d60dc696...b455 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Dropper
Threat Names:
Trojan.Ransomware.GenericKDS.33676718
Trojan.RanSerKD.42996837
Mal/Generic-S

worker 5 -t.exe

Windows Exe (x86-64)

Created at 2020-04-18T01:53:00

...

Remarks (2/2)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "2 minutes" to "20 seconds" to reveal dormant functionality.

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
Filename Category Type Severity Actions
C:\Users\FD1HVy\Desktop\worker 5 -t.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 1.23 MB
MD5 823e4c4e47e8dabe32fc700409a78537 Copy to Clipboard
SHA1 f973a6495b33941be62a59ee17085051cfca4719 Copy to Clipboard
SHA256 d60dc6965f6d68a3e7c82d42e90bfda7ad3c5874d2c59a66df6212aef027b455 Copy to Clipboard
SSDeep 24576:W88lWqXTOlAiZLkk7g9WWYNranPdeDk7bE0KdYqTAK:WTl3XTOl6ag90cPdX/Ad9TA Copy to Clipboard
ImpHash 365b1d12b684a96b167a74679ec9e4e3 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
PE Information
»
Image Base 0x140000000
Entry Point 0x1402f16a0
Size Of Code 0x136000
Size Of Initialized Data 0x5000
Size Of Uninitialized Data 0x1bb000
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.amd64
Compile Timestamp 2014-10-29 00:52:10+00:00
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
UPX0 0x140001000 0x1bb000 0x0 0x200 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
UPX1 0x1401bc000 0x136000 0x135a00 0x200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.95
.rsrc 0x1402f2000 0x5000 0x4800 0x135c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.95
Imports (3)
»
advapi32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey 0x0 0x1402f66b8 0x2f66b8 0x13a2b8 0x0
KERNEL32.DLL (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadLibraryA 0x0 0x1402f66c8 0x2f66c8 0x13a2c8 0x0
ExitProcess 0x0 0x1402f66d0 0x2f66d0 0x13a2d0 0x0
GetProcAddress 0x0 0x1402f66d8 0x2f66d8 0x13a2d8 0x0
VirtualProtect 0x0 0x1402f66e0 0x2f66e0 0x13a2e0 0x0
user32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxA 0x0 0x1402f66f0 0x2f66f0 0x13a2f0 0x0
Memory Dumps (3)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
worker 5 -t.exe 1 0x140000000 0x1402F6FFF First Execution True 64-bit 0x1402F16A0 False False
...
worker 5 -t.exe 1 0x140000000 0x1402F6FFF Final Dump True 64-bit 0x1402E86E5 False False
...
worker 5 -t.exe 1 0x140000000 0x1402F6FFF Process Termination True 64-bit - False False
...
Local AV Matches (1)
»
Threat Name Severity
Trojan.Ransomware.GenericKDS.33676718
Malicious
C:\windows\utox.exe Dropped File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 2.90 MB
MD5 79665e97a47865f317dd9eda3ceaaed0 Copy to Clipboard
SHA1 c3d14050fac0ef7c69d1071b05277824fdbd662d Copy to Clipboard
SHA256 0a563967a7d48e702adaa6f21f22a80b7db6aae7b7149ede51b0fde583e37283 Copy to Clipboard
SSDeep 49152:0iDfMNI3G8kWkAniB1aDhSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSvSSSSSSSSSSF:0iDfMNIW8kh11aDhSSSSSSSSSSSSSSSZ Copy to Clipboard
ImpHash 9cd2e74d3fa189f6948d3ef4996e5be7 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4014c0
Size Of Code 0x261400
Size Of Initialized Data 0x2e6c00
Size Of Uninitialized Data 0x10d200
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2017-04-08 22:21:50+00:00
Sections (11)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x26139c 0x261400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.49
.data 0x663000 0x5bd8 0x5c00 0x261800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.42
.rdata 0x669000 0x5a5bc 0x5a600 0x267400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ 6.64
.rodata 0x6c4000 0xdd0 0xe00 0x2c1a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ 4.14
.bss 0x6c5000 0x10d200 0x0 0x0 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.edata 0x7d3000 0x138a 0x1400 0x2c2800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ 5.53
.idata 0x7d5000 0x2790 0x2800 0x2c3c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.33
.CRT 0x7d8000 0x40 0x200 0x2c6400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.45
.tls 0x7d9000 0x20 0x200 0x2c6600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.21
.rsrc 0x7da000 0xa860 0xaa00 0x2c6800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.86
.reloc 0x7e5000 0x15de8 0x15e00 0x2d1200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.82
Imports (14)
»
ADVAPI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey 0x0 0x7d56d8 0x3d512c 0x2c3d2c 0x238
RegDeleteValueW 0x0 0x7d56dc 0x3d5130 0x2c3d30 0x250
RegOpenKeyW 0x0 0x7d56e0 0x3d5134 0x2c3d34 0x26c
RegSetValueExW 0x0 0x7d56e4 0x3d5138 0x2c3d38 0x286
SystemFunction036 0x0 0x7d56e8 0x3d513c 0x2c3d3c 0x2fa
COMDLG32.DLL (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetOpenFileNameA 0x0 0x7d56f0 0x3d5144 0x2c3d44 0x9
GetSaveFileNameA 0x0 0x7d56f4 0x3d5148 0x2c3d48 0xb
DNSAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DnsQuery_A 0x0 0x7d56fc 0x3d5150 0x2c3d50 0x5e
GDI32.dll (24)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
BitBlt 0x0 0x7d5704 0x3d5158 0x2c3d58 0xc
CreateCompatibleBitmap 0x0 0x7d5708 0x3d515c 0x2c3d5c 0x21
CreateCompatibleDC 0x0 0x7d570c 0x3d5160 0x2c3d60 0x22
CreateDIBSection 0x0 0x7d5710 0x3d5164 0x2c3d64 0x27
CreateFontIndirectA 0x0 0x7d5714 0x3d5168 0x2c3d68 0x2f
CreateRectRgn 0x0 0x7d5718 0x3d516c 0x2c3d6c 0x40
DeleteDC 0x0 0x7d571c 0x3d5170 0x2c3d70 0x48
DeleteObject 0x0 0x7d5720 0x3d5174 0x2c3d74 0x4b
GetDIBits 0x0 0x7d5724 0x3d5178 0x2c3d78 0xa7
GetObjectA 0x0 0x7d5728 0x3d517c 0x2c3d7c 0xce
GetStockObject 0x0 0x7d572c 0x3d5180 0x2c3d80 0xde
GetTextExtentExPointW 0x0 0x7d5730 0x3d5184 0x2c3d84 0xe9
GetTextExtentPoint32W 0x0 0x7d5734 0x3d5188 0x2c3d88 0xeb
GetTextMetricsA 0x0 0x7d5738 0x3d518c 0x2c3d8c 0xf1
SelectClipRgn 0x0 0x7d573c 0x3d5190 0x2c3d90 0x12f
SelectObject 0x0 0x7d5740 0x3d5194 0x2c3d94 0x131
SetBkMode 0x0 0x7d5744 0x3d5198 0x2c3d98 0x138
SetDCBrushColor 0x0 0x7d5748 0x3d519c 0x2c3d9c 0x13d
SetDIBitsToDevice 0x0 0x7d574c 0x3d51a0 0x2c3da0 0x141
SetStretchBltMode 0x0 0x7d5750 0x3d51a4 0x2c3da4 0x158
SetTextColor 0x0 0x7d5754 0x3d51a8 0x2c3da8 0x15c
StretchBlt 0x0 0x7d5758 0x3d51ac 0x2c3dac 0x168
StretchDIBits 0x0 0x7d575c 0x3d51b0 0x2c3db0 0x169
TextOutW 0x0 0x7d5760 0x3d51b4 0x2c3db4 0x16e
IPHLPAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetAdaptersInfo 0x0 0x7d5768 0x3d51bc 0x2c3dbc 0x3f
KERNEL32.dll (90)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AddVectoredExceptionHandler 0x0 0x7d5770 0x3d51c4 0x2c3dc4 0xe
CloseHandle 0x0 0x7d5774 0x3d51c8 0x2c3dc8 0x53
CopyFileA 0x0 0x7d5778 0x3d51cc 0x2c3dcc 0x72
CreateDirectoryW 0x0 0x7d577c 0x3d51d0 0x2c3dd0 0x83
CreateEventA 0x0 0x7d5780 0x3d51d4 0x2c3dd4 0x84
CreateFileW 0x0 0x7d5784 0x3d51d8 0x2c3dd8 0x92
CreateMutexA 0x0 0x7d5788 0x3d51dc 0x2c3ddc 0x9e
CreateSemaphoreA 0x0 0x7d578c 0x3d51e0 0x2c3de0 0xad
CreateThread 0x0 0x7d5790 0x3d51e4 0x2c3de4 0xb7
DebugBreak 0x0 0x7d5794 0x3d51e8 0x2c3de8 0xca
DeleteCriticalSection 0x0 0x7d5798 0x3d51ec 0x2c3dec 0xd4
DeleteFileA 0x0 0x7d579c 0x3d51f0 0x2c3df0 0xd6
DuplicateHandle 0x0 0x7d57a0 0x3d51f4 0x2c3df4 0xeb
EnterCriticalSection 0x0 0x7d57a4 0x3d51f8 0x2c3df8 0xf0
ExitThread 0x0 0x7d57a8 0x3d51fc 0x2c3dfc 0x11c
FreeLibrary 0x0 0x7d57ac 0x3d5200 0x2c3e00 0x165
GetCommandLineA 0x0 0x7d57b0 0x3d5204 0x2c3e04 0x18b
GetCurrentDirectoryW 0x0 0x7d57b4 0x3d5208 0x2c3e08 0x1c4
GetCurrentProcess 0x0 0x7d57b8 0x3d520c 0x2c3e0c 0x1c5
GetCurrentProcessId 0x0 0x7d57bc 0x3d5210 0x2c3e10 0x1c6
GetCurrentThread 0x0 0x7d57c0 0x3d5214 0x2c3e14 0x1c9
GetCurrentThreadId 0x0 0x7d57c4 0x3d5218 0x2c3e18 0x1ca
GetExitCodeThread 0x0 0x7d57c8 0x3d521c 0x2c3e1c 0x1e4
GetHandleInformation 0x0 0x7d57cc 0x3d5220 0x2c3e20 0x201
GetLastError 0x0 0x7d57d0 0x3d5224 0x2c3e24 0x204
GetModuleFileNameA 0x0 0x7d57d4 0x3d5228 0x2c3e28 0x214
GetModuleFileNameW 0x0 0x7d57d8 0x3d522c 0x2c3e2c 0x215
GetModuleHandleA 0x0 0x7d57dc 0x3d5230 0x2c3e30 0x216
GetModuleHandleW 0x0 0x7d57e0 0x3d5234 0x2c3e34 0x219
GetProcAddress 0x0 0x7d57e4 0x3d5238 0x2c3e38 0x246
GetProcessAffinityMask 0x0 0x7d57e8 0x3d523c 0x2c3e3c 0x247
GetStartupInfoA 0x0 0x7d57ec 0x3d5240 0x2c3e40 0x265
GetSystemInfo 0x0 0x7d57f0 0x3d5244 0x2c3e44 0x276
GetSystemTimeAsFileTime 0x0 0x7d57f4 0x3d5248 0x2c3e48 0x27c
GetThreadContext 0x0 0x7d57f8 0x3d524c 0x2c3e4c 0x28a
GetThreadPriority 0x0 0x7d57fc 0x3d5250 0x2c3e50 0x292
GetTickCount 0x0 0x7d5800 0x3d5254 0x2c3e54 0x298
GetUserDefaultUILanguage 0x0 0x7d5804 0x3d5258 0x2c3e58 0x2a2
GlobalAlloc 0x0 0x7d5808 0x3d525c 0x2c3e5c 0x2b8
GlobalFree 0x0 0x7d580c 0x3d5260 0x2c3e60 0x2bf
GlobalLock 0x0 0x7d5810 0x3d5264 0x2c3e64 0x2c3
GlobalUnlock 0x0 0x7d5814 0x3d5268 0x2c3e68 0x2cb
InitializeCriticalSection 0x0 0x7d5818 0x3d526c 0x2c3e6c 0x2ec
IsDBCSLeadByteEx 0x0 0x7d581c 0x3d5270 0x2c3e70 0x308
IsDebuggerPresent 0x0 0x7d5820 0x3d5274 0x2c3e74 0x309
LeaveCriticalSection 0x0 0x7d5824 0x3d5278 0x2c3e78 0x327
LoadLibraryW 0x0 0x7d5828 0x3d527c 0x2c3e7c 0x32d
LockFileEx 0x0 0x7d582c 0x3d5280 0x2c3e80 0x341
MoveFileA 0x0 0x7d5830 0x3d5284 0x2c3e84 0x34d
MoveFileExA 0x0 0x7d5834 0x3d5288 0x2c3e88 0x34e
MultiByteToWideChar 0x0 0x7d5838 0x3d528c 0x2c3e8c 0x356
OpenProcess 0x0 0x7d583c 0x3d5290 0x2c3e90 0x371
OutputDebugStringA 0x0 0x7d5840 0x3d5294 0x2c3e94 0x378
QueryPerformanceCounter 0x0 0x7d5844 0x3d5298 0x2c3e98 0x397
QueryPerformanceFrequency 0x0 0x7d5848 0x3d529c 0x2c3e9c 0x398
RaiseException 0x0 0x7d584c 0x3d52a0 0x2c3ea0 0x3a2
ReleaseSemaphore 0x0 0x7d5850 0x3d52a4 0x2c3ea4 0x3c7
RemoveVectoredExceptionHandler 0x0 0x7d5854 0x3d52a8 0x2c3ea8 0x3d1
ResetEvent 0x0 0x7d5858 0x3d52ac 0x2c3eac 0x3d8
ResumeThread 0x0 0x7d585c 0x3d52b0 0x2c3eb0 0x3db
