Malicious
Classifications
Backdoor Injector
Threat Names
QuasarRAT Mal/Generic-S QuasarRAT.v1
Dynamic Analysis Report
Created on 2025-04-03T00:44:35+00:00
VOfpw7V8TXrUEViI.exe
Windows Exe (x86-32)
Remarks
(0x0200004A): 1 dump(s) were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 31 MB.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\RDhJ0CNFevzX\Desktop\VOfpw7V8TXrUEViI.exe | Sample File | Binary |
Malicious
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 5.23 MB |
| MD5 |
be97d2a18bd4e9eb41f80f3e3a71656a
|
| SHA1 |
f181fb8964b4f7be4a69fc196ec9b95c5b575ea2
|
| SHA256 |
fa59119030b7d7291f97ea16728f592d3e2ea1aab62172e0b57a60db818ea082
|
| SSDeep |
98304:SCYMqfuEk+8WwFsBSSUCa9qyr1ijMauCDhg0eUAnMyApx0GXtRnWV:xYMqfuEk+8W0bzJVauCDT0MyApxPjWV
|
| ImpHash |
be31e91cfe8cf306509b81ff1990de5a
|
| Static Analysis Parser Error | parsing signature failed: cannot parse signature content info |
File Reputation Information
»
| Verdict |
Malicious
|
| Names | Mal/Generic-S |
PE Information
»
| Image Base | 0x00400000 |
| Entry Point | 0x0048B4B0 |
| Size Of Code | 0x0015B400 |
| Size Of Initialized Data | 0x003E0400 |
| File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 2023-12-12 16:58 (UTC) |
Version Information (9)
»
| CompanyName | AVG Technologies |
| LegalCopyright | Copyright © 2023 AVG Technologies |
| FileDescription | AVG Overseer |
| FileVersion | 1.0.486.0 |
| InternalName | overseer |
| OriginalFilename | overseer.exe |
| ProductName | AVG Antivirus |
| ProductVersion | 1.0.486.0 |
| ProductId | avg-overseer |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00401000 | 0x0015B29A | 0x0015B400 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.6 |
| .rdata | 0x0055D000 | 0x00069FDA | 0x0006A000 | 0x0015B800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.0 |
| .data | 0x005C7000 | 0x0000A3EC | 0x00007C00 | 0x001C5800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.01 |
| .rsrc | 0x005D2000 | 0x0035E7BC | 0x0035E800 | 0x001CD400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.31 |
| .reloc | 0x00931000 | 0x0000FF70 | 0x00010000 | 0x0052BC00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.69 |
Imports (14)
»
SHELL32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SHGetFolderPathW | - | 0x0055D428 | 0x001C57C8 | 0x001C3FC8 | 0x00000150 |
| ShellExecuteExW | - | 0x0055D42C | 0x001C57CC | 0x001C3FCC | 0x000001AF |
VERSION.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetFileVersionInfoW | - | 0x0055D44C | 0x001C57EC | 0x001C3FEC | 0x00000008 |
| VerQueryValueW | - | 0x0055D450 | 0x001C57F0 | 0x001C3FF0 | 0x00000010 |
| GetFileVersionInfoSizeW | - | 0x0055D454 | 0x001C57F4 | 0x001C3FF4 | 0x00000007 |
ntdll.dll (7)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| NtClose | - | 0x0055D4EC | 0x001C588C | 0x001C408C | 0x000000D4 |
| NtOpenKey | - | 0x0055D4F0 | 0x001C5890 | 0x001C4090 | 0x0000015A |
| RtlUnwind | - | 0x0055D4F4 | 0x001C5894 | 0x001C4094 | 0x000004D3 |
| RtlNtStatusToDosError | - | 0x0055D4F8 | 0x001C5898 | 0x001C4098 | 0x00000413 |
| VerSetConditionMask | - | 0x0055D4FC | 0x001C589C | 0x001C409C | 0x00000558 |
| NtQueryKey | - | 0x0055D500 | 0x001C58A0 | 0x001C40A0 | 0x00000198 |
| NtDeleteKey | - | 0x0055D504 | 0x001C58A4 | 0x001C40A4 | 0x0000010A |
KERNEL32.dll (195)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CreateProcessW | - | 0x0055D104 | 0x001C54A4 | 0x001C3CA4 | 0x000000EE |
| ReadFile | - | 0x0055D108 | 0x001C54A8 | 0x001C3CA8 | 0x00000488 |
| VerifyVersionInfoW | - | 0x0055D10C | 0x001C54AC | 0x001C3CAC | 0x000005DF |
