Malicious
Classifications
-
Threat Names
-
Dynamic Analysis Report
Created on 2024-11-30T08:11:55+00:00
22f97692b5a0fea40c782129a0ec53ae.exe
Windows Exe (x86-32)
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\OQXZRA~1\AppData\Local\Temp\12225125\¡¡\¡¡ | Sample File | Binary |
Malicious
|
...
|
»
| Also Known As |
22f97692b5a0fea40c782129a0ec53ae.exe (Accessed File)
C:\Users\OqXZRaykm\Desktop\22f97692b5a0fea40c782129a0ec53ae.exe (VM File, Accessed File, Sample File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 1.92 MB |
| MD5 |
9beba61e8ccd4533e84242f83ff16bd6
|
| SHA1 |
0a66efcdfc9bfb1cc3a067c48f30e4afd928eb23
|
| SHA256 |
4d19ca87f215974f29e7128d07e0767fc5cd370bd48f317a8a07f38fa32a7b24
|
| SSDeep |
24576:D2ZW1SXtpmUwWIkFSHgd4DOgPjaCsTRGbhbqs2jCZQotr7PoHWX3ANhkWKOh/FwH:D2Zn2+1Fbd4NnsmhbB2HM7Ouos
|
| ImpHash |
136e11a1cb5b983376a7137406d0f03b
|
File Reputation Information
»
| Verdict |
Malicious
|
PE Information
»
| Image Base | 0x00400000 |
| Entry Point | 0x0050D0A8 |
| Size Of Code | 0x0012B000 |
| Size Of Initialized Data | 0x000D8000 |
| File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 2020-02-24 07:14 (UTC) |
Sections (4)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00401000 | 0x0012AB36 | 0x0012B000 | 0x00001000 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.37 |
| .rdata | 0x0052C000 | 0x000A4B86 | 0x000A5000 | 0x0012C000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.93 |
| .data | 0x005D1000 | 0x0002CDC8 | 0x00014000 | 0x001D1000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.92 |
| .rsrc | 0x005FE000 | 0x00005D10 | 0x00006000 | 0x001E5000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.89 |
Imports (12)
»
KERNEL32.dll (137)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SetEndOfFile | - | 0x0052C17C | 0x001CEA10 | 0x001CEA10 | 0x00000261 |
| UnlockFile | - | 0x0052C180 | 0x001CEA14 | 0x001CEA14 | 0x000002AE |
| LockFile | - | 0x0052C184 | 0x001CEA18 | 0x001CEA18 | 0x000001D3 |
| FlushFileBuffers | - | 0x0052C188 | 0x001CEA1C | 0x001CEA1C | 0x000000AA |
| SetFilePointer | - | 0x0052C18C | 0x001CEA20 | 0x001CEA20 | 0x0000026A |
| DuplicateHandle | - | 0x0052C190 | 0x001CEA24 | 0x001CEA24 | 0x00000063 |
| lstrcpynA | - | 0x0052C194 | 0x001CEA28 | 0x001CEA28 | 0x00000305 |
| SetLastError | - | 0x0052C198 | 0x001CEA2C | 0x001CEA2C | 0x00000271 |
| FileTimeToLocalFileTime | - | 0x0052C19C | 0x001CEA30 | 0x001CEA30 | 0x00000089 |
| FileTimeToSystemTime | - | 0x0052C1A0 | 0x001CEA34 | 0x001CEA34 | 0x0000008A |
| LocalFree | - | 0x0052C1A4 | 0x001CEA38 | 0x001CEA38 | 0x000001CC |
| InterlockedDecrement | - | 0x0052C1A8 | 0x001CEA3C | 0x001CEA3C | 0x000001AD |
| GetCurrentProcess | - | 0x0052C1AC | 0x001CEA40 | 0x001CEA40 | 0x000000F7 |
| GetWindowsDirectoryA | - | 0x0052C1B0 | 0x001CEA44 | 0x001CEA44 | 0x0000017D |
| GetSystemDirectoryA | - | 0x0052C1B4 | 0x001CEA48 | 0x001CEA48 | 0x00000159 |
| CreateSemaphoreA | - | 0x0052C1B8 | 0x001CEA4C | 0x001CEA4C | 0x00000047 |
| ResumeThread | - | 0x0052C1BC | 0x001CEA50 | 0x001CEA50 | 0x0000022C |
| ReleaseSemaphore | - | 0x0052C1C0 | 0x001CEA54 | 0x001CEA54 | 0x00000226 |
| EnterCriticalSection | - | 0x0052C1C4 | 0x001CEA58 | 0x001CEA58 | 0x00000066 |
| LeaveCriticalSection | - | 0x0052C1C8 | 0x001CEA5C | 0x001CEA5C | 0x000001C1 |
| GetProfileStringA | - | 0x0052C1CC | 0x001CEA60 | 0x001CEA60 | 0x0000014B |
| SetStdHandle | - | 0x0052C1D0 | 0x001CEA64 | 0x001CEA64 | 0x0000027C |
| IsBadCodePtr | - | 0x0052C1D4 | 0x001CEA68 | 0x001CEA68 | 0x000001B2 |
| IsBadReadPtr | - | 0x0052C1D8 | 0x001CEA6C | 0x001CEA6C | 0x000001B5 |
| CompareStringW | - | 0x0052C1DC | 0x001CEA70 | 0x001CEA70 | 0x00000022 |
| CompareStringA | - | 0x0052C1E0 | 0x001CEA74 | 0x001CEA74 | 0x00000021 |
| SetUnhandledExceptionFilter | - | 0x0052C1E4 | 0x001CEA78 | 0x001CEA78 | 0x0000028B |
| GetStringTypeW | - | 0x0052C1E8 | 0x001CEA7C | 0x001CEA7C | 0x00000156 |
| GetStringTypeA | - | 0x0052C1EC | 0x001CEA80 | 0x001CEA80 | 0x00000153 |
| IsBadWritePtr | - | 0x0052C1F0 | 0x001CEA84 | 0x001CEA84 | 0x000001B8 |
| VirtualAlloc | - | 0x0052C1F4 | 0x001CEA88 | 0x001CEA88 | 0x000002BB |
| LCMapStringW | - | 0x0052C1F8 | 0x001CEA8C | 0x001CEA8C | 0x000001C0 |
| LCMapStringA | - | 0x0052C1FC | 0x001CEA90 | 0x001CEA90 | 0x000001BF |
| SetEnvironmentVariableA | - | 0x0052C200 | 0x001CEA94 | 0x001CEA94 | 0x00000262 |
| VirtualFree | - | 0x0052C204 | 0x001CEA98 | 0x001CEA98 | 0x000002BF |
| HeapCreate | - | 0x0052C208 | 0x001CEA9C | 0x001CEA9C | 0x0000019B |
| HeapDestroy | - | 0x0052C20C | 0x001CEAA0 | 0x001CEAA0 | 0x0000019D |
| GetEnvironmentVariableA | - | 0x0052C210 | 0x001CEAA4 | 0x001CEAA4 | 0x00000109 |
| GetFileType | - | 0x0052C214 | 0x001CEAA8 | 0x001CEAA8 | 0x00000115 |
| GetStdHandle | - | 0x0052C218 | 0x001CEAAC | 0x001CEAAC | 0x00000152 |
| SetHandleCount | - | 0x0052C21C | 0x001CEAB0 | 0x001CEAB0 | 0x0000026D |
| GetEnvironmentStringsW | - | 0x0052C220 | 0x001CEAB4 | 0x001CEAB4 | 0x00000108 |
| GetEnvironmentStrings | - | 0x0052C224 | 0x001CEAB8 | 0x001CEAB8 | 0x00000106 |
| FreeEnvironmentStringsW | - | 0x0052C228 | 0x001CEABC | 0x001CEABC | 0x000000B3 |
| FreeEnvironmentStringsA | - | 0x0052C22C | 0x001CEAC0 | 0x001CEAC0 | 0x000000B2 |
| UnhandledExceptionFilter | - | 0x0052C230 | 0x001CEAC4 | 0x001CEAC4 | 0x000002AD |
| GetACP | - | 0x0052C234 | 0x001CEAC8 | 0x001CEAC8 | 0x000000B9 |
| HeapSize | - | 0x0052C238 | 0x001CEACC | 0x001CEACC | 0x000001A3 |
| TerminateProcess | - | 0x0052C23C | 0x001CEAD0 | 0x001CEAD0 | 0x0000029E |
| GetLocalTime | - | 0x0052C240 | 0x001CEAD4 | 0x001CEAD4 | 0x0000011B |
| GetSystemTime | - | 0x0052C244 | 0x001CEAD8 | 0x001CEAD8 | 0x0000015D |
| GetTimeZoneInformation | - | 0x0052C248 | 0x001CEADC | 0x001CEADC | 0x00000170 |
| RaiseException | - | 0x0052C24C | 0x001CEAE0 | 0x001CEAE0 | 0x0000020B |
| WriteFile | - | 0x0052C250 | 0x001CEAE4 | 0x001CEAE4 | 0x000002DF |
| WaitForMultipleObjects | - | 0x0052C254 | 0x001CEAE8 | 0x001CEAE8 | 0x000002CC |
| CreateFileA | - | 0x0052C258 | 0x001CEAEC | 0x001CEAEC | 0x00000034 |
| SetEvent | - | 0x0052C25C | 0x001CEAF0 | 0x001CEAF0 | 0x00000265 |
| FindResourceA | - | 0x0052C260 | 0x001CEAF4 | 0x001CEAF4 | 0x000000A3 |
| LoadResource | - | 0x0052C264 | 0x001CEAF8 | 0x001CEAF8 | 0x000001C7 |
| LockResource | - | 0x0052C268 | 0x001CEAFC | 0x001CEAFC | 0x000001D5 |
| ReadFile | - | 0x0052C26C | 0x001CEB00 | 0x001CEB00 | 0x00000218 |
| lstrlenW | - | 0x0052C270 | 0x001CEB04 | 0x001CEB04 | 0x00000309 |
| RemoveDirectoryA | - | 0x0052C274 | 0x001CEB08 | 0x001CEB08 | 0x00000227 |
| GetModuleFileNameA | - | 0x0052C278 | 0x001CEB0C | 0x001CEB0C | 0x00000124 |
| WideCharToMultiByte | - | 0x0052C27C | 0x001CEB10 | 0x001CEB10 | 0x000002D2 |
| MultiByteToWideChar | - | 0x0052C280 | 0x001CEB14 | 0x001CEB14 | 0x000001E4 |
| GetCurrentThreadId | - | 0x0052C284 | 0x001CEB18 | 0x001CEB18 | 0x000000FA |
| ExitProcess | - | 0x0052C288 | 0x001CEB1C | 0x001CEB1C | 0x0000007D |
| GlobalSize | - | 0x0052C28C | 0x001CEB20 | 0x001CEB20 | 0x00000190 |
| GlobalFree | - | 0x0052C290 | 0x001CEB24 | 0x001CEB24 | 0x00000188 |
| DeleteCriticalSection | - | 0x0052C294 | 0x001CEB28 | 0x001CEB28 | 0x00000055 |
| InitializeCriticalSection | - | 0x0052C298 | 0x001CEB2C | 0x001CEB2C | 0x000001AA |
| lstrcatA | - | 0x0052C29C | 0x001CEB30 | 0x001CEB30 | 0x000002F9 |
| lstrlenA | - | 0x0052C2A0 | 0x001CEB34 | 0x001CEB34 | 0x00000308 |
| WinExec | - | 0x0052C2A4 | 0x001CEB38 | 0x001CEB38 | 0x000002D3 |
| lstrcpyA | - | 0x0052C2A8 | 0x001CEB3C | 0x001CEB3C | 0x00000302 |
| FindNextFileA | - | 0x0052C2AC | 0x001CEB40 | 0x001CEB40 | 0x0000009D |
| GlobalReAlloc | - | 0x0052C2B0 | 0x001CEB44 | 0x001CEB44 | 0x0000018F |
| HeapFree | - | 0x0052C2B4 | 0x001CEB48 | 0x001CEB48 | 0x0000019F |
| HeapReAlloc | - | 0x0052C2B8 | 0x001CEB4C | 0x001CEB4C | 0x000001A2 |
| GetProcessHeap | - | 0x0052C2BC | 0x001CEB50 | 0x001CEB50 | 0x00000140 |
| HeapAlloc | - | 0x0052C2C0 | 0x001CEB54 | 0x001CEB54 | 0x00000199 |
| GetUserDefaultLCID | - | 0x0052C2C4 | 0x001CEB58 | 0x001CEB58 | 0x00000171 |
| GetFullPathNameA | - | 0x0052C2C8 | 0x001CEB5C | 0x001CEB5C | 0x00000116 |
| FreeLibrary | - | 0x0052C2CC | 0x001CEB60 | 0x001CEB60 | 0x000000B4 |
| LoadLibraryA | - | 0x0052C2D0 | 0x001CEB64 | 0x001CEB64 | 0x000001C2 |
| GetLastError | - | 0x0052C2D4 | 0x001CEB68 | 0x001CEB68 | 0x0000011A |
| GetVersionExA | - | 0x0052C2D8 | 0x001CEB6C | 0x001CEB6C | 0x00000175 |
| WritePrivateProfileStringA | - | 0x0052C2DC | 0x001CEB70 | 0x001CEB70 | 0x000002E5 |
| GetPrivateProfileStringA | - | 0x0052C2E0 | 0x001CEB74 | 0x001CEB74 | 0x0000013A |
| CreateThread | - | 0x0052C2E4 | 0x001CEB78 | 0x001CEB78 | 0x0000004A |
| CreateEventA | - | 0x0052C2E8 | 0x001CEB7C | 0x001CEB7C | 0x00000031 |
| Sleep | - | 0x0052C2EC | 0x001CEB80 | 0x001CEB80 | 0x00000296 |
| GlobalAlloc | - | 0x0052C2F0 | 0x001CEB84 | 0x001CEB84 | 0x00000181 |
| GlobalLock | - | 0x0052C2F4 | 0x001CEB88 | 0x001CEB88 | 0x0000018C |
| GlobalUnlock | - | 0x0052C2F8 | 0x001CEB8C | 0x001CEB8C | 0x00000193 |
| GetTempPathA | - | 0x0052C2FC | 0x001CEB90 | 0x001CEB90 | 0x00000165 |
| FindFirstFileA | - | 0x0052C300 | 0x001CEB94 | 0x001CEB94 | 0x00000094 |
| FindClose | - | 0x0052C304 | 0x001CEB98 | 0x001CEB98 | 0x00000090 |
| SetFileAttributesA | - | 0x0052C308 | 0x001CEB9C | 0x001CEB9C | 0x00000268 |
| GetFileAttributesA | - | 0x0052C30C | 0x001CEBA0 | 0x001CEBA0 | 0x0000010D |
| RtlUnwind | - | 0x0052C310 | 0x001CEBA4 | 0x001CEBA4 | 0x0000022F |