SetCurrentDirectoryA 0x0 0x7d5860 0x3d52b4 0x2c3eb4 0x415
SetCurrentDirectoryW 0x0 0x7d5864 0x3d52b8 0x2c3eb8 0x416
SetEvent 0x0 0x7d5868 0x3d52bc 0x2c3ebc 0x422
SetLastError 0x0 0x7d586c 0x3d52c0 0x2c3ec0 0x43b
SetProcessAffinityMask 0x0 0x7d5870 0x3d52c4 0x2c3ec4 0x446
SetThreadContext 0x0 0x7d5874 0x3d52c8 0x2c3ec8 0x45a
SetThreadPriority 0x0 0x7d5878 0x3d52cc 0x2c3ecc 0x462
SetUnhandledExceptionFilter 0x0 0x7d587c 0x3d52d0 0x2c3ed0 0x46c
Sleep 0x0 0x7d5880 0x3d52d4 0x2c3ed4 0x479
SuspendThread 0x0 0x7d5884 0x3d52d8 0x2c3ed8 0x481
SwitchToThread 0x0 0x7d5888 0x3d52dc 0x2c3edc 0x483
TerminateProcess 0x0 0x7d588c 0x3d52e0 0x2c3ee0 0x487
TlsAlloc 0x0 0x7d5890 0x3d52e4 0x2c3ee4 0x48c
TlsFree 0x0 0x7d5894 0x3d52e8 0x2c3ee8 0x48d
TlsGetValue 0x0 0x7d5898 0x3d52ec 0x2c3eec 0x48e
TlsSetValue 0x0 0x7d589c 0x3d52f0 0x2c3ef0 0x48f
TryEnterCriticalSection 0x0 0x7d58a0 0x3d52f4 0x2c3ef4 0x496
UnhandledExceptionFilter 0x0 0x7d58a4 0x3d52f8 0x2c3ef8 0x49b
UnlockFileEx 0x0 0x7d58a8 0x3d52fc 0x2c3efc 0x49d
VirtualAlloc 0x0 0x7d58ac 0x3d5300 0x2c3f00 0x4b2
VirtualFree 0x0 0x7d58b0 0x3d5304 0x2c3f04 0x4b7
VirtualLock 0x0 0x7d58b4 0x3d5308 0x2c3f08 0x4ba
VirtualProtect 0x0 0x7d58b8 0x3d530c 0x2c3f0c 0x4bb
VirtualQuery 0x0 0x7d58bc 0x3d5310 0x2c3f10 0x4be
VirtualUnlock 0x0 0x7d58c0 0x3d5314 0x2c3f14 0x4c1
WaitForMultipleObjects 0x0 0x7d58c4 0x3d5318 0x2c3f18 0x4c5
WaitForSingleObject 0x0 0x7d58c8 0x3d531c 0x2c3f1c 0x4c7
WaitForSingleObjectEx 0x0 0x7d58cc 0x3d5320 0x2c3f20 0x4c8
WideCharToMultiByte 0x0 0x7d58d0 0x3d5324 0x2c3f24 0x4df
lstrlenW 0x0 0x7d58d4 0x3d5328 0x2c3f28 0x51e
MSIMG32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AlphaBlend 0x0 0x7d58dc 0x3d5330 0x2c3f30 0x0
msvcrt.dll (115)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__argv 0x0 0x7d58e4 0x3d5338 0x2c3f38 0x2e
__dllonexit 0x0 0x7d58e8 0x3d533c 0x2c3f3c 0x37
__doserrno 0x0 0x7d58ec 0x3d5340 0x2c3f40 0x38
__getmainargs 0x0 0x7d58f0 0x3d5344 0x2c3f44 0x3a
__initenv 0x0 0x7d58f4 0x3d5348 0x2c3f48 0x3b
__lconv_init 0x0 0x7d58f8 0x3d534c 0x2c3f4c 0x44
__mb_cur_max 0x0 0x7d58fc 0x3d5350 0x2c3f50 0x45
__pioinfo 0x0 0x7d5900 0x3d5354 0x2c3f54 0x64
__set_app_type 0x0 0x7d5904 0x3d5358 0x2c3f58 0x68
__setusermatherr 0x0 0x7d5908 0x3d535c 0x2c3f5c 0x6b
_acmdln 0x0 0x7d590c 0x3d5360 0x2c3f60 0x79
_aligned_free 0x0 0x7d5910 0x3d5364 0x2c3f64 0x89
_aligned_malloc 0x0 0x7d5914 0x3d5368 0x2c3f68 0x8a
_amsg_exit 0x0 0x7d5918 0x3d536c 0x2c3f6c 0x8e
_beginthread 0x0 0x7d591c 0x3d5370 0x2c3f70 0x9a
_beginthreadex 0x0 0x7d5920 0x3d5374 0x2c3f74 0x9b
_cexit 0x0 0x7d5924 0x3d5378 0x2c3f78 0x9f
_commit 0x0 0x7d5928 0x3d537c 0x2c3f7c 0xaa
_endthreadex 0x0 0x7d592c 0x3d5380 0x2c3f80 0xcc
_errno 0x0 0x7d5930 0x3d5384 0x2c3f84 0xcf
_exit 0x0 0x7d5934 0x3d5388 0x2c3f88 0xda
_fdopen 0x0 0x7d5938 0x3d538c 0x2c3f8c 0xdf
_filelengthi64 0x0 0x7d593c 0x3d5390 0x2c3f90 0xe7
_fileno 0x0 0x7d5940 0x3d5394 0x2c3f94 0xe8
_fmode 0x0 0x7d5944 0x3d5398 0x2c3f98 0xf2
_fpreset 0x0 0x7d5948 0x3d539c 0x2c3f9c 0xf5
_initterm 0x0 0x7d594c 0x3d53a0 0x2c3fa0 0x12f
_iob 0x0 0x7d5950 0x3d53a4 0x2c3fa4 0x133
_lock 0x0 0x7d5954 0x3d53a8 0x2c3fa8 0x194
_lseeki64 0x0 0x7d5958 0x3d53ac 0x2c3fac 0x19c
_onexit 0x0 0x7d595c 0x3d53b0 0x2c3fb0 0x231
_open_osfhandle 0x0 0x7d5960 0x3d53b4 0x2c3fb4 0x233
_setjmp3 0x0 0x7d5964 0x3d53b8 0x2c3fb8 0x265
_snwprintf 0x0 0x7d5968 0x3d53bc 0x2c3fbc 0x275
_strdup 0x0 0x7d596c 0x3d53c0 0x2c3fc0 0x294
_stricmp 0x0 0x7d5970 0x3d53c4 0x2c3fc4 0x297
_strnicmp 0x0 0x7d5974 0x3d53c8 0x2c3fc8 0x2a1
time 0x0 0x7d5978 0x3d53cc 0x2c3fcc 0x2bc
localtime 0x0 0x7d597c 0x3d53d0 0x2c3fd0 0x2be
clock 0x0 0x7d5980 0x3d53d4 0x2c3fd4 0x32c
exit 0x0 0x7d5984 0x3d53d8 0x2c3fd8 0x332
fclose 0x0 0x7d5988 0x3d53dc 0x2c3fdc 0x335
feof 0x0 0x7d598c 0x3d53e0 0x2c3fe0 0x336
ferror 0x0 0x7d5990 0x3d53e4 0x2c3fe4 0x337
fflush 0x0 0x7d5994 0x3d53e8 0x2c3fe8 0x338
fgetc 0x0 0x7d5998 0x3d53ec 0x2c3fec 0x339
fgetpos 0x0 0x7d599c 0x3d53f0 0x2c3ff0 0x33a
fopen 0x0 0x7d59a0 0x3d53f4 0x2c3ff4 0x340
fprintf 0x0 0x7d59a4 0x3d53f8 0x2c3ff8 0x342
fputc 0x0 0x7d59a8 0x3d53fc 0x2c3ffc 0x344
fread 0x0 0x7d59ac 0x3d5400 0x2c4000 0x348
free 0x0 0x7d59b0 0x3d5404 0x2c4004 0x349
frexp 0x0 0x7d59b4 0x3d5408 0x2c4008 0x34c
fseek 0x0 0x7d59b8 0x3d540c 0x2c400c 0x34f
fsetpos 0x0 0x7d59bc 0x3d5410 0x2c4010 0x350
ftell 0x0 0x7d59c0 0x3d5414 0x2c4014 0x351
fwprintf 0x0 0x7d59c4 0x3d5418 0x2c4018 0x352
fwrite 0x0 0x7d59c8 0x3d541c 0x2c401c 0x354
getenv 0x0 0x7d59cc 0x3d5420 0x2c4020 0x359
isalnum 0x0 0x7d59d0 0x3d5424 0x2c4024 0x360
isspace 0x0 0x7d59d4 0x3d5428 0x2c4028 0x369
localeconv 0x0 0x7d59d8 0x3d542c 0x2c402c 0x37c
log10 0x0 0x7d59dc 0x3d5430 0x2c4030 0x37f
malloc 0x0 0x7d59e0 0x3d5434 0x2c4034 0x380
mbstowcs 0x0 0x7d59e4 0x3d5438 0x2c4038 0x383
memchr 0x0 0x7d59e8 0x3d543c 0x2c403c 0x386
memcmp 0x0 0x7d59ec 0x3d5440 0x2c4040 0x387
