~__al;
										asm("sbb eax, eax");
										__al = __al & 0x000000f8;
										__eax = __eax + 8;
										__eax = AppendMenuA(_v12, __eax, 0x8014, "Print Screen");
										__al =  *0x406d1c; // 0x0
										__al = __al - 8;
										__al =  ~__al;
										asm("sbb eax, eax");
										__al = __al & 0x000000f8;
										__eax = __eax + 8;
										__eax = AppendMenuA(_v12, __eax, 0x8015, "F8");
										__al =  *0x406d1c; // 0x0
										__al = __al - 0xc;
										__al =  ~__al;
										asm("sbb eax, eax");
										__al = __al & 0x000000f8;
										AppendMenuA(_v12, __edi, __ebx, __ebx) = AppendMenuA(_v12, 2, 0x800e, 0x406340);
										__eax = AppendMenuA(_v8, __edi, __ebx, __ebx);
										__eax =  *0x406a00; // 0x0
										__eax =  ~__eax;
										asm("sbb eax, eax");
										__eax = AppendMenuA(_v8, __eax, 0x8017, "Always on &Top");
										__eax =  *0x406a14; // 0x0
										__eax =  ~__eax;
										asm("sbb eax, eax");
										__al = __al & 0x000000f8;
										__eax = __eax + 8;
										__eax = AppendMenuA(_v8, __eax, 0x8018, "Show Captions");
										__al =  *0x406d1e; // 0x0
										__al =  ~__al;
										asm("sbb eax, eax");
										__eax = __eax & 0x00000008;
										__eax = AppendMenuA(_v8, __eax, 0x801a, "Use Custom Tool&bar...");
										__al =  *0x406d1e; // 0x0
										__al =  ~__al;
										asm("sbb eax, eax");
										__al = __al & 0x000000f8;
										AppendMenuA(_v8, __edi, __ebx, __ebx) = AppendMenuA(_v8, __ebx, 0x800d, "TinyTask &Website");
										AppendMenuA(_v8, __ebx, 0x800e, "&About TinyTask 1.77") =  &_v32;
										GetCursorPos( &_v32) =  &_v48;
										__eax = GetWindowRect(_a4,  &_v48);
										_push(_v32.y);
										__eax =  &_v48;
										__eax = PtInRect( &_v48, _v32.x);
										__ecx =  *0x406010; // 0x26
										__eflags = __eax;
										__eax = _v48.right;
										if(__eflags == 0) {
											L312:
											_v32.x = __eax;
											__eax = _v48.bottom;
											__eax = _v48.bottom + 0xfffffff7;
											__eflags = __eax;
											_v32.y = __eax;
											goto L313;
										} else {
											__edx =  *0x406040 & 0x000000ff;
											__eax = __eax - ( *0x406040 & 0x000000ff);
											__esi = __eax - ( *0x406040 & 0x000000ff) - __ecx;
											__eflags = _v32.x - __eax - ( *0x406040 & 0x000000ff) - __ecx;
											if(_v32.x >= __eax - ( *0x406040 & 0x000000ff) - __ecx) {
												L313:
												TrackPopupMenu(_v8, __ebx, _v32, _v32.y, __ebx, _a4, __ebx) = DestroyMenu(_v8);
												goto L393;
											}
											goto L312;
										}
									}
								}
							case 5:
								 *0x406a04 = 1;
								__eax = 0x406a04 + __eax;
								 *__eax =  *__eax + __eax;
								 *__eax =  *__eax + __al;
								goto L393;
							case 6:
								 *0x406a04 = 0;
								asm("sbb eax, 0x406a04");
								goto L393;
							case 7:
								 *0x406a04 = 2;
								__eax = 0x406a04 + __eax;
								 *__eax =  *__eax + __al;
								goto L393;
							case 8:
								__eax =  *0x406008; // 0x8
								 *0x406a04 = __eax;
								goto L393;
							case 9:
								 *0x406a04 = 0x64;
								__eax = 0x406a04 + __eax;
								 *[fs:eax] =  *[fs:eax] + __al;
								__cl = __cl + __ch;
								__al = __al -  *((intOrPtr*)(__eax + __eax));
								 *__eax =  *__eax + __bh;
								__eflags =  *__eax;
								goto L393;
							case 0xa:
								__eflags =  *0x406d1a - __bl;
								__eax = __eax & 0xffffff00 |  *0x406d1a == __bl;
								 *0x406d1a = __al;
								goto L393;
							case 0xb:
								_push(0);
								_push(0xa);
								_push(0x3ec);
								_push(_a4);
							case 0xc:
								__eax = ShellExecuteA(0, 0, "https://www.tinytask.net", 0, 0, 1);
								__eflags = __eax - 0x20;
								if(__eax > 0x20) {
									goto L393;
								}
								_push(0x10030);
								_push("TinyTask");
								_push("Unable to connect to \"www.tinytask.net\"");
								goto L344;
							case 0xd:
								 &_v348 = E004043F5( &_v348, 0x406128);
								_pop(__ecx);
								__esi = 0x3eb;
								_pop(__ecx);
								__eax = SetTimer(_a4, 0x3eb, 0xa, 0);
								_push(9);
								__eax = 0;
								_pop(__ecx);
								__edi =  &(_v92.hwndOwner);
								__eax = memset(__edi, 0, __ecx << 2);
								__edi = __edi + __ecx;
								__ecx = 0;
								_v92.cbSize = 0x28;
								_v92.hInstance = GetModuleHandleA(0);
								__eax =  &_v348;
								__edi = _a4;
								_v92.lpszText =  &_v348;
								__eax =  *0x406a00; // 0x0
								_v92.hwndOwner = __edi;
								__eax = __eax | 0x00010080;
								__eflags = __eax;
								_v92.lpszCaption = "About TinyTask";
								_v92.dwStyle = __eax;
								__eax =  &_v92;
								_v92.lpszIcon = 0xfa1;
								__eax = MessageBoxIndirectA( &_v92);
								_push(0x3eb);
								_push(__edi);
								__eax = KillTimer();
								goto L393;
							case 0xe:
								 *0x406d1b = __bl;
								asm("sbb eax, 0x406d1b");
								goto L393;
							case 0xf:
								__eflags =  *0x406d1c - 1;
								__eflags = __eax - 0x406d1c;
								_t369 =  &_a12244997;
								 *_t369 = _a12244997 + __esi;
								__eflags =  *_t369;
							case 0x10:
								__eflags =  *0x406d1c - 8;
								if( *0x406d1c == 8) {
									goto L343;
								}
								 *0x406d1b = 8;
								goto L393;
							case 0x11:
								__eflags =  *0x406d1c - 0xc;
								__eflags = __eax - 0x406d1c;
								__al = __al | 0x00000074;
								__eflags = __edx;
							case 0x12:
								 *0x406d1c = __bl;
								asm("sbb eax, 0x406d1c");
								goto L393;
							case 0x13:
								__eflags =  *0x406d1b - 1;
								__eflags = __eax - 0x406d1b;
								_t375 = __edx +  &_v62;
								 *_t375 = __esi +  *(__edx +  &_v62);
								__eflags =  *_t375;
							case 0x14:
								__eflags =  *0x406d1b - 8;
								if( *0x406d1b == 8) {
									L343:
									_push(0x10040);
									_push("TinyTask");
									_push("Hotkey Conflict");
									L344:
									_push(_a4);
									L345:
									__eax = MessageBoxA();
									goto L393;
								}
								 *0x406d1c = 8;
								goto L393;
							case 0x15:
								__eflags =  *0x406d1b - 0xc;
								__eflags = __eax - 0x406d1b;
								__al = __al | 0x00000075;
								asm("sbb eax, 0x1004068");
							case 0x16:
								__eax =  *0x406a00; // 0x0
								_push(3);
								__eax =  ~__eax;
								asm("sbb eax, eax");
								_push(0xa);
								__eax = __eax & 0xfffc0000;
								_push(0xa);
								_push(0);
								__eax = __eax + 0x40000;
								_push(0);
								_push(0);
								 *0x406a00 = __eax;
								_pop(__eax);
								__eax = __eax & 0xffffff00 | __eflags != 0x00000000;
								__eax = __eax - 1;
								__eax = SetWindowPos(_a4, __eax, ??, ??, ??, ??, ??);
								goto L393;
							case 0x17:
								__esi = _a4;
								 &_v48 = GetWindowRect(__esi,  &_v48);
								__eflags =  *0x406a14 - __ebx; // 0x0
								if(__eflags == 0) {
									_push(0xc);
									_pop(__eax);
									_t394 =  &(_v48.bottom);
									 *_t394 = _v48.bottom - __eax;
									__eflags =  *_t394;
									 *0x406a14 = __eax;
								} else {
									_v48.bottom = _v48.bottom + 0xc;
									 *0x406a14 = 0;
								}
								__eax = _v48.bottom;
								_push(0x436);
								__eax = _v48.bottom - _v48.top;
								_push(_v48.bottom - _v48.top);
								_v48.right = _v48.right - _v48.left;
								_push(_v48.right - _v48.left);
								goto L388;
							case 0x18:
								__eflags = _a12 - 0x801a;
								if(_a12 != 0x801a) {
									__eax = WritePrivateProfileStringA("TinyTask", "toolbar_image", 0, "C:\Users\jones\Desktop\tinytask-1-77.ini");
									 *0x406040 = 5;
									L384:
									 &_v52 =  &_v20;
									__eax = E0040392F( &_v20,  &_v52);
									__esi = _a4;
									_pop(__ecx);
									_pop(__ecx);
									__eax = GetWindowLongA(__esi, 0xfffffff0);
									__eflags = _v20 - 0xe0;
									if(_v20 <= 0xe0) {
										__eax = __eax & 0xfffdffff;
										__eflags = __eax;
									} else {
										__eax = __eax | 0x00020000;
									}
									_v24 = __eax;
									__eax = SetWindowLongA(__esi, 0xfffffff0, __eax);
									_push(0x26);
									_push(_v52);
									_push(_v20);
									L388:
									SetWindowPos(__esi, __ebx, __ebx, __ebx, ??, ??, ??) = InvalidateRect(__esi, __ebx, 1);
									__eax = UpdateWindow(__esi);
									goto L393;
								}
								__edi = 0x406c18;
								__eax =  &_v348;
								__esi = "TinyTask";
								__eax = GetPrivateProfileStringA("TinyTask", "toolbar_image", 0x406c18,  &_v348, 0xff, 0x406c18);
								__eax =  &_v348;
								__eflags = __eax;
								if(__eax != 0) {
									__eax =  &_v348;
									__eax = E004043D7( &_v348);
								}
								__ecx = __eax - 1;
								__eax =  &_v348;
								__eflags =  &_v348;
								if( &_v348 == 0) {
									L381:
									 &_v348 = E00404464( &_v348, "\\*.bmp");
									__eax =  &_v348;
									__eax = E00404111(_a4,  &_v348, "*.bmp", 1);
									__eflags = __eax;
									if(__eax == 0) {
										goto L393;
									}
									 &_v348 = E004041F6(__edi, __esi, "toolbar_image",  &_v348, __ebx);
									goto L384;
								} else {
									while(1) {
										__dl =  *(__ebp + __ecx - 0x158);
										__eax = __ebp + __ecx - 0x158;
										__eflags = __dl - __bl;
										if(__dl == __bl) {
											goto L381;
										}
										__eflags = __ecx - __ebx;
										if(__ecx < __ebx) {
											goto L381;
										}
										__eflags = __dl - 0x5c;
										if(__dl == 0x5c) {
											 *__eax = __bl;
											__ecx = 0;
											__eflags = 0;
										}
										__ecx = __ecx - 1;
									}
									goto L381;
								}
						}
					}
					_t598 = _t596;
					__eflags = _t598;
					if(_t598 == 0) {
						_t453 = _a12;
						__eflags = _t453 - 0x3e9;
						if(_t453 != 0x3e9) {
							__eflags = _t453 - 0x3ea;
							if(_t453 != 0x3ea) {
								__eflags = _t453 - 0x3ed;
								if(_t453 != 0x3ed) {
									__eflags = _t453 - 0x3eb;
									_t664 = 0x3ec;
									if(_t453 == 0x3eb) {
										L91:
										__eflags = _a12 - _t664;
										_t454 = "About TinyTask";
										if(_a12 == _t664) {
											_t454 = "Set Playback Loops";
										}
										_t455 = FindWindowExA(0, 0, 0, _t454);
										__eflags = _t455;
										_v12 = _t455;
										if(_t455 != 0) {
											L96:
											KillTimer(_a4, _a12);
											GetClientRect(_v12,  &_v48);
											__eflags = _a12 - _t664;
											_push(0);
											_push(0);
											if(_a12 != _t664) {
												_push(0x800d);
												_push(_v12);
												_push(0x1e);
												_push(_v48.right - _v48.left - 0x96);
												_t462 = GetVersion();
												__eflags = _t462 - 6;
												asm("sbb eax, eax");
												_t464 = (_t462 & 0x000000f6) + 0x19;
												__eflags = _t464;
												_push(_t464);
												_push(0x4b);
												_push(0x50000001);
												_push("tinytask.net");
												_push("STATIC");
											} else {
												_push(0);
												_push(_v12);
												_push(0x14);
												_push(_v48.right - _v48.left - 0x96);
												_t483 = GetVersion();
												__eflags = _t483 - 6;
												asm("sbb eax, eax");
												_push((_t483 & 0x000000f1) + 0x3c);
												_push(0x4b);
												_push(0x50812080);
												_push(0x406018);
												_push("EDIT");
											}
											_v8 = CreateWindowExA(8, ??, ??, ??, ??, ??, ??, ??, ??, ??, ??, ??);
											SendMessageA(_v8, 0x30, GetStockObject(0x11), 1);
											SetWindowLongA(_v8, 0xffffffeb, GetWindowLongA(_v8, 0xfffffffc));
											__eflags = _a12 - _t664;
											_t470 = E004032B3;
											if(_a12 != _t664) {
												_t470 = E00403108;
											}
											SetWindowLongA(_v8, 0xfffffffc, _t470);
											ShowWindow(_v8, 5);
											UpdateWindow(_v8);
											InvalidateRect(_v12, 0, 1);
											UpdateWindow(_v12);
											InvalidateRect(_v8, 0, 1);
											UpdateWindow(_v8);
											__eflags = _a12 - 0x3ec;
											if(_a12 == 0x3ec) {
												SendMessageA(_v8, 0xb1, 0, 0xffffffff);
												SetFocus(_v8);
											}
											goto L393;
										} else {
											_t486 = FindWindowExA(0, 0, 0, "Set Custom Speed");
											__eflags = _t486;
											_v12 = _t486;
											if(_t486 == 0) {
												goto L393;
											}
											_t664 = 0x3ec;
											goto L96;
										}
									}
									__eflags = _t453 - 0x3ec;
									if(_t453 != 0x3ec) {
										goto L393;
									}
									goto L91;
								}
								__eflags =  *0x406d1b; // 0x0
								if(__eflags != 0) {
									L59:
									__eflags =  *0x406d1b - 1;
									if( *0x406d1b != 1) {
										L61:
										__eflags =  *0x406d1b - 8;
										if( *0x406d1b != 8) {
											L63:
											__eflags =  *0x406d1b - 0xc;
											if( *0x406d1b != 0xc) {
												L66:
												__eflags =  *0x406d1c; // 0x0
												if(__eflags != 0) {
													L71:
													__eflags =  *0x406d1c - 1;
													if( *0x406d1c != 1) {
														L73:
														__eflags =  *0x406d1c - 8;
														if( *0x406d1c != 8) {
															L75:
															__eflags =  *0x406d1c - 0xc;
															if( *0x406d1c != 0xc) {
																L79:
																_t487 =  *0x406a08; // 0x0
																__eflags = _t487 - 0x8002;
																if(_t487 != 0x8002) {
																	__eflags = _t487 - 0x8003;
																	if(_t487 != 0x8003) {
																		__eflags =  *0x406b18; // 0x0
																		if(__eflags != 0) {
																			E004043F5( &_v668, 0x406b18);
																		}
																	} else {
																		_t497 = GetTickCount();
																		_v16 = "*";
																		_t604 =  *0x406d1a; // 0x0
																		__eflags = _t604;
																		_t677 = (_t497 -  *0x4069f8) / 0x3e8;
																		_v24 = _t677;
																		if(_t604 == 0) {
																			_v16 = 0x406e20;
																		}
																		_t667 = 0x3c;
																		_t125 =  &_v16; // 0x406e20
																		asm("sbb ecx, ecx");
																		_t608 =  *0x406a0c; // 0x0
																		wsprintfA( &_v668, "%02d:%02d (%d/%d%s)", _t677 / _t667, _t677 - _t677 / _t667 * 0x3c, _t608 + 1,  !( ~_t604) &  *0x40600c,  *_t125);
																	}
																} else {
																	_t504 = GetTickCount();
																	_t506 = (_t504 -  *0x4069f8) / 0x3e8;
																	_t679 = 0x3c;
																	_t613 = _t506;
																	_v24 = _t613;
																	wsprintfA( &_v668, "REC %02d:%02d", _t506 / _t679, _t613 - _t506 / _t679 * 0x3c);
																}
																GetWindowTextA(_a4,  &_v348, 0xff);
																_t492 = E0040448E( &_v668,  &_v348);
																__eflags = _t492;
																if(_t492 == 0) {
																	goto L393;
																} else {
																	__eflags = _v668;
																	_t493 =  &_v668;
																	goto L291;
																}
															}
															_t510 = GetKeyState(0x7b);
															__eflags = 0x00008000 & _t510;
															if((0x00008000 & _t510) == 0) {
																goto L79;
															}
															L77:
															Sleep(0x96);
															__eflags =  *0x406a08 - 0x8003; // 0x0
															_push(0);
															_t619 = ((0 | __eflags == 0x00000000) & 0x0000ffff) << 0x00000010 | 0x00008003;
															__eflags = _t619;
															_push(_t619);
															L78:
															PostMessageA(_a4, 0x111, ??, ??);
															goto L79;
														}
														_t513 = GetKeyState(0x77);
														__eflags = 0x00008000 & _t513;
														if((0x00008000 & _t513) != 0) {
															goto L77;
														}
														goto L75;
													}
													_t514 = GetKeyState(0x2c);
													__eflags = 0x00008000 & _t514;
													if((0x00008000 & _t514) != 0) {
														goto L77;
													}
													goto L73;
												}
												_t515 = GetKeyState(0x50);
												__eflags = 0x00008000 & _t515;
												if((0x00008000 & _t515) == 0) {
													goto L71;
												}
												_t516 = GetKeyState(0x11);
												__eflags = 0x00008000 & _t516;
												if((0x00008000 & _t516) == 0) {
													goto L71;
												}
												_t517 = GetKeyState(0x10);
												__eflags = 0x00008000 & _t517;
												if((0x00008000 & _t517) == 0) {
													goto L71;
												}
												_t518 = GetKeyState(0x12);
												__eflags = 0x00008000 & _t518;
												if((0x00008000 & _t518) != 0) {
													goto L77;
												}
												goto L71;
											}
											_t519 = GetKeyState(0x7b);
											__eflags = 0x00008000 & _t519;
											if((0x00008000 & _t519) == 0) {
												goto L66;
											}
											L65:
											_push(0);
											_push(0x8002);
											goto L78;
										}
										_t520 = GetKeyState(0x77);
										__eflags = 0x00008000 & _t520;
										if((0x00008000 & _t520) != 0) {
											goto L65;
										}
										goto L63;
									}
									_t521 = GetKeyState(0x2c);
									__eflags = 0x00008000 & _t521;
									if((0x00008000 & _t521) != 0) {
										goto L65;
									}
									goto L61;
								}
								_t522 = GetKeyState(0x52);
								__eflags = 0x00008000 & _t522;
								if((0x00008000 & _t522) == 0) {
									goto L59;
								}
								_t523 = GetKeyState(0x11);
								__eflags = 0x00008000 & _t523;
								if((0x00008000 & _t523) == 0) {
									goto L59;
								}
								_t524 = GetKeyState(0x10);
								__eflags = 0x00008000 & _t524;
								if((0x00008000 & _t524) == 0) {
									goto L59;
								}
								_t525 = GetKeyState(0x12);
								__eflags = 0x00008000 & _t525;
								if((0x00008000 & _t525) != 0) {
									goto L65;
								}
								goto L59;
							}
							__eflags =  *0x4069f0; // 0x0
							if(__eflags != 0) {
								KillTimer(_a4, 0x3ea);
								E004034C6(_a4, 0x3ea);
							}
							goto L393;
						}
						KillTimer(_a4, 0x3e9);
						E004032FD(_a4, 0x3e9);
						goto L393;
					}
					_t620 = _t598 - 0xed;
					__eflags = _t620;
					if(_t620 == 0) {
						_t530 = GetCursor();
						_t621 =  *0x4069e4; // 0x170355
						__eflags = _t530 - _t621;
						if(_t530 != _t621) {
							SetCursor(_t621);
						}
						goto L393;
					}
					__eflags = _t620 != 1;
					if(_t620 != 1) {
						goto L393;
					}
					_t644 =  *0x406010; // 0x26
					asm("cdq");
					_t534 = ((_a16 & 0x0000ffff) - (( *0x406040 & 0x000000ff) >> 1)) / (( *0x406040 & 0x000000ff) + _t644);
					__eflags = _t534;
					if(_t534 >= 0) {
						__eflags = _t534 - 5;
						if(_t534 > 5) {
							_t534 = 5;
						}
					} else {
						_t534 = 0;
					}
					_push(0);
					_push(_t534 + 0x00008000 & 0x0000ffff);
					_push(0x111);
					L34:
					PostMessageA(_a4, ??, ??, ??);
					goto L393;
				}
				if(_t693 == 0) {
					__eflags = _a12 - 0x4f;
					if(_a12 != 0x4f) {
						__eflags = _a12 - 0xd;
						if(_a12 != 0xd) {
							goto L393;
						}
						_push(0);
						_push(0x8005);
						L33:
						_push(0x111);
						goto L34;
					}
					_push(0);
					_push(0x8000);
					goto L33;
				}
				_t625 = _t595 - 1;
				if(_t625 == 0) {
					_t539 = CreateCursor(GetModuleHandleA(0), 5, 0, 0x20, 0x20, 0x4051b8, 0x405238);
					_push(0);
					_push(0x32);
					 *0x4069e4 = _t539;
					_push(0x3ed);
					goto L287;
				}
				_t626 = _t625 - 1;
				if(_t626 == 0) {
					__eflags =  *0x406d1d; // 0x0
					if(__eflags == 0) {
						GetWindowRect(_a4,  &_v48);
						_t681 = "TinyTask";
						E004041F6(0x406c18, "TinyTask", "window_x", 0, _v48.left);
						E004041F6(0x406c18, "TinyTask", "window_y", 0, _v48.top);
						E004041F6(0x406c18, "TinyTask", "speed", 0,  *0x406a04);
						E004041F6(0x406c18, "TinyTask", "speed_custom", 0,  *0x406008);
						E004041F6(0x406c18, "TinyTask", "record_key", 0,  *0x406d1b & 0x000000ff);
						E004041F6(0x406c18, _t681, "play_key", 0,  *0x406d1c & 0x000000ff);
						__eflags =  *0x406a00; // 0x0
						_t58 = __eflags != 0;
						__eflags = __eflags != 0;
						E004041F6(0x406c18, _t681, "topmost", 0, 0 | _t58);
						E004041F6(0x406c18, _t681, "hide_captions", 0,  *0x406a14);
						E004041F6(0x406c18, _t681, "toolbar_padding", 0,  *0x406040 & 0x000000ff);
					}
					_t541 =  *0x4069f0; // 0x0
					__eflags = _t541;
					if(_t541 != 0) {
						E00404294(_t541);
						 *0x4069f0 = 0;
					}
					_t542 =  *0x4069e4; // 0x170355
					__eflags = _t542;
					if(_t542 != 0) {
						DestroyCursor(_t542);
						 *0x4069e4 = 0;
					}
					_t543 =  *0x4069e8; // 0x9b05071f
					__eflags = _t543;
					if(_t543 != 0) {
						DeleteObject(_t543);
						 *0x4069e8 = 0;
					}
					_t544 =  *0x4069ec; // 0x8b0509b3
					__eflags = _t544;
					if(_t544 != 0) {
						DeleteObject(_t544);
						 *0x4069ec = 0;
					}
					KillTimer(_a4, 0x3ed);
					PostQuitMessage(0);
					L29:
					return 0;
				}
				_t628 = _t626 - 0xd;
				if(_t628 == 0) {
					BeginPaint(_a4,  &_v412);
					_a12 = CreateCompatibleDC(_v412.hdc);
					_v20 = 0;
					do {
						_t570 = SelectObject(_a12,  *0x4069ec);
						__eflags = _v20 - 2;
						_a16 = _t570;
						if(_v20 != 2) {
							L11:
							_t571 =  *0x406010; // 0x26
							_t647 = _t571 * _v20;
							__eflags = _t647;
							L12:
							_t648 =  *0x406014; // 0x2c
							BitBlt(_v412.hdc, (_t571 + ( *0x406040 & 0x000000ff)) * _v20 + ( *0x406040 & 0x000000ff),  *0x406040 & 0x000000ff, _t571, _t648 -  *0x406a14, _a12, _t647, 0, 0x8800c6);
							SelectObject(_a12, _a16);
							_t577 = SelectObject(_a12,  *0x4069e8);
							__eflags = _v20 - 2;
							_a16 = _t577;
							if(_v20 != 2) {
								L15:
								_t578 =  *0x406010; // 0x26
								_t651 = _t578 * _v20;
								__eflags = _t651;
								goto L16;
							}
							__eflags =  *0x406a08 - 0x8002;
							if( *0x406a08 != 0x8002) {
								goto L15;
							}
							_t578 =  *0x406010; // 0x26
							_t651 = _t578 + _t578 * 2 << 1;
							goto L16;
						}
						__eflags =  *0x406a08 - 0x8002;
						if( *0x406a08 != 0x8002) {
							goto L11;
						}
						_t571 =  *0x406010; // 0x26
						_t647 = _t571 + _t571 * 2 << 1;
						goto L12;
						L16:
						_t652 =  *0x406014; // 0x2c
						BitBlt(_v412, (_t578 + ( *0x406040 & 0x000000ff)) * _v20 + ( *0x406040 & 0x000000ff),  *0x406040 & 0x000000ff, _t578, _t652 -  *0x406a14, _a12, _t651, 0, 0xee0086);
						SelectObject(_a12, _a16);
						_v20 = _v20 + 1;
						__eflags = _v20 - 6;
					} while (_v20 < 6);
					DeleteDC(_a12);
					EndPaint(_a4,  &_v412);
					goto L29;
				} else {
					if(_t628 == 1) {
						DestroyWindow(_a4);
					}
					goto L393;
				}
			}




















































































