VTI SCORE: 93/100
| Dynamic Analysis Report |
| Classification: Ransomware, Wiper, Trojan, Dropper |
UNNAM3D - RANSM.exe
Windows Exe (x86-32)
Created at 2019-03-31T21:12:00
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| Filename | Category | Type | Severity | Actions |
|---|
| C:\Users\FD1HVy\Desktop\UNNAM3D - RANSM.exe | Sample File | Binary |
Suspicious
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 2.74 MB |
| MD5 |
02c6bf3ca15457e3e951dc49b704707c
|
| SHA1 |
d5d5363f7b183d9ed8a73620efa3f2c529dedd1a
|
| SHA256 |
42dc69a5e31a8cba294b9488d98c415e69925d387bd7b80d637b37c02811226b
|
| SSDeep |
49152:YMleTCO4HN05rQw3AfOAMB1OUVy2TCTqGHShW3GUN1e01wks:YMleTCnHN05rQw39AMnhYHyhl81e0ek
|
| ImpHash |
f34d5f2d4577ed6d9ceec516c1f5a744
|
| Parser Error Remark | Static analyzer was unable to completely parse the analyzed file |
File Reputation Information
»
| Severity |
Suspicious
|
| First Seen | 2019-03-27 07:14 (UTC+1) |
| Last Seen | 2019-03-28 08:52 (UTC+1) |
| Names | ByteCode-MSIL.Trojan.Encoder |
| Families | Encoder |
| Classification | Trojan |
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x6bf51e |
| Size Of Code | 0x2bd600 |
| Size Of Initialized Data | 0xa00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2088-12-12 10:29:26+00:00 |
Version Information (11)
»
| Assembly Version | 1.0.0.0 |
| Comments | - |
| CompanyName | Microsoft |
| FileDescription | UNNAM3D - RANSM |
| FileVersion | 1.0.0.0 |
| InternalName | UNNAM3D - RANSM.exe |
| LegalCopyright | Copyright © Microsoft 2019 |
| LegalTrademarks | - |
| OriginalFilename | UNNAM3D - RANSM.exe |
| ProductName | UNNAM3D - RANSM |
| ProductVersion | 1.0.0.0 |
Sections (4)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x402000 | 0x2bd524 | 0x2bd600 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.99 |
| .sdata | 0x6c0000 | 0x1e8 | 0x200 | 0x2bda00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 6.61 |
| .rsrc | 0x6c2000 | 0x5fc | 0x600 | 0x2bdc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.27 |
| .reloc | 0x6c4000 | 0xc | 0x200 | 0x2be200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.1 |
Imports (1)
»
mscoree.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| _CorExeMain | 0x0 | 0x402000 | 0x2bf4f8 | 0x2bd8f8 | 0x0 |
Memory Dumps (5)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| clrjit.dll | 1 | 0x74330000 | 0x743AFFFF | Marked Writable | - | 32-bit | - |
|
...
|
| buffer | 1 | 0x049D0000 | 0x049D0FFF | First Execution | - | 32-bit | 0x049D0000 |
|
...
|
| clrjit.dll | 1 | 0x74330000 | 0x743AFFFF | Content Changed | - | 32-bit | 0x7439A2A6, 0x74369E12 |
|
...
|
| clrjit.dll | 1 | 0x74330000 | 0x743AFFFF | Content Changed | - | 32-bit | 0x74391000 |
|
...
|
| buffer | 1 | 0x06567000 | 0x06567FFF | First Execution | - | 32-bit | 0x06567000 |
|
...
|
| 59a774011647eac8bedd4aecf76c9c1c308f1d9d53c77af5dfc84223c04a26b0 | Downloaded File | Unknown |
Whitelisted
|
...
|
»
| Parent File | analysis.pcap |
| Mime Type | application/vnd.ms-cab-compressed |
| File Size | 6.42 KB |
| MD5 |
d6be088f19f7decff10c7aed796c5ab1
|
| SHA1 |
2cf4644ac0beaee0b852efa6ffa6e0cd49635c8f
|
| SHA256 |
59a774011647eac8bedd4aecf76c9c1c308f1d9d53c77af5dfc84223c04a26b0
|
| SSDeep |
96:4o/hVtw3hb5mDEVq+2b1y0ZbezJa/50YH/4oOJjf8kIekb5x4maJtax9:4ehP20uqpU0Z6zG5HH/Y589ekbCOx9
|
File Reputation Information
»
| Severity |
Whitelisted
|
| First Seen | 2019-03-27 05:01 (UTC+1) |
| Last Seen | 2019-03-30 15:19 (UTC+1) |
| ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d | Downloaded File | Unknown |
Whitelisted
|
...
|
»
| Parent File | analysis.pcap |
| Mime Type | application/vnd.ms-cab-compressed |
| File Size | 7.61 KB |
| MD5 |
fb60e1afe48764e6bf78719c07813d32
|
| SHA1 |
a1dc74ef8495c9a1489dd937659b5c2875027e16
|
| SHA256 |
ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d
|
| SSDeep |
192:CPTIWKvNnUBBBL05O/b0evl2G6AXK+KMlYX82:CbevNUBDLlz0eN2dAXlKH
|
File Reputation Information
»
| Severity |
Whitelisted
|
| First Seen | 2017-06-03 02:09 (UTC+2) |
| Last Seen | 2019-02-22 02:24 (UTC+1) |
| c:\users\fd1hvy\appdata\local\microsoft\windows\explorer\iconcache_idx.db | Modified File | Stream |
Unknown
|
...
|
»
| Mime Type | application/octet-stream |
| File Size | 113.77 KB |
| MD5 |
73bfba05899b33a27858f4c19b1a671b
|
| SHA1 |
c6f1c292ff85bb4fb84055975879c8345290b413
|
| SHA256 |
c2c4cdff22f9ca0ef6e49c25c19f020fbe3bed1712451c61aa02f1342acf4d19
|
| SSDeep |
384:40cn3yWhXKXxUAuLD/q3sOqXp16KPo7Eo9erZoieAco37MwaDeYfs:rOaWDLrq3JMUWxnZoit7Mnq
|
| c:\users\fd1hvy\appdata\local\microsoft\windows\explorer\iconcache_16.db | Modified File | Stream |
Unknown
|
...
