Create Interactive Tour

Windows Analysis Report
tinytask-1-77.exe

Overview

General Information

Sample Name:	tinytask-1-77.exe
Analysis ID:	588879
MD5:	8fd3551654f0f5281ddbd7e32cb73054
SHA1:	9b1c9722847cd57cd11e4de80cd9e8197c3c34cd
SHA256:	75e06ac5b7c1adb01ab994633466685e3dcef31d635eba1734fe16c7893ffe12
Tags:	exe
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Uses Windows timers to delay execution

Uses 32bit PE files

Contains functionality to retrieve information about pressed keystrokes

Sample file is different than original file name gathered from version info

PE file contains strange resources

Contains functionality to simulate keystroke presses

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Program does not show much activity (idle)

Contains functionality to simulate mouse events

Potential key logger detected (key state polling based)

Classification

Process Tree

System is w10x64

tinytask-1-77.exe (PID: 1396 cmdline: "C:\Users\user\Desktop\tinytask-1-77.exe" MD5: 8FD3551654F0F5281DDBD7E32CB73054)

cleanup

Joe Sandbox Signatures

• AV Detection
• Compliance
• Spreading
• Networking
• Key, Mouse, Clipboard, Microphone and Screen Capturing
• System Summary
• Persistence and Installation Behavior
• Malware Analysis System Evasion
• Anti Debugging
• HIPS / PFW / Operating System Protection Evasion
• Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: tinytask-1-77.exe	Virustotal: Detection: 14%			Perma Link
Source: tinytask-1-77.exe	Metadefender: Detection: 20%			Perma Link

Source: tinytask-1-77.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\tinytask-1-77.exe

Code function: 1_2_00403B09 CreateFileA,GetFileAttributesA,CreateFileA,CloseHandle,FindFirstFileA,FindClose,FindClose,FindNextFileA,FindClose,FindClose,

1_2_00403B09

Source: tinytask-1-77.exe

String found in binary or memory: https://www.tinytask.net

Source: C:\Users\user\Desktop\tinytask-1-77.exe

Code function: 1_2_00402148 mouse_event,keybd_event,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,MapVirtualKeyA,keybd_event,SetKeyboardState,GetAsyncKeyState,GetKeyState,VkKeyScanA,VkKeyScanA,VkKeyScanA,MapVirtualKeyA,MapVirtualKeyA,keybd_event,MapVirtualKeyA,MapVirtualKeyA,keybd_event,MapVirtualKeyA,keybd_event,VkKeyScanA,MapVirtualKeyA,keybd_event,Sleep,GetCursorPos,GetKeyState,GetTickCount,SetTimer,KillTimer,GetTickCount,SetWindowTextA,InvalidateRect,DefWindowProcA,

1_2_00402148

Source: C:\Users\user\Desktop\tinytask-1-77.exe	Code function: 1_2_00401489 DestroyWindow,BeginPaint,CreateCompatibleDC,SelectObject,BitBlt,SelectObject,BitBlt,SelectObject,SelectObject,BitBlt,SelectObject,DeleteDC,EndPaint,GetWindowRect,DestroyCursor,DeleteObject,DeleteObject,DeleteObject,KillTimer,PostQuitMessage,GetModuleHandleA,CreateCursor,PostMessageA,GetCursor,SetCursor,KillTimer,KillTimer,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,Sleep,PostMessageA,GetTickCount,wsprintfA,GetTickCount,wsprintfA,GetWindowTextA,FindWindowExA,FindWindowExA,FindWindowExA,KillTimer,GetClientRect,GetVersion,GetVersion,CreateWindowExA,GetStockObject,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowLongA,SetWindowLongA,ShowWindow,UpdateWindow,UpdateWindow,InvalidateRect,InvalidateRect,UpdateWindow,InvalidateRect,UpdateWindow,SendMessageA,SetFocus,DeleteFileA,SetWindowTextA,GetModuleHandleA,GetModuleFileNameA,CopyFileA,CreateFileA,GetFileSize,SetFilePointer,ReadFile,wsprintfA,SetFilePointer,WriteFile,CloseHandle,wsprintfA,GetModuleHandleA,MessageBoxIndirectA,SetTimer,MessageBoxA,DefWindowProcA,		1_2_00401489
Source: C:\Users\user\Desktop\tinytask-1-77.exe	Code function: 1_2_004034C6 GetKeyState,GetKeyState,GetKeyState,GetSystemMetrics,mouse_event,mouse_event,mouse_event,GetSystemMetrics,GetSystemMetrics,mouse_event,SetCursorPos,MapVirtualKeyA,keybd_event,GetSystemMetrics,GetSystemMetrics,mouse_event,SetCursorPos,Sleep,SetTimer,GetDoubleClickTime,Sleep,PostMessageA,		1_2_004034C6

Source: tinytask-1-77.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: tinytask-1-77.exe, 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameTinyTask.exe vs tinytask-1-77.exe
Source: tinytask-1-77.exe	Binary or memory string: OriginalFilenameTinyTask.exe vs tinytask-1-77.exe

Source: tinytask-1-77.exe

Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: tinytask-1-77.exe	Virustotal: Detection: 14%
Source: tinytask-1-77.exe	Metadefender: Detection: 20%

Source: tinytask-1-77.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\tinytask-1-77.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: classification engine

Classification label: mal52.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\tinytask-1-77.exe	Code function: 1_2_00401000 GetModuleHandleA,GetModuleFileNameA,GetPrivateProfileIntA,GetPrivateProfileIntA,GetSystemMetrics,GetSystemMetrics,GetPrivateProfileIntA,GetPrivateProfileIntA,KiUserCallbackDispatcher,SetRect,GetDC,RectVisible,GetPrivateProfileIntA,GetPrivateProfileIntA,GetPrivateProfileIntA,GetPrivateProfileIntA,GetPrivateProfileIntA,GetPrivateProfileIntA,LoadIconA,RegisterClassExA,MessageBoxA,CreateWindowExA,ShowWindow,UpdateWindow,GetModuleHandleA,GetModuleFileNameA,PostMessageA,GetMessageA,KiUserCallbackDispatcher,TranslateMessage,DispatchMessageA,	1_2_00401000
Source: C:\Users\user\Desktop\tinytask-1-77.exe	Code function: 1_2_0040392F GetPrivateProfileIntA,GetPrivateProfileStringA,GetSystemMetrics,LoadImageA,GetObjectA,GetSystemMetrics,MessageBoxA,WritePrivateProfileStringA,DeleteObject,GetModuleHandleA,LoadImageA,DeleteObject,DeleteObject,GetObjectA,KiUserCallbackDispatcher,GetSystemMetrics,GetSystemMetrics,	1_2_0040392F
Source: C:\Users\user\Desktop\tinytask-1-77.exe	Code function: 1_2_00402D18 GetPrivateProfileStringA,WritePrivateProfileStringA,GetWindowLongA,SetWindowLongA,SetWindowPos,InvalidateRect,UpdateWindow,DefWindowProcA,	1_2_00402D18

Malware Analysis System Evasion

Uses Windows timers to delay execution

Source: C:\Users\user\Desktop\tinytask-1-77.exe

User Timer Set: Timeout: 50ms

Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\tinytask-1-77.exe

Code function: 1_2_00403B09 CreateFileA,GetFileAttributesA,CreateFileA,CloseHandle,FindFirstFileA,FindClose,FindClose,FindNextFileA,FindClose,FindClose,

1_2_00403B09

Source: C:\Users\user\Desktop\tinytask-1-77.exe

API call chain: ExitProcess graph end node

graph_1-1178

Source: C:\Users\user\Desktop\tinytask-1-77.exe

Code function: 1_2_0040424C GetProcessHeap,HeapAlloc,

1_2_0040424C

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\tinytask-1-77.exe

Code function: 1_2_004034C6 GetKeyState,GetKeyState,GetKeyState,GetSystemMetrics,mouse_event,mouse_event,mouse_event,GetSystemMetrics,GetSystemMetrics,mouse_event,SetCursorPos,MapVirtualKeyA,keybd_event,GetSystemMetrics,GetSystemMetrics,mouse_event,SetCursorPos,Sleep,SetTimer,GetDoubleClickTime,Sleep,PostMessageA,

1_2_004034C6

Source: C:\Users\user\Desktop\tinytask-1-77.exe

1_2_004034C6

Source: C:\Users\user\Desktop\tinytask-1-77.exe

Code function: 1_2_00401489 DestroyWindow,BeginPaint,CreateCompatibleDC,SelectObject,BitBlt,SelectObject,BitBlt,SelectObject,SelectObject,BitBlt,SelectObject,DeleteDC,EndPaint,GetWindowRect,DestroyCursor,DeleteObject,DeleteObject,DeleteObject,KillTimer,PostQuitMessage,GetModuleHandleA,CreateCursor,PostMessageA,GetCursor,SetCursor,KillTimer,KillTimer,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,Sleep,PostMessageA,GetTickCount,wsprintfA,GetTickCount,wsprintfA,GetWindowTextA,FindWindowExA,FindWindowExA,FindWindowExA,KillTimer,GetClientRect,GetVersion,GetVersion,CreateWindowExA,GetStockObject,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowLongA,SetWindowLongA,ShowWindow,UpdateWindow,UpdateWindow,InvalidateRect,InvalidateRect,UpdateWindow,InvalidateRect,UpdateWindow,SendMessageA,SetFocus,DeleteFileA,SetWindowTextA,GetModuleHandleA,GetModuleFileNameA,CopyFileA,CreateFileA,GetFileSize,SetFilePointer,ReadFile,wsprintfA,SetFilePointer,WriteFile,CloseHandle,wsprintfA,GetModuleHandleA,MessageBoxIndirectA,SetTimer,MessageBoxA,DefWindowProcA,

1_2_00401489

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 Virtualization/Sandbox Evasion	21 Input Capture	1 Security Software Discovery	Remote Services	21 Input Capture	Exfiltration Over Other Network Medium	Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	2 System Information Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Link
tinytask-1-77.exe	15%	Virustotal	Browse
tinytask-1-77.exe	20%	Metadefender	Browse
tinytask-1-77.exe	10%	ReversingLabs

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://www.tinytask.net	1%	Virustotal		Browse
https://www.tinytask.net	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.tinytask.net	tinytask-1-77.exe	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	588879
Start date:	14.03.2022
Start time:	19:04:12
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 48s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	tinytask-1-77.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.evad.winEXE@1/0@0/0
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 98.4% (good quality ratio 88.5%) Quality average: 76.5% Quality standard deviation: 31.4%
HCA Information:	Successful, ratio: 100% Number of executed functions: 25 Number of non-executed functions: 13
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 40.125.122.176, 20.54.89.106, 20.54.110.249
Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, fs.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.577308655111805
TrID:	Win32 Executable (generic) a (10002005/4) 99.94% Clipper DOS Executable (2020/12) 0.02% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% VXD Driver (31/22) 0.00%
File name:	tinytask-1-77.exe
File size:	36352
MD5:	8fd3551654f0f5281ddbd7e32cb73054
SHA1:	9b1c9722847cd57cd11e4de80cd9e8197c3c34cd
SHA256:	75e06ac5b7c1adb01ab994633466685e3dcef31d635eba1734fe16c7893ffe12
SHA512:	a716f535e363fc1225b1665e1c24693e768d13699ea37bdf57effe4fea24b4b30a2181174f66c35e749b9c845b07f82eecbf282ee5972de0426f847293d46b4b
SSDEEP:	768:sAzGzd0LnFjuwY6QlVwvHI1pSgNEl/MYoeAW:5zGzd0wXlVwv0SgNQXoeAW
File Content Preview:	MZ......................@...................................X...........!..L.!?...$.....PE..L......].................8...Z.......F.......P....@..........................................................................R..x....p...=.........................

File Icon


Icon Hash:	d2ced6d6ced29ac2

Static PE Info

General

Entrypoint:	0x404680
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x5DC00002 [Mon Nov 4 10:40:02 2019 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	2eaf43a49d1a8bff951d9247e6d730d9

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
sub esp, 44h
push esi
call dword ptr [00405078h]
mov esi, eax
mov al, byte ptr [esi]
cmp al, 22h
jne 00007F1C68C90EA6h
mov al, byte ptr [esi+01h]
inc esi
test al, al
je 00007F1C68C90E96h
cmp al, 22h
jne 00007F1C68C90E86h
cmp byte ptr [esi], 00000022h
jne 00007F1C68C90E9Fh
inc esi
jmp 00007F1C68C90E9Ch
cmp al, 20h
jle 00007F1C68C90E98h
inc esi
cmp byte ptr [esi], 00000020h
jnle 00007F1C68C90E8Ch
mov al, byte ptr [esi]
test al, al
je 00007F1C68C90E96h
cmp al, 20h
jle 00007F1C68C90E7Bh
and dword ptr [ebp-18h], 00000000h
lea eax, dword ptr [ebp-44h]
push eax
call dword ptr [00405074h]
call 00007F1C68C90EF2h
push 00406004h
push 00406000h
call 00007F1C68C90EC9h
test byte ptr [ebp-18h], 00000001h
pop ecx
pop ecx
je 00007F1C68C90E98h
movzx eax, word ptr [ebp-14h]
jmp 00007F1C68C90E95h
push 0000000Ah
pop eax
push eax
push esi
push 00000000h
push 00000000h
call dword ptr [004050A8h]
push eax
call 00007F1C68C8D793h
mov esi, eax
call 00007F1C68C90ED1h
push esi
call dword ptr [00405070h]
pop esi
leave
ret
push esi
mov esi, dword ptr [esp+08h]
cmp esi, dword ptr [esp+0Ch]
jnc 00007F1C68C90E9Fh
mov eax, dword ptr [esi]
test eax, eax
je 00007F1C68C90E94h
call eax
add esi, 04h
jmp 00007F1C68C90E7Fh
pop esi
ret
push 00000020h
pop eax
push 00000004h
push eax
mov dword ptr [00406FF4h], eax
call 00007F1C68C909A4h
pop ecx
pop ecx
mov dword ptr [00406FF0h], eax
ret
mov ecx, dword ptr [000000F8h]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x52b8	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x7000	0x3de0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x5000	0x1b8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x3784	0x3800	False	0.586635044643	data	6.37623122636	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x5000	0xbc8	0xc00	False	0.4375	data	5.09857971028	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x6000	0xffc	0xa00	False	0.451953125	data	4.80445386005	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x7000	0x3de0	0x3e00	False	0.587071572581	data	6.40401575537	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_BITMAP	0x8ec8	0x1972	data	English	United States
RT_ICON	0x71e0	0xea8	data	English	United States
RT_ICON	0x8088	0x8a8	data	English	United States
RT_ICON	0x8930	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_GROUP_ICON	0x8e98	0x30	data	English	United States
RT_VERSION	0xa840	0x370	data	English	United States
RT_MANIFEST	0xabb0	0x22f	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States

Imports

DLL	Import
KERNEL32.dll	Sleep, FindNextFileA, FindClose, FindFirstFileA, GetFileAttributesA, GetFileAttributesExA, CreateDirectoryA, GetTickCount, HeapAlloc, GetProcessHeap, HeapReAlloc, HeapFree, HeapSize, ExitProcess, GetStartupInfoA, GetCommandLineA, GetVersion, DeleteFileA, CopyFileA, CreateFileA, GetFileSize, SetFilePointer, ReadFile, WriteFile, CloseHandle, GetPrivateProfileStringA, WritePrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, ExpandEnvironmentStringsA, GetPrivateProfileIntA
USER32.dll	PtInRect, AppendMenuA, CreatePopupMenu, SetTimer, GetCursorPos, TrackPopupMenu, SetKeyboardState, MapVirtualKeyA, GetAsyncKeyState, keybd_event, mouse_event, MessageBoxIndirectA, SetWindowTextA, SetFocus, InvalidateRect, SetWindowLongA, GetWindowLongA, SendMessageA, GetClientRect, FindWindowExA, GetWindowTextA, wsprintfA, GetKeyState, SetCursor, GetCursor, CreateCursor, PostQuitMessage, KillTimer, DestroyCursor, GetWindowRect, EndPaint, BeginPaint, DestroyWindow, DrawTextA, IsWindow, CallWindowProcA, GetForegroundWindow, GetDoubleClickTime, SetCursorPos, LoadImageA, DestroyMenu, SetWindowPos, DefWindowProcA, GetSystemMetrics, SetRect, GetDC, LoadIconA, RegisterClassExA, MessageBoxA, CreateWindowExA, ShowWindow, UpdateWindow, PostMessageA, GetMessageA, TranslateMessage, DispatchMessageA, VkKeyScanA
GDI32.dll	RectVisible, DeleteDC, BitBlt, SelectObject, CreateCompatibleDC, CreateFontIndirectA, GetObjectA, SetTextColor, SetBkMode, SetBkColor, GetPixel, CreateBitmap, GetStockObject, DeleteObject
comdlg32.dll	GetSaveFileNameA, GetOpenFileNameA
SHELL32.dll	ShellExecuteA

Version Infos

Description	Data
LegalCopyright	Copyright (c) 2019. All Rights Reserved.
InternalName
FileVersion	1, 77, 0, 0
CompanyName
PrivateBuild
LegalTrademarks
Comments	www.tinytask.net
ProductName	TinyTask
SpecialBuild
ProductVersion	1, 77, 0, 0
FileDescription	www.tinytask.net
OriginalFilename	TinyTask.exe
Translation	0x0409 0x04b0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

• tinytask-1-77.exe

Click to jump to process

Memory Usage

• tinytask-1-77.exe

Click to jump to process

System Behavior

Analysis Process: tinytask-1-77.exePID: 1396, Parent PID: 1060

Function Logs

General

Target ID:	1
Start time:	19:05:19
Start date:	14/03/2022
Path:	C:\Users\user\Desktop\tinytask-1-77.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\tinytask-1-77.exe"
Imagebase:	0x400000
File size:	36352 bytes
MD5 hash:	8FD3551654F0F5281DDBD7E32CB73054
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Section Activities

Sections loaded by Windows

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Thread Activities

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Timing Activities

User Timer set

Show Windows behavior

Windows UI Activities

Window Created

Window UI Enumerated

Show Windows behavior

LPC Port Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

Analysis Process: tinytask-1-77.exePID: 1396, Parent PID: 1060COMMON

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:	16.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	55.2%
Total number of Nodes:	469
Total number of Limit Nodes:	15

Callgraph

Hide Legend

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00401489 Relevance: 202.3, APIs: 84, Strings: 31, Instructions: 1033
windowtimeCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E00401489(struct HWND__* _a4, int _a8, struct HDC__* _a12, void* _a16, char _a12244997) {
				struct HWND__* _v8;
				CHAR* _v12;
				CHAR* _v16;
				signed int _v20;
				long _v24;
				struct tagPOINT _v32;
				struct tagRECT _v48;
				char _v52;
				char _v62;
				struct %anon392 _v92;
				void _v347;
				char _v348;
				struct tagPAINTSTRUCT _v412;
				void _v667;
				char _v668;
				char _v923;
				char _v924;
				signed int _t447;
				long _t448;
				struct HDC__* _t453;
				CHAR* _t454;
				int _t455;
				signed char _t462;
				int _t464;
				long _t470;
				signed char _t483;
				struct HWND__* _t486;
				int _t487;
				int _t492;
				CHAR* _t493;
				long _t497;
				long _t504;
				signed int _t506;
				signed short _t510;
				signed short _t513;
				signed short _t514;
				signed short _t515;
				signed short _t516;
				signed short _t517;
				signed short _t518;
				signed short _t519;
				signed short _t520;
				signed short _t521;
				signed short _t522;
				signed short _t523;
				signed short _t524;
				signed short _t525;
				struct HICON__* _t530;
				int _t534;
				struct HICON__* _t539;
				int _t541;
				struct HICON__* _t542;
				void* _t543;
				void* _t544;
				void* _t570;
				int _t571;
				void* _t577;
				int _t578;
				signed int _t589;
				int _t595;
				int _t596;
				int _t598;
				signed char _t604;
				long _t608;
				long _t613;
				int _t619;
				int _t620;
				struct HICON__* _t621;
				void* _t625;
				void* _t626;
				void* _t628;
				int _t644;
				int _t647;
				intOrPtr _t648;
				int _t651;
				intOrPtr _t652;
				void* _t664;
				signed int _t667;
				signed int _t677;
				signed int _t679;
				void* _t693;