| FileTimeToSystemTime | - | 0x0055D110 | 0x001C54B0 | 0x001C3CB0 | 0x00000176 |
| GetSystemTimeAsFileTime | - | 0x0055D114 | 0x001C54B4 | 0x001C3CB4 | 0x000002FA |
| InitializeCriticalSection | - | 0x0055D118 | 0x001C54B8 | 0x001C3CB8 | 0x00000373 |
| EnterCriticalSection | - | 0x0055D11C | 0x001C54BC | 0x001C3CBC | 0x0000013D |
| LeaveCriticalSection | - | 0x0055D120 | 0x001C54C0 | 0x001C3CC0 | 0x000003D3 |
| DeleteFileW | - | 0x0055D124 | 0x001C54C4 | 0x001C3CC4 | 0x0000011F |
| GetFileInformationByHandle | - | 0x0055D128 | 0x001C54C8 | 0x001C3CC8 | 0x00000254 |
| GetFullPathNameW | - | 0x0055D12C | 0x001C54CC | 0x001C3CCC | 0x00000266 |
| OutputDebugStringA | - | 0x0055D130 | 0x001C54D0 | 0x001C3CD0 | 0x0000042C |
| TlsAlloc | - | 0x0055D134 | 0x001C54D4 | 0x001C3CD4 | 0x000005B8 |
| TlsGetValue | - | 0x0055D138 | 0x001C54D8 | 0x001C3CD8 | 0x000005BA |
| TlsSetValue | - | 0x0055D13C | 0x001C54DC | 0x001C3CDC | 0x000005BB |
| FreeLibrary | - | 0x0055D140 | 0x001C54E0 | 0x001C3CE0 | 0x000001B7 |
| CreateEventW | - | 0x0055D144 | 0x001C54E4 | 0x001C3CE4 | 0x000000C7 |
| SetEvent | - | 0x0055D148 | 0x001C54E8 | 0x001C3CE8 | 0x0000052C |
| ResetEvent | - | 0x0055D14C | 0x001C54EC | 0x001C3CEC | 0x000004DC |
| CreateSemaphoreW | - | 0x0055D150 | 0x001C54F0 | 0x001C3CF0 | 0x000000F5 |
| ReleaseSemaphore | - | 0x0055D154 | 0x001C54F4 | 0x001C3CF4 | 0x000004CA |
| GetSystemInfo | - | 0x0055D158 | 0x001C54F8 | 0x001C3CF8 | 0x000002F4 |
| GetTickCount | - | 0x0055D15C | 0x001C54FC | 0x001C3CFC | 0x0000031C |
| QueryPerformanceFrequency | - | 0x0055D160 | 0x001C5500 | 0x001C3D00 | 0x00000462 |
| QueryPerformanceCounter | - | 0x0055D164 | 0x001C5504 | 0x001C3D04 | 0x00000461 |
| ExpandEnvironmentStringsW | - | 0x0055D168 | 0x001C5508 | 0x001C3D08 | 0x0000016E |
| GetModuleFileNameW | - | 0x0055D16C | 0x001C550C | 0x001C3D0C | 0x00000282 |
| GetFileAttributesW | - | 0x0055D170 | 0x001C5510 | 0x001C3D10 | 0x00000252 |
| LoadLibraryExW | - | 0x0055D174 | 0x001C5514 | 0x001C3D14 | 0x000003D9 |
| GetWindowsDirectoryW | - | 0x0055D178 | 0x001C5518 | 0x001C3D18 | 0x0000033B |
| GetSystemDirectoryW | - | 0x0055D17C | 0x001C551C | 0x001C3D1C | 0x000002F1 |
| VirtualAlloc | - | 0x0055D180 | 0x001C5520 | 0x001C3D20 | 0x000005E0 |
| VirtualFree | - | 0x0055D184 | 0x001C5524 | 0x001C3D24 | 0x000005E3 |
| GlobalMemoryStatusEx | - | 0x0055D188 | 0x001C5528 | 0x001C3D28 | 0x0000034F |
| GetExitCodeThread | - | 0x0055D18C | 0x001C552C | 0x001C3D2C | 0x0000024A |
| TlsFree | - | 0x0055D190 | 0x001C5530 | 0x001C3D30 | 0x000005B9 |
| GetDriveTypeW | - | 0x0055D194 | 0x001C5534 | 0x001C3D34 | 0x0000023C |
| K32GetProcessImageFileNameW | - | 0x0055D198 | 0x001C5538 | 0x001C3D38 | 0x000003BD |
| SetFileAttributesW | - | 0x0055D19C | 0x001C553C | 0x001C3D3C | 0x00000533 |
| LockFileEx | - | 0x0055D1A0 | 0x001C5540 | 0x001C3D40 | 0x000003F0 |
| CreateFileMappingW | - | 0x0055D1A4 | 0x001C5544 | 0x001C3D44 | 0x000000D0 |
| MapViewOfFile | - | 0x0055D1A8 | 0x001C5548 | 0x001C3D48 | 0x000003F4 |
| UnmapViewOfFile | - | 0x0055D1AC | 0x001C554C | 0x001C3D4C | 0x000005CA |
| GetFileAttributesExW | - | 0x0055D1B0 | 0x001C5550 | 0x001C3D50 | 0x0000024F |
| FindClose | - | 0x0055D1B4 | 0x001C5554 | 0x001C3D54 | 0x00000181 |
| CreateDirectoryW | - | 0x0055D1B8 | 0x001C5558 | 0x001C3D58 | 0x000000C2 |
| GetCurrentDirectoryW | - | 0x0055D1BC | 0x001C555C | 0x001C3D5C | 0x0000021D |
| CompareStringW | - | 0x0055D1C0 | 0x001C5560 | 0x001C3D60 | 0x000000A3 |
| FindNextFileW | - | 0x0055D1C4 | 0x001C5564 | 0x001C3D64 | 0x00000198 |
