VTI SCORE: 100/100
| Dynamic Analysis Report |
| Classification: Ransomware, Trojan |
frost.exe
Windows Exe (x86-32)
Created at 2020-01-08T05:25:00
Remarks
(0x200001e): The maximum size of extracted files was exceeded. Some files may be missing in the report.
(0x200001d): The maximum number of extracted files was exceeded. Some files may be missing in the report.
(0x200001b): The maximum number of file reputation requests per analysis (150) was exceeded.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| Filename | Category | Type | Severity | Actions |
|---|
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 223.50 KB |
| MD5 |
71a90c959b26599a372bd0ac30d3c999
|
| SHA1 |
33359e9fbc27781b610ff9c2c06f2373c358fea2
|
| SHA256 |
57c9bfb02f4d8d41e3f35df514f4659d7ed176da5be0f77dd6594afe40272686
|
| SSDeep |
3072:O6vJoRjpQsEbd1LMjdLJM+lmsolAIrRuw+mqv9j1MWLQuMvvmsol2IrRuw+mqv9y:O6v8jGNbdEO+lDAAYvvDA2
|
| ImpHash |
f34d5f2d4577ed6d9ceec516c1f5a744
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
File Reputation Information
»
| Severity |
Blacklisted
|
| First Seen | 2020-01-02 20:23 (UTC+1) |
| Last Seen | 2020-01-06 06:51 (UTC+1) |
| Names | ByteCode-MSIL.Trojan.Filecoder |
| Families | Filecoder |
| Classification | Trojan |
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x420c66 |
| Size Of Code | 0x1ee00 |
| Size Of Initialized Data | 0x18e00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2019-11-22 15:23:58+00:00 |
Version Information (7)
»
| Assembly Version | 1.0.0.0 |
| FileDescription | |
| FileVersion | 1.0.0.0 |
| InternalName | frost.exe |
| LegalCopyright | |
| OriginalFilename | frost.exe |
| ProductVersion | 1.0.0.0 |
Sections (3)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x402000 | 0x1ec6c | 0x1ee00 | 0x200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 4.8 |
| .rsrc | 0x422000 | 0x18b4a | 0x18c00 | 0x1f000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.31 |
| .reloc | 0x43c000 | 0xc | 0x200 | 0x37c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.08 |
Imports (1)
»
mscoree.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| _CorExeMain | 0x0 | 0x402000 | 0x20c44 | 0x1ee44 | 0x0 |
Memory Dumps (29)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|---|
| frost.exe | 1 | 0x00CB0000 | 0x00CEDFFF | Relevant Image | - | 64-bit | - |
|
|
...
|
| buffer | 1 | 0x7FF8B24AE000 | 0x7FF8B24AEFFF | First Execution | - | 64-bit | 0x7FF8B24AE040 |
|
|
...
|
| buffer | 1 | 0x7FF8B2601000 | 0x7FF8B2601FFF | First Execution | - | 64-bit | 0x7FF8B2601040 |
|
|
...
|
| buffer | 1 | 0x7FF8B25C1000 | 0x7FF8B25C1FFF | First Execution | - | 64-bit | 0x7FF8B25C1000 |
|
|
...
|
| buffer | 1 | 0x7FF8B2602000 | 0x7FF8B2602FFF | First Execution | - | 64-bit | 0x7FF8B2602000 |
|
|
...
|
| buffer | 1 | 0x7FF8B249F000 | 0x7FF8B249FFFF | First Execution | - | 64-bit | 0x7FF8B249F030 |
|
|
...
|
| buffer | 1 | 0x7FF8B249F000 | 0x7FF8B249FFFF | Content Changed | - | 64-bit | 0x7FF8B249F2F0 |
|
|
...
|
| buffer | 1 | 0x7FF8B2602000 | 0x7FF8B2602FFF | Content Changed | - | 64-bit | 0x7FF8B26029A0 |
|
|
...
|
| buffer | 1 | 0x7FF8B2603000 | 0x7FF8B2603FFF | First Execution | - | 64-bit | 0x7FF8B2603012 |
|
|
...
|
| buffer | 1 | 0x7FF8B2604000 | 0x7FF8B2604FFF | First Execution | - | 64-bit | 0x7FF8B2604060 |
|
|
...
|
| buffer | 1 | 0x7FF8B2605000 | 0x7FF8B2605FFF | First Execution | - | 64-bit | 0x7FF8B2605020 |
|
|
...
|
| buffer | 1 | 0x7FF8B2606000 | 0x7FF8B2606FFF | First Execution | - | 64-bit | 0x7FF8B2606032 |
|
|
...
|
| buffer | 1 | 0x7FF8B25C1000 | 0x7FF8B25C1FFF | Content Changed | - | 64-bit | 0x7FF8B25C1953 |
|
|
...
|
| buffer | 1 | 0x7FF8B2607000 | 0x7FF8B2607FFF | First Execution | - | 64-bit | 0x7FF8B2607000 |
|
|
...
|
| buffer | 1 | 0x7FF8B2601000 | 0x7FF8B2601FFF | Content Changed | - | 64-bit | 0x7FF8B2601040 |
|
|
...
|
| buffer | 1 | 0x7FF8B2608000 | 0x7FF8B2608FFF | First Execution | - | 64-bit | 0x7FF8B2608040 |
|
|
...
|
| buffer | 1 | 0x7FF8B2609000 | 0x7FF8B2609FFF | First Execution | - | 64-bit | 0x7FF8B2609000 |
|
|
...
|
| buffer | 1 | 0x7FF8B25C7000 | 0x7FF8B25C7FFF | First Execution | - | 64-bit | 0x7FF8B25C7070 |
|
|
...
|
| buffer | 1 | 0x7FF8B25C8000 | 0x7FF8B25C8FFF | First Execution | - | 64-bit | 0x7FF8B25C8000 |
|
|
...
|
| buffer | 1 | 0x7FF8B2620000 | 0x7FF8B262FFFF | Content Changed | - | 64-bit | 0x7FF8B2620080 |
|
|
...
|
| buffer | 1 | 0x7FF8B25C9000 | 0x7FF8B25C9FFF | First Execution | - | 64-bit | 0x7FF8B25C9000 |
|
|
...
|
| buffer | 1 | 0x7FF8B25C7000 | 0x7FF8B25C7FFF | Content Changed | - | 64-bit | 0x7FF8B25C7F2D |
|
|
...
|
| buffer | 1 | 0x7FF8B249F000 | 0x7FF8B249FFFF | Content Changed | - | 64-bit | 0x7FF8B249FD70 |
|
|
...
|
| buffer | 1 | 0x7FF8B2609000 | 0x7FF8B2609FFF | Content Changed | - | 64-bit | 0x7FF8B26092D0 |
|
|
...
|
| buffer | 1 | 0x7FF8B25C8000 | 0x7FF8B25C8FFF | Content Changed | - | 64-bit | 0x7FF8B25C80DD |
|
|
...
|
| buffer | 1 | 0x7FF8B25C9000 | 0x7FF8B25C9FFF | Content Changed | - | 64-bit | 0x7FF8B25C9418 |
|
|
...
|
| buffer | 1 | 0x7FF8B2620000 | 0x7FF8B262FFFF | Content Changed | - | 64-bit | 0x7FF8B2620320 |
|
|
...
|
| buffer | 1 | 0x7FF8B2609000 | 0x7FF8B2609FFF | Content Changed | - | 64-bit | 0x7FF8B26092D0 |
|
|
...
|
| frost.exe | 1 | 0x00CB0000 | 0x00CEDFFF | Final Dump | - | 64-bit | - |
|
|
...
|
Local AV Matches (1)
»
| Threat Name | Severity |
|---|---|
| Gen:Heur.Ransom.Imps.3 |
Malicious
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm | Modified File | Text |
Unknown
|
...
|
»
| Mime Type | text/html |
| File Size | 16.26 KB |
| MD5 |
a98bf7d439ab2af948a08598fc1583d7
|
| SHA1 |
8d11941d69908d114d76aefff7767c9a041b543a
|
| SHA256 |
59fc6d10ac8d68f289eac089f4793ba36385a6a422f6ffd66bd863c8d399e3fb
|
| SSDeep |
384:fBg8Tm/5y/L//5g5THvJ8KeWe0eeQeOeZeYEYCe/e+xb:e8q5y/L//5g5TPJ/eWeleQeOeZere/ek
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
Embedded URLs (4)
»
| URL | First Seen | Categories | Threat Names | Reputation Status | WHOIS Data |
|---|---|---|---|---|---|
| http://www.adobe.com/go/acrobat | - | - | - |
Unknown
|
Not Queried
|
| http://helpx.adobe.com/reader/system-requirements.html | - | - | - |
Unknown
|
Not Queried
|
| http://www.adobe.com/go/thirdparty/ | - | - | - |
Unknown
|
Not Queried
|
| http://www.adobe.com/go/terms | - | - | - |
Unknown
|
Not Queried
|
| C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 41.69 KB |
| MD5 |
887f61443cabd6b2988bc31bb770d97b
|
| SHA1 |
371777b93fb8c2cfcaf304efd39dfdf11c87e922
|
| SHA256 |
4aa42fba3e8325ce272d6917a1ca0c222617c40eeec1d602d4838f618a8e20ac
|
| SSDeep |
384:eWfIDAecwFdFMFSFFLoVwATKKhRdprlF+BxHcP8YaUavWKDXv8veSR2F2TZx:eWILcwHCIZoVv+KhRb7ODfy0Fa/
|
| C:\Program Files\Java\jre1.8.0_144\COPYRIGHT | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\COPYRIGHT.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 3.17 KB |
| MD5 |
44d6ab3e1b6d8d1c126f5d33c328958c
|
| SHA1 |
3a1f441b5c63821ce0f393f38890e3e055aaee76
|
| SHA256 |
113b55266c56f41f707b10e0826d079a0f2414b46c0cbbd8f5346b0407ce6f31
|
| SSDeep |
48:uVMJmZijGnZKo1oK6dBDj6uePrQYHfYr+blo+k3BqWEam+8pxHh5nzh/3Rkbnu:uVMJmJ0KUtmrQYH3/EBpm+e5nh3Rgu
|
| C:\Program Files\Java\jre1.8.0_144\LICENSE.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\LICENSE (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 48 bytes |
| MD5 |
03c0cedefd6bfdf1aa72244303f8928d
|
| SHA1 |
e0a59d6fbbcaff0346adca9f502327899506c9a9
|
| SHA256 |
9b664d7035c647e77960cc121642cfce6dbbb8ef4de1f7fe624e823564b11764
|
| SSDeep |
3:zy3J7WL5j3w6+KXbn:2F0LV1L
|
| C:\588bce7c90097ed212\DHtmlHeader.html | Modified File | Text |
Unknown
|
...
|
»
| Mime Type | text/html |
| File Size | 15.76 KB |
| MD5 |
b09f91dcec8f02eb9db938399a395a34
|
| SHA1 |
055c27983347ac75db869ab316c2531b1ce06708
|
| SHA256 |
1c1ccd0b07b09af9bbd4fd33beae92f4e2e0e55e5c2daa3c65b2137dc0565445
|
| SSDeep |
192:7Ddx3KOTczFQ21Kp4n5DTx1iDecPeLHLHQFJFjZWblWUxFzJzcKHj3:fdsOT01KcBUFJFEWUxFzvHT
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
Embedded URLs (1)
»
| URL | First Seen | Categories | Threat Names | Reputation Status | WHOIS Data |
|---|---|---|---|---|---|
| http://www.microsoft.com/info/cpyrtInfrg.htm | - | - | - |
Unknown
|
Not Queried
|
| Also Known As | C:\Boot\BOOTSTAT.DAT (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 64.02 KB |
| MD5 |
bb3b292a034195fa197394b4693f6111
|
| SHA1 |
5f42eb6495a17827f19fe0b31381d8d29d1aa9e0
|
| SHA256 |
49d8567ab1590a3e38e7a90509e9633db9215218fcdf4f267a92fc0a9a0f2340
|
| SSDeep |
96:4Wo9Q1msMrxjFjPEA9zKIsphibHOujA1+9v/sk86Flsg5eGEidYy:gJsCjhMySw5skcg5LEidL
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm | Modified File | Text |
Unknown
|
...
|
»
| Also Known As | C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm.gоod (Dropped File) |
| Mime Type | text/html |
| File Size | 16.26 KB |
| MD5 |
a7a4263675652807e14707236dede771
|
| SHA1 |
780a7b970fe9af94403f0b24034f08ee8a69d29b
|
| SHA256 |
b759bcebba6eb6880104a8772ab633580587b75addbfaf88dc45ce4d71397d1a
|
| SSDeep |
384:MPffQxkYqr+4e//5g5THvJ8KeWe0eeQeOeZeYEYCe/e+xb:MPXQtw+R//5g5TPJ/eWeleQeOeZere/P
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
| C:\588bce7c90097ed212\DHtmlHeader.html | Modified File | Text |
Unknown
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\DHtmlHeader.html.gоod (Dropped File) |
| Mime Type | text/html |
| File Size | 15.76 KB |
| MD5 |
61342bc40d793174c5fbdb0cc5b07973
|
| SHA1 |
ac69c6608054ca6fb41048ec23c5662ece766418
|
| SHA256 |
6108462843ddb34011edcb2ac8b276563cc041c343f54c5ce6b4a18e891f1af8
|
| SSDeep |
192:Xr14Go3Ar/Y5PJVyCTjEyEeLHLHQFJFjZWblWUxFzJzcKHj3:Xr1XoS/ymCT4yxUFJFEWUxFzvHT
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
| C:\588bce7c90097ed212\DisplayIcon.ico | Modified File | Image |
Unknown
|
...
|
»
| Mime Type | image/x-icon |
| File Size | 86.47 KB |
| MD5 |
d768b47ce752c104c9d3a91e6c982ed8
|
| SHA1 |
5b9a9324deee5f38c9f66c11f7c06304cc97f3aa
|
| SHA256 |
2cc9f20cc2a50bc8117a3fe57f6947b2459f21ecfc3fd68677ab7492a132ab16
|
| SSDeep |
1536:xWayqxMQP8ZOs0JOG58d8vo2zYOvvHAj/4/aXj/Nhhg73BVp5vEdx:e/gB4H8vo2no0/aX7C7Dcn
|
| C:\Program Files\Java\jre1.8.0_144\README.txt | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\README.txt.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 48 bytes |
| MD5 |
7be55e76651bffa5e86303c13f39d845
|
| SHA1 |
20ee1f06bafd8eacc86ab9566f5c516a142eac49
|
| SHA256 |
7aa39aab15253232f4b8116d55686851e45cbcc25ff506fab169446286cb13f6
|
| SSDeep |
3:zy3J7WL5j3JBttl:2F0Lvt
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 281.50 KB |
| MD5 |
23246ea4fdd31d1b74989075e6f0670d
|
| SHA1 |
20db8178351918fc00b2f5136dde193664537cf0
|
| SHA256 |
9100a96b873107ffd744d0921c9cabf089d08a6cec317e2ab2411d68b7a65f13
|
| SSDeep |
6144:8Ze8PFjiY/V8rex+E9sy8nqGaoSFC20vdU:8ckjiY/Gre2MoEH
|
| ImpHash |
c3ad773187bc097922e29fea953b196b
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x43428d |
| Size Of Code | 0x34e00 |
| Size Of Initialized Data | 0xfe00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2017-11-04 19:18:19+00:00 |
Version Information (8)
»
| CompanyName | Adobe Systems Incorporated |
| FileDescription | Adobe PDF Broker Process for Internet Explorer |
| FileVersion | 18.9.20044.251705 |
| InternalName | AcroBroker.exe |
| LegalCopyright | Copyright 1984-2017 Adobe Systems Incorporated and its licensors. All rights reserved. |
| OriginalFilename | AcroBroker.exe |
| ProductName | Adobe PDF Broker Process for Internet Explorer |
| ProductVersion | 18.9.20044.251705 |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x34c0f | 0x34e00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.59 |
| .rdata | 0x436000 | 0x5e74 | 0x6000 | 0x35200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.76 |
| .data | 0x43c000 | 0x4c80 | 0x4600 | 0x3b200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.88 |
| .rsrc | 0x441000 | 0x2ec0 | 0x3000 | 0x3f800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.79 |
| .reloc | 0x444000 | 0x1e90 | 0x2000 | 0x42800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.44 |
Imports (11)
»
KERNEL32.dll (66)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| FindResourceW | 0x0 | 0x436060 | 0x3a988 | 0x39b88 | 0x189 |
| MultiByteToWideChar | 0x0 | 0x436064 | 0x3a98c | 0x39b8c | 0x3d1 |
| GetUserDefaultLCID | 0x0 | 0x436068 | 0x3a990 | 0x39b90 | 0x2fc |
| CreateFileW | 0x0 | 0x43606c | 0x3a994 | 0x39b94 | 0xc2 |
| DeleteFileW | 0x0 | 0x436070 | 0x3a998 | 0x39b98 | 0x10a |
| FindClose | 0x0 | 0x436074 | 0x3a99c | 0x39b9c | 0x168 |
| FindFirstFileW | 0x0 | 0x436078 | 0x3a9a0 | 0x39ba0 | 0x173 |
| FindNextFileW | 0x0 | 0x43607c | 0x3a9a4 | 0x39ba4 | 0x17f |
| GetFileAttributesW | 0x0 | 0x436080 | 0x3a9a8 | 0x39ba8 | 0x235 |
| GetFileSize | 0x0 | 0x436084 | 0x3a9ac | 0x39bac | 0x23b |
| ReadFile | 0x0 | 0x436088 | 0x3a9b0 | 0x39bb0 | 0x450 |
| RemoveDirectoryW | 0x0 | 0x43608c | 0x3a9b4 | 0x39bb4 | 0x495 |
| SetEndOfFile | 0x0 | 0x436090 | 0x3a9b8 | 0x39bb8 | 0x4ea |
| SetFileAttributesW | 0x0 | 0x436094 | 0x3a9bc | 0x39bbc | 0x4f7 |
| SetFilePointer | 0x0 | 0x436098 | 0x3a9c0 | 0x39bc0 | 0x4fc |
| WriteFile | 0x0 | 0x43609c | 0x3a9c4 | 0x39bc4 | 0x5e1 |
| LocalAlloc | 0x0 | 0x4360a0 | 0x3a9c8 | 0x39bc8 | 0x3ae |
| CopyFileW | 0x0 | 0x4360a4 | 0x3a9cc | 0x39bcc | 0xa5 |
| WideCharToMultiByte | 0x0 | 0x4360a8 | 0x3a9d0 | 0x39bd0 | 0x5cd |
| OutputDebugStringA | 0x0 | 0x4360ac | 0x3a9d4 | 0x39bd4 | 0x3f9 |
| lstrcmpiW | 0x0 | 0x4360b0 | 0x3a9d8 | 0x39bd8 | 0x602 |
| GetModuleHandleA | 0x0 | 0x4360b4 | 0x3a9dc | 0x39bdc | 0x264 |
| LoadLibraryW | 0x0 | 0x4360b8 | 0x3a9e0 | 0x39be0 | 0x3a8 |
| OutputDebugStringW | 0x0 | 0x4360bc | 0x3a9e4 | 0x39be4 | 0x3fa |
| QueryPerformanceCounter | 0x0 | 0x4360c0 | 0x3a9e8 | 0x39be8 | 0x42d |
| IsProcessorFeaturePresent | 0x0 | 0x4360c4 | 0x3a9ec | 0x39bec | 0x36d |
| IsDebuggerPresent | 0x0 | 0x4360c8 | 0x3a9f0 | 0x39bf0 | 0x367 |
| EncodePointer | 0x0 | 0x4360cc | 0x3a9f4 | 0x39bf4 | 0x121 |
| GetSystemTimeAsFileTime | 0x0 | 0x4360d0 | 0x3a9f8 | 0x39bf8 | 0x2d6 |
| SwitchToThread | 0x0 | 0x4360d4 | 0x3a9fc | 0x39bfc | 0x55c |
| GetFullPathNameW | 0x0 | 0x4360d8 | 0x3aa00 | 0x39c00 | 0x249 |
| GetDriveTypeW | 0x0 | 0x4360dc | 0x3aa04 | 0x39c04 | 0x21f |
| CreateSemaphoreA | 0x0 | 0x4360e0 | 0x3aa08 | 0x39c08 | 0xde |
| TlsFree | 0x0 | 0x4360e4 | 0x3aa0c | 0x39c0c | 0x574 |
| TlsSetValue | 0x0 | 0x4360e8 | 0x3aa10 | 0x39c10 | 0x576 |
| SizeofResource | 0x0 | 0x4360ec | 0x3aa14 | 0x39c14 | 0x551 |
| LoadResource | 0x0 | 0x4360f0 | 0x3aa18 | 0x39c18 | 0x3ab |
| LoadLibraryExW | 0x0 | 0x4360f4 | 0x3aa1c | 0x39c1c | 0x3a7 |
| GetModuleHandleW | 0x0 | 0x4360f8 | 0x3aa20 | 0x39c20 | 0x267 |
| GetModuleFileNameW | 0x0 | 0x4360fc | 0x3aa24 | 0x39c24 | 0x263 |
| FreeLibrary | 0x0 | 0x436100 | 0x3aa28 | 0x39c28 | 0x19e |
| GetCurrentThreadId | 0x0 | 0x436104 | 0x3aa2c | 0x39c2c | 0x20e |
| CreateThread | 0x0 | 0x436108 | 0x3aa30 | 0x39c30 | 0xe8 |
| Sleep | 0x0 | 0x43610c | 0x3aa34 | 0x39c34 | 0x552 |
| CreateEventW | 0x0 | 0x436110 | 0x3aa38 | 0x39c38 | 0xb6 |
| WaitForSingleObject | 0x0 | 0x436114 | 0x3aa3c | 0x39c3c | 0x5ab |
| SetEvent | 0x0 | 0x436118 | 0x3aa40 | 0x39c40 | 0x4f0 |
| DeleteCriticalSection | 0x0 | 0x43611c | 0x3aa44 | 0x39c44 | 0x105 |
| InitializeCriticalSectionEx | 0x0 | 0x436120 | 0x3aa48 | 0x39c48 | 0x349 |
| RaiseException | 0x0 | 0x436124 | 0x3aa4c | 0x39c4c | 0x440 |
| DecodePointer | 0x0 | 0x436128 | 0x3aa50 | 0x39c50 | 0xfe |
| GetLongPathNameW | 0x0 | 0x43612c | 0x3aa54 | 0x39c54 | 0x25d |
| LocalFree | 0x0 | 0x436130 | 0x3aa58 | 0x39c58 | 0x3b2 |
| GetCurrentProcessId | 0x0 | 0x436134 | 0x3aa5c | 0x39c5c | 0x20a |
| GetCurrentProcess | 0x0 | 0x436138 | 0x3aa60 | 0x39c60 | 0x209 |
| GetLastError | 0x0 | 0x43613c | 0x3aa64 | 0x39c64 | 0x250 |
| CloseHandle | 0x0 | 0x436140 | 0x3aa68 | 0x39c68 | 0x7f |
| GetTempPathW | 0x0 | 0x436144 | 0x3aa6c | 0x39c6c | 0x2e3 |
| CreateDirectoryW | 0x0 | 0x436148 | 0x3aa70 | 0x39c70 | 0xb2 |
| GetProcAddress | 0x0 | 0x43614c | 0x3aa74 | 0x39c74 | 0x29d |
| SetLastError | 0x0 | 0x436150 | 0x3aa78 | 0x39c78 | 0x50b |
| TlsGetValue | 0x0 | 0x436154 | 0x3aa7c | 0x39c7c | 0x575 |
| TlsAlloc | 0x0 | 0x436158 | 0x3aa80 | 0x39c80 | 0x573 |
| LeaveCriticalSection | 0x0 | 0x43615c | 0x3aa84 | 0x39c84 | 0x3a2 |
| EnterCriticalSection | 0x0 | 0x436160 | 0x3aa88 | 0x39c88 | 0x125 |
| InitializeCriticalSection | 0x0 | 0x436164 | 0x3aa8c | 0x39c8c | 0x347 |
USER32.dll (11)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetMessageW | 0x0 | 0x436310 | 0x3ac38 | 0x39e38 | 0x173 |
| TranslateMessage | 0x0 | 0x436314 | 0x3ac3c | 0x39e3c | 0x33f |
| DispatchMessageW | 0x0 | 0x436318 | 0x3ac40 | 0x39e40 | 0xb5 |
| PostThreadMessageW | 0x0 | 0x43631c | 0x3ac44 | 0x39e44 | 0x273 |
| GetUserObjectInformationW | 0x0 | 0x436320 | 0x3ac48 | 0x39e48 | 0x1b8 |
| MessageBoxW | 0x0 | 0x436324 | 0x3ac4c | 0x39e4c | 0x24d |
| GetProcessWindowStation | 0x0 | 0x436328 | 0x3ac50 | 0x39e50 | 0x193 |
| SetProcessWindowStation | 0x0 | 0x43632c | 0x3ac54 | 0x39e54 | 0x2ef |
| CreateWindowStationW | 0x0 | 0x436330 | 0x3ac58 | 0x39e58 | 0x75 |
| CreateDesktopW | 0x0 | 0x436334 | 0x3ac5c | 0x39e5c | 0x61 |
| CharNextW | 0x0 | 0x436338 | 0x3ac60 | 0x39e60 | 0x31 |
WINSPOOL.DRV (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ClosePrinter | 0x0 | 0x436340 | 0x3ac68 | 0x39e68 | 0x1d |
| DocumentPropertiesW | 0x0 | 0x436344 | 0x3ac6c | 0x39e6c | 0x4f |
| OpenPrinterW | 0x0 | 0x436348 | 0x3ac70 | 0x39e70 | 0x96 |
ADVAPI32.dll (23)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegCreateKeyExW | 0x0 | 0x436000 | 0x3a928 | 0x39b28 | 0x25d |
| CryptGenRandom | 0x0 | 0x436004 | 0x3a92c | 0x39b2c | 0xd1 |
| CryptReleaseContext | 0x0 | 0x436008 | 0x3a930 | 0x39b30 | 0xdb |
| CryptAcquireContextW | 0x0 | 0x43600c | 0x3a934 | 0x39b34 | 0xc1 |
| RegSetValueExA | 0x0 | 0x436010 | 0x3a938 | 0x39b38 | 0x2a1 |
| RegCreateKeyExA | 0x0 | 0x436014 | 0x3a93c | 0x39b3c | 0x25c |
| RegSetValueExW | 0x0 | 0x436018 | 0x3a940 | 0x39b40 | 0x2a2 |
| RegQueryValueExA | 0x0 | 0x43601c | 0x3a944 | 0x39b44 | 0x291 |
| RegQueryInfoKeyW | 0x0 | 0x436020 | 0x3a948 | 0x39b48 | 0x28c |
| RegOpenKeyExA | 0x0 | 0x436024 | 0x3a94c | 0x39b4c | 0x284 |
| RegOpenKeyW | 0x0 | 0x436028 | 0x3a950 | 0x39b50 | 0x288 |
| RegEnumKeyExW | 0x0 | 0x43602c | 0x3a954 | 0x39b54 | 0x273 |
| RegDeleteValueW | 0x0 | 0x436030 | 0x3a958 | 0x39b58 | 0x26c |
| RegDeleteKeyW | 0x0 | 0x436034 | 0x3a95c | 0x39b5c | 0x268 |
| ConvertStringSecurityDescriptorToSecurityDescriptorW | 0x0 | 0x436038 | 0x3a960 | 0x39b60 | 0x81 |
| SetSecurityInfo | 0x0 | 0x43603c | 0x3a964 | 0x39b64 | 0x2e4 |
| GetSecurityInfo | 0x0 | 0x436040 | 0x3a968 | 0x39b68 | 0x162 |
| SetEntriesInAclW | 0x0 | 0x436044 | 0x3a96c | 0x39b6c | 0x2cf |
| CreateWellKnownSid | 0x0 | 0x436048 | 0x3a970 | 0x39b70 | 0x92 |
| CopySid | 0x0 | 0x43604c | 0x3a974 | 0x39b74 | 0x85 |
| RegQueryValueExW | 0x0 | 0x436050 | 0x3a978 | 0x39b78 | 0x292 |
| RegOpenKeyExW | 0x0 | 0x436054 | 0x3a97c | 0x39b7c | 0x285 |
| RegCloseKey | 0x0 | 0x436058 | 0x3a980 | 0x39b80 | 0x254 |
SHELL32.dll (6)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SHGetSpecialFolderPathW | 0x0 | 0x4362e4 | 0x3ac0c | 0x39e0c | 0xf4 |
| SHGetFileInfoW | 0x0 | 0x4362e8 | 0x3ac10 | 0x39e10 | 0xc8 |
| SHBrowseForFolderW | 0x0 | 0x4362ec | 0x3ac14 | 0x39e14 | 0x83 |
| SHGetPathFromIDListW | 0x0 | 0x4362f0 | 0x3ac18 | 0x39e18 | 0xe9 |
| ShellExecuteExW | 0x0 | 0x4362f4 | 0x3ac1c | 0x39e1c | 0x136 |
| SHGetKnownFolderPath | 0x0 | 0x4362f8 | 0x3ac20 | 0x39e20 | 0xde |
ole32.dll (11)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CoInitialize | 0x0 | 0x436350 | 0x3ac78 | 0x39e78 | 0x4f |
| CoTaskMemRealloc | 0x0 | 0x436354 | 0x3ac7c | 0x39e7c | 0x7c |
| CoTaskMemAlloc | 0x0 | 0x436358 | 0x3ac80 | 0x39e80 | 0x7a |
| CoCreateInstance | 0x0 | 0x43635c | 0x3ac84 | 0x39e84 | 0x1a |
| CoReleaseServerProcess | 0x0 | 0x436360 | 0x3ac88 | 0x39e88 | 0x6d |
| CoAddRefServerProcess | 0x0 | 0x436364 | 0x3ac8c | 0x39e8c | 0x10 |
| CoResumeClassObjects | 0x0 | 0x436368 | 0x3ac90 | 0x39e90 | 0x6e |
| CoRevokeClassObject | 0x0 | 0x43636c | 0x3ac94 | 0x39e94 | 0x71 |
| CoRegisterClassObject | 0x0 | 0x436370 | 0x3ac98 | 0x39e98 | 0x65 |
| CoTaskMemFree | 0x0 | 0x436374 | 0x3ac9c | 0x39e9c | 0x7b |
| CoUninitialize | 0x0 | 0x436378 | 0x3aca0 | 0x39ea0 | 0x7f |
OLEAUT32.dll (9)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SysAllocString | 0x2 | 0x4362bc | 0x3abe4 | 0x39de4 | - |
| SafeArrayCreateVector | 0x19b | 0x4362c0 | 0x3abe8 | 0x39de8 | - |
| VarUI4FromStr | 0x115 | 0x4362c4 | 0x3abec | 0x39dec | - |
| SafeArrayUnaccessData | 0x18 | 0x4362c8 | 0x3abf0 | 0x39df0 | - |
| SysFreeString | 0x6 | 0x4362cc | 0x3abf4 | 0x39df4 | - |
| SysStringLen | 0x7 | 0x4362d0 | 0x3abf8 | 0x39df8 | - |
| SysAllocStringByteLen | 0x96 | 0x4362d4 | 0x3abfc | 0x39dfc | - |
| SafeArrayDestroy | 0x10 | 0x4362d8 | 0x3ac00 | 0x39e00 | - |
| SafeArrayAccessData | 0x17 | 0x4362dc | 0x3ac04 | 0x39e04 | - |
sqlite.dll (33)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| sqlite3_errcode | 0x0 | 0x436380 | 0x3aca8 | 0x39ea8 | 0x21 |
| sqlite3_open_v2 | 0x0 | 0x436384 | 0x3acac | 0x39eac | 0x33 |
| sqlite3_close | 0x0 | 0x436388 | 0x3acb0 | 0x39eb0 | 0xe |
| sqlite3_get_autocommit | 0x0 | 0x43638c | 0x3acb4 | 0x39eb4 | 0x28 |
| sqlite3_reset | 0x0 | 0x436390 | 0x3acb8 | 0x39eb8 | 0x36 |
| sqlite3_finalize | 0x0 | 0x436394 | 0x3acbc | 0x39ebc | 0x25 |
| sqlite3_errmsg | 0x0 | 0x436398 | 0x3acc0 | 0x39ec0 | 0x22 |
| sqlite3_prepare_v2 | 0x0 | 0x43639c | 0x3acc4 | 0x39ec4 | 0x35 |
| sqlite3_create_function | 0x0 | 0x4363a0 | 0x3acc8 | 0x39ec8 | 0x1d |
| sqlite3_value_int | 0x0 | 0x4363a4 | 0x3accc | 0x39ecc | 0x48 |
| sqlite3_value_type | 0x0 | 0x4363a8 | 0x3acd0 | 0x39ed0 | 0x4b |
| sqlite3_result_error | 0x0 | 0x4363ac | 0x3acd4 | 0x39ed4 | 0x39 |
| sqlite3_result_value | 0x0 | 0x4363b0 | 0x3acd8 | 0x39ed8 | 0x3e |
| sqlite3_column_type | 0x0 | 0x4363b4 | 0x3acdc | 0x39edc | 0x19 |
| sqlite3_column_text | 0x0 | 0x4363b8 | 0x3ace0 | 0x39ee0 | 0x18 |
| sqlite3_column_int64 | 0x0 | 0x4363bc | 0x3ace4 | 0x39ee4 | 0x16 |
| sqlite3_column_int | 0x0 | 0x4363c0 | 0x3ace8 | 0x39ee8 | 0x15 |
| sqlite3_column_double | 0x0 | 0x4363c4 | 0x3acec | 0x39eec | 0x14 |
| sqlite3_column_bytes | 0x0 | 0x4363c8 | 0x3acf0 | 0x39ef0 | 0x11 |
| sqlite3_column_blob | 0x0 | 0x4363cc | 0x3acf4 | 0x39ef4 | 0x10 |
| sqlite3_step | 0x0 | 0x4363d0 | 0x3acf8 | 0x39ef8 | 0x41 |
| sqlite3_bind_parameter_count | 0x0 | 0x4363d4 | 0x3acfc | 0x39efc | 0x7 |
| sqlite3_bind_text | 0x0 | 0x4363d8 | 0x3ad00 | 0x39f00 | 0xa |
| sqlite3_exec | 0x0 | 0x4363dc | 0x3ad04 | 0x39f04 | 0x23 |
| sqlite3_last_insert_rowid | 0x0 | 0x4363e0 | 0x3ad08 | 0x39f08 | 0x2d |
| sqlite3_changes | 0x0 | 0x4363e4 | 0x3ad0c | 0x39f0c | 0xd |
| sqlite3_busy_handler | 0x0 | 0x4363e8 | 0x3ad10 | 0x39f10 | 0xb |
| sqlite3_free | 0x0 | 0x4363ec | 0x3ad14 | 0x39f14 | 0x26 |
| sqlite3_bind_blob | 0x0 | 0x4363f0 | 0x3ad18 | 0x39f18 | 0x2 |
| sqlite3_bind_double | 0x0 | 0x4363f4 | 0x3ad1c | 0x39f1c | 0x3 |
| sqlite3_bind_int | 0x0 | 0x4363f8 | 0x3ad20 | 0x39f20 | 0x4 |
| sqlite3_bind_null | 0x0 | 0x4363fc | 0x3ad24 | 0x39f24 | 0x6 |
| sqlite3_bind_int64 | 0x0 | 0x436400 | 0x3ad28 | 0x39f28 | 0x5 |
MSVCP120.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ?_Syserror_map@std@@YAPBDH@Z | 0x0 | 0x43616c | 0x3aa94 | 0x39c94 | 0x2b0 |
| ?_Xout_of_range@std@@YAXPBD@Z | 0x0 | 0x436170 | 0x3aa98 | 0x39c98 | 0x2cd |
| ?_Xlength_error@std@@YAXPBD@Z | 0x0 | 0x436174 | 0x3aa9c | 0x39c9c | 0x2cc |
| ?_Xbad_alloc@std@@YAXXZ | 0x0 | 0x436178 | 0x3aaa0 | 0x39ca0 | 0x2c9 |
| ?_Winerror_map@std@@YAPBDH@Z | 0x0 | 0x43617c | 0x3aaa4 | 0x39ca4 | 0x2c5 |
MSVCR120.dll (77)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| _wcmdln | 0x0 | 0x436184 | 0x3aaac | 0x39cac | 0x549 |
| _initterm | 0x0 | 0x436188 | 0x3aab0 | 0x39cb0 | 0x30c |
| _initterm_e | 0x0 | 0x43618c | 0x3aab4 | 0x39cb4 | 0x30d |
| __setusermatherr | 0x0 | 0x436190 | 0x3aab8 | 0x39cb8 | 0x1f4 |
| _configthreadlocale | 0x0 | 0x436194 | 0x3aabc | 0x39cbc | 0x240 |
| _cexit | 0x0 | 0x436198 | 0x3aac0 | 0x39cc0 | 0x22f |
| _exit | 0x0 | 0x43619c | 0x3aac4 | 0x39cc4 | 0x283 |
| exit | 0x0 | 0x4361a0 | 0x3aac8 | 0x39cc8 | 0x64e |
| __set_app_type | 0x0 | 0x4361a4 | 0x3aacc | 0x39ccc | 0x1f2 |
| __wgetmainargs | 0x0 | 0x4361a8 | 0x3aad0 | 0x39cd0 | 0x208 |
| _amsg_exit | 0x0 | 0x4361ac | 0x3aad4 | 0x39cd4 | 0x217 |
| __crtGetShowWindowMode | 0x0 | 0x4361b0 | 0x3aad8 | 0x39cd8 | 0x19d |
| _XcptFilter | 0x0 | 0x4361b4 | 0x3aadc | 0x39cdc | 0x16b |
| ?terminate@@YAXXZ | 0x0 | 0x4361b8 | 0x3aae0 | 0x39ce0 | 0x135 |
| _except_handler4_common | 0x0 | 0x4361bc | 0x3aae4 | 0x39ce4 | 0x27a |
| __crtTerminateProcess | 0x0 | 0x4361c0 | 0x3aae8 | 0x39ce8 | 0x1ab |
| __crtUnhandledException | 0x0 | 0x4361c4 | 0x3aaec | 0x39cec | 0x1ac |
| _crt_debugger_hook | 0x0 | 0x4361c8 | 0x3aaf0 | 0x39cf0 | 0x250 |
| ??1type_info@@UAE@XZ | 0x0 | 0x4361cc | 0x3aaf4 | 0x39cf4 | 0x6f |
| _onexit | 0x0 | 0x4361d0 | 0x3aaf8 | 0x39cf8 | 0x43a |
| __dllonexit | 0x0 | 0x4361d4 | 0x3aafc | 0x39cfc | 0x1ae |
| _calloc_crt | 0x0 | 0x4361d8 | 0x3ab00 | 0x39d00 | 0x22e |
| _unlock | 0x0 | 0x4361dc | 0x3ab04 | 0x39d04 | 0x504 |
| _lock | 0x0 | 0x4361e0 | 0x3ab08 | 0x39d08 | 0x394 |
| strlen | 0x0 | 0x4361e4 | 0x3ab0c | 0x39d0c | 0x738 |
| memcmp | 0x0 | 0x4361e8 | 0x3ab10 | 0x39d10 | 0x6e5 |
| _fmode | 0x0 | 0x4361ec | 0x3ab14 | 0x39d14 | 0x2a2 |
| wcslen | 0x0 | 0x4361f0 | 0x3ab18 | 0x39d18 | 0x788 |
| _set_invalid_parameter_handler | 0x0 | 0x4361f4 | 0x3ab1c | 0x39d1c | 0x474 |
| vsprintf | 0x0 | 0x4361f8 | 0x3ab20 | 0x39d20 | 0x772 |
| fclose | 0x0 | 0x4361fc | 0x3ab24 | 0x39d24 | 0x657 |
| _wfopen | 0x0 | 0x436200 | 0x3ab28 | 0x39d28 | 0x592 |
| fwprintf | 0x0 | 0x436204 | 0x3ab2c | 0x39d2c | 0x68c |
| _wcsnicmp | 0x0 | 0x436208 | 0x3ab30 | 0x39d30 | 0x55b |
| realloc | 0x0 | 0x43620c | 0x3ab34 | 0x39d34 | 0x709 |
| wcstok_s | 0x0 | 0x436210 | 0x3ab38 | 0x39d38 | 0x799 |
| strtok_s | 0x0 | 0x436214 | 0x3ab3c | 0x39d3c | 0x747 |
| strncpy_s | 0x0 | 0x436218 | 0x3ab40 | 0x39d40 | 0x73d |
| _strdup | 0x0 | 0x43621c | 0x3ab44 | 0x39d44 | 0x4ae |
| strcat_s | 0x0 | 0x436220 | 0x3ab48 | 0x39d48 | 0x72e |
| _time64 | 0x0 | 0x436224 | 0x3ab4c | 0x39d4c | 0x4e8 |
| srand | 0x0 | 0x436228 | 0x3ab50 | 0x39d50 | 0x72a |
| rand | 0x0 | 0x43622c | 0x3ab54 | 0x39d54 | 0x707 |
| _wrename | 0x0 | 0x436230 | 0x3ab58 | 0x39d58 | 0x5ac |
| wcsncmp | 0x0 | 0x436234 | 0x3ab5c | 0x39d5c | 0x78b |
| wcsnlen | 0x0 | 0x436238 | 0x3ab60 | 0x39d60 | 0x78e |
| wcscat_s | 0x0 | 0x43623c | 0x3ab64 | 0x39d64 | 0x780 |
| tolower | 0x0 | 0x436240 | 0x3ab68 | 0x39d68 | 0x75c |
| _wsplitpath | 0x0 | 0x436244 | 0x3ab6c | 0x39d6c | 0x5be |
| _wcsicmp | 0x0 | 0x436248 | 0x3ab70 | 0x39d70 | 0x551 |
| wcsstr | 0x0 | 0x43624c | 0x3ab74 | 0x39d74 | 0x794 |
| wcsrchr | 0x0 | 0x436250 | 0x3ab78 | 0x39d78 | 0x790 |
| _commode | 0x0 | 0x436254 | 0x3ab7c | 0x39d7c | 0x23f |
| __crtSetUnhandledExceptionFilter | 0x0 | 0x436258 | 0x3ab80 | 0x39d80 | 0x1a9 |
| _invoke_watson | 0x0 | 0x43625c | 0x3ab84 | 0x39d84 | 0x314 |
| memchr | 0x0 | 0x436260 | 0x3ab88 | 0x39d88 | 0x6e4 |
| _controlfp_s | 0x0 | 0x436264 | 0x3ab8c | 0x39d8c | 0x243 |
| _purecall | 0x0 | 0x436268 | 0x3ab90 | 0x39d90 | 0x449 |
| ??2@YAPAXI@Z | 0x0 | 0x43626c | 0x3ab94 | 0x39d94 | 0x70 |
| ??3@YAXPAX@Z | 0x0 | 0x436270 | 0x3ab98 | 0x39d98 | 0x72 |
| _vsnwprintf | 0x0 | 0x436274 | 0x3ab9c | 0x39d9c | 0x52f |
| memmove | 0x0 | 0x436278 | 0x3aba0 | 0x39da0 | 0x6e8 |
| _CxxThrowException | 0x0 | 0x43627c | 0x3aba4 | 0x39da4 | 0x158 |
| __CxxFrameHandler3 | 0x0 | 0x436280 | 0x3aba8 | 0x39da8 | 0x174 |
| memcpy | 0x0 | 0x436284 | 0x3abac | 0x39dac | 0x6e6 |
| _wcsdup | 0x0 | 0x436288 | 0x3abb0 | 0x39db0 | 0x54d |
| _vsnwprintf_s | 0x0 | 0x43628c | 0x3abb4 | 0x39db4 | 0x531 |
| ??_V@YAXPAX@Z | 0x0 | 0x436290 | 0x3abb8 | 0x39db8 | 0x89 |
| memset | 0x0 | 0x436294 | 0x3abbc | 0x39dbc | 0x6ea |
| free | 0x0 | 0x436298 | 0x3abc0 | 0x39dc0 | 0x683 |
| malloc | 0x0 | 0x43629c | 0x3abc4 | 0x39dc4 | 0x6db |
| _recalloc | 0x0 | 0x4362a0 | 0x3abc8 | 0x39dc8 | 0x455 |
| _wsplitpath_s | 0x0 | 0x4362a4 | 0x3abcc | 0x39dcc | 0x5bf |
| iswalpha | 0x0 | 0x4362a8 | 0x3abd0 | 0x39dd0 | 0x6ac |
| memcpy_s | 0x0 | 0x4362ac | 0x3abd4 | 0x39dd4 | 0x6e7 |
| wcscpy_s | 0x0 | 0x4362b0 | 0x3abd8 | 0x39dd8 | 0x785 |
| wcsncpy_s | 0x0 | 0x4362b4 | 0x3abdc | 0x39ddc | 0x78d |
SHLWAPI.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| PathCanonicalizeW | 0x0 | 0x436300 | 0x3ac28 | 0x39e28 | 0x3b |
| AssocQueryStringW | 0x0 | 0x436304 | 0x3ac2c | 0x39e2c | 0x8 |
| PathRemoveBackslashW | 0x0 | 0x436308 | 0x3ac30 | 0x39e30 | 0x89 |
Digital Signatures (2)
»
Certificate: Adobe Systems, Incorporated
»
| Issued by | Adobe Systems, Incorporated |
| Parent Certificate | DigiCert EV Code Signing CA (SHA2) |
| Country Name | US |
| Valid From | 2017-03-10 00:00:00+00:00 |
| Valid Until | 2019-03-15 12:00:00+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 06 89 83 64 2C 95 3E 46 F7 BD CE 41 43 F1 33 C1 |
| Thumbprint | EA A8 43 CA 28 33 A2 E1 EB ED EB E7 D0 4F 0C A2 B4 D9 73 44 |
Certificate: DigiCert EV Code Signing CA (SHA2)
»
| Issued by | DigiCert EV Code Signing CA (SHA2) |
| Country Name | US |
| Valid From | 2012-04-18 12:00:00+00:00 |
| Valid Until | 2027-04-18 12:00:00+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C |
| Thumbprint | 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3 |
| C:\588bce7c90097ed212\netfx_Core_x64.msi | Modified File | Unknown |
Unknown
|
...
|
»
| Mime Type | application/x-msi |
| File Size | 1.81 MB |
| MD5 |
1c91963fb26a275c5a2106137c66fc4a
|
| SHA1 |
a4278a6d34a6b98d0ad12d4cfd0dc59e2632a20c
|
| SHA256 |
4b813742a18d641eef064ed4e2cc7bed1f6043fa16555be4fbfa18b349fba664
|
| SSDeep |
24576:f/zZ6tsNrQpc+BQbPyxbs4rONSnfiPBC6xahsovoMfjhOGxZWxw0H:V6tuQpcxisfQf2M6FGoMLI
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 281.50 KB |
| MD5 |
6faf33feb39bb9ddda0c76d9b150e88b
|
| SHA1 |
bba153e3cd4b11af501dacdb52acd6a93a67660d
|
| SHA256 |
c4744e4d0b9352b217eee6976a38b6f2c75e4d19280003891523903bee9d3464
|
| SSDeep |
6144:eZe8PFjiY/V8rex+E9sy8nqGaoSFC20vdU:eckjiY/Gre2MoEH
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 2.12 MB |
| MD5 |
5ecaba6c6295d036e6a1bc0d4971ad9c
|
| SHA1 |
0d3e4a2c43d33becdb74bbaa872b6848da0ab38c
|
| SHA256 |
ce9ecf2d5b2e87b7cdf06859b65afc4287e16db589df9d9f5402d4ae0e074864
|
| SSDeep |
49152:7mLYIuXm8GNHxyyVn2W4z17A6wz8f4O8b8ITDnlVP80iiN:7PwPHF2Wy17GPF
|
| ImpHash |
1439821f22f484cb770eecf65574ff20
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x4012c7 |
| Size Of Code | 0x123600 |
| Size Of Initialized Data | 0xfee00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2017-11-27 20:21:25+00:00 |
Version Information (7)
»
| CompanyName | Adobe Systems Incorporated |
| FileDescription | Adobe Acrobat Reader DC |
| FileVersion | 18.9.20050.254034 |
| LegalCopyright | Copyright 1984-2017 Adobe Systems Incorporated and its licensors. All rights reserved. |
| OriginalFilename | AcroRd32.exe |
| ProductName | Adobe Acrobat Reader DC |
| ProductVersion | 18.9.20050.254034 |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x123522 | 0x123600 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.47 |
| .rdata | 0x525000 | 0x49e60 | 0x4a000 | 0x123a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.58 |
| .data | 0x56f000 | 0x918c | 0x4a00 | 0x16da00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.99 |
| .rsrc | 0x579000 | 0x9ce70 | 0x9d000 | 0x172400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.99 |
| .reloc | 0x616000 | 0xeb5c | 0xec00 | 0x20f400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.68 |
Imports (4)
»
KERNEL32.dll (204)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| LockResource | 0x0 | 0x525138 | 0x16c6cc | 0x16b0cc | 0x3bd |
| SetErrorMode | 0x0 | 0x52513c | 0x16c6d0 | 0x16b0d0 | 0x4ef |
| QueryPerformanceCounter | 0x0 | 0x525140 | 0x16c6d4 | 0x16b0d4 | 0x42d |
| HeapSetInformation | 0x0 | 0x525144 | 0x16c6d8 | 0x16b0d8 | 0x337 |
| ReleaseSemaphore | 0x0 | 0x525148 | 0x16c6dc | 0x16b0dc | 0x490 |
| GetSystemTimeAsFileTime | 0x0 | 0x52514c | 0x16c6e0 | 0x16b0e0 | 0x2d6 |
| CreateSemaphoreW | 0x0 | 0x525150 | 0x16c6e4 | 0x16b0e4 | 0xe1 |
| AddAtomW | 0x0 | 0x525154 | 0x16c6e8 | 0x16b0e8 | 0x5 |
| GlobalAlloc | 0x0 | 0x525158 | 0x16c6ec | 0x16b0ec | 0x317 |
| GlobalLock | 0x0 | 0x52515c | 0x16c6f0 | 0x16b0f0 | 0x322 |
| GlobalUnlock | 0x0 | 0x525160 | 0x16c6f4 | 0x16b0f4 | 0x329 |
| GlobalFree | 0x0 | 0x525164 | 0x16c6f8 | 0x16b0f8 | 0x31e |
| MulDiv | 0x0 | 0x525168 | 0x16c6fc | 0x16b0fc | 0x3d0 |
| OpenProcess | 0x0 | 0x52516c | 0x16c700 | 0x16b100 | 0x3ee |
| lstrcmpW | 0x0 | 0x525170 | 0x16c704 | 0x16b104 | 0x5ff |
| lstrcmpA | 0x0 | 0x525174 | 0x16c708 | 0x16b108 | 0x5fe |
| GetSystemDirectoryW | 0x0 | 0x525178 | 0x16c70c | 0x16b10c | 0x2cd |
| GetFileAttributesW | 0x0 | 0x52517c | 0x16c710 | 0x16b110 | 0x235 |
| FindFirstFileW | 0x0 | 0x525180 | 0x16c714 | 0x16b114 | 0x173 |
| FindClose | 0x0 | 0x525184 | 0x16c718 | 0x16b118 | 0x168 |
| GetCurrentDirectoryW | 0x0 | 0x525188 | 0x16c71c | 0x16b11c | 0x203 |
| MultiByteToWideChar | 0x0 | 0x52518c | 0x16c720 | 0x16b120 | 0x3d1 |
| QueryInformationJobObject | 0x0 | 0x525190 | 0x16c724 | 0x16b124 | 0x42b |
| SetDllDirectoryW | 0x0 | 0x525194 | 0x16c728 | 0x16b128 | 0x4e8 |
| FindResourceW | 0x0 | 0x525198 | 0x16c72c | 0x16b12c | 0x189 |
| LoadLibraryW | 0x0 | 0x52519c | 0x16c730 | 0x16b130 | 0x3a8 |
| LoadLibraryA | 0x0 | 0x5251a0 | 0x16c734 | 0x16b134 | 0x3a5 |
| lstrcmpiW | 0x0 | 0x5251a4 | 0x16c738 | 0x16b138 | 0x602 |
| SizeofResource | 0x0 | 0x5251a8 | 0x16c73c | 0x16b13c | 0x551 |
| LoadResource | 0x0 | 0x5251ac | 0x16c740 | 0x16b140 | 0x3ab |
| LoadLibraryExW | 0x0 | 0x5251b0 | 0x16c744 | 0x16b144 | 0x3a7 |
| GetModuleHandleA | 0x0 | 0x5251b4 | 0x16c748 | 0x16b148 | 0x264 |
| GetModuleFileNameW | 0x0 | 0x5251b8 | 0x16c74c | 0x16b14c | 0x263 |
| FreeLibrary | 0x0 | 0x5251bc | 0x16c750 | 0x16b150 | 0x19e |
| IsProcessInJob | 0x0 | 0x5251c0 | 0x16c754 | 0x16b154 | 0x36c |
| ProcessIdToSessionId | 0x0 | 0x5251c4 | 0x16c758 | 0x16b158 | 0x410 |
| GetExitCodeProcess | 0x0 | 0x5251c8 | 0x16c75c | 0x16b15c | 0x22c |
| InitializeCriticalSectionEx | 0x0 | 0x5251cc | 0x16c760 | 0x16b160 | 0x349 |
| GetProcessHeap | 0x0 | 0x5251d0 | 0x16c764 | 0x16b164 | 0x2a2 |
| HeapSize | 0x0 | 0x5251d4 | 0x16c768 | 0x16b168 | 0x338 |
| HeapFree | 0x0 | 0x5251d8 | 0x16c76c | 0x16b16c | 0x333 |
| HeapReAlloc | 0x0 | 0x5251dc | 0x16c770 | 0x16b170 | 0x336 |
| HeapAlloc | 0x0 | 0x5251e0 | 0x16c774 | 0x16b174 | 0x32f |
| HeapDestroy | 0x0 | 0x5251e4 | 0x16c778 | 0x16b178 | 0x332 |
| RaiseException | 0x0 | 0x5251e8 | 0x16c77c | 0x16b17c | 0x440 |
| DecodePointer | 0x0 | 0x5251ec | 0x16c780 | 0x16b180 | 0xfe |
| OutputDebugStringA | 0x0 | 0x5251f0 | 0x16c784 | 0x16b184 | 0x3f9 |
| GetLongPathNameW | 0x0 | 0x5251f4 | 0x16c788 | 0x16b188 | 0x25d |
| SetCurrentDirectoryW | 0x0 | 0x5251f8 | 0x16c78c | 0x16b18c | 0x4e3 |
| GetCommandLineW | 0x0 | 0x5251fc | 0x16c790 | 0x16b190 | 0x1c9 |
| GetTickCount | 0x0 | 0x525200 | 0x16c794 | 0x16b194 | 0x2f2 |
| Sleep | 0x0 | 0x525204 | 0x16c798 | 0x16b198 | 0x552 |
| OpenMutexW | 0x0 | 0x525208 | 0x16c79c | 0x16b19c | 0x3ea |
| GetVolumeInformationW | 0x0 | 0x52520c | 0x16c7a0 | 0x16b1a0 | 0x308 |
| GetModuleHandleW | 0x0 | 0x525210 | 0x16c7a4 | 0x16b1a4 | 0x267 |
| CreateThread | 0x0 | 0x525214 | 0x16c7a8 | 0x16b1a8 | 0xe8 |
| CreateEventW | 0x0 | 0x525218 | 0x16c7ac | 0x16b1ac | 0xb6 |
| InterlockedPushEntrySList | 0x0 | 0x52521c | 0x16c7b0 | 0x16b1b0 | 0x357 |
| InterlockedPopEntrySList | 0x0 | 0x525220 | 0x16c7b4 | 0x16b1b4 | 0x356 |
| InitializeSListHead | 0x0 | 0x525224 | 0x16c7b8 | 0x16b1b8 | 0x34b |
| SetEnvironmentVariableA | 0x0 | 0x525228 | 0x16c7bc | 0x16b1bc | 0x4ed |
| SetEndOfFile | 0x0 | 0x52522c | 0x16c7c0 | 0x16b1c0 | 0x4ea |
| ReadConsoleW | 0x0 | 0x525230 | 0x16c7c4 | 0x16b1c4 | 0x44e |
| OutputDebugStringW | 0x0 | 0x525234 | 0x16c7c8 | 0x16b1c8 | 0x3fa |
| GetTimeZoneInformation | 0x0 | 0x525238 | 0x16c7cc | 0x16b1cc | 0x2f9 |
| WriteConsoleW | 0x0 | 0x52523c | 0x16c7d0 | 0x16b1d0 | 0x5e0 |
| SetFilePointerEx | 0x0 | 0x525240 | 0x16c7d4 | 0x16b1d4 | 0x4fd |
| SetStdHandle | 0x0 | 0x525244 | 0x16c7d8 | 0x16b1d8 | 0x522 |
| GetStdHandle | 0x0 | 0x525248 | 0x16c7dc | 0x16b1dc | 0x2c0 |
| GetOEMCP | 0x0 | 0x52524c | 0x16c7e0 | 0x16b1e0 | 0x286 |
| GetACP | 0x0 | 0x525250 | 0x16c7e4 | 0x16b1e4 | 0x1a4 |
| IsValidCodePage | 0x0 | 0x525254 | 0x16c7e8 | 0x16b1e8 | 0x372 |
| ExitProcess | 0x0 | 0x525258 | 0x16c7ec | 0x16b1ec | 0x151 |
| EnumSystemLocalesW | 0x0 | 0x52525c | 0x16c7f0 | 0x16b1f0 | 0x147 |
| GetUserDefaultLCID | 0x0 | 0x525260 | 0x16c7f4 | 0x16b1f4 | 0x2fc |
| IsValidLocale | 0x0 | 0x525264 | 0x16c7f8 | 0x16b1f8 | 0x374 |
| LCMapStringW | 0x0 | 0x525268 | 0x16c7fc | 0x16b1fc | 0x396 |
| CompareStringW | 0x0 | 0x52526c | 0x16c800 | 0x16b200 | 0x93 |
| CreateMutexW | 0x0 | 0x525270 | 0x16c804 | 0x16b204 | 0xd1 |
| WaitForSingleObject | 0x0 | 0x525274 | 0x16c808 | 0x16b208 | 0x5ab |
| ResetEvent | 0x0 | 0x525278 | 0x16c80c | 0x16b20c | 0x4a2 |
| SetEvent | 0x0 | 0x52527c | 0x16c810 | 0x16b210 | 0x4f0 |
| DeleteCriticalSection | 0x0 | 0x525280 | 0x16c814 | 0x16b214 | 0x105 |
| LeaveCriticalSection | 0x0 | 0x525284 | 0x16c818 | 0x16b218 | 0x3a2 |
| EnterCriticalSection | 0x0 | 0x525288 | 0x16c81c | 0x16b21c | 0x125 |
| InitializeCriticalSection | 0x0 | 0x52528c | 0x16c820 | 0x16b220 | 0x347 |
| WaitNamedPipeW | 0x0 | 0x525290 | 0x16c824 | 0x16b224 | 0x5b2 |
| CreateNamedPipeW | 0x0 | 0x525294 | 0x16c828 | 0x16b228 | 0xd3 |
| TransactNamedPipe | 0x0 | 0x525298 | 0x16c82c | 0x16b22c | 0x578 |
| SetNamedPipeHandleState | 0x0 | 0x52529c | 0x16c830 | 0x16b230 | 0x514 |
| DisconnectNamedPipe | 0x0 | 0x5252a0 | 0x16c834 | 0x16b234 | 0x116 |
| ConnectNamedPipe | 0x0 | 0x5252a4 | 0x16c838 | 0x16b238 | 0x94 |
| SetLastError | 0x0 | 0x5252a8 | 0x16c83c | 0x16b23c | 0x50b |
| WriteFile | 0x0 | 0x5252ac | 0x16c840 | 0x16b240 | 0x5e1 |
| ReadFile | 0x0 | 0x5252b0 | 0x16c844 | 0x16b244 | 0x450 |
| GetFileType | 0x0 | 0x5252b4 | 0x16c848 | 0x16b248 | 0x23e |
| CreateFileW | 0x0 | 0x5252b8 | 0x16c84c | 0x16b24c | 0xc2 |
| GetStartupInfoW | 0x0 | 0x5252bc | 0x16c850 | 0x16b250 | 0x2be |
| lstrlenW | 0x0 | 0x5252c0 | 0x16c854 | 0x16b254 | 0x60b |
| GetCurrentProcessId | 0x0 | 0x5252c4 | 0x16c858 | 0x16b258 | 0x20a |
| GetCurrentProcess | 0x0 | 0x5252c8 | 0x16c85c | 0x16b25c | 0x209 |
| GetTempPathW | 0x0 | 0x5252cc | 0x16c860 | 0x16b260 | 0x2e3 |
| CreateDirectoryW | 0x0 | 0x5252d0 | 0x16c864 | 0x16b264 | 0xb2 |
| FreeEnvironmentStringsW | 0x0 | 0x5252d4 | 0x16c868 | 0x16b268 | 0x19d |
| GetEnvironmentStringsW | 0x0 | 0x5252d8 | 0x16c86c | 0x16b26c | 0x227 |
| VerifyVersionInfoW | 0x0 | 0x5252dc | 0x16c870 | 0x16b270 | 0x59a |
| LocalFree | 0x0 | 0x5252e0 | 0x16c874 | 0x16b274 | 0x3b2 |
| LocalAlloc | 0x0 | 0x5252e4 | 0x16c878 | 0x16b278 | 0x3ae |
| GetLastError | 0x0 | 0x5252e8 | 0x16c87c | 0x16b27c | 0x250 |
| CloseHandle | 0x0 | 0x5252ec | 0x16c880 | 0x16b280 | 0x7f |
| VerSetConditionMask | 0x0 | 0x5252f0 | 0x16c884 | 0x16b284 | 0x596 |
| GetProcAddress | 0x0 | 0x5252f4 | 0x16c888 | 0x16b288 | 0x29d |
| FindResourceExW | 0x0 | 0x5252f8 | 0x16c88c | 0x16b28c | 0x188 |
| TlsFree | 0x0 | 0x5252fc | 0x16c890 | 0x16b290 | 0x574 |
| TlsSetValue | 0x0 | 0x525300 | 0x16c894 | 0x16b294 | 0x576 |
| TlsGetValue | 0x0 | 0x525304 | 0x16c898 | 0x16b298 | 0x575 |
| TlsAlloc | 0x0 | 0x525308 | 0x16c89c | 0x16b29c | 0x573 |
| SetUnhandledExceptionFilter | 0x0 | 0x52530c | 0x16c8a0 | 0x16b2a0 | 0x543 |
| UnhandledExceptionFilter | 0x0 | 0x525310 | 0x16c8a4 | 0x16b2a4 | 0x582 |
| GetCPInfo | 0x0 | 0x525314 | 0x16c8a8 | 0x16b2a8 | 0x1b3 |
| VirtualAlloc | 0x0 | 0x525318 | 0x16c8ac | 0x16b2ac | 0x59b |
| GetSystemInfo | 0x0 | 0x52531c | 0x16c8b0 | 0x16b2b0 | 0x2d0 |
| GetFileAttributesExW | 0x0 | 0x525320 | 0x16c8b4 | 0x16b2b4 | 0x232 |
| GetFullPathNameW | 0x0 | 0x525324 | 0x16c8b8 | 0x16b2b8 | 0x249 |
| GetConsoleMode | 0x0 | 0x525328 | 0x16c8bc | 0x16b2bc | 0x1ee |
| GetConsoleCP | 0x0 | 0x52532c | 0x16c8c0 | 0x16b2c0 | 0x1dc |
| IsProcessorFeaturePresent | 0x0 | 0x525330 | 0x16c8c4 | 0x16b2c4 | 0x36d |
| IsDebuggerPresent | 0x0 | 0x525334 | 0x16c8c8 | 0x16b2c8 | 0x367 |
| RtlUnwind | 0x0 | 0x525338 | 0x16c8cc | 0x16b2cc | 0x4ad |
| EncodePointer | 0x0 | 0x52533c | 0x16c8d0 | 0x16b2d0 | 0x121 |
| GetStringTypeW | 0x0 | 0x525340 | 0x16c8d4 | 0x16b2d4 | 0x2c5 |
| QueryFullProcessImageNameW | 0x0 | 0x525344 | 0x16c8d8 | 0x16b2d8 | 0x428 |
| GlobalHandle | 0x0 | 0x525348 | 0x16c8dc | 0x16b2dc | 0x321 |
| FlushInstructionCache | 0x0 | 0x52534c | 0x16c8e0 | 0x16b2e0 | 0x193 |
| FindNextFileW | 0x0 | 0x525350 | 0x16c8e4 | 0x16b2e4 | 0x17f |
| LoadLibraryExA | 0x0 | 0x525354 | 0x16c8e8 | 0x16b2e8 | 0x3a6 |
| DeleteFileW | 0x0 | 0x525358 | 0x16c8ec | 0x16b2ec | 0x10a |
| SetFilePointer | 0x0 | 0x52535c | 0x16c8f0 | 0x16b2f0 | 0x4fc |
| ReleaseMutex | 0x0 | 0x525360 | 0x16c8f4 | 0x16b2f4 | 0x48c |
| DuplicateHandle | 0x0 | 0x525364 | 0x16c8f8 | 0x16b2f8 | 0x11f |
| TerminateProcess | 0x0 | 0x525368 | 0x16c8fc | 0x16b2fc | 0x561 |
| ResumeThread | 0x0 | 0x52536c | 0x16c900 | 0x16b300 | 0x4a8 |
| CreateProcessW | 0x0 | 0x525370 | 0x16c904 | 0x16b304 | 0xdb |
| GetProcessId | 0x0 | 0x525374 | 0x16c908 | 0x16b308 | 0x2a4 |
| AssignProcessToJobObject | 0x0 | 0x525378 | 0x16c90c | 0x16b30c | 0x1c |
| SetInformationJobObject | 0x0 | 0x52537c | 0x16c910 | 0x16b310 | 0x509 |
| ExpandEnvironmentStringsW | 0x0 | 0x525380 | 0x16c914 | 0x16b314 | 0x155 |
| GetVersionExW | 0x0 | 0x525384 | 0x16c918 | 0x16b318 | 0x305 |
| GetNativeSystemInfo | 0x0 | 0x525388 | 0x16c91c | 0x16b31c | 0x274 |
| WideCharToMultiByte | 0x0 | 0x52538c | 0x16c920 | 0x16b320 | 0x5cd |
| GetCPInfoExW | 0x0 | 0x525390 | 0x16c924 | 0x16b324 | 0x1b5 |
| InitializeCriticalSectionAndSpinCount | 0x0 | 0x525394 | 0x16c928 | 0x16b328 | 0x348 |
| GetCurrentThreadId | 0x0 | 0x525398 | 0x16c92c | 0x16b32c | 0x20e |
| GetLocaleInfoW | 0x0 | 0x52539c | 0x16c930 | 0x16b330 | 0x254 |
| GetEnvironmentVariableW | 0x0 | 0x5253a0 | 0x16c934 | 0x16b334 | 0x229 |
| FlushFileBuffers | 0x0 | 0x5253a4 | 0x16c938 | 0x16b338 | 0x192 |
| GetDriveTypeW | 0x0 | 0x5253a8 | 0x16c93c | 0x16b33c | 0x21f |
| GetFileInformationByHandle | 0x0 | 0x5253ac | 0x16c940 | 0x16b340 | 0x237 |
| GetFileSize | 0x0 | 0x5253b0 | 0x16c944 | 0x16b344 | 0x23b |
| GetVolumeInformationByHandleW | 0x0 | 0x5253b4 | 0x16c948 | 0x16b348 | 0x307 |
| QueryDosDeviceW | 0x0 | 0x5253b8 | 0x16c94c | 0x16b34c | 0x426 |
| GetVolumeNameForVolumeMountPointW | 0x0 | 0x5253bc | 0x16c950 | 0x16b350 | 0x30a |
| GetVolumePathNamesForVolumeNameW | 0x0 | 0x5253c0 | 0x16c954 | 0x16b354 | 0x30e |
| DeviceIoControl | 0x0 | 0x5253c4 | 0x16c958 | 0x16b358 | 0x112 |
| GetCurrentThread | 0x0 | 0x5253c8 | 0x16c95c | 0x16b35c | 0x20d |
| TerminateThread | 0x0 | 0x5253cc | 0x16c960 | 0x16b360 | 0x562 |
| VirtualProtect | 0x0 | 0x5253d0 | 0x16c964 | 0x16b364 | 0x5a1 |
| VirtualProtectEx | 0x0 | 0x5253d4 | 0x16c968 | 0x16b368 | 0x5a2 |
| WriteProcessMemory | 0x0 | 0x5253d8 | 0x16c96c | 0x16b36c | 0x5ea |
| CreateFileMappingW | 0x0 | 0x5253dc | 0x16c970 | 0x16b370 | 0xbf |
| MapViewOfFile | 0x0 | 0x5253e0 | 0x16c974 | 0x16b374 | 0x3c0 |
| UnmapViewOfFile | 0x0 | 0x5253e4 | 0x16c978 | 0x16b378 | 0x585 |
| GetProfileStringW | 0x0 | 0x5253e8 | 0x16c97c | 0x16b37c | 0x2b7 |
| CreateToolhelp32Snapshot | 0x0 | 0x5253ec | 0x16c980 | 0x16b380 | 0xf1 |
| Process32FirstW | 0x0 | 0x5253f0 | 0x16c984 | 0x16b384 | 0x40d |
| Process32NextW | 0x0 | 0x5253f4 | 0x16c988 | 0x16b388 | 0x40f |
| CreateIoCompletionPort | 0x0 | 0x5253f8 | 0x16c98c | 0x16b38c | 0xc7 |
| GetQueuedCompletionStatus | 0x0 | 0x5253fc | 0x16c990 | 0x16b390 | 0x2b8 |
| PostQueuedCompletionStatus | 0x0 | 0x525400 | 0x16c994 | 0x16b394 | 0x404 |
| TerminateJobObject | 0x0 | 0x525404 | 0x16c998 | 0x16b398 | 0x560 |
| VirtualAllocEx | 0x0 | 0x525408 | 0x16c99c | 0x16b39c | 0x59c |
| VirtualQueryEx | 0x0 | 0x52540c | 0x16c9a0 | 0x16b3a0 | 0x5a4 |
| VirtualQuery | 0x0 | 0x525410 | 0x16c9a4 | 0x16b3a4 | 0x5a3 |
| DebugBreak | 0x0 | 0x525414 | 0x16c9a8 | 0x16b3a8 | 0xfb |
| CreateJobObjectW | 0x0 | 0x525418 | 0x16c9ac | 0x16b3ac | 0xc9 |
| UnregisterWaitEx | 0x0 | 0x52541c | 0x16c9b0 | 0x16b3b0 | 0x58c |
| RegisterWaitForSingleObject | 0x0 | 0x525420 | 0x16c9b4 | 0x16b3b4 | 0x485 |
| GetThreadContext | 0x0 | 0x525424 | 0x16c9b8 | 0x16b3b8 | 0x2e4 |
| VirtualFree | 0x0 | 0x525428 | 0x16c9bc | 0x16b3bc | 0x59e |
| SignalObjectAndWait | 0x0 | 0x52542c | 0x16c9c0 | 0x16b3c0 | 0x550 |
| VirtualFreeEx | 0x0 | 0x525430 | 0x16c9c4 | 0x16b3c4 | 0x59f |
| SearchPathW | 0x0 | 0x525434 | 0x16c9c8 | 0x16b3c8 | 0x4b2 |
| ReadProcessMemory | 0x0 | 0x525438 | 0x16c9cc | 0x16b3cc | 0x453 |
| SuspendThread | 0x0 | 0x52543c | 0x16c9d0 | 0x16b3d0 | 0x55a |
| WaitForMultipleObjects | 0x0 | 0x525440 | 0x16c9d4 | 0x16b3d4 | 0x5a9 |
| ExitThread | 0x0 | 0x525444 | 0x16c9d8 | 0x16b3d8 | 0x152 |
| GetTempFileNameW | 0x0 | 0x525448 | 0x16c9dc | 0x16b3dc | 0x2e1 |
