Malicious
Classifications
Injector
Threat Names
App/Generic-PG
Dynamic Analysis Report
Created on 2024-05-16T14:43:49+00:00
2024_05_16AutoGenerated_170.exe
Windows Exe (x86-32)
Remarks (2/2)
(0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.
(0x0200000E): The overall sleep time of all monitored processes was truncated from "30 seconds" to "10 seconds" to reveal dormant functionality.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\RDhJ0CNFevzX\Desktop\2024_05_16AutoGenerated_170.exe | Sample File | Binary |
Malicious
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 1.19 MB |
| MD5 |
04ef7615485744593e28c28134f70597
|
| SHA1 |
f6059e879ba56bb8a2b6af06d7dbf2b4dcb1149a
|
| SHA256 |
691dadac8ab32d9c5d9cd1d53e9b3b7db57ea7d9fe13bfe0a5481c0fd3b386f7
|
| SSDeep |
24576:AHX2vzpbZGaKBVlEn+f3VgikCFkJ9k4i/izgNwMqfQN+Qfsqx:wGvz7GfY+f3VOCiJS46iwwMqqB0qx
|
| ImpHash |
e160ef8e55bb9d162da4e266afd9eef3
|
File Reputation Information
»
| Verdict |
Suspicious
|
| Names | App/Generic-PG |
| Classification | PUA |
PE Information
»
| Image Base | 0x00400000 |
| Entry Point | 0x004030E2 |
| Size Of Code | 0x00005E00 |
| Size Of Initialized Data | 0x00027C00 |
| Size Of Uninitialized Data | 0x00000400 |
| File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 2014-05-11 20:03 (UTC) |
Version Information (5)
»
| FileDescription | FreeRide Games |
| FileVersion | 07.03.00.00 |
| LegalCopyright | Copyright (c) 1996-2023 Exent Technologies Ltd. |
| ProductName | FreeRide Games |
| ProductVersion | 07.03.00.00 |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00401000 | 0x00005DE0 | 0x00005E00 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.51 |
| .rdata | 0x00407000 | 0x000012DA | 0x00001400 | 0x00006200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.1 |
| .data | 0x00409000 | 0x00025498 | 0x00000400 | 0x00007600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.04 |
| .ndata | 0x0042F000 | 0x00008000 | 0x00000000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .rsrc | 0x00437000 | 0x00004ED8 | 0x00005000 | 0x00007A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.05 |
Imports (8)
»
KERNEL32.dll (61)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetTickCount | - | 0x00407060 | 0x000075C4 | 0x000067C4 | 0x000001DF |
| GetFullPathNameA | - | 0x00407064 | 0x000075C8 | 0x000067C8 | 0x00000169 |
| MoveFileA | - | 0x00407068 | 0x000075CC | 0x000067CC | 0x0000026E |
| SetCurrentDirectoryA | - | 0x0040706C | 0x000075D0 | 0x000067D0 | 0x0000030A |
| GetFileAttributesA | - | 0x00407070 | 0x000075D4 | 0x000067D4 | 0x0000015E |
| GetLastError | - | 0x00407074 | 0x000075D8 | 0x000067D8 | 0x00000171 |
| CreateDirectoryA | - | 0x00407078 | 0x000075DC | 0x000067DC | 0x0000004B |
| SetFileAttributesA | - | 0x0040707C | 0x000075E0 | 0x000067E0 | 0x00000319 |
| SearchPathA | - | 0x00407080 | 0x000075E4 | 0x000067E4 | 0x000002DB |
| GetShortPathNameA | - | 0x00407084 | 0x000075E8 | 0x000067E8 | 0x000001B5 |
| GetFileSize | - | 0x00407088 | 0x000075EC | 0x000067EC | 0x00000163 |
| GetModuleFileNameA | - | 0x0040708C | 0x000075F0 | 0x000067F0 | 0x0000017D |
| GetCurrentProcess | - | 0x00407090 | 0x000075F4 | 0x000067F4 | 0x00000142 |
| CopyFileA | - | 0x00407094 | 0x000075F8 | 0x000067F8 | 0x00000043 |
| ExitProcess | - | 0x00407098 | 0x000075FC | 0x000067FC | 0x000000B9 |
| SetEnvironmentVariableA | - | 0x0040709C | 0x00007600 | 0x00006800 | 0x00000313 |
| GetWindowsDirectoryA | - | 0x004070A0 | 0x00007604 | 0x00006804 | 0x000001F3 |
| GetTempPathA | - | 0x004070A4 | 0x00007608 | 0x00006808 | 0x000001D5 |
| Sleep | - | 0x004070A8 | 0x0000760C | 0x0000680C | 0x00000356 |
| CloseHandle | - | 0x004070AC | 0x00007610 | 0x00006810 | 0x00000034 |
| LoadLibraryA | - | 0x004070B0 | 0x00007614 | 0x00006814 | 0x00000252 |
| lstrlenA | - | 0x004070B4 | 0x00007618 | 0x00006818 | 0x000003CC |
| lstrcpynA | - | 0x004070B8 | 0x0000761C | 0x0000681C | 0x000003C9 |
| GetDiskFreeSpaceA | - | 0x004070BC | 0x00007620 | 0x00006820 | 0x0000014D |
| GlobalUnlock | - | 0x004070C0 | 0x00007624 | 0x00006824 | 0x0000020A |
| GlobalLock | - | 0x004070C4 | 0x00007628 | 0x00006828 | 0x00000203 |
| CreateThread | - | 0x004070C8 | 0x0000762C | 0x0000682C | 0x0000006F |
| CreateProcessA | - | 0x004070CC | 0x00007630 | 0x00006830 | 0x00000066 |
| RemoveDirectoryA | - | 0x004070D0 | 0x00007634 | 0x00006834 | 0x000002C4 |
| CreateFileA | - | 0x004070D4 | 0x00007638 | 0x00006838 | 0x00000053 |
| GetTempFileNameA | - | 0x004070D8 | 0x0000763C | 0x0000683C | 0x000001D3 |
| ReadFile | - | 0x004070DC | 0x00007640 | 0x00006840 | 0x000002B5 |
| lstrcpyA | - | 0x004070E0 | 0x00007644 | 0x00006844 | 0x000003C6 |
| lstrcatA | - | 0x004070E4 | 0x00007648 | 0x00006848 | 0x000003BD |
| GetSystemDirectoryA | - | 0x004070E8 | 0x0000764C | 0x0000684C | 0x000001C1 |
| GetVersion | - | 0x004070EC | 0x00007650 | 0x00006850 | 0x000001E8 |
| GetProcAddress | - | 0x004070F0 | 0x00007654 | 0x00006854 | 0x000001A0 |
| GlobalAlloc | - | 0x004070F4 | 0x00007658 | 0x00006858 | 0x000001F8 |
| CompareFileTime | - | 0x004070F8 | 0x0000765C | 0x0000685C | 0x00000039 |
| SetFileTime | - | 0x004070FC | 0x00007660 | 0x00006860 | 0x0000031F |
| ExpandEnvironmentStringsA | - | 0x00407100 | 0x00007664 | 0x00006864 | 0x000000BC |
| lstrcmpiA | - | 0x00407104 | 0x00007668 | 0x00006868 | 0x000003C3 |
| lstrcmpA | - | 0x00407108 | 0x0000766C | 0x0000686C | 0x000003C0 |
| WaitForSingleObject | - | 0x0040710C | 0x00007670 | 0x00006870 | 0x00000390 |
| GlobalFree | - | 0x00407110 | 0x00007674 | 0x00006874 | 0x000001FF |
| GetExitCodeProcess | - | 0x00407114 | 0x00007678 | 0x00006878 | 0x0000015A |
| GetModuleHandleA | - | 0x00407118 | 0x0000767C | 0x0000687C | 0x0000017F |
| SetErrorMode | - | 0x0040711C | 0x00007680 | 0x00006880 | 0x00000315 |
| GetCommandLineA | - | 0x00407120 | 0x00007684 | 0x00006884 | 0x00000110 |
| LoadLibraryExA | - | 0x00407124 | 0x00007688 | 0x00006888 | 0x00000253 |
| FindFirstFileA | - | 0x00407128 | 0x0000768C | 0x0000688C | 0x000000D2 |
| FindNextFileA | - | 0x0040712C | 0x00007690 | 0x00006890 | 0x000000DC |
| DeleteFileA | - | 0x00407130 | 0x00007694 | 0x00006894 | 0x00000083 |
| SetFilePointer | - | 0x00407134 | 0x00007698 | 0x00006898 | 0x0000031B |
| WriteFile | - | 0x00407138 | 0x0000769C | 0x0000689C | 0x000003A4 |
| FindClose | - | 0x0040713C | 0x000076A0 | 0x000068A0 | 0x000000CE |
| WritePrivateProfileStringA | - | 0x00407140 | 0x000076A4 | 0x000068A4 | 0x000003A9 |
| MultiByteToWideChar | - | 0x00407144 | 0x000076A8 | 0x000068A8 | 0x00000275 |
| MulDiv | - | 0x00407148 | 0x000076AC | 0x000068AC | 0x00000274 |
| GetPrivateProfileStringA | - | 0x0040714C | 0x000076B0 | 0x000068B0 | 0x0000019C |
| FreeLibrary | - | 0x00407150 | 0x000076B4 | 0x000068B4 | 0x000000F8 |
USER32.dll (63)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CreateWindowExA | - | 0x00407174 | 0x000076D8 | 0x000068D8 | 0x00000060 |
| EndDialog | - | 0x00407178 | 0x000076DC | 0x000068DC | 0x000000C6 |
| ScreenToClient | - | 0x0040717C | 0x000076E0 | 0x000068E0 | 0x00000231 |
| GetWindowRect | - | 0x00407180 | 0x000076E4 | 0x000068E4 | 0x00000174 |
| EnableMenuItem | - | 0x00407184 | 0x000076E8 | 0x000068E8 | 0x000000C2 |
| GetSystemMenu | - | 0x00407188 | 0x000076EC | 0x000068EC | 0x0000015C |
| SetClassLongA | - | 0x0040718C | 0x000076F0 | 0x000068F0 | 0x00000247 |
| IsWindowEnabled | - | 0x00407190 | 0x000076F4 | 0x000068F4 | 0x000001AE |
| SetWindowPos | - | 0x00407194 | 0x000076F8 | 0x000068F8 | 0x00000283 |
| GetSysColor | - | 0x00407198 | 0x000076FC | 0x000068FC | 0x0000015A |
| GetWindowLongA | - | 0x0040719C | 0x00007700 | 0x00006900 | 0x0000016E |
| SetCursor | - | 0x004071A0 | 0x00007704 | 0x00006904 | 0x0000024D |
| LoadCursorA | - | 0x004071A4 | 0x00007708 | 0x00006908 | 0x000001BA |
| CheckDlgButton | - | 0x004071A8 | 0x0000770C | 0x0000690C | 0x00000038 |
| GetMessagePos | - | 0x004071AC | 0x00007710 | 0x00006910 | 0x0000013C |
| LoadBitmapA | - | 0x004071B0 | 0x00007714 | 0x00006914 | 0x000001B8 |
