Try VMRay Platform
Malicious
Classifications

Injector Downloader

Threat Names

Pikabot Mal/Generic-S Mal/HTMLGen-A

Dynamic Analysis Report

Created on 2024-03-28T14:37:16+00:00

Point.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "1 minute, 7 seconds" to "10 seconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\OqXZRaykm\Desktop\Point.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 1.32 MB
MD5 3e56975127f436aa5e8a9b9c7af5eb23 Copy to Clipboard
SHA1 acbf171b31c25a66d7af44bf9e1f5666acaa3f2c Copy to Clipboard
SHA256 7d18e238febf88bc7c868e3ee4189fd12a2aa4db21f66151bb4c15c0600eca6e Copy to Clipboard
SSDeep 12288:2jwHlbKaWY6oL1T0uwJ34dW/QtQF5KXGOTBwfRzPZ15HVCjkNMOuEFcd+wtZqA8s:2yHC/QtQF5kGXZPY+1BFc2AZoyLtkwx Copy to Clipboard
ImpHash 44c9a0d6caae769769c87976fb6f71d4 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x0048EB4E
Size Of Code 0x000B6C00
Size Of Initialized Data 0x0009C800
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2020-10-23 10:31 (UTC)
Version Information (8)
»
CompanyName Qihoo 360 Technology Co. Ltd.
FileDescription File Smasher Application
FileVersion 9, 6, 0, 1034
InternalName QHFileSmasher
LegalCopyright (C) Qihoo 360 Technology Co. Ltd., All rights reserved.
OriginalFilename QHFileSmasher.exe
ProductName File Smasher Application
ProductVersion 9, 6, 0, 1034
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x000B6B8C 0x000B6C00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.6
.rdata 0x004B8000 0x000227AA 0x00022800 0x000B7000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.67
.data 0x004DB000 0x0000D844 0x00006000 0x000D9800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.36
.rsrc 0x004E9000 0x00061CEA 0x00061E00 0x000DF800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.35
.reloc 0x0054B000 0x000121F6 0x00012200 0x00141600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.51
Imports (19)
»
KERNEL32.dll (171)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ExitThread - 0x004B80DC 0x000D7988 0x000D6988 0x00000105
CreateThread - 0x004B80E0 0x000D798C 0x000D698C 0x000000A3
ExitProcess - 0x004B80E4 0x000D7990 0x000D6990 0x00000104
GetStartupInfoW - 0x004B80E8 0x000D7994 0x000D6994 0x0000023A
RtlUnwind - 0x004B80EC 0x000D7998 0x000D6998 0x00000392
HeapReAlloc - 0x004B80F0 0x000D799C 0x000D699C 0x000002A4
HeapSize - 0x004B80F4 0x000D79A0 0x000D69A0 0x000002A6
GetCPInfo - 0x004B80F8 0x000D79A4 0x000D69A4 0x0000015B
GetACP - 0x004B80FC 0x000D79A8 0x000D69A8 0x00000152
GetOEMCP - 0x004B8100 0x000D79AC 0x000D69AC 0x00000213
IsValidCodePage - 0x004B8104 0x000D79B0 0x000D69B0 0x000002DB
LCMapStringW - 0x004B8108 0x000D79B4 0x000D69B4 0x000002E3
GetStdHandle - 0x004B810C 0x000D79B8 0x000D69B8 0x0000023B
GetModuleFileNameA - 0x004B8110 0x000D79BC 0x000D69BC 0x000001F4
GetTimeFormatA - 0x004B8114 0x000D79C0 0x000D69C0 0x00000268
GetDateFormatA - 0x004B8118 0x000D79C4 0x000D69C4 0x000001AE
HeapCreate - 0x004B811C 0x000D79C8 0x000D69C8 0x0000029F
HeapDestroy - 0x004B8120 0x000D79CC 0x000D69CC 0x000002A0
VirtualFree - 0x004B8124 0x000D79D0 0x000D69D0 0x00000457
VirtualAlloc - 0x004B8128 0x000D79D4 0x000D69D4 0x00000454
GetConsoleCP - 0x004B812C 0x000D79D8 0x000D69D8 0x00000183
GetConsoleMode - 0x004B8130 0x000D79DC 0x000D69DC 0x00000195
LCMapStringA - 0x004B8134 0x000D79E0 0x000D69E0 0x000002E1
SetHandleCount - 0x004B8138 0x000D79E4 0x000D69E4 0x000003E8
GetFileType - 0x004B813C 0x000D79E8 0x000D69E8 0x000001D7
GetStartupInfoA - 0x004B8140 0x000D79EC 0x000D69EC 0x00000239
InitializeCriticalSectionAndSpinCount - 0x004B8144 0x000D79F0 0x000D69F0 0x000002B5
FreeEnvironmentStringsW - 0x004B8148 0x000D79F4 0x000D69F4 0x0000014B
GetEnvironmentStringsW - 0x004B814C 0x000D79F8 0x000D69F8 0x000001C1
GetStringTypeA - 0x004B8150 0x000D79FC 0x000D69FC 0x0000023D
GetStringTypeW - 0x004B8154 0x000D7A00 0x000D6A00 0x00000240
IsDebuggerPresent - 0x004B8158 0x000D7A04 0x000D6A04 0x000002D1
GetLocaleInfoA - 0x004B815C 0x000D7A08 0x000D6A08 0x000001E8
EnumSystemLocalesA - 0x004B8160 0x000D7A0C 0x000D6A0C 0x000000F8
IsValidLocale - 0x004B8164 0x000D7A10 0x000D6A10 0x000002DD
WriteConsoleA - 0x004B8168 0x000D7A14 0x000D6A14 0x00000482
GetConsoleOutputCP - 0x004B816C 0x000D7A18 0x000D6A18 0x00000199
WriteConsoleW - 0x004B8170 0x000D7A1C 0x000D6A1C 0x0000048C
SetStdHandle - 0x004B8174 0x000D7A20 0x000D6A20 0x000003FC
GetProcessHeap - 0x004B8178 0x000D7A24 0x000D6A24 0x00000223
CreateFileA - 0x004B817C 0x000D7A28 0x000D6A28 0x00000078
SetEnvironmentVariableA - 0x004B8180 0x000D7A2C 0x000D6A2C 0x000003D0
SetUnhandledExceptionFilter - 0x004B8184 0x000D7A30 0x000D6A30 0x00000415
HeapAlloc - 0x004B8188 0x000D7A34 0x000D6A34 0x0000029D
TerminateProcess - 0x004B818C 0x000D7A38 0x000D6A38 0x0000042D
GetFileSizeEx - 0x004B8190 0x000D7A3C 0x000D6A3C 0x000001D5
LocalFileTimeToFileTime - 0x004B8194 0x000D7A40 0x000D6A40 0x000002FB
GetLocaleInfoW - 0x004B8198 0x000D7A44 0x000D6A44 0x000001EA
CompareStringA - 0x004B819C 0x000D7A48 0x000D6A48 0x00000052
GetShortPathNameW - 0x004B81A0 0x000D7A4C 0x000D6A4C 0x00000238
SetEndOfFile - 0x004B81A4 0x000D7A50 0x000D6A50 0x000003CD
FlushFileBuffers - 0x004B81A8 0x000D7A54 0x000D6A54 0x00000141
GlobalFlags - 0x004B81AC 0x000D7A58 0x000D6A58 0x0000028B
GlobalAddAtomW - 0x004B81B0 0x000D7A5C 0x000D6A5C 0x00000284
GlobalFindAtomW - 0x004B81B4 0x000D7A60 0x000D6A60 0x00000289
lstrcmpiA - 0x004B81B8 0x000D7A64 0x000D6A64 0x000004AC
GetTempFileNameW - 0x004B81BC 0x000D7A68 0x000D6A68 0x00000259
OpenMutexW - 0x004B81C0 0x000D7A6C 0x000D6A6C 0x00000330
ReleaseMutex - 0x004B81C4 0x000D7A70 0x000D6A70 0x00000377
HeapWalk - 0x004B81C8 0x000D7A74 0x000D6A74 0x000002AA
