VTI SCORE: 94/100
| Dynamic Analysis Report |
| Classification: Keylogger, Spyware |
4c603d763a2b79e36492413ff788e1dd795bc09c67b2f4eccad5f339ebe44e89 (SHA256)
nstpeer.exe
Windows Exe (x86-32)
Created at 2018-11-01 09:56:00
Notifications (2/2)
The operating system was rebooted during the analysis.
This is a filtered view
This list contains only the embedded files and created files
| Filters: |
There are no files for this filter
There are no files in this analysis
| Filename | Category | Type | Severity | Actions |
|---|
| C:\Users\CIIHMN~1\AppData\Local\Temp\AC4C\ADA6.tmp | Created File | Unknown |
Whitelisted
|
...
|
»
| Mime Type | application/x-empty |
| File Size | 0.00 KB |
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SSDeep |
3::
|
File Reputation Information
»
| Severity |
Whitelisted
|
| First Seen | 2011-05-27 11:27 (UTC+2) |
| Last Seen | 2017-04-19 12:47 (UTC+2) |
| Also Known As | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\adsldraw\autoclb.exe (Created File) |
| Mime Type | application/x-dosexec |
| File Size | 1.11 MB |
| MD5 |
8ac61890b22ca596db61d0f74da67b5d
|
| SHA1 |
2132beb454eaffd9b970015dcaa7d73a989d53ed
|
| SHA256 |
4c603d763a2b79e36492413ff788e1dd795bc09c67b2f4eccad5f339ebe44e89
|
| SSDeep |
24576:PjgCLkNHOU+dS88agRuBvYS3EXiCOLIKmV5rw:PjgvfR/HdCmXE
|
| ImpHash |
3822da640a00d3b07c8e8dac576e47c9
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x4272a0 |
| Size Of Code | 0x49e00 |
| Size Of Initialized Data | 0xd0e00 |
| File Type | executable |
| Subsystem | windows_gui |
| Machine Type | i386 |
| Compile Timestamp | 2018-10-31 04:11:38+00:00 |
Version Information (9)
»
| LegalCopyright | Copyright ©. |
| InternalName | VendettaDepths |
| FileVersion | 5.7.9.2 |
| CompanyName | Comparex |
| FileDescription | Warnings Lag Scenarios Cdedm |
| Comments | Warnings Lag Scenarios Cdedm |
| ProductName | VendettaDepths |
| ProductVersion | 5.7.9.2 |
| PrivateBuild | 5.7.9.2 |
Sections (4)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x49c31 | 0x49e00 | 0x400 | cnt_code, mem_execute, mem_read | 6.31 |
| .rdata | 0x44b000 | 0x15e02 | 0x16000 | 0x4a200 | cnt_initialized_data, mem_read | 4.63 |
| .data | 0x461000 | 0x3b84 | 0x1a00 | 0x60200 | cnt_initialized_data, mem_read, mem_write | 4.19 |
| .rsrc | 0x465000 | 0xb9330 | 0xb9400 | 0x61c00 | cnt_initialized_data, mem_read | 7.66 |
Imports (19)
»
KERNEL32.dll (115)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetStringTypeW | 0x0 | 0x44b104 | 0x5f338 | 0x5e538 | 0x269 |
| RtlUnwind | 0x0 | 0x44b108 | 0x5f33c | 0x5e53c | 0x418 |
| GetEnvironmentStringsW | 0x0 | 0x44b10c | 0x5f340 | 0x5e540 | 0x1da |
| FreeEnvironmentStringsW | 0x0 | 0x44b110 | 0x5f344 | 0x5e544 | 0x161 |
| GetTickCount | 0x0 | 0x44b114 | 0x5f348 | 0x5e548 | 0x293 |
| QueryPerformanceCounter | 0x0 | 0x44b118 | 0x5f34c | 0x5e54c | 0x3a7 |
| SetHandleCount | 0x0 | 0x44b11c | 0x5f350 | 0x5e550 | 0x46f |
| LCMapStringW | 0x0 | 0x44b120 | 0x5f354 | 0x5e554 | 0x32d |
| LoadLibraryW | 0x0 | 0x44b124 | 0x5f358 | 0x5e558 | 0x33f |
| GetFileType | 0x0 | 0x44b128 | 0x5f35c | 0x5e55c | 0x1f3 |
| WriteConsoleW | 0x0 | 0x44b12c | 0x5f360 | 0x5e560 | 0x524 |