| GetStartupInfoA | - | 0x0052C314 | 0x001CEBA8 | 0x001CEBA8 | 0x00000150 |
| GetOEMCP | - | 0x0052C318 | 0x001CEBAC | 0x001CEBAC | 0x00000131 |
| GetCPInfo | - | 0x0052C31C | 0x001CEBB0 | 0x001CEBB0 | 0x000000BF |
| GetProcessVersion | - | 0x0052C320 | 0x001CEBB4 | 0x001CEBB4 | 0x00000145 |
| SetErrorMode | - | 0x0052C324 | 0x001CEBB8 | 0x001CEBB8 | 0x00000264 |
| GlobalFlags | - | 0x0052C328 | 0x001CEBBC | 0x001CEBBC | 0x00000187 |
| GetCurrentThread | - | 0x0052C32C | 0x001CEBC0 | 0x001CEBC0 | 0x000000F9 |
| GetFileTime | - | 0x0052C330 | 0x001CEBC4 | 0x001CEBC4 | 0x00000114 |
| GetFileSize | - | 0x0052C334 | 0x001CEBC8 | 0x001CEBC8 | 0x00000112 |
| TlsGetValue | - | 0x0052C338 | 0x001CEBCC | 0x001CEBCC | 0x000002A4 |
| LocalReAlloc | - | 0x0052C33C | 0x001CEBD0 | 0x001CEBD0 | 0x000001CF |
| TlsSetValue | - | 0x0052C340 | 0x001CEBD4 | 0x001CEBD4 | 0x000002A5 |
| TlsFree | - | 0x0052C344 | 0x001CEBD8 | 0x001CEBD8 | 0x000002A3 |
| GlobalHandle | - | 0x0052C348 | 0x001CEBDC | 0x001CEBDC | 0x0000018B |
| TlsAlloc | - | 0x0052C34C | 0x001CEBE0 | 0x001CEBE0 | 0x000002A2 |
| LocalAlloc | - | 0x0052C350 | 0x001CEBE4 | 0x001CEBE4 | 0x000001C8 |
| lstrcmpA | - | 0x0052C354 | 0x001CEBE8 | 0x001CEBE8 | 0x000002FC |
| DeleteFileA | - | 0x0052C358 | 0x001CEBEC | 0x001CEBEC | 0x00000057 |
| SetCurrentDirectoryA | - | 0x0052C35C | 0x001CEBF0 | 0x001CEBF0 | 0x0000025D |
| GetVolumeInformationA | - | 0x0052C360 | 0x001CEBF4 | 0x001CEBF4 | 0x00000177 |
| GetModuleHandleA | - | 0x0052C364 | 0x001CEBF8 | 0x001CEBF8 | 0x00000126 |
| GetProcAddress | - | 0x0052C368 | 0x001CEBFC | 0x001CEBFC | 0x0000013E |
| MulDiv | - | 0x0052C36C | 0x001CEC00 | 0x001CEC00 | 0x000001E3 |
| GetCommandLineA | - | 0x0052C370 | 0x001CEC04 | 0x001CEC04 | 0x000000CA |
| GetTickCount | - | 0x0052C374 | 0x001CEC08 | 0x001CEC08 | 0x0000016D |
| CreateProcessA | - | 0x0052C378 | 0x001CEC0C | 0x001CEC0C | 0x00000044 |
| WaitForSingleObject | - | 0x0052C37C | 0x001CEC10 | 0x001CEC10 | 0x000002CE |
| CloseHandle | - | 0x0052C380 | 0x001CEC14 | 0x001CEC14 | 0x0000001B |
| lstrcmpiA | - | 0x0052C384 | 0x001CEC18 | 0x001CEC18 | 0x000002FF |
| GlobalDeleteAtom | - | 0x0052C388 | 0x001CEC1C | 0x001CEC1C | 0x00000183 |
| GetVersion | - | 0x0052C38C | 0x001CEC20 | 0x001CEC20 | 0x00000174 |
| GlobalGetAtomNameA | - | 0x0052C390 | 0x001CEC24 | 0x001CEC24 | 0x00000189 |
| GlobalAddAtomA | - | 0x0052C394 | 0x001CEC28 | 0x001CEC28 | 0x0000017F |
| GlobalFindAtomA | - | 0x0052C398 | 0x001CEC2C | 0x001CEC2C | 0x00000184 |
| InterlockedIncrement | - | 0x0052C39C | 0x001CEC30 | 0x001CEC30 | 0x000001B0 |
USER32.dll (153)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegisterClassA | - | 0x0052C3DC | 0x001CEC70 | 0x001CEC70 | 0x000001F2 |
| WaitForInputIdle | - | 0x0052C3E0 | 0x001CEC74 | 0x001CEC74 | 0x000002A4 |
| wsprintfA | - | 0x0052C3E4 | 0x001CEC78 | 0x001CEC78 | 0x000002AC |
| CloseClipboard | - | 0x0052C3E8 | 0x001CEC7C | 0x001CEC7C | 0x0000003C |
| GetClipboardData | - | 0x0052C3EC | 0x001CEC80 | 0x001CEC80 | 0x000000F2 |
| OpenClipboard | - | 0x0052C3F0 | 0x001CEC84 | 0x001CEC84 | 0x000001D3 |
| SetClipboardData | - | 0x0052C3F4 | 0x001CEC88 | 0x001CEC88 | 0x00000223 |
| EmptyClipboard | - | 0x0052C3F8 | 0x001CEC8C | 0x001CEC8C | 0x000000B4 |
| GetSystemMetrics | - | 0x0052C3FC | 0x001CEC90 | 0x001CEC90 | 0x00000146 |
| GetCursorPos | - | 0x0052C400 | 0x001CEC94 | 0x001CEC94 | 0x000000FC |
| MessageBoxA | - | 0x0052C404 | 0x001CEC98 | 0x001CEC98 | 0x000001BE |
| SetWindowPos | - | 0x0052C408 | 0x001CEC9C | 0x001CEC9C | 0x0000025B |
| SendMessageA | - | 0x0052C40C | 0x001CECA0 | 0x001CECA0 | 0x00000214 |
| DestroyCursor | - | 0x0052C410 | 0x001CECA4 | 0x001CECA4 | 0x0000008B |
| SetParent | - | 0x0052C414 | 0x001CECA8 | 0x001CECA8 | 0x0000023E |
| IsWindow | - | 0x0052C418 | 0x001CECAC | 0x001CECAC | 0x0000018F |
| PostMessageA | - | 0x0052C41C | 0x001CECB0 | 0x001CECB0 | 0x000001DE |
| GetTopWindow | - | 0x0052C420 | 0x001CECB4 | 0x001CECB4 | 0x0000014C |
| GetParent | - | 0x0052C424 | 0x001CECB8 | 0x001CECB8 | 0x00000135 |
| GetFocus | - | 0x0052C428 | 0x001CECBC | 0x001CECBC | 0x00000107 |
| GetClientRect | - | 0x0052C42C | 0x001CECC0 | 0x001CECC0 | 0x000000F0 |
| InvalidateRect | - | 0x0052C430 | 0x001CECC4 | 0x001CECC4 | 0x0000017A |
| ValidateRect | - | 0x0052C434 | 0x001CECC8 | 0x001CECC8 | 0x0000029A |
| UpdateWindow | - | 0x0052C438 | 0x001CECCC | 0x001CECCC | 0x00000291 |
| EqualRect | - | 0x0052C43C | 0x001CECD0 | 0x001CECD0 | 0x000000D1 |
| GetWindowRect | - | 0x0052C440 | 0x001CECD4 | 0x001CECD4 | 0x0000015C |
| SetForegroundWindow | - | 0x0052C444 | 0x001CECD8 | 0x001CECD8 | 0x00000230 |
| DestroyMenu | - | 0x0052C448 | 0x001CECDC | 0x001CECDC | 0x0000008D |
| IsChild | - | 0x0052C44C | 0x001CECE0 | 0x001CECE0 | 0x00000185 |
| ReleaseDC | - | 0x0052C450 | 0x001CECE4 | 0x001CECE4 | 0x00000203 |
| IsRectEmpty | - | 0x0052C454 | 0x001CECE8 | 0x001CECE8 | 0x0000018E |
| FillRect | - | 0x0052C458 | 0x001CECEC | 0x001CECEC | 0x000000D4 |
| GetDC | - | 0x0052C45C | 0x001CECF0 | 0x001CECF0 | 0x000000FD |
| SetCursor | - | 0x0052C460 | 0x001CECF4 | 0x001CECF4 | 0x00000226 |
| LoadCursorA | - | 0x0052C464 | 0x001CECF8 | 0x001CECF8 | 0x0000019A |
| SetCursorPos | - | 0x0052C468 | 0x001CECFC | 0x001CECFC | 0x00000228 |
| SetActiveWindow | - | 0x0052C46C | 0x001CED00 | 0x001CED00 | 0x0000021C |
| GetSysColor | - | 0x0052C470 | 0x001CED04 | 0x001CED04 | 0x00000143 |
| SetWindowLongA | - | 0x0052C474 | 0x001CED08 | 0x001CED08 | 0x00000258 |
| GetWindowLongA | - | 0x0052C478 | 0x001CED0C | 0x001CED0C | 0x00000156 |
| RedrawWindow | - | 0x0052C47C | 0x001CED10 | 0x001CED10 | 0x000001F1 |
| EnableWindow | - | 0x0052C480 | 0x001CED14 | 0x001CED14 | 0x000000B7 |
| IsWindowVisible | - | 0x0052C484 | 0x001CED18 | 0x001CED18 | 0x00000192 |
| OffsetRect | - | 0x0052C488 | 0x001CED1C | 0x001CED1C | 0x000001D2 |
| PtInRect | - | 0x0052C48C | 0x001CED20 | 0x001CED20 | 0x000001EA |
| DestroyIcon | - | 0x0052C490 | 0x001CED24 | 0x001CED24 | 0x0000008C |
| IntersectRect | - | 0x0052C494 | 0x001CED28 | 0x001CED28 | 0x00000179 |
| InflateRect | - | 0x0052C498 | 0x001CED2C | 0x001CED2C | 0x00000171 |
| SetRect | - | 0x0052C49C | 0x001CED30 | 0x001CED30 | 0x00000244 |
| SetScrollPos | - | 0x0052C4A0 | 0x001CED34 | 0x001CED34 | 0x00000247 |
| SetScrollRange | - | 0x0052C4A4 | 0x001CED38 | 0x001CED38 | 0x00000248 |
| GetScrollRange | - | 0x0052C4A8 | 0x001CED3C | 0x001CED3C | 0x00000140 |
| SetCapture | - | 0x0052C4AC | 0x001CED40 | 0x001CED40 | 0x0000021D |
| GetCapture | - | 0x0052C4B0 | 0x001CED44 | 0x001CED44 | 0x000000E4 |
| ReleaseCapture | - | 0x0052C4B4 | 0x001CED48 | 0x001CED48 | 0x00000202 |
| SetTimer | - | 0x0052C4B8 | 0x001CED4C | 0x001CED4C | 0x00000252 |
| KillTimer | - | 0x0052C4BC | 0x001CED50 | 0x001CED50 | 0x00000195 |
| GetForegroundWindow | - | 0x0052C4C0 | 0x001CED54 | 0x001CED54 | 0x00000108 |
| LoadIconA | - | 0x0052C4C4 | 0x001CED58 | 0x001CED58 | 0x0000019E |
| TranslateMessage | - | 0x0052C4C8 | 0x001CED5C | 0x001CED5C | 0x00000282 |
| DrawFrameControl | - | 0x0052C4CC | 0x001CED60 | 0x001CED60 | 0x000000A8 |
| DrawEdge | - | 0x0052C4D0 | 0x001CED64 | 0x001CED64 | 0x000000A5 |
| DrawFocusRect | - | 0x0052C4D4 | 0x001CED68 | 0x001CED68 | 0x000000A6 |
| WindowFromPoint | - | 0x0052C4D8 | 0x001CED6C | 0x001CED6C | 0x000002A9 |
| GetMessageA | - | 0x0052C4DC | 0x001CED70 | 0x001CED70 | 0x0000012A |
| DispatchMessageA | - | 0x0052C4E0 | 0x001CED74 | 0x001CED74 | 0x00000095 |
| SetRectEmpty | - | 0x0052C4E4 | 0x001CED78 | 0x001CED78 | 0x00000245 |
| RegisterClipboardFormatA | - | 0x0052C4E8 | 0x001CED7C | 0x001CED7C | 0x000001F6 |
| CreateIconFromResourceEx | - | 0x0052C4EC | 0x001CED80 | 0x001CED80 | 0x00000053 |
| CreateIconFromResource | - | 0x0052C4F0 | 0x001CED84 | 0x001CED84 | 0x00000052 |
| DrawIconEx | - | 0x0052C4F4 | 0x001CED88 | 0x001CED88 | 0x000000AA |
| CreatePopupMenu | - | 0x0052C4F8 | 0x001CED8C | 0x001CED8C | 0x00000058 |
| AppendMenuA | - | 0x0052C4FC | 0x001CED90 | 0x001CED90 | 0x00000007 |
| ModifyMenuA | - | 0x0052C500 | 0x001CED94 | 0x001CED94 | 0x000001C4 |
| CreateMenu | - | 0x0052C504 | 0x001CED98 | 0x001CED98 | 0x00000057 |
| CreateAcceleratorTableA | - | 0x0052C508 | 0x001CED9C | 0x001CED9C | 0x00000046 |
| GetDlgCtrlID | - | 0x0052C50C | 0x001CEDA0 | 0x001CEDA0 | 0x00000101 |
| GetSubMenu | - | 0x0052C510 | 0x001CEDA4 | 0x001CEDA4 | 0x00000142 |
| EnableMenuItem | - | 0x0052C514 | 0x001CEDA8 | 0x001CEDA8 | 0x000000B5 |
| ClientToScreen | - | 0x0052C518 | 0x001CEDAC | 0x001CEDAC | 0x0000003A |
| EnumDisplaySettingsA | - | 0x0052C51C | 0x001CEDB0 | 0x001CEDB0 | 0x000000C5 |
| LoadImageA | - | 0x0052C520 | 0x001CEDB4 | 0x001CEDB4 | 0x000001A0 |
| SystemParametersInfoA | - | 0x0052C524 | 0x001CEDB8 | 0x001CEDB8 | 0x00000271 |
| ShowWindow | - | 0x0052C528 | 0x001CEDBC | 0x001CEDBC | 0x0000026A |
| IsWindowEnabled | - | 0x0052C52C | 0x001CEDC0 | 0x001CEDC0 | 0x00000190 |
| TranslateAcceleratorA | - | 0x0052C530 | 0x001CEDC4 | 0x001CEDC4 | 0x0000027F |
| GetKeyState | - | 0x0052C534 | 0x001CEDC8 | 0x001CEDC8 | 0x00000112 |
| CopyAcceleratorTableA | - | 0x0052C538 | 0x001CEDCC | 0x001CEDCC | 0x00000040 |
| PostQuitMessage | - | 0x0052C53C | 0x001CEDD0 | 0x001CEDD0 | 0x000001E0 |
| IsZoomed | - | 0x0052C540 | 0x001CEDD4 | 0x001CEDD4 | 0x00000193 |
| GetClassInfoA | - | 0x0052C544 | 0x001CEDD8 | 0x001CEDD8 | 0x000000E7 |
| DefWindowProcA | - | 0x0052C548 | 0x001CEDDC | 0x001CEDDC | 0x00000084 |
| GetMenu | - | 0x0052C54C | 0x001CEDE0 | 0x001CEDE0 | 0x0000011C |