| QueryDosDeviceW | - | 0x0055D1C8 | 0x001C5568 | 0x001C3D68 | 0x00000459 |
| GetVolumePathNameW | - | 0x0055D1CC | 0x001C556C | 0x001C3D6C | 0x00000337 |
| VirtualAllocExNuma | - | 0x0055D1D0 | 0x001C5570 | 0x001C3D70 | 0x00000000 |
| GetEnvironmentVariableW | - | 0x0055D1D4 | 0x001C5574 | 0x001C3D74 | 0x00000246 |
| GetDateFormatW | - | 0x0055D1D8 | 0x001C5578 | 0x001C3D78 | 0x0000022E |
| GetTimeFormatW | - | 0x0055D1DC | 0x001C557C | 0x001C3D7C | 0x00000321 |
| InitializeCriticalSectionAndSpinCount | - | 0x0055D1E0 | 0x001C5580 | 0x001C3D80 | 0x00000374 |
| GetVersion | - | 0x0055D1E4 | 0x001C5584 | 0x001C3D84 | 0x0000032E |
| LockResource | - | 0x0055D1E8 | 0x001C5588 | 0x001C3D88 | 0x000003F1 |
| FindResourceExW | - | 0x0055D1EC | 0x001C558C | 0x001C3D8C | 0x000001A1 |
| SetEnvironmentVariableW | - | 0x0055D1F0 | 0x001C5590 | 0x001C3D90 | 0x0000052A |
| UnlockFileEx | - | 0x0055D1F4 | 0x001C5594 | 0x001C3D94 | 0x000005C9 |
| SetFileInformationByHandle | - | 0x0055D1F8 | 0x001C5598 | 0x001C3D98 | 0x00000536 |
| K32GetMappedFileNameW | - | 0x0055D1FC | 0x001C559C | 0x001C3D9C | 0x000003B5 |
| FindFirstVolumeW | - | 0x0055D200 | 0x001C55A0 | 0x001C3DA0 | 0x00000192 |
| FindNextVolumeW | - | 0x0055D204 | 0x001C55A4 | 0x001C3DA4 | 0x0000019D |
| GetVolumePathNamesForVolumeNameW | - | 0x0055D208 | 0x001C55A8 | 0x001C3DA8 | 0x00000339 |
| FindVolumeClose | - | 0x0055D20C | 0x001C55AC | 0x001C3DAC | 0x000001A4 |
| GetSystemTimes | - | 0x0055D210 | 0x001C55B0 | 0x001C3DB0 | 0x000002FC |
| RaiseException | - | 0x0055D214 | 0x001C55B4 | 0x001C3DB4 | 0x00000477 |
| ReleaseSRWLockExclusive | - | 0x0055D218 | 0x001C55B8 | 0x001C3DB8 | 0x000004C8 |
| AcquireSRWLockExclusive | - | 0x0055D21C | 0x001C55BC | 0x001C3DBC | 0x00000000 |
| GetSystemDirectoryA | - | 0x0055D220 | 0x001C55C0 | 0x001C3DC0 | 0x000002F0 |
| GetModuleHandleA | - | 0x0055D224 | 0x001C55C4 | 0x001C3DC4 | 0x00000283 |
| LoadLibraryA | - | 0x0055D228 | 0x001C55C8 | 0x001C3DC8 | 0x000003D7 |
| MoveFileExA | - | 0x0055D22C | 0x001C55CC | 0x001C3DCC | 0x000003FD |
| GetEnvironmentVariableA | - | 0x0055D230 | 0x001C55D0 | 0x001C3DD0 | 0x00000245 |
| SleepEx | - | 0x0055D234 | 0x001C55D4 | 0x001C3DD4 | 0x0000059A |
| CreateFileA | - | 0x0055D238 | 0x001C55D8 | 0x001C3DD8 | 0x000000CB |
| ExpandEnvironmentStringsA | - | 0x0055D23C | 0x001C55DC | 0x001C3DDC | 0x0000016D |
| GetWindowsDirectoryA | - | 0x0055D240 | 0x001C55E0 | 0x001C3DE0 | 0x0000033A |
| GetVersionExA | - | 0x0055D244 | 0x001C55E4 | 0x001C3DE4 | 0x0000032F |
| TryAcquireSRWLockExclusive | - | 0x0055D248 | 0x001C55E8 | 0x001C3DE8 | 0x000005BF |
| UpdateProcThreadAttribute | - | 0x0055D24C | 0x001C55EC | 0x001C3DEC | 0x000005D4 |
| DeleteProcThreadAttributeList | - | 0x0055D250 | 0x001C55F0 | 0x001C3DF0 | 0x00000120 |
| InitializeProcThreadAttributeList | - | 0x0055D254 | 0x001C55F4 | 0x001C3DF4 | 0x00000377 |
| FormatMessageA | - | 0x0055D258 | 0x001C55F8 | 0x001C3DF8 | 0x000001B2 |
| WakeConditionVariable | - | 0x0055D25C | 0x001C55FC | 0x001C3DFC | 0x000005FA |
| SetFilePointer | - | 0x0055D260 | 0x001C5600 | 0x001C3E00 | 0x00000538 |
| GetCurrentThread | - | 0x0055D264 | 0x001C5604 | 0x001C3E04 | 0x00000228 |
| GetFileSizeEx | - | 0x0055D268 | 0x001C5608 | 0x001C3E08 | 0x00000259 |
| SetFilePointerEx | - | 0x0055D26C | 0x001C560C | 0x001C3E0C | 0x00000539 |
| WriteFile | - | 0x0055D270 | 0x001C5610 | 0x001C3E10 | 0x0000062C |
| SetEndOfFile | - | 0x0055D274 | 0x001C5614 | 0x001C3E14 | 0x00000526 |
| PeekNamedPipe | - | 0x0055D278 | 0x001C5618 | 0x001C3E18 | 0x00000436 |
