Malicious
Classifications
Downloader Injector
Threat Names
SmokeLoader Mal/Generic-S Mal/HTMLGen-A Generic.Andromeda.79093CCD +1
Dynamic Analysis Report
Created on 2021-12-01T06:35:00
toolspab3.exe
Windows Exe (x86-32)
Remarks (2/2)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "40 minutes, 53 seconds" to "9 seconds" to reveal dormant functionality.
(0x0200003A): A task was rescheduled ahead of time to reveal dormant functionality.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\RDhJ0CNFevzX\Desktop\toolspab3.exe | Sample File | Binary |
malicious
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\bcatcih (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 329.00 KB |
| MD5 |
1a430b2cbf785427c87c48d29a1a8c0f
|
| SHA1 |
e9b392c34c1bf0e42599bb561f111e3bcea7b3d9
|
| SHA256 |
1d1fc9d23aa14b4f484fb86c173c94084bc14a9f551747b6e06366649a229af5
|
| SSDeep |
6144:MaXePnFllS35U3jiXtHAt7ewOljc4hDxElcyG+V5:MaqllS35U3jiXtHAt7XOlw4jElcyG
|
| ImpHash |
eddec1d3c2023ed0e1e37ce0535d3b62
|
File Reputation Information
»
| Verdict |
malicious
|
| Names | Mal/Generic-S |
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x4194d0 |
| Size Of Code | 0x3c400 |
| Size Of Initialized Data | 0x94000 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2020-10-06 17:58:36+00:00 |
Sections (4)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x3c24e | 0x3c400 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.93 |
| .data | 0x43e000 | 0x8cc40 | 0xde00 | 0x3c800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.44 |
| .rsrc | 0x4cb000 | 0x4170 | 0x4200 | 0x4a600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.31 |
| .reloc | 0x4d0000 | 0x3bb6 | 0x3c00 | 0x4e800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 4.17 |
Imports (1)
»
KERNEL32.dll (218)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ExitProcess | - | 0x401000 | 0x3bdcc | 0x3b1cc | 0x119 |
| GetComputerNameA | - | 0x401004 | 0x3bdd0 | 0x3b1d0 | 0x18c |
| GetFullPathNameA | - | 0x401008 | 0x3bdd4 | 0x3b1d4 | 0x1f8 |
| LocalUnlock | - | 0x40100c | 0x3bdd8 | 0x3b1d8 | 0x34e |
| EnumResourceNamesW | - | 0x401010 | 0x3bddc | 0x3b1dc | 0x102 |
| SetCriticalSectionSpinCount | - | 0x401014 | 0x3bde0 | 0x3b1e0 | 0x44a |
| GlobalMemoryStatus | - | 0x401018 | 0x3bde4 | 0x3b1e4 | 0x2bf |
| FindResourceA | - | 0x40101c | 0x3bde8 | 0x3b1e8 | 0x14b |
