e1a3d8c2...7869 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Downloader
Trojan
Spyware
Threat Names:
Gen:Variant.Ser.Razy.7042
Gen:Variant.Babar.17561
Mal/HTMLGen-A
...

vfqvtn.exe

Windows Exe (x86-32)

Created at 2020-01-16T21:28:00

...

Remarks (2/2)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "7 minutes, 30 seconds" to "3 minutes, 10 seconds" to reveal dormant functionality.

(0x0200003A): A task was rescheduled ahead of time to reveal dormant functionality.

Remarks

(0x0200000F): The maximum number of memory dumps was exceeded. Some dumps may be missing in the report.

Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vfqvtn.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 190.00 KB
MD5 0c1e3ca75491b6da7f7319e60f8034be Copy to Clipboard
SHA1 96043bda6eb96ef40a69aa945ca316f3440503ae Copy to Clipboard
SHA256 e1a3d8c2c842801a2e94c3d737a0336f5cc9dd837b0cebf63bcfd96fe5aa7869 Copy to Clipboard
SSDeep 3072:BGLrVCMxzXgDSdpp/518+oHdwZA5E/YfNtrISwCe3wwbA1L0nmDOBna/jlkbMhm6:2NTgDSdpp4GQEQfNVx43wwbA1YnmDX/P Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2020-01-15 11:53 (UTC+1)
Last Seen 2020-01-15 12:07 (UTC+1)
Names Win32.Trojan.Trickster
Families Trickster
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x401000
Size Of Code 0x2f600
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-01-13 06:51:52+00:00
Sections (1)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x2f42a 0x2f600 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.98
Memory Dumps (15)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
vfqvtn.exe 1 0x00400000 0x00430FFF First Execution True 32-bit 0x00401000 True False
...
vfqvtn.exe 1 0x00400000 0x00430FFF Content Changed True 32-bit 0x0042F990 True False
...
buffer 1 0x00250000 0x00250FFF First Execution False 32-bit 0x00250000 False False
...
buffer 1 0x10000000 0x10004FFF First Execution False 32-bit 0x10001000 False False
...
buffer 1 0x10000000 0x10004FFF Content Changed False 32-bit 0x1000220F False False
...
buffer 2 0x00050000 0x00071FFF First Execution False 64-bit 0x00051000 False False
...
buffer 1 0x00240000 0x00245FFF Image In Buffer True 32-bit - False False
...
buffer 1 0x00210000 0x00231FFF Marked Executable False 32-bit - False False
...
buffer 1 0x00270000 0x00270FFF Marked Executable False 32-bit - False False
...
vfqvtn.exe 1 0x00400000 0x00430FFF Process Termination True 32-bit - True False
...
vfqvtn.exe 7 0x00400000 0x00430FFF First Execution True 32-bit 0x00401000 True False
...
buffer 7 0x10000000 0x10004FFF First Execution False 32-bit 0x10001000 False False
...
buffer 7 0x10000000 0x10004FFF Content Changed False 32-bit 0x1000220F False False
...
buffer 7 0x001D0000 0x001D5FFF Image In Buffer True 32-bit - False False
...
vfqvtn.exe 7 0x00400000 0x00430FFF Process Termination True 32-bit - True False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Ser.Razy.7042
Malicious
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Login Data.bak Dropped File Sqlite
Whitelisted
...
»
Mime Type application/x-sqlite3
File Size 18.00 KB
MD5 29844404ae855e9df054833f71888eb1 Copy to Clipboard
SHA1 3e86f08def08fc14ddec0227d0643319562666db Copy to Clipboard
SHA256 c381401ea96dfe9b926126dcbbc0dd6ab541dbf549732cc6c66f20096b1f663e Copy to Clipboard
SSDeep 24:LLijhJ0KL7G0TMJHUyyJtmCm0u6lOKQAE9V8FsffDVOzeCmly6UwcTa/HMQW:wz+JH3yJUhJCVE9V8FsXhFlNU1Ts3W Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2016-08-06 16:42 (UTC+2)
Last Seen 2018-09-13 14:46 (UTC+2)
settings.ini Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 15.06 KB
MD5 7e20ed78388bbe597750cf89025f5432 Copy to Clipboard
SHA1 ad4cbdc627fe4138a0ea23b2ba3d0352b4578a26 Copy to Clipboard
SHA256 62816d2dfa4198b1e2b467f53aa20904c6bea50126a0446e24d6ae650d5b5436 Copy to Clipboard
SSDeep 192:ohcdyt+C7+LRvQY9dV6X0lLZFdQnUTQeMTns693nH7zdVxRpWG3:oiyH7YiSdgXElo+PMTs6JH7BVXpV Copy to Clipboard
ImpHash None Copy to Clipboard
settings.ini Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 15.24 KB
MD5 cfbca4c1f12c2908b39f14143cffc82e Copy to Clipboard
SHA1 fbec2560e4f0b8b682fa57cceb3cf3d10c25b072 Copy to Clipboard
SHA256 7c64fe385cedc48f01db1d5db72c86020003f600f7ab1e6b14b613907fd402cb Copy to Clipboard
SSDeep 192:ohcdyt+C7+LRvQY9dV6X0lLZFdQnUTQeMQqaC4PfNavFVc2pWG3:oiyH7YiSdgXElo+PMkC4P6FK2pV Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gpuhealth\Data\pwgrab64 Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.07 MB
MD5 a9ad136b547532401b4e4026d6e07205 Copy to Clipboard
SHA1 3720e1c45734406eb590fd6d27f7690042817461 Copy to Clipboard
SHA256 443078f74a0a6a831fd5f5348a3323065e94284cb632078700f1acc039dbc2da Copy to Clipboard
SSDeep 24576:pWxJIWRaw2tC/70u1NjIsjYxTc8dxB576hke+CIq:QzIW0w2Du1NjD+dJm+e+CB Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Web Data.bak Dropped File Sqlite
Unknown
...