0x00401499
0x004014a2
0x004014a8
0x004014ab
0x004014b0
0x004014b3
0x004014b4
0x004014b5
0x004014bb
0x004014bc
0x004014c5
0x004014cb
0x004014cd
0x004014cf
0x004014d0
0x004014db
0x004014e1
0x004014e4
0x004014e6
0x004014e9
0x004014ec
0x004014ee
0x004014f4
0x004014f7
0x004014f9
0x004014fc
0x0040181f
0x0040181f
0x00401821
0x00401cb7
0x00401cbc
0x00401cbf
0x00402f05
0x00402f11
0x00000000
0x00402f11
0x00401cc5
0x00000000
0x00401ccc
0x00401cd2
0x00401ce9
0x00401cef
0x00401cf7
0x00401cf9
0x00401cff
0x00401d05
0x00401d13
0x00401d13
0x00401d05
0x00401cf9
0x00000000
0x00000000
0x00401d1d
0x00401d23
0x00000000
0x00000000
0x00401d29
0x00401d2f
0x0040212e
0x0040212e
0x00000000
0x0040212e
0x00401d35
0x00401d3c
0x00000000
0x00000000
0x00401d42
0x00401d4f
0x00401d54
0x00401d5a
0x00401d5b
0x00401d5c
0x00401d9e
0x00401d5e
0x00401d5e
0x00401d64
0x00401d70
0x00401d79
0x00401d7c
0x00401d81
0x00401d82
0x00401d84
0x00401d85
0x00401d87
0x00401d94
0x00401d94
0x00401d97
0x00401d97
0x00401da6
0x00401db0
0x00401db8
0x00401dba
0x00000000
0x00401dc0
0x00401dc8
0x00401dcd
0x00401dd3
0x00401dd4
0x00401dd9
0x00401dda
0x00401ddc
0x00401dde
0x00401dde
0x00401de5
0x00401ded
0x00401df0
0x00401df3
0x00401df8
0x00401df9
0x00401dfb
0x00401dfc
0x00401dfe
0x00401e04
0x00401e06
0x00401e06
0x00401e0d
0x00401e12
0x00401e13
0x00401e13
0x00401e15
0x00401e1b
0x00401e21
0x00401e76
0x00401e8a
0x00401e91
0x00401e99
0x00401e9f
0x00401ea1
0x00401ec4
0x00401ecc
0x00401ecf
0x00401ed5
0x00401ed7
0x00401eda
0x0040201f
0x0040201f
0x00402029
0x00402036
0x0040203b
0x00402044
0x00402046
0x00402048
0x0040204b
0x00402070
0x00402076
0x00402078
0x00402079
0x0040207b
0x00402086
0x00402088
0x0040208f
0x00402092
0x00402097
0x00402097
0x0040209c
0x004020a1
0x004020a3
0x004020a5
0x004020a5
0x004020aa
0x004020ac
0x004020ad
0x004020af
0x004020af
0x004020b4
0x004020b4
0x004020b4
0x004020b4
0x004020bc
0x004020d1
0x004020d7
0x004020da
0x004020da
0x004020dc
0x004020de
0x004020df
0x004020e2
0x004020e2
0x004020e2
0x004020e5
0x004020f2
0x004020f5
0x004020f8
0x004020fb
0x00402101
0x00402104
0x00402109
0x0040210e
0x00402115
0x00402118
0x0040211c
0x00402123
0x00000000
0x00402123
0x00402094
0x00402094
0x00000000
0x00402094
0x0040207d
0x00000000
0x0040207d
0x00402059
0x00402066
0x00000000
0x0040206b
0x00401ee0
0x00401ee8
0x00401eed
0x00401eee
0x00401ef0
0x00401efd
0x00401f09
0x00401f0f
0x00401f12
0x00401f12
0x00401f17
0x00401f1a
0x00401f25
0x00401f2c
0x00401f34
0x00401f37
0x00401f3a
0x00000000
0x00000000
0x00401f40
0x00401f42
0x00401f42
0x00401f45
0x00401f47
0x00401f4b
0x00401f4d
0x00401f52
0x00401f54
0x00401f54
0x00401f52
0x00401f4b
0x00401f57
0x00401f5a
0x00401f60
0x00401f66
0x00401f6e
0x00401f70
0x00401f72
0x00401f75
0x00401f7b
0x00401f7d
0x00401f7d
0x00401f83
0x00401f88
0x00401f8a
0x00401f8c
0x00401f8c
0x00401f9b
0x00401faa
0x00401fad
0x00401fad
0x00401fb0
0x00401fb5
0x00401fb8
0x00401fbb
0x00401fbc
0x00401fbf
0x00401fbf
0x00401fc8
0x00401fc8
0x00401fcb
0x00401fcb
0x00401fd5
0x00401fd8
0x00401fe0
0x00401fe5
0x00401fea
0x00401ff9
0x0040200e
0x00402014
0x00402016
0x00402019
0x0040201e
0x00000000
0x00402016
0x00401ea3
0x00401ea8
0x00401ea9
0x00000000
0x00401e23
0x00401e23
0x00401e39
0x00401e41
0x00401e47
0x00401e4f
0x00401e51
0x00401e53
0x00401e53
0x00401e53
0x00401e56
0x00401e5d
0x00401e62
0x00401e63
0x00401e64
0x00401e65
0x00000000
0x00401e65
0x00401e21
0x00000000
0x0040214e
0x00402154
0x0040215a
0x0040215a
0x0040215c
0x0040215c
0x0040215f
0x00000000
0x00000000
0x00402161
0x00402167
0x00000000
0x00000000
0x00402169
0x0040216f
0x00000000
0x00000000
0x00402172
0x00402178
0x0040217b
0x004021a6
0x004021a6
0x004021a9
0x004021b0
0x004021b0
0x004021b3
0x004021c8
0x004021c8
0x004021ca
0x004021cb
0x004021cb
0x004021cb
0x004021cd
0x004021ce
0x004021d7
0x004021d8
0x004021d9
0x00000000
0x004021d9
0x004021b5
0x004021b8
0x00000000
0x00000000
0x004021ba
0x004021bd
0x00000000
0x00000000
0x004021bf
0x004021c2
0x00000000
0x00000000
0x004021c4
0x00000000
0x004021c4
0x004021ab
0x004021ae
0x00000000
0x00000000
0x00000000
0x004021ae
0x0040217d
0x00402180
0x00402195
0x00402196
0x0040219c
0x0040219c
0x0040219f
0x004021a2
0x004021a4
0x00000000
0x00000000
0x00000000
0x004021a4
0x00402182
0x00402185
0x00000000
0x00000000
0x00402187
0x0040218a
0x00000000
0x00000000
0x0040218d
0x00000000
0x004021db
0x004021db
0x004021dc
0x004021dc
0x004021e8
0x004021ea
0x004021ec
0x004021ed
0x004021f3
0x004021fe
0x004021fe
0x004021fe
0x00402200
0x00402202
0x0040220b
0x0040221a
0x00402220
0x00402220
0x00402222
0x00402223
0x00402229
0x0040222a
0x0040222a
0x00402237
0x0040223d
0x0040223f
0x004022fb
0x004022fb
0x004022fd
0x004022ff
0x00402305
0x0040230b
0x0040238c
0x00402392
0x00402398
0x0040239e
0x004023a4
0x004023aa
0x004023af
0x004023b4
0x004023b6
0x004023b6
0x004023bf
0x004023c5
0x004023ca
0x004023cc
0x00000000
0x004023d2
0x004023d2
0x004023da
0x004023dc
0x004023dc
0x004023df
0x004023e1
0x004023e1
0x004023e3
0x004023e6
0x0040240d
0x0040240d
0x0040240f
0x00402411
0x00402413
0x00402413
0x00402419
0x0040241b
0x0040241e
0x00402420
0x00402423
0x00402451
0x00402457
0x00000000
0x00402425
0x0040242c
0x00402436
0x0040243b
0x0040243e
0x00402446
0x00402447
0x0040244a
0x0040244d
0x0040244f
0x00000000
0x00000000
0x00402427
0x00402427
0x00000000
0x0040242c
0x00000000
0x00000000
0x00000000
0x004023e8
0x004023e8
0x004023e8
0x004023eb
0x004023ee
0x004023f1
0x004023f3
0x00000000
0x00000000
0x004023f5
0x004023fb
0x00402405
0x00402405
0x00402406
0x00402408
0x0040240b
0x00000000
0x00000000
0x00000000
0x0040240b
0x004023fd
0x00402400
0x00402403
0x00000000
0x00000000
0x00000000
0x00402403
0x00000000
0x004023e8
0x004023cc
0x0040230d
0x00402312
0x0040231c
0x0040231e
0x00402321
0x00402327
0x00402327
0x0040232d
0x00402330
0x00402337
0x0040233d
0x00402340
0x00402345
0x00402345
0x00402348
0x0040234d
0x00402354
0x00402357
0x00402359
0x0040235f
0x00402360
0x00402360
0x00402360
0x00402371
0x00402379
0x00000000
0x00402379
0x00402245
0x0040224d
0x00402251
0x00402254
0x00402256
0x00402258
0x0040225a
0x0040225c
0x00402272
0x0040225e
0x0040225e
0x00402264
0x00402265
0x0040226b
0x0040226c
0x0040226e
0x0040226e
0x00402278
0x0040227b
0x0040227d
0x00402283
0x00402283
0x00402285
0x00000000
0x00000000
0x00402287
0x00402289
0x00000000
0x00000000
0x0040228b
0x0040228d
0x00000000
0x00000000
0x0040228f
0x00402291
0x00000000
0x00000000
0x00402293
0x00000000
0x0040227f
0x0040227f
0x00402281
0x00402297
0x00402297
0x00402299
0x0040229a
0x0040229a
0x0040229d
0x0040229e
0x004022a1
0x004022a6
0x004022a7
0x004022aa
0x004022ac
0x004022af
0x004022b1
0x004022b7
0x004022b7
0x004022b9
0x004022cb
0x004022cb
0x004022cd
0x004022ce
0x004022ce
0x004022d0
0x004022d1
0x004022d8
0x004022d9
0x004022e0
0x004022e6
0x004022e8
0x004022ea
0x004022ec
0x004022ee
0x004022ef
0x004022f6
0x004022f7
0x004022f9
0x004022f9
0x00000000
0x004022ec
0x004022bb
0x004022bd
0x00000000
0x00000000
0x004022bf
0x004022c1
0x00000000
0x00000000
0x004022c3
0x004022c5
0x00000000
0x00000000
0x004022c7
0x00000000
0x004022c7
0x004022b3
0x004022b5
0x00000000
0x00000000
0x00000000
0x004022b5
0x00000000
0x00402281
0x00000000
0x00402462
0x00402467
0x0040246c
0x00000000
0x00000000
0x00402472
0x00402478
0x0040248a
0x0040248c
0x004024a0
0x004024a0
0x0040248e
0x0040248e
0x00402494
0x00402494
0x004024ac
0x004024b2
0x004024b8
0x004024b8
0x004024ba
0x004024ba
0x004024bd
0x00000000
0x00000000
0x004024bf
0x004024c5
0x00000000
0x00000000
0x004024c7
0x004024cd
0x00000000
0x00000000
0x004024d0
0x004024d6
0x004024d9
0x00402504
0x00402504
0x00402507
0x0040250e
0x0040250e
0x00402511
0x00402526
0x00402526
0x00402528
0x00402529
0x00402529
0x00402529
0x0040252b
0x0040252c
0x00402535
0x00402536
0x00402537
0x00000000
0x00402537
0x00402513
0x00402516
0x00000000
0x00000000
0x00402518
0x0040251b
0x00000000
0x00000000
0x0040251d
0x00402520
0x00000000
0x00000000
0x00402522
0x00000000
0x00402522
0x00402509
0x0040250c
0x00000000
0x00000000
0x00000000
0x0040250c
0x004024db
0x004024de
0x004024f3
0x004024f4
0x004024fa
0x004024fa
0x004024fd
0x00402500
0x00402502
0x00000000
0x00000000
0x00000000
0x00402502
0x004024e0
0x004024e3
0x00000000
0x00000000
0x004024e5
0x004024e8
0x00000000
0x00000000
0x004024eb
0x00000000
0x00402539
0x00402539
0x0040253a
0x0040253a
0x00402546
0x00402548
0x0040254a
0x0040254b
0x00402551
0x0040255c
0x0040255c
0x0040255c
0x0040255e
0x00402560
0x00402569
0x00402578
0x0040257e
0x0040257e
0x00402580
0x00402581
0x00402587
0x00402588
0x00402588
0x00402595
0x0040259b
0x0040259d
0x00402659
0x0040265b
0x00402664
0x00402667
0x0040266a
0x004026a8
0x004026a8
0x004026ae
0x004026b7
0x004026b7
0x004026bd
0x004026c3
0x004026c9
0x004026cf
0x004026d4
0x004026d4
0x004026d6
0x004026d6
0x004026db
0x004026dc
0x00401e6b
0x00401e6b
0x00000000
0x00401e6b
0x0040266c
0x00402671
0x00402677
0x00402681
0x00402681
0x00402687
0x00402688
0x0040268a
0x0040268f
0x00402695
0x0040269a
0x0040269d
0x00000000
0x0040269d
0x00402679
0x0040267f
0x00000000
0x00000000
0x00000000
0x0040267f
0x004025a3
0x004025ab
0x004025af
0x004025b2
0x004025b4
0x004025b6
0x004025b8
0x004025ba
0x004025d0
0x004025bc
0x004025bc
0x004025c2
0x004025c3
0x004025c9
0x004025ca
0x004025cc
0x004025cc
0x004025d6
0x004025d9
0x004025db
0x004025e1
0x004025e1
0x004025e3
0x00000000
0x00000000
0x004025e5
0x004025e7
0x00000000
0x00000000
0x004025e9
0x004025eb
0x00000000
0x00000000
0x004025ed
0x004025ef
0x00000000
0x00000000
0x004025f1
0x00000000
0x004025dd
0x004025dd
0x004025df
0x004025f5
0x004025f5
0x004025f7
0x004025f8
0x004025f8
0x004025fb
0x004025fc
0x004025ff
0x00402604
0x00402605
0x00402608
0x0040260a
0x0040260d
0x0040260f
0x00402615
0x00402615
0x00402617
0x00402629
0x00402629
0x0040262b
0x0040262c
0x0040262c
0x0040262e
0x0040262f
0x00402636
0x00402637
0x0040263e
0x00402644
0x00402646
0x00402648
0x0040264a
0x0040264c
0x0040264d
0x00402654
0x00402655
0x00402657
0x00402657
0x00000000
0x0040264a
0x00402619
0x0040261b
0x00000000
0x00000000
0x0040261d
0x0040261f
0x00000000
0x00000000
0x00402621
0x00402623
0x00000000
0x00000000
0x00402625
0x00000000
0x00402625
0x00402611
0x00402613
0x00000000
0x00000000
0x00000000
0x00402613
0x00000000
0x004025df
0x004025db
0x0040247a
0x00402484
0x00402133
0x00402133
0x00402138
0x0040213d
0x0040213d
0x00000000
0x00000000
0x004026e4
0x004026e5
0x004026ea
0x00000000
0x004026f0
0x004026f6
0x004026f8
0x004026fd
0x004026fe
0x00402704
0x00402706
0x0040270d
0x00402714
0x00402717
0x0040271c
0x0040271e
0x00402728
0x0040272a
0x00402731
0x00402738
0x0040273a
0x00402741
0x00402748
0x00402748
0x00402743
0x00402743
0x00402745
0x00402745
0x00402756
0x00402758
0x0040275f
0x00402766
0x00402766
0x00402761
0x00402761
0x00402763
0x00402763
0x00402788
0x0040278e
0x00402793
0x00402796
0x00402798
0x004027ae
0x004027ae
0x004027ae
0x00000000
0x0040279a
0x0040279a
0x0040279d
0x00000000
0x00000000
0x0040279f
0x004027a2
0x00000000
0x00000000
0x004027a4
0x004027a7
0x00000000
0x00000000
0x004027a9
0x004027ab
0x004027b0
0x004027b0
0x004027d0
0x004027d3
0x004027dd
0x004027df
0x004027e9
0x004027eb
0x004027f9
0x004027fb
0x00402800
0x00402803
0x00402805
0x00402807
0x00402807
0x00402815
0x0040281b
0x0040282e
0x00402836
0x00402838
0x00402846
0x0040284c
0x0040284e
0x00402858
0x0040285a
0x00402861
0x00402863
0x0040286a
0x0040286c
0x00402876
0x0040287d
0x0040287f
0x00402881
0x00402883
0x0040288a
0x0040288c
0x00402896
0x0040289d
0x0040289f
0x004028a1
0x004028a3
0x004028aa
0x004028ac
0x004028b6
0x004028bd
0x004028bf
0x004028c1
0x004028ca
0x004028cc
0x004028da
0x004028e0
0x004028e2
0x004028ec
0x004028ee
0x004028f5
0x004028f7
0x004028fe
0x00402900
0x0040290a
0x00402911
0x00402913
0x00402915
0x00402917
0x0040291e
0x00402920
0x0040292a
0x00402931
0x00402933
0x00402935
0x00402937
0x0040293e
0x00402940
0x0040294a
0x00402951
0x00402953
0x00402955
0x00402977
0x0040297f
0x00402981
0x0040298b
0x0040298d
0x0040299b
0x0040299d
0x004029a7
0x004029a9
0x004029b0
0x004029b2
0x004029b9
0x004029bb
0x004029c5
0x004029c7
0x004029ce
0x004029d5
0x004029e1
0x004029e6
0x004029e8
0x004029ea
0x00402a0b
0x00402a1d
0x00402a27
0x00402a2e
0x00402a34
0x00402a37
0x00402a3e
0x00402a44
0x00402a4a
0x00402a4c
0x00402a4f
0x00402a63
0x00402a65
0x00402a68
0x00402a6b
0x00402a6b
0x00402a6e
0x00000000
0x00402a51
0x00402a51
0x00402a5a
0x00402a5c
0x00402a5e
0x00402a61
0x00402a71
0x00402a89
0x00000000
0x00402a89
0x00000000
0x00402a61
0x00402a4f
0x00402798
0x00000000
0x00402a94
0x00402a95
0x00402a9a
0x00402a9c
0x00000000
0x00000000
0x00402aa3
0x00402aa4
0x00000000
0x00000000
0x00402aae
0x00402aaf
0x00402ab6
0x00000000
0x00000000
0x00402abd
0x00402ac2
0x00000000
0x00000000
0x00402acc
0x00402acd
0x00402ad2
0x00402ad5
0x00402ad7
0x00402ada
0x00402ada
0x00000000
0x00000000
0x00402adb
0x00402ae1
0x00402ae4
0x00000000
0x00000000
0x00402b9f
0x00402ba0
0x00402ba2
0x00402ba7
0x00000000
0x00402e66
0x00402e6c
0x00402e6f
0x00000000
0x00000000
0x00402e75
0x00402e7a
0x00402e7f
0x00000000
0x00000000
0x00402e95
0x00402e9a
0x00402e9b
0x00402ea0
0x00402ea8
0x00402eae
0x00402eb0
0x00402eb2
0x00402eb3
0x00402eb6
0x00402eb6
0x00402eb6
0x00402eb9
0x00402ec6
0x00402ec9
0x00402ecf
0x00402ed2
0x00402ed5
0x00402eda
0x00402edd
0x00402edd
0x00402ee2
0x00402ee9
0x00402eec
0x00402ef0
0x00402ef7
0x00402efd
0x00402efe
0x00402eff
0x00000000
0x00000000
0x00402aee
0x00402aef
0x00000000
0x00000000
0x00402af9
0x00402afa
0x00402aff
0x00402aff
0x00402aff
0x00000000
0x00402b0e
0x00402b15
0x00000000
0x00000000
0x00402b17
0x00000000
0x00000000
0x00402b23
0x00402b24
0x00402b29
0x00402b2b
0x00000000
0x00402b38
0x00402b39
0x00000000
0x00000000
0x00402b43
0x00402b44
0x00402b49
0x00402b49
0x00402b49
0x00000000
0x00402b58
0x00402b5f
0x00402b76
0x00402b76
0x00402b7b
0x00402b80
0x00402b85
0x00402b85
0x00402b88
0x00402b88
0x00000000
0x00402b88
0x00402b61
0x00000000
0x00000000
0x00402b6d
0x00402b6e
0x00402b73
0x00402b75
0x00000000
0x00402c9c
0x00402ca1
0x00402ca3
0x00402ca5
0x00402ca7
0x00402ca9
0x00402cae
0x00402cb0
0x00402cb1
0x00402cb6
0x00402cb7
0x00402cb9
0x00402cbe
0x00402cbf
0x00402cc2
0x00402cc8
0x00000000
0x00000000
0x00402cd3
0x00402cdb
0x00402ce1
0x00402ce7
0x00402cf5
0x00402cf7
0x00402cf8
0x00402cf8
0x00402cf8
0x00402cfb
0x00402ce9
0x00402ce9
0x00402ced
0x00402ced
0x00402d00
0x00402d03
0x00402d08
0x00402d0b
0x00402d0f
0x00402d12
0x00000000
0x00000000
0x00402d18
0x00402d1e
0x00402de9
0x00402def
0x00402df6
0x00402dfa
0x00402dfe
0x00402e03
0x00402e06
0x00402e07
0x00402e0b
0x00402e11
0x00402e18
0x00402e21
0x00402e21
0x00402e1a
0x00402e1a
0x00402e1a
0x00402e2a
0x00402e2d
0x00402e33
0x00402e35
0x00402e38
0x00402e3b
0x00402e49
0x00402e50
0x00000000
0x00402e50
0x00402d24
0x00402d29
0x00402d37
0x00402d42
0x00402d48
0x00402d4e
0x00402d50
0x00402d52
0x00402d59
0x00402d5e
0x00402d5f
0x00402d62
0x00402d68
0x00402d6a
0x00402d8e
0x00402d9a
0x00402da1
0x00402db0
0x00402db8
0x00402dba
0x00000000
0x00000000
0x00402dcf
0x00000000
0x00402d6c
0x00402d6c
0x00402d6c
0x00402d73
0x00402d7a
0x00402d7c
0x00000000
0x00000000
0x00402d7e
0x00402d80
0x00000000
0x00000000
0x00402d82
0x00402d85
0x00402d87
0x00402d89
0x00402d89
0x00402d89
0x00402d8b
0x00402d8b
0x00000000
0x00402d6c
0x00000000
0x00401cc5
0x00401828
0x00401828
0x00401829
0x00401893
0x0040189b
0x0040189d
0x004018bc
0x004018be
0x004018e4
0x004018e9
0x00401b24
0x00401b29
0x00401b2e
0x00401b38
0x00401b38
0x00401b3b
0x00401b40
0x00401b42
0x00401b42
0x00401b51
0x00401b53
0x00401b55
0x00401b58
0x00401b74
0x00401b7a
0x00401b87
0x00401b8d
0x00401b90
0x00401b91
0x00401b92
0x00401bcc
0x00401bd4
0x00401bdc
0x00401bde
0x00401bdf
0x00401be5
0x00401be7
0x00401beb
0x00401beb
0x00401bee
0x00401bef
0x00401bf1
0x00401bf6
0x00401bfb
0x00401b94
0x00401b97
0x00401b9b
0x00401ba3
0x00401ba5
0x00401ba6
0x00401bac
0x00401bae
0x00401bb5
0x00401bb6
0x00401bb8
0x00401bbd
0x00401bc2
0x00401bc2
0x00401c0c
0x00401c1b
0x00401c38
0x00401c3a
0x00401c3d
0x00401c42
0x00401c44
0x00401c44
0x00401c4f
0x00401c56
0x00401c65
0x00401c73
0x00401c78
0x00401c80
0x00401c85
0x00401c87
0x00401c8e
0x00401c9f
0x00401ca8
0x00401ca8
0x00000000
0x00401b5a
0x00401b62
0x00401b64
0x00401b66
0x00401b69
0x00000000
0x00000000
0x00401b6f
0x00000000
0x00401b6f
0x00401b58
0x00401b30
0x00401b32
0x00000000
0x00000000
0x00000000
0x00401b32
0x004018ef
0x00401900
0x00401926
0x00401926
0x0040192d
0x00401938
0x00401938
0x0040193f
0x0040194a
0x0040194a
0x00401951
0x00401967
0x00401967
0x0040196d
0x00401993
0x00401993
0x0040199a
0x004019a5
0x004019a5
0x004019ac
0x004019b7
0x004019b7
0x004019be
0x004019fc
0x004019fc
0x00401a01
0x00401a06
0x00401a4c
0x00401a51
0x00401ac6
0x00401acc
0x00401ada
0x00401ae0
0x00401a53
0x00401a53
0x00401a66
0x00401a6f
0x00401a75
0x00401a77
0x00401a79
0x00401a7c
0x00401a7e
0x00401a7e
0x00401a8b
0x00401a8e
0x00401a93
0x00401a9e
0x00401abb
0x00401ac1
0x00401a08
0x00401a08
0x00401a1d
0x00401a21
0x00401a22
0x00401a26
0x00401a3e
0x00401a44
0x00401af0
0x00401b04
0x00401b0a
0x00401b0d
0x00000000
0x00401b13
0x00401b13
0x00401b19
0x00000000
0x00401b19
0x00401b0d
0x004019c2
0x004019c4
0x004019c7
0x00000000
0x00000000
0x004019c9
0x004019ce
0x004019db
0x004019e1
0x004019eb
0x004019eb
0x004019ed
0x004019ee
0x004019f6
0x00000000
0x004019f6
0x004019b0
0x004019b2
0x004019b5
0x00000000
0x00000000
0x00000000
0x004019b5
0x0040199e
0x004019a0
0x004019a3
0x00000000
0x00000000
0x00000000
0x004019a3
0x00401971
0x00401973
0x00401976
0x00000000
0x00000000
0x0040197a
0x0040197c
0x0040197f
0x00000000
0x00000000
0x00401983
0x00401985
0x00401988
0x00000000
0x00000000
0x0040198c
0x0040198e
0x00401991
0x00000000
0x00000000
0x00000000
0x00401991
0x00401955
0x00401957
0x0040195a
0x00000000
0x00000000
0x0040195c
0x0040195c
0x0040195d
0x00000000
0x0040195d
0x00401943
0x00401945
0x00401948
0x00000000
0x00000000
0x00000000
0x00401948
0x00401931
0x00401933
0x00401936
0x00000000
0x00000000
0x00000000
0x00401936
0x00401904
0x00401906
0x00401909
0x00000000
0x00000000
0x0040190d
0x0040190f
0x00401912
0x00000000
0x00000000
0x00401916
0x00401918
0x0040191b
0x00000000
0x00000000
0x0040191f
0x00401921
0x00401924
0x00000000
0x00000000
0x00000000
0x00401924
0x004018c0
0x004018c6
0x004018d0
0x004018da
0x004018da
0x00000000
0x004018c6
0x004018a3
0x004018ad
0x00000000
0x004018ad
0x0040182b
0x0040182b
0x00401831
0x00401873
0x00401879
0x0040187f
0x00401881
0x00401888
0x00401888
0x00000000
0x00401881
0x00401833
0x00401834
0x00000000
0x00000000
0x0040184b
0x00401853
0x00401854
0x00401856
0x00401858
0x0040185e
0x00401861
0x00401865
0x00401865
0x0040185a
0x0040185a
0x0040185a
0x0040186b
0x0040186f
0x00401870
0x004017fa
0x004017fd
0x00000000
0x004017fd
0x00401502
0x004017e9
0x004017ed
0x00401808
0x0040180c
0x00000000
0x00000000
0x00401812
0x00401813
0x004017f5
0x004017f5
0x00000000
0x004017f5
0x004017ef
0x004017f0
0x00000000
0x004017f0
0x00401508
0x00401509
0x004017d1
0x004017d7
0x004017d8
0x004017da
0x004017df
0x00000000
0x004017df
0x0040150f
0x00401510
0x00401669
0x0040166f
0x0040167c
0x00401685
0x00401697
0x004016a7
0x004016ba
0x004016cd
0x004016e5
0x004016fa
0x00401701
0x00401707
0x00401707
0x00401713
0x00401726
0x0040173e
0x00401743
0x00401746
0x0040174b
0x0040174d
0x00401750
0x00401756
0x00401756
0x0040175c
0x00401761
0x00401763
0x00401766
0x0040176c
0x0040176c
0x00401772
0x0040177d
0x0040177f
0x00401782
0x00401784
0x00401784
0x0040178a
0x0040178f
0x00401791
0x00401794
0x00401796
0x00401796
0x004017a4
0x004017ab
0x004017b1
0x00000000
0x004017b1
0x00401516
0x00401519
0x0040153a
0x00401558
0x0040155b
0x0040155e
0x00401567
0x00401569
0x0040156d
0x00401570
0x0040158a
0x0040158a
0x00401591
0x00401591
0x00401595
0x004015a3
0x004015c4
0x004015cc
0x004015d7
0x004015d9
0x004015dd
0x004015e0
0x004015fa
0x004015fa
0x00401601
0x00401601
0x00000000
0x00401601
0x004015e2
0x004015ec
0x00000000
0x00000000
0x004015ee
0x004015f6
0x00000000
0x004015f6
0x00401572
0x0040157c
0x00000000
0x00000000
0x0040157e
0x00401586
0x00000000
0x00401605
0x00401613
0x00401634
0x0040163c
0x0040163e
0x00401641
0x00401641
0x0040164e
0x0040165e
0x00000000
0x0040151b
0x0040151c
0x00401525
0x00401525
0x00000000
0x0040151c