| GetProcessTimes | 0x0 | 0x52544c | 0x16c9e0 | 0x16b3e0 | 0x2ac |
| GetExitCodeThread | 0x0 | 0x525450 | 0x16c9e4 | 0x16b3e4 | 0x22d |
| MoveFileExW | 0x0 | 0x525454 | 0x16c9e8 | 0x16b3e8 | 0x3ca |
| SetEnvironmentVariableW | 0x0 | 0x525458 | 0x16c9ec | 0x16b3ec | 0x4ee |
| CreateDirectoryExW | 0x0 | 0x52545c | 0x16c9f0 | 0x16b3f0 | 0xaf |
| GlobalSize | 0x0 | 0x525460 | 0x16c9f4 | 0x16b3f4 | 0x326 |
| GetModuleHandleExW | 0x0 | 0x525464 | 0x16c9f8 | 0x16b3f8 | 0x266 |
USER32.dll (146)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ReleaseDC | 0x0 | 0x5254c8 | 0x16ca5c | 0x16b45c | 0x2a5 |
| GetDC | 0x0 | 0x5254cc | 0x16ca60 | 0x16b460 | 0x134 |
| MsgWaitForMultipleObjects | 0x0 | 0x5254d0 | 0x16ca64 | 0x16b464 | 0x254 |
| RegisterClipboardFormatW | 0x0 | 0x5254d4 | 0x16ca68 | 0x16b468 | 0x28c |
| PeekMessageW | 0x0 | 0x5254d8 | 0x16ca6c | 0x16b46c | 0x26c |
| DispatchMessageW | 0x0 | 0x5254dc | 0x16ca70 | 0x16b470 | 0xb5 |
| TranslateMessage | 0x0 | 0x5254e0 | 0x16ca74 | 0x16b474 | 0x33f |
| DdeDisconnect | 0x0 | 0x5254e4 | 0x16ca78 | 0x16b478 | 0x82 |
| DdeConnect | 0x0 | 0x5254e8 | 0x16ca7c | 0x16b47c | 0x7d |
| DdeAddData | 0x0 | 0x5254ec | 0x16ca80 | 0x16b480 | 0x7a |
| DdeCreateDataHandle | 0x0 | 0x5254f0 | 0x16ca84 | 0x16b484 | 0x7f |
| DdeGetData | 0x0 | 0x5254f4 | 0x16ca88 | 0x16b488 | 0x87 |
| EnumThreadWindows | 0x0 | 0x5254f8 | 0x16ca8c | 0x16b48c | 0xfc |
| IsWindowVisible | 0x0 | 0x5254fc | 0x16ca90 | 0x16b490 | 0x216 |
| DdeFreeStringHandle | 0x0 | 0x525500 | 0x16ca94 | 0x16b494 | 0x86 |
| DdeCreateStringHandleW | 0x0 | 0x525504 | 0x16ca98 | 0x16b498 | 0x81 |
| DdeNameService | 0x0 | 0x525508 | 0x16ca9c | 0x16b49c | 0x8e |
| DdeUninitialize | 0x0 | 0x52550c | 0x16caa0 | 0x16b4a0 | 0x98 |
| DdeInitializeW | 0x0 | 0x525510 | 0x16caa4 | 0x16b4a4 | 0x8c |
| FindWindowA | 0x0 | 0x525514 | 0x16caa8 | 0x16b4a8 | 0x106 |
| SetWindowLongW | 0x0 | 0x525518 | 0x16caac | 0x16b4ac | 0x30d |
| ShowWindow | 0x0 | 0x52551c | 0x16cab0 | 0x16b4b0 | 0x320 |
| SystemParametersInfoW | 0x0 | 0x525520 | 0x16cab4 | 0x16b4b4 | 0x32f |
| AllowSetForegroundWindow | 0x0 | 0x525524 | 0x16cab8 | 0x16b4b8 | 0x6 |
| PostThreadMessageW | 0x0 | 0x525528 | 0x16cabc | 0x16b4bc | 0x273 |
| IsWindowEnabled | 0x0 | 0x52552c | 0x16cac0 | 0x16b4c0 | 0x212 |
| GetThreadDesktop | 0x0 | 0x525530 | 0x16cac4 | 0x16b4c4 | 0x1ae |
| CloseWindowStation | 0x0 | 0x525534 | 0x16cac8 | 0x16b4c8 | 0x50 |
| GetActiveWindow | 0x0 | 0x525538 | 0x16cacc | 0x16b4cc | 0x10f |
| SetTimer | 0x0 | 0x52553c | 0x16cad0 | 0x16b4d0 | 0x301 |
| GetFocus | 0x0 | 0x525540 | 0x16cad4 | 0x16b4d4 | 0x142 |
| RegisterClassW | 0x0 | 0x525544 | 0x16cad8 | 0x16b4d8 | 0x28a |
| SetDlgItemTextW | 0x0 | 0x525548 | 0x16cadc | 0x16b4dc | 0x2d2 |
| GetAsyncKeyState | 0x0 | 0x52554c | 0x16cae0 | 0x16b4e0 | 0x116 |
| EnableWindow | 0x0 | 0x525550 | 0x16cae4 | 0x16b4e4 | 0xe4 |
| SetActiveWindow | 0x0 | 0x525554 | 0x16cae8 | 0x16b4e8 | 0x2bf |
| SetWindowTextW | 0x0 | 0x525558 | 0x16caec | 0x16b4ec | 0x314 |
| GetWindowTextLengthW | 0x0 | 0x52555c | 0x16caf0 | 0x16b4f0 | 0x1d1 |
| GetParent | 0x0 | 0x525560 | 0x16caf4 | 0x16b4f4 | 0x17a |
| EnumChildWindows | 0x0 | 0x525564 | 0x16caf8 | 0x16b4f8 | 0xec |
| FindWindowExW | 0x0 | 0x525568 | 0x16cafc | 0x16b4fc | 0x108 |
| SetWindowsHookExW | 0x0 | 0x52556c | 0x16cb00 | 0x16b500 | 0x318 |
| UnhookWindowsHookEx | 0x0 | 0x525570 | 0x16cb04 | 0x16b504 | 0x343 |
| CreateIconFromResourceEx | 0x0 | 0x525574 | 0x16cb08 | 0x16b508 | 0x69 |
| MonitorFromWindow | 0x0 | 0x525578 | 0x16cb0c | 0x16b50c | 0x252 |
| GetMonitorInfoW | 0x0 | 0x52557c | 0x16cb10 | 0x16b510 | 0x175 |
| GetWindowInfo | 0x0 | 0x525580 | 0x16cb14 | 0x16b514 | 0x1c3 |
| GetAncestor | 0x0 | 0x525584 | 0x16cb18 | 0x16b518 | 0x113 |
| GetRawInputDeviceInfoW | 0x0 | 0x525588 | 0x16cb1c | 0x16b51c | 0x19b |
| GetRawInputDeviceList | 0x0 | 0x52558c | 0x16cb20 | 0x16b520 | 0x19c |
| SendDlgItemMessageW | 0x0 | 0x525590 | 0x16cb24 | 0x16b524 | 0x2b3 |
| LoadIconW | 0x0 | 0x525594 | 0x16cb28 | 0x16b528 | 0x223 |
| LoadCursorW | 0x0 | 0x525598 | 0x16cb2c | 0x16b52c | 0x221 |
| OpenClipboard | 0x0 | 0x52559c | 0x16cb30 | 0x16b530 | 0x25e |
| CloseClipboard | 0x0 | 0x5255a0 | 0x16cb34 | 0x16b534 | 0x4b |
| GetClipboardSequenceNumber | 0x0 | 0x5255a4 | 0x16cb38 | 0x16b538 | 0x12c |
| GetClipboardOwner | 0x0 | 0x5255a8 | 0x16cb3c | 0x16b53c | 0x12b |
| GetClipboardViewer | 0x0 | 0x5255ac | 0x16cb40 | 0x16b540 | 0x12d |
| SetClipboardData | 0x0 | 0x5255b0 | 0x16cb44 | 0x16b544 | 0x2c6 |
| CountClipboardFormats | 0x0 | 0x5255b4 | 0x16cb48 | 0x16b548 | 0x58 |
| EnumClipboardFormats | 0x0 | 0x5255b8 | 0x16cb4c | 0x16b54c | 0xed |
| GetClipboardFormatNameA | 0x0 | 0x5255bc | 0x16cb50 | 0x16b550 | 0x129 |
| GetClipboardFormatNameW | 0x0 | 0x5255c0 | 0x16cb54 | 0x16b554 | 0x12a |
| EmptyClipboard | 0x0 | 0x5255c4 | 0x16cb58 | 0x16b558 | 0xdf |
| IsClipboardFormatAvailable | 0x0 | 0x5255c8 | 0x16cb5c | 0x16b55c | 0x1fb |
| GetPriorityClipboardFormat | 0x0 | 0x5255cc | 0x16cb60 | 0x16b560 | 0x190 |
| GetOpenClipboardWindow | 0x0 | 0x5255d0 | 0x16cb64 | 0x16b564 | 0x179 |
| CloseWindow | 0x0 | 0x5255d4 | 0x16cb68 | 0x16b568 | 0x4f |
| DdeClientTransaction | 0x0 | 0x5255d8 | 0x16cb6c | 0x16b56c | 0x7b |
| GetMessageW | 0x0 | 0x5255dc | 0x16cb70 | 0x16b570 | 0x173 |
| PostQuitMessage | 0x0 | 0x5255e0 | 0x16cb74 | 0x16b574 | 0x271 |
| GetWindowDC | 0x0 | 0x5255e4 | 0x16cb78 | 0x16b578 | 0x1c0 |
| BeginPaint | 0x0 | 0x5255e8 | 0x16cb7c | 0x16b57c | 0xe |
| EndPaint | 0x0 | 0x5255ec | 0x16cb80 | 0x16b580 | 0xe9 |
| SetFocus | 0x0 | 0x5255f0 | 0x16cb84 | 0x16b584 | 0x2d4 |
| CallWindowProcW | 0x0 | 0x5255f4 | 0x16cb88 | 0x16b588 | 0x1e |
| GetClassInfoExW | 0x0 | 0x5255f8 | 0x16cb8c | 0x16b58c | 0x11e |
| IsChild | 0x0 | 0x5255fc | 0x16cb90 | 0x16b590 | 0x1fa |
| MoveWindow | 0x0 | 0x525600 | 0x16cb94 | 0x16b594 | 0x253 |
| CreateDialogIndirectParamW | 0x0 | 0x525604 | 0x16cb98 | 0x16b598 | 0x64 |
| SetCapture | 0x0 | 0x525608 | 0x16cb9c | 0x16b59c | 0x2c0 |
| ReleaseCapture | 0x0 | 0x52560c | 0x16cba0 | 0x16b5a0 | 0x2a4 |
| CreateAcceleratorTableW | 0x0 | 0x525610 | 0x16cba4 | 0x16b5a4 | 0x5a |
| DestroyAcceleratorTable | 0x0 | 0x525614 | 0x16cba8 | 0x16b5a8 | 0xa6 |
| InvalidateRect | 0x0 | 0x525618 | 0x16cbac | 0x16b5ac | 0x1ef |
| InvalidateRgn | 0x0 | 0x52561c | 0x16cbb0 | 0x16b5b0 | 0x1f0 |
| RedrawWindow | 0x0 | 0x525620 | 0x16cbb4 | 0x16b5b4 | 0x285 |
| GetClientRect | 0x0 | 0x525624 | 0x16cbb8 | 0x16b5b8 | 0x125 |
| SetWindowContextHelpId | 0x0 | 0x525628 | 0x16cbbc | 0x16b5bc | 0x309 |
| SetCursor | 0x0 | 0x52562c | 0x16cbc0 | 0x16b5c0 | 0x2c9 |
| ClientToScreen | 0x0 | 0x525630 | 0x16cbc4 | 0x16b5c4 | 0x49 |
| ScreenToClient | 0x0 | 0x525634 | 0x16cbc8 | 0x16b5c8 | 0x2ad |
| MapWindowPoints | 0x0 | 0x525638 | 0x16cbcc | 0x16b5cc | 0x241 |
| GetSysColor | 0x0 | 0x52563c | 0x16cbd0 | 0x16b5d0 | 0x1a7 |
| FillRect | 0x0 | 0x525640 | 0x16cbd4 | 0x16b5d4 | 0x105 |
| LoadBitmapW | 0x0 | 0x525644 | 0x16cbd8 | 0x16b5d8 | 0x21d |
| IsDialogMessageW | 0x0 | 0x525648 | 0x16cbdc | 0x16b5dc | 0x1fe |
| MapDialogRect | 0x0 | 0x52564c | 0x16cbe0 | 0x16b5e0 | 0x23c |
| UpdateWindow | 0x0 | 0x525650 | 0x16cbe4 | 0x16b5e4 | 0x357 |
| SetRect | 0x0 | 0x525654 | 0x16cbe8 | 0x16b5e8 | 0x2f3 |
| IsRectEmpty | 0x0 | 0x525658 | 0x16cbec | 0x16b5ec | 0x209 |
| SendNotifyMessageW | 0x0 | 0x52565c | 0x16cbf0 | 0x16b5f0 | 0x2be |
| RegisterWindowMessageA | 0x0 | 0x525660 | 0x16cbf4 | 0x16b5f4 | 0x2a2 |
| CloseDesktop | 0x0 | 0x525664 | 0x16cbf8 | 0x16b5f8 | 0x4c |
| SetThreadDesktop | 0x0 | 0x525668 | 0x16cbfc | 0x16b5fc | 0x2ff |
| OpenInputDesktop | 0x0 | 0x52566c | 0x16cc00 | 0x16b600 | 0x262 |
| MessageBoxW | 0x0 | 0x525670 | 0x16cc04 | 0x16b604 | 0x24d |
| DestroyWindow | 0x0 | 0x525674 | 0x16cc08 | 0x16b608 | 0xad |
| CreateWindowExW | 0x0 | 0x525678 | 0x16cc0c | 0x16b60c | 0x71 |
| RegisterClassExW | 0x0 | 0x52567c | 0x16cc10 | 0x16b610 | 0x289 |
| DefWindowProcW | 0x0 | 0x525680 | 0x16cc14 | 0x16b614 | 0xa1 |
| PostMessageW | 0x0 | 0x525684 | 0x16cc18 | 0x16b618 | 0x270 |
| RegisterWindowMessageW | 0x0 | 0x525688 | 0x16cc1c | 0x16b61c | 0x2a3 |
| UserHandleGrantAccess | 0x0 | 0x52568c | 0x16cc20 | 0x16b620 | 0x35c |
| GetWindow | 0x0 | 0x525690 | 0x16cc24 | 0x16b624 | 0x1bb |
| EnumWindows | 0x0 | 0x525694 | 0x16cc28 | 0x16b628 | 0xff |
| SetParent | 0x0 | 0x525698 | 0x16cc2c | 0x16b62c | 0x2e9 |
| GetWindowLongW | 0x0 | 0x52569c | 0x16cc30 | 0x16b630 | 0x1c5 |
| IsWindow | 0x0 | 0x5256a0 | 0x16cc34 | 0x16b634 | 0x211 |
| GetClassNameW | 0x0 | 0x5256a4 | 0x16cc38 | 0x16b638 | 0x123 |
| FindWindowW | 0x0 | 0x5256a8 | 0x16cc3c | 0x16b63c | 0x109 |
| GetDesktopWindow | 0x0 | 0x5256ac | 0x16cc40 | 0x16b640 | 0x137 |
| GetWindowRect | 0x0 | 0x5256b0 | 0x16cc44 | 0x16b644 | 0x1cb |
| GetWindowTextW | 0x0 | 0x5256b4 | 0x16cc48 | 0x16b648 | 0x1d2 |
| SetForegroundWindow | 0x0 | 0x5256b8 | 0x16cc4c | 0x16b64c | 0x2d5 |
| GetSystemMetrics | 0x0 | 0x5256bc | 0x16cc50 | 0x16b650 | 0x1aa |
| BringWindowToTop | 0x0 | 0x5256c0 | 0x16cc54 | 0x16b654 | 0x10 |
| SetWindowPos | 0x0 | 0x5256c4 | 0x16cc58 | 0x16b658 | 0x30f |
| EnumDesktopWindows | 0x0 | 0x5256c8 | 0x16cc5c | 0x16b65c | 0xee |
| GetGUIThreadInfo | 0x0 | 0x5256cc | 0x16cc60 | 0x16b660 | 0x144 |
| GetWindowThreadProcessId | 0x0 | 0x5256d0 | 0x16cc64 | 0x16b664 | 0x1d3 |
| GetPropW | 0x0 | 0x5256d4 | 0x16cc68 | 0x16b668 | 0x196 |
| SetPropW | 0x0 | 0x5256d8 | 0x16cc6c | 0x16b66c | 0x2f2 |
| GetForegroundWindow | 0x0 | 0x5256dc | 0x16cc70 | 0x16b670 | 0x143 |
| CharNextW | 0x0 | 0x5256e0 | 0x16cc74 | 0x16b674 | 0x31 |
| GetDlgItem | 0x0 | 0x5256e4 | 0x16cc78 | 0x16b678 | 0x13c |
| EndDialog | 0x0 | 0x5256e8 | 0x16cc7c | 0x16b67c | 0xe7 |
| DialogBoxParamW | 0x0 | 0x5256ec | 0x16cc80 | 0x16b680 | 0xb2 |
| UnregisterClassW | 0x0 | 0x5256f0 | 0x16cc84 | 0x16b684 | 0x349 |
| SendMessageW | 0x0 | 0x5256f4 | 0x16cc88 | 0x16b688 | 0x2bc |
| GetUserObjectInformationW | 0x0 | 0x5256f8 | 0x16cc8c | 0x16b68c | 0x1b8 |
| GetProcessWindowStation | 0x0 | 0x5256fc | 0x16cc90 | 0x16b690 | 0x193 |
| SetProcessWindowStation | 0x0 | 0x525700 | 0x16cc94 | 0x16b694 | 0x2ef |
| CreateWindowStationW | 0x0 | 0x525704 | 0x16cc98 | 0x16b698 | 0x75 |
| CreateDesktopW | 0x0 | 0x525708 | 0x16cc9c | 0x16b69c | 0x61 |
| GetClipboardData | 0x0 | 0x52570c | 0x16cca0 | 0x16b6a0 | 0x128 |
ADVAPI32.dll (77)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CryptGenKey | 0x0 | 0x525000 | 0x16c594 | 0x16af94 | 0xd0 |
| RegOpenKeyExA | 0x0 | 0x525004 | 0x16c598 | 0x16af98 | 0x284 |
| RegQueryValueExA | 0x0 | 0x525008 | 0x16c59c | 0x16af9c | 0x291 |
| EqualSid | 0x0 | 0x52500c | 0x16c5a0 | 0x16afa0 | 0x118 |
| AllocateAndInitializeSid | 0x0 | 0x525010 | 0x16c5a4 | 0x16afa4 | 0x20 |
| RegSetValueExW | 0x0 | 0x525014 | 0x16c5a8 | 0x16afa8 | 0x2a2 |
| RegQueryInfoKeyW | 0x0 | 0x525018 | 0x16c5ac | 0x16afac | 0x28c |
| RegEnumKeyExW | 0x0 | 0x52501c | 0x16c5b0 | 0x16afb0 | 0x273 |
| RegDeleteValueW | 0x0 | 0x525020 | 0x16c5b4 | 0x16afb4 | 0x26c |
| RegDeleteKeyW | 0x0 | 0x525024 | 0x16c5b8 | 0x16afb8 | 0x268 |
| RegCreateKeyExW | 0x0 | 0x525028 | 0x16c5bc | 0x16afbc | 0x25d |
| RegCreateKeyW | 0x0 | 0x52502c | 0x16c5c0 | 0x16afc0 | 0x260 |
| ReportEventW | 0x0 | 0x525030 | 0x16c5c4 | 0x16afc4 | 0x2b7 |
| RegisterEventSourceW | 0x0 | 0x525034 | 0x16c5c8 | 0x16afc8 | 0x2a7 |
| CloseEventLog | 0x0 | 0x525038 | 0x16c5cc | 0x16afcc | 0x64 |
| ConvertSidToStringSidW | 0x0 | 0x52503c | 0x16c5d0 | 0x16afd0 | 0x7b |
| ConvertStringSecurityDescriptorToSecurityDescriptorW | 0x0 | 0x525040 | 0x16c5d4 | 0x16afd4 | 0x81 |
| ConvertStringSidToSidW | 0x0 | 0x525044 | 0x16c5d8 | 0x16afd8 | 0x83 |
| SetSecurityInfo | 0x0 | 0x525048 | 0x16c5dc | 0x16afdc | 0x2e4 |
| GetSecurityInfo | 0x0 | 0x52504c | 0x16c5e0 | 0x16afe0 | 0x162 |
| SetEntriesInAclW | 0x0 | 0x525050 | 0x16c5e4 | 0x16afe4 | 0x2cf |
| SetTokenInformation | 0x0 | 0x525054 | 0x16c5e8 | 0x16afe8 | 0x2eb |
| GetLengthSid | 0x0 | 0x525058 | 0x16c5ec | 0x16afec | 0x14a |
| FreeSid | 0x0 | 0x52505c | 0x16c5f0 | 0x16aff0 | 0x133 |
| DuplicateTokenEx | 0x0 | 0x525060 | 0x16c5f4 | 0x16aff4 | 0xef |
| CreateWellKnownSid | 0x0 | 0x525064 | 0x16c5f8 | 0x16aff8 | 0x92 |
| CopySid | 0x0 | 0x525068 | 0x16c5fc | 0x16affc | 0x85 |
| GetTokenInformation | 0x0 | 0x52506c | 0x16c600 | 0x16b000 | 0x16f |
| GetSidSubAuthorityCount | 0x0 | 0x525070 | 0x16c604 | 0x16b004 | 0x16c |
| GetSidSubAuthority | 0x0 | 0x525074 | 0x16c608 | 0x16b008 | 0x16b |
| OpenProcessToken | 0x0 | 0x525078 | 0x16c60c | 0x16b00c | 0x212 |
| RegQueryValueExW | 0x0 | 0x52507c | 0x16c610 | 0x16b010 | 0x292 |
| RegOpenKeyExW | 0x0 | 0x525080 | 0x16c614 | 0x16b014 | 0x285 |
| RegCloseKey | 0x0 | 0x525084 | 0x16c618 | 0x16b018 | 0x254 |
| CreateProcessAsUserW | 0x0 | 0x525088 | 0x16c61c | 0x16b01c | 0x8b |
| OpenThreadToken | 0x0 | 0x52508c | 0x16c620 | 0x16b020 | 0x217 |
| AccessCheck | 0x0 | 0x525090 | 0x16c624 | 0x16b024 | 0x5 |
| InitializeAcl | 0x0 | 0x525094 | 0x16c628 | 0x16b028 | 0x18c |
| InitializeSecurityDescriptor | 0x0 | 0x525098 | 0x16c62c | 0x16b02c | 0x18d |
| MapGenericMask | 0x0 | 0x52509c | 0x16c630 | 0x16b030 | 0x1fe |
| SetSecurityDescriptorDacl | 0x0 | 0x5250a0 | 0x16c634 | 0x16b034 | 0x2df |
| GetNamedSecurityInfoW | 0x0 | 0x5250a4 | 0x16c638 | 0x16b038 | 0x156 |
| SetThreadToken | 0x0 | 0x5250a8 | 0x16c63c | 0x16b03c | 0x2ea |
| GetAce | 0x0 | 0x5250ac | 0x16c640 | 0x16b040 | 0x136 |
| GetKernelObjectSecurity | 0x0 | 0x5250b0 | 0x16c644 | 0x16b044 | 0x149 |
| GetSecurityDescriptorSacl | 0x0 | 0x5250b4 | 0x16c648 | 0x16b048 | 0x161 |
| SetKernelObjectSecurity | 0x0 | 0x5250b8 | 0x16c64c | 0x16b04c | 0x2d6 |
| AddAce | 0x0 | 0x5250bc | 0x16c650 | 0x16b050 | 0x16 |
| GetAclInformation | 0x0 | 0x5250c0 | 0x16c654 | 0x16b054 | 0x137 |
| RevertToSelf | 0x0 | 0x5250c4 | 0x16c658 | 0x16b058 | 0x2b8 |
| RegDisablePredefinedCache | 0x0 | 0x5250c8 | 0x16c65c | 0x16b05c | 0x26d |
| CreateRestrictedToken | 0x0 | 0x5250cc | 0x16c660 | 0x16b060 | 0x8e |
| DuplicateToken | 0x0 | 0x5250d0 | 0x16c664 | 0x16b064 | 0xee |
| LookupPrivilegeValueW | 0x0 | 0x5250d4 | 0x16c668 | 0x16b068 | 0x1ad |
| CheckTokenMembership | 0x0 | 0x5250d8 | 0x16c66c | 0x16b06c | 0x5f |
| SaferiIsExecutableFileType | 0x0 | 0x5250dc | 0x16c670 | 0x16b070 | 0x2c6 |
| CryptAcquireContextA | 0x0 | 0x5250e0 | 0x16c674 | 0x16b074 | 0xc0 |
| CryptAcquireContextW | 0x0 | 0x5250e4 | 0x16c678 | 0x16b078 | 0xc1 |
| CryptReleaseContext | 0x0 | 0x5250e8 | 0x16c67c | 0x16b07c | 0xdb |
| CryptDestroyKey | 0x0 | 0x5250ec | 0x16c680 | 0x16b080 | 0xc7 |
| CryptSetKeyParam | 0x0 | 0x5250f0 | 0x16c684 | 0x16b084 | 0xdd |
| CryptSetHashParam | 0x0 | 0x5250f4 | 0x16c688 | 0x16b088 | 0xdc |
| CryptGetHashParam | 0x0 | 0x5250f8 | 0x16c68c | 0x16b08c | 0xd4 |
| CryptSetProvParam | 0x0 | 0x5250fc | 0x16c690 | 0x16b090 | 0xde |
| CryptGetProvParam | 0x0 | 0x525100 | 0x16c694 | 0x16b094 | 0xd6 |
| CryptGenRandom | 0x0 | 0x525104 | 0x16c698 | 0x16b098 | 0xd1 |
| CryptGetUserKey | 0x0 | 0x525108 | 0x16c69c | 0x16b09c | 0xd7 |
| CryptImportKey | 0x0 | 0x52510c | 0x16c6a0 | 0x16b0a0 | 0xda |
| CryptDecrypt | 0x0 | 0x525110 | 0x16c6a4 | 0x16b0a4 | 0xc4 |
| CryptCreateHash | 0x0 | 0x525114 | 0x16c6a8 | 0x16b0a8 | 0xc3 |
| CryptHashData | 0x0 | 0x525118 | 0x16c6ac | 0x16b0ac | 0xd8 |
| CryptDestroyHash | 0x0 | 0x52511c | 0x16c6b0 | 0x16b0b0 | 0xc6 |
| CryptSignHashA | 0x0 | 0x525120 | 0x16c6b4 | 0x16b0b4 | 0xe3 |
| CryptSignHashW | 0x0 | 0x525124 | 0x16c6b8 | 0x16b0b8 | 0xe4 |
| CryptContextAddRef | 0x0 | 0x525128 | 0x16c6bc | 0x16b0bc | 0xc2 |
| ImpersonateAnonymousToken | 0x0 | 0x52512c | 0x16c6c0 | 0x16b0c0 | 0x188 |
| GetUserNameW | 0x0 | 0x525130 | 0x16c6c4 | 0x16b0c4 | 0x17a |
SHLWAPI.dll (22)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| UrlUnescapeW | 0x0 | 0x52546c | 0x16ca00 | 0x16b400 | 0x175 |
| (by ordinal) | 0xdb | 0x525470 | 0x16ca04 | 0x16b404 | - |
| PathIsUNCServerShareW | 0x0 | 0x525474 | 0x16ca08 | 0x16b408 | 0x73 |
| PathAddBackslashW | 0x0 | 0x525478 | 0x16ca0c | 0x16b40c | 0x33 |
| UrlCanonicalizeW | 0x0 | 0x52547c | 0x16ca10 | 0x16b410 | 0x15e |
| PathCreateFromUrlW | 0x0 | 0x525480 | 0x16ca14 | 0x16b414 | 0x46 |
| PathIsUNCW | 0x0 | 0x525484 | 0x16ca18 | 0x16b418 | 0x75 |
| PathFindFileNameW | 0x0 | 0x525488 | 0x16ca1c | 0x16b41c | 0x4d |
| PathFindExtensionW | 0x0 | 0x52548c | 0x16ca20 | 0x16b420 | 0x4b |
| AssocQueryStringW | 0x0 | 0x525490 | 0x16ca24 | 0x16b424 | 0x8 |
| UrlGetPartW | 0x0 | 0x525494 | 0x16ca28 | 0x16b428 | 0x16b |
| PathIsDirectoryW | 0x0 | 0x525498 | 0x16ca2c | 0x16b42c | 0x5f |
| PathIsRelativeW | 0x0 | 0x52549c | 0x16ca30 | 0x16b430 | 0x69 |
| PathCombineW | 0x0 | 0x5254a0 | 0x16ca34 | 0x16b434 | 0x3d |
| SHDeleteKeyW | 0x0 | 0x5254a4 | 0x16ca38 | 0x16b438 | 0xb8 |
| PathRemoveFileSpecW | 0x0 | 0x5254a8 | 0x16ca3c | 0x16b43c | 0x8f |
| PathFileExistsW | 0x0 | 0x5254ac | 0x16ca40 | 0x16b440 | 0x49 |
| PathAppendW | 0x0 | 0x5254b0 | 0x16ca44 | 0x16b444 | 0x37 |
| PathRemoveBackslashW | 0x0 | 0x5254b4 | 0x16ca48 | 0x16b448 | 0x89 |
| PathCanonicalizeW | 0x0 | 0x5254b8 | 0x16ca4c | 0x16b44c | 0x3b |
| UrlIsW | 0x0 | 0x5254bc | 0x16ca50 | 0x16b450 | 0x173 |
| PathIsURLW | 0x0 | 0x5254c0 | 0x16ca54 | 0x16b454 | 0x77 |
Exports (2)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| AcroRd32IsBrokerProcess | 0x64c80 | 0x1 |
| GetWinstaDesktopInfoForRdrCEF | 0x64c90 | 0x2 |
Icons (2)
»
Digital Signatures (2)
»
Certificate: Adobe Systems, Incorporated
»
| Issued by | Adobe Systems, Incorporated |
| Parent Certificate | DigiCert EV Code Signing CA (SHA2) |
| Country Name | US |
| Valid From | 2017-03-10 00:00:00+00:00 |
| Valid Until | 2019-03-15 12:00:00+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 06 89 83 64 2C 95 3E 46 F7 BD CE 41 43 F1 33 C1 |
| Thumbprint | EA A8 43 CA 28 33 A2 E1 EB ED EB E7 D0 4F 0C A2 B4 D9 73 44 |
Certificate: DigiCert EV Code Signing CA (SHA2)
»
| Issued by | DigiCert EV Code Signing CA (SHA2) |
| Country Name | US |
| Valid From | 2012-04-18 12:00:00+00:00 |
| Valid Until | 2027-04-18 12:00:00+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C |
| Thumbprint | 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3 |
| C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME-JAVAFX.txt.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME-JAVAFX.txt (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 62.45 KB |
| MD5 |
3e1a18b46999a7cfcc94e3aec1198a3a
|
| SHA1 |
5a11cc3f2ed4eda8129e8895eaf7aeff83b64cdc
|
| SHA256 |
09b6637980758d689faf83a640bf67b4c6728ffa6ac0155c85f117d1f2442702
|
| SSDeep |
768:ZfC1WhcH3pr7/H3HlVXrQPnWFyMtdL5s5cCvsb0q1Y7j/NulAA9BdNMbnvbOrY16:ZV+ZrxVXre2yMtzs6CSTmLNvkuiYLYKU
|
| C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME.txt | Modified File | Text |
Unknown
|
...
|
»
| Mime Type | text/plain |
| File Size | 141.79 KB |
| MD5 |
7b184514571fd977e4094cbd71c36b1c
|
| SHA1 |
83b0202d385912e16e164cfad34db7a57e87f230
|
| SHA256 |
feb85f6092b4cad4b79676946ccfd3e24dfe3c3ec5801613813f9d710504045a
|
| SSDeep |
3072:Yj33DuJYfqN7amC35q2Fr4NZ1G8OAN6Peowpecw+4oHHZZvcm9lHNhJDXG8Gn5o6:KqN2p55Oocw+4oxH7N3R+
|
| C:\588bce7c90097ed212\netfx_Core_x64.msi | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\netfx_Core_x64.msi.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 1.81 MB |
| MD5 |
50075d724a9f1bbb21aae19b279f33d5
|
| SHA1 |
b7f43f7348d13f2e2a6c577f880531bd4434a77f
|
| SHA256 |
eed8f849d4cab5594b7de70ec1e05fb3e544babfc36e09ee7b58ec1dce01a234
|
| SSDeep |
24576:w/zZ6tsNrQpc+BQbPyxbs4rONSnfiPBC6xahsovoMfjhOGxZWxw0H:k6tuQpcxisfQf2M6FGoMLI
|
| C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME.txt | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME.txt.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 141.79 KB |
| MD5 |
799bc4ecebbaefb265324886ad3fedde
|
| SHA1 |
fd3299a7903f0c2adf4df5075ad4674fe7dec343
|
| SHA256 |
6de2275e5de8582a0f745bb4e275b5feffdb27a517309fa4ee4e45c9b87df878
|
| SSDeep |
3072:2IyPebJYfqN7amC35q2Fr4NZ1G8OAN6Peowpecw+4oHHZZvcm9lHNhJDXG8Gn5o6:QPBqN2p55Oocw+4oxH7N3R+
|
| C:\588bce7c90097ed212\netfx_Core_x86.msi | Modified File | Unknown |
Unknown
|
...
|
»
| Mime Type | application/x-msi |
| File Size | 1.11 MB |
| MD5 |
acbe152c099f5e79bb76901183b02d97
|
| SHA1 |
c1daa971bc51706b9d3280b215c2e2ed0ab7b039
|
| SHA256 |
86818dbca54d4a73076975537a9690af3128cbc9ac47f491ce47054c88f8d8e9
|
| SSDeep |
24576:Df6szx1u6dsNbQXcUwabPx9bswH/fd6pxrL:DfhzxI6d+QXcWDsK1w
|
| C:\Program Files\Java\jre1.8.0_144\Welcome.html.gоod | Dropped File | Text |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\Welcome.html (Modified File) |
| Mime Type | text/html |
| File Size | 960 bytes |
| MD5 |
a383cd3c49f98f7037f3bd521e0fa8a5
|
| SHA1 |
e797f068cdd3d856c7ab126dfe7b5c67a748ab66
|
| SHA256 |
6e26b2bd189e0df1b32f0e0e761f64283be5996d78d115aa9fd95bbff9cd73d5
|
| SSDeep |
12:n7aeXA+zctLGrpEuZ32wt0qMN17u1m1TP4AU9QWUd8u1+SbAYhl7EqJa7z6IFfGz:neeXRY0EuZmwtTMNtImk9QNqfSQfFMV
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
| C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 861.96 KB |
| MD5 |
4a0938af68b72b0e6935ffdf4f849487
|
| SHA1 |
0fb9a0e9c141f2c6991f69665998c215a65673c5
|
| SHA256 |
7499387c0a28d5127aa57d79cd738f11d2cd5fc5fd11971c7b1024c997a9ed1b
|
| SSDeep |
6144:XNu/UIqVFw5as9rZoH9BrqcHGN/GrBCrbnIgM4qLJQ6L8:s/Uzgr0rAne4z
|
| C:\Program Files\Java\jre1.8.0_144\bin\jabswitch.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 33.58 KB |
| MD5 |
995422d8775d5ea4bae784aae9079a05
|
| SHA1 |
d670fe80d6609b4ec79aba2f0e31c6a3931f5610
|
| SHA256 |
0a65d226a01c0e281a86578f6136c030db53374b1118602d94ee7645ad82bf66
|
| SSDeep |
384:xpob7fpaNvVNRAZeZ4AuDiU4eGG/U0tlbEZy+AL77BvEQUKB+njVF/083yZFC+Ym:STpuvVNlD10tl1HFHUk+nZF//3k1kC75
|
| ImpHash |
6b3063c2d5563821911b5e982e8737de
|
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x140002d08 |
| Size Of Code | 0x2c00 |
| Size Of Initialized Data | 0x3e00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2017-07-22 05:07:23+00:00 |
Version Information (10)
»
| Comments | Java Access Bridge |
| CompanyName | Oracle Corporation |
| FileDescription | Java(TM) Platform SE binary |
| FileVersion | 8.0.1440.1 |
| Full Version | 1.8.0_144-b01 |
| InternalName | jabswitch |
| LegalCopyright | Copyright © 2017 |
| OriginalFilename | jabswitch.exe |
| ProductName | Java(TM) Platform SE 8 |
| ProductVersion | 8.0.1440.1 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x2b72 | 0x2c00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.82 |
| .rdata | 0x140004000 | 0x2a68 | 0x2c00 | 0x3000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.04 |
| .data | 0x140007000 | 0x668 | 0x200 | 0x5c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.79 |
| .pdata | 0x140008000 | 0x210 | 0x400 | 0x5e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 2.34 |
| .rsrc | 0x140009000 | 0x8e0 | 0xa00 | 0x6200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.32 |
| .reloc | 0x14000a000 | 0xe2 | 0x200 | 0x6c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 2.13 |
Imports (5)
»
ADVAPI32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegSetValueExW | 0x0 | 0x140004000 | 0x6240 | 0x5240 | 0x27e |
| RegQueryValueExW | 0x0 | 0x140004008 | 0x6248 | 0x5248 | 0x26e |
| RegOpenKeyExW | 0x0 | 0x140004010 | 0x6250 | 0x5250 | 0x261 |
| RegCloseKey | 0x0 | 0x140004018 | 0x6258 | 0x5258 | 0x230 |
VERSION.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetFileVersionInfoW | 0x0 | 0x1400042b0 | 0x64f0 | 0x54f0 | 0x6 |
| VerQueryValueW | 0x0 | 0x1400042b8 | 0x64f8 | 0x54f8 | 0xe |
| GetFileVersionInfoSizeW | 0x0 | 0x1400042c0 | 0x6500 | 0x5500 | 0x5 |
USER32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| wsprintfW | 0x0 | 0x1400042a0 | 0x64e0 | 0x54e0 | 0x33b |
MSVCR100.dll (48)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| exit | 0x0 | 0x140004118 | 0x6358 | 0x5358 | 0x548 |
| strcpy_s | 0x0 | 0x140004120 | 0x6360 | 0x5360 | 0x5db |
| vsprintf_s | 0x0 | 0x140004128 | 0x6368 | 0x5368 | 0x60a |
| _amsg_exit | 0x0 | 0x140004130 | 0x6370 | 0x5370 | 0x19e |
| __getmainargs | 0x0 | 0x140004138 | 0x6378 | 0x5378 | 0x152 |
| __C_specific_handler | 0x0 | 0x140004140 | 0x6380 | 0x5380 | 0x11e |
| _XcptFilter | 0x0 | 0x140004148 | 0x6388 | 0x5388 | 0x11a |
| _exit | 0x0 | 0x140004150 | 0x6390 | 0x5390 | 0x200 |
| _cexit | 0x0 | 0x140004158 | 0x6398 | 0x5398 | 0x1b5 |
| wcscpy_s | 0x0 | 0x140004160 | 0x63a0 | 0x53a0 | 0x616 |
| _initterm | 0x0 | 0x140004168 | 0x63a8 | 0x53a8 | 0x286 |
| _initterm_e | 0x0 | 0x140004170 | 0x63b0 | 0x53b0 | 0x287 |
| _configthreadlocale | 0x0 | 0x140004178 | 0x63b8 | 0x53b8 | 0x1c5 |
| __setusermatherr | 0x0 | 0x140004180 | 0x63c0 | 0x53c0 | 0x17c |
| _commode | 0x0 | 0x140004188 | 0x63c8 | 0x53c8 | 0x1c4 |
| _fmode | 0x0 | 0x140004190 | 0x63d0 | 0x53d0 | 0x21c |
| __set_app_type | 0x0 | 0x140004198 | 0x63d8 | 0x53d8 | 0x179 |
| __crt_debugger_hook | 0x0 | 0x1400041a0 | 0x63e0 | 0x53e0 | 0x146 |
| ?terminate@@YAXXZ | 0x0 | 0x1400041a8 | 0x63e8 | 0x53e8 | 0x100 |
| _unlock | 0x0 | 0x1400041b0 | 0x63f0 | 0x53f0 | 0x45b |
| __dllonexit | 0x0 | 0x1400041b8 | 0x63f8 | 0x53f8 | 0x148 |
| _lock | 0x0 | 0x1400041c0 | 0x6400 | 0x5400 | 0x2f6 |
| _onexit | 0x0 | 0x1400041c8 | 0x6408 | 0x5408 | 0x39d |
| wcstok_s | 0x0 | 0x1400041d0 | 0x6410 | 0x5410 | 0x628 |
| wcscat_s | 0x0 | 0x1400041d8 | 0x6418 | 0x5418 | 0x611 |
| wcsstr | 0x0 | 0x1400041e0 | 0x6420 | 0x5420 | 0x625 |
| _wcslwr_s | 0x0 | 0x1400041e8 | 0x6428 | 0x5428 | 0x4ac |
| wcslen | 0x0 | 0x1400041f0 | 0x6430 | 0x5430 | 0x619 |
| ??2@YAPEAX_K@Z | 0x0 | 0x1400041f8 | 0x6438 | 0x5438 | 0x63 |
| _dupenv_s | 0x0 | 0x140004200 | 0x6440 | 0x5440 | 0x1ef |
| printf | 0x0 | 0x140004208 | 0x6448 | 0x5448 | 0x5b3 |
| perror | 0x0 | 0x140004210 | 0x6450 | 0x5450 | 0x5b0 |
| strcat_s | 0x0 | 0x140004218 | 0x6458 | 0x5458 | 0x5d6 |
| free | 0x0 | 0x140004220 | 0x6460 | 0x5460 | 0x563 |
| fopen_s | 0x0 | 0x140004228 | 0x6468 | 0x5468 | 0x55a |
| fprintf | 0x0 | 0x140004230 | 0x6470 | 0x5470 | 0x55b |
| fclose | 0x0 | 0x140004238 | 0x6478 | 0x5478 | 0x54c |
| remove | 0x0 | 0x140004240 | 0x6480 | 0x5480 | 0x5c0 |
| _errno | 0x0 | 0x140004248 | 0x6488 | 0x5488 | 0x1f7 |
| rename | 0x0 | 0x140004250 | 0x6490 | 0x5490 | 0x5c1 |
| strstr | 0x0 | 0x140004258 | 0x6498 | 0x5498 | 0x5ea |
| feof | 0x0 | 0x140004260 | 0x64a0 | 0x54a0 | 0x54d |
| fgets | 0x0 | 0x140004268 | 0x64a8 | 0x54a8 | 0x552 |
| _stricmp | 0x0 | 0x140004270 | 0x64b0 | 0x54b0 | 0x40f |
| fputs | 0x0 | 0x140004278 | 0x64b8 | 0x54b8 | 0x55e |
| strtok_s | 0x0 | 0x140004280 | 0x64c0 | 0x54c0 | 0x5ed |
| memset | 0x0 | 0x140004288 | 0x64c8 | 0x54c8 | 0x5ad |
| __initenv | 0x0 | 0x140004290 | 0x64d0 | 0x54d0 | 0x153 |
KERNEL32.dll (29)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| VirtualQuery | 0x0 | 0x140004028 | 0x6268 | 0x5268 | 0x500 |
| GetProcessHeap | 0x0 | 0x140004030 | 0x6270 | 0x5270 | 0x251 |
| HeapAlloc | 0x0 | 0x140004038 | 0x6278 | 0x5278 | 0x2d3 |
| HeapFree | 0x0 | 0x140004040 | 0x6280 | 0x5280 | 0x2d7 |
| FreeLibrary | 0x0 | 0x140004048 | 0x6288 | 0x5288 | 0x168 |
| GetSystemTimeAsFileTime | 0x0 | 0x140004050 | 0x6290 | 0x5290 | 0x280 |
| GetCurrentThreadId | 0x0 | 0x140004058 | 0x6298 | 0x5298 | 0x1cb |
| GetTickCount | 0x0 | 0x140004060 | 0x62a0 | 0x52a0 | 0x29a |
| QueryPerformanceCounter | 0x0 | 0x140004068 | 0x62a8 | 0x52a8 | 0x3a9 |
| DecodePointer | 0x0 | 0x140004070 | 0x62b0 | 0x52b0 | 0xcb |
| LoadLibraryW | 0x0 | 0x140004078 | 0x62b8 | 0x52b8 | 0x341 |
| GetProcAddress | 0x0 | 0x140004080 | 0x62c0 | 0x52c0 | 0x24c |
| MultiByteToWideChar | 0x0 | 0x140004088 | 0x62c8 | 0x52c8 | 0x369 |
| WideCharToMultiByte | 0x0 | 0x140004090 | 0x62d0 | 0x52d0 | 0x520 |
| RaiseException | 0x0 | 0x140004098 | 0x62d8 | 0x52d8 | 0x3b4 |
| RtlCaptureContext | 0x0 | 0x1400040a0 | 0x62e0 | 0x52e0 | 0x418 |
| RtlLookupFunctionEntry | 0x0 | 0x1400040a8 | 0x62e8 | 0x52e8 | 0x41f |
| RtlVirtualUnwind | 0x0 | 0x1400040b0 | 0x62f0 | 0x52f0 | 0x426 |
| IsDebuggerPresent | 0x0 | 0x1400040b8 | 0x62f8 | 0x52f8 | 0x302 |
| SetUnhandledExceptionFilter | 0x0 | 0x1400040c0 | 0x6300 | 0x5300 | 0x4b3 |
| UnhandledExceptionFilter | 0x0 | 0x1400040c8 | 0x6308 | 0x5308 | 0x4e2 |
| GetCurrentProcess | 0x0 | 0x1400040d0 | 0x6310 | 0x5310 | 0x1c6 |
| TerminateProcess | 0x0 | 0x1400040d8 | 0x6318 | 0x5318 | 0x4ce |
| EncodePointer | 0x0 | 0x1400040e0 | 0x6320 | 0x5320 | 0xee |
| Sleep | 0x0 | 0x1400040e8 | 0x6328 | 0x5328 | 0x4c0 |
| GetCurrentProcessId | 0x0 | 0x1400040f0 | 0x6330 | 0x5330 | 0x1c7 |
| ProcessIdToSessionId | 0x0 | 0x1400040f8 | 0x6338 | 0x5338 | 0x39b |
| GetModuleFileNameW | 0x0 | 0x140004100 | 0x6340 | 0x5340 | 0x21a |
| GetVersionExW | 0x0 | 0x140004108 | 0x6348 | 0x5348 | 0x2ac |
Digital Signatures (2)
»
Certificate: Oracle America, Inc.
»
| Issued by | Oracle America, Inc. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2015-04-14 00:00:00+00:00 |
| Valid Until | 2018-04-13 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52 |
| Thumbprint | 3B 75 81 6D 15 A6 D8 F4 59 8E 9C F5 60 3F 18 39 EE 84 D7 3D |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00:00+00:00 |
| Valid Until | 2023-12-09 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\588bce7c90097ed212\netfx_Core_x86.msi.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\netfx_Core_x86.msi (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 1.11 MB |
| MD5 |
2dd8103072852198ef75784cb0fff09b
|
| SHA1 |
c35511d380ee102590dbdab954346eaf7f98a031
|
| SHA256 |
d6479a8cb93705b6cc3670d6e8b92f9c81abb20e04bbdb9cb4620ca413a686e2
|
| SSDeep |
24576:Gf6szx1u6dsNbQXcUwabPx9bswH/fd6pxrL:GfhzxI6d+QXcWDsK1w
|
| C:\588bce7c90097ed212\netfx_Extended_x64.msi | Modified File | Unknown |
Unknown
|
...
|
»
| Mime Type | application/x-msi |
| File Size | 852.02 KB |
| MD5 |
c4decac591c1ec2b6c1ef813998332c9
|
| SHA1 |
c62ea9096daded8e5d4ef312449929e3ef7b7063
|
| SHA256 |
fb8fbfdc183435f603304138b5f43f2997e32c06f45684baac363f62debee9ec
|
| SSDeep |
24576:E/J96doNrQlcqGRpOQSpKiPBD6txBkkkkk5SVh:W6dKQlc4Fc216XmSz
|
| C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat | Modified File | Stream |
Unknown
|
...
|
»
| Mime Type | application/octet-stream |
| File Size | 3.52 MB |
| MD5 |
d4af9d8fae8b3e6a44f380770a7f4e8c
|
| SHA1 |
1c3451a3e1500ebe3672f4852ca29abf53141d91
|
| SHA256 |
4e69d8840afdf9ddf2bcead8bfbb89010198bbf259f8124b3b4c9184c406c119
|
| SSDeep |
24576:9v+UphLeZvKErxJP6gPAqHoENusUsWwxF7BJTQlDufC5WnoP/EG+X6w5AYawdGPV:9ShJPjZAA16DF40d
|
| C:\Program Files\Java\jre1.8.0_144\bin\jabswitch.exe | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\jabswitch.exe.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 33.58 KB |
| MD5 |
72db9fc4e14ee5bd2d231f25826ce643
|
| SHA1 |
cf1a03f5e997eb0e0e83f1d5a4c154dabbf06a9e
|
| SHA256 |
62ce8ea3a968e540497eb198038c3fec7234132eddb1b25118670b9ca5d2caf5
|
| SSDeep |
384:RSv0lFCgXp2oeZ4AuDiU4eGG/U0tlbEZy+AL77BvEQUKB+njVF/083yZFC+Y1nYl:gvrg52vD10tl1HFHUk+nZF//3k1kC75
|
| C:\Program Files\Java\jre1.8.0_144\bin\java-rmi.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 15.58 KB |
| MD5 |
c20957d0712c6582c95a3617f4eb6e83
|
| SHA1 |
cdc5d85b230da33ab303ead485206c81d640884b
|
| SHA256 |
09f849469d92075c6614302558ba536a4a9c93ef317e739ffa5a70fa72b9224f
|
| SSDeep |
192:22NKL2cwsTYidIKEfoJcYzee5SUHnYe+PjPriT0fwYUr:5ue5iaKNJ1zeeEenYPLr7wr
|
| ImpHash |
2c43cda2243b5af72e180e8d1f09446d
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x140001424 |
| Size Of Code | 0x800 |
| Size Of Initialized Data | 0x1a00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2017-07-22 05:07:23+00:00 |
Version Information (9)
»
| CompanyName | Oracle Corporation |
| FileDescription | Java(TM) Platform SE binary |
| FileVersion | 8.0.1440.1 |
| Full Version | 1.8.0_144-b01 |
| InternalName | java-rmi |
| LegalCopyright | Copyright © 2017 |
| OriginalFilename | java-rmi.exe |
| ProductName | Java(TM) Platform SE 8 |
| ProductVersion | 8.0.1440.1 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x7e2 | 0x800 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.86 |
| .rdata | 0x140002000 | 0x7ca | 0x800 | 0xc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.38 |
| .data | 0x140003000 | 0xb8 | 0x200 | 0x1400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.78 |
| .pdata | 0x140004000 | 0xc0 | 0x200 | 0x1600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.56 |
| .rsrc | 0x140005000 | 0xa5c | 0xc00 | 0x1800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.25 |
| .reloc | 0x140006000 | 0x42 | 0x200 | 0x2400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.35 |
Imports (3)
»
jli.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| JLI_CmdToArgs | 0x0 | 0x140002120 | 0x2520 | 0x1120 | 0x0 |
| JLI_GetStdArgc | 0x0 | 0x140002128 | 0x2528 | 0x1128 | 0x1 |
| JLI_MemAlloc | 0x0 | 0x140002130 | 0x2530 | 0x1130 | 0x5 |
| JLI_GetStdArgs | 0x0 | 0x140002138 | 0x2538 | 0x1138 | 0x2 |
| JLI_Launch | 0x0 | 0x140002140 | 0x2540 | 0x1140 | 0x3 |
MSVCR100.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __getmainargs | 0x0 | 0x140002058 | 0x2458 | 0x1058 | 0x152 |
| __C_specific_handler | 0x0 | 0x140002060 | 0x2460 | 0x1060 | 0x11e |
| _XcptFilter | 0x0 | 0x140002068 | 0x2468 | 0x1068 | 0x11a |
| _exit | 0x0 | 0x140002070 | 0x2470 | 0x1070 | 0x200 |
| _cexit | 0x0 | 0x140002078 | 0x2478 | 0x1078 | 0x1b5 |
| exit | 0x0 | 0x140002080 | 0x2480 | 0x1080 | 0x548 |
| __initenv | 0x0 | 0x140002088 | 0x2488 | 0x1088 | 0x153 |
| _amsg_exit | 0x0 | 0x140002090 | 0x2490 | 0x1090 | 0x19e |
| _initterm_e | 0x0 | 0x140002098 | 0x2498 | 0x1098 | 0x287 |
| _configthreadlocale | 0x0 | 0x1400020a0 | 0x24a0 | 0x10a0 | 0x1c5 |
| __setusermatherr | 0x0 | 0x1400020a8 | 0x24a8 | 0x10a8 | 0x17c |
| _commode | 0x0 | 0x1400020b0 | 0x24b0 | 0x10b0 | 0x1c4 |
| _fmode | 0x0 | 0x1400020b8 | 0x24b8 | 0x10b8 | 0x21c |
| __set_app_type | 0x0 | 0x1400020c0 | 0x24c0 | 0x10c0 | 0x179 |
| ?terminate@@YAXXZ | 0x0 | 0x1400020c8 | 0x24c8 | 0x10c8 | 0x100 |
| _unlock | 0x0 | 0x1400020d0 | 0x24d0 | 0x10d0 | 0x45b |
| __dllonexit | 0x0 | 0x1400020d8 | 0x24d8 | 0x10d8 | 0x148 |
| _lock | 0x0 | 0x1400020e0 | 0x24e0 | 0x10e0 | 0x2f6 |
| _onexit | 0x0 | 0x1400020e8 | 0x24e8 | 0x10e8 | 0x39d |
| getenv | 0x0 | 0x1400020f0 | 0x24f0 | 0x10f0 | 0x573 |
| printf | 0x0 | 0x1400020f8 | 0x24f8 | 0x10f8 | 0x5b3 |
| __argc | 0x0 | 0x140002100 | 0x2500 | 0x1100 | 0x13d |
| __argv | 0x0 | 0x140002108 | 0x2508 | 0x1108 | 0x13e |
| _initterm | 0x0 | 0x140002110 | 0x2510 | 0x1110 | 0x286 |
KERNEL32.dll (10)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetSystemTimeAsFileTime | 0x0 | 0x140002000 | 0x2400 | 0x1000 | 0x280 |
| GetCurrentProcessId | 0x0 | 0x140002008 | 0x2408 | 0x1008 | 0x1c7 |
| GetCurrentThreadId | 0x0 | 0x140002010 | 0x2410 | 0x1010 | 0x1cb |
| GetTickCount | 0x0 | 0x140002018 | 0x2418 | 0x1018 | 0x29a |
| QueryPerformanceCounter | 0x0 | 0x140002020 | 0x2420 | 0x1020 | 0x3a9 |
| SetUnhandledExceptionFilter | 0x0 | 0x140002028 | 0x2428 | 0x1028 | 0x4b3 |
| EncodePointer | 0x0 | 0x140002030 | 0x2430 | 0x1030 | 0xee |
| Sleep | 0x0 | 0x140002038 | 0x2438 | 0x1038 | 0x4c0 |
| GetCommandLineA | 0x0 | 0x140002040 | 0x2440 | 0x1040 | 0x18c |
| DecodePointer | 0x0 | 0x140002048 | 0x2448 | 0x1048 | 0xcb |
Digital Signatures (2)
»
Certificate: Oracle America, Inc.
»
| Issued by | Oracle America, Inc. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2015-04-14 00:00:00+00:00 |
| Valid Until | 2018-04-13 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52 |
| Thumbprint | 3B 75 81 6D 15 A6 D8 F4 59 8E 9C F5 60 3F 18 39 EE 84 D7 3D |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00:00+00:00 |
| Valid Until | 2023-12-09 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\Program Files\Java\jre1.8.0_144\bin\java-rmi.exe.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\java-rmi.exe (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 15.58 KB |
| MD5 |
29f7ae6bd094e4490a96534d90a79b73
|
| SHA1 |
bb7fe34eeec36aab6706a4ac352b22008b8e5114
|
| SHA256 |
f59153f1be6e1edf844871746b240cc95b259802a33b66dfe5364c62185aaa0a
|
| SSDeep |
192:RYoaAk0cahpPk6gw44Zh6XIKEfoJcYzee5SUHnYe+PjPriT0fwYUr:/aGcaI6gw4I/KNJ1zeeEenYPLr7wr
|
| C:\Program Files\Java\jre1.8.0_144\bin\java.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 202.08 KB |
| MD5 |
625814cd7e1fb5044a356e0eeab29c25
|
| SHA1 |
636d7a0a2a12bbfa90b308800177c4673b781248
|
| SHA256 |
d843d974bcc1d7dff1dd624f42321aab6e0b2c524a0cbc2b55b2638d1a093b91
|
| SSDeep |
3072:fAivwgV/wTmkrTHjzvBQdT7qKBnusl/Kbi6oyQS9wTBfYx2ZX6ZL4jZqMNOb1k:WgSTmUHvOdT7duCKbi6ozowTBkRYvKi
|
| ImpHash |
bb9f83f2ccf071025cfcf6c07dc24b5c
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x14000a8c0 |
| Size Of Code | 0x1ca00 |
| Size Of Initialized Data | 0x14200 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2017-07-22 05:07:21+00:00 |
Version Information (9)
»
| CompanyName | Oracle Corporation |
| FileDescription | Java(TM) Platform SE binary |
| FileVersion | 8.0.1440.1 |
| Full Version | 1.8.0_144-b01 |
| InternalName | java |
| LegalCopyright | Copyright © 2017 |
| OriginalFilename | java.exe |
| ProductName | Java(TM) Platform SE 8 |
| ProductVersion | 8.0.1440.1 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x1c841 | 0x1ca00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.49 |
| .rdata | 0x14001e000 | 0x88fe | 0x8a00 | 0x1ce00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.2 |
| .data | 0x140027000 | 0x3ff8 | 0x1c00 | 0x25800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.89 |
| .pdata | 0x14002b000 | 0x1248 | 0x1400 | 0x27400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.92 |
| .rsrc | 0x14002d000 | 0x81b8 | 0x8200 | 0x28800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.02 |
| .reloc | 0x140036000 | 0x4d0 | 0x600 | 0x30a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 2.57 |
Imports (4)
»
ADVAPI32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegCloseKey | 0x0 | 0x14001e000 | 0x25e00 | 0x24c00 | 0x230 |
| RegOpenKeyExA | 0x0 | 0x14001e008 | 0x25e08 | 0x24c08 | 0x260 |
| RegEnumKeyA | 0x0 | 0x14001e010 | 0x25e10 | 0x24c10 | 0x24d |
| RegQueryValueExA | 0x0 | 0x14001e018 | 0x25e18 | 0x24c18 | 0x26d |
USER32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CharNextExA | 0x0 | 0x14001e340 | 0x26140 | 0x24f40 | 0x30 |
| MessageBoxA | 0x0 | 0x14001e348 | 0x26148 | 0x24f48 | 0x212 |
COMCTL32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| InitCommonControlsEx | 0x0 | 0x14001e028 | 0x25e28 | 0x24c28 | 0x7c |
KERNEL32.dll (96)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CreateFileW | 0x0 | 0x14001e038 | 0x25e38 | 0x24c38 | 0x8f |
| GetCommandLineA | 0x0 | 0x14001e040 | 0x25e40 | 0x24c40 | 0x18c |
| GetModuleFileNameA | 0x0 | 0x14001e048 | 0x25e48 | 0x24c48 | 0x219 |
| QueryPerformanceCounter | 0x0 | 0x14001e050 | 0x25e50 | 0x24c50 | 0x3a9 |
| QueryPerformanceFrequency | 0x0 | 0x14001e058 | 0x25e58 | 0x24c58 | 0x3aa |
| LocalFree | 0x0 | 0x14001e060 | 0x25e60 | 0x24c60 | 0x34a |
| FormatMessageA | 0x0 | 0x14001e068 | 0x25e68 | 0x24c68 | 0x163 |
| GetLastError | 0x0 | 0x14001e070 | 0x25e70 | 0x24c70 | 0x208 |
| CloseHandle | 0x0 | 0x14001e078 | 0x25e78 | 0x24c78 | 0x52 |
| GetExitCodeProcess | 0x0 | 0x14001e080 | 0x25e80 | 0x24c80 | 0x1e6 |
| WaitForSingleObject | 0x0 | 0x14001e088 | 0x25e88 | 0x24c88 | 0x508 |
| CreateProcessA | 0x0 | 0x14001e090 | 0x25e90 | 0x24c90 | 0xa4 |
| GetProcAddress | 0x0 | 0x14001e098 | 0x25e98 | 0x24c98 | 0x24c |
| GetModuleHandleA | 0x0 | 0x14001e0a0 | 0x25ea0 | 0x24ca0 | 0x21b |
| LoadLibraryA | 0x0 | 0x14001e0a8 | 0x25ea8 | 0x24ca8 | 0x33e |
| GetExitCodeThread | 0x0 | 0x14001e0b0 | 0x25eb0 | 0x24cb0 | 0x1e7 |
| FindFirstFileA | 0x0 | 0x14001e0b8 | 0x25eb8 | 0x24cb8 | 0x138 |
| FindNextFileA | 0x0 | 0x14001e0c0 | 0x25ec0 | 0x24cc0 | 0x149 |
| FindClose | 0x0 | 0x14001e0c8 | 0x25ec8 | 0x24cc8 | 0x134 |
| GetModuleHandleW | 0x0 | 0x14001e0d0 | 0x25ed0 | 0x24cd0 | 0x21e |
| ExitProcess | 0x0 | 0x14001e0d8 | 0x25ed8 | 0x24cd8 | 0x11f |
| DecodePointer | 0x0 | 0x14001e0e0 | 0x25ee0 | 0x24ce0 | 0xcb |
| HeapFree | 0x0 | 0x14001e0e8 | 0x25ee8 | 0x24ce8 | 0x2d7 |
| MultiByteToWideChar | 0x0 | 0x14001e0f0 | 0x25ef0 | 0x24cf0 | 0x369 |
| GetCurrentProcessId | 0x0 | 0x14001e0f8 | 0x25ef8 | 0x24cf8 | 0x1c7 |
| EnterCriticalSection | 0x0 | 0x14001e100 | 0x25f00 | 0x24d00 | 0xf2 |
| LeaveCriticalSection | 0x0 | 0x14001e108 | 0x25f08 | 0x24d08 | 0x33b |
| HeapAlloc | 0x0 | 0x14001e110 | 0x25f10 | 0x24d10 | 0x2d3 |
| HeapReAlloc | 0x0 | 0x14001e118 | 0x25f18 | 0x24d18 | 0x2da |
| FileTimeToSystemTime | 0x0 | 0x14001e120 | 0x25f20 | 0x24d20 | 0x12b |
| FileTimeToLocalFileTime | 0x0 | 0x14001e128 | 0x25f28 | 0x24d28 | 0x12a |
| GetDriveTypeA | 0x0 | 0x14001e130 | 0x25f30 | 0x24d30 | 0x1d9 |
| FindFirstFileExA | 0x0 | 0x14001e138 | 0x25f38 | 0x24d38 | 0x139 |
| GetFileAttributesA | 0x0 | 0x14001e140 | 0x25f40 | 0x24d40 | 0x1ec |
| ExitThread | 0x0 | 0x14001e148 | 0x25f48 | 0x24d48 | 0x120 |
| GetCurrentThreadId | 0x0 | 0x14001e150 | 0x25f50 | 0x24d50 | 0x1cb |
| CreateThread | 0x0 | 0x14001e158 | 0x25f58 | 0x24d58 | 0xb4 |
| SetFilePointer | 0x0 | 0x14001e160 | 0x25f60 | 0x24d60 | 0x474 |
| InitializeCriticalSectionAndSpinCount | 0x0 | 0x14001e168 | 0x25f68 | 0x24d68 | 0x2eb |
| DeleteCriticalSection | 0x0 | 0x14001e170 | 0x25f70 | 0x24d70 | 0xd2 |
| EncodePointer | 0x0 | 0x14001e178 | 0x25f78 | 0x24d78 | 0xee |
| LoadLibraryW | 0x0 | 0x14001e180 | 0x25f80 | 0x24d80 | 0x341 |
| UnhandledExceptionFilter | 0x0 | 0x14001e188 | 0x25f88 | 0x24d88 | 0x4e2 |
| SetUnhandledExceptionFilter | 0x0 | 0x14001e190 | 0x25f90 | 0x24d90 | 0x4b3 |
| IsDebuggerPresent | 0x0 | 0x14001e198 | 0x25f98 | 0x24d98 | 0x302 |
| RtlVirtualUnwind | 0x0 | 0x14001e1a0 | 0x25fa0 | 0x24da0 | 0x426 |
| RtlLookupFunctionEntry | 0x0 | 0x14001e1a8 | 0x25fa8 | 0x24da8 | 0x41f |
| RtlCaptureContext | 0x0 | 0x14001e1b0 | 0x25fb0 | 0x24db0 | 0x418 |
| TerminateProcess | 0x0 | 0x14001e1b8 | 0x25fb8 | 0x24db8 | 0x4ce |
| GetCurrentProcess | 0x0 | 0x14001e1c0 | 0x25fc0 | 0x24dc0 | 0x1c6 |
| FlsGetValue | 0x0 | 0x14001e1c8 | 0x25fc8 | 0x24dc8 | 0x15a |
| FlsSetValue | 0x0 | 0x14001e1d0 | 0x25fd0 | 0x24dd0 | 0x15b |
| FlsFree | 0x0 | 0x14001e1d8 | 0x25fd8 | 0x24dd8 | 0x159 |
| SetLastError | 0x0 | 0x14001e1e0 | 0x25fe0 | 0x24de0 | 0x480 |
| FlsAlloc | 0x0 | 0x14001e1e8 | 0x25fe8 | 0x24de8 | 0x158 |
| RtlUnwindEx | 0x0 | 0x14001e1f0 | 0x25ff0 | 0x24df0 | 0x425 |
| WriteFile | 0x0 | 0x14001e1f8 | 0x25ff8 | 0x24df8 | 0x534 |
| GetStdHandle | 0x0 | 0x14001e200 | 0x26000 | 0x24e00 | 0x26b |
| GetModuleFileNameW | 0x0 | 0x14001e208 | 0x26008 | 0x24e08 | 0x21a |
| WideCharToMultiByte | 0x0 | 0x14001e210 | 0x26010 | 0x24e10 | 0x520 |
| FreeEnvironmentStringsW | 0x0 | 0x14001e218 | 0x26018 | 0x24e18 | 0x167 |
| GetEnvironmentStringsW | 0x0 | 0x14001e220 | 0x26020 | 0x24e20 | 0x1e1 |
| SetHandleCount | 0x0 | 0x14001e228 | 0x26028 | 0x24e28 | 0x47c |
| GetFileType | 0x0 | 0x14001e230 | 0x26030 | 0x24e30 | 0x1fa |
| GetStartupInfoW | 0x0 | 0x14001e238 | 0x26038 | 0x24e38 | 0x26a |
| HeapSetInformation | 0x0 | 0x14001e240 | 0x26040 | 0x24e40 | 0x2db |
| GetVersion | 0x0 | 0x14001e248 | 0x26048 | 0x24e48 | 0x2aa |
| HeapCreate | 0x0 | 0x14001e250 | 0x26050 | 0x24e50 | 0x2d5 |
| GetTickCount | 0x0 | 0x14001e258 | 0x26058 | 0x24e58 | 0x29a |
| GetSystemTimeAsFileTime | 0x0 | 0x14001e260 | 0x26060 | 0x24e60 | 0x280 |
| SetEnvironmentVariableW | 0x0 | 0x14001e268 | 0x26068 | 0x24e68 | 0x465 |
| SetEnvironmentVariableA | 0x0 | 0x14001e270 | 0x26070 | 0x24e70 | 0x464 |
| Sleep | 0x0 | 0x14001e278 | 0x26078 | 0x24e78 | 0x4c0 |
| SetStdHandle | 0x0 | 0x14001e280 | 0x26080 | 0x24e80 | 0x494 |
| GetConsoleCP | 0x0 | 0x14001e288 | 0x26088 | 0x24e88 | 0x1a0 |
| GetConsoleMode | 0x0 | 0x14001e290 | 0x26090 | 0x24e90 | 0x1b2 |
| GetFullPathNameA | 0x0 | 0x14001e298 | 0x26098 | 0x24e98 | 0x1ff |
| GetFileInformationByHandle | 0x0 | 0x14001e2a0 | 0x260a0 | 0x24ea0 | 0x1f3 |
| PeekNamedPipe | 0x0 | 0x14001e2a8 | 0x260a8 | 0x24ea8 | 0x38f |
| CreateFileA | 0x0 | 0x14001e2b0 | 0x260b0 | 0x24eb0 | 0x88 |
| GetCurrentDirectoryW | 0x0 | 0x14001e2b8 | 0x260b8 | 0x24eb8 | 0x1c5 |
| FlushFileBuffers | 0x0 | 0x14001e2c0 | 0x260c0 | 0x24ec0 | 0x15d |
| GetCPInfo | 0x0 | 0x14001e2c8 | 0x260c8 | 0x24ec8 | 0x178 |
| GetACP | 0x0 | 0x14001e2d0 | 0x260d0 | 0x24ed0 | 0x16e |
| GetOEMCP | 0x0 | 0x14001e2d8 | 0x260d8 | 0x24ed8 | 0x23e |
| IsValidCodePage | 0x0 | 0x14001e2e0 | 0x260e0 | 0x24ee0 | 0x30c |
| HeapSize | 0x0 | 0x14001e2e8 | 0x260e8 | 0x24ee8 | 0x2dc |
| CompareStringW | 0x0 | 0x14001e2f0 | 0x260f0 | 0x24ef0 | 0x64 |
| ReadFile | 0x0 | 0x14001e2f8 | 0x260f8 | 0x24ef8 | 0x3c3 |
| WriteConsoleW | 0x0 | 0x14001e300 | 0x26100 | 0x24f00 | 0x533 |
| GetDriveTypeW | 0x0 | 0x14001e308 | 0x26108 | 0x24f08 | 0x1da |
| SetEndOfFile | 0x0 | 0x14001e310 | 0x26110 | 0x24f10 | 0x461 |
| GetProcessHeap | 0x0 | 0x14001e318 | 0x26118 | 0x24f18 | 0x251 |
| GetTimeZoneInformation | 0x0 | 0x14001e320 | 0x26120 | 0x24f20 | 0x29f |
| LCMapStringW | 0x0 | 0x14001e328 | 0x26128 | 0x24f28 | 0x32f |
| GetStringTypeW | 0x0 | 0x14001e330 | 0x26130 | 0x24f30 | 0x270 |
Digital Signatures (2)
»
Certificate: Oracle America, Inc.