				_t589 = 0xf;
				_v412.hdc = 0;
				_v48.left = 0;
				memset( &(_v412.fErase), 0, _t589 << 2);
				_v32.x = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_push(0x3f);
				_v348 = 0;
				memset( &_v347, 0, 0 << 2);
				asm("stosw");
				asm("stosb");
				_push(0x3f);
				_v668 = 0;
				_v20 = 0;
				memset( &_v667, 0, 0 << 2);
				_t595 = _a8;
				_v52 = 0;
				asm("stosw");
				asm("stosb");
				_v24 = 0;
				_t693 = _t595 - 0x100;
				_v16 = 0;
				if(_t693 > 0) {
					_t596 = _t595 - 0x111;
					__eflags = _t596;
					if(_t596 == 0) {
						_t447 = (_a12 & 0x0000ffff) + 0xffff8000;
						__eflags = _t447 - 0x1b;
						if(__eflags > 0) {
							L393:
							_t448 = DefWindowProcA(_a4, _a8, _a12, _a16); // executed
							return _t448;
						}
						switch( *((intOrPtr*)(_t447 * 4 +  &M00402F1E))) {
							case 0:
								__eflags =  *0x406a08;
								if( *0x406a08 == 0) {
									_v348 = 0;
									_t450 = E00404111(_a4,  &_v348, "Recording Files (*.rec)", 1);
									__eflags = _t450;
									if(_t450 != 0) {
										__eflags = _v348;
										if(_v348 != 0) {
											E00402F8E( &_v348, 0);
										}
									}
								}
								goto L393;
							case 1:
								__eflags =  *0x406a08;
								if( *0x406a08 != 0) {
									goto L393;
								}
								__eflags =  *0x4069f0 - __ebx; // 0x0
								if(__eflags == 0) {
									L163:
									_push(0x10040);
									goto L164;
								}
								__eflags =  *0x4069f4 - 1;
								if( *0x4069f4 < 1) {
									goto L163;
								}
								__edi = 0x406a18;
								 &_v348 = E004043F5( &_v348, 0x406a18);
								__eflags = _a12 - 0x8004;
								_pop(__ecx);
								_pop(__ecx);
								if(_a12 != 0x8004) {
									__eax = "Recording Files (*.rec)";
								} else {
									__eax =  &_v348;
									__esi =  &_v348;
									__esi =  &_v348 - 4;
									E004043D7( &_v348) = __esi + __eax;
									__eax = E004044CF(__eax, ".rec");
									_pop(__ecx);
									__eflags = __eax;
									_pop(__ecx);
									if(__eax == 0) {
										__eax =  &_v348;
										 *(E004043D7( &_v348) + __esi) = __bl;
									}
									__eax = "Program Files (*.exe)";
								}
								__eax =  &_v348;
								__eax = E00404111(_a4,  &_v348,  &_v348, 2);
								__eflags = __eax;
								if(__eax == 0) {
									goto L393;
								} else {
									 &_v348 = E004043F5(__edi,  &_v348);
									__eflags = _a12 - 0x8004;
									_pop(__ecx);
									__esi = ".exe";
									_pop(__ecx);
									__eax = ".exe";
									if(_a12 != 0x8004) {
										__eax = ".rec";
									}
									__eax = E004043D7(__edi);
									__edi = __edi - 4;
									__eax = __edi - 4 + __eax;
									__eax = E004044CF(__eax, __eax);
									_pop(__ecx);
									__eflags = __eax;
									_pop(__ecx);
									if(__eax != 0) {
										__eflags = _a12 - 0x8004;
										if(_a12 != 0x8004) {
											__esi = ".rec";
										}
										__eax = E00404464(__edi, __esi);
										_pop(__ecx);
										_pop(__ecx);
									}
									__eax = DeleteFileA(__edi);
									__eflags = _a12 - 0x8001;
									if(_a12 != 0x8001) {
										__eax =  &_v348;
										GetModuleHandleA(__ebx) = GetModuleFileNameA(__eax,  &_v348, 0xff);
										__eax =  &_v348;
										__eax = CopyFileA( &_v348, __edi, __ebx);
										__eflags = __eax;
										if(__eax != 0) {
											__eax = CreateFileA(__edi, 0xc0000000, 3, __ebx, 4, 0x80, __ebx);
											_v8 = __eax;
											__eax = GetFileSize(__eax, __ebx);
											__eflags = __eax - __ebx;
											_v24 = __eax;
											if(__eax == __ebx) {
												L151:
												__eax =  *0x4069f4; // 0x0
												__eax = __eax << 2;
												__eax = E00403EA0(__edi, 0xffffffff,  *0x4069f0, __eax, __ebx, __ebx);
												__ecx =  *0x406a10; // 0x8e00
												__eax = __eax + __ecx;
												__eflags = __eax - __ecx;
												_v20 = __eax;
												if(__eax > __ecx) {
													__ecx =  *0x406a04; // 0x0
													_push(1);
													_pop(__edx);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__eflags = __ecx - __ebx;
														_v16 = 0x406e20;
														_v12 = __edx;
														if(__ecx == __ebx) {
															L157:
															__ecx = 0x100000;
															__esi = " MB";
															__eflags = __eax - 0x100000;
															if(__eax <= 0x100000) {
																__esi = "KB";
															}
															__eflags = __eax - __ecx;
															asm("cdq");
															if(__eax <= __ecx) {
																__ecx = 0x400;
															}
															_t237 = __eax % __ecx;
															__eflags = _t237;
															__eax = __eax / __ecx;
															__edx = _t237;
															_t240 =  &_v16; // 0x406e20
															 &_v668 = wsprintfA( &_v668, "  Compile successful\t\n\n  \"%s\"   (%d %s)\n\nProgram attributes:\n----------------------------------\n  Execution Speed:\t %d%sx\n  Repeat Loops:\t %d", __edi,  &_v668, __esi, _v12,  *_t240,  *0x40600c);
															__esp = __esp + 0x20;
															L162:
															_push(9);
															__eax = 0;
															_pop(__ecx);
															__edi =  &(_v92.hwndOwner);
															__eax = memset(__edi, 0, __ecx << 2);
															__edi = __edi + __ecx;
															__ecx = 0;
															_v92.cbSize = 0x28;
															_v92.hInstance = GetModuleHandleA(__ebx);
															__eax = _a4;
															_v92.hwndOwner = _a4;
															__eax =  &_v668;
															_v92.lpszText =  &_v668;
															__eax =  *0x406a00; // 0x0
															__eax = __eax | 0x00010080;
															_v92.lpszCaption = "TinyTask";
															_v92.dwStyle = __eax;
															__eax =  &_v92;
															_v92.lpszIcon = 0xfa1;
															__eax = MessageBoxIndirectA( &_v92);
															goto L393;
														}
														L156:
														_v12 = __ecx;
														goto L157;
													}
													_v16 = "/2";
													goto L156;
												}
												 &_v668 = E004043F5( &_v668, "  Compile Error\n\n");
												 &_v668 = E00404464( &_v668, __edi);
												goto L162;
											}
											__eflags = __eax;
											__eax = E0040424C(__eax, 1);
											_pop(__ecx);
											__esi = __eax;
											_pop(__ecx);
											SetFilePointer(_v8, __ebx, __ebx, __ebx) =  &_v24;
											__eax = ReadFile(_v8, __esi, _v24,  &_v24, __ebx);
											_v20 = __ebx;
											do {
												__eflags = _v20 - __ebx;
												__eax = __eax & 0xffffff00 | _v20 != __ebx;
												__eax = __eax - 1;
												__al =  &_v348;
												__eax = E004042CA( &_v348, __al, 5);
												__eflags = _v24 - __ebx;
												_v12 = __ebx;
												if(_v24 <= __ebx) {
													goto L146;
												}
												__eax = __ebx;
												do {
													__eflags = _v16 - __ebx;
													if(_v16 == __ebx) {
														__eflags =  *((char*)(__esi + __eax)) - 0x50;
														if( *((char*)(__esi + __eax)) == 0x50) {
															__eflags =  *((char*)(__esi + __eax + 1)) - 0x45;
															if( *((char*)(__esi + __eax + 1)) == 0x45) {
																_v16 = __eax;
															}
														}
													}
													__eax = _v12;
													__ecx =  &_v348;
													__eax =  &(_v12[__esi]);
													__eax = E0040433F( &(_v12[__esi]),  &_v348, 5);
													__eflags = __eax;
													if(__eax == 0) {
														__eflags = _v20 - __ebx;
														__ecx =  *0x40600c; // 0x1
														if(_v20 != __ebx) {
															__ecx =  *0x406a04; // 0x0
														}
														__eax = 0x1869f;
														__eflags = __ecx - 0x1869f;
														if(__ecx < 0x1869f) {
															__eax = __ecx;
														}
														 &_v668 = wsprintfA( &_v668, "%05d",  &_v668);
														 &_v668 = _v12;
														__eax =  &(_v12[__esi]);
														__eflags =  &(_v12[__esi]);
														__eax = E0040430D( &(_v12[__esi]),  &_v668, 5);
													}
													__eax = _v12;
													__eax =  &(_v12[1]);
													__eflags = __eax - _v24;
													_v12 = __eax;
												} while (__eax < _v24);
												L146:
												_v20 = _v20 + 1;
												__eflags = _v20 - 2;
											} while (_v20 < 2);
											__eflags = _v16 - __ebx;
											if(_v16 != __ebx) {
												_t221 =  &(_v16[0x58]); // 0x58
												__esi + _t221 = E004042CA(__esi + _t221, __ebx, 4);
											}
											SetFilePointer(_v8, __ebx, __ebx, __ebx) =  &_v24;
											WriteFile(_v8, __esi, _v24,  &_v24, __ebx) = CloseHandle(_v8);
											__eflags = __esi - __ebx;
											if(__esi != __ebx) {
												__eax = E00404294(__esi);
											}
											goto L151;
										}
										_push(0x10030);
										_push(__edi);
										_push("Unable to write file");
										goto L165;
									} else {
										__eax =  *0x4069f4; // 0x0
										__eax = E00403EA0(__edi, __ebx,  *0x4069f0, __eax, __ebx, __ebx);
										 *0x406b18 = __bl;
										__eax = E0040454C(__edi, 0x5c);
										__eflags = __eax - __ebx;
										if(__eax != __ebx) {
											_t185 = __eax + 1; // 0x1
											__edi = _t185;
										}
										__esi = 0x406b18;
										__eax = E004043F5(0x406b18, __edi);
										_pop(__ecx);
										_pop(__ecx);
										_push(0x406b18);
										_push( *0x4069e0); // executed
										goto L128;
									}
								}
							case 2:
								mouse_event(4, 0, 0, 0, 0);
								__esi = keybd_event;
								__edi = 0;
								__eflags = 0;
								do {
									__eflags = __edi - 0x14;
									if(__edi == 0x14) {
										goto L186;
									}
									__eflags = __edi - 0x90;
									if(__edi == 0x90) {
										goto L186;
									}
									__eflags = __edi - 0x91;
									if(__edi == 0x91) {
										goto L186;
									}
									__eax = GetAsyncKeyState(__edi);
									__eflags = __ah & 0x00000080;
									if((__ah & 0x00000080) != 0) {
										L177:
										__eflags = __edi - 0x21;
										if(__edi < 0x21) {
											L179:
											__eflags = __edi - 0x11;
											if(__edi == 0x11) {
												L184:
												_push(1);
												_pop(__eax);
												L185:
												__al = __al | 0x00000002;
												__eflags = __al;
												_push(__ebx);
												_push(__eax);
												_push(MapVirtualKeyA(__edi, __ebx));
												_push(__edi);
												__eax = __esi->i();
												goto L186;
											}
											__eflags = __edi - 0x5b;
											if(__edi == 0x5b) {
												goto L184;
											}
											__eflags = __edi - 0x5c;
											if(__edi == 0x5c) {
												goto L184;
											}
											__eflags = __edi - 0x5d;
											if(__edi == 0x5d) {
												goto L184;
											}
											__eax = 0;
											goto L185;
										}
										__eflags = __edi - 0x2e;
										if(__edi <= 0x2e) {
											goto L184;
										}
										goto L179;
									}
									__eflags = __edi - 1;
									if(__edi == 1) {
										L175:
										__eax = GetAsyncKeyState(__edi);
										L176:
										__eax = __eax >> 0xf;
										__eax = __eax & 0x00000001;
										__eflags = __eax - __ebx;
										if(__eax == __ebx) {
											goto L186;
										}
										goto L177;
									}
									__eflags = __edi - 2;
									if(__edi == 2) {
										goto L175;
									}
									__eflags = __edi - 4;
									if(__edi == 4) {
										goto L175;
									}
									__eax = GetKeyState(__edi);
									goto L176;
									L186:
									__edi = __edi + 1;
									__eflags = __edi - 0x100;
								} while (__edi < 0x100);
								_push(0x3f);
								__eax = 0;
								_pop(__ecx);
								__edi =  &_v923;
								_v924 = __bl;
								__eax = memset(__edi, 0, __ecx << 2);
								__edi = __edi + __ecx;
								__ecx = 0;
								asm("stosw");
								asm("stosb");
								 &_v924 = E004042CA( &_v924, __ebx, 0x100);
								 &_v924 = SetKeyboardState( &_v924);
								__edi = 0;
								__eflags = 0;
								do {
									__eax = GetAsyncKeyState(__edi);
									__edi = __edi + 1;
									__eflags = __edi - 0xff;
								} while (__edi < 0xff);
								__eax = GetKeyState(0x91);
								__eflags = __al & 0x00000001;
								if((__al & 0x00000001) == 0) {
									L211:
									_push(1);
									_pop(__esi);
									Sleep(__esi);
									__eflags =  *0x406a08 - __ebx; // 0x0
									if(__eflags != 0) {
										__eax = KillTimer(_a4, 0x3e9);
										__eax = GetTickCount();
										__eax = __eax -  *0x4069f8;
										__eflags =  *0x406b18 - __bl; // 0x0
										 *0x406a08 = __ebx;
										 *0x4069fc = __eax;
										__eax = 0x406b18;
										if(__eflags == 0) {
											__eax = "TinyTask";
										}
										__eax = SetWindowTextA(_a4, __eax);
										__eax =  *0x4069f0; // 0x0
										__eflags = __eax - __ebx;
										if(__eax == __ebx) {
											goto L393;
										} else {
											__edx =  *0x4069f4; // 0x0
											__edx =  ~__edx;
											_t278 = __edx - 1; // -1
											__esi = _t278;
											asm("sbb ecx, ecx");
											__ecx =  ~__edx & _t278;
											__eflags = __ecx;
											_v20 = __ecx;
											if(__ecx <= 0) {
												L225:
												__eflags = __ecx - __ebx;
												if(__ecx != __ebx) {
													__edx = __ecx;
													 *0x4069f4 = __edx;
												}
												__ecx = __edx;
												__edx = __edx + 3;
												__eflags = __ecx - __edx;
												_v24 = __ecx;
												if(__ecx >= __edx) {
													L231:
													__eax = InvalidateRect(_a4, __ebx, 1);
													goto L393;
												} else {
													while(1) {
														__eax = E004042CA(__eax, __ebx, 0x14);
														__ecx = _v24;
														__eax =  *0x4069f4; // 0x0
														__ecx = _v24 + 1;
														__eax = __eax + 3;
														_v24 = __ecx;
														__eflags = __ecx - __eax;
														if(__ecx >= __eax) {
															goto L231;
														}
														__eax =  *0x4069f0; // 0x0
													}
													goto L231;
												}
											} else {
												goto L221;
											}
											while(1) {
												L221:
												__esi = __ecx + __ecx * 4;
												__edi =  *(__eax + __esi * 4);
												__esi = __eax + __esi * 4;
												__eflags = __edi - __ebx;
												if(__edi == __ebx) {
													goto L225;
												}
												__eflags = __edi - 0x201;
												if(__edi != 0x201) {
													L224:
													__ecx = __ecx - 1;
													__eflags = __ecx - __ebx;
													_v20 = __ecx;
													if(__ecx > __ebx) {
														continue;
													}
													goto L225;
												}
												__esi =  *(__esi + 0x10);
												__eflags = __esi - _a4;
												if(__esi == _a4) {
													goto L225;
												}
												goto L224;
											}
											goto L225;
										}
									}
									__eax =  *0x4069f0; // 0x0
									 *0x406a08 = 0x8002;
									__eflags = __eax - __ebx;
									if(__eax != __ebx) {
										__eax = E00404294(__eax);
										 *0x4069f0 = __ebx;
									}
									__eax =  &_v32;
									 *0x4069f4 = __ebx;
									__eax = GetCursorPos( &_v32);
									__al = _v32.y;
									__edi = 0xfe;
									__al = _v32.y + _v32.x;
									__eflags = __al;
									 *0x406d20 = __al;
									do {
										GetKeyState(__esi) = __eax >> 0xf;
										__al = __al & 0x00000001;
										 *(__esi + 0x406d20) = __al;
										__esi =  &(__esi->i);
										__edi = __edi - 1;
										__eflags = __edi;
									} while (__edi != 0);
									 *0x4069f8 = GetTickCount();
									__eax = SetTimer(_a4, 0x3e9, 0xa, __ebx);
									goto L231;
								}
								__edi = VkKeyScanA;
								__eax = VkKeyScanA(0xffffff91);
								_v16 = __al;
								__eax = VkKeyScanA(0xffffff91);
								__ecx = 0;
								__cl = __ah;
								__eflags = __ah;
								if(__ah == 0) {
									__edi = MapVirtualKeyA;
								} else {
									__edi = MapVirtualKeyA;
									_push(__ebx);
									_push(__ebx);
									_push(MapVirtualKeyA(0x10, __ebx));
									_push(0x10);
									__eax = __esi->i();
								}
								__al = _v16;
								__eflags = __al - 0x21;
								if(__al < 0x21) {
									L195:
									__eflags = __al - 0x11;
									if(__al == 0x11) {
										goto L200;
									}
									__eflags = __al - 0x5b;
									if(__al == 0x5b) {
										goto L200;
									}
									__eflags = __al - 0x5c;
									if(__al == 0x5c) {
										goto L200;
									}
									__eflags = __al - 0x5d;
									if(__al == 0x5d) {
										goto L200;
									}
									__ecx = 0;
									goto L201;
								} else {
									__eflags = __al - 0x2e;
									if(__al <= 0x2e) {
										L200:
										_push(1);
										_pop(__ecx);
										L201:
										__eax = __al & 0x000000ff;
										_push(__ebx);
										_push(__ecx);
										_v12 = __eax;
										_push(__eax);
										_push(_v16);
										__eax = __esi->i();
										__al = _v16;
										__eflags = __al - 0x21;
										if(__al < 0x21) {
											L203:
											__eflags = __al - 0x11;
											if(__al == 0x11) {
												L208:
												_push(1);
												_pop(__eax);
												L209:
												__al = __al | 0x00000002;
												_push(__ebx);
												_push(__eax);
												_push(MapVirtualKeyA(_v12, __ebx));
												_push(_v16);
												__esi->i() = VkKeyScanA(0xffffff91);
												__ecx = 0;
												__cl = __ah;
												__eflags = __ah;
												if(__ah != 0) {
													_push(__ebx);
													_push(2);
													_push(MapVirtualKeyA(0x10, __ebx));
													_push(0x10);
													__eax = __esi->i();
												}
												goto L211;
											}
											__eflags = __al - 0x5b;
											if(__al == 0x5b) {
												goto L208;
											}
											__eflags = __al - 0x5c;
											if(__al == 0x5c) {
												goto L208;
											}
											__eflags = __al - 0x5d;
											if(__al == 0x5d) {
												goto L208;
											}
											__eax = 0;
											goto L209;
										}
										__eflags = __al - 0x2e;
										if(__al <= 0x2e) {
											goto L208;
										}
										goto L203;
									}
									goto L195;
								}
							case 3:
								__eax =  *0x406a08; // 0x0
								__eflags = __eax - 0x8002;
								if(__eax == 0x8002) {
									goto L393;
								}
								__eflags =  *0x4069f0 - __ebx; // 0x0
								if(__eflags != 0) {
									__eflags = __eax;
									if(__eax != 0) {
										 *0x406a0c =  *0x406a0c + 1;
										__eflags =  *0x406a0c;
									} else {
										 *0x406a0c = 0;
										 *0x406a08 = 0x8003;
									}
									mouse_event(4, __ebx, __ebx, __ebx, __ebx);
									__esi = keybd_event;
									__edi = 0;
									__eflags = 0;
									do {
										__eflags = __edi - 0x14;
										if(__edi == 0x14) {
											goto L258;
										}
										__eflags = __edi - 0x90;
										if(__edi == 0x90) {
											goto L258;
										}
										__eflags = __edi - 0x91;
										if(__edi == 0x91) {
											goto L258;
										}
										__eax = GetAsyncKeyState(__edi);
										__eflags = __ah & 0x00000080;
										if((__ah & 0x00000080) != 0) {
											L249:
											__eflags = __edi - 0x21;
											if(__edi < 0x21) {
												L251:
												__eflags = __edi - 0x11;
												if(__edi == 0x11) {
													L256:
													_push(1);
													_pop(__eax);
													L257:
													__al = __al | 0x00000002;
													__eflags = __al;
													_push(__ebx);
													_push(__eax);
													_push(MapVirtualKeyA(__edi, __ebx));
													_push(__edi);
													__eax = __esi->i();
													goto L258;
												}
												__eflags = __edi - 0x5b;
												if(__edi == 0x5b) {
													goto L256;
												}
												__eflags = __edi - 0x5c;
												if(__edi == 0x5c) {
													goto L256;
												}
												__eflags = __edi - 0x5d;
												if(__edi == 0x5d) {
													goto L256;
												}
												__eax = 0;
												goto L257;
											}
											__eflags = __edi - 0x2e;
											if(__edi <= 0x2e) {
												goto L256;
											}
											goto L251;
										}
										__eflags = __edi - 1;
										if(__edi == 1) {
											L247:
											__eax = GetAsyncKeyState(__edi);
											L248:
											__eax = __eax >> 0xf;
											__eax = __eax & 0x00000001;
											__eflags = __eax - __ebx;
											if(__eax == __ebx) {
												goto L258;
											}
											goto L249;
										}
										__eflags = __edi - 2;
										if(__edi == 2) {
											goto L247;
										}
										__eflags = __edi - 4;
										if(__edi == 4) {
											goto L247;
										}
										__eax = GetKeyState(__edi);
										goto L248;
										L258:
										__edi = __edi + 1;
										__eflags = __edi - 0x100;
									} while (__edi < 0x100);
									_push(0x3f);
									__eax = 0;
									_pop(__ecx);
									__edi =  &_v923;
									_v924 = __bl;
									__eax = memset(__edi, 0, __ecx << 2);
									__edi = __edi + __ecx;
									__ecx = 0;
									asm("stosw");
									asm("stosb");
									 &_v924 = E004042CA( &_v924, __ebx, 0x100);
									 &_v924 = SetKeyboardState( &_v924);
									__edi = 0;
									__eflags = 0;
									do {
										__eax = GetAsyncKeyState(__edi);
										__edi = __edi + 1;
										__eflags = __edi - 0xff;
									} while (__edi < 0xff);
									__eax = GetKeyState(0x91);
									__eflags = __al & 0x00000001;
									if((__al & 0x00000001) == 0) {
										L283:
										Sleep(1);
										_a12 = _a12 >> 0x10;
										__eflags = __ax;
										if(__ax != 0) {
											L288:
											__eflags =  *0x406d1d - __bl; // 0x0
											if(__eflags != 0) {
												__eax = PostMessageA(_a4, 0x10, __ebx, __ebx);
											}
											__eflags =  *0x406b18 - __bl; // 0x0
											 *0x406a0c = __ebx;
											 *0x406a08 = __ebx;
											__eax = 0x406b18;
											L291:
											if(__eflags == 0) {
												_t493 = "TinyTask";
											}
											_push(_t493);
											_push(_a4);
											L128:
											SetWindowTextA(); // executed
											goto L393;
										}
										__eax =  *0x406a0c; // 0x0
										__eflags = __eax -  *0x40600c; // 0x1
										if(__eflags < 0) {
											L286:
											__eax = GetTickCount();
											_push(__ebx);
											_push(0x19);
											 *0x4069f8 = __eax;
											 *0x4069f4 = __ebx;
											_push(0x3ea);
											L287:
											SetTimer(_a4, ??, ??, ??); // executed
											goto L393;
										}
										__eflags =  *0x406d1a - __bl; // 0x0
										if(__eflags == 0) {
											goto L288;
										}
										goto L286;
									}
									__edi = VkKeyScanA;
									__eax = VkKeyScanA(0xffffff91);
									_v16 = __al;
									__eax = VkKeyScanA(0xffffff91);
									__ecx = 0;
									__cl = __ah;
									__eflags = __ah;
									if(__ah == 0) {
										__edi = MapVirtualKeyA;
									} else {
										__edi = MapVirtualKeyA;
										_push(__ebx);
										_push(__ebx);
										_push(MapVirtualKeyA(0x10, __ebx));
										_push(0x10);
										__eax = __esi->i();
									}
									__al = _v16;
									__eflags = __al - 0x21;
									if(__al < 0x21) {
										L267:
										__eflags = __al - 0x11;
										if(__al == 0x11) {
											goto L272;
										}
										__eflags = __al - 0x5b;
										if(__al == 0x5b) {
											goto L272;
										}
										__eflags = __al - 0x5c;
										if(__al == 0x5c) {
											goto L272;
										}
										__eflags = __al - 0x5d;
										if(__al == 0x5d) {
											goto L272;
										}
										__ecx = 0;
										goto L273;
									} else {
										__eflags = __al - 0x2e;
										if(__al <= 0x2e) {
											L272:
											_push(1);
											_pop(__ecx);
											L273:
											__eax = __al & 0x000000ff;
											_push(__ebx);
											_push(__ecx);
											_v12 = __eax;
											_push(__eax);
											_push(_v16);
											__eax = __esi->i();
											__al = _v16;
											__eflags = __al - 0x21;
											if(__al < 0x21) {
												L275:
												__eflags = __al - 0x11;
												if(__al == 0x11) {
													L280:
													_push(1);
													_pop(__eax);
													L281:
													__al = __al | 0x00000002;
													_push(__ebx);
													_push(__eax);
													_push(MapVirtualKeyA(_v12, __ebx));
													_push(_v16);
													__esi->i() = VkKeyScanA(0xffffff91);
													__ecx = 0;
													__cl = __ah;
													__eflags = __ah;
													if(__ah != 0) {
														_push(__ebx);
														_push(2);
														_push(MapVirtualKeyA(0x10, __ebx));
														_push(0x10);
														__eax = __esi->i();
													}
													goto L283;
												}
												__eflags = __al - 0x5b;
												if(__al == 0x5b) {
													goto L280;
												}
												__eflags = __al - 0x5c;
												if(__al == 0x5c) {
													goto L280;
												}
												__eflags = __al - 0x5d;
												if(__al == 0x5d) {
													goto L280;
												}
												__eax = 0;
												goto L281;
											}
											__eflags = __al - 0x2e;
											if(__al <= 0x2e) {
												goto L280;
											}
											goto L275;
										}
										goto L267;
									}
								}
								__eax =  *0x406a00; // 0x0
								_push(__eax);
								L164:
								_push("TinyTask");
								_push("Nothing Recorded\n\nPress the blue button to start a new recording");
								L165:
								_push( *0x4069e0);
								goto L345;
							case 4:
								__eflags =  *0x406a08;
								asm("sbb eax, 0x406a08");
								if(__eflags != 0) {
									goto L393;
								} else {
									__edi = CreatePopupMenu();
									__eax =  *0x406a04; // 0x0
									__eax = __eax - 1;
									__esi = AppendMenuA;
									__eax =  ~__eax;
									asm("sbb eax, eax");
									__al = __al & 0x000000f8;
									__eax = __eax + 8;
									_v8 = __edi;
									__eax = AppendMenuA(__edi, __eax, 0x8006, 0x40649c);
									__eax =  *0x406a04; // 0x0
									__eax =  ~__eax;
									asm("sbb eax, eax");
									__al = __al & 0x000000f8;
									__eax = AppendMenuA(__edi, __eax, 0x8007, "Play Speed:   &1x");
									__eflags =  *0x406a04 - 2;
									if( *0x406a04 != 2) {
										__eax = 0;
										__eflags = 0;
									} else {
										_push(8);
										_pop(__eax);
									}
									__eax = AppendMenuA(__edi, __eax, 0x8008, "Play Speed:   &2x");
									__eflags =  *0x406a04 - 0x64;
									if( *0x406a04 != 0x64) {
										__eax = 0;
										__eflags = 0;
									} else {
										_push(8);
										_pop(__eax);
									}
									 &_v348 = wsprintfA( &_v348, "&Play Custom Speed:  %dx",  *0x406008);
									__eax =  *0x406a04; // 0x0
									__esp = __esp + 0xc;
									__eflags = __eax - __ebx;
									if(__eax == __ebx) {
										L307:
										__eax = 0;
										__eflags = 0;
										goto L308;
									} else {
										__eflags = __eax - 1;
										if(__eax == 1) {
											goto L307;
										}
										__eflags = __eax - 2;
										if(__eax == 2) {
											goto L307;
										}
										__eflags = __eax - 0x64;
										if(__eax == 0x64) {
											goto L307;
										}
										_push(8);
										_pop(__eax);
										L308:
										__ecx =  &_v348;
										__eax = AppendMenuA(_v8, __ebx, 0x8019, "&Set Custom Speed...");
										__edi = 0x800;
										__eax = AppendMenuA(_v8, 0x800, __ebx, __ebx);
										__al =  *0x406d1a; // 0x0
										__al =  ~__al;
										asm("sbb eax, eax");
										__eax = AppendMenuA(_v8, __eax, 0x800b, "&Continuous Playback");
										__eax =  *0x40600c; // 0x1
										__eflags = __eax - 1;
										if(__eax <= 1) {
											_push(1);
											_pop(__eax);
										}
										 &_v348 = wsprintfA( &_v348, "&Set Playback Loops...  (%d)",  &_v348);
										__esp = __esp + 0xc;
										 &_v348 = AppendMenuA(_v8, __ebx, 0x800c,  &_v348);
										__eax = AppendMenuA(_v8, __edi, __ebx, __ebx);
										__eax = CreatePopupMenu();
										_v16 = __eax;
										__eax = AppendMenuA(_v8, 0x10, __eax, "Recording &Hotkey");
										__al =  *0x406d1b; // 0x0
										__al =  ~__al;
										asm("sbb eax, eax");
										__al = __al & 0x000000f8;
										__eax = __eax + 8;
										__eax = AppendMenuA(_v16, __eax, 0x800f, "Control + Shift + Alt + R");
										__al =  *0x406d1b; // 0x0
										__al = __al - 1;
										__al =  ~__al;
										asm("sbb eax, eax");
										__al = __al & 0x000000f8;
										__eax = __eax + 8;
										__eax = AppendMenuA(_v16, __eax, 0x8010, "Print Screen");
										__al =  *0x406d1b; // 0x0
										__al = __al - 8;
										__al =  ~__al;
										asm("sbb eax, eax");
										__al = __al & 0x000000f8;
										__eax = __eax + 8;
										__eax = AppendMenuA(_v16, __eax, 0x8011, "F8");
										__al =  *0x406d1b; // 0x0
										__al = __al - 0xc;
										__al =  ~__al;
										asm("sbb eax, eax");
										__al = __al & 0x000000f8;
										__eax = AppendMenuA(_v16, __eax, 0x8012, "F12");
										__eax = CreatePopupMenu();
										_v12 = __eax;
										__eax = AppendMenuA(_v8, 0x10, __eax, "Playback Hot&key");
										__al =  *0x406d1c; // 0x0
										__al =  ~__al;
										asm("sbb eax, eax");
										__al = __al & 0x000000f8;
										__eax = __eax + 8;
										__eax = AppendMenuA(_v12, __eax, 0x8013, "Control + Shift + Alt + P");
										__al =  *0x406d1c; // 0x0
										__al = __al - 1;
										__al =  ~__al;
										asm("sbb eax, eax");
										__al = __al & 0x000000f8;
										__eax = __eax + 8;
										__eax = AppendMenuA(_v12, __eax, 0x8014, "Print Screen");
										__al =  *0x406d1c; // 0x0
										__al = __al - 8;
										__al =  ~__al;
										asm("sbb eax, eax");
										__al = __al & 0x000000f8;
										__eax = __eax + 8;
										__eax = AppendMenuA(_v12, __eax, 0x8015, "F8");
										__al =  *0x406d1c; // 0x0
										__al = __al - 0xc;
										__al =  ~__al;
										asm("sbb eax, eax");
										__al = __al & 0x000000f8;
										AppendMenuA(_v12, __edi, __ebx, __ebx) = AppendMenuA(_v12, 2, 0x800e, 0x406340);
										__eax = AppendMenuA(_v8, __edi, __ebx, __ebx);
										__eax =  *0x406a00; // 0x0
										__eax =  ~__eax;
										asm("sbb eax, eax");
										__eax = AppendMenuA(_v8, __eax, 0x8017, "Always on &Top");
										__eax =  *0x406a14; // 0x0
										__eax =  ~__eax;
										asm("sbb eax, eax");
										__al = __al & 0x000000f8;
										__eax = __eax + 8;
										__eax = AppendMenuA(_v8, __eax, 0x8018, "Show Captions");
										__al =  *0x406d1e; // 0x0
										__al =  ~__al;
										asm("sbb eax, eax");
										__eax = __eax & 0x00000008;
										__eax = AppendMenuA(_v8, __eax, 0x801a, "Use Custom Tool&bar...");
										__al =  *0x406d1e; // 0x0
										__al =  ~__al;
										asm("sbb eax, eax");
										__al = __al & 0x000000f8;
										AppendMenuA(_v8, __edi, __ebx, __ebx) = AppendMenuA(_v8, __ebx, 0x800d, "TinyTask &Website");
										AppendMenuA(_v8, __ebx, 0x800e, "&About TinyTask 1.77") =  &_v32;
										GetCursorPos( &_v32) =  &_v48;
										__eax = GetWindowRect(_a4,  &_v48);
										_push(_v32.y);
										__eax =  &_v48;
										__eax = PtInRect( &_v48, _v32.x);
										__ecx =  *0x406010; // 0x26
										__eflags = __eax;
										__eax = _v48.right;
										if(__eflags == 0) {
											L312:
											_v32.x = __eax;
											__eax = _v48.bottom;
											__eax = _v48.bottom + 0xfffffff7;
											__eflags = __eax;
											_v32.y = __eax;
											goto L313;
										} else {
											__edx =  *0x406040 & 0x000000ff;
											__eax = __eax - ( *0x406040 & 0x000000ff);
											__esi = __eax - ( *0x406040 & 0x000000ff) - __ecx;
											__eflags = _v32.x - __eax - ( *0x406040 & 0x000000ff) - __ecx;
											if(_v32.x >= __eax - ( *0x406040 & 0x000000ff) - __ecx) {
												L313:
												TrackPopupMenu(_v8, __ebx, _v32, _v32.y, __ebx, _a4, __ebx) = DestroyMenu(_v8);
												goto L393;
											}
											goto L312;
										}
									}
								}
							case 5:
								 *0x406a04 = 1;
								__eax = 0x406a04 + __eax;
								 *__eax =  *__eax + __eax;
								 *__eax =  *__eax + __al;
								goto L393;
							case 6:
								 *0x406a04 = 0;
								asm("sbb eax, 0x406a04");
								goto L393;
							case 7:
								 *0x406a04 = 2;
								__eax = 0x406a04 + __eax;
								 *__eax =  *__eax + __al;
								goto L393;
							case 8:
								__eax =  *0x406008; // 0x8
								 *0x406a04 = __eax;
								goto L393;
							case 9:
								 *0x406a04 = 0x64;
								__eax = 0x406a04 + __eax;
								 *[fs:eax] =  *[fs:eax] + __al;
								__cl = __cl + __ch;
								__al = __al -  *((intOrPtr*)(__eax + __eax));
								 *__eax =  *__eax + __bh;
								__eflags =  *__eax;
								goto L393;
							case 0xa:
								__eflags =  *0x406d1a - __bl;
								__eax = __eax & 0xffffff00 |  *0x406d1a == __bl;
								 *0x406d1a = __al;
								goto L393;
							case 0xb:
								_push(0);
								_push(0xa);
								_push(0x3ec);
								_push(_a4);
							case 0xc:
								__eax = ShellExecuteA(0, 0, "https://www.tinytask.net", 0, 0, 1);
								__eflags = __eax - 0x20;
								if(__eax > 0x20) {
									goto L393;
								}
								_push(0x10030);
								_push("TinyTask");
								_push("Unable to connect to \"www.tinytask.net\"");
								goto L344;
							case 0xd:
								 &_v348 = E004043F5( &_v348, 0x406128);
								_pop(__ecx);
								__esi = 0x3eb;
								_pop(__ecx);
								__eax = SetTimer(_a4, 0x3eb, 0xa, 0);
								_push(9);
								__eax = 0;
								_pop(__ecx);
								__edi =  &(_v92.hwndOwner);
								__eax = memset(__edi, 0, __ecx << 2);
								__edi = __edi + __ecx;
								__ecx = 0;
								_v92.cbSize = 0x28;
								_v92.hInstance = GetModuleHandleA(0);
								__eax =  &_v348;
								__edi = _a4;
								_v92.lpszText =  &_v348;
								__eax =  *0x406a00; // 0x0
								_v92.hwndOwner = __edi;
								__eax = __eax | 0x00010080;
								__eflags = __eax;
								_v92.lpszCaption = "About TinyTask";
								_v92.dwStyle = __eax;
								__eax =  &_v92;
								_v92.lpszIcon = 0xfa1;
								__eax = MessageBoxIndirectA( &_v92);
								_push(0x3eb);
								_push(__edi);
								__eax = KillTimer();
								goto L393;
							case 0xe:
								 *0x406d1b = __bl;
								asm("sbb eax, 0x406d1b");
								goto L393;
							case 0xf:
								__eflags =  *0x406d1c - 1;
								__eflags = __eax - 0x406d1c;
								_t369 =  &_a12244997;
								 *_t369 = _a12244997 + __esi;
								__eflags =  *_t369;
							case 0x10:
								__eflags =  *0x406d1c - 8;
								if( *0x406d1c == 8) {
									goto L343;
								}
								 *0x406d1b = 8;
								goto L393;
							case 0x11:
								__eflags =  *0x406d1c - 0xc;
								__eflags = __eax - 0x406d1c;
								__al = __al | 0x00000074;
								__eflags = __edx;
							case 0x12:
								 *0x406d1c = __bl;
								asm("sbb eax, 0x406d1c");
								goto L393;
							case 0x13:
								__eflags =  *0x406d1b - 1;
								__eflags = __eax - 0x406d1b;
								_t375 = __edx +  &_v62;
								 *_t375 = __esi +  *(__edx +  &_v62);
								__eflags =  *_t375;
							case 0x14:
								__eflags =  *0x406d1b - 8;
								if( *0x406d1b == 8) {
									L343:
									_push(0x10040);
									_push("TinyTask");
									_push("Hotkey Conflict");
									L344:
									_push(_a4);
									L345:
									__eax = MessageBoxA();
									goto L393;
								}
								 *0x406d1c = 8;
								goto L393;
							case 0x15:
								__eflags =  *0x406d1b - 0xc;
								__eflags = __eax - 0x406d1b;
								__al = __al | 0x00000075;
								asm("sbb eax, 0x1004068");
							case 0x16:
								__eax =  *0x406a00; // 0x0
								_push(3);
								__eax =  ~__eax;
								asm("sbb eax, eax");
								_push(0xa);
								__eax = __eax & 0xfffc0000;
								_push(0xa);
								_push(0);
								__eax = __eax + 0x40000;
								_push(0);
								_push(0);
								 *0x406a00 = __eax;
								_pop(__eax);
								__eax = __eax & 0xffffff00 | __eflags != 0x00000000;
								__eax = __eax - 1;
								__eax = SetWindowPos(_a4, __eax, ??, ??, ??, ??, ??);
								goto L393;
							case 0x17:
								__esi = _a4;
								 &_v48 = GetWindowRect(__esi,  &_v48);
								__eflags =  *0x406a14 - __ebx; // 0x0
								if(__eflags == 0) {
									_push(0xc);
									_pop(__eax);
									_t394 =  &(_v48.bottom);
									 *_t394 = _v48.bottom - __eax;
									__eflags =  *_t394;
									 *0x406a14 = __eax;
								} else {
									_v48.bottom = _v48.bottom + 0xc;
									 *0x406a14 = 0;
								}
								__eax = _v48.bottom;
								_push(0x436);
								__eax = _v48.bottom - _v48.top;
								_push(_v48.bottom - _v48.top);
								_v48.right = _v48.right - _v48.left;
								_push(_v48.right - _v48.left);
								goto L388;
							case 0x18:
								__eflags = _a12 - 0x801a;
								if(_a12 != 0x801a) {
									__eax = WritePrivateProfileStringA("TinyTask", "toolbar_image", 0, "C:\Users\jones\Desktop\tinytask-1-77.ini");
									 *0x406040 = 5;
									L384:
									 &_v52 =  &_v20;
									__eax = E0040392F( &_v20,  &_v52);
									__esi = _a4;
									_pop(__ecx);
									_pop(__ecx);
									__eax = GetWindowLongA(__esi, 0xfffffff0);
									__eflags = _v20 - 0xe0;
									if(_v20 <= 0xe0) {
										__eax = __eax & 0xfffdffff;
										__eflags = __eax;
									} else {
										__eax = __eax | 0x00020000;
									}
									_v24 = __eax;
									__eax = SetWindowLongA(__esi, 0xfffffff0, __eax);
									_push(0x26);
									_push(_v52);
									_push(_v20);
									L388:
									SetWindowPos(__esi, __ebx, __ebx, __ebx, ??, ??, ??) = InvalidateRect(__esi, __ebx, 1);
									__eax = UpdateWindow(__esi);
									goto L393;
								}
								__edi = 0x406c18;
								__eax =  &_v348;
								__esi = "TinyTask";
								__eax = GetPrivateProfileStringA("TinyTask", "toolbar_image", 0x406c18,  &_v348, 0xff, 0x406c18);
								__eax =  &_v348;
								__eflags = __eax;
								if(__eax != 0) {
									__eax =  &_v348;
									__eax = E004043D7( &_v348);
								}
								__ecx = __eax - 1;
								__eax =  &_v348;
								__eflags =  &_v348;
								if( &_v348 == 0) {
									L381:
									 &_v348 = E00404464( &_v348, "\\*.bmp");
									__eax =  &_v348;
									__eax = E00404111(_a4,  &_v348, "*.bmp", 1);
									__eflags = __eax;
									if(__eax == 0) {
										goto L393;
									}
									 &_v348 = E004041F6(__edi, __esi, "toolbar_image",  &_v348, __ebx);
									goto L384;
								} else {
									while(1) {
										__dl =  *(__ebp + __ecx - 0x158);
										__eax = __ebp + __ecx - 0x158;
										__eflags = __dl - __bl;
										if(__dl == __bl) {
											goto L381;
										}
										__eflags = __ecx - __ebx;
										if(__ecx < __ebx) {
											goto L381;
										}
										__eflags = __dl - 0x5c;
										if(__dl == 0x5c) {
											 *__eax = __bl;
											__ecx = 0;
											__eflags = 0;
										}
										__ecx = __ecx - 1;
									}
									goto L381;
								}
						}
					}
					_t598 = _t596;
					__eflags = _t598;
					if(_t598 == 0) {
						_t453 = _a12;
						__eflags = _t453 - 0x3e9;
						if(_t453 != 0x3e9) {
							__eflags = _t453 - 0x3ea;
							if(_t453 != 0x3ea) {
								__eflags = _t453 - 0x3ed;
								if(_t453 != 0x3ed) {
									__eflags = _t453 - 0x3eb;
									_t664 = 0x3ec;
									if(_t453 == 0x3eb) {
										L91:
										__eflags = _a12 - _t664;
										_t454 = "About TinyTask";
										if(_a12 == _t664) {
											_t454 = "Set Playback Loops";
										}
										_t455 = FindWindowExA(0, 0, 0, _t454);
										__eflags = _t455;
										_v12 = _t455;
										if(_t455 != 0) {
											L96:
											KillTimer(_a4, _a12);
											GetClientRect(_v12,  &_v48);
											__eflags = _a12 - _t664;
											_push(0);
											_push(0);
											if(_a12 != _t664) {
												_push(0x800d);
												_push(_v12);
												_push(0x1e);
												_push(_v48.right - _v48.left - 0x96);
												_t462 = GetVersion();
												__eflags = _t462 - 6;
												asm("sbb eax, eax");
												_t464 = (_t462 & 0x000000f6) + 0x19;
												__eflags = _t464;
												_push(_t464);
												_push(0x4b);
												_push(0x50000001);
												_push("tinytask.net");
												_push("STATIC");
											} else {
												_push(0);
												_push(_v12);
												_push(0x14);
												_push(_v48.right - _v48.left - 0x96);
												_t483 = GetVersion();
												__eflags = _t483 - 6;
												asm("sbb eax, eax");
												_push((_t483 & 0x000000f1) + 0x3c);
												_push(0x4b);
												_push(0x50812080);
												_push(0x406018);
												_push("EDIT");
											}
											_v8 = CreateWindowExA(8, ??, ??, ??, ??, ??, ??, ??, ??, ??, ??, ??);
											SendMessageA(_v8, 0x30, GetStockObject(0x11), 1);
											SetWindowLongA(_v8, 0xffffffeb, GetWindowLongA(_v8, 0xfffffffc));
											__eflags = _a12 - _t664;
											_t470 = E004032B3;
											if(_a12 != _t664) {
												_t470 = E00403108;
											}
											SetWindowLongA(_v8, 0xfffffffc, _t470);
											ShowWindow(_v8, 5);
											UpdateWindow(_v8);
											InvalidateRect(_v12, 0, 1);
											UpdateWindow(_v12);
											InvalidateRect(_v8, 0, 1);
											UpdateWindow(_v8);
											__eflags = _a12 - 0x3ec;
											if(_a12 == 0x3ec) {
												SendMessageA(_v8, 0xb1, 0, 0xffffffff);
												SetFocus(_v8);
											}
											goto L393;
										} else {
											_t486 = FindWindowExA(0, 0, 0, "Set Custom Speed");
											__eflags = _t486;
											_v12 = _t486;
											if(_t486 == 0) {
												goto L393;
											}
											_t664 = 0x3ec;
											goto L96;
										}
									}
									__eflags = _t453 - 0x3ec;
									if(_t453 != 0x3ec) {
										goto L393;
									}
									goto L91;
								}
								__eflags =  *0x406d1b; // 0x0
								if(__eflags != 0) {
									L59:
									__eflags =  *0x406d1b - 1;
									if( *0x406d1b != 1) {
										L61:
										__eflags =  *0x406d1b - 8;
										if( *0x406d1b != 8) {
											L63:
											__eflags =  *0x406d1b - 0xc;
											if( *0x406d1b != 0xc) {
												L66:
												__eflags =  *0x406d1c; // 0x0
												if(__eflags != 0) {
													L71:
													__eflags =  *0x406d1c - 1;
													if( *0x406d1c != 1) {
														L73:
														__eflags =  *0x406d1c - 8;
														if( *0x406d1c != 8) {
															L75:
															__eflags =  *0x406d1c - 0xc;
															if( *0x406d1c != 0xc) {
																L79:
																_t487 =  *0x406a08; // 0x0
																__eflags = _t487 - 0x8002;
																if(_t487 != 0x8002) {
																	__eflags = _t487 - 0x8003;
																	if(_t487 != 0x8003) {
																		__eflags =  *0x406b18; // 0x0
																		if(__eflags != 0) {
																			E004043F5( &_v668, 0x406b18);
																		}
																	} else {
																		_t497 = GetTickCount();
																		_v16 = "*";
																		_t604 =  *0x406d1a; // 0x0
																		__eflags = _t604;
																		_t677 = (_t497 -  *0x4069f8) / 0x3e8;
																		_v24 = _t677;
																		if(_t604 == 0) {
																			_v16 = 0x406e20;
																		}
																		_t667 = 0x3c;
																		_t125 =  &_v16; // 0x406e20
																		asm("sbb ecx, ecx");
																		_t608 =  *0x406a0c; // 0x0
																		wsprintfA( &_v668, "%02d:%02d (%d/%d%s)", _t677 / _t667, _t677 - _t677 / _t667 * 0x3c, _t608 + 1,  !( ~_t604) &  *0x40600c,  *_t125);
																	}
																} else {
																	_t504 = GetTickCount();
																	_t506 = (_t504 -  *0x4069f8) / 0x3e8;
																	_t679 = 0x3c;
																	_t613 = _t506;
																	_v24 = _t613;
																	wsprintfA( &_v668, "REC %02d:%02d", _t506 / _t679, _t613 - _t506 / _t679 * 0x3c);
																}
																GetWindowTextA(_a4,  &_v348, 0xff);
																_t492 = E0040448E( &_v668,  &_v348);
																__eflags = _t492;
																if(_t492 == 0) {
																	goto L393;
																} else {
																	__eflags = _v668;
																	_t493 =  &_v668;
																	goto L291;
																}
															}
															_t510 = GetKeyState(0x7b);
															__eflags = 0x00008000 & _t510;
															if((0x00008000 & _t510) == 0) {
																goto L79;
															}
															L77:
															Sleep(0x96);
															__eflags =  *0x406a08 - 0x8003; // 0x0
															_push(0);
															_t619 = ((0 | __eflags == 0x00000000) & 0x0000ffff) << 0x00000010 | 0x00008003;
															__eflags = _t619;
															_push(_t619);
															L78:
															PostMessageA(_a4, 0x111, ??, ??);
															goto L79;
														}
														_t513 = GetKeyState(0x77);
														__eflags = 0x00008000 & _t513;
														if((0x00008000 & _t513) != 0) {
															goto L77;
														}
														goto L75;
													}
													_t514 = GetKeyState(0x2c);
													__eflags = 0x00008000 & _t514;
													if((0x00008000 & _t514) != 0) {
														goto L77;
													}
													goto L73;
												}
												_t515 = GetKeyState(0x50);
												__eflags = 0x00008000 & _t515;
												if((0x00008000 & _t515) == 0) {
													goto L71;
												}
												_t516 = GetKeyState(0x11);
												__eflags = 0x00008000 & _t516;
												if((0x00008000 & _t516) == 0) {
													goto L71;
												}
												_t517 = GetKeyState(0x10);
												__eflags = 0x00008000 & _t517;
												if((0x00008000 & _t517) == 0) {
													goto L71;
												}
												_t518 = GetKeyState(0x12);
												__eflags = 0x00008000 & _t518;
												if((0x00008000 & _t518) != 0) {
													goto L77;
												}
												goto L71;
											}
											_t519 = GetKeyState(0x7b);
											__eflags = 0x00008000 & _t519;
											if((0x00008000 & _t519) == 0) {
												goto L66;
											}
											L65:
											_push(0);
											_push(0x8002);
											goto L78;
										}
										_t520 = GetKeyState(0x77);
										__eflags = 0x00008000 & _t520;
										if((0x00008000 & _t520) != 0) {
											goto L65;
										}
										goto L63;
									}
									_t521 = GetKeyState(0x2c);
									__eflags = 0x00008000 & _t521;
									if((0x00008000 & _t521) != 0) {
										goto L65;
									}
									goto L61;
								}
								_t522 = GetKeyState(0x52);
								__eflags = 0x00008000 & _t522;
								if((0x00008000 & _t522) == 0) {
									goto L59;
								}
								_t523 = GetKeyState(0x11);
								__eflags = 0x00008000 & _t523;
								if((0x00008000 & _t523) == 0) {
									goto L59;
								}
								_t524 = GetKeyState(0x10);
								__eflags = 0x00008000 & _t524;
								if((0x00008000 & _t524) == 0) {
									goto L59;
								}
								_t525 = GetKeyState(0x12);
								__eflags = 0x00008000 & _t525;
								if((0x00008000 & _t525) != 0) {
									goto L65;
								}
								goto L59;
							}
							__eflags =  *0x4069f0; // 0x0
							if(__eflags != 0) {
								KillTimer(_a4, 0x3ea);
								E004034C6(_a4, 0x3ea);
							}
							goto L393;
						}
						KillTimer(_a4, 0x3e9);
						E004032FD(_a4, 0x3e9);
						goto L393;
					}
					_t620 = _t598 - 0xed;
					__eflags = _t620;
					if(_t620 == 0) {
						_t530 = GetCursor();
						_t621 =  *0x4069e4; // 0x170355
						__eflags = _t530 - _t621;
						if(_t530 != _t621) {
							SetCursor(_t621);
						}
						goto L393;
					}
					__eflags = _t620 != 1;
					if(_t620 != 1) {
						goto L393;
					}
					_t644 =  *0x406010; // 0x26
					asm("cdq");
					_t534 = ((_a16 & 0x0000ffff) - (( *0x406040 & 0x000000ff) >> 1)) / (( *0x406040 & 0x000000ff) + _t644);
					__eflags = _t534;
					if(_t534 >= 0) {
						__eflags = _t534 - 5;
						if(_t534 > 5) {
							_t534 = 5;
						}
					} else {
						_t534 = 0;
					}
					_push(0);
					_push(_t534 + 0x00008000 & 0x0000ffff);
					_push(0x111);
					L34:
					PostMessageA(_a4, ??, ??, ??);
					goto L393;
				}
				if(_t693 == 0) {
					__eflags = _a12 - 0x4f;
					if(_a12 != 0x4f) {
						__eflags = _a12 - 0xd;
						if(_a12 != 0xd) {
							goto L393;
						}
						_push(0);
						_push(0x8005);
						L33:
						_push(0x111);
						goto L34;
					}
					_push(0);
					_push(0x8000);
					goto L33;
				}
				_t625 = _t595 - 1;
				if(_t625 == 0) {
					_t539 = CreateCursor(GetModuleHandleA(0), 5, 0, 0x20, 0x20, 0x4051b8, 0x405238);
					_push(0);
					_push(0x32);
					 *0x4069e4 = _t539;
					_push(0x3ed);
					goto L287;
				}
				_t626 = _t625 - 1;
				if(_t626 == 0) {
					__eflags =  *0x406d1d; // 0x0
					if(__eflags == 0) {
						GetWindowRect(_a4,  &_v48);
						_t681 = "TinyTask";
						E004041F6(0x406c18, "TinyTask", "window_x", 0, _v48.left);
						E004041F6(0x406c18, "TinyTask", "window_y", 0, _v48.top);
						E004041F6(0x406c18, "TinyTask", "speed", 0,  *0x406a04);
						E004041F6(0x406c18, "TinyTask", "speed_custom", 0,  *0x406008);
						E004041F6(0x406c18, "TinyTask", "record_key", 0,  *0x406d1b & 0x000000ff);
						E004041F6(0x406c18, _t681, "play_key", 0,  *0x406d1c & 0x000000ff);
						__eflags =  *0x406a00; // 0x0
						_t58 = __eflags != 0;
						__eflags = __eflags != 0;
						E004041F6(0x406c18, _t681, "topmost", 0, 0 | _t58);
						E004041F6(0x406c18, _t681, "hide_captions", 0,  *0x406a14);
						E004041F6(0x406c18, _t681, "toolbar_padding", 0,  *0x406040 & 0x000000ff);
					}
					_t541 =  *0x4069f0; // 0x0
					__eflags = _t541;
					if(_t541 != 0) {
						E00404294(_t541);
						 *0x4069f0 = 0;
					}
					_t542 =  *0x4069e4; // 0x170355
					__eflags = _t542;
					if(_t542 != 0) {
						DestroyCursor(_t542);
						 *0x4069e4 = 0;
					}
					_t543 =  *0x4069e8; // 0x9b05071f
					__eflags = _t543;
					if(_t543 != 0) {
						DeleteObject(_t543);
						 *0x4069e8 = 0;
					}
					_t544 =  *0x4069ec; // 0x8b0509b3
					__eflags = _t544;
					if(_t544 != 0) {
						DeleteObject(_t544);
						 *0x4069ec = 0;
					}
					KillTimer(_a4, 0x3ed);
					PostQuitMessage(0);
					L29:
					return 0;
				}
				_t628 = _t626 - 0xd;
				if(_t628 == 0) {
					BeginPaint(_a4,  &_v412);
					_a12 = CreateCompatibleDC(_v412.hdc);
					_v20 = 0;
					do {
						_t570 = SelectObject(_a12,  *0x4069ec);
						__eflags = _v20 - 2;
						_a16 = _t570;
						if(_v20 != 2) {
							L11:
							_t571 =  *0x406010; // 0x26
							_t647 = _t571 * _v20;
							__eflags = _t647;
							L12:
							_t648 =  *0x406014; // 0x2c
							BitBlt(_v412.hdc, (_t571 + ( *0x406040 & 0x000000ff)) * _v20 + ( *0x406040 & 0x000000ff),  *0x406040 & 0x000000ff, _t571, _t648 -  *0x406a14, _a12, _t647, 0, 0x8800c6);
							SelectObject(_a12, _a16);
							_t577 = SelectObject(_a12,  *0x4069e8);
							__eflags = _v20 - 2;
							_a16 = _t577;
							if(_v20 != 2) {
								L15:
								_t578 =  *0x406010; // 0x26
								_t651 = _t578 * _v20;
								__eflags = _t651;
								goto L16;
							}
							__eflags =  *0x406a08 - 0x8002;
							if( *0x406a08 != 0x8002) {
								goto L15;
							}
							_t578 =  *0x406010; // 0x26
							_t651 = _t578 + _t578 * 2 << 1;
							goto L16;
						}
						__eflags =  *0x406a08 - 0x8002;
						if( *0x406a08 != 0x8002) {
							goto L11;
						}
						_t571 =  *0x406010; // 0x26
						_t647 = _t571 + _t571 * 2 << 1;
						goto L12;
						L16:
						_t652 =  *0x406014; // 0x2c
						BitBlt(_v412, (_t578 + ( *0x406040 & 0x000000ff)) * _v20 + ( *0x406040 & 0x000000ff),  *0x406040 & 0x000000ff, _t578, _t652 -  *0x406a14, _a12, _t651, 0, 0xee0086);
						SelectObject(_a12, _a16);
						_v20 = _v20 + 1;
						__eflags = _v20 - 6;
					} while (_v20 < 6);
					DeleteDC(_a12);
					EndPaint(_a4,  &_v412);
					goto L29;
				} else {
					if(_t628 == 1) {
						DestroyWindow(_a4);
					}
					goto L393;
				}
			}

