Malicious
Classifications
Injector Downloader
Threat Names
Mal/HTMLGen-A Pikabot
Dynamic Analysis Report
Created on 2024-02-22T12:57:27+00:00
Ngjhjhjda.exe
Windows Exe (x86-32)
Remarks (1/1)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "21 seconds" to "10 seconds" to reveal dormant functionality.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\RDhJ0CNFevzX\Desktop\Ngjhjhjda.exe | Sample File | Binary |
Malicious
|
...
|
»
PE Information
»
Image Base | 0x00400000 |
Entry Point | 0x0049F3A2 |
Size Of Code | 0x00143400 |
Size Of Initialized Data | 0x001FA200 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2019-09-25 16:37 (UTC) |
Version Information (9)
»
CompanyName | MAGIX Software GmbH |
FileDescription | VEGAS Pro 18 Edit (en-US) |
FileVersion | 1.3.46.38 |
LegalCopyright | Copyright © MAGIX Software GmbH |
ProductName | VEGAS Pro 18 Edit (en-US) |
ProductVersion | 1.3.46.38 |
MX_Culture | en-US |
MX_StubConfig | Release |
MX_StubVersion | 1.8.0.0 |
Sections (6)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x00401000 | 0x00143286 | 0x00143400 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.6 |
.rdata | 0x00545000 | 0x00044928 | 0x00044A00 | 0x00143800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.83 |
.data | 0x0058A000 | 0x00016CE0 | 0x0000BC00 | 0x00188200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.01 |
.tls | 0x005A1000 | 0x00000002 | 0x00000200 | 0x00193E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
.rsrc | 0x005A2000 | 0x001967B0 | 0x00196800 | 0x00194000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.62 |
.reloc | 0x00739000 | 0x000130DC | 0x00013200 | 0x0032A800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.57 |
Imports (13)
»
KERNEL32.dll (203)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
LoadLibraryExW | - | 0x005450D0 | 0x001872D8 | 0x00185AD8 | 0x0000033E |
GlobalDeleteAtom | - | 0x005450D4 | 0x001872DC | 0x00185ADC | 0x000002B5 |
lstrcmpA | - | 0x005450D8 | 0x001872E0 | 0x00185AE0 | 0x00000541 |
lstrcmpW | - | 0x005450DC | 0x001872E4 | 0x00185AE4 | 0x00000542 |
GetPrivateProfileIntW | - | 0x005450E0 | 0x001872E8 | 0x00185AE8 | 0x0000023C |
GetPrivateProfileStringW | - | 0x005450E4 | 0x001872EC | 0x00185AEC | 0x00000242 |
WritePrivateProfileStringW | - | 0x005450E8 | 0x001872F0 | 0x00185AF0 | 0x0000052B |
GlobalAddAtomW | - | 0x005450EC | 0x001872F4 | 0x00185AF4 | 0x000002B2 |
LoadLibraryA | - | 0x005450F0 | 0x001872F8 | 0x00185AF8 | 0x0000033C |
EncodePointer | - | 0x005450F4 | 0x001872FC | 0x00185AFC | 0x000000EA |
GlobalFindAtomW | - | 0x005450F8 | 0x00187300 | 0x00185B00 | 0x000002B7 |
GetFileSizeEx | - | 0x005450FC | 0x00187304 | 0x00185B04 | 0x000001F1 |
GetFileTime | - | 0x00545100 | 0x00187308 | 0x00185B08 | 0x000001F2 |
SystemTimeToFileTime | - | 0x00545104 | 0x0018730C | 0x00185B0C | 0x000004BD |
GetFullPathNameW | - | 0x00545108 | 0x00187310 | 0x00185B10 | 0x000001FB |
GetVolumeInformationW | - | 0x0054510C | 0x00187314 | 0x00185B14 | 0x000002A7 |
LockFile | - | 0x00545110 | 0x00187318 | 0x00185B18 | 0x00000352 |
UnlockFile | - | 0x00545114 | 0x0018731C | 0x00185B1C | 0x000004D4 |
DuplicateHandle | - | 0x00545118 | 0x00187320 | 0x00185B20 | 0x000000E8 |
GetStringTypeExW | - | 0x0054511C | 0x00187324 | 0x00185B24 | 0x00000268 |
GetThreadLocale | - | 0x00545120 | 0x00187328 | 0x00185B28 | 0x0000028C |
GlobalFlags | - | 0x00545124 | 0x0018732C | 0x00185B2C | 0x000002B9 |
CompareStringW | - | 0x00545128 | 0x00187330 | 0x00185B30 | 0x00000064 |
GetSystemDefaultUILanguage | - | 0x0054512C | 0x00187334 | 0x00185B34 | 0x0000026E |
SetErrorMode | - | 0x00545130 | 0x00187338 | 0x00185B38 | 0x00000458 |
GetUserDefaultLCID | - | 0x00545134 | 0x0018733C | 0x00185B3C | 0x0000029B |
RtlUnwind | - | 0x00545138 | 0x00187340 | 0x00185B40 | 0x00000418 |
CreateThread | - | 0x0054513C | 0x00187344 | 0x00185B44 | 0x000000B5 |
ExitThread | - | 0x00545140 | 0x00187348 | 0x00185B48 | 0x0000011A |
GetCPInfo | - | 0x00545144 | 0x0018734C | 0x00185B4C | 0x00000172 |
GetSystemTimeAsFileTime | - | 0x00545148 | 0x00187350 | 0x00185B50 | 0x00000279 |
ExitProcess | - | 0x0054514C | 0x00187354 | 0x00185B54 | 0x00000119 |
GetModuleHandleExW | - | 0x00545150 | 0x00187358 | 0x00185B58 | 0x00000217 |
AreFileApisANSI | - | 0x00545154 | 0x0018735C | 0x00185B5C | 0x00000015 |
IsDebuggerPresent | - | 0x00545158 | 0x00187360 | 0x00185B60 | 0x00000300 |
IsProcessorFeaturePresent | - | 0x0054515C | 0x00187364 | 0x00185B64 | 0x00000304 |
SetStdHandle | - | 0x00545160 | 0x00187368 | 0x00185B68 | 0x00000487 |
GetFileType | - | 0x00545164 | 0x0018736C | 0x00185B6C | 0x000001F3 |
HeapQueryInformation | - | 0x00545168 | 0x00187370 | 0x00185B70 | 0x000002D1 |
GetSystemInfo | - | 0x0054516C | 0x00187374 | 0x00185B74 | 0x00000273 |
VirtualProtect | - | 0x00545170 | 0x00187378 | 0x00185B78 | 0x000004EF |
VirtualQuery | - | 0x00545174 | 0x0018737C | 0x00185B7C | 0x000004F1 |
GetStartupInfoW | - | 0x00545178 | 0x00187380 | 0x00185B80 | 0x00000263 |
