Try VMRay Platform
Malicious
Classifications

Backdoor Hacktool

Threat Names

App/Generic-KG

Dynamic Analysis Report

Created on 2024-11-21T04:48:57+00:00

XrxNqV2g9mNIbQeR.exe

Windows Exe (x86-32)
...
Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\XrxNqV2g9mNIbQeR.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 4.13 MB
MD5 028bc730c0538e723079680cb273cc48 Copy to Clipboard
SHA1 a66c878d7c36051311d4898e24c7ce3246a0fbcb Copy to Clipboard
SHA256 b05aa028d650d96607d9cdef79ffedbe1ad0b60f3523713ecec41f78c0b4cc3d Copy to Clipboard
SSDeep 49152:fVBlx+CATKYxA5UuWe95jQMiCjAc3OziAEq+H1+pDeb6++h2NSI0kEj:t3x+CATKfUA9NQQA4OziAAmDFI0kY Copy to Clipboard
ImpHash 3fc99337bf7f20e2439869d6bb56ad5b Copy to Clipboard
File Reputation Information
»
Verdict
Suspicious
Names App/Generic-KG
Classification PUA
PE Information
»
Image Base 0x00400000
Entry Point 0x004E3803
Size Of Code 0x0011B000
Size Of Initialized Data 0x00306000
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2024-07-17 04:36 (UTC)
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x0011A528 0x0011B000 0x00001000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.57
.rdata 0x0051C000 0x002D45CC 0x002D5000 0x0011C000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.48
.data 0x007F1000 0x0008A2CA 0x0002B000 0x003F1000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.28
.rsrc 0x0087C000 0x000051AC 0x00006000 0x0041C000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.25
Imports (15)
»
MSVFW32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DrawDibDraw - 0x0051C41C 0x003EE284 0x003EE284 0x00000003
AVIFIL32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AVIStreamInfoA - 0x0051C020 0x003EDE88 0x003EDE88 0x0000002B
AVIStreamGetFrame - 0x0051C024 0x003EDE8C 0x003EDE8C 0x00000027
WINMM.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
midiStreamOut - 0x0051C714 0x003EE57C 0x003EE57C 0x0000005F
midiOutPrepareHeader - 0x0051C718 0x003EE580 0x003EE580 0x00000058
midiStreamProperty - 0x0051C71C 0x003EE584 0x003EE584 0x00000062
midiStreamStop - 0x0051C720 0x003EE588 0x003EE588 0x00000064
midiOutUnprepareHeader - 0x0051C724 0x003EE58C 0x003EE58C 0x0000005C
waveOutOpen - 0x0051C728 0x003EE590 0x003EE590 0x000000B8
waveOutGetNumDevs - 0x0051C72C 0x003EE594 0x003EE594 0x000000B2
waveOutClose - 0x0051C730 0x003EE598 0x003EE598 0x000000AC
waveOutReset - 0x0051C734 0x003EE59C 0x003EE59C 0x000000BB
waveOutPause - 0x0051C738 0x003EE5A0 0x003EE5A0 0x000000B9
waveOutWrite - 0x0051C73C 0x003EE5A4 0x003EE5A4 0x000000C1
waveOutPrepareHeader - 0x0051C740 0x003EE5A8 0x003EE5A8 0x000000BA
waveOutUnprepareHeader - 0x0051C744 0x003EE5AC 0x003EE5AC 0x000000C0
PlaySoundA - 0x0051C748 0x003EE5B0 0x003EE5B0 0x0000000C
waveOutRestart - 0x0051C74C 0x003EE5B4 0x003EE5B4 0x000000BC
midiOutReset - 0x0051C750 0x003EE5B8 0x003EE5B8 0x00000059
midiStreamClose - 0x0051C754 0x003EE5BC 0x003EE5BC 0x0000005D
midiStreamRestart - 0x0051C758 0x003EE5C0 0x003EE5C0 0x00000063
midiStreamOpen - 0x0051C75C 0x003EE5C4 0x003EE5C4 0x0000005E
WS2_32.dll (18)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ntohl 0x0000000E 0x0051C774 0x003EE5DC 0x003EE5DC -
accept 0x00000001 0x0051C778 0x003EE5E0 0x003EE5E0 -
getpeername 0x00000005 0x0051C77C 0x003EE5E4 0x003EE5E4 -
listen 0x0000000D 0x0051C780 0x003EE5E8 0x003EE5E8 -
recv 0x00000010 0x0051C784 0x003EE5EC 0x003EE5EC -
ioctlsocket 0x0000000A 0x0051C788 0x003EE5F0 0x003EE5F0 -
socket 0x00000017 0x0051C78C 0x003EE5F4 0x003EE5F4 -
htonl 0x00000008 0x0051C790 0x003EE5F8 0x003EE5F8 -
bind 0x00000002 0x0051C794 0x003EE5FC 0x003EE5FC -
htons 0x00000009 0x0051C798 0x003EE600 0x003EE600 -
WSAAsyncSelect 0x00000065 0x0051C79C 0x003EE604 0x003EE604 -
closesocket 0x00000003 0x0051C7A0 0x003EE608 0x003EE608 -
send 0x00000013 0x0051C7A4 0x003EE60C 0x003EE60C -
select 0x00000012 0x0051C7A8 0x003EE610 0x003EE610 -
WSACleanup 0x00000074 0x0051C7AC 0x003EE614 0x003EE614 -
WSAStartup 0x00000073 0x0051C7B0 0x003EE618 0x003EE618 -
inet_ntoa 0x0000000C 0x0051C7B4 0x003EE61C 0x003EE61C -
recvfrom 0x00000011 0x0051C7B8 0x003EE620 0x003EE620 -
KERNEL32.dll (144)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetVersion - 0x0051C1D0 0x003EE038 0x003EE038 0x00000174
VirtualAlloc - 0x0051C1D4 0x003EE03C 0x003EE03C 0x000002BB
VirtualFree - 0x0051C1D8 0x003EE040 0x003EE040 0x000002BF
IsBadReadPtr - 0x0051C1DC 0x003EE044 0x003EE044 0x000001B5
CreateMutexA - 0x0051C1E0 0x003EE048 0x003EE048 0x0000003F
ReleaseMutex - 0x0051C1E4 0x003EE04C 0x003EE04C 0x00000225
SuspendThread - 0x0051C1E8 0x003EE050 0x003EE050 0x00000298
InterlockedDecrement - 0x0051C1EC 0x003EE054 0x003EE054 0x000001AD
LocalFree - 0x0051C1F0 0x003EE058 0x003EE058 0x000001CC
FileTimeToSystemTime - 0x0051C1F4 0x003EE05C 0x003EE05C 0x0000008A
FileTimeToLocalFileTime - 0x0051C1F8 0x003EE060 0x003EE060 0x00000089
lstrcpynA - 0x0051C1FC 0x003EE064 0x003EE064 0x00000305
DuplicateHandle - 0x0051C200 0x003EE068 0x003EE068 0x00000063
FlushFileBuffers - 0x0051C204 0x003EE06C 0x003EE06C 0x000000AA
LockFile - 0x0051C208 0x003EE070 0x003EE070 0x000001D3
UnlockFile - 0x0051C20C 0x003EE074 0x003EE074 0x000002AE
SetEndOfFile - 0x0051C210 0x003EE078 0x003EE078 0x00000261
lstrcmpiA - 0x0051C214 0x003EE07C 0x003EE07C 0x000002FF
GlobalDeleteAtom - 0x0051C218 0x003EE080 0x003EE080 0x00000183
GlobalFindAtomA - 0x0051C21C 0x003EE084 0x003EE084 0x00000184
GlobalAddAtomA - 0x0051C220 0x003EE088 0x003EE088 0x0000017F
GlobalGetAtomNameA - 0x0051C224 0x003EE08C 0x003EE08C 0x00000189
lstrcmpA - 0x0051C228 0x003EE090 0x003EE090 0x000002FC
LocalAlloc - 0x0051C22C 0x003EE094 0x003EE094 0x000001C8
TlsAlloc - 0x0051C230 0x003EE098 0x003EE098 0x000002A2
GlobalHandle - 0x0051C234 0x003EE09C 0x003EE09C 0x0000018B
TlsFree - 0x0051C238 0x003EE0A0 0x003EE0A0 0x000002A3
TlsSetValue - 0x0051C23C 0x003EE0A4 0x003EE0A4 0x000002A5
LocalReAlloc - 0x0051C240 0x003EE0A8 0x003EE0A8 0x000001CF
TlsGetValue - 0x0051C244 0x003EE0AC 0x003EE0AC 0x000002A4
GetFileTime - 0x0051C248 0x003EE0B0 0x003EE0B0 0x00000114
GetCurrentThread - 0x0051C24C 0x003EE0B4 0x003EE0B4 0x000000F9
GlobalFlags - 0x0051C250 0x003EE0B8 0x003EE0B8 0x00000187
SetErrorMode - 0x0051C254 0x003EE0BC 0x003EE0BC 0x00000264
GetProcessVersion - 0x0051C258 0x003EE0C0 0x003EE0C0 0x00000145
GetCPInfo - 0x0051C25C 0x003EE0C4 0x003EE0C4 0x000000BF
GetOEMCP - 0x0051C260 0x003EE0C8 0x003EE0C8 0x00000131
GetStartupInfoA - 0x0051C264 0x003EE0CC 0x003EE0CC 0x00000150
RtlUnwind - 0x0051C268 0x003EE0D0 0x003EE0D0 0x0000022F
GetSystemTime - 0x0051C26C 0x003EE0D4 0x003EE0D4 0x0000015D
GetLocalTime - 0x0051C270 0x003EE0D8 0x003EE0D8 0x0000011B
RaiseException - 0x0051C274 0x003EE0DC 0x003EE0DC 0x0000020B
HeapSize - 0x0051C278 0x003EE0E0 0x003EE0E0 0x000001A3
GetACP - 0x0051C27C 0x003EE0E4 0x003EE0E4 0x000000B9
UnhandledExceptionFilter - 0x0051C280 0x003EE0E8 0x003EE0E8 0x000002AD
FreeEnvironmentStringsA - 0x0051C284 0x003EE0EC 0x003EE0EC 0x000000B2
FreeEnvironmentStringsW - 0x0051C288 0x003EE0F0 0x003EE0F0 0x000000B3