| GetExitCodeProcess | - | 0x0055D27C | 0x001C561C | 0x001C3E1C | 0x00000249 |
| WaitForSingleObject | - | 0x0055D280 | 0x001C5620 | 0x001C3E20 | 0x000005F1 |
| FormatMessageW | - | 0x0055D284 | 0x001C5624 | 0x001C3E24 | 0x000001B3 |
| GetModuleHandleExW | - | 0x0055D288 | 0x001C5628 | 0x001C3E28 | 0x00000285 |
| GetProcessHeap | - | 0x0055D28C | 0x001C562C | 0x001C3E2C | 0x000002C4 |
| DeleteCriticalSection | - | 0x0055D290 | 0x001C5630 | 0x001C3E30 | 0x0000011A |
| HeapDestroy | - | 0x0055D294 | 0x001C5634 | 0x001C3E34 | 0x0000035D |
| DecodePointer | - | 0x0055D298 | 0x001C5638 | 0x001C3E38 | 0x00000113 |
| HeapAlloc | - | 0x0055D29C | 0x001C563C | 0x001C3E3C | 0x0000035A |
| HeapReAlloc | - | 0x0055D2A0 | 0x001C5640 | 0x001C3E40 | 0x00000361 |
| HeapSize | - | 0x0055D2A4 | 0x001C5644 | 0x001C3E44 | 0x00000363 |
| InitializeCriticalSectionEx | - | 0x0055D2A8 | 0x001C5648 | 0x001C3E48 | 0x00000375 |
| HeapFree | - | 0x0055D2AC | 0x001C564C | 0x001C3E4C | 0x0000035E |
| GetCommandLineW | - | 0x0055D2B0 | 0x001C5650 | 0x001C3E50 | 0x000001E3 |
| OpenMutexW | - | 0x0055D2B4 | 0x001C5654 | 0x001C3E54 | 0x0000041D |
| GetComputerNameW | - | 0x0055D2B8 | 0x001C5658 | 0x001C3E58 | 0x000001EB |
| GetLocaleInfoA | - | 0x0055D2BC | 0x001C565C | 0x001C3E5C | 0x00000270 |
| GetDiskFreeSpaceExW | - | 0x0055D2C0 | 0x001C5660 | 0x001C3E60 | 0x00000235 |
| GetNativeSystemInfo | - | 0x0055D2C4 | 0x001C5664 | 0x001C3E64 | 0x00000293 |
| GetVersionExW | - | 0x0055D2C8 | 0x001C5668 | 0x001C3E68 | 0x00000330 |
| SetLastError | - | 0x0055D2CC | 0x001C566C | 0x001C3E6C | 0x00000548 |
| ReleaseMutex | - | 0x0055D2D0 | 0x001C5670 | 0x001C3E70 | 0x000004C5 |
| MultiByteToWideChar | - | 0x0055D2D4 | 0x001C5674 | 0x001C3E74 | 0x00000405 |
| OutputDebugStringW | - | 0x0055D2D8 | 0x001C5678 | 0x001C3E78 | 0x0000042D |
| GetCurrentProcessId | - | 0x0055D2DC | 0x001C567C | 0x001C3E7C | 0x00000225 |
| GetCurrentThreadId | - | 0x0055D2E0 | 0x001C5680 | 0x001C3E80 | 0x00000229 |
| DeviceIoControl | - | 0x0055D2E4 | 0x001C5684 | 0x001C3E84 | 0x00000127 |
| CopyFileW | - | 0x0055D2E8 | 0x001C5688 | 0x001C3E88 | 0x000000B5 |
| MoveFileExW | - | 0x0055D2EC | 0x001C568C | 0x001C3E8C | 0x000003FE |
| FlushFileBuffers | - | 0x0055D2F0 | 0x001C5690 | 0x001C3E90 | 0x000001AB |
| CreateFileW | - | 0x0055D2F4 | 0x001C5694 | 0x001C3E94 | 0x000000D3 |
| GetCurrentProcess | - | 0x0055D2F8 | 0x001C5698 | 0x001C3E98 | 0x00000224 |
| SetPriorityClass | - | 0x0055D2FC | 0x001C569C | 0x001C3E9C | 0x00000552 |
| HeapSetInformation | - | 0x0055D300 | 0x001C56A0 | 0x001C3EA0 | 0x00000362 |
| CreateMutexW | - | 0x0055D304 | 0x001C56A4 | 0x001C3EA4 | 0x000000E2 |
| LocalFree | - | 0x0055D308 | 0x001C56A8 | 0x001C3EA8 | 0x000003E5 |
| GetProcAddress | - | 0x0055D30C | 0x001C56AC | 0x001C3EAC | 0x000002BD |
| SetDllDirectoryW | - | 0x0055D310 | 0x001C56B0 | 0x001C3EB0 | 0x00000524 |
| GetSystemPowerStatus | - | 0x0055D314 | 0x001C56B4 | 0x001C3EB4 | 0x000002F5 |
| QueryUnbiasedInterruptTime | - | 0x0055D318 | 0x001C56B8 | 0x001C3EB8 | 0x00000469 |
| SizeofResource | - | 0x0055D31C | 0x001C56BC | 0x001C3EBC | 0x00000596 |
| LoadResource | - | 0x0055D320 | 0x001C56C0 | 0x001C3EC0 | 0x000003DD |
| FindResourceW | - | 0x0055D324 | 0x001C56C4 | 0x001C3EC4 | 0x000001A2 |
| GetModuleHandleW | - | 0x0055D328 | 0x001C56C8 | 0x001C3EC8 | 0x00000286 |
| Process32NextW | - | 0x0055D32C | 0x001C56CC | 0x001C3ECC | 0x00000442 |
| Process32FirstW | - | 0x0055D330 | 0x001C56D0 | 0x001C3ED0 | 0x00000440 |
| CreateToolhelp32Snapshot | - | 0x0055D334 | 0x001C56D4 | 0x001C3ED4 | 0x00000105 |
