9542c4da...9ff2 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Dropper, Backdoor

laafdy.exe

Windows Exe (x86-32)

Created at 2019-04-10T11:54:00

...
Filters:
Filename Category Type Severity Actions
49a39c4522da2873995ef6fa737fc071ae84f07ee7b506a7c1aa21ad53d0017b Downloaded File Unknown
Whitelisted
...
»
Parent File analysis.pcap
Mime Type application/vnd.ms-cab-compressed
File Size 6.38 KB
MD5 1d58cfa769ed4a8a240be2a6d60457fa Copy to Clipboard
SHA1 e60da9950c27d9b7e0a987e5ff96badfd819221e Copy to Clipboard
SHA256 49a39c4522da2873995ef6fa737fc071ae84f07ee7b506a7c1aa21ad53d0017b Copy to Clipboard
SSDeep 96:X5xIEktBYkem16ggBJxiVUTf+DHJwIxnDxPWv3hY3j36xREb9poDJ7CaIGso:JGikem0gvVU4JbxDyajKve9pQJ7C+so Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2019-04-05 10:24 (UTC+2)
Last Seen 2019-04-07 16:08 (UTC+2)
5e424c66d89d800faa88c2c06353956b4d18fdebd39dc03d808a7d32af9b4f6c Downloaded File Stream
Whitelisted
...
»
Parent File analysis.pcap
Mime Type application/octet-stream
File Size 5.01 KB
MD5 76eaccae4741e72d3dd761b827263548 Copy to Clipboard
SHA1 147e59e94244f13ced7f83fb9ea23e2e034c1c90 Copy to Clipboard
SHA256 5e424c66d89d800faa88c2c06353956b4d18fdebd39dc03d808a7d32af9b4f6c Copy to Clipboard
SSDeep 96:U0rRpiz/pqC6hdxhtPZcF6zmLeoL3+FvF0FBWRevPVL66YcgU:U0FpiTpqRxht2F6zmLeoLuFvF0FrW5U Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2019-04-03 13:15 (UTC+2)
Last Seen 2019-04-04 14:26 (UTC+2)
ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d Downloaded File Unknown
Whitelisted
...
»
Parent File analysis.pcap
Mime Type application/vnd.ms-cab-compressed
File Size 7.61 KB
MD5 fb60e1afe48764e6bf78719c07813d32 Copy to Clipboard
SHA1 a1dc74ef8495c9a1489dd937659b5c2875027e16 Copy to Clipboard
SHA256 ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d Copy to Clipboard
SSDeep 192:CPTIWKvNnUBBBL05O/b0evl2G6AXK+KMlYX82:CbevNUBDLlz0eN2dAXlKH Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2017-06-03 02:09 (UTC+2)
Last Seen 2019-02-22 02:25 (UTC+1)
C:\Users\FD1HVy\Desktop\laafdy.exe Sample File Binary
Unknown
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 1.20 MB
MD5 b6ebd9021bce7665ac01a1614ef6b7e6 Copy to Clipboard
SHA1 81109eef625dec849e60d61f8e17dc8b7d893246 Copy to Clipboard
SHA256 9542c4da58ef85804bd1240ed67bef02f5d5bca0b0084a074a3575894d929ff2 Copy to Clipboard
SSDeep 24576:KCdxte/80jYLT3U1jfsWagtD3Y37V7bLMKixQaZ:Lw80cTsjkWag+79b4KxM Copy to Clipboard
ImpHash afcdf79be1557326c854b6e20cb900a7 Copy to Clipboard
Parser Error Remark Static analyzer was unable to completely parse the analyzed file
PE Information
»
Image Base 0x400000
Entry Point 0x427f4a
Size Of Code 0x8de00
Size Of Initialized Data 0x98600
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2019-04-02 09:51:37+00:00
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x8dd2e 0x8de00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.68
.rdata 0x48f000 0x2e10e 0x2e200 0x8e200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.76
.data 0x4be000 0x8f74 0x5200 0xbc400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 1.2
.rsrc 0x4c7000 0x5dfb4 0x5e000 0xc1600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.78
.reloc 0x525000 0x7130 0x7200 0x11f600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.78
Imports (18)
»
WSOCK32.dll (23)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WSACleanup 0x74 0x48f7c8 0xbad90 0xb9f90 -
socket 0x17 0x48f7cc 0xbad94 0xb9f94 -
inet_ntoa 0xc 0x48f7d0 0xbad98 0xb9f98 -
setsockopt 0x15 0x48f7d4 0xbad9c 0xb9f9c -
ntohs 0xf 0x48f7d8 0xbada0 0xb9fa0 -
recvfrom 0x11 0x48f7dc 0xbada4 0xb9fa4 -
ioctlsocket 0xa 0x48f7e0 0xbada8 0xb9fa8 -
htons 0x9 0x48f7e4 0xbadac 0xb9fac -
WSAStartup 0x73 0x48f7e8 0xbadb0 0xb9fb0 -
__WSAFDIsSet 0x97 0x48f7ec 0xbadb4 0xb9fb4 -
select 0x12 0x48f7f0 0xbadb8 0xb9fb8 -
accept 0x1 0x48f7f4 0xbadbc 0xb9fbc -
listen 0xd 0x48f7f8 0xbadc0 0xb9fc0 -
bind 0x2 0x48f7fc 0xbadc4 0xb9fc4 -
closesocket 0x3 0x48f800 0xbadc8 0xb9fc8 -
WSAGetLastError 0x6f 0x48f804 0xbadcc 0xb9fcc -
recv 0x10 0x48f808 0xbadd0 0xb9fd0 -
sendto 0x14 0x48f80c 0xbadd4 0xb9fd4 -
send 0x13 0x48f810 0xbadd8 0xb9fd8 -
inet_addr 0xb 0x48f814 0xbaddc 0xb9fdc -
gethostbyname 0x34 0x48f818 0xbade0 0xb9fe0 -
gethostname 0x39 0x48f81c 0xbade4 0xb9fe4 -
connect 0x4 0x48f820 0xbade8 0xb9fe8 -
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoW 0x0 0x48f76c 0xbad34 0xb9f34 0x6
GetFileVersionInfoSizeW 0x0 0x48f770 0xbad38 0xb9f38 0x5
VerQueryValueW 0x0 0x48f774 0xbad3c 0xb9f3c 0xe
WINMM.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
timeGetTime 0x0 0x48f7b8 0xbad80 0xb9f80 0x94
waveOutSetVolume 0x0 0x48f7bc 0xbad84 0xb9f84 0xbb
mciSendStringW 0x0 0x48f7c0 0xbad88 0xb9f88 0x32
COMCTL32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_ReplaceIcon 0x0 0x48f088 0xba650 0xb9850 0x6f
ImageList_Destroy 0x0 0x48f08c 0xba654 0xb9854 0x54
ImageList_Remove 0x0 0x48f090 0xba658 0xb9858 0x6d
ImageList_SetDragCursorImage 0x0 0x48f094 0xba65c 0xb985c 0x72
ImageList_BeginDrag 0x0 0x48f098 0xba660 0xb9860 0x50
ImageList_DragEnter 0x0 0x48f09c 0xba664 0xb9864 0x56
ImageList_DragLeave 0x0 0x48f0a0 0xba668 0xb9868 0x57
ImageList_EndDrag 0x0 0x48f0a4 0xba66c 0xb986c 0x5e
ImageList_DragMove 0x0 0x48f0a8 0xba670 0xb9870 0x58
InitCommonControlsEx 0x0 0x48f0ac 0xba674 0xb9874 0x7b
ImageList_Create 0x0 0x48f0b0 0xba678 0xb9878 0x53
MPR.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WNetUseConnectionW 0x0 0x48f3f8 0xba9c0 0xb9bc0 0x49
WNetCancelConnection2W 0x0 0x48f3fc 0xba9c4 0xb9bc4 0xc
WNetGetConnectionW 0x0 0x48f400 0xba9c8 0xb9bc8 0x24
WNetAddConnection2W 0x0 0x48f404 0xba9cc 0xb9bcc 0x6
WININET.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InternetQueryDataAvailable 0x0 0x48f77c 0xbad44 0xb9f44 0x9b
InternetCloseHandle 0x0 0x48f780 0xbad48 0xb9f48 0x6b
InternetOpenW 0x0 0x48f784 0xbad4c 0xb9f4c 0x9a
InternetSetOptionW 0x0 0x48f788 0xbad50 0xb9f50 0xaf
InternetCrackUrlW 0x0 0x48f78c 0xbad54 0xb9f54 0x74
HttpQueryInfoW 0x0 0x48f790 0xbad58 0xb9f58 0x5a
InternetQueryOptionW 0x0 0x48f794 0xbad5c 0xb9f5c 0x9e
HttpOpenRequestW 0x0 0x48f798 0xbad60 0xb9f60 0x58
HttpSendRequestW 0x0 0x48f79c 0xbad64 0xb9f64 0x5e
FtpOpenFileW 0x0 0x48f7a0 0xbad68 0xb9f68 0x35
FtpGetFileSize 0x0 0x48f7a4 0xbad6c 0xb9f6c 0x32
InternetOpenUrlW 0x0 0x48f7a8 0xbad70 0xb9f70 0x99
InternetReadFile 0x0 0x48f7ac 0xbad74 0xb9f74 0x9f
InternetConnectW 0x0 0x48f7b0 0xbad78 0xb9f78 0x72
PSAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetProcessMemoryInfo 0x0 0x48f484 0xbaa4c 0xb9c4c 0x15
IPHLPAPI.DLL (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IcmpCreateFile 0x0 0x48f154 0xba71c 0xb991c 0x85
IcmpCloseHandle 0x0 0x48f158 0xba720 0xb9920 0x84
IcmpSendEcho 0x0 0x48f15c 0xba724 0xb9924 0x87
USERENV.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DestroyEnvironmentBlock 0x0 0x48f750 0xbad18 0xb9f18 0x4
UnloadUserProfile 0x0 0x48f754 0xbad1c 0xb9f1c 0x2c
CreateEnvironmentBlock 0x0 0x48f758 0xbad20 0xb9f20 0x0
LoadUserProfileW 0x0 0x48f75c 0xbad24 0xb9f24 0x21
UxTheme.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IsThemeActive 0x0 0x48f764 0xbad2c 0xb9f2c 0x3f
KERNEL32.dll (164)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DuplicateHandle 0x0 0x48f164 0xba72c 0xb992c 0xe8
CreateThread 0x0 0x48f168 0xba730 0xb9930 0xb5
WaitForSingleObject 0x0 0x48f16c 0xba734 0xb9934 0x4f9
HeapAlloc 0x0 0x48f170 0xba738 0xb9938 0x2cb
GetProcessHeap 0x0 0x48f174 0xba73c 0xb993c 0x24a
HeapFree 0x0 0x48f178 0xba740 0xb9940 0x2cf
Sleep 0x0 0x48f17c 0xba744 0xb9944 0x4b2
GetCurrentThreadId 0x0 0x48f180 0xba748 0xb9948 0x1c5
MultiByteToWideChar 0x0 0x48f184 0xba74c 0xb994c 0x367
MulDiv 0x0 0x48f188 0xba750 0xb9950 0x366
GetVersionExW 0x0 0x48f18c 0xba754 0xb9954 0x2a4
IsWow64Process 0x0 0x48f190 0xba758 0xb9958 0x30e
GetSystemInfo 0x0 0x48f194 0xba75c 0xb995c 0x273
FreeLibrary 0x0 0x48f198 0xba760 0xb9960 0x162
LoadLibraryA 0x0 0x48f19c 0xba764 0xb9964 0x33c
GetProcAddress 0x0 0x48f1a0 0xba768 0xb9968 0x245
SetErrorMode 0x0 0x48f1a4 0xba76c 0xb996c 0x458
GetModuleFileNameW 0x0 0x48f1a8 0xba770 0xb9970 0x214
WideCharToMultiByte 0x0 0x48f1ac 0xba774 0xb9974 0x511
lstrcpyW 0x0 0x48f1b0 0xba778 0xb9978 0x548
lstrlenW 0x0 0x48f1b4 0xba77c 0xb997c 0x54e
GetModuleHandleW 0x0 0x48f1b8 0xba780 0xb9980 0x218
QueryPerformanceCounter 0x0 0x48f1bc 0xba784 0xb9984 0x3a7
VirtualFreeEx 0x0 0x48f1c0 0xba788 0xb9988 0x4ed