»
Mime Type application/x-sqlite3
File Size 68.00 KB
MD5 3067eb8025ae0262c7a5c681d7982d67 Copy to Clipboard
SHA1 534976f915f2dd49adcf09677f9d38a0d0cfee63 Copy to Clipboard
SHA256 9260dd9c2b2253e0a886f4d66e22c561d23604fe0010bbac8240f8fdc3aaf945 Copy to Clipboard
SSDeep 96:byNQIoYnMvqyWx7pnqH+w/fVIrECuKdPraBdUDBBVWqwmKT/WTPepeWbtxYB+tCX:blkMvuzzTP6btWutle Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gpuhealth\Data\networkDll64 Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 23.17 KB
MD5 9b1f38f5282d6f4bd59103595f290493 Copy to Clipboard
SHA1 e555604826f0c8dd51e6aaf0ae60126768c064c0 Copy to Clipboard
SHA256 63f458f39f36e537b12f465eb7d019cfab447893af0616a8c3d40611821c2e2d Copy to Clipboard
SSDeep 384:87z6U7GqQ16/VtQ/8pIyVwF3hOPv16HhtiErpfqEDartZYv5flQqOa+294:87z37B4wQgwzOPdCtiEr1qEOOv5yx Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gpuhealth\Data\mshareDll64 Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 16.23 KB
MD5 0b52f7cf3cbd22936f995b55a296fb13 Copy to Clipboard
SHA1 6b122541ec858f228f922c9a73632a5fd1ad0501 Copy to Clipboard
SHA256 7504d909fb236fcc87526db632700f84df3eef119997073d3391778969bd009e Copy to Clipboard
SSDeep 384:A3MIMmMfdQRyKcCr3mR3GjcI3DR4SW7oS5PH3z/lF:Gc2yKcC23Gjc8DR4Sl2PH3xF Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gpuhealth\Data\mwormDll64 Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 26.73 KB
MD5 eaebb1253112cd759c45521c341b1615 Copy to Clipboard
SHA1 34844f26193556b73f08d26321186323b7a882d3 Copy to Clipboard
SHA256 aafd8ff358dbc1f1abfefa55efe52500e5c1a9193c1b313808029d40425fcb2d Copy to Clipboard
SSDeep 768:o1rAgcN/4PWUAhTqCkpk7G1ErFKdiz3nIl8S57:Kk9N/+WUAtDp3E8Y7 Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gpuhealth\Data\tabDll64 Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 821.34 KB
MD5 01c7925be09f98d03146e99ee7be8f68 Copy to Clipboard
SHA1 ef20f8cb42949fe8beec44c510782fe27c87bcf8 Copy to Clipboard
SHA256 3df90616e4e2914fd119f23eaeb99c4f5542f66a0035d9a1747732159040ea79 Copy to Clipboard
SSDeep 12288:L8EM1JBFBz+b48nXLxRhywwXwamXT1SuJEwJso5jt4r00TAp9aP89KUocgAIOt3:LBSf7z+pXvgmXTcwJso5RMMVoc5Iq Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gpuhealth\data\networkDll64_configs\dpost Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gpuhealth\data\pwgrab64_configs\dpost (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gpuhealth\data\tabDll64_configs\dpost (Dropped File)
Mime Type application/octet-stream
File Size 1.11 KB
MD5 6be6c96c499d0925073e2ae3bf7e34df Copy to Clipboard
SHA1 d9e36fcedf70f2785252091708af6c7a76846103 Copy to Clipboard
SHA256 38c4ac71f25bdea86b8a8eed3561245afcb775143720fbf026b3555a3190ef82 Copy to Clipboard
SSDeep 24:zz2SLkNVzPMKpMAtLwMqgyUeUfR+a/fClfNQi50mL0SBXAZr:zJLyVzLBxFqgnR+aCVjgT5 Copy to Clipboard
ImpHash None Copy to Clipboard
log_install.tmp Downloaded File Binary
Unknown
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 516.00 KB
MD5 f008475b33f126969f99289c46aa4aba Copy to Clipboard
SHA1 3ae5e623d774b76f59773c4b1a0281d341b56976 Copy to Clipboard
SHA256 172c62a5dae0a6cd53acaf382dacdc3a89e7ef39a5cf32159f53f8cafca94175 Copy to Clipboard
