e93cf7c4...3775 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 93/100
Dynamic Analysis Report
Classification: Dropper, Rootkit, Spyware, Downloader

e93cf7c4f464ff015bda21fed805744beaf2d631ccd7cc81eb8a434a5bc73775 (SHA256)

adobereader_dcupd_en_cra_install.exe

Windows Exe (x86-32)

Created at 2018-08-28 10:26:00

...

Notifications (2/3)

Some extracted files may be missing in the report since the total file extraction size limit was reached during the analysis. You can increase the limit in the configuration settings.

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

Code overwrite was observed during this analysis. Note that the analysis results may be affected by this modification by the sample.

Remarks

Some extracted files may be missing in the report since the total file extraction size limit was reached during the analysis. You can increase the limit in the configuration settings.

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

Filters:
Filename Category Type Severity Actions
C:\Program Files\Remote Utilities - Host\RIPCServer.dll Created File Binary
Suspicious
...
»
Mime Type application/x-dosexec
File Size 151.52 KB
MD5 435d9e1fd4b87308f0f91da25530d4ec Copy to Clipboard
SHA1 a9b0c513b930f4c2ef86cb75a8de1fe16eb6d996 Copy to Clipboard
SHA256 05040b677d7697b4f97da173c6c07146d3bde327833fd2022bf2cb67f90389ca Copy to Clipboard
SSDeep 3072:WvQPgrvHfETaxPSki7FlC+y/DPHSeqqSDUDPBcHnIO3gH:WvQovp07FGaXgH Copy to Clipboard
ImpHash 088d639a9cd7c3c4bf26cc23aed13933 Copy to Clipboard
File Reputation Information
»
Severity
Suspicious
First Seen 2017-03-29 02:52 (UTC+2)
Last Seen 2018-08-18 10:48 (UTC+2)
Names Win32.Rootkit.Remoteutilities
Families Remoteutilities
Classification Rootkit
PE Information
»
Image Base 0x13140000
Entry Point 0x1315d518
Size Of Code 0x1c000
Size Of Initialized Data 0x7800
File Type dll
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2017-03-27 15:14:45+00:00
Version Information (9)
»
LegalCopyright Copyright © 2017 Remote Utilities LLC. All rights reserved.
FileVersion 6.6.0.2
CompanyName Remote Utilities LLC
LegalTrademarks Remote Utilities LLC
Comments Remote Utilities unit
ProductName Remote Utilities
ProgramID com.remoteutilities.RIPCServer
ProductVersion 6.6.0.2
FileDescription Remote Utilities unit
Sections (10)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x13141000 0x1b9d0 0x1ba00 0x400 cnt_code, mem_execute, mem_read 6.42
.itext 0x1315d000 0x544 0x600 0x1be00 cnt_code, mem_execute, mem_read 5.75
.data 0x1315e000 0x1c40 0x1e00 0x1c400 cnt_initialized_data, mem_read, mem_write 4.1
.bss 0x13160000 0x5824 0x0 0x0 mem_read, mem_write 0.0
.idata 0x13166000 0xd44 0xe00 0x1e200 cnt_initialized_data, mem_read, mem_write 4.65
.didata 0x13167000 0x1f0 0x200 0x1f000 cnt_initialized_data, mem_read, mem_write 3.52
.edata 0x13168000 0x8f 0x200 0x1f200 cnt_initialized_data, mem_read 1.73
.rdata 0x13169000 0x45 0x200 0x1f400 cnt_initialized_data, mem_read 1.18
.reloc 0x1316a000 0x2ce4 0x2e00 0x1f600 cnt_initialized_data, mem_discardable, mem_read 6.43
.rsrc 0x1316d000 0x1800 0x1800 0x22400 cnt_initialized_data, mem_read 3.65
Imports (11)
»
oleaut32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x131662e4 0x260f0 0x1e2f0 0x0
SysReAllocStringLen 0x0 0x131662e8 0x260f4 0x1e2f4 0x0
SysAllocStringLen 0x0 0x131662ec 0x260f8 0x1e2f8 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExW 0x0 0x131662f4 0x26100 0x1e300 0x0
RegOpenKeyExW 0x0 0x131662f8 0x26104 0x1e304 0x0
RegCloseKey 0x0 0x131662fc 0x26108 0x1e308 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CharNextW 0x0 0x13166304 0x26110 0x1e310 0x0
LoadStringW 0x0 0x13166308 0x26114 0x1e314 0x0
kernel32.dll (42)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Sleep 0x0 0x13166310 0x2611c 0x1e31c 0x0
VirtualFree 0x0 0x13166314 0x26120 0x1e320 0x0
VirtualAlloc 0x0 0x13166318 0x26124 0x1e324 0x0
lstrlenW 0x0 0x1316631c 0x26128 0x1e328 0x0
VirtualQuery 0x0 0x13166320 0x2612c 0x1e32c 0x0
GetTickCount 0x0 0x13166324 0x26130 0x1e330 0x0
GetSystemInfo 0x0 0x13166328 0x26134 0x1e334 0x0
GetVersion 0x0 0x1316632c 0x26138 0x1e338 0x0
CompareStringW 0x0 0x13166330 0x2613c 0x1e33c 0x0
IsValidLocale 0x0 0x13166334 0x26140 0x1e340 0x0
SetThreadLocale 0x0 0x13166338 0x26144 0x1e344 0x0
GetSystemDefaultUILanguage 0x0 0x1316633c 0x26148 0x1e348 0x0
GetUserDefaultUILanguage 0x0 0x13166340 0x2614c 0x1e34c 0x0
GetLocaleInfoW 0x0 0x13166344 0x26150 0x1e350 0x0
WideCharToMultiByte 0x0 0x13166348 0x26154 0x1e354 0x0
MultiByteToWideChar 0x0 0x1316634c 0x26158 0x1e358 0x0
GetACP 0x0 0x13166350 0x2615c 0x1e35c 0x0
LoadLibraryExW 0x0 0x13166354 0x26160 0x1e360 0x0
GetStartupInfoW 0x0 0x13166358 0x26164 0x1e364 0x0
GetProcAddress 0x0 0x1316635c 0x26168 0x1e368 0x0
GetModuleHandleW 0x0 0x13166360 0x2616c 0x1e36c 0x0
GetModuleFileNameW 0x0 0x13166364 0x26170 0x1e370 0x0
GetCommandLineW 0x0 0x13166368 0x26174 0x1e374 0x0
FreeLibrary 0x0 0x1316636c 0x26178 0x1e378 0x0
GetLastError 0x0 0x13166370 0x2617c 0x1e37c 0x0
UnhandledExceptionFilter 0x0 0x13166374 0x26180 0x1e380 0x0
RtlUnwind 0x0 0x13166378 0x26184 0x1e384 0x0
RaiseException 0x0 0x1316637c 0x26188 0x1e388 0x0
ExitProcess 0x0 0x13166380 0x2618c 0x1e38c 0x0
ExitThread 0x0 0x13166384 0x26190 0x1e390 0x0
SwitchToThread 0x0 0x13166388 0x26194 0x1e394 0x0
GetCurrentThreadId 0x0 0x1316638c 0x26198 0x1e398 0x0
CreateThread 0x0 0x13166390 0x2619c 0x1e39c 0x0
DeleteCriticalSection 0x0 0x13166394 0x261a0 0x1e3a0 0x0
LeaveCriticalSection 0x0 0x13166398 0x261a4 0x1e3a4 0x0
EnterCriticalSection 0x0 0x1316639c 0x261a8 0x1e3a8 0x0
InitializeCriticalSection 0x0 0x131663a0 0x261ac 0x1e3ac 0x0
FindFirstFileW 0x0 0x131663a4 0x261b0 0x1e3b0 0x0
FindClose 0x0 0x131663a8 0x261b4 0x1e3b4 0x0
WriteFile 0x0 0x131663ac 0x261b8 0x1e3b8 0x0
GetStdHandle 0x0 0x131663b0 0x261bc 0x1e3bc 0x0
CloseHandle 0x0 0x131663b4 0x261c0 0x1e3c0 0x0
kernel32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetProcAddress 0x0 0x131663bc 0x261c8 0x1e3c8 0x0
RaiseException 0x0 0x131663c0 0x261cc 0x1e3cc 0x0
LoadLibraryA 0x0 0x131663c4 0x261d0 0x1e3d0 0x0
GetLastError 0x0 0x131663c8 0x261d4 0x1e3d4 0x0
TlsSetValue 0x0 0x131663cc 0x261d8 0x1e3d8 0x0
TlsGetValue 0x0 0x131663d0 0x261dc 0x1e3dc 0x0
TlsFree 0x0 0x131663d4 0x261e0 0x1e3e0 0x0
TlsAlloc 0x0 0x131663d8 0x261e4 0x1e3e4 0x0
LocalFree 0x0 0x131663dc 0x261e8 0x1e3e8 0x0
LocalAlloc 0x0 0x131663e0 0x261ec 0x1e3ec 0x0
FreeLibrary 0x0 0x131663e4 0x261f0 0x1e3f0 0x0
user32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxW 0x0 0x131663ec 0x261f8 0x1e3f8 0x0
LoadStringW 0x0 0x131663f0 0x261fc 0x1e3fc 0x0
GetSystemMetrics 0x0 0x131663f4 0x26200 0x1e400 0x0
CharUpperBuffW 0x0 0x131663f8 0x26204 0x1e404 0x0
CharUpperW 0x0 0x131663fc 0x26208 0x1e408 0x0
CharLowerBuffW 0x0 0x13166400 0x2620c 0x1e40c 0x0
version.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VerQueryValueW 0x0 0x13166408 0x26214 0x1e414 0x0
GetFileVersionInfoSizeW 0x0 0x1316640c 0x26218 0x1e418 0x0
GetFileVersionInfoW 0x0 0x13166410 0x2621c 0x1e41c 0x0
kernel32.dll (38)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteProcessMemory 0x0 0x13166418 0x26224 0x1e424 0x0
WriteFile 0x0 0x1316641c 0x26228 0x1e428 0x0
WideCharToMultiByte 0x0 0x13166420 0x2622c 0x1e42c 0x0
WaitForSingleObject 0x0 0x13166424 0x26230 0x1e430 0x0
VirtualQuery 0x0 0x13166428 0x26234 0x1e434 0x0
VirtualAllocEx 0x0 0x1316642c 0x26238 0x1e438 0x0
VerSetConditionMask 0x0 0x13166430 0x2623c 0x1e43c 0x0
VerifyVersionInfoW 0x0 0x13166434 0x26240 0x1e440 0x0
SuspendThread 0x0 0x13166438 0x26244 0x1e444 0x0
SetThreadContext 0x0 0x1316643c 0x26248 0x1e448 0x0
SetEvent 0x0 0x13166440 0x2624c 0x1e44c 0x0
ResumeThread 0x0 0x13166444 0x26250 0x1e450 0x0
ResetEvent 0x0 0x13166448 0x26254 0x1e454 0x0
ReadFile 0x0 0x1316644c 0x26258 0x1e458 0x0
IsValidLocale 0x0 0x13166450 0x2625c 0x1e45c 0x0
GetVersionExW 0x0 0x13166454 0x26260 0x1e460 0x0
GetThreadLocale 0x0 0x13166458 0x26264 0x1e464 0x0
GetThreadContext 0x0 0x1316645c 0x26268 0x1e468 0x0
GetStdHandle 0x0 0x13166460 0x2626c 0x1e46c 0x0
GetProcAddress 0x0 0x13166464 0x26270 0x1e470 0x0
GetModuleHandleW 0x0 0x13166468 0x26274 0x1e474 0x0
GetModuleFileNameW 0x0 0x1316646c 0x26278 0x1e478 0x0
GetLocaleInfoW 0x0 0x13166470 0x2627c 0x1e47c 0x0
GetLocalTime 0x0 0x13166474 0x26280 0x1e480 0x0
GetDiskFreeSpaceW 0x0 0x13166478 0x26284 0x1e484 0x0
GetCurrentProcessId 0x0 0x1316647c 0x26288 0x1e488 0x0
GetCPInfo 0x0 0x13166480 0x2628c 0x1e48c 0x0
FreeLibrary 0x0 0x13166484 0x26290 0x1e490 0x0
FlushFileBuffers 0x0 0x13166488 0x26294 0x1e494 0x0
EnumSystemLocalesW 0x0 0x1316648c 0x26298 0x1e498 0x0
EnumCalendarInfoW 0x0 0x13166490 0x2629c 0x1e49c 0x0
DisconnectNamedPipe 0x0 0x13166494 0x262a0 0x1e4a0 0x0
CreateProcessW 0x0 0x13166498 0x262a4 0x1e4a4 0x0
CreateNamedPipeW 0x0 0x1316649c 0x262a8 0x1e4a8 0x0
CreateEventW 0x0 0x131664a0 0x262ac 0x1e4ac 0x0
ConnectNamedPipe 0x0 0x131664a4 0x262b0 0x1e4b0 0x0
CompareStringW 0x0 0x131664a8 0x262b4 0x1e4b4 0x0
CloseHandle 0x0 0x131664ac 0x262b8 0x1e4b8 0x0
netapi32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NetWkstaGetInfo 0x0 0x131664b4 0x262c0 0x1e4c0 0x0
ntdll.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ZwQueryInformationProcess 0x0 0x131664bc 0x262c8 0x1e4c8 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OpenThread 0x0 0x131664c4 0x262d0 0x1e4d0 0x0
Thread32Next 0x0 0x131664c8 0x262d4 0x1e4d4 0x0
Thread32First 0x0 0x131664cc 0x262d8 0x1e4d8 0x0
CreateToolhelp32Snapshot 0x0 0x131664d0 0x262dc 0x1e4dc 0x0
Exports (3)
»
Api name EAT Address Ordinal
InjectIntoProcess 0x1a0a8 0x3
__dbk_fcall_wrapper 0xb1b0 0x2
dbkFCallWrapperAddr 0x235a4 0x1
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\info Created File Image
Whitelisted
...
»
Mime Type image/x-icon
File Size 1.05 KB
MD5 554ff4c199562515d758c9abff5c2943 Copy to Clipboard
SHA1 9e3bab3a975e638ead9e03731ae82fa1dbcd178c Copy to Clipboard
SHA256 9ae4a96bf2a349667e844acc1e2ac4f89361a6182268438f4d063df3a6fc47bc Copy to Clipboard
SSDeep 12:hEipI3VFpSyZ9I7imddddGDxxOxzma3ZmRgRtqVtipMLXwHqfM:hEigFpTz1xA6aJmRgwi6LgHcM Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2013-02-09 15:07 (UTC+1)
Last Seen 2018-08-02 15:18 (UTC+2)
C:\Program Files\Remote Utilities - Host\Italian.lg Created File Text
Whitelisted
...
»
Mime Type text/plain
File Size 54.97 KB
MD5 dfcc06cd5e145a631806c1d011ad0fba Copy to Clipboard
SHA1 d53236889246db20ad22f4811d24c7257c9b635d Copy to Clipboard
SHA256 9848f250729fe0a81118aa027592ad0ef98d8428e808fa7bafa0903a93c4d94b Copy to Clipboard
SSDeep 384:Sm01Cwq1dgmzJFUr8jmu3xwZBdGsWbITzqlf288Fuz2O5qi4NZhhia2nQec7b8wH:EkcIzSiGwarec7IDVmA8eY Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2017-09-06 03:24 (UTC+2)
Last Seen 2018-08-18 10:48 (UTC+2)
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\exclamation.ico Created File Image
Whitelisted
...
»
Mime Type image/x-icon
File Size 13.12 KB
MD5 93d722fa20a988a5c257a58bf155dc66 Copy to Clipboard
SHA1 30c0d19f02cb39f8804dafe6af483a09c76e2338 Copy to Clipboard
SHA256 f587867eed0bec33ef150f3a8525bde9b6746c705543874e56653aa80ea53225 Copy to Clipboard
SSDeep 96:KYvlkFEXFYU2+yCvIFA13cJ/rrrrrpbEn5UnanjPRZfZy1wvI8:bVXuzd6IF0czwNPDZfI8 Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2014-04-18 04:48 (UTC+2)
Last Seen 2018-08-27 23:10 (UTC+2)
C:\Program Files\Remote Utilities - Host\vp8encoder.dll Created File Binary
Whitelisted
...
»
Mime Type application/x-dosexec
File Size 1.57 MB
MD5 3e6c2703e1c8b6b2b3512aff48099462 Copy to Clipboard
SHA1 b17a7f9cce16540b1f0e3dceae9dc7e8e855cb1b Copy to Clipboard
SHA256 616a0047b5f28a071fc26dd9b0fd90d5110c77a3635565cebc24b6362d8c9844 Copy to Clipboard
SSDeep 49152:iSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSvSSSSSSSSSSSSSSSlwwwwwwwwwwwwwwf:iSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS1 Copy to Clipboard
ImpHash 378381e4872be8b616dde881bf9064fa Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2017-03-29 05:07 (UTC+2)
Last Seen 2018-08-18 10:48 (UTC+2)
PE Information
»
Image Base 0x10000000
Entry Point 0x10132ab8
Size Of Code 0x14fc00
Size Of Initialized Data 0x73e00
File Type dll
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2015-01-30 19:20:29+00:00
Version Information (8)
»
LegalCopyright Copyright (C) 2013
InternalName vp8encoder
FileVersion 1, 0, 4, 1
CompanyName Google
ProductName WebM VP8 Encoder Filter
ProductVersion 1, 0, 4, 1
FileDescription WebM VP8 Encoder Filter
OriginalFilename vp8encoder.dll
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x14fbad 0x14fc00 0x400 cnt_code, mem_execute, mem_read 6.66
.rdata 0x10151000 0x2fa84 0x2fc00 0x150000 cnt_initialized_data, mem_read 5.72
.data 0x10181000 0x37224 0x2200 0x17fc00 cnt_initialized_data, mem_read, mem_write 4.3
.rodata 0x101b9000 0x1100 0x1200 0x181e00 cnt_initialized_data, mem_read 4.13
.rsrc 0x101bb000 0x37c0 0x3800 0x183000 cnt_initialized_data, mem_read 4.59
.reloc 0x101bf000 0x83cc 0x8400 0x186800 cnt_initialized_data, mem_discardable, mem_read 6.73
Imports (6)
»
KERNEL32.dll (81)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateEventW 0x0 0x10151018 0x1800cc 0x17f0cc 0xb6
QueryPerformanceCounter 0x0 0x1015101c 0x1800d0 0x17f0d0 0x42d
WaitForSingleObject 0x0 0x10151020 0x1800d4 0x17f0d4 0x5a9
ReleaseSemaphore 0x0 0x10151024 0x1800d8 0x17f0d8 0x48f
QueryPerformanceFrequency 0x0 0x10151028 0x1800dc 0x17f0dc 0x42e
InitializeCriticalSection 0x0 0x1015102c 0x1800e0 0x17f0e0 0x347
LeaveCriticalSection 0x0 0x10151030 0x1800e4 0x17f0e4 0x3a2
EnterCriticalSection 0x0 0x10151034 0x1800e8 0x17f0e8 0x125
DeleteCriticalSection 0x0 0x10151038 0x1800ec 0x17f0ec 0x105
Sleep 0x0 0x1015103c 0x1800f0 0x17f0f0 0x550
CreateSemaphoreW 0x0 0x10151040 0x1800f4 0x17f0f4 0xe1
GetModuleHandleW 0x0 0x10151044 0x1800f8 0x17f0f8 0x267
GetProcAddress 0x0 0x10151048 0x1800fc 0x17f0fc 0x29d
GetSystemInfo 0x0 0x1015104c 0x180100 0x17f100 0x2d0
SetThreadPriority 0x0 0x10151050 0x180104 0x17f104 0x533
SetEvent 0x0 0x10151054 0x180108 0x17f108 0x4ef
LocalFree 0x0 0x10151058 0x18010c 0x17f10c 0x3b2
CreateFileW 0x0 0x1015105c 0x180110 0x17f110 0xc2
FlushFileBuffers 0x0 0x10151060 0x180114 0x17f114 0x192
WriteConsoleW 0x0 0x10151064 0x180118 0x17f118 0x5de
SetStdHandle 0x0 0x10151068 0x18011c 0x17f11c 0x520
SetEnvironmentVariableA 0x0 0x1015106c 0x180120 0x17f120 0x4ec
OutputDebugStringW 0x0 0x10151070 0x180124 0x17f124 0x3fa
SetFilePointerEx 0x0 0x10151074 0x180128 0x17f128 0x4fc
EnumSystemLocalesW 0x0 0x10151078 0x18012c 0x17f12c 0x147
GetUserDefaultLCID 0x0 0x1015107c 0x180130 0x17f130 0x2fc
IsValidLocale 0x0 0x10151080 0x180134 0x17f134 0x374
GetLocaleInfoW 0x0 0x10151084 0x180138 0x17f138 0x254
CloseHandle 0x0 0x10151088 0x18013c 0x17f13c 0x7f
ReleaseMutex 0x0 0x1015108c 0x180140 0x17f140 0x48b
CreateMutexW 0x0 0x10151090 0x180144 0x17f144 0xd1
GetModuleFileNameW 0x0 0x10151094 0x180148 0x17f148 0x263
SetLastError 0x0 0x10151098 0x18014c 0x17f14c 0x50a
GetLastError 0x0 0x1015109c 0x180150 0x17f150 0x250
MultiByteToWideChar 0x0 0x101510a0 0x180154 0x17f154 0x3d1
LCMapStringW 0x0 0x101510a4 0x180158 0x17f158 0x396
CompareStringW 0x0 0x101510a8 0x18015c 0x17f15c 0x93
GetConsoleMode 0x0 0x101510ac 0x180160 0x17f160 0x1ee
GetConsoleCP 0x0 0x101510b0 0x180164 0x17f164 0x1dc
TlsFree 0x0 0x101510b4 0x180168 0x17f168 0x572
TlsSetValue 0x0 0x101510b8 0x18016c 0x17f16c 0x574
TlsGetValue 0x0 0x101510bc 0x180170 0x17f170 0x573
TlsAlloc 0x0 0x101510c0 0x180174 0x17f174 0x571
EncodePointer 0x0 0x101510c4 0x180178 0x17f178 0x121
DecodePointer 0x0 0x101510c8 0x18017c 0x17f17c 0xfe
HeapFree 0x0 0x101510cc 0x180180 0x17f180 0x333
HeapAlloc 0x0 0x101510d0 0x180184 0x17f184 0x32f
GetCommandLineA 0x0 0x101510d4 0x180188 0x17f188 0x1c8
GetCurrentThreadId 0x0 0x101510d8 0x18018c 0x17f18c 0x20e
RtlUnwind 0x0 0x101510dc 0x180190 0x17f190 0x4ac
HeapReAlloc 0x0 0x101510e0 0x180194 0x17f194 0x336
CreateThread 0x0 0x101510e4 0x180198 0x17f198 0xe8
ExitThread 0x0 0x101510e8 0x18019c 0x17f19c 0x152
LoadLibraryExW 0x0 0x101510ec 0x1801a0 0x17f1a0 0x3a7
IsDebuggerPresent 0x0 0x101510f0 0x1801a4 0x17f1a4 0x367
IsProcessorFeaturePresent 0x0 0x101510f4 0x1801a8 0x17f1a8 0x36d
ExitProcess 0x0 0x101510f8 0x1801ac 0x17f1ac 0x151
GetModuleHandleExW 0x0 0x101510fc 0x1801b0 0x17f1b0 0x266
WideCharToMultiByte 0x0 0x10151100 0x1801b4 0x17f1b4 0x5cb
HeapSize 0x0 0x10151104 0x1801b8 0x17f1b8 0x338
RaiseException 0x0 0x10151108 0x1801bc 0x17f1bc 0x43f
IsValidCodePage 0x0 0x1015110c 0x1801c0 0x17f1c0 0x372
GetACP 0x0 0x10151110 0x1801c4 0x17f1c4 0x1a4
GetOEMCP 0x0 0x10151114 0x1801c8 0x17f1c8 0x286
GetCPInfo 0x0 0x10151118 0x1801cc 0x17f1cc 0x1b3
GetStringTypeW 0x0 0x1015111c 0x1801d0 0x17f1d0 0x2c5
GetProcessHeap 0x0 0x10151120 0x1801d4 0x17f1d4 0x2a2
GetStdHandle 0x0 0x10151124 0x1801d8 0x17f1d8 0x2c0
WriteFile 0x0 0x10151128 0x1801dc 0x17f1dc 0x5df
GetFileType 0x0 0x1015112c 0x1801e0 0x17f1e0 0x23e
GetStartupInfoW 0x0 0x10151130 0x1801e4 0x17f1e4 0x2be
GetModuleFileNameA 0x0 0x10151134 0x1801e8 0x17f1e8 0x262
GetCurrentProcessId 0x0 0x10151138 0x1801ec 0x17f1ec 0x20a
GetSystemTimeAsFileTime 0x0 0x1015113c 0x1801f0 0x17f1f0 0x2d6
GetEnvironmentStringsW 0x0 0x10151140 0x1801f4 0x17f1f4 0x227
FreeEnvironmentStringsW 0x0 0x10151144 0x1801f8 0x17f1f8 0x19d
UnhandledExceptionFilter 0x0 0x10151148 0x1801fc 0x17f1fc 0x580
SetUnhandledExceptionFilter 0x0 0x1015114c 0x180200 0x17f200 0x541
InitializeCriticalSectionAndSpinCount 0x0 0x10151150 0x180204 0x17f204 0x348
GetCurrentProcess 0x0 0x10151154 0x180208 0x17f208 0x209
TerminateProcess 0x0 0x10151158 0x18020c 0x17f20c 0x55f
USER32.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DestroyWindow 0x0 0x10151178 0x18022c 0x17f22c 0xad
GetWindowRect 0x0 0x1015117c 0x180230 0x17f230 0x1cb
InvalidateRect 0x0 0x10151180 0x180234 0x17f234 0x1ef
GetWindowLongW 0x0 0x10151184 0x180238 0x17f238 0x1c5
SetRectEmpty 0x0 0x10151188 0x18023c 0x17f23c 0x2f4
SetWindowLongW 0x0 0x1015118c 0x180240 0x17f240 0x30d
GetDesktopWindow 0x0 0x10151190 0x180244 0x17f244 0x137
ShowWindow 0x0 0x10151194 0x180248 0x17f248 0x320
CreateDialogParamW 0x0 0x10151198 0x18024c 0x17f24c 0x66
MessageBoxW 0x0 0x1015119c 0x180250 0x17f250 0x24d
GetDlgItemTextW 0x0 0x101511a0 0x180254 0x17f254 0x13f
SetDlgItemTextW 0x0 0x101511a4 0x180258 0x17f258 0x2d2
SendMessageW 0x0 0x101511a8 0x18025c 0x17f25c 0x2bc
MoveWindow 0x0 0x101511ac 0x180260 0x17f260 0x253
GetDlgItem 0x0 0x101511b0 0x180264 0x17f264 0x13c
ADVAPI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey 0x0 0x10151000 0x1800b4 0x17f0b4 0x254
RegOpenKeyExW 0x0 0x10151004 0x1800b8 0x17f0b8 0x285
RegQueryValueExW 0x0 0x10151008 0x1800bc 0x17f0bc 0x292
RegCreateKeyExW 0x0 0x1015100c 0x1800c0 0x17f0c0 0x25d
RegSetValueExW 0x0 0x10151010 0x1800c4 0x17f0c4 0x2a2
ole32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleRun 0x0 0x101511b8 0x18026c 0x17f26c 0x174
CoTaskMemAlloc 0x0 0x101511bc 0x180270 0x17f270 0x7a
StringFromGUID2 0x0 0x101511c0 0x180274 0x17f274 0x1ba
CoWaitForMultipleHandles 0x0 0x101511c4 0x180278 0x17f278 0x86
CoTaskMemFree 0x0 0x101511c8 0x18027c 0x17f27c 0x7b
CoCreateInstance 0x0 0x101511cc 0x180280 0x17f280 0x1a
OLEAUT32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegisterTypeLib 0xa3 0x10151160 0x180214 0x17f214 -
UnRegisterTypeLib 0xba 0x10151164 0x180218 0x17f218 -
LoadTypeLib 0xa1 0x10151168 0x18021c 0x17f21c -
SHLWAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHDeleteKeyW 0x0 0x10151170 0x180224 0x17f224 0xb8
Exports (4)
»
Api name EAT Address Ordinal
DllCanUnloadNow 0x30ec0 0x1
DllGetClassObject 0x30ed0 0x2
DllRegisterServer 0x31060 0x3
DllUnregisterServer 0x30f40 0x4
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\Program Files\Remote Utilities - Host\Dutch.lg Created File Text
Whitelisted
...
»
Mime Type text/plain
File Size 55.85 KB
MD5 00c905e8da73cf386c210d28e3797f6c Copy to Clipboard
SHA1 512b1c68ad520bbd77733cf71e376333c509c183 Copy to Clipboard
SHA256 83813ca174f76a126e05f6cca58be24ce2a48a2632e9bf6bfa46a353d01111b6 Copy to Clipboard
SSDeep 384:SKgzSDh81zMEAgcj6Av24RMDQDLXedTvjq0RjD8ZbK6BmmhWYpjUwkQZQuxtWv6M:SY21zVg+aeq0Rv8ZbnTFaObLfWucLOmD Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2017-09-06 03:24 (UTC+2)
Last Seen 2018-08-18 10:48 (UTC+2)
C:\Program Files\Remote Utilities - Host\Turkish.lg Created File Text
Whitelisted
...
»
Mime Type text/plain
File Size 54.52 KB
MD5 8a4b15f09ab2301fdbf99acd5274bf88 Copy to Clipboard
SHA1 88bee09f9690dce0f323909d53525f60e076e854 Copy to Clipboard
SHA256 00d3aa64e2afe9b92f2d13255a86eee0f289d9d257229289de0e2020626f0508 Copy to Clipboard
SSDeep 768:aE0cXwLfmn/ft4QtV82UByhgrhfOXXVLbxcmH6Aa7Tvf:aqXw4HRO1fOXXVLbD6Aa7Tvf Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2017-09-06 03:24 (UTC+2)
Last Seen 2018-08-18 10:48 (UTC+2)
C:\Program Files\Remote Utilities - Host\Hebrew.lg Created File Text
Whitelisted
...
»
Mime Type text/plain
File Size 46.78 KB
MD5 516352f3ff5dc96d8cfbd6abf069aabd Copy to Clipboard
SHA1 b52524bec89b956fba232d7a72205e63e029d5d0 Copy to Clipboard
SHA256 6387f12ff599445016b7f5b191170f077fe50c8b986a7d9650abfb7ccb6377f5 Copy to Clipboard
SSDeep 384:XncbAZHwCIo7HKInFzEnac+Q8ZUUBIbN08bZavbiSoBV205ZT1xD1O8Vcm+yWQRJ:m8QSQp7hNRMho9H Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2017-09-06 03:24 (UTC+2)
Last Seen 2018-08-18 10:48 (UTC+2)
C:\Users\EEBsYm5\Desktop\adobereader_dcupd_en_cra_install.exe Sample File Binary
Unknown
...
»
Mime Type application/x-dosexec
File Size 2.41 MB
MD5 eda8e4f2df81e0ba5b88d73de9779205 Copy to Clipboard
SHA1 485163ba7eb1ba74030c9be2222a183643595c36 Copy to Clipboard
SHA256 e93cf7c4f464ff015bda21fed805744beaf2d631ccd7cc81eb8a434a5bc73775 Copy to Clipboard
SSDeep 49152:hgH1mzGSx+/QYSP73v8QRILjWyRP86voSsl3xonRD8PuLjLhPSJ+SkJA:hgH1sGSxiQYSP7U1vds11WHLhPD9K Copy to Clipboard
ImpHash 9eff7a1b294d31fdb90f8bb40cef7a47 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4c8dac
Size Of Code 0xffe00
Size Of Initialized Data 0x74a00
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2014-11-11 09:52:49+00:00
Version Information (8)
»
LegalCopyright Copyright (C) 2018 Adobe
InternalName readerupd_en_xa_cra_install
FileVersion 12.0.1
CompanyName Adobe
ProductName Adobe Reader
ProductVersion 12.0.1
FileDescription This installer database contains the logic and data required to install Adobe Reader.
OriginalFileName readerupd_en_xa_cra_install.exe
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xffce2 0xffe00 0x400 cnt_code, mem_execute, mem_read 6.61
.rdata 0x501000 0x3e7ce 0x3e800 0x100200 cnt_initialized_data, mem_read 4.42
.data 0x540000 0x9e08 0x3400 0x13ea00 cnt_initialized_data, mem_read, mem_write 4.35
.rsrc 0x54a000 0x1a9e8 0x1aa00 0x141e00 cnt_initialized_data, mem_read 5.45
.reloc 0x565000 0x18292 0x18400 0x15c800 cnt_initialized_data, mem_discardable, mem_read 5.24
Imports (15)
»
KERNEL32.dll (164)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GlobalUnlock 0x0 0x501174 0x13d230 0x13c430 0x2c5
GetModuleFileNameW 0x0 0x501178 0x13d234 0x13c434 0x214
InterlockedIncrement 0x0 0x50117c 0x13d238 0x13c438 0x2ef
InterlockedDecrement 0x0 0x501180 0x13d23c 0x13c43c 0x2eb
CompareStringW 0x0 0x501184 0x13d240 0x13c440 0x64
GetDriveTypeW 0x0 0x501188 0x13d244 0x13c444 0x1d3
lstrcmpiW 0x0 0x50118c 0x13d248 0x13c448 0x545
GetVersionExW 0x0 0x501190 0x13d24c 0x13c44c 0x2a4
lstrlenW 0x0 0x501194 0x13d250 0x13c450 0x54e
FreeLibrary 0x0 0x501198 0x13d254 0x13c454 0x162
LoadLibraryW 0x0 0x50119c 0x13d258 0x13c458 0x33f
CreateDirectoryW 0x0 0x5011a0 0x13d25c 0x13c45c 0x81
GetCurrentProcessId 0x0 0x5011a4 0x13d260 0x13c460 0x1c1
GetExitCodeThread 0x0 0x5011a8 0x13d264 0x13c464 0x1e0
SetEvent 0x0 0x5011ac 0x13d268 0x13c468 0x459
CreateEventW 0x0 0x5011b0 0x13d26c 0x13c46c 0x85
GlobalLock 0x0 0x5011b4 0x13d270 0x13c470 0x2be
GlobalAlloc 0x0 0x5011b8 0x13d274 0x13c474 0x2b3
lstrcmpW 0x0 0x5011bc 0x13d278 0x13c478 0x542
GetFileSize 0x0 0x5011c0 0x13d27c 0x13c47c 0x1f0
SetStdHandle 0x0 0x5011c4 0x13d280 0x13c480 0x487
WriteConsoleW 0x0 0x5011c8 0x13d284 0x13c484 0x524
WriteConsoleA 0x0 0x5011cc 0x13d288 0x13c488 0x51a
GetModuleHandleA 0x0 0x5011d0 0x13d28c 0x13c48c 0x215
InitializeCriticalSectionAndSpinCount 0x0 0x5011d4 0x13d290 0x13c490 0x2e3
GetStringTypeA 0x0 0x5011d8 0x13d294 0x13c494 0x266
IsValidLocale 0x0 0x5011dc 0x13d298 0x13c498 0x30c
EnumSystemLocalesA 0x0 0x5011e0 0x13d29c 0x13c49c 0x10d
GetUserDefaultLCID 0x0 0x5011e4 0x13d2a0 0x13c4a0 0x29b
GetConsoleMode 0x0 0x5011e8 0x13d2a4 0x13c4a4 0x1ac
GetConsoleCP 0x0 0x5011ec 0x13d2a8 0x13c4a8 0x19a
GetTickCount 0x0 0x5011f0 0x13d2ac 0x13c4ac 0x293
QueryPerformanceCounter 0x0 0x5011f4 0x13d2b0 0x13c4b0 0x3a7
GetStartupInfoA 0x0 0x5011f8 0x13d2b4 0x13c4b4 0x262
SetLastError 0x0 0x5011fc 0x13d2b8 0x13c4b8 0x473
SetHandleCount 0x0 0x501200 0x13d2bc 0x13c4bc 0x46f
GetEnvironmentStringsW 0x0 0x501204 0x13d2c0 0x13c4c0 0x1da
FreeEnvironmentStringsW 0x0 0x501208 0x13d2c4 0x13c4c4 0x161
IsValidCodePage 0x0 0x50120c 0x13d2c8 0x13c4c8 0x30a
GetOEMCP 0x0 0x501210 0x13d2cc 0x13c4cc 0x237
GetACP 0x0 0x501214 0x13d2d0 0x13c4d0 0x168
HeapCreate 0x0 0x501218 0x13d2d4 0x13c4d4 0x2cd
ReadFile 0x0 0x50121c 0x13d2d8 0x13c4d8 0x3c0
LCMapStringA 0x0 0x501220 0x13d2dc 0x13c4dc 0x32b
GetCPInfo 0x0 0x501224 0x13d2e0 0x13c4e0 0x172
RtlUnwind 0x0 0x501228 0x13d2e4 0x13c4e4 0x418
ExitProcess 0x0 0x50122c 0x13d2e8 0x13c4e8 0x119
TlsFree 0x0 0x501230 0x13d2ec 0x13c4ec 0x4c6
TlsSetValue 0x0 0x501234 0x13d2f0 0x13c4f0 0x4c8
LoadLibraryA 0x0 0x501238 0x13d2f4 0x13c4f4 0x33c
TlsGetValue 0x0 0x50123c 0x13d2f8 0x13c4f8 0x4c7
GetStartupInfoW 0x0 0x501240 0x13d2fc 0x13c4fc 0x263
GetSystemTimeAsFileTime 0x0 0x501244 0x13d300 0x13c500 0x279
IsDebuggerPresent 0x0 0x501248 0x13d304 0x13c504 0x300
UnhandledExceptionFilter 0x0 0x50124c 0x13d308 0x13c508 0x4d3
TerminateProcess 0x0 0x501250 0x13d30c 0x13c50c 0x4c0
HeapSize 0x0 0x501254 0x13d310 0x13c510 0x2d4
HeapReAlloc 0x0 0x501258 0x13d314 0x13c514 0x2d2
HeapDestroy 0x0 0x50125c 0x13d318 0x13c518 0x2ce
VirtualAlloc 0x0 0x501260 0x13d31c 0x13c51c 0x4e9
VirtualFree 0x0 0x501264 0x13d320 0x13c520 0x4ec
IsProcessorFeaturePresent 0x0 0x501268 0x13d324 0x13c524 0x304
HeapAlloc 0x0 0x50126c 0x13d328 0x13c528 0x2cb
GetProcessHeap 0x0 0x501270 0x13d32c 0x13c52c 0x24a
HeapFree 0x0 0x501274 0x13d330 0x13c530 0x2cf
InterlockedCompareExchange 0x0 0x501278 0x13d334 0x13c534 0x2e9
PeekNamedPipe 0x0 0x50127c 0x13d338 0x13c538 0x38d
OpenEventW 0x0 0x501280 0x13d33c 0x13c53c 0x375
SearchPathW 0x0 0x501284 0x13d340 0x13c540 0x41d
GetLocaleInfoA 0x0 0x501288 0x13d344 0x13c544 0x204
GetStringTypeW 0x0 0x50128c 0x13d348 0x13c548 0x269
ConnectNamedPipe 0x0 0x501290 0x13d34c 0x13c54c 0x65
CreateNamedPipeW 0x0 0x501294 0x13d350 0x13c550 0xa0
ResetEvent 0x0 0x501298 0x13d354 0x13c554 0x40f
MoveFileW 0x0 0x50129c 0x13d358 0x13c558 0x363
TerminateThread 0x0 0x5012a0 0x13d35c 0x13c55c 0x4c1
GetSystemDirectoryW 0x0 0x5012a4 0x13d360 0x13c560 0x270
GetLocalTime 0x0 0x5012a8 0x13d364 0x13c564 0x203
OutputDebugStringW 0x0 0x5012ac 0x13d368 0x13c568 0x38a
GlobalMemoryStatus 0x0 0x5012b0 0x13d36c 0x13c56c 0x2bf
GetVersion 0x0 0x5012b4 0x13d370 0x13c570 0x2a2
Process32NextW 0x0 0x5012b8 0x13d374 0x13c574 0x398
Process32FirstW 0x0 0x5012bc 0x13d378 0x13c578 0x396
CreateToolhelp32Snapshot 0x0 0x5012c0 0x13d37c 0x13c57c 0xbe
GetWindowsDirectoryW 0x0 0x5012c4 0x13d380 0x13c580 0x2af
GetUserDefaultLangID 0x0 0x5012c8 0x13d384 0x13c584 0x29c
GetSystemDefaultLangID 0x0 0x5012cc 0x13d388 0x13c588 0x26c
GlobalFree 0x0 0x5012d0 0x13d38c 0x13c58c 0x2ba
GetTempPathW 0x0 0x5012d4 0x13d390 0x13c590 0x285
GetTempPathA 0x0 0x5012d8 0x13d394 0x13c594 0x284
GetSystemTime 0x0 0x5012dc 0x13d398 0x13c598 0x277
GetTempFileNameW 0x0 0x5012e0 0x13d39c 0x13c59c 0x283
DeleteFileW 0x0 0x5012e4 0x13d3a0 0x13c5a0 0xd6
GetTempFileNameA 0x0 0x5012e8 0x13d3a4 0x13c5a4 0x282
DeleteFileA 0x0 0x5012ec 0x13d3a8 0x13c5a8 0xd3
FindFirstFileW 0x0 0x5012f0 0x13d3ac 0x13c5ac 0x139
RemoveDirectoryW 0x0 0x5012f4 0x13d3b0 0x13c5b0 0x403
FindNextFileW 0x0 0x5012f8 0x13d3b4 0x13c5b4 0x145
GetLogicalDriveStringsW 0x0 0x5012fc 0x13d3b8 0x13c5b8 0x208
GetFileAttributesW 0x0 0x501300 0x13d3bc 0x13c5bc 0x1ea
CreateFileA 0x0 0x501304 0x13d3c0 0x13c5c0 0x88
SetFileAttributesW 0x0 0x501308 0x13d3c4 0x13c5c4 0x461
WaitForMultipleObjects 0x0 0x50130c 0x13d3c8 0x13c5c8 0x4f7
GetSystemInfo 0x0 0x501310 0x13d3cc 0x13c5cc 0x273
InterlockedExchange 0x0 0x501314 0x13d3d0 0x13c5d0 0x2ec
WideCharToMultiByte 0x0 0x501318 0x13d3d4 0x13c5d4 0x511
LoadLibraryExW 0x0 0x50131c 0x13d3d8 0x13c5d8 0x33e
MultiByteToWideChar 0x0 0x501320 0x13d3dc 0x13c5dc 0x367
FindClose 0x0 0x501324 0x13d3e0 0x13c5e0 0x12e
CopyFileW 0x0 0x501328 0x13d3e4 0x13c5e4 0x75
LCMapStringW 0x0 0x50132c 0x13d3e8 0x13c5e8 0x32d
GetDiskFreeSpaceExW 0x0 0x501330 0x13d3ec 0x13c5ec 0x1ce
Sleep 0x0 0x501334 0x13d3f0 0x13c5f0 0x4b2
GetLastError 0x0 0x501338 0x13d3f4 0x13c5f4 0x202
GetCurrentThreadId 0x0 0x50133c 0x13d3f8 0x13c5f8 0x1c5
WaitForSingleObject 0x0 0x501340 0x13d3fc 0x13c5fc 0x4f9
MulDiv 0x0 0x501344 0x13d400 0x13c600 0x366
lstrcpynW 0x0 0x501348 0x13d404 0x13c604 0x54b
FindResourceExW 0x0 0x50134c 0x13d408 0x13c608 0x14d
FindResourceW 0x0 0x501350 0x13d40c 0x13c60c 0x14e
LoadResource 0x0 0x501354 0x13d410 0x13c610 0x341
LockResource 0x0 0x501358 0x13d414 0x13c614 0x354
SizeofResource 0x0 0x50135c 0x13d418 0x13c618 0x4b1
GetLocaleInfoW 0x0 0x501360 0x13d41c 0x13c61c 0x206
EnumResourceLanguagesW 0x0 0x501364 0x13d420 0x13c620 0xfe
SetEndOfFile 0x0 0x501368 0x13d424 0x13c624 0x453
SetCurrentDirectoryW 0x0 0x50136c 0x13d428 0x13c628 0x44d
GetCommandLineW 0x0 0x501370 0x13d42c 0x13c62c 0x187
UnlockFile 0x0 0x501374 0x13d430 0x13c630 0x4d4
LockFile 0x0 0x501378 0x13d434 0x13c634 0x352
GetExitCodeProcess 0x0 0x50137c 0x13d438 0x13c638 0x1df
CreateProcessA 0x0 0x501380 0x13d43c 0x13c63c 0xa4
CreateProcessW 0x0 0x501384 0x13d440 0x13c640 0xa8
DuplicateHandle 0x0 0x501388 0x13d444 0x13c644 0xe8
LeaveCriticalSection 0x0 0x50138c 0x13d448 0x13c648 0x339
GetModuleFileNameA 0x0 0x501390 0x13d44c 0x13c64c 0x213
FlushFileBuffers 0x0 0x501394 0x13d450 0x13c650 0x157
SetFilePointer 0x0 0x501398 0x13d454 0x13c654 0x466
GetConsoleOutputCP 0x0 0x50139c 0x13d458 0x13c658 0x1b0
GetConsoleScreenBufferInfo 0x0 0x5013a0 0x13d45c 0x13c65c 0x1b2
GetStdHandle 0x0 0x5013a4 0x13d460 0x13c660 0x264
SetConsoleTextAttribute 0x0 0x5013a8 0x13d464 0x13c664 0x446
GetFullPathNameW 0x0 0x5013ac 0x13d468 0x13c668 0x1fb
GetCurrentThread 0x0 0x5013b0 0x13d46c 0x13c66c 0x1c4
GetEnvironmentVariableW 0x0 0x5013b4 0x13d470 0x13c670 0x1dc
InitializeCriticalSection 0x0 0x5013b8 0x13d474 0x13c674 0x2e2
EnterCriticalSection 0x0 0x5013bc 0x13d478 0x13c678 0xee
DeleteCriticalSection 0x0 0x5013c0 0x13d47c 0x13c67c 0xd1
GetModuleHandleW 0x0 0x5013c4 0x13d480 0x13c680 0x218
GetProcAddress 0x0 0x5013c8 0x13d484 0x13c684 0x245
RaiseException 0x0 0x5013cc 0x13d488 0x13c688 0x3b1
FlushInstructionCache 0x0 0x5013d0 0x13d48c 0x13c68c 0x158
GetCurrentProcess 0x0 0x5013d4 0x13d490 0x13c690 0x1c0
CloseHandle 0x0 0x5013d8 0x13d494 0x13c694 0x52
WriteFile 0x0 0x5013dc 0x13d498 0x13c698 0x525
CreateFileW 0x0 0x5013e0 0x13d49c 0x13c69c 0x8f
GetFileType 0x0 0x5013e4 0x13d4a0 0x13c6a0 0x1f3
TlsAlloc 0x0 0x5013e8 0x13d4a4 0x13c6a4 0x4c5
GetShortPathNameW 0x0 0x5013ec 0x13d4a8 0x13c6a8 0x261
LocalAlloc 0x0 0x5013f0 0x13d4ac 0x13c6ac 0x344
FormatMessageW 0x0 0x5013f4 0x13d4b0 0x13c6b0 0x15e
CreateThread 0x0 0x5013f8 0x13d4b4 0x13c6b4 0xb5
SetUnhandledExceptionFilter 0x0 0x5013fc 0x13d4b8 0x13c6b8 0x4a5
LocalFree 0x0 0x501400 0x13d4bc 0x13c6bc 0x348
USER32.dll (144)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetWindow 0x0 0x5014a4 0x13d560 0x13c760 0x18e
GetClientRect 0x0 0x5014a8 0x13d564 0x13c764 0x114
GetWindowTextW 0x0 0x5014ac 0x13d568 0x13c768 0x1a3
GetWindowTextLengthW 0x0 0x5014b0 0x13d56c 0x13c76c 0x1a2
FillRect 0x0 0x5014b4 0x13d570 0x13c770 0xf6
IsWindow 0x0 0x5014b8 0x13d574 0x13c774 0x1db
ShowWindow 0x0 0x5014bc 0x13d578 0x13c778 0x2df
GetWindowRect 0x0 0x5014c0 0x13d57c 0x13c77c 0x19c
UnionRect 0x0 0x5014c4 0x13d580 0x13c780 0x301
GetParent 0x0 0x5014c8 0x13d584 0x13c784 0x164
BeginPaint 0x0 0x5014cc 0x13d588 0x13c788 0xe
EndPaint 0x0 0x5014d0 0x13d58c 0x13c78c 0xdc
ScreenToClient 0x0 0x5014d4 0x13d590 0x13c790 0x26d
SetWindowPos 0x0 0x5014d8 0x13d594 0x13c794 0x2c6
GetWindowDC 0x0 0x5014dc 0x13d598 0x13c798 0x192
LookupIconIdFromDirectoryEx 0x0 0x5014e0 0x13d59c 0x13c79c 0x201
CallWindowProcW 0x0 0x5014e4 0x13d5a0 0x13c7a0 0x1e
DefWindowProcW 0x0 0x5014e8 0x13d5a4 0x13c7a4 0x9c
GetWindowLongW 0x0 0x5014ec 0x13d5a8 0x13c7a8 0x196
IsWindowVisible 0x0 0x5014f0 0x13d5ac 0x13c7ac 0x1e0
MapWindowPoints 0x0 0x5014f4 0x13d5b0 0x13c7b0 0x209
SetWindowLongW 0x0 0x5014f8 0x13d5b4 0x13c7b4 0x2c4
SendMessageW 0x0 0x5014fc 0x13d5b8 0x13c7b8 0x27c
DrawFrameControl 0x0 0x501500 0x13d5bc 0x13c7bc 0xc6
RegisterWindowMessageW 0x0 0x501504 0x13d5c0 0x13c7c0 0x263
InvalidateRgn 0x0 0x501508 0x13d5c4 0x13c7c4 0x1bf
GetDesktopWindow 0x0 0x50150c 0x13d5c8 0x13c7c8 0x123
GetKeyState 0x0 0x501510 0x13d5cc 0x13c7cc 0x13d
DrawStateW 0x0 0x501514 0x13d5d0 0x13c7d0 0xcc
DrawTextExW 0x0 0x501518 0x13d5d4 0x13c7d4 0xcf
DrawFocusRect 0x0 0x50151c 0x13d5d8 0x13c7d8 0xc4
ValidateRect 0x0 0x501520 0x13d5dc 0x13c7dc 0x31c
DestroyMenu 0x0 0x501524 0x13d5e0 0x13c7e0 0xa4
AppendMenuW 0x0 0x501528 0x13d5e4 0x13c7e4 0xa
CreatePopupMenu 0x0 0x50152c 0x13d5e8 0x13c7e8 0x6b
TrackPopupMenu 0x0 0x501530 0x13d5ec 0x13c7ec 0x2f6
InflateRect 0x0 0x501534 0x13d5f0 0x13c7f0 0x1b5
LoadBitmapW 0x0 0x501538 0x13d5f4 0x13c7f4 0x1e7
MessageBeep 0x0 0x50153c 0x13d5f8 0x13c7f8 0x20d
CharNextW 0x0 0x501540 0x13d5fc 0x13c7fc 0x31
GetClassNameW 0x0 0x501544 0x13d600 0x13c800 0x112
ReleaseCapture 0x0 0x501548 0x13d604 0x13c804 0x264
SetCapture 0x0 0x50154c 0x13d608 0x13c808 0x280
UpdateWindow 0x0 0x501550 0x13d60c 0x13c80c 0x311
DestroyIcon 0x0 0x501554 0x13d610 0x13c810 0xa3
GetDlgCtrlID 0x0 0x501558 0x13d614 0x13c814 0x126
GetCapture 0x0 0x50155c 0x13d618 0x13c818 0x108
SetScrollInfo 0x0 0x501560 0x13d61c 0x13c81c 0x2b0
GetScrollPos 0x0 0x501564 0x13d620 0x13c820 0x176
GetClassInfoExW 0x0 0x501568 0x13d624 0x13c824 0x10d
RegisterClassExW 0x0 0x50156c 0x13d628 0x13c828 0x24d
DrawEdge 0x0 0x501570 0x13d62c 0x13c82c 0xc3
SetScrollPos 0x0 0x501574 0x13d630 0x13c830 0x2b1
SetRect 0x0 0x501578 0x13d634 0x13c834 0x2ae
MoveWindow 0x0 0x50157c 0x13d638 0x13c838 0x21b
GetScrollInfo 0x0 0x501580 0x13d63c 0x13c83c 0x175
GetMessagePos 0x0 0x501584 0x13d640 0x13c840 0x15b
SystemParametersInfoW 0x0 0x501588 0x13d644 0x13c844 0x2ec
GetActiveWindow 0x0 0x50158c 0x13d648 0x13c848 0x100
TrackMouseEvent 0x0 0x501590 0x13d64c 0x13c84c 0x2f5
GetAsyncKeyState 0x0 0x501594 0x13d650 0x13c850 0x107
DestroyCursor 0x0 0x501598 0x13d654 0x13c854 0xa2
GetWindowRgn 0x0 0x50159c 0x13d658 0x13c858 0x19d
IsZoomed 0x0 0x5015a0 0x13d65c 0x13c85c 0x1e2
SetWindowRgn 0x0 0x5015a4 0x13d660 0x13c860 0x2c7
GetComboBoxInfo 0x0 0x5015a8 0x13d664 0x13c864 0x11c
DestroyAcceleratorTable 0x0 0x5015ac 0x13d668 0x13c868 0xa0
CreateAcceleratorTableW 0x0 0x5015b0 0x13d66c 0x13c86c 0x58
TranslateAcceleratorW 0x0 0x5015b4 0x13d670 0x13c870 0x2fa
CreateDialogParamW 0x0 0x5015b8 0x13d674 0x13c874 0x63
EndDialog 0x0 0x5015bc 0x13d678 0x13c878 0xda
DialogBoxParamW 0x0 0x5015c0 0x13d67c 0x13c87c 0xac
InvalidateRect 0x0 0x5015c4 0x13d680 0x13c880 0x1be
GetNextDlgTabItem 0x0 0x5015c8 0x13d684 0x13c884 0x162
SetCursor 0x0 0x5015cc 0x13d688 0x13c888 0x288
MonitorFromWindow 0x0 0x5015d0 0x13d68c 0x13c88c 0x21a
GetMonitorInfoW 0x0 0x5015d4 0x13d690 0x13c890 0x15f
LoadImageW 0x0 0x5015d8 0x13d694 0x13c894 0x1ef
IsDialogMessageW 0x0 0x5015dc 0x13d698 0x13c898 0x1cd
IsChild 0x0 0x5015e0 0x13d69c 0x13c89c 0x1c9
PostQuitMessage 0x0 0x5015e4 0x13d6a0 0x13c8a0 0x237
PostMessageW 0x0 0x5015e8 0x13d6a4 0x13c8a4 0x236
SetForegroundWindow 0x0 0x5015ec 0x13d6a8 0x13c8a8 0x293
SetCursorPos 0x0 0x5015f0 0x13d6ac 0x13c8ac 0x28a
GetCursorPos 0x0 0x5015f4 0x13d6b0 0x13c8b0 0x120
PeekMessageW 0x0 0x5015f8 0x13d6b4 0x13c8b4 0x233
GetMessageW 0x0 0x5015fc 0x13d6b8 0x13c8b8 0x15d
TranslateMessage 0x0 0x501600 0x13d6bc 0x13c8bc 0x2fc
DispatchMessageW 0x0 0x501604 0x13d6c0 0x13c8c0 0xaf
LoadCursorW 0x0 0x501608 0x13d6c4 0x13c8c4 0x1eb
LoadStringW 0x0 0x50160c 0x13d6c8 0x13c8c8 0x1fa
MessageBoxW 0x0 0x501610 0x13d6cc 0x13c8cc 0x215
GetFocus 0x0 0x501614 0x13d6d0 0x13c8d0 0x12c
EnableWindow 0x0 0x501618 0x13d6d4 0x13c8d4 0xd8
DestroyWindow 0x0 0x50161c 0x13d6d8 0x13c8d8 0xa6
LoadIconW 0x0 0x501620 0x13d6dc 0x13c8dc 0x1ed
DialogBoxIndirectParamW 0x0 0x501624 0x13d6e0 0x13c8e0 0xaa
GetForegroundWindow 0x0 0x501628 0x13d6e4 0x13c8e4 0x12d
MsgWaitForMultipleObjects 0x0 0x50162c 0x13d6e8 0x13c8e8 0x21c
EnumWindows 0x0 0x501630 0x13d6ec 0x13c8ec 0xf2
GetWindowThreadProcessId 0x0 0x501634 0x13d6f0 0x13c8f0 0x1a4
GetPropW 0x0 0x501638 0x13d6f4 0x13c8f4 0x16b
GetSystemMenu 0x0 0x50163c 0x13d6f8 0x13c8f8 0x17d
EnableMenuItem 0x0 0x501640 0x13d6fc 0x13c8fc 0xd6
ModifyMenuW 0x0 0x501644 0x13d700 0x13c900 0x217
FindWindowW 0x0 0x501648 0x13d704 0x13c904 0xfa
ExitWindowsEx 0x0 0x50164c 0x13d708 0x13c908 0xf5
GetScrollRange 0x0 0x501650 0x13d70c 0x13c90c 0x177
SetPropW 0x0 0x501654 0x13d710 0x13c910 0x2ad
RemovePropW 0x0 0x501658 0x13d714 0x13c914 0x269
LoadMenuW 0x0 0x50165c 0x13d718 0x13c918 0x1f7
GetSubMenu 0x0 0x501660 0x13d71c 0x13c91c 0x17a
OpenClipboard 0x0 0x501664 0x13d720 0x13c920 0x226
CloseClipboard 0x0 0x501668 0x13d724 0x13c924 0x49
EmptyClipboard 0x0 0x50166c 0x13d728 0x13c928 0xd5
SetClipboardData 0x0 0x501670 0x13d72c 0x13c92c 0x286
GetIconInfo 0x0 0x501674 0x13d730 0x13c930 0x133
SendMessageTimeoutW 0x0 0x501678 0x13d734 0x13c934 0x27b
UnregisterClassA 0x0 0x50167c 0x13d738 0x13c938 0x305
DrawTextW 0x0 0x501680 0x13d73c 0x13c93c 0xd0
DrawIconEx 0x0 0x501684 0x13d740 0x13c940 0xc8
GetSystemMetrics 0x0 0x501688 0x13d744 0x13c944 0x17e
ClientToScreen 0x0 0x50168c 0x13d748 0x13c948 0x47
OffsetRect 0x0 0x501690 0x13d74c 0x13c94c 0x225
SetRectEmpty 0x0 0x501694 0x13d750 0x13c950 0x2af
PtInRect 0x0 0x501698 0x13d754 0x13c954 0x240
GetSysColorBrush 0x0 0x50169c 0x13d758 0x13c958 0x17c
IntersectRect 0x0 0x5016a0 0x13d75c 0x13c95c 0x1bd
IsRectEmpty 0x0 0x5016a4 0x13d760 0x13c960 0x1d4
SendMessageA 0x0 0x5016a8 0x13d764 0x13c964 0x277
IsWindowEnabled 0x0 0x5016ac 0x13d768 0x13c968 0x1dc
CopyRect 0x0 0x5016b0 0x13d76c 0x13c96c 0x55
RedrawWindow 0x0 0x5016b4 0x13d770 0x13c970 0x24a
SetFocus 0x0 0x5016b8 0x13d774 0x13c974 0x292
GetSysColor 0x0 0x5016bc 0x13d778 0x13c978 0x17b
CreateWindowExW 0x0 0x5016c0 0x13d77c 0x13c97c 0x6e
GetDlgItem 0x0 0x5016c4 0x13d780 0x13c980 0x127
SetWindowTextW 0x0 0x5016c8 0x13d784 0x13c984 0x2cb
EqualRect 0x0 0x5016cc 0x13d788 0x13c988 0xf3
SetTimer 0x0 0x5016d0 0x13d78c 0x13c98c 0x2bb
KillTimer 0x0 0x5016d4 0x13d790 0x13c990 0x1e3
GetDC 0x0 0x5016d8 0x13d794 0x13c994 0x121
ReleaseDC 0x0 0x5016dc 0x13d798 0x13c998 0x265
CreateIconFromResourceEx 0x0 0x5016e0 0x13d79c 0x13c99c 0x66
GDI32.dll (35)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetLayout 0x0 0x5010e4 0x13d1a0 0x13c3a0 0x1ed
GetBrushOrgEx 0x0 0x5010e8 0x13d1a4 0x13c3a4 0x1ad
CreateFontIndirectW 0x0 0x5010ec 0x13d1a8 0x13c3a8 0x40
CreateSolidBrush 0x0 0x5010f0 0x13d1ac 0x13c3ac 0x54
GetRgnBox 0x0 0x5010f4 0x13d1b0 0x13c3b0 0x20c
EqualRgn 0x0 0x5010f8 0x13d1b4 0x13c3b4 0x12d
CreatePolygonRgn 0x0 0x5010fc 0x13d1b8 0x13c3b8 0x4e
CreateRectRgnIndirect 0x0 0x501100 0x13d1bc 0x13c3bc 0x50
GetStockObject 0x0 0x501104 0x13d1c0 0x13c3c0 0x20d
CreateFontW 0x0 0x501108 0x13d1c4 0x13c3c4 0x41
SetBkMode 0x0 0x50110c 0x13d1c8 0x13c3c8 0x27f
SetTextColor 0x0 0x501110 0x13d1cc 0x13c3cc 0x2a6
SetBrushOrgEx 0x0 0x501114 0x13d1d0 0x13c3d0 0x282
CreatePatternBrush 0x0 0x501118 0x13d1d4 0x13c3d4 0x4a
FillRgn 0x0 0x50111c 0x13d1d8 0x13c3d8 0x142
SelectClipRgn 0x0 0x501120 0x13d1dc 0x13c3dc 0x275
GetBitmapBits 0x0 0x501124 0x13d1e0 0x13c3e0 0x1a7
CreateRectRgn 0x0 0x501128 0x13d1e4 0x13c3e4 0x4f
GetObjectW 0x0 0x50112c 0x13d1e8 0x13c3e8 0x1fd
GetDeviceCaps 0x0 0x501130 0x13d1ec 0x13c3ec 0x1cb
Rectangle 0x0 0x501134 0x13d1f0 0x13c3f0 0x25f
ExcludeClipRect 0x0 0x501138 0x13d1f4 0x13c3f4 0x131
CreatePen 0x0 0x50113c 0x13d1f8 0x13c3f8 0x4b
ExtTextOutW 0x0 0x501140 0x13d1fc 0x13c3fc 0x138
SetBkColor 0x0 0x501144 0x13d200 0x13c400 0x27e
BitBlt 0x0 0x501148 0x13d204 0x13c404 0x13
SetViewportOrgEx 0x0 0x50114c 0x13d208 0x13c408 0x2a9
CreateCompatibleBitmap 0x0 0x501150 0x13d20c 0x13c40c 0x2f
CreateCompatibleDC 0x0 0x501154 0x13d210 0x13c410 0x30
DeleteObject 0x0 0x501158 0x13d214 0x13c414 0xe6
SelectObject 0x0 0x50115c 0x13d218 0x13c418 0x277
DeleteDC 0x0 0x501160 0x13d21c 0x13c41c 0xe3
CreateDIBSection 0x0 0x501164 0x13d220 0x13c420 0x35
CreateBitmapIndirect 0x0 0x501168 0x13d224 0x13c424 0x2b
CombineRgn 0x0 0x50116c 0x13d228 0x13c428 0x22
ADVAPI32.dll (39)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegOpenKeyW 0x0 0x501000 0x13d0bc 0x13c2bc 0x264
LookupPrivilegeValueW 0x0 0x501004 0x13d0c0 0x13c2c0 0x197
LookupAccountSidW 0x0 0x501008 0x13d0c4 0x13c2c4 0x191
SetSecurityDescriptorDacl 0x0 0x50100c 0x13d0c8 0x13c2c8 0x2b6
InitializeSecurityDescriptor 0x0 0x501010 0x13d0cc 0x13c2cc 0x177
SetEntriesInAclW 0x0 0x501014 0x13d0d0 0x13c2d0 0x2a6
GetSecurityDescriptorDacl 0x0 0x501018 0x13d0d4 0x13c2d4 0x148
StartServiceW 0x0 0x50101c 0x13d0d8 0x13c2d8 0x2c9
QueryServiceStatus 0x0 0x501020 0x13d0dc 0x13c2dc 0x228
OpenServiceW 0x0 0x501024 0x13d0e0 0x13c2e0 0x1fb
RegDeleteValueA 0x0 0x501028 0x13d0e4 0x13c2e4 0x247
RegQueryValueExA 0x0 0x50102c 0x13d0e8 0x13c2e8 0x26d
RegOpenKeyA 0x0 0x501030 0x13d0ec 0x13c2ec 0x25f
RegDeleteValueW 0x0 0x501034 0x13d0f0 0x13c2f0 0x248
RegCreateKeyExW 0x0 0x501038 0x13d0f4 0x13c2f4 0x239
RegSetValueExW 0x0 0x50103c 0x13d0f8 0x13c2f8 0x27e
RegEnumKeyExW 0x0 0x501040 0x13d0fc 0x13c2fc 0x24f
RegQueryInfoKeyW 0x0 0x501044 0x13d100 0x13c300 0x268
RegDeleteKeyW 0x0 0x501048 0x13d104 0x13c304 0x244
RegQueryValueExW 0x0 0x50104c 0x13d108 0x13c308 0x26e
RegOpenKeyExW 0x0 0x501050 0x13d10c 0x13c30c 0x261
RegCloseKey 0x0 0x501054 0x13d110 0x13c310 0x230
RegSetValueExA 0x0 0x501058 0x13d114 0x13c314 0x27d
OpenSCManagerW 0x0 0x50105c 0x13d118 0x13c318 0x1f9
LockServiceDatabase 0x0 0x501060 0x13d11c 0x13c31c 0x188
UnlockServiceDatabase 0x0 0x501064 0x13d120 0x13c320 0x300
CloseServiceHandle 0x0 0x501068 0x13d124 0x13c324 0x57
RegOpenKeyExA 0x0 0x50106c 0x13d128 0x13c328 0x260
RegEnumValueA 0x0 0x501070 0x13d12c 0x13c32c 0x251
AdjustTokenPrivileges 0x0 0x501074 0x13d130 0x13c330 0x1f
RegCreateKeyW 0x0 0x501078 0x13d134 0x13c334 0x23c
OpenProcessToken 0x0 0x50107c 0x13d138 0x13c338 0x1f7
GetTokenInformation 0x0 0x501080 0x13d13c 0x13c33c 0x15a
AllocateAndInitializeSid 0x0 0x501084 0x13d140 0x13c340 0x20
EqualSid 0x0 0x501088 0x13d144 0x13c344 0x107
FreeSid 0x0 0x50108c 0x13d148 0x13c348 0x120
GetUserNameW 0x0 0x501090 0x13d14c 0x13c34c 0x165
RegDeleteKeyA 0x0 0x501094 0x13d150 0x13c350 0x23d
RegCreateKeyA 0x0 0x501098 0x13d154 0x13c354 0x237
SHELL32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteW 0x0 0x501464 0x13d520 0x13c720 0x122
ShellExecuteExW 0x0 0x501468 0x13d524 0x13c724 0x121
SHGetFolderPathW 0x0 0x50146c 0x13d528 0x13c728 0xc3
SHBrowseForFolderW 0x0 0x501470 0x13d52c 0x13c72c 0x7b
SHGetPathFromIDListW 0x0 0x501474 0x13d530 0x13c730 0xd7
SHGetMalloc 0x0 0x501478 0x13d534 0x13c734 0xcf
SHGetFileInfoW 0x0 0x50147c 0x13d538 0x13c738 0xbd
SHGetSpecialFolderLocation 0x0 0x501480 0x13d53c 0x13c73c 0xdf
ole32.dll (18)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoTaskMemRealloc 0x0 0x50171c 0x13d7d8 0x13c9d8 0x69
CoTaskMemFree 0x0 0x501720 0x13d7dc 0x13c9dc 0x68
CoInitialize 0x0 0x501724 0x13d7e0 0x13c9e0 0x3e
OleInitialize 0x0 0x501728 0x13d7e4 0x13c9e4 0x132
CLSIDFromString 0x0 0x50172c 0x13d7e8 0x13c9e8 0x8
CLSIDFromProgID 0x0 0x501730 0x13d7ec 0x13c9ec 0x6
CoGetClassObject 0x0 0x501734 0x13d7f0 0x13c9f0 0x26
CoCreateInstance 0x0 0x501738 0x13d7f4 0x13c9f4 0x10
CreateStreamOnHGlobal 0x0 0x50173c 0x13d7f8 0x13c9f8 0x86
OleLockRunning 0x0 0x501740 0x13d7fc 0x13c9fc 0x138
CoTaskMemAlloc 0x0 0x501744 0x13d800 0x13ca00 0x67
OleUninitialize 0x0 0x501748 0x13d804 0x13ca04 0x149
CoUninitialize 0x0 0x50174c 0x13d808 0x13ca08 0x6c
CoCreateGuid 0x0 0x501750 0x13d80c 0x13ca0c 0xf
CreateILockBytesOnHGlobal 0x0 0x501754 0x13d810 0x13ca10 0x80
StgCreateDocfileOnILockBytes 0x0 0x501758 0x13d814 0x13ca14 0x168
CoInitializeEx 0x0 0x50175c 0x13d818 0x13ca18 0x3f
StringFromGUID2 0x0 0x501760 0x13d81c 0x13ca1c 0x179
OLEAUT32.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VarUI4FromStr 0x115 0x501424 0x13d4e0 0x13c6e0 -
VarDateFromStr 0x5e 0x501428 0x13d4e4 0x13c6e4 -
OleLoadPicture 0x1a2 0x50142c 0x13d4e8 0x13c6e8 -
SysStringByteLen 0x95 0x501430 0x13d4ec 0x13c6ec -
SysAllocStringByteLen 0x96 0x501434 0x13d4f0 0x13c6f0 -
SysAllocStringLen 0x4 0x501438 0x13d4f4 0x13c6f4 -
LoadTypeLib 0xa1 0x50143c 0x13d4f8 0x13c6f8 -
LoadRegTypeLib 0xa2 0x501440 0x13d4fc 0x13c6fc -
SysStringLen 0x7 0x501444 0x13d500 0x13c700 -
OleCreateFontIndirect 0x1a4 0x501448 0x13d504 0x13c704 -
VariantCopy 0xa 0x50144c 0x13d508 0x13c708 -
VariantInit 0x8 0x501450 0x13d50c 0x13c70c -
VariantClear 0x9 0x501454 0x13d510 0x13c710 -
SysAllocString 0x2 0x501458 0x13d514 0x13c714 -
SysFreeString 0x6 0x50145c 0x13d518 0x13c718 -
dbghelp.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SymGetLineFromAddr 0x0 0x5016f8 0x13d7b4 0x13c9b4 0x55
SymSetSearchPath 0x0 0x5016fc 0x13d7b8 0x13c9b8 0xa3
SymCleanup 0x0 0x501700 0x13d7bc 0x13c9bc 0x27
SymInitialize 0x0 0x501704 0x13d7c0 0x13c9c0 0x85
SymSetOptions 0x0 0x501708 0x13d7c4 0x13c9c4 0x9f
SymFunctionTableAccess 0x0 0x50170c 0x13d7c8 0x13c9c8 0x50
StackWalk 0x0 0x501710 0x13d7cc 0x13c9cc 0x20
SymGetModuleBase 0x0 0x501714 0x13d7d0 0x13c9d0 0x61
SHLWAPI.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathAddBackslashW 0x0 0x501488 0x13d544 0x13c744 0x30
PathIsUNCW 0x0 0x50148c 0x13d548 0x13c748 0x71
PathIsDirectoryW 0x0 0x501490 0x13d54c 0x13c74c 0x5b
PathFileExistsW 0x0 0x501494 0x13d550 0x13c750 0x45
COMCTL32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_Create 0x0 0x5010a0 0x13d15c 0x13c35c 0x53
PropertySheetW 0x0 0x5010a4 0x13d160 0x13c360 0x85
DestroyPropertySheetPage 0x0 0x5010a8 0x13d164 0x13c364 0x31
InitCommonControlsEx 0x0 0x5010ac 0x13d168 0x13c368 0x7b
ImageList_LoadImageW 0x0 0x5010b0 0x13d16c 0x13c36c 0x69
ImageList_GetIcon 0x0 0x5010b4 0x13d170 0x13c370 0x62
ImageList_AddMasked 0x0 0x5010b8 0x13d174 0x13c374 0x4f
ImageList_SetBkColor 0x0 0x5010bc 0x13d178 0x13c378 0x71
_TrackMouseEvent 0x0 0x5010c0 0x13d17c 0x13c37c 0x92
ImageList_Add 0x0 0x5010c4 0x13d180 0x13c380 0x4d
ImageList_ReplaceIcon 0x0 0x5010c8 0x13d184 0x13c384 0x6f
ImageList_Destroy 0x0 0x5010cc 0x13d188 0x13c388 0x54
CreatePropertySheetPageW 0x0 0x5010d0 0x13d18c 0x13c38c 0x9
MSIMG32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TransparentBlt 0x0 0x501408 0x13d4c4 0x13c6c4 0x3
AlphaBlend 0x0 0x50140c 0x13d4c8 0x13c6c8 0x0
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoW 0x0 0x5016e8 0x13d7a4 0x13c9a4 0x6
VerQueryValueW 0x0 0x5016ec 0x13d7a8 0x13c9a8 0xe
GetFileVersionInfoSizeW 0x0 0x5016f0 0x13d7ac 0x13c9ac 0x5
NETAPI32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NetUserGetLocalGroups 0x0 0x501414 0x13d4d0 0x13c6d0 0x100
NetApiBufferFree 0x0 0x501418 0x13d4d4 0x13c6d4 0x65
NetLocalGroupGetMembers 0x0 0x50141c 0x13d4d8 0x13c6d8 0xad
Secur32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetUserNameExW 0x0 0x50149c 0x13d558 0x13c758 0x1e
COMDLG32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetOpenFileNameW 0x0 0x5010d8 0x13d194 0x13c394 0xc
GetSaveFileNameW 0x0 0x5010dc 0x13d198 0x13c398 0xe
Icons (1)
»
C:\Program Files\Remote Utilities - Host\Printer\x86\fwproc.exe Created File Binary
Unknown
...