| CallWindowProcA | - | 0x004071B4 | 0x00007718 | 0x00006918 | 0x0000001B |
| IsWindowVisible | - | 0x004071B8 | 0x0000771C | 0x0000691C | 0x000001B1 |
| CloseClipboard | - | 0x004071BC | 0x00007720 | 0x00006920 | 0x00000042 |
| GetDC | - | 0x004071C0 | 0x00007724 | 0x00006924 | 0x0000010C |
| SystemParametersInfoA | - | 0x004071C4 | 0x00007728 | 0x00006928 | 0x00000299 |
| RegisterClassA | - | 0x004071C8 | 0x0000772C | 0x0000692C | 0x00000216 |
| TrackPopupMenu | - | 0x004071CC | 0x00007730 | 0x00006930 | 0x000002A4 |
| AppendMenuA | - | 0x004071D0 | 0x00007734 | 0x00006934 | 0x00000008 |
| CreatePopupMenu | - | 0x004071D4 | 0x00007738 | 0x00006938 | 0x0000005E |
| GetSystemMetrics | - | 0x004071D8 | 0x0000773C | 0x0000693C | 0x0000015D |
| SetDlgItemTextA | - | 0x004071DC | 0x00007740 | 0x00006940 | 0x00000253 |
| GetDlgItemTextA | - | 0x004071E0 | 0x00007744 | 0x00006944 | 0x00000113 |
| MessageBoxIndirectA | - | 0x004071E4 | 0x00007748 | 0x00006948 | 0x000001E2 |
| CharPrevA | - | 0x004071E8 | 0x0000774C | 0x0000694C | 0x0000002D |
| DispatchMessageA | - | 0x004071EC | 0x00007750 | 0x00006950 | 0x000000A1 |
| PeekMessageA | - | 0x004071F0 | 0x00007754 | 0x00006954 | 0x00000200 |
| ReleaseDC | - | 0x004071F4 | 0x00007758 | 0x00006958 | 0x0000022A |
| EnableWindow | - | 0x004071F8 | 0x0000775C | 0x0000695C | 0x000000C4 |
| InvalidateRect | - | 0x004071FC | 0x00007760 | 0x00006960 | 0x00000193 |
| SendMessageA | - | 0x00407200 | 0x00007764 | 0x00006964 | 0x0000023B |
| DefWindowProcA | - | 0x00407204 | 0x00007768 | 0x00006968 | 0x0000008E |
| BeginPaint | - | 0x00407208 | 0x0000776C | 0x0000696C | 0x0000000D |
| GetClientRect | - | 0x0040720C | 0x00007770 | 0x00006970 | 0x000000FF |
| FillRect | - | 0x00407210 | 0x00007774 | 0x00006974 | 0x000000E2 |
| DrawTextA | - | 0x00407214 | 0x00007778 | 0x00006978 | 0x000000BC |
| GetClassInfoA | - | 0x00407218 | 0x0000777C | 0x0000697C | 0x000000F6 |
| DialogBoxParamA | - | 0x0040721C | 0x00007780 | 0x00006980 | 0x0000009E |
| CharNextA | - | 0x00407220 | 0x00007784 | 0x00006984 | 0x0000002A |
| ExitWindowsEx | - | 0x00407224 | 0x00007788 | 0x00006988 | 0x000000E1 |
| DestroyWindow | - | 0x00407228 | 0x0000778C | 0x0000698C | 0x00000099 |
| CreateDialogParamA | - | 0x0040722C | 0x00007790 | 0x00006990 | 0x00000055 |
| SetTimer | - | 0x00407230 | 0x00007794 | 0x00006994 | 0x0000027A |
| GetDlgItem | - | 0x00407234 | 0x00007798 | 0x00006998 | 0x00000111 |
| wsprintfA | - | 0x00407238 | 0x0000779C | 0x0000699C | 0x000002D7 |
| SetForegroundWindow | - | 0x0040723C | 0x000077A0 | 0x000069A0 | 0x00000257 |
| ShowWindow | - | 0x00407240 | 0x000077A4 | 0x000069A4 | 0x00000292 |
| IsWindow | - | 0x00407244 | 0x000077A8 | 0x000069A8 | 0x000001AD |
| LoadImageA | - | 0x00407248 | 0x000077AC | 0x000069AC | 0x000001C0 |
| SetWindowLongA | - | 0x0040724C | 0x000077B0 | 0x000069B0 | 0x00000280 |
| SetClipboardData | - | 0x00407250 | 0x000077B4 | 0x000069B4 | 0x0000024A |
| EmptyClipboard | - | 0x00407254 | 0x000077B8 | 0x000069B8 | 0x000000C1 |
| OpenClipboard | - | 0x00407258 | 0x000077BC | 0x000069BC | 0x000001F6 |
| EndPaint | - | 0x0040725C | 0x000077C0 | 0x000069C0 | 0x000000C8 |
| PostQuitMessage | - | 0x00407260 | 0x000077C4 | 0x000069C4 | 0x00000204 |
| FindWindowExA | - | 0x00407264 | 0x000077C8 | 0x000069C8 | 0x000000E4 |
| SendMessageTimeoutA | - | 0x00407268 | 0x000077CC | 0x000069CC | 0x0000023E |
| SetWindowTextA | - | 0x0040726C | 0x000077D0 | 0x000069D0 | 0x00000286 |
GDI32.dll (8)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SelectObject | - | 0x0040703C | 0x000075A0 | 0x000067A0 | 0x0000020E |
| SetBkMode | - | 0x00407040 | 0x000075A4 | 0x000067A4 | 0x00000216 |
| CreateFontIndirectA | - | 0x00407044 | 0x000075A8 | 0x000067A8 | 0x0000003A |
| SetTextColor | - | 0x00407048 | 0x000075AC | 0x000067AC | 0x0000023C |
| DeleteObject | - | 0x0040704C | 0x000075B0 | 0x000067B0 | 0x0000008F |
| GetDeviceCaps | - | 0x00407050 | 0x000075B4 | 0x000067B4 | 0x0000016B |
| CreateBrushIndirect | - | 0x00407054 | 0x000075B8 | 0x000067B8 | 0x00000029 |
| SetBkColor | - | 0x00407058 | 0x000075BC | 0x000067BC | 0x00000215 |
SHELL32.dll (6)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SHGetSpecialFolderLocation | - | 0x00407158 | 0x000076BC | 0x000068BC | 0x000000C3 |
| SHGetPathFromIDListA | - | 0x0040715C | 0x000076C0 | 0x000068C0 | 0x000000BC |
| SHBrowseForFolderA | - | 0x00407160 | 0x000076C4 | 0x000068C4 | 0x00000079 |
| SHGetFileInfoA | - | 0x00407164 | 0x000076C8 | 0x000068C8 | 0x000000AC |
| ShellExecuteA | - | 0x00407168 | 0x000076CC | 0x000068CC | 0x00000107 |
| SHFileOperationA | - | 0x0040716C | 0x000076D0 | 0x000068D0 | 0x0000009A |
ADVAPI32.dll (9)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegCloseKey | - | 0x00407000 | 0x00007564 | 0x00006764 | 0x000001CB |
| RegOpenKeyExA | - | 0x00407004 | 0x00007568 | 0x00006768 | 0x000001EC |
| RegDeleteKeyA | - | 0x00407008 | 0x0000756C | 0x0000676C | 0x000001D4 |
| RegDeleteValueA | - | 0x0040700C | 0x00007570 | 0x00006770 | 0x000001D8 |
| RegEnumValueA | - | 0x00407010 | 0x00007574 | 0x00006774 | 0x000001E1 |
| RegCreateKeyExA | - | 0x00407014 | 0x00007578 | 0x00006778 | 0x000001D1 |
| RegSetValueExA | - | 0x00407018 | 0x0000757C | 0x0000677C | 0x00000204 |
| RegQueryValueExA | - | 0x0040701C | 0x00007580 | 0x00006780 | 0x000001F7 |
| RegEnumKeyA | - | 0x00407020 | 0x00007584 | 0x00006784 | 0x000001DD |
COMCTL32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ImageList_Create | - | 0x00407028 | 0x0000758C | 0x0000678C | 0x00000037 |
| ImageList_AddMasked | - | 0x0040702C | 0x00007590 | 0x00006790 | 0x00000034 |
| ImageList_Destroy | - | 0x00407030 | 0x00007594 | 0x00006794 | 0x00000038 |
| None | 0x00000011 | 0x00407034 | 0x00007598 | 0x00006798 | - |
ole32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CoCreateInstance | - | 0x00407284 | 0x000077E8 | 0x000069E8 | 0x00000010 |
| CoTaskMemFree | - | 0x00407288 | 0x000077EC | 0x000069EC | 0x00000065 |
| OleInitialize | - | 0x0040728C | 0x000077F0 | 0x000069F0 | 0x000000EE |
| OleUninitialize | - | 0x00407290 | 0x000077F4 | 0x000069F4 | 0x00000105 |
VERSION.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetFileVersionInfoSizeA | - | 0x00407274 | 0x000077D8 | 0x000069D8 | 0x00000001 |
| GetFileVersionInfoA | - | 0x00407278 | 0x000077DC | 0x000069DC | 0x00000000 |
| VerQueryValueA | - | 0x0040727C | 0x000077E0 | 0x000069E0 | 0x0000000A |
Digital Signature Information
»
| Verification Status | Valid |
Certificate: Exent Technologies LTD.
»
| Issued by | Exent Technologies LTD. |
| Parent Certificate | DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 |
| Country Name | IL |
| Valid From | 2023-07-29 00:00 (UTC) |
| Valid Until | 2024-07-30 23:59 (UTC) |
| Algorithm | sha256_rsa |
| Serial Number | 07 A3 4A DA 1C 14 36 31 F1 CE 98 33 9D 73 43 FD |
| Thumbprint | C7 87 B1 9D 3E 4E D1 1D F3 97 4B 2A 27 AA 10 76 ED 25 36 4B |
Certificate: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
»
| Issued by | DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 |
| Country Name | US |
| Valid From | 2021-04-29 00:00 (UTC) |
| Valid Until | 2036-04-28 23:59 (UTC) |
| Algorithm | sha384_rsa |
| Serial Number | 08 AD 40 B2 60 D2 9C 4C 9F 5E CD A9 BD 93 AE D9 |
| Thumbprint | 7B 0F 36 0B 77 5F 76 C9 4A 12 CA 48 44 5A A2 D2 A8 75 70 1C |
Memory Dumps (4)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 2024_05_16autogenerated_170.exe | 1 | 0x00400000 | 0x0043BFFF | Relevant Image |
|
32-bit | 0x00405EBC |
|
...
|
| system.dll | 1 | 0x10000000 | 0x10005FFF | First Execution |
|
32-bit | 0x100016DA |
|
...
|
| selfdel.dll | 1 | 0x70790000 | 0x70798FFF | First Execution |
|
32-bit | 0x70797640 |
|
...
|
| 2024_05_16autogenerated_170.exe | 1 | 0x00400000 | 0x0043BFFF | Process Termination |
|
32-bit | - |
|
...
|
| C:\Users\RDHJ0C~1\AppData\Local\Temp\SDM143\Free Ride Games.exe | Dropped File | Binary |
Suspicious
Known to be clean.