SSDeep 6144:+DRdk/aRqDoepJkaDC0vu4psV+odLlonFQvpL+BIiOQhRfaweEeRe0in:Wk/aRqDoAqaDCKs5R2nFQvRKR32bi Copy to Clipboard
ImpHash f59d56ee665fe6d5f4a2507d251d8bf6 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x40fd20
Size Of Code 0x2d000
Size Of Initialized Data 0x57000
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-01-16 09:33:51+00:00
Version Information (9)
»
CompanyName -
FileDescription SQLJunior MFC Application
FileVersion 1, 0, 0, 1
InternalName SQLJunior
LegalCopyright Copyright (C) 2002
LegalTrademarks -
OriginalFilename SQLJunior.EXE
ProductName SQLJunior Application
ProductVersion 1, 0, 0, 1
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x2c96a 0x2d000 0x1000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.58
.rdata 0x42e000 0xbcc2 0xc000 0x2e000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.59
.data 0x43a000 0x7548 0x4000 0x3a000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.01
.rsrc 0x442000 0x42390 0x43000 0x3e000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.09
Imports (13)
»
KERNEL32.dll (116)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetUnhandledExceptionFilter 0x0 0x42e0cc 0x3827c 0x3827c 0x28b
HeapDestroy 0x0 0x42e0d0 0x38280 0x38280 0x19d
HeapCreate 0x0 0x42e0d4 0x38284 0x38284 0x19b
VirtualFree 0x0 0x42e0d8 0x38288 0x38288 0x2bf
VirtualAlloc 0x0 0x42e0dc 0x3828c 0x3828c 0x2bb
IsBadWritePtr 0x0 0x42e0e0 0x38290 0x38290 0x1b8
LCMapStringA 0x0 0x42e0e4 0x38294 0x38294 0x1bf
LCMapStringW 0x0 0x42e0e8 0x38298 0x38298 0x1c0
GetStringTypeA 0x0 0x42e0ec 0x3829c 0x3829c 0x153
GetStringTypeW 0x0 0x42e0f0 0x382a0 0x382a0 0x156
UnhandledExceptionFilter 0x0 0x42e0f4 0x382a4 0x382a4 0x2ad
FreeEnvironmentStringsA 0x0 0x42e0f8 0x382a8 0x382a8 0xb2
FreeEnvironmentStringsW 0x0 0x42e0fc 0x382ac 0x382ac 0xb3
GetEnvironmentStrings 0x0 0x42e100 0x382b0 0x382b0 0x106
GetTimeZoneInformation 0x0 0x42e104 0x382b4 0x382b4 0x170
SetHandleCount 0x0 0x42e108 0x382b8 0x382b8 0x26d
GetStdHandle 0x0 0x42e10c 0x382bc 0x382bc 0x152
IsBadReadPtr 0x0 0x42e110 0x382c0 0x382c0 0x1b5
IsBadCodePtr 0x0 0x42e114 0x382c4 0x382c4 0x1b2
CompareStringA 0x0 0x42e118 0x382c8 0x382c8 0x21
CompareStringW 0x0 0x42e11c 0x382cc 0x382cc 0x22
SetEnvironmentVariableA 0x0 0x42e120 0x382d0 0x382d0 0x262
GetACP 0x0 0x42e124 0x382d4 0x382d4 0xb9
HeapReAlloc 0x0 0x42e128 0x382d8 0x382d8 0x1a2
HeapSize 0x0 0x42e12c 0x382dc 0x382dc 0x1a3
GetProfileStringA 0x0 0x42e130 0x382e0 0x382e0 0x14b
GetFileType 0x0 0x42e134 0x382e4 0x382e4 0x115
SetStdHandle 0x0 0x42e138 0x382e8 0x382e8 0x27c
TerminateProcess 0x0 0x42e13c 0x382ec 0x382ec 0x29e
HeapFree 0x0 0x42e140 0x382f0 0x382f0 0x19f
GetCommandLineA 0x0 0x42e144 0x382f4 0x382f4 0xca
GetStartupInfoA 0x0 0x42e148 0x382f8 0x382f8 0x150
HeapAlloc 0x0 0x42e14c 0x382fc 0x382fc 0x199
RaiseException 0x0 0x42e150 0x38300 0x38300 0x20b
RtlUnwind 0x0 0x42e154 0x38304 0x38304 0x22f
SetErrorMode 0x0 0x42e158 0x38308 0x38308 0x264
GetTickCount 0x0 0x42e15c 0x3830c 0x3830c 0x16d
GetFileTime 0x0 0x42e160 0x38310 0x38310 0x114
GetFileSize 0x0 0x42e164 0x38314 0x38314 0x112
GetFileAttributesA 0x0 0x42e168 0x38318 0x38318 0x10d