»
Mime Type application/x-dosexec
File Size 88.52 KB
MD5 ea59044d08afd020fa6d5af9e5e7cf5a Copy to Clipboard
SHA1 d6958e403f452fc2d1bf7fcd8b2edc691d935d68 Copy to Clipboard
SHA256 78436d1fef2d60bbe0a693d8425b8c30e9db167422ee8004eb965773ff6c00ae Copy to Clipboard
SSDeep 1536:0NpkB9q5HeZJobIusCnXTqFC34d9KJ3w4tjBgYf:bPqOobJs8Eoa4tjBgW Copy to Clipboard
ImpHash c29d9cb1e0887bcf73c166234faf65e4 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x401ff8
Size Of Code 0xd000
Size Of Initialized Data 0x6000
File Type executable
Subsystem windows_cui
Machine Type i386
Compile Timestamp 2012-08-31 14:24:45+00:00
Version Information (8)
»
LegalCopyright Copyright (C) Two Pilots 2012
InternalName fwproc
FileVersion 1, 3, 0, 0
CompanyName Two Pilots
ProductName Virtual Printer Driver
ProductVersion 7, 3, 0, 0
FileDescription Virtual Printer Driver component
OriginalFilename fwproc.exe
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xc024 0xd000 0x1000 cnt_code, mem_execute, mem_read 6.36
.rdata 0x40e000 0x2374 0x3000 0xe000 cnt_initialized_data, mem_read 4.41
.data 0x411000 0x2da8 0x2000 0x11000 cnt_initialized_data, mem_read, mem_write 1.34
.rsrc 0x414000 0x40c 0x1000 0x13000 cnt_initialized_data, mem_read 3.73
Imports (2)
»
KERNEL32.dll (75)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetVersionExW 0x0 0x40e000 0xfc10 0xfc10 0x1ea
GetLastError 0x0 0x40e004 0xfc14 0xfc14 0x171
SetLastError 0x0 0x40e008 0xfc18 0xfc18 0x328
GetLocalTime 0x0 0x40e00c 0xfc1c 0xfc1c 0x173
GetCurrentThreadId 0x0 0x40e010 0xfc20 0xfc20 0x146
HeapSize 0x0 0x40e014 0xfc24 0xfc24 0x21c
ReadFile 0x0 0x40e018 0xfc28 0xfc28 0x2b5
SetEndOfFile 0x0 0x40e01c 0xfc2c 0xfc2c 0x310
WriteConsoleW 0x0 0x40e020 0xfc30 0xfc30 0x3a3
GetConsoleOutputCP 0x0 0x40e024 0xfc34 0xfc34 0x135
WriteConsoleA 0x0 0x40e028 0xfc38 0xfc38 0x399
HeapFree 0x0 0x40e02c 0xfc3c 0xfc3c 0x216
GetVersionExA 0x0 0x40e030 0xfc40 0xfc40 0x1e9
HeapAlloc 0x0 0x40e034 0xfc44 0xfc44 0x210
GetProcessHeap 0x0 0x40e038 0xfc48 0xfc48 0x1a3
TerminateProcess 0x0 0x40e03c 0xfc4c 0xfc4c 0x35e
GetCurrentProcess 0x0 0x40e040 0xfc50 0xfc50 0x142
UnhandledExceptionFilter 0x0 0x40e044 0xfc54 0xfc54 0x36e
SetUnhandledExceptionFilter 0x0 0x40e048 0xfc58 0xfc58 0x34a
IsDebuggerPresent 0x0 0x40e04c 0xfc5c 0xfc5c 0x239
EnterCriticalSection 0x0 0x40e050 0xfc60 0xfc60 0x98
LeaveCriticalSection 0x0 0x40e054 0xfc64 0xfc64 0x251
RtlUnwind 0x0 0x40e058 0xfc68 0xfc68 0x2d7
SetHandleCount 0x0 0x40e05c 0xfc6c 0xfc6c 0x324
GetStdHandle 0x0 0x40e060 0xfc70 0xfc70 0x1b9
GetFileType 0x0 0x40e064 0xfc74 0xfc74 0x166
GetStartupInfoA 0x0 0x40e068 0xfc78 0xfc78 0x1b7
DeleteCriticalSection 0x0 0x40e06c 0xfc7c 0xfc7c 0x81
CloseHandle 0x0 0x40e070 0xfc80 0xfc80 0x34
GetProcAddress 0x0 0x40e074 0xfc84 0xfc84 0x1a0
GetModuleHandleA 0x0 0x40e078 0xfc88 0xfc88 0x17f
ExitProcess 0x0 0x40e07c 0xfc8c 0xfc8c 0xb9
WriteFile 0x0 0x40e080 0xfc90 0xfc90 0x3a4
GetModuleFileNameA 0x0 0x40e084 0xfc94 0xfc94 0x17d
GetModuleFileNameW 0x0 0x40e088 0xfc98 0xfc98 0x17e
FreeEnvironmentStringsA 0x0 0x40e08c 0xfc9c 0xfc9c 0xf6
MultiByteToWideChar 0x0 0x40e090 0xfca0 0xfca0 0x275
GetEnvironmentStrings 0x0 0x40e094 0xfca4 0xfca4 0x155
FreeEnvironmentStringsW 0x0 0x40e098 0xfca8 0xfca8 0xf7
GetEnvironmentStringsW 0x0 0x40e09c 0xfcac 0xfcac 0x157
GetCommandLineA 0x0 0x40e0a0 0xfcb0 0xfcb0 0x110
GetCommandLineW 0x0 0x40e0a4 0xfcb4 0xfcb4 0x111
TlsGetValue 0x0 0x40e0a8 0xfcb8 0xfcb8 0x365
TlsAlloc 0x0 0x40e0ac 0xfcbc 0xfcbc 0x363
TlsSetValue 0x0 0x40e0b0 0xfcc0 0xfcc0 0x366
TlsFree 0x0 0x40e0b4 0xfcc4 0xfcc4 0x364
InterlockedIncrement 0x0 0x40e0b8 0xfcc8 0xfcc8 0x22c
InterlockedDecrement 0x0 0x40e0bc 0xfccc 0xfccc 0x228
HeapDestroy 0x0 0x40e0c0 0xfcd0 0xfcd0 0x214
HeapCreate 0x0 0x40e0c4 0xfcd4 0xfcd4 0x212
VirtualFree 0x0 0x40e0c8 0xfcd8 0xfcd8 0x383
QueryPerformanceCounter 0x0 0x40e0cc 0xfcdc 0xfcdc 0x2a3
GetTickCount 0x0 0x40e0d0 0xfce0 0xfce0 0x1df
GetCurrentProcessId 0x0 0x40e0d4 0xfce4 0xfce4 0x143
GetSystemTimeAsFileTime 0x0 0x40e0d8 0xfce8 0xfce8 0x1ca
Sleep 0x0 0x40e0dc 0xfcec 0xfcec 0x356
GetCPInfo 0x0 0x40e0e0 0xfcf0 0xfcf0 0x104
GetACP 0x0 0x40e0e4 0xfcf4 0xfcf4 0xfd
GetOEMCP 0x0 0x40e0e8 0xfcf8 0xfcf8 0x193
SetFilePointer 0x0 0x40e0ec 0xfcfc 0xfcfc 0x31b
WideCharToMultiByte 0x0 0x40e0f0 0xfd00 0xfd00 0x394
GetConsoleCP 0x0 0x40e0f4 0xfd04 0xfd04 0x122
GetConsoleMode 0x0 0x40e0f8 0xfd08 0xfd08 0x133
CreateFileA 0x0 0x40e0fc 0xfd0c 0xfd0c 0x53
InitializeCriticalSection 0x0 0x40e100 0xfd10 0xfd10 0x223
VirtualAlloc 0x0 0x40e104 0xfd14 0xfd14 0x381
HeapReAlloc 0x0 0x40e108 0xfd18 0xfd18 0x21a
SetStdHandle 0x0 0x40e10c 0xfd1c 0xfd1c 0x337
FlushFileBuffers 0x0 0x40e110 0xfd20 0xfd20 0xee
LoadLibraryA 0x0 0x40e114 0xfd24 0xfd24 0x252
LCMapStringA 0x0 0x40e118 0xfd28 0xfd28 0x244
LCMapStringW 0x0 0x40e11c 0xfd2c 0xfd2c 0x245
GetStringTypeA 0x0 0x40e120 0xfd30 0xfd30 0x1ba
GetStringTypeW 0x0 0x40e124 0xfd34 0xfd34 0x1bd
GetLocaleInfoA 0x0 0x40e128 0xfd38 0xfd38 0x174
USER32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
keybd_event 0x0 0x40e130 0xfd40 0xfd40 0x2d5
SetForegroundWindow 0x0 0x40e134 0xfd44 0xfd44 0x257
FindWindowW 0x0 0x40e138 0xfd48 0xfd48 0xe6
GetKeyboardState 0x0 0x40e13c 0xfd4c 0xfd4c 0x126
SystemParametersInfoW 0x0 0x40e140 0xfd50 0xfd50 0x29a
IsWindow 0x0 0x40e144 0xfd54 0xfd54 0x1ad
AllowSetForegroundWindow 0x0 0x40e148 0xfd58 0xfd58 0x5
SendMessageW 0x0 0x40e14c 0xfd5c 0xfd5c 0x240
GetWindowThreadProcessId 0x0 0x40e150 0xfd60 0xfd60 0x17b
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\removeex.ico Created File Image
Unknown
...
»
Mime Type image/x-icon
File Size 14.73 KB
MD5 aa0a5f0280c98006741b6cb56c3a360e Copy to Clipboard
SHA1 ac820bbec6d08545a4a4818df9eb09b521bf2e40 Copy to Clipboard
SHA256 2ac61cea48ccdb1751cb6b93ba90267508ed6ac900b2e2ac6ead172c9b8958f2 Copy to Clipboard
SSDeep 192:4cYE5eZRboMB6f5iR59urg5N+qdrzt2eYi:4cAshf5quryvdPwzi Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Printer\x86\unidrv_rup.dll Created File Binary
Unknown
...
»
Mime Type application/x-dosexec
File Size 375.02 KB
MD5 06bcbd5ebae3130b47c5ef8d9566df15 Copy to Clipboard
SHA1 0e908eec1e77c96b1f83ddd42a678944b605fa47 Copy to Clipboard
SHA256 df33f57c24dcf3d878d545906f452b2ce691452350b72fc19c42a04a79b2bfc2 Copy to Clipboard
SSDeep 6144:rplBo/TK5C+psQzJzCSX6hjg+4GRr3CoA7f3j5G+hinZ5P31uGX7Zum8oyk7lATH:X0/djgEUhWnJ2UlxqOttoICvPn/318SN Copy to Clipboard
ImpHash fd0e2200e8478a87b0a698bb3ddd2cfe Copy to Clipboard
PE Information
»
Image Base 0x6dd10000
Entry Point 0x6dd1142d
Size Of Code 0x58c00
Size Of Initialized Data 0x2e00
File Type dll
Subsystem windows_cui
Machine Type i386
Compile Timestamp 2009-07-14 01:11:00+00:00
Version Information (8)
»
LegalCopyright © Microsoft Corporation. All rights reserved.
InternalName UNIDRV.DLL
FileVersion 6.1.7600.16385 (win7_rtm.090713-1255)
CompanyName Microsoft Corporation
ProductName Microsoft® Windows® Operating System
ProductVersion 6.1.7600.16385
FileDescription Unidrv Printer Driver
OriginalFilename UNIDRV.DLL
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x6dd11000 0x58a6b 0x58c00 0x400 cnt_code, mem_execute, mem_read 6.59
.data 0x6dd6a000 0xd0c 0xa00 0x59000 cnt_initialized_data, mem_read, mem_write 3.75
.rsrc 0x6dd6b000 0x3f0 0x400 0x59a00 cnt_initialized_data, mem_read 3.41
.reloc 0x6dd6c000 0x1bc4 0x1c00 0x59e00 cnt_initialized_data, mem_discardable, mem_read 6.52
Imports (5)
»
msvcrt.dll (27)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
memset 0x0 0x6dd11000 0x58d98 0x58198 0x4ee
memcpy 0x0 0x6dd11004 0x58d9c 0x5819c 0x4ea
_stricmp 0x0 0x6dd11008 0x58da0 0x581a0 0x35e
_CIsqrt 0x0 0x6dd1100c 0x58da4 0x581a4 0x47
iswctype 0x0 0x6dd11010 0x58da8 0x581a8 0x4cc
isspace 0x0 0x6dd11014 0x58dac 0x581ac 0x4c6
_amsg_exit 0x0 0x6dd11018 0x58db0 0x581b0 0x101
_initterm 0x0 0x6dd1101c 0x58db4 0x581b4 0x1d5
free 0x0 0x6dd11020 0x58db8 0x581b8 0x4a6
malloc 0x0 0x6dd11024 0x58dbc 0x581bc 0x4de
_XcptFilter 0x0 0x6dd11028 0x58dc0 0x581c0 0x6a
_vsnprintf 0x0 0x6dd1102c 0x58dc4 0x581c4 0x3c8
_strlwr 0x0 0x6dd11030 0x58dc8 0x581c8 0x362
??2@YAPAXI@Z 0x0 0x6dd11034 0x58dcc 0x581cc 0x12
??3@YAXPAX@Z 0x0 0x6dd11038 0x58dd0 0x581d0 0x14
wcsstr 0x0 0x6dd1103c 0x58dd4 0x581d4 0x564
wcsrchr 0x0 0x6dd11040 0x58dd8 0x581d8 0x560
_purecall 0x0 0x6dd11044 0x58ddc 0x581dc 0x2fc
_wcsnicmp 0x0 0x6dd11048 0x58de0 0x581e0 0x3f9
_strnicmp 0x0 0x6dd1104c 0x58de4 0x581e4 0x368
_CIatan2 0x0 0x6dd11050 0x58de8 0x581e8 0x3d
wcsncmp 0x0 0x6dd11054 0x58dec 0x581ec 0x55b
qsort 0x0 0x6dd11058 0x58df0 0x581f0 0x4fa
strstr 0x0 0x6dd1105c 0x58df4 0x581f4 0x526
atoi 0x0 0x6dd11060 0x58df8 0x581f8 0x480
strncmp 0x0 0x6dd11064 0x58dfc 0x581fc 0x51f
_wcsicmp 0x0 0x6dd11068 0x58e00 0x58200 0x3ef
WINSPOOL.DRV (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
EnumFormsW 0x0 0x6dd11070 0x58e08 0x58208 0x54
GetPrinterDataW 0x0 0x6dd11074 0x58e0c 0x5820c 0x7e
GetPrinterDriverW 0x0 0x6dd11078 0x58e10 0x58210 0x86
GetPrinterW 0x0 0x6dd1107c 0x58e14 0x58214 0x87
WritePrinter 0x0 0x6dd11080 0x58e18 0x58218 0xbc
FlushPrinter 0x0 0x6dd11084 0x58e1c 0x5821c 0x6d
KERNEL32.dll (55)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileSize 0x0 0x6dd1108c 0x58e24 0x58224 0x1f0
UnmapViewOfFile 0x0 0x6dd11090 0x58e28 0x58228 0x4d6
CreateFileMappingW 0x0 0x6dd11094 0x58e2c 0x5822c 0x8c
MapViewOfFile 0x0 0x6dd11098 0x58e30 0x58230 0x357
FindResourceW 0x0 0x6dd1109c 0x58e34 0x58234 0x14e
LoadResource 0x0 0x6dd110a0 0x58e38 0x58238 0x341
LockResource 0x0 0x6dd110a4 0x58e3c 0x5823c 0x354
SizeofResource 0x0 0x6dd110a8 0x58e40 0x58240 0x4b1
GetFileAttributesExW 0x0 0x6dd110ac 0x58e44 0x58244 0x1e7
DeleteFileW 0x0 0x6dd110b0 0x58e48 0x58248 0xd6
WriteFile 0x0 0x6dd110b4 0x58e4c 0x5824c 0x525
GetSystemDefaultLCID 0x0 0x6dd110b8 0x58e50 0x58250 0x26b
HeapReAlloc 0x0 0x6dd110bc 0x58e54 0x58254 0x2d2
SetLastError 0x0 0x6dd110c0 0x58e58 0x58258 0x473
LocalAlloc 0x0 0x6dd110c4 0x58e5c 0x5825c 0x344
HeapDestroy 0x0 0x6dd110c8 0x58e60 0x58260 0x2ce
LocalFree 0x0 0x6dd110cc 0x58e64 0x58264 0x348
GetVersionExW 0x0 0x6dd110d0 0x58e68 0x58268 0x2a4
MulDiv 0x0 0x6dd110d4 0x58e6c 0x5826c 0x366
GetProcAddress 0x0 0x6dd110d8 0x58e70 0x58270 0x245
InterlockedIncrement 0x0 0x6dd110dc 0x58e74 0x58274 0x2ef
InterlockedDecrement 0x0 0x6dd110e0 0x58e78 0x58278 0x2eb
HeapCreate 0x0 0x6dd110e4 0x58e7c 0x5827c 0x2cd
HeapAlloc 0x0 0x6dd110e8 0x58e80 0x58280 0x2cb
HeapFree 0x0 0x6dd110ec 0x58e84 0x58284 0x2cf
GetProcessHeap 0x0 0x6dd110f0 0x58e88 0x58288 0x24a
GetModuleHandleW 0x0 0x6dd110f4 0x58e8c 0x5828c 0x218
GetVersion 0x0 0x6dd110f8 0x58e90 0x58290 0x2a2
InterlockedExchange 0x0 0x6dd110fc 0x58e94 0x58294 0x2ec
Sleep 0x0 0x6dd11100 0x58e98 0x58298 0x4b2
InterlockedCompareExchange 0x0 0x6dd11104 0x58e9c 0x5829c 0x2e9
RtlUnwind 0x0 0x6dd11108 0x58ea0 0x582a0 0x418
QueryPerformanceCounter 0x0 0x6dd1110c 0x58ea4 0x582a4 0x3a7
GetTickCount 0x0 0x6dd11110 0x58ea8 0x582a8 0x293
GetCurrentThreadId 0x0 0x6dd11114 0x58eac 0x582ac 0x1c5
GetCurrentProcessId 0x0 0x6dd11118 0x58eb0 0x582b0 0x1c1
GetSystemTimeAsFileTime 0x0 0x6dd1111c 0x58eb4 0x582b4 0x279
TerminateProcess 0x0 0x6dd11120 0x58eb8 0x582b8 0x4c0
GetCurrentProcess 0x0 0x6dd11124 0x58ebc 0x582bc 0x1c0
UnhandledExceptionFilter 0x0 0x6dd11128 0x58ec0 0x582c0 0x4d3
SetUnhandledExceptionFilter 0x0 0x6dd1112c 0x58ec4 0x582c4 0x4a5
GetLastError 0x0 0x6dd11130 0x58ec8 0x582c8 0x202
VerifyVersionInfoW 0x0 0x6dd11134 0x58ecc 0x582cc 0x4e8
VerSetConditionMask 0x0 0x6dd11138 0x58ed0 0x582d0 0x4e4
LoadLibraryW 0x0 0x6dd1113c 0x58ed4 0x582d4 0x33f
GetSystemDirectoryW 0x0 0x6dd11140 0x58ed8 0x582d8 0x270
CloseHandle 0x0 0x6dd11144 0x58edc 0x582dc 0x52
CompareFileTime 0x0 0x6dd11148 0x58ee0 0x582e0 0x60
GetFileTime 0x0 0x6dd1114c 0x58ee4 0x582e4 0x1f2
CreateFileW 0x0 0x6dd11150 0x58ee8 0x582e8 0x8f
FreeLibrary 0x0 0x6dd11154 0x58eec 0x582ec 0x162
LoadLibraryExW 0x0 0x6dd11158 0x58ef0 0x582f0 0x33e
SetErrorMode 0x0 0x6dd1115c 0x58ef4 0x582f4 0x458
WideCharToMultiByte 0x0 0x6dd11160 0x58ef8 0x582f8 0x511
MultiByteToWideChar 0x0 0x6dd11164 0x58efc 0x582fc 0x367
ole32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoCreateInstance 0x0 0x6dd1116c 0x58f04 0x58304 0x10
CoUninitialize 0x0 0x6dd11170 0x58f08 0x58308 0x6c
CoInitializeEx 0x0 0x6dd11174 0x58f0c 0x5830c 0x3f
GDI32.dll (56)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
EngGetCurrentCodePage 0x0 0x6dd1117c 0x58f14 0x58314 0x1d
EngFreeModule 0x0 0x6dd11180 0x58f18 0x58318 0x1c
EngCreateDeviceSurface 0x0 0x6dd11184 0x58f1c 0x5831c 0x11
EngCreateBitmap 0x0 0x6dd11188 0x58f20 0x58320 0xe
EngDeleteSurface 0x0 0x6dd1118c 0x58f24 0x58324 0x18
CLIPOBJ_ppoGetPath 0x0 0x6dd11190 0x58f28 0x58328 0x6
EngDeletePath 0x0 0x6dd11194 0x58f2c 0x5832c 0x16
PATHOBJ_vGetBounds 0x0 0x6dd11198 0x58f30 0x58330 0x43
XLATEOBJ_piVector 0x0 0x6dd1119c 0x58f34 0x58334 0x4e
STROBJ_bEnum 0x0 0x6dd111a0 0x58f38 0x58338 0x44
XLATEOBJ_iXlate 0x0 0x6dd111a4 0x58f3c 0x5833c 0x4d
EngStretchBltROP 0x0 0x6dd111a8 0x58f40 0x58340 0x2d
XLATEOBJ_cGetPalette 0x0 0x6dd111ac 0x58f44 0x58344 0x4b
EngUnicodeToMultiByteN 0x0 0x6dd111b0 0x58f48 0x58348 0x32
FONTOBJ_pvTrueTypeFontFile 0x0 0x6dd111b4 0x58f4c 0x5834c 0x3a
STROBJ_bGetAdvanceWidths 0x0 0x6dd111b8 0x58f50 0x58350 0x46
FONTOBJ_vGetInfo 0x0 0x6dd111bc 0x58f54 0x58354 0x3c
EngMultiByteToWideChar 0x0 0x6dd111c0 0x58f58 0x58358 0x26
EngFindResource 0x0 0x6dd111c4 0x58f5c 0x5835c 0x1b
EngLoadModule 0x0 0x6dd111c8 0x58f60 0x58360 0x22
FONTOBJ_pifi 0x0 0x6dd111cc 0x58f64 0x58364 0x39
FONTOBJ_pxoGetXform 0x0 0x6dd111d0 0x58f68 0x58368 0x3b
EngTextOut 0x0 0x6dd111d4 0x58f6c 0x5836c 0x30
STROBJ_vEnumStart 0x0 0x6dd111d8 0x58f70 0x58370 0x48
STROBJ_bEnumPositionsOnly 0x0 0x6dd111dc 0x58f74 0x58374 0x45
FONTOBJ_cGetGlyphs 0x0 0x6dd111e0 0x58f78 0x58378 0x36
CLIPOBJ_cEnumStart 0x0 0x6dd111e4 0x58f7c 0x5837c 0x5
CLIPOBJ_bEnum 0x0 0x6dd111e8 0x58f80 0x58380 0x4
XFORMOBJ_iGetXform 0x0 0x6dd111ec 0x58f84 0x58384 0x4a
BRUSHOBJ_ulGetBrushColor 0x0 0x6dd111f0 0x58f88 0x58388 0x3
BRUSHOBJ_pvGetRbrush 0x0 0x6dd111f4 0x58f8c 0x5838c 0x2
EngTransparentBlt 0x0 0x6dd111f8 0x58f90 0x58390 0x31
EngGradientFill 0x0 0x6dd111fc 0x58f94 0x58394 0x20
EngAlphaBlend 0x0 0x6dd11200 0x58f98 0x58398 0x8
EngLineTo 0x0 0x6dd11204 0x58f9c 0x5839c 0x21
EngStrokeAndFillPath 0x0 0x6dd11208 0x58fa0 0x583a0 0x2e
EngFillPath 0x0 0x6dd1120c 0x58fa4 0x583a4 0x1a
EngStrokePath 0x0 0x6dd11210 0x58fa8 0x583a8 0x2f
EngPaint 0x0 0x6dd11214 0x58fac 0x583ac 0x27
EngPlgBlt 0x0 0x6dd11218 0x58fb0 0x583b0 0x28
EngStretchBlt 0x0 0x6dd1121c 0x58fb4 0x583b4 0x2c
EngCopyBits 0x0 0x6dd11220 0x58fb8 0x583b8 0xd
EngEraseSurface 0x0 0x6dd11224 0x58fbc 0x583bc 0x19
EngBitBlt 0x0 0x6dd11228 0x58fc0 0x583c0 0xa
BRUSHOBJ_pvAllocRbrush 0x0 0x6dd1122c 0x58fc4 0x583c4 0x1
PATHOBJ_vEnumStart 0x0 0x6dd11230 0x58fc8 0x583c8 0x41
PATHOBJ_bEnum 0x0 0x6dd11234 0x58fcc 0x583cc 0x3f
XFORMOBJ_bApplyXform 0x0 0x6dd11238 0x58fd0 0x583d0 0x49
EngCreatePalette 0x0 0x6dd1123c 0x58fd4 0x583d4 0x12
HT_Get8BPPFormatPalette 0x0 0x6dd11240 0x58fd8 0x583d8 0x3d
HT_Get8BPPMaskPalette 0x0 0x6dd11244 0x58fdc 0x583dc 0x3e
EngAssociateSurface 0x0 0x6dd11248 0x58fe0 0x583e0 0x9
EngLockSurface 0x0 0x6dd1124c 0x58fe4 0x583e4 0x23
EngMarkBandingSurface 0x0 0x6dd11250 0x58fe8 0x583e8 0x24
EngUnlockSurface 0x0 0x6dd11254 0x58fec 0x583ec 0x33
EngDeletePalette 0x0 0x6dd11258 0x58ff0 0x583f0 0x15
Exports (4)
»
Api name EAT Address Ordinal
DllMain 0x1541 0x1
DrvDisableDriver 0x8f09 0x2
DrvEnableDriver 0x9a12 0x3
DrvQueryDriverInfo 0x99d5 0x4
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp Created File Unknown
Unknown
...
»
Mime Type application/vnd.ms-cab-compressed
File Size 8.00 MB
MD5 9ae575f6a34e8871a32c43471d9d13d8 Copy to Clipboard
SHA1 3e351eb6c1345f89a8b35df0422a393b69452ac9 Copy to Clipboard
SHA256 567e249593dfc9d38fe100ac65ab61354db4df1a2c0cf2c98f238f73b86fef05 Copy to Clipboard
SSDeep 196608:h850aYC5474KshSrnY0BLvpudECcInoaHbWt5:h85b54bsYnYIvcC8W3 Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Monitor\x86\drvinstaller32.exe Created File Binary
Unknown
...
»
Mime Type application/x-dosexec
File Size 145.02 KB
MD5 2dc45cbcce2a4d1eb1e28d1d51e53ad6 Copy to Clipboard
SHA1 d7a62a73bc27886ed524bc961392038f018c4150 Copy to Clipboard
SHA256 f5d93809fdc5912f82201ae5e1626085b5f798c2f4d7c9e5cca7dfacace69d33 Copy to Clipboard
SSDeep 1536:vTm/S/7UOlwFZxYEJTnp6EaGdBVBbM4nQmcpi7EBzSeOYzkOQvvJCoXTZBaCQtnW:8SzUOyxpfznQUokjun2Dr9CYQrLgB Copy to Clipboard
ImpHash 6990dbbe7c3099ae0f704b8ff1a07aae Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x41c518
Size Of Code 0x1b200
Size Of Initialized Data 0x6c00
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2016-08-06 23:31:32+00:00
Packer BobSoft Mini Delphi -> BoB / BobSoft
Version Information (3)
»
FileDescription Driver installer
ProductVersion 1.1.0.0
FileVersion 1.1.0.0
Sections (11)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x1ab44 0x1ac00 0x400 cnt_code, mem_execute, mem_read 6.39
.itext 0x41c000 0x538 0x600 0x1b000 cnt_code, mem_execute, mem_read 5.52
.data 0x41d000 0x16e8 0x1800 0x1b600 cnt_initialized_data, mem_read, mem_write 3.54
.bss 0x41f000 0x5824 0x0 0x0 mem_read, mem_write 0.0
.idata 0x425000 0xbca 0xc00 0x1ce00 cnt_initialized_data, mem_read, mem_write 4.83
.didata 0x426000 0x1c8 0x200 0x1da00 cnt_initialized_data, mem_read, mem_write 3.02
.edata 0x427000 0x75 0x200 0x1dc00 cnt_initialized_data, mem_read 1.32
.tls 0x428000 0xc 0x0 0x0 mem_read, mem_write 0.0
.rdata 0x429000 0x5d 0x200 0x1de00 cnt_initialized_data, mem_read 1.39
.reloc 0x42a000 0x2738 0x2800 0x1e000 cnt_initialized_data, mem_discardable, mem_read 6.48
.rsrc 0x42d000 0x1a00 0x1a00 0x20800 cnt_initialized_data, mem_read 4.25
Imports (10)
»
oleaut32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x425298 0x250dc 0x1cedc 0x0
SysReAllocStringLen 0x0 0x42529c 0x250e0 0x1cee0 0x0
SysAllocStringLen 0x0 0x4252a0 0x250e4 0x1cee4 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExW 0x0 0x4252a8 0x250ec 0x1ceec 0x0
RegOpenKeyExW 0x0 0x4252ac 0x250f0 0x1cef0 0x0
RegCloseKey 0x0 0x4252b0 0x250f4 0x1cef4 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CharNextW 0x0 0x4252b8 0x250fc 0x1cefc 0x0
LoadStringW 0x0 0x4252bc 0x25100 0x1cf00 0x0
kernel32.dll (40)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Sleep 0x0 0x4252c4 0x25108 0x1cf08 0x0
VirtualFree 0x0 0x4252c8 0x2510c 0x1cf0c 0x0
VirtualAlloc 0x0 0x4252cc 0x25110 0x1cf10 0x0
lstrlenW 0x0 0x4252d0 0x25114 0x1cf14 0x0
VirtualQuery 0x0 0x4252d4 0x25118 0x1cf18 0x0
GetTickCount 0x0 0x4252d8 0x2511c 0x1cf1c 0x0
GetSystemInfo 0x0 0x4252dc 0x25120 0x1cf20 0x0
GetVersion 0x0 0x4252e0 0x25124 0x1cf24 0x0
CompareStringW 0x0 0x4252e4 0x25128 0x1cf28 0x0
IsValidLocale 0x0 0x4252e8 0x2512c 0x1cf2c 0x0
SetThreadLocale 0x0 0x4252ec 0x25130 0x1cf30 0x0
GetSystemDefaultUILanguage 0x0 0x4252f0 0x25134 0x1cf34 0x0
GetUserDefaultUILanguage 0x0 0x4252f4 0x25138 0x1cf38 0x0
GetLocaleInfoW 0x0 0x4252f8 0x2513c 0x1cf3c 0x0
WideCharToMultiByte 0x0 0x4252fc 0x25140 0x1cf40 0x0
MultiByteToWideChar 0x0 0x425300 0x25144 0x1cf44 0x0
GetACP 0x0 0x425304 0x25148 0x1cf48 0x0
LoadLibraryExW 0x0 0x425308 0x2514c 0x1cf4c 0x0
GetStartupInfoW 0x0 0x42530c 0x25150 0x1cf50 0x0
GetProcAddress 0x0 0x425310 0x25154 0x1cf54 0x0
GetModuleHandleW 0x0 0x425314 0x25158 0x1cf58 0x0
GetModuleFileNameW 0x0 0x425318 0x2515c 0x1cf5c 0x0
GetCommandLineW 0x0 0x42531c 0x25160 0x1cf60 0x0
FreeLibrary 0x0 0x425320 0x25164 0x1cf64 0x0
GetLastError 0x0 0x425324 0x25168 0x1cf68 0x0
UnhandledExceptionFilter 0x0 0x425328 0x2516c 0x1cf6c 0x0
RtlUnwind 0x0 0x42532c 0x25170 0x1cf70 0x0
RaiseException 0x0 0x425330 0x25174 0x1cf74 0x0
ExitProcess 0x0 0x425334 0x25178 0x1cf78 0x0
SwitchToThread 0x0 0x425338 0x2517c 0x1cf7c 0x0
GetCurrentThreadId 0x0 0x42533c 0x25180 0x1cf80 0x0
DeleteCriticalSection 0x0 0x425340 0x25184 0x1cf84 0x0
LeaveCriticalSection 0x0 0x425344 0x25188 0x1cf88 0x0
EnterCriticalSection 0x0 0x425348 0x2518c 0x1cf8c 0x0
InitializeCriticalSection 0x0 0x42534c 0x25190 0x1cf90 0x0
FindFirstFileW 0x0 0x425350 0x25194 0x1cf94 0x0
FindClose 0x0 0x425354 0x25198 0x1cf98 0x0
WriteFile 0x0 0x425358 0x2519c 0x1cf9c 0x0
GetStdHandle 0x0 0x42535c 0x251a0 0x1cfa0 0x0
CloseHandle 0x0 0x425360 0x251a4 0x1cfa4 0x0
kernel32.dll (10)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetProcAddress 0x0 0x425368 0x251ac 0x1cfac 0x0
RaiseException 0x0 0x42536c 0x251b0 0x1cfb0 0x0
LoadLibraryA 0x0 0x425370 0x251b4 0x1cfb4 0x0
GetLastError 0x0 0x425374 0x251b8 0x1cfb8 0x0
TlsSetValue 0x0 0x425378 0x251bc 0x1cfbc 0x0
TlsGetValue 0x0 0x42537c 0x251c0 0x1cfc0 0x0
LocalFree 0x0 0x425380 0x251c4 0x1cfc4 0x0
LocalAlloc 0x0 0x425384 0x251c8 0x1cfc8 0x0
GetModuleHandleW 0x0 0x425388 0x251cc 0x1cfcc 0x0
FreeLibrary 0x0 0x42538c 0x251d0 0x1cfd0 0x0
user32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxW 0x0 0x425394 0x251d8 0x1cfd8 0x0
LoadStringW 0x0 0x425398 0x251dc 0x1cfdc 0x0
GetSystemMetrics 0x0 0x42539c 0x251e0 0x1cfe0 0x0
CharUpperBuffW 0x0 0x4253a0 0x251e4 0x1cfe4 0x0
CharUpperW 0x0 0x4253a4 0x251e8 0x1cfe8 0x0
CharLowerBuffW 0x0 0x4253a8 0x251ec 0x1cfec 0x0
version.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VerQueryValueW 0x0 0x4253b0 0x251f4 0x1cff4 0x0
GetFileVersionInfoSizeW 0x0 0x4253b4 0x251f8 0x1cff8 0x0
GetFileVersionInfoW 0x0 0x4253b8 0x251fc 0x1cffc 0x0
kernel32.dll (32)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x4253c0 0x25204 0x1d004 0x0
WideCharToMultiByte 0x0 0x4253c4 0x25208 0x1d008 0x0
WaitForSingleObject 0x0 0x4253c8 0x2520c 0x1d00c 0x0
VirtualQuery 0x0 0x4253cc 0x25210 0x1d010 0x0
VerSetConditionMask 0x0 0x4253d0 0x25214 0x1d014 0x0
VerifyVersionInfoW 0x0 0x4253d4 0x25218 0x1d018 0x0
SetEvent 0x0 0x4253d8 0x2521c 0x1d01c 0x0
ResetEvent 0x0 0x4253dc 0x25220 0x1d020 0x0
OutputDebugStringW 0x0 0x4253e0 0x25224 0x1d024 0x0
LoadLibraryW 0x0 0x4253e4 0x25228 0x1d028 0x0
IsValidLocale 0x0 0x4253e8 0x2522c 0x1d02c 0x0
GetVersionExW 0x0 0x4253ec 0x25230 0x1d030 0x0
GetThreadLocale 0x0 0x4253f0 0x25234 0x1d034 0x0
GetStdHandle 0x0 0x4253f4 0x25238 0x1d038 0x0
GetProcAddress 0x0 0x4253f8 0x2523c 0x1d03c 0x0
GetModuleHandleW 0x0 0x4253fc 0x25240 0x1d040 0x0
GetModuleFileNameW 0x0 0x425400 0x25244 0x1d044 0x0
GetLocaleInfoW 0x0 0x425404 0x25248 0x1d048 0x0
GetLocalTime 0x0 0x425408 0x2524c 0x1d04c 0x0
GetLastError 0x0 0x42540c 0x25250 0x1d050 0x0
GetFileAttributesW 0x0 0x425410 0x25254 0x1d054 0x0
GetDiskFreeSpaceW 0x0 0x425414 0x25258 0x1d058 0x0
GetCPInfo 0x0 0x425418 0x2525c 0x1d05c 0x0
FreeLibrary 0x0 0x42541c 0x25260 0x1d060 0x0
FindFirstFileW 0x0 0x425420 0x25264 0x1d064 0x0
FindClose 0x0 0x425424 0x25268 0x1d068 0x0
EnumSystemLocalesW 0x0 0x425428 0x2526c 0x1d06c 0x0
EnumCalendarInfoW 0x0 0x42542c 0x25270 0x1d070 0x0
CreateFileW 0x0 0x425430 0x25274 0x1d074 0x0
CreateEventW 0x0 0x425434 0x25278 0x1d078 0x0
CompareStringW 0x0 0x425438 0x2527c 0x1d07c 0x0
CloseHandle 0x0 0x42543c 0x25280 0x1d080 0x0
netapi32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NetWkstaGetInfo 0x0 0x425444 0x25288 0x1d088 0x0
DIFxAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DriverPackageUninstallW 0x0 0x42544c 0x25290 0x1d090 0x0
Exports (2)
»
Api name EAT Address Ordinal
__dbk_fcall_wrapper 0xb000 0x2
dbkFCallWrapperAddr 0x225a0 0x1
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aipackagechainer.exe Created File Binary
Unknown
...
»
Mime Type application/x-dosexec
File Size 274.00 KB
MD5 b4f05778c1e9bcf0bcbf0733fd6c763b Copy to Clipboard
SHA1 e0f0a2cf06ed43581fed238aba71eb8bad82cbea Copy to Clipboard
SHA256 1d6d2d7e16f333759348d331d69b0a5a7e135f4bb9d3615edc59e305341324ea Copy to Clipboard
SSDeep 6144:/y2Mm/e3Yq28Ra1TdbTLOfPZhK0IJKZJx/d:qLmmLR25bTKfPjWJ+P Copy to Clipboard
ImpHash 3774cb2cbed58a8a31482e75a7b1c6ab Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4170c9
Size Of Code 0x26400
Size Of Initialized Data 0x1e000
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2014-11-11 09:56:08+00:00
Version Information (8)
»
LegalCopyright Copyright (C) 2018 Adobe
InternalName aipackagechainer
FileVersion 12.0.1
CompanyName Adobe
ProductName Adobe Reader
ProductVersion 12.0.1
FileDescription This installer database contains the logic and data required to install Adobe Reader.
OriginalFileName aipackagechainer.exe
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x2627f 0x26400 0x400 cnt_code, mem_execute, mem_read 6.6
.rdata 0x428000 0xb60c 0xb800 0x26800 cnt_initialized_data, mem_read 4.5
.data 0x434000 0x3f7c 0x1e00 0x32000 cnt_initialized_data, mem_read, mem_write 3.83
.rsrc 0x438000 0xd3f8 0xd400 0x33e00 cnt_initialized_data, mem_read 5.19
.reloc 0x446000 0x34da 0x3600 0x41200 cnt_initialized_data, mem_discardable, mem_read 4.73
Imports (7)
»
KERNEL32.dll (128)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
lstrlenW 0x0 0x428000 0x3254c 0x30d4c 0x54e
GetVersionExW 0x0 0x428004 0x32550 0x30d50 0x2a4
RaiseException 0x0 0x428008 0x32554 0x30d54 0x3b1
GetShortPathNameW 0x0 0x42800c 0x32558 0x30d58 0x261
SizeofResource 0x0 0x428010 0x3255c 0x30d5c 0x4b1
LockResource 0x0 0x428014 0x32560 0x30d60 0x354
LoadResource 0x0 0x428018 0x32564 0x30d64 0x341
FindResourceW 0x0 0x42801c 0x32568 0x30d68 0x14e
FindResourceExW 0x0 0x428020 0x3256c 0x30d6c 0x14d
CreateFileW 0x0 0x428024 0x32570 0x30d70 0x8f
WriteFile 0x0 0x428028 0x32574 0x30d74 0x525
GetLastError 0x0 0x42802c 0x32578 0x30d78 0x202
FindFirstFileW 0x0 0x428030 0x3257c 0x30d7c 0x139
SetCurrentDirectoryW 0x0 0x428034 0x32580 0x30d80 0x44d
GetModuleFileNameW 0x0 0x428038 0x32584 0x30d84 0x214
MultiByteToWideChar 0x0 0x42803c 0x32588 0x30d88 0x367
OpenMutexW 0x0 0x428040 0x3258c 0x30d8c 0x37d
WaitForSingleObject 0x0 0x428044 0x32590 0x30d90 0x4f9
FindClose 0x0 0x428048 0x32594 0x30d94 0x12e
CloseHandle 0x0 0x42804c 0x32598 0x30d98 0x52
FreeLibrary 0x0 0x428050 0x3259c 0x30d9c 0x162
lstrcmpiW 0x0 0x428054 0x325a0 0x30da0 0x545
LeaveCriticalSection 0x0 0x428058 0x325a4 0x30da4 0x339
EnterCriticalSection 0x0 0x42805c 0x325a8 0x30da8 0xee
LoadLibraryExW 0x0 0x428060 0x325ac 0x30dac 0x33e
GetModuleHandleW 0x0 0x428064 0x325b0 0x30db0 0x218
InitializeCriticalSection 0x0 0x428068 0x325b4 0x30db4 0x2e2
DeleteCriticalSection 0x0 0x42806c 0x325b8 0x30db8 0xd1
InterlockedDecrement 0x0 0x428070 0x325bc 0x30dbc 0x2eb
InterlockedIncrement 0x0 0x428074 0x325c0 0x30dc0 0x2ef
GetCurrentThreadId 0x0 0x428078 0x325c4 0x30dc4 0x1c5
DeleteFileW 0x0 0x42807c 0x325c8 0x30dc8 0xd6
WideCharToMultiByte 0x0 0x428080 0x325cc 0x30dcc 0x511
WriteConsoleW 0x0 0x428084 0x325d0 0x30dd0 0x524
GetConsoleOutputCP 0x0 0x428088 0x325d4 0x30dd4 0x1b0
WriteConsoleA 0x0 0x42808c 0x325d8 0x30dd8 0x51a
SetStdHandle 0x0 0x428090 0x325dc 0x30ddc 0x487
LCMapStringA 0x0 0x428094 0x325e0 0x30de0 0x32b
GetConsoleMode 0x0 0x428098 0x325e4 0x30de4 0x1ac
GetConsoleCP 0x0 0x42809c 0x325e8 0x30de8 0x19a
InitializeCriticalSectionAndSpinCount 0x0 0x4280a0 0x325ec 0x30dec 0x2e3
GetModuleHandleA 0x0 0x4280a4 0x325f0 0x30df0 0x215
RtlUnwind 0x0 0x4280a8 0x325f4 0x30df4 0x418
GetStringTypeA 0x0 0x4280ac 0x325f8 0x30df8 0x266
LCMapStringW 0x0 0x4280b0 0x325fc 0x30dfc 0x32d
IsValidCodePage 0x0 0x4280b4 0x32600 0x30e00 0x30a
GetOEMCP 0x0 0x4280b8 0x32604 0x30e04 0x237
LocalAlloc 0x0 0x4280bc 0x32608 0x30e08 0x344
LocalFree 0x0 0x4280c0 0x3260c 0x30e0c 0x348
GetProcAddress 0x0 0x4280c4 0x32610 0x30e10 0x245
InterlockedExchange 0x0 0x4280c8 0x32614 0x30e14 0x2ec
LoadLibraryA 0x0 0x4280cc 0x32618 0x30e18 0x33c
GetTempPathW 0x0 0x4280d0 0x3261c 0x30e1c 0x285
GetTempFileNameW 0x0 0x4280d4 0x32620 0x30e20 0x283
FindNextFileW 0x0 0x4280d8 0x32624 0x30e24 0x145
RemoveDirectoryW 0x0 0x4280dc 0x32628 0x30e28 0x403
SetLastError 0x0 0x4280e0 0x3262c 0x30e2c 0x473
CreateDirectoryW 0x0 0x4280e4 0x32630 0x30e30 0x81
GetLogicalDriveStringsW 0x0 0x4280e8 0x32634 0x30e34 0x208
GetDriveTypeW 0x0 0x4280ec 0x32638 0x30e38 0x1d3
GetFileSize 0x0 0x4280f0 0x3263c 0x30e3c 0x1f0
ReadFile 0x0 0x4280f4 0x32640 0x30e40 0x3c0
GetDiskFreeSpaceExW 0x0 0x4280f8 0x32644 0x30e44 0x1ce
GetEnvironmentVariableW 0x0 0x4280fc 0x32648 0x30e48 0x1dc
SetFilePointer 0x0 0x428100 0x3264c 0x30e4c 0x466
GetCurrentProcess 0x0 0x428104 0x32650 0x30e50 0x1c0
FlushInstructionCache 0x0 0x428108 0x32654 0x30e54 0x158
OutputDebugStringW 0x0 0x42810c 0x32658 0x30e58 0x38a
CreateThread 0x0 0x428110 0x3265c 0x30e5c 0xb5
GetCurrentProcessId 0x0 0x428114 0x32660 0x30e60 0x1c1
GetLocalTime 0x0 0x428118 0x32664 0x30e64 0x203
FlushFileBuffers 0x0 0x42811c 0x32668 0x30e68 0x157
lstrcpynW 0x0 0x428120 0x3266c 0x30e6c 0x54b
FormatMessageW 0x0 0x428124 0x32670 0x30e70 0x15e
LoadLibraryW 0x0 0x428128 0x32674 0x30e74 0x33f
GetSystemDefaultLangID 0x0 0x42812c 0x32678 0x30e78 0x26c
GetSystemDirectoryW 0x0 0x428130 0x3267c 0x30e7c 0x270
GetWindowsDirectoryW 0x0 0x428134 0x32680 0x30e80 0x2af
GetLocaleInfoW 0x0 0x428138 0x32684 0x30e84 0x206
CreateFileA 0x0 0x42813c 0x32688 0x30e88 0x88
GetSystemTime 0x0 0x428140 0x3268c 0x30e8c 0x277
CreateProcessW 0x0 0x428144 0x32690 0x30e90 0xa8
GetExitCodeProcess 0x0 0x428148 0x32694 0x30e94 0x1df
GetVersion 0x0 0x42814c 0x32698 0x30e98 0x2a2
CreateEventW 0x0 0x428150 0x3269c 0x30e9c 0x85
GetExitCodeThread 0x0 0x428154 0x326a0 0x30ea0 0x1e0
SetEvent 0x0 0x428158 0x326a4 0x30ea4 0x459
Sleep 0x0 0x42815c 0x326a8 0x30ea8 0x4b2
MoveFileW 0x0 0x428160 0x326ac 0x30eac 0x363
ResetEvent 0x0 0x428164 0x326b0 0x30eb0 0x40f
MulDiv 0x0 0x428168 0x326b4 0x30eb4 0x366
SearchPathW 0x0 0x42816c 0x326b8 0x30eb8 0x41d
GetStringTypeW 0x0 0x428170 0x326bc 0x30ebc 0x269
GetLocaleInfoA 0x0 0x428174 0x326c0 0x30ec0 0x204
GetStdHandle 0x0 0x428178 0x326c4 0x30ec4 0x264
HeapDestroy 0x0 0x42817c 0x326c8 0x30ec8 0x2ce
HeapAlloc 0x0 0x428180 0x326cc 0x30ecc 0x2cb
HeapFree 0x0 0x428184 0x326d0 0x30ed0 0x2cf
HeapReAlloc 0x0 0x428188 0x326d4 0x30ed4 0x2d2
HeapSize 0x0 0x42818c 0x326d8 0x30ed8 0x2d4
GetProcessHeap 0x0 0x428190 0x326dc 0x30edc 0x24a
InterlockedCompareExchange 0x0 0x428194 0x326e0 0x30ee0 0x2e9
IsProcessorFeaturePresent 0x0 0x428198 0x326e4 0x30ee4 0x304
VirtualFree 0x0 0x42819c 0x326e8 0x30ee8 0x4ec
VirtualAlloc 0x0 0x4281a0 0x326ec 0x30eec 0x4e9
GetStartupInfoW 0x0 0x4281a4 0x326f0 0x30ef0 0x263
TerminateProcess 0x0 0x4281a8 0x326f4 0x30ef4 0x4c0
UnhandledExceptionFilter 0x0 0x4281ac 0x326f8 0x30ef8 0x4d3
SetUnhandledExceptionFilter 0x0 0x4281b0 0x326fc 0x30efc 0x4a5
IsDebuggerPresent 0x0 0x4281b4 0x32700 0x30f00 0x300
HeapCreate 0x0 0x4281b8 0x32704 0x30f04 0x2cd
GetModuleFileNameA 0x0 0x4281bc 0x32708 0x30f08 0x213
TlsGetValue 0x0 0x4281c0 0x3270c 0x30f0c 0x4c7
TlsAlloc 0x0 0x4281c4 0x32710 0x30f10 0x4c5
TlsSetValue 0x0 0x4281c8 0x32714 0x30f14 0x4c8
TlsFree 0x0 0x4281cc 0x32718 0x30f18 0x4c6
ExitProcess 0x0 0x4281d0 0x3271c 0x30f1c 0x119
FreeEnvironmentStringsW 0x0 0x4281d4 0x32720 0x30f20 0x161
GetEnvironmentStringsW 0x0 0x4281d8 0x32724 0x30f24 0x1da
GetCommandLineW 0x0 0x4281dc 0x32728 0x30f28 0x187
SetHandleCount 0x0 0x4281e0 0x3272c 0x30f2c 0x46f
GetFileType 0x0 0x4281e4 0x32730 0x30f30 0x1f3
GetStartupInfoA 0x0 0x4281e8 0x32734 0x30f34 0x262
QueryPerformanceCounter 0x0 0x4281ec 0x32738 0x30f38 0x3a7
GetTickCount 0x0 0x4281f0 0x3273c 0x30f3c 0x293
GetSystemTimeAsFileTime 0x0 0x4281f4 0x32740 0x30f40 0x279
GetCPInfo 0x0 0x4281f8 0x32744 0x30f44 0x172
GetACP 0x0 0x4281fc 0x32748 0x30f48 0x168
USER32.dll (46)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DefWindowProcW 0x0 0x428230 0x3277c 0x30f7c 0x9c
GetActiveWindow 0x0 0x428234 0x32780 0x30f80 0x100
PeekMessageW 0x0 0x428238 0x32784 0x30f84 0x233
TranslateMessage 0x0 0x42823c 0x32788 0x30f88 0x2fc
DispatchMessageW 0x0 0x428240 0x3278c 0x30f8c 0xaf
PostMessageW 0x0 0x428244 0x32790 0x30f90 0x236
IsWindow 0x0 0x428248 0x32794 0x30f94 0x1db
GetDlgItem 0x0 0x42824c 0x32798 0x30f98 0x127
SetWindowTextW 0x0 0x428250 0x3279c 0x30f9c 0x2cb
SetWindowPos 0x0 0x428254 0x327a0 0x30fa0 0x2c6
MapWindowPoints 0x0 0x428258 0x327a4 0x30fa4 0x209
GetClientRect 0x0 0x42825c 0x327a8 0x30fa8 0x114
GetParent 0x0 0x428260 0x327ac 0x30fac 0x164
GetWindowRect 0x0 0x428264 0x327b0 0x30fb0 0x19c
GetMonitorInfoW 0x0 0x428268 0x327b4 0x30fb4 0x15f
MonitorFromWindow 0x0 0x42826c 0x327b8 0x30fb8 0x21a
GetWindowLongW 0x0 0x428270 0x327bc 0x30fbc 0x196
GetWindow 0x0 0x428274 0x327c0 0x30fc0 0x18e
ShowWindow 0x0 0x428278 0x327c4 0x30fc4 0x2df
EnableWindow 0x0 0x42827c 0x327c8 0x30fc8 0xd8
EndDialog 0x0 0x428280 0x327cc 0x30fcc 0xda
CreateDialogParamW 0x0 0x428284 0x327d0 0x30fd0 0x63
SendMessageW 0x0 0x428288 0x327d4 0x30fd4 0x27c
DialogBoxParamW 0x0 0x42828c 0x327d8 0x30fd8 0xac
GetSystemMetrics 0x0 0x428290 0x327dc 0x30fdc 0x17e
MsgWaitForMultipleObjects 0x0 0x428294 0x327e0 0x30fe0 0x21c
LoadStringW 0x0 0x428298 0x327e4 0x30fe4 0x1fa
LoadImageW 0x0 0x42829c 0x327e8 0x30fe8 0x1ef
GetForegroundWindow 0x0 0x4282a0 0x327ec 0x30fec 0x12d
MessageBoxW 0x0 0x4282a4 0x327f0 0x30ff0 0x215
SetForegroundWindow 0x0 0x4282a8 0x327f4 0x30ff4 0x293
GetWindowThreadProcessId 0x0 0x4282ac 0x327f8 0x30ff8 0x1a4
IsWindowVisible 0x0 0x4282b0 0x327fc 0x30ffc 0x1e0
CreateWindowExW 0x0 0x4282b4 0x32800 0x31000 0x6e
ExitWindowsEx 0x0 0x4282b8 0x32804 0x31004 0xf5
GetWindowTextLengthW 0x0 0x4282bc 0x32808 0x31008 0x1a2
GetWindowTextW 0x0 0x4282c0 0x3280c 0x3100c 0x1a3
MessageBeep 0x0 0x4282c4 0x32810 0x31010 0x20d
SetFocus 0x0 0x4282c8 0x32814 0x31014 0x292
RedrawWindow 0x0 0x4282cc 0x32818 0x31018 0x24a
InvalidateRect 0x0 0x4282d0 0x3281c 0x3101c 0x1be
FindWindowW 0x0 0x4282d4 0x32820 0x31020 0xfa
UnregisterClassA 0x0 0x4282d8 0x32824 0x31024 0x305
CharNextW 0x0 0x4282dc 0x32828 0x31028 0x31
DestroyWindow 0x0 0x4282e0 0x3282c 0x3102c 0xa6
SetWindowLongW 0x0 0x4282e4 0x32830 0x31030 0x2c4
SHELL32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetMalloc 0x0 0x42820c 0x32758 0x30f58 0xcf
ShellExecuteExW 0x0 0x428210 0x3275c 0x30f5c 0x121
ShellExecuteW 0x0 0x428214 0x32760 0x30f60 0x122
SHGetPathFromIDListW 0x0 0x428218 0x32764 0x30f64 0xd7
SHGetSpecialFolderLocation 0x0 0x42821c 0x32768 0x30f68 0xdf
ole32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoTaskMemAlloc 0x0 0x4282fc 0x32848 0x31048 0x67
CoTaskMemRealloc 0x0 0x428300 0x3284c 0x3104c 0x69
CoTaskMemFree 0x0 0x428304 0x32850 0x31050 0x68
CoUninitialize 0x0 0x428308 0x32854 0x31054 0x6c
CoCreateInstance 0x0 0x42830c 0x32858 0x31058 0x10
CoInitialize 0x0 0x428310 0x3285c 0x3105c 0x3e
OLEAUT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VarUI4FromStr 0x115 0x428204 0x32750 0x30f50 -
SHLWAPI.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathFileExistsW 0x0 0x428224 0x32770 0x30f70 0x45
PathIsDirectoryW 0x0 0x428228 0x32774 0x30f74 0x5b
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VerQueryValueW 0x0 0x4282ec 0x32838 0x31038 0xe
GetFileVersionInfoW 0x0 0x4282f0 0x3283c 0x3103c 0x6
GetFileVersionInfoSizeW 0x0 0x4282f4 0x32840 0x31040 0x5
Icons (1)
»
c:\system volume information\spp\metadata-2 Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 5.52 MB
MD5 4f7d527ec892e6f46b17a808d1e410e0 Copy to Clipboard
SHA1 95617678f95fdb3dc77dc53ecf7396148ee6ab13 Copy to Clipboard
SHA256 b02501a1b4d2a65e9b2e21d0260cdd9f0f1915a27e83732f0896db2608fcd946 Copy to Clipboard
SSDeep 12288:Osb/YEzT4G0ncLYHCau/Ox11+DWOQmg9fwIQ55LPnStrmEaff5qUO/jsl:9jgB11+mcfEUO78 Copy to Clipboard
C:\inst_fold\armgrd.bat Created File Text
Unknown
...
»
Mime Type text/plain
File Size 0.09 KB
MD5 d833294a72a08af29ecbd2e08ccbfa57 Copy to Clipboard
SHA1 5edafdc1de263f545e04bdc0a9b8252fb3de94c8 Copy to Clipboard
SHA256 c2acf0a62ecf18449fe1c503eec18371fae1c50727796bd223df764c190dfd93 Copy to Clipboard
SSDeep 3:7qlKjk/1JqWkcSqVXKV/lglkSizz:+2IJ7kcSq9KV/lglkSizz Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.sys Created File Binary
Unknown
...
»
Mime Type application/x-dosexec
File Size 13.48 KB
MD5 fa01dab3229ca22caaa15a245c488f6f Copy to Clipboard
SHA1 9b8aa9041529aa5c0b1f2fbc0ad73744d95b5ceb Copy to Clipboard
SHA256 e1363e7b917c96a03c74e6e7dfcc1e374b64ef86005e9f7d624cf77b785a85ba Copy to Clipboard
SSDeep 192:F6/uzfJZBlnYe+PjPJdZubhlCVuuImqAZscF8Bd1LchCt:42zB5nYPLXZgwgAZsHLcIt Copy to Clipboard
ImpHash a88e45e02fb5413987493e1d3c4a90d3 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x404000
Size Of Code 0xa00
Size Of Initialized Data 0x800
File Type executable
Subsystem native
Machine Type i386
Compile Timestamp 2017-03-27 13:03:26+00:00
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x464 0x600 0x400 cnt_code, mem_not_paged, mem_execute, mem_read 5.0
.rdata 0x402000 0x280 0x400 0xa00 cnt_initialized_data, mem_not_paged, mem_read 2.74
.data 0x403000 0x9 0x200 0xe00 cnt_initialized_data, mem_not_paged, mem_read, mem_write 0.16
INIT 0x404000 0x260 0x400 0x1000 cnt_code, mem_discardable, mem_execute, mem_read 3.68
.reloc 0x405000 0x7c 0x200 0x1400 cnt_initialized_data, mem_discardable, mem_read 1.72
Imports (1)
»
ntoskrnl.exe (20)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RtlInitUnicodeString 0x0 0x402000 0x4058 0x1058 0x7c5
RtlFreeUnicodeString 0x0 0x402004 0x405c 0x105c 0x795
DbgPrintEx 0x0 0x402008 0x4060 0x1060 0x58
KeInitializeEvent 0x0 0x40200c 0x4064 0x1064 0x40c
KeSetEvent 0x0 0x402010 0x4068 0x1068 0x48a
KeDelayExecutionThread 0x0 0x402014 0x406c 0x106c 0x3db
KeWaitForSingleObject 0x0 0x402018 0x4070 0x1070 0x4b3
PsCreateSystemThread 0x0 0x40201c 0x4074 0x1074 0x650
IoAttachDeviceToDeviceStack 0x0 0x402020 0x4078 0x1078 0x272
IofCallDriver 0x0 0x402024 0x407c 0x107c 0x39b
IofCompleteRequest 0x0 0x402028 0x4080 0x1080 0x39c
IoCreateDevice 0x0 0x40202c 0x4084 0x1084 0x291
IoDeleteDevice 0x0 0x402030 0x4088 0x1088 0x2a9
IoDeleteSymbolicLink 0x0 0x402034 0x408c 0x108c 0x2ab
IoDetachDevice 0x0 0x402038 0x4090 0x1090 0x2ac
IoRegisterDeviceInterface 0x0 0x40203c 0x4094 0x1094 0x320
IoSetDeviceInterfaceState 0x0 0x402040 0x4098 0x1098 0x346
PoRequestPowerIrp 0x0 0x402044 0x409c 0x109c 0x62e
ZwClose 0x0 0x402048 0x40a0 0x10a0 0x980
MmIsAddressValid 0x0 0x40204c 0x40a4 0x10a4 0x512
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2011-04-15 19:45:33+00:00
Valid Until 2021-04-15 19:55:33+00:00
Algorithm sha1_rsa
Serial Number 61 20 4D B4 00 00 00 00 00 27
Thumbprint 2F 25 13 AF 39 92 DB 0A 3F 79 70 9F F8 14 3B 3F 7B D2 D1 43
C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp Created File Unknown
Unknown
...
»
Mime Type application/vnd.ms-cab-compressed
File Size 4.10 MB
MD5 cab49c9a9a736317337fe877343483d6 Copy to Clipboard
SHA1 c2afc29ced8833786c7b8147dfd5caded1b566b3 Copy to Clipboard
SHA256 9f726f48895110cee07f50e7cb5e85fed787c579c8a77f772b086bcc0fc0ca94 Copy to Clipboard
SSDeep 98304:y1O3TwuO8UCzOnLbVNQrP93EblVidAaakfIbv:y1GUmUVcPyld6Ibv Copy to Clipboard
C:\inst_fold\armstart.exe Created File Binary
Unknown
...
»
Mime Type application/x-dosexec
File Size 10.00 MB
MD5 38513031ebf24a4f9961513b0e088e4a Copy to Clipboard
SHA1 04b813c1dbd1321dc24f52867c73dfcaf37db7d6 Copy to Clipboard
SHA256 a00f943d7883bf34102ebf764250dd36c036eb9fc6b606e84513ac1a1a5a571d Copy to Clipboard
SSDeep 196608:B9dkmSzs6GGrkjQBpsBkpCJ8PlUPRuqMpudfoWtz4:B9dkJsyrkupvp2udiq Copy to Clipboard
ImpHash c769210c368165fcb9c03d3f832f55eb Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4121cf
Size Of Code 0x11800
Size Of Initialized Data 0x12400
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2011-04-28 11:38:20+00:00
Packer Armadillo v1.71
Version Information (9)
»
LegalCopyright Copyright © 2017 Remote Utilities LLC. All rights reserved.
InternalName -
FileVersion 6.8
CompanyName Remote Utilities LLC
FileDescription Remote Utilities
ProductName Remote Utilities
ProductVersion 6.8
PrivateBuild -
OriginalFilename Remote Utilities
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x11713 0x11800 0x200 cnt_code, mem_execute, mem_read 6.61
.rdata 0x413000 0x30ee 0x3200 0x11a00 cnt_initialized_data, mem_read 5.54
.data 0x417000 0x292c 0x800 0x14c00 cnt_initialized_data, mem_read, mem_write 3.64
.rsrc 0x41a000 0xf000 0xea00 0x15400 cnt_initialized_data, mem_read 7.04
Imports (8)
»
COMCTL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x11 0x413000 0x15168 0x13b68 -
SHELL32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetSpecialFolderPathW 0x0 0x413218 0x15380 0x13d80 0xe1
ShellExecuteExW 0x0 0x41321c 0x15384 0x13d84 0x121
SHGetMalloc 0x0 0x413220 0x15388 0x13d88 0xcf
SHGetPathFromIDListW 0x0 0x413224 0x1538c 0x13d8c 0xd7
SHBrowseForFolderW 0x0 0x413228 0x15390 0x13d90 0x7b
SHGetFileInfoW 0x0 0x41322c 0x15394 0x13d94 0xbd
ShellExecuteW 0x0 0x413230 0x15398 0x13d98 0x122
GDI32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateFontIndirectW 0x0 0x413008 0x15170 0x13b70 0x40
DeleteObject 0x0 0x41300c 0x15174 0x13b74 0xe6
GetDeviceCaps 0x0 0x413010 0x15178 0x13b78 0x1cb
GetObjectW 0x0 0x413014 0x1517c 0x13b7c 0x1fd
CreateCompatibleDC 0x0 0x413018 0x15180 0x13b80 0x30
SelectObject 0x0 0x41301c 0x15184 0x13b84 0x277
CreateCompatibleBitmap 0x0 0x413020 0x15188 0x13b88 0x2f
SetStretchBltMode 0x0 0x413024 0x1518c 0x13b8c 0x2a2
DeleteDC 0x0 0x413028 0x15190 0x13b90 0xe3
GetCurrentObject 0x0 0x41302c 0x15194 0x13b94 0x1c4
StretchBlt 0x0 0x413030 0x15198 0x13b98 0x2b3
USER32.dll (50)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetWindowRect 0x0 0x413238 0x153a0 0x13da0 0x19c
ScreenToClient 0x0 0x41323c 0x153a4 0x13da4 0x26d
CreateWindowExW 0x0 0x413240 0x153a8 0x13da8 0x6e
GetWindowTextW 0x0 0x413244 0x153ac 0x13dac 0x1a3
GetMessageW 0x0 0x413248 0x153b0 0x13db0 0x15d
GetParent 0x0 0x41324c 0x153b4 0x13db4 0x164
KillTimer 0x0 0x413250 0x153b8 0x13db8 0x1e3
DestroyWindow 0x0 0x413254 0x153bc 0x13dbc 0xa6
CharUpperW 0x0 0x413258 0x153c0 0x13dc0 0x3c
EndDialog 0x0 0x41325c 0x153c4 0x13dc4 0xda
SendMessageW 0x0 0x413260 0x153c8 0x13dc8 0x27c
wsprintfW 0x0 0x413264 0x153cc 0x13dcc 0x333
CopyImage 0x0 0x413268 0x153d0 0x13dd0 0x54
ReleaseDC 0x0 0x41326c 0x153d4 0x13dd4 0x265
GetWindowDC 0x0 0x413270 0x153d8 0x13dd8 0x192
SetWindowPos 0x0 0x413274 0x153dc 0x13ddc 0x2c6
GetMenu 0x0 0x413278 0x153e0 0x13de0 0x14b
GetWindowLongW 0x0 0x41327c 0x153e4 0x13de4 0x196
DispatchMessageW 0x0 0x413280 0x153e8 0x13de8 0xaf
GetWindowTextLengthW 0x0 0x413284 0x153ec 0x13dec 0x1a2
GetSysColor 0x0 0x413288 0x153f0 0x13df0 0x17b
SetWindowTextW 0x0 0x41328c 0x153f4 0x13df4 0x2cb
MessageBoxA 0x0 0x413290 0x153f8 0x13df8 0x20e
wsprintfA 0x0 0x413294 0x153fc 0x13dfc 0x332
GetKeyState 0x0 0x413298 0x15400 0x13e00 0x13d
GetDlgItem 0x0 0x41329c 0x15404 0x13e04 0x127
GetClientRect 0x0 0x4132a0 0x15408 0x13e08 0x114
GetSystemMetrics 0x0 0x4132a4 0x1540c 0x13e0c 0x17e
SetWindowLongW 0x0 0x4132a8 0x15410 0x13e10 0x2c4
SetFocus 0x0 0x4132ac 0x15414 0x13e14 0x292
SystemParametersInfoW 0x0 0x4132b0 0x15418 0x13e18 0x2ec
ShowWindow 0x0 0x4132b4 0x1541c 0x13e1c 0x2df
DrawTextW 0x0 0x4132b8 0x15420 0x13e20 0xd0
GetDC 0x0 0x4132bc 0x15424 0x13e24 0x121
ClientToScreen 0x0 0x4132c0 0x15428 0x13e28 0x47
GetWindow 0x0 0x4132c4 0x1542c 0x13e2c 0x18e
DialogBoxIndirectParamW 0x0 0x4132c8 0x15430 0x13e30 0xaa
DrawIconEx 0x0 0x4132cc 0x15434 0x13e34 0xc8
CallWindowProcW 0x0 0x4132d0 0x15438 0x13e38 0x1e
DefWindowProcW 0x0 0x4132d4 0x1543c 0x13e3c 0x9c
IsWindow 0x0 0x4132d8 0x15440 0x13e40 0x1db
wvsprintfW 0x0 0x4132dc 0x15444 0x13e44 0x335
LoadImageW 0x0 0x4132e0 0x15448 0x13e48 0x1ef
LoadIconW 0x0 0x4132e4 0x1544c 0x13e4c 0x1ed
MessageBeep 0x0 0x4132e8 0x15450 0x13e50 0x20d
EnableWindow 0x0 0x4132ec 0x15454 0x13e54 0xd8
EnableMenuItem 0x0 0x4132f0 0x15458 0x13e58 0xd6
GetSystemMenu 0x0 0x4132f4 0x1545c 0x13e5c 0x17d
GetClassNameA 0x0 0x4132f8 0x15460 0x13e60 0x111
SetTimer 0x0 0x4132fc 0x15464 0x13e64 0x2bb
ole32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateStreamOnHGlobal 0x0 0x413304 0x1546c 0x13e6c 0x86
CoCreateInstance 0x0 0x413308 0x15470 0x13e70 0x10
CoInitialize 0x0 0x41330c 0x15474 0x13e74 0x3e
OLEAUT32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysAllocString 0x2 0x413208 0x15370 0x13d70 -
VariantClear 0x9 0x41320c 0x15374 0x13d74 -
OleLoadPicture 0x1a2 0x413210 0x15378 0x13d78 -
KERNEL32.dll (82)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetEndOfFile 0x0 0x413038 0x151a0 0x13ba0 0x453
EnterCriticalSection 0x0 0x41303c 0x151a4 0x13ba4 0xee
LeaveCriticalSection 0x0 0x413040 0x151a8 0x13ba8 0x339
WaitForMultipleObjects 0x0 0x413044 0x151ac 0x13bac 0x4f7
DeleteCriticalSection 0x0 0x413048 0x151b0 0x13bb0 0xd1
GetModuleHandleA 0x0 0x41304c 0x151b4 0x13bb4 0x215
SetFileTime 0x0 0x413050 0x151b8 0x13bb8 0x46a
ReadFile 0x0 0x413054 0x151bc 0x13bbc 0x3c0
SetFilePointer 0x0 0x413058 0x151c0 0x13bc0 0x466
GetFileSize 0x0 0x41305c 0x151c4 0x13bc4 0x1f0
GetSystemDirectoryW 0x0 0x413060 0x151c8 0x13bc8 0x270
FormatMessageW 0x0 0x413064 0x151cc 0x13bcc 0x15e
lstrcpyW 0x0 0x413068 0x151d0 0x13bd0 0x548
LocalFree 0x0 0x41306c 0x151d4 0x13bd4 0x348
IsBadReadPtr 0x0 0x413070 0x151d8 0x13bd8 0x2f7
SuspendThread 0x0 0x413074 0x151dc 0x13bdc 0x4ba
ResumeThread 0x0 0x413078 0x151e0 0x13be0 0x413
TerminateThread 0x0 0x41307c 0x151e4 0x13be4 0x4c1
InitializeCriticalSection 0x0 0x413080 0x151e8 0x13be8 0x2e2
ResetEvent 0x0 0x413084 0x151ec 0x13bec 0x40f
SetEvent 0x0 0x413088 0x151f0 0x13bf0 0x459
CreateEventW 0x0 0x41308c 0x151f4 0x13bf4 0x85
GetVersionExW 0x0 0x413090 0x151f8 0x13bf8 0x2a4
GetCommandLineW 0x0 0x413094 0x151fc 0x13bfc 0x187
GetModuleFileNameW 0x0 0x413098 0x15200 0x13c00 0x214
SetCurrentDirectoryW 0x0 0x41309c 0x15204 0x13c04 0x44d
GetDriveTypeW 0x0 0x4130a0 0x15208 0x13c08 0x1d3
CreateFileW 0x0 0x4130a4 0x1520c 0x13c0c 0x8f
CloseHandle 0x0 0x4130a8 0x15210 0x13c10 0x52
SetEnvironmentVariableW 0x0 0x4130ac 0x15214 0x13c14 0x457
GetTempPathW 0x0 0x4130b0 0x15218 0x13c18 0x285
lstrlenW 0x0 0x4130b4 0x1521c 0x13c1c 0x54e
GetSystemTimeAsFileTime 0x0 0x4130b8 0x15220 0x13c20 0x279
CompareFileTime 0x0 0x4130bc 0x15224 0x13c24 0x60
SetThreadLocale 0x0 0x4130c0 0x15228 0x13c28 0x497
FindFirstFileW 0x0 0x4130c4 0x1522c 0x13c2c 0x139
DeleteFileW 0x0 0x4130c8 0x15230 0x13c30 0xd6
FindNextFileW 0x0 0x4130cc 0x15234 0x13c34 0x145
FindClose 0x0 0x4130d0 0x15238 0x13c38 0x12e
RemoveDirectoryW 0x0 0x4130d4 0x1523c 0x13c3c 0x403
ExpandEnvironmentStringsW 0x0 0x4130d8 0x15240 0x13c40 0x11d
WideCharToMultiByte 0x0 0x4130dc 0x15244 0x13c44 0x511
VirtualAlloc 0x0 0x4130e0 0x15248 0x13c48 0x4e9
GlobalMemoryStatusEx 0x0 0x4130e4 0x1524c 0x13c4c 0x2c0
lstrcmpW 0x0 0x4130e8 0x15250 0x13c50 0x542
GetEnvironmentVariableW 0x0 0x4130ec 0x15254 0x13c54 0x1dc
lstrcmpiW 0x0 0x4130f0 0x15258 0x13c58 0x545
lstrlenA 0x0 0x4130f4 0x1525c 0x13c5c 0x54d
GetLocaleInfoW 0x0 0x4130f8 0x15260 0x13c60 0x206
MultiByteToWideChar 0x0 0x4130fc 0x15264 0x13c64 0x367
GetUserDefaultUILanguage 0x0 0x413100 0x15268 0x13c68 0x29e
GetSystemDefaultUILanguage 0x0 0x413104 0x1526c 0x13c6c 0x26e
GetSystemDefaultLCID 0x0 0x413108 0x15270 0x13c70 0x26b
lstrcmpiA 0x0 0x41310c 0x15274 0x13c74 0x544
GlobalAlloc 0x0 0x413110 0x15278 0x13c78 0x2b3
GlobalFree 0x0 0x413114 0x1527c 0x13c7c 0x2ba
MulDiv 0x0 0x413118 0x15280 0x13c80 0x366
FindResourceExA 0x0 0x41311c 0x15284 0x13c84 0x14c
SizeofResource 0x0 0x413120 0x15288 0x13c88 0x4b1
LoadResource 0x0 0x413124 0x1528c 0x13c8c 0x341
LockResource 0x0 0x413128 0x15290 0x13c90 0x354
LoadLibraryA 0x0 0x41312c 0x15294 0x13c94 0x33c
GetProcAddress 0x0 0x413130 0x15298 0x13c98 0x245
GetModuleHandleW 0x0 0x413134 0x1529c 0x13c9c 0x218
VirtualFree 0x0 0x413138 0x152a0 0x13ca0 0x4ec
GetStdHandle 0x0 0x41313c 0x152a4 0x13ca4 0x264
ExitProcess 0x0 0x413140 0x152a8 0x13ca8 0x119
lstrcatW 0x0 0x413144 0x152ac 0x13cac 0x53f
GetDiskFreeSpaceExW 0x0 0x413148 0x152b0 0x13cb0 0x1ce
SetFileAttributesW 0x0 0x41314c 0x152b4 0x13cb4 0x461
SetLastError 0x0 0x413150 0x152b8 0x13cb8 0x473
Sleep 0x0 0x413154 0x152bc 0x13cbc 0x4b2
GetExitCodeThread 0x0 0x413158 0x152c0 0x13cc0 0x1e0
WaitForSingleObject 0x0 0x41315c 0x152c4 0x13cc4 0x4f9
CreateThread 0x0 0x413160 0x152c8 0x13cc8 0xb5
GetLastError 0x0 0x413164 0x152cc 0x13ccc 0x202
SystemTimeToFileTime 0x0 0x413168 0x152d0 0x13cd0 0x4bd
GetLocalTime 0x0 0x41316c 0x152d4 0x13cd4 0x203
GetFileAttributesW 0x0 0x413170 0x152d8 0x13cd8 0x1ea
CreateDirectoryW 0x0 0x413174 0x152dc 0x13cdc 0x81
WriteFile 0x0 0x413178 0x152e0 0x13ce0 0x525
GetStartupInfoA 0x0 0x41317c 0x152e4 0x13ce4 0x262
MSVCRT.dll (32)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
??2@YAPAXI@Z 0x0 0x413184 0x152ec 0x13cec 0xf
_purecall 0x0 0x413188 0x152f0 0x13cf0 0x192
memcmp 0x0 0x41318c 0x152f4 0x13cf4 0x296
free 0x0 0x413190 0x152f8 0x13cf8 0x25e
memcpy 0x0 0x413194 0x152fc 0x13cfc 0x297
_controlfp 0x0 0x413198 0x15300 0x13d00 0xb7
_except_handler3 0x0 0x41319c 0x15304 0x13d04 0xca
__set_app_type 0x0 0x4131a0 0x15308 0x13d08 0x81
__p__fmode 0x0 0x4131a4 0x1530c 0x13d0c 0x6f
__p__commode 0x0 0x4131a8 0x15310 0x13d10 0x6a
_adjust_fdiv 0x0 0x4131ac 0x15314 0x13d14 0x9d
__setusermatherr 0x0 0x4131b0 0x15318 0x13d18 0x83
_initterm 0x0 0x4131b4 0x1531c 0x13d1c 0x10f
__getmainargs 0x0 0x4131b8 0x15320 0x13d20 0x58
_acmdln 0x0 0x4131bc 0x15324 0x13d24 0x8f
exit 0x0 0x4131c0 0x15328 0x13d28 0x249
_XcptFilter 0x0 0x4131c4 0x1532c 0x13d2c 0x48
_exit 0x0 0x4131c8 0x15330 0x13d30 0xd3
??1type_info@@UAE@XZ 0x0 0x4131cc 0x15334 0x13d34 0xe
_onexit 0x0 0x4131d0 0x15338 0x13d38 0x186
__dllonexit 0x0 0x4131d4 0x1533c 0x13d3c 0x55
_CxxThrowException 0x0 0x4131d8 0x15340 0x13d40 0x41
_beginthreadex 0x0 0x4131dc 0x15344 0x13d44 0xa6
_EH_prolog 0x0 0x4131e0 0x15348 0x13d48 0x42
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z 0x0 0x4131e4 0x1534c 0x13d4c 0x25
memset 0x0 0x4131e8 0x15350 0x13d50 0x299
_wcsnicmp 0x0 0x4131ec 0x15354 0x13d54 0x1ee
strncmp 0x0 0x4131f0 0x15358 0x13d58 0x2c0
malloc 0x0 0x4131f4 0x1535c 0x13d5c 0x291
memmove 0x0 0x4131f8 0x15360 0x13d60 0x298
_wtol 0x0 0x4131fc 0x15364 0x13d64 0x22e
??3@YAXPAX@Z 0x0 0x413200 0x15368 0x13d68 0x10
Icons (1)
»
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\installing.jpg Created File Image
Not Queried
...
»
Mime Type image/jpeg
File Size 1.75 KB
MD5 a98e2f7d5dc055ad4b4b6d92126d9190 Copy to Clipboard
SHA1 c2db85dcf7bf991e8bba0d39f952748dc98d41d6 Copy to Clipboard
SHA256 65751616edb29437b01cd352b8651835ca585942a78adaac589f9f8c16039470 Copy to Clipboard
SSDeep 24:jjJdY5R9YB5j/vo9s5RVkB6+ANYPV/RBcmSSntyT7tlA+YkXHHWYC/ZxWtXPFU1/:HJZjYEVkM+mYNRSmdncq90nUxWtXP200 Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Printer\x86\unires_vpd.dll Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 753.02 KB
MD5 d9da1c64400ac31989dcb7f37a1c0994 Copy to Clipboard
SHA1 6357f03b367dfc75575da5e8092fe7da28703c4b Copy to Clipboard
SHA256 42153140f3cb25ed59444703e1ebd004dee97209fc9ac91ae4823290bcc86ce1 Copy to Clipboard
SSDeep 12288:SkoGBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinL5+:2GBEGbL4Np84TQazCSiR5+ Copy to Clipboard
PE Information
»
Image Base 0x400000
Size Of Initialized Data 0xba000
File Type dll
Subsystem windows_cui
Machine Type i386
Compile Timestamp 2010-11-20 12:03:03+00:00
Version Information (8)
»
LegalCopyright © Microsoft Corporation. All rights reserved.
InternalName UNIRES.DLL
FileVersion 6.1.7601.17514 (win7sp1_rtm.101119-1850)
CompanyName Microsoft Corporation
ProductName Microsoft® Windows® Operating System
ProductVersion 6.1.7601.17514
FileDescription DLL الخاصة بموارد برنامج تشغيل الطابعة Unidrv
OriginalFilename UNIRES.DLL
Sections (1)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.rsrc 0x401000 0xba000 0xba000 0x200 cnt_initialized_data, mem_read 5.6
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\New Created File Image
Not Queried
...
»
Mime Type image/x-icon
File Size 0.31 KB
MD5 c23cbf002d82192481b61ed7ec0890f4 Copy to Clipboard
SHA1 dd373901c73760ca36907ff04691f5504ff00abe Copy to Clipboard
SHA256 4f92e804a11453382ebff7fb0958879bae88fe3366306911dec9d811cd306eed Copy to Clipboard
SSDeep 3:PFErXllvlNl/AXll/lFl/Ft/HtAiotuZt/nZllBe+llBe+llBe+llBe+llBe+lll:k9ij1BjjjjjTtXGuwtOZBl Copy to Clipboard
C:\inst_fold\arm.7z Created File Unknown
Not Queried
...
