Try VMRay Platform
Malicious
Classifications

Backdoor

Threat Names

Remcos

Dynamic Analysis Report

Created on 2024-06-11T17:43:42+00:00

8dfe6fc90d64b011ec4043c39c56d303.iso

Windows Exe (x86-32)
...

Remarks (1/1)

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
File Name Category Type Verdict Actions
D:\QUOTATION#003438.exe Sample File Binary
Malicious
...
»
Also Known As C:\Users\RDhJ0CNFevzX\AppData\Local\directory\name.exe (Accessed File)
Parent File C:\Users\RDhJ0CNFevzX\8dfe6fc90d64b011ec4043c39c56d303.iso
MIME Type application/vnd.microsoft.portable-executable
File Size 1.35 MB
MD5 a50db44605501620080f4e65ed073fe8 Copy to Clipboard
SHA1 0db5312ae1bb7521eaa84b246a6f8503a51b6c0c Copy to Clipboard
SHA256 d99f6bc2d98e8c03c417da7cabca5c4ea7eb747182cf89cb0c57778057811ea9 Copy to Clipboard
SSDeep 24576:LAHnh+eWsN3skA4RV1Hom2KXMmHaVsKV++UxG3RNgoSHnUOSFopK5:mh+ZkldoPK8YaVsKVxDao4UV Copy to Clipboard
ImpHash afcdf79be1557326c854b6e20cb900a7 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
PE Information
»
Image Base 0x00400000
Entry Point 0x0042800A
Size Of Code 0x0008E000
Size Of Initialized Data 0x000CC400
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2024-06-11 16:54 (UTC+2)
Version Information (1)
»
FileVersion 2.6.4.7
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x0008DFDD 0x0008E000 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.68
.rdata 0x0048F000 0x0002FD8E 0x0002FE00 0x0008E400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.76
.data 0x004BF000 0x00008F74 0x00005200 0x000BE200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 1.2
.rsrc 0x004C8000 0x0009010C 0x00090200 0x000C3400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.79
.reloc 0x00559000 0x00007134 0x00007200 0x00153600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.78
Imports (18)
»
WSOCK32.dll (23)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WSACleanup 0x00000074 0x0048F7C8 0x000BCA10 0x000BBE10 -
socket 0x00000017 0x0048F7CC 0x000BCA14 0x000BBE14 -
inet_ntoa 0x0000000C 0x0048F7D0 0x000BCA18 0x000BBE18 -
setsockopt 0x00000015 0x0048F7D4 0x000BCA1C 0x000BBE1C -
ntohs 0x0000000F 0x0048F7D8 0x000BCA20 0x000BBE20 -
recvfrom 0x00000011 0x0048F7DC 0x000BCA24 0x000BBE24 -
ioctlsocket 0x0000000A 0x0048F7E0 0x000BCA28 0x000BBE28 -
htons 0x00000009 0x0048F7E4 0x000BCA2C 0x000BBE2C -
WSAStartup 0x00000073 0x0048F7E8 0x000BCA30 0x000BBE30 -
__WSAFDIsSet 0x00000097 0x0048F7EC 0x000BCA34 0x000BBE34 -
select 0x00000012 0x0048F7F0 0x000BCA38 0x000BBE38 -
accept 0x00000001 0x0048F7F4 0x000BCA3C 0x000BBE3C -
listen 0x0000000D 0x0048F7F8 0x000BCA40 0x000BBE40 -
bind 0x00000002 0x0048F7FC 0x000BCA44 0x000BBE44 -
closesocket 0x00000003 0x0048F800 0x000BCA48 0x000BBE48 -
WSAGetLastError 0x0000006F 0x0048F804 0x000BCA4C 0x000BBE4C -
recv 0x00000010 0x0048F808 0x000BCA50 0x000BBE50 -
sendto 0x00000014 0x0048F80C 0x000BCA54 0x000BBE54 -
send 0x00000013 0x0048F810 0x000BCA58 0x000BBE58 -
inet_addr 0x0000000B 0x0048F814 0x000BCA5C 0x000BBE5C -
gethostbyname 0x00000034 0x0048F818 0x000BCA60 0x000BBE60 -
gethostname 0x00000039 0x0048F81C 0x000BCA64 0x000BBE64 -
connect 0x00000004 0x0048F820 0x000BCA68 0x000BBE68 -
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoW - 0x0048F76C 0x000BC9B4 0x000BBDB4 0x00000006
GetFileVersionInfoSizeW - 0x0048F770 0x000BC9B8 0x000BBDB8 0x00000005
VerQueryValueW - 0x0048F774 0x000BC9BC 0x000BBDBC 0x0000000E
WINMM.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
timeGetTime - 0x0048F7B8 0x000BCA00 0x000BBE00 0x00000094
waveOutSetVolume - 0x0048F7BC 0x000BCA04 0x000BBE04 0x000000BB
mciSendStringW - 0x0048F7C0 0x000BCA08 0x000BBE08 0x00000032
COMCTL32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_ReplaceIcon - 0x0048F088 0x000BC2D0 0x000BB6D0 0x0000006F
ImageList_Destroy - 0x0048F08C 0x000BC2D4 0x000BB6D4 0x00000054
ImageList_Remove - 0x0048F090 0x000BC2D8 0x000BB6D8 0x0000006D
ImageList_SetDragCursorImage - 0x0048F094 0x000BC2DC 0x000BB6DC 0x00000072
ImageList_BeginDrag - 0x0048F098 0x000BC2E0 0x000BB6E0 0x00000050
ImageList_DragEnter - 0x0048F09C 0x000BC2E4 0x000BB6E4 0x00000056
ImageList_DragLeave - 0x0048F0A0 0x000BC2E8 0x000BB6E8 0x00000057
ImageList_EndDrag - 0x0048F0A4 0x000BC2EC 0x000BB6EC 0x0000005E
ImageList_DragMove - 0x0048F0A8 0x000BC2F0 0x000BB6F0 0x00000058
InitCommonControlsEx - 0x0048F0AC 0x000BC2F4 0x000BB6F4 0x0000007B
ImageList_Create - 0x0048F0B0 0x000BC2F8 0x000BB6F8 0x00000053
MPR.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WNetUseConnectionW - 0x0048F3F8 0x000BC640 0x000BBA40 0x00000049
WNetCancelConnection2W - 0x0048F3FC 0x000BC644 0x000BBA44 0x0000000C
WNetGetConnectionW - 0x0048F400 0x000BC648 0x000BBA48 0x00000024
WNetAddConnection2W - 0x0048F404 0x000BC64C 0x000BBA4C 0x00000006
WININET.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InternetQueryDataAvailable - 0x0048F77C 0x000BC9C4 0x000BBDC4 0x0000009B
InternetCloseHandle - 0x0048F780 0x000BC9C8 0x000BBDC8 0x0000006B
InternetOpenW - 0x0048F784 0x000BC9CC 0x000BBDCC 0x0000009A
InternetSetOptionW - 0x0048F788 0x000BC9D0 0x000BBDD0 0x000000AF