| SetMenu | - | 0x0052C550 | 0x001CEDE4 | 0x001CEDE4 | 0x00000235 |
| GetWindowTextA | - | 0x0052C554 | 0x001CEDE8 | 0x001CEDE8 | 0x0000015E |
| GetWindowTextLengthA | - | 0x0052C558 | 0x001CEDEC | 0x001CEDEC | 0x0000015F |
| CharUpperA | - | 0x0052C55C | 0x001CEDF0 | 0x001CEDF0 | 0x0000002F |
| GetWindowDC | - | 0x0052C560 | 0x001CEDF4 | 0x001CEDF4 | 0x00000154 |
| BeginPaint | - | 0x0052C564 | 0x001CEDF8 | 0x001CEDF8 | 0x0000000C |
| EndPaint | - | 0x0052C568 | 0x001CEDFC | 0x001CEDFC | 0x000000BB |
| TabbedTextOutA | - | 0x0052C56C | 0x001CEE00 | 0x001CEE00 | 0x00000273 |
| DrawTextA | - | 0x0052C570 | 0x001CEE04 | 0x001CEE04 | 0x000000AF |
| GrayStringA | - | 0x0052C574 | 0x001CEE08 | 0x001CEE08 | 0x00000164 |
| GetDlgItem | - | 0x0052C578 | 0x001CEE0C | 0x001CEE0C | 0x00000102 |
| DestroyWindow | - | 0x0052C57C | 0x001CEE10 | 0x001CEE10 | 0x0000008E |
| CreateDialogIndirectParamA | - | 0x0052C580 | 0x001CEE14 | 0x001CEE14 | 0x0000004C |
| EndDialog | - | 0x0052C584 | 0x001CEE18 | 0x001CEE18 | 0x000000B9 |
| GetNextDlgTabItem | - | 0x0052C588 | 0x001CEE1C | 0x001CEE1C | 0x00000133 |
| GetWindowPlacement | - | 0x0052C58C | 0x001CEE20 | 0x001CEE20 | 0x0000015B |
| RegisterWindowMessageA | - | 0x0052C590 | 0x001CEE24 | 0x001CEE24 | 0x00000200 |
| GetLastActivePopup | - | 0x0052C594 | 0x001CEE28 | 0x001CEE28 | 0x00000119 |
| GetMessageTime | - | 0x0052C598 | 0x001CEE2C | 0x001CEE2C | 0x0000012D |
| RemovePropA | - | 0x0052C59C | 0x001CEE30 | 0x001CEE30 | 0x00000205 |
| CallWindowProcA | - | 0x0052C5A0 | 0x001CEE34 | 0x001CEE34 | 0x00000016 |
| GetPropA | - | 0x0052C5A4 | 0x001CEE38 | 0x001CEE38 | 0x0000013A |
| UnhookWindowsHookEx | - | 0x0052C5A8 | 0x001CEE3C | 0x001CEE3C | 0x00000286 |
| SetPropA | - | 0x0052C5AC | 0x001CEE40 | 0x001CEE40 | 0x00000242 |
| GetClassLongA | - | 0x0052C5B0 | 0x001CEE44 | 0x001CEE44 | 0x000000EB |
| CallNextHookEx | - | 0x0052C5B4 | 0x001CEE48 | 0x001CEE48 | 0x00000015 |
| SetWindowsHookExA | - | 0x0052C5B8 | 0x001CEE4C | 0x001CEE4C | 0x00000262 |
| CreateWindowExA | - | 0x0052C5BC | 0x001CEE50 | 0x001CEE50 | 0x00000059 |
| GetMenuItemID | - | 0x0052C5C0 | 0x001CEE54 | 0x001CEE54 | 0x00000123 |
| GetMenuItemCount | - | 0x0052C5C4 | 0x001CEE58 | 0x001CEE58 | 0x00000122 |
| UnregisterClassA | - | 0x0052C5C8 | 0x001CEE5C | 0x001CEE5C | 0x0000028B |
| GetScrollPos | - | 0x0052C5CC | 0x001CEE60 | 0x001CEE60 | 0x0000013F |
| AdjustWindowRectEx | - | 0x0052C5D0 | 0x001CEE64 | 0x001CEE64 | 0x00000002 |
| MapWindowPoints | - | 0x0052C5D4 | 0x001CEE68 | 0x001CEE68 | 0x000001B9 |
| SendDlgItemMessageA | - | 0x0052C5D8 | 0x001CEE6C | 0x001CEE6C | 0x0000020F |
| ScrollWindowEx | - | 0x0052C5DC | 0x001CEE70 | 0x001CEE70 | 0x0000020E |
| IsDialogMessageA | - | 0x0052C5E0 | 0x001CEE74 | 0x001CEE74 | 0x00000188 |
| SetWindowTextA | - | 0x0052C5E4 | 0x001CEE78 | 0x001CEE78 | 0x0000025E |
| MoveWindow | - | 0x0052C5E8 | 0x001CEE7C | 0x001CEE7C | 0x000001C9 |
| CheckMenuItem | - | 0x0052C5EC | 0x001CEE80 | 0x001CEE80 | 0x00000034 |
| SetMenuItemBitmaps | - | 0x0052C5F0 | 0x001CEE84 | 0x001CEE84 | 0x00000239 |
| GetMenuState | - | 0x0052C5F4 | 0x001CEE88 | 0x001CEE88 | 0x00000127 |
| GetMenuCheckMarkDimensions | - | 0x0052C5F8 | 0x001CEE8C | 0x001CEE8C | 0x0000011E |
| GetClassNameA | - | 0x0052C5FC | 0x001CEE90 | 0x001CEE90 | 0x000000ED |
| GetDesktopWindow | - | 0x0052C600 | 0x001CEE94 | 0x001CEE94 | 0x000000FF |
| LoadStringA | - | 0x0052C604 | 0x001CEE98 | 0x001CEE98 | 0x000001AB |
| GetSysColorBrush | - | 0x0052C608 | 0x001CEE9C | 0x001CEE9C | 0x00000144 |
| PeekMessageA | - | 0x0052C60C | 0x001CEEA0 | 0x001CEEA0 | 0x000001DC |
| IsIconic | - | 0x0052C610 | 0x001CEEA4 | 0x001CEEA4 | 0x0000018C |
| SetFocus | - | 0x0052C614 | 0x001CEEA8 | 0x001CEEA8 | 0x0000022F |
| GetActiveWindow | - | 0x0052C618 | 0x001CEEAC | 0x001CEEAC | 0x000000DD |
| GetWindow | - | 0x0052C61C | 0x001CEEB0 | 0x001CEEB0 | 0x00000152 |
| DestroyAcceleratorTable | - | 0x0052C620 | 0x001CEEB4 | 0x001CEEB4 | 0x00000089 |
| SetWindowRgn | - | 0x0052C624 | 0x001CEEB8 | 0x001CEEB8 | 0x0000025C |
| GetMessagePos | - | 0x0052C628 | 0x001CEEBC | 0x001CEEBC | 0x0000012C |
| ScreenToClient | - | 0x0052C62C | 0x001CEEC0 | 0x001CEEC0 | 0x0000020A |
| ChildWindowFromPointEx | - | 0x0052C630 | 0x001CEEC4 | 0x001CEEC4 | 0x00000038 |
| CopyRect | - | 0x0052C634 | 0x001CEEC8 | 0x001CEEC8 | 0x00000044 |
| LoadBitmapA | - | 0x0052C638 | 0x001CEECC | 0x001CEECC | 0x00000198 |
| WinHelpA | - | 0x0052C63C | 0x001CEED0 | 0x001CEED0 | 0x000002A6 |
GDI32.dll (82)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SelectClipRgn | - | 0x0052C030 | 0x001CE8C4 | 0x001CE8C4 | 0x000001C5 |
| DeleteObject | - | 0x0052C034 | 0x001CE8C8 | 0x001CE8C8 | 0x00000053 |
| CreateDIBitmap | - | 0x0052C038 | 0x001CE8CC | 0x001CE8CC | 0x00000030 |
| GetSystemPaletteEntries | - | 0x0052C03C | 0x001CE8D0 | 0x001CE8D0 | 0x00000163 |
| CreatePalette | - | 0x0052C040 | 0x001CE8D4 | 0x001CE8D4 | 0x00000042 |
| StretchBlt | - | 0x0052C044 | 0x001CE8D8 | 0x001CE8D8 | 0x00000200 |
| SelectPalette | - | 0x0052C048 | 0x001CE8DC | 0x001CE8DC | 0x000001C8 |
| RealizePalette | - | 0x0052C04C | 0x001CE8E0 | 0x001CE8E0 | 0x000001AC |
| GetDIBits | - | 0x0052C050 | 0x001CE8E4 | 0x001CE8E4 | 0x00000124 |
| GetWindowExtEx | - | 0x0052C054 | 0x001CE8E8 | 0x001CE8E8 | 0x0000017B |
| GetViewportOrgEx | - | 0x0052C058 | 0x001CE8EC | 0x001CE8EC | 0x00000179 |
| GetWindowOrgEx | - | 0x0052C05C | 0x001CE8F0 | 0x001CE8F0 | 0x0000017C |
| BeginPath | - | 0x0052C060 | 0x001CE8F4 | 0x001CE8F4 | 0x00000010 |
| EndPath | - | 0x0052C064 | 0x001CE8F8 | 0x001CE8F8 | 0x0000005D |
| PathToRegion | - | 0x0052C068 | 0x001CE8FC | 0x001CE8FC | 0x00000195 |
| CreateEllipticRgn | - | 0x0052C06C | 0x001CE900 | 0x001CE900 | 0x00000032 |
| CreateRoundRectRgn | - | 0x0052C070 | 0x001CE904 | 0x001CE904 | 0x0000004A |
| GetTextColor | - | 0x0052C074 | 0x001CE908 | 0x001CE908 | 0x00000169 |
| GetBkMode | - | 0x0052C078 | 0x001CE90C | 0x001CE90C | 0x00000108 |
| GetBkColor | - | 0x0052C07C | 0x001CE910 | 0x001CE910 | 0x00000107 |
| GetROP2 | - | 0x0052C080 | 0x001CE914 | 0x001CE914 | 0x00000159 |
| GetStretchBltMode | - | 0x0052C084 | 0x001CE918 | 0x001CE918 | 0x00000160 |
| GetPolyFillMode | - | 0x0052C088 | 0x001CE91C | 0x001CE91C | 0x00000158 |
| CreateCompatibleBitmap | - | 0x0052C08C | 0x001CE920 | 0x001CE920 | 0x00000029 |
| CreateDCA | - | 0x0052C090 | 0x001CE924 | 0x001CE924 | 0x0000002B |
| CreateBitmap | - | 0x0052C094 | 0x001CE928 | 0x001CE928 | 0x00000024 |
| SelectObject | - | 0x0052C098 | 0x001CE92C | 0x001CE92C | 0x000001C7 |
| CreatePen | - | 0x0052C09C | 0x001CE930 | 0x001CE930 | 0x00000044 |
| PatBlt | - | 0x0052C0A0 | 0x001CE934 | 0x001CE934 | 0x00000194 |
| CombineRgn | - | 0x0052C0A4 | 0x001CE938 | 0x001CE938 | 0x0000001E |
| CreateRectRgn | - | 0x0052C0A8 | 0x001CE93C | 0x001CE93C | 0x00000048 |
| FillRgn | - | 0x0052C0AC | 0x001CE940 | 0x001CE940 | 0x000000A8 |
| CreatePolygonRgn | - | 0x0052C0B0 | 0x001CE944 | 0x001CE944 | 0x00000047 |
| CreateFontIndirectA | - | 0x0052C0B4 | 0x001CE948 | 0x001CE948 | 0x00000037 |
| GetStockObject | - | 0x0052C0B8 | 0x001CE94C | 0x001CE94C | 0x0000015F |
| GetObjectA | - | 0x0052C0BC | 0x001CE950 | 0x001CE950 | 0x0000014F |
| EndPage | - | 0x0052C0C0 | 0x001CE954 | 0x001CE954 | 0x0000005C |
| EndDoc | - | 0x0052C0C4 | 0x001CE958 | 0x001CE958 | 0x0000005A |
| DeleteDC | - | 0x0052C0C8 | 0x001CE95C | 0x001CE95C | 0x00000050 |
| StartDocA | - | 0x0052C0CC | 0x001CE960 | 0x001CE960 | 0x000001FC |
| StartPage | - | 0x0052C0D0 | 0x001CE964 | 0x001CE964 | 0x000001FF |
| BitBlt | - | 0x0052C0D4 | 0x001CE968 | 0x001CE968 | 0x00000011 |
| CreateCompatibleDC | - | 0x0052C0D8 | 0x001CE96C | 0x001CE96C | 0x0000002A |
| Ellipse | - | 0x0052C0DC | 0x001CE970 | 0x001CE970 | 0x00000058 |
| Rectangle | - | 0x0052C0E0 | 0x001CE974 | 0x001CE974 | 0x000001AF |
| LPtoDP | - | 0x0052C0E4 | 0x001CE978 | 0x001CE978 | 0x00000182 |
| DPtoLP | - | 0x0052C0E8 | 0x001CE97C | 0x001CE97C | 0x0000004E |
| GetCurrentObject | - | 0x0052C0EC | 0x001CE980 | 0x001CE980 | 0x0000011E |
| RoundRect | - | 0x0052C0F0 | 0x001CE984 | 0x001CE984 | 0x000001BA |
| GetTextExtentPoint32A | - | 0x0052C0F4 | 0x001CE988 | 0x001CE988 | 0x0000016E |
| GetDeviceCaps | - | 0x0052C0F8 | 0x001CE98C | 0x001CE98C | 0x00000125 |
| SaveDC | - | 0x0052C0FC | 0x001CE990 | 0x001CE990 | 0x000001C0 |
| RestoreDC | - | 0x0052C100 | 0x001CE994 | 0x001CE994 | 0x000001B9 |
| SetBkMode | - | 0x0052C104 | 0x001CE998 | 0x001CE998 | 0x000001CE |
| SetPolyFillMode | - | 0x0052C108 | 0x001CE99C | 0x001CE99C | 0x000001EB |
| SetROP2 | - | 0x0052C10C | 0x001CE9A0 | 0x001CE9A0 | 0x000001EC |
| SetTextColor | - | 0x0052C110 | 0x001CE9A4 | 0x001CE9A4 | 0x000001F3 |
| SetMapMode | - | 0x0052C114 | 0x001CE9A8 | 0x001CE9A8 | 0x000001E2 |
| SetViewportOrgEx | - | 0x0052C118 | 0x001CE9AC | 0x001CE9AC | 0x000001F6 |
| OffsetViewportOrgEx | - | 0x0052C11C | 0x001CE9B0 | 0x001CE9B0 | 0x0000018C |
| SetViewportExtEx | - | 0x0052C120 | 0x001CE9B4 | 0x001CE9B4 | 0x000001F5 |
| ScaleViewportExtEx | - | 0x0052C124 | 0x001CE9B8 | 0x001CE9B8 | 0x000001C1 |
| SetWindowOrgEx | - | 0x0052C128 | 0x001CE9BC | 0x001CE9BC | 0x000001FA |
| SetWindowExtEx | - | 0x0052C12C | 0x001CE9C0 | 0x001CE9C0 | 0x000001F9 |
| ScaleWindowExtEx | - | 0x0052C130 | 0x001CE9C4 | 0x001CE9C4 | 0x000001C2 |
| GetClipBox | - | 0x0052C134 | 0x001CE9C8 | 0x001CE9C8 | 0x0000011A |
| ExcludeClipRect | - | 0x0052C138 | 0x001CE9CC | 0x001CE9CC | 0x00000098 |