|
»
| Mime Type | application/octet-stream |
| File Size | 1.00 MB |
| MD5 |
59dda5dae4ef7b50a99d041e7a9e97e6
|
| SHA1 |
644e29965aef4527bc670bb0cecda464a0eb60b4
|
| SHA256 |
f25e9070985e75877834f377d7ca21eec0961f2c7a87e815bffca320334ba90f
|
| SSDeep |
12288:99sS9vByHE1a4Cxl/pGvfRBG4+EFjnFEd0jJg8ey:9DNBRi6G4+uA8ey
|
| C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe | Dropped File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 2.17 MB |
| MD5 |
1e3a2a966f593ad33125f26916267008
|
| SHA1 |
38b1a547ddee671edeee7385cac138458a6a6858
|
| SHA256 |
b18c9b9200e354f81882b29dc8143ec5d6f2b731cf4c7da3800e339ffb3c8827
|
| SSDeep |
49152:m2IoCBtJnxlyU/mWhRcQYhie6/UIdjjQuctXnFDu3nAzNjteyUHBdH3y2:xrCBrtcy/lfkD0nANte9BpC2
|
| ImpHash |
fc34ccfc3706590e7f2a0133ad738b08
|
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x1400f1588 |
| Size Of Code | 0x10c800 |
| Size Of Initialized Data | 0x1bda00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2019-02-24 19:02:35+00:00 |
Version Information (8)
»
| CompanyName | Alexander Roshal |
| FileDescription | WinRAR archiver |
| FileVersion | 5.70.0 |
| InternalName | WinRAR |
| LegalCopyright | Copyright © Alexander Roshal 1993-2019 |
| OriginalFilename | WinRAR.exe |
| ProductName | WinRAR |
| ProductVersion | 5.70.0 |
Sections (8)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x10c665 | 0x10c800 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.51 |
| .rdata | 0x14010e000 | 0x2e574 | 0x2e600 | 0x10cc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.93 |
| .data | 0x14013d000 | 0xa6a1c | 0x4e00 | 0x13b200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.78 |
| .pdata | 0x1401e4000 | 0x9174 | 0x9200 | 0x140000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.07 |
| .gfids | 0x1401ee000 | 0xe0 | 0x200 | 0x149200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 2.07 |
| .tls | 0x1401ef000 | 0x9 | 0x200 | 0x149400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.02 |
| .rsrc | 0x1401f0000 | 0xde150 | 0xde200 | 0x149600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.26 |
| .reloc | 0x1402cf000 | 0xe14 | 0x1000 | 0x227800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.16 |
Imports (14)
»
KERNEL32.dll (180)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DeviceIoControl | 0x0 | 0x14010e220 | 0x1398f0 | 0x1384f0 | 0xe1 |
| BackupRead | 0x0 | 0x14010e228 | 0x1398f8 | 0x1384f8 | 0x18 |
| BackupSeek | 0x0 | 0x14010e230 | 0x139900 | 0x138500 | 0x19 |
| GetShortPathNameW | 0x0 | 0x14010e238 | 0x139908 | 0x138508 | 0x268 |
| GetLongPathNameW | 0x0 | 0x14010e240 | 0x139910 | 0x138510 | 0x215 |
| GetFileType | 0x0 | 0x14010e248 | 0x139918 | 0x138518 | 0x1fa |
| GetStdHandle | 0x0 | 0x14010e250 | 0x139920 | 0x138520 | 0x26b |
| FlushFileBuffers | 0x0 | 0x14010e258 | 0x139928 | 0x138528 | 0x15d |
| GetFileTime | 0x0 | 0x14010e260 | 0x139930 | 0x138530 | 0x1f9 |
| GetDiskFreeSpaceExW | 0x0 | 0x14010e268 | 0x139938 | 0x138538 | 0x1d5 |
| GetVersionExW | 0x0 | 0x14010e270 | 0x139940 | 0x138540 | 0x2ac |
| GetCurrentDirectoryW | 0x0 | 0x14010e278 | 0x139948 | 0x138548 | 0x1c5 |
| GetFullPathNameW | 0x0 | 0x14010e280 | 0x139950 | 0x138550 | 0x202 |
| FoldStringW | 0x0 | 0x14010e288 | 0x139958 | 0x138558 | 0x162 |
| LoadResource | 0x0 | 0x14010e290 | 0x139960 | 0x138560 | 0x343 |
| SizeofResource | 0x0 | 0x14010e298 | 0x139968 | 0x138568 | 0x4bf |
| FindResourceW | 0x0 | 0x14010e2a0 | 0x139970 | 0x138570 | 0x154 |
| LoadLibraryExW | 0x0 | 0x14010e2a8 | 0x139978 | 0x138578 | 0x340 |
| CompareStringA | 0x0 | 0x14010e2b0 | 0x139980 | 0x138580 | 0x61 |
| GetCurrentThread | 0x0 | 0x14010e2b8 | 0x139988 | 0x138588 | 0x1ca |
| SetThreadPriority | 0x0 | 0x14010e2c0 | 0x139990 | 0x138590 | 0x4a6 |
| SetThreadExecutionState | 0x0 | 0x14010e2c8 | 0x139998 | 0x138598 | 0x4a0 |
| CreateEventW | 0x0 | 0x14010e2d0 | 0x1399a0 | 0x1385a0 | 0x85 |
| GetSystemDirectoryW | 0x0 | 0x14010e2d8 | 0x1399a8 | 0x1385a8 | 0x277 |
| SetCurrentDirectoryW | 0x0 | 0x14010e2e0 | 0x1399b0 | 0x1385b0 | 0x45b |
| GetFullPathNameA | 0x0 | 0x14010e2e8 | 0x1399b8 | 0x1385b8 | 0x1ff |
| SetPriorityClass | 0x0 | 0x14010e2f0 | 0x1399c0 | 0x1385c0 | 0x48a |
| GetProcessAffinityMask | 0x0 | 0x14010e2f8 | 0x1399c8 | 0x1385c8 | 0x24d |
| CreateThread | 0x0 | 0x14010e300 | 0x1399d0 | 0x1385d0 | 0xb4 |
| InitializeCriticalSection | 0x0 | 0x14010e308 | 0x1399d8 | 0x1385d8 | 0x2ea |
| EnterCriticalSection | 0x0 | 0x14010e310 | 0x1399e0 | 0x1385e0 | 0xf2 |
| LeaveCriticalSection | 0x0 | 0x14010e318 | 0x1399e8 | 0x1385e8 | 0x33b |
| DeleteCriticalSection | 0x0 | 0x14010e320 | 0x1399f0 | 0x1385f0 | 0xd2 |
| SetEvent | 0x0 | 0x14010e328 | 0x1399f8 | 0x1385f8 | 0x467 |
| ResetEvent | 0x0 | 0x14010e330 | 0x139a00 | 0x138600 | 0x412 |
| ReleaseSemaphore | 0x0 | 0x14010e338 | 0x139a08 | 0x138608 | 0x401 |
| CreateSemaphoreW | 0x0 | 0x14010e340 | 0x139a10 | 0x138610 | 0xae |
| GetSystemTime | 0x0 | 0x14010e348 | 0x139a18 | 0x138618 | 0x27e |
| TzSpecificLocalTimeToSystemTime | 0x0 | 0x14010e350 | 0x139a20 | 0x138620 | 0x4de |
| GetCPInfo | 0x0 | 0x14010e358 | 0x139a28 | 0x138628 | 0x178 |
| IsDBCSLeadByte | 0x0 | 0x14010e360 | 0x139a30 | 0x138630 | 0x300 |
| WideCharToMultiByte | 0x0 | 0x14010e368 | 0x139a38 | 0x138638 | 0x520 |
| CompareStringW | 0x0 | 0x14010e370 | 0x139a40 | 0x138640 | 0x64 |
| GetModuleHandleExW | 0x0 | 0x14010e378 | 0x139a48 | 0x138648 | 0x21d |