GetEnvironmentStrings - 0x0051C28C 0x003EE0F4 0x003EE0F4 0x00000106
GetEnvironmentStringsW - 0x0051C290 0x003EE0F8 0x003EE0F8 0x00000108
SetHandleCount - 0x0051C294 0x003EE0FC 0x003EE0FC 0x0000026D
GetStdHandle - 0x0051C298 0x003EE100 0x003EE100 0x00000152
GetFileType - 0x0051C29C 0x003EE104 0x003EE104 0x00000115
GetEnvironmentVariableA - 0x0051C2A0 0x003EE108 0x003EE108 0x00000109
HeapDestroy - 0x0051C2A4 0x003EE10C 0x003EE10C 0x0000019D
HeapCreate - 0x0051C2A8 0x003EE110 0x003EE110 0x0000019B
SetEnvironmentVariableA - 0x0051C2AC 0x003EE114 0x003EE114 0x00000262
LCMapStringA - 0x0051C2B0 0x003EE118 0x003EE118 0x000001BF
LCMapStringW - 0x0051C2B4 0x003EE11C 0x003EE11C 0x000001C0
IsBadWritePtr - 0x0051C2B8 0x003EE120 0x003EE120 0x000001B8
SetUnhandledExceptionFilter - 0x0051C2BC 0x003EE124 0x003EE124 0x0000028B
GetStringTypeA - 0x0051C2C0 0x003EE128 0x003EE128 0x00000153
GetStringTypeW - 0x0051C2C4 0x003EE12C 0x003EE12C 0x00000156
CompareStringA - 0x0051C2C8 0x003EE130 0x003EE130 0x00000021
CompareStringW - 0x0051C2CC 0x003EE134 0x003EE134 0x00000022
IsBadCodePtr - 0x0051C2D0 0x003EE138 0x003EE138 0x000001B2
SetStdHandle - 0x0051C2D4 0x003EE13C 0x003EE13C 0x0000027C
GetSystemInfo - 0x0051C2D8 0x003EE140 0x003EE140 0x0000015B
IsProcessorFeaturePresent - 0x0051C2DC 0x003EE144 0x003EE144 0x000001BC
GetTimeZoneInformation - 0x0051C2E0 0x003EE148 0x003EE148 0x00000170
SetLastError - 0x0051C2E4 0x003EE14C 0x003EE14C 0x00000271
GetSystemDirectoryA - 0x0051C2E8 0x003EE150 0x003EE150 0x00000159
GetWindowsDirectoryA - 0x0051C2EC 0x003EE154 0x003EE154 0x0000017D
OpenProcess - 0x0051C2F0 0x003EE158 0x003EE158 0x000001EF
TerminateProcess - 0x0051C2F4 0x003EE15C 0x003EE15C 0x0000029E
GetCurrentProcess - 0x0051C2F8 0x003EE160 0x003EE160 0x000000F7
GetFileSize - 0x0051C2FC 0x003EE164 0x003EE164 0x00000112
SetFilePointer - 0x0051C300 0x003EE168 0x003EE168 0x0000026A
CreateToolhelp32Snapshot - 0x0051C304 0x003EE16C 0x003EE16C 0x0000004C
Process32First - 0x0051C308 0x003EE170 0x003EE170 0x000001FC
Process32Next - 0x0051C30C 0x003EE174 0x003EE174 0x000001FE
TerminateThread - 0x0051C310 0x003EE178 0x003EE178 0x0000029F
CreateSemaphoreA - 0x0051C314 0x003EE17C 0x003EE17C 0x00000047
ResumeThread - 0x0051C318 0x003EE180 0x003EE180 0x0000022C
ReleaseSemaphore - 0x0051C31C 0x003EE184 0x003EE184 0x00000226
EnterCriticalSection - 0x0051C320 0x003EE188 0x003EE188 0x00000066
LeaveCriticalSection - 0x0051C324 0x003EE18C 0x003EE18C 0x000001C1
GetProfileStringA - 0x0051C328 0x003EE190 0x003EE190 0x0000014B
WriteFile - 0x0051C32C 0x003EE194 0x003EE194 0x000002DF
WaitForMultipleObjects - 0x0051C330 0x003EE198 0x003EE198 0x000002CC
CreateFileA - 0x0051C334 0x003EE19C 0x003EE19C 0x00000034
SetEvent - 0x0051C338 0x003EE1A0 0x003EE1A0 0x00000265
FindResourceA - 0x0051C33C 0x003EE1A4 0x003EE1A4 0x000000A3
LoadResource - 0x0051C340 0x003EE1A8 0x003EE1A8 0x000001C7
LockResource - 0x0051C344 0x003EE1AC 0x003EE1AC 0x000001D5
ReadFile - 0x0051C348 0x003EE1B0 0x003EE1B0 0x00000218
lstrlenW - 0x0051C34C 0x003EE1B4 0x003EE1B4 0x00000309
GetModuleFileNameA - 0x0051C350 0x003EE1B8 0x003EE1B8 0x00000124
WideCharToMultiByte - 0x0051C354 0x003EE1BC 0x003EE1BC 0x000002D2
MultiByteToWideChar - 0x0051C358 0x003EE1C0 0x003EE1C0 0x000001E4
GetCurrentThreadId - 0x0051C35C 0x003EE1C4 0x003EE1C4 0x000000FA
ExitProcess - 0x0051C360 0x003EE1C8 0x003EE1C8 0x0000007D
GlobalSize - 0x0051C364 0x003EE1CC 0x003EE1CC 0x00000190
GlobalFree - 0x0051C368 0x003EE1D0 0x003EE1D0 0x00000188
DeleteCriticalSection - 0x0051C36C 0x003EE1D4 0x003EE1D4 0x00000055
InitializeCriticalSection - 0x0051C370 0x003EE1D8 0x003EE1D8 0x000001AA
lstrcatA - 0x0051C374 0x003EE1DC 0x003EE1DC 0x000002F9
lstrlenA - 0x0051C378 0x003EE1E0 0x003EE1E0 0x00000308
WinExec - 0x0051C37C 0x003EE1E4 0x003EE1E4 0x000002D3
lstrcpyA - 0x0051C380 0x003EE1E8 0x003EE1E8 0x00000302
FindNextFileA - 0x0051C384 0x003EE1EC 0x003EE1EC 0x0000009D
GlobalReAlloc - 0x0051C388 0x003EE1F0 0x003EE1F0 0x0000018F
HeapFree - 0x0051C38C 0x003EE1F4 0x003EE1F4 0x0000019F
HeapReAlloc - 0x0051C390 0x003EE1F8 0x003EE1F8 0x000001A2
GetProcessHeap - 0x0051C394 0x003EE1FC 0x003EE1FC 0x00000140
HeapAlloc - 0x0051C398 0x003EE200 0x003EE200 0x00000199
GetUserDefaultLCID - 0x0051C39C 0x003EE204 0x003EE204 0x00000171
GetFullPathNameA - 0x0051C3A0 0x003EE208 0x003EE208 0x00000116
FreeLibrary - 0x0051C3A4 0x003EE20C 0x003EE20C 0x000000B4
LoadLibraryA - 0x0051C3A8 0x003EE210 0x003EE210 0x000001C2
GetLastError - 0x0051C3AC 0x003EE214 0x003EE214 0x0000011A
GetVersionExA - 0x0051C3B0 0x003EE218 0x003EE218 0x00000175
WritePrivateProfileStringA - 0x0051C3B4 0x003EE21C 0x003EE21C 0x000002E5
CreateThread - 0x0051C3B8 0x003EE220 0x003EE220 0x0000004A
CreateEventA - 0x0051C3BC 0x003EE224 0x003EE224 0x00000031
Sleep - 0x0051C3C0 0x003EE228 0x003EE228 0x00000296
GlobalAlloc - 0x0051C3C4 0x003EE22C 0x003EE22C 0x00000181
GlobalLock - 0x0051C3C8 0x003EE230 0x003EE230 0x0000018C
GlobalUnlock - 0x0051C3CC 0x003EE234 0x003EE234 0x00000193
GetTempPathA - 0x0051C3D0 0x003EE238 0x003EE238 0x00000165
FindFirstFileA - 0x0051C3D4 0x003EE23C 0x003EE23C 0x00000094
FindClose - 0x0051C3D8 0x003EE240 0x003EE240 0x00000090
GetFileAttributesA - 0x0051C3DC 0x003EE244 0x003EE244 0x0000010D
DeleteFileA - 0x0051C3E0 0x003EE248 0x003EE248 0x00000057
SetCurrentDirectoryA - 0x0051C3E4 0x003EE24C 0x003EE24C 0x0000025D
GetVolumeInformationA - 0x0051C3E8 0x003EE250 0x003EE250 0x00000177
GetModuleHandleA - 0x0051C3EC 0x003EE254 0x003EE254 0x00000126
GetProcAddress - 0x0051C3F0 0x003EE258 0x003EE258 0x0000013E
MulDiv - 0x0051C3F4 0x003EE25C 0x003EE25C 0x000001E3
GetCommandLineA - 0x0051C3F8 0x003EE260 0x003EE260 0x000000CA
GetTickCount - 0x0051C3FC 0x003EE264 0x003EE264 0x0000016D
WaitForSingleObject - 0x0051C400 0x003EE268 0x003EE268 0x000002CE
CloseHandle - 0x0051C404 0x003EE26C 0x003EE26C 0x0000001B
InterlockedExchange - 0x0051C408 0x003EE270 0x003EE270 0x000001AE
InterlockedIncrement - 0x0051C40C 0x003EE274 0x003EE274 0x000001B0
USER32.dll (164)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetSysColorBrush - 0x0051C480 0x003EE2E8 0x003EE2E8 0x00000144
GetMenuCheckMarkDimensions - 0x0051C484 0x003EE2EC 0x003EE2EC 0x0000011E
SetMenuItemBitmaps - 0x0051C488 0x003EE2F0 0x003EE2F0 0x00000239
CheckMenuItem - 0x0051C48C 0x003EE2F4 0x003EE2F4 0x00000034
IsDialogMessageA - 0x0051C490 0x003EE2F8 0x003EE2F8 0x00000188
ScrollWindowEx - 0x0051C494 0x003EE2FC 0x003EE2FC 0x0000020E
SendDlgItemMessageA - 0x0051C498 0x003EE300 0x003EE300 0x0000020F
MapWindowPoints - 0x0051C49C 0x003EE304 0x003EE304 0x000001B9
AdjustWindowRectEx - 0x0051C4A0 0x003EE308 0x003EE308 0x00000002
GetScrollPos - 0x0051C4A4 0x003EE30C 0x003EE30C 0x0000013F
RegisterClassA - 0x0051C4A8 0x003EE310 0x003EE310 0x000001F2
CreateWindowExA - 0x0051C4AC 0x003EE314 0x003EE314 0x00000059
GetClassLongA - 0x0051C4B0 0x003EE318 0x003EE318 0x000000EB
RemovePropA - 0x0051C4B4 0x003EE31C 0x003EE31C 0x00000205
GetMessageTime - 0x0051C4B8 0x003EE320 0x003EE320 0x0000012D