| MoveToEx | - | 0x0052C13C | 0x001CE9D0 | 0x001CE9D0 | 0x00000188 |
| LineTo | - | 0x0052C140 | 0x001CE9D4 | 0x001CE9D4 | 0x00000184 |
| GetClipRgn | - | 0x0052C144 | 0x001CE9D8 | 0x001CE9D8 | 0x0000011B |
| SetStretchBltMode | - | 0x0052C148 | 0x001CE9DC | 0x001CE9DC | 0x000001EF |
| CreateRectRgnIndirect | - | 0x0052C14C | 0x001CE9E0 | 0x001CE9E0 | 0x00000049 |
| SetBkColor | - | 0x0052C150 | 0x001CE9E4 | 0x001CE9E4 | 0x000001CD |
| CreateSolidBrush | - | 0x0052C154 | 0x001CE9E8 | 0x001CE9E8 | 0x0000004D |
| GetTextMetricsA | - | 0x0052C158 | 0x001CE9EC | 0x001CE9EC | 0x00000175 |
| Escape | - | 0x0052C15C | 0x001CE9F0 | 0x001CE9F0 | 0x00000095 |
| ExtTextOutA | - | 0x0052C160 | 0x001CE9F4 | 0x001CE9F4 | 0x0000009E |
| TextOutA | - | 0x0052C164 | 0x001CE9F8 | 0x001CE9F8 | 0x00000205 |
| RectVisible | - | 0x0052C168 | 0x001CE9FC | 0x001CE9FC | 0x000001AE |
| PtVisible | - | 0x0052C16C | 0x001CEA00 | 0x001CEA00 | 0x000001AA |
| GetViewportExtEx | - | 0x0052C170 | 0x001CEA04 | 0x001CEA04 | 0x00000178 |
| ExtSelectClipRgn | - | 0x0052C174 | 0x001CEA08 | 0x001CEA08 | 0x0000009D |
WINMM.dll (17)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| midiStreamRestart | - | 0x0052C644 | 0x001CEED8 | 0x001CEED8 | 0x00000063 |
| midiStreamClose | - | 0x0052C648 | 0x001CEEDC | 0x001CEEDC | 0x0000005D |
| midiOutReset | - | 0x0052C64C | 0x001CEEE0 | 0x001CEEE0 | 0x00000059 |
| midiStreamStop | - | 0x0052C650 | 0x001CEEE4 | 0x001CEEE4 | 0x00000064 |
| midiStreamOut | - | 0x0052C654 | 0x001CEEE8 | 0x001CEEE8 | 0x0000005F |
| midiOutPrepareHeader | - | 0x0052C658 | 0x001CEEEC | 0x001CEEEC | 0x00000058 |
| midiStreamProperty | - | 0x0052C65C | 0x001CEEF0 | 0x001CEEF0 | 0x00000062 |
| midiStreamOpen | - | 0x0052C660 | 0x001CEEF4 | 0x001CEEF4 | 0x0000005E |
| midiOutUnprepareHeader | - | 0x0052C664 | 0x001CEEF8 | 0x001CEEF8 | 0x0000005C |
| waveOutOpen | - | 0x0052C668 | 0x001CEEFC | 0x001CEEFC | 0x000000B8 |
| waveOutGetNumDevs | - | 0x0052C66C | 0x001CEF00 | 0x001CEF00 | 0x000000B2 |
| waveOutClose | - | 0x0052C670 | 0x001CEF04 | 0x001CEF04 | 0x000000AC |
| waveOutReset | - | 0x0052C674 | 0x001CEF08 | 0x001CEF08 | 0x000000BB |
| waveOutPause | - | 0x0052C678 | 0x001CEF0C | 0x001CEF0C | 0x000000B9 |
| waveOutWrite | - | 0x0052C67C | 0x001CEF10 | 0x001CEF10 | 0x000000C1 |
| waveOutPrepareHeader | - | 0x0052C680 | 0x001CEF14 | 0x001CEF14 | 0x000000BA |
| waveOutUnprepareHeader | - | 0x0052C684 | 0x001CEF18 | 0x001CEF18 | 0x000000C0 |
WINSPOOL.DRV (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ClosePrinter | - | 0x0052C68C | 0x001CEF20 | 0x001CEF20 | 0x0000001C |
| DocumentPropertiesA | - | 0x0052C690 | 0x001CEF24 | 0x001CEF24 | 0x00000047 |
| OpenPrinterA | - | 0x0052C694 | 0x001CEF28 | 0x001CEF28 | 0x0000007C |
ADVAPI32.dll (8)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegCloseKey | - | 0x0052C000 | 0x001CE894 | 0x001CE894 | 0x0000015B |
| RegOpenKeyExA | - | 0x0052C004 | 0x001CE898 | 0x001CE898 | 0x00000172 |
| RegSetValueExA | - | 0x0052C008 | 0x001CE89C | 0x001CE89C | 0x00000186 |
| RegQueryValueA | - | 0x0052C00C | 0x001CE8A0 | 0x001CE8A0 | 0x0000017A |
| RegDeleteKeyA | - | 0x0052C010 | 0x001CE8A4 | 0x001CE8A4 | 0x00000162 |
| RegDeleteValueA | - | 0x0052C014 | 0x001CE8A8 | 0x001CE8A8 | 0x00000164 |
| RegCreateKeyA | - | 0x0052C018 | 0x001CE8AC | 0x001CE8AC | 0x0000015E |
| RegCreateKeyExA | - | 0x0052C01C | 0x001CE8B0 | 0x001CE8B0 | 0x0000015F |
SHELL32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ShellExecuteA | - | 0x0052C3CC | 0x001CEC60 | 0x001CEC60 | 0x00000072 |
| Shell_NotifyIconA | - | 0x0052C3D0 | 0x001CEC64 | 0x001CEC64 | 0x00000079 |
| SHGetSpecialFolderPathA | - | 0x0052C3D4 | 0x001CEC68 | 0x001CEC68 | 0x00000054 |
ole32.dll (6)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CLSIDFromProgID | - | 0x0052C6D8 | 0x001CEF6C | 0x001CEF6C | 0x00000005 |
| OleInitialize | - | 0x0052C6DC | 0x001CEF70 | 0x001CEF70 | 0x000000C9 |
| OleUninitialize | - | 0x0052C6E0 | 0x001CEF74 | 0x001CEF74 | 0x000000E0 |
| CLSIDFromString | - | 0x0052C6E4 | 0x001CEF78 | 0x001CEF78 | 0x00000006 |
| CoCreateInstance | - | 0x0052C6E8 | 0x001CEF7C | 0x001CEF7C | 0x0000000D |
| OleRun | - | 0x0052C6EC | 0x001CEF80 | 0x001CEF80 | 0x000000D8 |
OLEAUT32.dll (9)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| VariantClear | 0x00000009 | 0x0052C3A4 | 0x001CEC38 | 0x001CEC38 | - |
| VariantChangeType | 0x0000000C | 0x0052C3A8 | 0x001CEC3C | 0x001CEC3C | - |
| VariantCopyInd | 0x0000000B | 0x0052C3AC | 0x001CEC40 | 0x001CEC40 | - |
| VariantInit | 0x00000008 | 0x0052C3B0 | 0x001CEC44 | 0x001CEC44 | - |
| SysAllocString | 0x00000002 | 0x0052C3B4 | 0x001CEC48 | 0x001CEC48 | - |
| RegisterTypeLib | 0x000000A3 | 0x0052C3B8 | 0x001CEC4C | 0x001CEC4C | - |
| LHashValOfNameSys | 0x000000A5 | 0x0052C3BC | 0x001CEC50 | 0x001CEC50 | - |
| LoadTypeLib | 0x000000A1 | 0x0052C3C0 | 0x001CEC54 | 0x001CEC54 | - |
| UnRegisterTypeLib | 0x000000BA | 0x0052C3C4 | 0x001CEC58 | 0x001CEC58 | - |
COMCTL32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ImageList_Destroy | - | 0x0052C024 | 0x001CE8B8 | 0x001CE8B8 | 0x00000022 |
| None | 0x00000011 | 0x0052C028 | 0x001CE8BC | 0x001CE8BC | - |
WS2_32.dll (9)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| recvfrom | 0x00000011 | 0x0052C69C | 0x001CEF30 | 0x001CEF30 | - |
| ioctlsocket | 0x0000000A | 0x0052C6A0 | 0x001CEF34 | 0x001CEF34 | - |
| recv | 0x00000010 | 0x0052C6A4 | 0x001CEF38 | 0x001CEF38 | - |
| getpeername | 0x00000005 | 0x0052C6A8 | 0x001CEF3C | 0x001CEF3C | - |
| accept | 0x00000001 | 0x0052C6AC | 0x001CEF40 | 0x001CEF40 | - |
| WSAAsyncSelect | 0x00000065 | 0x0052C6B0 | 0x001CEF44 | 0x001CEF44 | - |
| closesocket | 0x00000003 | 0x0052C6B4 | 0x001CEF48 | 0x001CEF48 | - |
| inet_ntoa | 0x0000000C | 0x0052C6B8 | 0x001CEF4C | 0x001CEF4C | - |
| WSACleanup | 0x00000074 | 0x0052C6BC | 0x001CEF50 | 0x001CEF50 | - |
comdlg32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetFileTitleA | - | 0x0052C6C4 | 0x001CEF58 | 0x001CEF58 | 0x00000007 |
| GetSaveFileNameA | - | 0x0052C6C8 | 0x001CEF5C | 0x001CEF5C | 0x0000000B |
| GetOpenFileNameA | - | 0x0052C6CC | 0x001CEF60 | 0x001CEF60 | 0x00000009 |
| ChooseColorA | - | 0x0052C6D0 | 0x001CEF64 | 0x001CEF64 | 0x00000000 |
Memory Dumps (38)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 22f97692b5a0fea40c782129a0ec53ae.exe | 1 | 0x00400000 | 0x00603FFF | Relevant Image |
|
32-bit | 0x005120F7 |
|
...
|
| ntdll.dll | 1 | 0x773F0000 | 0x77591FFF | First Execution |
|
32-bit | 0x77461160 |
|
...
|
| buffer | 1 | 0x022C0000 | 0x022C0FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04360000 | 0x04395FFF | First Execution |
|
32-bit | 0x04394340 |
|
...
|
| buffer | 1 | 0x04360000 | 0x04395FFF | Content Changed |
|
32-bit | 0x0437D770 |
|
...
|
| buffer | 1 | 0x04360000 | 0x04395FFF | Content Changed |
|
32-bit | 0x04380CE0 |
|
...
|
| buffer | 1 | 0x04360000 | 0x04395FFF | Content Changed |
|
32-bit | 0x04361E36 |
|
...
|
| buffer | 1 | 0x022C0000 | 0x022C0FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04360000 | 0x04395FFF | Content Changed |
|
32-bit | 0x0436A79D |
|
...
|
| buffer | 1 | 0x04360000 | 0x04395FFF | Content Changed |
|
32-bit | 0x04381A50 |
|
...
|
| buffer | 1 | 0x04360000 | 0x04395FFF | Content Changed |
|
32-bit | 0x0437BD9D |
|
...
|
| buffer | 1 | 0x04360000 | 0x04395FFF | Content Changed |
|
32-bit | 0x0437C000 |
|
...
|
| buffer | 1 | 0x04360000 | 0x04395FFF | Content Changed |
|
32-bit | 0x0437ECB0 |
|
...
|
| buffer | 1 | 0x022C0000 | 0x022C0FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04360000 | 0x04395FFF | Content Changed |
|
32-bit | 0x0436BD15 |
|
...
|
| buffer | 1 | 0x043E0000 | 0x043E0FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x043F0000 | 0x04402FFF | First Execution |
|
32-bit | 0x043FA146 |
|
...
|
| buffer | 1 | 0x043E0000 | 0x043E0FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x045F0000 | 0x045F0FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x045F0000 | 0x045F0FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x043F0000 | 0x04402FFF | Content Changed |
|
32-bit | 0x043F9080 |
|
...
|
| buffer | 1 | 0x045F0000 | 0x045F0FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04640000 | 0x04640FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04640000 | 0x04640FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04640000 | 0x04640FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04650000 | 0x04650FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04650000 | 0x04650FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04650000 | 0x04650FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04650000 | 0x04650FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x043F0000 | 0x04402FFF | Content Changed |
|
32-bit | 0x043F9080 |
|
...
|
| buffer | 1 | 0x04650000 | 0x04650FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04650000 | 0x04650FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04650000 | 0x04650FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04660000 | 0x04660FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x06FA0000 | 0x06FA0FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x071D0000 | 0x071D0FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x06F90000 | 0x06F90FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x03F71020 | 0x0415CAB0 | Image In Buffer |
|
32-bit | - |
|
...
|
| C:\Users\OqXZRaykm\Desktop\22f97692b5a0fea40c782129a0ec53ae.exe | Dropped File | Binary |
Clean
|
...
