VTI SCORE: 95/100
Dynamic Analysis Report |
Classification: Trojan, Keylogger, Spyware |
51bc32788b49aca2384cd07dce9f8ac63f07f52c27cf33c938e01c64c374eee4 (SHA256)
worldtime.exe
Windows Exe (x86-32)
Created at 2018-10-30 17:02:00
Notifications (2/2)
The operating system was rebooted during the analysis.
This is a filtered view
This list contains only the embedded files and created files
Filters: |
There are no files for this filter
There are no files in this analysis
Filename | Category | Type | Severity | Actions |
---|
C:\Users\CIiHmnxMn6Ps\Desktop\worldtime.exe | Sample File | Binary |
Suspicious
|
...
|
»
File Reputation Information
»
Severity |
Suspicious
|
First Seen | 2018-10-30 11:04 (UTC+1) |
Last Seen | 2018-10-30 11:10 (UTC+1) |
Names | Win32.Trojan.Genkryptik |
Families | Genkryptik |
Classification | Trojan |
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x419530 |
Size Of Code | 0x40a00 |
Size Of Initialized Data | 0x10aa00 |
File Type | executable |
Subsystem | windows_gui |
Machine Type | i386 |
Compile Timestamp | 2018-10-30 04:06:32+00:00 |
Version Information (8)
»
LegalCopyright | Copyright ©McAfee, Inc.. 1999 - 2014 |
FileVersion | 5.6.6.4 |
CompanyName | McAfee, Inc. |
LegalTrademarks | Copyright ©McAfee, Inc.. 1999 - 2014 |
Comments | Copya Migrate Plitics Variety Confliction |
ProductName | Trivial County |
ProductVersion | 5.6.6.4 |
FileDescription | Copya Migrate Plitics Variety Confliction |
Sections (4)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x401000 | 0x40861 | 0x40a00 | 0x400 | cnt_code, mem_execute, mem_read | 6.45 |
.rdata | 0x442000 | 0xfd4f | 0xfe00 | 0x40e00 | cnt_initialized_data, mem_read | 4.99 |
.data | 0x452000 | 0x3c0c | 0x1e00 | 0x50c00 | cnt_initialized_data, mem_read, mem_write | 4.07 |
.rsrc | 0x456000 | 0xf8c84 | 0xf8e00 | 0x52a00 | cnt_initialized_data, mem_read | 7.9 |
Imports (10)
»
KERNEL32.dll (106)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GlobalFree | 0x0 | 0x442070 | 0x50bd8 | 0x4f9d8 | 0x28c |
GetModuleFileNameA | 0x0 | 0x442074 | 0x50bdc | 0x4f9dc | 0x1f4 |
GetModuleHandleA | 0x0 | 0x442078 | 0x50be0 | 0x4f9e0 | 0x1f6 |
LoadLibraryExA | 0x0 | 0x44207c | 0x50be4 | 0x4f9e4 | 0x2f2 |
DeleteCriticalSection | 0x0 | 0x442080 | 0x50be8 | 0x4f9e8 | 0xbe |