HeapLock - 0x004B81CC 0x000D7A78 0x000D6A78 0x000002A2
OpenThread - 0x004B81D0 0x000D7A7C 0x000D6A7C 0x00000337
HeapUnlock - 0x004B81D4 0x000D7A80 0x000D6A80 0x000002A8
OutputDebugStringW - 0x004B81D8 0x000D7A84 0x000D6A84 0x0000033B
SetFilePointerEx - 0x004B81DC 0x000D7A88 0x000D6A88 0x000003E0
IsProcessorFeaturePresent - 0x004B81E0 0x000D7A8C 0x000D6A8C 0x000002D5
GlobalDeleteAtom - 0x004B81E4 0x000D7A90 0x000D6A90 0x00000287
LoadLibraryA - 0x004B81E8 0x000D7A94 0x000D6A94 0x000002F1
GetVersionExA - 0x004B81EC 0x000D7A98 0x000D6A98 0x00000275
UnhandledExceptionFilter - 0x004B81F0 0x000D7A9C 0x000D6A9C 0x0000043E
HeapFree - 0x004B81F4 0x000D7AA0 0x000D6AA0 0x000002A1
lstrlenA - 0x004B81F8 0x000D7AA4 0x000D6AA4 0x000004B5
lstrcmpA - 0x004B81FC 0x000D7AA8 0x000D6AA8 0x000004A9
CompareStringW - 0x004B8200 0x000D7AAC 0x000D6AAC 0x00000055
TlsFree - 0x004B8204 0x000D7AB0 0x000D6AB0 0x00000433
LocalReAlloc - 0x004B8208 0x000D7AB4 0x000D6AB4 0x00000300
TlsSetValue - 0x004B820C 0x000D7AB8 0x000D6AB8 0x00000435
TlsAlloc - 0x004B8210 0x000D7ABC 0x000D6ABC 0x00000432
GlobalHandle - 0x004B8214 0x000D7AC0 0x000D6AC0 0x0000028F
GlobalReAlloc - 0x004B8218 0x000D7AC4 0x000D6AC4 0x00000293
TlsGetValue - 0x004B821C 0x000D7AC8 0x000D6AC8 0x00000434
GetFullPathNameW - 0x004B8220 0x000D7ACC 0x000D6ACC 0x000001DF
GetLogicalDriveStringsW - 0x004B8224 0x000D7AD0 0x000D6AD0 0x000001EC
DeviceIoControl - 0x004B8228 0x000D7AD4 0x000D6AD4 0x000000CA
InterlockedExchange - 0x004B822C 0x000D7AD8 0x000D6AD8 0x000002BD
MoveFileW - 0x004B8230 0x000D7ADC 0x000D6ADC 0x00000316
GetFileAttributesW - 0x004B8234 0x000D7AE0 0x000D6AE0 0x000001CE
RemoveDirectoryW - 0x004B8238 0x000D7AE4 0x000D6AE4 0x00000380
FindClose - 0x004B823C 0x000D7AE8 0x000D6AE8 0x00000119
FindNextFileW - 0x004B8240 0x000D7AEC 0x000D6AEC 0x00000130
FindFirstFileW - 0x004B8244 0x000D7AF0 0x000D6AF0 0x00000124
QueryPerformanceCounter - 0x004B8248 0x000D7AF4 0x000D6AF4 0x00000354
SetFileAttributesW - 0x004B824C 0x000D7AF8 0x000D6AF8 0x000003DA
lstrcmpW - 0x004B8250 0x000D7AFC 0x000D6AFC 0x000004AA
GlobalAlloc - 0x004B8254 0x000D7B00 0x000D6B00 0x00000285
GlobalLock - 0x004B8258 0x000D7B04 0x000D6B04 0x00000290
GlobalUnlock - 0x004B825C 0x000D7B08 0x000D6B08 0x00000297
SetErrorMode - 0x004B8260 0x000D7B0C 0x000D6B0C 0x000003D2
SetEnvironmentVariableW - 0x004B8264 0x000D7B10 0x000D6B10 0x000003D1
GetCommandLineW - 0x004B8268 0x000D7B14 0x000D6B14 0x00000170
ExpandEnvironmentStringsW - 0x004B826C 0x000D7B18 0x000D6B18 0x00000108
lstrcmpiW - 0x004B8270 0x000D7B1C 0x000D6B1C 0x000004AD
lstrlenW - 0x004B8274 0x000D7B20 0x000D6B20 0x000004B6
SetFilePointer - 0x004B8278 0x000D7B24 0x000D6B24 0x000003DF
InterlockedIncrement - 0x004B827C 0x000D7B28 0x000D6B28 0x000002C0
ProcessIdToSessionId - 0x004B8280 0x000D7B2C 0x000D6B2C 0x00000347
FreeResource - 0x004B8284 0x000D7B30 0x000D6B30 0x0000014F
GetSystemWindowsDirectoryW - 0x004B8288 0x000D7B34 0x000D6B34 0x00000252
LocalAlloc - 0x004B828C 0x000D7B38 0x000D6B38 0x000002F9
SystemTimeToFileTime - 0x004B8290 0x000D7B3C 0x000D6B3C 0x0000042A
GetModuleHandleA - 0x004B8294 0x000D7B40 0x000D6B40 0x000001F6
GetTimeZoneInformation - 0x004B8298 0x000D7B44 0x000D6B44 0x0000026B
LocalFree - 0x004B829C 0x000D7B48 0x000D6B48 0x000002FD
GlobalFree - 0x004B82A0 0x000D7B4C 0x000D6B4C 0x0000028C
CreateMutexW - 0x004B82A4 0x000D7B50 0x000D6B50 0x0000008E
FreeConsole - 0x004B82A8 0x000D7B54 0x000D6B54 0x00000149
GetCurrentProcessId - 0x004B82AC 0x000D7B58 0x000D6B58 0x000001AA
LoadLibraryExW - 0x004B82B0 0x000D7B5C 0x000D6B5C 0x000002F3
GetTempPathW - 0x004B82B4 0x000D7B60 0x000D6B60 0x0000025B
GetDriveTypeW - 0x004B82B8 0x000D7B64 0x000D6B64 0x000001BB
GetWindowsDirectoryW - 0x004B82BC 0x000D7B68 0x000D6B68 0x00000281
GetUserDefaultUILanguage - 0x004B82C0 0x000D7B6C 0x000D6B6C 0x00000270
SetCurrentDirectoryW - 0x004B82C4 0x000D7B70 0x000D6B70 0x000003C7
GetPrivateProfileStringW - 0x004B82C8 0x000D7B74 0x000D6B74 0x0000021D
GetPrivateProfileSectionW - 0x004B82CC 0x000D7B78 0x000D6B78 0x0000021B
GetPrivateProfileSectionNamesW - 0x004B82D0 0x000D7B7C 0x000D6B7C 0x0000021A
Sleep - 0x004B82D4 0x000D7B80 0x000D6B80 0x00000421
InterlockedCompareExchange - 0x004B82D8 0x000D7B84 0x000D6B84 0x000002BA
GetVersionExW - 0x004B82DC 0x000D7B88 0x000D6B88 0x00000276
GetModuleFileNameW - 0x004B82E0 0x000D7B8C 0x000D6B8C 0x000001F5
MultiByteToWideChar - 0x004B82E4 0x000D7B90 0x000D6B90 0x0000031A
WriteFile - 0x004B82E8 0x000D7B94 0x000D6B94 0x0000048D
ReadFile - 0x004B82EC 0x000D7B98 0x000D6B98 0x00000368
GetFileSize - 0x004B82F0 0x000D7B9C 0x000D6B9C 0x000001D4
CreateFileW - 0x004B82F4 0x000D7BA0 0x000D6BA0 0x0000007F
CopyFileW - 0x004B82F8 0x000D7BA4 0x000D6BA4 0x00000065
FreeLibrary - 0x004B82FC 0x000D7BA8 0x000D6BA8 0x0000014C
LoadLibraryW - 0x004B8300 0x000D7BAC 0x000D6BAC 0x000002F4
GetModuleHandleW - 0x004B8304 0x000D7BB0 0x000D6BB0 0x000001F9
GetProcAddress - 0x004B8308 0x000D7BB4 0x000D6BB4 0x00000220
InterlockedDecrement - 0x004B830C 0x000D7BB8 0x000D6BB8 0x000002BC
MulDiv - 0x004B8310 0x000D7BBC 0x000D6BBC 0x00000319
GetCurrentProcess - 0x004B8314 0x000D7BC0 0x000D6BC0 0x000001A9
SetEvent - 0x004B8318 0x000D7BC4 0x000D6BC4 0x000003D3
CreateEventW - 0x004B831C 0x000D7BC8 0x000D6BC8 0x00000075
ResetEvent - 0x004B8320 0x000D7BCC 0x000D6BCC 0x0000038A
GetTickCount - 0x004B8324 0x000D7BD0 0x000D6BD0 0x00000266
WaitForSingleObject - 0x004B8328 0x000D7BD4 0x000D6BD4 0x00000464
WideCharToMultiByte - 0x004B832C 0x000D7BD8 0x000D6BD8 0x0000047A
GetSystemTimeAsFileTime - 0x004B8330 0x000D7BDC 0x000D6BDC 0x0000024F
DeleteFileW - 0x004B8334 0x000D7BE0 0x000D6BE0 0x000000C3
GetVersion - 0x004B8338 0x000D7BE4 0x000D6BE4 0x00000274