InternetCrackUrlW - 0x0048F78C 0x000BC9D4 0x000BBDD4 0x00000074
HttpQueryInfoW - 0x0048F790 0x000BC9D8 0x000BBDD8 0x0000005A
InternetQueryOptionW - 0x0048F794 0x000BC9DC 0x000BBDDC 0x0000009E
HttpOpenRequestW - 0x0048F798 0x000BC9E0 0x000BBDE0 0x00000058
HttpSendRequestW - 0x0048F79C 0x000BC9E4 0x000BBDE4 0x0000005E
FtpOpenFileW - 0x0048F7A0 0x000BC9E8 0x000BBDE8 0x00000035
FtpGetFileSize - 0x0048F7A4 0x000BC9EC 0x000BBDEC 0x00000032
InternetOpenUrlW - 0x0048F7A8 0x000BC9F0 0x000BBDF0 0x00000099
InternetReadFile - 0x0048F7AC 0x000BC9F4 0x000BBDF4 0x0000009F
InternetConnectW - 0x0048F7B0 0x000BC9F8 0x000BBDF8 0x00000072
PSAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetProcessMemoryInfo - 0x0048F484 0x000BC6CC 0x000BBACC 0x00000015
IPHLPAPI.DLL (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IcmpCreateFile - 0x0048F154 0x000BC39C 0x000BB79C 0x00000085
IcmpCloseHandle - 0x0048F158 0x000BC3A0 0x000BB7A0 0x00000084
IcmpSendEcho - 0x0048F15C 0x000BC3A4 0x000BB7A4 0x00000087
USERENV.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DestroyEnvironmentBlock - 0x0048F750 0x000BC998 0x000BBD98 0x00000004
UnloadUserProfile - 0x0048F754 0x000BC99C 0x000BBD9C 0x0000002C
CreateEnvironmentBlock - 0x0048F758 0x000BC9A0 0x000BBDA0 0x00000000
LoadUserProfileW - 0x0048F75C 0x000BC9A4 0x000BBDA4 0x00000021
UxTheme.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IsThemeActive - 0x0048F764 0x000BC9AC 0x000BBDAC 0x0000003F
KERNEL32.dll (164)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DuplicateHandle - 0x0048F164 0x000BC3AC 0x000BB7AC 0x000000E8
CreateThread - 0x0048F168 0x000BC3B0 0x000BB7B0 0x000000B5
WaitForSingleObject - 0x0048F16C 0x000BC3B4 0x000BB7B4 0x000004F9
HeapAlloc - 0x0048F170 0x000BC3B8 0x000BB7B8 0x000002CB
GetProcessHeap - 0x0048F174 0x000BC3BC 0x000BB7BC 0x0000024A
HeapFree - 0x0048F178 0x000BC3C0 0x000BB7C0 0x000002CF
Sleep - 0x0048F17C 0x000BC3C4 0x000BB7C4 0x000004B2
GetCurrentThreadId - 0x0048F180 0x000BC3C8 0x000BB7C8 0x000001C5
MultiByteToWideChar - 0x0048F184 0x000BC3CC 0x000BB7CC 0x00000367
MulDiv - 0x0048F188 0x000BC3D0 0x000BB7D0 0x00000366
GetVersionExW - 0x0048F18C 0x000BC3D4 0x000BB7D4 0x000002A4
IsWow64Process - 0x0048F190 0x000BC3D8 0x000BB7D8 0x0000030E
GetSystemInfo - 0x0048F194 0x000BC3DC 0x000BB7DC 0x00000273
FreeLibrary - 0x0048F198 0x000BC3E0 0x000BB7E0 0x00000162
LoadLibraryA - 0x0048F19C 0x000BC3E4 0x000BB7E4 0x0000033C
GetProcAddress - 0x0048F1A0 0x000BC3E8 0x000BB7E8 0x00000245
SetErrorMode - 0x0048F1A4 0x000BC3EC 0x000BB7EC 0x00000458
GetModuleFileNameW - 0x0048F1A8 0x000BC3F0 0x000BB7F0 0x00000214
WideCharToMultiByte - 0x0048F1AC 0x000BC3F4 0x000BB7F4 0x00000511
lstrcpyW - 0x0048F1B0 0x000BC3F8 0x000BB7F8 0x00000548
lstrlenW - 0x0048F1B4 0x000BC3FC 0x000BB7FC 0x0000054E
GetModuleHandleW - 0x0048F1B8 0x000BC400 0x000BB800 0x00000218
QueryPerformanceCounter - 0x0048F1BC 0x000BC404 0x000BB804 0x000003A7
VirtualFreeEx - 0x0048F1C0 0x000BC408 0x000BB808 0x000004ED
OpenProcess - 0x0048F1C4 0x000BC40C 0x000BB80C 0x00000380
VirtualAllocEx - 0x0048F1C8 0x000BC410 0x000BB810 0x000004EA
WriteProcessMemory - 0x0048F1CC 0x000BC414 0x000BB814 0x0000052E
ReadProcessMemory - 0x0048F1D0 0x000BC418 0x000BB818 0x000003C3
CreateFileW - 0x0048F1D4 0x000BC41C 0x000BB81C 0x0000008F
SetFilePointerEx - 0x0048F1D8 0x000BC420 0x000BB820 0x00000467
SetEndOfFile - 0x0048F1DC 0x000BC424 0x000BB824 0x00000453
ReadFile - 0x0048F1E0 0x000BC428 0x000BB828 0x000003C0
WriteFile - 0x0048F1E4 0x000BC42C 0x000BB82C 0x00000525
FlushFileBuffers - 0x0048F1E8 0x000BC430 0x000BB830 0x00000157
TerminateProcess - 0x0048F1EC 0x000BC434 0x000BB834 0x000004C0
CreateToolhelp32Snapshot - 0x0048F1F0 0x000BC438 0x000BB838 0x000000BE
Process32FirstW - 0x0048F1F4 0x000BC43C 0x000BB83C 0x00000396
Process32NextW - 0x0048F1F8 0x000BC440 0x000BB840 0x00000398
SetFileTime - 0x0048F1FC 0x000BC444 0x000BB844 0x0000046A
GetFileAttributesW - 0x0048F200 0x000BC448 0x000BB848 0x000001EA
FindFirstFileW - 0x0048F204 0x000BC44C 0x000BB84C 0x00000139
SetCurrentDirectoryW - 0x0048F208 0x000BC450 0x000BB850 0x0000044D
GetLongPathNameW - 0x0048F20C 0x000BC454 0x000BB854 0x0000020F
GetShortPathNameW - 0x0048F210 0x000BC458 0x000BB858 0x00000261
DeleteFileW - 0x0048F214 0x000BC45C 0x000BB85C 0x000000D6
FindNextFileW - 0x0048F218 0x000BC460 0x000BB860 0x00000145
CopyFileExW - 0x0048F21C 0x000BC464 0x000BB864 0x00000072
MoveFileW - 0x0048F220 0x000BC468 0x000BB868 0x00000363
CreateDirectoryW - 0x0048F224 0x000BC46C 0x000BB86C 0x00000081
RemoveDirectoryW - 0x0048F228 0x000BC470 0x000BB870 0x00000403
SetSystemPowerState - 0x0048F22C 0x000BC474 0x000BB874 0x0000048A
QueryPerformanceFrequency - 0x0048F230 0x000BC478 0x000BB878 0x000003A8
FindResourceW - 0x0048F234 0x000BC47C 0x000BB87C 0x0000014E
LoadResource - 0x0048F238 0x000BC480 0x000BB880 0x00000341
LockResource - 0x0048F23C 0x000BC484 0x000BB884 0x00000354
SizeofResource - 0x0048F240 0x000BC488 0x000BB888 0x000004B1
EnumResourceNamesW - 0x0048F244 0x000BC48C 0x000BB88C 0x00000102
OutputDebugStringW - 0x0048F248 0x000BC490 0x000BB890 0x0000038A