GetFullPathNameA 0x0 0x42e16c 0x3831c 0x3831c 0x116
GetVolumeInformationA 0x0 0x42e170 0x38320 0x38320 0x177
FindFirstFileA 0x0 0x42e174 0x38324 0x38324 0x94
FindClose 0x0 0x42e178 0x38328 0x38328 0x90
SetEndOfFile 0x0 0x42e17c 0x3832c 0x3832c 0x261
UnlockFile 0x0 0x42e180 0x38330 0x38330 0x2ae
LockFile 0x0 0x42e184 0x38334 0x38334 0x1d3
FlushFileBuffers 0x0 0x42e188 0x38338 0x38338 0xaa
SetFilePointer 0x0 0x42e18c 0x3833c 0x3833c 0x26a
WriteFile 0x0 0x42e190 0x38340 0x38340 0x2df
ReadFile 0x0 0x42e194 0x38344 0x38344 0x218
CreateFileA 0x0 0x42e198 0x38348 0x38348 0x34
GetCurrentProcess 0x0 0x42e19c 0x3834c 0x3834c 0xf7
DuplicateHandle 0x0 0x42e1a0 0x38350 0x38350 0x63
WritePrivateProfileStringA 0x0 0x42e1a4 0x38354 0x38354 0x2e5
FileTimeToLocalFileTime 0x0 0x42e1a8 0x38358 0x38358 0x89
FileTimeToSystemTime 0x0 0x42e1ac 0x3835c 0x3835c 0x8a
GetOEMCP 0x0 0x42e1b0 0x38360 0x38360 0x131
GetCPInfo 0x0 0x42e1b4 0x38364 0x38364 0xbf
GlobalFlags 0x0 0x42e1b8 0x38368 0x38368 0x187
TlsGetValue 0x0 0x42e1bc 0x3836c 0x3836c 0x2a4
LocalReAlloc 0x0 0x42e1c0 0x38370 0x38370 0x1cf
TlsSetValue 0x0 0x42e1c4 0x38374 0x38374 0x2a5
EnterCriticalSection 0x0 0x42e1c8 0x38378 0x38378 0x66
LeaveCriticalSection 0x0 0x42e1cc 0x3837c 0x3837c 0x1c1
TlsFree 0x0 0x42e1d0 0x38380 0x38380 0x2a3
GlobalHandle 0x0 0x42e1d4 0x38384 0x38384 0x18b
DeleteCriticalSection 0x0 0x42e1d8 0x38388 0x38388 0x55
TlsAlloc 0x0 0x42e1dc 0x3838c 0x3838c 0x2a2
InitializeCriticalSection 0x0 0x42e1e0 0x38390 0x38390 0x1aa
LocalAlloc 0x0 0x42e1e4 0x38394 0x38394 0x1c8
GetLastError 0x0 0x42e1e8 0x38398 0x38398 0x11a
GetProcessVersion 0x0 0x42e1ec 0x3839c 0x3839c 0x145
SizeofResource 0x0 0x42e1f0 0x383a0 0x383a0 0x295
MulDiv 0x0 0x42e1f4 0x383a4 0x383a4 0x1e3
SetLastError 0x0 0x42e1f8 0x383a8 0x383a8 0x271
GlobalReAlloc 0x0 0x42e1fc 0x383ac 0x383ac 0x18f
lstrcpynA 0x0 0x42e200 0x383b0 0x383b0 0x305
CloseHandle 0x0 0x42e204 0x383b4 0x383b4 0x1b
GlobalAlloc 0x0 0x42e208 0x383b8 0x383b8 0x181
lstrcmpA 0x0 0x42e20c 0x383bc 0x383bc 0x2fc
GetCurrentThread 0x0 0x42e210 0x383c0 0x383c0 0xf9
GetThreadLocale 0x0 0x42e214 0x383c4 0x383c4 0x168
FormatMessageA 0x0 0x42e218 0x383c8 0x383c8 0xaf
LocalFree 0x0 0x42e21c 0x383cc 0x383cc 0x1cc
GetModuleFileNameA 0x0 0x42e220 0x383d0 0x383d0 0x124
MultiByteToWideChar 0x0 0x42e224 0x383d4 0x383d4 0x1e4
WideCharToMultiByte 0x0 0x42e228 0x383d8 0x383d8 0x2d2
lstrlenA 0x0 0x42e22c 0x383dc 0x383dc 0x308
InterlockedDecrement 0x0 0x42e230 0x383e0 0x383e0 0x1ad
InterlockedIncrement 0x0 0x42e234 0x383e4 0x383e4 0x1b0
GlobalLock 0x0 0x42e238 0x383e8 0x383e8 0x18c
GlobalUnlock 0x0 0x42e23c 0x383ec 0x383ec 0x193
LoadLibraryA 0x0 0x42e240 0x383f0 0x383f0 0x1c2
FreeLibrary 0x0 0x42e244 0x383f4 0x383f4 0xb4
GetVersion 0x0 0x42e248 0x383f8 0x383f8 0x174
lstrcatA 0x0 0x42e24c 0x383fc 0x383fc 0x2f9
GetCurrentThreadId 0x0 0x42e250 0x38400 0x38400 0xfa
GlobalGetAtomNameA 0x0 0x42e254 0x38404 0x38404 0x189
lstrcmpiA 0x0 0x42e258 0x38408 0x38408 0x2ff
GlobalAddAtomA 0x0 0x42e25c 0x3840c 0x3840c 0x17f
GlobalFindAtomA 0x0 0x42e260 0x38410 0x38410 0x184
GlobalDeleteAtom 0x0 0x42e264 0x38414 0x38414 0x183
