Try VMRay Platform
Malicious
Classifications

Backdoor Spyware Injector Keylogger

Threat Names

QuasarRAT QuasarRAT.v1 AZORult Mal/HTMLGen-A +2

Dynamic Analysis Report

Created on 2024-02-07T22:08:49+00:00

Adobe Download Manager.exe

Windows Exe (x86-32)
...

Remarks (2/3)

(0x0200003A): A task was rescheduled ahead of time to reveal dormant functionality.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "3 minutes, 6 seconds" to "2 seconds" to reveal dormant functionality.

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\Adobe Download Manager.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 2.01 MB
MD5 e74b9ed601a42abe59c15e702103f25b Copy to Clipboard
SHA1 ffcb43160db6ddc9bb62c85c420672de30b609d5 Copy to Clipboard
SHA256 27e5ab1169ea020b4f9f3bd3b1f176f0a64f3751942f2a544d0a14006076dd16 Copy to Clipboard
SSDeep 24576:su6J33O0c+JY5UZ+XC0kGso6FaI1IXgM6YmenKKSUlmDaGJTA4Pqa6jUvOkQwKY1:2u0c++OCvkGs9Fap5aLKLkDl+dUvO9Yn Copy to Clipboard
ImpHash afcdf79be1557326c854b6e20cb900a7 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
PE Information
»
Image Base 0x00400000
Entry Point 0x00427DCD
Size Of Code 0x0008DE00
Size Of Initialized Data 0x00174E00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2019-03-12 14:38 (UTC+1)
Version Information (7)
»
FileDescription Adobe Download Manager
OriginalFilename Adobe Download Manager
CompanyName Adobe Systems Incorporated
FileVersion ...
LegalCopyright Copyright 2018 Adobe Incorporated. All rights reserved.
ProductName Adobe Download Manager
ProductVersion ...
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x0008DCC4 0x0008DE00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.68
.rdata 0x0048F000 0x0002E10E 0x0002E200 0x0008E200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.76
.data 0x004BE000 0x00008F74 0x00005200 0x000BC400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 1.2
.rsrc 0x004C7000 0x0013A7F8 0x0013A800 0x000C1600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.62
.reloc 0x00602000 0x0000711C 0x00007200 0x001FBE00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.78
Imports (18)
»
WSOCK32.dll (23)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WSACleanup 0x00000074 0x0048F7C8 0x000BAD90 0x000B9F90 -
socket 0x00000017 0x0048F7CC 0x000BAD94 0x000B9F94 -
inet_ntoa 0x0000000C 0x0048F7D0 0x000BAD98 0x000B9F98 -
setsockopt 0x00000015 0x0048F7D4 0x000BAD9C 0x000B9F9C -
ntohs 0x0000000F 0x0048F7D8 0x000BADA0 0x000B9FA0 -
recvfrom 0x00000011 0x0048F7DC 0x000BADA4 0x000B9FA4 -
ioctlsocket 0x0000000A 0x0048F7E0 0x000BADA8 0x000B9FA8 -
htons 0x00000009 0x0048F7E4 0x000BADAC 0x000B9FAC -
WSAStartup 0x00000073 0x0048F7E8 0x000BADB0 0x000B9FB0 -
__WSAFDIsSet 0x00000097 0x0048F7EC 0x000BADB4 0x000B9FB4 -
select 0x00000012 0x0048F7F0 0x000BADB8 0x000B9FB8 -
accept 0x00000001 0x0048F7F4 0x000BADBC 0x000B9FBC -
listen 0x0000000D 0x0048F7F8 0x000BADC0 0x000B9FC0 -
bind 0x00000002 0x0048F7FC 0x000BADC4 0x000B9FC4 -
closesocket 0x00000003 0x0048F800 0x000BADC8 0x000B9FC8 -
WSAGetLastError 0x0000006F 0x0048F804 0x000BADCC 0x000B9FCC -
recv 0x00000010 0x0048F808 0x000BADD0 0x000B9FD0 -
sendto 0x00000014 0x0048F80C 0x000BADD4 0x000B9FD4 -
send 0x00000013 0x0048F810 0x000BADD8 0x000B9FD8 -
inet_addr 0x0000000B 0x0048F814 0x000BADDC 0x000B9FDC -
gethostbyname 0x00000034 0x0048F818 0x000BADE0 0x000B9FE0 -
gethostname 0x00000039 0x0048F81C 0x000BADE4 0x000B9FE4 -
connect 0x00000004 0x0048F820 0x000BADE8 0x000B9FE8 -
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoW - 0x0048F76C 0x000BAD34 0x000B9F34 0x00000006
GetFileVersionInfoSizeW - 0x0048F770 0x000BAD38 0x000B9F38 0x00000005
VerQueryValueW - 0x0048F774 0x000BAD3C 0x000B9F3C 0x0000000E
WINMM.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
timeGetTime - 0x0048F7B8 0x000BAD80 0x000B9F80 0x00000094
waveOutSetVolume - 0x0048F7BC 0x000BAD84 0x000B9F84 0x000000BB
mciSendStringW - 0x0048F7C0 0x000BAD88 0x000B9F88 0x00000032
COMCTL32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_ReplaceIcon - 0x0048F088 0x000BA650 0x000B9850 0x0000006F
ImageList_Destroy - 0x0048F08C 0x000BA654 0x000B9854 0x00000054
ImageList_Remove - 0x0048F090 0x000BA658 0x000B9858 0x0000006D
ImageList_SetDragCursorImage - 0x0048F094 0x000BA65C 0x000B985C 0x00000072
ImageList_BeginDrag - 0x0048F098 0x000BA660 0x000B9860 0x00000050
ImageList_DragEnter - 0x0048F09C 0x000BA664 0x000B9864 0x00000056
ImageList_DragLeave - 0x0048F0A0 0x000BA668 0x000B9868 0x00000057
ImageList_EndDrag - 0x0048F0A4 0x000BA66C 0x000B986C 0x0000005E
ImageList_DragMove - 0x0048F0A8 0x000BA670 0x000B9870 0x00000058
InitCommonControlsEx - 0x0048F0AC 0x000BA674 0x000B9874 0x0000007B
ImageList_Create - 0x0048F0B0 0x000BA678 0x000B9878 0x00000053
MPR.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WNetUseConnectionW - 0x0048F3F8 0x000BA9C0 0x000B9BC0 0x00000049
WNetCancelConnection2W - 0x0048F3FC 0x000BA9C4 0x000B9BC4 0x0000000C
WNetGetConnectionW - 0x0048F400 0x000BA9C8 0x000B9BC8 0x00000024
WNetAddConnection2W - 0x0048F404 0x000BA9CC 0x000B9BCC 0x00000006
WININET.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InternetQueryDataAvailable - 0x0048F77C 0x000BAD44 0x000B9F44 0x0000009B
InternetCloseHandle - 0x0048F780 0x000BAD48 0x000B9F48 0x0000006B
InternetOpenW - 0x0048F784 0x000BAD4C 0x000B9F4C 0x0000009A
InternetSetOptionW - 0x0048F788 0x000BAD50 0x000B9F50 0x000000AF
InternetCrackUrlW - 0x0048F78C 0x000BAD54 0x000B9F54 0x00000074
HttpQueryInfoW - 0x0048F790 0x000BAD58 0x000B9F58 0x0000005A
InternetQueryOptionW - 0x0048F794 0x000BAD5C 0x000B9F5C 0x0000009E
HttpOpenRequestW - 0x0048F798 0x000BAD60 0x000B9F60 0x00000058
HttpSendRequestW - 0x0048F79C 0x000BAD64 0x000B9F64 0x0000005E
FtpOpenFileW - 0x0048F7A0 0x000BAD68 0x000B9F68 0x00000035
FtpGetFileSize - 0x0048F7A4 0x000BAD6C 0x000B9F6C 0x00000032
InternetOpenUrlW - 0x0048F7A8 0x000BAD70 0x000B9F70 0x00000099
InternetReadFile - 0x0048F7AC 0x000BAD74 0x000B9F74 0x0000009F
InternetConnectW - 0x0048F7B0 0x000BAD78 0x000B9F78 0x00000072
PSAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetProcessMemoryInfo - 0x0048F484 0x000BAA4C 0x000B9C4C 0x00000015
IPHLPAPI.DLL (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IcmpCreateFile - 0x0048F154 0x000BA71C 0x000B991C 0x00000085
IcmpCloseHandle - 0x0048F158 0x000BA720 0x000B9920 0x00000084
IcmpSendEcho - 0x0048F15C 0x000BA724 0x000B9924 0x00000087
USERENV.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DestroyEnvironmentBlock - 0x0048F750 0x000BAD18 0x000B9F18 0x00000004
UnloadUserProfile - 0x0048F754 0x000BAD1C 0x000B9F1C 0x0000002C
CreateEnvironmentBlock - 0x0048F758 0x000BAD20 0x000B9F20 0x00000000
LoadUserProfileW - 0x0048F75C 0x000BAD24 0x000B9F24 0x00000021
UxTheme.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IsThemeActive - 0x0048F764 0x000BAD2C 0x000B9F2C 0x0000003F
KERNEL32.dll (164)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DuplicateHandle - 0x0048F164 0x000BA72C 0x000B992C 0x000000E8
CreateThread - 0x0048F168 0x000BA730 0x000B9930 0x000000B5
WaitForSingleObject - 0x0048F16C 0x000BA734 0x000B9934 0x000004F9
HeapAlloc - 0x0048F170 0x000BA738 0x000B9938 0x000002CB
GetProcessHeap - 0x0048F174 0x000BA73C 0x000B993C 0x0000024A
HeapFree - 0x0048F178 0x000BA740 0x000B9940 0x000002CF
Sleep - 0x0048F17C 0x000BA744 0x000B9944 0x000004B2
GetCurrentThreadId - 0x0048F180 0x000BA748 0x000B9948 0x000001C5
MultiByteToWideChar - 0x0048F184 0x000BA74C 0x000B994C 0x00000367
MulDiv - 0x0048F188 0x000BA750 0x000B9950 0x00000366
GetVersionExW - 0x0048F18C 0x000BA754 0x000B9954 0x000002A4
IsWow64Process - 0x0048F190 0x000BA758 0x000B9958 0x0000030E
GetSystemInfo - 0x0048F194 0x000BA75C 0x000B995C 0x00000273
FreeLibrary - 0x0048F198 0x000BA760 0x000B9960 0x00000162
LoadLibraryA - 0x0048F19C 0x000BA764 0x000B9964 0x0000033C
GetProcAddress - 0x0048F1A0 0x000BA768 0x000B9968 0x00000245
SetErrorMode - 0x0048F1A4 0x000BA76C 0x000B996C 0x00000458
GetModuleFileNameW - 0x0048F1A8 0x000BA770 0x000B9970 0x00000214
WideCharToMultiByte - 0x0048F1AC 0x000BA774 0x000B9974 0x00000511
lstrcpyW - 0x0048F1B0 0x000BA778 0x000B9978 0x00000548
lstrlenW - 0x0048F1B4 0x000BA77C 0x000B997C 0x0000054E
GetModuleHandleW - 0x0048F1B8 0x000BA780 0x000B9980 0x00000218
QueryPerformanceCounter - 0x0048F1BC 0x000BA784 0x000B9984 0x000003A7
VirtualFreeEx - 0x0048F1C0 0x000BA788 0x000B9988 0x000004ED
OpenProcess - 0x0048F1C4 0x000BA78C 0x000B998C 0x00000380
VirtualAllocEx - 0x0048F1C8 0x000BA790 0x000B9990 0x000004EA
WriteProcessMemory - 0x0048F1CC 0x000BA794 0x000B9994 0x0000052E
ReadProcessMemory - 0x0048F1D0 0x000BA798 0x000B9998 0x000003C3
CreateFileW - 0x0048F1D4 0x000BA79C 0x000B999C 0x0000008F
SetFilePointerEx - 0x0048F1D8 0x000BA7A0 0x000B99A0 0x00000467
SetEndOfFile - 0x0048F1DC 0x000BA7A4 0x000B99A4 0x00000453
ReadFile - 0x0048F1E0 0x000BA7A8 0x000B99A8 0x000003C0
WriteFile - 0x0048F1E4 0x000BA7AC 0x000B99AC 0x00000525
FlushFileBuffers - 0x0048F1E8 0x000BA7B0 0x000B99B0 0x00000157
TerminateProcess - 0x0048F1EC 0x000BA7B4 0x000B99B4 0x000004C0
CreateToolhelp32Snapshot - 0x0048F1F0 0x000BA7B8 0x000B99B8 0x000000BE
Process32FirstW - 0x0048F1F4 0x000BA7BC 0x000B99BC 0x00000396
Process32NextW - 0x0048F1F8 0x000BA7C0 0x000B99C0 0x00000398
SetFileTime - 0x0048F1FC 0x000BA7C4 0x000B99C4 0x0000046A
GetFileAttributesW - 0x0048F200 0x000BA7C8 0x000B99C8 0x000001EA
FindFirstFileW - 0x0048F204 0x000BA7CC 0x000B99CC 0x00000139
SetCurrentDirectoryW - 0x0048F208 0x000BA7D0 0x000B99D0 0x0000044D
GetLongPathNameW - 0x0048F20C 0x000BA7D4 0x000B99D4 0x0000020F
GetShortPathNameW - 0x0048F210 0x000BA7D8 0x000B99D8 0x00000261
DeleteFileW - 0x0048F214 0x000BA7DC 0x000B99DC 0x000000D6
FindNextFileW - 0x0048F218 0x000BA7E0 0x000B99E0 0x00000145
CopyFileExW - 0x0048F21C 0x000BA7E4 0x000B99E4 0x00000072
MoveFileW - 0x0048F220 0x000BA7E8 0x000B99E8 0x00000363