0x00401499
0x004014a2
0x004014a8
0x004014ab
0x004014b0
0x004014b3
0x004014b4
0x004014b5
0x004014bb
0x004014bc
0x004014c5
0x004014cb
0x004014cd
0x004014cf
0x004014d0
0x004014db
0x004014e1
0x004014e4
0x004014e6
0x004014e9
0x004014ec
0x004014ee
0x004014f4
0x004014f7
0x004014f9
0x004014fc
0x0040181f
0x0040181f
0x00401821
0x00401cb7
0x00401cbc
0x00401cbf
0x00402f05
0x00402f11
0x00000000
0x00402f11
0x00401cc5
0x00000000
0x00401ccc
0x00401cd2
0x00401ce9
0x00401cef
0x00401cf7
0x00401cf9
0x00401cff
0x00401d05
0x00401d13
0x00401d13
0x00401d05
0x00401cf9
0x00000000
0x00000000
0x00401d1d
0x00401d23
0x00000000
0x00000000
0x00401d29
0x00401d2f
0x0040212e
0x0040212e
0x00000000
0x0040212e
0x00401d35
0x00401d3c
0x00000000
0x00000000
0x00401d42
0x00401d4f
0x00401d54
0x00401d5a
0x00401d5b
0x00401d5c
0x00401d9e
0x00401d5e
0x00401d5e
0x00401d64
0x00401d70
0x00401d79
0x00401d7c
0x00401d81
0x00401d82
0x00401d84
0x00401d85
0x00401d87
0x00401d94
0x00401d94
0x00401d97
0x00401d97
0x00401da6
0x00401db0
0x00401db8
0x00401dba
0x00000000
0x00401dc0
0x00401dc8
0x00401dcd
0x00401dd3
0x00401dd4
0x00401dd9
0x00401dda
0x00401ddc
0x00401dde
0x00401dde
0x00401de5
0x00401ded
0x00401df0
0x00401df3
0x00401df8
0x00401df9
0x00401dfb
0x00401dfc
0x00401dfe
0x00401e04
0x00401e06
0x00401e06
0x00401e0d
0x00401e12
0x00401e13
0x00401e13
0x00401e15
0x00401e1b
0x00401e21
0x00401e76
0x00401e8a
0x00401e91
0x00401e99
0x00401e9f
0x00401ea1
0x00401ec4
0x00401ecc
0x00401ecf
0x00401ed5
0x00401ed7
0x00401eda
0x0040201f
0x0040201f
0x00402029
0x00402036
0x0040203b
0x00402044
0x00402046
0x00402048
0x0040204b
0x00402070
0x00402076
0x00402078
0x00402079
0x0040207b
0x00402086
0x00402088
0x0040208f
0x00402092
0x00402097
0x00402097
0x0040209c
0x004020a1
0x004020a3
0x004020a5
0x004020a5
0x004020aa
0x004020ac
0x004020ad
0x004020af
0x004020af
0x004020b4
0x004020b4
0x004020b4
0x004020b4
0x004020bc
0x004020d1
0x004020d7
0x004020da
0x004020da
0x004020dc
0x004020de
0x004020df
0x004020e2
0x004020e2
0x004020e2
0x004020e5
0x004020f2
0x004020f5
0x004020f8
0x004020fb
0x00402101
0x00402104
0x00402109
0x0040210e
0x00402115
0x00402118
0x0040211c
0x00402123
0x00000000
0x00402123
0x00402094
0x00402094
0x00000000
0x00402094
0x0040207d
0x00000000
0x0040207d
0x00402059
0x00402066
0x00000000
0x0040206b
0x00401ee0
0x00401ee8
0x00401eed
0x00401eee
0x00401ef0
0x00401efd
0x00401f09
0x00401f0f
0x00401f12
0x00401f12
0x00401f17
0x00401f1a
0x00401f25
0x00401f2c
0x00401f34
0x00401f37
0x00401f3a
0x00000000
0x00000000
0x00401f40
0x00401f42
0x00401f42
0x00401f45
0x00401f47
0x00401f4b
0x00401f4d
0x00401f52
0x00401f54
0x00401f54
0x00401f52
0x00401f4b
0x00401f57
0x00401f5a
0x00401f60
0x00401f66
0x00401f6e
0x00401f70
0x00401f72
0x00401f75
0x00401f7b
0x00401f7d
0x00401f7d
0x00401f83
0x00401f88
0x00401f8a
0x00401f8c
0x00401f8c
0x00401f9b
0x00401faa
0x00401fad
0x00401fad
0x00401fb0
0x00401fb5
0x00401fb8
0x00401fbb
0x00401fbc
0x00401fbf
0x00401fbf
0x00401fc8
0x00401fc8
0x00401fcb
0x00401fcb
0x00401fd5
0x00401fd8
0x00401fe0
0x00401fe5
0x00401fea
0x00401ff9
0x0040200e
0x00402014
0x00402016
0x00402019
0x0040201e
0x00000000
0x00402016
0x00401ea3
0x00401ea8
0x00401ea9
0x00000000
0x00401e23
0x00401e23
0x00401e39
0x00401e41
0x00401e47
0x00401e4f
0x00401e51
0x00401e53
0x00401e53
0x00401e53
0x00401e56
0x00401e5d
0x00401e62
0x00401e63
0x00401e64
0x00401e65
0x00000000
0x00401e65
0x00401e21
0x00000000
0x0040214e
0x00402154
0x0040215a
0x0040215a
0x0040215c
0x0040215c
0x0040215f
0x00000000
0x00000000
0x00402161
0x00402167
0x00000000
0x00000000
0x00402169
0x0040216f
0x00000000
0x00000000
0x00402172
0x00402178
0x0040217b
0x004021a6
0x004021a6
0x004021a9
0x004021b0
0x004021b0
0x004021b3
0x004021c8
0x004021c8
0x004021ca
0x004021cb
0x004021cb
0x004021cb
0x004021cd
0x004021ce
0x004021d7
0x004021d8
0x004021d9
0x00000000
0x004021d9
0x004021b5
0x004021b8
0x00000000
0x00000000
0x004021ba
0x004021bd
0x00000000
0x00000000
0x004021bf
0x004021c2
0x00000000
0x00000000
0x004021c4
0x00000000
0x004021c4
0x004021ab
0x004021ae
0x00000000
0x00000000
0x00000000
0x004021ae
0x0040217d
0x00402180
0x00402195
0x00402196
0x0040219c
0x0040219c
0x0040219f
0x004021a2
0x004021a4
0x00000000
0x00000000
0x00000000
0x004021a4
0x00402182
0x00402185
0x00000000
0x00000000
0x00402187
0x0040218a
0x00000000
0x00000000
0x0040218d
0x00000000
0x004021db
0x004021db
0x004021dc
0x004021dc
0x004021e8
0x004021ea
0x004021ec
0x004021ed
0x004021f3
0x004021fe
0x004021fe
0x004021fe
0x00402200
0x00402202
0x0040220b
0x0040221a
0x00402220
0x00402220
0x00402222
0x00402223
0x00402229
0x0040222a
0x0040222a
0x00402237
0x0040223d
0x0040223f
0x004022fb
0x004022fb
0x004022fd
0x004022ff
0x00402305
0x0040230b
0x0040238c
0x00402392
0x00402398
0x0040239e
0x004023a4
0x004023aa
0x004023af
0x004023b4
0x004023b6
0x004023b6
0x004023bf
0x004023c5
0x004023ca
0x004023cc
0x00000000
0x004023d2
0x004023d2
0x004023da
0x004023dc
0x004023dc
0x004023df
0x004023e1
0x004023e1
0x004023e3
0x004023e6
0x0040240d
0x0040240d
0x0040240f
0x00402411
0x00402413
0x00402413
0x00402419
0x0040241b
0x0040241e
0x00402420
0x00402423
0x00402451
0x00402457
0x00000000
0x00402425
0x0040242c
0x00402436
0x0040243b
0x0040243e
0x00402446
0x00402447
0x0040244a
0x0040244d
0x0040244f
0x00000000
0x00000000
0x00402427
0x00402427
0x00000000
0x0040242c
0x00000000
0x00000000
0x00000000
0x004023e8
0x004023e8
0x004023e8
0x004023eb
0x004023ee
0x004023f1
0x004023f3
0x00000000
0x00000000
0x004023f5
0x004023fb
0x00402405
0x00402405
0x00402406
0x00402408
0x0040240b
0x00000000
0x00000000
0x00000000
0x0040240b
0x004023fd
0x00402400
0x00402403
0x00000000
0x00000000
0x00000000
0x00402403
0x00000000
0x004023e8
0x004023cc
0x0040230d
0x00402312
0x0040231c
0x0040231e
0x00402321
0x00402327
0x00402327
0x0040232d
0x00402330
0x00402337
0x0040233d
0x00402340
0x00402345
0x00402345
0x00402348
0x0040234d
0x00402354
0x00402357
0x00402359
0x0040235f
0x00402360
0x00402360
0x00402360
0x00402371
0x00402379
0x00000000
0x00402379
0x00402245
0x0040224d
0x00402251
0x00402254
0x00402256
0x00402258
0x0040225a
0x0040225c
0x00402272
0x0040225e
0x0040225e
0x00402264
0x00402265
0x0040226b
0x0040226c
0x0040226e
0x0040226e
0x00402278
0x0040227b
0x0040227d
0x00402283
0x00402283
0x00402285
0x00000000
0x00000000
0x00402287
0x00402289
0x00000000
0x00000000
0x0040228b
0x0040228d
0x00000000
0x00000000
0x0040228f
0x00402291
0x00000000
0x00000000
0x00402293
0x00000000
0x0040227f
0x0040227f
0x00402281
0x00402297
0x00402297
0x00402299
0x0040229a
0x0040229a
0x0040229d
0x0040229e
0x004022a1
0x004022a6
0x004022a7
0x004022aa
0x004022ac
0x004022af
0x004022b1
0x004022b7
0x004022b7
0x004022b9
0x004022cb
0x004022cb
0x004022cd
0x004022ce
0x004022ce
0x004022d0
0x004022d1
0x004022d8
0x004022d9
0x004022e0
0x004022e6
0x004022e8
0x004022ea
0x004022ec
0x004022ee
0x004022ef
0x004022f6
0x004022f7
0x004022f9
0x004022f9
0x00000000
0x004022ec
0x004022bb
0x004022bd
0x00000000
0x00000000
0x004022bf
0x004022c1
0x00000000
0x00000000
0x004022c3
0x004022c5
0x00000000
0x00000000
0x004022c7
0x00000000
0x004022c7
0x004022b3
0x004022b5
0x00000000
0x00000000
0x00000000
0x004022b5
0x00000000
0x00402281
0x00000000
0x00402462
0x00402467
0x0040246c
0x00000000
0x00000000
0x00402472
0x00402478
0x0040248a
0x0040248c
0x004024a0
0x004024a0
0x0040248e
0x0040248e
0x00402494
0x00402494
0x004024ac
0x004024b2
0x004024b8
0x004024b8
0x004024ba
0x004024ba
0x004024bd
0x00000000
0x00000000
0x004024bf
0x004024c5
0x00000000
0x00000000
0x004024c7
0x004024cd
0x00000000
0x00000000
0x004024d0
0x004024d6
0x004024d9
0x00402504
0x00402504
0x00402507
0x0040250e
0x0040250e
0x00402511
0x00402526
0x00402526
0x00402528
0x00402529
0x00402529
0x00402529
0x0040252b
0x0040252c
0x00402535
0x00402536
0x00402537
0x00000000
0x00402537
0x00402513
0x00402516
0x00000000
0x00000000
0x00402518
0x0040251b
0x00000000
0x00000000
0x0040251d
0x00402520
0x00000000
0x00000000
0x00402522
0x00000000
0x00402522
0x00402509
0x0040250c
0x00000000
0x00000000
0x00000000
0x0040250c
0x004024db
0x004024de
0x004024f3
0x004024f4
0x004024fa
0x004024fa
0x004024fd
0x00402500
0x00402502
0x00000000
0x00000000
0x00000000
0x00402502
0x004024e0
0x004024e3
0x00000000
0x00000000
0x004024e5
0x004024e8
0x00000000
0x00000000
0x004024eb
0x00000000
0x00402539
0x00402539
0x0040253a
0x0040253a
0x00402546
0x00402548
0x0040254a
0x0040254b
0x00402551
0x0040255c
0x0040255c
0x0040255c
0x0040255e
0x00402560
0x00402569
0x00402578
0x0040257e
0x0040257e
0x00402580
0x00402581
0x00402587
0x00402588
0x00402588
0x00402595
0x0040259b
0x0040259d
0x00402659
0x0040265b
0x00402664
0x00402667
0x0040266a
0x004026a8
0x004026a8
0x004026ae
0x004026b7
0x004026b7
0x004026bd
0x004026c3
0x004026c9
0x004026cf
0x004026d4
0x004026d4
0x004026d6
0x004026d6
0x004026db
0x004026dc
0x00401e6b
0x00401e6b
0x00000000
0x00401e6b
0x0040266c
0x00402671
0x00402677
0x00402681
0x00402681
0x00402687
0x00402688
0x0040268a
0x0040268f
0x00402695
0x0040269a
0x0040269d
0x00000000
0x0040269d
0x00402679
0x0040267f
0x00000000
0x00000000
0x00000000
0x0040267f
0x004025a3
0x004025ab
0x004025af
0x004025b2
0x004025b4
0x004025b6
0x004025b8
0x004025ba
0x004025d0
0x004025bc
0x004025bc
0x004025c2
0x004025c3
0x004025c9
0x004025ca
0x004025cc
0x004025cc
0x004025d6
0x004025d9
0x004025db
0x004025e1
0x004025e1
0x004025e3
0x00000000
0x00000000
0x004025e5
0x004025e7
0x00000000
0x00000000
0x004025e9
0x004025eb
0x00000000
0x00000000
0x004025ed
0x004025ef
0x00000000
0x00000000
0x004025f1
0x00000000
0x004025dd
0x004025dd
0x004025df
0x004025f5
0x004025f5
0x004025f7
0x004025f8
0x004025f8
0x004025fb
0x004025fc
0x004025ff
0x00402604
0x00402605
0x00402608
0x0040260a
0x0040260d
0x0040260f
0x00402615
0x00402615
0x00402617
0x00402629
0x00402629
0x0040262b
0x0040262c
0x0040262c
0x0040262e
0x0040262f
0x00402636
0x00402637
0x0040263e
0x00402644
0x00402646
0x00402648
0x0040264a
0x0040264c
0x0040264d
0x00402654
0x00402655
0x00402657
0x00402657
0x00000000
0x0040264a
0x00402619
0x0040261b
0x00000000
0x00000000
0x0040261d
0x0040261f
0x00000000
0x00000000
0x00402621
0x00402623
0x00000000
0x00000000
0x00402625
0x00000000
0x00402625
0x00402611
0x00402613
0x00000000
0x00000000
0x00000000
0x00402613
0x00000000
0x004025df
0x004025db
0x0040247a
0x00402484
0x00402133
0x00402133
0x00402138
0x0040213d
0x0040213d
0x00000000
0x00000000
0x004026e4
0x004026e5
0x004026ea
0x00000000
0x004026f0
0x004026f6
0x004026f8
0x004026fd
0x004026fe
0x00402704
0x00402706
0x0040270d
0x00402714
0x00402717
0x0040271c
0x0040271e
0x00402728
0x0040272a
0x00402731
0x00402738
0x0040273a
0x00402741
0x00402748
0x00402748
0x00402743
0x00402743
0x00402745
0x00402745
0x00402756
0x00402758
0x0040275f
0x00402766
0x00402766
0x00402761
0x00402761
0x00402763
0x00402763
0x00402788
0x0040278e
0x00402793
0x00402796
0x00402798
0x004027ae
0x004027ae
0x004027ae
0x00000000
0x0040279a
0x0040279a
0x0040279d
0x00000000
0x00000000
0x0040279f
0x004027a2
0x00000000
0x00000000
0x004027a4
0x004027a7
0x00000000
0x00000000
0x004027a9
0x004027ab
0x004027b0
0x004027b0
0x004027d0
0x004027d3
0x004027dd
0x004027df
0x004027e9
0x004027eb
0x004027f9
0x004027fb
0x00402800
0x00402803
0x00402805
0x00402807
0x00402807
0x00402815
0x0040281b
0x0040282e
0x00402836
0x00402838
0x00402846
0x0040284c
0x0040284e
0x00402858
0x0040285a
0x00402861
0x00402863
0x0040286a
0x0040286c
0x00402876
0x0040287d
0x0040287f
0x00402881
0x00402883
0x0040288a
0x0040288c
0x00402896
0x0040289d
0x0040289f
0x004028a1
0x004028a3
0x004028aa
0x004028ac
0x004028b6
0x004028bd
0x004028bf
0x004028c1
0x004028ca
0x004028cc
0x004028da
0x004028e0
0x004028e2
0x004028ec
0x004028ee
0x004028f5
0x004028f7
0x004028fe
0x00402900
0x0040290a
0x00402911
0x00402913
0x00402915
0x00402917
0x0040291e
0x00402920
0x0040292a
0x00402931
0x00402933
0x00402935
0x00402937
0x0040293e
0x00402940
0x0040294a
0x00402951
0x00402953
0x00402955
0x00402977
0x0040297f
0x00402981
0x0040298b
0x0040298d
0x0040299b
0x0040299d
0x004029a7
0x004029a9
0x004029b0
0x004029b2
0x004029b9
0x004029bb
0x004029c5
0x004029c7
0x004029ce
0x004029d5
0x004029e1
0x004029e6
0x004029e8
0x004029ea
0x00402a0b
0x00402a1d
0x00402a27
0x00402a2e
0x00402a34
0x00402a37
0x00402a3e
0x00402a44
0x00402a4a
0x00402a4c
0x00402a4f
0x00402a63
0x00402a65
0x00402a68
0x00402a6b
0x00402a6b
0x00402a6e
0x00000000
0x00402a51
0x00402a51
0x00402a5a
0x00402a5c
0x00402a5e
0x00402a61
0x00402a71
0x00402a89
0x00000000
0x00402a89
0x00000000
0x00402a61
0x00402a4f
0x00402798
0x00000000
0x00402a94
0x00402a95
0x00402a9a
0x00402a9c
0x00000000
0x00000000
0x00402aa3
0x00402aa4
0x00000000
0x00000000
0x00402aae
0x00402aaf
0x00402ab6
0x00000000
0x00000000
0x00402abd
0x00402ac2
0x00000000
0x00000000
0x00402acc
0x00402acd
0x00402ad2
0x00402ad5
0x00402ad7
0x00402ada
0x00402ada
0x00000000
0x00000000
0x00402adb
0x00402ae1
0x00402ae4
0x00000000
0x00000000
0x00402b9f
0x00402ba0
0x00402ba2
0x00402ba7
0x00000000
0x00402e66
0x00402e6c
0x00402e6f
0x00000000
0x00000000
0x00402e75
0x00402e7a
0x00402e7f
0x00000000
0x00000000
0x00402e95
0x00402e9a
0x00402e9b
0x00402ea0
0x00402ea8
0x00402eae
0x00402eb0
0x00402eb2
0x00402eb3
0x00402eb6
0x00402eb6
0x00402eb6
0x00402eb9
0x00402ec6
0x00402ec9
0x00402ecf
0x00402ed2
0x00402ed5
0x00402eda
0x00402edd
0x00402edd
0x00402ee2
0x00402ee9
0x00402eec
0x00402ef0
0x00402ef7
0x00402efd
0x00402efe
0x00402eff
0x00000000
0x00000000
0x00402aee
0x00402aef
0x00000000
0x00000000
0x00402af9
0x00402afa
0x00402aff
0x00402aff
0x00402aff
0x00000000
0x00402b0e
0x00402b15
0x00000000
0x00000000
0x00402b17
0x00000000
0x00000000
0x00402b23
0x00402b24
0x00402b29
0x00402b2b
0x00000000
0x00402b38
0x00402b39
0x00000000
0x00000000
0x00402b43
0x00402b44
0x00402b49
0x00402b49
0x00402b49
0x00000000
0x00402b58
0x00402b5f
0x00402b76
0x00402b76
0x00402b7b
0x00402b80
0x00402b85
0x00402b85
0x00402b88
0x00402b88
0x00000000
0x00402b88
0x00402b61
0x00000000
0x00000000
0x00402b6d
0x00402b6e
0x00402b73
0x00402b75
0x00000000
0x00402c9c
0x00402ca1
0x00402ca3
0x00402ca5
0x00402ca7
0x00402ca9
0x00402cae
0x00402cb0
0x00402cb1
0x00402cb6
0x00402cb7
0x00402cb9
0x00402cbe
0x00402cbf
0x00402cc2
0x00402cc8
0x00000000
0x00000000
0x00402cd3
0x00402cdb
0x00402ce1
0x00402ce7
0x00402cf5
0x00402cf7
0x00402cf8
0x00402cf8
0x00402cf8
0x00402cfb
0x00402ce9
0x00402ce9
0x00402ced
0x00402ced
0x00402d00
0x00402d03
0x00402d08
0x00402d0b
0x00402d0f
0x00402d12
0x00000000
0x00000000
0x00402d18
0x00402d1e
0x00402de9
0x00402def
0x00402df6
0x00402dfa
0x00402dfe
0x00402e03
0x00402e06
0x00402e07
0x00402e0b
0x00402e11
0x00402e18
0x00402e21
0x00402e21
0x00402e1a
0x00402e1a
0x00402e1a
0x00402e2a
0x00402e2d
0x00402e33
0x00402e35
0x00402e38
0x00402e3b
0x00402e49
0x00402e50
0x00000000
0x00402e50
0x00402d24
0x00402d29
0x00402d37
0x00402d42
0x00402d48
0x00402d4e
0x00402d50
0x00402d52
0x00402d59
0x00402d5e
0x00402d5f
0x00402d62
0x00402d68
0x00402d6a
0x00402d8e
0x00402d9a
0x00402da1
0x00402db0
0x00402db8
0x00402dba
0x00000000
0x00000000
0x00402dcf
0x00000000
0x00402d6c
0x00402d6c
0x00402d6c
0x00402d73
0x00402d7a
0x00402d7c
0x00000000
0x00000000
0x00402d7e
0x00402d80
0x00000000
0x00000000
0x00402d82
0x00402d85
0x00402d87
0x00402d89
0x00402d89
0x00402d89
0x00402d8b
0x00402d8b
0x00000000
0x00402d6c
0x00000000
0x00401cc5
0x00401828
0x00401828
0x00401829
0x00401893
0x0040189b
0x0040189d
0x004018bc
0x004018be
0x004018e4
0x004018e9
0x00401b24
0x00401b29
0x00401b2e
0x00401b38
0x00401b38
0x00401b3b
0x00401b40
0x00401b42
0x00401b42
0x00401b51
0x00401b53
0x00401b55
0x00401b58
0x00401b74
0x00401b7a
0x00401b87
0x00401b8d
0x00401b90
0x00401b91
0x00401b92
0x00401bcc
0x00401bd4
0x00401bdc
0x00401bde
0x00401bdf
0x00401be5
0x00401be7
0x00401beb
0x00401beb
0x00401bee
0x00401bef
0x00401bf1
0x00401bf6
0x00401bfb
0x00401b94
0x00401b97
0x00401b9b
0x00401ba3
0x00401ba5
0x00401ba6
0x00401bac
0x00401bae
0x00401bb5
0x00401bb6
0x00401bb8
0x00401bbd
0x00401bc2
0x00401bc2
0x00401c0c
0x00401c1b
0x00401c38
0x00401c3a
0x00401c3d
0x00401c42
0x00401c44
0x00401c44
0x00401c4f
0x00401c56
0x00401c65
0x00401c73
0x00401c78
0x00401c80
0x00401c85
0x00401c87
0x00401c8e
0x00401c9f
0x00401ca8
0x00401ca8
0x00000000
0x00401b5a
0x00401b62
0x00401b64
0x00401b66
0x00401b69
0x00000000
0x00000000
0x00401b6f
0x00000000
0x00401b6f
0x00401b58
0x00401b30
0x00401b32
0x00000000
0x00000000
0x00000000
0x00401b32
0x004018ef
0x00401900
0x00401926
0x00401926
0x0040192d
0x00401938
0x00401938
0x0040193f
0x0040194a
0x0040194a
0x00401951
0x00401967
0x00401967
0x0040196d
0x00401993
0x00401993
0x0040199a
0x004019a5
0x004019a5
0x004019ac
0x004019b7
0x004019b7
0x004019be
0x004019fc
0x004019fc
0x00401a01
0x00401a06
0x00401a4c
0x00401a51
0x00401ac6
0x00401acc
0x00401ada
0x00401ae0
0x00401a53
0x00401a53
0x00401a66
0x00401a6f
0x00401a75
0x00401a77
0x00401a79
0x00401a7c
0x00401a7e
0x00401a7e
0x00401a8b
0x00401a8e
0x00401a93
0x00401a9e
0x00401abb
0x00401ac1
0x00401a08
0x00401a08
0x00401a1d
0x00401a21
0x00401a22
0x00401a26
0x00401a3e
0x00401a44
0x00401af0
0x00401b04
0x00401b0a
0x00401b0d
0x00000000
0x00401b13
0x00401b13
0x00401b19
0x00000000
0x00401b19
0x00401b0d
0x004019c2
0x004019c4
0x004019c7
0x00000000
0x00000000
0x004019c9
0x004019ce
0x004019db
0x004019e1
0x004019eb
0x004019eb
0x004019ed
0x004019ee
0x004019f6
0x00000000
0x004019f6
0x004019b0
0x004019b2
0x004019b5
0x00000000
0x00000000
0x00000000
0x004019b5
0x0040199e
0x004019a0
0x004019a3
0x00000000
0x00000000
0x00000000
0x004019a3
0x00401971
0x00401973
0x00401976
0x00000000
0x00000000
0x0040197a
0x0040197c
0x0040197f
0x00000000
0x00000000
0x00401983
0x00401985
0x00401988
0x00000000
0x00000000
0x0040198c
0x0040198e
0x00401991
0x00000000
0x00000000
0x00000000
0x00401991
0x00401955
0x00401957
0x0040195a
0x00000000
0x00000000
0x0040195c
0x0040195c
0x0040195d
0x00000000
0x0040195d
0x00401943
0x00401945
0x00401948
0x00000000
0x00000000
0x00000000
0x00401948
0x00401931
0x00401933
0x00401936
0x00000000
0x00000000
0x00000000
0x00401936
0x00401904
0x00401906
0x00401909
0x00000000
0x00000000
0x0040190d
0x0040190f
0x00401912
0x00000000
0x00000000
0x00401916
0x00401918
0x0040191b
0x00000000
0x00000000
0x0040191f
0x00401921
0x00401924
0x00000000
0x00000000
0x00000000
0x00401924
0x004018c0
0x004018c6
0x004018d0
0x004018da
0x004018da
0x00000000
0x004018c6
0x004018a3
0x004018ad
0x00000000
0x004018ad
0x0040182b
0x0040182b
0x00401831
0x00401873
0x00401879
0x0040187f
0x00401881
0x00401888
0x00401888
0x00000000
0x00401881
0x00401833
0x00401834
0x00000000
0x00000000
0x0040184b
0x00401853
0x00401854
0x00401856
0x00401858
0x0040185e
0x00401861
0x00401865
0x00401865
0x0040185a
0x0040185a
0x0040185a
0x0040186b
0x0040186f
0x00401870
0x004017fa
0x004017fd
0x00000000
0x004017fd
0x00401502
0x004017e9
0x004017ed
0x00401808
0x0040180c
0x00000000
0x00000000
0x00401812
0x00401813
0x004017f5
0x004017f5
0x00000000
0x004017f5
0x004017ef
0x004017f0
0x00000000
0x004017f0
0x00401508
0x00401509
0x004017d1
0x004017d7
0x004017d8
0x004017da
0x004017df
0x00000000
0x004017df
0x0040150f
0x00401510
0x00401669
0x0040166f
0x0040167c
0x00401685
0x00401697
0x004016a7
0x004016ba
0x004016cd
0x004016e5
0x004016fa
0x00401701
0x00401707
0x00401707
0x00401713
0x00401726
0x0040173e
0x00401743
0x00401746
0x0040174b
0x0040174d
0x00401750
0x00401756
0x00401756
0x0040175c
0x00401761
0x00401763
0x00401766
0x0040176c
0x0040176c
0x00401772
0x0040177d
0x0040177f
0x00401782
0x00401784
0x00401784
0x0040178a
0x0040178f
0x00401791
0x00401794
0x00401796
0x00401796
0x004017a4
0x004017ab
0x004017b1
0x00000000
0x004017b1
0x00401516
0x00401519
0x0040153a
0x00401558
0x0040155b
0x0040155e
0x00401567
0x00401569
0x0040156d
0x00401570
0x0040158a
0x0040158a
0x00401591
0x00401591
0x00401595
0x004015a3
0x004015c4
0x004015cc
0x004015d7
0x004015d9
0x004015dd
0x004015e0
0x004015fa
0x004015fa
0x00401601
0x00401601
0x00000000
0x00401601
0x004015e2
0x004015ec
0x00000000
0x00000000
0x004015ee
0x004015f6
0x00000000
0x004015f6
0x00401572
0x0040157c
0x00000000
0x00000000
0x0040157e
0x00401586
0x00000000
0x00401605
0x00401613
0x00401634
0x0040163c
0x0040163e
0x00401641
0x00401641
0x0040164e
0x0040165e
0x00000000
0x0040151b
0x0040151c
0x00401525
0x00401525
0x00000000
0x0040151c