GetTempPathW - 0x0048F24C 0x000BC494 0x000BB894 0x00000285
GetTempFileNameW - 0x0048F250 0x000BC498 0x000BB898 0x00000283
DeviceIoControl - 0x0048F254 0x000BC49C 0x000BB89C 0x000000DD
GetLocalTime - 0x0048F258 0x000BC4A0 0x000BB8A0 0x00000203
CompareStringW - 0x0048F25C 0x000BC4A4 0x000BB8A4 0x00000064
GetCurrentProcess - 0x0048F260 0x000BC4A8 0x000BB8A8 0x000001C0
EnterCriticalSection - 0x0048F264 0x000BC4AC 0x000BB8AC 0x000000EE
LeaveCriticalSection - 0x0048F268 0x000BC4B0 0x000BB8B0 0x00000339
GetStdHandle - 0x0048F26C 0x000BC4B4 0x000BB8B4 0x00000264
CreatePipe - 0x0048F270 0x000BC4B8 0x000BB8B8 0x000000A1
InterlockedExchange - 0x0048F274 0x000BC4BC 0x000BB8BC 0x000002EC
TerminateThread - 0x0048F278 0x000BC4C0 0x000BB8C0 0x000004C1
LoadLibraryExW - 0x0048F27C 0x000BC4C4 0x000BB8C4 0x0000033E
FindResourceExW - 0x0048F280 0x000BC4C8 0x000BB8C8 0x0000014D
CopyFileW - 0x0048F284 0x000BC4CC 0x000BB8CC 0x00000075
VirtualFree - 0x0048F288 0x000BC4D0 0x000BB8D0 0x000004EC
FormatMessageW - 0x0048F28C 0x000BC4D4 0x000BB8D4 0x0000015E
GetExitCodeProcess - 0x0048F290 0x000BC4D8 0x000BB8D8 0x000001DF
GetPrivateProfileStringW - 0x0048F294 0x000BC4DC 0x000BB8DC 0x00000242
WritePrivateProfileStringW - 0x0048F298 0x000BC4E0 0x000BB8E0 0x0000052B
GetPrivateProfileSectionW - 0x0048F29C 0x000BC4E4 0x000BB8E4 0x00000240
WritePrivateProfileSectionW - 0x0048F2A0 0x000BC4E8 0x000BB8E8 0x00000529
GetPrivateProfileSectionNamesW - 0x0048F2A4 0x000BC4EC 0x000BB8EC 0x0000023F
FileTimeToLocalFileTime - 0x0048F2A8 0x000BC4F0 0x000BB8F0 0x00000124
FileTimeToSystemTime - 0x0048F2AC 0x000BC4F4 0x000BB8F4 0x00000125
SystemTimeToFileTime - 0x0048F2B0 0x000BC4F8 0x000BB8F8 0x000004BD
LocalFileTimeToFileTime - 0x0048F2B4 0x000BC4FC 0x000BB8FC 0x00000346
GetDriveTypeW - 0x0048F2B8 0x000BC500 0x000BB900 0x000001D3
GetDiskFreeSpaceExW - 0x0048F2BC 0x000BC504 0x000BB904 0x000001CE
GetDiskFreeSpaceW - 0x0048F2C0 0x000BC508 0x000BB908 0x000001CF
GetVolumeInformationW - 0x0048F2C4 0x000BC50C 0x000BB90C 0x000002A7
SetVolumeLabelW - 0x0048F2C8 0x000BC510 0x000BB910 0x000004A9
CreateHardLinkW - 0x0048F2CC 0x000BC514 0x000BB914 0x00000093
SetFileAttributesW - 0x0048F2D0 0x000BC518 0x000BB918 0x00000461
CreateEventW - 0x0048F2D4 0x000BC51C 0x000BB91C 0x00000085
SetEvent - 0x0048F2D8 0x000BC520 0x000BB920 0x00000459
GetEnvironmentVariableW - 0x0048F2DC 0x000BC524 0x000BB924 0x000001DC
SetEnvironmentVariableW - 0x0048F2E0 0x000BC528 0x000BB928 0x00000457
GlobalLock - 0x0048F2E4 0x000BC52C 0x000BB92C 0x000002BE
GlobalUnlock - 0x0048F2E8 0x000BC530 0x000BB930 0x000002C5
GlobalAlloc - 0x0048F2EC 0x000BC534 0x000BB934 0x000002B3
GetFileSize - 0x0048F2F0 0x000BC538 0x000BB938 0x000001F0
GlobalFree - 0x0048F2F4 0x000BC53C 0x000BB93C 0x000002BA
GlobalMemoryStatusEx - 0x0048F2F8 0x000BC540 0x000BB940 0x000002C0
Beep - 0x0048F2FC 0x000BC544 0x000BB944 0x00000036
GetSystemDirectoryW - 0x0048F300 0x000BC548 0x000BB948 0x00000270
HeapReAlloc - 0x0048F304 0x000BC54C 0x000BB94C 0x000002D2
HeapSize - 0x0048F308 0x000BC550 0x000BB950 0x000002D4
GetComputerNameW - 0x0048F30C 0x000BC554 0x000BB954 0x0000018F
GetWindowsDirectoryW - 0x0048F310 0x000BC558 0x000BB958 0x000002AF
GetCurrentProcessId - 0x0048F314 0x000BC55C 0x000BB95C 0x000001C1
GetProcessIoCounters - 0x0048F318 0x000BC560 0x000BB960 0x0000024E
CreateProcessW - 0x0048F31C 0x000BC564 0x000BB964 0x000000A8
GetProcessId - 0x0048F320 0x000BC568 0x000BB968 0x0000024C
SetPriorityClass - 0x0048F324 0x000BC56C 0x000BB96C 0x0000047D
LoadLibraryW - 0x0048F328 0x000BC570 0x000BB970 0x0000033F
VirtualAlloc - 0x0048F32C 0x000BC574 0x000BB974 0x000004E9
IsDebuggerPresent - 0x0048F330 0x000BC578 0x000BB978 0x00000300
GetCurrentDirectoryW - 0x0048F334 0x000BC57C 0x000BB97C 0x000001BF
lstrcmpiW - 0x0048F338 0x000BC580 0x000BB980 0x00000545
DecodePointer - 0x0048F33C 0x000BC584 0x000BB984 0x000000CA
GetLastError - 0x0048F340 0x000BC588 0x000BB988 0x00000202
RaiseException - 0x0048F344 0x000BC58C 0x000BB98C 0x000003B1
InitializeCriticalSectionAndSpinCount - 0x0048F348 0x000BC590 0x000BB990 0x000002E3
DeleteCriticalSection - 0x0048F34C 0x000BC594 0x000BB994 0x000000D1
InterlockedDecrement - 0x0048F350 0x000BC598 0x000BB998 0x000002EB
InterlockedIncrement - 0x0048F354 0x000BC59C 0x000BB99C 0x000002EF
GetCurrentThread - 0x0048F358 0x000BC5A0 0x000BB9A0 0x000001C4
CloseHandle - 0x0048F35C 0x000BC5A4 0x000BB9A4 0x00000052
GetFullPathNameW - 0x0048F360 0x000BC5A8 0x000BB9A8 0x000001FB
EncodePointer - 0x0048F364 0x000BC5AC 0x000BB9AC 0x000000EA
ExitProcess - 0x0048F368 0x000BC5B0 0x000BB9B0 0x00000119
GetModuleHandleExW - 0x0048F36C 0x000BC5B4 0x000BB9B4 0x00000217
ExitThread - 0x0048F370 0x000BC5B8 0x000BB9B8 0x0000011A
GetSystemTimeAsFileTime - 0x0048F374 0x000BC5BC 0x000BB9BC 0x00000279
ResumeThread - 0x0048F378 0x000BC5C0 0x000BB9C0 0x00000413
GetCommandLineW - 0x0048F37C 0x000BC5C4 0x000BB9C4 0x00000187
IsProcessorFeaturePresent - 0x0048F380 0x000BC5C8 0x000BB9C8 0x00000304
IsValidCodePage - 0x0048F384 0x000BC5CC 0x000BB9CC 0x0000030A
GetACP - 0x0048F388 0x000BC5D0 0x000BB9D0 0x00000168
GetOEMCP - 0x0048F38C 0x000BC5D4 0x000BB9D4 0x00000237