| GetProcessTimes | - | 0x0055D338 | 0x001C56D8 | 0x001C3ED8 | 0x000002CE |
| WideCharToMultiByte | - | 0x0055D33C | 0x001C56DC | 0x001C3EDC | 0x00000618 |
| TerminateProcess | - | 0x0055D340 | 0x001C56E0 | 0x001C3EE0 | 0x000005A6 |
| CloseHandle | - | 0x0055D344 | 0x001C56E4 | 0x001C3EE4 | 0x0000008E |
| OpenProcess | - | 0x0055D348 | 0x001C56E8 | 0x001C3EE8 | 0x00000421 |
| GetLastError | - | 0x0055D34C | 0x001C56EC | 0x001C3EEC | 0x0000026E |
| Sleep | - | 0x0055D350 | 0x001C56F0 | 0x001C3EF0 | 0x00000597 |
| GetTickCount64 | - | 0x0055D354 | 0x001C56F4 | 0x001C3EF4 | 0x0000031D |
| SystemTimeToTzSpecificLocalTime | - | 0x0055D358 | 0x001C56F8 | 0x001C3EF8 | 0x000005A3 |
| GetConsoleMode | - | 0x0055D35C | 0x001C56FC | 0x001C3EFC | 0x00000208 |
| ReadConsoleW | - | 0x0055D360 | 0x001C5700 | 0x001C3F00 | 0x00000485 |
| GetConsoleOutputCP | - | 0x0055D364 | 0x001C5704 | 0x001C3F04 | 0x0000020C |
| LCMapStringW | - | 0x0055D368 | 0x001C5708 | 0x001C3F08 | 0x000003C7 |
| GetLocaleInfoW | - | 0x0055D36C | 0x001C570C | 0x001C3F0C | 0x00000272 |
| IsValidLocale | - | 0x0055D370 | 0x001C5710 | 0x001C3F10 | 0x000003A3 |
| GetUserDefaultLCID | - | 0x0055D374 | 0x001C5714 | 0x001C3F14 | 0x00000327 |
| EnumSystemLocalesW | - | 0x0055D378 | 0x001C5718 | 0x001C3F18 | 0x00000160 |
| GetTimeZoneInformation | - | 0x0055D37C | 0x001C571C | 0x001C3F1C | 0x00000323 |
| IsValidCodePage | - | 0x0055D380 | 0x001C5720 | 0x001C3F20 | 0x000003A1 |
| GetACP | - | 0x0055D384 | 0x001C5724 | 0x001C3F24 | 0x000001BE |
| GetOEMCP | - | 0x0055D388 | 0x001C5728 | 0x001C3F28 | 0x000002A6 |
| GetCommandLineA | - | 0x0055D38C | 0x001C572C | 0x001C3F2C | 0x000001E2 |
| GetFileType | - | 0x0055D390 | 0x001C5730 | 0x001C3F30 | 0x0000025B |
| ExitProcess | - | 0x0055D394 | 0x001C5734 | 0x001C3F34 | 0x0000016A |
| GetStdHandle | - | 0x0055D398 | 0x001C5738 | 0x001C3F38 | 0x000002E3 |
| FreeLibraryAndExitThread | - | 0x0055D39C | 0x001C573C | 0x001C3F3C | 0x000001B8 |
| ExitThread | - | 0x0055D3A0 | 0x001C5740 | 0x001C3F40 | 0x0000016B |
| GetEnvironmentStringsW | - | 0x0055D3A4 | 0x001C5744 | 0x001C3F44 | 0x00000244 |
| FreeEnvironmentStringsW | - | 0x0055D3A8 | 0x001C5748 | 0x001C3F48 | 0x000001B6 |
| SetStdHandle | - | 0x0055D3AC | 0x001C574C | 0x001C3F4C | 0x00000563 |
| WriteConsoleW | - | 0x0055D3B0 | 0x001C5750 | 0x001C3F50 | 0x0000062B |
| GetStringTypeW | - | 0x0055D3B4 | 0x001C5754 | 0x001C3F54 | 0x000002E8 |
| CreateThread | - | 0x0055D3B8 | 0x001C5758 | 0x001C3F58 | 0x000000FC |
| InterlockedPushEntrySList | - | 0x0055D3BC | 0x001C575C | 0x001C3F5C | 0x00000384 |
| GetStartupInfoW | - | 0x0055D3C0 | 0x001C5760 | 0x001C3F60 | 0x000002E1 |
| SetUnhandledExceptionFilter | - | 0x0055D3C4 | 0x001C5764 | 0x001C3F64 | 0x00000587 |
| UnhandledExceptionFilter | - | 0x0055D3C8 | 0x001C5768 | 0x001C3F68 | 0x000005C7 |
| InitializeSListHead | - | 0x0055D3CC | 0x001C576C | 0x001C3F6C | 0x00000378 |
| IsDebuggerPresent | - | 0x0055D3D0 | 0x001C5770 | 0x001C3F70 | 0x00000394 |
| GetCPInfo | - | 0x0055D3D4 | 0x001C5774 | 0x001C3F74 | 0x000001CD |
| LCMapStringEx | - | 0x0055D3D8 | 0x001C5778 | 0x001C3F78 | 0x000003C6 |
| EncodePointer | - | 0x0055D3DC | 0x001C577C | 0x001C3F7C | 0x00000139 |
| GetLocaleInfoEx | - | 0x0055D3E0 | 0x001C5780 | 0x001C3F80 | 0x00000271 |
| WaitForSingleObjectEx | - | 0x0055D3E4 | 0x001C5784 | 0x001C3F84 | 0x000005F2 |
| CloseThreadpoolWork | - | 0x0055D3E8 | 0x001C5788 | 0x001C3F88 | 0x0000009A |
| SubmitThreadpoolWork | - | 0x0055D3EC | 0x001C578C | 0x001C3F8C | 0x0000059E |
| CreateThreadpoolWork | - | 0x0055D3F0 | 0x001C5790 | 0x001C3F90 | 0x00000102 |