»
Mime Type application/x-7z-compressed
File Size 10.00 MB
MD5 7874c4ad19fbed665ed3e6b8d90a009c Copy to Clipboard
SHA1 bffa277a7329622d9fdd95e7c2fc2acaae788cc7 Copy to Clipboard
SHA256 82db7c2be6139244569f2b0661c3960c8dcfaf00280ac4f98d07a5dbf798c6b5 Copy to Clipboard
SSDeep 196608:4jzRE/T/wS/db6xrQf7MPif9Bhf1W2vDpjsA+xwYCCxOhR9CBAaz5jC4k6CW0O:iY/5J6xriMPilv1W2vDpqxKCxiR91qka Copy to Clipboard
C:\inst_fold\armforce.exe Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 1.89 MB
MD5 9245b8ec3d40d640e5cf5183f49ce2f6 Copy to Clipboard
SHA1 958bd732f9650abfee5861141b7cfafd8ff72717 Copy to Clipboard
SHA256 9d40cee14ba2375d57bc18d8492368483b28f7639d742523f797857990196ffd Copy to Clipboard
SSDeep 24576:Iu5PPVfiM+HMHy4p7k8HOEDh+uQ5E3h36M:Iu53Vfkoy4p7kA Copy to Clipboard
ImpHash e8dfc5ac7de7059a69d3ffe63e56852c Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4012e0
Size Of Code 0x9f000
Size Of Initialized Data 0xe4600
Size Of Uninitialized Data 0xc00
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2018-01-31 11:41:37+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x9ee2c 0x9f000 0x400 cnt_code, cnt_initialized_data, align_1bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_execute, mem_read 6.29
.data 0x4a0000 0x1ac8 0x1c00 0x9f400 cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write 0.25
.rdata 0x4a2000 0xa264 0xa400 0xa1000 cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read 5.47
.eh_fram 0x4ad000 0x38538 0x38600 0xab400 cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read 4.79
.bss 0x4e6000 0xb80 0x0 0x0 cnt_uninitialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write 0.0
.idata 0x4e7000 0xb9c 0xc00 0xe3a00 cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write 4.98
.CRT 0x4e8000 0x18 0x200 0xe4600 cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write 0.11
.tls 0x4e9000 0x20 0x200 0xe4800 cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write 0.22
Imports (4)
»
KERNEL32.dll (35)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CloseHandle 0x0 0x4e7230 0xe7064 0xe3a64 0x52
CreateProcessA 0x0 0x4e7234 0xe7068 0xe3a68 0xa3
CreateSemaphoreW 0x0 0x4e7238 0xe706c 0xe3a6c 0xac
DeleteCriticalSection 0x0 0x4e723c 0xe7070 0xe3a70 0xcf
EnterCriticalSection 0x0 0x4e7240 0xe7074 0xe3a74 0xec
ExitProcess 0x0 0x4e7244 0xe7078 0xe3a78 0x117
FindClose 0x0 0x4e7248 0xe707c 0xe3a7c 0x12c
FindFirstFileA 0x0 0x4e724c 0xe7080 0xe3a80 0x130
FindNextFileA 0x0 0x4e7250 0xe7084 0xe3a84 0x141
FreeLibrary 0x0 0x4e7254 0xe7088 0xe3a88 0x160
GetCommandLineA 0x0 0x4e7258 0xe708c 0xe3a8c 0x184
GetCurrentThreadId 0x0 0x4e725c 0xe7090 0xe3a90 0x1c3
GetLastError 0x0 0x4e7260 0xe7094 0xe3a94 0x1fe
GetModuleHandleA 0x0 0x4e7264 0xe7098 0xe3a98 0x211
GetProcAddress 0x0 0x4e7268 0xe709c 0xe3a9c 0x241
InitializeCriticalSection 0x0 0x4e726c 0xe70a0 0xe3aa0 0x2de
InterlockedDecrement 0x0 0x4e7270 0xe70a4 0xe3aa4 0x2e7
InterlockedExchange 0x0 0x4e7274 0xe70a8 0xe3aa8 0x2e8
InterlockedIncrement 0x0 0x4e7278 0xe70ac 0xe3aac 0x2eb
IsDBCSLeadByteEx 0x0 0x4e727c 0xe70b0 0xe3ab0 0x2fb
LeaveCriticalSection 0x0 0x4e7280 0xe70b4 0xe3ab4 0x32e
LoadLibraryA 0x0 0x4e7284 0xe70b8 0xe3ab8 0x331
MultiByteToWideChar 0x0 0x4e7288 0xe70bc 0xe3abc 0x35c
ReleaseSemaphore 0x0 0x4e728c 0xe70c0 0xe3ac0 0x3d2
SetLastError 0x0 0x4e7290 0xe70c4 0xe3ac4 0x443
SetUnhandledExceptionFilter 0x0 0x4e7294 0xe70c8 0xe3ac8 0x474
Sleep 0x0 0x4e7298 0xe70cc 0xe3acc 0x480
TlsAlloc 0x0 0x4e729c 0xe70d0 0xe3ad0 0x493
TlsFree 0x0 0x4e72a0 0xe70d4 0xe3ad4 0x494
TlsGetValue 0x0 0x4e72a4 0xe70d8 0xe3ad8 0x495
TlsSetValue 0x0 0x4e72a8 0xe70dc 0xe3adc 0x496
VirtualProtect 0x0 0x4e72ac 0xe70e0 0xe3ae0 0x4bd
VirtualQuery 0x0 0x4e72b0 0xe70e4 0xe3ae4 0x4bf
WaitForSingleObject 0x0 0x4e72b4 0xe70e8 0xe3ae8 0x4c7
WideCharToMultiByte 0x0 0x4e72b8 0xe70ec 0xe3aec 0x4df
msvcrt.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_fdopen 0x0 0x4e72c0 0xe70f4 0xe3af4 0x17
_fstat 0x0 0x4e72c4 0xe70f8 0xe3af8 0x20
_lseek 0x0 0x4e72c8 0xe70fc 0xe3afc 0x33
_read 0x0 0x4e72cc 0xe7100 0xe3b00 0x40
_strdup 0x0 0x4e72d0 0xe7104 0xe3b04 0x50
_stricoll 0x0 0x4e72d4 0xe7108 0xe3b08 0x52
_write 0x0 0x4e72d8 0xe710c 0xe3b0c 0x6d
msvcrt.dll (68)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__getmainargs 0x0 0x4e72e0 0xe7114 0xe3b14 0x58
__mb_cur_max 0x0 0x4e72e4 0xe7118 0xe3b18 0x77
__p__environ 0x0 0x4e72e8 0xe711c 0xe3b1c 0x83
__p__fmode 0x0 0x4e72ec 0xe7120 0xe3b20 0x85
__set_app_type 0x0 0x4e72f0 0xe7124 0xe3b24 0x99
_cexit 0x0 0x4e72f4 0xe7128 0xe3b28 0xdb
_errno 0x0 0x4e72f8 0xe712c 0xe3b2c 0x11d
_filbuf 0x0 0x4e72fc 0xe7130 0xe3b30 0x132
_flsbuf 0x0 0x4e7300 0xe7134 0xe3b34 0x13f
_fullpath 0x0 0x4e7304 0xe7138 0xe3b38 0x15e
_iob 0x0 0x4e7308 0xe713c 0xe3b3c 0x1a1
_isctype 0x0 0x4e730c 0xe7140 0xe3b40 0x1a6
_onexit 0x0 0x4e7310 0xe7144 0xe3b44 0x2b1
_pctype 0x0 0x4e7314 0xe7148 0xe3b48 0x2ba
_setmode 0x0 0x4e7318 0xe714c 0xe3b4c 0x2f1
abort 0x0 0x4e731c 0xe7150 0xe3b50 0x43b
atexit 0x0 0x4e7320 0xe7154 0xe3b54 0x443
atoi 0x0 0x4e7324 0xe7158 0xe3b58 0x445
calloc 0x0 0x4e7328 0xe715c 0xe3b5c 0x44a
exit 0x0 0x4e732c 0xe7160 0xe3b60 0x454
fclose 0x0 0x4e7330 0xe7164 0xe3b64 0x457
fflush 0x0 0x4e7334 0xe7168 0xe3b68 0x45a
fopen 0x0 0x4e7338 0xe716c 0xe3b6c 0x462
fputc 0x0 0x4e733c 0xe7170 0xe3b70 0x466
fputs 0x0 0x4e7340 0xe7174 0xe3b74 0x467
fread 0x0 0x4e7344 0xe7178 0xe3b78 0x46a
free 0x0 0x4e7348 0xe717c 0xe3b7c 0x46b
fseek 0x0 0x4e734c 0xe7180 0xe3b80 0x471
ftell 0x0 0x4e7350 0xe7184 0xe3b84 0x473
fwrite 0x0 0x4e7354 0xe7188 0xe3b88 0x476
getenv 0x0 0x4e7358 0xe718c 0xe3b8c 0x47b
getwc 0x0 0x4e735c 0xe7190 0xe3b90 0x47e
iswctype 0x0 0x4e7360 0xe7194 0xe3b94 0x491
localeconv 0x0 0x4e7364 0xe7198 0xe3b98 0x49e
malloc 0x0 0x4e7368 0xe719c 0xe3b9c 0x4a3
mbstowcs 0x0 0x4e736c 0xe71a0 0xe3ba0 0x4aa
memchr 0x0 0x4e7370 0xe71a4 0xe3ba4 0x4ad
memcmp 0x0 0x4e7374 0xe71a8 0xe3ba8 0x4ae
memcpy 0x0 0x4e7378 0xe71ac 0xe3bac 0x4af
memmove 0x0 0x4e737c 0xe71b0 0xe3bb0 0x4b1
memset 0x0 0x4e7380 0xe71b4 0xe3bb4 0x4b3
putwc 0x0 0x4e7384 0xe71b8 0xe3bb8 0x4bd
realloc 0x0 0x4e7388 0xe71bc 0xe3bbc 0x4c4
setlocale 0x0 0x4e738c 0xe71c0 0xe3bc0 0x4cb
setvbuf 0x0 0x4e7390 0xe71c4 0xe3bc4 0x4cc
signal 0x0 0x4e7394 0xe71c8 0xe3bc8 0x4cd
sprintf 0x0 0x4e7398 0xe71cc 0xe3bcc 0x4d0
strchr 0x0 0x4e739c 0xe71d0 0xe3bd0 0x4d8
strcmp 0x0 0x4e73a0 0xe71d4 0xe3bd4 0x4d9
strcoll 0x0 0x4e73a4 0xe71d8 0xe3bd8 0x4da
strerror 0x0 0x4e73a8 0xe71dc 0xe3bdc 0x4de
strftime 0x0 0x4e73ac 0xe71e0 0xe3be0 0x4e0
strlen 0x0 0x4e73b0 0xe71e4 0xe3be4 0x4e1
strtod 0x0 0x4e73b4 0xe71e8 0xe3be8 0x4eb
strtoul 0x0 0x4e73b8 0xe71ec 0xe3bec 0x4ef
strxfrm 0x0 0x4e73bc 0xe71f0 0xe3bf0 0x4f0
tolower 0x0 0x4e73c0 0xe71f4 0xe3bf4 0x4fd
towlower 0x0 0x4e73c4 0xe71f8 0xe3bf8 0x4ff
towupper 0x0 0x4e73c8 0xe71fc 0xe3bfc 0x500
ungetc 0x0 0x4e73cc 0xe7200 0xe3c00 0x501
ungetwc 0x0 0x4e73d0 0xe7204 0xe3c04 0x502
vfprintf 0x0 0x4e73d4 0xe7208 0xe3c08 0x504
vsprintf 0x0 0x4e73d8 0xe720c 0xe3c0c 0x50b
wcscoll 0x0 0x4e73dc 0xe7210 0xe3c10 0x517
wcsftime 0x0 0x4e73e0 0xe7214 0xe3c14 0x51b
wcslen 0x0 0x4e73e4 0xe7218 0xe3c18 0x51c
wcstombs 0x0 0x4e73e8 0xe721c 0xe3c1c 0x52d
wcsxfrm 0x0 0x4e73ec 0xe7220 0xe3c20 0x530
SHELL32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteExA 0x0 0x4e73f4 0xe7228 0xe3c28 0x92
C:\inst_fold\armfix.reg Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 11.46 KB
MD5 6db860145ae50b5e375081c013ea7365 Copy to Clipboard
SHA1 d9796e00553fb8ede91a4ea4fd54bd2166cac7a8 Copy to Clipboard
SHA256 ae8590919e2b31b0d20ae3c60c1d3eb897e1ec099b0e04a5c134867af6d88996 Copy to Clipboard
SSDeep 192:78YpGSArpJQU0bUxFgpPUJP2yUXNypyZPyQ7TOd9ShKF/Tybr/vba5IlUx8pV8Ad:789rYEzP29NBnzTisGctbh8q1 Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Printer\x86\progress.exe Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 19.52 KB
MD5 ecbe7572b3b6bdf275c51da7e5ca3d94 Copy to Clipboard
SHA1 1af52869ba692bbc04712721b19a1bef5762d132 Copy to Clipboard
SHA256 da6104aa160e4861ef3892020fbb9f4966a0bc7280a8c2e4f8d5f739ec0f0cdd Copy to Clipboard
SSDeep 384:nSZPGL9A2TdR5W6D4+ZSZQwgMSZsHLPK6jH6x:nkP0A65XIg2PKgax Copy to Clipboard
ImpHash 3f576706ca13a6ace3419e9ac8d63897 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x401ad0
Size Of Code 0x1000
Size Of Initialized Data 0x1800
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2012-08-31 14:25:25+00:00
Version Information (8)
»
LegalCopyright Copyright (C) Two Pilots 2012
InternalName progress
FileVersion 1, 2, 0, 0
CompanyName Two Pilots
ProductName Virtual Printer Driver
ProductVersion 7, 3, 0, 0
FileDescription Virtual Printer Driver component
OriginalFilename progress.exe
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xfca 0x1000 0x400 cnt_code, mem_execute, mem_read 6.04
.rdata 0x402000 0xe5e 0x1000 0x1400 cnt_initialized_data, mem_read 4.78
.data 0x403000 0x3a4 0x200 0x2400 cnt_initialized_data, mem_read, mem_write 0.41
.rsrc 0x404000 0x510 0x600 0x2600 cnt_initialized_data, mem_read 4.49
Imports (6)
»
KERNEL32.dll (27)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReadFile 0x0 0x402014 0x26c8 0x1ac8 0x2b5
GetOverlappedResult 0x0 0x402018 0x26cc 0x1acc 0x194
DisconnectNamedPipe 0x0 0x40201c 0x26d0 0x1ad0 0x8c
GetLastError 0x0 0x402020 0x26d4 0x1ad4 0x171
LocalAlloc 0x0 0x402024 0x26d8 0x1ad8 0x258
CreateEventW 0x0 0x402028 0x26dc 0x1adc 0x50
WaitForMultipleObjects 0x0 0x40202c 0x26e0 0x1ae0 0x38e
CloseHandle 0x0 0x402030 0x26e4 0x1ae4 0x34
TerminateThread 0x0 0x402034 0x26e8 0x1ae8 0x35f
GetSystemTimeAsFileTime 0x0 0x402038 0x26ec 0x1aec 0x1ca
CreateNamedPipeW 0x0 0x40203c 0x26f0 0x1af0 0x63
GetCurrentThreadId 0x0 0x402040 0x26f4 0x1af4 0x146
GetTickCount 0x0 0x402044 0x26f8 0x1af8 0x1df
QueryPerformanceCounter 0x0 0x402048 0x26fc 0x1afc 0x2a3
IsDebuggerPresent 0x0 0x40204c 0x2700 0x1b00 0x239
SetUnhandledExceptionFilter 0x0 0x402050 0x2704 0x1b04 0x34a
UnhandledExceptionFilter 0x0 0x402054 0x2708 0x1b08 0x36e
GetCurrentProcess 0x0 0x402058 0x270c 0x1b0c 0x142
TerminateProcess 0x0 0x40205c 0x2710 0x1b10 0x35e
GetStartupInfoA 0x0 0x402060 0x2714 0x1b14 0x1b7
InterlockedCompareExchange 0x0 0x402064 0x2718 0x1b18 0x226
Sleep 0x0 0x402068 0x271c 0x1b1c 0x356
InterlockedExchange 0x0 0x40206c 0x2720 0x1b20 0x229
ConnectNamedPipe 0x0 0x402070 0x2724 0x1b24 0x3c
SetEvent 0x0 0x402074 0x2728 0x1b28 0x316
GetCurrentProcessId 0x0 0x402078 0x272c 0x1b2c 0x143
WaitForSingleObject 0x0 0x40207c 0x2730 0x1b30 0x390
USER32.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetMessageW 0x0 0x402120 0x27d4 0x1bd4 0x13e
PostQuitMessage 0x0 0x402124 0x27d8 0x1bd8 0x204
LoadCursorW 0x0 0x402128 0x27dc 0x1bdc 0x1bd
TranslateMessage 0x0 0x40212c 0x27e0 0x1be0 0x2aa
LoadIconW 0x0 0x402130 0x27e4 0x1be4 0x1bf
SystemParametersInfoW 0x0 0x402134 0x27e8 0x1be8 0x29a
SetWindowPos 0x0 0x402138 0x27ec 0x1bec 0x283
CreateWindowExW 0x0 0x40213c 0x27f0 0x1bf0 0x61
MessageBoxW 0x0 0x402140 0x27f4 0x1bf4 0x1e6
RegisterClassW 0x0 0x402144 0x27f8 0x1bf8 0x219
SendMessageW 0x0 0x402148 0x27fc 0x1bfc 0x240
UpdateWindow 0x0 0x40214c 0x2800 0x1c00 0x2bc
SetWindowTextW 0x0 0x402150 0x2804 0x1c04 0x287
DefWindowProcW 0x0 0x402154 0x2808 0x1c08 0x8f
DispatchMessageW 0x0 0x402158 0x280c 0x1c0c 0xa2
GDI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetStockObject 0x0 0x40200c 0x26c0 0x1ac0 0x1a5
ADVAPI32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetSecurityDescriptorDacl 0x0 0x402000 0x26b4 0x1ab4 0x23a
InitializeSecurityDescriptor 0x0 0x402004 0x26b8 0x1ab8 0x134
MSVCP80.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z 0x0 0x402084 0x2738 0x1b38 0x190
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ 0x0 0x402088 0x273c 0x1b3c 0x25d
MSVCR80.dll (35)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__CxxFrameHandler3 0x0 0x402090 0x2744 0x1b44 0x74
_controlfp_s 0x0 0x402094 0x2748 0x1b48 0x142
_wtoi 0x0 0x402098 0x274c 0x1b4c 0x4b3
__iob_func 0x0 0x40209c 0x2750 0x1b50 0xa2
_errno 0x0 0x4020a0 0x2754 0x1b54 0x173
_endthreadex 0x0 0x4020a4 0x2758 0x1b58 0x170
_beginthreadex 0x0 0x4020a8 0x275c 0x1b5c 0x127
fprintf 0x0 0x4020ac 0x2760 0x1b60 0x4e6
wcsncmp 0x0 0x4020b0 0x2764 0x1b64 0x59a
_amsg_exit 0x0 0x4020b4 0x2768 0x1b68 0x118
__getmainargs 0x0 0x4020b8 0x276c 0x1b6c 0xa0
_cexit 0x0 0x4020bc 0x2770 0x1b70 0x12f
_exit 0x0 0x4020c0 0x2774 0x1b74 0x17f
_XcptFilter 0x0 0x4020c4 0x2778 0x1b78 0x67
_ismbblead 0x0 0x4020c8 0x277c 0x1b7c 0x22b
exit 0x0 0x4020cc 0x2780 0x1b80 0x4d6
_acmdln 0x0 0x4020d0 0x2784 0x1b84 0x103
_initterm 0x0 0x4020d4 0x2788 0x1b88 0x20a
_initterm_e 0x0 0x4020d8 0x278c 0x1b8c 0x20b
_configthreadlocale 0x0 0x4020dc 0x2790 0x1b90 0x13f
__setusermatherr 0x0 0x4020e0 0x2794 0x1b94 0xe9
_adjust_fdiv 0x0 0x4020e4 0x2798 0x1b98 0x111
__p__commode 0x0 0x4020e8 0x279c 0x1b9c 0xcc
__p__fmode 0x0 0x4020ec 0x27a0 0x1ba0 0xd0
_encode_pointer 0x0 0x4020f0 0x27a4 0x1ba4 0x16d
__set_app_type 0x0 0x4020f4 0x27a8 0x1ba8 0xe6
_crt_debugger_hook 0x0 0x4020f8 0x27ac 0x1bac 0x14e
_unlock 0x0 0x4020fc 0x27b0 0x1bb0 0x3ed
__dllonexit 0x0 0x402100 0x27b4 0x1bb4 0x97
_lock 0x0 0x402104 0x27b8 0x1bb8 0x27c
_onexit 0x0 0x402108 0x27bc 0x1bbc 0x322
_decode_pointer 0x0 0x40210c 0x27c0 0x1bc0 0x163
_except_handler4_common 0x0 0x402110 0x27c4 0x1bc4 0x176
_invoke_watson 0x0 0x402114 0x27c8 0x1bc8 0x211
memset 0x0 0x402118 0x27cc 0x1bcc 0x533
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\Program Files\Remote Utilities - Host\Norwegian.lg Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 51.90 KB
MD5 3cdf55746e6889e8fff300e54a287bcc Copy to Clipboard
SHA1 57c38147c92b86f7bceeb4dbd9ad1d720410b07d Copy to Clipboard
SHA256 d3014f26e0b5bd84f694c8ad18f0de48ce3cbcbaa2f649070f161c64702cae3d Copy to Clipboard
SSDeep 1536:IzYWB3TwZOFLoAapzop2DL+p/uSAoILpUNW:IzYWB3Tw3XDac Copy to Clipboard
C:\Program Files\Remote Utilities - Host\webmvorbisencoder.dll Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 861.02 KB
MD5 74a8ebf5d8e08e284d734fe5feebd67d Copy to Clipboard
SHA1 87fb627c6e63eb41e26f389b38d525ccf0c11590 Copy to Clipboard
SHA256 1a9632b9e061b56017d2eb8d15c20e60a9518b4de5faa0399eaba0a17c10045d Copy to Clipboard
SSDeep 12288:OTAPYZEyRr+NDnaLyx2lz8MSjtX08pYRc29qcQmsGahsQZsbRNeb:lYF+Eyx2lzujtEIYRc1cQmsGa7ONeb Copy to Clipboard
ImpHash 6aeabf27d25617644e24c000ed77b18a Copy to Clipboard
PE Information
»
Image Base 0x10000000
Entry Point 0x1000bde4
Size Of Code 0x31e00
Size Of Initialized Data 0xa5200
File Type dll
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2015-01-30 19:20:19+00:00
Version Information (8)
»
LegalCopyright Copyright (C) 2013
InternalName webmvorbisencoder
FileVersion 1, 0, 4, 1
CompanyName Google
ProductName WebM Vorbis Encoder
ProductVersion 1, 0, 4, 1
FileDescription WebM Vorbis Encoder Filter
OriginalFilename webmvorbisencoder.dll
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x31c7d 0x31e00 0x400 cnt_code, mem_execute, mem_read 6.72
.rdata 0x10033000 0x9c2b0 0x9c400 0x32200 cnt_initialized_data, mem_read 4.26
.data 0x100d0000 0x3c7c 0x1c00 0xce600 cnt_initialized_data, mem_read, mem_write 4.03
_RDATA 0x100d4000 0x5e0 0x600 0xd0200 cnt_initialized_data, mem_read 4.68
.rsrc 0x100d5000 0x370 0x400 0xd0800 cnt_initialized_data, mem_read 2.89
.reloc 0x100d6000 0x4410 0x4600 0xd0c00 cnt_initialized_data, mem_discardable, mem_read 6.33
Imports (4)
»
KERNEL32.dll (69)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateMutexW 0x0 0x10033018 0xceb8c 0xcdd8c 0xd1
GetLastError 0x0 0x1003301c 0xceb90 0xcdd90 0x250
GetModuleFileNameW 0x0 0x10033020 0xceb94 0xcdd94 0x263
WaitForSingleObject 0x0 0x10033024 0xceb98 0xcdd98 0x5a9
CloseHandle 0x0 0x10033028 0xceb9c 0xcdd9c 0x7f
CreateEventW 0x0 0x1003302c 0xceba0 0xcdda0 0xb6
ReleaseMutex 0x0 0x10033030 0xceba4 0xcdda4 0x48b
SetEvent 0x0 0x10033034 0xceba8 0xcdda8 0x4ef
CreateFileW 0x0 0x10033038 0xcebac 0xcddac 0xc2
SetStdHandle 0x0 0x1003303c 0xcebb0 0xcddb0 0x520
SetFilePointerEx 0x0 0x10033040 0xcebb4 0xcddb4 0x4fc
GetConsoleMode 0x0 0x10033044 0xcebb8 0xcddb8 0x1ee
GetConsoleCP 0x0 0x10033048 0xcebbc 0xcddbc 0x1dc
FlushFileBuffers 0x0 0x1003304c 0xcebc0 0xcddc0 0x192
GetOEMCP 0x0 0x10033050 0xcebc4 0xcddc4 0x286
GetACP 0x0 0x10033054 0xcebc8 0xcddc8 0x1a4
IsValidCodePage 0x0 0x10033058 0xcebcc 0xcddcc 0x372
FreeEnvironmentStringsW 0x0 0x1003305c 0xcebd0 0xcddd0 0x19d
GetEnvironmentStringsW 0x0 0x10033060 0xcebd4 0xcddd4 0x227
WideCharToMultiByte 0x0 0x10033064 0xcebd8 0xcddd8 0x5cb
MultiByteToWideChar 0x0 0x10033068 0xcebdc 0xcdddc 0x3d1
GetStringTypeW 0x0 0x1003306c 0xcebe0 0xcdde0 0x2c5
EncodePointer 0x0 0x10033070 0xcebe4 0xcdde4 0x121
DecodePointer 0x0 0x10033074 0xcebe8 0xcdde8 0xfe
EnterCriticalSection 0x0 0x10033078 0xcebec 0xcddec 0x125
LeaveCriticalSection 0x0 0x1003307c 0xcebf0 0xcddf0 0x3a2
DeleteCriticalSection 0x0 0x10033080 0xcebf4 0xcddf4 0x105
LocalFree 0x0 0x10033084 0xcebf8 0xcddf8 0x3b2
GetStdHandle 0x0 0x10033088 0xcebfc 0xcddfc 0x2c0
GetFileType 0x0 0x1003308c 0xcec00 0xcde00 0x23e
GetModuleHandleExW 0x0 0x10033090 0xcec04 0xcde04 0x266
WriteConsoleW 0x0 0x10033094 0xcec08 0xcde08 0x5de
HeapAlloc 0x0 0x10033098 0xcec0c 0xcde0c 0x32f
CreateThread 0x0 0x1003309c 0xcec10 0xcde10 0xe8
GetCurrentThreadId 0x0 0x100330a0 0xcec14 0xcde14 0x20e
ExitThread 0x0 0x100330a4 0xcec18 0xcde18 0x152
GetProcAddress 0x0 0x100330a8 0xcec1c 0xcde1c 0x29d
LoadLibraryExW 0x0 0x100330ac 0xcec20 0xcde20 0x3a7
GetCommandLineA 0x0 0x100330b0 0xcec24 0xcde24 0x1c8
HeapFree 0x0 0x100330b4 0xcec28 0xcde28 0x333
HeapReAlloc 0x0 0x100330b8 0xcec2c 0xcde2c 0x336
ExitProcess 0x0 0x100330bc 0xcec30 0xcde30 0x151
RaiseException 0x0 0x100330c0 0xcec34 0xcde34 0x43f
RtlUnwind 0x0 0x100330c4 0xcec38 0xcde38 0x4ac
GetCPInfo 0x0 0x100330c8 0xcec3c 0xcde3c 0x1b3
IsProcessorFeaturePresent 0x0 0x100330cc 0xcec40 0xcde40 0x36d
UnhandledExceptionFilter 0x0 0x100330d0 0xcec44 0xcde44 0x580
SetUnhandledExceptionFilter 0x0 0x100330d4 0xcec48 0xcde48 0x541
SetLastError 0x0 0x100330d8 0xcec4c 0xcde4c 0x50a
InitializeCriticalSectionAndSpinCount 0x0 0x100330dc 0xcec50 0xcde50 0x348
Sleep 0x0 0x100330e0 0xcec54 0xcde54 0x550
GetCurrentProcess 0x0 0x100330e4 0xcec58 0xcde58 0x209
TerminateProcess 0x0 0x100330e8 0xcec5c 0xcde5c 0x55f
TlsAlloc 0x0 0x100330ec 0xcec60 0xcde60 0x571
TlsGetValue 0x0 0x100330f0 0xcec64 0xcde64 0x573
TlsSetValue 0x0 0x100330f4 0xcec68 0xcde68 0x574
TlsFree 0x0 0x100330f8 0xcec6c 0xcde6c 0x572
GetStartupInfoW 0x0 0x100330fc 0xcec70 0xcde70 0x2be
GetModuleHandleW 0x0 0x10033100 0xcec74 0xcde74 0x267
LCMapStringW 0x0 0x10033104 0xcec78 0xcde78 0x396
IsDebuggerPresent 0x0 0x10033108 0xcec7c 0xcde7c 0x367
OutputDebugStringW 0x0 0x1003310c 0xcec80 0xcde80 0x3fa
WriteFile 0x0 0x10033110 0xcec84 0xcde84 0x5df
HeapSize 0x0 0x10033114 0xcec88 0xcde88 0x338
GetProcessHeap 0x0 0x10033118 0xcec8c 0xcde8c 0x2a2
GetModuleFileNameA 0x0 0x1003311c 0xcec90 0xcde90 0x262
QueryPerformanceCounter 0x0 0x10033120 0xcec94 0xcde94 0x42d
GetCurrentProcessId 0x0 0x10033124 0xcec98 0xcde98 0x20a
GetSystemTimeAsFileTime 0x0 0x10033128 0xcec9c 0xcde9c 0x2d6
ADVAPI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey 0x0 0x10033000 0xceb74 0xcdd74 0x254
RegOpenKeyExW 0x0 0x10033004 0xceb78 0xcdd78 0x285
RegQueryValueExW 0x0 0x10033008 0xceb7c 0xcdd7c 0x292
RegCreateKeyExW 0x0 0x1003300c 0xceb80 0xcdd80 0x25d
RegSetValueExW 0x0 0x10033010 0xceb84 0xcdd84 0x2a2
ole32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleRun 0x0 0x10033138 0xcecac 0xcdeac 0x174
CoTaskMemAlloc 0x0 0x1003313c 0xcecb0 0xcdeb0 0x7a
StringFromGUID2 0x0 0x10033140 0xcecb4 0xcdeb4 0x1ba
CoWaitForMultipleHandles 0x0 0x10033144 0xcecb8 0xcdeb8 0x86
CoTaskMemFree 0x0 0x10033148 0xcecbc 0xcdebc 0x7b
CoCreateInstance 0x0 0x1003314c 0xcecc0 0xcdec0 0x1a
SHLWAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHDeleteKeyW 0x0 0x10033130 0xceca4 0xcdea4 0xb8
Exports (4)
»
Api name EAT Address Ordinal
DllCanUnloadNow 0x1370 0x1
DllGetClassObject 0x1380 0x2
DllRegisterServer 0x1470 0x3
DllUnregisterServer 0x13c0 0x4
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\Program Files\Remote Utilities - Host\Printer\x86\setupdrv.exe Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 60.52 KB
MD5 e6fad6f55219253a16fe5bb92c80ce15 Copy to Clipboard
SHA1 01a34aa45c1cebe15fddc5b1f73848228b9a2436 Copy to Clipboard
SHA256 57ebd191c1a040759be022480bc8d11fc3f3bc3214343b99c95ddf3eae47f5d2 Copy to Clipboard
SSDeep 768:kA7DDwprhlrMKK9jfcKk5NijGA/z0TIx0PqfyljmkjxOarHg2PKgV:kcHcViK0r0a7xOlOarHgYv Copy to Clipboard
ImpHash f3fe72f20e63d95f71d7b92ec2b8b9a4 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x406e3f
Size Of Code 0x7000
Size Of Initialized Data 0x5000
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2012-08-31 14:25:55+00:00
Version Information (8)
»
LegalCopyright Copyright (C) Two Pilots 2012
InternalName setupdrv
FileVersion 1, 6, 0, 0
CompanyName Two Pilots
ProductName Virtual Printer Driver
ProductVersion 7, 3, 0, 0
FileDescription Virtual Printer Driver component
OriginalFilename setupdrv.exe
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x66c9 0x7000 0x1000 cnt_code, mem_execute, mem_read 5.87
.rdata 0x408000 0x2eea 0x3000 0x8000 cnt_initialized_data, mem_read 4.68
.data 0x40b000 0x55c 0x1000 0xb000 cnt_initialized_data, mem_read, mem_write 0.76
.rsrc 0x40c000 0x510 0x1000 0xc000 cnt_initialized_data, mem_read 4.05
Imports (7)
»
KERNEL32.dll (26)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetVersionExW 0x0 0x408020 0xa2bc 0xa2bc 0x1ea
GetSystemTimeAsFileTime 0x0 0x408024 0xa2c0 0xa2c0 0x1ca
GetCurrentProcessId 0x0 0x408028 0xa2c4 0xa2c4 0x143
GetCurrentThreadId 0x0 0x40802c 0xa2c8 0xa2c8 0x146
GetTickCount 0x0 0x408030 0xa2cc 0xa2cc 0x1df
QueryPerformanceCounter 0x0 0x408034 0xa2d0 0xa2d0 0x2a3
IsDebuggerPresent 0x0 0x408038 0xa2d4 0xa2d4 0x239
SetUnhandledExceptionFilter 0x0 0x40803c 0xa2d8 0xa2d8 0x34a
UnhandledExceptionFilter 0x0 0x408040 0xa2dc 0xa2dc 0x36e
TerminateProcess 0x0 0x408044 0xa2e0 0xa2e0 0x35e
GetStartupInfoW 0x0 0x408048 0xa2e4 0xa2e4 0x1b8
InterlockedCompareExchange 0x0 0x40804c 0xa2e8 0xa2e8 0x226
InterlockedExchange 0x0 0x408050 0xa2ec 0xa2ec 0x229
GetCurrentProcess 0x0 0x408054 0xa2f0 0xa2f0 0x142
DeleteFileW 0x0 0x408058 0xa2f4 0xa2f4 0x84
FindNextFileW 0x0 0x40805c 0xa2f8 0xa2f8 0xdd
FindClose 0x0 0x408060 0xa2fc 0xa2fc 0xce
FormatMessageW 0x0 0x408064 0xa300 0xa300 0xf4
CopyFileW 0x0 0x408068 0xa304 0xa304 0x46
Sleep 0x0 0x40806c 0xa308 0xa308 0x356
GetSystemDirectoryW 0x0 0x408070 0xa30c 0xa30c 0x1c2
FindFirstFileW 0x0 0x408074 0xa310 0xa310 0xd5
GetLocalTime 0x0 0x408078 0xa314 0xa314 0x173
SetLastError 0x0 0x40807c 0xa318 0xa318 0x328
GetLastError 0x0 0x408080 0xa31c 0xa31c 0x171
GetCommandLineW 0x0 0x408084 0xa320 0xa320 0x111
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxW 0x0 0x408180 0xa41c 0xa41c 0x1e6
WINSPOOL.DRV (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OpenPrinterW 0x0 0x408188 0xa424 0xa424 0x7e
EnumMonitorsW 0x0 0x40818c 0xa428 0xa428 0x51
EnumPrinterDriversW 0x0 0x408190 0xa42c 0xa42c 0x5d
XcvDataW 0x0 0x408194 0xa430 0xa430 0xa8
EnumPortsW 0x0 0x408198 0xa434 0xa434 0x53
DeletePortW 0x0 0x40819c 0xa438 0xa438 0x2b
AddPrinterW 0x0 0x4081a0 0xa43c 0xa43c 0x17
AddPrinterDriverW 0x0 0x4081a4 0xa440 0xa440 0x16
GetPrinterDriverDirectoryW 0x0 0x4081a8 0xa444 0xa444 0x77
DeletePrinterDriverW 0x0 0x4081ac 0xa448 0xa448 0x3a
ClosePrinter 0x0 0x4081b0 0xa44c 0xa44c 0x1b
SetPrinterW 0x0 0x4081b4 0xa450 0xa450 0x9c
DeleteMonitorW 0x0 0x4081b8 0xa454 0xa454 0x29
DeletePrinter 0x0 0x4081bc 0xa458 0xa458 0x30
AddMonitorW 0x0 0x4081c0 0xa45c 0xa45c 0x7
ADVAPI32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
EnumDependentServicesW 0x0 0x408000 0xa29c 0xa29c 0xd0
OpenSCManagerW 0x0 0x408004 0xa2a0 0xa2a0 0x1ae
CloseServiceHandle 0x0 0x408008 0xa2a4 0xa2a4 0x3e
StartServiceW 0x0 0x40800c 0xa2a8 0xa2a8 0x24c
QueryServiceStatus 0x0 0x408010 0xa2ac 0xa2ac 0x1c3
ControlService 0x0 0x408014 0xa2b0 0xa2b0 0x42
OpenServiceW 0x0 0x408018 0xa2b4 0xa2b4 0x1b0
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CommandLineToArgvW 0x0 0x408178 0xa414 0xa414 0x7
MSVCP80.dll (10)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z 0x0 0x40808c 0xa328 0xa328 0x16f
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z 0x0 0x408090 0xa32c 0xa32c 0x3c
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z 0x0 0x408094 0xa330 0xa330 0xb96
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z 0x0 0x408098 0xa334 0xa334 0x2b5
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z 0x0 0x40809c 0xa338 0xa338 0x189
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ 0x0 0x4080a0 0xa33c 0xa33c 0x195
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z 0x0 0x4080a4 0xa340 0xa340 0x190
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z 0x0 0x4080a8 0xa344 0xa344 0x176
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 0x0 0x4080ac 0xa348 0xa348 0x25b
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ 0x0 0x4080b0 0xa34c 0xa34c 0x25d
MSVCR80.dll (47)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_encode_pointer 0x0 0x4080b8 0xa354 0xa354 0x16d
memset 0x0 0x4080bc 0xa358 0xa358 0x533
__CxxFrameHandler3 0x0 0x4080c0 0xa35c 0xa35c 0x74
_controlfp_s 0x0 0x4080c4 0xa360 0xa360 0x142
_invoke_watson 0x0 0x4080c8 0xa364 0xa364 0x211
_except_handler4_common 0x0 0x4080cc 0xa368 0xa368 0x176
_decode_pointer 0x0 0x4080d0 0xa36c 0xa36c 0x163
_onexit 0x0 0x4080d4 0xa370 0xa370 0x322
_lock 0x0 0x4080d8 0xa374 0xa374 0x27c
__dllonexit 0x0 0x4080dc 0xa378 0xa378 0x97
_unlock 0x0 0x4080e0 0xa37c 0xa37c 0x3ed
?_type_info_dtor_internal_method@type_info@@QAEXXZ 0x0 0x4080e4 0xa380 0xa380 0x34
?terminate@@YAXXZ 0x0 0x4080e8 0xa384 0xa384 0x41
_wcsicmp 0x0 0x4080ec 0xa388 0xa388 0x438
?what@exception@std@@UBEPBDXZ 0x0 0x4080f0 0xa38c 0xa38c 0x44
??1exception@std@@UAE@XZ 0x0 0x4080f4 0xa390 0xa390 0xd
??0exception@std@@QAE@XZ 0x0 0x4080f8 0xa394 0xa394 0x9
??0exception@std@@QAE@ABQBD@Z 0x0 0x4080fc 0xa398 0xa398 0x6
??0exception@std@@QAE@ABV01@@Z 0x0 0x408100 0xa39c 0xa39c 0x8
_vswprintf_c_l 0x0 0x408104 0xa3a0 0xa3a0 0x421
fopen 0x0 0x408108 0xa3a4 0xa3a4 0x4e4
fprintf 0x0 0x40810c 0xa3a8 0xa3a8 0x4e6
??3@YAXPAX@Z 0x0 0x408110 0xa3ac 0xa3ac 0x10
fclose 0x0 0x408114 0xa3b0 0xa3b0 0x4d9
??2@YAPAXI@Z 0x0 0x408118 0xa3b4 0xa3b4 0xf
fwprintf 0x0 0x40811c 0xa3b8 0xa3b8 0x4f6
free 0x0 0x408120 0xa3bc 0xa3bc 0x4ed
malloc 0x0 0x408124 0xa3c0 0xa3c0 0x524
_invalid_parameter_noinfo 0x0 0x408128 0xa3c4 0xa3c4 0x210
_vswprintf 0x0 0x40812c 0xa3c8 0xa3c8 0x41f
_amsg_exit 0x0 0x408130 0xa3cc 0xa3cc 0x118
__wgetmainargs 0x0 0x408134 0xa3d0 0xa3d0 0xfd
_cexit 0x0 0x408138 0xa3d4 0xa3d4 0x12f
_exit 0x0 0x40813c 0xa3d8 0xa3d8 0x17f
_XcptFilter 0x0 0x408140 0xa3dc 0xa3dc 0x67
exit 0x0 0x408144 0xa3e0 0xa3e0 0x4d6
_wcmdln 0x0 0x408148 0xa3e4 0xa3e4 0x431
_initterm 0x0 0x40814c 0xa3e8 0xa3e8 0x20a
_initterm_e 0x0 0x408150 0xa3ec 0xa3ec 0x20b
_configthreadlocale 0x0 0x408154 0xa3f0 0xa3f0 0x13f
__setusermatherr 0x0 0x408158 0xa3f4 0xa3f4 0xe9
_adjust_fdiv 0x0 0x40815c 0xa3f8 0xa3f8 0x111
__p__commode 0x0 0x408160 0xa3fc 0xa3fc 0xcc
__p__fmode 0x0 0x408164 0xa400 0xa400 0xd0
_CxxThrowException 0x0 0x408168 0xa404 0xa404 0x5b
__set_app_type 0x0 0x40816c 0xa408 0xa408 0xe6
_crt_debugger_hook 0x0 0x408170 0xa40c 0xa40c 0x14e
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\Users\EEBsYm5\AppData\Local\Temp\$inst\0001.tmp Created File Unknown
Not Queried
...
»
Mime Type application/vnd.ms-cab-compressed
File Size 4.70 MB
MD5 f05355bd99cbbd28dcb7c222882cb208 Copy to Clipboard
SHA1 ee9c1219f3583aff481e0795b9282e93f23f69b5 Copy to Clipboard
SHA256 7e7997651bc4760b1519618acc39f6fcbfd60da7516de1cd58ac59da2ae465bc Copy to Clipboard
SSDeep 98304:SdnIq4bwbRG4bOikbjJ6ozsz0vvg8k9lRZlHPfeEuPbbmLfG:Bq4QKxQ0vo8k9rHf7uPEO Copy to Clipboard
C:\Program Files\Remote Utilities - Host\rfusclient.exe Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 5.47 MB
MD5 848a53dc549be0386e5da0f49700c389 Copy to Clipboard
SHA1 e918192d2b5c565a9b2756a1d01070c6608f361c Copy to Clipboard
SHA256 faf0c5e4ef7dbcfd863377c55a4d1d87a3f6a58c13a8a9882e11012066f31976 Copy to Clipboard
SSDeep 49152:fToOPDphyCs76leS+ZdHP0pCDYIHvdddCOQyxdN3AzqT2TNO9jiu5Ky987l:fToOHyCKZ1vdCOQybN3YkiQKBl Copy to Clipboard
ImpHash 0a3761564752f553c81f2f96521b33c4 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x86f180
Size Of Code 0x46dc00
Size Of Initialized Data 0x107200
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2017-08-28 22:35:32+00:00
Version Information (8)
»
LegalCopyright Copyright © 2017 Remote Utilities LLC. All rights reserved.
FileVersion 6.8.0.1
CompanyName Remote Utilities LLC
LegalTrademarks Remote Utilities
ProductName Remote Utilities
ProgramID com.remoteutilities.rfusclient
ProductVersion 6.8.0.1
FileDescription Remote Utilities - Host
Sections (12)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x46a660 0x46a800 0x400 cnt_code, mem_execute, mem_read 6.45
.itext 0x86c000 0x324c 0x3400 0x46ac00 cnt_code, mem_execute, mem_read 6.24
.data 0x870000 0x171d4 0x17200 0x46e000 cnt_initialized_data, mem_read, mem_write 6.45
.bss 0x888000 0x88e3c 0x0 0x0 mem_read, mem_write 0.0
.idata 0x911000 0x48e2 0x4a00 0x485200 cnt_initialized_data, mem_read, mem_write 5.16
.didata 0x916000 0xd82 0xe00 0x489c00 cnt_initialized_data, mem_read, mem_write 4.1
.edata 0x917000 0x9c 0x200 0x48aa00 cnt_initialized_data, mem_read 1.91
.tls 0x918000 0x60 0x0 0x0 mem_read, mem_write 0.0
.rdata 0x919000 0x5d 0x200 0x48ac00 cnt_initialized_data, mem_read 1.4
.vmp0 0x91a000 0x950 0xa00 0x48ae00 cnt_code, mem_execute, mem_read 7.56
.reloc 0x91b000 0x67730 0x67800 0x48b800 cnt_initialized_data, mem_read 6.69
.rsrc 0x983000 0x82a03 0x82c00 0x4f3000 cnt_initialized_data, mem_read 5.63
Imports (18)
»
winmm.dll (16)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
mixerGetNumDevs 0x0 0x911c90 0x51117c 0x48537c 0x0
mixerGetLineInfoW 0x0 0x911c94 0x511180 0x485380 0x0
mixerSetControlDetails 0x0 0x911c98 0x511184 0x485384 0x0
mixerClose 0x0 0x911c9c 0x511188 0x485388 0x0
mixerGetLineControlsW 0x0 0x911ca0 0x51118c 0x48538c 0x0
waveInReset 0x0 0x911ca4 0x511190 0x485390 0x0
waveInPrepareHeader 0x0 0x911ca8 0x511194 0x485394 0x0
mixerGetControlDetailsW 0x0 0x911cac 0x511198 0x485398 0x0
waveInUnprepareHeader 0x0 0x911cb0 0x51119c 0x48539c 0x0
waveInStart 0x0 0x911cb4 0x5111a0 0x4853a0 0x0
waveInAddBuffer 0x0 0x911cb8 0x5111a4 0x4853a4 0x0
PlaySoundW 0x0 0x911cbc 0x5111a8 0x4853a8 0x0
mixerGetDevCapsW 0x0 0x911cc0 0x5111ac 0x4853ac 0x0
waveInClose 0x0 0x911cc4 0x5111b0 0x4853b0 0x0
waveInOpen 0x0 0x911cc8 0x5111b4 0x4853b4 0x0
mixerOpen 0x0 0x911ccc 0x5111b8 0x4853b8 0x0
wininet.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InternetCloseHandle 0x0 0x911cd4 0x5111c0 0x4853c0 0x0
InternetReadFile 0x0 0x911cd8 0x5111c4 0x4853c4 0x0
InternetOpenA 0x0 0x911cdc 0x5111c8 0x4853c8 0x0
InternetOpenUrlA 0x0 0x911ce0 0x5111cc 0x4853cc 0x0
winspool.drv (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DocumentPropertiesW 0x0 0x911ce8 0x5111d4 0x4853d4 0x0
ClosePrinter 0x0 0x911cec 0x5111d8 0x4853d8 0x0
OpenPrinterW 0x0 0x911cf0 0x5111dc 0x4853dc 0x0
GetDefaultPrinterW 0x0 0x911cf4 0x5111e0 0x4853e0 0x0
EnumPrintersW 0x0 0x911cf8 0x5111e4 0x4853e4 0x0
comdlg32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FindTextW 0x0 0x911d00 0x5111ec 0x4853ec 0x0
ReplaceTextW 0x0 0x911d04 0x5111f0 0x4853f0 0x0
GetOpenFileNameW 0x0 0x911d08 0x5111f4 0x4853f4 0x0
comctl32.dll (36)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_GetImageInfo 0x0 0x911d10 0x5111fc 0x4853fc 0x0
FlatSB_SetScrollInfo 0x0 0x911d14 0x511200 0x485400 0x0
InitCommonControls 0x0 0x911d18 0x511204 0x485404 0x0
ImageList_DragMove 0x0 0x911d1c 0x511208 0x485408 0x0
ImageList_Destroy 0x0 0x911d20 0x51120c 0x48540c 0x0
_TrackMouseEvent 0x0 0x911d24 0x511210 0x485410 0x0
ImageList_DragShowNolock 0x0 0x911d28 0x511214 0x485414 0x0
ImageList_Add 0x0 0x911d2c 0x511218 0x485418 0x0
FlatSB_SetScrollProp 0x0 0x911d30 0x51121c 0x48541c 0x0
ImageList_GetDragImage 0x0 0x911d34 0x511220 0x485420 0x0
ImageList_Create 0x0 0x911d38 0x511224 0x485424 0x0
ImageList_EndDrag 0x0 0x911d3c 0x511228 0x485428 0x0
ImageList_DrawEx 0x0 0x911d40 0x51122c 0x48542c 0x0
ImageList_SetImageCount 0x0 0x911d44 0x511230 0x485430 0x0
FlatSB_GetScrollPos 0x0 0x911d48 0x511234 0x485434 0x0
FlatSB_SetScrollPos 0x0 0x911d4c 0x511238 0x485438 0x0
InitializeFlatSB 0x0 0x911d50 0x51123c 0x48543c 0x0
ImageList_Copy 0x0 0x911d54 0x511240 0x485440 0x0
FlatSB_GetScrollInfo 0x0 0x911d58 0x511244 0x485444 0x0
ImageList_Write 0x0 0x911d5c 0x511248 0x485448 0x0
ImageList_SetBkColor 0x0 0x911d60 0x51124c 0x48544c 0x0
ImageList_GetBkColor 0x0 0x911d64 0x511250 0x485450 0x0
ImageList_BeginDrag 0x0 0x911d68 0x511254 0x485454 0x0
ImageList_GetIcon 0x0 0x911d6c 0x511258 0x485458 0x0
ImageList_Replace 0x0 0x911d70 0x51125c 0x48545c 0x0
ImageList_GetImageCount 0x0 0x911d74 0x511260 0x485460 0x0
ImageList_DragEnter 0x0 0x911d78 0x511264 0x485464 0x0
ImageList_GetIconSize 0x0 0x911d7c 0x511268 0x485468 0x0
ImageList_SetIconSize 0x0 0x911d80 0x51126c 0x48546c 0x0
ImageList_Read 0x0 0x911d84 0x511270 0x485470 0x0
ImageList_DragLeave 0x0 0x911d88 0x511274 0x485474 0x0
ImageList_LoadImageW 0x0 0x911d8c 0x511278 0x485478 0x0
ImageList_Draw 0x0 0x911d90 0x51127c 0x48547c 0x0
ImageList_Remove 0x0 0x911d94 0x511280 0x485480 0x0
ImageList_ReplaceIcon 0x0 0x911d98 0x511284 0x485484 0x0
ImageList_SetOverlayImage 0x0 0x911d9c 0x511288 0x485488 0x0
shell32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathCleanupSpec 0x0 0x911da4 0x511290 0x485490 0x0
SHGetFolderPathW 0x0 0x911da8 0x511294 0x485494 0x0
DragQueryPoint 0x0 0x911dac 0x511298 0x485498 0x0
DragQueryFileW 0x0 0x911db0 0x51129c 0x48549c 0x0
Shell_NotifyIconW 0x0 0x911db4 0x5112a0 0x4854a0 0x0
SHGetSpecialFolderPathW 0x0 0x911db8 0x5112a4 0x4854a4 0x0
SHFileOperationW 0x0 0x911dbc 0x5112a8 0x4854a8 0x0
ShellExecuteW 0x0 0x911dc0 0x5112ac 0x4854ac 0x0
ShellExecuteExW 0x0 0x911dc4 0x5112b0 0x4854b0 0x0
user32.dll (235)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CopyImage 0x0 0x911dcc 0x5112b8 0x4854b8 0x0
MoveWindow 0x0 0x911dd0 0x5112bc 0x4854bc 0x0
SetMenuItemInfoW 0x0 0x911dd4 0x5112c0 0x4854c0 0x0
GetMenuItemInfoW 0x0 0x911dd8 0x5112c4 0x4854c4 0x0
DefFrameProcW 0x0 0x911ddc 0x5112c8 0x4854c8 0x0
GetDlgCtrlID 0x0 0x911de0 0x5112cc 0x4854cc 0x0
FrameRect 0x0 0x911de4 0x5112d0 0x4854d0 0x0
RegisterWindowMessageW 0x0 0x911de8 0x5112d4 0x4854d4 0x0
GetMenuStringW 0x0 0x911dec 0x5112d8 0x4854d8 0x0
FillRect 0x0 0x911df0 0x5112dc 0x4854dc 0x0
SendMessageA 0x0 0x911df4 0x5112e0 0x4854e0 0x0
IsClipboardFormatAvailable 0x0 0x911df8 0x5112e4 0x4854e4 0x0
EnumWindows 0x0 0x911dfc 0x5112e8 0x4854e8 0x0
ShowOwnedPopups 0x0 0x911e00 0x5112ec 0x4854ec 0x0
GetClassInfoExW 0x0 0x911e04 0x5112f0 0x4854f0 0x0
GetClassInfoW 0x0 0x911e08 0x5112f4 0x4854f4 0x0
GetScrollRange 0x0 0x911e0c 0x5112f8 0x4854f8 0x0
SetActiveWindow 0x0 0x911e10 0x5112fc 0x4854fc 0x0
GetActiveWindow 0x0 0x911e14 0x511300 0x485500 0x0
DrawEdge 0x0 0x911e18 0x511304 0x485504 0x0
GetKeyboardLayoutList 0x0 0x911e1c 0x511308 0x485508 0x0
LoadBitmapW 0x0 0x911e20 0x51130c 0x48550c 0x0
EnumChildWindows 0x0 0x911e24 0x511310 0x485510 0x0
CreateDialogParamW 0x0 0x911e28 0x511314 0x485514 0x0
SendNotifyMessageW 0x0 0x911e2c 0x511318 0x485518 0x0
GetScrollBarInfo 0x0 0x911e30 0x51131c 0x48551c 0x0
UnhookWindowsHookEx 0x0 0x911e34 0x511320 0x485520 0x0
SetCapture 0x0 0x911e38 0x511324 0x485524 0x0
GetCapture 0x0 0x911e3c 0x511328 0x485528 0x0
CreatePopupMenu 0x0 0x911e40 0x51132c 0x48552c 0x0
LoadMenuW 0x0 0x911e44 0x511330 0x485530 0x0
ShowCaret 0x0 0x911e48 0x511334 0x485534 0x0
GetMenuItemID 0x0 0x911e4c 0x511338 0x485538 0x0
DestroyCaret 0x0 0x911e50 0x51133c 0x48553c 0x0
CharLowerBuffW 0x0 0x911e54 0x511340 0x485540 0x0
PostMessageW 0x0 0x911e58 0x511344 0x485544 0x0
SetWindowLongW 0x0 0x911e5c 0x511348 0x485548 0x0
RegisterClassExW 0x0 0x911e60 0x51134c 0x48554c 0x0
IsZoomed 0x0 0x911e64 0x511350 0x485550 0x0
SetParent 0x0 0x911e68 0x511354 0x485554 0x0
DrawMenuBar 0x0 0x911e6c 0x511358 0x485558 0x0
InvalidateRgn 0x0 0x911e70 0x51135c 0x48555c 0x0
GetClientRect 0x0 0x911e74 0x511360 0x485560 0x0
IsChild 0x0 0x911e78 0x511364 0x485564 0x0
IsIconic 0x0 0x911e7c 0x511368 0x485568 0x0
CallNextHookEx 0x0 0x911e80 0x51136c 0x48556c 0x0
CloseDesktop 0x0 0x911e84 0x511370 0x485570 0x0
ShowWindow 0x0 0x911e88 0x511374 0x485574 0x0
SetForegroundWindow 0x0 0x911e8c 0x511378 0x485578 0x0
GetWindowTextW 0x0 0x911e90 0x51137c 0x48557c 0x0
IsDialogMessageW 0x0 0x911e94 0x511380 0x485580 0x0
DestroyWindow 0x0 0x911e98 0x511384 0x485584 0x0
RegisterClassW 0x0 0x911e9c 0x511388 0x485588 0x0
EndMenu 0x0 0x911ea0 0x51138c 0x48558c 0x0
CharNextW 0x0 0x911ea4 0x511390 0x485590 0x0
GetFocus 0x0 0x911ea8 0x511394 0x485594 0x0
GetDC 0x0 0x911eac 0x511398 0x485598 0x0
SetThreadDesktop 0x0 0x911eb0 0x51139c 0x48559c 0x0
GetThreadDesktop 0x0 0x911eb4 0x5113a0 0x4855a0 0x0
SetFocus 0x0 0x911eb8 0x5113a4 0x4855a4 0x0
ChangeClipboardChain 0x0 0x911ebc 0x5113a8 0x4855a8 0x0
ReleaseDC 0x0 0x911ec0 0x5113ac 0x4855ac 0x0
mouse_event 0x0 0x911ec4 0x5113b0 0x4855b0 0x0
ExitWindowsEx 0x0 0x911ec8 0x5113b4 0x4855b4 0x0
GetClassLongW 0x0 0x911ecc 0x5113b8 0x4855b8 0x0
SetScrollRange 0x0 0x911ed0 0x5113bc 0x4855bc 0x0
DrawTextW 0x0 0x911ed4 0x5113c0 0x4855c0 0x0
PeekMessageA 0x0 0x911ed8 0x5113c4 0x4855c4 0x0
MessageBeep 0x0 0x911edc 0x5113c8 0x4855c8 0x0
SetClassLongW 0x0 0x911ee0 0x5113cc 0x4855cc 0x0
SetRectEmpty 0x0 0x911ee4 0x5113d0 0x4855d0 0x0
RemovePropW 0x0 0x911ee8 0x5113d4 0x4855d4 0x0
AttachThreadInput 0x0 0x911eec 0x5113d8 0x4855d8 0x0
GetSubMenu 0x0 0x911ef0 0x5113dc 0x4855dc 0x0
OpenInputDesktop 0x0 0x911ef4 0x5113e0 0x4855e0 0x0
DestroyIcon 0x0 0x911ef8 0x5113e4 0x4855e4 0x0
IsWindowVisible 0x0 0x911efc 0x5113e8 0x4855e8 0x0
CharToOemW 0x0 0x911f00 0x5113ec 0x4855ec 0x0
FlashWindowEx 0x0 0x911f04 0x5113f0 0x4855f0 0x0
DispatchMessageA 0x0 0x911f08 0x5113f4 0x4855f4 0x0
UnregisterClassW 0x0 0x911f0c 0x5113f8 0x4855f8 0x0
GetTopWindow 0x0 0x911f10 0x5113fc 0x4855fc 0x0
SendMessageW 0x0 0x911f14 0x511400 0x485600 0x0
GetMessageTime 0x0 0x911f18 0x511404 0x485604 0x0
CreateMenu 0x0 0x911f1c 0x511408 0x485608 0x0
LoadStringW 0x0 0x911f20 0x51140c 0x48560c 0x0
CharLowerW 0x0 0x911f24 0x511410 0x485610 0x0
SetWindowRgn 0x0 0x911f28 0x511414 0x485614 0x0
SetWindowPos 0x0 0x911f2c 0x511418 0x485618 0x0
GetMenuItemCount 0x0 0x911f30 0x51141c 0x48561c 0x0
GetSysColorBrush 0x0 0x911f34 0x511420 0x485620 0x0
GetWindowDC 0x0 0x911f38 0x511424 0x485624 0x0
DrawTextExW 0x0 0x911f3c 0x511428 0x485628 0x0
CharLowerBuffA 0x0 0x911f40 0x51142c 0x48562c 0x0
EnumClipboardFormats 0x0 0x911f44 0x511430 0x485630 0x0
GetScrollInfo 0x0 0x911f48 0x511434 0x485634 0x0
SetWindowTextW 0x0 0x911f4c 0x511438 0x485638 0x0
GetMessageExtraInfo 0x0 0x911f50 0x51143c 0x48563c 0x0
GetSysColor 0x0 0x911f54 0x511440 0x485640 0x0
EnableScrollBar 0x0 0x911f58 0x511444 0x485644 0x0
TrackPopupMenu 0x0 0x911f5c 0x511448 0x485648 0x0
keybd_event 0x0 0x911f60 0x51144c 0x48564c 0x0
DrawIconEx 0x0 0x911f64 0x511450 0x485650 0x0
GetClassNameW 0x0 0x911f68 0x511454 0x485654 0x0
GetMessagePos 0x0 0x911f6c 0x511458 0x485658 0x0
GetIconInfo 0x0 0x911f70 0x51145c 0x48565c 0x0
SetScrollInfo 0x0 0x911f74 0x511460 0x485660 0x0
GetKeyNameTextW 0x0 0x911f78 0x511464 0x485664 0x0
GetDesktopWindow 0x0 0x911f7c 0x511468 0x485668 0x0
SetCursorPos 0x0 0x911f80 0x51146c 0x48566c 0x0
GetCursorPos 0x0 0x911f84 0x511470 0x485670 0x0
SetMenu 0x0 0x911f88 0x511474 0x485674 0x0
GetMenuState 0x0 0x911f8c 0x511478 0x485678 0x0
GetMenu 0x0 0x911f90 0x51147c 0x48567c 0x0
SetRect 0x0 0x911f94 0x511480 0x485680 0x0
GetKeyState 0x0 0x911f98 0x511484 0x485684 0x0
GetCursor 0x0 0x911f9c 0x511488 0x485688 0x0
KillTimer 0x0 0x911fa0 0x51148c 0x48568c 0x0
WaitMessage 0x0 0x911fa4 0x511490 0x485690 0x0
TranslateMDISysAccel 0x0 0x911fa8 0x511494 0x485694 0x0
GetWindowPlacement 0x0 0x911fac 0x511498 0x485698 0x0
CreateWindowExW 0x0 0x911fb0 0x51149c 0x48569c 0x0
ChildWindowFromPoint 0x0 0x911fb4 0x5114a0 0x4856a0 0x0
OpenDesktopW 0x0 0x911fb8 0x5114a4 0x4856a4 0x0
GetMessageW 0x0 0x911fbc 0x5114a8 0x4856a8 0x0
GetDCEx 0x0 0x911fc0 0x5114ac 0x4856ac 0x0
PeekMessageW 0x0 0x911fc4 0x5114b0 0x4856b0 0x0
MonitorFromWindow 0x0 0x911fc8 0x5114b4 0x4856b4 0x0
GetUpdateRect 0x0 0x911fcc 0x5114b8 0x4856b8 0x0
AnimateWindow 0x0 0x911fd0 0x5114bc 0x4856bc 0x0
SetTimer 0x0 0x911fd4 0x5114c0 0x4856c0 0x0
WindowFromPoint 0x0 0x911fd8 0x5114c4 0x4856c4 0x0
BeginPaint 0x0 0x911fdc 0x5114c8 0x4856c8 0x0
RegisterClipboardFormatW 0x0 0x911fe0 0x5114cc 0x4856cc 0x0
DrawAnimatedRects 0x0 0x911fe4 0x5114d0 0x4856d0 0x0
MapVirtualKeyW 0x0 0x911fe8 0x5114d4 0x4856d4 0x0
OffsetRect 0x0 0x911fec 0x5114d8 0x4856d8 0x0
IsWindowUnicode 0x0 0x911ff0 0x5114dc 0x4856dc 0x0
CharToOemA 0x0 0x911ff4 0x5114e0 0x4856e0 0x0
DispatchMessageW 0x0 0x911ff8 0x5114e4 0x4856e4 0x0
CreateAcceleratorTableW 0x0 0x911ffc 0x5114e8 0x4856e8 0x0
DefMDIChildProcW 0x0 0x912000 0x5114ec 0x4856ec 0x0
GetSystemMenu 0x0 0x912004 0x5114f0 0x4856f0 0x0
SetScrollPos 0x0 0x912008 0x5114f4 0x4856f4 0x0
GetScrollPos 0x0 0x91200c 0x5114f8 0x4856f8 0x0
InflateRect 0x0 0x912010 0x5114fc 0x4856fc 0x0
DrawFocusRect 0x0 0x912014 0x511500 0x485700 0x0
ReleaseCapture 0x0 0x912018 0x511504 0x485704 0x0
SendInput 0x0 0x91201c 0x511508 0x485708 0x0
LoadCursorW 0x0 0x912020 0x51150c 0x48570c 0x0
GetGUIThreadInfo 0x0 0x912024 0x511510 0x485710 0x0
ScrollWindow 0x0 0x912028 0x511514 0x485714 0x0
GetLastActivePopup 0x0 0x91202c 0x511518 0x485718 0x0
GetCursorInfo 0x0 0x912030 0x51151c 0x48571c 0x0
GetSystemMetrics 0x0 0x912034 0x511520 0x485720 0x0
CharUpperBuffW 0x0 0x912038 0x511524 0x485724 0x0
ClientToScreen 0x0 0x91203c 0x511528 0x485728 0x0
SetClipboardData 0x0 0x912040 0x51152c 0x48572c 0x0
GetClipboardData 0x0 0x912044 0x511530 0x485730 0x0
SetWindowPlacement 0x0 0x912048 0x511534 0x485734 0x0
GetMonitorInfoW 0x0 0x91204c 0x511538 0x485738 0x0
CheckMenuItem 0x0 0x912050 0x51153c 0x48573c 0x0
CharUpperW 0x0 0x912054 0x511540 0x485740 0x0
DefWindowProcW 0x0 0x912058 0x511544 0x485744 0x0
GetForegroundWindow 0x0 0x91205c 0x511548 0x485748 0x0
EnableWindow 0x0 0x912060 0x51154c 0x48574c 0x0
GetWindowThreadProcessId 0x0 0x912064 0x511550 0x485750 0x0
RedrawWindow 0x0 0x912068 0x511554 0x485754 0x0
EndPaint 0x0 0x91206c 0x511558 0x485758 0x0
MsgWaitForMultipleObjectsEx 0x0 0x912070 0x51155c 0x48575c 0x0
LoadKeyboardLayoutW 0x0 0x912074 0x511560 0x485760 0x0
ActivateKeyboardLayout 0x0 0x912078 0x511564 0x485764 0x0
DestroyAcceleratorTable 0x0 0x91207c 0x511568 0x485768 0x0
SetClipboardViewer 0x0 0x912080 0x51156c 0x48576c 0x0
GetParent 0x0 0x912084 0x511570 0x485770 0x0
CreateCaret 0x0 0x912088 0x511574 0x485774 0x0
MonitorFromRect 0x0 0x91208c 0x511578 0x485778 0x0
InsertMenuItemW 0x0 0x912090 0x51157c 0x48577c 0x0
GetPropW 0x0 0x912094 0x511580 0x485780 0x0
MessageBoxW 0x0 0x912098 0x511584 0x485784 0x0
SetPropW 0x0 0x91209c 0x511588 0x485788 0x0
UpdateWindow 0x0 0x9120a0 0x51158c 0x48578c 0x0
MsgWaitForMultipleObjects 0x0 0x9120a4 0x511590 0x485790 0x0
OemToCharA 0x0 0x9120a8 0x511594 0x485794 0x0
DestroyMenu 0x0 0x9120ac 0x511598 0x485798 0x0
SetWindowsHookExW 0x0 0x9120b0 0x51159c 0x48579c 0x0
GetDoubleClickTime 0x0 0x9120b4 0x5115a0 0x4857a0 0x0
EmptyClipboard 0x0 0x9120b8 0x5115a4 0x4857a4 0x0
GetAncestor 0x0 0x9120bc 0x5115a8 0x4857a8 0x0
GetDlgItem 0x0 0x9120c0 0x5115ac 0x4857ac 0x0
AdjustWindowRectEx 0x0 0x9120c4 0x5115b0 0x4857b0 0x0
IsWindow 0x0 0x9120c8 0x5115b4 0x4857b4 0x0
DrawIcon 0x0 0x9120cc 0x5115b8 0x4857b8 0x0
EnumThreadWindows 0x0 0x9120d0 0x5115bc 0x4857bc 0x0
InvalidateRect 0x0 0x9120d4 0x5115c0 0x4857c0 0x0
SetKeyboardState 0x0 0x9120d8 0x5115c4 0x4857c4 0x0
GetKeyboardState 0x0 0x9120dc 0x5115c8 0x4857c8 0x0
ScreenToClient 0x0 0x9120e0 0x5115cc 0x4857cc 0x0
DrawFrameControl 0x0 0x9120e4 0x5115d0 0x4857d0 0x0
BringWindowToTop 0x0 0x9120e8 0x5115d4 0x4857d4 0x0
SetCursor 0x0 0x9120ec 0x5115d8 0x4857d8 0x0
CreateIcon 0x0 0x9120f0 0x5115dc 0x4857dc 0x0
RemoveMenu 0x0 0x9120f4 0x5115e0 0x4857e0 0x0
GetKeyboardLayoutNameW 0x0 0x9120f8 0x5115e4 0x4857e4 0x0
OpenClipboard 0x0 0x9120fc 0x5115e8 0x4857e8 0x0
TranslateMessage 0x0 0x912100 0x5115ec 0x4857ec 0x0
MapWindowPoints 0x0 0x912104 0x5115f0 0x4857f0 0x0
EnumDisplayMonitors 0x0 0x912108 0x5115f4 0x4857f4 0x0
CallWindowProcW 0x0 0x91210c 0x5115f8 0x4857f8 0x0
CountClipboardFormats 0x0 0x912110 0x5115fc 0x4857fc 0x0
CloseClipboard 0x0 0x912114 0x511600 0x485800 0x0
DestroyCursor 0x0 0x912118 0x511604 0x485804 0x0
CharUpperBuffA 0x0 0x91211c 0x511608 0x485808 0x0
CopyIcon 0x0 0x912120 0x51160c 0x48580c 0x0
PostQuitMessage 0x0 0x912124 0x511610 0x485810 0x0
GetProcessWindowStation 0x0 0x912128 0x511614 0x485814 0x0
ShowScrollBar 0x0 0x91212c 0x511618 0x485818 0x0
LoadImageW 0x0 0x912130 0x51161c 0x48581c 0x0
EnableMenuItem 0x0 0x912134 0x511620 0x485820 0x0
HideCaret 0x0 0x912138 0x511624 0x485824 0x0
FindWindowExW 0x0 0x91213c 0x511628 0x485828 0x0
MonitorFromPoint 0x0 0x912140 0x51162c 0x48582c 0x0
LoadIconW 0x0 0x912144 0x511630 0x485830 0x0
SystemParametersInfoW 0x0 0x912148 0x511634 0x485834 0x0
GetWindow 0x0 0x91214c 0x511638 0x485838 0x0
GetWindowLongW 0x0 0x912150 0x51163c 0x48583c 0x0
GetWindowRect 0x0 0x912154 0x511640 0x485840 0x0
InsertMenuW 0x0 0x912158 0x511644 0x485844 0x0
PostThreadMessageW 0x0 0x91215c 0x511648 0x485848 0x0
IsWindowEnabled 0x0 0x912160 0x51164c 0x48584c 0x0
IsDialogMessageA 0x0 0x912164 0x511650 0x485850 0x0
FindWindowW 0x0 0x912168 0x511654 0x485854 0x0
DeleteMenu 0x0 0x91216c 0x511658 0x485858 0x0
GetUserObjectInformationW 0x0 0x912170 0x51165c 0x48585c 0x0
GetKeyboardLayout 0x0 0x912174 0x511660 0x485860 0x0
version.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoSizeW 0x0 0x91217c 0x511668 0x485868 0x0
VerQueryValueW 0x0 0x912180 0x51166c 0x48586c 0x0
GetFileVersionInfoW 0x0 0x912184 0x511670 0x485870 0x0
oledlg.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleUIPasteSpecialW 0x0 0x91218c 0x511678 0x485878 0x0
OleUIObjectPropertiesW 0x0 0x912190 0x51167c 0x48587c 0x0
OleUIInsertObjectW 0x0 0x912194 0x511680 0x485880 0x0
oleaut32.dll (20)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SafeArrayPutElement 0x0 0x91219c 0x511688 0x485888 0x0
SetErrorInfo 0x0 0x9121a0 0x51168c 0x48588c 0x0
GetErrorInfo 0x0 0x9121a4 0x511690 0x485890 0x0
VariantInit 0x0 0x9121a8 0x511694 0x485894 0x0
VariantClear 0x0 0x9121ac 0x511698 0x485898 0x0
SysFreeString 0x0 0x9121b0 0x51169c 0x48589c 0x0
SafeArrayAccessData 0x0 0x9121b4 0x5116a0 0x4858a0 0x0
SysReAllocStringLen 0x0 0x9121b8 0x5116a4 0x4858a4 0x0
SafeArrayCreate 0x0 0x9121bc 0x5116a8 0x4858a8 0x0
CreateErrorInfo 0x0 0x9121c0 0x5116ac 0x4858ac 0x0
SafeArrayGetElement 0x0 0x9121c4 0x5116b0 0x4858b0 0x0
GetActiveObject 0x0 0x9121c8 0x5116b4 0x4858b4 0x0
SysAllocStringLen 0x0 0x9121cc 0x5116b8 0x4858b8 0x0
SafeArrayUnaccessData 0x0 0x9121d0 0x5116bc 0x4858bc 0x0
SafeArrayPtrOfIndex 0x0 0x9121d4 0x5116c0 0x4858c0 0x0
VariantCopy 0x0 0x9121d8 0x5116c4 0x4858c4 0x0
SafeArrayGetUBound 0x0 0x9121dc 0x5116c8 0x4858c8 0x0
SafeArrayGetLBound 0x0 0x9121e0 0x5116cc 0x4858cc 0x0
VariantCopyInd 0x0 0x9121e4 0x5116d0 0x4858d0 0x0
VariantChangeType 0x0 0x9121e8 0x5116d4 0x4858d4 0x0
advapi32.dll (32)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExW 0x0 0x9121f0 0x5116dc 0x4858dc 0x0
RegConnectRegistryW 0x0 0x9121f4 0x5116e0 0x4858e0 0x0
CryptDecrypt 0x0 0x9121f8 0x5116e4 0x4858e4 0x0
CryptEncrypt 0x0 0x9121fc 0x5116e8 0x4858e8 0x0
GetUserNameW 0x0 0x912200 0x5116ec 0x4858ec 0x0
