Try VMRay Platform
Malicious
Classifications

Injector

Threat Names

Trojan.GenericKD.47063473 Gen:Variant.Doina.24402

Dynamic Analysis Report

Created on 2021-09-28T06:46:00

PO-003785GMHN.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\PO-003785GMHN.exe Sample File Binary
malicious
...
»
Also Known As C:\Users\Public\Libraries\Udffvxu\Udffvxu.exe (Dropped File)
MIME Type application/vnd.microsoft.portable-executable
File Size 985.50 KB
MD5 4577c41fc896a87df4513f13d29ee65a Copy to Clipboard
SHA1 38e76942a779e8b04cdf763cf993ceda76d049f2 Copy to Clipboard
SHA256 144fc8c1a922dbb8162d72a94780f8559bbd9e6b1faa9e037fd33e809126b080 Copy to Clipboard
SSDeep 24576:L5A8SqIkJpbDpQc6ScVHdgaHxA7VhLRYF:Lr5ZoHdgaRyzKF Copy to Clipboard
ImpHash 7485e319df85e87afca01bdc77d12961 Copy to Clipboard
File Reputation Information
»
Verdict
malicious
AV Matches (1)
»
Threat Name Verdict
Trojan.GenericKD.47063473
malicious
PE Information
»
Image Base 0x400000
Entry Point 0x477a08
Size Of Code 0x76a00
Size Of Initialized Data 0x7f800
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-04 18:16:57+00:00
Packer BobSoft Mini Delphi -> BoB / BobSoft
Sections (9)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
..... 0x401000 0x75dc0 0x75e00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.57
...... 0x477000 0xa50 0xc00 0x76200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.69
..... 0x478000 0x2604 0x2800 0x76e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.28
.... 0x47b000 0x38d8 0x0 0x79600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
...... 0x47f000 0x28e6 0x2a00 0x79600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.12
.... 0x482000 0x34 0x0 0x7c000 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
...... 0x483000 0x30 0x200 0x7c000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.61
...... 0x484000 0x7230 0x7400 0x7c200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.66
..... 0x48c000 0x72fc2 0x73000 0x83600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.9
Imports (16)
»
oleaut32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString - 0x47f7ac 0x7f154 0x79754 0x0
SysReAllocStringLen - 0x47f7b0 0x7f158 0x79758 0x0
SysAllocStringLen - 0x47f7b4 0x7f15c 0x7975c 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA - 0x47f7bc 0x7f164 0x79764 0x0
RegOpenKeyExA - 0x47f7c0 0x7f168 0x79768 0x0
RegCloseKey - 0x47f7c4 0x7f16c 0x7976c 0x0
user32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType - 0x47f7cc 0x7f174 0x79774 0x0
DestroyWindow - 0x47f7d0 0x7f178 0x79778 0x0
LoadStringA - 0x47f7d4 0x7f17c 0x7977c 0x0
MessageBoxA - 0x47f7d8 0x7f180 0x79780 0x0
CharNextA - 0x47f7dc 0x7f184 0x79784 0x0
kernel32.dll (30)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetACP - 0x47f7e4 0x7f18c 0x7978c 0x0
Sleep - 0x47f7e8 0x7f190 0x79790 0x0
VirtualFree - 0x47f7ec 0x7f194 0x79794 0x0
VirtualAlloc - 0x47f7f0 0x7f198 0x79798 0x0
GetCurrentThreadId - 0x47f7f4 0x7f19c 0x7979c 0x0
InterlockedDecrement - 0x47f7f8 0x7f1a0 0x797a0 0x0
InterlockedIncrement - 0x47f7fc 0x7f1a4 0x797a4 0x0