|
»
| Also Known As |
22f97692b5a0fea40c782129a0ec53ae.exe (Accessed File)
|
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 1.92 MB |
| MD5 |
6b134131ec6007fb5f5a181c9d652a04
|
| SHA1 |
0b064a4b98a9cc6f55eabe9878f30cf3c3336a02
|
| SHA256 |
5e3b21d1398934a4121b7c9aa4cf50ade1bfc526bdbf72264b552b72690c800e
|
| SSDeep |
24576:D2ZW1SXtpmUwWIkFSHgd4DOgPjaCsTRGbhbqs2jCZQotr7PoHWX3ANhkWKOh/FwG:D2Zn2+1Fbd4NnsmhbB2HM7OuoN
|
| ImpHash |
136e11a1cb5b983376a7137406d0f03b
|
PE Information
»
| Image Base | 0x00400000 |
| Entry Point | 0x0050D0A8 |
| Size Of Code | 0x0012B000 |
| Size Of Initialized Data | 0x000D8000 |
| File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 2020-02-24 07:14 (UTC) |
Sections (4)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00401000 | 0x0012AB36 | 0x0012B000 | 0x00001000 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.37 |
| .rdata | 0x0052C000 | 0x000A4B86 | 0x000A5000 | 0x0012C000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.93 |
| .data | 0x005D1000 | 0x0002CDC8 | 0x00014000 | 0x001D1000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.92 |
| .rsrc | 0x005FE000 | 0x00005D10 | 0x00006000 | 0x001E5000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.89 |
Imports (12)
»
KERNEL32.dll (137)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SetEndOfFile | - | 0x0052C17C | 0x001CEA10 | 0x001CEA10 | 0x00000261 |
| UnlockFile | - | 0x0052C180 | 0x001CEA14 | 0x001CEA14 | 0x000002AE |
| LockFile | - | 0x0052C184 | 0x001CEA18 | 0x001CEA18 | 0x000001D3 |
| FlushFileBuffers | - | 0x0052C188 | 0x001CEA1C | 0x001CEA1C | 0x000000AA |
| SetFilePointer | - | 0x0052C18C | 0x001CEA20 | 0x001CEA20 | 0x0000026A |
| DuplicateHandle | - | 0x0052C190 | 0x001CEA24 | 0x001CEA24 | 0x00000063 |
| lstrcpynA | - | 0x0052C194 | 0x001CEA28 | 0x001CEA28 | 0x00000305 |
| SetLastError | - | 0x0052C198 | 0x001CEA2C | 0x001CEA2C | 0x00000271 |
| FileTimeToLocalFileTime | - | 0x0052C19C | 0x001CEA30 | 0x001CEA30 | 0x00000089 |
| FileTimeToSystemTime | - | 0x0052C1A0 | 0x001CEA34 | 0x001CEA34 | 0x0000008A |
| LocalFree | - | 0x0052C1A4 | 0x001CEA38 | 0x001CEA38 | 0x000001CC |
| InterlockedDecrement | - | 0x0052C1A8 | 0x001CEA3C | 0x001CEA3C | 0x000001AD |
| GetCurrentProcess | - | 0x0052C1AC | 0x001CEA40 | 0x001CEA40 | 0x000000F7 |
| GetWindowsDirectoryA | - | 0x0052C1B0 | 0x001CEA44 | 0x001CEA44 | 0x0000017D |
| GetSystemDirectoryA | - | 0x0052C1B4 | 0x001CEA48 | 0x001CEA48 | 0x00000159 |
| CreateSemaphoreA | - | 0x0052C1B8 | 0x001CEA4C | 0x001CEA4C | 0x00000047 |
| ResumeThread | - | 0x0052C1BC | 0x001CEA50 | 0x001CEA50 | 0x0000022C |
| ReleaseSemaphore | - | 0x0052C1C0 | 0x001CEA54 | 0x001CEA54 | 0x00000226 |
| EnterCriticalSection | - | 0x0052C1C4 | 0x001CEA58 | 0x001CEA58 | 0x00000066 |
| LeaveCriticalSection | - | 0x0052C1C8 | 0x001CEA5C | 0x001CEA5C | 0x000001C1 |
| GetProfileStringA | - | 0x0052C1CC | 0x001CEA60 | 0x001CEA60 | 0x0000014B |
| SetStdHandle | - | 0x0052C1D0 | 0x001CEA64 | 0x001CEA64 | 0x0000027C |
| IsBadCodePtr | - | 0x0052C1D4 | 0x001CEA68 | 0x001CEA68 | 0x000001B2 |
| IsBadReadPtr | - | 0x0052C1D8 | 0x001CEA6C | 0x001CEA6C | 0x000001B5 |
| CompareStringW | - | 0x0052C1DC | 0x001CEA70 | 0x001CEA70 | 0x00000022 |
| CompareStringA | - | 0x0052C1E0 | 0x001CEA74 | 0x001CEA74 | 0x00000021 |
| SetUnhandledExceptionFilter | - | 0x0052C1E4 | 0x001CEA78 | 0x001CEA78 | 0x0000028B |
| GetStringTypeW | - | 0x0052C1E8 | 0x001CEA7C | 0x001CEA7C | 0x00000156 |
| GetStringTypeA | - | 0x0052C1EC | 0x001CEA80 | 0x001CEA80 | 0x00000153 |
| IsBadWritePtr | - | 0x0052C1F0 | 0x001CEA84 | 0x001CEA84 | 0x000001B8 |
| VirtualAlloc | - | 0x0052C1F4 | 0x001CEA88 | 0x001CEA88 | 0x000002BB |
| LCMapStringW | - | 0x0052C1F8 | 0x001CEA8C | 0x001CEA8C | 0x000001C0 |
| LCMapStringA | - | 0x0052C1FC | 0x001CEA90 | 0x001CEA90 | 0x000001BF |
| SetEnvironmentVariableA | - | 0x0052C200 | 0x001CEA94 | 0x001CEA94 | 0x00000262 |
| VirtualFree | - | 0x0052C204 | 0x001CEA98 | 0x001CEA98 | 0x000002BF |
| HeapCreate | - | 0x0052C208 | 0x001CEA9C | 0x001CEA9C | 0x0000019B |
| HeapDestroy | - | 0x0052C20C | 0x001CEAA0 | 0x001CEAA0 | 0x0000019D |
| GetEnvironmentVariableA | - | 0x0052C210 | 0x001CEAA4 | 0x001CEAA4 | 0x00000109 |
| GetFileType | - | 0x0052C214 | 0x001CEAA8 | 0x001CEAA8 | 0x00000115 |
| GetStdHandle | - | 0x0052C218 | 0x001CEAAC | 0x001CEAAC | 0x00000152 |
| SetHandleCount | - | 0x0052C21C | 0x001CEAB0 | 0x001CEAB0 | 0x0000026D |
| GetEnvironmentStringsW | - | 0x0052C220 | 0x001CEAB4 | 0x001CEAB4 | 0x00000108 |
| GetEnvironmentStrings | - | 0x0052C224 | 0x001CEAB8 | 0x001CEAB8 | 0x00000106 |
| FreeEnvironmentStringsW | - | 0x0052C228 | 0x001CEABC | 0x001CEABC | 0x000000B3 |
| FreeEnvironmentStringsA | - | 0x0052C22C | 0x001CEAC0 | 0x001CEAC0 | 0x000000B2 |
| UnhandledExceptionFilter | - | 0x0052C230 | 0x001CEAC4 | 0x001CEAC4 | 0x000002AD |
| GetACP | - | 0x0052C234 | 0x001CEAC8 | 0x001CEAC8 | 0x000000B9 |
| HeapSize | - | 0x0052C238 | 0x001CEACC | 0x001CEACC | 0x000001A3 |
| TerminateProcess | - | 0x0052C23C | 0x001CEAD0 | 0x001CEAD0 | 0x0000029E |
| GetLocalTime | - | 0x0052C240 | 0x001CEAD4 | 0x001CEAD4 | 0x0000011B |
| GetSystemTime | - | 0x0052C244 | 0x001CEAD8 | 0x001CEAD8 | 0x0000015D |
| GetTimeZoneInformation | - | 0x0052C248 | 0x001CEADC | 0x001CEADC | 0x00000170 |
| RaiseException | - | 0x0052C24C | 0x001CEAE0 | 0x001CEAE0 | 0x0000020B |
| WriteFile | - | 0x0052C250 | 0x001CEAE4 | 0x001CEAE4 | 0x000002DF |
| WaitForMultipleObjects | - | 0x0052C254 | 0x001CEAE8 | 0x001CEAE8 | 0x000002CC |
| CreateFileA | - | 0x0052C258 | 0x001CEAEC | 0x001CEAEC | 0x00000034 |
| SetEvent | - | 0x0052C25C | 0x001CEAF0 | 0x001CEAF0 | 0x00000265 |
| FindResourceA | - | 0x0052C260 | 0x001CEAF4 | 0x001CEAF4 | 0x000000A3 |
| LoadResource | - | 0x0052C264 | 0x001CEAF8 | 0x001CEAF8 | 0x000001C7 |
| LockResource | - | 0x0052C268 | 0x001CEAFC | 0x001CEAFC | 0x000001D5 |
| ReadFile | - | 0x0052C26C | 0x001CEB00 | 0x001CEB00 | 0x00000218 |
| lstrlenW | - | 0x0052C270 | 0x001CEB04 | 0x001CEB04 | 0x00000309 |
| RemoveDirectoryA | - | 0x0052C274 | 0x001CEB08 | 0x001CEB08 | 0x00000227 |
| GetModuleFileNameA | - | 0x0052C278 | 0x001CEB0C | 0x001CEB0C | 0x00000124 |
| WideCharToMultiByte | - | 0x0052C27C | 0x001CEB10 | 0x001CEB10 | 0x000002D2 |
| MultiByteToWideChar | - | 0x0052C280 | 0x001CEB14 | 0x001CEB14 | 0x000001E4 |
| GetCurrentThreadId | - | 0x0052C284 | 0x001CEB18 | 0x001CEB18 | 0x000000FA |
| ExitProcess | - | 0x0052C288 | 0x001CEB1C | 0x001CEB1C | 0x0000007D |
| GlobalSize | - | 0x0052C28C | 0x001CEB20 | 0x001CEB20 | 0x00000190 |
| GlobalFree | - | 0x0052C290 | 0x001CEB24 | 0x001CEB24 | 0x00000188 |
| DeleteCriticalSection | - | 0x0052C294 | 0x001CEB28 | 0x001CEB28 | 0x00000055 |
| InitializeCriticalSection | - | 0x0052C298 | 0x001CEB2C | 0x001CEB2C | 0x000001AA |
| lstrcatA | - | 0x0052C29C | 0x001CEB30 | 0x001CEB30 | 0x000002F9 |
| lstrlenA | - | 0x0052C2A0 | 0x001CEB34 | 0x001CEB34 | 0x00000308 |
| WinExec | - | 0x0052C2A4 | 0x001CEB38 | 0x001CEB38 | 0x000002D3 |
| lstrcpyA | - | 0x0052C2A8 | 0x001CEB3C | 0x001CEB3C | 0x00000302 |
| FindNextFileA | - | 0x0052C2AC | 0x001CEB40 | 0x001CEB40 | 0x0000009D |
| GlobalReAlloc | - | 0x0052C2B0 | 0x001CEB44 | 0x001CEB44 | 0x0000018F |
| HeapFree | - | 0x0052C2B4 | 0x001CEB48 | 0x001CEB48 | 0x0000019F |
| HeapReAlloc | - | 0x0052C2B8 | 0x001CEB4C | 0x001CEB4C | 0x000001A2 |
| GetProcessHeap | - | 0x0052C2BC | 0x001CEB50 | 0x001CEB50 | 0x00000140 |
| HeapAlloc | - | 0x0052C2C0 | 0x001CEB54 | 0x001CEB54 | 0x00000199 |
| GetUserDefaultLCID | - | 0x0052C2C4 | 0x001CEB58 | 0x001CEB58 | 0x00000171 |
| GetFullPathNameA | - | 0x0052C2C8 | 0x001CEB5C | 0x001CEB5C | 0x00000116 |
| FreeLibrary | - | 0x0052C2CC | 0x001CEB60 | 0x001CEB60 | 0x000000B4 |
| LoadLibraryA | - | 0x0052C2D0 | 0x001CEB64 | 0x001CEB64 | 0x000001C2 |
| GetLastError | - | 0x0052C2D4 | 0x001CEB68 | 0x001CEB68 | 0x0000011A |
| GetVersionExA | - | 0x0052C2D8 | 0x001CEB6C | 0x001CEB6C | 0x00000175 |
| WritePrivateProfileStringA | - | 0x0052C2DC | 0x001CEB70 | 0x001CEB70 | 0x000002E5 |
| GetPrivateProfileStringA | - | 0x0052C2E0 | 0x001CEB74 | 0x001CEB74 | 0x0000013A |
| CreateThread | - | 0x0052C2E4 | 0x001CEB78 | 0x001CEB78 | 0x0000004A |
| CreateEventA | - | 0x0052C2E8 | 0x001CEB7C | 0x001CEB7C | 0x00000031 |
| Sleep | - | 0x0052C2EC | 0x001CEB80 | 0x001CEB80 | 0x00000296 |
| GlobalAlloc | - | 0x0052C2F0 | 0x001CEB84 | 0x001CEB84 | 0x00000181 |
| GlobalLock | - | 0x0052C2F4 | 0x001CEB88 | 0x001CEB88 | 0x0000018C |
| GlobalUnlock | - | 0x0052C2F8 | 0x001CEB8C | 0x001CEB8C | 0x00000193 |
| GetTempPathA | - | 0x0052C2FC | 0x001CEB90 | 0x001CEB90 | 0x00000165 |
| FindFirstFileA | - | 0x0052C300 | 0x001CEB94 | 0x001CEB94 | 0x00000094 |
| FindClose | - | 0x0052C304 | 0x001CEB98 | 0x001CEB98 | 0x00000090 |
| SetFileAttributesA | - | 0x0052C308 | 0x001CEB9C | 0x001CEB9C | 0x00000268 |
| GetFileAttributesA | - | 0x0052C30C | 0x001CEBA0 | 0x001CEBA0 | 0x0000010D |
| RtlUnwind | - | 0x0052C310 | 0x001CEBA4 | 0x001CEBA4 | 0x0000022F |
| GetStartupInfoA | - | 0x0052C314 | 0x001CEBA8 | 0x001CEBA8 | 0x00000150 |
| GetOEMCP | - | 0x0052C318 | 0x001CEBAC | 0x001CEBAC | 0x00000131 |
| GetCPInfo | - | 0x0052C31C | 0x001CEBB0 | 0x001CEBB0 | 0x000000BF |
| GetProcessVersion | - | 0x0052C320 | 0x001CEBB4 | 0x001CEBB4 | 0x00000145 |
| SetErrorMode | - | 0x0052C324 | 0x001CEBB8 | 0x001CEBB8 | 0x00000264 |
| GlobalFlags | - | 0x0052C328 | 0x001CEBBC | 0x001CEBBC | 0x00000187 |
| GetCurrentThread | - | 0x0052C32C | 0x001CEBC0 | 0x001CEBC0 | 0x000000F9 |
| GetFileTime | - | 0x0052C330 | 0x001CEBC4 | 0x001CEBC4 | 0x00000114 |
| GetFileSize | - | 0x0052C334 | 0x001CEBC8 | 0x001CEBC8 | 0x00000112 |
| TlsGetValue | - | 0x0052C338 | 0x001CEBCC | 0x001CEBCC | 0x000002A4 |
| LocalReAlloc | - | 0x0052C33C | 0x001CEBD0 | 0x001CEBD0 | 0x000001CF |
| TlsSetValue | - | 0x0052C340 | 0x001CEBD4 | 0x001CEBD4 | 0x000002A5 |