GetEnvironmentStringsW | - | 0x0054517C | 0x00187384 | 0x00185B84 | 0x000001DA |
FreeEnvironmentStringsW | - | 0x00545180 | 0x00187388 | 0x00185B88 | 0x00000161 |
UnhandledExceptionFilter | - | 0x00545184 | 0x0018738C | 0x00185B8C | 0x000004D3 |
GetCurrentThread | - | 0x00545188 | 0x00187390 | 0x00185B90 | 0x000001C4 |
TerminateProcess | - | 0x0054518C | 0x00187394 | 0x00185B94 | 0x000004C0 |
IsValidCodePage | - | 0x00545190 | 0x00187398 | 0x00185B98 | 0x0000030A |
GetOEMCP | - | 0x00545194 | 0x0018739C | 0x00185B9C | 0x00000237 |
GetStringTypeW | - | 0x00545198 | 0x001873A0 | 0x00185BA0 | 0x00000269 |
GetTimeZoneInformation | - | 0x0054519C | 0x001873A4 | 0x00185BA4 | 0x00000298 |
GetConsoleCP | - | 0x005451A0 | 0x001873A8 | 0x00185BA8 | 0x0000019A |
GetConsoleMode | - | 0x005451A4 | 0x001873AC | 0x00185BAC | 0x000001AC |
ReadConsoleW | - | 0x005451A8 | 0x001873B0 | 0x00185BB0 | 0x000003BE |
OutputDebugStringW | - | 0x005451AC | 0x001873B4 | 0x00185BB4 | 0x0000038A |
GetDateFormatW | - | 0x005451B0 | 0x001873B8 | 0x00185BB8 | 0x000001C8 |
GetTimeFormatW | - | 0x005451B4 | 0x001873BC | 0x00185BBC | 0x00000297 |
LCMapStringW | - | 0x005451B8 | 0x001873C0 | 0x00185BC0 | 0x0000032D |
IsValidLocale | - | 0x005451BC | 0x001873C4 | 0x00185BC4 | 0x0000030C |
EnumSystemLocalesW | - | 0x005451C0 | 0x001873C8 | 0x00185BC8 | 0x0000010F |
WriteConsoleW | - | 0x005451C4 | 0x001873CC | 0x00185BCC | 0x00000524 |
SetEnvironmentVariableA | - | 0x005451C8 | 0x001873D0 | 0x00185BD0 | 0x00000456 |
FreeResource | - | 0x005451CC | 0x001873D4 | 0x00185BD4 | 0x00000165 |
LocalReAlloc | - | 0x005451D0 | 0x001873D8 | 0x00185BD8 | 0x0000034B |
LocalAlloc | - | 0x005451D4 | 0x001873DC | 0x00185BDC | 0x00000344 |
GlobalHandle | - | 0x005451D8 | 0x001873E0 | 0x00185BE0 | 0x000002BD |
EnterCriticalSection | - | 0x005451DC | 0x001873E4 | 0x00185BE4 | 0x000000EE |
GlobalReAlloc | - | 0x005451E0 | 0x001873E8 | 0x00185BE8 | 0x000002C1 |
TlsFree | - | 0x005451E4 | 0x001873EC | 0x00185BEC | 0x000004C6 |
TlsSetValue | - | 0x005451E8 | 0x001873F0 | 0x00185BF0 | 0x000004C8 |
TlsGetValue | - | 0x005451EC | 0x001873F4 | 0x00185BF4 | 0x000004C7 |
TlsAlloc | - | 0x005451F0 | 0x001873F8 | 0x00185BF8 | 0x000004C5 |
LocalFree | - | 0x005451F4 | 0x001873FC | 0x00185BFC | 0x00000348 |
GlobalFree | - | 0x005451F8 | 0x00187400 | 0x00185C00 | 0x000002BA |
GlobalUnlock | - | 0x005451FC | 0x00187404 | 0x00185C04 | 0x000002C5 |
GlobalLock | - | 0x00545200 | 0x00187408 | 0x00185C08 | 0x000002BE |
GlobalAlloc | - | 0x00545204 | 0x0018740C | 0x00185C0C | 0x000002B3 |
OutputDebugStringA | - | 0x00545208 | 0x00187410 | 0x00185C10 | 0x00000389 |
GetACP | - | 0x0054520C | 0x00187414 | 0x00185C14 | 0x00000168 |
MulDiv | - | 0x00545210 | 0x00187418 | 0x00185C18 | 0x00000366 |
GetVersion | - | 0x00545214 | 0x0018741C | 0x00185C1C | 0x000002A2 |
FindResourceExW | - | 0x00545218 | 0x00187420 | 0x00185C20 | 0x0000014D |
lstrlenA | - | 0x0054521C | 0x00187424 | 0x00185C24 | 0x0000054D |
CreateProcessW | - | 0x00545220 | 0x00187428 | 0x00185C28 | 0x000000A8 |
GetEnvironmentVariableW | - | 0x00545224 | 0x0018742C | 0x00185C2C | 0x000001DC |
LoadLibraryW | - | 0x00545228 | 0x00187430 | 0x00185C30 | 0x0000033F |
FreeLibrary | - | 0x0054522C | 0x00187434 | 0x00185C34 | 0x00000162 |
EnumResourceNamesW | - | 0x00545230 | 0x00187438 | 0x00185C38 | 0x00000102 |
SetFilePointerEx | - | 0x00545234 | 0x0018743C | 0x00185C3C | 0x00000467 |
FlushFileBuffers | - | 0x00545238 | 0x00187440 | 0x00185C40 | 0x00000157 |
ResumeThread | - | 0x0054523C | 0x00187444 | 0x00185C44 | 0x00000413 |
SuspendThread | - | 0x00545240 | 0x00187448 | 0x00185C48 | 0x000004BA |
GetThreadPriority | - | 0x00545244 | 0x0018744C | 0x00185C4C | 0x0000028E |
SetThreadPriority | - | 0x00545248 | 0x00187450 | 0x00185C50 | 0x00000499 |
GetDriveTypeW | - | 0x0054524C | 0x00187454 | 0x00185C54 | 0x000001D3 |
GetCommandLineW | - | 0x00545250 | 0x00187458 | 0x00185C58 | 0x00000187 |
FormatMessageW | - | 0x00545254 | 0x0018745C | 0x00185C5C | 0x0000015E |
GetLongPathNameW | - | 0x00545258 | 0x00187460 | 0x00185C60 | 0x0000020F |
InitializeCriticalSectionAndSpinCount | - | 0x0054525C | 0x00187464 | 0x00185C64 | 0x000002E3 |
RaiseException | - | 0x00545260 | 0x00187468 | 0x00185C68 | 0x000003B1 |
GetProcessHeap | - | 0x00545264 | 0x0018746C | 0x00185C6C | 0x0000024A |
LCMapStringA | - | 0x00545268 | 0x00187470 | 0x00185C70 | 0x0000032B |
GetStringTypeExA | - | 0x0054526C | 0x00187474 | 0x00185C74 | 0x00000267 |
FormatMessageA | - | 0x00545270 | 0x00187478 | 0x00185C78 | 0x0000015D |
WaitForSingleObjectEx | - | 0x00545274 | 0x0018747C | 0x00185C7C | 0x000004FA |
CreateEventA | - | 0x00545278 | 0x00187480 | 0x00185C80 | 0x00000082 |
CreateSemaphoreA | - | 0x0054527C | 0x00187484 | 0x00185C84 | 0x000000AB |
WaitForMultipleObjectsEx | - | 0x00545280 | 0x00187488 | 0x00185C88 | 0x000004F8 |
OpenEventA | - | 0x00545284 | 0x0018748C | 0x00185C8C | 0x00000374 |
SetWaitableTimer | - | 0x00545288 | 0x00187490 | 0x00185C90 | 0x000004AC |