lstrcpyA 0x0 0x42e268 0x38418 0x38418 0x302
GetModuleHandleA 0x0 0x42e26c 0x3841c 0x3841c 0x126
GetProcAddress 0x0 0x42e270 0x38420 0x38420 0x13e
FindResourceA 0x0 0x42e274 0x38424 0x38424 0xa3
LoadResource 0x0 0x42e278 0x38428 0x38428 0x1c7
LockResource 0x0 0x42e27c 0x3842c 0x3842c 0x1d5
GlobalFree 0x0 0x42e280 0x38430 0x38430 0x188
GetModuleFileNameW 0x0 0x42e284 0x38434 0x38434 0x125
CopyFileW 0x0 0x42e288 0x38438 0x38438 0x2b
ExitProcess 0x0 0x42e28c 0x3843c 0x3843c 0x7d
LoadLibraryW 0x0 0x42e290 0x38440 0x38440 0x1c5
GetEnvironmentStringsW 0x0 0x42e294 0x38444 0x38444 0x108
Sleep 0x0 0x42e298 0x38448 0x38448 0x296
USER32.dll (127)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PeekMessageA 0x0 0x42e330 0x384e0 0x384e0 0x1dc
DispatchMessageA 0x0 0x42e334 0x384e4 0x384e4 0x95
IsWindow 0x0 0x42e338 0x384e8 0x384e8 0x18f
AdjustWindowRectEx 0x0 0x42e33c 0x384ec 0x384ec 0x2
ScreenToClient 0x0 0x42e340 0x384f0 0x384f0 0x20a
CopyRect 0x0 0x42e344 0x384f4 0x384f4 0x44
IsWindowVisible 0x0 0x42e348 0x384f8 0x384f8 0x192
GetTopWindow 0x0 0x42e34c 0x384fc 0x384fc 0x14c
MessageBoxA 0x0 0x42e350 0x38500 0x38500 0x1be
IsChild 0x0 0x42e354 0x38504 0x38504 0x185
WinHelpA 0x0 0x42e358 0x38508 0x38508 0x2a6
wsprintfA 0x0 0x42e35c 0x3850c 0x3850c 0x2ac
GetClassInfoA 0x0 0x42e360 0x38510 0x38510 0xe7
RegisterClassA 0x0 0x42e364 0x38514 0x38514 0x1f2
GetMenu 0x0 0x42e368 0x38518 0x38518 0x11c
GetMenuItemCount 0x0 0x42e36c 0x3851c 0x3851c 0x122
GetSubMenu 0x0 0x42e370 0x38520 0x38520 0x142
GetMenuItemID 0x0 0x42e374 0x38524 0x38524 0x123
GetWindowTextLengthA 0x0 0x42e378 0x38528 0x38528 0x15f
GetWindowTextA 0x0 0x42e37c 0x3852c 0x3852c 0x15e
GetDlgCtrlID 0x0 0x42e380 0x38530 0x38530 0x101
DefWindowProcA 0x0 0x42e384 0x38534 0x38534 0x84
DestroyWindow 0x0 0x42e388 0x38538 0x38538 0x8e
CreateWindowExA 0x0 0x42e38c 0x3853c 0x3853c 0x59
SetWindowsHookExA 0x0 0x42e390 0x38540 0x38540 0x262
CallNextHookEx 0x0 0x42e394 0x38544 0x38544 0x15
GetClassLongA 0x0 0x42e398 0x38548 0x38548 0xeb
SetPropA 0x0 0x42e39c 0x3854c 0x3854c 0x242
UnhookWindowsHookEx 0x0 0x42e3a0 0x38550 0x38550 0x286
GetPropA 0x0 0x42e3a4 0x38554 0x38554 0x13a
CallWindowProcA 0x0 0x42e3a8 0x38558 0x38558 0x16
GetMenuState 0x0 0x42e3ac 0x3855c 0x3855c 0x127
GetMessageTime 0x0 0x42e3b0 0x38560 0x38560 0x12d
GetMessagePos 0x0 0x42e3b4 0x38564 0x38564 0x12c
GetLastActivePopup 0x0 0x42e3b8 0x38568 0x38568 0x119
GetForegroundWindow 0x0 0x42e3bc 0x3856c 0x3856c 0x108
SetForegroundWindow 0x0 0x42e3c0 0x38570 0x38570 0x230
EnableWindow 0x0 0x42e3c4 0x38574 0x38574 0xb7
SendMessageA 0x0 0x42e3c8 0x38578 0x38578 0x214
LoadIconA 0x0 0x42e3cc 0x3857c 0x3857c 0x19e
UnregisterClassA 0x0 0x42e3d0 0x38580 0x38580 0x28b
HideCaret 0x0 0x42e3d4 0x38584 0x38584 0x166
ShowCaret 0x0 0x42e3d8 0x38588 0x38588 0x265
ExcludeUpdateRgn 0x0 0x42e3dc 0x3858c 0x3858c 0xd2
DrawFocusRect 0x0 0x42e3e0 0x38590 0x38590 0xa6
DefDlgProcA 0x0 0x42e3e4 0x38594 0x38594 0x7e
IsWindowUnicode 0x0 0x42e3e8 0x38598 0x38598 0x191
AppendMenuA 0x0 0x42e3ec 0x3859c 0x3859c 0x7
LoadBitmapA 0x0 0x42e3f0 0x385a0 0x385a0 0x198
GetMenuCheckMarkDimensions 0x0 0x42e3f4 0x385a4 0x385a4 0x11e
