0d4e21ce...5b6c | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Dropper, Downloader

0d4e21cec341cd742aa47f3f3bd4b7a903ab558a646ddd2c55b153bbf7dc5b6c (SHA256)

orden de pedido 05.xlsx

Excel Document

Created at 2018-11-05 09:27:00

...

Notifications (2/2)

One or multiple processes crashed. As a result, the analysis results may be incomplete and may not fully represent the behavior of the sample.

The operating system was rebooted during the analysis.

Filters:
Filename Category Type Severity Actions
C:\Users\aETAdzjz\AppData\Local\Temp\aETAdzjz.bmp Created File Image
Whitelisted
...
»
Mime Type image/x-ms-bmp
File Size 48.05 KB
MD5 343fa15c150a516b20cc9f787cfd530e Copy to Clipboard
SHA1 369e8ac39d762e531d961c58b8c5dc84d19ba989 Copy to Clipboard
SHA256 d632e9dbacdcd8f6b86ba011ed6b23f961d104869654caa764216ea57a916524 Copy to Clipboard
SSDeep 768:wjof+RdBZJ2g653hvqs+Rcb+SBMdK4tztHDyecRa6Xs9X/jPlu6tKvUfsQscD:wjE+132lhisKZdltWeks9Ru6nsQscD Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2013-03-17 16:07 (UTC+1)
Last Seen 2018-11-04 16:23 (UTC+1)
C:\Users\aETAdzjz\AppData\Roaming\DOCUMENT\Document.exe Created File Unknown
Whitelisted
...
»
Also Known As C:\Users\aETAdzjz\AppData\Roaming\DOCUMENT\Document.exe:ZoneIdentifier (Created File)
Mime Type application/x-empty
File Size 0.00 KB
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2011-05-27 11:27 (UTC+2)
Last Seen 2017-04-19 12:47 (UTC+2)
C:\Users\aETAdzjz\Desktop\orden de pedido 05.xlsx Sample File Excel Document
Unknown
...
»
Mime Type application/vnd.ms-excel
File Size 165.96 KB
MD5 2db17f4f44b20ac1204a100d1ba2d10f Copy to Clipboard
SHA1 509ed3828b80661a418d2f7d4f9e366d46eb7ef5 Copy to Clipboard
SHA256 0d4e21cec341cd742aa47f3f3bd4b7a903ab558a646ddd2c55b153bbf7dc5b6c Copy to Clipboard
SSDeep 3072:pyEl9CvErmcEVq47NQSjIcNVPTnX+PualOg7OtY4LeNzxy9:f6ErBObNQTeVPTXSlOg7OtY4LeN0 Copy to Clipboard
Parser Error Remark Static analyzer was unable to completely parse the analyzed file
Office Information
»
C:\Users\aETAdzjz\AppData\Roaming\svchost.exe Modified File Binary
Unknown
...
»
Also Known As C:\Users\aETAdzjz\AppData\Roaming\svchost.exe (Created File)
C:\Users\aETAdzjz\AppData\Roaming\DOCUMENT\Document.exe (Created File)
C:\Users\aETAdzjz\AppData\Roaming\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441.exe (Created File)
Mime Type application/x-dosexec
File Size 693.00 KB
MD5 7cd1dbbd8457d59274642c9a6e3e60dd Copy to Clipboard
SHA1 3b34e363b79ae598e50f01e1da1523fbd9c2252d Copy to Clipboard
SHA256 0cc3133bbc266693fc23810fb99e57e99b4d1a110f174970aeea79c66d569ce7 Copy to Clipboard
SSDeep 12288:ohSu1Z/EMlJIkTnz6sDsh+zZzuw1aoSqntqtH4qgSBDeiN2:EHzE2Jvi+17wo9nUVgCDeI2 Copy to Clipboard
ImpHash de9f683dc8381813a744f3e1838e7601 Copy to Clipboard
Parser Error Remark Static analyzer was unable to completely parse the analyzed file
PE Information
»
Image Base 0x400000
Entry Point 0x45e064
Size Of Code 0x5d200
Size Of Initialized Data 0x4fe00
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 1992-02-26 09:15:25+00:00
