File Information hashes and primary classification
File name
6b08010bf6a5148ea64abdea3edfac0ed11a27137def1f8f6e6c7a996870a8e8
File size
2.7 MiB
Architecture
X64
MD5
109451d265aae647565d10eb9e591569
SHA1
89a64a719da47d46cdd0248d940751b1283f6032
SHA256
6b08010bf6a5148ea64abdea3edfac0ed11a27137def1f8f6e6c7a996870a8e8
TLSH
T1aed5334672d490b2d0b4a73984f347935b36bde427342a6f7284f17a6d33ac5a1b0f92
Imphash
4cea7ae85c87ddc7295d39ff9cda31d1
Rich header
b6989cad4924050662ea91c22ada1464
Metadata parser-extracted fields
General:
Compile date:
2019-11-22 13:50:05
VersionInfo:
Comments:
Resource consumption tracking for sustainability.
CompanyName:
EcoOptimize Solutions
FileDescription:
Resource consumption tracking for sustainability.
FileVersion:
LegalCopyright:
Copyright © EcoOptimize Solutions 2012 All rights reserved.
ProductName:
GaiaTrack
ProductVersion:
2.03.6.94523
InternalName:
Wextract
OriginalFilename:
WEXTRACT.EXE .MUI
Debug:
Date.Debug.Codeview:
2062-07-25 12:18:00
Path:
wextract.pdb
Date.Debug.Pogo:
2062-07-25 12:18:00
Date.Debug.Repro:
2062-07-25 12:18:00
YARA Signatures 3 matching rules