GetLastActivePopup - 0x0051C4BC 0x003EE324 0x003EE324 0x00000119
RegisterWindowMessageA - 0x0051C4C0 0x003EE328 0x003EE328 0x00000200
GetWindowPlacement - 0x0051C4C4 0x003EE32C 0x003EE32C 0x0000015B
EndDialog - 0x0051C4C8 0x003EE330 0x003EE330 0x000000B9
CreateDialogIndirectParamA - 0x0051C4CC 0x003EE334 0x003EE334 0x0000004C
DestroyWindow - 0x0051C4D0 0x003EE338 0x003EE338 0x0000008E
EndPaint - 0x0051C4D4 0x003EE33C 0x003EE33C 0x000000BB
BeginPaint - 0x0051C4D8 0x003EE340 0x003EE340 0x0000000C
CharUpperA - 0x0051C4DC 0x003EE344 0x003EE344 0x0000002F
GetWindowTextLengthA - 0x0051C4E0 0x003EE348 0x003EE348 0x0000015F
GetForegroundWindow - 0x0051C4E4 0x003EE34C 0x003EE34C 0x00000108
SetWindowTextA - 0x0051C4E8 0x003EE350 0x003EE350 0x0000025E
GetMenuItemCount - 0x0051C4EC 0x003EE354 0x003EE354 0x00000122
GetMenuItemID - 0x0051C4F0 0x003EE358 0x003EE358 0x00000123
GetMenuStringA - 0x0051C4F4 0x003EE35C 0x003EE35C 0x00000128
GetMenuState - 0x0051C4F8 0x003EE360 0x003EE360 0x00000127
GetTabbedTextExtentA - 0x0051C4FC 0x003EE364 0x003EE364 0x00000147
GrayStringA - 0x0051C500 0x003EE368 0x003EE368 0x00000164
TabbedTextOutA - 0x0051C504 0x003EE36C 0x003EE36C 0x00000273
WindowFromDC - 0x0051C508 0x003EE370 0x003EE370 0x000002A8
EnumChildWindows - 0x0051C50C 0x003EE374 0x003EE374 0x000000BD
GetWindowDC - 0x0051C510 0x003EE378 0x003EE378 0x00000154
UnhookWindowsHookEx - 0x0051C514 0x003EE37C 0x003EE37C 0x00000286
CallNextHookEx - 0x0051C518 0x003EE380 0x003EE380 0x00000015
SetWindowsHookExA - 0x0051C51C 0x003EE384 0x003EE384 0x00000262
GetPropA - 0x0051C520 0x003EE388 0x003EE388 0x0000013A
MoveWindow - 0x0051C524 0x003EE38C 0x003EE38C 0x000001C9
CallWindowProcA - 0x0051C528 0x003EE390 0x003EE390 0x00000016
SetPropA - 0x0051C52C 0x003EE394 0x003EE394 0x00000242
DrawTextA - 0x0051C530 0x003EE398 0x003EE398 0x000000AF
GetCursor - 0x0051C534 0x003EE39C 0x003EE39C 0x000000F9
GetWindowTextA - 0x0051C538 0x003EE3A0 0x003EE3A0 0x0000015E
GetDlgItem - 0x0051C53C 0x003EE3A4 0x003EE3A4 0x00000102
FindWindowA - 0x0051C540 0x003EE3A8 0x003EE3A8 0x000000D5
GetWindowThreadProcessId - 0x0051C544 0x003EE3AC 0x003EE3AC 0x00000162
GetClassNameA - 0x0051C548 0x003EE3B0 0x003EE3B0 0x000000ED
GetDesktopWindow - 0x0051C54C 0x003EE3B4 0x003EE3B4 0x000000FF
DrawStateA - 0x0051C550 0x003EE3B8 0x003EE3B8 0x000000AD
FrameRect - 0x0051C554 0x003EE3BC 0x003EE3BC 0x000000DB
GetNextDlgTabItem - 0x0051C558 0x003EE3C0 0x003EE3C0 0x00000133
LoadIconA - 0x0051C55C 0x003EE3C4 0x003EE3C4 0x0000019E
TranslateMessage - 0x0051C560 0x003EE3C8 0x003EE3C8 0x00000282
DrawFrameControl - 0x0051C564 0x003EE3CC 0x003EE3CC 0x000000A8
DrawEdge - 0x0051C568 0x003EE3D0 0x003EE3D0 0x000000A5
DrawFocusRect - 0x0051C56C 0x003EE3D4 0x003EE3D4 0x000000A6
WindowFromPoint - 0x0051C570 0x003EE3D8 0x003EE3D8 0x000002A9
GetMessageA - 0x0051C574 0x003EE3DC 0x003EE3DC 0x0000012A
DispatchMessageA - 0x0051C578 0x003EE3E0 0x003EE3E0 0x00000095
SetRectEmpty - 0x0051C57C 0x003EE3E4 0x003EE3E4 0x00000245
RegisterClipboardFormatA - 0x0051C580 0x003EE3E8 0x003EE3E8 0x000001F6
CreateIconFromResourceEx - 0x0051C584 0x003EE3EC 0x003EE3EC 0x00000053
DrawIconEx - 0x0051C588 0x003EE3F0 0x003EE3F0 0x000000AA
CreatePopupMenu - 0x0051C58C 0x003EE3F4 0x003EE3F4 0x00000058
AppendMenuA - 0x0051C590 0x003EE3F8 0x003EE3F8 0x00000007
ModifyMenuA - 0x0051C594 0x003EE3FC 0x003EE3FC 0x000001C4
CreateMenu - 0x0051C598 0x003EE400 0x003EE400 0x00000057
CreateAcceleratorTableA - 0x0051C59C 0x003EE404 0x003EE404 0x00000046
GetDlgCtrlID - 0x0051C5A0 0x003EE408 0x003EE408 0x00000101
GetSubMenu - 0x0051C5A4 0x003EE40C 0x003EE40C 0x00000142
EnableMenuItem - 0x0051C5A8 0x003EE410 0x003EE410 0x000000B5
ClientToScreen - 0x0051C5AC 0x003EE414 0x003EE414 0x0000003A
EnumDisplaySettingsA - 0x0051C5B0 0x003EE418 0x003EE418 0x000000C5
LoadImageA - 0x0051C5B4 0x003EE41C 0x003EE41C 0x000001A0
SystemParametersInfoA - 0x0051C5B8 0x003EE420 0x003EE420 0x00000271
ShowWindow - 0x0051C5BC 0x003EE424 0x003EE424 0x0000026A
IsWindowEnabled - 0x0051C5C0 0x003EE428 0x003EE428 0x00000190
TranslateAcceleratorA - 0x0051C5C4 0x003EE42C 0x003EE42C 0x0000027F
GetKeyState - 0x0051C5C8 0x003EE430 0x003EE430 0x00000112
CopyAcceleratorTableA - 0x0051C5CC 0x003EE434 0x003EE434 0x00000040
PostQuitMessage - 0x0051C5D0 0x003EE438 0x003EE438 0x000001E0
IsZoomed - 0x0051C5D4 0x003EE43C 0x003EE43C 0x00000193
GetClassInfoA - 0x0051C5D8 0x003EE440 0x003EE440 0x000000E7
DefWindowProcA - 0x0051C5DC 0x003EE444 0x003EE444 0x00000084
GetSystemMenu - 0x0051C5E0 0x003EE448 0x003EE448 0x00000145
DeleteMenu - 0x0051C5E4 0x003EE44C 0x003EE44C 0x00000087
GetMenu - 0x0051C5E8 0x003EE450 0x003EE450 0x0000011C
SetMenu - 0x0051C5EC 0x003EE454 0x003EE454 0x00000235
PeekMessageA - 0x0051C5F0 0x003EE458 0x003EE458 0x000001DC
IsIconic - 0x0051C5F4 0x003EE45C 0x003EE45C 0x0000018C
SetFocus - 0x0051C5F8 0x003EE460 0x003EE460 0x0000022F
GetActiveWindow - 0x0051C5FC 0x003EE464 0x003EE464 0x000000DD
GetWindow - 0x0051C600 0x003EE468 0x003EE468 0x00000152
DestroyAcceleratorTable - 0x0051C604 0x003EE46C 0x003EE46C 0x00000089
SetWindowRgn - 0x0051C608 0x003EE470 0x003EE470 0x0000025C
GetMessagePos - 0x0051C60C 0x003EE474 0x003EE474 0x0000012C
ScreenToClient - 0x0051C610 0x003EE478 0x003EE478 0x0000020A
ChildWindowFromPointEx - 0x0051C614 0x003EE47C 0x003EE47C 0x00000038
CopyRect - 0x0051C618 0x003EE480 0x003EE480 0x00000044
LoadBitmapA - 0x0051C61C 0x003EE484 0x003EE484 0x00000198
WinHelpA - 0x0051C620 0x003EE488 0x003EE488 0x000002A6
KillTimer - 0x0051C624 0x003EE48C 0x003EE48C 0x00000195
SetTimer - 0x0051C628 0x003EE490 0x003EE490 0x00000252
ReleaseCapture - 0x0051C62C 0x003EE494 0x003EE494 0x00000202
GetCapture - 0x0051C630 0x003EE498 0x003EE498 0x000000E4
SetCapture - 0x0051C634 0x003EE49C 0x003EE49C 0x0000021D
GetScrollRange - 0x0051C638 0x003EE4A0 0x003EE4A0 0x00000140
SetScrollRange - 0x0051C63C 0x003EE4A4 0x003EE4A4 0x00000248
SetRect - 0x0051C640 0x003EE4A8 0x003EE4A8 0x00000244
InflateRect - 0x0051C644 0x003EE4AC 0x003EE4AC 0x00000171
IntersectRect - 0x0051C648 0x003EE4B0 0x003EE4B0 0x00000179
DestroyIcon - 0x0051C64C 0x003EE4B4 0x003EE4B4 0x0000008C
PtInRect - 0x0051C650 0x003EE4B8 0x003EE4B8 0x000001EA
OffsetRect - 0x0051C654 0x003EE4BC 0x003EE4BC 0x000001D2
IsWindowVisible - 0x0051C658 0x003EE4C0 0x003EE4C0 0x00000192
EnableWindow - 0x0051C65C 0x003EE4C4 0x003EE4C4 0x000000B7
RedrawWindow - 0x0051C660 0x003EE4C8 0x003EE4C8 0x000001F1
GetWindowLongA - 0x0051C664 0x003EE4CC 0x003EE4CC 0x00000156
SetWindowLongA - 0x0051C668 0x003EE4D0 0x003EE4D0 0x00000258
GetSysColor - 0x0051C66C 0x003EE4D4 0x003EE4D4 0x00000143
SetActiveWindow - 0x0051C670 0x003EE4D8 0x003EE4D8 0x0000021C
SetCursorPos - 0x0051C674 0x003EE4DC 0x003EE4DC 0x00000228
LoadCursorA - 0x0051C678 0x003EE4E0 0x003EE4E0 0x0000019A
SetCursor - 0x0051C67C 0x003EE4E4 0x003EE4E4 0x00000226
GetDC - 0x0051C680 0x003EE4E8 0x003EE4E8 0x000000FD
FillRect - 0x0051C684 0x003EE4EC 0x003EE4EC 0x000000D4
IsRectEmpty - 0x0051C688 0x003EE4F0 0x003EE4F0 0x0000018E