VirtualQuery - 0x47f800 0x7f1a8 0x797a8 0x0
WideCharToMultiByte - 0x47f804 0x7f1ac 0x797ac 0x0
MultiByteToWideChar - 0x47f808 0x7f1b0 0x797b0 0x0
lstrlenA - 0x47f80c 0x7f1b4 0x797b4 0x0
lstrcpynA - 0x47f810 0x7f1b8 0x797b8 0x0
LoadLibraryExA - 0x47f814 0x7f1bc 0x797bc 0x0
GetThreadLocale - 0x47f818 0x7f1c0 0x797c0 0x0
GetStartupInfoA - 0x47f81c 0x7f1c4 0x797c4 0x0
GetProcAddress - 0x47f820 0x7f1c8 0x797c8 0x0
GetModuleHandleA - 0x47f824 0x7f1cc 0x797cc 0x0
GetModuleFileNameA - 0x47f828 0x7f1d0 0x797d0 0x0
GetLocaleInfoA - 0x47f82c 0x7f1d4 0x797d4 0x0
GetCommandLineA - 0x47f830 0x7f1d8 0x797d8 0x0
FreeLibrary - 0x47f834 0x7f1dc 0x797dc 0x0
FindFirstFileA - 0x47f838 0x7f1e0 0x797e0 0x0
FindClose - 0x47f83c 0x7f1e4 0x797e4 0x0
ExitProcess - 0x47f840 0x7f1e8 0x797e8 0x0
CompareStringA - 0x47f844 0x7f1ec 0x797ec 0x0
WriteFile - 0x47f848 0x7f1f0 0x797f0 0x0
UnhandledExceptionFilter - 0x47f84c 0x7f1f4 0x797f4 0x0
RtlUnwind - 0x47f850 0x7f1f8 0x797f8 0x0
RaiseException - 0x47f854 0x7f1fc 0x797fc 0x0
GetStdHandle - 0x47f858 0x7f200 0x79800 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue - 0x47f860 0x7f208 0x79808 0x0
TlsGetValue - 0x47f864 0x7f20c 0x7980c 0x0
LocalAlloc - 0x47f868 0x7f210 0x79810 0x0
GetModuleHandleA - 0x47f86c 0x7f214 0x79814 0x0
user32.dll (165)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateWindowExA - 0x47f874 0x7f21c 0x7981c 0x0
WindowFromPoint - 0x47f878 0x7f220 0x79820 0x0
WaitMessage - 0x47f87c 0x7f224 0x79824 0x0
UpdateWindow - 0x47f880 0x7f228 0x79828 0x0
UnregisterClassA - 0x47f884 0x7f22c 0x7982c 0x0
UnhookWindowsHookEx - 0x47f888 0x7f230 0x79830 0x0
TranslateMessage - 0x47f88c 0x7f234 0x79834 0x0
TranslateMDISysAccel - 0x47f890 0x7f238 0x79838 0x0
TrackPopupMenu - 0x47f894 0x7f23c 0x7983c 0x0
SystemParametersInfoA - 0x47f898 0x7f240 0x79840 0x0
ShowWindow - 0x47f89c 0x7f244 0x79844 0x0
ShowScrollBar - 0x47f8a0 0x7f248 0x79848 0x0
ShowOwnedPopups - 0x47f8a4 0x7f24c 0x7984c 0x0
SetWindowsHookExA - 0x47f8a8 0x7f250 0x79850 0x0
SetWindowPos - 0x47f8ac 0x7f254 0x79854 0x0
SetWindowPlacement - 0x47f8b0 0x7f258 0x79858 0x0
SetWindowLongW - 0x47f8b4 0x7f25c 0x7985c 0x0
SetWindowLongA - 0x47f8b8 0x7f260 0x79860 0x0
SetTimer - 0x47f8bc 0x7f264 0x79864 0x0
SetScrollRange - 0x47f8c0 0x7f268 0x79868 0x0
SetScrollPos - 0x47f8c4 0x7f26c 0x7986c 0x0
SetScrollInfo - 0x47f8c8 0x7f270 0x79870 0x0
SetRect - 0x47f8cc 0x7f274 0x79874 0x0
SetPropA - 0x47f8d0 0x7f278 0x79878 0x0
SetParent - 0x47f8d4 0x7f27c 0x7987c 0x0
SetMenuItemInfoA - 0x47f8d8 0x7f280 0x79880 0x0
SetMenu - 0x47f8dc 0x7f284 0x79884 0x0
SetForegroundWindow - 0x47f8e0 0x7f288 0x79888 0x0
SetFocus - 0x47f8e4 0x7f28c 0x7988c 0x0
SetCursor - 0x47f8e8 0x7f290 0x79890 0x0
SetClassLongA - 0x47f8ec 0x7f294 0x79894 0x0
SetCapture - 0x47f8f0 0x7f298 0x79898 0x0
SetActiveWindow - 0x47f8f4 0x7f29c 0x7989c 0x0
SendMessageW - 0x47f8f8 0x7f2a0 0x798a0 0x0
SendMessageA - 0x47f8fc 0x7f2a4 0x798a4 0x0
ScrollWindow - 0x47f900 0x7f2a8 0x798a8 0x0
ScreenToClient - 0x47f904 0x7f2ac 0x798ac 0x0
RemovePropA - 0x47f908 0x7f2b0 0x798b0 0x0
RemoveMenu - 0x47f90c 0x7f2b4 0x798b4 0x0