Type.UNCOMMON

persistence
AutorunKey
lateral movement
ElevatePrivileges

Type.INFO

sfx
CabSelfExtractor
Kesakode similarity verdict
No Kesakode verdict available.
Anomalies signals worth reviewing
resources: BigResourceHighEntropy RcdataNoDelphi
strings: BigStringHiScore
time: DebugTimeDifferentThanTimeDateStamp
entropy: HighEntropy
code: HighXrefLoopingFunction SpaghettiFunction
integrity: InvalidChecksum
sections: SectionMostlyVirtual
Constants identified constants and patterns
registry: HKEY_LOCAL_MACHINE 6 autorun 1 HKEY_CURRENT_USER 1
Strings highest-value extracted strings
Kesakode
35579
Malware 0 Library 5 Unknown 35492 Clean 82
AddressStringRefsEncodingScore
0x14000C088 Software\Microsoft\Windows\CurrentVersion\RunOnce 3 ASCII 234
0x1402BB3E0 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>\r\n<!-- Copyright (c) Microsoft Corporation -->\r\n<assembly ... 1 ASCII 225
0x1400098E8 POSTRUNPROGRAM 1 ASCII 203
0x140009958 PACKINSTSPACE 1 ASCII 203
0x14000C0C0 wextract_cleanup%d 1 ASCII 199
0x1400099D0 UPDFILE%lu 1 ASCII 187
0x14000C160 System\CurrentControlSet\Control\Session Manager\FileRenameOperations 1 ASCII 172
0x14000C020 System\CurrentControlSet\Control\Session Manager 1 ASCII 168
0x1400097E8 Software\Microsoft\Windows\CurrentVersion\App Paths 1 ASCII 167
0x14003F538 MSCF 1 ASCII 161
0x140009820 Kernel32.dll 1 UTF16 157
0x1400097D8 wininit.ini 1 ASCII 157
0x140009A7C wextract.pdb 0 ASCII 148
0x14000C1B0 SHELL32.DLL 1 ASCII 147
0x140009908 LoadString() Error. Could not load string resource. 1 ASCII 146
0x14003ED14 ;Command line option syntax error. Type Command /? for Help. 1 UTF16 144
0x140009778 setupapi.dll 1 ASCII 143
0x1400099A0 msdownld.tmp 1 ASCII 143
0x1400099E0 Control Panel\Desktop\ResourceLocale 1 ASCII 142
0x14003DD78 CFailed to get disk space information from: %s.\n\nSystem Message: %s.&A required resource cannot be located. Are you... 1 UTF16 140
0x1400097A8 advpack.dll 4 ASCII 139
0x140009708 advapi32.dll 2 ASCII 138
0x14000C0D8 rundll32.exe %s,InstallHinfSection %s 128 %s 1 ASCII 137
0x14000C108 PendingFileRenameOperations 1 ASCII 137
0x140009970 IXP%03d.TMP 1 ASCII 137
0x14000A902 AdjustTokenPrivileges 0 ASCII 136
0x14000C058 rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s" 2 ASCII 134
0x14000C1D0 SHBrowseForFolder 1 ASCII 133
0x140009768 setupx.dll 2 ASCII 132
0x140009840 HeapSetInformation 1 ASCII 131
0x1402BA9EC cmd /v /c Set wDveSp=cmd & !wDveSp! < Crap.aac 1 ASCII 130
0x140009718 CheckTokenMembership 1 ASCII 130
0x140009870 INSTANCECHECK 1 ASCII 130
0x140009948 FILESIZES 1 ASCII 130
0x1400099C0 RegServer 1 ASCII 130
0x1400098B8 SHOWWINDOW 1 ASCII 129
0x140009790 SeShutdownPrivilege 1 ASCII 128
0x1400098C8 ADMQCMD 1 ASCII 128
0x1400097B8 DelNodeRunDLL32 1 ASCII 127
0x140009880 VERCHECK 1 ASCII 127
0x14000C1E8 SHGetPathFromIDList 1 ASCII 125
0x1400099B0 TMP4351$.TMP 1 ASCII 125
0x140009860 EXTRACTOPT 1 ASCII 125
0x140009990 alpha 1 ASCII 124
0x140009854 TITLE 1 ASCII 124
0x140009748 Reboot 1 ASCII 123
0x1400098B0 REBOOT 1 ASCII 123
0x14000C128 DefaultInstall 2 ASCII 122
0x140009890 DecryptFileA 1 ASCII 122
0x140009750 AdvancedINF 1 ASCII 122