| GetStdHandle | 0x0 | 0x44b130 | 0x5f364 | 0x5e564 | 0x264 |
| HeapCreate | 0x0 | 0x44b134 | 0x5f368 | 0x5e568 | 0x2cd |
| HeapQueryInformation | 0x0 | 0x44b138 | 0x5f36c | 0x5e56c | 0x2d1 |
| HeapSize | 0x0 | 0x44b13c | 0x5f370 | 0x5e570 | 0x2d4 |
| HeapReAlloc | 0x0 | 0x44b140 | 0x5f374 | 0x5e574 | 0x2d2 |
| TlsFree | 0x0 | 0x44b144 | 0x5f378 | 0x5e578 | 0x4c6 |
| TlsSetValue | 0x0 | 0x44b148 | 0x5f37c | 0x5e57c | 0x4c8 |
| TlsGetValue | 0x0 | 0x44b14c | 0x5f380 | 0x5e580 | 0x4c7 |
| TlsAlloc | 0x0 | 0x44b150 | 0x5f384 | 0x5e584 | 0x4c5 |
| IsValidCodePage | 0x0 | 0x44b154 | 0x5f388 | 0x5e588 | 0x30a |
| GetCPInfo | 0x0 | 0x44b158 | 0x5f38c | 0x5e58c | 0x172 |
| GetOEMCP | 0x0 | 0x44b15c | 0x5f390 | 0x5e590 | 0x237 |
| GetACP | 0x0 | 0x44b160 | 0x5f394 | 0x5e594 | 0x168 |
| GetStartupInfoW | 0x0 | 0x44b164 | 0x5f398 | 0x5e598 | 0x263 |
| HeapSetInformation | 0x0 | 0x44b168 | 0x5f39c | 0x5e59c | 0x2d3 |
| EnterCriticalSection | 0x0 | 0x44b16c | 0x5f3a0 | 0x5e5a0 | 0xee |
| SetFilePointer | 0x0 | 0x44b170 | 0x5f3a4 | 0x5e5a4 | 0x466 |
| GetConsoleMode | 0x0 | 0x44b174 | 0x5f3a8 | 0x5e5a8 | 0x1ac |
| ExitProcess | 0x0 | 0x44b178 | 0x5f3ac | 0x5e5ac | 0x119 |
| GetSystemTimeAsFileTime | 0x0 | 0x44b17c | 0x5f3b0 | 0x5e5b0 | 0x279 |
| IsDebuggerPresent | 0x0 | 0x44b180 | 0x5f3b4 | 0x5e5b4 | 0x300 |
| SetUnhandledExceptionFilter | 0x0 | 0x44b184 | 0x5f3b8 | 0x5e5b8 | 0x4a5 |
| UnhandledExceptionFilter | 0x0 | 0x44b188 | 0x5f3bc | 0x5e5bc | 0x4d3 |
| TerminateProcess | 0x0 | 0x44b18c | 0x5f3c0 | 0x5e5c0 | 0x4c0 |
| IsBadReadPtr | 0x0 | 0x44b190 | 0x5f3c4 | 0x5e5c4 | 0x2f7 |
| HeapValidate | 0x0 | 0x44b194 | 0x5f3c8 | 0x5e5c8 | 0x2d7 |
| DecodePointer | 0x0 | 0x44b198 | 0x5f3cc | 0x5e5cc | 0xca |
| EncodePointer | 0x0 | 0x44b19c | 0x5f3d0 | 0x5e5d0 | 0xea |
| VirtualQuery | 0x0 | 0x44b1a0 | 0x5f3d4 | 0x5e5d4 | 0x4f1 |
| GetModuleHandleW | 0x0 | 0x44b1a4 | 0x5f3d8 | 0x5e5d8 | 0x218 |
| VirtualProtect | 0x0 | 0x44b1a8 | 0x5f3dc | 0x5e5dc | 0x4ef |
| GetCurrentThread | 0x0 | 0x44b1ac | 0x5f3e0 | 0x5e5e0 | 0x1c4 |
| CreateFileMappingA | 0x0 | 0x44b1b0 | 0x5f3e4 | 0x5e5e4 | 0x89 |
| MapViewOfFile | 0x0 | 0x44b1b4 | 0x5f3e8 | 0x5e5e8 | 0x357 |
| UnmapViewOfFile | 0x0 | 0x44b1b8 | 0x5f3ec | 0x5e5ec | 0x4d6 |
| GetModuleFileNameW | 0x0 | 0x44b1bc | 0x5f3f0 | 0x5e5f0 | 0x214 |
| GetCurrentProcessId | 0x0 | 0x44b1c0 | 0x5f3f4 | 0x5e5f4 | 0x1c1 |
| OutputDebugStringW | 0x0 | 0x44b1c4 | 0x5f3f8 | 0x5e5f8 | 0x38a |
| OutputDebugStringA | 0x0 | 0x44b1c8 | 0x5f3fc | 0x5e5fc | 0x389 |
| OpenEventA | 0x0 | 0x44b1cc | 0x5f400 | 0x5e600 | 0x374 |
| SetEvent | 0x0 | 0x44b1d0 | 0x5f404 | 0x5e604 | 0x459 |
| InterlockedCompareExchange | 0x0 | 0x44b1d4 | 0x5f408 | 0x5e608 | 0x2e9 |
| IsProcessorFeaturePresent | 0x0 | 0x44b1d8 | 0x5f40c | 0x5e60c | 0x304 |
| HeapFree | 0x0 | 0x44b1dc | 0x5f410 | 0x5e610 | 0x2cf |
| InterlockedPopEntrySList | 0x0 | 0x44b1e0 | 0x5f414 | 0x5e614 | 0x2f0 |
| VirtualFree | 0x0 | 0x44b1e4 | 0x5f418 | 0x5e618 | 0x4ec |
| InterlockedPushEntrySList | 0x0 | 0x44b1e8 | 0x5f41c | 0x5e61c | 0x2f1 |
| ExitThread | 0x0 | 0x44b1ec | 0x5f420 | 0x5e620 | 0x11a |
| GetConsoleCP | 0x0 | 0x44b1f0 | 0x5f424 | 0x5e624 | 0x19a |
