c283c47e...528b | Files
Logo
Try VMRay Analyzer
VTI SCORE: 95/100
Dynamic Analysis Report
Classification: Trojan, Dropper, Spyware

c283c47ed7ecb84bdedf5a856374b4a60d48e0d42c0c57d4ff61a16d71f3528b (SHA256)

Mining.exe

Windows Exe (x86-32)

Created at 2019-01-26 02:20:00

...

Notifications (1/1)

Due to a WHOIS service error, no query could be made to get WHOIS data of any contacted domain.

Filters:
Filename Category Type Severity Actions
C:\Users\CIiHmnxMn6Ps\Desktop\Mining.exe Sample File Binary
Suspicious
...
»
Mime Type application/x-dosexec
File Size 5.57 MB
MD5 201ef232bdb38e1012f1484858cfed7b Copy to Clipboard
SHA1 97652f4c778beca9f23a98ce47cf872483e122fd Copy to Clipboard
SHA256 c283c47ed7ecb84bdedf5a856374b4a60d48e0d42c0c57d4ff61a16d71f3528b Copy to Clipboard
SSDeep 98304:r2cPK8QvA0g+Yo/aV6t56Y2e9EppIRYPzmm39bGOUOjLfU:iCKD40Co/3EvppIaP/VGOnnfU Copy to Clipboard
ImpHash afcdf79be1557326c854b6e20cb900a7 Copy to Clipboard
Parser Error Remark Static analyzer was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Suspicious
First Seen 2018-12-19 00:17 (UTC+1)
Last Seen 2019-01-01 13:08 (UTC+1)
Names Win32.Trojan.Symmi
Families Symmi
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x42800a
Size Of Code 0x8e000
Size Of Initialized Data 0x503200
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2018-12-15 10:13:43+00:00
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x8dfdd 0x8e000 0x400 cnt_code, mem_execute, mem_read 6.68
.rdata 0x48f000 0x2fd8e 0x2fe00 0x8e400 cnt_initialized_data, mem_read 5.76
.data 0x4bf000 0x8f74 0x5200 0xbe200 cnt_initialized_data, mem_read, mem_write 1.2
.rsrc 0x4c8000 0x4c6f90 0x4c7000 0xc3400 cnt_initialized_data, mem_read 8.0
.reloc 0x98f000 0x7134 0x7200 0x58a400 cnt_initialized_data, mem_discardable, mem_read 6.78
Imports (18)
»
WSOCK32.dll (23)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WSACleanup 0x74 0x48f7c8 0xbca10 0xbbe10 -
socket 0x17 0x48f7cc 0xbca14 0xbbe14 -
inet_ntoa 0xc 0x48f7d0 0xbca18 0xbbe18 -
setsockopt 0x15 0x48f7d4 0xbca1c 0xbbe1c -
ntohs 0xf 0x48f7d8 0xbca20 0xbbe20 -
recvfrom 0x11 0x48f7dc 0xbca24 0xbbe24 -
ioctlsocket 0xa 0x48f7e0 0xbca28 0xbbe28 -
htons 0x9 0x48f7e4 0xbca2c 0xbbe2c -
WSAStartup 0x73 0x48f7e8 0xbca30 0xbbe30 -
__WSAFDIsSet 0x97 0x48f7ec 0xbca34 0xbbe34 -
select 0x12 0x48f7f0 0xbca38 0xbbe38 -
accept 0x1 0x48f7f4 0xbca3c 0xbbe3c -
listen 0xd 0x48f7f8 0xbca40 0xbbe40 -
bind 0x2 0x48f7fc 0xbca44 0xbbe44 -
closesocket 0x3 0x48f800 0xbca48 0xbbe48 -
WSAGetLastError 0x6f 0x48f804 0xbca4c 0xbbe4c -
recv 0x10 0x48f808 0xbca50 0xbbe50 -
sendto 0x14 0x48f80c 0xbca54 0xbbe54 -
send 0x13 0x48f810 0xbca58 0xbbe58 -
inet_addr 0xb 0x48f814 0xbca5c 0xbbe5c -
gethostbyname 0x34 0x48f818 0xbca60 0xbbe60 -
gethostname 0x39 0x48f81c 0xbca64 0xbbe64 -
connect 0x4 0x48f820 0xbca68 0xbbe68 -
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoW 0x0 0x48f76c 0xbc9b4 0xbbdb4 0x6
GetFileVersionInfoSizeW 0x0 0x48f770 0xbc9b8 0xbbdb8 0x5
VerQueryValueW 0x0 0x48f774 0xbc9bc 0xbbdbc 0xe
WINMM.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
timeGetTime 0x0 0x48f7b8 0xbca00 0xbbe00 0x94
waveOutSetVolume 0x0 0x48f7bc 0xbca04 0xbbe04 0xbb
mciSendStringW 0x0 0x48f7c0 0xbca08 0xbbe08 0x32
COMCTL32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_ReplaceIcon 0x0 0x48f088 0xbc2d0 0xbb6d0 0x6f
ImageList_Destroy 0x0 0x48f08c 0xbc2d4 0xbb6d4 0x54
ImageList_Remove 0x0 0x48f090 0xbc2d8 0xbb6d8 0x6d
ImageList_SetDragCursorImage 0x0 0x48f094 0xbc2dc 0xbb6dc 0x72
ImageList_BeginDrag 0x0 0x48f098 0xbc2e0 0xbb6e0 0x50
ImageList_DragEnter 0x0 0x48f09c 0xbc2e4 0xbb6e4 0x56
ImageList_DragLeave 0x0 0x48f0a0 0xbc2e8 0xbb6e8 0x57
ImageList_EndDrag 0x0 0x48f0a4 0xbc2ec 0xbb6ec 0x5e
ImageList_DragMove 0x0 0x48f0a8 0xbc2f0 0xbb6f0 0x58
InitCommonControlsEx 0x0 0x48f0ac 0xbc2f4 0xbb6f4 0x7b
ImageList_Create 0x0 0x48f0b0 0xbc2f8 0xbb6f8 0x53
MPR.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WNetUseConnectionW 0x0 0x48f3f8 0xbc640 0xbba40 0x49
WNetCancelConnection2W 0x0 0x48f3fc 0xbc644 0xbba44 0xc
WNetGetConnectionW 0x0 0x48f400 0xbc648 0xbba48 0x24
WNetAddConnection2W 0x0 0x48f404 0xbc64c 0xbba4c 0x6