Packer BobSoft Mini Delphi -> BoB / BobSoft
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x5d0ac 0x5d200 0x400 cnt_code, mem_execute, mem_read 6.51
DATA 0x45f000 0xdba0 0xdc00 0x5d600 cnt_initialized_data, mem_read, mem_write 6.81
BSS 0x46d000 0xbdd 0x0 0x6b200 mem_read, mem_write 0.0
.idata 0x46e000 0x21da 0x2200 0x6b200 cnt_initialized_data, mem_read, mem_write 5.03
.tls 0x471000 0x10 0x0 0x6d400 mem_read, mem_write 0.0
.rdata 0x472000 0x18 0x200 0x6d400 cnt_initialized_data, mem_shared, mem_read 0.2
.reloc 0x473000 0x6df4 0x6e00 0x6d600 cnt_initialized_data, mem_shared, mem_read 6.65
.rsrc 0x47a000 0x38e34 0x39000 0x74400 cnt_initialized_data, mem_shared, mem_read 7.25
Imports (14)
»
kernel32.dll (34)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x46e12c 0x6e12c 0x6b32c 0x0
LeaveCriticalSection 0x0 0x46e130 0x6e130 0x6b330 0x0
EnterCriticalSection 0x0 0x46e134 0x6e134 0x6b334 0x0
InitializeCriticalSection 0x0 0x46e138 0x6e138 0x6b338 0x0
VirtualFree 0x0 0x46e13c 0x6e13c 0x6b33c 0x0
VirtualAlloc 0x0 0x46e140 0x6e140 0x6b340 0x0
LocalFree 0x0 0x46e144 0x6e144 0x6b344 0x0
LocalAlloc 0x0 0x46e148 0x6e148 0x6b348 0x0
GetVersion 0x0 0x46e14c 0x6e14c 0x6b34c 0x0
GetCurrentThreadId 0x0 0x46e150 0x6e150 0x6b350 0x0
InterlockedDecrement 0x0 0x46e154 0x6e154 0x6b354 0x0
InterlockedIncrement 0x0 0x46e158 0x6e158 0x6b358 0x0
VirtualQuery 0x0 0x46e15c 0x6e15c 0x6b35c 0x0
WideCharToMultiByte 0x0 0x46e160 0x6e160 0x6b360 0x0
MultiByteToWideChar 0x0 0x46e164 0x6e164 0x6b364 0x0
lstrlenA 0x0 0x46e168 0x6e168 0x6b368 0x0
lstrcpynA 0x0 0x46e16c 0x6e16c 0x6b36c 0x0
LoadLibraryExA 0x0 0x46e170 0x6e170 0x6b370 0x0
GetThreadLocale 0x0 0x46e174 0x6e174 0x6b374 0x0
GetStartupInfoA 0x0 0x46e178 0x6e178 0x6b378 0x0
GetProcAddress 0x0 0x46e17c 0x6e17c 0x6b37c 0x0
GetModuleHandleA 0x0 0x46e180 0x6e180 0x6b380 0x0
GetModuleFileNameA 0x0 0x46e184 0x6e184 0x6b384 0x0
GetLocaleInfoA 0x0 0x46e188 0x6e188 0x6b388 0x0
GetCommandLineA 0x0 0x46e18c 0x6e18c 0x6b38c 0x0
FreeLibrary 0x0 0x46e190 0x6e190 0x6b390 0x0
FindFirstFileA 0x0 0x46e194 0x6e194 0x6b394 0x0
FindClose 0x0 0x46e198 0x6e198 0x6b398 0x0
ExitProcess 0x0 0x46e19c 0x6e19c 0x6b39c 0x0
WriteFile 0x0 0x46e1a0 0x6e1a0 0x6b3a0 0x0
UnhandledExceptionFilter 0x0 0x46e1a4 0x6e1a4 0x6b3a4 0x0
RtlUnwind 0x0 0x46e1a8 0x6e1a8 0x6b3a8 0x0
RaiseException 0x0 0x46e1ac 0x6e1ac 0x6b3ac 0x0
GetStdHandle 0x0 0x46e1b0 0x6e1b0 0x6b3b0 0x0
user32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x46e1b8 0x6e1b8 0x6b3b8 0x0
LoadStringA 0x0 0x46e1bc 0x6e1bc 0x6b3bc 0x0
MessageBoxA 0x0 0x46e1c0 0x6e1c0 0x6b3c0 0x0
CharNextA 0x0 0x46e1c4 0x6e1c4 0x6b3c4 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x46e1cc 0x6e1cc 0x6b3cc 0x0
RegOpenKeyExA 0x0 0x46e1d0 0x6e1d0 0x6b3d0 0x0
RegCloseKey 0x0 0x46e1d4 0x6e1d4 0x6b3d4 0x0
oleaut32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x46e1dc 0x6e1dc 0x6b3dc 0x0
SysReAllocStringLen 0x0 0x46e1e0 0x6e1e0 0x6b3e0 0x0
SysAllocStringLen 0x0 0x46e1e4 0x6e1e4 0x6b3e4 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x46e1ec 0x6e1ec 0x6b3ec 0x0