| GetProcAddress | 0x0 | 0x44b1f4 | 0x5f428 | 0x5e628 | 0x245 |
| lstrcmpiA | 0x0 | 0x44b1f8 | 0x5f42c | 0x5e62c | 0x544 |
| CreateThread | 0x0 | 0x44b1fc | 0x5f430 | 0x5e630 | 0xb5 |
| FlushFileBuffers | 0x0 | 0x44b200 | 0x5f434 | 0x5e634 | 0x157 |
| SetLastError | 0x0 | 0x44b204 | 0x5f438 | 0x5e638 | 0x473 |
| SetStdHandle | 0x0 | 0x44b208 | 0x5f43c | 0x5e63c | 0x487 |
| CreateFileW | 0x0 | 0x44b20c | 0x5f440 | 0x5e640 | 0x8f |
| InitializeCriticalSection | 0x0 | 0x44b210 | 0x5f444 | 0x5e644 | 0x2e2 |
| GetModuleFileNameA | 0x0 | 0x44b214 | 0x5f448 | 0x5e648 | 0x213 |
| GetModuleHandleA | 0x0 | 0x44b218 | 0x5f44c | 0x5e64c | 0x215 |
| LoadLibraryExA | 0x0 | 0x44b21c | 0x5f450 | 0x5e650 | 0x33d |
| FileTimeToLocalFileTime | 0x0 | 0x44b220 | 0x5f454 | 0x5e654 | 0x124 |
| CloseHandle | 0x0 | 0x44b224 | 0x5f458 | 0x5e658 | 0x52 |
| GetVersionExA | 0x0 | 0x44b228 | 0x5f45c | 0x5e65c | 0x2a3 |
| CreateToolhelp32Snapshot | 0x0 | 0x44b22c | 0x5f460 | 0x5e660 | 0xbe |
| FindFirstVolumeMountPointA | 0x0 | 0x44b230 | 0x5f464 | 0x5e664 | 0x13d |
| GetSystemInfo | 0x0 | 0x44b234 | 0x5f468 | 0x5e668 | 0x273 |
| DeviceIoControl | 0x0 | 0x44b238 | 0x5f46c | 0x5e66c | 0xdd |
| Process32Next | 0x0 | 0x44b23c | 0x5f470 | 0x5e670 | 0x397 |
| VirtualAlloc | 0x0 | 0x44b240 | 0x5f474 | 0x5e674 | 0x4e9 |
| FindVolumeMountPointClose | 0x0 | 0x44b244 | 0x5f478 | 0x5e678 | 0x151 |
| GetLogicalDriveStringsA | 0x0 | 0x44b248 | 0x5f47c | 0x5e67c | 0x207 |
| FindFirstFileA | 0x0 | 0x44b24c | 0x5f480 | 0x5e680 | 0x132 |
| ReadFile | 0x0 | 0x44b250 | 0x5f484 | 0x5e684 | 0x3c0 |
| FileTimeToSystemTime | 0x0 | 0x44b254 | 0x5f488 | 0x5e688 | 0x125 |
| GetPriorityClass | 0x0 | 0x44b258 | 0x5f48c | 0x5e68c | 0x23a |
| WriteFile | 0x0 | 0x44b25c | 0x5f490 | 0x5e690 | 0x525 |
| FindNextVolumeMountPointA | 0x0 | 0x44b260 | 0x5f494 | 0x5e694 | 0x148 |
| GetProcessHeap | 0x0 | 0x44b264 | 0x5f498 | 0x5e698 | 0x24a |
| Process32First | 0x0 | 0x44b268 | 0x5f49c | 0x5e69c | 0x395 |
| HeapAlloc | 0x0 | 0x44b26c | 0x5f4a0 | 0x5e6a0 | 0x2cb |
| GetFileSize | 0x0 | 0x44b270 | 0x5f4a4 | 0x5e6a4 | 0x1f0 |
| GetVolumeNameForVolumeMountPointA | 0x0 | 0x44b274 | 0x5f4a8 | 0x5e6a8 | 0x2a8 |
| CreateFileA | 0x0 | 0x44b278 | 0x5f4ac | 0x5e6ac | 0x88 |
| GetCurrentThreadId | 0x0 | 0x44b27c | 0x5f4b0 | 0x5e6b0 | 0x1c5 |
| ResumeThread | 0x0 | 0x44b280 | 0x5f4b4 | 0x5e6b4 | 0x413 |
| DeleteCriticalSection | 0x0 | 0x44b284 | 0x5f4b8 | 0x5e6b8 | 0xd1 |
| GetLastError | 0x0 | 0x44b288 | 0x5f4bc | 0x5e6bc | 0x202 |
| RaiseException | 0x0 | 0x44b28c | 0x5f4c0 | 0x5e6c0 | 0x3b1 |
| FlushInstructionCache | 0x0 | 0x44b290 | 0x5f4c4 | 0x5e6c4 | 0x158 |
| lstrlenW | 0x0 | 0x44b294 | 0x5f4c8 | 0x5e6c8 | 0x54e |
| MultiByteToWideChar | 0x0 | 0x44b298 | 0x5f4cc | 0x5e6cc | 0x367 |
| IsDBCSLeadByte | 0x0 | 0x44b29c | 0x5f4d0 | 0x5e6d0 | 0x2fe |
| LeaveCriticalSection | 0x0 | 0x44b2a0 | 0x5f4d4 | 0x5e6d4 | 0x339 |
| SizeofResource | 0x0 | 0x44b2a4 | 0x5f4d8 | 0x5e6d8 | 0x4b1 |
| InitializeCriticalSectionAndSpinCount | 0x0 | 0x44b2a8 | 0x5f4dc | 0x5e6dc | 0x2e3 |
| WideCharToMultiByte | 0x0 | 0x44b2ac | 0x5f4e0 | 0x5e6e0 | 0x511 |
| GetCurrentProcess | 0x0 | 0x44b2b0 | 0x5f4e4 | 0x5e6e4 | 0x1c0 |