CreateWaitableTimerA | - | 0x0054528C | 0x00187494 | 0x00185C94 | 0x000000BF |
CreateTimerQueue | - | 0x00545290 | 0x00187498 | 0x00185C98 | 0x000000BC |
SignalObjectAndWait | - | 0x00545294 | 0x0018749C | 0x00185C9C | 0x000004B0 |
SwitchToThread | - | 0x00545298 | 0x001874A0 | 0x00185CA0 | 0x000004BC |
GetLogicalProcessorInformation | - | 0x0054529C | 0x001874A4 | 0x00185CA4 | 0x0000020A |
CreateTimerQueueTimer | - | 0x005452A0 | 0x001874A8 | 0x00185CA8 | 0x000000BD |
ChangeTimerQueueTimer | - | 0x005452A4 | 0x001874AC | 0x00185CAC | 0x00000048 |
DeleteTimerQueueTimer | - | 0x005452A8 | 0x001874B0 | 0x00185CB0 | 0x000000DA |
GetNumaHighestNodeNumber | - | 0x005452AC | 0x001874B4 | 0x00185CB4 | 0x00000229 |
GetProcessAffinityMask | - | 0x005452B0 | 0x001874B8 | 0x00185CB8 | 0x00000246 |
SetThreadAffinityMask | - | 0x005452B4 | 0x001874BC | 0x00185CBC | 0x00000490 |
RegisterWaitForSingleObject | - | 0x005452B8 | 0x001874C0 | 0x00185CC0 | 0x000003F5 |
UnregisterWait | - | 0x005452BC | 0x001874C4 | 0x00185CC4 | 0x000004DA |
GetThreadTimes | - | 0x005452C0 | 0x001874C8 | 0x00185CC8 | 0x00000291 |
FreeLibraryAndExitThread | - | 0x005452C4 | 0x001874CC | 0x00185CCC | 0x00000163 |
InitializeSListHead | - | 0x005452C8 | 0x001874D0 | 0x00185CD0 | 0x000002E7 |
InterlockedPopEntrySList | - | 0x005452CC | 0x001874D4 | 0x00185CD4 | 0x000002F0 |
HeapSize | - | 0x005452D0 | 0x001874D8 | 0x00185CD8 | 0x000002D4 |
HeapFree | - | 0x005452D4 | 0x001874DC | 0x00185CDC | 0x000002CF |
HeapReAlloc | - | 0x005452D8 | 0x001874E0 | 0x00185CE0 | 0x000002D2 |
HeapAlloc | - | 0x005452DC | 0x001874E4 | 0x00185CE4 | 0x000002CB |
DecodePointer | - | 0x005452E0 | 0x001874E8 | 0x00185CE8 | 0x000000CA |
Sleep | - | 0x005452E4 | 0x001874EC | 0x00185CEC | 0x000004B2 |
GetExitCodeProcess | - | 0x005452E8 | 0x001874F0 | 0x00185CF0 | 0x000001DF |
GetDiskFreeSpaceExW | - | 0x005452EC | 0x001874F4 | 0x00185CF4 | 0x000001CE |
MapViewOfFileEx | - | 0x005452F0 | 0x001874F8 | 0x00185CF8 | 0x00000358 |
GetFileAttributesExW | - | 0x005452F4 | 0x001874FC | 0x00185CFC | 0x000001E7 |
GetFileAttributesW | - | 0x005452F8 | 0x00187500 | 0x00185D00 | 0x000001EA |
GetModuleFileNameW | - | 0x005452FC | 0x00187504 | 0x00185D04 | 0x00000214 |
CreateFileMappingW | - | 0x00545300 | 0x00187508 | 0x00185D08 | 0x0000008C |
UnmapViewOfFile | - | 0x00545304 | 0x0018750C | 0x00185D0C | 0x000004D6 |
GetCurrentProcess | - | 0x00545308 | 0x00187510 | 0x00185D10 | 0x000001C0 |
GetUserDefaultLangID | - | 0x0054530C | 0x00187514 | 0x00185D14 | 0x0000029C |
GetUserDefaultUILanguage | - | 0x00545310 | 0x00187518 | 0x00185D18 | 0x0000029E |
GetLocaleInfoW | - | 0x00545314 | 0x0018751C | 0x00185D1C | 0x00000206 |
FindResourceW | - | 0x00545318 | 0x00187520 | 0x00185D20 | 0x0000014E |
SizeofResource | - | 0x0054531C | 0x00187524 | 0x00185D24 | 0x000004B1 |
LoadResource | - | 0x00545320 | 0x00187528 | 0x00185D28 | 0x00000341 |
LockResource | - | 0x00545324 | 0x0018752C | 0x00185D2C | 0x00000354 |
WaitForMultipleObjects | - | 0x00545328 | 0x00187530 | 0x00185D30 | 0x000004F7 |
GetStdHandle | - | 0x0054532C | 0x00187534 | 0x00185D34 | 0x00000264 |
GetFileInformationByHandle | - | 0x00545330 | 0x00187538 | 0x00185D38 | 0x000001EC |
InterlockedPushEntrySList | - | 0x00545334 | 0x0018753C | 0x00185D3C | 0x000002F1 |
InterlockedFlushSList | - | 0x00545338 | 0x00187540 | 0x00185D40 | 0x000002EE |
QueryDepthSList | - | 0x0054533C | 0x00187544 | 0x00185D44 | 0x0000039E |
UnregisterWaitEx | - | 0x00545340 | 0x00187548 | 0x00185D48 | 0x000004DB |
SetFilePointer | - | 0x00545344 | 0x0018754C | 0x00185D4C | 0x00000466 |
SetEndOfFile | - | 0x00545348 | 0x00187550 | 0x00185D50 | 0x00000453 |
ReadFile | - | 0x0054534C | 0x00187554 | 0x00185D54 | 0x000003C0 |
WriteFile | - | 0x00545350 | 0x00187558 | 0x00185D58 | 0x00000525 |
GetFileSize | - | 0x00545354 | 0x0018755C | 0x00185D5C | 0x000001F0 |
FindNextFileW | - | 0x00545358 | 0x00187560 | 0x00185D60 | 0x00000145 |
FindFirstFileW | - | 0x0054535C | 0x00187564 | 0x00185D64 | 0x00000139 |
GetModuleHandleA | - | 0x00545360 | 0x00187568 | 0x00185D68 | 0x00000215 |
GetLogicalDriveStringsW | - | 0x00545364 | 0x0018756C | 0x00185D6C | 0x00000208 |
FindClose | - | 0x00545368 | 0x00187570 | 0x00185D70 | 0x0000012E |
MoveFileW | - | 0x0054536C | 0x00187574 | 0x00185D74 | 0x00000363 |
DeleteFileW | - | 0x00545370 | 0x00187578 | 0x00185D78 | 0x000000D6 |
SetFileAttributesW | - | 0x00545374 | 0x0018757C | 0x00185D7C | 0x00000461 |
CreateFileW | - | 0x00545378 | 0x00187580 | 0x00185D80 | 0x0000008F |
RemoveDirectoryW | - | 0x0054537C | 0x00187584 | 0x00185D84 | 0x00000403 |
CreateDirectoryW | - | 0x00545380 | 0x00187588 | 0x00185D88 | 0x00000081 |
GetCurrentDirectoryW | - | 0x00545384 | 0x0018758C | 0x00185D8C | 0x000001BF |
GetTempPathW | - | 0x00545388 | 0x00187590 | 0x00185D90 | 0x00000285 |
GetSystemDirectoryW | - | 0x0054538C | 0x00187594 | 0x00185D94 | 0x00000270 |
GetModuleHandleW | - | 0x00545390 | 0x00187598 | 0x00185D98 | 0x00000218 |