| FreeLibraryWhenCallbackReturns | - | 0x0055D3F4 | 0x001C5794 | 0x001C3F94 | 0x000001B9 |
| InitOnceComplete | - | 0x0055D3F8 | 0x001C5798 | 0x001C3F98 | 0x0000036D |
| InitOnceBeginInitialize | - | 0x0055D3FC | 0x001C579C | 0x001C3F9C | 0x0000036C |
| IsProcessorFeaturePresent | - | 0x0055D400 | 0x001C57A0 | 0x001C3FA0 | 0x0000039B |
| SleepConditionVariableSRW | - | 0x0055D404 | 0x001C57A4 | 0x001C3FA4 | 0x00000599 |
| WakeAllConditionVariable | - | 0x0055D408 | 0x001C57A8 | 0x001C3FA8 | 0x000005F9 |
| FindFirstFileExW | - | 0x0055D40C | 0x001C57AC | 0x001C3FAC | 0x00000187 |
USER32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| LoadStringW | - | 0x0055D43C | 0x001C57DC | 0x001C3FDC | 0x00000263 |
| GetClassInfoExW | - | 0x0055D440 | 0x001C57E0 | 0x001C3FE0 | 0x0000012A |
| RegisterClassExW | - | 0x0055D444 | 0x001C57E4 | 0x001C3FE4 | 0x000002DA |
ADVAPI32.dll (42)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| FreeSid | - | 0x0055D000 | 0x001C53A0 | 0x001C3BA0 | 0x00000134 |
| OpenServiceW | - | 0x0055D004 | 0x001C53A4 | 0x001C3BA4 | 0x00000226 |
| QueryServiceStatusEx | - | 0x0055D008 | 0x001C53A8 | 0x001C3BA8 | 0x0000025E |
| CloseServiceHandle | - | 0x0055D00C | 0x001C53AC | 0x001C3BAC | 0x00000065 |
| ConvertStringSecurityDescriptorToSecurityDescriptorW | - | 0x0055D010 | 0x001C53B0 | 0x001C3BB0 | 0x00000081 |
| RegCreateKeyExW | - | 0x0055D014 | 0x001C53B4 | 0x001C3BB4 | 0x00000271 |
| RegSetValueExW | - | 0x0055D018 | 0x001C53B8 | 0x001C3BB8 | 0x000002B6 |
| RegCloseKey | - | 0x0055D01C | 0x001C53BC | 0x001C3BBC | 0x00000268 |
| QueryServiceStatus | - | 0x0055D020 | 0x001C53C0 | 0x001C3BC0 | 0x0000025D |
| SystemFunction036 | - | 0x0055D024 | 0x001C53C4 | 0x001C3BC4 | 0x00000330 |
| RegQueryValueExA | - | 0x0055D028 | 0x001C53C8 | 0x001C3BC8 | 0x000002A5 |
| RegOpenKeyExA | - | 0x0055D02C | 0x001C53CC | 0x001C3BCC | 0x00000298 |
| RegEnumKeyExA | - | 0x0055D030 | 0x001C53D0 | 0x001C3BD0 | 0x00000286 |
| CryptDestroyHash | - | 0x0055D034 | 0x001C53D4 | 0x001C3BD4 | 0x000000C7 |
| CryptHashData | - | 0x0055D038 | 0x001C53D8 | 0x001C3BD8 | 0x000000D9 |
| CryptCreateHash | - | 0x0055D03C | 0x001C53DC | 0x001C3BDC | 0x000000C4 |
| CryptGetHashParam | - | 0x0055D040 | 0x001C53E0 | 0x001C3BE0 | 0x000000D5 |
| CryptAcquireContextA | - | 0x0055D044 | 0x001C53E4 | 0x001C3BE4 | 0x000000C1 |
| CryptReleaseContext | - | 0x0055D048 | 0x001C53E8 | 0x001C3BE8 | 0x000000DC |
| CryptGenRandom | - | 0x0055D04C | 0x001C53EC | 0x001C3BEC | 0x000000D2 |
| CryptAcquireContextW | - | 0x0055D050 | 0x001C53F0 | 0x001C3BF0 | 0x000000C2 |
| RegDeleteTreeW | - | 0x0055D054 | 0x001C53F4 | 0x001C3BF4 | 0x0000027E |
| RegDeleteKeyExW | - | 0x0055D058 | 0x001C53F8 | 0x001C3BF8 | 0x00000277 |
| RegEnumKeyW | - | 0x0055D05C | 0x001C53FC | 0x001C3BFC | 0x00000288 |
| RegQueryInfoKeyW | - | 0x0055D060 | 0x001C5400 | 0x001C3C00 | 0x000002A0 |
| RegDeleteValueW | - | 0x0055D064 | 0x001C5404 | 0x001C3C04 | 0x00000280 |
| RegQueryValueExW | - | 0x0055D068 | 0x001C5408 | 0x001C3C08 | 0x000002A6 |
| RegOpenKeyExW | - | 0x0055D06C | 0x001C540C | 0x001C3C0C | 0x00000299 |
| ConvertStringSidToSidW | - | 0x0055D070 | 0x001C5410 | 0x001C3C10 | 0x00000083 |
| OpenSCManagerW | - | 0x0055D074 | 0x001C5414 | 0x001C3C14 | 0x00000224 |
| EqualSid | - | 0x0055D078 | 0x001C5418 | 0x001C3C18 | 0x0000011A |
| LookupAccountSidW | - | 0x0055D07C | 0x001C541C | 0x001C3C1C | 0x000001A9 |
| AllocateAndInitializeSid | - | 0x0055D080 | 0x001C5420 | 0x001C3C20 | 0x00000020 |
| RevertToSelf | - | 0x0055D084 | 0x001C5424 | 0x001C3C24 | 0x000002CE |