GetCPInfo - 0x0048F390 0x000BC5D8 0x000BB9D8 0x00000172
SetLastError - 0x0048F394 0x000BC5DC 0x000BB9DC 0x00000473
UnhandledExceptionFilter - 0x0048F398 0x000BC5E0 0x000BB9E0 0x000004D3
SetUnhandledExceptionFilter - 0x0048F39C 0x000BC5E4 0x000BB9E4 0x000004A5
TlsAlloc - 0x0048F3A0 0x000BC5E8 0x000BB9E8 0x000004C5
TlsGetValue - 0x0048F3A4 0x000BC5EC 0x000BB9EC 0x000004C7
TlsSetValue - 0x0048F3A8 0x000BC5F0 0x000BB9F0 0x000004C8
TlsFree - 0x0048F3AC 0x000BC5F4 0x000BB9F4 0x000004C6
GetStartupInfoW - 0x0048F3B0 0x000BC5F8 0x000BB9F8 0x00000263
GetStringTypeW - 0x0048F3B4 0x000BC5FC 0x000BB9FC 0x00000269
SetStdHandle - 0x0048F3B8 0x000BC600 0x000BBA00 0x00000487
GetFileType - 0x0048F3BC 0x000BC604 0x000BBA04 0x000001F3
GetConsoleCP - 0x0048F3C0 0x000BC608 0x000BBA08 0x0000019A
GetConsoleMode - 0x0048F3C4 0x000BC60C 0x000BBA0C 0x000001AC
RtlUnwind - 0x0048F3C8 0x000BC610 0x000BBA10 0x00000418
ReadConsoleW - 0x0048F3CC 0x000BC614 0x000BBA14 0x000003BE
GetTimeZoneInformation - 0x0048F3D0 0x000BC618 0x000BBA18 0x00000298
GetDateFormatW - 0x0048F3D4 0x000BC61C 0x000BBA1C 0x000001C8
GetTimeFormatW - 0x0048F3D8 0x000BC620 0x000BBA20 0x00000297
LCMapStringW - 0x0048F3DC 0x000BC624 0x000BBA24 0x0000032D
GetEnvironmentStringsW - 0x0048F3E0 0x000BC628 0x000BBA28 0x000001DA
FreeEnvironmentStringsW - 0x0048F3E4 0x000BC62C 0x000BBA2C 0x00000161
WriteConsoleW - 0x0048F3E8 0x000BC630 0x000BBA30 0x00000524
FindClose - 0x0048F3EC 0x000BC634 0x000BBA34 0x0000012E
SetEnvironmentVariableA - 0x0048F3F0 0x000BC638 0x000BBA38 0x00000456
USER32.dll (160)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AdjustWindowRectEx - 0x0048F4CC 0x000BC714 0x000BBB14 0x00000003
CopyImage - 0x0048F4D0 0x000BC718 0x000BBB18 0x00000054
SetWindowPos - 0x0048F4D4 0x000BC71C 0x000BBB1C 0x000002C6
GetCursorInfo - 0x0048F4D8 0x000BC720 0x000BBB20 0x0000011F
RegisterHotKey - 0x0048F4DC 0x000BC724 0x000BBB24 0x00000256
ClientToScreen - 0x0048F4E0 0x000BC728 0x000BBB28 0x00000047
GetKeyboardLayoutNameW - 0x0048F4E4 0x000BC72C 0x000BBB2C 0x00000141
IsCharAlphaW - 0x0048F4E8 0x000BC730 0x000BBB30 0x000001C4
IsCharAlphaNumericW - 0x0048F4EC 0x000BC734 0x000BBB34 0x000001C3
IsCharLowerW - 0x0048F4F0 0x000BC738 0x000BBB38 0x000001C6
IsCharUpperW - 0x0048F4F4 0x000BC73C 0x000BBB3C 0x000001C8
GetMenuStringW - 0x0048F4F8 0x000BC740 0x000BBB40 0x00000158
GetSubMenu - 0x0048F4FC 0x000BC744 0x000BBB44 0x0000017A
GetCaretPos - 0x0048F500 0x000BC748 0x000BBB48 0x0000010A
IsZoomed - 0x0048F504 0x000BC74C 0x000BBB4C 0x000001E2
MonitorFromPoint - 0x0048F508 0x000BC750 0x000BBB50 0x00000218
GetMonitorInfoW - 0x0048F50C 0x000BC754 0x000BBB54 0x0000015F
SetWindowLongW - 0x0048F510 0x000BC758 0x000BBB58 0x000002C4
SetLayeredWindowAttributes - 0x0048F514 0x000BC75C 0x000BBB5C 0x00000298
FlashWindow - 0x0048F518 0x000BC760 0x000BBB60 0x000000FB
GetClassLongW - 0x0048F51C 0x000BC764 0x000BBB64 0x00000110
TranslateAcceleratorW - 0x0048F520 0x000BC768 0x000BBB68 0x000002FA
IsDialogMessageW - 0x0048F524 0x000BC76C 0x000BBB6C 0x000001CD
GetSysColor - 0x0048F528 0x000BC770 0x000BBB70 0x0000017B
InflateRect - 0x0048F52C 0x000BC774 0x000BBB74 0x000001B5
DrawFocusRect - 0x0048F530 0x000BC778 0x000BBB78 0x000000C4
DrawTextW - 0x0048F534 0x000BC77C 0x000BBB7C 0x000000D0
FrameRect - 0x0048F538 0x000BC780 0x000BBB80 0x000000FD
DrawFrameControl - 0x0048F53C 0x000BC784 0x000BBB84 0x000000C6
FillRect - 0x0048F540 0x000BC788 0x000BBB88 0x000000F6
PtInRect - 0x0048F544 0x000BC78C 0x000BBB8C 0x00000240
DestroyAcceleratorTable - 0x0048F548 0x000BC790 0x000BBB90 0x000000A0
CreateAcceleratorTableW - 0x0048F54C 0x000BC794 0x000BBB94 0x00000058
SetCursor - 0x0048F550 0x000BC798 0x000BBB98 0x00000288
GetWindowDC - 0x0048F554 0x000BC79C 0x000BBB9C 0x00000192
GetSystemMetrics - 0x0048F558 0x000BC7A0 0x000BBBA0 0x0000017E
GetActiveWindow - 0x0048F55C 0x000BC7A4 0x000BBBA4 0x00000100
CharNextW - 0x0048F560 0x000BC7A8 0x000BBBA8 0x00000031
wsprintfW - 0x0048F564 0x000BC7AC 0x000BBBAC 0x00000333
RedrawWindow - 0x0048F568 0x000BC7B0 0x000BBBB0 0x0000024A
DrawMenuBar - 0x0048F56C 0x000BC7B4 0x000BBBB4 0x000000C9
DestroyMenu - 0x0048F570 0x000BC7B8 0x000BBBB8 0x000000A4
SetMenu - 0x0048F574 0x000BC7BC 0x000BBBBC 0x0000029C
GetWindowTextLengthW - 0x0048F578 0x000BC7C0 0x000BBBC0 0x000001A2
CreateMenu - 0x0048F57C 0x000BC7C4 0x000BBBC4 0x0000006A
IsDlgButtonChecked - 0x0048F580 0x000BC7C8 0x000BBBC8 0x000001CE
DefDlgProcW - 0x0048F584 0x000BC7CC 0x000BBBCC 0x00000095
CallWindowProcW - 0x0048F588 0x000BC7D0 0x000BBBD0 0x0000001E
ReleaseCapture - 0x0048F58C 0x000BC7D4 0x000BBBD4 0x00000264
SetCapture - 0x0048F590 0x000BC7D8 0x000BBBD8 0x00000280
CreateIconFromResourceEx - 0x0048F594 0x000BC7DC 0x000BBBDC 0x00000066
mouse_event - 0x0048F598 0x000BC7E0 0x000BBBE0 0x00000331
ExitWindowsEx - 0x0048F59C 0x000BC7E4 0x000BBBE4 0x000000F5
SetActiveWindow - 0x0048F5A0 0x000BC7E8 0x000BBBE8 0x0000027F
FindWindowExW - 0x0048F5A4 0x000BC7EC 0x000BBBEC 0x000000F9
EnumThreadWindows - 0x0048F5A8 0x000BC7F0 0x000BBBF0 0x000000EF
SetMenuDefaultItem - 0x0048F5AC 0x000BC7F4 0x000BBBF4 0x0000029E