OpenProcess 0x0 0x48f1c4 0xba78c 0xb998c 0x380
VirtualAllocEx 0x0 0x48f1c8 0xba790 0xb9990 0x4ea
WriteProcessMemory 0x0 0x48f1cc 0xba794 0xb9994 0x52e
ReadProcessMemory 0x0 0x48f1d0 0xba798 0xb9998 0x3c3
CreateFileW 0x0 0x48f1d4 0xba79c 0xb999c 0x8f
SetFilePointerEx 0x0 0x48f1d8 0xba7a0 0xb99a0 0x467
SetEndOfFile 0x0 0x48f1dc 0xba7a4 0xb99a4 0x453
ReadFile 0x0 0x48f1e0 0xba7a8 0xb99a8 0x3c0
WriteFile 0x0 0x48f1e4 0xba7ac 0xb99ac 0x525
FlushFileBuffers 0x0 0x48f1e8 0xba7b0 0xb99b0 0x157
TerminateProcess 0x0 0x48f1ec 0xba7b4 0xb99b4 0x4c0
CreateToolhelp32Snapshot 0x0 0x48f1f0 0xba7b8 0xb99b8 0xbe
Process32FirstW 0x0 0x48f1f4 0xba7bc 0xb99bc 0x396
Process32NextW 0x0 0x48f1f8 0xba7c0 0xb99c0 0x398
SetFileTime 0x0 0x48f1fc 0xba7c4 0xb99c4 0x46a
GetFileAttributesW 0x0 0x48f200 0xba7c8 0xb99c8 0x1ea
FindFirstFileW 0x0 0x48f204 0xba7cc 0xb99cc 0x139
SetCurrentDirectoryW 0x0 0x48f208 0xba7d0 0xb99d0 0x44d
GetLongPathNameW 0x0 0x48f20c 0xba7d4 0xb99d4 0x20f
GetShortPathNameW 0x0 0x48f210 0xba7d8 0xb99d8 0x261
DeleteFileW 0x0 0x48f214 0xba7dc 0xb99dc 0xd6
FindNextFileW 0x0 0x48f218 0xba7e0 0xb99e0 0x145
CopyFileExW 0x0 0x48f21c 0xba7e4 0xb99e4 0x72
MoveFileW 0x0 0x48f220 0xba7e8 0xb99e8 0x363
CreateDirectoryW 0x0 0x48f224 0xba7ec 0xb99ec 0x81
RemoveDirectoryW 0x0 0x48f228 0xba7f0 0xb99f0 0x403
SetSystemPowerState 0x0 0x48f22c 0xba7f4 0xb99f4 0x48a
QueryPerformanceFrequency 0x0 0x48f230 0xba7f8 0xb99f8 0x3a8
FindResourceW 0x0 0x48f234 0xba7fc 0xb99fc 0x14e
LoadResource 0x0 0x48f238 0xba800 0xb9a00 0x341
LockResource 0x0 0x48f23c 0xba804 0xb9a04 0x354
SizeofResource 0x0 0x48f240 0xba808 0xb9a08 0x4b1
EnumResourceNamesW 0x0 0x48f244 0xba80c 0xb9a0c 0x102
OutputDebugStringW 0x0 0x48f248 0xba810 0xb9a10 0x38a
GetTempPathW 0x0 0x48f24c 0xba814 0xb9a14 0x285
GetTempFileNameW 0x0 0x48f250 0xba818 0xb9a18 0x283
DeviceIoControl 0x0 0x48f254 0xba81c 0xb9a1c 0xdd
GetLocalTime 0x0 0x48f258 0xba820 0xb9a20 0x203
CompareStringW 0x0 0x48f25c 0xba824 0xb9a24 0x64
GetCurrentProcess 0x0 0x48f260 0xba828 0xb9a28 0x1c0
EnterCriticalSection 0x0 0x48f264 0xba82c 0xb9a2c 0xee
LeaveCriticalSection 0x0 0x48f268 0xba830 0xb9a30 0x339
GetStdHandle 0x0 0x48f26c 0xba834 0xb9a34 0x264
CreatePipe 0x0 0x48f270 0xba838 0xb9a38 0xa1
InterlockedExchange 0x0 0x48f274 0xba83c 0xb9a3c 0x2ec
TerminateThread 0x0 0x48f278 0xba840 0xb9a40 0x4c1
LoadLibraryExW 0x0 0x48f27c 0xba844 0xb9a44 0x33e
FindResourceExW 0x0 0x48f280 0xba848 0xb9a48 0x14d
CopyFileW 0x0 0x48f284 0xba84c 0xb9a4c 0x75
VirtualFree 0x0 0x48f288 0xba850 0xb9a50 0x4ec
FormatMessageW 0x0 0x48f28c 0xba854 0xb9a54 0x15e
GetExitCodeProcess 0x0 0x48f290 0xba858 0xb9a58 0x1df
GetPrivateProfileStringW 0x0 0x48f294 0xba85c 0xb9a5c 0x242
WritePrivateProfileStringW 0x0 0x48f298 0xba860 0xb9a60 0x52b
GetPrivateProfileSectionW 0x0 0x48f29c 0xba864 0xb9a64 0x240
WritePrivateProfileSectionW 0x0 0x48f2a0 0xba868 0xb9a68 0x529
GetPrivateProfileSectionNamesW 0x0 0x48f2a4 0xba86c 0xb9a6c 0x23f
FileTimeToLocalFileTime 0x0 0x48f2a8 0xba870 0xb9a70 0x124
FileTimeToSystemTime 0x0 0x48f2ac 0xba874 0xb9a74 0x125
SystemTimeToFileTime 0x0 0x48f2b0 0xba878 0xb9a78 0x4bd
LocalFileTimeToFileTime 0x0 0x48f2b4 0xba87c 0xb9a7c 0x346
GetDriveTypeW 0x0 0x48f2b8 0xba880 0xb9a80 0x1d3
GetDiskFreeSpaceExW 0x0 0x48f2bc 0xba884 0xb9a84 0x1ce
GetDiskFreeSpaceW 0x0 0x48f2c0 0xba888 0xb9a88 0x1cf
GetVolumeInformationW 0x0 0x48f2c4 0xba88c 0xb9a8c 0x2a7
SetVolumeLabelW 0x0 0x48f2c8 0xba890 0xb9a90 0x4a9
CreateHardLinkW 0x0 0x48f2cc 0xba894 0xb9a94 0x93
SetFileAttributesW 0x0 0x48f2d0 0xba898 0xb9a98 0x461
CreateEventW 0x0 0x48f2d4 0xba89c 0xb9a9c 0x85
SetEvent 0x0 0x48f2d8 0xba8a0 0xb9aa0 0x459
GetEnvironmentVariableW 0x0 0x48f2dc 0xba8a4 0xb9aa4 0x1dc
SetEnvironmentVariableW 0x0 0x48f2e0 0xba8a8 0xb9aa8 0x457
GlobalLock 0x0 0x48f2e4 0xba8ac 0xb9aac 0x2be
GlobalUnlock 0x0 0x48f2e8 0xba8b0 0xb9ab0 0x2c5
GlobalAlloc 0x0 0x48f2ec 0xba8b4 0xb9ab4 0x2b3
GetFileSize 0x0 0x48f2f0 0xba8b8 0xb9ab8 0x1f0
GlobalFree 0x0 0x48f2f4 0xba8bc 0xb9abc 0x2ba
GlobalMemoryStatusEx 0x0 0x48f2f8 0xba8c0 0xb9ac0 0x2c0
Beep 0x0 0x48f2fc 0xba8c4 0xb9ac4 0x36
GetSystemDirectoryW 0x0 0x48f300 0xba8c8 0xb9ac8 0x270
HeapReAlloc 0x0 0x48f304 0xba8cc 0xb9acc 0x2d2
HeapSize 0x0 0x48f308 0xba8d0 0xb9ad0 0x2d4
GetComputerNameW 0x0 0x48f30c 0xba8d4 0xb9ad4 0x18f
GetWindowsDirectoryW 0x0 0x48f310 0xba8d8 0xb9ad8 0x2af
GetCurrentProcessId 0x0 0x48f314 0xba8dc 0xb9adc 0x1c1
GetProcessIoCounters 0x0 0x48f318 0xba8e0 0xb9ae0 0x24e
CreateProcessW 0x0 0x48f31c 0xba8e4 0xb9ae4 0xa8
GetProcessId 0x0 0x48f320 0xba8e8 0xb9ae8 0x24c
SetPriorityClass 0x0 0x48f324 0xba8ec 0xb9aec 0x47d
LoadLibraryW 0x0 0x48f328 0xba8f0 0xb9af0 0x33f
VirtualAlloc 0x0 0x48f32c 0xba8f4 0xb9af4 0x4e9
IsDebuggerPresent 0x0 0x48f330 0xba8f8 0xb9af8 0x300
GetCurrentDirectoryW 0x0 0x48f334 0xba8fc 0xb9afc 0x1bf
lstrcmpiW 0x0 0x48f338 0xba900 0xb9b00 0x545
DecodePointer 0x0 0x48f33c 0xba904 0xb9b04 0xca
GetLastError 0x0 0x48f340 0xba908 0xb9b08 0x202
RaiseException 0x0 0x48f344 0xba90c 0xb9b0c 0x3b1
InitializeCriticalSectionAndSpinCount 0x0 0x48f348 0xba910 0xb9b10 0x2e3
DeleteCriticalSection 0x0 0x48f34c 0xba914 0xb9b14 0xd1
InterlockedDecrement 0x0 0x48f350 0xba918 0xb9b18 0x2eb
InterlockedIncrement 0x0 0x48f354 0xba91c 0xb9b1c 0x2ef
GetCurrentThread 0x0 0x48f358 0xba920 0xb9b20 0x1c4
CloseHandle 0x0 0x48f35c 0xba924 0xb9b24 0x52
GetFullPathNameW 0x0 0x48f360 0xba928 0xb9b28 0x1fb
EncodePointer 0x0 0x48f364 0xba92c 0xb9b2c 0xea
ExitProcess 0x0 0x48f368 0xba930 0xb9b30 0x119
GetModuleHandleExW 0x0 0x48f36c 0xba934 0xb9b34 0x217
ExitThread 0x0 0x48f370 0xba938 0xb9b38 0x11a
GetSystemTimeAsFileTime 0x0 0x48f374 0xba93c 0xb9b3c 0x279
ResumeThread 0x0 0x48f378 0xba940 0xb9b40 0x413
GetCommandLineW 0x0 0x48f37c 0xba944 0xb9b44 0x187
IsProcessorFeaturePresent 0x0 0x48f380 0xba948 0xb9b48 0x304
IsValidCodePage 0x0 0x48f384 0xba94c 0xb9b4c 0x30a
GetACP 0x0 0x48f388 0xba950 0xb9b50 0x168
GetOEMCP 0x0 0x48f38c 0xba954 0xb9b54 0x237
GetCPInfo 0x0 0x48f390 0xba958 0xb9b58 0x172
SetLastError 0x0 0x48f394 0xba95c 0xb9b5c 0x473
UnhandledExceptionFilter 0x0 0x48f398 0xba960 0xb9b60 0x4d3
SetUnhandledExceptionFilter 0x0 0x48f39c 0xba964 0xb9b64 0x4a5
TlsAlloc 0x0 0x48f3a0 0xba968 0xb9b68 0x4c5
TlsGetValue 0x0 0x48f3a4 0xba96c 0xb9b6c 0x4c7
TlsSetValue 0x0 0x48f3a8 0xba970 0xb9b70 0x4c8
TlsFree 0x0 0x48f3ac 0xba974 0xb9b74 0x4c6
GetStartupInfoW 0x0 0x48f3b0 0xba978 0xb9b78 0x263
GetStringTypeW 0x0 0x48f3b4 0xba97c 0xb9b7c 0x269
SetStdHandle 0x0 0x48f3b8 0xba980 0xb9b80 0x487
GetFileType 0x0 0x48f3bc 0xba984 0xb9b84 0x1f3
GetConsoleCP 0x0 0x48f3c0 0xba988 0xb9b88 0x19a
GetConsoleMode 0x0 0x48f3c4 0xba98c 0xb9b8c 0x1ac
RtlUnwind 0x0 0x48f3c8 0xba990 0xb9b90 0x418
ReadConsoleW 0x0 0x48f3cc 0xba994 0xb9b94 0x3be
GetTimeZoneInformation 0x0 0x48f3d0 0xba998 0xb9b98 0x298
GetDateFormatW 0x0 0x48f3d4 0xba99c 0xb9b9c 0x1c8
GetTimeFormatW 0x0 0x48f3d8 0xba9a0 0xb9ba0 0x297
LCMapStringW 0x0 0x48f3dc 0xba9a4 0xb9ba4 0x32d
GetEnvironmentStringsW 0x0 0x48f3e0 0xba9a8 0xb9ba8 0x1da
FreeEnvironmentStringsW 0x0 0x48f3e4 0xba9ac 0xb9bac 0x161
WriteConsoleW 0x0 0x48f3e8 0xba9b0 0xb9bb0 0x524
FindClose 0x0 0x48f3ec 0xba9b4 0xb9bb4 0x12e
SetEnvironmentVariableA 0x0 0x48f3f0 0xba9b8 0xb9bb8 0x456
USER32.dll (160)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AdjustWindowRectEx 0x0 0x48f4cc 0xbaa94 0xb9c94 0x3
CopyImage 0x0 0x48f4d0 0xbaa98 0xb9c98 0x54
SetWindowPos 0x0 0x48f4d4 0xbaa9c 0xb9c9c 0x2c6
GetCursorInfo 0x0 0x48f4d8 0xbaaa0 0xb9ca0 0x11f
RegisterHotKey 0x0 0x48f4dc 0xbaaa4 0xb9ca4 0x256
ClientToScreen 0x0 0x48f4e0 0xbaaa8 0xb9ca8 0x47
GetKeyboardLayoutNameW 0x0 0x48f4e4 0xbaaac 0xb9cac 0x141
IsCharAlphaW 0x0 0x48f4e8 0xbaab0 0xb9cb0 0x1c4
IsCharAlphaNumericW 0x0 0x48f4ec 0xbaab4 0xb9cb4 0x1c3
IsCharLowerW 0x0 0x48f4f0 0xbaab8 0xb9cb8 0x1c6
IsCharUpperW 0x0 0x48f4f4 0xbaabc 0xb9cbc 0x1c8
GetMenuStringW 0x0 0x48f4f8 0xbaac0 0xb9cc0 0x158
GetSubMenu 0x0 0x48f4fc 0xbaac4 0xb9cc4 0x17a
GetCaretPos 0x0 0x48f500 0xbaac8 0xb9cc8 0x10a
IsZoomed 0x0 0x48f504 0xbaacc 0xb9ccc 0x1e2
MonitorFromPoint 0x0 0x48f508 0xbaad0 0xb9cd0 0x218
GetMonitorInfoW 0x0 0x48f50c 0xbaad4 0xb9cd4 0x15f
SetWindowLongW 0x0 0x48f510 0xbaad8 0xb9cd8 0x2c4
SetLayeredWindowAttributes 0x0 0x48f514 0xbaadc 0xb9cdc 0x298
FlashWindow 0x0 0x48f518 0xbaae0 0xb9ce0 0xfb
GetClassLongW 0x0 0x48f51c 0xbaae4 0xb9ce4 0x110