| GetCompressedFileSizeW | 0x0 | 0x14010e380 | 0x139a50 | 0x138650 | 0x191 |
| EnumResourceNamesW | 0x0 | 0x14010e388 | 0x139a58 | 0x138658 | 0x107 |
| EnumResourceLanguagesW | 0x0 | 0x14010e390 | 0x139a60 | 0x138660 | 0x103 |
| BeginUpdateResourceW | 0x0 | 0x14010e398 | 0x139a68 | 0x138668 | 0x38 |
| UpdateResourceW | 0x0 | 0x14010e3a0 | 0x139a70 | 0x138670 | 0x4ee |
| EndUpdateResourceW | 0x0 | 0x14010e3a8 | 0x139a78 | 0x138678 | 0xf1 |
| GetLocaleInfoW | 0x0 | 0x14010e3b0 | 0x139a80 | 0x138680 | 0x20c |
| GetNumberFormatW | 0x0 | 0x14010e3b8 | 0x139a88 | 0x138688 | 0x23a |
| GetLogicalDrives | 0x0 | 0x14010e3c0 | 0x139a90 | 0x138690 | 0x20f |
| LockResource | 0x0 | 0x14010e3c8 | 0x139a98 | 0x138698 | 0x356 |
| SuspendThread | 0x0 | 0x14010e3d0 | 0x139aa0 | 0x1386a0 | 0x4c8 |
| ResumeThread | 0x0 | 0x14010e3d8 | 0x139aa8 | 0x1386a8 | 0x416 |
| GetStartupInfoW | 0x0 | 0x14010e3e0 | 0x139ab0 | 0x1386b0 | 0x26a |
| GetCurrentThreadId | 0x0 | 0x14010e3e8 | 0x139ab8 | 0x1386b8 | 0x1cb |
| Beep | 0x0 | 0x14010e3f0 | 0x139ac0 | 0x1386c0 | 0x36 |
| CopyFileW | 0x0 | 0x14010e3f8 | 0x139ac8 | 0x1386c8 | 0x75 |
| FormatMessageW | 0x0 | 0x14010e400 | 0x139ad0 | 0x1386d0 | 0x164 |
| SetErrorMode | 0x0 | 0x14010e408 | 0x139ad8 | 0x1386d8 | 0x466 |
| GetPriorityClass | 0x0 | 0x14010e410 | 0x139ae0 | 0x1386e0 | 0x241 |
| WaitForMultipleObjects | 0x0 | 0x14010e418 | 0x139ae8 | 0x1386e8 | 0x506 |
| MulDiv | 0x0 | 0x14010e420 | 0x139af0 | 0x1386f0 | 0x368 |
| CompareFileTime | 0x0 | 0x14010e428 | 0x139af8 | 0x1386f8 | 0x60 |
| FindNextChangeNotification | 0x0 | 0x14010e430 | 0x139b00 | 0x138700 | 0x148 |
| GetProcessHeap | 0x0 | 0x14010e438 | 0x139b08 | 0x138708 | 0x251 |
| SetEnvironmentVariableA | 0x0 | 0x14010e440 | 0x139b10 | 0x138710 | 0x464 |
| FreeEnvironmentStringsW | 0x0 | 0x14010e448 | 0x139b18 | 0x138718 | 0x167 |
| GetEnvironmentStringsW | 0x0 | 0x14010e450 | 0x139b20 | 0x138720 | 0x1e1 |
| GetCommandLineA | 0x0 | 0x14010e458 | 0x139b28 | 0x138728 | 0x18c |
| IsValidCodePage | 0x0 | 0x14010e460 | 0x139b30 | 0x138730 | 0x30c |
| FindNextFileA | 0x0 | 0x14010e468 | 0x139b38 | 0x138738 | 0x149 |
| FindFirstFileExA | 0x0 | 0x14010e470 | 0x139b40 | 0x138740 | 0x139 |
| GetStringTypeW | 0x0 | 0x14010e478 | 0x139b48 | 0x138748 | 0x270 |
| WriteConsoleW | 0x0 | 0x14010e480 | 0x139b50 | 0x138750 | 0x533 |
| SetStdHandle | 0x0 | 0x14010e488 | 0x139b58 | 0x138758 | 0x494 |
| LCMapStringW | 0x0 | 0x14010e490 | 0x139b60 | 0x138760 | 0x32f |
| HeapReAlloc | 0x0 | 0x14010e498 | 0x139b68 | 0x138768 | 0x2da |
| GetModuleFileNameA | 0x0 | 0x14010e4a0 | 0x139b70 | 0x138770 | 0x219 |
| ExitProcess | 0x0 | 0x14010e4a8 | 0x139b78 | 0x138778 | 0x11f |
| GetConsoleCP | 0x0 | 0x14010e4b0 | 0x139b80 | 0x138780 | 0x1a0 |
| ReadConsoleW | 0x0 | 0x14010e4b8 | 0x139b88 | 0x138788 | 0x3c1 |
| GetConsoleMode | 0x0 | 0x14010e4c0 | 0x139b90 | 0x138790 | 0x1b2 |
| SetFilePointerEx | 0x0 | 0x14010e4c8 | 0x139b98 | 0x138798 | 0x475 |
| FreeLibraryAndExitThread | 0x0 | 0x14010e4d0 | 0x139ba0 | 0x1387a0 | 0x169 |
| ExitThread | 0x0 | 0x14010e4d8 | 0x139ba8 | 0x1387a8 | 0x120 |
| QueryPerformanceFrequency | 0x0 | 0x14010e4e0 | 0x139bb0 | 0x1387b0 | 0x3aa |
| EncodePointer | 0x0 | 0x14010e4e8 | 0x139bb8 | 0x1387b8 | 0xee |
| TlsFree | 0x0 | 0x14010e4f0 | 0x139bc0 | 0x1387c0 | 0x4d4 |
| TlsSetValue | 0x0 | 0x14010e4f8 | 0x139bc8 | 0x1387c8 | 0x4d6 |
| TlsGetValue | 0x0 | 0x14010e500 | 0x139bd0 | 0x1387d0 | 0x4d5 |
| TlsAlloc | 0x0 | 0x14010e508 | 0x139bd8 | 0x1387d8 | 0x4d3 |
| InitializeCriticalSectionAndSpinCount | 0x0 | 0x14010e510 | 0x139be0 | 0x1387e0 | 0x2eb |
| RtlUnwindEx | 0x0 | 0x14010e518 | 0x139be8 | 0x1387e8 | 0x425 |
| RaiseException | 0x0 | 0x14010e520 | 0x139bf0 | 0x1387f0 | 0x3b4 |
| RtlPcToFileHeader | 0x0 | 0x14010e528 | 0x139bf8 | 0x1387f8 | 0x421 |
| InitializeSListHead | 0x0 | 0x14010e530 | 0x139c00 | 0x138800 | 0x2ef |
| QueryPerformanceCounter | 0x0 | 0x14010e538 | 0x139c08 | 0x138808 | 0x3a9 |
| IsDebuggerPresent | 0x0 | 0x14010e540 | 0x139c10 | 0x138810 | 0x302 |
| WaitForSingleObjectEx | 0x0 | 0x14010e548 | 0x139c18 | 0x138818 | 0x509 |
| IsProcessorFeaturePresent | 0x0 | 0x14010e550 | 0x139c20 | 0x138820 | 0x306 |
| TerminateProcess | 0x0 | 0x14010e558 | 0x139c28 | 0x138828 | 0x4ce |
| SetUnhandledExceptionFilter | 0x0 | 0x14010e560 | 0x139c30 | 0x138830 | 0x4b3 |
| UnhandledExceptionFilter | 0x0 | 0x14010e568 | 0x139c38 | 0x138838 | 0x4e2 |
| RtlVirtualUnwind | 0x0 | 0x14010e570 | 0x139c40 | 0x138840 | 0x426 |
| RtlLookupFunctionEntry | 0x0 | 0x14010e578 | 0x139c48 | 0x138848 | 0x41f |
| RtlCaptureContext | 0x0 | 0x14010e580 | 0x139c50 | 0x138850 | 0x418 |
| GetFileInformationByHandle | 0x0 | 0x14010e588 | 0x139c58 | 0x138858 | 0x1f3 |
| GetLocalTime | 0x0 | 0x14010e590 | 0x139c60 | 0x138860 | 0x209 |
| FindCloseChangeNotification | 0x0 | 0x14010e598 | 0x139c68 | 0x138868 | 0x135 |
| FindFirstChangeNotificationW | 0x0 | 0x14010e5a0 | 0x139c70 | 0x138870 | 0x137 |
| ExpandEnvironmentStringsW | 0x0 | 0x14010e5a8 | 0x139c78 | 0x138878 | 0x123 |
| SystemTimeToFileTime | 0x0 | 0x14010e5b0 | 0x139c80 | 0x138880 | 0x4cb |
| SystemTimeToTzSpecificLocalTime | 0x0 | 0x14010e5b8 | 0x139c88 | 0x138888 | 0x4cc |
| FindNextFileW | 0x0 | 0x14010e5c0 | 0x139c90 | 0x138890 | 0x14b |
| GetDiskFreeSpaceW | 0x0 | 0x14010e5c8 | 0x139c98 | 0x138898 | 0x1d6 |