ReleaseDC - 0x0051C68C 0x003EE4F4 0x003EE4F4 0x00000203
IsChild - 0x0051C690 0x003EE4F8 0x003EE4F8 0x00000185
TrackPopupMenu - 0x0051C694 0x003EE4FC 0x003EE4FC 0x0000027C
DestroyMenu - 0x0051C698 0x003EE500 0x003EE500 0x0000008D
SetForegroundWindow - 0x0051C69C 0x003EE504 0x003EE504 0x00000230
GetWindowRect - 0x0051C6A0 0x003EE508 0x003EE508 0x0000015C
EqualRect - 0x0051C6A4 0x003EE50C 0x003EE50C 0x000000D1
UpdateWindow - 0x0051C6A8 0x003EE510 0x003EE510 0x00000291
ValidateRect - 0x0051C6AC 0x003EE514 0x003EE514 0x0000029A
InvalidateRect - 0x0051C6B0 0x003EE518 0x003EE518 0x0000017A
GetClientRect - 0x0051C6B4 0x003EE51C 0x003EE51C 0x000000F0
GetFocus - 0x0051C6B8 0x003EE520 0x003EE520 0x00000107
GetParent - 0x0051C6BC 0x003EE524 0x003EE524 0x00000135
GetTopWindow - 0x0051C6C0 0x003EE528 0x003EE528 0x0000014C
PostMessageA - 0x0051C6C4 0x003EE52C 0x003EE52C 0x000001DE
IsWindow - 0x0051C6C8 0x003EE530 0x003EE530 0x0000018F
SetParent - 0x0051C6CC 0x003EE534 0x003EE534 0x0000023E
DestroyCursor - 0x0051C6D0 0x003EE538 0x003EE538 0x0000008B
SendMessageA - 0x0051C6D4 0x003EE53C 0x003EE53C 0x00000214
SetWindowPos - 0x0051C6D8 0x003EE540 0x003EE540 0x0000025B
MessageBoxA - 0x0051C6DC 0x003EE544 0x003EE544 0x000001BE
GetCursorPos - 0x0051C6E0 0x003EE548 0x003EE548 0x000000FC
GetSystemMetrics - 0x0051C6E4 0x003EE54C 0x003EE54C 0x00000146
EmptyClipboard - 0x0051C6E8 0x003EE550 0x003EE550 0x000000B4
SetClipboardData - 0x0051C6EC 0x003EE554 0x003EE554 0x00000223
OpenClipboard - 0x0051C6F0 0x003EE558 0x003EE558 0x000001D3
GetClipboardData - 0x0051C6F4 0x003EE55C 0x003EE55C 0x000000F2
CloseClipboard - 0x0051C6F8 0x003EE560 0x003EE560 0x0000003C
wsprintfA - 0x0051C6FC 0x003EE564 0x003EE564 0x000002AC
LoadStringA - 0x0051C700 0x003EE568 0x003EE568 0x000001AB
CreateIconFromResource - 0x0051C704 0x003EE56C 0x003EE56C 0x00000052
SetScrollPos - 0x0051C708 0x003EE570 0x003EE570 0x00000247
UnregisterClassA - 0x0051C70C 0x003EE574 0x003EE574 0x0000028B
GDI32.dll (90)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateFontIndirectA - 0x0051C064 0x003EDECC 0x003EDECC 0x00000037
CreateSolidBrush - 0x0051C068 0x003EDED0 0x003EDED0 0x0000004D
FillRgn - 0x0051C06C 0x003EDED4 0x003EDED4 0x000000A8
CreateRectRgn - 0x0051C070 0x003EDED8 0x003EDED8 0x00000048
CombineRgn - 0x0051C074 0x003EDEDC 0x003EDEDC 0x0000001E
PatBlt - 0x0051C078 0x003EDEE0 0x003EDEE0 0x00000194
CreatePen - 0x0051C07C 0x003EDEE4 0x003EDEE4 0x00000044
SelectObject - 0x0051C080 0x003EDEE8 0x003EDEE8 0x000001C7
CreatePatternBrush - 0x0051C084 0x003EDEEC 0x003EDEEC 0x00000043
CreateBitmap - 0x0051C088 0x003EDEF0 0x003EDEF0 0x00000024
CreateBrushIndirect - 0x0051C08C 0x003EDEF4 0x003EDEF4 0x00000026
CreateDCA - 0x0051C090 0x003EDEF8 0x003EDEF8 0x0000002B
CreateCompatibleBitmap - 0x0051C094 0x003EDEFC 0x003EDEFC 0x00000029
GetPolyFillMode - 0x0051C098 0x003EDF00 0x003EDF00 0x00000158
GetStretchBltMode - 0x0051C09C 0x003EDF04 0x003EDF04 0x00000160
GetROP2 - 0x0051C0A0 0x003EDF08 0x003EDF08 0x00000159
GetBkColor - 0x0051C0A4 0x003EDF0C 0x003EDF0C 0x00000107
GetBkMode - 0x0051C0A8 0x003EDF10 0x003EDF10 0x00000108
GetTextColor - 0x0051C0AC 0x003EDF14 0x003EDF14 0x00000169
CreateRoundRectRgn - 0x0051C0B0 0x003EDF18 0x003EDF18 0x0000004A
SetWindowOrgEx - 0x0051C0B4 0x003EDF1C 0x003EDF1C 0x000001FA
SaveDC - 0x0051C0B8 0x003EDF20 0x003EDF20 0x000001C0
RestoreDC - 0x0051C0BC 0x003EDF24 0x003EDF24 0x000001B9
CreatePenIndirect - 0x0051C0C0 0x003EDF28 0x003EDF28 0x00000045
PtVisible - 0x0051C0C4 0x003EDF2C 0x003EDF2C 0x000001AA
RectVisible - 0x0051C0C8 0x003EDF30 0x003EDF30 0x000001AE
ExtTextOutA - 0x0051C0CC 0x003EDF34 0x003EDF34 0x0000009E
SetPolyFillMode - 0x0051C0D0 0x003EDF38 0x003EDF38 0x000001EB
SetROP2 - 0x0051C0D4 0x003EDF3C 0x003EDF3C 0x000001EC
SetMapMode - 0x0051C0D8 0x003EDF40 0x003EDF40 0x000001E2
SetViewportOrgEx - 0x0051C0DC 0x003EDF44 0x003EDF44 0x000001F6
OffsetViewportOrgEx - 0x0051C0E0 0x003EDF48 0x003EDF48 0x0000018C
SetViewportExtEx - 0x0051C0E4 0x003EDF4C 0x003EDF4C 0x000001F5
ScaleViewportExtEx - 0x0051C0E8 0x003EDF50 0x003EDF50 0x000001C1
SetWindowExtEx - 0x0051C0EC 0x003EDF54 0x003EDF54 0x000001F9
ScaleWindowExtEx - 0x0051C0F0 0x003EDF58 0x003EDF58 0x000001C2
GetClipBox - 0x0051C0F4 0x003EDF5C 0x003EDF5C 0x0000011A
ExcludeClipRect - 0x0051C0F8 0x003EDF60 0x003EDF60 0x00000098
MoveToEx - 0x0051C0FC 0x003EDF64 0x003EDF64 0x00000188
GetStockObject - 0x0051C100 0x003EDF68 0x003EDF68 0x0000015F
GetObjectA - 0x0051C104 0x003EDF6C 0x003EDF6C 0x0000014F
ExtSelectClipRgn - 0x0051C108 0x003EDF70 0x003EDF70 0x0000009D
GetViewportExtEx - 0x0051C10C 0x003EDF74 0x003EDF74 0x00000178
GetTextMetricsA - 0x0051C110 0x003EDF78 0x003EDF78 0x00000175
SetBkMode - 0x0051C114 0x003EDF7C 0x003EDF7C 0x000001CE
TextOutA - 0x0051C118 0x003EDF80 0x003EDF80 0x00000205
SetBkColor - 0x0051C11C 0x003EDF84 0x003EDF84 0x000001CD
CreateRectRgnIndirect - 0x0051C120 0x003EDF88 0x003EDF88 0x00000049
CreateDIBSection - 0x0051C124 0x003EDF8C 0x003EDF8C 0x0000002F
SetPixel - 0x0051C128 0x003EDF90 0x003EDF90 0x000001E8
SetStretchBltMode - 0x0051C12C 0x003EDF94 0x003EDF94 0x000001EF
GetClipRgn - 0x0051C130 0x003EDF98 0x003EDF98 0x0000011B
CreatePolygonRgn - 0x0051C134 0x003EDF9C 0x003EDF9C 0x00000047
SelectClipRgn - 0x0051C138 0x003EDFA0 0x003EDFA0 0x000001C5
DeleteObject - 0x0051C13C 0x003EDFA4 0x003EDFA4 0x00000053
CreateDIBitmap - 0x0051C140 0x003EDFA8 0x003EDFA8 0x00000030
GetSystemPaletteEntries - 0x0051C144 0x003EDFAC 0x003EDFAC 0x00000163
CreatePalette - 0x0051C148 0x003EDFB0 0x003EDFB0 0x00000042
StretchBlt - 0x0051C14C 0x003EDFB4 0x003EDFB4 0x00000200
SelectPalette - 0x0051C150 0x003EDFB8 0x003EDFB8 0x000001C8
RealizePalette - 0x0051C154 0x003EDFBC 0x003EDFBC 0x000001AC
GetDIBits - 0x0051C158 0x003EDFC0 0x003EDFC0 0x00000124
GetWindowExtEx - 0x0051C15C 0x003EDFC4 0x003EDFC4 0x0000017B
GetViewportOrgEx - 0x0051C160 0x003EDFC8 0x003EDFC8 0x00000179
GetWindowOrgEx - 0x0051C164 0x003EDFCC 0x003EDFCC 0x0000017C
BeginPath - 0x0051C168 0x003EDFD0 0x003EDFD0 0x00000010
EndPath - 0x0051C16C 0x003EDFD4 0x003EDFD4 0x0000005D
PathToRegion - 0x0051C170 0x003EDFD8 0x003EDFD8 0x00000195
CreateEllipticRgn - 0x0051C174 0x003EDFDC 0x003EDFDC 0x00000032
Ellipse - 0x0051C178 0x003EDFE0 0x003EDFE0 0x00000058
Rectangle - 0x0051C17C 0x003EDFE4 0x003EDFE4 0x000001AF
LPtoDP - 0x0051C180 0x003EDFE8 0x003EDFE8 0x00000182
DPtoLP - 0x0051C184 0x003EDFEC 0x003EDFEC 0x0000004E
GetCurrentObject - 0x0051C188 0x003EDFF0 0x003EDFF0 0x0000011E
RoundRect - 0x0051C18C 0x003EDFF4 0x003EDFF4 0x000001BA
SetDIBitsToDevice - 0x0051C190 0x003EDFF8 0x003EDFF8 0x000001D7
EndPage - 0x0051C194 0x003EDFFC 0x003EDFFC 0x0000005C
EndDoc - 0x0051C198 0x003EE000 0x003EE000 0x0000005A
DeleteDC - 0x0051C19C 0x003EE004 0x003EE004 0x00000050
StartDocA - 0x0051C1A0 0x003EE008 0x003EE008 0x000001FC
StartPage - 0x0051C1A4 0x003EE00C 0x003EE00C 0x000001FF
BitBlt - 0x0051C1A8 0x003EE010 0x003EE010 0x00000011
GetPixel - 0x0051C1AC 0x003EE014 0x003EE014 0x00000156
CreateCompatibleDC - 0x0051C1B0 0x003EE018 0x003EE018 0x0000002A