GetCurrentThreadId | 0x0 | 0x442084 | 0x50bec | 0x4f9ec | 0x1ad |
LocalFree | 0x0 | 0x442088 | 0x50bf0 | 0x4f9f0 | 0x2fd |
FlushInstructionCache | 0x0 | 0x44208c | 0x50bf4 | 0x4f9f4 | 0x142 |
lstrlenW | 0x0 | 0x442090 | 0x50bf8 | 0x4f9f8 | 0x4b6 |
MultiByteToWideChar | 0x0 | 0x442094 | 0x50bfc | 0x4f9fc | 0x31a |
SetEndOfFile | 0x0 | 0x442098 | 0x50c00 | 0x4fa00 | 0x3cd |
GetConsoleOutputCP | 0x0 | 0x44209c | 0x50c04 | 0x4fa04 | 0x199 |
WriteConsoleA | 0x0 | 0x4420a0 | 0x50c08 | 0x4fa08 | 0x482 |
FlushFileBuffers | 0x0 | 0x4420a4 | 0x50c0c | 0x4fa0c | 0x141 |
SetStdHandle | 0x0 | 0x4420a8 | 0x50c10 | 0x4fa10 | 0x3fc |
CreateFileA | 0x0 | 0x4420ac | 0x50c14 | 0x4fa14 | 0x78 |
GetLocaleInfoA | 0x0 | 0x4420b0 | 0x50c18 | 0x4fa18 | 0x1e8 |
GetStringTypeW | 0x0 | 0x4420b4 | 0x50c1c | 0x4fa1c | 0x240 |
GetStringTypeA | 0x0 | 0x4420b8 | 0x50c20 | 0x4fa20 | 0x23d |
LCMapStringW | 0x0 | 0x4420bc | 0x50c24 | 0x4fa24 | 0x2e3 |
LCMapStringA | 0x0 | 0x4420c0 | 0x50c28 | 0x4fa28 | 0x2e1 |
GetConsoleMode | 0x0 | 0x4420c4 | 0x50c2c | 0x4fa2c | 0x195 |
EnterCriticalSection | 0x0 | 0x4420c8 | 0x50c30 | 0x4fa30 | 0xd9 |
GetEnvironmentStringsW | 0x0 | 0x4420cc | 0x50c34 | 0x4fa34 | 0x1c1 |
FreeEnvironmentStringsW | 0x0 | 0x4420d0 | 0x50c38 | 0x4fa38 | 0x14b |
GetEnvironmentStrings | 0x0 | 0x4420d4 | 0x50c3c | 0x4fa3c | 0x1bf |
FreeEnvironmentStringsA | 0x0 | 0x4420d8 | 0x50c40 | 0x4fa40 | 0x14a |
LoadLibraryW | 0x0 | 0x4420dc | 0x50c44 | 0x4fa44 | 0x2f4 |
WriteConsoleW | 0x0 | 0x4420e0 | 0x50c48 | 0x4fa48 | 0x48c |
IsDBCSLeadByte | 0x0 | 0x4420e4 | 0x50c4c | 0x4fa4c | 0x2cf |
SetFilePointer | 0x0 | 0x4420e8 | 0x50c50 | 0x4fa50 | 0x3df |
ReadFile | 0x0 | 0x4420ec | 0x50c54 | 0x4fa54 | 0x368 |
HeapCreate | 0x0 | 0x4420f0 | 0x50c58 | 0x4fa58 | 0x29f |
HeapDestroy | 0x0 | 0x4420f4 | 0x50c5c | 0x4fa5c | 0x2a0 |
HeapReAlloc | 0x0 | 0x4420f8 | 0x50c60 | 0x4fa60 | 0x2a4 |
HeapSize | 0x0 | 0x4420fc | 0x50c64 | 0x4fa64 | 0x2a6 |
RtlUnwind | 0x0 | 0x442100 | 0x50c68 | 0x4fa68 | 0x392 |
GetFileType | 0x0 | 0x442104 | 0x50c6c | 0x4fa6c | 0x1d7 |
SetHandleCount | 0x0 | 0x442108 | 0x50c70 | 0x4fa70 | 0x3e8 |
InitializeCriticalSectionAndSpinCount | 0x0 | 0x44210c | 0x50c74 | 0x4fa74 | 0x2b5 |
IsValidCodePage | 0x0 | 0x442110 | 0x50c78 | 0x4fa78 | 0x2db |
