Agent Tesla v3 | 167d1af8c8c4

Remarks

Maximum Dump Size Exceeded (0x0200004A): One dump of 190 MB was skipped because it exceeded the maximum dump size of 16 MB.

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe

Sample File

Binary

Also Known As	C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\\tmpG692.tmp (Dropped File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	310.05 KB
MD5	71028a6ec414b1642243aa4981a3365f
SHA1	630b016a94f7bee220565d3b9a55a2ae8ef73c5a
SHA256	167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918
SSDeep	6144:F8LxBsG3/D9BNOnAvOrA4WXnLHz6g2USzAmD5D96r:/G37sAv14WXnL21zAq96r
ImpHash	b76363e9cb88bf9390860da8e50999d2

AV Matches (1)

Threat Name	Verdict
Trojan.NSISX.Spy.Gen.2	malicious

PE Information

Image Base	0x400000
Entry Point	0x40312a
Size Of Code	0x6000
Size Of Initialized Data	0x28400
Size Of Uninitialized Data	0x400
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2016-04-02 03:20:13+00:00

Sections (5)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x5e66	0x6000	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.44
.rdata	0x407000	0x12a2	0x1400	0x6400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.06
.data	0x409000	0x25d18	0x600	0x7800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	4.19
.ndata	0x42f000	0x8000	0x0	0x0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.rsrc	0x437000	0x9e0	0xa00	0x7e00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.5

Imports (7)

KERNEL32.dll (58)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetTickCount	-	0x407064	0x7628	0x6a28	0x1df
GetShortPathNameA	-	0x407068	0x762c	0x6a2c	0x1b5
GetFullPathNameA	-	0x40706c	0x7630	0x6a30	0x169
MoveFileA	-	0x407070	0x7634	0x6a34	0x26e
SetCurrentDirectoryA	-	0x407074	0x7638	0x6a38	0x30a
GetFileAttributesA	-	0x407078	0x763c	0x6a3c	0x15e
SetFileAttributesA	-	0x40707c	0x7640	0x6a40	0x319
CompareFileTime	-	0x407080	0x7644	0x6a44	0x39
SearchPathA	-	0x407084	0x7648	0x6a48	0x2db
GetFileSize	-	0x407088	0x764c	0x6a4c	0x163
GetModuleFileNameA	-	0x40708c	0x7650	0x6a50	0x17d
GetCurrentProcess	-	0x407090	0x7654	0x6a54	0x142
CopyFileA	-	0x407094	0x7658	0x6a58	0x43
ExitProcess	-	0x407098	0x765c	0x6a5c	0xb9
GetWindowsDirectoryA	-	0x40709c	0x7660	0x6a60	0x1f3
GetTempPathA	-	0x4070a0	0x7664	0x6a64	0x1d5
Sleep	-	0x4070a4	0x7668	0x6a68	0x356
lstrcmpiA	-	0x4070a8	0x766c	0x6a6c	0x3c3
GetVersion	-	0x4070ac	0x7670	0x6a70	0x1e8
SetErrorMode	-	0x4070b0	0x7674	0x6a74	0x315
lstrcpynA	-	0x4070b4	0x7678	0x6a78	0x3c9
GetDiskFreeSpaceA	-	0x4070b8	0x767c	0x6a7c	0x14d
GlobalUnlock	-	0x4070bc	0x7680	0x6a80	0x20a
GlobalLock	-	0x4070c0	0x7684	0x6a84	0x203
CreateThread	-	0x4070c4	0x7688	0x6a88	0x6f
GetLastError	-	0x4070c8	0x768c	0x6a8c	0x171
CreateDirectoryA	-	0x4070cc	0x7690	0x6a90	0x4b
CreateProcessA	-	0x4070d0	0x7694	0x6a94	0x66
RemoveDirectoryA	-	0x4070d4	0x7698	0x6a98	0x2c4
CreateFileA	-	0x4070d8	0x769c	0x6a9c	0x53
GetTempFileNameA	-	0x4070dc	0x76a0	0x6aa0	0x1d3
lstrcatA	-	0x4070e0	0x76a4	0x6aa4	0x3bd
GetSystemDirectoryA	-	0x4070e4	0x76a8	0x6aa8	0x1c1
WaitForSingleObject	-	0x4070e8	0x76ac	0x6aac	0x390
SetFileTime	-	0x4070ec	0x76b0	0x6ab0	0x31f
CloseHandle	-	0x4070f0	0x76b4	0x6ab4	0x34
GlobalFree	-	0x4070f4	0x76b8	0x6ab8	0x1ff
lstrcmpA	-	0x4070f8	0x76bc	0x6abc	0x3c0
ExpandEnvironmentStringsA	-	0x4070fc	0x76c0	0x6ac0	0xbc
GetExitCodeProcess	-	0x407100	0x76c4	0x6ac4	0x15a
GlobalAlloc	-	0x407104	0x76c8	0x6ac8	0x1f8
lstrlenA	-	0x407108	0x76cc	0x6acc	0x3cc
GetCommandLineA	-	0x40710c	0x76d0	0x6ad0	0x110
GetProcAddress	-	0x407110	0x76d4	0x6ad4	0x1a0
FindFirstFileA	-	0x407114	0x76d8	0x6ad8	0xd2
FindNextFileA	-	0x407118	0x76dc	0x6adc	0xdc
DeleteFileA	-	0x40711c	0x76e0	0x6ae0	0x83
SetFilePointer	-	0x407120	0x76e4	0x6ae4	0x31b
ReadFile	-	0x407124	0x76e8	0x6ae8	0x2b5
FindClose	-	0x407128	0x76ec	0x6aec	0xce
GetPrivateProfileStringA	-	0x40712c	0x76f0	0x6af0	0x19c
WritePrivateProfileStringA	-	0x407130	0x76f4	0x6af4	0x3a9
WriteFile	-	0x407134	0x76f8	0x6af8	0x3a4
MulDiv	-	0x407138	0x76fc	0x6afc	0x274
MultiByteToWideChar	-	0x40713c	0x7700	0x6b00	0x275
LoadLibraryExA	-	0x407140	0x7704	0x6b04	0x253
GetModuleHandleA	-	0x407144	0x7708	0x6b08	0x17f
FreeLibrary	-	0x407148	0x770c	0x6b0c	0xf8