TlsGetValue 0x0 0x46e1f0 0x6e1f0 0x6b3f0 0x0
LocalAlloc 0x0 0x46e1f4 0x6e1f4 0x6b3f4 0x0
GetModuleHandleA 0x0 0x46e1f8 0x6e1f8 0x6b3f8 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x46e200 0x6e200 0x6b400 0x0
RegOpenKeyExA 0x0 0x46e204 0x6e204 0x6b404 0x0
RegCloseKey 0x0 0x46e208 0x6e208 0x6b408 0x0
kernel32.dll (68)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
lstrcpyA 0x0 0x46e210 0x6e210 0x6b410 0x0
WriteFile 0x0 0x46e214 0x6e214 0x6b414 0x0
WaitForSingleObject 0x0 0x46e218 0x6e218 0x6b418 0x0
VirtualQuery 0x0 0x46e21c 0x6e21c 0x6b41c 0x0
VirtualAlloc 0x0 0x46e220 0x6e220 0x6b420 0x0
Sleep 0x0 0x46e224 0x6e224 0x6b424 0x0
SizeofResource 0x0 0x46e228 0x6e228 0x6b428 0x0
SetThreadLocale 0x0 0x46e22c 0x6e22c 0x6b42c 0x0
SetFilePointer 0x0 0x46e230 0x6e230 0x6b430 0x0
SetEvent 0x0 0x46e234 0x6e234 0x6b434 0x0
SetErrorMode 0x0 0x46e238 0x6e238 0x6b438 0x0
SetEndOfFile 0x0 0x46e23c 0x6e23c 0x6b43c 0x0
ResetEvent 0x0 0x46e240 0x6e240 0x6b440 0x0
ReadFile 0x0 0x46e244 0x6e244 0x6b444 0x0
MulDiv 0x0 0x46e248 0x6e248 0x6b448 0x0
LockResource 0x0 0x46e24c 0x6e24c 0x6b44c 0x0
LoadResource 0x0 0x46e250 0x6e250 0x6b450 0x0
LoadLibraryA 0x0 0x46e254 0x6e254 0x6b454 0x0
LeaveCriticalSection 0x0 0x46e258 0x6e258 0x6b458 0x0
InitializeCriticalSection 0x0 0x46e25c 0x6e25c 0x6b45c 0x0
GlobalUnlock 0x0 0x46e260 0x6e260 0x6b460 0x0
GlobalReAlloc 0x0 0x46e264 0x6e264 0x6b464 0x0
GlobalHandle 0x0 0x46e268 0x6e268 0x6b468 0x0
GlobalLock 0x0 0x46e26c 0x6e26c 0x6b46c 0x0
GlobalFree 0x0 0x46e270 0x6e270 0x6b470 0x0
GlobalFindAtomA 0x0 0x46e274 0x6e274 0x6b474 0x0
GlobalDeleteAtom 0x0 0x46e278 0x6e278 0x6b478 0x0
GlobalAlloc 0x0 0x46e27c 0x6e27c 0x6b47c 0x0
GlobalAddAtomA 0x0 0x46e280 0x6e280 0x6b480 0x0
GetVersionExA 0x0 0x46e284 0x6e284 0x6b484 0x0
GetVersion 0x0 0x46e288 0x6e288 0x6b488 0x0
GetTickCount 0x0 0x46e28c 0x6e28c 0x6b48c 0x0
GetThreadLocale 0x0 0x46e290 0x6e290 0x6b490 0x0
GetSystemInfo 0x0 0x46e294 0x6e294 0x6b494 0x0
GetStringTypeExA 0x0 0x46e298 0x6e298 0x6b498 0x0
GetStdHandle 0x0 0x46e29c 0x6e29c 0x6b49c 0x0
GetProcAddress 0x0 0x46e2a0 0x6e2a0 0x6b4a0 0x0
GetModuleHandleA 0x0 0x46e2a4 0x6e2a4 0x6b4a4 0x0
GetModuleFileNameA 0x0 0x46e2a8 0x6e2a8 0x6b4a8 0x0
GetLocaleInfoA 0x0 0x46e2ac 0x6e2ac 0x6b4ac 0x0
GetLocalTime 0x0 0x46e2b0 0x6e2b0 0x6b4b0 0x0
GetLastError 0x0 0x46e2b4 0x6e2b4 0x6b4b4 0x0
GetFullPathNameA 0x0 0x46e2b8 0x6e2b8 0x6b4b8 0x0
GetFileAttributesA 0x0 0x46e2bc 0x6e2bc 0x6b4bc 0x0
GetDiskFreeSpaceA 0x0 0x46e2c0 0x6e2c0 0x6b4c0 0x0
GetDateFormatA 0x0 0x46e2c4 0x6e2c4 0x6b4c4 0x0
GetCurrentThreadId 0x0 0x46e2c8 0x6e2c8 0x6b4c8 0x0
GetCurrentProcessId 0x0 0x46e2cc 0x6e2cc 0x6b4cc 0x0
GetCPInfo 0x0 0x46e2d0 0x6e2d0 0x6b4d0 0x0
GetACP 0x0 0x46e2d4 0x6e2d4 0x6b4d4 0x0
FreeResource 0x0 0x46e2d8 0x6e2d8 0x6b4d8 0x0
InterlockedExchange 0x0 0x46e2dc 0x6e2dc 0x6b4dc 0x0
FreeLibrary 0x0 0x46e2e0 0x6e2e0 0x6b4e0 0x0
FormatMessageA 0x0 0x46e2e4 0x6e2e4 0x6b4e4 0x0
FindResourceA 0x0 0x46e2e8 0x6e2e8 0x6b4e8 0x0