ReleaseDC - 0x47f910 0x7f2b8 0x798b8 0x0
ReleaseCapture - 0x47f914 0x7f2bc 0x798bc 0x0
RegisterWindowMessageA - 0x47f918 0x7f2c0 0x798c0 0x0
RegisterClipboardFormatA - 0x47f91c 0x7f2c4 0x798c4 0x0
RegisterClassA - 0x47f920 0x7f2c8 0x798c8 0x0
RedrawWindow - 0x47f924 0x7f2cc 0x798cc 0x0
PtInRect - 0x47f928 0x7f2d0 0x798d0 0x0
PostQuitMessage - 0x47f92c 0x7f2d4 0x798d4 0x0
PostMessageA - 0x47f930 0x7f2d8 0x798d8 0x0
PeekMessageW - 0x47f934 0x7f2dc 0x798dc 0x0
PeekMessageA - 0x47f938 0x7f2e0 0x798e0 0x0
OffsetRect - 0x47f93c 0x7f2e4 0x798e4 0x0
OemToCharA - 0x47f940 0x7f2e8 0x798e8 0x0
MessageBoxA - 0x47f944 0x7f2ec 0x798ec 0x0
MapWindowPoints - 0x47f948 0x7f2f0 0x798f0 0x0
MapVirtualKeyA - 0x47f94c 0x7f2f4 0x798f4 0x0
LoadStringA - 0x47f950 0x7f2f8 0x798f8 0x0
LoadKeyboardLayoutA - 0x47f954 0x7f2fc 0x798fc 0x0
LoadIconA - 0x47f958 0x7f300 0x79900 0x0
LoadCursorA - 0x47f95c 0x7f304 0x79904 0x0
LoadBitmapA - 0x47f960 0x7f308 0x79908 0x0
KillTimer - 0x47f964 0x7f30c 0x7990c 0x0
IsZoomed - 0x47f968 0x7f310 0x79910 0x0
IsWindowVisible - 0x47f96c 0x7f314 0x79914 0x0
IsWindowUnicode - 0x47f970 0x7f318 0x79918 0x0
IsWindowEnabled - 0x47f974 0x7f31c 0x7991c 0x0
IsWindow - 0x47f978 0x7f320 0x79920 0x0
IsRectEmpty - 0x47f97c 0x7f324 0x79924 0x0
IsIconic - 0x47f980 0x7f328 0x79928 0x0
IsDialogMessageW - 0x47f984 0x7f32c 0x7992c 0x0
IsDialogMessageA - 0x47f988 0x7f330 0x79930 0x0
IsChild - 0x47f98c 0x7f334 0x79934 0x0
InvalidateRect - 0x47f990 0x7f338 0x79938 0x0
IntersectRect - 0x47f994 0x7f33c 0x7993c 0x0
InsertMenuItemA - 0x47f998 0x7f340 0x79940 0x0
InsertMenuA - 0x47f99c 0x7f344 0x79944 0x0
InflateRect - 0x47f9a0 0x7f348 0x79948 0x0
GetWindowThreadProcessId - 0x47f9a4 0x7f34c 0x7994c 0x0
GetWindowTextA - 0x47f9a8 0x7f350 0x79950 0x0
GetWindowRect - 0x47f9ac 0x7f354 0x79954 0x0
GetWindowPlacement - 0x47f9b0 0x7f358 0x79958 0x0
GetWindowLongW - 0x47f9b4 0x7f35c 0x7995c 0x0
GetWindowLongA - 0x47f9b8 0x7f360 0x79960 0x0
GetWindowDC - 0x47f9bc 0x7f364 0x79964 0x0
GetTopWindow - 0x47f9c0 0x7f368 0x79968 0x0
GetSystemMetrics - 0x47f9c4 0x7f36c 0x7996c 0x0
GetSystemMenu - 0x47f9c8 0x7f370 0x79970 0x0
GetSysColorBrush - 0x47f9cc 0x7f374 0x79974 0x0
GetSysColor - 0x47f9d0 0x7f378 0x79978 0x0
GetSubMenu - 0x47f9d4 0x7f37c 0x7997c 0x0
GetScrollRange - 0x47f9d8 0x7f380 0x79980 0x0
GetScrollPos - 0x47f9dc 0x7f384 0x79984 0x0
GetScrollInfo - 0x47f9e0 0x7f388 0x79988 0x0
GetPropA - 0x47f9e4 0x7f38c 0x7998c 0x0
GetParent - 0x47f9e8 0x7f390 0x79990 0x0
GetWindow - 0x47f9ec 0x7f394 0x79994 0x0
GetMessageTime - 0x47f9f0 0x7f398 0x79998 0x0
GetMessagePos - 0x47f9f4 0x7f39c 0x7999c 0x0
GetMenuStringA - 0x47f9f8 0x7f3a0 0x799a0 0x0
GetMenuState - 0x47f9fc 0x7f3a4 0x799a4 0x0
GetMenuItemInfoA - 0x47fa00 0x7f3a8 0x799a8 0x0
GetMenuItemID - 0x47fa04 0x7f3ac 0x799ac 0x0
GetMenuItemCount - 0x47fa08 0x7f3b0 0x799b0 0x0
GetMenu - 0x47fa0c 0x7f3b4 0x799b4 0x0
GetLastActivePopup - 0x47fa10 0x7f3b8 0x799b8 0x0
GetKeyboardState - 0x47fa14 0x7f3bc 0x799bc 0x0
GetKeyboardLayoutNameA - 0x47fa18 0x7f3c0 0x799c0 0x0
GetKeyboardLayoutList - 0x47fa1c 0x7f3c4 0x799c4 0x0