APIs

DestroyWindow.USER32(?), ref: 00401525
BeginPaint.USER32(?,?), ref: 0040153A
CreateCompatibleDC.GDI32(?), ref: 00401546
SelectObject.GDI32(?), ref: 00401567
BitBlt.GDI32(?,00000002,?,00000026,-004069E8,00000002,00000002,00000000,008800C6), ref: 004015C4
SelectObject.GDI32(00000002,?), ref: 004015CC
SelectObject.GDI32(00000002), ref: 004015D7
BitBlt.GDI32(?,00000002,?,00000026,-004069E8,00000002,00000002,00000000,00EE0086), ref: 00401634
SelectObject.GDI32(00000002,?), ref: 0040163C
DeleteDC.GDI32(00000006), ref: 0040164E
EndPaint.USER32(?,?,?,00000026,-004069E8,00000002,00000002,00000000,00EE0086,?,00000026,-004069E8,00000002,00000002,00000000,008800C6), ref: 0040165E
GetWindowRect.USER32 ref: 0040167C
DestroyCursor.USER32(00170355), ref: 00401766
DeleteObject.GDI32(9B05071F), ref: 00401782
DeleteObject.GDI32(8B0509B3), ref: 00401794
KillTimer.USER32(?,000003ED), ref: 004017A4
GetModuleHandleA.KERNEL32(00000000,00000005,00000000,00000020,00000020,004051B8,00405238), ref: 004017CA
CreateCursor.USER32(00000000), ref: 004017D1
PostMessageA.USER32 ref: 004017FD
GetCursor.USER32 ref: 00401873
SetCursor.USER32(00170355), ref: 00401888
SetTimer.USER32(?,000003ED,00000032,00000000), ref: 0040269D
DefWindowProcA.USER32(?,?,?,?), ref: 00402F11

Strings

tinytask.net, xrefs: 00401BF6
window_x, xrefs: 00401690
TinyTask, xrefs: 00401685, 004016A5, 004016B8, 004016CB, 004016E3, 004016F8, 00401711, 00401724, 0040173C, 0040210E, 00402133, 004026D6, 004026DB
EDIT, xrefs: 00401BC2
Set Playback Loops, xrefs: 00401B42, 00401B4D
Program Files (*.exe), xrefs: 00401D97, 00401DA5
topmost, xrefs: 0040170C
REC %02d:%02d, xrefs: 00401A38
n@, xrefs: 00401A8E
Nothing RecordedPress the blue button to start a new recording, xrefs: 00402138
Compile Error, xrefs: 00402053
.rec, xrefs: 00401D6A, 00401DDE, 00401DE3, 00401E06, 00401E0B
C:\Users\user\Desktop\tinytask-1-77.ini, xrefs: 0040168A, 00401696, 004016A6, 004016B9, 004016CC, 004016E4, 004016F9, 00401712, 00401725, 0040173D
MB, xrefs: 0040209C, 004020C2
speed_custom, xrefs: 004016C6
Recording Files (*.rec), xrefs: 00401CE0, 00401D9E
O, xrefs: 004017E9
speed, xrefs: 004016B3
record_key, xrefs: 004016DE
Set Custom Speed, xrefs: 00401B5A
About TinyTask, xrefs: 00401B3B
Compile successful "%s" (%d %s)Program attributes:---------------------------------- Execution Speed: %d%sx Repeat Loops: %d, xrefs: 004020CB
hide_captions, xrefs: 0040171F
window_y, xrefs: 004016A0
toolbar_padding, xrefs: 00401737
.exe, xrefs: 00401DD4
%02d:%02d (%d/%d%s), xrefs: 00401AB5
%05d, xrefs: 00401F95
play_key, xrefs: 004016F3
Unable to write file, xrefs: 00401EA9
STATIC, xrefs: 00401BFB

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: Object$CursorSelect$DeleteWindow$CreateDestroyPaintTimer$BeginCompatibleHandleKillMessageModulePostProcRect
String ID: Compile Error$ Compile successful "%s" (%d %s)Program attributes:---------------------------------- Execution Speed: %d%sx Repeat Loops: %d$ MB$ n@$%02d:%02d (%d/%d%s)$%05d$.exe$.rec$About TinyTask$C:\Users\user\Desktop\tinytask-1-77.ini$EDIT$Nothing RecordedPress the blue button to start a new recording$O$Program Files (*.exe)$REC %02d:%02d$Recording Files (*.rec)$STATIC$Set Custom Speed$Set Playback Loops$TinyTask$Unable to write file$hide_captions$play_key$record_key$speed$speed_custom$tinytask.net$toolbar_padding$topmost$window_x$window_y
API String ID: 3974302151-104542411
Opcode ID: 3328e2d432b1d7fda1f29fb1e81baa9d243d82a702f79ae110f6decac78090d2
Instruction ID: f722533ecfca98a017aa9ff3a069563f491adbaca09d2f8958cd1ec79fb6b22f
Opcode Fuzzy Hash: 3328e2d432b1d7fda1f29fb1e81baa9d243d82a702f79ae110f6decac78090d2
Instruction Fuzzy Hash: 8B7292B1900209BBDF209F64DD49EAF7B79EB44344F11413AF606B62E1DB788E509F68

Uniqueness

Uniqueness Score: -1.00%

Function 00401000 Relevance: 80.9, APIs: 28, Strings: 18, Instructions: 408
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 47%

			E00401000(void* __eflags, struct HINSTANCE__* _a4, intOrPtr _a12) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				int _v24;
				int _v28;
				struct _WNDCLASSEXA _v76;
				struct tagMSG _v104;
				void* _v116;
				struct tagRECT _v120;
				void _v375;
				signed int _v376;
				void _v631;
				char _v632;
				int _t88;
				signed int _t99;
				signed int _t100;
				struct HINSTANCE__* _t103;
				struct HICON__* _t104;
				signed int _t107;
				signed int _t109;
				struct HWND__* _t113;
				void* _t117;
				void* _t139;
				CHAR* _t146;
				int _t149;
				int _t153;
				int _t158;
				int _t163;
				int _t164;
				int _t169;
				int _t170;
				signed int _t172;
				int _t175;
				signed char* _t180;
				CHAR* _t181;
				signed int _t183;
				signed char _t196;
				intOrPtr _t204;
				void* _t209;
				signed char _t223;
				CHAR* _t234;
				void* _t235;
				int _t236;
				CHAR* _t237;
				intOrPtr* _t238;
				void* _t239;
				void* _t241;
				void* _t242;
				void* _t246;
				void* _t247;
				void* _t248;
				void* _t252;

				_t181 = 0;
				_t183 = 0xb;
				_v76.cbSize = 0;
				_push(6);
				_t88 = memset( &(_v76.style), 0, _t183 << 2);
				_v104.hwnd = 0;
				_v120.left = 0;
				memset( &(_v104.message), _t88, 0 << 2);
				_v632 = _v632 & 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_push(0x3f);
				memset( &_v631, 0, 0 << 2);
				_v376 = _v376 & 0;
				_push(0x3f);
				asm("stosw");
				asm("stosb");
				memset( &_v375, 0, 0 << 2);
				_t246 = _t242 + 0x30;
				asm("stosw");
				_v16 = 0;
				_v20 = 0;
				_v12 = 0;
				_v8 = 0;
				asm("stosb");
				if(E004043D7(_a12) > 0xfe) {
				}
				E0040441B( &_v376, _a12, 0xfe);
				_t247 = _t246 + 0xc;
				if(0x406038 != 0) {
					 *0x406a10 = E00404617(0x406038);
				} else {
					 *0x406a10 = _t181;
				}
				_t99 = E00403C71(_t181);
				_t252 = _t99 -  *0x406a10; // 0x8e00
				_t234 = "TinyTask";
				_t100 = _t99 & 0xffffff00 | _t252 > 0x00000000;
				 *0x406d1d = _t100;
				if(_t100 != 0) {
					L17:
					_t236 = 0x30;
					E004042CA( &_v76, _t181, _t236);
					_t103 = _a4;
					_t248 = _t247 + 0xc;
					_v76.cbSize = _t236;
					_v76.style = _t181;
					_v76.lpfnWndProc = E00401489;
					_v76.hInstance = _t103;
					_v76.hCursor = _t181;
					_t104 = LoadIconA(_t103, 0xfa1); // executed
					_v76.hIcon = _t104;
					_t237 = "TinyTaskClass";
					_v76.hIconSm = _t181;
					_v76.hbrBackground = 0x10;
					_v76.lpszMenuName = _t181;
					_v76.lpszClassName = _t237;
					if(RegisterClassExA( &_v76) != 0) {
						if(_v12 <= 0xe0) {
							_t107 = 0;
						} else {
							_t107 = 0x20000;
						}
						_t109 =  *0x406a00; // 0x0
						asm("sbb eax, eax");
						_t113 = CreateWindowExA( ~_t109 & 0x00000008 | 0x00040000, _t237, _t234, _t107 | 0x86c80000, _v16, _v20, _v12, _v8, _t181, _t181, _a4, _t181); // executed
						 *0x4069e0 = _t113;
						if(_t113 != _t181) {
							_t196 =  *0x406d1d; // 0x0
							asm("sbb ecx, ecx");
							ShowWindow(_t113, ( ~_t196 & 0xfffffffb) + 5); // executed
							UpdateWindow( *0x4069e0);
							if(_a12 == _t181 || _v376 == 0) {
								if( *0x406d1d == 0) {
									goto L45;
								}
								GetModuleFileNameA(GetModuleHandleA(_t181),  &_v632, 0xff);
								if(E00402F8E( &_v632,  *0x406a10) != 0) {
									_t129 = 0x40604c;
									if(0x40604c != 0) {
										_t129 = E00404617(0x40604c);
									}
									 *0x406a04 = _t129 & 0x000000ff;
									if(0x406044 != 0) {
										 *0x40600c = E00404617(0x406044);
									} else {
										 *0x40600c = _t181;
									}
									PostMessageA( *0x4069e0, 0x111, 0x8003, _t181);
									goto L45;
								}
								goto L38;
							} else {
								_t239 = 0;
								if( &_v376 == 0) {
									_t235 = 0;
								} else {
									_t235 = E004043D7( &_v376);
								}
								if( &_v376 == 0) {
									L35:
									E00402F8E( &_v376, _t181);
									L45:
									_t238 = GetMessageA;
									_push(_t181);
									_push(_t181);
									_push(_t181);
									_push( &_v104); // executed
									while(1) {
										_t117 =  *_t238(); // executed
										if(_t117 == _t181 || _t117 == 0xffffffff) {
											break;
										}
										TranslateMessage( &_v104);
										DispatchMessageA( &_v104); // executed
										_push(_t181);
										_push(_t181);
										_push(_t181);
										_push( &_v104);
									}
									return _v104.wParam;
								} else {
									while(1) {
										_t204 =  *((intOrPtr*)(_t241 + _t239 - 0x174));
										_t139 = _t241 + _t239 - 0x174;
										if(_t204 == 0) {
											goto L35;
										}
										if(_t204 != 0x22) {
											_t239 = _t239 + 1;
										} else {
											_t78 = _t139 + 1; // 0x1
											E00404399(_t139, _t78, _t235 - _t239);
											_t248 = _t248 + 0xc;
											_t235 = _t235 - 1;
										}
									}
									goto L35;
								}
							}
						} else {
							_push(0x12030);
							_push(_t234);
							_push("Startup Failure: CreateWindow");
							L19:
							MessageBoxA(_t181, ??, ??, ??);
							L38:
							return 0;
						}
					}
					_push(0x12030);
					_push(_t234);
					_push("Startup Failure: RegisterClass");
					goto L19;
				} else {
					GetModuleFileNameA(GetModuleHandleA(_t181), 0x406c18, 0xff);
					_t146 = 0x406c18;
					if(0x406c18 != 0) {
						_t146 = E004043D7(0x406c18);
					}
					_t26 = _t146 - 1; // -1
					_t209 = _t26;
					if(0x406c18 == 0) {
						L14:
						E00404464(0x406c18, ".ini");
						_t149 = GetPrivateProfileIntA(_t234, "toolbar_padding", 5, 0x406c18); // executed
						 *0x406040 = _t149;
						E0040392F( &_v12,  &_v8); // executed
						_t153 = GetSystemMetrics(0);
						asm("cdq");
						asm("cdq");
						_v28 = (_t153 - _t223 >> 1) - (_v12 - _t223 >> 1);
						_t158 = GetSystemMetrics(1);
						asm("cdq");
						asm("cdq");
						_v24 = (_t158 - _t223 >> 1) - (_v8 - _t223 >> 1);
						_t163 = GetPrivateProfileIntA(_t234, "window_x", _v28, 0x406c18); // executed
						_v16 = _t163;
						_t164 = GetPrivateProfileIntA(_t234, "window_y", _v24, 0x406c18);
						_t38 = _t164 + 1; // 0x1
						_v20 = _t164;
						_t41 = _v16 + 1; // 0x404703
						SetRect( &_v120, _v16, _t164, _t41, _t38);
						_t169 = RectVisible(GetDC(0),  &_v120); // executed
						if(_t169 == 0) {
							_v16 = _v28;
							_v20 = _v24;
						}
						_t170 = GetPrivateProfileIntA(_t234, "speed", 0, 0x406c18); // executed
						 *0x406a04 = _t170;
						 *0x406008 = GetPrivateProfileIntA(_t234, "speed_custom", 8, 0x406c18);
						_t172 = GetPrivateProfileIntA(_t234, "topmost", 0, 0x406c18);
						asm("sbb eax, eax");
						 *0x406a00 =  ~_t172 & 0x00040000;
						_t175 = GetPrivateProfileIntA(_t234, "hide_captions", 0, 0x406c18);
						_v8 = _v8 - _t175;
						 *0x406a14 = _t175;
						 *0x406d1b = GetPrivateProfileIntA(_t234, "record_key", 0, 0x406c18);
						 *0x406d1c = GetPrivateProfileIntA(_t234, "play_key", 0, 0x406c18);
						_t181 = 0;
						goto L17;
					} else {
						while(1) {
							_t223 =  *(_t209 + 0x406c18);
							_t180 = _t209 + 0x406c18;
							if(_t223 == 0 || _t209 < _t181) {
								goto L14;
							}
							if(_t223 == 0x2e) {
								 *_t180 =  *_t180 & 0x00000000;
								_t209 = 0;
							}
							_t209 = _t209 - 1;
						}
						goto L14;
					}
				}
			}

0x0040100e
0x00401010
0x00401016
0x00401019
0x0040101b
0x00401021
0x00401024
0x00401027
0x0040102c
0x00401032
0x00401033
0x00401034
0x00401035
0x00401040
0x00401042
0x00401048
0x0040104a
0x0040104c
0x00401059
0x00401059
0x0040105b
0x0040105d
0x00401060
0x00401063
0x00401066
0x00401069
0x00401077
0x00401079
0x00401086
0x00401090
0x00401097
0x004010a8
0x00401099
0x00401099
0x00401099
0x004010ae
0x004010b3
0x004010ba
0x004010bf
0x004010c4
0x004010c9
0x0040124f
0x00401254
0x00401258
0x0040125d
0x00401260
0x00401263
0x00401266
0x0040126f
0x00401276
0x00401279
0x0040127c
0x00401282
0x00401288
0x0040128e
0x00401291
0x00401298
0x0040129b
0x004012a7
0x004012c7
0x004012d0
0x004012c9
0x004012c9
0x004012c9
0x004012ea
0x004012f1
0x004012fe
0x00401306
0x0040130b
0x0040131a
0x00401322
0x0040132c
0x00401338
0x00401341
0x004013bd
0x00000000
0x00000000
0x004013d7
0x004013f1
0x004013fa
0x00401403
0x00401406
0x0040140b
0x0040140f
0x0040141d
0x0040142e
0x0040141f
0x0040141f
0x0040141f
0x00401444
0x00000000
0x00401444
0x00000000
0x0040134c
0x00401352
0x00401356
0x00401369
0x00401358
0x00401365
0x00401365
0x00401373
0x004013a4
0x004013ac
0x0040144a
0x0040144a
0x00401450
0x00401451
0x00401455
0x00401456
0x00401457
0x00401457
0x0040145b
0x00000000
0x00000000
0x00401466
0x00401470
0x00401476
0x00401477
0x0040147b
0x0040147c
0x0040147c
0x00000000
0x00401375
0x00401375
0x00401375
0x0040137c
0x00401385
0x00000000
0x00000000
0x0040138a
0x004013a1
0x0040138c
0x00401391
0x00401396
0x0040139b
0x0040139e
0x0040139e
0x0040138a
0x00000000
0x00401375
0x00401373
0x0040130d
0x0040130d
0x00401312
0x00401313
0x004012b4
0x004012b5
0x004013f3
0x00000000
0x004013f3
0x0040130b
0x004012a9
0x004012ae
0x004012af
0x00000000
0x004010cf
0x004010e2
0x004010e8
0x004010ec
0x004010ef
0x004010f4
0x004010f5
0x004010f5
0x004010fc
0x0040111f
0x00401125
0x0040113b
0x0040113d
0x0040114a
0x00401153
0x00401159
0x00401163
0x0040116c
0x0040116f
0x00401175
0x00401181
0x00401190
0x00401193
0x00401196
0x004011a2
0x004011a4
0x004011a7
0x004011ae
0x004011b8
0x004011cb
0x004011d3
0x004011d8
0x004011de
0x004011de
0x004011ea
0x004011f5
0x00401205
0x0040120a
0x0040120e
0x0040121e
0x00401223
0x00401225
0x00401231
0x00401241
0x00401248
0x0040124d
0x00000000
0x004010fe
0x004010fe
0x004010fe
0x00401104
0x0040110c
0x00000000
0x00000000
0x00401115
0x00401117
0x0040111a
0x0040111a
0x0040111c
0x0040111c
0x00000000
0x004010fe
0x004010fc

APIs

GetModuleHandleA.KERNEL32(00000000,C:\Users\user\Desktop\tinytask-1-77.ini,000000FF,?,00000000), ref: 004010DB
GetModuleFileNameA.KERNEL32(00000000,?,00000000), ref: 004010E2
GetPrivateProfileIntA.KERNEL32 ref: 0040113B
GetSystemMetrics.USER32 ref: 00401153
GetSystemMetrics.USER32 ref: 0040116F
GetPrivateProfileIntA.KERNEL32 ref: 00401193
GetPrivateProfileIntA.KERNEL32 ref: 004011A2
SetRect.USER32 ref: 004011B8
GetDC.USER32(00000000), ref: 004011C4
RectVisible.GDI32(00000000), ref: 004011CB
GetPrivateProfileIntA.KERNEL32 ref: 004011EA
GetPrivateProfileIntA.KERNEL32 ref: 004011FA
GetPrivateProfileIntA.KERNEL32 ref: 0040120A
GetPrivateProfileIntA.KERNEL32 ref: 00401223
GetPrivateProfileIntA.KERNEL32 ref: 00401236
GetPrivateProfileIntA.KERNEL32 ref: 00401246
LoadIconA.USER32(00000000,00000FA1), ref: 0040127C
RegisterClassExA.USER32(?), ref: 0040129E
MessageBoxA.USER32 ref: 004012B5
CreateWindowExA.USER32 ref: 004012FE
ShowWindow.USER32(00000000,-00000005,?,?,?,?,00000000), ref: 0040132C
UpdateWindow.USER32 ref: 00401338
GetModuleHandleA.KERNEL32(00000000,?,000000FF,?,?,?,?,00000000), ref: 004013D0
GetModuleFileNameA.KERNEL32(00000000,?,?,?,?,00000000), ref: 004013D7

Part of subcall function 00402F8E: wsprintfA.USER32 ref: 00402FD3
Part of subcall function 00402F8E: MessageBoxA.USER32 ref: 00402FF4

PostMessageA.USER32 ref: 00401444
KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00401457
TranslateMessage.USER32(?), ref: 00401466
DispatchMessageA.USER32 ref: 00401470

Strings

speed, xrefs: 004011E4
record_key, xrefs: 0040122B
window_x, xrefs: 00401184
TinyTask, xrefs: 004010BA, 0040113A, 0040118F, 004011A1, 004011E9, 004011F4, 00401204, 0040121D, 00401230, 00401240, 004012AE, 004012F3, 00401312
TinyTaskClass, xrefs: 00401288, 004012F7
hide_captions, xrefs: 00401218
topmost, xrefs: 004011FF
window_y, xrefs: 0040119C
.ini, xrefs: 0040111F
$$$$$, xrefs: 004013FA, 00401405
36352, xrefs: 0040108B, 004010A1
toolbar_padding, xrefs: 00401135
C:\Users\user\Desktop\tinytask-1-77.ini, xrefs: 004010CF, 004010D9, 004010EE, 00401124, 00401132, 00401178, 00401195, 004011E1, 004011EC, 004011FC, 00401210, 00401228, 00401238
speed_custom, xrefs: 004011EF
Startup Failure: RegisterClass, xrefs: 004012AF
Startup Failure: CreateWindow, xrefs: 00401313
@@@@@, xrefs: 00401414, 00401427
play_key, xrefs: 0040123B

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: PrivateProfile$Message$Module$Window$FileHandleMetricsNameRectSystem$CallbackClassCreateDispatchDispatcherIconLoadPostRegisterShowTranslateUpdateUserVisiblewsprintf
String ID: $$$$$$.ini$36352$@@@@@$C:\Users\user\Desktop\tinytask-1-77.ini$Startup Failure: CreateWindow$Startup Failure: RegisterClass$TinyTask$TinyTaskClass$hide_captions$play_key$record_key$speed$speed_custom$toolbar_padding$topmost$window_x$window_y
API String ID: 1572435291-1034089863
Opcode ID: 50be05e214897b5b73ae53f9ff58a90aeaef851f329f47b29bb95abc320a3051
Instruction ID: d9edc85bb2d409bc0d29e18e2679463e6c24fd010db42a333d5d0c6795cbaa8e
Opcode Fuzzy Hash: 50be05e214897b5b73ae53f9ff58a90aeaef851f329f47b29bb95abc320a3051
Instruction Fuzzy Hash: 14D18071A00209AFEB10DFB4DD49BAF7BB8EB44304F10453AF606FA1E1D77999548B68

Uniqueness

Uniqueness Score: -1.00%

Function 00402148 Relevance: 54.5, APIs: 30, Strings: 1, Instructions: 293
keyboardtimesleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 73%

			E00402148() {
				long _t56;
				CHAR* _t58;
				RECT* _t60;
				long _t61;
				RECT* _t65;
				RECT* _t67;
				signed char _t80;
				int _t81;
				intOrPtr _t84;
				unsigned int _t99;
				RECT* _t102;
				signed int _t104;
				signed int _t108;
				signed int _t109;
				signed int _t118;
				int _t120;
				int _t123;
				intOrPtr _t125;
				void* _t126;
				intOrPtr* _t130;
				int _t131;
				signed int _t134;
				void* _t135;
				void* _t137;
				void* _t139;
				void* _t141;
				void* _t177;

				mouse_event(4, _t102, _t102, _t102, _t102);
				_t130 = keybd_event;
				_t120 = 0;
				do {
					if(_t120 != 0x14 && _t120 != 0x90 && _t120 != 0x91) {
						if((GetAsyncKeyState(_t120) & 0x00000080) != 0) {
							L11:
							if(_t120 < 0x21 || _t120 > 0x2e) {
								if(_t120 == 0x11 || _t120 == 0x5b || _t120 == 0x5c || _t120 == 0x5d) {
									goto L18;
								} else {
								}
							} else {
								L18:
								_push(1);
								_pop(0);
							}
							 *_t130(_t120, MapVirtualKeyA(_t120, _t102), 2, _t102);
						} else {
							if(_t120 == 1 || _t120 == 2 || _t120 == 4) {
								_t99 = GetAsyncKeyState(_t120);
							} else {
								_t99 = GetKeyState(_t120);
							}
							if((_t99 >> 0x0000000f & 0x00000001) != _t102) {
								goto L11;
							}
						}
					}
					_t120 = _t120 + 1;
				} while (_t120 < 0x100);
				_t104 = 0x3f;
				 *(_t137 - 0x398) = _t102;
				memset(_t137 - 0x397, 0, _t104 << 2);
				asm("stosw");
				asm("stosb");
				E004042CA(_t137 - 0x398, _t102, 0x100);
				_t141 = _t139 + 0x18;
				SetKeyboardState(_t137 - 0x398);
				_t123 = 0;
				do {
					GetAsyncKeyState(_t123);
					_t123 = _t123 + 1;
				} while (_t123 < 0xff);
				if((GetKeyState(0x91) & 0x00000001) != 0) {
					 *((char*)(_t137 - 0xc)) = VkKeyScanA(0xffffff91);
					if(VkKeyScanA(0xffffff91) != 0) {
						 *_t130(0x10, MapVirtualKeyA(0x10, _t102), _t102, _t102);
					}
					_t80 =  *((intOrPtr*)(_t137 - 0xc));
					if(_t80 < 0x21 || _t80 > 0x2e) {
						if(_t80 == 0x11 || _t80 == 0x5b || _t80 == 0x5c || _t80 == 0x5d) {
							goto L34;
						} else {
						}
					} else {
						L34:
						_push(1);
						_pop(0);
					}
					_t81 = _t80 & 0x000000ff;
					 *(_t137 - 8) = _t81;
					 *_t130( *((intOrPtr*)(_t137 - 0xc)), MapVirtualKeyA(_t81, _t102), 0, _t102);
					_t84 =  *((intOrPtr*)(_t137 - 0xc));
					if(_t84 < 0x21 || _t84 > 0x2e) {
						if(_t84 == 0x11 || _t84 == 0x5b || _t84 == 0x5c || _t84 == 0x5d) {
							goto L42;
						} else {
						}
					} else {
						L42:
						_push(1);
						_pop(0);
					}
					 *_t130( *((intOrPtr*)(_t137 - 0xc)), MapVirtualKeyA( *(_t137 - 8), _t102), 2, _t102);
					if(VkKeyScanA(0xffffff91) != 0) {
						 *_t130(0x10, MapVirtualKeyA(0x10, _t102), 2, _t102);
					}
				}
				_t131 = 1;
				Sleep(_t131);
				_t177 =  *0x406a08 - _t102; // 0x0
				if(_t177 != 0) {
					KillTimer( *(_t137 + 8), 0x3e9);
					_t56 = GetTickCount();
					__eflags =  *0x406b18 - _t102; // 0x0
					 *0x406a08 = _t102;
					 *0x4069fc = _t56 -  *0x4069f8;
					_t58 = 0x406b18;
					if(__eflags == 0) {
						_t58 = "TinyTask";
					}
					SetWindowTextA( *(_t137 + 8), _t58);
					_t60 =  *0x4069f0; // 0x0
					__eflags = _t60 - _t102;
					if(_t60 != _t102) {
						_t118 =  *0x4069f4; // 0x0
						_t24 = _t118 - 1; // -1
						asm("sbb ecx, ecx");
						_t108 =  ~_t118 & _t24;
						__eflags = _t108;
						 *(_t137 - 0x10) = _t108;
						if(_t108 > 0) {
							while(1) {
								_t134 = _t108 + _t108 * 4;
								_t125 =  *((intOrPtr*)(_t60 + _t134 * 4));
								_t135 = _t60 + _t134 * 4;
								__eflags = _t125 - _t102;
								if(_t125 == _t102) {
									goto L59;
								}
								__eflags = _t125 - 0x201;
								if(_t125 != 0x201) {
									L58:
									_t108 = _t108 - 1;
									__eflags = _t108 - _t102;
									 *(_t137 - 0x10) = _t108;
									if(_t108 > _t102) {
										continue;
									}
								} else {
									__eflags =  *((intOrPtr*)(_t135 + 0x10)) -  *(_t137 + 8);
									if( *((intOrPtr*)(_t135 + 0x10)) !=  *(_t137 + 8)) {
										goto L58;
									}
								}
								goto L59;
							}
						}
						L59:
						__eflags = _t108 - _t102;
						if(_t108 != _t102) {
							_t118 = _t108;
							 *0x4069f4 = _t118;
						}
						_t109 = _t118;
						__eflags = _t109 - _t118 + 3;
						 *(_t137 - 0x14) = _t109;
						if(_t109 < _t118 + 3) {
							while(1) {
								E004042CA(_t60 + (_t109 + _t109 * 4) * 4, _t102, 0x14);
								_t65 =  *0x4069f4; // 0x0
								_t141 = _t141 + 0xc;
								_t109 =  *(_t137 - 0x14) + 1;
								 *(_t137 - 0x14) = _t109;
								__eflags = _t109 -  &(_t65->left);
								if(_t109 >=  &(_t65->left)) {
									goto L65;
								}
								_t60 =  *0x4069f0; // 0x0
							}
						}
						goto L65;
					}
				} else {
					_t67 =  *0x4069f0; // 0x0
					 *0x406a08 = 0x8002;
					if(_t67 != _t102) {
						E00404294(_t67);
						 *0x4069f0 = _t102;
					}
					 *0x4069f4 = _t102;
					GetCursorPos(_t137 - 0x1c);
					_t126 = 0xfe;
					 *0x406d20 =  *((intOrPtr*)(_t137 - 0x18)) +  *(_t137 - 0x1c);
					do {
						 *(_t131 + 0x406d20) = GetKeyState(_t131) >> 0x0000000f & 0x00000001;
						_t131 = _t131 + 1;
						_t126 = _t126 - 1;
					} while (_t126 != 0);
					 *0x4069f8 = GetTickCount();
					SetTimer( *(_t137 + 8), 0x3e9, 0xa, _t102);
					L65:
					InvalidateRect( *(_t137 + 8), _t102, 1);
				}
				_t61 = DefWindowProcA( *(_t137 + 8),  *(_t137 + 0xc),  *(_t137 + 0x10),  *(_t137 + 0x14)); // executed
				return _t61;
			}