| ImpersonateSelf | - | 0x0055D088 | 0x001C5428 | 0x001C3C28 | 0x0000018D |
| AdjustTokenPrivileges | - | 0x0055D08C | 0x001C542C | 0x001C3C2C | 0x0000001F |
| LookupPrivilegeValueW | - | 0x0055D090 | 0x001C5430 | 0x001C3C30 | 0x000001AF |
| OpenThreadToken | - | 0x0055D094 | 0x001C5434 | 0x001C3C34 | 0x00000227 |
| GetTokenInformation | - | 0x0055D098 | 0x001C5438 | 0x001C3C38 | 0x00000170 |
| OpenProcessToken | - | 0x0055D09C | 0x001C543C | 0x001C3C3C | 0x00000222 |
| StartServiceW | - | 0x0055D0A0 | 0x001C5440 | 0x001C3C40 | 0x00000308 |
| ControlService | - | 0x0055D0A4 | 0x001C5444 | 0x001C3C44 | 0x0000006A |
ole32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CoInitializeEx | - | 0x0055D50C | 0x001C58AC | 0x001C40AC | 0x0000005E |
| CoUninitialize | - | 0x0055D510 | 0x001C58B0 | 0x001C40B0 | 0x0000008E |
| CoCreateInstance | - | 0x0055D514 | 0x001C58B4 | 0x001C40B4 | 0x00000028 |
OLEAUT32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| VariantClear | 0x00000009 | 0x0055D414 | 0x001C57B4 | 0x001C3FB4 | - |
| VariantInit | 0x00000008 | 0x0055D418 | 0x001C57B8 | 0x001C3FB8 | - |
| SysAllocString | 0x00000002 | 0x0055D41C | 0x001C57BC | 0x001C3FBC | - |
| SysFreeString | 0x00000006 | 0x0055D420 | 0x001C57C0 | 0x001C3FC0 | - |
bcrypt.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| BCryptGenRandom | - | 0x0055D4E4 | 0x001C5884 | 0x001C4084 | 0x0000001D |
WS2_32.dll (31)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| gethostname | 0x00000039 | 0x0055D464 | 0x001C5804 | 0x001C4004 | - |
| ioctlsocket | 0x0000000A | 0x0055D468 | 0x001C5808 | 0x001C4008 | - |
| recv | 0x00000010 | 0x0055D46C | 0x001C580C | 0x001C400C | - |
| getsockname | 0x00000006 | 0x0055D470 | 0x001C5810 | 0x001C4010 | - |
| getpeername | 0x00000005 | 0x0055D474 | 0x001C5814 | 0x001C4014 | - |
| recvfrom | 0x00000011 | 0x0055D478 | 0x001C5818 | 0x001C4018 | - |
| bind | 0x00000002 | 0x0055D47C | 0x001C581C | 0x001C401C | - |
| htonl | 0x00000008 | 0x0055D480 | 0x001C5820 | 0x001C4020 | - |
| WSAGetLastError | 0x0000006F | 0x0055D484 | 0x001C5824 | 0x001C4024 | - |
| select | 0x00000012 | 0x0055D488 | 0x001C5828 | 0x001C4028 | - |
| __WSAFDIsSet | 0x00000097 | 0x0055D48C | 0x001C582C | 0x001C402C | - |
| connect | 0x00000004 | 0x0055D490 | 0x001C5830 | 0x001C4030 | - |
| socket | 0x00000017 | 0x0055D494 | 0x001C5834 | 0x001C4034 | - |
| htons | 0x00000009 | 0x0055D498 | 0x001C5838 | 0x001C4038 | - |
| closesocket | 0x00000003 | 0x0055D49C | 0x001C583C | 0x001C403C | - |
| WSACleanup | 0x00000074 | 0x0055D4A0 | 0x001C5840 | 0x001C4040 | - |
| WSAStartup | 0x00000073 | 0x0055D4A4 | 0x001C5844 | 0x001C4044 | - |
| WSASetLastError | 0x00000070 | 0x0055D4A8 | 0x001C5848 | 0x001C4048 | - |
| ntohs | 0x0000000F | 0x0055D4AC | 0x001C584C | 0x001C404C | - |
| ntohl | 0x0000000E | 0x0055D4B0 | 0x001C5850 | 0x001C4050 | - |
| WSAWaitForMultipleEvents | - | 0x0055D4B4 | 0x001C5854 | 0x001C4054 | 0x0000005E |
| WSAResetEvent | - | 0x0055D4B8 | 0x001C5858 | 0x001C4058 | 0x0000004D |
| WSAEventSelect | - | 0x0055D4BC | 0x001C585C | 0x001C405C | 0x0000002F |
| WSAEnumNetworkEvents | - | 0x0055D4C0 | 0x001C5860 | 0x001C4060 | 0x0000002C |
| WSACreateEvent | - | 0x0055D4C4 | 0x001C5864 | 0x001C4064 | 0x00000025 |
| WSACloseEvent | - | 0x0055D4C8 | 0x001C5868 | 0x001C4068 | 0x00000020 |
| send | 0x00000013 | 0x0055D4CC | 0x001C586C | 0x001C406C | - |
| getsockopt | 0x00000007 | 0x0055D4D0 | 0x001C5870 | 0x001C4070 | - |
| getservbyname | 0x00000037 | 0x0055D4D4 | 0x001C5874 | 0x001C4074 | - |