»
| Issued by | Oracle America, Inc. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2015-04-14 00:00:00+00:00 |
| Valid Until | 2018-04-13 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52 |
| Thumbprint | 3B 75 81 6D 15 A6 D8 F4 59 8E 9C F5 60 3F 18 39 EE 84 D7 3D |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00:00+00:00 |
| Valid Until | 2023-12-09 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 2.12 MB |
| MD5 |
cba6fc8018b7b0f18fbaafacc4c9a3c2
|
| SHA1 |
a50d53652c3375f30cdf7cca6c09e23b0aaffd1c
|
| SHA256 |
7d82d6176b6914aeeae0cb0d7a271ad11f253ee10b9c72d5055bec102cad817f
|
| SSDeep |
49152:fmLYIuXm8GNHxyyVn2W4z17A6wz8f4O8b8ITDnlVP80iiN:fPwPHF2Wy17GPF
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 28.50 KB |
| MD5 |
702c90d348653eb4fb74281fe3312522
|
| SHA1 |
967947fdcdf8c9cbe76b3156d309ba6e3a89d895
|
| SHA256 |
c4c721574faf55c69a8f1d7ec7e180e6dc56ded9fba301b1e58323398d3519f0
|
| SSDeep |
768:YpA5cPMp0yqRFBD9LgnFzEyHakK80uBF3whE:R52Mp0BPxa57a20aFghE
|
| ImpHash |
e51c5e188b5774083f0fe2438f35bc5b
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x403341 |
| Size Of Code | 0x2a00 |
| Size Of Initialized Data | 0x2a00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2017-11-04 18:28:43+00:00 |
Version Information (7)
»
| CompanyName | Adobe Systems Incorporated |
| FileDescription | Adobe Acrobat Reader DC |
| FileVersion | 18.9.20044.251705 |
| LegalCopyright | Copyright 1984-2017 Adobe Systems Incorporated and its licensors. All rights reserved. |
| OriginalFilename | AcroRd32Info.exe |
| ProductName | Adobe Acrobat Reader DC |
| ProductVersion | 18.9.20044.251705 |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x2993 | 0x2a00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.34 |
| .rdata | 0x404000 | 0x1360 | 0x1400 | 0x2e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.65 |
| .data | 0x406000 | 0x494 | 0x200 | 0x4200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.6 |
| .rsrc | 0x407000 | 0xaa8 | 0xc00 | 0x4400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.54 |
| .reloc | 0x408000 | 0x3e0 | 0x400 | 0x5000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.41 |
Imports (4)
»
KERNEL32.dll (23)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SetLastError | 0x0 | 0x404018 | 0x4c58 | 0x3a58 | 0x50b |
| GetProcessHeap | 0x0 | 0x40401c | 0x4c5c | 0x3a5c | 0x2a2 |
| HeapSetInformation | 0x0 | 0x404020 | 0x4c60 | 0x3a60 | 0x337 |
| GetCurrentProcess | 0x0 | 0x404024 | 0x4c64 | 0x3a64 | 0x209 |
| FreeLibrary | 0x0 | 0x404028 | 0x4c68 | 0x3a68 | 0x19e |
| GetLastError | 0x0 | 0x40402c | 0x4c6c | 0x3a6c | 0x250 |
| GetModuleHandleA | 0x0 | 0x404030 | 0x4c70 | 0x3a70 | 0x264 |
| GetModuleHandleW | 0x0 | 0x404034 | 0x4c74 | 0x3a74 | 0x267 |
| LoadLibraryW | 0x0 | 0x404038 | 0x4c78 | 0x3a78 | 0x3a8 |
| VerifyVersionInfoW | 0x0 | 0x40403c | 0x4c7c | 0x3a7c | 0x59a |
| SetUnhandledExceptionFilter | 0x0 | 0x404040 | 0x4c80 | 0x3a80 | 0x543 |
| OutputDebugStringA | 0x0 | 0x404044 | 0x4c84 | 0x3a84 | 0x3f9 |
| VerSetConditionMask | 0x0 | 0x404048 | 0x4c88 | 0x3a88 | 0x596 |
| GetProcAddress | 0x0 | 0x40404c | 0x4c8c | 0x3a8c | 0x29d |
| GetModuleFileNameW | 0x0 | 0x404050 | 0x4c90 | 0x3a90 | 0x263 |
| GetCurrentThreadId | 0x0 | 0x404054 | 0x4c94 | 0x3a94 | 0x20e |
| GetCurrentProcessId | 0x0 | 0x404058 | 0x4c98 | 0x3a98 | 0x20a |
| QueryPerformanceCounter | 0x0 | 0x40405c | 0x4c9c | 0x3a9c | 0x42d |
| IsProcessorFeaturePresent | 0x0 | 0x404060 | 0x4ca0 | 0x3aa0 | 0x36d |
| IsDebuggerPresent | 0x0 | 0x404064 | 0x4ca4 | 0x3aa4 | 0x367 |
| DecodePointer | 0x0 | 0x404068 | 0x4ca8 | 0x3aa8 | 0xfe |
| EncodePointer | 0x0 | 0x40406c | 0x4cac | 0x3aac | 0x121 |
| GetSystemTimeAsFileTime | 0x0 | 0x404070 | 0x4cb0 | 0x3ab0 | 0x2d6 |
ADVAPI32.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegOpenKeyExA | 0x0 | 0x404000 | 0x4c40 | 0x3a40 | 0x284 |
| RegQueryValueExW | 0x0 | 0x404004 | 0x4c44 | 0x3a44 | 0x292 |
| RegOpenKeyExW | 0x0 | 0x404008 | 0x4c48 | 0x3a48 | 0x285 |
| RegCloseKey | 0x0 | 0x40400c | 0x4c4c | 0x3a4c | 0x254 |
| RegQueryValueExA | 0x0 | 0x404010 | 0x4c50 | 0x3a50 | 0x291 |
MSVCP120.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ?_Xbad_alloc@std@@YAXXZ | 0x0 | 0x404078 | 0x4cb8 | 0x3ab8 | 0x2c9 |
| ?_Xout_of_range@std@@YAXPBD@Z | 0x0 | 0x40407c | 0x4cbc | 0x3abc | 0x2cd |
| ?_Syserror_map@std@@YAPBDH@Z | 0x0 | 0x404080 | 0x4cc0 | 0x3ac0 | 0x2b0 |
| ?_Winerror_map@std@@YAPBDH@Z | 0x0 | 0x404084 | 0x4cc4 | 0x3ac4 | 0x2c5 |
| ?_Xlength_error@std@@YAXPBD@Z | 0x0 | 0x404088 | 0x4cc8 | 0x3ac8 | 0x2cc |
MSVCR120.dll (47)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| strlen | 0x0 | 0x404090 | 0x4cd0 | 0x3ad0 | 0x738 |
| _CxxThrowException | 0x0 | 0x404094 | 0x4cd4 | 0x3ad4 | 0x158 |
| __CxxFrameHandler3 | 0x0 | 0x404098 | 0x4cd8 | 0x3ad8 | 0x174 |
| wcsncat_s | 0x0 | 0x40409c | 0x4cdc | 0x3adc | 0x78a |
| wcsncpy_s | 0x0 | 0x4040a0 | 0x4ce0 | 0x3ae0 | 0x78d |
| wcsrchr | 0x0 | 0x4040a4 | 0x4ce4 | 0x3ae4 | 0x790 |
| ??2@YAPAXI@Z | 0x0 | 0x4040a8 | 0x4ce8 | 0x3ae8 | 0x70 |
| free | 0x0 | 0x4040ac | 0x4cec | 0x3aec | 0x683 |
| malloc | 0x0 | 0x4040b0 | 0x4cf0 | 0x3af0 | 0x6db |
| _get_heap_handle | 0x0 | 0x4040b4 | 0x4cf4 | 0x3af4 | 0x2d7 |
| memset | 0x0 | 0x4040b8 | 0x4cf8 | 0x3af8 | 0x6ea |
| _lock | 0x0 | 0x4040bc | 0x4cfc | 0x3afc | 0x394 |
| _unlock | 0x0 | 0x4040c0 | 0x4d00 | 0x3b00 | 0x504 |
| _calloc_crt | 0x0 | 0x4040c4 | 0x4d04 | 0x3b04 | 0x22e |
| __dllonexit | 0x0 | 0x4040c8 | 0x4d08 | 0x3b08 | 0x1ae |
| _onexit | 0x0 | 0x4040cc | 0x4d0c | 0x3b0c | 0x43a |
| ??1type_info@@UAE@XZ | 0x0 | 0x4040d0 | 0x4d10 | 0x3b10 | 0x6f |
| _except_handler4_common | 0x0 | 0x4040d4 | 0x4d14 | 0x3b14 | 0x27a |
| _XcptFilter | 0x0 | 0x4040d8 | 0x4d18 | 0x3b18 | 0x16b |
| __crtGetShowWindowMode | 0x0 | 0x4040dc | 0x4d1c | 0x3b1c | 0x19d |
| __wgetmainargs | 0x0 | 0x4040e0 | 0x4d20 | 0x3b20 | 0x208 |
| __set_app_type | 0x0 | 0x4040e4 | 0x4d24 | 0x3b24 | 0x1f2 |
| exit | 0x0 | 0x4040e8 | 0x4d28 | 0x3b28 | 0x64e |
| _exit | 0x0 | 0x4040ec | 0x4d2c | 0x3b2c | 0x283 |
| _cexit | 0x0 | 0x4040f0 | 0x4d30 | 0x3b30 | 0x22f |
| _configthreadlocale | 0x0 | 0x4040f4 | 0x4d34 | 0x3b34 | 0x240 |
| __setusermatherr | 0x0 | 0x4040f8 | 0x4d38 | 0x3b38 | 0x1f4 |
| _initterm_e | 0x0 | 0x4040fc | 0x4d3c | 0x3b3c | 0x30d |
| _initterm | 0x0 | 0x404100 | 0x4d40 | 0x3b40 | 0x30c |
| _wcmdln | 0x0 | 0x404104 | 0x4d44 | 0x3b44 | 0x549 |
| _fmode | 0x0 | 0x404108 | 0x4d48 | 0x3b48 | 0x2a2 |
| _commode | 0x0 | 0x40410c | 0x4d4c | 0x3b4c | 0x23f |
| _crt_debugger_hook | 0x0 | 0x404110 | 0x4d50 | 0x3b50 | 0x250 |
| __crtUnhandledException | 0x0 | 0x404114 | 0x4d54 | 0x3b54 | 0x1ac |
| __crtTerminateProcess | 0x0 | 0x404118 | 0x4d58 | 0x3b58 | 0x1ab |
| ?terminate@@YAXXZ | 0x0 | 0x40411c | 0x4d5c | 0x3b5c | 0x135 |
| __crtSetUnhandledExceptionFilter | 0x0 | 0x404120 | 0x4d60 | 0x3b60 | 0x1a9 |
| _invoke_watson | 0x0 | 0x404124 | 0x4d64 | 0x3b64 | 0x314 |
| _controlfp_s | 0x0 | 0x404128 | 0x4d68 | 0x3b68 | 0x243 |
| _purecall | 0x0 | 0x40412c | 0x4d6c | 0x3b6c | 0x449 |
| memcpy | 0x0 | 0x404130 | 0x4d70 | 0x3b70 | 0x6e6 |
| memmove | 0x0 | 0x404134 | 0x4d74 | 0x3b74 | 0x6e8 |
| wcslen | 0x0 | 0x404138 | 0x4d78 | 0x3b78 | 0x788 |
| _vsnwprintf | 0x0 | 0x40413c | 0x4d7c | 0x3b7c | 0x52f |
| _amsg_exit | 0x0 | 0x404140 | 0x4d80 | 0x3b80 | 0x217 |
| ??3@YAXPAX@Z | 0x0 | 0x404144 | 0x4d84 | 0x3b84 | 0x72 |
| wcsstr | 0x0 | 0x404148 | 0x4d88 | 0x3b88 | 0x794 |
Digital Signatures (2)
»
Certificate: Adobe Systems, Incorporated
»
| Issued by | Adobe Systems, Incorporated |
| Parent Certificate | DigiCert EV Code Signing CA (SHA2) |
| Country Name | US |
| Valid From | 2017-03-10 00:00:00+00:00 |
| Valid Until | 2019-03-15 12:00:00+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 06 89 83 64 2C 95 3E 46 F7 BD CE 41 43 F1 33 C1 |
| Thumbprint | EA A8 43 CA 28 33 A2 E1 EB ED EB E7 D0 4F 0C A2 B4 D9 73 44 |
Certificate: DigiCert EV Code Signing CA (SHA2)
»
| Issued by | DigiCert EV Code Signing CA (SHA2) |
| Country Name | US |
| Valid From | 2012-04-18 12:00:00+00:00 |
| Valid Until | 2027-04-18 12:00:00+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C |
| Thumbprint | 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3 |
| C:\588bce7c90097ed212\netfx_Extended_x64.msi | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\netfx_Extended_x64.msi.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 852.02 KB |
| MD5 |
d904bb84d9bf8974e2ce542f9e543534
|
| SHA1 |
4759485f9009e7e80c8e1a40ae8349a9b83e335a
|
| SHA256 |
f4a1c4655a4cef66a7790f250919bf60578ef5a021715713a97232e2c3d0cb46
|
| SSDeep |
24576:0/J96doNrQlcqGRpOQSpKiPBD6txBkkkkk5SVh:G6dKQlc4Fc216XmSz
|
| C:\Program Files\Java\jre1.8.0_144\bin\javacpl.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 78.58 KB |
| MD5 |
ee9ee81daaafa5886769b129a4201c5a
|
| SHA1 |
55e4de44794248b7450a8fd1031e6cd0626a6ffc
|
| SHA256 |
e525b70737e252d8d41e4b931949fb8121b9f7db4eafbe6296349d284335eacf
|
| SSDeep |
1536:i8Pj/3I/Nr5Mk1uyewzL9vOpIVK7qjh3rmKPNtJKwf:i8s/Nr5juyL9vOp0tjZqMNtJKwf
|
| ImpHash |
0e05270b08079a9b2eb0e3c8e0d42134
|
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x140005904 |
| Size Of Code | 0x5a00 |
| Size Of Initialized Data | 0xca00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2017-07-22 05:18:15+00:00 |
Version Information (9)
»
| CompanyName | Oracle Corporation |
| FileDescription | Java Control Panel |
| FileVersion | 11.144.2.01 |
| Full Version | 11.144.2.01 |
| InternalName | Java Control Panel |
| LegalCopyright | Copyright © 2017 |
| OriginalFilename | javacpl.exe |
| ProductName | Java(TM) Platform SE 8 U144 |
| ProductVersion | 8.0.1440.1 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x59ae | 0x5a00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.11 |
| .rdata | 0x140007000 | 0x36d6 | 0x3800 | 0x5e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.33 |
| .data | 0x14000b000 | 0x778 | 0x200 | 0x9600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.16 |
| .pdata | 0x14000c000 | 0x540 | 0x600 | 0x9800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.0 |
| .rsrc | 0x14000d000 | 0x80f8 | 0x8200 | 0x9e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.93 |
| .reloc | 0x140016000 | 0x14c | 0x200 | 0x12000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 1.52 |
Imports (5)
»
USER32.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| OpenInputDesktop | 0x0 | 0x140007368 | 0x9f30 | 0x8d30 | 0x22e |
| LoadStringW | 0x0 | 0x140007370 | 0x9f38 | 0x8d38 | 0x1fe |
| wsprintfW | 0x0 | 0x140007378 | 0x9f40 | 0x8d40 | 0x33b |
| MessageBoxW | 0x0 | 0x140007380 | 0x9f48 | 0x8d48 | 0x219 |
| CloseDesktop | 0x0 | 0x140007388 | 0x9f50 | 0x8d50 | 0x4a |
MSVCR100.dll (52)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __crt_debugger_hook | 0x0 | 0x140007190 | 0x9d58 | 0x8b58 | 0x146 |
| ?_type_info_dtor_internal_method@type_info@@QEAAXXZ | 0x0 | 0x140007198 | 0x9d60 | 0x8b60 | 0xee |
| _unlock | 0x0 | 0x1400071a0 | 0x9d68 | 0x8b68 | 0x45b |
| __dllonexit | 0x0 | 0x1400071a8 | 0x9d70 | 0x8b70 | 0x148 |
| _lock | 0x0 | 0x1400071b0 | 0x9d78 | 0x8b78 | 0x2f6 |
| _onexit | 0x0 | 0x1400071b8 | 0x9d80 | 0x8b80 | 0x39d |
| _fmode | 0x0 | 0x1400071c0 | 0x9d88 | 0x8b88 | 0x21c |
| _commode | 0x0 | 0x1400071c8 | 0x9d90 | 0x8b90 | 0x1c4 |
| __setusermatherr | 0x0 | 0x1400071d0 | 0x9d98 | 0x8b98 | 0x17c |
| _configthreadlocale | 0x0 | 0x1400071d8 | 0x9da0 | 0x8ba0 | 0x1c5 |
| _CxxThrowException | 0x0 | 0x1400071e0 | 0x9da8 | 0x8ba8 | 0x10e |
| _initterm_e | 0x0 | 0x1400071e8 | 0x9db0 | 0x8bb0 | 0x287 |
| _initterm | 0x0 | 0x1400071f0 | 0x9db8 | 0x8bb8 | 0x286 |
| _acmdln | 0x0 | 0x1400071f8 | 0x9dc0 | 0x8bc0 | 0x195 |
| exit | 0x0 | 0x140007200 | 0x9dc8 | 0x8bc8 | 0x548 |
| _cexit | 0x0 | 0x140007208 | 0x9dd0 | 0x8bd0 | 0x1b5 |
| _ismbblead | 0x0 | 0x140007210 | 0x9dd8 | 0x8bd8 | 0x2a5 |
| _exit | 0x0 | 0x140007218 | 0x9de0 | 0x8be0 | 0x200 |
| _XcptFilter | 0x0 | 0x140007220 | 0x9de8 | 0x8be8 | 0x11a |
| __getmainargs | 0x0 | 0x140007228 | 0x9df0 | 0x8bf0 | 0x152 |
| _amsg_exit | 0x0 | 0x140007230 | 0x9df8 | 0x8bf8 | 0x19e |
| __C_specific_handler | 0x0 | 0x140007238 | 0x9e00 | 0x8c00 | 0x11e |
| ?terminate@@YAXXZ | 0x0 | 0x140007240 | 0x9e08 | 0x8c08 | 0x100 |
| memcpy | 0x0 | 0x140007248 | 0x9e10 | 0x8c10 | 0x5a9 |
| _vsnwprintf_s | 0x0 | 0x140007250 | 0x9e18 | 0x8c18 | 0x487 |
| _ftime64_s | 0x0 | 0x140007258 | 0x9e20 | 0x8c20 | 0x23e |
| wcsftime | 0x0 | 0x140007260 | 0x9e28 | 0x8c28 | 0x618 |
| _snwprintf_s | 0x0 | 0x140007268 | 0x9e30 | 0x8c30 | 0x3eb |
| _localtime64 | 0x0 | 0x140007270 | 0x9e38 | 0x8c38 | 0x2f4 |
| _wputenv | 0x0 | 0x140007278 | 0x9e40 | 0x8c40 | 0x4f9 |
| fwprintf_s | 0x0 | 0x140007280 | 0x9e48 | 0x8c48 | 0x56d |
| _wdupenv_s | 0x0 | 0x140007288 | 0x9e50 | 0x8c50 | 0x4ce |
| free | 0x0 | 0x140007290 | 0x9e58 | 0x8c58 | 0x563 |
| _wfopen_s | 0x0 | 0x140007298 | 0x9e60 | 0x8c60 | 0x4e2 |
| wcsncpy_s | 0x0 | 0x1400072a0 | 0x9e68 | 0x8c68 | 0x61e |
| wcscat_s | 0x0 | 0x1400072a8 | 0x9e70 | 0x8c70 | 0x611 |
| memcpy_s | 0x0 | 0x1400072b0 | 0x9e78 | 0x8c78 | 0x5aa |
| _wsplitpath_s | 0x0 | 0x1400072b8 | 0x9e80 | 0x8c80 | 0x50f |
| fclose | 0x0 | 0x1400072c0 | 0x9e88 | 0x8c88 | 0x54c |
| wcscpy_s | 0x0 | 0x1400072c8 | 0x9e90 | 0x8c90 | 0x616 |
| _wtoi | 0x0 | 0x1400072d0 | 0x9e98 | 0x8c98 | 0x51e |
| _wstat64i32 | 0x0 | 0x1400072d8 | 0x9ea0 | 0x8ca0 | 0x513 |
| memset | 0x0 | 0x1400072e0 | 0x9ea8 | 0x8ca8 | 0x5ad |
| swprintf_s | 0x0 | 0x1400072e8 | 0x9eb0 | 0x8cb0 | 0x5f1 |
| ??_U@YAPEAX_K@Z | 0x0 | 0x1400072f0 | 0x9eb8 | 0x8cb8 | 0x78 |
| ??3@YAXPEAX@Z | 0x0 | 0x1400072f8 | 0x9ec0 | 0x8cc0 | 0x65 |
| __CxxFrameHandler3 | 0x0 | 0x140007300 | 0x9ec8 | 0x8cc8 | 0x128 |
| _stat64i32 | 0x0 | 0x140007308 | 0x9ed0 | 0x8cd0 | 0x406 |
| ??_V@YAXPEAX@Z | 0x0 | 0x140007310 | 0x9ed8 | 0x8cd8 | 0x7a |
| ??2@YAPEAX_K@Z | 0x0 | 0x140007318 | 0x9ee0 | 0x8ce0 | 0x63 |
| malloc | 0x0 | 0x140007320 | 0x9ee8 | 0x8ce8 | 0x59e |
| __set_app_type | 0x0 | 0x140007328 | 0x9ef0 | 0x8cf0 | 0x179 |
KERNEL32.dll (49)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetProcAddress | 0x0 | 0x140007000 | 0x9bc8 | 0x89c8 | 0x24c |
| MultiByteToWideChar | 0x0 | 0x140007008 | 0x9bd0 | 0x89d0 | 0x369 |
| WideCharToMultiByte | 0x0 | 0x140007010 | 0x9bd8 | 0x89d8 | 0x520 |
| LoadLibraryA | 0x0 | 0x140007018 | 0x9be0 | 0x89e0 | 0x33e |
| RaiseException | 0x0 | 0x140007020 | 0x9be8 | 0x89e8 | 0x3b4 |
| GetSystemTimeAsFileTime | 0x0 | 0x140007028 | 0x9bf0 | 0x89f0 | 0x280 |
| GetTickCount | 0x0 | 0x140007030 | 0x9bf8 | 0x89f8 | 0x29a |
| QueryPerformanceCounter | 0x0 | 0x140007038 | 0x9c00 | 0x8a00 | 0x3a9 |
| DecodePointer | 0x0 | 0x140007040 | 0x9c08 | 0x8a08 | 0xcb |
| RtlCaptureContext | 0x0 | 0x140007048 | 0x9c10 | 0x8a10 | 0x418 |
| RtlLookupFunctionEntry | 0x0 | 0x140007050 | 0x9c18 | 0x8a18 | 0x41f |
| RtlVirtualUnwind | 0x0 | 0x140007058 | 0x9c20 | 0x8a20 | 0x426 |
| IsDebuggerPresent | 0x0 | 0x140007060 | 0x9c28 | 0x8a28 | 0x302 |
| SetUnhandledExceptionFilter | 0x0 | 0x140007068 | 0x9c30 | 0x8a30 | 0x4b3 |
| UnhandledExceptionFilter | 0x0 | 0x140007070 | 0x9c38 | 0x8a38 | 0x4e2 |
| TerminateProcess | 0x0 | 0x140007078 | 0x9c40 | 0x8a40 | 0x4ce |
| EncodePointer | 0x0 | 0x140007080 | 0x9c48 | 0x8a48 | 0xee |
| GetStartupInfoW | 0x0 | 0x140007088 | 0x9c50 | 0x8a50 | 0x26a |
| Sleep | 0x0 | 0x140007090 | 0x9c58 | 0x8a58 | 0x4c0 |
| GetCurrentThreadId | 0x0 | 0x140007098 | 0x9c60 | 0x8a60 | 0x1cb |
| GetCurrentProcessId | 0x0 | 0x1400070a0 | 0x9c68 | 0x8a68 | 0x1c7 |
| OutputDebugStringW | 0x0 | 0x1400070a8 | 0x9c70 | 0x8a70 | 0x38c |
| GetLocalTime | 0x0 | 0x1400070b0 | 0x9c78 | 0x8a78 | 0x209 |
| GetTempPathW | 0x0 | 0x1400070b8 | 0x9c80 | 0x8a80 | 0x28c |
| GetShortPathNameW | 0x0 | 0x1400070c0 | 0x9c88 | 0x8a88 | 0x268 |
| LocalAlloc | 0x0 | 0x1400070c8 | 0x9c90 | 0x8a90 | 0x346 |
| LocalFree | 0x0 | 0x1400070d0 | 0x9c98 | 0x8a98 | 0x34a |
| GetWindowsDirectoryW | 0x0 | 0x1400070d8 | 0x9ca0 | 0x8aa0 | 0x2b7 |
| lstrlenW | 0x0 | 0x1400070e0 | 0x9ca8 | 0x8aa8 | 0x561 |
| WaitForSingleObject | 0x0 | 0x1400070e8 | 0x9cb0 | 0x8ab0 | 0x508 |
| CreateProcessW | 0x0 | 0x1400070f0 | 0x9cb8 | 0x8ab8 | 0xa8 |
| GetSystemDirectoryW | 0x0 | 0x1400070f8 | 0x9cc0 | 0x8ac0 | 0x277 |
| CreateFileW | 0x0 | 0x140007100 | 0x9cc8 | 0x8ac8 | 0x8f |
| GetNativeSystemInfo | 0x0 | 0x140007108 | 0x9cd0 | 0x8ad0 | 0x22b |
| GetCurrentProcess | 0x0 | 0x140007110 | 0x9cd8 | 0x8ad8 | 0x1c6 |
| VerSetConditionMask | 0x0 | 0x140007118 | 0x9ce0 | 0x8ae0 | 0x4f3 |
| VerifyVersionInfoW | 0x0 | 0x140007120 | 0x9ce8 | 0x8ae8 | 0x4f7 |
| GetVersionExW | 0x0 | 0x140007128 | 0x9cf0 | 0x8af0 | 0x2ac |
| GlobalMemoryStatusEx | 0x0 | 0x140007130 | 0x9cf8 | 0x8af8 | 0x2c8 |
| GetModuleHandleW | 0x0 | 0x140007138 | 0x9d00 | 0x8b00 | 0x21e |
| GetModuleFileNameW | 0x0 | 0x140007140 | 0x9d08 | 0x8b08 | 0x21a |
| GetLongPathNameW | 0x0 | 0x140007148 | 0x9d10 | 0x8b10 | 0x215 |
| LoadLibraryW | 0x0 | 0x140007150 | 0x9d18 | 0x8b18 | 0x341 |
| GetLastError | 0x0 | 0x140007158 | 0x9d20 | 0x8b20 | 0x208 |
| FreeLibrary | 0x0 | 0x140007160 | 0x9d28 | 0x8b28 | 0x168 |
| CloseHandle | 0x0 | 0x140007168 | 0x9d30 | 0x8b30 | 0x52 |
| FormatMessageW | 0x0 | 0x140007170 | 0x9d38 | 0x8b38 | 0x164 |
| GetEnvironmentVariableW | 0x0 | 0x140007178 | 0x9d40 | 0x8b40 | 0x1e3 |
| lstrlenA | 0x0 | 0x140007180 | 0x9d48 | 0x8b48 | 0x560 |
ole32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| StringFromCLSID | 0x0 | 0x140007398 | 0x9f60 | 0x8d60 | 0x1b4 |
| CoTaskMemFree | 0x0 | 0x1400073a0 | 0x9f68 | 0x8d68 | 0x6c |
OLEAUT32.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SysAllocString | 0x2 | 0x140007338 | 0x9f00 | 0x8d00 | - |
| SysFreeString | 0x6 | 0x140007340 | 0x9f08 | 0x8d08 | - |
| SysStringLen | 0x7 | 0x140007348 | 0x9f10 | 0x8d10 | - |
| SysAllocStringByteLen | 0x96 | 0x140007350 | 0x9f18 | 0x8d18 | - |
| VariantClear | 0x9 | 0x140007358 | 0x9f20 | 0x8d20 | - |
Icons (1)
»
Digital Signatures (2)
»
Certificate: Oracle America, Inc.
»
| Issued by | Oracle America, Inc. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2015-04-14 00:00:00+00:00 |
| Valid Until | 2018-04-13 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52 |
| Thumbprint | 3B 75 81 6D 15 A6 D8 F4 59 8E 9C F5 60 3F 18 39 EE 84 D7 3D |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00:00+00:00 |
| Valid Until | 2023-12-09 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\588bce7c90097ed212\netfx_Extended_x86.msi | Modified File | Unknown |
Unknown
|
...
|
»
| Mime Type | application/x-msi |
| File Size | 484.02 KB |
| MD5 |
309ca8245734c12713c77d3575f6535e
|
| SHA1 |
72c360c7868239c677e6441653bdf493b1c85ce6
|
| SHA256 |
383f04a8a7a752831a0b03d1adf8123c4851f0209a97956eaabccf098acb5731
|
| SSDeep |
6144:DRHfepsrxRrGh/JD6sAOiOk05c+Q+OjUIsLQUIcFxZSBVv+lYjsm6FBQ0ssT5HG:dHfepsrx1GX6sEsNz7QXcFxZ+VhjErm
|
| C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab | Modified File | Unknown |
Unknown
|
...
|
»
| Mime Type | application/vnd.ms-cab-compressed |
| File Size | 973.70 KB |
| MD5 |
39108f15542fce8a458af79bb79017de
|
| SHA1 |
54c33b34c7c169981fda3eeb3ae3cd81c8a23e17
|
| SHA256 |
e91a94e1445dc7253982f0b1a6d640f99de5db5e5ee06aa2dbaabfb93f28bb5e
|
| SSDeep |
12288:obKhh4wRyjIryAelsIwEuomOyqKywY+BNnVgOUq6iqOnJB9I3PWbURdqWxb2tiSo:obKFRyjI4fLuvX96ixnLaf5rAi7zNUe
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 28.50 KB |
| MD5 |
84ccb6f97bd6a74017e7765c88ca42be
|
| SHA1 |
989dace617c8b445fe71bdab9041db61674e066a
|
| SHA256 |
9b0dc708586ef4cd53a9ee876e4fa3b323d0940f27f3502bef8ba10052eba515
|
| SSDeep |
768:YS1UCcPMp0yqRFBD9LgnFzEyHakK80uBF3whE:YS1f2Mp0BPxa57a20aFghE
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 44.00 KB |
| MD5 |
e18fd087bb4646b83f0c747979e0b2dd
|
| SHA1 |
76bfe12f74a9e71156813660bdae789b956d86fe
|
| SHA256 |
4eb3837f80eb816a8e3cc1d8df5baf5655af335d7ac1436ac43007bb8929afc3
|
| SSDeep |
768:GoqW7C/sqNhZcGGTA6VPdzGEbJOaNmyZk3E0zwhWZ6r63wh1:GRW7C/RNhZcGWdz7vHuhwhe62gh1
|
| ImpHash |
83eddc1b1daed64a28700c08d12c94d3
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x40594a |
| Size Of Code | 0x5600 |
| Size Of Initialized Data | 0x3c00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2017-11-04 18:59:04+00:00 |
Version Information (7)
»
| CompanyName | Adobe Systems Incorporated |
| FileDescription | AcroTextExtractor |
| FileVersion | 18.9.20044.251705 |
| LegalCopyright | Copyright 1984-2017 Adobe Systems Incorporated and its licensors. All rights reserved. |
| OriginalFilename | AcroTextExtractor.exe |
| ProductName | Adobe Acrobat text extractor for non-PDF files |
| ProductVersion | 18.9.20044.251705 |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x55ac | 0x5600 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.47 |
| .rdata | 0x407000 | 0x22ec | 0x2400 | 0x5a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.82 |
| .data | 0x40a000 | 0x65c | 0x400 | 0x7e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.36 |
| .rsrc | 0x40b000 | 0x680 | 0x800 | 0x8200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.76 |
| .reloc | 0x40c000 | 0x654 | 0x800 | 0x8a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.74 |
Imports (9)
»
query.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| LoadIFilter | 0x0 | 0x407220 | 0x85ac | 0x6fac | 0x26 |
KERNEL32.dll (31)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetLongPathNameW | 0x0 | 0x407010 | 0x839c | 0x6d9c | 0x25d |
| SetErrorMode | 0x0 | 0x407014 | 0x83a0 | 0x6da0 | 0x4ef |
| GetCurrentProcess | 0x0 | 0x407018 | 0x83a4 | 0x6da4 | 0x209 |
| GetModuleHandleA | 0x0 | 0x40701c | 0x83a8 | 0x6da8 | 0x264 |
| GetProcAddress | 0x0 | 0x407020 | 0x83ac | 0x6dac | 0x29d |
| LocalFree | 0x0 | 0x407024 | 0x83b0 | 0x6db0 | 0x3b2 |
| VerSetConditionMask | 0x0 | 0x407028 | 0x83b4 | 0x6db4 | 0x596 |
| CloseHandle | 0x0 | 0x40702c | 0x83b8 | 0x6db8 | 0x7f |
| GetCommandLineW | 0x0 | 0x407030 | 0x83bc | 0x6dbc | 0x1c9 |
| ResetEvent | 0x0 | 0x407034 | 0x83c0 | 0x6dc0 | 0x4a2 |
| OpenEventW | 0x0 | 0x407038 | 0x83c4 | 0x6dc4 | 0x3e2 |
| OpenProcess | 0x0 | 0x40703c | 0x83c8 | 0x6dc8 | 0x3ee |
| OpenFileMappingW | 0x0 | 0x407040 | 0x83cc | 0x6dcc | 0x3e6 |
| MapViewOfFile | 0x0 | 0x407044 | 0x83d0 | 0x6dd0 | 0x3c0 |
| UnmapViewOfFile | 0x0 | 0x407048 | 0x83d4 | 0x6dd4 | 0x585 |
| WaitForMultipleObjects | 0x0 | 0x40704c | 0x83d8 | 0x6dd8 | 0x5a9 |
| VerifyVersionInfoW | 0x0 | 0x407050 | 0x83dc | 0x6ddc | 0x59a |
| GetTickCount | 0x0 | 0x407054 | 0x83e0 | 0x6de0 | 0x2f2 |
| SetEvent | 0x0 | 0x407058 | 0x83e4 | 0x6de4 | 0x4f0 |
| EncodePointer | 0x0 | 0x40705c | 0x83e8 | 0x6de8 | 0x121 |
| WideCharToMultiByte | 0x0 | 0x407060 | 0x83ec | 0x6dec | 0x5cd |
| MultiByteToWideChar | 0x0 | 0x407064 | 0x83f0 | 0x6df0 | 0x3d1 |
| lstrlenA | 0x0 | 0x407068 | 0x83f4 | 0x6df4 | 0x60a |
| GetLastError | 0x0 | 0x40706c | 0x83f8 | 0x6df8 | 0x250 |
| GetSystemTimeAsFileTime | 0x0 | 0x407070 | 0x83fc | 0x6dfc | 0x2d6 |
| IsDebuggerPresent | 0x0 | 0x407074 | 0x8400 | 0x6e00 | 0x367 |
| IsProcessorFeaturePresent | 0x0 | 0x407078 | 0x8404 | 0x6e04 | 0x36d |
| QueryPerformanceCounter | 0x0 | 0x40707c | 0x8408 | 0x6e08 | 0x42d |
| GetCurrentProcessId | 0x0 | 0x407080 | 0x840c | 0x6e0c | 0x20a |
| GetCurrentThreadId | 0x0 | 0x407084 | 0x8410 | 0x6e10 | 0x20e |
| DecodePointer | 0x0 | 0x407088 | 0x8414 | 0x6e14 | 0xfe |
ADVAPI32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegOpenKeyExA | 0x0 | 0x407000 | 0x838c | 0x6d8c | 0x284 |
| RegCloseKey | 0x0 | 0x407004 | 0x8390 | 0x6d90 | 0x254 |
| RegQueryValueExA | 0x0 | 0x407008 | 0x8394 | 0x6d94 | 0x291 |
SHELL32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CommandLineToArgvW | 0x0 | 0x4071f4 | 0x8580 | 0x6f80 | 0x6 |
ole32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CoUninitialize | 0x0 | 0x407214 | 0x85a0 | 0x6fa0 | 0x7f |
| CoInitialize | 0x0 | 0x407218 | 0x85a4 | 0x6fa4 | 0x4f |
OLEAUT32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SysAllocString | 0x2 | 0x4071e0 | 0x856c | 0x6f6c | - |
| SysFreeString | 0x6 | 0x4071e4 | 0x8570 | 0x6f70 | - |
| SysStringLen | 0x7 | 0x4071e8 | 0x8574 | 0x6f74 | - |
| VariantClear | 0x9 | 0x4071ec | 0x8578 | 0x6f78 | - |
SHLWAPI.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| PathFindExtensionW | 0x0 | 0x4071fc | 0x8588 | 0x6f88 | 0x4b |
| PathFileExistsW | 0x0 | 0x407200 | 0x858c | 0x6f8c | 0x49 |
| PathAddBackslashW | 0x0 | 0x407204 | 0x8590 | 0x6f90 | 0x33 |
| PathIsDirectoryW | 0x0 | 0x407208 | 0x8594 | 0x6f94 | 0x5f |
| PathIsRelativeW | 0x0 | 0x40720c | 0x8598 | 0x6f98 | 0x69 |
MSVCP120.dll (29)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ?_BADOFF@std@@3_JB | 0x0 | 0x407090 | 0x841c | 0x6e1c | 0x1a7 |
| ??_7ios_base@std@@6B@ | 0x0 | 0x407094 | 0x8420 | 0x6e20 | 0x159 |
| ??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@ | 0x0 | 0x407098 | 0x8424 | 0x6e24 | 0x132 |
| ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z | 0x0 | 0x40709c | 0x8428 | 0x6e28 | 0x56e |
| ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z | 0x0 | 0x4070a0 | 0x842c | 0x6e2c | 0x56b |
| ?_Xbad_alloc@std@@YAXXZ | 0x0 | 0x4070a4 | 0x8430 | 0x6e30 | 0x2c9 |
| ?_Xlength_error@std@@YAXPBD@Z | 0x0 | 0x4070a8 | 0x8434 | 0x6e34 | 0x2cc |
| ?_Xout_of_range@std@@YAXPBD@Z | 0x0 | 0x4070ac | 0x8438 | 0x6e38 | 0x2cd |
| ?_Syserror_map@std@@YAPBDH@Z | 0x0 | 0x4070b0 | 0x843c | 0x6e3c | 0x2b0 |
| ?_Winerror_map@std@@YAPBDH@Z | 0x0 | 0x4070b4 | 0x8440 | 0x6e40 | 0x2c5 |
| ?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z | 0x0 | 0x4070b8 | 0x8444 | 0x6e44 | 0x243 |
| ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ | 0x0 | 0x4070bc | 0x8448 | 0x6e48 | 0x2a |
| ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ | 0x0 | 0x4070c0 | 0x844c | 0x6e4c | 0x87 |
| ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ | 0x0 | 0x4070c4 | 0x8450 | 0x6e50 | 0x27c |
| ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ | 0x0 | 0x4070c8 | 0x8454 | 0x6e54 | 0x20e |
| ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ | 0x0 | 0x4070cc | 0x8458 | 0x6e58 | 0x7b |
| ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z | 0x0 | 0x4070d0 | 0x845c | 0x6e5c | 0x20 |
| ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ | 0x0 | 0x4070d4 | 0x8460 | 0x6e60 | 0x84 |
| ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z | 0x0 | 0x4070d8 | 0x8464 | 0x6e64 | 0x564 |
| ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z | 0x0 | 0x4070dc | 0x8468 | 0x6e68 | 0x15 |
| ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ | 0x0 | 0x4070e0 | 0x846c | 0x6e6c | 0x81 |
| ?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z | 0x0 | 0x4070e4 | 0x8470 | 0x6e70 | 0x4ae |
| ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ | 0x0 | 0x4070e8 | 0x8474 | 0x6e74 | 0x258 |
| ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ | 0x0 | 0x4070ec | 0x8478 | 0x6e78 | 0x2bf |
| ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z | 0x0 | 0x4070f0 | 0x847c | 0x6e7c | 0x41c |
| ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z | 0x0 | 0x4070f4 | 0x8480 | 0x6e80 | 0x4d6 |
| ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ | 0x0 | 0x4070f8 | 0x8484 | 0x6e84 | 0x4f6 |
| ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ | 0x0 | 0x4070fc | 0x8488 | 0x6e88 | 0x521 |
| ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ | 0x0 | 0x407100 | 0x848c | 0x6e8c | 0x540 |
MSVCR120.dll (53)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __dllonexit | 0x0 | 0x407108 | 0x8494 | 0x6e94 | 0x1ae |
| _controlfp_s | 0x0 | 0x40710c | 0x8498 | 0x6e98 | 0x243 |
| _invoke_watson | 0x0 | 0x407110 | 0x849c | 0x6e9c | 0x314 |
| __crtSetUnhandledExceptionFilter | 0x0 | 0x407114 | 0x84a0 | 0x6ea0 | 0x1a9 |
| ?terminate@@YAXXZ | 0x0 | 0x407118 | 0x84a4 | 0x6ea4 | 0x135 |
| __crtTerminateProcess | 0x0 | 0x40711c | 0x84a8 | 0x6ea8 | 0x1ab |
| __crtUnhandledException | 0x0 | 0x407120 | 0x84ac | 0x6eac | 0x1ac |
| ??3@YAXPAX@Z | 0x0 | 0x407124 | 0x84b0 | 0x6eb0 | 0x72 |
| memcpy | 0x0 | 0x407128 | 0x84b4 | 0x6eb4 | 0x6e6 |
| memmove | 0x0 | 0x40712c | 0x84b8 | 0x6eb8 | 0x6e8 |
| ??_V@YAXPAX@Z | 0x0 | 0x407130 | 0x84bc | 0x6ebc | 0x89 |
| _CxxThrowException | 0x0 | 0x407134 | 0x84c0 | 0x6ec0 | 0x158 |
| __CxxFrameHandler3 | 0x0 | 0x407138 | 0x84c4 | 0x6ec4 | 0x174 |
| _purecall | 0x0 | 0x40713c | 0x84c8 | 0x6ec8 | 0x449 |
| memset | 0x0 | 0x407140 | 0x84cc | 0x6ecc | 0x6ea |
| strlen | 0x0 | 0x407144 | 0x84d0 | 0x6ed0 | 0x738 |
| _fullpath | 0x0 | 0x407148 | 0x84d4 | 0x6ed4 | 0x2c5 |
| _splitpath_s | 0x0 | 0x40714c | 0x84d8 | 0x6ed8 | 0x49e |
| _wcslwr | 0x0 | 0x407150 | 0x84dc | 0x6edc | 0x555 |
| _mbschr | 0x0 | 0x407154 | 0x84e0 | 0x6ee0 | 0x3c5 |
| _mbslwr | 0x0 | 0x407158 | 0x84e4 | 0x6ee4 | 0x3d9 |
| wcscpy_s | 0x0 | 0x40715c | 0x84e8 | 0x6ee8 | 0x785 |
| wcslen | 0x0 | 0x407160 | 0x84ec | 0x6eec | 0x788 |
| _wcsicmp | 0x0 | 0x407164 | 0x84f0 | 0x6ef0 | 0x551 |
| _wcsnicmp | 0x0 | 0x407168 | 0x84f4 | 0x6ef4 | 0x55b |
| _wfullpath | 0x0 | 0x40716c | 0x84f8 | 0x6ef8 | 0x597 |
| swscanf_s | 0x0 | 0x407170 | 0x84fc | 0x6efc | 0x751 |
| free | 0x0 | 0x407174 | 0x8500 | 0x6f00 | 0x683 |
| malloc | 0x0 | 0x407178 | 0x8504 | 0x6f04 | 0x6db |
| _lock | 0x0 | 0x40717c | 0x8508 | 0x6f08 | 0x394 |
| _unlock | 0x0 | 0x407180 | 0x850c | 0x6f0c | 0x504 |
| _calloc_crt | 0x0 | 0x407184 | 0x8510 | 0x6f10 | 0x22e |
| ??2@YAPAXI@Z | 0x0 | 0x407188 | 0x8514 | 0x6f14 | 0x70 |
| _onexit | 0x0 | 0x40718c | 0x8518 | 0x6f18 | 0x43a |
| ??1type_info@@UAE@XZ | 0x0 | 0x407190 | 0x851c | 0x6f1c | 0x6f |
| _XcptFilter | 0x0 | 0x407194 | 0x8520 | 0x6f20 | 0x16b |
| __crtGetShowWindowMode | 0x0 | 0x407198 | 0x8524 | 0x6f24 | 0x19d |
| _amsg_exit | 0x0 | 0x40719c | 0x8528 | 0x6f28 | 0x217 |
| __getmainargs | 0x0 | 0x4071a0 | 0x852c | 0x6f2c | 0x1b6 |
| __set_app_type | 0x0 | 0x4071a4 | 0x8530 | 0x6f30 | 0x1f2 |
| exit | 0x0 | 0x4071a8 | 0x8534 | 0x6f34 | 0x64e |
| _exit | 0x0 | 0x4071ac | 0x8538 | 0x6f38 | 0x283 |
| _cexit | 0x0 | 0x4071b0 | 0x853c | 0x6f3c | 0x22f |
| _ismbblead | 0x0 | 0x4071b4 | 0x8540 | 0x6f40 | 0x331 |
| _configthreadlocale | 0x0 | 0x4071b8 | 0x8544 | 0x6f44 | 0x240 |
| __setusermatherr | 0x0 | 0x4071bc | 0x8548 | 0x6f48 | 0x1f4 |
| _initterm_e | 0x0 | 0x4071c0 | 0x854c | 0x6f4c | 0x30d |
| _initterm | 0x0 | 0x4071c4 | 0x8550 | 0x6f50 | 0x30c |
| _acmdln | 0x0 | 0x4071c8 | 0x8554 | 0x6f54 | 0x20e |
| _fmode | 0x0 | 0x4071cc | 0x8558 | 0x6f58 | 0x2a2 |
| _commode | 0x0 | 0x4071d0 | 0x855c | 0x6f5c | 0x23f |
| _except_handler4_common | 0x0 | 0x4071d4 | 0x8560 | 0x6f60 | 0x27a |
| _crt_debugger_hook | 0x0 | 0x4071d8 | 0x8564 | 0x6f64 | 0x250 |
Digital Signatures (2)
»
Certificate: Adobe Systems, Incorporated
»
| Issued by | Adobe Systems, Incorporated |
| Parent Certificate | DigiCert EV Code Signing CA (SHA2) |
| Country Name | US |
| Valid From | 2017-03-10 00:00:00+00:00 |
| Valid Until | 2019-03-15 12:00:00+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 06 89 83 64 2C 95 3E 46 F7 BD CE 41 43 F1 33 C1 |
| Thumbprint | EA A8 43 CA 28 33 A2 E1 EB ED EB E7 D0 4F 0C A2 B4 D9 73 44 |
Certificate: DigiCert EV Code Signing CA (SHA2)
»
| Issued by | DigiCert EV Code Signing CA (SHA2) |
| Country Name | US |
| Valid From | 2012-04-18 12:00:00+00:00 |
| Valid Until | 2027-04-18 12:00:00+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C |
| Thumbprint | 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3 |
| C:\Program Files\Java\jre1.8.0_144\bin\javacpl.exe | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\javacpl.exe.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 78.58 KB |
| MD5 |
6a2adcd9c827ba3666783023997941a9
|
| SHA1 |
f188b16a8f28800329bf5069d18d458414cf3cc8
|
| SHA256 |
385914682a2312ac9e0e18a7a283819153964bd6dd31fe6a077f5a6c5cc1eefb
|
| SSDeep |
1536:qWnPj/3I/Nr5Mk1uyewzL9vOpIVK7qjh3rmKPNtJKwf:qMs/Nr5juyL9vOp0tjZqMNtJKwf
|
| C:\Program Files\Java\jre1.8.0_144\bin\javaw.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 202.08 KB |
| MD5 |
5140d75743b6dbe1c2fa3be211449990
|
| SHA1 |
19331fb7187b7c989529d017df00abf15f75bd27
|
| SHA256 |
ecb47a9410f0345862ce96e7619905b8d347e0fed34cdbbe1f647e641739b94c
|
| SSDeep |
6144:bTWHjQN8tRluTLdmGIebIsciijTBdz5v1C:fWHjiYwEjTDz5v1C
|
| ImpHash |
2d6f4e096a2d15d4349a455f88e1f66e
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x14000a8f4 |
| Size Of Code | 0x1ca00 |
| Size Of Initialized Data | 0x14200 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2017-07-22 05:07:21+00:00 |
Version Information (9)
»
| CompanyName | Oracle Corporation |
| FileDescription | Java(TM) Platform SE binary |
| FileVersion | 8.0.1440.1 |
| Full Version | 1.8.0_144-b01 |
| InternalName | javaw |
| LegalCopyright | Copyright © 2017 |
| OriginalFilename | javaw.exe |
| ProductName | Java(TM) Platform SE 8 |
| ProductVersion | 8.0.1440.1 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x1c901 | 0x1ca00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.5 |
| .rdata | 0x14001e000 | 0x8906 | 0x8a00 | 0x1ce00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.2 |
| .data | 0x140027000 | 0x3ff8 | 0x1c00 | 0x25800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.87 |
| .pdata | 0x14002b000 | 0x1254 | 0x1400 | 0x27400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.94 |
| .rsrc | 0x14002d000 | 0x81b8 | 0x8200 | 0x28800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.02 |
| .reloc | 0x140036000 | 0x4d0 | 0x600 | 0x30a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 2.57 |
Imports (4)
»
ADVAPI32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegCloseKey | 0x0 | 0x14001e000 | 0x25e08 | 0x24c08 | 0x230 |
| RegOpenKeyExA | 0x0 | 0x14001e008 | 0x25e10 | 0x24c10 | 0x260 |
| RegEnumKeyA | 0x0 | 0x14001e010 | 0x25e18 | 0x24c18 | 0x24d |
| RegQueryValueExA | 0x0 | 0x14001e018 | 0x25e20 | 0x24c20 | 0x26d |
USER32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CharNextExA | 0x0 | 0x14001e340 | 0x26148 | 0x24f48 | 0x30 |
| MessageBoxA | 0x0 | 0x14001e348 | 0x26150 | 0x24f50 | 0x212 |
COMCTL32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| InitCommonControlsEx | 0x0 | 0x14001e028 | 0x25e30 | 0x24c30 | 0x7c |
KERNEL32.dll (96)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CreateFileW | 0x0 | 0x14001e038 | 0x25e40 | 0x24c40 | 0x8f |
| GetCommandLineA | 0x0 | 0x14001e040 | 0x25e48 | 0x24c48 | 0x18c |
| GetModuleFileNameA | 0x0 | 0x14001e048 | 0x25e50 | 0x24c50 | 0x219 |
| QueryPerformanceCounter | 0x0 | 0x14001e050 | 0x25e58 | 0x24c58 | 0x3a9 |
| QueryPerformanceFrequency | 0x0 | 0x14001e058 | 0x25e60 | 0x24c60 | 0x3aa |
| LocalFree | 0x0 | 0x14001e060 | 0x25e68 | 0x24c68 | 0x34a |
| FormatMessageA | 0x0 | 0x14001e068 | 0x25e70 | 0x24c70 | 0x163 |
| GetLastError | 0x0 | 0x14001e070 | 0x25e78 | 0x24c78 | 0x208 |
| CloseHandle | 0x0 | 0x14001e078 | 0x25e80 | 0x24c80 | 0x52 |
| GetExitCodeProcess | 0x0 | 0x14001e080 | 0x25e88 | 0x24c88 | 0x1e6 |
| WaitForSingleObject | 0x0 | 0x14001e088 | 0x25e90 | 0x24c90 | 0x508 |
| CreateProcessA | 0x0 | 0x14001e090 | 0x25e98 | 0x24c98 | 0xa4 |
| GetProcAddress | 0x0 | 0x14001e098 | 0x25ea0 | 0x24ca0 | 0x24c |
| GetModuleHandleA | 0x0 | 0x14001e0a0 | 0x25ea8 | 0x24ca8 | 0x21b |
| LoadLibraryA | 0x0 | 0x14001e0a8 | 0x25eb0 | 0x24cb0 | 0x33e |
| GetExitCodeThread | 0x0 | 0x14001e0b0 | 0x25eb8 | 0x24cb8 | 0x1e7 |
| FindFirstFileA | 0x0 | 0x14001e0b8 | 0x25ec0 | 0x24cc0 | 0x138 |
| FindNextFileA | 0x0 | 0x14001e0c0 | 0x25ec8 | 0x24cc8 | 0x149 |
| FindClose | 0x0 | 0x14001e0c8 | 0x25ed0 | 0x24cd0 | 0x134 |
| GetModuleHandleW | 0x0 | 0x14001e0d0 | 0x25ed8 | 0x24cd8 | 0x21e |
| ExitProcess | 0x0 | 0x14001e0d8 | 0x25ee0 | 0x24ce0 | 0x11f |
| DecodePointer | 0x0 | 0x14001e0e0 | 0x25ee8 | 0x24ce8 | 0xcb |
| GetStartupInfoW | 0x0 | 0x14001e0e8 | 0x25ef0 | 0x24cf0 | 0x26a |
| HeapFree | 0x0 | 0x14001e0f0 | 0x25ef8 | 0x24cf8 | 0x2d7 |
| MultiByteToWideChar | 0x0 | 0x14001e0f8 | 0x25f00 | 0x24d00 | 0x369 |
| GetCurrentProcessId | 0x0 | 0x14001e100 | 0x25f08 | 0x24d08 | 0x1c7 |
| EnterCriticalSection | 0x0 | 0x14001e108 | 0x25f10 | 0x24d10 | 0xf2 |
| LeaveCriticalSection | 0x0 | 0x14001e110 | 0x25f18 | 0x24d18 | 0x33b |
| HeapAlloc | 0x0 | 0x14001e118 | 0x25f20 | 0x24d20 | 0x2d3 |
| HeapReAlloc | 0x0 | 0x14001e120 | 0x25f28 | 0x24d28 | 0x2da |
| FileTimeToSystemTime | 0x0 | 0x14001e128 | 0x25f30 | 0x24d30 | 0x12b |
| FileTimeToLocalFileTime | 0x0 | 0x14001e130 | 0x25f38 | 0x24d38 | 0x12a |
| GetDriveTypeA | 0x0 | 0x14001e138 | 0x25f40 | 0x24d40 | 0x1d9 |
| FindFirstFileExA | 0x0 | 0x14001e140 | 0x25f48 | 0x24d48 | 0x139 |
| GetFileAttributesA | 0x0 | 0x14001e148 | 0x25f50 | 0x24d50 | 0x1ec |
| ExitThread | 0x0 | 0x14001e150 | 0x25f58 | 0x24d58 | 0x120 |
| GetCurrentThreadId | 0x0 | 0x14001e158 | 0x25f60 | 0x24d60 | 0x1cb |
| CreateThread | 0x0 | 0x14001e160 | 0x25f68 | 0x24d68 | 0xb4 |
| SetFilePointer | 0x0 | 0x14001e168 | 0x25f70 | 0x24d70 | 0x474 |
| InitializeCriticalSectionAndSpinCount | 0x0 | 0x14001e170 | 0x25f78 | 0x24d78 | 0x2eb |
| DeleteCriticalSection | 0x0 | 0x14001e178 | 0x25f80 | 0x24d80 | 0xd2 |
| EncodePointer | 0x0 | 0x14001e180 | 0x25f88 | 0x24d88 | 0xee |
| LoadLibraryW | 0x0 | 0x14001e188 | 0x25f90 | 0x24d90 | 0x341 |
| UnhandledExceptionFilter | 0x0 | 0x14001e190 | 0x25f98 | 0x24d98 | 0x4e2 |
| SetUnhandledExceptionFilter | 0x0 | 0x14001e198 | 0x25fa0 | 0x24da0 | 0x4b3 |
| IsDebuggerPresent | 0x0 | 0x14001e1a0 | 0x25fa8 | 0x24da8 | 0x302 |
| RtlVirtualUnwind | 0x0 | 0x14001e1a8 | 0x25fb0 | 0x24db0 | 0x426 |
| RtlLookupFunctionEntry | 0x0 | 0x14001e1b0 | 0x25fb8 | 0x24db8 | 0x41f |
| RtlCaptureContext | 0x0 | 0x14001e1b8 | 0x25fc0 | 0x24dc0 | 0x418 |
| TerminateProcess | 0x0 | 0x14001e1c0 | 0x25fc8 | 0x24dc8 | 0x4ce |
| GetCurrentProcess | 0x0 | 0x14001e1c8 | 0x25fd0 | 0x24dd0 | 0x1c6 |
| FlsGetValue | 0x0 | 0x14001e1d0 | 0x25fd8 | 0x24dd8 | 0x15a |
| FlsSetValue | 0x0 | 0x14001e1d8 | 0x25fe0 | 0x24de0 | 0x15b |
| FlsFree | 0x0 | 0x14001e1e0 | 0x25fe8 | 0x24de8 | 0x159 |
| SetLastError | 0x0 | 0x14001e1e8 | 0x25ff0 | 0x24df0 | 0x480 |
| FlsAlloc | 0x0 | 0x14001e1f0 | 0x25ff8 | 0x24df8 | 0x158 |
| RtlUnwindEx | 0x0 | 0x14001e1f8 | 0x26000 | 0x24e00 | 0x425 |
| WriteFile | 0x0 | 0x14001e200 | 0x26008 | 0x24e08 | 0x534 |
| GetStdHandle | 0x0 | 0x14001e208 | 0x26010 | 0x24e10 | 0x26b |
| GetModuleFileNameW | 0x0 | 0x14001e210 | 0x26018 | 0x24e18 | 0x21a |
| WideCharToMultiByte | 0x0 | 0x14001e218 | 0x26020 | 0x24e20 | 0x520 |
| FreeEnvironmentStringsW | 0x0 | 0x14001e220 | 0x26028 | 0x24e28 | 0x167 |
| GetEnvironmentStringsW | 0x0 | 0x14001e228 | 0x26030 | 0x24e30 | 0x1e1 |
| SetHandleCount | 0x0 | 0x14001e230 | 0x26038 | 0x24e38 | 0x47c |
| GetFileType | 0x0 | 0x14001e238 | 0x26040 | 0x24e40 | 0x1fa |
| HeapSetInformation | 0x0 | 0x14001e240 | 0x26048 | 0x24e48 | 0x2db |
| GetVersion | 0x0 | 0x14001e248 | 0x26050 | 0x24e50 | 0x2aa |
| HeapCreate | 0x0 | 0x14001e250 | 0x26058 | 0x24e58 | 0x2d5 |
| GetTickCount | 0x0 | 0x14001e258 | 0x26060 | 0x24e60 | 0x29a |
| GetSystemTimeAsFileTime | 0x0 | 0x14001e260 | 0x26068 | 0x24e68 | 0x280 |
| SetEnvironmentVariableW | 0x0 | 0x14001e268 | 0x26070 | 0x24e70 | 0x465 |
| SetEnvironmentVariableA | 0x0 | 0x14001e270 | 0x26078 | 0x24e78 | 0x464 |
| Sleep | 0x0 | 0x14001e278 | 0x26080 | 0x24e80 | 0x4c0 |
| SetStdHandle | 0x0 | 0x14001e280 | 0x26088 | 0x24e88 | 0x494 |
| GetConsoleCP | 0x0 | 0x14001e288 | 0x26090 | 0x24e90 | 0x1a0 |
| GetConsoleMode | 0x0 | 0x14001e290 | 0x26098 | 0x24e98 | 0x1b2 |
| GetFullPathNameA | 0x0 | 0x14001e298 | 0x260a0 | 0x24ea0 | 0x1ff |
| GetFileInformationByHandle | 0x0 | 0x14001e2a0 | 0x260a8 | 0x24ea8 | 0x1f3 |
| PeekNamedPipe | 0x0 | 0x14001e2a8 | 0x260b0 | 0x24eb0 | 0x38f |
| CreateFileA | 0x0 | 0x14001e2b0 | 0x260b8 | 0x24eb8 | 0x88 |
| GetCurrentDirectoryW | 0x0 | 0x14001e2b8 | 0x260c0 | 0x24ec0 | 0x1c5 |
| FlushFileBuffers | 0x0 | 0x14001e2c0 | 0x260c8 | 0x24ec8 | 0x15d |
| GetCPInfo | 0x0 | 0x14001e2c8 | 0x260d0 | 0x24ed0 | 0x178 |
| GetACP | 0x0 | 0x14001e2d0 | 0x260d8 | 0x24ed8 | 0x16e |
| GetOEMCP | 0x0 | 0x14001e2d8 | 0x260e0 | 0x24ee0 | 0x23e |
| IsValidCodePage | 0x0 | 0x14001e2e0 | 0x260e8 | 0x24ee8 | 0x30c |
| HeapSize | 0x0 | 0x14001e2e8 | 0x260f0 | 0x24ef0 | 0x2dc |
| CompareStringW | 0x0 | 0x14001e2f0 | 0x260f8 | 0x24ef8 | 0x64 |
| ReadFile | 0x0 | 0x14001e2f8 | 0x26100 | 0x24f00 | 0x3c3 |
| WriteConsoleW | 0x0 | 0x14001e300 | 0x26108 | 0x24f08 | 0x533 |
| GetDriveTypeW | 0x0 | 0x14001e308 | 0x26110 | 0x24f10 | 0x1da |
| SetEndOfFile | 0x0 | 0x14001e310 | 0x26118 | 0x24f18 | 0x461 |
| GetProcessHeap | 0x0 | 0x14001e318 | 0x26120 | 0x24f20 | 0x251 |
| GetTimeZoneInformation | 0x0 | 0x14001e320 | 0x26128 | 0x24f28 | 0x29f |
| LCMapStringW | 0x0 | 0x14001e328 | 0x26130 | 0x24f30 | 0x32f |
| GetStringTypeW | 0x0 | 0x14001e330 | 0x26138 | 0x24f38 | 0x270 |
Digital Signatures (2)
»
Certificate: Oracle America, Inc.