APIs
  • DestroyWindow.USER32(?), ref: 00401525
  • BeginPaint.USER32(?,?), ref: 0040153A
  • CreateCompatibleDC.GDI32(?), ref: 00401546
  • SelectObject.GDI32(?), ref: 00401567
  • BitBlt.GDI32(?,00000002,?,00000026,-004069E8,00000002,00000002,00000000,008800C6), ref: 004015C4
  • SelectObject.GDI32(00000002,?), ref: 004015CC
  • SelectObject.GDI32(00000002), ref: 004015D7
  • BitBlt.GDI32(?,00000002,?,00000026,-004069E8,00000002,00000002,00000000,00EE0086), ref: 00401634
  • SelectObject.GDI32(00000002,?), ref: 0040163C
  • DeleteDC.GDI32(00000006), ref: 0040164E
  • EndPaint.USER32(?,?,?,00000026,-004069E8,00000002,00000002,00000000,00EE0086,?,00000026,-004069E8,00000002,00000002,00000000,008800C6), ref: 0040165E
  • GetWindowRect.USER32 ref: 0040167C
  • DestroyCursor.USER32(00170355), ref: 00401766
  • DeleteObject.GDI32(9B05071F), ref: 00401782
  • DeleteObject.GDI32(8B0509B3), ref: 00401794
  • KillTimer.USER32(?,000003ED), ref: 004017A4
  • GetModuleHandleA.KERNEL32(00000000,00000005,00000000,00000020,00000020,004051B8,00405238), ref: 004017CA
  • CreateCursor.USER32(00000000), ref: 004017D1
  • PostMessageA.USER32 ref: 004017FD
  • GetCursor.USER32 ref: 00401873
  • SetCursor.USER32(00170355), ref: 00401888
  • SetTimer.USER32(?,000003ED,00000032,00000000), ref: 0040269D
  • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
Strings
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: Object$CursorSelect$DeleteWindow$CreateDestroyPaintTimer$BeginCompatibleHandleKillMessageModulePostProcRect
  • String ID: Compile Error$ Compile successful "%s" (%d %s)Program attributes:---------------------------------- Execution Speed: %d%sx Repeat Loops: %d$ MB$ n@$%02d:%02d (%d/%d%s)$%05d$.exe$.rec$About TinyTask$C:\Users\user\Desktop\tinytask-1-77.ini$EDIT$Nothing RecordedPress the blue button to start a new recording$O$Program Files (*.exe)$REC %02d:%02d$Recording Files (*.rec)$STATIC$Set Custom Speed$Set Playback Loops$TinyTask$Unable to write file$hide_captions$play_key$record_key$speed$speed_custom$tinytask.net$toolbar_padding$topmost$window_x$window_y
  • API String ID: 3974302151-104542411
  • Opcode ID: 3328e2d432b1d7fda1f29fb1e81baa9d243d82a702f79ae110f6decac78090d2
  • Instruction ID: f722533ecfca98a017aa9ff3a069563f491adbaca09d2f8958cd1ec79fb6b22f
  • Opcode Fuzzy Hash: 3328e2d432b1d7fda1f29fb1e81baa9d243d82a702f79ae110f6decac78090d2
  • Instruction Fuzzy Hash: 8B7292B1900209BBDF209F64DD49EAF7B79EB44344F11413AF606B62E1DB788E509F68
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 267 401000-401077 call 4043d7 270 401079 267->270 271 40107b-401097 call 40441b 267->271 270->271 274 4010a1-4010a8 call 404617 271->274 275 401099-40109f 271->275 276 4010ad-4010c9 call 403c71 274->276 275->276 281 40124f-4012a7 call 4042ca LoadIconA RegisterClassExA 276->281 282 4010cf-4010ec GetModuleHandleA GetModuleFileNameA 276->282 291 4012c0-4012c7 281->291 292 4012a9-4012af 281->292 283 4010f5-4010fc 282->283 284 4010ee-4010f4 call 4043d7 282->284 288 4010fe-40110c 283->288 289 40111f-4011d3 call 404464 GetPrivateProfileIntA call 40392f GetSystemMetrics * 2 GetPrivateProfileIntA * 2 SetRect GetDC RectVisible 283->289 284->283 288->289 293 40110e-401110 288->293 309 4011e1-40124d GetPrivateProfileIntA * 6 289->309 310 4011d5-4011de 289->310 296 4012d0 291->296 297 4012c9-4012ce 291->297 295 4012b4-4012bb MessageBoxA 292->295 293->289 298 401112-401115 293->298 300 4013f3-4013f5 295->300 301 4012d2-40130b CreateWindowExA 296->301 297->301 302 401117-40111a 298->302 303 40111c-40111d 298->303 305 401482-401486 300->305 306 40131a-401341 ShowWindow UpdateWindow 301->306 307 40130d-401318 301->307 302->303 303->288 311 401343-40134a 306->311 312 4013b6-4013bd 306->312 307->295 309->281 310->309 311->312 313 40134c-401356 311->313 314 4013c3-4013f1 GetModuleHandleA GetModuleFileNameA call 402f8e 312->314 315 40144a-401456 312->315 317 401358-401367 call 4043d7 313->317 318 401369 313->318 314->300 326 4013fa-401403 314->326 316 401457-40145b KiUserCallbackDispatcher 315->316 323 40145d-401460 316->323 324 40147f 316->324 322 40136b-401373 317->322 318->322 327 4013a4-4013b1 call 402f8e 322->327 328 401375-401385 322->328 323->324 329 401462-40147d TranslateMessage DispatchMessageA 323->329 324->305 330 401405-40140b call 404617 326->330 331 40140c-40141d 326->331 327->315 328->327 332 401387-40138a 328->332 329->316 330->331 337 401427-40142e call 404617 331->337 338 40141f-401425 331->338 335 4013a1-4013a2 332->335 336 40138c-40139f call 404399 332->336 335->328 336->328 342 401433-401444 PostMessageA 337->342 338->342 342->315
C-Code - Quality: 47%
			E00401000(void* __eflags, struct HINSTANCE__* _a4, intOrPtr _a12) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				int _v24;
				int _v28;
				struct _WNDCLASSEXA _v76;
				struct tagMSG _v104;
				void* _v116;
				struct tagRECT _v120;
				void _v375;
				signed int _v376;
				void _v631;
				char _v632;
				int _t88;
				signed int _t99;
				signed int _t100;
				struct HINSTANCE__* _t103;
				struct HICON__* _t104;
				signed int _t107;
				signed int _t109;
				struct HWND__* _t113;
				void* _t117;
				void* _t139;
				CHAR* _t146;
				int _t149;
				int _t153;
				int _t158;
				int _t163;
				int _t164;
				int _t169;
				int _t170;
				signed int _t172;
				int _t175;
				signed char* _t180;
				CHAR* _t181;
				signed int _t183;
				signed char _t196;
				intOrPtr _t204;
				void* _t209;
				signed char _t223;
				CHAR* _t234;
				void* _t235;
				int _t236;
				CHAR* _t237;
				intOrPtr* _t238;
				void* _t239;
				void* _t241;
				void* _t242;
				void* _t246;
				void* _t247;
				void* _t248;
				void* _t252;

				_t181 = 0;
				_t183 = 0xb;
				_v76.cbSize = 0;
				_push(6);
				_t88 = memset( &(_v76.style), 0, _t183 << 2);
				_v104.hwnd = 0;
				_v120.left = 0;
				memset( &(_v104.message), _t88, 0 << 2);
				_v632 = _v632 & 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_push(0x3f);
				memset( &_v631, 0, 0 << 2);
				_v376 = _v376 & 0;
				_push(0x3f);
				asm("stosw");
				asm("stosb");
				memset( &_v375, 0, 0 << 2);
				_t246 = _t242 + 0x30;
				asm("stosw");
				_v16 = 0;
				_v20 = 0;
				_v12 = 0;
				_v8 = 0;
				asm("stosb");
				if(E004043D7(_a12) > 0xfe) {
				}
				E0040441B( &_v376, _a12, 0xfe);
				_t247 = _t246 + 0xc;
				if(0x406038 != 0) {
					 *0x406a10 = E00404617(0x406038);
				} else {
					 *0x406a10 = _t181;
				}
				_t99 = E00403C71(_t181);
				_t252 = _t99 -  *0x406a10; // 0x8e00
				_t234 = "TinyTask";
				_t100 = _t99 & 0xffffff00 | _t252 > 0x00000000;
				 *0x406d1d = _t100;
				if(_t100 != 0) {
					L17:
					_t236 = 0x30;
					E004042CA( &_v76, _t181, _t236);
					_t103 = _a4;
					_t248 = _t247 + 0xc;
					_v76.cbSize = _t236;
					_v76.style = _t181;
					_v76.lpfnWndProc = E00401489;
					_v76.hInstance = _t103;
					_v76.hCursor = _t181;
					_t104 = LoadIconA(_t103, 0xfa1); // executed
					_v76.hIcon = _t104;
					_t237 = "TinyTaskClass";
					_v76.hIconSm = _t181;
					_v76.hbrBackground = 0x10;
					_v76.lpszMenuName = _t181;
					_v76.lpszClassName = _t237;
					if(RegisterClassExA( &_v76) != 0) {
						if(_v12 <= 0xe0) {
							_t107 = 0;
						} else {
							_t107 = 0x20000;
						}
						_t109 =  *0x406a00; // 0x0
						asm("sbb eax, eax");
						_t113 = CreateWindowExA( ~_t109 & 0x00000008 | 0x00040000, _t237, _t234, _t107 | 0x86c80000, _v16, _v20, _v12, _v8, _t181, _t181, _a4, _t181); // executed
						 *0x4069e0 = _t113;
						if(_t113 != _t181) {
							_t196 =  *0x406d1d; // 0x0
							asm("sbb ecx, ecx");
							ShowWindow(_t113, ( ~_t196 & 0xfffffffb) + 5); // executed
							UpdateWindow( *0x4069e0);
							if(_a12 == _t181 || _v376 == 0) {
								if( *0x406d1d == 0) {
									goto L45;
								}
								GetModuleFileNameA(GetModuleHandleA(_t181),  &_v632, 0xff);
								if(E00402F8E( &_v632,  *0x406a10) != 0) {
									_t129 = 0x40604c;
									if(0x40604c != 0) {
										_t129 = E00404617(0x40604c);
									}
									 *0x406a04 = _t129 & 0x000000ff;
									if(0x406044 != 0) {
										 *0x40600c = E00404617(0x406044);
									} else {
										 *0x40600c = _t181;
									}
									PostMessageA( *0x4069e0, 0x111, 0x8003, _t181);
									goto L45;
								}
								goto L38;
							} else {
								_t239 = 0;
								if( &_v376 == 0) {
									_t235 = 0;
								} else {
									_t235 = E004043D7( &_v376);
								}
								if( &_v376 == 0) {
									L35:
									E00402F8E( &_v376, _t181);
									L45:
									_t238 = GetMessageA;
									_push(_t181);
									_push(_t181);
									_push(_t181);
									_push( &_v104); // executed
									while(1) {
										_t117 =  *_t238(); // executed
										if(_t117 == _t181 || _t117 == 0xffffffff) {
											break;
										}
										TranslateMessage( &_v104);
										DispatchMessageA( &_v104); // executed
										_push(_t181);
										_push(_t181);
										_push(_t181);
										_push( &_v104);
									}
									return _v104.wParam;
								} else {
									while(1) {
										_t204 =  *((intOrPtr*)(_t241 + _t239 - 0x174));
										_t139 = _t241 + _t239 - 0x174;
										if(_t204 == 0) {
											goto L35;
										}
										if(_t204 != 0x22) {
											_t239 = _t239 + 1;
										} else {
											_t78 = _t139 + 1; // 0x1
											E00404399(_t139, _t78, _t235 - _t239);
											_t248 = _t248 + 0xc;
											_t235 = _t235 - 1;
										}
									}
									goto L35;
								}
							}
						} else {
							_push(0x12030);
							_push(_t234);
							_push("Startup Failure: CreateWindow");
							L19:
							MessageBoxA(_t181, ??, ??, ??);
							L38:
							return 0;
						}
					}
					_push(0x12030);
					_push(_t234);
					_push("Startup Failure: RegisterClass");
					goto L19;
				} else {
					GetModuleFileNameA(GetModuleHandleA(_t181), 0x406c18, 0xff);
					_t146 = 0x406c18;
					if(0x406c18 != 0) {
						_t146 = E004043D7(0x406c18);
					}
					_t26 = _t146 - 1; // -1
					_t209 = _t26;
					if(0x406c18 == 0) {
						L14:
						E00404464(0x406c18, ".ini");
						_t149 = GetPrivateProfileIntA(_t234, "toolbar_padding", 5, 0x406c18); // executed
						 *0x406040 = _t149;
						E0040392F( &_v12,  &_v8); // executed
						_t153 = GetSystemMetrics(0);
						asm("cdq");
						asm("cdq");
						_v28 = (_t153 - _t223 >> 1) - (_v12 - _t223 >> 1);
						_t158 = GetSystemMetrics(1);
						asm("cdq");
						asm("cdq");
						_v24 = (_t158 - _t223 >> 1) - (_v8 - _t223 >> 1);
						_t163 = GetPrivateProfileIntA(_t234, "window_x", _v28, 0x406c18); // executed
						_v16 = _t163;
						_t164 = GetPrivateProfileIntA(_t234, "window_y", _v24, 0x406c18);
						_t38 = _t164 + 1; // 0x1
						_v20 = _t164;
						_t41 = _v16 + 1; // 0x404703
						SetRect( &_v120, _v16, _t164, _t41, _t38);
						_t169 = RectVisible(GetDC(0),  &_v120); // executed
						if(_t169 == 0) {
							_v16 = _v28;
							_v20 = _v24;
						}
						_t170 = GetPrivateProfileIntA(_t234, "speed", 0, 0x406c18); // executed
						 *0x406a04 = _t170;
						 *0x406008 = GetPrivateProfileIntA(_t234, "speed_custom", 8, 0x406c18);
						_t172 = GetPrivateProfileIntA(_t234, "topmost", 0, 0x406c18);
						asm("sbb eax, eax");
						 *0x406a00 =  ~_t172 & 0x00040000;
						_t175 = GetPrivateProfileIntA(_t234, "hide_captions", 0, 0x406c18);
						_v8 = _v8 - _t175;
						 *0x406a14 = _t175;
						 *0x406d1b = GetPrivateProfileIntA(_t234, "record_key", 0, 0x406c18);
						 *0x406d1c = GetPrivateProfileIntA(_t234, "play_key", 0, 0x406c18);
						_t181 = 0;
						goto L17;
					} else {
						while(1) {
							_t223 =  *(_t209 + 0x406c18);
							_t180 = _t209 + 0x406c18;
							if(_t223 == 0 || _t209 < _t181) {
								goto L14;
							}
							if(_t223 == 0x2e) {
								 *_t180 =  *_t180 & 0x00000000;
								_t209 = 0;
							}
							_t209 = _t209 - 1;
						}
						goto L14;
					}
				}
			}
























































0x0040100e
0x00401010
0x00401016
0x00401019
0x0040101b
0x00401021
0x00401024
0x00401027
0x0040102c
0x00401032
0x00401033
0x00401034
0x00401035
0x00401040
0x00401042
0x00401048
0x0040104a
0x0040104c
0x00401059
0x00401059
0x0040105b
0x0040105d
0x00401060
0x00401063
0x00401066
0x00401069
0x00401077
0x00401079
0x00401086
0x00401090
0x00401097
0x004010a8
0x00401099
0x00401099
0x00401099
0x004010ae
0x004010b3
0x004010ba
0x004010bf
0x004010c4
0x004010c9
0x0040124f
0x00401254
0x00401258
0x0040125d
0x00401260
0x00401263
0x00401266
0x0040126f
0x00401276
0x00401279
0x0040127c
0x00401282
0x00401288
0x0040128e
0x00401291
0x00401298
0x0040129b
0x004012a7
0x004012c7
0x004012d0
0x004012c9
0x004012c9
0x004012c9
0x004012ea
0x004012f1
0x004012fe
0x00401306
0x0040130b
0x0040131a
0x00401322
0x0040132c
0x00401338
0x00401341
0x004013bd
0x00000000
0x00000000
0x004013d7
0x004013f1
0x004013fa
0x00401403
0x00401406
0x0040140b
0x0040140f
0x0040141d
0x0040142e
0x0040141f
0x0040141f
0x0040141f
0x00401444
0x00000000
0x00401444
0x00000000
0x0040134c
0x00401352
0x00401356
0x00401369
0x00401358
0x00401365
0x00401365
0x00401373
0x004013a4
0x004013ac
0x0040144a
0x0040144a
0x00401450
0x00401451
0x00401455
0x00401456
0x00401457
0x00401457
0x0040145b
0x00000000
0x00000000
0x00401466
0x00401470
0x00401476
0x00401477
0x0040147b
0x0040147c
0x0040147c
0x00000000
0x00401375
0x00401375
0x00401375
0x0040137c
0x00401385
0x00000000
0x00000000
0x0040138a
0x004013a1
0x0040138c
0x00401391
0x00401396
0x0040139b
0x0040139e
0x0040139e
0x0040138a
0x00000000
0x00401375
0x00401373
0x0040130d
0x0040130d
0x00401312
0x00401313
0x004012b4
0x004012b5
0x004013f3
0x00000000
0x004013f3
0x0040130b
0x004012a9
0x004012ae
0x004012af
0x00000000
0x004010cf
0x004010e2
0x004010e8
0x004010ec
0x004010ef
0x004010f4
0x004010f5
0x004010f5
0x004010fc
0x0040111f
0x00401125
0x0040113b
0x0040113d
0x0040114a
0x00401153
0x00401159
0x00401163
0x0040116c
0x0040116f
0x00401175
0x00401181
0x00401190
0x00401193
0x00401196
0x004011a2
0x004011a4
0x004011a7
0x004011ae
0x004011b8
0x004011cb
0x004011d3
0x004011d8
0x004011de
0x004011de
0x004011ea
0x004011f5
0x00401205
0x0040120a
0x0040120e
0x0040121e
0x00401223
0x00401225
0x00401231
0x00401241
0x00401248
0x0040124d
0x00000000
0x004010fe
0x004010fe
0x004010fe
0x00401104
0x0040110c
0x00000000
0x00000000
0x00401115
0x00401117
0x0040111a
0x0040111a
0x0040111c
0x0040111c
0x00000000
0x004010fe
0x004010fc

APIs
  • GetModuleHandleA.KERNEL32(00000000,C:\Users\user\Desktop\tinytask-1-77.ini,000000FF,?,00000000), ref: 004010DB
  • GetModuleFileNameA.KERNEL32(00000000,?,00000000), ref: 004010E2
  • GetPrivateProfileIntA.KERNEL32 ref: 0040113B
  • GetSystemMetrics.USER32 ref: 00401153
  • GetSystemMetrics.USER32 ref: 0040116F
  • GetPrivateProfileIntA.KERNEL32 ref: 00401193
  • GetPrivateProfileIntA.KERNEL32 ref: 004011A2
  • SetRect.USER32 ref: 004011B8
  • GetDC.USER32(00000000), ref: 004011C4
  • RectVisible.GDI32(00000000), ref: 004011CB
  • GetPrivateProfileIntA.KERNEL32 ref: 004011EA
  • GetPrivateProfileIntA.KERNEL32 ref: 004011FA
  • GetPrivateProfileIntA.KERNEL32 ref: 0040120A
  • GetPrivateProfileIntA.KERNEL32 ref: 00401223
  • GetPrivateProfileIntA.KERNEL32 ref: 00401236
  • GetPrivateProfileIntA.KERNEL32 ref: 00401246
  • LoadIconA.USER32(00000000,00000FA1), ref: 0040127C
  • RegisterClassExA.USER32(?), ref: 0040129E
  • MessageBoxA.USER32 ref: 004012B5
  • CreateWindowExA.USER32 ref: 004012FE
  • ShowWindow.USER32(00000000,-00000005,?,?,?,?,00000000), ref: 0040132C
  • UpdateWindow.USER32 ref: 00401338
  • GetModuleHandleA.KERNEL32(00000000,?,000000FF,?,?,?,?,00000000), ref: 004013D0
  • GetModuleFileNameA.KERNEL32(00000000,?,?,?,?,00000000), ref: 004013D7
    • Part of subcall function 00402F8E: wsprintfA.USER32 ref: 00402FD3
    • Part of subcall function 00402F8E: MessageBoxA.USER32 ref: 00402FF4
  • PostMessageA.USER32 ref: 00401444
  • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00401457
  • TranslateMessage.USER32(?), ref: 00401466
  • DispatchMessageA.USER32 ref: 00401470
Strings
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: PrivateProfile$Message$Module$Window$FileHandleMetricsNameRectSystem$CallbackClassCreateDispatchDispatcherIconLoadPostRegisterShowTranslateUpdateUserVisiblewsprintf
  • String ID: $$$$$$.ini$36352$@@@@@$C:\Users\user\Desktop\tinytask-1-77.ini$Startup Failure: CreateWindow$Startup Failure: RegisterClass$TinyTask$TinyTaskClass$hide_captions$play_key$record_key$speed$speed_custom$toolbar_padding$topmost$window_x$window_y
  • API String ID: 1572435291-1034089863
  • Opcode ID: 50be05e214897b5b73ae53f9ff58a90aeaef851f329f47b29bb95abc320a3051
  • Instruction ID: d9edc85bb2d409bc0d29e18e2679463e6c24fd010db42a333d5d0c6795cbaa8e
  • Opcode Fuzzy Hash: 50be05e214897b5b73ae53f9ff58a90aeaef851f329f47b29bb95abc320a3051
  • Instruction Fuzzy Hash: 14D18071A00209AFEB10DFB4DD49BAF7BB8EB44304F10453AF606FA1E1D77999548B68
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 346 402148-40215a mouse_event 347 40215c-40215f 346->347 348 402161-402167 347->348 349 4021db-4021e2 347->349 348->349 350 402169-40216f 348->350 349->347 351 4021e8-402220 call 4042ca SetKeyboardState 349->351 350->349 353 402171-40217b GetAsyncKeyState 350->353 359 402222-402230 GetAsyncKeyState 351->359 355 4021a6-4021a9 353->355 356 40217d-402180 353->356 360 4021b0-4021b3 355->360 361 4021ab-4021ae 355->361 357 402182-402185 356->357 358 402195-402196 GetAsyncKeyState 356->358 357->358 362 402187-40218a 357->362 364 40219c-4021a4 358->364 359->359 363 402232-40223f GetKeyState 359->363 365 4021c8-4021ca 360->365 366 4021b5-4021b8 360->366 361->360 361->365 362->358 367 40218c-402193 GetKeyState 362->367 368 402245-40225c VkKeyScanA * 2 363->368 369 4022fb-40230b Sleep 363->369 364->349 364->355 371 4021cb-4021d9 MapVirtualKeyA keybd_event 365->371 366->365 370 4021ba-4021bd 366->370 367->364 372 402272 368->372 373 40225e-402270 MapVirtualKeyA keybd_event 368->373 374 402384-4023b4 KillTimer GetTickCount 369->374 375 40230d-40231e 369->375 370->365 376 4021bf-4021c2 370->376 371->349 379 402278-40227d 372->379 373->379 377 4023b6 374->377 378 4023bb-4023cc SetWindowTextA 374->378 380 402320-402327 call 404294 375->380 381 40232d-402348 GetCursorPos 375->381 376->365 382 4021c4-4021c6 376->382 377->378 383 4023d2-4023e6 378->383 384 402f05-402f1b DefWindowProcA 378->384 385 402283-402285 379->385 386 40227f-402281 379->386 380->381 388 40234d-402361 GetKeyState 381->388 382->371 390 4023e8-4023f3 383->390 391 40240d-40240f 383->391 392 402297-402299 385->392 394 402287-402289 385->394 386->385 386->392 388->388 389 402363-40237f GetTickCount SetTimer 388->389 396 402451-40245d InvalidateRect 389->396 390->391 397 4023f5-4023fb 390->397 398 402411-402413 391->398 399 402419-402423 391->399 401 40229a-4022b1 MapVirtualKeyA keybd_event 392->401 394->392 400 40228b-40228d 394->400 396->384 404 402405-40240b 397->404 405 4023fd-402403 397->405 398->399 399->396 406 402425 399->406 400->392 407 40228f-402291 400->407 402 4022b3-4022b5 401->402 403 4022b7-4022b9 401->403 402->403 408 4022cb-4022cd 402->408 403->408 409 4022bb-4022bd 403->409 404->390 404->391 405->391 405->404 410 40242c-40244f call 4042ca 406->410 407->392 411 402293-402295 407->411 413 4022ce-4022ec MapVirtualKeyA keybd_event VkKeyScanA 408->413 409->408 412 4022bf-4022c1 409->412 410->396 418 402427 410->418 411->401 412->408 416 4022c3-4022c5 412->416 413->369 417 4022ee-4022f9 MapVirtualKeyA keybd_event 413->417 416->408 419 4022c7-4022c9 416->419 417->369 418->410 419->413
C-Code - Quality: 73%
			E00402148() {
				long _t56;
				CHAR* _t58;
				RECT* _t60;
				long _t61;
				RECT* _t65;
				RECT* _t67;
				signed char _t80;
				int _t81;
				intOrPtr _t84;
				unsigned int _t99;
				RECT* _t102;
				signed int _t104;
				signed int _t108;
				signed int _t109;
				signed int _t118;
				int _t120;
				int _t123;
				intOrPtr _t125;
				void* _t126;
				intOrPtr* _t130;
				int _t131;
				signed int _t134;
				void* _t135;
				void* _t137;
				void* _t139;
				void* _t141;
				void* _t177;

				mouse_event(4, _t102, _t102, _t102, _t102);
				_t130 = keybd_event;
				_t120 = 0;
				do {
					if(_t120 != 0x14 && _t120 != 0x90 && _t120 != 0x91) {
						if((GetAsyncKeyState(_t120) & 0x00000080) != 0) {
							L11:
							if(_t120 < 0x21 || _t120 > 0x2e) {
								if(_t120 == 0x11 || _t120 == 0x5b || _t120 == 0x5c || _t120 == 0x5d) {
									goto L18;
								} else {
								}
							} else {
								L18:
								_push(1);
								_pop(0);
							}
							 *_t130(_t120, MapVirtualKeyA(_t120, _t102), 2, _t102);
						} else {
							if(_t120 == 1 || _t120 == 2 || _t120 == 4) {
								_t99 = GetAsyncKeyState(_t120);
							} else {
								_t99 = GetKeyState(_t120);
							}
							if((_t99 >> 0x0000000f & 0x00000001) != _t102) {
								goto L11;
							}
						}
					}
					_t120 = _t120 + 1;
				} while (_t120 < 0x100);
				_t104 = 0x3f;
				 *(_t137 - 0x398) = _t102;
				memset(_t137 - 0x397, 0, _t104 << 2);
				asm("stosw");
				asm("stosb");
				E004042CA(_t137 - 0x398, _t102, 0x100);
				_t141 = _t139 + 0x18;
				SetKeyboardState(_t137 - 0x398);
				_t123 = 0;
				do {
					GetAsyncKeyState(_t123);
					_t123 = _t123 + 1;
				} while (_t123 < 0xff);
				if((GetKeyState(0x91) & 0x00000001) != 0) {
					 *((char*)(_t137 - 0xc)) = VkKeyScanA(0xffffff91);
					if(VkKeyScanA(0xffffff91) != 0) {
						 *_t130(0x10, MapVirtualKeyA(0x10, _t102), _t102, _t102);
					}
					_t80 =  *((intOrPtr*)(_t137 - 0xc));
					if(_t80 < 0x21 || _t80 > 0x2e) {
						if(_t80 == 0x11 || _t80 == 0x5b || _t80 == 0x5c || _t80 == 0x5d) {
							goto L34;
						} else {
						}
					} else {
						L34:
						_push(1);
						_pop(0);
					}
					_t81 = _t80 & 0x000000ff;
					 *(_t137 - 8) = _t81;
					 *_t130( *((intOrPtr*)(_t137 - 0xc)), MapVirtualKeyA(_t81, _t102), 0, _t102);
					_t84 =  *((intOrPtr*)(_t137 - 0xc));
					if(_t84 < 0x21 || _t84 > 0x2e) {
						if(_t84 == 0x11 || _t84 == 0x5b || _t84 == 0x5c || _t84 == 0x5d) {
							goto L42;
						} else {
						}
					} else {
						L42:
						_push(1);
						_pop(0);
					}
					 *_t130( *((intOrPtr*)(_t137 - 0xc)), MapVirtualKeyA( *(_t137 - 8), _t102), 2, _t102);
					if(VkKeyScanA(0xffffff91) != 0) {
						 *_t130(0x10, MapVirtualKeyA(0x10, _t102), 2, _t102);
					}
				}
				_t131 = 1;
				Sleep(_t131);
				_t177 =  *0x406a08 - _t102; // 0x0
				if(_t177 != 0) {
					KillTimer( *(_t137 + 8), 0x3e9);
					_t56 = GetTickCount();
					__eflags =  *0x406b18 - _t102; // 0x0
					 *0x406a08 = _t102;
					 *0x4069fc = _t56 -  *0x4069f8;
					_t58 = 0x406b18;
					if(__eflags == 0) {
						_t58 = "TinyTask";
					}
					SetWindowTextA( *(_t137 + 8), _t58);
					_t60 =  *0x4069f0; // 0x0
					__eflags = _t60 - _t102;
					if(_t60 != _t102) {
						_t118 =  *0x4069f4; // 0x0
						_t24 = _t118 - 1; // -1
						asm("sbb ecx, ecx");
						_t108 =  ~_t118 & _t24;
						__eflags = _t108;
						 *(_t137 - 0x10) = _t108;
						if(_t108 > 0) {
							while(1) {
								_t134 = _t108 + _t108 * 4;
								_t125 =  *((intOrPtr*)(_t60 + _t134 * 4));
								_t135 = _t60 + _t134 * 4;
								__eflags = _t125 - _t102;
								if(_t125 == _t102) {
									goto L59;
								}
								__eflags = _t125 - 0x201;
								if(_t125 != 0x201) {
									L58:
									_t108 = _t108 - 1;
									__eflags = _t108 - _t102;
									 *(_t137 - 0x10) = _t108;
									if(_t108 > _t102) {
										continue;
									}
								} else {
									__eflags =  *((intOrPtr*)(_t135 + 0x10)) -  *(_t137 + 8);
									if( *((intOrPtr*)(_t135 + 0x10)) !=  *(_t137 + 8)) {
										goto L58;
									}
								}
								goto L59;
							}
						}
						L59:
						__eflags = _t108 - _t102;
						if(_t108 != _t102) {
							_t118 = _t108;
							 *0x4069f4 = _t118;
						}
						_t109 = _t118;
						__eflags = _t109 - _t118 + 3;
						 *(_t137 - 0x14) = _t109;
						if(_t109 < _t118 + 3) {
							while(1) {
								E004042CA(_t60 + (_t109 + _t109 * 4) * 4, _t102, 0x14);
								_t65 =  *0x4069f4; // 0x0
								_t141 = _t141 + 0xc;
								_t109 =  *(_t137 - 0x14) + 1;
								 *(_t137 - 0x14) = _t109;
								__eflags = _t109 -  &(_t65->left);
								if(_t109 >=  &(_t65->left)) {
									goto L65;
								}
								_t60 =  *0x4069f0; // 0x0
							}
						}
						goto L65;
					}
				} else {
					_t67 =  *0x4069f0; // 0x0
					 *0x406a08 = 0x8002;
					if(_t67 != _t102) {
						E00404294(_t67);
						 *0x4069f0 = _t102;
					}
					 *0x4069f4 = _t102;
					GetCursorPos(_t137 - 0x1c);
					_t126 = 0xfe;
					 *0x406d20 =  *((intOrPtr*)(_t137 - 0x18)) +  *(_t137 - 0x1c);
					do {
						 *(_t131 + 0x406d20) = GetKeyState(_t131) >> 0x0000000f & 0x00000001;
						_t131 = _t131 + 1;
						_t126 = _t126 - 1;
					} while (_t126 != 0);
					 *0x4069f8 = GetTickCount();
					SetTimer( *(_t137 + 8), 0x3e9, 0xa, _t102);
					L65:
					InvalidateRect( *(_t137 + 8), _t102, 1);
				}
				_t61 = DefWindowProcA( *(_t137 + 8),  *(_t137 + 0xc),  *(_t137 + 0x10),  *(_t137 + 0x14)); // executed
				return _t61;
			}






