USER32.dll (62)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SetCursor	-	0x40716c	0x7730	0x6b30	0x24d
GetWindowRect	-	0x407170	0x7734	0x6b34	0x174
EnableMenuItem	-	0x407174	0x7738	0x6b38	0xc2
GetSystemMenu	-	0x407178	0x773c	0x6b3c	0x15c
SetClassLongA	-	0x40717c	0x7740	0x6b40	0x247
IsWindowEnabled	-	0x407180	0x7744	0x6b44	0x1ae
SetWindowPos	-	0x407184	0x7748	0x6b48	0x283
GetSysColor	-	0x407188	0x774c	0x6b4c	0x15a
EndDialog	-	0x40718c	0x7750	0x6b50	0xc6
ScreenToClient	-	0x407190	0x7754	0x6b54	0x231
LoadCursorA	-	0x407194	0x7758	0x6b58	0x1ba
CheckDlgButton	-	0x407198	0x775c	0x6b5c	0x38
GetMessagePos	-	0x40719c	0x7760	0x6b60	0x13c
LoadBitmapA	-	0x4071a0	0x7764	0x6b64	0x1b8
CallWindowProcA	-	0x4071a4	0x7768	0x6b68	0x1b
IsWindowVisible	-	0x4071a8	0x776c	0x6b6c	0x1b1
CloseClipboard	-	0x4071ac	0x7770	0x6b70	0x42
SetForegroundWindow	-	0x4071b0	0x7774	0x6b74	0x257
GetWindowLongA	-	0x4071b4	0x7778	0x6b78	0x16e
RegisterClassA	-	0x4071b8	0x777c	0x6b7c	0x216
TrackPopupMenu	-	0x4071bc	0x7780	0x6b80	0x2a4
AppendMenuA	-	0x4071c0	0x7784	0x6b84	0x8
CreatePopupMenu	-	0x4071c4	0x7788	0x6b88	0x5e
GetSystemMetrics	-	0x4071c8	0x778c	0x6b8c	0x15d
SetDlgItemTextA	-	0x4071cc	0x7790	0x6b90	0x253
GetDlgItemTextA	-	0x4071d0	0x7794	0x6b94	0x113
MessageBoxIndirectA	-	0x4071d4	0x7798	0x6b98	0x1e2
CharPrevA	-	0x4071d8	0x779c	0x6b9c	0x2d
DispatchMessageA	-	0x4071dc	0x77a0	0x6ba0	0xa1
PeekMessageA	-	0x4071e0	0x77a4	0x6ba4	0x200
GetDC	-	0x4071e4	0x77a8	0x6ba8	0x10c
EnableWindow	-	0x4071e8	0x77ac	0x6bac	0xc4
InvalidateRect	-	0x4071ec	0x77b0	0x6bb0	0x193
SendMessageA	-	0x4071f0	0x77b4	0x6bb4	0x23b
DefWindowProcA	-	0x4071f4	0x77b8	0x6bb8	0x8e
BeginPaint	-	0x4071f8	0x77bc	0x6bbc	0xd
GetClientRect	-	0x4071fc	0x77c0	0x6bc0	0xff
FillRect	-	0x407200	0x77c4	0x6bc4	0xe2
DrawTextA	-	0x407204	0x77c8	0x6bc8	0xbc
SystemParametersInfoA	-	0x407208	0x77cc	0x6bcc	0x299
CreateWindowExA	-	0x40720c	0x77d0	0x6bd0	0x60
GetClassInfoA	-	0x407210	0x77d4	0x6bd4	0xf6
DialogBoxParamA	-	0x407214	0x77d8	0x6bd8	0x9e
CharNextA	-	0x407218	0x77dc	0x6bdc	0x2a
ExitWindowsEx	-	0x40721c	0x77e0	0x6be0	0xe1
SetTimer	-	0x407220	0x77e4	0x6be4	0x27a
PostQuitMessage	-	0x407224	0x77e8	0x6be8	0x204
SetWindowLongA	-	0x407228	0x77ec	0x6bec	0x280
SendMessageTimeoutA	-	0x40722c	0x77f0	0x6bf0	0x23e
LoadImageA	-	0x407230	0x77f4	0x6bf4	0x1c0
wsprintfA	-	0x407234	0x77f8	0x6bf8	0x2d7
GetDlgItem	-	0x407238	0x77fc	0x6bfc	0x111
FindWindowExA	-	0x40723c	0x7800	0x6c00	0xe4
IsWindow	-	0x407240	0x7804	0x6c04	0x1ad
SetClipboardData	-	0x407244	0x7808	0x6c08	0x24a
EmptyClipboard	-	0x407248	0x780c	0x6c0c	0xc1
OpenClipboard	-	0x40724c	0x7810	0x6c10	0x1f6
EndPaint	-	0x407250	0x7814	0x6c14	0xc8
CreateDialogParamA	-	0x407254	0x7818	0x6c18	0x55
DestroyWindow	-	0x407258	0x781c	0x6c1c	0x99
ShowWindow	-	0x40725c	0x7820	0x6c20	0x292
SetWindowTextA	-	0x407260	0x7824	0x6c24	0x286