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 519.21 KB |
| MD5 |
2db35d715864b8846f21dc95756171e0
|
| SHA1 |
ed9030449256bd21e4f041961fb27bbbeddd7fff
|
| SHA256 |
854bb62475a4b700a7ec49651610d050f1651491d0148c4bd4928b18bdc0436b
|
| SSDeep |
12288:7i5lxmt3u9QBxVlyR+f3BeqibabMrh9ec9crnk9fVfb1YoSoJ:7QGeKfVlyR+f3BesMSRk99b1j
|
| ImpHash |
a0cbe7509ada3fe976d781a2ca426a8f
|
File Reputation Information
»
| Verdict |
Clean
Known to be clean.
|
PE Information
»
| Image Base | 0x00400000 |
| Entry Point | 0x0055CA20 |
| Size Of Code | 0x0007B000 |
| Size Of Initialized Data | 0x00006000 |
| Size Of Uninitialized Data | 0x000E2000 |
| File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 2020-02-13 16:16 (UTC) |
Version Information (12)
»
| Comments | SV12 |
| CompanyName | Exent Technologies Ltd. |
| FileDescription | FreeRide Games |
| FileVersion | 1, 0, 1, 21 |
| InternalName | FreeRide Games |
| LegalCopyright | Copyright © 1996-2020 Exent Technologies Ltd. All rights reserved. |
| LegalTrademarks | - |
| OriginalFilename | FreeRide Games.EXE |
| PrivateBuild | - |
| ProductName | FreeRide Games |
| ProductVersion | 1, 0, 1, 21 |
| SpecialBuild | - |
Sections (3)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| UPX0 | 0x00401000 | 0x000E2000 | 0x00000000 | 0x00000400 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| UPX1 | 0x004E3000 | 0x0007B000 | 0x0007A600 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 8.0 |
| .rsrc | 0x0055E000 | 0x00006000 | 0x00005800 | 0x0007AA00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.07 |
Imports (19)
»
KERNEL32.DLL (6)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| LoadLibraryA | - | 0x005633F0 | 0x001633F0 | 0x0007FDF0 | 0x00000000 |
| GetProcAddress | - | 0x005633F4 | 0x001633F4 | 0x0007FDF4 | 0x00000000 |
| VirtualProtect | - | 0x005633F8 | 0x001633F8 | 0x0007FDF8 | 0x00000000 |
| VirtualAlloc | - | 0x005633FC | 0x001633FC | 0x0007FDFC | 0x00000000 |
| VirtualFree | - | 0x00563400 | 0x00163400 | 0x0007FE00 | 0x00000000 |
| ExitProcess | - | 0x00563404 | 0x00163404 | 0x0007FE04 | 0x00000000 |
ADVAPI32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| FreeSid | - | 0x0056340C | 0x0016340C | 0x0007FE0C | 0x00000000 |
COMCTL32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| None | 0x00000011 | 0x00563414 | 0x00163414 | 0x0007FE14 | - |
comdlg32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetFileTitleW | - | 0x0056341C | 0x0016341C | 0x0007FE1C | 0x00000000 |
CRYPT32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CryptUnprotectData | - | 0x00563424 | 0x00163424 | 0x0007FE24 | 0x00000000 |
GDI32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| Escape | - | 0x0056342C | 0x0016342C | 0x0007FE2C | 0x00000000 |
ole32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| OleRun | - | 0x00563434 | 0x00163434 | 0x0007FE34 | 0x00000000 |
OLEAUT32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SysFreeString | 0x00000006 | 0x0056343C | 0x0016343C | 0x0007FE3C | - |
oledlg.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| OleUIBusyW | - | 0x00563444 | 0x00163444 | 0x0007FE44 | 0x00000000 |
OLEPRO32.DLL (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| None | 0x000000FD | 0x0056344C | 0x0016344C | 0x0007FE4C | - |
RPCRT4.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| UuidToStringA | - | 0x00563454 | 0x00163454 | 0x0007FE54 | 0x00000000 |
SensApi.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| IsNetworkAlive | - | 0x0056345C | 0x0016345C | 0x0007FE5C | 0x00000000 |
SHELL32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ShellExecuteA | - | 0x00563464 | 0x00163464 | 0x0007FE64 | 0x00000000 |
USER32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetDC | - | 0x0056346C | 0x0016346C | 0x0007FE6C | 0x00000000 |
VERSION.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetFileVersionInfoA | - | 0x00563474 | 0x00163474 | 0x0007FE74 | 0x00000000 |
WININET.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| InternetOpenA | - | 0x0056347C | 0x0016347C | 0x0007FE7C | 0x00000000 |
WINMM.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| timeGetTime | - | 0x00563484 | 0x00163484 | 0x0007FE84 | 0x00000000 |
WINSPOOL.DRV (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| OpenPrinterW | - | 0x0056348C | 0x0016348C | 0x0007FE8C | 0x00000000 |
WSOCK32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| gethostname | 0x00000039 | 0x00563494 | 0x00163494 | 0x0007FE94 | - |
Digital Signature Information
»
| Verification Status | Valid |
Certificate: Exent Technologies Ltd.
»
| Issued by | Exent Technologies Ltd. |
| Parent Certificate | thawte SHA256 Code Signing CA |
| Country Name | IL |
| Valid From | 2019-09-19 00:00 (UTC) |
| Valid Until | 2021-09-18 23:59 (UTC) |
| Algorithm | sha256_rsa |
| Serial Number | 49 42 5F 39 CC 24 23 F0 FA 47 51 9C 22 D2 7B A9 |
| Thumbprint | 3F 10 FA EA 5B 4F 4A 21 29 0A 4B 71 DA BE 64 2F 67 BF E6 27 |
Certificate: thawte SHA256 Code Signing CA
»
| Issued by | thawte SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00 (UTC) |
| Valid Until | 2023-12-09 23:59 (UTC) |
| Algorithm | sha256_rsa |
| Serial Number | 71 A0 B7 36 95 DD B1 AF C2 3B 2B 9A 18 EE 54 CB |
| Thumbprint | D0 0C FD BF 46 C9 8A 83 8B C1 0D C4 E0 97 AE 01 52 C4 61 BC |
Memory Dumps (1)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| free ride games.exe | 2 | 0x00400000 | 0x00563FFF | First Execution |
|
32-bit | 0x0055CA20 |
|
...
|
| C:\Users\RDHJ0C~1\AppData\Local\Temp\SDM143\resourceDll.dll | Dropped File | Binary |
Suspicious
Known to be clean.
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 171.33 KB |
| MD5 |
5cf0fba9e8775382233c8e63e52c838a
|
| SHA1 |
b2a092f71eff0f6916652d7f3bfde9204eda5636
|
| SHA256 |
7d940af8950b106227539cd4bdfb62f2d37a4abeaf568ebe2275fd31058c2ca5
|
| SSDeep |
3072:+ZY/h+iA4GaJfGZK2MiMq5dpNQA2Wj5vg/ySQGdXMd86a30GCooutkzjO:YWwqGaJfGZ1Mq5BRj2/yR8XMZ0CooSkz
|
| ImpHash |
9b821a35d20f9a8955f8d5e54b175675
|
File Reputation Information
»
| Verdict |
Clean
Known to be clean.
|
PE Information
»
| Image Base | 0x10000000 |
| Entry Point | 0x10097800 |
| Size Of Code | 0x00024000 |
| Size Of Initialized Data | 0x00006000 |
| Size Of Uninitialized Data | 0x00074000 |
| File Type | IMAGE_FILE_DLL |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 2008-08-19 08:43 (UTC) |
Version Information (12)
»
| Comments | - |
| CompanyName | Exent |
| FileDescription | resourcedll |
| FileVersion | 1, 2, 0, 33 |
| InternalName | resourcedll |
| LegalCopyright | Copyright © 2018 |
| LegalTrademarks | - |
| OriginalFilename | resourcedll.dll |
| PrivateBuild | - |
| ProductName | Exent resourcedll |
| ProductVersion | 1, 2, 0, 33 |
| SpecialBuild | - |
Sections (3)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| UPX0 | 0x10001000 | 0x00074000 | 0x00000000 | 0x00000400 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| UPX1 | 0x10075000 | 0x00024000 | 0x00023400 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 8.0 |
| .rsrc | 0x10099000 | 0x00006000 | 0x00005A00 | 0x00023800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.32 |
Imports (1)
»
KERNEL32.DLL (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| LoadLibraryA | - | 0x1009E950 | 0x0009E950 | 0x00029150 | 0x00000000 |
| GetProcAddress | - | 0x1009E954 | 0x0009E954 | 0x00029154 | 0x00000000 |
| VirtualProtect | - | 0x1009E958 | 0x0009E958 | 0x00029158 | 0x00000000 |
| VirtualAlloc | - | 0x1009E95C | 0x0009E95C | 0x0002915C | 0x00000000 |
| VirtualFree | - | 0x1009E960 | 0x0009E960 | 0x00029160 | 0x00000000 |
Digital Signature Information
»
| Verification Status | Failed |
Certificate: Exent Technologies Ltd.
»
| Issued by | Exent Technologies Ltd. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | IL |
| Valid From | 2017-10-03 00:00 (UTC) |
| Valid Until | 2018-10-03 23:59 (UTC) |
| Algorithm | sha256_rsa |
| Serial Number | 38 CC 14 0E 0A CD 4F D3 DA B0 79 8B 63 B2 9D 36 |
| Thumbprint | D5 3D CC 35 5B 87 26 81 62 23 24 83 0D 92 4D 27 4C 90 8F 54 |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00 (UTC) |
| Valid Until | 2023-12-09 23:59 (UTC) |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\Users\RDHJ0C~1\AppData\Local\Temp\SDM143\Splasher.dll | Dropped File | Binary |
Clean
Known to be clean.
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 475.85 KB |
| MD5 |
41d94c8eb8cb17e04f8ec6e14132f9ca
|
| SHA1 |
add92b031eb36b26335763780df88bca58636ed7
|
| SHA256 |
2e522a4da2c291ebcde484b4a04a6ef0691a732b9db454f12399d3e577327c96
|
| SSDeep |
12288:2I2EL1NaycNyL+kNmQLnmQtMleiQ8Zceqw1:tTayPLDltMUiQ8Zceqw1
|
| ImpHash |
8926e573f4b66cfe7558e5db5a6688aa
|
File Reputation Information
»
| Verdict |
Clean
Known to be clean.