0x1402BAA4C Incl Writing Laid Limiting Colorado Indication Disaster Basket 1 ASCII 120
0x14000C1C0 DoInfInstall 2 ASCII 120
0x1400098D8 RUNPROGRAM 3 ASCII 118
0x1400098F8 FINISHMSG 2 ASCII 118
0x14000C138 Command.com /c %s 2 ASCII 117
0x140009760 Version 1 ASCII 117
0x1400098D0 USRQCMD 1 ASCII 117
0x140009980 i386 1 ASCII 116
0x140009988 mips 1 ASCII 116
0x140009788 .BAT 1 ASCII 116
0x140009738 .INF 1 ASCII 116
0x14000B0E6 COMCTL32.dll 1 ASCII 115
0x14000A918 ADVAPI32.dll 1 ASCII 115
0x14000ADD4 KERNEL32.dll 1 ASCII 115
0x1400098A0 LICENSE 2 ASCII 115
0x140009968 UPROMPT 2 ASCII 115
0x14000C150 %s /D:%s 1 ASCII 113
0x14000B0F4 Cabinet.dll 1 ASCII 112
0x14000B142 VERSION.dll 1 ASCII 112
0x14000AFE2 USER32.dll 1 ASCII 112
0x14000B0C6 msvcrt.dll 1 ASCII 112
0x14000ADF2 GDI32.dll 1 ASCII 112
0x140009940 CABINET 2 ASCII 109
0x14000C200 *MEMCAB 3 ASCII 109
0x1400098A8 <None> 6 ASCII 109
0x14003DE92 8Unable to retrieve operating system version information.!Memory allocation request failed. 0 UTF16 108
0x1402BAA20 makecab.exe /jkdhfihu3478yr983834803 1 ASCII 108
0x14003D640 Please type the location where you want to place the extracted files. 0 UTF16 107
0x14003D33C Please read the following license agreement. Press the PAGE DOWN key to see the rest of the agreement. 0 UTF16 106
0x14003DFC4 Filetable full.%Can not change to destination folder. 0 UTF16 105
0x14003E570 Error loading %shGetProcAddress() failed on function '%s'. Possible reason: incorrect version of advpack.dll being u... 0 UTF16 104
0x14003F044 eAnother copy of the '%s' package is already running on your system. Do you want to run another copy? 0 UTF16 103
0x1402BAC38 Resource consumption tracking for sustainability. 0 UTF16 103
0x1402BAD70 Resource consumption tracking for sustainability. 0 UTF16 103
0x14003E8AC $NT Shutdown: OpenProcessToken error.)NT Shutdown: AdjustTokenPrivileges error.!NT Shutdown: ExitWindowsEx error.}Ext... 0 UTF16 102
0x14003ED8E Command line options:\n\n/Q -- Quiet modes for package,\n\n/T:<full path> -- Specifies temporary working folder,\n\n/... 0 UTF16 102
0x14003E3BA (Error creating process <%s>. Reason: %s1The cluster size in this system is not supported.,A required resource appea... 0 UTF16 102
0x14003F170 You do not have administrator privileges on this machine. Some installations cannot be completed correctly unless the... 0 UTF16 102
0x14003D448 Do you accept all of the terms of the preceding License Agreement? If you choose No, Install will close. To install y... 0 UTF16 102
0x14003DCFC 4Please select a folder to store the extracted files. 0 UTF16 102
0x14003E030 Setup could not find a drive with %s KB free disk space to install the program. Please free up some space first and p... 0 UTF16 101
0x14003E6FE To install this program, you need %s KB disk space on drive %s. It is recommended that you free up the required disk ... 0 UTF16 101
0x14003F29A :The folder '%s' does not exist. Do you want to create it?hAnother copy of the '%s' package is already running on yo... 0 UTF16 98
0x1402BB25A Microsoft Corporation. All rights reserved. 0 UTF16 98
0x1402BB2DC WEXTRACT.EXE .MUI 0 UTF16 97
0x14000FD70 RIFF 1 ASCII 97
0x1402BAE5A EcoOptimize Solutions 2012 All rights reserved. 0 UTF16 96