SetPixelV - 0x0051C1B4 0x003EE01C 0x003EE01C 0x000001EA
GetTextExtentPoint32A - 0x0051C1B8 0x003EE020 0x003EE020 0x0000016E
LineTo - 0x0051C1BC 0x003EE024 0x003EE024 0x00000184
Escape - 0x0051C1C0 0x003EE028 0x003EE028 0x00000095
GetDeviceCaps - 0x0051C1C4 0x003EE02C 0x003EE02C 0x00000125
SetTextColor - 0x0051C1C8 0x003EE030 0x003EE030 0x000001F3
MSIMG32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GradientFill - 0x0051C414 0x003EE27C 0x003EE27C 0x00000002
WINSPOOL.DRV (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OpenPrinterA - 0x0051C764 0x003EE5CC 0x003EE5CC 0x0000007C
DocumentPropertiesA - 0x0051C768 0x003EE5D0 0x003EE5D0 0x00000047
ClosePrinter - 0x0051C76C 0x003EE5D4 0x003EE5D4 0x0000001C
comdlg32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ChooseColorA - 0x0051C7C0 0x003EE628 0x003EE628 0x00000000
ChooseFontA - 0x0051C7C4 0x003EE62C 0x003EE62C 0x00000002
GetOpenFileNameA - 0x0051C7C8 0x003EE630 0x003EE630 0x00000009
GetSaveFileNameA - 0x0051C7CC 0x003EE634 0x003EE634 0x0000000B
GetFileTitleA - 0x0051C7D0 0x003EE638 0x003EE638 0x00000007
ADVAPI32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCreateKeyExA - 0x0051C000 0x003EDE68 0x003EDE68 0x0000015F
RegOpenKeyA - 0x0051C004 0x003EDE6C 0x003EDE6C 0x00000171
RegQueryValueA - 0x0051C008 0x003EDE70 0x003EDE70 0x0000017A
RegSetValueExA - 0x0051C00C 0x003EDE74 0x003EDE74 0x00000186
RegOpenKeyExA - 0x0051C010 0x003EDE78 0x003EDE78 0x00000172
RegQueryValueExA - 0x0051C014 0x003EDE7C 0x003EDE7C 0x0000017B
RegCloseKey - 0x0051C018 0x003EDE80 0x003EDE80 0x0000015B
SHELL32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA - 0x0051C470 0x003EE2D8 0x003EE2D8 0x00000072
Shell_NotifyIconA - 0x0051C474 0x003EE2DC 0x003EE2DC 0x00000079
SHGetSpecialFolderPathA - 0x0051C478 0x003EE2E0 0x003EE2E0 0x00000054
ole32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CLSIDFromProgID - 0x0051C7D8 0x003EE640 0x003EE640 0x00000005
OleInitialize - 0x0051C7DC 0x003EE644 0x003EE644 0x000000C9
CLSIDFromString - 0x0051C7E0 0x003EE648 0x003EE648 0x00000006
CoCreateInstance - 0x0051C7E4 0x003EE64C 0x003EE64C 0x0000000D
OleRun - 0x0051C7E8 0x003EE650 0x003EE650 0x000000D8
OleUninitialize - 0x0051C7EC 0x003EE654 0x003EE654 0x000000E0
OLEAUT32.dll (18)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VariantClear 0x00000009 0x0051C424 0x003EE28C 0x003EE28C -
VariantInit 0x00000008 0x0051C428 0x003EE290 0x003EE290 -
VariantCopyInd 0x0000000B 0x0051C42C 0x003EE294 0x003EE294 -
SafeArrayGetElement 0x00000019 0x0051C430 0x003EE298 0x003EE298 -
SafeArrayAccessData 0x00000017 0x0051C434 0x003EE29C 0x003EE29C -
SafeArrayUnaccessData 0x00000018 0x0051C438 0x003EE2A0 0x003EE2A0 -
SafeArrayGetDim 0x00000011 0x0051C43C 0x003EE2A4 0x003EE2A4 -
SafeArrayGetLBound 0x00000014 0x0051C440 0x003EE2A8 0x003EE2A8 -
SafeArrayGetUBound 0x00000013 0x0051C444 0x003EE2AC 0x003EE2AC -
SysAllocString 0x00000002 0x0051C448 0x003EE2B0 0x003EE2B0 -
SafeArrayDestroy 0x00000010 0x0051C44C 0x003EE2B4 0x003EE2B4 -
SafeArrayCreate 0x0000000F 0x0051C450 0x003EE2B8 0x003EE2B8 -
SafeArrayPutElement 0x0000001A 0x0051C454 0x003EE2BC 0x003EE2BC -
RegisterTypeLib 0x000000A3 0x0051C458 0x003EE2C0 0x003EE2C0 -
LHashValOfNameSys 0x000000A5 0x0051C45C 0x003EE2C4 0x003EE2C4 -
LoadTypeLib 0x000000A1 0x0051C460 0x003EE2C8 0x003EE2C8 -
VariantChangeType 0x0000000C 0x0051C464 0x003EE2CC 0x003EE2CC -
UnRegisterTypeLib 0x000000BA 0x0051C468 0x003EE2D0 0x003EE2D0 -
COMCTL32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
None 0x00000011 0x0051C02C 0x003EDE94 0x003EDE94 -
ImageList_AddMasked - 0x0051C030 0x003EDE98 0x003EDE98 0x0000001E
ImageList_Draw - 0x0051C034 0x003EDE9C 0x003EDE9C 0x00000027
ImageList_SetBkColor - 0x0051C038 0x003EDEA0 0x003EDEA0 0x0000003B
ImageList_GetImageCount - 0x0051C03C 0x003EDEA4 0x003EDEA4 0x00000030
ImageList_GetImageInfo - 0x0051C040 0x003EDEA8 0x003EDEA8 0x00000031
ImageList_GetIcon - 0x0051C044 0x003EDEAC 0x003EDEAC 0x0000002E
_TrackMouseEvent - 0x0051C048 0x003EDEB0 0x003EDEB0 0x0000004D
ImageList_Duplicate - 0x0051C04C 0x003EDEB4 0x003EDEB4 0x0000002A
ImageList_DrawIndirect - 0x0051C050 0x003EDEB8 0x003EDEB8 0x00000029
ImageList_Read - 0x0051C054 0x003EDEBC 0x003EDEBC 0x00000037
ImageList_Create - 0x0051C058 0x003EDEC0 0x003EDEC0 0x00000021
ImageList_Destroy - 0x0051C05C 0x003EDEC4 0x003EDEC4 0x00000022
Memory Dumps (428)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
xrxnqv2g9mnibqer.exe 1 0x00400000 0x00881FFF Relevant Image False 32-bit 0x004E8BA2 False
...
buffer 1 0x0019D000 0x0019FFFF First Network Behavior False 32-bit - False
...
buffer 1 0x00BCF448 0x00BCF4CB First Network Behavior False 32-bit - False
...
buffer 1 0x00BCF8D8 0x00BCF983 First Network Behavior False 32-bit - False
...
buffer 1 0x00BD0220 0x00BD02A7 First Network Behavior False 32-bit - False
...
buffer 1 0x00BD4308 0x00BD441F First Network Behavior False 32-bit - False
...
buffer 1 0x00BD5BD0 0x00BD5C6B First Network Behavior False 32-bit - False
...
buffer 1 0x00BD7238 0x00BD72E3 First Network Behavior False 32-bit - False
...
buffer 1 0x00BDEFD8 0x00BDF1BF First Network Behavior False 32-bit - False
...
buffer 1 0x00BDF1C8 0x00BDF3AF First Network Behavior False 32-bit - False
...
buffer 1 0x00BDF3B8 0x00BDF59F First Network Behavior False 32-bit - False
...
buffer 1 0x00BDF5A8 0x00BDF78F First Network Behavior False 32-bit - False
...
buffer 1 0x00BE0A10 0x00BE1A83 First Network Behavior False 32-bit - False
...
buffer 1 0x00BE5C20 0x00BF4641 First Network Behavior False 32-bit - False
...
buffer 1 0x00BF4650 0x00BF5023 First Network Behavior False 32-bit - False
...
buffer 1 0x00BF5030 0x00C03A51 First Network Behavior False 32-bit - False
...
buffer 1 0x00C0CE50 0x00C0CF0B First Network Behavior False 32-bit - False
...
buffer 1 0x00C0CFE0 0x00C0D09B First Network Behavior False 32-bit - False
...
buffer 1 0x00C0D1C8 0x00C0D283 First Network Behavior False 32-bit - False
...
buffer 1 0x00C0FEA8 0x00C0FF63 First Network Behavior False 32-bit - False
...
buffer 1 0x00C10698 0x00C10753 First Network Behavior False 32-bit - False
...
buffer 1 0x00C19808 0x00C198C3 First Network Behavior False 32-bit - False
...
buffer 1 0x00C19A90 0x00C19B4B First Network Behavior False 32-bit - False
...
buffer 1 0x00C19FD0 0x00C1A08B First Network Behavior False 32-bit - False
...
buffer 1 0x00C1A510 0x00C1A5CB First Network Behavior False 32-bit - False
...
buffer 1 0x00C1AA50 0x00C1AB0B First Network Behavior False 32-bit - False
...
buffer 1 0x00C1B0A0 0x00C1B15B First Network Behavior False 32-bit - False
...
buffer 1 0x00C1B800 0x00C1B8BB First Network Behavior False 32-bit - False
...
buffer 1 0x00C1BFC0 0x00C1C07B First Network Behavior False 32-bit - False
...
buffer 1 0x00C1C150 0x00C1C20B First Network Behavior False 32-bit - False
...
buffer 1 0x00C1C218 0x00C1C2D3 First Network Behavior False 32-bit - False
...
buffer 1 0x00C1C2E0 0x00C1C39B First Network Behavior False 32-bit - False
...