CreateDirectoryW - 0x0048F224 0x000BA7EC 0x000B99EC 0x00000081
RemoveDirectoryW - 0x0048F228 0x000BA7F0 0x000B99F0 0x00000403
SetSystemPowerState - 0x0048F22C 0x000BA7F4 0x000B99F4 0x0000048A
QueryPerformanceFrequency - 0x0048F230 0x000BA7F8 0x000B99F8 0x000003A8
FindResourceW - 0x0048F234 0x000BA7FC 0x000B99FC 0x0000014E
LoadResource - 0x0048F238 0x000BA800 0x000B9A00 0x00000341
LockResource - 0x0048F23C 0x000BA804 0x000B9A04 0x00000354
SizeofResource - 0x0048F240 0x000BA808 0x000B9A08 0x000004B1
EnumResourceNamesW - 0x0048F244 0x000BA80C 0x000B9A0C 0x00000102
OutputDebugStringW - 0x0048F248 0x000BA810 0x000B9A10 0x0000038A
GetTempPathW - 0x0048F24C 0x000BA814 0x000B9A14 0x00000285
GetTempFileNameW - 0x0048F250 0x000BA818 0x000B9A18 0x00000283
DeviceIoControl - 0x0048F254 0x000BA81C 0x000B9A1C 0x000000DD
GetLocalTime - 0x0048F258 0x000BA820 0x000B9A20 0x00000203
CompareStringW - 0x0048F25C 0x000BA824 0x000B9A24 0x00000064
GetCurrentProcess - 0x0048F260 0x000BA828 0x000B9A28 0x000001C0
EnterCriticalSection - 0x0048F264 0x000BA82C 0x000B9A2C 0x000000EE
LeaveCriticalSection - 0x0048F268 0x000BA830 0x000B9A30 0x00000339
GetStdHandle - 0x0048F26C 0x000BA834 0x000B9A34 0x00000264
CreatePipe - 0x0048F270 0x000BA838 0x000B9A38 0x000000A1
InterlockedExchange - 0x0048F274 0x000BA83C 0x000B9A3C 0x000002EC
TerminateThread - 0x0048F278 0x000BA840 0x000B9A40 0x000004C1
LoadLibraryExW - 0x0048F27C 0x000BA844 0x000B9A44 0x0000033E
FindResourceExW - 0x0048F280 0x000BA848 0x000B9A48 0x0000014D
CopyFileW - 0x0048F284 0x000BA84C 0x000B9A4C 0x00000075
VirtualFree - 0x0048F288 0x000BA850 0x000B9A50 0x000004EC
FormatMessageW - 0x0048F28C 0x000BA854 0x000B9A54 0x0000015E
GetExitCodeProcess - 0x0048F290 0x000BA858 0x000B9A58 0x000001DF
GetPrivateProfileStringW - 0x0048F294 0x000BA85C 0x000B9A5C 0x00000242
WritePrivateProfileStringW - 0x0048F298 0x000BA860 0x000B9A60 0x0000052B
GetPrivateProfileSectionW - 0x0048F29C 0x000BA864 0x000B9A64 0x00000240
WritePrivateProfileSectionW - 0x0048F2A0 0x000BA868 0x000B9A68 0x00000529
GetPrivateProfileSectionNamesW - 0x0048F2A4 0x000BA86C 0x000B9A6C 0x0000023F
FileTimeToLocalFileTime - 0x0048F2A8 0x000BA870 0x000B9A70 0x00000124
FileTimeToSystemTime - 0x0048F2AC 0x000BA874 0x000B9A74 0x00000125
SystemTimeToFileTime - 0x0048F2B0 0x000BA878 0x000B9A78 0x000004BD
LocalFileTimeToFileTime - 0x0048F2B4 0x000BA87C 0x000B9A7C 0x00000346
GetDriveTypeW - 0x0048F2B8 0x000BA880 0x000B9A80 0x000001D3
GetDiskFreeSpaceExW - 0x0048F2BC 0x000BA884 0x000B9A84 0x000001CE
GetDiskFreeSpaceW - 0x0048F2C0 0x000BA888 0x000B9A88 0x000001CF
GetVolumeInformationW - 0x0048F2C4 0x000BA88C 0x000B9A8C 0x000002A7
SetVolumeLabelW - 0x0048F2C8 0x000BA890 0x000B9A90 0x000004A9
CreateHardLinkW - 0x0048F2CC 0x000BA894 0x000B9A94 0x00000093
SetFileAttributesW - 0x0048F2D0 0x000BA898 0x000B9A98 0x00000461
CreateEventW - 0x0048F2D4 0x000BA89C 0x000B9A9C 0x00000085
SetEvent - 0x0048F2D8 0x000BA8A0 0x000B9AA0 0x00000459
GetEnvironmentVariableW - 0x0048F2DC 0x000BA8A4 0x000B9AA4 0x000001DC
SetEnvironmentVariableW - 0x0048F2E0 0x000BA8A8 0x000B9AA8 0x00000457
GlobalLock - 0x0048F2E4 0x000BA8AC 0x000B9AAC 0x000002BE
GlobalUnlock - 0x0048F2E8 0x000BA8B0 0x000B9AB0 0x000002C5
GlobalAlloc - 0x0048F2EC 0x000BA8B4 0x000B9AB4 0x000002B3
GetFileSize - 0x0048F2F0 0x000BA8B8 0x000B9AB8 0x000001F0
GlobalFree - 0x0048F2F4 0x000BA8BC 0x000B9ABC 0x000002BA
GlobalMemoryStatusEx - 0x0048F2F8 0x000BA8C0 0x000B9AC0 0x000002C0
Beep - 0x0048F2FC 0x000BA8C4 0x000B9AC4 0x00000036
GetSystemDirectoryW - 0x0048F300 0x000BA8C8 0x000B9AC8 0x00000270
HeapReAlloc - 0x0048F304 0x000BA8CC 0x000B9ACC 0x000002D2
HeapSize - 0x0048F308 0x000BA8D0 0x000B9AD0 0x000002D4
GetComputerNameW - 0x0048F30C 0x000BA8D4 0x000B9AD4 0x0000018F
GetWindowsDirectoryW - 0x0048F310 0x000BA8D8 0x000B9AD8 0x000002AF
GetCurrentProcessId - 0x0048F314 0x000BA8DC 0x000B9ADC 0x000001C1
GetProcessIoCounters - 0x0048F318 0x000BA8E0 0x000B9AE0 0x0000024E
CreateProcessW - 0x0048F31C 0x000BA8E4 0x000B9AE4 0x000000A8
GetProcessId - 0x0048F320 0x000BA8E8 0x000B9AE8 0x0000024C
SetPriorityClass - 0x0048F324 0x000BA8EC 0x000B9AEC 0x0000047D
LoadLibraryW - 0x0048F328 0x000BA8F0 0x000B9AF0 0x0000033F
VirtualAlloc - 0x0048F32C 0x000BA8F4 0x000B9AF4 0x000004E9
IsDebuggerPresent - 0x0048F330 0x000BA8F8 0x000B9AF8 0x00000300
GetCurrentDirectoryW - 0x0048F334 0x000BA8FC 0x000B9AFC 0x000001BF
lstrcmpiW - 0x0048F338 0x000BA900 0x000B9B00 0x00000545
DecodePointer - 0x0048F33C 0x000BA904 0x000B9B04 0x000000CA
GetLastError - 0x0048F340 0x000BA908 0x000B9B08 0x00000202
RaiseException - 0x0048F344 0x000BA90C 0x000B9B0C 0x000003B1
InitializeCriticalSectionAndSpinCount - 0x0048F348 0x000BA910 0x000B9B10 0x000002E3
DeleteCriticalSection - 0x0048F34C 0x000BA914 0x000B9B14 0x000000D1
InterlockedDecrement - 0x0048F350 0x000BA918 0x000B9B18 0x000002EB
InterlockedIncrement - 0x0048F354 0x000BA91C 0x000B9B1C 0x000002EF
GetCurrentThread - 0x0048F358 0x000BA920 0x000B9B20 0x000001C4
CloseHandle - 0x0048F35C 0x000BA924 0x000B9B24 0x00000052
GetFullPathNameW - 0x0048F360 0x000BA928 0x000B9B28 0x000001FB
EncodePointer - 0x0048F364 0x000BA92C 0x000B9B2C 0x000000EA
ExitProcess - 0x0048F368 0x000BA930 0x000B9B30 0x00000119
GetModuleHandleExW - 0x0048F36C 0x000BA934 0x000B9B34 0x00000217
ExitThread - 0x0048F370 0x000BA938 0x000B9B38 0x0000011A
GetSystemTimeAsFileTime - 0x0048F374 0x000BA93C 0x000B9B3C 0x00000279
ResumeThread - 0x0048F378 0x000BA940 0x000B9B40 0x00000413
GetCommandLineW - 0x0048F37C 0x000BA944 0x000B9B44 0x00000187
IsProcessorFeaturePresent - 0x0048F380 0x000BA948 0x000B9B48 0x00000304
IsValidCodePage - 0x0048F384 0x000BA94C 0x000B9B4C 0x0000030A
GetACP - 0x0048F388 0x000BA950 0x000B9B50 0x00000168
GetOEMCP - 0x0048F38C 0x000BA954 0x000B9B54 0x00000237
GetCPInfo - 0x0048F390 0x000BA958 0x000B9B58 0x00000172
SetLastError - 0x0048F394 0x000BA95C 0x000B9B5C 0x00000473
UnhandledExceptionFilter - 0x0048F398 0x000BA960 0x000B9B60 0x000004D3
SetUnhandledExceptionFilter - 0x0048F39C 0x000BA964 0x000B9B64 0x000004A5
TlsAlloc - 0x0048F3A0 0x000BA968 0x000B9B68 0x000004C5
TlsGetValue - 0x0048F3A4 0x000BA96C 0x000B9B6C 0x000004C7
TlsSetValue - 0x0048F3A8 0x000BA970 0x000B9B70 0x000004C8
TlsFree - 0x0048F3AC 0x000BA974 0x000B9B74 0x000004C6
GetStartupInfoW - 0x0048F3B0 0x000BA978 0x000B9B78 0x00000263
GetStringTypeW - 0x0048F3B4 0x000BA97C 0x000B9B7C 0x00000269
SetStdHandle - 0x0048F3B8 0x000BA980 0x000B9B80 0x00000487
GetFileType - 0x0048F3BC 0x000BA984 0x000B9B84 0x000001F3
GetConsoleCP - 0x0048F3C0 0x000BA988 0x000B9B88 0x0000019A
GetConsoleMode - 0x0048F3C4 0x000BA98C 0x000B9B8C 0x000001AC
RtlUnwind - 0x0048F3C8 0x000BA990 0x000B9B90 0x00000418
ReadConsoleW - 0x0048F3CC 0x000BA994 0x000B9B94 0x000003BE
GetTimeZoneInformation - 0x0048F3D0 0x000BA998 0x000B9B98 0x00000298
GetDateFormatW - 0x0048F3D4 0x000BA99C 0x000B9B9C 0x000001C8
GetTimeFormatW - 0x0048F3D8 0x000BA9A0 0x000B9BA0 0x00000297
LCMapStringW - 0x0048F3DC 0x000BA9A4 0x000B9BA4 0x0000032D
GetEnvironmentStringsW - 0x0048F3E0 0x000BA9A8 0x000B9BA8 0x000001DA
FreeEnvironmentStringsW - 0x0048F3E4 0x000BA9AC 0x000B9BAC 0x00000161
WriteConsoleW - 0x0048F3E8 0x000BA9B0 0x000B9BB0 0x00000524
FindClose - 0x0048F3EC 0x000BA9B4 0x000B9BB4 0x0000012E
SetEnvironmentVariableA - 0x0048F3F0 0x000BA9B8 0x000B9BB8 0x00000456
USER32.dll (160)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AdjustWindowRectEx - 0x0048F4CC 0x000BAA94 0x000B9C94 0x00000003
CopyImage - 0x0048F4D0 0x000BAA98 0x000B9C98 0x00000054
SetWindowPos - 0x0048F4D4 0x000BAA9C 0x000B9C9C 0x000002C6
GetCursorInfo - 0x0048F4D8 0x000BAAA0 0x000B9CA0 0x0000011F
RegisterHotKey - 0x0048F4DC 0x000BAAA4 0x000B9CA4 0x00000256
ClientToScreen - 0x0048F4E0 0x000BAAA8 0x000B9CA8 0x00000047
GetKeyboardLayoutNameW - 0x0048F4E4 0x000BAAAC 0x000B9CAC 0x00000141
IsCharAlphaW - 0x0048F4E8 0x000BAAB0 0x000B9CB0 0x000001C4
IsCharAlphaNumericW - 0x0048F4EC 0x000BAAB4 0x000B9CB4 0x000001C3
IsCharLowerW - 0x0048F4F0 0x000BAAB8 0x000B9CB8 0x000001C6
IsCharUpperW - 0x0048F4F4 0x000BAABC 0x000B9CBC 0x000001C8
GetMenuStringW - 0x0048F4F8 0x000BAAC0 0x000B9CC0 0x00000158
GetSubMenu - 0x0048F4FC 0x000BAAC4 0x000B9CC4 0x0000017A
GetCaretPos - 0x0048F500 0x000BAAC8 0x000B9CC8 0x0000010A
IsZoomed - 0x0048F504 0x000BAACC 0x000B9CCC 0x000001E2
MonitorFromPoint - 0x0048F508 0x000BAAD0 0x000B9CD0 0x00000218
GetMonitorInfoW - 0x0048F50C 0x000BAAD4 0x000B9CD4 0x0000015F
SetWindowLongW - 0x0048F510 0x000BAAD8 0x000B9CD8 0x000002C4
SetLayeredWindowAttributes - 0x0048F514 0x000BAADC 0x000B9CDC 0x00000298
FlashWindow - 0x0048F518 0x000BAAE0 0x000B9CE0 0x000000FB
GetClassLongW - 0x0048F51C 0x000BAAE4 0x000B9CE4 0x00000110
TranslateAcceleratorW - 0x0048F520 0x000BAAE8 0x000B9CE8 0x000002FA
IsDialogMessageW - 0x0048F524 0x000BAAEC 0x000B9CEC 0x000001CD
GetSysColor - 0x0048F528 0x000BAAF0 0x000B9CF0 0x0000017B
InflateRect - 0x0048F52C 0x000BAAF4 0x000B9CF4 0x000001B5
DrawFocusRect - 0x0048F530 0x000BAAF8 0x000B9CF8 0x000000C4
DrawTextW - 0x0048F534 0x000BAAFC 0x000B9CFC 0x000000D0
FrameRect - 0x0048F538 0x000BAB00 0x000B9D00 0x000000FD
DrawFrameControl - 0x0048F53C 0x000BAB04 0x000B9D04 0x000000C6
FillRect - 0x0048F540 0x000BAB08 0x000B9D08 0x000000F6
PtInRect - 0x0048F544 0x000BAB0C 0x000B9D0C 0x00000240
DestroyAcceleratorTable - 0x0048F548 0x000BAB10 0x000B9D10 0x000000A0
CreateAcceleratorTableW - 0x0048F54C 0x000BAB14 0x000B9D14 0x00000058
SetCursor - 0x0048F550 0x000BAB18 0x000B9D18 0x00000288
GetWindowDC - 0x0048F554 0x000BAB1C 0x000B9D1C 0x00000192
GetSystemMetrics - 0x0048F558 0x000BAB20 0x000B9D20 0x0000017E
GetActiveWindow - 0x0048F55C 0x000BAB24 0x000B9D24 0x00000100
CharNextW - 0x0048F560 0x000BAB28 0x000B9D28 0x00000031
wsprintfW - 0x0048F564 0x000BAB2C 0x000B9D2C 0x00000333
RedrawWindow - 0x0048F568 0x000BAB30 0x000B9D30 0x0000024A