GetSystemDirectoryW - 0x004B833C 0x000D7BE8 0x000D6BE8 0x00000246
SetLastError - 0x004B8340 0x000D7BEC 0x000D6BEC 0x000003EC
RaiseException - 0x004B8344 0x000D7BF0 0x000D6BF0 0x0000035A
DeleteCriticalSection - 0x004B8348 0x000D7BF4 0x000D6BF4 0x000000BE
InitializeCriticalSection - 0x004B834C 0x000D7BF8 0x000D6BF8 0x000002B4
CreateProcessW - 0x004B8350 0x000D7BFC 0x000D6BFC 0x00000097
GetLastError - 0x004B8354 0x000D7C00 0x000D6C00 0x000001E6
OpenProcess - 0x004B8358 0x000D7C04 0x000D6C04 0x00000333
FindResourceExW - 0x004B835C 0x000D7C08 0x000D6C08 0x00000138
FindResourceW - 0x004B8360 0x000D7C0C 0x000D6C0C 0x00000139
LoadResource - 0x004B8364 0x000D7C10 0x000D6C10 0x000002F6
LockResource - 0x004B8368 0x000D7C14 0x000D6C14 0x00000307
SizeofResource - 0x004B836C 0x000D7C18 0x000D6C18 0x00000420
CloseHandle - 0x004B8370 0x000D7C1C 0x000D6C1C 0x00000043
LeaveCriticalSection - 0x004B8374 0x000D7C20 0x000D6C20 0x000002EF
EnterCriticalSection - 0x004B8378 0x000D7C24 0x000D6C24 0x000000D9
GetCurrentThreadId - 0x004B837C 0x000D7C28 0x000D6C28 0x000001AD
FlushInstructionCache - 0x004B8380 0x000D7C2C 0x000D6C2C 0x00000142
GetUserDefaultLCID - 0x004B8384 0x000D7C30 0x000D6C30 0x0000026D
USER32.dll (129)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetWindowTextW - 0x004B84AC 0x000D7D58 0x000D6D58 0x0000018F
GetWindowTextLengthW - 0x004B84B0 0x000D7D5C 0x000D6D5C 0x0000018E
RedrawWindow - 0x004B84B4 0x000D7D60 0x000D6D60 0x00000232
DrawTextW - 0x004B84B8 0x000D7D64 0x000D6D64 0x000000C8
DispatchMessageW - 0x004B84BC 0x000D7D68 0x000D6D68 0x000000A9
TranslateMessage - 0x004B84C0 0x000D7D6C 0x000D6D6C 0x000002D5
GetMessageW - 0x004B84C4 0x000D7D70 0x000D6D70 0x0000014E
SetWindowTextW - 0x004B84C8 0x000D7D74 0x000D6D74 0x000002AC
GetWindow - 0x004B84CC 0x000D7D78 0x000D6D78 0x0000017D
MonitorFromWindow - 0x004B84D0 0x000D7D7C 0x000D6D7C 0x00000204
MapWindowPoints - 0x004B84D4 0x000D7D80 0x000D6D80 0x000001F3
IsRectEmpty - 0x004B84D8 0x000D7D84 0x000D6D84 0x000001C0
IsDialogMessageW - 0x004B84DC 0x000D7D88 0x000D6D88 0x000001B9
GetClientRect - 0x004B84E0 0x000D7D8C 0x000D6D8C 0x0000010D
DrawIconEx - 0x004B84E4 0x000D7D90 0x000D6D90 0x000000C0
DestroyIcon - 0x004B84E8 0x000D7D94 0x000D6D94 0x0000009D
GetActiveWindow - 0x004B84EC 0x000D7D98 0x000D6D98 0x000000F9
MessageBoxW - 0x004B84F0 0x000D7D9C 0x000D6D9C 0x000001FF
InvalidateRect - 0x004B84F4 0x000D7DA0 0x000D6DA0 0x000001AA
MonitorFromRect - 0x004B84F8 0x000D7DA4 0x000D6DA4 0x00000203
PostQuitMessage - 0x004B84FC 0x000D7DA8 0x000D6DA8 0x00000220
UnhookWindowsHookEx - 0x004B8500 0x000D7DAC 0x000D6DAC 0x000002D9
GetLastActivePopup - 0x004B8504 0x000D7DB0 0x000D6DB0 0x00000138
GetSubMenu - 0x004B8508 0x000D7DB4 0x000D6DB4 0x0000016B
GetMenuItemCount - 0x004B850C 0x000D7DB8 0x000D6DB8 0x00000142
GetMenuItemID - 0x004B8510 0x000D7DBC 0x000D6DBC 0x00000143
GetMenuState - 0x004B8514 0x000D7DC0 0x000D6DC0 0x00000147
ValidateRect - 0x004B8518 0x000D7DC4 0x000D6DC4 0x000002F2
CallNextHookEx - 0x004B851C 0x000D7DC8 0x000D6DC8 0x0000001B
SetWindowsHookExW - 0x004B8520 0x000D7DCC 0x000D6DCC 0x000002B0
GetSysColorBrush - 0x004B8524 0x000D7DD0 0x000D6DD0 0x0000016D
CheckMenuItem - 0x004B8528 0x000D7DD4 0x000D6DD4 0x0000003D
EnableMenuItem - 0x004B852C 0x000D7DD8 0x000D6DD8 0x000000CF
ModifyMenuW - 0x004B8530 0x000D7DDC 0x000D6DDC 0x00000201
SetCursor - 0x004B8534 0x000D7DE0 0x000D6DE0 0x00000270
GetDlgCtrlID - 0x004B8538 0x000D7DE4 0x000D6DE4 0x0000011E
GetKeyState - 0x004B853C 0x000D7DE8 0x000D6DE8 0x00000131
GetWindowDC - 0x004B8540 0x000D7DEC 0x000D6DEC 0x0000017F
BeginPaint - 0x004B8544 0x000D7DF0 0x000D6DF0 0x0000000E
LoadBitmapW - 0x004B8548 0x000D7DF4 0x000D6DF4 0x000001D1
SetWindowLongW - 0x004B854C 0x000D7DF8 0x000D6DF8 0x000002A5
GetWindowLongW - 0x004B8550 0x000D7DFC 0x000D6DFC 0x00000182
DefWindowProcW - 0x004B8554 0x000D7E00 0x000D6E00 0x00000096
CallWindowProcW - 0x004B8558 0x000D7E04 0x000D6E04 0x0000001D
GetWindowThreadProcessId - 0x004B855C 0x000D7E08 0x000D6E08 0x00000190
FindWindowW - 0x004B8560 0x000D7E0C 0x000D6E0C 0x000000F3
SendMessageTimeoutW - 0x004B8564 0x000D7E10 0x000D6E10 0x00000262
IsWindow - 0x004B8568 0x000D7E14 0x000D6E14 0x000001C5
KillTimer - 0x004B856C 0x000D7E18 0x000D6E18 0x000001CD
GetMenuCheckMarkDimensions - 0x004B8570 0x000D7E1C 0x000D6E1C 0x0000013E
DestroyWindow - 0x004B8574 0x000D7E20 0x000D6E20 0x000000A0
GetWindowPlacement - 0x004B8578 0x000D7E24 0x000D6E24 0x00000187
ShowWindow - 0x004B857C 0x000D7E28 0x000D6E28 0x000002B8
SetTimer - 0x004B8580 0x000D7E2C 0x000D6E2C 0x0000029E
IsWindowVisible - 0x004B8584 0x000D7E30 0x000D6E30 0x000001CA
RegisterClassExW - 0x004B8588 0x000D7E34 0x000D6E34 0x00000235
GetClassInfoExW - 0x004B858C 0x000D7E38 0x000D6E38 0x00000106
SetMenu - 0x004B8590 0x000D7E3C 0x000D6E3C 0x0000027F
GetMessageTime - 0x004B8594 0x000D7E40 0x000D6E40 0x0000014D
GetTopWindow - 0x004B8598 0x000D7E44 0x000D6E44 0x00000175
RemovePropW - 0x004B859C 0x000D7E48 0x000D6E48 0x00000250
GetPropW - 0x004B85A0 0x000D7E4C 0x000D6E4C 0x0000015C
SetPropW - 0x004B85A4 0x000D7E50 0x000D6E50 0x00000290
GetCapture - 0x004B85A8 0x000D7E54 0x000D6E54 0x00000101
WinHelpW - 0x004B85AC 0x000D7E58 0x000D6E58 0x00000300
DestroyMenu - 0x004B85B0 0x000D7E5C 0x000D6E5C 0x0000009E
TabbedTextOutW - 0x004B85B4 0x000D7E60 0x000D6E60 0x000002C7
DrawTextExW - 0x004B85B8 0x000D7E64 0x000D6E64 0x000000C7
GrayStringW - 0x004B85BC 0x000D7E68 0x000D6E68 0x00000194
EndPaint - 0x004B85C0 0x000D7E6C 0x000D6E6C 0x000000D5
SetCapture - 0x004B85C4 0x000D7E70 0x000D6E70 0x00000267
ReleaseCapture - 0x004B85C8 0x000D7E74 0x000D6E74 0x0000024B
GetClassLongW - 0x004B85CC 0x000D7E78 0x000D6E78 0x00000109