memcpy 0x0 0x7d59f0 0x3d5444 0x2c4044 0x388
memmove 0x0 0x7d59f4 0x3d5448 0x2c4048 0x389
memset 0x0 0x7d59f8 0x3d544c 0x2c404c 0x38a
printf 0x0 0x7d59fc 0x3d5450 0x2c4050 0x38f
puts 0x0 0x7d5a00 0x3d5454 0x2c4054 0x393
qsort 0x0 0x7d5a04 0x3d5458 0x2c4058 0x396
raise 0x0 0x7d5a08 0x3d545c 0x2c405c 0x398
rand 0x0 0x7d5a0c 0x3d5460 0x2c4060 0x399
realloc 0x0 0x7d5a10 0x3d5464 0x2c4064 0x39a
remove 0x0 0x7d5a14 0x3d5468 0x2c4068 0x39b
setlocale 0x0 0x7d5a18 0x3d546c 0x2c406c 0x3a1
signal 0x0 0x7d5a1c 0x3d5470 0x2c4070 0x3a3
sinh 0x0 0x7d5a20 0x3d5474 0x2c4074 0x3a5
sprintf 0x0 0x7d5a24 0x3d5478 0x2c4078 0x3a6
srand 0x0 0x7d5a28 0x3d547c 0x2c407c 0x3a8
sscanf 0x0 0x7d5a2c 0x3d5480 0x2c4080 0x3a9
strchr 0x0 0x7d5a30 0x3d5484 0x2c4084 0x3ad
strcmp 0x0 0x7d5a34 0x3d5488 0x2c4088 0x3ae
strcpy 0x0 0x7d5a38 0x3d548c 0x2c408c 0x3b0
strerror 0x0 0x7d5a3c 0x3d5490 0x2c4090 0x3b3
strftime 0x0 0x7d5a40 0x3d5494 0x2c4094 0x3b4
strlen 0x0 0x7d5a44 0x3d5498 0x2c4098 0x3b5
strncmp 0x0 0x7d5a48 0x3d549c 0x2c409c 0x3b8
strncpy 0x0 0x7d5a4c 0x3d54a0 0x2c40a0 0x3b9
strpbrk 0x0 0x7d5a50 0x3d54a4 0x2c40a4 0x3bb
strrchr 0x0 0x7d5a54 0x3d54a8 0x2c40a8 0x3bc
strstr 0x0 0x7d5a58 0x3d54ac 0x2c40ac 0x3be
strtol 0x0 0x7d5a5c 0x3d54b0 0x2c40b0 0x3c2
strtoul 0x0 0x7d5a60 0x3d54b4 0x2c40b4 0x3c3
_ultoa 0x0 0x7d5a64 0x3d54b8 0x2c40b8 0x3df
_unlock 0x0 0x7d5a68 0x3d54bc 0x2c40bc 0x3e5
_vsnwprintf 0x0 0x7d5a6c 0x3d54c0 0x2c40c0 0x3e7
_wfopen 0x0 0x7d5a70 0x3d54c4 0x2c40c4 0x406
_wgetenv 0x0 0x7d5a74 0x3d54c8 0x2c40c8 0x40c
_write 0x0 0x7d5a78 0x3d54cc 0x2c40cc 0x41a
abort 0x0 0x7d5a7c 0x3d54d0 0x2c40d0 0x436
atoi 0x0 0x7d5a80 0x3d54d4 0x2c40d4 0x43f
tolower 0x0 0x7d5a84 0x3d54d8 0x2c40d8 0x44c
vfprintf 0x0 0x7d5a88 0x3d54dc 0x2c40dc 0x452
wcscmp 0x0 0x7d5a8c 0x3d54e0 0x2c40e0 0x460
wcscpy 0x0 0x7d5a90 0x3d54e4 0x2c40e4 0x462
wcslen 0x0 0x7d5a94 0x3d54e8 0x2c40e8 0x466
calloc 0x0 0x7d5a98 0x3d54ec 0x2c40ec 0x48e
clearerr 0x0 0x7d5a9c 0x3d54f0 0x2c40f0 0x490
_vsnprintf 0x0 0x7d5aa0 0x3d54f4 0x2c40f4 0x497
longjmp 0x0 0x7d5aa4 0x3d54f8 0x2c40f8 0x49e
_strdup 0x0 0x7d5aa8 0x3d54fc 0x2c40fc 0x4c9
_close 0x0 0x7d5aac 0x3d5500 0x2c4100 0x507
ole32.dll (10)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoCreateInstance 0x0 0x7d5ab4 0x3d5508 0x2c4108 0x10
CoInitialize 0x0 0x7d5ab8 0x3d550c 0x2c410c 0x40
CoLockObjectExternal 0x0 0x7d5abc 0x3d5510 0x2c4110 0x49
CoTaskMemFree 0x0 0x7d5ac0 0x3d5514 0x2c4114 0x6a
CoUninitialize 0x0 0x7d5ac4 0x3d5518 0x2c4118 0x6e
OleInitialize 0x0 0x7d5ac8 0x3d551c 0x2c411c 0xf8
PropVariantClear 0x0 0x7d5acc 0x3d5520 0x2c4120 0x116
RegisterDragDrop 0x0 0x7d5ad0 0x3d5524 0x2c4124 0x11d
ReleaseStgMedium 0x0 0x7d5ad4 0x3d5528 0x2c4128 0x11e
StringFromCLSID 0x0 0x7d5ad8 0x3d552c 0x2c412c 0x13e
OLEAUT32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VariantClear 0x0 0x7d5ae0 0x3d5534 0x2c4134 0x19c
VariantInit 0x0 0x7d5ae4 0x3d5538 0x2c4138 0x19f
SHELL32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DragQueryFileA 0x0 0x7d5aec 0x3d5540 0x2c4140 0x1d
SHCreateDirectoryExA 0x0 0x7d5af0 0x3d5544 0x2c4144 0x8f
SHGetFolderPathA 0x0 0x7d5af4 0x3d5548 0x2c4148 0xc2
SHGetSpecialFolderPathW 0x0 0x7d5af8 0x3d554c 0x2c414c 0xe4
ShellExecuteA 0x0 0x7d5afc 0x3d5550 0x2c4150 0x12e
Shell_NotifyIconA 0x0 0x7d5b00 0x3d5554 0x2c4154 0x13c
Shell_NotifyIconW 0x0 0x7d5b04 0x3d5558 0x2c4158 0x13e
USER32.dll (52)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AdjustWindowRect 0x0 0x7d5b0c 0x3d5560 0x2c4160 0x2
BeginPaint 0x0 0x7d5b10 0x3d5564 0x2c4164 0xe
ClientToScreen 0x0 0x7d5b14 0x3d5568 0x2c4168 0x4b
CloseClipboard 0x0 0x7d5b18 0x3d556c 0x2c416c 0x4d
CreatePopupMenu 0x0 0x7d5b1c 0x3d5570 0x2c4170 0x70
CreateWindowExW 0x0 0x7d5b20 0x3d5574 0x2c4174 0x73
DefWindowProcW 0x0 0x7d5b24 0x3d5578 0x2c4178 0xa3
DestroyMenu 0x0 0x7d5b28 0x3d557c 0x2c417c 0xad
DestroyWindow 0x0 0x7d5b2c 0x3d5580 0x2c4180 0xaf
DispatchMessageA 0x0 0x7d5b30 0x3d5584 0x2c4184 0xb7
DrawTextW 0x0 0x7d5b34 0x3d5588 0x2c4188 0xd9
EmptyClipboard 0x0 0x7d5b38 0x3d558c 0x2c418c 0xe2
EndPaint 0x0 0x7d5b3c 0x3d5590 0x2c4190 0xec
FillRect 0x0 0x7d5b40 0x3d5594 0x2c4194 0x108
FindWindowA 0x0 0x7d5b44 0x3d5598 0x2c4198 0x109
FlashWindow 0x0 0x7d5b48 0x3d559c 0x2c419c 0x10d
FrameRect 0x0 0x7d5b4c 0x3d55a0 0x2c41a0 0x10f
GetAsyncKeyState 0x0 0x7d5b50 0x3d55a4 0x2c41a4 0x119
GetClientRect 0x0 0x7d5b54 0x3d55a8 0x2c41a8 0x128
GetClipboardData 0x0 0x7d5b58 0x3d55ac 0x2c41ac 0x12b
GetCursorPos 0x0 0x7d5b5c 0x3d55b0 0x2c41b0 0x136
GetDC 0x0 0x7d5b60 0x3d55b4 0x2c41b4 0x137
GetDesktopWindow 0x0 0x7d5b64 0x3d55b8 0x2c41b8 0x13a
GetForegroundWindow 0x0 0x7d5b68 0x3d55bc 0x2c41bc 0x146
GetKeyState 0x0 0x7d5b6c 0x3d55c0 0x2c41c0 0x156
GetMessageA 0x0 0x7d5b70 0x3d55c4 0x2c41c4 0x172
GetSystemMetrics 0x0 0x7d5b74 0x3d55c8 0x2c41c8 0x1ad
GetWindowRect 0x0 0x7d5b78 0x3d55cc 0x2c41cc 0x1ce