buffer 1 0x00C1C600 0x00C1C6BB First Network Behavior False 32-bit - False
...
buffer 1 0x00C21260 0x00C212EF First Network Behavior False 32-bit - False
...
buffer 1 0x00C21B40 0x00C21BFB First Network Behavior False 32-bit - False
...
buffer 1 0x00C21F28 0x00C21FE3 First Network Behavior False 32-bit - False
...
buffer 1 0x00C23120 0x00C231DB First Network Behavior False 32-bit - False
...
buffer 1 0x00C25BF0 0x00C25FB7 First Network Behavior False 32-bit - False
...
buffer 1 0x00C36DC0 0x00C36EC1 First Network Behavior False 32-bit - False
...
buffer 1 0x00C37D08 0x00C37DC3 First Network Behavior False 32-bit - False
...
buffer 1 0x00C37DD0 0x00C37E8B First Network Behavior False 32-bit - False
...
buffer 1 0x00C38028 0x00C380E3 First Network Behavior False 32-bit - False
...
buffer 1 0x00C380F0 0x00C381AB First Network Behavior False 32-bit - False
...
buffer 1 0x00C381B8 0x00C38273 First Network Behavior False 32-bit - False
...
buffer 1 0x00C38410 0x00C384CB First Network Behavior False 32-bit - False
...
buffer 1 0x00C38668 0x00C38723 First Network Behavior False 32-bit - False
...
buffer 1 0x00C38730 0x00C387EB First Network Behavior False 32-bit - False
...
buffer 1 0x00C387F8 0x00C388B3 First Network Behavior False 32-bit - False
...
buffer 1 0x00C38A50 0x00C38B0B First Network Behavior False 32-bit - False
...
buffer 1 0x00C38B18 0x00C38BD3 First Network Behavior False 32-bit - False
...
buffer 1 0x00C38BE0 0x00C38C9B First Network Behavior False 32-bit - False
...
buffer 1 0x00C38CA8 0x00C38D63 First Network Behavior False 32-bit - False
...
buffer 1 0x00C39220 0x00C392DB First Network Behavior False 32-bit - False
...
buffer 1 0x00C392E8 0x00C393A3 First Network Behavior False 32-bit - False
...
buffer 1 0x00C39478 0x00C39533 First Network Behavior False 32-bit - False
...
buffer 1 0x00C39540 0x00C395FB First Network Behavior False 32-bit - False
...
buffer 1 0x00C39608 0x00C396C3 First Network Behavior False 32-bit - False
...
buffer 1 0x00C396D0 0x00C3978B First Network Behavior False 32-bit - False
...
buffer 1 0x00C39798 0x00C39853 First Network Behavior False 32-bit - False
...
buffer 1 0x00C3B9C8 0x00C3BD63 First Network Behavior False 32-bit - False
...
buffer 1 0x00C3E878 0x00C3EC13 First Network Behavior False 32-bit - False
...
buffer 1 0x00C3EC20 0x00C3EFBB First Network Behavior False 32-bit - False
...
buffer 1 0x00C3EFC8 0x00C3F3B2 First Network Behavior False 32-bit - False
...
buffer 1 0x00C438A8 0x00C43963 First Network Behavior False 32-bit - False
...
buffer 1 0x02620004 0x02620103 First Network Behavior False 32-bit - False
...
buffer 1 0x028104A0 0x0281056F First Network Behavior False 32-bit - False
...
buffer 1 0x028147C0 0x02814FBF First Network Behavior False 32-bit - False
...
buffer 1 0x028153C8 0x028167D7 First Network Behavior False 32-bit - False
...
buffer 1 0x028167E0 0x0281685F First Network Behavior False 32-bit - False
...
buffer 1 0x02816938 0x02816B27 First Network Behavior False 32-bit - False
...
buffer 1 0x02816B30 0x02816D3F First Network Behavior False 32-bit - False
...
buffer 1 0x02816D90 0x02816EAF First Network Behavior False 32-bit - False
...
buffer 1 0x02816F10 0x02816F8F First Network Behavior False 32-bit - False
...
buffer 1 0x02816FF0 0x0281710F First Network Behavior False 32-bit - False
...
buffer 1 0x02817118 0x02817207 First Network Behavior False 32-bit - False
...
buffer 1 0x02817210 0x028172BF First Network Behavior False 32-bit - False
...
buffer 1 0x028172C8 0x02817387 First Network Behavior False 32-bit - False
...
buffer 1 0x02817390 0x028174AF First Network Behavior False 32-bit - False
...
buffer 1 0x028174B8 0x02817597 First Network Behavior False 32-bit - False
...
buffer 1 0x028175A0 0x028176BF First Network Behavior False 32-bit - False
...
buffer 1 0x02817730 0x028177AF First Network Behavior False 32-bit - False
...
buffer 1 0x02817820 0x0281789F First Network Behavior False 32-bit - False
...
buffer 1 0x028178A8 0x02819CB7 First Network Behavior False 32-bit - False
...
buffer 1 0x02819CC0 0x02819D3F First Network Behavior False 32-bit - False
...
buffer 1 0x02819D48 0x02819DC7 First Network Behavior False 32-bit - False
...
buffer 1 0x02819DD0 0x02819EBF First Network Behavior False 32-bit - False
...
buffer 1 0x02819EC8 0x02819F57 First Network Behavior False 32-bit - False
...
buffer 1 0x02819F60 0x0281A04F First Network Behavior False 32-bit - False
...
buffer 1 0x0281A058 0x0281A0D7 First Network Behavior False 32-bit - False
...
buffer 1 0x0281A0E0 0x0281B4EF First Network Behavior False 32-bit - False
...
buffer 1 0x0281B4F8 0x0281B577 First Network Behavior False 32-bit - False
...
buffer 1 0x0281B580 0x0281B66F First Network Behavior False 32-bit - False
...
buffer 1 0x0281B6E0 0x0281B7CF First Network Behavior False 32-bit - False
...
buffer 1 0x0281B810 0x0281B8BF First Network Behavior False 32-bit - False
...
buffer 1 0x0281B8C8 0x0281B947 First Network Behavior False 32-bit - False
...
buffer 1 0x0281B950 0x0281B9CF First Network Behavior False 32-bit - False
...
buffer 1 0x0281B9D8 0x0281BAF7 First Network Behavior False 32-bit - False
...
buffer 1 0x0281BB00 0x0281BB7F First Network Behavior False 32-bit - False
...
buffer 1 0x0281BB88 0x0281BC87 First Network Behavior False 32-bit - False
...
buffer 1 0x0281BCE8 0x0281D0F7 First Network Behavior False 32-bit - False
...
buffer 1 0x0281D100 0x0281D21F First Network Behavior False 32-bit - False
...
buffer 1 0x0281D290 0x0281D33F First Network Behavior False 32-bit - False
...
buffer 1 0x0281D348 0x0281D3F7 First Network Behavior False 32-bit - False
...
buffer 1 0x0281D400 0x0281D47F First Network Behavior False 32-bit - False
...
buffer 1 0x0281D488 0x0281D5A7 First Network Behavior False 32-bit - False
...
buffer 1 0x0281D5B0 0x0281D62F First Network Behavior False 32-bit - False
...
buffer 1 0x0281D638 0x0281D757 First Network Behavior False 32-bit - False
...
buffer 1 0x0281D760 0x0281D7DF First Network Behavior False 32-bit - False
...
buffer 1 0x0281D7E8 0x0281D907 First Network Behavior False 32-bit - False
...
buffer 1 0x0281D910 0x0281DA2F First Network Behavior False 32-bit - False
...
buffer 1 0x0281DA38 0x0281DB57 First Network Behavior False 32-bit - False
...
buffer 1 0x0281DB60 0x0281DC7F First Network Behavior False 32-bit - False
...
buffer 1 0x0281DC88 0x0281DD07 First Network Behavior False 32-bit - False
...
buffer 1 0x0281DD90 0x0281DE0F First Network Behavior False 32-bit - False
...
buffer 1 0x0281DE18 0x0281DE97 First Network Behavior False 32-bit - False
...
buffer 1 0x0281DEA0 0x0281DF1F First Network Behavior False 32-bit - False
...
buffer 1 0x0281DF28 0x0281DFA7 First Network Behavior False 32-bit - False
...
buffer 1 0x0281DFB0 0x0281E02F First Network Behavior False 32-bit - False
...
buffer 1 0x0281E038 0x0281E0B7 First Network Behavior False 32-bit - False
...
buffer 1 0x0281E0C0 0x0281E13F First Network Behavior False 32-bit - False
...
buffer 1 0x0281E148 0x0281E1C7 First Network Behavior False 32-bit - False
...
buffer 1 0x0281E1D0 0x0281E24F First Network Behavior False 32-bit - False
...
buffer 1 0x0281E258 0x0281E2D7 First Network Behavior False 32-bit - False
...
buffer 1 0x0281E2E0 0x0281E35F First Network Behavior False 32-bit - False
...
buffer 1 0x0281E368 0x0281E3E7 First Network Behavior False 32-bit - False
...
buffer 1 0x0281E3F0 0x0281E46F First Network Behavior False 32-bit - False
...
buffer 1 0x0281E478 0x0281E4F7 First Network Behavior False 32-bit - False
...
buffer 1 0x0281E500 0x0281E57F First Network Behavior False 32-bit - False
...
buffer 1 0x0281E588 0x0281E607 First Network Behavior False 32-bit - False
...
buffer 1 0x0281E610 0x0281E68F First Network Behavior False 32-bit - False
...
buffer 1 0x0281E698 0x0281E717 First Network Behavior False 32-bit - False
...
buffer 1 0x0281E720 0x0281E79F First Network Behavior False 32-bit - False
...
buffer 1 0x0281E7A8 0x0281E827 First Network Behavior False 32-bit - False
...
buffer 1 0x0281E830 0x0281E8AF First Network Behavior False 32-bit - False
...
buffer 1 0x0281E8B8 0x0281E937 First Network Behavior False 32-bit - False
...
buffer 1 0x0281E940 0x0281E9BF First Network Behavior False 32-bit - False
...
buffer 1 0x0281E9C8 0x0281EA47 First Network Behavior False 32-bit - False
...
buffer 1 0x0281EA50 0x0281EACF First Network Behavior False 32-bit - False
...
buffer 1 0x0281EAD8 0x0281EB57 First Network Behavior False 32-bit - False
...
buffer 1 0x0281EB60 0x0281EBDF First Network Behavior False 32-bit - False
...
buffer 1 0x0281EBE8 0x0281EC67 First Network Behavior False 32-bit - False
...
buffer 1 0x0281EC70 0x0281ECEF First Network Behavior False 32-bit - False
...
buffer 1 0x0281ED70 0x0281EE8F First Network Behavior False 32-bit - False
...
buffer 1 0x0281EE98 0x0281EFB7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A0048 0x040A0167 First Network Behavior False 32-bit - False
...