0x0040214e
0x00402154
0x0040215a
0x0040215c
0x0040215f
0x0040217b
0x004021a6
0x004021a9
0x004021b3
0x00000000
0x004021c4
0x004021c4
0x004021c8
0x004021c8
0x004021c8
0x004021ca
0x004021ca
0x004021d9
0x0040217d
0x00402180
0x00402196
0x0040218c
0x0040218d
0x0040218d
0x004021a4
0x00000000
0x00000000
0x004021a4
0x0040217b
0x004021db
0x004021dc
0x004021ec
0x004021f3
0x004021fe
0x00402200
0x00402202
0x0040220b
0x00402210
0x0040221a
0x00402220
0x00402222
0x00402223
0x00402229
0x0040222a
0x0040223f
0x00402251
0x0040225c
0x0040226e
0x0040226e
0x00402278
0x0040227d
0x00402285
0x00000000
0x00402293
0x00402293
0x00402297
0x00402297
0x00402297
0x00402299
0x00402299
0x0040229a
0x004022a1
0x004022aa
0x004022ac
0x004022b1
0x004022b9
0x00000000
0x004022c7
0x004022c7
0x004022cb
0x004022cb
0x004022cb
0x004022cd
0x004022cd
0x004022dc
0x004022ec
0x004022f9
0x004022f9
0x004022ec
0x004022fd
0x004022ff
0x00402305
0x0040230b
0x0040238c
0x00402392
0x0040239e
0x004023a4
0x004023aa
0x004023af
0x004023b4
0x004023b6
0x004023b6
0x004023bf
0x004023c5
0x004023ca
0x004023cc
0x004023d2
0x004023dc
0x004023df
0x004023e1
0x004023e1
0x004023e3
0x004023e6
0x004023e8
0x004023e8
0x004023eb
0x004023ee
0x004023f1
0x004023f3
0x00000000
0x00000000
0x004023f5
0x004023fb
0x00402405
0x00402405
0x00402406
0x00402408
0x0040240b
0x00000000
0x00000000
0x004023fd
0x00402400
0x00402403
0x00000000
0x00000000
0x00402403
0x00000000
0x004023fb
0x004023e8
0x0040240d
0x0040240d
0x0040240f
0x00402411
0x00402413
0x00402413
0x00402419
0x0040241e
0x00402420
0x00402423
0x0040242c
0x00402436
0x0040243e
0x00402443
0x00402446
0x0040244a
0x0040244d
0x0040244f
0x00000000
0x00000000
0x00402427
0x00402427
0x0040242c
0x00000000
0x00402423
0x0040230d
0x0040230d
0x00402312
0x0040231e
0x00402321
0x00402327
0x00402327
0x00402330
0x00402337
0x00402340
0x00402348
0x0040234d
0x00402359
0x0040235f
0x00402360
0x00402360
0x00402371
0x00402379
0x00402451
0x00402457
0x00402457
0x00402f11
0x00402f1b

APIs

mouse_event.USER32 ref: 0040214E
GetAsyncKeyState.USER32(00000000), ref: 00402172
GetKeyState.USER32 ref: 0040218D
GetAsyncKeyState.USER32(00000000), ref: 00402196
MapVirtualKeyA.USER32 ref: 004021D1
keybd_event.USER32(00000000,00000000,?,00000001), ref: 004021D9
SetKeyboardState.USER32(?), ref: 0040221A
GetAsyncKeyState.USER32(00000000), ref: 00402223
GetKeyState.USER32 ref: 00402237
VkKeyScanA.USER32 ref: 0040224D
VkKeyScanA.USER32 ref: 00402254
MapVirtualKeyA.USER32 ref: 00402269
keybd_event.USER32(00000010,00000000), ref: 0040226E
MapVirtualKeyA.USER32 ref: 004022A4
keybd_event.USER32(?,00000000,?,00000001), ref: 004022AA
MapVirtualKeyA.USER32 ref: 004022D6
keybd_event.USER32(?,00000000,?,00000001), ref: 004022DC
VkKeyScanA.USER32 ref: 004022E0
MapVirtualKeyA.USER32 ref: 004022F4
keybd_event.USER32(00000010,00000000,?,00000002), ref: 004022F9
Sleep.KERNEL32(00000001), ref: 004022FF
GetCursorPos.USER32(?), ref: 00402337
GetKeyState.USER32 ref: 0040234E
GetTickCount.KERNEL32 ref: 00402363
SetTimer.USER32(?,000003E9,0000000A), ref: 00402379
KillTimer.USER32(?,000003E9), ref: 0040238C
GetTickCount.KERNEL32 ref: 00402392
SetWindowTextA.USER32(?,00406B18), ref: 004023BF
InvalidateRect.USER32(?,?,00000001), ref: 00402457
DefWindowProcA.USER32(?,?,?,?), ref: 00402F11

Strings

TinyTask, xrefs: 004023B6

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: State$Virtualkeybd_event$AsyncScan$CountTickTimerWindow$CursorInvalidateKeyboardKillProcRectSleepTextmouse_event
String ID: TinyTask
API String ID: 1390587733-3209981168
Opcode ID: 8820bf5f8dcef25e83e4578008bcf2b881564eada030580c280cd71e28e169f8
Instruction ID: 031df1eed1d18bf0559545632a0af1d58a23b815c6d10fae845eb6c15e90b205
Opcode Fuzzy Hash: 8820bf5f8dcef25e83e4578008bcf2b881564eada030580c280cd71e28e169f8
Instruction Fuzzy Hash: AC913D71900108AFDF255B98DE8CABF3B29E745344F11417BF502BA2E1C7B84D829B6D

Uniqueness

Uniqueness Score: -1.00%

Function 0040392F Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 159
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 76%

			E0040392F(intOrPtr* _a4, intOrPtr* _a8) {
				int _v8;
				intOrPtr _v24;
				signed int _v28;
				void _v32;
				void _v287;
				char _v288;
				void* _t44;
				void* _t48;
				void* _t49;
				void* _t51;
				void* _t52;
				void* _t58;
				int _t60;
				int _t62;
				signed int _t63;
				intOrPtr _t66;
				void* _t70;
				signed int _t71;
				signed int _t82;
				signed int _t86;
				intOrPtr _t87;
				signed int _t94;
				CHAR* _t100;
				intOrPtr* _t105;

				_v32 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t82 = 0x3f;
				_v288 = 0;
				_t44 = memset( &_v287, 0, _t82 << 2);
				asm("stosw");
				asm("stosb");
				if(_a4 != 0 && _a8 != 0) {
					_t100 = "TinyTask";
					GetPrivateProfileStringA(_t100, "toolbar_image", 0x406e20,  &_v288, 0xff, "C:\Users\jones\Desktop\tinytask-1-77.ini"); // executed
					_t105 = GetSystemMetrics;
					if(_v288 == 0) {
						L10:
						 *0x406d1e = 0;
						_t48 = LoadImageA(GetModuleHandleA(0), 0xfa2, 0, 0, 0, 0); // executed
						_v8 = _t48;
						L11:
						_t49 =  *0x4069e8; // 0x9b05071f
						if(_t49 != 0) {
							DeleteObject(_t49);
						}
						 *0x4069e8 = _v8;
						_t51 =  *0x4069ec; // 0x8b0509b3
						if(_t51 != 0) {
							DeleteObject(_t51);
						}
						_t52 = E00403842( *0x4069e8, 0); // executed
						 *0x4069ec = _t52;
						GetObjectA( *0x4069e8, 0x18,  &_v32);
						asm("cdq");
						_t86 = 7;
						 *0x406010 = _v28 / _t86;
						 *0x406014 = _v24; // executed
						_t58 =  *_t105(_t86); // executed
						_t60 = GetSystemMetrics(4);
						_t87 =  *0x406014; // 0x2c
						 *_a8 = _t87 + _t60 + (_t58 + ( *0x406040 & 0x000000ff)) * 2;
						_t103 =  *0x406040 & 0x000000ff;
						_t62 = GetSystemMetrics(7);
						_t63 =  *0x406010; // 0x26
						_t66 = ( *0x406040 & 0x000000ff) + (_t62 + _t63 + _t103 + (_t63 + _t103) * 2) * 2;
						 *_a4 = _t66;
						return _t66;
					}
					 *0x406d1e = 1;
					_t70 = LoadImageA(0,  &_v288, 0, 0, 0, 0x2050);
					_v8 = _t70;
					if(_t70 == 0) {
						L7:
						_t71 =  *0x406a00; // 0x0
						MessageBoxA(0, "Invalid toolbar BMP (too small or big)\n\nReverting to stock toolbar",  &_v288, _t71 | 0x00012030);
						WritePrivateProfileStringA(_t100, "toolbar_image", 0, "C:\Users\jones\Desktop\tinytask-1-77.ini");
						if(_v8 == 0) {
							goto L10;
						}
						DeleteObject(_v8);
						_v8 = 0;
						L9:
						if(_v8 != 0) {
							goto L11;
						}
						goto L10;
					}
					GetObjectA(_t70, 0x18,  &_v32);
					if(_v24 < 0xa) {
						goto L7;
					}
					asm("cdq");
					_t94 = 7;
					if(_v28 / _t94 < 0xa || _v28 > GetSystemMetrics(0)) {
						goto L7;
					} else {
						goto L9;
					}
				}
				return _t44;
			}

0x00403941
0x00403944
0x00403945
0x00403946
0x00403947
0x00403948
0x0040394d
0x00403954
0x0040395d
0x0040395f
0x00403961
0x00403962
0x00403988
0x00403993
0x0040399f
0x004039a5
0x00403a3e
0x00403a48
0x00403a55
0x00403a5b
0x00403a5e
0x00403a5e
0x00403a65
0x00403a68
0x00403a68
0x00403a71
0x00403a76
0x00403a7d
0x00403a80
0x00403a80
0x00403a8d
0x00403a93
0x00403aa5
0x00403ab0
0x00403ab1
0x00403ab5
0x00403abd
0x00403ac2
0x00403ad1
0x00403ad3
0x00403ae3
0x00403ae5
0x00403aec
0x00403af0
0x00403afd
0x00403b03
0x00000000
0x00403b03
0x004039bb
0x004039c2
0x004039ca
0x004039cd
0x004039f8
0x004039f8
0x00403a10
0x00403a22
0x00403a2b
0x00000000
0x00000000
0x00403a30
0x00403a36
0x00403a39
0x00403a3c
0x00000000
0x00000000
0x00000000
0x00403a3c
0x004039d6
0x004039e0
0x00000000
0x00000000
0x004039e7
0x004039e8
0x004039ee
0x00000000
0x00000000
0x00000000
0x00000000
0x004039ee
0x00403b08

APIs

GetPrivateProfileStringA.KERNEL32(TinyTask,toolbar_image,00406E20,?,000000FF,C:\Users\user\Desktop\tinytask-1-77.ini), ref: 00403993
LoadImageA.USER32 ref: 004039C2
GetObjectA.GDI32(00000000,00000018,?), ref: 004039D6
GetSystemMetrics.USER32 ref: 004039F1
MessageBoxA.USER32 ref: 00403A10
WritePrivateProfileStringA.KERNEL32(TinyTask,toolbar_image,00000000,C:\Users\user\Desktop\tinytask-1-77.ini), ref: 00403A22
DeleteObject.GDI32(?), ref: 00403A30
GetModuleHandleA.KERNEL32(00000000,00000FA2,00000000,00000000,00000000,00000000), ref: 00403A4E
LoadImageA.USER32 ref: 00403A55
DeleteObject.GDI32(9B05071F), ref: 00403A68
DeleteObject.GDI32(8B0509B3), ref: 00403A80
GetObjectA.GDI32(00000018,?), ref: 00403AA5
KiUserCallbackDispatcher.NTDLL(00000007), ref: 00403AC2
GetSystemMetrics.USER32 ref: 00403AD1
GetSystemMetrics.USER32 ref: 00403AEC

Strings

TinyTask, xrefs: 00403939, 00403988, 00403992, 00403A21
C:\Users\user\Desktop\tinytask-1-77.ini, xrefs: 00403971, 00403972, 00403A16
toolbar_image, xrefs: 0040398D, 00403A1C
Invalid toolbar BMP (too small or big)Reverting to stock toolbar, xrefs: 00403A0A

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: Object$DeleteMetricsSystem$ImageLoadPrivateProfileString$CallbackDispatcherHandleMessageModuleUserWrite
String ID: C:\Users\user\Desktop\tinytask-1-77.ini$Invalid toolbar BMP (too small or big)Reverting to stock toolbar$TinyTask$toolbar_image
API String ID: 2380985136-4271756512
Opcode ID: 0eaf2a901312c42ad07fa65ed292ab6aac60d7d04abb012af14190a0e9e0cee0
Instruction ID: 6cafae0cf05febae9f13d51d9b0e4cd575cb5ae2a350ff58d1696014d4f6fbac
Opcode Fuzzy Hash: 0eaf2a901312c42ad07fa65ed292ab6aac60d7d04abb012af14190a0e9e0cee0
Instruction Fuzzy Hash: 3F5196B1A40208AFDB10DF64DE85AAF7BBDEB44301F11407AF602F6291D6749E50CF98

Uniqueness

Uniqueness Score: -1.00%

Function 00402D18 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 109
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E00402D18(CHAR* __ebx) {
				signed int _t30;
				long _t31;
				long _t36;
				void* _t39;
				RECT** _t47;
				RECT* _t49;
				void* _t53;
				RECT* _t55;
				struct HWND__* _t58;
				void* _t61;

				_t49 = __ebx;
				if( *(_t61 + 0x10) != 0x801a) {
					WritePrivateProfileStringA("TinyTask", "toolbar_image", __ebx, "C:\Users\jones\Desktop\tinytask-1-77.ini");
					 *0x406040 = 5;
					goto L12;
				} else {
					_t60 = "TinyTask";
					GetPrivateProfileStringA("TinyTask", "toolbar_image", 0x406c18, _t61 - 0x158, 0xff, 0x406c18);
					_t39 = _t61 - 0x158;
					if(_t39 != 0) {
						_t39 = E004043D7(_t61 - 0x158);
					}
					_t53 = _t39 - 1;
					if(_t61 != 0x158) {
						while(1) {
							_t55 =  *(_t61 + _t53 - 0x158);
							_t47 = _t61 + _t53 - 0x158;
							if(_t55 == _t49 || _t53 < _t49) {
								goto L9;
							}
							if(_t55 == 0x5c) {
								 *_t47 = _t49;
								_t53 = 0;
							}
							_t53 = _t53 - 1;
						}
					}
					L9:
					E00404464(_t61 - 0x158, "\\*.bmp");
					if(E00404111( *(_t61 + 8), _t61 - 0x158, "*.bmp", 1) != 0) {
						E004041F6(0x406c18, _t60, "toolbar_image", _t61 - 0x158, _t49);
						L12:
						E0040392F(_t61 - 0x10, _t61 - 0x30);
						_t58 =  *(_t61 + 8);
						_t30 = GetWindowLongA(_t58, 0xfffffff0);
						if( *((intOrPtr*)(_t61 - 0x10)) <= 0xe0) {
							_t31 = _t30 & 0xfffdffff;
						} else {
							_t31 = _t30 | 0x00020000;
						}
						 *(_t61 - 0x14) = _t31;
						SetWindowLongA(_t58, 0xfffffff0, _t31);
						_push(0x26);
						_push( *((intOrPtr*)(_t61 - 0x30)));
						_push( *((intOrPtr*)(_t61 - 0x10)));
						SetWindowPos(_t58, _t49, _t49, _t49, ??, ??, ??);
						InvalidateRect(_t58, _t49, 1);
						UpdateWindow(_t58);
					}
				}
				_t36 = DefWindowProcA( *(_t61 + 8),  *(_t61 + 0xc),  *(_t61 + 0x10),  *(_t61 + 0x14)); // executed
				return _t36;
			}

0x00402d18
0x00402d1e
0x00402de9
0x00402def
0x00000000
0x00402d24
0x00402d37
0x00402d42
0x00402d48
0x00402d50
0x00402d59
0x00402d5e
0x00402d5f
0x00402d6a
0x00402d6c
0x00402d6c
0x00402d73
0x00402d7c
0x00000000
0x00000000
0x00402d85
0x00402d87
0x00402d89
0x00402d89
0x00402d8b
0x00402d8b
0x00402d6c
0x00402d8e
0x00402d9a
0x00402dba
0x00402dcf
0x00402df6
0x00402dfe
0x00402e03
0x00402e0b
0x00402e18
0x00402e21
0x00402e1a
0x00402e1a
0x00402e1a
0x00402e2a
0x00402e2d
0x00402e33
0x00402e35
0x00402e38
0x00402e3f
0x00402e49
0x00402e50
0x00402e50
0x00402dba
0x00402f11
0x00402f1b

APIs

GetPrivateProfileStringA.KERNEL32(TinyTask,toolbar_image,C:\Users\user\Desktop\tinytask-1-77.ini,?,000000FF,C:\Users\user\Desktop\tinytask-1-77.ini), ref: 00402D42
WritePrivateProfileStringA.KERNEL32(TinyTask,toolbar_image,?,C:\Users\user\Desktop\tinytask-1-77.ini), ref: 00402DE9
GetWindowLongA.USER32 ref: 00402E0B
SetWindowLongA.USER32 ref: 00402E2D
SetWindowPos.USER32(?,?,?,?,?,?,00000436), ref: 00402E3F
InvalidateRect.USER32(?,?,00000001,?,?,?,?,?,00000436), ref: 00402E49
UpdateWindow.USER32(?), ref: 00402E50
DefWindowProcA.USER32(?,?,?,?), ref: 00402F11

Strings

TinyTask, xrefs: 00402D37, 00402D41, 00402DCD, 00402DE4
C:\Users\user\Desktop\tinytask-1-77.ini, xrefs: 00402D24, 00402D2F, 00402D36, 00402DCE, 00402DD9
\*.bmp, xrefs: 00402D94
toolbar_image, xrefs: 00402D3C, 00402DC8, 00402DDF
*.bmp, xrefs: 00402DA7

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: Window$LongPrivateProfileString$InvalidateProcRectUpdateWrite
String ID: *.bmp$C:\Users\user\Desktop\tinytask-1-77.ini$TinyTask$\*.bmp$toolbar_image
API String ID: 2213434243-1114637028
Opcode ID: abe048f652dd5fe8341e8e39fb0ee4763a0a815dd417b95274aa3134a3a5f971
Instruction ID: 3329009130effa698441a7dd3716a60a1eb201f56e1adaa016a922858c527409
Opcode Fuzzy Hash: abe048f652dd5fe8341e8e39fb0ee4763a0a815dd417b95274aa3134a3a5f971
Instruction Fuzzy Hash: 9831BA32840519AADB10AB90DD4DFEF3768EF45301F10007BFA02B91D1DBB98A848FA9

Uniqueness

Uniqueness Score: -1.00%

Function 004026E5 Relevance: 105.3, APIs: 41, Strings: 19, Instructions: 332
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 71%

			E004026E5(int __ebx, void* __eflags) {
				long _t54;
				signed int _t56;
				signed int _t62;
				signed int _t73;
				signed char _t78;
				intOrPtr _t82;
				int _t88;
				signed char _t90;
				intOrPtr _t95;
				intOrPtr _t101;
				intOrPtr _t107;
				int _t113;
				signed char _t115;
				intOrPtr _t120;
				intOrPtr _t126;
				intOrPtr _t132;
				signed int _t141;
				signed int _t145;
				signed char _t150;
				signed char _t154;
				int _t167;
				intOrPtr _t168;
				int _t174;
				intOrPtr _t177;
				struct HMENU__* _t180;
				void* _t187;

				_t174 = __ebx;
				asm("sbb eax, 0x406a08");
				if(__eflags == 0) {
					_t180 = CreatePopupMenu();
					_t56 =  *0x406a04; // 0x0
					asm("sbb eax, eax");
					 *(_t187 - 4) = _t180;
					AppendMenuA(_t180, ( ~(_t56 - 1) & 0x000000f8) + 8, 0x8006, 0x40649c);
					_t62 =  *0x406a04; // 0x0
					asm("sbb eax, eax");
					AppendMenuA(_t180, ( ~_t62 & 0x000000f8) + 8, 0x8007, "Play Speed:   &1x");
					if( *0x406a04 != 2) {
						__eflags = 0;
					} else {
						_push(8);
						_pop(0);
					}
					AppendMenuA(_t180, 0, 0x8008, "Play Speed:   &2x");
					if( *0x406a04 != 0x64) {
						__eflags = 0;
					} else {
						_push(8);
						_pop(0);
					}
					AppendMenuA(_t180, 0, 0x800a, "Play Speed:   100x");
					wsprintfA(_t187 - 0x158, "&Play Custom Speed:  %dx",  *0x406008);
					_t73 =  *0x406a04; // 0x0
					if(_t73 == _t174 || _t73 == 1 || _t73 == 2 || _t73 == 0x64) {
						__eflags = 0;
					} else {
						_push(8);
						_pop(0);
					}
					AppendMenuA( *(_t187 - 4), 0, 0x8009, _t187 - 0x158);
					AppendMenuA( *(_t187 - 4), _t174, 0x8019, "&Set Custom Speed...");
					AppendMenuA( *(_t187 - 4), 0x800, _t174, _t174);
					_t78 =  *0x406d1a; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 4),  ~_t78 & 0x00000008, 0x800b, "&Continuous Playback");
					_t82 =  *0x40600c; // 0x1
					if(_t82 <= 1) {
						_t82 = 1;
					}
					wsprintfA(_t187 - 0x158, "&Set Playback Loops...  (%d)", _t82);
					AppendMenuA( *(_t187 - 4), _t174, 0x800c, _t187 - 0x158);
					AppendMenuA( *(_t187 - 4), 0x800, _t174, _t174);
					_t88 = CreatePopupMenu();
					 *(_t187 - 0xc) = _t88;
					AppendMenuA( *(_t187 - 4), 0x10, _t88, "Recording &Hotkey");
					_t90 =  *0x406d1b; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 0xc), ( ~_t90 & 0x000000f8) + 8, 0x800f, "Control + Shift + Alt + R");
					_t95 =  *0x406d1b; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 0xc), ( ~(_t95 - 1) & 0x000000f8) + 8, 0x8010, "Print Screen");
					_t101 =  *0x406d1b; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 0xc), ( ~(_t101 - 8) & 0x000000f8) + 8, 0x8011, "F8");
					_t107 =  *0x406d1b; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 0xc), ( ~(_t107 - 0xc) & 0x000000f8) + 8, 0x8012, "F12");
					_t113 = CreatePopupMenu();
					 *(_t187 - 8) = _t113;
					AppendMenuA( *(_t187 - 4), 0x10, _t113, "Playback Hot&key");
					_t115 =  *0x406d1c; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 8), ( ~_t115 & 0x000000f8) + 8, 0x8013, "Control + Shift + Alt + P");
					_t120 =  *0x406d1c; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 8), ( ~(_t120 - 1) & 0x000000f8) + 8, 0x8014, "Print Screen");
					_t126 =  *0x406d1c; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 8), ( ~(_t126 - 8) & 0x000000f8) + 8, 0x8015, "F8");
					_t132 =  *0x406d1c; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 8), ( ~(_t132 - 0xc) & 0x000000f8) + 8, 0x8016, "F12");
					AppendMenuA( *(_t187 - 8), 0x800, _t174, _t174);
					AppendMenuA( *(_t187 - 8), 2, 0x800e, 0x406340);
					AppendMenuA( *(_t187 - 4), 0x800, _t174, _t174);
					_t141 =  *0x406a00; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 4),  ~_t141 & 0x00000008, 0x8017, "Always on &Top");
					_t145 =  *0x406a14; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 4), ( ~_t145 & 0x000000f8) + 8, 0x8018, "Show Captions");
					_t150 =  *0x406d1e; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 4),  ~_t150 & 0x00000008, 0x801a, "Use Custom Tool&bar...");
					_t154 =  *0x406d1e; // 0x0
					asm("sbb eax, eax");
					AppendMenuA( *(_t187 - 4), ( ~_t154 & 0x000000f8) + 8, 0x801b, "Use &Default Toolbar");
					AppendMenuA( *(_t187 - 4), 0x800, _t174, _t174);
					AppendMenuA( *(_t187 - 4), _t174, 0x800d, "TinyTask &Website");
					AppendMenuA( *(_t187 - 4), _t174, 0x800e, "&About TinyTask 1.77");
					GetCursorPos(_t187 - 0x1c);
					GetWindowRect( *(_t187 + 8), _t187 - 0x2c);
					_push( *(_t187 - 0x18));
					_t167 = PtInRect(_t187 - 0x2c,  *(_t187 - 0x1c));
					_t177 =  *0x406010; // 0x26
					_t168 =  *((intOrPtr*)(_t187 - 0x24));
					if(_t167 == 0 ||  *(_t187 - 0x1c) < _t168 - ( *0x406040 & 0x000000ff) - _t177) {
						 *(_t187 - 0x1c) = _t168 - _t177;
						 *(_t187 - 0x18) =  *((intOrPtr*)(_t187 - 0x20)) + 0xfffffff7;
					}
					TrackPopupMenu( *(_t187 - 4), _t174,  *(_t187 - 0x1c),  *(_t187 - 0x18), _t174,  *(_t187 + 8), _t174);
					DestroyMenu( *(_t187 - 4));
				}
				_t54 = DefWindowProcA( *(_t187 + 8),  *(_t187 + 0xc),  *(_t187 + 0x10),  *(_t187 + 0x14)); // executed
				return _t54;
			}

0x004026e5
0x004026e5
0x004026ea
0x004026f6
0x004026f8
0x00402706
0x00402717
0x0040271c
0x0040271e
0x0040272a
0x00402738
0x00402741
0x00402748
0x00402743
0x00402743
0x00402745
0x00402745
0x00402756
0x0040275f
0x00402766
0x00402761
0x00402761
0x00402763
0x00402763
0x00402774
0x00402788
0x0040278e
0x00402798
0x004027ae
0x004027a9
0x004027a9
0x004027ab
0x004027ab
0x004027c0
0x004027d0
0x004027dd
0x004027df
0x004027eb
0x004027f9
0x004027fb
0x00402803
0x00402807
0x00402807
0x00402815
0x0040282e
0x00402836
0x00402838
0x00402846
0x0040284c
0x0040284e
0x0040285a
0x0040286a
0x0040286c
0x0040287f
0x0040288a
0x0040288c
0x0040289f
0x004028aa
0x004028ac
0x004028bf
0x004028ca
0x004028cc
0x004028da
0x004028e0
0x004028e2
0x004028ee
0x004028fe
0x00402900
0x00402913
0x0040291e
0x00402920
0x00402933
0x0040293e
0x00402940
0x00402953
0x0040295e
0x00402966
0x00402977
0x0040297f
0x00402981
0x0040298d
0x0040299b
0x0040299d
0x004029a9
0x004029b9
0x004029bb
0x004029c7
0x004029d5
0x004029e1
0x004029e8
0x004029f3
0x004029fb
0x00402a0b
0x00402a1b
0x00402a21
0x00402a2e
0x00402a34
0x00402a3e
0x00402a44
0x00402a4c
0x00402a4f
0x00402a65
0x00402a6e
0x00402a6e
0x00402a80
0x00402a89
0x00402a89
0x00402f11
0x00402f1b

APIs

CreatePopupMenu.USER32 ref: 004026F0
AppendMenuA.USER32 ref: 0040271C
AppendMenuA.USER32 ref: 00402738
AppendMenuA.USER32 ref: 00402756
AppendMenuA.USER32 ref: 00402774
wsprintfA.USER32 ref: 00402788
AppendMenuA.USER32 ref: 004027C0
AppendMenuA.USER32 ref: 004027D0
AppendMenuA.USER32 ref: 004027DD
AppendMenuA.USER32 ref: 004027F9
wsprintfA.USER32 ref: 00402815
AppendMenuA.USER32 ref: 0040282E
AppendMenuA.USER32 ref: 00402836
CreatePopupMenu.USER32(?,?,?,0000800C,?,?,00008019,&Set Custom Speed...), ref: 00402838
AppendMenuA.USER32 ref: 0040284C
AppendMenuA.USER32 ref: 0040286A
AppendMenuA.USER32 ref: 0040288A
AppendMenuA.USER32 ref: 004028AA
AppendMenuA.USER32 ref: 004028CA
CreatePopupMenu.USER32(?,?,?,0000800C,?,?,00008019,&Set Custom Speed...), ref: 004028CC
AppendMenuA.USER32 ref: 004028E0
AppendMenuA.USER32 ref: 004028FE
AppendMenuA.USER32 ref: 0040291E
AppendMenuA.USER32 ref: 0040293E
AppendMenuA.USER32 ref: 0040295E
AppendMenuA.USER32 ref: 00402966
AppendMenuA.USER32 ref: 00402977
AppendMenuA.USER32 ref: 0040297F
AppendMenuA.USER32 ref: 0040299B
AppendMenuA.USER32 ref: 004029B9
AppendMenuA.USER32 ref: 004029D5
AppendMenuA.USER32 ref: 004029F3
AppendMenuA.USER32 ref: 004029FB
AppendMenuA.USER32 ref: 00402A0B
AppendMenuA.USER32 ref: 00402A1B
GetCursorPos.USER32(?,?,0000800E,&About TinyTask 1.77,?,0000800D,TinyTask &Website), ref: 00402A21
GetWindowRect.USER32 ref: 00402A2E
PtInRect.USER32(?,?,?), ref: 00402A3E
TrackPopupMenu.USER32(?,?,?,?,?,?), ref: 00402A80
DestroyMenu.USER32(?,?,?,?,?,?,?,?,0000800E,&About TinyTask 1.77,?,0000800D,TinyTask &Website), ref: 00402A89
DefWindowProcA.USER32(?,?,?,?), ref: 00402F11

Strings

&Set Custom Speed..., xrefs: 004027C2
Playback Hot&key, xrefs: 004028D2
Print Screen, xrefs: 00402871, 00402905
Play Speed: &1x, xrefs: 00402723
Use &Default Toolbar, xrefs: 004029D7
TinyTask &Website, xrefs: 004029FD
Play Speed: 100x, xrefs: 00402768
&Play Custom Speed: %dx, xrefs: 00402782
Show Captions, xrefs: 004029A2
&Set Playback Loops... (%d), xrefs: 0040280F
Recording &Hotkey, xrefs: 0040283E
F12, xrefs: 004028B1, 00402945
Always on &Top, xrefs: 00402986
&About TinyTask 1.77, xrefs: 00402A0D
Use Custom Tool&bar..., xrefs: 004029C0
Control + Shift + Alt + P, xrefs: 004028E7
Play Speed: &2x, xrefs: 0040274A
&Continuous Playback, xrefs: 004027E4
Control + Shift + Alt + R, xrefs: 00402853

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: Menu$Append$Popup$Create$RectWindowwsprintf$CursorDestroyProcTrack
String ID: &About TinyTask 1.77$&Continuous Playback$&Play Custom Speed: %dx$&Set Custom Speed...$&Set Playback Loops... (%d)$Always on &Top$Control + Shift + Alt + P$Control + Shift + Alt + R$F12$Play Speed: &1x$Play Speed: &2x$Play Speed: 100x$Playback Hot&key$Print Screen$Recording &Hotkey$Show Captions$TinyTask &Website$Use &Default Toolbar$Use Custom Tool&bar...
API String ID: 2447434608-185408970
Opcode ID: 00e0cd7c2f8d0a2240b16037cad9c0e4e1d4a63e466c398367af8b119feccc65
Instruction ID: 233a727705327858f4e8fa9ae9d20dfb6b3e24b65606c47886e521afb20f630d
Opcode Fuzzy Hash: 00e0cd7c2f8d0a2240b16037cad9c0e4e1d4a63e466c398367af8b119feccc65
Instruction Fuzzy Hash: 3CA1B472A90108BEEF015B64CD46EAE3F78EB55711F114072F901F51E0CBB94E25AFA8

Uniqueness

Uniqueness Score: -1.00%

Function 00402462 Relevance: 47.5, APIs: 26, Strings: 1, Instructions: 239
keyboardCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 46%

			E00402462(void* __ebx) {
				int _t25;
				long _t26;
				void* _t32;