| FindResourceA | 0x0 | 0x44b2b4 | 0x5f4e8 | 0x5e6e8 | 0x14b |
| InterlockedDecrement | 0x0 | 0x44b2b8 | 0x5f4ec | 0x5e6ec | 0x2eb |
| InterlockedIncrement | 0x0 | 0x44b2bc | 0x5f4f0 | 0x5e6f0 | 0x2ef |
| LoadResource | 0x0 | 0x44b2c0 | 0x5f4f4 | 0x5e6f4 | 0x341 |
| FreeLibrary | 0x0 | 0x44b2c4 | 0x5f4f8 | 0x5e6f8 | 0x162 |
| lstrlenA | 0x0 | 0x44b2c8 | 0x5f4fc | 0x5e6fc | 0x54d |
| GetCommandLineA | 0x0 | 0x44b2cc | 0x5f500 | 0x5e700 | 0x186 |
USER32.dll (84)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DispatchMessageA | 0x0 | 0x44b378 | 0x5f5ac | 0x5e7ac | 0xae |
| GetActiveWindow | 0x0 | 0x44b37c | 0x5f5b0 | 0x5e7b0 | 0x100 |
| LoadImageA | 0x0 | 0x44b380 | 0x5f5b4 | 0x5e7b4 | 0x1ee |
| MapWindowPoints | 0x0 | 0x44b384 | 0x5f5b8 | 0x5e7b8 | 0x209 |
| GetSystemMetrics | 0x0 | 0x44b388 | 0x5f5bc | 0x5e7bc | 0x17e |
| IsWindow | 0x0 | 0x44b38c | 0x5f5c0 | 0x5e7c0 | 0x1db |
| ClientToScreen | 0x0 | 0x44b390 | 0x5f5c4 | 0x5e7c4 | 0x47 |
| GetWindowDC | 0x0 | 0x44b394 | 0x5f5c8 | 0x5e7c8 | 0x192 |
| ShowWindow | 0x0 | 0x44b398 | 0x5f5cc | 0x5e7cc | 0x2df |
| SetWindowPos | 0x0 | 0x44b39c | 0x5f5d0 | 0x5e7d0 | 0x2c6 |
| DefWindowProcA | 0x0 | 0x44b3a0 | 0x5f5d4 | 0x5e7d4 | 0x9b |
| EndDialog | 0x0 | 0x44b3a4 | 0x5f5d8 | 0x5e7d8 | 0xda |
| GetDlgItem | 0x0 | 0x44b3a8 | 0x5f5dc | 0x5e7dc | 0x127 |
| MonitorFromWindow | 0x0 | 0x44b3ac | 0x5f5e0 | 0x5e7e0 | 0x21a |
| PeekMessageA | 0x0 | 0x44b3b0 | 0x5f5e4 | 0x5e7e4 | 0x232 |
| GetWindowLongA | 0x0 | 0x44b3b4 | 0x5f5e8 | 0x5e7e8 | 0x195 |
| SetCapture | 0x0 | 0x44b3b8 | 0x5f5ec | 0x5e7ec | 0x280 |
| DrawEdge | 0x0 | 0x44b3bc | 0x5f5f0 | 0x5e7f0 | 0xc3 |
| UnregisterClassA | 0x0 | 0x44b3c0 | 0x5f5f4 | 0x5e7f4 | 0x305 |
| SetWindowLongA | 0x0 | 0x44b3c4 | 0x5f5f8 | 0x5e7f8 | 0x2c3 |
| TranslateMessage | 0x0 | 0x44b3c8 | 0x5f5fc | 0x5e7fc | 0x2fc |
| IsDialogMessageA | 0x0 | 0x44b3cc | 0x5f600 | 0x5e800 | 0x1cc |
| GetMonitorInfoA | 0x0 | 0x44b3d0 | 0x5f604 | 0x5e804 | 0x15e |
| GetWindow | 0x0 | 0x44b3d4 | 0x5f608 | 0x5e808 | 0x18e |
| SendMessageA | 0x0 | 0x44b3d8 | 0x5f60c | 0x5e80c | 0x277 |
| GetClientRect | 0x0 | 0x44b3dc | 0x5f610 | 0x5e810 | 0x114 |
| CharNextA | 0x0 | 0x44b3e0 | 0x5f614 | 0x5e814 | 0x2f |
| GetParent | 0x0 | 0x44b3e4 | 0x5f618 | 0x5e818 | 0x164 |
| PostQuitMessage | 0x0 | 0x44b3e8 | 0x5f61c | 0x5e81c | 0x237 |
| CreateDialogParamA | 0x0 | 0x44b3ec | 0x5f620 | 0x5e820 | 0x62 |
| GetWindowRect | 0x0 | 0x44b3f0 | 0x5f624 | 0x5e824 | 0x19c |
| GetMessageA | 0x0 | 0x44b3f4 | 0x5f628 | 0x5e828 | 0x159 |
| DestroyWindow | 0x0 | 0x44b3f8 | 0x5f62c | 0x5e82c | 0xa6 |
| DispatchMessageW | 0x0 | 0x44b3fc | 0x5f630 | 0x5e830 | 0xaf |
| RegisterClassA | 0x0 | 0x44b400 | 0x5f634 | 0x5e834 | 0x24b |
| DefWindowProcW | 0x0 | 0x44b404 | 0x5f638 | 0x5e838 | 0x9c |
| SetWindowTextW | 0x0 | 0x44b408 | 0x5f63c | 0x5e83c | 0x2cb |
| GetDlgItemTextA | 0x0 | 0x44b40c | 0x5f640 | 0x5e840 | 0x129 |
| LoadCursorA | 0x0 | 0x44b410 | 0x5f644 | 0x5e844 | 0x1e8 |
| AdjustWindowRect | 0x0 | 0x44b414 | 0x5f648 | 0x5e848 | 0x2 |
| CallWindowProcA | 0x0 | 0x44b418 | 0x5f64c | 0x5e84c | 0x1d |
| DialogBoxParamA | 0x0 | 0x44b41c | 0x5f650 | 0x5e850 | 0xab |
| SetRectEmpty | 0x0 | 0x44b420 | 0x5f654 | 0x5e854 | 0x2af |