buffer 1 0x040A0170 0x040A028F First Network Behavior False 32-bit - False
...
buffer 1 0x040A0298 0x040A03B7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A03C0 0x040A050F First Network Behavior False 32-bit - False
...
buffer 1 0x040A0518 0x040A0667 First Network Behavior False 32-bit - False
...
buffer 1 0x040A0670 0x040A07BF First Network Behavior False 32-bit - False
...
buffer 1 0x040A07C8 0x040A0917 First Network Behavior False 32-bit - False
...
buffer 1 0x040A0920 0x040A0A6F First Network Behavior False 32-bit - False
...
buffer 1 0x040A0A78 0x040A0BC7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A0BD0 0x040A0D1F First Network Behavior False 32-bit - False
...
buffer 1 0x040A0D28 0x040A0E77 First Network Behavior False 32-bit - False
...
buffer 1 0x040A0E80 0x040A0FCF First Network Behavior False 32-bit - False
...
buffer 1 0x040A0FD8 0x040A1127 First Network Behavior False 32-bit - False
...
buffer 1 0x040A1130 0x040A127F First Network Behavior False 32-bit - False
...
buffer 1 0x040A12B0 0x040A13CF First Network Behavior False 32-bit - False
...
buffer 1 0x040A13D8 0x040A14F7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A1500 0x040A161F First Network Behavior False 32-bit - False
...
buffer 1 0x040A1628 0x040A1747 First Network Behavior False 32-bit - False
...
buffer 1 0x040A1750 0x040A186F First Network Behavior False 32-bit - False
...
buffer 1 0x040A1878 0x040A1997 First Network Behavior False 32-bit - False
...
buffer 1 0x040A19A0 0x040A1ABF First Network Behavior False 32-bit - False
...
buffer 1 0x040A1AC8 0x040A1BE7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A1BF0 0x040A1D0F First Network Behavior False 32-bit - False
...
buffer 1 0x040A1D18 0x040A1E37 First Network Behavior False 32-bit - False
...
buffer 1 0x040A1E40 0x040A1F5F First Network Behavior False 32-bit - False
...
buffer 1 0x040A1F68 0x040A2087 First Network Behavior False 32-bit - False
...
buffer 1 0x040A2090 0x040A21AF First Network Behavior False 32-bit - False
...
buffer 1 0x040A2290 0x040A233F First Network Behavior False 32-bit - False
...
buffer 1 0x040A2348 0x040A23F7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A2400 0x040A24AF First Network Behavior False 32-bit - False
...
buffer 1 0x040A24B8 0x040A2567 First Network Behavior False 32-bit - False
...
buffer 1 0x040A2570 0x040A261F First Network Behavior False 32-bit - False
...
buffer 1 0x040A2628 0x040A26D7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A26E0 0x040A278F First Network Behavior False 32-bit - False
...
buffer 1 0x040A2798 0x040A2847 First Network Behavior False 32-bit - False
...
buffer 1 0x040A2850 0x040A28FF First Network Behavior False 32-bit - False
...
buffer 1 0x040A2908 0x040A29B7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A29C0 0x040A2A6F First Network Behavior False 32-bit - False
...
buffer 1 0x040A2A78 0x040A2B27 First Network Behavior False 32-bit - False
...
buffer 1 0x040A2B30 0x040A2BDF First Network Behavior False 32-bit - False
...
buffer 1 0x040A2C10 0x040A2CBF First Network Behavior False 32-bit - False
...
buffer 1 0x040A2CC8 0x040A2D77 First Network Behavior False 32-bit - False
...
buffer 1 0x040A2D80 0x040A2E2F First Network Behavior False 32-bit - False
...
buffer 1 0x040A2E38 0x040A2EE7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A2EF0 0x040A2F9F First Network Behavior False 32-bit - False
...
buffer 1 0x040A2FA8 0x040A3057 First Network Behavior False 32-bit - False
...
buffer 1 0x040A3060 0x040A310F First Network Behavior False 32-bit - False
...
buffer 1 0x040A3118 0x040A31C7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A31D0 0x040A327F First Network Behavior False 32-bit - False
...
buffer 1 0x040A3288 0x040A3337 First Network Behavior False 32-bit - False
...
buffer 1 0x040A3340 0x040A33EF First Network Behavior False 32-bit - False
...
buffer 1 0x040A33F8 0x040A34A7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A34B0 0x040A355F First Network Behavior False 32-bit - False
...
buffer 1 0x040A3568 0x040A3617 First Network Behavior False 32-bit - False
...
buffer 1 0x040A3620 0x040A36CF First Network Behavior False 32-bit - False
...
buffer 1 0x040A36D8 0x040A3787 First Network Behavior False 32-bit - False
...
buffer 1 0x040A3790 0x040A383F First Network Behavior False 32-bit - False
...
buffer 1 0x040A3848 0x040A38F7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A3900 0x040A39AF First Network Behavior False 32-bit - False
...
buffer 1 0x040A39B8 0x040A3A67 First Network Behavior False 32-bit - False
...
buffer 1 0x040A3A70 0x040A3B1F First Network Behavior False 32-bit - False
...
buffer 1 0x040A3B28 0x040A3BD7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A3BF0 0x040A3CCF First Network Behavior False 32-bit - False
...
buffer 1 0x040A3D40 0x040A3E1F First Network Behavior False 32-bit - False
...
buffer 1 0x040A3E50 0x040A3F6F First Network Behavior False 32-bit - False
...
buffer 1 0x040A3F78 0x040A4097 First Network Behavior False 32-bit - False
...
buffer 1 0x040A40A0 0x040A41BF First Network Behavior False 32-bit - False
...
buffer 1 0x040A41C8 0x040A42E7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A42F0 0x040A440F First Network Behavior False 32-bit - False
...
buffer 1 0x040A4418 0x040A4537 First Network Behavior False 32-bit - False
...
buffer 1 0x040A4540 0x040A465F First Network Behavior False 32-bit - False
...
buffer 1 0x040A4668 0x040A4787 First Network Behavior False 32-bit - False
...
buffer 1 0x040A4790 0x040A48AF First Network Behavior False 32-bit - False
...
buffer 1 0x040A48B8 0x040A49D7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A49E0 0x040A4AFF First Network Behavior False 32-bit - False
...
buffer 1 0x040A4B08 0x040A4C27 First Network Behavior False 32-bit - False
...
buffer 1 0x040A4C30 0x040A4D4F First Network Behavior False 32-bit - False
...
buffer 1 0x040A4D58 0x040A4E77 First Network Behavior False 32-bit - False
...
buffer 1 0x040A4E80 0x040A4F9F First Network Behavior False 32-bit - False
...
buffer 1 0x040A4FA8 0x040A50C7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A50D0 0x040A51EF First Network Behavior False 32-bit - False
...
buffer 1 0x040A51F8 0x040A5317 First Network Behavior False 32-bit - False
...
buffer 1 0x040A5320 0x040A543F First Network Behavior False 32-bit - False
...
buffer 1 0x040A5448 0x040A5567 First Network Behavior False 32-bit - False
...
buffer 1 0x040A5570 0x040A568F First Network Behavior False 32-bit - False
...
buffer 1 0x040A5698 0x040A57B7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A57C0 0x040A58DF First Network Behavior False 32-bit - False
...
buffer 1 0x040A58E8 0x040A5A07 First Network Behavior False 32-bit - False
...
buffer 1 0x040A5A10 0x040A5B2F First Network Behavior False 32-bit - False
...
buffer 1 0x040A5B38 0x040A5C57 First Network Behavior False 32-bit - False
...
buffer 1 0x040A5C60 0x040A5D7F First Network Behavior False 32-bit - False
...
buffer 1 0x040A5E30 0x040A5F2F First Network Behavior False 32-bit - False
...
buffer 1 0x040A5F38 0x040A6037 First Network Behavior False 32-bit - False
...
buffer 1 0x040A6040 0x040A613F First Network Behavior False 32-bit - False
...
buffer 1 0x040A6148 0x040A7557 First Network Behavior False 32-bit - False
...
buffer 1 0x040A7560 0x040A763F First Network Behavior False 32-bit - False
...
buffer 1 0x040A7648 0x040A7747 First Network Behavior False 32-bit - False
...
buffer 1 0x040A7750 0x040A781F First Network Behavior False 32-bit - False
...
buffer 1 0x040A7828 0x040A7907 First Network Behavior False 32-bit - False
...
buffer 1 0x040A7910 0x040A79EF First Network Behavior False 32-bit - False
...
buffer 1 0x040A79F8 0x040A7AD7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A7B10 0x040A7B8F First Network Behavior False 32-bit - False
...
buffer 1 0x040A7B98 0x040A7C17 First Network Behavior False 32-bit - False
...
buffer 1 0x040A7C20 0x040A7C9F First Network Behavior False 32-bit - False
...
buffer 1 0x040A7CA8 0x040A7D27 First Network Behavior False 32-bit - False
...
buffer 1 0x040A7D30 0x040A7DAF First Network Behavior False 32-bit - False
...
buffer 1 0x040A7DB8 0x040A7E37 First Network Behavior False 32-bit - False
...
buffer 1 0x040A7E40 0x040A7EBF First Network Behavior False 32-bit - False
...
buffer 1 0x040A7EC8 0x040A7F47 First Network Behavior False 32-bit - False
...
buffer 1 0x040A7F50 0x040A7FCF First Network Behavior False 32-bit - False
...
buffer 1 0x040A7FD8 0x040A8057 First Network Behavior False 32-bit - False
...
buffer 1 0x040A8060 0x040A80DF First Network Behavior False 32-bit - False
...
buffer 1 0x040A80E8 0x040A8167 First Network Behavior False 32-bit - False
...
buffer 1 0x040A8170 0x040A81EF First Network Behavior False 32-bit - False
...
buffer 1 0x040A81F8 0x040A8277 First Network Behavior False 32-bit - False
...
buffer 1 0x040A8280 0x040A82FF First Network Behavior False 32-bit - False
...
buffer 1 0x040A8308 0x040A8387 First Network Behavior False 32-bit - False
...
buffer 1 0x040A8390 0x040A840F First Network Behavior False 32-bit - False
...
buffer 1 0x040A8418 0x040A8497 First Network Behavior False 32-bit - False
...
buffer 1 0x040A84A0 0x040A851F First Network Behavior False 32-bit - False
...
buffer 1 0x040A8528 0x040A85A7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A85B0 0x040A862F First Network Behavior False 32-bit - False
...
buffer 1 0x040A8638 0x040A86B7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A86C0 0x040A873F First Network Behavior False 32-bit - False
...
buffer 1 0x040A8748 0x040A87C7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A87D0 0x040A884F First Network Behavior False 32-bit - False
...
buffer 1 0x040A8858 0x040A88D7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A88E0 0x040A895F First Network Behavior False 32-bit - False
...