|
PE Information
»
| Image Base | 0x10000000 |
| Entry Point | 0x1002987E |
| Size Of Code | 0x0005AA00 |
| Size Of Initialized Data | 0x0001A600 |
| File Type | IMAGE_FILE_DLL |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 2014-09-21 08:08 (UTC) |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x10001000 | 0x0005A883 | 0x0005AA00 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.69 |
| .rdata | 0x1005C000 | 0x0000EABF | 0x0000EC00 | 0x0005AE00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.8 |
| .data | 0x1006B000 | 0x00005708 | 0x00003400 | 0x00069A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.88 |
| .tls | 0x10071000 | 0x00000002 | 0x00000200 | 0x0006CE00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .rsrc | 0x10072000 | 0x000001B4 | 0x00000200 | 0x0006D000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.11 |
| .reloc | 0x10073000 | 0x00008178 | 0x00008200 | 0x0006D200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 4.46 |
Imports (4)
»
KERNEL32.dll (103)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| OutputDebugStringA | - | 0x1005C018 | 0x00069ED8 | 0x00068CD8 | 0x00000389 |
| CreateEventA | - | 0x1005C01C | 0x00069EDC | 0x00068CDC | 0x00000082 |
| SetEvent | - | 0x1005C020 | 0x00069EE0 | 0x00068CE0 | 0x00000459 |
| WaitForSingleObject | - | 0x1005C024 | 0x00069EE4 | 0x00068CE4 | 0x000004F9 |
| GetModuleHandleExW | - | 0x1005C028 | 0x00069EE8 | 0x00068CE8 | 0x00000217 |
| GetTimeZoneInformation | - | 0x1005C02C | 0x00069EEC | 0x00068CEC | 0x00000298 |
| CompareStringW | - | 0x1005C030 | 0x00069EF0 | 0x00068CF0 | 0x00000064 |
| GetDateFormatA | - | 0x1005C034 | 0x00069EF4 | 0x00068CF4 | 0x000001C6 |
| GetTimeFormatA | - | 0x1005C038 | 0x00069EF8 | 0x00068CF8 | 0x00000295 |
| AreFileApisANSI | - | 0x1005C03C | 0x00069EFC | 0x00068CFC | 0x00000015 |
| GetModuleHandleA | - | 0x1005C040 | 0x00069F00 | 0x00068D00 | 0x00000215 |
| FindFirstFileW | - | 0x1005C044 | 0x00069F04 | 0x00068D04 | 0x00000139 |
| GetCurrentDirectoryW | - | 0x1005C048 | 0x00069F08 | 0x00068D08 | 0x000001BF |
| GetFileAttributesW | - | 0x1005C04C | 0x00069F0C | 0x00068D0C | 0x000001EA |
| DeviceIoControl | - | 0x1005C050 | 0x00069F10 | 0x00068D10 | 0x000000DD |
| HeapAlloc | - | 0x1005C054 | 0x00069F14 | 0x00068D14 | 0x000002CB |
| GetProcessHeap | - | 0x1005C058 | 0x00069F18 | 0x00068D18 | 0x0000024A |
| HeapFree | - | 0x1005C05C | 0x00069F1C | 0x00068D1C | 0x000002CF |
| GetTickCount | - | 0x1005C060 | 0x00069F20 | 0x00068D20 | 0x00000293 |
| CreateFileW | - | 0x1005C064 | 0x00069F24 | 0x00068D24 | 0x0000008F |
| ReadFile | - | 0x1005C068 | 0x00069F28 | 0x00068D28 | 0x000003C0 |
| SetFilePointer | - | 0x1005C06C | 0x00069F2C | 0x00068D2C | 0x00000466 |
| WriteFile | - | 0x1005C070 | 0x00069F30 | 0x00068D30 | 0x00000525 |
| GetLastError | - | 0x1005C074 | 0x00069F34 | 0x00068D34 | 0x00000202 |
| SetLastError | - | 0x1005C078 | 0x00069F38 | 0x00068D38 | 0x00000473 |
| FlushFileBuffers | - | 0x1005C07C | 0x00069F3C | 0x00068D3C | 0x00000157 |
| FindNextFileW | - | 0x1005C080 | 0x00069F40 | 0x00068D40 | 0x00000145 |
| CloseHandle | - | 0x1005C084 | 0x00069F44 | 0x00068D44 | 0x00000052 |
| InterlockedCompareExchange | - | 0x1005C088 | 0x00069F48 | 0x00068D48 | 0x000002E9 |
| InterlockedExchange | - | 0x1005C08C | 0x00069F4C | 0x00068D4C | 0x000002EC |
| MultiByteToWideChar | - | 0x1005C090 | 0x00069F50 | 0x00068D50 | 0x00000367 |
| InterlockedIncrement | - | 0x1005C094 | 0x00069F54 | 0x00068D54 | 0x000002EF |
| InterlockedDecrement | - | 0x1005C098 | 0x00069F58 | 0x00068D58 | 0x000002EB |
| WideCharToMultiByte | - | 0x1005C09C | 0x00069F5C | 0x00068D5C | 0x00000511 |
| GetStringTypeW | - | 0x1005C0A0 | 0x00069F60 | 0x00068D60 | 0x00000269 |
| Sleep | - | 0x1005C0A4 | 0x00069F64 | 0x00068D64 | 0x000004B2 |
| InitializeCriticalSection | - | 0x1005C0A8 | 0x00069F68 | 0x00068D68 | 0x000002E2 |
| DeleteCriticalSection | - | 0x1005C0AC | 0x00069F6C | 0x00068D6C | 0x000000D1 |
| EnterCriticalSection | - | 0x1005C0B0 | 0x00069F70 | 0x00068D70 | 0x000000EE |
| LeaveCriticalSection | - | 0x1005C0B4 | 0x00069F74 | 0x00068D74 | 0x00000339 |
| EncodePointer | - | 0x1005C0B8 | 0x00069F78 | 0x00068D78 | 0x000000EA |
| DecodePointer | - | 0x1005C0BC | 0x00069F7C | 0x00068D7C | 0x000000CA |
| GetSystemTimeAsFileTime | - | 0x1005C0C0 | 0x00069F80 | 0x00068D80 | 0x00000279 |
| TlsAlloc | - | 0x1005C0C4 | 0x00069F84 | 0x00068D84 | 0x000004C5 |
| TlsFree | - | 0x1005C0C8 | 0x00069F88 | 0x00068D88 | 0x000004C6 |
| TlsGetValue | - | 0x1005C0CC | 0x00069F8C | 0x00068D8C | 0x000004C7 |
| GetCurrentThreadId | - | 0x1005C0D0 | 0x00069F90 | 0x00068D90 | 0x000001C5 |
| GetCurrentProcessId | - | 0x1005C0D4 | 0x00069F94 | 0x00068D94 | 0x000001C1 |
| OpenEventA | - | 0x1005C0D8 | 0x00069F98 | 0x00068D98 | 0x00000374 |
| ResetEvent | - | 0x1005C0DC | 0x00069F9C | 0x00068D9C | 0x0000040F |
| TlsSetValue | - | 0x1005C0E0 | 0x00069FA0 | 0x00068DA0 | 0x000004C8 |
| ResumeThread | - | 0x1005C0E4 | 0x00069FA4 | 0x00068DA4 | 0x00000413 |
| LocalFree | - | 0x1005C0E8 | 0x00069FA8 | 0x00068DA8 | 0x00000348 |
| FormatMessageA | - | 0x1005C0EC | 0x00069FAC | 0x00068DAC | 0x0000015D |
| QueryPerformanceCounter | - | 0x1005C0F0 | 0x00069FB0 | 0x00068DB0 | 0x000003A7 |
| GetUserDefaultLCID | - | 0x1005C0F4 | 0x00069FB4 | 0x00068DB4 | 0x0000029B |
| GetStringTypeExA | - | 0x1005C0F8 | 0x00069FB8 | 0x00068DB8 | 0x00000267 |
| FreeLibrary | - | 0x1005C0FC | 0x00069FBC | 0x00068DBC | 0x00000162 |
| LCMapStringA | - | 0x1005C100 | 0x00069FC0 | 0x00068DC0 | 0x0000032B |
| LCMapStringW | - | 0x1005C104 | 0x00069FC4 | 0x00068DC4 | 0x0000032D |
| LoadLibraryA | - | 0x1005C108 | 0x00069FC8 | 0x00068DC8 | 0x0000033C |
| GetCommandLineA | - | 0x1005C10C | 0x00069FCC | 0x00068DCC | 0x00000186 |
| RaiseException | - | 0x1005C110 | 0x00069FD0 | 0x00068DD0 | 0x000003B1 |
| RtlUnwind | - | 0x1005C114 | 0x00069FD4 | 0x00068DD4 | 0x00000418 |
| GetCPInfo | - | 0x1005C118 | 0x00069FD8 | 0x00068DD8 | 0x00000172 |
| ExitThread | - | 0x1005C11C | 0x00069FDC | 0x00068DDC | 0x0000011A |
| CreateThread | - | 0x1005C120 | 0x00069FE0 | 0x00068DE0 | 0x000000B5 |
| TerminateProcess | - | 0x1005C124 | 0x00069FE4 | 0x00068DE4 | 0x000004C0 |
| GetCurrentProcess | - | 0x1005C128 | 0x00069FE8 | 0x00068DE8 | 0x000001C0 |
| UnhandledExceptionFilter | - | 0x1005C12C | 0x00069FEC | 0x00068DEC | 0x000004D3 |
| SetUnhandledExceptionFilter | - | 0x1005C130 | 0x00069FF0 | 0x00068DF0 | 0x000004A5 |
| IsDebuggerPresent | - | 0x1005C134 | 0x00069FF4 | 0x00068DF4 | 0x00000300 |
| IsProcessorFeaturePresent | - | 0x1005C138 | 0x00069FF8 | 0x00068DF8 | 0x00000304 |
| InitializeCriticalSectionAndSpinCount | - | 0x1005C13C | 0x00069FFC | 0x00068DFC | 0x000002E3 |
| SetHandleCount | - | 0x1005C140 | 0x0006A000 | 0x00068E00 | 0x0000046F |
| GetStdHandle | - | 0x1005C144 | 0x0006A004 | 0x00068E04 | 0x00000264 |
| GetFileType | - | 0x1005C148 | 0x0006A008 | 0x00068E08 | 0x000001F3 |
| GetStartupInfoW | - | 0x1005C14C | 0x0006A00C | 0x00068E0C | 0x00000263 |
| GetModuleFileNameW | - | 0x1005C150 | 0x0006A010 | 0x00068E10 | 0x00000214 |
| GetLocaleInfoW | - | 0x1005C154 | 0x0006A014 | 0x00068E14 | 0x00000206 |
| HeapSize | - | 0x1005C158 | 0x0006A018 | 0x00068E18 | 0x000002D4 |
| GetProcAddress | - | 0x1005C15C | 0x0006A01C | 0x00068E1C | 0x00000245 |
| GetModuleHandleW | - | 0x1005C160 | 0x0006A020 | 0x00068E20 | 0x00000218 |
| ExitProcess | - | 0x1005C164 | 0x0006A024 | 0x00068E24 | 0x00000119 |
| HeapCreate | - | 0x1005C168 | 0x0006A028 | 0x00068E28 | 0x000002CD |
| HeapDestroy | - | 0x1005C16C | 0x0006A02C | 0x00068E2C | 0x000002CE |
| GetModuleFileNameA | - | 0x1005C170 | 0x0006A030 | 0x00068E30 | 0x00000213 |
| FreeEnvironmentStringsW | - | 0x1005C174 | 0x0006A034 | 0x00068E34 | 0x00000161 |
| GetEnvironmentStringsW | - | 0x1005C178 | 0x0006A038 | 0x00068E38 | 0x000001DA |