SetFileTime | - | 0x00545394 | 0x0018759C | 0x00185D9C | 0x0000046A |
SetLastError | - | 0x00545398 | 0x001875A0 | 0x00185DA0 | 0x00000473 |
GetProcAddress | - | 0x0054539C | 0x001875A4 | 0x00185DA4 | 0x00000245 |
FileTimeToLocalFileTime | - | 0x005453A0 | 0x001875A8 | 0x00185DA8 | 0x00000124 |
CreateSemaphoreW | - | 0x005453A4 | 0x001875AC | 0x00185DAC | 0x000000AE |
CreateEventW | - | 0x005453A8 | 0x001875B0 | 0x00185DB0 | 0x00000085 |
CloseHandle | - | 0x005453AC | 0x001875B4 | 0x00185DB4 | 0x00000052 |
WaitForSingleObject | - | 0x005453B0 | 0x001875B8 | 0x00185DB8 | 0x000004F9 |
ReleaseSemaphore | - | 0x005453B4 | 0x001875BC | 0x00185DBC | 0x000003FE |
ResetEvent | - | 0x005453B8 | 0x001875C0 | 0x00185DC0 | 0x0000040F |
SetEvent | - | 0x005453BC | 0x001875C4 | 0x00185DC4 | 0x00000459 |
InitializeCriticalSection | - | 0x005453C0 | 0x001875C8 | 0x00185DC8 | 0x000002E2 |
GetLastError | - | 0x005453C4 | 0x001875CC | 0x00185DCC | 0x00000202 |
GetVersionExW | - | 0x005453C8 | 0x001875D0 | 0x00185DD0 | 0x000002A4 |
VirtualFree | - | 0x005453CC | 0x001875D4 | 0x00185DD4 | 0x000004EC |
VirtualAlloc | - | 0x005453D0 | 0x001875D8 | 0x00185DD8 | 0x000004E9 |
FileTimeToSystemTime | - | 0x005453D4 | 0x001875DC | 0x00185DDC | 0x00000125 |
WideCharToMultiByte | - | 0x005453D8 | 0x001875E0 | 0x00185DE0 | 0x00000511 |
MultiByteToWideChar | - | 0x005453DC | 0x001875E4 | 0x00185DE4 | 0x00000367 |
QueryPerformanceCounter | - | 0x005453E0 | 0x001875E8 | 0x00185DE8 | 0x000003A7 |
GetTickCount | - | 0x005453E4 | 0x001875EC | 0x00185DEC | 0x00000293 |
GetCurrentThreadId | - | 0x005453E8 | 0x001875F0 | 0x00185DF0 | 0x000001C5 |
GetCurrentProcessId | - | 0x005453EC | 0x001875F4 | 0x00185DF4 | 0x000001C1 |
DeleteCriticalSection | - | 0x005453F0 | 0x001875F8 | 0x00185DF8 | 0x000000D1 |
LeaveCriticalSection | - | 0x005453F4 | 0x001875FC | 0x00185DFC | 0x00000339 |
SetUnhandledExceptionFilter | - | 0x005453F8 | 0x00187600 | 0x00185E00 | 0x000004A5 |
USER32.dll (147)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
IntersectRect | - | 0x00545488 | 0x00187690 | 0x00185E90 | 0x000001BD |
GetSysColorBrush | - | 0x0054548C | 0x00187694 | 0x00185E94 | 0x0000017C |
DestroyMenu | - | 0x00545490 | 0x00187698 | 0x00185E98 | 0x000000A4 |
SetWindowTextW | - | 0x00545494 | 0x0018769C | 0x00185E9C | 0x000002CB |
MoveWindow | - | 0x00545498 | 0x001876A0 | 0x00185EA0 | 0x0000021B |
ShowWindow | - | 0x0054549C | 0x001876A4 | 0x00185EA4 | 0x000002DF |
GetMonitorInfoW | - | 0x005454A0 | 0x001876A8 | 0x00185EA8 | 0x0000015F |
MonitorFromWindow | - | 0x005454A4 | 0x001876AC | 0x00185EAC | 0x0000021A |
WinHelpW | - | 0x005454A8 | 0x001876B0 | 0x00185EB0 | 0x00000329 |
GetClassLongW | - | 0x005454AC | 0x001876B4 | 0x00185EB4 | 0x00000110 |
SetWindowLongW | - | 0x005454B0 | 0x001876B8 | 0x00185EB8 | 0x000002C4 |
EqualRect | - | 0x005454B4 | 0x001876BC | 0x00185EBC | 0x000000F3 |
AdjustWindowRectEx | - | 0x005454B8 | 0x001876C0 | 0x00185EC0 | 0x00000003 |
RemovePropW | - | 0x005454BC | 0x001876C4 | 0x00185EC4 | 0x00000269 |
GetPropW | - | 0x005454C0 | 0x001876C8 | 0x00185EC8 | 0x0000016B |
SetPropW | - | 0x005454C4 | 0x001876CC | 0x00185ECC | 0x000002AD |
SetForegroundWindow | - | 0x005454C8 | 0x001876D0 | 0x00185ED0 | 0x00000293 |
UpdateWindow | - | 0x005454CC | 0x001876D4 | 0x00185ED4 | 0x00000311 |
SetMenu | - | 0x005454D0 | 0x001876D8 | 0x00185ED8 | 0x0000029C |
GetMenu | - | 0x005454D4 | 0x001876DC | 0x00185EDC | 0x0000014B |
GetCapture | - | 0x005454D8 | 0x001876E0 | 0x00185EE0 | 0x00000108 |
GetDlgCtrlID | - | 0x005454DC | 0x001876E4 | 0x00185EE4 | 0x00000126 |
GetClassInfoExW | - | 0x005454E0 | 0x001876E8 | 0x00185EE8 | 0x0000010D |
GetClassInfoW | - | 0x005454E4 | 0x001876EC | 0x00185EEC | 0x0000010E |
CallWindowProcW | - | 0x005454E8 | 0x001876F0 | 0x00185EF0 | 0x0000001E |
DefWindowProcW | - | 0x005454EC | 0x001876F4 | 0x00185EF4 | 0x0000009C |
GetMessageTime | - | 0x005454F0 | 0x001876F8 | 0x00185EF8 | 0x0000015C |
RealChildWindowFromPoint | - | 0x005454F4 | 0x001876FC | 0x00185EFC | 0x00000243 |
GetWindowTextLengthW | - | 0x005454F8 | 0x00187700 | 0x00185F00 | 0x000001A2 |
SetFocus | - | 0x005454FC | 0x00187704 | 0x00185F04 | 0x00000292 |
IsDialogMessageW | - | 0x00545500 | 0x00187708 | 0x00185F08 | 0x000001CD |
GetTopWindow | - | 0x00545504 | 0x0018770C | 0x00185F0C | 0x00000185 |
MessageBeep | - | 0x00545508 | 0x00187710 | 0x00185F10 | 0x0000020D |
IsChild | - | 0x0054550C | 0x00187714 | 0x00185F14 | 0x000001C9 |
SetWindowContextHelpId | - | 0x00545510 | 0x00187718 | 0x00185F18 | 0x000002C1 |
WindowFromPoint | - | 0x00545514 | 0x0018771C | 0x00185F1C | 0x0000032C |
GetLastActivePopup | - | 0x00545518 | 0x00187720 | 0x00185F20 | 0x00000144 |
MessageBoxW | - | 0x0054551C | 0x00187724 | 0x00185F24 | 0x00000215 |
PostQuitMessage | - | 0x00545520 | 0x00187728 | 0x00185F28 | 0x00000237 |
LoadStringA | - | 0x00545524 | 0x0018772C | 0x00185F2C | 0x000001F9 |