LookupAccountNameW 0x0 0x912204 0x5116f0 0x4858f0 0x0
RegQueryInfoKeyW 0x0 0x912208 0x5116f4 0x4858f4 0x0
RegUnLoadKeyW 0x0 0x91220c 0x5116f8 0x4858f8 0x0
RegSaveKeyW 0x0 0x912210 0x5116fc 0x4858fc 0x0
RegReplaceKeyW 0x0 0x912214 0x511700 0x485900 0x0
SetTokenInformation 0x0 0x912218 0x511704 0x485904 0x0
RegCreateKeyExW 0x0 0x91221c 0x511708 0x485908 0x0
SetSecurityDescriptorDacl 0x0 0x912220 0x51170c 0x48590c 0x0
RevertToSelf 0x0 0x912224 0x511710 0x485910 0x0
RegLoadKeyW 0x0 0x912228 0x511714 0x485914 0x0
RegEnumKeyExW 0x0 0x91222c 0x511718 0x485918 0x0
RegDeleteKeyW 0x0 0x912230 0x51171c 0x48591c 0x0
RegOpenKeyExW 0x0 0x912234 0x511720 0x485920 0x0
RegOpenKeyExA 0x0 0x912238 0x511724 0x485924 0x0
OpenProcessToken 0x0 0x91223c 0x511728 0x485928 0x0
AllocateAndInitializeSid 0x0 0x912240 0x51172c 0x48592c 0x0
FreeSid 0x0 0x912244 0x511730 0x485930 0x0
RegDeleteValueW 0x0 0x912248 0x511734 0x485934 0x0
ImpersonateLoggedOnUser 0x0 0x91224c 0x511738 0x485938 0x0
RegFlushKey 0x0 0x912250 0x51173c 0x48593c 0x0
RegQueryValueExA 0x0 0x912254 0x511740 0x485940 0x0
RegQueryValueExW 0x0 0x912258 0x511744 0x485944 0x0
RegEnumValueW 0x0 0x91225c 0x511748 0x485948 0x0
ConvertSidToStringSidW 0x0 0x912260 0x51174c 0x48594c 0x0
InitializeSecurityDescriptor 0x0 0x912264 0x511750 0x485950 0x0
RegCloseKey 0x0 0x912268 0x511754 0x485954 0x0
RegRestoreKeyW 0x0 0x91226c 0x511758 0x485958 0x0
netapi32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NetWkstaGetInfo 0x0 0x912274 0x511760 0x485960 0x0
NetApiBufferFree 0x0 0x912278 0x511764 0x485964 0x0
msvcrt.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
memcpy 0x0 0x912280 0x51176c 0x48596c 0x0
memset 0x0 0x912284 0x511770 0x485970 0x0
kernel32.dll (175)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetFileAttributesW 0x0 0x91228c 0x511778 0x485978 0x0
GetFileType 0x0 0x912290 0x51177c 0x48597c 0x0
SetFileTime 0x0 0x912294 0x511780 0x485980 0x0
QueryDosDeviceW 0x0 0x912298 0x511784 0x485984 0x0
GetACP 0x0 0x91229c 0x511788 0x485988 0x0
GetExitCodeProcess 0x0 0x9122a0 0x51178c 0x48598c 0x0
GetStringTypeExW 0x0 0x9122a4 0x511790 0x485990 0x0
CloseHandle 0x0 0x9122a8 0x511794 0x485994 0x0
LocalFree 0x0 0x9122ac 0x511798 0x485998 0x0
GetCurrentProcessId 0x0 0x9122b0 0x51179c 0x48599c 0x0
GetSystemDefaultLangID 0x0 0x9122b4 0x5117a0 0x4859a0 0x0
SizeofResource 0x0 0x9122b8 0x5117a4 0x4859a4 0x0
VirtualProtect 0x0 0x9122bc 0x5117a8 0x4859a8 0x0
CreateSemaphoreW 0x0 0x9122c0 0x5117ac 0x4859ac 0x0
SetEnvironmentVariableW 0x0 0x9122c4 0x5117b0 0x4859b0 0x0
ReadProcessMemory 0x0 0x9122c8 0x5117b4 0x4859b4 0x0
QueryPerformanceFrequency 0x0 0x9122cc 0x5117b8 0x4859b8 0x0
SetHandleInformation 0x0 0x9122d0 0x5117bc 0x4859bc 0x0
IsDebuggerPresent 0x0 0x9122d4 0x5117c0 0x4859c0 0x0
FindNextFileW 0x0 0x9122d8 0x5117c4 0x4859c4 0x0
GetFullPathNameW 0x0 0x9122dc 0x5117c8 0x4859c8 0x0
VirtualFree 0x0 0x9122e0 0x5117cc 0x4859cc 0x0
HeapAlloc 0x0 0x9122e4 0x5117d0 0x4859d0 0x0
ExitProcess 0x0 0x9122e8 0x5117d4 0x4859d4 0x0
GetCPInfoExW 0x0 0x9122ec 0x5117d8 0x4859d8 0x0
GlobalSize 0x0 0x9122f0 0x5117dc 0x4859dc 0x0
RtlUnwind 0x0 0x9122f4 0x5117e0 0x4859e0 0x0
GetCPInfo 0x0 0x9122f8 0x5117e4 0x4859e4 0x0
EnumSystemLocalesW 0x0 0x9122fc 0x5117e8 0x4859e8 0x0
GetStdHandle 0x0 0x912300 0x5117ec 0x4859ec 0x0
GetTimeZoneInformation 0x0 0x912304 0x5117f0 0x4859f0 0x0
DisconnectNamedPipe 0x0 0x912308 0x5117f4 0x4859f4 0x0
FileTimeToLocalFileTime 0x0 0x91230c 0x5117f8 0x4859f8 0x0
GetModuleHandleW 0x0 0x912310 0x5117fc 0x4859fc 0x0
FreeLibrary 0x0 0x912314 0x511800 0x485a00 0x0
TryEnterCriticalSection 0x0 0x912318 0x511804 0x485a04 0x0
HeapDestroy 0x0 0x91231c 0x511808 0x485a08 0x0
FileTimeToDosDateTime 0x0 0x912320 0x51180c 0x485a0c 0x0
ReadFile 0x0 0x912324 0x511810 0x485a10 0x0
GetUserDefaultLCID 0x0 0x912328 0x511814 0x485a14 0x0
CreateProcessW 0x0 0x91232c 0x511818 0x485a18 0x0
HeapSize 0x0 0x912330 0x51181c 0x485a1c 0x0
GetLastError 0x0 0x912334 0x511820 0x485a20 0x0
GetModuleFileNameW 0x0 0x912338 0x511824 0x485a24 0x0
WaitNamedPipeW 0x0 0x91233c 0x511828 0x485a28 0x0
SetLastError 0x0 0x912340 0x51182c 0x485a2c 0x0
GlobalAlloc 0x0 0x912344 0x511830 0x485a30 0x0
GlobalUnlock 0x0 0x912348 0x511834 0x485a34 0x0
FindResourceW 0x0 0x91234c 0x511838 0x485a38 0x0
GetUserGeoID 0x0 0x912350 0x51183c 0x485a3c 0x0
CreateThread 0x0 0x912354 0x511840 0x485a40 0x0
CompareStringW 0x0 0x912358 0x511844 0x485a44 0x0
CopyFileW 0x0 0x91235c 0x511848 0x485a48 0x0
GetGeoInfoW 0x0 0x912360 0x51184c 0x485a4c 0x0
MapViewOfFile 0x0 0x912364 0x511850 0x485a50 0x0
CreateMutexW 0x0 0x912368 0x511854 0x485a54 0x0
LoadLibraryA 0x0 0x91236c 0x511858 0x485a58 0x0
GetVolumeInformationW 0x0 0x912370 0x51185c 0x485a5c 0x0
ResetEvent 0x0 0x912374 0x511860 0x485a60 0x0
MulDiv 0x0 0x912378 0x511864 0x485a64 0x0
OpenEventW 0x0 0x91237c 0x511868 0x485a68 0x0
FreeResource 0x0 0x912380 0x51186c 0x485a6c 0x0
GetComputerNameExW 0x0 0x912384 0x511870 0x485a70 0x0
GetDriveTypeW 0x0 0x912388 0x511874 0x485a74 0x0
GetVersion 0x0 0x91238c 0x511878 0x485a78 0x0
RaiseException 0x0 0x912390 0x51187c 0x485a7c 0x0
GlobalAddAtomW 0x0 0x912394 0x511880 0x485a80 0x0
FormatMessageW 0x0 0x912398 0x511884 0x485a84 0x0
OpenProcess 0x0 0x91239c 0x511888 0x485a88 0x0
SwitchToThread 0x0 0x9123a0 0x51188c 0x485a8c 0x0
GetExitCodeThread 0x0 0x9123a4 0x511890 0x485a90 0x0
OutputDebugStringW 0x0 0x9123a8 0x511894 0x485a94 0x0
GetCurrentThread 0x0 0x9123ac 0x511898 0x485a98 0x0
LockResource 0x0 0x9123b0 0x51189c 0x485a9c 0x0
LoadLibraryExW 0x0 0x9123b4 0x5118a0 0x485aa0 0x0
TerminateProcess 0x0 0x9123b8 0x5118a4 0x485aa4 0x0
SetPriorityClass 0x0 0x9123bc 0x5118a8 0x485aa8 0x0
FileTimeToSystemTime 0x0 0x9123c0 0x5118ac 0x485aac 0x0
GetCurrentThreadId 0x0 0x9123c4 0x5118b0 0x485ab0 0x0
MoveFileExW 0x0 0x9123c8 0x5118b4 0x485ab4 0x0
UnhandledExceptionFilter 0x0 0x9123cc 0x5118b8 0x485ab8 0x0
PeekNamedPipe 0x0 0x9123d0 0x5118bc 0x485abc 0x0
GlobalFindAtomW 0x0 0x9123d4 0x5118c0 0x485ac0 0x0
VirtualQuery 0x0 0x9123d8 0x5118c4 0x485ac4 0x0
GlobalFree 0x0 0x9123dc 0x5118c8 0x485ac8 0x0
VirtualQueryEx 0x0 0x9123e0 0x5118cc 0x485acc 0x0
Sleep 0x0 0x9123e4 0x5118d0 0x485ad0 0x0
EnterCriticalSection 0x0 0x9123e8 0x5118d4 0x485ad4 0x0
SetFilePointer 0x0 0x9123ec 0x5118d8 0x485ad8 0x0
FlushFileBuffers 0x0 0x9123f0 0x5118dc 0x485adc 0x0
GetStringTypeExA 0x0 0x9123f4 0x5118e0 0x485ae0 0x0
LoadResource 0x0 0x9123f8 0x5118e4 0x485ae4 0x0
SuspendThread 0x0 0x9123fc 0x5118e8 0x485ae8 0x0
GetTickCount 0x0 0x912400 0x5118ec 0x485aec 0x0
WritePrivateProfileStringW 0x0 0x912404 0x5118f0 0x485af0 0x0
WaitForMultipleObjects 0x0 0x912408 0x5118f4 0x485af4 0x0
GetFileSize 0x0 0x91240c 0x5118f8 0x485af8 0x0
GlobalDeleteAtom 0x0 0x912410 0x5118fc 0x485afc 0x0
GetStartupInfoW 0x0 0x912414 0x511900 0x485b00 0x0
GetFileAttributesW 0x0 0x912418 0x511904 0x485b04 0x0
InitializeCriticalSection 0x0 0x91241c 0x511908 0x485b08 0x0
GetThreadPriority 0x0 0x912420 0x51190c 0x485b0c 0x0
GetCurrentProcess 0x0 0x912424 0x511910 0x485b10 0x0
GlobalLock 0x0 0x912428 0x511914 0x485b14 0x0
SetThreadPriority 0x0 0x91242c 0x511918 0x485b18 0x0
VirtualAlloc 0x0 0x912430 0x51191c 0x485b1c 0x0
GetTempPathW 0x0 0x912434 0x511920 0x485b20 0x0
GetCommandLineW 0x0 0x912438 0x511924 0x485b24 0x0
GetSystemInfo 0x0 0x91243c 0x511928 0x485b28 0x0
LeaveCriticalSection 0x0 0x912440 0x51192c 0x485b2c 0x0
GetProcAddress 0x0 0x912444 0x511930 0x485b30 0x0
ResumeThread 0x0 0x912448 0x511934 0x485b34 0x0
VirtualAllocEx 0x0 0x91244c 0x511938 0x485b38 0x0
GetLogicalDriveStringsW 0x0 0x912450 0x51193c 0x485b3c 0x0
GetVersionExW 0x0 0x912454 0x511940 0x485b40 0x0
GetModuleHandleA 0x0 0x912458 0x511944 0x485b44 0x0
VerifyVersionInfoW 0x0 0x91245c 0x511948 0x485b48 0x0
HeapCreate 0x0 0x912460 0x51194c 0x485b4c 0x0
LCMapStringW 0x0 0x912464 0x511950 0x485b50 0x0
GetDiskFreeSpaceW 0x0 0x912468 0x511954 0x485b54 0x0
VerSetConditionMask 0x0 0x91246c 0x511958 0x485b58 0x0
FindFirstFileW 0x0 0x912470 0x51195c 0x485b5c 0x0
GetUserDefaultUILanguage 0x0 0x912474 0x511960 0x485b60 0x0
GetConsoleOutputCP 0x0 0x912478 0x511964 0x485b64 0x0
UnmapViewOfFile 0x0 0x91247c 0x511968 0x485b68 0x0
GetConsoleCP 0x0 0x912480 0x51196c 0x485b6c 0x0
SetProcessShutdownParameters 0x0 0x912484 0x511970 0x485b70 0x0
lstrlenW 0x0 0x912488 0x511974 0x485b74 0x0
CompareStringA 0x0 0x91248c 0x511978 0x485b78 0x0
SetEndOfFile 0x0 0x912490 0x51197c 0x485b7c 0x0
QueryPerformanceCounter 0x0 0x912494 0x511980 0x485b80 0x0
lstrcmpW 0x0 0x912498 0x511984 0x485b84 0x0
HeapFree 0x0 0x91249c 0x511988 0x485b88 0x0
WideCharToMultiByte 0x0 0x9124a0 0x51198c 0x485b8c 0x0
FindClose 0x0 0x9124a4 0x511990 0x485b90 0x0
MultiByteToWideChar 0x0 0x9124a8 0x511994 0x485b94 0x0
LoadLibraryW 0x0 0x9124ac 0x511998 0x485b98 0x0
SetEvent 0x0 0x9124b0 0x51199c 0x485b9c 0x0
ReleaseSemaphore 0x0 0x9124b4 0x5119a0 0x485ba0 0x0
GetLocaleInfoW 0x0 0x9124b8 0x5119a4 0x485ba4 0x0
CreateFileW 0x0 0x9124bc 0x5119a8 0x485ba8 0x0
SystemTimeToFileTime 0x0 0x9124c0 0x5119ac 0x485bac 0x0
EnumResourceNamesW 0x0 0x9124c4 0x5119b0 0x485bb0 0x0
GetSystemDirectoryW 0x0 0x9124c8 0x5119b4 0x485bb4 0x0
DeleteFileW 0x0 0x9124cc 0x5119b8 0x485bb8 0x0
IsDBCSLeadByteEx 0x0 0x9124d0 0x5119bc 0x485bbc 0x0
ConnectNamedPipe 0x0 0x9124d4 0x5119c0 0x485bc0 0x0
GetEnvironmentVariableW 0x0 0x9124d8 0x5119c4 0x485bc4 0x0
GetLocalTime 0x0 0x9124dc 0x5119c8 0x485bc8 0x0
WaitForSingleObject 0x0 0x9124e0 0x5119cc 0x485bcc 0x0
WriteFile 0x0 0x9124e4 0x5119d0 0x485bd0 0x0
CreateFileMappingW 0x0 0x9124e8 0x5119d4 0x485bd4 0x0
CreateNamedPipeW 0x0 0x9124ec 0x5119d8 0x485bd8 0x0
ExitThread 0x0 0x9124f0 0x5119dc 0x485bdc 0x0
CreatePipe 0x0 0x9124f4 0x5119e0 0x485be0 0x0
DeleteCriticalSection 0x0 0x9124f8 0x5119e4 0x485be4 0x0
GetDateFormatW 0x0 0x9124fc 0x5119e8 0x485be8 0x0
TlsGetValue 0x0 0x912500 0x5119ec 0x485bec 0x0
SetErrorMode 0x0 0x912504 0x5119f0 0x485bf0 0x0
GetComputerNameW 0x0 0x912508 0x5119f4 0x485bf4 0x0
IsValidLocale 0x0 0x91250c 0x5119f8 0x485bf8 0x0
SleepEx 0x0 0x912510 0x5119fc 0x485bfc 0x0
TlsSetValue 0x0 0x912514 0x511a00 0x485c00 0x0
VirtualFreeEx 0x0 0x912518 0x511a04 0x485c04 0x0
CreateDirectoryW 0x0 0x91251c 0x511a08 0x485c08 0x0
GetSystemDefaultUILanguage 0x0 0x912520 0x511a0c 0x485c0c 0x0
EnumCalendarInfoW 0x0 0x912524 0x511a10 0x485c10 0x0
LocalAlloc 0x0 0x912528 0x511a14 0x485c14 0x0
OpenSemaphoreW 0x0 0x91252c 0x511a18 0x485c18 0x0
RemoveDirectoryW 0x0 0x912530 0x511a1c 0x485c1c 0x0
CreateEventW 0x0 0x912534 0x511a20 0x485c20 0x0
GetPrivateProfileStringW 0x0 0x912538 0x511a24 0x485c24 0x0
WaitForMultipleObjectsEx 0x0 0x91253c 0x511a28 0x485c28 0x0
GetThreadLocale 0x0 0x912540 0x511a2c 0x485c2c 0x0
SetThreadLocale 0x0 0x912544 0x511a30 0x485c30 0x0
SHFolder.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetFolderPathW 0x0 0x91254c 0x511a38 0x485c38 0x0
ole32.dll (35)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleCreateLinkToFile 0x0 0x912554 0x511a40 0x485c40 0x0
StgCreateDocfileOnILockBytes 0x0 0x912558 0x511a44 0x485c44 0x0
OleRegEnumVerbs 0x0 0x91255c 0x511a48 0x485c48 0x0
CreateBindCtx 0x0 0x912560 0x511a4c 0x485c4c 0x0
OleCreateStaticFromData 0x0 0x912564 0x511a50 0x485c50 0x0
CoCreateInstance 0x0 0x912568 0x511a54 0x485c54 0x0
OleCreate 0x0 0x91256c 0x511a58 0x485c58 0x0
IsEqualGUID 0x0 0x912570 0x511a5c 0x485c5c 0x0
CreateStreamOnHGlobal 0x0 0x912574 0x511a60 0x485c60 0x0
CreateILockBytesOnHGlobal 0x0 0x912578 0x511a64 0x485c64 0x0
CLSIDFromProgID 0x0 0x91257c 0x511a68 0x485c68 0x0
OleCreateFromData 0x0 0x912580 0x511a6c 0x485c6c 0x0
CoGetClassObject 0x0 0x912584 0x511a70 0x485c70 0x0
CoInitialize 0x0 0x912588 0x511a74 0x485c74 0x0
OleDraw 0x0 0x91258c 0x511a78 0x485c78 0x0
CoTaskMemAlloc 0x0 0x912590 0x511a7c 0x485c7c 0x0
StringFromCLSID 0x0 0x912594 0x511a80 0x485c80 0x0
DoDragDrop 0x0 0x912598 0x511a84 0x485c84 0x0
RevokeDragDrop 0x0 0x91259c 0x511a88 0x485c88 0x0
IsAccelerator 0x0 0x9125a0 0x511a8c 0x485c8c 0x0
OleGetIconOfClass 0x0 0x9125a4 0x511a90 0x485c90 0x0
CoUninitialize 0x0 0x9125a8 0x511a94 0x485c94 0x0
ReleaseStgMedium 0x0 0x9125ac 0x511a98 0x485c98 0x0
OleCreateFromFile 0x0 0x9125b0 0x511a9c 0x485c9c 0x0
RegisterDragDrop 0x0 0x9125b4 0x511aa0 0x485ca0 0x0
CoLockObjectExternal 0x0 0x9125b8 0x511aa4 0x485ca4 0x0
CoFreeUnusedLibraries 0x0 0x9125bc 0x511aa8 0x485ca8 0x0
ProgIDFromCLSID 0x0 0x9125c0 0x511aac 0x485cac 0x0
OleSetContainedObject 0x0 0x9125c4 0x511ab0 0x485cb0 0x0
OleInitialize 0x0 0x9125c8 0x511ab4 0x485cb4 0x0
CoInitializeEx 0x0 0x9125cc 0x511ab8 0x485cb8 0x0
OleUninitialize 0x0 0x9125d0 0x511abc 0x485cbc 0x0
OleCreateLinkFromData 0x0 0x9125d4 0x511ac0 0x485cc0 0x0
CoTaskMemFree 0x0 0x9125d8 0x511ac4 0x485cc4 0x0
OleSetMenuDescriptor 0x0 0x9125dc 0x511ac8 0x485cc8 0x0
msacm32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
acmMetrics 0x0 0x9125e4 0x511ad0 0x485cd0 0x0
gdi32.dll (109)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Pie 0x0 0x9125ec 0x511ad8 0x485cd8 0x0
SetBkMode 0x0 0x9125f0 0x511adc 0x485cdc 0x0
CreateCompatibleBitmap 0x0 0x9125f4 0x511ae0 0x485ce0 0x0
GetEnhMetaFileHeader 0x0 0x9125f8 0x511ae4 0x485ce4 0x0
CloseEnhMetaFile 0x0 0x9125fc 0x511ae8 0x485ce8 0x0
RectVisible 0x0 0x912600 0x511aec 0x485cec 0x0
AngleArc 0x0 0x912604 0x511af0 0x485cf0 0x0
CloseMetaFile 0x0 0x912608 0x511af4 0x485cf4 0x0
ResizePalette 0x0 0x91260c 0x511af8 0x485cf8 0x0
CreateMetaFileW 0x0 0x912610 0x511afc 0x485cfc 0x0
SetAbortProc 0x0 0x912614 0x511b00 0x485d00 0x0
SetTextColor 0x0 0x912618 0x511b04 0x485d04 0x0
StretchBlt 0x0 0x91261c 0x511b08 0x485d08 0x0
RoundRect 0x0 0x912620 0x511b0c 0x485d0c 0x0
SelectClipRgn 0x0 0x912624 0x511b10 0x485d10 0x0
RestoreDC 0x0 0x912628 0x511b14 0x485d14 0x0
SetRectRgn 0x0 0x91262c 0x511b18 0x485d18 0x0
GetTextMetricsW 0x0 0x912630 0x511b1c 0x485d1c 0x0
GetWindowOrgEx 0x0 0x912634 0x511b20 0x485d20 0x0
CreatePalette 0x0 0x912638 0x511b24 0x485d24 0x0
PolyBezierTo 0x0 0x91263c 0x511b28 0x485d28 0x0
CreateICW 0x0 0x912640 0x511b2c 0x485d2c 0x0
CreateDCW 0x0 0x912644 0x511b30 0x485d30 0x0
GetStockObject 0x0 0x912648 0x511b34 0x485d34 0x0
CreateSolidBrush 0x0 0x91264c 0x511b38 0x485d38 0x0
Polygon 0x0 0x912650 0x511b3c 0x485d3c 0x0
MoveToEx 0x0 0x912654 0x511b40 0x485d40 0x0
PlayEnhMetaFile 0x0 0x912658 0x511b44 0x485d44 0x0
Ellipse 0x0 0x91265c 0x511b48 0x485d48 0x0
StartPage 0x0 0x912660 0x511b4c 0x485d4c 0x0
GetBitmapBits 0x0 0x912664 0x511b50 0x485d50 0x0
StartDocW 0x0 0x912668 0x511b54 0x485d54 0x0
AbortDoc 0x0 0x91266c 0x511b58 0x485d58 0x0
GetSystemPaletteEntries 0x0 0x912670 0x511b5c 0x485d5c 0x0
GetEnhMetaFileBits 0x0 0x912674 0x511b60 0x485d60 0x0
GetEnhMetaFilePaletteEntries 0x0 0x912678 0x511b64 0x485d64 0x0
CreatePenIndirect 0x0 0x91267c 0x511b68 0x485d68 0x0
SetMapMode 0x0 0x912680 0x511b6c 0x485d6c 0x0
CreateFontIndirectW 0x0 0x912684 0x511b70 0x485d70 0x0
PolyBezier 0x0 0x912688 0x511b74 0x485d74 0x0
LPtoDP 0x0 0x91268c 0x511b78 0x485d78 0x0
DeleteMetaFile 0x0 0x912690 0x511b7c 0x485d7c 0x0
EndDoc 0x0 0x912694 0x511b80 0x485d80 0x0
GetObjectW 0x0 0x912698 0x511b84 0x485d84 0x0
GetWinMetaFileBits 0x0 0x91269c 0x511b88 0x485d88 0x0
SetROP2 0x0 0x9126a0 0x511b8c 0x485d8c 0x0
GetEnhMetaFileDescriptionW 0x0 0x9126a4 0x511b90 0x485d90 0x0
ArcTo 0x0 0x9126a8 0x511b94 0x485d94 0x0
CreateEnhMetaFileW 0x0 0x9126ac 0x511b98 0x485d98 0x0
Arc 0x0 0x9126b0 0x511b9c 0x485d9c 0x0
SelectPalette 0x0 0x9126b4 0x511ba0 0x485da0 0x0
ExcludeClipRect 0x0 0x9126b8 0x511ba4 0x485da4 0x0
MaskBlt 0x0 0x9126bc 0x511ba8 0x485da8 0x0
SetWindowOrgEx 0x0 0x9126c0 0x511bac 0x485dac 0x0
EndPage 0x0 0x9126c4 0x511bb0 0x485db0 0x0
DeleteEnhMetaFile 0x0 0x9126c8 0x511bb4 0x485db4 0x0
Chord 0x0 0x9126cc 0x511bb8 0x485db8 0x0
SetDIBits 0x0 0x9126d0 0x511bbc 0x485dbc 0x0
SetViewportOrgEx 0x0 0x9126d4 0x511bc0 0x485dc0 0x0
CreateRectRgn 0x0 0x9126d8 0x511bc4 0x485dc4 0x0
RealizePalette 0x0 0x9126dc 0x511bc8 0x485dc8 0x0
SetDIBColorTable 0x0 0x9126e0 0x511bcc 0x485dcc 0x0
GetDIBColorTable 0x0 0x9126e4 0x511bd0 0x485dd0 0x0
CreateBrushIndirect 0x0 0x9126e8 0x511bd4 0x485dd4 0x0
PatBlt 0x0 0x9126ec 0x511bd8 0x485dd8 0x0
SetEnhMetaFileBits 0x0 0x9126f0 0x511bdc 0x485ddc 0x0
Rectangle 0x0 0x9126f4 0x511be0 0x485de0 0x0
SaveDC 0x0 0x9126f8 0x511be4 0x485de4 0x0
DeleteDC 0x0 0x9126fc 0x511be8 0x485de8 0x0
BitBlt 0x0 0x912700 0x511bec 0x485dec 0x0
FrameRgn 0x0 0x912704 0x511bf0 0x485df0 0x0
GetDeviceCaps 0x0 0x912708 0x511bf4 0x485df4 0x0
GetTextExtentPoint32W 0x0 0x91270c 0x511bf8 0x485df8 0x0
GetClipBox 0x0 0x912710 0x511bfc 0x485dfc 0x0
IntersectClipRect 0x0 0x912714 0x511c00 0x485e00 0x0
Polyline 0x0 0x912718 0x511c04 0x485e04 0x0
CreateBitmap 0x0 0x91271c 0x511c08 0x485e08 0x0
CombineRgn 0x0 0x912720 0x511c0c 0x485e0c 0x0
SetWinMetaFileBits 0x0 0x912724 0x511c10 0x485e10 0x0
GetStretchBltMode 0x0 0x912728 0x511c14 0x485e14 0x0
CreateDIBitmap 0x0 0x91272c 0x511c18 0x485e18 0x0
SetStretchBltMode 0x0 0x912730 0x511c1c 0x485e1c 0x0
GetDIBits 0x0 0x912734 0x511c20 0x485e20 0x0
CreateDIBSection 0x0 0x912738 0x511c24 0x485e24 0x0
LineTo 0x0 0x91273c 0x511c28 0x485e28 0x0
GetRgnBox 0x0 0x912740 0x511c2c 0x485e2c 0x0
EnumFontsW 0x0 0x912744 0x511c30 0x485e30 0x0
SetWindowExtEx 0x0 0x912748 0x511c34 0x485e34 0x0
CreateHalftonePalette 0x0 0x91274c 0x511c38 0x485e38 0x0
SelectObject 0x0 0x912750 0x511c3c 0x485e3c 0x0
DeleteObject 0x0 0x912754 0x511c40 0x485e40 0x0
ExtFloodFill 0x0 0x912758 0x511c44 0x485e44 0x0
UnrealizeObject 0x0 0x91275c 0x511c48 0x485e48 0x0
CopyEnhMetaFileW 0x0 0x912760 0x511c4c 0x485e4c 0x0
SetMetaFileBitsEx 0x0 0x912764 0x511c50 0x485e50 0x0
SetBkColor 0x0 0x912768 0x511c54 0x485e54 0x0
CreateCompatibleDC 0x0 0x91276c 0x511c58 0x485e58 0x0
GetBrushOrgEx 0x0 0x912770 0x511c5c 0x485e5c 0x0
GetCurrentPositionEx 0x0 0x912774 0x511c60 0x485e60 0x0
GetNearestPaletteIndex 0x0 0x912778 0x511c64 0x485e64 0x0
GetTextExtentPointW 0x0 0x91277c 0x511c68 0x485e68 0x0
ExtTextOutW 0x0 0x912780 0x511c6c 0x485e6c 0x0
SetBrushOrgEx 0x0 0x912784 0x511c70 0x485e70 0x0
GetPixel 0x0 0x912788 0x511c74 0x485e74 0x0
GdiFlush 0x0 0x91278c 0x511c78 0x485e78 0x0
SetPixel 0x0 0x912790 0x511c7c 0x485e7c 0x0
EnumFontFamiliesExW 0x0 0x912794 0x511c80 0x485e80 0x0
StretchDIBits 0x0 0x912798 0x511c84 0x485e84 0x0
GetPaletteEntries 0x0 0x91279c 0x511c88 0x485e88 0x0
Exports (3)
»
Api name EAT Address Ordinal
TMethodImplementationIntercept 0x6f504 0x3
__dbk_fcall_wrapper 0x11c08 0x2
dbkFCallWrapperAddr 0x48b630 0x1
Icons (1)
»
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\Program Files\Remote Utilities - Host\Arabic.lg Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 49.23 KB
MD5 e51a34c8198ba9a59e53f0503777e75b Copy to Clipboard
SHA1 83d93b4a520b08efa14b55c80c5db8f85d5ca9e4 Copy to Clipboard
SHA256 5810c1f2453156015e43dc8844b8463eaa47be877c07834e67723815aa60c5d3 Copy to Clipboard
SSDeep 384:8uSWZIpfcBVSNiDvZI/BMJkb7/DvVVqx8sjXDtnMKhcD66KnLQ+IpvcuDudd3tzu:oaI5M7rhcDx+LnzBs Copy to Clipboard
C:\Windows\Installer\30de5.ipi Created File Unknown
Not Queried
...
»
Mime Type application/CDFV2-unknown
File Size 20.00 KB
MD5 e23870ca79aa009cfd47a52b9e3daea4 Copy to Clipboard
SHA1 bc46655cb2ddb41f0817af2345e5e9ef99725ce6 Copy to Clipboard
SHA256 2f1110409b520807dafac3d7bda3af563ac70f1e226a713f0a22387c6638e96a Copy to Clipboard
SSDeep 48:T0scDHcvuheToEzSkdzfdzfIgUIg8UvZF7ieTxpDI8TSkdzYdzyK+Jo7:TBahe/z/IDIMMe3I8T017 Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Printer\x86\stdnames_vpd.gpd Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 8.34 KB
MD5 5da53abe26e7dec28f2596a508068f69 Copy to Clipboard
SHA1 a2f08b02c15be2a75045696499a50eccad2f0972 Copy to Clipboard
SHA256 67fefe5e8ef784f61cd6bfcfaa65660d76b12aadcafdd444e54fb74dd3a28bc3 Copy to Clipboard
SSDeep 96:yDkcq9LThAr8J9cogg/QbzUToVPgOOetxM3AzEzWb:NjThm8JC986ITRCzEzc Copy to Clipboard
C:\inst_fold\armsettings.bat Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 0.75 KB
MD5 8e8d34abd3bc8eefff1e3124acb81dd5 Copy to Clipboard
SHA1 3467220a315a1af9228a13d442ce27e3da28ce28 Copy to Clipboard
SHA256 7c1615e7505593d6a3532b01d224c64a2411b1208d7614db4052398c86811d68 Copy to Clipboard
SSDeep 12:DL01Jf0Z8Jf0wJeKZ8JeKCkH+VM1t2LJ10J19NLKJ19AgkLetVj/+ga64q9V8qxM:DLKZjZlaqkeVMMb0bfKbexCtVzxaTq9w Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Printer\x86\rupui2.exe Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 172.52 KB
MD5 65c68866b4d28bf39f96143ec40957de Copy to Clipboard
SHA1 c24c1c8323e4a99a3a4c0cc164fb8b62ca0bc0ce Copy to Clipboard
SHA256 8e663c200e585c094695aa2f3eb93be28708d0a555e9fe372bf0adab6ab6c81b Copy to Clipboard
SSDeep 1536:rHNLMFvAoLVe7SYJ4dt9W73Ghsiwje8yHPNbIxTT7sqFLE/o0vqaXaO/taOrAjKJ:rhOvZYQ7WusiFvNboZwTT/taOQU1gk Copy to Clipboard
ImpHash fae980a92b4d012988f8055419fd577b Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x40ab89
Size Of Code 0x19000
Size Of Initialized Data 0xf000
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2012-08-31 14:24:58+00:00
Version Information (6)
»
InternalName -
FileVersion 1.0
ProductName Remote Utilities Printer
ProductVersion 1.0
FileDescription Virtual Printer Properties Module
OriginalFilename -
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x18ed9 0x19000 0x1000 cnt_code, mem_execute, mem_read 6.64
.rdata 0x41a000 0x4c60 0x5000 0x1a000 cnt_initialized_data, mem_read 4.87
.data 0x41f000 0x6800 0x2000 0x1f000 cnt_initialized_data, mem_read, mem_write 2.77
.rsrc 0x426000 0x7534 0x8000 0x21000 cnt_initialized_data, mem_read 4.61
Imports (7)
»
KERNEL32.dll (73)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetConsoleOutputCP 0x0 0x41a038 0x1e2bc 0x1e2bc 0x135
WriteConsoleA 0x0 0x41a03c 0x1e2c0 0x1e2c0 0x399
CreateFileA 0x0 0x41a040 0x1e2c4 0x1e2c4 0x53
FlushFileBuffers 0x0 0x41a044 0x1e2c8 0x1e2c8 0xee
SetStdHandle 0x0 0x41a048 0x1e2cc 0x1e2cc 0x337
SetEndOfFile 0x0 0x41a04c 0x1e2d0 0x1e2d0 0x310
GetStringTypeA 0x0 0x41a050 0x1e2d4 0x1e2d4 0x1ba
GetConsoleMode 0x0 0x41a054 0x1e2d8 0x1e2d8 0x133
GetConsoleCP 0x0 0x41a058 0x1e2dc 0x1e2dc 0x122
SetFilePointer 0x0 0x41a05c 0x1e2e0 0x1e2e0 0x31b
InterlockedExchange 0x0 0x41a060 0x1e2e4 0x1e2e4 0x229
LoadLibraryA 0x0 0x41a064 0x1e2e8 0x1e2e8 0x252
GetSystemDirectoryA 0x0 0x41a068 0x1e2ec 0x1e2ec 0x1c1
GetWindowsDirectoryA 0x0 0x41a06c 0x1e2f0 0x1e2f0 0x1f3
GetModuleFileNameA 0x0 0x41a070 0x1e2f4 0x1e2f4 0x17d
FreeLibrary 0x0 0x41a074 0x1e2f8 0x1e2f8 0xf8
GetModuleHandleA 0x0 0x41a078 0x1e2fc 0x1e2fc 0x17f
CompareStringA 0x0 0x41a07c 0x1e300 0x1e300 0x3a
GetLocaleInfoA 0x0 0x41a080 0x1e304 0x1e304 0x174
GetSystemTimeAsFileTime 0x0 0x41a084 0x1e308 0x1e308 0x1ca
GetCurrentProcessId 0x0 0x41a088 0x1e30c 0x1e30c 0x143
GetTickCount 0x0 0x41a08c 0x1e310 0x1e310 0x1df
QueryPerformanceCounter 0x0 0x41a090 0x1e314 0x1e314 0x2a3
GetCommandLineW 0x0 0x41a094 0x1e318 0x1e318 0x111
GetCommandLineA 0x0 0x41a098 0x1e31c 0x1e31c 0x110
GetEnvironmentStrings 0x0 0x41a09c 0x1e320 0x1e320 0x155
WriteFile 0x0 0x41a0a0 0x1e324 0x1e324 0x3a4
ReadFile 0x0 0x41a0a4 0x1e328 0x1e328 0x2b5
GetCurrentProcess 0x0 0x41a0a8 0x1e32c 0x1e32c 0x142
Sleep 0x0 0x41a0ac 0x1e330 0x1e330 0x356
GetLocalTime 0x0 0x41a0b0 0x1e334 0x1e334 0x173
RaiseException 0x0 0x41a0b4 0x1e338 0x1e338 0x2a7
SetLastError 0x0 0x41a0b8 0x1e33c 0x1e33c 0x328
GetLastError 0x0 0x41a0bc 0x1e340 0x1e340 0x171
CloseHandle 0x0 0x41a0c0 0x1e344 0x1e344 0x34
LoadResource 0x0 0x41a0c4 0x1e348 0x1e348 0x257
FreeEnvironmentStringsA 0x0 0x41a0c8 0x1e34c 0x1e34c 0xf6
GetStartupInfoA 0x0 0x41a0cc 0x1e350 0x1e350 0x1b7
LockResource 0x0 0x41a0d0 0x1e354 0x1e354 0x265
SizeofResource 0x0 0x41a0d4 0x1e358 0x1e358 0x355
LCMapStringA 0x0 0x41a0d8 0x1e35c 0x1e35c 0x244
GetFileType 0x0 0x41a0dc 0x1e360 0x1e360 0x166
SetHandleCount 0x0 0x41a0e0 0x1e364 0x1e364 0x324
GetCurrentThreadId 0x0 0x41a0e4 0x1e368 0x1e368 0x146
TlsFree 0x0 0x41a0e8 0x1e36c 0x1e36c 0x364
TlsSetValue 0x0 0x41a0ec 0x1e370 0x1e370 0x366
TlsAlloc 0x0 0x41a0f0 0x1e374 0x1e374 0x363
TlsGetValue 0x0 0x41a0f4 0x1e378 0x1e378 0x365
EnterCriticalSection 0x0 0x41a0f8 0x1e37c 0x1e37c 0x98
LeaveCriticalSection 0x0 0x41a0fc 0x1e380 0x1e380 0x251
InitializeCriticalSection 0x0 0x41a100 0x1e384 0x1e384 0x223
DeleteCriticalSection 0x0 0x41a104 0x1e388 0x1e388 0x81
GetVersionExA 0x0 0x41a108 0x1e38c 0x1e38c 0x1e9
HeapDestroy 0x0 0x41a10c 0x1e390 0x1e390 0x214
HeapAlloc 0x0 0x41a110 0x1e394 0x1e394 0x210
HeapFree 0x0 0x41a114 0x1e398 0x1e398 0x216
HeapReAlloc 0x0 0x41a118 0x1e39c 0x1e39c 0x21a
HeapSize 0x0 0x41a11c 0x1e3a0 0x1e3a0 0x21c
GetProcessHeap 0x0 0x41a120 0x1e3a4 0x1e3a4 0x1a3
RtlUnwind 0x0 0x41a124 0x1e3a8 0x1e3a8 0x2d7
TerminateProcess 0x0 0x41a128 0x1e3ac 0x1e3ac 0x35e
UnhandledExceptionFilter 0x0 0x41a12c 0x1e3b0 0x1e3b0 0x36e
SetUnhandledExceptionFilter 0x0 0x41a130 0x1e3b4 0x1e3b4 0x34a
IsDebuggerPresent 0x0 0x41a134 0x1e3b8 0x1e3b8 0x239
HeapCreate 0x0 0x41a138 0x1e3bc 0x1e3bc 0x212
VirtualFree 0x0 0x41a13c 0x1e3c0 0x1e3c0 0x383
VirtualAlloc 0x0 0x41a140 0x1e3c4 0x1e3c4 0x381
ExitProcess 0x0 0x41a144 0x1e3c8 0x1e3c8 0xb9
GetStdHandle 0x0 0x41a148 0x1e3cc 0x1e3cc 0x1b9
InterlockedIncrement 0x0 0x41a14c 0x1e3d0 0x1e3d0 0x22c
InterlockedDecrement 0x0 0x41a150 0x1e3d4 0x1e3d4 0x228
GetACP 0x0 0x41a154 0x1e3d8 0x1e3d8 0xfd
GetOEMCP 0x0 0x41a158 0x1e3dc 0x1e3dc 0x193
USER32.dll (18)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MapWindowPoints 0x0 0x41a168 0x1e3ec 0x1e3ec 0x1da
FillRect 0x0 0x41a16c 0x1e3f0 0x1e3f0 0xe2
EnumChildWindows 0x0 0x41a170 0x1e3f4 0x1e3f4 0xcb
ShowWindow 0x0 0x41a174 0x1e3f8 0x1e3f8 0x292
GetParent 0x0 0x41a178 0x1e3fc 0x1e3fc 0x145
GetWindowRect 0x0 0x41a17c 0x1e400 0x1e400 0x174
GetSysColorBrush 0x0 0x41a180 0x1e404 0x1e404 0x15b
InvalidateRect 0x0 0x41a184 0x1e408 0x1e408 0x193
GetDlgItem 0x0 0x41a188 0x1e40c 0x1e40c 0x111
CheckDlgButton 0x0 0x41a18c 0x1e410 0x1e410 0x38
IsDlgButtonChecked 0x0 0x41a190 0x1e414 0x1e414 0x1a3
SetDlgItemInt 0x0 0x41a194 0x1e418 0x1e418 0x252
GetDlgItemInt 0x0 0x41a198 0x1e41c 0x1e41c 0x112
GetSystemMetrics 0x0 0x41a19c 0x1e420 0x1e420 0x15d
EndDialog 0x0 0x41a1a0 0x1e424 0x1e424 0xc6
UnregisterClassA 0x0 0x41a1a4 0x1e428 0x1e428 0x2b3
BeginPaint 0x0 0x41a1a8 0x1e42c 0x1e42c 0xd
EndPaint 0x0 0x41a1ac 0x1e430 0x1e430 0xc8
GDI32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetStockObject 0x0 0x41a014 0x1e298 0x1e298 0x1a5
SetBkMode 0x0 0x41a018 0x1e29c 0x1e29c 0x216
SetTextColor 0x0 0x41a01c 0x1e2a0 0x1e2a0 0x23c
DeleteObject 0x0 0x41a020 0x1e2a4 0x1e2a4 0x8f
CreateCompatibleDC 0x0 0x41a024 0x1e2a8 0x1e2a8 0x2d
SelectObject 0x0 0x41a028 0x1e2ac 0x1e2ac 0x20e
BitBlt 0x0 0x41a02c 0x1e2b0 0x1e2b0 0x12
DeleteDC 0x0 0x41a030 0x1e2b4 0x1e2b4 0x8c
WINSPOOL.DRV (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteFormW 0x0 0x41a1b4 0x1e438 0x1e438 0x27
GetFormW 0x0 0x41a1b8 0x1e43c 0x1e43c 0x6b
ClosePrinter 0x0 0x41a1bc 0x1e440 0x1e440 0x1b
PrinterProperties 0x0 0x41a1c0 0x1e444 0x1e444 0x85
AddFormW 0x0 0x41a1c4 0x1e448 0x1e448 0x3
EnumFormsW 0x0 0x41a1c8 0x1e44c 0x1e44c 0x4d
ADVAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey 0x0 0x41a000 0x1e284 0x1e284 0x1cb
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetMalloc 0x0 0x41a160 0x1e3e4 0x1e3e4 0xb7
COMCTL32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreatePropertySheetPageW 0x0 0x41a008 0x1e28c 0x1e28c 0x5
PropertySheetW 0x0 0x41a00c 0x1e290 0x1e290 0x65
Exports (1)
»
Api name EAT Address Ordinal
ShowProperties 0x6880 0x1
Icons (1)
»
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\Program Files\Remote Utilities - Host\webmvorbisdecoder.dll Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 366.02 KB
MD5 2943b9910b1c7cc04024888502885256 Copy to Clipboard
SHA1 e2ac697a558fa85ff4c9e2bb114138870a80f146 Copy to Clipboard
SHA256 78115050f4e99372fc10b19a14af60e623ddfda224c8e96340cb5d8166507e2b Copy to Clipboard
SSDeep 6144:EaoH9sDRlDLD0GDkEp00tc6TKUOmrRK1jRsAOO04sAO88RtwgV:goPH0GgEp0gVd1ValsQXsHzV Copy to Clipboard
ImpHash 1be1f7011ac5a91d5f33a695bfddf672 Copy to Clipboard
PE Information
»
Image Base 0x10000000
Entry Point 0x1000ce62
Size Of Code 0x2fe00
Size Of Initialized Data 0x2b600
File Type dll
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2015-01-30 19:20:20+00:00
Version Information (7)
»
LegalCopyright Copyright (C) 2013
InternalName webmvorbisdecoder
FileVersion 1, 0, 4, 1
ProductName Webm Vorbis Decoder
ProductVersion 1, 0, 4, 1
FileDescription WebM Vorbis Decoder
OriginalFilename webmvorbisdecoder.dll
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x2fc3d 0x2fe00 0x400 cnt_code, mem_execute, mem_read 6.71
.rdata 0x10031000 0x245e0 0x24600 0x30200 cnt_initialized_data, mem_read 6.22
.data 0x10056000 0x3c7c 0x1c00 0x54800 cnt_initialized_data, mem_read, mem_write 4.01
_RDATA 0x1005a000 0x5e0 0x600 0x56400 cnt_initialized_data, mem_read 4.68
.rsrc 0x1005b000 0x330 0x400 0x56a00 cnt_initialized_data, mem_read 2.71
.reloc 0x1005c000 0x2664 0x2800 0x56e00 cnt_initialized_data, mem_discardable, mem_read 6.52
Imports (4)
»
KERNEL32.dll (69)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateMutexW 0x0 0x10031018 0x54ebc 0x540bc 0xd1
GetLastError 0x0 0x1003101c 0x54ec0 0x540c0 0x250
GetModuleFileNameW 0x0 0x10031020 0x54ec4 0x540c4 0x263
WaitForSingleObject 0x0 0x10031024 0x54ec8 0x540c8 0x5a9
CloseHandle 0x0 0x10031028 0x54ecc 0x540cc 0x7f
CreateEventW 0x0 0x1003102c 0x54ed0 0x540d0 0xb6
ReleaseMutex 0x0 0x10031030 0x54ed4 0x540d4 0x48b
SetEvent 0x0 0x10031034 0x54ed8 0x540d8 0x4ef
CreateFileW 0x0 0x10031038 0x54edc 0x540dc 0xc2
SetStdHandle 0x0 0x1003103c 0x54ee0 0x540e0 0x520
SetFilePointerEx 0x0 0x10031040 0x54ee4 0x540e4 0x4fc
GetConsoleMode 0x0 0x10031044 0x54ee8 0x540e8 0x1ee
GetConsoleCP 0x0 0x10031048 0x54eec 0x540ec 0x1dc
FlushFileBuffers 0x0 0x1003104c 0x54ef0 0x540f0 0x192
GetOEMCP 0x0 0x10031050 0x54ef4 0x540f4 0x286
GetACP 0x0 0x10031054 0x54ef8 0x540f8 0x1a4
IsValidCodePage 0x0 0x10031058 0x54efc 0x540fc 0x372
FreeEnvironmentStringsW 0x0 0x1003105c 0x54f00 0x54100 0x19d
GetEnvironmentStringsW 0x0 0x10031060 0x54f04 0x54104 0x227
WideCharToMultiByte 0x0 0x10031064 0x54f08 0x54108 0x5cb
MultiByteToWideChar 0x0 0x10031068 0x54f0c 0x5410c 0x3d1
GetStringTypeW 0x0 0x1003106c 0x54f10 0x54110 0x2c5
EncodePointer 0x0 0x10031070 0x54f14 0x54114 0x121
DecodePointer 0x0 0x10031074 0x54f18 0x54118 0xfe
EnterCriticalSection 0x0 0x10031078 0x54f1c 0x5411c 0x125
LeaveCriticalSection 0x0 0x1003107c 0x54f20 0x54120 0x3a2
DeleteCriticalSection 0x0 0x10031080 0x54f24 0x54124 0x105
LocalFree 0x0 0x10031084 0x54f28 0x54128 0x3b2
GetStdHandle 0x0 0x10031088 0x54f2c 0x5412c 0x2c0
GetFileType 0x0 0x1003108c 0x54f30 0x54130 0x23e
GetModuleHandleExW 0x0 0x10031090 0x54f34 0x54134 0x266
WriteConsoleW 0x0 0x10031094 0x54f38 0x54138 0x5de
CreateThread 0x0 0x10031098 0x54f3c 0x5413c 0xe8
GetCurrentThreadId 0x0 0x1003109c 0x54f40 0x54140 0x20e
ExitThread 0x0 0x100310a0 0x54f44 0x54144 0x152
GetProcAddress 0x0 0x100310a4 0x54f48 0x54148 0x29d
LoadLibraryExW 0x0 0x100310a8 0x54f4c 0x5414c 0x3a7
GetCommandLineA 0x0 0x100310ac 0x54f50 0x54150 0x1c8
HeapFree 0x0 0x100310b0 0x54f54 0x54154 0x333
HeapAlloc 0x0 0x100310b4 0x54f58 0x54158 0x32f
HeapReAlloc 0x0 0x100310b8 0x54f5c 0x5415c 0x336
ExitProcess 0x0 0x100310bc 0x54f60 0x54160 0x151
RaiseException 0x0 0x100310c0 0x54f64 0x54164 0x43f
RtlUnwind 0x0 0x100310c4 0x54f68 0x54168 0x4ac
GetCPInfo 0x0 0x100310c8 0x54f6c 0x5416c 0x1b3
IsProcessorFeaturePresent 0x0 0x100310cc 0x54f70 0x54170 0x36d
UnhandledExceptionFilter 0x0 0x100310d0 0x54f74 0x54174 0x580
SetUnhandledExceptionFilter 0x0 0x100310d4 0x54f78 0x54178 0x541
SetLastError 0x0 0x100310d8 0x54f7c 0x5417c 0x50a
InitializeCriticalSectionAndSpinCount 0x0 0x100310dc 0x54f80 0x54180 0x348
Sleep 0x0 0x100310e0 0x54f84 0x54184 0x550
GetCurrentProcess 0x0 0x100310e4 0x54f88 0x54188 0x209
TerminateProcess 0x0 0x100310e8 0x54f8c 0x5418c 0x55f
TlsAlloc 0x0 0x100310ec 0x54f90 0x54190 0x571
TlsGetValue 0x0 0x100310f0 0x54f94 0x54194 0x573
TlsSetValue 0x0 0x100310f4 0x54f98 0x54198 0x574
TlsFree 0x0 0x100310f8 0x54f9c 0x5419c 0x572
GetStartupInfoW 0x0 0x100310fc 0x54fa0 0x541a0 0x2be
GetModuleHandleW 0x0 0x10031100 0x54fa4 0x541a4 0x267
LCMapStringW 0x0 0x10031104 0x54fa8 0x541a8 0x396
IsDebuggerPresent 0x0 0x10031108 0x54fac 0x541ac 0x367
OutputDebugStringW 0x0 0x1003110c 0x54fb0 0x541b0 0x3fa
WriteFile 0x0 0x10031110 0x54fb4 0x541b4 0x5df
HeapSize 0x0 0x10031114 0x54fb8 0x541b8 0x338
GetProcessHeap 0x0 0x10031118 0x54fbc 0x541bc 0x2a2
GetModuleFileNameA 0x0 0x1003111c 0x54fc0 0x541c0 0x262
QueryPerformanceCounter 0x0 0x10031120 0x54fc4 0x541c4 0x42d
GetCurrentProcessId 0x0 0x10031124 0x54fc8 0x541c8 0x20a
GetSystemTimeAsFileTime 0x0 0x10031128 0x54fcc 0x541cc 0x2d6
ADVAPI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey 0x0 0x10031000 0x54ea4 0x540a4 0x254
RegOpenKeyExW 0x0 0x10031004 0x54ea8 0x540a8 0x285
RegQueryValueExW 0x0 0x10031008 0x54eac 0x540ac 0x292
RegCreateKeyExW 0x0 0x1003100c 0x54eb0 0x540b0 0x25d
RegSetValueExW 0x0 0x10031010 0x54eb4 0x540b4 0x2a2
ole32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleRun 0x0 0x10031138 0x54fdc 0x541dc 0x174
CoTaskMemAlloc 0x0 0x1003113c 0x54fe0 0x541e0 0x7a
StringFromGUID2 0x0 0x10031140 0x54fe4 0x541e4 0x1ba
CoWaitForMultipleHandles 0x0 0x10031144 0x54fe8 0x541e8 0x86
CoTaskMemFree 0x0 0x10031148 0x54fec 0x541ec 0x7b
CoCreateInstance 0x0 0x1003114c 0x54ff0 0x541f0 0x1a
SHLWAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHDeleteKeyW 0x0 0x10031130 0x54fd4 0x541d4 0xb8
Exports (4)
»
Api name EAT Address Ordinal
DllCanUnloadNow 0x1380 0x1
DllGetClassObject 0x1390 0x2
DllRegisterServer 0x1480 0x3
DllUnregisterServer 0x13d0 0x4
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\Program Files\Remote Utilities - Host\German.lg Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 54.82 KB
MD5 42b83b0d09167cb42582b5f830b44ebb Copy to Clipboard
SHA1 a9d5d467643aca034a983ebbb595d2fedd19062a Copy to Clipboard
SHA256 56b73a451ecc9d3f99892b397ef1b5006b6f9296765d01fbdc7fc3d979400bbd Copy to Clipboard
SSDeep 384:BWOrmAW/HVZK8sEy8hsNrcbzfwA/AlcLwhi55cR5WC/N4JdGy2TSZEQiNtp34hBc:pXW/0rcbjtlwhJR5j/2JdF2WeNtp3etS Copy to Clipboard
C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\installer.exe Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 9.50 MB
MD5 3c5850ef227bb206e507551c471ee8df Copy to Clipboard
SHA1 8943aab98043f28918a0c8d31d7a0076b5bffb1c Copy to Clipboard
SHA256 a803bd4522ec8804adf5e548b2ffc9e3afa7eee179d96945de1a5980b5616445 Copy to Clipboard
SSDeep 196608:6mzxqB4pQOdPLoDzS3lC7FCws+8w05anNfzY+ke8N:6mzxKxS5anNfceq Copy to Clipboard
ImpHash 8fac1a605c1f7b811be0b9e6913d9c74 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0xb80a64
Size Of Code 0x77f000
Size Of Initialized Data 0x1ff800
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2017-08-28 22:35:14+00:00
Packer BobSoft Mini Delphi -> BoB / BobSoft
Version Information (8)
»
LegalCopyright Copyright © 2017 Remote Utilities LLC. All rights reserved.
FileVersion 6.8.0.1
CompanyName Remote Utilities LLC
LegalTrademarks Remote Utilities
ProductName Remote Utilities
ProgramID com.remoteutilities.rutserv
ProductVersion 6.8.0.1
FileDescription Remote Utilities - Host
Sections (12)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x779360 0x779400 0x400 cnt_code, mem_execute, mem_read 6.47
.itext 0xb7b000 0x5a80 0x5c00 0x779800 cnt_code, mem_execute, mem_read 6.12
.data 0xb81000 0x1f3b0 0x1f400 0x77f400 cnt_initialized_data, mem_read, mem_write 6.25
.bss 0xba1000 0x9e8c8 0x0 0x0 mem_read, mem_write 0.0
.idata 0xc40000 0x5782 0x5800 0x79e800 cnt_initialized_data, mem_read, mem_write 5.23
.didata 0xc46000 0x61b2 0x6200 0x7a4000 cnt_initialized_data, mem_read, mem_write 5.06
.edata 0xc4d000 0xb3 0x200 0x7aa200 cnt_initialized_data, mem_read 2.21
.tls 0xc4e000 0x668 0x0 0x0 mem_read, mem_write 0.0
.rdata 0xc4f000 0x5d 0x200 0x7aa400 cnt_initialized_data, mem_read 1.4
.vmp0 0xc50000 0x950 0xa00 0x7aa600 cnt_code, mem_execute, mem_read 7.57
.reloc 0xc51000 0xa6ee0 0xa7000 0x7ab000 cnt_initialized_data, mem_read 6.71
.rsrc 0xcf8000 0x12a850 0x12aa00 0x852000 cnt_initialized_data, mem_read 7.09
Imports (19)
»
winmm.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
sndPlaySoundW 0x0 0xc40ef8 0x840190 0x79e990 0x0
PlaySoundW 0x0 0xc40efc 0x840194 0x79e994 0x0
timeGetTime 0x0 0xc40f00 0x840198 0x79e998 0x0
wininet.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InternetCloseHandle 0x0 0xc40f08 0x8401a0 0x79e9a0 0x0
InternetReadFile 0x0 0xc40f0c 0x8401a4 0x79e9a4 0x0
InternetQueryOptionW 0x0 0xc40f10 0x8401a8 0x79e9a8 0x0
InternetOpenA 0x0 0xc40f14 0x8401ac 0x79e9ac 0x0
InternetOpenUrlA 0x0 0xc40f18 0x8401b0 0x79e9b0 0x0
winspool.drv (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DocumentPropertiesW 0x0 0xc40f20 0x8401b8 0x79e9b8 0x0
ClosePrinter 0x0 0xc40f24 0x8401bc 0x79e9bc 0x0
OpenPrinterW 0x0 0xc40f28 0x8401c0 0x79e9c0 0x0
GetDefaultPrinterW 0x0 0xc40f2c 0x8401c4 0x79e9c4 0x0
EnumPrintersW 0x0 0xc40f30 0x8401c8 0x79e9c8 0x0
comdlg32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetSaveFileNameW 0x0 0xc40f38 0x8401d0 0x79e9d0 0x0
GetSaveFileNameA 0x0 0xc40f3c 0x8401d4 0x79e9d4 0x0
PrintDlgW 0x0 0xc40f40 0x8401d8 0x79e9d8 0x0
comctl32.dll (37)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_GetImageInfo 0x0 0xc40f48 0x8401e0 0x79e9e0 0x0
FlatSB_SetScrollInfo 0x0 0xc40f4c 0x8401e4 0x79e9e4 0x0
InitCommonControls 0x0 0xc40f50 0x8401e8 0x79e9e8 0x0
ImageList_DragMove 0x0 0xc40f54 0x8401ec 0x79e9ec 0x0
ImageList_Destroy 0x0 0xc40f58 0x8401f0 0x79e9f0 0x0
_TrackMouseEvent 0x0 0xc40f5c 0x8401f4 0x79e9f4 0x0
ImageList_DragShowNolock 0x0 0xc40f60 0x8401f8 0x79e9f8 0x0
ImageList_Add 0x0 0xc40f64 0x8401fc 0x79e9fc 0x0
FlatSB_SetScrollProp 0x0 0xc40f68 0x840200 0x79ea00 0x0
ImageList_GetDragImage 0x0 0xc40f6c 0x840204 0x79ea04 0x0
ImageList_Create 0x0 0xc40f70 0x840208 0x79ea08 0x0
ImageList_EndDrag 0x0 0xc40f74 0x84020c 0x79ea0c 0x0
ImageList_DrawEx 0x0 0xc40f78 0x840210 0x79ea10 0x0
ImageList_AddMasked 0x0 0xc40f7c 0x840214 0x79ea14 0x0
ImageList_SetImageCount 0x0 0xc40f80 0x840218 0x79ea18 0x0
FlatSB_GetScrollPos 0x0 0xc40f84 0x84021c 0x79ea1c 0x0
FlatSB_SetScrollPos 0x0 0xc40f88 0x840220 0x79ea20 0x0
InitializeFlatSB 0x0 0xc40f8c 0x840224 0x79ea24 0x0
ImageList_Copy 0x0 0xc40f90 0x840228 0x79ea28 0x0
FlatSB_GetScrollInfo 0x0 0xc40f94 0x84022c 0x79ea2c 0x0
ImageList_Write 0x0 0xc40f98 0x840230 0x79ea30 0x0
ImageList_SetBkColor 0x0 0xc40f9c 0x840234 0x79ea34 0x0
ImageList_GetBkColor 0x0 0xc40fa0 0x840238 0x79ea38 0x0
ImageList_BeginDrag 0x0 0xc40fa4 0x84023c 0x79ea3c 0x0
ImageList_GetIcon 0x0 0xc40fa8 0x840240 0x79ea40 0x0
ImageList_Replace 0x0 0xc40fac 0x840244 0x79ea44 0x0
ImageList_GetImageCount 0x0 0xc40fb0 0x840248 0x79ea48 0x0
ImageList_DragEnter 0x0 0xc40fb4 0x84024c 0x79ea4c 0x0
ImageList_GetIconSize 0x0 0xc40fb8 0x840250 0x79ea50 0x0
ImageList_SetIconSize 0x0 0xc40fbc 0x840254 0x79ea54 0x0
ImageList_Read 0x0 0xc40fc0 0x840258 0x79ea58 0x0
ImageList_DragLeave 0x0 0xc40fc4 0x84025c 0x79ea5c 0x0
ImageList_LoadImageW 0x0 0xc40fc8 0x840260 0x79ea60 0x0
ImageList_Draw 0x0 0xc40fcc 0x840264 0x79ea64 0x0
ImageList_Remove 0x0 0xc40fd0 0x840268 0x79ea68 0x0
ImageList_ReplaceIcon 0x0 0xc40fd4 0x84026c 0x79ea6c 0x0
ImageList_SetOverlayImage 0x0 0xc40fd8 0x840270 0x79ea70 0x0
shell32.dll (10)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathCleanupSpec 0x0 0xc40fe0 0x840278 0x79ea78 0x0
SHGetMalloc 0x0 0xc40fe4 0x84027c 0x79ea7c 0x0
SHGetFolderPathW 0x0 0xc40fe8 0x840280 0x79ea80 0x0
SHGetSpecialFolderLocation 0x0 0xc40fec 0x840284 0x79ea84 0x0
Shell_NotifyIconW 0x0 0xc40ff0 0x840288 0x79ea88 0x0
ShellExecuteW 0x0 0xc40ff4 0x84028c 0x79ea8c 0x0
ShellExecuteA 0x0 0xc40ff8 0x840290 0x79ea90 0x0
SHGetPathFromIDListA 0x0 0xc40ffc 0x840294 0x79ea94 0x0
ShellExecuteExW 0x0 0xc41000 0x840298 0x79ea98 0x0
ShellExecuteExA 0x0 0xc41004 0x84029c 0x79ea9c 0x0
user32.dll (258)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CopyImage 0x0 0xc4100c 0x8402a4 0x79eaa4 0x0
MoveWindow 0x0 0xc41010 0x8402a8 0x79eaa8 0x0
SetMenuItemInfoW 0x0 0xc41014 0x8402ac 0x79eaac 0x0
GetMenuItemInfoW 0x0 0xc41018 0x8402b0 0x79eab0 0x0
DefFrameProcW 0x0 0xc4101c 0x8402b4 0x79eab4 0x0
DrawTextA 0x0 0xc41020 0x8402b8 0x79eab8 0x0
ScrollWindowEx 0x0 0xc41024 0x8402bc 0x79eabc 0x0
GetDlgCtrlID 0x0 0xc41028 0x8402c0 0x79eac0 0x0
GetUpdateRgn 0x0 0xc4102c 0x8402c4 0x79eac4 0x0
FrameRect 0x0 0xc41030 0x8402c8 0x79eac8 0x0
RegisterWindowMessageW 0x0 0xc41034 0x8402cc 0x79eacc 0x0
GetMenuStringW 0x0 0xc41038 0x8402d0 0x79ead0 0x0
FillRect 0x0 0xc4103c 0x8402d4 0x79ead4 0x0
UnregisterClassA 0x0 0xc41040 0x8402d8 0x79ead8 0x0
SendMessageA 0x0 0xc41044 0x8402dc 0x79eadc 0x0
IsClipboardFormatAvailable 0x0 0xc41048 0x8402e0 0x79eae0 0x0
EnumWindows 0x0 0xc4104c 0x8402e4 0x79eae4 0x0
ShowOwnedPopups 0x0 0xc41050 0x8402e8 0x79eae8 0x0
GetClassInfoExW 0x0 0xc41054 0x8402ec 0x79eaec 0x0
GetClassInfoW 0x0 0xc41058 0x8402f0 0x79eaf0 0x0
GetScrollRange 0x0 0xc4105c 0x8402f4 0x79eaf4 0x0
SetActiveWindow 0x0 0xc41060 0x8402f8 0x79eaf8 0x0
GetActiveWindow 0x0 0xc41064 0x8402fc 0x79eafc 0x0
DrawEdge 0x0 0xc41068 0x840300 0x79eb00 0x0
GetKeyboardLayoutList 0x0 0xc4106c 0x840304 0x79eb04 0x0
LoadBitmapW 0x0 0xc41070 0x840308 0x79eb08 0x0
EnumChildWindows 0x0 0xc41074 0x84030c 0x79eb0c 0x0
CreateDialogParamW 0x0 0xc41078 0x840310 0x79eb10 0x0
SendMessageTimeoutA 0x0 0xc4107c 0x840314 0x79eb14 0x0
SendNotifyMessageW 0x0 0xc41080 0x840318 0x79eb18 0x0
GetScrollBarInfo 0x0 0xc41084 0x84031c 0x79eb1c 0x0
UnhookWindowsHookEx 0x0 0xc41088 0x840320 0x79eb20 0x0
SetCapture 0x0 0xc4108c 0x840324 0x79eb24 0x0
GetCapture 0x0 0xc41090 0x840328 0x79eb28 0x0
ChildWindowFromPointEx 0x0 0xc41094 0x84032c 0x79eb2c 0x0
CreatePopupMenu 0x0 0xc41098 0x840330 0x79eb30 0x0
LoadMenuW 0x0 0xc4109c 0x840334 0x79eb34 0x0
ShowCaret 0x0 0xc410a0 0x840338 0x79eb38 0x0
GetMenuItemID 0x0 0xc410a4 0x84033c 0x79eb3c 0x0
DestroyCaret 0x0 0xc410a8 0x840340 0x79eb40 0x0
CharLowerBuffW 0x0 0xc410ac 0x840344 0x79eb44 0x0
PostMessageW 0x0 0xc410b0 0x840348 0x79eb48 0x0
SetWindowLongW 0x0 0xc410b4 0x84034c 0x79eb4c 0x0
RegisterClassExW 0x0 0xc410b8 0x840350 0x79eb50 0x0
DrawMenuBar 0x0 0xc410bc 0x840354 0x79eb54 0x0
SetParent 0x0 0xc410c0 0x840358 0x79eb58 0x0
IsZoomed 0x0 0xc410c4 0x84035c 0x79eb5c 0x0
InvalidateRgn 0x0 0xc410c8 0x840360 0x79eb60 0x0
GetClientRect 0x0 0xc410cc 0x840364 0x79eb64 0x0
IsChild 0x0 0xc410d0 0x840368 0x79eb68 0x0
LoadImageA 0x0 0xc410d4 0x84036c 0x79eb6c 0x0
IntersectRect 0x0 0xc410d8 0x840370 0x79eb70 0x0
IsIconic 0x0 0xc410dc 0x840374 0x79eb74 0x0
CallNextHookEx 0x0 0xc410e0 0x840378 0x79eb78 0x0
CloseDesktop 0x0 0xc410e4 0x84037c 0x79eb7c 0x0
ShowWindow 0x0 0xc410e8 0x840380 0x79eb80 0x0
SetForegroundWindow 0x0 0xc410ec 0x840384 0x79eb84 0x0
GetWindowTextW 0x0 0xc410f0 0x840388 0x79eb88 0x0
GetAsyncKeyState 0x0 0xc410f4 0x84038c 0x79eb8c 0x0
PostThreadMessageA 0x0 0xc410f8 0x840390 0x79eb90 0x0
DestroyWindow 0x0 0xc410fc 0x840394 0x79eb94 0x0
IsDialogMessageW 0x0 0xc41100 0x840398 0x79eb98 0x0
EndMenu 0x0 0xc41104 0x84039c 0x79eb9c 0x0
RegisterClassW 0x0 0xc41108 0x8403a0 0x79eba0 0x0
CharNextW 0x0 0xc4110c 0x8403a4 0x79eba4 0x0
GetFocus 0x0 0xc41110 0x8403a8 0x79eba8 0x0
GetDC 0x0 0xc41114 0x8403ac 0x79ebac 0x0
SetThreadDesktop 0x0 0xc41118 0x8403b0 0x79ebb0 0x0
GetThreadDesktop 0x0 0xc4111c 0x8403b4 0x79ebb4 0x0
SetFocus 0x0 0xc41120 0x8403b8 0x79ebb8 0x0
ReleaseDC 0x0 0xc41124 0x8403bc 0x79ebbc 0x0
mouse_event 0x0 0xc41128 0x8403c0 0x79ebc0 0x0
ExitWindowsEx 0x0 0xc4112c 0x8403c4 0x79ebc4 0x0
CreateWindowExA 0x0 0xc41130 0x8403c8 0x79ebc8 0x0
GetClassLongW 0x0 0xc41134 0x8403cc 0x79ebcc 0x0
GetMessageA 0x0 0xc41138 0x8403d0 0x79ebd0 0x0
DrawTextW 0x0 0xc4113c 0x8403d4 0x79ebd4 0x0
SetScrollRange 0x0 0xc41140 0x8403d8 0x79ebd8 0x0
PeekMessageA 0x0 0xc41144 0x8403dc 0x79ebdc 0x0
MessageBeep 0x0 0xc41148 0x8403e0 0x79ebe0 0x0
SetClassLongW 0x0 0xc4114c 0x8403e4 0x79ebe4 0x0
SetRectEmpty 0x0 0xc41150 0x8403e8 0x79ebe8 0x0
RemovePropW 0x0 0xc41154 0x8403ec 0x79ebec 0x0
AttachThreadInput 0x0 0xc41158 0x8403f0 0x79ebf0 0x0
GetSubMenu 0x0 0xc4115c 0x8403f4 0x79ebf4 0x0
OpenInputDesktop 0x0 0xc41160 0x8403f8 0x79ebf8 0x0
EqualRect 0x0 0xc41164 0x8403fc 0x79ebfc 0x0
DestroyIcon 0x0 0xc41168 0x840400 0x79ec00 0x0
IsWindowVisible 0x0 0xc4116c 0x840404 0x79ec04 0x0
CharToOemW 0x0 0xc41170 0x840408 0x79ec08 0x0
DispatchMessageA 0x0 0xc41174 0x84040c 0x79ec0c 0x0
PtInRect 0x0 0xc41178 0x840410 0x79ec10 0x0
GetGuiResources 0x0 0xc4117c 0x840414 0x79ec14 0x0
UnregisterClassW 0x0 0xc41180 0x840418 0x79ec18 0x0
GetTopWindow 0x0 0xc41184 0x84041c 0x79ec1c 0x0
SendMessageW 0x0 0xc41188 0x840420 0x79ec20 0x0
GetMessageTime 0x0 0xc4118c 0x840424 0x79ec24 0x0
GetComboBoxInfo 0x0 0xc41190 0x840428 0x79ec28 0x0
CreateMenu 0x0 0xc41194 0x84042c 0x79ec2c 0x0
LoadStringW 0x0 0xc41198 0x840430 0x79ec30 0x0
CharLowerW 0x0 0xc4119c 0x840434 0x79ec34 0x0
SetWindowRgn 0x0 0xc411a0 0x840438 0x79ec38 0x0
SetWindowPos 0x0 0xc411a4 0x84043c 0x79ec3c 0x0
GetWindowRgn 0x0 0xc411a8 0x840440 0x79ec40 0x0
GetMenuItemCount 0x0 0xc411ac 0x840444 0x79ec44 0x0
GetSysColorBrush 0x0 0xc411b0 0x840448 0x79ec48 0x0
GetWindowDC 0x0 0xc411b4 0x84044c 0x79ec4c 0x0
DrawTextExW 0x0 0xc411b8 0x840450 0x79ec50 0x0
CharLowerBuffA 0x0 0xc411bc 0x840454 0x79ec54 0x0
EnumClipboardFormats 0x0 0xc411c0 0x840458 0x79ec58 0x0
GetScrollInfo 0x0 0xc411c4 0x84045c 0x79ec5c 0x0
SetWindowTextW 0x0 0xc411c8 0x840460 0x79ec60 0x0
GetMessageExtraInfo 0x0 0xc411cc 0x840464 0x79ec64 0x0
EnableScrollBar 0x0 0xc411d0 0x840468 0x79ec68 0x0
GetSysColor 0x0 0xc411d4 0x84046c 0x79ec6c 0x0
TrackPopupMenu 0x0 0xc411d8 0x840470 0x79ec70 0x0
DrawIconEx 0x0 0xc411dc 0x840474 0x79ec74 0x0
keybd_event 0x0 0xc411e0 0x840478 0x79ec78 0x0
GetClassNameW 0x0 0xc411e4 0x84047c 0x79ec7c 0x0
GetMessagePos 0x0 0xc411e8 0x840480 0x79ec80 0x0
GetIconInfo 0x0 0xc411ec 0x840484 0x79ec84 0x0
SetScrollInfo 0x0 0xc411f0 0x840488 0x79ec88 0x0
GetKeyNameTextW 0x0 0xc411f4 0x84048c 0x79ec8c 0x0
GetDesktopWindow 0x0 0xc411f8 0x840490 0x79ec90 0x0
SetCursorPos 0x0 0xc411fc 0x840494 0x79ec94 0x0
GetCursorPos 0x0 0xc41200 0x840498 0x79ec98 0x0
SetMenu 0x0 0xc41204 0x84049c 0x79ec9c 0x0
GetMenuState 0x0 0xc41208 0x8404a0 0x79eca0 0x0
GetMenu 0x0 0xc4120c 0x8404a4 0x79eca4 0x0
SetRect 0x0 0xc41210 0x8404a8 0x79eca8 0x0
GetKeyState 0x0 0xc41214 0x8404ac 0x79ecac 0x0
IsRectEmpty 0x0 0xc41218 0x8404b0 0x79ecb0 0x0
ValidateRect 0x0 0xc4121c 0x8404b4 0x79ecb4 0x0
GetCursor 0x0 0xc41220 0x8404b8 0x79ecb8 0x0
GetWindowTextA 0x0 0xc41224 0x8404bc 0x79ecbc 0x0
KillTimer 0x0 0xc41228 0x8404c0 0x79ecc0 0x0
BeginDeferWindowPos 0x0 0xc4122c 0x8404c4 0x79ecc4 0x0
WaitMessage 0x0 0xc41230 0x8404c8 0x79ecc8 0x0
RegisterClassA 0x0 0xc41234 0x8404cc 0x79eccc 0x0
TranslateMDISysAccel 0x0 0xc41238 0x8404d0 0x79ecd0 0x0
GetWindowPlacement 0x0 0xc4123c 0x8404d4 0x79ecd4 0x0
CreateIconIndirect 0x0 0xc41240 0x8404d8 0x79ecd8 0x0
GetMenuItemRect 0x0 0xc41244 0x8404dc 0x79ecdc 0x0
CreateWindowExW 0x0 0xc41248 0x8404e0 0x79ece0 0x0
ChildWindowFromPoint 0x0 0xc4124c 0x8404e4 0x79ece4 0x0
OpenDesktopW 0x0 0xc41250 0x8404e8 0x79ece8 0x0
GetMessageW 0x0 0xc41254 0x8404ec 0x79ecec 0x0
GetDCEx 0x0 0xc41258 0x8404f0 0x79ecf0 0x0
PeekMessageW 0x0 0xc4125c 0x8404f4 0x79ecf4 0x0
MonitorFromWindow 0x0 0xc41260 0x8404f8 0x79ecf8 0x0
GetUpdateRect 0x0 0xc41264 0x8404fc 0x79ecfc 0x0
MessageBoxA 0x0 0xc41268 0x840500 0x79ed00 0x0
SetTimer 0x0 0xc4126c 0x840504 0x79ed04 0x0
WindowFromPoint 0x0 0xc41270 0x840508 0x79ed08 0x0
BeginPaint 0x0 0xc41274 0x84050c 0x79ed0c 0x0
RegisterClipboardFormatW 0x0 0xc41278 0x840510 0x79ed10 0x0
MapVirtualKeyW 0x0 0xc4127c 0x840514 0x79ed14 0x0