FindFirstFileA 0x0 0x46e2ec 0x6e2ec 0x6b4ec 0x0
FindClose 0x0 0x46e2f0 0x6e2f0 0x6b4f0 0x0
FileTimeToLocalFileTime 0x0 0x46e2f4 0x6e2f4 0x6b4f4 0x0
FileTimeToDosDateTime 0x0 0x46e2f8 0x6e2f8 0x6b4f8 0x0
ExitProcess 0x0 0x46e2fc 0x6e2fc 0x6b4fc 0x0
EnumCalendarInfoA 0x0 0x46e300 0x6e300 0x6b500 0x0
EnterCriticalSection 0x0 0x46e304 0x6e304 0x6b504 0x0
DeleteCriticalSection 0x0 0x46e308 0x6e308 0x6b508 0x0
CreateThread 0x0 0x46e30c 0x6e30c 0x6b50c 0x0
CreateFileA 0x0 0x46e310 0x6e310 0x6b510 0x0
CreateEventA 0x0 0x46e314 0x6e314 0x6b514 0x0
CompareStringA 0x0 0x46e318 0x6e318 0x6b518 0x0
CloseHandle 0x0 0x46e31c 0x6e31c 0x6b51c 0x0
version.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VerQueryValueA 0x0 0x46e324 0x6e324 0x6b524 0x0
GetFileVersionInfoSizeA 0x0 0x46e328 0x6e328 0x6b528 0x0
GetFileVersionInfoA 0x0 0x46e32c 0x6e32c 0x6b52c 0x0
gdi32.dll (68)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
UnrealizeObject 0x0 0x46e334 0x6e334 0x6b534 0x0
StretchBlt 0x0 0x46e338 0x6e338 0x6b538 0x0
SetWindowOrgEx 0x0 0x46e33c 0x6e33c 0x6b53c 0x0
SetWinMetaFileBits 0x0 0x46e340 0x6e340 0x6b540 0x0
SetViewportOrgEx 0x0 0x46e344 0x6e344 0x6b544 0x0
SetTextColor 0x0 0x46e348 0x6e348 0x6b548 0x0
SetStretchBltMode 0x0 0x46e34c 0x6e34c 0x6b54c 0x0
SetROP2 0x0 0x46e350 0x6e350 0x6b550 0x0
SetPixel 0x0 0x46e354 0x6e354 0x6b554 0x0
SetEnhMetaFileBits 0x0 0x46e358 0x6e358 0x6b558 0x0
SetDIBColorTable 0x0 0x46e35c 0x6e35c 0x6b55c 0x0
SetBrushOrgEx 0x0 0x46e360 0x6e360 0x6b560 0x0
SetBkMode 0x0 0x46e364 0x6e364 0x6b564 0x0
SetBkColor 0x0 0x46e368 0x6e368 0x6b568 0x0
SelectPalette 0x0 0x46e36c 0x6e36c 0x6b56c 0x0
SelectObject 0x0 0x46e370 0x6e370 0x6b570 0x0
SelectClipRgn 0x0 0x46e374 0x6e374 0x6b574 0x0
ScaleWindowExtEx 0x0 0x46e378 0x6e378 0x6b578 0x0
SaveDC 0x0 0x46e37c 0x6e37c 0x6b57c 0x0
RestoreDC 0x0 0x46e380 0x6e380 0x6b580 0x0
Rectangle 0x0 0x46e384 0x6e384 0x6b584 0x0
RectVisible 0x0 0x46e388 0x6e388 0x6b588 0x0
RealizePalette 0x0 0x46e38c 0x6e38c 0x6b58c 0x0
Polyline 0x0 0x46e390 0x6e390 0x6b590 0x0
PlayEnhMetaFile 0x0 0x46e394 0x6e394 0x6b594 0x0
PatBlt 0x0 0x46e398 0x6e398 0x6b598 0x0
MoveToEx 0x0 0x46e39c 0x6e39c 0x6b59c 0x0
MaskBlt 0x0 0x46e3a0 0x6e3a0 0x6b5a0 0x0
LineTo 0x0 0x46e3a4 0x6e3a4 0x6b5a4 0x0
IntersectClipRect 0x0 0x46e3a8 0x6e3a8 0x6b5a8 0x0
GetWindowOrgEx 0x0 0x46e3ac 0x6e3ac 0x6b5ac 0x0
GetWinMetaFileBits 0x0 0x46e3b0 0x6e3b0 0x6b5b0 0x0
GetTextMetricsA 0x0 0x46e3b4 0x6e3b4 0x6b5b4 0x0
GetTextExtentPoint32A 0x0 0x46e3b8 0x6e3b8 0x6b5b8 0x0
GetSystemPaletteEntries 0x0 0x46e3bc 0x6e3bc 0x6b5bc 0x0
GetStockObject 0x0 0x46e3c0 0x6e3c0 0x6b5c0 0x0
GetPixel 0x0 0x46e3c4 0x6e3c4 0x6b5c4 0x0
GetPaletteEntries 0x0 0x46e3c8 0x6e3c8 0x6b5c8 0x0
GetObjectA 0x0 0x46e3cc 0x6e3cc 0x6b5cc 0x0
GetEnhMetaFilePaletteEntries 0x0 0x46e3d0 0x6e3d0 0x6b5d0 0x0
GetEnhMetaFileHeader 0x0 0x46e3d4 0x6e3d4 0x6b5d4 0x0
GetEnhMetaFileBits 0x0 0x46e3d8 0x6e3d8 0x6b5d8 0x0
GetDeviceCaps 0x0 0x46e3dc 0x6e3dc 0x6b5dc 0x0
GetDIBits 0x0 0x46e3e0 0x6e3e0 0x6b5e0 0x0