0x0040214e
0x00402154
0x0040215a
0x0040215c
0x0040215f
0x0040217b
0x004021a6
0x004021a9
0x004021b3
0x00000000
0x004021c4
0x004021c4
0x004021c8
0x004021c8
0x004021c8
0x004021ca
0x004021ca
0x004021d9
0x0040217d
0x00402180
0x00402196
0x0040218c
0x0040218d
0x0040218d
0x004021a4
0x00000000
0x00000000
0x004021a4
0x0040217b
0x004021db
0x004021dc
0x004021ec
0x004021f3
0x004021fe
0x00402200
0x00402202
0x0040220b
0x00402210
0x0040221a
0x00402220
0x00402222
0x00402223
0x00402229
0x0040222a
0x0040223f
0x00402251
0x0040225c
0x0040226e
0x0040226e
0x00402278
0x0040227d
0x00402285
0x00000000
0x00402293
0x00402293
0x00402297
0x00402297
0x00402297
0x00402299
0x00402299
0x0040229a
0x004022a1
0x004022aa
0x004022ac
0x004022b1
0x004022b9
0x00000000
0x004022c7
0x004022c7
0x004022cb
0x004022cb
0x004022cb
0x004022cd
0x004022cd
0x004022dc
0x004022ec
0x004022f9
0x004022f9
0x004022ec
0x004022fd
0x004022ff
0x00402305
0x0040230b
0x0040238c
0x00402392
0x0040239e
0x004023a4
0x004023aa
0x004023af
0x004023b4
0x004023b6
0x004023b6
0x004023bf
0x004023c5
0x004023ca
0x004023cc
0x004023d2
0x004023dc
0x004023df
0x004023e1
0x004023e1
0x004023e3
0x004023e6
0x004023e8
0x004023e8
0x004023eb
0x004023ee
0x004023f1
0x004023f3
0x00000000
0x00000000
0x004023f5
0x004023fb
0x00402405
0x00402405
0x00402406
0x00402408
0x0040240b
0x00000000
0x00000000
0x004023fd
0x00402400
0x00402403
0x00000000
0x00000000
0x00402403
0x00000000
0x004023fb
0x004023e8
0x0040240d
0x0040240d
0x0040240f
0x00402411
0x00402413
0x00402413
0x00402419
0x0040241e
0x00402420
0x00402423
0x0040242c
0x00402436
0x0040243e
0x00402443
0x00402446
0x0040244a
0x0040244d
0x0040244f
0x00000000
0x00000000
0x00402427
0x00402427
0x0040242c
0x00000000
0x00402423
0x0040230d
0x0040230d
0x00402312
0x0040231e
0x00402321
0x00402327
0x00402327
0x00402330
0x00402337
0x00402340
0x00402348
0x0040234d
0x00402359
0x0040235f
0x00402360
0x00402360
0x00402371
0x00402379
0x00402451
0x00402457
0x00402457
0x00402f11
0x00402f1b

APIs
  • mouse_event.USER32 ref: 0040214E
  • GetAsyncKeyState.USER32(00000000), ref: 00402172
  • GetKeyState.USER32 ref: 0040218D
  • GetAsyncKeyState.USER32(00000000), ref: 00402196
  • MapVirtualKeyA.USER32 ref: 004021D1
  • keybd_event.USER32(00000000,00000000,?,00000001), ref: 004021D9
  • SetKeyboardState.USER32(?), ref: 0040221A
  • GetAsyncKeyState.USER32(00000000), ref: 00402223
  • GetKeyState.USER32 ref: 00402237
  • VkKeyScanA.USER32 ref: 0040224D
  • VkKeyScanA.USER32 ref: 00402254
  • MapVirtualKeyA.USER32 ref: 00402269
  • keybd_event.USER32(00000010,00000000), ref: 0040226E
  • MapVirtualKeyA.USER32 ref: 004022A4
  • keybd_event.USER32(?,00000000,?,00000001), ref: 004022AA
  • MapVirtualKeyA.USER32 ref: 004022D6
  • keybd_event.USER32(?,00000000,?,00000001), ref: 004022DC
  • VkKeyScanA.USER32 ref: 004022E0
  • MapVirtualKeyA.USER32 ref: 004022F4
  • keybd_event.USER32(00000010,00000000,?,00000002), ref: 004022F9
  • Sleep.KERNEL32(00000001), ref: 004022FF
  • GetCursorPos.USER32(?), ref: 00402337
  • GetKeyState.USER32 ref: 0040234E
  • GetTickCount.KERNEL32 ref: 00402363
  • SetTimer.USER32(?,000003E9,0000000A), ref: 00402379
  • KillTimer.USER32(?,000003E9), ref: 0040238C
  • GetTickCount.KERNEL32 ref: 00402392
  • SetWindowTextA.USER32(?,00406B18), ref: 004023BF
  • InvalidateRect.USER32(?,?,00000001), ref: 00402457
  • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
Strings
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: State$Virtualkeybd_event$AsyncScan$CountTickTimerWindow$CursorInvalidateKeyboardKillProcRectSleepTextmouse_event
  • String ID: TinyTask
  • API String ID: 1390587733-3209981168
  • Opcode ID: 8820bf5f8dcef25e83e4578008bcf2b881564eada030580c280cd71e28e169f8
  • Instruction ID: 031df1eed1d18bf0559545632a0af1d58a23b815c6d10fae845eb6c15e90b205
  • Opcode Fuzzy Hash: 8820bf5f8dcef25e83e4578008bcf2b881564eada030580c280cd71e28e169f8
  • Instruction Fuzzy Hash: AC913D71900108AFDF255B98DE8CABF3B29E745344F11417BF502BA2E1C7B84D829B6D
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 487 40392f-403962 488 403b05-403b08 487->488 489 403968-40396b 487->489 489->488 490 403971-4039a5 GetPrivateProfileStringA 489->490 491 4039ab-4039cd LoadImageA 490->491 492 403a3e-403a5b GetModuleHandleA LoadImageA 490->492 493 4039f8-403a2b MessageBoxA WritePrivateProfileStringA 491->493 494 4039cf-4039e0 GetObjectA 491->494 495 403a5e-403a65 492->495 493->492 497 403a2d-403a36 DeleteObject 493->497 494->493 496 4039e2-4039ee 494->496 498 403a67-403a68 DeleteObject 495->498 499 403a6e-403a7d 495->499 496->493 500 4039f0-4039f6 GetSystemMetrics 496->500 501 403a39-403a3c 497->501 498->499 502 403a86-403b03 call 403842 GetObjectA KiUserCallbackDispatcher GetSystemMetrics * 2 499->502 503 403a7f-403a80 DeleteObject 499->503 500->493 500->501 501->492 501->495 502->488 503->502
C-Code - Quality: 76%
			E0040392F(intOrPtr* _a4, intOrPtr* _a8) {
				int _v8;
				intOrPtr _v24;
				signed int _v28;
				void _v32;
				void _v287;
				char _v288;
				void* _t44;
				void* _t48;
				void* _t49;
				void* _t51;
				void* _t52;
				void* _t58;
				int _t60;
				int _t62;
				signed int _t63;
				intOrPtr _t66;
				void* _t70;
				signed int _t71;
				signed int _t82;
				signed int _t86;
				intOrPtr _t87;
				signed int _t94;
				CHAR* _t100;
				intOrPtr* _t105;

				_v32 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t82 = 0x3f;
				_v288 = 0;
				_t44 = memset( &_v287, 0, _t82 << 2);
				asm("stosw");
				asm("stosb");
				if(_a4 != 0 && _a8 != 0) {
					_t100 = "TinyTask";
					GetPrivateProfileStringA(_t100, "toolbar_image", 0x406e20,  &_v288, 0xff, "C:\Users\jones\Desktop\tinytask-1-77.ini"); // executed
					_t105 = GetSystemMetrics;
					if(_v288 == 0) {
						L10:
						 *0x406d1e = 0;
						_t48 = LoadImageA(GetModuleHandleA(0), 0xfa2, 0, 0, 0, 0); // executed
						_v8 = _t48;
						L11:
						_t49 =  *0x4069e8; // 0x9b05071f
						if(_t49 != 0) {
							DeleteObject(_t49);
						}
						 *0x4069e8 = _v8;
						_t51 =  *0x4069ec; // 0x8b0509b3
						if(_t51 != 0) {
							DeleteObject(_t51);
						}
						_t52 = E00403842( *0x4069e8, 0); // executed
						 *0x4069ec = _t52;
						GetObjectA( *0x4069e8, 0x18,  &_v32);
						asm("cdq");
						_t86 = 7;
						 *0x406010 = _v28 / _t86;
						 *0x406014 = _v24; // executed
						_t58 =  *_t105(_t86); // executed
						_t60 = GetSystemMetrics(4);
						_t87 =  *0x406014; // 0x2c
						 *_a8 = _t87 + _t60 + (_t58 + ( *0x406040 & 0x000000ff)) * 2;
						_t103 =  *0x406040 & 0x000000ff;
						_t62 = GetSystemMetrics(7);
						_t63 =  *0x406010; // 0x26
						_t66 = ( *0x406040 & 0x000000ff) + (_t62 + _t63 + _t103 + (_t63 + _t103) * 2) * 2;
						 *_a4 = _t66;
						return _t66;
					}
					 *0x406d1e = 1;
					_t70 = LoadImageA(0,  &_v288, 0, 0, 0, 0x2050);
					_v8 = _t70;
					if(_t70 == 0) {
						L7:
						_t71 =  *0x406a00; // 0x0
						MessageBoxA(0, "Invalid toolbar BMP (too small or big)\n\nReverting to stock toolbar",  &_v288, _t71 | 0x00012030);
						WritePrivateProfileStringA(_t100, "toolbar_image", 0, "C:\Users\jones\Desktop\tinytask-1-77.ini");
						if(_v8 == 0) {
							goto L10;
						}
						DeleteObject(_v8);
						_v8 = 0;
						L9:
						if(_v8 != 0) {
							goto L11;
						}
						goto L10;
					}
					GetObjectA(_t70, 0x18,  &_v32);
					if(_v24 < 0xa) {
						goto L7;
					}
					asm("cdq");
					_t94 = 7;
					if(_v28 / _t94 < 0xa || _v28 > GetSystemMetrics(0)) {
						goto L7;
					} else {
						goto L9;
					}
				}
				return _t44;
			}



























0x00403941
0x00403944
0x00403945
0x00403946
0x00403947
0x00403948
0x0040394d
0x00403954
0x0040395d
0x0040395f
0x00403961
0x00403962
0x00403988
0x00403993
0x0040399f
0x004039a5
0x00403a3e
0x00403a48
0x00403a55
0x00403a5b
0x00403a5e
0x00403a5e
0x00403a65
0x00403a68
0x00403a68
0x00403a71
0x00403a76
0x00403a7d
0x00403a80
0x00403a80
0x00403a8d
0x00403a93
0x00403aa5
0x00403ab0
0x00403ab1
0x00403ab5
0x00403abd
0x00403ac2
0x00403ad1
0x00403ad3
0x00403ae3
0x00403ae5
0x00403aec
0x00403af0
0x00403afd
0x00403b03
0x00000000
0x00403b03
0x004039bb
0x004039c2
0x004039ca
0x004039cd
0x004039f8
0x004039f8
0x00403a10
0x00403a22
0x00403a2b
0x00000000
0x00000000
0x00403a30
0x00403a36
0x00403a39
0x00403a3c
0x00000000
0x00000000
0x00000000
0x00403a3c
0x004039d6
0x004039e0
0x00000000
0x00000000
0x004039e7
0x004039e8
0x004039ee
0x00000000
0x00000000
0x00000000
0x00000000
0x004039ee
0x00403b08

APIs
  • GetPrivateProfileStringA.KERNEL32(TinyTask,toolbar_image,00406E20,?,000000FF,C:\Users\user\Desktop\tinytask-1-77.ini), ref: 00403993
  • LoadImageA.USER32 ref: 004039C2
  • GetObjectA.GDI32(00000000,00000018,?), ref: 004039D6
  • GetSystemMetrics.USER32 ref: 004039F1
  • MessageBoxA.USER32 ref: 00403A10
  • WritePrivateProfileStringA.KERNEL32(TinyTask,toolbar_image,00000000,C:\Users\user\Desktop\tinytask-1-77.ini), ref: 00403A22
  • DeleteObject.GDI32(?), ref: 00403A30
  • GetModuleHandleA.KERNEL32(00000000,00000FA2,00000000,00000000,00000000,00000000), ref: 00403A4E
  • LoadImageA.USER32 ref: 00403A55
  • DeleteObject.GDI32(9B05071F), ref: 00403A68
  • DeleteObject.GDI32(8B0509B3), ref: 00403A80
  • GetObjectA.GDI32(00000018,?), ref: 00403AA5
  • KiUserCallbackDispatcher.NTDLL(00000007), ref: 00403AC2
  • GetSystemMetrics.USER32 ref: 00403AD1
  • GetSystemMetrics.USER32 ref: 00403AEC
Strings
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: Object$DeleteMetricsSystem$ImageLoadPrivateProfileString$CallbackDispatcherHandleMessageModuleUserWrite
  • String ID: C:\Users\user\Desktop\tinytask-1-77.ini$Invalid toolbar BMP (too small or big)Reverting to stock toolbar$TinyTask$toolbar_image
  • API String ID: 2380985136-4271756512
  • Opcode ID: 0eaf2a901312c42ad07fa65ed292ab6aac60d7d04abb012af14190a0e9e0cee0
  • Instruction ID: 6cafae0cf05febae9f13d51d9b0e4cd575cb5ae2a350ff58d1696014d4f6fbac
  • Opcode Fuzzy Hash: 0eaf2a901312c42ad07fa65ed292ab6aac60d7d04abb012af14190a0e9e0cee0
  • Instruction Fuzzy Hash: 3F5196B1A40208AFDB10DF64DE85AAF7BBDEB44301F11407AF602F6291D6749E50CF98
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 512 402d18-402d1e 513 402d24-402d50 GetPrivateProfileStringA 512->513 514 402dd9-402def WritePrivateProfileStringA 512->514 515 402d52-402d5e call 4043d7 513->515 516 402d5f-402d6a 513->516 517 402df6-402e18 call 40392f GetWindowLongA 514->517 515->516 520 402d6c-402d7c 516->520 521 402d8e-402dad call 404464 516->521 528 402e21 517->528 529 402e1a-402e1f 517->529 520->521 525 402d7e-402d80 520->525 533 402db0 call 404111 521->533 525->521 526 402d82-402d85 525->526 531 402d87-402d89 526->531 532 402d8b-402d8c 526->532 530 402e26-402e56 SetWindowLongA SetWindowPos InvalidateRect UpdateWindow 528->530 529->530 537 402f05-402f11 DefWindowProcA 530->537 531->532 532->520 535 402db5-402dba 533->535 536 402dc0-402dd7 call 4041f6 535->536 535->537 536->517 539 402f17-402f1b 537->539
C-Code - Quality: 82%
			E00402D18(CHAR* __ebx) {
				signed int _t30;
				long _t31;
				long _t36;
				void* _t39;
				RECT** _t47;
				RECT* _t49;
				void* _t53;
				RECT* _t55;
				struct HWND__* _t58;
				void* _t61;

				_t49 = __ebx;
				if( *(_t61 + 0x10) != 0x801a) {
					WritePrivateProfileStringA("TinyTask", "toolbar_image", __ebx, "C:\Users\jones\Desktop\tinytask-1-77.ini");
					 *0x406040 = 5;
					goto L12;
				} else {
					_t60 = "TinyTask";
					GetPrivateProfileStringA("TinyTask", "toolbar_image", 0x406c18, _t61 - 0x158, 0xff, 0x406c18);
					_t39 = _t61 - 0x158;
					if(_t39 != 0) {
						_t39 = E004043D7(_t61 - 0x158);
					}
					_t53 = _t39 - 1;
					if(_t61 != 0x158) {
						while(1) {
							_t55 =  *(_t61 + _t53 - 0x158);
							_t47 = _t61 + _t53 - 0x158;
							if(_t55 == _t49 || _t53 < _t49) {
								goto L9;
							}
							if(_t55 == 0x5c) {
								 *_t47 = _t49;
								_t53 = 0;
							}
							_t53 = _t53 - 1;
						}
					}
					L9:
					E00404464(_t61 - 0x158, "\\*.bmp");
					if(E00404111( *(_t61 + 8), _t61 - 0x158, "*.bmp", 1) != 0) {
						E004041F6(0x406c18, _t60, "toolbar_image", _t61 - 0x158, _t49);
						L12:
						E0040392F(_t61 - 0x10, _t61 - 0x30);
						_t58 =  *(_t61 + 8);
						_t30 = GetWindowLongA(_t58, 0xfffffff0);
						if( *((intOrPtr*)(_t61 - 0x10)) <= 0xe0) {
							_t31 = _t30 & 0xfffdffff;
						} else {
							_t31 = _t30 | 0x00020000;
						}
						 *(_t61 - 0x14) = _t31;
						SetWindowLongA(_t58, 0xfffffff0, _t31);
						_push(0x26);
						_push( *((intOrPtr*)(_t61 - 0x30)));
						_push( *((intOrPtr*)(_t61 - 0x10)));
						SetWindowPos(_t58, _t49, _t49, _t49, ??, ??, ??);
						InvalidateRect(_t58, _t49, 1);
						UpdateWindow(_t58);
					}
				}
				_t36 = DefWindowProcA( *(_t61 + 8),  *(_t61 + 0xc),  *(_t61 + 0x10),  *(_t61 + 0x14)); // executed
				return _t36;
			}













0x00402d18
0x00402d1e
0x00402de9
0x00402def
0x00000000
0x00402d24
0x00402d37
0x00402d42
0x00402d48
0x00402d50
0x00402d59
0x00402d5e
0x00402d5f
0x00402d6a
0x00402d6c
0x00402d6c
0x00402d73
0x00402d7c
0x00000000
0x00000000
0x00402d85
0x00402d87
0x00402d89
0x00402d89
0x00402d8b
0x00402d8b
0x00402d6c
0x00402d8e
0x00402d9a
0x00402dba
0x00402dcf
0x00402df6
0x00402dfe
0x00402e03
0x00402e0b
0x00402e18
0x00402e21
0x00402e1a
0x00402e1a
0x00402e1a
0x00402e2a
0x00402e2d
0x00402e33
0x00402e35
0x00402e38
0x00402e3f
0x00402e49
0x00402e50
0x00402e50
0x00402dba
0x00402f11
0x00402f1b

APIs
  • GetPrivateProfileStringA.KERNEL32(TinyTask,toolbar_image,C:\Users\user\Desktop\tinytask-1-77.ini,?,000000FF,C:\Users\user\Desktop\tinytask-1-77.ini), ref: 00402D42
  • WritePrivateProfileStringA.KERNEL32(TinyTask,toolbar_image,?,C:\Users\user\Desktop\tinytask-1-77.ini), ref: 00402DE9
  • GetWindowLongA.USER32 ref: 00402E0B
  • SetWindowLongA.USER32 ref: 00402E2D
  • SetWindowPos.USER32(?,?,?,?,?,?,00000436), ref: 00402E3F
  • InvalidateRect.USER32(?,?,00000001,?,?,?,?,?,00000436), ref: 00402E49
  • UpdateWindow.USER32(?), ref: 00402E50
  • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
Strings
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: Window$LongPrivateProfileString$InvalidateProcRectUpdateWrite
  • String ID: *.bmp$C:\Users\user\Desktop\tinytask-1-77.ini$TinyTask$\*.bmp$toolbar_image
  • API String ID: 2213434243-1114637028
  • Opcode ID: abe048f652dd5fe8341e8e39fb0ee4763a0a815dd417b95274aa3134a3a5f971
  • Instruction ID: 3329009130effa698441a7dd3716a60a1eb201f56e1adaa016a922858c527409
  • Opcode Fuzzy Hash: abe048f652dd5fe8341e8e39fb0ee4763a0a815dd417b95274aa3134a3a5f971
  • Instruction Fuzzy Hash: 9831BA32840519AADB10AB90DD4DFEF3768EF45301F10007BFA02B91D1DBB98A848FA9
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 246 4026e5-4026ea 247 4026f0-402741 CreatePopupMenu AppendMenuA * 2 246->247 248 402f05-402f11 DefWindowProcA 246->248 250 402743-402746 247->250 251 402748 247->251 249 402f17-402f1b 248->249 252 40274a-40275f AppendMenuA 250->252 251->252 253 402761-402764 252->253 254 402766 252->254 255 402768-402798 AppendMenuA wsprintfA 253->255 254->255 256 40279a-40279d 255->256 257 4027ae 255->257 256->257 258 40279f-4027a2 256->258 259 4027b0-402803 AppendMenuA * 4 257->259 258->257 260 4027a4-4027a7 258->260 261 402805-402807 259->261 262 402808-402a4f wsprintfA AppendMenuA * 2 CreatePopupMenu AppendMenuA * 5 CreatePopupMenu AppendMenuA * 15 GetCursorPos GetWindowRect PtInRect 259->262 260->257 263 4027a9-4027ac 260->263 261->262 264 402a51-402a61 262->264 265 402a63-402a6e 262->265 263->259 264->265 266 402a71-402a8f TrackPopupMenu DestroyMenu 264->266 265->266 266->248
C-Code - Quality: 71%
			E004026E5(int __ebx, void* __eflags) {
				long _t54;
				signed int _t56;
				signed int _t62;
				signed int _t73;
				signed char _t78;
				intOrPtr _t82;
				int _t88;
				signed char _t90;
				intOrPtr _t95;
				intOrPtr _t101;
				intOrPtr _t107;
				int _t113;
				signed char _t115;
				intOrPtr _t120;
				intOrPtr _t126;
				intOrPtr _t132;
				signed int _t141;
				signed int _t145;
				signed char _t150;
				signed char _t154;
				int _t167;
				intOrPtr _t168;
				int _t174;
				intOrPtr _t177;
				struct HMENU__* _t180;
				void* _t187;

				_t174 = __ebx;
				asm("sbb eax, 0x406a08");
				if(__eflags == 0) {
					_t180 = CreatePopupMenu();
					_t56 =  *0x406a04; // 0x0
					asm("sbb eax, eax");
					 *(_t187 - 4) = _t180;
					AppendMenuA(_t180, ( ~(_t56 - 1) & 0x000000f8) + 8, 0x8006, 0x40649c);
					_t62 =  *0x406a04; // 0x0
					asm("sbb eax, eax");
					AppendMenuA(_t180, ( ~_t62 & 0x000000f8) + 8, 0x8007, "Play Speed:   &1x");
					if( *0x406a04 != 2) {
						__eflags = 0;
					} else {
						_push(8);
						_pop(0);
					}
					AppendMenuA(_t180, 0, 0x8008, "Play Speed:   &2x");
					if( *0x406a04 != 0x64) {
						__eflags = 0;
					} else {
						_push(8);
						_pop(0);
					}
					AppendMenuA(_t180, 0, 0x800a, "Play Speed:   100x");
					wsprintfA(_t187 - 0x158, "&Play Custom Speed:  %dx",  *0x406008);
					_t73 =  *0x406a04; // 0x0
					if(_t73 == _t174 || _t73 == 1 || _t73 == 2 || _t73 == 0x64) {
						__eflags = 0;
					} else {
						_push(8);
						_pop(0);
					}
					AppendMenuA( *(_t187 - 4), 0, 0x8009, _t187 - 0x158);
					AppendMenuA( *(_t187 - 4), _t174, 0x8019, "&Set Custom Speed...");
					AppendMenuA( *(_t187 - 4), 0x800, _t174, _t174);
					_t78 =  *0x406d1a; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 4),  ~_t78 & 0x00000008, 0x800b, "&Continuous Playback");
					_t82 =  *0x40600c; // 0x1
					if(_t82 <= 1) {
						_t82 = 1;
					}
					wsprintfA(_t187 - 0x158, "&Set Playback Loops...  (%d)", _t82);
					AppendMenuA( *(_t187 - 4), _t174, 0x800c, _t187 - 0x158);
					AppendMenuA( *(_t187 - 4), 0x800, _t174, _t174);
					_t88 = CreatePopupMenu();
					 *(_t187 - 0xc) = _t88;
					AppendMenuA( *(_t187 - 4), 0x10, _t88, "Recording &Hotkey");
					_t90 =  *0x406d1b; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 0xc), ( ~_t90 & 0x000000f8) + 8, 0x800f, "Control + Shift + Alt + R");
					_t95 =  *0x406d1b; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 0xc), ( ~(_t95 - 1) & 0x000000f8) + 8, 0x8010, "Print Screen");
					_t101 =  *0x406d1b; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 0xc), ( ~(_t101 - 8) & 0x000000f8) + 8, 0x8011, "F8");
					_t107 =  *0x406d1b; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 0xc), ( ~(_t107 - 0xc) & 0x000000f8) + 8, 0x8012, "F12");
					_t113 = CreatePopupMenu();
					 *(_t187 - 8) = _t113;
					AppendMenuA( *(_t187 - 4), 0x10, _t113, "Playback Hot&key");
					_t115 =  *0x406d1c; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 8), ( ~_t115 & 0x000000f8) + 8, 0x8013, "Control + Shift + Alt + P");
					_t120 =  *0x406d1c; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 8), ( ~(_t120 - 1) & 0x000000f8) + 8, 0x8014, "Print Screen");
					_t126 =  *0x406d1c; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 8), ( ~(_t126 - 8) & 0x000000f8) + 8, 0x8015, "F8");
					_t132 =  *0x406d1c; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 8), ( ~(_t132 - 0xc) & 0x000000f8) + 8, 0x8016, "F12");
					AppendMenuA( *(_t187 - 8), 0x800, _t174, _t174);
					AppendMenuA( *(_t187 - 8), 2, 0x800e, 0x406340);
					AppendMenuA( *(_t187 - 4), 0x800, _t174, _t174);
					_t141 =  *0x406a00; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 4),  ~_t141 & 0x00000008, 0x8017, "Always on &Top");
					_t145 =  *0x406a14; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 4), ( ~_t145 & 0x000000f8) + 8, 0x8018, "Show Captions");
					_t150 =  *0x406d1e; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 4),  ~_t150 & 0x00000008, 0x801a, "Use Custom Tool&bar...");
					_t154 =  *0x406d1e; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 4), ( ~_t154 & 0x000000f8) + 8, 0x801b, "Use &Default Toolbar");
					AppendMenuA( *(_t187 - 4), 0x800, _t174, _t174);
					AppendMenuA( *(_t187 - 4), _t174, 0x800d, "TinyTask &Website");
					AppendMenuA( *(_t187 - 4), _t174, 0x800e, "&About TinyTask 1.77");
					GetCursorPos(_t187 - 0x1c);
					GetWindowRect( *(_t187 + 8), _t187 - 0x2c);
					_push( *(_t187 - 0x18));
					_t167 = PtInRect(_t187 - 0x2c,  *(_t187 - 0x1c));
					_t177 =  *0x406010; // 0x26
					_t168 =  *((intOrPtr*)(_t187 - 0x24));
					if(_t167 == 0 ||  *(_t187 - 0x1c) < _t168 - ( *0x406040 & 0x000000ff) - _t177) {
						 *(_t187 - 0x1c) = _t168 - _t177;
						 *(_t187 - 0x18) =  *((intOrPtr*)(_t187 - 0x20)) + 0xfffffff7;
					}
					TrackPopupMenu( *(_t187 - 4), _t174,  *(_t187 - 0x1c),  *(_t187 - 0x18), _t174,  *(_t187 + 8), _t174);
					DestroyMenu( *(_t187 - 4));
				}
				_t54 = DefWindowProcA( *(_t187 + 8),  *(_t187 + 0xc),  *(_t187 + 0x10),  *(_t187 + 0x14)); // executed
				return _t54;
			}





