»
| Issued by | Oracle America, Inc. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2015-04-14 00:00:00+00:00 |
| Valid Until | 2018-04-13 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52 |
| Thumbprint | 3B 75 81 6D 15 A6 D8 F4 59 8E 9C F5 60 3F 18 39 EE 84 D7 3D |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00:00+00:00 |
| Valid Until | 2023-12-09 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 135.50 KB |
| MD5 |
08871318cf86a00c08563c2a72f2441c
|
| SHA1 |
4853b9ed032ba772fd937a428019cb147c55e555
|
| SHA256 |
d45060b8a48eb6fa98bc6226a0bf1e0b263cb1114dd147bc149c11410f84997a
|
| SSDeep |
3072:yeGl1aZbAdVTCcv/7VjFgg6Db4fcIJ1L2CgLxrUm:9bAzxv/7VP6PrggLxD
|
| ImpHash |
9274653cf904553cd06e1a9dfebc6d9a
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x401adc |
| Size Of Code | 0x14a00 |
| Size Of Initialized Data | 0xb800 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2017-11-04 18:07:13+00:00 |
Version Information (9)
»
| Comments | Acrobat Installer Utility |
| CompanyName | Adobe Systems, Inc. |
| FileDescription | ADelRCP Dynamic Link Library |
| FileVersion | 18.9.20044.251705 |
| InternalName | ADelRCP |
| LegalCopyright | Copyright © 1998-2011 Adobe Systems Incorporated and its licensors. All rights reserved. |
| OriginalFilename | ADelRCP.dll |
| ProductName | ADelRCP Dynamic Link Library |
| ProductVersion | 18.9.20044.251705 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x148cf | 0x14a00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.18 |
| .rdata | 0x416000 | 0x8ed4 | 0x9000 | 0x14e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.22 |
| .data | 0x41f000 | 0x96c | 0x400 | 0x1de00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.76 |
| .CRT | 0x420000 | 0x34 | 0x200 | 0x1e200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 0.64 |
| .rsrc | 0x421000 | 0x9e0 | 0xa00 | 0x1e400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.95 |
| .reloc | 0x422000 | 0x10c4 | 0x1200 | 0x1ee00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.52 |
Imports (7)
»
msi.dll (9)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| (by ordinal) | 0x8 | 0x4162dc | 0x1dbb0 | 0x1c9b0 | - |
| (by ordinal) | 0xa7 | 0x4162e0 | 0x1dbb4 | 0x1c9b4 | - |
| (by ordinal) | 0x67 | 0x4162e4 | 0x1dbb8 | 0x1c9b8 | - |
| (by ordinal) | 0x4a | 0x4162e8 | 0x1dbbc | 0x1c9bc | - |
| (by ordinal) | 0x91 | 0x4162ec | 0x1dbc0 | 0x1c9c0 | - |
| (by ordinal) | 0x7d | 0x4162f0 | 0x1dbc4 | 0x1c9c4 | - |
| (by ordinal) | 0x11 | 0x4162f4 | 0x1dbc8 | 0x1c9c8 | - |
| (by ordinal) | 0xcd | 0x4162f8 | 0x1dbcc | 0x1c9cc | - |
| (by ordinal) | 0x46 | 0x4162fc | 0x1dbd0 | 0x1c9d0 | - |
KERNEL32.dll (44)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| OutputDebugStringW | 0x0 | 0x416068 | 0x1d93c | 0x1c73c | 0x3fa |
| VirtualQuery | 0x0 | 0x41606c | 0x1d940 | 0x1c740 | 0x5a3 |
| LoadLibraryExW | 0x0 | 0x416070 | 0x1d944 | 0x1c744 | 0x3a7 |
| GetLastError | 0x0 | 0x416074 | 0x1d948 | 0x1c748 | 0x250 |
| Sleep | 0x0 | 0x416078 | 0x1d94c | 0x1c74c | 0x552 |
| GetSystemTime | 0x0 | 0x41607c | 0x1d950 | 0x1c750 | 0x2d4 |
| FreeLibrary | 0x0 | 0x416080 | 0x1d954 | 0x1c754 | 0x19e |
| GetModuleFileNameW | 0x0 | 0x416084 | 0x1d958 | 0x1c758 | 0x263 |
| GetProcAddress | 0x0 | 0x416088 | 0x1d95c | 0x1c75c | 0x29d |
| LocalFree | 0x0 | 0x41608c | 0x1d960 | 0x1c760 | 0x3b2 |
| FormatMessageW | 0x0 | 0x416090 | 0x1d964 | 0x1c764 | 0x19a |
| lstrcmpW | 0x0 | 0x416094 | 0x1d968 | 0x1c768 | 0x5ff |
| lstrcmpiW | 0x0 | 0x416098 | 0x1d96c | 0x1c76c | 0x602 |
| lstrcpyW | 0x0 | 0x41609c | 0x1d970 | 0x1c770 | 0x605 |
| lstrcatW | 0x0 | 0x4160a0 | 0x1d974 | 0x1c774 | 0x5fc |
| lstrlenW | 0x0 | 0x4160a4 | 0x1d978 | 0x1c778 | 0x60b |
| LoadLibraryW | 0x0 | 0x4160a8 | 0x1d97c | 0x1c77c | 0x3a8 |
| MultiByteToWideChar | 0x0 | 0x4160ac | 0x1d980 | 0x1c780 | 0x3d1 |
| WideCharToMultiByte | 0x0 | 0x4160b0 | 0x1d984 | 0x1c784 | 0x5cd |
| CreateFileW | 0x0 | 0x4160b4 | 0x1d988 | 0x1c788 | 0xc2 |
| CloseHandle | 0x0 | 0x4160b8 | 0x1d98c | 0x1c78c | 0x7f |
| DecodePointer | 0x0 | 0x4160bc | 0x1d990 | 0x1c790 | 0xfe |
| RaiseException | 0x0 | 0x4160c0 | 0x1d994 | 0x1c794 | 0x440 |
| HeapAlloc | 0x0 | 0x4160c4 | 0x1d998 | 0x1c798 | 0x32f |
| HeapFree | 0x0 | 0x4160c8 | 0x1d99c | 0x1c79c | 0x333 |
| GetProcessHeap | 0x0 | 0x4160cc | 0x1d9a0 | 0x1c7a0 | 0x2a2 |
| InitializeCriticalSectionEx | 0x0 | 0x4160d0 | 0x1d9a4 | 0x1c7a4 | 0x349 |
| DeleteCriticalSection | 0x0 | 0x4160d4 | 0x1d9a8 | 0x1c7a8 | 0x105 |
| GetCurrentProcess | 0x0 | 0x4160d8 | 0x1d9ac | 0x1c7ac | 0x209 |
| CreateProcessW | 0x0 | 0x4160dc | 0x1d9b0 | 0x1c7b0 | 0xdb |
| OpenProcess | 0x0 | 0x4160e0 | 0x1d9b4 | 0x1c7b4 | 0x3ee |
| GetSystemDirectoryW | 0x0 | 0x4160e4 | 0x1d9b8 | 0x1c7b8 | 0x2cd |
| IsProcessorFeaturePresent | 0x0 | 0x4160e8 | 0x1d9bc | 0x1c7bc | 0x36d |
| GetModuleHandleW | 0x0 | 0x4160ec | 0x1d9c0 | 0x1c7c0 | 0x267 |
| SystemTimeToFileTime | 0x0 | 0x4160f0 | 0x1d9c4 | 0x1c7c4 | 0x55d |
| GetFullPathNameW | 0x0 | 0x4160f4 | 0x1d9c8 | 0x1c7c8 | 0x249 |
| GetCurrentProcessId | 0x0 | 0x4160f8 | 0x1d9cc | 0x1c7cc | 0x20a |
| ProcessIdToSessionId | 0x0 | 0x4160fc | 0x1d9d0 | 0x1c7d0 | 0x410 |
| CreateToolhelp32Snapshot | 0x0 | 0x416100 | 0x1d9d4 | 0x1c7d4 | 0xf1 |
| Process32FirstW | 0x0 | 0x416104 | 0x1d9d8 | 0x1c7d8 | 0x40d |
| Process32NextW | 0x0 | 0x416108 | 0x1d9dc | 0x1c7dc | 0x40f |
| GetWindowsDirectoryW | 0x0 | 0x41610c | 0x1d9e0 | 0x1c7e0 | 0x310 |
| IsDebuggerPresent | 0x0 | 0x416110 | 0x1d9e4 | 0x1c7e4 | 0x367 |
| EncodePointer | 0x0 | 0x416114 | 0x1d9e8 | 0x1c7e8 | 0x121 |
ADVAPI32.dll (25)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DuplicateTokenEx | 0x0 | 0x416000 | 0x1d8d4 | 0x1c6d4 | 0xef |
| RegDeleteKeyExW | 0x0 | 0x416004 | 0x1d8d8 | 0x1c6d8 | 0x263 |
| CreateProcessWithTokenW | 0x0 | 0x416008 | 0x1d8dc | 0x1c6dc | 0x8d |
| EqualSid | 0x0 | 0x41600c | 0x1d8e0 | 0x1c6e0 | 0x118 |
| AllocateAndInitializeSid | 0x0 | 0x416010 | 0x1d8e4 | 0x1c6e4 | 0x20 |
| CreateProcessAsUserW | 0x0 | 0x416014 | 0x1d8e8 | 0x1c6e8 | 0x8b |
| SetNamedSecurityInfoW | 0x0 | 0x416018 | 0x1d8ec | 0x1c6ec | 0x2da |
| GetNamedSecurityInfoW | 0x0 | 0x41601c | 0x1d8f0 | 0x1c6f0 | 0x156 |
| ConvertSidToStringSidW | 0x0 | 0x416020 | 0x1d8f4 | 0x1c6f4 | 0x7b |
| CryptDestroyHash | 0x0 | 0x416024 | 0x1d8f8 | 0x1c6f8 | 0xc6 |
| CryptHashData | 0x0 | 0x416028 | 0x1d8fc | 0x1c6fc | 0xd8 |
| CryptCreateHash | 0x0 | 0x41602c | 0x1d900 | 0x1c700 | 0xc3 |
| CryptGetHashParam | 0x0 | 0x416030 | 0x1d904 | 0x1c704 | 0xd4 |
| CryptReleaseContext | 0x0 | 0x416034 | 0x1d908 | 0x1c708 | 0xdb |
| CryptAcquireContextW | 0x0 | 0x416038 | 0x1d90c | 0x1c70c | 0xc1 |
| RegDeleteKeyW | 0x0 | 0x41603c | 0x1d910 | 0x1c710 | 0x268 |
| RegCreateKeyExW | 0x0 | 0x416040 | 0x1d914 | 0x1c714 | 0x25d |
| GetTokenInformation | 0x0 | 0x416044 | 0x1d918 | 0x1c718 | 0x16f |
| OpenProcessToken | 0x0 | 0x416048 | 0x1d91c | 0x1c71c | 0x212 |
| RegSetValueExW | 0x0 | 0x41604c | 0x1d920 | 0x1c720 | 0x2a2 |
| RegQueryValueExW | 0x0 | 0x416050 | 0x1d924 | 0x1c724 | 0x292 |
| RegQueryInfoKeyW | 0x0 | 0x416054 | 0x1d928 | 0x1c728 | 0x28c |
| RegOpenKeyExW | 0x0 | 0x416058 | 0x1d92c | 0x1c72c | 0x285 |
| RegEnumKeyExW | 0x0 | 0x41605c | 0x1d930 | 0x1c730 | 0x273 |
| RegCloseKey | 0x0 | 0x416060 | 0x1d934 | 0x1c734 | 0x254 |
SHELL32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SHGetKnownFolderPath | 0x0 | 0x4162cc | 0x1dba0 | 0x1c9a0 | 0xde |
| SHChangeNotify | 0x0 | 0x4162d0 | 0x1dba4 | 0x1c9a4 | 0x87 |
| SHGetSpecialFolderPathW | 0x0 | 0x4162d4 | 0x1dba8 | 0x1c9a8 | 0xf4 |
ole32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CoCreateInstance | 0x0 | 0x416304 | 0x1dbd8 | 0x1c9d8 | 0x1a |
| CLSIDFromString | 0x0 | 0x416308 | 0x1dbdc | 0x1c9dc | 0xc |
| CoTaskMemFree | 0x0 | 0x41630c | 0x1dbe0 | 0x1c9e0 | 0x7b |
| CoInitializeEx | 0x0 | 0x416310 | 0x1dbe4 | 0x1c9e4 | 0x50 |
MSVCR120.dll (62)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| _lock | 0x0 | 0x4161d0 | 0x1daa4 | 0x1c8a4 | 0x394 |
| _unlock | 0x0 | 0x4161d4 | 0x1daa8 | 0x1c8a8 | 0x504 |
| _calloc_crt | 0x0 | 0x4161d8 | 0x1daac | 0x1c8ac | 0x22e |
| __dllonexit | 0x0 | 0x4161dc | 0x1dab0 | 0x1c8b0 | 0x1ae |
| _onexit | 0x0 | 0x4161e0 | 0x1dab4 | 0x1c8b4 | 0x43a |
| _except1 | 0x0 | 0x4161e4 | 0x1dab8 | 0x1c8b8 | 0x277 |
| ??1type_info@@UAE@XZ | 0x0 | 0x4161e8 | 0x1dabc | 0x1c8bc | 0x6f |
| _crt_debugger_hook | 0x0 | 0x4161ec | 0x1dac0 | 0x1c8c0 | 0x250 |
| __crtUnhandledException | 0x0 | 0x4161f0 | 0x1dac4 | 0x1c8c4 | 0x1ac |
| __crtTerminateProcess | 0x0 | 0x4161f4 | 0x1dac8 | 0x1c8c8 | 0x1ab |
| _except_handler4_common | 0x0 | 0x4161f8 | 0x1dacc | 0x1c8cc | 0x27a |
| ?terminate@@YAXXZ | 0x0 | 0x4161fc | 0x1dad0 | 0x1c8d0 | 0x135 |
| wcstok | 0x0 | 0x416200 | 0x1dad4 | 0x1c8d4 | 0x798 |
| _wcslwr | 0x0 | 0x416204 | 0x1dad8 | 0x1c8d8 | 0x555 |
| wcschr | 0x0 | 0x416208 | 0x1dadc | 0x1c8dc | 0x781 |
| _wsplitpath_s | 0x0 | 0x41620c | 0x1dae0 | 0x1c8e0 | 0x5bf |
| wcsncpy_s | 0x0 | 0x416210 | 0x1dae4 | 0x1c8e4 | 0x78d |
| wcscpy_s | 0x0 | 0x416214 | 0x1dae8 | 0x1c8e8 | 0x785 |
| _wcsicmp | 0x0 | 0x416218 | 0x1daec | 0x1c8ec | 0x551 |
| memset | 0x0 | 0x41621c | 0x1daf0 | 0x1c8f0 | 0x6ea |
| ??2@YAPAXI@Z | 0x0 | 0x416220 | 0x1daf4 | 0x1c8f4 | 0x70 |
| ??3@YAXPAX@Z | 0x0 | 0x416224 | 0x1daf8 | 0x1c8f8 | 0x72 |
| wcscat_s | 0x0 | 0x416228 | 0x1dafc | 0x1c8fc | 0x780 |
| wcscmp | 0x0 | 0x41622c | 0x1db00 | 0x1c900 | 0x782 |
| wcslen | 0x0 | 0x416230 | 0x1db04 | 0x1c904 | 0x788 |
| wcsstr | 0x0 | 0x416234 | 0x1db08 | 0x1c908 | 0x794 |
| _wassert | 0x0 | 0x416238 | 0x1db0c | 0x1c90c | 0x546 |
| __CxxFrameHandler3 | 0x0 | 0x41623c | 0x1db10 | 0x1c910 | 0x174 |
| _purecall | 0x0 | 0x416240 | 0x1db14 | 0x1c914 | 0x449 |
| fclose | 0x0 | 0x416244 | 0x1db18 | 0x1c918 | 0x657 |
| fflush | 0x0 | 0x416248 | 0x1db1c | 0x1c91c | 0x668 |
| fgetc | 0x0 | 0x41624c | 0x1db20 | 0x1c920 | 0x669 |
| fgetpos | 0x0 | 0x416250 | 0x1db24 | 0x1c924 | 0x66a |
| fputc | 0x0 | 0x416254 | 0x1db28 | 0x1c928 | 0x67d |
| fsetpos | 0x0 | 0x416258 | 0x1db2c | 0x1c92c | 0x68a |
| _fseeki64 | 0x0 | 0x41625c | 0x1db30 | 0x1c930 | 0x2b6 |
| fwrite | 0x0 | 0x416260 | 0x1db34 | 0x1c934 | 0x68e |
| setvbuf | 0x0 | 0x416264 | 0x1db38 | 0x1c938 | 0x723 |
| ungetc | 0x0 | 0x416268 | 0x1db3c | 0x1c93c | 0x764 |
| _vsnwprintf | 0x0 | 0x41626c | 0x1db40 | 0x1c940 | 0x52f |
| _lock_file | 0x0 | 0x416270 | 0x1db44 | 0x1c944 | 0x395 |
| _unlock_file | 0x0 | 0x416274 | 0x1db48 | 0x1c948 | 0x505 |
| calloc | 0x0 | 0x416278 | 0x1db4c | 0x1c94c | 0x5fe |
| free | 0x0 | 0x41627c | 0x1db50 | 0x1c950 | 0x683 |
| malloc | 0x0 | 0x416280 | 0x1db54 | 0x1c954 | 0x6db |
| _recalloc | 0x0 | 0x416284 | 0x1db58 | 0x1c958 | 0x455 |
| _itow_s | 0x0 | 0x416288 | 0x1db5c | 0x1c95c | 0x377 |
| memcmp | 0x0 | 0x41628c | 0x1db60 | 0x1c960 | 0x6e5 |
| memcpy | 0x0 | 0x416290 | 0x1db64 | 0x1c964 | 0x6e6 |
| memcpy_s | 0x0 | 0x416294 | 0x1db68 | 0x1c968 | 0x6e7 |
| strlen | 0x0 | 0x416298 | 0x1db6c | 0x1c96c | 0x738 |
| memmove | 0x0 | 0x41629c | 0x1db70 | 0x1c970 | 0x6e8 |
| _wcslwr_s | 0x0 | 0x4162a0 | 0x1db74 | 0x1c974 | 0x557 |
| ??_V@YAXPAX@Z | 0x0 | 0x4162a4 | 0x1db78 | 0x1c978 | 0x89 |
| ??_U@YAPAXI@Z | 0x0 | 0x4162a8 | 0x1db7c | 0x1c97c | 0x87 |
| longjmp | 0x0 | 0x4162ac | 0x1db80 | 0x1c980 | 0x6d4 |
| ??0bad_cast@std@@QAE@PBD@Z | 0x0 | 0x4162b0 | 0x1db84 | 0x1c984 | 0x1d |
| ??0bad_cast@std@@QAE@ABV01@@Z | 0x0 | 0x4162b4 | 0x1db88 | 0x1c988 | 0x1c |
| ??0exception@std@@QAE@ABV01@@Z | 0x0 | 0x4162b8 | 0x1db8c | 0x1c98c | 0x2c |
| ??1bad_cast@std@@UAE@XZ | 0x0 | 0x4162bc | 0x1db90 | 0x1c990 | 0x66 |
| _CxxThrowException | 0x0 | 0x4162c0 | 0x1db94 | 0x1c994 | 0x158 |
| _setjmp3 | 0x0 | 0x4162c4 | 0x1db98 | 0x1c998 | 0x47b |
MSVCP120.dll (44)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ??1_Lockit@std@@QAE@XZ | 0x0 | 0x41611c | 0x1d9f0 | 0x1c7f0 | 0xa5 |
| ??0_Lockit@std@@QAE@H@Z | 0x0 | 0x416120 | 0x1d9f4 | 0x1c7f4 | 0x66 |
| ?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z | 0x0 | 0x416124 | 0x1d9f8 | 0x1c7f8 | 0x456 |
| ?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z | 0x0 | 0x416128 | 0x1d9fc | 0x1c7fc | 0x420 |
| ?always_noconv@codecvt_base@std@@QBE_NXZ | 0x0 | 0x41612c | 0x1da00 | 0x1c800 | 0x2d2 |
| ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ | 0x0 | 0x416130 | 0x1da04 | 0x1c804 | 0x1ed |
| ??Bid@locale@std@@QAEIXZ | 0x0 | 0x416134 | 0x1da08 | 0x1c808 | 0x130 |
| ?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z | 0x0 | 0x416138 | 0x1da0c | 0x1c80c | 0x1cb |
| ??0id@locale@std@@QAE@I@Z | 0x0 | 0x41613c | 0x1da10 | 0x1c810 | 0x76 |
| ?_Xout_of_range@std@@YAXPBD@Z | 0x0 | 0x416140 | 0x1da14 | 0x1c814 | 0x2cd |
| ?id@?$codecvt@DDH@std@@2V0locale@2@A | 0x0 | 0x416144 | 0x1da18 | 0x1c818 | 0x3ef |
| ?_BADOFF@std@@3_JB | 0x0 | 0x416148 | 0x1da1c | 0x1c81c | 0x1a7 |
| ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z | 0x0 | 0x41614c | 0x1da20 | 0x1c820 | 0x56e |
| ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z | 0x0 | 0x416150 | 0x1da24 | 0x1c824 | 0x56b |
| ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ | 0x0 | 0x416154 | 0x1da28 | 0x1c828 | 0x4f6 |
| ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z | 0x0 | 0x416158 | 0x1da2c | 0x1c82c | 0x1c5 |
| ?_Xbad_alloc@std@@YAXXZ | 0x0 | 0x41615c | 0x1da30 | 0x1c830 | 0x2c9 |
| ?_Xlength_error@std@@YAXPBD@Z | 0x0 | 0x416160 | 0x1da34 | 0x1c834 | 0x2cc |
| ?_Syserror_map@std@@YAPBDH@Z | 0x0 | 0x416164 | 0x1da38 | 0x1c838 | 0x2b0 |
| ?_Winerror_map@std@@YAPBDH@Z | 0x0 | 0x416168 | 0x1da3c | 0x1c83c | 0x2c5 |
| ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ | 0x0 | 0x41616c | 0x1da40 | 0x1c840 | 0x2a |
| ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ | 0x0 | 0x416170 | 0x1da44 | 0x1c844 | 0x87 |
| ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ | 0x0 | 0x416174 | 0x1da48 | 0x1c848 | 0x3e6 |
| ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ | 0x0 | 0x416178 | 0x1da4c | 0x1c84c | 0x4b6 |
| ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ | 0x0 | 0x41617c | 0x1da50 | 0x1c850 | 0x4f0 |
| ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ | 0x0 | 0x416180 | 0x1da54 | 0x1c854 | 0x375 |
| ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ | 0x0 | 0x416184 | 0x1da58 | 0x1c858 | 0x3ec |
| ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ | 0x0 | 0x416188 | 0x1da5c | 0x1c85c | 0x468 |
| ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ | 0x0 | 0x41618c | 0x1da60 | 0x1c860 | 0x378 |
| ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z | 0x0 | 0x416190 | 0x1da64 | 0x1c864 | 0x4db |
| ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ | 0x0 | 0x416194 | 0x1da68 | 0x1c868 | 0x37f |
| ?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ | 0x0 | 0x416198 | 0x1da6c | 0x1c86c | 0x1fe |
| ?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ | 0x0 | 0x41619c | 0x1da70 | 0x1c870 | 0x201 |
| ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ | 0x0 | 0x4161a0 | 0x1da74 | 0x1c874 | 0x27c |
| ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ | 0x0 | 0x4161a4 | 0x1da78 | 0x1c878 | 0x20e |
| ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z | 0x0 | 0x4161a8 | 0x1da7c | 0x1c87c | 0x20d |
| ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ | 0x0 | 0x4161ac | 0x1da80 | 0x1c880 | 0x7b |
| ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z | 0x0 | 0x4161b0 | 0x1da84 | 0x1c884 | 0x2da |
| ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z | 0x0 | 0x4161b4 | 0x1da88 | 0x1c888 | 0x4e6 |
| ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ | 0x0 | 0x4161b8 | 0x1da8c | 0x1c88c | 0x4a8 |
| ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ | 0x0 | 0x4161bc | 0x1da90 | 0x1c890 | 0x7 |
| ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z | 0x0 | 0x4161c0 | 0x1da94 | 0x1c894 | 0x15 |
| ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ | 0x0 | 0x4161c4 | 0x1da98 | 0x1c898 | 0x81 |
| ?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z | 0x0 | 0x4161c8 | 0x1da9c | 0x1c89c | 0x54b |
Digital Signatures (2)
»
Certificate: Adobe Systems, Incorporated
»
| Issued by | Adobe Systems, Incorporated |
| Parent Certificate | DigiCert EV Code Signing CA (SHA2) |
| Country Name | US |
| Valid From | 2017-03-10 00:00:00+00:00 |
| Valid Until | 2019-03-15 12:00:00+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 06 89 83 64 2C 95 3E 46 F7 BD CE 41 43 F1 33 C1 |
| Thumbprint | EA A8 43 CA 28 33 A2 E1 EB ED EB E7 D0 4F 0C A2 B4 D9 73 44 |
Certificate: DigiCert EV Code Signing CA (SHA2)
»
| Issued by | DigiCert EV Code Signing CA (SHA2) |
| Country Name | US |
| Valid From | 2012-04-18 12:00:00+00:00 |
| Valid Until | 2027-04-18 12:00:00+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C |
| Thumbprint | 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3 |
| C:\588bce7c90097ed212\netfx_Extended_x86.msi | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\netfx_Extended_x86.msi.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 484.02 KB |
| MD5 |
3e13c94c72cfcbc43b9253ccd616c6ce
|
| SHA1 |
e8362a070ba09c0e261748b146785820a99c6d4c
|
| SHA256 |
ca20af5fe4e9894e6406ad1bad270cef005ff67996af6cd2afce602e7aa9e272
|
| SSDeep |
6144:4RHfepsrxRrGh/JD6sAOiOk05c+Q+OjUIsLQUIcFxZSBVv+lYjsm6FBQ0ssT5HG:qHfepsrx1GX6sEsNz7QXcFxZ+VhjErm
|
| C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi | Modified File | Unknown |
Unknown
|
...
|
»
| Mime Type | application/x-msi |
| File Size | 140.02 KB |
| MD5 |
a0901c41bffe2b3b6167bbfc0d9f3b3b
|
| SHA1 |
45198396d77c014e1780d329b0b7406d0702f910
|
| SHA256 |
0d47e502a4d5b80e033c11084983ecdd2814af1dc0a3d24c7f9b556719ac622f
|
| SSDeep |
3072:MVyJyjFGJvLIcXcSqviQICInggRKyNmNX8q:ESIcXgvi36Dh
|
| C:\Program Files\Java\jre1.8.0_144\bin\javaw.exe | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\javaw.exe.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 202.08 KB |
| MD5 |
23b7c0d2d13a5ecebd8e4a17fd2c64a7
|
| SHA1 |
e4b22a2ccccb0614b408d21d7daccf9b063680cf
|
| SHA256 |
eccfa97463e93e83f348fe1ac54dc59b7853708dd49cb037cc3317eac1503aa9
|
| SSDeep |
6144:I4TWHjQN8tRluTLdmGIebIsciijTBdz5v1C:ICWHjiYwEjTDz5v1C
|
| C:\Program Files\Java\jre1.8.0_144\bin\javaws.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 312.08 KB |
| MD5 |
3a83dd8557cd63e0b2c6b271d0bdba43
|
| SHA1 |
75c21c94edb553870da0b13db2172c94459ff772
|
| SHA256 |
b55704f2137628b191182ca6b875794ad7256892a928f0e14f58e1979b1f229b
|
| SSDeep |
6144:xVmgKEWy9BGfl69fL6MR9m1X0Z9csdT3UATeRI2dtWW3sY6v0:xVmgKEWOQl69ftm1ycKDUT6v0
|
| ImpHash |
bc2af46d1fb4348b2bcc8bc75b3112aa
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x140019f00 |
| Size Of Code | 0x2ee00 |
| Size Of Initialized Data | 0x34c00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2017-07-22 05:15:32+00:00 |
Version Information (9)
»
| CompanyName | Oracle Corporation |
| FileDescription | Java(TM) Web Start Launcher |
| FileVersion | 11.144.2.01 |
| Full Version | 11.144.2.01 |
| InternalName | Java(TM) Web Start Launcher |
| LegalCopyright | Copyright © 2017 |
| OriginalFilename | javaws.exe |
| ProductName | Java(TM) Platform SE 8 U144 |
| ProductVersion | 8.0.1440.1 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x2ecae | 0x2ee00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.45 |
| .rdata | 0x140030000 | 0x95f6 | 0x9600 | 0x2f200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.88 |
| .data | 0x14003a000 | 0x20508 | 0x9000 | 0x38800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.54 |
| .pdata | 0x14005b000 | 0x20ac | 0x2200 | 0x41800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.35 |
| .rsrc | 0x14005e000 | 0x8080 | 0x8200 | 0x43a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.92 |
| .reloc | 0x140067000 | 0xb8a | 0xc00 | 0x4bc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 3.88 |
Imports (5)
»
KERNEL32.dll (118)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| LoadLibraryW | 0x0 | 0x140030000 | 0x38740 | 0x37940 | 0x341 |
| GetModuleHandleW | 0x0 | 0x140030008 | 0x38748 | 0x37948 | 0x21e |
| FreeLibrary | 0x0 | 0x140030010 | 0x38750 | 0x37950 | 0x168 |
| GetProcAddress | 0x0 | 0x140030018 | 0x38758 | 0x37958 | 0x24c |
| GetTickCount | 0x0 | 0x140030020 | 0x38760 | 0x37960 | 0x29a |
| CreateEventW | 0x0 | 0x140030028 | 0x38768 | 0x37968 | 0x85 |
| GetCurrentProcessId | 0x0 | 0x140030030 | 0x38770 | 0x37970 | 0x1c7 |
| CloseHandle | 0x0 | 0x140030038 | 0x38778 | 0x37978 | 0x52 |
| WaitForSingleObject | 0x0 | 0x140030040 | 0x38780 | 0x37980 | 0x508 |
| GetThreadLocale | 0x0 | 0x140030048 | 0x38788 | 0x37988 | 0x293 |
| CreateDirectoryW | 0x0 | 0x140030050 | 0x38790 | 0x37990 | 0x81 |
| GetSystemWindowsDirectoryW | 0x0 | 0x140030058 | 0x38798 | 0x37998 | 0x283 |
| FindClose | 0x0 | 0x140030060 | 0x387a0 | 0x379a0 | 0x134 |
| FindFirstFileW | 0x0 | 0x140030068 | 0x387a8 | 0x379a8 | 0x13f |
| OpenProcess | 0x0 | 0x140030070 | 0x387b0 | 0x379b0 | 0x382 |
| Process32NextW | 0x0 | 0x140030078 | 0x387b8 | 0x379b8 | 0x39a |
| Process32FirstW | 0x0 | 0x140030080 | 0x387c0 | 0x379c0 | 0x398 |
| CreateToolhelp32Snapshot | 0x0 | 0x140030088 | 0x387c8 | 0x379c8 | 0xbd |
| GetModuleFileNameW | 0x0 | 0x140030090 | 0x387d0 | 0x379d0 | 0x21a |
| GlobalMemoryStatusEx | 0x0 | 0x140030098 | 0x387d8 | 0x379d8 | 0x2c8 |
| GetVersionExW | 0x0 | 0x1400300a0 | 0x387e0 | 0x379e0 | 0x2ac |
| VerifyVersionInfoW | 0x0 | 0x1400300a8 | 0x387e8 | 0x379e8 | 0x4f7 |
| VerSetConditionMask | 0x0 | 0x1400300b0 | 0x387f0 | 0x379f0 | 0x4f3 |
| GetCurrentProcess | 0x0 | 0x1400300b8 | 0x387f8 | 0x379f8 | 0x1c6 |
| GetNativeSystemInfo | 0x0 | 0x1400300c0 | 0x38800 | 0x37a00 | 0x22b |
| GetLastError | 0x0 | 0x1400300c8 | 0x38808 | 0x37a08 | 0x208 |
| CreateFileW | 0x0 | 0x1400300d0 | 0x38810 | 0x37a10 | 0x8f |
| GetSystemDirectoryW | 0x0 | 0x1400300d8 | 0x38818 | 0x37a18 | 0x277 |
| CreateProcessW | 0x0 | 0x1400300e0 | 0x38820 | 0x37a20 | 0xa8 |
| lstrlenW | 0x0 | 0x1400300e8 | 0x38828 | 0x37a28 | 0x561 |
| GetEnvironmentVariableW | 0x0 | 0x1400300f0 | 0x38830 | 0x37a30 | 0x1e3 |
| GetWindowsDirectoryW | 0x0 | 0x1400300f8 | 0x38838 | 0x37a38 | 0x2b7 |
| LocalFree | 0x0 | 0x140030100 | 0x38840 | 0x37a40 | 0x34a |
| LocalAlloc | 0x0 | 0x140030108 | 0x38848 | 0x37a48 | 0x346 |
| FormatMessageW | 0x0 | 0x140030110 | 0x38850 | 0x37a50 | 0x164 |
| GetLongPathNameW | 0x0 | 0x140030118 | 0x38858 | 0x37a58 | 0x215 |
| GetShortPathNameW | 0x0 | 0x140030120 | 0x38860 | 0x37a60 | 0x268 |
| GetTempPathW | 0x0 | 0x140030128 | 0x38868 | 0x37a68 | 0x28c |
| GetLocalTime | 0x0 | 0x140030130 | 0x38870 | 0x37a70 | 0x209 |
| OutputDebugStringW | 0x0 | 0x140030138 | 0x38878 | 0x37a78 | 0x38c |
| GetCurrentThreadId | 0x0 | 0x140030140 | 0x38880 | 0x37a80 | 0x1cb |
| GetModuleHandleExW | 0x0 | 0x140030148 | 0x38888 | 0x37a88 | 0x21d |
| GetExitCodeProcess | 0x0 | 0x140030150 | 0x38890 | 0x37a90 | 0x1e6 |
| GetFileAttributesW | 0x0 | 0x140030158 | 0x38898 | 0x37a98 | 0x1f1 |
| lstrlenA | 0x0 | 0x140030160 | 0x388a0 | 0x37aa0 | 0x560 |
| WriteConsoleW | 0x0 | 0x140030168 | 0x388a8 | 0x37aa8 | 0x533 |
| FlushFileBuffers | 0x0 | 0x140030170 | 0x388b0 | 0x37ab0 | 0x15d |
| HeapSize | 0x0 | 0x140030178 | 0x388b8 | 0x37ab8 | 0x2dc |
| CompareStringW | 0x0 | 0x140030180 | 0x388c0 | 0x37ac0 | 0x64 |
| LCMapStringW | 0x0 | 0x140030188 | 0x388c8 | 0x37ac8 | 0x32f |
| QueryPerformanceCounter | 0x0 | 0x140030190 | 0x388d0 | 0x37ad0 | 0x3a9 |
| RtlPcToFileHeader | 0x0 | 0x140030198 | 0x388d8 | 0x37ad8 | 0x421 |
| ReadFile | 0x0 | 0x1400301a0 | 0x388e0 | 0x37ae0 | 0x3c3 |
| GetProcessHeap | 0x0 | 0x1400301a8 | 0x388e8 | 0x37ae8 | 0x251 |
| SetEndOfFile | 0x0 | 0x1400301b0 | 0x388f0 | 0x37af0 | 0x461 |
| SetFilePointer | 0x0 | 0x1400301b8 | 0x388f8 | 0x37af8 | 0x474 |
| GetConsoleMode | 0x0 | 0x1400301c0 | 0x38900 | 0x37b00 | 0x1b2 |
| GetConsoleCP | 0x0 | 0x1400301c8 | 0x38908 | 0x37b08 | 0x1a0 |
| SetStdHandle | 0x0 | 0x1400301d0 | 0x38910 | 0x37b10 | 0x494 |
| SetHandleCount | 0x0 | 0x1400301d8 | 0x38918 | 0x37b18 | 0x47c |
| Sleep | 0x0 | 0x1400301e0 | 0x38920 | 0x37b20 | 0x4c0 |
| SetEnvironmentVariableW | 0x0 | 0x1400301e8 | 0x38928 | 0x37b28 | 0x465 |
| SetEnvironmentVariableA | 0x0 | 0x1400301f0 | 0x38930 | 0x37b30 | 0x464 |
| DeleteCriticalSection | 0x0 | 0x1400301f8 | 0x38938 | 0x37b38 | 0xd2 |
| InitializeCriticalSectionAndSpinCount | 0x0 | 0x140030200 | 0x38940 | 0x37b40 | 0x2eb |
| GetEnvironmentStringsW | 0x0 | 0x140030208 | 0x38948 | 0x37b48 | 0x1e1 |
| FreeEnvironmentStringsW | 0x0 | 0x140030210 | 0x38950 | 0x37b50 | 0x167 |
| GetStdHandle | 0x0 | 0x140030218 | 0x38958 | 0x37b58 | 0x26b |
| WriteFile | 0x0 | 0x140030220 | 0x38960 | 0x37b60 | 0x534 |
| HeapCreate | 0x0 | 0x140030228 | 0x38968 | 0x37b68 | 0x2d5 |
| GetVersion | 0x0 | 0x140030230 | 0x38970 | 0x37b70 | 0x2aa |
| HeapSetInformation | 0x0 | 0x140030238 | 0x38978 | 0x37b78 | 0x2db |
| LoadLibraryA | 0x0 | 0x140030240 | 0x38980 | 0x37b80 | 0x33e |
| RaiseException | 0x0 | 0x140030248 | 0x38988 | 0x37b88 | 0x3b4 |
| FileTimeToSystemTime | 0x0 | 0x140030250 | 0x38990 | 0x37b90 | 0x12b |
| FileTimeToLocalFileTime | 0x0 | 0x140030258 | 0x38998 | 0x37b98 | 0x12a |
| GetDriveTypeW | 0x0 | 0x140030260 | 0x389a0 | 0x37ba0 | 0x1da |
| FindFirstFileExW | 0x0 | 0x140030268 | 0x389a8 | 0x37ba8 | 0x13a |
| WideCharToMultiByte | 0x0 | 0x140030270 | 0x389b0 | 0x37bb0 | 0x520 |
| GetSystemTimeAsFileTime | 0x0 | 0x140030278 | 0x389b8 | 0x37bb8 | 0x280 |
| HeapFree | 0x0 | 0x140030280 | 0x389c0 | 0x37bc0 | 0x2d7 |
| HeapReAlloc | 0x0 | 0x140030288 | 0x389c8 | 0x37bc8 | 0x2da |
| HeapAlloc | 0x0 | 0x140030290 | 0x389d0 | 0x37bd0 | 0x2d3 |
| GetStringTypeW | 0x0 | 0x140030298 | 0x389d8 | 0x37bd8 | 0x270 |
| ExitProcess | 0x0 | 0x1400302a0 | 0x389e0 | 0x37be0 | 0x11f |
| DecodePointer | 0x0 | 0x1400302a8 | 0x389e8 | 0x37be8 | 0xcb |
| RtlUnwindEx | 0x0 | 0x1400302b0 | 0x389f0 | 0x37bf0 | 0x425 |
| EnterCriticalSection | 0x0 | 0x1400302b8 | 0x389f8 | 0x37bf8 | 0xf2 |
| LeaveCriticalSection | 0x0 | 0x1400302c0 | 0x38a00 | 0x37c00 | 0x33b |
| DeleteFileW | 0x0 | 0x1400302c8 | 0x38a08 | 0x37c08 | 0xd7 |
| GetFileType | 0x0 | 0x1400302d0 | 0x38a10 | 0x37c10 | 0x1fa |
| MultiByteToWideChar | 0x0 | 0x1400302d8 | 0x38a18 | 0x37c18 | 0x369 |
| RtlLookupFunctionEntry | 0x0 | 0x1400302e0 | 0x38a20 | 0x37c20 | 0x41f |
| GetDateFormatW | 0x0 | 0x1400302e8 | 0x38a28 | 0x37c28 | 0x1cf |
| GetTimeFormatW | 0x0 | 0x1400302f0 | 0x38a30 | 0x37c30 | 0x29e |
| GetTimeZoneInformation | 0x0 | 0x1400302f8 | 0x38a38 | 0x37c38 | 0x29f |
| GetCommandLineW | 0x0 | 0x140030300 | 0x38a40 | 0x37c40 | 0x18d |
| GetStartupInfoW | 0x0 | 0x140030308 | 0x38a48 | 0x37c48 | 0x26a |
| GetFullPathNameW | 0x0 | 0x140030310 | 0x38a50 | 0x37c50 | 0x202 |
| GetFileInformationByHandle | 0x0 | 0x140030318 | 0x38a58 | 0x37c58 | 0x1f3 |
| PeekNamedPipe | 0x0 | 0x140030320 | 0x38a60 | 0x37c60 | 0x38f |
| GetCurrentDirectoryW | 0x0 | 0x140030328 | 0x38a68 | 0x37c68 | 0x1c5 |
| UnhandledExceptionFilter | 0x0 | 0x140030330 | 0x38a70 | 0x37c70 | 0x4e2 |
| SetUnhandledExceptionFilter | 0x0 | 0x140030338 | 0x38a78 | 0x37c78 | 0x4b3 |
| IsDebuggerPresent | 0x0 | 0x140030340 | 0x38a80 | 0x37c80 | 0x302 |
| RtlVirtualUnwind | 0x0 | 0x140030348 | 0x38a88 | 0x37c88 | 0x426 |
| RtlCaptureContext | 0x0 | 0x140030350 | 0x38a90 | 0x37c90 | 0x418 |
| EncodePointer | 0x0 | 0x140030358 | 0x38a98 | 0x37c98 | 0xee |
| TerminateProcess | 0x0 | 0x140030360 | 0x38aa0 | 0x37ca0 | 0x4ce |
| GetCPInfo | 0x0 | 0x140030368 | 0x38aa8 | 0x37ca8 | 0x178 |
| GetACP | 0x0 | 0x140030370 | 0x38ab0 | 0x37cb0 | 0x16e |
| GetOEMCP | 0x0 | 0x140030378 | 0x38ab8 | 0x37cb8 | 0x23e |
| IsValidCodePage | 0x0 | 0x140030380 | 0x38ac0 | 0x37cc0 | 0x30c |
| FlsGetValue | 0x0 | 0x140030388 | 0x38ac8 | 0x37cc8 | 0x15a |
| FlsSetValue | 0x0 | 0x140030390 | 0x38ad0 | 0x37cd0 | 0x15b |
| FlsFree | 0x0 | 0x140030398 | 0x38ad8 | 0x37cd8 | 0x159 |
| SetLastError | 0x0 | 0x1400303a0 | 0x38ae0 | 0x37ce0 | 0x480 |
| FlsAlloc | 0x0 | 0x1400303a8 | 0x38ae8 | 0x37ce8 | 0x158 |
USER32.dll (12)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| MessageBoxW | 0x0 | 0x1400303e8 | 0x38b28 | 0x37d28 | 0x219 |
| DefWindowProcW | 0x0 | 0x1400303f0 | 0x38b30 | 0x37d30 | 0x9c |
| GetMessageW | 0x0 | 0x1400303f8 | 0x38b38 | 0x37d38 | 0x15f |
| DispatchMessageW | 0x0 | 0x140030400 | 0x38b40 | 0x37d40 | 0xaf |
| TranslateMessage | 0x0 | 0x140030408 | 0x38b48 | 0x37d48 | 0x304 |
| SetTimer | 0x0 | 0x140030410 | 0x38b50 | 0x37d50 | 0x2c1 |
| CreateWindowExW | 0x0 | 0x140030418 | 0x38b58 | 0x37d58 | 0x6e |
| RegisterClassW | 0x0 | 0x140030420 | 0x38b60 | 0x37d60 | 0x252 |
| LoadCursorW | 0x0 | 0x140030428 | 0x38b68 | 0x37d68 | 0x1ef |
| wsprintfW | 0x0 | 0x140030430 | 0x38b70 | 0x37d70 | 0x33b |
| CloseDesktop | 0x0 | 0x140030438 | 0x38b78 | 0x37d78 | 0x4a |
| OpenInputDesktop | 0x0 | 0x140030440 | 0x38b80 | 0x37d80 | 0x22e |
ole32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| StringFromCLSID | 0x0 | 0x1400304d0 | 0x38c10 | 0x37e10 | 0x1b4 |
| CoTaskMemFree | 0x0 | 0x1400304d8 | 0x38c18 | 0x37e18 | 0x6c |
OLEAUT32.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| VariantClear | 0x9 | 0x1400303b8 | 0x38af8 | 0x37cf8 | - |
| SysFreeString | 0x6 | 0x1400303c0 | 0x38b00 | 0x37d00 | - |
| SysAllocString | 0x2 | 0x1400303c8 | 0x38b08 | 0x37d08 | - |
| SysStringLen | 0x7 | 0x1400303d0 | 0x38b10 | 0x37d10 | - |
| SysAllocStringByteLen | 0x96 | 0x1400303d8 | 0x38b18 | 0x37d18 | - |
WSOCK32.dll (15)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WSAStartup | 0x73 | 0x140030450 | 0x38b90 | 0x37d90 | - |
| WSAGetLastError | 0x6f | 0x140030458 | 0x38b98 | 0x37d98 | - |
| send | 0x13 | 0x140030460 | 0x38ba0 | 0x37da0 | - |
| connect | 0x4 | 0x140030468 | 0x38ba8 | 0x37da8 | - |
| htons | 0x9 | 0x140030470 | 0x38bb0 | 0x37db0 | - |
| ioctlsocket | 0xa | 0x140030478 | 0x38bb8 | 0x37db8 | - |
| socket | 0x17 | 0x140030480 | 0x38bc0 | 0x37dc0 | - |
| recv | 0x10 | 0x140030488 | 0x38bc8 | 0x37dc8 | - |
| accept | 0x1 | 0x140030490 | 0x38bd0 | 0x37dd0 | - |
| ntohs | 0xf | 0x140030498 | 0x38bd8 | 0x37dd8 | - |
| listen | 0xd | 0x1400304a0 | 0x38be0 | 0x37de0 | - |
| getsockname | 0x6 | 0x1400304a8 | 0x38be8 | 0x37de8 | - |
| closesocket | 0x3 | 0x1400304b0 | 0x38bf0 | 0x37df0 | - |
| WSAAsyncSelect | 0x65 | 0x1400304b8 | 0x38bf8 | 0x37df8 | - |
| bind | 0x2 | 0x1400304c0 | 0x38c00 | 0x37e00 | - |
Digital Signatures (2)
»
Certificate: Oracle America, Inc.
»
| Issued by | Oracle America, Inc. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2015-04-14 00:00:00+00:00 |
| Valid Until | 2018-04-13 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52 |
| Thumbprint | 3B 75 81 6D 15 A6 D8 F4 59 8E 9C F5 60 3F 18 39 EE 84 D7 3D |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00:00+00:00 |
| Valid Until | 2023-12-09 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\588bce7c90097ed212\ParameterInfo.xml | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\ParameterInfo.xml.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 265.69 KB |
| MD5 |
f1c65198c27b2e48700ced64ac16fc12
|
| SHA1 |
7d4b7d7e1c7d6ed12e914c76ee7493450171afa6
|
| SHA256 |
6cdbbda7c47a051c725822dbd4c749d1337e0382bb2425b4bd7dfe0ee8cf197b
|
| SSDeep |
768:snd66DcFROYoVQTLTQTDFdhaaot6PcbrI1:Q86AFRJoDdhaZI1
|
| C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 3.52 MB |
| MD5 |
30b12e6d25e3576da74ae358a9d4e506
|
| SHA1 |
aebcec298326ecf9c4017af6f589c47cae44e284
|
| SHA256 |
010af9cecd41ec49eb415a5e44b8f9aca254e377e2446b7ea33d692754e1affe
|
| SSDeep |
24576:Nv+UphLeZvKErxJP6gPAqHoENusUsWwxF7BJTQlDufC5WnoP/EG+X6w5AYawdGPV:NShJPjZAA16DF40d
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 135.50 KB |
| MD5 |
e86f42b21d7ef94605928031222ed9a5
|
| SHA1 |
d2316042dd34df58f13b0b0a2e2c82c20e14ae6b
|
| SHA256 |
8b1b66af4babc9b95f995769c8918ca223b20e0b77818382702bf9ea8754d630
|
| SSDeep |
3072:/XAceGl1aZbAdVTCcv/7VjFgg6Db4fcIJ1L2CgLxrUm:ObAzxv/7VP6PrggLxD
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 866.00 KB |
| MD5 |
ae908cb33f8c359bb5037bd996f4da68
|
| SHA1 |
8788f9ee89c65086e5ca0e0514da633158f926b2
|
| SHA256 |
1e32690f29df4e49f7fa21e69dc88e7a82233b11f78b4d829cac9d33652eff00
|
| SSDeep |
12288:mqkbALY1XWxkESzG/R3+vTK9SG2nL4tDTgcQzl0e4E5RUj3rXM13cl/o7:mqhYIx+chP4dnLMDT0B0e4AYT1Q
|
| ImpHash |
ae2b47ca09e7951ac7ed1185903faf05
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x45d20e |
| Size Of Code | 0x9b800 |
| Size Of Initialized Data | 0x3c800 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2017-11-04 18:02:45+00:00 |
Version Information (10)
»
| CompanyName | Adobe Systems Incorporated |
| EnglishName | English |
| FileDescription | Adobe Collaboration Synchronizer 18.9 |
| FileVersion | 18.9.20044.251705 |
| LanguageId | 0409 |
| LegalCopyright | Copyright 1984-2017 Adobe Systems Incorporated and its licensors. All rights reserved. |
| OriginalFilename | AdobeCollabSync.exe |
| ProductName | Adobe Collaboration Synchronizer |
| ProductVersion | 18.9.20044.251705 |
| Signature | Read |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x9b6ce | 0x9b800 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.49 |
| .rdata | 0x49d000 | 0x287e4 | 0x28800 | 0x9bc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.93 |
| .data | 0x4c6000 | 0x7e30 | 0x6600 | 0xc4400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.93 |
| .rsrc | 0x4ce000 | 0x1910 | 0x1a00 | 0xcaa00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.83 |
| .reloc | 0x4d0000 | 0xa5e0 | 0xa600 | 0xcc400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.57 |
Imports (15)
»
SHLWAPI.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| UrlCanonicalizeA | 0x0 | 0x49d3c0 | 0xc3e88 | 0xc2a88 | 0x15d |
| PathRemoveFileSpecW | 0x0 | 0x49d3c4 | 0xc3e8c | 0xc2a8c | 0x8f |
| StrCmpNA | 0x0 | 0x49d3c8 | 0xc3e90 | 0xc2a90 | 0x125 |
KERNEL32.dll (89)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetModuleFileNameW | 0x0 | 0x49d03c | 0xc3b04 | 0xc2704 | 0x263 |
| GetModuleHandleA | 0x0 | 0x49d040 | 0xc3b08 | 0xc2708 | 0x264 |
| GetModuleHandleW | 0x0 | 0x49d044 | 0xc3b0c | 0xc270c | 0x267 |
| GetProcAddress | 0x0 | 0x49d048 | 0xc3b10 | 0xc2710 | 0x29d |
| LoadLibraryW | 0x0 | 0x49d04c | 0xc3b14 | 0xc2714 | 0x3a8 |
| VerSetConditionMask | 0x0 | 0x49d050 | 0xc3b18 | 0xc2718 | 0x596 |
| GetProcessHeap | 0x0 | 0x49d054 | 0xc3b1c | 0xc271c | 0x2a2 |
| HeapSetInformation | 0x0 | 0x49d058 | 0xc3b20 | 0xc2720 | 0x337 |
| VerifyVersionInfoW | 0x0 | 0x49d05c | 0xc3b24 | 0xc2724 | 0x59a |
| RaiseException | 0x0 | 0x49d060 | 0xc3b28 | 0xc2728 | 0x440 |
| DecodePointer | 0x0 | 0x49d064 | 0xc3b2c | 0xc272c | 0xfe |
| OutputDebugStringA | 0x0 | 0x49d068 | 0xc3b30 | 0xc2730 | 0x3f9 |
| lstrlenW | 0x0 | 0x49d06c | 0xc3b34 | 0xc2734 | 0x60b |
| GetTickCount | 0x0 | 0x49d070 | 0xc3b38 | 0xc2738 | 0x2f2 |
| Sleep | 0x0 | 0x49d074 | 0xc3b3c | 0xc273c | 0x552 |
| GetCurrentProcess | 0x0 | 0x49d078 | 0xc3b40 | 0xc2740 | 0x209 |
| GetCurrentThread | 0x0 | 0x49d07c | 0xc3b44 | 0xc2744 | 0x20d |
| GetThreadErrorMode | 0x0 | 0x49d080 | 0xc3b48 | 0xc2748 | 0x2e5 |
| SetThreadErrorMode | 0x0 | 0x49d084 | 0xc3b4c | 0xc274c | 0x52d |
| OpenMutexW | 0x0 | 0x49d088 | 0xc3b50 | 0xc2750 | 0x3ea |
| SetNamedPipeHandleState | 0x0 | 0x49d08c | 0xc3b54 | 0xc2754 | 0x514 |
| OutputDebugStringW | 0x0 | 0x49d090 | 0xc3b58 | 0xc2758 | 0x3fa |
| GetCurrentThreadId | 0x0 | 0x49d094 | 0xc3b5c | 0xc275c | 0x20e |
| QueryPerformanceCounter | 0x0 | 0x49d098 | 0xc3b60 | 0xc2760 | 0x42d |
| IsProcessorFeaturePresent | 0x0 | 0x49d09c | 0xc3b64 | 0xc2764 | 0x36d |
| IsDebuggerPresent | 0x0 | 0x49d0a0 | 0xc3b68 | 0xc2768 | 0x367 |
| EncodePointer | 0x0 | 0x49d0a4 | 0xc3b6c | 0xc276c | 0x121 |
| GetUserDefaultLCID | 0x0 | 0x49d0a8 | 0xc3b70 | 0xc2770 | 0x2fc |
| LoadLibraryExW | 0x0 | 0x49d0ac | 0xc3b74 | 0xc2774 | 0x3a7 |
| GetCurrentProcessId | 0x0 | 0x49d0b0 | 0xc3b78 | 0xc2778 | 0x20a |
| CreateNamedPipeA | 0x0 | 0x49d0b4 | 0xc3b7c | 0xc277c | 0xd2 |
| GetOverlappedResult | 0x0 | 0x49d0b8 | 0xc3b80 | 0xc2780 | 0x287 |
| PeekNamedPipe | 0x0 | 0x49d0bc | 0xc3b84 | 0xc2784 | 0x403 |
| DisconnectNamedPipe | 0x0 | 0x49d0c0 | 0xc3b88 | 0xc2788 | 0x116 |
| ConnectNamedPipe | 0x0 | 0x49d0c4 | 0xc3b8c | 0xc278c | 0x94 |
| GetLastError | 0x0 | 0x49d0c8 | 0xc3b90 | 0xc2790 | 0x250 |
| ResetEvent | 0x0 | 0x49d0cc | 0xc3b94 | 0xc2794 | 0x4a2 |
| FindNextChangeNotification | 0x0 | 0x49d0d0 | 0xc3b98 | 0xc2798 | 0x17c |
| FindFirstChangeNotificationW | 0x0 | 0x49d0d4 | 0xc3b9c | 0xc279c | 0x16b |
| WaitForMultipleObjects | 0x0 | 0x49d0d8 | 0xc3ba0 | 0xc27a0 | 0x5a9 |
| DeleteCriticalSection | 0x0 | 0x49d0dc | 0xc3ba4 | 0xc27a4 | 0x105 |
| SetEvent | 0x0 | 0x49d0e0 | 0xc3ba8 | 0xc27a8 | 0x4f0 |
| FindCloseChangeNotification | 0x0 | 0x49d0e4 | 0xc3bac | 0xc27ac | 0x169 |
| LoadLibraryA | 0x0 | 0x49d0e8 | 0xc3bb0 | 0xc27b0 | 0x3a5 |
| lstrlenA | 0x0 | 0x49d0ec | 0xc3bb4 | 0xc27b4 | 0x60a |
| GetSystemDirectoryA | 0x0 | 0x49d0f0 | 0xc3bb8 | 0xc27b8 | 0x2cc |
| GetFileAttributesW | 0x0 | 0x49d0f4 | 0xc3bbc | 0xc27bc | 0x235 |
| WideCharToMultiByte | 0x0 | 0x49d0f8 | 0xc3bc0 | 0xc27c0 | 0x5cd |
| MultiByteToWideChar | 0x0 | 0x49d0fc | 0xc3bc4 | 0xc27c4 | 0x3d1 |
| RemoveDirectoryW | 0x0 | 0x49d100 | 0xc3bc8 | 0xc27c8 | 0x495 |
| FindNextFileW | 0x0 | 0x49d104 | 0xc3bcc | 0xc27cc | 0x17f |
| CreateDirectoryW | 0x0 | 0x49d108 | 0xc3bd0 | 0xc27d0 | 0xb2 |
| GetLocalTime | 0x0 | 0x49d10c | 0xc3bd4 | 0xc27d4 | 0x251 |
| GetSystemTimeAsFileTime | 0x0 | 0x49d110 | 0xc3bd8 | 0xc27d8 | 0x2d6 |
| CreateSemaphoreA | 0x0 | 0x49d114 | 0xc3bdc | 0xc27dc | 0xde |
| LocalFree | 0x0 | 0x49d118 | 0xc3be0 | 0xc27e0 | 0x3b2 |
| LocalAlloc | 0x0 | 0x49d11c | 0xc3be4 | 0xc27e4 | 0x3ae |
| TlsFree | 0x0 | 0x49d120 | 0xc3be8 | 0xc27e8 | 0x574 |
| TlsSetValue | 0x0 | 0x49d124 | 0xc3bec | 0xc27ec | 0x576 |
| TlsGetValue | 0x0 | 0x49d128 | 0xc3bf0 | 0xc27f0 | 0x575 |
| TlsAlloc | 0x0 | 0x49d12c | 0xc3bf4 | 0xc27f4 | 0x573 |
| TryEnterCriticalSection | 0x0 | 0x49d130 | 0xc3bf8 | 0xc27f8 | 0x57c |
| LeaveCriticalSection | 0x0 | 0x49d134 | 0xc3bfc | 0xc27fc | 0x3a2 |
| EnterCriticalSection | 0x0 | 0x49d138 | 0xc3c00 | 0xc2800 | 0x125 |
| InitializeCriticalSection | 0x0 | 0x49d13c | 0xc3c04 | 0xc2804 | 0x347 |
| MoveFileW | 0x0 | 0x49d140 | 0xc3c08 | 0xc2808 | 0x3cd |
| SetFilePointer | 0x0 | 0x49d144 | 0xc3c0c | 0xc280c | 0x4fc |
| SetEndOfFile | 0x0 | 0x49d148 | 0xc3c10 | 0xc2810 | 0x4ea |
| GetFullPathNameW | 0x0 | 0x49d14c | 0xc3c14 | 0xc2814 | 0x249 |
| GetFileInformationByHandle | 0x0 | 0x49d150 | 0xc3c18 | 0xc2818 | 0x237 |
| GetDriveTypeW | 0x0 | 0x49d154 | 0xc3c1c | 0xc281c | 0x21f |
| FlushFileBuffers | 0x0 | 0x49d158 | 0xc3c20 | 0xc2820 | 0x192 |
| FindFirstFileW | 0x0 | 0x49d15c | 0xc3c24 | 0xc2824 | 0x173 |
| FindClose | 0x0 | 0x49d160 | 0xc3c28 | 0xc2828 | 0x168 |
| DeleteFileW | 0x0 | 0x49d164 | 0xc3c2c | 0xc282c | 0x10a |
| CreateThread | 0x0 | 0x49d168 | 0xc3c30 | 0xc2830 | 0xe8 |
| SwitchToThread | 0x0 | 0x49d16c | 0xc3c34 | 0xc2834 | 0x55c |
| WaitForSingleObject | 0x0 | 0x49d170 | 0xc3c38 | 0xc2838 | 0x5ab |
| ReleaseSemaphore | 0x0 | 0x49d174 | 0xc3c3c | 0xc283c | 0x490 |
| LoadLibraryExA | 0x0 | 0x49d178 | 0xc3c40 | 0xc2840 | 0x3a6 |
| FreeLibrary | 0x0 | 0x49d17c | 0xc3c44 | 0xc2844 | 0x19e |
| InitializeCriticalSectionEx | 0x0 | 0x49d180 | 0xc3c48 | 0xc2848 | 0x349 |
| CreateEventA | 0x0 | 0x49d184 | 0xc3c4c | 0xc284c | 0xb3 |
| SetLastError | 0x0 | 0x49d188 | 0xc3c50 | 0xc2850 | 0x50b |
| CloseHandle | 0x0 | 0x49d18c | 0xc3c54 | 0xc2854 | 0x7f |
| WriteFile | 0x0 | 0x49d190 | 0xc3c58 | 0xc2858 | 0x5e1 |
| ReadFile | 0x0 | 0x49d194 | 0xc3c5c | 0xc285c | 0x450 |
| GetVolumeInformationW | 0x0 | 0x49d198 | 0xc3c60 | 0xc2860 | 0x308 |
| CreateFileW | 0x0 | 0x49d19c | 0xc3c64 | 0xc2864 | 0xc2 |
USER32.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetPropW | 0x0 | 0x49d3d8 | 0xc3ea0 | 0xc2aa0 | 0x196 |
| SetPropW | 0x0 | 0x49d3dc | 0xc3ea4 | 0xc2aa4 | 0x2f2 |
| SetForegroundWindow | 0x0 | 0x49d3e0 | 0xc3ea8 | 0xc2aa8 | 0x2d5 |
| InsertMenuItemW | 0x0 | 0x49d3e4 | 0xc3eac | 0xc2aac | 0x1ea |
| TrackPopupMenu | 0x0 | 0x49d3e8 | 0xc3eb0 | 0xc2ab0 | 0x339 |
| GetCursorPos | 0x0 | 0x49d3ec | 0xc3eb4 | 0xc2ab4 | 0x133 |
| DestroyMenu | 0x0 | 0x49d3f0 | 0xc3eb8 | 0xc2ab8 | 0xab |
| CreatePopupMenu | 0x0 | 0x49d3f4 | 0xc3ebc | 0xc2abc | 0x6e |
| GetSystemMetrics | 0x0 | 0x49d3f8 | 0xc3ec0 | 0xc2ac0 | 0x1aa |
| DestroyWindow | 0x0 | 0x49d3fc | 0xc3ec4 | 0xc2ac4 | 0xad |
| CreateWindowExW | 0x0 | 0x49d400 | 0xc3ec8 | 0xc2ac8 | 0x71 |
| RegisterClassW | 0x0 | 0x49d404 | 0xc3ecc | 0xc2acc | 0x28a |
| CallWindowProcA | 0x0 | 0x49d408 | 0xc3ed0 | 0xc2ad0 | 0x1d |
| PostQuitMessage | 0x0 | 0x49d40c | 0xc3ed4 | 0xc2ad4 | 0x271 |
| InsertMenuW | 0x0 | 0x49d410 | 0xc3ed8 | 0xc2ad8 | 0x1eb |
| PostMessageW | 0x0 | 0x49d414 | 0xc3edc | 0xc2adc | 0x270 |
| FindWindowW | 0x0 | 0x49d418 | 0xc3ee0 | 0xc2ae0 | 0x109 |
| LoadStringW | 0x0 | 0x49d41c | 0xc3ee4 | 0xc2ae4 | 0x230 |
| GetMessageA | 0x0 | 0x49d420 | 0xc3ee8 | 0xc2ae8 | 0x16f |
| TranslateMessage | 0x0 | 0x49d424 | 0xc3eec | 0xc2aec | 0x33f |
| DispatchMessageA | 0x0 | 0x49d428 | 0xc3ef0 | 0xc2af0 | 0xb4 |
| PostMessageA | 0x0 | 0x49d42c | 0xc3ef4 | 0xc2af4 | 0x26f |
| LoadImageW | 0x0 | 0x49d430 | 0xc3ef8 | 0xc2af8 | 0x225 |
| DefWindowProcA | 0x0 | 0x49d434 | 0xc3efc | 0xc2afc | 0xa0 |
SensApi.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| IsNetworkAlive | 0x0 | 0x49d3d0 | 0xc3e98 | 0xc2a98 | 0x2 |
MSVCP120.dll (32)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ?_Xbad_alloc@std@@YAXXZ | 0x0 | 0x49d1b4 | 0xc3c7c | 0xc287c | 0x2c9 |
| ?_Xout_of_range@std@@YAXPBD@Z | 0x0 | 0x49d1b8 | 0xc3c80 | 0xc2880 | 0x2cd |
| ?_Syserror_map@std@@YAPBDH@Z | 0x0 | 0x49d1bc | 0xc3c84 | 0xc2884 | 0x2b0 |
| ?_Winerror_map@std@@YAPBDH@Z | 0x0 | 0x49d1c0 | 0xc3c88 | 0xc2888 | 0x2c5 |
| ?uncaught_exception@std@@YA_NXZ | 0x0 | 0x49d1c4 | 0xc3c8c | 0xc288c | 0x543 |
| ?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z | 0x0 | 0x49d1c8 | 0xc3c90 | 0xc2890 | 0x243 |
| ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ | 0x0 | 0x49d1cc | 0xc3c94 | 0xc2894 | 0x2a |
| ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ | 0x0 | 0x49d1d0 | 0xc3c98 | 0xc2898 | 0x87 |
| ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z | 0x0 | 0x49d1d4 | 0xc3c9c | 0xc289c | 0x4ff |
| ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z | 0x0 | 0x49d1d8 | 0xc3ca0 | 0xc28a0 | 0x502 |
| ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ | 0x0 | 0x49d1dc | 0xc3ca4 | 0xc28a4 | 0x27c |
| ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ | 0x0 | 0x49d1e0 | 0xc3ca8 | 0xc28a8 | 0x7b |
| ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z | 0x0 | 0x49d1e4 | 0xc3cac | 0xc28ac | 0x4e6 |
| ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ | 0x0 | 0x49d1e8 | 0xc3cb0 | 0xc28b0 | 0x276 |
| ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z | 0x0 | 0x49d1ec | 0xc3cb4 | 0xc28b4 | 0xff |
| ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ | 0x0 | 0x49d1f0 | 0xc3cb8 | 0xc28b8 | 0x38e |
| ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z | 0x0 | 0x49d1f4 | 0xc3cbc | 0xc28bc | 0xe |
| ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ | 0x0 | 0x49d1f8 | 0xc3cc0 | 0xc28c0 | 0x7e |
| ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ | 0x0 | 0x49d1fc | 0xc3cc4 | 0xc28c4 | 0x258 |
| ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ | 0x0 | 0x49d200 | 0xc3cc8 | 0xc28c8 | 0x2bf |
| ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z | 0x0 | 0x49d204 | 0xc3ccc | 0xc28cc | 0x41c |
| ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z | 0x0 | 0x49d208 | 0xc3cd0 | 0xc28d0 | 0x4d6 |
| ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ | 0x0 | 0x49d20c | 0xc3cd4 | 0xc28d4 | 0x4f6 |
| ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ | 0x0 | 0x49d210 | 0xc3cd8 | 0xc28d8 | 0x521 |
| ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ | 0x0 | 0x49d214 | 0xc3cdc | 0xc28dc | 0x540 |
| ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z | 0x0 | 0x49d218 | 0xc3ce0 | 0xc28e0 | 0x56b |
| ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z | 0x0 | 0x49d21c | 0xc3ce4 | 0xc28e4 | 0x56e |
| ?_BADOFF@std@@3_JB | 0x0 | 0x49d220 | 0xc3ce8 | 0xc28e8 | 0x1a7 |
| ??_7ios_base@std@@6B@ | 0x0 | 0x49d224 | 0xc3cec | 0xc28ec | 0x159 |
| ??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@ | 0x0 | 0x49d228 | 0xc3cf0 | 0xc28f0 | 0x132 |
| ?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z | 0x0 | 0x49d22c | 0xc3cf4 | 0xc28f4 | 0x2ac |
| ?_Xlength_error@std@@YAXPBD@Z | 0x0 | 0x49d230 | 0xc3cf8 | 0xc28f8 | 0x2cc |
MSVCR120.dll (82)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| toupper | 0x0 | 0x49d238 | 0xc3d00 | 0xc2900 | 0x75d |
| _strlwr | 0x0 | 0x49d23c | 0xc3d04 | 0xc2904 | 0x4b6 |
| strcpy_s | 0x0 | 0x49d240 | 0xc3d08 | 0xc2908 | 0x733 |
| sscanf | 0x0 | 0x49d244 | 0xc3d0c | 0xc290c | 0x72b |
| sprintf | 0x0 | 0x49d248 | 0xc3d10 | 0xc2910 | 0x727 |
| sprintf_s | 0x0 | 0x49d24c | 0xc3d14 | 0xc2914 | 0x728 |
| malloc | 0x0 | 0x49d250 | 0xc3d18 | 0xc2918 | 0x6db |
| wcscpy_s | 0x0 | 0x49d254 | 0xc3d1c | 0xc291c | 0x785 |
| swscanf_s | 0x0 | 0x49d258 | 0xc3d20 | 0xc2920 | 0x751 |
| _vsnwprintf_s | 0x0 | 0x49d25c | 0xc3d24 | 0xc2924 | 0x531 |
| iswalpha | 0x0 | 0x49d260 | 0xc3d28 | 0xc2928 | 0x6ac |
| memcmp | 0x0 | 0x49d264 | 0xc3d2c | 0xc292c | 0x6e5 |
| memchr | 0x0 | 0x49d268 | 0xc3d30 | 0xc2930 | 0x6e4 |
| _wcslwr_s | 0x0 | 0x49d26c | 0xc3d34 | 0xc2934 | 0x557 |
| wcslen | 0x0 | 0x49d270 | 0xc3d38 | 0xc2938 | 0x788 |
| _set_invalid_parameter_handler | 0x0 | 0x49d274 | 0xc3d3c | 0xc293c | 0x474 |
| _get_heap_handle | 0x0 | 0x49d278 | 0xc3d40 | 0xc2940 | 0x2d7 |
| memcpy | 0x0 | 0x49d27c | 0xc3d44 | 0xc2944 | 0x6e6 |
| memmove | 0x0 | 0x49d280 | 0xc3d48 | 0xc2948 | 0x6e8 |
| free | 0x0 | 0x49d284 | 0xc3d4c | 0xc294c | 0x683 |
| _wcsnicmp | 0x0 | 0x49d288 | 0xc3d50 | 0xc2950 | 0x55b |
| _purecall | 0x0 | 0x49d28c | 0xc3d54 | 0xc2954 | 0x449 |
| _mbschr | 0x0 | 0x49d290 | 0xc3d58 | 0xc2958 | 0x3c5 |
| strchr | 0x0 | 0x49d294 | 0xc3d5c | 0xc295c | 0x72f |
| __RTDynamicCast | 0x0 | 0x49d298 | 0xc3d60 | 0xc2960 | 0x17d |
| __CxxFrameHandler3 | 0x0 | 0x49d29c | 0xc3d64 | 0xc2964 | 0x174 |
| _CxxThrowException | 0x0 | 0x49d2a0 | 0xc3d68 | 0xc2968 | 0x158 |
| ?what@exception@std@@UBEPBDXZ | 0x0 | 0x49d2a4 | 0xc3d6c | 0xc296c | 0x143 |
| ??1exception@std@@UAE@XZ | 0x0 | 0x49d2a8 | 0xc3d70 | 0xc2970 | 0x6a |
| ??0exception@std@@QAE@ABV01@@Z | 0x0 | 0x49d2ac | 0xc3d74 | 0xc2974 | 0x2c |
| ??0exception@std@@QAE@ABQBDH@Z | 0x0 | 0x49d2b0 | 0xc3d78 | 0xc2978 | 0x2b |
| ??0exception@std@@QAE@XZ | 0x0 | 0x49d2b4 | 0xc3d7c | 0xc297c | 0x2d |
| strlen | 0x0 | 0x49d2b8 | 0xc3d80 | 0xc2980 | 0x738 |
| strcmp | 0x0 | 0x49d2bc | 0xc3d84 | 0xc2984 | 0x730 |
| memcpy_s | 0x0 | 0x49d2c0 | 0xc3d88 | 0xc2988 | 0x6e7 |
| ??3@YAXPAX@Z | 0x0 | 0x49d2c4 | 0xc3d8c | 0xc298c | 0x72 |
| ??_V@YAXPAX@Z | 0x0 | 0x49d2c8 | 0xc3d90 | 0xc2990 | 0x89 |
| memset | 0x0 | 0x49d2cc | 0xc3d94 | 0xc2994 | 0x6ea |
| isdigit | 0x0 | 0x49d2d0 | 0xc3d98 | 0xc2998 | 0x6a3 |
| isxdigit | 0x0 | 0x49d2d4 | 0xc3d9c | 0xc299c | 0x6b9 |
| isspace | 0x0 | 0x49d2d8 | 0xc3da0 | 0xc29a0 | 0x6a9 |
| _mktime64 | 0x0 | 0x49d2dc | 0xc3da4 | 0xc29a4 | 0x437 |
| realloc | 0x0 | 0x49d2e0 | 0xc3da8 | 0xc29a8 | 0x709 |
| _lock | 0x0 | 0x49d2e4 | 0xc3dac | 0xc29ac | 0x394 |
| _unlock | 0x0 | 0x49d2e8 | 0xc3db0 | 0xc29b0 | 0x504 |
| _controlfp_s | 0x0 | 0x49d2ec | 0xc3db4 | 0xc29b4 | 0x243 |
| _invoke_watson | 0x0 | 0x49d2f0 | 0xc3db8 | 0xc29b8 | 0x314 |
| __crtSetUnhandledExceptionFilter | 0x0 | 0x49d2f4 | 0xc3dbc | 0xc29bc | 0x1a9 |
| ?terminate@@YAXXZ | 0x0 | 0x49d2f8 | 0xc3dc0 | 0xc29c0 | 0x135 |
| _except1 | 0x0 | 0x49d2fc | 0xc3dc4 | 0xc29c4 | 0x277 |
| __crtTerminateProcess | 0x0 | 0x49d300 | 0xc3dc8 | 0xc29c8 | 0x1ab |
| __crtUnhandledException | 0x0 | 0x49d304 | 0xc3dcc | 0xc29cc | 0x1ac |
| _crt_debugger_hook | 0x0 | 0x49d308 | 0xc3dd0 | 0xc29d0 | 0x250 |
| _commode | 0x0 | 0x49d30c | 0xc3dd4 | 0xc29d4 | 0x23f |
| _fmode | 0x0 | 0x49d310 | 0xc3dd8 | 0xc29d8 | 0x2a2 |
| _acmdln | 0x0 | 0x49d314 | 0xc3ddc | 0xc29dc | 0x20e |
| _initterm | 0x0 | 0x49d318 | 0xc3de0 | 0xc29e0 | 0x30c |
| _initterm_e | 0x0 | 0x49d31c | 0xc3de4 | 0xc29e4 | 0x30d |
| __setusermatherr | 0x0 | 0x49d320 | 0xc3de8 | 0xc29e8 | 0x1f4 |
| _configthreadlocale | 0x0 | 0x49d324 | 0xc3dec | 0xc29ec | 0x240 |
| _ismbblead | 0x0 | 0x49d328 | 0xc3df0 | 0xc29f0 | 0x331 |
| _cexit | 0x0 | 0x49d32c | 0xc3df4 | 0xc29f4 | 0x22f |
| _exit | 0x0 | 0x49d330 | 0xc3df8 | 0xc29f8 | 0x283 |
| exit | 0x0 | 0x49d334 | 0xc3dfc | 0xc29fc | 0x64e |
| __set_app_type | 0x0 | 0x49d338 | 0xc3e00 | 0xc2a00 | 0x1f2 |
| __getmainargs | 0x0 | 0x49d33c | 0xc3e04 | 0xc2a04 | 0x1b6 |
| _amsg_exit | 0x0 | 0x49d340 | 0xc3e08 | 0xc2a08 | 0x217 |
| __crtGetShowWindowMode | 0x0 | 0x49d344 | 0xc3e0c | 0xc2a0c | 0x19d |
| _XcptFilter | 0x0 | 0x49d348 | 0xc3e10 | 0xc2a10 | 0x16b |
| _except_handler4_common | 0x0 | 0x49d34c | 0xc3e14 | 0xc2a14 | 0x27a |
| ??1type_info@@UAE@XZ | 0x0 | 0x49d350 | 0xc3e18 | 0xc2a18 | 0x6f |
| iswdigit | 0x0 | 0x49d354 | 0xc3e1c | 0xc2a1c | 0x6b1 |
| _wcsicmp | 0x0 | 0x49d358 | 0xc3e20 | 0xc2a20 | 0x551 |
| wcstok_s | 0x0 | 0x49d35c | 0xc3e24 | 0xc2a24 | 0x799 |
| atoi | 0x0 | 0x49d360 | 0xc3e28 | 0xc2a28 | 0x5ef |
| pow | 0x0 | 0x49d364 | 0xc3e2c | 0xc2a2c | 0x6fc |
| __dllonexit | 0x0 | 0x49d368 | 0xc3e30 | 0xc2a30 | 0x1ae |
| _calloc_crt | 0x0 | 0x49d36c | 0xc3e34 | 0xc2a34 | 0x22e |
| wcsrchr | 0x0 | 0x49d370 | 0xc3e38 | 0xc2a38 | 0x790 |
| ??2@YAPAXI@Z | 0x0 | 0x49d374 | 0xc3e3c | 0xc2a3c | 0x70 |
| wcsnlen | 0x0 | 0x49d378 | 0xc3e40 | 0xc2a40 | 0x78e |
| _onexit | 0x0 | 0x49d37c | 0xc3e44 | 0xc2a44 | 0x43a |
WS2_32.dll (7)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WSAIoctl | 0x0 | 0x49d478 | 0xc3f40 | 0xc2b40 | 0x3a |
| WSAEventSelect | 0x0 | 0x49d47c | 0xc3f44 | 0xc2b44 | 0x2e |
| WSACreateEvent | 0x0 | 0x49d480 | 0xc3f48 | 0xc2b48 | 0x24 |
| WSAGetLastError | 0x6f | 0x49d484 | 0xc3f4c | 0xc2b4c | - |
| WSACleanup | 0x74 | 0x49d488 | 0xc3f50 | 0xc2b50 | - |
| WSAStartup | 0x73 | 0x49d48c | 0xc3f54 | 0xc2b54 | - |
| WSASocketA | 0x0 | 0x49d490 | 0xc3f58 | 0xc2b58 | 0x56 |
CRYPT32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CryptProtectData | 0x0 | 0x49d030 | 0xc3af8 | 0xc26f8 | 0xc5 |
| CryptUnprotectData | 0x0 | 0x49d034 | 0xc3afc | 0xc26fc | 0xe5 |
ADVAPI32.dll (11)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegCloseKey | 0x0 | 0x49d000 | 0xc3ac8 | 0xc26c8 | 0x254 |
| ConvertSidToStringSidA | 0x0 | 0x49d004 | 0xc3acc | 0xc26cc | 0x7a |
| GetTokenInformation | 0x0 | 0x49d008 | 0xc3ad0 | 0xc26d0 | 0x16f |
| RegOpenKeyW | 0x0 | 0x49d00c | 0xc3ad4 | 0xc26d4 | 0x288 |
| RegSetValueExW | 0x0 | 0x49d010 | 0xc3ad8 | 0xc26d8 | 0x2a2 |
| ConvertStringSecurityDescriptorToSecurityDescriptorA | 0x0 | 0x49d014 | 0xc3adc | 0xc26dc | 0x80 |
| OpenThreadToken | 0x0 | 0x49d018 | 0xc3ae0 | 0xc26e0 | 0x217 |
| OpenProcessToken | 0x0 | 0x49d01c | 0xc3ae4 | 0xc26e4 | 0x212 |
| RegCreateKeyExW | 0x0 | 0x49d020 | 0xc3ae8 | 0xc26e8 | 0x25d |
| RegQueryValueExW | 0x0 | 0x49d024 | 0xc3aec | 0xc26ec | 0x292 |
| RegOpenKeyExW | 0x0 | 0x49d028 | 0xc3af0 | 0xc26f0 | 0x285 |
SHELL32.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| Shell_NotifyIconW | 0x0 | 0x49d3a8 | 0xc3e70 | 0xc2a70 | 0x143 |
| SHGetSpecialFolderLocation | 0x0 | 0x49d3ac | 0xc3e74 | 0xc2a74 | 0xf1 |
| SHGetPathFromIDListW | 0x0 | 0x49d3b0 | 0xc3e78 | 0xc2a78 | 0xe9 |
| SHFileOperationA | 0x0 | 0x49d3b4 | 0xc3e7c | 0xc2a7c | 0xb5 |
| ShellExecuteA | 0x0 | 0x49d3b8 | 0xc3e80 | 0xc2a80 | 0x133 |
ole32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CoTaskMemFree | 0x0 | 0x49d498 | 0xc3f60 | 0xc2b60 | 0x7b |
| CoCreateInstance | 0x0 | 0x49d49c | 0xc3f64 | 0xc2b64 | 0x1a |
OLEAUT32.dll (6)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SysAllocString | 0x2 | 0x49d38c | 0xc3e54 | 0xc2a54 | - |
| SysFreeString | 0x6 | 0x49d390 | 0xc3e58 | 0xc2a58 | - |
| SafeArrayDestroy | 0x10 | 0x49d394 | 0xc3e5c | 0xc2a5c | - |
| SafeArrayAccessData | 0x17 | 0x49d398 | 0xc3e60 | 0xc2a60 | - |
| SafeArrayUnaccessData | 0x18 | 0x49d39c | 0xc3e64 | 0xc2a64 | - |
| SafeArrayCreateVector | 0x19b | 0x49d3a0 | 0xc3e68 | 0xc2a68 | - |
NETAPI32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| NetShareGetInfo | 0x0 | 0x49d384 | 0xc3e4c | 0xc2a4c | 0xe7 |
WININET.dll (14)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| InternetOpenA | 0x0 | 0x49d43c | 0xc3f04 | 0xc2b04 | 0xc2 |
| InternetConnectA | 0x0 | 0x49d440 | 0xc3f08 | 0xc2b08 | 0x98 |
| HttpOpenRequestA | 0x0 | 0x49d444 | 0xc3f0c | 0xc2b0c | 0x75 |
| HttpQueryInfoA | 0x0 | 0x49d448 | 0xc3f10 | 0xc2b10 | 0x7a |
| InternetCrackUrlA | 0x0 | 0x49d44c | 0xc3f14 | 0xc2b14 | 0x9a |
| HttpAddRequestHeadersA | 0x0 | 0x49d450 | 0xc3f18 | 0xc2b18 | 0x6b |
| HttpEndRequestA | 0x0 | 0x49d454 | 0xc3f1c | 0xc2b1c | 0x70 |
| HttpSendRequestExA | 0x0 | 0x49d458 | 0xc3f20 | 0xc2b20 | 0x7d |
| InternetSetOptionA | 0x0 | 0x49d45c | 0xc3f24 | 0xc2b24 | 0xd8 |
| InternetWriteFile | 0x0 | 0x49d460 | 0xc3f28 | 0xc2b28 | 0xeb |
| InternetReadFile | 0x0 | 0x49d464 | 0xc3f2c | 0xc2b2c | 0xca |
| InternetSetCookieExA | 0x0 | 0x49d468 | 0xc3f30 | 0xc2b30 | 0xd1 |
| HttpSendRequestA | 0x0 | 0x49d46c | 0xc3f34 | 0xc2b34 | 0x7c |
| InternetCloseHandle | 0x0 | 0x49d470 | 0xc3f38 | 0xc2b38 | 0x92 |
MPR.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WNetGetResourceInformationW | 0x0 | 0x49d1a4 | 0xc3c6c | 0xc286c | 0x3a |
| WNetAddConnection2W | 0x0 | 0x49d1a8 | 0xc3c70 | 0xc2870 | 0xd |
| WNetCancelConnection2W | 0x0 | 0x49d1ac | 0xc3c74 | 0xc2874 | 0x13 |
Icons (2)
»
Digital Signatures (2)
»
Certificate: Adobe Systems, Incorporated
»
| Issued by | Adobe Systems, Incorporated |
| Parent Certificate | DigiCert EV Code Signing CA (SHA2) |
| Country Name | US |
| Valid From | 2017-03-10 00:00:00+00:00 |
| Valid Until | 2019-03-15 12:00:00+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 06 89 83 64 2C 95 3E 46 F7 BD CE 41 43 F1 33 C1 |
| Thumbprint | EA A8 43 CA 28 33 A2 E1 EB ED EB E7 D0 4F 0C A2 B4 D9 73 44 |
Certificate: DigiCert EV Code Signing CA (SHA2)
»
| Issued by | DigiCert EV Code Signing CA (SHA2) |
| Country Name | US |
| Valid From | 2012-04-18 12:00:00+00:00 |
| Valid Until | 2027-04-18 12:00:00+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C |
| Thumbprint | 60 EE 3F C5 3D 4B DF D1 69 7A E5 BE AE 1C AB 1C 0F 3A D4 E3 |
| C:\588bce7c90097ed212\RGB9RAST_x64.msi | Modified File | Unknown |
Unknown
|
...