SetClassLongW - 0x004B85D0 0x000D7E7C 0x000D6E7C 0x0000026B
BringWindowToTop - 0x004B85D4 0x000D7E80 0x000D6E80 0x00000010
SwitchToThisWindow - 0x004B85D8 0x000D7E84 0x000D6E84 0x000002C3
GetSystemMetrics - 0x004B85DC 0x000D7E88 0x000D6E88 0x0000016F
CharNextW - 0x004B85E0 0x000D7E8C 0x000D6E8C 0x0000002F
PeekMessageW - 0x004B85E4 0x000D7E90 0x000D6E90 0x0000021C
DestroyAcceleratorTable - 0x004B85E8 0x000D7E94 0x000D6E94 0x0000009A
InvalidateRgn - 0x004B85EC 0x000D7E98 0x000D6E98 0x000001AB
FillRect - 0x004B85F0 0x000D7E9C 0x000D6E9C 0x000000EF
CreateAcceleratorTableW - 0x004B85F4 0x000D7EA0 0x000D6EA0 0x00000052
GetSysColor - 0x004B85F8 0x000D7EA4 0x000D6EA4 0x0000016C
GetClassNameW - 0x004B85FC 0x000D7EA8 0x000D6EA8 0x0000010B
GetDlgItem - 0x004B8600 0x000D7EAC 0x000D6EAC 0x0000011F
IsChild - 0x004B8604 0x000D7EB0 0x000D6EB0 0x000001B5
LoadImageW - 0x004B8608 0x000D7EB4 0x000D6EB4 0x000001D9
LoadIconW - 0x004B860C 0x000D7EB8 0x000D6EB8 0x000001D7
GetDesktopWindow - 0x004B8610 0x000D7EBC 0x000D6EBC 0x0000011C
LoadCursorW - 0x004B8614 0x000D7EC0 0x000D6EC0 0x000001D5
CreateWindowExW - 0x004B8618 0x000D7EC4 0x000D6EC4 0x00000068
EnableWindow - 0x004B861C 0x000D7EC8 0x000D6EC8 0x000000D1
GetParent - 0x004B8620 0x000D7ECC 0x000D6ECC 0x00000155
SendMessageW - 0x004B8624 0x000D7ED0 0x000D6ED0 0x00000263
SetWindowPos - 0x004B8628 0x000D7ED4 0x000D6ED4 0x000002A7
LoadStringW - 0x004B862C 0x000D7ED8 0x000D6ED8 0x000001E4
UnregisterClassA - 0x004B8630 0x000D7EDC 0x000D6EDC 0x000002DE
SetFocus - 0x004B8634 0x000D7EE0 0x000D6EE0 0x00000279
IsWindowEnabled - 0x004B8638 0x000D7EE4 0x000D6EE4 0x000001C6
SetRectEmpty - 0x004B863C 0x000D7EE8 0x000D6EE8 0x00000292
RegisterWindowMessageW - 0x004B8640 0x000D7EEC 0x000D6EEC 0x0000024A
GetDC - 0x004B8644 0x000D7EF0 0x000D6EF0 0x0000011A
ReleaseDC - 0x004B8648 0x000D7EF4 0x000D6EF4 0x0000024C
GetFocus - 0x004B864C 0x000D7EF8 0x000D6EF8 0x00000124
CopyRect - 0x004B8650 0x000D7EFC 0x000D6EFC 0x0000004F
OffsetRect - 0x004B8654 0x000D7F00 0x000D6F00 0x0000020E
ClientToScreen - 0x004B8658 0x000D7F04 0x000D6F04 0x00000045
GetMessagePos - 0x004B865C 0x000D7F08 0x000D6F08 0x0000014C
PtInRect - 0x004B8660 0x000D7F0C 0x000D6F0C 0x00000229
ScreenToClient - 0x004B8664 0x000D7F10 0x000D6F10 0x00000254
MoveWindow - 0x004B8668 0x000D7F14 0x000D6F14 0x00000205
GetWindowRect - 0x004B866C 0x000D7F18 0x000D6F18 0x00000188
GetMonitorInfoW - 0x004B8670 0x000D7F1C 0x000D6F1C 0x00000150
AllowSetForegroundWindow - 0x004B8674 0x000D7F20 0x000D6F20 0x00000006
GetForegroundWindow - 0x004B8678 0x000D7F24 0x000D6F24 0x00000125
AttachThreadInput - 0x004B867C 0x000D7F28 0x000D6F28 0x0000000C
SetForegroundWindow - 0x004B8680 0x000D7F2C 0x000D6F2C 0x0000027A
SetActiveWindow - 0x004B8684 0x000D7F30 0x000D6F30 0x00000266
SetMenuItemBitmaps - 0x004B8688 0x000D7F34 0x000D6F34 0x00000283
IsIconic - 0x004B868C 0x000D7F38 0x000D6F38 0x000001BD
SystemParametersInfoA - 0x004B8690 0x000D7F3C 0x000D6F3C 0x000002C4
GetMenu - 0x004B8694 0x000D7F40 0x000D6F40 0x0000013C
AdjustWindowRectEx - 0x004B8698 0x000D7F44 0x000D6F44 0x00000003
RegisterClassW - 0x004B869C 0x000D7F48 0x000D6F48 0x00000236
PostMessageW - 0x004B86A0 0x000D7F4C 0x000D6F4C 0x0000021F
GetKeyboardState - 0x004B86A4 0x000D7F50 0x000D6F50 0x00000136
keybd_event - 0x004B86A8 0x000D7F54 0x000D6F54 0x00000305
GetClassInfoW - 0x004B86AC 0x000D7F58 0x000D6F58 0x00000107
GDI32.dll (33)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ScaleWindowExtEx - 0x004B804C 0x000D78F8 0x000D68F8 0x00000259
PtVisible - 0x004B8050 0x000D78FC 0x000D68FC 0x00000241
SetWindowExtEx - 0x004B8054 0x000D7900 0x000D6900 0x00000293
SetMapMode - 0x004B8058 0x000D7904 0x000D6904 0x0000027B
RestoreDC - 0x004B805C 0x000D7908 0x000D6908 0x00000250
SaveDC - 0x004B8060 0x000D790C 0x000D690C 0x00000257
ExtTextOutW - 0x004B8064 0x000D7910 0x000D6910 0x00000123
GetClipBox - 0x004B8068 0x000D7914 0x000D6914 0x000001AA
CreateBitmap - 0x004B806C 0x000D7918 0x000D6918 0x00000028
ScaleViewportExtEx - 0x004B8070 0x000D791C 0x000D691C 0x00000258
SetViewportExtEx - 0x004B8074 0x000D7920 0x000D6920 0x0000028F
OffsetViewportOrgEx - 0x004B8078 0x000D7924 0x000D6924 0x00000225
Escape - 0x004B807C 0x000D7928 0x000D6928 0x00000119
TextOutW - 0x004B8080 0x000D792C 0x000D692C 0x000002A0
RectVisible - 0x004B8084 0x000D7930 0x000D6930 0x00000245
GetStockObject - 0x004B8088 0x000D7934 0x000D6934 0x000001F4
BitBlt - 0x004B808C 0x000D7938 0x000D6938 0x00000012
SetViewportOrgEx - 0x004B8090 0x000D793C 0x000D693C 0x00000290
GetPixel - 0x004B8094 0x000D7940 0x000D6940 0x000001EB
CreateCompatibleBitmap - 0x004B8098 0x000D7944 0x000D6944 0x0000002D
CreateFontW - 0x004B809C 0x000D7948 0x000D6948 0x0000003F
SetTextColor - 0x004B80A0 0x000D794C 0x000D694C 0x0000028D
SetBkColor - 0x004B80A4 0x000D7950 0x000D6950 0x00000265
CreateSolidBrush - 0x004B80A8 0x000D7954 0x000D6954 0x00000052
GetTextExtentPoint32W - 0x004B80AC 0x000D7958 0x000D6958 0x00000205
GetTextMetricsW - 0x004B80B0 0x000D795C 0x000D695C 0x0000020D
GetObjectA - 0x004B80B4 0x000D7960 0x000D6960 0x000001E2
GetObjectW - 0x004B80B8 0x000D7964 0x000D6964 0x000001E4
SelectObject - 0x004B80BC 0x000D7968 0x000D6968 0x0000025E
CreateCompatibleDC - 0x004B80C0 0x000D796C 0x000D696C 0x0000002E
DeleteDC - 0x004B80C4 0x000D7970 0x000D6970 0x000000CD
DeleteObject - 0x004B80C8 0x000D7974 0x000D6974 0x000000D0
GetDeviceCaps - 0x004B80CC 0x000D7978 0x000D6978 0x000001B5
WINSPOOL.DRV (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ClosePrinter - 0x004B86EC 0x000D7F98 0x000D6F98 0x0000001D
DocumentPropertiesW - 0x004B86F0 0x000D7F9C 0x000D6F9C 0x0000004E
OpenPrinterW - 0x004B86F4 0x000D7FA0 0x000D6FA0 0x0000008F