InsertMenuA 0x0 0x7d5b7c 0x3d55d0 0x2c41d0 0x1ec
LoadCursorA 0x0 0x7d5b80 0x3d55d4 0x2c41d4 0x224
LoadIconA 0x0 0x7d5b84 0x3d55d8 0x2c41d8 0x228
MessageBoxA 0x0 0x7d5b88 0x3d55dc 0x2c41dc 0x24c
MessageBoxW 0x0 0x7d5b8c 0x3d55e0 0x2c41e0 0x253
OpenClipboard 0x0 0x7d5b90 0x3d55e4 0x2c41e4 0x264
PeekMessageA 0x0 0x7d5b94 0x3d55e8 0x2c41e8 0x271
PostMessageA 0x0 0x7d5b98 0x3d55ec 0x2c41ec 0x275
PostQuitMessage 0x0 0x7d5b9c 0x3d55f0 0x2c41f0 0x277
PostThreadMessageA 0x0 0x7d5ba0 0x3d55f4 0x2c41f4 0x278
RegisterClassW 0x0 0x7d5ba4 0x3d55f8 0x2c41f8 0x293
ReleaseCapture 0x0 0x7d5ba8 0x3d55fc 0x2c41fc 0x2ad
ReleaseDC 0x0 0x7d5bac 0x3d5600 0x2c4200 0x2ae
SendMessageA 0x0 0x7d5bb0 0x3d5604 0x2c4204 0x2c0
SetCapture 0x0 0x7d5bb4 0x3d5608 0x2c4208 0x2c9
SetClipboardData 0x0 0x7d5bb8 0x3d560c 0x2c420c 0x2cf
SetCursor 0x0 0x7d5bbc 0x3d5610 0x2c4210 0x2d3
SetForegroundWindow 0x0 0x7d5bc0 0x3d5614 0x2c4214 0x2df
SetLayeredWindowAttributes 0x0 0x7d5bc4 0x3d5618 0x2c4218 0x2e5
SetWindowPos 0x0 0x7d5bc8 0x3d561c 0x2c421c 0x31b
ShowWindow 0x0 0x7d5bcc 0x3d5620 0x2c4220 0x334
TrackMouseEvent 0x0 0x7d5bd0 0x3d5624 0x2c4224 0x34c
TrackPopupMenu 0x0 0x7d5bd4 0x3d5628 0x2c4228 0x34d
TranslateMessage 0x0 0x7d5bd8 0x3d562c 0x2c422c 0x353
WINMM.DLL (17)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
waveInAddBuffer 0x0 0x7d5be0 0x3d5634 0x2c4234 0x97
waveInClose 0x0 0x7d5be4 0x3d5638 0x2c4238 0x98
waveInGetDevCapsW 0x0 0x7d5be8 0x3d563c 0x2c423c 0x9a
waveInGetNumDevs 0x0 0x7d5bec 0x3d5640 0x2c4240 0x9e
waveInOpen 0x0 0x7d5bf0 0x3d5644 0x2c4244 0xa1
waveInPrepareHeader 0x0 0x7d5bf4 0x3d5648 0x2c4248 0xa2
waveInReset 0x0 0x7d5bf8 0x3d564c 0x2c424c 0xa3
waveInStart 0x0 0x7d5bfc 0x3d5650 0x2c4250 0xa4
waveInStop 0x0 0x7d5c00 0x3d5654 0x2c4254 0xa5
waveInUnprepareHeader 0x0 0x7d5c04 0x3d5658 0x2c4258 0xa6
waveOutClose 0x0 0x7d5c08 0x3d565c 0x2c425c 0xa8
waveOutGetDevCapsW 0x0 0x7d5c0c 0x3d5660 0x2c4260 0xaa
waveOutGetNumDevs 0x0 0x7d5c10 0x3d5664 0x2c4264 0xae
waveOutOpen 0x0 0x7d5c14 0x3d5668 0x2c4268 0xb4
waveOutPrepareHeader 0x0 0x7d5c18 0x3d566c 0x2c426c 0xb6
waveOutUnprepareHeader 0x0 0x7d5c1c 0x3d5670 0x2c4270 0xbc
waveOutWrite 0x0 0x7d5c20 0x3d5674 0x2c4274 0xbd
WS2_32.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WSAAddressToStringA 0x0 0x7d5c28 0x3d567c 0x2c427c 0xe
WSAStartup 0x0 0x7d5c2c 0x3d5680 0x2c4280 0x54
WSAStringToAddressA 0x0 0x7d5c30 0x3d5684 0x2c4284 0x55
accept 0x0 0x7d5c34 0x3d5688 0x2c4288 0x84
bind 0x0 0x7d5c38 0x3d568c 0x2c428c 0x85
closesocket 0x0 0x7d5c3c 0x3d5690 0x2c4290 0x86
connect 0x0 0x7d5c40 0x3d5694 0x2c4294 0x87
freeaddrinfo 0x0 0x7d5c44 0x3d5698 0x2c4298 0x88
getaddrinfo 0x0 0x7d5c48 0x3d569c 0x2c429c 0x89
getsockopt 0x0 0x7d5c4c 0x3d56a0 0x2c42a0 0x94
htonl 0x0 0x7d5c50 0x3d56a4 0x2c42a4 0x95
htons 0x0 0x7d5c54 0x3d56a8 0x2c42a8 0x96
ioctlsocket 0x0 0x7d5c58 0x3d56ac 0x2c42ac 0x9b
listen 0x0 0x7d5c5c 0x3d56b0 0x2c42b0 0x9c
ntohl 0x0 0x7d5c60 0x3d56b4 0x2c42b4 0x9d
ntohs 0x0 0x7d5c64 0x3d56b8 0x2c42b8 0x9e
recv 0x0 0x7d5c68 0x3d56bc 0x2c42bc 0x9f
recvfrom 0x0 0x7d5c6c 0x3d56c0 0x2c42c0 0xa0
send 0x0 0x7d5c70 0x3d56c4 0x2c42c4 0xa2
sendto 0x0 0x7d5c74 0x3d56c8 0x2c42c8 0xa3
setsockopt 0x0 0x7d5c78 0x3d56cc 0x2c42cc 0xa4
socket 0x0 0x7d5c7c 0x3d56d0 0x2c42d0 0xa6
Exports (187)
»
Api name EAT Address Ordinal
alAuxiliaryEffectSlotf 0x1e3650 0x1
alAuxiliaryEffectSlotfv 0x1e3720 0x2
alAuxiliaryEffectSloti 0x1e3ed0 0x3
alAuxiliaryEffectSlotiv 0x1e4010 0x4
alBuffer3f 0x1a9b60 0x5
alBuffer3i 0x1a9d80 0x6
alBufferData 0x1aabf0 0x7
alBufferSamplesSOFT 0x1ab7c0 0x8
alBufferSubDataSOFT 0x1ab9c0 0x9
alBufferSubSamplesSOFT 0x1a94f0 0xa
alBufferf 0x1a9ae0 0xb
alBufferfv 0x1a9be0 0xc
alBufferi 0x1a9c80 0xd
alBufferiv 0x1a9e00 0xe
alDeferUpdatesSOFT 0x1ed180 0xf
alDeleteAuxiliaryEffectSlots 0x1e30d0 0x10
alDeleteBuffers 0x1a91f0 0x11
alDeleteEffects 0x1e4230 0x12
alDeleteFilters 0x1e5bb0 0x13
alDeleteFontsoundsSOFT 0x1e6f10 0x14
alDeletePresetsSOFT 0x1ea630 0x15
alDeleteSoundfontsSOFT 0x1ebaf0 0x16
alDeleteSources 0x1ad7a0 0x17
alDisable 0x1ebfc0 0x18
alDistanceModel 0x1ed0f0 0x19
alDopplerFactor 0x1ecf70 0x1a
alDopplerVelocity 0x1ecff0 0x1b
alEffectf 0x1e4a20 0x1c
alEffectfv 0x1e4ab0 0x1d
alEffecti 0x1e4510 0x1e
alEffectiv 0x1e4970 0x1f
alEnable 0x1ebf50 0x20
alFilterf 0x1e61b0 0x21
alFilterfv 0x1e6240 0x22
alFilteri 0x1e5ef0 0x23
alFilteriv 0x1e6100 0x24
alFontsound2iSOFT 0x1e7510 0x25
alFontsoundModulatoriSOFT 0x1e7be0 0x26
alFontsoundiSOFT 0x1e89d0 0x27
alFontsoundivSOFT 0x1e8a80 0x28
alGenAuxiliaryEffectSlots 0x1e32c0 0x29
alGenBuffers 0x1a9340 0x2a
alGenEffects 0x1e4350 0x2b
alGenFilters 0x1e5cd0 0x2c
alGenFontsoundsSOFT 0x1e7100 0x2d
alGenPresetsSOFT 0x1ea7c0 0x2e
alGenSoundfontsSOFT 0x1ebcc0 0x2f
alGenSources 0x1ad980 0x30
alGetAuxiliaryEffectSlotf 0x1e39b0 0x31
alGetAuxiliaryEffectSlotfv 0x1e3a50 0x32