0x004026e5
0x004026e5
0x004026ea
0x004026f6
0x004026f8
0x00402706
0x00402717
0x0040271c
0x0040271e
0x0040272a
0x00402738
0x00402741
0x00402748
0x00402743
0x00402743
0x00402745
0x00402745
0x00402756
0x0040275f
0x00402766
0x00402761
0x00402761
0x00402763
0x00402763
0x00402774
0x00402788
0x0040278e
0x00402798
0x004027ae
0x004027a9
0x004027a9
0x004027ab
0x004027ab
0x004027c0
0x004027d0
0x004027dd
0x004027df
0x004027eb
0x004027f9
0x004027fb
0x00402803
0x00402807
0x00402807
0x00402815
0x0040282e
0x00402836
0x00402838
0x00402846
0x0040284c
0x0040284e
0x0040285a
0x0040286a
0x0040286c
0x0040287f
0x0040288a
0x0040288c
0x0040289f
0x004028aa
0x004028ac
0x004028bf
0x004028ca
0x004028cc
0x004028da
0x004028e0
0x004028e2
0x004028ee
0x004028fe
0x00402900
0x00402913
0x0040291e
0x00402920
0x00402933
0x0040293e
0x00402940
0x00402953
0x0040295e
0x00402966
0x00402977
0x0040297f
0x00402981
0x0040298d
0x0040299b
0x0040299d
0x004029a9
0x004029b9
0x004029bb
0x004029c7
0x004029d5
0x004029e1
0x004029e8
0x004029f3
0x004029fb
0x00402a0b
0x00402a1b
0x00402a21
0x00402a2e
0x00402a34
0x00402a3e
0x00402a44
0x00402a4c
0x00402a4f
0x00402a65
0x00402a6e
0x00402a6e
0x00402a80
0x00402a89
0x00402a89
0x00402f11
0x00402f1b

APIs
Strings
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: Menu$Append$Popup$Create$RectWindowwsprintf$CursorDestroyProcTrack
  • String ID: &About TinyTask 1.77$&Continuous Playback$&Play Custom Speed: %dx$&Set Custom Speed...$&Set Playback Loops... (%d)$Always on &Top$Control + Shift + Alt + P$Control + Shift + Alt + R$F12$Play Speed: &1x$Play Speed: &2x$Play Speed: 100x$Playback Hot&key$Print Screen$Recording &Hotkey$Show Captions$TinyTask &Website$Use &Default Toolbar$Use Custom Tool&bar...
  • API String ID: 2447434608-185408970
  • Opcode ID: 00e0cd7c2f8d0a2240b16037cad9c0e4e1d4a63e466c398367af8b119feccc65
  • Instruction ID: 233a727705327858f4e8fa9ae9d20dfb6b3e24b65606c47886e521afb20f630d
  • Opcode Fuzzy Hash: 00e0cd7c2f8d0a2240b16037cad9c0e4e1d4a63e466c398367af8b119feccc65
  • Instruction Fuzzy Hash: 3CA1B472A90108BEEF015B64CD46EAE3F78EB55711F114072F901F51E0CBB94E25AFA8
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 420 402462-40246c 421 402472-402478 420->421 422 402f05-402f11 DefWindowProcA 420->422 423 40248a-40248c 421->423 424 40247a-402484 421->424 425 402f17-402f1b 422->425 426 4024a0 423->426 427 40248e-40249e 423->427 424->423 428 4024a6-4024b8 mouse_event 426->428 427->428 429 4024ba-4024bd 428->429 430 402539-402540 429->430 431 4024bf-4024c5 429->431 430->429 432 402546-40257e call 4042ca SetKeyboardState 430->432 431->430 433 4024c7-4024cd 431->433 441 402580-40258e GetAsyncKeyState 432->441 433->430 435 4024cf-4024d9 GetAsyncKeyState 433->435 436 402504-402507 435->436 437 4024db-4024de 435->437 442 402509-40250c 436->442 443 40250e-402511 436->443 439 4024e0-4024e3 437->439 440 4024f3-4024f4 GetAsyncKeyState 437->440 439->440 444 4024e5-4024e8 439->444 446 4024fa-402502 440->446 441->441 445 402590-40259d GetKeyState 441->445 442->443 447 402526-402528 442->447 443->447 448 402513-402516 443->448 444->440 449 4024ea-4024f1 GetKeyState 444->449 450 4025a3-4025ba VkKeyScanA * 2 445->450 451 402659-40266a Sleep 445->451 446->430 446->436 453 402529-402537 MapVirtualKeyA keybd_event 447->453 448->447 452 402518-40251b 448->452 449->446 454 4025d0 450->454 455 4025bc-4025ce MapVirtualKeyA keybd_event 450->455 456 4026a8-4026ae 451->456 457 40266c-402677 451->457 452->447 458 40251d-402520 452->458 453->430 461 4025d6-4025db 454->461 455->461 459 4026b0-4026b7 PostMessageA 456->459 460 4026bd-4026d4 456->460 462 402681-4026a3 GetTickCount SetTimer 457->462 463 402679-40267f 457->463 458->447 464 402522-402524 458->464 459->460 469 4026d6 460->469 470 4026db-4026df 460->470 466 4025e1-4025e3 461->466 467 4025dd-4025df 461->467 462->422 463->456 463->462 464->453 471 4025f5-4025f7 466->471 472 4025e5-4025e7 466->472 467->466 467->471 469->470 470->422 474 401e6b-401e71 SetWindowTextA 470->474 473 4025f8-40260f MapVirtualKeyA keybd_event 471->473 472->471 475 4025e9-4025eb 472->475 476 402611-402613 473->476 477 402615-402617 473->477 474->422 475->471 478 4025ed-4025ef 475->478 476->477 479 402629-40262b 476->479 477->479 480 402619-40261b 477->480 478->471 481 4025f1-4025f3 478->481 483 40262c-40264a MapVirtualKeyA keybd_event VkKeyScanA 479->483 480->479 482 40261d-40261f 480->482 481->473 482->479 484 402621-402623 482->484 483->451 485 40264c-402657 MapVirtualKeyA keybd_event 483->485 484->479 486 402625-402627 484->486 485->451 486->483
C-Code - Quality: 46%
			E00402462(void* __ebx) {
				int _t25;
				long _t26;
				void* _t32;

				_t25 =  *0x406a08; // 0x0
				if(_t25 != 0x8002) {
					__eflags =  *0x4069f0 - __ebx; // 0x0
					if(__eflags != 0) {
						__eflags = __eax - __ebx;
						if(__eax != __ebx) {
							 *0x406a0c =  *0x406a0c + 1;
							__eflags =  *0x406a0c;
						} else {
							 *0x406a0c = __ebx;
							 *0x406a08 = 0x8003;
						}
						mouse_event(4, __ebx, __ebx, __ebx, __ebx);
						__esi = keybd_event;
						__edi = 0;
						__eflags = 0;
						do {
							__eflags = __edi - 0x14;
							if(__edi != 0x14) {
								__eflags = __edi - 0x90;
								if(__edi != 0x90) {
									__eflags = __edi - 0x91;
									if(__edi != 0x91) {
										__eax = GetAsyncKeyState(__edi);
										__eflags = __ah & 0x00000080;
										if((__ah & 0x00000080) != 0) {
											L20:
											__eflags = __edi - 0x21;
											if(__edi < 0x21) {
												L22:
												__eflags = __edi - 0x11;
												if(__edi == 0x11) {
													goto L27;
												} else {
													__eflags = __edi - 0x5b;
													if(__edi == 0x5b) {
														goto L27;
													} else {
														__eflags = __edi - 0x5c;
														if(__edi == 0x5c) {
															goto L27;
														} else {
															__eflags = __edi - 0x5d;
															if(__edi == 0x5d) {
																goto L27;
															} else {
																__eax = 0;
															}
														}
													}
												}
											} else {
												__eflags = __edi - 0x2e;
												if(__edi <= 0x2e) {
													L27:
													__eax = 1;
												} else {
													goto L22;
												}
											}
											__al = __al | 0x00000002;
											__eflags = __al;
											__eax =  *__esi(__edi, MapVirtualKeyA(__edi, __ebx), __eax, __ebx);
										} else {
											__eflags = __edi - 1;
											if(__edi == 1) {
												L18:
												__eax = GetAsyncKeyState(__edi);
											} else {
												__eflags = __edi - 2;
												if(__edi == 2) {
													goto L18;
												} else {
													__eflags = __edi - 4;
													if(__edi == 4) {
														goto L18;
													} else {
														__eax = GetKeyState(__edi);
													}
												}
											}
											__eax = __eax >> 0xf;
											__eax = __eax & 0x00000001;
											__eflags = __eax - __ebx;
											if(__eax != __ebx) {
												goto L20;
											}
										}
									}
								}
							}
							__edi = __edi + 1;
							__eflags = __edi - 0x100;
						} while (__edi < 0x100);
						__eax = 0;
						__ecx = 0x3f;
						__edi = __ebp - 0x397;
						 *(__ebp - 0x398) = __bl;
						__eax = memset(__edi, 0, __ecx << 2);
						__edi = __edi + __ecx;
						__ecx = 0;
						asm("stosw");
						asm("stosb");
						__ebp - 0x398 = E004042CA(__ebp - 0x398, __ebx, 0x100);
						__ebp - 0x398 = SetKeyboardState(__ebp - 0x398);
						__edi = 0;
						__eflags = 0;
						do {
							__eax = GetAsyncKeyState(__edi);
							__edi = __edi + 1;
							__eflags = __edi - 0xff;
						} while (__edi < 0xff);
						__eax = GetKeyState(0x91);
						__eflags = __al & 0x00000001;
						if((__al & 0x00000001) != 0) {
							__edi = VkKeyScanA;
							__eax = VkKeyScanA(0xffffff91);
							 *(__ebp - 0xc) = __al;
							__eax = VkKeyScanA(0xffffff91);
							__ecx = 0;
							__eflags = __ah;
							if(__ah == 0) {
								__edi = MapVirtualKeyA;
							} else {
								__edi = MapVirtualKeyA;
								__eax =  *__esi(0x10, MapVirtualKeyA(0x10, __ebx), __ebx, __ebx);
							}
							__al =  *(__ebp - 0xc);
							__eflags = __al - 0x21;
							if(__al < 0x21) {
								L38:
								__eflags = __al - 0x11;
								if(__al == 0x11) {
									goto L43;
								} else {
									__eflags = __al - 0x5b;
									if(__al == 0x5b) {
										goto L43;
									} else {
										__eflags = __al - 0x5c;
										if(__al == 0x5c) {
											goto L43;
										} else {
											__eflags = __al - 0x5d;
											if(__al == 0x5d) {
												goto L43;
											} else {
												__ecx = 0;
											}
										}
									}
								}
							} else {
								__eflags = __al - 0x2e;
								if(__al <= 0x2e) {
									L43:
									__ecx = 1;
								} else {
									goto L38;
								}
							}
							__eax = __al & 0x000000ff;
							 *(__ebp - 8) = __eax;
							__eax =  *__esi( *(__ebp - 0xc), __eax, __ecx, __ebx);
							__al =  *(__ebp - 0xc);
							__eflags = __al - 0x21;
							if(__al < 0x21) {
								L46:
								__eflags = __al - 0x11;
								if(__al == 0x11) {
									goto L51;
								} else {
									__eflags = __al - 0x5b;
									if(__al == 0x5b) {
										goto L51;
									} else {
										__eflags = __al - 0x5c;
										if(__al == 0x5c) {
											goto L51;
										} else {
											__eflags = __al - 0x5d;
											if(__al == 0x5d) {
												goto L51;
											} else {
												__eax = 0;
											}
										}
									}
								}
							} else {
								__eflags = __al - 0x2e;
								if(__al <= 0x2e) {
									L51:
									__eax = 1;
								} else {
									goto L46;
								}
							}
							__al = __al | 0x00000002;
							 *__esi( *(__ebp - 0xc), MapVirtualKeyA( *(__ebp - 8), __ebx), __eax, __ebx) = VkKeyScanA(0xffffff91);
							__ecx = 0;
							__eflags = __ah;
							if(__ah != 0) {
								__eax =  *__esi(0x10, MapVirtualKeyA(0x10, __ebx), 2, __ebx);
							}
						}
						Sleep(1);
						 *(__ebp + 0x10) =  *(__ebp + 0x10) >> 0x10;
						__eflags = __ax;
						if(__ax != 0) {
							L59:
							__eflags =  *0x406d1d - __bl; // 0x0
							if(__eflags != 0) {
								__eax = PostMessageA( *(__ebp + 8), 0x10, __ebx, __ebx);
							}
							__eflags =  *0x406b18 - __bl; // 0x0
							 *0x406a0c = __ebx;
							 *0x406a08 = __ebx;
							__eax = 0x406b18;
							if(__eflags == 0) {
								__eax = "TinyTask";
							}
							_push(__eax);
							_push( *(__ebp + 8));
							SetWindowTextA(); // executed
						} else {
							__eax =  *0x406a0c; // 0x0
							__eflags = __eax -  *0x40600c; // 0x1
							if(__eflags < 0) {
								L57:
								__eax = GetTickCount();
								_push(__ebx);
								_push(0x19);
								 *0x4069f8 = __eax;
								 *0x4069f4 = __ebx;
								_push(0x3ea);
								__eax = SetTimer( *(__ebp + 8), ??, ??, ??); // executed
							} else {
								__eflags =  *0x406d1a - __bl; // 0x0
								if(__eflags == 0) {
									goto L59;
								} else {
									goto L57;
								}
							}
						}
					} else {
						__eax =  *0x406a00; // 0x0
						_push(__eax);
						_push("TinyTask");
						_push("Nothing Recorded\n\nPress the blue button to start a new recording");
						_push( *0x4069e0);
						__eax = MessageBoxA();
					}
				}
				_t26 = DefWindowProcA( *(_t32 + 8),  *(_t32 + 0xc),  *(_t32 + 0x10),  *(_t32 + 0x14)); // executed
				return _t26;
			}






0x00402462
0x0040246c
0x00402472
0x00402478
0x0040248a
0x0040248c
0x004024a0
0x004024a0
0x0040248e
0x0040248e
0x00402494
0x00402494
0x004024ac
0x004024b2
0x004024b8
0x004024b8
0x004024ba
0x004024ba
0x004024bd
0x004024bf
0x004024c5
0x004024c7
0x004024cd
0x004024d0
0x004024d6
0x004024d9
0x00402504
0x00402504
0x00402507
0x0040250e
0x0040250e
0x00402511
0x00000000
0x00402513
0x00402513
0x00402516
0x00000000
0x00402518
0x00402518
0x0040251b
0x00000000
0x0040251d
0x0040251d
0x00402520
0x00000000
0x00402522
0x00402522
0x00402522
0x00402520
0x0040251b
0x00402516
0x00402509
0x00402509
0x0040250c
0x00402526
0x00402528
0x00000000
0x00000000
0x00000000
0x0040250c
0x00402529
0x00402529
0x00402537
0x004024db
0x004024db
0x004024de
0x004024f3
0x004024f4
0x004024e0
0x004024e0
0x004024e3
0x00000000
0x004024e5
0x004024e5
0x004024e8
0x00000000
0x004024ea
0x004024eb
0x004024eb
0x004024e8
0x004024e3
0x004024fa
0x004024fd
0x00402500
0x00402502
0x00000000
0x00000000
0x00402502
0x004024d9
0x004024cd
0x004024c5
0x00402539
0x0040253a
0x0040253a
0x00402548
0x0040254a
0x0040254b
0x00402551
0x0040255c
0x0040255c
0x0040255c
0x0040255e
0x00402560
0x00402569
0x00402578
0x0040257e
0x0040257e
0x00402580
0x00402581
0x00402587
0x00402588
0x00402588
0x00402595
0x0040259b
0x0040259d
0x004025a3
0x004025ab
0x004025af
0x004025b2
0x004025b4
0x004025b8
0x004025ba
0x004025d0
0x004025bc
0x004025bc
0x004025cc
0x004025cc
0x004025d6
0x004025d9
0x004025db
0x004025e1
0x004025e1
0x004025e3
0x00000000
0x004025e5
0x004025e5
0x004025e7
0x00000000
0x004025e9
0x004025e9
0x004025eb
0x00000000
0x004025ed
0x004025ed
0x004025ef
0x00000000
0x004025f1
0x004025f1
0x004025f1
0x004025ef
0x004025eb
0x004025e7
0x004025dd
0x004025dd
0x004025df
0x004025f5
0x004025f7
0x00000000
0x00000000
0x00000000
0x004025df
0x004025f8
0x004025ff
0x00402608
0x0040260a
0x0040260d
0x0040260f
0x00402615
0x00402615
0x00402617
0x00000000
0x00402619
0x00402619
0x0040261b
0x00000000
0x0040261d
0x0040261d
0x0040261f
0x00000000
0x00402621
0x00402621
0x00402623
0x00000000
0x00402625
0x00402625
0x00402625
0x00402623
0x0040261f
0x0040261b
0x00402611
0x00402611
0x00402613
0x00402629
0x0040262b
0x00000000
0x00000000
0x00000000
0x00402613
0x0040262c
0x0040263e
0x00402644
0x00402648
0x0040264a
0x00402657
0x00402657
0x0040264a
0x0040265b
0x00402664
0x00402667
0x0040266a
0x004026a8
0x004026a8
0x004026ae
0x004026b7
0x004026b7
0x004026bd
0x004026c3
0x004026c9
0x004026cf
0x004026d4
0x004026d6
0x004026d6
0x004026db
0x004026dc
0x00401e6b
0x0040266c
0x0040266c
0x00402671
0x00402677
0x00402681
0x00402681
0x00402687
0x00402688
0x0040268a
0x0040268f
0x00402695
0x0040269d
0x00402679
0x00402679
0x0040267f
0x00000000
0x00000000
0x00000000
0x00000000
0x0040267f
0x00402677
0x0040247a
0x0040247a
0x00402484
0x00402133
0x00402138
0x0040213d
0x00402b88
0x00402b88
0x00402478
0x00402f11
0x00402f1b

APIs
Strings
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: State$AsyncScan$KeyboardProcVirtualWindowkeybd_eventmouse_event
  • String ID: TinyTask
  • API String ID: 801333285-3209981168
  • Opcode ID: f1f4182ec40601e63d52bb47d4b08b04969c3d51b8bc583a8958c1f1ff03cc10
  • Instruction ID: bb46857cf83aba4c565f9cc198f0e7855127890a34379818f33f59448c70a07a
  • Opcode Fuzzy Hash: f1f4182ec40601e63d52bb47d4b08b04969c3d51b8bc583a8958c1f1ff03cc10
  • Instruction Fuzzy Hash: 527108B16401087EEB211B589E9CBBF3B69F786344F554437F142BA2E0C6F94C829E6D
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

C-Code - Quality: 79%
			E00403842(int _a4, long _a8) {
				struct HDC__* _v8;
				struct HDC__* _v12;
				int _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				int _v44;
				int _v48;
				void _v52;
				int _t38;
				void* _t39;
				long _t41;
				int _t52;
				struct HDC__* _t54;

				_v52 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				if(_a4 != 0) {
					_t54 = CreateCompatibleDC(0);
					_v12 = _t54;
					_v8 = CreateCompatibleDC(0);
					_v24 = SelectObject(_t54, _a4);
					GetObjectA(_a4, 0x18,  &_v52);
					_t52 = _v44;
					_t38 = _v48;
					_v16 = _t38;
					_a4 = _t52;
					_t39 = CreateBitmap(_t38, _t52, 1, 1, 0);
					_v28 = _t39;
					_v20 = SelectObject(_v8, _t39);
					_t41 = _a8;
					if(_t41 == 0) {
						_t41 = GetPixel(_t54, 0, 0);
					}
					SetBkColor(_t54, _t41);
					BitBlt(_v8, 0, 0, _v16, _a4, _t54, 0, 0, 0xcc0020);
					BitBlt(_v12, 0, 0, _v16, _a4, _v8, 0, 0, 0x660046);
					SelectObject(_v8, _v20);
					SelectObject(_v12, _v24);
					DeleteDC(_v8); // executed
					DeleteDC(_v12);
					return _v28;
				}
				return 0;
			}

















0x00403851
0x00403854
0x00403855
0x00403859
0x0040385a
0x0040385b
0x0040385c
0x0040386f
0x00403872
0x00403880
0x00403886
0x00403892
0x00403898
0x0040389b
0x004038a5
0x004038a8
0x004038ab
0x004038b2
0x004038ba
0x004038bd
0x004038c2
0x004038c7
0x004038c7
0x004038cf
0x004038ee
0x00403905
0x0040390d
0x00403915
0x00403920
0x00403925
0x00000000
0x0040392a
0x00000000

APIs
  • CreateCompatibleDC.GDI32(00000000), ref: 0040386D
  • CreateCompatibleDC.GDI32(00000000), ref: 00403875
  • SelectObject.GDI32(00000000,00403A92), ref: 00403884
  • GetObjectA.GDI32(00403A92,00000018,?), ref: 00403892
  • CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 004038AB
  • SelectObject.GDI32(00000000,00000000), ref: 004038B8
  • GetPixel.GDI32(00000000,00000000,00000000), ref: 004038C7
  • SetBkColor.GDI32(00000000,?), ref: 004038CF
  • BitBlt.GDI32(00000000,00000000,00000000,?,00403A92,00000000,00000000,00000000,00CC0020), ref: 004038EE
  • BitBlt.GDI32(00403A92,00000000,00000000,?,00403A92,00000000,00000000,00000000,00660046), ref: 00403905
  • SelectObject.GDI32(00000000,?), ref: 0040390D
  • SelectObject.GDI32(00403A92,?), ref: 00403915
  • DeleteDC.GDI32(00000000), ref: 00403920
  • DeleteDC.GDI32(00403A92), ref: 00403925
Strings
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: Object$Select$Create$CompatibleDelete$BitmapColorPixel
  • String ID: TinyTask
  • API String ID: 3609928720-3209981168
  • Opcode ID: f6d5c19c81ab99803db9995f6808d320c536e3f9aeec94918fbeefb216f6cd80
  • Instruction ID: 1b1e5c078316e08315fd16e6f57f33d2520814cf5a905d192c79994689ac12e0
  • Opcode Fuzzy Hash: f6d5c19c81ab99803db9995f6808d320c536e3f9aeec94918fbeefb216f6cd80
  • Instruction Fuzzy Hash: 8431C1B6910118BEEB119FA4DD84DAFBFB9EB48354B108066FA04B2260C7715E50AFA5
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 541 402b94-402ba8 542 402bb2 541->542 543 402baa-402bb0 SetTimer 541->543 544 402bc4 542->544 545 402bb4-402bb6 542->545 543->542 548 402bc6-402bf5 wsprintfA MessageBoxA 544->548 546 402bb8-402bc2 545->546 547 402c1f-402c56 wsprintfA MessageBoxA 545->547 546->544 546->548 550 402c8f-402f1b KillTimer DefWindowProcA 547->550 551 402c58-402c5c 547->551 549 402bfb-402bff 548->549 548->550 553 402c11 549->553 554 402c01-402c0f call 404617 549->554 555 402c69-402c6f 551->555 556 402c5e-402c67 call 404617 551->556 559 402c17-402c1d 553->559 554->553 554->559 557 402c85-402c8a 555->557 556->555 565 402c71-402c7e 556->565 557->550 559->550 565->557 566 402c80 565->566 566->557
C-Code - Quality: 100%
			E00402B94(void* __eax, void* __ebx, void* __edx) {
				long _t11;
				void* _t17;

				 *((intOrPtr*)(__ebx + 0x6a)) =  *((intOrPtr*)(__ebx + 0x6a)) + __edx;
				_t11 = DefWindowProcA( *(_t17 + 8),  *(_t17 + 0xc),  *(_t17 + 0x10),  *(_t17 + 0x14)); // executed
				return _t11;
			}





0x00402b9e
0x00402f11
0x00402f1b

APIs
Strings
  • Set Custom Speed, xrefs: 00402C3E
  • Set the number of playback loops:, xrefs: 00402BE5
  • Set Playback Loops, xrefs: 00402BE0
  • Playback speed multiplier (1-100):, xrefs: 00402C43
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: MessageTimerwsprintf$KillProcWindow
  • String ID: Playback speed multiplier (1-100):$ Set the number of playback loops:$Set Custom Speed$Set Playback Loops
  • API String ID: 3989924489-1524273833
  • Opcode ID: e7ffaa49d74b84dc2369fc79c70f2ae1da0aa485e2a3b75b1d1baa620c31fdd4
  • Instruction ID: 98f9ab5bfff6e17949900cb984dcc1791b2a47caea78b96665d2514b30861601
  • Opcode Fuzzy Hash: e7ffaa49d74b84dc2369fc79c70f2ae1da0aa485e2a3b75b1d1baa620c31fdd4
  • Instruction Fuzzy Hash: 7D310A31680500ABEF12AF04EE49A5E3B61FB85304B15803BF906FA1E1D3F949A19F5C
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

C-Code - Quality: 72%
			E00402E89() {
				signed int _t26;
				long _t31;
				CHAR* _t32;
				signed int _t36;
				void _t40;
				void* _t44;

				E004043F5(_t44 - 0x158, 0x406128);
				SetTimer( *(_t44 + 8), 0x3eb, 0xa, _t32);
				_t36 = 9;
				memset(_t44 - 0x54, 0, _t36 << 2);
				 *(_t44 - 0x58) = 0x28;
				 *((intOrPtr*)(_t44 - 0x50)) = GetModuleHandleA(_t32);
				_t40 =  *(_t44 + 8);
				 *((intOrPtr*)(_t44 - 0x4c)) = _t44 - 0x158;
				_t26 =  *0x406a00; // 0x0
				 *(_t44 - 0x54) = _t40;
				 *(_t44 - 0x48) = "About TinyTask";
				 *(_t44 - 0x44) = _t26 | 0x00010080;
				 *((intOrPtr*)(_t44 - 0x40)) = 0xfa1;
				MessageBoxIndirectA(_t44 - 0x58);
				_push(0x3eb);
				_push(_t40);
				KillTimer();
				_t31 = DefWindowProcA( *(_t44 + 8),  *(_t44 + 0xc),  *(_t44 + 0x10),  *(_t44 + 0x14)); // executed
				return _t31;
			}