				_t25 =  *0x406a08; // 0x0
				if(_t25 != 0x8002) {
					__eflags =  *0x4069f0 - __ebx; // 0x0
					if(__eflags != 0) {
						__eflags = __eax - __ebx;
						if(__eax != __ebx) {
							 *0x406a0c =  *0x406a0c + 1;
							__eflags =  *0x406a0c;
						} else {
							 *0x406a0c = __ebx;
							 *0x406a08 = 0x8003;
						}
						mouse_event(4, __ebx, __ebx, __ebx, __ebx);
						__esi = keybd_event;
						__edi = 0;
						__eflags = 0;
						do {
							__eflags = __edi - 0x14;
							if(__edi != 0x14) {
								__eflags = __edi - 0x90;
								if(__edi != 0x90) {
									__eflags = __edi - 0x91;
									if(__edi != 0x91) {
										__eax = GetAsyncKeyState(__edi);
										__eflags = __ah & 0x00000080;
										if((__ah & 0x00000080) != 0) {
											L20:
											__eflags = __edi - 0x21;
											if(__edi < 0x21) {
												L22:
												__eflags = __edi - 0x11;
												if(__edi == 0x11) {
													goto L27;
												} else {
													__eflags = __edi - 0x5b;
													if(__edi == 0x5b) {
														goto L27;
													} else {
														__eflags = __edi - 0x5c;
														if(__edi == 0x5c) {
															goto L27;
														} else {
															__eflags = __edi - 0x5d;
															if(__edi == 0x5d) {
																goto L27;
															} else {
																__eax = 0;
															}
														}
													}
												}
											} else {
												__eflags = __edi - 0x2e;
												if(__edi <= 0x2e) {
													L27:
													__eax = 1;
												} else {
													goto L22;
												}
											}
											__al = __al | 0x00000002;
											__eflags = __al;
											__eax =  *__esi(__edi, MapVirtualKeyA(__edi, __ebx), __eax, __ebx);
										} else {
											__eflags = __edi - 1;
											if(__edi == 1) {
												L18:
												__eax = GetAsyncKeyState(__edi);
											} else {
												__eflags = __edi - 2;
												if(__edi == 2) {
													goto L18;
												} else {
													__eflags = __edi - 4;
													if(__edi == 4) {
														goto L18;
													} else {
														__eax = GetKeyState(__edi);
													}
												}
											}
											__eax = __eax >> 0xf;
											__eax = __eax & 0x00000001;
											__eflags = __eax - __ebx;
											if(__eax != __ebx) {
												goto L20;
											}
										}
									}
								}
							}
							__edi = __edi + 1;
							__eflags = __edi - 0x100;
						} while (__edi < 0x100);
						__eax = 0;
						__ecx = 0x3f;
						__edi = __ebp - 0x397;
						 *(__ebp - 0x398) = __bl;
						__eax = memset(__edi, 0, __ecx << 2);
						__edi = __edi + __ecx;
						__ecx = 0;
						asm("stosw");
						asm("stosb");
						__ebp - 0x398 = E004042CA(__ebp - 0x398, __ebx, 0x100);
						__ebp - 0x398 = SetKeyboardState(__ebp - 0x398);
						__edi = 0;
						__eflags = 0;
						do {
							__eax = GetAsyncKeyState(__edi);
							__edi = __edi + 1;
							__eflags = __edi - 0xff;
						} while (__edi < 0xff);
						__eax = GetKeyState(0x91);
						__eflags = __al & 0x00000001;
						if((__al & 0x00000001) != 0) {
							__edi = VkKeyScanA;
							__eax = VkKeyScanA(0xffffff91);
							 *(__ebp - 0xc) = __al;
							__eax = VkKeyScanA(0xffffff91);
							__ecx = 0;
							__eflags = __ah;
							if(__ah == 0) {
								__edi = MapVirtualKeyA;
							} else {
								__edi = MapVirtualKeyA;
								__eax =  *__esi(0x10, MapVirtualKeyA(0x10, __ebx), __ebx, __ebx);
							}
							__al =  *(__ebp - 0xc);
							__eflags = __al - 0x21;
							if(__al < 0x21) {
								L38:
								__eflags = __al - 0x11;
								if(__al == 0x11) {
									goto L43;
								} else {
									__eflags = __al - 0x5b;
									if(__al == 0x5b) {
										goto L43;
									} else {
										__eflags = __al - 0x5c;
										if(__al == 0x5c) {
											goto L43;
										} else {
											__eflags = __al - 0x5d;
											if(__al == 0x5d) {
												goto L43;
											} else {
												__ecx = 0;
											}
										}
									}
								}
							} else {
								__eflags = __al - 0x2e;
								if(__al <= 0x2e) {
									L43:
									__ecx = 1;
								} else {
									goto L38;
								}
							}
							__eax = __al & 0x000000ff;
							 *(__ebp - 8) = __eax;
							__eax =  *__esi( *(__ebp - 0xc), __eax, __ecx, __ebx);
							__al =  *(__ebp - 0xc);
							__eflags = __al - 0x21;
							if(__al < 0x21) {
								L46:
								__eflags = __al - 0x11;
								if(__al == 0x11) {
									goto L51;
								} else {
									__eflags = __al - 0x5b;
									if(__al == 0x5b) {
										goto L51;
									} else {
										__eflags = __al - 0x5c;
										if(__al == 0x5c) {
											goto L51;
										} else {
											__eflags = __al - 0x5d;
											if(__al == 0x5d) {
												goto L51;
											} else {
												__eax = 0;
											}
										}
									}
								}
							} else {
								__eflags = __al - 0x2e;
								if(__al <= 0x2e) {
									L51:
									__eax = 1;
								} else {
									goto L46;
								}
							}
							__al = __al | 0x00000002;
							 *__esi( *(__ebp - 0xc), MapVirtualKeyA( *(__ebp - 8), __ebx), __eax, __ebx) = VkKeyScanA(0xffffff91);
							__ecx = 0;
							__eflags = __ah;
							if(__ah != 0) {
								__eax =  *__esi(0x10, MapVirtualKeyA(0x10, __ebx), 2, __ebx);
							}
						}
						Sleep(1);
						 *(__ebp + 0x10) =  *(__ebp + 0x10) >> 0x10;
						__eflags = __ax;
						if(__ax != 0) {
							L59:
							__eflags =  *0x406d1d - __bl; // 0x0
							if(__eflags != 0) {
								__eax = PostMessageA( *(__ebp + 8), 0x10, __ebx, __ebx);
							}
							__eflags =  *0x406b18 - __bl; // 0x0
							 *0x406a0c = __ebx;
							 *0x406a08 = __ebx;
							__eax = 0x406b18;
							if(__eflags == 0) {
								__eax = "TinyTask";
							}
							_push(__eax);
							_push( *(__ebp + 8));
							SetWindowTextA(); // executed
						} else {
							__eax =  *0x406a0c; // 0x0
							__eflags = __eax -  *0x40600c; // 0x1
							if(__eflags < 0) {
								L57:
								__eax = GetTickCount();
								_push(__ebx);
								_push(0x19);
								 *0x4069f8 = __eax;
								 *0x4069f4 = __ebx;
								_push(0x3ea);
								__eax = SetTimer( *(__ebp + 8), ??, ??, ??); // executed
							} else {
								__eflags =  *0x406d1a - __bl; // 0x0
								if(__eflags == 0) {
									goto L59;
								} else {
									goto L57;
								}
							}
						}
					} else {
						__eax =  *0x406a00; // 0x0
						_push(__eax);
						_push("TinyTask");
						_push("Nothing Recorded\n\nPress the blue button to start a new recording");
						_push( *0x4069e0);
						__eax = MessageBoxA();
					}
				}
				_t26 = DefWindowProcA( *(_t32 + 8),  *(_t32 + 0xc),  *(_t32 + 0x10),  *(_t32 + 0x14)); // executed
				return _t26;
			}

0x00402462
0x0040246c
0x00402472
0x00402478
0x0040248a
0x0040248c
0x004024a0
0x004024a0
0x0040248e
0x0040248e
0x00402494
0x00402494
0x004024ac
0x004024b2
0x004024b8
0x004024b8
0x004024ba
0x004024ba
0x004024bd
0x004024bf
0x004024c5
0x004024c7
0x004024cd
0x004024d0
0x004024d6
0x004024d9
0x00402504
0x00402504
0x00402507
0x0040250e
0x0040250e
0x00402511
0x00000000
0x00402513
0x00402513
0x00402516
0x00000000
0x00402518
0x00402518
0x0040251b
0x00000000
0x0040251d
0x0040251d
0x00402520
0x00000000
0x00402522
0x00402522
0x00402522
0x00402520
0x0040251b
0x00402516
0x00402509
0x00402509
0x0040250c
0x00402526
0x00402528
0x00000000
0x00000000
0x00000000
0x0040250c
0x00402529
0x00402529
0x00402537
0x004024db
0x004024db
0x004024de
0x004024f3
0x004024f4
0x004024e0
0x004024e0
0x004024e3
0x00000000
0x004024e5
0x004024e5
0x004024e8
0x00000000
0x004024ea
0x004024eb
0x004024eb
0x004024e8
0x004024e3
0x004024fa
0x004024fd
0x00402500
0x00402502
0x00000000
0x00000000
0x00402502
0x004024d9
0x004024cd
0x004024c5
0x00402539
0x0040253a
0x0040253a
0x00402548
0x0040254a
0x0040254b
0x00402551
0x0040255c
0x0040255c
0x0040255c
0x0040255e
0x00402560
0x00402569
0x00402578
0x0040257e
0x0040257e
0x00402580
0x00402581
0x00402587
0x00402588
0x00402588
0x00402595
0x0040259b
0x0040259d
0x004025a3
0x004025ab
0x004025af
0x004025b2
0x004025b4
0x004025b8
0x004025ba
0x004025d0
0x004025bc
0x004025bc
0x004025cc
0x004025cc
0x004025d6
0x004025d9
0x004025db
0x004025e1
0x004025e1
0x004025e3
0x00000000
0x004025e5
0x004025e5
0x004025e7
0x00000000
0x004025e9
0x004025e9
0x004025eb
0x00000000
0x004025ed
0x004025ed
0x004025ef
0x00000000
0x004025f1
0x004025f1
0x004025f1
0x004025ef
0x004025eb
0x004025e7
0x004025dd
0x004025dd
0x004025df
0x004025f5
0x004025f7
0x00000000
0x00000000
0x00000000
0x004025df
0x004025f8
0x004025ff
0x00402608
0x0040260a
0x0040260d
0x0040260f
0x00402615
0x00402615
0x00402617
0x00000000
0x00402619
0x00402619
0x0040261b
0x00000000
0x0040261d
0x0040261d
0x0040261f
0x00000000
0x00402621
0x00402621
0x00402623
0x00000000
0x00402625
0x00402625
0x00402625
0x00402623
0x0040261f
0x0040261b
0x00402611
0x00402611
0x00402613
0x00402629
0x0040262b
0x00000000
0x00000000
0x00000000
0x00402613
0x0040262c
0x0040263e
0x00402644
0x00402648
0x0040264a
0x00402657
0x00402657
0x0040264a
0x0040265b
0x00402664
0x00402667
0x0040266a
0x004026a8
0x004026a8
0x004026ae
0x004026b7
0x004026b7
0x004026bd
0x004026c3
0x004026c9
0x004026cf
0x004026d4
0x004026d6
0x004026d6
0x004026db
0x004026dc
0x00401e6b
0x0040266c
0x0040266c
0x00402671
0x00402677
0x00402681
0x00402681
0x00402687
0x00402688
0x0040268a
0x0040268f
0x00402695
0x0040269d
0x00402679
0x00402679
0x0040267f
0x00000000
0x00000000
0x00000000
0x00000000
0x0040267f
0x00402677
0x0040247a
0x0040247a
0x00402484
0x00402133
0x00402138
0x0040213d
0x00402b88
0x00402b88
0x00402478
0x00402f11
0x00402f1b

APIs

mouse_event.USER32 ref: 004024AC
GetAsyncKeyState.USER32(00000000), ref: 004024D0
GetKeyState.USER32 ref: 004024EB
MapVirtualKeyA.USER32 ref: 0040252F
keybd_event.USER32(00000000,00000000,?,00000001), ref: 00402537
SetKeyboardState.USER32(?), ref: 00402578
GetAsyncKeyState.USER32(00000000), ref: 00402581
GetKeyState.USER32 ref: 00402595
VkKeyScanA.USER32 ref: 004025AB
VkKeyScanA.USER32 ref: 004025B2
DefWindowProcA.USER32(?,?,?,?), ref: 00402F11

Strings

TinyTask, xrefs: 004026D6, 004026DB

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: State$AsyncScan$KeyboardProcVirtualWindowkeybd_eventmouse_event
String ID: TinyTask
API String ID: 801333285-3209981168
Opcode ID: f1f4182ec40601e63d52bb47d4b08b04969c3d51b8bc583a8958c1f1ff03cc10
Instruction ID: bb46857cf83aba4c565f9cc198f0e7855127890a34379818f33f59448c70a07a
Opcode Fuzzy Hash: f1f4182ec40601e63d52bb47d4b08b04969c3d51b8bc583a8958c1f1ff03cc10
Instruction Fuzzy Hash: 527108B16401087EEB211B589E9CBBF3B69F786344F554437F142BA2E0C6F94C829E6D

Uniqueness

Uniqueness Score: -1.00%

Function 00403842 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 100
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			E00403842(int _a4, long _a8) {
				struct HDC__* _v8;
				struct HDC__* _v12;
				int _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				int _v44;
				int _v48;
				void _v52;
				int _t38;
				void* _t39;
				long _t41;
				int _t52;
				struct HDC__* _t54;

				_v52 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				if(_a4 != 0) {
					_t54 = CreateCompatibleDC(0);
					_v12 = _t54;
					_v8 = CreateCompatibleDC(0);
					_v24 = SelectObject(_t54, _a4);
					GetObjectA(_a4, 0x18,  &_v52);
					_t52 = _v44;
					_t38 = _v48;
					_v16 = _t38;
					_a4 = _t52;
					_t39 = CreateBitmap(_t38, _t52, 1, 1, 0);
					_v28 = _t39;
					_v20 = SelectObject(_v8, _t39);
					_t41 = _a8;
					if(_t41 == 0) {
						_t41 = GetPixel(_t54, 0, 0);
					}
					SetBkColor(_t54, _t41);
					BitBlt(_v8, 0, 0, _v16, _a4, _t54, 0, 0, 0xcc0020);
					BitBlt(_v12, 0, 0, _v16, _a4, _v8, 0, 0, 0x660046);
					SelectObject(_v8, _v20);
					SelectObject(_v12, _v24);
					DeleteDC(_v8); // executed
					DeleteDC(_v12);
					return _v28;
				}
				return 0;
			}

0x00403851
0x00403854
0x00403855
0x00403859
0x0040385a
0x0040385b
0x0040385c
0x0040386f
0x00403872
0x00403880
0x00403886
0x00403892
0x00403898
0x0040389b
0x004038a5
0x004038a8
0x004038ab
0x004038b2
0x004038ba
0x004038bd
0x004038c2
0x004038c7
0x004038c7
0x004038cf
0x004038ee
0x00403905
0x0040390d
0x00403915
0x00403920
0x00403925
0x00000000
0x0040392a
0x00000000

APIs

CreateCompatibleDC.GDI32(00000000), ref: 0040386D
CreateCompatibleDC.GDI32(00000000), ref: 00403875
SelectObject.GDI32(00000000,00403A92), ref: 00403884
GetObjectA.GDI32(00403A92,00000018,?), ref: 00403892
CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 004038AB
SelectObject.GDI32(00000000,00000000), ref: 004038B8
GetPixel.GDI32(00000000,00000000,00000000), ref: 004038C7
SetBkColor.GDI32(00000000,?), ref: 004038CF
BitBlt.GDI32(00000000,00000000,00000000,?,00403A92,00000000,00000000,00000000,00CC0020), ref: 004038EE
BitBlt.GDI32(00403A92,00000000,00000000,?,00403A92,00000000,00000000,00000000,00660046), ref: 00403905
SelectObject.GDI32(00000000,?), ref: 0040390D
SelectObject.GDI32(00403A92,?), ref: 00403915
DeleteDC.GDI32(00000000), ref: 00403920
DeleteDC.GDI32(00403A92), ref: 00403925

Strings

TinyTask, xrefs: 00403849

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: Object$Select$Create$CompatibleDelete$BitmapColorPixel
String ID: TinyTask
API String ID: 3609928720-3209981168
Opcode ID: f6d5c19c81ab99803db9995f6808d320c536e3f9aeec94918fbeefb216f6cd80
Instruction ID: 1b1e5c078316e08315fd16e6f57f33d2520814cf5a905d192c79994689ac12e0
Opcode Fuzzy Hash: f6d5c19c81ab99803db9995f6808d320c536e3f9aeec94918fbeefb216f6cd80
Instruction Fuzzy Hash: 8431C1B6910118BEEB119FA4DD84DAFBFB9EB48354B108066FA04B2260C7715E50AFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00402B94 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 90
timewindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00402B94(void* __eax, void* __ebx, void* __edx) {
				long _t11;
				void* _t17;

				 *((intOrPtr*)(__ebx + 0x6a)) =  *((intOrPtr*)(__ebx + 0x6a)) + __edx;
				_t11 = DefWindowProcA( *(_t17 + 8),  *(_t17 + 0xc),  *(_t17 + 0x10),  *(_t17 + 0x14)); // executed
				return _t11;
			}

0x00402b9e
0x00402f11
0x00402f1b

APIs

SetTimer.USER32 ref: 00402BAA
wsprintfA.USER32 ref: 00402BD2
MessageBoxA.USER32 ref: 00402BED
wsprintfA.USER32 ref: 00402C30
MessageBoxA.USER32 ref: 00402C4B
KillTimer.USER32(?,000003EC), ref: 00402EFF
DefWindowProcA.USER32(?,?,?,?), ref: 00402F11

Strings

Set Custom Speed, xrefs: 00402C3E
Set the number of playback loops:, xrefs: 00402BE5
Set Playback Loops, xrefs: 00402BE0
Playback speed multiplier (1-100):, xrefs: 00402C43

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: MessageTimerwsprintf$KillProcWindow
String ID: Playback speed multiplier (1-100):$ Set the number of playback loops:$Set Custom Speed$Set Playback Loops
API String ID: 3989924489-1524273833
Opcode ID: e7ffaa49d74b84dc2369fc79c70f2ae1da0aa485e2a3b75b1d1baa620c31fdd4
Instruction ID: 98f9ab5bfff6e17949900cb984dcc1791b2a47caea78b96665d2514b30861601
Opcode Fuzzy Hash: e7ffaa49d74b84dc2369fc79c70f2ae1da0aa485e2a3b75b1d1baa620c31fdd4
Instruction Fuzzy Hash: 7D310A31680500ABEF12AF04EE49A5E3B61FB85304B15803BF906FA1E1D3F949A19F5C

Uniqueness

Uniqueness Score: -1.00%

Function 00402E89 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 46
timewindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 72%

			E00402E89() {
				signed int _t26;
				long _t31;
				CHAR* _t32;
				signed int _t36;
				void _t40;
				void* _t44;

				E004043F5(_t44 - 0x158, 0x406128);
				SetTimer( *(_t44 + 8), 0x3eb, 0xa, _t32);
				_t36 = 9;
				memset(_t44 - 0x54, 0, _t36 << 2);
				 *(_t44 - 0x58) = 0x28;
				 *((intOrPtr*)(_t44 - 0x50)) = GetModuleHandleA(_t32);
				_t40 =  *(_t44 + 8);
				 *((intOrPtr*)(_t44 - 0x4c)) = _t44 - 0x158;
				_t26 =  *0x406a00; // 0x0
				 *(_t44 - 0x54) = _t40;
				 *(_t44 - 0x48) = "About TinyTask";
				 *(_t44 - 0x44) = _t26 | 0x00010080;
				 *((intOrPtr*)(_t44 - 0x40)) = 0xfa1;
				MessageBoxIndirectA(_t44 - 0x58);
				_push(0x3eb);
				_push(_t40);
				KillTimer();
				_t31 = DefWindowProcA( *(_t44 + 8),  *(_t44 + 0xc),  *(_t44 + 0x10),  *(_t44 + 0x14)); // executed
				return _t31;
			}

0x00402e95
0x00402ea8
0x00402eb2
0x00402eb6
0x00402eb9
0x00402ec6
0x00402ecf
0x00402ed2
0x00402ed5
0x00402eda
0x00402ee2
0x00402ee9
0x00402ef0
0x00402ef7
0x00402efd
0x00402efe
0x00402eff
0x00402f11
0x00402f1b

APIs

SetTimer.USER32(?,000003EB,0000000A), ref: 00402EA8
GetModuleHandleA.KERNEL32 ref: 00402EC0
MessageBoxIndirectA.USER32 ref: 00402EF7
KillTimer.USER32(?,000003EC), ref: 00402EFF
DefWindowProcA.USER32(?,?,?,?), ref: 00402F11

Strings

About TinyTask, xrefs: 00402EE2
(, xrefs: 00402EB9

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: Timer$HandleIndirectKillMessageModuleProcWindow
String ID: ($About TinyTask
API String ID: 3870110939-1252103192
Opcode ID: e83f3aa0858c5e14254542d91e5834d56f995870de52a3935aa7cfd91853c17b
Instruction ID: c4cc1150962328f141a0f7d524584cdf901ae76d1360cf4fe4c19e88c3ba64ab
Opcode Fuzzy Hash: e83f3aa0858c5e14254542d91e5834d56f995870de52a3935aa7cfd91853c17b
Instruction Fuzzy Hash: E2111772900248EFDB119FD4ED48ACEBFB4FF48311F10802AF50ABA291DB7499559F94

Uniqueness

Uniqueness Score: -1.00%

Function 00402E5B Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 23
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ShellExecuteA.SHELL32(?,?,https://www.tinytask.net,?,?,00000001), ref: 00402E66
DefWindowProcA.USER32(?,?,?,?), ref: 00402F11

Strings

TinyTask, xrefs: 00402E7A
Unable to connect to "www.tinytask.net", xrefs: 00402E7F
https://www.tinytask.net, xrefs: 00402E5F

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: ExecuteProcShellWindow
String ID: TinyTask$Unable to connect to "www.tinytask.net"$https://www.tinytask.net
API String ID: 2703536495-3181287508
Opcode ID: 3d602f3fbfa1e5880e405f0eeb587e2e12831d0e917ecc208f88e54ea70cc833
Instruction ID: e57aebe4d560980069bf53ad68e793c256def7a74ebca440632c5ae19307b00a
Opcode Fuzzy Hash: 3d602f3fbfa1e5880e405f0eeb587e2e12831d0e917ecc208f88e54ea70cc833
Instruction Fuzzy Hash: B8E04F32280109BBDB025F809D89E9F3A29E758794B114432F602780E382FA8C60AA68

Uniqueness

Uniqueness Score: -1.00%

Function 00402CD3 Relevance: 7.5, APIs: 5, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 57%

			E00402CD3(RECT* __ebx) {
				intOrPtr _t17;
				long _t25;
				RECT* _t26;
				struct HWND__* _t29;
				void* _t31;
				void* _t34;

				_t26 = __ebx;
				_t29 =  *(_t31 + 8);
				GetWindowRect(_t29, _t31 - 0x2c);
				_t34 =  *0x406a14 - _t26; // 0x0
				if(_t34 == 0) {
					_t17 = 0xc;
					 *((intOrPtr*)(_t31 - 0x20)) =  *((intOrPtr*)(_t31 - 0x20)) - _t17;
					 *0x406a14 = _t17;
				} else {
					 *((intOrPtr*)(_t31 - 0x20)) =  *((intOrPtr*)(_t31 - 0x20)) + 0xc;
					 *0x406a14 = __ebx;
				}
				_push(0x436);
				_push( *((intOrPtr*)(_t31 - 0x20)) -  *((intOrPtr*)(_t31 - 0x28)));
				_push( *((intOrPtr*)(_t31 - 0x24)) -  *(_t31 - 0x2c));
				SetWindowPos(_t29, _t26, _t26, _t26, ??, ??, ??);
				InvalidateRect(_t29, _t26, 1);
				UpdateWindow(_t29);
				_t25 = DefWindowProcA( *(_t31 + 8),  *(_t31 + 0xc),  *(_t31 + 0x10),  *(_t31 + 0x14)); // executed
				return _t25;
			}

0x00402cd3
0x00402cd3
0x00402cdb
0x00402ce1
0x00402ce7
0x00402cf7
0x00402cf8
0x00402cfb
0x00402ce9
0x00402ce9
0x00402ced
0x00402ced
0x00402d03
0x00402d0b
0x00402d12
0x00402e3f
0x00402e49
0x00402e50
0x00402f11
0x00402f1b

APIs

GetWindowRect.USER32 ref: 00402CDB
SetWindowPos.USER32(?,?,?,?,?,?,00000436), ref: 00402E3F
InvalidateRect.USER32(?,?,00000001,?,?,?,?,?,00000436), ref: 00402E49
UpdateWindow.USER32(?), ref: 00402E50
DefWindowProcA.USER32(?,?,?,?), ref: 00402F11

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: Window$Rect$InvalidateProcUpdate
String ID:
API String ID: 1941023138-0
Opcode ID: 4443bda74050e4ae344e654af5d647cde18fc5b7e8a1387029c7b0ce7eace35f
Instruction ID: ebc20ac15df2b3a033a049e14aee733a7be54cc25288c47d4679b2143e786a71
Opcode Fuzzy Hash: 4443bda74050e4ae344e654af5d647cde18fc5b7e8a1387029c7b0ce7eace35f
Instruction Fuzzy Hash: D601E572900519EFDB01DFA8EE88EDE7BB8FB0D355B008025F202B90A0C37489519F69

Uniqueness

Uniqueness Score: -1.00%

Function 00402B44 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00402B44(void* __eax, void* __edx, void* __esi) {
				void* _t17;

				 *((intOrPtr*)(__edx + _t17 - 0x3a)) =  *((intOrPtr*)(__edx + _t17 - 0x3a)) + __esi;
			}

0x00402b49

APIs

MessageBoxA.USER32 ref: 00402B88
DefWindowProcA.USER32(?,?,?,?), ref: 00402F11

Strings

Hotkey Conflict, xrefs: 00402B80
TinyTask, xrefs: 00402B7B

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: MessageProcWindow
String ID: Hotkey Conflict$TinyTask
API String ID: 55716251-592453694
Opcode ID: 5f45addc77de9b1d8dde8881f0f2cbc6f417d1746466e49ee9f71366abb45294
Instruction ID: 599ff71e88f3259926025764a5c9631bbfbbda2681fd87f6eac9559d92110fad
Opcode Fuzzy Hash: 5f45addc77de9b1d8dde8881f0f2cbc6f417d1746466e49ee9f71366abb45294
Instruction Fuzzy Hash: 2FF03A32204144ABCB028F54DD45A893F30EF45344B158077B642BD0E2E2BA8465AF49

Uniqueness

Uniqueness Score: -1.00%

Function 00402AFA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00402AFA(void* __eax, signed int __esi) {
				void* _t20;

				 *((intOrPtr*)(_t20 + __esi * 2 - 0x3a)) =  *((intOrPtr*)(_t20 + __esi * 2 - 0x3a)) + __esi;
			}

0x00402aff

APIs

MessageBoxA.USER32 ref: 00402B88
DefWindowProcA.USER32(?,?,?,?), ref: 00402F11

Strings

Hotkey Conflict, xrefs: 00402B80
TinyTask, xrefs: 00402B7B

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: MessageProcWindow
String ID: Hotkey Conflict$TinyTask
API String ID: 55716251-592453694
Opcode ID: 5e14ce3f539c26937f294e9b539925d11bb4764aa3815faedec1e29479b2037f
Instruction ID: 405f95ffa23c4f12f33a13628f3863b3da9e1d49951f4cd871cec430e4bbf7e2
Opcode Fuzzy Hash: 5e14ce3f539c26937f294e9b539925d11bb4764aa3815faedec1e29479b2037f
Instruction Fuzzy Hash: 2AF0FE32244205BBCB025F50DD4579A3F60FB55358F258437F542BC1E1D3F98565AF49

Uniqueness

Uniqueness Score: -1.00%

Function 00404680 Relevance: 6.1, APIs: 4, Instructions: 56
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			_entry_() {
				struct _STARTUPINFOA _v72;
				char _t10;
				char _t11;
				signed int _t15;
				int _t17;
				intOrPtr _t19;
				char* _t22;

				_t22 = GetCommandLineA();
				_t10 =  *_t22;
				if(_t10 != 0x22) {
					__eflags = _t10 - 0x20;
					if(_t10 <= 0x20) {
						L7:
						_t11 =  *_t22;
						if(_t11 == 0 || _t11 > 0x20) {
							_v72.dwFlags = _v72.dwFlags & 0x00000000;
							GetStartupInfoA( &_v72);
							E0040472D();
							E00404713(0x406000, 0x406004);
							_t30 = _v72.dwFlags & 0x00000001;
							if((_v72.dwFlags & 0x00000001) == 0) {
								_t15 = 0xa;
							} else {
								_t15 = _v72.wShowWindow & 0x0000ffff;
							}
							_t17 = E00401000(_t30, GetModuleHandleA(0), 0, _t22, _t15); // executed
							E00404745();
							ExitProcess(_t17);
						} else {
							L4:
							_t22 = _t22 + 1;
							goto L7;
						}
					} else {
						goto L6;
					}
					do {
						L6:
						_t22 = _t22 + 1;
						__eflags =  *_t22 - 0x20;
					} while ( *_t22 > 0x20);
					goto L7;
				} else {
					goto L1;
				}
				do {
					L1:
					_t19 =  *((intOrPtr*)(_t22 + 1));
					_t22 = _t22 + 1;
				} while (_t19 != 0 && _t19 != 0x22);
				if( *_t22 != 0x22) {
					goto L7;
				}
				goto L4;
			}

0x0040468d
0x0040468f
0x00404693
0x004046a9
0x004046ab
0x004046b3
0x004046b3
0x004046b7
0x004046bd
0x004046c5
0x004046cb
0x004046da
0x004046df
0x004046e5
0x004046ef
0x004046e7
0x004046e7
0x004046e7
0x004046fd
0x00404704
0x0040470a
0x004046a6
0x004046a6
0x004046a6
0x00000000
0x004046a6
0x00000000
0x00000000
0x00000000
0x004046ad
0x004046ad
0x004046ad
0x004046ae
0x004046ae
0x00000000
0x00000000
0x00000000
0x00000000
0x00404695
0x00404695
0x00404695
0x00404698
0x00404699
0x004046a4
0x00000000
0x00000000
0x00000000

APIs

GetCommandLineA.KERNEL32 ref: 00404687
GetStartupInfoA.KERNEL32(?), ref: 004046C5
GetModuleHandleA.KERNEL32(00000000,00000000,00000000,0000000A), ref: 004046F6
ExitProcess.KERNEL32 ref: 0040470A

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: CommandExitHandleInfoLineModuleProcessStartup
String ID:
API String ID: 2164999147-0
Opcode ID: a7ed023600afec79d4f681889d2eeb0e48ad05c58f346c18591c58b2a9374090
Instruction ID: b1a91a6e2b74f3548383683b1100c06c5c8b3f701606ca986021071b17346c6a
Opcode Fuzzy Hash: a7ed023600afec79d4f681889d2eeb0e48ad05c58f346c18591c58b2a9374090
Instruction Fuzzy Hash: B3010CA18447445AEB315B60490ABAF3B948F43314F240837EBC1B62C6E67D48C38ADD

Uniqueness

Uniqueness Score: -1.00%

Function 00402C9C Relevance: 3.0, APIs: 2, Instructions: 30
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowPos.USER32(?,-00000002,?,?,0000000A,0000000A,00000003), ref: 00402CC8
DefWindowProcA.USER32(?,?,?,?), ref: 00402F11

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: Window$Proc
String ID:
API String ID: 583982625-0
Opcode ID: bf50f914c3e7ffc7f72fd60cb14414feea4da27e6706329e48f34e591025e4dc
Instruction ID: 260cddc338231076bd6f7550de8ef022c34cc5639db7ca6125be32ef3a330ba9
Opcode Fuzzy Hash: bf50f914c3e7ffc7f72fd60cb14414feea4da27e6706329e48f34e591025e4dc
Instruction Fuzzy Hash: EAF03972240509BBEB015F60ED45FAA3B25E705355F058021FA02E80E0C3758D61AB18

Uniqueness

Uniqueness Score: -1.00%

Function 00402B6E Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32 ref: 00402B88
DefWindowProcA.USER32(?,?,?,?), ref: 00402F11

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: MessageProcWindow
String ID:
API String ID: 55716251-0
Opcode ID: a42d041ec2682aa28cf26d035ca2d3a9aa8c19b91d2e26691f4e7c91f5bbff14
Instruction ID: 4e047d06cda0e92a50df56047ec463d335d9b87dbc63accd3b7a24bd0d4fc026
Opcode Fuzzy Hash: a42d041ec2682aa28cf26d035ca2d3a9aa8c19b91d2e26691f4e7c91f5bbff14
Instruction Fuzzy Hash: 0BE04F33104045EFCF028F94ED4899D3F61FB46360715846AF652A90B2C7B6C522EF45

Uniqueness

Uniqueness Score: -1.00%

Function 00402ACD Relevance: 1.5, APIs: 1, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402ACD(void* __eax, void* __ebx, void* __ecx) {
				void* _t7;
				long _t9;
				void* _t16;

				_t7 = __eax + 0x406a04;
				 *[fs:eax] =  *[fs:eax] + _t7;
				 *((intOrPtr*)(_t7 -  *((intOrPtr*)(_t7 + _t7)))) =  *((intOrPtr*)(_t7 -  *((intOrPtr*)(_t7 + _t7)))) + __ebx;
				_t9 = DefWindowProcA( *(_t16 + 8),  *(_t16 + 0xc),  *(_t16 + 0x10),  *(_t16 + 0x14)); // executed
				return _t9;
			}

0x00402acd
0x00402ad2
0x00402ada
0x00402f11
0x00402f1b

APIs

DefWindowProcA.USER32(?,?,?,?), ref: 00402F11

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: ProcWindow
String ID:
API String ID: 181713994-0
Opcode ID: 70b16e7ca6862fe2dc6e6a46f6e39ca03ff5cd1690ebb784e637bf76d84b71ea
Instruction ID: e97300cb53c6eb48d1b9a5d246905f662cdbcf5ef80795e73b08e6251088e78e
Opcode Fuzzy Hash: 70b16e7ca6862fe2dc6e6a46f6e39ca03ff5cd1690ebb784e637bf76d84b71ea
Instruction Fuzzy Hash: 07E086332081C5AFCB030FA4AD294993F20EF4A354B0A8873E682A50A2C27A8531EB15

Uniqueness

Uniqueness Score: -1.00%

Function 00402B24 Relevance: 1.5, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

DefWindowProcA.USER32(?,?,?,?), ref: 00402F11

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: ProcWindow
String ID:
API String ID: 181713994-0
Opcode ID: c8fe5e5a417713b1918d64d43014f5a3ba21fedd02b36326661cc03a9e0cd5f3
Instruction ID: 65ac05b22f25992b11684c2fb74066950c4aff75a3b85d7e71cd45dd1ea13c32
Opcode Fuzzy Hash: c8fe5e5a417713b1918d64d43014f5a3ba21fedd02b36326661cc03a9e0cd5f3
Instruction Fuzzy Hash: 58D05E32200004EADF024F84ED44A8E7F21EB89354F208433F602A80A0D3B68631AF55

Uniqueness

Uniqueness Score: -1.00%

Function 00402A95 Relevance: 1.5, APIs: 1, Instructions: 14
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402A95(void* __eax) {
				intOrPtr* _t6;
				long _t7;
				void* _t11;

				_t6 = __eax + 0x406a04;
				 *_t6 =  *_t6 + _t6;
				 *_t6 =  *_t6 + _t6;
				_t7 = DefWindowProcA( *(_t11 + 8),  *(_t11 + 0xc),  *(_t11 + 0x10),  *(_t11 + 0x14)); // executed
				return _t7;
			}

0x00402a95
0x00402a9a
0x00402a9c
0x00402f11
0x00402f1b

APIs

DefWindowProcA.USER32(?,?,?,?), ref: 00402F11

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: ProcWindow
String ID:
API String ID: 181713994-0
Opcode ID: db0e4a61445f15e2861bafb611833fdb84c48873c7a7478ed89a330e4fb05f5c
Instruction ID: dbffba37966f872ab556a82dd5bb47bd046feb1fa9b94650fbb76d6d0e3c5481
Opcode Fuzzy Hash: db0e4a61445f15e2861bafb611833fdb84c48873c7a7478ed89a330e4fb05f5c
Instruction Fuzzy Hash: 0FD09E33104145EFCB025F94ED0559D3F61FB4A365B058472F642A50A1D37A8821AF65

Uniqueness

Uniqueness Score: -1.00%

Function 00402AAF Relevance: 1.5, APIs: 1, Instructions: 14
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402AAF(void* __eax) {
				long _t8;
				void* _t12;

				_t6 = __eax + 0x406a04;
				 *((intOrPtr*)(__eax + 0x406a04 +  *_t6)) =  *((intOrPtr*)(__eax + 0x406a04 +  *_t6)) + __eax + 0x406a04 +  *_t6;
				_t8 = DefWindowProcA( *(_t12 + 8),  *(_t12 + 0xc),  *(_t12 + 0x10),  *(_t12 + 0x14)); // executed
				return _t8;
			}

0x00402aaf
0x00402ab6
0x00402f11
0x00402f1b

APIs

DefWindowProcA.USER32(?,?,?,?), ref: 00402F11

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: ProcWindow
String ID:
API String ID: 181713994-0
Opcode ID: 6f356dd7719f01ef5de09063c3e6e9bc8acf3e5a03031ae99a79323d5556a068
Instruction ID: bbcc8d1024c7b2ad99e94aa0aed6deed2e7d6b03234c1db6f6ad748cd76164e8
Opcode Fuzzy Hash: 6f356dd7719f01ef5de09063c3e6e9bc8acf3e5a03031ae99a79323d5556a068
Instruction Fuzzy Hash: D9D09E33104185AFCB025F94ED4559D3F61EF4A355B058462F642A50A1D3768431AB55

Uniqueness

Uniqueness Score: -1.00%

Function 00402ABD Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402ABD() {
				intOrPtr _t5;
				long _t6;
				void* _t10;