| PtInRect | 0x0 | 0x44b424 | 0x5f658 | 0x5e858 | 0x240 |
| SetDlgItemTextA | 0x0 | 0x44b428 | 0x5f65c | 0x5e85c | 0x28f |
| SetWindowTextA | 0x0 | 0x44b42c | 0x5f660 | 0x5e860 | 0x2ca |
| OffsetRect | 0x0 | 0x44b430 | 0x5f664 | 0x5e864 | 0x225 |
| ReleaseCapture | 0x0 | 0x44b434 | 0x5f668 | 0x5e868 | 0x264 |
| CopyRect | 0x0 | 0x44b438 | 0x5f66c | 0x5e86c | 0x55 |
| EndPaint | 0x0 | 0x44b43c | 0x5f670 | 0x5e870 | 0xdc |
| SetCursor | 0x0 | 0x44b440 | 0x5f674 | 0x5e874 | 0x288 |
| GetWindowTextLengthW | 0x0 | 0x44b444 | 0x5f678 | 0x5e878 | 0x1a2 |
| HideCaret | 0x0 | 0x44b448 | 0x5f67c | 0x5e87c | 0x1a9 |
| InsertMenuItemA | 0x0 | 0x44b44c | 0x5f680 | 0x5e880 | 0x1b8 |
| GetMessageW | 0x0 | 0x44b450 | 0x5f684 | 0x5e884 | 0x15d |
| RegisterClassExA | 0x0 | 0x44b454 | 0x5f688 | 0x5e888 | 0x24c |
| SendDlgItemMessageA | 0x0 | 0x44b458 | 0x5f68c | 0x5e88c | 0x272 |
| FillRect | 0x0 | 0x44b45c | 0x5f690 | 0x5e890 | 0xf6 |
| DdeAccessData | 0x0 | 0x44b460 | 0x5f694 | 0x5e894 | 0x74 |
| DrawTextA | 0x0 | 0x44b464 | 0x5f698 | 0x5e898 | 0xcd |
| GetTitleBarInfo | 0x0 | 0x44b468 | 0x5f69c | 0x5e89c | 0x183 |
| LoadIconA | 0x0 | 0x44b46c | 0x5f6a0 | 0x5e8a0 | 0x1ec |
| wsprintfA | 0x0 | 0x44b470 | 0x5f6a4 | 0x5e8a4 | 0x332 |
| SetFocus | 0x0 | 0x44b474 | 0x5f6a8 | 0x5e8a8 | 0x292 |
| BeginPaint | 0x0 | 0x44b478 | 0x5f6ac | 0x5e8ac | 0xe |
| GetDC | 0x0 | 0x44b47c | 0x5f6b0 | 0x5e8b0 | 0x121 |
| DrawStateA | 0x0 | 0x44b480 | 0x5f6b4 | 0x5e8b4 | 0xcb |
| TrackPopupMenuEx | 0x0 | 0x44b484 | 0x5f6b8 | 0x5e8b8 | 0x2f7 |
| GetAsyncKeyState | 0x0 | 0x44b488 | 0x5f6bc | 0x5e8bc | 0x107 |
| SetRect | 0x0 | 0x44b48c | 0x5f6c0 | 0x5e8c0 | 0x2ae |
| MessageBoxA | 0x0 | 0x44b490 | 0x5f6c4 | 0x5e8c4 | 0x20e |
| GetWindowTextW | 0x0 | 0x44b494 | 0x5f6c8 | 0x5e8c8 | 0x1a3 |
| CreateWindowExA | 0x0 | 0x44b498 | 0x5f6cc | 0x5e8cc | 0x6d |
| ReleaseDC | 0x0 | 0x44b49c | 0x5f6d0 | 0x5e8d0 | 0x265 |
| SetClassLongA | 0x0 | 0x44b4a0 | 0x5f6d4 | 0x5e8d4 | 0x283 |
| GetSysColor | 0x0 | 0x44b4a4 | 0x5f6d8 | 0x5e8d8 | 0x17b |
| GetCursorPos | 0x0 | 0x44b4a8 | 0x5f6dc | 0x5e8dc | 0x120 |
| CheckDlgButton | 0x0 | 0x44b4ac | 0x5f6e0 | 0x5e8e0 | 0x3e |
| GetSysColorBrush | 0x0 | 0x44b4b0 | 0x5f6e4 | 0x5e8e4 | 0x17c |
| IsDlgButtonChecked | 0x0 | 0x44b4b4 | 0x5f6e8 | 0x5e8e8 | 0x1ce |
| GetClassInfoA | 0x0 | 0x44b4b8 | 0x5f6ec | 0x5e8ec | 0x10b |
| PostMessageA | 0x0 | 0x44b4bc | 0x5f6f0 | 0x5e8f0 | 0x235 |
| CreateWindowExW | 0x0 | 0x44b4c0 | 0x5f6f4 | 0x5e8f4 | 0x6e |
| SystemParametersInfoA | 0x0 | 0x44b4c4 | 0x5f6f8 | 0x5e8f8 | 0x2eb |
GDI32.dll (33)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| Ellipse | 0x0 | 0x44b06c | 0x5f2a0 | 0x5e4a0 | 0xed |
| SaveDC | 0x0 | 0x44b070 | 0x5f2a4 | 0x5e4a4 | 0x270 |
| GetObjectType | 0x0 | 0x44b074 | 0x5f2a8 | 0x5e4a8 | 0x1fc |
| SetPixelV | 0x0 | 0x44b078 | 0x5f2ac | 0x5e4ac | 0x29d |
| CreatePen | 0x0 | 0x44b07c | 0x5f2b0 | 0x5e4b0 | 0x4b |
| RestoreDC | 0x0 | 0x44b080 | 0x5f2b4 | 0x5e4b4 | 0x269 |
| CreateSolidBrush | 0x0 | 0x44b084 | 0x5f2b8 | 0x5e4b8 | 0x54 |
| GetBrushOrgEx | 0x0 | 0x44b088 | 0x5f2bc | 0x5e4bc | 0x1ad |
| BitBlt | 0x0 | 0x44b08c | 0x5f2c0 | 0x5e4c0 | 0x13 |