| GetACP | - | 0x1005C17C | 0x0006A03C | 0x00068E3C | 0x00000168 |
| GetOEMCP | - | 0x1005C180 | 0x0006A040 | 0x00068E40 | 0x00000237 |
| IsValidCodePage | - | 0x1005C184 | 0x0006A044 | 0x00068E44 | 0x0000030A |
| GetLocaleInfoA | - | 0x1005C188 | 0x0006A048 | 0x00068E48 | 0x00000204 |
| EnumSystemLocalesA | - | 0x1005C18C | 0x0006A04C | 0x00068E4C | 0x0000010D |
| IsValidLocale | - | 0x1005C190 | 0x0006A050 | 0x00068E50 | 0x0000030C |
| HeapReAlloc | - | 0x1005C194 | 0x0006A054 | 0x00068E54 | 0x000002D2 |
| GetConsoleCP | - | 0x1005C198 | 0x0006A058 | 0x00068E58 | 0x0000019A |
| GetConsoleMode | - | 0x1005C19C | 0x0006A05C | 0x00068E5C | 0x000001AC |
| LoadLibraryW | - | 0x1005C1A0 | 0x0006A060 | 0x00068E60 | 0x0000033F |
| SetStdHandle | - | 0x1005C1A4 | 0x0006A064 | 0x00068E64 | 0x00000487 |
| WriteConsoleW | - | 0x1005C1A8 | 0x0006A068 | 0x00068E68 | 0x00000524 |
| FindClose | - | 0x1005C1AC | 0x0006A06C | 0x00068E6C | 0x0000012E |
| SetEnvironmentVariableA | - | 0x1005C1B0 | 0x0006A070 | 0x00068E70 | 0x00000456 |
USER32.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetDesktopWindow | - | 0x1005C1C0 | 0x0006A080 | 0x00068E80 | 0x00000123 |
| GetWindowRect | - | 0x1005C1C4 | 0x0006A084 | 0x00068E84 | 0x0000019C |
| UnregisterClassW | - | 0x1005C1C8 | 0x0006A088 | 0x00068E88 | 0x00000306 |
| DispatchMessageW | - | 0x1005C1CC | 0x0006A08C | 0x00068E8C | 0x000000AF |
| TranslateMessage | - | 0x1005C1D0 | 0x0006A090 | 0x00068E90 | 0x000002FC |
| GetMessageW | - | 0x1005C1D4 | 0x0006A094 | 0x00068E94 | 0x0000015D |
| SetTimer | - | 0x1005C1D8 | 0x0006A098 | 0x00068E98 | 0x000002BB |
| ShowWindow | - | 0x1005C1DC | 0x0006A09C | 0x00068E9C | 0x000002DF |
| SetWindowLongW | - | 0x1005C1E0 | 0x0006A0A0 | 0x00068EA0 | 0x000002C4 |
| CreateWindowExW | - | 0x1005C1E4 | 0x0006A0A4 | 0x00068EA4 | 0x0000006E |
| RegisterClassW | - | 0x1005C1E8 | 0x0006A0A8 | 0x00068EA8 | 0x0000024E |
| DefWindowProcW | - | 0x1005C1EC | 0x0006A0AC | 0x00068EAC | 0x0000009C |
| PostQuitMessage | - | 0x1005C1F0 | 0x0006A0B0 | 0x00068EB0 | 0x00000237 |
| SetWindowPos | - | 0x1005C1F4 | 0x0006A0B4 | 0x00068EB4 | 0x000002C6 |
| ClientToScreen | - | 0x1005C1F8 | 0x0006A0B8 | 0x00068EB8 | 0x00000047 |
| GetCursorPos | - | 0x1005C1FC | 0x0006A0BC | 0x00068EBC | 0x00000120 |
| SetLayeredWindowAttributes | - | 0x1005C200 | 0x0006A0C0 | 0x00068EC0 | 0x00000298 |
| DestroyWindow | - | 0x1005C204 | 0x0006A0C4 | 0x00068EC4 | 0x000000A6 |
| LoadStringA | - | 0x1005C208 | 0x0006A0C8 | 0x00068EC8 | 0x000001F9 |
| ReleaseDC | - | 0x1005C20C | 0x0006A0CC | 0x00068ECC | 0x00000265 |
| GetWindowDC | - | 0x1005C210 | 0x0006A0D0 | 0x00068ED0 | 0x00000192 |
| GetClientRect | - | 0x1005C214 | 0x0006A0D4 | 0x00068ED4 | 0x00000114 |
| GetWindowLongW | - | 0x1005C218 | 0x0006A0D8 | 0x00068ED8 | 0x00000196 |
| LoadCursorW | - | 0x1005C21C | 0x0006A0DC | 0x00068EDC | 0x000001EB |
GDI32.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DeleteDC | - | 0x1005C000 | 0x00069EC0 | 0x00068CC0 | 0x000000E3 |
| BitBlt | - | 0x1005C004 | 0x00069EC4 | 0x00068CC4 | 0x00000013 |
| SelectObject | - | 0x1005C008 | 0x00069EC8 | 0x00068CC8 | 0x00000277 |
| CreateCompatibleDC | - | 0x1005C00C | 0x00069ECC | 0x00068CCC | 0x00000030 |
| GetObjectW | - | 0x1005C010 | 0x00069ED0 | 0x00068CD0 | 0x000001FD |
OLEAUT32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| OleLoadPicturePath | 0x000001A8 | 0x1005C1B8 | 0x0006A078 | 0x00068E78 | - |
Exports (2)
»
| API Name | EAT Address | Ordinal |
|---|---|---|
| HideSplash | 0x00001420 | 0x00000001 |
| ShowSplash | 0x000010E0 | 0x00000002 |
Digital Signature Information
»
| Verification Status | Valid |
Certificate: Exent Technologies Ltd.
»
| Issued by | Exent Technologies Ltd. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | IL |
| Valid From | 2017-10-03 00:00 (UTC) |
| Valid Until | 2018-10-03 23:59 (UTC) |
| Algorithm | sha256_rsa |
| Serial Number | 38 CC 14 0E 0A CD 4F D3 DA B0 79 8B 63 B2 9D 36 |
| Thumbprint | D5 3D CC 35 5B 87 26 81 62 23 24 83 0D 92 4D 27 4C 90 8F 54 |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00 (UTC) |
| Valid Until | 2023-12-09 23:59 (UTC) |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\Users\RDHJ0C~1\AppData\Local\Temp\SDM143\cmhelper.exe | Dropped File | Binary |
Clean
Known to be clean.
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 234.71 KB |
| MD5 |
51d301714c7361192d6305f6c46d90d1
|
| SHA1 |
f546aac6dfab1187228df393e0db2c21e4fee1d0
|
| SHA256 |
c9245047b86f8359a7f313434b85af481008e8cdf9579fd55aff8b8fbfb5ebcb
|
| SSDeep |
6144:LOEHuJxrvi0rxKdCOBogi3y0E3x+YHKeNIT0SCa8yAyDFOztzi1iHv1:LOEHuHNrxKd3BoTMxtOBOpP1
|
| ImpHash |
f5c5d75dcb7ff0affa88aae192f72bf4
|
File Reputation Information
»
| Verdict |
Clean
Known to be clean.
|
PE Information
»
| Image Base | 0x00400000 |
| Entry Point | 0x0041B9BD |
| Size Of Code | 0x00029000 |
| Size Of Initialized Data | 0x00010000 |
| File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 2020-02-12 14:36 (UTC) |
Version Information (12)
»
| Comments | - |
| CompanyName | Exent Technologies Ltd. |
| FileDescription | cmhelper |
| FileVersion | 1, 0, 3, 0 |
| InternalName | cmhelper |
| LegalCopyright | Copyright © 1996-2017 Exent Technologies Ltd. All rights reserved. |
| LegalTrademarks | - |
| OriginalFilename | cmhelper.exe |
| PrivateBuild | - |
| ProductName | Exent cmhelper |
| ProductVersion | 1, 0, 3, 0 |
| SpecialBuild | - |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00401000 | 0x000287F2 | 0x00029000 | 0x00001000 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.61 |
| .rdata | 0x0042A000 | 0x00005EE2 | 0x00006000 | 0x0002A000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.33 |
| .data | 0x00430000 | 0x00005DAC | 0x00005000 | 0x00030000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.52 |
| .rsrc | 0x00436000 | 0x00000420 | 0x00001000 | 0x00035000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.08 |
| .reloc | 0x00437000 | 0x00002FE0 | 0x00003000 | 0x00036000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.11 |
Imports (6)
»
KERNEL32.dll (85)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CreateProcessA | - | 0x0042A038 | 0x0002F53C | 0x0002F53C | 0x00000060 |
| GetModuleFileNameA | - | 0x0042A03C | 0x0002F540 | 0x0002F540 | 0x00000175 |
| GetCurrentProcess | - | 0x0042A040 | 0x0002F544 | 0x0002F544 | 0x0000013A |
| OpenEventA | - | 0x0042A044 | 0x0002F548 | 0x0002F548 | 0x00000273 |
| WaitForSingleObject | - | 0x0042A048 | 0x0002F54C | 0x0002F54C | 0x00000385 |
| MultiByteToWideChar | - | 0x0042A04C | 0x0002F550 | 0x0002F550 | 0x0000026B |
| LocalFree | - | 0x0042A050 | 0x0002F554 | 0x0002F554 | 0x00000252 |
| CompareFileTime | - | 0x0042A054 | 0x0002F558 | 0x0002F558 | 0x00000033 |
| CreateFileA | - | 0x0042A058 | 0x0002F55C | 0x0002F55C | 0x0000004D |
| WriteFile | - | 0x0042A05C | 0x0002F560 | 0x0002F560 | 0x00000397 |
| CloseHandle | - | 0x0042A060 | 0x0002F564 | 0x0002F564 | 0x0000002E |
| GetSystemTimeAsFileTime | - | 0x0042A064 | 0x0002F568 | 0x0002F568 | 0x000001C0 |
| InterlockedDecrement | - | 0x0042A068 | 0x0002F56C | 0x0002F56C | 0x0000021E |
| LoadLibraryA | - | 0x0042A06C | 0x0002F570 | 0x0002F570 | 0x00000248 |
| FreeLibrary | - | 0x0042A070 | 0x0002F574 | 0x0002F574 | 0x000000EF |
| DeleteFileA | - | 0x0042A074 | 0x0002F578 | 0x0002F578 | 0x0000007C |
| GetLastError | - | 0x0042A078 | 0x0002F57C | 0x0002F57C | 0x00000169 |
| GetModuleHandleA | - | 0x0042A07C | 0x0002F580 | 0x0002F580 | 0x00000177 |
| GetProcAddress | - | 0x0042A080 | 0x0002F584 | 0x0002F584 | 0x00000198 |
| WideCharToMultiByte | - | 0x0042A084 | 0x0002F588 | 0x0002F588 | 0x00000389 |
| GetVersionExA | - | 0x0042A088 | 0x0002F58C | 0x0002F58C | 0x000001DF |
| SetEvent | - | 0x0042A08C | 0x0002F590 | 0x0002F590 | 0x0000030B |
| GetCommandLineA | - | 0x0042A090 | 0x0002F594 | 0x0002F594 | 0x00000108 |
| SetEnvironmentVariableA | - | 0x0042A094 | 0x0002F598 | 0x0002F598 | 0x00000308 |