GetKeyboardLayout - 0x47fa20 0x7f3c8 0x799c8 0x0
GetKeyState - 0x47fa24 0x7f3cc 0x799cc 0x0
GetKeyNameTextA - 0x47fa28 0x7f3d0 0x799d0 0x0
GetIconInfo - 0x47fa2c 0x7f3d4 0x799d4 0x0
GetForegroundWindow - 0x47fa30 0x7f3d8 0x799d8 0x0
GetFocus - 0x47fa34 0x7f3dc 0x799dc 0x0
GetDesktopWindow - 0x47fa38 0x7f3e0 0x799e0 0x0
GetDCEx - 0x47fa3c 0x7f3e4 0x799e4 0x0
GetDC - 0x47fa40 0x7f3e8 0x799e8 0x0
GetCursorPos - 0x47fa44 0x7f3ec 0x799ec 0x0
GetCursor - 0x47fa48 0x7f3f0 0x799f0 0x0
GetClipboardData - 0x47fa4c 0x7f3f4 0x799f4 0x0
GetClientRect - 0x47fa50 0x7f3f8 0x799f8 0x0
GetClassLongA - 0x47fa54 0x7f3fc 0x799fc 0x0
GetClassInfoA - 0x47fa58 0x7f400 0x79a00 0x0
GetCapture - 0x47fa5c 0x7f404 0x79a04 0x0
GetActiveWindow - 0x47fa60 0x7f408 0x79a08 0x0
FrameRect - 0x47fa64 0x7f40c 0x79a0c 0x0
FindWindowA - 0x47fa68 0x7f410 0x79a10 0x0
FillRect - 0x47fa6c 0x7f414 0x79a14 0x0
EqualRect - 0x47fa70 0x7f418 0x79a18 0x0
EnumWindows - 0x47fa74 0x7f41c 0x79a1c 0x0
EnumThreadWindows - 0x47fa78 0x7f420 0x79a20 0x0
EnumChildWindows - 0x47fa7c 0x7f424 0x79a24 0x0
EndPaint - 0x47fa80 0x7f428 0x79a28 0x0
EnableWindow - 0x47fa84 0x7f42c 0x79a2c 0x0
EnableScrollBar - 0x47fa88 0x7f430 0x79a30 0x0
EnableMenuItem - 0x47fa8c 0x7f434 0x79a34 0x0
DrawTextA - 0x47fa90 0x7f438 0x79a38 0x0
DrawMenuBar - 0x47fa94 0x7f43c 0x79a3c 0x0
DrawIconEx - 0x47fa98 0x7f440 0x79a40 0x0
DrawIcon - 0x47fa9c 0x7f444 0x79a44 0x0
DrawFrameControl - 0x47faa0 0x7f448 0x79a48 0x0
DrawEdge - 0x47faa4 0x7f44c 0x79a4c 0x0
DispatchMessageW - 0x47faa8 0x7f450 0x79a50 0x0
DispatchMessageA - 0x47faac 0x7f454 0x79a54 0x0
DestroyWindow - 0x47fab0 0x7f458 0x79a58 0x0
DestroyMenu - 0x47fab4 0x7f45c 0x79a5c 0x0
DestroyIcon - 0x47fab8 0x7f460 0x79a60 0x0
DestroyCursor - 0x47fabc 0x7f464 0x79a64 0x0
DeleteMenu - 0x47fac0 0x7f468 0x79a68 0x0
DefWindowProcA - 0x47fac4 0x7f46c 0x79a6c 0x0
DefMDIChildProcA - 0x47fac8 0x7f470 0x79a70 0x0
DefFrameProcA - 0x47facc 0x7f474 0x79a74 0x0
CreatePopupMenu - 0x47fad0 0x7f478 0x79a78 0x0
CreateMenu - 0x47fad4 0x7f47c 0x79a7c 0x0
CreateIcon - 0x47fad8 0x7f480 0x79a80 0x0
ClientToScreen - 0x47fadc 0x7f484 0x79a84 0x0
CheckMenuItem - 0x47fae0 0x7f488 0x79a88 0x0
CallWindowProcA - 0x47fae4 0x7f48c 0x79a8c 0x0
CallNextHookEx - 0x47fae8 0x7f490 0x79a90 0x0
BeginPaint - 0x47faec 0x7f494 0x79a94 0x0
CharNextA - 0x47faf0 0x7f498 0x79a98 0x0
CharLowerBuffA - 0x47faf4 0x7f49c 0x79a9c 0x0
CharLowerA - 0x47faf8 0x7f4a0 0x79aa0 0x0
CharToOemA - 0x47fafc 0x7f4a4 0x79aa4 0x0
AdjustWindowRectEx - 0x47fb00 0x7f4a8 0x79aa8 0x0
ActivateKeyboardLayout - 0x47fb04 0x7f4ac 0x79aac 0x0
gdi32.dll (72)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
UnrealizeObject - 0x47fb0c 0x7f4b4 0x79ab4 0x0
StretchBlt - 0x47fb10 0x7f4b8 0x79ab8 0x0
SetWindowOrgEx - 0x47fb14 0x7f4bc 0x79abc 0x0
SetWinMetaFileBits - 0x47fb18 0x7f4c0 0x79ac0 0x0
SetViewportOrgEx - 0x47fb1c 0x7f4c4 0x79ac4 0x0
SetTextColor - 0x47fb20 0x7f4c8 0x79ac8 0x0
SetStretchBltMode - 0x47fb24 0x7f4cc 0x79acc 0x0
SetROP2 - 0x47fb28 0x7f4d0 0x79ad0 0x0
SetPixel - 0x47fb2c 0x7f4d4 0x79ad4 0x0