| FindFirstFileW | - | 0x401020 | 0x3bdec | 0x3b1ec | 0x139 |
| SetThreadContext | - | 0x401024 | 0x3bdf0 | 0x3b1f0 | 0x491 |
| FindFirstChangeNotificationW | - | 0x401028 | 0x3bdf4 | 0x3b1f4 | 0x131 |
| WriteConsoleInputW | - | 0x40102c | 0x3bdf8 | 0x3b1f8 | 0x51e |
| SetFilePointer | - | 0x401030 | 0x3bdfc | 0x3b1fc | 0x466 |
| EnumDateFormatsExW | - | 0x401034 | 0x3be00 | 0x3b200 | 0xf7 |
| CopyFileExW | - | 0x401038 | 0x3be04 | 0x3b204 | 0x72 |
| GetNumaProcessorNode | - | 0x40103c | 0x3be08 | 0x3b208 | 0x22d |
| TlsGetValue | - | 0x401040 | 0x3be0c | 0x3b20c | 0x4c7 |
| GetStringTypeA | - | 0x401044 | 0x3be10 | 0x3b210 | 0x266 |
| SetLocalTime | - | 0x401048 | 0x3be14 | 0x3b214 | 0x476 |
| UnmapViewOfFile | - | 0x40104c | 0x3be18 | 0x3b218 | 0x4d6 |
| MoveFileExA | - | 0x401050 | 0x3be1c | 0x3b21c | 0x35f |
| CommConfigDialogA | - | 0x401054 | 0x3be20 | 0x3b220 | 0x5d |
| BuildCommDCBAndTimeoutsA | - | 0x401058 | 0x3be24 | 0x3b224 | 0x3b |
| DeleteVolumeMountPointA | - | 0x40105c | 0x3be28 | 0x3b228 | 0xdb |
| SetUnhandledExceptionFilter | - | 0x401060 | 0x3be2c | 0x3b22c | 0x4a5 |
| MoveFileExW | - | 0x401064 | 0x3be30 | 0x3b230 | 0x360 |
| InterlockedDecrement | - | 0x401068 | 0x3be34 | 0x3b234 | 0x2eb |
| GetCurrentProcess | - | 0x40106c | 0x3be38 | 0x3b238 | 0x1c0 |
| WritePrivateProfileSectionA | - | 0x401070 | 0x3be3c | 0x3b23c | 0x528 |
| SetDefaultCommConfigW | - | 0x401074 | 0x3be40 | 0x3b240 | 0x44f |
| SetFirmwareEnvironmentVariableA | - | 0x401078 | 0x3be44 | 0x3b244 | 0x46c |
| QueryDosDeviceA | - | 0x40107c | 0x3be48 | 0x3b248 | 0x39f |
| GlobalLock | - | 0x401080 | 0x3be4c | 0x3b24c | 0x2be |
| SetVolumeMountPointW | - | 0x401084 | 0x3be50 | 0x3b250 | 0x4ab |
| SetEvent | - | 0x401088 | 0x3be54 | 0x3b254 | 0x459 |
| SetThreadExecutionState | - | 0x40108c | 0x3be58 | 0x3b258 | 0x493 |
| OpenSemaphoreA | - | 0x401090 | 0x3be5c | 0x3b25c | 0x383 |
| SleepEx | - | 0x401094 | 0x3be60 | 0x3b260 | 0x4b5 |
| FreeEnvironmentStringsA | - | 0x401098 | 0x3be64 | 0x3b264 | 0x160 |
| _lclose | - | 0x40109c | 0x3be68 | 0x3b268 | 0x537 |
| GetCommConfig | - | 0x4010a0 | 0x3be6c | 0x3b26c | 0x180 |
| GetProcessHeap | - | 0x4010a4 | 0x3be70 | 0x3b270 | 0x24a |
| GetNumberFormatA | - | 0x4010a8 | 0x3be74 | 0x3b274 | 0x231 |
| GetPrivateProfileStringW | - | 0x4010ac | 0x3be78 | 0x3b278 | 0x242 |