CallNextHookEx | - | 0x00545528 | 0x00187730 | 0x00185F30 | 0x0000001C |
SetWindowsHookExW | - | 0x0054552C | 0x00187734 | 0x00185F34 | 0x000002CF |
ValidateRect | - | 0x00545530 | 0x00187738 | 0x00185F38 | 0x0000031C |
DispatchMessageW | - | 0x00545534 | 0x0018773C | 0x00185F3C | 0x000000AF |
TranslateMessage | - | 0x00545538 | 0x00187740 | 0x00185F40 | 0x000002FC |
GetMessageW | - | 0x0054553C | 0x00187744 | 0x00185F44 | 0x0000015D |
GetDesktopWindow | - | 0x00545540 | 0x00187748 | 0x00185F48 | 0x00000123 |
SetActiveWindow | - | 0x00545544 | 0x0018774C | 0x00185F4C | 0x0000027F |
IsWindowEnabled | - | 0x00545548 | 0x00187750 | 0x00185F50 | 0x000001DC |
GetActiveWindow | - | 0x0054554C | 0x00187754 | 0x00185F54 | 0x00000100 |
GetNextDlgTabItem | - | 0x00545550 | 0x00187758 | 0x00185F58 | 0x00000162 |
EndDialog | - | 0x00545554 | 0x0018775C | 0x00185F5C | 0x000000DA |
CreateDialogIndirectParamW | - | 0x00545558 | 0x00187760 | 0x00185F60 | 0x00000061 |
DestroyWindow | - | 0x0054555C | 0x00187764 | 0x00185F64 | 0x000000A6 |
LoadBitmapW | - | 0x00545560 | 0x00187768 | 0x00185F68 | 0x000001E7 |
SetMenuItemInfoW | - | 0x00545564 | 0x0018776C | 0x00185F6C | 0x000002A2 |
GetMenuCheckMarkDimensions | - | 0x00545568 | 0x00187770 | 0x00185F70 | 0x0000014D |
SetMenuItemBitmaps | - | 0x0054556C | 0x00187774 | 0x00185F74 | 0x000002A0 |
EnableMenuItem | - | 0x00545570 | 0x00187778 | 0x00185F78 | 0x000000D6 |
CheckMenuItem | - | 0x00545574 | 0x0018777C | 0x00185F7C | 0x0000003F |
ClientToScreen | - | 0x00545578 | 0x00187780 | 0x00185F80 | 0x00000047 |
EndPaint | - | 0x0054557C | 0x00187784 | 0x00185F84 | 0x000000DC |
BeginPaint | - | 0x00545580 | 0x00187788 | 0x00185F88 | 0x0000000E |
GetWindowDC | - | 0x00545584 | 0x0018778C | 0x00185F8C | 0x00000192 |
CharNextW | - | 0x00545588 | 0x00187790 | 0x00185F90 | 0x00000031 |
OffsetRect | - | 0x0054558C | 0x00187794 | 0x00185F94 | 0x00000225 |
SetCapture | - | 0x00545590 | 0x00187798 | 0x00185F98 | 0x00000280 |
ReleaseCapture | - | 0x00545594 | 0x0018779C | 0x00185F9C | 0x00000264 |
CopyAcceleratorTableW | - | 0x00545598 | 0x001877A0 | 0x00185FA0 | 0x00000052 |
InvalidateRgn | - | 0x0054559C | 0x001877A4 | 0x00185FA4 | 0x000001BF |
SetRect | - | 0x005455A0 | 0x001877A8 | 0x00185FA8 | 0x000002AE |
RegisterClipboardFormatW | - | 0x005455A4 | 0x001877AC | 0x00185FAC | 0x00000250 |
PostThreadMessageW | - | 0x005455A8 | 0x001877B0 | 0x00185FB0 | 0x00000239 |
TabbedTextOutW | - | 0x005455AC | 0x001877B4 | 0x00185FB4 | 0x000002EE |
GrayStringW | - | 0x005455B0 | 0x001877B8 | 0x00185FB8 | 0x000001A8 |
DrawTextExW | - | 0x005455B4 | 0x001877BC | 0x00185FBC | 0x000000CF |
DrawTextW | - | 0x005455B8 | 0x001877C0 | 0x00185FC0 | 0x000000D0 |
UnhookWindowsHookEx | - | 0x005455BC | 0x001877C4 | 0x00185FC4 | 0x00000300 |
GetMessagePos | - | 0x005455C0 | 0x001877C8 | 0x00185FC8 | 0x0000015B |
GetMenuItemCount | - | 0x005455C4 | 0x001877CC | 0x00185FCC | 0x00000151 |
GetMenuItemID | - | 0x005455C8 | 0x001877D0 | 0x00185FD0 | 0x00000152 |
GetSubMenu | - | 0x005455CC | 0x001877D4 | 0x00185FD4 | 0x0000017A |
SendDlgItemMessageA | - | 0x005455D0 | 0x001877D8 | 0x00185FD8 | 0x00000272 |
PtInRect | - | 0x005455D4 | 0x001877DC | 0x00185FDC | 0x00000240 |
IsRectEmpty | - | 0x005455D8 | 0x001877E0 | 0x00185FE0 | 0x000001D4 |
DrawFrameControl | - | 0x005455DC | 0x001877E4 | 0x00185FE4 | 0x000000C6 |
ShowCaret | - | 0x005455E0 | 0x001877E8 | 0x00185FE8 | 0x000002D9 |
HideCaret | - | 0x005455E4 | 0x001877EC | 0x00185FEC | 0x000001A9 |
GetCursorPos | - | 0x005455E8 | 0x001877F0 | 0x00185FF0 | 0x00000120 |
SetCursor | - | 0x005455EC | 0x001877F4 | 0x00185FF4 | 0x00000288 |
GetWindow | - | 0x005455F0 | 0x001877F8 | 0x00185FF8 | 0x0000018E |
GetParent | - | 0x005455F4 | 0x001877FC | 0x00185FFC | 0x00000164 |
GetWindowLongW | - | 0x005455F8 | 0x00187800 | 0x00186000 | 0x00000196 |
MapWindowPoints | - | 0x005455FC | 0x00187804 | 0x00186004 | 0x00000209 |
GetWindowTextW | - | 0x00545600 | 0x00187808 | 0x00186008 | 0x000001A3 |
GetForegroundWindow | - | 0x00545604 | 0x0018780C | 0x0018600C | 0x0000012D |
FlashWindowEx | - | 0x00545608 | 0x00187810 | 0x00186010 | 0x000000FC |
CreateWindowExW | - | 0x0054560C | 0x00187814 | 0x00186014 | 0x0000006E |
FillRect | - | 0x00545610 | 0x00187818 | 0x00186018 | 0x000000F6 |
GetSysColor | - | 0x00545614 | 0x0018781C | 0x0018601C | 0x0000017B |
SystemParametersInfoW | - | 0x00545618 | 0x00187820 | 0x00186020 | 0x000002EC |
InvalidateRect | - | 0x0054561C | 0x00187824 | 0x00186024 | 0x000001BE |
DeleteMenu | - | 0x00545620 | 0x00187828 | 0x00186028 | 0x0000009E |
GetSystemMenu | - | 0x00545624 | 0x0018782C | 0x0018602C | 0x0000017D |
KillTimer | - | 0x00545628 | 0x00187830 | 0x00186030 | 0x000001E3 |
SetTimer | - | 0x0054562C | 0x00187834 | 0x00186034 | 0x000002BB |
GetKeyState | - | 0x00545630 | 0x00187838 | 0x00186038 | 0x0000013D |
SetDlgItemTextW | - | 0x00545634 | 0x0018783C | 0x0018603C | 0x00000290 |
InflateRect | - | 0x00545638 | 0x00187840 | 0x00186040 | 0x000001B5 |