TranslateAcceleratorW 0x0 0x48f520 0xbaae8 0xb9ce8 0x2fa
IsDialogMessageW 0x0 0x48f524 0xbaaec 0xb9cec 0x1cd
GetSysColor 0x0 0x48f528 0xbaaf0 0xb9cf0 0x17b
InflateRect 0x0 0x48f52c 0xbaaf4 0xb9cf4 0x1b5
DrawFocusRect 0x0 0x48f530 0xbaaf8 0xb9cf8 0xc4
DrawTextW 0x0 0x48f534 0xbaafc 0xb9cfc 0xd0
FrameRect 0x0 0x48f538 0xbab00 0xb9d00 0xfd
DrawFrameControl 0x0 0x48f53c 0xbab04 0xb9d04 0xc6
FillRect 0x0 0x48f540 0xbab08 0xb9d08 0xf6
PtInRect 0x0 0x48f544 0xbab0c 0xb9d0c 0x240
DestroyAcceleratorTable 0x0 0x48f548 0xbab10 0xb9d10 0xa0
CreateAcceleratorTableW 0x0 0x48f54c 0xbab14 0xb9d14 0x58
SetCursor 0x0 0x48f550 0xbab18 0xb9d18 0x288
GetWindowDC 0x0 0x48f554 0xbab1c 0xb9d1c 0x192
GetSystemMetrics 0x0 0x48f558 0xbab20 0xb9d20 0x17e
GetActiveWindow 0x0 0x48f55c 0xbab24 0xb9d24 0x100
CharNextW 0x0 0x48f560 0xbab28 0xb9d28 0x31
wsprintfW 0x0 0x48f564 0xbab2c 0xb9d2c 0x333
RedrawWindow 0x0 0x48f568 0xbab30 0xb9d30 0x24a
DrawMenuBar 0x0 0x48f56c 0xbab34 0xb9d34 0xc9
DestroyMenu 0x0 0x48f570 0xbab38 0xb9d38 0xa4
SetMenu 0x0 0x48f574 0xbab3c 0xb9d3c 0x29c
GetWindowTextLengthW 0x0 0x48f578 0xbab40 0xb9d40 0x1a2
CreateMenu 0x0 0x48f57c 0xbab44 0xb9d44 0x6a
IsDlgButtonChecked 0x0 0x48f580 0xbab48 0xb9d48 0x1ce
DefDlgProcW 0x0 0x48f584 0xbab4c 0xb9d4c 0x95
CallWindowProcW 0x0 0x48f588 0xbab50 0xb9d50 0x1e
ReleaseCapture 0x0 0x48f58c 0xbab54 0xb9d54 0x264
SetCapture 0x0 0x48f590 0xbab58 0xb9d58 0x280
CreateIconFromResourceEx 0x0 0x48f594 0xbab5c 0xb9d5c 0x66
mouse_event 0x0 0x48f598 0xbab60 0xb9d60 0x331
ExitWindowsEx 0x0 0x48f59c 0xbab64 0xb9d64 0xf5
SetActiveWindow 0x0 0x48f5a0 0xbab68 0xb9d68 0x27f
FindWindowExW 0x0 0x48f5a4 0xbab6c 0xb9d6c 0xf9
EnumThreadWindows 0x0 0x48f5a8 0xbab70 0xb9d70 0xef
SetMenuDefaultItem 0x0 0x48f5ac 0xbab74 0xb9d74 0x29e
InsertMenuItemW 0x0 0x48f5b0 0xbab78 0xb9d78 0x1b9
IsMenu 0x0 0x48f5b4 0xbab7c 0xb9d7c 0x1d2
TrackPopupMenuEx 0x0 0x48f5b8 0xbab80 0xb9d80 0x2f7
GetCursorPos 0x0 0x48f5bc 0xbab84 0xb9d84 0x120
DeleteMenu 0x0 0x48f5c0 0xbab88 0xb9d88 0x9e
SetRect 0x0 0x48f5c4 0xbab8c 0xb9d8c 0x2ae
GetMenuItemID 0x0 0x48f5c8 0xbab90 0xb9d90 0x152
GetMenuItemCount 0x0 0x48f5cc 0xbab94 0xb9d94 0x151
SetMenuItemInfoW 0x0 0x48f5d0 0xbab98 0xb9d98 0x2a2
GetMenuItemInfoW 0x0 0x48f5d4 0xbab9c 0xb9d9c 0x154
SetForegroundWindow 0x0 0x48f5d8 0xbaba0 0xb9da0 0x293
IsIconic 0x0 0x48f5dc 0xbaba4 0xb9da4 0x1d1
FindWindowW 0x0 0x48f5e0 0xbaba8 0xb9da8 0xfa
MonitorFromRect 0x0 0x48f5e4 0xbabac 0xb9dac 0x219
keybd_event 0x0 0x48f5e8 0xbabb0 0xb9db0 0x330
SendInput 0x0 0x48f5ec 0xbabb4 0xb9db4 0x276
GetAsyncKeyState 0x0 0x48f5f0 0xbabb8 0xb9db8 0x107
SetKeyboardState 0x0 0x48f5f4 0xbabbc 0xb9dbc 0x296
GetKeyboardState 0x0 0x48f5f8 0xbabc0 0xb9dc0 0x142
GetKeyState 0x0 0x48f5fc 0xbabc4 0xb9dc4 0x13d
VkKeyScanW 0x0 0x48f600 0xbabc8 0xb9dc8 0x321
LoadStringW 0x0 0x48f604 0xbabcc 0xb9dcc 0x1fa
DialogBoxParamW 0x0 0x48f608 0xbabd0 0xb9dd0 0xac
MessageBeep 0x0 0x48f60c 0xbabd4 0xb9dd4 0x20d
EndDialog 0x0 0x48f610 0xbabd8 0xb9dd8 0xda
SendDlgItemMessageW 0x0 0x48f614 0xbabdc 0xb9ddc 0x273
GetDlgItem 0x0 0x48f618 0xbabe0 0xb9de0 0x127
SetWindowTextW 0x0 0x48f61c 0xbabe4 0xb9de4 0x2cb
CopyRect 0x0 0x48f620 0xbabe8 0xb9de8 0x55
ReleaseDC 0x0 0x48f624 0xbabec 0xb9dec 0x265
GetDC 0x0 0x48f628 0xbabf0 0xb9df0 0x121
EndPaint 0x0 0x48f62c 0xbabf4 0xb9df4 0xdc
BeginPaint 0x0 0x48f630 0xbabf8 0xb9df8 0xe
GetClientRect 0x0 0x48f634 0xbabfc 0xb9dfc 0x114
GetMenu 0x0 0x48f638 0xbac00 0xb9e00 0x14b
DestroyWindow 0x0 0x48f63c 0xbac04 0xb9e04 0xa6
EnumWindows 0x0 0x48f640 0xbac08 0xb9e08 0xf2
GetDesktopWindow 0x0 0x48f644 0xbac0c 0xb9e0c 0x123
IsWindow 0x0 0x48f648 0xbac10 0xb9e10 0x1db
IsWindowEnabled 0x0 0x48f64c 0xbac14 0xb9e14 0x1dc
IsWindowVisible 0x0 0x48f650 0xbac18 0xb9e18 0x1e0
EnableWindow 0x0 0x48f654 0xbac1c 0xb9e1c 0xd8
InvalidateRect 0x0 0x48f658 0xbac20 0xb9e20 0x1be
GetWindowLongW 0x0 0x48f65c 0xbac24 0xb9e24 0x196
GetWindowThreadProcessId 0x0 0x48f660 0xbac28 0xb9e28 0x1a4
AttachThreadInput 0x0 0x48f664 0xbac2c 0xb9e2c 0xc
GetFocus 0x0 0x48f668 0xbac30 0xb9e30 0x12c
GetWindowTextW 0x0 0x48f66c 0xbac34 0xb9e34 0x1a3
ScreenToClient 0x0 0x48f670 0xbac38 0xb9e38 0x26d
SendMessageTimeoutW 0x0 0x48f674 0xbac3c 0xb9e3c 0x27b
EnumChildWindows 0x0 0x48f678 0xbac40 0xb9e40 0xdf
CharUpperBuffW 0x0 0x48f67c 0xbac44 0xb9e44 0x3b
GetParent 0x0 0x48f680 0xbac48 0xb9e48 0x164
GetDlgCtrlID 0x0 0x48f684 0xbac4c 0xb9e4c 0x126
SendMessageW 0x0 0x48f688 0xbac50 0xb9e50 0x27c
MapVirtualKeyW 0x0 0x48f68c 0xbac54 0xb9e54 0x208
PostMessageW 0x0 0x48f690 0xbac58 0xb9e58 0x236
GetWindowRect 0x0 0x48f694 0xbac5c 0xb9e5c 0x19c
SetUserObjectSecurity 0x0 0x48f698 0xbac60 0xb9e60 0x2be
CloseDesktop 0x0 0x48f69c 0xbac64 0xb9e64 0x4a
CloseWindowStation 0x0 0x48f6a0 0xbac68 0xb9e68 0x4e
OpenDesktopW 0x0 0x48f6a4 0xbac6c 0xb9e6c 0x228
SetProcessWindowStation 0x0 0x48f6a8 0xbac70 0xb9e70 0x2aa
GetProcessWindowStation 0x0 0x48f6ac 0xbac74 0xb9e74 0x168
OpenWindowStationW 0x0 0x48f6b0 0xbac78 0xb9e78 0x22d
GetUserObjectSecurity 0x0 0x48f6b4 0xbac7c 0xb9e7c 0x18c
MessageBoxW 0x0 0x48f6b8 0xbac80 0xb9e80 0x215
DefWindowProcW 0x0 0x48f6bc 0xbac84 0xb9e84 0x9c
SetClipboardData 0x0 0x48f6c0 0xbac88 0xb9e88 0x286
EmptyClipboard 0x0 0x48f6c4 0xbac8c 0xb9e8c 0xd5
CountClipboardFormats 0x0 0x48f6c8 0xbac90 0xb9e90 0x56
CloseClipboard 0x0 0x48f6cc 0xbac94 0xb9e94 0x49
GetClipboardData 0x0 0x48f6d0 0xbac98 0xb9e98 0x116
IsClipboardFormatAvailable 0x0 0x48f6d4 0xbac9c 0xb9e9c 0x1ca
OpenClipboard 0x0 0x48f6d8 0xbaca0 0xb9ea0 0x226
BlockInput 0x0 0x48f6dc 0xbaca4 0xb9ea4 0xf
GetMessageW 0x0 0x48f6e0 0xbaca8 0xb9ea8 0x15d
LockWindowUpdate 0x0 0x48f6e4 0xbacac 0xb9eac 0x1fd
DispatchMessageW 0x0 0x48f6e8 0xbacb0 0xb9eb0 0xaf
TranslateMessage 0x0 0x48f6ec 0xbacb4 0xb9eb4 0x2fc
PeekMessageW 0x0 0x48f6f0 0xbacb8 0xb9eb8 0x233
UnregisterHotKey 0x0 0x48f6f4 0xbacbc 0xb9ebc 0x308
CheckMenuRadioItem 0x0 0x48f6f8 0xbacc0 0xb9ec0 0x40
CharLowerBuffW 0x0 0x48f6fc 0xbacc4 0xb9ec4 0x2d
MoveWindow 0x0 0x48f700 0xbacc8 0xb9ec8 0x21b
SetFocus 0x0 0x48f704 0xbaccc 0xb9ecc 0x292
PostQuitMessage 0x0 0x48f708 0xbacd0 0xb9ed0 0x237
KillTimer 0x0 0x48f70c 0xbacd4 0xb9ed4 0x1e3
CreatePopupMenu 0x0 0x48f710 0xbacd8 0xb9ed8 0x6b
RegisterWindowMessageW 0x0 0x48f714 0xbacdc 0xb9edc 0x263
SetTimer 0x0 0x48f718 0xbace0 0xb9ee0 0x2bb
ShowWindow 0x0 0x48f71c 0xbace4 0xb9ee4 0x2df
CreateWindowExW 0x0 0x48f720 0xbace8 0xb9ee8 0x6e
RegisterClassExW 0x0 0x48f724 0xbacec 0xb9eec 0x24d
LoadIconW 0x0 0x48f728 0xbacf0 0xb9ef0 0x1ed
LoadCursorW 0x0 0x48f72c 0xbacf4 0xb9ef4 0x1eb
GetSysColorBrush 0x0 0x48f730 0xbacf8 0xb9ef8 0x17c
GetForegroundWindow 0x0 0x48f734 0xbacfc 0xb9efc 0x12d
MessageBoxA 0x0 0x48f738 0xbad00 0xb9f00 0x20e
DestroyIcon 0x0 0x48f73c 0xbad04 0xb9f04 0xa3
SystemParametersInfoW 0x0 0x48f740 0xbad08 0xb9f08 0x2ec
LoadImageW 0x0 0x48f744 0xbad0c 0xb9f0c 0x1ef
GetClassNameW 0x0 0x48f748 0xbad10 0xb9f10 0x112
GDI32.dll (35)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StrokePath 0x0 0x48f0c4 0xba68c 0xb988c 0x2b6
DeleteObject 0x0 0x48f0c8 0xba690 0xb9890 0xe6
GetTextExtentPoint32W 0x0 0x48f0cc 0xba694 0xb9894 0x21e
ExtCreatePen 0x0 0x48f0d0 0xba698 0xb9898 0x132
GetDeviceCaps 0x0 0x48f0d4 0xba69c 0xb989c 0x1cb
EndPath 0x0 0x48f0d8 0xba6a0 0xb98a0 0xf3
SetPixel 0x0 0x48f0dc 0xba6a4 0xb98a4 0x29b
CloseFigure 0x0 0x48f0e0 0xba6a8 0xb98a8 0x1e
CreateCompatibleBitmap 0x0 0x48f0e4 0xba6ac 0xb98ac 0x2f
CreateCompatibleDC 0x0 0x48f0e8 0xba6b0 0xb98b0 0x30
SelectObject 0x0 0x48f0ec 0xba6b4 0xb98b4 0x277
StretchBlt 0x0 0x48f0f0 0xba6b8 0xb98b8 0x2b3
GetDIBits 0x0 0x48f0f4 0xba6bc 0xb98bc 0x1ca
LineTo 0x0 0x48f0f8 0xba6c0 0xb98c0 0x236
AngleArc 0x0 0x48f0fc 0xba6c4 0xb98c4 0x8
MoveToEx 0x0 0x48f100 0xba6c8 0xb98c8 0x23a
Ellipse 0x0 0x48f104 0xba6cc 0xb98cc 0xed
DeleteDC 0x0 0x48f108 0xba6d0 0xb98d0 0xe3
GetPixel 0x0 0x48f10c 0xba6d4 0xb98d4 0x204
CreateDCW 0x0 0x48f110 0xba6d8 0xb98d8 0x32
GetStockObject 0x0 0x48f114 0xba6dc 0xb98dc 0x20d
GetTextFaceW 0x0 0x48f118 0xba6e0 0xb98e0 0x224
CreateFontW 0x0 0x48f11c 0xba6e4 0xb98e4 0x41
SetTextColor 0x0 0x48f120 0xba6e8 0xb98e8 0x2a6
PolyDraw 0x0 0x48f124 0xba6ec 0xb98ec 0x250
BeginPath 0x0 0x48f128 0xba6f0 0xb98f0 0x12
Rectangle 0x0 0x48f12c 0xba6f4 0xb98f4 0x25f
SetViewportOrgEx 0x0 0x48f130 0xba6f8 0xb98f8 0x2a9
GetObjectW 0x0 0x48f134 0xba6fc 0xb98fc 0x1fd
SetBkMode 0x0 0x48f138 0xba700 0xb9900 0x27f