0x00402e95
0x00402ea8
0x00402eb2
0x00402eb6
0x00402eb9
0x00402ec6
0x00402ecf
0x00402ed2
0x00402ed5
0x00402eda
0x00402ee2
0x00402ee9
0x00402ef0
0x00402ef7
0x00402efd
0x00402efe
0x00402eff
0x00402f11
0x00402f1b

APIs
  • SetTimer.USER32(?,000003EB,0000000A), ref: 00402EA8
  • GetModuleHandleA.KERNEL32 ref: 00402EC0
  • MessageBoxIndirectA.USER32 ref: 00402EF7
  • KillTimer.USER32(?,000003EC), ref: 00402EFF
  • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
Strings
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: Timer$HandleIndirectKillMessageModuleProcWindow
  • String ID: ($About TinyTask
  • API String ID: 3870110939-1252103192
  • Opcode ID: e83f3aa0858c5e14254542d91e5834d56f995870de52a3935aa7cfd91853c17b
  • Instruction ID: c4cc1150962328f141a0f7d524584cdf901ae76d1360cf4fe4c19e88c3ba64ab
  • Opcode Fuzzy Hash: e83f3aa0858c5e14254542d91e5834d56f995870de52a3935aa7cfd91853c17b
  • Instruction Fuzzy Hash: E2111772900248EFDB119FD4ED48ACEBFB4FF48311F10802AF50ABA291DB7499559F94
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 573 402e5b-402e6f ShellExecuteA 574 402f05-402f1b DefWindowProcA 573->574 575 402e75-402e7f 573->575 575->574
APIs
  • ShellExecuteA.SHELL32(?,?,https://www.tinytask.net,?,?,00000001), ref: 00402E66
  • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
Strings
  • TinyTask, xrefs: 00402E7A
  • Unable to connect to "www.tinytask.net", xrefs: 00402E7F
  • https://www.tinytask.net, xrefs: 00402E5F
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: ExecuteProcShellWindow
  • String ID: TinyTask$Unable to connect to "www.tinytask.net"$https://www.tinytask.net
  • API String ID: 2703536495-3181287508
  • Opcode ID: 3d602f3fbfa1e5880e405f0eeb587e2e12831d0e917ecc208f88e54ea70cc833
  • Instruction ID: e57aebe4d560980069bf53ad68e793c256def7a74ebca440632c5ae19307b00a
  • Opcode Fuzzy Hash: 3d602f3fbfa1e5880e405f0eeb587e2e12831d0e917ecc208f88e54ea70cc833
  • Instruction Fuzzy Hash: B8E04F32280109BBDB025F809D89E9F3A29E758794B114432F602780E382FA8C60AA68
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 577 402cd3-402ce7 GetWindowRect 578 402cf5-402cfb 577->578 579 402ce9-402cf3 577->579 580 402d00-402e56 SetWindowPos InvalidateRect UpdateWindow 578->580 579->580 582 402f05-402f11 DefWindowProcA 580->582 583 402f17-402f1b 582->583
C-Code - Quality: 57%
			E00402CD3(RECT* __ebx) {
				intOrPtr _t17;
				long _t25;
				RECT* _t26;
				struct HWND__* _t29;
				void* _t31;
				void* _t34;

				_t26 = __ebx;
				_t29 =  *(_t31 + 8);
				GetWindowRect(_t29, _t31 - 0x2c);
				_t34 =  *0x406a14 - _t26; // 0x0
				if(_t34 == 0) {
					_t17 = 0xc;
					 *((intOrPtr*)(_t31 - 0x20)) =  *((intOrPtr*)(_t31 - 0x20)) - _t17;
					 *0x406a14 = _t17;
				} else {
					 *((intOrPtr*)(_t31 - 0x20)) =  *((intOrPtr*)(_t31 - 0x20)) + 0xc;
					 *0x406a14 = __ebx;
				}
				_push(0x436);
				_push( *((intOrPtr*)(_t31 - 0x20)) -  *((intOrPtr*)(_t31 - 0x28)));
				_push( *((intOrPtr*)(_t31 - 0x24)) -  *(_t31 - 0x2c));
				SetWindowPos(_t29, _t26, _t26, _t26, ??, ??, ??);
				InvalidateRect(_t29, _t26, 1);
				UpdateWindow(_t29);
				_t25 = DefWindowProcA( *(_t31 + 8),  *(_t31 + 0xc),  *(_t31 + 0x10),  *(_t31 + 0x14)); // executed
				return _t25;
			}









0x00402cd3
0x00402cd3
0x00402cdb
0x00402ce1
0x00402ce7
0x00402cf7
0x00402cf8
0x00402cfb
0x00402ce9
0x00402ce9
0x00402ced
0x00402ced
0x00402d03
0x00402d0b
0x00402d12
0x00402e3f
0x00402e49
0x00402e50
0x00402f11
0x00402f1b

APIs
  • GetWindowRect.USER32 ref: 00402CDB
  • SetWindowPos.USER32(?,?,?,?,?,?,00000436), ref: 00402E3F
  • InvalidateRect.USER32(?,?,00000001,?,?,?,?,?,00000436), ref: 00402E49
  • UpdateWindow.USER32(?), ref: 00402E50
  • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: Window$Rect$InvalidateProcUpdate
  • String ID:
  • API String ID: 1941023138-0
  • Opcode ID: 4443bda74050e4ae344e654af5d647cde18fc5b7e8a1387029c7b0ce7eace35f
  • Instruction ID: ebc20ac15df2b3a033a049e14aee733a7be54cc25288c47d4679b2143e786a71
  • Opcode Fuzzy Hash: 4443bda74050e4ae344e654af5d647cde18fc5b7e8a1387029c7b0ce7eace35f
  • Instruction Fuzzy Hash: D601E572900519EFDB01DFA8EE88EDE7BB8FB0D355B008025F202B90A0C37489519F69
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 590 402b44-402b5f 591 402b61-402b68 590->591 592 402b76-402b8e MessageBoxA 590->592 593 402f05-402f11 DefWindowProcA 591->593 592->593 595 402f17-402f1b 593->595
C-Code - Quality: 100%
			E00402B44(void* __eax, void* __edx, void* __esi) {
				void* _t17;

				 *((intOrPtr*)(__edx + _t17 - 0x3a)) =  *((intOrPtr*)(__edx + _t17 - 0x3a)) + __esi;
			}




0x00402b49

APIs
Strings
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: MessageProcWindow
  • String ID: Hotkey Conflict$TinyTask
  • API String ID: 55716251-592453694
  • Opcode ID: 5f45addc77de9b1d8dde8881f0f2cbc6f417d1746466e49ee9f71366abb45294
  • Instruction ID: 599ff71e88f3259926025764a5c9631bbfbbda2681fd87f6eac9559d92110fad
  • Opcode Fuzzy Hash: 5f45addc77de9b1d8dde8881f0f2cbc6f417d1746466e49ee9f71366abb45294
  • Instruction Fuzzy Hash: 2FF03A32204144ABCB028F54DD45A893F30EF45344B158077B642BD0E2E2BA8465AF49
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 584 402afa-402b15 585 402b76-402b8e MessageBoxA 584->585 586 402b17-402b1e 584->586 588 402f05-402f11 DefWindowProcA 585->588 586->585 586->588 589 402f17-402f1b 588->589
C-Code - Quality: 100%
			E00402AFA(void* __eax, signed int __esi) {
				void* _t20;

				 *((intOrPtr*)(_t20 + __esi * 2 - 0x3a)) =  *((intOrPtr*)(_t20 + __esi * 2 - 0x3a)) + __esi;
			}




0x00402aff

APIs
Strings
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: MessageProcWindow
  • String ID: Hotkey Conflict$TinyTask
  • API String ID: 55716251-592453694
  • Opcode ID: 5e14ce3f539c26937f294e9b539925d11bb4764aa3815faedec1e29479b2037f
  • Instruction ID: 405f95ffa23c4f12f33a13628f3863b3da9e1d49951f4cd871cec430e4bbf7e2
  • Opcode Fuzzy Hash: 5e14ce3f539c26937f294e9b539925d11bb4764aa3815faedec1e29479b2037f
  • Instruction Fuzzy Hash: 2AF0FE32244205BBCB025F50DD4579A3F60FB55358F258437F542BC1E1D3F98565AF49
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 596 404680-404693 GetCommandLineA 597 404695-40469b 596->597 598 4046a9-4046ab 596->598 599 4046a1-4046a4 597->599 600 40469d-40469f 597->600 601 4046b3-4046b7 598->601 602 4046ad-4046b1 598->602 599->601 603 4046a6-4046a7 599->603 600->597 600->599 604 4046b9-4046bb 601->604 605 4046bd-4046e5 GetStartupInfoA call 40472d call 404713 601->605 602->601 602->602 603->601 604->603 604->605 610 4046e7-4046eb 605->610 611 4046ed-4046ef 605->611 612 4046f0-4046fd GetModuleHandleA call 401000 610->612 611->612 614 404702-40470a call 404745 ExitProcess 612->614
C-Code - Quality: 100%
			_entry_() {
				struct _STARTUPINFOA _v72;
				char _t10;
				char _t11;
				signed int _t15;
				int _t17;
				intOrPtr _t19;
				char* _t22;

				_t22 = GetCommandLineA();
				_t10 =  *_t22;
				if(_t10 != 0x22) {
					__eflags = _t10 - 0x20;
					if(_t10 <= 0x20) {
						L7:
						_t11 =  *_t22;
						if(_t11 == 0 || _t11 > 0x20) {
							_v72.dwFlags = _v72.dwFlags & 0x00000000;
							GetStartupInfoA( &_v72);
							E0040472D();
							E00404713(0x406000, 0x406004);
							_t30 = _v72.dwFlags & 0x00000001;
							if((_v72.dwFlags & 0x00000001) == 0) {
								_t15 = 0xa;
							} else {
								_t15 = _v72.wShowWindow & 0x0000ffff;
							}
							_t17 = E00401000(_t30, GetModuleHandleA(0), 0, _t22, _t15); // executed
							E00404745();
							ExitProcess(_t17);
						} else {
							L4:
							_t22 = _t22 + 1;
							goto L7;
						}
					} else {
						goto L6;
					}
					do {
						L6:
						_t22 = _t22 + 1;
						__eflags =  *_t22 - 0x20;
					} while ( *_t22 > 0x20);
					goto L7;
				} else {
					goto L1;
				}
				do {
					L1:
					_t19 =  *((intOrPtr*)(_t22 + 1));
					_t22 = _t22 + 1;
				} while (_t19 != 0 && _t19 != 0x22);
				if( *_t22 != 0x22) {
					goto L7;
				}
				goto L4;
			}










0x0040468d
0x0040468f
0x00404693
0x004046a9
0x004046ab
0x004046b3
0x004046b3
0x004046b7
0x004046bd
0x004046c5
0x004046cb
0x004046da
0x004046df
0x004046e5
0x004046ef
0x004046e7
0x004046e7
0x004046e7
0x004046fd
0x00404704
0x0040470a
0x004046a6
0x004046a6
0x004046a6
0x00000000
0x004046a6
0x00000000
0x00000000
0x00000000
0x004046ad
0x004046ad
0x004046ad
0x004046ae
0x004046ae
0x00000000
0x00000000
0x00000000
0x00000000
0x00404695
0x00404695
0x00404695
0x00404698
0x00404699
0x004046a4
0x00000000
0x00000000
0x00000000

APIs
  • GetCommandLineA.KERNEL32 ref: 00404687
  • GetStartupInfoA.KERNEL32(?), ref: 004046C5
  • GetModuleHandleA.KERNEL32(00000000,00000000,00000000,0000000A), ref: 004046F6
  • ExitProcess.KERNEL32 ref: 0040470A
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: CommandExitHandleInfoLineModuleProcessStartup
  • String ID:
  • API String ID: 2164999147-0
  • Opcode ID: a7ed023600afec79d4f681889d2eeb0e48ad05c58f346c18591c58b2a9374090
  • Instruction ID: b1a91a6e2b74f3548383683b1100c06c5c8b3f701606ca986021071b17346c6a
  • Opcode Fuzzy Hash: a7ed023600afec79d4f681889d2eeb0e48ad05c58f346c18591c58b2a9374090
  • Instruction Fuzzy Hash: B3010CA18447445AEB315B60490ABAF3B948F43314F240837EBC1B62C6E67D48C38ADD
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 617 402c9c-402cce SetWindowPos 618 402f05-402f11 DefWindowProcA 617->618 619 402f17-402f1b 618->619
APIs
  • SetWindowPos.USER32(?,-00000002,?,?,0000000A,0000000A,00000003), ref: 00402CC8
  • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: Window$Proc
  • String ID:
  • API String ID: 583982625-0
  • Opcode ID: bf50f914c3e7ffc7f72fd60cb14414feea4da27e6706329e48f34e591025e4dc
  • Instruction ID: 260cddc338231076bd6f7550de8ef022c34cc5639db7ca6125be32ef3a330ba9
  • Opcode Fuzzy Hash: bf50f914c3e7ffc7f72fd60cb14414feea4da27e6706329e48f34e591025e4dc
  • Instruction Fuzzy Hash: EAF03972240509BBEB015F60ED45FAA3B25E705355F058021FA02E80E0C3758D61AB18
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: MessageProcWindow
  • String ID:
  • API String ID: 55716251-0
  • Opcode ID: a42d041ec2682aa28cf26d035ca2d3a9aa8c19b91d2e26691f4e7c91f5bbff14
  • Instruction ID: 4e047d06cda0e92a50df56047ec463d335d9b87dbc63accd3b7a24bd0d4fc026
  • Opcode Fuzzy Hash: a42d041ec2682aa28cf26d035ca2d3a9aa8c19b91d2e26691f4e7c91f5bbff14
  • Instruction Fuzzy Hash: 0BE04F33104045EFCF028F94ED4899D3F61FB46360715846AF652A90B2C7B6C522EF45
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E00402ACD(void* __eax, void* __ebx, void* __ecx) {
				void* _t7;
				long _t9;
				void* _t16;

				_t7 = __eax + 0x406a04;
				 *[fs:eax] =  *[fs:eax] + _t7;
				 *((intOrPtr*)(_t7 -  *((intOrPtr*)(_t7 + _t7)))) =  *((intOrPtr*)(_t7 -  *((intOrPtr*)(_t7 + _t7)))) + __ebx;
				_t9 = DefWindowProcA( *(_t16 + 8),  *(_t16 + 0xc),  *(_t16 + 0x10),  *(_t16 + 0x14)); // executed
				return _t9;
			}






0x00402acd
0x00402ad2
0x00402ada
0x00402f11
0x00402f1b

APIs
  • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: ProcWindow
  • String ID:
  • API String ID: 181713994-0
  • Opcode ID: 70b16e7ca6862fe2dc6e6a46f6e39ca03ff5cd1690ebb784e637bf76d84b71ea
  • Instruction ID: e97300cb53c6eb48d1b9a5d246905f662cdbcf5ef80795e73b08e6251088e78e
  • Opcode Fuzzy Hash: 70b16e7ca6862fe2dc6e6a46f6e39ca03ff5cd1690ebb784e637bf76d84b71ea
  • Instruction Fuzzy Hash: 07E086332081C5AFCB030FA4AD294993F20EF4A354B0A8873E682A50A2C27A8531EB15
Uniqueness

Uniqueness Score: -1.00%

APIs
  • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: ProcWindow
  • String ID:
  • API String ID: 181713994-0
  • Opcode ID: c8fe5e5a417713b1918d64d43014f5a3ba21fedd02b36326661cc03a9e0cd5f3
  • Instruction ID: 65ac05b22f25992b11684c2fb74066950c4aff75a3b85d7e71cd45dd1ea13c32
  • Opcode Fuzzy Hash: c8fe5e5a417713b1918d64d43014f5a3ba21fedd02b36326661cc03a9e0cd5f3
  • Instruction Fuzzy Hash: 58D05E32200004EADF024F84ED44A8E7F21EB89354F208433F602A80A0D3B68631AF55
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E00402A95(void* __eax) {
				intOrPtr* _t6;
				long _t7;
				void* _t11;

				_t6 = __eax + 0x406a04;
				 *_t6 =  *_t6 + _t6;
				 *_t6 =  *_t6 + _t6;
				_t7 = DefWindowProcA( *(_t11 + 8),  *(_t11 + 0xc),  *(_t11 + 0x10),  *(_t11 + 0x14)); // executed
				return _t7;
			}






0x00402a95
0x00402a9a
0x00402a9c
0x00402f11
0x00402f1b

APIs
  • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: ProcWindow
  • String ID:
  • API String ID: 181713994-0
  • Opcode ID: db0e4a61445f15e2861bafb611833fdb84c48873c7a7478ed89a330e4fb05f5c
  • Instruction ID: dbffba37966f872ab556a82dd5bb47bd046feb1fa9b94650fbb76d6d0e3c5481
  • Opcode Fuzzy Hash: db0e4a61445f15e2861bafb611833fdb84c48873c7a7478ed89a330e4fb05f5c
  • Instruction Fuzzy Hash: 0FD09E33104145EFCB025F94ED0559D3F61FB4A365B058472F642A50A1D37A8821AF65
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E00402AAF(void* __eax) {
				long _t8;
				void* _t12;

				_t6 = __eax + 0x406a04;
				 *((intOrPtr*)(__eax + 0x406a04 +  *_t6)) =  *((intOrPtr*)(__eax + 0x406a04 +  *_t6)) + __eax + 0x406a04 +  *_t6;
				_t8 = DefWindowProcA( *(_t12 + 8),  *(_t12 + 0xc),  *(_t12 + 0x10),  *(_t12 + 0x14)); // executed
				return _t8;
			}





0x00402aaf
0x00402ab6
0x00402f11
0x00402f1b

APIs
  • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: ProcWindow
  • String ID:
  • API String ID: 181713994-0
  • Opcode ID: 6f356dd7719f01ef5de09063c3e6e9bc8acf3e5a03031ae99a79323d5556a068
  • Instruction ID: bbcc8d1024c7b2ad99e94aa0aed6deed2e7d6b03234c1db6f6ad748cd76164e8
  • Opcode Fuzzy Hash: 6f356dd7719f01ef5de09063c3e6e9bc8acf3e5a03031ae99a79323d5556a068
  • Instruction Fuzzy Hash: D9D09E33104185AFCB025F94ED4559D3F61EF4A355B058462F642A50A1D3768431AB55
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E00402ABD() {
				intOrPtr _t5;
				long _t6;
				void* _t10;

				_t5 =  *0x406008; // 0x8
				 *0x406a04 = _t5;
				_t6 = DefWindowProcA( *(_t10 + 8),  *(_t10 + 0xc),  *(_t10 + 0x10),  *(_t10 + 0x14)); // executed
				return _t6;
			}






0x00402abd
0x00402ac2
0x00402f11
0x00402f1b

APIs
  • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: ProcWindow
  • String ID:
  • API String ID: 181713994-0
  • Opcode ID: 060b37bd04cde0ce69d3709c2b5eabfd3b999a65c960a375cf823c41a5babb3e
  • Instruction ID: 1c940054b3db183b45bed1325efca524ee869a9c084e3552099c3281fe396897
  • Opcode Fuzzy Hash: 060b37bd04cde0ce69d3709c2b5eabfd3b999a65c960a375cf823c41a5babb3e
  • Instruction Fuzzy Hash: 62D09236200109EBCF029F94EE4488A3B61FB493A5B018432FA46A5060D3728831AF58
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 58%
			E00402AEF() {
				long _t5;
				void* _t9;

				asm("sbb eax, 0x406d1b");
				_t5 = DefWindowProcA( *(_t9 + 8),  *(_t9 + 0xc),  *(_t9 + 0x10),  *(_t9 + 0x14)); // executed
				return _t5;
			}





0x00402aef
0x00402f11
0x00402f1b

APIs
  • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: ProcWindow
  • String ID:
  • API String ID: 181713994-0
  • Opcode ID: 9c049fca779ecfa29e4486dc828377b5fe2e857290d7ce2e0307e7ebe878b782
  • Instruction ID: d40f789e0b04d5827db2e0a9a9f70a1ef8da32f3033334284138e3e7127ca9ff
  • Opcode Fuzzy Hash: 9c049fca779ecfa29e4486dc828377b5fe2e857290d7ce2e0307e7ebe878b782
  • Instruction Fuzzy Hash: 14C0E937204009ABCF025F94ED4499E7B21EB59355B158833FA56A40A193B68531AF55
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 58%
			E00402AA4() {
				long _t5;
				void* _t9;

				asm("sbb eax, 0x406a04");
				_t5 = DefWindowProcA( *(_t9 + 8),  *(_t9 + 0xc),  *(_t9 + 0x10),  *(_t9 + 0x14)); // executed
				return _t5;
			}





0x00402aa4
0x00402f11
0x00402f1b

APIs
  • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: ProcWindow
  • String ID:
  • API String ID: 181713994-0
  • Opcode ID: d0a8537e2fdd292149ebae67b7172adad485f5276b1f593e093a06924addc3d2
  • Instruction ID: ade3f5859509854e221db11ecb9d65a665a9e99d13c315de4784c91dea249606
  • Opcode Fuzzy Hash: d0a8537e2fdd292149ebae67b7172adad485f5276b1f593e093a06924addc3d2
  • Instruction Fuzzy Hash: 28C0C933200009EBCF025F84ED0488E3B21FB49355B008432F602A40A093768831AF55
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 58%
			E00402B39() {
				long _t5;
				void* _t9;

				asm("sbb eax, 0x406d1c");
				_t5 = DefWindowProcA( *(_t9 + 8),  *(_t9 + 0xc),  *(_t9 + 0x10),  *(_t9 + 0x14)); // executed
				return _t5;
			}





0x00402b39
0x00402f11
0x00402f1b

APIs
  • DefWindowProcA.USER32(?,?,?,?), ref: 00402F11
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: ProcWindow
  • String ID:
  • API String ID: 181713994-0
  • Opcode ID: b1eea099679d21919ab5308ca50c3f5b4a83b4faaaa72bec43b9357ddef92ffc
  • Instruction ID: fff3afe805b17c878276525cb6678e382136fbb4a72424296e83aa6735b8d0f2
  • Opcode Fuzzy Hash: b1eea099679d21919ab5308ca50c3f5b4a83b4faaaa72bec43b9357ddef92ffc
  • Instruction Fuzzy Hash: E0C0C933200009ABCF024F84ED0488E3B21EB48355B108432FA02A40A093B68431AF55
Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

C-Code - Quality: 69%
			E004034C6(struct HWND__* _a4, int _a8) {
				int _v4;
				signed int _v5;
				char _v25;
				signed char _t115;
				signed int _t116;
				signed int _t118;
				long _t123;
				signed int _t124;
				int _t126;
				signed int _t131;
				signed int _t132;
				signed int _t134;
				signed int _t135;
				signed int _t140;
				signed int _t141;
				signed int _t144;
				signed int _t147;
				signed int _t151;
				signed int _t156;
				signed int _t157;
				signed int _t162;
				signed int _t163;
				signed int _t169;
				signed int _t186;
				intOrPtr* _t187;
				signed int _t189;
				signed int _t190;
				signed int _t192;
				intOrPtr _t193;
				signed char _t194;
				intOrPtr _t197;
				signed int _t198;
				intOrPtr _t200;
				intOrPtr _t203;
				void* _t204;
				intOrPtr _t207;
				intOrPtr _t210;
				intOrPtr _t213;
				intOrPtr _t216;
				intOrPtr _t220;
				intOrPtr _t223;
				intOrPtr _t226;
				intOrPtr _t227;
				intOrPtr* _t228;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed short _t237;
				intOrPtr _t238;

				_v5 = 0;
				_t115 = GetKeyState(0x13);
				if((_t115 & 0x00000080) != 0) {
					L2:
					 *0x406a08 = 0;
					L3:
					_t237 =  *0x406a08; // 0x0
					if(_t237 != 0) {
						_t116 =  *0x4069f4; // 0x0
						_t200 =  *0x4069f0; // 0x0
						_t228 = mouse_event;
						_t186 = _t116 + _t116 * 4;
						_t231 =  *((intOrPtr*)(_t200 + _t186 * 4));
						_t187 = _t200 + _t186 * 4;
						__eflags = _t231 - 0x100;
						if(_t231 < 0x100) {
							L31:
							 *0x4069f4 = _t116 + 1;
							_t118 = E004042AF( *0x4069f0);
							_t189 = 0x14;
							_t190 =  *0x4069f4; // 0x0
							__eflags = _t190 - _t118 / _t189;
							if(_t190 >= _t118 / _t189) {
								L47:
								__eflags =  *0x406d19; // 0x0
								if(__eflags != 0) {
									_t123 = GetDoubleClickTime() >> 1;
									__eflags = _t123;
									Sleep(_t123);
								}
								_push(0);
								_push( *0x406a08 & 0x0000ffff);
								_push(0x111);
								_push(_a4);
								L50:
								return PostMessageA();
							}
							_t203 =  *0x4069f0; // 0x0
							_t124 = _t190 + _t190 * 4;
							__eflags =  *(_t203 + _t124 * 4);
							_t204 = _t203 + _t124 * 4;
							if( *(_t203 + _t124 * 4) == 0) {
								goto L47;
							}
							_t232 =  *0x406a04; // 0x0
							__eflags = _t232 - 0x64;
							if(_t232 < 0x64) {
								_t126 =  *((intOrPtr*)(_t204 + 0xc)) -  *((intOrPtr*)(_t204 - 8));
								__eflags = _t232 - 1;
								if(_t232 != 1) {
									__eflags = _t232 - 2;
									if(_t232 >= 2) {
										__eflags = _t126 % _t232;
										_t126 = _t126 / _t232;
									}
								} else {
									_t126 = _t126 + _t126;
								}
								_push(0);
								L41:
								return SetTimer(_a4, _a8, _t126);
							} else {
								goto L34;
							}
							while(1) {
								L34:
								__eflags =  *0x406d18; // 0x0
								if(__eflags != 0) {
									break;
								}
								_t207 =  *0x4069f0; // 0x0
								_t131 = _t190 + _t190 * 4;
								__eflags =  *((intOrPtr*)(_t207 + _t131 * 4)) - 0x200;
								if( *((intOrPtr*)(_t207 + _t131 * 4)) != 0x200) {
									break;
								}
								_t132 = _t190;
								_t233 = 6;
								__eflags = _t132 % _t233;
								if(_t132 % _t233 == 0) {
									L38:
									_t134 = GetSystemMetrics(1);
									_t210 =  *0x4069f0; // 0x0
									_t135 =  *0x4069f4; // 0x0
									_t140 = GetSystemMetrics(0);
									_t213 =  *0x4069f0; // 0x0
									_t192 = _t140;
									_t141 =  *0x4069f4; // 0x0
									_t144 =  *(_t213 + 4 + (_t141 + _t141 * 4) * 4) * 0xffff;
									__eflags = _t144 % _t192;
									 *_t228(0x8001, _t144 / _t192,  *(_t210 + 8 + (_t135 + _t135 * 4) * 4) * 0xffff / _t134, 0, 0);
									_t147 =  *0x4069f4; // 0x0
									_t193 =  *0x4069f0; // 0x0
									SetCursorPos( *(_t193 + (_t147 + _t147 * 4) * 4 + 4),  *(_t193 + 8 + (_t147 + _t147 * 4) * 4));
									Sleep(1);
									_t190 =  *0x4069f4; // 0x0
									_v25 = 1;
									L39:
									_t190 = _t190 + 1;
									 *0x4069f4 = _t190;
									continue;
								}
								_t216 =  *0x4069f0; // 0x0
								_t74 = _t190 * 4; // 0x5
								_t151 = _t190 + _t74 + 5;
								__eflags =  *((intOrPtr*)(_t216 + _t151 * 4)) - 0x200;
								if( *((intOrPtr*)(_t216 + _t151 * 4)) == 0x200) {
									goto L39;
								}
								goto L38;
							}
							_push(0);
							asm("sbb eax, eax");
							_t126 = ( ~_v5 & 0x0000004a) + 1;
							__eflags = _t126;
							goto L41;
						}
						__eflags = _t231 - 0x101;
						if(_t231 <= 0x101) {
							_t194 =  *((intOrPtr*)(_t187 + 4));
							__eflags = _t194 - 0xa0;
							_v4 = _t194;
							if(_t194 == 0xa0) {
								goto L31;
							}
							__eflags = _t231 - 0x101;
							if(_t231 != 0x101) {
								__eflags = 0;
							} else {
								_push(2);
								_pop(0);
							}
							__eflags = _t194 - 0x21;
							if(_t194 < 0x21) {
								L23:
								__eflags = _t194 - 0x11;
								if(_t194 == 0x11) {
									goto L28;
								}
								__eflags = _t194 - 0x5b;
								if(_t194 == 0x5b) {
									goto L28;
								}
								__eflags = _t194 - 0x5c;
								if(_t194 == 0x5c) {
									goto L28;
								}
								__eflags = _t194 - 0x5d;
								if(_t194 == 0x5d) {
									goto L28;
								}
								goto L29;
							} else {
								__eflags = _t194 - 0x2e;
								if(_t194 <= 0x2e) {
									L28:
									_push(1);
									_pop(0);
									L29:
									__eflags = 0;
									keybd_event(_v4, MapVirtualKeyA(_t194 & 0x000000ff, 0), 0, 0);
									L30:
									_t116 =  *0x4069f4; // 0x0
									goto L31;
								}
								goto L23;
							}
						}
						__eflags = _t231 - 0x200;
						if(__eflags == 0) {
							_t156 = GetSystemMetrics(1);
							_t220 =  *0x4069f0; // 0x0
							_t157 =  *0x4069f4; // 0x0
							_t162 = GetSystemMetrics(0);
							_t223 =  *0x4069f0; // 0x0
							_t163 =  *0x4069f4; // 0x0
							mouse_event(0x8001,  *(_t223 + 4 + (_t163 + _t163 * 4) * 4) * 0xffff / _t162,  *(_t220 + 8 + (_t157 + _t157 * 4) * 4) * 0xffff / _t156, 0, 0);
							_t169 =  *0x4069f4; // 0x0
							_t197 =  *0x4069f0; // 0x0
							SetCursorPos( *(_t197 + (_t169 + _t169 * 4) * 4 + 4),  *(_t197 + 8 + (_t169 + _t169 * 4) * 4));
							goto L30;
						}
						if(__eflags <= 0) {
							goto L31;
						}
						__eflags = _t231 - 0x202;
						if(_t231 <= 0x202) {
							 *0x406d19 = 1;
							__eflags =  *_t187 - 0x201;
							mouse_event(((0 |  *_t187 != 0x00000201) - 0x00000001 & 0x000000fe) + 4, 0, 0, 0, 0);
							_t116 =  *0x4069f4; // 0x0
							_t226 =  *0x4069f0; // 0x0
							_t198 = _t116 + _t116 * 4;
							__eflags =  *((intOrPtr*)(_t226 + _t198 * 4)) - 0x201;
							L14:
							 *0x406d18 = _t198 & 0xffffff00 | __eflags == 0x00000000;
							goto L31;
						}
						__eflags = _t231 - 0x203;
						if(_t231 <= 0x203) {
							goto L31;
						}
						__eflags = _t231 - 0x205;
						if(_t231 > 0x205) {
							goto L31;
						}
						__eflags = _t231 - 0x204;
						mouse_event(((0 | _t231 != 0x00000204) - 0x00000001 & 0x000000f8) + 0x10, 0, 0, 0, 0);
						_t116 =  *0x4069f4; // 0x0
						_t227 =  *0x4069f0; // 0x0
						_t198 = _t116 + _t116 * 4;
						__eflags =  *((intOrPtr*)(_t227 + _t198 * 4)) - 0x201;
						goto L14;
					}
					_t238 =  *0x406d1d; // 0x0
					if(_t238 == 0) {
						return _t115;
					}
					_push(0);
					_push(0);
					_push(0x10);
					_push( *0x4069e0);
					goto L50;
				}
				_t115 = GetKeyState(0x91);
				if((_t115 & 0x00000080) == 0) {
					goto L3;
				}
				goto L2;
			}




















