| CreateHardLinkW | 0x0 | 0x14010e5d0 | 0x139ca0 | 0x1388a0 | 0x93 |
| SetLastError | 0x0 | 0x14010e5d8 | 0x139ca8 | 0x1388a8 | 0x480 |
| DosDateTimeToFileTime | 0x0 | 0x14010e5e0 | 0x139cb0 | 0x1388b0 | 0xe8 |
| LocalFileTimeToFileTime | 0x0 | 0x14010e5e8 | 0x139cb8 | 0x1388b8 | 0x348 |
| HeapFree | 0x0 | 0x14010e5f0 | 0x139cc0 | 0x1388c0 | 0x2d7 |
| HeapAlloc | 0x0 | 0x14010e5f8 | 0x139cc8 | 0x1388c8 | 0x2d3 |
| HeapDestroy | 0x0 | 0x14010e600 | 0x139cd0 | 0x1388d0 | 0x2d6 |
| HeapCreate | 0x0 | 0x14010e608 | 0x139cd8 | 0x1388d8 | 0x2d5 |
| DeleteFileW | 0x0 | 0x14010e610 | 0x139ce0 | 0x1388e0 | 0xd7 |
| SetFileAttributesW | 0x0 | 0x14010e618 | 0x139ce8 | 0x1388e8 | 0x46f |
| CreateFileW | 0x0 | 0x14010e620 | 0x139cf0 | 0x1388f0 | 0x8f |
| RemoveDirectoryW | 0x0 | 0x14010e628 | 0x139cf8 | 0x1388f8 | 0x406 |
| CreateDirectoryW | 0x0 | 0x14010e630 | 0x139d00 | 0x138900 | 0x81 |
| LoadLibraryW | 0x0 | 0x14010e638 | 0x139d08 | 0x138908 | 0x341 |
| GetSystemTimeAsFileTime | 0x0 | 0x14010e640 | 0x139d10 | 0x138910 | 0x280 |
| SetFileTime | 0x0 | 0x14010e648 | 0x139d18 | 0x138918 | 0x478 |
| SetFilePointer | 0x0 | 0x14010e650 | 0x139d20 | 0x138920 | 0x474 |
| SetEndOfFile | 0x0 | 0x14010e658 | 0x139d28 | 0x138928 | 0x461 |
| ReadFile | 0x0 | 0x14010e660 | 0x139d30 | 0x138930 | 0x3c3 |
| WriteFile | 0x0 | 0x14010e668 | 0x139d38 | 0x138938 | 0x534 |
| GetFileSize | 0x0 | 0x14010e670 | 0x139d40 | 0x138940 | 0x1f7 |
| FreeLibrary | 0x0 | 0x14010e678 | 0x139d48 | 0x138948 | 0x168 |
| MoveFileW | 0x0 | 0x14010e680 | 0x139d50 | 0x138950 | 0x365 |
| GetTickCount | 0x0 | 0x14010e688 | 0x139d58 | 0x138958 | 0x29a |
| GetCPInfoExW | 0x0 | 0x14010e690 | 0x139d60 | 0x138960 | 0x17a |
| GetOEMCP | 0x0 | 0x14010e698 | 0x139d68 | 0x138968 | 0x23e |
| GetACP | 0x0 | 0x14010e6a0 | 0x139d70 | 0x138970 | 0x16e |
| GetVolumeInformationW | 0x0 | 0x14010e6a8 | 0x139d78 | 0x138978 | 0x2af |
| GetDriveTypeW | 0x0 | 0x14010e6b0 | 0x139d80 | 0x138980 | 0x1da |
| Sleep | 0x0 | 0x14010e6b8 | 0x139d88 | 0x138988 | 0x4c0 |
| GetCurrentProcessId | 0x0 | 0x14010e6c0 | 0x139d90 | 0x138990 | 0x1c7 |
| GetCurrentProcess | 0x0 | 0x14010e6c8 | 0x139d98 | 0x138998 | 0x1c6 |
| CreateMutexW | 0x0 | 0x14010e6d0 | 0x139da0 | 0x1389a0 | 0x9e |
| ReleaseMutex | 0x0 | 0x14010e6d8 | 0x139da8 | 0x1389a8 | 0x3fd |
| GetLastError | 0x0 | 0x14010e6e0 | 0x139db0 | 0x1389b0 | 0x208 |
| GlobalFree | 0x0 | 0x14010e6e8 | 0x139db8 | 0x1389b8 | 0x2c2 |
| GlobalUnlock | 0x0 | 0x14010e6f0 | 0x139dc0 | 0x1389c0 | 0x2cd |
| GlobalLock | 0x0 | 0x14010e6f8 | 0x139dc8 | 0x1389c8 | 0x2c6 |
| GlobalSize | 0x0 | 0x14010e700 | 0x139dd0 | 0x1389d0 | 0x2ca |
| GlobalAlloc | 0x0 | 0x14010e708 | 0x139dd8 | 0x1389d8 | 0x2bb |
| HeapSize | 0x0 | 0x14010e710 | 0x139de0 | 0x1389e0 | 0x2dc |
| MultiByteToWideChar | 0x0 | 0x14010e718 | 0x139de8 | 0x1389e8 | 0x369 |
| GetVersionExA | 0x0 | 0x14010e720 | 0x139df0 | 0x1389f0 | 0x2ab |
| GetModuleHandleW | 0x0 | 0x14010e728 | 0x139df8 | 0x1389f8 | 0x21e |
| GetProcAddress | 0x0 | 0x14010e730 | 0x139e00 | 0x138a00 | 0x24c |
| GetTempPathW | 0x0 | 0x14010e738 | 0x139e08 | 0x138a08 | 0x28c |
| OpenFileMappingW | 0x0 | 0x14010e740 | 0x139e10 | 0x138a10 | 0x37b |
| CreateFileMappingW | 0x0 | 0x14010e748 | 0x139e18 | 0x138a18 | 0x8c |
| UnmapViewOfFile | 0x0 | 0x14010e750 | 0x139e20 | 0x138a20 | 0x4e5 |
| MapViewOfFile | 0x0 | 0x14010e758 | 0x139e28 | 0x138a28 | 0x359 |
| CloseHandle | 0x0 | 0x14010e760 | 0x139e30 | 0x138a30 | 0x52 |
| WaitForSingleObject | 0x0 | 0x14010e768 | 0x139e38 | 0x138a38 | 0x508 |
| GetCommandLineW | 0x0 | 0x14010e770 | 0x139e40 | 0x138a40 | 0x18d |
| GetModuleFileNameW | 0x0 | 0x14010e778 | 0x139e48 | 0x138a48 | 0x21a |
| GetDateFormatW | 0x0 | 0x14010e780 | 0x139e50 | 0x138a50 | 0x1cf |
| GetTimeFormatW | 0x0 | 0x14010e788 | 0x139e58 | 0x138a58 | 0x29e |
| FindFirstFileW | 0x0 | 0x14010e790 | 0x139e60 | 0x138a60 | 0x13f |
| FileTimeToSystemTime | 0x0 | 0x14010e798 | 0x139e68 | 0x138a68 | 0x12b |
| FileTimeToLocalFileTime | 0x0 | 0x14010e7a0 | 0x139e70 | 0x138a70 | 0x12a |
| FindClose | 0x0 | 0x14010e7a8 | 0x139e78 | 0x138a78 | 0x134 |
| GetThreadPriority | 0x0 | 0x14010e7b0 | 0x139e80 | 0x138a80 | 0x295 |
| GetFileAttributesW | 0x0 | 0x14010e7b8 | 0x139e88 | 0x138a88 | 0x1f1 |
USER32.dll (151)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CopyImage | 0x0 | 0x14010e8b8 | 0x139f88 | 0x138b88 | 0x54 |
| FindWindowExW | 0x0 | 0x14010e8c0 | 0x139f90 | 0x138b90 | 0xf9 |
| FillRect | 0x0 | 0x14010e8c8 | 0x139f98 | 0x138b98 | 0xf6 |
| MessageBoxW | 0x0 | 0x14010e8d0 | 0x139fa0 | 0x138ba0 | 0x219 |
| CreateIcon | 0x0 | 0x14010e8d8 | 0x139fa8 | 0x138ba8 | 0x64 |
| EnumWindows | 0x0 | 0x14010e8e0 | 0x139fb0 | 0x138bb0 | 0xf2 |
| SetForegroundWindow | 0x0 | 0x14010e8e8 | 0x139fb8 | 0x138bb8 | 0x299 |
| IsCharAlphaW | 0x0 | 0x14010e8f0 | 0x139fc0 | 0x138bc0 | 0x1c8 |
| FlashWindow | 0x0 | 0x14010e8f8 | 0x139fc8 | 0x138bc8 | 0xfb |
| CopyRect | 0x0 | 0x14010e900 | 0x139fd0 | 0x138bd0 | 0x55 |
| RegisterClassExW | 0x0 | 0x14010e908 | 0x139fd8 | 0x138bd8 | 0x251 |
| GetSysColor | 0x0 | 0x14010e910 | 0x139fe0 | 0x138be0 | 0x17d |
| ValidateRect | 0x0 | 0x14010e918 | 0x139fe8 | 0x138be8 | 0x324 |
| DrawIconEx | 0x0 | 0x14010e920 | 0x139ff0 | 0x138bf0 | 0xc8 |
| LoadImageW | 0x0 | 0x14010e928 | 0x139ff8 | 0x138bf8 | 0x1f3 |