GetDIBColorTable 0x0 0x46e3e4 0x6e3e4 0x6b5e4 0x0
GetDCOrgEx 0x0 0x46e3e8 0x6e3e8 0x6b5e8 0x0
GetCurrentPositionEx 0x0 0x46e3ec 0x6e3ec 0x6b5ec 0x0
GetClipBox 0x0 0x46e3f0 0x6e3f0 0x6b5f0 0x0
GetBrushOrgEx 0x0 0x46e3f4 0x6e3f4 0x6b5f4 0x0
GetBitmapBits 0x0 0x46e3f8 0x6e3f8 0x6b5f8 0x0
ExtTextOutA 0x0 0x46e3fc 0x6e3fc 0x6b5fc 0x0
ExcludeClipRect 0x0 0x46e400 0x6e400 0x6b600 0x0
DeleteObject 0x0 0x46e404 0x6e404 0x6b604 0x0
DeleteEnhMetaFile 0x0 0x46e408 0x6e408 0x6b608 0x0
DeleteDC 0x0 0x46e40c 0x6e40c 0x6b60c 0x0
CreateSolidBrush 0x0 0x46e410 0x6e410 0x6b610 0x0
CreatePenIndirect 0x0 0x46e414 0x6e414 0x6b614 0x0
CreatePalette 0x0 0x46e418 0x6e418 0x6b618 0x0
CreateHalftonePalette 0x0 0x46e41c 0x6e41c 0x6b61c 0x0
CreateFontIndirectA 0x0 0x46e420 0x6e420 0x6b620 0x0
CreateDIBitmap 0x0 0x46e424 0x6e424 0x6b624 0x0
CreateDIBSection 0x0 0x46e428 0x6e428 0x6b628 0x0
CreateCompatibleDC 0x0 0x46e42c 0x6e42c 0x6b62c 0x0
CreateCompatibleBitmap 0x0 0x46e430 0x6e430 0x6b630 0x0
CreateBrushIndirect 0x0 0x46e434 0x6e434 0x6b634 0x0
CreateBitmap 0x0 0x46e438 0x6e438 0x6b638 0x0
CopyEnhMetaFileA 0x0 0x46e43c 0x6e43c 0x6b63c 0x0
BitBlt 0x0 0x46e440 0x6e440 0x6b640 0x0
user32.dll (159)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateWindowExA 0x0 0x46e448 0x6e448 0x6b648 0x0
WindowFromPoint 0x0 0x46e44c 0x6e44c 0x6b64c 0x0
WinHelpA 0x0 0x46e450 0x6e450 0x6b650 0x0
WaitMessage 0x0 0x46e454 0x6e454 0x6b654 0x0
UpdateWindow 0x0 0x46e458 0x6e458 0x6b658 0x0
UnregisterClassA 0x0 0x46e45c 0x6e45c 0x6b65c 0x0
UnhookWindowsHookEx 0x0 0x46e460 0x6e460 0x6b660 0x0
TranslateMessage 0x0 0x46e464 0x6e464 0x6b664 0x0
TranslateMDISysAccel 0x0 0x46e468 0x6e468 0x6b668 0x0
TrackPopupMenu 0x0 0x46e46c 0x6e46c 0x6b66c 0x0
SystemParametersInfoA 0x0 0x46e470 0x6e470 0x6b670 0x0
ShowWindow 0x0 0x46e474 0x6e474 0x6b674 0x0
ShowScrollBar 0x0 0x46e478 0x6e478 0x6b678 0x0
ShowOwnedPopups 0x0 0x46e47c 0x6e47c 0x6b67c 0x0
ShowCursor 0x0 0x46e480 0x6e480 0x6b680 0x0
SetWindowsHookExA 0x0 0x46e484 0x6e484 0x6b684 0x0
SetWindowTextA 0x0 0x46e488 0x6e488 0x6b688 0x0
SetWindowPos 0x0 0x46e48c 0x6e48c 0x6b68c 0x0
SetWindowPlacement 0x0 0x46e490 0x6e490 0x6b690 0x0
SetWindowLongA 0x0 0x46e494 0x6e494 0x6b694 0x0
SetTimer 0x0 0x46e498 0x6e498 0x6b698 0x0
SetScrollRange 0x0 0x46e49c 0x6e49c 0x6b69c 0x0
SetScrollPos 0x0 0x46e4a0 0x6e4a0 0x6b6a0 0x0
SetScrollInfo 0x0 0x46e4a4 0x6e4a4 0x6b6a4 0x0
SetRect 0x0 0x46e4a8 0x6e4a8 0x6b6a8 0x0
SetPropA 0x0 0x46e4ac 0x6e4ac 0x6b6ac 0x0
SetParent 0x0 0x46e4b0 0x6e4b0 0x6b6b0 0x0
SetMenuItemInfoA 0x0 0x46e4b4 0x6e4b4 0x6b6b4 0x0
SetMenu 0x0 0x46e4b8 0x6e4b8 0x6b6b8 0x0
SetForegroundWindow 0x0 0x46e4bc 0x6e4bc 0x6b6bc 0x0
SetFocus 0x0 0x46e4c0 0x6e4c0 0x6b6c0 0x0
SetCursor 0x0 0x46e4c4 0x6e4c4 0x6b6c4 0x0
SetClassLongA 0x0 0x46e4c8 0x6e4c8 0x6b6c8 0x0
SetCapture 0x0 0x46e4cc 0x6e4cc 0x6b6cc 0x0
SetActiveWindow 0x0 0x46e4d0 0x6e4d0 0x6b6d0 0x0
SendMessageA 0x0 0x46e4d4 0x6e4d4 0x6b6d4 0x0
ScrollWindow 0x0 0x46e4d8 0x6e4d8 0x6b6d8 0x0
ScreenToClient 0x0 0x46e4dc 0x6e4dc 0x6b6dc 0x0