DrawMenuBar - 0x0048F56C 0x000BAB34 0x000B9D34 0x000000C9
DestroyMenu - 0x0048F570 0x000BAB38 0x000B9D38 0x000000A4
SetMenu - 0x0048F574 0x000BAB3C 0x000B9D3C 0x0000029C
GetWindowTextLengthW - 0x0048F578 0x000BAB40 0x000B9D40 0x000001A2
CreateMenu - 0x0048F57C 0x000BAB44 0x000B9D44 0x0000006A
IsDlgButtonChecked - 0x0048F580 0x000BAB48 0x000B9D48 0x000001CE
DefDlgProcW - 0x0048F584 0x000BAB4C 0x000B9D4C 0x00000095
CallWindowProcW - 0x0048F588 0x000BAB50 0x000B9D50 0x0000001E
ReleaseCapture - 0x0048F58C 0x000BAB54 0x000B9D54 0x00000264
SetCapture - 0x0048F590 0x000BAB58 0x000B9D58 0x00000280
CreateIconFromResourceEx - 0x0048F594 0x000BAB5C 0x000B9D5C 0x00000066
mouse_event - 0x0048F598 0x000BAB60 0x000B9D60 0x00000331
ExitWindowsEx - 0x0048F59C 0x000BAB64 0x000B9D64 0x000000F5
SetActiveWindow - 0x0048F5A0 0x000BAB68 0x000B9D68 0x0000027F
FindWindowExW - 0x0048F5A4 0x000BAB6C 0x000B9D6C 0x000000F9
EnumThreadWindows - 0x0048F5A8 0x000BAB70 0x000B9D70 0x000000EF
SetMenuDefaultItem - 0x0048F5AC 0x000BAB74 0x000B9D74 0x0000029E
InsertMenuItemW - 0x0048F5B0 0x000BAB78 0x000B9D78 0x000001B9
IsMenu - 0x0048F5B4 0x000BAB7C 0x000B9D7C 0x000001D2
TrackPopupMenuEx - 0x0048F5B8 0x000BAB80 0x000B9D80 0x000002F7
GetCursorPos - 0x0048F5BC 0x000BAB84 0x000B9D84 0x00000120
DeleteMenu - 0x0048F5C0 0x000BAB88 0x000B9D88 0x0000009E
SetRect - 0x0048F5C4 0x000BAB8C 0x000B9D8C 0x000002AE
GetMenuItemID - 0x0048F5C8 0x000BAB90 0x000B9D90 0x00000152
GetMenuItemCount - 0x0048F5CC 0x000BAB94 0x000B9D94 0x00000151
SetMenuItemInfoW - 0x0048F5D0 0x000BAB98 0x000B9D98 0x000002A2
GetMenuItemInfoW - 0x0048F5D4 0x000BAB9C 0x000B9D9C 0x00000154
SetForegroundWindow - 0x0048F5D8 0x000BABA0 0x000B9DA0 0x00000293
IsIconic - 0x0048F5DC 0x000BABA4 0x000B9DA4 0x000001D1
FindWindowW - 0x0048F5E0 0x000BABA8 0x000B9DA8 0x000000FA
MonitorFromRect - 0x0048F5E4 0x000BABAC 0x000B9DAC 0x00000219
keybd_event - 0x0048F5E8 0x000BABB0 0x000B9DB0 0x00000330
SendInput - 0x0048F5EC 0x000BABB4 0x000B9DB4 0x00000276
GetAsyncKeyState - 0x0048F5F0 0x000BABB8 0x000B9DB8 0x00000107
SetKeyboardState - 0x0048F5F4 0x000BABBC 0x000B9DBC 0x00000296
GetKeyboardState - 0x0048F5F8 0x000BABC0 0x000B9DC0 0x00000142
GetKeyState - 0x0048F5FC 0x000BABC4 0x000B9DC4 0x0000013D
VkKeyScanW - 0x0048F600 0x000BABC8 0x000B9DC8 0x00000321
LoadStringW - 0x0048F604 0x000BABCC 0x000B9DCC 0x000001FA
DialogBoxParamW - 0x0048F608 0x000BABD0 0x000B9DD0 0x000000AC
MessageBeep - 0x0048F60C 0x000BABD4 0x000B9DD4 0x0000020D
EndDialog - 0x0048F610 0x000BABD8 0x000B9DD8 0x000000DA
SendDlgItemMessageW - 0x0048F614 0x000BABDC 0x000B9DDC 0x00000273
GetDlgItem - 0x0048F618 0x000BABE0 0x000B9DE0 0x00000127
SetWindowTextW - 0x0048F61C 0x000BABE4 0x000B9DE4 0x000002CB
CopyRect - 0x0048F620 0x000BABE8 0x000B9DE8 0x00000055
ReleaseDC - 0x0048F624 0x000BABEC 0x000B9DEC 0x00000265
GetDC - 0x0048F628 0x000BABF0 0x000B9DF0 0x00000121
EndPaint - 0x0048F62C 0x000BABF4 0x000B9DF4 0x000000DC
BeginPaint - 0x0048F630 0x000BABF8 0x000B9DF8 0x0000000E
GetClientRect - 0x0048F634 0x000BABFC 0x000B9DFC 0x00000114
GetMenu - 0x0048F638 0x000BAC00 0x000B9E00 0x0000014B
DestroyWindow - 0x0048F63C 0x000BAC04 0x000B9E04 0x000000A6
EnumWindows - 0x0048F640 0x000BAC08 0x000B9E08 0x000000F2
GetDesktopWindow - 0x0048F644 0x000BAC0C 0x000B9E0C 0x00000123
IsWindow - 0x0048F648 0x000BAC10 0x000B9E10 0x000001DB
IsWindowEnabled - 0x0048F64C 0x000BAC14 0x000B9E14 0x000001DC
IsWindowVisible - 0x0048F650 0x000BAC18 0x000B9E18 0x000001E0
EnableWindow - 0x0048F654 0x000BAC1C 0x000B9E1C 0x000000D8
InvalidateRect - 0x0048F658 0x000BAC20 0x000B9E20 0x000001BE
GetWindowLongW - 0x0048F65C 0x000BAC24 0x000B9E24 0x00000196
GetWindowThreadProcessId - 0x0048F660 0x000BAC28 0x000B9E28 0x000001A4
AttachThreadInput - 0x0048F664 0x000BAC2C 0x000B9E2C 0x0000000C
GetFocus - 0x0048F668 0x000BAC30 0x000B9E30 0x0000012C
GetWindowTextW - 0x0048F66C 0x000BAC34 0x000B9E34 0x000001A3
ScreenToClient - 0x0048F670 0x000BAC38 0x000B9E38 0x0000026D
SendMessageTimeoutW - 0x0048F674 0x000BAC3C 0x000B9E3C 0x0000027B
EnumChildWindows - 0x0048F678 0x000BAC40 0x000B9E40 0x000000DF
CharUpperBuffW - 0x0048F67C 0x000BAC44 0x000B9E44 0x0000003B
GetParent - 0x0048F680 0x000BAC48 0x000B9E48 0x00000164
GetDlgCtrlID - 0x0048F684 0x000BAC4C 0x000B9E4C 0x00000126
SendMessageW - 0x0048F688 0x000BAC50 0x000B9E50 0x0000027C
MapVirtualKeyW - 0x0048F68C 0x000BAC54 0x000B9E54 0x00000208
PostMessageW - 0x0048F690 0x000BAC58 0x000B9E58 0x00000236
GetWindowRect - 0x0048F694 0x000BAC5C 0x000B9E5C 0x0000019C
SetUserObjectSecurity - 0x0048F698 0x000BAC60 0x000B9E60 0x000002BE
CloseDesktop - 0x0048F69C 0x000BAC64 0x000B9E64 0x0000004A
CloseWindowStation - 0x0048F6A0 0x000BAC68 0x000B9E68 0x0000004E
OpenDesktopW - 0x0048F6A4 0x000BAC6C 0x000B9E6C 0x00000228
SetProcessWindowStation - 0x0048F6A8 0x000BAC70 0x000B9E70 0x000002AA
GetProcessWindowStation - 0x0048F6AC 0x000BAC74 0x000B9E74 0x00000168
OpenWindowStationW - 0x0048F6B0 0x000BAC78 0x000B9E78 0x0000022D
GetUserObjectSecurity - 0x0048F6B4 0x000BAC7C 0x000B9E7C 0x0000018C
MessageBoxW - 0x0048F6B8 0x000BAC80 0x000B9E80 0x00000215
DefWindowProcW - 0x0048F6BC 0x000BAC84 0x000B9E84 0x0000009C
SetClipboardData - 0x0048F6C0 0x000BAC88 0x000B9E88 0x00000286
EmptyClipboard - 0x0048F6C4 0x000BAC8C 0x000B9E8C 0x000000D5
CountClipboardFormats - 0x0048F6C8 0x000BAC90 0x000B9E90 0x00000056
CloseClipboard - 0x0048F6CC 0x000BAC94 0x000B9E94 0x00000049
GetClipboardData - 0x0048F6D0 0x000BAC98 0x000B9E98 0x00000116
IsClipboardFormatAvailable - 0x0048F6D4 0x000BAC9C 0x000B9E9C 0x000001CA
OpenClipboard - 0x0048F6D8 0x000BACA0 0x000B9EA0 0x00000226
BlockInput - 0x0048F6DC 0x000BACA4 0x000B9EA4 0x0000000F
GetMessageW - 0x0048F6E0 0x000BACA8 0x000B9EA8 0x0000015D
LockWindowUpdate - 0x0048F6E4 0x000BACAC 0x000B9EAC 0x000001FD
DispatchMessageW - 0x0048F6E8 0x000BACB0 0x000B9EB0 0x000000AF
TranslateMessage - 0x0048F6EC 0x000BACB4 0x000B9EB4 0x000002FC
PeekMessageW - 0x0048F6F0 0x000BACB8 0x000B9EB8 0x00000233
UnregisterHotKey - 0x0048F6F4 0x000BACBC 0x000B9EBC 0x00000308
CheckMenuRadioItem - 0x0048F6F8 0x000BACC0 0x000B9EC0 0x00000040
CharLowerBuffW - 0x0048F6FC 0x000BACC4 0x000B9EC4 0x0000002D
MoveWindow - 0x0048F700 0x000BACC8 0x000B9EC8 0x0000021B
SetFocus - 0x0048F704 0x000BACCC 0x000B9ECC 0x00000292
PostQuitMessage - 0x0048F708 0x000BACD0 0x000B9ED0 0x00000237
KillTimer - 0x0048F70C 0x000BACD4 0x000B9ED4 0x000001E3
CreatePopupMenu - 0x0048F710 0x000BACD8 0x000B9ED8 0x0000006B
RegisterWindowMessageW - 0x0048F714 0x000BACDC 0x000B9EDC 0x00000263
SetTimer - 0x0048F718 0x000BACE0 0x000B9EE0 0x000002BB
ShowWindow - 0x0048F71C 0x000BACE4 0x000B9EE4 0x000002DF
CreateWindowExW - 0x0048F720 0x000BACE8 0x000B9EE8 0x0000006E
RegisterClassExW - 0x0048F724 0x000BACEC 0x000B9EEC 0x0000024D
LoadIconW - 0x0048F728 0x000BACF0 0x000B9EF0 0x000001ED
LoadCursorW - 0x0048F72C 0x000BACF4 0x000B9EF4 0x000001EB
GetSysColorBrush - 0x0048F730 0x000BACF8 0x000B9EF8 0x0000017C
GetForegroundWindow - 0x0048F734 0x000BACFC 0x000B9EFC 0x0000012D
MessageBoxA - 0x0048F738 0x000BAD00 0x000B9F00 0x0000020E
DestroyIcon - 0x0048F73C 0x000BAD04 0x000B9F04 0x000000A3
SystemParametersInfoW - 0x0048F740 0x000BAD08 0x000B9F08 0x000002EC
LoadImageW - 0x0048F744 0x000BAD0C 0x000B9F0C 0x000001EF
GetClassNameW - 0x0048F748 0x000BAD10 0x000B9F10 0x00000112
GDI32.dll (35)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StrokePath - 0x0048F0C4 0x000BA68C 0x000B988C 0x000002B6
DeleteObject - 0x0048F0C8 0x000BA690 0x000B9890 0x000000E6
GetTextExtentPoint32W - 0x0048F0CC 0x000BA694 0x000B9894 0x0000021E
ExtCreatePen - 0x0048F0D0 0x000BA698 0x000B9898 0x00000132
GetDeviceCaps - 0x0048F0D4 0x000BA69C 0x000B989C 0x000001CB
EndPath - 0x0048F0D8 0x000BA6A0 0x000B98A0 0x000000F3
SetPixel - 0x0048F0DC 0x000BA6A4 0x000B98A4 0x0000029B
CloseFigure - 0x0048F0E0 0x000BA6A8 0x000B98A8 0x0000001E
CreateCompatibleBitmap - 0x0048F0E4 0x000BA6AC 0x000B98AC 0x0000002F
CreateCompatibleDC - 0x0048F0E8 0x000BA6B0 0x000B98B0 0x00000030
SelectObject - 0x0048F0EC 0x000BA6B4 0x000B98B4 0x00000277
StretchBlt - 0x0048F0F0 0x000BA6B8 0x000B98B8 0x000002B3
GetDIBits - 0x0048F0F4 0x000BA6BC 0x000B98BC 0x000001CA
LineTo - 0x0048F0F8 0x000BA6C0 0x000B98C0 0x00000236
AngleArc - 0x0048F0FC 0x000BA6C4 0x000B98C4 0x00000008
MoveToEx - 0x0048F100 0x000BA6C8 0x000B98C8 0x0000023A
Ellipse - 0x0048F104 0x000BA6CC 0x000B98CC 0x000000ED
DeleteDC - 0x0048F108 0x000BA6D0 0x000B98D0 0x000000E3
GetPixel - 0x0048F10C 0x000BA6D4 0x000B98D4 0x00000204
CreateDCW - 0x0048F110 0x000BA6D8 0x000B98D8 0x00000032
GetStockObject - 0x0048F114 0x000BA6DC 0x000B98DC 0x0000020D
GetTextFaceW - 0x0048F118 0x000BA6E0 0x000B98E0 0x00000224
CreateFontW - 0x0048F11C 0x000BA6E4 0x000B98E4 0x00000041
SetTextColor - 0x0048F120 0x000BA6E8 0x000B98E8 0x000002A6
PolyDraw - 0x0048F124 0x000BA6EC 0x000B98EC 0x00000250
BeginPath - 0x0048F128 0x000BA6F0 0x000B98F0 0x00000012
Rectangle - 0x0048F12C 0x000BA6F4 0x000B98F4 0x0000025F
SetViewportOrgEx - 0x0048F130 0x000BA6F8 0x000B98F8 0x000002A9
GetObjectW - 0x0048F134 0x000BA6FC 0x000B98FC 0x000001FD
SetBkMode - 0x0048F138 0x000BA700 0x000B9900 0x0000027F
RoundRect - 0x0048F13C 0x000BA704 0x000B9904 0x0000026A
SetBkColor - 0x0048F140 0x000BA708 0x000B9908 0x0000027E
CreatePen - 0x0048F144 0x000BA70C 0x000B990C 0x0000004B
CreateSolidBrush - 0x0048F148 0x000BA710 0x000B9910 0x00000054
StrokeAndFillPath - 0x0048F14C 0x000BA714 0x000B9914 0x000002B5
COMDLG32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetOpenFileNameW - 0x0048F0B8 0x000BA680 0x000B9880 0x0000000C
GetSaveFileNameW - 0x0048F0BC 0x000BA684 0x000B9884 0x0000000E
ADVAPI32.dll (33)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetAce - 0x0048F000 0x000BA5C8 0x000B97C8 0x00000123
RegEnumValueW - 0x0048F004 0x000BA5CC 0x000B97CC 0x00000252
RegDeleteValueW - 0x0048F008 0x000BA5D0 0x000B97D0 0x00000248