alGetAuxiliaryEffectSloti 0x1e3810 0x33
alGetAuxiliaryEffectSlotiv 0x1e38b0 0x34
alGetBoolean 0x1ec090 0x35
alGetBooleanv 0x1ec6a0 0x36
alGetBuffer3f 0x1aa090 0x37
alGetBuffer3i 0x1aa540 0x38
alGetBufferSamplesSOFT 0x1a97c0 0x39
alGetBufferf 0x1a9f80 0x3a
alGetBufferfv 0x1aa150 0x3b
alGetBufferi 0x1aa280 0x3c
alGetBufferiv 0x1aa600 0x3d
alGetDouble 0x1ec140 0x3e
alGetDoublev 0x1ec800 0x3f
alGetEffectf 0x1e4cc0 0x40
alGetEffectfv 0x1e4d50 0x41
alGetEffecti 0x1e4b40 0x42
alGetEffectiv 0x1e4bf0 0x43
alGetEnumValue 0x1e5300 0x44
alGetError 0x1ac0b0 0x45
alGetFilterf 0x1e6450 0x46
alGetFilterfv 0x1e64e0 0x47
alGetFilteri 0x1e62d0 0x48
alGetFilteriv 0x1e6380 0x49
alGetFloat 0x1ec270 0x4a
alGetFloatv 0x1ec9c0 0x4b
alGetFontsoundModulatorivSOFT 0x1e7e60 0x4c
alGetFontsoundivSOFT 0x1e7640 0x4d
alGetInteger 0x1ec3a0 0x4e
alGetInteger64SOFT 0x1ec4a0 0x4f
alGetInteger64vSOFT 0x1ecd60 0x50
alGetIntegerv 0x1ecb90 0x51
alGetListener3f 0x1e98e0 0x52
alGetListener3i 0x1e9c00 0x53
alGetListenerf 0x1e9820 0x54
alGetListenerfv 0x1e9a00 0x55
alGetListeneri 0x1e9b90 0x56
alGetListeneriv 0x1e9d80 0x57
alGetPresetivSOFT 0x1eabc0 0x58
alGetProcAddress 0x1e52d0 0x59
alGetSoundfontivSOFT 0x1eb790 0x5a
alGetSource3dSOFT 0x1ae3c0 0x5b
alGetSource3f 0x1adf50 0x5c
alGetSource3i 0x1aef10 0x5d
alGetSource3i64SOFT 0x1af360 0x5e
alGetSourcedSOFT 0x1ae230 0x5f
alGetSourcedvSOFT 0x1ae4b0 0x60
alGetSourcef 0x1addd0 0x61
alGetSourcefv 0x1ae040 0x62
alGetSourcei 0x1aed70 0x63
alGetSourcei64SOFT 0x1af1c0 0x64
alGetSourcei64vSOFT 0x1af460 0x65
alGetSourceiv 0x1af000 0x66
alGetString 0x1ece70 0x67
alIsAuxiliaryEffectSlot 0x1e3610 0x68
alIsBuffer 0x1a9490 0x69
alIsBufferFormatSupportedSOFT 0x1a9a90 0x6a
alIsEffect 0x1e44b0 0x6b
alIsEnabled 0x1ec030 0x6c
alIsExtensionPresent 0x1e51e0 0x6d
alIsFilter 0x1e5e90 0x6e
alIsFontsoundSOFT 0x1e74c0 0x6f
alIsPresetSOFT 0x1ea980 0x70
alIsSoundfontSOFT 0x1eb1c0 0x71
alIsSource 0x1add90 0x72
alListener3f 0x1e9040 0x73
alListener3i 0x1e93a0 0x74
alListenerf 0x1e8f60 0x75
alListenerfv 0x1e91b0 0x76
alListeneri 0x1e9360 0x77
alListeneriv 0x1e9580 0x78
alLoadSoundfontSOFT 0x1eb430 0x79
alMidiEventSOFT 0x1ea1c0 0x7a
alMidiGainSOFT 0x1ea560 0x7b
alMidiPauseSOFT 0x1ea430 0x7c
alMidiPlaySOFT 0x1ea3e0 0x7d
alMidiResetSOFT 0x1ea4f0 0x7e
alMidiSoundfontSOFT 0x1ea040 0x7f
alMidiSoundfontvSOFT 0x1ea0e0 0x80
alMidiStopSOFT 0x1ea480 0x81
alMidiSysExSOFT 0x1ea2f0 0x82
alPresetFontsoundsSOFT 0x1ead00 0x83
alPresetiSOFT 0x1ea9d0 0x84
alPresetivSOFT 0x1eaaf0 0x85
alProcessUpdatesSOFT 0x1ed1b0 0x86
alSoundfontPresetsSOFT 0x1eb220 0x87
alSource3dSOFT 0x1b2110 0x88
alSource3f 0x1b1f10 0x89
alSource3i 0x1b1d20 0x8a
alSource3i64SOFT 0x1b2860 0x8b
alSourcePause 0x1afb10 0x8c
alSourcePausev 0x1afbf0 0x8d
alSourcePlay 0x1b3320 0x8e
alSourcePlayv 0x1b3110 0x8f
alSourceQueueBuffers 0x1b0220 0x90
alSourceRewind 0x1affa0 0x91
alSourceRewindv 0x1b00a0 0x92
alSourceStop 0x1afd60 0x93
alSourceStopv 0x1afe40 0x94
alSourceUnqueueBuffers 0x1b05c0 0x95
alSourcedSOFT 0x1b1fb0 0x96
alSourcedvSOFT 0x1b21d0 0x97
alSourcef 0x1b1dd0 0x98
alSourcefv 0x1b3df0 0x99
alSourcei 0x1b1bc0 0x9a
alSourcei64SOFT 0x1b26f0 0x9b
alSourcei64vSOFT 0x1b2950 0x9c
alSourceiv 0x1b3490 0x9d
alSpeedOfSound 0x1ed070 0x9e
alcCaptureCloseDevice 0x1c4060 0x9f
alcCaptureOpenDevice 0x1bfa60 0xa0
alcCaptureSamples 0x1c44d0 0xa1
alcCaptureSamplesLoopback 0x1c5c00 0xa2
alcCaptureStart 0x1c4190 0xa3
alcCaptureStop 0x1c4350 0xa4
alcCloseDevice 0x1c5480 0xa5
alcCreateContext 0x1c29a0 0xa6
alcDestroyContext 0x1c59d0 0xa7
alcDevicePauseSOFT 0x1c4a30 0xa8
alcDeviceResumeSOFT 0x1c4bb0 0xa9
alcGetContextsDevice 0x1c58e0 0xaa
alcGetCurrentContext 0x1bf280 0xab
alcGetEnumValue 0x1c2850 0xac
alcGetError 0x1c14f0 0xad
alcGetInteger64vSOFT 0x1c2000 0xae
alcGetIntegerv 0x1c1e70 0xaf
alcGetProcAddress 0x1c2700 0xb0
alcGetString 0x1c15c0 0xb1
alcGetThreadContext 0x1be1f0 0xb2
alcIsExtensionPresent 0x1c24d0 0xb3
alcIsRenderFormatSupportedSOFT 0x1c46b0 0xb4
alcLoopbackOpenDeviceSOFT 0x1bfd40 0xb5
alcMakeContextCurrent 0x1c5640 0xb6
alcOpenDevice 0x1bf340 0xb7
alcProcessContext 0x1c5260 0xb8
alcRenderSamplesSOFT 0x1c4890 0xb9
alcSetThreadContext 0x1c57a0 0xba
alcSuspendContext 0x1c5150 0xbb
Icons (2)
»
Local AV Matches (1)
»
Threat Name Severity
Trojan.RanSerKD.42996837
Malicious
C:\Users\FD1HVy\Desktop\worker 5 -t.exe Modified File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 1.23 MB
MD5 2116368f8365ad9e8f217e7708f6ae7f Copy to Clipboard
SHA1 3f763601d1080bc27ba69a8a56b9a4ec84108e43 Copy to Clipboard
SHA256 f90930753fbadb07a4d30122e196147df7df15ea475af82b52d0592f40b118cb Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
Memory Dumps (3)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
worker 5 -t.exe 1 0x140000000 0x1402F6FFF First Execution True 64-bit 0x1402F16A0 False False
...