GetCPInfo | 0x0 | 0x442114 | 0x50c7c | 0x4fa7c | 0x15b |
GetOEMCP | 0x0 | 0x442118 | 0x50c80 | 0x4fa80 | 0x213 |
GetACP | 0x0 | 0x44211c | 0x50c84 | 0x4fa84 | 0x152 |
GetStdHandle | 0x0 | 0x442120 | 0x50c88 | 0x4fa88 | 0x23b |
WriteFile | 0x0 | 0x442124 | 0x50c8c | 0x4fa8c | 0x48d |
TlsFree | 0x0 | 0x442128 | 0x50c90 | 0x4fa90 | 0x433 |
TlsSetValue | 0x0 | 0x44212c | 0x50c94 | 0x4fa94 | 0x435 |
TlsAlloc | 0x0 | 0x442130 | 0x50c98 | 0x4fa98 | 0x432 |
TlsGetValue | 0x0 | 0x442134 | 0x50c9c | 0x4fa9c | 0x434 |
GetStartupInfoA | 0x0 | 0x442138 | 0x50ca0 | 0x4faa0 | 0x239 |
GetCommandLineA | 0x0 | 0x44213c | 0x50ca4 | 0x4faa4 | 0x16f |
GetSystemTimeAsFileTime | 0x0 | 0x442140 | 0x50ca8 | 0x4faa8 | 0x24f |
IsBadReadPtr | 0x0 | 0x442144 | 0x50cac | 0x4faac | 0x2c8 |
HeapValidate | 0x0 | 0x442148 | 0x50cb0 | 0x4fab0 | 0x2a9 |
VirtualAlloc | 0x0 | 0x44214c | 0x50cb4 | 0x4fab4 | 0x454 |
GetProcAddress | 0x0 | 0x442150 | 0x50cb8 | 0x4fab8 | 0x220 |
lstrcmpiA | 0x0 | 0x442154 | 0x50cbc | 0x4fabc | 0x4ac |
SetLastError | 0x0 | 0x442158 | 0x50cc0 | 0x4fac0 | 0x3ec |
GetLastError | 0x0 | 0x44215c | 0x50cc4 | 0x4fac4 | 0x1e6 |
GetConsoleCP | 0x0 | 0x442160 | 0x50cc8 | 0x4fac8 | 0x183 |
RaiseException | 0x0 | 0x442164 | 0x50ccc | 0x4facc | 0x35a |
LeaveCriticalSection | 0x0 | 0x442168 | 0x50cd0 | 0x4fad0 | 0x2ef |
SizeofResource | 0x0 | 0x44216c | 0x50cd4 | 0x4fad4 | 0x420 |
Sleep | 0x0 | 0x442170 | 0x50cd8 | 0x4fad8 | 0x421 |
WideCharToMultiByte | 0x0 | 0x442174 | 0x50cdc | 0x4fadc | 0x47a |
GlobalAlloc | 0x0 | 0x442178 | 0x50ce0 | 0x4fae0 | 0x285 |
InitializeCriticalSection | 0x0 | 0x44217c | 0x50ce4 | 0x4fae4 | 0x2b4 |
GetTickCount | 0x0 | 0x442180 | 0x50ce8 | 0x4fae8 | 0x266 |
SetTapeParameters | 0x0 | 0x442184 | 0x50cec | 0x4faec | 0x402 |
QueryPerformanceCounter | 0x0 | 0x442188 | 0x50cf0 | 0x4faf0 | 0x354 |
GetCurrentProcess | 0x0 | 0x44218c | 0x50cf4 | 0x4faf4 | 0x1a9 |
InterlockedDecrement | 0x0 | 0x442190 | 0x50cf8 | 0x4faf8 | 0x2bc |
InterlockedIncrement | 0x0 | 0x442194 | 0x50cfc | 0x4fafc | 0x2c0 |
VirtualQuery | 0x0 | 0x442198 | 0x50d00 | 0x4fb00 | 0x45c |
VirtualProtect | 0x0 | 0x44219c | 0x50d04 | 0x4fb04 | 0x45a |
IsDebuggerPresent | 0x0 | 0x4421a0 | 0x50d08 | 0x4fb08 | 0x2d1 |
SetUnhandledExceptionFilter | 0x0 | 0x4421a4 | 0x50d0c | 0x4fb0c | 0x415 |