| SetEndOfFile | - | 0x0042A098 | 0x0002F59C | 0x0002F59C | 0x00000305 |
| GetLocaleInfoW | - | 0x0042A09C | 0x0002F5A0 | 0x0002F5A0 | 0x0000016D |
| ReadFile | - | 0x0042A0A0 | 0x0002F5A4 | 0x0002F5A4 | 0x000002AB |
| SetStdHandle | - | 0x0042A0A4 | 0x0002F5A8 | 0x0002F5A8 | 0x0000032C |
| IsBadCodePtr | - | 0x0042A0A8 | 0x0002F5AC | 0x0002F5AC | 0x00000226 |
| IsBadReadPtr | - | 0x0042A0AC | 0x0002F5B0 | 0x0002F5B0 | 0x00000229 |
| GetTimeZoneInformation | - | 0x0042A0B0 | 0x0002F5B4 | 0x0002F5B4 | 0x000001D8 |
| GetStringTypeW | - | 0x0042A0B4 | 0x0002F5B8 | 0x0002F5B8 | 0x000001B5 |
| GetStringTypeA | - | 0x0042A0B8 | 0x0002F5BC | 0x0002F5BC | 0x000001B2 |
| GetUserDefaultLCID | - | 0x0042A0BC | 0x0002F5C0 | 0x0002F5C0 | 0x000001D9 |
| EnumSystemLocalesA | - | 0x0042A0C0 | 0x0002F5C4 | 0x0002F5C4 | 0x000000A5 |
| GetLocaleInfoA | - | 0x0042A0C4 | 0x0002F5C8 | 0x0002F5C8 | 0x0000016C |
| IsValidCodePage | - | 0x0042A0C8 | 0x0002F5CC | 0x0002F5CC | 0x00000235 |
| IsValidLocale | - | 0x0042A0CC | 0x0002F5D0 | 0x0002F5D0 | 0x00000237 |
| GetFileType | - | 0x0042A0D0 | 0x0002F5D4 | 0x0002F5D4 | 0x0000015E |
| EnterCriticalSection | - | 0x0042A0D4 | 0x0002F5D8 | 0x0002F5D8 | 0x0000008F |
| Sleep | - | 0x0042A0D8 | 0x0002F5DC | 0x0002F5DC | 0x00000349 |
| InitializeCriticalSection | - | 0x0042A0DC | 0x0002F5E0 | 0x0002F5E0 | 0x00000219 |
| InterlockedExchange | - | 0x0042A0E0 | 0x0002F5E4 | 0x0002F5E4 | 0x0000021F |
| DeleteCriticalSection | - | 0x0042A0E4 | 0x0002F5E8 | 0x0002F5E8 | 0x0000007A |
| LeaveCriticalSection | - | 0x0042A0E8 | 0x0002F5EC | 0x0002F5EC | 0x00000247 |
| InterlockedIncrement | - | 0x0042A0EC | 0x0002F5F0 | 0x0002F5F0 | 0x00000222 |
| lstrlenA | - | 0x0042A0F0 | 0x0002F5F4 | 0x0002F5F4 | 0x000003BF |
| RtlUnwind | - | 0x0042A0F4 | 0x0002F5F8 | 0x0002F5F8 | 0x000002CC |
| RaiseException | - | 0x0042A0F8 | 0x0002F5FC | 0x0002F5FC | 0x0000029D |
| HeapFree | - | 0x0042A0FC | 0x0002F600 | 0x0002F600 | 0x0000020C |
| HeapAlloc | - | 0x0042A100 | 0x0002F604 | 0x0002F604 | 0x00000206 |
| GetStartupInfoA | - | 0x0042A104 | 0x0002F608 | 0x0002F608 | 0x000001AF |
| GetVersion | - | 0x0042A108 | 0x0002F60C | 0x0002F60C | 0x000001DE |
| ExitProcess | - | 0x0042A10C | 0x0002F610 | 0x0002F610 | 0x000000AF |
| HeapReAlloc | - | 0x0042A110 | 0x0002F614 | 0x0002F614 | 0x00000210 |
| LCMapStringA | - | 0x0042A114 | 0x0002F618 | 0x0002F618 | 0x0000023A |
| LCMapStringW | - | 0x0042A118 | 0x0002F61C | 0x0002F61C | 0x0000023B |
| GetCPInfo | - | 0x0042A11C | 0x0002F620 | 0x0002F620 | 0x000000FC |
| CompareStringA | - | 0x0042A120 | 0x0002F624 | 0x0002F624 | 0x00000034 |
| CompareStringW | - | 0x0042A124 | 0x0002F628 | 0x0002F628 | 0x00000035 |
| TerminateProcess | - | 0x0042A128 | 0x0002F62C | 0x0002F62C | 0x00000351 |
| HeapSize | - | 0x0042A12C | 0x0002F630 | 0x0002F630 | 0x00000212 |
| GetACP | - | 0x0042A130 | 0x0002F634 | 0x0002F634 | 0x000000F5 |
| GetOEMCP | - | 0x0042A134 | 0x0002F638 | 0x0002F638 | 0x0000018B |
| GetCurrentThreadId | - | 0x0042A138 | 0x0002F63C | 0x0002F63C | 0x0000013E |
| TlsSetValue | - | 0x0042A13C | 0x0002F640 | 0x0002F640 | 0x00000359 |
| TlsAlloc | - | 0x0042A140 | 0x0002F644 | 0x0002F644 | 0x00000356 |
| SetLastError | - | 0x0042A144 | 0x0002F648 | 0x0002F648 | 0x0000031D |
| TlsGetValue | - | 0x0042A148 | 0x0002F64C | 0x0002F64C | 0x00000358 |
| SetFilePointer | - | 0x0042A14C | 0x0002F650 | 0x0002F650 | 0x00000310 |
| FlushFileBuffers | - | 0x0042A150 | 0x0002F654 | 0x0002F654 | 0x000000E5 |
| SetUnhandledExceptionFilter | - | 0x0042A154 | 0x0002F658 | 0x0002F658 | 0x0000033D |
| GetEnvironmentVariableA | - | 0x0042A158 | 0x0002F65C | 0x0002F65C | 0x00000150 |
| HeapDestroy | - | 0x0042A15C | 0x0002F660 | 0x0002F660 | 0x0000020A |
| HeapCreate | - | 0x0042A160 | 0x0002F664 | 0x0002F664 | 0x00000208 |
| VirtualFree | - | 0x0042A164 | 0x0002F668 | 0x0002F668 | 0x00000378 |
| VirtualAlloc | - | 0x0042A168 | 0x0002F66C | 0x0002F66C | 0x00000375 |
| IsBadWritePtr | - | 0x0042A16C | 0x0002F670 | 0x0002F670 | 0x0000022C |
| UnhandledExceptionFilter | - | 0x0042A170 | 0x0002F674 | 0x0002F674 | 0x00000362 |
| FreeEnvironmentStringsA | - | 0x0042A174 | 0x0002F678 | 0x0002F678 | 0x000000ED |
| FreeEnvironmentStringsW | - | 0x0042A178 | 0x0002F67C | 0x0002F67C | 0x000000EE |
| GetEnvironmentStrings | - | 0x0042A17C | 0x0002F680 | 0x0002F680 | 0x0000014D |
| GetEnvironmentStringsW | - | 0x0042A180 | 0x0002F684 | 0x0002F684 | 0x0000014F |
| SetHandleCount | - | 0x0042A184 | 0x0002F688 | 0x0002F688 | 0x00000319 |
| GetStdHandle | - | 0x0042A188 | 0x0002F68C | 0x0002F68C | 0x000001B1 |
ADVAPI32.dll (13)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CreateWellKnownSid | - | 0x0042A000 | 0x0002F504 | 0x0002F504 | 0x00000067 |
| OpenProcessToken | - | 0x0042A004 | 0x0002F508 | 0x0002F508 | 0x000001AA |
| DuplicateTokenEx | - | 0x0042A008 | 0x0002F50C | 0x0002F50C | 0x000000B4 |
| GetLengthSid | - | 0x0042A00C | 0x0002F510 | 0x0002F510 | 0x000000F6 |
| SetTokenInformation | - | 0x0042A010 | 0x0002F514 | 0x0002F514 | 0x0000023B |
| CreateProcessAsUserA | - | 0x0042A014 | 0x0002F518 | 0x0002F518 | 0x0000005F |
| ConvertStringSidToSidA | - | 0x0042A018 | 0x0002F51C | 0x0002F51C | 0x00000057 |
| GetUserNameA | - | 0x0042A01C | 0x0002F520 | 0x0002F520 | 0x00000123 |
| RegCreateKeyExA | - | 0x0042A020 | 0x0002F524 | 0x0002F524 | 0x000001CD |
| RegEnumKeyA | - | 0x0042A024 | 0x0002F528 | 0x0002F528 | 0x000001D5 |
| RegQueryValueExA | - | 0x0042A028 | 0x0002F52C | 0x0002F52C | 0x000001EC |
| RegCloseKey | - | 0x0042A02C | 0x0002F530 | 0x0002F530 | 0x000001C9 |
| FreeSid | - | 0x0042A030 | 0x0002F534 | 0x0002F534 | 0x000000E1 |
SHELL32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SHGetSpecialFolderPathA | - | 0x0042A1A0 | 0x0002F6A4 | 0x0002F6A4 | 0x000000C4 |
ole32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CoCreateInstance | - | 0x0042A1C4 | 0x0002F6C8 | 0x0002F6C8 | 0x00000010 |
| CoInitialize | - | 0x0042A1C8 | 0x0002F6CC | 0x0002F6CC | 0x0000003A |
| CoTaskMemFree | - | 0x0042A1CC | 0x0002F6D0 | 0x0002F6D0 | 0x00000064 |
OLEAUT32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SysAllocString | 0x00000002 | 0x0042A190 | 0x0002F694 | 0x0002F694 | - |
| SysFreeString | 0x00000006 | 0x0042A194 | 0x0002F698 | 0x0002F698 | - |
| VariantClear | 0x00000009 | 0x0042A198 | 0x0002F69C | 0x0002F69C | - |
WININET.dll (6)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| FindFirstUrlCacheEntryA | - | 0x0042A1A8 | 0x0002F6AC | 0x0002F6AC | 0x00000014 |
| CreateUrlCacheEntryA | - | 0x0042A1AC | 0x0002F6B0 | 0x0002F6B0 | 0x00000005 |
| DeleteUrlCacheEntry | - | 0x0042A1B0 | 0x0002F6B4 | 0x0002F6B4 | 0x0000000B |
| FindNextUrlCacheEntryA | - | 0x0042A1B4 | 0x0002F6B8 | 0x0002F6B8 | 0x0000001B |
| CommitUrlCacheEntryA | - | 0x0042A1B8 | 0x0002F6BC | 0x0002F6BC | 0x00000000 |
| FindCloseUrlCache | - | 0x0042A1BC | 0x0002F6C0 | 0x0002F6C0 | 0x00000011 |
Digital Signature Information
»
| Verification Status | Valid |
Certificate: Exent Technologies Ltd.
»
| Issued by | Exent Technologies Ltd. |
| Parent Certificate | thawte SHA256 Code Signing CA |
| Country Name | IL |
| Valid From | 2019-09-19 00:00 (UTC) |
| Valid Until | 2021-09-18 23:59 (UTC) |
| Algorithm | sha256_rsa |
| Serial Number | 49 42 5F 39 CC 24 23 F0 FA 47 51 9C 22 D2 7B A9 |
| Thumbprint | 3F 10 FA EA 5B 4F 4A 21 29 0A 4B 71 DA BE 64 2F 67 BF E6 27 |
Certificate: thawte SHA256 Code Signing CA
»
| Issued by | thawte SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00 (UTC) |
| Valid Until | 2023-12-09 23:59 (UTC) |
| Algorithm | sha256_rsa |
| Serial Number | 71 A0 B7 36 95 DD B1 AF C2 3B 2B 9A 18 EE 54 CB |
| Thumbprint | D0 0C FD BF 46 C9 8A 83 8B C1 0D C4 E0 97 AE 01 52 C4 61 BC |
| C:\Users\RDHJ0C~1\AppData\Local\Temp\SDM143\ExentCtlInstaller.dll | Dropped File | Binary |
Clean
Known to be clean.