| setsockopt | 0x00000015 | 0x0055D4D8 | 0x001C5878 | 0x001C4078 | - |
| WSAIoctl | - | 0x0055D4DC | 0x001C587C | 0x001C407C | 0x0000003B |
CRYPT32.dll (16)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CertAddCertificateContextToStore | - | 0x0055D0AC | 0x001C544C | 0x001C3C4C | 0x00000004 |
| CryptDecodeObjectEx | - | 0x0055D0B0 | 0x001C5450 | 0x001C3C50 | 0x00000085 |
| PFXImportCertStore | - | 0x0055D0B4 | 0x001C5454 | 0x001C3C54 | 0x0000012A |
| CryptStringToBinaryA | - | 0x0055D0B8 | 0x001C5458 | 0x001C3C58 | 0x000000E3 |
| CertFreeCertificateContext | - | 0x0055D0BC | 0x001C545C | 0x001C3C5C | 0x00000040 |
| CertFindCertificateInStore | - | 0x0055D0C0 | 0x001C5460 | 0x001C3C60 | 0x00000035 |
| CertEnumCertificatesInStore | - | 0x0055D0C4 | 0x001C5464 | 0x001C3C64 | 0x0000002C |
| CertCloseStore | - | 0x0055D0C8 | 0x001C5468 | 0x001C3C68 | 0x00000012 |
| CertFindExtension | - | 0x0055D0CC | 0x001C546C | 0x001C3C6C | 0x00000037 |
| CertGetNameStringA | - | 0x0055D0D0 | 0x001C5470 | 0x001C3C70 | 0x0000004A |
| CryptQueryObject | - | 0x0055D0D4 | 0x001C5474 | 0x001C3C74 | 0x000000C8 |
| CertCreateCertificateChainEngine | - | 0x0055D0D8 | 0x001C5478 | 0x001C3C78 | 0x0000001B |
| CertFreeCertificateChainEngine | - | 0x0055D0DC | 0x001C547C | 0x001C3C7C | 0x0000003E |
| CertGetCertificateChain | - | 0x0055D0E0 | 0x001C5480 | 0x001C3C80 | 0x00000045 |
| CertFreeCertificateChain | - | 0x0055D0E4 | 0x001C5484 | 0x001C3C84 | 0x0000003D |
| CertOpenStore | - | 0x0055D0E8 | 0x001C5488 | 0x001C3C88 | 0x00000059 |
WINHTTP.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WinHttpCrackUrl | - | 0x0055D45C | 0x001C57FC | 0x001C3FFC | 0x00000015 |
IPHLPAPI.DLL (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetAdaptersAddresses | - | 0x0055D0F0 | 0x001C5490 | 0x001C3C90 | 0x00000043 |
| GetUnicastIpAddressTable | - | 0x0055D0F4 | 0x001C5494 | 0x001C3C94 | 0x00000095 |
| FreeMibTable | - | 0x0055D0F8 | 0x001C5498 | 0x001C3C98 | 0x00000040 |
| GetBestRoute2 | - | 0x0055D0FC | 0x001C549C | 0x001C3C9C | 0x0000004A |
SHLWAPI.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| PathMatchSpecW | - | 0x0055D434 | 0x001C57D4 | 0x001C3FD4 | 0x0000007F |
Exports (4)
»
| API Name | EAT Address | Ordinal |
|---|---|---|
| asw_process_storage_allocate_connector | 0x00089FD0 | 0x00000001 |
| asw_process_storage_deallocate_connector | 0x00089FF0 | 0x00000002 |
| on_avast_dll_unload | 0x0007D720 | 0x00000003 |
| onexit_register_connector_avast_2 | 0x00089E50 | 0x00000004 |
Memory Dumps (4)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| vofpw7v8txruevii.exe | 1 | 0x00400000 | 0x00940FFF | Relevant Image |
|
32-bit | 0x0051C59B |
|
...
|
| buffer | 1 | 0x068F0000 | 0x06C20FFF | Image In Buffer |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x08C10000 | 0x08F2DFFF | Image In Buffer |
|
32-bit | - |
|
...
|
| vofpw7v8txruevii.exe | 1 | 0x00400000 | 0x00940FFF | Process Termination |
|
32-bit | - |
|
...
|
| 912331e7c520c1f90d66b6aaec12581b61834a95133d2132b2aee45556e0bc7c | Extracted File | Image |
Clean
Known to be clean.
|
...
|
»
| Parent File | C:\Users\RDhJ0CNFevzX\Desktop\VOfpw7V8TXrUEViI.exe |
| MIME Type | image/png |
| File Size | 77.75 KB |
| MD5 |
c4990ab3f5813f0768fd4be461322d73
|
| SHA1 |
731df868b5a4b02ba48edf9afd0acbf533c3c35b
|
| SHA256 |
912331e7c520c1f90d66b6aaec12581b61834a95133d2132b2aee45556e0bc7c
|
| SSDeep |
1536:U9FVBJAmOt9J+FjmLH4jgA4T6Bec0ixFElCDd1ubD3Tz11DNSaib2N0Qj5JcPhx:8VB+mO1emLHhA46Xvx2CxwbD30aq2P52
|
| ImpHash | - |
File Reputation Information
»
| Verdict |
Clean
Known to be clean.
|