UnhandledExceptionFilter | 0x0 | 0x4421a8 | 0x50d10 | 0x4fb10 | 0x43e |
TerminateProcess | 0x0 | 0x4421ac | 0x50d14 | 0x4fb14 | 0x42d |
ExitProcess | 0x0 | 0x4421b0 | 0x50d18 | 0x4fb18 | 0x104 |
GetModuleHandleW | 0x0 | 0x4421b4 | 0x50d1c | 0x4fb1c | 0x1f9 |
GetProcessHeap | 0x0 | 0x4421b8 | 0x50d20 | 0x4fb20 | 0x223 |
HeapAlloc | 0x0 | 0x4421bc | 0x50d24 | 0x4fb24 | 0x29d |
VirtualFree | 0x0 | 0x4421c0 | 0x50d28 | 0x4fb28 | 0x457 |
GetCurrentProcessId | 0x0 | 0x4421c4 | 0x50d2c | 0x4fb2c | 0x1aa |
OutputDebugStringW | 0x0 | 0x4421c8 | 0x50d30 | 0x4fb30 | 0x33b |
OutputDebugStringA | 0x0 | 0x4421cc | 0x50d34 | 0x4fb34 | 0x33a |
OpenEventA | 0x0 | 0x4421d0 | 0x50d38 | 0x4fb38 | 0x327 |
SetEvent | 0x0 | 0x4421d4 | 0x50d3c | 0x4fb3c | 0x3d3 |
CloseHandle | 0x0 | 0x4421d8 | 0x50d40 | 0x4fb40 | 0x43 |
LoadResource | 0x0 | 0x4421dc | 0x50d44 | 0x4fb44 | 0x2f6 |
FreeLibrary | 0x0 | 0x4421e0 | 0x50d48 | 0x4fb48 | 0x14c |
lstrlenA | 0x0 | 0x4421e4 | 0x50d4c | 0x4fb4c | 0x4b5 |
DebugBreak | 0x0 | 0x4421e8 | 0x50d50 | 0x4fb50 | 0xb4 |
FindResourceA | 0x0 | 0x4421ec | 0x50d54 | 0x4fb54 | 0x136 |
LoadLibraryA | 0x0 | 0x4421f0 | 0x50d58 | 0x4fb58 | 0x2f1 |
IsProcessorFeaturePresent | 0x0 | 0x4421f4 | 0x50d5c | 0x4fb5c | 0x2d5 |
GetCurrentThread | 0x0 | 0x4421f8 | 0x50d60 | 0x4fb60 | 0x1ac |
CreateFileMappingA | 0x0 | 0x4421fc | 0x50d64 | 0x4fb64 | 0x79 |
MapViewOfFile | 0x0 | 0x442200 | 0x50d68 | 0x4fb68 | 0x30a |
GetSystemInfo | 0x0 | 0x442204 | 0x50d6c | 0x4fb6c | 0x249 |
UnmapViewOfFile | 0x0 | 0x442208 | 0x50d70 | 0x4fb70 | 0x441 |
GetModuleFileNameW | 0x0 | 0x44220c | 0x50d74 | 0x4fb74 | 0x1f5 |
InterlockedCompareExchange | 0x0 | 0x442210 | 0x50d78 | 0x4fb78 | 0x2ba |
HeapFree | 0x0 | 0x442214 | 0x50d7c | 0x4fb7c | 0x2a1 |
USER32.dll (56)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetWindow | 0x0 | 0x442244 | 0x50dac | 0x4fbac | 0x17d |
CopyRect | 0x0 | 0x442248 | 0x50db0 | 0x4fbb0 | 0x4f |
DrawFrameControl | 0x0 | 0x44224c | 0x50db4 | 0x4fbb4 | 0xbe |
DestroyIcon | 0x0 | 0x442250 | 0x50db8 | 0x4fbb8 | 0x9d |
DialogBoxParamA | 0x0 | 0x442254 | 0x50dbc | 0x4fbbc | 0xa5 |
GetDlgCtrlID | 0x0 | 0x442258 | 0x50dc0 | 0x4fbc0 | 0x11e |
DestroyMenu | 0x0 | 0x44225c | 0x50dc4 | 0x4fbc4 | 0x9e |
CallWindowProcA | 0x0 | 0x442260 | 0x50dc8 | 0x4fbc8 | 0x1c |