GetSysColor 0x0 0x42e3f8 0x385a8 0x385a8 0x143
SetWindowLongA 0x0 0x42e3fc 0x385ac 0x385ac 0x258
RegisterWindowMessageA 0x0 0x42e400 0x385b0 0x385b0 0x200
OffsetRect 0x0 0x42e404 0x385b4 0x385b4 0x1d2
IntersectRect 0x0 0x42e408 0x385b8 0x385b8 0x179
SystemParametersInfoA 0x0 0x42e40c 0x385bc 0x385bc 0x271
GetWindowPlacement 0x0 0x42e410 0x385c0 0x385c0 0x15b
MapDialogRect 0x0 0x42e414 0x385c4 0x385c4 0x1b4
SetWindowPos 0x0 0x42e418 0x385c8 0x385c8 0x25b
ShowWindow 0x0 0x42e41c 0x385cc 0x385cc 0x26a
PostMessageA 0x0 0x42e420 0x385d0 0x385d0 0x1de
GetCapture 0x0 0x42e424 0x385d4 0x385d4 0xe4
GetActiveWindow 0x0 0x42e428 0x385d8 0x385d8 0xdd
SetActiveWindow 0x0 0x42e42c 0x385dc 0x385dc 0x21c
GetAsyncKeyState 0x0 0x42e430 0x385e0 0x385e0 0xe3
GetWindowLongA 0x0 0x42e434 0x385e4 0x385e4 0x156
MapWindowPoints 0x0 0x42e438 0x385e8 0x385e8 0x1b9
SendDlgItemMessageA 0x0 0x42e43c 0x385ec 0x385ec 0x20f
ModifyMenuA 0x0 0x42e440 0x385f0 0x385f0 0x1c4
UpdateWindow 0x0 0x42e444 0x385f4 0x385f4 0x291
GetNextDlgTabItem 0x0 0x42e448 0x385f8 0x385f8 0x133
EnableMenuItem 0x0 0x42e44c 0x385fc 0x385fc 0xb5
CheckMenuItem 0x0 0x42e450 0x38600 0x38600 0x34
GetFocus 0x0 0x42e454 0x38604 0x38604 0x107
SetFocus 0x0 0x42e458 0x38608 0x38608 0x22f
GetDlgItem 0x0 0x42e45c 0x3860c 0x3860c 0x102
IsWindowEnabled 0x0 0x42e460 0x38610 0x38610 0x190
GetParent 0x0 0x42e464 0x38614 0x38614 0x135
LockWindowUpdate 0x0 0x42e468 0x38618 0x38618 0x1ae
GetKeyState 0x0 0x42e46c 0x3861c 0x3861c 0x112
GetWindowRect 0x0 0x42e470 0x38620 0x38620 0x15c
IsIconic 0x0 0x42e474 0x38624 0x38624 0x18c
GetSystemMetrics 0x0 0x42e478 0x38628 0x38628 0x146
GetClientRect 0x0 0x42e47c 0x3862c 0x3862c 0xf0
DrawIcon 0x0 0x42e480 0x38630 0x38630 0xa9
GetSystemMenu 0x0 0x42e484 0x38634 0x38634 0x145
CreateDialogIndirectParamA 0x0 0x42e488 0x38638 0x38638 0x4c
EndDialog 0x0 0x42e48c 0x3863c 0x3863c 0xb9
IsDialogMessageA 0x0 0x42e490 0x38640 0x38640 0x188
SetWindowTextA 0x0 0x42e494 0x38644 0x38644 0x25e
MoveWindow 0x0 0x42e498 0x38648 0x38648 0x1c9
CharNextA 0x0 0x42e49c 0x3864c 0x3864c 0x25
PostQuitMessage 0x0 0x42e4a0 0x38650 0x38650 0x1e0
SetCursor 0x0 0x42e4a4 0x38654 0x38654 0x226
GetCursorPos 0x0 0x42e4a8 0x38658 0x38658 0xfc
ValidateRect 0x0 0x42e4ac 0x3865c 0x3865c 0x29a
TranslateMessage 0x0 0x42e4b0 0x38660 0x38660 0x282
GetMessageA 0x0 0x42e4b4 0x38664 0x38664 0x12a
PostThreadMessageA 0x0 0x42e4b8 0x38668 0x38668 0x1e1
SetMenuItemBitmaps 0x0 0x42e4bc 0x3866c 0x3866c 0x239
GetWindow 0x0 0x42e4c0 0x38670 0x38670 0x152
RegisterClipboardFormatA 0x0 0x42e4c4 0x38674 0x38674 0x1f6
InflateRect 0x0 0x42e4c8 0x38678 0x38678 0x171
CharUpperA 0x0 0x42e4cc 0x3867c 0x3867c 0x2f
GetNextDlgGroupItem 0x0 0x42e4d0 0x38680 0x38680 0x132
MessageBeep 0x0 0x42e4d4 0x38684 0x38684 0x1bd
InvalidateRect 0x0 0x42e4d8 0x38688 0x38688 0x17a
SetRect 0x0 0x42e4dc 0x3868c 0x3868c 0x244
CopyAcceleratorTableA 0x0 0x42e4e0 0x38690 0x38690 0x40
PtInRect 0x0 0x42e4e4 0x38694 0x38694 0x1ea
SetWindowContextHelpId 0x0 0x42e4e8 0x38698 0x38698 0x257
GetSysColorBrush 0x0 0x42e4ec 0x3869c 0x3869c 0x144
LoadCursorA 0x0 0x42e4f0 0x386a0 0x386a0 0x19a