RoundRect 0x0 0x48f13c 0xba704 0xb9904 0x26a
SetBkColor 0x0 0x48f140 0xba708 0xb9908 0x27e
CreatePen 0x0 0x48f144 0xba70c 0xb990c 0x4b
CreateSolidBrush 0x0 0x48f148 0xba710 0xb9910 0x54
StrokeAndFillPath 0x0 0x48f14c 0xba714 0xb9914 0x2b5
COMDLG32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetOpenFileNameW 0x0 0x48f0b8 0xba680 0xb9880 0xc
GetSaveFileNameW 0x0 0x48f0bc 0xba684 0xb9884 0xe
ADVAPI32.dll (33)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetAce 0x0 0x48f000 0xba5c8 0xb97c8 0x123
RegEnumValueW 0x0 0x48f004 0xba5cc 0xb97cc 0x252
RegDeleteValueW 0x0 0x48f008 0xba5d0 0xb97d0 0x248
RegDeleteKeyW 0x0 0x48f00c 0xba5d4 0xb97d4 0x244
RegEnumKeyExW 0x0 0x48f010 0xba5d8 0xb97d8 0x24f
RegSetValueExW 0x0 0x48f014 0xba5dc 0xb97dc 0x27e
RegOpenKeyExW 0x0 0x48f018 0xba5e0 0xb97e0 0x261
RegCloseKey 0x0 0x48f01c 0xba5e4 0xb97e4 0x230
RegQueryValueExW 0x0 0x48f020 0xba5e8 0xb97e8 0x26e
RegConnectRegistryW 0x0 0x48f024 0xba5ec 0xb97ec 0x234
InitializeSecurityDescriptor 0x0 0x48f028 0xba5f0 0xb97f0 0x177
InitializeAcl 0x0 0x48f02c 0xba5f4 0xb97f4 0x176
AdjustTokenPrivileges 0x0 0x48f030 0xba5f8 0xb97f8 0x1f
OpenThreadToken 0x0 0x48f034 0xba5fc 0xb97fc 0x1fc
OpenProcessToken 0x0 0x48f038 0xba600 0xb9800 0x1f7
LookupPrivilegeValueW 0x0 0x48f03c 0xba604 0xb9804 0x197
DuplicateTokenEx 0x0 0x48f040 0xba608 0xb9808 0xdf
CreateProcessAsUserW 0x0 0x48f044 0xba60c 0xb980c 0x7c
CreateProcessWithLogonW 0x0 0x48f048 0xba610 0xb9810 0x7d
GetLengthSid 0x0 0x48f04c 0xba614 0xb9814 0x136
CopySid 0x0 0x48f050 0xba618 0xb9818 0x76
LogonUserW 0x0 0x48f054 0xba61c 0xb981c 0x18d
AllocateAndInitializeSid 0x0 0x48f058 0xba620 0xb9820 0x20
CheckTokenMembership 0x0 0x48f05c 0xba624 0xb9824 0x51
RegCreateKeyExW 0x0 0x48f060 0xba628 0xb9828 0x239
FreeSid 0x0 0x48f064 0xba62c 0xb982c 0x120
GetTokenInformation 0x0 0x48f068 0xba630 0xb9830 0x15a
GetSecurityDescriptorDacl 0x0 0x48f06c 0xba634 0xb9834 0x148
GetAclInformation 0x0 0x48f070 0xba638 0xb9838 0x124
AddAce 0x0 0x48f074 0xba63c 0xb983c 0x16
SetSecurityDescriptorDacl 0x0 0x48f078 0xba640 0xb9840 0x2b6
GetUserNameW 0x0 0x48f07c 0xba644 0xb9844 0x165
InitiateSystemShutdownExW 0x0 0x48f080 0xba648 0xb9848 0x17d
SHELL32.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DragQueryPoint 0x0 0x48f48c 0xbaa54 0xb9c54 0x20
ShellExecuteExW 0x0 0x48f490 0xbaa58 0xb9c58 0x121
DragQueryFileW 0x0 0x48f494 0xbaa5c 0xb9c5c 0x1f
SHEmptyRecycleBinW 0x0 0x48f498 0xbaa60 0xb9c60 0xa5
SHGetPathFromIDListW 0x0 0x48f49c 0xbaa64 0xb9c64 0xd7
SHBrowseForFolderW 0x0 0x48f4a0 0xbaa68 0xb9c68 0x7b
SHCreateShellItem 0x0 0x48f4a4 0xbaa6c 0xb9c6c 0x9a
SHGetDesktopFolder 0x0 0x48f4a8 0xbaa70 0xb9c70 0xb6
SHGetSpecialFolderLocation 0x0 0x48f4ac 0xbaa74 0xb9c74 0xdf
SHGetFolderPathW 0x0 0x48f4b0 0xbaa78 0xb9c78 0xc3
SHFileOperationW 0x0 0x48f4b4 0xbaa7c 0xb9c7c 0xac
ExtractIconExW 0x0 0x48f4b8 0xbaa80 0xb9c80 0x2a
Shell_NotifyIconW 0x0 0x48f4bc 0xbaa84 0xb9c84 0x12e
ShellExecuteW 0x0 0x48f4c0 0xbaa88 0xb9c88 0x122
DragFinish 0x0 0x48f4c4 0xbaa8c 0xb9c8c 0x1b
ole32.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoTaskMemAlloc 0x0 0x48f828 0xbadf0 0xb9ff0 0x67
CoTaskMemFree 0x0 0x48f82c 0xbadf4 0xb9ff4 0x68
CLSIDFromString 0x0 0x48f830 0xbadf8 0xb9ff8 0x8
ProgIDFromCLSID 0x0 0x48f834 0xbadfc 0xb9ffc 0x14b
CLSIDFromProgID 0x0 0x48f838 0xbae00 0xba000 0x6
OleSetMenuDescriptor 0x0 0x48f83c 0xbae04 0xba004 0x147
MkParseDisplayName 0x0 0x48f840 0xbae08 0xba008 0xd4
OleSetContainedObject 0x0 0x48f844 0xbae0c 0xba00c 0x146
CoCreateInstance 0x0 0x48f848 0xbae10 0xba010 0x10
IIDFromString 0x0 0x48f84c 0xbae14 0xba014 0xcd
StringFromGUID2 0x0 0x48f850 0xbae18 0xba018 0x179
CreateStreamOnHGlobal 0x0 0x48f854 0xbae1c 0xba01c 0x86
OleInitialize 0x0 0x48f858 0xbae20 0xba020 0x132
OleUninitialize 0x0 0x48f85c 0xbae24 0xba024 0x149
CoInitialize 0x0 0x48f860 0xbae28 0xba028 0x3e
CoUninitialize 0x0 0x48f864 0xbae2c 0xba02c 0x6c
GetRunningObjectTable 0x0 0x48f868 0xbae30 0xba030 0x97
CoGetInstanceFromFile 0x0 0x48f86c 0xbae34 0xba034 0x2d
CoGetObject 0x0 0x48f870 0xbae38 0xba038 0x35
CoSetProxyBlanket 0x0 0x48f874 0xbae3c 0xba03c 0x63
CoCreateInstanceEx 0x0 0x48f878 0xbae40 0xba040 0x11
CoInitializeSecurity 0x0 0x48f87c 0xbae44 0xba044 0x40
OLEAUT32.dll (29)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadTypeLibEx 0xb7 0x48f40c 0xba9d4 0xb9bd4 -
VariantCopyInd 0xb 0x48f410 0xba9d8 0xb9bd8 -
SysReAllocString 0x3 0x48f414 0xba9dc 0xb9bdc -
SysFreeString 0x6 0x48f418 0xba9e0 0xb9be0 -
SafeArrayDestroyDescriptor 0x26 0x48f41c 0xba9e4 0xb9be4 -
SafeArrayDestroyData 0x27 0x48f420 0xba9e8 0xb9be8 -
SafeArrayUnaccessData 0x18 0x48f424 0xba9ec 0xb9bec -
SafeArrayAccessData 0x17 0x48f428 0xba9f0 0xb9bf0 -
SafeArrayAllocData 0x25 0x48f42c 0xba9f4 0xb9bf4 -
SafeArrayAllocDescriptorEx 0x29 0x48f430 0xba9f8 0xb9bf8 -
SafeArrayCreateVector 0x19b 0x48f434 0xba9fc 0xb9bfc -
RegisterTypeLib 0xa3 0x48f438 0xbaa00 0xb9c00 -
CreateStdDispatch 0x20 0x48f43c 0xbaa04 0xb9c04 -
DispCallFunc 0x92 0x48f440 0xbaa08 0xb9c08 -
VariantChangeType 0xc 0x48f444 0xbaa0c 0xb9c0c -
SysStringLen 0x7 0x48f448 0xbaa10 0xb9c10 -
VariantTimeToSystemTime 0xb9 0x48f44c 0xbaa14 0xb9c14 -
VarR8FromDec 0xdc 0x48f450 0xbaa18 0xb9c18 -
SafeArrayGetVartype 0x4d 0x48f454 0xbaa1c 0xb9c1c -
VariantCopy 0xa 0x48f458 0xbaa20 0xb9c20 -
VariantClear 0x9 0x48f45c 0xbaa24 0xb9c24 -
OleLoadPicture 0x1a2 0x48f460 0xbaa28 0xb9c28 -
QueryPathOfRegTypeLib 0xa4 0x48f464 0xbaa2c 0xb9c2c -
RegisterTypeLibForUser 0x1ba 0x48f468 0xbaa30 0xb9c30 -
UnRegisterTypeLibForUser 0x1bb 0x48f46c 0xbaa34 0xb9c34 -
UnRegisterTypeLib 0xba 0x48f470 0xbaa38 0xb9c38 -
CreateDispTypeInfo 0x1f 0x48f474 0xbaa3c 0xb9c3c -
SysAllocString 0x2 0x48f478 0xbaa40 0xb9c40 -
VariantInit 0x8 0x48f47c 0xbaa44 0xb9c44 -
Icons (4)
»
Digital Signatures (2)
»
Certificate: Microsoft Windows
»
Issued by Microsoft Windows
Parent Certificate Microsoft Windows Production PCA 2011
Country Name US
Valid From 2016-10-11 20:39:31+00:00
Valid Until 2018-01-11 20:39:31+00:00
Algorithm sha256_rsa
Serial Number 33 00 00 01 06 6E C3 25 C4 31 C9 18 0E 00 00 00 00 01 06
Thumbprint AF DD 80 C4 EB F2 F6 1D 39 43 F1 8B B5 66 D6 AA 6F 6E 50 33
Certificate: Microsoft Windows Production PCA 2011
»
Issued by Microsoft Windows Production PCA 2011
Country Name US
Valid From 2011-10-19 18:41:42+00:00
Valid Until 2026-10-19 18:51:42+00:00
Algorithm sha256_rsa
Serial Number 61 07 76 56 00 00 00 00 00 08
Thumbprint 58 0A 6F 4C C4 E4 B6 69 B9 EB DC 1B 2B 3E 08 7B 80 D0 67 8D
Memory Dumps (22)
»
Name Process ID Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points YARA Actions
buffer 2 0x00400000 0x00419FFF Marked Executable - 32-bit - False
...
laafdy.exe 2 0x01300000 0x0142CFFF Forced - 32-bit - False
...
buffer 2 0x00400000 0x00419FFF Content Changed - 32-bit 0x00418340 False
...
buffer 2 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040CC74 True
...
buffer 2 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040B8A0, 0x00401000, ... True
...
buffer 2 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040928E, 0x00408FA2, ... True
...
buffer 2 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040AAE3 True
...
buffer 2 0x00400000 0x00419FFF Content Changed - 32-bit 0x00407000 True
...
laafdy.exe 1 0x01300000 0x0142CFFF Process Termination - 32-bit - False
...
buffer 2 0x00400000 0x00419FFF Content Changed - 32-bit 0x004017BC True
...
buffer 2 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040541B True
...
buffer 2 0x00400000 0x00419FFF Content Changed - 32-bit 0x00402193 True
...
buffer 2 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040B90A, 0x0040CE70, ... True
...
buffer 2 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040872E True
...
buffer 2 0x00400000 0x00419FFF Content Changed - 32-bit 0x00402193 True
...
buffer 2 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040B90A True
...
buffer 2 0x00400000 0x00419FFF Content Changed - 32-bit 0x004017BC True
...
buffer 2 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040541B True
...
buffer 2 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040B90A, 0x0040CE70, ... True
...
buffer 2 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040872E True
...
buffer 2 0x00400000 0x00419FFF Content Changed - 32-bit 0x004017BC True
...
buffer 2 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040541B True
...