| CancelDC | 0x0 | 0x44b090 | 0x5f2c4 | 0x5e4c4 | 0x17 |
| GetTextExtentPoint32A | 0x0 | 0x44b094 | 0x5f2c8 | 0x5e4c8 | 0x21d |
| SetTextColor | 0x0 | 0x44b098 | 0x5f2cc | 0x5e4cc | 0x2a6 |
| DeleteDC | 0x0 | 0x44b09c | 0x5f2d0 | 0x5e4d0 | 0xe3 |
| CreateDIBSection | 0x0 | 0x44b0a0 | 0x5f2d4 | 0x5e4d4 | 0x35 |
| GetDeviceCaps | 0x0 | 0x44b0a4 | 0x5f2d8 | 0x5e4d8 | 0x1cb |
| CreateFontIndirectA | 0x0 | 0x44b0a8 | 0x5f2dc | 0x5e4dc | 0x3d |
| SetBrushOrgEx | 0x0 | 0x44b0ac | 0x5f2e0 | 0x5e4e0 | 0x282 |
| SetBkColor | 0x0 | 0x44b0b0 | 0x5f2e4 | 0x5e4e4 | 0x27e |
| CreatePalette | 0x0 | 0x44b0b4 | 0x5f2e8 | 0x5e4e8 | 0x49 |
| CreateBitmap | 0x0 | 0x44b0b8 | 0x5f2ec | 0x5e4ec | 0x29 |
| DeleteObject | 0x0 | 0x44b0bc | 0x5f2f0 | 0x5e4f0 | 0xe6 |
| SelectObject | 0x0 | 0x44b0c0 | 0x5f2f4 | 0x5e4f4 | 0x277 |
| CreateCompatibleDC | 0x0 | 0x44b0c4 | 0x5f2f8 | 0x5e4f8 | 0x30 |
| DPtoLP | 0x0 | 0x44b0c8 | 0x5f2fc | 0x5e4fc | 0xa4 |
| SetMapMode | 0x0 | 0x44b0cc | 0x5f300 | 0x5e500 | 0x294 |
| CreateCompatibleBitmap | 0x0 | 0x44b0d0 | 0x5f304 | 0x5e504 | 0x2f |
| GetMapMode | 0x0 | 0x44b0d4 | 0x5f308 | 0x5e508 | 0x1f0 |
| ExtTextOutW | 0x0 | 0x44b0d8 | 0x5f30c | 0x5e50c | 0x138 |
| CreatePatternBrush | 0x0 | 0x44b0dc | 0x5f310 | 0x5e510 | 0x4a |
| SetTextAlign | 0x0 | 0x44b0e0 | 0x5f314 | 0x5e514 | 0x2a4 |
| GetObjectA | 0x0 | 0x44b0e4 | 0x5f318 | 0x5e518 | 0x1fb |
| GetStockObject | 0x0 | 0x44b0e8 | 0x5f31c | 0x5e51c | 0x20d |
| Rectangle | 0x0 | 0x44b0ec | 0x5f320 | 0x5e520 | 0x25f |
COMDLG32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetOpenFileNameA | 0x0 | 0x44b060 | 0x5f294 | 0x5e494 | 0xb |
| GetSaveFileNameA | 0x0 | 0x44b064 | 0x5f298 | 0x5e498 | 0xd |
ADVAPI32.dll (18)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| OpenEventLogA | 0x0 | 0x44b008 | 0x5f23c | 0x5e43c | 0x1f5 |
| CryptGenKey | 0x0 | 0x44b00c | 0x5f240 | 0x5e440 | 0xc0 |
| CryptGenRandom | 0x0 | 0x44b010 | 0x5f244 | 0x5e444 | 0xc1 |
| GetNumberOfEventLogRecords | 0x0 | 0x44b014 | 0x5f248 | 0x5e448 | 0x143 |
| GetOldestEventLogRecord | 0x0 | 0x44b018 | 0x5f24c | 0x5e44c | 0x144 |
| CryptReleaseContext | 0x0 | 0x44b01c | 0x5f250 | 0x5e450 | 0xcb |
| RevertToSelf | 0x0 | 0x44b020 | 0x5f254 | 0x5e454 | 0x290 |
| RegDeleteValueA | 0x0 | 0x44b024 | 0x5f258 | 0x5e458 | 0x247 |
| RegOpenKeyExA | 0x0 | 0x44b028 | 0x5f25c | 0x5e45c | 0x260 |
| RegCreateKeyExA | 0x0 | 0x44b02c | 0x5f260 | 0x5e460 | 0x238 |
| RegEnumKeyExA | 0x0 | 0x44b030 | 0x5f264 | 0x5e464 | 0x24e |
| RegDeleteKeyA | 0x0 | 0x44b034 | 0x5f268 | 0x5e468 | 0x23d |
| RegQueryInfoKeyW | 0x0 | 0x44b038 | 0x5f26c | 0x5e46c | 0x268 |
| RegSetValueExA | 0x0 | 0x44b03c | 0x5f270 | 0x5e470 | 0x27d |
| SetThreadToken | 0x0 | 0x44b040 | 0x5f274 | 0x5e474 | 0x2c1 |
| RegCloseKey | 0x0 | 0x44b044 | 0x5f278 | 0x5e478 | 0x230 |
| CryptAcquireContextA | 0x0 | 0x44b048 | 0x5f27c | 0x5e47c | 0xb0 |
| OpenThreadToken | 0x0 | 0x44b04c | 0x5f280 | 0x5e480 | 0x1fc |
SHELL32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SHGetPathFromIDListA | 0x0 | 0x44b368 | 0x5f59c | 0x5e79c | 0xd5 |
| SHBrowseForFolderA | 0x0 | 0x44b36c | 0x5f5a0 | 0x5e7a0 | 0x7a |
| SHGetMalloc | 0x0 | 0x44b370 | 0x5f5a4 | 0x5e7a4 | 0xcf |