0x1402BB194 11.00.22621.1 (WinBuild.160101.0800) 0 UTF16 95
0x14000FC72 CABINET\nEXTRACTOPT FILESIZES FINISHMSG 0 UTF16 94
0x14003CC28 Please wait while Setup is loading... 0 UTF16 92
0x14003C5D0 Please wait while Setup is loading... 0 UTF16 92
0x14003D280 Please wait while Setup is loading... 0 UTF16 92
0x14003DF4C #Unable to create extraction thread. 0 UTF16 92
0x14003DB8C Initializing... Please wait... 0 UTF16 90
0x14003D9CC Initializing... Please wait... 0 UTF16 90
0x1402BB0E4 Win32 Cabinet Self-Extractor 0 UTF16 89
0x14003D7EC Do you want to overwrite the file: 0 UTF16 89
0x14003E866 Error retrieving Windows folder 0 UTF16 89
0x14000FD0A REBOOT\nRUNPROGRAM\nSHOWWINDOW 0 UTF16 88
0x14003F530 <None> 1 ASCII 88
0x1402BAA8C <None> 1 ASCII 88
0x1402BA9E0 <None> 1 ASCII 88
0x1402BA9D8 <None> 1 ASCII 88
0x1402BAA94 <None> 1 ASCII 88
0x14000FCC0 LICENSE\rPACKINSTSPACE 0 UTF16 87
0x1402BB380 11.00.22621.1 0 UTF16 87
0x140009A64 RSDSh\rr 2 ASCII 86
0x1402BACBC EcoOptimize Solutions 0 UTF16 84
0x14003F6E0 Intended.aac 0 ASCII 84
0x14003DCB8 Do you want to continue? 0 UTF16 82
0x1402BB090 Microsoft Corporation 0 UTF16 82
0x14003F112 Could not find the file: %s. 0 UTF16 81
0x1402BAB8E VS_VERSION_INFO 0 UTF16 81
0x1402BAFDE VS_VERSION_INFO 0 UTF16 81
0x14003F5C1 Fraction.aac 0 ASCII 81
0x14003F5F9 Gba.aac 0 ASCII 81
0x14003E6C4 Could not create folder '%s' 0 UTF16 80
0x1402BB2BA OriginalFilename 0 UTF16 80
0x1402BAC0E 040904B0 0 UTF16 80
0x1402BB05E 040904B0 0 UTF16 80
0x14003F590 Flat.aac 0 ASCII 80
0x14003F65A Crap.aac 0 ASCII 80
0x140009A8C GCTL 2 ASCII 80
0x14003F626 Finite.aac 0 ASCII 79
0x1402BB338 Internet Explorer 0 UTF16 78
0x14000AC9A LocalFileTimeToFileTime 0 ASCII 78
0x14003F6AB Acquire.aac 0 ASCII 78
0x14003F673 Funding.aac 0 ASCII 78
0x1401C3D8A /t/3p 0 ASCII 77
0x14003DF98 Cabinet is not valid. 0 UTF16 76
0x14003CA68 msctls_progress32 0 UTF16 76
0x14003CA08 msctls_progress32 0 UTF16 76
0x14003D0C0 msctls_progress32 0 UTF16 76
0x14003C3D8 msctls_progress32 0 UTF16 76
0x14003D060 msctls_progress32 0 UTF16 76
0x14003C438 msctls_progress32 0 UTF16 76
0x14003DA24 msctls_progress32 0 UTF16 76
0x14000FCEC POSTRUNPROGRAM 0 UTF16 76
0x140023E44 J<<BYHHSYHHVXHHCXHH8SDD#RCC 0 ASCII 76
0x14015CEE0 /c5/0Kk 0 ASCII 76
0x14003F68F Knights.aac 0 ASCII 75
0x14003F6C7 Alto.aac 0 ASCII 75
0x14003F641 Clip.aac 0 ASCII 75
0x1400FF2C2 hhPT.sq0 0 ASCII 75
0x14000B240 GetSystemTimeAsFileTime 0 ASCII 74
0x14000AD98 DosDateTimeToFileTime 0 ASCII 74
0x140014E66 ExxwwEEx 0 ASCII 74
0x1400133DF wvvww 0 ASCII 74
0x14003D5E2 Temporary folder 0 UTF16 73
0x1402BAD4E FileDescription 0 UTF16 73
0x1402BAF74 2.03.6.94523 0 UTF16 73
0x1402BB0C2 FileDescription 0 UTF16 73
0x14003D792 Overwrite file 0 UTF16 73
0x14000AA74 WritePrivateProfileStringA 0 ASCII 73
0x1402BB1E6 InternalName 0 UTF16 73
0x140023F04 H::2UEE:UDD9TEE)SCC"SED 0 ASCII 73
0x140025EF8 ZII?XGGKXGG?TDD0SDD 0 ASCII 73
0x14000B036 __set_app_type 0 ASCII 73
0x1400142BB WPMMMPPUW 0 ASCII 73
0x1400245F0 hhh\rCCC 0 ASCII 73
0x1400246B0 nnn\rEEE 0 ASCII 73
0x1400270FC TTTI444 0 ASCII 73
0x140024470 ttt\nGGG 0 ASCII 73
0x14002715C WWWILLL 0 ASCII 73
0x140026414 xxx\r::: 0 ASCII 73
0x140024230 YYY\n=== 0 ASCII 73