| SystemParametersInfoW | 0x0 | 0x14010e930 | 0x13a000 | 0x138c00 | 0x2f4 |
| GetSystemMenu | 0x0 | 0x14010e938 | 0x13a008 | 0x138c08 | 0x17f |
| KillTimer | 0x0 | 0x14010e940 | 0x13a010 | 0x138c10 | 0x1e7 |
| SetTimer | 0x0 | 0x14010e948 | 0x13a018 | 0x138c18 | 0x2c1 |
| MessageBoxIndirectW | 0x0 | 0x14010e950 | 0x13a020 | 0x138c20 | 0x216 |
| CharUpperW | 0x0 | 0x14010e958 | 0x13a028 | 0x138c28 | 0x3c |
| ExitWindowsEx | 0x0 | 0x14010e960 | 0x13a030 | 0x138c30 | 0xf5 |
| CharLowerA | 0x0 | 0x14010e968 | 0x13a038 | 0x138c38 | 0x2b |
| LoadStringW | 0x0 | 0x14010e970 | 0x13a040 | 0x138c40 | 0x1fe |
| GetWindow | 0x0 | 0x14010e978 | 0x13a048 | 0x138c48 | 0x190 |
| SetProcessDefaultLayout | 0x0 | 0x14010e980 | 0x13a050 | 0x138c50 | 0x2af |
| CharToOemBuffW | 0x0 | 0x14010e988 | 0x13a058 | 0x138c58 | 0x37 |
| OemToCharBuffA | 0x0 | 0x14010e990 | 0x13a060 | 0x138c60 | 0x226 |
| OemToCharA | 0x0 | 0x14010e998 | 0x13a068 | 0x138c68 | 0x225 |
| GetComboBoxInfo | 0x0 | 0x14010e9a0 | 0x13a070 | 0x138c70 | 0x11e |
| RedrawWindow | 0x0 | 0x14010e9a8 | 0x13a078 | 0x138c78 | 0x24e |
| MessageBeep | 0x0 | 0x14010e9b0 | 0x13a080 | 0x138c80 | 0x211 |
| CharToOemA | 0x0 | 0x14010e9b8 | 0x13a088 | 0x138c88 | 0x35 |
| EmptyClipboard | 0x0 | 0x14010e9c0 | 0x13a090 | 0x138c90 | 0xd5 |
| SetClipboardData | 0x0 | 0x14010e9c8 | 0x13a098 | 0x138c98 | 0x28c |
| CloseClipboard | 0x0 | 0x14010e9d0 | 0x13a0a0 | 0x138ca0 | 0x49 |
| OpenClipboard | 0x0 | 0x14010e9d8 | 0x13a0a8 | 0x138ca8 | 0x22a |
| PeekMessageW | 0x0 | 0x14010e9e0 | 0x13a0b0 | 0x138cb0 | 0x237 |
| GetScrollInfo | 0x0 | 0x14010e9e8 | 0x13a0b8 | 0x138cb8 | 0x177 |
| EnableMenuItem | 0x0 | 0x14010e9f0 | 0x13a0c0 | 0x138cc0 | 0xd6 |
| CheckMenuItem | 0x0 | 0x14010e9f8 | 0x13a0c8 | 0x138cc8 | 0x3f |
| GetFocus | 0x0 | 0x14010ea00 | 0x13a0d0 | 0x138cd0 | 0x12e |
| MoveWindow | 0x0 | 0x14010ea08 | 0x13a0d8 | 0x138cd8 | 0x21f |
| GetClientRect | 0x0 | 0x14010ea10 | 0x13a0e0 | 0x138ce0 | 0x116 |
| GetWindowTextLengthW | 0x0 | 0x14010ea18 | 0x13a0e8 | 0x138ce8 | 0x1a6 |
| EndPaint | 0x0 | 0x14010ea20 | 0x13a0f0 | 0x138cf0 | 0xdc |
| BeginPaint | 0x0 | 0x14010ea28 | 0x13a0f8 | 0x138cf8 | 0xe |
| UpdateWindow | 0x0 | 0x14010ea30 | 0x13a100 | 0x138d00 | 0x319 |
| AppendMenuW | 0x0 | 0x14010ea38 | 0x13a108 | 0x138d08 | 0xa |
| RegisterWindowMessageW | 0x0 | 0x14010ea40 | 0x13a110 | 0x138d10 | 0x267 |
| DrawMenuBar | 0x0 | 0x14010ea48 | 0x13a118 | 0x138d18 | 0xc9 |
| wsprintfW | 0x0 | 0x14010ea50 | 0x13a120 | 0x138d20 | 0x33b |
| SetWindowLongPtrW | 0x0 | 0x14010ea58 | 0x13a128 | 0x138d28 | 0x2cb |
| ScreenToClient | 0x0 | 0x14010ea60 | 0x13a130 | 0x138d30 | 0x271 |
| ClientToScreen | 0x0 | 0x14010ea68 | 0x13a138 | 0x138d38 | 0x47 |
| CallWindowProcW | 0x0 | 0x14010ea70 | 0x13a140 | 0x138d40 | 0x1e |
| PtInRect | 0x0 | 0x14010ea78 | 0x13a148 | 0x138d48 | 0x244 |
| SetMenuItemInfoW | 0x0 | 0x14010ea80 | 0x13a150 | 0x138d50 | 0x2a8 |
| GetMenuItemInfoW | 0x0 | 0x14010ea88 | 0x13a158 | 0x138d58 | 0x156 |
| InsertMenuItemW | 0x0 | 0x14010ea90 | 0x13a160 | 0x138d60 | 0x1bd |
| TrackPopupMenu | 0x0 | 0x14010ea98 | 0x13a168 | 0x138d68 | 0x2fe |
| DeleteMenu | 0x0 | 0x14010eaa0 | 0x13a170 | 0x138d70 | 0x9e |
| GetMenuItemID | 0x0 | 0x14010eaa8 | 0x13a178 | 0x138d78 | 0x154 |
| SetMenu | 0x0 | 0x14010eab0 | 0x13a180 | 0x138d80 | 0x2a2 |
| LoadMenuW | 0x0 | 0x14010eab8 | 0x13a188 | 0x138d88 | 0x1fb |
| LoadAcceleratorsW | 0x0 | 0x14010eac0 | 0x13a190 | 0x138d90 | 0x1e9 |
| IsChild | 0x0 | 0x14010eac8 | 0x13a198 | 0x138d98 | 0x1cd |
| RegisterClassW | 0x0 | 0x14010ead0 | 0x13a1a0 | 0x138da0 | 0x252 |
| PostQuitMessage | 0x0 | 0x14010ead8 | 0x13a1a8 | 0x138da8 | 0x23b |
| SetScrollRange | 0x0 | 0x14010eae0 | 0x13a1b0 | 0x138db0 | 0x2b8 |
| SetScrollPos | 0x0 | 0x14010eae8 | 0x13a1b8 | 0x138db8 | 0x2b7 |
| ScrollWindowEx | 0x0 | 0x14010eaf0 | 0x13a1c0 | 0x138dc0 | 0x275 |
| GetClipboardData | 0x0 | 0x14010eaf8 | 0x13a1c8 | 0x138dc8 | 0x118 |
| LoadIconW | 0x0 | 0x14010eb00 | 0x13a1d0 | 0x138dd0 | 0x1f1 |
| CreateDialogParamW | 0x0 | 0x14010eb08 | 0x13a1d8 | 0x138dd8 | 0x63 |
| GetMessageW | 0x0 | 0x14010eb10 | 0x13a1e0 | 0x138de0 | 0x15f |
| PostThreadMessageW | 0x0 | 0x14010eb18 | 0x13a1e8 | 0x138de8 | 0x23d |
| IsDialogMessageW | 0x0 | 0x14010eb20 | 0x13a1f0 | 0x138df0 | 0x1d1 |
| GetIconInfo | 0x0 | 0x14010eb28 | 0x13a1f8 | 0x138df8 | 0x135 |
| CreateIconIndirect | 0x0 | 0x14010eb30 | 0x13a200 | 0x138e00 | 0x67 |
| FindWindowW | 0x0 | 0x14010eb38 | 0x13a208 | 0x138e08 | 0xfa |
| RemovePropW | 0x0 | 0x14010eb40 | 0x13a210 | 0x138e10 | 0x26d |
| SendMessageW | 0x0 | 0x14010eb48 | 0x13a218 | 0x138e18 | 0x280 |
| DefWindowProcW | 0x0 | 0x14010eb50 | 0x13a220 | 0x138e20 | 0x9c |
| CreateWindowExW | 0x0 | 0x14010eb58 | 0x13a228 | 0x138e28 | 0x6e |
| DestroyWindow | 0x0 | 0x14010eb60 | 0x13a230 | 0x138e30 | 0xa6 |
| SetFocus | 0x0 | 0x14010eb68 | 0x13a238 | 0x138e38 | 0x298 |
| GetWindowTextW | 0x0 | 0x14010eb70 | 0x13a240 | 0x138e40 | 0x1a7 |
| GetWindowLongW | 0x0 | 0x14010eb78 | 0x13a248 | 0x138e48 | 0x19a |
| SetWindowLongW | 0x0 | 0x14010eb80 | 0x13a250 | 0x138e50 | 0x2cc |
| SetWindowPos | 0x0 | 0x14010eb88 | 0x13a258 | 0x138e58 | 0x2ce |
| GetWindowPlacement | 0x0 | 0x14010eb90 | 0x13a260 | 0x138e60 | 0x19f |
| SetWindowPlacement | 0x0 | 0x14010eb98 | 0x13a268 | 0x138e68 | 0x2cd |
| IsWindowVisible | 0x0 | 0x14010eba0 | 0x13a270 | 0x138e70 | 0x1e4 |