OffsetRect 0x0 0xc41280 0x840518 0x79ed18 0x0
IsWindowUnicode 0x0 0xc41284 0x84051c 0x79ed1c 0x0
DispatchMessageW 0x0 0xc41288 0x840520 0x79ed20 0x0
CreateAcceleratorTableW 0x0 0xc4128c 0x840524 0x79ed24 0x0
DefMDIChildProcW 0x0 0xc41290 0x840528 0x79ed28 0x0
GetSystemMenu 0x0 0xc41294 0x84052c 0x79ed2c 0x0
SetScrollPos 0x0 0xc41298 0x840530 0x79ed30 0x0
GetScrollPos 0x0 0xc4129c 0x840534 0x79ed34 0x0
InflateRect 0x0 0xc412a0 0x840538 0x79ed38 0x0
DrawFocusRect 0x0 0xc412a4 0x84053c 0x79ed3c 0x0
ReleaseCapture 0x0 0xc412a8 0x840540 0x79ed40 0x0
SendInput 0x0 0xc412ac 0x840544 0x79ed44 0x0
LoadCursorW 0x0 0xc412b0 0x840548 0x79ed48 0x0
ScrollWindow 0x0 0xc412b4 0x84054c 0x79ed4c 0x0
GetLastActivePopup 0x0 0xc412b8 0x840550 0x79ed50 0x0
GetCursorInfo 0x0 0xc412bc 0x840554 0x79ed54 0x0
CallWindowProcA 0x0 0xc412c0 0x840558 0x79ed58 0x0
GetSystemMetrics 0x0 0xc412c4 0x84055c 0x79ed5c 0x0
SetWindowTextA 0x0 0xc412c8 0x840560 0x79ed60 0x0
CharUpperBuffW 0x0 0xc412cc 0x840564 0x79ed64 0x0
GetClassNameA 0x0 0xc412d0 0x840568 0x79ed68 0x0
ClientToScreen 0x0 0xc412d4 0x84056c 0x79ed6c 0x0
SetClipboardData 0x0 0xc412d8 0x840570 0x79ed70 0x0
GetClipboardData 0x0 0xc412dc 0x840574 0x79ed74 0x0
SetWindowPlacement 0x0 0xc412e0 0x840578 0x79ed78 0x0
GetMonitorInfoW 0x0 0xc412e4 0x84057c 0x79ed7c 0x0
CheckMenuItem 0x0 0xc412e8 0x840580 0x79ed80 0x0
CharUpperW 0x0 0xc412ec 0x840584 0x79ed84 0x0
DefWindowProcW 0x0 0xc412f0 0x840588 0x79ed88 0x0
GetForegroundWindow 0x0 0xc412f4 0x84058c 0x79ed8c 0x0
EnableWindow 0x0 0xc412f8 0x840590 0x79ed90 0x0
GetWindowThreadProcessId 0x0 0xc412fc 0x840594 0x79ed94 0x0
RedrawWindow 0x0 0xc41300 0x840598 0x79ed98 0x0
EndPaint 0x0 0xc41304 0x84059c 0x79ed9c 0x0
MsgWaitForMultipleObjectsEx 0x0 0xc41308 0x8405a0 0x79eda0 0x0
FindWindowA 0x0 0xc4130c 0x8405a4 0x79eda4 0x0
LoadKeyboardLayoutW 0x0 0xc41310 0x8405a8 0x79eda8 0x0
ActivateKeyboardLayout 0x0 0xc41314 0x8405ac 0x79edac 0x0
GetParent 0x0 0xc41318 0x8405b0 0x79edb0 0x0
CreateCaret 0x0 0xc4131c 0x8405b4 0x79edb4 0x0
MonitorFromRect 0x0 0xc41320 0x8405b8 0x79edb8 0x0
InsertMenuItemW 0x0 0xc41324 0x8405bc 0x79edbc 0x0
GetPropW 0x0 0xc41328 0x8405c0 0x79edc0 0x0
MessageBoxW 0x0 0xc4132c 0x8405c4 0x79edc4 0x0
SetPropW 0x0 0xc41330 0x8405c8 0x79edc8 0x0
UpdateWindow 0x0 0xc41334 0x8405cc 0x79edcc 0x0
MsgWaitForMultipleObjects 0x0 0xc41338 0x8405d0 0x79edd0 0x0
DestroyMenu 0x0 0xc4133c 0x8405d4 0x79edd4 0x0
OemToCharA 0x0 0xc41340 0x8405d8 0x79edd8 0x0
SetWindowsHookExW 0x0 0xc41344 0x8405dc 0x79eddc 0x0
EmptyClipboard 0x0 0xc41348 0x8405e0 0x79ede0 0x0
GetAncestor 0x0 0xc4134c 0x8405e4 0x79ede4 0x0
GetDlgItem 0x0 0xc41350 0x8405e8 0x79ede8 0x0
AdjustWindowRectEx 0x0 0xc41354 0x8405ec 0x79edec 0x0
DrawIcon 0x0 0xc41358 0x8405f0 0x79edf0 0x0
IsWindow 0x0 0xc4135c 0x8405f4 0x79edf4 0x0
EnumThreadWindows 0x0 0xc41360 0x8405f8 0x79edf8 0x0
InvalidateRect 0x0 0xc41364 0x8405fc 0x79edfc 0x0
GetKeyboardState 0x0 0xc41368 0x840600 0x79ee00 0x0
DrawFrameControl 0x0 0xc4136c 0x840604 0x79ee04 0x0
ScreenToClient 0x0 0xc41370 0x840608 0x79ee08 0x0
BringWindowToTop 0x0 0xc41374 0x84060c 0x79ee0c 0x0
SetCursor 0x0 0xc41378 0x840610 0x79ee10 0x0
CreateIcon 0x0 0xc4137c 0x840614 0x79ee14 0x0
RemoveMenu 0x0 0xc41380 0x840618 0x79ee18 0x0
GetKeyboardLayoutNameW 0x0 0xc41384 0x84061c 0x79ee1c 0x0
OpenClipboard 0x0 0xc41388 0x840620 0x79ee20 0x0
TranslateMessage 0x0 0xc4138c 0x840624 0x79ee24 0x0
MapWindowPoints 0x0 0xc41390 0x840628 0x79ee28 0x0
EnumDisplayMonitors 0x0 0xc41394 0x84062c 0x79ee2c 0x0
CallWindowProcW 0x0 0xc41398 0x840630 0x79ee30 0x0
CountClipboardFormats 0x0 0xc4139c 0x840634 0x79ee34 0x0
CloseClipboard 0x0 0xc413a0 0x840638 0x79ee38 0x0
DestroyCursor 0x0 0xc413a4 0x84063c 0x79ee3c 0x0
PostMessageA 0x0 0xc413a8 0x840640 0x79ee40 0x0
CharUpperBuffA 0x0 0xc413ac 0x840644 0x79ee44 0x0
CopyIcon 0x0 0xc413b0 0x840648 0x79ee48 0x0
PostQuitMessage 0x0 0xc413b4 0x84064c 0x79ee4c 0x0
GetProcessWindowStation 0x0 0xc413b8 0x840650 0x79ee50 0x0
ShowScrollBar 0x0 0xc413bc 0x840654 0x79ee54 0x0
EnableMenuItem 0x0 0xc413c0 0x840658 0x79ee58 0x0
LoadImageW 0x0 0xc413c4 0x84065c 0x79ee5c 0x0
DeferWindowPos 0x0 0xc413c8 0x840660 0x79ee60 0x0
EndDeferWindowPos 0x0 0xc413cc 0x840664 0x79ee64 0x0
HideCaret 0x0 0xc413d0 0x840668 0x79ee68 0x0
FindWindowExW 0x0 0xc413d4 0x84066c 0x79ee6c 0x0
MonitorFromPoint 0x0 0xc413d8 0x840670 0x79ee70 0x0
LoadIconW 0x0 0xc413dc 0x840674 0x79ee74 0x0
SystemParametersInfoW 0x0 0xc413e0 0x840678 0x79ee78 0x0
GetWindow 0x0 0xc413e4 0x84067c 0x79ee7c 0x0
DefWindowProcA 0x0 0xc413e8 0x840680 0x79ee80 0x0
GetWindowLongW 0x0 0xc413ec 0x840684 0x79ee84 0x0
GetWindowRect 0x0 0xc413f0 0x840688 0x79ee88 0x0
InsertMenuW 0x0 0xc413f4 0x84068c 0x79ee8c 0x0
PostThreadMessageW 0x0 0xc413f8 0x840690 0x79ee90 0x0
IsWindowEnabled 0x0 0xc413fc 0x840694 0x79ee94 0x0
IsDialogMessageA 0x0 0xc41400 0x840698 0x79ee98 0x0
FindWindowW 0x0 0xc41404 0x84069c 0x79ee9c 0x0
DeleteMenu 0x0 0xc41408 0x8406a0 0x79eea0 0x0
GetUserObjectInformationW 0x0 0xc4140c 0x8406a4 0x79eea4 0x0
GetKeyboardLayout 0x0 0xc41410 0x8406a8 0x79eea8 0x0
version.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoSizeW 0x0 0xc41418 0x8406b0 0x79eeb0 0x0
GetFileVersionInfoSizeA 0x0 0xc4141c 0x8406b4 0x79eeb4 0x0
VerQueryValueW 0x0 0xc41420 0x8406b8 0x79eeb8 0x0
VerQueryValueA 0x0 0xc41424 0x8406bc 0x79eebc 0x0
GetFileVersionInfoW 0x0 0xc41428 0x8406c0 0x79eec0 0x0
GetFileVersionInfoA 0x0 0xc4142c 0x8406c4 0x79eec4 0x0
oleaut32.dll (20)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SafeArrayPutElement 0x0 0xc41434 0x8406cc 0x79eecc 0x0
SetErrorInfo 0x0 0xc41438 0x8406d0 0x79eed0 0x0
GetErrorInfo 0x0 0xc4143c 0x8406d4 0x79eed4 0x0
VariantInit 0x0 0xc41440 0x8406d8 0x79eed8 0x0
VariantClear 0x0 0xc41444 0x8406dc 0x79eedc 0x0
SysFreeString 0x0 0xc41448 0x8406e0 0x79eee0 0x0
SafeArrayAccessData 0x0 0xc4144c 0x8406e4 0x79eee4 0x0
SysReAllocStringLen 0x0 0xc41450 0x8406e8 0x79eee8 0x0
SafeArrayCreate 0x0 0xc41454 0x8406ec 0x79eeec 0x0
CreateErrorInfo 0x0 0xc41458 0x8406f0 0x79eef0 0x0
SafeArrayGetElement 0x0 0xc4145c 0x8406f4 0x79eef4 0x0
GetActiveObject 0x0 0xc41460 0x8406f8 0x79eef8 0x0
SysAllocStringLen 0x0 0xc41464 0x8406fc 0x79eefc 0x0
SafeArrayUnaccessData 0x0 0xc41468 0x840700 0x79ef00 0x0
SafeArrayPtrOfIndex 0x0 0xc4146c 0x840704 0x79ef04 0x0
VariantCopy 0x0 0xc41470 0x840708 0x79ef08 0x0
SafeArrayGetUBound 0x0 0xc41474 0x84070c 0x79ef0c 0x0
SafeArrayGetLBound 0x0 0xc41478 0x840710 0x79ef10 0x0
VariantCopyInd 0x0 0xc4147c 0x840714 0x79ef14 0x0
VariantChangeType 0x0 0xc41480 0x840718 0x79ef18 0x0
msvcrt.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
memcpy 0x0 0xc41488 0x840720 0x79ef20 0x0
memset 0x0 0xc4148c 0x840724 0x79ef24 0x0
advapi32.dll (67)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptExportKey 0x0 0xc41494 0x84072c 0x79ef2c 0x0
ControlService 0x0 0xc41498 0x840730 0x79ef30 0x0
CryptDecrypt 0x0 0xc4149c 0x840734 0x79ef34 0x0
CryptDestroyKey 0x0 0xc414a0 0x840738 0x79ef38 0x0
CryptImportKey 0x0 0xc414a4 0x84073c 0x79ef3c 0x0
CryptEncrypt 0x0 0xc414a8 0x840740 0x79ef40 0x0
CreateServiceW 0x0 0xc414ac 0x840744 0x79ef44 0x0
RegDisablePredefinedCache 0x0 0xc414b0 0x840748 0x79ef48 0x0
RegisterServiceCtrlHandlerExW 0x0 0xc414b4 0x84074c 0x79ef4c 0x0
RegUnLoadKeyW 0x0 0xc414b8 0x840750 0x79ef50 0x0
CryptReleaseContext 0x0 0xc414bc 0x840754 0x79ef54 0x0
RegSaveKeyW 0x0 0xc414c0 0x840758 0x79ef58 0x0
DeleteService 0x0 0xc414c4 0x84075c 0x79ef5c 0x0
RegReplaceKeyW 0x0 0xc414c8 0x840760 0x79ef60 0x0
SetTokenInformation 0x0 0xc414cc 0x840764 0x79ef64 0x0
GetTokenInformation 0x0 0xc414d0 0x840768 0x79ef68 0x0
LookupAccountSidW 0x0 0xc414d4 0x84076c 0x79ef6c 0x0
ChangeServiceConfigW 0x0 0xc414d8 0x840770 0x79ef70 0x0
RegCreateKeyExA 0x0 0xc414dc 0x840774 0x79ef74 0x0
RegCreateKeyExW 0x0 0xc414e0 0x840778 0x79ef78 0x0
CryptAcquireContextA 0x0 0xc414e4 0x84077c 0x79ef7c 0x0
CryptAcquireContextW 0x0 0xc414e8 0x840780 0x79ef80 0x0
SetSecurityDescriptorDacl 0x0 0xc414ec 0x840784 0x79ef84 0x0
SetEntriesInAclW 0x0 0xc414f0 0x840788 0x79ef88 0x0
RevertToSelf 0x0 0xc414f4 0x84078c 0x79ef8c 0x0
RegEnumKeyExW 0x0 0xc414f8 0x840790 0x79ef90 0x0
QueryServiceConfigW 0x0 0xc414fc 0x840794 0x79ef94 0x0
OpenSCManagerW 0x0 0xc41500 0x840798 0x79ef98 0x0
RegOpenKeyExA 0x0 0xc41504 0x84079c 0x79ef9c 0x0
RegOpenKeyExW 0x0 0xc41508 0x8407a0 0x79efa0 0x0
AllocateAndInitializeSid 0x0 0xc4150c 0x8407a4 0x79efa4 0x0
RegDeleteValueW 0x0 0xc41510 0x8407a8 0x79efa8 0x0
RegDeleteValueA 0x0 0xc41514 0x8407ac 0x79efac 0x0
ImpersonateLoggedOnUser 0x0 0xc41518 0x8407b0 0x79efb0 0x0
RegFlushKey 0x0 0xc4151c 0x8407b4 0x79efb4 0x0
RegEnumValueW 0x0 0xc41520 0x8407b8 0x79efb8 0x0
RegQueryValueExA 0x0 0xc41524 0x8407bc 0x79efbc 0x0
RegQueryValueExW 0x0 0xc41528 0x8407c0 0x79efc0 0x0
InitializeSecurityDescriptor 0x0 0xc4152c 0x8407c4 0x79efc4 0x0
RegRestoreKeyW 0x0 0xc41530 0x8407c8 0x79efc8 0x0
EnumServicesStatusW 0x0 0xc41534 0x8407cc 0x79efcc 0x0
CloseServiceHandle 0x0 0xc41538 0x8407d0 0x79efd0 0x0
RegSetValueExA 0x0 0xc4153c 0x8407d4 0x79efd4 0x0
RegSetValueExW 0x0 0xc41540 0x8407d8 0x79efd8 0x0
RegConnectRegistryW 0x0 0xc41544 0x8407dc 0x79efdc 0x0
StartServiceCtrlDispatcherW 0x0 0xc41548 0x8407e0 0x79efe0 0x0
LookupAccountNameW 0x0 0xc4154c 0x8407e4 0x79efe4 0x0
GetUserNameA 0x0 0xc41550 0x8407e8 0x79efe8 0x0
GetUserNameW 0x0 0xc41554 0x8407ec 0x79efec 0x0
DeregisterEventSource 0x0 0xc41558 0x8407f0 0x79eff0 0x0
DuplicateToken 0x0 0xc4155c 0x8407f4 0x79eff4 0x0
RegQueryInfoKeyW 0x0 0xc41560 0x8407f8 0x79eff8 0x0
SetServiceStatus 0x0 0xc41564 0x8407fc 0x79effc 0x0
StartServiceW 0x0 0xc41568 0x840800 0x79f000 0x0
RegisterEventSourceW 0x0 0xc4156c 0x840804 0x79f004 0x0
ChangeServiceConfig2W 0x0 0xc41570 0x840808 0x79f008 0x0
OpenServiceW 0x0 0xc41574 0x84080c 0x79f00c 0x0
RegLoadKeyW 0x0 0xc41578 0x840810 0x79f010 0x0
QueryServiceConfig2W 0x0 0xc4157c 0x840814 0x79f014 0x0
RegDeleteKeyW 0x0 0xc41580 0x840818 0x79f018 0x0
CryptGenKey 0x0 0xc41584 0x84081c 0x79f01c 0x0
OpenProcessToken 0x0 0xc41588 0x840820 0x79f020 0x0
FreeSid 0x0 0xc4158c 0x840824 0x79f024 0x0
ReportEventW 0x0 0xc41590 0x840828 0x79f028 0x0
SetNamedSecurityInfoW 0x0 0xc41594 0x84082c 0x79f02c 0x0
ConvertSidToStringSidW 0x0 0xc41598 0x840830 0x79f030 0x0
RegCloseKey 0x0 0xc4159c 0x840834 0x79f034 0x0
netapi32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NetWkstaGetInfo 0x0 0xc415a4 0x84083c 0x79f03c 0x0
NetApiBufferFree 0x0 0xc415a8 0x840840 0x79f040 0x0
winhttp.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WinHttpReadData 0x0 0xc415b0 0x840848 0x79f048 0x0
WinHttpCloseHandle 0x0 0xc415b4 0x84084c 0x79f04c 0x0
WinHttpQueryHeaders 0x0 0xc415b8 0x840850 0x79f050 0x0
WinHttpSetTimeouts 0x0 0xc415bc 0x840854 0x79f054 0x0
WinHttpOpenRequest 0x0 0xc415c0 0x840858 0x79f058 0x0
WinHttpConnect 0x0 0xc415c4 0x84085c 0x79f05c 0x0
WinHttpOpen 0x0 0xc415c8 0x840860 0x79f060 0x0
WinHttpCrackUrl 0x0 0xc415cc 0x840864 0x79f064 0x0
WinHttpQueryDataAvailable 0x0 0xc415d0 0x840868 0x79f068 0x0
WinHttpReceiveResponse 0x0 0xc415d4 0x84086c 0x79f06c 0x0
WinHttpSendRequest 0x0 0xc415d8 0x840870 0x79f070 0x0
kernel32.dll (226)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetFileTime 0x0 0xc415e0 0x840878 0x79f078 0x0
GetFileType 0x0 0xc415e4 0x84087c 0x79f07c 0x0
GetFileTime 0x0 0xc415e8 0x840880 0x79f080 0x0
GetACP 0x0 0xc415ec 0x840884 0x79f084 0x0
GetStringTypeExW 0x0 0xc415f0 0x840888 0x79f088 0x0
GetExitCodeProcess 0x0 0xc415f4 0x84088c 0x79f08c 0x0
LocalFree 0x0 0xc415f8 0x840890 0x79f090 0x0
CloseHandle 0x0 0xc415fc 0x840894 0x79f094 0x0
SizeofResource 0x0 0xc41600 0x840898 0x79f098 0x0
GetSystemDefaultLangID 0x0 0xc41604 0x84089c 0x79f09c 0x0
GetCurrentProcessId 0x0 0xc41608 0x8408a0 0x79f0a0 0x0
Beep 0x0 0xc4160c 0x8408a4 0x79f0a4 0x0
TerminateThread 0x0 0xc41610 0x8408a8 0x79f0a8 0x0
SetHandleInformation 0x0 0xc41614 0x8408ac 0x79f0ac 0x0
IsDebuggerPresent 0x0 0xc41618 0x8408b0 0x79f0b0 0x0
GetHandleInformation 0x0 0xc4161c 0x8408b4 0x79f0b4 0x0
GetFullPathNameW 0x0 0xc41620 0x8408b8 0x79f0b8 0x0
FindNextFileW 0x0 0xc41624 0x8408bc 0x79f0bc 0x0
GlobalSize 0x0 0xc41628 0x8408c0 0x79f0c0 0x0
GetCPInfoExW 0x0 0xc4162c 0x8408c4 0x79f0c4 0x0
GetSystemTime 0x0 0xc41630 0x8408c8 0x79f0c8 0x0
SetUnhandledExceptionFilter 0x0 0xc41634 0x8408cc 0x79f0cc 0x0
GetTempPathA 0x0 0xc41638 0x8408d0 0x79f0d0 0x0
EnumSystemLocalesW 0x0 0xc4163c 0x8408d4 0x79f0d4 0x0
GetTimeZoneInformation 0x0 0xc41640 0x8408d8 0x79f0d8 0x0
FileTimeToLocalFileTime 0x0 0xc41644 0x8408dc 0x79f0dc 0x0
GetVersionExA 0x0 0xc41648 0x8408e0 0x79f0e0 0x0
FreeLibrary 0x0 0xc4164c 0x8408e4 0x79f0e4 0x0
HeapDestroy 0x0 0xc41650 0x8408e8 0x79f0e8 0x0
GetUserDefaultLCID 0x0 0xc41654 0x8408ec 0x79f0ec 0x0
GetDiskFreeSpaceA 0x0 0xc41658 0x8408f0 0x79f0f0 0x0
FindFirstFileA 0x0 0xc4165c 0x8408f4 0x79f0f4 0x0
SetLastError 0x0 0xc41660 0x8408f8 0x79f0f8 0x0
WaitNamedPipeW 0x0 0xc41664 0x8408fc 0x79f0fc 0x0
GetModuleFileNameW 0x0 0xc41668 0x840900 0x79f100 0x0
GetLastError 0x0 0xc4166c 0x840904 0x79f104 0x0
GlobalAlloc 0x0 0xc41670 0x840908 0x79f108 0x0
GlobalUnlock 0x0 0xc41674 0x84090c 0x79f10c 0x0
CompareStringW 0x0 0xc41678 0x840910 0x79f110 0x0
CreateThread 0x0 0xc4167c 0x840914 0x79f114 0x0
GetGeoInfoW 0x0 0xc41680 0x840918 0x79f118 0x0
CreateMutexW 0x0 0xc41684 0x84091c 0x79f11c 0x0
LoadLibraryA 0x0 0xc41688 0x840920 0x79f120 0x0
ResetEvent 0x0 0xc4168c 0x840924 0x79f124 0x0
GetVolumeInformationW 0x0 0xc41690 0x840928 0x79f128 0x0
OpenEventW 0x0 0xc41694 0x84092c 0x79f12c 0x0
RaiseException 0x0 0xc41698 0x840930 0x79f130 0x0
FormatMessageW 0x0 0xc4169c 0x840934 0x79f134 0x0
GetCurrentThread 0x0 0xc416a0 0x840938 0x79f138 0x0
CreateFileMappingA 0x0 0xc416a4 0x84093c 0x79f13c 0x0
IsBadReadPtr 0x0 0xc416a8 0x840940 0x79f140 0x0
ExpandEnvironmentStringsW 0x0 0xc416ac 0x840944 0x79f144 0x0
GetComputerNameA 0x0 0xc416b0 0x840948 0x79f148 0x0
LoadLibraryExW 0x0 0xc416b4 0x84094c 0x79f14c 0x0
FileTimeToSystemTime 0x0 0xc416b8 0x840950 0x79f150 0x0
VirtualQuery 0x0 0xc416bc 0x840954 0x79f154 0x0
GlobalFindAtomW 0x0 0xc416c0 0x840958 0x79f158 0x0
VirtualQueryEx 0x0 0xc416c4 0x84095c 0x79f15c 0x0
Sleep 0x0 0xc416c8 0x840960 0x79f160 0x0
SetFilePointer 0x0 0xc416cc 0x840964 0x79f164 0x0
FlushFileBuffers 0x0 0xc416d0 0x840968 0x79f168 0x0
LoadResource 0x0 0xc416d4 0x84096c 0x79f16c 0x0
SuspendThread 0x0 0xc416d8 0x840970 0x79f170 0x0
GetTickCount 0x0 0xc416dc 0x840974 0x79f174 0x0
WritePrivateProfileStringW 0x0 0xc416e0 0x840978 0x79f178 0x0
WaitForMultipleObjects 0x0 0xc416e4 0x84097c 0x79f17c 0x0
OpenFileMappingA 0x0 0xc416e8 0x840980 0x79f180 0x0
FindNextFileA 0x0 0xc416ec 0x840984 0x79f184 0x0
GetFileSize 0x0 0xc416f0 0x840988 0x79f188 0x0
GetStartupInfoW 0x0 0xc416f4 0x84098c 0x79f18c 0x0
GetFileAttributesW 0x0 0xc416f8 0x840990 0x79f190 0x0
LocalSize 0x0 0xc416fc 0x840994 0x79f194 0x0
VerLanguageNameW 0x0 0xc41700 0x840998 0x79f198 0x0
GetThreadPriority 0x0 0xc41704 0x84099c 0x79f19c 0x0
SetThreadPriority 0x0 0xc41708 0x8409a0 0x79f1a0 0x0
VirtualAlloc 0x0 0xc4170c 0x8409a4 0x79f1a4 0x0
GetSystemInfo 0x0 0xc41710 0x8409a8 0x79f1a8 0x0
GetTempPathW 0x0 0xc41714 0x8409ac 0x79f1ac 0x0
LeaveCriticalSection 0x0 0xc41718 0x8409b0 0x79f1b0 0x0
GetLogicalDriveStringsW 0x0 0xc4171c 0x8409b4 0x79f1b4 0x0
WinExec 0x0 0xc41720 0x8409b8 0x79f1b8 0x0
GetModuleHandleA 0x0 0xc41724 0x8409bc 0x79f1bc 0x0
HeapCreate 0x0 0xc41728 0x8409c0 0x79f1c0 0x0
VerSetConditionMask 0x0 0xc4172c 0x8409c4 0x79f1c4 0x0
GetDiskFreeSpaceW 0x0 0xc41730 0x8409c8 0x79f1c8 0x0
GetUserDefaultUILanguage 0x0 0xc41734 0x8409cc 0x79f1cc 0x0
GetConsoleOutputCP 0x0 0xc41738 0x8409d0 0x79f1d0 0x0
GetModuleFileNameA 0x0 0xc4173c 0x8409d4 0x79f1d4 0x0
CompareStringA 0x0 0xc41740 0x8409d8 0x79f1d8 0x0
CopyFileA 0x0 0xc41744 0x8409dc 0x79f1dc 0x0
HeapFree 0x0 0xc41748 0x8409e0 0x79f1e0 0x0
WideCharToMultiByte 0x0 0xc4174c 0x8409e4 0x79f1e4 0x0
MultiByteToWideChar 0x0 0xc41750 0x8409e8 0x79f1e8 0x0
FindClose 0x0 0xc41754 0x8409ec 0x79f1ec 0x0
LoadLibraryW 0x0 0xc41758 0x8409f0 0x79f1f0 0x0
SetEvent 0x0 0xc4175c 0x8409f4 0x79f1f4 0x0
GetLocaleInfoW 0x0 0xc41760 0x8409f8 0x79f1f8 0x0
FormatMessageA 0x0 0xc41764 0x8409fc 0x79f1fc 0x0
ConnectNamedPipe 0x0 0xc41768 0x840a00 0x79f200 0x0
GetLocalTime 0x0 0xc4176c 0x840a04 0x79f204 0x0
WaitForSingleObject 0x0 0xc41770 0x840a08 0x79f208 0x0
DeleteCriticalSection 0x0 0xc41774 0x840a0c 0x79f20c 0x0
SetErrorMode 0x0 0xc41778 0x840a10 0x79f210 0x0
GetComputerNameW 0x0 0xc4177c 0x840a14 0x79f214 0x0
SleepEx 0x0 0xc41780 0x840a18 0x79f218 0x0
IsValidLocale 0x0 0xc41784 0x840a1c 0x79f21c 0x0
LoadLibraryExA 0x0 0xc41788 0x840a20 0x79f220 0x0
LocalAlloc 0x0 0xc4178c 0x840a24 0x79f224 0x0
GetPrivateProfileStringW 0x0 0xc41790 0x840a28 0x79f228 0x0
WaitForMultipleObjectsEx 0x0 0xc41794 0x840a2c 0x79f22c 0x0
SetFileAttributesW 0x0 0xc41798 0x840a30 0x79f230 0x0
VirtualProtect 0x0 0xc4179c 0x840a34 0x79f234 0x0
CreateSemaphoreW 0x0 0xc417a0 0x840a38 0x79f238 0x0
ReadProcessMemory 0x0 0xc417a4 0x840a3c 0x79f23c 0x0
OpenFileMappingW 0x0 0xc417a8 0x840a40 0x79f240 0x0
lstrcmpiW 0x0 0xc417ac 0x840a44 0x79f244 0x0
QueryPerformanceFrequency 0x0 0xc417b0 0x840a48 0x79f248 0x0
VirtualFree 0x0 0xc417b4 0x840a4c 0x79f24c 0x0
GetThreadContext 0x0 0xc417b8 0x840a50 0x79f250 0x0
FlushInstructionCache 0x0 0xc417bc 0x840a54 0x79f254 0x0
GetProcessHeap 0x0 0xc417c0 0x840a58 0x79f258 0x0
ExitProcess 0x0 0xc417c4 0x840a5c 0x79f25c 0x0
HeapAlloc 0x0 0xc417c8 0x840a60 0x79f260 0x0
GetFileAttributesA 0x0 0xc417cc 0x840a64 0x79f264 0x0
GetCurrentDirectoryA 0x0 0xc417d0 0x840a68 0x79f268 0x0
GetLongPathNameW 0x0 0xc417d4 0x840a6c 0x79f26c 0x0
RtlUnwind 0x0 0xc417d8 0x840a70 0x79f270 0x0
GetCPInfo 0x0 0xc417dc 0x840a74 0x79f274 0x0
GetCommandLineA 0x0 0xc417e0 0x840a78 0x79f278 0x0
GetStdHandle 0x0 0xc417e4 0x840a7c 0x79f27c 0x0
DisconnectNamedPipe 0x0 0xc417e8 0x840a80 0x79f280 0x0
GetModuleHandleW 0x0 0xc417ec 0x840a84 0x79f284 0x0
TryEnterCriticalSection 0x0 0xc417f0 0x840a88 0x79f288 0x0
GetWindowsDirectoryA 0x0 0xc417f4 0x840a8c 0x79f28c 0x0
FileTimeToDosDateTime 0x0 0xc417f8 0x840a90 0x79f290 0x0
ReadFile 0x0 0xc417fc 0x840a94 0x79f294 0x0
CreateProcessW 0x0 0xc41800 0x840a98 0x79f298 0x0
HeapSize 0x0 0xc41804 0x840a9c 0x79f29c 0x0
FindResourceW 0x0 0xc41808 0x840aa0 0x79f2a0 0x0
lstrlenA 0x0 0xc4180c 0x840aa4 0x79f2a4 0x0
GetUserGeoID 0x0 0xc41810 0x840aa8 0x79f2a8 0x0
CopyFileW 0x0 0xc41814 0x840aac 0x79f2ac 0x0
lstrcmpA 0x0 0xc41818 0x840ab0 0x79f2b0 0x0
MapViewOfFile 0x0 0xc4181c 0x840ab4 0x79f2b4 0x0
MulDiv 0x0 0xc41820 0x840ab8 0x79f2b8 0x0
CreateFileA 0x0 0xc41824 0x840abc 0x79f2bc 0x0
GetLocaleInfoA 0x0 0xc41828 0x840ac0 0x79f2c0 0x0
GetVersion 0x0 0xc4182c 0x840ac4 0x79f2c4 0x0
GetDriveTypeW 0x0 0xc41830 0x840ac8 0x79f2c8 0x0
GetComputerNameExW 0x0 0xc41834 0x840acc 0x79f2cc 0x0
FreeResource 0x0 0xc41838 0x840ad0 0x79f2d0 0x0
DeleteFileA 0x0 0xc4183c 0x840ad4 0x79f2d4 0x0
MoveFileW 0x0 0xc41840 0x840ad8 0x79f2d8 0x0
GlobalAddAtomW 0x0 0xc41844 0x840adc 0x79f2dc 0x0
OpenProcess 0x0 0xc41848 0x840ae0 0x79f2e0 0x0
SwitchToThread 0x0 0xc4184c 0x840ae4 0x79f2e4 0x0
GetExitCodeThread 0x0 0xc41850 0x840ae8 0x79f2e8 0x0
GetStringTypeW 0x0 0xc41854 0x840aec 0x79f2ec 0x0
OutputDebugStringW 0x0 0xc41858 0x840af0 0x79f2f0 0x0
SetNamedPipeHandleState 0x0 0xc4185c 0x840af4 0x79f2f4 0x0
CreateDirectoryA 0x0 0xc41860 0x840af8 0x79f2f8 0x0
SetPriorityClass 0x0 0xc41864 0x840afc 0x79f2fc 0x0
TerminateProcess 0x0 0xc41868 0x840b00 0x79f300 0x0
LockResource 0x0 0xc4186c 0x840b04 0x79f304 0x0
RemoveDirectoryA 0x0 0xc41870 0x840b08 0x79f308 0x0
GetCurrentThreadId 0x0 0xc41874 0x840b0c 0x79f30c 0x0
UnhandledExceptionFilter 0x0 0xc41878 0x840b10 0x79f310 0x0
PeekNamedPipe 0x0 0xc4187c 0x840b14 0x79f314 0x0
CreateEventA 0x0 0xc41880 0x840b18 0x79f318 0x0
GlobalFree 0x0 0xc41884 0x840b1c 0x79f31c 0x0
SetFileAttributesA 0x0 0xc41888 0x840b20 0x79f320 0x0
EnterCriticalSection 0x0 0xc4188c 0x840b24 0x79f324 0x0
ReleaseMutex 0x0 0xc41890 0x840b28 0x79f328 0x0
GetStringTypeExA 0x0 0xc41894 0x840b2c 0x79f32c 0x0
GlobalDeleteAtom 0x0 0xc41898 0x840b30 0x79f330 0x0
GetCurrentDirectoryW 0x0 0xc4189c 0x840b34 0x79f334 0x0
InitializeCriticalSection 0x0 0xc418a0 0x840b38 0x79f338 0x0
GlobalLock 0x0 0xc418a4 0x840b3c 0x79f33c 0x0
GetCurrentProcess 0x0 0xc418a8 0x840b40 0x79f340 0x0
GetCommandLineW 0x0 0xc418ac 0x840b44 0x79f344 0x0
DuplicateHandle 0x0 0xc418b0 0x840b48 0x79f348 0x0
ResumeThread 0x0 0xc418b4 0x840b4c 0x79f34c 0x0
GetProcAddress 0x0 0xc418b8 0x840b50 0x79f350 0x0
GetVersionExW 0x0 0xc418bc 0x840b54 0x79f354 0x0
VerifyVersionInfoW 0x0 0xc418c0 0x840b58 0x79f358 0x0
DeviceIoControl 0x0 0xc418c4 0x840b5c 0x79f35c 0x0
LCMapStringW 0x0 0xc418c8 0x840b60 0x79f360 0x0
FindFirstFileW 0x0 0xc418cc 0x840b64 0x79f364 0x0
CreateProcessA 0x0 0xc418d0 0x840b68 0x79f368 0x0
UnmapViewOfFile 0x0 0xc418d4 0x840b6c 0x79f36c 0x0
GetConsoleCP 0x0 0xc418d8 0x840b70 0x79f370 0x0
GlobalHandle 0x0 0xc418dc 0x840b74 0x79f374 0x0
SetProcessShutdownParameters 0x0 0xc418e0 0x840b78 0x79f378 0x0
FindResourceA 0x0 0xc418e4 0x840b7c 0x79f37c 0x0
lstrlenW 0x0 0xc418e8 0x840b80 0x79f380 0x0
QueryPerformanceCounter 0x0 0xc418ec 0x840b84 0x79f384 0x0
SetEndOfFile 0x0 0xc418f0 0x840b88 0x79f388 0x0
CopyFileExW 0x0 0xc418f4 0x840b8c 0x79f38c 0x0
lstrcmpW 0x0 0xc418f8 0x840b90 0x79f390 0x0
CreateMutexA 0x0 0xc418fc 0x840b94 0x79f394 0x0
ReleaseSemaphore 0x0 0xc41900 0x840b98 0x79f398 0x0
SystemTimeToFileTime 0x0 0xc41904 0x840b9c 0x79f39c 0x0
CreateFileW 0x0 0xc41908 0x840ba0 0x79f3a0 0x0
EnumResourceNamesW 0x0 0xc4190c 0x840ba4 0x79f3a4 0x0
GetSystemDirectoryW 0x0 0xc41910 0x840ba8 0x79f3a8 0x0
DeleteFileW 0x0 0xc41914 0x840bac 0x79f3ac 0x0
IsDBCSLeadByteEx 0x0 0xc41918 0x840bb0 0x79f3b0 0x0
GetEnvironmentVariableW 0x0 0xc4191c 0x840bb4 0x79f3b4 0x0
WriteFile 0x0 0xc41920 0x840bb8 0x79f3b8 0x0
CreateFileMappingW 0x0 0xc41924 0x840bbc 0x79f3bc 0x0
CreateNamedPipeW 0x0 0xc41928 0x840bc0 0x79f3c0 0x0
ExitThread 0x0 0xc4192c 0x840bc4 0x79f3c4 0x0
CreatePipe 0x0 0xc41930 0x840bc8 0x79f3c8 0x0
TlsGetValue 0x0 0xc41934 0x840bcc 0x79f3cc 0x0
GetDateFormatW 0x0 0xc41938 0x840bd0 0x79f3d0 0x0
ExpandEnvironmentStringsA 0x0 0xc4193c 0x840bd4 0x79f3d4 0x0
TlsSetValue 0x0 0xc41940 0x840bd8 0x79f3d8 0x0
GetSystemDefaultUILanguage 0x0 0xc41944 0x840bdc 0x79f3dc 0x0
CreateDirectoryW 0x0 0xc41948 0x840be0 0x79f3e0 0x0
EnumCalendarInfoW 0x0 0xc4194c 0x840be4 0x79f3e4 0x0
RemoveDirectoryW 0x0 0xc41950 0x840be8 0x79f3e8 0x0
OpenSemaphoreW 0x0 0xc41954 0x840bec 0x79f3ec 0x0
GlobalMemoryStatus 0x0 0xc41958 0x840bf0 0x79f3f0 0x0
CreateEventW 0x0 0xc4195c 0x840bf4 0x79f3f4 0x0
SetThreadLocale 0x0 0xc41960 0x840bf8 0x79f3f8 0x0
GetThreadLocale 0x0 0xc41964 0x840bfc 0x79f3fc 0x0
wintrust.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WinVerifyTrust 0x0 0xc4196c 0x840c04 0x79f404 0x0
SHFolder.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetFolderPathW 0x0 0xc41974 0x840c0c 0x79f40c 0x0
wsock32.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
htons 0x0 0xc4197c 0x840c14 0x79f414 0x0
ntohl 0x0 0xc41980 0x840c18 0x79f418 0x0
setsockopt 0x0 0xc41984 0x840c1c 0x79f41c 0x0
select 0x0 0xc41988 0x840c20 0x79f420 0x0
WSAStartup 0x0 0xc4198c 0x840c24 0x79f424 0x0
WSACleanup 0x0 0xc41990 0x840c28 0x79f428 0x0
gethostbyname 0x0 0xc41994 0x840c2c 0x79f42c 0x0
bind 0x0 0xc41998 0x840c30 0x79f430 0x0
closesocket 0x0 0xc4199c 0x840c34 0x79f434 0x0
inet_ntoa 0x0 0xc419a0 0x840c38 0x79f438 0x0
socket 0x0 0xc419a4 0x840c3c 0x79f43c 0x0
recv 0x0 0xc419a8 0x840c40 0x79f440 0x0
ioctlsocket 0x0 0xc419ac 0x840c44 0x79f444 0x0
WSAGetLastError 0x0 0xc419b0 0x840c48 0x79f448 0x0
connect 0x0 0xc419b4 0x840c4c 0x79f44c 0x0
inet_addr 0x0 0xc419b8 0x840c50 0x79f450 0x0
recvfrom 0x0 0xc419bc 0x840c54 0x79f454 0x0
sendto 0x0 0xc419c0 0x840c58 0x79f458 0x0
send 0x0 0xc419c4 0x840c5c 0x79f45c 0x0
ole32.dll (20)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleRegEnumVerbs 0x0 0xc419cc 0x840c64 0x79f464 0x0
IsAccelerator 0x0 0xc419d0 0x840c68 0x79f468 0x0
CoCreateInstance 0x0 0xc419d4 0x840c6c 0x79f46c 0x0
CoUninitialize 0x0 0xc419d8 0x840c70 0x79f470 0x0
IsEqualGUID 0x0 0xc419dc 0x840c74 0x79f474 0x0
CoLockObjectExternal 0x0 0xc419e0 0x840c78 0x79f478 0x0
CoFreeUnusedLibraries 0x0 0xc419e4 0x840c7c 0x79f47c 0x0
CreateStreamOnHGlobal 0x0 0xc419e8 0x840c80 0x79f480 0x0
OleInitialize 0x0 0xc419ec 0x840c84 0x79f484 0x0
ProgIDFromCLSID 0x0 0xc419f0 0x840c88 0x79f488 0x0
CLSIDFromProgID 0x0 0xc419f4 0x840c8c 0x79f48c 0x0
CoInitializeEx 0x0 0xc419f8 0x840c90 0x79f490 0x0
OleUninitialize 0x0 0xc419fc 0x840c94 0x79f494 0x0
CoGetClassObject 0x0 0xc41a00 0x840c98 0x79f498 0x0
CoInitialize 0x0 0xc41a04 0x840c9c 0x79f49c 0x0
CoTaskMemFree 0x0 0xc41a08 0x840ca0 0x79f4a0 0x0
OleDraw 0x0 0xc41a0c 0x840ca4 0x79f4a4 0x0
CoTaskMemAlloc 0x0 0xc41a10 0x840ca8 0x79f4a8 0x0
OleSetMenuDescriptor 0x0 0xc41a14 0x840cac 0x79f4ac 0x0
StringFromCLSID 0x0 0xc41a18 0x840cb0 0x79f4b0 0x0
gdi32.dll (143)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Pie 0x0 0xc41a20 0x840cb8 0x79f4b8 0x0
SetBkMode 0x0 0xc41a24 0x840cbc 0x79f4bc 0x0
TextOutA 0x0 0xc41a28 0x840cc0 0x79f4c0 0x0
CreateCompatibleBitmap 0x0 0xc41a2c 0x840cc4 0x79f4c4 0x0
CreatePolygonRgn 0x0 0xc41a30 0x840cc8 0x79f4c8 0x0
BeginPath 0x0 0xc41a34 0x840ccc 0x79f4cc 0x0
GetEnhMetaFileHeader 0x0 0xc41a38 0x840cd0 0x79f4d0 0x0
CloseEnhMetaFile 0x0 0xc41a3c 0x840cd4 0x79f4d4 0x0
RectVisible 0x0 0xc41a40 0x840cd8 0x79f4d8 0x0
AngleArc 0x0 0xc41a44 0x840cdc 0x79f4dc 0x0
ResizePalette 0x0 0xc41a48 0x840ce0 0x79f4e0 0x0
SetAbortProc 0x0 0xc41a4c 0x840ce4 0x79f4e4 0x0
SetTextColor 0x0 0xc41a50 0x840ce8 0x79f4e8 0x0
GetTextColor 0x0 0xc41a54 0x840cec 0x79f4ec 0x0
StretchBlt 0x0 0xc41a58 0x840cf0 0x79f4f0 0x0
PathToRegion 0x0 0xc41a5c 0x840cf4 0x79f4f4 0x0
CreateFontA 0x0 0xc41a60 0x840cf8 0x79f4f8 0x0
RoundRect 0x0 0xc41a64 0x840cfc 0x79f4fc 0x0
SelectClipRgn 0x0 0xc41a68 0x840d00 0x79f500 0x0
RectInRegion 0x0 0xc41a6c 0x840d04 0x79f504 0x0
RestoreDC 0x0 0xc41a70 0x840d08 0x79f508 0x0
SetRectRgn 0x0 0xc41a74 0x840d0c 0x79f50c 0x0
FillPath 0x0 0xc41a78 0x840d10 0x79f510 0x0
GetTextMetricsW 0x0 0xc41a7c 0x840d14 0x79f514 0x0
GetWindowOrgEx 0x0 0xc41a80 0x840d18 0x79f518 0x0
CreatePalette 0x0 0xc41a84 0x840d1c 0x79f51c 0x0
CreateDCW 0x0 0xc41a88 0x840d20 0x79f520 0x0
CreateICW 0x0 0xc41a8c 0x840d24 0x79f524 0x0
CreatePen 0x0 0xc41a90 0x840d28 0x79f528 0x0
PolyBezierTo 0x0 0xc41a94 0x840d2c 0x79f52c 0x0
FillRgn 0x0 0xc41a98 0x840d30 0x79f530 0x0
GetStockObject 0x0 0xc41a9c 0x840d34 0x79f534 0x0
CreateSolidBrush 0x0 0xc41aa0 0x840d38 0x79f538 0x0
GetBkMode 0x0 0xc41aa4 0x840d3c 0x79f53c 0x0
Polygon 0x0 0xc41aa8 0x840d40 0x79f540 0x0
MoveToEx 0x0 0xc41aac 0x840d44 0x79f544 0x0
PlayEnhMetaFile 0x0 0xc41ab0 0x840d48 0x79f548 0x0
Ellipse 0x0 0xc41ab4 0x840d4c 0x79f54c 0x0
StartPage 0x0 0xc41ab8 0x840d50 0x79f550 0x0
GetBitmapBits 0x0 0xc41abc 0x840d54 0x79f554 0x0
GetTextExtentPoint32A 0x0 0xc41ac0 0x840d58 0x79f558 0x0
StartDocW 0x0 0xc41ac4 0x840d5c 0x79f55c 0x0
AbortDoc 0x0 0xc41ac8 0x840d60 0x79f560 0x0
GetSystemPaletteEntries 0x0 0xc41acc 0x840d64 0x79f564 0x0
GetEnhMetaFileBits 0x0 0xc41ad0 0x840d68 0x79f568 0x0
CreatePenIndirect 0x0 0xc41ad4 0x840d6c 0x79f56c 0x0
GetEnhMetaFilePaletteEntries 0x0 0xc41ad8 0x840d70 0x79f570 0x0
SetMapMode 0x0 0xc41adc 0x840d74 0x79f574 0x0
CreateFontIndirectW 0x0 0xc41ae0 0x840d78 0x79f578 0x0
PolyBezier 0x0 0xc41ae4 0x840d7c 0x79f57c 0x0
LPtoDP 0x0 0xc41ae8 0x840d80 0x79f580 0x0
GetNearestColor 0x0 0xc41aec 0x840d84 0x79f584 0x0
EndDoc 0x0 0xc41af0 0x840d88 0x79f588 0x0
GetObjectW 0x0 0xc41af4 0x840d8c 0x79f58c 0x0
GetCurrentObject 0x0 0xc41af8 0x840d90 0x79f590 0x0
GetWinMetaFileBits 0x0 0xc41afc 0x840d94 0x79f594 0x0
SetROP2 0x0 0xc41b00 0x840d98 0x79f598 0x0
GetTextExtentExPointW 0x0 0xc41b04 0x840d9c 0x79f59c 0x0
GetROP2 0x0 0xc41b08 0x840da0 0x79f5a0 0x0
PtVisible 0x0 0xc41b0c 0x840da4 0x79f5a4 0x0
GetEnhMetaFileDescriptionW 0x0 0xc41b10 0x840da8 0x79f5a8 0x0
ArcTo 0x0 0xc41b14 0x840dac 0x79f5ac 0x0
GetTextFaceA 0x0 0xc41b18 0x840db0 0x79f5b0 0x0
CreateEnhMetaFileW 0x0 0xc41b1c 0x840db4 0x79f5b4 0x0
Arc 0x0 0xc41b20 0x840db8 0x79f5b8 0x0
CreateRectRgnIndirect 0x0 0xc41b24 0x840dbc 0x79f5bc 0x0
TextOutW 0x0 0xc41b28 0x840dc0 0x79f5c0 0x0
SelectPalette 0x0 0xc41b2c 0x840dc4 0x79f5c4 0x0
SetGraphicsMode 0x0 0xc41b30 0x840dc8 0x79f5c8 0x0
ExcludeClipRect 0x0 0xc41b34 0x840dcc 0x79f5cc 0x0
SetWindowOrgEx 0x0 0xc41b38 0x840dd0 0x79f5d0 0x0
MaskBlt 0x0 0xc41b3c 0x840dd4 0x79f5d4 0x0
CreatePatternBrush 0x0 0xc41b40 0x840dd8 0x79f5d8 0x0
EndPage 0x0 0xc41b44 0x840ddc 0x79f5dc 0x0
EndPath 0x0 0xc41b48 0x840de0 0x79f5e0 0x0
EqualRgn 0x0 0xc41b4c 0x840de4 0x79f5e4 0x0
DeleteEnhMetaFile 0x0 0xc41b50 0x840de8 0x79f5e8 0x0
Chord 0x0 0xc41b54 0x840dec 0x79f5ec 0x0
SetDIBits 0x0 0xc41b58 0x840df0 0x79f5f0 0x0
SetViewportOrgEx 0x0 0xc41b5c 0x840df4 0x79f5f4 0x0
GetViewportOrgEx 0x0 0xc41b60 0x840df8 0x79f5f8 0x0
CreateRectRgn 0x0 0xc41b64 0x840dfc 0x79f5fc 0x0
RealizePalette 0x0 0xc41b68 0x840e00 0x79f600 0x0
CreateFontW 0x0 0xc41b6c 0x840e04 0x79f604 0x0
SetDIBColorTable 0x0 0xc41b70 0x840e08 0x79f608 0x0
GetDIBColorTable 0x0 0xc41b74 0x840e0c 0x79f60c 0x0
CreateBrushIndirect 0x0 0xc41b78 0x840e10 0x79f610 0x0
PatBlt 0x0 0xc41b7c 0x840e14 0x79f614 0x0
SetEnhMetaFileBits 0x0 0xc41b80 0x840e18 0x79f618 0x0
CreateEllipticRgn 0x0 0xc41b84 0x840e1c 0x79f61c 0x0
Rectangle 0x0 0xc41b88 0x840e20 0x79f620 0x0
DeleteDC 0x0 0xc41b8c 0x840e24 0x79f624 0x0
SaveDC 0x0 0xc41b90 0x840e28 0x79f628 0x0
BitBlt 0x0 0xc41b94 0x840e2c 0x79f62c 0x0
SetWorldTransform 0x0 0xc41b98 0x840e30 0x79f630 0x0
FrameRgn 0x0 0xc41b9c 0x840e34 0x79f634 0x0
GetDeviceCaps 0x0 0xc41ba0 0x840e38 0x79f638 0x0
GetTextExtentPoint32W 0x0 0xc41ba4 0x840e3c 0x79f63c 0x0
PtInRegion 0x0 0xc41ba8 0x840e40 0x79f640 0x0
GetClipBox 0x0 0xc41bac 0x840e44 0x79f644 0x0
GetClipRgn 0x0 0xc41bb0 0x840e48 0x79f648 0x0
Polyline 0x0 0xc41bb4 0x840e4c 0x79f64c 0x0
StartDocA 0x0 0xc41bb8 0x840e50 0x79f650 0x0
IntersectClipRect 0x0 0xc41bbc 0x840e54 0x79f654 0x0
CombineTransform 0x0 0xc41bc0 0x840e58 0x79f658 0x0
CreateBitmap 0x0 0xc41bc4 0x840e5c 0x79f65c 0x0
CombineRgn 0x0 0xc41bc8 0x840e60 0x79f660 0x0
SetWinMetaFileBits 0x0 0xc41bcc 0x840e64 0x79f664 0x0
CreateDIBitmap 0x0 0xc41bd0 0x840e68 0x79f668 0x0
GetStretchBltMode 0x0 0xc41bd4 0x840e6c 0x79f66c 0x0
CreateDIBSection 0x0 0xc41bd8 0x840e70 0x79f670 0x0
SetStretchBltMode 0x0 0xc41bdc 0x840e74 0x79f674 0x0
GetDIBits 0x0 0xc41be0 0x840e78 0x79f678 0x0
ExtCreateRegion 0x0 0xc41be4 0x840e7c 0x79f67c 0x0
LineTo 0x0 0xc41be8 0x840e80 0x79f680 0x0
GetRgnBox 0x0 0xc41bec 0x840e84 0x79f684 0x0
EnumFontsW 0x0 0xc41bf0 0x840e88 0x79f688 0x0
CreateHalftonePalette 0x0 0xc41bf4 0x840e8c 0x79f68c 0x0
DeleteObject 0x0 0xc41bf8 0x840e90 0x79f690 0x0
SelectObject 0x0 0xc41bfc 0x840e94 0x79f694 0x0
ExtFloodFill 0x0 0xc41c00 0x840e98 0x79f698 0x0
UnrealizeObject 0x0 0xc41c04 0x840e9c 0x79f69c 0x0
CopyEnhMetaFileW 0x0 0xc41c08 0x840ea0 0x79f6a0 0x0
OffsetRgn 0x0 0xc41c0c 0x840ea4 0x79f6a4 0x0
SetBkColor 0x0 0xc41c10 0x840ea8 0x79f6a8 0x0
CreateCompatibleDC 0x0 0xc41c14 0x840eac 0x79f6ac 0x0
GetObjectA 0x0 0xc41c18 0x840eb0 0x79f6b0 0x0
GetBrushOrgEx 0x0 0xc41c1c 0x840eb4 0x79f6b4 0x0
GetCurrentPositionEx 0x0 0xc41c20 0x840eb8 0x79f6b8 0x0
GetNearestPaletteIndex 0x0 0xc41c24 0x840ebc 0x79f6bc 0x0
SetTextAlign 0x0 0xc41c28 0x840ec0 0x79f6c0 0x0
GetTextAlign 0x0 0xc41c2c 0x840ec4 0x79f6c4 0x0
CreateRoundRectRgn 0x0 0xc41c30 0x840ec8 0x79f6c8 0x0
GetTextExtentPointW 0x0 0xc41c34 0x840ecc 0x79f6cc 0x0
ExtTextOutW 0x0 0xc41c38 0x840ed0 0x79f6d0 0x0
SetBrushOrgEx 0x0 0xc41c3c 0x840ed4 0x79f6d4 0x0
GetPixel 0x0 0xc41c40 0x840ed8 0x79f6d8 0x0
GdiFlush 0x0 0xc41c44 0x840edc 0x79f6dc 0x0
SetPixel 0x0 0xc41c48 0x840ee0 0x79f6e0 0x0
EnumFontFamiliesExW 0x0 0xc41c4c 0x840ee4 0x79f6e4 0x0
StretchDIBits 0x0 0xc41c50 0x840ee8 0x79f6e8 0x0
WidenPath 0x0 0xc41c54 0x840eec 0x79f6ec 0x0
GetPaletteEntries 0x0 0xc41c58 0x840ef0 0x79f6f0 0x0
Exports (4)
»
Api name EAT Address Ordinal
TMethodImplementationIntercept 0xde828 0x4
__dbk_fcall_wrapper 0x11f78 0x2
dbkFCallWrapperAddr 0x7a4630 0x1
madTraceProcess 0xb143c 0x3
Icons (1)
»
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\Windows\Installer\30dea.ipi Created File Unknown
Not Queried
...
»
Mime Type application/CDFV2-unknown
File Size 24.00 KB
MD5 d802ddd04a850b75448fd86eb3d729ba Copy to Clipboard
SHA1 5a4da634628525a22eb0fcd1f2502bcbf02c810a Copy to Clipboard
SHA256 4962ce82cf9563a9ff984c00e8058f16acab7faf9a35be1b1ca6672328e70fa9 Copy to Clipboard
SSDeep 96:1URykWhDeto5aMTXkXiXxfrLtySjqlCMTXkXiXxfrL6m:18aC25Xfjqls Copy to Clipboard
C:\inst_fold\armwake.lnk Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 0.67 KB
MD5 cf958df8cf3bc7cbfdb0d49b40a8b972 Copy to Clipboard
SHA1 7f7c6e90b12ae01309b88f91efd6499ed67cf7c3 Copy to Clipboard
SHA256 bc68e8a098137aae47c7a602ada1ba612df4d628ccb0db8fe155df2557769fcb Copy to Clipboard
SSDeep 12:81SS+csIXKRlUPUa/YQvBJjA+TekQABdEHQv8p:81SBx8PUa/Nv7AEekQArWQv8p Copy to Clipboard
c:\windows\tasks\{de4c87a4-56df-40f2-bf3b-9314f5f8610b}.job Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 1.30 KB
MD5 6d2953aecb9fbe84dc91348d2fa4b0dc Copy to Clipboard
SHA1 32eca5d0f4c2ad3aa59a99fe4391f0a1b4120923 Copy to Clipboard
SHA256 076f5bd18aa1da33b7bce288ac15639132c1609bccfd8b523cf7095394f71e36 Copy to Clipboard
SSDeep 24:dI+IftIxh1nDP52kl7VR+DP2eSypUWDSqIxSfLI3ipV5+dzON:CftIVnToGp0TxphdIgDI3SqdzO Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Japanese.lg Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 42.14 KB
MD5 58319662af8f62390737c9df99f23dba Copy to Clipboard
SHA1 19d0549605e76343555a3486aac9b072fe47e878 Copy to Clipboard
SHA256 4df73b25972b4388f2ffe70b88d4cfc739aed58dc0a72163b96cd407eb8d4388 Copy to Clipboard
SSDeep 384:FOcgi7ScbYvKxPLpAgwCMH9yL/VcdnQZfGl/8gUeFmNyEQvxQpdX2vSV:llQKxTpAgcIu4f8UeLqV Copy to Clipboard
C:\Program Files\Remote Utilities - Host\English.lg Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 52.83 KB
MD5 6396e5ade56e4f45c4f59ca210385f58 Copy to Clipboard
SHA1 88f8778e8f960001ee558255e22418d8ea17446a Copy to Clipboard
SHA256 fe57254a0c2a3593d618bea7d43074c7b637ec3021f0b51073c0d95f65bae882 Copy to Clipboard
SSDeep 384:bKrZjali4EH/1NesnYQ90NfOgisWZBAosFwmlefDYsOsFPJjs1TqjB:e22TZGvlefH7x Copy to Clipboard
C:\inst_fold\armstatus.bat Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 0.76 KB
MD5 e85383ce681bf253025cc35d74e4c97e Copy to Clipboard
SHA1 aa0dbec35fbc4fd6e2530607f3dae0e6c2bd55cb Copy to Clipboard
SHA256 fce121b3b55141f85c1004b11776daf0b9c1d226dbe5163927c26fe0e27204e1 Copy to Clipboard
SSDeep 12:j24zsRMT0y0xZrWl6gow6uaJImzODjVaRMT0y0xZr12dEYc02kndHJ:l4MaMQtLbFaD8MajsEYmkD Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Spanish.lg Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 54.96 KB
MD5 542fb52c74f0f92c5cbe734cf75145b5 Copy to Clipboard
SHA1 6bca28849913bf4f61b3d48791737a00f9718ee7 Copy to Clipboard
SHA256 c157ce11631f26462c764bab24b0700f019a2213b36a92002d886d156afa7b03 Copy to Clipboard
SSDeep 384:VLBpSitsBwgxNMJN44gwUnz4j9U+u/ISQh1kSXZC1Zt/bqdDEp9lg0yBrJFuZj6P:FNPaNfWNJcZqwGCYO3S Copy to Clipboard
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\collecting.jpg Created File Image
Not Queried
...
»
Mime Type image/jpeg
File Size 1.75 KB
MD5 9a740549bd117bc16f6acb8d884604d2 Copy to Clipboard
SHA1 da20e48acde3a7097f8335541de40fe94c600e0a Copy to Clipboard
SHA256 0daed44a8e14750614afda54781621d400fed0d2ecee9a4a402f5964d3cd3f5a Copy to Clipboard
SSDeep 48:HJ7nCZOg1kIkRxgPueOXK1HRiVdqx+qZ/FkUD:HJjCR1wiOXK1xMqxEUD Copy to Clipboard
C:\Users\EEBsYm5\AppData\Local\Temp\7ZipSfx.000\host6.8_unsigned.msi Created File Unknown
Not Queried
...
»
Mime Type application/CDFV2-unknown
File Size 9.25 MB
MD5 d5e65d9a0bdbae81a53c7529d8d84ebe Copy to Clipboard
SHA1 0ded26345926faf919f9c8985e8b7b9f8e9c1b93 Copy to Clipboard
SHA256 a15c9de7714dda314144535bb4d3eb34ab240bfaeaae9a7b755a2211e2d96b68 Copy to Clipboard
SSDeep 196608:7J5BzfEU0vFR51DupvqzsuvoYuFZnERejnTamopOYDmWM2:tHkvF3cpvMiVF9HoOYDw2 Copy to Clipboard
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aicustact.dll Created File Binary
Not Queried
...
»
Also Known As c:\users\eebsym5\appdata\local\temp\msic9e4.tmp (Created File)
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\aicustact.dll (Created File)
c:\users\eebsym5\appdata\local\temp\msicf22.tmp (Created File)
C:\Windows\Installer\MSI14E6.tmp (Created File)
Mime Type application/x-dosexec
File Size 90.62 KB
MD5 6a9c36332255fca66c688c75aa68e1de Copy to Clipboard
SHA1 2a03e2a5e6a8d9e2b0cfb4e2cc1923d9c08578c1 Copy to Clipboard
SHA256 7b7ebada5da99a20c44eaf77e6d673985da42d9b7cb4f5e4235b7579581ae170 Copy to Clipboard
SSDeep 1536:pysRX1fpScTNumPTXhMw+m3/3Uw5VJdK5KviuWyVstdEpH:jXtpSchuqP3Z5VJZVDp Copy to Clipboard
ImpHash 231c071429367723c9ac790e87dcf614 Copy to Clipboard
PE Information
»
Image Base 0x10000000
Entry Point 0x1000da55
Size Of Code 0xd200
Size Of Initialized Data 0x8200
File Type dll
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2014-11-11 09:47:51+00:00
Version Information (8)
»
LegalCopyright (c) Caphyon LTD. All rights reserved.
InternalName AICustAct.dll
FileVersion 11.6.2.0
CompanyName Caphyon LTD
ProductName Advanced Installer
ProductVersion 11.6.2.0
FileDescription Various custom actions
OriginalFilename AICustAct.dll
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0xd029 0xd200 0x400 cnt_code, mem_execute, mem_read 6.38
.rdata 0x1000f000 0x68e8 0x6a00 0xd600 cnt_initialized_data, mem_read 4.07
.data 0x10016000 0x271 0x400 0x14000 cnt_initialized_data, mem_read, mem_write 3.23
.rsrc 0x10017000 0x50c 0x600 0x14400 cnt_initialized_data, mem_read 4.48
.reloc 0x10018000 0xd82 0xe00 0x14a00 cnt_initialized_data, mem_discardable, mem_read 5.87
Imports (6)
»
msi.dll (37)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x46 0x1000f134 0x14b14 0x13114 -
(by ordinal) 0x72 0x1000f138 0x14b18 0x13118 -
(by ordinal) 0x78 0x1000f13c 0x14b1c 0x1311c -
(by ordinal) 0x7c 0x1000f140 0x14b20 0x13120 -
(by ordinal) 0x1a 0x1000f144 0x14b24 0x13124 -
(by ordinal) 0x30 0x1000f148 0x14b28 0x13128 -
(by ordinal) 0x93 0x1000f14c 0x14b2c 0x1312c -
(by ordinal) 0x91 0x1000f150 0x14b30 0x13130 -
(by ordinal) 0x76 0x1000f154 0x14b34 0x13134 -
(by ordinal) 0x67 0x1000f158 0x14b38 0x13138 -
(by ordinal) 0xab 0x1000f15c 0x14b3c 0x1313c -
(by ordinal) 0xa3 0x1000f160 0x14b40 0x13140 -
(by ordinal) 0x79 0x1000f164 0x14b44 0x13144 -
(by ordinal) 0x7d 0x1000f168 0x14b48 0x13148 -
(by ordinal) 0x11 0x1000f16c 0x14b4c 0x1314c -
(by ordinal) 0x2f 0x1000f170 0x14b50 0x13150 -
(by ordinal) 0x9e 0x1000f174 0x14b54 0x13154 -
(by ordinal) 0x14 0x1000f178 0x14b58 0x13158 -
(by ordinal) 0x49 0x1000f17c 0x14b5c 0x1315c -
(by ordinal) 0x75 0x1000f180 0x14b60 0x13160 -
(by ordinal) 0x33 0x1000f184 0x14b64 0x13164 -
(by ordinal) 0xdd 0x1000f188 0x14b68 0x13168 -
(by ordinal) 0x74 0x1000f18c 0x14b6c 0x1316c -
(by ordinal) 0x8b 0x1000f190 0x14b70 0x13170 -
(by ordinal) 0x3a 0x1000f194 0x14b74 0x13174 -
(by ordinal) 0xcd 0x1000f198 0x14b78 0x13178 -
(by ordinal) 0x71 0x1000f19c 0x14b7c 0x1317c -
(by ordinal) 0xbe 0x1000f1a0 0x14b80 0x13180 -
(by ordinal) 0x90 0x1000f1a4 0x14b84 0x13184 -
(by ordinal) 0x22 0x1000f1a8 0x14b88 0x13188 -
(by ordinal) 0xa0 0x1000f1ac 0x14b8c 0x1318c -
(by ordinal) 0x9f 0x1000f1b0 0x14b90 0x13190 -
(by ordinal) 0xa5 0x1000f1b4 0x14b94 0x13194 -
(by ordinal) 0x20 0x1000f1b8 0x14b98 0x13198 -
(by ordinal) 0x31 0x1000f1bc 0x14b9c 0x1319c -
(by ordinal) 0x8 0x1000f1c0 0x14ba0 0x131a0 -
(by ordinal) 0x4a 0x1000f1c4 0x14ba4 0x131a4 -
KERNEL32.dll (56)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InterlockedExchange 0x0 0x1000f010 0x149f0 0x12ff0 0x2ec
GetTickCount 0x0 0x1000f014 0x149f4 0x12ff4 0x293
SetEndOfFile 0x0 0x1000f018 0x149f8 0x12ff8 0x453
TerminateProcess 0x0 0x1000f01c 0x149fc 0x12ffc 0x4c0
OpenProcess 0x0 0x1000f020 0x14a00 0x13000 0x380
FreeLibrary 0x0 0x1000f024 0x14a04 0x13004 0x162
HeapFree 0x0 0x1000f028 0x14a08 0x13008 0x2cf
GetProcessHeap 0x0 0x1000f02c 0x14a0c 0x1300c 0x24a
HeapAlloc 0x0 0x1000f030 0x14a10 0x13010 0x2cb
SetLastError 0x0 0x1000f034 0x14a14 0x13014 0x473
OpenMutexW 0x0 0x1000f038 0x14a18 0x13018 0x37d
ExpandEnvironmentStringsW 0x0 0x1000f03c 0x14a1c 0x1301c 0x11d
GetDiskFreeSpaceW 0x0 0x1000f040 0x14a20 0x13020 0x1cf
FindClose 0x0 0x1000f044 0x14a24 0x13024 0x12e
LoadLibraryA 0x0 0x1000f048 0x14a28 0x13028 0x33c
FindNextFileA 0x0 0x1000f04c 0x14a2c 0x1302c 0x143
FindNextFileW 0x0 0x1000f050 0x14a30 0x13030 0x145
FindFirstFileA 0x0 0x1000f054 0x14a34 0x13034 0x132
FindFirstFileW 0x0 0x1000f058 0x14a38 0x13038 0x139
RemoveDirectoryW 0x0 0x1000f05c 0x14a3c 0x1303c 0x403
lstrcatW 0x0 0x1000f060 0x14a40 0x13040 0x53f
lstrcpyW 0x0 0x1000f064 0x14a44 0x13044 0x548
lstrcpynW 0x0 0x1000f068 0x14a48 0x13048 0x54b
GetLocaleInfoW 0x0 0x1000f06c 0x14a4c 0x1304c 0x206
Sleep 0x0 0x1000f070 0x14a50 0x13050 0x4b2
GetModuleHandleW 0x0 0x1000f074 0x14a54 0x13054 0x218
GetLastError 0x0 0x1000f078 0x14a58 0x13058 0x202
WriteFile 0x0 0x1000f07c 0x14a5c 0x1305c 0x525
SetFilePointer 0x0 0x1000f080 0x14a60 0x13060 0x466
ReadFile 0x0 0x1000f084 0x14a64 0x13064 0x3c0
GetExitCodeProcess 0x0 0x1000f088 0x14a68 0x13068 0x1df
lstrcmpiW 0x0 0x1000f08c 0x14a6c 0x1306c 0x545
DeleteFileA 0x0 0x1000f090 0x14a70 0x13070 0xd3
GetCurrentProcess 0x0 0x1000f094 0x14a74 0x13074 0x1c0
LocalAlloc 0x0 0x1000f098 0x14a78 0x13078 0x344
LocalFree 0x0 0x1000f09c 0x14a7c 0x1307c 0x348
WideCharToMultiByte 0x0 0x1000f0a0 0x14a80 0x13080 0x511
lstrlenW 0x0 0x1000f0a4 0x14a84 0x13084 0x54e
GetVersionExW 0x0 0x1000f0a8 0x14a88 0x13088 0x2a4
LoadLibraryW 0x0 0x1000f0ac 0x14a8c 0x1308c 0x33f
GetProcAddress 0x0 0x1000f0b0 0x14a90 0x13090 0x245
lstrcmpW 0x0 0x1000f0b4 0x14a94 0x13094 0x542
GetTempPathW 0x0 0x1000f0b8 0x14a98 0x13098 0x285
GetTempFileNameW 0x0 0x1000f0bc 0x14a9c 0x1309c 0x283
CreateFileW 0x0 0x1000f0c0 0x14aa0 0x130a0 0x8f
GetTempPathA 0x0 0x1000f0c4 0x14aa4 0x130a4 0x284
GetTempFileNameA 0x0 0x1000f0c8 0x14aa8 0x130a8 0x282
CreateFileA 0x0 0x1000f0cc 0x14aac 0x130ac 0x88
DuplicateHandle 0x0 0x1000f0d0 0x14ab0 0x130b0 0xe8
GetStdHandle 0x0 0x1000f0d4 0x14ab4 0x130b4 0x264
CreateProcessW 0x0 0x1000f0d8 0x14ab8 0x130b8 0xa8
CreateProcessA 0x0 0x1000f0dc 0x14abc 0x130bc 0xa4
DeleteFileW 0x0 0x1000f0e0 0x14ac0 0x130c0 0xd6
RaiseException 0x0 0x1000f0e4 0x14ac4 0x130c4 0x3b1
WaitForSingleObject 0x0 0x1000f0e8 0x14ac8 0x130c8 0x4f9
CloseHandle 0x0 0x1000f0ec 0x14acc 0x130cc 0x52
USER32.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IsWindow 0x0 0x1000f0f4 0x14ad4 0x130d4 0x1db
GetWindowTextW 0x0 0x1000f0f8 0x14ad8 0x130d8 0x1a3
GetDesktopWindow 0x0 0x1000f0fc 0x14adc 0x130dc 0x123
GetDC 0x0 0x1000f100 0x14ae0 0x130e0 0x121
BringWindowToTop 0x0 0x1000f104 0x14ae4 0x130e4 0x10
EnumWindows 0x0 0x1000f108 0x14ae8 0x130e8 0xf2
GetWindowThreadProcessId 0x0 0x1000f10c 0x14aec 0x130ec 0x1a4
GetWindowLongW 0x0 0x1000f110 0x14af0 0x130f0 0x196
GetForegroundWindow 0x0 0x1000f114 0x14af4 0x130f4 0x12d
MessageBoxW 0x0 0x1000f118 0x14af8 0x130f8 0x215
EnumChildWindows 0x0 0x1000f11c 0x14afc 0x130fc 0xdf
SendMessageW 0x0 0x1000f120 0x14b00 0x13100 0x27c
GetClassNameW 0x0 0x1000f124 0x14b04 0x13104 0x112
wsprintfW 0x0 0x1000f128 0x14b08 0x13108 0x333
PostMessageW 0x0 0x1000f12c 0x14b0c 0x1310c 0x236
GDI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetDeviceCaps 0x0 0x1000f008 0x149e8 0x12fe8 0x1cb
COMDLG32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetOpenFileNameW 0x0 0x1000f000 0x149e0 0x12fe0 0xc
ole32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoUninitialize 0x0 0x1000f1cc 0x14bac 0x131ac 0x6c
CoInitialize 0x0 0x1000f1d0 0x14bb0 0x131b0 0x3e
CoCreateInstance 0x0 0x1000f1d4 0x14bb4 0x131b4 0x10
CoTaskMemFree 0x0 0x1000f1d8 0x14bb8 0x131b8 0x68
Exports (68)
»
Api name EAT Address Ordinal
AI_AuthorSinglePackage 0x3f20 0x1
AI_ResolveKnownFolders 0x9830 0x2
AI_SearchOfficeAddins 0x7630 0x3
ActiveInternetConnection 0x5ff9 0x4
AddCaspolSecurityPolicy 0x6038 0x5
BrowseForFile 0x78dc 0x6
CheckFreeTCPPort 0x6dd1 0x7
CheckIfUserExists 0xa715 0x8
ChooseTextStyles 0xcb2e 0x9
CloseApplication 0xb9cc 0xa
CollectFeaturesWithoutCab 0xcf42 0xb
ComputeReplaceProductsList 0x4e49 0xc
ConfigureServFailActions 0x1285 0xd
CreateExeProcess 0xbc07 0xe
DeleteEmptyDirectory 0x5989 0xf
DeleteFromComboBox 0x8003 0x10
DeleteFromListBox 0x8046 0x11
DeleteShortcuts 0x5844 0x12
DetectProcess 0xbe04 0x13
DetectService 0xbe28 0x14
DisableFeatures 0xced5 0x15
DoEvents 0x9410 0x16
DpiContentScale 0x8e05 0x17
EnumStartedServices 0xbf38 0x18
ExtractComboBoxData 0x8089 0x19
ExtractListBoxData 0x80cc 0x1a
GetArpIconPath 0x694f 0x1b
GetFreeTCPPort 0x6c56 0x1c
GetLocalizedCredentials 0xa90b 0x1d
GetPathFreeSpace 0x6f22 0x1e
GetVideoMemory 0xa136 0x1f
IsRunningOnVM 0x5193 0x20
JoinFiles 0xc618 0x21
LaunchApp 0x3da8 0x22
LaunchLogFile 0x3db8 0x23
LoadShortcutDirs 0x59c8 0x24
LogOnAsAService 0xc2a6 0x25
MixedAllUsersInstallLocation 0xd76b 0x26
MsgBox 0x709d 0x27
MsmTrialMessage 0x3ad8 0x28
PlayAudioFile 0x9cfd 0x29
PopulateComboBox 0x7f7d 0x2a
PopulateListBox 0x7fc0 0x2b
PrepareUpgrade 0x50c1 0x2c
PreserveInstallType 0x9b2a 0x2d
PreventInstancesUpgrade 0xc7fe 0x2e
PrintRTF 0x5c75 0x2f
ProcessFailActions 0x13ac 0x30
RemoveCaspolSecurityPolicy 0x623e 0x31
RequiredJdkExists 0x7e84 0x32
RequiredJreExists 0x7d8b 0x33
ResolveKnownFolder 0x9823 0x34
ResolveServiceProperties 0xc244 0x35
RestoreLocation 0x47ac 0x36
RunAllExitActions 0x900d 0x37
RunAsAdmin 0x3e8c 0x38
RunFinishActions 0x8ee5 0x39
SetLatestVersionPath 0x771f 0x3a
StopProcess 0xbe16 0x3b
StopWinService 0xc4e2 0x3c
TrialMessage 0x3ac3 0x3d
UninstallPreviousVersions 0x9bbe 0x3e
UpdateFeatureStates 0xd62f 0x3f
UpdateInstallMode 0x94d7 0x40
UpdateMsiEditControls 0x94c1 0x41
ValidateInstallFolder 0x9919 0x42
ViewReadMe 0x3d98 0x43
WarningMessageBox 0x7000 0x44
Digital Signatures (2)
»
Certificate: Caphyon SRL
»
Issued by Caphyon SRL
Parent Certificate Thawte Code Signing CA - G2
Country Name RO
Valid From 2013-01-30 00:00:00+00:00
Valid Until 2015-01-30 23:59:59+00:00
Algorithm sha1_rsa
Serial Number 5A B5 35 B2 74 9E 24 2E 6D 6B CD E3 14 2D 28 31
Thumbprint EA 1D 11 FA C7 0A A8 06 1C FB 7D 7A E4 AC C3 E9 3F 4C 9B FB
Certificate: Thawte Code Signing CA - G2
»
Issued by Thawte Code Signing CA - G2
Country Name US
Valid From 2010-02-08 00:00:00+00:00
Valid Until 2020-02-07 23:59:59+00:00
Algorithm sha1_rsa
Serial Number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
Thumbprint 80 8D 62 64 2B 7D 1C 4A 9A 83 FD 66 7F 7A 2A 9D 24 3F B1 C7
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Prereq.dll Created File Binary
Not Queried
...
»
Also Known As c:\users\eebsym5\appdata\local\temp\msiecb1.tmp (Created File)
C:\Windows\Installer\MSI1832.tmp (Created File)
C:\Windows\Installer\MSI1F07.tmp (Created File)
Mime Type application/x-dosexec
File Size 295.12 KB
MD5 b831569a917e0e543fccdf3672c7a10e Copy to Clipboard
SHA1 df1e395dc41ab8d1ae9401e4d2181fdfa24623cd Copy to Clipboard
SHA256 e2d7938bea1174359bac78d610678ba586db58fab70901ba287623560a9a9fe6 Copy to Clipboard
SSDeep 6144:InoEknCuM9Rhyj06nqdsbEsE/Cl3xo4hTUR/b8+:IoEknjM9Ren1bEsEKl3xonRD8+ Copy to Clipboard
ImpHash 0d2f797c578e26f48b3ba36fd41fd0d1 Copy to Clipboard
PE Information
»
Image Base 0x10000000
Entry Point 0x10022b14
Size Of Code 0x33600
Size Of Initialized Data 0x15000
File Type dll
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2014-11-11 09:54:11+00:00
Version Information (8)
»
LegalCopyright (c) Caphyon LTD. All rights reserved.