| CreateRemoteThread | - | 0x4010b0 | 0x3be7c | 0x3b27c | 0xa9 |
| GetCompressedFileSizeW | - | 0x4010b4 | 0x3be80 | 0x3b280 | 0x18b |
| WaitNamedPipeW | - | 0x4010b8 | 0x3be84 | 0x3b284 | 0x500 |
| EnumTimeFormatsA | - | 0x4010bc | 0x3be88 | 0x3b288 | 0x110 |
| SetCommState | - | 0x4010c0 | 0x3be8c | 0x3b28c | 0x425 |
| GetSystemWow64DirectoryA | - | 0x4010c4 | 0x3be90 | 0x3b290 | 0x27d |
| WriteFileGather | - | 0x4010c8 | 0x3be94 | 0x3b294 | 0x527 |
| TzSpecificLocalTimeToSystemTime | - | 0x4010cc | 0x3be98 | 0x3b298 | 0x4d0 |
| TlsSetValue | - | 0x4010d0 | 0x3be9c | 0x3b29c | 0x4c8 |
| AllocateUserPhysicalPages | - | 0x4010d4 | 0x3bea0 | 0x3b2a0 | 0x11 |
| FindResourceExA | - | 0x4010d8 | 0x3bea4 | 0x3b2a4 | 0x14c |
| GetConsoleCP | - | 0x4010dc | 0x3bea8 | 0x3b2a8 | 0x19a |
| GetPrivateProfileIntA | - | 0x4010e0 | 0x3beac | 0x3b2ac | 0x23b |
| LoadLibraryW | - | 0x4010e4 | 0x3beb0 | 0x3b2b0 | 0x33f |
| GetConsoleMode | - | 0x4010e8 | 0x3beb4 | 0x3b2b4 | 0x1ac |
| FatalAppExitW | - | 0x4010ec | 0x3beb8 | 0x3b2b8 | 0x121 |
| GetThreadSelectorEntry | - | 0x4010f0 | 0x3bebc | 0x3b2bc | 0x290 |
| CopyFileW | - | 0x4010f4 | 0x3bec0 | 0x3b2c0 | 0x75 |
| GetPrivateProfileStructW | - | 0x4010f8 | 0x3bec4 | 0x3b2c4 | 0x244 |
| GetCalendarInfoA | - | 0x4010fc | 0x3bec8 | 0x3b2c8 | 0x179 |
| SetSystemTimeAdjustment | - | 0x401100 | 0x3becc | 0x3b2cc | 0x48c |
| GetProcessHandleCount | - | 0x401104 | 0x3bed0 | 0x3b2d0 | 0x249 |
| GetSystemWindowsDirectoryA | - | 0x401108 | 0x3bed4 | 0x3b2d4 | 0x27b |
| ReadConsoleOutputW | - | 0x40110c | 0x3bed8 | 0x3b2d8 | 0x3bd |
| GetConsoleAliasExesLengthW | - | 0x401110 | 0x3bedc | 0x3b2dc | 0x193 |
| GetSystemTimeAdjustment | - | 0x401114 | 0x3bee0 | 0x3b2e0 | 0x278 |
| GetVersionExW | - | 0x401118 | 0x3bee4 | 0x3b2e4 | 0x2a4 |
| SetConsoleCP | - | 0x40111c | 0x3bee8 | 0x3b2e8 | 0x42c |
| LeaveCriticalSection | - | 0x401120 | 0x3beec | 0x3b2ec | 0x339 |
| GetFileAttributesA | - | 0x401124 | 0x3bef0 | 0x3b2f0 | 0x1e5 |
| lstrcpynW | - | 0x401128 | 0x3bef4 | 0x3b2f4 | 0x54b |
| SetDllDirectoryA | - | 0x40112c | 0x3bef8 | 0x3b2f8 | 0x450 |
| SetConsoleMode | - | 0x401130 | 0x3befc | 0x3b2fc | 0x43d |
| HeapValidate | - | 0x401134 | 0x3bf00 | 0x3b300 | 0x2d7 |
| GetVolumePathNamesForVolumeNameW | - | 0x401138 | 0x3bf04 | 0x3b304 | 0x2ad |
| SetConsoleCursorPosition | - | 0x40113c | 0x3bf08 | 0x3b308 | 0x431 |