ClientToScreen | 0x0 | 0x442264 | 0x50dcc | 0x4fbcc | 0x45 |
DestroyWindow | 0x0 | 0x442268 | 0x50dd0 | 0x4fbd0 | 0xa0 |
GetNextDlgGroupItem | 0x0 | 0x44226c | 0x50dd4 | 0x4fbd4 | 0x152 |
GetWindowRect | 0x0 | 0x442270 | 0x50dd8 | 0x4fbd8 | 0x188 |
IsMenu | 0x0 | 0x442274 | 0x50ddc | 0x4fbdc | 0x1be |
InsertMenuItemA | 0x0 | 0x442278 | 0x50de0 | 0x4fbe0 | 0x1a4 |
MonitorFromPoint | 0x0 | 0x44227c | 0x50de4 | 0x4fbe4 | 0x202 |
TrackPopupMenu | 0x0 | 0x442280 | 0x50de8 | 0x4fbe8 | 0x2cf |
FillRect | 0x0 | 0x442284 | 0x50dec | 0x4fbec | 0xef |
GetSubMenu | 0x0 | 0x442288 | 0x50df0 | 0x4fbf0 | 0x16b |
CopyImage | 0x0 | 0x44228c | 0x50df4 | 0x4fbf4 | 0x4e |
GetParent | 0x0 | 0x442290 | 0x50df8 | 0x4fbf8 | 0x155 |
LoadMenuA | 0x0 | 0x442294 | 0x50dfc | 0x4fbfc | 0x1de |
LoadIconA | 0x0 | 0x442298 | 0x50e00 | 0x4fc00 | 0x1d6 |
CharNextA | 0x0 | 0x44229c | 0x50e04 | 0x4fc04 | 0x2d |
GetClientRect | 0x0 | 0x4422a0 | 0x50e08 | 0x4fc08 | 0x10d |
SetFocus | 0x0 | 0x4422a4 | 0x50e0c | 0x4fc0c | 0x279 |
SendMessageA | 0x0 | 0x4422a8 | 0x50e10 | 0x4fc10 | 0x25e |
GetMonitorInfoA | 0x0 | 0x4422ac | 0x50e14 | 0x4fc14 | 0x14f |
DrawFocusRect | 0x0 | 0x4422b0 | 0x50e18 | 0x4fc18 | 0xbc |
InflateRect | 0x0 | 0x4422b4 | 0x50e1c | 0x4fc1c | 0x1a1 |
GetForegroundWindow | 0x0 | 0x4422b8 | 0x50e20 | 0x4fc20 | 0x125 |
DrawStateA | 0x0 | 0x4422bc | 0x50e24 | 0x4fc24 | 0xc3 |
GetWindowTextA | 0x0 | 0x4422c0 | 0x50e28 | 0x4fc28 | 0x18c |
SetWindowLongA | 0x0 | 0x4422c4 | 0x50e2c | 0x4fc2c | 0x2a4 |
MessageBoxA | 0x0 | 0x4422c8 | 0x50e30 | 0x4fc30 | 0x1f8 |
UnregisterClassA | 0x0 | 0x4422cc | 0x50e34 | 0x4fc34 | 0x2de |
GetWindowLongA | 0x0 | 0x4422d0 | 0x50e38 | 0x4fc38 | 0x181 |
PeekMessageA | 0x0 | 0x4422d4 | 0x50e3c | 0x4fc3c | 0x21b |
MonitorFromWindow | 0x0 | 0x4422d8 | 0x50e40 | 0x4fc40 | 0x204 |
GetDlgItem | 0x0 | 0x4422dc | 0x50e44 | 0x4fc44 | 0x11f |
EndDialog | 0x0 | 0x4422e0 | 0x50e48 | 0x4fc48 | 0xd3 |
DefWindowProcA | 0x0 | 0x4422e4 | 0x50e4c | 0x4fc4c | 0x95 |
RedrawWindow | 0x0 | 0x4422e8 | 0x50e50 | 0x4fc50 | 0x232 |
GetSysColor | 0x0 | 0x4422ec | 0x50e54 | 0x4fc54 | 0x16c |
SetWindowPos | 0x0 | 0x4422f0 | 0x50e58 | 0x4fc58 | 0x2a7 |
GetCursorPos | 0x0 | 0x4422f4 | 0x50e5c | 0x4fc5c | 0x119 |
GetSysColorBrush | 0x0 | 0x4422f8 | 0x50e60 | 0x4fc60 | 0x16d |