InsertMenuItemW - 0x0048F5B0 0x000BC7F8 0x000BBBF8 0x000001B9
IsMenu - 0x0048F5B4 0x000BC7FC 0x000BBBFC 0x000001D2
TrackPopupMenuEx - 0x0048F5B8 0x000BC800 0x000BBC00 0x000002F7
GetCursorPos - 0x0048F5BC 0x000BC804 0x000BBC04 0x00000120
DeleteMenu - 0x0048F5C0 0x000BC808 0x000BBC08 0x0000009E
SetRect - 0x0048F5C4 0x000BC80C 0x000BBC0C 0x000002AE
GetMenuItemID - 0x0048F5C8 0x000BC810 0x000BBC10 0x00000152
GetMenuItemCount - 0x0048F5CC 0x000BC814 0x000BBC14 0x00000151
SetMenuItemInfoW - 0x0048F5D0 0x000BC818 0x000BBC18 0x000002A2
GetMenuItemInfoW - 0x0048F5D4 0x000BC81C 0x000BBC1C 0x00000154
SetForegroundWindow - 0x0048F5D8 0x000BC820 0x000BBC20 0x00000293
IsIconic - 0x0048F5DC 0x000BC824 0x000BBC24 0x000001D1
FindWindowW - 0x0048F5E0 0x000BC828 0x000BBC28 0x000000FA
MonitorFromRect - 0x0048F5E4 0x000BC82C 0x000BBC2C 0x00000219
keybd_event - 0x0048F5E8 0x000BC830 0x000BBC30 0x00000330
SendInput - 0x0048F5EC 0x000BC834 0x000BBC34 0x00000276
GetAsyncKeyState - 0x0048F5F0 0x000BC838 0x000BBC38 0x00000107
SetKeyboardState - 0x0048F5F4 0x000BC83C 0x000BBC3C 0x00000296
GetKeyboardState - 0x0048F5F8 0x000BC840 0x000BBC40 0x00000142
GetKeyState - 0x0048F5FC 0x000BC844 0x000BBC44 0x0000013D
VkKeyScanW - 0x0048F600 0x000BC848 0x000BBC48 0x00000321
LoadStringW - 0x0048F604 0x000BC84C 0x000BBC4C 0x000001FA
DialogBoxParamW - 0x0048F608 0x000BC850 0x000BBC50 0x000000AC
MessageBeep - 0x0048F60C 0x000BC854 0x000BBC54 0x0000020D
EndDialog - 0x0048F610 0x000BC858 0x000BBC58 0x000000DA
SendDlgItemMessageW - 0x0048F614 0x000BC85C 0x000BBC5C 0x00000273
GetDlgItem - 0x0048F618 0x000BC860 0x000BBC60 0x00000127
SetWindowTextW - 0x0048F61C 0x000BC864 0x000BBC64 0x000002CB
CopyRect - 0x0048F620 0x000BC868 0x000BBC68 0x00000055
ReleaseDC - 0x0048F624 0x000BC86C 0x000BBC6C 0x00000265
GetDC - 0x0048F628 0x000BC870 0x000BBC70 0x00000121
EndPaint - 0x0048F62C 0x000BC874 0x000BBC74 0x000000DC
BeginPaint - 0x0048F630 0x000BC878 0x000BBC78 0x0000000E
GetClientRect - 0x0048F634 0x000BC87C 0x000BBC7C 0x00000114
GetMenu - 0x0048F638 0x000BC880 0x000BBC80 0x0000014B
DestroyWindow - 0x0048F63C 0x000BC884 0x000BBC84 0x000000A6
EnumWindows - 0x0048F640 0x000BC888 0x000BBC88 0x000000F2
GetDesktopWindow - 0x0048F644 0x000BC88C 0x000BBC8C 0x00000123
IsWindow - 0x0048F648 0x000BC890 0x000BBC90 0x000001DB
IsWindowEnabled - 0x0048F64C 0x000BC894 0x000BBC94 0x000001DC
IsWindowVisible - 0x0048F650 0x000BC898 0x000BBC98 0x000001E0
EnableWindow - 0x0048F654 0x000BC89C 0x000BBC9C 0x000000D8
InvalidateRect - 0x0048F658 0x000BC8A0 0x000BBCA0 0x000001BE
GetWindowLongW - 0x0048F65C 0x000BC8A4 0x000BBCA4 0x00000196
GetWindowThreadProcessId - 0x0048F660 0x000BC8A8 0x000BBCA8 0x000001A4
AttachThreadInput - 0x0048F664 0x000BC8AC 0x000BBCAC 0x0000000C
GetFocus - 0x0048F668 0x000BC8B0 0x000BBCB0 0x0000012C
GetWindowTextW - 0x0048F66C 0x000BC8B4 0x000BBCB4 0x000001A3
ScreenToClient - 0x0048F670 0x000BC8B8 0x000BBCB8 0x0000026D
SendMessageTimeoutW - 0x0048F674 0x000BC8BC 0x000BBCBC 0x0000027B
EnumChildWindows - 0x0048F678 0x000BC8C0 0x000BBCC0 0x000000DF
CharUpperBuffW - 0x0048F67C 0x000BC8C4 0x000BBCC4 0x0000003B
GetParent - 0x0048F680 0x000BC8C8 0x000BBCC8 0x00000164
GetDlgCtrlID - 0x0048F684 0x000BC8CC 0x000BBCCC 0x00000126
SendMessageW - 0x0048F688 0x000BC8D0 0x000BBCD0 0x0000027C
MapVirtualKeyW - 0x0048F68C 0x000BC8D4 0x000BBCD4 0x00000208
PostMessageW - 0x0048F690 0x000BC8D8 0x000BBCD8 0x00000236
GetWindowRect - 0x0048F694 0x000BC8DC 0x000BBCDC 0x0000019C
SetUserObjectSecurity - 0x0048F698 0x000BC8E0 0x000BBCE0 0x000002BE
CloseDesktop - 0x0048F69C 0x000BC8E4 0x000BBCE4 0x0000004A
CloseWindowStation - 0x0048F6A0 0x000BC8E8 0x000BBCE8 0x0000004E
OpenDesktopW - 0x0048F6A4 0x000BC8EC 0x000BBCEC 0x00000228
SetProcessWindowStation - 0x0048F6A8 0x000BC8F0 0x000BBCF0 0x000002AA
GetProcessWindowStation - 0x0048F6AC 0x000BC8F4 0x000BBCF4 0x00000168
OpenWindowStationW - 0x0048F6B0 0x000BC8F8 0x000BBCF8 0x0000022D
GetUserObjectSecurity - 0x0048F6B4 0x000BC8FC 0x000BBCFC 0x0000018C
MessageBoxW - 0x0048F6B8 0x000BC900 0x000BBD00 0x00000215
DefWindowProcW - 0x0048F6BC 0x000BC904 0x000BBD04 0x0000009C
SetClipboardData - 0x0048F6C0 0x000BC908 0x000BBD08 0x00000286
EmptyClipboard - 0x0048F6C4 0x000BC90C 0x000BBD0C 0x000000D5
CountClipboardFormats - 0x0048F6C8 0x000BC910 0x000BBD10 0x00000056
CloseClipboard - 0x0048F6CC 0x000BC914 0x000BBD14 0x00000049
GetClipboardData - 0x0048F6D0 0x000BC918 0x000BBD18 0x00000116
IsClipboardFormatAvailable - 0x0048F6D4 0x000BC91C 0x000BBD1C 0x000001CA
OpenClipboard - 0x0048F6D8 0x000BC920 0x000BBD20 0x00000226
BlockInput - 0x0048F6DC 0x000BC924 0x000BBD24 0x0000000F
GetMessageW - 0x0048F6E0 0x000BC928 0x000BBD28 0x0000015D
LockWindowUpdate - 0x0048F6E4 0x000BC92C 0x000BBD2C 0x000001FD
DispatchMessageW - 0x0048F6E8 0x000BC930 0x000BBD30 0x000000AF
TranslateMessage - 0x0048F6EC 0x000BC934 0x000BBD34 0x000002FC
PeekMessageW - 0x0048F6F0 0x000BC938 0x000BBD38 0x00000233
UnregisterHotKey - 0x0048F6F4 0x000BC93C 0x000BBD3C 0x00000308
CheckMenuRadioItem - 0x0048F6F8 0x000BC940 0x000BBD40 0x00000040