ADVAPI32.dll (16)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegOpenKeyExA - 0x004B8000 0x000D78AC 0x000D68AC 0x0000025A
ConvertSidToStringSidW - 0x004B8004 0x000D78B0 0x000D68B0 0x00000068
RegQueryValueExA - 0x004B8008 0x000D78B4 0x000D68B4 0x00000267
RegDeleteValueW - 0x004B800C 0x000D78B8 0x000D68B8 0x00000242
RegEnumKeyExW - 0x004B8010 0x000D78BC 0x000D68BC 0x00000249
RegQueryInfoKeyW - 0x004B8014 0x000D78C0 0x000D68C0 0x00000262
RegDeleteKeyW - 0x004B8018 0x000D78C4 0x000D68C4 0x0000023E
GetSidSubAuthority - 0x004B801C 0x000D78C8 0x000D68C8 0x00000151
GetTokenInformation - 0x004B8020 0x000D78CC 0x000D68CC 0x00000154
OpenProcessToken - 0x004B8024 0x000D78D0 0x000D68D0 0x000001F1
RegCreateKeyExW - 0x004B8028 0x000D78D4 0x000D68D4 0x00000233
RegSetValueExW - 0x004B802C 0x000D78D8 0x000D68D8 0x00000278
RegCloseKey - 0x004B8030 0x000D78DC 0x000D68DC 0x0000022A
RegQueryValueExW - 0x004B8034 0x000D78E0 0x000D68E0 0x00000268
RegOpenKeyExW - 0x004B8038 0x000D78E4 0x000D68E4 0x0000025B
RegEnumKeyExA - 0x004B803C 0x000D78E8 0x000D68E8 0x00000248
SHELL32.dll (16)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHOpenFolderAndSelectItems - 0x004B841C 0x000D7CC8 0x000D6CC8 0x000000EC
SHGetMalloc - 0x004B8420 0x000D7CCC 0x000D6CCC 0x000000C9
SHGetSpecialFolderLocation - 0x004B8424 0x000D7CD0 0x000D6CD0 0x000000D8
None 0x0000009B 0x004B8428 0x000D7CD4 0x000D6CD4 -
None 0x000000BE 0x004B842C 0x000D7CD8 0x000D6CD8 -
DragAcceptFiles - 0x004B8430 0x000D7CDC 0x000D6CDC 0x0000001B
DragFinish - 0x004B8434 0x000D7CE0 0x000D6CE0 0x0000001C
DragQueryFileW - 0x004B8438 0x000D7CE4 0x000D6CE4 0x00000020
SHGetFileInfoW - 0x004B843C 0x000D7CE8 0x000D6CE8 0x000000BA
ShellExecuteExW - 0x004B8440 0x000D7CEC 0x000D6CEC 0x00000117
ShellExecuteW - 0x004B8444 0x000D7CF0 0x000D6CF0 0x00000118
SHGetPathFromIDListW - 0x004B8448 0x000D7CF4 0x000D6CF4 0x000000D1
None 0x000002A8 0x004B844C 0x000D7CF8 0x000D6CF8 -
SHGetSpecialFolderPathW - 0x004B8450 0x000D7CFC 0x000D6CFC 0x000000DA
SHGetFolderPathW - 0x004B8454 0x000D7D00 0x000D6D00 0x000000C0
None 0x000000A5 0x004B8458 0x000D7D04 0x000D6D04 -
ole32.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleLockRunning - 0x004B8870 0x000D811C 0x000D711C 0x000000FA
StringFromGUID2 - 0x004B8874 0x000D8120 0x000D7120 0x0000013B
OleUninitialize - 0x004B8878 0x000D8124 0x000D7124 0x0000010B
OleInitialize - 0x004B887C 0x000D8128 0x000D7128 0x000000F4
CoCreateInstance - 0x004B8880 0x000D812C 0x000D712C 0x00000010
CoTaskMemAlloc - 0x004B8884 0x000D8130 0x000D7130 0x00000066
CoTaskMemRealloc - 0x004B8888 0x000D8134 0x000D7134 0x00000068
CoTaskMemFree - 0x004B888C 0x000D8138 0x000D7138 0x00000067
CoInitialize - 0x004B8890 0x000D813C 0x000D713C 0x0000003D
CoUninitialize - 0x004B8894 0x000D8140 0x000D7140 0x0000006B
CoGetClassObject - 0x004B8898 0x000D8144 0x000D7144 0x00000025
CLSIDFromProgID - 0x004B889C 0x000D8148 0x000D7148 0x00000006
CLSIDFromString - 0x004B88A0 0x000D814C 0x000D714C 0x00000008
CreateStreamOnHGlobal - 0x004B88A4 0x000D8150 0x000D7150 0x00000085
OLEAUT32.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VariantChangeType 0x0000000C 0x004B8398 0x000D7C44 0x000D6C44 -
LoadTypeLib 0x000000A1 0x004B839C 0x000D7C48 0x000D6C48 -
LoadRegTypeLib 0x000000A2 0x004B83A0 0x000D7C4C 0x000D6C4C -
SysStringLen 0x00000007 0x004B83A4 0x000D7C50 0x000D6C50 -
OleCreateFontIndirect 0x000001A4 0x004B83A8 0x000D7C54 0x000D6C54 -
VarUI4FromStr 0x00000115 0x004B83AC 0x000D7C58 0x000D6C58 -
SysAllocStringLen 0x00000004 0x004B83B0 0x000D7C5C 0x000D6C5C -
VarBstrCmp 0x0000013A 0x004B83B4 0x000D7C60 0x000D6C60 -
SafeArrayUnlock 0x00000016 0x004B83B8 0x000D7C64 0x000D6C64 -
SafeArrayLock 0x00000015 0x004B83BC 0x000D7C68 0x000D6C68 -
SafeArrayDestroy 0x00000010 0x004B83C0 0x000D7C6C 0x000D6C6C -
SafeArrayCreate 0x0000000F 0x004B83C4 0x000D7C70 0x000D6C70 -
SafeArrayGetUBound 0x00000013 0x004B83C8 0x000D7C74 0x000D6C74 -
SafeArrayGetLBound 0x00000014 0x004B83CC 0x000D7C78 0x000D6C78 -
VariantCopy 0x0000000A 0x004B83D0 0x000D7C7C 0x000D6C7C -
SafeArrayCopy 0x0000001B 0x004B83D4 0x000D7C80 0x000D6C80 -
SafeArrayGetVartype 0x0000004D 0x004B83D8 0x000D7C84 0x000D6C84 -
DispCallFunc 0x00000092 0x004B83DC 0x000D7C88 0x000D6C88 -
VariantInit 0x00000008 0x004B83E0 0x000D7C8C 0x000D6C8C -
VariantClear 0x00000009 0x004B83E4 0x000D7C90 0x000D6C90 -
SysAllocString 0x00000002 0x004B83E8 0x000D7C94 0x000D6C94 -
SysFreeString 0x00000006 0x004B83EC 0x000D7C98 0x000D6C98 -
SHLWAPI.dll (18)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StrCmpIW - 0x004B8460 0x000D7D0C 0x000D6D0C 0x00000117
PathCompactPathW - 0x004B8464 0x000D7D10 0x000D6D10 0x00000040
PathStripPathW - 0x004B8468 0x000D7D14 0x000D6D14 0x00000095
None 0x000001B5 0x004B846C 0x000D7D18 0x000D6D18 -
PathFindFileNameW - 0x004B8470 0x000D7D1C 0x000D6D1C 0x00000049
PathIsDirectoryW - 0x004B8474 0x000D7D20 0x000D6D20 0x0000005B
PathAddBackslashW - 0x004B8478 0x000D7D24 0x000D6D24 0x00000030
StrStrIW - 0x004B847C 0x000D7D28 0x000D6D28 0x00000142
PathRemoveFileSpecW - 0x004B8480 0x000D7D2C 0x000D6D2C 0x0000008B
PathAppendW - 0x004B8484 0x000D7D30 0x000D6D30 0x00000034
PathCombineW - 0x004B8488 0x000D7D34 0x000D6D34 0x0000003A
SHSetValueA - 0x004B848C 0x000D7D38 0x000D6D38 0x000000F9
SHGetValueA - 0x004B8490 0x000D7D3C 0x000D6D3C 0x000000C0
PathFileExistsW - 0x004B8494 0x000D7D40 0x000D6D40 0x00000045
ColorHLSToRGB - 0x004B8498 0x000D7D44 0x000D6D44 0x0000000C
ColorRGBToHLS - 0x004B849C 0x000D7D48 0x000D6D48 0x0000000D
SHGetValueW - 0x004B84A0 0x000D7D4C 0x000D6D4C 0x000000C1
wnsprintfW - 0x004B84A4 0x000D7D50 0x000D6D50 0x0000016B