0x1402BAEDC GaiaTrack 0 UTF16 72
0x14000B1C8 SetUnhandledExceptionFilter 0 ASCII 72
0x14000A8B8 AllocateAndInitializeSid 0 ASCII 72
0x14000FC62 ADMQCMD 0 UTF16 72
0x140195343 wwwwwq 0 ASCII 72
0x140014442 WWWUWW 0 ASCII 72
0x1402BB03A StringFileInfo 0 UTF16 71
0x1402BABEA StringFileInfo 0 UTF16 71
0x1402BAF56 ProductVersion 0 UTF16 71
0x1402BB362 ProductVersion 0 UTF16 71
0x14003CAC8 SysListView32 0 UTF16 71
0x14003D120 SysListView32 0 UTF16 71
0x14003C498 SysListView32 0 UTF16 71
0x14000AB56 GetPrivateProfileStringA 0 ASCII 71
0x14000B1FA QueryPerformanceCounter 0 ASCII 71
0x14000B070 __setusermatherr 0 ASCII 71
0x14024F1D5 Pq8Jy.vg2 0 ASCII 71
0x14009882C |ySDQ.S 0 ASCII 71
- !This program cannot be run in DOS mode.\r\r\n$ 0 ASCII 70
0x14003DAD0 MS Shell Dlg 0 UTF16 70
0x14003C9B6 MS Shell Dlg 0 UTF16 70
0x14003D304 MS Shell Dlg 0 UTF16 70
0x14003D910 MS Shell Dlg 0 UTF16 70
0x14003C766 MS Shell Dlg 0 UTF16 70
0x14003D60A MS Shell Dlg 0 UTF16 70
0x14003CBAE MS Shell Dlg 0 UTF16 70
0x14003C646 MS Shell Dlg 0 UTF16 70
0x14003D00E MS Shell Dlg 0 UTF16 70
0x14003DC00 MS Shell Dlg 0 UTF16 70
0x14003CC9E MS Shell Dlg 0 UTF16 70
0x14003CDBE MS Shell Dlg 0 UTF16 70
0x14003D166 MS Shell Dlg 0 UTF16 70
0x14003D7B6 MS Shell Dlg 0 UTF16 70
0x14003CB0E MS Shell Dlg 0 UTF16 70
0x14003D206 MS Shell Dlg 0 UTF16 70
0x140023D84 J<<Q[IIaZIIfXGGKVFF1WII 0 ASCII 70
0x1402BB076 CompanyName 0 UTF16 70
0x1402BACA2 CompanyName 0 UTF16 70
0x14000B26A EnumResourceLanguagesA 0 ASCII 70
0x1402BADDA FileVersion 0 UTF16 70
0x1402BAFBA Translation 0 UTF16 70
0x1402BB3C2 Translation 0 UTF16 70
0x1402BB17A FileVersion 0 UTF16 70
0x14000AA00 GetFileAttributesA 0 ASCII 70
0x14000AABC SetFileAttributesA 0 ASCII 70
0x14001372D wwwwwwp 0 ASCII 70
0x140013795 wwwwwwp 0 ASCII 70
0x140022123 UUqttt 0 ASCII 70
0x140012F5C wgwwxx 0 ASCII 70
0x14013AC5C I.ZCM 0 ASCII 70
0x140238CA3 3.kXC 0 ASCII 70
0x1401D2AB3 :.ucI 0 ASCII 70
0x1401C71B2 Z.bJL 0 ASCII 70
0x14006D670 u.MqZ 0 ASCII 70
0x14008EBFF g6:.s 0 ASCII 70
0x140299E09 R.djQ 0 ASCII 70
0x1400E7824 /.GSI 0 ASCII 70
0x1401E4E4A U.ul5 0 ASCII 70
0x14025C61E d.mRM 0 ASCII 70
0x1400F7EEE A.Ot6 0 ASCII 70
0x140247516 B.gjp 0 ASCII 70
0x14021E165 y.Jv3 0 ASCII 70
0x1402AB506 /zo/3 0 ASCII 70
0x1402B1B11 U.jaP 0 ASCII 70
0x14005ECE2 i.FOc 0 ASCII 70
0x1402B27A3 MOJ.s 0 ASCII 70
0x1402B2FF2 w;C.S 0 ASCII 70
0x140165676 MT6.s 0 ASCII 70
0x1401E840E sNss 0 ASCII 70
0x1400FAB5B V/// 0 ASCII 70
0x14026D2C7 iU.s 0 ASCII 70
0x140012D8E Gwww 0 ASCII 70
0x140012F48 wxxw 0 ASCII 70
0x140226C86 s.pY 0 ASCII 70
0x1401EEB50 fH.S 0 ASCII 70
0x140070D58 6;;; 0 ASCII 70
0x14009F489 :O:O 0 ASCII 70
0x14001979C [[[x 0 ASCII 70
0x140022836 ;;;3 0 ASCII 70
0x1400A8650 \y\y 0 ASCII 70
Functions high-value functions
Kesakode
102
Malware 0 Library 0 Unknown 18 Clean 84
Function listings
0x140004A30 sub_140004a30 str 0 api 1 imm 5 Unknown 
sub_140004a30() {
    sub          rsp, 0x28
    cmp          edx, 0x01
    jnz          .1
    mov          edx, 0x466
    mov          r8d, 0x01
    call         [user32.SendMessageA]
    nop          [rax+rax*1], eax
.1:
    xor          eax, eax
    add          rsp, 0x28
    ret          
}