WININET.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InternetQueryDataAvailable 0x0 0x48f77c 0xbc9c4 0xbbdc4 0x9b
InternetCloseHandle 0x0 0x48f780 0xbc9c8 0xbbdc8 0x6b
InternetOpenW 0x0 0x48f784 0xbc9cc 0xbbdcc 0x9a
InternetSetOptionW 0x0 0x48f788 0xbc9d0 0xbbdd0 0xaf
InternetCrackUrlW 0x0 0x48f78c 0xbc9d4 0xbbdd4 0x74
HttpQueryInfoW 0x0 0x48f790 0xbc9d8 0xbbdd8 0x5a
InternetQueryOptionW 0x0 0x48f794 0xbc9dc 0xbbddc 0x9e
HttpOpenRequestW 0x0 0x48f798 0xbc9e0 0xbbde0 0x58
HttpSendRequestW 0x0 0x48f79c 0xbc9e4 0xbbde4 0x5e
FtpOpenFileW 0x0 0x48f7a0 0xbc9e8 0xbbde8 0x35
FtpGetFileSize 0x0 0x48f7a4 0xbc9ec 0xbbdec 0x32
InternetOpenUrlW 0x0 0x48f7a8 0xbc9f0 0xbbdf0 0x99
InternetReadFile 0x0 0x48f7ac 0xbc9f4 0xbbdf4 0x9f
InternetConnectW 0x0 0x48f7b0 0xbc9f8 0xbbdf8 0x72
PSAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetProcessMemoryInfo 0x0 0x48f484 0xbc6cc 0xbbacc 0x15
IPHLPAPI.DLL (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IcmpCreateFile 0x0 0x48f154 0xbc39c 0xbb79c 0x85
IcmpCloseHandle 0x0 0x48f158 0xbc3a0 0xbb7a0 0x84
IcmpSendEcho 0x0 0x48f15c 0xbc3a4 0xbb7a4 0x87
USERENV.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DestroyEnvironmentBlock 0x0 0x48f750 0xbc998 0xbbd98 0x4
UnloadUserProfile 0x0 0x48f754 0xbc99c 0xbbd9c 0x2c
CreateEnvironmentBlock 0x0 0x48f758 0xbc9a0 0xbbda0 0x0
LoadUserProfileW 0x0 0x48f75c 0xbc9a4 0xbbda4 0x21
UxTheme.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IsThemeActive 0x0 0x48f764 0xbc9ac 0xbbdac 0x3f
KERNEL32.dll (164)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DuplicateHandle 0x0 0x48f164 0xbc3ac 0xbb7ac 0xe8
CreateThread 0x0 0x48f168 0xbc3b0 0xbb7b0 0xb5
WaitForSingleObject 0x0 0x48f16c 0xbc3b4 0xbb7b4 0x4f9
HeapAlloc 0x0 0x48f170 0xbc3b8 0xbb7b8 0x2cb
GetProcessHeap 0x0 0x48f174 0xbc3bc 0xbb7bc 0x24a
HeapFree 0x0 0x48f178 0xbc3c0 0xbb7c0 0x2cf
Sleep 0x0 0x48f17c 0xbc3c4 0xbb7c4 0x4b2
GetCurrentThreadId 0x0 0x48f180 0xbc3c8 0xbb7c8 0x1c5
MultiByteToWideChar 0x0 0x48f184 0xbc3cc 0xbb7cc 0x367
MulDiv 0x0 0x48f188 0xbc3d0 0xbb7d0 0x366
GetVersionExW 0x0 0x48f18c 0xbc3d4 0xbb7d4 0x2a4
IsWow64Process 0x0 0x48f190 0xbc3d8 0xbb7d8 0x30e
GetSystemInfo 0x0 0x48f194 0xbc3dc 0xbb7dc 0x273
FreeLibrary 0x0 0x48f198 0xbc3e0 0xbb7e0 0x162
LoadLibraryA 0x0 0x48f19c 0xbc3e4 0xbb7e4 0x33c
GetProcAddress 0x0 0x48f1a0 0xbc3e8 0xbb7e8 0x245
SetErrorMode 0x0 0x48f1a4 0xbc3ec 0xbb7ec 0x458
GetModuleFileNameW 0x0 0x48f1a8 0xbc3f0 0xbb7f0 0x214
WideCharToMultiByte 0x0 0x48f1ac 0xbc3f4 0xbb7f4 0x511
lstrcpyW 0x0 0x48f1b0 0xbc3f8 0xbb7f8 0x548
lstrlenW 0x0 0x48f1b4 0xbc3fc 0xbb7fc 0x54e
GetModuleHandleW 0x0 0x48f1b8 0xbc400 0xbb800 0x218
QueryPerformanceCounter 0x0 0x48f1bc 0xbc404 0xbb804 0x3a7
VirtualFreeEx 0x0 0x48f1c0 0xbc408 0xbb808 0x4ed
OpenProcess 0x0 0x48f1c4 0xbc40c 0xbb80c 0x380
VirtualAllocEx 0x0 0x48f1c8 0xbc410 0xbb810 0x4ea
WriteProcessMemory 0x0 0x48f1cc 0xbc414 0xbb814 0x52e
ReadProcessMemory 0x0 0x48f1d0 0xbc418 0xbb818 0x3c3
CreateFileW 0x0 0x48f1d4 0xbc41c 0xbb81c 0x8f
SetFilePointerEx 0x0 0x48f1d8 0xbc420 0xbb820 0x467
SetEndOfFile 0x0 0x48f1dc 0xbc424 0xbb824 0x453
ReadFile 0x0 0x48f1e0 0xbc428 0xbb828 0x3c0
WriteFile 0x0 0x48f1e4 0xbc42c 0xbb82c 0x525
FlushFileBuffers 0x0 0x48f1e8 0xbc430 0xbb830 0x157
TerminateProcess 0x0 0x48f1ec 0xbc434 0xbb834 0x4c0
CreateToolhelp32Snapshot 0x0 0x48f1f0 0xbc438 0xbb838 0xbe
Process32FirstW 0x0 0x48f1f4 0xbc43c 0xbb83c 0x396
Process32NextW 0x0 0x48f1f8 0xbc440 0xbb840 0x398
SetFileTime 0x0 0x48f1fc 0xbc444 0xbb844 0x46a
GetFileAttributesW 0x0 0x48f200 0xbc448 0xbb848 0x1ea
FindFirstFileW 0x0 0x48f204 0xbc44c 0xbb84c 0x139
SetCurrentDirectoryW 0x0 0x48f208 0xbc450 0xbb850 0x44d
GetLongPathNameW 0x0 0x48f20c 0xbc454 0xbb854 0x20f
GetShortPathNameW 0x0 0x48f210 0xbc458 0xbb858 0x261
DeleteFileW 0x0 0x48f214 0xbc45c 0xbb85c 0xd6
FindNextFileW 0x0 0x48f218 0xbc460 0xbb860 0x145
CopyFileExW 0x0 0x48f21c 0xbc464 0xbb864 0x72
MoveFileW 0x0 0x48f220 0xbc468 0xbb868 0x363
CreateDirectoryW 0x0 0x48f224 0xbc46c 0xbb86c 0x81
RemoveDirectoryW 0x0 0x48f228 0xbc470 0xbb870 0x403
SetSystemPowerState 0x0 0x48f22c 0xbc474 0xbb874 0x48a
QueryPerformanceFrequency 0x0 0x48f230 0xbc478 0xbb878 0x3a8
FindResourceW 0x0 0x48f234 0xbc47c 0xbb87c 0x14e
LoadResource 0x0 0x48f238 0xbc480 0xbb880 0x341