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 100.85 KB |
| MD5 |
6b2c9276b76ff82abc5b12626a6b3201
|
| SHA1 |
ff1c09a79230e66eb6df7f6d7848710f1acfffa1
|
| SHA256 |
76814c96196776c5ed4d65b9144d66423c78fda2faa61daf87cf4c742c07551b
|
| SSDeep |
1536:GyrB9NViYoJ3w1NjSzF5yfBsiZpsVI2TFQblrjgZYBmmlNL9bnouy8/Dvs3h5h:19eS3sF5EsuyQgp2out/DvSh
|
| ImpHash |
0b157598e78b22f099d2a7c01f911bab
|
File Reputation Information
»
| Verdict |
Clean
Known to be clean.
|
PE Information
»
| Image Base | 0x10000000 |
| Entry Point | 0x10060EC0 |
| Size Of Code | 0x00017000 |
| Size Of Initialized Data | 0x00001000 |
| Size Of Uninitialized Data | 0x0004A000 |
| File Type | IMAGE_FILE_DLL |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 2013-10-16 14:01 (UTC) |
Version Information (12)
»
| Comments | - |
| CompanyName | |
| FileDescription | ExentCtlInstaller |
| FileVersion | 7, 2, 0, 8 |
| InternalName | ExentCtlInstaller |
| LegalCopyright | Copyright © 1996-2009 Exent Technologies Ltd. All rights reserved. |
| LegalTrademarks | - |
| OriginalFilename | ExentCtlInstaller.dll |
| PrivateBuild | - |
| ProductName | ExentCtlInstaller |
| ProductVersion | 7, 2, 0, 8 |
| SpecialBuild | - |
Sections (3)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| UPX0 | 0x10001000 | 0x0004A000 | 0x00000000 | 0x00000400 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| UPX1 | 0x1004B000 | 0x00017000 | 0x00016C00 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.99 |
| .rsrc | 0x10062000 | 0x00001000 | 0x00000800 | 0x00017000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.66 |
Imports (7)
»
KERNEL32.DLL (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| LoadLibraryA | - | 0x100624C8 | 0x000624C8 | 0x000174C8 | 0x00000000 |
| GetProcAddress | - | 0x100624CC | 0x000624CC | 0x000174CC | 0x00000000 |
| VirtualProtect | - | 0x100624D0 | 0x000624D0 | 0x000174D0 | 0x00000000 |
| VirtualAlloc | - | 0x100624D4 | 0x000624D4 | 0x000174D4 | 0x00000000 |
| VirtualFree | - | 0x100624D8 | 0x000624D8 | 0x000174D8 | 0x00000000 |
ADVAPI32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CopySid | - | 0x100624E0 | 0x000624E0 | 0x000174E0 | 0x00000000 |
ole32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| OleRun | - | 0x100624E8 | 0x000624E8 | 0x000174E8 | 0x00000000 |
OLEAUT32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| VariantCopy | 0x0000000A | 0x100624F0 | 0x000624F0 | 0x000174F0 | - |
SHELL32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ShellExecuteExW | - | 0x100624F8 | 0x000624F8 | 0x000174F8 | 0x00000000 |
USER32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| wsprintfW | - | 0x10062500 | 0x00062500 | 0x00017500 | 0x00000000 |
VERSION.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| VerQueryValueA | - | 0x10062508 | 0x00062508 | 0x00017508 | 0x00000000 |
Exports (5)
»
| API Name | EAT Address | Ordinal |
|---|---|---|
| ??0IExentCtlInstaller@@QAE@ABV0@@Z | 0x00001040 | 0x00000001 |
| ??0IExentCtlInstaller@@QAE@XZ | 0x00001037 | 0x00000002 |
| ??4IExentCtlInstaller@@QAEAAV0@ABV0@@Z | 0x0000104B | 0x00000003 |
| ??_7IExentCtlInstaller@@6B@ | 0x000432D0 | 0x00000004 |
| GetInstnace | 0x00001155 | 0x00000005 |
Digital Signature Information
»
| Verification Status | Valid |
Certificate: Exent Technologies Ltd.
»
| Issued by | Exent Technologies Ltd. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | IL |
| Valid From | 2017-10-03 00:00 (UTC) |
| Valid Until | 2018-10-03 23:59 (UTC) |
| Algorithm | sha256_rsa |
| Serial Number | 38 CC 14 0E 0A CD 4F D3 DA B0 79 8B 63 B2 9D 36 |
| Thumbprint | D5 3D CC 35 5B 87 26 81 62 23 24 83 0D 92 4D 27 4C 90 8F 54 |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00 (UTC) |
| Valid Until | 2023-12-09 23:59 (UTC) |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| c:\users\rdhj0cnfevzx\appdata\local\temp\~df773f3d012ccfa621.tmp | Dropped File | OLE Compound |
Clean
|
...
|
»
| MIME Type | application/CDFV2 |
| File Size | 89.05 KB |
| MD5 |
0277c0f0449c17dc16a4e1d4c49403b3
|
| SHA1 |
99a52085d851540ffa53a828821b32582a0cbff2
|
| SHA256 |
e042a8e6ab6d941505a6cab6f2724883a335a937b9793902d425e93f71994b44
|
| SSDeep |
1536:y8Qk7vMD92Ul8BGzRV0IUGly994b8YifqoQ:jN7I2UaBkRV0IUcq94YYEHQ
|
| ImpHash | - |
| C:\Users\RDHJ0C~1\AppData\Local\Temp\nse2241.tmp\System.dll | Dropped File | Binary |
Clean
Known to be clean.
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 11.00 KB |
| MD5 |
a436db0c473a087eb61ff5c53c34ba27
|
| SHA1 |
65ea67e424e75f5065132b539c8b2eda88aa0506
|
| SHA256 |
75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49
|
| SSDeep |
192:aVL7iZJX76BisO7+UZEw+Rl59pV8ghsVJ39dx8T:d7NsOpZsfLMJ39e
|
| ImpHash |
8c8a576201f68de1a3f26fc723b9f30f
|
File Reputation Information
»
| Verdict |
Clean
Known to be clean.
|
PE Information
»
| Image Base | 0x10000000 |
| Entry Point | 0x10002724 |
| Size Of Code | 0x00001E00 |
| Size Of Initialized Data | 0x00000A00 |
| File Type | IMAGE_FILE_DLL |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 2014-05-11 20:03 (UTC) |
Sections (4)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x10001000 | 0x00001D6F | 0x00001E00 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.41 |
| .rdata | 0x10003000 | 0x00000343 | 0x00000400 | 0x00002200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.89 |
| .data | 0x10004000 | 0x00000068 | 0x00000200 | 0x00002600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.35 |
| .reloc | 0x10005000 | 0x00000246 | 0x00000400 | 0x00002800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 3.49 |
Imports (3)
»
KERNEL32.dll (16)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| MultiByteToWideChar | - | 0x10003000 | 0x000030E4 | 0x000022E4 | 0x00000275 |
| GlobalFree | - | 0x10003004 | 0x000030E8 | 0x000022E8 | 0x000001FF |
| GlobalSize | - | 0x10003008 | 0x000030EC | 0x000022EC | 0x00000207 |
| lstrcpynA | - | 0x1000300C | 0x000030F0 | 0x000022F0 | 0x000003C9 |
| lstrcpyA | - | 0x10003010 | 0x000030F4 | 0x000022F4 | 0x000003C6 |
| GetProcAddress | - | 0x10003014 | 0x000030F8 | 0x000022F8 | 0x000001A0 |
| VirtualFree | - | 0x10003018 | 0x000030FC | 0x000022FC | 0x00000383 |
| FreeLibrary | - | 0x1000301C | 0x00003100 | 0x00002300 | 0x000000F8 |
| lstrlenA | - | 0x10003020 | 0x00003104 | 0x00002304 | 0x000003CC |
| LoadLibraryA | - | 0x10003024 | 0x00003108 | 0x00002308 | 0x00000252 |
| GetModuleHandleA | - | 0x10003028 | 0x0000310C | 0x0000230C | 0x0000017F |
| GlobalAlloc | - | 0x1000302C | 0x00003110 | 0x00002310 | 0x000001F8 |
| WideCharToMultiByte | - | 0x10003030 | 0x00003114 | 0x00002314 | 0x00000394 |
| VirtualAlloc | - | 0x10003034 | 0x00003118 | 0x00002318 | 0x00000381 |
| VirtualProtect | - | 0x10003038 | 0x0000311C | 0x0000231C | 0x00000386 |
| GetLastError | - | 0x1000303C | 0x00003120 | 0x00002320 | 0x00000171 |
USER32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| wsprintfA | - | 0x10003044 | 0x00003128 | 0x00002328 | 0x000002D7 |
ole32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| StringFromGUID2 | - | 0x1000304C | 0x00003130 | 0x00002330 | 0x00000135 |
| CLSIDFromString | - | 0x10003050 | 0x00003134 | 0x00002334 | 0x00000008 |
Exports (8)
»
| API Name | EAT Address | Ordinal |
|---|---|---|
| Alloc | 0x00001000 | 0x00000001 |
| Call | 0x000016DA | 0x00000002 |
| Copy | 0x00001058 | 0x00000003 |
| Free | 0x000015D0 | 0x00000004 |
| Get | 0x00001637 | 0x00000005 |
| Int64Op | 0x0000182A | 0x00000006 |
| Store | 0x000010E0 | 0x00000007 |
| StrAlloc | 0x0000103D | 0x00000008 |
| C:\Users\RDHJ0C~1\AppData\Local\Temp\nse2241.tmp\nsExec.dll | Dropped File | Binary |
Clean
Known to be clean.
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 6.50 KB |
| MD5 |
14f5984b926208de2aafb55dd9971d4a
|
| SHA1 |
e5afe0b80568135d3e259c73f93947d758a7b980
|
| SHA256 |
030bcfa82e3bb424835a5fa53a3ff17ab08557d3bbeea4815313036fc4bdafe1
|
| SSDeep |
96:k7GUaYNwCLuGFctpiKFlYJ8hH4RVHpwdEeY3kRlDr6dMqqyVgNJ38:Wygp3FcHi0xhYMR8dMqJVgN
|
| ImpHash |
6b7d154c806f1e47db325229c300c6df
|
File Reputation Information
»
| Verdict |
Clean
Known to be clean.