RemovePropA 0x0 0x46e4e0 0x6e4e0 0x6b6e0 0x0
RemoveMenu 0x0 0x46e4e4 0x6e4e4 0x6b6e4 0x0
ReleaseDC 0x0 0x46e4e8 0x6e4e8 0x6b6e8 0x0
ReleaseCapture 0x0 0x46e4ec 0x6e4ec 0x6b6ec 0x0
RegisterWindowMessageA 0x0 0x46e4f0 0x6e4f0 0x6b6f0 0x0
RegisterClipboardFormatA 0x0 0x46e4f4 0x6e4f4 0x6b6f4 0x0
RegisterClassA 0x0 0x46e4f8 0x6e4f8 0x6b6f8 0x0
RedrawWindow 0x0 0x46e4fc 0x6e4fc 0x6b6fc 0x0
PtInRect 0x0 0x46e500 0x6e500 0x6b700 0x0
PostQuitMessage 0x0 0x46e504 0x6e504 0x6b704 0x0
PostMessageA 0x0 0x46e508 0x6e508 0x6b708 0x0
PeekMessageA 0x0 0x46e50c 0x6e50c 0x6b70c 0x0
OffsetRect 0x0 0x46e510 0x6e510 0x6b710 0x0
OemToCharA 0x0 0x46e514 0x6e514 0x6b714 0x0
MessageBoxA 0x0 0x46e518 0x6e518 0x6b718 0x0
MapWindowPoints 0x0 0x46e51c 0x6e51c 0x6b71c 0x0
MapVirtualKeyA 0x0 0x46e520 0x6e520 0x6b720 0x0
LoadStringA 0x0 0x46e524 0x6e524 0x6b724 0x0
LoadKeyboardLayoutA 0x0 0x46e528 0x6e528 0x6b728 0x0
LoadIconA 0x0 0x46e52c 0x6e52c 0x6b72c 0x0
LoadCursorA 0x0 0x46e530 0x6e530 0x6b730 0x0
LoadBitmapA 0x0 0x46e534 0x6e534 0x6b734 0x0
KillTimer 0x0 0x46e538 0x6e538 0x6b738 0x0
IsZoomed 0x0 0x46e53c 0x6e53c 0x6b73c 0x0
IsWindowVisible 0x0 0x46e540 0x6e540 0x6b740 0x0
IsWindowEnabled 0x0 0x46e544 0x6e544 0x6b744 0x0
IsWindow 0x0 0x46e548 0x6e548 0x6b748 0x0
IsRectEmpty 0x0 0x46e54c 0x6e54c 0x6b74c 0x0
IsIconic 0x0 0x46e550 0x6e550 0x6b750 0x0
IsDialogMessageA 0x0 0x46e554 0x6e554 0x6b754 0x0
IsChild 0x0 0x46e558 0x6e558 0x6b758 0x0
InvalidateRect 0x0 0x46e55c 0x6e55c 0x6b75c 0x0
IntersectRect 0x0 0x46e560 0x6e560 0x6b760 0x0
InsertMenuItemA 0x0 0x46e564 0x6e564 0x6b764 0x0
InsertMenuA 0x0 0x46e568 0x6e568 0x6b768 0x0
InflateRect 0x0 0x46e56c 0x6e56c 0x6b76c 0x0
GetWindowThreadProcessId 0x0 0x46e570 0x6e570 0x6b770 0x0
GetWindowTextA 0x0 0x46e574 0x6e574 0x6b774 0x0
GetWindowRect 0x0 0x46e578 0x6e578 0x6b778 0x0
GetWindowPlacement 0x0 0x46e57c 0x6e57c 0x6b77c 0x0
GetWindowLongA 0x0 0x46e580 0x6e580 0x6b780 0x0
GetWindowDC 0x0 0x46e584 0x6e584 0x6b784 0x0
GetTopWindow 0x0 0x46e588 0x6e588 0x6b788 0x0
GetSystemMetrics 0x0 0x46e58c 0x6e58c 0x6b78c 0x0
GetSystemMenu 0x0 0x46e590 0x6e590 0x6b790 0x0
GetSysColorBrush 0x0 0x46e594 0x6e594 0x6b794 0x0
GetSysColor 0x0 0x46e598 0x6e598 0x6b798 0x0
GetSubMenu 0x0 0x46e59c 0x6e59c 0x6b79c 0x0
GetScrollRange 0x0 0x46e5a0 0x6e5a0 0x6b7a0 0x0
GetScrollPos 0x0 0x46e5a4 0x6e5a4 0x6b7a4 0x0
GetScrollInfo 0x0 0x46e5a8 0x6e5a8 0x6b7a8 0x0
GetPropA 0x0 0x46e5ac 0x6e5ac 0x6b7ac 0x0
GetParent 0x0 0x46e5b0 0x6e5b0 0x6b7b0 0x0
GetWindow 0x0 0x46e5b4 0x6e5b4 0x6b7b4 0x0
GetMenuStringA 0x0 0x46e5b8 0x6e5b8 0x6b7b8 0x0
GetMenuState 0x0 0x46e5bc 0x6e5bc 0x6b7bc 0x0
GetMenuItemInfoA 0x0 0x46e5c0 0x6e5c0 0x6b7c0 0x0
GetMenuItemID 0x0 0x46e5c4 0x6e5c4 0x6b7c4 0x0
GetMenuItemCount 0x0 0x46e5c8 0x6e5c8 0x6b7c8 0x0
GetMenu 0x0 0x46e5cc 0x6e5cc 0x6b7cc 0x0
GetLastActivePopup 0x0 0x46e5d0 0x6e5d0 0x6b7d0 0x0
GetKeyboardState 0x0 0x46e5d4 0x6e5d4 0x6b7d4 0x0
GetKeyboardLayoutList 0x0 0x46e5d8 0x6e5d8 0x6b7d8 0x0
GetKeyboardLayout 0x0 0x46e5dc 0x6e5dc 0x6b7dc 0x0
GetKeyState 0x0 0x46e5e0 0x6e5e0 0x6b7e0 0x0