RegDeleteKeyW - 0x0048F00C 0x000BA5D4 0x000B97D4 0x00000244
RegEnumKeyExW - 0x0048F010 0x000BA5D8 0x000B97D8 0x0000024F
RegSetValueExW - 0x0048F014 0x000BA5DC 0x000B97DC 0x0000027E
RegOpenKeyExW - 0x0048F018 0x000BA5E0 0x000B97E0 0x00000261
RegCloseKey - 0x0048F01C 0x000BA5E4 0x000B97E4 0x00000230
RegQueryValueExW - 0x0048F020 0x000BA5E8 0x000B97E8 0x0000026E
RegConnectRegistryW - 0x0048F024 0x000BA5EC 0x000B97EC 0x00000234
InitializeSecurityDescriptor - 0x0048F028 0x000BA5F0 0x000B97F0 0x00000177
InitializeAcl - 0x0048F02C 0x000BA5F4 0x000B97F4 0x00000176
AdjustTokenPrivileges - 0x0048F030 0x000BA5F8 0x000B97F8 0x0000001F
OpenThreadToken - 0x0048F034 0x000BA5FC 0x000B97FC 0x000001FC
OpenProcessToken - 0x0048F038 0x000BA600 0x000B9800 0x000001F7
LookupPrivilegeValueW - 0x0048F03C 0x000BA604 0x000B9804 0x00000197
DuplicateTokenEx - 0x0048F040 0x000BA608 0x000B9808 0x000000DF
CreateProcessAsUserW - 0x0048F044 0x000BA60C 0x000B980C 0x0000007C
CreateProcessWithLogonW - 0x0048F048 0x000BA610 0x000B9810 0x0000007D
GetLengthSid - 0x0048F04C 0x000BA614 0x000B9814 0x00000136
CopySid - 0x0048F050 0x000BA618 0x000B9818 0x00000076
LogonUserW - 0x0048F054 0x000BA61C 0x000B981C 0x0000018D
AllocateAndInitializeSid - 0x0048F058 0x000BA620 0x000B9820 0x00000020
CheckTokenMembership - 0x0048F05C 0x000BA624 0x000B9824 0x00000051
RegCreateKeyExW - 0x0048F060 0x000BA628 0x000B9828 0x00000239
FreeSid - 0x0048F064 0x000BA62C 0x000B982C 0x00000120
GetTokenInformation - 0x0048F068 0x000BA630 0x000B9830 0x0000015A
GetSecurityDescriptorDacl - 0x0048F06C 0x000BA634 0x000B9834 0x00000148
GetAclInformation - 0x0048F070 0x000BA638 0x000B9838 0x00000124
AddAce - 0x0048F074 0x000BA63C 0x000B983C 0x00000016
SetSecurityDescriptorDacl - 0x0048F078 0x000BA640 0x000B9840 0x000002B6
GetUserNameW - 0x0048F07C 0x000BA644 0x000B9844 0x00000165
InitiateSystemShutdownExW - 0x0048F080 0x000BA648 0x000B9848 0x0000017D
SHELL32.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DragQueryPoint - 0x0048F48C 0x000BAA54 0x000B9C54 0x00000020
ShellExecuteExW - 0x0048F490 0x000BAA58 0x000B9C58 0x00000121
DragQueryFileW - 0x0048F494 0x000BAA5C 0x000B9C5C 0x0000001F
SHEmptyRecycleBinW - 0x0048F498 0x000BAA60 0x000B9C60 0x000000A5
SHGetPathFromIDListW - 0x0048F49C 0x000BAA64 0x000B9C64 0x000000D7
SHBrowseForFolderW - 0x0048F4A0 0x000BAA68 0x000B9C68 0x0000007B
SHCreateShellItem - 0x0048F4A4 0x000BAA6C 0x000B9C6C 0x0000009A
SHGetDesktopFolder - 0x0048F4A8 0x000BAA70 0x000B9C70 0x000000B6
SHGetSpecialFolderLocation - 0x0048F4AC 0x000BAA74 0x000B9C74 0x000000DF
SHGetFolderPathW - 0x0048F4B0 0x000BAA78 0x000B9C78 0x000000C3
SHFileOperationW - 0x0048F4B4 0x000BAA7C 0x000B9C7C 0x000000AC
ExtractIconExW - 0x0048F4B8 0x000BAA80 0x000B9C80 0x0000002A
Shell_NotifyIconW - 0x0048F4BC 0x000BAA84 0x000B9C84 0x0000012E
ShellExecuteW - 0x0048F4C0 0x000BAA88 0x000B9C88 0x00000122
DragFinish - 0x0048F4C4 0x000BAA8C 0x000B9C8C 0x0000001B
ole32.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoTaskMemAlloc - 0x0048F828 0x000BADF0 0x000B9FF0 0x00000067
CoTaskMemFree - 0x0048F82C 0x000BADF4 0x000B9FF4 0x00000068
CLSIDFromString - 0x0048F830 0x000BADF8 0x000B9FF8 0x00000008
ProgIDFromCLSID - 0x0048F834 0x000BADFC 0x000B9FFC 0x0000014B
CLSIDFromProgID - 0x0048F838 0x000BAE00 0x000BA000 0x00000006
OleSetMenuDescriptor - 0x0048F83C 0x000BAE04 0x000BA004 0x00000147
MkParseDisplayName - 0x0048F840 0x000BAE08 0x000BA008 0x000000D4
OleSetContainedObject - 0x0048F844 0x000BAE0C 0x000BA00C 0x00000146
CoCreateInstance - 0x0048F848 0x000BAE10 0x000BA010 0x00000010
IIDFromString - 0x0048F84C 0x000BAE14 0x000BA014 0x000000CD
StringFromGUID2 - 0x0048F850 0x000BAE18 0x000BA018 0x00000179
CreateStreamOnHGlobal - 0x0048F854 0x000BAE1C 0x000BA01C 0x00000086
OleInitialize - 0x0048F858 0x000BAE20 0x000BA020 0x00000132
OleUninitialize - 0x0048F85C 0x000BAE24 0x000BA024 0x00000149
CoInitialize - 0x0048F860 0x000BAE28 0x000BA028 0x0000003E
CoUninitialize - 0x0048F864 0x000BAE2C 0x000BA02C 0x0000006C
GetRunningObjectTable - 0x0048F868 0x000BAE30 0x000BA030 0x00000097
CoGetInstanceFromFile - 0x0048F86C 0x000BAE34 0x000BA034 0x0000002D
CoGetObject - 0x0048F870 0x000BAE38 0x000BA038 0x00000035
CoSetProxyBlanket - 0x0048F874 0x000BAE3C 0x000BA03C 0x00000063
CoCreateInstanceEx - 0x0048F878 0x000BAE40 0x000BA040 0x00000011
CoInitializeSecurity - 0x0048F87C 0x000BAE44 0x000BA044 0x00000040
OLEAUT32.dll (29)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadTypeLibEx 0x000000B7 0x0048F40C 0x000BA9D4 0x000B9BD4 -
VariantCopyInd 0x0000000B 0x0048F410 0x000BA9D8 0x000B9BD8 -
SysReAllocString 0x00000003 0x0048F414 0x000BA9DC 0x000B9BDC -
SysFreeString 0x00000006 0x0048F418 0x000BA9E0 0x000B9BE0 -
SafeArrayDestroyDescriptor 0x00000026 0x0048F41C 0x000BA9E4 0x000B9BE4 -
SafeArrayDestroyData 0x00000027 0x0048F420 0x000BA9E8 0x000B9BE8 -
SafeArrayUnaccessData 0x00000018 0x0048F424 0x000BA9EC 0x000B9BEC -
SafeArrayAccessData 0x00000017 0x0048F428 0x000BA9F0 0x000B9BF0 -
SafeArrayAllocData 0x00000025 0x0048F42C 0x000BA9F4 0x000B9BF4 -
SafeArrayAllocDescriptorEx 0x00000029 0x0048F430 0x000BA9F8 0x000B9BF8 -
SafeArrayCreateVector 0x0000019B 0x0048F434 0x000BA9FC 0x000B9BFC -
RegisterTypeLib 0x000000A3 0x0048F438 0x000BAA00 0x000B9C00 -
CreateStdDispatch 0x00000020 0x0048F43C 0x000BAA04 0x000B9C04 -
DispCallFunc 0x00000092 0x0048F440 0x000BAA08 0x000B9C08 -
VariantChangeType 0x0000000C 0x0048F444 0x000BAA0C 0x000B9C0C -
SysStringLen 0x00000007 0x0048F448 0x000BAA10 0x000B9C10 -
VariantTimeToSystemTime 0x000000B9 0x0048F44C 0x000BAA14 0x000B9C14 -
VarR8FromDec 0x000000DC 0x0048F450 0x000BAA18 0x000B9C18 -
SafeArrayGetVartype 0x0000004D 0x0048F454 0x000BAA1C 0x000B9C1C -
VariantCopy 0x0000000A 0x0048F458 0x000BAA20 0x000B9C20 -
VariantClear 0x00000009 0x0048F45C 0x000BAA24 0x000B9C24 -
OleLoadPicture 0x000001A2 0x0048F460 0x000BAA28 0x000B9C28 -
QueryPathOfRegTypeLib 0x000000A4 0x0048F464 0x000BAA2C 0x000B9C2C -
RegisterTypeLibForUser 0x000001BA 0x0048F468 0x000BAA30 0x000B9C30 -
UnRegisterTypeLibForUser 0x000001BB 0x0048F46C 0x000BAA34 0x000B9C34 -
UnRegisterTypeLib 0x000000BA 0x0048F470 0x000BAA38 0x000B9C38 -
CreateDispTypeInfo 0x0000001F 0x0048F474 0x000BAA3C 0x000B9C3C -
SysAllocString 0x00000002 0x0048F478 0x000BAA40 0x000B9C40 -
VariantInit 0x00000008 0x0048F47C 0x000BAA44 0x000B9C44 -
Memory Dumps (27)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
adobe download manager.exe 1 0x002B0000 0x004B9FFF Relevant Image False 32-bit 0x002D3187 False
...
buffer 1 0x035A0000 0x035A0FFF First Execution False 32-bit 0x035A00BE False
...
buffer 5 0x01000000 0x0101FFFF Content Changed False 32-bit - False
...
adobe download manager.exe 5 0x002B0000 0x004B9FFF Relevant Image False 32-bit - False
...
buffer 1 0x010F01F8 0x0110C3F7 Image In Buffer False 32-bit - False
...
buffer 1 0x035B0000 0x035CFFFF Image In Buffer False 32-bit - False
...
buffer 5 0x01000000 0x0101FFFF Final Dump False 32-bit - False
...
adobe download manager.exe 1 0x002B0000 0x004B9FFF Final Dump False 32-bit 0x002D0CB9 False
...
buffer 5 0x01000000 0x0101FFFF First Execution False 32-bit 0x0101A1F8 False
...
buffer 5 0x01000000 0x0101FFFF Content Changed False 32-bit 0x0100329C False
...
buffer 5 0x01000000 0x0101FFFF Content Changed False 32-bit 0x010010F8 False
...
buffer 5 0x01000000 0x0101FFFF Content Changed False 32-bit 0x01005628 False
...
buffer 5 0x01000000 0x0101FFFF Content Changed False 32-bit 0x0100B15C False
...
buffer 5 0x01000000 0x0101FFFF Content Changed False 32-bit 0x01018414 False
...
buffer 5 0x01000000 0x0101FFFF Content Changed False 32-bit 0x01007DE0 False
...
buffer 5 0x01000000 0x0101FFFF Content Changed False 32-bit 0x01006CE8 False
...
buffer 5 0x00FE9000 0x00FFFFFF First Network Behavior False 32-bit - False
...
buffer 5 0x01000000 0x0101FFFF First Network Behavior False 32-bit - False
...
buffer 5 0x01071F10 0x01072F07 First Network Behavior False 32-bit - False
...
buffer 5 0x01072F10 0x01073553 First Network Behavior False 32-bit - False
...
buffer 5 0x02560000 0x0265FFFF First Network Behavior False 32-bit - False
...
adobe download manager.exe 5 0x002B0000 0x004B9FFF First Network Behavior False 32-bit - False
...
counters.dat 5 0x01030000 0x01030FFF First Network Behavior False 32-bit - False
...
buffer 5 0x01000000 0x0101FFFF Content Changed False 32-bit 0x0101965C False
...
buffer 5 0x01000000 0x0101FFFF Process Termination False 32-bit - False
...
adobe download manager.exe 5 0x002B0000 0x004B9FFF Process Termination False 32-bit - False
...
counters.dat 5 0x01030000 0x01030FFF Process Termination False 32-bit - False
...
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QuasarRAT QuasarRAT Backdoor
5/5
...
C:\Users\RDhJ0CNFevzX\btpanui\SystemPropertiesPerformance.exe Dropped File Binary
Malicious
...
»
Also Known As SystemPropertiesPerformance.exe (Accessed File)
MIME Type application/vnd.microsoft.portable-executable
File Size 2.01 MB
MD5 9083b44657eb5aa4852b9b62d8ddf2e4 Copy to Clipboard
SHA1 8a29422165794892a1d2079e089f372b35f82bdc Copy to Clipboard
SHA256 25000160aa1a06fd370be2a5cabce36c80fb12fbb1817e6ac67847dca7586295 Copy to Clipboard
SSDeep 24576:su6J33O0c+JY5UZ+XC0kGso6FaI1IXgM6YmenKKSUlmDaGJTA4Pqa6jUvOkQwKYv:2u0c++OCvkGs9Fap5aLKLkDl+dUvO9YJ Copy to Clipboard
ImpHash afcdf79be1557326c854b6e20cb900a7 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x00427DCD
Size Of Code 0x0008DE00
Size Of Initialized Data 0x00174E00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2019-03-12 14:38 (UTC+1)
Version Information (7)
»
FileDescription Adobe Download Manager
OriginalFilename Adobe Download Manager
CompanyName Adobe Systems Incorporated
FileVersion ...
LegalCopyright Copyright 2018 Adobe Incorporated. All rights reserved.
ProductName Adobe Download Manager
ProductVersion ...