C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setx.url Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 0.09 KB
MD5 a635d51b90fc12c47dd74b2126c73a83 Copy to Clipboard
SHA1 208591acfec3c5235865395317a5cc2cab9416bd Copy to Clipboard
SHA256 853ee679a046ef13c6b18fcc601e99e5fcb3ae3d738235d6382f37404745f5c5 Copy to Clipboard
SSDeep 3:HRAbABGQVuOEwREaKC5KkZzIdktXNn:HRYF5OxiaZ5K0ICN Copy to Clipboard
C:\Users\FD1HVy\AppData\Roaming\phoneactivate\setx.vbs Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 0.14 KB
MD5 f674e1b3b514a8f401d779ae26147e6b Copy to Clipboard
SHA1 4822751d6b452261ad539813f99756c4dbf882b6 Copy to Clipboard
SHA256 0a89f1b05c990f5fceaab56d385f8092cbd7960399a31e68f5423ef49cbf0003 Copy to Clipboard
SSDeep 3:jaPcYoncIQBHoEwREaKC5KkZzIdktXNHn:jk+cjIxiaZ5K0IC1 Copy to Clipboard
C:\Users\FD1HVy\AppData\Roaming\phoneactivate\AboveLockAppHost.exe Dropped File Binary
Unknown
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 1.20 MB
MD5 6d6a9da3ed1f72ed583f4c62373d9530 Copy to Clipboard
SHA1 71961de25ea0d1f47ebfa33382a2db054f193b94 Copy to Clipboard
SHA256 99a1b0fecaeef1933f737c9a8eccf5e05e91ed1aeba46ac9eac2dc7863ca88c5 Copy to Clipboard
SSDeep 24576:KCdxte/80jYLT3U1jfsWagtD3Y37V7bLMKixQaR:Lw80cTsjkWag+79b4Kxg Copy to Clipboard
ImpHash afcdf79be1557326c854b6e20cb900a7 Copy to Clipboard
Parser Error Remark Static analyzer was unable to completely parse the analyzed file
PE Information
»
Image Base 0x400000
Entry Point 0x427f4a
Size Of Code 0x8de00
Size Of Initialized Data 0x98600
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2019-04-02 09:51:37+00:00
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x8dd2e 0x8de00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.68
.rdata 0x48f000 0x2e10e 0x2e200 0x8e200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.76
.data 0x4be000 0x8f74 0x5200 0xbc400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 1.2
.rsrc 0x4c7000 0x5dfb4 0x5e000 0xc1600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.78
.reloc 0x525000 0x7130 0x7200 0x11f600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.78
Imports (18)
»
WSOCK32.dll (23)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WSACleanup 0x74 0x48f7c8 0xbad90 0xb9f90 -
socket 0x17 0x48f7cc 0xbad94 0xb9f94 -
inet_ntoa 0xc 0x48f7d0 0xbad98 0xb9f98 -
setsockopt 0x15 0x48f7d4 0xbad9c 0xb9f9c -
ntohs 0xf 0x48f7d8 0xbada0 0xb9fa0 -
recvfrom 0x11 0x48f7dc 0xbada4 0xb9fa4 -
ioctlsocket 0xa 0x48f7e0 0xbada8 0xb9fa8 -
htons 0x9 0x48f7e4 0xbadac 0xb9fac -
WSAStartup 0x73 0x48f7e8 0xbadb0 0xb9fb0 -
__WSAFDIsSet 0x97 0x48f7ec 0xbadb4 0xb9fb4 -
select 0x12 0x48f7f0 0xbadb8 0xb9fb8 -
accept 0x1 0x48f7f4 0xbadbc 0xb9fbc -
listen 0xd 0x48f7f8 0xbadc0 0xb9fc0 -
bind 0x2 0x48f7fc 0xbadc4 0xb9fc4 -
closesocket 0x3 0x48f800 0xbadc8 0xb9fc8 -
WSAGetLastError 0x6f 0x48f804 0xbadcc 0xb9fcc -
recv 0x10 0x48f808 0xbadd0 0xb9fd0 -
sendto 0x14 0x48f80c 0xbadd4 0xb9fd4 -
send 0x13 0x48f810 0xbadd8 0xb9fd8 -
inet_addr 0xb 0x48f814 0xbaddc 0xb9fdc -
gethostbyname 0x34 0x48f818 0xbade0 0xb9fe0 -
gethostname 0x39 0x48f81c 0xbade4 0xb9fe4 -
connect 0x4 0x48f820 0xbade8 0xb9fe8 -
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoW 0x0 0x48f76c 0xbad34 0xb9f34 0x6
GetFileVersionInfoSizeW 0x0 0x48f770 0xbad38 0xb9f38 0x5
VerQueryValueW 0x0 0x48f774 0xbad3c 0xb9f3c 0xe
WINMM.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
timeGetTime 0x0 0x48f7b8 0xbad80 0xb9f80 0x94
waveOutSetVolume 0x0 0x48f7bc 0xbad84 0xb9f84 0xbb
mciSendStringW 0x0 0x48f7c0 0xbad88 0xb9f88 0x32
COMCTL32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_ReplaceIcon 0x0 0x48f088 0xba650 0xb9850 0x6f
ImageList_Destroy 0x0 0x48f08c 0xba654 0xb9854 0x54
ImageList_Remove 0x0 0x48f090 0xba658 0xb9858 0x6d
ImageList_SetDragCursorImage 0x0 0x48f094 0xba65c 0xb985c 0x72
ImageList_BeginDrag 0x0 0x48f098 0xba660 0xb9860 0x50
ImageList_DragEnter 0x0 0x48f09c 0xba664 0xb9864 0x56
ImageList_DragLeave 0x0 0x48f0a0 0xba668 0xb9868 0x57
ImageList_EndDrag 0x0 0x48f0a4 0xba66c 0xb986c 0x5e
ImageList_DragMove 0x0 0x48f0a8 0xba670 0xb9870 0x58
InitCommonControlsEx 0x0 0x48f0ac 0xba674 0xb9874 0x7b
ImageList_Create 0x0 0x48f0b0 0xba678 0xb9878 0x53
MPR.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WNetUseConnectionW 0x0 0x48f3f8 0xba9c0 0xb9bc0 0x49
WNetCancelConnection2W 0x0 0x48f3fc 0xba9c4 0xb9bc4 0xc
WNetGetConnectionW 0x0 0x48f400 0xba9c8 0xb9bc8 0x24
WNetAddConnection2W 0x0 0x48f404 0xba9cc 0xb9bcc 0x6
WININET.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InternetQueryDataAvailable 0x0 0x48f77c 0xbad44 0xb9f44 0x9b
InternetCloseHandle 0x0 0x48f780 0xbad48 0xb9f48 0x6b
InternetOpenW 0x0 0x48f784 0xbad4c 0xb9f4c 0x9a
InternetSetOptionW 0x0 0x48f788 0xbad50 0xb9f50 0xaf
InternetCrackUrlW 0x0 0x48f78c 0xbad54 0xb9f54 0x74
HttpQueryInfoW 0x0 0x48f790 0xbad58 0xb9f58 0x5a
InternetQueryOptionW 0x0 0x48f794 0xbad5c 0xb9f5c 0x9e
HttpOpenRequestW 0x0 0x48f798 0xbad60 0xb9f60 0x58
HttpSendRequestW 0x0 0x48f79c 0xbad64 0xb9f64 0x5e
FtpOpenFileW 0x0 0x48f7a0 0xbad68 0xb9f68 0x35
FtpGetFileSize 0x0 0x48f7a4 0xbad6c 0xb9f6c 0x32
InternetOpenUrlW 0x0 0x48f7a8 0xbad70 0xb9f70 0x99
InternetReadFile 0x0 0x48f7ac 0xbad74 0xb9f74 0x9f
InternetConnectW 0x0 0x48f7b0 0xbad78 0xb9f78 0x72
PSAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetProcessMemoryInfo 0x0 0x48f484 0xbaa4c 0xb9c4c 0x15
IPHLPAPI.DLL (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IcmpCreateFile 0x0 0x48f154 0xba71c 0xb991c 0x85
IcmpCloseHandle 0x0 0x48f158 0xba720 0xb9920 0x84
IcmpSendEcho 0x0 0x48f15c 0xba724 0xb9924 0x87
USERENV.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DestroyEnvironmentBlock 0x0 0x48f750 0xbad18 0xb9f18 0x4
UnloadUserProfile 0x0 0x48f754 0xbad1c 0xb9f1c 0x2c
CreateEnvironmentBlock 0x0 0x48f758 0xbad20 0xb9f20 0x0
LoadUserProfileW 0x0 0x48f75c 0xbad24 0xb9f24 0x21
UxTheme.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IsThemeActive 0x0 0x48f764 0xbad2c 0xb9f2c 0x3f
KERNEL32.dll (164)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DuplicateHandle 0x0 0x48f164 0xba72c 0xb992c 0xe8
CreateThread 0x0 0x48f168 0xba730 0xb9930 0xb5
WaitForSingleObject 0x0 0x48f16c 0xba734 0xb9934 0x4f9
HeapAlloc 0x0 0x48f170 0xba738 0xb9938 0x2cb
GetProcessHeap 0x0 0x48f174 0xba73c 0xb993c 0x24a
HeapFree 0x0 0x48f178 0xba740 0xb9940 0x2cf
Sleep 0x0 0x48f17c 0xba744 0xb9944 0x4b2
GetCurrentThreadId 0x0 0x48f180 0xba748 0xb9948 0x1c5
MultiByteToWideChar 0x0 0x48f184 0xba74c 0xb994c 0x367
MulDiv 0x0 0x48f188 0xba750 0xb9950 0x366
GetVersionExW 0x0 0x48f18c 0xba754 0xb9954 0x2a4
IsWow64Process 0x0 0x48f190 0xba758 0xb9958 0x30e
GetSystemInfo 0x0 0x48f194 0xba75c 0xb995c 0x273
FreeLibrary 0x0 0x48f198 0xba760 0xb9960 0x162
LoadLibraryA 0x0 0x48f19c 0xba764 0xb9964 0x33c
GetProcAddress 0x0 0x48f1a0 0xba768 0xb9968 0x245
SetErrorMode 0x0 0x48f1a4 0xba76c 0xb996c 0x458
GetModuleFileNameW 0x0 0x48f1a8 0xba770 0xb9970 0x214
WideCharToMultiByte 0x0 0x48f1ac 0xba774 0xb9974 0x511
lstrcpyW 0x0 0x48f1b0 0xba778 0xb9978 0x548
lstrlenW 0x0 0x48f1b4 0xba77c 0xb997c 0x54e
GetModuleHandleW 0x0 0x48f1b8 0xba780 0xb9980 0x218
QueryPerformanceCounter 0x0 0x48f1bc 0xba784 0xb9984 0x3a7
VirtualFreeEx 0x0 0x48f1c0 0xba788 0xb9988 0x4ed
OpenProcess 0x0 0x48f1c4 0xba78c 0xb998c 0x380
VirtualAllocEx 0x0 0x48f1c8 0xba790 0xb9990 0x4ea
WriteProcessMemory 0x0 0x48f1cc 0xba794 0xb9994 0x52e
ReadProcessMemory 0x0 0x48f1d0 0xba798 0xb9998 0x3c3
CreateFileW 0x0 0x48f1d4 0xba79c 0xb999c 0x8f
SetFilePointerEx 0x0 0x48f1d8 0xba7a0 0xb99a0 0x467
SetEndOfFile 0x0 0x48f1dc 0xba7a4 0xb99a4 0x453
ReadFile 0x0 0x48f1e0 0xba7a8 0xb99a8 0x3c0