InternalName Prereq.dll
FileVersion 11.6.2.0
CompanyName Caphyon LTD
ProductName Advanced Installer
ProductVersion 11.6.2.0
FileDescription Custom action that installs feature-based prerequisites
OriginalFilename Prereq.dll
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x33484 0x33600 0x400 cnt_code, mem_execute, mem_read 6.59
.rdata 0x10035000 0xce1b 0xd000 0x33a00 cnt_initialized_data, mem_read 4.62
.data 0x10042000 0x40fc 0x2000 0x40a00 cnt_initialized_data, mem_read, mem_write 4.15
.rsrc 0x10047000 0x544 0x600 0x42a00 cnt_initialized_data, mem_read 4.43
.reloc 0x10048000 0x593a 0x5a00 0x43000 cnt_initialized_data, mem_discardable, mem_read 4.1
Imports (9)
»
msi.dll (32)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x11 0x100352b8 0x40fc4 0x3f9c4 -
(by ordinal) 0x8 0x100352bc 0x40fc8 0x3f9c8 -
(by ordinal) 0x91 0x100352c0 0x40fcc 0x3f9cc -
(by ordinal) 0x67 0x100352c4 0x40fd0 0x3f9d0 -
(by ordinal) 0x7d 0x100352c8 0x40fd4 0x3f9d4 -
(by ordinal) 0x2f 0x100352cc 0x40fd8 0x3f9d8 -
(by ordinal) 0x5a 0x100352d0 0x40fdc 0x3f9dc -
(by ordinal) 0x46 0x100352d4 0x40fe0 0x3f9e0 -
(by ordinal) 0x79 0x100352d8 0x40fe4 0x3f9e4 -
(by ordinal) 0x20 0x100352dc 0x40fe8 0x3f9e8 -
(by ordinal) 0x40 0x100352e0 0x40fec 0x3f9ec -
(by ordinal) 0x74 0x100352e4 0x40ff0 0x3f9f0 -
(by ordinal) 0x76 0x100352e8 0x40ff4 0x3f9f4 -
(by ordinal) 0x73 0x100352ec 0x40ff8 0x3f9f8 -
(by ordinal) 0xa6 0x100352f0 0x40ffc 0x3f9fc -
(by ordinal) 0x9f 0x100352f4 0x41000 0x3fa00 -
(by ordinal) 0xcd 0x100352f8 0x41004 0x3fa04 -
(by ordinal) 0x78 0x100352fc 0x41008 0x3fa08 -
(by ordinal) 0x72 0x10035300 0x4100c 0x3fa0c -
(by ordinal) 0xa0 0x10035304 0x41010 0x3fa10 -
(by ordinal) 0x4a 0x10035308 0x41014 0x3fa14 -
(by ordinal) 0xab 0x1003530c 0x41018 0x3fa18 -
(by ordinal) 0x9e 0x10035310 0x4101c 0x3fa1c -
(by ordinal) 0x34 0x10035314 0x41020 0x3fa20 -
(by ordinal) 0x22 0x10035318 0x41024 0x3fa24 -
(by ordinal) 0x31 0x1003531c 0x41028 0x3fa28 -
(by ordinal) 0x8c 0x10035320 0x4102c 0x3fa2c -
(by ordinal) 0x93 0x10035324 0x41030 0x3fa30 -
(by ordinal) 0x36 0x10035328 0x41034 0x3fa34 -
(by ordinal) 0x8b 0x1003532c 0x41038 0x3fa38 -
(by ordinal) 0x3a 0x10035330 0x4103c 0x3fa3c -
(by ordinal) 0x3e 0x10035334 0x41040 0x3fa40 -
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoSizeW 0x0 0x100352a8 0x40fb4 0x3f9b4 0x5
VerQueryValueW 0x0 0x100352ac 0x40fb8 0x3f9b8 0xe
GetFileVersionInfoW 0x0 0x100352b0 0x40fbc 0x3f9bc 0x6
KERNEL32.dll (126)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FindFirstFileW 0x0 0x10035064 0x40d70 0x3f770 0x139
SetLastError 0x0 0x10035068 0x40d74 0x3f774 0x473
GetProcAddress 0x0 0x1003506c 0x40d78 0x3f778 0x245
GetModuleHandleW 0x0 0x10035070 0x40d7c 0x3f77c 0x218
GetCurrentProcess 0x0 0x10035074 0x40d80 0x3f780 0x1c0
LoadLibraryW 0x0 0x10035078 0x40d84 0x3f784 0x33f
FreeLibrary 0x0 0x1003507c 0x40d88 0x3f788 0x162
GetLastError 0x0 0x10035080 0x40d8c 0x3f78c 0x202
GetSystemTime 0x0 0x10035084 0x40d90 0x3f790 0x277
CreateFileW 0x0 0x10035088 0x40d94 0x3f794 0x8f
GetFileSize 0x0 0x1003508c 0x40d98 0x3f798 0x1f0
CreateProcessW 0x0 0x10035090 0x40d9c 0x3f79c 0xa8
WaitForSingleObject 0x0 0x10035094 0x40da0 0x3f7a0 0x4f9
GetExitCodeProcess 0x0 0x10035098 0x40da4 0x3f7a4 0x1df
CloseHandle 0x0 0x1003509c 0x40da8 0x3f7a8 0x52
GetWindowsDirectoryW 0x0 0x100350a0 0x40dac 0x3f7ac 0x2af
ReadFile 0x0 0x100350a4 0x40db0 0x3f7b0 0x3c0
GetVersion 0x0 0x100350a8 0x40db4 0x3f7b4 0x2a2
GetVersionExW 0x0 0x100350ac 0x40db8 0x3f7b8 0x2a4
RaiseException 0x0 0x100350b0 0x40dbc 0x3f7bc 0x3b1
MultiByteToWideChar 0x0 0x100350b4 0x40dc0 0x3f7c0 0x367
WideCharToMultiByte 0x0 0x100350b8 0x40dc4 0x3f7c4 0x511
FormatMessageW 0x0 0x100350bc 0x40dc8 0x3f7c8 0x15e
GetTempPathW 0x0 0x100350c0 0x40dcc 0x3f7cc 0x285
GetTempFileNameW 0x0 0x100350c4 0x40dd0 0x3f7d0 0x283
DeleteFileW 0x0 0x100350c8 0x40dd4 0x3f7d4 0xd6
FindNextFileW 0x0 0x100350cc 0x40dd8 0x3f7d8 0x145
RemoveDirectoryW 0x0 0x100350d0 0x40ddc 0x3f7dc 0x403
CreateDirectoryW 0x0 0x100350d4 0x40de0 0x3f7e0 0x81
CopyFileW 0x0 0x100350d8 0x40de4 0x3f7e4 0x75
GetLogicalDriveStringsW 0x0 0x100350dc 0x40de8 0x3f7e8 0x208
GetDriveTypeW 0x0 0x100350e0 0x40dec 0x3f7ec 0x1d3
GetDiskFreeSpaceExW 0x0 0x100350e4 0x40df0 0x3f7f0 0x1ce
WriteFile 0x0 0x100350e8 0x40df4 0x3f7f4 0x525
GetEnvironmentVariableW 0x0 0x100350ec 0x40df8 0x3f7f8 0x1dc
GetSystemDirectoryW 0x0 0x100350f0 0x40dfc 0x3f7fc 0x270
GetModuleFileNameW 0x0 0x100350f4 0x40e00 0x3f800 0x214
GetExitCodeThread 0x0 0x100350f8 0x40e04 0x3f804 0x1e0
TerminateThread 0x0 0x100350fc 0x40e08 0x3f808 0x4c1
CreateThread 0x0 0x10035100 0x40e0c 0x3f80c 0xb5
CreateEventW 0x0 0x10035104 0x40e10 0x3f810 0x85
SetEvent 0x0 0x10035108 0x40e14 0x3f814 0x459
SetFilePointer 0x0 0x1003510c 0x40e18 0x3f818 0x466
MoveFileW 0x0 0x10035110 0x40e1c 0x3f81c 0x363
FindResourceExW 0x0 0x10035114 0x40e20 0x3f820 0x14d
FlushFileBuffers 0x0 0x10035118 0x40e24 0x3f824 0x157
ResetEvent 0x0 0x1003511c 0x40e28 0x3f828 0x40f
lstrcmpiW 0x0 0x10035120 0x40e2c 0x3f82c 0x545
CreateNamedPipeW 0x0 0x10035124 0x40e30 0x3f830 0xa0
ConnectNamedPipe 0x0 0x10035128 0x40e34 0x3f834 0x65
FindFirstFileA 0x0 0x1003512c 0x40e38 0x3f838 0x132
DeleteFileA 0x0 0x10035130 0x40e3c 0x3f83c 0xd3
SearchPathW 0x0 0x10035134 0x40e40 0x3f840 0x41d
lstrlenW 0x0 0x10035138 0x40e44 0x3f844 0x54e
LeaveCriticalSection 0x0 0x1003513c 0x40e48 0x3f848 0x339
EnterCriticalSection 0x0 0x10035140 0x40e4c 0x3f84c 0xee
LoadLibraryExW 0x0 0x10035144 0x40e50 0x3f850 0x33e
InitializeCriticalSection 0x0 0x10035148 0x40e54 0x3f854 0x2e2
DeleteCriticalSection 0x0 0x1003514c 0x40e58 0x3f858 0xd1
InterlockedDecrement 0x0 0x10035150 0x40e5c 0x3f85c 0x2eb
InterlockedIncrement 0x0 0x10035154 0x40e60 0x3f860 0x2ef
GetSystemDefaultLangID 0x0 0x10035158 0x40e64 0x3f864 0x26c
GetCurrentProcessId 0x0 0x1003515c 0x40e68 0x3f868 0x1c1
LocalFree 0x0 0x10035160 0x40e6c 0x3f86c 0x348
LocalAlloc 0x0 0x10035164 0x40e70 0x3f870 0x344
GetCurrentThreadId 0x0 0x10035168 0x40e74 0x3f874 0x1c5
GetLocalTime 0x0 0x1003516c 0x40e78 0x3f878 0x203
lstrcpynW 0x0 0x10035170 0x40e7c 0x3f87c 0x54b
CreateFileA 0x0 0x10035174 0x40e80 0x3f880 0x88
GetStdHandle 0x0 0x10035178 0x40e84 0x3f884 0x264
TerminateProcess 0x0 0x1003517c 0x40e88 0x3f888 0x4c0
GetProcessHeap 0x0 0x10035180 0x40e8c 0x3f88c 0x24a
HeapSize 0x0 0x10035184 0x40e90 0x3f890 0x2d4
HeapReAlloc 0x0 0x10035188 0x40e94 0x3f894 0x2d2
HeapFree 0x0 0x1003518c 0x40e98 0x3f898 0x2cf
HeapAlloc 0x0 0x10035190 0x40e9c 0x3f89c 0x2cb
HeapDestroy 0x0 0x10035194 0x40ea0 0x3f8a0 0x2ce
GetLocaleInfoA 0x0 0x10035198 0x40ea4 0x3f8a4 0x204
LoadLibraryA 0x0 0x1003519c 0x40ea8 0x3f8a8 0x33c
InterlockedExchange 0x0 0x100351a0 0x40eac 0x3f8ac 0x2ec
SetUnhandledExceptionFilter 0x0 0x100351a4 0x40eb0 0x3f8b0 0x4a5
IsDebuggerPresent 0x0 0x100351a8 0x40eb4 0x3f8b4 0x300
FindResourceW 0x0 0x100351ac 0x40eb8 0x3f8b8 0x14e
LockResource 0x0 0x100351b0 0x40ebc 0x3f8bc 0x354
LoadResource 0x0 0x100351b4 0x40ec0 0x3f8c0 0x341
SizeofResource 0x0 0x100351b8 0x40ec4 0x3f8c4 0x4b1
FindClose 0x0 0x100351bc 0x40ec8 0x3f8c8 0x12e
GetCPInfo 0x0 0x100351c0 0x40ecc 0x3f8cc 0x172
LCMapStringA 0x0 0x100351c4 0x40ed0 0x3f8d0 0x32b
GetStringTypeW 0x0 0x100351c8 0x40ed4 0x3f8d4 0x269
GetACP 0x0 0x100351cc 0x40ed8 0x3f8d8 0x168
GetOEMCP 0x0 0x100351d0 0x40edc 0x3f8dc 0x237
IsValidCodePage 0x0 0x100351d4 0x40ee0 0x3f8e0 0x30a
TlsGetValue 0x0 0x100351d8 0x40ee4 0x3f8e4 0x4c7
TlsAlloc 0x0 0x100351dc 0x40ee8 0x3f8e8 0x4c5
TlsSetValue 0x0 0x100351e0 0x40eec 0x3f8ec 0x4c8
TlsFree 0x0 0x100351e4 0x40ef0 0x3f8f0 0x4c6
HeapCreate 0x0 0x100351e8 0x40ef4 0x3f8f4 0x2cd
VirtualFree 0x0 0x100351ec 0x40ef8 0x3f8f8 0x4ec
VirtualAlloc 0x0 0x100351f0 0x40efc 0x3f8fc 0x4e9
ExitProcess 0x0 0x100351f4 0x40f00 0x3f900 0x119
GetModuleFileNameA 0x0 0x100351f8 0x40f04 0x3f904 0x213
SetHandleCount 0x0 0x100351fc 0x40f08 0x3f908 0x46f
GetFileType 0x0 0x10035200 0x40f0c 0x3f90c 0x1f3
GetStartupInfoA 0x0 0x10035204 0x40f10 0x3f910 0x262
FreeEnvironmentStringsA 0x0 0x10035208 0x40f14 0x3f914 0x160
GetEnvironmentStrings 0x0 0x1003520c 0x40f18 0x3f918 0x1d8
FreeEnvironmentStringsW 0x0 0x10035210 0x40f1c 0x3f91c 0x161
GetEnvironmentStringsW 0x0 0x10035214 0x40f20 0x3f920 0x1da
QueryPerformanceCounter 0x0 0x10035218 0x40f24 0x3f924 0x3a7
GetTickCount 0x0 0x1003521c 0x40f28 0x3f928 0x293
GetStringTypeA 0x0 0x10035220 0x40f2c 0x3f92c 0x266
GetModuleHandleA 0x0 0x10035224 0x40f30 0x3f930 0x215
InitializeCriticalSectionAndSpinCount 0x0 0x10035228 0x40f34 0x3f934 0x2e3
GetConsoleCP 0x0 0x1003522c 0x40f38 0x3f938 0x19a
GetConsoleMode 0x0 0x10035230 0x40f3c 0x3f93c 0x1ac
SetStdHandle 0x0 0x10035234 0x40f40 0x3f940 0x487
WriteConsoleA 0x0 0x10035238 0x40f44 0x3f944 0x51a
GetConsoleOutputCP 0x0 0x1003523c 0x40f48 0x3f948 0x1b0
WriteConsoleW 0x0 0x10035240 0x40f4c 0x3f94c 0x524
Sleep 0x0 0x10035244 0x40f50 0x3f950 0x4b2
GetSystemTimeAsFileTime 0x0 0x10035248 0x40f54 0x3f954 0x279
GetCommandLineA 0x0 0x1003524c 0x40f58 0x3f958 0x186
RtlUnwind 0x0 0x10035250 0x40f5c 0x3f95c 0x418
LCMapStringW 0x0 0x10035254 0x40f60 0x3f960 0x32d
UnhandledExceptionFilter 0x0 0x10035258 0x40f64 0x3f964 0x4d3
USER32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CharNextW 0x0 0x1003529c 0x40fa8 0x3f9a8 0x31
FindWindowW 0x0 0x100352a0 0x40fac 0x3f9ac 0xfa
ADVAPI32.dll (24)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LookupAccountSidW 0x0 0x10035000 0x40d0c 0x3f70c 0x191
SetSecurityDescriptorDacl 0x0 0x10035004 0x40d10 0x3f710 0x2b6
InitializeSecurityDescriptor 0x0 0x10035008 0x40d14 0x3f714 0x177
SetEntriesInAclW 0x0 0x1003500c 0x40d18 0x3f718 0x2a6
GetSecurityDescriptorDacl 0x0 0x10035010 0x40d1c 0x3f71c 0x148
StartServiceW 0x0 0x10035014 0x40d20 0x3f720 0x2c9
QueryServiceStatus 0x0 0x10035018 0x40d24 0x3f724 0x228
OpenServiceW 0x0 0x1003501c 0x40d28 0x3f728 0x1fb
RegCreateKeyExW 0x0 0x10035020 0x40d2c 0x3f72c 0x239
RegDeleteValueW 0x0 0x10035024 0x40d30 0x3f730 0x248
RegQueryInfoKeyW 0x0 0x10035028 0x40d34 0x3f734 0x268
RegSetValueExW 0x0 0x1003502c 0x40d38 0x3f738 0x27e
CloseServiceHandle 0x0 0x10035030 0x40d3c 0x3f73c 0x57
OpenSCManagerW 0x0 0x10035034 0x40d40 0x3f740 0x1f9
RegEnumKeyExW 0x0 0x10035038 0x40d44 0x3f744 0x24f
FreeSid 0x0 0x1003503c 0x40d48 0x3f748 0x120
EqualSid 0x0 0x10035040 0x40d4c 0x3f74c 0x107
AllocateAndInitializeSid 0x0 0x10035044 0x40d50 0x3f750 0x20
GetTokenInformation 0x0 0x10035048 0x40d54 0x3f754 0x15a
OpenProcessToken 0x0 0x1003504c 0x40d58 0x3f758 0x1f7
RegCloseKey 0x0 0x10035050 0x40d5c 0x3f75c 0x230
RegDeleteKeyW 0x0 0x10035054 0x40d60 0x3f760 0x244
RegQueryValueExW 0x0 0x10035058 0x40d64 0x3f764 0x26e
RegOpenKeyExW 0x0 0x1003505c 0x40d68 0x3f768 0x261
SHELL32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetMalloc 0x0 0x10035270 0x40f7c 0x3f97c 0xcf
SHGetPathFromIDListW 0x0 0x10035274 0x40f80 0x3f980 0xd7
ShellExecuteExW 0x0 0x10035278 0x40f84 0x3f984 0x121
ShellExecuteExA 0x0 0x1003527c 0x40f88 0x3f988 0x120
SHGetSpecialFolderLocation 0x0 0x10035280 0x40f8c 0x3f98c 0xdf
ole32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoTaskMemFree 0x0 0x1003533c 0x41048 0x3fa48 0x68
CLSIDFromString 0x0 0x10035340 0x4104c 0x3fa4c 0x8
CoCreateInstance 0x0 0x10035344 0x41050 0x3fa50 0x10
CoTaskMemRealloc 0x0 0x10035348 0x41054 0x3fa54 0x69
CoTaskMemAlloc 0x0 0x1003534c 0x41058 0x3fa58 0x67
OLEAUT32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x6 0x10035260 0x40f6c 0x3f96c -
VarUI4FromStr 0x115 0x10035264 0x40f70 0x3f970 -
SysAllocString 0x2 0x10035268 0x40f74 0x3f974 -
SHLWAPI.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathGetArgsW 0x0 0x10035288 0x40f94 0x3f994 0x51
PathRemoveArgsW 0x0 0x1003528c 0x40f98 0x3f998 0x83
PathUnquoteSpacesW 0x0 0x10035290 0x40f9c 0x3f99c 0x9f
PathFileExistsW 0x0 0x10035294 0x40fa0 0x3f9a0 0x45
Exports (10)
»
Api name EAT Address Ordinal
CleanPrereq 0x104ce 0x1
ConfigurePrereqLauncher 0x104e5 0x2
DoAppSearchEx 0x10263 0x3
DownloadPrereq 0x102f5 0x4
EstimateExtractFiles 0x18140 0x5
ExtractPrereq 0x10353 0x6
ExtractSourceFiles 0x183ed 0x7
InstallPostPrereq 0x10410 0x8
InstallPrereq 0x103b1 0x9
VerifyPrereq 0x10470 0xa
Digital Signatures (2)
»
Certificate: Caphyon SRL
»
Issued by Caphyon SRL
Parent Certificate Thawte Code Signing CA - G2
Country Name RO
Valid From 2013-01-30 00:00:00+00:00
Valid Until 2015-01-30 23:59:59+00:00
Algorithm sha1_rsa
Serial Number 5A B5 35 B2 74 9E 24 2E 6D 6B CD E3 14 2D 28 31
Thumbprint EA 1D 11 FA C7 0A A8 06 1C FB 7D 7A E4 AC C3 E9 3F 4C 9B FB
Certificate: Thawte Code Signing CA - G2
»
Issued by Thawte Code Signing CA - G2
Country Name US
Valid From 2010-02-08 00:00:00+00:00
Valid Until 2020-02-07 23:59:59+00:00
Algorithm sha1_rsa
Serial Number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
Thumbprint 80 8D 62 64 2B 7D 1C 4A 9A 83 FD 66 7F 7A 2A 9D 24 3F B1 C7
C:\inst_fold\7zaa.exe Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 674.50 KB
MD5 0184e6ebe133ef41a8cc6ef98a263712 Copy to Clipboard
SHA1 cb9f603e061aef833a2db501aa8ba6ba007d768e Copy to Clipboard
SHA256 dd6d7af00ef4ca89a319a230cdd094275c3a1d365807fe5b34133324bdaa0229 Copy to Clipboard
SSDeep 12288:rmJysC11szmzqS/Vf3gny3MhcGsnWrfATfkeafIO3rn1ExwnZE1f:r9s/zmT/my8zoW6ff4rn1ExwZE Copy to Clipboard
ImpHash 97afb108b72a3d7397a41aa475152d5a Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x48cdce
Size Of Code 0x93800
Size Of Initialized Data 0x1bc00
File Type executable
Subsystem windows_cui
Machine Type i386
Compile Timestamp 2017-08-28 10:40:43+00:00
Packer Armadillo v1.71
Version Information (8)
»
LegalCopyright Copyright (c) 1999-2017 Igor Pavlov
InternalName 7za
FileVersion 17.01 beta
CompanyName Igor Pavlov
ProductName 7-Zip
ProductVersion 17.01 beta
FileDescription 7-Zip Standalone Console
OriginalFilename 7za.exe
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x93785 0x93800 0x400 cnt_code, mem_execute, mem_read 6.7
.rdata 0x495000 0x140b4 0x14200 0x93c00 cnt_initialized_data, mem_read 4.62
.data 0x4aa000 0x72bc 0x600 0xa7e00 cnt_initialized_data, mem_read, mem_write 3.41
.sxdata 0x4b2000 0x4 0x200 0xa8400 cnt_initialized_data, lnk_info, mem_read, mem_write 0.02
.rsrc 0x4b3000 0x340 0x400 0xa8600 cnt_initialized_data, mem_read 2.76
Imports (5)
»
OLEAUT32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VariantCopy 0xa 0x495200 0xa87a4 0xa73a4 -
SysAllocStringLen 0x4 0x495204 0xa87a8 0xa73a8 -
SysAllocString 0x2 0x495208 0xa87ac 0xa73ac -
SysFreeString 0x6 0x49520c 0xa87b0 0xa73b0 -
SysStringLen 0x7 0x495210 0xa87b4 0xa73b4 -
VariantClear 0x9 0x495214 0xa87b8 0xa73b8 -
USER32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CharPrevExA 0x0 0x49521c 0xa87c0 0xa73c0 0x2e
CharUpperW 0x0 0x495220 0xa87c4 0xa73c4 0x37
ADVAPI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetFileSecurityW 0x0 0x495000 0xa85a4 0xa71a4 0x224
OpenProcessToken 0x0 0x495004 0xa85a8 0xa71a8 0x1aa
LookupPrivilegeValueW 0x0 0x495008 0xa85ac 0xa71ac 0x14e
AdjustTokenPrivileges 0x0 0x49500c 0xa85b0 0xa71b0 0x1c
GetFileSecurityW 0x0 0x495010 0xa85b4 0xa71b4 0xf0
MSVCRT.dll (40)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_controlfp 0x0 0x49515c 0xa8700 0xa7300 0xb7
__set_app_type 0x0 0x495160 0xa8704 0xa7304 0x81
__p__fmode 0x0 0x495164 0xa8708 0xa7308 0x6f
__p__commode 0x0 0x495168 0xa870c 0xa730c 0x6a
_adjust_fdiv 0x0 0x49516c 0xa8710 0xa7310 0x9d
__setusermatherr 0x0 0x495170 0xa8714 0xa7314 0x83
_initterm 0x0 0x495174 0xa8718 0xa7318 0x10f
__getmainargs 0x0 0x495178 0xa871c 0xa731c 0x58
__p___initenv 0x0 0x49517c 0xa8720 0xa7320 0x64
exit 0x0 0x495180 0xa8724 0xa7324 0x249
_XcptFilter 0x0 0x495184 0xa8728 0xa7328 0x48
_exit 0x0 0x495188 0xa872c 0xa732c 0xd3
_onexit 0x0 0x49518c 0xa8730 0xa7330 0x186
__dllonexit 0x0 0x495190 0xa8734 0xa7334 0x55
??1type_info@@UAE@XZ 0x0 0x495194 0xa8738 0xa7338 0xe
?terminate@@YAXXZ 0x0 0x495198 0xa873c 0xa733c 0x2e
_except_handler3 0x0 0x49519c 0xa8740 0xa7340 0xca
_beginthreadex 0x0 0x4951a0 0xa8744 0xa7344 0xa6
realloc 0x0 0x4951a4 0xa8748 0xa7348 0x2a7
strlen 0x0 0x4951a8 0xa874c 0xa734c 0x2be
memset 0x0 0x4951ac 0xa8750 0xa7350 0x299
wcscmp 0x0 0x4951b0 0xa8754 0xa7354 0x2e1
wcsstr 0x0 0x4951b4 0xa8758 0xa7358 0x2ed
strcmp 0x0 0x4951b8 0xa875c 0xa735c 0x2b8
memmove 0x0 0x4951bc 0xa8760 0xa7360 0x298
fputs 0x0 0x4951c0 0xa8764 0xa7364 0x25a
fputc 0x0 0x4951c4 0xa8768 0xa7368 0x259
fflush 0x0 0x4951c8 0xa876c 0xa736c 0x24f
fgetc 0x0 0x4951cc 0xa8770 0xa7370 0x250
fclose 0x0 0x4951d0 0xa8774 0xa7374 0x24c
_iob 0x0 0x4951d4 0xa8778 0xa7378 0x113
free 0x0 0x4951d8 0xa877c 0xa737c 0x25e
_CxxThrowException 0x0 0x4951dc 0xa8780 0xa7380 0x41
malloc 0x0 0x4951e0 0xa8784 0xa7384 0x291
memcmp 0x0 0x4951e4 0xa8788 0xa7388 0x296
_purecall 0x0 0x4951e8 0xa878c 0xa738c 0x192
memcpy 0x0 0x4951ec 0xa8790 0xa7390 0x297
__CxxFrameHandler 0x0 0x4951f0 0xa8794 0xa7394 0x49
_isatty 0x0 0x4951f4 0xa8798 0xa7398 0x114
_fileno 0x0 0x4951f8 0xa879c 0xa739c 0xde
KERNEL32.dll (80)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ResetEvent 0x0 0x495018 0xa85bc 0xa71bc 0x2c4
CreateSemaphoreW 0x0 0x49501c 0xa85c0 0xa71c0 0x66
CreateEventW 0x0 0x495020 0xa85c4 0xa71c4 0x4a
WaitForSingleObject 0x0 0x495024 0xa85c8 0xa71c8 0x385
ReleaseSemaphore 0x0 0x495028 0xa85cc 0xa71cc 0x2b9
InitializeCriticalSection 0x0 0x49502c 0xa85d0 0xa71d0 0x219
VirtualFree 0x0 0x495030 0xa85d4 0xa71d4 0x378
SetEvent 0x0 0x495034 0xa85d8 0xa71d8 0x30b
MoveFileW 0x0 0x495038 0xa85dc 0xa71dc 0x267
VirtualAlloc 0x0 0x49503c 0xa85e0 0xa71e0 0x375
QueryPerformanceCounter 0x0 0x495040 0xa85e4 0xa71e4 0x299
LocalFileTimeToFileTime 0x0 0x495044 0xa85e8 0xa71e8 0x250
SetConsoleMode 0x0 0x495048 0xa85ec 0xa71ec 0x2f2
GetConsoleMode 0x0 0x49504c 0xa85f0 0xa71f0 0x12b
GetVersionExW 0x0 0x495050 0xa85f4 0xa71f4 0x1e0
SetFileApisToOEM 0x0 0x495054 0xa85f8 0xa71f8 0x30d
GetCommandLineW 0x0 0x495058 0xa85fc 0xa71fc 0x109
GetConsoleScreenBufferInfo 0x0 0x49505c 0xa8600 0xa7200 0x12f
SetConsoleCtrlHandler 0x0 0x495060 0xa8604 0xa7204 0x2e3
DeleteCriticalSection 0x0 0x495064 0xa8608 0xa7208 0x7a
IsProcessorFeaturePresent 0x0 0x495068 0xa860c 0xa720c 0x232
GetProcessTimes 0x0 0x49506c 0xa8610 0xa7210 0x1a2
OpenEventW 0x0 0x495070 0xa8614 0xa7214 0x274
OpenFileMappingW 0x0 0x495074 0xa8618 0xa7218 0x277
MapViewOfFile 0x0 0x495078 0xa861c 0xa721c 0x25e
UnmapViewOfFile 0x0 0x49507c 0xa8620 0xa7220 0x365
SetProcessAffinityMask 0x0 0x495080 0xa8624 0xa7224 0x327
WaitForMultipleObjects 0x0 0x495084 0xa8628 0xa7228 0x383
EnterCriticalSection 0x0 0x495088 0xa862c 0xa722c 0x8f
LeaveCriticalSection 0x0 0x49508c 0xa8630 0xa7230 0x247
GetStdHandle 0x0 0x495090 0xa8634 0xa7234 0x1b1
GetSystemTimeAsFileTime 0x0 0x495094 0xa8638 0xa7238 0x1c0
FileTimeToDosDateTime 0x0 0x495098 0xa863c 0xa723c 0xba
DosDateTimeToFileTime 0x0 0x49509c 0xa8640 0xa7240 0x88
GlobalMemoryStatus 0x0 0x4950a0 0xa8644 0xa7244 0x1fa
GetSystemInfo 0x0 0x4950a4 0xa8648 0xa7248 0x1bb
GetProcessAffinityMask 0x0 0x4950a8 0xa864c 0xa724c 0x199
FileTimeToLocalFileTime 0x0 0x4950ac 0xa8650 0xa7250 0xbb
FileTimeToSystemTime 0x0 0x4950b0 0xa8654 0xa7254 0xbc
CompareFileTime 0x0 0x4950b4 0xa8658 0xa7258 0x33
GetCurrentProcess 0x0 0x4950b8 0xa865c 0xa725c 0x13a
GetDiskFreeSpaceW 0x0 0x4950bc 0xa8660 0xa7260 0x148
GetFileInformationByHandle 0x0 0x4950c0 0xa8664 0xa7264 0x15a
SetEndOfFile 0x0 0x4950c4 0xa8668 0xa7268 0x305
WriteFile 0x0 0x4950c8 0xa866c 0xa726c 0x397
ReadFile 0x0 0x4950cc 0xa8670 0xa7270 0x2ab
DeviceIoControl 0x0 0x4950d0 0xa8674 0xa7274 0x83
SetFilePointer 0x0 0x4950d4 0xa8678 0xa7278 0x310
GetFileSize 0x0 0x4950d8 0xa867c 0xa727c 0x15b
GetLastError 0x0 0x4950dc 0xa8680 0xa7280 0x169
MultiByteToWideChar 0x0 0x4950e0 0xa8684 0xa7284 0x26b
WideCharToMultiByte 0x0 0x4950e4 0xa8688 0xa7288 0x389
FreeLibrary 0x0 0x4950e8 0xa868c 0xa728c 0xef
LoadLibraryW 0x0 0x4950ec 0xa8690 0xa7290 0x24b
GetModuleFileNameW 0x0 0x4950f0 0xa8694 0xa7294 0x176
LocalFree 0x0 0x4950f4 0xa8698 0xa7298 0x252
FormatMessageW 0x0 0x4950f8 0xa869c 0xa729c 0xeb
CloseHandle 0x0 0x4950fc 0xa86a0 0xa72a0 0x2e
SetFileTime 0x0 0x495100 0xa86a4 0xa72a4 0x314
CreateFileW 0x0 0x495104 0xa86a8 0xa72a8 0x50
SetFileAttributesW 0x0 0x495108 0xa86ac 0xa72ac 0x30f
RemoveDirectoryW 0x0 0x49510c 0xa86b0 0xa72b0 0x2bb
GetLogicalDriveStringsW 0x0 0x495110 0xa86b4 0xa72b4 0x16f
GetProcAddress 0x0 0x495114 0xa86b8 0xa72b8 0x198
GetModuleHandleW 0x0 0x495118 0xa86bc 0xa72bc 0x17a
CreateDirectoryW 0x0 0x49511c 0xa86c0 0xa72c0 0x48
DeleteFileW 0x0 0x495120 0xa86c4 0xa72c4 0x7d
SetLastError 0x0 0x495124 0xa86c8 0xa72c8 0x31d
SetCurrentDirectoryW 0x0 0x495128 0xa86cc 0xa72cc 0x300
GetCurrentDirectoryW 0x0 0x49512c 0xa86d0 0xa72d0 0x139
GetTempPathW 0x0 0x495130 0xa86d4 0xa72d4 0x1cc
GetCurrentProcessId 0x0 0x495134 0xa86d8 0xa72d8 0x13b
GetTickCount 0x0 0x495138 0xa86dc 0xa72dc 0x1d5
GetCurrentThreadId 0x0 0x49513c 0xa86e0 0xa72e0 0x13e
FindClose 0x0 0x495140 0xa86e4 0xa72e4 0xc5
FindFirstFileW 0x0 0x495144 0xa86e8 0xa72e8 0xcc
FindNextFileW 0x0 0x495148 0xa86ec 0xa72ec 0xd4
GetModuleHandleA 0x0 0x49514c 0xa86f0 0xa72f0 0x177
GetFileAttributesW 0x0 0x495150 0xa86f4 0xa72f4 0x159
InterlockedIncrement 0x0 0x495154 0xa86f8 0xa72f8 0x222
C:\Program Files\Remote Utilities - Host\Printer\x86\VPDAgent.exe Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 200.52 KB
MD5 99f58392eaac2a939c74063f654ce047 Copy to Clipboard
SHA1 f92473806edb447cc5387739adbc293a5eb20326 Copy to Clipboard
SHA256 1ab16655e3f91d66667b62319d735f334191f9ff66d0bd1dcf9437221438f584 Copy to Clipboard
SSDeep 6144:0RfBITBF/zFWCNgzjXZbx/9XDHPnahPf8MmthzSENJbStUwzJgV:cfoBF/zFWCNgzjXZbxlXDHPnahPf8MmH Copy to Clipboard
ImpHash 80d9689a7aa35eb094515238492b1be6 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x416b44
Size Of Code 0x23000
Size Of Initialized Data 0xc000
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2012-08-31 14:24:42+00:00
Version Information (8)
»
LegalCopyright Copyright (C) Two Pilots 2012
InternalName VPDAgent
FileVersion 3, 19, 0, 0
CompanyName Two Pilots
ProductName Virtual Printer Driver
ProductVersion 7, 3, 0, 0
FileDescription Virtual Printer Driver component
OriginalFilename VPDAgent.exe
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x22f4a 0x23000 0x1000 cnt_code, mem_execute, mem_read 6.49
.rdata 0x424000 0x8048 0x9000 0x24000 cnt_initialized_data, mem_read 4.76
.data 0x42d000 0x3210 0x2000 0x2d000 cnt_initialized_data, mem_read, mem_write 1.88
.rsrc 0x431000 0x414 0x1000 0x2f000 cnt_initialized_data, mem_read 3.73
Imports (6)
»
KERNEL32.dll (112)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MapViewOfFile 0x0 0x424038 0x2b32c 0x2b32c 0x268
UnmapViewOfFile 0x0 0x42403c 0x2b330 0x2b330 0x371
Sleep 0x0 0x424040 0x2b334 0x2b334 0x356
GetExitCodeProcess 0x0 0x424044 0x2b338 0x2b338 0x15a
FileTimeToSystemTime 0x0 0x424048 0x2b33c 0x2b33c 0xc5
GetPrivateProfileIntW 0x0 0x42404c 0x2b340 0x2b340 0x197
CreateFileMappingW 0x0 0x424050 0x2b344 0x2b344 0x55
FindNextChangeNotification 0x0 0x424054 0x2b348 0x2b348 0xdb
WTSGetActiveConsoleSessionId 0x0 0x424058 0x2b34c 0x2b34c 0x38b
GetFileTime 0x0 0x42405c 0x2b350 0x2b350 0x165
DeleteFileW 0x0 0x424060 0x2b354 0x2b354 0x84
GetSystemTime 0x0 0x424064 0x2b358 0x2b358 0x1c8
CreateThread 0x0 0x424068 0x2b35c 0x2b35c 0x6f
CreateProcessW 0x0 0x42406c 0x2b360 0x2b360 0x69
GetCurrentProcess 0x0 0x424070 0x2b364 0x2b364 0x142
WriteFile 0x0 0x424074 0x2b368 0x2b368 0x3a4
FindFirstChangeNotificationW 0x0 0x424078 0x2b36c 0x2b36c 0xd1
LocalFree 0x0 0x42407c 0x2b370 0x2b370 0x25c
SetEndOfFile 0x0 0x424080 0x2b374 0x2b374 0x310
WriteConsoleW 0x0 0x424084 0x2b378 0x2b378 0x3a3
GetConsoleOutputCP 0x0 0x424088 0x2b37c 0x2b37c 0x135
WriteConsoleA 0x0 0x42408c 0x2b380 0x2b380 0x399
GetLocaleInfoA 0x0 0x424090 0x2b384 0x2b384 0x174
GetPrivateProfileStringW 0x0 0x424094 0x2b388 0x2b388 0x19d
LocalAlloc 0x0 0x424098 0x2b38c 0x2b38c 0x258
DisconnectNamedPipe 0x0 0x42409c 0x2b390 0x2b390 0x8c
GetOverlappedResult 0x0 0x4240a0 0x2b394 0x2b394 0x194
ReadFile 0x0 0x4240a4 0x2b398 0x2b398 0x2b5
CreateNamedPipeW 0x0 0x4240a8 0x2b39c 0x2b39c 0x63
ConnectNamedPipe 0x0 0x4240ac 0x2b3a0 0x2b3a0 0x3c
SetNamedPipeHandleState 0x0 0x4240b0 0x2b3a4 0x2b3a4 0x330
CreateFileW 0x0 0x4240b4 0x2b3a8 0x2b3a8 0x56
WaitNamedPipeW 0x0 0x4240b8 0x2b3ac 0x2b3ac 0x393
CloseHandle 0x0 0x4240bc 0x2b3b0 0x2b3b0 0x34
ReleaseMutex 0x0 0x4240c0 0x2b3b4 0x2b3b4 0x2c2
WaitForMultipleObjects 0x0 0x4240c4 0x2b3b8 0x2b3b8 0x38e
CreateEventW 0x0 0x4240c8 0x2b3bc 0x2b3bc 0x50
GetLocalTime 0x0 0x4240cc 0x2b3c0 0x2b3c0 0x173
ResetEvent 0x0 0x4240d0 0x2b3c4 0x2b3c4 0x2cf
SetLastError 0x0 0x4240d4 0x2b3c8 0x2b3c8 0x328
GetLastError 0x0 0x4240d8 0x2b3cc 0x2b3cc 0x171
GetTempPathW 0x0 0x4240dc 0x2b3d0 0x2b3d0 0x1d6
WritePrivateProfileStringW 0x0 0x4240e0 0x2b3d4 0x2b3d4 0x3aa
TerminateThread 0x0 0x4240e4 0x2b3d8 0x2b3d8 0x35f
SetEvent 0x0 0x4240e8 0x2b3dc 0x2b3dc 0x316
WaitForSingleObject 0x0 0x4240ec 0x2b3e0 0x2b3e0 0x390
CreateMutexW 0x0 0x4240f0 0x2b3e4 0x2b3e4 0x61
GetTempFileNameW 0x0 0x4240f4 0x2b3e8 0x2b3e8 0x1d4
GetStringTypeW 0x0 0x4240f8 0x2b3ec 0x2b3ec 0x1bd
GetStringTypeA 0x0 0x4240fc 0x2b3f0 0x2b3f0 0x1ba
LCMapStringW 0x0 0x424100 0x2b3f4 0x2b3f4 0x245
LCMapStringA 0x0 0x424104 0x2b3f8 0x2b3f8 0x244
FlushFileBuffers 0x0 0x424108 0x2b3fc 0x2b3fc 0xee
ExitThread 0x0 0x42410c 0x2b400 0x2b400 0xba
GetCurrentThreadId 0x0 0x424110 0x2b404 0x2b404 0x146
TerminateProcess 0x0 0x424114 0x2b408 0x2b408 0x35e
UnhandledExceptionFilter 0x0 0x424118 0x2b40c 0x2b40c 0x36e
SetUnhandledExceptionFilter 0x0 0x42411c 0x2b410 0x2b410 0x34a
IsDebuggerPresent 0x0 0x424120 0x2b414 0x2b414 0x239
HeapFree 0x0 0x424124 0x2b418 0x2b418 0x216
HeapAlloc 0x0 0x424128 0x2b41c 0x2b41c 0x210
GetVersionExA 0x0 0x42412c 0x2b420 0x2b420 0x1e9
GetProcessHeap 0x0 0x424130 0x2b424 0x2b424 0x1a3
GetStartupInfoW 0x0 0x424134 0x2b428 0x2b428 0x1b8
RaiseException 0x0 0x424138 0x2b42c 0x2b42c 0x2a7
RtlUnwind 0x0 0x42413c 0x2b430 0x2b430 0x2d7
EnterCriticalSection 0x0 0x424140 0x2b434 0x2b434 0x98
LeaveCriticalSection 0x0 0x424144 0x2b438 0x2b438 0x251
GetProcAddress 0x0 0x424148 0x2b43c 0x2b43c 0x1a0
GetModuleHandleA 0x0 0x42414c 0x2b440 0x2b440 0x17f
TlsGetValue 0x0 0x424150 0x2b444 0x2b444 0x365
TlsAlloc 0x0 0x424154 0x2b448 0x2b448 0x363
TlsSetValue 0x0 0x424158 0x2b44c 0x2b44c 0x366
TlsFree 0x0 0x42415c 0x2b450 0x2b450 0x364
InterlockedIncrement 0x0 0x424160 0x2b454 0x2b454 0x22c
InterlockedDecrement 0x0 0x424164 0x2b458 0x2b458 0x228
ExitProcess 0x0 0x424168 0x2b45c 0x2b45c 0xb9
SetHandleCount 0x0 0x42416c 0x2b460 0x2b460 0x324
GetStdHandle 0x0 0x424170 0x2b464 0x2b464 0x1b9
GetFileType 0x0 0x424174 0x2b468 0x2b468 0x166
GetStartupInfoA 0x0 0x424178 0x2b46c 0x2b46c 0x1b7
DeleteCriticalSection 0x0 0x42417c 0x2b470 0x2b470 0x81
HeapDestroy 0x0 0x424180 0x2b474 0x2b474 0x214
HeapCreate 0x0 0x424184 0x2b478 0x2b478 0x212
VirtualFree 0x0 0x424188 0x2b47c 0x2b47c 0x383
VirtualAlloc 0x0 0x42418c 0x2b480 0x2b480 0x381
HeapReAlloc 0x0 0x424190 0x2b484 0x2b484 0x21a
GetModuleFileNameA 0x0 0x424194 0x2b488 0x2b488 0x17d
GetCPInfo 0x0 0x424198 0x2b48c 0x2b48c 0x104
GetACP 0x0 0x42419c 0x2b490 0x2b490 0xfd
GetOEMCP 0x0 0x4241a0 0x2b494 0x2b494 0x193
HeapSize 0x0 0x4241a4 0x2b498 0x2b498 0x21c
GetModuleFileNameW 0x0 0x4241a8 0x2b49c 0x2b49c 0x17e
FreeEnvironmentStringsA 0x0 0x4241ac 0x2b4a0 0x2b4a0 0xf6
MultiByteToWideChar 0x0 0x4241b0 0x2b4a4 0x2b4a4 0x275
GetEnvironmentStrings 0x0 0x4241b4 0x2b4a8 0x2b4a8 0x155
FreeEnvironmentStringsW 0x0 0x4241b8 0x2b4ac 0x2b4ac 0xf7
GetEnvironmentStringsW 0x0 0x4241bc 0x2b4b0 0x2b4b0 0x157
GetCommandLineA 0x0 0x4241c0 0x2b4b4 0x2b4b4 0x110
GetCommandLineW 0x0 0x4241c4 0x2b4b8 0x2b4b8 0x111
QueryPerformanceCounter 0x0 0x4241c8 0x2b4bc 0x2b4bc 0x2a3
GetTickCount 0x0 0x4241cc 0x2b4c0 0x2b4c0 0x1df
GetCurrentProcessId 0x0 0x4241d0 0x2b4c4 0x2b4c4 0x143
GetSystemTimeAsFileTime 0x0 0x4241d4 0x2b4c8 0x2b4c8 0x1ca
SetFilePointer 0x0 0x4241d8 0x2b4cc 0x2b4cc 0x31b
WideCharToMultiByte 0x0 0x4241dc 0x2b4d0 0x2b4d0 0x394
GetConsoleCP 0x0 0x4241e0 0x2b4d4 0x2b4d4 0x122
GetConsoleMode 0x0 0x4241e4 0x2b4d8 0x2b4d8 0x133
LoadLibraryA 0x0 0x4241e8 0x2b4dc 0x2b4dc 0x252
InitializeCriticalSection 0x0 0x4241ec 0x2b4e0 0x2b4e0 0x223
CreateFileA 0x0 0x4241f0 0x2b4e4 0x2b4e4 0x53
SetStdHandle 0x0 0x4241f4 0x2b4e8 0x2b4e8 0x337
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WaitForInputIdle 0x0 0x4241fc 0x2b4f0 0x2b4f0 0x2ce
WINSPOOL.DRV (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FindFirstPrinterChangeNotification 0x0 0x424210 0x2b504 0x2b504 0x64
ClosePrinter 0x0 0x424214 0x2b508 0x2b508 0x1b
EnumJobsW 0x0 0x424218 0x2b50c 0x2b50c 0x4f
GetJobW 0x0 0x42421c 0x2b510 0x2b510 0x6d
OpenPrinterW 0x0 0x424220 0x2b514 0x2b514 0x7e
FindClosePrinterChangeNotification 0x0 0x424224 0x2b518 0x2b518 0x63
FreePrinterNotifyInfo 0x0 0x424228 0x2b51c 0x2b51c 0x67
FindNextPrinterChangeNotification 0x0 0x42422c 0x2b520 0x2b520 0x65
SetJobW 0x0 0x424230 0x2b524 0x2b524 0x94
ADVAPI32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DuplicateTokenEx 0x0 0x424000 0x2b2f4 0x2b2f4 0xb4
CreateProcessAsUserW 0x0 0x424004 0x2b2f8 0x2b2f8 0x60
GetTokenInformation 0x0 0x424008 0x2b2fc 0x2b2fc 0x11a
OpenProcessToken 0x0 0x42400c 0x2b300 0x2b300 0x1ac
SetServiceStatus 0x0 0x424010 0x2b304 0x2b304 0x244
RegisterServiceCtrlHandlerExW 0x0 0x424014 0x2b308 0x2b308 0x20e
RegCloseKey 0x0 0x424018 0x2b30c 0x2b30c 0x1cb
RegOpenKeyExW 0x0 0x42401c 0x2b310 0x2b310 0x1ed
RegQueryValueExW 0x0 0x424020 0x2b314 0x2b314 0x1f8
SetSecurityDescriptorDacl 0x0 0x424024 0x2b318 0x2b318 0x23a
InitializeSecurityDescriptor 0x0 0x424028 0x2b31c 0x2b31c 0x134
StartServiceCtrlDispatcherW 0x0 0x42402c 0x2b320 0x2b320 0x24b
ConvertSidToStringSidW 0x0 0x424030 0x2b324 0x2b324 0x50
WTSAPI32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WTSQuerySessionInformationW 0x0 0x424238 0x2b52c 0x2b52c 0xd
WTSEnumerateSessionsW 0x0 0x42423c 0x2b530 0x2b530 0x7
WTSFreeMemory 0x0 0x424240 0x2b534 0x2b534 0x8
WTSQueryUserToken 0x0 0x424244 0x2b538 0x2b538 0x10
USERENV.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateEnvironmentBlock 0x0 0x424204 0x2b4f8 0x2b4f8 0x0
DestroyEnvironmentBlock 0x0 0x424208 0x2b4fc 0x2b4fc 0x3
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\preparing.jpg Created File Image
Not Queried
...
»
Mime Type image/jpeg
File Size 1.76 KB
MD5 d20270537ae700b03b988fc7471c820e Copy to Clipboard
SHA1 3b68b1be0a7d30df6ed8952c34794e90102b77df Copy to Clipboard
SHA256 a8c29d7365a7ed4191b20d08be6274215f5f12be420e826852205c4f3755dbb4 Copy to Clipboard
SSDeep 24:jjJdY5FXXI4jKnP7lf0xdIOZNfHmLSOp+7KgzjTl779R438M969t5Wbgnb4JZKP:HJsXY3P7yxJumcajTtpRFMg99nb4jKP Copy to Clipboard
C:\inst_fold\7za.dll Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 250.50 KB
MD5 4ca574943165d792efadffff193a5395 Copy to Clipboard
SHA1 282c147dd34ec7bb7d5631ea25c69b656b3f1d62 Copy to Clipboard
SHA256 7f1e0ea1984aacaee736f3082560d53f3e990b44d6e5d2b9ed38a148de79a0fb Copy to Clipboard
SSDeep 3072:8xDDNhSGkz5e5cfll2+NkqXGJFGOm26C2zIvr1FnYzyrnJEYAAAAA+hIefckRQEH:R6Wl20LA4OBrn+NedRO7xn3T Copy to Clipboard
ImpHash 38f58790f948beede26333a80264786c Copy to Clipboard
PE Information
»
Image Base 0x10000000
Entry Point 0x10033557
Size Of Code 0x34a00
Size Of Initialized Data 0xe600
File Type dll
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2017-08-28 10:40:44+00:00
Packer Armadillo v1.xx - v2.xx
Version Information (8)
»
LegalCopyright Copyright (c) 1999-2017 Igor Pavlov
InternalName 7za
FileVersion 17.01 beta
CompanyName Igor Pavlov
ProductName 7-Zip
ProductVersion 17.01 beta
FileDescription 7z Standalone Plugin
OriginalFilename 7za.dll
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x34905 0x34a00 0x400 cnt_code, mem_execute, mem_read 6.7
.rdata 0x10036000 0x594a 0x5a00 0x34e00 cnt_initialized_data, mem_read 4.76
.data 0x1003c000 0x4b00 0x200 0x3a800 cnt_initialized_data, mem_read, mem_write 4.67
.sxdata 0x10041000 0x4 0x200 0x3aa00 cnt_initialized_data, lnk_info, mem_read, mem_write 0.02
.rsrc 0x10042000 0x16b8 0x1800 0x3ac00 cnt_initialized_data, mem_read 3.89
.reloc 0x10044000 0x24ee 0x2600 0x3c400 cnt_initialized_data, mem_discardable, mem_read 5.65
Imports (4)
»
OLEAUT32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysAllocStringByteLen 0x96 0x100360ec 0x3b39c 0x3a19c -
SysAllocStringLen 0x4 0x100360f0 0x3b3a0 0x3a1a0 -
SysAllocString 0x2 0x100360f4 0x3b3a4 0x3a1a4 -
SysFreeString 0x6 0x100360f8 0x3b3a8 0x3a1a8 -
VariantCopy 0xa 0x100360fc 0x3b3ac 0x3a1ac -
VariantClear 0x9 0x10036100 0x3b3b0 0x3a1b0 -
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CharUpperW 0x0 0x10036108 0x3b3b8 0x3a1b8 0x37
MSVCRT.dll (20)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_adjust_fdiv 0x0 0x10036098 0x3b348 0x3a148 0x9d
_initterm 0x0 0x1003609c 0x3b34c 0x3a14c 0x10f
_onexit 0x0 0x100360a0 0x3b350 0x3a150 0x186
__dllonexit 0x0 0x100360a4 0x3b354 0x3a154 0x55
?terminate@@YAXXZ 0x0 0x100360a8 0x3b358 0x3a158 0x2e
??1type_info@@UAE@XZ 0x0 0x100360ac 0x3b35c 0x3a15c 0xe
_except_handler3 0x0 0x100360b0 0x3b360 0x3a160 0xca
_beginthreadex 0x0 0x100360b4 0x3b364 0x3a164 0xa6
memset 0x0 0x100360b8 0x3b368 0x3a168 0x299
realloc 0x0 0x100360bc 0x3b36c 0x3a16c 0x2a7
strlen 0x0 0x100360c0 0x3b370 0x3a170 0x2be
wcscmp 0x0 0x100360c4 0x3b374 0x3a174 0x2e1
memcpy 0x0 0x100360c8 0x3b378 0x3a178 0x297
memmove 0x0 0x100360cc 0x3b37c 0x3a17c 0x298
free 0x0 0x100360d0 0x3b380 0x3a180 0x25e
_CxxThrowException 0x0 0x100360d4 0x3b384 0x3a184 0x41
malloc 0x0 0x100360d8 0x3b388 0x3a188 0x291
memcmp 0x0 0x100360dc 0x3b38c 0x3a18c 0x296
_purecall 0x0 0x100360e0 0x3b390 0x3a190 0x192
__CxxFrameHandler 0x0 0x100360e4 0x3b394 0x3a194 0x49
KERNEL32.dll (37)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetProcAddress 0x0 0x10036000 0x3b2b0 0x3a0b0 0x198
InitializeCriticalSection 0x0 0x10036004 0x3b2b4 0x3a0b4 0x219
ReleaseSemaphore 0x0 0x10036008 0x3b2b8 0x3a0b8 0x2b9
CreateSemaphoreW 0x0 0x1003600c 0x3b2bc 0x3a0bc 0x66
ResetEvent 0x0 0x10036010 0x3b2c0 0x3a0c0 0x2c4
SetEvent 0x0 0x10036014 0x3b2c4 0x3a0c4 0x30b
CreateEventW 0x0 0x10036018 0x3b2c8 0x3a0c8 0x4a
WaitForSingleObject 0x0 0x1003601c 0x3b2cc 0x3a0cc 0x385
InterlockedIncrement 0x0 0x10036020 0x3b2d0 0x3a0d0 0x222
VirtualFree 0x0 0x10036024 0x3b2d4 0x3a0d4 0x378
VirtualAlloc 0x0 0x10036028 0x3b2d8 0x3a0d8 0x375
QueryPerformanceCounter 0x0 0x1003602c 0x3b2dc 0x3a0dc 0x299
DeleteCriticalSection 0x0 0x10036030 0x3b2e0 0x3a0e0 0x7a
EnterCriticalSection 0x0 0x10036034 0x3b2e4 0x3a0e4 0x8f
LeaveCriticalSection 0x0 0x10036038 0x3b2e8 0x3a0e8 0x247
GetVersionExW 0x0 0x1003603c 0x3b2ec 0x3a0ec 0x1e0
WaitForMultipleObjects 0x0 0x10036040 0x3b2f0 0x3a0f0 0x383
GetSystemInfo 0x0 0x10036044 0x3b2f4 0x3a0f4 0x1bb
GetCurrentProcess 0x0 0x10036048 0x3b2f8 0x3a0f8 0x13a
GetProcessAffinityMask 0x0 0x1003604c 0x3b2fc 0x3a0fc 0x199
WriteFile 0x0 0x10036050 0x3b300 0x3a100 0x397
ReadFile 0x0 0x10036054 0x3b304 0x3a104 0x2ab
GetFileAttributesW 0x0 0x10036058 0x3b308 0x3a108 0x159
GetModuleHandleA 0x0 0x1003605c 0x3b30c 0x3a10c 0x177
FindFirstFileW 0x0 0x10036060 0x3b310 0x3a110 0xcc
FindClose 0x0 0x10036064 0x3b314 0x3a114 0xc5
GetLastError 0x0 0x10036068 0x3b318 0x3a118 0x169
CloseHandle 0x0 0x1003606c 0x3b31c 0x3a11c 0x2e
CreateFileW 0x0 0x10036070 0x3b320 0x3a120 0x50
SetFileAttributesW 0x0 0x10036074 0x3b324 0x3a124 0x30f
CreateDirectoryW 0x0 0x10036078 0x3b328 0x3a128 0x48
DeleteFileW 0x0 0x1003607c 0x3b32c 0x3a12c 0x7d
SetLastError 0x0 0x10036080 0x3b330 0x3a130 0x31d
GetTempPathW 0x0 0x10036084 0x3b334 0x3a134 0x1cc
GetCurrentProcessId 0x0 0x10036088 0x3b338 0x3a138 0x13b
GetTickCount 0x0 0x1003608c 0x3b33c 0x3a13c 0x1d5
GetCurrentThreadId 0x0 0x10036090 0x3b340 0x3a140 0x13e
Exports (13)
»
Api name EAT Address Ordinal
CreateDecoder 0x18630 0x1
CreateEncoder 0x18760 0x2
CreateObject 0x6085 0x3
GetHandlerProperty 0x5fda 0x5
GetHandlerProperty2 0x5e57 0x4
GetHashers 0x18d00 0x6
GetIsArc 0x6001 0x7
GetMethodProperty 0x18940 0x8
GetNumberOfFormats 0x5ff0 0x9
GetNumberOfMethods 0x18ae0 0xa
SetCaseSensitive 0x610c 0xb
SetCodecs 0x611e 0xc
SetLargePageMode 0x6109 0xd
Icons (1)
»
C:\inst_fold\7zxa.dll Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 144.00 KB
MD5 4d183847804e733fb6a197e24272e870 Copy to Clipboard
SHA1 11a11deee65803c75fffb496f91494e6e1e4b7fc Copy to Clipboard
SHA256 7f964a73d3bd666a494b6eb82aa984bc0b4e77172a78aa4be786d9a578103224 Copy to Clipboard
SSDeep 3072:TYpNRok2PQFDTQQYvanxOokAAAAA+cQKiG3iral6W60b:ahFDTQdZG3zUW6 Copy to Clipboard
ImpHash 467a4f27a756068709b9c07e77c781ff Copy to Clipboard
PE Information
»
Image Base 0x10000000
Entry Point 0x1001c5d7
Size Of Code 0x1cc00
Size Of Initialized Data 0xba00
File Type dll
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2017-08-28 10:40:47+00:00
Packer Armadillo v1.xx - v2.xx
Version Information (8)
»
LegalCopyright Copyright (c) 1999-2017 Igor Pavlov
InternalName 7zxa
FileVersion 17.01 beta
CompanyName Igor Pavlov
ProductName 7-Zip
ProductVersion 17.01 beta
FileDescription 7z Standalone Extracting Plugin
OriginalFilename 7zxa.dll
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x1caf5 0x1cc00 0x400 cnt_code, mem_execute, mem_read 6.69
.rdata 0x1001e000 0x393b 0x3a00 0x1d000 cnt_initialized_data, mem_read 4.69
.data 0x10022000 0x4aa0 0x200 0x20a00 cnt_initialized_data, mem_read, mem_write 4.4
.sxdata 0x10027000 0x4 0x200 0x20c00 cnt_initialized_data, lnk_info, mem_read, mem_write 0.02
.rsrc 0x10028000 0x16d0 0x1800 0x20e00 cnt_initialized_data, mem_read 3.92
.reloc 0x1002a000 0x1948 0x1a00 0x22600 cnt_initialized_data, mem_discardable, mem_read 5.46
Imports (3)
»
OLEAUT32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysAllocStringByteLen 0x96 0x1001e094 0x21528 0x20528 -
SysAllocStringLen 0x4 0x1001e098 0x2152c 0x2052c -
SysFreeString 0x6 0x1001e09c 0x21530 0x20530 -
VariantClear 0x9 0x1001e0a0 0x21534 0x20534 -
MSVCRT.dll (18)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_beginthreadex 0x0 0x1001e048 0x214dc 0x204dc 0xa6
_except_handler3 0x0 0x1001e04c 0x214e0 0x204e0 0xca
??1type_info@@UAE@XZ 0x0 0x1001e050 0x214e4 0x204e4 0xe
?terminate@@YAXXZ 0x0 0x1001e054 0x214e8 0x204e8 0x2e
__dllonexit 0x0 0x1001e058 0x214ec 0x204ec 0x55
_onexit 0x0 0x1001e05c 0x214f0 0x204f0 0x186
_initterm 0x0 0x1001e060 0x214f4 0x204f4 0x10f
_adjust_fdiv 0x0 0x1001e064 0x214f8 0x204f8 0x9d
strlen 0x0 0x1001e068 0x214fc 0x204fc 0x2be
free 0x0 0x1001e06c 0x21500 0x20500 0x25e
malloc 0x0 0x1001e070 0x21504 0x20504 0x291
_CxxThrowException 0x0 0x1001e074 0x21508 0x20508 0x41
memcpy 0x0 0x1001e078 0x2150c 0x2050c 0x297
memmove 0x0 0x1001e07c 0x21510 0x20510 0x298
memcmp 0x0 0x1001e080 0x21514 0x20514 0x296
_purecall 0x0 0x1001e084 0x21518 0x20518 0x192
__CxxFrameHandler 0x0 0x1001e088 0x2151c 0x2051c 0x49
memset 0x0 0x1001e08c 0x21520 0x20520 0x299
KERNEL32.dll (17)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InitializeCriticalSection 0x0 0x1001e000 0x21494 0x20494 0x219
ResetEvent 0x0 0x1001e004 0x21498 0x20498 0x2c4
SetEvent 0x0 0x1001e008 0x2149c 0x2049c 0x30b
CreateEventW 0x0 0x1001e00c 0x214a0 0x204a0 0x4a
WaitForSingleObject 0x0 0x1001e010 0x214a4 0x204a4 0x385
CloseHandle 0x0 0x1001e014 0x214a8 0x204a8 0x2e
VirtualFree 0x0 0x1001e018 0x214ac 0x204ac 0x378
VirtualAlloc 0x0 0x1001e01c 0x214b0 0x204b0 0x375
EnterCriticalSection 0x0 0x1001e020 0x214b4 0x204b4 0x8f
LeaveCriticalSection 0x0 0x1001e024 0x214b8 0x204b8 0x247
GetVersionExW 0x0 0x1001e028 0x214bc 0x204bc 0x1e0
WaitForMultipleObjects 0x0 0x1001e02c 0x214c0 0x204c0 0x383
GetSystemInfo 0x0 0x1001e030 0x214c4 0x204c4 0x1bb
GetCurrentProcess 0x0 0x1001e034 0x214c8 0x204c8 0x13a
GetProcessAffinityMask 0x0 0x1001e038 0x214cc 0x204cc 0x199
GetLastError 0x0 0x1001e03c 0x214d0 0x204d0 0x169
DeleteCriticalSection 0x0 0x1001e040 0x214d4 0x204d4 0x7a
Exports (13)
»
Api name EAT Address Ordinal
CreateDecoder 0xbf00 0x1
CreateEncoder 0xc030 0x2
CreateObject 0x360a 0x3
GetHandlerProperty 0x355f 0x5
GetHandlerProperty2 0x33dc 0x4
GetHashers 0xc5d0 0x6
GetIsArc 0x3586 0x7
GetMethodProperty 0xc210 0x8
GetNumberOfFormats 0x3575 0x9
GetNumberOfMethods 0xc3b0 0xa
SetCaseSensitive 0x3691 0xb
SetCodecs 0x36a3 0xc
SetLargePageMode 0x368e 0xd
Icons (1)
»
C:\Program Files\Remote Utilities - Host\Chinese Simplified.lg Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 37.10 KB
MD5 844e2b8e4ad580ff845402a6b3b88846 Copy to Clipboard
SHA1 1e76d2008eee1a896d207dd9c3c1a504dc9d06de Copy to Clipboard
SHA256 4d646a6af146c05cdb4644f62605cb40196595e6ed3aabcaf92e7d081c4eebf1 Copy to Clipboard
SSDeep 768:w4ZeAyS/v3c0kjkcpH7O0ne68XPfHynIlxBQk6WoB:fZeA5voj/Y/HHyv Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Printer\x86\rup.gpd Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 14.32 KB
MD5 151f3af412abd6bf05d160a70f8873d8 Copy to Clipboard
SHA1 0efcf48401d546ce101920496dcbbf3ab252ee87 Copy to Clipboard
SHA256 4c21b9663120b494d0f5112eb5f9e0aab4b659a5bf5d5301ee4d5a98abb20f25 Copy to Clipboard
SSDeep 384:U1EQCc2g2N2A2X2Y2j2+2BgQzaZah25Dy:3RLormTqdB1aZzy Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Danish.lg Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 52.64 KB
MD5 ab723f51a48801456d39bb48396beada Copy to Clipboard
SHA1 a721d0afa24cbfb99c97431be42113426ab6638f Copy to Clipboard
SHA256 3db7b110d7df4402b0ac207d28debb735cfd476ef42c2f71bbba5108a0b96da5 Copy to Clipboard
SSDeep 384:gT1z3OH0gvqC4T1AIP28VpsjIvAAcs1jrnLA7lFTt9jMAlI4r:DHqTv5jruTtD Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Monitor\x64\drvinstaller64.exe Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 218.52 KB
MD5 bf25bed1f6c00110503ae135e500ebdf Copy to Clipboard
SHA1 4ac12609265f47f75f2cdbe0fa0bf313cfe5e149 Copy to Clipboard
SHA256 5517516030166606f2bdcd34a4990dee896a22be1fc23c700fc16743520c519a Copy to Clipboard
SSDeep 1536:7UYAqkUIVQaz5e3fdDJVBbM4L6LG1F33AknTZ9IM3eFyINtiR+uqPXJeyr3XLT5S:lA1UIVuNJ3V+kRsoyrXLTvDLS2Ofogz Copy to Clipboard
ImpHash 59bdbe841821e55833bc6930690cad31 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4260b0
Size Of Code 0x28600
Size Of Initialized Data 0xbe00
File Type executable
Subsystem windows_gui
Machine Type amd64
Compile Timestamp 2016-08-06 23:31:37+00:00
Version Information (3)
»
FileDescription Driver installer
ProductVersion 1.1.0.0
FileVersion 1.1.0.0
Sections (11)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x284fc 0x28600 0x400 cnt_code, mem_execute, mem_read 5.75
.data 0x42a000 0x4920 0x4a00 0x28a00 cnt_initialized_data, mem_read, mem_write 3.8
.bss 0x42f000 0xa6c4 0x0 0x0 mem_read, mem_write 0.0
.idata 0x43a000 0xf64 0x1000 0x2d400 cnt_initialized_data, mem_read, mem_write 4.07
.didata 0x43b000 0x260 0x400 0x2e400 cnt_initialized_data, mem_read, mem_write 1.73
.edata 0x43c000 0x75 0x200 0x2e800 cnt_initialized_data, mem_read 1.38
.tls 0x43d000 0x220 0x0 0x0 mem_read, mem_write 0.0
.rdata 0x43e000 0x6d 0x200 0x2ea00 cnt_initialized_data, mem_read 1.38
.reloc 0x43f000 0x1ee4 0x2000 0x2ec00 cnt_initialized_data, mem_discardable, mem_read 5.85
.pdata 0x441000 0x2124 0x2200 0x30c00 cnt_initialized_data, mem_read 5.17
.rsrc 0x444000 0x1a00 0x1a00 0x32e00 cnt_initialized_data, mem_read 4.25
Imports (10)
»
oleaut32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x43a460 0x3a0e0 0x2d4e0 0x0
SysReAllocStringLen 0x0 0x43a468 0x3a0e8 0x2d4e8 0x0
SysAllocStringLen 0x0 0x43a470 0x3a0f0 0x2d4f0 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExW 0x0 0x43a480 0x3a100 0x2d500 0x0
RegOpenKeyExW 0x0 0x43a488 0x3a108 0x2d508 0x0
RegCloseKey 0x0 0x43a490 0x3a110 0x2d510 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CharNextW 0x0 0x43a4a0 0x3a120 0x2d520 0x0
LoadStringW 0x0 0x43a4a8 0x3a128 0x2d528 0x0
kernel32.dll (41)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Sleep 0x0 0x43a4b8 0x3a138 0x2d538 0x0
VirtualFree 0x0 0x43a4c0 0x3a140 0x2d540 0x0
VirtualAlloc 0x0 0x43a4c8 0x3a148 0x2d548 0x0
lstrlenW 0x0 0x43a4d0 0x3a150 0x2d550 0x0
VirtualQuery 0x0 0x43a4d8 0x3a158 0x2d558 0x0
GetTickCount 0x0 0x43a4e0 0x3a160 0x2d560 0x0
GetSystemInfo 0x0 0x43a4e8 0x3a168 0x2d568 0x0
GetVersion 0x0 0x43a4f0 0x3a170 0x2d570 0x0
CompareStringW 0x0 0x43a4f8 0x3a178 0x2d578 0x0
IsValidLocale 0x0 0x43a500 0x3a180 0x2d580 0x0
SetThreadLocale 0x0 0x43a508 0x3a188 0x2d588 0x0
GetSystemDefaultUILanguage 0x0 0x43a510 0x3a190 0x2d590 0x0
GetUserDefaultUILanguage 0x0 0x43a518 0x3a198 0x2d598 0x0
GetLocaleInfoW 0x0 0x43a520 0x3a1a0 0x2d5a0 0x0
WideCharToMultiByte 0x0 0x43a528 0x3a1a8 0x2d5a8 0x0
MultiByteToWideChar 0x0 0x43a530 0x3a1b0 0x2d5b0 0x0
GetACP 0x0 0x43a538 0x3a1b8 0x2d5b8 0x0
LoadLibraryExW 0x0 0x43a540 0x3a1c0 0x2d5c0 0x0
GetStartupInfoW 0x0 0x43a548 0x3a1c8 0x2d5c8 0x0
GetProcAddress 0x0 0x43a550 0x3a1d0 0x2d5d0 0x0
GetModuleHandleW 0x0 0x43a558 0x3a1d8 0x2d5d8 0x0
GetModuleFileNameW 0x0 0x43a560 0x3a1e0 0x2d5e0 0x0
GetCommandLineW 0x0 0x43a568 0x3a1e8 0x2d5e8 0x0
FreeLibrary 0x0 0x43a570 0x3a1f0 0x2d5f0 0x0
GetLastError 0x0 0x43a578 0x3a1f8 0x2d5f8 0x0
UnhandledExceptionFilter 0x0 0x43a580 0x3a200 0x2d600 0x0
RtlUnwindEx 0x0 0x43a588 0x3a208 0x2d608 0x0
RtlUnwind 0x0 0x43a590 0x3a210 0x2d610 0x0
RaiseException 0x0 0x43a598 0x3a218 0x2d618 0x0
ExitProcess 0x0 0x43a5a0 0x3a220 0x2d620 0x0
SwitchToThread 0x0 0x43a5a8 0x3a228 0x2d628 0x0
GetCurrentThreadId 0x0 0x43a5b0 0x3a230 0x2d630 0x0
DeleteCriticalSection 0x0 0x43a5b8 0x3a238 0x2d638 0x0
LeaveCriticalSection 0x0 0x43a5c0 0x3a240 0x2d640 0x0
EnterCriticalSection 0x0 0x43a5c8 0x3a248 0x2d648 0x0
InitializeCriticalSection 0x0 0x43a5d0 0x3a250 0x2d650 0x0
FindFirstFileW 0x0 0x43a5d8 0x3a258 0x2d658 0x0
FindClose 0x0 0x43a5e0 0x3a260 0x2d660 0x0
WriteFile 0x0 0x43a5e8 0x3a268 0x2d668 0x0
GetStdHandle 0x0 0x43a5f0 0x3a270 0x2d670 0x0
CloseHandle 0x0 0x43a5f8 0x3a278 0x2d678 0x0
kernel32.dll (10)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetProcAddress 0x0 0x43a608 0x3a288 0x2d688 0x0
RaiseException 0x0 0x43a610 0x3a290 0x2d690 0x0
LoadLibraryA 0x0 0x43a618 0x3a298 0x2d698 0x0
GetLastError 0x0 0x43a620 0x3a2a0 0x2d6a0 0x0
TlsSetValue 0x0 0x43a628 0x3a2a8 0x2d6a8 0x0
TlsGetValue 0x0 0x43a630 0x3a2b0 0x2d6b0 0x0
LocalFree 0x0 0x43a638 0x3a2b8 0x2d6b8 0x0
LocalAlloc 0x0 0x43a640 0x3a2c0 0x2d6c0 0x0
GetModuleHandleW 0x0 0x43a648 0x3a2c8 0x2d6c8 0x0
FreeLibrary 0x0 0x43a650 0x3a2d0 0x2d6d0 0x0
user32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxW 0x0 0x43a660 0x3a2e0 0x2d6e0 0x0
LoadStringW 0x0 0x43a668 0x3a2e8 0x2d6e8 0x0
GetSystemMetrics 0x0 0x43a670 0x3a2f0 0x2d6f0 0x0
CharUpperBuffW 0x0 0x43a678 0x3a2f8 0x2d6f8 0x0
CharUpperW 0x0 0x43a680 0x3a300 0x2d700 0x0
CharLowerBuffW 0x0 0x43a688 0x3a308 0x2d708 0x0
version.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VerQueryValueW 0x0 0x43a698 0x3a318 0x2d718 0x0
GetFileVersionInfoSizeW 0x0 0x43a6a0 0x3a320 0x2d720 0x0
GetFileVersionInfoW 0x0 0x43a6a8 0x3a328 0x2d728 0x0
kernel32.dll (32)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x43a6b8 0x3a338 0x2d738 0x0
WideCharToMultiByte 0x0 0x43a6c0 0x3a340 0x2d740 0x0
WaitForSingleObject 0x0 0x43a6c8 0x3a348 0x2d748 0x0
VirtualQuery 0x0 0x43a6d0 0x3a350 0x2d750 0x0
VerSetConditionMask 0x0 0x43a6d8 0x3a358 0x2d758 0x0
VerifyVersionInfoW 0x0 0x43a6e0 0x3a360 0x2d760 0x0
SetEvent 0x0 0x43a6e8 0x3a368 0x2d768 0x0
ResetEvent 0x0 0x43a6f0 0x3a370 0x2d770 0x0
OutputDebugStringW 0x0 0x43a6f8 0x3a378 0x2d778 0x0
LoadLibraryW 0x0 0x43a700 0x3a380 0x2d780 0x0
IsValidLocale 0x0 0x43a708 0x3a388 0x2d788 0x0
GetVersionExW 0x0 0x43a710 0x3a390 0x2d790 0x0
GetThreadLocale 0x0 0x43a718 0x3a398 0x2d798 0x0
GetStdHandle 0x0 0x43a720 0x3a3a0 0x2d7a0 0x0
GetProcAddress 0x0 0x43a728 0x3a3a8 0x2d7a8 0x0
GetModuleHandleW 0x0 0x43a730 0x3a3b0 0x2d7b0 0x0
GetModuleFileNameW 0x0 0x43a738 0x3a3b8 0x2d7b8 0x0
GetLocaleInfoW 0x0 0x43a740 0x3a3c0 0x2d7c0 0x0
GetLocalTime 0x0 0x43a748 0x3a3c8 0x2d7c8 0x0
GetLastError 0x0 0x43a750 0x3a3d0 0x2d7d0 0x0
GetFileAttributesW 0x0 0x43a758 0x3a3d8 0x2d7d8 0x0
GetDiskFreeSpaceW 0x0 0x43a760 0x3a3e0 0x2d7e0 0x0
GetCPInfo 0x0 0x43a768 0x3a3e8 0x2d7e8 0x0
FreeLibrary 0x0 0x43a770 0x3a3f0 0x2d7f0 0x0
FindFirstFileW 0x0 0x43a778 0x3a3f8 0x2d7f8 0x0
FindClose 0x0 0x43a780 0x3a400 0x2d800 0x0
EnumSystemLocalesW 0x0 0x43a788 0x3a408 0x2d808 0x0
EnumCalendarInfoW 0x0 0x43a790 0x3a410 0x2d810 0x0
CreateFileW 0x0 0x43a798 0x3a418 0x2d818 0x0
CreateEventW 0x0 0x43a7a0 0x3a420 0x2d820 0x0
CompareStringW 0x0 0x43a7a8 0x3a428 0x2d828 0x0
CloseHandle 0x0 0x43a7b0 0x3a430 0x2d830 0x0
netapi32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NetWkstaGetInfo 0x0 0x43a7c0 0x3a440 0x2d840 0x0
DIFxAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DriverPackageUninstallW 0x0 0x43a7d0 0x3a450 0x2d850 0x0
Exports (2)
»
Api name EAT Address Ordinal
__dbk_fcall_wrapper 0x10390 0x2
dbkFCallWrapperAddr 0x351e8 0x1
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\Program Files\Remote Utilities - Host\webmmux.dll Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 261.02 KB
MD5 026d12b240e081794c730c1ed24a6f33 Copy to Clipboard
SHA1 bb6c0544ecc2c8db68b23b8e4feab5b3261b4666 Copy to Clipboard
SHA256 d639adb51c6e3ee8c249d11eb8db606ba2aa37d4f12f80f2b9685d8f560984bf Copy to Clipboard
SSDeep 3072:BW218gr7s2yIHB0pTPdTX9zUbEbStE97zjAs1RtTcJTfIv0se7POWu/HgsGU1VTB:BWSfr7sXSmPDbKPJ6/AsNk+ZgAl Copy to Clipboard
ImpHash 25cf249fb1174de8ba915c4a2462f804 Copy to Clipboard
PE Information
»
Image Base 0x10000000
Entry Point 0x10016b9e
Size Of Code 0x2c000
Size Of Initialized Data 0x14e00
File Type dll
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2015-01-30 19:20:27+00:00
Version Information (8)
»
LegalCopyright Copyright (C) 2013
InternalName webmmux
FileVersion 1, 0, 4, 1
CompanyName Google
ProductName WebM Multiplexer Filter
ProductVersion 1, 0, 4, 1
FileDescription WebM Multiplexer Filter
OriginalFilename webmmux.dll
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x2bfbd 0x2c000 0x400 cnt_code, mem_execute, mem_read 6.64
.rdata 0x1002d000 0xcc76 0xce00 0x2c400 cnt_initialized_data, mem_read 4.64
.data 0x1003a000 0x4200 0x2200 0x39200 cnt_initialized_data, mem_read, mem_write 4.35
.rsrc 0x1003f000 0xcf8 0xe00 0x3b400 cnt_initialized_data, mem_read 3.6
.reloc 0x10040000 0x2f90 0x3000 0x3c200 cnt_initialized_data, mem_discardable, mem_read 6.61
Imports (5)
»
KERNEL32.dll (71)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateMutexW 0x0 0x1002d018 0x394c4 0x388c4 0xd1
GetLastError 0x0 0x1002d01c 0x394c8 0x388c8 0x250
GetModuleFileNameW 0x0 0x1002d020 0x394cc 0x388cc 0x263
CloseHandle 0x0 0x1002d024 0x394d0 0x388d0 0x7f
CreateEventW 0x0 0x1002d028 0x394d4 0x388d4 0xb6
ResetEvent 0x0 0x1002d02c 0x394d8 0x388d8 0x4a1
SetEvent 0x0 0x1002d030 0x394dc 0x388dc 0x4ef
ReleaseMutex 0x0 0x1002d034 0x394e0 0x388e0 0x48b
WideCharToMultiByte 0x0 0x1002d038 0x394e4 0x388e4 0x5cb
LocalFree 0x0 0x1002d03c 0x394e8 0x388e8 0x3b2
CreateFileW 0x0 0x1002d040 0x394ec 0x388ec 0xc2
SetStdHandle 0x0 0x1002d044 0x394f0 0x388f0 0x520
GetStringTypeW 0x0 0x1002d048 0x394f4 0x388f4 0x2c5
SetFilePointerEx 0x0 0x1002d04c 0x394f8 0x388f8 0x4fc
EnumSystemLocalesW 0x0 0x1002d050 0x394fc 0x388fc 0x147
GetUserDefaultLCID 0x0 0x1002d054 0x39500 0x38900 0x2fc
IsValidLocale 0x0 0x1002d058 0x39504 0x38904 0x374
GetLocaleInfoW 0x0 0x1002d05c 0x39508 0x38908 0x254
LCMapStringW 0x0 0x1002d060 0x3950c 0x3890c 0x396
HeapReAlloc 0x0 0x1002d064 0x39510 0x38910 0x336
GetConsoleMode 0x0 0x1002d068 0x39514 0x38914 0x1ee
GetConsoleCP 0x0 0x1002d06c 0x39518 0x38918 0x1dc
GetStdHandle 0x0 0x1002d070 0x3951c 0x3891c 0x2c0
GetFileType 0x0 0x1002d074 0x39520 0x38920 0x23e
GetModuleHandleExW 0x0 0x1002d078 0x39524 0x38924 0x266
WriteConsoleW 0x0 0x1002d07c 0x39528 0x38928 0x5de
EncodePointer 0x0 0x1002d080 0x3952c 0x3892c 0x121
DecodePointer 0x0 0x1002d084 0x39530 0x38930 0xfe
HeapFree 0x0 0x1002d088 0x39534 0x38934 0x333
GetSystemTimeAsFileTime 0x0 0x1002d08c 0x39538 0x38938 0x2d6
HeapAlloc 0x0 0x1002d090 0x3953c 0x3893c 0x32f
GetCommandLineA 0x0 0x1002d094 0x39540 0x38940 0x1c8
GetCurrentThreadId 0x0 0x1002d098 0x39544 0x38944 0x20e
IsDebuggerPresent 0x0 0x1002d09c 0x39548 0x38948 0x367
IsProcessorFeaturePresent 0x0 0x1002d0a0 0x3954c 0x3894c 0x36d
ExitProcess 0x0 0x1002d0a4 0x39550 0x38950 0x151
GetProcAddress 0x0 0x1002d0a8 0x39554 0x38954 0x29d
MultiByteToWideChar 0x0 0x1002d0ac 0x39558 0x38958 0x3d1
EnterCriticalSection 0x0 0x1002d0b0 0x3955c 0x3895c 0x125
LeaveCriticalSection 0x0 0x1002d0b4 0x39560 0x38960 0x3a2
OutputDebugStringW 0x0 0x1002d0b8 0x39564 0x38964 0x3fa
LoadLibraryExW 0x0 0x1002d0bc 0x39568 0x38968 0x3a7
WriteFile 0x0 0x1002d0c0 0x3956c 0x3896c 0x5df
HeapSize 0x0 0x1002d0c4 0x39570 0x38970 0x338
RaiseException 0x0 0x1002d0c8 0x39574 0x38974 0x43f
GetProcessHeap 0x0 0x1002d0cc 0x39578 0x38978 0x2a2
SetLastError 0x0 0x1002d0d0 0x3957c 0x3897c 0x50a
RtlUnwind 0x0 0x1002d0d4 0x39580 0x38980 0x4ac
DeleteCriticalSection 0x0 0x1002d0d8 0x39584 0x38984 0x105
GetStartupInfoW 0x0 0x1002d0dc 0x39588 0x38988 0x2be
GetModuleFileNameA 0x0 0x1002d0e0 0x3958c 0x3898c 0x262
QueryPerformanceCounter 0x0 0x1002d0e4 0x39590 0x38990 0x42d
GetCurrentProcessId 0x0 0x1002d0e8 0x39594 0x38994 0x20a
GetEnvironmentStringsW 0x0 0x1002d0ec 0x39598 0x38998 0x227
FreeEnvironmentStringsW 0x0 0x1002d0f0 0x3959c 0x3899c 0x19d
UnhandledExceptionFilter 0x0 0x1002d0f4 0x395a0 0x389a0 0x580
SetUnhandledExceptionFilter 0x0 0x1002d0f8 0x395a4 0x389a4 0x541
InitializeCriticalSectionAndSpinCount 0x0 0x1002d0fc 0x395a8 0x389a8 0x348
Sleep 0x0 0x1002d100 0x395ac 0x389ac 0x550
GetCurrentProcess 0x0 0x1002d104 0x395b0 0x389b0 0x209
TerminateProcess 0x0 0x1002d108 0x395b4 0x389b4 0x55f
TlsAlloc 0x0 0x1002d10c 0x395b8 0x389b8 0x571
TlsGetValue 0x0 0x1002d110 0x395bc 0x389bc 0x573
TlsSetValue 0x0 0x1002d114 0x395c0 0x389c0 0x574
TlsFree 0x0 0x1002d118 0x395c4 0x389c4 0x572
GetModuleHandleW 0x0 0x1002d11c 0x395c8 0x389c8 0x267
IsValidCodePage 0x0 0x1002d120 0x395cc 0x389cc 0x372
GetACP 0x0 0x1002d124 0x395d0 0x389d0 0x1a4
GetOEMCP 0x0 0x1002d128 0x395d4 0x389d4 0x286
GetCPInfo 0x0 0x1002d12c 0x395d8 0x389d8 0x1b3
FlushFileBuffers 0x0 0x1002d130 0x395dc 0x389dc 0x192
ADVAPI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey 0x0 0x1002d000 0x394ac 0x388ac 0x254
RegOpenKeyExW 0x0 0x1002d004 0x394b0 0x388b0 0x285
RegQueryValueExW 0x0 0x1002d008 0x394b4 0x388b4 0x292
RegCreateKeyExW 0x0 0x1002d00c 0x394b8 0x388b8 0x25d
RegSetValueExW 0x0 0x1002d010 0x394bc 0x388bc 0x2a2
ole32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoTaskMemAlloc 0x0 0x1002d150 0x395fc 0x389fc 0x7a
CoWaitForMultipleHandles 0x0 0x1002d154 0x39600 0x38a00 0x86
StringFromGUID2 0x0 0x1002d158 0x39604 0x38a04 0x1ba
CoTaskMemFree 0x0 0x1002d15c 0x39608 0x38a08 0x7b
CoCreateInstance 0x0 0x1002d160 0x3960c 0x38a0c 0x1a
OleRun 0x0 0x1002d164 0x39610 0x38a10 0x174
SHLWAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHDeleteKeyW 0x0 0x1002d138 0x395e4 0x389e4 0xb8
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VerQueryValueW 0x0 0x1002d140 0x395ec 0x389ec 0x10
GetFileVersionInfoSizeW 0x0 0x1002d144 0x395f0 0x389f0 0x7
GetFileVersionInfoW 0x0 0x1002d148 0x395f4 0x389f4 0x8
Exports (4)
»
Api name EAT Address Ordinal
DllCanUnloadNow 0x1380 0x1
DllGetClassObject 0x1390 0x2
DllRegisterServer 0x1460 0x3
DllUnregisterServer 0x13d0 0x4
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\inst_fold\waitbefore.bat Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 0.34 KB
MD5 4cbe466d2b15ee4997fe7fbd23948f9f Copy to Clipboard
SHA1 d15991cff4dbe40619fc67f9aee107753baa394a Copy to Clipboard
SHA256 f7f833279725977cfcfe274688352ea1f7c8b118bc6d9c30fa22624bfcb1c525 Copy to Clipboard
SSDeep 6:WAFDMP1t0wL0xaXpjuFDMP1zc0wL0xaXpjuFDMP13WN60wL0xaXpEFKwl/n:Wgo0y0xOpu50y0xOpujY0y0xOpEFJ Copy to Clipboard
C:\Program Files\Remote Utilities - Host\EULA.rtf Created File Text
Not Queried
...