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x0008DCC4 0x0008DE00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.68
.rdata 0x0048F000 0x0002E10E 0x0002E200 0x0008E200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.76
.data 0x004BE000 0x00008F74 0x00005200 0x000BC400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 1.2
.rsrc 0x004C7000 0x0013A7F8 0x0013A800 0x000C1600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.62
.reloc 0x00602000 0x0000711C 0x00007200 0x001FBE00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.78
Imports (18)
»
WSOCK32.dll (23)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WSACleanup 0x00000074 0x0048F7C8 0x000BAD90 0x000B9F90 -
socket 0x00000017 0x0048F7CC 0x000BAD94 0x000B9F94 -
inet_ntoa 0x0000000C 0x0048F7D0 0x000BAD98 0x000B9F98 -
setsockopt 0x00000015 0x0048F7D4 0x000BAD9C 0x000B9F9C -
ntohs 0x0000000F 0x0048F7D8 0x000BADA0 0x000B9FA0 -
recvfrom 0x00000011 0x0048F7DC 0x000BADA4 0x000B9FA4 -
ioctlsocket 0x0000000A 0x0048F7E0 0x000BADA8 0x000B9FA8 -
htons 0x00000009 0x0048F7E4 0x000BADAC 0x000B9FAC -
WSAStartup 0x00000073 0x0048F7E8 0x000BADB0 0x000B9FB0 -
__WSAFDIsSet 0x00000097 0x0048F7EC 0x000BADB4 0x000B9FB4 -
select 0x00000012 0x0048F7F0 0x000BADB8 0x000B9FB8 -
accept 0x00000001 0x0048F7F4 0x000BADBC 0x000B9FBC -
listen 0x0000000D 0x0048F7F8 0x000BADC0 0x000B9FC0 -
bind 0x00000002 0x0048F7FC 0x000BADC4 0x000B9FC4 -
closesocket 0x00000003 0x0048F800 0x000BADC8 0x000B9FC8 -
WSAGetLastError 0x0000006F 0x0048F804 0x000BADCC 0x000B9FCC -
recv 0x00000010 0x0048F808 0x000BADD0 0x000B9FD0 -
sendto 0x00000014 0x0048F80C 0x000BADD4 0x000B9FD4 -
send 0x00000013 0x0048F810 0x000BADD8 0x000B9FD8 -
inet_addr 0x0000000B 0x0048F814 0x000BADDC 0x000B9FDC -
gethostbyname 0x00000034 0x0048F818 0x000BADE0 0x000B9FE0 -
gethostname 0x00000039 0x0048F81C 0x000BADE4 0x000B9FE4 -
connect 0x00000004 0x0048F820 0x000BADE8 0x000B9FE8 -
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoW - 0x0048F76C 0x000BAD34 0x000B9F34 0x00000006
GetFileVersionInfoSizeW - 0x0048F770 0x000BAD38 0x000B9F38 0x00000005
VerQueryValueW - 0x0048F774 0x000BAD3C 0x000B9F3C 0x0000000E
WINMM.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
timeGetTime - 0x0048F7B8 0x000BAD80 0x000B9F80 0x00000094
waveOutSetVolume - 0x0048F7BC 0x000BAD84 0x000B9F84 0x000000BB
mciSendStringW - 0x0048F7C0 0x000BAD88 0x000B9F88 0x00000032
COMCTL32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_ReplaceIcon - 0x0048F088 0x000BA650 0x000B9850 0x0000006F
ImageList_Destroy - 0x0048F08C 0x000BA654 0x000B9854 0x00000054
ImageList_Remove - 0x0048F090 0x000BA658 0x000B9858 0x0000006D
ImageList_SetDragCursorImage - 0x0048F094 0x000BA65C 0x000B985C 0x00000072
ImageList_BeginDrag - 0x0048F098 0x000BA660 0x000B9860 0x00000050
ImageList_DragEnter - 0x0048F09C 0x000BA664 0x000B9864 0x00000056
ImageList_DragLeave - 0x0048F0A0 0x000BA668 0x000B9868 0x00000057
ImageList_EndDrag - 0x0048F0A4 0x000BA66C 0x000B986C 0x0000005E
ImageList_DragMove - 0x0048F0A8 0x000BA670 0x000B9870 0x00000058
InitCommonControlsEx - 0x0048F0AC 0x000BA674 0x000B9874 0x0000007B
ImageList_Create - 0x0048F0B0 0x000BA678 0x000B9878 0x00000053
MPR.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WNetUseConnectionW - 0x0048F3F8 0x000BA9C0 0x000B9BC0 0x00000049
WNetCancelConnection2W - 0x0048F3FC 0x000BA9C4 0x000B9BC4 0x0000000C
WNetGetConnectionW - 0x0048F400 0x000BA9C8 0x000B9BC8 0x00000024
WNetAddConnection2W - 0x0048F404 0x000BA9CC 0x000B9BCC 0x00000006
WININET.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InternetQueryDataAvailable - 0x0048F77C 0x000BAD44 0x000B9F44 0x0000009B
InternetCloseHandle - 0x0048F780 0x000BAD48 0x000B9F48 0x0000006B
InternetOpenW - 0x0048F784 0x000BAD4C 0x000B9F4C 0x0000009A
InternetSetOptionW - 0x0048F788 0x000BAD50 0x000B9F50 0x000000AF
InternetCrackUrlW - 0x0048F78C 0x000BAD54 0x000B9F54 0x00000074
HttpQueryInfoW - 0x0048F790 0x000BAD58 0x000B9F58 0x0000005A
InternetQueryOptionW - 0x0048F794 0x000BAD5C 0x000B9F5C 0x0000009E
HttpOpenRequestW - 0x0048F798 0x000BAD60 0x000B9F60 0x00000058
HttpSendRequestW - 0x0048F79C 0x000BAD64 0x000B9F64 0x0000005E
FtpOpenFileW - 0x0048F7A0 0x000BAD68 0x000B9F68 0x00000035
FtpGetFileSize - 0x0048F7A4 0x000BAD6C 0x000B9F6C 0x00000032
InternetOpenUrlW - 0x0048F7A8 0x000BAD70 0x000B9F70 0x00000099
InternetReadFile - 0x0048F7AC 0x000BAD74 0x000B9F74 0x0000009F
InternetConnectW - 0x0048F7B0 0x000BAD78 0x000B9F78 0x00000072
PSAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetProcessMemoryInfo - 0x0048F484 0x000BAA4C 0x000B9C4C 0x00000015
IPHLPAPI.DLL (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IcmpCreateFile - 0x0048F154 0x000BA71C 0x000B991C 0x00000085
IcmpCloseHandle - 0x0048F158 0x000BA720 0x000B9920 0x00000084
IcmpSendEcho - 0x0048F15C 0x000BA724 0x000B9924 0x00000087
USERENV.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DestroyEnvironmentBlock - 0x0048F750 0x000BAD18 0x000B9F18 0x00000004
UnloadUserProfile - 0x0048F754 0x000BAD1C 0x000B9F1C 0x0000002C
CreateEnvironmentBlock - 0x0048F758 0x000BAD20 0x000B9F20 0x00000000
LoadUserProfileW - 0x0048F75C 0x000BAD24 0x000B9F24 0x00000021
UxTheme.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IsThemeActive - 0x0048F764 0x000BAD2C 0x000B9F2C 0x0000003F
KERNEL32.dll (164)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DuplicateHandle - 0x0048F164 0x000BA72C 0x000B992C 0x000000E8
CreateThread - 0x0048F168 0x000BA730 0x000B9930 0x000000B5
WaitForSingleObject - 0x0048F16C 0x000BA734 0x000B9934 0x000004F9
HeapAlloc - 0x0048F170 0x000BA738 0x000B9938 0x000002CB
GetProcessHeap - 0x0048F174 0x000BA73C 0x000B993C 0x0000024A
HeapFree - 0x0048F178 0x000BA740 0x000B9940 0x000002CF
Sleep - 0x0048F17C 0x000BA744 0x000B9944 0x000004B2
GetCurrentThreadId - 0x0048F180 0x000BA748 0x000B9948 0x000001C5
MultiByteToWideChar - 0x0048F184 0x000BA74C 0x000B994C 0x00000367
MulDiv - 0x0048F188 0x000BA750 0x000B9950 0x00000366
GetVersionExW - 0x0048F18C 0x000BA754 0x000B9954 0x000002A4
IsWow64Process - 0x0048F190 0x000BA758 0x000B9958 0x0000030E
GetSystemInfo - 0x0048F194 0x000BA75C 0x000B995C 0x00000273
FreeLibrary - 0x0048F198 0x000BA760 0x000B9960 0x00000162
LoadLibraryA - 0x0048F19C 0x000BA764 0x000B9964 0x0000033C
GetProcAddress - 0x0048F1A0 0x000BA768 0x000B9968 0x00000245
SetErrorMode - 0x0048F1A4 0x000BA76C 0x000B996C 0x00000458
GetModuleFileNameW - 0x0048F1A8 0x000BA770 0x000B9970 0x00000214
WideCharToMultiByte - 0x0048F1AC 0x000BA774 0x000B9974 0x00000511
lstrcpyW - 0x0048F1B0 0x000BA778 0x000B9978 0x00000548
lstrlenW - 0x0048F1B4 0x000BA77C 0x000B997C 0x0000054E
GetModuleHandleW - 0x0048F1B8 0x000BA780 0x000B9980 0x00000218
QueryPerformanceCounter - 0x0048F1BC 0x000BA784 0x000B9984 0x000003A7
VirtualFreeEx - 0x0048F1C0 0x000BA788 0x000B9988 0x000004ED
OpenProcess - 0x0048F1C4 0x000BA78C 0x000B998C 0x00000380
VirtualAllocEx - 0x0048F1C8 0x000BA790 0x000B9990 0x000004EA
WriteProcessMemory - 0x0048F1CC 0x000BA794 0x000B9994 0x0000052E
ReadProcessMemory - 0x0048F1D0 0x000BA798 0x000B9998 0x000003C3
CreateFileW - 0x0048F1D4 0x000BA79C 0x000B999C 0x0000008F
SetFilePointerEx - 0x0048F1D8 0x000BA7A0 0x000B99A0 0x00000467
SetEndOfFile - 0x0048F1DC 0x000BA7A4 0x000B99A4 0x00000453
ReadFile - 0x0048F1E0 0x000BA7A8 0x000B99A8 0x000003C0
WriteFile - 0x0048F1E4 0x000BA7AC 0x000B99AC 0x00000525
FlushFileBuffers - 0x0048F1E8 0x000BA7B0 0x000B99B0 0x00000157
TerminateProcess - 0x0048F1EC 0x000BA7B4 0x000B99B4 0x000004C0
CreateToolhelp32Snapshot - 0x0048F1F0 0x000BA7B8 0x000B99B8 0x000000BE
Process32FirstW - 0x0048F1F4 0x000BA7BC 0x000B99BC 0x00000396
Process32NextW - 0x0048F1F8 0x000BA7C0 0x000B99C0 0x00000398
SetFileTime - 0x0048F1FC 0x000BA7C4 0x000B99C4 0x0000046A
GetFileAttributesW - 0x0048F200 0x000BA7C8 0x000B99C8 0x000001EA
FindFirstFileW - 0x0048F204 0x000BA7CC 0x000B99CC 0x00000139
SetCurrentDirectoryW - 0x0048F208 0x000BA7D0 0x000B99D0 0x0000044D
GetLongPathNameW - 0x0048F20C 0x000BA7D4 0x000B99D4 0x0000020F
GetShortPathNameW - 0x0048F210 0x000BA7D8 0x000B99D8 0x00000261
DeleteFileW - 0x0048F214 0x000BA7DC 0x000B99DC 0x000000D6
FindNextFileW - 0x0048F218 0x000BA7E0 0x000B99E0 0x00000145
CopyFileExW - 0x0048F21C 0x000BA7E4 0x000B99E4 0x00000072
MoveFileW - 0x0048F220 0x000BA7E8 0x000B99E8 0x00000363
CreateDirectoryW - 0x0048F224 0x000BA7EC 0x000B99EC 0x00000081
RemoveDirectoryW - 0x0048F228 0x000BA7F0 0x000B99F0 0x00000403
SetSystemPowerState - 0x0048F22C 0x000BA7F4 0x000B99F4 0x0000048A
QueryPerformanceFrequency - 0x0048F230 0x000BA7F8 0x000B99F8 0x000003A8
FindResourceW - 0x0048F234 0x000BA7FC 0x000B99FC 0x0000014E
LoadResource - 0x0048F238 0x000BA800 0x000B9A00 0x00000341
LockResource - 0x0048F23C 0x000BA804 0x000B9A04 0x00000354
SizeofResource - 0x0048F240 0x000BA808 0x000B9A08 0x000004B1
EnumResourceNamesW - 0x0048F244 0x000BA80C 0x000B9A0C 0x00000102
OutputDebugStringW - 0x0048F248 0x000BA810 0x000B9A10 0x0000038A
GetTempPathW - 0x0048F24C 0x000BA814 0x000B9A14 0x00000285
GetTempFileNameW - 0x0048F250 0x000BA818 0x000B9A18 0x00000283
DeviceIoControl - 0x0048F254 0x000BA81C 0x000B9A1C 0x000000DD
GetLocalTime - 0x0048F258 0x000BA820 0x000B9A20 0x00000203
CompareStringW - 0x0048F25C 0x000BA824 0x000B9A24 0x00000064
GetCurrentProcess - 0x0048F260 0x000BA828 0x000B9A28 0x000001C0
EnterCriticalSection - 0x0048F264 0x000BA82C 0x000B9A2C 0x000000EE
LeaveCriticalSection - 0x0048F268 0x000BA830 0x000B9A30 0x00000339
GetStdHandle - 0x0048F26C 0x000BA834 0x000B9A34 0x00000264
CreatePipe - 0x0048F270 0x000BA838 0x000B9A38 0x000000A1
InterlockedExchange - 0x0048F274 0x000BA83C 0x000B9A3C 0x000002EC
TerminateThread - 0x0048F278 0x000BA840 0x000B9A40 0x000004C1
LoadLibraryExW - 0x0048F27C 0x000BA844 0x000B9A44 0x0000033E
FindResourceExW - 0x0048F280 0x000BA848 0x000B9A48 0x0000014D
CopyFileW - 0x0048F284 0x000BA84C 0x000B9A4C 0x00000075
VirtualFree - 0x0048F288 0x000BA850 0x000B9A50 0x000004EC
FormatMessageW - 0x0048F28C 0x000BA854 0x000B9A54 0x0000015E
GetExitCodeProcess - 0x0048F290 0x000BA858 0x000B9A58 0x000001DF
GetPrivateProfileStringW - 0x0048F294 0x000BA85C 0x000B9A5C 0x00000242
WritePrivateProfileStringW - 0x0048F298 0x000BA860 0x000B9A60 0x0000052B
GetPrivateProfileSectionW - 0x0048F29C 0x000BA864 0x000B9A64 0x00000240
WritePrivateProfileSectionW - 0x0048F2A0 0x000BA868 0x000B9A68 0x00000529
GetPrivateProfileSectionNamesW - 0x0048F2A4 0x000BA86C 0x000B9A6C 0x0000023F
FileTimeToLocalFileTime - 0x0048F2A8 0x000BA870 0x000B9A70 0x00000124
FileTimeToSystemTime - 0x0048F2AC 0x000BA874 0x000B9A74 0x00000125
SystemTimeToFileTime - 0x0048F2B0 0x000BA878 0x000B9A78 0x000004BD
LocalFileTimeToFileTime - 0x0048F2B4 0x000BA87C 0x000B9A7C 0x00000346
GetDriveTypeW - 0x0048F2B8 0x000BA880 0x000B9A80 0x000001D3
GetDiskFreeSpaceExW - 0x0048F2BC 0x000BA884 0x000B9A84 0x000001CE
GetDiskFreeSpaceW - 0x0048F2C0 0x000BA888 0x000B9A88 0x000001CF
GetVolumeInformationW - 0x0048F2C4 0x000BA88C 0x000B9A8C 0x000002A7
SetVolumeLabelW - 0x0048F2C8 0x000BA890 0x000B9A90 0x000004A9
CreateHardLinkW - 0x0048F2CC 0x000BA894 0x000B9A94 0x00000093
SetFileAttributesW - 0x0048F2D0 0x000BA898 0x000B9A98 0x00000461
CreateEventW - 0x0048F2D4 0x000BA89C 0x000B9A9C 0x00000085
SetEvent - 0x0048F2D8 0x000BA8A0 0x000B9AA0 0x00000459
GetEnvironmentVariableW - 0x0048F2DC 0x000BA8A4 0x000B9AA4 0x000001DC
SetEnvironmentVariableW - 0x0048F2E0 0x000BA8A8 0x000B9AA8 0x00000457
GlobalLock - 0x0048F2E4 0x000BA8AC 0x000B9AAC 0x000002BE