worker 5 -t.exe 1 0x140000000 0x1402F6FFF Final Dump True 64-bit 0x1402E86E5 False False
...
worker 5 -t.exe 1 0x140000000 0x1402F6FFF Process Termination True 64-bit - False False
...
\\?\C:\588bce7c90097ed212\1028\LocalizedData.xml YTYUQOSV5.waiting Dropped File Text
Whitelisted
...
»
Also Known As \\?\C:\588bce7c90097ed212\1028\LocalizedData.xml (Dropped File)
Mime Type text/xml
File Size 59.39 KB
MD5 967a6d769d849c5ed66d6f46b0b9c5a4 Copy to Clipboard
SHA1 c0ff5f094928b2fa8b61e97639c42782e95cc74f Copy to Clipboard
SHA256 0bc010947bff6ec1ce9899623ccfdffd702eee6d2976f28d9e06cc98a79cf542 Copy to Clipboard
SSDeep 384:4wCGbCWB6rFk+2jP8lxtrzh1hsPN7ODPnPgQy50sJCXnofDPiv:tbCWYFrewYTJCf Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
C:\WINDOWS\pghdn.txt Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 18 Bytes
MD5 336db8f33233e23ff1adf1a4aca7b51f Copy to Clipboard
SHA1 174d03d1ff8b2d41a90654b31f1bd66a5683e6f3 Copy to Clipboard
SHA256 7f88c5ad2c437eecffd4e4b8013dc2ec551292dd9d5071c9760cc7d63fefc51f Copy to Clipboard
SSDeep 3:pMCMn:3Mn Copy to Clipboard
ImpHash -
C:\WINDOWS\rwjfk.bat Dropped File Batch
Unknown
...
»
Mime Type application/x-bat
File Size 144 Bytes
MD5 4e714e2aa7f0c6a762c4d9a5162e3173 Copy to Clipboard
SHA1 ed3b8509ff3f9e849f2c2450d14f09a33ea1785e Copy to Clipboard
SHA256 593d002c58bbcab7a6fee250b15b360552e360a08995e9057646493184f47b76 Copy to Clipboard
SSDeep 3:QwZYpBgvFN6JErFN8BLiIVdks0yoNKpov95Q0cL+VOpVy:QEGBtJEItTFoN/v3fc+ Copy to Clipboard
ImpHash -
\\?\C:\BOOTSECT.BAK YTYUQOSV5.waiting Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\BOOTSECT.BAK (Dropped File)
Mime Type application/octet-stream
File Size 9.50 KB
MD5 275c2feea54317df4ca05a491edf3d70 Copy to Clipboard
SHA1 ccef6a2222b911cc7e8ab2d5b04da9f82440d186 Copy to Clipboard
SHA256 a9d23051373204399ce6f5d0d96906c616fe79a493ba61639c86975cbe39f606 Copy to Clipboard
SSDeep 192:/WmJlBYPMeZGXHlu3mnOMI1Yka9TeCgInUsVZ11K5csJLq1p/2ypD:xlBYPMe6lNYYka9KjmUsVZ101L4ui Copy to Clipboard
ImpHash -
\\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini YTYUQOSV5.waiting Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini (Dropped File)
Mime Type application/octet-stream
File Size 1.63 KB
MD5 f75c4f8eea3abf7e97475d17ffa716f5 Copy to Clipboard
SHA1 a1b63e5642f4bc71d72aaabaecc0beedd7a8582f Copy to Clipboard
SHA256 7df59eba05c7c353c7fc1d891897f83ff2315439a44f964d8a3489493873aad3 Copy to Clipboard
SSDeep 48:pXalr/qPeHnMTSL4pLHypcTbQfc6zyaFD8HaXRYamZ/kW9f+0:B6OejLQjAAWkERYa+cW9h Copy to Clipboard
ImpHash -
\\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini YTYUQOSV5.waiting Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini (Dropped File)
Mime Type application/octet-stream
File Size 1.63 KB
MD5 94c5f7873e190141a6277b67db5e25bf Copy to Clipboard
SHA1 8c33028515c0dc075e6d5dc871d1b665f0da9796 Copy to Clipboard
SHA256 62d793959341aed7a06acf3a68bf1f4b2e6c01f4d0de79ad76145b03cb3d2aaf Copy to Clipboard
SSDeep 48:x+cpNJJ5KELHypcTbQfc6zyaFD8HaXRYamZ/kW9f+0:3pN5BjAAWkERYa+cW9h Copy to Clipboard
ImpHash -
\\?\C:\588bce7c90097ed212\1029\eula.rtf YTYUQOSV5.waiting Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\588bce7c90097ed212\1029\eula.rtf (Dropped File)
Mime Type application/octet-stream
File Size 5.14 KB
MD5 6167deb096de109e9ea5c222271f6c37 Copy to Clipboard
SHA1 a0a5b4ebdc37eef77e975416e5b42732d747406c Copy to Clipboard
SHA256 1aa1855c4e0944c54a62c474cf8c6be9da5b6f39d38538dbd132cf2aa7d5f8e2 Copy to Clipboard
SSDeep 96:hhXqEXCoHMbPgr8xpiiKrikEnxZpg/OtXHMJyTkMecw0fddjAAWkERYa+cW9h:hhXD3HMccg2pgqsJyKcnfHp/2ypD Copy to Clipboard
ImpHash -
\\?\C:\588bce7c90097ed212\1028\eula.rtf YTYUQOSV5.waiting Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\588bce7c90097ed212\1028\eula.rtf (Dropped File)
Mime Type application/octet-stream
File Size 7.66 KB
MD5 2d97235748ba0f634c147e9f73fd8c48 Copy to Clipboard
SHA1 b9588a8446eda31cc6c9c209303e850e221795e9 Copy to Clipboard
SHA256 d8019c91fcd3d71f81e8714775604b5ce0033084ec8993d9a484308094474078 Copy to Clipboard
SSDeep 96:At70zeg4S9NzIWu1gxS1AKRRCkJst/v8TUJJadp/BVifa9QiuWll0hGANELdyjAs:bn4S9vkt1AOMAW8TUXaH2fXVacp/2ypD Copy to Clipboard
ImpHash -
\\?\C:\588bce7c90097ed212\1029\LocalizedData.xml YTYUQOSV5.waiting Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\588bce7c90097ed212\1029\LocalizedData.xml (Dropped File)
Mime Type application/octet-stream
File Size 80.57 KB
MD5 ad46e262146ce8d934a7a55507450032 Copy to Clipboard
SHA1 7ba133b6c635df97496263166b2d8d301373cd8b Copy to Clipboard
SHA256 5d07a89d5e5802dea6e41e755ee1536a9fb8427744a9d5c7b23d501595c46a3c Copy to Clipboard