ole32.dll (7)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CLSIDFromProgID | 0x0 | 0x44b538 | 0x5f76c | 0x5e96c | 0x6 |
| CoTaskMemAlloc | 0x0 | 0x44b53c | 0x5f770 | 0x5e970 | 0x67 |
| CoTaskMemFree | 0x0 | 0x44b540 | 0x5f774 | 0x5e974 | 0x68 |
| CoInitialize | 0x0 | 0x44b544 | 0x5f778 | 0x5e978 | 0x3e |
| CoTaskMemRealloc | 0x0 | 0x44b548 | 0x5f77c | 0x5e97c | 0x69 |
| CoUninitialize | 0x0 | 0x44b54c | 0x5f780 | 0x5e980 | 0x6c |
| CoCreateInstance | 0x0 | 0x44b550 | 0x5f784 | 0x5e984 | 0x10 |
OLEAUT32.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SysAllocStringLen | 0x4 | 0x44b310 | 0x5f544 | 0x5e744 | - |
| VariantInit | 0x8 | 0x44b314 | 0x5f548 | 0x5e748 | - |
| SysAllocString | 0x2 | 0x44b318 | 0x5f54c | 0x5e74c | - |
| SysFreeString | 0x6 | 0x44b31c | 0x5f550 | 0x5e750 | - |
| VarUI4FromStr | 0x115 | 0x44b320 | 0x5f554 | 0x5e754 | - |
ODBC32.dll (14)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| (by ordinal) | 0xb | 0x44b2d4 | 0x5f508 | 0x5e708 | - |
| (by ordinal) | 0x9 | 0x44b2d8 | 0x5f50c | 0x5e70c | - |
| (by ordinal) | 0xd | 0x44b2dc | 0x5f510 | 0x5e710 | - |
| (by ordinal) | 0x1a | 0x44b2e0 | 0x5f514 | 0x5e714 | - |
| (by ordinal) | 0x27 | 0x44b2e4 | 0x5f518 | 0x5e718 | - |
| (by ordinal) | 0x48 | 0x44b2e8 | 0x5f51c | 0x5e71c | - |
| (by ordinal) | 0x1f | 0x44b2ec | 0x5f520 | 0x5e720 | - |
| (by ordinal) | 0x18 | 0x44b2f0 | 0x5f524 | 0x5e724 | - |
| (by ordinal) | 0x29 | 0x44b2f4 | 0x5f528 | 0x5e728 | - |
| (by ordinal) | 0x2b | 0x44b2f8 | 0x5f52c | 0x5e72c | - |
| (by ordinal) | 0x13 | 0x44b2fc | 0x5f530 | 0x5e730 | - |
| (by ordinal) | 0x88 | 0x44b300 | 0x5f534 | 0x5e734 | - |
| (by ordinal) | 0x4b | 0x44b304 | 0x5f538 | 0x5e738 | - |
| (by ordinal) | 0xc | 0x44b308 | 0x5f53c | 0x5e73c | - |
COMCTL32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ImageList_GetIconSize | 0x0 | 0x44b054 | 0x5f288 | 0x5e488 | 0x63 |
| InitCommonControlsEx | 0x0 | 0x44b058 | 0x5f28c | 0x5e48c | 0x7b |
OPENGL32.dll (15)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| glShadeModel | 0x0 | 0x44b328 | 0x5f55c | 0x5e75c | 0x104 |
| glVertex3f | 0x0 | 0x44b32c | 0x5f560 | 0x5e760 | 0x147 |
| glBegin | 0x0 | 0x44b330 | 0x5f564 | 0x5e764 | 0xa |
| glViewport | 0x0 | 0x44b334 | 0x5f568 | 0x5e768 | 0x156 |
| glLightfv | 0x0 | 0x44b338 | 0x5f56c | 0x5e76c | 0x9e |
| glEnable | 0x0 | 0x44b33c | 0x5f570 | 0x5e770 | 0x4f |
| glColor3f | 0x0 | 0x44b340 | 0x5f574 | 0x5e774 | 0x1b |
| glLoadIdentity | 0x0 | 0x44b344 | 0x5f578 | 0x5e778 | 0xa4 |
| glMatrixMode | 0x0 | 0x44b348 | 0x5f57c | 0x5e77c | 0xb5 |
| glVertex2d | 0x0 | 0x44b34c | 0x5f580 | 0x5e780 | 0x13d |
| glEnd | 0x0 | 0x44b350 | 0x5f584 | 0x5e784 | 0x51 |
| glPointSize | 0x0 | 0x44b354 | 0x5f588 | 0x5e788 | 0xce |
| glClear | 0x0 | 0x44b358 | 0x5f58c | 0x5e78c | 0x10 |
| glClearColor | 0x0 | 0x44b35c | 0x5f590 | 0x5e790 | 0x12 |
| glOrtho | 0x0 | 0x44b360 | 0x5f594 | 0x5e794 | 0xc4 |
GLU32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| gluLookAt | 0x0 | 0x44b0f4 | 0x5f328 | 0x5e528 | 0x15 |
WININET.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| InternetOpenA | 0x0 | 0x44b4cc | 0x5f700 | 0x5e900 | 0x97 |
| InternetConnectA | 0x0 | 0x44b4d0 | 0x5f704 | 0x5e904 | 0x71 |