| GetBinaryTypeA | - | 0x401140 | 0x3bf0c | 0x3b30c | 0x170 |
| IsBadWritePtr | - | 0x401144 | 0x3bf10 | 0x3b310 | 0x2fa |
| TerminateProcess | - | 0x401148 | 0x3bf14 | 0x3b314 | 0x4c0 |
| GetModuleFileNameW | - | 0x40114c | 0x3bf18 | 0x3b318 | 0x214 |
| CreateActCtxA | - | 0x401150 | 0x3bf1c | 0x3b31c | 0x77 |
| GetBinaryTypeW | - | 0x401154 | 0x3bf20 | 0x3b320 | 0x171 |
| lstrcmpW | - | 0x401158 | 0x3bf24 | 0x3b324 | 0x542 |
| lstrlenW | - | 0x40115c | 0x3bf28 | 0x3b328 | 0x54e |
| IsBadStringPtrA | - | 0x401160 | 0x3bf2c | 0x3b32c | 0x2f8 |
| GetTempPathW | - | 0x401164 | 0x3bf30 | 0x3b330 | 0x285 |
| CreateJobObjectA | - | 0x401168 | 0x3bf34 | 0x3b334 | 0x95 |
| GetNamedPipeHandleStateW | - | 0x40116c | 0x3bf38 | 0x3b338 | 0x221 |
| EnumSystemLocalesA | - | 0x401170 | 0x3bf3c | 0x3b33c | 0x10d |
| VerifyVersionInfoW | - | 0x401174 | 0x3bf40 | 0x3b340 | 0x4e8 |
| SetCurrentDirectoryA | - | 0x401178 | 0x3bf44 | 0x3b344 | 0x44c |
| GetCPInfoExW | - | 0x40117c | 0x3bf48 | 0x3b348 | 0x174 |
| OpenMutexW | - | 0x401180 | 0x3bf4c | 0x3b34c | 0x37d |
| GetLastError | - | 0x401184 | 0x3bf50 | 0x3b350 | 0x202 |
| ChangeTimerQueueTimer | - | 0x401188 | 0x3bf54 | 0x3b354 | 0x48 |
| GetLongPathNameW | - | 0x40118c | 0x3bf58 | 0x3b358 | 0x20f |
| SetLastError | - | 0x401190 | 0x3bf5c | 0x3b35c | 0x473 |
| GetProcAddress | - | 0x401194 | 0x3bf60 | 0x3b360 | 0x245 |
| VirtualAlloc | - | 0x401198 | 0x3bf64 | 0x3b364 | 0x4e9 |
| HeapSize | - | 0x40119c | 0x3bf68 | 0x3b368 | 0x2d4 |
| PeekConsoleInputW | - | 0x4011a0 | 0x3bf6c | 0x3b36c | 0x38c |
| BackupWrite | - | 0x4011a4 | 0x3bf70 | 0x3b370 | 0x1a |
| CreateNamedPipeA | - | 0x4011a8 | 0x3bf74 | 0x3b374 | 0x9f |
| EnumDateFormatsExA | - | 0x4011ac | 0x3bf78 | 0x3b378 | 0xf5 |
| CreateJobSet | - | 0x4011b0 | 0x3bf7c | 0x3b37c | 0x97 |
| LocalLock | - | 0x4011b4 | 0x3bf80 | 0x3b380 | 0x34a |
| SetStdHandle | - | 0x4011b8 | 0x3bf84 | 0x3b384 | 0x487 |
| EnterCriticalSection | - | 0x4011bc | 0x3bf88 | 0x3b388 | 0xee |
| VerLanguageNameW | - | 0x4011c0 | 0x3bf8c | 0x3b38c | 0x4e3 |
| SearchPathA | - | 0x4011c4 | 0x3bf90 | 0x3b390 | 0x41c |
| BuildCommDCBW | - | 0x4011c8 | 0x3bf94 | 0x3b394 | 0x3d |
| DefineDosDeviceA | - | 0x4011cc | 0x3bf98 | 0x3b398 | 0xcc |
| GetPrivateProfileStringA | - | 0x4011d0 | 0x3bf9c | 0x3b39c | 0x241 |
| GetAtomNameA | - | 0x4011d4 | 0x3bfa0 | 0x3b3a0 | 0x16d |