/* DISPLAY WARNING: Type casts are NOT being printed */

undefined8 sub_140004a30(undefined8 param_1,int32_t param_2)

{
    if (param_2 == 1) {
        (*user32.SendMessageA)(param_1, 0x466, 1);
    }
    return 0;
}
0x140007700 sub_140007700 str 0 api 1 imm 5 Unknown 
sub_140007700() {
    sub          rsp, 0x28
    call         [kernel32.GetLastError]
    nop          [rax+rax*1], eax
    mov          ecx, eax
    movzx        eax, ax
    or           eax, 0x80070000
    test         ecx, ecx
    cmovle       eax, ecx
    add          rsp, 0x28
    ret          
}

/* DISPLAY WARNING: Type casts are NOT being printed */

uint32_t sub_140007700(void)

{
    uint32_t uVar1;
    uint32_t uVar2;
    
    uVar1 = (*kernel32.GetLastError)();
    uVar2 = uVar1 & 0xffff | 0x80070000;
    if (uVar1 < 1) {
        uVar2 = uVar1;
    }
    return uVar2;
}
0x1400081B0 sub_1400081b0 str 0 api 1 imm 2 Unknown 
sub_1400081b0() {
    sub          rsp, 0x38
    mov          eax, [0x14000C7C8]
    lea          r8, [0x14000C238]
    mov          r9d, [0x14000C7C4]
    lea          rdx, [0x14000C230]
    mov          [0x14000C244], eax
    lea          rcx, [0x14000C228]
    lea          rax, [0x14000C244]
    mov          [rsp+0x20], rax
    call         [msvcrt.__getmainargs]
    mov          [0x14000C22C], eax
    add          rsp, 0x38
    ret          
}

/* DISPLAY WARNING: Type casts are NOT being printed */

void sub_1400081b0(void)

{
    [0x0x14000c244] = [0x0x14000c7c8];
    000000014000c22c =
         (*msvcrt.__getmainargs)(0x14000c228, 0x14000c230, 0x14000c238, [0x0x14000c7c4], 0x14000c244);
    return;
}
0x140008790 sub_140008790 str 0 api 1 imm 2 Unknown 
sub_140008790() {
    sub          rsp, 0x28
    lea          rcx, [sub_140008750()]
    call         [kernel32.SetUnhandledExceptionFilter]
    xor          eax, eax
    add          rsp, 0x28
    ret          
}

/* DISPLAY WARNING: Type casts are NOT being printed */

undefined8 sub_140008790(void)

{
    (*kernel32.SetUnhandledExceptionFilter)(sub_140008750);
    return 0;
}
0x140005870 sub_140005870 str 0 api 1 imm 0 Unknown 
sub_140005870() {
    mov          edx, ecx
    xor          ecx, ecx
    jmp          [kernel32.GlobalAlloc]
}

/* DISPLAY WARNING: Type casts are NOT being printed */

void sub_140005870(undefined4 param_1)

{
    /* WARNING: Treating indirect jump as call */
    (*kernel32.GlobalAlloc)(0, param_1);
    return;
}
0x140005890 jmp_kernel32.GlobalFree str 0 api 1 imm 0 Unknown 
jmp_kernel32.GlobalFree() {
    jmp          [kernel32.GlobalFree]
}

/* DISPLAY WARNING: Type casts are NOT being printed */

void jmp_kernel32.GlobalFree(void)

{
    /* WARNING: Treating indirect jump as call */
    (*kernel32.GlobalFree)();
    return;
}
0x1400087AE jmp_msvcrt._XcptFilter str 0 api 1 imm 0 Unknown 
jmp_msvcrt._XcptFilter() {
    jmp          [msvcrt._XcptFilter]
}

/* DISPLAY WARNING: Type casts are NOT being printed */

void jmp_msvcrt._XcptFilter(void)

{
    /* WARNING: Treating indirect jump as call */
    (*msvcrt._XcptFilter)();
    return;
}
0x140008863 jmp_msvcrt._amsg_exit str 0 api 1 imm 0 Unknown 
jmp_msvcrt._amsg_exit() {
    jmp          [msvcrt._amsg_exit]
}

/* DISPLAY WARNING: Type casts are NOT being printed */

void jmp_msvcrt._amsg_exit(void)

{
    /* WARNING: Treating indirect jump as call */
    (*msvcrt._amsg_exit)();
    return;
}
0x140008A3E jmp_msvcrt._initterm str 0 api 1 imm 0 Unknown 
jmp_msvcrt._initterm() {
    jmp          [msvcrt._initterm]
}

/* DISPLAY WARNING: Type casts are NOT being printed */

void jmp_msvcrt._initterm(void)

{
    /* WARNING: Treating indirect jump as call */
    (*msvcrt._initterm)();
    return;
}
0x140008A4A jmp_msvcrt.__C_specific_handler str 0 api 1 imm 0 Unknown 
jmp_msvcrt.__C_specific_handler() {
    jmp          [msvcrt.__C_specific_handler]
}

/* DISPLAY WARNING: Type casts are NOT being printed */

void jmp_msvcrt.__C_specific_handler(void)