CharLowerBuffW - 0x0048F6FC 0x000BC944 0x000BBD44 0x0000002D
MoveWindow - 0x0048F700 0x000BC948 0x000BBD48 0x0000021B
SetFocus - 0x0048F704 0x000BC94C 0x000BBD4C 0x00000292
PostQuitMessage - 0x0048F708 0x000BC950 0x000BBD50 0x00000237
KillTimer - 0x0048F70C 0x000BC954 0x000BBD54 0x000001E3
CreatePopupMenu - 0x0048F710 0x000BC958 0x000BBD58 0x0000006B
RegisterWindowMessageW - 0x0048F714 0x000BC95C 0x000BBD5C 0x00000263
SetTimer - 0x0048F718 0x000BC960 0x000BBD60 0x000002BB
ShowWindow - 0x0048F71C 0x000BC964 0x000BBD64 0x000002DF
CreateWindowExW - 0x0048F720 0x000BC968 0x000BBD68 0x0000006E
RegisterClassExW - 0x0048F724 0x000BC96C 0x000BBD6C 0x0000024D
LoadIconW - 0x0048F728 0x000BC970 0x000BBD70 0x000001ED
LoadCursorW - 0x0048F72C 0x000BC974 0x000BBD74 0x000001EB
GetSysColorBrush - 0x0048F730 0x000BC978 0x000BBD78 0x0000017C
GetForegroundWindow - 0x0048F734 0x000BC97C 0x000BBD7C 0x0000012D
MessageBoxA - 0x0048F738 0x000BC980 0x000BBD80 0x0000020E
DestroyIcon - 0x0048F73C 0x000BC984 0x000BBD84 0x000000A3
SystemParametersInfoW - 0x0048F740 0x000BC988 0x000BBD88 0x000002EC
LoadImageW - 0x0048F744 0x000BC98C 0x000BBD8C 0x000001EF
GetClassNameW - 0x0048F748 0x000BC990 0x000BBD90 0x00000112
GDI32.dll (35)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StrokePath - 0x0048F0C4 0x000BC30C 0x000BB70C 0x000002B6
DeleteObject - 0x0048F0C8 0x000BC310 0x000BB710 0x000000E6
GetTextExtentPoint32W - 0x0048F0CC 0x000BC314 0x000BB714 0x0000021E
ExtCreatePen - 0x0048F0D0 0x000BC318 0x000BB718 0x00000132
GetDeviceCaps - 0x0048F0D4 0x000BC31C 0x000BB71C 0x000001CB
EndPath - 0x0048F0D8 0x000BC320 0x000BB720 0x000000F3
SetPixel - 0x0048F0DC 0x000BC324 0x000BB724 0x0000029B
CloseFigure - 0x0048F0E0 0x000BC328 0x000BB728 0x0000001E
CreateCompatibleBitmap - 0x0048F0E4 0x000BC32C 0x000BB72C 0x0000002F
CreateCompatibleDC - 0x0048F0E8 0x000BC330 0x000BB730 0x00000030
SelectObject - 0x0048F0EC 0x000BC334 0x000BB734 0x00000277
StretchBlt - 0x0048F0F0 0x000BC338 0x000BB738 0x000002B3
GetDIBits - 0x0048F0F4 0x000BC33C 0x000BB73C 0x000001CA
LineTo - 0x0048F0F8 0x000BC340 0x000BB740 0x00000236
AngleArc - 0x0048F0FC 0x000BC344 0x000BB744 0x00000008
MoveToEx - 0x0048F100 0x000BC348 0x000BB748 0x0000023A
Ellipse - 0x0048F104 0x000BC34C 0x000BB74C 0x000000ED
DeleteDC - 0x0048F108 0x000BC350 0x000BB750 0x000000E3
GetPixel - 0x0048F10C 0x000BC354 0x000BB754 0x00000204
CreateDCW - 0x0048F110 0x000BC358 0x000BB758 0x00000032
GetStockObject - 0x0048F114 0x000BC35C 0x000BB75C 0x0000020D
GetTextFaceW - 0x0048F118 0x000BC360 0x000BB760 0x00000224
CreateFontW - 0x0048F11C 0x000BC364 0x000BB764 0x00000041
SetTextColor - 0x0048F120 0x000BC368 0x000BB768 0x000002A6
PolyDraw - 0x0048F124 0x000BC36C 0x000BB76C 0x00000250
BeginPath - 0x0048F128 0x000BC370 0x000BB770 0x00000012
Rectangle - 0x0048F12C 0x000BC374 0x000BB774 0x0000025F
SetViewportOrgEx - 0x0048F130 0x000BC378 0x000BB778 0x000002A9
GetObjectW - 0x0048F134 0x000BC37C 0x000BB77C 0x000001FD
SetBkMode - 0x0048F138 0x000BC380 0x000BB780 0x0000027F
RoundRect - 0x0048F13C 0x000BC384 0x000BB784 0x0000026A
SetBkColor - 0x0048F140 0x000BC388 0x000BB788 0x0000027E
CreatePen - 0x0048F144 0x000BC38C 0x000BB78C 0x0000004B
CreateSolidBrush - 0x0048F148 0x000BC390 0x000BB790 0x00000054
StrokeAndFillPath - 0x0048F14C 0x000BC394 0x000BB794 0x000002B5
COMDLG32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetOpenFileNameW - 0x0048F0B8 0x000BC300 0x000BB700 0x0000000C
GetSaveFileNameW - 0x0048F0BC 0x000BC304 0x000BB704 0x0000000E
ADVAPI32.dll (33)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetAce - 0x0048F000 0x000BC248 0x000BB648 0x00000123
RegEnumValueW - 0x0048F004 0x000BC24C 0x000BB64C 0x00000252
RegDeleteValueW - 0x0048F008 0x000BC250 0x000BB650 0x00000248
RegDeleteKeyW - 0x0048F00C 0x000BC254 0x000BB654 0x00000244
RegEnumKeyExW - 0x0048F010 0x000BC258 0x000BB658 0x0000024F
RegSetValueExW - 0x0048F014 0x000BC25C 0x000BB65C 0x0000027E
RegOpenKeyExW - 0x0048F018 0x000BC260 0x000BB660 0x00000261
RegCloseKey - 0x0048F01C 0x000BC264 0x000BB664 0x00000230
RegQueryValueExW - 0x0048F020 0x000BC268 0x000BB668 0x0000026E
RegConnectRegistryW - 0x0048F024 0x000BC26C 0x000BB66C 0x00000234
InitializeSecurityDescriptor - 0x0048F028 0x000BC270 0x000BB670 0x00000177
InitializeAcl - 0x0048F02C 0x000BC274 0x000BB674 0x00000176
AdjustTokenPrivileges - 0x0048F030 0x000BC278 0x000BB678 0x0000001F
OpenThreadToken - 0x0048F034 0x000BC27C 0x000BB67C 0x000001FC
OpenProcessToken - 0x0048F038 0x000BC280 0x000BB680 0x000001F7
LookupPrivilegeValueW - 0x0048F03C 0x000BC284 0x000BB684 0x00000197
DuplicateTokenEx - 0x0048F040 0x000BC288 0x000BB688 0x000000DF
CreateProcessAsUserW - 0x0048F044 0x000BC28C 0x000BB68C 0x0000007C
CreateProcessWithLogonW - 0x0048F048 0x000BC290 0x000BB690 0x0000007D
GetLengthSid - 0x0048F04C 0x000BC294 0x000BB694 0x00000136
CopySid - 0x0048F050 0x000BC298 0x000BB698 0x00000076
LogonUserW - 0x0048F054 0x000BC29C 0x000BB69C 0x0000018D
AllocateAndInitializeSid - 0x0048F058 0x000BC2A0 0x000BB6A0 0x00000020
CheckTokenMembership - 0x0048F05C 0x000BC2A4 0x000BB6A4 0x00000051
RegCreateKeyExW - 0x0048F060 0x000BC2A8 0x000BB6A8 0x00000239