| TlsFree | - | 0x0052C344 | 0x001CEBD8 | 0x001CEBD8 | 0x000002A3 |
| GlobalHandle | - | 0x0052C348 | 0x001CEBDC | 0x001CEBDC | 0x0000018B |
| TlsAlloc | - | 0x0052C34C | 0x001CEBE0 | 0x001CEBE0 | 0x000002A2 |
| LocalAlloc | - | 0x0052C350 | 0x001CEBE4 | 0x001CEBE4 | 0x000001C8 |
| lstrcmpA | - | 0x0052C354 | 0x001CEBE8 | 0x001CEBE8 | 0x000002FC |
| DeleteFileA | - | 0x0052C358 | 0x001CEBEC | 0x001CEBEC | 0x00000057 |
| SetCurrentDirectoryA | - | 0x0052C35C | 0x001CEBF0 | 0x001CEBF0 | 0x0000025D |
| GetVolumeInformationA | - | 0x0052C360 | 0x001CEBF4 | 0x001CEBF4 | 0x00000177 |
| GetModuleHandleA | - | 0x0052C364 | 0x001CEBF8 | 0x001CEBF8 | 0x00000126 |
| GetProcAddress | - | 0x0052C368 | 0x001CEBFC | 0x001CEBFC | 0x0000013E |
| MulDiv | - | 0x0052C36C | 0x001CEC00 | 0x001CEC00 | 0x000001E3 |
| GetCommandLineA | - | 0x0052C370 | 0x001CEC04 | 0x001CEC04 | 0x000000CA |
| GetTickCount | - | 0x0052C374 | 0x001CEC08 | 0x001CEC08 | 0x0000016D |
| CreateProcessA | - | 0x0052C378 | 0x001CEC0C | 0x001CEC0C | 0x00000044 |
| WaitForSingleObject | - | 0x0052C37C | 0x001CEC10 | 0x001CEC10 | 0x000002CE |
| CloseHandle | - | 0x0052C380 | 0x001CEC14 | 0x001CEC14 | 0x0000001B |
| lstrcmpiA | - | 0x0052C384 | 0x001CEC18 | 0x001CEC18 | 0x000002FF |
| GlobalDeleteAtom | - | 0x0052C388 | 0x001CEC1C | 0x001CEC1C | 0x00000183 |
| GetVersion | - | 0x0052C38C | 0x001CEC20 | 0x001CEC20 | 0x00000174 |
| GlobalGetAtomNameA | - | 0x0052C390 | 0x001CEC24 | 0x001CEC24 | 0x00000189 |
| GlobalAddAtomA | - | 0x0052C394 | 0x001CEC28 | 0x001CEC28 | 0x0000017F |
| GlobalFindAtomA | - | 0x0052C398 | 0x001CEC2C | 0x001CEC2C | 0x00000184 |
| InterlockedIncrement | - | 0x0052C39C | 0x001CEC30 | 0x001CEC30 | 0x000001B0 |
USER32.dll (153)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegisterClassA | - | 0x0052C3DC | 0x001CEC70 | 0x001CEC70 | 0x000001F2 |
| WaitForInputIdle | - | 0x0052C3E0 | 0x001CEC74 | 0x001CEC74 | 0x000002A4 |
| wsprintfA | - | 0x0052C3E4 | 0x001CEC78 | 0x001CEC78 | 0x000002AC |
| CloseClipboard | - | 0x0052C3E8 | 0x001CEC7C | 0x001CEC7C | 0x0000003C |
| GetClipboardData | - | 0x0052C3EC | 0x001CEC80 | 0x001CEC80 | 0x000000F2 |
| OpenClipboard | - | 0x0052C3F0 | 0x001CEC84 | 0x001CEC84 | 0x000001D3 |
| SetClipboardData | - | 0x0052C3F4 | 0x001CEC88 | 0x001CEC88 | 0x00000223 |
| EmptyClipboard | - | 0x0052C3F8 | 0x001CEC8C | 0x001CEC8C | 0x000000B4 |
| GetSystemMetrics | - | 0x0052C3FC | 0x001CEC90 | 0x001CEC90 | 0x00000146 |
| GetCursorPos | - | 0x0052C400 | 0x001CEC94 | 0x001CEC94 | 0x000000FC |
| MessageBoxA | - | 0x0052C404 | 0x001CEC98 | 0x001CEC98 | 0x000001BE |
| SetWindowPos | - | 0x0052C408 | 0x001CEC9C | 0x001CEC9C | 0x0000025B |
| SendMessageA | - | 0x0052C40C | 0x001CECA0 | 0x001CECA0 | 0x00000214 |
| DestroyCursor | - | 0x0052C410 | 0x001CECA4 | 0x001CECA4 | 0x0000008B |
| SetParent | - | 0x0052C414 | 0x001CECA8 | 0x001CECA8 | 0x0000023E |
| IsWindow | - | 0x0052C418 | 0x001CECAC | 0x001CECAC | 0x0000018F |
| PostMessageA | - | 0x0052C41C | 0x001CECB0 | 0x001CECB0 | 0x000001DE |
| GetTopWindow | - | 0x0052C420 | 0x001CECB4 | 0x001CECB4 | 0x0000014C |
| GetParent | - | 0x0052C424 | 0x001CECB8 | 0x001CECB8 | 0x00000135 |
| GetFocus | - | 0x0052C428 | 0x001CECBC | 0x001CECBC | 0x00000107 |
| GetClientRect | - | 0x0052C42C | 0x001CECC0 | 0x001CECC0 | 0x000000F0 |
| InvalidateRect | - | 0x0052C430 | 0x001CECC4 | 0x001CECC4 | 0x0000017A |
| ValidateRect | - | 0x0052C434 | 0x001CECC8 | 0x001CECC8 | 0x0000029A |
| UpdateWindow | - | 0x0052C438 | 0x001CECCC | 0x001CECCC | 0x00000291 |
| EqualRect | - | 0x0052C43C | 0x001CECD0 | 0x001CECD0 | 0x000000D1 |
| GetWindowRect | - | 0x0052C440 | 0x001CECD4 | 0x001CECD4 | 0x0000015C |
| SetForegroundWindow | - | 0x0052C444 | 0x001CECD8 | 0x001CECD8 | 0x00000230 |
| DestroyMenu | - | 0x0052C448 | 0x001CECDC | 0x001CECDC | 0x0000008D |
| IsChild | - | 0x0052C44C | 0x001CECE0 | 0x001CECE0 | 0x00000185 |
| ReleaseDC | - | 0x0052C450 | 0x001CECE4 | 0x001CECE4 | 0x00000203 |
| IsRectEmpty | - | 0x0052C454 | 0x001CECE8 | 0x001CECE8 | 0x0000018E |
| FillRect | - | 0x0052C458 | 0x001CECEC | 0x001CECEC | 0x000000D4 |
| GetDC | - | 0x0052C45C | 0x001CECF0 | 0x001CECF0 | 0x000000FD |
| SetCursor | - | 0x0052C460 | 0x001CECF4 | 0x001CECF4 | 0x00000226 |
| LoadCursorA | - | 0x0052C464 | 0x001CECF8 | 0x001CECF8 | 0x0000019A |
| SetCursorPos | - | 0x0052C468 | 0x001CECFC | 0x001CECFC | 0x00000228 |
| SetActiveWindow | - | 0x0052C46C | 0x001CED00 | 0x001CED00 | 0x0000021C |
| GetSysColor | - | 0x0052C470 | 0x001CED04 | 0x001CED04 | 0x00000143 |
| SetWindowLongA | - | 0x0052C474 | 0x001CED08 | 0x001CED08 | 0x00000258 |
| GetWindowLongA | - | 0x0052C478 | 0x001CED0C | 0x001CED0C | 0x00000156 |
| RedrawWindow | - | 0x0052C47C | 0x001CED10 | 0x001CED10 | 0x000001F1 |
| EnableWindow | - | 0x0052C480 | 0x001CED14 | 0x001CED14 | 0x000000B7 |
| IsWindowVisible | - | 0x0052C484 | 0x001CED18 | 0x001CED18 | 0x00000192 |
| OffsetRect | - | 0x0052C488 | 0x001CED1C | 0x001CED1C | 0x000001D2 |
| PtInRect | - | 0x0052C48C | 0x001CED20 | 0x001CED20 | 0x000001EA |
| DestroyIcon | - | 0x0052C490 | 0x001CED24 | 0x001CED24 | 0x0000008C |
| IntersectRect | - | 0x0052C494 | 0x001CED28 | 0x001CED28 | 0x00000179 |
| InflateRect | - | 0x0052C498 | 0x001CED2C | 0x001CED2C | 0x00000171 |
| SetRect | - | 0x0052C49C | 0x001CED30 | 0x001CED30 | 0x00000244 |
| SetScrollPos | - | 0x0052C4A0 | 0x001CED34 | 0x001CED34 | 0x00000247 |
| SetScrollRange | - | 0x0052C4A4 | 0x001CED38 | 0x001CED38 | 0x00000248 |
| GetScrollRange | - | 0x0052C4A8 | 0x001CED3C | 0x001CED3C | 0x00000140 |
| SetCapture | - | 0x0052C4AC | 0x001CED40 | 0x001CED40 | 0x0000021D |
| GetCapture | - | 0x0052C4B0 | 0x001CED44 | 0x001CED44 | 0x000000E4 |
| ReleaseCapture | - | 0x0052C4B4 | 0x001CED48 | 0x001CED48 | 0x00000202 |
| SetTimer | - | 0x0052C4B8 | 0x001CED4C | 0x001CED4C | 0x00000252 |
| KillTimer | - | 0x0052C4BC | 0x001CED50 | 0x001CED50 | 0x00000195 |
| GetForegroundWindow | - | 0x0052C4C0 | 0x001CED54 | 0x001CED54 | 0x00000108 |
| LoadIconA | - | 0x0052C4C4 | 0x001CED58 | 0x001CED58 | 0x0000019E |
| TranslateMessage | - | 0x0052C4C8 | 0x001CED5C | 0x001CED5C | 0x00000282 |
| DrawFrameControl | - | 0x0052C4CC | 0x001CED60 | 0x001CED60 | 0x000000A8 |
| DrawEdge | - | 0x0052C4D0 | 0x001CED64 | 0x001CED64 | 0x000000A5 |
| DrawFocusRect | - | 0x0052C4D4 | 0x001CED68 | 0x001CED68 | 0x000000A6 |
| WindowFromPoint | - | 0x0052C4D8 | 0x001CED6C | 0x001CED6C | 0x000002A9 |
| GetMessageA | - | 0x0052C4DC | 0x001CED70 | 0x001CED70 | 0x0000012A |
| DispatchMessageA | - | 0x0052C4E0 | 0x001CED74 | 0x001CED74 | 0x00000095 |
| SetRectEmpty | - | 0x0052C4E4 | 0x001CED78 | 0x001CED78 | 0x00000245 |
| RegisterClipboardFormatA | - | 0x0052C4E8 | 0x001CED7C | 0x001CED7C | 0x000001F6 |
| CreateIconFromResourceEx | - | 0x0052C4EC | 0x001CED80 | 0x001CED80 | 0x00000053 |
| CreateIconFromResource | - | 0x0052C4F0 | 0x001CED84 | 0x001CED84 | 0x00000052 |
| DrawIconEx | - | 0x0052C4F4 | 0x001CED88 | 0x001CED88 | 0x000000AA |
| CreatePopupMenu | - | 0x0052C4F8 | 0x001CED8C | 0x001CED8C | 0x00000058 |
| AppendMenuA | - | 0x0052C4FC | 0x001CED90 | 0x001CED90 | 0x00000007 |
| ModifyMenuA | - | 0x0052C500 | 0x001CED94 | 0x001CED94 | 0x000001C4 |
| CreateMenu | - | 0x0052C504 | 0x001CED98 | 0x001CED98 | 0x00000057 |
| CreateAcceleratorTableA | - | 0x0052C508 | 0x001CED9C | 0x001CED9C | 0x00000046 |
| GetDlgCtrlID | - | 0x0052C50C | 0x001CEDA0 | 0x001CEDA0 | 0x00000101 |
| GetSubMenu | - | 0x0052C510 | 0x001CEDA4 | 0x001CEDA4 | 0x00000142 |
| EnableMenuItem | - | 0x0052C514 | 0x001CEDA8 | 0x001CEDA8 | 0x000000B5 |
| ClientToScreen | - | 0x0052C518 | 0x001CEDAC | 0x001CEDAC | 0x0000003A |
| EnumDisplaySettingsA | - | 0x0052C51C | 0x001CEDB0 | 0x001CEDB0 | 0x000000C5 |
| LoadImageA | - | 0x0052C520 | 0x001CEDB4 | 0x001CEDB4 | 0x000001A0 |
| SystemParametersInfoA | - | 0x0052C524 | 0x001CEDB8 | 0x001CEDB8 | 0x00000271 |
| ShowWindow | - | 0x0052C528 | 0x001CEDBC | 0x001CEDBC | 0x0000026A |
| IsWindowEnabled | - | 0x0052C52C | 0x001CEDC0 | 0x001CEDC0 | 0x00000190 |
| TranslateAcceleratorA | - | 0x0052C530 | 0x001CEDC4 | 0x001CEDC4 | 0x0000027F |
| GetKeyState | - | 0x0052C534 | 0x001CEDC8 | 0x001CEDC8 | 0x00000112 |
| CopyAcceleratorTableA | - | 0x0052C538 | 0x001CEDCC | 0x001CEDCC | 0x00000040 |
| PostQuitMessage | - | 0x0052C53C | 0x001CEDD0 | 0x001CEDD0 | 0x000001E0 |
| IsZoomed | - | 0x0052C540 | 0x001CEDD4 | 0x001CEDD4 | 0x00000193 |
| GetClassInfoA | - | 0x0052C544 | 0x001CEDD8 | 0x001CEDD8 | 0x000000E7 |
| DefWindowProcA | - | 0x0052C548 | 0x001CEDDC | 0x001CEDDC | 0x00000084 |
| GetMenu | - | 0x0052C54C | 0x001CEDE0 | 0x001CEDE0 | 0x0000011C |
| SetMenu | - | 0x0052C550 | 0x001CEDE4 | 0x001CEDE4 | 0x00000235 |
| GetWindowTextA | - | 0x0052C554 | 0x001CEDE8 | 0x001CEDE8 | 0x0000015E |
| GetWindowTextLengthA | - | 0x0052C558 | 0x001CEDEC | 0x001CEDEC | 0x0000015F |
| CharUpperA | - | 0x0052C55C | 0x001CEDF0 | 0x001CEDF0 | 0x0000002F |
| GetWindowDC | - | 0x0052C560 | 0x001CEDF4 | 0x001CEDF4 | 0x00000154 |
| BeginPaint | - | 0x0052C564 | 0x001CEDF8 | 0x001CEDF8 | 0x0000000C |
| EndPaint | - | 0x0052C568 | 0x001CEDFC | 0x001CEDFC | 0x000000BB |
| TabbedTextOutA | - | 0x0052C56C | 0x001CEE00 | 0x001CEE00 | 0x00000273 |
| DrawTextA | - | 0x0052C570 | 0x001CEE04 | 0x001CEE04 | 0x000000AF |
| GrayStringA | - | 0x0052C574 | 0x001CEE08 | 0x001CEE08 | 0x00000164 |
| GetDlgItem | - | 0x0052C578 | 0x001CEE0C | 0x001CEE0C | 0x00000102 |
| DestroyWindow | - | 0x0052C57C | 0x001CEE10 | 0x001CEE10 | 0x0000008E |
| CreateDialogIndirectParamA | - | 0x0052C580 | 0x001CEE14 | 0x001CEE14 | 0x0000004C |
| EndDialog | - | 0x0052C584 | 0x001CEE18 | 0x001CEE18 | 0x000000B9 |
| GetNextDlgTabItem | - | 0x0052C588 | 0x001CEE1C | 0x001CEE1C | 0x00000133 |
| GetWindowPlacement | - | 0x0052C58C | 0x001CEE20 | 0x001CEE20 | 0x0000015B |