»
Mime Type text/rtf
File Size 49.55 KB
MD5 722fe688f60b4649265f5177a8c0c0ca Copy to Clipboard
SHA1 9532e0de2b2d1eeacc19f15602904ae14231df6b Copy to Clipboard
SHA256 2e551329bf8cb93e665c17bac916776d75091ff190b7ccff8a48fb0de0d582b5 Copy to Clipboard
SSDeep 384:p7hqMNkNVhaaU1/6tMIENPtQXj9/RXGMQchPmP9tjkJ7Olh2uk4wYi6rGs85sxX5:p7qZMIENPkjdR2MQchuP7jkJN/dsxyu Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Chinese Traditional.lg Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 37.35 KB
MD5 420f3450e1dbf4ecbe48125bef79155e Copy to Clipboard
SHA1 eedd628146fe8722aa8f5a9cc9a84ff86bc403ee Copy to Clipboard
SHA256 ac397a585dd2e48f8ee01d2e50d4d87e138d24d6f6f7c442507feab796c3a9ed Copy to Clipboard
SSDeep 768:YP1tFWwXC1a0ogJWbXcTRB4N24nXX3G6FnVxCn3be+4:Y9t/C1atb1XHG6qU Copy to Clipboard
C:\Program Files\Remote Utilities - Host\vp8decoder.dll Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 381.02 KB
MD5 381f1b7d8f7da904827980dae02f77a9 Copy to Clipboard
SHA1 81d4d5724533b26391301be2b462f580395d5485 Copy to Clipboard
SHA256 f14dab0b9f18aced330729b4a772e6b139817be01783b97b92e9af5fc26615d2 Copy to Clipboard
SSDeep 6144:JIIDyjBnydesbWoiwS7dVIclCzoqHO/gCaEkkH8TuX6RTrWD4siZMZ+LG4IPWwcW:JI8tiDOzyH9H8Tu6h04fZMZoMPuvf8r Copy to Clipboard
ImpHash 6f14b827deae9e0147bf923b128ca001 Copy to Clipboard
PE Information
»
Image Base 0x10000000
Entry Point 0x1003320c
Size Of Code 0x42000
Size Of Initialized Data 0x1d200
File Type dll
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2015-01-30 19:20:22+00:00
Version Information (8)
»
LegalCopyright Copyright (C) 2013
InternalName vp8decoder
FileVersion 1, 0, 4, 1
CompanyName Google
ProductName WebM VP8 Decoder Filter
ProductVersion 1, 0, 4, 1
FileDescription WebM VP8 Decoder Filter
OriginalFilename vp8decoder.dll
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x41f8d 0x42000 0x400 cnt_code, mem_execute, mem_read 6.69
.rdata 0x10043000 0x14a8a 0x14c00 0x42400 cnt_initialized_data, mem_read 5.41
.data 0x10058000 0x3e48 0x1c00 0x57000 cnt_initialized_data, mem_read, mem_write 4.0
.rodata 0x1005c000 0xb80 0xc00 0x58c00 cnt_initialized_data, mem_read 4.06
.rsrc 0x1005d000 0xe90 0x1000 0x59800 cnt_initialized_data, mem_read 3.72
.reloc 0x1005e000 0x28e4 0x2a00 0x5a800 cnt_initialized_data, mem_discardable, mem_read 6.59
Imports (6)
»
KERNEL32.dll (75)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Sleep 0x0 0x10043018 0x5728c 0x5668c 0x550
ReleaseSemaphore 0x0 0x1004301c 0x57290 0x56690 0x48f
CreateSemaphoreW 0x0 0x10043020 0x57294 0x56694 0xe1
InitializeCriticalSection 0x0 0x10043024 0x57298 0x56698 0x347
LeaveCriticalSection 0x0 0x10043028 0x5729c 0x5669c 0x3a2
EnterCriticalSection 0x0 0x1004302c 0x572a0 0x566a0 0x125
DeleteCriticalSection 0x0 0x10043030 0x572a4 0x566a4 0x105
WaitForSingleObject 0x0 0x10043034 0x572a8 0x566a8 0x5a9
GetProcAddress 0x0 0x10043038 0x572ac 0x566ac 0x29d
GetSystemInfo 0x0 0x1004303c 0x572b0 0x566b0 0x2d0
QueryPerformanceCounter 0x0 0x10043040 0x572b4 0x566b4 0x42d
LocalFree 0x0 0x10043044 0x572b8 0x566b8 0x3b2
CreateEventW 0x0 0x10043048 0x572bc 0x566bc 0xb6
SetEvent 0x0 0x1004304c 0x572c0 0x566c0 0x4ef
CloseHandle 0x0 0x10043050 0x572c4 0x566c4 0x7f
ReleaseMutex 0x0 0x10043054 0x572c8 0x566c8 0x48b
CreateMutexW 0x0 0x10043058 0x572cc 0x566cc 0xd1
GetLastError 0x0 0x1004305c 0x572d0 0x566d0 0x250
GetModuleHandleW 0x0 0x10043060 0x572d4 0x566d4 0x267
GetModuleFileNameW 0x0 0x10043064 0x572d8 0x566d8 0x263
CreateFileW 0x0 0x10043068 0x572dc 0x566dc 0xc2
WriteConsoleW 0x0 0x1004306c 0x572e0 0x566e0 0x5de
FlushFileBuffers 0x0 0x10043070 0x572e4 0x566e4 0x192
SetStdHandle 0x0 0x10043074 0x572e8 0x566e8 0x520
SetEnvironmentVariableA 0x0 0x10043078 0x572ec 0x566ec 0x4ec
GetStringTypeW 0x0 0x1004307c 0x572f0 0x566f0 0x2c5
OutputDebugStringW 0x0 0x10043080 0x572f4 0x566f4 0x3fa
SetFilePointerEx 0x0 0x10043084 0x572f8 0x566f8 0x4fc
EncodePointer 0x0 0x10043088 0x572fc 0x566fc 0x121
DecodePointer 0x0 0x1004308c 0x57300 0x56700 0xfe
GetCommandLineA 0x0 0x10043090 0x57304 0x56704 0x1c8
GetCurrentThreadId 0x0 0x10043094 0x57308 0x56708 0x20e
HeapFree 0x0 0x10043098 0x5730c 0x5670c 0x333
RtlUnwind 0x0 0x1004309c 0x57310 0x56710 0x4ac
CreateThread 0x0 0x100430a0 0x57314 0x56714 0xe8
ExitThread 0x0 0x100430a4 0x57318 0x56718 0x152
LoadLibraryExW 0x0 0x100430a8 0x5731c 0x5671c 0x3a7
HeapAlloc 0x0 0x100430ac 0x57320 0x56720 0x32f
HeapReAlloc 0x0 0x100430b0 0x57324 0x56724 0x336
IsDebuggerPresent 0x0 0x100430b4 0x57328 0x56728 0x367
IsProcessorFeaturePresent 0x0 0x100430b8 0x5732c 0x5672c 0x36d
ExitProcess 0x0 0x100430bc 0x57330 0x56730 0x151
GetModuleHandleExW 0x0 0x100430c0 0x57334 0x56734 0x266
MultiByteToWideChar 0x0 0x100430c4 0x57338 0x56738 0x3d1
WideCharToMultiByte 0x0 0x100430c8 0x5733c 0x5673c 0x5cb
HeapSize 0x0 0x100430cc 0x57340 0x56740 0x338
RaiseException 0x0 0x100430d0 0x57344 0x56744 0x43f
SetLastError 0x0 0x100430d4 0x57348 0x56748 0x50a
GetProcessHeap 0x0 0x100430d8 0x5734c 0x5674c 0x2a2
GetStdHandle 0x0 0x100430dc 0x57350 0x56750 0x2c0
GetFileType 0x0 0x100430e0 0x57354 0x56754 0x23e
GetStartupInfoW 0x0 0x100430e4 0x57358 0x56758 0x2be
GetModuleFileNameA 0x0 0x100430e8 0x5735c 0x5675c 0x262
GetCurrentProcessId 0x0 0x100430ec 0x57360 0x56760 0x20a
GetSystemTimeAsFileTime 0x0 0x100430f0 0x57364 0x56764 0x2d6
GetEnvironmentStringsW 0x0 0x100430f4 0x57368 0x56768 0x227
FreeEnvironmentStringsW 0x0 0x100430f8 0x5736c 0x5676c 0x19d
UnhandledExceptionFilter 0x0 0x100430fc 0x57370 0x56770 0x580
SetUnhandledExceptionFilter 0x0 0x10043100 0x57374 0x56774 0x541
InitializeCriticalSectionAndSpinCount 0x0 0x10043104 0x57378 0x56778 0x348
GetCurrentProcess 0x0 0x10043108 0x5737c 0x5677c 0x209
TerminateProcess 0x0 0x1004310c 0x57380 0x56780 0x55f
TlsAlloc 0x0 0x10043110 0x57384 0x56784 0x571
TlsGetValue 0x0 0x10043114 0x57388 0x56788 0x573
TlsSetValue 0x0 0x10043118 0x5738c 0x5678c 0x574
TlsFree 0x0 0x1004311c 0x57390 0x56790 0x572
WriteFile 0x0 0x10043120 0x57394 0x56794 0x5df
IsValidCodePage 0x0 0x10043124 0x57398 0x56798 0x372
GetACP 0x0 0x10043128 0x5739c 0x5679c 0x1a4
GetOEMCP 0x0 0x1004312c 0x573a0 0x567a0 0x286
GetCPInfo 0x0 0x10043130 0x573a4 0x567a4 0x1b3
GetConsoleCP 0x0 0x10043134 0x573a8 0x567a8 0x1dc
GetConsoleMode 0x0 0x10043138 0x573ac 0x567ac 0x1ee
CompareStringW 0x0 0x1004313c 0x573b0 0x567b0 0x93
LCMapStringW 0x0 0x10043140 0x573b4 0x567b4 0x396
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetRectEmpty 0x0 0x10043160 0x573d4 0x567d4 0x2f4
ADVAPI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey 0x0 0x10043000 0x57274 0x56674 0x254
RegOpenKeyExW 0x0 0x10043004 0x57278 0x56678 0x285
RegQueryValueExW 0x0 0x10043008 0x5727c 0x5667c 0x292
RegCreateKeyExW 0x0 0x1004300c 0x57280 0x56680 0x25d
RegSetValueExW 0x0 0x10043010 0x57284 0x56684 0x2a2
ole32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoCreateInstance 0x0 0x10043168 0x573dc 0x567dc 0x1a
CoTaskMemAlloc 0x0 0x1004316c 0x573e0 0x567e0 0x7a
StringFromGUID2 0x0 0x10043170 0x573e4 0x567e4 0x1ba
CoWaitForMultipleHandles 0x0 0x10043174 0x573e8 0x567e8 0x86
CoTaskMemFree 0x0 0x10043178 0x573ec 0x567ec 0x7b
OleRun 0x0 0x1004317c 0x573f0 0x567f0 0x174
OLEAUT32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegisterTypeLib 0xa3 0x10043148 0x573bc 0x567bc -
UnRegisterTypeLib 0xba 0x1004314c 0x573c0 0x567c0 -
LoadTypeLib 0xa1 0x10043150 0x573c4 0x567c4 -
SHLWAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHDeleteKeyW 0x0 0x10043158 0x573cc 0x567cc 0xb8
Exports (4)
»
Api name EAT Address Ordinal
DllCanUnloadNow 0x13210 0x1
DllGetClassObject 0x13220 0x2
DllRegisterServer 0x13350 0x3
DllUnregisterServer 0x13260 0x4
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\Program Files\Remote Utilities - Host\Printer\x86\ruppm.dll Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 56.02 KB
MD5 fcb5be7562659b998cdd84a1eecc1532 Copy to Clipboard
SHA1 519cfebeb99981f8a58ae44ea47a361fd1fcd4f1 Copy to Clipboard
SHA256 524209869f6428f5c2da7f8a3c18fdb4f028a553f9ef2f09cbc4ab7743b31c5b Copy to Clipboard
SSDeep 768:639rZiJf4Fqj9IarpbsMUxbkTKkl+CvtZLkVSXUopD2PGos3+U/g2PKgDvWr:Hj9IarpbsMUxbWKGztZoVSND0z2ZgYpg Copy to Clipboard
ImpHash c5ca745c42f3ee330e9cb6af79e7b9b2 Copy to Clipboard
PE Information
»
Image Base 0x10000000
Entry Point 0x10008ad6
Size Of Code 0xa000
Size Of Initialized Data 0x1e00
File Type dll
Subsystem windows_cui
Machine Type i386
Compile Timestamp 2012-08-31 14:26:05+00:00
Version Information (7)
»
LegalCopyright -
InternalName -
FileVersion 1.0
ProductName Remote Utilities Printer
ProductVersion 1.0
FileDescription Port Monitor DLL
OriginalFilename -
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x9fa7 0xa000 0x400 cnt_code, mem_execute, mem_read 6.34
.data 0x1000b000 0x95c 0x600 0xa400 cnt_initialized_data, mem_read, mem_write 5.81
.rsrc 0x1000c000 0x3d0 0x400 0xaa00 cnt_initialized_data, mem_read 2.92
.reloc 0x1000d000 0xecc 0x1000 0xae00 cnt_initialized_data, mem_discardable, mem_read 5.74
Imports (8)
»
msvcrt.dll (34)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__mb_cur_max 0x0 0x10001198 0xa690 0x9a90 0xb0
mbtowc 0x0 0x1000119c 0xa694 0x9a94 0x4e7
_amsg_exit 0x0 0x100011a0 0xa698 0x9a98 0x101
_initterm 0x0 0x100011a4 0xa69c 0x9a9c 0x1d5
_XcptFilter 0x0 0x100011a8 0xa6a0 0x9aa0 0x6a
isleadbyte 0x0 0x100011ac 0xa6a4 0x9aa4 0x4c2
_isatty 0x0 0x100011b0 0xa6a8 0x9aa8 0x1de
_errno 0x0 0x100011b4 0xa6ac 0x9aac 0x156
wcstok 0x0 0x100011b8 0xa6b0 0x9ab0 0x566
_wtol 0x0 0x100011bc 0xa6b4 0x9ab4 0x46d
fwprintf 0x0 0x100011c0 0xa6b8 0x9ab8 0x4af
malloc 0x0 0x100011c4 0xa6bc 0x9abc 0x4de
free 0x0 0x100011c8 0xa6c0 0x9ac0 0x4a6
swprintf 0x0 0x100011cc 0xa6c4 0x9ac4 0x52d
wcsncpy 0x0 0x100011d0 0xa6c8 0x9ac8 0x55c
_iob 0x0 0x100011d4 0xa6cc 0x9acc 0x1db
_snprintf 0x0 0x100011d8 0xa6d0 0x9ad0 0x32f
_itoa 0x0 0x100011dc 0xa6d4 0x9ad4 0x231
ferror 0x0 0x100011e0 0xa6d8 0x9ad8 0x494
__badioinfo 0x0 0x100011e4 0xa6dc 0x9adc 0x85
__pioinfo 0x0 0x100011e8 0xa6e0 0x9ae0 0xcf
_fileno 0x0 0x100011ec 0xa6e4 0x9ae4 0x16f
_lseeki64 0x0 0x100011f0 0xa6e8 0x9ae8 0x24b
_write 0x0 0x100011f4 0xa6ec 0x9aec 0x448
wcsncmp 0x0 0x100011f8 0xa6f0 0x9af0 0x55b
memcpy 0x0 0x100011fc 0xa6f4 0x9af4 0x4ea
swscanf 0x0 0x10001200 0xa6f8 0x9af8 0x52f
_wcsnicmp 0x0 0x10001204 0xa6fc 0x9afc 0x3f9
iswctype 0x0 0x10001208 0xa700 0x9b00 0x4cc
memset 0x0 0x1000120c 0xa704 0x9b04 0x4ee
fopen 0x0 0x10001210 0xa708 0x9b08 0x49d
fprintf 0x0 0x10001214 0xa70c 0x9b0c 0x49f
fclose 0x0 0x10001218 0xa710 0x9b10 0x492
_wcsicmp 0x0 0x1000121c 0xa714 0x9b14 0x3ef
KERNEL32.dll (64)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReadFile 0x0 0x1000101c 0xa514 0x9914 0x2a6
WriteFile 0x0 0x10001020 0xa518 0x9918 0x38f
FlushFileBuffers 0x0 0x10001024 0xa51c 0x991c 0xe6
GetLocalTime 0x0 0x10001028 0xa520 0x9920 0x16a
CreateFileW 0x0 0x1000102c 0xa524 0x9924 0x52
DeviceIoControl 0x0 0x10001030 0xa528 0x9928 0x88
DisableThreadLibraryCalls 0x0 0x10001034 0xa52c 0x992c 0x89
DefineDosDeviceW 0x0 0x10001038 0xa530 0x9930 0x7c
SetCommState 0x0 0x1000103c 0xa534 0x9934 0x2d5
GetCommState 0x0 0x10001040 0xa538 0x9938 0x107
lstrcmpW 0x0 0x10001044 0xa53c 0x993c 0x3ac
lstrcmpiW 0x0 0x10001048 0xa540 0x9940 0x3af
SetUnhandledExceptionFilter 0x0 0x1000104c 0xa544 0x9944 0x336
UnhandledExceptionFilter 0x0 0x10001050 0xa548 0x9948 0x35b
GetCurrentProcess 0x0 0x10001054 0xa54c 0x994c 0x13b
TerminateProcess 0x0 0x10001058 0xa550 0x9950 0x34a
GetSystemTimeAsFileTime 0x0 0x1000105c 0xa554 0x9954 0x1c0
GetCurrentProcessId 0x0 0x10001060 0xa558 0x9958 0x13c
QueryPerformanceCounter 0x0 0x10001064 0xa55c 0x995c 0x294
RtlUnwind 0x0 0x10001068 0xa560 0x9960 0x2c7
OutputDebugStringA 0x0 0x1000106c 0xa564 0x9964 0x27e
InterlockedCompareExchange 0x0 0x10001070 0xa568 0x9968 0x21b
Sleep 0x0 0x10001074 0xa56c 0x996c 0x342
InterlockedExchange 0x0 0x10001078 0xa570 0x9970 0x21d
GetComputerNameW 0x0 0x1000107c 0xa574 0x9974 0x110
DeleteFileW 0x0 0x10001080 0xa578 0x9978 0x82
GetFileSize 0x0 0x10001084 0xa57c 0x997c 0x15b
GetSystemInfo 0x0 0x10001088 0xa580 0x9980 0x1bb
CreateFileMappingW 0x0 0x1000108c 0xa584 0x9984 0x51
UnmapViewOfFile 0x0 0x10001090 0xa588 0x9988 0x35e
CopyFileW 0x0 0x10001094 0xa58c 0x998c 0x42
FindNextFileW 0x0 0x10001098 0xa590 0x9990 0xda
WritePrivateProfileStringW 0x0 0x1000109c 0xa594 0x9994 0x395
MapViewOfFile 0x0 0x100010a0 0xa598 0x9998 0x25a
WaitNamedPipeW 0x0 0x100010a4 0xa59c 0x999c 0x381
SetNamedPipeHandleState 0x0 0x100010a8 0xa5a0 0x99a0 0x31e
FindFirstFileW 0x0 0x100010ac 0xa5a4 0x99a4 0xd3
FindClose 0x0 0x100010b0 0xa5a8 0x99a8 0xcc
GetCurrentThread 0x0 0x100010b4 0xa5ac 0x99ac 0x13d
GetTempPathW 0x0 0x100010b8 0xa5b0 0x99b0 0x1cc
GlobalFree 0x0 0x100010bc 0xa5b4 0x99b4 0x1f4
GlobalAlloc 0x0 0x100010c0 0xa5b8 0x99b8 0x1ed
GetTickCount 0x0 0x100010c4 0xa5bc 0x99bc 0x1d4
WaitForSingleObject 0x0 0x100010c8 0xa5c0 0x99c0 0x37e
GetDefaultCommConfigW 0x0 0x100010cc 0xa5c4 0x99c4 0x142
SetDefaultCommConfigW 0x0 0x100010d0 0xa5c8 0x99c8 0x2fd
GetProcAddress 0x0 0x100010d4 0xa5cc 0x99cc 0x198
FreeLibrary 0x0 0x100010d8 0xa5d0 0x99d0 0xf0
GetSystemDirectoryW 0x0 0x100010dc 0xa5d4 0x99d4 0x1ba
LoadLibraryW 0x0 0x100010e0 0xa5d8 0x99d8 0x247
BuildCommDCBW 0x0 0x100010e4 0xa5dc 0x99dc 0x23
LeaveCriticalSection 0x0 0x100010e8 0xa5e0 0x99e0 0x243
EnterCriticalSection 0x0 0x100010ec 0xa5e4 0x99e4 0x96
GetCurrentThreadId 0x0 0x100010f0 0xa5e8 0x99e8 0x13e
InitializeCriticalSectionAndSpinCount 0x0 0x100010f4 0xa5ec 0x99ec 0x219
DeleteCriticalSection 0x0 0x100010f8 0xa5f0 0x99f0 0x7f
SetLastError 0x0 0x100010fc 0xa5f4 0x99f4 0x316
GetLastError 0x0 0x10001100 0xa5f8 0x99f8 0x168
CloseHandle 0x0 0x10001104 0xa5fc 0x99fc 0x31
SetCommTimeouts 0x0 0x10001108 0xa600 0x9a00 0x2d6
GetProfileIntW 0x0 0x1000110c 0xa604 0x9a04 0x1a6
GetCommTimeouts 0x0 0x10001110 0xa608 0x9a08 0x108
SetEndOfFile 0x0 0x10001114 0xa60c 0x9a0c 0x300
QueryDosDeviceW 0x0 0x10001118 0xa610 0x9a10 0x291
ADVAPI32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey 0x0 0x10001000 0xa4f8 0x98f8 0x1ca
RegOpenKeyExW 0x0 0x10001004 0xa4fc 0x98fc 0x1e5
RegSetValueExW 0x0 0x10001008 0xa500 0x9900 0x1fc
OpenThreadToken 0x0 0x1000100c 0xa504 0x9904 0x1af
GetTokenInformation 0x0 0x10001010 0xa508 0x9908 0x119
RegQueryValueExW 0x0 0x10001014 0xa50c 0x990c 0x1ef
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadStringW 0x0 0x1000113c 0xa634 0x9a34 0x1c9
WS2_32.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WSAResetEvent 0x0 0x10001158 0xa650 0x9a50 0x38
WSACreateEvent 0x0 0x1000115c 0xa654 0x9a54 0x14
WSASend 0x0 0x10001160 0xa658 0x9a58 0x39
shutdown 0x16 0x10001164 0xa65c 0x9a5c -
WSASocketW 0x0 0x10001168 0xa660 0x9a60 0x42
getsockopt 0x7 0x1000116c 0xa664 0x9a64 -
setsockopt 0x15 0x10001170 0xa668 0x9a68 -
connect 0x4 0x10001174 0xa66c 0x9a6c -
WSAGetLastError 0x6f 0x10001178 0xa670 0x9a70 -
WSACloseEvent 0x0 0x1000117c 0xa674 0x9a74 0x12
WSAStartup 0x73 0x10001180 0xa678 0x9a78 -
socket 0x17 0x10001184 0xa67c 0x9a7c -
closesocket 0x3 0x10001188 0xa680 0x9a80 -
WSACleanup 0x74 0x1000118c 0xa684 0x9a84 -
WSAGetOverlappedResult 0x0 0x10001190 0xa688 0x9a88 0x1e
SPOOLSS.DLL (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ClosePrinter 0x0 0x10001120 0xa618 0x9a18 0x18
ImpersonatePrinterClient 0x0 0x10001124 0xa61c 0x9a1c 0x50
RevertToPrinterSelf 0x0 0x10001128 0xa620 0x9a20 0x71
OpenPrinterW 0x0 0x1000112c 0xa624 0x9a24 0x61
SetJobW 0x0 0x10001130 0xa628 0x9a28 0x80
GetJobW 0x0 0x10001134 0xa62c 0x9a2c 0x46
WINSPOOL.DRV (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeviceCapabilitiesW 0x0 0x10001150 0xa648 0x9a48 0x42
USERENV.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateEnvironmentBlock 0x0 0x10001144 0xa63c 0x9a3c 0x1
DestroyEnvironmentBlock 0x0 0x10001148 0xa640 0x9a40 0x4
Exports (1)
»
Api name EAT Address Ordinal
InitializePrintMonitor2 0x3044 0x1
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\completeex.ico Created File Image
Not Queried
...
»
Mime Type image/x-icon
File Size 14.73 KB
MD5 3eafe3ae99bf33e9f59d970f21ebef39 Copy to Clipboard
SHA1 e9895cb920fdeb8907ce37d9666d4999a1de5d2f Copy to Clipboard
SHA256 5f6c78970ee7e3d668eb8a4acb5d251c76599424a0b0372e7665527516d4c312 Copy to Clipboard
SSDeep 192:lN3tnZnyRZF64hc28fwy+aXE25b6K0FHQHVd42oJ2zwZlaw484:lN37Yai8IaD5T0FHQHg29wZla04 Copy to Clipboard
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\finalizing.jpg Created File Image
Not Queried
...
»
Mime Type image/jpeg
File Size 1.66 KB
MD5 02f6bbe060f32e49e3caf2de8e60ec7f Copy to Clipboard
SHA1 4674875a4f264a947da6bf6f626b9bd50325d034 Copy to Clipboard
SHA256 20072ae2e122a6407dac4771544158d7bcecebf98404c22001b0e69f79c8580d Copy to Clipboard
SSDeep 48:HJnkSA0qNcJaaNITrMsqptTT79UMRrgJf8:HJnLVJaaGP5gtTVRgV8 Copy to Clipboard
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\cmdlinkarrow Created File Image
Not Queried
...
»
Mime Type image/x-icon
File Size 2.79 KB
MD5 983358ce03817f1ca404befbe1e4d96a Copy to Clipboard
SHA1 75ce6ce80606bbb052dd35351ed95435892baf8d Copy to Clipboard
SHA256 7f0121322785c107bfdfe343e49f06c604c719baff849d07b6e099675d173961 Copy to Clipboard
SSDeep 48:QFFZ+f+zd+kHeNTM9/+Xz++++++++YWWS0i6I:QFFEw4Xc+D++++++++ypi9 Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Printer\x86\unidrvui_rup.dll Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 738.52 KB
MD5 5068f38eb382ad52f03a77b3848fa3ed Copy to Clipboard
SHA1 3b8dedceeb87b9a8b577767a581e0101efaff067 Copy to Clipboard
SHA256 5d8b6fb32894d41d2fda5a22c755bdea5864eb7078cec0943da474a8f24e2c04 Copy to Clipboard
SSDeep 12288:PlIoM3g2e9Bg7Lg3yfKDPc97QpAxuKdwSGnZGxKW:PvM36KkyCLW7QCwSGoKW Copy to Clipboard
ImpHash 532de90578d99e25b70c809372f4b28d Copy to Clipboard
PE Information
»
Image Base 0x70280000
Entry Point 0x70281565
Size Of Code 0x73200
Size Of Initialized Data 0x43200
File Type dll
Subsystem windows_cui
Machine Type i386
Compile Timestamp 2010-11-20 12:03:03+00:00
Version Information (8)
»
LegalCopyright © Microsoft Corporation. All rights reserved.
InternalName UNIDRVUI.DLL
FileVersion 6.1.7601.17514 (win7sp1_rtm.101119-1850)
CompanyName Microsoft Corporation
ProductName Microsoft® Windows® Operating System
ProductVersion 6.1.7601.17514
FileDescription واجهة مستخدم UniDriver
OriginalFilename UNIDRVUI.DLL
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x70281000 0x73145 0x73200 0x400 cnt_code, mem_execute, mem_read 6.64
.data 0x702f5000 0x1ff8 0x1e00 0x73600 cnt_initialized_data, mem_read, mem_write 4.91
.rsrc 0x702f7000 0x3f000 0x3e200 0x75400 cnt_initialized_data, mem_read 4.48
.reloc 0x70336000 0x30ec 0x3200 0xb3600 cnt_initialized_data, mem_discardable, mem_read 6.62
Imports (9)
»
msvcrt.dll (33)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
iswctype 0x0 0x70281000 0x734c0 0x728c0 0x4cc
isspace 0x0 0x70281004 0x734c4 0x728c4 0x4c6
_amsg_exit 0x0 0x70281008 0x734c8 0x728c8 0x101
_initterm 0x0 0x7028100c 0x734cc 0x728cc 0x1d5
free 0x0 0x70281010 0x734d0 0x728d0 0x4a6
malloc 0x0 0x70281014 0x734d4 0x728d4 0x4de
_wcsicmp 0x0 0x70281018 0x734d8 0x728d8 0x3ef
_wtol 0x0 0x7028101c 0x734dc 0x728dc 0x46d
wcschr 0x0 0x70281020 0x734e0 0x728e0 0x551
_errno 0x0 0x70281024 0x734e4 0x728e4 0x156
_vsnprintf 0x0 0x70281028 0x734e8 0x728e8 0x3c8
wcsncmp 0x0 0x7028102c 0x734ec 0x728ec 0x55b
strncmp 0x0 0x70281030 0x734f0 0x728f0 0x51f
??3@YAXPAX@Z 0x0 0x70281034 0x734f4 0x728f4 0x14
??2@YAPAXI@Z 0x0 0x70281038 0x734f8 0x728f8 0x12
_wtoi 0x0 0x7028103c 0x734fc 0x728fc 0x469
_stricmp 0x0 0x70281040 0x73500 0x72900 0x35e
_wcsnicmp 0x0 0x70281044 0x73504 0x72904 0x3f9
wcsrchr 0x0 0x70281048 0x73508 0x72908 0x560
_itow 0x0 0x7028104c 0x7350c 0x7290c 0x233
atoi 0x0 0x70281050 0x73510 0x72910 0x480
memmove 0x0 0x70281054 0x73514 0x72914 0x4ec
_vsnwprintf 0x0 0x70281058 0x73518 0x72918 0x3ce
memcpy 0x0 0x7028105c 0x7351c 0x7291c 0x4ea
memset 0x0 0x70281060 0x73520 0x72920 0x4ee
qsort 0x0 0x70281064 0x73524 0x72924 0x4fa
vfprintf 0x0 0x70281068 0x73528 0x72928 0x540
towupper 0x0 0x7028106c 0x7352c 0x7292c 0x53c
_XcptFilter 0x0 0x70281070 0x73530 0x72930 0x6a
wcsstr 0x0 0x70281074 0x73534 0x72934 0x564
fprintf 0x0 0x70281078 0x73538 0x72938 0x49f
_purecall 0x0 0x7028107c 0x7353c 0x7293c 0x2fc
_strnicmp 0x0 0x70281080 0x73540 0x72940 0x368
RPCRT4.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RpcStringFreeW 0x0 0x70281088 0x73548 0x72948 0x1f2
UuidCreate 0x0 0x7028108c 0x7354c 0x7294c 0x1fb
UuidToStringW 0x0 0x70281090 0x73550 0x72950 0x204
ole32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateStreamOnHGlobal 0x0 0x70281098 0x73558 0x72958 0x86
CoTaskMemFree 0x0 0x7028109c 0x7355c 0x7295c 0x68
CoCreateInstance 0x0 0x702810a0 0x73560 0x72960 0x10
CoInitializeEx 0x0 0x702810a4 0x73564 0x72964 0x3f
CoUninitialize 0x0 0x702810a8 0x73568 0x72968 0x6c
CoTaskMemAlloc 0x0 0x702810ac 0x7356c 0x7296c 0x67
USER32.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBeep 0x0 0x702810b4 0x73574 0x72974 0x20d
MessageBoxW 0x0 0x702810b8 0x73578 0x72978 0x215
LoadStringW 0x0 0x702810bc 0x7357c 0x7297c 0x1fa
LoadIconW 0x0 0x702810c0 0x73580 0x72980 0x1ed
SetDlgItemTextA 0x0 0x702810c4 0x73584 0x72984 0x28f
EnableWindow 0x0 0x702810c8 0x73588 0x72988 0xd8
SendDlgItemMessageW 0x0 0x702810cc 0x7358c 0x7298c 0x273
InvalidateRect 0x0 0x702810d0 0x73590 0x72990 0x1be
SendMessageW 0x0 0x702810d4 0x73594 0x72994 0x27c
DialogBoxParamW 0x0 0x702810d8 0x73598 0x72998 0xac
LoadCursorW 0x0 0x702810dc 0x7359c 0x7299c 0x1eb
GetDlgItemTextW 0x0 0x702810e0 0x735a0 0x729a0 0x12a
WinHelpW 0x0 0x702810e4 0x735a4 0x729a4 0x329
GetGUIThreadInfo 0x0 0x702810e8 0x735a8 0x729a8 0x12e
ShowWindow 0x0 0x702810ec 0x735ac 0x729ac 0x2df
GetDlgItem 0x0 0x702810f0 0x735b0 0x729b0 0x127
CheckRadioButton 0x0 0x702810f4 0x735b4 0x729b4 0x41
GetWindowLongW 0x0 0x702810f8 0x735b8 0x729b8 0x196
EndDialog 0x0 0x702810fc 0x735bc 0x729bc 0xda
SetDlgItemTextW 0x0 0x70281100 0x735c0 0x729c0 0x290
SetCursor 0x0 0x70281104 0x735c4 0x729c4 0x288
SetWindowLongW 0x0 0x70281108 0x735c8 0x729c8 0x2c4
KERNEL32.dll (65)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
lstrcmpW 0x0 0x70281110 0x735d0 0x729d0 0x542
GetLocaleInfoW 0x0 0x70281114 0x735d4 0x729d4 0x204
GetSystemDirectoryW 0x0 0x70281118 0x735d8 0x729d8 0x26f
VerSetConditionMask 0x0 0x7028111c 0x735dc 0x729dc 0x4e4
VerifyVersionInfoW 0x0 0x70281120 0x735e0 0x729e0 0x4e8
GetFileAttributesExW 0x0 0x70281124 0x735e4 0x729e4 0x1e5
GetSystemDefaultLCID 0x0 0x70281128 0x735e8 0x729e8 0x26a
GetFileTime 0x0 0x7028112c 0x735ec 0x729ec 0x1f0
CompareFileTime 0x0 0x70281130 0x735f0 0x729f0 0x60
CopyFileW 0x0 0x70281134 0x735f4 0x729f4 0x75
FindResourceW 0x0 0x70281138 0x735f8 0x729f8 0x14e
LoadResource 0x0 0x7028113c 0x735fc 0x729fc 0x341
LockResource 0x0 0x70281140 0x73600 0x72a00 0x353
SizeofResource 0x0 0x70281144 0x73604 0x72a04 0x4b1
LoadLibraryW 0x0 0x70281148 0x73608 0x72a08 0x33f
SetUnhandledExceptionFilter 0x0 0x7028114c 0x7360c 0x72a0c 0x4a4
UnhandledExceptionFilter 0x0 0x70281150 0x73610 0x72a10 0x4d3
GetCurrentProcess 0x0 0x70281154 0x73614 0x72a14 0x1c0
TerminateProcess 0x0 0x70281158 0x73618 0x72a18 0x4c0
GetSystemTimeAsFileTime 0x0 0x7028115c 0x7361c 0x72a1c 0x278
GetCurrentProcessId 0x0 0x70281160 0x73620 0x72a20 0x1c1
GetCurrentThreadId 0x0 0x70281164 0x73624 0x72a24 0x1c5
GetTickCount 0x0 0x70281168 0x73628 0x72a28 0x292
QueryPerformanceCounter 0x0 0x7028116c 0x7362c 0x72a2c 0x3a6
RtlUnwind 0x0 0x70281170 0x73630 0x72a30 0x417
OutputDebugStringA 0x0 0x70281174 0x73634 0x72a34 0x388
Sleep 0x0 0x70281178 0x73638 0x72a38 0x4b2
GetModuleHandleW 0x0 0x7028117c 0x7363c 0x72a3c 0x216
GetFileAttributesW 0x0 0x70281180 0x73640 0x72a40 0x1e8
CreateFileMappingW 0x0 0x70281184 0x73644 0x72a44 0x8c
MapViewOfFile 0x0 0x70281188 0x73648 0x72a48 0x356
UnmapViewOfFile 0x0 0x7028118c 0x7364c 0x72a4c 0x4d6
GetFileSize 0x0 0x70281190 0x73650 0x72a50 0x1ee
SetErrorMode 0x0 0x70281194 0x73654 0x72a54 0x457
FindFirstFileW 0x0 0x70281198 0x73658 0x72a58 0x139
FindNextFileW 0x0 0x7028119c 0x7365c 0x72a5c 0x145
FindClose 0x0 0x702811a0 0x73660 0x72a60 0x12e
SetFilePointer 0x0 0x702811a4 0x73664 0x72a64 0x464
LoadLibraryExW 0x0 0x702811a8 0x73668 0x72a68 0x33e
MultiByteToWideChar 0x0 0x702811ac 0x7366c 0x72a6c 0x366
HeapFree 0x0 0x702811b0 0x73670 0x72a70 0x2cf
GetProcAddress 0x0 0x702811b4 0x73674 0x72a74 0x243
FreeLibrary 0x0 0x702811b8 0x73678 0x72a78 0x162
CreateDirectoryW 0x0 0x702811bc 0x7367c 0x72a7c 0x81
GetTempFileNameW 0x0 0x702811c0 0x73680 0x72a80 0x282
ReadFile 0x0 0x702811c4 0x73684 0x72a84 0x3bf
WriteFile 0x0 0x702811c8 0x73688 0x72a88 0x525
CreateFileW 0x0 0x702811cc 0x7368c 0x72a8c 0x8f
DeleteFileW 0x0 0x702811d0 0x73690 0x72a90 0xd6
MoveFileExW 0x0 0x702811d4 0x73694 0x72a94 0x35f
MulDiv 0x0 0x702811d8 0x73698 0x72a98 0x365
CloseHandle 0x0 0x702811dc 0x7369c 0x72a9c 0x52
WideCharToMultiByte 0x0 0x702811e0 0x736a0 0x72aa0 0x511
HeapCreate 0x0 0x702811e4 0x736a4 0x72aa4 0x2cd
GetLastError 0x0 0x702811e8 0x736a8 0x72aa8 0x200
lstrlenW 0x0 0x702811ec 0x736ac 0x72aac 0x54e
InterlockedCompareExchange 0x0 0x702811f0 0x736b0 0x72ab0 0x2e9
InterlockedExchange 0x0 0x702811f4 0x736b4 0x72ab4 0x2ec
InterlockedDecrement 0x0 0x702811f8 0x736b8 0x72ab8 0x2eb
InterlockedIncrement 0x0 0x702811fc 0x736bc 0x72abc 0x2ef
HeapDestroy 0x0 0x70281200 0x736c0 0x72ac0 0x2ce
SetLastError 0x0 0x70281204 0x736c4 0x72ac4 0x471
LocalAlloc 0x0 0x70281208 0x736c8 0x72ac8 0x344
HeapAlloc 0x0 0x7028120c 0x736cc 0x72acc 0x2cb
LocalFree 0x0 0x70281210 0x736d0 0x72ad0 0x348
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VerQueryValueW 0x0 0x70281218 0x736d8 0x72ad8 0xe
GetFileVersionInfoSizeW 0x0 0x7028121c 0x736dc 0x72adc 0x5
GetFileVersionInfoW 0x0 0x70281220 0x736e0 0x72ae0 0x6
WINSPOOL.DRV (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetPrinterDriverW 0x0 0x70281228 0x736e8 0x72ae8 0x86
SetPrinterDataW 0x0 0x7028122c 0x736ec 0x72aec 0xae
GetPrinterDataW 0x0 0x70281230 0x736f0 0x72af0 0x7e
GetPrinterW 0x0 0x70281234 0x736f4 0x72af4 0x87
EnumFormsW 0x0 0x70281238 0x736f8 0x72af8 0x54
DeleteFormW 0x0 0x7028123c 0x736fc 0x72afc 0x2c
AddFormW 0x0 0x70281240 0x73700 0x72b00 0x3
OpenPrinterW 0x0 0x70281244 0x73704 0x72b04 0x90
SetPrinterW 0x0 0x70281248 0x73708 0x72b08 0xaf
ClosePrinter 0x0 0x7028124c 0x7370c 0x72b0c 0x1d
GetFormW 0x0 0x70281250 0x73710 0x72b10 0x74
DeletePrinterDataW 0x0 0x70281254 0x73714 0x72b14 0x3b
GetPrinterDriverDirectoryW 0x0 0x70281258 0x73718 0x72b18 0x83
DeviceCapabilitiesW 0x0 0x7028125c 0x7371c 0x72b1c 0x49
GDI32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetGraphicsMode 0x0 0x70281264 0x73724 0x72b24 0x28d
CreateDCW 0x0 0x70281268 0x73728 0x72b28 0x32
GetDeviceCaps 0x0 0x7028126c 0x7372c 0x72b2c 0x1cb
EnumFontFamiliesW 0x0 0x70281270 0x73730 0x72b30 0x126
CreateICW 0x0 0x70281274 0x73734 0x72b34 0x45
DeleteDC 0x0 0x70281278 0x73738 0x72b38 0xe3
OLEAUT32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysAllocStringLen 0x4 0x70281280 0x73740 0x72b40 -
SysAllocString 0x2 0x70281284 0x73744 0x72b44 -
VariantClear 0x9 0x70281288 0x73748 0x72b48 -
VariantInit 0x8 0x7028128c 0x7374c 0x72b4c -
SysFreeString 0x6 0x70281290 0x73750 0x72b50 -
SysStringLen 0x7 0x70281294 0x73754 0x72b54 -
VariantChangeType 0xc 0x70281298 0x73758 0x72b58 -
Exports (33)
»
Api name EAT Address Ordinal
DevQueryPrintEx 0x205e2 0x101
DllCanUnloadNow 0x25277 0x102
DllGetClassObject 0x252cb 0x103
DllMain 0x1651 0x104
DrvConvertDevMode 0x1b709 0x105
DrvDeviceCapabilities 0x9350 0x106
DrvDevicePropertySheets 0x1ea3f 0x107
DrvDocumentEvent 0x91ed 0x108
DrvDocumentPropertySheets 0x87d4 0x109
DrvDriverEvent 0x1f8ae 0x10a
DrvPopulateFilterServices 0x25355 0xff
DrvPrinterEvent 0x1fea5 0x10b
DrvQueryColorProfile 0x1c23e 0x10c
DrvQueryJobAttributes 0x1dca7 0x10d
DrvResetConfigCache 0x1ba13 0x100
DrvSplDeviceCaps 0x1c931 0xfe
DrvUpgradePrinter 0x207a4 0x11d
MxdcGetPDEVAdjustment 0x2273c 0x11e
- 0x2e90 0x10e
- 0x1849 0x10f
- 0x1c08d 0x110
- 0x1a2c8 0x111
- 0x1b9b4 0x112
- 0x1b9c4 0x113
- 0x1b9d4 0x114
- 0x1b9e4 0x115
- 0x1f4ea 0x116
- 0x1f44e 0x117
- 0xac7d 0x118
- 0xadb2 0x119
- 0x1c3d1 0x11a
- 0x21598 0x11b
- 0x20dc2 0x11c
Icons (2)
»
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\inst_fold\armdaemon.js Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 0.18 KB
MD5 a775e77402b091d79af550297e884cee Copy to Clipboard
SHA1 18589c483d0ce11d2f9332a0c70f8d18a65e1f50 Copy to Clipboard
SHA256 e551a009d48db940818b9d5199638a1552c36533d3a81b77bb7fcb9601577f60 Copy to Clipboard
SSDeep 3:qxLtdxFY/iMIzvnjjbxQzCHkxLuALd/LVBsOOTpeqK3xLnLjvUyhc7l1K3xLqxAQ:qvVnTvjj6CHAzd/pB3OT5An/vKlcdKAQ Copy to Clipboard
c:\users\eebsym5\appdata\local\temp\~df54fa1b59b3d37990.tmp Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 72.00 KB
MD5 d079f7f21a3728ef492cd65f5f4b2524 Copy to Clipboard
SHA1 51bdb9a0e235ecc3d74e04dbb013f8b7943c5680 Copy to Clipboard
SHA256 c5ec80345a8bc09f47782c1aac001a97152e7c405b9d786e55e9f9f711c64325 Copy to Clipboard
SSDeep 96:vH9qlCMTXkXiXxfrLv5aMTXkXiXxfrLtySYt:/9qld5Xfo Copy to Clipboard
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\background.jpg Created File Image
Not Queried
...
»
Mime Type image/jpeg
File Size 34.94 KB
MD5 c12b97d5a230a72970b0947ffd1d2ce1 Copy to Clipboard
SHA1 f5aa3204ee60f34d736303dbf61f7342f95eaab2 Copy to Clipboard
SHA256 8dfa97d18acaeaa0ed13a43cca6802d5c3637ead536991915ac3d88636ba08d5 Copy to Clipboard
SSDeep 768:v0yNWUFquARfzbOo6CD+NaScnRksCpFMbcJZrhncZ1PoP:MyNBYta3CCVcRksXqXcZ1q Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Swedish.lg Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 52.10 KB
MD5 6b46297240dfc309a99b133e94c916c3 Copy to Clipboard
SHA1 ce4f36af4cbf6ebd15cf6e0e6dc8b72e61872027 Copy to Clipboard
SHA256 88f45f3cc9999a1e35967cd7f33d2d15c0c31b13336fbf93e754e1af8903d9c1 Copy to Clipboard
SSDeep 768:uExwiB90PPNythEEnIzmO250yOXu5sYA4YnXt:uni2PNytCEnIzmO2QXu5sYA4YnXt Copy to Clipboard
C:\Program Files\Remote Utilities - Host\French.lg Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 56.07 KB
MD5 7c2276331e1e744cf702858fbb041039 Copy to Clipboard
SHA1 a5c7c0067a96b7e8cd11d8b3c205494147a2da4e Copy to Clipboard
SHA256 0b05f6ada359e0c3295d32087874bf2888e60400fe3a9ec4d54a849031bfe915 Copy to Clipboard
SSDeep 384:uGTDMQmpXpiwV+Bcp7D6AfZbKrHt/Adyu+AFeM12yATQHwUZAOqSA+lFS:PC1X2gyO13HbHY Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.inf Created File Unknown
Not Queried
...
»
Mime Type application/x-setupscript
File Size 1.74 KB
MD5 a4e8736aa55b109b40c786a637991116 Copy to Clipboard
SHA1 20c1b886361974bcb608a79b2fd7598092ae821b Copy to Clipboard
SHA256 097c3da78321ac553966d4ebabfe1a533dbb1b383010ebf165eede9c631dc6dd Copy to Clipboard
SSDeep 48:jshukkXFbsf0tz6Joq7mgHwuMgHPgHKJDWlFVfXj07J:jMYQi6JoimIMsRJDWlFZIl Copy to Clipboard
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\repairex.ico Created File Image
Not Queried
...
»
Mime Type image/x-icon
File Size 14.73 KB
MD5 4dba3637f5fceaadd2184bd8a0f0fb95 Copy to Clipboard
SHA1 a858418c32f5d45f15ab01cafc652b507de2a42b Copy to Clipboard
SHA256 c1ad1e78a112974326b44f75fe302723a4fc8ac1ccd96c9887403f6ddf8e607d Copy to Clipboard
SSDeep 192:+q2qe82nprAWkcWFW57oVht/k2VxomK0qHTk4TdrofvMxnVRYAn4vf:ej84ArgojFTVxoz0qHNTdr+vKVRYAIf Copy to Clipboard
c:\users\eebsym5\appdata\local\temp\~df22707f64d7b3e78b.tmp Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 72.00 KB
MD5 ae7fabbe080fb69b1c25a0fa6cac36a1 Copy to Clipboard
SHA1 6826fa13794056b16d94beff6612dba0838b27c8 Copy to Clipboard
SHA256 ea099bf41805ea7f60bd55747a723223bca45cac86c88048586cdbd271b78327 Copy to Clipboard
SSDeep 48:4o7ZEl7SkdzYdzvSkdzfdzfIgUIg8UvZF7ieTxpDI8svTo4:97mBm/IDIMMe3I8svZ Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.inf Created File Unknown
Not Queried
...
»
Mime Type application/x-setupscript
File Size 1.74 KB
MD5 22d30a038b3db6ef939bb05f697eb3d4 Copy to Clipboard
SHA1 7e76546c510fd6a2aab96592f4b1a5a40eca74bc Copy to Clipboard
SHA256 1f9fe7037c44ba4fd44e15b8cfabe79265331d6ae146045fa15e2c02c6212c1a Copy to Clipboard
SSDeep 48:jshGkkXFbsf0tz6Joq7mgHwuMgHPgHKJDWlFVfXj07J:jMwQi6JoimIMsRJDWlFZIl Copy to Clipboard
c:\users\eebsym5\appdata\local\temp\~df79f05337c4b95565.tmp Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 0.50 KB
MD5 bf619eac0cdf3f68d496ea9344137e8b Copy to Clipboard
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 Copy to Clipboard
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\lzmaextractor.dll Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 12.12 KB
MD5 6a06d2405b81845330ae5c97b31d2663 Copy to Clipboard
SHA1 75293a2c50528d86197976a1a74beb97a6202a65 Copy to Clipboard
SHA256 6e0f72297a10eb38593faf6d52ce964c45873f2e2f4fdcf468fb592fb763851c Copy to Clipboard
SSDeep 192:r2FFw7VkzjNB1CMGVfozI2az9FU8zQyMrj6Pou7+wta43UN5:iO0j1CMGVfqIrrVMCguS4kj Copy to Clipboard
ImpHash 8a050fdcf8a6aa995f44dcdc1218b881 Copy to Clipboard
PE Information
»
Image Base 0x10000000
Entry Point 0x100010c7
Size Of Code 0xa00
Size Of Initialized Data 0x1000
File Type dll
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2014-11-11 09:48:45+00:00
Version Information (8)
»
LegalCopyright (c) Caphyon LTD. All rights reserved.
InternalName lzmaextroctor.dll
FileVersion 11.6.2.0
CompanyName Caphyon LTD
ProductName Advanced Installer
ProductVersion 11.6.2.0
FileDescription Custom action that extracts a LZMA archive
OriginalFilename lzmaextractor.dll
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x934 0xa00 0x400 cnt_code, mem_execute, mem_read 5.94
.rdata 0x10002000 0x52f 0x600 0xe00 cnt_initialized_data, mem_read 3.95
.data 0x10003000 0xc 0x200 0x1400 cnt_initialized_data, mem_read, mem_write 0.02
.rsrc 0x10004000 0x544 0x600 0x1600 cnt_initialized_data, mem_read 4.44
.reloc 0x10005000 0x130 0x200 0x1c00 cnt_initialized_data, mem_discardable, mem_read 1.59
Imports (5)
»
msi.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x46 0x10002054 0x22c8 0x10c8 -
(by ordinal) 0xab 0x10002058 0x22cc 0x10cc -
(by ordinal) 0x7d 0x1000205c 0x22d0 0x10d0 -
(by ordinal) 0x8 0x10002060 0x22d4 0x10d4 -
(by ordinal) 0x11 0x10002064 0x22d8 0x10d8 -
(by ordinal) 0xd3 0x10002068 0x22dc 0x10dc -
(by ordinal) 0x91 0x1000206c 0x22e0 0x10e0 -
(by ordinal) 0x4a 0x10002070 0x22e4 0x10e4 -
KERNEL32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetComputerNameW 0x0 0x10002018 0x228c 0x108c 0x18f
GetComputerNameA 0x0 0x1000201c 0x2290 0x1090 0x18c
FindFirstFileW 0x0 0x10002020 0x2294 0x1094 0x139
RemoveDirectoryA 0x0 0x10002024 0x2298 0x1098 0x400
RemoveDirectoryW 0x0 0x10002028 0x229c 0x109c 0x403
FindFirstFileA 0x0 0x1000202c 0x22a0 0x10a0 0x132
GetVersionExW 0x0 0x10002030 0x22a4 0x10a4 0x2a4
WaitForSingleObject 0x0 0x10002034 0x22a8 0x10a8 0x4f9
FindClose 0x0 0x10002038 0x22ac 0x10ac 0x12e
COMDLG32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetOpenFileNameA 0x0 0x1000200c 0x2280 0x1080 0xb
GetOpenFileNameW 0x0 0x10002010 0x2284 0x1084 0xc
ADVAPI32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetUserNameA 0x0 0x10002000 0x2274 0x1074 0x164
GetUserNameW 0x0 0x10002004 0x2278 0x1078 0x165
SHELL32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHFileOperationA 0x0 0x10002040 0x22b4 0x10b4 0xab
ShellExecuteExA 0x0 0x10002044 0x22b8 0x10b8 0x120
ShellExecuteExW 0x0 0x10002048 0x22bc 0x10bc 0x121
SHFileOperationW 0x0 0x1000204c 0x22c0 0x10c0 0xac
Exports (5)
»
Api name EAT Address Ordinal
DeleteExtractionPath 0x12d5 0x1
DeleteLZMAFiles 0x127a 0x2
ExpandExtractionPath 0x128c 0x3
ExtractLZMAFiles 0x126a 0x4
FindEXE 0x1196 0x5
Digital Signatures (2)
»
Certificate: Caphyon SRL
»
Issued by Caphyon SRL
Parent Certificate Thawte Code Signing CA - G2
Country Name RO
Valid From 2013-01-30 00:00:00+00:00
Valid Until 2015-01-30 23:59:59+00:00
Algorithm sha1_rsa
Serial Number 5A B5 35 B2 74 9E 24 2E 6D 6B CD E3 14 2D 28 31
Thumbprint EA 1D 11 FA C7 0A A8 06 1C FB 7D 7A E4 AC C3 E9 3F 4C 9B FB
Certificate: Thawte Code Signing CA - G2
»
Issued by Thawte Code Signing CA - G2
Country Name US
Valid From 2010-02-08 00:00:00+00:00
Valid Until 2020-02-07 23:59:59+00:00
Algorithm sha1_rsa
Serial Number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
Thumbprint 80 8D 62 64 2B 7D 1C 4A 9A 83 FD 66 7F 7A 2A 9D 24 3F B1 C7
C:\Program Files\Remote Utilities - Host\Printer\x86\rupui.dll Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 27.02 KB
MD5 06fbee958a668325bb760204e70563cc Copy to Clipboard
SHA1 5f364d4c80eddc1b2e286ea6fa42898eb0171a9d Copy to Clipboard
SHA256 e3cccf9d3d72d446b375b1ddc99c54aeb0bb303f4580ae5541886bb2ab36c12f Copy to Clipboard
SSDeep 768:WmK+cIcN08XOJVrPULt1gvshDE0qmYl47g2PKgY:6+BcNXeJV0DlB7gY2 Copy to Clipboard
ImpHash 09eb4d4465f1d6e5c469dd0676d5e56a Copy to Clipboard
PE Information
»
Image Base 0x50000000
Entry Point 0x500030f4
Size Of Code 0x3000
Size Of Initialized Data 0x1c00
File Type dll
Subsystem windows_cui
Machine Type i386
Compile Timestamp 2012-08-31 14:26:18+00:00
Version Information (7)
»
LegalCopyright -
InternalName -
FileVersion 1.0
ProductName Remote Utilities Printer
ProductVersion 1.0
FileDescription Driver UI DLL
OriginalFilename -
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x50001000 0x2f98 0x3000 0x400 cnt_code, mem_execute, mem_read 6.17
.data 0x50004000 0x894 0x400 0x3400 cnt_initialized_data, mem_read, mem_write 5.81
.rsrc 0x50005000 0xa28 0xc00 0x3800 cnt_initialized_data, mem_read 3.64
.reloc 0x50006000 0x5b0 0x600 0x4400 cnt_initialized_data, mem_discardable, mem_read 3.52
Imports (7)
»
msvcrt.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
wcschr 0x0 0x500010cc 0x3ac8 0x2ec8 0x551
_adjust_fdiv 0x0 0x500010d0 0x3acc 0x2ecc 0xf5
_amsg_exit 0x0 0x500010d4 0x3ad0 0x2ed0 0x101
_XcptFilter 0x0 0x500010d8 0x3ad4 0x2ed4 0x6a
malloc 0x0 0x500010dc 0x3ad8 0x2ed8 0x4de
free 0x0 0x500010e0 0x3adc 0x2edc 0x4a6
swprintf 0x0 0x500010e4 0x3ae0 0x2ee0 0x52d
memset 0x0 0x500010e8 0x3ae4 0x2ee4 0x4ee
wcsrchr 0x0 0x500010ec 0x3ae8 0x2ee8 0x560
memcpy 0x0 0x500010f0 0x3aec 0x2eec 0x4ea
_initterm 0x0 0x500010f4 0x3af0 0x2ef0 0x1d5
??2@YAPAXI@Z 0x0 0x500010f8 0x3af4 0x2ef4 0x12
??3@YAXPAX@Z 0x0 0x500010fc 0x3af8 0x2ef8 0x14
KERNEL32.dll (25)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InterlockedDecrement 0x0 0x50001024 0x3a20 0x2e20 0x219
SetUnhandledExceptionFilter 0x0 0x50001028 0x3a24 0x2e24 0x332
UnhandledExceptionFilter 0x0 0x5000102c 0x3a28 0x2e28 0x357
GetCurrentProcess 0x0 0x50001030 0x3a2c 0x2e2c 0x13b
TerminateProcess 0x0 0x50001034 0x3a30 0x2e30 0x346
GetSystemTimeAsFileTime 0x0 0x50001038 0x3a34 0x2e34 0x1bd
GetCurrentProcessId 0x0 0x5000103c 0x3a38 0x2e38 0x13c
GetCurrentThreadId 0x0 0x50001040 0x3a3c 0x2e3c 0x13e
GetTickCount 0x0 0x50001044 0x3a40 0x2e40 0x1d1
QueryPerformanceCounter 0x0 0x50001048 0x3a44 0x2e44 0x291
RtlUnwind 0x0 0x5000104c 0x3a48 0x2e48 0x2c4
InterlockedCompareExchange 0x0 0x50001050 0x3a4c 0x2e4c 0x218
Sleep 0x0 0x50001054 0x3a50 0x2e50 0x33e
InterlockedExchange 0x0 0x50001058 0x3a54 0x2e54 0x21a
GetLastError 0x0 0x5000105c 0x3a58 0x2e58 0x168
CreateProcessW 0x0 0x50001060 0x3a5c 0x2e5c 0x66
GetModuleFileNameW 0x0 0x50001064 0x3a60 0x2e60 0x174
GetVersion 0x0 0x50001068 0x3a64 0x2e64 0x1da
GetFileAttributesW 0x0 0x5000106c 0x3a68 0x2e68 0x159
GetProcAddress 0x0 0x50001070 0x3a6c 0x2e6c 0x197
GetModuleHandleW 0x0 0x50001074 0x3a70 0x2e70 0x178
GetModuleHandleA 0x0 0x50001078 0x3a74 0x2e74 0x175
lstrcpynW 0x0 0x5000107c 0x3a78 0x2e78 0x3b1
SetLastError 0x0 0x50001080 0x3a7c 0x2e7c 0x313
InterlockedIncrement 0x0 0x50001084 0x3a80 0x2e80 0x21d
USER32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetWindowRect 0x0 0x50001094 0x3a90 0x2e90 0x176
GetDlgItem 0x0 0x50001098 0x3a94 0x2e94 0x113
SetWindowLongW 0x0 0x5000109c 0x3a98 0x2e98 0x283
SetDlgItemTextW 0x0 0x500010a0 0x3a9c 0x2e9c 0x256
BeginPaint 0x0 0x500010a4 0x3aa0 0x2ea0 0xd
DefWindowProcW 0x0 0x500010a8 0x3aa4 0x2ea4 0x91
MapWindowPoints 0x0 0x500010ac 0x3aa8 0x2ea8 0x1d9
FillRect 0x0 0x500010b0 0x3aac 0x2eac 0xe4
GetWindowTextW 0x0 0x500010b4 0x3ab0 0x2eb0 0x17c
DrawTextW 0x0 0x500010b8 0x3ab4 0x2eb4 0xc1
EndPaint 0x0 0x500010bc 0x3ab8 0x2eb8 0xca
WINSPOOL.DRV (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetPrinterDataW 0x0 0x500010c4 0x3ac0 0x2ec0 0x74
ADVAPI32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExW 0x0 0x50001000 0x39fc 0x2dfc 0x1ee
RegOpenKeyExW 0x0 0x50001004 0x3a00 0x2e00 0x1e4
RegCloseKey 0x0 0x50001008 0x3a04 0x2e04 0x1ca
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteW 0x0 0x5000108c 0x3a88 0x2e88 0x10b
GDI32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetTextColor 0x0 0x50001010 0x3a0c 0x2e0c 0x23c
SetBkMode 0x0 0x50001014 0x3a10 0x2e10 0x216
SelectObject 0x0 0x50001018 0x3a14 0x2e14 0x20e
GetStockObject 0x0 0x5000101c 0x3a18 0x2e18 0x1a5
Exports (2)
»
Api name EAT Address Ordinal
DllCanUnloadNow 0x1a4b 0x1
DllGetClassObject 0x1b26 0x2
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe.part Created File Binary
Not Queried
...
»
Also Known As C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader\prerequisites\RequiredApplication\setup.exe (Created File)
Mime Type application/x-dosexec
File Size 10.00 MB
MD5 fe81caf55bd98d3b8d53bdd38f214dcb Copy to Clipboard
SHA1 0defd3e408dee73b55e8d05ac2df12b86c8d7302 Copy to Clipboard
SHA256 914d529465cdc3b7598bd4c0457583f2e779180fd206f85867f9abd7f8cd739b Copy to Clipboard
SSDeep 196608:itDW2c3gwhxOn0UM0Uyqn6Stt6MNfW9BKzFhBgDwdlzOoxJOh1odBPg14Kq4QKxY:I/ln0Dyqntt6MJsKzFhBDlzxJ+1o36Ij Copy to Clipboard
ImpHash c9adc83b45e363b21cd6b11b5da0501f Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x425468
Size Of Code 0x24600
Size Of Initialized Data 0x7c00
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Packer BobSoft Mini Delphi -> BoB / BobSoft
Version Information (5)
»
LegalCopyright HIC Ltd.
CompanyName HIC Ltd.
FileVersion 4.0.0.1
Comments -
FileDescription H&S Tech 4.0.0.1 Installation
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x244cc 0x24600 0x400 cnt_code, mem_execute, mem_read 6.59
DATA 0x426000 0x2894 0x2a00 0x24a00 cnt_initialized_data, mem_read, mem_write 3.79
BSS 0x429000 0x10f5 0x0 0x27400 mem_read, mem_write 0.0
.idata 0x42b000 0x1798 0x1800 0x27400 cnt_initialized_data, mem_read, mem_write 4.89
.tls 0x42d000 0x8 0x0 0x28c00 mem_read, mem_write 0.0
.rdata 0x42e000 0x18 0x200 0x28c00 cnt_initialized_data, mem_shared, mem_read 0.2
.reloc 0x42f000 0x1884 0x1a00 0x28e00 cnt_initialized_data, mem_shared, mem_read 6.59
.rsrc 0x431000 0x1cdc 0x1e00 0x2a800 cnt_initialized_data, mem_shared, mem_read 4.76
Imports (22)
»
kernel32.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x42b1cc 0x2b1cc 0x275cc 0x0
LeaveCriticalSection 0x0 0x42b1d0 0x2b1d0 0x275d0 0x0
EnterCriticalSection 0x0 0x42b1d4 0x2b1d4 0x275d4 0x0
InitializeCriticalSection 0x0 0x42b1d8 0x2b1d8 0x275d8 0x0
VirtualFree 0x0 0x42b1dc 0x2b1dc 0x275dc 0x0
VirtualAlloc 0x0 0x42b1e0 0x2b1e0 0x275e0 0x0
LocalFree 0x0 0x42b1e4 0x2b1e4 0x275e4 0x0
LocalAlloc 0x0 0x42b1e8 0x2b1e8 0x275e8 0x0
GetVersion 0x0 0x42b1ec 0x2b1ec 0x275ec 0x0
GetCurrentThreadId 0x0 0x42b1f0 0x2b1f0 0x275f0 0x0
WideCharToMultiByte 0x0 0x42b1f4 0x2b1f4 0x275f4 0x0
GetThreadLocale 0x0 0x42b1f8 0x2b1f8 0x275f8 0x0
GetStartupInfoA 0x0 0x42b1fc 0x2b1fc 0x275fc 0x0
GetLocaleInfoA 0x0 0x42b200 0x2b200 0x27600 0x0
GetCommandLineA 0x0 0x42b204 0x2b204 0x27604 0x0
FreeLibrary 0x0 0x42b208 0x2b208 0x27608 0x0
ExitProcess 0x0 0x42b20c 0x2b20c 0x2760c 0x0
WriteFile 0x0 0x42b210 0x2b210 0x27610 0x0
UnhandledExceptionFilter 0x0 0x42b214 0x2b214 0x27614 0x0
RtlUnwind 0x0 0x42b218 0x2b218 0x27618 0x0
RaiseException 0x0 0x42b21c 0x2b21c 0x2761c 0x0
GetStdHandle 0x0 0x42b220 0x2b220 0x27620 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x42b228 0x2b228 0x27628 0x0
MessageBoxA 0x0 0x42b22c 0x2b22c 0x2762c 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x42b234 0x2b234 0x27634 0x0
RegOpenKeyExA 0x0 0x42b238 0x2b238 0x27638 0x0
RegCloseKey 0x0 0x42b23c 0x2b23c 0x2763c 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x42b244 0x2b244 0x27644 0x0
SysReAllocStringLen 0x0 0x42b248 0x2b248 0x27648 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x42b250 0x2b250 0x27650 0x0
TlsGetValue 0x0 0x42b254 0x2b254 0x27654 0x0
LocalAlloc 0x0 0x42b258 0x2b258 0x27658 0x0
GetModuleHandleA 0x0 0x42b25c 0x2b25c 0x2765c 0x0
advapi32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey 0x0 0x42b264 0x2b264 0x27664 0x0
OpenThreadToken 0x0 0x42b268 0x2b268 0x27668 0x0
OpenProcessToken 0x0 0x42b26c 0x2b26c 0x2766c 0x0
GetTokenInformation 0x0 0x42b270 0x2b270 0x27670 0x0
FreeSid 0x0 0x42b274 0x2b274 0x27674 0x0
EqualSid 0x0 0x42b278 0x2b278 0x27678 0x0
AllocateAndInitializeSid 0x0 0x42b27c 0x2b27c 0x2767c 0x0
AdjustTokenPrivileges 0x0 0x42b280 0x2b280 0x27680 0x0
kernel32.dll (35)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x42b288 0x2b288 0x27688 0x0
WinExec 0x0 0x42b28c 0x2b28c 0x2768c 0x0
WaitForSingleObject 0x0 0x42b290 0x2b290 0x27690 0x0
TerminateProcess 0x0 0x42b294 0x2b294 0x27694 0x0
SystemTimeToFileTime 0x0 0x42b298 0x2b298 0x27698 0x0
Sleep 0x0 0x42b29c 0x2b29c 0x2769c 0x0
SetFileTime 0x0 0x42b2a0 0x2b2a0 0x276a0 0x0
SetFilePointer 0x0 0x42b2a4 0x2b2a4 0x276a4 0x0
SetErrorMode 0x0 0x42b2a8 0x2b2a8 0x276a8 0x0
SetEndOfFile 0x0 0x42b2ac 0x2b2ac 0x276ac 0x0
ReadFile 0x0 0x42b2b0 0x2b2b0 0x276b0 0x0
OpenProcess 0x0 0x42b2b4 0x2b2b4 0x276b4 0x0
MultiByteToWideChar 0x0 0x42b2b8 0x2b2b8 0x276b8 0x0
LocalFileTimeToFileTime 0x0 0x42b2bc 0x2b2bc 0x276bc 0x0
LoadLibraryA 0x0 0x42b2c0 0x2b2c0 0x276c0 0x0
GlobalFree 0x0 0x42b2c4 0x2b2c4 0x276c4 0x0
GlobalAlloc 0x0 0x42b2c8 0x2b2c8 0x276c8 0x0
GetVersion 0x0 0x42b2cc 0x2b2cc 0x276cc 0x0
GetUserDefaultLangID 0x0 0x42b2d0 0x2b2d0 0x276d0 0x0
GetProcAddress 0x0 0x42b2d4 0x2b2d4 0x276d4 0x0
GetModuleHandleA 0x0 0x42b2d8 0x2b2d8 0x276d8 0x0
GetLocalTime 0x0 0x42b2dc 0x2b2dc 0x276dc 0x0
GetLastError 0x0 0x42b2e0 0x2b2e0 0x276e0 0x0
GetFileTime 0x0 0x42b2e4 0x2b2e4 0x276e4 0x0
GetFileSize 0x0 0x42b2e8 0x2b2e8 0x276e8 0x0
GetExitCodeProcess 0x0 0x42b2ec 0x2b2ec 0x276ec 0x0
GetCurrentThread 0x0 0x42b2f0 0x2b2f0 0x276f0 0x0
GetCurrentProcess 0x0 0x42b2f4 0x2b2f4 0x276f4 0x0
FreeLibrary 0x0 0x42b2f8 0x2b2f8 0x276f8 0x0
FindClose 0x0 0x42b2fc 0x2b2fc 0x276fc 0x0
FileTimeToSystemTime 0x0 0x42b300 0x2b300 0x27700 0x0
FileTimeToLocalFileTime 0x0 0x42b304 0x2b304 0x27704 0x0
DosDateTimeToFileTime 0x0 0x42b308 0x2b308 0x27708 0x0
CompareFileTime 0x0 0x42b30c 0x2b30c 0x2770c 0x0
CloseHandle 0x0 0x42b310 0x2b310 0x27710 0x0
gdi32.dll (35)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x42b318 0x2b318 0x27718 0x0
StretchBlt 0x0 0x42b31c 0x2b31c 0x2771c 0x0
SetWindowOrgEx 0x0 0x42b320 0x2b320 0x27720 0x0
SetTextColor 0x0 0x42b324 0x2b324 0x27724 0x0
SetStretchBltMode 0x0 0x42b328 0x2b328 0x27728 0x0
SetRectRgn 0x0 0x42b32c 0x2b32c 0x2772c 0x0
SetROP2 0x0 0x42b330 0x2b330 0x27730 0x0
SetPixel 0x0 0x42b334 0x2b334 0x27734 0x0
SetDIBits 0x0 0x42b338 0x2b338 0x27738 0x0
SetBrushOrgEx 0x0 0x42b33c 0x2b33c 0x2773c 0x0
SetBkMode 0x0 0x42b340 0x2b340 0x27740 0x0
SetBkColor 0x0 0x42b344 0x2b344 0x27744 0x0
SelectObject 0x0 0x42b348 0x2b348 0x27748 0x0
SaveDC 0x0 0x42b34c 0x2b34c 0x2774c 0x0
RestoreDC 0x0 0x42b350 0x2b350 0x27750 0x0
OffsetRgn 0x0 0x42b354 0x2b354 0x27754 0x0
MoveToEx 0x0 0x42b358 0x2b358 0x27758 0x0
IntersectClipRect 0x0 0x42b35c 0x2b35c 0x2775c 0x0
GetStockObject 0x0 0x42b360 0x2b360 0x27760 0x0
GetPixel 0x0 0x42b364 0x2b364 0x27764 0x0
GetDIBits 0x0 0x42b368 0x2b368 0x27768 0x0
ExtSelectClipRgn 0x0 0x42b36c 0x2b36c 0x2776c 0x0
ExcludeClipRect 0x0 0x42b370 0x2b370 0x27770 0x0
DeleteObject 0x0 0x42b374 0x2b374 0x27774 0x0
DeleteDC 0x0 0x42b378 0x2b378 0x27778 0x0
CreateSolidBrush 0x0 0x42b37c 0x2b37c 0x2777c 0x0
CreateRectRgn 0x0 0x42b380 0x2b380 0x27780 0x0
CreateDIBitmap 0x0 0x42b384 0x2b384 0x27784 0x0
CreateDIBSection 0x0 0x42b388 0x2b388 0x27788 0x0
CreateCompatibleDC 0x0 0x42b38c 0x2b38c 0x2778c 0x0
CreateCompatibleBitmap 0x0 0x42b390 0x2b390 0x27790 0x0
CreateBrushIndirect 0x0 0x42b394 0x2b394 0x27794 0x0
CreateBitmap 0x0 0x42b398 0x2b398 0x27798 0x0
CombineRgn 0x0 0x42b39c 0x2b39c 0x2779c 0x0
BitBlt 0x0 0x42b3a0 0x2b3a0 0x277a0 0x0
user32.dll (52)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WaitMessage 0x0 0x42b3a8 0x2b3a8 0x277a8 0x0
ValidateRect 0x0 0x42b3ac 0x2b3ac 0x277ac 0x0
TranslateMessage 0x0 0x42b3b0 0x2b3b0 0x277b0 0x0
ShowWindow 0x0 0x42b3b4 0x2b3b4 0x277b4 0x0
SetWindowPos 0x0 0x42b3b8 0x2b3b8 0x277b8 0x0
SetTimer 0x0 0x42b3bc 0x2b3bc 0x277bc 0x0
SetParent 0x0 0x42b3c0 0x2b3c0 0x277c0 0x0
SetForegroundWindow 0x0 0x42b3c4 0x2b3c4 0x277c4 0x0
SetFocus 0x0 0x42b3c8 0x2b3c8 0x277c8 0x0
SetCursor 0x0 0x42b3cc 0x2b3cc 0x277cc 0x0
SendMessageA 0x0 0x42b3d0 0x2b3d0 0x277d0 0x0
ScreenToClient 0x0 0x42b3d4 0x2b3d4 0x277d4 0x0
ReleaseDC 0x0 0x42b3d8 0x2b3d8 0x277d8 0x0
PostQuitMessage 0x0 0x42b3dc 0x2b3dc 0x277dc 0x0
OffsetRect 0x0 0x42b3e0 0x2b3e0 0x277e0 0x0
KillTimer 0x0 0x42b3e4 0x2b3e4 0x277e4 0x0
IsZoomed 0x0 0x42b3e8 0x2b3e8 0x277e8 0x0
IsWindowVisible 0x0 0x42b3ec 0x2b3ec 0x277ec 0x0
IsWindowEnabled 0x0 0x42b3f0 0x2b3f0 0x277f0 0x0
IsWindow 0x0 0x42b3f4 0x2b3f4 0x277f4 0x0
IsIconic 0x0 0x42b3f8 0x2b3f8 0x277f8 0x0
InvalidateRect 0x0 0x42b3fc 0x2b3fc 0x277fc 0x0
GetWindowRgn 0x0 0x42b400 0x2b400 0x27800 0x0
GetWindowRect 0x0 0x42b404 0x2b404 0x27804 0x0
GetWindowDC 0x0 0x42b408 0x2b408 0x27808 0x0
GetUpdateRgn 0x0 0x42b40c 0x2b40c 0x2780c 0x0
GetSystemMetrics 0x0 0x42b410 0x2b410 0x27810 0x0
GetSystemMenu 0x0 0x42b414 0x2b414 0x27814 0x0
GetSysColor 0x0 0x42b418 0x2b418 0x27818 0x0
GetParent 0x0 0x42b41c 0x2b41c 0x2781c 0x0
GetWindow 0x0 0x42b420 0x2b420 0x27820 0x0
GetKeyState 0x0 0x42b424 0x2b424 0x27824 0x0
GetFocus 0x0 0x42b428 0x2b428 0x27828 0x0
GetDCEx 0x0 0x42b42c 0x2b42c 0x2782c 0x0
GetDC 0x0 0x42b430 0x2b430 0x27830 0x0
GetCursorPos 0x0 0x42b434 0x2b434 0x27834 0x0
GetClientRect 0x0 0x42b438 0x2b438 0x27838 0x0
GetCapture 0x0 0x42b43c 0x2b43c 0x2783c 0x0
FillRect 0x0 0x42b440 0x2b440 0x27840 0x0
ExitWindowsEx 0x0 0x42b444 0x2b444 0x27844 0x0
EnumWindows 0x0 0x42b448 0x2b448 0x27848 0x0
EndPaint 0x0 0x42b44c 0x2b44c 0x2784c 0x0
EnableWindow 0x0 0x42b450 0x2b450 0x27850 0x0
EnableMenuItem 0x0 0x42b454 0x2b454 0x27854 0x0
DrawIcon 0x0 0x42b458 0x2b458 0x27858 0x0
DestroyWindow 0x0 0x42b45c 0x2b45c 0x2785c 0x0
DestroyIcon 0x0 0x42b460 0x2b460 0x27860 0x0
DeleteMenu 0x0 0x42b464 0x2b464 0x27864 0x0
CopyImage 0x0 0x42b468 0x2b468 0x27868 0x0
ClientToScreen 0x0 0x42b46c 0x2b46c 0x2786c 0x0
BeginPaint 0x0 0x42b470 0x2b470 0x27870 0x0
CharLowerBuffA 0x0 0x42b474 0x2b474 0x27874 0x0
winmm.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
timeKillEvent 0x0 0x42b47c 0x2b47c 0x2787c 0x0
timeSetEvent 0x0 0x42b480 0x2b480 0x27880 0x0
oleaut32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysAllocStringLen 0x0 0x42b488 0x2b488 0x27888 0x0
ole32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleInitialize 0x0 0x42b490 0x2b490 0x27890 0x0
comctl32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_Draw 0x0 0x42b498 0x2b498 0x27898 0x0
ImageList_SetBkColor 0x0 0x42b49c 0x2b49c 0x2789c 0x0
ImageList_Create 0x0 0x42b4a0 0x2b4a0 0x278a0 0x0
InitCommonControls 0x0 0x42b4a4 0x2b4a4 0x278a4 0x0
shell32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetFileInfoA 0x0 0x42b4ac 0x2b4ac 0x278ac 0x0
user32.dll (23)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
wvsprintfA 0x0 0x42b4b4 0x2b4b4 0x278b4 0x0
SetWindowLongA 0x0 0x42b4b8 0x2b4b8 0x278b8 0x0
SetPropA 0x0 0x42b4bc 0x2b4bc 0x278bc 0x0
SendMessageA 0x0 0x42b4c0 0x2b4c0 0x278c0 0x0
RemovePropA 0x0 0x42b4c4 0x2b4c4 0x278c4 0x0
RegisterClassA 0x0 0x42b4c8 0x2b4c8 0x278c8 0x0
PostMessageA 0x0 0x42b4cc 0x2b4cc 0x278cc 0x0
PeekMessageA 0x0 0x42b4d0 0x2b4d0 0x278d0 0x0
MessageBoxA 0x0 0x42b4d4 0x2b4d4 0x278d4 0x0
LoadIconA 0x0 0x42b4d8 0x2b4d8 0x278d8 0x0
LoadCursorA 0x0 0x42b4dc 0x2b4dc 0x278dc 0x0
GetWindowTextLengthA 0x0 0x42b4e0 0x2b4e0 0x278e0 0x0
GetWindowTextA 0x0 0x42b4e4 0x2b4e4 0x278e4 0x0
GetWindowLongA 0x0 0x42b4e8 0x2b4e8 0x278e8 0x0
GetPropA 0x0 0x42b4ec 0x2b4ec 0x278ec 0x0
GetClassLongA 0x0 0x42b4f0 0x2b4f0 0x278f0 0x0
GetClassInfoA 0x0 0x42b4f4 0x2b4f4 0x278f4 0x0
FindWindowA 0x0 0x42b4f8 0x2b4f8 0x278f8 0x0
DrawTextA 0x0 0x42b4fc 0x2b4fc 0x278fc 0x0
DispatchMessageA 0x0 0x42b500 0x2b500 0x27900 0x0
DefWindowProcA 0x0 0x42b504 0x2b504 0x27904 0x0
CreateWindowExA 0x0 0x42b508 0x2b508 0x27908 0x0
CallWindowProcA 0x0 0x42b50c 0x2b50c 0x2790c 0x0
gdi32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetTextExtentPoint32A 0x0 0x42b514 0x2b514 0x27914 0x0
GetObjectA 0x0 0x42b518 0x2b518 0x27918 0x0
CreateFontIndirectA 0x0 0x42b51c 0x2b51c 0x2791c 0x0
AddFontResourceA 0x0 0x42b520 0x2b520 0x27920 0x0
kernel32.dll (27)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WritePrivateProfileStringA 0x0 0x42b528 0x2b528 0x27928 0x0
SetFileAttributesA 0x0 0x42b52c 0x2b52c 0x2792c 0x0
SetCurrentDirectoryA 0x0 0x42b530 0x2b530 0x27930 0x0
RemoveDirectoryA 0x0 0x42b534 0x2b534 0x27934 0x0
LoadLibraryA 0x0 0x42b538 0x2b538 0x27938 0x0
GetWindowsDirectoryA 0x0 0x42b53c 0x2b53c 0x2793c 0x0
GetVersionExA 0x0 0x42b540 0x2b540 0x27940 0x0
GetTimeFormatA 0x0 0x42b544 0x2b544 0x27944 0x0
GetTempPathA 0x0 0x42b548 0x2b548 0x27948 0x0
GetSystemDirectoryA 0x0 0x42b54c 0x2b54c 0x2794c 0x0
GetShortPathNameA 0x0 0x42b550 0x2b550 0x27950 0x0
GetPrivateProfileStringA 0x0 0x42b554 0x2b554 0x27954 0x0
GetModuleHandleA 0x0 0x42b558 0x2b558 0x27958 0x0
GetModuleFileNameA 0x0 0x42b55c 0x2b55c 0x2795c 0x0
GetFullPathNameA 0x0 0x42b560 0x2b560 0x27960 0x0
GetFileAttributesA 0x0 0x42b564 0x2b564 0x27964 0x0
GetDiskFreeSpaceA 0x0 0x42b568 0x2b568 0x27968 0x0
GetDateFormatA 0x0 0x42b56c 0x2b56c 0x2796c 0x0
GetComputerNameA 0x0 0x42b570 0x2b570 0x27970 0x0
GetCommandLineA 0x0 0x42b574 0x2b574 0x27974 0x0
FindNextFileA 0x0 0x42b578 0x2b578 0x27978 0x0
FindFirstFileA 0x0 0x42b57c 0x2b57c 0x2797c 0x0
ExpandEnvironmentStringsA 0x0 0x42b580 0x2b580 0x27980 0x0
DeleteFileA 0x0 0x42b584 0x2b584 0x27984 0x0
CreateFileA 0x0 0x42b588 0x2b588 0x27988 0x0
CreateDirectoryA 0x0 0x42b58c 0x2b58c 0x2798c 0x0
CompareStringA 0x0 0x42b590 0x2b590 0x27990 0x0
advapi32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x42b598 0x2b598 0x27998 0x0
RegQueryValueExA 0x0 0x42b59c 0x2b59c 0x2799c 0x0
RegQueryInfoKeyA 0x0 0x42b5a0 0x2b5a0 0x279a0 0x0
RegOpenKeyExA 0x0 0x42b5a4 0x2b5a4 0x279a4 0x0
RegEnumKeyExA 0x0 0x42b5a8 0x2b5a8 0x279a8 0x0
RegCreateKeyExA 0x0 0x42b5ac 0x2b5ac 0x279ac 0x0
LookupPrivilegeValueA 0x0 0x42b5b0 0x2b5b0 0x279b0 0x0
GetUserNameA 0x0 0x42b5b4 0x2b5b4 0x279b4 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteExA 0x0 0x42b5bc 0x2b5bc 0x279bc 0x0
ShellExecuteA 0x0 0x42b5c0 0x2b5c0 0x279c0 0x0
cabinet.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FDIDestroy 0x0 0x42b5c8 0x2b5c8 0x279c8 0x0
FDICopy 0x0 0x42b5cc 0x2b5cc 0x279cc 0x0
FDICreate 0x0 0x42b5d0 0x2b5d0 0x279d0 0x0
ole32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleInitialize 0x0 0x42b5d8 0x2b5d8 0x279d8 0x0
CoTaskMemFree 0x0 0x42b5dc 0x2b5dc 0x279dc 0x0
CoCreateInstance 0x0 0x42b5e0 0x2b5e0 0x279e0 0x0
CoUninitialize 0x0 0x42b5e4 0x2b5e4 0x279e4 0x0
CoInitialize 0x0 0x42b5e8 0x2b5e8 0x279e8 0x0
shell32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetSpecialFolderLocation 0x0 0x42b5f0 0x2b5f0 0x279f0 0x0
SHGetPathFromIDListA 0x0 0x42b5f4 0x2b5f4 0x279f4 0x0
SHGetMalloc 0x0 0x42b5f8 0x2b5f8 0x279f8 0x0
SHChangeNotify 0x0 0x42b5fc 0x2b5fc 0x279fc 0x0
SHBrowseForFolderA 0x0 0x42b600 0x2b600 0x27a00 0x0
Icons (1)
»
C:\Program Files\Remote Utilities - Host\Czech.lg Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 52.96 KB
MD5 d39727c9980021059a0f2073277e039e Copy to Clipboard
SHA1 a59b8f6d517741a8cf8c88cbb9bc7ddfa8879f75 Copy to Clipboard
SHA256 f1900d97610996e7a71c354f3899c26324e5a5493374a4d697558e4c4f669257 Copy to Clipboard
SSDeep 1536:O0vOy1dWVToDCWJRxHHO4hspLBPxrEXvLZJKQn6TYbjL6bgC+cYP2k:O0vOy1dWVToDCWJRxHHO4hspVPxrEXvd Copy to Clipboard
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\Up Created File Image
Not Queried
...