GDI32.dll (8)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SelectObject	-	0x407040	0x7604	0x6a04	0x20e
SetBkMode	-	0x407044	0x7608	0x6a08	0x216
CreateFontIndirectA	-	0x407048	0x760c	0x6a0c	0x3a
SetTextColor	-	0x40704c	0x7610	0x6a10	0x23c
DeleteObject	-	0x407050	0x7614	0x6a14	0x8f
GetDeviceCaps	-	0x407054	0x7618	0x6a18	0x16b
CreateBrushIndirect	-	0x407058	0x761c	0x6a1c	0x29
SetBkColor	-	0x40705c	0x7620	0x6a20	0x215

SHELL32.dll (6)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SHGetSpecialFolderLocation	-	0x407150	0x7714	0x6b14	0xc3
SHGetPathFromIDListA	-	0x407154	0x7718	0x6b18	0xbc
SHBrowseForFolderA	-	0x407158	0x771c	0x6b1c	0x79
SHGetFileInfoA	-	0x40715c	0x7720	0x6b20	0xac
SHFileOperationA	-	0x407160	0x7724	0x6b24	0x9a
ShellExecuteA	-	0x407164	0x7728	0x6b28	0x107

ADVAPI32.dll (10)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegDeleteValueA	-	0x407000	0x75c4	0x69c4	0x1d8
SetFileSecurityA	-	0x407004	0x75c8	0x69c8	0x22e
RegOpenKeyExA	-	0x407008	0x75cc	0x69cc	0x1ec
RegDeleteKeyA	-	0x40700c	0x75d0	0x69d0	0x1d4
RegEnumValueA	-	0x407010	0x75d4	0x69d4	0x1e1
RegCloseKey	-	0x407014	0x75d8	0x69d8	0x1cb
RegCreateKeyExA	-	0x407018	0x75dc	0x69dc	0x1d1
RegSetValueExA	-	0x40701c	0x75e0	0x69e0	0x204
RegQueryValueExA	-	0x407020	0x75e4	0x69e4	0x1f7
RegEnumKeyA	-	0x407024	0x75e8	0x69e8	0x1dd