GlobalUnlock - 0x0048F2E8 0x000BA8B0 0x000B9AB0 0x000002C5
GlobalAlloc - 0x0048F2EC 0x000BA8B4 0x000B9AB4 0x000002B3
GetFileSize - 0x0048F2F0 0x000BA8B8 0x000B9AB8 0x000001F0
GlobalFree - 0x0048F2F4 0x000BA8BC 0x000B9ABC 0x000002BA
GlobalMemoryStatusEx - 0x0048F2F8 0x000BA8C0 0x000B9AC0 0x000002C0
Beep - 0x0048F2FC 0x000BA8C4 0x000B9AC4 0x00000036
GetSystemDirectoryW - 0x0048F300 0x000BA8C8 0x000B9AC8 0x00000270
HeapReAlloc - 0x0048F304 0x000BA8CC 0x000B9ACC 0x000002D2
HeapSize - 0x0048F308 0x000BA8D0 0x000B9AD0 0x000002D4
GetComputerNameW - 0x0048F30C 0x000BA8D4 0x000B9AD4 0x0000018F
GetWindowsDirectoryW - 0x0048F310 0x000BA8D8 0x000B9AD8 0x000002AF
GetCurrentProcessId - 0x0048F314 0x000BA8DC 0x000B9ADC 0x000001C1
GetProcessIoCounters - 0x0048F318 0x000BA8E0 0x000B9AE0 0x0000024E
CreateProcessW - 0x0048F31C 0x000BA8E4 0x000B9AE4 0x000000A8
GetProcessId - 0x0048F320 0x000BA8E8 0x000B9AE8 0x0000024C
SetPriorityClass - 0x0048F324 0x000BA8EC 0x000B9AEC 0x0000047D
LoadLibraryW - 0x0048F328 0x000BA8F0 0x000B9AF0 0x0000033F
VirtualAlloc - 0x0048F32C 0x000BA8F4 0x000B9AF4 0x000004E9
IsDebuggerPresent - 0x0048F330 0x000BA8F8 0x000B9AF8 0x00000300
GetCurrentDirectoryW - 0x0048F334 0x000BA8FC 0x000B9AFC 0x000001BF
lstrcmpiW - 0x0048F338 0x000BA900 0x000B9B00 0x00000545
DecodePointer - 0x0048F33C 0x000BA904 0x000B9B04 0x000000CA
GetLastError - 0x0048F340 0x000BA908 0x000B9B08 0x00000202
RaiseException - 0x0048F344 0x000BA90C 0x000B9B0C 0x000003B1
InitializeCriticalSectionAndSpinCount - 0x0048F348 0x000BA910 0x000B9B10 0x000002E3
DeleteCriticalSection - 0x0048F34C 0x000BA914 0x000B9B14 0x000000D1
InterlockedDecrement - 0x0048F350 0x000BA918 0x000B9B18 0x000002EB
InterlockedIncrement - 0x0048F354 0x000BA91C 0x000B9B1C 0x000002EF
GetCurrentThread - 0x0048F358 0x000BA920 0x000B9B20 0x000001C4
CloseHandle - 0x0048F35C 0x000BA924 0x000B9B24 0x00000052
GetFullPathNameW - 0x0048F360 0x000BA928 0x000B9B28 0x000001FB
EncodePointer - 0x0048F364 0x000BA92C 0x000B9B2C 0x000000EA
ExitProcess - 0x0048F368 0x000BA930 0x000B9B30 0x00000119
GetModuleHandleExW - 0x0048F36C 0x000BA934 0x000B9B34 0x00000217
ExitThread - 0x0048F370 0x000BA938 0x000B9B38 0x0000011A
GetSystemTimeAsFileTime - 0x0048F374 0x000BA93C 0x000B9B3C 0x00000279
ResumeThread - 0x0048F378 0x000BA940 0x000B9B40 0x00000413
GetCommandLineW - 0x0048F37C 0x000BA944 0x000B9B44 0x00000187
IsProcessorFeaturePresent - 0x0048F380 0x000BA948 0x000B9B48 0x00000304
IsValidCodePage - 0x0048F384 0x000BA94C 0x000B9B4C 0x0000030A
GetACP - 0x0048F388 0x000BA950 0x000B9B50 0x00000168
GetOEMCP - 0x0048F38C 0x000BA954 0x000B9B54 0x00000237
GetCPInfo - 0x0048F390 0x000BA958 0x000B9B58 0x00000172
SetLastError - 0x0048F394 0x000BA95C 0x000B9B5C 0x00000473
UnhandledExceptionFilter - 0x0048F398 0x000BA960 0x000B9B60 0x000004D3
SetUnhandledExceptionFilter - 0x0048F39C 0x000BA964 0x000B9B64 0x000004A5
TlsAlloc - 0x0048F3A0 0x000BA968 0x000B9B68 0x000004C5
TlsGetValue - 0x0048F3A4 0x000BA96C 0x000B9B6C 0x000004C7
TlsSetValue - 0x0048F3A8 0x000BA970 0x000B9B70 0x000004C8
TlsFree - 0x0048F3AC 0x000BA974 0x000B9B74 0x000004C6
GetStartupInfoW - 0x0048F3B0 0x000BA978 0x000B9B78 0x00000263
GetStringTypeW - 0x0048F3B4 0x000BA97C 0x000B9B7C 0x00000269
SetStdHandle - 0x0048F3B8 0x000BA980 0x000B9B80 0x00000487
GetFileType - 0x0048F3BC 0x000BA984 0x000B9B84 0x000001F3
GetConsoleCP - 0x0048F3C0 0x000BA988 0x000B9B88 0x0000019A
GetConsoleMode - 0x0048F3C4 0x000BA98C 0x000B9B8C 0x000001AC
RtlUnwind - 0x0048F3C8 0x000BA990 0x000B9B90 0x00000418
ReadConsoleW - 0x0048F3CC 0x000BA994 0x000B9B94 0x000003BE
GetTimeZoneInformation - 0x0048F3D0 0x000BA998 0x000B9B98 0x00000298
GetDateFormatW - 0x0048F3D4 0x000BA99C 0x000B9B9C 0x000001C8
GetTimeFormatW - 0x0048F3D8 0x000BA9A0 0x000B9BA0 0x00000297
LCMapStringW - 0x0048F3DC 0x000BA9A4 0x000B9BA4 0x0000032D
GetEnvironmentStringsW - 0x0048F3E0 0x000BA9A8 0x000B9BA8 0x000001DA
FreeEnvironmentStringsW - 0x0048F3E4 0x000BA9AC 0x000B9BAC 0x00000161
WriteConsoleW - 0x0048F3E8 0x000BA9B0 0x000B9BB0 0x00000524
FindClose - 0x0048F3EC 0x000BA9B4 0x000B9BB4 0x0000012E
SetEnvironmentVariableA - 0x0048F3F0 0x000BA9B8 0x000B9BB8 0x00000456
USER32.dll (160)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AdjustWindowRectEx - 0x0048F4CC 0x000BAA94 0x000B9C94 0x00000003
CopyImage - 0x0048F4D0 0x000BAA98 0x000B9C98 0x00000054
SetWindowPos - 0x0048F4D4 0x000BAA9C 0x000B9C9C 0x000002C6
GetCursorInfo - 0x0048F4D8 0x000BAAA0 0x000B9CA0 0x0000011F
RegisterHotKey - 0x0048F4DC 0x000BAAA4 0x000B9CA4 0x00000256
ClientToScreen - 0x0048F4E0 0x000BAAA8 0x000B9CA8 0x00000047
GetKeyboardLayoutNameW - 0x0048F4E4 0x000BAAAC 0x000B9CAC 0x00000141
IsCharAlphaW - 0x0048F4E8 0x000BAAB0 0x000B9CB0 0x000001C4
IsCharAlphaNumericW - 0x0048F4EC 0x000BAAB4 0x000B9CB4 0x000001C3
IsCharLowerW - 0x0048F4F0 0x000BAAB8 0x000B9CB8 0x000001C6
IsCharUpperW - 0x0048F4F4 0x000BAABC 0x000B9CBC 0x000001C8
GetMenuStringW - 0x0048F4F8 0x000BAAC0 0x000B9CC0 0x00000158
GetSubMenu - 0x0048F4FC 0x000BAAC4 0x000B9CC4 0x0000017A
GetCaretPos - 0x0048F500 0x000BAAC8 0x000B9CC8 0x0000010A
IsZoomed - 0x0048F504 0x000BAACC 0x000B9CCC 0x000001E2
MonitorFromPoint - 0x0048F508 0x000BAAD0 0x000B9CD0 0x00000218
GetMonitorInfoW - 0x0048F50C 0x000BAAD4 0x000B9CD4 0x0000015F
SetWindowLongW - 0x0048F510 0x000BAAD8 0x000B9CD8 0x000002C4
SetLayeredWindowAttributes - 0x0048F514 0x000BAADC 0x000B9CDC 0x00000298
FlashWindow - 0x0048F518 0x000BAAE0 0x000B9CE0 0x000000FB
GetClassLongW - 0x0048F51C 0x000BAAE4 0x000B9CE4 0x00000110
TranslateAcceleratorW - 0x0048F520 0x000BAAE8 0x000B9CE8 0x000002FA
IsDialogMessageW - 0x0048F524 0x000BAAEC 0x000B9CEC 0x000001CD
GetSysColor - 0x0048F528 0x000BAAF0 0x000B9CF0 0x0000017B
InflateRect - 0x0048F52C 0x000BAAF4 0x000B9CF4 0x000001B5
DrawFocusRect - 0x0048F530 0x000BAAF8 0x000B9CF8 0x000000C4
DrawTextW - 0x0048F534 0x000BAAFC 0x000B9CFC 0x000000D0
FrameRect - 0x0048F538 0x000BAB00 0x000B9D00 0x000000FD
DrawFrameControl - 0x0048F53C 0x000BAB04 0x000B9D04 0x000000C6
FillRect - 0x0048F540 0x000BAB08 0x000B9D08 0x000000F6
PtInRect - 0x0048F544 0x000BAB0C 0x000B9D0C 0x00000240
DestroyAcceleratorTable - 0x0048F548 0x000BAB10 0x000B9D10 0x000000A0
CreateAcceleratorTableW - 0x0048F54C 0x000BAB14 0x000B9D14 0x00000058
SetCursor - 0x0048F550 0x000BAB18 0x000B9D18 0x00000288
GetWindowDC - 0x0048F554 0x000BAB1C 0x000B9D1C 0x00000192
GetSystemMetrics - 0x0048F558 0x000BAB20 0x000B9D20 0x0000017E
GetActiveWindow - 0x0048F55C 0x000BAB24 0x000B9D24 0x00000100
CharNextW - 0x0048F560 0x000BAB28 0x000B9D28 0x00000031
wsprintfW - 0x0048F564 0x000BAB2C 0x000B9D2C 0x00000333
RedrawWindow - 0x0048F568 0x000BAB30 0x000B9D30 0x0000024A
DrawMenuBar - 0x0048F56C 0x000BAB34 0x000B9D34 0x000000C9
DestroyMenu - 0x0048F570 0x000BAB38 0x000B9D38 0x000000A4
SetMenu - 0x0048F574 0x000BAB3C 0x000B9D3C 0x0000029C
GetWindowTextLengthW - 0x0048F578 0x000BAB40 0x000B9D40 0x000001A2
CreateMenu - 0x0048F57C 0x000BAB44 0x000B9D44 0x0000006A
IsDlgButtonChecked - 0x0048F580 0x000BAB48 0x000B9D48 0x000001CE
DefDlgProcW - 0x0048F584 0x000BAB4C 0x000B9D4C 0x00000095
CallWindowProcW - 0x0048F588 0x000BAB50 0x000B9D50 0x0000001E
ReleaseCapture - 0x0048F58C 0x000BAB54 0x000B9D54 0x00000264
SetCapture - 0x0048F590 0x000BAB58 0x000B9D58 0x00000280
CreateIconFromResourceEx - 0x0048F594 0x000BAB5C 0x000B9D5C 0x00000066
mouse_event - 0x0048F598 0x000BAB60 0x000B9D60 0x00000331
ExitWindowsEx - 0x0048F59C 0x000BAB64 0x000B9D64 0x000000F5
SetActiveWindow - 0x0048F5A0 0x000BAB68 0x000B9D68 0x0000027F
FindWindowExW - 0x0048F5A4 0x000BAB6C 0x000B9D6C 0x000000F9
EnumThreadWindows - 0x0048F5A8 0x000BAB70 0x000B9D70 0x000000EF
SetMenuDefaultItem - 0x0048F5AC 0x000BAB74 0x000B9D74 0x0000029E
InsertMenuItemW - 0x0048F5B0 0x000BAB78 0x000B9D78 0x000001B9
IsMenu - 0x0048F5B4 0x000BAB7C 0x000B9D7C 0x000001D2
TrackPopupMenuEx - 0x0048F5B8 0x000BAB80 0x000B9D80 0x000002F7
GetCursorPos - 0x0048F5BC 0x000BAB84 0x000B9D84 0x00000120
DeleteMenu - 0x0048F5C0 0x000BAB88 0x000B9D88 0x0000009E
SetRect - 0x0048F5C4 0x000BAB8C 0x000B9D8C 0x000002AE
GetMenuItemID - 0x0048F5C8 0x000BAB90 0x000B9D90 0x00000152
GetMenuItemCount - 0x0048F5CC 0x000BAB94 0x000B9D94 0x00000151
SetMenuItemInfoW - 0x0048F5D0 0x000BAB98 0x000B9D98 0x000002A2
GetMenuItemInfoW - 0x0048F5D4 0x000BAB9C 0x000B9D9C 0x00000154
SetForegroundWindow - 0x0048F5D8 0x000BABA0 0x000B9DA0 0x00000293
IsIconic - 0x0048F5DC 0x000BABA4 0x000B9DA4 0x000001D1
FindWindowW - 0x0048F5E0 0x000BABA8 0x000B9DA8 0x000000FA
MonitorFromRect - 0x0048F5E4 0x000BABAC 0x000B9DAC 0x00000219
keybd_event - 0x0048F5E8 0x000BABB0 0x000B9DB0 0x00000330
SendInput - 0x0048F5EC 0x000BABB4 0x000B9DB4 0x00000276
GetAsyncKeyState - 0x0048F5F0 0x000BABB8 0x000B9DB8 0x00000107
SetKeyboardState - 0x0048F5F4 0x000BABBC 0x000B9DBC 0x00000296
GetKeyboardState - 0x0048F5F8 0x000BABC0 0x000B9DC0 0x00000142
GetKeyState - 0x0048F5FC 0x000BABC4 0x000B9DC4 0x0000013D
VkKeyScanW - 0x0048F600 0x000BABC8 0x000B9DC8 0x00000321
LoadStringW - 0x0048F604 0x000BABCC 0x000B9DCC 0x000001FA
DialogBoxParamW - 0x0048F608 0x000BABD0 0x000B9DD0 0x000000AC
MessageBeep - 0x0048F60C 0x000BABD4 0x000B9DD4 0x0000020D
EndDialog - 0x0048F610 0x000BABD8 0x000B9DD8 0x000000DA
SendDlgItemMessageW - 0x0048F614 0x000BABDC 0x000B9DDC 0x00000273
GetDlgItem - 0x0048F618 0x000BABE0 0x000B9DE0 0x00000127
SetWindowTextW - 0x0048F61C 0x000BABE4 0x000B9DE4 0x000002CB
CopyRect - 0x0048F620 0x000BABE8 0x000B9DE8 0x00000055
ReleaseDC - 0x0048F624 0x000BABEC 0x000B9DEC 0x00000265
GetDC - 0x0048F628 0x000BABF0 0x000B9DF0 0x00000121
EndPaint - 0x0048F62C 0x000BABF4 0x000B9DF4 0x000000DC
BeginPaint - 0x0048F630 0x000BABF8 0x000B9DF8 0x0000000E
GetClientRect - 0x0048F634 0x000BABFC 0x000B9DFC 0x00000114
GetMenu - 0x0048F638 0x000BAC00 0x000B9E00 0x0000014B
DestroyWindow - 0x0048F63C 0x000BAC04 0x000B9E04 0x000000A6
EnumWindows - 0x0048F640 0x000BAC08 0x000B9E08 0x000000F2
GetDesktopWindow - 0x0048F644 0x000BAC0C 0x000B9E0C 0x00000123
IsWindow - 0x0048F648 0x000BAC10 0x000B9E10 0x000001DB
IsWindowEnabled - 0x0048F64C 0x000BAC14 0x000B9E14 0x000001DC
IsWindowVisible - 0x0048F650 0x000BAC18 0x000B9E18 0x000001E0
EnableWindow - 0x0048F654 0x000BAC1C 0x000B9E1C 0x000000D8
InvalidateRect - 0x0048F658 0x000BAC20 0x000B9E20 0x000001BE
GetWindowLongW - 0x0048F65C 0x000BAC24 0x000B9E24 0x00000196
GetWindowThreadProcessId - 0x0048F660 0x000BAC28 0x000B9E28 0x000001A4
AttachThreadInput - 0x0048F664 0x000BAC2C 0x000B9E2C 0x0000000C
GetFocus - 0x0048F668 0x000BAC30 0x000B9E30 0x0000012C
GetWindowTextW - 0x0048F66C 0x000BAC34 0x000B9E34 0x000001A3
ScreenToClient - 0x0048F670 0x000BAC38 0x000B9E38 0x0000026D
SendMessageTimeoutW - 0x0048F674 0x000BAC3C 0x000B9E3C 0x0000027B
EnumChildWindows - 0x0048F678 0x000BAC40 0x000B9E40 0x000000DF
CharUpperBuffW - 0x0048F67C 0x000BAC44 0x000B9E44 0x0000003B
GetParent - 0x0048F680 0x000BAC48 0x000B9E48 0x00000164
GetDlgCtrlID - 0x0048F684 0x000BAC4C 0x000B9E4C 0x00000126
SendMessageW - 0x0048F688 0x000BAC50 0x000B9E50 0x0000027C
MapVirtualKeyW - 0x0048F68C 0x000BAC54 0x000B9E54 0x00000208
PostMessageW - 0x0048F690 0x000BAC58 0x000B9E58 0x00000236
GetWindowRect - 0x0048F694 0x000BAC5C 0x000B9E5C 0x0000019C
SetUserObjectSecurity - 0x0048F698 0x000BAC60 0x000B9E60 0x000002BE
CloseDesktop - 0x0048F69C 0x000BAC64 0x000B9E64 0x0000004A
CloseWindowStation - 0x0048F6A0 0x000BAC68 0x000B9E68 0x0000004E
OpenDesktopW - 0x0048F6A4 0x000BAC6C 0x000B9E6C 0x00000228
SetProcessWindowStation - 0x0048F6A8 0x000BAC70 0x000B9E70 0x000002AA