				_t5 =  *0x406008; // 0x8
				 *0x406a04 = _t5;
				_t6 = DefWindowProcA( *(_t10 + 8),  *(_t10 + 0xc),  *(_t10 + 0x10),  *(_t10 + 0x14)); // executed
				return _t6;
			}

0x00402abd
0x00402ac2
0x00402f11
0x00402f1b

APIs

DefWindowProcA.USER32(?,?,?,?), ref: 00402F11

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: ProcWindow
String ID:
API String ID: 181713994-0
Opcode ID: 060b37bd04cde0ce69d3709c2b5eabfd3b999a65c960a375cf823c41a5babb3e
Instruction ID: 1c940054b3db183b45bed1325efca524ee869a9c084e3552099c3281fe396897
Opcode Fuzzy Hash: 060b37bd04cde0ce69d3709c2b5eabfd3b999a65c960a375cf823c41a5babb3e
Instruction Fuzzy Hash: 62D09236200109EBCF029F94EE4488A3B61FB493A5B018432FA46A5060D3728831AF58

Uniqueness

Uniqueness Score: -1.00%

Function 00402AEF Relevance: 1.5, APIs: 1, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00402AEF() {
				long _t5;
				void* _t9;

				asm("sbb eax, 0x406d1b");
				_t5 = DefWindowProcA( *(_t9 + 8),  *(_t9 + 0xc),  *(_t9 + 0x10),  *(_t9 + 0x14)); // executed
				return _t5;
			}

0x00402aef
0x00402f11
0x00402f1b

APIs

DefWindowProcA.USER32(?,?,?,?), ref: 00402F11

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: ProcWindow
String ID:
API String ID: 181713994-0
Opcode ID: 9c049fca779ecfa29e4486dc828377b5fe2e857290d7ce2e0307e7ebe878b782
Instruction ID: d40f789e0b04d5827db2e0a9a9f70a1ef8da32f3033334284138e3e7127ca9ff
Opcode Fuzzy Hash: 9c049fca779ecfa29e4486dc828377b5fe2e857290d7ce2e0307e7ebe878b782
Instruction Fuzzy Hash: 14C0E937204009ABCF025F94ED4499E7B21EB59355B158833FA56A40A193B68531AF55

Uniqueness

Uniqueness Score: -1.00%

Function 00402AA4 Relevance: 1.5, APIs: 1, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00402AA4() {
				long _t5;
				void* _t9;

				asm("sbb eax, 0x406a04");
				_t5 = DefWindowProcA( *(_t9 + 8),  *(_t9 + 0xc),  *(_t9 + 0x10),  *(_t9 + 0x14)); // executed
				return _t5;
			}

0x00402aa4
0x00402f11
0x00402f1b

APIs

DefWindowProcA.USER32(?,?,?,?), ref: 00402F11

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: ProcWindow
String ID:
API String ID: 181713994-0
Opcode ID: d0a8537e2fdd292149ebae67b7172adad485f5276b1f593e093a06924addc3d2
Instruction ID: ade3f5859509854e221db11ecb9d65a665a9e99d13c315de4784c91dea249606
Opcode Fuzzy Hash: d0a8537e2fdd292149ebae67b7172adad485f5276b1f593e093a06924addc3d2
Instruction Fuzzy Hash: 28C0C933200009EBCF025F84ED0488E3B21FB49355B008432F602A40A093768831AF55

Uniqueness

Uniqueness Score: -1.00%

Function 00402B39 Relevance: 1.5, APIs: 1, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00402B39() {
				long _t5;
				void* _t9;

				asm("sbb eax, 0x406d1c");
				_t5 = DefWindowProcA( *(_t9 + 8),  *(_t9 + 0xc),  *(_t9 + 0x10),  *(_t9 + 0x14)); // executed
				return _t5;
			}

0x00402b39
0x00402f11
0x00402f1b

APIs

DefWindowProcA.USER32(?,?,?,?), ref: 00402F11

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: ProcWindow
String ID:
API String ID: 181713994-0
Opcode ID: b1eea099679d21919ab5308ca50c3f5b4a83b4faaaa72bec43b9357ddef92ffc
Instruction ID: fff3afe805b17c878276525cb6678e382136fbb4a72424296e83aa6735b8d0f2
Opcode Fuzzy Hash: b1eea099679d21919ab5308ca50c3f5b4a83b4faaaa72bec43b9357ddef92ffc
Instruction Fuzzy Hash: E0C0C933200009ABCF024F84ED0488E3B21EB48355B108432FA02A40A093B68431AF55

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 004034C6 Relevance: 28.8, APIs: 19, Instructions: 277
keyboardsleeptimeCOMMON

Download Yara Rule

C-Code - Quality: 69%

			E004034C6(struct HWND__* _a4, int _a8) {
				int _v4;
				signed int _v5;
				char _v25;
				signed char _t115;
				signed int _t116;
				signed int _t118;
				long _t123;
				signed int _t124;
				int _t126;
				signed int _t131;
				signed int _t132;
				signed int _t134;
				signed int _t135;
				signed int _t140;
				signed int _t141;
				signed int _t144;
				signed int _t147;
				signed int _t151;
				signed int _t156;
				signed int _t157;
				signed int _t162;
				signed int _t163;
				signed int _t169;
				signed int _t186;
				intOrPtr* _t187;
				signed int _t189;
				signed int _t190;
				signed int _t192;
				intOrPtr _t193;
				signed char _t194;
				intOrPtr _t197;
				signed int _t198;
				intOrPtr _t200;
				intOrPtr _t203;
				void* _t204;
				intOrPtr _t207;
				intOrPtr _t210;
				intOrPtr _t213;
				intOrPtr _t216;
				intOrPtr _t220;
				intOrPtr _t223;
				intOrPtr _t226;
				intOrPtr _t227;
				intOrPtr* _t228;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed short _t237;
				intOrPtr _t238;

				_v5 = 0;
				_t115 = GetKeyState(0x13);
				if((_t115 & 0x00000080) != 0) {
					L2:
					 *0x406a08 = 0;
					L3:
					_t237 =  *0x406a08; // 0x0
					if(_t237 != 0) {
						_t116 =  *0x4069f4; // 0x0
						_t200 =  *0x4069f0; // 0x0
						_t228 = mouse_event;
						_t186 = _t116 + _t116 * 4;
						_t231 =  *((intOrPtr*)(_t200 + _t186 * 4));
						_t187 = _t200 + _t186 * 4;
						__eflags = _t231 - 0x100;
						if(_t231 < 0x100) {
							L31:
							 *0x4069f4 = _t116 + 1;
							_t118 = E004042AF( *0x4069f0);
							_t189 = 0x14;
							_t190 =  *0x4069f4; // 0x0
							__eflags = _t190 - _t118 / _t189;
							if(_t190 >= _t118 / _t189) {
								L47:
								__eflags =  *0x406d19; // 0x0
								if(__eflags != 0) {
									_t123 = GetDoubleClickTime() >> 1;
									__eflags = _t123;
									Sleep(_t123);
								}
								_push(0);
								_push( *0x406a08 & 0x0000ffff);
								_push(0x111);
								_push(_a4);
								L50:
								return PostMessageA();
							}
							_t203 =  *0x4069f0; // 0x0
							_t124 = _t190 + _t190 * 4;
							__eflags =  *(_t203 + _t124 * 4);
							_t204 = _t203 + _t124 * 4;
							if( *(_t203 + _t124 * 4) == 0) {
								goto L47;
							}
							_t232 =  *0x406a04; // 0x0
							__eflags = _t232 - 0x64;
							if(_t232 < 0x64) {
								_t126 =  *((intOrPtr*)(_t204 + 0xc)) -  *((intOrPtr*)(_t204 - 8));
								__eflags = _t232 - 1;
								if(_t232 != 1) {
									__eflags = _t232 - 2;
									if(_t232 >= 2) {
										__eflags = _t126 % _t232;
										_t126 = _t126 / _t232;
									}
								} else {
									_t126 = _t126 + _t126;
								}
								_push(0);
								L41:
								return SetTimer(_a4, _a8, _t126);
							} else {
								goto L34;
							}
							while(1) {
								L34:
								__eflags =  *0x406d18; // 0x0
								if(__eflags != 0) {
									break;
								}
								_t207 =  *0x4069f0; // 0x0
								_t131 = _t190 + _t190 * 4;
								__eflags =  *((intOrPtr*)(_t207 + _t131 * 4)) - 0x200;
								if( *((intOrPtr*)(_t207 + _t131 * 4)) != 0x200) {
									break;
								}
								_t132 = _t190;
								_t233 = 6;
								__eflags = _t132 % _t233;
								if(_t132 % _t233 == 0) {
									L38:
									_t134 = GetSystemMetrics(1);
									_t210 =  *0x4069f0; // 0x0
									_t135 =  *0x4069f4; // 0x0
									_t140 = GetSystemMetrics(0);
									_t213 =  *0x4069f0; // 0x0
									_t192 = _t140;
									_t141 =  *0x4069f4; // 0x0
									_t144 =  *(_t213 + 4 + (_t141 + _t141 * 4) * 4) * 0xffff;
									__eflags = _t144 % _t192;
									 *_t228(0x8001, _t144 / _t192,  *(_t210 + 8 + (_t135 + _t135 * 4) * 4) * 0xffff / _t134, 0, 0);
									_t147 =  *0x4069f4; // 0x0
									_t193 =  *0x4069f0; // 0x0
									SetCursorPos( *(_t193 + (_t147 + _t147 * 4) * 4 + 4),  *(_t193 + 8 + (_t147 + _t147 * 4) * 4));
									Sleep(1);
									_t190 =  *0x4069f4; // 0x0
									_v25 = 1;
									L39:
									_t190 = _t190 + 1;
									 *0x4069f4 = _t190;
									continue;
								}
								_t216 =  *0x4069f0; // 0x0
								_t74 = _t190 * 4; // 0x5
								_t151 = _t190 + _t74 + 5;
								__eflags =  *((intOrPtr*)(_t216 + _t151 * 4)) - 0x200;
								if( *((intOrPtr*)(_t216 + _t151 * 4)) == 0x200) {
									goto L39;
								}
								goto L38;
							}
							_push(0);
							asm("sbb eax, eax");
							_t126 = ( ~_v5 & 0x0000004a) + 1;
							__eflags = _t126;
							goto L41;
						}
						__eflags = _t231 - 0x101;
						if(_t231 <= 0x101) {
							_t194 =  *((intOrPtr*)(_t187 + 4));
							__eflags = _t194 - 0xa0;
							_v4 = _t194;
							if(_t194 == 0xa0) {
								goto L31;
							}
							__eflags = _t231 - 0x101;
							if(_t231 != 0x101) {
								__eflags = 0;
							} else {
								_push(2);
								_pop(0);
							}
							__eflags = _t194 - 0x21;
							if(_t194 < 0x21) {
								L23:
								__eflags = _t194 - 0x11;
								if(_t194 == 0x11) {
									goto L28;
								}
								__eflags = _t194 - 0x5b;
								if(_t194 == 0x5b) {
									goto L28;
								}
								__eflags = _t194 - 0x5c;
								if(_t194 == 0x5c) {
									goto L28;
								}
								__eflags = _t194 - 0x5d;
								if(_t194 == 0x5d) {
									goto L28;
								}
								goto L29;
							} else {
								__eflags = _t194 - 0x2e;
								if(_t194 <= 0x2e) {
									L28:
									_push(1);
									_pop(0);
									L29:
									__eflags = 0;
									keybd_event(_v4, MapVirtualKeyA(_t194 & 0x000000ff, 0), 0, 0);
									L30:
									_t116 =  *0x4069f4; // 0x0
									goto L31;
								}
								goto L23;
							}
						}
						__eflags = _t231 - 0x200;
						if(__eflags == 0) {
							_t156 = GetSystemMetrics(1);
							_t220 =  *0x4069f0; // 0x0
							_t157 =  *0x4069f4; // 0x0
							_t162 = GetSystemMetrics(0);
							_t223 =  *0x4069f0; // 0x0
							_t163 =  *0x4069f4; // 0x0
							mouse_event(0x8001,  *(_t223 + 4 + (_t163 + _t163 * 4) * 4) * 0xffff / _t162,  *(_t220 + 8 + (_t157 + _t157 * 4) * 4) * 0xffff / _t156, 0, 0);
							_t169 =  *0x4069f4; // 0x0
							_t197 =  *0x4069f0; // 0x0
							SetCursorPos( *(_t197 + (_t169 + _t169 * 4) * 4 + 4),  *(_t197 + 8 + (_t169 + _t169 * 4) * 4));
							goto L30;
						}
						if(__eflags <= 0) {
							goto L31;
						}
						__eflags = _t231 - 0x202;
						if(_t231 <= 0x202) {
							 *0x406d19 = 1;
							__eflags =  *_t187 - 0x201;
							mouse_event(((0 |  *_t187 != 0x00000201) - 0x00000001 & 0x000000fe) + 4, 0, 0, 0, 0);
							_t116 =  *0x4069f4; // 0x0
							_t226 =  *0x4069f0; // 0x0
							_t198 = _t116 + _t116 * 4;
							__eflags =  *((intOrPtr*)(_t226 + _t198 * 4)) - 0x201;
							L14:
							 *0x406d18 = _t198 & 0xffffff00 | __eflags == 0x00000000;
							goto L31;
						}
						__eflags = _t231 - 0x203;
						if(_t231 <= 0x203) {
							goto L31;
						}
						__eflags = _t231 - 0x205;
						if(_t231 > 0x205) {
							goto L31;
						}
						__eflags = _t231 - 0x204;
						mouse_event(((0 | _t231 != 0x00000204) - 0x00000001 & 0x000000f8) + 0x10, 0, 0, 0, 0);
						_t116 =  *0x4069f4; // 0x0
						_t227 =  *0x4069f0; // 0x0
						_t198 = _t116 + _t116 * 4;
						__eflags =  *((intOrPtr*)(_t227 + _t198 * 4)) - 0x201;
						goto L14;
					}
					_t238 =  *0x406d1d; // 0x0
					if(_t238 == 0) {
						return _t115;
					}
					_push(0);
					_push(0);
					_push(0x10);
					_push( *0x4069e0);
					goto L50;
				}
				_t115 = GetKeyState(0x91);
				if((_t115 & 0x00000080) == 0) {
					goto L3;
				}
				goto L2;
			}

0x004034d6
0x004034da
0x004034df
0x004034ed
0x004034ed
0x004034f3
0x004034f3
0x004034f9
0x00403516
0x0040351b
0x00403527
0x0040352d
0x00403530
0x00403533
0x00403536
0x0040353c
0x004036b9
0x004036c0
0x004036c5
0x004036cf
0x004036d2
0x004036d8
0x004036da
0x0040380a
0x0040380a
0x00403810
0x00403818
0x00403818
0x0040381b
0x0040381b
0x00403828
0x00403829
0x0040382a
0x0040382f
0x00403833
0x00000000
0x00403833
0x004036e0
0x004036e6
0x004036e9
0x004036ec
0x004036ef
0x00000000
0x00000000
0x004036f5
0x004036fb
0x004036fe
0x004037f2
0x004037f5
0x004037f8
0x004037fe
0x00403801
0x00403805
0x00403805
0x00403805
0x004037fa
0x004037fa
0x004037fa
0x00403807
0x004037de
0x00000000
0x00000000
0x00000000
0x00000000
0x00403704
0x00403704
0x00403704
0x0040370a
0x00000000
0x00000000
0x00403710
0x00403716
0x00403719
0x00403720
0x00000000
0x00000000
0x00403728
0x0040372c
0x0040372f
0x00403731
0x00403746
0x0040374a
0x0040374c
0x00403754
0x0040376c
0x0040376e
0x00403774
0x00403776
0x00403784
0x0040378a
0x00403792
0x00403794
0x00403799
0x004037ac
0x004037b4
0x004037ba
0x004037c0
0x004037c5
0x004037c5
0x004037c6
0x00000000
0x004037c6
0x00403733
0x00403739
0x00403739
0x0040373d
0x00403744
0x00000000
0x00000000
0x00000000
0x00403744
0x004037d5
0x004037d8
0x004037dd
0x004037dd
0x00000000
0x004037dd
0x00403547
0x00403549
0x0040365e
0x00403661
0x00403664
0x00403668
0x00000000
0x00000000
0x0040366a
0x0040366c
0x00403673
0x0040366e
0x0040366e
0x00403670
0x00403670
0x00403675
0x00403678
0x0040367f
0x0040367f
0x00403682
0x00000000
0x00000000
0x00403684
0x00403687
0x00000000
0x00000000
0x00403689
0x0040368c
0x00000000
0x00000000
0x0040368e
0x00403691
0x00000000
0x00000000
0x00000000
0x0040367a
0x0040367a
0x0040367d
0x00403697
0x00403697
0x00403699
0x0040369a
0x0040369a
0x004036ae
0x004036b4
0x004036b4
0x00000000
0x004036b4
0x00000000
0x0040367d
0x00403678
0x00403554
0x00403556
0x004035f4
0x004035f6
0x004035fe
0x00403616
0x00403618
0x00403620
0x0040363c
0x0040363e
0x00403643
0x00403656
0x00000000
0x00403656
0x0040355c
0x00000000
0x00000000
0x00403562
0x00403568
0x004035c2
0x004035cb
0x004035db
0x004035dd
0x004035e2
0x004035e8
0x004035eb
0x004035af
0x004035b2
0x00000000
0x004035b2
0x0040356a
0x00403570
0x00000000
0x00000000
0x00403576
0x0040357c
0x00000000
0x00000000
0x00403584
0x00403598
0x0040359a
0x0040359f
0x004035a5
0x004035a8
0x00000000
0x004035a8
0x004034fb
0x00403501
0x0040383f
0x0040383f
0x00403507
0x00403508
0x00403509
0x0040350b
0x00000000
0x0040350b
0x004034e6
0x004034eb
0x00000000
0x00000000
0x00000000

APIs

GetKeyState.USER32 ref: 004034DA
GetKeyState.USER32 ref: 004034E6
mouse_event.USER32 ref: 00403598
mouse_event.USER32 ref: 004035DB
GetSystemMetrics.USER32 ref: 004035F4
GetSystemMetrics.USER32 ref: 00403616
mouse_event.USER32 ref: 0040363C
SetCursorPos.USER32(?,?,?,00000000,?,?,004018DF,?,000003EA), ref: 00403656
GetSystemMetrics.USER32 ref: 0040374A
GetSystemMetrics.USER32 ref: 0040376C
mouse_event.USER32 ref: 00403792
SetCursorPos.USER32(?,?,?,?,004018DF,?,000003EA), ref: 004037AC
Sleep.KERNEL32(00000001,?,?,004018DF,?,000003EA), ref: 004037B4
SetTimer.USER32(00000000,00000000,?,00000000), ref: 004037E7
PostMessageA.USER32 ref: 00403833

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: MetricsSystemmouse_event$CursorState$MessagePostSleepTimer
String ID:
API String ID: 203055827-0
Opcode ID: d3f8d64b5e7190012166dfd82cf50fc04a1379ee699abd62a7b768a1f457340b
Instruction ID: 21240027269b291347ce267e244152a0a87117dcadd7f2a7bfe16b9bf36c52a4
Opcode Fuzzy Hash: d3f8d64b5e7190012166dfd82cf50fc04a1379ee699abd62a7b768a1f457340b
Instruction Fuzzy Hash: 94A106B0200106AFE724DF18DD94E763B9DF785304F12817BE102AB6E2D67A9D619F98

Uniqueness

Uniqueness Score: -1.00%

Function 00403B09 Relevance: 12.1, APIs: 8, Instructions: 130
fileCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E00403B09(intOrPtr* _a4) {
				void _v263;
				char _v264;
				struct _WIN32_FIND_DATAA _v584;
				int _t23;
				void* _t31;
				void* _t50;
				signed int _t52;
				void* _t53;
				signed int _t54;
				void* _t73;
				intOrPtr* _t74;

				_t52 = 0;
				_t54 = 0x4f;
				_v584.dwFileAttributes = 0;
				_push(0x40);
				_t23 = memset( &(_v584.ftCreationTime), 0, _t54 << 2);
				_v264 = 0;
				_t74 = _a4;
				memset( &_v263, _t23, 0 << 2);
				asm("stosw");
				asm("stosb");
				if(_t74 == 0 ||  *_t74 == 0) {
					L22:
					return 0;
				} else {
					E004041B8(_t74,  &_v264);
					if((GetFileAttributesA( &_v264) + 0x00000001 & 0x00000010) != 0) {
						L7:
						_t31 = 1;
						return _t31;
					}
					if(E00404525( &_v264, 0x2a) != 0 || E00404525( &_v264, 0x3f) != 0) {
						_t73 = FindFirstFileA( &_v264,  &_v584);
						if( *_t74 != _t52) {
							_t52 =  *((char*)(E004043D7(_t74) + _t74 - 1));
						}
						if(_t52 != 0x5c) {
							_t53 = _t52 | 0xffffffff;
							if(_t73 == _t53) {
								goto L22;
							}
							while(E0040448E( &(_v584.cFileName), 0x40677c) == 0 || E0040448E( &(_v584.cFileName), 0x406778) == 0) {
								if(FindNextFileA(_t73,  &_v584) == 0) {
									FindClose(_t73);
									_t73 = _t53;
								}
								if(_t73 != _t53) {
									continue;
								} else {
									break;
								}
							}
							if(_t73 == _t53) {
								goto L22;
							}
							FindClose(_t73);
						} else {
							if(_t73 == 0xffffffff) {
								goto L22;
							}
							FindClose(_t73);
						}
					} else {
						_t50 = CreateFileA( &_v264, 0x80000000, 3, 0, 3, 0x80, 0);
						if(_t50 == 0xffffffff) {
							goto L22;
						}
						CloseHandle(_t50);
					}
					goto L7;
				}
			}

0x00403b17
0x00403b19
0x00403b22
0x00403b28
0x00403b2a
0x00403b33
0x00403b39
0x00403b3c
0x00403b3e
0x00403b42
0x00403b43
0x00403c6a
0x00000000
0x00403b51
0x00403b59
0x00403b70
0x00403bc7
0x00403bc9
0x00000000
0x00403bc9
0x00403b84
0x00403be5
0x00403be7
0x00403bef
0x00403bf4
0x00403bf8
0x00403c08
0x00403c0d
0x00000000
0x00000000
0x00403c15
0x00403c53
0x00403c56
0x00403c58
0x00403c58
0x00403c5c
0x00000000
0x00000000
0x00000000
0x00000000
0x00403c5c
0x00403c60
0x00000000
0x00000000
0x00403c63
0x00403bfa
0x00403bfd
0x00000000
0x00000000
0x00403c00
0x00403c00
0x00403b9a
0x00403bb1
0x00403bba
0x00000000
0x00000000
0x00403bc1
0x00403bc1
0x00000000
0x00403b84

APIs

Part of subcall function 004041B8: ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000103,00000000,00403CBD,004010B3,?), ref: 004041E0

GetFileAttributesA.KERNEL32(?,C0000000,76CDF7B0,00000080), ref: 00403B67
CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00403BB1
CloseHandle.KERNEL32(00000000), ref: 00403BC1
FindFirstFileA.KERNEL32(?,?), ref: 00403BDD
FindClose.KERNEL32(00000000), ref: 00403C00
FindNextFileA.KERNEL32(00000000,?), ref: 00403C4B
FindClose.KERNEL32(00000000), ref: 00403C56
FindClose.KERNEL32(00000000), ref: 00403C63

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: Find$CloseFile$AttributesCreateEnvironmentExpandFirstHandleNextStrings
String ID:
API String ID: 4171416902-0
Opcode ID: 846ae757fb93dd96231631fb0bd60a5ac06f77789042b534643d51bdc34c2352
Instruction ID: e1ac57afb29f337bbfc01b4c37a33415eab2da7915a8ac3ffd06022a65d69b60
Opcode Fuzzy Hash: 846ae757fb93dd96231631fb0bd60a5ac06f77789042b534643d51bdc34c2352
Instruction Fuzzy Hash: CA4125B39002196AEB209A749CC8BEF3B7CDB54726F1000BBF344F20C1DA789F814A58

Uniqueness

Uniqueness Score: -1.00%

Function 0040424C Relevance: 2.5, APIs: 2, Instructions: 8
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040424C(signed int _a4, signed int _a8) {

				return HeapAlloc(GetProcessHeap(), 8, _a4 * _a8);
			}

0x00404265

APIs

GetProcessHeap.KERNEL32(00000008,004046D0,0040473D,00000020,00000004,004046D0), ref: 00404258
HeapAlloc.KERNEL32(00000000), ref: 0040425F

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: Heap$AllocProcess
String ID:
API String ID: 1617791916-0
Opcode ID: f99d22f5a8df0d0e8d007fcd5727663fa01546c3604a1ab640b57c0ff2247634
Instruction ID: a4965471384d461b3c446fe3d87201e807eabb61d08fa2ce669204f1d343d336
Opcode Fuzzy Hash: f99d22f5a8df0d0e8d007fcd5727663fa01546c3604a1ab640b57c0ff2247634
Instruction Fuzzy Hash: 33C04C71544601ABDA009BA4DF4DA1F7BA8FB94701F048414B145E5060C63098008F65

Uniqueness

Uniqueness Score: -1.00%

Function 00403108 Relevance: 30.1, APIs: 20, Instructions: 147
windowCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E00403108(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				void* _v16;
				struct tagRECT _v20;
				struct tagPAINTSTRUCT _v84;
				struct tagLOGFONTA _v144;
				void _v207;
				char _v208;
				void* _t72;
				struct HWND__* _t81;
				signed int _t83;
				int _t102;
				void* _t104;

				_t83 = 0xf;
				_v84.hdc = 0;
				memset( &(_v84.fErase), 0, _t83 << 2);
				_v20.left = 0;
				asm("stosd");
				_v208 = _v208 & 0;
				_push(0xf);
				asm("stosd");
				asm("stosd");
				_t102 = _a8;
				memset( &_v207, 0, 0 << 2);
				asm("stosw");
				asm("stosb");
				_push(0xe);
				_v144.lfHeight = 0;
				memset( &(_v144.lfWidth), 0, 0 << 2);
				if(_t102 != 0x200) {
					if(_t102 != 0x201) {
						if(_t102 != 0xf) {
							L2:
							return DefWindowProcA(_a4, _t102, _a12, _a16);
						}
						_t81 = _a4;
						BeginPaint(_t81,  &_v84);
						GetClientRect(_t81,  &_v20);
						SetBkMode(_v84.hdc, 1);
						SetTextColor(_v84.hdc, 0xd78d07);
						SelectObject(_v84.hdc, GetStockObject(0x11));
						GetObjectA(GetStockObject(0x11), 0x3c,  &_v144);
						_v144.lfHeight = _v144.lfHeight + _v144.lfHeight;
						_t104 = CreateFontIndirectA( &_v144);
						SelectObject(_v84.hdc, _t104);
						GetWindowTextA(_t81,  &_v208, 0x3f);
						if(_t81 != 0 && IsWindow(_t81) != 0 && (GetWindowLongA(_t81, 0xfffffff0) & 0x00000001) != 0) {
							_push(1);
							_pop(0);
						}
						DrawTextA(_v84,  &_v208, E004043D7( &_v208),  &_v20, 0xbadbad);
						EndPaint(_t81,  &_v84);
						if(_t104 != 0) {
							DeleteObject(_t104);
						}
						_t72 = 1;
						return _t72;
					}
					PostMessageA( *0x4069e0, 0x111, GetWindowLongA(_a4, 0xfffffff4) & 0x0000ffff, 1);
					goto L2;
				}
				SetCursor( *0x4069e4);
				goto L2;
			}

0x00403117
0x0040311d
0x00403120
0x00403125
0x00403128
0x00403129
0x0040312f
0x00403131
0x00403132
0x0040313c
0x0040313f
0x00403141
0x00403143
0x00403144
0x0040314f
0x0040315b
0x0040315d
0x00403187
0x004031b0
0x0040316b
0x00000000
0x00403175
0x004031b3
0x004031bb
0x004031c6
0x004031d1
0x004031df
0x004031f9
0x00403209
0x00403217
0x0040322a
0x00403230
0x0040323c
0x00403244
0x0040325e
0x00403260
0x00403260
0x0040328e
0x00403299
0x004032a2
0x004032a5
0x004032a5
0x004032ad
0x00000000
0x004032ad
0x004031a5
0x00000000
0x004031a5
0x00403165
0x00000000

APIs

SetCursor.USER32 ref: 00403165
DefWindowProcA.USER32(?,?,?,?), ref: 00403175
GetWindowLongA.USER32 ref: 00403190
PostMessageA.USER32 ref: 004031A5
BeginPaint.USER32(?,?), ref: 004031BB
GetClientRect.USER32(?,?), ref: 004031C6
SetBkMode.GDI32(?,00000001), ref: 004031D1
SetTextColor.GDI32(?,00D78D07), ref: 004031DF
GetStockObject.GDI32(00000011), ref: 004031ED
SelectObject.GDI32(?,00000000), ref: 004031F9
GetStockObject.GDI32(00000011), ref: 00403206
GetObjectA.GDI32(00000000), ref: 00403209
CreateFontIndirectA.GDI32(?), ref: 00403224
SelectObject.GDI32(?,00000000), ref: 00403230
GetWindowTextA.USER32 ref: 0040323C
IsWindow.USER32(?), ref: 00403247
GetWindowLongA.USER32 ref: 00403254
DrawTextA.USER32(?,?,00000000,?,00000000), ref: 0040328E
EndPaint.USER32(?,?), ref: 00403299
DeleteObject.GDI32(00000000), ref: 004032A5

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: Object$Window$Text$LongPaintSelectStock$BeginClientColorCreateCursorDeleteDrawFontIndirectMessageModePostProcRect
String ID:
API String ID: 1323531340-0
Opcode ID: 80f6b17f92aeb9e0d79c0b838b47aa74e400cc66309a368cd808f196d33da438
Instruction ID: f6a75a345252a565a7efb7e4d5d8ae1a11078984608b2f9e6db09855e2cd8f16
Opcode Fuzzy Hash: 80f6b17f92aeb9e0d79c0b838b47aa74e400cc66309a368cd808f196d33da438
Instruction Fuzzy Hash: 2C414C72900519ABEF109FA4DD48FAF7B7CFB08311F004576F605FA1A1CAB09A549FA4

Uniqueness

Uniqueness Score: -1.00%

Function 00403EA0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 197
fileCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E00403EA0(void* _a4, long _a8, void* _a12, long _a16, long _a20, signed int _a24) {
				long _v8;
				long _v12;
				void _v271;
				char _v272;
				void _v531;
				char _v532;
				char* _t79;
				char _t83;
				void* _t85;
				long _t90;
				void* _t98;
				intOrPtr* _t109;
				signed int _t110;
				signed int _t118;
				void* _t133;
				long _t136;
				void* _t137;

				_v272 = _v272 & 0x00000000;
				_t110 = 0x40;
				memset( &_v271, 0, _t110 << 2);
				_v532 = _v532 & 0x00000000;
				_push(0x40);
				asm("stosw");
				asm("stosb");
				memset( &_v531, 0, 0 << 2);
				asm("stosw");
				asm("stosb");
				_t79 = _a4;
				_v8 = 0;
				_v12 = 0;
				if(_t79 == 0 ||  *_t79 == 0) {
					L37:
					return 0;
				} else {
					E004041B8(_t79,  &_v272);
					if( &_v272 == 0 || _v272 == 0) {
						_t83 = 0;
					} else {
						_t83 =  *((char*)(_t137 + E004043D7( &_v272) - 0x10d));
					}
					if(_t83 != 0x5c) {
						_t85 = CreateFileA( &_v272, 0xc0000000, 3, 0, 4, 0x80, 0);
						_a4 = _t85;
						if(_t85 == 0xffffffff || _t85 == 0) {
							if(E00403B09( &_v272) != 0 || E00404525( &_v272, 0x5c) == 0) {
								goto L27;
							} else {
								_t98 = 0;
								_a4 = 0;
								if(_v272 == 0) {
									L26:
									_a4 = CreateFileA( &_v272, 0xc0000000, 3, 0, 4, 0x80, 0);
									goto L27;
								}
								while(_t98 < 0x104) {
									if( *((char*)(_t137 + _t98 - 0x10c)) == 0x5c && _t98 > 1 &&  *((char*)(_t137 + _t98 - 0x10d)) != 0x3a) {
										_v8 = CreateDirectoryA( &_v532, 0);
										_t98 = _a4;
									}
									 *((char*)(_t137 + _t98 - 0x210)) =  *((intOrPtr*)(_t137 + _t98 - 0x10c));
									_t98 = _t98 + 1;
									_a4 = _t98;
									if( *((char*)(_t137 + _t98 - 0x10c)) != 0) {
										continue;
									} else {
										goto L26;
									}
								}
								goto L26;
							}
						} else {
							L27:
							if(_a4 == 0xffffffff || _a4 == 0) {
								goto L44;
							} else {
								if(_a12 == 0) {
									L42:
									_v8 = 1;
									L43:
									CloseHandle(_a4);
									goto L44;
								}
								_t136 = _a16;
								if(_t136 == 0) {
									goto L42;
								}
								_t90 = _a20;
								_t118 = _a24;
								if((_t90 | _t118) == 0) {
									_t90 = _a8;
									if(_t90 == 0xffffffff) {
										_t90 = GetFileSize(_a4,  &_v12);
									}
								} else {
									_v12 = _t118;
								}
								if(SetFilePointer(_a4, _t90,  &_v12, 0) != 0xffffffff) {
									if(WriteFile(_a4, _a12, _t136,  &_v8, 0) == 0 || _v8 != _t136) {
										_v8 = _v8 & 0x00000000;
									}
									goto L43;
								} else {
									CloseHandle(_a4);
									goto L37;
								}
							}
						}
					} else {
						_t133 = 0;
						if(_v272 == 0) {
							L44:
							return _v8;
						}
						while(_t133 < 0x104) {
							_t109 = _t137 + _t133 - 0x10c;
							if( *((char*)(_t137 + _t133 - 0x10c)) == 0x5c && _t133 > 1 &&  *((char*)(_t137 + _t133 - 0x10d)) != 0x3a) {
								_v8 = CreateDirectoryA( &_v532, 0);
							}
							 *((char*)(_t137 + _t133 - 0x210)) =  *_t109;
							_t133 = _t133 + 1;
							if( *((char*)(_t137 + _t133 - 0x10c)) != 0) {
								continue;
							}
							goto L44;
						}
						goto L44;
					}
				}
			}