LockResource 0x0 0x48f23c 0xbc484 0xbb884 0x354
SizeofResource 0x0 0x48f240 0xbc488 0xbb888 0x4b1
EnumResourceNamesW 0x0 0x48f244 0xbc48c 0xbb88c 0x102
OutputDebugStringW 0x0 0x48f248 0xbc490 0xbb890 0x38a
GetTempPathW 0x0 0x48f24c 0xbc494 0xbb894 0x285
GetTempFileNameW 0x0 0x48f250 0xbc498 0xbb898 0x283
DeviceIoControl 0x0 0x48f254 0xbc49c 0xbb89c 0xdd
GetLocalTime 0x0 0x48f258 0xbc4a0 0xbb8a0 0x203
CompareStringW 0x0 0x48f25c 0xbc4a4 0xbb8a4 0x64
GetCurrentProcess 0x0 0x48f260 0xbc4a8 0xbb8a8 0x1c0
EnterCriticalSection 0x0 0x48f264 0xbc4ac 0xbb8ac 0xee
LeaveCriticalSection 0x0 0x48f268 0xbc4b0 0xbb8b0 0x339
GetStdHandle 0x0 0x48f26c 0xbc4b4 0xbb8b4 0x264
CreatePipe 0x0 0x48f270 0xbc4b8 0xbb8b8 0xa1
InterlockedExchange 0x0 0x48f274 0xbc4bc 0xbb8bc 0x2ec
TerminateThread 0x0 0x48f278 0xbc4c0 0xbb8c0 0x4c1
LoadLibraryExW 0x0 0x48f27c 0xbc4c4 0xbb8c4 0x33e
FindResourceExW 0x0 0x48f280 0xbc4c8 0xbb8c8 0x14d
CopyFileW 0x0 0x48f284 0xbc4cc 0xbb8cc 0x75
VirtualFree 0x0 0x48f288 0xbc4d0 0xbb8d0 0x4ec
FormatMessageW 0x0 0x48f28c 0xbc4d4 0xbb8d4 0x15e
GetExitCodeProcess 0x0 0x48f290 0xbc4d8 0xbb8d8 0x1df
GetPrivateProfileStringW 0x0 0x48f294 0xbc4dc 0xbb8dc 0x242
WritePrivateProfileStringW 0x0 0x48f298 0xbc4e0 0xbb8e0 0x52b
GetPrivateProfileSectionW 0x0 0x48f29c 0xbc4e4 0xbb8e4 0x240
WritePrivateProfileSectionW 0x0 0x48f2a0 0xbc4e8 0xbb8e8 0x529
GetPrivateProfileSectionNamesW 0x0 0x48f2a4 0xbc4ec 0xbb8ec 0x23f
FileTimeToLocalFileTime 0x0 0x48f2a8 0xbc4f0 0xbb8f0 0x124
FileTimeToSystemTime 0x0 0x48f2ac 0xbc4f4 0xbb8f4 0x125
SystemTimeToFileTime 0x0 0x48f2b0 0xbc4f8 0xbb8f8 0x4bd
LocalFileTimeToFileTime 0x0 0x48f2b4 0xbc4fc 0xbb8fc 0x346
GetDriveTypeW 0x0 0x48f2b8 0xbc500 0xbb900 0x1d3
GetDiskFreeSpaceExW 0x0 0x48f2bc 0xbc504 0xbb904 0x1ce
GetDiskFreeSpaceW 0x0 0x48f2c0 0xbc508 0xbb908 0x1cf
GetVolumeInformationW 0x0 0x48f2c4 0xbc50c 0xbb90c 0x2a7
SetVolumeLabelW 0x0 0x48f2c8 0xbc510 0xbb910 0x4a9
CreateHardLinkW 0x0 0x48f2cc 0xbc514 0xbb914 0x93
SetFileAttributesW 0x0 0x48f2d0 0xbc518 0xbb918 0x461
CreateEventW 0x0 0x48f2d4 0xbc51c 0xbb91c 0x85
SetEvent 0x0 0x48f2d8 0xbc520 0xbb920 0x459
GetEnvironmentVariableW 0x0 0x48f2dc 0xbc524 0xbb924 0x1dc
SetEnvironmentVariableW 0x0 0x48f2e0 0xbc528 0xbb928 0x457
GlobalLock 0x0 0x48f2e4 0xbc52c 0xbb92c 0x2be
GlobalUnlock 0x0 0x48f2e8 0xbc530 0xbb930 0x2c5
GlobalAlloc 0x0 0x48f2ec 0xbc534 0xbb934 0x2b3
GetFileSize 0x0 0x48f2f0 0xbc538 0xbb938 0x1f0
GlobalFree 0x0 0x48f2f4 0xbc53c 0xbb93c 0x2ba
GlobalMemoryStatusEx 0x0 0x48f2f8 0xbc540 0xbb940 0x2c0
Beep 0x0 0x48f2fc 0xbc544 0xbb944 0x36
GetSystemDirectoryW 0x0 0x48f300 0xbc548 0xbb948 0x270
HeapReAlloc 0x0 0x48f304 0xbc54c 0xbb94c 0x2d2
HeapSize 0x0 0x48f308 0xbc550 0xbb950 0x2d4
GetComputerNameW 0x0 0x48f30c 0xbc554 0xbb954 0x18f
GetWindowsDirectoryW 0x0 0x48f310 0xbc558 0xbb958 0x2af
GetCurrentProcessId 0x0 0x48f314 0xbc55c 0xbb95c 0x1c1
GetProcessIoCounters 0x0 0x48f318 0xbc560 0xbb960 0x24e
CreateProcessW 0x0 0x48f31c 0xbc564 0xbb964 0xa8
GetProcessId 0x0 0x48f320 0xbc568 0xbb968 0x24c
SetPriorityClass 0x0 0x48f324 0xbc56c 0xbb96c 0x47d
LoadLibraryW 0x0 0x48f328 0xbc570 0xbb970 0x33f
VirtualAlloc 0x0 0x48f32c 0xbc574 0xbb974 0x4e9
IsDebuggerPresent 0x0 0x48f330 0xbc578 0xbb978 0x300
GetCurrentDirectoryW 0x0 0x48f334 0xbc57c 0xbb97c 0x1bf
lstrcmpiW 0x0 0x48f338 0xbc580 0xbb980 0x545
DecodePointer 0x0 0x48f33c 0xbc584 0xbb984 0xca
GetLastError 0x0 0x48f340 0xbc588 0xbb988 0x202
RaiseException 0x0 0x48f344 0xbc58c 0xbb98c 0x3b1
InitializeCriticalSectionAndSpinCount 0x0 0x48f348 0xbc590 0xbb990 0x2e3
DeleteCriticalSection 0x0 0x48f34c 0xbc594 0xbb994 0xd1
InterlockedDecrement 0x0 0x48f350 0xbc598 0xbb998 0x2eb
InterlockedIncrement 0x0 0x48f354 0xbc59c 0xbb99c 0x2ef
GetCurrentThread 0x0 0x48f358 0xbc5a0 0xbb9a0 0x1c4
CloseHandle 0x0 0x48f35c 0xbc5a4 0xbb9a4 0x52
GetFullPathNameW 0x0 0x48f360 0xbc5a8 0xbb9a8 0x1fb
EncodePointer 0x0 0x48f364 0xbc5ac 0xbb9ac 0xea
ExitProcess 0x0 0x48f368 0xbc5b0 0xbb9b0 0x119
GetModuleHandleExW 0x0 0x48f36c 0xbc5b4 0xbb9b4 0x217
ExitThread 0x0 0x48f370 0xbc5b8 0xbb9b8 0x11a
GetSystemTimeAsFileTime 0x0 0x48f374 0xbc5bc 0xbb9bc 0x279
ResumeThread 0x0 0x48f378 0xbc5c0 0xbb9c0 0x413