{
    /* WARNING: Treating indirect jump as call */
    (*msvcrt.__C_specific_handler)();
    return;
}
0x140008A60 GuardCFCheckFunction str 0 api 1 imm 0 Unknown 
GuardCFCheckFunction() {
    ret          0x00
}

/* DISPLAY WARNING: Type casts are NOT being printed */

void GuardCFCheckFunction(void)

{
    return;
}
0x140008AFD jmp_msvcrt.memcpy str 0 api 1 imm 0 Unknown 
jmp_msvcrt.memcpy() {
    jmp          [msvcrt.memcpy]
}

/* DISPLAY WARNING: Type casts are NOT being printed */

void jmp_msvcrt.memcpy(void)

{
    /* WARNING: Treating indirect jump as call */
    (*msvcrt.memcpy)();
    return;
}
0x140008B09 jmp_msvcrt.memset str 0 api 1 imm 0 Unknown 
jmp_msvcrt.memset() {
    jmp          [msvcrt.memset]
}

/* DISPLAY WARNING: Type casts are NOT being printed */

void jmp_msvcrt.memset(void)

{
    /* WARNING: Treating indirect jump as call */
    (*msvcrt.memset)();
    return;
}
0x140008B20 GuardCFDispatchFunction str 0 api 1 imm 0 Unknown 
GuardCFDispatchFunction() {
    jmp          rax
}

/* DISPLAY WARNING: Type casts are NOT being printed */

void GuardCFDispatchFunction(void)

{
    code *UNRECOVERED_JUMPTABLE;
    
    /* WARNING: Could not recover jumptable at 0x000140008b20. Too many branches */
    /* WARNING: Treating indirect jump as call */
    (*UNRECOVERED_JUMPTABLE)();
    return;
}
0x140008470 sub_140008470 str 0 api 0 imm 3 Unknown 
sub_140008470() {
    cmp          rcx, [0x14000C008]
    jnz          .2
    rol          rcx, 0x10
    test         cx, 0xFFFF
    jnz          .1
    ret          
.1:
    ror          rcx, 0x10
.2:
    jmp          sub_1400084d0()
}

/* DISPLAY WARNING: Type casts are NOT being printed */

void sub_140008470(int64_t param_1)

{
    undefined8 uVar1;
    int64_t iVar2;
    undefined8 uStack_38;
    undefined auStack_30 [8];
    undefined auStack_28 [8];
    int64_t iStack_20;
    undefined8 uStack_18;
    
    if ((param_1 == [0x0x14000c008#SecurityCookie]) && (param_1 >> 0x30 == 0)) {
        return;
    }
    (*kernel32.RtlCaptureContext)(0x14000c2f0);
    uVar1 = [0x0x14000c3e8];
    iVar2 = (*kernel32.RtlLookupFunctionEntry)([0x0x14000c3e8], &uStack_38, 0);
    if (iVar2 == 0) {
        000000014000c3e8 = *0x14000c388;
        puRam000000014000c388 = 0x14000c388 + 1;
    }
    else {
        (*kernel32.RtlVirtualUnwind)(0, uStack_38, uVar1, iVar2, 0x14000c2f0, auStack_28, auStack_30, 0);
    }
    [0x0x14000c260] = [0x0x14000c3e8];
    [0x0x14000c250] = 0xc0000409;
    [0x0x14000c254] = 1;
    [0x0x14000c268] = 3;
    [0x0x14000c270] = 2;
    [0x0x14000c278] = [0x0x14000c008#SecurityCookie];
    [0x0x14000c280] = [0x0x14000c010];
    iStack_20 = [0x0x14000c008#SecurityCookie];
    uStack_18 = [0x0x14000c010];
    000000014000c370 = param_1;
    sub_140008494(0x140009000);
    return;
}
0x140008A78 sub_140008a78 str 0 api 0 imm 3 Unknown 
sub_140008a78() {
    sub          rsp, 0x28
    mov          r8, [r9+0x38]
    mov          rcx, rdx
    mov          rdx, r9
    call         sub_140008a9c()
    mov          eax, 0x01
    add          rsp, 0x28
    ret          
}

/* DISPLAY WARNING: Type casts are NOT being printed */

undefined8 sub_140008a78(undefined8 param_1,undefined8 param_2,undefined8 param_3,int64_t param_4)

{
    sub_140008a9c(param_2, param_4, *(param_4 + 0x38));
    return 1;
}
No library functions identified.