0x004034d6
0x004034da
0x004034df
0x004034ed
0x004034ed
0x004034f3
0x004034f3
0x004034f9
0x00403516
0x0040351b
0x00403527
0x0040352d
0x00403530
0x00403533
0x00403536
0x0040353c
0x004036b9
0x004036c0
0x004036c5
0x004036cf
0x004036d2
0x004036d8
0x004036da
0x0040380a
0x0040380a
0x00403810
0x00403818
0x00403818
0x0040381b
0x0040381b
0x00403828
0x00403829
0x0040382a
0x0040382f
0x00403833
0x00000000
0x00403833
0x004036e0
0x004036e6
0x004036e9
0x004036ec
0x004036ef
0x00000000
0x00000000
0x004036f5
0x004036fb
0x004036fe
0x004037f2
0x004037f5
0x004037f8
0x004037fe
0x00403801
0x00403805
0x00403805
0x00403805
0x004037fa
0x004037fa
0x004037fa
0x00403807
0x004037de
0x00000000
0x00000000
0x00000000
0x00000000
0x00403704
0x00403704
0x00403704
0x0040370a
0x00000000
0x00000000
0x00403710
0x00403716
0x00403719
0x00403720
0x00000000
0x00000000
0x00403728
0x0040372c
0x0040372f
0x00403731
0x00403746
0x0040374a
0x0040374c
0x00403754
0x0040376c
0x0040376e
0x00403774
0x00403776
0x00403784
0x0040378a
0x00403792
0x00403794
0x00403799
0x004037ac
0x004037b4
0x004037ba
0x004037c0
0x004037c5
0x004037c5
0x004037c6
0x00000000
0x004037c6
0x00403733
0x00403739
0x00403739
0x0040373d
0x00403744
0x00000000
0x00000000
0x00000000
0x00403744
0x004037d5
0x004037d8
0x004037dd
0x004037dd
0x00000000
0x004037dd
0x00403547
0x00403549
0x0040365e
0x00403661
0x00403664
0x00403668
0x00000000
0x00000000
0x0040366a
0x0040366c
0x00403673
0x0040366e
0x0040366e
0x00403670
0x00403670
0x00403675
0x00403678
0x0040367f
0x0040367f
0x00403682
0x00000000
0x00000000
0x00403684
0x00403687
0x00000000
0x00000000
0x00403689
0x0040368c
0x00000000
0x00000000
0x0040368e
0x00403691
0x00000000
0x00000000
0x00000000
0x0040367a
0x0040367a
0x0040367d
0x00403697
0x00403697
0x00403699
0x0040369a
0x0040369a
0x004036ae
0x004036b4
0x004036b4
0x00000000
0x004036b4
0x00000000
0x0040367d
0x00403678
0x00403554
0x00403556
0x004035f4
0x004035f6
0x004035fe
0x00403616
0x00403618
0x00403620
0x0040363c
0x0040363e
0x00403643
0x00403656
0x00000000
0x00403656
0x0040355c
0x00000000
0x00000000
0x00403562
0x00403568
0x004035c2
0x004035cb
0x004035db
0x004035dd
0x004035e2
0x004035e8
0x004035eb
0x004035af
0x004035b2
0x00000000
0x004035b2
0x0040356a
0x00403570
0x00000000
0x00000000
0x00403576
0x0040357c
0x00000000
0x00000000
0x00403584
0x00403598
0x0040359a
0x0040359f
0x004035a5
0x004035a8
0x00000000
0x004035a8
0x004034fb
0x00403501
0x0040383f
0x0040383f
0x00403507
0x00403508
0x00403509
0x0040350b
0x00000000
0x0040350b
0x004034e6
0x004034eb
0x00000000
0x00000000
0x00000000

APIs
  • GetKeyState.USER32 ref: 004034DA
  • GetKeyState.USER32 ref: 004034E6
  • mouse_event.USER32 ref: 00403598
  • mouse_event.USER32 ref: 004035DB
  • GetSystemMetrics.USER32 ref: 004035F4
  • GetSystemMetrics.USER32 ref: 00403616
  • mouse_event.USER32 ref: 0040363C
  • SetCursorPos.USER32(?,?,?,00000000,?,?,004018DF,?,000003EA), ref: 00403656
  • GetSystemMetrics.USER32 ref: 0040374A
  • GetSystemMetrics.USER32 ref: 0040376C
  • mouse_event.USER32 ref: 00403792
  • SetCursorPos.USER32(?,?,?,?,004018DF,?,000003EA), ref: 004037AC
  • Sleep.KERNEL32(00000001,?,?,004018DF,?,000003EA), ref: 004037B4
  • SetTimer.USER32(00000000,00000000,?,00000000), ref: 004037E7
  • PostMessageA.USER32 ref: 00403833
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: MetricsSystemmouse_event$CursorState$MessagePostSleepTimer
  • String ID:
  • API String ID: 203055827-0
  • Opcode ID: d3f8d64b5e7190012166dfd82cf50fc04a1379ee699abd62a7b768a1f457340b
  • Instruction ID: 21240027269b291347ce267e244152a0a87117dcadd7f2a7bfe16b9bf36c52a4
  • Opcode Fuzzy Hash: d3f8d64b5e7190012166dfd82cf50fc04a1379ee699abd62a7b768a1f457340b
  • Instruction Fuzzy Hash: 94A106B0200106AFE724DF18DD94E763B9DF785304F12817BE102AB6E2D67A9D619F98
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 91%
			E00403B09(intOrPtr* _a4) {
				void _v263;
				char _v264;
				struct _WIN32_FIND_DATAA _v584;
				int _t23;
				void* _t31;
				void* _t50;
				signed int _t52;
				void* _t53;
				signed int _t54;
				void* _t73;
				intOrPtr* _t74;

				_t52 = 0;
				_t54 = 0x4f;
				_v584.dwFileAttributes = 0;
				_push(0x40);
				_t23 = memset( &(_v584.ftCreationTime), 0, _t54 << 2);
				_v264 = 0;
				_t74 = _a4;
				memset( &_v263, _t23, 0 << 2);
				asm("stosw");
				asm("stosb");
				if(_t74 == 0 ||  *_t74 == 0) {
					L22:
					return 0;
				} else {
					E004041B8(_t74,  &_v264);
					if((GetFileAttributesA( &_v264) + 0x00000001 & 0x00000010) != 0) {
						L7:
						_t31 = 1;
						return _t31;
					}
					if(E00404525( &_v264, 0x2a) != 0 || E00404525( &_v264, 0x3f) != 0) {
						_t73 = FindFirstFileA( &_v264,  &_v584);
						if( *_t74 != _t52) {
							_t52 =  *((char*)(E004043D7(_t74) + _t74 - 1));
						}
						if(_t52 != 0x5c) {
							_t53 = _t52 | 0xffffffff;
							if(_t73 == _t53) {
								goto L22;
							}
							while(E0040448E( &(_v584.cFileName), 0x40677c) == 0 || E0040448E( &(_v584.cFileName), 0x406778) == 0) {
								if(FindNextFileA(_t73,  &_v584) == 0) {
									FindClose(_t73);
									_t73 = _t53;
								}
								if(_t73 != _t53) {
									continue;
								} else {
									break;
								}
							}
							if(_t73 == _t53) {
								goto L22;
							}
							FindClose(_t73);
						} else {
							if(_t73 == 0xffffffff) {
								goto L22;
							}
							FindClose(_t73);
						}
					} else {
						_t50 = CreateFileA( &_v264, 0x80000000, 3, 0, 3, 0x80, 0);
						if(_t50 == 0xffffffff) {
							goto L22;
						}
						CloseHandle(_t50);
					}
					goto L7;
				}
			}














0x00403b17
0x00403b19
0x00403b22
0x00403b28
0x00403b2a
0x00403b33
0x00403b39
0x00403b3c
0x00403b3e
0x00403b42
0x00403b43
0x00403c6a
0x00000000
0x00403b51
0x00403b59
0x00403b70
0x00403bc7
0x00403bc9
0x00000000
0x00403bc9
0x00403b84
0x00403be5
0x00403be7
0x00403bef
0x00403bf4
0x00403bf8
0x00403c08
0x00403c0d
0x00000000
0x00000000
0x00403c15
0x00403c53
0x00403c56
0x00403c58
0x00403c58
0x00403c5c
0x00000000
0x00000000
0x00000000
0x00000000
0x00403c5c
0x00403c60
0x00000000
0x00000000
0x00403c63
0x00403bfa
0x00403bfd
0x00000000
0x00000000
0x00403c00
0x00403c00
0x00403b9a
0x00403bb1
0x00403bba
0x00000000
0x00000000
0x00403bc1
0x00403bc1
0x00000000
0x00403b84

APIs
    • Part of subcall function 004041B8: ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000103,00000000,00403CBD,004010B3,?), ref: 004041E0
  • GetFileAttributesA.KERNEL32(?,C0000000,76CDF7B0,00000080), ref: 00403B67
  • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00403BB1
  • CloseHandle.KERNEL32(00000000), ref: 00403BC1
  • FindFirstFileA.KERNEL32(?,?), ref: 00403BDD
  • FindClose.KERNEL32(00000000), ref: 00403C00
  • FindNextFileA.KERNEL32(00000000,?), ref: 00403C4B
  • FindClose.KERNEL32(00000000), ref: 00403C56
  • FindClose.KERNEL32(00000000), ref: 00403C63
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: Find$CloseFile$AttributesCreateEnvironmentExpandFirstHandleNextStrings
  • String ID:
  • API String ID: 4171416902-0
  • Opcode ID: 846ae757fb93dd96231631fb0bd60a5ac06f77789042b534643d51bdc34c2352
  • Instruction ID: e1ac57afb29f337bbfc01b4c37a33415eab2da7915a8ac3ffd06022a65d69b60
  • Opcode Fuzzy Hash: 846ae757fb93dd96231631fb0bd60a5ac06f77789042b534643d51bdc34c2352
  • Instruction Fuzzy Hash: CA4125B39002196AEB209A749CC8BEF3B7CDB54726F1000BBF344F20C1DA789F814A58
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E0040424C(signed int _a4, signed int _a8) {

				return HeapAlloc(GetProcessHeap(), 8, _a4 * _a8);
			}



0x00404265

APIs
  • GetProcessHeap.KERNEL32(00000008,004046D0,0040473D,00000020,00000004,004046D0), ref: 00404258
  • HeapAlloc.KERNEL32(00000000), ref: 0040425F
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: Heap$AllocProcess
  • String ID:
  • API String ID: 1617791916-0
  • Opcode ID: f99d22f5a8df0d0e8d007fcd5727663fa01546c3604a1ab640b57c0ff2247634
  • Instruction ID: a4965471384d461b3c446fe3d87201e807eabb61d08fa2ce669204f1d343d336
  • Opcode Fuzzy Hash: f99d22f5a8df0d0e8d007fcd5727663fa01546c3604a1ab640b57c0ff2247634
  • Instruction Fuzzy Hash: 33C04C71544601ABDA009BA4DF4DA1F7BA8FB94701F048414B145E5060C63098008F65
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 75%
			E00403108(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				void* _v16;
				struct tagRECT _v20;
				struct tagPAINTSTRUCT _v84;
				struct tagLOGFONTA _v144;
				void _v207;
				char _v208;
				void* _t72;
				struct HWND__* _t81;
				signed int _t83;
				int _t102;
				void* _t104;

				_t83 = 0xf;
				_v84.hdc = 0;
				memset( &(_v84.fErase), 0, _t83 << 2);
				_v20.left = 0;
				asm("stosd");
				_v208 = _v208 & 0;
				_push(0xf);
				asm("stosd");
				asm("stosd");
				_t102 = _a8;
				memset( &_v207, 0, 0 << 2);
				asm("stosw");
				asm("stosb");
				_push(0xe);
				_v144.lfHeight = 0;
				memset( &(_v144.lfWidth), 0, 0 << 2);
				if(_t102 != 0x200) {
					if(_t102 != 0x201) {
						if(_t102 != 0xf) {
							L2:
							return DefWindowProcA(_a4, _t102, _a12, _a16);
						}
						_t81 = _a4;
						BeginPaint(_t81,  &_v84);
						GetClientRect(_t81,  &_v20);
						SetBkMode(_v84.hdc, 1);
						SetTextColor(_v84.hdc, 0xd78d07);
						SelectObject(_v84.hdc, GetStockObject(0x11));
						GetObjectA(GetStockObject(0x11), 0x3c,  &_v144);
						_v144.lfHeight = _v144.lfHeight + _v144.lfHeight;
						_t104 = CreateFontIndirectA( &_v144);
						SelectObject(_v84.hdc, _t104);
						GetWindowTextA(_t81,  &_v208, 0x3f);
						if(_t81 != 0 && IsWindow(_t81) != 0 && (GetWindowLongA(_t81, 0xfffffff0) & 0x00000001) != 0) {
							_push(1);
							_pop(0);
						}
						DrawTextA(_v84,  &_v208, E004043D7( &_v208),  &_v20, 0xbadbad);
						EndPaint(_t81,  &_v84);
						if(_t104 != 0) {
							DeleteObject(_t104);
						}
						_t72 = 1;
						return _t72;
					}
					PostMessageA( *0x4069e0, 0x111, GetWindowLongA(_a4, 0xfffffff4) & 0x0000ffff, 1);
					goto L2;
				}
				SetCursor( *0x4069e4);
				goto L2;
			}














0x00403117
0x0040311d
0x00403120
0x00403125
0x00403128
0x00403129
0x0040312f
0x00403131
0x00403132
0x0040313c
0x0040313f
0x00403141
0x00403143
0x00403144
0x0040314f
0x0040315b
0x0040315d
0x00403187
0x004031b0
0x0040316b
0x00000000
0x00403175
0x004031b3
0x004031bb
0x004031c6
0x004031d1
0x004031df
0x004031f9
0x00403209
0x00403217
0x0040322a
0x00403230
0x0040323c
0x00403244
0x0040325e
0x00403260
0x00403260
0x0040328e
0x00403299
0x004032a2
0x004032a5
0x004032a5
0x004032ad
0x00000000
0x004032ad
0x004031a5
0x00000000
0x004031a5
0x00403165
0x00000000

APIs
  • SetCursor.USER32 ref: 00403165
  • DefWindowProcA.USER32(?,?,?,?), ref: 00403175
  • GetWindowLongA.USER32 ref: 00403190
  • PostMessageA.USER32 ref: 004031A5
  • BeginPaint.USER32(?,?), ref: 004031BB
  • GetClientRect.USER32(?,?), ref: 004031C6
  • SetBkMode.GDI32(?,00000001), ref: 004031D1
  • SetTextColor.GDI32(?,00D78D07), ref: 004031DF
  • GetStockObject.GDI32(00000011), ref: 004031ED
  • SelectObject.GDI32(?,00000000), ref: 004031F9
  • GetStockObject.GDI32(00000011), ref: 00403206
  • GetObjectA.GDI32(00000000), ref: 00403209
  • CreateFontIndirectA.GDI32(?), ref: 00403224
  • SelectObject.GDI32(?,00000000), ref: 00403230
  • GetWindowTextA.USER32 ref: 0040323C
  • IsWindow.USER32(?), ref: 00403247
  • GetWindowLongA.USER32 ref: 00403254
  • DrawTextA.USER32(?,?,00000000,?,00000000), ref: 0040328E
  • EndPaint.USER32(?,?), ref: 00403299
  • DeleteObject.GDI32(00000000), ref: 004032A5
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: Object$Window$Text$LongPaintSelectStock$BeginClientColorCreateCursorDeleteDrawFontIndirectMessageModePostProcRect
  • String ID:
  • API String ID: 1323531340-0
  • Opcode ID: 80f6b17f92aeb9e0d79c0b838b47aa74e400cc66309a368cd808f196d33da438
  • Instruction ID: f6a75a345252a565a7efb7e4d5d8ae1a11078984608b2f9e6db09855e2cd8f16
  • Opcode Fuzzy Hash: 80f6b17f92aeb9e0d79c0b838b47aa74e400cc66309a368cd808f196d33da438
  • Instruction Fuzzy Hash: 2C414C72900519ABEF109FA4DD48FAF7B7CFB08311F004576F605FA1A1CAB09A549FA4
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 92%
			E00403EA0(void* _a4, long _a8, void* _a12, long _a16, long _a20, signed int _a24) {
				long _v8;
				long _v12;
				void _v271;
				char _v272;
				void _v531;
				char _v532;
				char* _t79;
				char _t83;
				void* _t85;
				long _t90;
				void* _t98;
				intOrPtr* _t109;
				signed int _t110;
				signed int _t118;
				void* _t133;
				long _t136;
				void* _t137;

				_v272 = _v272 & 0x00000000;
				_t110 = 0x40;
				memset( &_v271, 0, _t110 << 2);
				_v532 = _v532 & 0x00000000;
				_push(0x40);
				asm("stosw");
				asm("stosb");
				memset( &_v531, 0, 0 << 2);
				asm("stosw");
				asm("stosb");
				_t79 = _a4;
				_v8 = 0;
				_v12 = 0;
				if(_t79 == 0 ||  *_t79 == 0) {
					L37:
					return 0;
				} else {
					E004041B8(_t79,  &_v272);
					if( &_v272 == 0 || _v272 == 0) {
						_t83 = 0;
					} else {
						_t83 =  *((char*)(_t137 + E004043D7( &_v272) - 0x10d));
					}
					if(_t83 != 0x5c) {
						_t85 = CreateFileA( &_v272, 0xc0000000, 3, 0, 4, 0x80, 0);
						_a4 = _t85;
						if(_t85 == 0xffffffff || _t85 == 0) {
							if(E00403B09( &_v272) != 0 || E00404525( &_v272, 0x5c) == 0) {
								goto L27;
							} else {
								_t98 = 0;
								_a4 = 0;
								if(_v272 == 0) {
									L26:
									_a4 = CreateFileA( &_v272, 0xc0000000, 3, 0, 4, 0x80, 0);
									goto L27;
								}
								while(_t98 < 0x104) {
									if( *((char*)(_t137 + _t98 - 0x10c)) == 0x5c && _t98 > 1 &&  *((char*)(_t137 + _t98 - 0x10d)) != 0x3a) {
										_v8 = CreateDirectoryA( &_v532, 0);
										_t98 = _a4;
									}
									 *((char*)(_t137 + _t98 - 0x210)) =  *((intOrPtr*)(_t137 + _t98 - 0x10c));
									_t98 = _t98 + 1;
									_a4 = _t98;
									if( *((char*)(_t137 + _t98 - 0x10c)) != 0) {
										continue;
									} else {
										goto L26;
									}
								}
								goto L26;
							}
						} else {
							L27:
							if(_a4 == 0xffffffff || _a4 == 0) {
								goto L44;
							} else {
								if(_a12 == 0) {
									L42:
									_v8 = 1;
									L43:
									CloseHandle(_a4);
									goto L44;
								}
								_t136 = _a16;
								if(_t136 == 0) {
									goto L42;
								}
								_t90 = _a20;
								_t118 = _a24;
								if((_t90 | _t118) == 0) {
									_t90 = _a8;
									if(_t90 == 0xffffffff) {
										_t90 = GetFileSize(_a4,  &_v12);
									}
								} else {
									_v12 = _t118;
								}
								if(SetFilePointer(_a4, _t90,  &_v12, 0) != 0xffffffff) {
									if(WriteFile(_a4, _a12, _t136,  &_v8, 0) == 0 || _v8 != _t136) {
										_v8 = _v8 & 0x00000000;
									}
									goto L43;
								} else {
									CloseHandle(_a4);
									goto L37;
								}
							}
						}
					} else {
						_t133 = 0;
						if(_v272 == 0) {
							L44:
							return _v8;
						}
						while(_t133 < 0x104) {
							_t109 = _t137 + _t133 - 0x10c;
							if( *((char*)(_t137 + _t133 - 0x10c)) == 0x5c && _t133 > 1 &&  *((char*)(_t137 + _t133 - 0x10d)) != 0x3a) {
								_v8 = CreateDirectoryA( &_v532, 0);
							}
							 *((char*)(_t137 + _t133 - 0x210)) =  *_t109;
							_t133 = _t133 + 1;
							if( *((char*)(_t137 + _t133 - 0x10c)) != 0) {
								continue;
							}
							goto L44;
						}
						goto L44;
					}
				}
			}




















0x00403ea9
0x00403eb7
0x00403ebe
0x00403ec0
0x00403ec7
0x00403ec9
0x00403ecb
0x00403ed7
0x00403ed9
0x00403edb
0x00403edc
0x00403edf
0x00403ee4
0x00403ee7
0x004040d3
0x00000000
0x00403ef6
0x00403efe
0x00403f0d
0x00403f2f
0x00403f18
0x00403f24
0x00403f2c
0x00403f34
0x00403fba
0x00403fbf
0x00403fc2
0x00403fdb
0x00000000
0x00403ff5
0x00403ff5
0x00403ffd
0x00404000
0x00404053
0x00404066
0x00000000
0x00404066
0x00404002
0x00404011
0x00404031
0x00404034
0x00404034
0x0040403e
0x00404045
0x00404046
0x00404051
0x00000000
0x00000000
0x00000000
0x00000000
0x00404051
0x00000000
0x00404002
0x00404069
0x00404069
0x0040406d
0x00000000
0x0040407d
0x00404081
0x004040fc
0x004040fc
0x00404103
0x00404106
0x00000000
0x00404106
0x00404083
0x00404088
0x00000000
0x00000000
0x0040408a
0x0040408d
0x00404094
0x004040a0
0x004040a6
0x004040af
0x004040af
0x00404096
0x00404098
0x0040409b
0x004040c8
0x004040ef
0x004040f6
0x004040f6
0x00000000
0x004040ca
0x004040cd
0x00000000
0x004040cd
0x004040c8
0x0040406d
0x00403f36
0x00403f36
0x00403f3f
0x0040410c
0x00000000
0x0040410c
0x00403f45
0x00403f59
0x00403f60
0x00403f7f
0x00403f7f
0x00403f84
0x00403f8b
0x00403f94
0x00000000
0x00000000
0x00000000
0x00403f96
0x00000000
0x00403f45
0x00403f34

APIs
  • CreateDirectoryA.KERNEL32(00000000,00000000,00406A18,.exe), ref: 00403F79
  • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000004,00000080,00000000,00406A18,.exe), ref: 00403FBA
  • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0040402B
  • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000004,00000080,00000000), ref: 00404064
  • GetFileSize.KERNEL32(00000000,00000000), ref: 004040AF
  • SetFilePointer.KERNEL32(00000000,?,00000000,00000000), ref: 004040BF
  • CloseHandle.KERNEL32(00000000), ref: 004040CD
  • WriteFile.KERNEL32(00000000,00000000,?,000000FF,00000000), ref: 004040E7
  • CloseHandle.KERNEL32(00000000), ref: 00404106
    • Part of subcall function 004041B8: ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000103,00000000,00403CBD,004010B3,?), ref: 004041E0
Strings
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: File$Create$CloseDirectoryHandle$EnvironmentExpandPointerSizeStringsWrite
  • String ID: .exe$:$\
  • API String ID: 3910135208-1936334728
  • Opcode ID: 07c6cc2da5fd7bc73eee36edc06d27bd476b09bc8f69930adcfd62b545753e8c
  • Instruction ID: 8da40a83878325327a48a3c8ed4d5288776f62350ec6bc98e64e3549844fff20
  • Opcode Fuzzy Hash: 07c6cc2da5fd7bc73eee36edc06d27bd476b09bc8f69930adcfd62b545753e8c
  • Instruction Fuzzy Hash: B271A5B0900258AAEF20CF64CC48BDE7BA8AB55350F1085B6EB44B61C0D3B89EC58F95
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 71%
			E00402F8E(CHAR* _a4, intOrPtr _a8) {
				struct HWND__* _v8;
				void _v263;
				char _v264;
				intOrPtr _t24;
				intOrPtr _t26;
				signed int _t28;
				signed int _t29;
				void* _t32;
				void* _t35;
				CHAR* _t36;
				intOrPtr _t40;
				signed int _t44;
				signed int _t50;
				signed int _t54;
				signed int _t60;
				intOrPtr* _t64;
				signed int _t65;
				CHAR* _t73;
				void* _t74;