GetCommandLineW 0x0 0x48f37c 0xbc5c4 0xbb9c4 0x187
IsProcessorFeaturePresent 0x0 0x48f380 0xbc5c8 0xbb9c8 0x304
IsValidCodePage 0x0 0x48f384 0xbc5cc 0xbb9cc 0x30a
GetACP 0x0 0x48f388 0xbc5d0 0xbb9d0 0x168
GetOEMCP 0x0 0x48f38c 0xbc5d4 0xbb9d4 0x237
GetCPInfo 0x0 0x48f390 0xbc5d8 0xbb9d8 0x172
SetLastError 0x0 0x48f394 0xbc5dc 0xbb9dc 0x473
UnhandledExceptionFilter 0x0 0x48f398 0xbc5e0 0xbb9e0 0x4d3
SetUnhandledExceptionFilter 0x0 0x48f39c 0xbc5e4 0xbb9e4 0x4a5
TlsAlloc 0x0 0x48f3a0 0xbc5e8 0xbb9e8 0x4c5
TlsGetValue 0x0 0x48f3a4 0xbc5ec 0xbb9ec 0x4c7
TlsSetValue 0x0 0x48f3a8 0xbc5f0 0xbb9f0 0x4c8
TlsFree 0x0 0x48f3ac 0xbc5f4 0xbb9f4 0x4c6
GetStartupInfoW 0x0 0x48f3b0 0xbc5f8 0xbb9f8 0x263
GetStringTypeW 0x0 0x48f3b4 0xbc5fc 0xbb9fc 0x269
SetStdHandle 0x0 0x48f3b8 0xbc600 0xbba00 0x487
GetFileType 0x0 0x48f3bc 0xbc604 0xbba04 0x1f3
GetConsoleCP 0x0 0x48f3c0 0xbc608 0xbba08 0x19a
GetConsoleMode 0x0 0x48f3c4 0xbc60c 0xbba0c 0x1ac
RtlUnwind 0x0 0x48f3c8 0xbc610 0xbba10 0x418
ReadConsoleW 0x0 0x48f3cc 0xbc614 0xbba14 0x3be
GetTimeZoneInformation 0x0 0x48f3d0 0xbc618 0xbba18 0x298
GetDateFormatW 0x0 0x48f3d4 0xbc61c 0xbba1c 0x1c8
GetTimeFormatW 0x0 0x48f3d8 0xbc620 0xbba20 0x297
LCMapStringW 0x0 0x48f3dc 0xbc624 0xbba24 0x32d
GetEnvironmentStringsW 0x0 0x48f3e0 0xbc628 0xbba28 0x1da
FreeEnvironmentStringsW 0x0 0x48f3e4 0xbc62c 0xbba2c 0x161
WriteConsoleW 0x0 0x48f3e8 0xbc630 0xbba30 0x524
FindClose 0x0 0x48f3ec 0xbc634 0xbba34 0x12e
SetEnvironmentVariableA 0x0 0x48f3f0 0xbc638 0xbba38 0x456
USER32.dll (160)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AdjustWindowRectEx 0x0 0x48f4cc 0xbc714 0xbbb14 0x3
CopyImage 0x0 0x48f4d0 0xbc718 0xbbb18 0x54
SetWindowPos 0x0 0x48f4d4 0xbc71c 0xbbb1c 0x2c6
GetCursorInfo 0x0 0x48f4d8 0xbc720 0xbbb20 0x11f
RegisterHotKey 0x0 0x48f4dc 0xbc724 0xbbb24 0x256
ClientToScreen 0x0 0x48f4e0 0xbc728 0xbbb28 0x47
GetKeyboardLayoutNameW 0x0 0x48f4e4 0xbc72c 0xbbb2c 0x141
IsCharAlphaW 0x0 0x48f4e8 0xbc730 0xbbb30 0x1c4
IsCharAlphaNumericW 0x0 0x48f4ec 0xbc734 0xbbb34 0x1c3
IsCharLowerW 0x0 0x48f4f0 0xbc738 0xbbb38 0x1c6
IsCharUpperW 0x0 0x48f4f4 0xbc73c 0xbbb3c 0x1c8
GetMenuStringW 0x0 0x48f4f8 0xbc740 0xbbb40 0x158
GetSubMenu 0x0 0x48f4fc 0xbc744 0xbbb44 0x17a
GetCaretPos 0x0 0x48f500 0xbc748 0xbbb48 0x10a
IsZoomed 0x0 0x48f504 0xbc74c 0xbbb4c 0x1e2
MonitorFromPoint 0x0 0x48f508 0xbc750 0xbbb50 0x218
GetMonitorInfoW 0x0 0x48f50c 0xbc754 0xbbb54 0x15f
SetWindowLongW 0x0 0x48f510 0xbc758 0xbbb58 0x2c4
SetLayeredWindowAttributes 0x0 0x48f514 0xbc75c 0xbbb5c 0x298
FlashWindow 0x0 0x48f518 0xbc760 0xbbb60 0xfb
GetClassLongW 0x0 0x48f51c 0xbc764 0xbbb64 0x110
TranslateAcceleratorW 0x0 0x48f520 0xbc768 0xbbb68 0x2fa
IsDialogMessageW 0x0 0x48f524 0xbc76c 0xbbb6c 0x1cd
GetSysColor 0x0 0x48f528 0xbc770 0xbbb70 0x17b
InflateRect 0x0 0x48f52c 0xbc774 0xbbb74 0x1b5
DrawFocusRect 0x0 0x48f530 0xbc778 0xbbb78 0xc4
DrawTextW 0x0 0x48f534 0xbc77c 0xbbb7c 0xd0
FrameRect 0x0 0x48f538 0xbc780 0xbbb80 0xfd
DrawFrameControl 0x0 0x48f53c 0xbc784 0xbbb84 0xc6
FillRect 0x0 0x48f540 0xbc788 0xbbb88 0xf6
PtInRect 0x0 0x48f544 0xbc78c 0xbbb8c 0x240
DestroyAcceleratorTable 0x0 0x48f548 0xbc790 0xbbb90 0xa0
CreateAcceleratorTableW 0x0 0x48f54c 0xbc794 0xbbb94 0x58
SetCursor 0x0 0x48f550 0xbc798 0xbbb98 0x288
GetWindowDC 0x0 0x48f554 0xbc79c 0xbbb9c 0x192
GetSystemMetrics 0x0 0x48f558 0xbc7a0 0xbbba0 0x17e
GetActiveWindow 0x0 0x48f55c 0xbc7a4 0xbbba4 0x100
CharNextW 0x0 0x48f560 0xbc7a8 0xbbba8 0x31
wsprintfW 0x0 0x48f564 0xbc7ac 0xbbbac 0x333
RedrawWindow 0x0 0x48f568 0xbc7b0 0xbbbb0 0x24a
DrawMenuBar 0x0 0x48f56c 0xbc7b4 0xbbbb4 0xc9
DestroyMenu 0x0 0x48f570 0xbc7b8 0xbbbb8 0xa4
SetMenu 0x0 0x48f574 0xbc7bc 0xbbbbc 0x29c
GetWindowTextLengthW 0x0 0x48f578 0xbc7c0 0xbbbc0 0x1a2
CreateMenu 0x0 0x48f57c 0xbc7c4 0xbbbc4 0x6a
IsDlgButtonChecked 0x0 0x48f580 0xbc7c8 0xbbbc8 0x1ce
DefDlgProcW 0x0 0x48f584 0xbc7cc 0xbbbcc 0x95
CallWindowProcW 0x0 0x48f588 0xbc7d0 0xbbbd0 0x1e
ReleaseCapture 0x0 0x48f58c 0xbc7d4 0xbbbd4 0x264
SetCapture 0x0 0x48f590 0xbc7d8 0xbbbd8 0x280
CreateIconFromResourceEx 0x0 0x48f594 0xbc7dc 0xbbbdc 0x66
mouse_event 0x0 0x48f598 0xbc7e0 0xbbbe0 0x331
ExitWindowsEx 0x0 0x48f59c 0xbc7e4 0xbbbe4 0xf5