GetProcessWindowStation - 0x0048F6AC 0x000BAC74 0x000B9E74 0x00000168
OpenWindowStationW - 0x0048F6B0 0x000BAC78 0x000B9E78 0x0000022D
GetUserObjectSecurity - 0x0048F6B4 0x000BAC7C 0x000B9E7C 0x0000018C
MessageBoxW - 0x0048F6B8 0x000BAC80 0x000B9E80 0x00000215
DefWindowProcW - 0x0048F6BC 0x000BAC84 0x000B9E84 0x0000009C
SetClipboardData - 0x0048F6C0 0x000BAC88 0x000B9E88 0x00000286
EmptyClipboard - 0x0048F6C4 0x000BAC8C 0x000B9E8C 0x000000D5
CountClipboardFormats - 0x0048F6C8 0x000BAC90 0x000B9E90 0x00000056
CloseClipboard - 0x0048F6CC 0x000BAC94 0x000B9E94 0x00000049
GetClipboardData - 0x0048F6D0 0x000BAC98 0x000B9E98 0x00000116
IsClipboardFormatAvailable - 0x0048F6D4 0x000BAC9C 0x000B9E9C 0x000001CA
OpenClipboard - 0x0048F6D8 0x000BACA0 0x000B9EA0 0x00000226
BlockInput - 0x0048F6DC 0x000BACA4 0x000B9EA4 0x0000000F
GetMessageW - 0x0048F6E0 0x000BACA8 0x000B9EA8 0x0000015D
LockWindowUpdate - 0x0048F6E4 0x000BACAC 0x000B9EAC 0x000001FD
DispatchMessageW - 0x0048F6E8 0x000BACB0 0x000B9EB0 0x000000AF
TranslateMessage - 0x0048F6EC 0x000BACB4 0x000B9EB4 0x000002FC
PeekMessageW - 0x0048F6F0 0x000BACB8 0x000B9EB8 0x00000233
UnregisterHotKey - 0x0048F6F4 0x000BACBC 0x000B9EBC 0x00000308
CheckMenuRadioItem - 0x0048F6F8 0x000BACC0 0x000B9EC0 0x00000040
CharLowerBuffW - 0x0048F6FC 0x000BACC4 0x000B9EC4 0x0000002D
MoveWindow - 0x0048F700 0x000BACC8 0x000B9EC8 0x0000021B
SetFocus - 0x0048F704 0x000BACCC 0x000B9ECC 0x00000292
PostQuitMessage - 0x0048F708 0x000BACD0 0x000B9ED0 0x00000237
KillTimer - 0x0048F70C 0x000BACD4 0x000B9ED4 0x000001E3
CreatePopupMenu - 0x0048F710 0x000BACD8 0x000B9ED8 0x0000006B
RegisterWindowMessageW - 0x0048F714 0x000BACDC 0x000B9EDC 0x00000263
SetTimer - 0x0048F718 0x000BACE0 0x000B9EE0 0x000002BB
ShowWindow - 0x0048F71C 0x000BACE4 0x000B9EE4 0x000002DF
CreateWindowExW - 0x0048F720 0x000BACE8 0x000B9EE8 0x0000006E
RegisterClassExW - 0x0048F724 0x000BACEC 0x000B9EEC 0x0000024D
LoadIconW - 0x0048F728 0x000BACF0 0x000B9EF0 0x000001ED
LoadCursorW - 0x0048F72C 0x000BACF4 0x000B9EF4 0x000001EB
GetSysColorBrush - 0x0048F730 0x000BACF8 0x000B9EF8 0x0000017C
GetForegroundWindow - 0x0048F734 0x000BACFC 0x000B9EFC 0x0000012D
MessageBoxA - 0x0048F738 0x000BAD00 0x000B9F00 0x0000020E
DestroyIcon - 0x0048F73C 0x000BAD04 0x000B9F04 0x000000A3
SystemParametersInfoW - 0x0048F740 0x000BAD08 0x000B9F08 0x000002EC
LoadImageW - 0x0048F744 0x000BAD0C 0x000B9F0C 0x000001EF
GetClassNameW - 0x0048F748 0x000BAD10 0x000B9F10 0x00000112
GDI32.dll (35)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StrokePath - 0x0048F0C4 0x000BA68C 0x000B988C 0x000002B6
DeleteObject - 0x0048F0C8 0x000BA690 0x000B9890 0x000000E6
GetTextExtentPoint32W - 0x0048F0CC 0x000BA694 0x000B9894 0x0000021E
ExtCreatePen - 0x0048F0D0 0x000BA698 0x000B9898 0x00000132
GetDeviceCaps - 0x0048F0D4 0x000BA69C 0x000B989C 0x000001CB
EndPath - 0x0048F0D8 0x000BA6A0 0x000B98A0 0x000000F3
SetPixel - 0x0048F0DC 0x000BA6A4 0x000B98A4 0x0000029B
CloseFigure - 0x0048F0E0 0x000BA6A8 0x000B98A8 0x0000001E
CreateCompatibleBitmap - 0x0048F0E4 0x000BA6AC 0x000B98AC 0x0000002F
CreateCompatibleDC - 0x0048F0E8 0x000BA6B0 0x000B98B0 0x00000030
SelectObject - 0x0048F0EC 0x000BA6B4 0x000B98B4 0x00000277
StretchBlt - 0x0048F0F0 0x000BA6B8 0x000B98B8 0x000002B3
GetDIBits - 0x0048F0F4 0x000BA6BC 0x000B98BC 0x000001CA
LineTo - 0x0048F0F8 0x000BA6C0 0x000B98C0 0x00000236
AngleArc - 0x0048F0FC 0x000BA6C4 0x000B98C4 0x00000008
MoveToEx - 0x0048F100 0x000BA6C8 0x000B98C8 0x0000023A
Ellipse - 0x0048F104 0x000BA6CC 0x000B98CC 0x000000ED
DeleteDC - 0x0048F108 0x000BA6D0 0x000B98D0 0x000000E3
GetPixel - 0x0048F10C 0x000BA6D4 0x000B98D4 0x00000204
CreateDCW - 0x0048F110 0x000BA6D8 0x000B98D8 0x00000032
GetStockObject - 0x0048F114 0x000BA6DC 0x000B98DC 0x0000020D
GetTextFaceW - 0x0048F118 0x000BA6E0 0x000B98E0 0x00000224
CreateFontW - 0x0048F11C 0x000BA6E4 0x000B98E4 0x00000041
SetTextColor - 0x0048F120 0x000BA6E8 0x000B98E8 0x000002A6
PolyDraw - 0x0048F124 0x000BA6EC 0x000B98EC 0x00000250
BeginPath - 0x0048F128 0x000BA6F0 0x000B98F0 0x00000012
Rectangle - 0x0048F12C 0x000BA6F4 0x000B98F4 0x0000025F
SetViewportOrgEx - 0x0048F130 0x000BA6F8 0x000B98F8 0x000002A9
GetObjectW - 0x0048F134 0x000BA6FC 0x000B98FC 0x000001FD
SetBkMode - 0x0048F138 0x000BA700 0x000B9900 0x0000027F
RoundRect - 0x0048F13C 0x000BA704 0x000B9904 0x0000026A
SetBkColor - 0x0048F140 0x000BA708 0x000B9908 0x0000027E
CreatePen - 0x0048F144 0x000BA70C 0x000B990C 0x0000004B
CreateSolidBrush - 0x0048F148 0x000BA710 0x000B9910 0x00000054
StrokeAndFillPath - 0x0048F14C 0x000BA714 0x000B9914 0x000002B5
COMDLG32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetOpenFileNameW - 0x0048F0B8 0x000BA680 0x000B9880 0x0000000C
GetSaveFileNameW - 0x0048F0BC 0x000BA684 0x000B9884 0x0000000E
ADVAPI32.dll (33)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetAce - 0x0048F000 0x000BA5C8 0x000B97C8 0x00000123
RegEnumValueW - 0x0048F004 0x000BA5CC 0x000B97CC 0x00000252
RegDeleteValueW - 0x0048F008 0x000BA5D0 0x000B97D0 0x00000248
RegDeleteKeyW - 0x0048F00C 0x000BA5D4 0x000B97D4 0x00000244
RegEnumKeyExW - 0x0048F010 0x000BA5D8 0x000B97D8 0x0000024F
RegSetValueExW - 0x0048F014 0x000BA5DC 0x000B97DC 0x0000027E
RegOpenKeyExW - 0x0048F018 0x000BA5E0 0x000B97E0 0x00000261
RegCloseKey - 0x0048F01C 0x000BA5E4 0x000B97E4 0x00000230
RegQueryValueExW - 0x0048F020 0x000BA5E8 0x000B97E8 0x0000026E
RegConnectRegistryW - 0x0048F024 0x000BA5EC 0x000B97EC 0x00000234
InitializeSecurityDescriptor - 0x0048F028 0x000BA5F0 0x000B97F0 0x00000177
InitializeAcl - 0x0048F02C 0x000BA5F4 0x000B97F4 0x00000176
AdjustTokenPrivileges - 0x0048F030 0x000BA5F8 0x000B97F8 0x0000001F
OpenThreadToken - 0x0048F034 0x000BA5FC 0x000B97FC 0x000001FC
OpenProcessToken - 0x0048F038 0x000BA600 0x000B9800 0x000001F7
LookupPrivilegeValueW - 0x0048F03C 0x000BA604 0x000B9804 0x00000197
DuplicateTokenEx - 0x0048F040 0x000BA608 0x000B9808 0x000000DF
CreateProcessAsUserW - 0x0048F044 0x000BA60C 0x000B980C 0x0000007C
CreateProcessWithLogonW - 0x0048F048 0x000BA610 0x000B9810 0x0000007D
GetLengthSid - 0x0048F04C 0x000BA614 0x000B9814 0x00000136
CopySid - 0x0048F050 0x000BA618 0x000B9818 0x00000076
LogonUserW - 0x0048F054 0x000BA61C 0x000B981C 0x0000018D
AllocateAndInitializeSid - 0x0048F058 0x000BA620 0x000B9820 0x00000020
CheckTokenMembership - 0x0048F05C 0x000BA624 0x000B9824 0x00000051
RegCreateKeyExW - 0x0048F060 0x000BA628 0x000B9828 0x00000239
FreeSid - 0x0048F064 0x000BA62C 0x000B982C 0x00000120
GetTokenInformation - 0x0048F068 0x000BA630 0x000B9830 0x0000015A
GetSecurityDescriptorDacl - 0x0048F06C 0x000BA634 0x000B9834 0x00000148
GetAclInformation - 0x0048F070 0x000BA638 0x000B9838 0x00000124
AddAce - 0x0048F074 0x000BA63C 0x000B983C 0x00000016
SetSecurityDescriptorDacl - 0x0048F078 0x000BA640 0x000B9840 0x000002B6
GetUserNameW - 0x0048F07C 0x000BA644 0x000B9844 0x00000165
InitiateSystemShutdownExW - 0x0048F080 0x000BA648 0x000B9848 0x0000017D
SHELL32.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DragQueryPoint - 0x0048F48C 0x000BAA54 0x000B9C54 0x00000020
ShellExecuteExW - 0x0048F490 0x000BAA58 0x000B9C58 0x00000121
DragQueryFileW - 0x0048F494 0x000BAA5C 0x000B9C5C 0x0000001F
SHEmptyRecycleBinW - 0x0048F498 0x000BAA60 0x000B9C60 0x000000A5
SHGetPathFromIDListW - 0x0048F49C 0x000BAA64 0x000B9C64 0x000000D7
SHBrowseForFolderW - 0x0048F4A0 0x000BAA68 0x000B9C68 0x0000007B
SHCreateShellItem - 0x0048F4A4 0x000BAA6C 0x000B9C6C 0x0000009A
SHGetDesktopFolder - 0x0048F4A8 0x000BAA70 0x000B9C70 0x000000B6
SHGetSpecialFolderLocation - 0x0048F4AC 0x000BAA74 0x000B9C74 0x000000DF
SHGetFolderPathW - 0x0048F4B0 0x000BAA78 0x000B9C78 0x000000C3
SHFileOperationW - 0x0048F4B4 0x000BAA7C 0x000B9C7C 0x000000AC
ExtractIconExW - 0x0048F4B8 0x000BAA80 0x000B9C80 0x0000002A
Shell_NotifyIconW - 0x0048F4BC 0x000BAA84 0x000B9C84 0x0000012E
ShellExecuteW - 0x0048F4C0 0x000BAA88 0x000B9C88 0x00000122
DragFinish - 0x0048F4C4 0x000BAA8C 0x000B9C8C 0x0000001B
ole32.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoTaskMemAlloc - 0x0048F828 0x000BADF0 0x000B9FF0 0x00000067
CoTaskMemFree - 0x0048F82C 0x000BADF4 0x000B9FF4 0x00000068
CLSIDFromString - 0x0048F830 0x000BADF8 0x000B9FF8 0x00000008
ProgIDFromCLSID - 0x0048F834 0x000BADFC 0x000B9FFC 0x0000014B
CLSIDFromProgID - 0x0048F838 0x000BAE00 0x000BA000 0x00000006
OleSetMenuDescriptor - 0x0048F83C 0x000BAE04 0x000BA004 0x00000147
MkParseDisplayName - 0x0048F840 0x000BAE08 0x000BA008 0x000000D4
OleSetContainedObject - 0x0048F844 0x000BAE0C 0x000BA00C 0x00000146
CoCreateInstance - 0x0048F848 0x000BAE10 0x000BA010 0x00000010
IIDFromString - 0x0048F84C 0x000BAE14 0x000BA014 0x000000CD
StringFromGUID2 - 0x0048F850 0x000BAE18 0x000BA018 0x00000179
CreateStreamOnHGlobal - 0x0048F854 0x000BAE1C 0x000BA01C 0x00000086
OleInitialize - 0x0048F858 0x000BAE20 0x000BA020 0x00000132
OleUninitialize - 0x0048F85C 0x000BAE24 0x000BA024 0x00000149
CoInitialize - 0x0048F860 0x000BAE28 0x000BA028 0x0000003E
CoUninitialize - 0x0048F864 0x000BAE2C 0x000BA02C 0x0000006C
GetRunningObjectTable - 0x0048F868 0x000BAE30 0x000BA030 0x00000097
CoGetInstanceFromFile - 0x0048F86C 0x000BAE34 0x000BA034 0x0000002D
CoGetObject - 0x0048F870 0x000BAE38 0x000BA038 0x00000035
CoSetProxyBlanket - 0x0048F874 0x000BAE3C 0x000BA03C 0x00000063
CoCreateInstanceEx - 0x0048F878 0x000BAE40 0x000BA040 0x00000011
CoInitializeSecurity - 0x0048F87C 0x000BAE44 0x000BA044 0x00000040
OLEAUT32.dll (29)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadTypeLibEx 0x000000B7 0x0048F40C 0x000BA9D4 0x000B9BD4 -
VariantCopyInd 0x0000000B 0x0048F410 0x000BA9D8 0x000B9BD8 -
SysReAllocString 0x00000003 0x0048F414 0x000BA9DC 0x000B9BDC -
SysFreeString 0x00000006 0x0048F418 0x000BA9E0 0x000B9BE0 -
SafeArrayDestroyDescriptor 0x00000026 0x0048F41C 0x000BA9E4 0x000B9BE4 -
SafeArrayDestroyData 0x00000027 0x0048F420 0x000BA9E8 0x000B9BE8 -
SafeArrayUnaccessData 0x00000018 0x0048F424 0x000BA9EC 0x000B9BEC -
SafeArrayAccessData 0x00000017 0x0048F428 0x000BA9F0 0x000B9BF0 -
SafeArrayAllocData 0x00000025 0x0048F42C 0x000BA9F4 0x000B9BF4 -
SafeArrayAllocDescriptorEx 0x00000029 0x0048F430 0x000BA9F8 0x000B9BF8 -
SafeArrayCreateVector 0x0000019B 0x0048F434 0x000BA9FC 0x000B9BFC -
RegisterTypeLib 0x000000A3 0x0048F438 0x000BAA00 0x000B9C00 -
CreateStdDispatch 0x00000020 0x0048F43C 0x000BAA04 0x000B9C04 -
DispCallFunc 0x00000092 0x0048F440 0x000BAA08 0x000B9C08 -
VariantChangeType 0x0000000C 0x0048F444 0x000BAA0C 0x000B9C0C -
SysStringLen 0x00000007 0x0048F448 0x000BAA10 0x000B9C10 -
VariantTimeToSystemTime 0x000000B9 0x0048F44C 0x000BAA14 0x000B9C14 -
VarR8FromDec 0x000000DC 0x0048F450 0x000BAA18 0x000B9C18 -
SafeArrayGetVartype 0x0000004D 0x0048F454 0x000BAA1C 0x000B9C1C -
VariantCopy 0x0000000A 0x0048F458 0x000BAA20 0x000B9C20 -
VariantClear 0x00000009 0x0048F45C 0x000BAA24 0x000B9C24 -
OleLoadPicture 0x000001A2 0x0048F460 0x000BAA28 0x000B9C28 -
QueryPathOfRegTypeLib 0x000000A4 0x0048F464 0x000BAA2C 0x000B9C2C -
RegisterTypeLibForUser 0x000001BA 0x0048F468 0x000BAA30 0x000B9C30 -
UnRegisterTypeLibForUser 0x000001BB 0x0048F46C 0x000BAA34 0x000B9C34 -
UnRegisterTypeLib 0x000000BA 0x0048F470 0x000BAA38 0x000B9C38 -
CreateDispTypeInfo 0x0000001F 0x0048F474 0x000BAA3C 0x000B9C3C -
SysAllocString 0x00000002 0x0048F478 0x000BAA40 0x000B9C40 -
VariantInit 0x00000008 0x0048F47C 0x000BAA44 0x000B9C44 -
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QuasarRAT QuasarRAT Backdoor
5/5
...