SetMapMode - 0x47fb30 0x7f4d8 0x79ad8 0x0
SetEnhMetaFileBits - 0x47fb34 0x7f4dc 0x79adc 0x0
SetDIBColorTable - 0x47fb38 0x7f4e0 0x79ae0 0x0
SetBrushOrgEx - 0x47fb3c 0x7f4e4 0x79ae4 0x0
SetBkMode - 0x47fb40 0x7f4e8 0x79ae8 0x0
SetBkColor - 0x47fb44 0x7f4ec 0x79aec 0x0
SelectPalette - 0x47fb48 0x7f4f0 0x79af0 0x0
SelectObject - 0x47fb4c 0x7f4f4 0x79af4 0x0
SaveDC - 0x47fb50 0x7f4f8 0x79af8 0x0
RestoreDC - 0x47fb54 0x7f4fc 0x79afc 0x0
Rectangle - 0x47fb58 0x7f500 0x79b00 0x0
RectVisible - 0x47fb5c 0x7f504 0x79b04 0x0
RealizePalette - 0x47fb60 0x7f508 0x79b08 0x0
Polyline - 0x47fb64 0x7f50c 0x79b0c 0x0
PlayEnhMetaFile - 0x47fb68 0x7f510 0x79b10 0x0
PatBlt - 0x47fb6c 0x7f514 0x79b14 0x0
MoveToEx - 0x47fb70 0x7f518 0x79b18 0x0
MaskBlt - 0x47fb74 0x7f51c 0x79b1c 0x0
LineTo - 0x47fb78 0x7f520 0x79b20 0x0
LPtoDP - 0x47fb7c 0x7f524 0x79b24 0x0
IntersectClipRect - 0x47fb80 0x7f528 0x79b28 0x0
GetWindowOrgEx - 0x47fb84 0x7f52c 0x79b2c 0x0
GetWinMetaFileBits - 0x47fb88 0x7f530 0x79b30 0x0
GetTextMetricsA - 0x47fb8c 0x7f534 0x79b34 0x0
GetTextExtentPoint32A - 0x47fb90 0x7f538 0x79b38 0x0
GetSystemPaletteEntries - 0x47fb94 0x7f53c 0x79b3c 0x0
GetStockObject - 0x47fb98 0x7f540 0x79b40 0x0
GetRgnBox - 0x47fb9c 0x7f544 0x79b44 0x0
GetPixel - 0x47fba0 0x7f548 0x79b48 0x0
GetPaletteEntries - 0x47fba4 0x7f54c 0x79b4c 0x0
GetObjectA - 0x47fba8 0x7f550 0x79b50 0x0
GetEnhMetaFilePaletteEntries - 0x47fbac 0x7f554 0x79b54 0x0
GetEnhMetaFileHeader - 0x47fbb0 0x7f558 0x79b58 0x0
GetEnhMetaFileDescriptionA - 0x47fbb4 0x7f55c 0x79b5c 0x0
GetEnhMetaFileBits - 0x47fbb8 0x7f560 0x79b60 0x0
GetDeviceCaps - 0x47fbbc 0x7f564 0x79b64 0x0
GetDIBits - 0x47fbc0 0x7f568 0x79b68 0x0
GetDIBColorTable - 0x47fbc4 0x7f56c 0x79b6c 0x0
GetDCOrgEx - 0x47fbc8 0x7f570 0x79b70 0x0
GetCurrentPositionEx - 0x47fbcc 0x7f574 0x79b74 0x0
GetClipBox - 0x47fbd0 0x7f578 0x79b78 0x0
GetBrushOrgEx - 0x47fbd4 0x7f57c 0x79b7c 0x0
GetBitmapBits - 0x47fbd8 0x7f580 0x79b80 0x0
GdiFlush - 0x47fbdc 0x7f584 0x79b84 0x0
ExcludeClipRect - 0x47fbe0 0x7f588 0x79b88 0x0
DeleteObject - 0x47fbe4 0x7f58c 0x79b8c 0x0
DeleteEnhMetaFile - 0x47fbe8 0x7f590 0x79b90 0x0
DeleteDC - 0x47fbec 0x7f594 0x79b94 0x0
CreateSolidBrush - 0x47fbf0 0x7f598 0x79b98 0x0
CreatePenIndirect - 0x47fbf4 0x7f59c 0x79b9c 0x0
CreatePalette - 0x47fbf8 0x7f5a0 0x79ba0 0x0
CreateHalftonePalette - 0x47fbfc 0x7f5a4 0x79ba4 0x0
CreateFontIndirectA - 0x47fc00 0x7f5a8 0x79ba8 0x0
CreateEnhMetaFileA - 0x47fc04 0x7f5ac 0x79bac 0x0
CreateDIBitmap - 0x47fc08 0x7f5b0 0x79bb0 0x0
CreateDIBSection - 0x47fc0c 0x7f5b4 0x79bb4 0x0
CreateCompatibleDC - 0x47fc10 0x7f5b8 0x79bb8 0x0
CreateCompatibleBitmap - 0x47fc14 0x7f5bc 0x79bbc 0x0
CreateBrushIndirect - 0x47fc18 0x7f5c0 0x79bc0 0x0
CreateBitmap - 0x47fc1c 0x7f5c4 0x79bc4 0x0
CopyEnhMetaFileA - 0x47fc20 0x7f5c8 0x79bc8 0x0
CloseEnhMetaFile - 0x47fc24 0x7f5cc 0x79bcc 0x0
BitBlt - 0x47fc28 0x7f5d0 0x79bd0 0x0
version.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VerQueryValueA - 0x47fc30 0x7f5d8 0x79bd8 0x0
GetFileVersionInfoSizeA - 0x47fc34 0x7f5dc 0x79bdc 0x0
GetFileVersionInfoA - 0x47fc38 0x7f5e0 0x79be0 0x0