| DialogBoxParamW | 0x0 | 0x14010eba8 | 0x13a278 | 0x138e78 | 0xac |
| GetPropW | 0x0 | 0x14010ebb0 | 0x13a280 | 0x138e80 | 0x16d |
| SetPropW | 0x0 | 0x14010ebb8 | 0x13a288 | 0x138e88 | 0x2b3 |
| GetForegroundWindow | 0x0 | 0x14010ebc0 | 0x13a290 | 0x138e90 | 0x12f |
| TranslateAcceleratorW | 0x0 | 0x14010ebc8 | 0x13a298 | 0x138e98 | 0x302 |
| CreateDialogIndirectParamW | 0x0 | 0x14010ebd0 | 0x13a2a0 | 0x138ea0 | 0x61 |
| GetLastActivePopup | 0x0 | 0x14010ebd8 | 0x13a2a8 | 0x138ea8 | 0x146 |
| GetMenuState | 0x0 | 0x14010ebe0 | 0x13a2b0 | 0x138eb0 | 0x158 |
| BringWindowToTop | 0x0 | 0x14010ebe8 | 0x13a2b8 | 0x138eb8 | 0x10 |
| DispatchMessageW | 0x0 | 0x14010ebf0 | 0x13a2c0 | 0x138ec0 | 0xaf |
| InsertMenuW | 0x0 | 0x14010ebf8 | 0x13a2c8 | 0x138ec8 | 0x1be |
| GetSubMenu | 0x0 | 0x14010ec00 | 0x13a2d0 | 0x138ed0 | 0x17c |
| DestroyMenu | 0x0 | 0x14010ec08 | 0x13a2d8 | 0x138ed8 | 0xa4 |
| CreatePopupMenu | 0x0 | 0x14010ec10 | 0x13a2e0 | 0x138ee0 | 0x6b |
| GetMenu | 0x0 | 0x14010ec18 | 0x13a2e8 | 0x138ee8 | 0x14d |
| IsWindow | 0x0 | 0x14010ec20 | 0x13a2f0 | 0x138ef0 | 0x1df |
| EndDialog | 0x0 | 0x14010ec28 | 0x13a2f8 | 0x138ef8 | 0xda |
| GetDlgItem | 0x0 | 0x14010ec30 | 0x13a300 | 0x138f00 | 0x129 |
| SetDlgItemTextW | 0x0 | 0x14010ec38 | 0x13a308 | 0x138f08 | 0x296 |
| GetDlgItemTextW | 0x0 | 0x14010ec40 | 0x13a310 | 0x138f10 | 0x12c |
| SendDlgItemMessageW | 0x0 | 0x14010ec48 | 0x13a318 | 0x138f18 | 0x277 |
| GetWindowRect | 0x0 | 0x14010ec50 | 0x13a320 | 0x138f20 | 0x1a0 |
| MapWindowPoints | 0x0 | 0x14010ec58 | 0x13a328 | 0x138f28 | 0x20d |
| GetParent | 0x0 | 0x14010ec60 | 0x13a330 | 0x138f30 | 0x166 |
| DestroyIcon | 0x0 | 0x14010ec68 | 0x13a338 | 0x138f38 | 0xa3 |
| CheckDlgButton | 0x0 | 0x14010ec70 | 0x13a340 | 0x138f40 | 0x3e |
| PostMessageW | 0x0 | 0x14010ec78 | 0x13a348 | 0x138f48 | 0x23a |
| InvalidateRect | 0x0 | 0x14010ec80 | 0x13a350 | 0x138f50 | 0x1c2 |
| EnumChildWindows | 0x0 | 0x14010ec88 | 0x13a358 | 0x138f58 | 0xdf |
| GetClassNameW | 0x0 | 0x14010ec90 | 0x13a360 | 0x138f60 | 0x114 |
| ShowWindow | 0x0 | 0x14010ec98 | 0x13a368 | 0x138f68 | 0x2e7 |
| CharToOemBuffA | 0x0 | 0x14010eca0 | 0x13a370 | 0x138f70 | 0x36 |
| SetDlgItemInt | 0x0 | 0x14010eca8 | 0x13a378 | 0x138f78 | 0x294 |
| GetDlgItemInt | 0x0 | 0x14010ecb0 | 0x13a380 | 0x138f80 | 0x12a |
| TranslateMessage | 0x0 | 0x14010ecb8 | 0x13a388 | 0x138f88 | 0x304 |
| GetMenuItemCount | 0x0 | 0x14010ecc0 | 0x13a390 | 0x138f90 | 0x153 |
| WaitForInputIdle | 0x0 | 0x14010ecc8 | 0x13a398 | 0x138f98 | 0x32e |
| LoadCursorW | 0x0 | 0x14010ecd0 | 0x13a3a0 | 0x138fa0 | 0x1ef |
| GetWindowThreadProcessId | 0x0 | 0x14010ecd8 | 0x13a3a8 | 0x138fa8 | 0x1a8 |
| WindowFromPoint | 0x0 | 0x14010ece0 | 0x13a3b0 | 0x138fb0 | 0x334 |
| SetCursor | 0x0 | 0x14010ece8 | 0x13a3b8 | 0x138fb8 | 0x28e |
| GetKeyState | 0x0 | 0x14010ecf0 | 0x13a3c0 | 0x138fc0 | 0x13f |
| RegisterClipboardFormatW | 0x0 | 0x14010ecf8 | 0x13a3c8 | 0x138fc8 | 0x254 |
| SystemParametersInfoA | 0x0 | 0x14010ed00 | 0x13a3d0 | 0x138fd0 | 0x2f3 |
| GetDesktopWindow | 0x0 | 0x14010ed08 | 0x13a3d8 | 0x138fd8 | 0x125 |
| GetWindowLongPtrW | 0x0 | 0x14010ed10 | 0x13a3e0 | 0x138fe0 | 0x199 |
| IntersectRect | 0x0 | 0x14010ed18 | 0x13a3e8 | 0x138fe8 | 0x1c1 |
| GetCursorPos | 0x0 | 0x14010ed20 | 0x13a3f0 | 0x138ff0 | 0x122 |
| SetWindowTextW | 0x0 | 0x14010ed28 | 0x13a3f8 | 0x138ff8 | 0x2d3 |
| ReleaseDC | 0x0 | 0x14010ed30 | 0x13a400 | 0x139000 | 0x269 |
| GetDC | 0x0 | 0x14010ed38 | 0x13a408 | 0x139008 | 0x123 |
| GetSystemMetrics | 0x0 | 0x14010ed40 | 0x13a410 | 0x139010 | 0x180 |
| EnableWindow | 0x0 | 0x14010ed48 | 0x13a418 | 0x139018 | 0xd8 |
| IsIconic | 0x0 | 0x14010ed50 | 0x13a420 | 0x139020 | 0x1d5 |
| IsWindowEnabled | 0x0 | 0x14010ed58 | 0x13a428 | 0x139028 | 0x1e0 |
| IsDlgButtonChecked | 0x0 | 0x14010ed60 | 0x13a430 | 0x139030 | 0x1d2 |
| CharLowerW | 0x0 | 0x14010ed68 | 0x13a438 | 0x139038 | 0x2e |
GDI32.dll (30)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| TextOutA | 0x0 | 0x14010e128 | 0x1397f8 | 0x1383f8 | 0x2b8 |
| SetPixel | 0x0 | 0x14010e130 | 0x139800 | 0x138400 | 0x29b |
| Rectangle | 0x0 | 0x14010e138 | 0x139808 | 0x138408 | 0x25f |
| GetTextExtentPoint32W | 0x0 | 0x14010e140 | 0x139810 | 0x138410 | 0x21e |
| CreateSolidBrush | 0x0 | 0x14010e148 | 0x139818 | 0x138418 | 0x54 |
| CreateDIBSection | 0x0 | 0x14010e150 | 0x139820 | 0x138420 | 0x35 |
| GetPixel | 0x0 | 0x14010e158 | 0x139828 | 0x138428 | 0x204 |
| DPtoLP | 0x0 | 0x14010e160 | 0x139830 | 0x138430 | 0xa4 |
| StretchBlt | 0x0 | 0x14010e168 | 0x139838 | 0x138438 | 0x2b3 |
| SetMapMode | 0x0 | 0x14010e170 | 0x139840 | 0x138440 | 0x294 |
| GetMapMode | 0x0 | 0x14010e178 | 0x139848 | 0x138448 | 0x1f0 |
| GetDeviceCaps | 0x0 | 0x14010e180 | 0x139850 | 0x138450 | 0x1cb |
| CreateCompatibleBitmap | 0x0 | 0x14010e188 | 0x139858 | 0x138458 | 0x2f |
| CreateBitmap | 0x0 | 0x14010e190 | 0x139860 | 0x138460 | 0x29 |
| ExtTextOutW | 0x0 | 0x14010e198 | 0x139868 | 0x138468 | 0x138 |
| SetBkColor | 0x0 | 0x14010e1a0 | 0x139870 | 0x138470 | 0x27e |
| DeleteDC | 0x0 | 0x14010e1a8 | 0x139878 | 0x138478 | 0xe3 |
| CreateCompatibleDC | 0x0 | 0x14010e1b0 | 0x139880 | 0x138480 | 0x30 |
| BitBlt | 0x0 | 0x14010e1b8 | 0x139888 | 0x138488 | 0x13 |
| GetObjectW | 0x0 | 0x14010e1c0 | 0x139890 | 0x138490 | 0x1fd |
| TextOutW | 0x0 | 0x14010e1c8 | 0x139898 | 0x138498 | 0x2b9 |