SetActiveWindow 0x0 0x48f5a0 0xbc7e8 0xbbbe8 0x27f
FindWindowExW 0x0 0x48f5a4 0xbc7ec 0xbbbec 0xf9
EnumThreadWindows 0x0 0x48f5a8 0xbc7f0 0xbbbf0 0xef
SetMenuDefaultItem 0x0 0x48f5ac 0xbc7f4 0xbbbf4 0x29e
InsertMenuItemW 0x0 0x48f5b0 0xbc7f8 0xbbbf8 0x1b9
IsMenu 0x0 0x48f5b4 0xbc7fc 0xbbbfc 0x1d2
TrackPopupMenuEx 0x0 0x48f5b8 0xbc800 0xbbc00 0x2f7
GetCursorPos 0x0 0x48f5bc 0xbc804 0xbbc04 0x120
DeleteMenu 0x0 0x48f5c0 0xbc808 0xbbc08 0x9e
SetRect 0x0 0x48f5c4 0xbc80c 0xbbc0c 0x2ae
GetMenuItemID 0x0 0x48f5c8 0xbc810 0xbbc10 0x152
GetMenuItemCount 0x0 0x48f5cc 0xbc814 0xbbc14 0x151
SetMenuItemInfoW 0x0 0x48f5d0 0xbc818 0xbbc18 0x2a2
GetMenuItemInfoW 0x0 0x48f5d4 0xbc81c 0xbbc1c 0x154
SetForegroundWindow 0x0 0x48f5d8 0xbc820 0xbbc20 0x293
IsIconic 0x0 0x48f5dc 0xbc824 0xbbc24 0x1d1
FindWindowW 0x0 0x48f5e0 0xbc828 0xbbc28 0xfa
MonitorFromRect 0x0 0x48f5e4 0xbc82c 0xbbc2c 0x219
keybd_event 0x0 0x48f5e8 0xbc830 0xbbc30 0x330
SendInput 0x0 0x48f5ec 0xbc834 0xbbc34 0x276
GetAsyncKeyState 0x0 0x48f5f0 0xbc838 0xbbc38 0x107
SetKeyboardState 0x0 0x48f5f4 0xbc83c 0xbbc3c 0x296
GetKeyboardState 0x0 0x48f5f8 0xbc840 0xbbc40 0x142
GetKeyState 0x0 0x48f5fc 0xbc844 0xbbc44 0x13d
VkKeyScanW 0x0 0x48f600 0xbc848 0xbbc48 0x321
LoadStringW 0x0 0x48f604 0xbc84c 0xbbc4c 0x1fa
DialogBoxParamW 0x0 0x48f608 0xbc850 0xbbc50 0xac
MessageBeep 0x0 0x48f60c 0xbc854 0xbbc54 0x20d
EndDialog 0x0 0x48f610 0xbc858 0xbbc58 0xda
SendDlgItemMessageW 0x0 0x48f614 0xbc85c 0xbbc5c 0x273
GetDlgItem 0x0 0x48f618 0xbc860 0xbbc60 0x127
SetWindowTextW 0x0 0x48f61c 0xbc864 0xbbc64 0x2cb
CopyRect 0x0 0x48f620 0xbc868 0xbbc68 0x55
ReleaseDC 0x0 0x48f624 0xbc86c 0xbbc6c 0x265
GetDC 0x0 0x48f628 0xbc870 0xbbc70 0x121
EndPaint 0x0 0x48f62c 0xbc874 0xbbc74 0xdc
BeginPaint 0x0 0x48f630 0xbc878 0xbbc78 0xe
GetClientRect 0x0 0x48f634 0xbc87c 0xbbc7c 0x114
GetMenu 0x0 0x48f638 0xbc880 0xbbc80 0x14b
DestroyWindow 0x0 0x48f63c 0xbc884 0xbbc84 0xa6
EnumWindows 0x0 0x48f640 0xbc888 0xbbc88 0xf2
GetDesktopWindow 0x0 0x48f644 0xbc88c 0xbbc8c 0x123
IsWindow 0x0 0x48f648 0xbc890 0xbbc90 0x1db
IsWindowEnabled 0x0 0x48f64c 0xbc894 0xbbc94 0x1dc
IsWindowVisible 0x0 0x48f650 0xbc898 0xbbc98 0x1e0
EnableWindow 0x0 0x48f654 0xbc89c 0xbbc9c 0xd8
InvalidateRect 0x0 0x48f658 0xbc8a0 0xbbca0 0x1be
GetWindowLongW 0x0 0x48f65c 0xbc8a4 0xbbca4 0x196
GetWindowThreadProcessId 0x0 0x48f660 0xbc8a8 0xbbca8 0x1a4
AttachThreadInput 0x0 0x48f664 0xbc8ac 0xbbcac 0xc
GetFocus 0x0 0x48f668 0xbc8b0 0xbbcb0 0x12c
GetWindowTextW 0x0 0x48f66c 0xbc8b4 0xbbcb4 0x1a3
ScreenToClient 0x0 0x48f670 0xbc8b8 0xbbcb8 0x26d
SendMessageTimeoutW 0x0 0x48f674 0xbc8bc 0xbbcbc 0x27b
EnumChildWindows 0x0 0x48f678 0xbc8c0 0xbbcc0 0xdf
CharUpperBuffW 0x0 0x48f67c 0xbc8c4 0xbbcc4 0x3b
GetParent 0x0 0x48f680 0xbc8c8 0xbbcc8 0x164
GetDlgCtrlID 0x0 0x48f684 0xbc8cc 0xbbccc 0x126
SendMessageW 0x0 0x48f688 0xbc8d0 0xbbcd0 0x27c
MapVirtualKeyW 0x0 0x48f68c 0xbc8d4 0xbbcd4 0x208
PostMessageW 0x0 0x48f690 0xbc8d8 0xbbcd8 0x236
GetWindowRect 0x0 0x48f694 0xbc8dc 0xbbcdc 0x19c
SetUserObjectSecurity 0x0 0x48f698 0xbc8e0 0xbbce0 0x2be
CloseDesktop 0x0 0x48f69c 0xbc8e4 0xbbce4 0x4a
CloseWindowStation 0x0 0x48f6a0 0xbc8e8 0xbbce8 0x4e
OpenDesktopW 0x0 0x48f6a4 0xbc8ec 0xbbcec 0x228
SetProcessWindowStation 0x0 0x48f6a8 0xbc8f0 0xbbcf0 0x2aa
GetProcessWindowStation 0x0 0x48f6ac 0xbc8f4 0xbbcf4 0x168
OpenWindowStationW 0x0 0x48f6b0 0xbc8f8 0xbbcf8 0x22d
GetUserObjectSecurity 0x0 0x48f6b4 0xbc8fc 0xbbcfc 0x18c
MessageBoxW 0x0 0x48f6b8 0xbc900 0xbbd00 0x215
DefWindowProcW 0x0 0x48f6bc 0xbc904 0xbbd04 0x9c
SetClipboardData 0x0 0x48f6c0 0xbc908 0xbbd08 0x286
EmptyClipboard 0x0 0x48f6c4 0xbc90c 0xbbd0c 0xd5
CountClipboardFormats 0x0 0x48f6c8 0xbc910 0xbbd10 0x56
CloseClipboard 0x0 0x48f6cc 0xbc914 0xbbd14 0x49
GetClipboardData 0x0 0x48f6d0 0xbc918 0xbbd18 0x116
IsClipboardFormatAvailable 0x0 0x48f6d4 0xbc91c 0xbbd1c 0x1ca
OpenClipboard 0x0 0x48f6d8 0xbc920 0xbbd20 0x226
BlockInput 0x0 0x48f6dc 0xbc924 0xbbd24 0xf
GetMessageW 0x0 0x48f6e0 0xbc928 0xbbd28 0x15d
LockWindowUpdate 0x0 0x48f6e4 0xbc92c 0xbbd2c 0x1fd
DispatchMessageW 0x0 0x48f6e8 0xbc930 0xbbd30 0xaf
TranslateMessage 0x0 0x48f6ec 0xbc934 0xbbd34 0x2fc
PeekMessageW 0x0 0x48f6f0 0xbc938 0xbbd38 0x233