| RegisterWindowMessageA | - | 0x0052C590 | 0x001CEE24 | 0x001CEE24 | 0x00000200 |
| GetLastActivePopup | - | 0x0052C594 | 0x001CEE28 | 0x001CEE28 | 0x00000119 |
| GetMessageTime | - | 0x0052C598 | 0x001CEE2C | 0x001CEE2C | 0x0000012D |
| RemovePropA | - | 0x0052C59C | 0x001CEE30 | 0x001CEE30 | 0x00000205 |
| CallWindowProcA | - | 0x0052C5A0 | 0x001CEE34 | 0x001CEE34 | 0x00000016 |
| GetPropA | - | 0x0052C5A4 | 0x001CEE38 | 0x001CEE38 | 0x0000013A |
| UnhookWindowsHookEx | - | 0x0052C5A8 | 0x001CEE3C | 0x001CEE3C | 0x00000286 |
| SetPropA | - | 0x0052C5AC | 0x001CEE40 | 0x001CEE40 | 0x00000242 |
| GetClassLongA | - | 0x0052C5B0 | 0x001CEE44 | 0x001CEE44 | 0x000000EB |
| CallNextHookEx | - | 0x0052C5B4 | 0x001CEE48 | 0x001CEE48 | 0x00000015 |
| SetWindowsHookExA | - | 0x0052C5B8 | 0x001CEE4C | 0x001CEE4C | 0x00000262 |
| CreateWindowExA | - | 0x0052C5BC | 0x001CEE50 | 0x001CEE50 | 0x00000059 |
| GetMenuItemID | - | 0x0052C5C0 | 0x001CEE54 | 0x001CEE54 | 0x00000123 |
| GetMenuItemCount | - | 0x0052C5C4 | 0x001CEE58 | 0x001CEE58 | 0x00000122 |
| UnregisterClassA | - | 0x0052C5C8 | 0x001CEE5C | 0x001CEE5C | 0x0000028B |
| GetScrollPos | - | 0x0052C5CC | 0x001CEE60 | 0x001CEE60 | 0x0000013F |
| AdjustWindowRectEx | - | 0x0052C5D0 | 0x001CEE64 | 0x001CEE64 | 0x00000002 |
| MapWindowPoints | - | 0x0052C5D4 | 0x001CEE68 | 0x001CEE68 | 0x000001B9 |
| SendDlgItemMessageA | - | 0x0052C5D8 | 0x001CEE6C | 0x001CEE6C | 0x0000020F |
| ScrollWindowEx | - | 0x0052C5DC | 0x001CEE70 | 0x001CEE70 | 0x0000020E |
| IsDialogMessageA | - | 0x0052C5E0 | 0x001CEE74 | 0x001CEE74 | 0x00000188 |
| SetWindowTextA | - | 0x0052C5E4 | 0x001CEE78 | 0x001CEE78 | 0x0000025E |
| MoveWindow | - | 0x0052C5E8 | 0x001CEE7C | 0x001CEE7C | 0x000001C9 |
| CheckMenuItem | - | 0x0052C5EC | 0x001CEE80 | 0x001CEE80 | 0x00000034 |
| SetMenuItemBitmaps | - | 0x0052C5F0 | 0x001CEE84 | 0x001CEE84 | 0x00000239 |
| GetMenuState | - | 0x0052C5F4 | 0x001CEE88 | 0x001CEE88 | 0x00000127 |
| GetMenuCheckMarkDimensions | - | 0x0052C5F8 | 0x001CEE8C | 0x001CEE8C | 0x0000011E |
| GetClassNameA | - | 0x0052C5FC | 0x001CEE90 | 0x001CEE90 | 0x000000ED |
| GetDesktopWindow | - | 0x0052C600 | 0x001CEE94 | 0x001CEE94 | 0x000000FF |
| LoadStringA | - | 0x0052C604 | 0x001CEE98 | 0x001CEE98 | 0x000001AB |
| GetSysColorBrush | - | 0x0052C608 | 0x001CEE9C | 0x001CEE9C | 0x00000144 |
| PeekMessageA | - | 0x0052C60C | 0x001CEEA0 | 0x001CEEA0 | 0x000001DC |
| IsIconic | - | 0x0052C610 | 0x001CEEA4 | 0x001CEEA4 | 0x0000018C |
| SetFocus | - | 0x0052C614 | 0x001CEEA8 | 0x001CEEA8 | 0x0000022F |
| GetActiveWindow | - | 0x0052C618 | 0x001CEEAC | 0x001CEEAC | 0x000000DD |
| GetWindow | - | 0x0052C61C | 0x001CEEB0 | 0x001CEEB0 | 0x00000152 |
| DestroyAcceleratorTable | - | 0x0052C620 | 0x001CEEB4 | 0x001CEEB4 | 0x00000089 |
| SetWindowRgn | - | 0x0052C624 | 0x001CEEB8 | 0x001CEEB8 | 0x0000025C |
| GetMessagePos | - | 0x0052C628 | 0x001CEEBC | 0x001CEEBC | 0x0000012C |
| ScreenToClient | - | 0x0052C62C | 0x001CEEC0 | 0x001CEEC0 | 0x0000020A |
| ChildWindowFromPointEx | - | 0x0052C630 | 0x001CEEC4 | 0x001CEEC4 | 0x00000038 |
| CopyRect | - | 0x0052C634 | 0x001CEEC8 | 0x001CEEC8 | 0x00000044 |
| LoadBitmapA | - | 0x0052C638 | 0x001CEECC | 0x001CEECC | 0x00000198 |
| WinHelpA | - | 0x0052C63C | 0x001CEED0 | 0x001CEED0 | 0x000002A6 |
GDI32.dll (82)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SelectClipRgn | - | 0x0052C030 | 0x001CE8C4 | 0x001CE8C4 | 0x000001C5 |
| DeleteObject | - | 0x0052C034 | 0x001CE8C8 | 0x001CE8C8 | 0x00000053 |
| CreateDIBitmap | - | 0x0052C038 | 0x001CE8CC | 0x001CE8CC | 0x00000030 |
| GetSystemPaletteEntries | - | 0x0052C03C | 0x001CE8D0 | 0x001CE8D0 | 0x00000163 |
| CreatePalette | - | 0x0052C040 | 0x001CE8D4 | 0x001CE8D4 | 0x00000042 |
| StretchBlt | - | 0x0052C044 | 0x001CE8D8 | 0x001CE8D8 | 0x00000200 |
| SelectPalette | - | 0x0052C048 | 0x001CE8DC | 0x001CE8DC | 0x000001C8 |
| RealizePalette | - | 0x0052C04C | 0x001CE8E0 | 0x001CE8E0 | 0x000001AC |
| GetDIBits | - | 0x0052C050 | 0x001CE8E4 | 0x001CE8E4 | 0x00000124 |
| GetWindowExtEx | - | 0x0052C054 | 0x001CE8E8 | 0x001CE8E8 | 0x0000017B |
| GetViewportOrgEx | - | 0x0052C058 | 0x001CE8EC | 0x001CE8EC | 0x00000179 |
| GetWindowOrgEx | - | 0x0052C05C | 0x001CE8F0 | 0x001CE8F0 | 0x0000017C |
| BeginPath | - | 0x0052C060 | 0x001CE8F4 | 0x001CE8F4 | 0x00000010 |
| EndPath | - | 0x0052C064 | 0x001CE8F8 | 0x001CE8F8 | 0x0000005D |
| PathToRegion | - | 0x0052C068 | 0x001CE8FC | 0x001CE8FC | 0x00000195 |
| CreateEllipticRgn | - | 0x0052C06C | 0x001CE900 | 0x001CE900 | 0x00000032 |
| CreateRoundRectRgn | - | 0x0052C070 | 0x001CE904 | 0x001CE904 | 0x0000004A |
| GetTextColor | - | 0x0052C074 | 0x001CE908 | 0x001CE908 | 0x00000169 |
| GetBkMode | - | 0x0052C078 | 0x001CE90C | 0x001CE90C | 0x00000108 |
| GetBkColor | - | 0x0052C07C | 0x001CE910 | 0x001CE910 | 0x00000107 |
| GetROP2 | - | 0x0052C080 | 0x001CE914 | 0x001CE914 | 0x00000159 |
| GetStretchBltMode | - | 0x0052C084 | 0x001CE918 | 0x001CE918 | 0x00000160 |
| GetPolyFillMode | - | 0x0052C088 | 0x001CE91C | 0x001CE91C | 0x00000158 |
| CreateCompatibleBitmap | - | 0x0052C08C | 0x001CE920 | 0x001CE920 | 0x00000029 |
| CreateDCA | - | 0x0052C090 | 0x001CE924 | 0x001CE924 | 0x0000002B |
| CreateBitmap | - | 0x0052C094 | 0x001CE928 | 0x001CE928 | 0x00000024 |
| SelectObject | - | 0x0052C098 | 0x001CE92C | 0x001CE92C | 0x000001C7 |
| CreatePen | - | 0x0052C09C | 0x001CE930 | 0x001CE930 | 0x00000044 |
| PatBlt | - | 0x0052C0A0 | 0x001CE934 | 0x001CE934 | 0x00000194 |
| CombineRgn | - | 0x0052C0A4 | 0x001CE938 | 0x001CE938 | 0x0000001E |
| CreateRectRgn | - | 0x0052C0A8 | 0x001CE93C | 0x001CE93C | 0x00000048 |
| FillRgn | - | 0x0052C0AC | 0x001CE940 | 0x001CE940 | 0x000000A8 |
| CreatePolygonRgn | - | 0x0052C0B0 | 0x001CE944 | 0x001CE944 | 0x00000047 |
| CreateFontIndirectA | - | 0x0052C0B4 | 0x001CE948 | 0x001CE948 | 0x00000037 |
| GetStockObject | - | 0x0052C0B8 | 0x001CE94C | 0x001CE94C | 0x0000015F |
| GetObjectA | - | 0x0052C0BC | 0x001CE950 | 0x001CE950 | 0x0000014F |
| EndPage | - | 0x0052C0C0 | 0x001CE954 | 0x001CE954 | 0x0000005C |
| EndDoc | - | 0x0052C0C4 | 0x001CE958 | 0x001CE958 | 0x0000005A |
| DeleteDC | - | 0x0052C0C8 | 0x001CE95C | 0x001CE95C | 0x00000050 |
| StartDocA | - | 0x0052C0CC | 0x001CE960 | 0x001CE960 | 0x000001FC |
| StartPage | - | 0x0052C0D0 | 0x001CE964 | 0x001CE964 | 0x000001FF |
| BitBlt | - | 0x0052C0D4 | 0x001CE968 | 0x001CE968 | 0x00000011 |
| CreateCompatibleDC | - | 0x0052C0D8 | 0x001CE96C | 0x001CE96C | 0x0000002A |
| Ellipse | - | 0x0052C0DC | 0x001CE970 | 0x001CE970 | 0x00000058 |
| Rectangle | - | 0x0052C0E0 | 0x001CE974 | 0x001CE974 | 0x000001AF |
| LPtoDP | - | 0x0052C0E4 | 0x001CE978 | 0x001CE978 | 0x00000182 |
| DPtoLP | - | 0x0052C0E8 | 0x001CE97C | 0x001CE97C | 0x0000004E |
| GetCurrentObject | - | 0x0052C0EC | 0x001CE980 | 0x001CE980 | 0x0000011E |
| RoundRect | - | 0x0052C0F0 | 0x001CE984 | 0x001CE984 | 0x000001BA |
| GetTextExtentPoint32A | - | 0x0052C0F4 | 0x001CE988 | 0x001CE988 | 0x0000016E |
| GetDeviceCaps | - | 0x0052C0F8 | 0x001CE98C | 0x001CE98C | 0x00000125 |
| SaveDC | - | 0x0052C0FC | 0x001CE990 | 0x001CE990 | 0x000001C0 |
| RestoreDC | - | 0x0052C100 | 0x001CE994 | 0x001CE994 | 0x000001B9 |
| SetBkMode | - | 0x0052C104 | 0x001CE998 | 0x001CE998 | 0x000001CE |
| SetPolyFillMode | - | 0x0052C108 | 0x001CE99C | 0x001CE99C | 0x000001EB |
| SetROP2 | - | 0x0052C10C | 0x001CE9A0 | 0x001CE9A0 | 0x000001EC |
| SetTextColor | - | 0x0052C110 | 0x001CE9A4 | 0x001CE9A4 | 0x000001F3 |
| SetMapMode | - | 0x0052C114 | 0x001CE9A8 | 0x001CE9A8 | 0x000001E2 |
| SetViewportOrgEx | - | 0x0052C118 | 0x001CE9AC | 0x001CE9AC | 0x000001F6 |
| OffsetViewportOrgEx | - | 0x0052C11C | 0x001CE9B0 | 0x001CE9B0 | 0x0000018C |
| SetViewportExtEx | - | 0x0052C120 | 0x001CE9B4 | 0x001CE9B4 | 0x000001F5 |
| ScaleViewportExtEx | - | 0x0052C124 | 0x001CE9B8 | 0x001CE9B8 | 0x000001C1 |
| SetWindowOrgEx | - | 0x0052C128 | 0x001CE9BC | 0x001CE9BC | 0x000001FA |
| SetWindowExtEx | - | 0x0052C12C | 0x001CE9C0 | 0x001CE9C0 | 0x000001F9 |
| ScaleWindowExtEx | - | 0x0052C130 | 0x001CE9C4 | 0x001CE9C4 | 0x000001C2 |
| GetClipBox | - | 0x0052C134 | 0x001CE9C8 | 0x001CE9C8 | 0x0000011A |
| ExcludeClipRect | - | 0x0052C138 | 0x001CE9CC | 0x001CE9CC | 0x00000098 |
| MoveToEx | - | 0x0052C13C | 0x001CE9D0 | 0x001CE9D0 | 0x00000188 |
| LineTo | - | 0x0052C140 | 0x001CE9D4 | 0x001CE9D4 | 0x00000184 |
| GetClipRgn | - | 0x0052C144 | 0x001CE9D8 | 0x001CE9D8 | 0x0000011B |
| SetStretchBltMode | - | 0x0052C148 | 0x001CE9DC | 0x001CE9DC | 0x000001EF |
| CreateRectRgnIndirect | - | 0x0052C14C | 0x001CE9E0 | 0x001CE9E0 | 0x00000049 |
| SetBkColor | - | 0x0052C150 | 0x001CE9E4 | 0x001CE9E4 | 0x000001CD |
| CreateSolidBrush | - | 0x0052C154 | 0x001CE9E8 | 0x001CE9E8 | 0x0000004D |
| GetTextMetricsA | - | 0x0052C158 | 0x001CE9EC | 0x001CE9EC | 0x00000175 |
| Escape | - | 0x0052C15C | 0x001CE9F0 | 0x001CE9F0 | 0x00000095 |
| ExtTextOutA | - | 0x0052C160 | 0x001CE9F4 | 0x001CE9F4 | 0x0000009E |
| TextOutA | - | 0x0052C164 | 0x001CE9F8 | 0x001CE9F8 | 0x00000205 |
| RectVisible | - | 0x0052C168 | 0x001CE9FC | 0x001CE9FC | 0x000001AE |
| PtVisible | - | 0x0052C16C | 0x001CEA00 | 0x001CEA00 | 0x000001AA |
| GetViewportExtEx | - | 0x0052C170 | 0x001CEA04 | 0x001CEA04 | 0x00000178 |
| ExtSelectClipRgn | - | 0x0052C174 | 0x001CEA08 | 0x001CEA08 | 0x0000009D |
WINMM.dll (17)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| midiStreamRestart | - | 0x0052C644 | 0x001CEED8 | 0x001CEED8 | 0x00000063 |
| midiStreamClose | - | 0x0052C648 | 0x001CEEDC | 0x001CEEDC | 0x0000005D |
| midiOutReset | - | 0x0052C64C | 0x001CEEE0 | 0x001CEEE0 | 0x00000059 |
| midiStreamStop | - | 0x0052C650 | 0x001CEEE4 | 0x001CEEE4 | 0x00000064 |
| midiStreamOut | - | 0x0052C654 | 0x001CEEE8 | 0x001CEEE8 | 0x0000005F |