|
»
| Mime Type | application/x-msi |
| File Size | 180.52 KB |
| MD5 |
fb4ec08d37b31bfa018fc868f72bcc2e
|
| SHA1 |
aee6b34619cf51e2c16ed704b0132dcfa1b45728
|
| SHA256 |
31955393b2184303b2d590a7c325847e9c179a6986ca8ee7e57c88ae4f463e36
|
| SSDeep |
3072:SMZbdgC73Q5H0Un0li+G9A7Kve3Hg5BszizUVQzB7m09g47aEqPNWZKq5uXp0p:SMddgq38l1A7Km3Hg5CzizuE99gVEqil
|
| C:\588bce7c90097ed212\RGB9RAST_x64.msi.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\RGB9RAST_x64.msi (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 180.52 KB |
| MD5 |
00bb5f2a23c6ec0bfd60e85c5aaa5fd1
|
| SHA1 |
144bca9ee0020820685e7a7095b238f61e56a333
|
| SHA256 |
4791666f57db3a2e72ad1bf13871ca0cfb0d927035e1c733acc40bc7210d114d
|
| SSDeep |
3072:NZbdgC73Q5H0Un0li+G9A7Kve3Hg5BszizUVQzB7m09g47aEqPNWZKq5uXp0p:Nddgq38l1A7Km3Hg5CzizuE99gVEqiB7
|
| C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 140.02 KB |
| MD5 |
b8a6ea2f1e4405e1e12b2de7d5186fca
|
| SHA1 |
b8040d41b9cb8a8e52d7e9de605364b0510f3042
|
| SHA256 |
34994b799f136fac48e61d22bc07b85422371a1f6e8b9de9f6daa86f18e2d522
|
| SSDeep |
3072:sl+0jBxdVyJyjFGJvLIcXcSqviQICInggRKyNmNX8q:sldjbFSIcXgvi36Dh
|
| C:\Program Files\Java\jre1.8.0_144\bin\javaws.exe | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\javaws.exe.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 312.08 KB |
| MD5 |
09703d1b0c646d26b7378e7c7abc6cc3
|
| SHA1 |
2102b9dcbd2481aeb7399dd1bd26cfaa8bb5681e
|
| SHA256 |
e11945fe042339d284a63b5729bfc20d0f265c0e0bbbdb6d215f04f2ccb725a1
|
| SSDeep |
6144:sKmgKEWy9BGfl69fL6MR9m1X0Z9csdT3UATeRI2dtWW3sY6v0:DmgKEWOQl69ftm1ycKDUT6v0
|
| C:\ProgramData\Microsoft\Storage Health\StorageEventsArchive.dat | Modified File | Text |
Unknown
|
...
|
»
| Mime Type | text/plain |
| File Size | 5.38 KB |
| MD5 |
2fb265c0cb08c18a918fdc9c9064e9cf
|
| SHA1 |
3cc2d019f9ea5999556d04029bae427b944cd1f6
|
| SHA256 |
1b37985846114ae223dc0c35fd1d573868872524d0b35a78ddbd6bd76a033fc8
|
| SSDeep |
48:Vl8thShShShShShShShShShShShShShShShShShShShShShShShShShShShShSh+:UIbzf4q2qOCQB8C
|
| C:\588bce7c90097ed212\RGB9Rast_x86.msi | Modified File | Unknown |
Unknown
|
...
|
»
| Mime Type | application/x-msi |
| File Size | 92.52 KB |
| MD5 |
aa076d2b26486c1ba4b2fda4026089cd
|
| SHA1 |
01b7837a254f9c2a53ec866f28b1624a78040efe
|
| SHA256 |
a2bc617c756948c5dc7c467dd5b83a77baa57f639de15737004d68f2c776c2ff
|
| SSDeep |
1536:upZdWM41picgCjX3QAoHwDHL0fWi0lrmsIjyG9heHApNR3YHaeAHaeees:ugZbdgC73Q5H0Un0li+G9AsxqQs
|
| C:\588bce7c90097ed212\RGB9Rast_x86.msi | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\RGB9Rast_x86.msi.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 92.52 KB |
| MD5 |
0373accb9e943ca91069452c9163ff1a
|
| SHA1 |
694e1366cac963011be0834df86811488d069a43
|
| SHA256 |
ee7d0e1fd8a7611e8607b8770c21ec38d6672c1e94b35b12356cab8c20f6680e
|
| SSDeep |
1536:boZdWM41picgCjX3QAoHwDHL0fWi0lrmsIjyG9heHApNR3YHaeAHaeees:BZbdgC73Q5H0Un0li+G9AsxqQs
|
| C:\588bce7c90097ed212\Setup.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 76.34 KB |
| MD5 |
1d63be0cecd9496dd7c85029dab12f7c
|
| SHA1 |
f2b4062e0e7d1efe42ef834c71339a234a98de84
|
| SHA256 |
8e3cb9f22ea31e8d5aaa0273c988586eeb2aca3b071e8cae74a210088a2c4e9a
|
| SSDeep |
1536:sYNItbBL5NWiiESc0exWZnqxMQP8ZOs0JD9rHUM:sYNAB9NWTZctc/gBJ9oM
|
| ImpHash |
abec2f85aa35a26b76ea35f14a6c0f7b
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x402b96 |
| Size Of Code | 0x6600 |
| Size Of Initialized Data | 0xbe00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2010-03-18 11:22:26+00:00 |
Version Information (8)
»
| CompanyName | Microsoft Corporation |
| FileDescription | Setup Installer |
| FileVersion | 10.0.30319.1 built by: RTMRel |
| InternalName | Setup.exe |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | SetupUI.exe |
| ProductName | Microsoft® .NET Framework |
| ProductVersion | 10.0.30319.1 |
Sections (4)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x65e8 | 0x6600 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.21 |
| .data | 0x408000 | 0x19e0 | 0xc00 | 0x6a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.47 |
| .rsrc | 0x40a000 | 0x9aa8 | 0x9c00 | 0x7600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.41 |
| .reloc | 0x414000 | 0x7d8 | 0x800 | 0x11200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.48 |
Imports (2)
»
KERNEL32.dll (53)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| HeapSetInformation | 0x0 | 0x401000 | 0x7090 | 0x6490 | 0x2d3 |
| LoadLibraryW | 0x0 | 0x401004 | 0x7094 | 0x6494 | 0x33f |
| GetProcAddress | 0x0 | 0x401008 | 0x7098 | 0x6498 | 0x245 |
| GetModuleHandleW | 0x0 | 0x40100c | 0x709c | 0x649c | 0x218 |
| GetVersion | 0x0 | 0x401010 | 0x70a0 | 0x64a0 | 0x2a2 |
| MultiByteToWideChar | 0x0 | 0x401014 | 0x70a4 | 0x64a4 | 0x367 |
| LCMapStringW | 0x0 | 0x401018 | 0x70a8 | 0x64a8 | 0x32d |
| GetCommandLineW | 0x0 | 0x40101c | 0x70ac | 0x64ac | 0x187 |
| GetStartupInfoW | 0x0 | 0x401020 | 0x70b0 | 0x64b0 | 0x263 |
| SetUnhandledExceptionFilter | 0x0 | 0x401024 | 0x70b4 | 0x64b4 | 0x4a5 |
| ExitProcess | 0x0 | 0x401028 | 0x70b8 | 0x64b8 | 0x119 |
| WriteFile | 0x0 | 0x40102c | 0x70bc | 0x64bc | 0x525 |
| GetStdHandle | 0x0 | 0x401030 | 0x70c0 | 0x64c0 | 0x264 |
| GetModuleFileNameW | 0x0 | 0x401034 | 0x70c4 | 0x64c4 | 0x214 |
| FreeEnvironmentStringsW | 0x0 | 0x401038 | 0x70c8 | 0x64c8 | 0x161 |
| GetEnvironmentStringsW | 0x0 | 0x40103c | 0x70cc | 0x64cc | 0x1da |
| SetHandleCount | 0x0 | 0x401040 | 0x70d0 | 0x64d0 | 0x46f |
| InitializeCriticalSectionAndSpinCount | 0x0 | 0x401044 | 0x70d4 | 0x64d4 | 0x2e3 |
| GetFileType | 0x0 | 0x401048 | 0x70d8 | 0x64d8 | 0x1f3 |
| DeleteCriticalSection | 0x0 | 0x40104c | 0x70dc | 0x64dc | 0xd1 |
| TlsAlloc | 0x0 | 0x401050 | 0x70e0 | 0x64e0 | 0x4c5 |
| TlsGetValue | 0x0 | 0x401054 | 0x70e4 | 0x64e4 | 0x4c7 |
| TlsSetValue | 0x0 | 0x401058 | 0x70e8 | 0x64e8 | 0x4c8 |
| TlsFree | 0x0 | 0x40105c | 0x70ec | 0x64ec | 0x4c6 |
| InterlockedIncrement | 0x0 | 0x401060 | 0x70f0 | 0x64f0 | 0x2ef |
| SetLastError | 0x0 | 0x401064 | 0x70f4 | 0x64f4 | 0x473 |
| GetCurrentThreadId | 0x0 | 0x401068 | 0x70f8 | 0x64f8 | 0x1c5 |
| GetLastError | 0x0 | 0x40106c | 0x70fc | 0x64fc | 0x202 |
| InterlockedDecrement | 0x0 | 0x401070 | 0x7100 | 0x6500 | 0x2eb |
| HeapCreate | 0x0 | 0x401074 | 0x7104 | 0x6504 | 0x2cd |
| QueryPerformanceCounter | 0x0 | 0x401078 | 0x7108 | 0x6508 | 0x3a7 |
| GetTickCount | 0x0 | 0x40107c | 0x710c | 0x650c | 0x293 |
| GetCurrentProcessId | 0x0 | 0x401080 | 0x7110 | 0x6510 | 0x1c1 |
| GetSystemTimeAsFileTime | 0x0 | 0x401084 | 0x7114 | 0x6514 | 0x279 |
| TerminateProcess | 0x0 | 0x401088 | 0x7118 | 0x6518 | 0x4c0 |
| GetCurrentProcess | 0x0 | 0x40108c | 0x711c | 0x651c | 0x1c0 |
| UnhandledExceptionFilter | 0x0 | 0x401090 | 0x7120 | 0x6520 | 0x4d3 |
| IsDebuggerPresent | 0x0 | 0x401094 | 0x7124 | 0x6524 | 0x300 |
| LeaveCriticalSection | 0x0 | 0x401098 | 0x7128 | 0x6528 | 0x339 |
| EnterCriticalSection | 0x0 | 0x40109c | 0x712c | 0x652c | 0xee |
| HeapFree | 0x0 | 0x4010a0 | 0x7130 | 0x6530 | 0x2cf |
| Sleep | 0x0 | 0x4010a4 | 0x7134 | 0x6534 | 0x4b2 |
| GetCPInfo | 0x0 | 0x4010a8 | 0x7138 | 0x6538 | 0x172 |
| GetACP | 0x0 | 0x4010ac | 0x713c | 0x653c | 0x168 |
| GetOEMCP | 0x0 | 0x4010b0 | 0x7140 | 0x6540 | 0x237 |
| IsValidCodePage | 0x0 | 0x4010b4 | 0x7144 | 0x6544 | 0x30a |
| RtlUnwind | 0x0 | 0x4010b8 | 0x7148 | 0x6548 | 0x418 |
| WideCharToMultiByte | 0x0 | 0x4010bc | 0x714c | 0x654c | 0x511 |
| HeapSize | 0x0 | 0x4010c0 | 0x7150 | 0x6550 | 0x2d4 |
| HeapAlloc | 0x0 | 0x4010c4 | 0x7154 | 0x6554 | 0x2cb |
| HeapReAlloc | 0x0 | 0x4010c8 | 0x7158 | 0x6558 | 0x2d2 |
| IsProcessorFeaturePresent | 0x0 | 0x4010cc | 0x715c | 0x655c | 0x304 |
| GetStringTypeW | 0x0 | 0x4010d0 | 0x7160 | 0x6560 | 0x269 |
SetupEngine.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| Run | 0x0 | 0x4010d8 | 0x7168 | 0x6568 | 0x1 |
Exports (2)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| _DecodePointerInternal@4 | 0x2998 | 0x1 |
| _EncodePointerInternal@4 | 0x2976 | 0x2 |
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
| Issued by | Microsoft Corporation |
| Parent Certificate | Microsoft Code Signing PCA |
| Country Name | US |
| Valid From | 2009-12-07 22:40:29+00:00 |
| Valid Until | 2011-03-07 22:40:29+00:00 |
| Algorithm | sha1_rsa |
| Serial Number | 61 01 CF 3E 00 00 00 00 00 0F |
| Thumbprint | 96 17 09 4A 1C FB 59 AE 7C 1F 7D FD B6 73 9E 4E 7C 40 50 8F |
Certificate: Microsoft Code Signing PCA
»
| Issued by | Microsoft Code Signing PCA |
| Country Name | US |
| Valid From | 2007-08-22 22:31:02+00:00 |
| Valid Until | 2012-08-25 07:00:00+00:00 |
| Algorithm | sha1_rsa |
| Serial Number | 2E AB 11 DC 50 FF 5C 9D CB C0 |
| Thumbprint | 30 36 E3 B2 5B 88 A5 5B 86 FC 90 E6 E9 EA AD 50 81 44 51 66 |
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 866.00 KB |
| MD5 |
58679df4fa70ddcf269cd7860525d755
|
| SHA1 |
fbc572fbf3702a250bfc5395fd82f0c377cc8ca1
|
| SHA256 |
a749a368d61d94a40a2193f0da1422a9e9072c4ac67fd4554ef4617fd4103b6e
|
| SSDeep |
12288:nOqkbALY1XWxkESzG/R3+vTK9SG2nL4tDTgcQzl0e4E5RUj3rXM13cl/o7:nOqhYIx+chP4dnLMDT0B0e4AYT1Q
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 84.67 KB |
| MD5 |
1d301a3a64fabbf6df6a8aba4de5dc75
|
| SHA1 |
5dc87bf146f6e81b20b45ba0c47de80393b16a87
|
| SHA256 |
eb204c95a6f874ff7296e7c3bbd198e32ee2d2342c8417429f974a3d21dc69b2
|
| SSDeep |
1536:qWjrXDyO4zkm8dbHVLokF8iJTwRH0IM2D57Kykf8d/R8Tyr5J5is7MQ:qKrMzkm8PL3E7Qw/STyr5Jks7MQ
|
| ImpHash |
085b8a5d9e723b8ba9982a936ce1c779
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x40333c |
| Size Of Code | 0xd000 |
| Size Of Initialized Data | 0x6600 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2012-08-23 22:00:51+00:00 |
Version Information (8)
»
| CompanyName | Adobe Systems Inc. |
| FileDescription | Adobe AIR Redistribution Helper |
| FileVersion | 3.5.0.0 |
| InternalName | arh.exe |
| LegalCopyright | Copyright 2012, Adobe Systems Inc. |
| OriginalFilename | arh.exe |
| ProductName | Adobe AIR |
| ProductVersion | 3.5 |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0xce29 | 0xd000 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.51 |
| .rdata | 0x40e000 | 0x3776 | 0x3800 | 0xd400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.35 |
| .data | 0x412000 | 0x2d24 | 0x1000 | 0x10c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.39 |
| .rsrc | 0x415000 | 0x4f0 | 0x600 | 0x11c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.5 |
| .reloc | 0x416000 | 0x1768 | 0x1800 | 0x12200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 4.01 |
Imports (5)
»
KERNEL32.dll (74)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WideCharToMultiByte | 0x0 | 0x40e028 | 0x10f54 | 0x10354 | 0x47a |
| CreateFileA | 0x0 | 0x40e02c | 0x10f58 | 0x10358 | 0x78 |
| HeapAlloc | 0x0 | 0x40e030 | 0x10f5c | 0x1035c | 0x29d |
| GetProcessHeap | 0x0 | 0x40e034 | 0x10f60 | 0x10360 | 0x223 |
| HeapFree | 0x0 | 0x40e038 | 0x10f64 | 0x10364 | 0x2a1 |
| CloseHandle | 0x0 | 0x40e03c | 0x10f68 | 0x10368 | 0x43 |
| GetExitCodeProcess | 0x0 | 0x40e040 | 0x10f6c | 0x1036c | 0x1c5 |
| WaitForSingleObject | 0x0 | 0x40e044 | 0x10f70 | 0x10370 | 0x464 |
| CreateProcessW | 0x0 | 0x40e048 | 0x10f74 | 0x10374 | 0x97 |
| LocalFree | 0x0 | 0x40e04c | 0x10f78 | 0x10378 | 0x2fd |
| MultiByteToWideChar | 0x0 | 0x40e050 | 0x10f7c | 0x1037c | 0x31a |
| InitializeCriticalSection | 0x0 | 0x40e054 | 0x10f80 | 0x10380 | 0x2b4 |
| DeleteCriticalSection | 0x0 | 0x40e058 | 0x10f84 | 0x10384 | 0xbe |
| EnterCriticalSection | 0x0 | 0x40e05c | 0x10f88 | 0x10388 | 0xd9 |
| LeaveCriticalSection | 0x0 | 0x40e060 | 0x10f8c | 0x1038c | 0x2ef |
| WriteFile | 0x0 | 0x40e064 | 0x10f90 | 0x10390 | 0x48d |
| SetFilePointer | 0x0 | 0x40e068 | 0x10f94 | 0x10394 | 0x3df |
| WriteConsoleW | 0x0 | 0x40e06c | 0x10f98 | 0x10398 | 0x48c |
| GetFileType | 0x0 | 0x40e070 | 0x10f9c | 0x1039c | 0x1d7 |
| GetStdHandle | 0x0 | 0x40e074 | 0x10fa0 | 0x103a0 | 0x23b |
| GetModuleFileNameW | 0x0 | 0x40e078 | 0x10fa4 | 0x103a4 | 0x1f5 |
| GetLastError | 0x0 | 0x40e07c | 0x10fa8 | 0x103a8 | 0x1e6 |
| TerminateProcess | 0x0 | 0x40e080 | 0x10fac | 0x103ac | 0x42d |
| GetCurrentProcess | 0x0 | 0x40e084 | 0x10fb0 | 0x103b0 | 0x1a9 |
| UnhandledExceptionFilter | 0x0 | 0x40e088 | 0x10fb4 | 0x103b4 | 0x43e |
| SetUnhandledExceptionFilter | 0x0 | 0x40e08c | 0x10fb8 | 0x103b8 | 0x415 |
| IsDebuggerPresent | 0x0 | 0x40e090 | 0x10fbc | 0x103bc | 0x2d1 |
| SetHandleCount | 0x0 | 0x40e094 | 0x10fc0 | 0x103c0 | 0x3e8 |
| GetStartupInfoA | 0x0 | 0x40e098 | 0x10fc4 | 0x103c4 | 0x239 |
| Sleep | 0x0 | 0x40e09c | 0x10fc8 | 0x103c8 | 0x421 |
| GetModuleHandleW | 0x0 | 0x40e0a0 | 0x10fcc | 0x103cc | 0x1f9 |
| GetProcAddress | 0x0 | 0x40e0a4 | 0x10fd0 | 0x103d0 | 0x220 |
| ExitProcess | 0x0 | 0x40e0a8 | 0x10fd4 | 0x103d4 | 0x104 |
| LoadLibraryW | 0x0 | 0x40e0ac | 0x10fd8 | 0x103d8 | 0x2f4 |
| RaiseException | 0x0 | 0x40e0b0 | 0x10fdc | 0x103dc | 0x35a |
| GetModuleFileNameA | 0x0 | 0x40e0b4 | 0x10fe0 | 0x103e0 | 0x1f4 |
| FreeEnvironmentStringsW | 0x0 | 0x40e0b8 | 0x10fe4 | 0x103e4 | 0x14b |
| GetEnvironmentStringsW | 0x0 | 0x40e0bc | 0x10fe8 | 0x103e8 | 0x1c1 |
| GetCommandLineW | 0x0 | 0x40e0c0 | 0x10fec | 0x103ec | 0x170 |
| TlsGetValue | 0x0 | 0x40e0c4 | 0x10ff0 | 0x103f0 | 0x434 |
| TlsAlloc | 0x0 | 0x40e0c8 | 0x10ff4 | 0x103f4 | 0x432 |
| TlsSetValue | 0x0 | 0x40e0cc | 0x10ff8 | 0x103f8 | 0x435 |
| TlsFree | 0x0 | 0x40e0d0 | 0x10ffc | 0x103fc | 0x433 |
| InterlockedIncrement | 0x0 | 0x40e0d4 | 0x11000 | 0x10400 | 0x2c0 |
| SetLastError | 0x0 | 0x40e0d8 | 0x11004 | 0x10404 | 0x3ec |
| GetCurrentThreadId | 0x0 | 0x40e0dc | 0x11008 | 0x10408 | 0x1ad |
| InterlockedDecrement | 0x0 | 0x40e0e0 | 0x1100c | 0x1040c | 0x2bc |
| HeapCreate | 0x0 | 0x40e0e4 | 0x11010 | 0x10410 | 0x29f |
| VirtualFree | 0x0 | 0x40e0e8 | 0x11014 | 0x10414 | 0x457 |
| QueryPerformanceCounter | 0x0 | 0x40e0ec | 0x11018 | 0x10418 | 0x354 |
| GetTickCount | 0x0 | 0x40e0f0 | 0x1101c | 0x1041c | 0x266 |
| GetCurrentProcessId | 0x0 | 0x40e0f4 | 0x11020 | 0x10420 | 0x1aa |
| GetSystemTimeAsFileTime | 0x0 | 0x40e0f8 | 0x11024 | 0x10424 | 0x24f |
| GetConsoleCP | 0x0 | 0x40e0fc | 0x11028 | 0x10428 | 0x183 |
| GetConsoleMode | 0x0 | 0x40e100 | 0x1102c | 0x1042c | 0x195 |
| FlushFileBuffers | 0x0 | 0x40e104 | 0x11030 | 0x10430 | 0x141 |
| GetCPInfo | 0x0 | 0x40e108 | 0x11034 | 0x10434 | 0x15b |
| GetACP | 0x0 | 0x40e10c | 0x11038 | 0x10438 | 0x152 |
| GetOEMCP | 0x0 | 0x40e110 | 0x1103c | 0x1043c | 0x213 |
| IsValidCodePage | 0x0 | 0x40e114 | 0x11040 | 0x10440 | 0x2db |
| LCMapStringA | 0x0 | 0x40e118 | 0x11044 | 0x10444 | 0x2e1 |
| LCMapStringW | 0x0 | 0x40e11c | 0x11048 | 0x10448 | 0x2e3 |
| VirtualAlloc | 0x0 | 0x40e120 | 0x1104c | 0x1044c | 0x454 |
| HeapReAlloc | 0x0 | 0x40e124 | 0x11050 | 0x10450 | 0x2a4 |
| HeapSize | 0x0 | 0x40e128 | 0x11054 | 0x10454 | 0x2a6 |
| InitializeCriticalSectionAndSpinCount | 0x0 | 0x40e12c | 0x11058 | 0x10458 | 0x2b5 |
| LoadLibraryA | 0x0 | 0x40e130 | 0x1105c | 0x1045c | 0x2f1 |
| RtlUnwind | 0x0 | 0x40e134 | 0x11060 | 0x10460 | 0x392 |
| WriteConsoleA | 0x0 | 0x40e138 | 0x11064 | 0x10464 | 0x482 |
| GetConsoleOutputCP | 0x0 | 0x40e13c | 0x11068 | 0x10468 | 0x199 |
| SetStdHandle | 0x0 | 0x40e140 | 0x1106c | 0x1046c | 0x3fc |
| GetStringTypeA | 0x0 | 0x40e144 | 0x11070 | 0x10470 | 0x23d |
| GetStringTypeW | 0x0 | 0x40e148 | 0x11074 | 0x10474 | 0x240 |
| GetLocaleInfoA | 0x0 | 0x40e14c | 0x11078 | 0x10478 | 0x1e8 |
VERSION.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| VerQueryValueW | 0x0 | 0x40e16c | 0x11098 | 0x10498 | 0xd |
| GetFileVersionInfoSizeW | 0x0 | 0x40e170 | 0x1109c | 0x1049c | 0x4 |
| GetFileVersionInfoW | 0x0 | 0x40e174 | 0x110a0 | 0x104a0 | 0x5 |
msi.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| (by ordinal) | 0x8d | 0x40e17c | 0x110a8 | 0x104a8 | - |
| (by ordinal) | 0x5a | 0x40e180 | 0x110ac | 0x104ac | - |
| (by ordinal) | 0xcd | 0x40e184 | 0x110b0 | 0x104b0 | - |
| (by ordinal) | 0xad | 0x40e188 | 0x110b4 | 0x104b4 | - |
| (by ordinal) | 0x10 | 0x40e18c | 0x110b8 | 0x104b8 | - |
SHLWAPI.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| PathAppendW | 0x0 | 0x40e154 | 0x11080 | 0x10480 | 0x34 |
| PathRemoveFileSpecW | 0x0 | 0x40e158 | 0x11084 | 0x10484 | 0x8b |
| StrDupW | 0x0 | 0x40e15c | 0x11088 | 0x10488 | 0x125 |
| StrChrA | 0x0 | 0x40e160 | 0x1108c | 0x1048c | 0x10d |
| PathAppendA | 0x0 | 0x40e164 | 0x11090 | 0x10490 | 0x33 |
ADVAPI32.dll (9)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CryptAcquireContextW | 0x0 | 0x40e000 | 0x10f2c | 0x1032c | 0xad |
| CryptDestroyHash | 0x0 | 0x40e004 | 0x10f30 | 0x10330 | 0xb2 |
| RegOpenKeyExW | 0x0 | 0x40e008 | 0x10f34 | 0x10334 | 0x25b |
| RegQueryValueExW | 0x0 | 0x40e00c | 0x10f38 | 0x10338 | 0x268 |
| RegCloseKey | 0x0 | 0x40e010 | 0x10f3c | 0x1033c | 0x22a |
| CryptReleaseContext | 0x0 | 0x40e014 | 0x10f40 | 0x10340 | 0xc7 |
| CryptCreateHash | 0x0 | 0x40e018 | 0x10f44 | 0x10344 | 0xaf |
| CryptHashData | 0x0 | 0x40e01c | 0x10f48 | 0x10348 | 0xc4 |
| CryptGetHashParam | 0x0 | 0x40e020 | 0x10f4c | 0x1034c | 0xc0 |
Digital Signatures (2)
»
Certificate: Adobe Systems, Incorporated
»
| Issued by | Adobe Systems, Incorporated |
| Parent Certificate | Symantec Class 3 Extended Validation Code Signing CA |
| Country Name | US |
| Valid From | 2013-07-30 00:00:00+00:00 |
| Valid Until | 2015-07-25 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 75 FB 51 C8 76 8E F6 92 7B F4 1D A1 A2 34 A1 D9 |
| Thumbprint | CA 29 14 C1 E6 27 34 64 BB 81 20 5E 1C 70 47 D8 8F 74 89 31 |
Certificate: Symantec Class 3 Extended Validation Code Signing CA
»
| Issued by | Symantec Class 3 Extended Validation Code Signing CA |
| Country Name | US |
| Valid From | 2012-06-07 00:00:00+00:00 |
| Valid Until | 2022-06-06 23:59:59+00:00 |
| Algorithm | sha1_rsa |
| Serial Number | 6C 59 EF A9 E1 00 E1 0E E3 06 BA 8F E0 29 25 59 |
| Thumbprint | F8 D2 C1 03 80 ED A2 77 46 55 E5 61 9D B7 D0 2F 7D 9E 85 0A |
| C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat | Modified File | Stream |
Unknown
|
...
|
»
| Mime Type | application/octet-stream |
| File Size | 861.96 KB |
| MD5 |
f047accb43a6e8b6c705a441d7c70bb8
|
| SHA1 |
818352c79251eec23a96c4a3e4c97e334880fc20
|
| SHA256 |
53e9447ebf120399174340a424994a527546fcab415a95017de80010767a9ca4
|
| SSDeep |
6144:VRvwpIqVxw5as+rZoH2KrqcHGN/dOgCrbnIZM4SLJQ6L8:Dwpz/rfOjnf47
|
| C:\ProgramData\Microsoft\Storage Health\StorageEventsArchive.dat | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\ProgramData\Microsoft\Storage Health\StorageEventsArchive.dat.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 5.38 KB |
| MD5 |
50d685142b49123b4aa18188605bc3ba
|
| SHA1 |
1ee3992e70e7b7b83eda55aa479650bbfee0c2b6
|
| SHA256 |
c28b08feb69bca29520fe1f31d450136c297e5f23c73c8f9d8c44917f415d2d2
|
| SSDeep |
96:B5ad3p4obHNQS52WDTqklWEyLjM/w/oDj2gWhF1G48vB8C:BQRvJQm2oqyW7jM/w//vTi
|
| C:\Program Files\Java\jre1.8.0_144\bin\jjs.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 15.58 KB |
| MD5 |
507da550c72de240ffbf85d28e86e1a1
|
| SHA1 |
9e624fdc0bb08cb3f4a969b2ef39c11d92d61108
|
| SHA256 |
f84b8f00ea390e5ba3740221f390fc6bd3210998411ba128d2ec0d5a12734705
|
| SSDeep |
192:2ZXNyTHT/5Yi2G3pIKEfosjzeexU3nYe+PjPriT0fwpGPy+:AXi2i5eKN2zeex6nYPLr7PV
|
| ImpHash |
2c43cda2243b5af72e180e8d1f09446d
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x14000141c |
| Size Of Code | 0x800 |
| Size Of Initialized Data | 0x1a00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2017-07-22 05:07:22+00:00 |
Version Information (9)
»
| CompanyName | Oracle Corporation |
| FileDescription | Java(TM) Platform SE binary |
| FileVersion | 8.0.1440.1 |
| Full Version | 1.8.0_144-b01 |
| InternalName | jjs |
| LegalCopyright | Copyright © 2017 |
| OriginalFilename | jjs.exe |
| ProductName | Java(TM) Platform SE 8 |
| ProductVersion | 8.0.1440.1 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x7e2 | 0x800 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.84 |
| .rdata | 0x140002000 | 0x7f2 | 0x800 | 0xc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.48 |
| .data | 0x140003000 | 0xc8 | 0x200 | 0x1400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.01 |
| .pdata | 0x140004000 | 0xc0 | 0x200 | 0x1600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.54 |
| .rsrc | 0x140005000 | 0xa40 | 0xc00 | 0x1800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.26 |
| .reloc | 0x140006000 | 0x4a | 0x200 | 0x2400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.47 |
Imports (3)
»
jli.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| JLI_CmdToArgs | 0x0 | 0x140002120 | 0x2548 | 0x1148 | 0x0 |
| JLI_GetStdArgc | 0x0 | 0x140002128 | 0x2550 | 0x1150 | 0x1 |
| JLI_MemAlloc | 0x0 | 0x140002130 | 0x2558 | 0x1158 | 0x5 |
| JLI_GetStdArgs | 0x0 | 0x140002138 | 0x2560 | 0x1160 | 0x2 |
| JLI_Launch | 0x0 | 0x140002140 | 0x2568 | 0x1168 | 0x3 |
MSVCR100.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __getmainargs | 0x0 | 0x140002058 | 0x2480 | 0x1080 | 0x152 |
| __C_specific_handler | 0x0 | 0x140002060 | 0x2488 | 0x1088 | 0x11e |
| _XcptFilter | 0x0 | 0x140002068 | 0x2490 | 0x1090 | 0x11a |
| _exit | 0x0 | 0x140002070 | 0x2498 | 0x1098 | 0x200 |
| _cexit | 0x0 | 0x140002078 | 0x24a0 | 0x10a0 | 0x1b5 |
| exit | 0x0 | 0x140002080 | 0x24a8 | 0x10a8 | 0x548 |
| __initenv | 0x0 | 0x140002088 | 0x24b0 | 0x10b0 | 0x153 |
| _amsg_exit | 0x0 | 0x140002090 | 0x24b8 | 0x10b8 | 0x19e |
| _initterm_e | 0x0 | 0x140002098 | 0x24c0 | 0x10c0 | 0x287 |
| _configthreadlocale | 0x0 | 0x1400020a0 | 0x24c8 | 0x10c8 | 0x1c5 |
| __setusermatherr | 0x0 | 0x1400020a8 | 0x24d0 | 0x10d0 | 0x17c |
| _commode | 0x0 | 0x1400020b0 | 0x24d8 | 0x10d8 | 0x1c4 |
| _fmode | 0x0 | 0x1400020b8 | 0x24e0 | 0x10e0 | 0x21c |
| __set_app_type | 0x0 | 0x1400020c0 | 0x24e8 | 0x10e8 | 0x179 |
| ?terminate@@YAXXZ | 0x0 | 0x1400020c8 | 0x24f0 | 0x10f0 | 0x100 |
| _unlock | 0x0 | 0x1400020d0 | 0x24f8 | 0x10f8 | 0x45b |
| __dllonexit | 0x0 | 0x1400020d8 | 0x2500 | 0x1100 | 0x148 |
| _lock | 0x0 | 0x1400020e0 | 0x2508 | 0x1108 | 0x2f6 |
| _onexit | 0x0 | 0x1400020e8 | 0x2510 | 0x1110 | 0x39d |
| getenv | 0x0 | 0x1400020f0 | 0x2518 | 0x1118 | 0x573 |
| printf | 0x0 | 0x1400020f8 | 0x2520 | 0x1120 | 0x5b3 |
| __argc | 0x0 | 0x140002100 | 0x2528 | 0x1128 | 0x13d |
| __argv | 0x0 | 0x140002108 | 0x2530 | 0x1130 | 0x13e |
| _initterm | 0x0 | 0x140002110 | 0x2538 | 0x1138 | 0x286 |
KERNEL32.dll (10)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetSystemTimeAsFileTime | 0x0 | 0x140002000 | 0x2428 | 0x1028 | 0x280 |
| GetCurrentProcessId | 0x0 | 0x140002008 | 0x2430 | 0x1030 | 0x1c7 |
| GetCurrentThreadId | 0x0 | 0x140002010 | 0x2438 | 0x1038 | 0x1cb |
| GetTickCount | 0x0 | 0x140002018 | 0x2440 | 0x1040 | 0x29a |
| QueryPerformanceCounter | 0x0 | 0x140002020 | 0x2448 | 0x1048 | 0x3a9 |
| SetUnhandledExceptionFilter | 0x0 | 0x140002028 | 0x2450 | 0x1050 | 0x4b3 |
| EncodePointer | 0x0 | 0x140002030 | 0x2458 | 0x1058 | 0xee |
| Sleep | 0x0 | 0x140002038 | 0x2460 | 0x1060 | 0x4c0 |
| GetCommandLineA | 0x0 | 0x140002040 | 0x2468 | 0x1068 | 0x18c |
| DecodePointer | 0x0 | 0x140002048 | 0x2470 | 0x1070 | 0xcb |
Digital Signatures (2)
»
Certificate: Oracle America, Inc.
»
| Issued by | Oracle America, Inc. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2015-04-14 00:00:00+00:00 |
| Valid Until | 2018-04-13 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52 |
| Thumbprint | 3B 75 81 6D 15 A6 D8 F4 59 8E 9C F5 60 3F 18 39 EE 84 D7 3D |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00:00+00:00 |
| Valid Until | 2023-12-09 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 640 bytes |
| MD5 |
a40646b8bafb34879de15ed62df3fcc3
|
| SHA1 |
25d0f5e1479114c2cadbb4f5ff0c33fbeb76adbc
|
| SHA256 |
23367628d1bba4b9de751792cb407948778e9e31b577d361c23da25007d8ad17
|
| SSDeep |
12:HDaHm9GRh2cOdx7NAabmRUW76UvIl26kY4k5wMYo5ZIMsfPUqAJe6cBM7kBc:HDEm9zNrJAaoUKwlrR4ZoUt3UqArAG
|
| C:\588bce7c90097ed212\Setup.exe | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\Setup.exe.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 76.34 KB |
| MD5 |
2fe9888e8446efaa3670939bff1cf228
|
| SHA1 |
1b54dbdbd209c362fc1219958893ecb3d8cc534a
|
| SHA256 |
c60ab0bbd38834b3a4a072003532b47feefc80a4cd49c50568847ce45c2769bd
|
| SSDeep |
1536:Y3YNItbBL5NWiiESc0exWZnqxMQP8ZOs0JD9rHUM:Y3YNAB9NWTZctc/gBJ9oM
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 84.67 KB |
| MD5 |
f34858dc1ec0c55ec27aca3f457ca1d3
|
| SHA1 |
5aef4f4806677acbba4f84bb1101264071f5422c
|
| SHA256 |
faab830058d49c8b1e563bc38295bb758fab4da57a6e18c41007fbc8d3c19d4d
|
| SSDeep |
1536:mTfN/XDyO4zkm8dbHVLokF8iJTwRH0IM2D57Kykf8d/R8Tyr5J5is7MQ:i5Mzkm8PL3E7Qw/STyr5Jks7MQ
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf | Modified File |
Unknown
|
...
|
»
| Also Known As | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf (Modified File) |
| Mime Type | application/pdf |
| File Size | 182.47 KB |
| MD5 |
906c9a19fe57f776d807925ca6640132
|
| SHA1 |
50ea3f79d7f93beb08d3bfbbd897e7a803ae6149
|
| SHA256 |
2ebf03d799feb74ab40dfc14ec867ce9b8e7c3be77925ee86d20e8c327f84b5c
|
| SSDeep |
3072:bssls1MS60xwZODn/TJTHuX2T/5/dGc4uka2AtSyNLMDTJ5MtvVmbvx:wsls1b60zbJTuXa5McZd2At7mJ5Muzx
|
PDF Information
»
| Title | Microsoft Word - WinTH2_Ownership.docx |
| Subject | - |
| Author | mohd |
| Creator | PScript5.dll Version 5.2.2 |
| Keywords | - |
| Producer | Acrobat Distiller 15.0 (Windows) |
| Page Count | 1 |
| Encrypted |
|
| Create Time | 2015-12-03 15:01:19+00:00 |
| Modify Time | 2015-12-03 15:01:19+00:00 |
YARA Matches (1)
»
| Rule Name | Rule Description | Classification | Score | Actions |
|---|---|---|---|---|
| PDF_Data_after_last_EOF | PDF has data appended after the last EOF marker; possible malicious payload | - |
1/5
|
...
|
| C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 861.96 KB |
| MD5 |
2d3e09bedc6d4bd6cd948402c9e82e85
|
| SHA1 |
0f34ff8a953658543908fb1cf3c91c5e6d4f24d0
|
| SHA256 |
d4dcff5de0beb43d24e573f00644d11ae322812085f10625b04f16a8af41f32f
|
| SSDeep |
6144:ARvwpIqVxw5as+rZoH2KrqcHGN/dOgCrbnIZM4SLJQ6L8:ywpz/rfOjnf47
|
| C:\Program Files\Java\jre1.8.0_144\bin\jjs.exe | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\jjs.exe.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 15.58 KB |
| MD5 |
d4e30811ced381b956aaf2dd2aade0b0
|
| SHA1 |
6a28ec697956010fa2b2433b9e591efcfce32aea
|
| SHA256 |
e19be3c121dbb61758c0d74add62c1a1504afa0b816fffdd7e1542961e97dcee
|
| SSDeep |
192:RnL5v+C4SfgkYeU+tfipIKEfosjzeexU3nYe+PjPriT0fwpGPy+:Pvr4YdU+xBKN2zeex6nYPLr7PV
|
| C:\Program Files\Java\jre1.8.0_144\bin\jp2launcher.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 109.58 KB |
| MD5 |
fdc259a46ac770491d9ae125c737785c
|
| SHA1 |
00d84f0571caa41504e5613f8dddd9b6dca3ec92
|
| SHA256 |
1c8f8389ad85f6cdbb52dcfabea0f85c31607f92bb357c3648c13bbdef4185d7
|
| SSDeep |
3072:zeeOEy2Po878kAUB79dvRo3brkO7nv3uR4:qeOE/Po87hp9dvynkOjv3X
|
| ImpHash |
d0d1d6669263b3e3031c89777bec618f
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x14000f30c |
| Size Of Code | 0xfc00 |
| Size Of Initialized Data | 0xc000 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2017-07-22 05:17:58+00:00 |
Version Information (9)
»
| CompanyName | Oracle Corporation |
| FileDescription | Java(TM) Web Launcher |
| FileVersion | 11.144.2.01 |
| Full Version | 11.144.2.01 |
| InternalName | Java(TM) Web Launcher |
| LegalCopyright | Copyright © 2017 |
| OriginalFilename | jp2launcher.exe |
| ProductName | Java(TM) Platform SE 8 U144 |
| ProductVersion | 8.0.1440.1 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0xfb0e | 0xfc00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.17 |
| .rdata | 0x140011000 | 0x6b4e | 0x6c00 | 0x10000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.96 |
| .data | 0x140018000 | 0x36c8 | 0x1600 | 0x16c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.69 |
| .pdata | 0x14001c000 | 0xc84 | 0xe00 | 0x18200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.61 |
| .rsrc | 0x14001d000 | 0x948 | 0xa00 | 0x19000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.56 |
| .reloc | 0x14001e000 | 0x32e | 0x400 | 0x19a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 3.39 |
Imports (5)
»
MSVCR100.dll (86)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ?terminate@@YAXXZ | 0x0 | 0x1400111f8 | 0x16e38 | 0x15e38 | 0x100 |
| __C_specific_handler | 0x0 | 0x140011200 | 0x16e40 | 0x15e40 | 0x11e |
| _amsg_exit | 0x0 | 0x140011208 | 0x16e48 | 0x15e48 | 0x19e |
| __getmainargs | 0x0 | 0x140011210 | 0x16e50 | 0x15e50 | 0x152 |
| _XcptFilter | 0x0 | 0x140011218 | 0x16e58 | 0x15e58 | 0x11a |
| _exit | 0x0 | 0x140011220 | 0x16e60 | 0x15e60 | 0x200 |
| _ismbblead | 0x0 | 0x140011228 | 0x16e68 | 0x15e68 | 0x2a5 |
| _cexit | 0x0 | 0x140011230 | 0x16e70 | 0x15e70 | 0x1b5 |
| _acmdln | 0x0 | 0x140011238 | 0x16e78 | 0x15e78 | 0x195 |
| _initterm | 0x0 | 0x140011240 | 0x16e80 | 0x15e80 | 0x286 |
| _initterm_e | 0x0 | 0x140011248 | 0x16e88 | 0x15e88 | 0x287 |
| getenv | 0x0 | 0x140011250 | 0x16e90 | 0x15e90 | 0x573 |
| __setusermatherr | 0x0 | 0x140011258 | 0x16e98 | 0x15e98 | 0x17c |
| _commode | 0x0 | 0x140011260 | 0x16ea0 | 0x15ea0 | 0x1c4 |
| _fmode | 0x0 | 0x140011268 | 0x16ea8 | 0x15ea8 | 0x21c |
| __set_app_type | 0x0 | 0x140011270 | 0x16eb0 | 0x15eb0 | 0x179 |
| __crt_debugger_hook | 0x0 | 0x140011278 | 0x16eb8 | 0x15eb8 | 0x146 |
| ?_type_info_dtor_internal_method@type_info@@QEAAXXZ | 0x0 | 0x140011280 | 0x16ec0 | 0x15ec0 | 0xee |
| _unlock | 0x0 | 0x140011288 | 0x16ec8 | 0x15ec8 | 0x45b |
| __dllonexit | 0x0 | 0x140011290 | 0x16ed0 | 0x15ed0 | 0x148 |
| _lock | 0x0 | 0x140011298 | 0x16ed8 | 0x15ed8 | 0x2f6 |
| _onexit | 0x0 | 0x1400112a0 | 0x16ee0 | 0x15ee0 | 0x39d |
| _vsnprintf_s | 0x0 | 0x1400112a8 | 0x16ee8 | 0x15ee8 | 0x483 |
| _ftime64_s | 0x0 | 0x1400112b0 | 0x16ef0 | 0x15ef0 | 0x23e |
| strftime | 0x0 | 0x1400112b8 | 0x16ef8 | 0x15ef8 | 0x5df |
| _localtime64 | 0x0 | 0x1400112c0 | 0x16f00 | 0x15f00 | 0x2f4 |
| fprintf_s | 0x0 | 0x1400112c8 | 0x16f08 | 0x15f08 | 0x55c |
| _dupenv_s | 0x0 | 0x1400112d0 | 0x16f10 | 0x15f10 | 0x1ef |
| fopen_s | 0x0 | 0x1400112d8 | 0x16f18 | 0x15f18 | 0x55a |
| _wstat64i32 | 0x0 | 0x1400112e0 | 0x16f20 | 0x15f20 | 0x513 |
| strcat_s | 0x0 | 0x1400112e8 | 0x16f28 | 0x15f28 | 0x5d6 |
| memcpy_s | 0x0 | 0x1400112f0 | 0x16f30 | 0x15f30 | 0x5aa |
| _splitpath_s | 0x0 | 0x1400112f8 | 0x16f38 | 0x15f38 | 0x3fc |
| strcpy_s | 0x0 | 0x140011300 | 0x16f40 | 0x15f40 | 0x5db |
| ??_V@YAXPEAX@Z | 0x0 | 0x140011308 | 0x16f48 | 0x15f48 | 0x7a |
| fopen | 0x0 | 0x140011310 | 0x16f50 | 0x15f50 | 0x559 |
| fgets | 0x0 | 0x140011318 | 0x16f58 | 0x15f58 | 0x552 |
| atoi | 0x0 | 0x140011320 | 0x16f60 | 0x15f60 | 0x538 |
| fseek | 0x0 | 0x140011328 | 0x16f68 | 0x15f68 | 0x569 |
| fclose | 0x0 | 0x140011330 | 0x16f70 | 0x15f70 | 0x54c |
| sprintf_s | 0x0 | 0x140011338 | 0x16f78 | 0x15f78 | 0x5cf |
| _vsnprintf | 0x0 | 0x140011340 | 0x16f80 | 0x15f80 | 0x47f |
| _mbsnbicmp | 0x0 | 0x140011348 | 0x16f88 | 0x15f88 | 0x34d |
| _mbstok_s | 0x0 | 0x140011350 | 0x16f90 | 0x15f90 | 0x383 |
| _mbsrchr | 0x0 | 0x140011358 | 0x16f98 | 0x15f98 | 0x373 |
| _access | 0x0 | 0x140011360 | 0x16fa0 | 0x15fa0 | 0x193 |
| __iob_func | 0x0 | 0x140011368 | 0x16fa8 | 0x15fa8 | 0x154 |
| fprintf | 0x0 | 0x140011370 | 0x16fb0 | 0x15fb0 | 0x55b |
| fflush | 0x0 | 0x140011378 | 0x16fb8 | 0x15fb8 | 0x54f |
| _ismbcspace | 0x0 | 0x140011380 | 0x16fc0 | 0x15fc0 | 0x2c7 |
| memcmp | 0x0 | 0x140011388 | 0x16fc8 | 0x15fc8 | 0x5a8 |
| __argc | 0x0 | 0x140011390 | 0x16fd0 | 0x15fd0 | 0x13d |
| __argv | 0x0 | 0x140011398 | 0x16fd8 | 0x15fd8 | 0x13e |
| sscanf | 0x0 | 0x1400113a0 | 0x16fe0 | 0x15fe0 | 0x5d3 |
| exit | 0x0 | 0x1400113a8 | 0x16fe8 | 0x15fe8 | 0x548 |
| _putenv | 0x0 | 0x1400113b0 | 0x16ff0 | 0x15ff0 | 0x3ac |
| sprintf | 0x0 | 0x1400113b8 | 0x16ff8 | 0x15ff8 | 0x5ce |
| __CxxFrameHandler3 | 0x0 | 0x1400113c0 | 0x17000 | 0x16000 | 0x128 |
| memmove | 0x0 | 0x1400113c8 | 0x17008 | 0x16008 | 0x5ab |
| ??0exception@std@@QEAA@AEBV01@@Z | 0x0 | 0x1400113d0 | 0x17010 | 0x16010 | 0x24 |
| _CxxThrowException | 0x0 | 0x1400113d8 | 0x17018 | 0x16018 | 0x10e |
| ??2@YAPEAX_K@Z | 0x0 | 0x1400113e0 | 0x17020 | 0x16020 | 0x63 |
| malloc | 0x0 | 0x1400113e8 | 0x17028 | 0x16028 | 0x59e |
| free | 0x0 | 0x1400113f0 | 0x17030 | 0x16030 | 0x563 |
| realloc | 0x0 | 0x1400113f8 | 0x17038 | 0x16038 | 0x5bf |
| memcpy | 0x0 | 0x140011400 | 0x17040 | 0x16040 | 0x5a9 |
| _snprintf_s | 0x0 | 0x140011408 | 0x17048 | 0x16048 | 0x3e3 |
| _stat64i32 | 0x0 | 0x140011410 | 0x17050 | 0x16050 | 0x406 |
| _snprintf | 0x0 | 0x140011418 | 0x17058 | 0x16058 | 0x3df |
| _time64 | 0x0 | 0x140011420 | 0x17060 | 0x16060 | 0x43f |
| ??3@YAXPEAX@Z | 0x0 | 0x140011428 | 0x17068 | 0x16068 | 0x65 |
| ??1exception@std@@UEAA@XZ | 0x0 | 0x140011430 | 0x17070 | 0x16070 | 0x5d |
| ?what@exception@std@@UEBAPEBDXZ | 0x0 | 0x140011438 | 0x17078 | 0x16078 | 0x10a |
| ??0exception@std@@QEAA@AEBQEBD@Z | 0x0 | 0x140011440 | 0x17080 | 0x16080 | 0x22 |
| _mbslen | 0x0 | 0x140011448 | 0x17088 | 0x16088 | 0x339 |
| _mbsstr | 0x0 | 0x140011450 | 0x17090 | 0x16090 | 0x37f |
| _mbsnbcpy_s | 0x0 | 0x140011458 | 0x17098 | 0x16098 | 0x34b |
| _mbschr | 0x0 | 0x140011460 | 0x170a0 | 0x160a0 | 0x327 |
| strrchr | 0x0 | 0x140011468 | 0x170a8 | 0x160a8 | 0x5e8 |
| memset | 0x0 | 0x140011470 | 0x170b0 | 0x160b0 | 0x5ad |
| calloc | 0x0 | 0x140011478 | 0x170b8 | 0x160b8 | 0x53d |
| _strdup | 0x0 | 0x140011480 | 0x170c0 | 0x160c0 | 0x40b |
| _mbsnbcmp | 0x0 | 0x140011488 | 0x170c8 | 0x160c8 | 0x343 |
| _mbsicmp | 0x0 | 0x140011490 | 0x170d0 | 0x160d0 | 0x333 |
| _configthreadlocale | 0x0 | 0x140011498 | 0x170d8 | 0x160d8 | 0x1c5 |
| _mbscmp | 0x0 | 0x1400114a0 | 0x170e0 | 0x160e0 | 0x329 |
USER32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CloseDesktop | 0x0 | 0x1400114e0 | 0x17120 | 0x16120 | 0x4a |
| OpenInputDesktop | 0x0 | 0x1400114e8 | 0x17128 | 0x16128 | 0x22e |
| wsprintfA | 0x0 | 0x1400114f0 | 0x17130 | 0x16130 | 0x33a |
ole32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CoTaskMemFree | 0x0 | 0x140011500 | 0x17140 | 0x16140 | 0x6c |
| StringFromCLSID | 0x0 | 0x140011508 | 0x17148 | 0x16148 | 0x1b4 |
OLEAUT32.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| VariantClear | 0x9 | 0x1400114b0 | 0x170f0 | 0x160f0 | - |
| SysAllocStringByteLen | 0x96 | 0x1400114b8 | 0x170f8 | 0x160f8 | - |
| SysStringLen | 0x7 | 0x1400114c0 | 0x17100 | 0x16100 | - |
| SysAllocString | 0x2 | 0x1400114c8 | 0x17108 | 0x16108 | - |
| SysFreeString | 0x6 | 0x1400114d0 | 0x17110 | 0x16110 | - |
KERNEL32.dll (62)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RaiseException | 0x0 | 0x140011000 | 0x16c40 | 0x15c40 | 0x3b4 |
| GetFileAttributesA | 0x0 | 0x140011008 | 0x16c48 | 0x15c48 | 0x1ec |
| GetCurrentThreadId | 0x0 | 0x140011010 | 0x16c50 | 0x15c50 | 0x1cb |
| OutputDebugStringA | 0x0 | 0x140011018 | 0x16c58 | 0x15c58 | 0x38b |
| GetLocalTime | 0x0 | 0x140011020 | 0x16c60 | 0x15c60 | 0x209 |
| GetTempPathA | 0x0 | 0x140011028 | 0x16c68 | 0x15c68 | 0x28b |
| GetShortPathNameA | 0x0 | 0x140011030 | 0x16c70 | 0x15c70 | 0x267 |
| FormatMessageA | 0x0 | 0x140011038 | 0x16c78 | 0x15c78 | 0x163 |
| CreateProcessA | 0x0 | 0x140011040 | 0x16c80 | 0x15c80 | 0xa4 |
| CreateFileA | 0x0 | 0x140011048 | 0x16c88 | 0x15c88 | 0x88 |
| GetNativeSystemInfo | 0x0 | 0x140011050 | 0x16c90 | 0x15c90 | 0x22b |
| VerSetConditionMask | 0x0 | 0x140011058 | 0x16c98 | 0x15c98 | 0x4f3 |
| VerifyVersionInfoA | 0x0 | 0x140011060 | 0x16ca0 | 0x15ca0 | 0x4f6 |
| GlobalMemoryStatusEx | 0x0 | 0x140011068 | 0x16ca8 | 0x15ca8 | 0x2c8 |
| GetModuleHandleA | 0x0 | 0x140011070 | 0x16cb0 | 0x15cb0 | 0x21b |
| lstrlenA | 0x0 | 0x140011078 | 0x16cb8 | 0x15cb8 | 0x560 |
| WideCharToMultiByte | 0x0 | 0x140011080 | 0x16cc0 | 0x15cc0 | 0x520 |
| GetCurrentProcess | 0x0 | 0x140011088 | 0x16cc8 | 0x15cc8 | 0x1c6 |
| LocalAlloc | 0x0 | 0x140011090 | 0x16cd0 | 0x15cd0 | 0x346 |
| Process32First | 0x0 | 0x140011098 | 0x16cd8 | 0x15cd8 | 0x397 |
| GetCurrentProcessId | 0x0 | 0x1400110a0 | 0x16ce0 | 0x15ce0 | 0x1c7 |
| Process32Next | 0x0 | 0x1400110a8 | 0x16ce8 | 0x15ce8 | 0x399 |
| CreateEventA | 0x0 | 0x1400110b0 | 0x16cf0 | 0x15cf0 | 0x82 |
| SetEvent | 0x0 | 0x1400110b8 | 0x16cf8 | 0x15cf8 | 0x467 |
| OpenProcess | 0x0 | 0x1400110c0 | 0x16d00 | 0x15d00 | 0x382 |
| CreateToolhelp32Snapshot | 0x0 | 0x1400110c8 | 0x16d08 | 0x15d08 | 0xbd |
| Sleep | 0x0 | 0x1400110d0 | 0x16d10 | 0x15d10 | 0x4c0 |
| Module32First | 0x0 | 0x1400110d8 | 0x16d18 | 0x15d18 | 0x35c |
| GetLongPathNameA | 0x0 | 0x1400110e0 | 0x16d20 | 0x15d20 | 0x212 |
| CloseHandle | 0x0 | 0x1400110e8 | 0x16d28 | 0x15d28 | 0x52 |
| GetSystemDirectoryA | 0x0 | 0x1400110f0 | 0x16d30 | 0x15d30 | 0x276 |
| LocalFree | 0x0 | 0x1400110f8 | 0x16d38 | 0x15d38 | 0x34a |
| GetVersionExA | 0x0 | 0x140011100 | 0x16d40 | 0x15d40 | 0x2ab |
| GetProcAddress | 0x0 | 0x140011108 | 0x16d48 | 0x15d48 | 0x24c |
| LoadLibraryA | 0x0 | 0x140011110 | 0x16d50 | 0x15d50 | 0x33e |
| FreeLibrary | 0x0 | 0x140011118 | 0x16d58 | 0x15d58 | 0x168 |
| WaitForSingleObject | 0x0 | 0x140011120 | 0x16d60 | 0x15d60 | 0x508 |
| lstrcpyA | 0x0 | 0x140011128 | 0x16d68 | 0x15d68 | 0x55a |
| GetWindowsDirectoryA | 0x0 | 0x140011130 | 0x16d70 | 0x15d70 | 0x2b6 |
| FindFirstFileA | 0x0 | 0x140011138 | 0x16d78 | 0x15d78 | 0x138 |
| GetModuleFileNameA | 0x0 | 0x140011140 | 0x16d80 | 0x15d80 | 0x219 |
| FindClose | 0x0 | 0x140011148 | 0x16d88 | 0x15d88 | 0x134 |
| GetEnvironmentVariableA | 0x0 | 0x140011150 | 0x16d90 | 0x15d90 | 0x1e2 |
| GetLastError | 0x0 | 0x140011158 | 0x16d98 | 0x15d98 | 0x208 |
| SetEnvironmentVariableA | 0x0 | 0x140011160 | 0x16da0 | 0x15da0 | 0x464 |
| GetModuleHandleExA | 0x0 | 0x140011168 | 0x16da8 | 0x15da8 | 0x21c |
| GetExitCodeProcess | 0x0 | 0x140011170 | 0x16db0 | 0x15db0 | 0x1e6 |
| GetStartupInfoW | 0x0 | 0x140011178 | 0x16db8 | 0x15db8 | 0x26a |
| EncodePointer | 0x0 | 0x140011180 | 0x16dc0 | 0x15dc0 | 0xee |
| TerminateProcess | 0x0 | 0x140011188 | 0x16dc8 | 0x15dc8 | 0x4ce |
| UnhandledExceptionFilter | 0x0 | 0x140011190 | 0x16dd0 | 0x15dd0 | 0x4e2 |
| SetUnhandledExceptionFilter | 0x0 | 0x140011198 | 0x16dd8 | 0x15dd8 | 0x4b3 |
| IsDebuggerPresent | 0x0 | 0x1400111a0 | 0x16de0 | 0x15de0 | 0x302 |
| RtlVirtualUnwind | 0x0 | 0x1400111a8 | 0x16de8 | 0x15de8 | 0x426 |
| RtlLookupFunctionEntry | 0x0 | 0x1400111b0 | 0x16df0 | 0x15df0 | 0x41f |
| RtlCaptureContext | 0x0 | 0x1400111b8 | 0x16df8 | 0x15df8 | 0x418 |
| DecodePointer | 0x0 | 0x1400111c0 | 0x16e00 | 0x15e00 | 0xcb |
| QueryPerformanceCounter | 0x0 | 0x1400111c8 | 0x16e08 | 0x15e08 | 0x3a9 |
| GetTickCount | 0x0 | 0x1400111d0 | 0x16e10 | 0x15e10 | 0x29a |
| GetSystemTimeAsFileTime | 0x0 | 0x1400111d8 | 0x16e18 | 0x15e18 | 0x280 |
| MultiByteToWideChar | 0x0 | 0x1400111e0 | 0x16e20 | 0x15e20 | 0x369 |
| GetSystemWindowsDirectoryA | 0x0 | 0x1400111e8 | 0x16e28 | 0x15e28 | 0x282 |
Digital Signatures (2)
»
Certificate: Oracle America, Inc.