kernel32.dll (60)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
lstrcpyA - 0x47fc40 0x7f5e8 0x79be8 0x0
WriteFile - 0x47fc44 0x7f5ec 0x79bec 0x0
WaitForSingleObject - 0x47fc48 0x7f5f0 0x79bf0 0x0
VirtualQuery - 0x47fc4c 0x7f5f4 0x79bf4 0x0
VirtualProtect - 0x47fc50 0x7f5f8 0x79bf8 0x0
VirtualAlloc - 0x47fc54 0x7f5fc 0x79bfc 0x0
SizeofResource - 0x47fc58 0x7f600 0x79c00 0x0
SetThreadLocale - 0x47fc5c 0x7f604 0x79c04 0x0
SetFilePointer - 0x47fc60 0x7f608 0x79c08 0x0
SetEvent - 0x47fc64 0x7f60c 0x79c0c 0x0
SetErrorMode - 0x47fc68 0x7f610 0x79c10 0x0
SetEndOfFile - 0x47fc6c 0x7f614 0x79c14 0x0
ResetEvent - 0x47fc70 0x7f618 0x79c18 0x0
ReadFile - 0x47fc74 0x7f61c 0x79c1c 0x0
MultiByteToWideChar - 0x47fc78 0x7f620 0x79c20 0x0
MulDiv - 0x47fc7c 0x7f624 0x79c24 0x0
LockResource - 0x47fc80 0x7f628 0x79c28 0x0
LoadResource - 0x47fc84 0x7f62c 0x79c2c 0x0
LoadLibraryA - 0x47fc88 0x7f630 0x79c30 0x0
LeaveCriticalSection - 0x47fc8c 0x7f634 0x79c34 0x0
InitializeCriticalSection - 0x47fc90 0x7f638 0x79c38 0x0
GlobalUnlock - 0x47fc94 0x7f63c 0x79c3c 0x0
GlobalSize - 0x47fc98 0x7f640 0x79c40 0x0
GlobalLock - 0x47fc9c 0x7f644 0x79c44 0x0
GlobalFree - 0x47fca0 0x7f648 0x79c48 0x0
GlobalFindAtomA - 0x47fca4 0x7f64c 0x79c4c 0x0
GlobalDeleteAtom - 0x47fca8 0x7f650 0x79c50 0x0
GlobalAlloc - 0x47fcac 0x7f654 0x79c54 0x0
GlobalAddAtomA - 0x47fcb0 0x7f658 0x79c58 0x0
GetVersionExA - 0x47fcb4 0x7f65c 0x79c5c 0x0
GetVersion - 0x47fcb8 0x7f660 0x79c60 0x0
GetUserDefaultLCID - 0x47fcbc 0x7f664 0x79c64 0x0
GetTickCount - 0x47fcc0 0x7f668 0x79c68 0x0
GetThreadLocale - 0x47fcc4 0x7f66c 0x79c6c 0x0
GetStdHandle - 0x47fcc8 0x7f670 0x79c70 0x0
GetProcAddress - 0x47fccc 0x7f674 0x79c74 0x0
GetModuleHandleA - 0x47fcd0 0x7f678 0x79c78 0x0
GetModuleFileNameA - 0x47fcd4 0x7f67c 0x79c7c 0x0
GetLocaleInfoA - 0x47fcd8 0x7f680 0x79c80 0x0
GetLocalTime - 0x47fcdc 0x7f684 0x79c84 0x0
GetLastError - 0x47fce0 0x7f688 0x79c88 0x0
GetFullPathNameA - 0x47fce4 0x7f68c 0x79c8c 0x0
GetDiskFreeSpaceA - 0x47fce8 0x7f690 0x79c90 0x0
GetDateFormatA - 0x47fcec 0x7f694 0x79c94 0x0
GetCurrentThreadId - 0x47fcf0 0x7f698 0x79c98 0x0
GetCurrentProcessId - 0x47fcf4 0x7f69c 0x79c9c 0x0
GetCPInfo - 0x47fcf8 0x7f6a0 0x79ca0 0x0
FreeResource - 0x47fcfc 0x7f6a4 0x79ca4 0x0
InterlockedExchange - 0x47fd00 0x7f6a8 0x79ca8 0x0
FreeLibrary - 0x47fd04 0x7f6ac 0x79cac 0x0
FormatMessageA - 0x47fd08 0x7f6b0 0x79cb0 0x0
FindResourceA - 0x47fd0c 0x7f6b4 0x79cb4 0x0
EnumCalendarInfoA - 0x47fd10 0x7f6b8 0x79cb8 0x0
EnterCriticalSection - 0x47fd14 0x7f6bc 0x79cbc 0x0
DeleteCriticalSection - 0x47fd18 0x7f6c0 0x79cc0 0x0
CreateThread - 0x47fd1c 0x7f6c4 0x79cc4 0x0
CreateFileA - 0x47fd20 0x7f6c8 0x79cc8 0x0
CreateEventA - 0x47fd24 0x7f6cc 0x79ccc 0x0
CompareStringA - 0x47fd28 0x7f6d0 0x79cd0 0x0
CloseHandle - 0x47fd2c 0x7f6d4 0x79cd4 0x0
advapi32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA - 0x47fd34 0x7f6dc 0x79cdc 0x0
RegOpenKeyExA - 0x47fd38 0x7f6e0 0x79ce0 0x0
RegFlushKey - 0x47fd3c 0x7f6e4 0x79ce4 0x0