| OpenMutexA | - | 0x4011d8 | 0x3bfa4 | 0x3b3a4 | 0x37c |
| CreateSemaphoreW | - | 0x4011dc | 0x3bfa8 | 0x3b3a8 | 0xae |
| LocalAlloc | - | 0x4011e0 | 0x3bfac | 0x3b3ac | 0x344 |
| WritePrivateProfileStringA | - | 0x4011e4 | 0x3bfb0 | 0x3b3b0 | 0x52a |
| CreateHardLinkW | - | 0x4011e8 | 0x3bfb4 | 0x3b3b4 | 0x93 |
| IsSystemResumeAutomatic | - | 0x4011ec | 0x3bfb8 | 0x3b3b8 | 0x305 |
| GetExitCodeThread | - | 0x4011f0 | 0x3bfbc | 0x3b3bc | 0x1e0 |
| SetCurrentDirectoryW | - | 0x4011f4 | 0x3bfc0 | 0x3b3c0 | 0x44d |
| SetFileApisToANSI | - | 0x4011f8 | 0x3bfc4 | 0x3b3c4 | 0x45c |
| VirtualLock | - | 0x4011fc | 0x3bfc8 | 0x3b3c8 | 0x4ee |
| GetCurrentConsoleFont | - | 0x401200 | 0x3bfcc | 0x3b3cc | 0x1bc |
| HeapWalk | - | 0x401204 | 0x3bfd0 | 0x3b3d0 | 0x2d8 |
| GetPrivateProfileStructA | - | 0x401208 | 0x3bfd4 | 0x3b3d4 | 0x243 |
| SetNamedPipeHandleState | - | 0x40120c | 0x3bfd8 | 0x3b3d8 | 0x47c |
| SetSystemTime | - | 0x401210 | 0x3bfdc | 0x3b3dc | 0x48b |
| SetEnvironmentVariableA | - | 0x401214 | 0x3bfe0 | 0x3b3e0 | 0x456 |
| GetModuleFileNameA | - | 0x401218 | 0x3bfe4 | 0x3b3e4 | 0x213 |
| GetPrivateProfileSectionNamesA | - | 0x40121c | 0x3bfe8 | 0x3b3e8 | 0x23e |
| GetDefaultCommConfigA | - | 0x401220 | 0x3bfec | 0x3b3ec | 0x1c9 |
| FindNextFileA | - | 0x401224 | 0x3bff0 | 0x3b3f0 | 0x143 |
| WriteProfileStringA | - | 0x401228 | 0x3bff4 | 0x3b3f4 | 0x531 |
| WTSGetActiveConsoleSessionId | - | 0x40122c | 0x3bff8 | 0x3b3f8 | 0x4f4 |
| EnumDateFormatsA | - | 0x401230 | 0x3bffc | 0x3b3fc | 0xf4 |
| CreateIoCompletionPort | - | 0x401234 | 0x3c000 | 0x3b400 | 0x94 |
| SetConsoleTitleW | - | 0x401238 | 0x3c004 | 0x3b404 | 0x448 |
| GetModuleHandleA | - | 0x40123c | 0x3c008 | 0x3b408 | 0x215 |
| QueueUserWorkItem | - | 0x401240 | 0x3c00c | 0x3b40c | 0x3b0 |
| ContinueDebugEvent | - | 0x401244 | 0x3c010 | 0x3b410 | 0x67 |
| lstrcatW | - | 0x401248 | 0x3c014 | 0x3b414 | 0x53f |
| HeapSetInformation | - | 0x40124c | 0x3c018 | 0x3b418 | 0x2d3 |
| FreeEnvironmentStringsW | - | 0x401250 | 0x3c01c | 0x3b41c | 0x161 |
| GetConsoleTitleW | - | 0x401254 | 0x3c020 | 0x3b420 | 0x1b6 |
| WriteProfileStringW | - | 0x401258 | 0x3c024 | 0x3b424 | 0x532 |
| EnumDateFormatsW | - | 0x40125c | 0x3c028 | 0x3b428 | 0xf8 |
| CompareStringA | - | 0x401260 | 0x3c02c | 0x3b42c | 0x61 |
| GetFileAttributesExW | - | 0x401264 | 0x3c030 | 0x3b430 | 0x1e7 |