buffer 1 0x040A8968 0x040A89E7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A89F0 0x040A8A6F First Network Behavior False 32-bit - False
...
buffer 1 0x040A8A78 0x040A8AF7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A8B00 0x040A8B7F First Network Behavior False 32-bit - False
...
buffer 1 0x040A8B88 0x040A8C07 First Network Behavior False 32-bit - False
...
buffer 1 0x040A8C10 0x040A8C8F First Network Behavior False 32-bit - False
...
buffer 1 0x040A8C98 0x040A8D17 First Network Behavior False 32-bit - False
...
buffer 1 0x040A8D20 0x040A8D9F First Network Behavior False 32-bit - False
...
buffer 1 0x040A8DA8 0x040A8E27 First Network Behavior False 32-bit - False
...
buffer 1 0x040A8E30 0x040A8EAF First Network Behavior False 32-bit - False
...
buffer 1 0x040A8FC8 0x040A9047 First Network Behavior False 32-bit - False
...
buffer 1 0x040A90D8 0x040A9157 First Network Behavior False 32-bit - False
...
buffer 1 0x040A9380 0x040A93FF First Network Behavior False 32-bit - False
...
buffer 1 0x040A9518 0x040A9597 First Network Behavior False 32-bit - False
...
buffer 1 0x040A9628 0x040A96A7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A97C0 0x040A983F First Network Behavior False 32-bit - False
...
buffer 1 0x040A99E0 0x040A9A5F First Network Behavior False 32-bit - False
...
buffer 1 0x040A9AE8 0x040A9BC7 First Network Behavior False 32-bit - False
...
buffer 1 0x040A9BD0 0x040A9CAF First Network Behavior False 32-bit - False
...
buffer 1 0x040A9CB8 0x040A9D97 First Network Behavior False 32-bit - False
...
buffer 1 0x040A9DA0 0x040A9E7F First Network Behavior False 32-bit - False
...
buffer 1 0x040A9E88 0x040A9F67 First Network Behavior False 32-bit - False
...
buffer 1 0x040A9F70 0x040AA3EF First Network Behavior False 32-bit - False
...
buffer 1 0x040AA3F8 0x040AA807 First Network Behavior False 32-bit - False
...
buffer 1 0x040AA950 0x040AAA1F First Network Behavior False 32-bit - False
...
buffer 1 0x040AAA28 0x040AAAF7 First Network Behavior False 32-bit - False
...
buffer 1 0x040AAB00 0x040AABCF First Network Behavior False 32-bit - False
...
buffer 1 0x040AAC20 0x040AACEF First Network Behavior False 32-bit - False
...
buffer 1 0x040AAD58 0x040AAE27 First Network Behavior False 32-bit - False
...
buffer 1 0x040AAEA8 0x040AAF77 First Network Behavior False 32-bit - False
...
buffer 1 0x040AAFE0 0x040AB0AF First Network Behavior False 32-bit - False
...
buffer 1 0x040AB0B8 0x040AB187 First Network Behavior False 32-bit - False
...
buffer 1 0x040AB190 0x040AB25F First Network Behavior False 32-bit - False
...
buffer 1 0x040AB268 0x040AB337 First Network Behavior False 32-bit - False
...
buffer 1 0x040AB388 0x040AB457 First Network Behavior False 32-bit - False
...
buffer 1 0x040AB460 0x040AB52F First Network Behavior False 32-bit - False
...
buffer 1 0x040AB538 0x040AC447 First Network Behavior False 32-bit - False
...
buffer 1 0x040AC450 0x040AC51F First Network Behavior False 32-bit - False
...
buffer 1 0x040AC528 0x040AC5F7 First Network Behavior False 32-bit - False
...
buffer 1 0x040AC600 0x040AC6CF First Network Behavior False 32-bit - False
...
buffer 1 0x040AC6D8 0x040AC7A7 First Network Behavior False 32-bit - False
...
buffer 1 0x040ACFE0 0x040AD0AF First Network Behavior False 32-bit - False
...
buffer 1 0x040AD0B8 0x040AD187 First Network Behavior False 32-bit - False
...
buffer 1 0x040AD268 0x040AD337 First Network Behavior False 32-bit - False
...
buffer 1 0x040AD4F0 0x040AD5BF First Network Behavior False 32-bit - False
...
buffer 1 0x040AD5C8 0x040AD697 First Network Behavior False 32-bit - False
...
buffer 1 0x040AD6A0 0x040AD76F First Network Behavior False 32-bit - False
...
buffer 1 0x040AD778 0x040AD847 First Network Behavior False 32-bit - False
...
buffer 1 0x040AD850 0x040AD91F First Network Behavior False 32-bit - False
...
buffer 1 0x040AD928 0x040AD9F7 First Network Behavior False 32-bit - False
...
buffer 1 0x040ADA00 0x040ADACF First Network Behavior False 32-bit - False
...
buffer 1 0x040ADAD8 0x040ADBA7 First Network Behavior False 32-bit - False
...
buffer 1 0x040ADBB0 0x040ADC7F First Network Behavior False 32-bit - False
...
buffer 1 0x040ADC88 0x040ADD57 First Network Behavior False 32-bit - False
...
buffer 1 0x040ADD60 0x040ADE2F First Network Behavior False 32-bit - False
...
buffer 1 0x040ADE38 0x040ADF07 First Network Behavior False 32-bit - False
...
buffer 1 0x040ADFC0 0x040AF3CF First Network Behavior False 32-bit - False
...
buffer 1 0x040AF3D8 0x040AF4D7 First Network Behavior False 32-bit - False
...
buffer 1 0x040AF4E0 0x040AF5BF First Network Behavior False 32-bit - False
...
buffer 1 0x040AF5C8 0x040AF6A7 First Network Behavior False 32-bit - False
...
buffer 1 0x040AF6B0 0x040AF78F First Network Behavior False 32-bit - False
...
buffer 1 0x040AF798 0x040AF877 First Network Behavior False 32-bit - False
...
buffer 1 0x040AF880 0x040AF95F First Network Behavior False 32-bit - False
...
buffer 1 0x040AFA78 0x040AFB57 First Network Behavior False 32-bit - False
...
buffer 1 0x040AFC48 0x040AFD27 First Network Behavior False 32-bit - False
...
buffer 1 0x040AFD30 0x040AFE0F First Network Behavior False 32-bit - False
...
buffer 1 0x040AFE18 0x040AFEF7 First Network Behavior False 32-bit - False
...
buffer 1 0x040AFF00 0x040AFFDF First Network Behavior False 32-bit - False
...
buffer 1 0x040AFFE8 0x040B00C7 First Network Behavior False 32-bit - False
...
buffer 1 0x040B0470 0x040B054F First Network Behavior False 32-bit - False
...
buffer 1 0x040B0558 0x040B0637 First Network Behavior False 32-bit - False
...
buffer 1 0x040B0970 0x040B0A6F First Network Behavior False 32-bit - False
...
buffer 1 0x040B0A78 0x040B1E87 First Network Behavior False 32-bit - False
...
buffer 1 0x040B1E90 0x040B20AF First Network Behavior False 32-bit - False
...
buffer 1 0x040B20E0 0x040B21FF First Network Behavior False 32-bit - False
...
buffer 1 0x040B57F0 0x040B589F First Network Behavior False 32-bit - False
...
buffer 1 0x040B5960 0x040B5A0F First Network Behavior False 32-bit - False
...
buffer 1 0x040B5CF8 0x040B5DA7 First Network Behavior False 32-bit - False
...
buffer 1 0x040B60C8 0x040B6167 First Network Behavior False 32-bit - False
...
xrxnqv2g9mnibqer.exe 1 0x00400000 0x00881FFF First Network Behavior False 32-bit 0x004AD0F0 False
...
buffer 1 0x10000000 0x1003DFFF First Execution False 32-bit 0x1003BEF0 False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit 0x10026218 False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit 0x10020C50 False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit 0x10025CB0 False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit 0x100322AE False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit 0x1000F6D0 False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit 0x10017090 False
...
buffer 1 0x10000000 0x1003DFFF Marked Executable False 32-bit - False
...
gdi32.dll 1 0x76760000 0x768AEFFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Marked Executable False 32-bit - False
...
gdi32.dll 1 0x76760000 0x768AEFFF First Execution False 32-bit 0x767F6835 False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Marked Executable False 32-bit - False
...
user32.dll 1 0x773F0000 0x77536FFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Marked Executable False 32-bit - False
...
user32.dll 1 0x773F0000 0x77536FFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Marked Executable False 32-bit - False
...
user32.dll 1 0x773F0000 0x77536FFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Marked Executable False 32-bit - False
...
user32.dll 1 0x773F0000 0x77536FFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Marked Executable False 32-bit - False
...
user32.dll 1 0x773F0000 0x77536FFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Marked Executable False 32-bit - False
...
user32.dll 1 0x773F0000 0x77536FFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Marked Executable False 32-bit - False
...
user32.dll 1 0x773F0000 0x77536FFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Marked Executable False 32-bit - False
...
user32.dll 1 0x773F0000 0x77536FFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Marked Executable False 32-bit - False
...
user32.dll 1 0x773F0000 0x77536FFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Marked Executable False 32-bit - False
...
user32.dll 1 0x773F0000 0x77536FFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Marked Executable False 32-bit - False
...
user32.dll 1 0x773F0000 0x77536FFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Marked Executable False 32-bit - False
...
user32.dll 1 0x773F0000 0x77536FFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Marked Executable False 32-bit - False
...
user32.dll 1 0x773F0000 0x77536FFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Marked Executable False 32-bit - False
...
user32.dll 1 0x773F0000 0x77536FFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Marked Executable False 32-bit - False
...
user32.dll 1 0x773F0000 0x77536FFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Marked Executable False 32-bit - False
...
user32.dll 1 0x773F0000 0x77536FFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Marked Executable False 32-bit - False
...
user32.dll 1 0x773F0000 0x77536FFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Marked Executable False 32-bit - False
...
user32.dll 1 0x773F0000 0x77536FFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit - False
...
buffer 1 0x10000000 0x1003DFFF Marked Executable False 32-bit - False
...
user32.dll 1 0x773F0000 0x77536FFF First Execution False 32-bit 0x77428995 False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit 0x1000A180 False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit 0x1001B870 False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit 0x10021000 False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit 0x100081D0 False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit 0x1001C570 False
...
buffer 1 0x10000000 0x1003DFFF Content Changed False 32-bit 0x1000B6E0 False
...
xrxnqv2g9mnibqer.exe 1 0x00400000 0x00881FFF Final Dump False 32-bit - False
...
YARA Matches (2)
»
Rule Name Rule Description Classification Score Actions
Shellcode_Find_kernel32_PEB x86 code to find kernel32.dll using the PEB; possible shellcode -
3/5
...
ChineseHacktools_1014 Chinese hacktool Hacktool
5/5
...
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image