WriteFile 0x0 0x48f1e4 0xba7ac 0xb99ac 0x525
FlushFileBuffers 0x0 0x48f1e8 0xba7b0 0xb99b0 0x157
TerminateProcess 0x0 0x48f1ec 0xba7b4 0xb99b4 0x4c0
CreateToolhelp32Snapshot 0x0 0x48f1f0 0xba7b8 0xb99b8 0xbe
Process32FirstW 0x0 0x48f1f4 0xba7bc 0xb99bc 0x396
Process32NextW 0x0 0x48f1f8 0xba7c0 0xb99c0 0x398
SetFileTime 0x0 0x48f1fc 0xba7c4 0xb99c4 0x46a
GetFileAttributesW 0x0 0x48f200 0xba7c8 0xb99c8 0x1ea
FindFirstFileW 0x0 0x48f204 0xba7cc 0xb99cc 0x139
SetCurrentDirectoryW 0x0 0x48f208 0xba7d0 0xb99d0 0x44d
GetLongPathNameW 0x0 0x48f20c 0xba7d4 0xb99d4 0x20f
GetShortPathNameW 0x0 0x48f210 0xba7d8 0xb99d8 0x261
DeleteFileW 0x0 0x48f214 0xba7dc 0xb99dc 0xd6
FindNextFileW 0x0 0x48f218 0xba7e0 0xb99e0 0x145
CopyFileExW 0x0 0x48f21c 0xba7e4 0xb99e4 0x72
MoveFileW 0x0 0x48f220 0xba7e8 0xb99e8 0x363
CreateDirectoryW 0x0 0x48f224 0xba7ec 0xb99ec 0x81
RemoveDirectoryW 0x0 0x48f228 0xba7f0 0xb99f0 0x403
SetSystemPowerState 0x0 0x48f22c 0xba7f4 0xb99f4 0x48a
QueryPerformanceFrequency 0x0 0x48f230 0xba7f8 0xb99f8 0x3a8
FindResourceW 0x0 0x48f234 0xba7fc 0xb99fc 0x14e
LoadResource 0x0 0x48f238 0xba800 0xb9a00 0x341
LockResource 0x0 0x48f23c 0xba804 0xb9a04 0x354
SizeofResource 0x0 0x48f240 0xba808 0xb9a08 0x4b1
EnumResourceNamesW 0x0 0x48f244 0xba80c 0xb9a0c 0x102
OutputDebugStringW 0x0 0x48f248 0xba810 0xb9a10 0x38a
GetTempPathW 0x0 0x48f24c 0xba814 0xb9a14 0x285
GetTempFileNameW 0x0 0x48f250 0xba818 0xb9a18 0x283
DeviceIoControl 0x0 0x48f254 0xba81c 0xb9a1c 0xdd
GetLocalTime 0x0 0x48f258 0xba820 0xb9a20 0x203
CompareStringW 0x0 0x48f25c 0xba824 0xb9a24 0x64
GetCurrentProcess 0x0 0x48f260 0xba828 0xb9a28 0x1c0
EnterCriticalSection 0x0 0x48f264 0xba82c 0xb9a2c 0xee
LeaveCriticalSection 0x0 0x48f268 0xba830 0xb9a30 0x339
GetStdHandle 0x0 0x48f26c 0xba834 0xb9a34 0x264
CreatePipe 0x0 0x48f270 0xba838 0xb9a38 0xa1
InterlockedExchange 0x0 0x48f274 0xba83c 0xb9a3c 0x2ec
TerminateThread 0x0 0x48f278 0xba840 0xb9a40 0x4c1
LoadLibraryExW 0x0 0x48f27c 0xba844 0xb9a44 0x33e
FindResourceExW 0x0 0x48f280 0xba848 0xb9a48 0x14d
CopyFileW 0x0 0x48f284 0xba84c 0xb9a4c 0x75
VirtualFree 0x0 0x48f288 0xba850 0xb9a50 0x4ec
FormatMessageW 0x0 0x48f28c 0xba854 0xb9a54 0x15e
GetExitCodeProcess 0x0 0x48f290 0xba858 0xb9a58 0x1df
GetPrivateProfileStringW 0x0 0x48f294 0xba85c 0xb9a5c 0x242
WritePrivateProfileStringW 0x0 0x48f298 0xba860 0xb9a60 0x52b
GetPrivateProfileSectionW 0x0 0x48f29c 0xba864 0xb9a64 0x240
WritePrivateProfileSectionW 0x0 0x48f2a0 0xba868 0xb9a68 0x529
GetPrivateProfileSectionNamesW 0x0 0x48f2a4 0xba86c 0xb9a6c 0x23f
FileTimeToLocalFileTime 0x0 0x48f2a8 0xba870 0xb9a70 0x124
FileTimeToSystemTime 0x0 0x48f2ac 0xba874 0xb9a74 0x125
SystemTimeToFileTime 0x0 0x48f2b0 0xba878 0xb9a78 0x4bd
LocalFileTimeToFileTime 0x0 0x48f2b4 0xba87c 0xb9a7c 0x346
GetDriveTypeW 0x0 0x48f2b8 0xba880 0xb9a80 0x1d3
GetDiskFreeSpaceExW 0x0 0x48f2bc 0xba884 0xb9a84 0x1ce
GetDiskFreeSpaceW 0x0 0x48f2c0 0xba888 0xb9a88 0x1cf
GetVolumeInformationW 0x0 0x48f2c4 0xba88c 0xb9a8c 0x2a7
SetVolumeLabelW 0x0 0x48f2c8 0xba890 0xb9a90 0x4a9
CreateHardLinkW 0x0 0x48f2cc 0xba894 0xb9a94 0x93
SetFileAttributesW 0x0 0x48f2d0 0xba898 0xb9a98 0x461
CreateEventW 0x0 0x48f2d4 0xba89c 0xb9a9c 0x85
SetEvent 0x0 0x48f2d8 0xba8a0 0xb9aa0 0x459
GetEnvironmentVariableW 0x0 0x48f2dc 0xba8a4 0xb9aa4 0x1dc
SetEnvironmentVariableW 0x0 0x48f2e0 0xba8a8 0xb9aa8 0x457
GlobalLock 0x0 0x48f2e4 0xba8ac 0xb9aac 0x2be
GlobalUnlock 0x0 0x48f2e8 0xba8b0 0xb9ab0 0x2c5
GlobalAlloc 0x0 0x48f2ec 0xba8b4 0xb9ab4 0x2b3
GetFileSize 0x0 0x48f2f0 0xba8b8 0xb9ab8 0x1f0
GlobalFree 0x0 0x48f2f4 0xba8bc 0xb9abc 0x2ba
GlobalMemoryStatusEx 0x0 0x48f2f8 0xba8c0 0xb9ac0 0x2c0
Beep 0x0 0x48f2fc 0xba8c4 0xb9ac4 0x36
GetSystemDirectoryW 0x0 0x48f300 0xba8c8 0xb9ac8 0x270
HeapReAlloc 0x0 0x48f304 0xba8cc 0xb9acc 0x2d2
HeapSize 0x0 0x48f308 0xba8d0 0xb9ad0 0x2d4
GetComputerNameW 0x0 0x48f30c 0xba8d4 0xb9ad4 0x18f
GetWindowsDirectoryW 0x0 0x48f310 0xba8d8 0xb9ad8 0x2af
GetCurrentProcessId 0x0 0x48f314 0xba8dc 0xb9adc 0x1c1
GetProcessIoCounters 0x0 0x48f318 0xba8e0 0xb9ae0 0x24e
CreateProcessW 0x0 0x48f31c 0xba8e4 0xb9ae4 0xa8
GetProcessId 0x0 0x48f320 0xba8e8 0xb9ae8 0x24c
SetPriorityClass 0x0 0x48f324 0xba8ec 0xb9aec 0x47d
LoadLibraryW 0x0 0x48f328 0xba8f0 0xb9af0 0x33f
VirtualAlloc 0x0 0x48f32c 0xba8f4 0xb9af4 0x4e9
IsDebuggerPresent 0x0 0x48f330 0xba8f8 0xb9af8 0x300
GetCurrentDirectoryW 0x0 0x48f334 0xba8fc 0xb9afc 0x1bf
lstrcmpiW 0x0 0x48f338 0xba900 0xb9b00 0x545
DecodePointer 0x0 0x48f33c 0xba904 0xb9b04 0xca
GetLastError 0x0 0x48f340 0xba908 0xb9b08 0x202
RaiseException 0x0 0x48f344 0xba90c 0xb9b0c 0x3b1
InitializeCriticalSectionAndSpinCount 0x0 0x48f348 0xba910 0xb9b10 0x2e3
DeleteCriticalSection 0x0 0x48f34c 0xba914 0xb9b14 0xd1
InterlockedDecrement 0x0 0x48f350 0xba918 0xb9b18 0x2eb
InterlockedIncrement 0x0 0x48f354 0xba91c 0xb9b1c 0x2ef
GetCurrentThread 0x0 0x48f358 0xba920 0xb9b20 0x1c4
CloseHandle 0x0 0x48f35c 0xba924 0xb9b24 0x52
GetFullPathNameW 0x0 0x48f360 0xba928 0xb9b28 0x1fb
EncodePointer 0x0 0x48f364 0xba92c 0xb9b2c 0xea
ExitProcess 0x0 0x48f368 0xba930 0xb9b30 0x119
GetModuleHandleExW 0x0 0x48f36c 0xba934 0xb9b34 0x217
ExitThread 0x0 0x48f370 0xba938 0xb9b38 0x11a
GetSystemTimeAsFileTime 0x0 0x48f374 0xba93c 0xb9b3c 0x279
ResumeThread 0x0 0x48f378 0xba940 0xb9b40 0x413
GetCommandLineW 0x0 0x48f37c 0xba944 0xb9b44 0x187
IsProcessorFeaturePresent 0x0 0x48f380 0xba948 0xb9b48 0x304
IsValidCodePage 0x0 0x48f384 0xba94c 0xb9b4c 0x30a
GetACP 0x0 0x48f388 0xba950 0xb9b50 0x168
GetOEMCP 0x0 0x48f38c 0xba954 0xb9b54 0x237
GetCPInfo 0x0 0x48f390 0xba958 0xb9b58 0x172
SetLastError 0x0 0x48f394 0xba95c 0xb9b5c 0x473
UnhandledExceptionFilter 0x0 0x48f398 0xba960 0xb9b60 0x4d3
SetUnhandledExceptionFilter 0x0 0x48f39c 0xba964 0xb9b64 0x4a5
TlsAlloc 0x0 0x48f3a0 0xba968 0xb9b68 0x4c5
TlsGetValue 0x0 0x48f3a4 0xba96c 0xb9b6c 0x4c7
TlsSetValue 0x0 0x48f3a8 0xba970 0xb9b70 0x4c8
TlsFree 0x0 0x48f3ac 0xba974 0xb9b74 0x4c6
GetStartupInfoW 0x0 0x48f3b0 0xba978 0xb9b78 0x263
GetStringTypeW 0x0 0x48f3b4 0xba97c 0xb9b7c 0x269
SetStdHandle 0x0 0x48f3b8 0xba980 0xb9b80 0x487
GetFileType 0x0 0x48f3bc 0xba984 0xb9b84 0x1f3
GetConsoleCP 0x0 0x48f3c0 0xba988 0xb9b88 0x19a
GetConsoleMode 0x0 0x48f3c4 0xba98c 0xb9b8c 0x1ac
RtlUnwind 0x0 0x48f3c8 0xba990 0xb9b90 0x418
ReadConsoleW 0x0 0x48f3cc 0xba994 0xb9b94 0x3be
GetTimeZoneInformation 0x0 0x48f3d0 0xba998 0xb9b98 0x298
GetDateFormatW 0x0 0x48f3d4 0xba99c 0xb9b9c 0x1c8
GetTimeFormatW 0x0 0x48f3d8 0xba9a0 0xb9ba0 0x297
LCMapStringW 0x0 0x48f3dc 0xba9a4 0xb9ba4 0x32d
GetEnvironmentStringsW 0x0 0x48f3e0 0xba9a8 0xb9ba8 0x1da
FreeEnvironmentStringsW 0x0 0x48f3e4 0xba9ac 0xb9bac 0x161
WriteConsoleW 0x0 0x48f3e8 0xba9b0 0xb9bb0 0x524
FindClose 0x0 0x48f3ec 0xba9b4 0xb9bb4 0x12e
SetEnvironmentVariableA 0x0 0x48f3f0 0xba9b8 0xb9bb8 0x456
USER32.dll (160)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AdjustWindowRectEx 0x0 0x48f4cc 0xbaa94 0xb9c94 0x3
CopyImage 0x0 0x48f4d0 0xbaa98 0xb9c98 0x54
SetWindowPos 0x0 0x48f4d4 0xbaa9c 0xb9c9c 0x2c6
GetCursorInfo 0x0 0x48f4d8 0xbaaa0 0xb9ca0 0x11f
RegisterHotKey 0x0 0x48f4dc 0xbaaa4 0xb9ca4 0x256
ClientToScreen 0x0 0x48f4e0 0xbaaa8 0xb9ca8 0x47
GetKeyboardLayoutNameW 0x0 0x48f4e4 0xbaaac 0xb9cac 0x141
IsCharAlphaW 0x0 0x48f4e8 0xbaab0 0xb9cb0 0x1c4
IsCharAlphaNumericW 0x0 0x48f4ec 0xbaab4 0xb9cb4 0x1c3
IsCharLowerW 0x0 0x48f4f0 0xbaab8 0xb9cb8 0x1c6
IsCharUpperW 0x0 0x48f4f4 0xbaabc 0xb9cbc 0x1c8
GetMenuStringW 0x0 0x48f4f8 0xbaac0 0xb9cc0 0x158
GetSubMenu 0x0 0x48f4fc 0xbaac4 0xb9cc4 0x17a
GetCaretPos 0x0 0x48f500 0xbaac8 0xb9cc8 0x10a