				_t54 = 0x3f;
				_v264 = 0;
				_v8 = 0;
				memset( &_v263, 0, _t54 << 2);
				asm("stosw");
				asm("stosb");
				_t73 = _a4;
				_t74 = E00403C71(_t73);
				if(_t74 >= 1) {
					_t24 =  *0x4069f0; // 0x0
					if(_t24 != 0) {
						E00404294(_t24);
						 *0x4069f0 = 0;
					}
					_t8 = _t74 + 0x1000; // 0x1000
					_t26 = E0040424C(_t8, 1);
					 *0x4069f0 = _t26;
					if(_t26 != 0) {
						E00403D51(_t73, _a8, _t26, _t74,  &_v8, 0, 0);
						_t28 = _v8;
						if(_t28 < 2) {
							L10:
							_t29 =  *0x406a00; // 0x0
							if(MessageBoxA(0, "This file does not appear to be a valid recording.\n\nLoad anyway?", _t73, _t29 | 0x00012024) != 7) {
								L15:
								_t32 = E004042AF( *0x4069f0);
								_t60 = 0x14;
								 *0x406b18 = 0;
								 *0x4069f4 = (_t32 - 0x1000) / _t60;
								_t35 = E0040454C(_t73, 0x5c);
								if(_t35 == 0) {
									_t36 = _t73;
								} else {
									_t36 = _t35 + 1;
								}
								E004043F5(0x406b18, _t36);
								SetWindowTextA( *0x4069e0, 0x406b18);
								return _v8;
							}
							_t40 =  *0x4069f0; // 0x0
							if(_t40 != 0) {
								E00404294(_t40);
							}
							 *0x4069f0 = 0;
							goto L14;
						}
						_t64 =  *0x4069f0; // 0x0
						if( *_t64 != 0) {
							goto L10;
						}
						_t65 = 0x14;
						if(_t28 % _t65 == 0) {
							goto L15;
						}
						goto L10;
					} else {
						_t44 =  *0x406a00; // 0x0
						_push(_t44 | 0x00012030);
						_push("TinyTask");
						_push("Memory allocation error!");
						L2:
						MessageBoxA(0, ??, ??, ??);
						L14:
						return 0;
					}
				}
				wsprintfA( &_v264, "Unable to read file \"%s\"", _t73);
				_t50 =  *0x406a00; // 0x0
				_push(_t50 | 0x00012030);
				_push("TinyTask");
				_push( &_v264);
				goto L2;
			}






















0x00402f9e
0x00402fa7
0x00402fad
0x00402fb0
0x00402fb2
0x00402fb4
0x00402fb5
0x00402fbe
0x00402fc4
0x00402fff
0x00403006
0x00403009
0x0040300f
0x0040300f
0x00403015
0x0040301e
0x00403027
0x0040302c
0x00403051
0x00403056
0x0040305f
0x00403076
0x00403076
0x00403091
0x004030ad
0x004030b3
0x004030c1
0x004030c7
0x004030cd
0x004030d2
0x004030dc
0x004030e1
0x004030de
0x004030de
0x004030de
0x004030ea
0x004030f8
0x00000000
0x004030fe
0x00403093
0x0040309a
0x0040309d
0x004030a2
0x004030a3
0x00000000
0x004030a3
0x00403061
0x00403069
0x00000000
0x00000000
0x0040306f
0x00403074
0x00000000
0x00000000
0x00000000
0x0040302e
0x0040302e
0x00403038
0x00403039
0x0040303e
0x00402ff3
0x00402ff4
0x004030a9
0x00000000
0x004030a9
0x0040302c
0x00402fd3
0x00402fd9
0x00402fe6
0x00402fed
0x00402ff2
0x00000000

APIs
    • Part of subcall function 00403C71: GetFileAttributesExA.KERNEL32(?,00000000,?), ref: 00403CE7
  • wsprintfA.USER32 ref: 00402FD3
    • Part of subcall function 00403D51: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,004013EF,00000000,00000000), ref: 00403DB9
    • Part of subcall function 00403D51: SetFilePointer.KERNEL32(00000000,?,?,00000000), ref: 00403DF9
    • Part of subcall function 00403D51: CloseHandle.KERNEL32(?), ref: 00403E93
  • MessageBoxA.USER32 ref: 00402FF4
  • MessageBoxA.USER32 ref: 00403088
  • SetWindowTextA.USER32(00406B18), ref: 004030F8
Strings
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: File$Message$AttributesCloseCreateHandlePointerTextWindowwsprintf
  • String ID: Memory allocation error!$This file does not appear to be a valid recording.Load anyway?$TinyTask$TinyTaskClass$Unable to read file "%s"
  • API String ID: 344658048-2912620699
  • Opcode ID: 5fcaffc6a2ab7b823241455dc34ed20f4e8bcb65c2bbef984b7f86e285a76b6a
  • Instruction ID: c9cd6a8f688574f1fc342cda05c0a042cae3b483400ee2c9893451d3259a965f
  • Opcode Fuzzy Hash: 5fcaffc6a2ab7b823241455dc34ed20f4e8bcb65c2bbef984b7f86e285a76b6a
  • Instruction Fuzzy Hash: 324103F2A01100BFD7109F64ED86EAB3BADF791340B11043FF502F61D2DA799A509A6C
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 88%
			E004032FD(struct HWND__* _a4, int _a8) {
				signed int _v5;
				struct tagPOINT _v16;
				signed int _v28;
				signed int _v32;
				long _v36;
				intOrPtr _t60;
				signed char _t66;
				signed int _t67;
				struct HWND__* _t68;
				signed int _t69;
				signed int _t71;
				signed int _t73;
				long _t75;
				signed int _t80;
				signed char _t85;
				signed int _t86;
				intOrPtr _t88;
				signed int _t92;
				signed int _t96;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr _t100;
				signed int _t101;
				long _t103;
				intOrPtr _t105;
				intOrPtr _t107;
				signed int _t113;
				signed int _t116;
				int _t117;
				int _t118;
				void* _t133;

				_t92 = 0;
				_v16.x = 0;
				_v36 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t60 =  *0x4069f0; // 0x0
				if(_t60 == 0) {
					L3:
					 *0x4069f0 = E00404266( *0x4069f0, _t92 + 0x4e20);
				} else {
					_t92 = E004042AF(_t60);
					if(_t92 < 1) {
						goto L3;
					} else {
						_t80 =  *0x4069f4; // 0x0
						_t116 = 0x14;
						_t5 = _t80 + 0x64; // 0x64
						if(_t5 >= _t92 / _t116) {
							goto L3;
						}
					}
				}
				_v5 = 1;
				while(1) {
					_t117 = _v5 & 0x000000ff;
					_t85 = GetAsyncKeyState(_t117) >> 0x0000000f & 0x00000001;
					if( *((intOrPtr*)(_t117 + 0x406d20)) != _t85) {
						break;
					}
					_v5 = _v5 + 1;
					if(_v5 < 0xff) {
						continue;
					} else {
					}
					L9:
					GetCursorPos( &_v16);
					_t66 = _v5;
					if(_t66 >= 0xff) {
						L17:
						_t67 = _v16.y;
						_t86 = _v28;
						_t113 = _v32;
					} else {
						if(_t66 == 1) {
							asm("sbb ebx, ebx");
							_t88 =  ~_t85 + 0x202;
							goto L16;
						} else {
							if(_t66 == 2) {
								asm("sbb ebx, ebx");
								_t88 =  ~_t85 + 0x205;
								L16:
								_t67 = _v16.y;
								_t113 = _v16.x;
								_v36 = _t88;
								_t86 = _t67;
							} else {
								if(_t66 == 0xa0) {
									goto L17;
								} else {
									_t118 = _t66 & 0x000000ff;
									asm("sbb ebx, ebx");
									_v36 =  ~_t85 + 0x101;
									_t86 = MapVirtualKeyA(_t118, 0);
									_t67 = _v16.y;
									_t113 = _t86 << 0x00000008 | _t118;
								}
							}
						}
					}
					if(_v36 != 0) {
						L23:
						_t68 = GetForegroundWindow();
						_t96 =  *0x4069f4; // 0x0
						_t105 =  *0x4069f0; // 0x0
						 *(_t105 + 0x10 + (_t96 + _t96 * 4) * 4) = _t68;
						_t69 =  *0x4069f4; // 0x0
						_t98 =  *0x4069f0; // 0x0
						 *((intOrPtr*)(_t98 + (_t69 + _t69 * 4) * 4)) = _v36;
						_t71 =  *0x4069f4; // 0x0
						_t99 =  *0x4069f0; // 0x0
						 *(_t99 + 4 + (_t71 + _t71 * 4) * 4) = _t113;
						_t73 =  *0x4069f4; // 0x0
						_t100 =  *0x4069f0; // 0x0
						 *(_t100 + 8 + (_t73 + _t73 * 4) * 4) = _t86;
						_t75 = GetTickCount();
						_t101 =  *0x4069f4; // 0x0
						_t107 =  *0x4069f0; // 0x0
						 *(_t107 + 0xc + (_t101 + _t101 * 4) * 4) = _t75;
						 *0x4069f4 =  *0x4069f4 + 1;
					} else {
						_t103 = _v16.x;
						if(_t103 != 0 && _t67 != 0) {
							_t133 = _t67 + _t103 -  *0x406d20; // 0x0
							if(_t133 != 0) {
								_t86 = _t67;
								_v36 = 0x200;
								_t113 = _t103;
								 *0x406d20 = _t67 + _t103;
								goto L23;
							}
						}
					}
					return SetTimer(_a4, _a8, 0xa, 0);
				}
				 *((_v5 & 0x000000ff) + 0x406d20) = _t85;
				goto L9;
			}


































0x00403306
0x0040330d
0x00403310
0x00403313
0x00403317
0x00403318
0x00403319
0x0040331a
0x0040331b
0x00403322
0x00403347
0x0040335a
0x00403324
0x0040332b
0x00403330
0x00000000
0x00403332
0x00403332
0x0040333b
0x0040333c
0x00403345
0x00000000
0x00000000
0x00403345
0x00403330
0x00403360
0x00403364
0x00403364
0x00403375
0x0040337e
0x00000000
0x00000000
0x00403380
0x00403387
0x00000000
0x00000000
0x00403389
0x00403395
0x00403399
0x0040339f
0x004033a4
0x004033fc
0x004033fc
0x004033ff
0x00403402
0x004033a6
0x004033a8
0x004033db
0x004033dd
0x00000000
0x004033aa
0x004033ac
0x004033e7
0x004033e9
0x004033ef
0x004033ef
0x004033f2
0x004033f5
0x004033f8
0x004033ae
0x004033b0
0x00000000
0x004033b2
0x004033b4
0x004033b7
0x004033c2
0x004033cb
0x004033cd
0x004033d5
0x004033d5
0x004033b0
0x004033ac
0x004033a8
0x00403409
0x0040343f
0x0040343f
0x00403445
0x0040344b
0x00403454
0x00403458
0x0040345d
0x00403469
0x0040346c
0x00403471
0x0040347a
0x0040347e
0x00403483
0x0040348c
0x00403490
0x00403496
0x0040349c
0x004034a5
0x004034a9
0x0040340b
0x0040340b
0x00403410
0x00403421
0x00403427
0x0040342d
0x00403431
0x00403438
0x0040343a
0x00000000
0x0040343a
0x00403427
0x00403410
0x004034c3
0x004034c3
0x0040338f
0x00000000

APIs
  • GetAsyncKeyState.USER32(00000001), ref: 00403369
  • GetCursorPos.USER32(?,?,?,004018B2,?,000003E9), ref: 00403399
  • MapVirtualKeyA.USER32 ref: 004033C5
  • GetForegroundWindow.USER32 ref: 0040343F
  • GetTickCount.KERNEL32 ref: 00403490
  • SetTimer.USER32(?,?,0000000A,00000000), ref: 004034B9
    • Part of subcall function 004042AF: GetProcessHeap.KERNEL32(00000000,004030B8,004030B8,?,?,?,?,TinyTask,TinyTaskClass,00000000), ref: 004042BC
    • Part of subcall function 004042AF: HeapSize.KERNEL32(00000000,?,?,?,?,TinyTask,TinyTaskClass,00000000), ref: 004042C3
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: Heap$AsyncCountCursorForegroundProcessSizeStateTickTimerVirtualWindow
  • String ID:
  • API String ID: 175720748-0
  • Opcode ID: e83bb533e0d08fd17107e67ad3e5ed6471b9c8e4360c5cc6a7ac0e2136a3821c
  • Instruction ID: 3917149623daab9b3b11a6181ed47ccfb7e0b51bffcb73df27bb2f5f6ecbd573
  • Opcode Fuzzy Hash: e83bb533e0d08fd17107e67ad3e5ed6471b9c8e4360c5cc6a7ac0e2136a3821c
  • Instruction Fuzzy Hash: 905104B5A042099FDB04CF98D994AAE7BB9FB49300F06017ED902B7392C7799916CB58
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 87%
			E00403D51(void* _a4, long _a8, void* _a12, long _a16, intOrPtr* _a20, signed int _a24, signed int _a28) {
				long _v8;
				long _v12;
				long _v16;
				void _v275;
				char _v276;
				intOrPtr* _t35;
				signed int _t41;
				long _t42;
				intOrPtr* _t50;
				long _t52;
				signed int _t56;
				void* _t72;
				long _t73;
				void* _t74;

				_t56 = 0x40;
				_v276 = 0;
				_t74 = 0;
				memset( &_v275, 0, _t56 << 2);
				asm("stosw");
				asm("stosb");
				_t35 = _a4;
				_v8 = 0;
				_v16 = 0;
				_v12 = 0;
				if(_t35 == 0 ||  *_t35 == 0) {
					L27:
					return 0;
				} else {
					E004041B8(_t35,  &_v276);
					_t72 = CreateFileA( &_v276, 0x80000000, 3, 0, 3, 0x80, 0);
					_a4 = _t72;
					if(_t72 == 0xffffffff || _t72 == 0) {
						L24:
						return _t74;
					} else {
						_t41 = _a28;
						if((_a24 | _t41) == 0) {
							L6:
							_t42 = _a8;
							L7:
							if(SetFilePointer(_t72, _t42,  &_v12, 0) != 0xffffffff) {
								if(_a16 == 0) {
									_t73 = GetFileSize(_t72,  &_v16);
								} else {
									_t73 = _a16;
								}
								if(_t73 == 0 || _v16 != 0) {
									L25:
									_push(_a4);
									L26:
									CloseHandle();
									goto L27;
								} else {
									_t74 = _a12;
									if(_t74 != 0) {
										L16:
										 *_t74 = 0;
										if(ReadFile(_a4, _t74, _t73,  &_v8, 0) == 0) {
											L19:
											if(_a12 == 0) {
												E00404294(_t74);
											}
											_t74 = 0;
											L22:
											CloseHandle(_a4);
											_t50 = _a20;
											if(_t50 != 0) {
												 *_t50 = _v8;
											}
											goto L24;
										}
										_t52 = _v8;
										if(_t73 != _t52) {
											goto L19;
										}
										 *((char*)(_t74 + _t52)) = 0;
										goto L22;
									}
									_t23 = _t73 + 0x100; // 0x100
									_t74 = E0040424C(_t23, 1);
									if(_t74 == 0) {
										goto L25;
									}
									goto L16;
								}
							}
							_push(_t72);
							goto L26;
						}
						_v12 = _t41;
						_t42 = _a24;
						if(_a24 != 0) {
							goto L7;
						}
						goto L6;
					}
				}
			}

















0x00403d61
0x00403d6a
0x00403d70
0x00403d72
0x00403d74
0x00403d76
0x00403d77
0x00403d7a
0x00403d7f
0x00403d82
0x00403d85
0x00403e99
0x00000000
0x00403d93
0x00403d9b
0x00403dbf
0x00403dc4
0x00403dc7
0x00403e8c
0x00000000
0x00403dd5
0x00403dd8
0x00403ddd
0x00403def
0x00403def
0x00403df2
0x00403e02
0x00403e0d
0x00403e1f
0x00403e0f
0x00403e0f
0x00403e0f
0x00403e23
0x00403e90
0x00403e90
0x00403e93
0x00403e93
0x00000000
0x00403e2a
0x00403e2a
0x00403e2f
0x00403e47
0x00403e4e
0x00403e5b
0x00403e69
0x00403e6c
0x00403e6f
0x00403e74
0x00403e75
0x00403e77
0x00403e7a
0x00403e80
0x00403e85
0x00403e8a
0x00403e8a
0x00000000
0x00403e85
0x00403e5d
0x00403e62
0x00000000
0x00000000
0x00403e64
0x00000000
0x00403e64
0x00403e31
0x00403e3f
0x00403e45
0x00000000
0x00000000
0x00000000
0x00403e45
0x00403e23
0x00403e04
0x00000000
0x00403e04
0x00403de1
0x00403de4
0x00403ded
0x00000000
0x00000000
0x00000000
0x00403ded
0x00403dc7

APIs
    • Part of subcall function 004041B8: ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000103,00000000,00403CBD,004010B3,?), ref: 004041E0
  • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,004013EF,00000000,00000000), ref: 00403DB9
  • SetFilePointer.KERNEL32(00000000,?,?,00000000), ref: 00403DF9
  • GetFileSize.KERNEL32(00000000,?), ref: 00403E19
    • Part of subcall function 00404294: GetProcessHeap.KERNEL32(00000000,00000000,00403E74), ref: 004042A1
    • Part of subcall function 00404294: HeapFree.KERNEL32(00000000), ref: 004042A8
  • ReadFile.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 00403E53
  • CloseHandle.KERNEL32(?), ref: 00403E7A
  • CloseHandle.KERNEL32(?), ref: 00403E93
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: File$CloseHandleHeap$CreateEnvironmentExpandFreePointerProcessReadSizeStrings
  • String ID:
  • API String ID: 1816096457-0
  • Opcode ID: b3fd22435e9b329dc351627aeae7242ca4276a9562244ad96ff470530f814aa4
  • Instruction ID: b5f316e1afa3e22c7f331fb2ff24944f916168b3e433f6b7ad5bbaf1a6fc231f
  • Opcode Fuzzy Hash: b3fd22435e9b329dc351627aeae7242ca4276a9562244ad96ff470530f814aa4
  • Instruction Fuzzy Hash: DB418E72900109AFDB219FA4D8859AF7BADEB44355F10427FFA15B72C0D7349E80CBA8
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 88%
			E00403C71(intOrPtr* _a4) {
				long _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void _v40;
				void _v44;
				void _v303;
				char _v304;
				intOrPtr* _t22;
				signed int _t38;
				long _t49;
				void* _t50;

				_t38 = 0x40;
				_v304 = 0;
				_push(8);
				memset( &_v303, 0, _t38 << 2);
				asm("stosw");
				asm("stosb");
				_v44 = 0;
				memset( &_v40, 0, 0 << 2);
				_t22 = _a4;
				_v8 = 0;
				if(_t22 == 0 ||  *_t22 == 0) {
					GetModuleFileNameA(GetModuleHandleA(0),  &_v304, 0x103);
				} else {
					E004041B8(_t22,  &_v304);
				}
				if(GetFileAttributesExA( &_v304, 0,  &_v44) == 0) {
					_t50 = CreateFileA( &_v304, 0x80000000, 3, 0, 3, 0x80, 0);
					if(_t50 != 0xffffffff) {
						_t49 = GetFileSize(_t50,  &_v8);
						CloseHandle(_t50);
						if(_t49 != 0xffffffff) {
							if(_v8 == 0) {
								goto L13;
							}
							goto L12;
						}
						_t49 = 0;
						goto L13;
					}
					return 0;
				} else {
					if(_v16 != 0) {
						L12:
						_t49 = 0x7ffffffe;
						L13:
						return _t49;
					}
					_t49 = _v12;
					goto L13;
				}
			}














0x00403c81
0x00403c8a
0x00403c90
0x00403c92
0x00403c94
0x00403c96
0x00403c9d
0x00403ca0
0x00403ca2
0x00403ca5
0x00403caa
0x00403cd5
0x00403cb0
0x00403cb8
0x00403cbe
0x00403cef
0x00403d18
0x00403d1d
0x00403d2f
0x00403d31
0x00403d3a
0x00403d43
0x00000000
0x00000000
0x00000000
0x00403d43
0x00403d3c
0x00000000
0x00403d3c
0x00000000
0x00403cf1
0x00403cf4
0x00403d45
0x00403d45
0x00403d4a
0x00000000
0x00403d4a
0x00403cf6
0x00000000
0x00403cf6

APIs
  • GetModuleHandleA.KERNEL32(00000000,?,00000103,?,00000000,00000000), ref: 00403CCE
  • GetModuleFileNameA.KERNEL32(00000000), ref: 00403CD5
  • GetFileAttributesExA.KERNEL32(?,00000000,?), ref: 00403CE7
  • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00403D12
    • Part of subcall function 004041B8: ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000103,00000000,00403CBD,004010B3,?), ref: 004041E0
  • GetFileSize.KERNEL32(00000000,00000000), ref: 00403D28
  • CloseHandle.KERNEL32(00000000), ref: 00403D31
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: File$HandleModule$AttributesCloseCreateEnvironmentExpandNameSizeStrings
  • String ID:
  • API String ID: 2999226569-0
  • Opcode ID: 75a960e8d0d3512e1e86c0eb56eb0a42eb14ca122255a11b3d137bc1e1748b50
  • Instruction ID: b3cbe73655d71a56831554f143beb0ef12ce0f354b1f59c7bfe5d60ee1a6bebe
  • Opcode Fuzzy Hash: 75a960e8d0d3512e1e86c0eb56eb0a42eb14ca122255a11b3d137bc1e1748b50
  • Instruction Fuzzy Hash: D5217F72904208AFEB109FB4DC44ADF7BADEB49721F204176E641F72C0DA749F448BA8
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 59%
			E00404111(struct HWND__* _a4, signed char* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v28;
				signed char* _v36;
				intOrPtr _v48;
				signed char* _v52;
				intOrPtr _v68;
				void _v76;
				signed int _v80;
				int _t32;
				void* _t34;
				signed int _t36;
				struct HWND__* _t42;
				signed char* _t43;

				_v80 = _v80 & 0x00000000;
				_t43 = _a8;
				_t36 = 0x12;
				memset( &_v76, 0, _t36 << 2);
				if(_t43 == 0) {
					L11:
					return 0;
				}
				_t42 = _a4;
				_v80 = 0x4c;
				if(_t42 == 0 || IsWindow(_t42) == 0) {
					_v76 = GetForegroundWindow();
				} else {
					_v76 = _t42;
				}
				_v52 = _t43;
				_v48 = 0x102;
				asm("sbb eax, eax");
				_v36 = _t43;
				_v28 = ( ~(_a16 - 1) & 0x0000e804) + 0x00201800 | 0x00080000;
				_v68 = _a12;
				_push( &_v80);
				if(_a16 != 1) {
					_t32 = GetSaveFileNameA();
				} else {
					_t32 = GetOpenFileNameA();
				}
				if(_t32 == 0) {
					 *_t43 =  *_t43 & 0x00000000;
					goto L11;
				} else {
					E004043F5(_t43, _v52);
					_t34 = 1;
					return _t34;
				}
			}















0x00404117
0x0040411c
0x00404124
0x0040412a
0x0040412c
0x004041b2
0x00000000
0x004041b2
0x00404132
0x00404135
0x0040413e
0x00404156
0x0040414b
0x0040414b
0x0040414b
0x0040415c
0x00404160
0x00404169
0x0040416b
0x00404180
0x00404186
0x0040418c
0x0040418d
0x00404196
0x0040418f
0x0040418f
0x0040418f
0x0040419d
0x004041af
0x00000000
0x0040419f
0x004041a3
0x004041ac
0x00000000
0x004041ac

APIs
  • IsWindow.USER32(?), ref: 00404141
  • GetForegroundWindow.USER32(?,00000111), ref: 00404150
  • GetOpenFileNameA.COMDLG32(0000004C), ref: 0040418F
  • GetSaveFileNameA.COMDLG32(0000004C), ref: 00404196
Strings
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: FileNameWindow$ForegroundOpenSave
  • String ID: L
  • API String ID: 1547633837-2909332022
  • Opcode ID: 203642403992c7d13a1b2299c4655860ac4c6e1cce9b2d6c3c2558c3381d5d98
  • Instruction ID: 40dd501beb27032aec853ef34f8e98dddd641efa0bbcaaadc1f3ee6cc5052ac7
  • Opcode Fuzzy Hash: 203642403992c7d13a1b2299c4655860ac4c6e1cce9b2d6c3c2558c3381d5d98
  • Instruction Fuzzy Hash: 1C1166B1D142189BDB509FA4D8097DE7BF4EF98310F14403AEA11F63C1D77894458B95
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: Window$Proc$CallLongText
  • String ID:
  • API String ID: 408388722-0
  • Opcode ID: e70d1203840c1e1d028c4dcc924a8ca89febfb83c76f6fd1708ded4e57a71940
  • Instruction ID: 364614a2716f17ddbf5b69f50aeda33f382634b64e25361f72de28a693adc4e4
  • Opcode Fuzzy Hash: e70d1203840c1e1d028c4dcc924a8ca89febfb83c76f6fd1708ded4e57a71940
  • Instruction Fuzzy Hash: 77E0A032100518FBCB115F509D0DE9F3B2DEB8A762B004035F60179191C7744910AFA9
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 24%
			E004041F6(intOrPtr* _a4, CHAR* _a8, CHAR* _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v35;
				char _v36;
				void* _t13;
				signed int _t18;
				intOrPtr* _t23;

				_t18 = 7;
				_v36 = 0;
				_t13 = memset( &_v35, 0, _t18 << 2);
				_t23 = _a4;
				asm("stosw");
				asm("stosb");
				if(_t23 != 0 &&  *_t23 != 0) {
					if(_a16 == 0) {
						E0040457D(_a20,  &_v36, 0xa);
						_push(_t23);
						_push( &_v36);
					} else {
						_push(_t23);
						_push(_a16);
					}
					return WritePrivateProfileStringA(_a8, _a12, ??, ??);
				}
				return _t13;
			}








0x00404202
0x00404208
0x0040420b
0x0040420d
0x00404210
0x00404214
0x00404215
0x0040421e
0x0040422f
0x0040423a
0x0040423b
0x00404220
0x00404220
0x00404221
0x00404221
0x00000000
0x00404242
0x0040424b

APIs
  • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 00404242
Strings
  • TinyTask, xrefs: 004041FC
  • C:\Users\user\Desktop\tinytask-1-77.ini, xrefs: 004041FD
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: PrivateProfileStringWrite
  • String ID: C:\Users\user\Desktop\tinytask-1-77.ini$TinyTask
  • API String ID: 390214022-3265091041
  • Opcode ID: 2ac02feb6d68e60994b3cece93c09fb20cfaa564e9d84518809362d8d2158a58
  • Instruction ID: bc95696e4e7e7b96e5794030eb7730004083230367b0ef7d8b0c896e9a36f2f2
  • Opcode Fuzzy Hash: 2ac02feb6d68e60994b3cece93c09fb20cfaa564e9d84518809362d8d2158a58
  • Instruction Fuzzy Hash: C0F0AF76904259BADF219E55EC01DEF3F79EB89380F04417AFA0076180D375991486E6
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 33%
			E00404266(void* _a4, intOrPtr _a8) {

				_push(_a8);
				if(_a4 == 0) {
					return HeapAlloc(GetProcessHeap(), 0, ??);
				} else {
					return HeapReAlloc(GetProcessHeap(), 0, _a4, ??);
				}
			}



0x00404266
0x00404270
0x00404293
0x00404272
0x00404284
0x00404284

APIs
  • GetProcessHeap.KERNEL32(00000000,000003E9,000003E9,00403359,-00004E20,?,000003E9,00000000,?,?,004018B2,?,000003E9), ref: 00404277
  • HeapReAlloc.KERNEL32(00000000,?,?,004018B2,?,000003E9), ref: 0040427E
  • GetProcessHeap.KERNEL32(00000000,000003E9,00403359,-00004E20,?,000003E9,00000000,?,?,004018B2,?,000003E9), ref: 00404286
  • HeapAlloc.KERNEL32(00000000,?,?,004018B2,?,000003E9), ref: 0040428D
Memory Dump Source
  • Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd
Similarity
  • API ID: Heap$AllocProcess
  • String ID:
  • API String ID: 1617791916-0
  • Opcode ID: 25923d58f9ba744ef32945f6f7028fa29fe1bb2476332cf68c41ec0cf0e94e74
  • Instruction ID: 7a16b1018b14c468b32ef241bb36a15b07f1f7d4bad3af964a1caa484586cb57
  • Opcode Fuzzy Hash: 25923d58f9ba744ef32945f6f7028fa29fe1bb2476332cf68c41ec0cf0e94e74
  • Instruction Fuzzy Hash: 62D067B1904701ABCF006BB0DE0C91F7AA9FB88342B488868B146E1020DA348040DF65
Uniqueness

Uniqueness Score: -1.00%