»
| Issued by | Oracle America, Inc. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2015-04-14 00:00:00+00:00 |
| Valid Until | 2018-04-13 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52 |
| Thumbprint | 3B 75 81 6D 15 A6 D8 F4 59 8E 9C F5 60 3F 18 39 EE 84 D7 3D |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00:00+00:00 |
| Valid Until | 2023-12-09 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 445.05 KB |
| MD5 |
a7790fa07e87b66fa8ad14b97cb7ee80
|
| SHA1 |
a2115a72dc7b6f404a7996728016cfb69517ba9c
|
| SHA256 |
c4208fe320c0bbfe985def4d075265fbd1144091127702def149a39c40d578db
|
| SSDeep |
12288:LZc0IursYCYQeSnyZJiqlEbXSb9NtoqOFBqkYH0:DMYenGJiKEbXWtpOLlF
|
| ImpHash |
33c6db41ca15b47cfcec52de6c2ab2b7
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x40474b |
| Size Of Code | 0x4e200 |
| Size Of Initialized Data | 0x8800 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2013-08-20 23:25:02+00:00 |
Version Information (8)
»
| CompanyName | Microsoft Corporation |
| FileDescription | Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 |
| FileVersion | 11.0.61030.0 |
| InternalName | setup |
| LegalCopyright | Copyright (c) Microsoft Corporation. All rights reserved. |
| OriginalFilename | vcredist_x86.exe |
| ProductName | Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 |
| ProductVersion | 11.0.61030.0 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x4e19a | 0x4e200 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.6 |
| .data | 0x450000 | 0x2e7c | 0x1000 | 0x4e600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.43 |
| .wixburn | 0x453000 | 0x38 | 0x200 | 0x4f600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 0.58 |
| .tls | 0x454000 | 0x9 | 0x200 | 0x4f800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .rsrc | 0x455000 | 0x3184 | 0x3200 | 0x4fa00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.5 |
| .reloc | 0x459000 | 0x415e | 0x4200 | 0x52c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.58 |
Imports (14)
»
KERNEL32.dll (145)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CopyFileExW | 0x0 | 0x4010e0 | 0x4daa0 | 0x4cea0 | 0x72 |
| MapViewOfFile | 0x0 | 0x4010e4 | 0x4daa4 | 0x4cea4 | 0x357 |
| CreateFileMappingW | 0x0 | 0x4010e8 | 0x4daa8 | 0x4cea8 | 0x8c |
| CreateMutexW | 0x0 | 0x4010ec | 0x4daac | 0x4ceac | 0x9e |
| SetFileTime | 0x0 | 0x4010f0 | 0x4dab0 | 0x4ceb0 | 0x46a |
| LocalFileTimeToFileTime | 0x0 | 0x4010f4 | 0x4dab4 | 0x4ceb4 | 0x346 |
| DosDateTimeToFileTime | 0x0 | 0x4010f8 | 0x4dab8 | 0x4ceb8 | 0xe4 |
| ResetEvent | 0x0 | 0x4010fc | 0x4dabc | 0x4cebc | 0x40f |
| SetEndOfFile | 0x0 | 0x401100 | 0x4dac0 | 0x4cec0 | 0x453 |
| DeleteFileW | 0x0 | 0x401104 | 0x4dac4 | 0x4cec4 | 0xd6 |
| GetThreadLocale | 0x0 | 0x401108 | 0x4dac8 | 0x4cec8 | 0x28c |
| UnmapViewOfFile | 0x0 | 0x40110c | 0x4dacc | 0x4cecc | 0x4d6 |
| GetFullPathNameW | 0x0 | 0x401110 | 0x4dad0 | 0x4ced0 | 0x1fb |
| GetTempFileNameW | 0x0 | 0x401114 | 0x4dad4 | 0x4ced4 | 0x283 |
| CreateDirectoryW | 0x0 | 0x401118 | 0x4dad8 | 0x4ced8 | 0x81 |
| GetLocalTime | 0x0 | 0x40111c | 0x4dadc | 0x4cedc | 0x203 |
| SetFilePointer | 0x0 | 0x401120 | 0x4dae0 | 0x4cee0 | 0x466 |
| GetComputerNameW | 0x0 | 0x401124 | 0x4dae4 | 0x4cee4 | 0x18f |
| CreateFileA | 0x0 | 0x401128 | 0x4dae8 | 0x4cee8 | 0x88 |
| GetProcessHeap | 0x0 | 0x40112c | 0x4daec | 0x4ceec | 0x24a |
| GetModuleHandleA | 0x0 | 0x401130 | 0x4daf0 | 0x4cef0 | 0x215 |
| CopyFileW | 0x0 | 0x401134 | 0x4daf4 | 0x4cef4 | 0x75 |
| MoveFileExW | 0x0 | 0x401138 | 0x4daf8 | 0x4cef8 | 0x360 |
| GlobalFree | 0x0 | 0x40113c | 0x4dafc | 0x4cefc | 0x2ba |
| GlobalAlloc | 0x0 | 0x401140 | 0x4db00 | 0x4cf00 | 0x2b3 |
| GetFileSizeEx | 0x0 | 0x401144 | 0x4db04 | 0x4cf04 | 0x1f1 |
| GetCurrentDirectoryW | 0x0 | 0x401148 | 0x4db08 | 0x4cf08 | 0x1bf |
| SystemTimeToFileTime | 0x0 | 0x40114c | 0x4db0c | 0x4cf0c | 0x4bd |
| SystemTimeToTzSpecificLocalTime | 0x0 | 0x401150 | 0x4db10 | 0x4cf10 | 0x4be |
| RaiseException | 0x0 | 0x401154 | 0x4db14 | 0x4cf14 | 0x3b1 |
| GetConsoleCP | 0x0 | 0x401158 | 0x4db18 | 0x4cf18 | 0x19a |
| GetConsoleMode | 0x0 | 0x40115c | 0x4db1c | 0x4cf1c | 0x1ac |
| SetStdHandle | 0x0 | 0x401160 | 0x4db20 | 0x4cf20 | 0x487 |
| WriteConsoleA | 0x0 | 0x401164 | 0x4db24 | 0x4cf24 | 0x51a |
| GetConsoleOutputCP | 0x0 | 0x401168 | 0x4db28 | 0x4cf28 | 0x1b0 |
| WriteConsoleW | 0x0 | 0x40116c | 0x4db2c | 0x4cf2c | 0x524 |
| FormatMessageW | 0x0 | 0x401170 | 0x4db30 | 0x4cf30 | 0x15e |
| HeapSetInformation | 0x0 | 0x401174 | 0x4db34 | 0x4cf34 | 0x2d3 |
| GetStartupInfoW | 0x0 | 0x401178 | 0x4db38 | 0x4cf38 | 0x263 |
| SetUnhandledExceptionFilter | 0x0 | 0x40117c | 0x4db3c | 0x4cf3c | 0x4a5 |
| GetModuleHandleW | 0x0 | 0x401180 | 0x4db40 | 0x4cf40 | 0x218 |
| Sleep | 0x0 | 0x401184 | 0x4db44 | 0x4cf44 | 0x4b2 |
| GetProcAddress | 0x0 | 0x401188 | 0x4db48 | 0x4cf48 | 0x245 |
| ExitProcess | 0x0 | 0x40118c | 0x4db4c | 0x4cf4c | 0x119 |
| WriteFile | 0x0 | 0x401190 | 0x4db50 | 0x4cf50 | 0x525 |
| GetStdHandle | 0x0 | 0x401194 | 0x4db54 | 0x4cf54 | 0x264 |
| GetModuleFileNameA | 0x0 | 0x401198 | 0x4db58 | 0x4cf58 | 0x213 |
| GetModuleFileNameW | 0x0 | 0x40119c | 0x4db5c | 0x4cf5c | 0x214 |
| FreeEnvironmentStringsW | 0x0 | 0x4011a0 | 0x4db60 | 0x4cf60 | 0x161 |
| GetEnvironmentStringsW | 0x0 | 0x4011a4 | 0x4db64 | 0x4cf64 | 0x1da |
| GetCommandLineW | 0x0 | 0x4011a8 | 0x4db68 | 0x4cf68 | 0x187 |
| SetHandleCount | 0x0 | 0x4011ac | 0x4db6c | 0x4cf6c | 0x46f |
| GetFileType | 0x0 | 0x4011b0 | 0x4db70 | 0x4cf70 | 0x1f3 |
| GetStartupInfoA | 0x0 | 0x4011b4 | 0x4db74 | 0x4cf74 | 0x262 |
| DeleteCriticalSection | 0x0 | 0x4011b8 | 0x4db78 | 0x4cf78 | 0xd1 |
| TlsGetValue | 0x0 | 0x4011bc | 0x4db7c | 0x4cf7c | 0x4c7 |
| TlsAlloc | 0x0 | 0x4011c0 | 0x4db80 | 0x4cf80 | 0x4c5 |
| TlsSetValue | 0x0 | 0x4011c4 | 0x4db84 | 0x4cf84 | 0x4c8 |
| TlsFree | 0x0 | 0x4011c8 | 0x4db88 | 0x4cf88 | 0x4c6 |
| InterlockedIncrement | 0x0 | 0x4011cc | 0x4db8c | 0x4cf8c | 0x2ef |
| SetLastError | 0x0 | 0x4011d0 | 0x4db90 | 0x4cf90 | 0x473 |
| GetCurrentThreadId | 0x0 | 0x4011d4 | 0x4db94 | 0x4cf94 | 0x1c5 |
| GetLastError | 0x0 | 0x4011d8 | 0x4db98 | 0x4cf98 | 0x202 |
| InterlockedDecrement | 0x0 | 0x4011dc | 0x4db9c | 0x4cf9c | 0x2eb |
| HeapCreate | 0x0 | 0x4011e0 | 0x4dba0 | 0x4cfa0 | 0x2cd |
| VirtualFree | 0x0 | 0x4011e4 | 0x4dba4 | 0x4cfa4 | 0x4ec |
| HeapFree | 0x0 | 0x4011e8 | 0x4dba8 | 0x4cfa8 | 0x2cf |
| QueryPerformanceCounter | 0x0 | 0x4011ec | 0x4dbac | 0x4cfac | 0x3a7 |
| GetTickCount | 0x0 | 0x4011f0 | 0x4dbb0 | 0x4cfb0 | 0x293 |
| GetCurrentProcessId | 0x0 | 0x4011f4 | 0x4dbb4 | 0x4cfb4 | 0x1c1 |
| GetSystemTimeAsFileTime | 0x0 | 0x4011f8 | 0x4dbb8 | 0x4cfb8 | 0x279 |
| LeaveCriticalSection | 0x0 | 0x4011fc | 0x4dbbc | 0x4cfbc | 0x339 |
| EnterCriticalSection | 0x0 | 0x401200 | 0x4dbc0 | 0x4cfc0 | 0xee |
| TerminateProcess | 0x0 | 0x401204 | 0x4dbc4 | 0x4cfc4 | 0x4c0 |
| GetCurrentProcess | 0x0 | 0x401208 | 0x4dbc8 | 0x4cfc8 | 0x1c0 |
| UnhandledExceptionFilter | 0x0 | 0x40120c | 0x4dbcc | 0x4cfcc | 0x4d3 |
| IsDebuggerPresent | 0x0 | 0x401210 | 0x4dbd0 | 0x4cfd0 | 0x300 |
| FreeLibrary | 0x0 | 0x401214 | 0x4dbd4 | 0x4cfd4 | 0x162 |
| InterlockedExchange | 0x0 | 0x401218 | 0x4dbd8 | 0x4cfd8 | 0x2ec |
| LoadLibraryA | 0x0 | 0x40121c | 0x4dbdc | 0x4cfdc | 0x33c |
| InitializeCriticalSectionAndSpinCount | 0x0 | 0x401220 | 0x4dbe0 | 0x4cfe0 | 0x2e3 |
| GetCPInfo | 0x0 | 0x401224 | 0x4dbe4 | 0x4cfe4 | 0x172 |
| GetACP | 0x0 | 0x401228 | 0x4dbe8 | 0x4cfe8 | 0x168 |
| GetOEMCP | 0x0 | 0x40122c | 0x4dbec | 0x4cfec | 0x237 |
| IsValidCodePage | 0x0 | 0x401230 | 0x4dbf0 | 0x4cff0 | 0x30a |
| HeapAlloc | 0x0 | 0x401234 | 0x4dbf4 | 0x4cff4 | 0x2cb |
| VirtualAlloc | 0x0 | 0x401238 | 0x4dbf8 | 0x4cff8 | 0x4e9 |
| HeapReAlloc | 0x0 | 0x40123c | 0x4dbfc | 0x4cffc | 0x2d2 |
| RtlUnwind | 0x0 | 0x401240 | 0x4dc00 | 0x4d000 | 0x418 |
| HeapSize | 0x0 | 0x401244 | 0x4dc04 | 0x4d004 | 0x2d4 |
| GetLocaleInfoA | 0x0 | 0x401248 | 0x4dc08 | 0x4d008 | 0x204 |
| WideCharToMultiByte | 0x0 | 0x40124c | 0x4dc0c | 0x4d00c | 0x511 |
| GetStringTypeA | 0x0 | 0x401250 | 0x4dc10 | 0x4d010 | 0x266 |
| MultiByteToWideChar | 0x0 | 0x401254 | 0x4dc14 | 0x4d014 | 0x367 |
| GetStringTypeW | 0x0 | 0x401258 | 0x4dc18 | 0x4d018 | 0x269 |
| LCMapStringA | 0x0 | 0x40125c | 0x4dc1c | 0x4d01c | 0x32b |
| LCMapStringW | 0x0 | 0x401260 | 0x4dc20 | 0x4d020 | 0x32d |
| GetTimeZoneInformation | 0x0 | 0x401264 | 0x4dc24 | 0x4d024 | 0x298 |
| CompareStringW | 0x0 | 0x401268 | 0x4dc28 | 0x4d028 | 0x64 |
| InitializeCriticalSection | 0x0 | 0x40126c | 0x4dc2c | 0x4d02c | 0x2e2 |
| CloseHandle | 0x0 | 0x401270 | 0x4dc30 | 0x4d030 | 0x52 |
| LocalFree | 0x0 | 0x401274 | 0x4dc34 | 0x4d034 | 0x348 |
| ReleaseMutex | 0x0 | 0x401278 | 0x4dc38 | 0x4d038 | 0x3fa |
| GetVersionExW | 0x0 | 0x40127c | 0x4dc3c | 0x4d03c | 0x2a4 |
| GetProcessId | 0x0 | 0x401280 | 0x4dc40 | 0x4d040 | 0x24c |
| ReadFile | 0x0 | 0x401284 | 0x4dc44 | 0x4d044 | 0x3c0 |
| CreateNamedPipeW | 0x0 | 0x401288 | 0x4dc48 | 0x4d048 | 0xa0 |
| ConnectNamedPipe | 0x0 | 0x40128c | 0x4dc4c | 0x4d04c | 0x65 |
| SetNamedPipeHandleState | 0x0 | 0x401290 | 0x4dc50 | 0x4d050 | 0x47c |
| lstrlenW | 0x0 | 0x401294 | 0x4dc54 | 0x4d054 | 0x54e |
| WaitForSingleObject | 0x0 | 0x401298 | 0x4dc58 | 0x4d058 | 0x4f9 |
| OpenProcess | 0x0 | 0x40129c | 0x4dc5c | 0x4d05c | 0x380 |
| CreateFileW | 0x0 | 0x4012a0 | 0x4dc60 | 0x4d060 | 0x8f |
| SetFilePointerEx | 0x0 | 0x4012a4 | 0x4dc64 | 0x4d064 | 0x467 |
| lstrlenA | 0x0 | 0x4012a8 | 0x4dc68 | 0x4d068 | 0x54d |
| RemoveDirectoryW | 0x0 | 0x4012ac | 0x4dc6c | 0x4d06c | 0x403 |
| GetFileAttributesW | 0x0 | 0x4012b0 | 0x4dc70 | 0x4d070 | 0x1ea |
| ExpandEnvironmentStringsW | 0x0 | 0x4012b4 | 0x4dc74 | 0x4d074 | 0x11d |
| VerifyVersionInfoW | 0x0 | 0x4012b8 | 0x4dc78 | 0x4d078 | 0x4e8 |
| VerSetConditionMask | 0x0 | 0x4012bc | 0x4dc7c | 0x4d07c | 0x4e4 |
| GetTempPathW | 0x0 | 0x4012c0 | 0x4dc80 | 0x4d080 | 0x285 |
| GetSystemDirectoryW | 0x0 | 0x4012c4 | 0x4dc84 | 0x4d084 | 0x270 |
| GetSystemWow64DirectoryW | 0x0 | 0x4012c8 | 0x4dc88 | 0x4d088 | 0x27e |
| GetVolumePathNameW | 0x0 | 0x4012cc | 0x4dc8c | 0x4d08c | 0x2ab |
| GetWindowsDirectoryW | 0x0 | 0x4012d0 | 0x4dc90 | 0x4d090 | 0x2af |
| GetSystemDefaultLangID | 0x0 | 0x4012d4 | 0x4dc94 | 0x4d094 | 0x26c |
| GetUserDefaultLangID | 0x0 | 0x4012d8 | 0x4dc98 | 0x4d098 | 0x29c |
| GetDateFormatW | 0x0 | 0x4012dc | 0x4dc9c | 0x4d09c | 0x1c8 |
| GetSystemTime | 0x0 | 0x4012e0 | 0x4dca0 | 0x4d0a0 | 0x277 |
| LoadLibraryW | 0x0 | 0x4012e4 | 0x4dca4 | 0x4d0a4 | 0x33f |
| InterlockedCompareExchange | 0x0 | 0x4012e8 | 0x4dca8 | 0x4d0a8 | 0x2e9 |
| GetExitCodeThread | 0x0 | 0x4012ec | 0x4dcac | 0x4d0ac | 0x1e0 |
| CreateThread | 0x0 | 0x4012f0 | 0x4dcb0 | 0x4d0b0 | 0xb5 |
| SetEvent | 0x0 | 0x4012f4 | 0x4dcb4 | 0x4d0b4 | 0x459 |
| WaitForMultipleObjects | 0x0 | 0x4012f8 | 0x4dcb8 | 0x4d0b8 | 0x4f7 |
| CreateEventW | 0x0 | 0x4012fc | 0x4dcbc | 0x4d0bc | 0x85 |
| ProcessIdToSessionId | 0x0 | 0x401300 | 0x4dcc0 | 0x4d0c0 | 0x399 |
| SetFileAttributesW | 0x0 | 0x401304 | 0x4dcc4 | 0x4d0c4 | 0x461 |
| FindClose | 0x0 | 0x401308 | 0x4dcc8 | 0x4d0c8 | 0x12e |
| FindNextFileW | 0x0 | 0x40130c | 0x4dccc | 0x4d0cc | 0x145 |
| FindFirstFileW | 0x0 | 0x401310 | 0x4dcd0 | 0x4d0d0 | 0x139 |
| CreateProcessW | 0x0 | 0x401314 | 0x4dcd4 | 0x4d0d4 | 0xa8 |
| GetExitCodeProcess | 0x0 | 0x401318 | 0x4dcd8 | 0x4d0d8 | 0x1df |
| SetThreadExecutionState | 0x0 | 0x40131c | 0x4dcdc | 0x4d0dc | 0x493 |
| FlushFileBuffers | 0x0 | 0x401320 | 0x4dce0 | 0x4d0e0 | 0x157 |
msi.dll (19)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| (by ordinal) | 0xab | 0x401404 | 0x4ddc4 | 0x4d1c4 | - |
| (by ordinal) | 0x2d | 0x401408 | 0x4ddc8 | 0x4d1c8 | - |
| (by ordinal) | 0x89 | 0x40140c | 0x4ddcc | 0x4d1cc | - |
| (by ordinal) | 0x7d | 0x401410 | 0x4ddd0 | 0x4d1d0 | - |
| (by ordinal) | 0x11 | 0x401414 | 0x4ddd4 | 0x4d1d4 | - |
| (by ordinal) | 0x8 | 0x401418 | 0x4ddd8 | 0x4d1d8 | - |
| (by ordinal) | 0x8d | 0x40141c | 0x4dddc | 0x4d1dc | - |
| (by ordinal) | 0xee | 0x401420 | 0x4dde0 | 0x4d1e0 | - |
| (by ordinal) | 0xbe | 0x401424 | 0x4dde4 | 0x4d1e4 | - |
| (by ordinal) | 0x58 | 0x401428 | 0x4dde8 | 0x4d1e8 | - |
| (by ordinal) | 0x5a | 0x40142c | 0x4ddec | 0x4d1ec | - |
| (by ordinal) | 0xad | 0x401430 | 0x4ddf0 | 0x4d1f0 | - |
| (by ordinal) | 0x6f | 0x401434 | 0x4ddf4 | 0x4d1f4 | - |
| (by ordinal) | 0x46 | 0x401438 | 0x4ddf8 | 0x4d1f8 | - |
| (by ordinal) | 0xa9 | 0x40143c | 0x4ddfc | 0x4d1fc | - |
| (by ordinal) | 0x76 | 0x401440 | 0x4de00 | 0x4d200 | - |
| (by ordinal) | 0x73 | 0x401444 | 0x4de04 | 0x4d204 | - |
| (by ordinal) | 0x74 | 0x401448 | 0x4de08 | 0x4d208 | - |
| (by ordinal) | 0xcd | 0x40144c | 0x4de0c | 0x4d20c | - |
SHELL32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SHGetFolderPathW | 0x0 | 0x401344 | 0x4dd04 | 0x4d104 | 0xc3 |
| ShellExecuteExW | 0x0 | 0x401348 | 0x4dd08 | 0x4d108 | 0x121 |
| CommandLineToArgvW | 0x0 | 0x40134c | 0x4dd0c | 0x4d10c | 0x6 |
RPCRT4.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| UuidCreate | 0x0 | 0x40133c | 0x4dcfc | 0x4d0fc | 0x1fb |
WININET.dll (11)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| HttpQueryInfoW | 0x0 | 0x4013c0 | 0x4dd80 | 0x4d180 | 0x5a |
| InternetCrackUrlW | 0x0 | 0x4013c4 | 0x4dd84 | 0x4d184 | 0x74 |
| InternetSetOptionW | 0x0 | 0x4013c8 | 0x4dd88 | 0x4d188 | 0xaf |
| InternetConnectW | 0x0 | 0x4013cc | 0x4dd8c | 0x4d18c | 0x72 |
| InternetCloseHandle | 0x0 | 0x4013d0 | 0x4dd90 | 0x4d190 | 0x6b |
| InternetOpenW | 0x0 | 0x4013d4 | 0x4dd94 | 0x4d194 | 0x9a |
| HttpAddRequestHeadersW | 0x0 | 0x4013d8 | 0x4dd98 | 0x4d198 | 0x53 |
| HttpOpenRequestW | 0x0 | 0x4013dc | 0x4dd9c | 0x4d19c | 0x58 |
| InternetErrorDlg | 0x0 | 0x4013e0 | 0x4dda0 | 0x4d1a0 | 0x7c |
| InternetReadFile | 0x0 | 0x4013e4 | 0x4dda4 | 0x4d1a4 | 0x9f |
| HttpSendRequestW | 0x0 | 0x4013e8 | 0x4dda8 | 0x4d1a8 | 0x5e |
WINTRUST.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WinVerifyTrust | 0x0 | 0x4013f0 | 0x4ddb0 | 0x4d1b0 | 0x73 |
| WTHelperGetProvSignerFromChain | 0x0 | 0x4013f4 | 0x4ddb4 | 0x4d1b4 | 0x59 |
| WTHelperProvDataFromStateData | 0x0 | 0x4013f8 | 0x4ddb8 | 0x4d1b8 | 0x5c |
| CryptCATAdminCalcHashFromFileHandle | 0x0 | 0x4013fc | 0x4ddbc | 0x4d1bc | 0x4 |
CRYPT32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CertGetCertificateContextProperty | 0x0 | 0x4010a8 | 0x4da68 | 0x4ce68 | 0x46 |
| CryptHashPublicKeyInfo | 0x0 | 0x4010ac | 0x4da6c | 0x4ce6c | 0xa1 |
GDI32.dll (6)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DeleteDC | 0x0 | 0x4010c4 | 0x4da84 | 0x4ce84 | 0xe3 |
| DeleteObject | 0x0 | 0x4010c8 | 0x4da88 | 0x4ce88 | 0xe6 |
| GetObjectW | 0x0 | 0x4010cc | 0x4da8c | 0x4ce8c | 0x1fd |
| CreateCompatibleDC | 0x0 | 0x4010d0 | 0x4da90 | 0x4ce90 | 0x30 |
| SelectObject | 0x0 | 0x4010d4 | 0x4da94 | 0x4ce94 | 0x277 |
| StretchBlt | 0x0 | 0x4010d8 | 0x4da98 | 0x4ce98 | 0x2b3 |
Cabinet.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| (by ordinal) | 0x17 | 0x4010b4 | 0x4da74 | 0x4ce74 | - |
| (by ordinal) | 0x16 | 0x4010b8 | 0x4da78 | 0x4ce78 | - |
| (by ordinal) | 0x14 | 0x4010bc | 0x4da7c | 0x4ce7c | - |
ADVAPI32.dll (41)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CryptAcquireContextW | 0x0 | 0x401000 | 0x4d9c0 | 0x4cdc0 | 0xb1 |
| CryptCreateHash | 0x0 | 0x401004 | 0x4d9c4 | 0x4cdc4 | 0xb3 |
| CryptHashData | 0x0 | 0x401008 | 0x4d9c8 | 0x4cdc8 | 0xc8 |
| CryptGetHashParam | 0x0 | 0x40100c | 0x4d9cc | 0x4cdcc | 0xc4 |
| CryptDestroyHash | 0x0 | 0x401010 | 0x4d9d0 | 0x4cdd0 | 0xb6 |
| CryptReleaseContext | 0x0 | 0x401014 | 0x4d9d4 | 0x4cdd4 | 0xcb |
| SetNamedSecurityInfoW | 0x0 | 0x401018 | 0x4d9d8 | 0x4cdd8 | 0x2b1 |
| AllocateAndInitializeSid | 0x0 | 0x40101c | 0x4d9dc | 0x4cddc | 0x20 |
| CheckTokenMembership | 0x0 | 0x401020 | 0x4d9e0 | 0x4cde0 | 0x51 |
| RegDeleteKeyW | 0x0 | 0x401024 | 0x4d9e4 | 0x4cde4 | 0x244 |
| RegCreateKeyExW | 0x0 | 0x401028 | 0x4d9e8 | 0x4cde8 | 0x239 |
| RegEnumKeyExW | 0x0 | 0x40102c | 0x4d9ec | 0x4cdec | 0x24f |
| RegEnumValueW | 0x0 | 0x401030 | 0x4d9f0 | 0x4cdf0 | 0x252 |
| RegQueryInfoKeyW | 0x0 | 0x401034 | 0x4d9f4 | 0x4cdf4 | 0x268 |
| RegSetValueExW | 0x0 | 0x401038 | 0x4d9f8 | 0x4cdf8 | 0x27e |
| InitializeSecurityDescriptor | 0x0 | 0x40103c | 0x4d9fc | 0x4cdfc | 0x177 |
| SetEntriesInAclA | 0x0 | 0x401040 | 0x4da00 | 0x4ce00 | 0x2a5 |
| SetSecurityDescriptorOwner | 0x0 | 0x401044 | 0x4da04 | 0x4ce04 | 0x2b8 |
| SetSecurityDescriptorGroup | 0x0 | 0x401048 | 0x4da08 | 0x4ce08 | 0x2b7 |
| SetSecurityDescriptorDacl | 0x0 | 0x40104c | 0x4da0c | 0x4ce0c | 0x2b6 |
| RegOpenKeyExW | 0x0 | 0x401050 | 0x4da10 | 0x4ce10 | 0x261 |
| GetTokenInformation | 0x0 | 0x401054 | 0x4da14 | 0x4ce14 | 0x15a |
| OpenSCManagerW | 0x0 | 0x401058 | 0x4da18 | 0x4ce18 | 0x1f9 |
| OpenServiceW | 0x0 | 0x40105c | 0x4da1c | 0x4ce1c | 0x1fb |
| QueryServiceStatus | 0x0 | 0x401060 | 0x4da20 | 0x4ce20 | 0x228 |
| CloseServiceHandle | 0x0 | 0x401064 | 0x4da24 | 0x4ce24 | 0x57 |
| ChangeServiceConfigW | 0x0 | 0x401068 | 0x4da28 | 0x4ce28 | 0x50 |
| DecryptFileW | 0x0 | 0x40106c | 0x4da2c | 0x4ce2c | 0xd8 |
| SetEntriesInAclW | 0x0 | 0x401070 | 0x4da30 | 0x4ce30 | 0x2a6 |
| InitializeAcl | 0x0 | 0x401074 | 0x4da34 | 0x4ce34 | 0x176 |
| CreateWellKnownSid | 0x0 | 0x401078 | 0x4da38 | 0x4ce38 | 0x83 |
| InitiateSystemShutdownExW | 0x0 | 0x40107c | 0x4da3c | 0x4ce3c | 0x17d |
| GetUserNameW | 0x0 | 0x401080 | 0x4da40 | 0x4ce40 | 0x165 |
| RegQueryValueExW | 0x0 | 0x401084 | 0x4da44 | 0x4ce44 | 0x26e |
| RegDeleteValueW | 0x0 | 0x401088 | 0x4da48 | 0x4ce48 | 0x248 |
| RegCloseKey | 0x0 | 0x40108c | 0x4da4c | 0x4ce4c | 0x230 |
| ConvertStringSecurityDescriptorToSecurityDescriptorW | 0x0 | 0x401090 | 0x4da50 | 0x4ce50 | 0x72 |
| OpenProcessToken | 0x0 | 0x401094 | 0x4da54 | 0x4ce54 | 0x1f7 |
| LookupPrivilegeValueW | 0x0 | 0x401098 | 0x4da58 | 0x4ce58 | 0x197 |
| AdjustTokenPrivileges | 0x0 | 0x40109c | 0x4da5c | 0x4ce5c | 0x1f |
| QueryServiceConfigW | 0x0 | 0x4010a0 | 0x4da60 | 0x4ce60 | 0x224 |
OLEAUT32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SysFreeString | 0x6 | 0x401328 | 0x4dce8 | 0x4d0e8 | - |
| SysAllocString | 0x2 | 0x40132c | 0x4dcec | 0x4d0ec | - |
| VariantInit | 0x8 | 0x401330 | 0x4dcf0 | 0x4d0f0 | - |
| VariantClear | 0x9 | 0x401334 | 0x4dcf4 | 0x4d0f4 | - |
ole32.dll (8)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CLSIDFromProgID | 0x0 | 0x401454 | 0x4de14 | 0x4d214 | 0x6 |
| CoInitializeSecurity | 0x0 | 0x401458 | 0x4de18 | 0x4d218 | 0x40 |
| CoTaskMemFree | 0x0 | 0x40145c | 0x4de1c | 0x4d21c | 0x68 |
| CoCreateInstance | 0x0 | 0x401460 | 0x4de20 | 0x4d220 | 0x10 |
| CoInitialize | 0x0 | 0x401464 | 0x4de24 | 0x4d224 | 0x3e |
| CoInitializeEx | 0x0 | 0x401468 | 0x4de28 | 0x4d228 | 0x3f |
| CoUninitialize | 0x0 | 0x40146c | 0x4de2c | 0x4d22c | 0x6c |
| StringFromGUID2 | 0x0 | 0x401470 | 0x4de30 | 0x4d230 | 0x179 |
USER32.dll (22)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| LoadBitmapW | 0x0 | 0x401354 | 0x4dd14 | 0x4d114 | 0x1e7 |
| IsWindow | 0x0 | 0x401358 | 0x4dd18 | 0x4d118 | 0x1db |
| PostMessageW | 0x0 | 0x40135c | 0x4dd1c | 0x4d11c | 0x236 |
| PeekMessageW | 0x0 | 0x401360 | 0x4dd20 | 0x4d120 | 0x233 |
| GetMessageW | 0x0 | 0x401364 | 0x4dd24 | 0x4d124 | 0x15d |
| GetWindowLongW | 0x0 | 0x401368 | 0x4dd28 | 0x4d128 | 0x196 |
| SetWindowLongW | 0x0 | 0x40136c | 0x4dd2c | 0x4d12c | 0x2c4 |
| DefWindowProcW | 0x0 | 0x401370 | 0x4dd30 | 0x4d130 | 0x9c |
| UnregisterClassW | 0x0 | 0x401374 | 0x4dd34 | 0x4d134 | 0x306 |
| DispatchMessageW | 0x0 | 0x401378 | 0x4dd38 | 0x4d138 | 0xaf |
| TranslateMessage | 0x0 | 0x40137c | 0x4dd3c | 0x4d13c | 0x2fc |
| IsDialogMessageW | 0x0 | 0x401380 | 0x4dd40 | 0x4d140 | 0x1cd |
| CreateWindowExW | 0x0 | 0x401384 | 0x4dd44 | 0x4d144 | 0x6e |
| RegisterClassW | 0x0 | 0x401388 | 0x4dd48 | 0x4d148 | 0x24e |
| MsgWaitForMultipleObjects | 0x0 | 0x40138c | 0x4dd4c | 0x4d14c | 0x21c |
| LoadCursorW | 0x0 | 0x401390 | 0x4dd50 | 0x4d150 | 0x1eb |
| PostQuitMessage | 0x0 | 0x401394 | 0x4dd54 | 0x4d154 | 0x237 |
| GetCursorPos | 0x0 | 0x401398 | 0x4dd58 | 0x4d158 | 0x120 |
| MonitorFromPoint | 0x0 | 0x40139c | 0x4dd5c | 0x4d15c | 0x218 |
| GetMonitorInfoW | 0x0 | 0x4013a0 | 0x4dd60 | 0x4d160 | 0x15f |
| PostThreadMessageW | 0x0 | 0x4013a4 | 0x4dd64 | 0x4d164 | 0x239 |
| MessageBoxW | 0x0 | 0x4013a8 | 0x4dd68 | 0x4d168 | 0x215 |
VERSION.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetFileVersionInfoW | 0x0 | 0x4013b0 | 0x4dd70 | 0x4d170 | 0x6 |
| VerQueryValueW | 0x0 | 0x4013b4 | 0x4dd74 | 0x4d174 | 0xe |
| GetFileVersionInfoSizeW | 0x0 | 0x4013b8 | 0x4dd78 | 0x4d178 | 0x5 |
Icons (1)
»
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
| Issued by | Microsoft Corporation |
| Parent Certificate | Microsoft Code Signing PCA |
| Country Name | US |
| Valid From | 2013-01-24 22:33:39+00:00 |
| Valid Until | 2014-04-24 22:33:39+00:00 |
| Algorithm | sha1_rsa |
| Serial Number | 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0 |
| Thumbprint | 10 8E 2B A2 36 32 62 0C 42 7C 57 0B 6D 9D B5 1A C3 13 87 FE |
Certificate: Microsoft Code Signing PCA
»
| Issued by | Microsoft Code Signing PCA |
| Country Name | US |
| Valid From | 2010-08-31 22:19:32+00:00 |
| Valid Until | 2020-08-31 22:29:32+00:00 |
| Algorithm | sha1_rsa |
| Serial Number | 61 33 26 1A 00 00 00 00 00 31 |
| Thumbprint | 3C AF 9B A2 DB 55 70 CA F7 69 42 FF 99 10 1B 99 38 88 E2 57 |
| C:\588bce7c90097ed212\SetupUi.xsd.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\SetupUi.xsd (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 29.43 KB |
| MD5 |
93ab0c4ff11f5a3349bc3a49e2a32f2e
|
| SHA1 |
413c3ebbf13da223214e43469be6e39984204c47
|
| SHA256 |
4b20989542d4046662188f1a76945a3985e3c994baff5205943c85cb7766209d
|
| SSDeep |
384:zaKWf+13CpJoXXETy26hKaQUwPh7u7l7P7A70mW717u7WiW4WmPH88G2+s+N+5+P:zWG1/ET/chT+cxcW8G2P4oeTMW
|
| C:\588bce7c90097ed212\SetupUtility.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 93.85 KB |
| MD5 |
65f87f7142ef4b7c11ef69e738cdc02f
|
| SHA1 |
36ae8f994f6312fbed8028f8277bdd370a9f511d
|
| SHA256 |
d8ce96af9863080af28437271dcc521bfe2e3950228d090bc9d99f210d27e7db
|
| SSDeep |
1536:L+59IKI1N74oszIepIJqwlAno0dwRXPuY6zcVcE7OgkT9vs6M4raUZrH9rHUZ:L+59hI1NktIemJllRXGYRKEaVM4raUZI
|
| ImpHash |
078b06e0847d43fb8ab2abb08f781252
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x405eb6 |
| Size Of Code | 0x13000 |
| Size Of Initialized Data | 0x4c00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2010-03-18 11:22:28+00:00 |
Version Information (8)
»
| CompanyName | Microsoft Corporation |
| FileDescription | Microsoft .NET Framework 4 Setup |
| FileVersion | 4.0.30319.1 built by: RTMRel |
| InternalName | SetupUtility.exe |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | SetupUtility.exe |
| ProductName | Microsoft® .NET Framework 4 |
| ProductVersion | 4.0.30319.1 |
Sections (4)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x12edf | 0x13000 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.38 |
| .data | 0x414000 | 0x2ea0 | 0x1000 | 0x13400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.36 |
| .rsrc | 0x417000 | 0x3f8 | 0x400 | 0x14400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.32 |
| .reloc | 0x418000 | 0x1666 | 0x1800 | 0x14800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 4.19 |
Imports (5)
»
KERNEL32.dll (82)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetCommandLineW | 0x0 | 0x401000 | 0x13634 | 0x12a34 | 0x187 |
| lstrcmpiW | 0x0 | 0x401004 | 0x13638 | 0x12a38 | 0x545 |
| HeapSetInformation | 0x0 | 0x401008 | 0x1363c | 0x12a3c | 0x2d3 |
| LocalFree | 0x0 | 0x40100c | 0x13640 | 0x12a40 | 0x348 |
| GetTempPathW | 0x0 | 0x401010 | 0x13644 | 0x12a44 | 0x285 |
| CreateProcessW | 0x0 | 0x401014 | 0x13648 | 0x12a48 | 0xa8 |
| WaitForSingleObject | 0x0 | 0x401018 | 0x1364c | 0x12a4c | 0x4f9 |
| GetLastError | 0x0 | 0x40101c | 0x13650 | 0x12a50 | 0x202 |
| CloseHandle | 0x0 | 0x401020 | 0x13654 | 0x12a54 | 0x52 |
| ExpandEnvironmentStringsW | 0x0 | 0x401024 | 0x13658 | 0x12a58 | 0x11d |
| Sleep | 0x0 | 0x401028 | 0x1365c | 0x12a5c | 0x4b2 |
| Process32FirstW | 0x0 | 0x40102c | 0x13660 | 0x12a60 | 0x396 |
| Process32NextW | 0x0 | 0x401030 | 0x13664 | 0x12a64 | 0x398 |
| CreateToolhelp32Snapshot | 0x0 | 0x401034 | 0x13668 | 0x12a68 | 0xbe |
| GlobalAlloc | 0x0 | 0x401038 | 0x1366c | 0x12a6c | 0x2b3 |
| GetSystemDirectoryW | 0x0 | 0x40103c | 0x13670 | 0x12a70 | 0x270 |
| GlobalFree | 0x0 | 0x401040 | 0x13674 | 0x12a74 | 0x2ba |
| LoadLibraryW | 0x0 | 0x401044 | 0x13678 | 0x12a78 | 0x33f |
| GetProcAddress | 0x0 | 0x401048 | 0x1367c | 0x12a7c | 0x245 |
| MoveFileExW | 0x0 | 0x40104c | 0x13680 | 0x12a80 | 0x360 |
| GetFileAttributesW | 0x0 | 0x401050 | 0x13684 | 0x12a84 | 0x1ea |
| lstrlenW | 0x0 | 0x401054 | 0x13688 | 0x12a88 | 0x54e |
| GetWindowsDirectoryW | 0x0 | 0x401058 | 0x1368c | 0x12a8c | 0x2af |
| GetModuleHandleW | 0x0 | 0x40105c | 0x13690 | 0x12a90 | 0x218 |
| GetVersion | 0x0 | 0x401060 | 0x13694 | 0x12a94 | 0x2a2 |
| GetProcessHeap | 0x0 | 0x401064 | 0x13698 | 0x12a98 | 0x24a |
| SetEndOfFile | 0x0 | 0x401068 | 0x1369c | 0x12a9c | 0x453 |
| IsProcessorFeaturePresent | 0x0 | 0x40106c | 0x136a0 | 0x12aa0 | 0x304 |
| HeapReAlloc | 0x0 | 0x401070 | 0x136a4 | 0x12aa4 | 0x2d2 |
| GetStringTypeW | 0x0 | 0x401074 | 0x136a8 | 0x12aa8 | 0x269 |
| LCMapStringW | 0x0 | 0x401078 | 0x136ac | 0x12aac | 0x32d |
| SetStdHandle | 0x0 | 0x40107c | 0x136b0 | 0x12ab0 | 0x487 |
| SetFilePointer | 0x0 | 0x401080 | 0x136b4 | 0x12ab4 | 0x466 |
| GetStartupInfoW | 0x0 | 0x401084 | 0x136b8 | 0x12ab8 | 0x263 |
| GetLocalTime | 0x0 | 0x401088 | 0x136bc | 0x12abc | 0x203 |
| SetUnhandledExceptionFilter | 0x0 | 0x40108c | 0x136c0 | 0x12ac0 | 0x4a5 |
| ExitProcess | 0x0 | 0x401090 | 0x136c4 | 0x12ac4 | 0x119 |
| WriteFile | 0x0 | 0x401094 | 0x136c8 | 0x12ac8 | 0x525 |
| GetStdHandle | 0x0 | 0x401098 | 0x136cc | 0x12acc | 0x264 |
| GetModuleFileNameW | 0x0 | 0x40109c | 0x136d0 | 0x12ad0 | 0x214 |
| FreeEnvironmentStringsW | 0x0 | 0x4010a0 | 0x136d4 | 0x12ad4 | 0x161 |
| GetEnvironmentStringsW | 0x0 | 0x4010a4 | 0x136d8 | 0x12ad8 | 0x1da |
| SetHandleCount | 0x0 | 0x4010a8 | 0x136dc | 0x12adc | 0x46f |
| InitializeCriticalSectionAndSpinCount | 0x0 | 0x4010ac | 0x136e0 | 0x12ae0 | 0x2e3 |
| GetFileType | 0x0 | 0x4010b0 | 0x136e4 | 0x12ae4 | 0x1f3 |
| DeleteCriticalSection | 0x0 | 0x4010b4 | 0x136e8 | 0x12ae8 | 0xd1 |
| TlsAlloc | 0x0 | 0x4010b8 | 0x136ec | 0x12aec | 0x4c5 |
| TlsGetValue | 0x0 | 0x4010bc | 0x136f0 | 0x12af0 | 0x4c7 |
| TlsSetValue | 0x0 | 0x4010c0 | 0x136f4 | 0x12af4 | 0x4c8 |
| TlsFree | 0x0 | 0x4010c4 | 0x136f8 | 0x12af8 | 0x4c6 |
| InterlockedIncrement | 0x0 | 0x4010c8 | 0x136fc | 0x12afc | 0x2ef |
| SetLastError | 0x0 | 0x4010cc | 0x13700 | 0x12b00 | 0x473 |
| GetCurrentThreadId | 0x0 | 0x4010d0 | 0x13704 | 0x12b04 | 0x1c5 |
| InterlockedDecrement | 0x0 | 0x4010d4 | 0x13708 | 0x12b08 | 0x2eb |
| HeapCreate | 0x0 | 0x4010d8 | 0x1370c | 0x12b0c | 0x2cd |
| QueryPerformanceCounter | 0x0 | 0x4010dc | 0x13710 | 0x12b10 | 0x3a7 |
| GetTickCount | 0x0 | 0x4010e0 | 0x13714 | 0x12b14 | 0x293 |
| GetCurrentProcessId | 0x0 | 0x4010e4 | 0x13718 | 0x12b18 | 0x1c1 |
| GetSystemTimeAsFileTime | 0x0 | 0x4010e8 | 0x1371c | 0x12b1c | 0x279 |
| TerminateProcess | 0x0 | 0x4010ec | 0x13720 | 0x12b20 | 0x4c0 |
| GetCurrentProcess | 0x0 | 0x4010f0 | 0x13724 | 0x12b24 | 0x1c0 |
| UnhandledExceptionFilter | 0x0 | 0x4010f4 | 0x13728 | 0x12b28 | 0x4d3 |
| IsDebuggerPresent | 0x0 | 0x4010f8 | 0x1372c | 0x12b2c | 0x300 |
| HeapFree | 0x0 | 0x4010fc | 0x13730 | 0x12b30 | 0x2cf |
| HeapAlloc | 0x0 | 0x401100 | 0x13734 | 0x12b34 | 0x2cb |
| RaiseException | 0x0 | 0x401104 | 0x13738 | 0x12b38 | 0x3b1 |
| EnterCriticalSection | 0x0 | 0x401108 | 0x1373c | 0x12b3c | 0xee |
| LeaveCriticalSection | 0x0 | 0x40110c | 0x13740 | 0x12b40 | 0x339 |
| RtlUnwind | 0x0 | 0x401110 | 0x13744 | 0x12b44 | 0x418 |
| WideCharToMultiByte | 0x0 | 0x401114 | 0x13748 | 0x12b48 | 0x511 |
| GetConsoleCP | 0x0 | 0x401118 | 0x1374c | 0x12b4c | 0x19a |
| GetConsoleMode | 0x0 | 0x40111c | 0x13750 | 0x12b50 | 0x1ac |
| FlushFileBuffers | 0x0 | 0x401120 | 0x13754 | 0x12b54 | 0x157 |
| GetCPInfo | 0x0 | 0x401124 | 0x13758 | 0x12b58 | 0x172 |
| GetACP | 0x0 | 0x401128 | 0x1375c | 0x12b5c | 0x168 |
| GetOEMCP | 0x0 | 0x40112c | 0x13760 | 0x12b60 | 0x237 |
| IsValidCodePage | 0x0 | 0x401130 | 0x13764 | 0x12b64 | 0x30a |
| HeapSize | 0x0 | 0x401134 | 0x13768 | 0x12b68 | 0x2d4 |
| CreateFileW | 0x0 | 0x401138 | 0x1376c | 0x12b6c | 0x8f |
| MultiByteToWideChar | 0x0 | 0x40113c | 0x13770 | 0x12b70 | 0x367 |
| WriteConsoleW | 0x0 | 0x401140 | 0x13774 | 0x12b74 | 0x524 |
| ReadFile | 0x0 | 0x401144 | 0x13778 | 0x12b78 | 0x3c0 |
USER32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| MessageBoxW | 0x0 | 0x401154 | 0x13788 | 0x12b88 | 0x215 |
SHELL32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CommandLineToArgvW | 0x0 | 0x40114c | 0x13780 | 0x12b80 | 0x6 |
ole32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CoInitialize | 0x0 | 0x40116c | 0x137a0 | 0x12ba0 | 0x3e |
| CoUninitialize | 0x0 | 0x401170 | 0x137a4 | 0x12ba4 | 0x6c |
| CoCreateInstance | 0x0 | 0x401174 | 0x137a8 | 0x12ba8 | 0x10 |
VERSION.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetFileVersionInfoSizeW | 0x0 | 0x40115c | 0x13790 | 0x12b90 | 0x5 |
| VerQueryValueW | 0x0 | 0x401160 | 0x13794 | 0x12b94 | 0xe |
| GetFileVersionInfoW | 0x0 | 0x401164 | 0x13798 | 0x12b98 | 0x6 |
Exports (2)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| _DecodePointerInternal@4 | 0x5a8f | 0x1 |
| _EncodePointerInternal@4 | 0x5a6d | 0x2 |
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
| Issued by | Microsoft Corporation |
| Parent Certificate | Microsoft Code Signing PCA |
| Country Name | US |
| Valid From | 2009-12-07 22:40:29+00:00 |
| Valid Until | 2011-03-07 22:40:29+00:00 |
| Algorithm | sha1_rsa |
| Serial Number | 61 01 CF 3E 00 00 00 00 00 0F |
| Thumbprint | 96 17 09 4A 1C FB 59 AE 7C 1F 7D FD B6 73 9E 4E 7C 40 50 8F |
Certificate: Microsoft Code Signing PCA
»
| Issued by | Microsoft Code Signing PCA |
| Country Name | US |
| Valid From | 2007-08-22 22:31:02+00:00 |
| Valid Until | 2012-08-25 07:00:00+00:00 |
| Algorithm | sha1_rsa |
| Serial Number | 2E AB 11 DC 50 FF 5C 9D CB C0 |
| Thumbprint | 30 36 E3 B2 5B 88 A5 5B 86 FC 90 E6 E9 EA AD 50 81 44 51 66 |
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf (Modified File)
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf (Modified File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 182.47 KB |
| MD5 |
cf9fc500cf3327bdb8927ff8382fb902
|
| SHA1 |
1aabe40fb7e0db918cdae8ddfe7157fb8f373066
|
| SHA256 |
84e0b8e6c234d18f26114c1c3d927f407cc278631d73213033179e0511c19e02
|
| SSDeep |
3072:nLwils1MS60xwZODn/TJTHuX2T/5/dGc4uka2AtSyNLMDTJ5MtvVmbvx:nL/ls1b60zbJTuXa5McZd2At7mJ5Muzx
|
| C:\Program Files\Java\jre1.8.0_144\bin\jp2launcher.exe.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\jp2launcher.exe (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 109.58 KB |
| MD5 |
4c735a87bf0c3584b1acb4f190cd0852
|
| SHA1 |
c9ad475a03fd6e85311c9f6e241afe67a9bdec8c
|
| SHA256 |
0df628d8c37132254ebf2e16dfd763c259e36da038ea569fa964f7e58a5abcb6
|
| SSDeep |
3072:SleOEy2Po878kAUB79dvRo3brkO7nv3uR4:SeOE/Po87hp9dvynkOjv3X
|
| C:\Program Files\Java\jre1.8.0_144\bin\keytool.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 16.08 KB |
| MD5 |
622c769738fd4f13a4ffb3538b706ef0
|
| SHA1 |
08444d05eb9dd6432a9e942a869750b6434b8bd4
|
| SHA256 |
68c19dbccc15b6eddb970cdc4a50c03298ef314ace15a29d31ff2bdd2c88a192
|
| SSDeep |
192:2PfFyTnT5G8isjZIIKEfo5beeHUqVnYe+PjPriT0fwxyt1:afqNieKN5beeHBVnYPLr7X
|
| ImpHash |
2c43cda2243b5af72e180e8d1f09446d
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x14000141c |
| Size Of Code | 0x800 |
| Size Of Initialized Data | 0x1c00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2017-07-22 05:07:22+00:00 |
Version Information (9)
»
| CompanyName | Oracle Corporation |
| FileDescription | Java(TM) Platform SE binary |
| FileVersion | 8.0.1440.1 |
| Full Version | 1.8.0_144-b01 |
| InternalName | keytool |
| LegalCopyright | Copyright © 2017 |
| OriginalFilename | keytool.exe |
| ProductName | Java(TM) Platform SE 8 |
| ProductVersion | 8.0.1440.1 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x7e2 | 0x800 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.84 |
| .rdata | 0x140002000 | 0x802 | 0xa00 | 0xc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.81 |
| .data | 0x140003000 | 0xc8 | 0x200 | 0x1600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.99 |
| .pdata | 0x140004000 | 0xc0 | 0x200 | 0x1800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.56 |
| .rsrc | 0x140005000 | 0xa54 | 0xc00 | 0x1a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.25 |
| .reloc | 0x140006000 | 0x4a | 0x200 | 0x2600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.47 |
Imports (3)
»
jli.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| JLI_CmdToArgs | 0x0 | 0x140002120 | 0x2558 | 0x1158 | 0x0 |
| JLI_GetStdArgc | 0x0 | 0x140002128 | 0x2560 | 0x1160 | 0x1 |
| JLI_MemAlloc | 0x0 | 0x140002130 | 0x2568 | 0x1168 | 0x5 |
| JLI_GetStdArgs | 0x0 | 0x140002138 | 0x2570 | 0x1170 | 0x2 |
| JLI_Launch | 0x0 | 0x140002140 | 0x2578 | 0x1178 | 0x3 |
MSVCR100.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __getmainargs | 0x0 | 0x140002058 | 0x2490 | 0x1090 | 0x152 |
| __C_specific_handler | 0x0 | 0x140002060 | 0x2498 | 0x1098 | 0x11e |
| _XcptFilter | 0x0 | 0x140002068 | 0x24a0 | 0x10a0 | 0x11a |
| _exit | 0x0 | 0x140002070 | 0x24a8 | 0x10a8 | 0x200 |
| _cexit | 0x0 | 0x140002078 | 0x24b0 | 0x10b0 | 0x1b5 |
| exit | 0x0 | 0x140002080 | 0x24b8 | 0x10b8 | 0x548 |
| __initenv | 0x0 | 0x140002088 | 0x24c0 | 0x10c0 | 0x153 |
| _amsg_exit | 0x0 | 0x140002090 | 0x24c8 | 0x10c8 | 0x19e |
| _initterm_e | 0x0 | 0x140002098 | 0x24d0 | 0x10d0 | 0x287 |
| _configthreadlocale | 0x0 | 0x1400020a0 | 0x24d8 | 0x10d8 | 0x1c5 |
| __setusermatherr | 0x0 | 0x1400020a8 | 0x24e0 | 0x10e0 | 0x17c |
| _commode | 0x0 | 0x1400020b0 | 0x24e8 | 0x10e8 | 0x1c4 |
| _fmode | 0x0 | 0x1400020b8 | 0x24f0 | 0x10f0 | 0x21c |
| __set_app_type | 0x0 | 0x1400020c0 | 0x24f8 | 0x10f8 | 0x179 |
| ?terminate@@YAXXZ | 0x0 | 0x1400020c8 | 0x2500 | 0x1100 | 0x100 |
| _unlock | 0x0 | 0x1400020d0 | 0x2508 | 0x1108 | 0x45b |
| __dllonexit | 0x0 | 0x1400020d8 | 0x2510 | 0x1110 | 0x148 |
| _lock | 0x0 | 0x1400020e0 | 0x2518 | 0x1118 | 0x2f6 |
| _onexit | 0x0 | 0x1400020e8 | 0x2520 | 0x1120 | 0x39d |
| getenv | 0x0 | 0x1400020f0 | 0x2528 | 0x1128 | 0x573 |
| printf | 0x0 | 0x1400020f8 | 0x2530 | 0x1130 | 0x5b3 |
| __argc | 0x0 | 0x140002100 | 0x2538 | 0x1138 | 0x13d |
| __argv | 0x0 | 0x140002108 | 0x2540 | 0x1140 | 0x13e |
| _initterm | 0x0 | 0x140002110 | 0x2548 | 0x1148 | 0x286 |
KERNEL32.dll (10)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetSystemTimeAsFileTime | 0x0 | 0x140002000 | 0x2438 | 0x1038 | 0x280 |
| GetCurrentProcessId | 0x0 | 0x140002008 | 0x2440 | 0x1040 | 0x1c7 |
| GetCurrentThreadId | 0x0 | 0x140002010 | 0x2448 | 0x1048 | 0x1cb |
| GetTickCount | 0x0 | 0x140002018 | 0x2450 | 0x1050 | 0x29a |
| QueryPerformanceCounter | 0x0 | 0x140002020 | 0x2458 | 0x1058 | 0x3a9 |
| SetUnhandledExceptionFilter | 0x0 | 0x140002028 | 0x2460 | 0x1060 | 0x4b3 |
| EncodePointer | 0x0 | 0x140002030 | 0x2468 | 0x1068 | 0xee |
| Sleep | 0x0 | 0x140002038 | 0x2470 | 0x1070 | 0x4c0 |
| GetCommandLineA | 0x0 | 0x140002040 | 0x2478 | 0x1078 | 0x18c |
| DecodePointer | 0x0 | 0x140002048 | 0x2480 | 0x1080 | 0xcb |
Digital Signatures (2)
»
Certificate: Oracle America, Inc.