| GetConsoleCursorInfo | - | 0x401268 | 0x3c034 | 0x3b434 | 0x1a0 |
| FatalAppExitA | - | 0x40126c | 0x3c038 | 0x3b438 | 0x120 |
| WriteConsoleOutputAttribute | - | 0x401270 | 0x3c03c | 0x3b43c | 0x520 |
| OutputDebugStringA | - | 0x401274 | 0x3c040 | 0x3b440 | 0x389 |
| SetProcessShutdownParameters | - | 0x401278 | 0x3c044 | 0x3b444 | 0x483 |
| FindFirstVolumeA | - | 0x40127c | 0x3c048 | 0x3b448 | 0x13c |
| TerminateJobObject | - | 0x401280 | 0x3c04c | 0x3b44c | 0x4bf |
| CloseHandle | - | 0x401284 | 0x3c050 | 0x3b450 | 0x52 |
| DeleteTimerQueueTimer | - | 0x401288 | 0x3c054 | 0x3b454 | 0xda |
| DeleteFileW | - | 0x40128c | 0x3c058 | 0x3b458 | 0xd6 |
| GlobalAddAtomW | - | 0x401290 | 0x3c05c | 0x3b45c | 0x2b2 |
| SetFileValidData | - | 0x401294 | 0x3c060 | 0x3b460 | 0x46b |
| FindActCtxSectionStringW | - | 0x401298 | 0x3c064 | 0x3b464 | 0x12b |
| ResetWriteWatch | - | 0x40129c | 0x3c068 | 0x3b468 | 0x410 |
| UnregisterWaitEx | - | 0x4012a0 | 0x3c06c | 0x3b46c | 0x4db |
| InterlockedPushEntrySList | - | 0x4012a4 | 0x3c070 | 0x3b470 | 0x2f1 |
| CopyFileExA | - | 0x4012a8 | 0x3c074 | 0x3b474 | 0x71 |
| lstrcpyA | - | 0x4012ac | 0x3c078 | 0x3b478 | 0x547 |
| MoveFileA | - | 0x4012b0 | 0x3c07c | 0x3b47c | 0x35e |
| DeleteFileA | - | 0x4012b4 | 0x3c080 | 0x3b480 | 0xd3 |
| EncodePointer | - | 0x4012b8 | 0x3c084 | 0x3b484 | 0xea |
| DecodePointer | - | 0x4012bc | 0x3c088 | 0x3b488 | 0xca |
| GetCommandLineW | - | 0x4012c0 | 0x3c08c | 0x3b48c | 0x187 |
| GetStartupInfoW | - | 0x4012c4 | 0x3c090 | 0x3b490 | 0x263 |
| InterlockedIncrement | - | 0x4012c8 | 0x3c094 | 0x3b494 | 0x2ef |
| GetModuleHandleW | - | 0x4012cc | 0x3c098 | 0x3b498 | 0x218 |
| UnhandledExceptionFilter | - | 0x4012d0 | 0x3c09c | 0x3b49c | 0x4d3 |
| IsDebuggerPresent | - | 0x4012d4 | 0x3c0a0 | 0x3b4a0 | 0x300 |
| WriteFile | - | 0x4012d8 | 0x3c0a4 | 0x3b4a4 | 0x525 |
| GetStdHandle | - | 0x4012dc | 0x3c0a8 | 0x3b4a8 | 0x264 |
| IsBadReadPtr | - | 0x4012e0 | 0x3c0ac | 0x3b4ac | 0x2f7 |
| TlsAlloc | - | 0x4012e4 | 0x3c0b0 | 0x3b4b0 | 0x4c5 |
| GetCurrentThreadId | - | 0x4012e8 | 0x3c0b4 | 0x3b4b4 | 0x1c5 |
| TlsFree | - | 0x4012ec | 0x3c0b8 | 0x3b4b8 | 0x4c6 |
| SetHandleCount | - | 0x4012f0 | 0x3c0bc | 0x3b4bc | 0x46f |
| InitializeCriticalSectionAndSpinCount | - | 0x4012f4 | 0x3c0c0 | 0x3b4c0 | 0x2e3 |
| GetFileType | - | 0x4012f8 | 0x3c0c4 | 0x3b4c4 | 0x1f3 |