GrayStringA 0x0 0x42e4f4 0x386a4 0x386a4 0x164
DrawTextA 0x0 0x42e4f8 0x386a8 0x386a8 0xaf
TabbedTextOutA 0x0 0x42e4fc 0x386ac 0x386ac 0x273
EndPaint 0x0 0x42e500 0x386b0 0x386b0 0xbb
BeginPaint 0x0 0x42e504 0x386b4 0x386b4 0xc
GetWindowDC 0x0 0x42e508 0x386b8 0x386b8 0x154
ReleaseDC 0x0 0x42e50c 0x386bc 0x386bc 0x203
GetDC 0x0 0x42e510 0x386c0 0x386c0 0xfd
ClientToScreen 0x0 0x42e514 0x386c4 0x386c4 0x3a
DestroyMenu 0x0 0x42e518 0x386c8 0x386c8 0x8d
LoadStringA 0x0 0x42e51c 0x386cc 0x386cc 0x1ab
RemovePropA 0x0 0x42e520 0x386d0 0x386d0 0x205
GetDesktopWindow 0x0 0x42e524 0x386d4 0x386d4 0xff
GetClassNameA 0x0 0x42e528 0x386d8 0x386d8 0xed
GDI32.dll (39)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IntersectClipRect 0x0 0x42e02c 0x381dc 0x381dc 0x180
DeleteObject 0x0 0x42e030 0x381e0 0x381e0 0x53
GetViewportExtEx 0x0 0x42e034 0x381e4 0x381e4 0x178
GetWindowExtEx 0x0 0x42e038 0x381e8 0x381e8 0x17b
ScaleWindowExtEx 0x0 0x42e03c 0x381ec 0x381ec 0x1c2
CreateSolidBrush 0x0 0x42e040 0x381f0 0x381f0 0x4d
PtVisible 0x0 0x42e044 0x381f4 0x381f4 0x1aa
RectVisible 0x0 0x42e048 0x381f8 0x381f8 0x1ae
TextOutA 0x0 0x42e04c 0x381fc 0x381fc 0x205
ExtTextOutA 0x0 0x42e050 0x38200 0x38200 0x9e
Escape 0x0 0x42e054 0x38204 0x38204 0x95
PatBlt 0x0 0x42e058 0x38208 0x38208 0x194
DPtoLP 0x0 0x42e05c 0x3820c 0x3820c 0x4e
LPtoDP 0x0 0x42e060 0x38210 0x38210 0x182
GetMapMode 0x0 0x42e064 0x38214 0x38214 0x147
SetWindowExtEx 0x0 0x42e068 0x38218 0x38218 0x1f9
ScaleViewportExtEx 0x0 0x42e06c 0x3821c 0x3821c 0x1c1
SetViewportExtEx 0x0 0x42e070 0x38220 0x38220 0x1f5
OffsetViewportOrgEx 0x0 0x42e074 0x38224 0x38224 0x18c
SetViewportOrgEx 0x0 0x42e078 0x38228 0x38228 0x1f6
SetMapMode 0x0 0x42e07c 0x3822c 0x3822c 0x1e2
SetBkMode 0x0 0x42e080 0x38230 0x38230 0x1ce
SelectObject 0x0 0x42e084 0x38234 0x38234 0x1c7
RestoreDC 0x0 0x42e088 0x38238 0x38238 0x1b9
SaveDC 0x0 0x42e08c 0x3823c 0x3823c 0x1c0
DeleteDC 0x0 0x42e090 0x38240 0x38240 0x50
GetStockObject 0x0 0x42e094 0x38244 0x38244 0x15f
GetDeviceCaps 0x0 0x42e098 0x38248 0x38248 0x125
GetBkColor 0x0 0x42e09c 0x3824c 0x3824c 0x107
GetTextColor 0x0 0x42e0a0 0x38250 0x38250 0x169
CreateBitmap 0x0 0x42e0a4 0x38254 0x38254 0x24
GetObjectA 0x0 0x42e0a8 0x38258 0x38258 0x14f
SetBkColor 0x0 0x42e0ac 0x3825c 0x3825c 0x1cd
SetTextColor 0x0 0x42e0b0 0x38260 0x38260 0x1f3
GetClipBox 0x0 0x42e0b4 0x38264 0x38264 0x11a
CreateDIBitmap 0x0 0x42e0b8 0x38268 0x38268 0x30
GetTextExtentPointA 0x0 0x42e0bc 0x3826c 0x3826c 0x170
BitBlt 0x0 0x42e0c0 0x38270 0x38270 0x11
CreateCompatibleDC 0x0 0x42e0c4 0x38274 0x38274 0x2a
comdlg32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetOpenFileNameA 0x0 0x42e540 0x386f0 0x386f0 0x9
GetSaveFileNameA 0x0 0x42e544 0x386f4 0x386f4 0xb
GetFileTitleA 0x0 0x42e548 0x386f8 0x386f8 0x7
WINSPOOL.DRV (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OpenPrinterA 0x0 0x42e530 0x386e0 0x386e0 0x7c
DocumentPropertiesA 0x0 0x42e534 0x386e4 0x386e4 0x47
ClosePrinter 0x0 0x42e538 0x386e8 0x386e8 0x1c
ADVAPI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey 0x0 0x42e000 0x381b0 0x381b0 0x15b