|
PE Information
»
| Image Base | 0x10000000 |
| Entry Point | 0x10001087 |
| Size Of Code | 0x00000C00 |
| Size Of Initialized Data | 0x00000E00 |
| File Type | IMAGE_FILE_DLL |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 2014-05-11 20:03 (UTC) |
Sections (4)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x10001000 | 0x00000A4A | 0x00000C00 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.75 |
| .rdata | 0x10002000 | 0x0000052C | 0x00000600 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.51 |
| .data | 0x10003000 | 0x00000494 | 0x00000200 | 0x00001600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.39 |
| .reloc | 0x10004000 | 0x000001CA | 0x00000200 | 0x00001800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 4.05 |
Imports (3)
»
KERNEL32.dll (36)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetModuleHandleA | - | 0x1000200C | 0x00002118 | 0x00001118 | 0x0000017F |
| lstrlenA | - | 0x10002010 | 0x0000211C | 0x0000111C | 0x000003CC |
| GetExitCodeProcess | - | 0x10002014 | 0x00002120 | 0x00001120 | 0x0000015A |
| WaitForSingleObject | - | 0x10002018 | 0x00002124 | 0x00001124 | 0x00000390 |
| Sleep | - | 0x1000201C | 0x00002128 | 0x00001128 | 0x00000356 |
| TerminateProcess | - | 0x10002020 | 0x0000212C | 0x0000112C | 0x0000035E |
| GlobalReAlloc | - | 0x10002024 | 0x00002130 | 0x00001130 | 0x00000206 |
| GlobalUnlock | - | 0x10002028 | 0x00002134 | 0x00001134 | 0x0000020A |
| GlobalSize | - | 0x1000202C | 0x00002138 | 0x00001138 | 0x00000207 |
| lstrcpynA | - | 0x10002030 | 0x0000213C | 0x0000113C | 0x000003C9 |
| ReadFile | - | 0x10002034 | 0x00002140 | 0x00001140 | 0x000002B5 |
| PeekNamedPipe | - | 0x10002038 | 0x00002144 | 0x00001144 | 0x00000291 |
| GetTickCount | - | 0x1000203C | 0x00002148 | 0x00001148 | 0x000001DF |
| lstrcpyA | - | 0x10002040 | 0x0000214C | 0x0000114C | 0x000003C6 |
| CreateProcessA | - | 0x10002044 | 0x00002150 | 0x00001150 | 0x00000066 |
| GetStartupInfoA | - | 0x10002048 | 0x00002154 | 0x00001154 | 0x000001B7 |
| GetProcAddress | - | 0x1000204C | 0x00002158 | 0x00001158 | 0x000001A0 |
| GlobalLock | - | 0x10002050 | 0x0000215C | 0x0000115C | 0x00000203 |
| DeleteFileA | - | 0x10002054 | 0x00002160 | 0x00001160 | 0x00000083 |
| lstrcmpiA | - | 0x10002058 | 0x00002164 | 0x00001164 | 0x000003C3 |
| GetCurrentProcess | - | 0x1000205C | 0x00002168 | 0x00001168 | 0x00000142 |
| CloseHandle | - | 0x10002060 | 0x0000216C | 0x0000116C | 0x00000034 |
| UnmapViewOfFile | - | 0x10002064 | 0x00002170 | 0x00001170 | 0x00000371 |
| MapViewOfFile | - | 0x10002068 | 0x00002174 | 0x00001174 | 0x00000268 |
| CreateFileMappingA | - | 0x1000206C | 0x00002178 | 0x00001178 | 0x00000054 |
| CreateFileA | - | 0x10002070 | 0x0000217C | 0x0000117C | 0x00000053 |
| CopyFileA | - | 0x10002074 | 0x00002180 | 0x00001180 | 0x00000043 |
| GetTempFileNameA | - | 0x10002078 | 0x00002184 | 0x00001184 | 0x000001D3 |
| GlobalFree | - | 0x1000207C | 0x00002188 | 0x00001188 | 0x000001FF |
| GlobalAlloc | - | 0x10002080 | 0x0000218C | 0x0000118C | 0x000001F8 |
| GetModuleFileNameA | - | 0x10002084 | 0x00002190 | 0x00001190 | 0x0000017D |
| ExitProcess | - | 0x10002088 | 0x00002194 | 0x00001194 | 0x000000B9 |
| GetCommandLineA | - | 0x1000208C | 0x00002198 | 0x00001198 | 0x00000110 |
| CreatePipe | - | 0x10002090 | 0x0000219C | 0x0000119C | 0x00000065 |
| GetVersionExA | - | 0x10002094 | 0x000021A0 | 0x000011A0 | 0x000001E9 |
| lstrcatA | - | 0x10002098 | 0x000021A4 | 0x000011A4 | 0x000003BD |
USER32.dll (6)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SendMessageA | - | 0x100020A0 | 0x000021AC | 0x000011AC | 0x0000023B |
| OemToCharBuffA | - | 0x100020A4 | 0x000021B0 | 0x000011B0 | 0x000001F2 |
| FindWindowExA | - | 0x100020A8 | 0x000021B4 | 0x000011B4 | 0x000000E4 |
| CharNextA | - | 0x100020AC | 0x000021B8 | 0x000011B8 | 0x0000002A |
| wsprintfA | - | 0x100020B0 | 0x000021BC | 0x000011BC | 0x000002D7 |
| CharPrevA | - | 0x100020B4 | 0x000021C0 | 0x000011C0 | 0x0000002D |
ADVAPI32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| InitializeSecurityDescriptor | - | 0x10002000 | 0x0000210C | 0x0000110C | 0x00000134 |
| SetSecurityDescriptorDacl | - | 0x10002004 | 0x00002110 | 0x00001110 | 0x0000023A |
Exports (3)
»
| API Name | EAT Address | Ordinal |
|---|---|---|
| Exec | 0x00001000 | 0x00000001 |
| ExecToLog | 0x0000102D | 0x00000002 |
| ExecToStack | 0x0000105A | 0x00000003 |
| C:\Users\RDHJ0C~1\AppData\Local\Temp\nse2241.tmp\SelfDel.dll | Dropped File | Binary |
Clean
Known to be clean.
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 5.00 KB |
| MD5 |
e5786e8703d651bc8bd4bfecf46d3844
|
| SHA1 |
fee5aa4b325deecbf69ccb6eadd89bd5ae59723f
|
| SHA256 |
d115bce0a787b4f895e700efe943695c8f1087782807d91d831f6015b0f98774
|
| SSDeep |
96:NdekHUj5z13cPopei+Ml9PNDFbS7xg+TScrQ5:NdeuU9xcPopr+M9FbSS+TSE
|
| ImpHash |
7a42ff3c986cf428ad9b9c5953bd1f39
|
File Reputation Information
»
| Verdict |
Clean
Known to be clean.
|
PE Information
»
| Image Base | 0x10000000 |
| Entry Point | 0x10007640 |
| Size Of Code | 0x00001000 |
| Size Of Initialized Data | 0x00001000 |
| Size Of Uninitialized Data | 0x00006000 |
| File Type | IMAGE_FILE_DLL |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 2014-01-17 17:03 (UTC) |
Version Information (7)
»
| FileDescription | SelfDel NSIS plug-in |
| FileVersion | 1.0.0.7 |
| InternalName | selfdel.dll |
| LegalCopyright | Copyright © Stuart Welch, Takhir Bedertdinov, James Brown 2014 |
| OriginalFilename | selfdel.dll |
| ProductName | SelfDel NSIS plug-in |
| ProductVersion | 1.0.0.7 |
Sections (3)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| UPX0 | 0x10001000 | 0x00006000 | 0x00000000 | 0x00000400 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| UPX1 | 0x10007000 | 0x00001000 | 0x00000A00 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 6.62 |
| .rsrc | 0x10008000 | 0x00001000 | 0x00000600 | 0x00000E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.0 |
Imports (3)
»
KERNEL32.DLL (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| LoadLibraryA | - | 0x100083A8 | 0x000083A8 | 0x000011A8 | 0x00000000 |
| GetProcAddress | - | 0x100083AC | 0x000083AC | 0x000011AC | 0x00000000 |
| VirtualProtect | - | 0x100083B0 | 0x000083B0 | 0x000011B0 | 0x00000000 |
| VirtualAlloc | - | 0x100083B4 | 0x000083B4 | 0x000011B4 | 0x00000000 |
| VirtualFree | - | 0x100083B8 | 0x000083B8 | 0x000011B8 | 0x00000000 |
ADVAPI32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| OpenProcessToken | - | 0x100083C0 | 0x000083C0 | 0x000011C0 | 0x00000000 |
USER32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ExitWindowsEx | - | 0x100083C8 | 0x000083C8 | 0x000011C8 | 0x00000000 |
Exports (1)
»
| API Name | EAT Address | Ordinal |
|---|---|---|
| Del | 0x00001000 | 0x00000001 |
| C:\Users\RDHJ0C~1\AppData\Local\Temp\SDM143\Splash\loader3.jpg | Dropped File | Image |
Clean
Known to be clean.
|
...
|
»
| MIME Type | image/jpeg |
| File Size | 14.06 KB |
| MD5 |
649604df8cc5dedd3b85323519b32228
|
| SHA1 |
56bc8b6a4624663d3c6344ac0a10833309d430ab
|
| SHA256 |
8b102d38a8095a6165aada839a756b9d76cb9d433eacdb7c6ca95c0a51e76779
|
| SSDeep |
192:BdPT8W1ugGaQLGaIuh8qGDcaVbGkX0XxayZGTjFXoFhUms6wnFpuOTW:H8W1q/Dhicxa00yZGhXshM6ofTW
|
| ImpHash | - |
File Reputation Information
»
| Verdict |
Clean
Known to be clean.
|
| C:\Users\RDHJ0C~1\AppData\Local\Temp\SDM143\Splash\loader5.jpg | Dropped File | Image |
Clean
Known to be clean.
|
...
|
»
| MIME Type | image/jpeg |
| File Size | 14.06 KB |
| MD5 |
e10e6948952154dc44cef8873c0e4d6c
|
| SHA1 |
92f7a127c0b9db011489e558a51b88330f2d5e01
|
| SHA256 |
674aa4d23e072ad568af3f20173297dc3b339e6252ccd07c80591cdda584aab4
|
| SSDeep |
192:B3EfGaAv4HwBeyfJSbnOWSEV8xao0iV1GiYe2XoFYL0sqSy8KfXn:KAv4QBecJknOzGjo5UBFXsUlqFXn
|
| ImpHash | - |
File Reputation Information
»
| Verdict |
Clean
Known to be clean.
|
| C:\Users\RDHJ0C~1\AppData\Local\Temp\SDM143\Splash\loader6.jpg | Dropped File | Image |
Clean
Known to be clean.
|
...
|
»
| MIME Type | image/jpeg |
| File Size | 14.05 KB |
| MD5 |
c2ea2fa6b012e2b697a6aaa91a46202c
|
| SHA1 |
6490b26596fae9e1aceb4781dffc8a3acc4e764c
|
| SHA256 |
59ea97dfddc92f57f9bebfd566ec4f31966bcc0fc5841fb06f69eebfaa1b0fdb
|
| SSDeep |
192:B5RB8CfDGaMZJZxUCZoLftH749/wfhL4O1zbSdQezOo+dBqe:z8YrYvUCZoLftMdIelnN0T
|
| ImpHash | - |
File Reputation Information
»
| Verdict |
Clean
Known to be clean.
|
| C:\Users\RDHJ0C~1\AppData\Local\Temp\SDM143\Splash\loader1.jpg | Dropped File | Image |
Clean
|
...
|
»
| MIME Type | image/jpeg |
| File Size | 14.05 KB |
| MD5 |
069fc33dd659035d7d2251abad8beeb7
|
| SHA1 |
e380ffeda732ca18902a9dd0b937a59cb530e574
|
| SHA256 |
3006d27765d5ee4204c312e02347d09b7ef7d7ceb0f712ebc5fb4b1eef7df2bd
|
| SSDeep |
192:BrRn82K0GaMCICNTcatbgmkXP3bvGhnwSkR7fhL4O1zbSYfMFFmbu:T82KsvcVmaP3KNktelSMfJ
|
| ImpHash | - |
| C:\Users\RDHJ0C~1\AppData\Local\Temp\SDM143\Splash\loader4.jpg | Dropped File | Image |
Clean
Known to be clean.
|
...
|
»
| MIME Type | image/jpeg |
| File Size | 14.04 KB |
| MD5 |
822ac13d718afad4f2178cca348b52c4
|
| SHA1 |
9dd5b3f05f0f2f16700afafb43292bd16a3fc196
|
| SHA256 |
1d79485f51813e85ef150e9612a5cdb6fb17f748d54503a2792965d99b95bbf5
|
| SSDeep |
192:BFc6mBxGaonGgmnzXAYGcVjnv1HlLknXXkmYkykbcTVmWkHnIbgJwaNtkPm8Rzn:1SoGgEQiVzz8XdnykbcxFkHuqwQqlRzn
|
| ImpHash | - |
File Reputation Information
»
| Verdict |
Clean
Known to be clean.
|
| C:\Users\RDHJ0C~1\AppData\Local\Temp\SDM143\Splash\loader2.jpg | Dropped File | Image |
Clean
Known to be clean.
|
...
|
»
| MIME Type | image/jpeg |
| File Size | 14.04 KB |
| MD5 |
af853a9f5673a3c3575291eca0fbb9ea
|
| SHA1 |
40e41b1d46984b33f930a0d0aafe811efe962ccb
|
| SHA256 |
22a9972800d0e6bc97b6f883052a2e8145e91c5301c3c861c682edbdbe6c7192
|
| SSDeep |
192:BX/d61tAWLQ87GaDbdNPwFbuAAWc871MhbxaRt0wVg6prSXoFkhcb7qBzmhPf97n:D61tzLQ2DBNMyY1MC3Df9SXs7AzWt7Nd
|
| ImpHash | - |
File Reputation Information
»
| Verdict |
Clean
Known to be clean.
|
| C:\Users\RDHJ0C~1\AppData\Local\Temp\nse2241.tmp | Dropped File | Empty |
Clean
|
...
|
»
| Also Known As |
C:\Users\RDHJ0C~1\AppData\Local\Temp\nse2241.tmp\ (Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\nso2194.tmp (Accessed File, Dropped File) |
| MIME Type | application/x-empty |
| File Size | 0 Bytes (not extracted) |
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SSDeep |
3::
|
| ImpHash | - |