FrameRect | 0x0 | 0x4422fc | 0x50e64 | 0x4fc64 | 0xf6 |
EnumDesktopsA | 0x0 | 0x442300 | 0x50e68 | 0x4fc68 | 0xdb |
GetActiveWindow | 0x0 | 0x442304 | 0x50e6c | 0x4fc6c | 0xf9 |
IsWindow | 0x0 | 0x442308 | 0x50e70 | 0x4fc70 | 0x1c5 |
SetMenuDefaultItem | 0x0 | 0x44230c | 0x50e74 | 0x4fc74 | 0x281 |
GetSystemMetrics | 0x0 | 0x442310 | 0x50e78 | 0x4fc78 | 0x16f |
InsertMenuA | 0x0 | 0x442314 | 0x50e7c | 0x4fc7c | 0x1a3 |
SetWindowTextA | 0x0 | 0x442318 | 0x50e80 | 0x4fc80 | 0x2ab |
LoadImageA | 0x0 | 0x44231c | 0x50e84 | 0x4fc84 | 0x1d8 |
MapWindowPoints | 0x0 | 0x442320 | 0x50e88 | 0x4fc88 | 0x1f3 |
GDI32.dll (6)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetTextExtentPoint32A | 0x0 | 0x442054 | 0x50bbc | 0x4f9bc | 0x204 |
SetTextColor | 0x0 | 0x442058 | 0x50bc0 | 0x4f9c0 | 0x28d |
DeleteDC | 0x0 | 0x44205c | 0x50bc4 | 0x4f9c4 | 0xcd |
SetBkMode | 0x0 | 0x442060 | 0x50bc8 | 0x4f9c8 | 0x266 |
GetPixel | 0x0 | 0x442064 | 0x50bcc | 0x4f9cc | 0x1eb |
BitBlt | 0x0 | 0x442068 | 0x50bd0 | 0x4f9d0 | 0x12 |
ADVAPI32.dll (15)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
RegCreateKeyExA | 0x0 | 0x442000 | 0x50b68 | 0x4f968 | 0x232 |
RevertToSelf | 0x0 | 0x442004 | 0x50b6c | 0x4f96c | 0x28a |
SetThreadToken | 0x0 | 0x442008 | 0x50b70 | 0x4f970 | 0x2bb |
GetUserNameW | 0x0 | 0x44200c | 0x50b74 | 0x4f974 | 0x15f |
RegCloseKey | 0x0 | 0x442010 | 0x50b78 | 0x4f978 | 0x22a |
RegOpenKeyExW | 0x0 | 0x442014 | 0x50b7c | 0x4f97c | 0x25b |
RegDeleteValueA | 0x0 | 0x442018 | 0x50b80 | 0x4f980 | 0x241 |
RegQueryInfoKeyA | 0x0 | 0x44201c | 0x50b84 | 0x4f984 | 0x261 |
RegOpenKeyExA | 0x0 | 0x442020 | 0x50b88 | 0x4f988 | 0x25a |
OpenThreadToken | 0x0 | 0x442024 | 0x50b8c | 0x4f98c | 0x1f6 |
RegEnumKeyExA | 0x0 | 0x442028 | 0x50b90 | 0x4f990 | 0x248 |
RegDeleteKeyA | 0x0 | 0x44202c | 0x50b94 | 0x4f994 | 0x237 |
RegQueryValueExW | 0x0 | 0x442030 | 0x50b98 | 0x4f998 | 0x268 |
RegCreateKeyExW | 0x0 | 0x442034 | 0x50b9c | 0x4f99c | 0x233 |
RegSetValueExA | 0x0 | 0x442038 | 0x50ba0 | 0x4f9a0 | 0x277 |
ole32.dll (7)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
CreateStreamOnHGlobal | 0x0 | 0x442348 | 0x50eb0 | 0x4fcb0 | 0x85 |
CoCreateInstance | 0x0 | 0x44234c | 0x50eb4 | 0x4fcb4 | 0x10 |
CoTaskMemAlloc | 0x0 | 0x442350 | 0x50eb8 | 0x4fcb8 | 0x66 |