»
Mime Type image/x-icon
File Size 0.31 KB
MD5 83730ac00391fb0f02f56fe2e4207a10 Copy to Clipboard
SHA1 139fed8f0216132450e66bda0fbbdc2a5bd333af Copy to Clipboard
SHA256 573e3260eed63604f24f6f10ce5294e25e22fda9e5bfd9010134de6e684bab98 Copy to Clipboard
SSDeep 3:PFErXllvlNl/AXll/lFl/Ft/HtAiotuZt/nreBB+eKemhlRhmeemfB+ll5evZ/Xy:k9ij1KBBhK9jwmfBuiKaq5n Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Portuguese.lg Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 54.77 KB
MD5 18e6affb3bee46aeaf86efb1977f358b Copy to Clipboard
SHA1 0df0b1fb0e3e59bc2f52d2a2bdadd29bf0adebc7 Copy to Clipboard
SHA256 c6e7b98ea6fd6bd60d26c46ba6432000cf4c47c5ba137fb63e905cfc2b3d36ba Copy to Clipboard
SSDeep 768:KBj5qg4szsX0erv9Xp3TV8yz5FJhD1sWnqzFu9nwd49ZJnE:0MYCvd0G3ZJE Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Printer\x86\ntprint.inf Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 9.47 KB
MD5 6476f7217d9d6372361b9e49d701fb99 Copy to Clipboard
SHA1 e1155ab2acc8a9c9b3c83d1e98f816b84b5e7e25 Copy to Clipboard
SHA256 6135d3c9956a00c22615e53d66085dabbe2fbb93df7b0cdf5c4f7f7b3829f58b Copy to Clipboard
SSDeep 192:jxUPudWfG9sPEd5yVplXhzPGeQ6cGIDGzBs+2o5WcicJXoNaTXy:jyxFeGIDIFXoNT Copy to Clipboard
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\typicalex.ico Created File Image
Not Queried
...
»
Mime Type image/x-icon
File Size 14.73 KB
MD5 eb3f9054bb5f95ed6b10ec4e16a026be Copy to Clipboard
SHA1 35760271a03029996bda26d5d596cfcc465e3ea9 Copy to Clipboard
SHA256 e330fa8030aa0465b02880133addba0a8c6011b511f6968b413bf45516f7275e Copy to Clipboard
SSDeep 192:entnoFoTahmFxRYq7mE25b6K0FHQHVd4oXb2zwNf3i4ij:enWuPFxt785T0FHQHgo2wNf3oj Copy to Clipboard
\\?\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Adobe Reader 12.0.1\install\setup.msi Created File Unknown
Not Queried
...
»
Also Known As C:\Windows\Installer\30de4.msi (Created File)
Mime Type application/CDFV2-unknown
File Size 973.00 KB
MD5 faefe083c40bc8a079c200424386f000 Copy to Clipboard
SHA1 3ac616ee5902e23ead8ae3b252080a3f2097135e Copy to Clipboard
SHA256 fe01fe7743184d35430f0f1439e826bb6e6e40c74401da017e3db3dd8166a6ec Copy to Clipboard
SSDeep 24576:P8FsyPEkYoSsnl3xonRD8PuLmmLM8PjWJ+SkJO:P86voSsl3xonRD8PuLjLhPSJ+SkJ Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Portuguese, Brazilian.lg Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 54.60 KB
MD5 119f5f60b0d87bd3a9e34eefe510cead Copy to Clipboard
SHA1 07835dce1a48d571d1e8a5a4ff1f47f44bac3992 Copy to Clipboard
SHA256 b9793f0ede71f259dc242c926cdc8f70fdb241a8a0f22c7206fb51b7e0a43002 Copy to Clipboard
SSDeep 384:1ZxUvMzwgsBD5ujNuKXXXx2WGOwZD13jQjgmYc/+nxSIdIJTN/JmG:rIOaupD3xOOREmonxwTNX Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.cat Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 8.68 KB
MD5 a9790fa84c8d1511f3b7f9dc4c97435f Copy to Clipboard
SHA1 0342a477e0a8779ad05e716f4d563ff676e1b2a4 Copy to Clipboard
SHA256 beb45913bc014d70ceb9e061b9683de36fe3d000f425c4df6151be1a37c6fb0c Copy to Clipboard
SSDeep 192:enYe+PjPJdZubhlCVuuImqAZscF8Bd1LM4L4Zyi:enYPLXZgwgAZsHLM4E Copy to Clipboard
c:\system volume information\spp\snapshot-2 Created File Stream
Not Queried
...
»
Also Known As c:\system volume information\spp\onlinemetadatacache\{ac52d7cd-10ca-44c9-9873-cc1ac98a5961}_ondisksnapshotprop (Created File)
Mime Type application/octet-stream
File Size 2.83 KB
MD5 ea43249a6f35f72835a9e0b5126ae002 Copy to Clipboard
SHA1 ffe78df566e2b37cdf4bb469cae4d29c1e7c876a Copy to Clipboard
SHA256 2e0103284803513abb6ab3fbc6c350b63e170bafb5724b206ba1476fab8b7e79 Copy to Clipboard
SSDeep 48:Xz9n+a6k38R6k3x9PrZRE85iGqKrGqdezYGqj1xs+jcPufeGp9bR1fOIgBKRBQ0V:jt+f2v23tcDKrDo0DjI4HzXOHBKQq Copy to Clipboard
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\tabback Created File Image
Not Queried
...
»
Mime Type image/x-ms-bmp
File Size 0.83 KB
MD5 4c3dda35e23d44e273d82f7f4c38470a Copy to Clipboard
SHA1 b62bc59f3eed29d3509c7908da72041bd9495178 Copy to Clipboard
SHA256 e728f79439e07df1afbcf03e8788fa0b8b08cf459db31fc8568bc511bf799537 Copy to Clipboard
SSDeep 24:kUGGGGGGGGjg/QUVdLbCKKKKKKWqqqqqqr:kGUVdnCKKKKKKWqqqqqqr Copy to Clipboard
C:\Program Files\Remote Utilities - Host\RWLN.dll Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 967.02 KB
MD5 534d6f176f6cbc725f9e7db8028cd3f7 Copy to Clipboard
SHA1 35b53f2e344f4a908a551409d018a91dc58100d5 Copy to Clipboard
SHA256 e713f288a46aad762f76c945467bb3ea7c84edfc56cec1c4c1b40d9f919bdcc0 Copy to Clipboard
SSDeep 12288:+EWFAQWGdxKCe/7BL83fQdRQ0TESX+EHjggwPzN:/ZG9e/tLHu0TESX+EHjKzN Copy to Clipboard
ImpHash 39e3fa7512ea3ee76e55c943ede81a85 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4d37d8
Size Of Code 0xd2400
Size Of Initialized Data 0x1d200
File Type dll
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2017-03-27 15:17:54+00:00
Version Information (9)
»
LegalCopyright Copyright © 2017 Remote Utilities LLC. All rights reserved.
FileVersion 6.6.0.2
CompanyName Remote Utilities LLC
LegalTrademarks Remote Utilities LLC
Comments Remote Utilities unit
ProductName Remote Utilities
ProgramID com.remoteutilities.RWLN
ProductVersion 6.6.0.2
FileDescription Remote Utilities unit
Sections (10)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xd18b4 0xd1a00 0x400 cnt_code, mem_execute, mem_read 6.46
.itext 0x4d3000 0x808 0xa00 0xd1e00 cnt_code, mem_execute, mem_read 5.44
.data 0x4d4000 0x3a38 0x3c00 0xd2800 cnt_initialized_data, mem_read, mem_write 5.26
.bss 0x4d8000 0x5d44 0x0 0x0 mem_read, mem_write 0.0
.idata 0x4de000 0x1050 0x1200 0xd6400 cnt_initialized_data, mem_read, mem_write 4.72
.didata 0x4e0000 0x212 0x400 0xd7600 cnt_initialized_data, mem_read, mem_write 2.05
.edata 0x4e1000 0xde 0x200 0xd7a00 cnt_initialized_data, mem_read 2.71
.rdata 0x4e2000 0x45 0x200 0xd7c00 cnt_initialized_data, mem_read 1.18
.reloc 0x4e3000 0x14a94 0x14c00 0xd7e00 cnt_initialized_data, mem_discardable, mem_read 6.69
.rsrc 0x4f8000 0x3000 0x3000 0xeca00 cnt_initialized_data, mem_read 3.67
Imports (11)
»
oleaut32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x4de364 0xde0f0 0xd64f0 0x0
SysReAllocStringLen 0x0 0x4de368 0xde0f4 0xd64f4 0x0
SysAllocStringLen 0x0 0x4de36c 0xde0f8 0xd64f8 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExW 0x0 0x4de374 0xde100 0xd6500 0x0
RegOpenKeyExW 0x0 0x4de378 0xde104 0xd6504 0x0
RegCloseKey 0x0 0x4de37c 0xde108 0xd6508 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CharNextW 0x0 0x4de384 0xde110 0xd6510 0x0
LoadStringW 0x0 0x4de388 0xde114 0xd6514 0x0
kernel32.dll (42)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Sleep 0x0 0x4de390 0xde11c 0xd651c 0x0
VirtualFree 0x0 0x4de394 0xde120 0xd6520 0x0
VirtualAlloc 0x0 0x4de398 0xde124 0xd6524 0x0
lstrlenW 0x0 0x4de39c 0xde128 0xd6528 0x0
VirtualQuery 0x0 0x4de3a0 0xde12c 0xd652c 0x0
GetTickCount 0x0 0x4de3a4 0xde130 0xd6530 0x0
GetSystemInfo 0x0 0x4de3a8 0xde134 0xd6534 0x0
GetVersion 0x0 0x4de3ac 0xde138 0xd6538 0x0
CompareStringW 0x0 0x4de3b0 0xde13c 0xd653c 0x0
IsValidLocale 0x0 0x4de3b4 0xde140 0xd6540 0x0
SetThreadLocale 0x0 0x4de3b8 0xde144 0xd6544 0x0
GetSystemDefaultUILanguage 0x0 0x4de3bc 0xde148 0xd6548 0x0
GetUserDefaultUILanguage 0x0 0x4de3c0 0xde14c 0xd654c 0x0
GetLocaleInfoW 0x0 0x4de3c4 0xde150 0xd6550 0x0
WideCharToMultiByte 0x0 0x4de3c8 0xde154 0xd6554 0x0
MultiByteToWideChar 0x0 0x4de3cc 0xde158 0xd6558 0x0
GetACP 0x0 0x4de3d0 0xde15c 0xd655c 0x0
LoadLibraryExW 0x0 0x4de3d4 0xde160 0xd6560 0x0
GetStartupInfoW 0x0 0x4de3d8 0xde164 0xd6564 0x0
GetProcAddress 0x0 0x4de3dc 0xde168 0xd6568 0x0
GetModuleHandleW 0x0 0x4de3e0 0xde16c 0xd656c 0x0
GetModuleFileNameW 0x0 0x4de3e4 0xde170 0xd6570 0x0
GetCommandLineW 0x0 0x4de3e8 0xde174 0xd6574 0x0
FreeLibrary 0x0 0x4de3ec 0xde178 0xd6578 0x0
GetLastError 0x0 0x4de3f0 0xde17c 0xd657c 0x0
UnhandledExceptionFilter 0x0 0x4de3f4 0xde180 0xd6580 0x0
RtlUnwind 0x0 0x4de3f8 0xde184 0xd6584 0x0
RaiseException 0x0 0x4de3fc 0xde188 0xd6588 0x0
ExitProcess 0x0 0x4de400 0xde18c 0xd658c 0x0
ExitThread 0x0 0x4de404 0xde190 0xd6590 0x0
SwitchToThread 0x0 0x4de408 0xde194 0xd6594 0x0
GetCurrentThreadId 0x0 0x4de40c 0xde198 0xd6598 0x0
CreateThread 0x0 0x4de410 0xde19c 0xd659c 0x0
DeleteCriticalSection 0x0 0x4de414 0xde1a0 0xd65a0 0x0
LeaveCriticalSection 0x0 0x4de418 0xde1a4 0xd65a4 0x0
EnterCriticalSection 0x0 0x4de41c 0xde1a8 0xd65a8 0x0
InitializeCriticalSection 0x0 0x4de420 0xde1ac 0xd65ac 0x0
FindFirstFileW 0x0 0x4de424 0xde1b0 0xd65b0 0x0
FindClose 0x0 0x4de428 0xde1b4 0xd65b4 0x0
WriteFile 0x0 0x4de42c 0xde1b8 0xd65b8 0x0
GetStdHandle 0x0 0x4de430 0xde1bc 0xd65bc 0x0
CloseHandle 0x0 0x4de434 0xde1c0 0xd65c0 0x0
kernel32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetProcAddress 0x0 0x4de43c 0xde1c8 0xd65c8 0x0
RaiseException 0x0 0x4de440 0xde1cc 0xd65cc 0x0
LoadLibraryA 0x0 0x4de444 0xde1d0 0xd65d0 0x0
GetLastError 0x0 0x4de448 0xde1d4 0xd65d4 0x0
TlsSetValue 0x0 0x4de44c 0xde1d8 0xd65d8 0x0
TlsGetValue 0x0 0x4de450 0xde1dc 0xd65dc 0x0
TlsFree 0x0 0x4de454 0xde1e0 0xd65e0 0x0
TlsAlloc 0x0 0x4de458 0xde1e4 0xd65e4 0x0
LocalFree 0x0 0x4de45c 0xde1e8 0xd65e8 0x0
LocalAlloc 0x0 0x4de460 0xde1ec 0xd65ec 0x0
FreeLibrary 0x0 0x4de464 0xde1f0 0xd65f0 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PeekMessageW 0x0 0x4de46c 0xde1f8 0xd65f8 0x0
MsgWaitForMultipleObjects 0x0 0x4de470 0xde1fc 0xd65fc 0x0
MessageBoxW 0x0 0x4de474 0xde200 0xd6600 0x0
LoadStringW 0x0 0x4de478 0xde204 0xd6604 0x0
GetSystemMetrics 0x0 0x4de47c 0xde208 0xd6608 0x0
CharUpperBuffW 0x0 0x4de480 0xde20c 0xd660c 0x0
CharUpperW 0x0 0x4de484 0xde210 0xd6610 0x0
CharLowerBuffW 0x0 0x4de488 0xde214 0xd6614 0x0
version.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VerQueryValueW 0x0 0x4de490 0xde21c 0xd661c 0x0
GetFileVersionInfoSizeW 0x0 0x4de494 0xde220 0xd6620 0x0
GetFileVersionInfoW 0x0 0x4de498 0xde224 0xd6624 0x0
kernel32.dll (64)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x4de4a0 0xde22c 0xd662c 0x0
WideCharToMultiByte 0x0 0x4de4a4 0xde230 0xd6630 0x0
WaitForSingleObject 0x0 0x4de4a8 0xde234 0xd6634 0x0
VirtualQueryEx 0x0 0x4de4ac 0xde238 0xd6638 0x0
VirtualQuery 0x0 0x4de4b0 0xde23c 0xd663c 0x0
VirtualProtect 0x0 0x4de4b4 0xde240 0xd6640 0x0
VirtualFree 0x0 0x4de4b8 0xde244 0xd6644 0x0
VerSetConditionMask 0x0 0x4de4bc 0xde248 0xd6648 0x0
VerifyVersionInfoW 0x0 0x4de4c0 0xde24c 0xd664c 0x0
SwitchToThread 0x0 0x4de4c4 0xde250 0xd6650 0x0
SuspendThread 0x0 0x4de4c8 0xde254 0xd6654 0x0
Sleep 0x0 0x4de4cc 0xde258 0xd6658 0x0
SetThreadPriority 0x0 0x4de4d0 0xde25c 0xd665c 0x0
SetFilePointer 0x0 0x4de4d4 0xde260 0xd6660 0x0
SetEvent 0x0 0x4de4d8 0xde264 0xd6664 0x0
SetEndOfFile 0x0 0x4de4dc 0xde268 0xd6668 0x0
ResumeThread 0x0 0x4de4e0 0xde26c 0xd666c 0x0
ResetEvent 0x0 0x4de4e4 0xde270 0xd6670 0x0
ReadFile 0x0 0x4de4e8 0xde274 0xd6674 0x0
RaiseException 0x0 0x4de4ec 0xde278 0xd6678 0x0
IsDebuggerPresent 0x0 0x4de4f0 0xde27c 0xd667c 0x0
LocalFree 0x0 0x4de4f4 0xde280 0xd6680 0x0
IsValidLocale 0x0 0x4de4f8 0xde284 0xd6684 0x0
HeapSize 0x0 0x4de4fc 0xde288 0xd6688 0x0
HeapFree 0x0 0x4de500 0xde28c 0xd668c 0x0
HeapDestroy 0x0 0x4de504 0xde290 0xd6690 0x0
HeapCreate 0x0 0x4de508 0xde294 0xd6694 0x0
HeapAlloc 0x0 0x4de50c 0xde298 0xd6698 0x0
GetVersionExW 0x0 0x4de510 0xde29c 0xd669c 0x0
GetTickCount 0x0 0x4de514 0xde2a0 0xd66a0 0x0
GetThreadPriority 0x0 0x4de518 0xde2a4 0xd66a4 0x0
GetThreadLocale 0x0 0x4de51c 0xde2a8 0xd66a8 0x0
GetStdHandle 0x0 0x4de520 0xde2ac 0xd66ac 0x0
GetProcAddress 0x0 0x4de524 0xde2b0 0xd66b0 0x0
GetModuleHandleW 0x0 0x4de528 0xde2b4 0xd66b4 0x0
GetModuleFileNameW 0x0 0x4de52c 0xde2b8 0xd66b8 0x0
GetLocaleInfoW 0x0 0x4de530 0xde2bc 0xd66bc 0x0
GetLocalTime 0x0 0x4de534 0xde2c0 0xd66c0 0x0
GetLastError 0x0 0x4de538 0xde2c4 0xd66c4 0x0
GetFullPathNameW 0x0 0x4de53c 0xde2c8 0xd66c8 0x0
GetExitCodeThread 0x0 0x4de540 0xde2cc 0xd66cc 0x0
GetDiskFreeSpaceW 0x0 0x4de544 0xde2d0 0xd66d0 0x0
GetDateFormatW 0x0 0x4de548 0xde2d4 0xd66d4 0x0
GetCurrentThreadId 0x0 0x4de54c 0xde2d8 0xd66d8 0x0
GetCurrentThread 0x0 0x4de550 0xde2dc 0xd66dc 0x0
GetCurrentProcessId 0x0 0x4de554 0xde2e0 0xd66e0 0x0
GetCurrentProcess 0x0 0x4de558 0xde2e4 0xd66e4 0x0
GetCPInfoExW 0x0 0x4de55c 0xde2e8 0xd66e8 0x0
GetCPInfo 0x0 0x4de560 0xde2ec 0xd66ec 0x0
GetACP 0x0 0x4de564 0xde2f0 0xd66f0 0x0
FreeLibrary 0x0 0x4de568 0xde2f4 0xd66f4 0x0
FormatMessageW 0x0 0x4de56c 0xde2f8 0xd66f8 0x0
FlushFileBuffers 0x0 0x4de570 0xde2fc 0xd66fc 0x0
EnumSystemLocalesW 0x0 0x4de574 0xde300 0xd6700 0x0
EnumCalendarInfoW 0x0 0x4de578 0xde304 0xd6704 0x0
DisconnectNamedPipe 0x0 0x4de57c 0xde308 0xd6708 0x0
DisableThreadLibraryCalls 0x0 0x4de580 0xde30c 0xd670c 0x0
CreateProcessW 0x0 0x4de584 0xde310 0xd6710 0x0
CreateNamedPipeW 0x0 0x4de588 0xde314 0xd6714 0x0
CreateFileW 0x0 0x4de58c 0xde318 0xd6718 0x0
CreateEventW 0x0 0x4de590 0xde31c 0xd671c 0x0
ConnectNamedPipe 0x0 0x4de594 0xde320 0xd6720 0x0
CompareStringW 0x0 0x4de598 0xde324 0xd6724 0x0
CloseHandle 0x0 0x4de59c 0xde328 0xd6728 0x0
kernel32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Sleep 0x0 0x4de5a4 0xde330 0xd6730 0x0
netapi32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NetWkstaGetInfo 0x0 0x4de5ac 0xde338 0xd6738 0x0
oleaut32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SafeArrayPtrOfIndex 0x0 0x4de5b4 0xde340 0xd6740 0x0
SafeArrayGetUBound 0x0 0x4de5b8 0xde344 0xd6744 0x0
SafeArrayGetLBound 0x0 0x4de5bc 0xde348 0xd6748 0x0
SafeArrayCreate 0x0 0x4de5c0 0xde34c 0xd674c 0x0
VariantChangeType 0x0 0x4de5c4 0xde350 0xd6750 0x0
VariantCopy 0x0 0x4de5c8 0xde354 0xd6754 0x0
VariantClear 0x0 0x4de5cc 0xde358 0xd6758 0x0
VariantInit 0x0 0x4de5d0 0xde35c 0xd675c 0x0
Exports (6)
»
Api name EAT Address Ordinal
TMethodImplementationIntercept 0x5b178 0x3
WLEventLogoff 0xce2a4 0x5
WLEventLogon 0xce0a0 0x6
WLEventStartup 0xce2ac 0x4
__dbk_fcall_wrapper 0xfe58 0x2
dbkFCallWrapperAddr 0xdb5a8 0x1
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\Program Files\Remote Utilities - Host\Polish.lg Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 53.29 KB
MD5 da9d399b473ccff29e6e8f9a5723cbfb Copy to Clipboard
SHA1 d878b4206aaf64384162e96673845e913db34c69 Copy to Clipboard
SHA256 b885b4e1e7bea7c202c71313a60774143dd7cc18d1a0ec8412b47d53016ea3f3 Copy to Clipboard
SSDeep 768:FlnI42juO0ISxfcndYoIw+hPj6Ewz0EMlkHYoTZ:FZg Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Printer\x86\rup.ini Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 0.04 KB
MD5 ec01a42770693558a18ba4c72d9ada05 Copy to Clipboard
SHA1 484bd82cabc1c6ecc8214b3c8e57258755725d79 Copy to Clipboard
SHA256 e1113b0f0daa2ce44dcc01dabfd8bdff21630c724a333868c87fb9822e60ebed Copy to Clipboard
SSDeep 3:z8ANyq3jIrc:z8cy2Ec Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Printer\x86\install.cmd Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 0.06 KB
MD5 23ada030ee52b855789e8fb0db6b5c4b Copy to Clipboard
SHA1 1f5b1274d7f86fbe2675c9c702196711de2a6d50 Copy to Clipboard
SHA256 e7ad95fc7303838383f6fddea9615bb70de8579f53e5df581c1557a01c37ce5e Copy to Clipboard
SSDeep 3:6L6Vm4uWkVm4uW5Bn:g6VmHpVmHiB Copy to Clipboard
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\customex.ico Created File Image
Not Queried
...
»
Mime Type image/x-icon
File Size 14.73 KB
MD5 1b5701d7f753135c22cc1ae694ffaf4b Copy to Clipboard
SHA1 966bdef4159022fcc8740b6eb75b8d7ac4212504 Copy to Clipboard
SHA256 aeba695175ed96d3ede9fe30e486df59c64a5fd802c15cb67f55e03a0537cd13 Copy to Clipboard
SSDeep 192:lN3tnFnyRZF64BiTfwy+aXE25b6K0FHQHVd4RhE2zwZlaw484:lN3XYa5TIaD5T0FHQHgRfwZla04 Copy to Clipboard
C:\inst_fold\armstatus.exe Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 1.90 MB
MD5 536b8e509b970ffebf115c66d6af7e3c Copy to Clipboard
SHA1 f787d8b4a4716e13220d89940c3ea69868114fd9 Copy to Clipboard
SHA256 938efd3a6e96d296b3404c3f3e653a86aeba671c9747ce13c6c14ec2101428b9 Copy to Clipboard
SSDeep 24576:V9c/ardILiw+ygSblvB6QWi01cfPvwuQ593h3eN:VO/wdIAYxB6QWPE Copy to Clipboard
ImpHash 6d5613449d9401e51320206726768c75 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4012e0
Size Of Code 0xa0200
Size Of Initialized Data 0xe5e00
Size Of Uninitialized Data 0xc00
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2018-04-08 21:58:14+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xa003c 0xa0200 0x400 cnt_code, cnt_initialized_data, align_1bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_execute, mem_read 6.29
.data 0x4a2000 0x1ac8 0x1c00 0xa0600 cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write 0.25
.rdata 0x4a4000 0xa6e4 0xa800 0xa2200 cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read 5.55
.eh_fram 0x4af000 0x38600 0x38600 0xaca00 cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read 4.79
.bss 0x4e8000 0xb80 0x0 0x0 cnt_uninitialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write 0.0
.idata 0x4e9000 0xc28 0xe00 0xe5000 cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write 4.84
.CRT 0x4ea000 0x18 0x200 0xe5e00 cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write 0.09
.tls 0x4eb000 0x20 0x200 0xe6000 cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write 0.22
Imports (5)
»
ADVAPI32.DLL (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey 0x0 0x4e9258 0xe9078 0xe5078 0x182
RegOpenKeyExA 0x0 0x4e925c 0xe907c 0xe507c 0x19d
RegQueryValueExA 0x0 0x4e9260 0xe9080 0xe5080 0x1a7
KERNEL32.dll (34)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CloseHandle 0x0 0x4e9268 0xe9088 0xe5088 0x52
CreateSemaphoreW 0x0 0x4e926c 0xe908c 0xe508c 0xac
DeleteCriticalSection 0x0 0x4e9270 0xe9090 0xe5090 0xcf
EnterCriticalSection 0x0 0x4e9274 0xe9094 0xe5094 0xec
ExitProcess 0x0 0x4e9278 0xe9098 0xe5098 0x117
FindClose 0x0 0x4e927c 0xe909c 0xe509c 0x12c
FindFirstFileA 0x0 0x4e9280 0xe90a0 0xe50a0 0x130
FindNextFileA 0x0 0x4e9284 0xe90a4 0xe50a4 0x141
FreeLibrary 0x0 0x4e9288 0xe90a8 0xe50a8 0x160
GetCommandLineA 0x0 0x4e928c 0xe90ac 0xe50ac 0x184
GetCurrentThreadId 0x0 0x4e9290 0xe90b0 0xe50b0 0x1c3
GetLastError 0x0 0x4e9294 0xe90b4 0xe50b4 0x1fe
GetModuleHandleA 0x0 0x4e9298 0xe90b8 0xe50b8 0x211
GetProcAddress 0x0 0x4e929c 0xe90bc 0xe50bc 0x241
InitializeCriticalSection 0x0 0x4e92a0 0xe90c0 0xe50c0 0x2de
InterlockedDecrement 0x0 0x4e92a4 0xe90c4 0xe50c4 0x2e7
InterlockedExchange 0x0 0x4e92a8 0xe90c8 0xe50c8 0x2e8
InterlockedIncrement 0x0 0x4e92ac 0xe90cc 0xe50cc 0x2eb
IsDBCSLeadByteEx 0x0 0x4e92b0 0xe90d0 0xe50d0 0x2fb
LeaveCriticalSection 0x0 0x4e92b4 0xe90d4 0xe50d4 0x32e
LoadLibraryA 0x0 0x4e92b8 0xe90d8 0xe50d8 0x331
MultiByteToWideChar 0x0 0x4e92bc 0xe90dc 0xe50dc 0x35c
ReleaseSemaphore 0x0 0x4e92c0 0xe90e0 0xe50e0 0x3d2
SetLastError 0x0 0x4e92c4 0xe90e4 0xe50e4 0x443
SetUnhandledExceptionFilter 0x0 0x4e92c8 0xe90e8 0xe50e8 0x474
Sleep 0x0 0x4e92cc 0xe90ec 0xe50ec 0x480
TlsAlloc 0x0 0x4e92d0 0xe90f0 0xe50f0 0x493
TlsFree 0x0 0x4e92d4 0xe90f4 0xe50f4 0x494
TlsGetValue 0x0 0x4e92d8 0xe90f8 0xe50f8 0x495
TlsSetValue 0x0 0x4e92dc 0xe90fc 0xe50fc 0x496
VirtualProtect 0x0 0x4e92e0 0xe9100 0xe5100 0x4bd
VirtualQuery 0x0 0x4e92e4 0xe9104 0xe5104 0x4bf
WaitForSingleObject 0x0 0x4e92e8 0xe9108 0xe5108 0x4c7
WideCharToMultiByte 0x0 0x4e92ec 0xe910c 0xe510c 0x4df
msvcrt.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_fdopen 0x0 0x4e92f4 0xe9114 0xe5114 0x17
_fstat 0x0 0x4e92f8 0xe9118 0xe5118 0x20
_lseek 0x0 0x4e92fc 0xe911c 0xe511c 0x33
_read 0x0 0x4e9300 0xe9120 0xe5120 0x40
_strdup 0x0 0x4e9304 0xe9124 0xe5124 0x50
_stricoll 0x0 0x4e9308 0xe9128 0xe5128 0x52
_write 0x0 0x4e930c 0xe912c 0xe512c 0x6d
msvcrt.dll (70)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__getmainargs 0x0 0x4e9314 0xe9134 0xe5134 0x58
__mb_cur_max 0x0 0x4e9318 0xe9138 0xe5138 0x77
__p__environ 0x0 0x4e931c 0xe913c 0xe513c 0x83
__p__fmode 0x0 0x4e9320 0xe9140 0xe5140 0x85
__set_app_type 0x0 0x4e9324 0xe9144 0xe5144 0x99
_cexit 0x0 0x4e9328 0xe9148 0xe5148 0xdb
_errno 0x0 0x4e932c 0xe914c 0xe514c 0x11d
_filbuf 0x0 0x4e9330 0xe9150 0xe5150 0x132
_flsbuf 0x0 0x4e9334 0xe9154 0xe5154 0x13f
_fullpath 0x0 0x4e9338 0xe9158 0xe5158 0x15e
_iob 0x0 0x4e933c 0xe915c 0xe515c 0x1a1
_isctype 0x0 0x4e9340 0xe9160 0xe5160 0x1a6
_onexit 0x0 0x4e9344 0xe9164 0xe5164 0x2b1
_pctype 0x0 0x4e9348 0xe9168 0xe5168 0x2ba
_setmode 0x0 0x4e934c 0xe916c 0xe516c 0x2f1
abort 0x0 0x4e9350 0xe9170 0xe5170 0x43b
atexit 0x0 0x4e9354 0xe9174 0xe5174 0x443
atoi 0x0 0x4e9358 0xe9178 0xe5178 0x445
calloc 0x0 0x4e935c 0xe917c 0xe517c 0x44a
clock 0x0 0x4e9360 0xe9180 0xe5180 0x44e
fclose 0x0 0x4e9364 0xe9184 0xe5184 0x457
fflush 0x0 0x4e9368 0xe9188 0xe5188 0x45a
fopen 0x0 0x4e936c 0xe918c 0xe518c 0x462
fputc 0x0 0x4e9370 0xe9190 0xe5190 0x466
fputs 0x0 0x4e9374 0xe9194 0xe5194 0x467
fread 0x0 0x4e9378 0xe9198 0xe5198 0x46a
free 0x0 0x4e937c 0xe919c 0xe519c 0x46b
fseek 0x0 0x4e9380 0xe91a0 0xe51a0 0x471
ftell 0x0 0x4e9384 0xe91a4 0xe51a4 0x473
fwrite 0x0 0x4e9388 0xe91a8 0xe51a8 0x476
getenv 0x0 0x4e938c 0xe91ac 0xe51ac 0x47b
getwc 0x0 0x4e9390 0xe91b0 0xe51b0 0x47e
iswctype 0x0 0x4e9394 0xe91b4 0xe51b4 0x491
localeconv 0x0 0x4e9398 0xe91b8 0xe51b8 0x49e
malloc 0x0 0x4e939c 0xe91bc 0xe51bc 0x4a3
mbstowcs 0x0 0x4e93a0 0xe91c0 0xe51c0 0x4aa
memchr 0x0 0x4e93a4 0xe91c4 0xe51c4 0x4ad
memcmp 0x0 0x4e93a8 0xe91c8 0xe51c8 0x4ae
memcpy 0x0 0x4e93ac 0xe91cc 0xe51cc 0x4af
memmove 0x0 0x4e93b0 0xe91d0 0xe51d0 0x4b1
memset 0x0 0x4e93b4 0xe91d4 0xe51d4 0x4b3
printf 0x0 0x4e93b8 0xe91d8 0xe51d8 0x4b8
putwc 0x0 0x4e93bc 0xe91dc 0xe51dc 0x4bd
realloc 0x0 0x4e93c0 0xe91e0 0xe51e0 0x4c4
setlocale 0x0 0x4e93c4 0xe91e4 0xe51e4 0x4cb
setvbuf 0x0 0x4e93c8 0xe91e8 0xe51e8 0x4cc
signal 0x0 0x4e93cc 0xe91ec 0xe51ec 0x4cd
sprintf 0x0 0x4e93d0 0xe91f0 0xe51f0 0x4d0
strchr 0x0 0x4e93d4 0xe91f4 0xe51f4 0x4d8
strcmp 0x0 0x4e93d8 0xe91f8 0xe51f8 0x4d9
strcoll 0x0 0x4e93dc 0xe91fc 0xe51fc 0x4da
strerror 0x0 0x4e93e0 0xe9200 0xe5200 0x4de
strftime 0x0 0x4e93e4 0xe9204 0xe5204 0x4e0
strlen 0x0 0x4e93e8 0xe9208 0xe5208 0x4e1
strtod 0x0 0x4e93ec 0xe920c 0xe520c 0x4eb
strtoul 0x0 0x4e93f0 0xe9210 0xe5210 0x4ef
strxfrm 0x0 0x4e93f4 0xe9214 0xe5214 0x4f0
time 0x0 0x4e93f8 0xe9218 0xe5218 0x4f8
tolower 0x0 0x4e93fc 0xe921c 0xe521c 0x4fd
towlower 0x0 0x4e9400 0xe9220 0xe5220 0x4ff
towupper 0x0 0x4e9404 0xe9224 0xe5224 0x500
ungetc 0x0 0x4e9408 0xe9228 0xe5228 0x501
ungetwc 0x0 0x4e940c 0xe922c 0xe522c 0x502
vfprintf 0x0 0x4e9410 0xe9230 0xe5230 0x504
vsprintf 0x0 0x4e9414 0xe9234 0xe5234 0x50b
wcscoll 0x0 0x4e9418 0xe9238 0xe5238 0x517
wcsftime 0x0 0x4e941c 0xe923c 0xe523c 0x51b
wcslen 0x0 0x4e9420 0xe9240 0xe5240 0x51c
wcstombs 0x0 0x4e9424 0xe9244 0xe5244 0x52d
wcsxfrm 0x0 0x4e9428 0xe9248 0xe5248 0x530
SHELL32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteExA 0x0 0x4e9430 0xe9250 0xe5250 0x92
C:\Program Files\Remote Utilities - Host\Korean.lg Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 40.54 KB
MD5 dc4e41d98050548860bf92ca11345962 Copy to Clipboard
SHA1 259fc2aa4622e202799bbb5d352e57da47a6988f Copy to Clipboard
SHA256 87ada3f861a2b04e39f633218b791cc9e08200dafe96b85538c2ce402fe1f0db Copy to Clipboard
SSDeep 384:Xj+dvdrVVSEriZidLa515S7tQKnZ+r8x1ubapR+YY6vviE5z/:yrRILS1bJnd Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Printer\x86\srvinst.exe Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 104.52 KB
MD5 79426fca71d40afb2d439574a716c07b Copy to Clipboard
SHA1 c1015f2f39854df8db6ab2d5266fa5cdf1a0a90f Copy to Clipboard
SHA256 4bfe323c5b6fe21dc3247b764a6eb22d3ee8f682a412e99cb396f70153f0d014 Copy to Clipboard
SSDeep 1536:PRanzPJhmWbR0e1/lbCV2bbtKb4Q08dNT7Itpfh+vtq1gYy:IzPOa0e195bt8pRAfhgtq1gf Copy to Clipboard
ImpHash bece82b9d86d5505372b61f51b640b2f Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4051a4
Size Of Code 0x10000
Size Of Initialized Data 0x7000
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2012-08-31 14:24:44+00:00
Version Information (8)
»
LegalCopyright Copyright (C) Two Pilots 2012
InternalName srvinst
FileVersion 1, 9, 0, 0
CompanyName Two Pilots
ProductName Virtual Printer Driver
ProductVersion 7, 3, 0, 0
FileDescription Virtual Printer Driver component
OriginalFilename srvinst.exe
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xf200 0x10000 0x1000 cnt_code, mem_execute, mem_read 6.4
.rdata 0x411000 0x3b9a 0x4000 0x11000 cnt_initialized_data, mem_read 5.11
.data 0x415000 0x2ee4 0x2000 0x15000 cnt_initialized_data, mem_read, mem_write 1.46
.rsrc 0x418000 0x40c 0x1000 0x17000 cnt_initialized_data, mem_read 3.73
Imports (3)
»
KERNEL32.dll (82)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetLocaleInfoA 0x0 0x411040 0x1432c 0x1432c 0x174
CloseHandle 0x0 0x411044 0x14330 0x14330 0x34
OpenFileMappingW 0x0 0x411048 0x14334 0x14334 0x281
ReadFile 0x0 0x41104c 0x14338 0x14338 0x2b5
WriteFile 0x0 0x411050 0x1433c 0x1433c 0x3a4
GetCurrentProcess 0x0 0x411054 0x14340 0x14340 0x142
UnmapViewOfFile 0x0 0x411058 0x14344 0x14344 0x371
MapViewOfFile 0x0 0x41105c 0x14348 0x14348 0x268
DeleteFileW 0x0 0x411060 0x1434c 0x1434c 0x84
GetLocalTime 0x0 0x411064 0x14350 0x14350 0x173
SetLastError 0x0 0x411068 0x14354 0x14354 0x328
GetCurrentDirectoryW 0x0 0x41106c 0x14358 0x14358 0x141
GetLastError 0x0 0x411070 0x1435c 0x1435c 0x171
CopyFileW 0x0 0x411074 0x14360 0x14360 0x46
Sleep 0x0 0x411078 0x14364 0x14364 0x356
GetSystemWindowsDirectoryW 0x0 0x41107c 0x14368 0x14368 0x1cd
SetEndOfFile 0x0 0x411080 0x1436c 0x1436c 0x310
GetCommandLineW 0x0 0x411084 0x14370 0x14370 0x111
GetStringTypeW 0x0 0x411088 0x14374 0x14374 0x1bd
GetStringTypeA 0x0 0x41108c 0x14378 0x14378 0x1ba
LCMapStringW 0x0 0x411090 0x1437c 0x1437c 0x245
LCMapStringA 0x0 0x411094 0x14380 0x14380 0x244
WriteConsoleW 0x0 0x411098 0x14384 0x14384 0x3a3
GetConsoleOutputCP 0x0 0x41109c 0x14388 0x14388 0x135
WriteConsoleA 0x0 0x4110a0 0x1438c 0x1438c 0x399
HeapFree 0x0 0x4110a4 0x14390 0x14390 0x216
HeapAlloc 0x0 0x4110a8 0x14394 0x14394 0x210
EnterCriticalSection 0x0 0x4110ac 0x14398 0x14398 0x98
LeaveCriticalSection 0x0 0x4110b0 0x1439c 0x1439c 0x251
TerminateProcess 0x0 0x4110b4 0x143a0 0x143a0 0x35e
UnhandledExceptionFilter 0x0 0x4110b8 0x143a4 0x143a4 0x36e
SetUnhandledExceptionFilter 0x0 0x4110bc 0x143a8 0x143a8 0x34a
IsDebuggerPresent 0x0 0x4110c0 0x143ac 0x143ac 0x239
GetVersionExA 0x0 0x4110c4 0x143b0 0x143b0 0x1e9
GetProcessHeap 0x0 0x4110c8 0x143b4 0x143b4 0x1a3
GetStartupInfoW 0x0 0x4110cc 0x143b8 0x143b8 0x1b8
RtlUnwind 0x0 0x4110d0 0x143bc 0x143bc 0x2d7
HeapDestroy 0x0 0x4110d4 0x143c0 0x143c0 0x214
HeapCreate 0x0 0x4110d8 0x143c4 0x143c4 0x212
VirtualFree 0x0 0x4110dc 0x143c8 0x143c8 0x383
DeleteCriticalSection 0x0 0x4110e0 0x143cc 0x143cc 0x81
VirtualAlloc 0x0 0x4110e4 0x143d0 0x143d0 0x381
HeapReAlloc 0x0 0x4110e8 0x143d4 0x143d4 0x21a
GetProcAddress 0x0 0x4110ec 0x143d8 0x143d8 0x1a0
GetModuleHandleA 0x0 0x4110f0 0x143dc 0x143dc 0x17f
ExitProcess 0x0 0x4110f4 0x143e0 0x143e0 0xb9
GetStdHandle 0x0 0x4110f8 0x143e4 0x143e4 0x1b9
GetModuleFileNameA 0x0 0x4110fc 0x143e8 0x143e8 0x17d
SetHandleCount 0x0 0x411100 0x143ec 0x143ec 0x324
GetFileType 0x0 0x411104 0x143f0 0x143f0 0x166
GetStartupInfoA 0x0 0x411108 0x143f4 0x143f4 0x1b7
TlsGetValue 0x0 0x41110c 0x143f8 0x143f8 0x365
TlsAlloc 0x0 0x411110 0x143fc 0x143fc 0x363
TlsSetValue 0x0 0x411114 0x14400 0x14400 0x366
TlsFree 0x0 0x411118 0x14404 0x14404 0x364
InterlockedIncrement 0x0 0x41111c 0x14408 0x14408 0x22c
GetCurrentThreadId 0x0 0x411120 0x1440c 0x1440c 0x146
InterlockedDecrement 0x0 0x411124 0x14410 0x14410 0x228
GetModuleFileNameW 0x0 0x411128 0x14414 0x14414 0x17e
FreeEnvironmentStringsA 0x0 0x41112c 0x14418 0x14418 0xf6
MultiByteToWideChar 0x0 0x411130 0x1441c 0x1441c 0x275
GetEnvironmentStrings 0x0 0x411134 0x14420 0x14420 0x155
FreeEnvironmentStringsW 0x0 0x411138 0x14424 0x14424 0xf7
GetEnvironmentStringsW 0x0 0x41113c 0x14428 0x14428 0x157
GetCommandLineA 0x0 0x411140 0x1442c 0x1442c 0x110
QueryPerformanceCounter 0x0 0x411144 0x14430 0x14430 0x2a3
GetTickCount 0x0 0x411148 0x14434 0x14434 0x1df
GetCurrentProcessId 0x0 0x41114c 0x14438 0x14438 0x143
GetSystemTimeAsFileTime 0x0 0x411150 0x1443c 0x1443c 0x1ca
SetFilePointer 0x0 0x411154 0x14440 0x14440 0x31b
WideCharToMultiByte 0x0 0x411158 0x14444 0x14444 0x394
GetConsoleCP 0x0 0x41115c 0x14448 0x14448 0x122
GetConsoleMode 0x0 0x411160 0x1444c 0x1444c 0x133
GetCPInfo 0x0 0x411164 0x14450 0x14450 0x104
GetACP 0x0 0x411168 0x14454 0x14454 0xfd
GetOEMCP 0x0 0x41116c 0x14458 0x14458 0x193
InitializeCriticalSection 0x0 0x411170 0x1445c 0x1445c 0x223
LoadLibraryA 0x0 0x411174 0x14460 0x14460 0x252
FlushFileBuffers 0x0 0x411178 0x14464 0x14464 0xee
CreateFileA 0x0 0x41117c 0x14468 0x14468 0x53
SetStdHandle 0x0 0x411180 0x1446c 0x1446c 0x337
HeapSize 0x0 0x411184 0x14470 0x14470 0x21c
ADVAPI32.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StartServiceW 0x0 0x411000 0x142ec 0x142ec 0x24c
RegSetValueExW 0x0 0x411004 0x142f0 0x142f0 0x205
RegCloseKey 0x0 0x411008 0x142f4 0x142f4 0x1cb
RegOpenKeyExW 0x0 0x41100c 0x142f8 0x142f8 0x1ed
RegDeleteValueW 0x0 0x411010 0x142fc 0x142fc 0x1d9
RegQueryValueExW 0x0 0x411014 0x14300 0x14300 0x1f8
RegCreateKeyExW 0x0 0x411018 0x14304 0x14304 0x1d2
EnumServicesStatusExW 0x0 0x41101c 0x14308 0x14308 0xd4
ControlService 0x0 0x411020 0x1430c 0x1430c 0x42
ChangeServiceConfig2W 0x0 0x411024 0x14310 0x14310 0x35
OpenServiceW 0x0 0x411028 0x14314 0x14314 0x1b0
OpenSCManagerW 0x0 0x41102c 0x14318 0x14318 0x1ae
DeleteService 0x0 0x411030 0x1431c 0x1431c 0xaf
CloseServiceHandle 0x0 0x411034 0x14320 0x14320 0x3e
CreateServiceW 0x0 0x411038 0x14324 0x14324 0x65
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CommandLineToArgvW 0x0 0x41118c 0x14478 0x14478 0x7
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number 2A C5 C2 66 A0 B4 09 B8 F0 B7 9F 2A E4 62 57 7
Thumbprint 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25
C:\Program Files\Remote Utilities - Host\Monitor\x86\lockscr.cat Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 8.68 KB
MD5 d3710d7c70cdea8ced943458b2206bad Copy to Clipboard
SHA1 d9851beae95f6035fd074706fccfd9cb8fecbc24 Copy to Clipboard
SHA256 54a00f5913185f05d2011de575da343c64fac54e7a857ab5f066e68ab11368ef Copy to Clipboard
SSDeep 192:QKnYe+PjPJdZubhlCVuuImqAZscF8Bd1LM4X/g:QKnYPLXZgwgAZsHLM4o Copy to Clipboard
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\white.jpg Created File Image
Not Queried
...
»
Mime Type image/jpeg
File Size 1.20 KB
MD5 57d130ddf327fcc5da636a6ab4d7c112 Copy to Clipboard
SHA1 d674f332d4f79c70d4a97bfd9e504a8f3a2c26b6 Copy to Clipboard
SHA256 990eab9faaae9f78201ef00a72f7b59773eed2b2fc9ec72250c67f376ee0500f Copy to Clipboard
SSDeep 3:nSullBbsRllAqp/y4FKKn5bbeWfa5QpUolHmBkDt0+EtZtE//Wmst18n:3llxqQ8AfQRGSDt0RZty/Wmsw Copy to Clipboard
C:\Windows\Installer\30de5.ipi Created File Unknown
Not Queried
...
»
Mime Type application/CDFV2-unknown
File Size 20.00 KB
MD5 84abf78f611bc447e180ee4d9f2b5214 Copy to Clipboard
SHA1 7fd8a7c777c71f2a6058f9ea56d96737cc9138db Copy to Clipboard
SHA256 fe41866248a23b66bf1731eaa5b0af2d6e0f69fbb5dc0020652e6b943e3e8e4a Copy to Clipboard
SSDeep 48:y1kwGvcxzvuhUbeToEzSkdzfdzfIgUIg8UvZF7ieTxpDI8TSkdzYdzyK+Jo7:yqwG+6hge/z/IDIMMe3I8T017 Copy to Clipboard
C:\Users\EEBsYm5\AppData\Local\Temp\$inst\temp_0.tmp Created File Unknown
Not Queried
...
»
Mime Type application/vnd.ms-cab-compressed
File Size 8.00 MB
MD5 9e55e2d9cb3f05e91f3595a72dbe9d4c Copy to Clipboard
SHA1 d07076ddb26fb08e098ba7f31ca930b245ed51ad Copy to Clipboard
SHA256 71a7922ead2456dffb960e97462019cce2b7058fd64dd7c9abd409daf3100392 Copy to Clipboard
SSDeep 196608:gW2c3gwhxOn0UM0Uyqn6Stt6MNfW9BKzFhBgDwdlzOoxJOh1odBPg149:g/ln0Dyqntt6MJsKzFhBDlzxJ+1o3t Copy to Clipboard
C:\Windows\Installer\MSIA089.tmp Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 153.21 KB
MD5 52185b209cfdb02d88b4a40a4bdf0911 Copy to Clipboard
SHA1 aa35fedfeefbee93bcca5a30feed8d240e2d1c95 Copy to Clipboard
SHA256 756543551f27e9450dcf0ffdd10cd44af6fd0e8dbca037dee5b575683d5a9492 Copy to Clipboard
SSDeep 1536:Ae5evr0fQtkUlPeG+U+n4PtjrqzN/cWJQaqYAJmmD+e7cKsWjcdlsKc8rlq6W9Eq:AievrFt0KyqmDqFJr+egmKc8rANw+ Copy to Clipboard
ImpHash d9c1c20b1ae3223eb5b97c09d7a0a4d0 Copy to Clipboard
PE Information
»
Image Base 0x10000000
Entry Point 0x10009146
Size Of Code 0x14a00
Size Of Initialized Data 0x11c00
File Type dll
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2015-06-08 03:43:08+00:00
Version Information (10)
»
LegalCopyright Copyright (c) 2015 Flexera Software LLC. All Rights Reserved.
InternalName SetAllUsers
FileVersion 22.0.284
CompanyName Flexera Software LLC
Internal Build Number 154432
Comments -
ProductName InstallShield
ProductVersion 22.0
FileDescription SetAllUsers
OriginalFilename SetAllUsers.dll
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x1491f 0x14a00 0x400 cnt_code, mem_execute, mem_read 6.58
.rdata 0x10016000 0x94b5 0x9600 0x14e00 cnt_initialized_data, mem_read 4.61
.data 0x10020000 0x3274 0x1200 0x1e400 cnt_initialized_data, mem_read, mem_write 2.76
.rsrc 0x10024000 0x5a8 0x600 0x1f600 cnt_initialized_data, mem_read 3.97
.reloc 0x10025000 0x4bc2 0x4c00 0x1fc00 cnt_initialized_data, mem_discardable, mem_read 2.92
Imports (8)
»
msi.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x50 0x100161a8 0x1ebf8 0x1d9f8 -
(by ordinal) 0x30 0x100161ac 0x1ebfc 0x1d9fc -
(by ordinal) 0x8 0x100161b0 0x1ec00 0x1da00 -
(by ordinal) 0x20 0x100161b4 0x1ec04 0x1da04 -
(by ordinal) 0x9f 0x100161b8 0x1ec08 0x1da08 -
(by ordinal) 0xa0 0x100161bc 0x1ec0c 0x1da0c -
(by ordinal) 0xab 0x100161c0 0x1ec10 0x1da10 -
(by ordinal) 0x76 0x100161c4 0x1ec14 0x1da14 -
(by ordinal) 0x74 0x100161c8 0x1ec18 0x1da18 -
(by ordinal) 0x77 0x100161cc 0x1ec1c 0x1da1c -
(by ordinal) 0xcd 0x100161d0 0x1ec20 0x1da20 -
(by ordinal) 0x46 0x100161d4 0x1ec24 0x1da24 -
(by ordinal) 0x67 0x100161d8 0x1ec28 0x1da28 -
(by ordinal) 0x7d 0x100161dc 0x1ec2c 0x1da2c -
(by ordinal) 0x79 0x100161e0 0x1ec30 0x1da30 -
(by ordinal) 0x11 0x100161e4 0x1ec34 0x1da34 -
(by ordinal) 0xa5 0x100161e8 0x1ec38 0x1da38 -
(by ordinal) 0x91 0x100161ec 0x1ec3c 0x1da3c -
(by ordinal) 0x31 0x100161f0 0x1ec40 0x1da40 -
(by ordinal) 0x75 0x100161f4 0x1ec44 0x1da44 -
(by ordinal) 0x4a 0x100161f8 0x1ec48 0x1da48 -
KERNEL32.dll (87)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WaitForSingleObject 0x0 0x10016008 0x1ea58 0x1d858 0x4f9
WriteFile 0x0 0x1001600c 0x1ea5c 0x1d85c 0x525
CloseHandle 0x0 0x10016010 0x1ea60 0x1d860 0x52
FormatMessageW 0x0 0x10016014 0x1ea64 0x1d864 0x15e
lstrlenA 0x0 0x10016018 0x1ea68 0x1d868 0x54d
GetTempPathW 0x0 0x1001601c 0x1ea6c 0x1d86c 0x285
GetTempFileNameW 0x0 0x10016020 0x1ea70 0x1d870 0x283
CreateFileW 0x0 0x10016024 0x1ea74 0x1d874 0x8f
DeleteFileW 0x0 0x10016028 0x1ea78 0x1d878 0xd6
GetProcAddress 0x0 0x1001602c 0x1ea7c 0x1d87c 0x245
GlobalFree 0x0 0x10016030 0x1ea80 0x1d880 0x2ba
WideCharToMultiByte 0x0 0x10016034 0x1ea84 0x1d884 0x511
LocalFree 0x0 0x10016038 0x1ea88 0x1d888 0x348
SetStdHandle 0x0 0x1001603c 0x1ea8c 0x1d88c 0x487
HeapReAlloc 0x0 0x10016040 0x1ea90 0x1d890 0x2d2
GlobalUnlock 0x0 0x10016044 0x1ea94 0x1d894 0x2c5
GlobalLock 0x0 0x10016048 0x1ea98 0x1d898 0x2be
OutputDebugStringW 0x0 0x1001604c 0x1ea9c 0x1d89c 0x38a
SetFilePointerEx 0x0 0x10016050 0x1eaa0 0x1d8a0 0x467
GetConsoleMode 0x0 0x10016054 0x1eaa4 0x1d8a4 0x1ac
GetConsoleCP 0x0 0x10016058 0x1eaa8 0x1d8a8 0x19a
LCMapStringW 0x0 0x1001605c 0x1eaac 0x1d8ac 0x32d
SetUnhandledExceptionFilter 0x0 0x10016060 0x1eab0 0x1d8b0 0x4a5
UnhandledExceptionFilter 0x0 0x10016064 0x1eab4 0x1d8b4 0x4d3
FreeEnvironmentStringsW 0x0 0x10016068 0x1eab8 0x1d8b8 0x161
GetEnvironmentStringsW 0x0 0x1001606c 0x1eabc 0x1d8bc 0x1da
GetSystemTimeAsFileTime 0x0 0x10016070 0x1eac0 0x1d8c0 0x279
GetCurrentProcessId 0x0 0x10016074 0x1eac4 0x1d8c4 0x1c1
GetModuleFileNameA 0x0 0x10016078 0x1eac8 0x1d8c8 0x213
GetStartupInfoW 0x0 0x1001607c 0x1eacc 0x1d8cc 0x263
LeaveCriticalSection 0x0 0x10016080 0x1ead0 0x1d8d0 0x339
EnterCriticalSection 0x0 0x10016084 0x1ead4 0x1d8d4 0xee
GetStringTypeW 0x0 0x10016088 0x1ead8 0x1d8d8 0x269
TlsFree 0x0 0x1001608c 0x1eadc 0x1d8dc 0x4c6
TlsSetValue 0x0 0x10016090 0x1eae0 0x1d8e0 0x4c8
lstrlenW 0x0 0x10016094 0x1eae4 0x1d8e4 0x54e
lstrcatW 0x0 0x10016098 0x1eae8 0x1d8e8 0x53f
lstrcpyW 0x0 0x1001609c 0x1eaec 0x1d8ec 0x548
lstrcmpW 0x0 0x100160a0 0x1eaf0 0x1d8f0 0x542
MultiByteToWideChar 0x0 0x100160a4 0x1eaf4 0x1d8f4 0x367
SetLastError 0x0 0x100160a8 0x1eaf8 0x1d8f8 0x473
GetLastError 0x0 0x100160ac 0x1eafc 0x1d8fc 0x202
GetWindowsDirectoryW 0x0 0x100160b0 0x1eb00 0x1d900 0x2af
WriteConsoleW 0x0 0x100160b4 0x1eb04 0x1d904 0x524
FlushFileBuffers 0x0 0x100160b8 0x1eb08 0x1d908 0x157
ReadConsoleW 0x0 0x100160bc 0x1eb0c 0x1d90c 0x3be
TlsAlloc 0x0 0x100160c0 0x1eb10 0x1d910 0x4c5
LoadLibraryW 0x0 0x100160c4 0x1eb14 0x1d914 0x33f
InterlockedIncrement 0x0 0x100160c8 0x1eb18 0x1d918 0x2ef
InterlockedDecrement 0x0 0x100160cc 0x1eb1c 0x1d91c 0x2eb
OpenProcess 0x0 0x100160d0 0x1eb20 0x1d920 0x380
GetCurrentProcess 0x0 0x100160d4 0x1eb24 0x1d924 0x1c0
TerminateProcess 0x0 0x100160d8 0x1eb28 0x1d928 0x4c0
ReadFile 0x0 0x100160dc 0x1eb2c 0x1d92c 0x3c0
GetSystemInfo 0x0 0x100160e0 0x1eb30 0x1d930 0x273
LoadLibraryExW 0x0 0x100160e4 0x1eb34 0x1d934 0x33e
GetModuleHandleW 0x0 0x100160e8 0x1eb38 0x1d938 0x218
GetSystemDirectoryW 0x0 0x100160ec 0x1eb3c 0x1d93c 0x270
DeleteCriticalSection 0x0 0x100160f0 0x1eb40 0x1d940 0xd1
CreateToolhelp32Snapshot 0x0 0x100160f4 0x1eb44 0x1d944 0xbe
Process32FirstW 0x0 0x100160f8 0x1eb48 0x1d948 0x396
Process32NextW 0x0 0x100160fc 0x1eb4c 0x1d94c 0x398
GetModuleFileNameW 0x0 0x10016100 0x1eb50 0x1d950 0x214
QueryPerformanceCounter 0x0 0x10016104 0x1eb54 0x1d954 0x3a7
RaiseException 0x0 0x10016108 0x1eb58 0x1d958 0x3b1
RtlUnwind 0x0 0x1001610c 0x1eb5c 0x1d95c 0x418
EncodePointer 0x0 0x10016110 0x1eb60 0x1d960 0xea
DecodePointer 0x0 0x10016114 0x1eb64 0x1d964 0xca
GetCommandLineA 0x0 0x10016118 0x1eb68 0x1d968 0x186
GetCurrentThreadId 0x0 0x1001611c 0x1eb6c 0x1d96c 0x1c5
GetACP 0x0 0x10016120 0x1eb70 0x1d970 0x168
HeapFree 0x0 0x10016124 0x1eb74 0x1d974 0x2cf
IsProcessorFeaturePresent 0x0 0x10016128 0x1eb78 0x1d978 0x304
IsValidCodePage 0x0 0x1001612c 0x1eb7c 0x1d97c 0x30a
GetOEMCP 0x0 0x10016130 0x1eb80 0x1d980 0x237
GetCPInfo 0x0 0x10016134 0x1eb84 0x1d984 0x172
IsDebuggerPresent 0x0 0x10016138 0x1eb88 0x1d988 0x300
HeapAlloc 0x0 0x1001613c 0x1eb8c 0x1d98c 0x2cb
GetStdHandle 0x0 0x10016140 0x1eb90 0x1d990 0x264
ExitProcess 0x0 0x10016144 0x1eb94 0x1d994 0x119
GetModuleHandleExW 0x0 0x10016148 0x1eb98 0x1d998 0x217
HeapSize 0x0 0x1001614c 0x1eb9c 0x1d99c 0x2d4
Sleep 0x0 0x10016150 0x1eba0 0x1d9a0 0x4b2
GetProcessHeap 0x0 0x10016154 0x1eba4 0x1d9a4 0x24a
GetFileType 0x0 0x10016158 0x1eba8 0x1d9a8 0x1f3
InitializeCriticalSectionAndSpinCount 0x0 0x1001615c 0x1ebac 0x1d9ac 0x2e3
TlsGetValue 0x0 0x10016160 0x1ebb0 0x1d9b0 0x4c7
USER32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
wsprintfW 0x0 0x1001619c 0x1ebec 0x1d9ec 0x333
FindWindowW 0x0 0x100161a0 0x1ebf0 0x1d9f0 0xfa
COMDLG32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PrintDlgW 0x0 0x10016000 0x1ea50 0x1d850 0x15
SHELL32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteW 0x0 0x10016188 0x1ebd8 0x1d9d8 0x122
ShellExecuteExW 0x0 0x1001618c 0x1ebdc 0x1d9dc 0x121
ole32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CLSIDFromProgID 0x0 0x10016200 0x1ec50 0x1da50 0x6
CoInitializeEx 0x0 0x10016204 0x1ec54 0x1da54 0x3f
CoUninitialize 0x0 0x10016208 0x1ec58 0x1da58 0x6c
OLEAUT32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateErrorInfo 0xca 0x10016168 0x1ebb8 0x1d9b8 -
GetErrorInfo 0xc8 0x1001616c 0x1ebbc 0x1d9bc -
SetErrorInfo 0xc9 0x10016170 0x1ebc0 0x1d9c0 -
SysStringLen 0x7 0x10016174 0x1ebc4 0x1d9c4 -
SysFreeString 0x6 0x10016178 0x1ebc8 0x1d9c8 -
SysReAllocStringLen 0x5 0x1001617c 0x1ebcc 0x1d9cc -
SysAllocStringLen 0x4 0x10016180 0x1ebd0 0x1d9d0 -
SHLWAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathFileExistsW 0x0 0x10016194 0x1ebe4 0x1d9e4 0x45
Exports (10)
»
Api name EAT Address Ordinal
ISAppV_SftPathFromSourceMedia 0x5500 0x1
ISDetectVM 0x57f0 0x2
KillProcess 0x1890 0x3
KillProcessByID 0x1920 0x4
KillProcessByIDDeferred 0x19b0 0x5
KillProcessDeferred 0x1a40 0x6
PrintScrollableText 0x2450 0x7
SetAllUsers 0x4810 0x8
SetTARGETDIR 0x4b90 0x9
ShowMsiLog 0x4bf0 0xa
Digital Signatures (3)
»
Certificate: Flexera Software LLC
»
Issued by Flexera Software LLC
Parent Certificate Symantec Class 3 SHA256 Code Signing CA
Country Name US
Valid From 2015-04-03 00:00:00+00:00
Valid Until 2017-11-10 23:59:59+00:00
Algorithm sha256_rsa
Serial Number 45 8A 21 BA AB 49 CA 09 52 DC DA 5B 6C CD E2 2A
Thumbprint 33 DB D8 DF F0 D5 74 D0 51 75 EB 74 4B E9 F0 36 75 41 47 DD
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
Issued by Symantec Class 3 SHA256 Code Signing CA
Parent Certificate VeriSign Class 3 Public Primary Certification Authority - G5
Country Name US
Valid From 2013-12-10 00:00:00+00:00
Valid Until 2023-12-09 23:59:59+00:00
Algorithm sha256_rsa
Serial Number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
Thumbprint 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5
Certificate: VeriSign Class 3 Public Primary Certification Authority - G5
»
Issued by VeriSign Class 3 Public Primary Certification Authority - G5
Country Name US
Valid From 2006-11-08 00:00:00+00:00
Valid Until 2036-07-16 23:59:59+00:00
Algorithm sha1_rsa
Serial Number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Thumbprint 4E B6 D5 78 49 9B 1C CF 5F 58 1E AD 56 BE 3D 9B 67 44 A5 E5
C:\Program Files\Remote Utilities - Host\Printer\x86\uninstall.cmd Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 0.08 KB
MD5 2c6ec773a407fd9bcba6fd1a273912c9 Copy to Clipboard
SHA1 1fe0b0b8dd115fa853e193c4d6cc8882992cbdaa Copy to Clipboard
SHA256 ad608f5672b2310308bf84919d4e2202a53e99854a4a0945ee38bacbb6ef8e72 Copy to Clipboard
SSDeep 3:GKW3CvTzIcLW4NvaLuA:vsCvocLdNvAuA Copy to Clipboard
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\infoex.ico Created File Image
Not Queried
...
»
Mime Type image/x-icon
File Size 21.96 KB
MD5 fd535e63f539eacb3f11d03b52b39a80 Copy to Clipboard
SHA1 a7f8c942e5672f2972c82210a38cc8861435f643 Copy to Clipboard
SHA256 0086bc01150989f553a0a4ae0e14926c6e247cedda312e1f946ae35d575742ab Copy to Clipboard
SSDeep 192:0DT6aNn0CgAevbxezcSptuGH0BJ1cBYehJjbQypQ6X8rdb:/aNn0DAoN4c8HH031/QQ6XWZ Copy to Clipboard
C:\Program Files\Remote Utilities - Host\Monitor\x64\lockscr.sys Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 15.53 KB
MD5 5ccfe71b2ef1b5df69bf50885b84128f Copy to Clipboard
SHA1 79ecfa80fb565cb59a64a1d316d52b57ebe2cd4e Copy to Clipboard
SHA256 6b4e94a66e1325aa746da3a0a34f1b3618a1ab008d9187c604e620e52f8b21ed Copy to Clipboard
SSDeep 192:fJxu7TS2JihqS+nWvnYe+PjPJdZubhlCVuuImqAZscF8Bd1LcdUf:fPu7YUmnYPLXZgwgAZsHLcWf Copy to Clipboard
ImpHash a88e45e02fb5413987493e1d3c4a90d3 Copy to Clipboard
PE Information
»
Image Base 0x140000000
Entry Point 0x140006000
Size Of Code 0xc00
Size Of Initialized Data 0xe00
File Type executable
Subsystem native
Machine Type amd64
Compile Timestamp 2017-03-27 12:59:56+00:00
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x6c8 0x800 0x400 cnt_code, mem_not_paged, mem_execute, mem_read 5.46
.rdata 0x140002000 0x424 0x600 0xc00 cnt_initialized_data, mem_not_paged, mem_read 2.84
.data 0x140003000 0x11 0x200 0x1200 cnt_initialized_data, mem_not_paged, mem_read, mem_write 0.28
.pdata 0x140004000 0x78 0x200 0x1400 cnt_initialized_data, mem_not_paged, mem_read 1.02
.gfids 0x140005000 0x4 0x200 0x1600 cnt_initialized_data, mem_not_paged, mem_read 0.02
INIT 0x140006000 0x2e4 0x400 0x1800 cnt_code, mem_discardable, mem_execute, mem_read 3.97
.reloc 0x140007000 0x14 0x200 0x1c00 cnt_initialized_data, mem_discardable, mem_read 0.23
Imports (1)
»
ntoskrnl.exe (20)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RtlInitUnicodeString 0x0 0x140002000 0x6088 0x1888 0x798
RtlFreeUnicodeString 0x0 0x140002008 0x6090 0x1890 0x768
DbgPrintEx 0x0 0x140002010 0x6098 0x1898 0x58
KeInitializeEvent 0x0 0x140002018 0x60a0 0x18a0 0x3f2
KeSetEvent 0x0 0x140002020 0x60a8 0x18a8 0x46f
KeDelayExecutionThread 0x0 0x140002028 0x60b0 0x18b0 0x3c2
KeWaitForSingleObject 0x0 0x140002030 0x60b8 0x18b8 0x497
PsCreateSystemThread 0x0 0x140002038 0x60c0 0x18c0 0x625
IoAttachDeviceToDeviceStack 0x0 0x140002040 0x60c8 0x18c8 0x257
IofCallDriver 0x0 0x140002048 0x60d0 0x18d0 0x384
IofCompleteRequest 0x0 0x140002050 0x60d8 0x18d8 0x385
IoCreateDevice 0x0 0x140002058 0x60e0 0x18e0 0x276
IoDeleteDevice 0x0 0x140002060 0x60e8 0x18e8 0x28e
IoDeleteSymbolicLink 0x0 0x140002068 0x60f0 0x18f0 0x290
IoDetachDevice 0x0 0x140002070 0x60f8 0x18f8 0x291
IoRegisterDeviceInterface 0x0 0x140002078 0x6100 0x1900 0x308
IoSetDeviceInterfaceState 0x0 0x140002080 0x6108 0x1908 0x32e
PoRequestPowerIrp 0x0 0x140002088 0x6110 0x1910 0x603
ZwClose 0x0 0x140002090 0x6118 0x1918 0x954
MmIsAddressValid 0x0 0x140002098 0x6120 0x1920 0x4e7
Digital Signatures (3)
»
Certificate: Remote Utilities LLC
»
Issued by Remote Utilities LLC
Parent Certificate DigiCert EV Code Signing CA (SHA2)
Country Name RU
Valid From 2016-12-21 00:00:00+00:00
Valid Until 2019-01-04 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 7A 5E 85 C5 D1 B1 8E 14 6D 73 D4 FF 0C 3E 5E E
Thumbprint 60 C4 37 D1 FE 37 04 A8 1E C6 1D 58 C8 6F 66 FB A6 0D 09 02
Certificate: DigiCert EV Code Signing CA (SHA2)
»
Issued by DigiCert EV Code Signing CA (SHA2)
Parent Certificate DigiCert High Assurance EV Root CA
Country Name US
Valid From 2012-04-18 12:00:00+00:00
Valid Until 2027-04-18 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 3F 1B 4E 15 F3 A8 2F 11 49 67 8B 3D 7D 84 75 C
Thumbprint 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3
Certificate: DigiCert High Assurance EV Root CA
»
Issued by DigiCert High Assurance EV Root CA
Country Name US
Valid From 2011-04-15 19:45:33+00:00
Valid Until 2021-04-15 19:55:33+00:00
Algorithm sha1_rsa
Serial Number 61 20 4D B4 00 00 00 00 00 27
Thumbprint 2F 25 13 AF 39 92 DB 0A 3F 79 70 9F F8 14 3B 3F 7B D2 D1 43
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\minbackground.jpg Created File Image
Not Queried
...
»
Mime Type image/jpeg
File Size 8.75 KB
MD5 ec713b6158a057b7825274ae4e1cf183 Copy to Clipboard
SHA1 c8178cf6a46e14e82f4ebde407ff04ff931ca7dd Copy to Clipboard
SHA256 04942fb23c0fb15aa732881c411fd2b4f44a621267e2c1de182c39b014a87211 Copy to Clipboard
SSDeep 192:W+AZfX5qVtV50vrOalV2vNWeXx8W/WsyPSSj8F+paC:W+A9X5A50iOV11qWsjPF+3 Copy to Clipboard
C:\Users\EEBsYm5\AppData\Local\Temp\AI_EXTUI_BIN_2564\whitesmall.jpg Created File Image
Not Queried
...
»
Mime Type image/jpeg
File Size 0.54 KB
MD5 4429f170056663efd1486395e8eb0af6 Copy to Clipboard
SHA1 ae9b01a44c8ee5ae7146f0523e512ee32dc284ad Copy to Clipboard
SHA256 ffe2980d90152ef603555a735b7cba1917c99bb67061b44d6ac6f12e6384bdd9 Copy to Clipboard
SSDeep 3:nSullBbsRllAqp/y4FKKn5bbeWfa5QpUolG5PkDt0+EtZtE//WmstN8n:3llxqQ8AfQRG5cDt0RZty/WmsY Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image