| MoveToEx | 0x0 | 0x14010e1d0 | 0x1398a0 | 0x1384a0 | 0x23a |
| SetTextColor | 0x0 | 0x14010e1d8 | 0x1398a8 | 0x1384a8 | 0x2a6 |
| LineTo | 0x0 | 0x14010e1e0 | 0x1398b0 | 0x1384b0 | 0x236 |
| CreatePen | 0x0 | 0x14010e1e8 | 0x1398b8 | 0x1384b8 | 0x4b |
| GetTextFaceW | 0x0 | 0x14010e1f0 | 0x1398c0 | 0x1384c0 | 0x224 |
| GetTextMetricsW | 0x0 | 0x14010e1f8 | 0x1398c8 | 0x1384c8 | 0x226 |
| SelectObject | 0x0 | 0x14010e200 | 0x1398d0 | 0x1384d0 | 0x277 |
| DeleteObject | 0x0 | 0x14010e208 | 0x1398d8 | 0x1384d8 | 0xe6 |
| CreateFontW | 0x0 | 0x14010e210 | 0x1398e0 | 0x1384e0 | 0x41 |
COMDLG32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetOpenFileNameW | 0x0 | 0x14010e100 | 0x1397d0 | 0x1383d0 | 0xc |
| GetSaveFileNameW | 0x0 | 0x14010e108 | 0x1397d8 | 0x1383d8 | 0xe |
| CommDlgExtendedError | 0x0 | 0x14010e110 | 0x1397e0 | 0x1383e0 | 0x4 |
| ChooseFontW | 0x0 | 0x14010e118 | 0x1397e8 | 0x1383e8 | 0x3 |
ADVAPI32.dll (25)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| AllocateAndInitializeSid | 0x0 | 0x14010e000 | 0x1396d0 | 0x1382d0 | 0x20 |
| AccessCheck | 0x0 | 0x14010e008 | 0x1396d8 | 0x1382d8 | 0x5 |
| OpenProcessToken | 0x0 | 0x14010e010 | 0x1396e0 | 0x1382e0 | 0x1f7 |
| MapGenericMask | 0x0 | 0x14010e018 | 0x1396e8 | 0x1382e8 | 0x1e3 |
| GetFileSecurityW | 0x0 | 0x14010e020 | 0x1396f0 | 0x1382f0 | 0x130 |
| RegCloseKey | 0x0 | 0x14010e028 | 0x1396f8 | 0x1382f8 | 0x230 |
| IsTextUnicode | 0x0 | 0x14010e030 | 0x139700 | 0x138300 | 0x180 |
| RegSetValueExW | 0x0 | 0x14010e038 | 0x139708 | 0x138308 | 0x27e |
| RegEnumValueW | 0x0 | 0x14010e040 | 0x139710 | 0x138310 | 0x252 |
| RegEnumKeyExW | 0x0 | 0x14010e048 | 0x139718 | 0x138318 | 0x24f |
| RegDeleteValueW | 0x0 | 0x14010e050 | 0x139720 | 0x138320 | 0x248 |
| RegDeleteKeyW | 0x0 | 0x14010e058 | 0x139728 | 0x138328 | 0x244 |
| RegCreateKeyExW | 0x0 | 0x14010e060 | 0x139730 | 0x138330 | 0x239 |
| CheckTokenMembership | 0x0 | 0x14010e068 | 0x139738 | 0x138338 | 0x51 |
| FreeSid | 0x0 | 0x14010e070 | 0x139740 | 0x138340 | 0x120 |
| DuplicateToken | 0x0 | 0x14010e078 | 0x139748 | 0x138348 | 0xde |
| SetFileSecurityW | 0x0 | 0x14010e080 | 0x139750 | 0x138350 | 0x2aa |
| GetSecurityDescriptorLength | 0x0 | 0x14010e088 | 0x139758 | 0x138358 | 0x14a |
| CryptGenRandom | 0x0 | 0x14010e090 | 0x139760 | 0x138360 | 0xc1 |
| CryptReleaseContext | 0x0 | 0x14010e098 | 0x139768 | 0x138368 | 0xcb |
| CryptAcquireContextW | 0x0 | 0x14010e0a0 | 0x139770 | 0x138370 | 0xb1 |
| LookupPrivilegeValueW | 0x0 | 0x14010e0a8 | 0x139778 | 0x138378 | 0x197 |
| AdjustTokenPrivileges | 0x0 | 0x14010e0b0 | 0x139780 | 0x138380 | 0x1f |
| RegQueryValueExW | 0x0 | 0x14010e0b8 | 0x139788 | 0x138388 | 0x26e |
| RegOpenKeyExW | 0x0 | 0x14010e0c0 | 0x139790 | 0x138390 | 0x261 |
SHELL32.dll (19)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| FindExecutableW | 0x0 | 0x14010e800 | 0x139ed0 | 0x138ad0 | 0x2d |
| DragFinish | 0x0 | 0x14010e808 | 0x139ed8 | 0x138ad8 | 0x1b |
| DragQueryFileW | 0x0 | 0x14010e810 | 0x139ee0 | 0x138ae0 | 0x1f |
| Shell_NotifyIconW | 0x0 | 0x14010e818 | 0x139ee8 | 0x138ae8 | 0x12e |
| DragAcceptFiles | 0x0 | 0x14010e820 | 0x139ef0 | 0x138af0 | 0x1a |
| SHGetSpecialFolderLocation | 0x0 | 0x14010e828 | 0x139ef8 | 0x138af8 | 0xdf |
| (by ordinal) | 0x64 | 0x14010e830 | 0x139f00 | 0x138b00 | - |
| SHAddToRecentDocs | 0x0 | 0x14010e838 | 0x139f08 | 0x138b08 | 0x70 |
| SHFileOperationW | 0x0 | 0x14010e840 | 0x139f10 | 0x138b10 | 0xac |
| SHGetFolderPathW | 0x0 | 0x14010e848 | 0x139f18 | 0x138b18 | 0xc3 |
| ShellExecuteExW | 0x0 | 0x14010e850 | 0x139f20 | 0x138b20 | 0x121 |
| SHBrowseForFolderW | 0x0 | 0x14010e858 | 0x139f28 | 0x138b28 | 0x7b |
| SHGetMalloc | 0x0 | 0x14010e860 | 0x139f30 | 0x138b30 | 0xcf |
| SHChangeNotify | 0x0 | 0x14010e868 | 0x139f38 | 0x138b38 | 0x7f |
| SHGetDesktopFolder | 0x0 | 0x14010e870 | 0x139f40 | 0x138b40 | 0xb6 |
| SHGetFolderLocation | 0x0 | 0x14010e878 | 0x139f48 | 0x138b48 | 0xbe |
| SHGetPathFromIDListW | 0x0 | 0x14010e880 | 0x139f50 | 0x138b50 | 0xd7 |
| SHGetFileInfoW | 0x0 | 0x14010e888 | 0x139f58 | 0x138b58 | 0xbd |
| ShellExecuteW | 0x0 | 0x14010e890 | 0x139f60 | 0x138b60 | 0x122 |
ole32.dll (12)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RevokeDragDrop | 0x0 | 0x14010ee08 | 0x13a4d8 | 0x1390d8 | 0x18d |
| RegisterDragDrop | 0x0 | 0x14010ee10 | 0x13a4e0 | 0x1390e0 | 0x18b |
| OleUninitialize | 0x0 | 0x14010ee18 | 0x13a4e8 | 0x1390e8 | 0x17d |
| OleInitialize | 0x0 | 0x14010ee20 | 0x13a4f0 | 0x1390f0 | 0x166 |
| CLSIDFromString | 0x0 | 0x14010ee28 | 0x13a4f8 | 0x1390f8 | 0xc |
| CreateStreamOnHGlobal | 0x0 | 0x14010ee30 | 0x13a500 | 0x139100 | 0x8a |
| CoTaskMemAlloc | 0x0 | 0x14010ee38 | 0x13a508 | 0x139108 | 0x6b |
| CoInitializeEx | 0x0 | 0x14010ee40 | 0x13a510 | 0x139110 | 0x43 |
| CoTaskMemFree | 0x0 | 0x14010ee48 | 0x13a518 | 0x139118 | 0x6c |
| CoCreateInstance | 0x0 | 0x14010ee50 | 0x13a520 | 0x139120 | 0x14 |
| OleSetClipboard | 0x0 | 0x14010ee58 | 0x13a528 | 0x139128 | 0x179 |
| DoDragDrop | 0x0 | 0x14010ee60 | 0x13a530 | 0x139130 | 0x90 |
OLEAUT32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| VariantClear | 0x9 | 0x14010e7d8 | 0x139ea8 | 0x138aa8 | - |
| SysAllocString | 0x2 | 0x14010e7e0 | 0x139eb0 | 0x138ab0 | - |
SHLWAPI.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| StrCmpLogicalW | 0x0 | 0x14010e8a0 | 0x139f70 | 0x138b70 | 0x11a |