GetKeyNameTextA 0x0 0x46e5e4 0x6e5e4 0x6b7e4 0x0
GetIconInfo 0x0 0x46e5e8 0x6e5e8 0x6b7e8 0x0
GetForegroundWindow 0x0 0x46e5ec 0x6e5ec 0x6b7ec 0x0
GetFocus 0x0 0x46e5f0 0x6e5f0 0x6b7f0 0x0
GetDlgItem 0x0 0x46e5f4 0x6e5f4 0x6b7f4 0x0
GetDesktopWindow 0x0 0x46e5f8 0x6e5f8 0x6b7f8 0x0
GetDCEx 0x0 0x46e5fc 0x6e5fc 0x6b7fc 0x0
GetDC 0x0 0x46e600 0x6e600 0x6b800 0x0
GetCursorPos 0x0 0x46e604 0x6e604 0x6b804 0x0
GetCursor 0x0 0x46e608 0x6e608 0x6b808 0x0
GetClipboardData 0x0 0x46e60c 0x6e60c 0x6b80c 0x0
GetClientRect 0x0 0x46e610 0x6e610 0x6b810 0x0
GetClassNameA 0x0 0x46e614 0x6e614 0x6b814 0x0
GetClassInfoA 0x0 0x46e618 0x6e618 0x6b818 0x0
GetCapture 0x0 0x46e61c 0x6e61c 0x6b81c 0x0
GetActiveWindow 0x0 0x46e620 0x6e620 0x6b820 0x0
FrameRect 0x0 0x46e624 0x6e624 0x6b824 0x0
FindWindowA 0x0 0x46e628 0x6e628 0x6b828 0x0
FillRect 0x0 0x46e62c 0x6e62c 0x6b82c 0x0
EqualRect 0x0 0x46e630 0x6e630 0x6b830 0x0
EnumWindows 0x0 0x46e634 0x6e634 0x6b834 0x0
EnumThreadWindows 0x0 0x46e638 0x6e638 0x6b838 0x0
EndPaint 0x0 0x46e63c 0x6e63c 0x6b83c 0x0
EnableWindow 0x0 0x46e640 0x6e640 0x6b840 0x0
EnableScrollBar 0x0 0x46e644 0x6e644 0x6b844 0x0
EnableMenuItem 0x0 0x46e648 0x6e648 0x6b848 0x0
DrawTextA 0x0 0x46e64c 0x6e64c 0x6b84c 0x0
DrawMenuBar 0x0 0x46e650 0x6e650 0x6b850 0x0
DrawIconEx 0x0 0x46e654 0x6e654 0x6b854 0x0
DrawIcon 0x0 0x46e658 0x6e658 0x6b858 0x0
DrawFrameControl 0x0 0x46e65c 0x6e65c 0x6b85c 0x0
DrawFocusRect 0x0 0x46e660 0x6e660 0x6b860 0x0
DrawEdge 0x0 0x46e664 0x6e664 0x6b864 0x0
DispatchMessageA 0x0 0x46e668 0x6e668 0x6b868 0x0
DestroyWindow 0x0 0x46e66c 0x6e66c 0x6b86c 0x0
DestroyMenu 0x0 0x46e670 0x6e670 0x6b870 0x0
DestroyIcon 0x0 0x46e674 0x6e674 0x6b874 0x0
DestroyCursor 0x0 0x46e678 0x6e678 0x6b878 0x0
DeleteMenu 0x0 0x46e67c 0x6e67c 0x6b87c 0x0
DefWindowProcA 0x0 0x46e680 0x6e680 0x6b880 0x0
DefMDIChildProcA 0x0 0x46e684 0x6e684 0x6b884 0x0
DefFrameProcA 0x0 0x46e688 0x6e688 0x6b888 0x0
CreatePopupMenu 0x0 0x46e68c 0x6e68c 0x6b88c 0x0
CreateMenu 0x0 0x46e690 0x6e690 0x6b890 0x0
CreateIcon 0x0 0x46e694 0x6e694 0x6b894 0x0
ClientToScreen 0x0 0x46e698 0x6e698 0x6b898 0x0
CheckMenuItem 0x0 0x46e69c 0x6e69c 0x6b89c 0x0
CallWindowProcA 0x0 0x46e6a0 0x6e6a0 0x6b8a0 0x0
CallNextHookEx 0x0 0x46e6a4 0x6e6a4 0x6b8a4 0x0
BeginPaint 0x0 0x46e6a8 0x6e6a8 0x6b8a8 0x0
CharNextA 0x0 0x46e6ac 0x6e6ac 0x6b8ac 0x0
CharLowerBuffA 0x0 0x46e6b0 0x6e6b0 0x6b8b0 0x0
CharLowerA 0x0 0x46e6b4 0x6e6b4 0x6b8b4 0x0
CharToOemA 0x0 0x46e6b8 0x6e6b8 0x6b8b8 0x0
AdjustWindowRectEx 0x0 0x46e6bc 0x6e6bc 0x6b8bc 0x0
ActivateKeyboardLayout 0x0 0x46e6c0 0x6e6c0 0x6b8c0 0x0
kernel32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Sleep 0x0 0x46e6c8 0x6e6c8 0x6b8c8 0x0
oleaut32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SafeArrayPtrOfIndex 0x0 0x46e6d0 0x6e6d0 0x6b8d0 0x0
SafeArrayGetUBound 0x0 0x46e6d4 0x6e6d4 0x6b8d4 0x0
SafeArrayGetLBound 0x0 0x46e6d8 0x6e6d8 0x6b8d8 0x0
SafeArrayCreate 0x0 0x46e6dc 0x6e6dc 0x6b8dc 0x0
VariantChangeType 0x0 0x46e6e0 0x6e6e0 0x6b8e0 0x0