COMCTL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InitCommonControlsEx - 0x004B8044 0x000D78F0 0x000D68F0 0x0000007A
gdiplus.dll (90)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GdipDeletePrivateFontCollection - 0x004B8704 0x000D7FB0 0x000D6FB0 0x00000095
GdipNewPrivateFontCollection - 0x004B8708 0x000D7FB4 0x000D6FB4 0x000001C3
GdipDrawImageRectRectI - 0x004B870C 0x000D7FB8 0x000D6FB8 0x000000BA
GdipDrawLine - 0x004B8710 0x000D7FBC 0x000D6FBC 0x000000BB
GdipAddPathEllipseI - 0x004B8714 0x000D7FC0 0x000D6FC0 0x00000011
GdipGetPathGradientPointCount - 0x004B8718 0x000D7FC4 0x000D6FC4 0x0000014F
GdipSetPathGradientSurroundColorsWithCount - 0x004B871C 0x000D7FC8 0x000D6FC8 0x00000230
GdipSetPathGradientCenterColor - 0x004B8720 0x000D7FCC 0x000D6FCC 0x00000227
GdipCreatePathGradientFromPath - 0x004B8724 0x000D7FD0 0x000D6FD0 0x00000077
GdipCreateFromHWND - 0x004B8728 0x000D7FD4 0x000D6FD4 0x0000005D
GdipGetFontHeight - 0x004B872C 0x000D7FD8 0x000D6FD8 0x0000010D
GdipCreatePen2 - 0x004B8730 0x000D7FDC 0x000D6FDC 0x0000007B
GdipDrawRectangleI - 0x004B8734 0x000D7FE0 0x000D6FE0 0x000000C5
GdipCreateLineBrushFromRect - 0x004B8738 0x000D7FE4 0x000D6FE4 0x00000065
GdipAddPathRectangleI - 0x004B873C 0x000D7FE8 0x000D6FE8 0x0000001C
GdipPrivateAddMemoryFont - 0x004B8740 0x000D7FEC 0x000D6FEC 0x000001D3
GdipSetPenWidth - 0x004B8744 0x000D7FF0 0x000D6FF0 0x00000245
GdipDrawEllipseI - 0x004B8748 0x000D7FF4 0x000D6FF4 0x000000AD
GdipSetPenDashOffset - 0x004B874C 0x000D7FF8 0x000D6FF8 0x0000023B
GdipAddPathLineI - 0x004B8750 0x000D7FFC 0x000D6FFC 0x00000015
GdipSetPixelOffsetMode - 0x004B8754 0x000D8000 0x000D7000 0x00000246
GdipDrawImageRectI - 0x004B8758 0x000D8004 0x000D7004 0x000000B8
GdipGetImageGraphicsContext - 0x004B875C 0x000D8008 0x000D7008 0x00000121
GdipGetImagePixelFormat - 0x004B8760 0x000D800C 0x000D700C 0x00000127
GdipDrawImagePointRectI - 0x004B8764 0x000D8010 0x000D7010 0x000000B2
GdipResetWorldTransform - 0x004B8768 0x000D8014 0x000D7014 0x000001E4
GdipCreateBitmapFromScan0 - 0x004B876C 0x000D8018 0x000D7018 0x00000050
GdipDrawPath - 0x004B8770 0x000D801C 0x000D701C 0x000000BF
GdipFillPath - 0x004B8774 0x000D8020 0x000D7020 0x000000DD
GdipSetSmoothingMode - 0x004B8778 0x000D8024 0x000D7024 0x00000249
GdipGetSmoothingMode - 0x004B877C 0x000D8028 0x000D7028 0x00000182
GdipResetClip - 0x004B8780 0x000D802C 0x000D702C 0x000001DC
GdipCreatePath - 0x004B8784 0x000D8030 0x000D7030 0x00000073
GdipFillRectangleI - 0x004B8788 0x000D8034 0x000D7034 0x000000E5
GdipRotateWorldTransform - 0x004B878C 0x000D8038 0x000D7038 0x000001EC
GdipGetPixelOffsetMode - 0x004B8790 0x000D803C 0x000D703C 0x00000172
GdipTranslateWorldTransform - 0x004B8794 0x000D8040 0x000D7040 0x0000026C
GdipSetClipRectI - 0x004B8798 0x000D8044 0x000D7044 0x00000200
GdipSetTextRenderingHint - 0x004B879C 0x000D8048 0x000D7048 0x00000254
GdipCreateFont - 0x004B87A0 0x000D804C 0x000D704C 0x00000056
GdipGetFontCollectionFamilyList - 0x004B87A4 0x000D8050 0x000D7050 0x0000010C
GdipCreateLineBrushFromRectI - 0x004B87A8 0x000D8054 0x000D7054 0x00000066
GdipClosePathFigure - 0x004B87AC 0x000D8058 0x000D7058 0x0000003D
GdipAddPathArcI - 0x004B87B0 0x000D805C 0x000D705C 0x00000001
GdipResetPath - 0x004B87B4 0x000D8060 0x000D7060 0x000001E0
GdipDrawString - 0x004B87B8 0x000D8064 0x000D7064 0x000000C8
GdipMeasureString - 0x004B87BC 0x000D8068 0x000D7068 0x000001BB
GdipSetStringFormatAlign - 0x004B87C0 0x000D806C 0x000D706C 0x0000024B
GdipSetStringFormatLineAlign - 0x004B87C4 0x000D8070 0x000D7070 0x0000024F
GdipDeleteStringFormat - 0x004B87C8 0x000D8074 0x000D7074 0x00000097
GdipCreateStringFormat - 0x004B87CC 0x000D8078 0x000D7078 0x00000084
GdipDeleteFont - 0x004B87D0 0x000D807C 0x000D707C 0x0000008E
GdipCreateFontFromLogfontA - 0x004B87D4 0x000D8080 0x000D7080 0x00000059
GdipCreateFontFromDC - 0x004B87D8 0x000D8084 0x000D7084 0x00000058
GdipDrawRectangle - 0x004B87DC 0x000D8088 0x000D7088 0x000000C4
GdipDrawLineI - 0x004B87E0 0x000D808C 0x000D708C 0x000000BC
GdipSetPenDashStyle - 0x004B87E4 0x000D8090 0x000D7090 0x0000023C
GdipDeletePen - 0x004B87E8 0x000D8094 0x000D7094 0x00000094
GdipCreatePen1 - 0x004B87EC 0x000D8098 0x000D7098 0x0000007A
GdipBitmapSetPixel - 0x004B87F0 0x000D809C 0x000D709C 0x0000002C
GdipBitmapGetPixel - 0x004B87F4 0x000D80A0 0x000D70A0 0x0000002A
GdipGetImageHeight - 0x004B87F8 0x000D80A4 0x000D70A4 0x00000122
GdipGetImageWidth - 0x004B87FC 0x000D80A8 0x000D70A8 0x0000012C
GdipCreateBitmapFromFile - 0x004B8800 0x000D80AC 0x000D70AC 0x00000049
GdipCloneImage - 0x004B8804 0x000D80B0 0x000D70B0 0x00000036
GdipDisposeImage - 0x004B8808 0x000D80B4 0x000D70B4 0x00000098
GdipFillRectangle - 0x004B880C 0x000D80B8 0x000D70B8 0x000000E4
GdipCloneBrush - 0x004B8810 0x000D80BC 0x000D70BC 0x00000032
GdipAlloc - 0x004B8814 0x000D80C0 0x000D70C0 0x00000021
GdipFree - 0x004B8818 0x000D80C4 0x000D70C4 0x000000ED
GdipDeleteBrush - 0x004B881C 0x000D80C8 0x000D70C8 0x0000008A
GdipCreateSolidFill - 0x004B8820 0x000D80CC 0x000D70CC 0x00000082
GdipDeleteGraphics - 0x004B8824 0x000D80D0 0x000D70D0 0x00000090
GdipCreateFromHDC - 0x004B8828 0x000D80D4 0x000D70D4 0x0000005B
GdipCreateBitmapFromStream - 0x004B882C 0x000D80D8 0x000D70D8 0x00000051
GdipSetPathGradientGammaCorrection - 0x004B8830 0x000D80DC 0x000D70DC 0x0000022B
GdipSetPathGradientCenterPoint - 0x004B8834 0x000D80E0 0x000D70E0 0x00000228
GdipAddPathLine2 - 0x004B8838 0x000D80E4 0x000D70E4 0x00000013
GdipGetPathWorldBoundsI - 0x004B883C 0x000D80E8 0x000D70E8 0x0000015D
GdipAddPathPie - 0x004B8840 0x000D80EC 0x000D70EC 0x00000017
GdipAddPathLine - 0x004B8844 0x000D80F0 0x000D70F0 0x00000012
GdipAddPathArc - 0x004B8848 0x000D80F4 0x000D70F4 0x00000000