UnregisterHotKey 0x0 0x48f6f4 0xbc93c 0xbbd3c 0x308
CheckMenuRadioItem 0x0 0x48f6f8 0xbc940 0xbbd40 0x40
CharLowerBuffW 0x0 0x48f6fc 0xbc944 0xbbd44 0x2d
MoveWindow 0x0 0x48f700 0xbc948 0xbbd48 0x21b
SetFocus 0x0 0x48f704 0xbc94c 0xbbd4c 0x292
PostQuitMessage 0x0 0x48f708 0xbc950 0xbbd50 0x237
KillTimer 0x0 0x48f70c 0xbc954 0xbbd54 0x1e3
CreatePopupMenu 0x0 0x48f710 0xbc958 0xbbd58 0x6b
RegisterWindowMessageW 0x0 0x48f714 0xbc95c 0xbbd5c 0x263
SetTimer 0x0 0x48f718 0xbc960 0xbbd60 0x2bb
ShowWindow 0x0 0x48f71c 0xbc964 0xbbd64 0x2df
CreateWindowExW 0x0 0x48f720 0xbc968 0xbbd68 0x6e
RegisterClassExW 0x0 0x48f724 0xbc96c 0xbbd6c 0x24d
LoadIconW 0x0 0x48f728 0xbc970 0xbbd70 0x1ed
LoadCursorW 0x0 0x48f72c 0xbc974 0xbbd74 0x1eb
GetSysColorBrush 0x0 0x48f730 0xbc978 0xbbd78 0x17c
GetForegroundWindow 0x0 0x48f734 0xbc97c 0xbbd7c 0x12d
MessageBoxA 0x0 0x48f738 0xbc980 0xbbd80 0x20e
DestroyIcon 0x0 0x48f73c 0xbc984 0xbbd84 0xa3
SystemParametersInfoW 0x0 0x48f740 0xbc988 0xbbd88 0x2ec
LoadImageW 0x0 0x48f744 0xbc98c 0xbbd8c 0x1ef
GetClassNameW 0x0 0x48f748 0xbc990 0xbbd90 0x112
GDI32.dll (35)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StrokePath 0x0 0x48f0c4 0xbc30c 0xbb70c 0x2b6
DeleteObject 0x0 0x48f0c8 0xbc310 0xbb710 0xe6
GetTextExtentPoint32W 0x0 0x48f0cc 0xbc314 0xbb714 0x21e
ExtCreatePen 0x0 0x48f0d0 0xbc318 0xbb718 0x132
GetDeviceCaps 0x0 0x48f0d4 0xbc31c 0xbb71c 0x1cb
EndPath 0x0 0x48f0d8 0xbc320 0xbb720 0xf3
SetPixel 0x0 0x48f0dc 0xbc324 0xbb724 0x29b
CloseFigure 0x0 0x48f0e0 0xbc328 0xbb728 0x1e
CreateCompatibleBitmap 0x0 0x48f0e4 0xbc32c 0xbb72c 0x2f
CreateCompatibleDC 0x0 0x48f0e8 0xbc330 0xbb730 0x30
SelectObject 0x0 0x48f0ec 0xbc334 0xbb734 0x277
StretchBlt 0x0 0x48f0f0 0xbc338 0xbb738 0x2b3
GetDIBits 0x0 0x48f0f4 0xbc33c 0xbb73c 0x1ca
LineTo 0x0 0x48f0f8 0xbc340 0xbb740 0x236
AngleArc 0x0 0x48f0fc 0xbc344 0xbb744 0x8
MoveToEx 0x0 0x48f100 0xbc348 0xbb748 0x23a
Ellipse 0x0 0x48f104 0xbc34c 0xbb74c 0xed
DeleteDC 0x0 0x48f108 0xbc350 0xbb750 0xe3
GetPixel 0x0 0x48f10c 0xbc354 0xbb754 0x204
CreateDCW 0x0 0x48f110 0xbc358 0xbb758 0x32
GetStockObject 0x0 0x48f114 0xbc35c 0xbb75c 0x20d
GetTextFaceW 0x0 0x48f118 0xbc360 0xbb760 0x224
CreateFontW 0x0 0x48f11c 0xbc364 0xbb764 0x41
SetTextColor 0x0 0x48f120 0xbc368 0xbb768 0x2a6
PolyDraw 0x0 0x48f124 0xbc36c 0xbb76c 0x250
BeginPath 0x0 0x48f128 0xbc370 0xbb770 0x12
Rectangle 0x0 0x48f12c 0xbc374 0xbb774 0x25f
SetViewportOrgEx 0x0 0x48f130 0xbc378 0xbb778 0x2a9
GetObjectW 0x0 0x48f134 0xbc37c 0xbb77c 0x1fd
SetBkMode 0x0 0x48f138 0xbc380 0xbb780 0x27f
RoundRect 0x0 0x48f13c 0xbc384 0xbb784 0x26a
SetBkColor 0x0 0x48f140 0xbc388 0xbb788 0x27e
CreatePen 0x0 0x48f144 0xbc38c 0xbb78c 0x4b
CreateSolidBrush 0x0 0x48f148 0xbc390 0xbb790 0x54
StrokeAndFillPath 0x0 0x48f14c 0xbc394 0xbb794 0x2b5
COMDLG32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetOpenFileNameW 0x0 0x48f0b8 0xbc300 0xbb700 0xc
GetSaveFileNameW 0x0 0x48f0bc 0xbc304 0xbb704 0xe
ADVAPI32.dll (33)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetAce 0x0 0x48f000 0xbc248 0xbb648 0x123
RegEnumValueW 0x0 0x48f004 0xbc24c 0xbb64c 0x252
RegDeleteValueW 0x0 0x48f008 0xbc250 0xbb650 0x248
RegDeleteKeyW 0x0 0x48f00c 0xbc254 0xbb654 0x244
RegEnumKeyExW 0x0 0x48f010 0xbc258 0xbb658 0x24f
RegSetValueExW 0x0 0x48f014 0xbc25c 0xbb65c 0x27e
RegOpenKeyExW 0x0 0x48f018 0xbc260 0xbb660 0x261
RegCloseKey 0x0 0x48f01c 0xbc264 0xbb664 0x230
RegQueryValueExW 0x0 0x48f020 0xbc268 0xbb668 0x26e
RegConnectRegistryW 0x0 0x48f024 0xbc26c 0xbb66c 0x234
InitializeSecurityDescriptor 0x0 0x48f028 0xbc270 0xbb670 0x177
InitializeAcl 0x0 0x48f02c 0xbc274 0xbb674 0x176
AdjustTokenPrivileges 0x0 0x48f030 0xbc278 0xbb678 0x1f
OpenThreadToken 0x0 0x48f034 0xbc27c 0xbb67c 0x1fc
OpenProcessToken 0x0 0x48f038 0xbc280 0xbb680 0x1f7
LookupPrivilegeValueW 0x0 0x48f03c 0xbc284 0xbb684 0x197
DuplicateTokenEx 0x0 0x48f040 0xbc288 0xbb688 0xdf
CreateProcessAsUserW 0x0 0x48f044 0xbc28c 0xbb68c 0x7c
CreateProcessWithLogonW 0x0 0x48f048 0xbc290 0xbb690 0x7d
GetLengthSid 0x0 0x48f04c 0xbc294 0xbb694 0x136
CopySid 0x0 0x48f050 0xbc298 0xbb698 0x76
LogonUserW 0x0 0x48f054 0xbc29c 0xbb69c 0x18d
AllocateAndInitializeSid 0x0 0x48f058 0xbc2a0 0xbb6a0 0x20