| DeleteCriticalSection | - | 0x4012fc | 0x3c0c8 | 0x3b4c8 | 0xd1 |
| QueryPerformanceCounter | - | 0x401300 | 0x3c0cc | 0x3b4cc | 0x3a7 |
| GetTickCount | - | 0x401304 | 0x3c0d0 | 0x3b4d0 | 0x293 |
| GetCurrentProcessId | - | 0x401308 | 0x3c0d4 | 0x3b4d4 | 0x1c1 |
| GetSystemTimeAsFileTime | - | 0x40130c | 0x3c0d8 | 0x3b4d8 | 0x279 |
| GetEnvironmentStringsW | - | 0x401310 | 0x3c0dc | 0x3b4dc | 0x1da |
| HeapCreate | - | 0x401314 | 0x3c0e0 | 0x3b4e0 | 0x2cd |
| GetACP | - | 0x401318 | 0x3c0e4 | 0x3b4e4 | 0x168 |
| GetOEMCP | - | 0x40131c | 0x3c0e8 | 0x3b4e8 | 0x237 |
| GetCPInfo | - | 0x401320 | 0x3c0ec | 0x3b4ec | 0x172 |
| IsValidCodePage | - | 0x401324 | 0x3c0f0 | 0x3b4f0 | 0x30a |
| WriteConsoleW | - | 0x401328 | 0x3c0f4 | 0x3b4f4 | 0x524 |
| OutputDebugStringW | - | 0x40132c | 0x3c0f8 | 0x3b4f8 | 0x38a |
| RtlUnwind | - | 0x401330 | 0x3c0fc | 0x3b4fc | 0x418 |
| MultiByteToWideChar | - | 0x401334 | 0x3c100 | 0x3b500 | 0x367 |
| HeapAlloc | - | 0x401338 | 0x3c104 | 0x3b504 | 0x2cb |
| HeapReAlloc | - | 0x40133c | 0x3c108 | 0x3b508 | 0x2d2 |
| HeapQueryInformation | - | 0x401340 | 0x3c10c | 0x3b50c | 0x2d1 |
| HeapFree | - | 0x401344 | 0x3c110 | 0x3b510 | 0x2cf |
| WideCharToMultiByte | - | 0x401348 | 0x3c114 | 0x3b514 | 0x511 |
| LCMapStringW | - | 0x40134c | 0x3c118 | 0x3b518 | 0x32d |
| GetStringTypeW | - | 0x401350 | 0x3c11c | 0x3b51c | 0x269 |
| IsProcessorFeaturePresent | - | 0x401354 | 0x3c120 | 0x3b520 | 0x304 |
| FlushFileBuffers | - | 0x401358 | 0x3c124 | 0x3b524 | 0x157 |
| ReadFile | - | 0x40135c | 0x3c128 | 0x3b528 | 0x3c0 |
| RaiseException | - | 0x401360 | 0x3c12c | 0x3b52c | 0x3b1 |
| CreateFileW | - | 0x401364 | 0x3c130 | 0x3b530 | 0x8f |
Memory Dumps (6)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|---|
| toolspab3.exe | 1 | 0x00400000 | 0x004D3FFF | Relevant Image |
|
32-bit | 0x00421270 |
|
|
...
|
| buffer | 1 | 0x006D1E00 | 0x006E1227 | First Execution |
|
32-bit | 0x006D5831 |
|
|
...
|
| buffer | 1 | 0x00030000 | 0x00038FFF | First Execution |
|
32-bit | 0x00030000 |
|
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | First Execution |
|
32-bit | 0x00402F47 |
|
|
...
|
| toolspab3.exe | 1 | 0x00400000 | 0x004D3FFF | Process Termination |
|
32-bit | - |
|
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | Content Changed |
|
32-bit | 0x0040283D |
|
|
...
|