GdipSaveImageToFile - 0x004B884C 0x000D80F8 0x000D70F8 0x000001F0
GdipGetImageEncoders - 0x004B8850 0x000D80FC 0x000D70FC 0x0000011E
GdipGetImageEncodersSize - 0x004B8854 0x000D8100 0x000D7100 0x0000011F
GdipSetInterpolationMode - 0x004B8858 0x000D8104 0x000D7104 0x00000218
GdipCloneFontFamily - 0x004B885C 0x000D8108 0x000D7108 0x00000035
GdipDeleteFontFamily - 0x004B8860 0x000D810C 0x000D710C 0x0000008F
GdipDeletePath - 0x004B8864 0x000D8110 0x000D7110 0x00000092
GdipSetLinePresetBlend - 0x004B8868 0x000D8114 0x000D7114 0x0000021D
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VerQueryValueW - 0x004B86BC 0x000D7F68 0x000D6F68 0x0000000D
GetFileVersionInfoW - 0x004B86C0 0x000D7F6C 0x000D6F6C 0x00000005
GetFileVersionInfoSizeW - 0x004B86C4 0x000D7F70 0x000D6F70 0x00000004
WININET.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InternetCloseHandle - 0x004B86CC 0x000D7F78 0x000D6F78 0x0000006A
HttpQueryInfoW - 0x004B86D0 0x000D7F7C 0x000D6F7C 0x00000059
InternetSetOptionW - 0x004B86D4 0x000D7F80 0x000D6F80 0x000000AE
InternetReadFile - 0x004B86D8 0x000D7F84 0x000D6F84 0x0000009E
InternetOpenUrlW - 0x004B86DC 0x000D7F88 0x000D6F88 0x00000098
DeleteUrlCacheEntryW - 0x004B86E0 0x000D7F8C 0x000D6F8C 0x0000000D
InternetOpenW - 0x004B86E4 0x000D7F90 0x000D6F90 0x00000099
PSAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetModuleFileNameExW - 0x004B83F4 0x000D7CA0 0x000D6CA0 0x00000010
IMM32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImmDisableIME - 0x004B80D4 0x000D7980 0x000D6980 0x00000023
RPCRT4.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NdrAsyncClientCall - 0x004B83FC 0x000D7CA8 0x000D6CA8 0x00000083
RpcAsyncInitializeHandle - 0x004B8400 0x000D7CAC 0x000D6CAC 0x0000014F
RpcStringBindingComposeW - 0x004B8404 0x000D7CB0 0x000D6CB0 0x000001E6
RpcBindingFromStringBindingW - 0x004B8408 0x000D7CB4 0x000D6CB4 0x00000157
RpcAsyncCompleteCall - 0x004B840C 0x000D7CB8 0x000D6CB8 0x0000014D
RpcStringFreeW - 0x004B8410 0x000D7CBC 0x000D6CBC 0x000001EA
RpcBindingFree - 0x004B8414 0x000D7CC0 0x000D6CC0 0x00000155
OLEACC.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LresultFromObject - 0x004B838C 0x000D7C38 0x000D6C38 0x00000014
CreateStdAccessibleObject - 0x004B8390 0x000D7C3C 0x000D6C3C 0x00000004
WTSAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WTSQuerySessionInformationW - 0x004B86FC 0x000D7FA8 0x000D6FA8 0x0000000D
USERENV.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetUserProfileDirectoryW - 0x004B86B4 0x000D7F60 0x000D6F60 0x0000001D
Memory Dumps (46)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
point.exe 1 0x00400000 0x0055DFFF First Execution False 32-bit 0x0048EB4E False
...
point.exe 1 0x00400000 0x0055DFFF Content Changed False 32-bit 0x004B2E04 False
...
buffer 1 0x02190000 0x021C2FFF First Execution False 32-bit 0x021A4D80 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x021A3204 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x021A2960 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x0219664C False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x0219F7F4 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x021A3B16 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x021A4388 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x0219D85F False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x0219F7F4 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x021A3800 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x021A4388 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x0219D85F False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x0219F8A0 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x0219E538 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x021A3B16 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x021A4388 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x0219D85F False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x021A3B16 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x021A4388 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x0219F7F4 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x0219E538 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x0219D85F False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x0219F8A0 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x0219D85F False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x0219F8A0 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x0219E538 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x021A3B16 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x021A4388 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x02191022 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x0219A56C False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x02196673 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x02195F84 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x021A1C70 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x0219BB24 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x021A02C4 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x02192000 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x02193564 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x02198F68 False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x0219728A False
...
buffer 1 0x02190000 0x021C2FFF Content Changed False 32-bit 0x02197000 False
...
buffer 1 0x00617458 0x0061A057 Dump Rule: PikabotConfig False 32-bit - False
...
buffer 1 0x02150000 0x02180FFF Image In Buffer False 32-bit - False
...
buffer 1 0x02314020 0x0241401F Image In Buffer False 32-bit - False
...
point.exe 1 0x00400000 0x0055DFFF Process Termination False 32-bit - False
...