»
| Issued by | Oracle America, Inc. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2015-04-14 00:00:00+00:00 |
| Valid Until | 2018-04-13 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52 |
| Thumbprint | 3B 75 81 6D 15 A6 D8 F4 59 8E 9C F5 60 3F 18 39 EE 84 D7 3D |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00:00+00:00 |
| Valid Until | 2023-12-09 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\Program Files\Java\jre1.8.0_144\bin\keytool.exe.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\keytool.exe (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 16.08 KB |
| MD5 |
41d84342109b8fa75b5c63b7735d3b00
|
| SHA1 |
114150dc17a1543e37c0f69439e202401b1a6bf4
|
| SHA256 |
256dafdea68c3b3fdef493dee955998d5f3c94fff2db44f14d029c55e44ae231
|
| SSDeep |
192:R9QUKRCSU8ytqtw5IhhM1ceIIKEfo5beeHUqVnYe+PjPriT0fwxyt1:N3l8ytJIhhMOsKN5beeHBVnYPLr7X
|
| C:\588bce7c90097ed212\SetupUtility.exe.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\SetupUtility.exe (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 93.85 KB |
| MD5 |
97893bf3ffc198c496b6dbfd1bfa077a
|
| SHA1 |
f6d5d8f24d3639468cc386305747dbb5509d9001
|
| SHA256 |
cebcfe9569f0fb4171f5ed2811b99218719c11420edb1feb43d5d25f166522aa
|
| SSDeep |
1536:IM/+59IKI1N74oszIepIJqwlAno0dwRXPuY6zcVcE7OgkT9vs6M4raUZrH9rHUZ:IM/+59hI1NktIemJllRXGYRKEaVM4raN
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 84.09 KB |
| MD5 |
28520b92eeb8b33e9ae7673a10c3cd64
|
| SHA1 |
8c405031a930e2831d22ca84648339c7180aed7c
|
| SHA256 |
286e9915fdce3bc1c65665b9f62eab79e58275fe441fa8fde915d9557c4fb5d1
|
| SSDeep |
1536:L/ucYYEbptHwIToBaALeq9p/qqqEHk9JIx40zrdp9+4owckM3KyjO9zVIbF/AhN:j7YYEbptQMMLeL4H4JItzrdp9jc5KiC9
|
| ImpHash |
5816ad39efdb22916b53c6d1be6b2511
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x40b1d6 |
| Size Of Code | 0xae00 |
| Size Of Initialized Data | 0x8800 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2016-12-23 15:15:41+00:00 |
Version Information (8)
»
| CompanyName | Adobe Systems Incorporated |
| FileDescription | Eula display |
| FileVersion | 15.23.20053.211670 |
| InternalName | Eula.exe |
| LegalCopyright | Copyright 2010-2017 Adobe Systems Incorporated. All rights reserved. |
| OriginalFilename | Eula.exe |
| ProductName | EULA |
| ProductVersion | 15.23.20053.211670 |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0xac31 | 0xae00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.36 |
| .rdata | 0x40c000 | 0x4676 | 0x4800 | 0xb200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.56 |
| .data | 0x411000 | 0x167c | 0x1200 | 0xfa00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.83 |
| .rsrc | 0x413000 | 0x1318 | 0x1400 | 0x10c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.6 |
| .reloc | 0x415000 | 0x1340 | 0x1400 | 0x12000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.48 |
Imports (7)
»
KERNEL32.dll (54)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| LeaveCriticalSection | 0x0 | 0x40c03c | 0xf6e8 | 0xe8e8 | 0x3a2 |
| GetCurrentProcess | 0x0 | 0x40c040 | 0xf6ec | 0xe8ec | 0x209 |
| GetCurrentThreadId | 0x0 | 0x40c044 | 0xf6f0 | 0xe8f0 | 0x20e |
| FlushInstructionCache | 0x0 | 0x40c048 | 0xf6f4 | 0xe8f4 | 0x193 |
| LoadResource | 0x0 | 0x40c04c | 0xf6f8 | 0xe8f8 | 0x3ab |
| LockResource | 0x0 | 0x40c050 | 0xf6fc | 0xe8fc | 0x3bd |
| GlobalAlloc | 0x0 | 0x40c054 | 0xf700 | 0xe900 | 0x317 |
| GlobalLock | 0x0 | 0x40c058 | 0xf704 | 0xe904 | 0x322 |
| GlobalHandle | 0x0 | 0x40c05c | 0xf708 | 0xe908 | 0x321 |
| GlobalUnlock | 0x0 | 0x40c060 | 0xf70c | 0xe90c | 0x329 |
| GlobalFree | 0x0 | 0x40c064 | 0xf710 | 0xe910 | 0x31e |
| MulDiv | 0x0 | 0x40c068 | 0xf714 | 0xe914 | 0x3d0 |
| lstrcmpW | 0x0 | 0x40c06c | 0xf718 | 0xe918 | 0x5ff |
| lstrcpynW | 0x0 | 0x40c070 | 0xf71c | 0xe91c | 0x608 |
| lstrcpyW | 0x0 | 0x40c074 | 0xf720 | 0xe920 | 0x605 |
| lstrcatW | 0x0 | 0x40c078 | 0xf724 | 0xe924 | 0x5fc |
| lstrlenW | 0x0 | 0x40c07c | 0xf728 | 0xe928 | 0x60b |
| LoadLibraryA | 0x0 | 0x40c080 | 0xf72c | 0xe92c | 0x3a5 |
| FindResourceW | 0x0 | 0x40c084 | 0xf730 | 0xe930 | 0x189 |
| EnterCriticalSection | 0x0 | 0x40c088 | 0xf734 | 0xe934 | 0x125 |
| GetPrivateProfileStringW | 0x0 | 0x40c08c | 0xf738 | 0xe938 | 0x29a |
| CopyFileW | 0x0 | 0x40c090 | 0xf73c | 0xe93c | 0xa5 |
| MultiByteToWideChar | 0x0 | 0x40c094 | 0xf740 | 0xe940 | 0x3d1 |
| DecodePointer | 0x0 | 0x40c098 | 0xf744 | 0xe944 | 0xfe |
| GetCurrentProcessId | 0x0 | 0x40c09c | 0xf748 | 0xe948 | 0x20a |
| QueryPerformanceCounter | 0x0 | 0x40c0a0 | 0xf74c | 0xe94c | 0x42d |
| EncodePointer | 0x0 | 0x40c0a4 | 0xf750 | 0xe950 | 0x121 |
| VirtualFree | 0x0 | 0x40c0a8 | 0xf754 | 0xe954 | 0x59e |
| VirtualAlloc | 0x0 | 0x40c0ac | 0xf758 | 0xe958 | 0x59b |
| IsProcessorFeaturePresent | 0x0 | 0x40c0b0 | 0xf75c | 0xe95c | 0x36d |
| InterlockedPushEntrySList | 0x0 | 0x40c0b4 | 0xf760 | 0xe960 | 0x357 |
| InterlockedPopEntrySList | 0x0 | 0x40c0b8 | 0xf764 | 0xe964 | 0x356 |
| InitializeSListHead | 0x0 | 0x40c0bc | 0xf768 | 0xe968 | 0x34b |
| GetProcessHeap | 0x0 | 0x40c0c0 | 0xf76c | 0xe96c | 0x2a2 |
| HeapFree | 0x0 | 0x40c0c4 | 0xf770 | 0xe970 | 0x333 |
| HeapAlloc | 0x0 | 0x40c0c8 | 0xf774 | 0xe974 | 0x32f |
| OutputDebugStringW | 0x0 | 0x40c0cc | 0xf778 | 0xe978 | 0x3fa |
| IsDebuggerPresent | 0x0 | 0x40c0d0 | 0xf77c | 0xe97c | 0x367 |
| GetFullPathNameW | 0x0 | 0x40c0d4 | 0xf780 | 0xe980 | 0x249 |
| FindFirstFileW | 0x0 | 0x40c0d8 | 0xf784 | 0xe984 | 0x173 |
| FindClose | 0x0 | 0x40c0dc | 0xf788 | 0xe988 | 0x168 |
| LoadLibraryW | 0x0 | 0x40c0e0 | 0xf78c | 0xe98c | 0x3a8 |
| GetProcAddress | 0x0 | 0x40c0e4 | 0xf790 | 0xe990 | 0x29d |
| GetModuleHandleW | 0x0 | 0x40c0e8 | 0xf794 | 0xe994 | 0x267 |
| GetModuleHandleA | 0x0 | 0x40c0ec | 0xf798 | 0xe998 | 0x264 |
| GetModuleFileNameW | 0x0 | 0x40c0f0 | 0xf79c | 0xe99c | 0x263 |
| OutputDebugStringA | 0x0 | 0x40c0f4 | 0xf7a0 | 0xe9a0 | 0x3f9 |
| DeleteCriticalSection | 0x0 | 0x40c0f8 | 0xf7a4 | 0xe9a4 | 0x105 |
| InitializeCriticalSectionAndSpinCount | 0x0 | 0x40c0fc | 0xf7a8 | 0xe9a8 | 0x348 |
| SetLastError | 0x0 | 0x40c100 | 0xf7ac | 0xe9ac | 0x50b |
| GetLastError | 0x0 | 0x40c104 | 0xf7b0 | 0xe9b0 | 0x250 |
| RaiseException | 0x0 | 0x40c108 | 0xf7b4 | 0xe9b4 | 0x440 |
| GetPrivateProfileIntW | 0x0 | 0x40c10c | 0xf7b8 | 0xe9b8 | 0x294 |
| GetSystemTimeAsFileTime | 0x0 | 0x40c110 | 0xf7bc | 0xe9bc | 0x2d6 |
USER32.dll (54)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| UnregisterClassW | 0x0 | 0x40c210 | 0xf8bc | 0xeabc | 0x349 |
| RegisterWindowMessageW | 0x0 | 0x40c214 | 0xf8c0 | 0xeac0 | 0x2a3 |
| SendMessageW | 0x0 | 0x40c218 | 0xf8c4 | 0xeac4 | 0x2bc |
| DefWindowProcW | 0x0 | 0x40c21c | 0xf8c8 | 0xeac8 | 0xa1 |
| CallWindowProcW | 0x0 | 0x40c220 | 0xf8cc | 0xeacc | 0x1e |
| RegisterClassExW | 0x0 | 0x40c224 | 0xf8d0 | 0xead0 | 0x289 |
| GetClassInfoExW | 0x0 | 0x40c228 | 0xf8d4 | 0xead4 | 0x11e |
| CreateWindowExW | 0x0 | 0x40c22c | 0xf8d8 | 0xead8 | 0x71 |
| IsWindow | 0x0 | 0x40c230 | 0xf8dc | 0xeadc | 0x211 |
| IsChild | 0x0 | 0x40c234 | 0xf8e0 | 0xeae0 | 0x1fa |
| DestroyWindow | 0x0 | 0x40c238 | 0xf8e4 | 0xeae4 | 0xad |
| MoveWindow | 0x0 | 0x40c23c | 0xf8e8 | 0xeae8 | 0x253 |
| SetWindowPos | 0x0 | 0x40c240 | 0xf8ec | 0xeaec | 0x30f |
| EndDialog | 0x0 | 0x40c244 | 0xf8f0 | 0xeaf0 | 0xe7 |
| GetDlgItem | 0x0 | 0x40c248 | 0xf8f4 | 0xeaf4 | 0x13c |
| SetDlgItemTextW | 0x0 | 0x40c24c | 0xf8f8 | 0xeaf8 | 0x2d2 |
| GetDlgItemTextW | 0x0 | 0x40c250 | 0xf8fc | 0xeafc | 0x13f |
| SendDlgItemMessageW | 0x0 | 0x40c254 | 0xf900 | 0xeb00 | 0x2b3 |
| CharNextW | 0x0 | 0x40c258 | 0xf904 | 0xeb04 | 0x31 |
| SetFocus | 0x0 | 0x40c25c | 0xf908 | 0xeb08 | 0x2d4 |
| GetActiveWindow | 0x0 | 0x40c260 | 0xf90c | 0xeb0c | 0x10f |
| GetFocus | 0x0 | 0x40c264 | 0xf910 | 0xeb10 | 0x142 |
| SetCapture | 0x0 | 0x40c268 | 0xf914 | 0xeb14 | 0x2c0 |
| ReleaseCapture | 0x0 | 0x40c26c | 0xf918 | 0xeb18 | 0x2a4 |
| EnableWindow | 0x0 | 0x40c270 | 0xf91c | 0xeb1c | 0xe4 |
| IsWindowEnabled | 0x0 | 0x40c274 | 0xf920 | 0xeb20 | 0x212 |
| CreateAcceleratorTableW | 0x0 | 0x40c278 | 0xf924 | 0xeb24 | 0x5a |
| DestroyAcceleratorTable | 0x0 | 0x40c27c | 0xf928 | 0xeb28 | 0xa6 |
| GetSystemMetrics | 0x0 | 0x40c280 | 0xf92c | 0xeb2c | 0x1aa |
| MapDialogRect | 0x0 | 0x40c284 | 0xf930 | 0xeb30 | 0x23c |
| LoadCursorW | 0x0 | 0x40c288 | 0xf934 | 0xeb34 | 0x221 |
| GetWindow | 0x0 | 0x40c28c | 0xf938 | 0xeb38 | 0x1bb |
| GetClassNameW | 0x0 | 0x40c290 | 0xf93c | 0xeb3c | 0x123 |
| GetParent | 0x0 | 0x40c294 | 0xf940 | 0xeb40 | 0x17a |
| GetDesktopWindow | 0x0 | 0x40c298 | 0xf944 | 0xeb44 | 0x137 |
| SetWindowLongW | 0x0 | 0x40c29c | 0xf948 | 0xeb48 | 0x30d |
| GetWindowLongW | 0x0 | 0x40c2a0 | 0xf94c | 0xeb4c | 0x1c5 |
| FillRect | 0x0 | 0x40c2a4 | 0xf950 | 0xeb50 | 0x105 |
| GetSysColor | 0x0 | 0x40c2a8 | 0xf954 | 0xeb54 | 0x1a7 |
| ScreenToClient | 0x0 | 0x40c2ac | 0xf958 | 0xeb58 | 0x2ad |
| ClientToScreen | 0x0 | 0x40c2b0 | 0xf95c | 0xeb5c | 0x49 |
| SetWindowContextHelpId | 0x0 | 0x40c2b4 | 0xf960 | 0xeb60 | 0x309 |
| GetClientRect | 0x0 | 0x40c2b8 | 0xf964 | 0xeb64 | 0x125 |
| GetWindowTextLengthW | 0x0 | 0x40c2bc | 0xf968 | 0xeb68 | 0x1d1 |
| GetWindowTextW | 0x0 | 0x40c2c0 | 0xf96c | 0xeb6c | 0x1d2 |
| SetWindowTextW | 0x0 | 0x40c2c4 | 0xf970 | 0xeb70 | 0x314 |
| RedrawWindow | 0x0 | 0x40c2c8 | 0xf974 | 0xeb74 | 0x285 |
| InvalidateRgn | 0x0 | 0x40c2cc | 0xf978 | 0xeb78 | 0x1f0 |
| InvalidateRect | 0x0 | 0x40c2d0 | 0xf97c | 0xeb7c | 0x1ef |
| EndPaint | 0x0 | 0x40c2d4 | 0xf980 | 0xeb80 | 0xe9 |
| BeginPaint | 0x0 | 0x40c2d8 | 0xf984 | 0xeb84 | 0xe |
| ReleaseDC | 0x0 | 0x40c2dc | 0xf988 | 0xeb88 | 0x2a5 |
| GetDC | 0x0 | 0x40c2e0 | 0xf98c | 0xeb8c | 0x134 |
| DialogBoxIndirectParamW | 0x0 | 0x40c2e4 | 0xf990 | 0xeb90 | 0xb0 |
GDI32.dll (10)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DeleteDC | 0x0 | 0x40c010 | 0xf6bc | 0xe8bc | 0x10c |
| DeleteObject | 0x0 | 0x40c014 | 0xf6c0 | 0xe8c0 | 0x10f |
| CreateSolidBrush | 0x0 | 0x40c018 | 0xf6c4 | 0xe8c4 | 0x56 |
| SelectObject | 0x0 | 0x40c01c | 0xf6c8 | 0xe8c8 | 0x2d5 |
| GetObjectW | 0x0 | 0x40c020 | 0xf6cc | 0xe8cc | 0x229 |
| CreateCompatibleDC | 0x0 | 0x40c024 | 0xf6d0 | 0xe8d0 | 0x31 |
| CreateCompatibleBitmap | 0x0 | 0x40c028 | 0xf6d4 | 0xe8d4 | 0x30 |
| GetStockObject | 0x0 | 0x40c02c | 0xf6d8 | 0xe8d8 | 0x239 |
| GetDeviceCaps | 0x0 | 0x40c030 | 0xf6dc | 0xe8dc | 0x1f7 |
| BitBlt | 0x0 | 0x40c034 | 0xf6e0 | 0xe8e0 | 0x13 |
ADVAPI32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegCreateKeyExW | 0x0 | 0x40c000 | 0xf6ac | 0xe8ac | 0x25d |
| RegCloseKey | 0x0 | 0x40c004 | 0xf6b0 | 0xe8b0 | 0x254 |
| RegSetValueExW | 0x0 | 0x40c008 | 0xf6b4 | 0xe8b4 | 0x2a2 |
ole32.dll (13)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CreateStreamOnHGlobal | 0x0 | 0x40c2ec | 0xf998 | 0xeb98 | 0x9a |
| CoGetClassObject | 0x0 | 0x40c2f0 | 0xf99c | 0xeb9c | 0x33 |
| CoAddRefServerProcess | 0x0 | 0x40c2f4 | 0xf9a0 | 0xeba0 | 0x10 |
| CoReleaseServerProcess | 0x0 | 0x40c2f8 | 0xf9a4 | 0xeba4 | 0x6d |
| CoCreateInstance | 0x0 | 0x40c2fc | 0xf9a8 | 0xeba8 | 0x1a |
| CLSIDFromString | 0x0 | 0x40c300 | 0xf9ac | 0xebac | 0xc |
| CLSIDFromProgID | 0x0 | 0x40c304 | 0xf9b0 | 0xebb0 | 0xa |
| StringFromGUID2 | 0x0 | 0x40c308 | 0xf9b4 | 0xebb4 | 0x1ba |
| CoTaskMemAlloc | 0x0 | 0x40c30c | 0xf9b8 | 0xebb8 | 0x7a |
| CoTaskMemFree | 0x0 | 0x40c310 | 0xf9bc | 0xebbc | 0x7b |
| OleInitialize | 0x0 | 0x40c314 | 0xf9c0 | 0xebc0 | 0x161 |
| OleUninitialize | 0x0 | 0x40c318 | 0xf9c4 | 0xebc4 | 0x17e |
| OleLockRunning | 0x0 | 0x40c31c | 0xf9c8 | 0xebc8 | 0x16a |
OLEAUT32.dll (10)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| VariantInit | 0x8 | 0x40c1e4 | 0xf890 | 0xea90 | - |
| OleCreateFontIndirect | 0x1a4 | 0x40c1e8 | 0xf894 | 0xea94 | - |
| SysFreeString | 0x6 | 0x40c1ec | 0xf898 | 0xea98 | - |
| SysAllocString | 0x2 | 0x40c1f0 | 0xf89c | 0xea9c | - |
| SysAllocStringLen | 0x4 | 0x40c1f4 | 0xf8a0 | 0xeaa0 | - |
| SysStringLen | 0x7 | 0x40c1f8 | 0xf8a4 | 0xeaa4 | - |
| VariantClear | 0x9 | 0x40c1fc | 0xf8a8 | 0xeaa8 | - |
| LoadTypeLib | 0xa1 | 0x40c200 | 0xf8ac | 0xeaac | - |
| LoadRegTypeLib | 0xa2 | 0x40c204 | 0xf8b0 | 0xeab0 | - |
| DispCallFunc | 0x92 | 0x40c208 | 0xf8b4 | 0xeab4 | - |
MSVCR120.dll (50)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| _controlfp_s | 0x0 | 0x40c118 | 0xf7c4 | 0xe9c4 | 0x243 |
| _invoke_watson | 0x0 | 0x40c11c | 0xf7c8 | 0xe9c8 | 0x314 |
| __crtSetUnhandledExceptionFilter | 0x0 | 0x40c120 | 0xf7cc | 0xe9cc | 0x1a9 |
| __crtTerminateProcess | 0x0 | 0x40c124 | 0xf7d0 | 0xe9d0 | 0x1ab |
| __crtUnhandledException | 0x0 | 0x40c128 | 0xf7d4 | 0xe9d4 | 0x1ac |
| _crt_debugger_hook | 0x0 | 0x40c12c | 0xf7d8 | 0xe9d8 | 0x250 |
| _commode | 0x0 | 0x40c130 | 0xf7dc | 0xe9dc | 0x23f |
| _fmode | 0x0 | 0x40c134 | 0xf7e0 | 0xe9e0 | 0x2a2 |
| _wcmdln | 0x0 | 0x40c138 | 0xf7e4 | 0xe9e4 | 0x549 |
| _initterm | 0x0 | 0x40c13c | 0xf7e8 | 0xe9e8 | 0x30c |
| _initterm_e | 0x0 | 0x40c140 | 0xf7ec | 0xe9ec | 0x30d |
| __setusermatherr | 0x0 | 0x40c144 | 0xf7f0 | 0xe9f0 | 0x1f4 |
| _configthreadlocale | 0x0 | 0x40c148 | 0xf7f4 | 0xe9f4 | 0x240 |
| _cexit | 0x0 | 0x40c14c | 0xf7f8 | 0xe9f8 | 0x22f |
| _exit | 0x0 | 0x40c150 | 0xf7fc | 0xe9fc | 0x283 |
| exit | 0x0 | 0x40c154 | 0xf800 | 0xea00 | 0x64e |
| __set_app_type | 0x0 | 0x40c158 | 0xf804 | 0xea04 | 0x1f2 |
| __wgetmainargs | 0x0 | 0x40c15c | 0xf808 | 0xea08 | 0x208 |
| _amsg_exit | 0x0 | 0x40c160 | 0xf80c | 0xea0c | 0x217 |
| __crtGetShowWindowMode | 0x0 | 0x40c164 | 0xf810 | 0xea10 | 0x19d |
| _XcptFilter | 0x0 | 0x40c168 | 0xf814 | 0xea14 | 0x16b |
| ??1type_info@@UAE@XZ | 0x0 | 0x40c16c | 0xf818 | 0xea18 | 0x6f |
| _except_handler4_common | 0x0 | 0x40c170 | 0xf81c | 0xea1c | 0x27a |
| _onexit | 0x0 | 0x40c174 | 0xf820 | 0xea20 | 0x43a |
| __dllonexit | 0x0 | 0x40c178 | 0xf824 | 0xea24 | 0x1ae |
| _calloc_crt | 0x0 | 0x40c17c | 0xf828 | 0xea28 | 0x22e |
| _unlock | 0x0 | 0x40c180 | 0xf82c | 0xea2c | 0x504 |
| _lock | 0x0 | 0x40c184 | 0xf830 | 0xea30 | 0x394 |
| ?terminate@@YAXXZ | 0x0 | 0x40c188 | 0xf834 | 0xea34 | 0x135 |
| __CxxFrameHandler3 | 0x0 | 0x40c18c | 0xf838 | 0xea38 | 0x174 |
| _CxxThrowException | 0x0 | 0x40c190 | 0xf83c | 0xea3c | 0x158 |
| swprintf_s | 0x0 | 0x40c194 | 0xf840 | 0xea40 | 0x74f |
| wcsncpy_s | 0x0 | 0x40c198 | 0xf844 | 0xea44 | 0x78d |
| wcslen | 0x0 | 0x40c19c | 0xf848 | 0xea48 | 0x788 |
| wcscspn | 0x0 | 0x40c1a0 | 0xf84c | 0xea4c | 0x786 |
| wcscpy_s | 0x0 | 0x40c1a4 | 0xf850 | 0xea50 | 0x785 |
| strlen | 0x0 | 0x40c1a8 | 0xf854 | 0xea54 | 0x738 |
| memcpy_s | 0x0 | 0x40c1ac | 0xf858 | 0xea58 | 0x6e7 |
| memcmp | 0x0 | 0x40c1b0 | 0xf85c | 0xea5c | 0x6e5 |
| ??_U@YAPAXI@Z | 0x0 | 0x40c1b4 | 0xf860 | 0xea60 | 0x87 |
| _wtoi64 | 0x0 | 0x40c1b8 | 0xf864 | 0xea64 | 0x5cf |
| _wtoi | 0x0 | 0x40c1bc | 0xf868 | 0xea68 | 0x5ce |
| _recalloc | 0x0 | 0x40c1c0 | 0xf86c | 0xea6c | 0x455 |
| malloc | 0x0 | 0x40c1c4 | 0xf870 | 0xea70 | 0x6db |
| calloc | 0x0 | 0x40c1c8 | 0xf874 | 0xea74 | 0x5fe |
| ??2@YAPAXI@Z | 0x0 | 0x40c1cc | 0xf878 | 0xea78 | 0x70 |
| memset | 0x0 | 0x40c1d0 | 0xf87c | 0xea7c | 0x6ea |
| ??_V@YAXPAX@Z | 0x0 | 0x40c1d4 | 0xf880 | 0xea80 | 0x89 |
| free | 0x0 | 0x40c1d8 | 0xf884 | 0xea84 | 0x683 |
| ??3@YAXPAX@Z | 0x0 | 0x40c1dc | 0xf888 | 0xea88 | 0x72 |
Digital Signatures (2)
»
Certificate: Adobe Systems, Incorporated
»
| Issued by | Adobe Systems, Incorporated |
| Parent Certificate | Symantec Class 3 Extended Validation Code Signing CA - G2 |
| Country Name | US |
| Valid From | 2015-05-14 00:00:00+00:00 |
| Valid Until | 2017-05-07 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 10 FB 71 33 19 02 7F 3F 1F 1C 06 67 B3 C3 8C A9 |
| Thumbprint | 45 54 8B 92 B8 0C B7 9A 7C 62 8B 83 D9 DB A3 7B 9C 86 97 1D |
Certificate: Symantec Class 3 Extended Validation Code Signing CA - G2
»
| Issued by | Symantec Class 3 Extended Validation Code Signing CA - G2 |
| Country Name | US |
| Valid From | 2014-03-04 00:00:00+00:00 |
| Valid Until | 2024-03-03 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 19 1A 32 CB 75 9C 97 B8 CF AC 11 8D D5 12 7F 49 |
| Thumbprint | 5B 8F 88 C8 0A 73 D3 5F 76 CD 41 2A 9E 74 E9 16 59 4D FA 67 |
| C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab | Modified File | Unknown |
Unknown
|
...
|
»
| Mime Type | application/vnd.ms-cab-compressed |
| File Size | 5.53 MB |
| MD5 |
cff50d9a6bc034a8cb178ffbce67606a
|
| SHA1 |
0867d0c7366b62197b1777ac6ded21bfe6094e67
|
| SHA256 |
8b8c36bff03d00ebb60202737fe5d797bc9e15f1a1143db27428510b1a6461b2
|
| SSDeep |
98304:IBZuTlZAI+wyxiGoJLD8BgCoHeaSchw3wLe9n2AOQqhzX4Cr5RzAc2J2IdjePt:6ZQG1xsL2gPYgLaHknox+
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 84.09 KB |
| MD5 |
b1e3550576b52c9e57b184eb3eeb534e
|
| SHA1 |
b2351f6b09ac8d7e2233056cc3c1e0854cc633b1
|
| SHA256 |
0b4387179c982219dee779312df64d819b614d678876fe25c6a0f34f7ed0b30b
|
| SSDeep |
1536:Y2HIbScYYEbptHwIToBaALeq9p/qqqEHk9JIx40zrdp9+4owckM3KyjO9zVIbF/k:Y2obvYYEbptQMMLeL4H4JItzrdp9jc58
|
| C:\Program Files\Java\jre1.8.0_144\bin\kinit.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 16.08 KB |
| MD5 |
15764d06cad313e7d8ef3059c0f51ad5
|
| SHA1 |
2120b8ea7ee556981c9498eab1c7c43a12880b15
|
| SHA256 |
fbccf06c6e5f8a1c9682dc0fc59682821d77e17e133ebe6a8b80cf6e4f83844d
|
| SSDeep |
192:2JH9yTnT5XOiEjZIIKEfoTBLeeVUmnYe+PjPriT0fwm49NY1:QHSIi2KNTBLeeVjnYPLr7ZP
|
| ImpHash |
2c43cda2243b5af72e180e8d1f09446d
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x14000141c |
| Size Of Code | 0x800 |
| Size Of Initialized Data | 0x1c00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2017-07-22 05:07:23+00:00 |
Version Information (9)
»
| CompanyName | Oracle Corporation |
| FileDescription | Java(TM) Platform SE binary |
| FileVersion | 8.0.1440.1 |
| Full Version | 1.8.0_144-b01 |
| InternalName | kinit |
| LegalCopyright | Copyright © 2017 |
| OriginalFilename | kinit.exe |
| ProductName | Java(TM) Platform SE 8 |
| ProductVersion | 8.0.1440.1 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x7e2 | 0x800 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.84 |
| .rdata | 0x140002000 | 0x802 | 0xa00 | 0xc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.82 |
| .data | 0x140003000 | 0xc8 | 0x200 | 0x1600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.98 |
| .pdata | 0x140004000 | 0xc0 | 0x200 | 0x1800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.56 |
| .rsrc | 0x140005000 | 0xa48 | 0xc00 | 0x1a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.25 |
| .reloc | 0x140006000 | 0x4a | 0x200 | 0x2600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.47 |
Imports (3)
»
jli.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| JLI_CmdToArgs | 0x0 | 0x140002120 | 0x2558 | 0x1158 | 0x0 |
| JLI_GetStdArgc | 0x0 | 0x140002128 | 0x2560 | 0x1160 | 0x1 |
| JLI_MemAlloc | 0x0 | 0x140002130 | 0x2568 | 0x1168 | 0x5 |
| JLI_GetStdArgs | 0x0 | 0x140002138 | 0x2570 | 0x1170 | 0x2 |
| JLI_Launch | 0x0 | 0x140002140 | 0x2578 | 0x1178 | 0x3 |
MSVCR100.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __getmainargs | 0x0 | 0x140002058 | 0x2490 | 0x1090 | 0x152 |
| __C_specific_handler | 0x0 | 0x140002060 | 0x2498 | 0x1098 | 0x11e |
| _XcptFilter | 0x0 | 0x140002068 | 0x24a0 | 0x10a0 | 0x11a |
| _exit | 0x0 | 0x140002070 | 0x24a8 | 0x10a8 | 0x200 |
| _cexit | 0x0 | 0x140002078 | 0x24b0 | 0x10b0 | 0x1b5 |
| exit | 0x0 | 0x140002080 | 0x24b8 | 0x10b8 | 0x548 |
| __initenv | 0x0 | 0x140002088 | 0x24c0 | 0x10c0 | 0x153 |
| _amsg_exit | 0x0 | 0x140002090 | 0x24c8 | 0x10c8 | 0x19e |
| _initterm_e | 0x0 | 0x140002098 | 0x24d0 | 0x10d0 | 0x287 |
| _configthreadlocale | 0x0 | 0x1400020a0 | 0x24d8 | 0x10d8 | 0x1c5 |
| __setusermatherr | 0x0 | 0x1400020a8 | 0x24e0 | 0x10e0 | 0x17c |
| _commode | 0x0 | 0x1400020b0 | 0x24e8 | 0x10e8 | 0x1c4 |
| _fmode | 0x0 | 0x1400020b8 | 0x24f0 | 0x10f0 | 0x21c |
| __set_app_type | 0x0 | 0x1400020c0 | 0x24f8 | 0x10f8 | 0x179 |
| ?terminate@@YAXXZ | 0x0 | 0x1400020c8 | 0x2500 | 0x1100 | 0x100 |
| _unlock | 0x0 | 0x1400020d0 | 0x2508 | 0x1108 | 0x45b |
| __dllonexit | 0x0 | 0x1400020d8 | 0x2510 | 0x1110 | 0x148 |
| _lock | 0x0 | 0x1400020e0 | 0x2518 | 0x1118 | 0x2f6 |
| _onexit | 0x0 | 0x1400020e8 | 0x2520 | 0x1120 | 0x39d |
| getenv | 0x0 | 0x1400020f0 | 0x2528 | 0x1128 | 0x573 |
| printf | 0x0 | 0x1400020f8 | 0x2530 | 0x1130 | 0x5b3 |
| __argc | 0x0 | 0x140002100 | 0x2538 | 0x1138 | 0x13d |
| __argv | 0x0 | 0x140002108 | 0x2540 | 0x1140 | 0x13e |
| _initterm | 0x0 | 0x140002110 | 0x2548 | 0x1148 | 0x286 |
KERNEL32.dll (10)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetSystemTimeAsFileTime | 0x0 | 0x140002000 | 0x2438 | 0x1038 | 0x280 |
| GetCurrentProcessId | 0x0 | 0x140002008 | 0x2440 | 0x1040 | 0x1c7 |
| GetCurrentThreadId | 0x0 | 0x140002010 | 0x2448 | 0x1048 | 0x1cb |
| GetTickCount | 0x0 | 0x140002018 | 0x2450 | 0x1050 | 0x29a |
| QueryPerformanceCounter | 0x0 | 0x140002020 | 0x2458 | 0x1058 | 0x3a9 |
| SetUnhandledExceptionFilter | 0x0 | 0x140002028 | 0x2460 | 0x1060 | 0x4b3 |
| EncodePointer | 0x0 | 0x140002030 | 0x2468 | 0x1068 | 0xee |
| Sleep | 0x0 | 0x140002038 | 0x2470 | 0x1070 | 0x4c0 |
| GetCommandLineA | 0x0 | 0x140002040 | 0x2478 | 0x1078 | 0x18c |
| DecodePointer | 0x0 | 0x140002048 | 0x2480 | 0x1080 | 0xcb |
Digital Signatures (2)
»
Certificate: Oracle America, Inc.
»
| Issued by | Oracle America, Inc. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2015-04-14 00:00:00+00:00 |
| Valid Until | 2018-04-13 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52 |
| Thumbprint | 3B 75 81 6D 15 A6 D8 F4 59 8E 9C F5 60 3F 18 39 EE 84 D7 3D |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00:00+00:00 |
| Valid Until | 2023-12-09 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\Program Files\Java\jre1.8.0_144\bin\kinit.exe.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\kinit.exe (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 16.08 KB |
| MD5 |
5db5b08f8124458534b4850eacc54bb6
|
| SHA1 |
848726ae9d3ef9b7fd3a3b5067b1e8abaacb4966
|
| SHA256 |
c49ac4fdae4af43b7c9f850c33cc6fda56f81c12b437f702dd3878ca429dead1
|
| SSDeep |
384:/HrQuihTqXZOdsNB9CCKNTBLeeVjnYPLr7ZP:vrQuhjSfHKeZC7ZP
|
| C:\588bce7c90097ed212\Strings.xml | Modified File | Text |
Unknown
|
...
|
»
| Mime Type | text/xml |
| File Size | 13.77 KB |
| MD5 |
49fd034a216a923747413bd1d0548d30
|
| SHA1 |
5ee9e9643091133030db92f601d25d399ab339ab
|
| SHA256 |
f028d674c1f0b52a3d8ab2ed7f5dd8e5249aebcc652c65883078e9e44e4170a4
|
| SSDeep |
384:VqZo71GHY3vqaqMnYfHHVXIHjfBHwnwXCa+f:Vqr
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 345.59 KB |
| MD5 |
27420f2ee7712f28d41bf5a74ba7d80b
|
| SHA1 |
ce82ebf423eef4af7a9834ba4e23559fc5e112b8
|
| SHA256 |
3587507f3ba15242304a305741d80a8f0d22f3daa0247dc7fccfc5c26f0e1c7e
|
| SSDeep |
6144:g0RsrJ3n0dK2NP0RHx8D98WTBPW8fF8oABm1nKd:bqwKhHSDeWTRW8fdebd
|
| ImpHash |
e5590d6471363007a38f2e1479ccef7e
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x41da2d |
| Size Of Code | 0x38200 |
| Size Of Initialized Data | 0x1c800 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2016-10-28 07:53:26+00:00 |
Version Information (9)
»
| CompanyName | Adobe Systems Incorporated |
| FileDescription | LogTransport Application |
| FileVersion | 7.1.1.3403 |
| InternalName | LogTransport2 |
| LegalCopyright | Copyright 2008-15 Adobe Systems Incorporated. All rights reserved. |
| OriginalFilename | LogTransport2.exe |
| PrivateBuild | 7.1.1.3403 |
| ProductName | LogTransport Application |
| ProductVersion | 7.1.1.3403 |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x3806b | 0x38200 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.63 |
| .rdata | 0x43a000 | 0x115ec | 0x11600 | 0x38600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.48 |
| .data | 0x44c000 | 0x1f6c | 0x1c00 | 0x49c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.76 |
| .rsrc | 0x44e000 | 0x750 | 0x800 | 0x4b800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.05 |
| .reloc | 0x44f000 | 0x891a | 0x8a00 | 0x4c000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 3.63 |
Imports (9)
»
SHLWAPI.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| PathFileExistsW | 0x0 | 0x43a4a8 | 0x48d80 | 0x47380 | 0x4a |
| PathIsDirectoryW | 0x0 | 0x43a4ac | 0x48d84 | 0x47384 | 0x60 |
WININET.dll (12)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| InternetSetStatusCallbackW | 0x0 | 0x43a4bc | 0x48d94 | 0x47394 | 0xda |
| InternetSetOptionW | 0x0 | 0x43a4c0 | 0x48d98 | 0x47398 | 0xd5 |
| HttpSendRequestW | 0x0 | 0x43a4c4 | 0x48d9c | 0x4739c | 0x7c |
| InternetConnectW | 0x0 | 0x43a4c8 | 0x48da0 | 0x473a0 | 0x96 |
| InternetCloseHandle | 0x0 | 0x43a4cc | 0x48da4 | 0x473a4 | 0x8f |
| HttpOpenRequestW | 0x0 | 0x43a4d0 | 0x48da8 | 0x473a8 | 0x73 |
| HttpQueryInfoW | 0x0 | 0x43a4d4 | 0x48dac | 0x473ac | 0x78 |
| InternetReadFile | 0x0 | 0x43a4d8 | 0x48db0 | 0x473b0 | 0xc5 |
| InternetCrackUrlW | 0x0 | 0x43a4dc | 0x48db4 | 0x473b4 | 0x98 |
| InternetQueryDataAvailable | 0x0 | 0x43a4e0 | 0x48db8 | 0x473b8 | 0xc1 |
| InternetQueryOptionW | 0x0 | 0x43a4e4 | 0x48dbc | 0x473bc | 0xc4 |
| InternetOpenW | 0x0 | 0x43a4e8 | 0x48dc0 | 0x473c0 | 0xc0 |
KERNEL32.dll (61)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| MultiByteToWideChar | 0x0 | 0x43a018 | 0x488f0 | 0x46ef0 | 0x3ec |
| FindFirstFileW | 0x0 | 0x43a01c | 0x488f4 | 0x46ef4 | 0x18f |
| FreeLibrary | 0x0 | 0x43a020 | 0x488f8 | 0x46ef8 | 0x1b8 |
| CompareFileTime | 0x0 | 0x43a024 | 0x488fc | 0x46efc | 0xa3 |
| LoadLibraryW | 0x0 | 0x43a028 | 0x48900 | 0x46f00 | 0x3c3 |
| CopyFileW | 0x0 | 0x43a02c | 0x48904 | 0x46f04 | 0xb9 |
| GetVersionExW | 0x0 | 0x43a030 | 0x48908 | 0x46f08 | 0x323 |
| CreateFileW | 0x0 | 0x43a034 | 0x4890c | 0x46f0c | 0xd6 |
| GetProcAddress | 0x0 | 0x43a038 | 0x48910 | 0x46f10 | 0x2b5 |
| FindClose | 0x0 | 0x43a03c | 0x48914 | 0x46f14 | 0x184 |
| FindNextFileW | 0x0 | 0x43a040 | 0x48918 | 0x46f18 | 0x19b |
| GetFileTime | 0x0 | 0x43a044 | 0x4891c | 0x46f1c | 0x256 |
| GetFileAttributesExW | 0x0 | 0x43a048 | 0x48920 | 0x46f20 | 0x24b |
| CloseHandle | 0x0 | 0x43a04c | 0x48924 | 0x46f24 | 0x8e |
| FileTimeToLocalFileTime | 0x0 | 0x43a050 | 0x48928 | 0x46f28 | 0x178 |
| DeleteFileW | 0x0 | 0x43a054 | 0x4892c | 0x46f2c | 0x123 |
| WideCharToMultiByte | 0x0 | 0x43a058 | 0x48930 | 0x46f30 | 0x5dd |
| FindResourceW | 0x0 | 0x43a05c | 0x48934 | 0x46f34 | 0x1a4 |
| LoadResource | 0x0 | 0x43a060 | 0x48938 | 0x46f38 | 0x3c6 |
| SizeofResource | 0x0 | 0x43a064 | 0x4893c | 0x46f3c | 0x55e |
| LockResource | 0x0 | 0x43a068 | 0x48940 | 0x46f40 | 0x3d8 |
| GetLastError | 0x0 | 0x43a06c | 0x48944 | 0x46f44 | 0x26a |
| ReadFile | 0x0 | 0x43a070 | 0x48948 | 0x46f48 | 0x458 |
| GetModuleFileNameW | 0x0 | 0x43a074 | 0x4894c | 0x46f4c | 0x27d |
| Sleep | 0x0 | 0x43a078 | 0x48950 | 0x46f50 | 0x55f |
| GetCurrentProcess | 0x0 | 0x43a07c | 0x48954 | 0x46f54 | 0x223 |
| GetModuleHandleW | 0x0 | 0x43a080 | 0x48958 | 0x46f58 | 0x281 |
| HeapAlloc | 0x0 | 0x43a084 | 0x4895c | 0x46f5c | 0x34d |
| HeapFree | 0x0 | 0x43a088 | 0x48960 | 0x46f60 | 0x351 |
| GetProcessHeap | 0x0 | 0x43a08c | 0x48964 | 0x46f64 | 0x2ba |
| lstrlenW | 0x0 | 0x43a090 | 0x48968 | 0x46f68 | 0x61d |
| InterlockedIncrement | 0x0 | 0x43a094 | 0x4896c | 0x46f6c | 0x371 |
| InterlockedDecrement | 0x0 | 0x43a098 | 0x48970 | 0x46f70 | 0x36d |
| WaitForSingleObject | 0x0 | 0x43a09c | 0x48974 | 0x46f74 | 0x5bb |
| CreateMutexA | 0x0 | 0x43a0a0 | 0x48978 | 0x46f78 | 0xe2 |
| ReleaseMutex | 0x0 | 0x43a0a4 | 0x4897c | 0x46f7c | 0x497 |
| InterlockedExchange | 0x0 | 0x43a0a8 | 0x48980 | 0x46f80 | 0x36e |
| InterlockedCompareExchange | 0x0 | 0x43a0ac | 0x48984 | 0x46f84 | 0x36b |
| LoadLibraryA | 0x0 | 0x43a0b0 | 0x48988 | 0x46f88 | 0x3c0 |
| LCMapStringA | 0x0 | 0x43a0b4 | 0x4898c | 0x46f8c | 0x3af |
| GetUserDefaultLCID | 0x0 | 0x43a0b8 | 0x48990 | 0x46f90 | 0x31a |
| GetStringTypeExA | 0x0 | 0x43a0bc | 0x48994 | 0x46f94 | 0x2e0 |
| IsDebuggerPresent | 0x0 | 0x43a0c0 | 0x48998 | 0x46f98 | 0x383 |
| DecodePointer | 0x0 | 0x43a0c4 | 0x4899c | 0x46f9c | 0x117 |
| GetCurrentThreadId | 0x0 | 0x43a0c8 | 0x489a0 | 0x46fa0 | 0x228 |
| GetSystemTimeAsFileTime | 0x0 | 0x43a0cc | 0x489a4 | 0x46fa4 | 0x2f4 |
| GetTickCount64 | 0x0 | 0x43a0d0 | 0x489a8 | 0x46fa8 | 0x311 |
| RaiseException | 0x0 | 0x43a0d4 | 0x489ac | 0x46fac | 0x448 |
| EnterCriticalSection | 0x0 | 0x43a0d8 | 0x489b0 | 0x46fb0 | 0x140 |
| FindResourceExW | 0x0 | 0x43a0dc | 0x489b4 | 0x46fb4 | 0x1a3 |
| LeaveCriticalSection | 0x0 | 0x43a0e0 | 0x489b8 | 0x46fb8 | 0x3bd |
| FormatMessageA | 0x0 | 0x43a0e4 | 0x489bc | 0x46fbc | 0x1b3 |
| LocalFree | 0x0 | 0x43a0e8 | 0x489c0 | 0x46fc0 | 0x3cd |
| HeapSize | 0x0 | 0x43a0ec | 0x489c4 | 0x46fc4 | 0x356 |
| HeapReAlloc | 0x0 | 0x43a0f0 | 0x489c8 | 0x46fc8 | 0x354 |
| HeapDestroy | 0x0 | 0x43a0f4 | 0x489cc | 0x46fcc | 0x350 |
| DeleteCriticalSection | 0x0 | 0x43a0f8 | 0x489d0 | 0x46fd0 | 0x11e |
| InitializeCriticalSectionEx | 0x0 | 0x43a0fc | 0x489d4 | 0x46fd4 | 0x367 |
| IsProcessorFeaturePresent | 0x0 | 0x43a100 | 0x489d8 | 0x46fd8 | 0x388 |
| QueryPerformanceCounter | 0x0 | 0x43a104 | 0x489dc | 0x46fdc | 0x43c |
| EncodePointer | 0x0 | 0x43a108 | 0x489e0 | 0x46fe0 | 0x13c |
ADVAPI32.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegSetValueExW | 0x0 | 0x43a000 | 0x488d8 | 0x46ed8 | 0x2a6 |
| RegCloseKey | 0x0 | 0x43a004 | 0x488dc | 0x46edc | 0x258 |
| RegOpenKeyExW | 0x0 | 0x43a008 | 0x488e0 | 0x46ee0 | 0x289 |
| RegQueryValueExW | 0x0 | 0x43a00c | 0x488e4 | 0x46ee4 | 0x296 |
| GetUserNameW | 0x0 | 0x43a010 | 0x488e8 | 0x46ee8 | 0x17a |
SHELL32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SHFileOperationW | 0x0 | 0x43a498 | 0x48d70 | 0x47370 | 0xb1 |
| SHGetFolderPathW | 0x0 | 0x43a49c | 0x48d74 | 0x47374 | 0xcd |
| SHCreateDirectoryExW | 0x0 | 0x43a4a0 | 0x48d78 | 0x47378 | 0x91 |
ole32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CoTaskMemFree | 0x0 | 0x43a4f0 | 0x48dc8 | 0x473c8 | 0x79 |
| CoCreateGuid | 0x0 | 0x43a4f4 | 0x48dcc | 0x473cc | 0x18 |
MSVCP110.dll (121)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ?_BADOFF@std@@3_JB | 0x0 | 0x43a110 | 0x489e8 | 0x46fe8 | 0x1b2 |
| ?_Xbad_alloc@std@@YAXXZ | 0x0 | 0x43a114 | 0x489ec | 0x46fec | 0x2d7 |
| ?_Xout_of_range@std@@YAXPBD@Z | 0x0 | 0x43a118 | 0x489f0 | 0x46ff0 | 0x2db |
| ??1_Lockit@std@@QAE@XZ | 0x0 | 0x43a11c | 0x489f4 | 0x46ff4 | 0xa5 |
| ??0_Lockit@std@@QAE@H@Z | 0x0 | 0x43a120 | 0x489f8 | 0x46ff8 | 0x66 |
| ?_Xlength_error@std@@YAXPBD@Z | 0x0 | 0x43a124 | 0x489fc | 0x46ffc | 0x2da |
| ?uncaught_exception@std@@YA_NXZ | 0x0 | 0x43a128 | 0x48a00 | 0x47000 | 0x55c |
| ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ | 0x0 | 0x43a12c | 0x48a04 | 0x47004 | 0x1fb |
| ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z | 0x0 | 0x43a130 | 0x48a08 | 0x47008 | 0x1d0 |
| ?id@?$codecvt@DDH@std@@2V0locale@2@A | 0x0 | 0x43a134 | 0x48a0c | 0x4700c | 0x407 |
| ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z | 0x0 | 0x43a138 | 0x48a10 | 0x47010 | 0x51b |
| ?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z | 0x0 | 0x43a13c | 0x48a14 | 0x47014 | 0x1d9 |
| ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ | 0x0 | 0x43a140 | 0x48a18 | 0x47018 | 0x284 |
| ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z | 0x0 | 0x43a144 | 0x48a1c | 0x4701c | 0x572 |
| ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ | 0x0 | 0x43a148 | 0x48a20 | 0x47020 | 0x21c |
| ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ | 0x0 | 0x43a14c | 0x48a24 | 0x47024 | 0x3fe |
| ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ | 0x0 | 0x43a150 | 0x48a28 | 0x47028 | 0x2a |
| ?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z | 0x0 | 0x43a154 | 0x48a2c | 0x4702c | 0x564 |
| ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z | 0x0 | 0x43a158 | 0x48a30 | 0x47030 | 0x252 |
| ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z | 0x0 | 0x43a15c | 0x48a34 | 0x47034 | 0x15 |
| ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ | 0x0 | 0x43a160 | 0x48a38 | 0x47038 | 0x7 |
| ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ | 0x0 | 0x43a164 | 0x48a3c | 0x4703c | 0x28a |
| ?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ | 0x0 | 0x43a168 | 0x48a40 | 0x47040 | 0x20c |
| ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z | 0x0 | 0x43a16c | 0x48a44 | 0x47044 | 0x518 |
| ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ | 0x0 | 0x43a170 | 0x48a48 | 0x47048 | 0x4cf |
| ?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z | 0x0 | 0x43a174 | 0x48a4c | 0x4704c | 0x46f |
| ?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z | 0x0 | 0x43a178 | 0x48a50 | 0x47050 | 0x438 |
| ?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UAEXXZ | 0x0 | 0x43a17c | 0x48a54 | 0x47054 | 0x1a3 |
| ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ | 0x0 | 0x43a180 | 0x48a58 | 0x47058 | 0x81 |
| ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ | 0x0 | 0x43a184 | 0x48a5c | 0x4705c | 0x3a3 |
| ?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UAEXXZ | 0x0 | 0x43a188 | 0x48a60 | 0x47060 | 0x1a9 |
| ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ | 0x0 | 0x43a18c | 0x48a64 | 0x47064 | 0x84 |
| ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z | 0x0 | 0x43a190 | 0x48a68 | 0x47068 | 0x20 |
| ?_Syserror_map@std@@YAPBDH@Z | 0x0 | 0x43a194 | 0x48a6c | 0x4706c | 0x2be |
| ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z | 0x0 | 0x43a198 | 0x48a70 | 0x47070 | 0x4ff |
| ?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ | 0x0 | 0x43a19c | 0x48a74 | 0x47074 | 0x1a6 |
| ?_Add_vtordisp1@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ | 0x0 | 0x43a1a0 | 0x48a78 | 0x47078 | 0x1a0 |
| ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ | 0x0 | 0x43a1a4 | 0x48a7c | 0x4707c | 0x7b |
| ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z | 0x0 | 0x43a1a8 | 0x48a80 | 0x47080 | 0x587 |
| ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z | 0x0 | 0x43a1ac | 0x48a84 | 0x47084 | 0x584 |
| ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ | 0x0 | 0x43a1b0 | 0x48a88 | 0x47088 | 0x50f |
| ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ | 0x0 | 0x43a1b4 | 0x48a8c | 0x4708c | 0x512 |
| ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ | 0x0 | 0x43a1b8 | 0x48a90 | 0x47090 | 0x509 |
| ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ | 0x0 | 0x43a1bc | 0x48a94 | 0x47094 | 0x87 |
| ?always_noconv@codecvt_base@std@@QBE_NXZ | 0x0 | 0x43a1c0 | 0x48a98 | 0x47098 | 0x2e0 |
| ??Bid@locale@std@@QAEIXZ | 0x0 | 0x43a1c4 | 0x48a9c | 0x4709c | 0x130 |
| ?id@?$codecvt@_WDH@std@@2V0locale@2@A | 0x0 | 0x43a1c8 | 0x48aa0 | 0x470a0 | 0x409 |
| ?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ | 0x0 | 0x43a1cc | 0x48aa4 | 0x470a4 | 0x220 |
| ?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ | 0x0 | 0x43a1d0 | 0x48aa8 | 0x470a8 | 0x400 |
| ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ | 0x0 | 0x43a1d4 | 0x48aac | 0x470ac | 0x30 |
| ??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z | 0x0 | 0x43a1d8 | 0x48ab0 | 0x470b0 | 0x1d |
| ??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z | 0x0 | 0x43a1dc | 0x48ab4 | 0x470b4 | 0x26 |
| ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ | 0x0 | 0x43a1e0 | 0x48ab8 | 0x470b8 | 0xb |
| ?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z | 0x0 | 0x43a1e4 | 0x48abc | 0x470bc | 0x2ed |
| ?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ | 0x0 | 0x43a1e8 | 0x48ac0 | 0x470c0 | 0x28c |
| ?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z | 0x0 | 0x43a1ec | 0x48ac4 | 0x470c4 | 0x47d |
| ?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ | 0x0 | 0x43a1f0 | 0x48ac8 | 0x470c8 | 0x20e |
| ?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z | 0x0 | 0x43a1f4 | 0x48acc | 0x470cc | 0x3ab |
| ?tellg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE?AV?$fpos@H@2@XZ | 0x0 | 0x43a1f8 | 0x48ad0 | 0x470d0 | 0x542 |
| ?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_JH@Z | 0x0 | 0x43a1fc | 0x48ad4 | 0x470d4 | 0x4dd |
| ?_Add_vtordisp1@?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAEXXZ | 0x0 | 0x43a200 | 0x48ad8 | 0x470d8 | 0x1a5 |
| ??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ | 0x0 | 0x43a204 | 0x48adc | 0x470dc | 0x83 |
| ?_Add_vtordisp2@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAEXXZ | 0x0 | 0x43a208 | 0x48ae0 | 0x470e0 | 0x1ab |
| ??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ | 0x0 | 0x43a20c | 0x48ae4 | 0x470e4 | 0x86 |
| ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z | 0x0 | 0x43a210 | 0x48ae8 | 0x470e8 | 0x503 |
| ?_Add_vtordisp2@?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAEXXZ | 0x0 | 0x43a214 | 0x48aec | 0x470ec | 0x1a8 |
| ?_Add_vtordisp1@?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAEXXZ | 0x0 | 0x43a218 | 0x48af0 | 0x470f0 | 0x1a2 |
| ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ | 0x0 | 0x43a21c | 0x48af4 | 0x470f4 | 0x7d |
| ?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z | 0x0 | 0x43a220 | 0x48af8 | 0x470f8 | 0x436 |
| ?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ | 0x0 | 0x43a224 | 0x48afc | 0x470fc | 0x53c |
| ?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z | 0x0 | 0x43a228 | 0x48b00 | 0x47100 | 0x4f1 |
| ?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z | 0x0 | 0x43a22c | 0x48b04 | 0x47104 | 0x589 |
| ?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z | 0x0 | 0x43a230 | 0x48b08 | 0x47108 | 0x586 |
| ?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ | 0x0 | 0x43a234 | 0x48b0c | 0x4710c | 0x55b |
| ?_Winerror_map@std@@YAPBDH@Z | 0x0 | 0x43a238 | 0x48b10 | 0x47110 | 0x2d3 |
| ?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ | 0x0 | 0x43a23c | 0x48b14 | 0x47114 | 0x2cf |
| ?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ | 0x0 | 0x43a240 | 0x48b18 | 0x47118 | 0x268 |
| ??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ | 0x0 | 0x43a244 | 0x48b1c | 0x4711c | 0x89 |
| ?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z | 0x0 | 0x43a248 | 0x48b20 | 0x47120 | 0x1db |
| ?unshift@?$codecvt@_WDH@std@@QBEHAAHPAD1AAPAD@Z | 0x0 | 0x43a24c | 0x48b24 | 0x47124 | 0x566 |
| ?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z | 0x0 | 0x43a250 | 0x48b28 | 0x47128 | 0x471 |
| ?in@?$codecvt@_WDH@std@@QBEHAAHPBD1AAPBDPA_W3AAPA_W@Z | 0x0 | 0x43a254 | 0x48b2c | 0x4712c | 0x43a |
| ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A | 0x0 | 0x43a258 | 0x48b30 | 0x47130 | 0x2f7 |
| ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z | 0x0 | 0x43a25c | 0x48b34 | 0x47134 | 0x105 |
| ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z | 0x0 | 0x43a260 | 0x48b38 | 0x47138 | 0x38d |
| ?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z | 0x0 | 0x43a264 | 0x48b3c | 0x4713c | 0x1ce |
| ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z | 0x0 | 0x43a268 | 0x48b40 | 0x47140 | 0xfe |
| ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z | 0x0 | 0x43a26c | 0x48b44 | 0x47144 | 0xe |
| ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z | 0x0 | 0x43a270 | 0x48b48 | 0x47148 | 0x2e9 |
| ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ | 0x0 | 0x43a274 | 0x48b4c | 0x4714c | 0x7e |
| ?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z | 0x0 | 0x43a278 | 0x48b50 | 0x47150 | 0x3f8 |
| ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z | 0x0 | 0x43a27c | 0x48b54 | 0x47154 | 0x434 |
| ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ | 0x0 | 0x43a280 | 0x48b58 | 0x47158 | 0x53a |
| ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z | 0x0 | 0x43a284 | 0x48b5c | 0x4715c | 0x4ef |
| ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ | 0x0 | 0x43a288 | 0x48b60 | 0x47160 | 0x559 |
| ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ | 0x0 | 0x43a28c | 0x48b64 | 0x47164 | 0x2cd |
| ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ | 0x0 | 0x43a290 | 0x48b68 | 0x47168 | 0x266 |
| ?id@?$ctype@D@std@@2V0locale@2@A | 0x0 | 0x43a294 | 0x48b6c | 0x4716c | 0x40d |
| ?_Init@locale@std@@CAPAV_Locimp@12@_N@Z | 0x0 | 0x43a298 | 0x48b70 | 0x47170 | 0x234 |
| ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z | 0x0 | 0x43a29c | 0x48b74 | 0x47174 | 0x1dc |
| ?toupper@?$ctype@D@std@@QBEDD@Z | 0x0 | 0x43a2a0 | 0x48b78 | 0x47178 | 0x552 |
| ??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z | 0x0 | 0x43a2a4 | 0x48b7c | 0x4717c | 0x12 |
| ??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ | 0x0 | 0x43a2a8 | 0x48b80 | 0x47180 | 0x80 |
| ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z | 0x0 | 0x43a2ac | 0x48b84 | 0x47184 | 0x120 |
| ?id@?$numpunct@D@std@@2V0locale@2@A | 0x0 | 0x43a2b0 | 0x48b88 | 0x47188 | 0x425 |
| ?classic@locale@std@@SAABV12@XZ | 0x0 | 0x43a2b4 | 0x48b8c | 0x4718c | 0x2e7 |
| ??_7facet@locale@std@@6B@ | 0x0 | 0x43a2b8 | 0x48b90 | 0x47190 | 0x158 |
| ??_7_Facet_base@std@@6B@ | 0x0 | 0x43a2bc | 0x48b94 | 0x47194 | 0x153 |
| ?tolower@?$ctype@D@std@@QBEDD@Z | 0x0 | 0x43a2c0 | 0x48b98 | 0x47198 | 0x54c |
| ??1facet@locale@std@@MAE@XZ | 0x0 | 0x43a2c4 | 0x48b9c | 0x4719c | 0xad |
| ??0facet@locale@std@@IAE@I@Z | 0x0 | 0x43a2c8 | 0x48ba0 | 0x471a0 | 0x75 |
| ?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ | 0x0 | 0x43a2cc | 0x48ba4 | 0x471a4 | 0x1bf |
| ?_Incref@facet@locale@std@@UAEXXZ | 0x0 | 0x43a2d0 | 0x48ba8 | 0x471a8 | 0x219 |
| ?_Gettrue@_Locinfo@std@@QBEPBDXZ | 0x0 | 0x43a2d4 | 0x48bac | 0x471ac | 0x208 |
| ?_Getfalse@_Locinfo@std@@QBEPBDXZ | 0x0 | 0x43a2d8 | 0x48bb0 | 0x471b0 | 0x1f1 |
| ?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ | 0x0 | 0x43a2dc | 0x48bb4 | 0x471b4 | 0x202 |
| ?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ | 0x0 | 0x43a2e0 | 0x48bb8 | 0x471b8 | 0x1ee |
| ??1_Locinfo@std@@QAE@XZ | 0x0 | 0x43a2e4 | 0x48bbc | 0x471bc | 0xa4 |
| ??0_Locinfo@std@@QAE@PBD@Z | 0x0 | 0x43a2e8 | 0x48bc0 | 0x471c0 | 0x65 |
| ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z | 0x0 | 0x43a2ec | 0x48bc4 | 0x471c4 | 0xff |
| ?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ | 0x0 | 0x43a2f0 | 0x48bc8 | 0x471c8 | 0x511 |
MSVCR110.dll (103)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ?what@exception@std@@UBEPBDXZ | 0x0 | 0x43a2f8 | 0x48bd0 | 0x471d0 | 0x149 |
| ??1exception@std@@UAE@XZ | 0x0 | 0x43a2fc | 0x48bd4 | 0x471d4 | 0x6b |
| ??0exception@std@@QAE@ABQBD@Z | 0x0 | 0x43a300 | 0x48bd8 | 0x471d8 | 0x2b |
| ??0exception@std@@QAE@ABV01@@Z | 0x0 | 0x43a304 | 0x48bdc | 0x471dc | 0x2d |
| ??8type_info@@QBE_NABV0@@Z | 0x0 | 0x43a308 | 0x48be0 | 0x471e0 | 0x7c |
| memmove | 0x0 | 0x43a30c | 0x48be4 | 0x471e4 | 0x61a |
| memcmp | 0x0 | 0x43a310 | 0x48be8 | 0x471e8 | 0x617 |
| _unlock_file | 0x0 | 0x43a314 | 0x48bec | 0x471ec | 0x4d7 |
| strlen | 0x0 | 0x43a318 | 0x48bf0 | 0x471f0 | 0x649 |
| ungetc | 0x0 | 0x43a31c | 0x48bf4 | 0x471f4 | 0x668 |
| fgetpos | 0x0 | 0x43a320 | 0x48bf8 | 0x471f8 | 0x5c4 |
| _fseeki64 | 0x0 | 0x43a324 | 0x48bfc | 0x471fc | 0x298 |
| memchr | 0x0 | 0x43a328 | 0x48c00 | 0x47200 | 0x616 |
| fflush | 0x0 | 0x43a32c | 0x48c04 | 0x47204 | 0x5c2 |
| fgetc | 0x0 | 0x43a330 | 0x48c08 | 0x47208 | 0x5c3 |
| tolower | 0x0 | 0x43a334 | 0x48c0c | 0x4720c | 0x664 |
| fsetpos | 0x0 | 0x43a338 | 0x48c10 | 0x47210 | 0x5db |
| setvbuf | 0x0 | 0x43a33c | 0x48c14 | 0x47214 | 0x634 |
| memset | 0x0 | 0x43a340 | 0x48c18 | 0x47218 | 0x61c |
| _lock_file | 0x0 | 0x43a344 | 0x48c1c | 0x4721c | 0x36d |
| ??_V@YAXPAX@Z | 0x0 | 0x43a348 | 0x48c20 | 0x47220 | 0x8a |
| _purecall | 0x0 | 0x43a34c | 0x48c24 | 0x47224 | 0x421 |
| ??3@YAXPAX@Z | 0x0 | 0x43a350 | 0x48c28 | 0x47228 | 0x73 |
| memcpy_s | 0x0 | 0x43a354 | 0x48c2c | 0x4722c | 0x619 |
| fwrite | 0x0 | 0x43a358 | 0x48c30 | 0x47230 | 0x5df |
| fclose | 0x0 | 0x43a35c | 0x48c34 | 0x47234 | 0x5bf |
| ??2@YAPAXI@Z | 0x0 | 0x43a360 | 0x48c38 | 0x47238 | 0x71 |
| fputwc | 0x0 | 0x43a364 | 0x48c3c | 0x4723c | 0x5d0 |
| ungetwc | 0x0 | 0x43a368 | 0x48c40 | 0x47240 | 0x669 |
| wcslen | 0x0 | 0x43a36c | 0x48c44 | 0x47244 | 0x680 |
| fgetwc | 0x0 | 0x43a370 | 0x48c48 | 0x47248 | 0x5c6 |
| wcscmp | 0x0 | 0x43a374 | 0x48c4c | 0x4724c | 0x67a |
| memmove_s | 0x0 | 0x43a378 | 0x48c50 | 0x47250 | 0x61b |
| _vscwprintf | 0x0 | 0x43a37c | 0x48c54 | 0x47254 | 0x4f6 |
| wmemcpy_s | 0x0 | 0x43a380 | 0x48c58 | 0x47258 | 0x698 |
| wcsnlen | 0x0 | 0x43a384 | 0x48c5c | 0x4725c | 0x686 |
| vswprintf_s | 0x0 | 0x43a388 | 0x48c60 | 0x47260 | 0x672 |
| iswspace | 0x0 | 0x43a38c | 0x48c64 | 0x47264 | 0x600 |
| _wsopen_s | 0x0 | 0x43a390 | 0x48c68 | 0x47268 | 0x580 |
| _close | 0x0 | 0x43a394 | 0x48c6c | 0x4726c | 0x229 |
| _time32 | 0x0 | 0x43a398 | 0x48c70 | 0x47270 | 0x4b9 |
| strtok_s | 0x0 | 0x43a39c | 0x48c74 | 0x47274 | 0x656 |
| _getpid | 0x0 | 0x43a3a0 | 0x48c78 | 0x47278 | 0x2d2 |
| strftime | 0x0 | 0x43a3a4 | 0x48c7c | 0x4727c | 0x648 |
| _gmtime32_s | 0x0 | 0x43a3a8 | 0x48c80 | 0x47280 | 0x2de |
| pow | 0x0 | 0x43a3ac | 0x48c84 | 0x47284 | 0x61f |
| signal | 0x0 | 0x43a3b0 | 0x48c88 | 0x47288 | 0x635 |
| exit | 0x0 | 0x43a3b4 | 0x48c8c | 0x4728c | 0x5bc |
| sprintf_s | 0x0 | 0x43a3b8 | 0x48c90 | 0x47290 | 0x639 |
| sprintf | 0x0 | 0x43a3bc | 0x48c94 | 0x47294 | 0x638 |
| isspace | 0x0 | 0x43a3c0 | 0x48c98 | 0x47298 | 0x5f4 |
| atoi | 0x0 | 0x43a3c4 | 0x48c9c | 0x4729c | 0x5af |
| strtol | 0x0 | 0x43a3c8 | 0x48ca0 | 0x472a0 | 0x657 |
| ispunct | 0x0 | 0x43a3cc | 0x48ca4 | 0x472a4 | 0x5f3 |
| atol | 0x0 | 0x43a3d0 | 0x48ca8 | 0x472a8 | 0x5b0 |
| _localtime64 | 0x0 | 0x43a3d4 | 0x48cac | 0x472ac | 0x36a |
| _time64 | 0x0 | 0x43a3d8 | 0x48cb0 | 0x472b0 | 0x4ba |
| rand | 0x0 | 0x43a3dc | 0x48cb4 | 0x472b4 | 0x62a |
| srand | 0x0 | 0x43a3e0 | 0x48cb8 | 0x472b8 | 0x63b |
| ferror | 0x0 | 0x43a3e4 | 0x48cbc | 0x472bc | 0x5c1 |
| fread | 0x0 | 0x43a3e8 | 0x48cc0 | 0x472c0 | 0x5d2 |
| _errno | 0x0 | 0x43a3ec | 0x48cc4 | 0x472c4 | 0x25d |
| free | 0x0 | 0x43a3f0 | 0x48cc8 | 0x472c8 | 0x5d4 |
| malloc | 0x0 | 0x43a3f4 | 0x48ccc | 0x472cc | 0x60d |
| strerror | 0x0 | 0x43a3f8 | 0x48cd0 | 0x472d0 | 0x646 |
| ftell | 0x0 | 0x43a3fc | 0x48cd4 | 0x472d4 | 0x5dc |
| fprintf | 0x0 | 0x43a400 | 0x48cd8 | 0x472d8 | 0x5cc |
| _fdopen | 0x0 | 0x43a404 | 0x48cdc | 0x472dc | 0x26f |
| fopen | 0x0 | 0x43a408 | 0x48ce0 | 0x472e0 | 0x5ca |
| _lock | 0x0 | 0x43a40c | 0x48ce4 | 0x472e4 | 0x36c |
| _unlock | 0x0 | 0x43a410 | 0x48ce8 | 0x472e8 | 0x4d6 |
| _calloc_crt | 0x0 | 0x43a414 | 0x48cec | 0x472ec | 0x21b |
| __dllonexit | 0x0 | 0x43a418 | 0x48cf0 | 0x472f0 | 0x19c |
| _onexit | 0x0 | 0x43a41c | 0x48cf4 | 0x472f4 | 0x412 |
| ??1type_info@@UAE@XZ | 0x0 | 0x43a420 | 0x48cf8 | 0x472f8 | 0x70 |
| _crt_debugger_hook | 0x0 | 0x43a424 | 0x48cfc | 0x472fc | 0x23b |
| __crtUnhandledException | 0x0 | 0x43a428 | 0x48d00 | 0x47300 | 0x19a |
| __crtTerminateProcess | 0x0 | 0x43a42c | 0x48d04 | 0x47304 | 0x199 |
| _XcptFilter | 0x0 | 0x43a430 | 0x48d08 | 0x47308 | 0x16f |
| _amsg_exit | 0x0 | 0x43a434 | 0x48d0c | 0x4730c | 0x205 |
| __getmainargs | 0x0 | 0x43a438 | 0x48d10 | 0x47310 | 0x1a4 |
| __set_app_type | 0x0 | 0x43a43c | 0x48d14 | 0x47314 | 0x1e0 |
| _exit | 0x0 | 0x43a440 | 0x48d18 | 0x47318 | 0x269 |
| _cexit | 0x0 | 0x43a444 | 0x48d1c | 0x4731c | 0x21c |
| _configthreadlocale | 0x0 | 0x43a448 | 0x48d20 | 0x47320 | 0x22c |
| __setusermatherr | 0x0 | 0x43a44c | 0x48d24 | 0x47324 | 0x1e2 |
| _initterm_e | 0x0 | 0x43a450 | 0x48d28 | 0x47328 | 0x2ef |
| _initterm | 0x0 | 0x43a454 | 0x48d2c | 0x4732c | 0x2ee |
| __initenv | 0x0 | 0x43a458 | 0x48d30 | 0x47330 | 0x1a5 |
| _fmode | 0x0 | 0x43a45c | 0x48d34 | 0x47334 | 0x284 |
| _commode | 0x0 | 0x43a460 | 0x48d38 | 0x47338 | 0x22b |
| _except_handler4_common | 0x0 | 0x43a464 | 0x48d3c | 0x4733c | 0x260 |
| ?terminate@@YAXXZ | 0x0 | 0x43a468 | 0x48d40 | 0x47340 | 0x13b |
| __crtSetUnhandledExceptionFilter | 0x0 | 0x43a46c | 0x48d44 | 0x47344 | 0x198 |
| _invoke_watson | 0x0 | 0x43a470 | 0x48d48 | 0x47348 | 0x2f6 |
| _controlfp_s | 0x0 | 0x43a474 | 0x48d4c | 0x4734c | 0x22f |
| ??0bad_cast@std@@QAE@PBD@Z | 0x0 | 0x43a478 | 0x48d50 | 0x47350 | 0x1e |
| ??1bad_cast@std@@UAE@XZ | 0x0 | 0x43a47c | 0x48d54 | 0x47354 | 0x67 |
| fputc | 0x0 | 0x43a480 | 0x48d58 | 0x47358 | 0x5ce |
| memcpy | 0x0 | 0x43a484 | 0x48d5c | 0x4735c | 0x618 |
| _CxxThrowException | 0x0 | 0x43a488 | 0x48d60 | 0x47360 | 0x15d |
| __CxxFrameHandler3 | 0x0 | 0x43a48c | 0x48d64 | 0x47364 | 0x178 |
| ??0bad_cast@std@@QAE@ABV01@@Z | 0x0 | 0x43a490 | 0x48d68 | 0x47368 | 0x1d |
USER32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| LoadStringA | 0x0 | 0x43a4b4 | 0x48d8c | 0x4738c | 0x22e |
Digital Signatures (2)
»
Certificate: Adobe Systems, Incorporated
»
| Issued by | Adobe Systems, Incorporated |
| Parent Certificate | Symantec Class 3 Extended Validation Code Signing CA - G2 |
| Country Name | US |
| Valid From | 2015-05-14 00:00:00+00:00 |
| Valid Until | 2017-05-07 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 10 FB 71 33 19 02 7F 3F 1F 1C 06 67 B3 C3 8C A9 |
| Thumbprint | 45 54 8B 92 B8 0C B7 9A 7C 62 8B 83 D9 DB A3 7B 9C 86 97 1D |
Certificate: Symantec Class 3 Extended Validation Code Signing CA - G2
»
| Issued by | Symantec Class 3 Extended Validation Code Signing CA - G2 |
| Country Name | US |
| Valid From | 2014-03-04 00:00:00+00:00 |
| Valid Until | 2024-03-03 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 19 1A 32 CB 75 9C 97 B8 CF AC 11 8D D5 12 7F 49 |
| Thumbprint | 5B 8F 88 C8 0A 73 D3 5F 76 CD 41 2A 9E 74 E9 16 59 4D FA 67 |
| C:\Program Files\Java\jre1.8.0_144\bin\klist.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 16.08 KB |
| MD5 |
5628890a640c20ee86e4365bf8272c9a
|
| SHA1 |
1ea919d6af2db25e051f879e1b61bf7f0e8852e8
|
| SHA256 |
e47386cc460bdc58f927e11075d31321d669084093fc0379fd266eb786fe631c
|
| SSDeep |
192:2EH9yTnT5X0iKjZIIKEfoV1eeVUEnYe+PjPriT0fwts:5HSeiQKNV1eeVVnYPLr7P
|
| ImpHash |
2c43cda2243b5af72e180e8d1f09446d
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x14000141c |
| Size Of Code | 0x800 |
| Size Of Initialized Data | 0x1c00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2017-07-22 05:07:23+00:00 |
Version Information (9)
»
| CompanyName | Oracle Corporation |
| FileDescription | Java(TM) Platform SE binary |
| FileVersion | 8.0.1440.1 |
| Full Version | 1.8.0_144-b01 |
| InternalName | klist |
| LegalCopyright | Copyright © 2017 |
| OriginalFilename | klist.exe |
| ProductName | Java(TM) Platform SE 8 |
| ProductVersion | 8.0.1440.1 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x7e2 | 0x800 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.84 |
| .rdata | 0x140002000 | 0x802 | 0xa00 | 0xc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.82 |
| .data | 0x140003000 | 0xc8 | 0x200 | 0x1600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.98 |
| .pdata | 0x140004000 | 0xc0 | 0x200 | 0x1800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.56 |
| .rsrc | 0x140005000 | 0xa48 | 0xc00 | 0x1a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.25 |
| .reloc | 0x140006000 | 0x4a | 0x200 | 0x2600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.47 |
Imports (3)
»
jli.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| JLI_CmdToArgs | 0x0 | 0x140002120 | 0x2558 | 0x1158 | 0x0 |
| JLI_GetStdArgc | 0x0 | 0x140002128 | 0x2560 | 0x1160 | 0x1 |
| JLI_MemAlloc | 0x0 | 0x140002130 | 0x2568 | 0x1168 | 0x5 |
| JLI_GetStdArgs | 0x0 | 0x140002138 | 0x2570 | 0x1170 | 0x2 |
| JLI_Launch | 0x0 | 0x140002140 | 0x2578 | 0x1178 | 0x3 |
MSVCR100.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __getmainargs | 0x0 | 0x140002058 | 0x2490 | 0x1090 | 0x152 |
| __C_specific_handler | 0x0 | 0x140002060 | 0x2498 | 0x1098 | 0x11e |
| _XcptFilter | 0x0 | 0x140002068 | 0x24a0 | 0x10a0 | 0x11a |
| _exit | 0x0 | 0x140002070 | 0x24a8 | 0x10a8 | 0x200 |
| _cexit | 0x0 | 0x140002078 | 0x24b0 | 0x10b0 | 0x1b5 |
| exit | 0x0 | 0x140002080 | 0x24b8 | 0x10b8 | 0x548 |
| __initenv | 0x0 | 0x140002088 | 0x24c0 | 0x10c0 | 0x153 |
| _amsg_exit | 0x0 | 0x140002090 | 0x24c8 | 0x10c8 | 0x19e |
| _initterm_e | 0x0 | 0x140002098 | 0x24d0 | 0x10d0 | 0x287 |
| _configthreadlocale | 0x0 | 0x1400020a0 | 0x24d8 | 0x10d8 | 0x1c5 |
| __setusermatherr | 0x0 | 0x1400020a8 | 0x24e0 | 0x10e0 | 0x17c |
| _commode | 0x0 | 0x1400020b0 | 0x24e8 | 0x10e8 | 0x1c4 |
| _fmode | 0x0 | 0x1400020b8 | 0x24f0 | 0x10f0 | 0x21c |
| __set_app_type | 0x0 | 0x1400020c0 | 0x24f8 | 0x10f8 | 0x179 |
| ?terminate@@YAXXZ | 0x0 | 0x1400020c8 | 0x2500 | 0x1100 | 0x100 |
| _unlock | 0x0 | 0x1400020d0 | 0x2508 | 0x1108 | 0x45b |
| __dllonexit | 0x0 | 0x1400020d8 | 0x2510 | 0x1110 | 0x148 |
| _lock | 0x0 | 0x1400020e0 | 0x2518 | 0x1118 | 0x2f6 |
| _onexit | 0x0 | 0x1400020e8 | 0x2520 | 0x1120 | 0x39d |
| getenv | 0x0 | 0x1400020f0 | 0x2528 | 0x1128 | 0x573 |
| printf | 0x0 | 0x1400020f8 | 0x2530 | 0x1130 | 0x5b3 |
| __argc | 0x0 | 0x140002100 | 0x2538 | 0x1138 | 0x13d |
| __argv | 0x0 | 0x140002108 | 0x2540 | 0x1140 | 0x13e |
| _initterm | 0x0 | 0x140002110 | 0x2548 | 0x1148 | 0x286 |
KERNEL32.dll (10)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetSystemTimeAsFileTime | 0x0 | 0x140002000 | 0x2438 | 0x1038 | 0x280 |
| GetCurrentProcessId | 0x0 | 0x140002008 | 0x2440 | 0x1040 | 0x1c7 |
| GetCurrentThreadId | 0x0 | 0x140002010 | 0x2448 | 0x1048 | 0x1cb |
| GetTickCount | 0x0 | 0x140002018 | 0x2450 | 0x1050 | 0x29a |
| QueryPerformanceCounter | 0x0 | 0x140002020 | 0x2458 | 0x1058 | 0x3a9 |
| SetUnhandledExceptionFilter | 0x0 | 0x140002028 | 0x2460 | 0x1060 | 0x4b3 |
| EncodePointer | 0x0 | 0x140002030 | 0x2468 | 0x1068 | 0xee |
| Sleep | 0x0 | 0x140002038 | 0x2470 | 0x1070 | 0x4c0 |
| GetCommandLineA | 0x0 | 0x140002040 | 0x2478 | 0x1078 | 0x18c |
| DecodePointer | 0x0 | 0x140002048 | 0x2480 | 0x1080 | 0xcb |
Digital Signatures (2)
»
Certificate: Oracle America, Inc.