RegCloseKey - 0x47fd40 0x7f6e8 0x79ce8 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetErrorInfo - 0x47fd48 0x7f6f0 0x79cf0 0x0
SysFreeString - 0x47fd4c 0x7f6f4 0x79cf4 0x0
ole32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateStreamOnHGlobal - 0x47fd54 0x7f6fc 0x79cfc 0x0
IsAccelerator - 0x47fd58 0x7f700 0x79d00 0x0
OleDraw - 0x47fd5c 0x7f704 0x79d04 0x0
OleSetMenuDescriptor - 0x47fd60 0x7f708 0x79d08 0x0
CoCreateInstance - 0x47fd64 0x7f70c 0x79d0c 0x0
CoGetClassObject - 0x47fd68 0x7f710 0x79d10 0x0
CoUninitialize - 0x47fd6c 0x7f714 0x79d14 0x0
CoInitialize - 0x47fd70 0x7f718 0x79d18 0x0
IsEqualGUID - 0x47fd74 0x7f71c 0x79d1c 0x0
kernel32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Sleep - 0x47fd7c 0x7f724 0x79d24 0x0
oleaut32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SafeArrayPtrOfIndex - 0x47fd84 0x7f72c 0x79d2c 0x0
SafeArrayGetUBound - 0x47fd88 0x7f730 0x79d30 0x0
SafeArrayGetLBound - 0x47fd8c 0x7f734 0x79d34 0x0
SafeArrayCreate - 0x47fd90 0x7f738 0x79d38 0x0
VariantChangeType - 0x47fd94 0x7f73c 0x79d3c 0x0
VariantCopy - 0x47fd98 0x7f740 0x79d40 0x0
VariantClear - 0x47fd9c 0x7f744 0x79d44 0x0
VariantInit - 0x47fda0 0x7f748 0x79d48 0x0
comctl32.dll (20)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_TrackMouseEvent - 0x47fda8 0x7f750 0x79d50 0x0
ImageList_SetIconSize - 0x47fdac 0x7f754 0x79d54 0x0
ImageList_GetIconSize - 0x47fdb0 0x7f758 0x79d58 0x0
ImageList_Write - 0x47fdb4 0x7f75c 0x79d5c 0x0
ImageList_Read - 0x47fdb8 0x7f760 0x79d60 0x0
ImageList_DragShowNolock - 0x47fdbc 0x7f764 0x79d64 0x0
ImageList_DragMove - 0x47fdc0 0x7f768 0x79d68 0x0
ImageList_DragLeave - 0x47fdc4 0x7f76c 0x79d6c 0x0
ImageList_DragEnter - 0x47fdc8 0x7f770 0x79d70 0x0
ImageList_EndDrag - 0x47fdcc 0x7f774 0x79d74 0x0
ImageList_BeginDrag - 0x47fdd0 0x7f778 0x79d78 0x0
ImageList_Remove - 0x47fdd4 0x7f77c 0x79d7c 0x0
ImageList_DrawEx - 0x47fdd8 0x7f780 0x79d80 0x0
ImageList_Draw - 0x47fddc 0x7f784 0x79d84 0x0
ImageList_GetBkColor - 0x47fde0 0x7f788 0x79d88 0x0
ImageList_SetBkColor - 0x47fde4 0x7f78c 0x79d8c 0x0
ImageList_Add - 0x47fde8 0x7f790 0x79d90 0x0
ImageList_GetImageCount - 0x47fdec 0x7f794 0x79d94 0x0
ImageList_Destroy - 0x47fdf0 0x7f798 0x79d98 0x0
ImageList_Create - 0x47fdf4 0x7f79c 0x79d9c 0x0
URL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InetIsOffline - 0x47fdfc 0x7f7a4 0x79da4 0x0
Memory Dumps (19)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
po-003785gmhn.exe 1 0x00400000 0x004FEFFF Relevant Image False 32-bit 0x00404448 False False
...
buffer 1 0x00610000 0x00610FFF First Execution False 32-bit 0x00610FE2 False False
...
buffer 1 0x020B0000 0x020CAFFF Marked Executable False 32-bit - False False
...
buffer 1 0x020B0000 0x020CAFFF Content Changed False 32-bit 0x020B5B84 False False
...
buffer 1 0x020B0000 0x020CAFFF Content Changed False 32-bit 0x020B4140 False False
...
buffer 1 0x020B0000 0x020CAFFF Content Changed False 32-bit 0x020B3760 False False
...
buffer 1 0x020B0000 0x020CAFFF Content Changed False 32-bit 0x020B11F0 False False
...
buffer 1 0x020B0000 0x020CAFFF Content Changed False 32-bit 0x020BC8E0 False False
...