| SHAutoComplete | 0x0 | 0x14010e8a8 | 0x139f78 | 0x138b78 | 0xa4 |
POWRPROF.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SetSuspendState | 0x0 | 0x14010e7f0 | 0x139ec0 | 0x138ac0 | 0x57 |
COMCTL32.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CreateStatusWindowW | 0x0 | 0x14010e0d0 | 0x1397a0 | 0x1383a0 | 0xc |
| ImageList_Create | 0x0 | 0x14010e0d8 | 0x1397a8 | 0x1383a8 | 0x54 |
| ImageList_ReplaceIcon | 0x0 | 0x14010e0e0 | 0x1397b0 | 0x1383b0 | 0x70 |
| InitCommonControlsEx | 0x0 | 0x14010e0e8 | 0x1397b8 | 0x1383b8 | 0x7c |
| PropertySheetW | 0x0 | 0x14010e0f0 | 0x1397c0 | 0x1383c0 | 0x86 |
UxTheme.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| IsThemeActive | 0x0 | 0x14010ed78 | 0x13a448 | 0x139048 | 0x3f |
| IsAppThemed | 0x0 | 0x14010ed80 | 0x13a450 | 0x139050 | 0x3d |
gdiplus.dll (14)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GdiplusShutdown | 0x0 | 0x14010ed90 | 0x13a460 | 0x139060 | 0x274 |
| GdiplusStartup | 0x0 | 0x14010ed98 | 0x13a468 | 0x139068 | 0x275 |
| GdipCreateHBITMAPFromBitmap | 0x0 | 0x14010eda0 | 0x13a470 | 0x139070 | 0x5f |
| GdipCreateBitmapFromFileICM | 0x0 | 0x14010eda8 | 0x13a478 | 0x139078 | 0x4a |
| GdipCreateBitmapFromStreamICM | 0x0 | 0x14010edb0 | 0x13a480 | 0x139080 | 0x52 |
| GdipCreateBitmapFromFile | 0x0 | 0x14010edb8 | 0x13a488 | 0x139088 | 0x49 |
| GdipCreateBitmapFromStream | 0x0 | 0x14010edc0 | 0x13a490 | 0x139090 | 0x51 |
| GdipDisposeImage | 0x0 | 0x14010edc8 | 0x13a498 | 0x139098 | 0x98 |
| GdipCloneImage | 0x0 | 0x14010edd0 | 0x13a4a0 | 0x1390a0 | 0x36 |
| GdipFree | 0x0 | 0x14010edd8 | 0x13a4a8 | 0x1390a8 | 0xed |
| GdipAlloc | 0x0 | 0x14010ede0 | 0x13a4b0 | 0x1390b0 | 0x21 |
| GdipCreateBitmapFromHBITMAP | 0x0 | 0x14010ede8 | 0x13a4b8 | 0x1390b8 | 0x4d |
| GdipBitmapGetPixel | 0x0 | 0x14010edf0 | 0x13a4c0 | 0x1390c0 | 0x2a |
| GdipBitmapSetPixel | 0x0 | 0x14010edf8 | 0x13a4c8 | 0x1390c8 | 0x2c |
MSIMG32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GradientFill | 0x0 | 0x14010e7c8 | 0x139e98 | 0x138a98 | 0x2 |
Icons (6)
»
Digital Signatures (2)
»
Certificate: win.rar GmbH
»
| Issued by | win.rar GmbH |
| Parent Certificate | COMODO RSA Code Signing CA |
| Country Name | DE |
| Valid From | 2017-06-02 00:00:00+00:00 |
| Valid Until | 2020-06-01 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 52 9E 3F 9F CF 7D 58 D5 20 D6 07 AB 74 39 50 02 |
| Thumbprint | CA 0C E7 88 18 E2 7A 35 FA 76 F8 85 7A 1A 16 3E F3 67 97 29 |
Certificate: COMODO RSA Code Signing CA
»
| Issued by | COMODO RSA Code Signing CA |
| Country Name | GB |
| Valid From | 2013-05-09 00:00:00+00:00 |
| Valid Until | 2028-05-08 23:59:59+00:00 |
| Algorithm | sha384_rsa |
| Serial Number | 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF |
| Thumbprint | B6 9E 75 2B BE 88 B4 45 82 00 A7 C0 F4 F5 B3 CC E6 F3 5B 47 |
Memory Dumps (2)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| winrar.exe | 11 | 0x7FF6F74D0000 | 0x7FF6F779FFFF | Process Termination | - | 64-bit | - |
|
...
|
| winrar.exe | 10 | 0x7FF6F74D0000 | 0x7FF6F779FFFF | Process Termination | - | 64-bit | - |
|
...
|
| c:\users\fd1hvy\appdata\local\temp\wallpaper.png | Dropped File | Image |
Unknown
|
...
|
»
| Mime Type | image/png |
| File Size | 679.01 KB |
| MD5 |
4eaf9cbc1438214622460aa18fbf050d
|
| SHA1 |
543c921d0f75bb5a8a9cd1bf1096d2d0af69170e
|
| SHA256 |
a935f1af2674e6577a02f7b2f53ad98612fd55dd2f3f51cb476767c01f4076e8
|
| SSDeep |
12288:whHUpY2wdt2pD5969U59o6xM4T1GFg6qaUlZCZSjX4lZuuS+L+26TCNYBuGAR:va2K2pD596mzosrGFg6qao0SjXGuu/+S
|
| C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat | Dropped File | Stream |
Unknown
|
...
|
»
| Mime Type | application/octet-stream |
| File Size | 0.01 KB |
| MD5 |
86d13c755ee816538758ea7aa2942899
|
| SHA1 |
2bc649ed0171190ae9d4a76a399a2c82310c4c2d
|
| SHA256 |
1dcf06035130cacff7d4ff78c0337532eacb190647b9e1633d247fc69e34d62a
|
| SSDeep |
3:bZi:4
|
| Mime Type | application/x-rar |
| File Size | 2.09 MB |
| MD5 |
1529f351c2fa6e418339daccb62c82e7
|
| SHA1 |
8553fc21b935c408f801bc2080da58f1bff66f69
|
| SHA256 |
799c8d082fe7ee8bd2094495e17edd836ff1680e185d8297eb5da5a5a1ce8c3e
|
| SSDeep |
49152:QJODSx4QT/yfmAl/gencu3YT/woKEo5HKOqA0A5JOGKwOyVCN:QJ9ufmLhwb5KAa5
|
| Mime Type | application/x-rar |
| File Size | 4.93 MB |
| MD5 |
efa4ac54e99fdd29a9c5edf45ddaaa54
|
| SHA1 |
7d248783bb8ff1b88458ebd21c9ec8fd56275281
|
| SHA256 |
41290334b1e39a052138f7397495cccebc4675f3fd5a49b0a28ea015d768e5cc
|
| SSDeep |
98304:sqq9/v6ZTjRW6S8TP7PaTxncuJf6fVc2hnfzbOrTPg8X4p7Y8b:9q9cA6FTjnLKrD7Xw7pb
|
| Mime Type | application/x-rar |
| File Size | 2.54 MB |
| MD5 |
370e8acf7a8d836e91d6f1a593bfad56
|
| SHA1 |
624bebba8d39ce5f887f41d51e66160f4c3596cc
|
| SHA256 |
012fb962c6ff6e5153eb240c019c139c5bfb95c1bf664d5750b102b6058057ab
|
| SSDeep |
49152:eZJE7juqkEOpR7YAjDh1+n65Q/6qChell8dlKffN48iRFTxrT5g:eZojKpLb+iy8hof21xe
|
| a9cc21918e31544089e25bd0c05dd122eed596c9e532db85946befd07fb1fbe6 | Downloaded File | Stream |
Unknown
|
...
|
»
| Parent File | analysis.pcap |
| Mime Type | application/octet-stream |
| File Size | 1.47 KB |
| MD5 |
4d9242fd477c2ecc683bed8a80c64e80
|
| SHA1 |
f4372d280c3d49cfa7f6c85b6a0bba0821cbdaa5
|
| SHA256 |
a9cc21918e31544089e25bd0c05dd122eed596c9e532db85946befd07fb1fbe6
|
| SSDeep |
24:WG/xgSvmq85PUWRLBInsDuUCG7yQj01oAho/0p6ruXfxBcxtBehU:WG/HexxInsaUDj0No/0IujQP
|