CopyRect | - | 0x0054563C | 0x00187844 | 0x00186044 | 0x00000055 |
RedrawWindow | - | 0x00545640 | 0x00187848 | 0x00186048 | 0x0000024A |
GetFocus | - | 0x00545644 | 0x0018784C | 0x0018604C | 0x0000012C |
TrackMouseEvent | - | 0x00545648 | 0x00187850 | 0x00186050 | 0x000002F5 |
ScreenToClient | - | 0x0054564C | 0x00187854 | 0x00186054 | 0x0000026D |
GetClientRect | - | 0x00545650 | 0x00187858 | 0x00186058 | 0x00000114 |
GetDlgItem | - | 0x00545654 | 0x0018785C | 0x0018605C | 0x00000127 |
EndDeferWindowPos | - | 0x00545658 | 0x00187860 | 0x00186060 | 0x000000D9 |
DeferWindowPos | - | 0x0054565C | 0x00187864 | 0x00186064 | 0x0000009D |
BeginDeferWindowPos | - | 0x00545660 | 0x00187868 | 0x00186068 | 0x0000000D |
SetWindowPos | - | 0x00545664 | 0x0018786C | 0x0018606C | 0x000002C6 |
IsWindow | - | 0x00545668 | 0x00187870 | 0x00186070 | 0x000001DB |
AllowSetForegroundWindow | - | 0x0054566C | 0x00187874 | 0x00186074 | 0x00000006 |
GetWindowThreadProcessId | - | 0x00545670 | 0x00187878 | 0x00186078 | 0x000001A4 |
GetClassNameW | - | 0x00545674 | 0x0018787C | 0x0018607C | 0x00000112 |
MsgWaitForMultipleObjects | - | 0x00545678 | 0x00187880 | 0x00186080 | 0x0000021C |
PeekMessageW | - | 0x0054567C | 0x00187884 | 0x00186084 | 0x00000233 |
IsWindowVisible | - | 0x00545680 | 0x00187888 | 0x00186088 | 0x000001E0 |
UnregisterClassW | - | 0x00545684 | 0x0018788C | 0x0018608C | 0x00000306 |
MapDialogRect | - | 0x00545688 | 0x00187890 | 0x00186090 | 0x00000204 |
LoadIconW | - | 0x0054568C | 0x00187894 | 0x00186094 | 0x000001ED |
LoadCursorW | - | 0x00545690 | 0x00187898 | 0x00186098 | 0x000001EB |
GetWindowRect | - | 0x00545694 | 0x0018789C | 0x0018609C | 0x0000019C |
ReleaseDC | - | 0x00545698 | 0x001878A0 | 0x001860A0 | 0x00000265 |
GetDC | - | 0x0054569C | 0x001878A4 | 0x001860A4 | 0x00000121 |
DefDlgProcW | - | 0x005456A0 | 0x001878A8 | 0x001860A8 | 0x00000095 |
RegisterClassW | - | 0x005456A4 | 0x001878AC | 0x001860AC | 0x0000024E |
ReplyMessage | - | 0x005456A8 | 0x001878B0 | 0x001860B0 | 0x0000026A |
RegisterWindowMessageW | - | 0x005456AC | 0x001878B4 | 0x001860B4 | 0x00000263 |
LoadImageW | - | 0x005456B0 | 0x001878B8 | 0x001860B8 | 0x000001EF |
GetSystemMetrics | - | 0x005456B4 | 0x001878BC | 0x001860BC | 0x0000017E |
PostMessageW | - | 0x005456B8 | 0x001878C0 | 0x001860C0 | 0x00000236 |
SendMessageW | - | 0x005456BC | 0x001878C4 | 0x001860C4 | 0x0000027C |
EnableWindow | - | 0x005456C0 | 0x001878C8 | 0x001860C8 | 0x000000D8 |
DestroyIcon | - | 0x005456C4 | 0x001878CC | 0x001860CC | 0x000000A3 |
CharUpperW | - | 0x005456C8 | 0x001878D0 | 0x001860D0 | 0x0000003C |
GetNextDlgGroupItem | - | 0x005456CC | 0x001878D4 | 0x001860D4 | 0x00000161 |
LoadStringW | - | 0x005456D0 | 0x001878D8 | 0x001860D8 | 0x000001FA |
GDI32.dll (35)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
SetWindowExtEx | - | 0x00545040 | 0x00187248 | 0x00185A48 | 0x000002AC |
ScaleViewportExtEx | - | 0x00545044 | 0x0018724C | 0x00185A4C | 0x00000271 |
ScaleWindowExtEx | - | 0x00545048 | 0x00187250 | 0x00185A50 | 0x00000272 |
CreateRectRgnIndirect | - | 0x0054504C | 0x00187254 | 0x00185A54 | 0x00000050 |
GetMapMode | - | 0x00545050 | 0x00187258 | 0x00185A58 | 0x000001F0 |
GetBkColor | - | 0x00545054 | 0x0018725C | 0x00185A5C | 0x000001A9 |
SetViewportExtEx | - | 0x00545058 | 0x00187260 | 0x00185A60 | 0x000002A8 |
GetRgnBox | - | 0x0054505C | 0x00187264 | 0x00185A64 | 0x0000020C |
SetMapMode | - | 0x00545060 | 0x00187268 | 0x00185A68 | 0x00000294 |
ExtTextOutW | - | 0x00545064 | 0x0018726C | 0x00185A6C | 0x00000138 |
TextOutW | - | 0x00545068 | 0x00187270 | 0x00185A70 | 0x000002B9 |
SetTextColor | - | 0x0054506C | 0x00187274 | 0x00185A74 | 0x000002A6 |
GetTextColor | - | 0x00545070 | 0x00187278 | 0x00185A78 | 0x00000218 |
SetBkColor | - | 0x00545074 | 0x0018727C | 0x00185A7C | 0x0000027E |
ExtSelectClipRgn | - | 0x00545078 | 0x00187280 | 0x00185A80 | 0x00000136 |
SaveDC | - | 0x0054507C | 0x00187284 | 0x00185A84 | 0x00000270 |
RestoreDC | - | 0x00545080 | 0x00187288 | 0x00185A88 | 0x00000269 |
RectVisible | - | 0x00545084 | 0x0018728C | 0x00185A8C | 0x0000025E |
PtVisible | - | 0x00545088 | 0x00187290 | 0x00185A90 | 0x0000025A |
GetWindowExtEx | - | 0x0054508C | 0x00187294 | 0x00185A94 | 0x0000022B |
GetViewportExtEx | - | 0x00545090 | 0x00187298 | 0x00185A98 | 0x00000228 |
GetStockObject | - | 0x00545094 | 0x0018729C | 0x00185A9C | 0x0000020D |
GetClipBox | - | 0x00545098 | 0x001872A0 | 0x00185AA0 | 0x000001C0 |
ExcludeClipRect | - | 0x0054509C | 0x001872A4 | 0x00185AA4 | 0x00000131 |
Escape | - | 0x005450A0 | 0x001872A8 | 0x00185AA8 | 0x0000012E |
DeleteDC | - | 0x005450A4 | 0x001872AC | 0x00185AAC | 0x000000E3 |
CreateBitmap | - | 0x005450A8 | 0x001872B0 | 0x00185AB0 | 0x00000029 |
OffsetViewportOrgEx | - | 0x005450AC | 0x001872B4 | 0x00185AB4 | 0x0000023E |
SetViewportOrgEx | - | 0x005450B0 | 0x001872B8 | 0x00185AB8 | 0x000002A9 |
DeleteObject | - | 0x005450B4 | 0x001872BC | 0x00185ABC | 0x000000E6 |