COMCTL32.dll (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ImageList_AddMasked	-	0x40702c	0x75f0	0x69f0	0x34
ImageList_Destroy	-	0x407030	0x75f4	0x69f4	0x38
ImageList_Create	-	0x407034	0x75f8	0x69f8	0x37
(by ordinal)	0x11	0x407038	0x75fc	0x69fc	-

ole32.dll (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
OleUninitialize	-	0x407268	0x782c	0x6c2c	0x105
OleInitialize	-	0x40726c	0x7830	0x6c30	0xee
CoTaskMemFree	-	0x407270	0x7834	0x6c34	0x65
CoCreateInstance	-	0x407274	0x7838	0x6c38	0x10

Memory Dumps (14)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe	1	0x00400000	0x00437FFF	Relevant Image	32-bit	0x00405F57	... Memory Dump Actions Go to Process Download Dump
agyko.dll	1	0x6CCA0000	0x6CCAFFFF	First Execution	32-bit	0x6CCA7500	... Memory Dump Actions Go to Process Download Dump
agyko.dll	1	0x6CCA0000	0x6CCAFFFF	Content Changed	32-bit	0x6CCAA000	... Memory Dump Actions Go to Process Download Dump
buffer	2	0x00400000	0x0044BFFF	First Execution	32-bit	0x0040188B	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	1	0x0E4C0000	0x0E507FFF	Image In Buffer	32-bit	-	... Memory Dump Actions Go to Process Go to AV Match Go to YARA Matches Download Dump
167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe	1	0x00400000	0x00437FFF	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	2	0x00400000	0x0044BFFF	Content Changed	32-bit	0x0040208D	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	2	0x00400000	0x0044BFFF	Content Changed	32-bit	0x00403D3F	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	2	0x00400000	0x0044BFFF	Content Changed	32-bit	0x004045AA	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	2	0x00400000	0x0044BFFF	Content Changed	32-bit	0x00405A6D	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	2	0x00400000	0x0044BFFF	Content Changed	32-bit	0x00407AEC	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	2	0x00400000	0x0044BFFF	Content Changed	32-bit	0x0040B1EB	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	2	0x00400000	0x0044BFFF	Content Changed	32-bit	0x0040109F	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	2	0x04600000	0x0463BFFF	Image In Buffer	32-bit	-	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump

C:\Users\RDHJ0C~1\AppData\Local\Temp\nshEFEC.tmp

Dropped File

Unknown

MIME Type	-
File Size	0 Bytes
MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SSDeep	3::
ImpHash	-

C:\Users\RDHJ0C~1\AppData\Local\Temp\lwp4r7ldzqpo26xd

Dropped File

Stream

MIME Type	application/octet-stream
File Size	286.00 KB
MD5	2fe1dc80424e1f7a367c2ec10f82d6e3
SHA1	a1cbb2ee20eeb13b7d8a3c322bee54f2f44246e2
SHA256	8b59db4a29e96b2178af1491631076557866ecd5af4df7cb1fe02dd7a2aae38d
SSDeep	6144:FRBvdnc2iyeAsS4tuh/VUj8t6Ahcms8QA57bsuiSQS/Ve/fH/p15l9:FNe3QhWrcOuiSQS9o5n
ImpHash	-

C:\Users\RDHJ0C~1\AppData\Local\Temp\nshEFEC.tmp\agyko.dll

Dropped File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	47.00 KB
MD5	7dc59f4707dae01d8bc589b5764fbd65
SHA1	53397fb4fce54937bf30764283934b6573fd63a9
SHA256	d8f687ba9eea4e69aeaad9cccafd1ecc9be0b1b09c88ab8a4b5728aba666c903
SSDeep	768:rJiJkvsh0Yp4HbcfPTsVhVlI6SzFMdsrLRuxkeedSqlZNH5tTFO+DWB6nXRyigJh:kkvseYHTC3cO+DWB6ppGYud+mMujOstH
ImpHash	5b7c0894b3b71d7481d3a4733db1dd16