VariantCopy 0x0 0x46e6e4 0x6e6e4 0x6b8e4 0x0
VariantClear 0x0 0x46e6e8 0x6e6e8 0x6b8e8 0x0
VariantInit 0x0 0x46e6ec 0x6e6ec 0x6b8ec 0x0
comctl32.dll (23)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_SetIconSize 0x0 0x46e6f4 0x6e6f4 0x6b8f4 0x0
ImageList_GetIconSize 0x0 0x46e6f8 0x6e6f8 0x6b8f8 0x0
ImageList_Write 0x0 0x46e6fc 0x6e6fc 0x6b8fc 0x0
ImageList_Read 0x0 0x46e700 0x6e700 0x6b900 0x0
ImageList_GetDragImage 0x0 0x46e704 0x6e704 0x6b904 0x0
ImageList_DragShowNolock 0x0 0x46e708 0x6e708 0x6b908 0x0
ImageList_SetDragCursorImage 0x0 0x46e70c 0x6e70c 0x6b90c 0x0
ImageList_DragMove 0x0 0x46e710 0x6e710 0x6b910 0x0
ImageList_DragLeave 0x0 0x46e714 0x6e714 0x6b914 0x0
ImageList_DragEnter 0x0 0x46e718 0x6e718 0x6b918 0x0
ImageList_EndDrag 0x0 0x46e71c 0x6e71c 0x6b91c 0x0
ImageList_BeginDrag 0x0 0x46e720 0x6e720 0x6b920 0x0
ImageList_Remove 0x0 0x46e724 0x6e724 0x6b924 0x0
ImageList_DrawEx 0x0 0x46e728 0x6e728 0x6b928 0x0
ImageList_Replace 0x0 0x46e72c 0x6e72c 0x6b92c 0x0
ImageList_Draw 0x0 0x46e730 0x6e730 0x6b930 0x0
ImageList_GetBkColor 0x0 0x46e734 0x6e734 0x6b934 0x0
ImageList_SetBkColor 0x0 0x46e738 0x6e738 0x6b938 0x0
ImageList_ReplaceIcon 0x0 0x46e73c 0x6e73c 0x6b93c 0x0
ImageList_Add 0x0 0x46e740 0x6e740 0x6b940 0x0
ImageList_GetImageCount 0x0 0x46e744 0x6e744 0x6b944 0x0
ImageList_Destroy 0x0 0x46e748 0x6e748 0x6b948 0x0
ImageList_Create 0x0 0x46e74c 0x6e74c 0x6b94c 0x0
comdlg32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetSaveFileNameA 0x0 0x46e754 0x6e754 0x6b954 0x0
GetOpenFileNameA 0x0 0x46e758 0x6e758 0x6b958 0x0
Icons (1)
»
C:\Users\aETAdzjz\AppData\Roaming\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\ut Created File Image
Unknown
...
»
Mime Type image/x-ms-bmp
File Size 48.05 KB
MD5 a634cb7eb39b833d885186b5ba1023f2 Copy to Clipboard
SHA1 c12e1a24fe39d4017ca8bade72dce2f128ca1f46 Copy to Clipboard
SHA256 8806d6fd705d67f18eaa6c95806d405cd3a3a56e41636958a408973f602daebf Copy to Clipboard
SSDeep 768:wjof+RdBZJ2g653hvqs+Rcb+SBMdK4tztHDyecRa6Xs9X/jPlu6tKvUfsQscL:wjE+132lhisKZdltWeks9Ru6nsQscL Copy to Clipboard
c:\users\aetadzjz\appdata\roaming\i5e1s5g4-f4t3-t1y3-b4i3-k5w2v3b0v441\i5e1s5g4-f4t3-t1y3-b4i3-k5w2v3b0v441 Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 0.09 KB
MD5 7492126839f1d745231d8524f3dc1b93 Copy to Clipboard
SHA1 76d4656a1de53b264e6a60b76b50eb16aab78875 Copy to Clipboard
SHA256 8243ac68e751f62f873e2ca5ed944e8f1a5056142ae3d9fc72156e84ec1e2f4a Copy to Clipboard
SSDeep 3:zQbHv0Ucd14JLgPuIxKiMq49FA6n:zQbH8Ucd14JLEtMhA6 Copy to Clipboard
C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DOCUMENT.vbs Created File Text
Unknown
...
»
Mime Type text/plain
File Size 0.14 KB
MD5 6fe3ecd814abef913dd5064746ad05bc Copy to Clipboard
SHA1 536cb57f4568328db82d729ab34f0753ab45e0a2 Copy to Clipboard
SHA256 eaf5fa6489fc6913be7dc196d71f0c22e36f8a8a48899be71a366d1e1112b141 Copy to Clipboard
SSDeep 3:DG0VRmnwzFTUXoLqgBPN9lLenoJxzp4EaKC5NupEl0dAH2:DjinwtfPBPNCo/zpJaZ5NupE7W Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image