CoTaskMemFree | 0x0 | 0x442354 | 0x50ebc | 0x4fcbc | 0x67 |
CoUninitialize | 0x0 | 0x442358 | 0x50ec0 | 0x4fcc0 | 0x6b |
CoTaskMemRealloc | 0x0 | 0x44235c | 0x50ec4 | 0x4fcc4 | 0x68 |
CoInitialize | 0x0 | 0x442360 | 0x50ec8 | 0x4fcc8 | 0x3d |
OLEAUT32.dll (7)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
VarUI4FromStr | 0x115 | 0x44221c | 0x50d84 | 0x4fb84 | - |
SafeArrayUnaccessData | 0x18 | 0x442220 | 0x50d88 | 0x4fb88 | - |
VariantInit | 0x8 | 0x442224 | 0x50d8c | 0x4fb8c | - |
SafeArrayAccessData | 0x17 | 0x442228 | 0x50d90 | 0x4fb90 | - |
SafeArrayCreateVector | 0x19b | 0x44222c | 0x50d94 | 0x4fb94 | - |
VariantClear | 0x9 | 0x442230 | 0x50d98 | 0x4fb98 | - |
OleLoadPicture | 0x1a2 | 0x442234 | 0x50d9c | 0x4fb9c | - |
COMCTL32.dll (4)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
ImageList_Create | 0x0 | 0x442040 | 0x50ba8 | 0x4f9a8 | 0x53 |
InitCommonControlsEx | 0x0 | 0x442044 | 0x50bac | 0x4f9ac | 0x7a |
ImageList_ReplaceIcon | 0x0 | 0x442048 | 0x50bb0 | 0x4f9b0 | 0x6e |
(by ordinal) | 0x11 | 0x44204c | 0x50bb4 | 0x4f9b4 | - |
VERSION.dll (3)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetFileVersionInfoSizeW | 0x0 | 0x442328 | 0x50e90 | 0x4fc90 | 0x4 |
VerQueryValueW | 0x0 | 0x44232c | 0x50e94 | 0x4fc94 | 0xd |
GetFileVersionInfoW | 0x0 | 0x442330 | 0x50e98 | 0x4fc98 | 0x5 |
WTSAPI32.dll (3)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
WTSFreeMemory | 0x0 | 0x442338 | 0x50ea0 | 0x4fca0 | 0x8 |
WTSQuerySessionInformationA | 0x0 | 0x44233c | 0x50ea4 | 0x4fca4 | 0xc |
WTSEnumerateSessionsA | 0x0 | 0x442340 | 0x50ea8 | 0x4fca8 | 0x6 |
TAPI32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
linePrepareAddToConferenceA | 0x0 | 0x44223c | 0x50da4 | 0x4fba4 | 0xa0 |
Exports (1)
»
Api name | EAT Address | Ordinal |
---|---|---|
Load | 0x56a0 | 0x1 |
C:\Users\CIIHMN~1\AppData\Local\Temp\19FE\E47F.tmp | Created File | Unknown |
Whitelisted
|
...
|
»
File Reputation Information
»
Severity |
Whitelisted
|
First Seen | 2011-05-27 11:27 (UTC+2) |
Last Seen | 2017-04-19 12:47 (UTC+2) |
C:\Users\CIIHMN~1\AppData\Local\Temp\19FE\E47F.bat | Created File | Text |
Unknown
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\adsldraw\autoclb.exe | Created File | Stream |
Unknown
|
...
|
»