CheckTokenMembership 0x0 0x48f05c 0xbc2a4 0xbb6a4 0x51
RegCreateKeyExW 0x0 0x48f060 0xbc2a8 0xbb6a8 0x239
FreeSid 0x0 0x48f064 0xbc2ac 0xbb6ac 0x120
GetTokenInformation 0x0 0x48f068 0xbc2b0 0xbb6b0 0x15a
GetSecurityDescriptorDacl 0x0 0x48f06c 0xbc2b4 0xbb6b4 0x148
GetAclInformation 0x0 0x48f070 0xbc2b8 0xbb6b8 0x124
AddAce 0x0 0x48f074 0xbc2bc 0xbb6bc 0x16
SetSecurityDescriptorDacl 0x0 0x48f078 0xbc2c0 0xbb6c0 0x2b6
GetUserNameW 0x0 0x48f07c 0xbc2c4 0xbb6c4 0x165
InitiateSystemShutdownExW 0x0 0x48f080 0xbc2c8 0xbb6c8 0x17d
SHELL32.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DragQueryPoint 0x0 0x48f48c 0xbc6d4 0xbbad4 0x20
ShellExecuteExW 0x0 0x48f490 0xbc6d8 0xbbad8 0x121
DragQueryFileW 0x0 0x48f494 0xbc6dc 0xbbadc 0x1f
SHEmptyRecycleBinW 0x0 0x48f498 0xbc6e0 0xbbae0 0xa5
SHGetPathFromIDListW 0x0 0x48f49c 0xbc6e4 0xbbae4 0xd7
SHBrowseForFolderW 0x0 0x48f4a0 0xbc6e8 0xbbae8 0x7b
SHCreateShellItem 0x0 0x48f4a4 0xbc6ec 0xbbaec 0x9a
SHGetDesktopFolder 0x0 0x48f4a8 0xbc6f0 0xbbaf0 0xb6
SHGetSpecialFolderLocation 0x0 0x48f4ac 0xbc6f4 0xbbaf4 0xdf
SHGetFolderPathW 0x0 0x48f4b0 0xbc6f8 0xbbaf8 0xc3
SHFileOperationW 0x0 0x48f4b4 0xbc6fc 0xbbafc 0xac
ExtractIconExW 0x0 0x48f4b8 0xbc700 0xbbb00 0x2a
Shell_NotifyIconW 0x0 0x48f4bc 0xbc704 0xbbb04 0x12e
ShellExecuteW 0x0 0x48f4c0 0xbc708 0xbbb08 0x122
DragFinish 0x0 0x48f4c4 0xbc70c 0xbbb0c 0x1b
ole32.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoTaskMemAlloc 0x0 0x48f828 0xbca70 0xbbe70 0x67
CoTaskMemFree 0x0 0x48f82c 0xbca74 0xbbe74 0x68
CLSIDFromString 0x0 0x48f830 0xbca78 0xbbe78 0x8
ProgIDFromCLSID 0x0 0x48f834 0xbca7c 0xbbe7c 0x14b
CLSIDFromProgID 0x0 0x48f838 0xbca80 0xbbe80 0x6
OleSetMenuDescriptor 0x0 0x48f83c 0xbca84 0xbbe84 0x147
MkParseDisplayName 0x0 0x48f840 0xbca88 0xbbe88 0xd4
OleSetContainedObject 0x0 0x48f844 0xbca8c 0xbbe8c 0x146
CoCreateInstance 0x0 0x48f848 0xbca90 0xbbe90 0x10
IIDFromString 0x0 0x48f84c 0xbca94 0xbbe94 0xcd
StringFromGUID2 0x0 0x48f850 0xbca98 0xbbe98 0x179
CreateStreamOnHGlobal 0x0 0x48f854 0xbca9c 0xbbe9c 0x86
OleInitialize 0x0 0x48f858 0xbcaa0 0xbbea0 0x132
OleUninitialize 0x0 0x48f85c 0xbcaa4 0xbbea4 0x149
CoInitialize 0x0 0x48f860 0xbcaa8 0xbbea8 0x3e
CoUninitialize 0x0 0x48f864 0xbcaac 0xbbeac 0x6c
GetRunningObjectTable 0x0 0x48f868 0xbcab0 0xbbeb0 0x97
CoGetInstanceFromFile 0x0 0x48f86c 0xbcab4 0xbbeb4 0x2d
CoGetObject 0x0 0x48f870 0xbcab8 0xbbeb8 0x35
CoSetProxyBlanket 0x0 0x48f874 0xbcabc 0xbbebc 0x63
CoCreateInstanceEx 0x0 0x48f878 0xbcac0 0xbbec0 0x11
CoInitializeSecurity 0x0 0x48f87c 0xbcac4 0xbbec4 0x40
OLEAUT32.dll (29)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadTypeLibEx 0xb7 0x48f40c 0xbc654 0xbba54 -
VariantCopyInd 0xb 0x48f410 0xbc658 0xbba58 -
SysReAllocString 0x3 0x48f414 0xbc65c 0xbba5c -
SysFreeString 0x6 0x48f418 0xbc660 0xbba60 -
SafeArrayDestroyDescriptor 0x26 0x48f41c 0xbc664 0xbba64 -
SafeArrayDestroyData 0x27 0x48f420 0xbc668 0xbba68 -
SafeArrayUnaccessData 0x18 0x48f424 0xbc66c 0xbba6c -
SafeArrayAccessData 0x17 0x48f428 0xbc670 0xbba70 -
SafeArrayAllocData 0x25 0x48f42c 0xbc674 0xbba74 -
SafeArrayAllocDescriptorEx 0x29 0x48f430 0xbc678 0xbba78 -
SafeArrayCreateVector 0x19b 0x48f434 0xbc67c 0xbba7c -
RegisterTypeLib 0xa3 0x48f438 0xbc680 0xbba80 -
CreateStdDispatch 0x20 0x48f43c 0xbc684 0xbba84 -
DispCallFunc 0x92 0x48f440 0xbc688 0xbba88 -
VariantChangeType 0xc 0x48f444 0xbc68c 0xbba8c -
SysStringLen 0x7 0x48f448 0xbc690 0xbba90 -
VariantTimeToSystemTime 0xb9 0x48f44c 0xbc694 0xbba94 -
VarR8FromDec 0xdc 0x48f450 0xbc698 0xbba98 -
SafeArrayGetVartype 0x4d 0x48f454 0xbc69c 0xbba9c -
VariantCopy 0xa 0x48f458 0xbc6a0 0xbbaa0 -
VariantClear 0x9 0x48f45c 0xbc6a4 0xbbaa4 -
OleLoadPicture 0x1a2 0x48f460 0xbc6a8 0xbbaa8 -
QueryPathOfRegTypeLib 0xa4 0x48f464 0xbc6ac 0xbbaac -
RegisterTypeLibForUser 0x1ba 0x48f468 0xbc6b0 0xbbab0 -
UnRegisterTypeLibForUser 0x1bb 0x48f46c 0xbc6b4 0xbbab4 -
UnRegisterTypeLib 0xba 0x48f470 0xbc6b8 0xbbab8 -
CreateDispTypeInfo 0x1f 0x48f474 0xbc6bc 0xbbabc -
SysAllocString 0x2 0x48f478 0xbc6c0 0xbbac0 -
VariantInit 0x8 0x48f47c 0xbc6c4 0xbbac4 -
Icons (4)
»
C:\Users\CIIHMN~1\AppData\Local\Temp\autED97.tmp Created File Binary
Suspicious
...