0x00403ea9
0x00403eb7
0x00403ebe
0x00403ec0
0x00403ec7
0x00403ec9
0x00403ecb
0x00403ed7
0x00403ed9
0x00403edb
0x00403edc
0x00403edf
0x00403ee4
0x00403ee7
0x004040d3
0x00000000
0x00403ef6
0x00403efe
0x00403f0d
0x00403f2f
0x00403f18
0x00403f24
0x00403f2c
0x00403f34
0x00403fba
0x00403fbf
0x00403fc2
0x00403fdb
0x00000000
0x00403ff5
0x00403ff5
0x00403ffd
0x00404000
0x00404053
0x00404066
0x00000000
0x00404066
0x00404002
0x00404011
0x00404031
0x00404034
0x00404034
0x0040403e
0x00404045
0x00404046
0x00404051
0x00000000
0x00000000
0x00000000
0x00000000
0x00404051
0x00000000
0x00404002
0x00404069
0x00404069
0x0040406d
0x00000000
0x0040407d
0x00404081
0x004040fc
0x004040fc
0x00404103
0x00404106
0x00000000
0x00404106
0x00404083
0x00404088
0x00000000
0x00000000
0x0040408a
0x0040408d
0x00404094
0x004040a0
0x004040a6
0x004040af
0x004040af
0x00404096
0x00404098
0x0040409b
0x004040c8
0x004040ef
0x004040f6
0x004040f6
0x00000000
0x004040ca
0x004040cd
0x00000000
0x004040cd
0x004040c8
0x0040406d
0x00403f36
0x00403f36
0x00403f3f
0x0040410c
0x00000000
0x0040410c
0x00403f45
0x00403f59
0x00403f60
0x00403f7f
0x00403f7f
0x00403f84
0x00403f8b
0x00403f94
0x00000000
0x00000000
0x00000000
0x00403f96
0x00000000
0x00403f45
0x00403f34

APIs

CreateDirectoryA.KERNEL32(00000000,00000000,00406A18,.exe), ref: 00403F79
CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000004,00000080,00000000,00406A18,.exe), ref: 00403FBA
CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0040402B
CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000004,00000080,00000000), ref: 00404064
GetFileSize.KERNEL32(00000000,00000000), ref: 004040AF
SetFilePointer.KERNEL32(00000000,?,00000000,00000000), ref: 004040BF
CloseHandle.KERNEL32(00000000), ref: 004040CD
WriteFile.KERNEL32(00000000,00000000,?,000000FF,00000000), ref: 004040E7
CloseHandle.KERNEL32(00000000), ref: 00404106

Part of subcall function 004041B8: ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000103,00000000,00403CBD,004010B3,?), ref: 004041E0

Strings

\, xrefs: 00404009
.exe, xrefs: 00403EB1
:, xrefs: 00404018

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: File$Create$CloseDirectoryHandle$EnvironmentExpandPointerSizeStringsWrite
String ID: .exe$:$\
API String ID: 3910135208-1936334728
Opcode ID: 07c6cc2da5fd7bc73eee36edc06d27bd476b09bc8f69930adcfd62b545753e8c
Instruction ID: 8da40a83878325327a48a3c8ed4d5288776f62350ec6bc98e64e3549844fff20
Opcode Fuzzy Hash: 07c6cc2da5fd7bc73eee36edc06d27bd476b09bc8f69930adcfd62b545753e8c
Instruction Fuzzy Hash: B271A5B0900258AAEF20CF64CC48BDE7BA8AB55350F1085B6EB44B61C0D3B89EC58F95

Uniqueness

Uniqueness Score: -1.00%

Function 00402F8E Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 133
windowCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E00402F8E(CHAR* _a4, intOrPtr _a8) {
				struct HWND__* _v8;
				void _v263;
				char _v264;
				intOrPtr _t24;
				intOrPtr _t26;
				signed int _t28;
				signed int _t29;
				void* _t32;
				void* _t35;
				CHAR* _t36;
				intOrPtr _t40;
				signed int _t44;
				signed int _t50;
				signed int _t54;
				signed int _t60;
				intOrPtr* _t64;
				signed int _t65;
				CHAR* _t73;
				void* _t74;

				_t54 = 0x3f;
				_v264 = 0;
				_v8 = 0;
				memset( &_v263, 0, _t54 << 2);
				asm("stosw");
				asm("stosb");
				_t73 = _a4;
				_t74 = E00403C71(_t73);
				if(_t74 >= 1) {
					_t24 =  *0x4069f0; // 0x0
					if(_t24 != 0) {
						E00404294(_t24);
						 *0x4069f0 = 0;
					}
					_t8 = _t74 + 0x1000; // 0x1000
					_t26 = E0040424C(_t8, 1);
					 *0x4069f0 = _t26;
					if(_t26 != 0) {
						E00403D51(_t73, _a8, _t26, _t74,  &_v8, 0, 0);
						_t28 = _v8;
						if(_t28 < 2) {
							L10:
							_t29 =  *0x406a00; // 0x0
							if(MessageBoxA(0, "This file does not appear to be a valid recording.\n\nLoad anyway?", _t73, _t29 | 0x00012024) != 7) {
								L15:
								_t32 = E004042AF( *0x4069f0);
								_t60 = 0x14;
								 *0x406b18 = 0;
								 *0x4069f4 = (_t32 - 0x1000) / _t60;
								_t35 = E0040454C(_t73, 0x5c);
								if(_t35 == 0) {
									_t36 = _t73;
								} else {
									_t36 = _t35 + 1;
								}
								E004043F5(0x406b18, _t36);
								SetWindowTextA( *0x4069e0, 0x406b18);
								return _v8;
							}
							_t40 =  *0x4069f0; // 0x0
							if(_t40 != 0) {
								E00404294(_t40);
							}
							 *0x4069f0 = 0;
							goto L14;
						}
						_t64 =  *0x4069f0; // 0x0
						if( *_t64 != 0) {
							goto L10;
						}
						_t65 = 0x14;
						if(_t28 % _t65 == 0) {
							goto L15;
						}
						goto L10;
					} else {
						_t44 =  *0x406a00; // 0x0
						_push(_t44 | 0x00012030);
						_push("TinyTask");
						_push("Memory allocation error!");
						L2:
						MessageBoxA(0, ??, ??, ??);
						L14:
						return 0;
					}
				}
				wsprintfA( &_v264, "Unable to read file \"%s\"", _t73);
				_t50 =  *0x406a00; // 0x0
				_push(_t50 | 0x00012030);
				_push("TinyTask");
				_push( &_v264);
				goto L2;
			}

0x00402f9e
0x00402fa7
0x00402fad
0x00402fb0
0x00402fb2
0x00402fb4
0x00402fb5
0x00402fbe
0x00402fc4
0x00402fff
0x00403006
0x00403009
0x0040300f
0x0040300f
0x00403015
0x0040301e
0x00403027
0x0040302c
0x00403051
0x00403056
0x0040305f
0x00403076
0x00403076
0x00403091
0x004030ad
0x004030b3
0x004030c1
0x004030c7
0x004030cd
0x004030d2
0x004030dc
0x004030e1
0x004030de
0x004030de
0x004030de
0x004030ea
0x004030f8
0x00000000
0x004030fe
0x00403093
0x0040309a
0x0040309d
0x004030a2
0x004030a3
0x00000000
0x004030a3
0x00403061
0x00403069
0x00000000
0x00000000
0x0040306f
0x00403074
0x00000000
0x00000000
0x00000000
0x0040302e
0x0040302e
0x00403038
0x00403039
0x0040303e
0x00402ff3
0x00402ff4
0x004030a9
0x00000000
0x004030a9
0x0040302c
0x00402fd3
0x00402fd9
0x00402fe6
0x00402fed
0x00402ff2
0x00000000

APIs

Part of subcall function 00403C71: GetFileAttributesExA.KERNEL32(?,00000000,?), ref: 00403CE7

wsprintfA.USER32 ref: 00402FD3

Part of subcall function 00403D51: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,004013EF,00000000,00000000), ref: 00403DB9
Part of subcall function 00403D51: SetFilePointer.KERNEL32(00000000,?,?,00000000), ref: 00403DF9
Part of subcall function 00403D51: CloseHandle.KERNEL32(?), ref: 00403E93

MessageBoxA.USER32 ref: 00402FF4
MessageBoxA.USER32 ref: 00403088
SetWindowTextA.USER32(00406B18), ref: 004030F8

Strings

Unable to read file "%s", xrefs: 00402FCD
TinyTask, xrefs: 00402F99, 00402FED, 00403039
Memory allocation error!, xrefs: 0040303E
This file does not appear to be a valid recording.Load anyway?, xrefs: 00403082
TinyTaskClass, xrefs: 00402F98

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: File$Message$AttributesCloseCreateHandlePointerTextWindowwsprintf
String ID: Memory allocation error!$This file does not appear to be a valid recording.Load anyway?$TinyTask$TinyTaskClass$Unable to read file "%s"
API String ID: 344658048-2912620699
Opcode ID: 5fcaffc6a2ab7b823241455dc34ed20f4e8bcb65c2bbef984b7f86e285a76b6a
Instruction ID: c9cd6a8f688574f1fc342cda05c0a042cae3b483400ee2c9893451d3259a965f
Opcode Fuzzy Hash: 5fcaffc6a2ab7b823241455dc34ed20f4e8bcb65c2bbef984b7f86e285a76b6a
Instruction Fuzzy Hash: 324103F2A01100BFD7109F64ED86EAB3BADF791340B11043FF502F61D2DA799A509A6C

Uniqueness

Uniqueness Score: -1.00%

Function 004032FD Relevance: 9.1, APIs: 6, Instructions: 147
keyboardtimeCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E004032FD(struct HWND__* _a4, int _a8) {
				signed int _v5;
				struct tagPOINT _v16;
				signed int _v28;
				signed int _v32;
				long _v36;
				intOrPtr _t60;
				signed char _t66;
				signed int _t67;
				struct HWND__* _t68;
				signed int _t69;
				signed int _t71;
				signed int _t73;
				long _t75;
				signed int _t80;
				signed char _t85;
				signed int _t86;
				intOrPtr _t88;
				signed int _t92;
				signed int _t96;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr _t100;
				signed int _t101;
				long _t103;
				intOrPtr _t105;
				intOrPtr _t107;
				signed int _t113;
				signed int _t116;
				int _t117;
				int _t118;
				void* _t133;

				_t92 = 0;
				_v16.x = 0;
				_v36 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t60 =  *0x4069f0; // 0x0
				if(_t60 == 0) {
					L3:
					 *0x4069f0 = E00404266( *0x4069f0, _t92 + 0x4e20);
				} else {
					_t92 = E004042AF(_t60);
					if(_t92 < 1) {
						goto L3;
					} else {
						_t80 =  *0x4069f4; // 0x0
						_t116 = 0x14;
						_t5 = _t80 + 0x64; // 0x64
						if(_t5 >= _t92 / _t116) {
							goto L3;
						}
					}
				}
				_v5 = 1;
				while(1) {
					_t117 = _v5 & 0x000000ff;
					_t85 = GetAsyncKeyState(_t117) >> 0x0000000f & 0x00000001;
					if( *((intOrPtr*)(_t117 + 0x406d20)) != _t85) {
						break;
					}
					_v5 = _v5 + 1;
					if(_v5 < 0xff) {
						continue;
					} else {
					}
					L9:
					GetCursorPos( &_v16);
					_t66 = _v5;
					if(_t66 >= 0xff) {
						L17:
						_t67 = _v16.y;
						_t86 = _v28;
						_t113 = _v32;
					} else {
						if(_t66 == 1) {
							asm("sbb ebx, ebx");
							_t88 =  ~_t85 + 0x202;
							goto L16;
						} else {
							if(_t66 == 2) {
								asm("sbb ebx, ebx");
								_t88 =  ~_t85 + 0x205;
								L16:
								_t67 = _v16.y;
								_t113 = _v16.x;
								_v36 = _t88;
								_t86 = _t67;
							} else {
								if(_t66 == 0xa0) {
									goto L17;
								} else {
									_t118 = _t66 & 0x000000ff;
									asm("sbb ebx, ebx");
									_v36 =  ~_t85 + 0x101;
									_t86 = MapVirtualKeyA(_t118, 0);
									_t67 = _v16.y;
									_t113 = _t86 << 0x00000008 | _t118;
								}
							}
						}
					}
					if(_v36 != 0) {
						L23:
						_t68 = GetForegroundWindow();
						_t96 =  *0x4069f4; // 0x0
						_t105 =  *0x4069f0; // 0x0
						 *(_t105 + 0x10 + (_t96 + _t96 * 4) * 4) = _t68;
						_t69 =  *0x4069f4; // 0x0
						_t98 =  *0x4069f0; // 0x0
						 *((intOrPtr*)(_t98 + (_t69 + _t69 * 4) * 4)) = _v36;
						_t71 =  *0x4069f4; // 0x0
						_t99 =  *0x4069f0; // 0x0
						 *(_t99 + 4 + (_t71 + _t71 * 4) * 4) = _t113;
						_t73 =  *0x4069f4; // 0x0
						_t100 =  *0x4069f0; // 0x0
						 *(_t100 + 8 + (_t73 + _t73 * 4) * 4) = _t86;
						_t75 = GetTickCount();
						_t101 =  *0x4069f4; // 0x0
						_t107 =  *0x4069f0; // 0x0
						 *(_t107 + 0xc + (_t101 + _t101 * 4) * 4) = _t75;
						 *0x4069f4 =  *0x4069f4 + 1;
					} else {
						_t103 = _v16.x;
						if(_t103 != 0 && _t67 != 0) {
							_t133 = _t67 + _t103 -  *0x406d20; // 0x0
							if(_t133 != 0) {
								_t86 = _t67;
								_v36 = 0x200;
								_t113 = _t103;
								 *0x406d20 = _t67 + _t103;
								goto L23;
							}
						}
					}
					return SetTimer(_a4, _a8, 0xa, 0);
				}
				 *((_v5 & 0x000000ff) + 0x406d20) = _t85;
				goto L9;
			}

0x00403306
0x0040330d
0x00403310
0x00403313
0x00403317
0x00403318
0x00403319
0x0040331a
0x0040331b
0x00403322
0x00403347
0x0040335a
0x00403324
0x0040332b
0x00403330
0x00000000
0x00403332
0x00403332
0x0040333b
0x0040333c
0x00403345
0x00000000
0x00000000
0x00403345
0x00403330
0x00403360
0x00403364
0x00403364
0x00403375
0x0040337e
0x00000000
0x00000000
0x00403380
0x00403387
0x00000000
0x00000000
0x00403389
0x00403395
0x00403399
0x0040339f
0x004033a4
0x004033fc
0x004033fc
0x004033ff
0x00403402
0x004033a6
0x004033a8
0x004033db
0x004033dd
0x00000000
0x004033aa
0x004033ac
0x004033e7
0x004033e9
0x004033ef
0x004033ef
0x004033f2
0x004033f5
0x004033f8
0x004033ae
0x004033b0
0x00000000
0x004033b2
0x004033b4
0x004033b7
0x004033c2
0x004033cb
0x004033cd
0x004033d5
0x004033d5
0x004033b0
0x004033ac
0x004033a8
0x00403409
0x0040343f
0x0040343f
0x00403445
0x0040344b
0x00403454
0x00403458
0x0040345d
0x00403469
0x0040346c
0x00403471
0x0040347a
0x0040347e
0x00403483
0x0040348c
0x00403490
0x00403496
0x0040349c
0x004034a5
0x004034a9
0x0040340b
0x0040340b
0x00403410
0x00403421
0x00403427
0x0040342d
0x00403431
0x00403438
0x0040343a
0x00000000
0x0040343a
0x00403427
0x00403410
0x004034c3
0x004034c3
0x0040338f
0x00000000

APIs

GetAsyncKeyState.USER32(00000001), ref: 00403369
GetCursorPos.USER32(?,?,?,004018B2,?,000003E9), ref: 00403399
MapVirtualKeyA.USER32 ref: 004033C5
GetForegroundWindow.USER32 ref: 0040343F
GetTickCount.KERNEL32 ref: 00403490
SetTimer.USER32(?,?,0000000A,00000000), ref: 004034B9

Part of subcall function 004042AF: GetProcessHeap.KERNEL32(00000000,004030B8,004030B8,?,?,?,?,TinyTask,TinyTaskClass,00000000), ref: 004042BC
Part of subcall function 004042AF: HeapSize.KERNEL32(00000000,?,?,?,?,TinyTask,TinyTaskClass,00000000), ref: 004042C3

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: Heap$AsyncCountCursorForegroundProcessSizeStateTickTimerVirtualWindow
String ID:
API String ID: 175720748-0
Opcode ID: e83bb533e0d08fd17107e67ad3e5ed6471b9c8e4360c5cc6a7ac0e2136a3821c
Instruction ID: 3917149623daab9b3b11a6181ed47ccfb7e0b51bffcb73df27bb2f5f6ecbd573
Opcode Fuzzy Hash: e83bb533e0d08fd17107e67ad3e5ed6471b9c8e4360c5cc6a7ac0e2136a3821c
Instruction Fuzzy Hash: 905104B5A042099FDB04CF98D994AAE7BB9FB49300F06017ED902B7392C7799916CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00403D51 Relevance: 9.1, APIs: 6, Instructions: 129
fileCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E00403D51(void* _a4, long _a8, void* _a12, long _a16, intOrPtr* _a20, signed int _a24, signed int _a28) {
				long _v8;
				long _v12;
				long _v16;
				void _v275;
				char _v276;
				intOrPtr* _t35;
				signed int _t41;
				long _t42;
				intOrPtr* _t50;
				long _t52;
				signed int _t56;
				void* _t72;
				long _t73;
				void* _t74;

				_t56 = 0x40;
				_v276 = 0;
				_t74 = 0;
				memset( &_v275, 0, _t56 << 2);
				asm("stosw");
				asm("stosb");
				_t35 = _a4;
				_v8 = 0;
				_v16 = 0;
				_v12 = 0;
				if(_t35 == 0 ||  *_t35 == 0) {
					L27:
					return 0;
				} else {
					E004041B8(_t35,  &_v276);
					_t72 = CreateFileA( &_v276, 0x80000000, 3, 0, 3, 0x80, 0);
					_a4 = _t72;
					if(_t72 == 0xffffffff || _t72 == 0) {
						L24:
						return _t74;
					} else {
						_t41 = _a28;
						if((_a24 | _t41) == 0) {
							L6:
							_t42 = _a8;
							L7:
							if(SetFilePointer(_t72, _t42,  &_v12, 0) != 0xffffffff) {
								if(_a16 == 0) {
									_t73 = GetFileSize(_t72,  &_v16);
								} else {
									_t73 = _a16;
								}
								if(_t73 == 0 || _v16 != 0) {
									L25:
									_push(_a4);
									L26:
									CloseHandle();
									goto L27;
								} else {
									_t74 = _a12;
									if(_t74 != 0) {
										L16:
										 *_t74 = 0;
										if(ReadFile(_a4, _t74, _t73,  &_v8, 0) == 0) {
											L19:
											if(_a12 == 0) {
												E00404294(_t74);
											}
											_t74 = 0;
											L22:
											CloseHandle(_a4);
											_t50 = _a20;
											if(_t50 != 0) {
												 *_t50 = _v8;
											}
											goto L24;
										}
										_t52 = _v8;
										if(_t73 != _t52) {
											goto L19;
										}
										 *((char*)(_t74 + _t52)) = 0;
										goto L22;
									}
									_t23 = _t73 + 0x100; // 0x100
									_t74 = E0040424C(_t23, 1);
									if(_t74 == 0) {
										goto L25;
									}
									goto L16;
								}
							}
							_push(_t72);
							goto L26;
						}
						_v12 = _t41;
						_t42 = _a24;
						if(_a24 != 0) {
							goto L7;
						}
						goto L6;
					}
				}
			}

0x00403d61
0x00403d6a
0x00403d70
0x00403d72
0x00403d74
0x00403d76
0x00403d77
0x00403d7a
0x00403d7f
0x00403d82
0x00403d85
0x00403e99
0x00000000
0x00403d93
0x00403d9b
0x00403dbf
0x00403dc4
0x00403dc7
0x00403e8c
0x00000000
0x00403dd5
0x00403dd8
0x00403ddd
0x00403def
0x00403def
0x00403df2
0x00403e02
0x00403e0d
0x00403e1f
0x00403e0f
0x00403e0f
0x00403e0f
0x00403e23
0x00403e90
0x00403e90
0x00403e93
0x00403e93
0x00000000
0x00403e2a
0x00403e2a
0x00403e2f
0x00403e47
0x00403e4e
0x00403e5b
0x00403e69
0x00403e6c
0x00403e6f
0x00403e74
0x00403e75
0x00403e77
0x00403e7a
0x00403e80
0x00403e85
0x00403e8a
0x00403e8a
0x00000000
0x00403e85
0x00403e5d
0x00403e62
0x00000000
0x00000000
0x00403e64
0x00000000
0x00403e64
0x00403e31
0x00403e3f
0x00403e45
0x00000000
0x00000000
0x00000000
0x00403e45
0x00403e23
0x00403e04
0x00000000
0x00403e04
0x00403de1
0x00403de4
0x00403ded
0x00000000
0x00000000
0x00000000
0x00403ded
0x00403dc7

APIs

Part of subcall function 004041B8: ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000103,00000000,00403CBD,004010B3,?), ref: 004041E0

CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,004013EF,00000000,00000000), ref: 00403DB9
SetFilePointer.KERNEL32(00000000,?,?,00000000), ref: 00403DF9
GetFileSize.KERNEL32(00000000,?), ref: 00403E19

Part of subcall function 00404294: GetProcessHeap.KERNEL32(00000000,00000000,00403E74), ref: 004042A1
Part of subcall function 00404294: HeapFree.KERNEL32(00000000), ref: 004042A8

ReadFile.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 00403E53
CloseHandle.KERNEL32(?), ref: 00403E7A
CloseHandle.KERNEL32(?), ref: 00403E93

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: File$CloseHandleHeap$CreateEnvironmentExpandFreePointerProcessReadSizeStrings
String ID:
API String ID: 1816096457-0
Opcode ID: b3fd22435e9b329dc351627aeae7242ca4276a9562244ad96ff470530f814aa4
Instruction ID: b5f316e1afa3e22c7f331fb2ff24944f916168b3e433f6b7ad5bbaf1a6fc231f
Opcode Fuzzy Hash: b3fd22435e9b329dc351627aeae7242ca4276a9562244ad96ff470530f814aa4
Instruction Fuzzy Hash: DB418E72900109AFDB219FA4D8859AF7BADEB44355F10427FFA15B72C0D7349E80CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00403C71 Relevance: 9.1, APIs: 6, Instructions: 87
fileCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E00403C71(intOrPtr* _a4) {
				long _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void _v40;
				void _v44;
				void _v303;
				char _v304;
				intOrPtr* _t22;
				signed int _t38;
				long _t49;
				void* _t50;

				_t38 = 0x40;
				_v304 = 0;
				_push(8);
				memset( &_v303, 0, _t38 << 2);
				asm("stosw");
				asm("stosb");
				_v44 = 0;
				memset( &_v40, 0, 0 << 2);
				_t22 = _a4;
				_v8 = 0;
				if(_t22 == 0 ||  *_t22 == 0) {
					GetModuleFileNameA(GetModuleHandleA(0),  &_v304, 0x103);
				} else {
					E004041B8(_t22,  &_v304);
				}
				if(GetFileAttributesExA( &_v304, 0,  &_v44) == 0) {
					_t50 = CreateFileA( &_v304, 0x80000000, 3, 0, 3, 0x80, 0);
					if(_t50 != 0xffffffff) {
						_t49 = GetFileSize(_t50,  &_v8);
						CloseHandle(_t50);
						if(_t49 != 0xffffffff) {
							if(_v8 == 0) {
								goto L13;
							}
							goto L12;
						}
						_t49 = 0;
						goto L13;
					}
					return 0;
				} else {
					if(_v16 != 0) {
						L12:
						_t49 = 0x7ffffffe;
						L13:
						return _t49;
					}
					_t49 = _v12;
					goto L13;
				}
			}

0x00403c81
0x00403c8a
0x00403c90
0x00403c92
0x00403c94
0x00403c96
0x00403c9d
0x00403ca0
0x00403ca2
0x00403ca5
0x00403caa
0x00403cd5
0x00403cb0
0x00403cb8
0x00403cbe
0x00403cef
0x00403d18
0x00403d1d
0x00403d2f
0x00403d31
0x00403d3a
0x00403d43
0x00000000
0x00000000
0x00000000
0x00403d43
0x00403d3c
0x00000000
0x00403d3c
0x00000000
0x00403cf1
0x00403cf4
0x00403d45
0x00403d45
0x00403d4a
0x00000000
0x00403d4a
0x00403cf6
0x00000000
0x00403cf6

APIs

GetModuleHandleA.KERNEL32(00000000,?,00000103,?,00000000,00000000), ref: 00403CCE
GetModuleFileNameA.KERNEL32(00000000), ref: 00403CD5
GetFileAttributesExA.KERNEL32(?,00000000,?), ref: 00403CE7
CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00403D12

Part of subcall function 004041B8: ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000103,00000000,00403CBD,004010B3,?), ref: 004041E0

GetFileSize.KERNEL32(00000000,00000000), ref: 00403D28
CloseHandle.KERNEL32(00000000), ref: 00403D31

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: File$HandleModule$AttributesCloseCreateEnvironmentExpandNameSizeStrings
String ID:
API String ID: 2999226569-0
Opcode ID: 75a960e8d0d3512e1e86c0eb56eb0a42eb14ca122255a11b3d137bc1e1748b50
Instruction ID: b3cbe73655d71a56831554f143beb0ef12ce0f354b1f59c7bfe5d60ee1a6bebe
Opcode Fuzzy Hash: 75a960e8d0d3512e1e86c0eb56eb0a42eb14ca122255a11b3d137bc1e1748b50
Instruction Fuzzy Hash: D5217F72904208AFEB109FB4DC44ADF7BADEB49721F204176E641F72C0DA749F448BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00404111 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E00404111(struct HWND__* _a4, signed char* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v28;
				signed char* _v36;
				intOrPtr _v48;
				signed char* _v52;
				intOrPtr _v68;
				void _v76;
				signed int _v80;
				int _t32;
				void* _t34;
				signed int _t36;
				struct HWND__* _t42;
				signed char* _t43;

				_v80 = _v80 & 0x00000000;
				_t43 = _a8;
				_t36 = 0x12;
				memset( &_v76, 0, _t36 << 2);
				if(_t43 == 0) {
					L11:
					return 0;
				}
				_t42 = _a4;
				_v80 = 0x4c;
				if(_t42 == 0 || IsWindow(_t42) == 0) {
					_v76 = GetForegroundWindow();
				} else {
					_v76 = _t42;
				}
				_v52 = _t43;
				_v48 = 0x102;
				asm("sbb eax, eax");
				_v36 = _t43;
				_v28 = ( ~(_a16 - 1) & 0x0000e804) + 0x00201800 | 0x00080000;
				_v68 = _a12;
				_push( &_v80);
				if(_a16 != 1) {
					_t32 = GetSaveFileNameA();
				} else {
					_t32 = GetOpenFileNameA();
				}
				if(_t32 == 0) {
					 *_t43 =  *_t43 & 0x00000000;
					goto L11;
				} else {
					E004043F5(_t43, _v52);
					_t34 = 1;
					return _t34;
				}
			}

0x00404117
0x0040411c
0x00404124
0x0040412a
0x0040412c
0x004041b2
0x00000000
0x004041b2
0x00404132
0x00404135
0x0040413e
0x00404156
0x0040414b
0x0040414b
0x0040414b
0x0040415c
0x00404160
0x00404169
0x0040416b
0x00404180
0x00404186
0x0040418c
0x0040418d
0x00404196
0x0040418f
0x0040418f
0x0040418f
0x0040419d
0x004041af
0x00000000
0x0040419f
0x004041a3
0x004041ac
0x00000000
0x004041ac

APIs

IsWindow.USER32(?), ref: 00404141
GetForegroundWindow.USER32(?,00000111), ref: 00404150
GetOpenFileNameA.COMDLG32(0000004C), ref: 0040418F
GetSaveFileNameA.COMDLG32(0000004C), ref: 00404196

Strings

L, xrefs: 00404135

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: FileNameWindow$ForegroundOpenSave
String ID: L
API String ID: 1547633837-2909332022
Opcode ID: 203642403992c7d13a1b2299c4655860ac4c6e1cce9b2d6c3c2558c3381d5d98
Instruction ID: 40dd501beb27032aec853ef34f8e98dddd641efa0bbcaaadc1f3ee6cc5052ac7
Opcode Fuzzy Hash: 203642403992c7d13a1b2299c4655860ac4c6e1cce9b2d6c3c2558c3381d5d98
Instruction Fuzzy Hash: 1C1166B1D142189BDB509FA4D8097DE7BF4EF98310F14403AEA11F63C1D77894458B95

Uniqueness

Uniqueness Score: -1.00%

Function 004032B3 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

GetWindowLongA.USER32 ref: 004032BE
GetWindowTextA.USER32 ref: 004032D4
CallWindowProcA.USER32 ref: 004032E9
DefWindowProcA.USER32(?,?,?,?), ref: 004032F1

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: Window$Proc$CallLongText
String ID:
API String ID: 408388722-0
Opcode ID: e70d1203840c1e1d028c4dcc924a8ca89febfb83c76f6fd1708ded4e57a71940
Instruction ID: 364614a2716f17ddbf5b69f50aeda33f382634b64e25361f72de28a693adc4e4
Opcode Fuzzy Hash: e70d1203840c1e1d028c4dcc924a8ca89febfb83c76f6fd1708ded4e57a71940
Instruction Fuzzy Hash: 77E0A032100518FBCB115F509D0DE9F3B2DEB8A762B004035F60179191C7744910AFA9

Uniqueness

Uniqueness Score: -1.00%

Function 004041F6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 24%

			E004041F6(intOrPtr* _a4, CHAR* _a8, CHAR* _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v35;
				char _v36;
				void* _t13;
				signed int _t18;
				intOrPtr* _t23;

				_t18 = 7;
				_v36 = 0;
				_t13 = memset( &_v35, 0, _t18 << 2);
				_t23 = _a4;
				asm("stosw");
				asm("stosb");
				if(_t23 != 0 &&  *_t23 != 0) {
					if(_a16 == 0) {
						E0040457D(_a20,  &_v36, 0xa);
						_push(_t23);
						_push( &_v36);
					} else {
						_push(_t23);
						_push(_a16);
					}
					return WritePrivateProfileStringA(_a8, _a12, ??, ??);
				}
				return _t13;
			}

0x00404202
0x00404208
0x0040420b
0x0040420d
0x00404210
0x00404214
0x00404215
0x0040421e
0x0040422f
0x0040423a
0x0040423b
0x00404220
0x00404220
0x00404221
0x00404221
0x00000000
0x00404242
0x0040424b

APIs

WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 00404242

Strings

TinyTask, xrefs: 004041FC
C:\Users\user\Desktop\tinytask-1-77.ini, xrefs: 004041FD

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: PrivateProfileStringWrite
String ID: C:\Users\user\Desktop\tinytask-1-77.ini$TinyTask
API String ID: 390214022-3265091041
Opcode ID: 2ac02feb6d68e60994b3cece93c09fb20cfaa564e9d84518809362d8d2158a58
Instruction ID: bc95696e4e7e7b96e5794030eb7730004083230367b0ef7d8b0c896e9a36f2f2
Opcode Fuzzy Hash: 2ac02feb6d68e60994b3cece93c09fb20cfaa564e9d84518809362d8d2158a58
Instruction Fuzzy Hash: C0F0AF76904259BADF219E55EC01DEF3F79EB89380F04417AFA0076180D375991486E6

Uniqueness

Uniqueness Score: -1.00%

Function 00404266 Relevance: 5.0, APIs: 4, Instructions: 15
memoryCOMMON

Download Yara Rule

C-Code - Quality: 33%

			E00404266(void* _a4, intOrPtr _a8) {

				_push(_a8);
				if(_a4 == 0) {
					return HeapAlloc(GetProcessHeap(), 0, ??);
				} else {
					return HeapReAlloc(GetProcessHeap(), 0, _a4, ??);
				}
			}

0x00404266
0x00404270
0x00404293
0x00404272
0x00404284
0x00404284

APIs

GetProcessHeap.KERNEL32(00000000,000003E9,000003E9,00403359,-00004E20,?,000003E9,00000000,?,?,004018B2,?,000003E9), ref: 00404277
HeapReAlloc.KERNEL32(00000000,?,?,004018B2,?,000003E9), ref: 0040427E
GetProcessHeap.KERNEL32(00000000,000003E9,00403359,-00004E20,?,000003E9,00000000,?,?,004018B2,?,000003E9), ref: 00404286
HeapAlloc.KERNEL32(00000000,?,?,004018B2,?,000003E9), ref: 0040428D

Memory Dump Source

Source File: 00000001.00000002.509777048.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.509754371.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509790466.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509816952.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.509825812.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_tinytask-1-77.jbxd

Similarity

API ID: Heap$AllocProcess
String ID:
API String ID: 1617791916-0
Opcode ID: 25923d58f9ba744ef32945f6f7028fa29fe1bb2476332cf68c41ec0cf0e94e74
Instruction ID: 7a16b1018b14c468b32ef241bb36a15b07f1f7d4bad3af964a1caa484586cb57
Opcode Fuzzy Hash: 25923d58f9ba744ef32945f6f7028fa29fe1bb2476332cf68c41ec0cf0e94e74
Instruction Fuzzy Hash: 62D067B1904701ABCF006BB0DE0C91F7AA9FB88342B488868B146E1020DA348040DF65

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report tinytask-1-77.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: tinytask-1-77.exePID: 1396, Parent PID: 1060

General

File Activities

File Opened

File Attributes Queried

Volume Information Queried

Device IO

Section Activities

Sections loaded by Windows

Windows Analysis Report
tinytask-1-77.exe

Function 00401489 Relevance: 202.3, APIs: 84, Strings: 31, Instructions: 1033
windowtimeCOMMON

Function 00401000 Relevance: 80.9, APIs: 28, Strings: 18, Instructions: 408
windowregistryCOMMON

Function 00402148 Relevance: 54.5, APIs: 30, Strings: 1, Instructions: 293
keyboardtimesleepCOMMON

Function 0040392F Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 159
windowCOMMON

Function 00402D18 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 109
COMMON

Function 004026E5 Relevance: 105.3, APIs: 41, Strings: 19, Instructions: 332
windowCOMMON

Function 00402462 Relevance: 47.5, APIs: 26, Strings: 1, Instructions: 239
keyboardCOMMON

Function 00403842 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 100
windowCOMMON

Function 00402B94 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 90
timewindowCOMMON

Function 00402E89 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 46
timewindowCOMMON

Function 00402E5B Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 23
COMMON

Function 00402CD3 Relevance: 7.5, APIs: 5, Instructions: 44
COMMON

Function 00402B44 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27
windowCOMMON

Function 00402AFA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27
windowCOMMON

Function 00404680 Relevance: 6.1, APIs: 4, Instructions: 56
COMMON

Function 00402C9C Relevance: 3.0, APIs: 2, Instructions: 30
COMMON