C:\Users\RDHJ0C~1\AppData\Local\Temp\vnc.exe Dropped File Binary
Malicious
...
»
Parent File C:\Users\RDhJ0CNFevzX\Desktop\Adobe Download Manager.exe
MIME Type application/vnd.microsoft.portable-executable
File Size 405.50 KB
MD5 b8ba87ee4c3fc085a2fed0d839aadce1 Copy to Clipboard
SHA1 b3a2e3256406330e8b1779199bb2b9865122d766 Copy to Clipboard
SHA256 4e8a99cd33c9e5c747a3ce8f1a3e17824846f4a8f7cb0631aebd0815db2ce3a4 Copy to Clipboard
SSDeep 6144:k6laOx87Xnl7xKK3iDgExiOP+MrRmD+PQXhEHlIxJKqM01FloHJh7GIA4hVvi:k6YmenBMKSUlm+4arHlgJNGIA4hVvi Copy to Clipboard
ImpHash 6a003b897ae0bf62ce848978beadd8b7 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
PE Information
»
Image Base 0x00400000
Entry Point 0x00401620
Size Of Code 0x00003600
Size Of Initialized Data 0x00061E00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2019-03-12 10:52 (UTC+1)
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x000035C2 0x00003600 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.4
.rdata 0x00405000 0x000009FE 0x00000A00 0x00003A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.98
.data 0x00406000 0x00060E40 0x00060E00 0x00004400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.47
.reloc 0x00467000 0x00000370 0x00000400 0x00065200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.01
Imports (5)
»
ntdll.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NtQueryVirtualMemory - 0x004050C0 0x000055DC 0x00003FDC 0x00000135
RtlUnwind - 0x004050C4 0x000055E0 0x00003FE0 0x00000396
NtSetContextThread - 0x004050C8 0x000055E4 0x00003FE4 0x00000159
NtGetContextThread - 0x004050CC 0x000055E8 0x00003FE8 0x000000D0
ZwQueryInformationProcess - 0x004050D0 0x000055EC 0x00003FEC 0x00000469
RtlNtStatusToDosError - 0x004050D4 0x000055F0 0x00003FF0 0x0000030B
ZwClose - 0x004050D8 0x000055F4 0x00003FF4 0x000003E0
NtUnmapViewOfSection - 0x004050DC 0x000055F8 0x00003FF8 0x00000191
NtMapViewOfSection - 0x004050E0 0x000055FC 0x00003FFC 0x000000EA
NtCreateSection - 0x004050E4 0x00005600 0x00004000 0x000000AA
memcpy - 0x004050E8 0x00005604 0x00004004 0x00000546
memset - 0x004050EC 0x00005608 0x00004008 0x00000548
SHLWAPI.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StrChrA - 0x004050B0 0x000055CC 0x00003FCC 0x0000010F
StrRChrA - 0x004050B4 0x000055D0 0x00003FD0 0x00000136
PathCombineW - 0x004050B8 0x000055D4 0x00003FD4 0x0000003A
PSAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
EnumProcessModules - 0x004050A0 0x000055BC 0x00003FBC 0x00000004
KERNEL32.dll (39)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteProcessMemory - 0x00405000 0x0000551C 0x00003F1C 0x0000052E
GetFileSize - 0x00405004 0x00005520 0x00003F20 0x000001F0
LoadLibraryA - 0x00405008 0x00005524 0x00003F24 0x0000033C
FreeLibrary - 0x0040500C 0x00005528 0x00003F28 0x00000162
lstrcmpA - 0x00405010 0x0000552C 0x00003F2C 0x00000541
LeaveCriticalSection - 0x00405014 0x00005530 0x00003F30 0x00000339
EnterCriticalSection - 0x00405018 0x00005534 0x00003F34 0x000000EE
VirtualProtect - 0x0040501C 0x00005538 0x00003F38 0x000004EF
CreateFileA - 0x00405020 0x0000553C 0x00003F3C 0x00000088
GetModuleFileNameA - 0x00405024 0x00005540 0x00003F40 0x00000213
lstrlenA - 0x00405028 0x00005544 0x00003F44 0x0000054D
lstrcatA - 0x0040502C 0x00005548 0x00003F48 0x0000053E
lstrcpyA - 0x00405030 0x0000554C 0x00003F4C 0x00000547
lstrcmpiA - 0x00405034 0x00005550 0x00003F50 0x00000544
SetFilePointer - 0x00405038 0x00005554 0x00003F54 0x00000466
GetCurrentProcess - 0x0040503C 0x00005558 0x00003F58 0x000001C0
VirtualAllocEx - 0x00405040 0x0000555C 0x00003F5C 0x000004EA
LocalAlloc - 0x00405044 0x00005560 0x00003F60 0x00000344
LocalFree - 0x00405048 0x00005564 0x00003F64 0x00000348
CloseHandle - 0x0040504C 0x00005568 0x00003F68 0x00000052
GetModuleHandleA - 0x00405050 0x0000556C 0x00003F6C 0x00000215
CreateProcessW - 0x00405054 0x00005570 0x00003F70 0x000000A8
VirtualProtectEx - 0x00405058 0x00005574 0x00003F74 0x000004F0
OpenProcess - 0x0040505C 0x00005578 0x00003F78 0x00000380
GetCurrentProcessId - 0x00405060 0x0000557C 0x00003F7C 0x000001C1
SwitchToThread - 0x00405064 0x00005580 0x00003F80 0x000004BC
GetLastError - 0x00405068 0x00005584 0x00003F84 0x00000202
ReadProcessMemory - 0x0040506C 0x00005588 0x00003F88 0x000003C3
VirtualFree - 0x00405070 0x0000558C 0x00003F8C 0x000004EC
GetThreadContext - 0x00405074 0x00005590 0x00003F90 0x00000286
SuspendThread - 0x00405078 0x00005594 0x00003F94 0x000004BA
ResumeThread - 0x0040507C 0x00005598 0x00003F98 0x00000413
Sleep - 0x00405080 0x0000559C 0x00003F9C 0x000004B2
GetModuleHandleW - 0x00405084 0x000055A0 0x00003FA0 0x00000218
GetVersion - 0x00405088 0x000055A4 0x00003FA4 0x000002A2
CreateEventA - 0x0040508C 0x000055A8 0x00003FA8 0x00000082
GetProcAddress - 0x00405090 0x000055AC 0x00003FAC 0x00000245
VirtualAlloc - 0x00405094 0x000055B0 0x00003FB0 0x000004E9
ReadFile - 0x00405098 0x000055B4 0x00003FB4 0x000003C0
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetFolderPathW - 0x004050A8 0x000055C4 0x00003FC4 0x000000C3
Memory Dumps (5)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
vnc.exe 2 0x01080000 0x010E7FFF Relevant Image False 32-bit 0x01082813 False
...
buffer 2 0x00830000 0x008CBFFF Marked Executable False 32-bit - False
...
buffer 2 0x00830000 0x008CBFFF Content Changed False 32-bit - False
...
vnc.exe 2 0x01080000 0x010E7FFF Final Dump False 32-bit - False
...
vnc.exe 2 0x01080000 0x010E7FFF Process Termination False 32-bit - False
...
C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\windef.exe Dropped File Binary
Malicious
...
»
Also Known As C:\Users\RDHJ0C~1\AppData\Local\Temp\windef.exe (Dropped File, Accessed File)
C:\Users\RDhJ0CNFevzX\AppData\Roaming\SubDir\winsock.exe (Accessed File)
Parent File C:\Users\RDhJ0CNFevzX\Desktop\Adobe Download Manager.exe
MIME Type application/vnd.microsoft.portable-executable
File Size 349.00 KB
MD5 b4a202e03d4135484d0e730173abcc72 Copy to Clipboard
SHA1 01b30014545ea526c15a60931d676f9392ea0c70 Copy to Clipboard
SHA256 7050608d53f80269df951d00883ed79815c060ce7678a76b5c3f6a2a985beea9 Copy to Clipboard
SSDeep 6144:8K2J10qdSlEc39HGx5yVmnKKJfotFCuHi/b25s/Wz0J:8KF6y0KKlotF3iKO/Wz0J Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x004587BE
Size Of Code 0x00056800
Size Of Initialized Data 0x00000A00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2019-03-12 14:27 (UTC+1)
Version Information (7)
»
FileDescription
FileVersion 1.3.0.0
InternalName Client.exe
LegalCopyright
OriginalFilename Client.exe
ProductVersion 1.3.0.0
Assembly Version 1.3.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00402000 0x000567C4 0x00056800 0x00000200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x0045A000 0x00000800 0x00000800 0x00056A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.71
.reloc 0x0045C000 0x0000000C 0x00000200 0x00057200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x00402000 0x00058798 0x00056998 0x00000000
Memory Dumps (14)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
windef.exe 4 0x00D30000 0x00D8DFFF Relevant Image False 32-bit - False
...
buffer 4 0x04CFE000 0x04CFFFFF First Network Behavior False 32-bit - False
...
buffer 4 0x00CDC000 0x00CDFFFF First Network Behavior False 32-bit - False
...
buffer 4 0x00B9E000 0x00B9FFFF First Network Behavior False 32-bit - False
...
buffer 4 0x00189000 0x0018FFFF First Network Behavior False 32-bit - False
...
windef.exe 4 0x00D30000 0x00D8DFFF First Network Behavior False 32-bit - False
...
windef.exe 4 0x00D30000 0x00D8DFFF Final Dump False 32-bit - False
...
windef.exe 4 0x00D30000 0x00D8DFFF Process Termination False 32-bit - False
...
winsock.exe 12 0x00CB0000 0x00D0DFFF Relevant Image False 32-bit - False
...
buffer 12 0x04EFE000 0x04EFFFFF First Network Behavior False 32-bit - False
...
buffer 12 0x04A6C000 0x04A6FFFF First Network Behavior False 32-bit - False
...
buffer 12 0x00B9E000 0x00B9FFFF First Network Behavior False 32-bit - False
...
buffer 12 0x00188000 0x0018FFFF First Network Behavior False 32-bit - False
...
winsock.exe 12 0x00CB0000 0x00D0DFFF First Network Behavior False 32-bit - False
...
YARA Matches (2)
»
Rule Name Rule Description Classification Score Actions
xRAT_1 xRAT malware Backdoor
5/5
...
QuasarRAT QuasarRAT Backdoor
5/5
...
C:\Users\RDhJ0CNFevzX\AppData\Roaming\Logs\02-07-2024 Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 224 Bytes
MD5 fa71e6c4df17e42bcea8a3a8235acf7d Copy to Clipboard
SHA1 5dad7611f81cf36839464f47b73f368d62924b5d Copy to Clipboard
SHA256 acce7bf50072acc7fd91ba76beec9c319c9673ad8244acb3b29605424ad721f9 Copy to Clipboard
SSDeep 6:HS3vCKYCtrfC51B24dMN3ORNUpb4cbTrmelj:y3aDCZfqH2Vb1bBj Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 128 Bytes
MD5 cc90851958032b8c8bbb7b24ec6271dd Copy to Clipboard
SHA1 e027ad2ea4049374a3b01af2e3626b667dc816bc Copy to Clipboard
SHA256 c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858 Copy to Clipboard
SSDeep 3:Fl: Copy to Clipboard
ImpHash -
28b90965d78cbc8579bf8678d31d9d6b3886ec11e34030ad978e137f0696d263 Extracted File Image
Clean
...
»
Parent File C:\Users\RDhJ0CNFevzX\Desktop\Adobe Download Manager.exe
MIME Type image/png
File Size 13.46 KB
MD5 846a77216562e12267837f95a0ad51c7 Copy to Clipboard
SHA1 aace704fe706de969308c46dad4841cfd582cc5d Copy to Clipboard
SHA256 28b90965d78cbc8579bf8678d31d9d6b3886ec11e34030ad978e137f0696d263 Copy to Clipboard
SSDeep 384:5W7lHyLgoHSbieaUBCxC5DN+Zv37K/VwceWiNtJkUHJgbc:UMLgoHS1ahKk37K4t6Rc Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image