PE Information

Image Base	0x10000000
Size Of Code	0x6a00
Size Of Initialized Data	0x4e00
Size Of Uninitialized Data	0x200
File Type	FileType.dll
Subsystem	Subsystem.windows_cui
Machine Type	MachineType.i386
Compile Timestamp	2021-09-28 00:52:28+00:00

Sections (6)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x10001000	0x6881	0x6a00	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.39
.bss	0x10008000	0x18	0x0	0x0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.rdata	0x10009000	0xc9a	0xe00	0x6e00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.65
.data	0x1000a000	0x34ce	0x3600	0x7c00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	5.87
.rsrc	0x1000e000	0x1e0	0x200	0xb200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.71
.reloc	0x1000f000	0x70c	0x800	0xb400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	5.98

Imports (7)

SHLWAPI.dll (5)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
StrPBrkW	-	0x10009038	0x991c	0x771c	0x13f
SHRegGetBoolUSValueW	-	0x1000903c	0x9920	0x7720	0xe8
UrlIsNoHistoryW	-	0x10009040	0x9924	0x7724	0x170
PathRelativePathToW	-	0x10009044	0x9928	0x7728	0x85
SHRegWriteUSValueW	-	0x10009048	0x992c	0x772c	0xfd

VERSION.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetFileVersionInfoA	-	0x10009050	0x9934	0x7734	0x0
GetFileVersionInfoSizeA	-	0x10009054	0x9938	0x7738	0x4
VerQueryValueA	-	0x10009058	0x993c	0x773c	0xf

KERNEL32.dll (6)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
OpenProcess	-	0x10009000	0x98e4	0x76e4	0x406
GetLastError	-	0x10009004	0x98e8	0x76e8	0x25d
SetLastError	-	0x10009008	0x98ec	0x76ec	0x52a
EnumResourceTypesA	-	0x1000900c	0x98f0	0x76f0	0x145
ReadProcessMemory	-	0x10009010	0x98f4	0x76f4	0x46f
VirtualAlloc	-	0x10009014	0x98f8	0x76f8	0x5be

RPCRT4.dll (6)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CStdStubBuffer_DebugServerRelease	-	0x1000901c	0x9900	0x7700	0x4
CStdStubBuffer_Connect	-	0x10009020	0x9904	0x7704	0x1
NdrMesTypeAlignSize	-	0x10009024	0x9908	0x7708	0xfe
NdrConformantStructFree	-	0x10009028	0x990c	0x770c	0xbc
CStdStubBuffer_CountRefs	-	0x1000902c	0x9910	0x7710	0x2
RpcSsSwapClientAllocFree	-	0x10009030	0x9914	0x7714	0x207

WININET.dll (6)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ParseX509EncodedCertificateForListBoxEntry	-	0x10009060	0x9944	0x7744	0xf5
FindFirstUrlCacheContainerA	-	0x10009064	0x9948	0x7748	0x2c
GetUrlCacheEntryInfoExA	-	0x10009068	0x994c	0x774c	0x5c
CreateUrlCacheContainerW	-	0x1000906c	0x9950	0x7750	0x17
InternetQueryOptionA	-	0x10009070	0x9954	0x7754	0xcb
CreateUrlCacheContainerA	-	0x10009074	0x9958	0x7758	0x16

WSOCK32.dll (9)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
WSASetBlockingHook	0x6d	0x1000908c	0x9970	0x7770	-
getprotobyname	0x35	0x10009090	0x9974	0x7774	-
ord1115	0x45b	0x10009094	0x9978	0x7778	-
WSAIsBlocking	0x72	0x10009098	0x997c	0x777c	-
bind	0x2	0x1000909c	0x9980	0x7780	-
WSASetLastError	0x70	0x100090a0	0x9984	0x7784	-
ntohl	0xe	0x100090a4	0x9988	0x7788	-
WSAAsyncGetServByPort	0x6a	0x100090a8	0x998c	0x778c	-
ord1119	0x45f	0x100090ac	0x9990	0x7790	-

WS2_32.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
WSCGetProviderPath	-	0x1000907c	0x9960	0x7760	0x67
WSACloseEvent	-	0x10009080	0x9964	0x7764	0x1f
WSAEnumNameSpaceProvidersW	-	0x10009084	0x9968	0x7768	0x2a

Exports (1)

Api name	EAT Address	Ordinal
TclpOwkq	0x7500	0x1

Remarks

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

WHOIS Domain Information

Before

After