»
Also Known As C:\Users\CIiHmnxMn6Ps\AppData\Roaming\517847183.tmp (Created File)
Mime Type application/x-dosexec
File Size 4.69 MB
MD5 5e137a5cf5138f25f5b3d74e7e694eac Copy to Clipboard
SHA1 243cac505e430609afd4807534a0ec27792c0796 Copy to Clipboard
SHA256 2ae5e88dc24e02d2e4bb65bdf5be48b5430baa545188af8a6498d14bc3cf4191 Copy to Clipboard
SSDeep 98304:ETVPCviLZiYvlp5pamq//BsIhwOuFL0hyP:IVKviL4Ytpam4ypOG0h Copy to Clipboard
ImpHash baa93d47220682c04d92f7797d9224ce Copy to Clipboard
File Reputation Information
»
Severity
Suspicious
First Seen 2018-12-19 00:42 (UTC+1)
Last Seen 2019-01-25 11:05 (UTC+1)
Names Win32.Trojan.Mago
Families Mago
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0xeb6000
Size Of Code 0x323600
Size Of Initialized Data 0x3c800
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 1970-01-01 00:00:00+00:00
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
0x401000 0x66e000 0x2c5800 0x1000 cnt_initialized_data, mem_execute, mem_read, mem_write 7.98
.rsrc 0xa6f000 0x22c48 0x4e00 0x2c6800 cnt_initialized_data, mem_read, mem_write 7.96
.idata 0xa92000 0x1000 0x200 0x2cb600 cnt_initialized_data, mem_read, mem_write 1.28
0xa93000 0x23e000 0x200 0x2cb800 cnt_initialized_data, mem_execute, mem_read, mem_write 0.26
rvsqcxpf 0xcd1000 0x1e4000 0x1e3800 0x2cba00 cnt_initialized_data, mem_execute, mem_read, mem_write 7.8
vkryjhdp 0xeb5000 0x1000 0x200 0x4af200 cnt_initialized_data, mem_execute, mem_read, mem_write 3.89
.taggant 0xeb6000 0x3000 0x2200 0x4af400 cnt_initialized_data, mem_execute, mem_read, mem_write 0.02
Imports (2)
»
kernel32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
lstrcpy 0x0 0xa92033 0x692043 0x2cb643 0x0
comctl32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InitCommonControls 0x0 0xa9203b 0x69204b 0x2cb64b 0x0
Exports (11)
»
Api name EAT Address Ordinal
_cgo_panic 0x1ba580 0x1
_cgo_topofstack 0xf2310 0x2
authorizerTrampoline 0x1290 0x3
callbackTrampoline 0x1070 0x4
commitHookTrampoline 0x11b0 0x5
compareTrampoline 0x1150 0x6
crosscall2 0x1ba5b0 0x7
doneTrampoline 0x1110 0x8
rollbackHookTrampoline 0x11f0 0x9
stepTrampoline 0x10c0 0xa
updateHookTrampoline 0x1230 0xb
Icons (1)
»
Zero_Two.tmp Created File Binary
Suspicious
...
»
Also Known As C:\ProgramData\WinSys.exe (Created File)
C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\SystemDebug.exe (Created File)
Mime Type application/x-dosexec
File Size 103.00 KB
MD5 dc94ab73eadb420e362697dfdea306a7 Copy to Clipboard
SHA1 fdcf1d67eb22b0fac6cb598d0a138c63b79fb0bf Copy to Clipboard
SHA256 ffeeb844993f2fee324a19467d8ed8a36d82084002542674b1f3ee111ca0e643 Copy to Clipboard
SSDeep 3072:SzEWN5IyOrM2MrIfjblaX/g7q0LyejLl77W8rOirJTqX2wA2j8/VE:SxIyTIfj5aW Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
Parser Error Remark Static analyzer was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Suspicious
First Seen 2018-12-08 00:23 (UTC+1)
Last Seen 2019-01-25 14:09 (UTC+1)
Names Win32.Trojan.Zusy
Families Zusy
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x413c1e
Size Of Code 0x11e00
Size Of Initialized Data 0x7c00
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2018-12-04 17:16:50+00:00
Version Information (8)
»
LegalCopyright 2017 (c) Realtek Semiconductor. All rights reserved.
InternalName RtkNGui.exe
FileVersion 1.0.657.0
CompanyName Realtek Semiconductor
ProductName إدارة صوت Realtek HD
ProductVersion 1.0.657.0
FileDescription إدارة صوت Realtek HD
OriginalFilename RtkNGui.exe
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x11c24 0x11e00 0x200 cnt_code, mem_execute, mem_read 6.37
.rsrc 0x414000 0x79a8 0x7a00 0x12000 cnt_initialized_data, mem_read 3.82
.reloc 0x41c000 0xc 0x200 0x19a00 cnt_initialized_data, mem_discardable, mem_read 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0x13bec 0x11dec 0x0
C:\Users\CIIHMN~1\AppData\Local\Temp\autED97.tmp Created File Unknown
Whitelisted
...
»
Also Known As C:\Users\CIiHmnxMn6Ps\AppData\Roaming\517847183.tmp (Created File)
C:\Users\CIIHMN~1\AppData\Local\Temp\autF2F7.tmp (Created File)
C:\Users\CIiHmnxMn6Ps\AppData\Local\zgk6mujwue41\\google_chrome_default_logins.txt (Created File)
C:\Users\CIiHmnxMn6Ps\AppData\Local\zgk6mujwue41\google_chrome_default_logins.txt (Created File)
C:\Users\CIiHmnxMn6Ps\AppData\Local\zgk6mujwue41\\google_chrome_default_ccdata.txt (Created File)
C:\Users\CIiHmnxMn6Ps\AppData\Local\zgk6mujwue41\google_chrome_default_ccdata.txt (Created File)
C:\ProgramData\WinSys.exe (Created File)
Mime Type application/x-empty
File Size 0.00 KB
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2011-05-27 11:27 (UTC+2)
Last Seen 2017-04-19 12:47 (UTC+2)
C:\Users\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\\LoginData1 Created File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 18.00 KB
MD5 b22b1727c127485e970296265351b582 Copy to Clipboard
SHA1 c6f71441e5709ae15583c60ab9f839190b08f59f Copy to Clipboard
SHA256 c6454fe10eaa9e375ee46ed82a2c851f1adae49061234f48c80135bbd17f0f7f Copy to Clipboard
SSDeep 48:gz+JH3yJUhJCVE9V8FsXhFlNU1V6kxqW:HJH3FC2V8uRFleq Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2017-03-21 05:28 (UTC+1)
Last Seen 2017-04-19 17:51 (UTC+2)
C:\Users\CIIHMN~1\AppData\Local\Temp\autF2F7.tmp Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 50.11 KB
MD5 eb5b9cf9564f4d506c3a59fbb5efdf10 Copy to Clipboard
SHA1 eca33a3e475db1e9f62b99503fa2e7bf8ffbbe8a Copy to Clipboard
SHA256 321c4580be28e5c71a40f0c9e3e005410fa6cdff335a53b16ef13470b3ea8278 Copy to Clipboard
SSDeep 768:qy/MVdhrNfHPgdTjXm2X0Bwn6yfCHBW+wQ0zS7JuwvYywBT+ugKPNlMwJM/KYVHK:2bbP6j22X0SnfChJw1q+B6ugS2KYI Copy to Clipboard
C:\Users\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\\Web Data1 Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 68.00 KB
MD5 844cec6a8e7c5513034fc125fc54b803 Copy to Clipboard
SHA1 f92eb4fb1df0ceb51b862443ae04f48bac51c9d3 Copy to Clipboard
SHA256 8aee391a40e74ff388cf53f5360e1d38793d4573b9f49e21e607ed3b6428b809 Copy to Clipboard
SSDeep 96:VtyNQIoYnMvqyWx7pnqH+w/fVIrECuKdPraBdUDBBVWqwmKT/WTPepeWbtxYMxCc:rlkMvuzzTP6btttlhS+3 Copy to Clipboard
C:\Users\CIiHmnxMn6Ps\AppData\Local\zgk6mujwue41\\google_chrome_default_cookie.txt Created File Text
Unknown
...
»
Mime Type text/plain
File Size 0.92 KB
MD5 83af5f4c5f75035b99d0ea54f283743d Copy to Clipboard
SHA1 ff284abdf4d494cb38b98bb29ab7c0eb01a576b2 Copy to Clipboard
SHA256 adb6d362bfa54dec0438fd4605f8cc999c4ef5a88d969091032371b3e1c61040 Copy to Clipboard
SSDeep 24:5hgb4FV2EnwDHAXLQQLQQPMw4ORRiv+8bAJpVGkz+b1:SWof2LQQLQQFtRRi8JTGQe Copy to Clipboard
C:\Users\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\\Cookies1 Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 13.00 KB
MD5 238396aae89ede96ac12f6ebe90f36e4 Copy to Clipboard
SHA1 38b7167e1add52c84f9c160694554b4d5891f9d9 Copy to Clipboard
SHA256 c23537b8da96bf92eb88380d6b311bc397ddf02328aefd2c64f08af132cf1882 Copy to Clipboard
SSDeep 96:WanSNDXhnQSMqD679/OJm0qZwO8WIjNgIbFrjunl:WRhXyb3fcBvZOl Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image