SSDeep 1536:83Z67g8d7XkRkTH9tJXltXwTXQr4iKIZp0IVsvVtNo1nPYq+hvMGty1PdBury:87wXTdnXltg0PTZp0ZVfo1nAThvVty1p Copy to Clipboard
ImpHash -
\\?\C:\Logs\Application.evtx YTYUQOSV5.waiting Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\Logs\Application.evtx (Dropped File)
Mime Type application/octet-stream
File Size 69.50 KB
MD5 15420969bc9ae3fdb23117e7439ea07a Copy to Clipboard
SHA1 a4308a26bbec1a62f710b4da6a65606843c1bfd4 Copy to Clipboard
SHA256 26e87871fac813c29e0ea142fa7b1d7731fba638d1cb3f7fa93a63776bb76f5b Copy to Clipboard
SSDeep 1536:wI34y+kN0PuBk649uFZVs9/qhwOVMW0WMc2Xs22eGyCwTPdor:wIoZVGBK9MM/qZGXWkXspwT2r Copy to Clipboard
ImpHash -
\\?\C:\588bce7c90097ed212\1025\eula.rtf YTYUQOSV5.waiting Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\588bce7c90097ed212\1025\eula.rtf (Dropped File)
Mime Type application/octet-stream
File Size 8.89 KB
MD5 d0f857180a754a61d32ac001eec180e0 Copy to Clipboard
SHA1 2080464be521b385ee4acbe4bebb37e8e0dde80a Copy to Clipboard
SHA256 5c4b37aa558c0e05bb66aefaff74bb9ec08883a143b8b9452dc8f3222fbdf9a2 Copy to Clipboard
SSDeep 192:G31xuHmc+EZr/ZVTlJoOXercw9vEMCbqCOMp/2ypD:+xqmc+EZr/ZVT/oOXerjEYCXui Copy to Clipboard
ImpHash -
\\?\C:\588bce7c90097ed212\1025\LocalizedData.xml YTYUQOSV5.waiting Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\588bce7c90097ed212\1025\LocalizedData.xml (Dropped File)
Mime Type application/octet-stream
File Size 73.97 KB
MD5 8c1892694057111653afbf17bde987bf Copy to Clipboard
SHA1 cf8f7354cf28e8e20eb6d312a557db4edb1f1032 Copy to Clipboard
SHA256 3274ae9e9dd0b589aa3fca9bfd2f31976994fb757a72d8ed583911428591671c Copy to Clipboard
SSDeep 1536:yEUEyyoOWhUTTLPOXOtyrPuVeikCw0GxlW2OhDl49ycULD:3UEyypnLP9tyrWLdGKD6ZcD Copy to Clipboard
ImpHash -
\\?\C:\$Recycle.Bin\S-1-5-18\ReadMe.hta Dropped File Text
Unknown
...
»
Also Known As \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\ReadMe.hta (Dropped File)
\\?\C:\ESD\ReadMe.hta (Dropped File)
\\?\C:\$Recycle.Bin\ReadMe.hta (Dropped File)
\\?\C:\$GetCurrent\ReadMe.hta (Dropped File)
Mime Type text/html
File Size 11.19 KB
MD5 b9f743f09d281a0b3094df4f8d0953e4 Copy to Clipboard
SHA1 816898e22d1e88ee037346ecf2b49340b67b802a Copy to Clipboard
SHA256 cecdd739295742e5644713ecbcce37e243e54790c9c149c259d5121b76c70cd8 Copy to Clipboard
SSDeep 192:M3mzxU1UPRHPEXyBYet2yXTWXnhLxmoLlfzfM8uaG3UN7tMs+OqdOgzZLPFVo:MDMRECCy+nZLlJdGEN7tMbNJdVo Copy to Clipboard
ImpHash -
Parser Error Remark Static engine was unable to completely parse the analyzed file
\\?\C:\588bce7c90097ed212\1029\SetupResources.dll YTYUQOSV5.waiting Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\588bce7c90097ed212\1029\SetupResources.dll (Dropped File)
Mime Type application/octet-stream
File Size 19.34 KB
MD5 7837d95e0e52fced9e7ff27640e39bb1 Copy to Clipboard
SHA1 6cfd0d1daf7a12fe48e28f1a17ae93b5bc75b318 Copy to Clipboard
SHA256 72f111f45f366e15ff0771f30a0e88b7e1bfc4d30b29659aebf61d0c691d3d81 Copy to Clipboard
SSDeep 384:9Zz88Bo6lvZMQZV82xxcL7ocTG7kdvGSKglHqCyEN4yzCKl3UDmAui:fF15ZyNjG70lKCH3lq Copy to Clipboard
ImpHash -
\\?\C:\588bce7c90097ed212\1028\SetupResources.dll YTYUQOSV5.waiting Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\588bce7c90097ed212\1028\SetupResources.dll (Dropped File)
Mime Type application/octet-stream
File Size 15.34 KB
MD5 9fe271a8e0a701f39bf5c66ab6718e73 Copy to Clipboard
SHA1 56c1883dee370778a1d8d21113228f5478fd2902 Copy to Clipboard
SHA256 b970c278f96d72a050212c73620334e800ab5ff0b9d4023772610fdddbcac530 Copy to Clipboard
SSDeep 384:QkvgttFA/SPSgYBJR0PpyWJQ9lgoVnsoQui:boeKPSgAJO7nmnz8 Copy to Clipboard
ImpHash -
\\?\C:\588bce7c90097ed212\1025\SetupResources.dll YTYUQOSV5.waiting Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\588bce7c90097ed212\1025\SetupResources.dll (Dropped File)
Mime Type application/octet-stream
File Size 18.34 KB
MD5 97aa1598a1a55e626af418e92f85fd3f Copy to Clipboard
SHA1 1747e261eab333f1a32d6950f209d8dce3f97b2f Copy to Clipboard
SHA256 99b0b8afc1f320f1898dca818a1664e8fd53ffd2dbfb553342a53a7f14cc32f6 Copy to Clipboard
SSDeep 384:bNlSPym1sqXvZFLhSpgf7HwNGWMCv8n3ZwJsqaSazf4OSxcHhFlZ5Vrtkui:gsmBF1SGrwNGWRvgqJIj4pcHvPW Copy to Clipboard
ImpHash -
\\?\C:\bootmgr Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\bootmgr YTYUQOSV5.waiting (Dropped File)
Mime Type application/octet-stream
File Size 385.96 KB
MD5 01f5b115d847ea315b4027f218f38adb Copy to Clipboard
SHA1 b1432e03feb51c75c78df2917c7fccaf9dbfca2a Copy to Clipboard
SHA256 106866f949214c045917afff1c8296f119f21660dca4346034a78bc45b9f3362 Copy to Clipboard
SSDeep 6144:7B+4OS2OPqf/hy+H/ekrMXrCVU4qeTF2cvgIQ7wNhdGG+sAR20Hq1dKkKItWW1Yn:7V+QVr4qeT09I5DwkYB9F Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image