CreateFontIndirectW | - | 0x005450B8 | 0x001872C0 | 0x00185AC0 | 0x00000040 |
GetDeviceCaps | - | 0x005450BC | 0x001872C4 | 0x00185AC4 | 0x000001CB |
GetObjectW | - | 0x005450C0 | 0x001872C8 | 0x00185AC8 | 0x000001FD |
SelectObject | - | 0x005450C4 | 0x001872CC | 0x00185ACC | 0x00000277 |
CreateSolidBrush | - | 0x005450C8 | 0x001872D0 | 0x00185AD0 | 0x00000054 |
WINSPOOL.DRV (3)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
OpenPrinterW | - | 0x005456D8 | 0x001878E0 | 0x001860E0 | 0x00000090 |
DocumentPropertiesW | - | 0x005456DC | 0x001878E4 | 0x001860E4 | 0x0000004E |
ClosePrinter | - | 0x005456E0 | 0x001878E8 | 0x001860E8 | 0x0000001D |
ADVAPI32.dll (10)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
RegDeleteValueW | - | 0x00545000 | 0x00187208 | 0x00185A08 | 0x00000248 |
RegEnumValueW | - | 0x00545004 | 0x0018720C | 0x00185A0C | 0x00000252 |
RegQueryValueW | - | 0x00545008 | 0x00187210 | 0x00185A10 | 0x0000026F |
RegEnumKeyW | - | 0x0054500C | 0x00187214 | 0x00185A14 | 0x00000250 |
RegSetValueExW | - | 0x00545010 | 0x00187218 | 0x00185A18 | 0x0000027E |
RegDeleteKeyW | - | 0x00545014 | 0x0018721C | 0x00185A1C | 0x00000244 |
RegCreateKeyExW | - | 0x00545018 | 0x00187220 | 0x00185A20 | 0x00000239 |
RegQueryValueExW | - | 0x0054501C | 0x00187224 | 0x00185A24 | 0x0000026E |
RegOpenKeyExW | - | 0x00545020 | 0x00187228 | 0x00185A28 | 0x00000261 |
RegCloseKey | - | 0x00545024 | 0x0018722C | 0x00185A2C | 0x00000230 |
SHELL32.dll (9)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
SHOpenFolderAndSelectItems | - | 0x00545440 | 0x00187648 | 0x00185E48 | 0x000000F3 |
SHParseDisplayName | - | 0x00545444 | 0x0018764C | 0x00185E4C | 0x000000F6 |
SHGetSpecialFolderPathW | - | 0x00545448 | 0x00187650 | 0x00185E50 | 0x000000E1 |
SHCreateItemFromParsingName | - | 0x0054544C | 0x00187654 | 0x00185E54 | 0x00000090 |
ShellExecuteExW | - | 0x00545450 | 0x00187658 | 0x00185E58 | 0x00000121 |
SHGetPathFromIDListW | - | 0x00545454 | 0x0018765C | 0x00185E5C | 0x000000D7 |
SHBrowseForFolderW | - | 0x00545458 | 0x00187660 | 0x00185E60 | 0x0000007B |
None | 0x000000A5 | 0x0054545C | 0x00187664 | 0x00185E64 | - |
ShellExecuteW | - | 0x00545460 | 0x00187668 | 0x00185E68 | 0x00000122 |
COMCTL32.dll (4)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
None | 0x0000019D | 0x0054502C | 0x00187234 | 0x00185A34 | - |
None | 0x0000019A | 0x00545030 | 0x00187238 | 0x00185A38 | - |
InitCommonControlsEx | - | 0x00545034 | 0x0018723C | 0x00185A3C | 0x0000007B |
None | 0x0000019C | 0x00545038 | 0x00187240 | 0x00185A40 | - |
SHLWAPI.dll (7)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
UrlCreateFromPathW | - | 0x00545468 | 0x00187670 | 0x00185E70 | 0x0000015A |
PathCreateFromUrlAlloc | - | 0x0054546C | 0x00187674 | 0x00185E74 | 0x00000042 |
UrlIsW | - | 0x00545470 | 0x00187678 | 0x00185E78 | 0x00000169 |
PathFindExtensionW | - | 0x00545474 | 0x0018767C | 0x00185E7C | 0x00000047 |
PathFindFileNameW | - | 0x00545478 | 0x00187680 | 0x00185E80 | 0x00000049 |
PathIsUNCW | - | 0x0054547C | 0x00187684 | 0x00185E84 | 0x00000071 |
PathStripToRootW | - | 0x00545480 | 0x00187688 | 0x00185E88 | 0x00000097 |
ole32.dll (20)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
CreateILockBytesOnHGlobal | - | 0x0054570C | 0x00187914 | 0x00186114 | 0x00000080 |
CoFreeUnusedLibraries | - | 0x00545710 | 0x00187918 | 0x00186118 | 0x0000001D |
StgCreateDocfileOnILockBytes | - | 0x00545714 | 0x0018791C | 0x0018611C | 0x00000168 |
CoGetClassObject | - | 0x00545718 | 0x00187920 | 0x00186120 | 0x00000026 |
CLSIDFromProgID | - | 0x0054571C | 0x00187924 | 0x00186124 | 0x00000006 |
CLSIDFromString | - | 0x00545720 | 0x00187928 | 0x00186128 | 0x00000008 |
CoCreateGuid | - | 0x00545724 | 0x0018792C | 0x0018612C | 0x0000000F |
CoTaskMemAlloc | - | 0x00545728 | 0x00187930 | 0x00186130 | 0x00000067 |
StringFromCLSID | - | 0x0054572C | 0x00187934 | 0x00186134 | 0x00000178 |
CoTaskMemFree | - | 0x00545730 | 0x00187938 | 0x00186138 | 0x00000068 |
CoCreateInstance | - | 0x00545734 | 0x0018793C | 0x0018613C | 0x00000010 |
CoUninitialize | - | 0x00545738 | 0x00187940 | 0x00186140 | 0x0000006C |
CoInitialize | - | 0x0054573C | 0x00187944 | 0x00186144 | 0x0000003E |
StgOpenStorageOnILockBytes | - | 0x00545740 | 0x00187948 | 0x00186148 | 0x00000175 |
OleInitialize | - | 0x00545744 | 0x0018794C | 0x0018614C | 0x00000132 |
OleUninitialize | - | 0x00545748 | 0x00187950 | 0x00186150 | 0x00000149 |
CoRevokeClassObject | - | 0x0054574C | 0x00187954 | 0x00186154 | 0x0000005F |
OleFlushClipboard | - | 0x00545750 | 0x00187958 | 0x00186158 | 0x0000012D |
OleIsCurrentClipboard | - | 0x00545754 | 0x0018795C | 0x0018615C | 0x00000134 |
CoRegisterMessageFilter | - | 0x00545758 | 0x00187960 | 0x00186160 | 0x00000056 |
OLEAUT32.dll (12)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
OleCreateFontIndirect | 0x000001A4 | 0x0054540C | 0x00187614 | 0x00185E14 | - |
SysFreeString | 0x00000006 | 0x00545410 | 0x00187618 | 0x00185E18 | - |
SysAllocString | 0x00000002 | 0x00545414 | 0x0018761C | 0x00185E1C | - |