FreeSid - 0x0048F064 0x000BC2AC 0x000BB6AC 0x00000120
GetTokenInformation - 0x0048F068 0x000BC2B0 0x000BB6B0 0x0000015A
GetSecurityDescriptorDacl - 0x0048F06C 0x000BC2B4 0x000BB6B4 0x00000148
GetAclInformation - 0x0048F070 0x000BC2B8 0x000BB6B8 0x00000124
AddAce - 0x0048F074 0x000BC2BC 0x000BB6BC 0x00000016
SetSecurityDescriptorDacl - 0x0048F078 0x000BC2C0 0x000BB6C0 0x000002B6
GetUserNameW - 0x0048F07C 0x000BC2C4 0x000BB6C4 0x00000165
InitiateSystemShutdownExW - 0x0048F080 0x000BC2C8 0x000BB6C8 0x0000017D
SHELL32.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DragQueryPoint - 0x0048F48C 0x000BC6D4 0x000BBAD4 0x00000020
ShellExecuteExW - 0x0048F490 0x000BC6D8 0x000BBAD8 0x00000121
DragQueryFileW - 0x0048F494 0x000BC6DC 0x000BBADC 0x0000001F
SHEmptyRecycleBinW - 0x0048F498 0x000BC6E0 0x000BBAE0 0x000000A5
SHGetPathFromIDListW - 0x0048F49C 0x000BC6E4 0x000BBAE4 0x000000D7
SHBrowseForFolderW - 0x0048F4A0 0x000BC6E8 0x000BBAE8 0x0000007B
SHCreateShellItem - 0x0048F4A4 0x000BC6EC 0x000BBAEC 0x0000009A
SHGetDesktopFolder - 0x0048F4A8 0x000BC6F0 0x000BBAF0 0x000000B6
SHGetSpecialFolderLocation - 0x0048F4AC 0x000BC6F4 0x000BBAF4 0x000000DF
SHGetFolderPathW - 0x0048F4B0 0x000BC6F8 0x000BBAF8 0x000000C3
SHFileOperationW - 0x0048F4B4 0x000BC6FC 0x000BBAFC 0x000000AC
ExtractIconExW - 0x0048F4B8 0x000BC700 0x000BBB00 0x0000002A
Shell_NotifyIconW - 0x0048F4BC 0x000BC704 0x000BBB04 0x0000012E
ShellExecuteW - 0x0048F4C0 0x000BC708 0x000BBB08 0x00000122
DragFinish - 0x0048F4C4 0x000BC70C 0x000BBB0C 0x0000001B
ole32.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoTaskMemAlloc - 0x0048F828 0x000BCA70 0x000BBE70 0x00000067
CoTaskMemFree - 0x0048F82C 0x000BCA74 0x000BBE74 0x00000068
CLSIDFromString - 0x0048F830 0x000BCA78 0x000BBE78 0x00000008
ProgIDFromCLSID - 0x0048F834 0x000BCA7C 0x000BBE7C 0x0000014B
CLSIDFromProgID - 0x0048F838 0x000BCA80 0x000BBE80 0x00000006
OleSetMenuDescriptor - 0x0048F83C 0x000BCA84 0x000BBE84 0x00000147
MkParseDisplayName - 0x0048F840 0x000BCA88 0x000BBE88 0x000000D4
OleSetContainedObject - 0x0048F844 0x000BCA8C 0x000BBE8C 0x00000146
CoCreateInstance - 0x0048F848 0x000BCA90 0x000BBE90 0x00000010
IIDFromString - 0x0048F84C 0x000BCA94 0x000BBE94 0x000000CD
StringFromGUID2 - 0x0048F850 0x000BCA98 0x000BBE98 0x00000179
CreateStreamOnHGlobal - 0x0048F854 0x000BCA9C 0x000BBE9C 0x00000086
OleInitialize - 0x0048F858 0x000BCAA0 0x000BBEA0 0x00000132
OleUninitialize - 0x0048F85C 0x000BCAA4 0x000BBEA4 0x00000149
CoInitialize - 0x0048F860 0x000BCAA8 0x000BBEA8 0x0000003E
CoUninitialize - 0x0048F864 0x000BCAAC 0x000BBEAC 0x0000006C
GetRunningObjectTable - 0x0048F868 0x000BCAB0 0x000BBEB0 0x00000097
CoGetInstanceFromFile - 0x0048F86C 0x000BCAB4 0x000BBEB4 0x0000002D
CoGetObject - 0x0048F870 0x000BCAB8 0x000BBEB8 0x00000035
CoSetProxyBlanket - 0x0048F874 0x000BCABC 0x000BBEBC 0x00000063
CoCreateInstanceEx - 0x0048F878 0x000BCAC0 0x000BBEC0 0x00000011
CoInitializeSecurity - 0x0048F87C 0x000BCAC4 0x000BBEC4 0x00000040
OLEAUT32.dll (29)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadTypeLibEx 0x000000B7 0x0048F40C 0x000BC654 0x000BBA54 -
VariantCopyInd 0x0000000B 0x0048F410 0x000BC658 0x000BBA58 -
SysReAllocString 0x00000003 0x0048F414 0x000BC65C 0x000BBA5C -
SysFreeString 0x00000006 0x0048F418 0x000BC660 0x000BBA60 -
SafeArrayDestroyDescriptor 0x00000026 0x0048F41C 0x000BC664 0x000BBA64 -
SafeArrayDestroyData 0x00000027 0x0048F420 0x000BC668 0x000BBA68 -
SafeArrayUnaccessData 0x00000018 0x0048F424 0x000BC66C 0x000BBA6C -
SafeArrayAccessData 0x00000017 0x0048F428 0x000BC670 0x000BBA70 -
SafeArrayAllocData 0x00000025 0x0048F42C 0x000BC674 0x000BBA74 -
SafeArrayAllocDescriptorEx 0x00000029 0x0048F430 0x000BC678 0x000BBA78 -
SafeArrayCreateVector 0x0000019B 0x0048F434 0x000BC67C 0x000BBA7C -
RegisterTypeLib 0x000000A3 0x0048F438 0x000BC680 0x000BBA80 -
CreateStdDispatch 0x00000020 0x0048F43C 0x000BC684 0x000BBA84 -
DispCallFunc 0x00000092 0x0048F440 0x000BC688 0x000BBA88 -
VariantChangeType 0x0000000C 0x0048F444 0x000BC68C 0x000BBA8C -
SysStringLen 0x00000007 0x0048F448 0x000BC690 0x000BBA90 -
VariantTimeToSystemTime 0x000000B9 0x0048F44C 0x000BC694 0x000BBA94 -
VarR8FromDec 0x000000DC 0x0048F450 0x000BC698 0x000BBA98 -
SafeArrayGetVartype 0x0000004D 0x0048F454 0x000BC69C 0x000BBA9C -
VariantCopy 0x0000000A 0x0048F458 0x000BC6A0 0x000BBAA0 -
VariantClear 0x00000009 0x0048F45C 0x000BC6A4 0x000BBAA4 -
OleLoadPicture 0x000001A2 0x0048F460 0x000BC6A8 0x000BBAA8 -
QueryPathOfRegTypeLib 0x000000A4 0x0048F464 0x000BC6AC 0x000BBAAC -
RegisterTypeLibForUser 0x000001BA 0x0048F468 0x000BC6B0 0x000BBAB0 -
UnRegisterTypeLibForUser 0x000001BB 0x0048F46C 0x000BC6B4 0x000BBAB4 -
UnRegisterTypeLib 0x000000BA 0x0048F470 0x000BC6B8 0x000BBAB8 -
CreateDispTypeInfo 0x0000001F 0x0048F474 0x000BC6BC 0x000BBABC -
SysAllocString 0x00000002 0x0048F478 0x000BC6C0 0x000BBAC0 -
VariantInit 0x00000008 0x0048F47C 0x000BC6C4 0x000BBAC4 -
Memory Dumps (26)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
buffer 1 0x00A10000 0x00A13FFF First Execution False 32-bit 0x00A123B0 False
...