buffer 1 0x020B0000 0x020CAFFF Content Changed False 32-bit 0x020B2B88 False False
...
buffer 1 0x020B0000 0x020CAFFF Content Changed False 32-bit 0x020B7930 False False
...
buffer 1 0x020B0000 0x020CAFFF Content Changed False 32-bit 0x020BFB9C False False
...
buffer 1 0x020B0000 0x020CAFFF Content Changed False 32-bit 0x020BD230 False False
...
buffer 1 0x020B0000 0x020CAFFF Content Changed False 32-bit 0x020C2FE4 False False
...
buffer 1 0x020B0000 0x020CAFFF Content Changed False 32-bit 0x020C0638 False False
...
buffer 1 0x00610000 0x00610FFF Content Changed False 32-bit 0x00610FE2 False False
...
buffer 1 0x020B0000 0x020CAFFF Content Changed False 32-bit 0x020B12B8 False False
...
buffer 1 0x035B0000 0x036AFFFF Image In Buffer False 32-bit - True False
...
buffer 1 0x7FD00000 0x7FDFFFFF Image In Buffer False 32-bit - True False
...
po-003785gmhn.exe 1 0x00400000 0x004FEFFF Final Dump False 32-bit - False False
...
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat Modified File Stream
clean
...
»
MIME Type application/octet-stream
File Size 128 Bytes
MD5 cc90851958032b8c8bbb7b24ec6271dd Copy to Clipboard
SHA1 e027ad2ea4049374a3b01af2e3626b667dc816bc Copy to Clipboard
SHA256 c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858 Copy to Clipboard
SSDeep 3:Fl: Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\ie\fyrm0q9n\udffvxubuutfiqkrvfkzhnjdxnhxzvn[1] Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 557.50 KB
MD5 c6ede284f573a2edaed39c7956b175fc Copy to Clipboard
SHA1 6acbd94719d7a27f80f2e842759e6d85dc2688b6 Copy to Clipboard
SHA256 010206be3006c21251526c4f4a80436cebf9a386d959388001a44f7a883b7334 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
C:\Users\Public\Libraries\uxvffdU.url Dropped File Text
clean
...
»
MIME Type text/plain
File Size 96 Bytes
MD5 1ea79767a9d38bb92294433c56cbb4da Copy to Clipboard
SHA1 5478ceaf493db9cd5126c33292ea78cff76a4623 Copy to Clipboard
SHA256 fe848db8f7ffc14387058c513f4a795b59970d992006b8602d8a27d65de0b4a9 Copy to Clipboard
SSDeep 3:HRAbABGQYmTWAX+rSF55i0XMWDRfDRfdbsGKd6ov:HRYFVmTWDyzvDRfDRfZsbDv Copy to Clipboard
ImpHash -
C:\Users\Public\KDECO.bat Dropped File Text
clean
...
»
MIME Type text/plain
File Size 155 Bytes
MD5 213c60adf1c9ef88dc3c9b2d579959d2 Copy to Clipboard
SHA1 e4d2ad7b22b1a8b5b1f7a702b303c7364b0ee021 Copy to Clipboard
SHA256 37c59c8398279916cfce45f8c5e3431058248f5e3bef4d9f5c0f44a7d564f82e Copy to Clipboard
SSDeep 3:LjT5LJJFIf9oM3KN6QNb3DM9bWQqA5SkrF2VCceGAFddGeWLCXlRA3+OR:rz81R3KnMMQ75ieGgdEYlRA/R Copy to Clipboard
ImpHash -
C:\Users\Public\UKO.bat Dropped File Text
clean
...
»
MIME Type text/plain
File Size 250 Bytes
MD5 eaf8d967454c3bbddbf2e05a421411f8 Copy to Clipboard
SHA1 6170880409b24de75c2dc3d56a506fbff7f6622c Copy to Clipboard
SHA256 f35f2658455a2e40f151549a7d6465a836c33fa9109e67623916f889849eac56 Copy to Clipboard
SSDeep 6:rgnMXd1CQnMXd1COm8hnaHNHIXUnMXd1CoD9c1uOw1H1gOvOBAn:rgamIHIXUaXe1uOeVqy Copy to Clipboard
ImpHash -
C:\Users\Public\Trast.bat Dropped File Text
clean
...
»
MIME Type text/plain
File Size 34 Bytes
MD5 4068c9f69fcd8a171c67f81d4a952a54 Copy to Clipboard
SHA1 4d2536a8c28cdcc17465e20d6693fb9e8e713b36 Copy to Clipboard
SHA256 24222300c78180b50ed1f8361ba63cb27316ec994c1c9079708a51b4a1a9d810 Copy to Clipboard
SSDeep 3:LjTnaHF5wlM:rnaHSM Copy to Clipboard
ImpHash -
C:\Users\Public\nest Dropped File Text
clean
...
»
MIME Type text/plain
File Size 9 Bytes
MD5 2e18bc987d1729ae549eced0611b61da Copy to Clipboard
SHA1 79a360067c5589afa94c4792898b3ff9320d5170 Copy to Clipboard
SHA256 2411791a0ec8be36b9ac98b127f7458dc0cb132d9471de6e93af742b34986f27 Copy to Clipboard
SSDeep 3:0DDX:0fX Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image