SysAllocStringLen | 0x00000004 | 0x00545418 | 0x00187620 | 0x00185E20 | - |
VariantClear | 0x00000009 | 0x0054541C | 0x00187624 | 0x00185E24 | - |
VariantCopy | 0x0000000A | 0x00545420 | 0x00187628 | 0x00185E28 | - |
VariantInit | 0x00000008 | 0x00545424 | 0x0018762C | 0x00185E2C | - |
VariantChangeType | 0x0000000C | 0x00545428 | 0x00187630 | 0x00185E30 | - |
SysStringLen | 0x00000007 | 0x0054542C | 0x00187634 | 0x00185E34 | - |
SystemTimeToVariantTime | 0x000000B8 | 0x00545430 | 0x00187638 | 0x00185E38 | - |
VariantTimeToSystemTime | 0x000000B9 | 0x00545434 | 0x0018763C | 0x00185E3C | - |
SafeArrayDestroy | 0x00000010 | 0x00545438 | 0x00187640 | 0x00185E40 | - |
oledlg.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
OleUIBusyW | - | 0x00545760 | 0x00187968 | 0x00186168 | 0x00000003 |
msi.dll (8)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
None | 0x00000076 | 0x005456E8 | 0x001878F0 | 0x001860F0 | - |
None | 0x00000030 | 0x005456EC | 0x001878F4 | 0x001860F4 | - |
None | 0x0000005C | 0x005456F0 | 0x001878F8 | 0x001860F8 | - |
None | 0x000000AB | 0x005456F4 | 0x001878FC | 0x001860FC | - |
None | 0x000000A0 | 0x005456F8 | 0x00187900 | 0x00186100 | - |
None | 0x0000009F | 0x005456FC | 0x00187904 | 0x00186104 | - |
None | 0x00000008 | 0x00545700 | 0x00187908 | 0x00186108 | - |
None | 0x00000020 | 0x00545704 | 0x0018790C | 0x0018610C | - |
OLEACC.dll (2)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
CreateStdAccessibleObject | - | 0x00545400 | 0x00187608 | 0x00185E08 | 0x00000004 |
LresultFromObject | - | 0x00545404 | 0x0018760C | 0x00185E0C | 0x00000014 |
Digital Signature Information
»
Verification Status | Valid |
Certificate: A.P.Hernandez Consulting s.r.o.
»
Issued by | A.P.Hernandez Consulting s.r.o. |
Parent Certificate | SSL.com EV Code Signing Intermediate CA RSA R3 |
Country Name | SK |
Valid From | 2024-01-25 16:51 (UTC) |
Valid Until | 2025-01-24 16:51 (UTC) |
Algorithm | sha256_rsa |
Serial Number | 29 41 D5 F8 75 85 01 F9 DB C4 BA 15 80 58 C3 B5 |
Thumbprint | AE 7A D3 DF 41 DE F3 E3 16 9F FA 94 B2 E8 54 D4 EF DC EC 35 |
Certificate: SSL.com EV Code Signing Intermediate CA RSA R3
»
Issued by | SSL.com EV Code Signing Intermediate CA RSA R3 |
Parent Certificate | SSL.com EV Root Certification Authority RSA R2 |
Country Name | US |
Valid From | 2019-03-26 17:44 (UTC) |
Valid Until | 2034-03-22 17:44 (UTC) |
Algorithm | sha256_rsa |
Serial Number | 42 4B 6A 53 CE C7 66 14 1C 2A 63 B1 A5 1C 41 04 |
Thumbprint | D2 95 3D BA 95 08 6F EB 58 05 BE FC 41 28 3C A6 4C 39 7D F5 |
Certificate: SSL.com EV Root Certification Authority RSA R2
»
Issued by | SSL.com EV Root Certification Authority RSA R2 |
Country Name | US |
Valid From | 2017-05-31 18:14 (UTC) |
Valid Until | 2042-05-30 18:14 (UTC) |
Algorithm | sha256_rsa |
Serial Number | 56 B6 29 CD 34 BC 78 F6 |
Thumbprint | 74 3A F0 52 9B D0 32 A0 F4 4A 83 CD D4 BA A9 7B 7C 2E C4 9A |
Memory Dumps (20)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
ngjhjhjda.exe | 1 | 0x00400000 | 0x0074CFFF | Relevant Image | 32-bit | 0x004A8AB4 |
...
|
||
buffer | 1 | 0x023C0000 | 0x023F3FFF | First Execution | 32-bit | 0x023D5474 |
...
|
||
buffer | 1 | 0x023C0000 | 0x023F3FFF | Content Changed | 32-bit | 0x023D0450 |
...
|
||
buffer | 1 | 0x023C0000 | 0x023F3FFF | Content Changed | 32-bit | 0x023D45CC |
...
|
||
buffer | 1 | 0x023C0000 | 0x023F3FFF | Content Changed | 32-bit | 0x023C5EB8 |
...
|
||
buffer | 1 | 0x023C0000 | 0x023F3FFF | Content Changed | 32-bit | 0x023C1079 |
...
|
||
buffer | 1 | 0x023C0000 | 0x023F3FFF | Content Changed | 32-bit | 0x023CD394 |
...
|
||
buffer | 1 | 0x023C0000 | 0x023F3FFF | Content Changed | 32-bit | 0x023D2234 |
...
|
||
buffer | 1 | 0x023C0000 | 0x023F3FFF | Content Changed | 32-bit | 0x023CE6E4 |
...
|
||
buffer | 1 | 0x023C0000 | 0x023F3FFF | Content Changed | 32-bit | 0x023D137C |
...
|
||
buffer | 1 | 0x023C0000 | 0x023F3FFF | Content Changed | 32-bit | 0x023CBD40 |
...
|
||
buffer | 1 | 0x023C0000 | 0x023F3FFF | Content Changed | 32-bit | 0x023C3330 |
...
|
||
buffer | 1 | 0x023C0000 | 0x023F3FFF | Content Changed | 32-bit | 0x023D33C4 |
...
|
||
buffer | 1 | 0x023C0000 | 0x023F3FFF | Content Changed | 32-bit | 0x023D52AC |
...
|
||
buffer | 1 | 0x023C0000 | 0x023F3FFF | Content Changed | 32-bit | 0x023C8168 |
...
|
||
buffer | 1 | 0x023C0000 | 0x023F3FFF | Content Changed | 32-bit | 0x023C7000 |
...
|
||
buffer | 1 | 0x023C0000 | 0x023F3FFF | Content Changed | 32-bit | 0x023C9000 |
...
|
||
buffer | 1 | 0x008E0000 | 0x00910FFF | Image In Buffer | 32-bit | - |
...
|
||
buffer | 1 | 0x02A66020 | 0x02B6601F | Image In Buffer | 32-bit | - |
...
|
||
ngjhjhjda.exe | 1 | 0x00400000 | 0x0074CFFF | Process Termination | 32-bit | - |
...
|
78818b20dad2eea30ac5cd9bfde7a01643f92c7f5b3588c7dfd5527ed8ebcee8 | Downloaded File | Stream |
Clean
|
...
|
»
5fd55da8747d933410bb637571802aca2eedf3314039722e2b9d6f37afdad97e | Downloaded File | HTML |
Clean
|
...
|
»