| midiOutPrepareHeader | - | 0x0052C658 | 0x001CEEEC | 0x001CEEEC | 0x00000058 |
| midiStreamProperty | - | 0x0052C65C | 0x001CEEF0 | 0x001CEEF0 | 0x00000062 |
| midiStreamOpen | - | 0x0052C660 | 0x001CEEF4 | 0x001CEEF4 | 0x0000005E |
| midiOutUnprepareHeader | - | 0x0052C664 | 0x001CEEF8 | 0x001CEEF8 | 0x0000005C |
| waveOutOpen | - | 0x0052C668 | 0x001CEEFC | 0x001CEEFC | 0x000000B8 |
| waveOutGetNumDevs | - | 0x0052C66C | 0x001CEF00 | 0x001CEF00 | 0x000000B2 |
| waveOutClose | - | 0x0052C670 | 0x001CEF04 | 0x001CEF04 | 0x000000AC |
| waveOutReset | - | 0x0052C674 | 0x001CEF08 | 0x001CEF08 | 0x000000BB |
| waveOutPause | - | 0x0052C678 | 0x001CEF0C | 0x001CEF0C | 0x000000B9 |
| waveOutWrite | - | 0x0052C67C | 0x001CEF10 | 0x001CEF10 | 0x000000C1 |
| waveOutPrepareHeader | - | 0x0052C680 | 0x001CEF14 | 0x001CEF14 | 0x000000BA |
| waveOutUnprepareHeader | - | 0x0052C684 | 0x001CEF18 | 0x001CEF18 | 0x000000C0 |
WINSPOOL.DRV (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ClosePrinter | - | 0x0052C68C | 0x001CEF20 | 0x001CEF20 | 0x0000001C |
| DocumentPropertiesA | - | 0x0052C690 | 0x001CEF24 | 0x001CEF24 | 0x00000047 |
| OpenPrinterA | - | 0x0052C694 | 0x001CEF28 | 0x001CEF28 | 0x0000007C |
ADVAPI32.dll (8)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegCloseKey | - | 0x0052C000 | 0x001CE894 | 0x001CE894 | 0x0000015B |
| RegOpenKeyExA | - | 0x0052C004 | 0x001CE898 | 0x001CE898 | 0x00000172 |
| RegSetValueExA | - | 0x0052C008 | 0x001CE89C | 0x001CE89C | 0x00000186 |
| RegQueryValueA | - | 0x0052C00C | 0x001CE8A0 | 0x001CE8A0 | 0x0000017A |
| RegDeleteKeyA | - | 0x0052C010 | 0x001CE8A4 | 0x001CE8A4 | 0x00000162 |
| RegDeleteValueA | - | 0x0052C014 | 0x001CE8A8 | 0x001CE8A8 | 0x00000164 |
| RegCreateKeyA | - | 0x0052C018 | 0x001CE8AC | 0x001CE8AC | 0x0000015E |
| RegCreateKeyExA | - | 0x0052C01C | 0x001CE8B0 | 0x001CE8B0 | 0x0000015F |
SHELL32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ShellExecuteA | - | 0x0052C3CC | 0x001CEC60 | 0x001CEC60 | 0x00000072 |
| Shell_NotifyIconA | - | 0x0052C3D0 | 0x001CEC64 | 0x001CEC64 | 0x00000079 |
| SHGetSpecialFolderPathA | - | 0x0052C3D4 | 0x001CEC68 | 0x001CEC68 | 0x00000054 |
ole32.dll (6)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CLSIDFromProgID | - | 0x0052C6D8 | 0x001CEF6C | 0x001CEF6C | 0x00000005 |
| OleInitialize | - | 0x0052C6DC | 0x001CEF70 | 0x001CEF70 | 0x000000C9 |
| OleUninitialize | - | 0x0052C6E0 | 0x001CEF74 | 0x001CEF74 | 0x000000E0 |
| CLSIDFromString | - | 0x0052C6E4 | 0x001CEF78 | 0x001CEF78 | 0x00000006 |
| CoCreateInstance | - | 0x0052C6E8 | 0x001CEF7C | 0x001CEF7C | 0x0000000D |
| OleRun | - | 0x0052C6EC | 0x001CEF80 | 0x001CEF80 | 0x000000D8 |
OLEAUT32.dll (9)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| VariantClear | 0x00000009 | 0x0052C3A4 | 0x001CEC38 | 0x001CEC38 | - |
| VariantChangeType | 0x0000000C | 0x0052C3A8 | 0x001CEC3C | 0x001CEC3C | - |
| VariantCopyInd | 0x0000000B | 0x0052C3AC | 0x001CEC40 | 0x001CEC40 | - |
| VariantInit | 0x00000008 | 0x0052C3B0 | 0x001CEC44 | 0x001CEC44 | - |
| SysAllocString | 0x00000002 | 0x0052C3B4 | 0x001CEC48 | 0x001CEC48 | - |
| RegisterTypeLib | 0x000000A3 | 0x0052C3B8 | 0x001CEC4C | 0x001CEC4C | - |
| LHashValOfNameSys | 0x000000A5 | 0x0052C3BC | 0x001CEC50 | 0x001CEC50 | - |
| LoadTypeLib | 0x000000A1 | 0x0052C3C0 | 0x001CEC54 | 0x001CEC54 | - |
| UnRegisterTypeLib | 0x000000BA | 0x0052C3C4 | 0x001CEC58 | 0x001CEC58 | - |
COMCTL32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ImageList_Destroy | - | 0x0052C024 | 0x001CE8B8 | 0x001CE8B8 | 0x00000022 |
| None | 0x00000011 | 0x0052C028 | 0x001CE8BC | 0x001CE8BC | - |
WS2_32.dll (9)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| recvfrom | 0x00000011 | 0x0052C69C | 0x001CEF30 | 0x001CEF30 | - |
| ioctlsocket | 0x0000000A | 0x0052C6A0 | 0x001CEF34 | 0x001CEF34 | - |
| recv | 0x00000010 | 0x0052C6A4 | 0x001CEF38 | 0x001CEF38 | - |
| getpeername | 0x00000005 | 0x0052C6A8 | 0x001CEF3C | 0x001CEF3C | - |
| accept | 0x00000001 | 0x0052C6AC | 0x001CEF40 | 0x001CEF40 | - |
| WSAAsyncSelect | 0x00000065 | 0x0052C6B0 | 0x001CEF44 | 0x001CEF44 | - |
| closesocket | 0x00000003 | 0x0052C6B4 | 0x001CEF48 | 0x001CEF48 | - |
| inet_ntoa | 0x0000000C | 0x0052C6B8 | 0x001CEF4C | 0x001CEF4C | - |
| WSACleanup | 0x00000074 | 0x0052C6BC | 0x001CEF50 | 0x001CEF50 | - |
comdlg32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetFileTitleA | - | 0x0052C6C4 | 0x001CEF58 | 0x001CEF58 | 0x00000007 |
| GetSaveFileNameA | - | 0x0052C6C8 | 0x001CEF5C | 0x001CEF5C | 0x0000000B |
| GetOpenFileNameA | - | 0x0052C6CC | 0x001CEF60 | 0x001CEF60 | 0x00000009 |
| ChooseColorA | - | 0x0052C6D0 | 0x001CEF64 | 0x001CEF64 | 0x00000000 |
Memory Dumps (38)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 22f97692b5a0fea40c782129a0ec53ae.exe | 1 | 0x00400000 | 0x00603FFF | Relevant Image |
|
32-bit | 0x005120F7 |
|
...
|
| ntdll.dll | 1 | 0x773F0000 | 0x77591FFF | First Execution |
|
32-bit | 0x77461160 |
|
...
|
| buffer | 1 | 0x022C0000 | 0x022C0FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04360000 | 0x04395FFF | First Execution |
|
32-bit | 0x04394340 |
|
...
|
| buffer | 1 | 0x04360000 | 0x04395FFF | Content Changed |
|
32-bit | 0x0437D770 |
|
...
|
| buffer | 1 | 0x04360000 | 0x04395FFF | Content Changed |
|
32-bit | 0x04380CE0 |
|
...
|
| buffer | 1 | 0x04360000 | 0x04395FFF | Content Changed |
|
32-bit | 0x04361E36 |
|
...
|
| buffer | 1 | 0x022C0000 | 0x022C0FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04360000 | 0x04395FFF | Content Changed |
|
32-bit | 0x0436A79D |
|
...
|
| buffer | 1 | 0x04360000 | 0x04395FFF | Content Changed |
|
32-bit | 0x04381A50 |
|
...
|
| buffer | 1 | 0x04360000 | 0x04395FFF | Content Changed |
|
32-bit | 0x0437BD9D |
|
...
|
| buffer | 1 | 0x04360000 | 0x04395FFF | Content Changed |
|
32-bit | 0x0437C000 |
|
...
|
| buffer | 1 | 0x04360000 | 0x04395FFF | Content Changed |
|
32-bit | 0x0437ECB0 |
|
...
|
| buffer | 1 | 0x022C0000 | 0x022C0FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04360000 | 0x04395FFF | Content Changed |
|
32-bit | 0x0436BD15 |
|
...
|
| buffer | 1 | 0x043E0000 | 0x043E0FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x043F0000 | 0x04402FFF | First Execution |
|
32-bit | 0x043FA146 |
|
...
|
| buffer | 1 | 0x043E0000 | 0x043E0FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x045F0000 | 0x045F0FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x045F0000 | 0x045F0FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x043F0000 | 0x04402FFF | Content Changed |
|
32-bit | 0x043F9080 |
|
...
|
| buffer | 1 | 0x045F0000 | 0x045F0FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04640000 | 0x04640FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04640000 | 0x04640FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04640000 | 0x04640FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04650000 | 0x04650FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04650000 | 0x04650FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04650000 | 0x04650FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04650000 | 0x04650FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x043F0000 | 0x04402FFF | Content Changed |
|
32-bit | 0x043F9080 |
|
...
|
| buffer | 1 | 0x04650000 | 0x04650FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04650000 | 0x04650FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04650000 | 0x04650FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x04660000 | 0x04660FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x06FA0000 | 0x06FA0FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x071D0000 | 0x071D0FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x06F90000 | 0x06F90FFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x03F71020 | 0x0415CAB0 | Image In Buffer |
|
32-bit | - |
|
...
|
| C:\Users\OQXZRA~1\AppData\Local\Temp\12225062\....\¡¡ | Dropped File | Empty |
Clean
|
...
|
»
| Also Known As |
C:\Users\OQXZRA~1\AppData\Local\Temp\12225125\....\¡¡ (Dropped File, Accessed File)
C:\Users\OQXZRA~1\AppData\Local\Temp\12225156\....\¡¡ (Dropped File, Accessed File) C:\Users\OQXZRA~1\AppData\Local\Temp\_@8A16.tmp (Dropped File, Accessed File) C:\Users\OQXZRA~1\AppData\Local\Temp\_@8A56.tmp (Dropped File, Accessed File) |
| MIME Type | application/x-empty |
| File Size | 0 Bytes (not extracted) |
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SSDeep |
3::
|
| ImpHash | - |
| c:\users\oqxzraykm\appdata\local\microsoft\windows\explorer\iconcache_32.db | Modified File | Stream |
Clean
|
...
|
»
| MIME Type | application/octet-stream |
| File Size | 1.00 MB |
| MD5 |
9c914e693f77b8eb469d213ddc13553c
|
| SHA1 |
661244a1cca0672965862fde3f7aca0f3127763d
|
| SHA256 |
bc3ae6a468f4f6196c091f8bb7139fda9d42a182bda956af1b7bb5e71e360134
|
| SSDeep |
6144:Dj0kNfcCXyn/YtE4kzYEixjLz2347aqtf:VJcZzzYEixjLH7aqt
|
| ImpHash | - |
| c:\users\oqxzraykm\appdata\local\microsoft\windows\explorer\iconcache_16.db | Modified File | Stream |
Clean
|
...
|
»
| MIME Type | application/octet-stream |
| File Size | 1.00 MB |
| MD5 |
b466aeda4977472c191cf005027d014b
|
| SHA1 |
eb241e694719eeb7aa34560534d809a7844d4faa
|
| SHA256 |
c76b2995c5cc66c351efc0154921dec12f830a1485e66f4baf96270cf0ce33a4
|
| SSDeep |
1536:7Hl7yc3dmPWLWvYayWwyCG+yb1iB1E4brGJ1L8172nR4dAlO34mUDi1:zbaYnOVTW3LU
|
| ImpHash | - |
| c:\users\oqxzraykm\appdata\local\microsoft\windows\explorer\iconcache_idx.db | Modified File | Stream |
Clean
|
...
|
»
| MIME Type | application/octet-stream |
| File Size | 28.54 KB |
| MD5 |
65e16d171764828f69f68939ca6a97bb
|
| SHA1 |
064a353ae489b6b7346ccd0c56e75fb3cd4b8b2c
|
| SHA256 |
19b5cd38c96fef8674e1591870d8c3944e459b2285f0073844e81cb191e7f489
|
| SSDeep |
96:XXMlzQzsnd/QBrtCatCB4XERxzLLuSsxkb5BZl7VGNeQEaKVNjv7leHezCIuwjew:Xcy4ndYvCxbLuSZbNeNeZaK7tdzjl6Wf
|
| ImpHash | - |