name.exe 2 0x00E80000 0x00FE0FFF Relevant Image False 32-bit 0x00EA9D26 False
...
buffer 2 0x00E10000 0x00E13FFF First Execution False 32-bit 0x00E123B0 False
...
name.exe 2 0x00E80000 0x00FE0FFF Final Dump False 32-bit 0x00EA9A81 False
...
buffer 2 0x02E70000 0x02EE8FFF Image In Buffer False 32-bit - False
...
name.exe 2 0x00E80000 0x00FE0FFF Process Termination False 32-bit - False
...
name.exe 3 0x00E80000 0x00FE0FFF Relevant Image False 32-bit 0x00EA33C7 False
...
buffer 3 0x00980000 0x00983FFF First Execution False 32-bit 0x009823B0 False
...
buffer 3 0x02C20000 0x02C98FFF Image In Buffer False 32-bit - False
...
name.exe 3 0x00E80000 0x00FE0FFF Process Termination False 32-bit - False
...
name.exe 4 0x00E80000 0x00FE0FFF Relevant Image False 32-bit 0x00E90A8D False
...
buffer 4 0x00E50000 0x00E53FFF First Execution False 32-bit 0x00E523B0 False
...
buffer 4 0x01070000 0x010E8FFF Image In Buffer False 32-bit - False
...
name.exe 4 0x00E80000 0x00FE0FFF Process Termination False 32-bit - False
...
name.exe 5 0x00E80000 0x00FE0FFF Relevant Image False 32-bit 0x00EB4D6B False
...
buffer 5 0x02A40000 0x02A43FFF First Execution False 32-bit 0x02A423B0 False
...
buffer 5 0x02EC0000 0x02F38FFF Image In Buffer False 32-bit - False
...
name.exe 5 0x00E80000 0x00FE0FFF Process Termination False 32-bit - False
...
name.exe 6 0x00E80000 0x00FE0FFF Relevant Image False 32-bit 0x00EA594C False
...
buffer 6 0x00D90000 0x00D93FFF First Execution False 32-bit 0x00D923B0 False
...
buffer 6 0x00DF0000 0x00E68FFF Image In Buffer False 32-bit - False
...
name.exe 6 0x00E80000 0x00FE0FFF Process Termination False 32-bit - False
...
name.exe 7 0x00E80000 0x00FE0FFF Relevant Image False 32-bit 0x00EAD812 False
...
buffer 7 0x01580000 0x01583FFF First Execution False 32-bit 0x015823B0 False
...
buffer 7 0x02DB0000 0x02E28FFF Image In Buffer False 32-bit - False
...
name.exe 7 0x00E80000 0x00FE0FFF Process Termination False 32-bit - False
...
C:\Users\RDHJ0C~1\AppData\Local\Temp\phytographical Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 482.50 KB
MD5 4e8f6cacbe416feb30a39dd18f72b1d8 Copy to Clipboard
SHA1 944b48601d90f17143771acfdfb7b758d36dbe6c Copy to Clipboard
SHA256 2c021d71b9a694418c33365f97e027b0897a9def2f4002505891759a1c11e273 Copy to Clipboard
SSDeep 6144:VMBo9ptKKwpr3bG/OuneOk9JtZcMORE542U96X7EPRK64Z+z/7AH4LvS0Mqa8yvk:wiKKwpWmr9JtYv9YhIOIcwlYS Copy to Clipboard
ImpHash -
C:\Users\RDHJ0C~1\AppData\Local\Temp\aut10C7.tmp Dropped File Stream
Clean
...
»
Also Known As C:\Users\RDHJ0C~1\AppData\Local\Temp\aut1AF8.tmp (Dropped File, Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\aut25B6.tmp (Dropped File, Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\aut4F57.tmp (Dropped File, Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\aut58EC.tmp (Dropped File, Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\aut69C4.tmp (Dropped File, Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\aut70C9.tmp (Dropped File, Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\aut713.tmp (Dropped File, Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\aut7ADB.tmp (Dropped File, Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\autE4D5.tmp (Dropped File, Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\autF2A0.tmp (Dropped File, Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\autFD10.tmp (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 413.73 KB
MD5 3022464f733dc923bbab94f83454dd09 Copy to Clipboard
SHA1 9ad78994022803798e74307600e73f9b7d79f989 Copy to Clipboard
SHA256 bda05fedbc33c8fa942047d5057d648c274024a9b896fc6284705155b2ee0ac7 Copy to Clipboard
SSDeep 12288:69nG+N8GYcLgQzg8r9HFsSxdIt6Vp923I2R:cN8/cLgQ08r9TdIap9yvR Copy to Clipboard
ImpHash -
C:\Users\RDHJ0C~1\AppData\Local\Temp\directiveness Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 28.06 KB
MD5 1c1d9090355dda14030a1a4d0c2d3671 Copy to Clipboard
SHA1 035bc576f405302a0be9c62dc6fefe24f93dff70 Copy to Clipboard
SHA256 13a925fc251e4e40c00920bf6e652d2175b3be01b37ec4e8382f622b5c09cc31 Copy to Clipboard
SSDeep 768:WiTZ+2QoioGRk6ZklputwjpjBkCiw2RuJ3nXKUrvzjsNbJ+IIm54vfF3if6gyyNK:WiTZ+2QoioGRk6ZklputwjpjBkCiw2RA Copy to Clipboard
ImpHash -
C:\Users\RDHJ0C~1\AppData\Local\Temp\aut1210.tmp Dropped File Stream
Clean
...
»
Also Known As C:\Users\RDHJ0C~1\AppData\Local\Temp\aut1C70.tmp (Dropped File, Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\aut2663.tmp (Dropped File, Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\aut511D.tmp (Dropped File, Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\aut5989.tmp (Dropped File, Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\aut6AA0.tmp (Dropped File, Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\aut71E3.tmp (Dropped File, Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\aut7B98.tmp (Dropped File, Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\aut80E.tmp (Dropped File, Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\autE5C0.tmp (Dropped File, Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\autF34D.tmp (Dropped File, Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\autFDBD.tmp (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 9.61 KB
MD5 04310fac52fe369cc1b265c3f60955e0 Copy to Clipboard
SHA1 a603043c059c10a57f629291d16dcaceec80fca5 Copy to Clipboard
SHA256 bbeb01d438ca738e972884387e2fb77a27dcd560db052e9a83aa2a7024b895d9 Copy to Clipboard
SSDeep 192:na0ZsqLUGeKtxWQa8yTnTY7DwkrRgmP7m/xkP9hC3rOgtgCDmpTWHDeap4BfEk:azqLFLtx3a8yn9IR1KJkPXC3rOgtUMqX Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 282 Bytes
MD5 ba04125a6555b053f0822e2e62ebf8fa Copy to Clipboard
SHA1 0255eca2b7c1d10abcf702e161cbfaf0c16429b8 Copy to Clipboard
SHA256 e2ba2c3725212fd970b2504ff28343dff6d16f67b08bbdc526224614b176a0be Copy to Clipboard
SSDeep 6:DMM8lfm3OOQdUfcl6NUAUEZ+lX1Al1AE6nriIM8lfQVn:DsO+vNl6KAQ1A1z4mA2n Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image