WINMM.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| waveOutOpen | 0x0 | 0x44b4d8 | 0x5f70c | 0x5e90c | 0xb4 |
| waveInAddBuffer | 0x0 | 0x44b4dc | 0x5f710 | 0x5e910 | 0x97 |
| waveInOpen | 0x0 | 0x44b4e0 | 0x5f714 | 0x5e914 | 0xa1 |
| waveInPrepareHeader | 0x0 | 0x44b4e4 | 0x5f718 | 0x5e918 | 0xa2 |
ACTIVEDS.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| (by ordinal) | 0x3 | 0x44b000 | 0x5f234 | 0x5e434 | - |
pdh.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| PdhCollectQueryData | 0x0 | 0x44b558 | 0x5f78c | 0x5e98c | 0x10 |
| PdhOpenQueryA | 0x0 | 0x44b55c | 0x5f790 | 0x5e990 | 0x53 |
| PdhCloseQuery | 0x0 | 0x44b560 | 0x5f794 | 0x5e994 | 0xf |
| PdhAddCounterW | 0x0 | 0x44b564 | 0x5f798 | 0x5e998 | 0x3 |
| PdhGetFormattedCounterValue | 0x0 | 0x44b568 | 0x5f79c | 0x5e99c | 0x3f |
gdiplus.dll (18)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GdipDisposeImage | 0x0 | 0x44b4ec | 0x5f720 | 0x5e920 | 0x98 |
| GdipAlloc | 0x0 | 0x44b4f0 | 0x5f724 | 0x5e924 | 0x21 |
| GdipCreateSolidFill | 0x0 | 0x44b4f4 | 0x5f728 | 0x5e928 | 0x82 |
| GdipDeleteFontFamily | 0x0 | 0x44b4f8 | 0x5f72c | 0x5e92c | 0x8f |
| GdipFlush | 0x0 | 0x44b4fc | 0x5f730 | 0x5e930 | 0xec |
| GdipCreateFont | 0x0 | 0x44b500 | 0x5f734 | 0x5e934 | 0x56 |
| GdipCreateFromHDC2 | 0x0 | 0x44b504 | 0x5f738 | 0x5e938 | 0x5c |
| GdipDeleteFont | 0x0 | 0x44b508 | 0x5f73c | 0x5e93c | 0x8e |
| GdipCloneBrush | 0x0 | 0x44b50c | 0x5f740 | 0x5e940 | 0x32 |
| GdipFree | 0x0 | 0x44b510 | 0x5f744 | 0x5e944 | 0xed |
| GdipDeleteBrush | 0x0 | 0x44b514 | 0x5f748 | 0x5e948 | 0x8a |
| GdipCreateBitmapFromHBITMAP | 0x0 | 0x44b518 | 0x5f74c | 0x5e94c | 0x4d |
| GdipDrawString | 0x0 | 0x44b51c | 0x5f750 | 0x5e950 | 0xc8 |
| GdipCreateFontFamilyFromName | 0x0 | 0x44b520 | 0x5f754 | 0x5e954 | 0x57 |
| GdipSaveImageToFile | 0x0 | 0x44b524 | 0x5f758 | 0x5e958 | 0x1f0 |
| GdipCloneImage | 0x0 | 0x44b528 | 0x5f75c | 0x5e95c | 0x36 |
| GdiplusStartup | 0x0 | 0x44b52c | 0x5f760 | 0x5e960 | 0x275 |
| GdipDeleteGraphics | 0x0 | 0x44b530 | 0x5f764 | 0x5e964 | 0x90 |
IMM32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ImmAssociateContext | 0x0 | 0x44b0fc | 0x5f330 | 0x5e530 | 0x18 |
urlmon.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ObtainUserAgentString | 0x0 | 0x44b570 | 0x5f7a4 | 0x5e9a4 | 0x54 |
Icons (1)
»
| C:\Users\CIIHMN~1\AppData\Local\Temp\AC4C\ADA6.bat | Created File | Text |
Unknown
|
...
|
»
| Mime Type | text/plain |
| File Size | 0.11 KB |
| MD5 |
6afb328a2dcc48343e0f9121f3cc8f23
|
| SHA1 |
a6e1f8ef590b1ec7d1b4fbd49cb687ccf2a2956f
|
| SHA256 |
d09d895a8e60365092c3c0343815a77442caab9ac5b827a05fa8c874e882c180
|
| SSDeep |
3:ZMvMZLK6OWRNfeUeDGWmngU64vHXMJATkUExMv1GWl+n:yUrRheiWkvvHXMJ2d/sWIn
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\adsldraw\autoclb.exe | Created File | Stream |
Unknown
|
...
|
»
| Mime Type | application/octet-stream |
| File Size | 1.11 MB |
| MD5 |
cac6528c8599238058c70902d8699e11
|
| SHA1 |
4b562bb710833310a5619f2f4486d01880265fc1
|
| SHA256 |
c88ddb4bc057412ffe3421a2de51dfc035b90467cb1720d9939dc8f5f467b60f
|
| SSDeep |
24576:sjgCLkNHOU+dS88agRuBvYS3EXiCOLIKmV5rw:sjgvfR/HdCmXE
|