RegCreateKeyExA 0x0 0x42e004 0x381b4 0x381b4 0x15f
RegOpenKeyExA 0x0 0x42e008 0x381b8 0x381b8 0x172
RegSetValueExA 0x0 0x42e00c 0x381bc 0x381bc 0x186
RegOpenKeyExW 0x0 0x42e010 0x381c0 0x381c0 0x173
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteW 0x0 0x42e328 0x384d8 0x384d8 0x76
COMCTL32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PropertySheetA 0x0 0x42e018 0x381c8 0x381c8 0x49
DestroyPropertySheetPage 0x0 0x42e01c 0x381cc 0x381cc 0xa
CreatePropertySheetPageA 0x0 0x42e020 0x381d0 0x381d0 0x2
(by ordinal) 0x11 0x42e024 0x381d4 0x381d4 -
oledlg.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x8 0x42e590 0x38740 0x38740 -
ole32.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoGetClassObject 0x0 0x42e550 0x38700 0x38700 0x1c
StgOpenStorageOnILockBytes 0x0 0x42e554 0x38704 0x38704 0x10a
CoTaskMemAlloc 0x0 0x42e558 0x38708 0x38708 0x4e
CoTaskMemFree 0x0 0x42e55c 0x3870c 0x3870c 0x4f
CLSIDFromString 0x0 0x42e560 0x38710 0x38710 0x6
CLSIDFromProgID 0x0 0x42e564 0x38714 0x38714 0x5
StgCreateDocfileOnILockBytes 0x0 0x42e568 0x38718 0x38718 0xfe
CreateILockBytesOnHGlobal 0x0 0x42e56c 0x3871c 0x3871c 0x60
OleInitialize 0x0 0x42e570 0x38720 0x38720 0xc9
OleUninitialize 0x0 0x42e574 0x38724 0x38724 0xe0
CoFreeUnusedLibraries 0x0 0x42e578 0x38728 0x38728 0x16
CoRegisterMessageFilter 0x0 0x42e57c 0x3872c 0x3872c 0x40
CoRevokeClassObject 0x0 0x42e580 0x38730 0x38730 0x47
OleFlushClipboard 0x0 0x42e584 0x38734 0x38734 0xc4
OleIsCurrentClipboard 0x0 0x42e588 0x38738 0x38738 0xcb
OLEPRO32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0xfd 0x42e320 0x384d0 0x384d0 -
OLEAUT32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x6 0x42e2f8 0x384a8 0x384a8 -
VariantClear 0x9 0x42e2fc 0x384ac 0x384ac -
SysAllocString 0x2 0x42e300 0x384b0 0x384b0 -
SysAllocStringLen 0x4 0x42e304 0x384b4 0x384b4 -
SysStringLen 0x7 0x42e308 0x384b8 0x384b8 -
SysAllocStringByteLen 0x96 0x42e30c 0x384bc 0x384bc -
VariantCopy 0xa 0x42e310 0x384c0 0x384c0 -
VariantTimeToSystemTime 0xb9 0x42e314 0x384c4 0x384c4 -
VariantChangeType 0xc 0x42e318 0x384c8 0x384c8 -
ODBC32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x1f 0x42e2a0 0x38450 0x38450 -
(by ordinal) 0x29 0x42e2a4 0x38454 0x38454 -
(by ordinal) 0x2 0x42e2a8 0x38458 0x38458 -
(by ordinal) 0x1 0x42e2ac 0x3845c 0x3845c -
(by ordinal) 0x32 0x42e2b0 0x38460 0x38460 -
(by ordinal) 0x2d 0x42e2b4 0x38464 0x38464 -
(by ordinal) 0x33 0x42e2b8 0x38468 0x38468 -
(by ordinal) 0xf 0x42e2bc 0x3846c 0x3846c -
(by ordinal) 0x9 0x42e2c0 0x38470 0x38470 -
(by ordinal) 0xe 0x42e2c4 0x38474 0x38474 -
(by ordinal) 0xa 0x42e2c8 0x38478 0x38478 -
(by ordinal) 0x24 0x42e2cc 0x3847c 0x3847c -
(by ordinal) 0x23 0x42e2d0 0x38480 0x38480 -
(by ordinal) 0xb 0x42e2d4 0x38484 0x38484 -
(by ordinal) 0xd 0x42e2d8 0x38488 0x38488 -
(by ordinal) 0x12 0x42e2dc 0x3848c 0x3848c -
(by ordinal) 0x4 0x42e2e0 0x38490 0x38490 -
(by ordinal) 0x8 0x42e2e4 0x38494 0x38494 -
(by ordinal) 0x18 0x42e2e8 0x38498 0x38498 -
(by ordinal) 0x1a 0x42e2ec 0x3849c 0x3849c -
(by ordinal) 0x10 0x42e2f0 0x384a0 0x384a0 -
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image