IsZoomed 0x0 0x48f504 0xbaacc 0xb9ccc 0x1e2
MonitorFromPoint 0x0 0x48f508 0xbaad0 0xb9cd0 0x218
GetMonitorInfoW 0x0 0x48f50c 0xbaad4 0xb9cd4 0x15f
SetWindowLongW 0x0 0x48f510 0xbaad8 0xb9cd8 0x2c4
SetLayeredWindowAttributes 0x0 0x48f514 0xbaadc 0xb9cdc 0x298
FlashWindow 0x0 0x48f518 0xbaae0 0xb9ce0 0xfb
GetClassLongW 0x0 0x48f51c 0xbaae4 0xb9ce4 0x110
TranslateAcceleratorW 0x0 0x48f520 0xbaae8 0xb9ce8 0x2fa
IsDialogMessageW 0x0 0x48f524 0xbaaec 0xb9cec 0x1cd
GetSysColor 0x0 0x48f528 0xbaaf0 0xb9cf0 0x17b
InflateRect 0x0 0x48f52c 0xbaaf4 0xb9cf4 0x1b5
DrawFocusRect 0x0 0x48f530 0xbaaf8 0xb9cf8 0xc4
DrawTextW 0x0 0x48f534 0xbaafc 0xb9cfc 0xd0
FrameRect 0x0 0x48f538 0xbab00 0xb9d00 0xfd
DrawFrameControl 0x0 0x48f53c 0xbab04 0xb9d04 0xc6
FillRect 0x0 0x48f540 0xbab08 0xb9d08 0xf6
PtInRect 0x0 0x48f544 0xbab0c 0xb9d0c 0x240
DestroyAcceleratorTable 0x0 0x48f548 0xbab10 0xb9d10 0xa0
CreateAcceleratorTableW 0x0 0x48f54c 0xbab14 0xb9d14 0x58
SetCursor 0x0 0x48f550 0xbab18 0xb9d18 0x288
GetWindowDC 0x0 0x48f554 0xbab1c 0xb9d1c 0x192
GetSystemMetrics 0x0 0x48f558 0xbab20 0xb9d20 0x17e
GetActiveWindow 0x0 0x48f55c 0xbab24 0xb9d24 0x100
CharNextW 0x0 0x48f560 0xbab28 0xb9d28 0x31
wsprintfW 0x0 0x48f564 0xbab2c 0xb9d2c 0x333
RedrawWindow 0x0 0x48f568 0xbab30 0xb9d30 0x24a
DrawMenuBar 0x0 0x48f56c 0xbab34 0xb9d34 0xc9
DestroyMenu 0x0 0x48f570 0xbab38 0xb9d38 0xa4
SetMenu 0x0 0x48f574 0xbab3c 0xb9d3c 0x29c
GetWindowTextLengthW 0x0 0x48f578 0xbab40 0xb9d40 0x1a2
CreateMenu 0x0 0x48f57c 0xbab44 0xb9d44 0x6a
IsDlgButtonChecked 0x0 0x48f580 0xbab48 0xb9d48 0x1ce
DefDlgProcW 0x0 0x48f584 0xbab4c 0xb9d4c 0x95
CallWindowProcW 0x0 0x48f588 0xbab50 0xb9d50 0x1e
ReleaseCapture 0x0 0x48f58c 0xbab54 0xb9d54 0x264
SetCapture 0x0 0x48f590 0xbab58 0xb9d58 0x280
CreateIconFromResourceEx 0x0 0x48f594 0xbab5c 0xb9d5c 0x66
mouse_event 0x0 0x48f598 0xbab60 0xb9d60 0x331
ExitWindowsEx 0x0 0x48f59c 0xbab64 0xb9d64 0xf5
SetActiveWindow 0x0 0x48f5a0 0xbab68 0xb9d68 0x27f
FindWindowExW 0x0 0x48f5a4 0xbab6c 0xb9d6c 0xf9
EnumThreadWindows 0x0 0x48f5a8 0xbab70 0xb9d70 0xef
SetMenuDefaultItem 0x0 0x48f5ac 0xbab74 0xb9d74 0x29e
InsertMenuItemW 0x0 0x48f5b0 0xbab78 0xb9d78 0x1b9
IsMenu 0x0 0x48f5b4 0xbab7c 0xb9d7c 0x1d2
TrackPopupMenuEx 0x0 0x48f5b8 0xbab80 0xb9d80 0x2f7
GetCursorPos 0x0 0x48f5bc 0xbab84 0xb9d84 0x120
DeleteMenu 0x0 0x48f5c0 0xbab88 0xb9d88 0x9e
SetRect 0x0 0x48f5c4 0xbab8c 0xb9d8c 0x2ae
GetMenuItemID 0x0 0x48f5c8 0xbab90 0xb9d90 0x152
GetMenuItemCount 0x0 0x48f5cc 0xbab94 0xb9d94 0x151
SetMenuItemInfoW 0x0 0x48f5d0 0xbab98 0xb9d98 0x2a2
GetMenuItemInfoW 0x0 0x48f5d4 0xbab9c 0xb9d9c 0x154
SetForegroundWindow 0x0 0x48f5d8 0xbaba0 0xb9da0 0x293
IsIconic 0x0 0x48f5dc 0xbaba4 0xb9da4 0x1d1
FindWindowW 0x0 0x48f5e0 0xbaba8 0xb9da8 0xfa
MonitorFromRect 0x0 0x48f5e4 0xbabac 0xb9dac 0x219
keybd_event 0x0 0x48f5e8 0xbabb0 0xb9db0 0x330
SendInput 0x0 0x48f5ec 0xbabb4 0xb9db4 0x276
GetAsyncKeyState 0x0 0x48f5f0 0xbabb8 0xb9db8 0x107
SetKeyboardState 0x0 0x48f5f4 0xbabbc 0xb9dbc 0x296
GetKeyboardState 0x0 0x48f5f8 0xbabc0 0xb9dc0 0x142
GetKeyState 0x0 0x48f5fc 0xbabc4 0xb9dc4 0x13d
VkKeyScanW 0x0 0x48f600 0xbabc8 0xb9dc8 0x321
LoadStringW 0x0 0x48f604 0xbabcc 0xb9dcc 0x1fa
DialogBoxParamW 0x0 0x48f608 0xbabd0 0xb9dd0 0xac
MessageBeep 0x0 0x48f60c 0xbabd4 0xb9dd4 0x20d
EndDialog 0x0 0x48f610 0xbabd8 0xb9dd8 0xda
SendDlgItemMessageW 0x0 0x48f614 0xbabdc 0xb9ddc 0x273
GetDlgItem 0x0 0x48f618 0xbabe0 0xb9de0 0x127
SetWindowTextW 0x0 0x48f61c 0xbabe4 0xb9de4 0x2cb
CopyRect 0x0 0x48f620 0xbabe8 0xb9de8 0x55
ReleaseDC 0x0 0x48f624 0xbabec 0xb9dec 0x265
GetDC 0x0 0x48f628 0xbabf0 0xb9df0 0x121
EndPaint 0x0 0x48f62c 0xbabf4 0xb9df4 0xdc
BeginPaint 0x0 0x48f630 0xbabf8 0xb9df8 0xe
GetClientRect 0x0 0x48f634 0xbabfc 0xb9dfc 0x114
GetMenu 0x0 0x48f638 0xbac00 0xb9e00 0x14b
DestroyWindow 0x0 0x48f63c 0xbac04 0xb9e04 0xa6
EnumWindows 0x0 0x48f640 0xbac08 0xb9e08 0xf2
GetDesktopWindow 0x0 0x48f644 0xbac0c 0xb9e0c 0x123
IsWindow 0x0 0x48f648 0xbac10 0xb9e10 0x1db
IsWindowEnabled 0x0 0x48f64c 0xbac14 0xb9e14 0x1dc
IsWindowVisible 0x0 0x48f650 0xbac18 0xb9e18 0x1e0
EnableWindow 0x0 0x48f654 0xbac1c 0xb9e1c 0xd8
InvalidateRect 0x0 0x48f658 0xbac20 0xb9e20 0x1be
GetWindowLongW 0x0 0x48f65c 0xbac24 0xb9e24 0x196
GetWindowThreadProcessId 0x0 0x48f660 0xbac28 0xb9e28 0x1a4
AttachThreadInput 0x0 0x48f664 0xbac2c 0xb9e2c 0xc
GetFocus 0x0 0x48f668 0xbac30 0xb9e30 0x12c
GetWindowTextW 0x0 0x48f66c 0xbac34 0xb9e34 0x1a3
ScreenToClient 0x0 0x48f670 0xbac38 0xb9e38 0x26d
SendMessageTimeoutW 0x0 0x48f674 0xbac3c 0xb9e3c 0x27b
EnumChildWindows 0x0 0x48f678 0xbac40 0xb9e40 0xdf
CharUpperBuffW 0x0 0x48f67c 0xbac44 0xb9e44 0x3b
GetParent 0x0 0x48f680 0xbac48 0xb9e48 0x164
GetDlgCtrlID 0x0 0x48f684 0xbac4c 0xb9e4c 0x126
SendMessageW 0x0 0x48f688 0xbac50 0xb9e50 0x27c
MapVirtualKeyW 0x0 0x48f68c 0xbac54 0xb9e54 0x208
PostMessageW 0x0 0x48f690 0xbac58 0xb9e58 0x236
GetWindowRect 0x0 0x48f694 0xbac5c 0xb9e5c 0x19c
SetUserObjectSecurity 0x0 0x48f698 0xbac60 0xb9e60 0x2be
CloseDesktop 0x0 0x48f69c 0xbac64 0xb9e64 0x4a
CloseWindowStation 0x0 0x48f6a0 0xbac68 0xb9e68 0x4e
OpenDesktopW 0x0 0x48f6a4 0xbac6c 0xb9e6c 0x228
SetProcessWindowStation 0x0 0x48f6a8 0xbac70 0xb9e70 0x2aa
GetProcessWindowStation 0x0 0x48f6ac 0xbac74 0xb9e74 0x168
OpenWindowStationW 0x0 0x48f6b0 0xbac78 0xb9e78 0x22d
GetUserObjectSecurity 0x0 0x48f6b4 0xbac7c 0xb9e7c 0x18c
MessageBoxW 0x0 0x48f6b8 0xbac80 0xb9e80 0x215
DefWindowProcW 0x0 0x48f6bc 0xbac84 0xb9e84 0x9c
SetClipboardData 0x0 0x48f6c0 0xbac88 0xb9e88 0x286
EmptyClipboard 0x0 0x48f6c4 0xbac8c 0xb9e8c 0xd5
CountClipboardFormats 0x0 0x48f6c8 0xbac90 0xb9e90 0x56
CloseClipboard 0x0 0x48f6cc 0xbac94 0xb9e94 0x49
GetClipboardData 0x0 0x48f6d0 0xbac98 0xb9e98 0x116
IsClipboardFormatAvailable 0x0 0x48f6d4 0xbac9c 0xb9e9c 0x1ca
OpenClipboard 0x0 0x48f6d8 0xbaca0 0xb9ea0 0x226
BlockInput 0x0 0x48f6dc 0xbaca4 0xb9ea4 0xf
GetMessageW 0x0 0x48f6e0 0xbaca8 0xb9ea8 0x15d
LockWindowUpdate 0x0 0x48f6e4 0xbacac 0xb9eac 0x1fd
DispatchMessageW 0x0 0x48f6e8 0xbacb0 0xb9eb0 0xaf
TranslateMessage 0x0 0x48f6ec 0xbacb4 0xb9eb4 0x2fc
PeekMessageW 0x0 0x48f6f0 0xbacb8 0xb9eb8 0x233
UnregisterHotKey 0x0 0x48f6f4 0xbacbc 0xb9ebc 0x308
CheckMenuRadioItem 0x0 0x48f6f8 0xbacc0 0xb9ec0 0x40
CharLowerBuffW 0x0 0x48f6fc 0xbacc4 0xb9ec4 0x2d
MoveWindow 0x0 0x48f700 0xbacc8 0xb9ec8 0x21b
SetFocus 0x0 0x48f704 0xbaccc 0xb9ecc 0x292
PostQuitMessage 0x0 0x48f708 0xbacd0 0xb9ed0 0x237
KillTimer 0x0 0x48f70c 0xbacd4 0xb9ed4 0x1e3
CreatePopupMenu 0x0 0x48f710 0xbacd8 0xb9ed8 0x6b
RegisterWindowMessageW 0x0 0x48f714 0xbacdc 0xb9edc 0x263
SetTimer 0x0 0x48f718 0xbace0 0xb9ee0 0x2bb
ShowWindow 0x0 0x48f71c 0xbace4 0xb9ee4 0x2df
CreateWindowExW 0x0 0x48f720 0xbace8 0xb9ee8 0x6e
RegisterClassExW 0x0 0x48f724 0xbacec 0xb9eec 0x24d
LoadIconW 0x0 0x48f728 0xbacf0 0xb9ef0 0x1ed
LoadCursorW 0x0 0x48f72c 0xbacf4 0xb9ef4 0x1eb
GetSysColorBrush 0x0 0x48f730 0xbacf8 0xb9ef8 0x17c
GetForegroundWindow 0x0 0x48f734 0xbacfc 0xb9efc 0x12d
MessageBoxA 0x0 0x48f738 0xbad00 0xb9f00 0x20e
DestroyIcon 0x0 0x48f73c 0xbad04 0xb9f04 0xa3
SystemParametersInfoW 0x0 0x48f740 0xbad08 0xb9f08 0x2ec
LoadImageW 0x0 0x48f744 0xbad0c 0xb9f0c 0x1ef
GetClassNameW 0x0 0x48f748 0xbad10 0xb9f10 0x112
GDI32.dll (35)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StrokePath 0x0 0x48f0c4 0xba68c 0xb988c 0x2b6
DeleteObject 0x0 0x48f0c8 0xba690 0xb9890 0xe6
GetTextExtentPoint32W 0x0 0x48f0cc 0xba694 0xb9894 0x21e
ExtCreatePen 0x0 0x48f0d0 0xba698 0xb9898 0x132
GetDeviceCaps 0x0 0x48f0d4 0xba69c 0xb989c 0x1cb
EndPath 0x0 0x48f0d8 0xba6a0 0xb98a0 0xf3
SetPixel 0x0 0x48f0dc 0xba6a4 0xb98a4 0x29b