358d30e2edfeda95d4f9c6c26faff95e0c28fedd2a7b004fe467b911ae86baed Downloaded File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 7.53 KB
MD5 5b29599d21ab5d160d93ff69f8dade89 Copy to Clipboard
SHA1 c84b08b706b33a498ee4bcb14549a0054a28cd3e Copy to Clipboard
SHA256 358d30e2edfeda95d4f9c6c26faff95e0c28fedd2a7b004fe467b911ae86baed Copy to Clipboard
SSDeep 192:Y0ZMeFTPdOYLBdHhpcVkwc5gws2M75s8Lh:BMMdOYLngVd6gb2ML Copy to Clipboard
ImpHash -
5fd55da8747d933410bb637571802aca2eedf3314039722e2b9d6f37afdad97e Downloaded File HTML
Clean
...
»
MIME Type text/html
File Size 552 Bytes
MD5 eac0a6a53d4a4353aace122055b4b4c8 Copy to Clipboard
SHA1 b400d2a40c870dd448eed9b418297c3038b9d023 Copy to Clipboard
SHA256 5fd55da8747d933410bb637571802aca2eedf3314039722e2b9d6f37afdad97e Copy to Clipboard
SSDeep 12:TD11VI48lI5r8INGlTF5TF5TF5TF5TF5TFK:bGDTPTPTPTPTPTc Copy to Clipboard
ImpHash -
4c7a804943b6045eff60f06b880597e5936a4357feb288cf706ee33e429ecc35 Extracted File ZIP
Clean
...
»
Parent File C:\Users\OqXZRaykm\Desktop\Point.exe
MIME Type application/zip
File Size 167.57 KB
MD5 9579dbad66dee207d4cdd4d879cb7366 Copy to Clipboard
SHA1 3824117ae77f84b1570a16574995351b531dc27d Copy to Clipboard
SHA256 4c7a804943b6045eff60f06b880597e5936a4357feb288cf706ee33e429ecc35 Copy to Clipboard
SSDeep 768:w19autkNYAcEvmCc/nTqpCLniMXqPlrCxlVsofTC5l5sgGGMSTkGZgj2y/DDcQPa:w1bwYCvmzlVsOGOj144MHr9DpkcC4PZ Copy to Clipboard
ImpHash -
Archive Information
»
Number of Files 6
Number of Folders 2
Size of Packed Archive Contents 166.46 KB
Size of Unpacked Archive Contents 166.46 KB
File Format zip
Contents (6)
»
File Name Packed Size Unpacked Size Compression Is Encrypted Modify Time Verdict Recursively Submitted Actions
shared.xml 23.08 KB 23.08 KB Store False 2018-10-05 08:52 (UTC)
Clean
-
...
maindlg.xml 66.52 KB 66.52 KB Store False 2018-05-03 02:25 (UTC)
Clean
-
...
selfilefolderdlg.xml 12.48 KB 12.48 KB Store False 2018-05-03 02:25 (UTC)
Clean
-
...
comfirmdlg.xml 24.75 KB 24.75 KB Store False 2017-12-06 06:17 (UTC)
Clean
-
...
fssettingsdlg.xml 18.61 KB 18.61 KB Store False 2018-03-06 07:37 (UTC)
Clean
-
...
historydlg.xml 21.00 KB 21.00 KB Store False 2017-12-06 06:17 (UTC)
Clean
-
...
maindlg.xml Archive File Text
Clean
...
»
Parent File 4c7a804943b6045eff60f06b880597e5936a4357feb288cf706ee33e429ecc35
MIME Type text/xml
File Size 66.52 KB
MD5 8250dd219957ac1826528031286fa557 Copy to Clipboard
SHA1 1cb054b59585ebd163552457520c67e1c0d2ae52 Copy to Clipboard
SHA256 29517678f285518617146eecefb7eb90eec52c46157b025907eba30a742e938a Copy to Clipboard
SSDeep 768:aiMXqPlrCxlVsofTC5l5sgGGMSTkGZgj2y/DDcn:klVsOGOj14n Copy to Clipboard
ImpHash -
comfirmdlg.xml Archive File Text
Clean
...
»
Parent File 4c7a804943b6045eff60f06b880597e5936a4357feb288cf706ee33e429ecc35
MIME Type text/xml
File Size 24.75 KB
MD5 9ea8cf213b4ccaf3fa175058225991cc Copy to Clipboard
SHA1 ac608898bedc64990d56565c5adebb4109c44c6d Copy to Clipboard
SHA256 450186cfb582d99c3293c4dff65f61a0465d84403d2eb7d38b9a70beb24b3ae2 Copy to Clipboard
SSDeep 384:ztvtmw4PFe5RC5uX4we0D56TEZwEYw09k4o9DOD9PwCwjeo3RwYgoLdwxqwUn81i:619autkx Copy to Clipboard
ImpHash -
shared.xml Archive File Text
Clean
...
»
Parent File 4c7a804943b6045eff60f06b880597e5936a4357feb288cf706ee33e429ecc35
MIME Type text/xml
File Size 23.08 KB
MD5 36bfa1af6bfcd58f599f6eac96819242 Copy to Clipboard
SHA1 e39ba3a78715513f7025fd4eb61d73064790f74e Copy to Clipboard
SHA256 003e6405827cd78cd858003a49137b830681e0e493d92d219449acbde5d3a84d Copy to Clipboard
SSDeep 192:KMekzzAuZk42I1ZjhqIJqbdq9wE3qF9ivLDFT9fyEQ/ElscVLy3bb2DImojpR6b8:nb0d25eW3FTIvCDcT Copy to Clipboard
ImpHash -
historydlg.xml Archive File Text
Clean
...
»
Parent File 4c7a804943b6045eff60f06b880597e5936a4357feb288cf706ee33e429ecc35
MIME Type text/xml
File Size 21.00 KB
MD5 39d01dd2140456f4a81c763021ae3ec5 Copy to Clipboard
SHA1 03fcd5114d6fc4a3160d84bb9a83f6a083577b36 Copy to Clipboard
SHA256 eb38df58e0da7856241f709dedd78c1a24c33ed50d6edf64bc3e30d7289b727d Copy to Clipboard
SSDeep 384:F/T/0wEwLPYwu5AmED6weLjyw4JlEUBwZPxwca/wKOCZkRQohwfFfENEwdC2ETpp:F/nTqpCLl Copy to Clipboard
ImpHash -
fssettingsdlg.xml Archive File Text
Clean
...
»
Parent File 4c7a804943b6045eff60f06b880597e5936a4357feb288cf706ee33e429ecc35
MIME Type text/xml
File Size 18.61 KB
MD5 a273f62c306b5bbc95579c236f048795 Copy to Clipboard
SHA1 0aa02d33c860044dd34bc4418440d02a1ab2afe1 Copy to Clipboard
SHA256 8868b4bd390c9af6c4262647c3342229c1c3700642516d69dd6083a61da95c27 Copy to Clipboard
SSDeep 384:Cx7AvqAwLPYGo5A/ED6weLFw4wuEZd3wZDPa9D6g2979awKSNEO7sodw5U75n0Yj:2AcEvmCO Copy to Clipboard
ImpHash -
selfilefolderdlg.xml Archive File Text
Clean
...
»
Parent File 4c7a804943b6045eff60f06b880597e5936a4357feb288cf706ee33e429ecc35
MIME Type text/xml
File Size 12.48 KB
MD5 35816e0f97b455df55c9eea4cb97dac8 Copy to Clipboard
SHA1 1f82790b41e80832f6ca092a105229000906a564 Copy to Clipboard
SHA256 3636a72aab93e4bf482a72ebc5d15ef8add0ceb8ac83f02b4db6ddcc4c3ed7e7 Copy to Clipboard
SSDeep 384:ztk8tktw4PpC5jQ4EQX4weC4EpnwVRgwu0MJtgW9R4OjZ+Z5:+PFMHr9Dm Copy to Clipboard
ImpHash -
25f4f15ebdeac56a824c398367290cee6334657593ba32b78eb80e58ebaabddf Extracted File Image
Clean
...
»
Parent File C:\Users\OqXZRaykm\Desktop\Point.exe
MIME Type image/png
File Size 3.99 KB
MD5 ecf8a23b96517d8eadbe017e703ed6e8 Copy to Clipboard
SHA1 4084d9c04487db3acf40f30e7b8f291f4ee50fab Copy to Clipboard
SHA256 25f4f15ebdeac56a824c398367290cee6334657593ba32b78eb80e58ebaabddf Copy to Clipboard
SSDeep 96:KuYzm7X4wM6KQQw55HEQB0Rc19EekwwTKh4wwwwgzEViwwr1i3H:KuYK7owMrQQw5s+19VkwwTJwwwwniww4 Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image