CloseFigure 0x0 0x48f0e0 0xba6a8 0xb98a8 0x1e
CreateCompatibleBitmap 0x0 0x48f0e4 0xba6ac 0xb98ac 0x2f
CreateCompatibleDC 0x0 0x48f0e8 0xba6b0 0xb98b0 0x30
SelectObject 0x0 0x48f0ec 0xba6b4 0xb98b4 0x277
StretchBlt 0x0 0x48f0f0 0xba6b8 0xb98b8 0x2b3
GetDIBits 0x0 0x48f0f4 0xba6bc 0xb98bc 0x1ca
LineTo 0x0 0x48f0f8 0xba6c0 0xb98c0 0x236
AngleArc 0x0 0x48f0fc 0xba6c4 0xb98c4 0x8
MoveToEx 0x0 0x48f100 0xba6c8 0xb98c8 0x23a
Ellipse 0x0 0x48f104 0xba6cc 0xb98cc 0xed
DeleteDC 0x0 0x48f108 0xba6d0 0xb98d0 0xe3
GetPixel 0x0 0x48f10c 0xba6d4 0xb98d4 0x204
CreateDCW 0x0 0x48f110 0xba6d8 0xb98d8 0x32
GetStockObject 0x0 0x48f114 0xba6dc 0xb98dc 0x20d
GetTextFaceW 0x0 0x48f118 0xba6e0 0xb98e0 0x224
CreateFontW 0x0 0x48f11c 0xba6e4 0xb98e4 0x41
SetTextColor 0x0 0x48f120 0xba6e8 0xb98e8 0x2a6
PolyDraw 0x0 0x48f124 0xba6ec 0xb98ec 0x250
BeginPath 0x0 0x48f128 0xba6f0 0xb98f0 0x12
Rectangle 0x0 0x48f12c 0xba6f4 0xb98f4 0x25f
SetViewportOrgEx 0x0 0x48f130 0xba6f8 0xb98f8 0x2a9
GetObjectW 0x0 0x48f134 0xba6fc 0xb98fc 0x1fd
SetBkMode 0x0 0x48f138 0xba700 0xb9900 0x27f
RoundRect 0x0 0x48f13c 0xba704 0xb9904 0x26a
SetBkColor 0x0 0x48f140 0xba708 0xb9908 0x27e
CreatePen 0x0 0x48f144 0xba70c 0xb990c 0x4b
CreateSolidBrush 0x0 0x48f148 0xba710 0xb9910 0x54
StrokeAndFillPath 0x0 0x48f14c 0xba714 0xb9914 0x2b5
COMDLG32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetOpenFileNameW 0x0 0x48f0b8 0xba680 0xb9880 0xc
GetSaveFileNameW 0x0 0x48f0bc 0xba684 0xb9884 0xe
ADVAPI32.dll (33)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetAce 0x0 0x48f000 0xba5c8 0xb97c8 0x123
RegEnumValueW 0x0 0x48f004 0xba5cc 0xb97cc 0x252
RegDeleteValueW 0x0 0x48f008 0xba5d0 0xb97d0 0x248
RegDeleteKeyW 0x0 0x48f00c 0xba5d4 0xb97d4 0x244
RegEnumKeyExW 0x0 0x48f010 0xba5d8 0xb97d8 0x24f
RegSetValueExW 0x0 0x48f014 0xba5dc 0xb97dc 0x27e
RegOpenKeyExW 0x0 0x48f018 0xba5e0 0xb97e0 0x261
RegCloseKey 0x0 0x48f01c 0xba5e4 0xb97e4 0x230
RegQueryValueExW 0x0 0x48f020 0xba5e8 0xb97e8 0x26e
RegConnectRegistryW 0x0 0x48f024 0xba5ec 0xb97ec 0x234
InitializeSecurityDescriptor 0x0 0x48f028 0xba5f0 0xb97f0 0x177
InitializeAcl 0x0 0x48f02c 0xba5f4 0xb97f4 0x176
AdjustTokenPrivileges 0x0 0x48f030 0xba5f8 0xb97f8 0x1f
OpenThreadToken 0x0 0x48f034 0xba5fc 0xb97fc 0x1fc
OpenProcessToken 0x0 0x48f038 0xba600 0xb9800 0x1f7
LookupPrivilegeValueW 0x0 0x48f03c 0xba604 0xb9804 0x197
DuplicateTokenEx 0x0 0x48f040 0xba608 0xb9808 0xdf
CreateProcessAsUserW 0x0 0x48f044 0xba60c 0xb980c 0x7c
CreateProcessWithLogonW 0x0 0x48f048 0xba610 0xb9810 0x7d
GetLengthSid 0x0 0x48f04c 0xba614 0xb9814 0x136
CopySid 0x0 0x48f050 0xba618 0xb9818 0x76
LogonUserW 0x0 0x48f054 0xba61c 0xb981c 0x18d
AllocateAndInitializeSid 0x0 0x48f058 0xba620 0xb9820 0x20
CheckTokenMembership 0x0 0x48f05c 0xba624 0xb9824 0x51
RegCreateKeyExW 0x0 0x48f060 0xba628 0xb9828 0x239
FreeSid 0x0 0x48f064 0xba62c 0xb982c 0x120
GetTokenInformation 0x0 0x48f068 0xba630 0xb9830 0x15a
GetSecurityDescriptorDacl 0x0 0x48f06c 0xba634 0xb9834 0x148
GetAclInformation 0x0 0x48f070 0xba638 0xb9838 0x124
AddAce 0x0 0x48f074 0xba63c 0xb983c 0x16
SetSecurityDescriptorDacl 0x0 0x48f078 0xba640 0xb9840 0x2b6
GetUserNameW 0x0 0x48f07c 0xba644 0xb9844 0x165
InitiateSystemShutdownExW 0x0 0x48f080 0xba648 0xb9848 0x17d
SHELL32.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DragQueryPoint 0x0 0x48f48c 0xbaa54 0xb9c54 0x20
ShellExecuteExW 0x0 0x48f490 0xbaa58 0xb9c58 0x121
DragQueryFileW 0x0 0x48f494 0xbaa5c 0xb9c5c 0x1f
SHEmptyRecycleBinW 0x0 0x48f498 0xbaa60 0xb9c60 0xa5
SHGetPathFromIDListW 0x0 0x48f49c 0xbaa64 0xb9c64 0xd7
SHBrowseForFolderW 0x0 0x48f4a0 0xbaa68 0xb9c68 0x7b
SHCreateShellItem 0x0 0x48f4a4 0xbaa6c 0xb9c6c 0x9a
SHGetDesktopFolder 0x0 0x48f4a8 0xbaa70 0xb9c70 0xb6
SHGetSpecialFolderLocation 0x0 0x48f4ac 0xbaa74 0xb9c74 0xdf
SHGetFolderPathW 0x0 0x48f4b0 0xbaa78 0xb9c78 0xc3
SHFileOperationW 0x0 0x48f4b4 0xbaa7c 0xb9c7c 0xac
ExtractIconExW 0x0 0x48f4b8 0xbaa80 0xb9c80 0x2a
Shell_NotifyIconW 0x0 0x48f4bc 0xbaa84 0xb9c84 0x12e
ShellExecuteW 0x0 0x48f4c0 0xbaa88 0xb9c88 0x122
DragFinish 0x0 0x48f4c4 0xbaa8c 0xb9c8c 0x1b
ole32.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoTaskMemAlloc 0x0 0x48f828 0xbadf0 0xb9ff0 0x67
CoTaskMemFree 0x0 0x48f82c 0xbadf4 0xb9ff4 0x68
CLSIDFromString 0x0 0x48f830 0xbadf8 0xb9ff8 0x8
ProgIDFromCLSID 0x0 0x48f834 0xbadfc 0xb9ffc 0x14b
CLSIDFromProgID 0x0 0x48f838 0xbae00 0xba000 0x6
OleSetMenuDescriptor 0x0 0x48f83c 0xbae04 0xba004 0x147
MkParseDisplayName 0x0 0x48f840 0xbae08 0xba008 0xd4
OleSetContainedObject 0x0 0x48f844 0xbae0c 0xba00c 0x146
CoCreateInstance 0x0 0x48f848 0xbae10 0xba010 0x10
IIDFromString 0x0 0x48f84c 0xbae14 0xba014 0xcd
StringFromGUID2 0x0 0x48f850 0xbae18 0xba018 0x179
CreateStreamOnHGlobal 0x0 0x48f854 0xbae1c 0xba01c 0x86
OleInitialize 0x0 0x48f858 0xbae20 0xba020 0x132
OleUninitialize 0x0 0x48f85c 0xbae24 0xba024 0x149
CoInitialize 0x0 0x48f860 0xbae28 0xba028 0x3e
CoUninitialize 0x0 0x48f864 0xbae2c 0xba02c 0x6c
GetRunningObjectTable 0x0 0x48f868 0xbae30 0xba030 0x97
CoGetInstanceFromFile 0x0 0x48f86c 0xbae34 0xba034 0x2d
CoGetObject 0x0 0x48f870 0xbae38 0xba038 0x35
CoSetProxyBlanket 0x0 0x48f874 0xbae3c 0xba03c 0x63
CoCreateInstanceEx 0x0 0x48f878 0xbae40 0xba040 0x11
CoInitializeSecurity 0x0 0x48f87c 0xbae44 0xba044 0x40
OLEAUT32.dll (29)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadTypeLibEx 0xb7 0x48f40c 0xba9d4 0xb9bd4 -
VariantCopyInd 0xb 0x48f410 0xba9d8 0xb9bd8 -
SysReAllocString 0x3 0x48f414 0xba9dc 0xb9bdc -
SysFreeString 0x6 0x48f418 0xba9e0 0xb9be0 -
SafeArrayDestroyDescriptor 0x26 0x48f41c 0xba9e4 0xb9be4 -
SafeArrayDestroyData 0x27 0x48f420 0xba9e8 0xb9be8 -
SafeArrayUnaccessData 0x18 0x48f424 0xba9ec 0xb9bec -
SafeArrayAccessData 0x17 0x48f428 0xba9f0 0xb9bf0 -
SafeArrayAllocData 0x25 0x48f42c 0xba9f4 0xb9bf4 -
SafeArrayAllocDescriptorEx 0x29 0x48f430 0xba9f8 0xb9bf8 -
SafeArrayCreateVector 0x19b 0x48f434 0xba9fc 0xb9bfc -
RegisterTypeLib 0xa3 0x48f438 0xbaa00 0xb9c00 -
CreateStdDispatch 0x20 0x48f43c 0xbaa04 0xb9c04 -
DispCallFunc 0x92 0x48f440 0xbaa08 0xb9c08 -
VariantChangeType 0xc 0x48f444 0xbaa0c 0xb9c0c -
SysStringLen 0x7 0x48f448 0xbaa10 0xb9c10 -
VariantTimeToSystemTime 0xb9 0x48f44c 0xbaa14 0xb9c14 -
VarR8FromDec 0xdc 0x48f450 0xbaa18 0xb9c18 -
SafeArrayGetVartype 0x4d 0x48f454 0xbaa1c 0xb9c1c -
VariantCopy 0xa 0x48f458 0xbaa20 0xb9c20 -
VariantClear 0x9 0x48f45c 0xbaa24 0xb9c24 -
OleLoadPicture 0x1a2 0x48f460 0xbaa28 0xb9c28 -
QueryPathOfRegTypeLib 0xa4 0x48f464 0xbaa2c 0xb9c2c -
RegisterTypeLibForUser 0x1ba 0x48f468 0xbaa30 0xb9c30 -
UnRegisterTypeLibForUser 0x1bb 0x48f46c 0xbaa34 0xb9c34 -
UnRegisterTypeLib 0xba 0x48f470 0xbaa38 0xb9c38 -
CreateDispTypeInfo 0x1f 0x48f474 0xbaa3c 0xb9c3c -
SysAllocString 0x2 0x48f478 0xbaa40 0xb9c40 -
VariantInit 0x8 0x48f47c 0xbaa44 0xb9c44 -
Icons (4)
»
Digital Signatures (2)
»
Certificate: Microsoft Windows
»
Issued by Microsoft Windows
Parent Certificate Microsoft Windows Production PCA 2011
Country Name US
Valid From 2016-10-11 20:39:31+00:00
Valid Until 2018-01-11 20:39:31+00:00
Algorithm sha256_rsa
Serial Number 33 00 00 01 06 6E C3 25 C4 31 C9 18 0E 00 00 00 00 01 06
Thumbprint AF DD 80 C4 EB F2 F6 1D 39 43 F1 8B B5 66 D6 AA 6F 6E 50 33
Certificate: Microsoft Windows Production PCA 2011
»
Issued by Microsoft Windows Production PCA 2011
Country Name US
Valid From 2011-10-19 18:41:42+00:00
Valid Until 2026-10-19 18:51:42+00:00
Algorithm sha256_rsa
Serial Number 61 07 76 56 00 00 00 00 00 08
Thumbprint 58 0A 6F 4C C4 E4 B6 69 B9 EB DC 1B 2B 3E 08 7B 80 D0 67 8D
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image