»
| Issued by | Oracle America, Inc. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2015-04-14 00:00:00+00:00 |
| Valid Until | 2018-04-13 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52 |
| Thumbprint | 3B 75 81 6D 15 A6 D8 F4 59 8E 9C F5 60 3F 18 39 EE 84 D7 3D |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00:00+00:00 |
| Valid Until | 2023-12-09 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 345.59 KB |
| MD5 |
7c268d22328b9a85f87007280243519b
|
| SHA1 |
d35cee9cd0d7ddfeb4fe49be8061018643a747a0
|
| SHA256 |
e9b954ed47c525eedd82b353193520d2cf9bd66de76770a2c728c71ad826517f
|
| SSDeep |
6144:WRsrJ3n0dK2NP0RHx8D98WTBPW8fF8oABm1nKd:WqwKhHSDeWTRW8fdebd
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf | Modified File |
Unknown
|
...
|
»
| Mime Type | application/pdf |
| File Size | 457.25 KB |
| MD5 |
1d264d9f157ea28b2313b934296d4ebb
|
| SHA1 |
2dae486868e8db46401113bd79e6a5de47940fb7
|
| SHA256 |
84b0969dd41a80626ead4bf49660461b044f35f09cd90715f0c1d673a95fd2d7
|
| SSDeep |
12288:YwvEbwosc3h+N8hcBk5/732yYLmAQktFgn/AURkOZo8KYCqt6YSAaEM+ZS3VO6sZ:YwkYnHN+/3H
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PDF Information
»
| Title | Signature Preview Mode Formal Representation |
| Subject | - |
| Author | Leonard Rosenthol |
| Creator | FrameMaker 7.2 |
| Keywords | - |
| Producer | Acrobat Distiller 8.0.0 (Windows) |
| Page Count | 1 |
| Encrypted |
|
| Create Time | 2010-09-21 15:27:53+00:00 |
| Modify Time | 2010-09-21 16:06:58+00:00 |
| C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 3.52 MB |
| MD5 |
736605d174a6696d4a1b65987b34d3fe
|
| SHA1 |
fc745b6fde048a7e85c0c6fb357f9f57e9e87814
|
| SHA256 |
67b6d1ddd501366384329ed1c21b675ca343c0621d7d33711902e9b99541e191
|
| SSDeep |
24576:sv2LphZeZvKErxJP6gPAqHoENunUsWwk48BJTQAkufl5W4oP/EG+X6w5AYawdGPV:svhJPjZALKLki4fd
|
| C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As |
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml (Modified File)
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml (Modified File) C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 21.59 KB |
| MD5 |
7d9c126696596d42076ec53605b0df6c
|
| SHA1 |
7d172e9804ddd7f923069571cb70831b40229585
|
| SHA256 |
239818c577e4a34eb7c23d4aa8f7b370825c4aca80a7e1992a65703a9cc8be3d
|
| SSDeep |
384:xSnlcsB2BzL/BZBJdZGyW0v6mm4P9+VN2SE3w7JLWraGbWpEa5YMr6PmHUT8:Yl0pZDdZGyW0v6mm4P9+VN2SE3w7JLWW
|
| C:\Program Files\Java\jre1.8.0_144\bin\ktab.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 16.08 KB |
| MD5 |
42375bd66993f4a1a40aa66c76b22cb1
|
| SHA1 |
3b73f860001189851bb07579d552feb4d624fe35
|
| SHA256 |
5a3c2aefd8385fe3350651e1d8852e9d907fd1afd245b8e9dd0e4bb2bbfbc1e9
|
| SSDeep |
192:2ZH9yTnT59DiXjZIIKEfop1ee5sU0nYe+PjPriT0fwkJ/:AHSziNKNp1ee2FnYPLr7R
|
| ImpHash |
2c43cda2243b5af72e180e8d1f09446d
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x14000141c |
| Size Of Code | 0x800 |
| Size Of Initialized Data | 0x1c00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2017-07-22 05:07:23+00:00 |
Version Information (9)
»
| CompanyName | Oracle Corporation |
| FileDescription | Java(TM) Platform SE binary |
| FileVersion | 8.0.1440.1 |
| Full Version | 1.8.0_144-b01 |
| InternalName | ktab |
| LegalCopyright | Copyright © 2017 |
| OriginalFilename | ktab.exe |
| ProductName | Java(TM) Platform SE 8 |
| ProductVersion | 8.0.1440.1 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x7e2 | 0x800 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.84 |
| .rdata | 0x140002000 | 0x802 | 0xa00 | 0xc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.81 |
| .data | 0x140003000 | 0xc8 | 0x200 | 0x1600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.98 |
| .pdata | 0x140004000 | 0xc0 | 0x200 | 0x1800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.56 |
| .rsrc | 0x140005000 | 0xa48 | 0xc00 | 0x1a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.25 |
| .reloc | 0x140006000 | 0x4a | 0x200 | 0x2600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.47 |
Imports (3)
»
jli.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| JLI_CmdToArgs | 0x0 | 0x140002120 | 0x2558 | 0x1158 | 0x0 |
| JLI_GetStdArgc | 0x0 | 0x140002128 | 0x2560 | 0x1160 | 0x1 |
| JLI_MemAlloc | 0x0 | 0x140002130 | 0x2568 | 0x1168 | 0x5 |
| JLI_GetStdArgs | 0x0 | 0x140002138 | 0x2570 | 0x1170 | 0x2 |
| JLI_Launch | 0x0 | 0x140002140 | 0x2578 | 0x1178 | 0x3 |
MSVCR100.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __getmainargs | 0x0 | 0x140002058 | 0x2490 | 0x1090 | 0x152 |
| __C_specific_handler | 0x0 | 0x140002060 | 0x2498 | 0x1098 | 0x11e |
| _XcptFilter | 0x0 | 0x140002068 | 0x24a0 | 0x10a0 | 0x11a |
| _exit | 0x0 | 0x140002070 | 0x24a8 | 0x10a8 | 0x200 |
| _cexit | 0x0 | 0x140002078 | 0x24b0 | 0x10b0 | 0x1b5 |
| exit | 0x0 | 0x140002080 | 0x24b8 | 0x10b8 | 0x548 |
| __initenv | 0x0 | 0x140002088 | 0x24c0 | 0x10c0 | 0x153 |
| _amsg_exit | 0x0 | 0x140002090 | 0x24c8 | 0x10c8 | 0x19e |
| _initterm_e | 0x0 | 0x140002098 | 0x24d0 | 0x10d0 | 0x287 |
| _configthreadlocale | 0x0 | 0x1400020a0 | 0x24d8 | 0x10d8 | 0x1c5 |
| __setusermatherr | 0x0 | 0x1400020a8 | 0x24e0 | 0x10e0 | 0x17c |
| _commode | 0x0 | 0x1400020b0 | 0x24e8 | 0x10e8 | 0x1c4 |
| _fmode | 0x0 | 0x1400020b8 | 0x24f0 | 0x10f0 | 0x21c |
| __set_app_type | 0x0 | 0x1400020c0 | 0x24f8 | 0x10f8 | 0x179 |
| ?terminate@@YAXXZ | 0x0 | 0x1400020c8 | 0x2500 | 0x1100 | 0x100 |
| _unlock | 0x0 | 0x1400020d0 | 0x2508 | 0x1108 | 0x45b |
| __dllonexit | 0x0 | 0x1400020d8 | 0x2510 | 0x1110 | 0x148 |
| _lock | 0x0 | 0x1400020e0 | 0x2518 | 0x1118 | 0x2f6 |
| _onexit | 0x0 | 0x1400020e8 | 0x2520 | 0x1120 | 0x39d |
| getenv | 0x0 | 0x1400020f0 | 0x2528 | 0x1128 | 0x573 |
| printf | 0x0 | 0x1400020f8 | 0x2530 | 0x1130 | 0x5b3 |
| __argc | 0x0 | 0x140002100 | 0x2538 | 0x1138 | 0x13d |
| __argv | 0x0 | 0x140002108 | 0x2540 | 0x1140 | 0x13e |
| _initterm | 0x0 | 0x140002110 | 0x2548 | 0x1148 | 0x286 |
KERNEL32.dll (10)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetSystemTimeAsFileTime | 0x0 | 0x140002000 | 0x2438 | 0x1038 | 0x280 |
| GetCurrentProcessId | 0x0 | 0x140002008 | 0x2440 | 0x1040 | 0x1c7 |
| GetCurrentThreadId | 0x0 | 0x140002010 | 0x2448 | 0x1048 | 0x1cb |
| GetTickCount | 0x0 | 0x140002018 | 0x2450 | 0x1050 | 0x29a |
| QueryPerformanceCounter | 0x0 | 0x140002020 | 0x2458 | 0x1058 | 0x3a9 |
| SetUnhandledExceptionFilter | 0x0 | 0x140002028 | 0x2460 | 0x1060 | 0x4b3 |
| EncodePointer | 0x0 | 0x140002030 | 0x2468 | 0x1068 | 0xee |
| Sleep | 0x0 | 0x140002038 | 0x2470 | 0x1070 | 0x4c0 |
| GetCommandLineA | 0x0 | 0x140002040 | 0x2478 | 0x1078 | 0x18c |
| DecodePointer | 0x0 | 0x140002048 | 0x2480 | 0x1080 | 0xcb |
Digital Signatures (2)
»
Certificate: Oracle America, Inc.
»
| Issued by | Oracle America, Inc. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2015-04-14 00:00:00+00:00 |
| Valid Until | 2018-04-13 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52 |
| Thumbprint | 3B 75 81 6D 15 A6 D8 F4 59 8E 9C F5 60 3F 18 39 EE 84 D7 3D |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00:00+00:00 |
| Valid Until | 2023-12-09 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\Program Files\Java\jre1.8.0_144\bin\ktab.exe | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\ktab.exe.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 16.08 KB |
| MD5 |
90881a001eea47cee04af9b42d620968
|
| SHA1 |
e07c9d773d99d461ac4f8efc7afbf85cb899a4e9
|
| SHA256 |
6e4163f28c1f99b9bb5c31a45f474591bb6424bcb313c751421d12140533c925
|
| SSDeep |
192:RZcao+Z7q1Sxe1BEGEpJDInIIKEfop1ee5sU0nYe+PjPriT0fwkJ/:3c7+Zsse1Ep+PKNp1ee2FnYPLr7R
|
| C:\Program Files\Java\jre1.8.0_144\bin\orbd.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 16.08 KB |
| MD5 |
b7659d9a068744aa350335a9368250cb
|
| SHA1 |
3de4426b85f248b2be6b44469187e75c254debfe
|
| SHA256 |
a89c0c09f0c752e1cf4bf4ae7cdb1b2bf122d931c681bda647faa4054afc2279
|
| SSDeep |
192:2Kvmg3lzGv9ideIKEfoUhee5IUrnYe+PjPriT0fwwlWv:P7y9idJKNUheeKinYPLr7S
|
| ImpHash |
2c43cda2243b5af72e180e8d1f09446d
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x140001420 |
| Size Of Code | 0x800 |
| Size Of Initialized Data | 0x1c00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2017-07-22 05:07:23+00:00 |
Version Information (9)
»
| CompanyName | Oracle Corporation |
| FileDescription | Java(TM) Platform SE binary |
| FileVersion | 8.0.1440.1 |
| Full Version | 1.8.0_144-b01 |
| InternalName | orbd |
| LegalCopyright | Copyright © 2017 |
| OriginalFilename | orbd.exe |
| ProductName | Java(TM) Platform SE 8 |
| ProductVersion | 8.0.1440.1 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x7e2 | 0x800 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.85 |
| .rdata | 0x140002000 | 0x882 | 0xa00 | 0xc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.1 |
| .data | 0x140003000 | 0xe0 | 0x200 | 0x1600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.17 |
| .pdata | 0x140004000 | 0xc0 | 0x200 | 0x1800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.59 |
| .rsrc | 0x140005000 | 0xa48 | 0xc00 | 0x1a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.25 |
| .reloc | 0x140006000 | 0x50 | 0x200 | 0x2600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.56 |
Imports (3)
»
jli.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| JLI_CmdToArgs | 0x0 | 0x140002120 | 0x25d8 | 0x11d8 | 0x0 |
| JLI_GetStdArgc | 0x0 | 0x140002128 | 0x25e0 | 0x11e0 | 0x1 |
| JLI_MemAlloc | 0x0 | 0x140002130 | 0x25e8 | 0x11e8 | 0x5 |
| JLI_GetStdArgs | 0x0 | 0x140002138 | 0x25f0 | 0x11f0 | 0x2 |
| JLI_Launch | 0x0 | 0x140002140 | 0x25f8 | 0x11f8 | 0x3 |
MSVCR100.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __getmainargs | 0x0 | 0x140002058 | 0x2510 | 0x1110 | 0x152 |
| __C_specific_handler | 0x0 | 0x140002060 | 0x2518 | 0x1118 | 0x11e |
| _XcptFilter | 0x0 | 0x140002068 | 0x2520 | 0x1120 | 0x11a |
| _exit | 0x0 | 0x140002070 | 0x2528 | 0x1128 | 0x200 |
| _cexit | 0x0 | 0x140002078 | 0x2530 | 0x1130 | 0x1b5 |
| exit | 0x0 | 0x140002080 | 0x2538 | 0x1138 | 0x548 |
| __initenv | 0x0 | 0x140002088 | 0x2540 | 0x1140 | 0x153 |
| _amsg_exit | 0x0 | 0x140002090 | 0x2548 | 0x1148 | 0x19e |
| _initterm_e | 0x0 | 0x140002098 | 0x2550 | 0x1150 | 0x287 |
| _configthreadlocale | 0x0 | 0x1400020a0 | 0x2558 | 0x1158 | 0x1c5 |
| __setusermatherr | 0x0 | 0x1400020a8 | 0x2560 | 0x1160 | 0x17c |
| _commode | 0x0 | 0x1400020b0 | 0x2568 | 0x1168 | 0x1c4 |
| _fmode | 0x0 | 0x1400020b8 | 0x2570 | 0x1170 | 0x21c |
| __set_app_type | 0x0 | 0x1400020c0 | 0x2578 | 0x1178 | 0x179 |
| ?terminate@@YAXXZ | 0x0 | 0x1400020c8 | 0x2580 | 0x1180 | 0x100 |
| _unlock | 0x0 | 0x1400020d0 | 0x2588 | 0x1188 | 0x45b |
| __dllonexit | 0x0 | 0x1400020d8 | 0x2590 | 0x1190 | 0x148 |
| _lock | 0x0 | 0x1400020e0 | 0x2598 | 0x1198 | 0x2f6 |
| _onexit | 0x0 | 0x1400020e8 | 0x25a0 | 0x11a0 | 0x39d |
| getenv | 0x0 | 0x1400020f0 | 0x25a8 | 0x11a8 | 0x573 |
| printf | 0x0 | 0x1400020f8 | 0x25b0 | 0x11b0 | 0x5b3 |
| __argc | 0x0 | 0x140002100 | 0x25b8 | 0x11b8 | 0x13d |
| __argv | 0x0 | 0x140002108 | 0x25c0 | 0x11c0 | 0x13e |
| _initterm | 0x0 | 0x140002110 | 0x25c8 | 0x11c8 | 0x286 |
KERNEL32.dll (10)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetSystemTimeAsFileTime | 0x0 | 0x140002000 | 0x24b8 | 0x10b8 | 0x280 |
| GetCurrentProcessId | 0x0 | 0x140002008 | 0x24c0 | 0x10c0 | 0x1c7 |
| GetCurrentThreadId | 0x0 | 0x140002010 | 0x24c8 | 0x10c8 | 0x1cb |
| GetTickCount | 0x0 | 0x140002018 | 0x24d0 | 0x10d0 | 0x29a |
| QueryPerformanceCounter | 0x0 | 0x140002020 | 0x24d8 | 0x10d8 | 0x3a9 |
| SetUnhandledExceptionFilter | 0x0 | 0x140002028 | 0x24e0 | 0x10e0 | 0x4b3 |
| EncodePointer | 0x0 | 0x140002030 | 0x24e8 | 0x10e8 | 0xee |
| Sleep | 0x0 | 0x140002038 | 0x24f0 | 0x10f0 | 0x4c0 |
| GetCommandLineA | 0x0 | 0x140002040 | 0x24f8 | 0x10f8 | 0x18c |
| DecodePointer | 0x0 | 0x140002048 | 0x2500 | 0x1100 | 0xcb |
Digital Signatures (2)
»
Certificate: Oracle America, Inc.
»
| Issued by | Oracle America, Inc. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2015-04-14 00:00:00+00:00 |
| Valid Until | 2018-04-13 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52 |
| Thumbprint | 3B 75 81 6D 15 A6 D8 F4 59 8E 9C F5 60 3F 18 39 EE 84 D7 3D |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00:00+00:00 |
| Valid Until | 2023-12-09 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\Program Files\Java\jre1.8.0_144\bin\orbd.exe.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\orbd.exe (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 16.08 KB |
| MD5 |
cef7616fc40b54dd9c6848544263ca1e
|
| SHA1 |
032df9c26ae5572ceb4b24637b9756f7cd32ee56
|
| SHA256 |
f1f871baf5d185ff3b049478fb78a6ddffc27d12bdd94705aff51f728d2b6e59
|
| SSDeep |
192:RWwRu1rSkxPOD5Stdz29IKEfoUhee5IUrnYe+PjPriT0fwwlWv:owY1rF9OotM6KNUheeKinYPLr7S
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 457.25 KB |
| MD5 |
cb615db54a0fc0f0a7a92d4f93d0df13
|
| SHA1 |
ce1c7839f6c454950bd093d1f98554486bef1b81
|
| SHA256 |
a409fad8696787261187d99bf42cedfe9132b60890143ac4ad6357973b119f8c
|
| SSDeep |
12288:dwvEbwosc3h+N8hcBk5/732yYLmAQktFgn/AURkOZo8KYCqt6YSAaEM+ZS3VO6sZ:dwkYnHN+/3H
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pmd.cer.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pmd.cer (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 432 bytes |
| MD5 |
3e00a2d0ced01639d7ec2d46104a1f50
|
| SHA1 |
204f2a4ae397635728b66d41fa26960f3fe964e7
|
| SHA256 |
1fb8f58748dfe0e4766aab25c4fc1428aa337c556235ae6f392a0bfadd10fe52
|
| SSDeep |
6:WZ/ZmFAW7AD32v11ozNiAGi+Jc+FuUjhHAW13ruANGxRIX36hUIpD3b75RhaLsRl:WnCaDmvEYmKgW1azm6zp5RM7Fm
|
| C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As |
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml.gоod (Dropped File)
C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml.gоod (Dropped File) C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml (Modified File) C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml (Modified File) C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 20.53 KB |
| MD5 |
a5dc36f7e684a1e9e6b98751611bb0b5
|
| SHA1 |
d88392aead38dbf4e0e3d5eb409f1fa789abef44
|
| SHA256 |
e1110c52b13e583811094b4e520e24deb750c0d00ef307a1b9e839173b9d39a7
|
| SSDeep |
384:ftgLfNLBnhvUqsbAdZGyW0v6mm4P9+VN2SE3w7JLWraGbWpEa5YMr6PmHUTS:fyLFdnhvpsbAdZGyW0v6mm4P9+VN2SEG
|
| C:\Program Files\Java\jre1.8.0_144\bin\pack200.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 16.08 KB |
| MD5 |
03e7af3e89499024a6dbcf6ee25606d3
|
| SHA1 |
51efdbab339c8628e0b6f3ccffeeba5fbe91e44e
|
| SHA256 |
5af0a616acdd2fb5ed1570cc331f573d69d2f017f8ef66cf4fddc54aafe638ce
|
| SSDeep |
192:2B1H9yTnTVYisCIKEfodv/eeHUenYe+PjPriT0fw5Sh:+HSeimKNN/eeHrnYPLr7U
|
| ImpHash |
2c43cda2243b5af72e180e8d1f09446d
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x14000141c |
| Size Of Code | 0x800 |
| Size Of Initialized Data | 0x1c00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2017-07-22 05:07:23+00:00 |
Version Information (9)
»
| CompanyName | Oracle Corporation |
| FileDescription | Java(TM) Platform SE binary |
| FileVersion | 8.0.1440.1 |
| Full Version | 1.8.0_144-b01 |
| InternalName | pack200 |
| LegalCopyright | Copyright © 2017 |
| OriginalFilename | pack200.exe |
| ProductName | Java(TM) Platform SE 8 |
| ProductVersion | 8.0.1440.1 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x7e2 | 0x800 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.84 |
| .rdata | 0x140002000 | 0x80a | 0xa00 | 0xc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.83 |
| .data | 0x140003000 | 0xc8 | 0x200 | 0x1600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.98 |
| .pdata | 0x140004000 | 0xc0 | 0x200 | 0x1800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.56 |
| .rsrc | 0x140005000 | 0xa54 | 0xc00 | 0x1a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.25 |
| .reloc | 0x140006000 | 0x4a | 0x200 | 0x2600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.47 |
Imports (3)
»
jli.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| JLI_CmdToArgs | 0x0 | 0x140002120 | 0x2560 | 0x1160 | 0x0 |
| JLI_GetStdArgc | 0x0 | 0x140002128 | 0x2568 | 0x1168 | 0x1 |
| JLI_MemAlloc | 0x0 | 0x140002130 | 0x2570 | 0x1170 | 0x5 |
| JLI_GetStdArgs | 0x0 | 0x140002138 | 0x2578 | 0x1178 | 0x2 |
| JLI_Launch | 0x0 | 0x140002140 | 0x2580 | 0x1180 | 0x3 |
MSVCR100.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __getmainargs | 0x0 | 0x140002058 | 0x2498 | 0x1098 | 0x152 |
| __C_specific_handler | 0x0 | 0x140002060 | 0x24a0 | 0x10a0 | 0x11e |
| _XcptFilter | 0x0 | 0x140002068 | 0x24a8 | 0x10a8 | 0x11a |
| _exit | 0x0 | 0x140002070 | 0x24b0 | 0x10b0 | 0x200 |
| _cexit | 0x0 | 0x140002078 | 0x24b8 | 0x10b8 | 0x1b5 |
| exit | 0x0 | 0x140002080 | 0x24c0 | 0x10c0 | 0x548 |
| __initenv | 0x0 | 0x140002088 | 0x24c8 | 0x10c8 | 0x153 |
| _amsg_exit | 0x0 | 0x140002090 | 0x24d0 | 0x10d0 | 0x19e |
| _initterm_e | 0x0 | 0x140002098 | 0x24d8 | 0x10d8 | 0x287 |
| _configthreadlocale | 0x0 | 0x1400020a0 | 0x24e0 | 0x10e0 | 0x1c5 |
| __setusermatherr | 0x0 | 0x1400020a8 | 0x24e8 | 0x10e8 | 0x17c |
| _commode | 0x0 | 0x1400020b0 | 0x24f0 | 0x10f0 | 0x1c4 |
| _fmode | 0x0 | 0x1400020b8 | 0x24f8 | 0x10f8 | 0x21c |
| __set_app_type | 0x0 | 0x1400020c0 | 0x2500 | 0x1100 | 0x179 |
| ?terminate@@YAXXZ | 0x0 | 0x1400020c8 | 0x2508 | 0x1108 | 0x100 |
| _unlock | 0x0 | 0x1400020d0 | 0x2510 | 0x1110 | 0x45b |
| __dllonexit | 0x0 | 0x1400020d8 | 0x2518 | 0x1118 | 0x148 |
| _lock | 0x0 | 0x1400020e0 | 0x2520 | 0x1120 | 0x2f6 |
| _onexit | 0x0 | 0x1400020e8 | 0x2528 | 0x1128 | 0x39d |
| getenv | 0x0 | 0x1400020f0 | 0x2530 | 0x1130 | 0x573 |
| printf | 0x0 | 0x1400020f8 | 0x2538 | 0x1138 | 0x5b3 |
| __argc | 0x0 | 0x140002100 | 0x2540 | 0x1140 | 0x13d |
| __argv | 0x0 | 0x140002108 | 0x2548 | 0x1148 | 0x13e |
| _initterm | 0x0 | 0x140002110 | 0x2550 | 0x1150 | 0x286 |
KERNEL32.dll (10)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetSystemTimeAsFileTime | 0x0 | 0x140002000 | 0x2440 | 0x1040 | 0x280 |
| GetCurrentProcessId | 0x0 | 0x140002008 | 0x2448 | 0x1048 | 0x1c7 |
| GetCurrentThreadId | 0x0 | 0x140002010 | 0x2450 | 0x1050 | 0x1cb |
| GetTickCount | 0x0 | 0x140002018 | 0x2458 | 0x1058 | 0x29a |
| QueryPerformanceCounter | 0x0 | 0x140002020 | 0x2460 | 0x1060 | 0x3a9 |
| SetUnhandledExceptionFilter | 0x0 | 0x140002028 | 0x2468 | 0x1068 | 0x4b3 |
| EncodePointer | 0x0 | 0x140002030 | 0x2470 | 0x1070 | 0xee |
| Sleep | 0x0 | 0x140002038 | 0x2478 | 0x1078 | 0x4c0 |
| GetCommandLineA | 0x0 | 0x140002040 | 0x2480 | 0x1080 | 0x18c |
| DecodePointer | 0x0 | 0x140002048 | 0x2488 | 0x1088 | 0xcb |
Digital Signatures (2)
»
Certificate: Oracle America, Inc.
»
| Issued by | Oracle America, Inc. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2015-04-14 00:00:00+00:00 |
| Valid Until | 2018-04-13 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52 |
| Thumbprint | 3B 75 81 6D 15 A6 D8 F4 59 8E 9C F5 60 3F 18 39 EE 84 D7 3D |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00:00+00:00 |
| Valid Until | 2023-12-09 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\Program Files\Java\jre1.8.0_144\bin\pack200.exe.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\pack200.exe (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 16.08 KB |
| MD5 |
2bd3ef1728f95b6cdb6a351228e0b39c
|
| SHA1 |
2511f226e8830d2002456779e5c608fe2e058f3e
|
| SHA256 |
99c2098701dd2faedeec1850813ffc6bc55fdecdabb44c92bac1dc9115afbf7a
|
| SSDeep |
192:RN/GLAxArmndjASCTMI9zCgscIKEfodv/eeHUenYe+PjPriT0fw5Sh:eLAu2djYMcCgiKNN/eeHrnYPLr7U
|
| C:\588bce7c90097ed212\Strings.xml.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\Strings.xml (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 13.77 KB |
| MD5 |
a19ebbe4ccdb90da92f9df504a29ca6d
|
| SHA1 |
608a144b18973debc5d7c3bf7d0de9b8dd920378
|
| SHA256 |
1d4381c28a26ead33c8605f7a0053cf85cd306ca95c26e87fdc533dfc6bb9633
|
| SSDeep |
384:1y6k24Pu0N66HnRY3vqaqMnYfHHVXIHjfBHwnwXCa+f:1+OqB
|
| C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 5.53 MB |
| MD5 |
23875578722fdc984ccc97ad8564182c
|
| SHA1 |
bb29a363f86973af8a6a22b310353714e6287272
|
| SHA256 |
7b8926329ae33175f8f7c9e2736dde3ada19a45238517b3a4c298ebb193f7b78
|
| SSDeep |
98304:KBZuTlZAI+wyxiGoJLD8BgCoHeaSchw3wLe9n2AOQqhzX4Cr5RzAc2J2IdjePt:QZQG1xsL2gPYgLaHknox+
|
| C:\Program Files\Java\jre1.8.0_144\bin\policytool.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 16.08 KB |
| MD5 |
cd54211dcb6667a98641915c956132a6
|
| SHA1 |
366ab62323c214a45bdccf622a9a313146ea689b
|
| SHA256 |
6f066e8e35dfde3552afcae9f8d4ff167787feb64974bff0f11902a18ddee686
|
| SSDeep |
192:2iP1yTHThGiuMIKEfo45eegUGnYe+PjPriT0fwPhQOIu:nPaUiSKN45eegXnYPLr7cO5u
|
| ImpHash |
2c43cda2243b5af72e180e8d1f09446d
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x14000141c |
| Size Of Code | 0x800 |
| Size Of Initialized Data | 0x1c00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2017-07-22 05:07:22+00:00 |
Version Information (9)
»
| CompanyName | Oracle Corporation |
| FileDescription | Java(TM) Platform SE binary |
| FileVersion | 8.0.1440.1 |
| Full Version | 1.8.0_144-b01 |
| InternalName | policytool |
| LegalCopyright | Copyright © 2017 |
| OriginalFilename | policytool.exe |
| ProductName | Java(TM) Platform SE 8 |
| ProductVersion | 8.0.1440.1 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x7e2 | 0x800 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.84 |
| .rdata | 0x140002000 | 0x81a | 0xa00 | 0xc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.86 |
| .data | 0x140003000 | 0xc8 | 0x200 | 0x1600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.99 |
| .pdata | 0x140004000 | 0xc0 | 0x200 | 0x1800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.56 |
| .rsrc | 0x140005000 | 0xa64 | 0xc00 | 0x1a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.24 |
| .reloc | 0x140006000 | 0x4a | 0x200 | 0x2600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.47 |
Imports (3)
»
jli.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| JLI_CmdToArgs | 0x0 | 0x140002120 | 0x2570 | 0x1170 | 0x0 |
| JLI_GetStdArgc | 0x0 | 0x140002128 | 0x2578 | 0x1178 | 0x1 |
| JLI_MemAlloc | 0x0 | 0x140002130 | 0x2580 | 0x1180 | 0x5 |
| JLI_GetStdArgs | 0x0 | 0x140002138 | 0x2588 | 0x1188 | 0x2 |
| JLI_Launch | 0x0 | 0x140002140 | 0x2590 | 0x1190 | 0x3 |
MSVCR100.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __getmainargs | 0x0 | 0x140002058 | 0x24a8 | 0x10a8 | 0x152 |
| __C_specific_handler | 0x0 | 0x140002060 | 0x24b0 | 0x10b0 | 0x11e |
| _XcptFilter | 0x0 | 0x140002068 | 0x24b8 | 0x10b8 | 0x11a |
| _exit | 0x0 | 0x140002070 | 0x24c0 | 0x10c0 | 0x200 |
| _cexit | 0x0 | 0x140002078 | 0x24c8 | 0x10c8 | 0x1b5 |
| exit | 0x0 | 0x140002080 | 0x24d0 | 0x10d0 | 0x548 |
| __initenv | 0x0 | 0x140002088 | 0x24d8 | 0x10d8 | 0x153 |
| _amsg_exit | 0x0 | 0x140002090 | 0x24e0 | 0x10e0 | 0x19e |
| _initterm_e | 0x0 | 0x140002098 | 0x24e8 | 0x10e8 | 0x287 |
| _configthreadlocale | 0x0 | 0x1400020a0 | 0x24f0 | 0x10f0 | 0x1c5 |
| __setusermatherr | 0x0 | 0x1400020a8 | 0x24f8 | 0x10f8 | 0x17c |
| _commode | 0x0 | 0x1400020b0 | 0x2500 | 0x1100 | 0x1c4 |
| _fmode | 0x0 | 0x1400020b8 | 0x2508 | 0x1108 | 0x21c |
| __set_app_type | 0x0 | 0x1400020c0 | 0x2510 | 0x1110 | 0x179 |
| ?terminate@@YAXXZ | 0x0 | 0x1400020c8 | 0x2518 | 0x1118 | 0x100 |
| _unlock | 0x0 | 0x1400020d0 | 0x2520 | 0x1120 | 0x45b |
| __dllonexit | 0x0 | 0x1400020d8 | 0x2528 | 0x1128 | 0x148 |
| _lock | 0x0 | 0x1400020e0 | 0x2530 | 0x1130 | 0x2f6 |
| _onexit | 0x0 | 0x1400020e8 | 0x2538 | 0x1138 | 0x39d |
| getenv | 0x0 | 0x1400020f0 | 0x2540 | 0x1140 | 0x573 |
| printf | 0x0 | 0x1400020f8 | 0x2548 | 0x1148 | 0x5b3 |
| __argc | 0x0 | 0x140002100 | 0x2550 | 0x1150 | 0x13d |
| __argv | 0x0 | 0x140002108 | 0x2558 | 0x1158 | 0x13e |
| _initterm | 0x0 | 0x140002110 | 0x2560 | 0x1160 | 0x286 |
KERNEL32.dll (10)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetSystemTimeAsFileTime | 0x0 | 0x140002000 | 0x2450 | 0x1050 | 0x280 |
| GetCurrentProcessId | 0x0 | 0x140002008 | 0x2458 | 0x1058 | 0x1c7 |
| GetCurrentThreadId | 0x0 | 0x140002010 | 0x2460 | 0x1060 | 0x1cb |
| GetTickCount | 0x0 | 0x140002018 | 0x2468 | 0x1068 | 0x29a |
| QueryPerformanceCounter | 0x0 | 0x140002020 | 0x2470 | 0x1070 | 0x3a9 |
| SetUnhandledExceptionFilter | 0x0 | 0x140002028 | 0x2478 | 0x1078 | 0x4b3 |
| EncodePointer | 0x0 | 0x140002030 | 0x2480 | 0x1080 | 0xee |
| Sleep | 0x0 | 0x140002038 | 0x2488 | 0x1088 | 0x4c0 |
| GetCommandLineA | 0x0 | 0x140002040 | 0x2490 | 0x1090 | 0x18c |
| DecodePointer | 0x0 | 0x140002048 | 0x2498 | 0x1098 | 0xcb |
Digital Signatures (2)
»
Certificate: Oracle America, Inc.
»
| Issued by | Oracle America, Inc. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2015-04-14 00:00:00+00:00 |
| Valid Until | 2018-04-13 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52 |
| Thumbprint | 3B 75 81 6D 15 A6 D8 F4 59 8E 9C F5 60 3F 18 39 EE 84 D7 3D |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00:00+00:00 |
| Valid Until | 2023-12-09 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\Program Files\Java\jre1.8.0_144\bin\policytool.exe.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\policytool.exe (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 16.08 KB |
| MD5 |
26297603b144e85af529772092093c82
|
| SHA1 |
dc9c41e3fe204693ab3616bb2f8a7deb267c34a2
|
| SHA256 |
30b659bedbe54c92765a8e5d0d82f2ac42316db0f424baa411fdb0d18f741a6b
|
| SSDeep |
192:R9d3y7nLZu+qitEZIKEfo45eegUGnYe+PjPriT0fwPhQOIu:B300+ne+KN45eegXnYPLr7cO5u
|
| Mime Type | text/xml |
| File Size | 38.00 KB |
| MD5 |
e1b3ca4e4ae58454981d9b2560016ced
|
| SHA1 |
ccd175121f62b8030e3f34ce45932cdc0fd84f53
|
| SHA256 |
130697be2b997b5c8fb2a96097bb020eb347d5398895fc93c4fb0b778343f167
|
| SSDeep |
768:24UR0d5vssgP7ZgZ/vSguJQvFQXvDINJh6Fmhvk71sO0Nep3UL9Eu+dOtOcOdOj9:24UR0d5vsTPuZXQYQLIN/6Fmhvk71sOU
|
| C:\588bce7c90097ed212\UiInfo.xml | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\UiInfo.xml.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 38.00 KB |
| MD5 |
eafb290ac67d44942d9d12cdfb210445
|
| SHA1 |
c7f2e7b5cce71dee756baedcf897946f344223dd
|
| SHA256 |
8fd0abe334fe1df339b873b73a37b0aa770a6341252d9ef5d63a118754467e8e
|
| SSDeep |
768:zIxEZSusgP7ZgZ/vSguJQvFQXvDINJh6Fmhvk71sO0Nep3UL9Eu+dOtOcOdOjTZX:zI6YuTPuZXQYQLIN/6Fmhvk71sO0NepS
|
| C:\Program Files\Java\jre1.8.0_144\bin\rmid.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 15.58 KB |
| MD5 |
29916c050a6bb143f3c16e898c07c532
|
| SHA1 |
a5e106028a301f6323669123ab12720243952d58
|
| SHA256 |
bd7695355e1a158764581f7ba33a25a14c51fde9711876119c46c9ebcd50351a
|
| SSDeep |
192:2VfFyTHT24Oi2SXIKEfo8MT51ee5sU9nYe+PjPriT0fwSJl0F:cfqciuKNDT51ee2QnYPLr7Hw
|
| ImpHash |
2c43cda2243b5af72e180e8d1f09446d
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x14000141c |
| Size Of Code | 0x800 |
| Size Of Initialized Data | 0x1a00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2017-07-22 05:07:23+00:00 |
Version Information (9)
»
| CompanyName | Oracle Corporation |
| FileDescription | Java(TM) Platform SE binary |
| FileVersion | 8.0.1440.1 |
| Full Version | 1.8.0_144-b01 |
| InternalName | rmid |
| LegalCopyright | Copyright © 2017 |
| OriginalFilename | rmid.exe |
| ProductName | Java(TM) Platform SE 8 |
| ProductVersion | 8.0.1440.1 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x7e2 | 0x800 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.84 |
| .rdata | 0x140002000 | 0x7fa | 0x800 | 0xc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.49 |
| .data | 0x140003000 | 0xc8 | 0x200 | 0x1400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.99 |
| .pdata | 0x140004000 | 0xc0 | 0x200 | 0x1600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.55 |
| .rsrc | 0x140005000 | 0xa48 | 0xc00 | 0x1800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.25 |
| .reloc | 0x140006000 | 0x4a | 0x200 | 0x2400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.47 |
Imports (3)
»
jli.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| JLI_CmdToArgs | 0x0 | 0x140002120 | 0x2550 | 0x1150 | 0x0 |
| JLI_GetStdArgc | 0x0 | 0x140002128 | 0x2558 | 0x1158 | 0x1 |
| JLI_MemAlloc | 0x0 | 0x140002130 | 0x2560 | 0x1160 | 0x5 |
| JLI_GetStdArgs | 0x0 | 0x140002138 | 0x2568 | 0x1168 | 0x2 |
| JLI_Launch | 0x0 | 0x140002140 | 0x2570 | 0x1170 | 0x3 |
MSVCR100.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __getmainargs | 0x0 | 0x140002058 | 0x2488 | 0x1088 | 0x152 |
| __C_specific_handler | 0x0 | 0x140002060 | 0x2490 | 0x1090 | 0x11e |
| _XcptFilter | 0x0 | 0x140002068 | 0x2498 | 0x1098 | 0x11a |
| _exit | 0x0 | 0x140002070 | 0x24a0 | 0x10a0 | 0x200 |
| _cexit | 0x0 | 0x140002078 | 0x24a8 | 0x10a8 | 0x1b5 |
| exit | 0x0 | 0x140002080 | 0x24b0 | 0x10b0 | 0x548 |
| __initenv | 0x0 | 0x140002088 | 0x24b8 | 0x10b8 | 0x153 |
| _amsg_exit | 0x0 | 0x140002090 | 0x24c0 | 0x10c0 | 0x19e |
| _initterm_e | 0x0 | 0x140002098 | 0x24c8 | 0x10c8 | 0x287 |
| _configthreadlocale | 0x0 | 0x1400020a0 | 0x24d0 | 0x10d0 | 0x1c5 |
| __setusermatherr | 0x0 | 0x1400020a8 | 0x24d8 | 0x10d8 | 0x17c |
| _commode | 0x0 | 0x1400020b0 | 0x24e0 | 0x10e0 | 0x1c4 |
| _fmode | 0x0 | 0x1400020b8 | 0x24e8 | 0x10e8 | 0x21c |
| __set_app_type | 0x0 | 0x1400020c0 | 0x24f0 | 0x10f0 | 0x179 |
| ?terminate@@YAXXZ | 0x0 | 0x1400020c8 | 0x24f8 | 0x10f8 | 0x100 |
| _unlock | 0x0 | 0x1400020d0 | 0x2500 | 0x1100 | 0x45b |
| __dllonexit | 0x0 | 0x1400020d8 | 0x2508 | 0x1108 | 0x148 |
| _lock | 0x0 | 0x1400020e0 | 0x2510 | 0x1110 | 0x2f6 |
| _onexit | 0x0 | 0x1400020e8 | 0x2518 | 0x1118 | 0x39d |
| getenv | 0x0 | 0x1400020f0 | 0x2520 | 0x1120 | 0x573 |
| printf | 0x0 | 0x1400020f8 | 0x2528 | 0x1128 | 0x5b3 |
| __argc | 0x0 | 0x140002100 | 0x2530 | 0x1130 | 0x13d |
| __argv | 0x0 | 0x140002108 | 0x2538 | 0x1138 | 0x13e |
| _initterm | 0x0 | 0x140002110 | 0x2540 | 0x1140 | 0x286 |
KERNEL32.dll (10)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetSystemTimeAsFileTime | 0x0 | 0x140002000 | 0x2430 | 0x1030 | 0x280 |
| GetCurrentProcessId | 0x0 | 0x140002008 | 0x2438 | 0x1038 | 0x1c7 |
| GetCurrentThreadId | 0x0 | 0x140002010 | 0x2440 | 0x1040 | 0x1cb |
| GetTickCount | 0x0 | 0x140002018 | 0x2448 | 0x1048 | 0x29a |
| QueryPerformanceCounter | 0x0 | 0x140002020 | 0x2450 | 0x1050 | 0x3a9 |
| SetUnhandledExceptionFilter | 0x0 | 0x140002028 | 0x2458 | 0x1058 | 0x4b3 |
| EncodePointer | 0x0 | 0x140002030 | 0x2460 | 0x1060 | 0xee |
| Sleep | 0x0 | 0x140002038 | 0x2468 | 0x1068 | 0x4c0 |
| GetCommandLineA | 0x0 | 0x140002040 | 0x2470 | 0x1070 | 0x18c |
| DecodePointer | 0x0 | 0x140002048 | 0x2478 | 0x1078 | 0xcb |
Digital Signatures (2)
»
Certificate: Oracle America, Inc.
»
| Issued by | Oracle America, Inc. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2015-04-14 00:00:00+00:00 |
| Valid Until | 2018-04-13 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52 |
| Thumbprint | 3B 75 81 6D 15 A6 D8 F4 59 8E 9C F5 60 3F 18 39 EE 84 D7 3D |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00:00+00:00 |
| Valid Until | 2023-12-09 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi | Modified File | Unknown |
Unknown
|
...
|
»
| Mime Type | application/x-msi |
| File Size | 148.02 KB |
| MD5 |
68950f9605bc276c299d7b8d4c473e59
|
| SHA1 |
d64652a155a452e32e4a2ace7c4ef5c781c0e267
|
| SHA256 |
61f0b3a9e532230c4001ef33fa314ffb4c02ec013f5ac7a2639b9bbff6b5593f
|
| SSDeep |
3072:VUGQr09nGe3D+VYawa5bJc3nW4Wb4NmlST8X:rqsgwawm4WtS8
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 52.59 KB |
| MD5 |
97a21598972b6bcb232e56d54450d4cd
|
| SHA1 |
dead391f69ff521a89ccc455128216530d80139d
|
| SHA256 |
6cee735138b4dae70ea7c0dda4c9c9e8a40f209fd97b219c760689c37a1d9bae
|
| SSDeep |
768:3aJbUnr7QTanFOI9/ScWkPAG51JFPXdLbZmscCWvy3ELTibwjh3Ddg7ocAhQ:3aJbSr7SUL9sG/ZEs2g7bwjh367/AhQ
|
| ImpHash |
0d6e692aa1463f329a38a8aaa052b69b
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x405a2a |
| Size Of Code | 0x5400 |
| Size Of Initialized Data | 0x6200 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2016-12-23 15:19:50+00:00 |
Version Information (8)
»
| Comments | - |
| CompanyName | Adobe Systems Incorporated |
| FileDescription | Adobe Acrobat SpeedLauncher |
| FileVersion | 15.23.20053.211670 |
| LegalCopyright | Copyright 1984-2017 Adobe Systems Incorporated and its licensors. All rights reserved. |
| OriginalFilename | AcroSpeedLaunch.exe |
| ProductName | Adobe Acrobat |
| ProductVersion | 15.23.20053.211670 |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x52eb | 0x5400 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.31 |
| .rdata | 0x407000 | 0x4322 | 0x4400 | 0x5800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.58 |
| .data | 0x40c000 | 0xa94 | 0x800 | 0x9c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.2 |
| .rsrc | 0x40d000 | 0x670 | 0x800 | 0xa400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.76 |
| .reloc | 0x40e000 | 0x828 | 0xa00 | 0xac00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.75 |
Imports (7)
»
KERNEL32.dll (47)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CreateThread | 0x0 | 0x407020 | 0xa844 | 0x9044 | 0xe8 |
| GetCurrentThread | 0x0 | 0x407024 | 0xa848 | 0x9048 | 0x20d |
| SetThreadPriority | 0x0 | 0x407028 | 0xa84c | 0x904c | 0x535 |
| TerminateThread | 0x0 | 0x40702c | 0xa850 | 0x9050 | 0x562 |
| CreateProcessA | 0x0 | 0x407030 | 0xa854 | 0x9054 | 0xd7 |
| GetModuleFileNameA | 0x0 | 0x407034 | 0xa858 | 0x9058 | 0x262 |
| GetModuleHandleA | 0x0 | 0x407038 | 0xa85c | 0x905c | 0x264 |
| GetSystemPowerStatus | 0x0 | 0x40703c | 0xa860 | 0x9060 | 0x2d1 |
| FreeLibrary | 0x0 | 0x407040 | 0xa864 | 0x9064 | 0x19e |
| GetProcAddress | 0x0 | 0x407044 | 0xa868 | 0x9068 | 0x29d |
| LoadLibraryA | 0x0 | 0x407048 | 0xa86c | 0x906c | 0x3a5 |
| CreateFileA | 0x0 | 0x40704c | 0xa870 | 0x9070 | 0xba |
| CreateFileW | 0x0 | 0x407050 | 0xa874 | 0x9074 | 0xc2 |
| FindClose | 0x0 | 0x407054 | 0xa878 | 0x9078 | 0x168 |
| FindFirstFileA | 0x0 | 0x407058 | 0xa87c | 0x907c | 0x16c |
| FindNextFileA | 0x0 | 0x40705c | 0xa880 | 0x9080 | 0x17d |
| GetFileAttributesA | 0x0 | 0x407060 | 0xa884 | 0x9084 | 0x230 |
| GetFinalPathNameByHandleW | 0x0 | 0x407064 | 0xa888 | 0x9088 | 0x240 |
| ReadFile | 0x0 | 0x407068 | 0xa88c | 0x908c | 0x450 |
| CreateEventA | 0x0 | 0x40706c | 0xa890 | 0x9090 | 0xb3 |
| GetCurrentProcess | 0x0 | 0x407070 | 0xa894 | 0x9094 | 0x209 |
| GetSystemInfo | 0x0 | 0x407074 | 0xa898 | 0x9098 | 0x2d0 |
| VirtualQueryEx | 0x0 | 0x407078 | 0xa89c | 0x909c | 0x5a4 |
| MapViewOfFile | 0x0 | 0x40707c | 0xa8a0 | 0x90a0 | 0x3c0 |
| UnmapViewOfFile | 0x0 | 0x407080 | 0xa8a4 | 0x90a4 | 0x585 |
| CreateFileMappingA | 0x0 | 0x407084 | 0xa8a8 | 0x90a8 | 0xbb |
| MultiByteToWideChar | 0x0 | 0x407088 | 0xa8ac | 0x90ac | 0x3d1 |
| GetSystemDirectoryA | 0x0 | 0x40708c | 0xa8b0 | 0x90b0 | 0x2cc |
| GetWindowsDirectoryA | 0x0 | 0x407090 | 0xa8b4 | 0x90b4 | 0x30f |
| GetTempPathA | 0x0 | 0x407094 | 0xa8b8 | 0x90b8 | 0x2e2 |
| WideCharToMultiByte | 0x0 | 0x407098 | 0xa8bc | 0x90bc | 0x5cd |
| GetCurrentThreadId | 0x0 | 0x40709c | 0xa8c0 | 0x90c0 | 0x20e |
| GetCurrentProcessId | 0x0 | 0x4070a0 | 0xa8c4 | 0x90c4 | 0x20a |
| QueryPerformanceCounter | 0x0 | 0x4070a4 | 0xa8c8 | 0x90c8 | 0x42d |
| IsProcessorFeaturePresent | 0x0 | 0x4070a8 | 0xa8cc | 0x90cc | 0x36d |
| IsDebuggerPresent | 0x0 | 0x4070ac | 0xa8d0 | 0x90d0 | 0x367 |
| DecodePointer | 0x0 | 0x4070b0 | 0xa8d4 | 0x90d4 | 0xfe |
| EncodePointer | 0x0 | 0x4070b4 | 0xa8d8 | 0x90d8 | 0x121 |
| GetSystemTimeAsFileTime | 0x0 | 0x4070b8 | 0xa8dc | 0x90dc | 0x2d6 |
| WaitForSingleObject | 0x0 | 0x4070bc | 0xa8e0 | 0x90e0 | 0x5ab |
| SetEvent | 0x0 | 0x4070c0 | 0xa8e4 | 0x90e4 | 0x4f0 |
| DeleteCriticalSection | 0x0 | 0x4070c4 | 0xa8e8 | 0x90e8 | 0x105 |
| LeaveCriticalSection | 0x0 | 0x4070c8 | 0xa8ec | 0x90ec | 0x3a2 |
| EnterCriticalSection | 0x0 | 0x4070cc | 0xa8f0 | 0x90f0 | 0x125 |
| InitializeCriticalSection | 0x0 | 0x4070d0 | 0xa8f4 | 0x90f4 | 0x347 |
| SetFilePointer | 0x0 | 0x4070d4 | 0xa8f8 | 0x90f8 | 0x4fc |
| CloseHandle | 0x0 | 0x4070d8 | 0xa8fc | 0x90fc | 0x7f |
USER32.dll (14)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| LoadIconA | 0x0 | 0x4071c0 | 0xa9e4 | 0x91e4 | 0x222 |
| GetMessageA | 0x0 | 0x4071c4 | 0xa9e8 | 0x91e8 | 0x16f |
| CreateWindowExA | 0x0 | 0x4071c8 | 0xa9ec | 0x91ec | 0x70 |
| DestroyWindow | 0x0 | 0x4071cc | 0xa9f0 | 0x91f0 | 0xad |
| SetTimer | 0x0 | 0x4071d0 | 0xa9f4 | 0x91f4 | 0x301 |
| KillTimer | 0x0 | 0x4071d4 | 0xa9f8 | 0x91f8 | 0x219 |
| FindWindowA | 0x0 | 0x4071d8 | 0xa9fc | 0x91fc | 0x106 |
| LoadCursorA | 0x0 | 0x4071dc | 0xaa00 | 0x9200 | 0x21e |
| RegisterClassExA | 0x0 | 0x4071e0 | 0xaa04 | 0x9204 | 0x288 |
| UnregisterClassA | 0x0 | 0x4071e4 | 0xaa08 | 0x9208 | 0x348 |
| PostQuitMessage | 0x0 | 0x4071e8 | 0xaa0c | 0x920c | 0x271 |
| DefWindowProcA | 0x0 | 0x4071ec | 0xaa10 | 0x9210 | 0xa0 |
| DispatchMessageA | 0x0 | 0x4071f0 | 0xaa14 | 0x9214 | 0xb4 |
| TranslateMessage | 0x0 | 0x4071f4 | 0xaa18 | 0x9218 | 0x33f |
ADVAPI32.dll (7)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CloseServiceHandle | 0x0 | 0x407000 | 0xa824 | 0x9024 | 0x65 |
| OpenServiceA | 0x0 | 0x407004 | 0xa828 | 0x9028 | 0x215 |
| QueryServiceStatus | 0x0 | 0x407008 | 0xa82c | 0x902c | 0x24c |
| RegCloseKey | 0x0 | 0x40700c | 0xa830 | 0x9030 | 0x254 |
| RegOpenKeyA | 0x0 | 0x407010 | 0xa834 | 0x9034 | 0x283 |
| RegQueryValueA | 0x0 | 0x407014 | 0xa838 | 0x9038 | 0x290 |
| OpenSCManagerA | 0x0 | 0x407018 | 0xa83c | 0x903c | 0x213 |
SHELL32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SHGetKnownFolderPath | 0x0 | 0x4071ac | 0xa9d0 | 0x91d0 | 0xde |
| SHGetPathFromIDListA | 0x0 | 0x4071b0 | 0xa9d4 | 0x91d4 | 0xe7 |
| SHGetMalloc | 0x0 | 0x4071b4 | 0xa9d8 | 0x91d8 | 0xe1 |
| SHGetSpecialFolderLocation | 0x0 | 0x4071b8 | 0xa9dc | 0x91dc | 0xf1 |
ole32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CoTaskMemFree | 0x0 | 0x4071fc | 0xaa20 | 0x9220 | 0x7b |
MSVCP120.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ?_Syserror_map@std@@YAPBDH@Z | 0x0 | 0x4070e0 | 0xa904 | 0x9104 | 0x2b0 |
| ?_Xout_of_range@std@@YAXPBD@Z | 0x0 | 0x4070e4 | 0xa908 | 0x9108 | 0x2cd |
| ?_Xlength_error@std@@YAXPBD@Z | 0x0 | 0x4070e8 | 0xa90c | 0x910c | 0x2cc |
| ?_Xbad_alloc@std@@YAXXZ | 0x0 | 0x4070ec | 0xa910 | 0x9110 | 0x2c9 |
| ?_Winerror_map@std@@YAPBDH@Z | 0x0 | 0x4070f0 | 0xa914 | 0x9114 | 0x2c5 |
MSVCR120.dll (44)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| _crt_debugger_hook | 0x0 | 0x4070f8 | 0xa91c | 0x911c | 0x250 |
| _acmdln | 0x0 | 0x4070fc | 0xa920 | 0x9120 | 0x20e |
| _initterm | 0x0 | 0x407100 | 0xa924 | 0x9124 | 0x30c |
| __crtUnhandledException | 0x0 | 0x407104 | 0xa928 | 0x9128 | 0x1ac |
| _initterm_e | 0x0 | 0x407108 | 0xa92c | 0x912c | 0x30d |
| __setusermatherr | 0x0 | 0x40710c | 0xa930 | 0x9130 | 0x1f4 |
| _commode | 0x0 | 0x407110 | 0xa934 | 0x9134 | 0x23f |
| __crtTerminateProcess | 0x0 | 0x407114 | 0xa938 | 0x9138 | 0x1ab |
| __crtSetUnhandledExceptionFilter | 0x0 | 0x407118 | 0xa93c | 0x913c | 0x1a9 |
| _invoke_watson | 0x0 | 0x40711c | 0xa940 | 0x9140 | 0x314 |
| _controlfp_s | 0x0 | 0x407120 | 0xa944 | 0x9144 | 0x243 |
| _except_handler4_common | 0x0 | 0x407124 | 0xa948 | 0x9148 | 0x27a |
| _calloc_crt | 0x0 | 0x407128 | 0xa94c | 0x914c | 0x22e |
| _purecall | 0x0 | 0x40712c | 0xa950 | 0x9150 | 0x449 |
| ??2@YAPAXI@Z | 0x0 | 0x407130 | 0xa954 | 0x9154 | 0x70 |
| ??3@YAXPAX@Z | 0x0 | 0x407134 | 0xa958 | 0x9158 | 0x72 |
| memmove | 0x0 | 0x407138 | 0xa95c | 0x915c | 0x6e8 |
| strrchr | 0x0 | 0x40713c | 0xa960 | 0x9160 | 0x740 |
| strstr | 0x0 | 0x407140 | 0xa964 | 0x9164 | 0x742 |
| malloc | 0x0 | 0x407144 | 0xa968 | 0x9168 | 0x6db |
| _CxxThrowException | 0x0 | 0x407148 | 0xa96c | 0x916c | 0x158 |
| __CxxFrameHandler3 | 0x0 | 0x40714c | 0xa970 | 0x9170 | 0x174 |
| memcpy | 0x0 | 0x407150 | 0xa974 | 0x9174 | 0x6e6 |
| memset | 0x0 | 0x407154 | 0xa978 | 0x9178 | 0x6ea |
| strchr | 0x0 | 0x407158 | 0xa97c | 0x917c | 0x72f |
| ??_V@YAXPAX@Z | 0x0 | 0x40715c | 0xa980 | 0x9180 | 0x89 |
| free | 0x0 | 0x407160 | 0xa984 | 0x9184 | 0x683 |
| _lock | 0x0 | 0x407164 | 0xa988 | 0x9188 | 0x394 |
| _unlock | 0x0 | 0x407168 | 0xa98c | 0x918c | 0x504 |
| _configthreadlocale | 0x0 | 0x40716c | 0xa990 | 0x9190 | 0x240 |
| __dllonexit | 0x0 | 0x407170 | 0xa994 | 0x9194 | 0x1ae |
| _onexit | 0x0 | 0x407174 | 0xa998 | 0x9198 | 0x43a |
| ??1type_info@@UAE@XZ | 0x0 | 0x407178 | 0xa99c | 0x919c | 0x6f |
| ?terminate@@YAXXZ | 0x0 | 0x40717c | 0xa9a0 | 0x91a0 | 0x135 |
| _XcptFilter | 0x0 | 0x407180 | 0xa9a4 | 0x91a4 | 0x16b |
| __crtGetShowWindowMode | 0x0 | 0x407184 | 0xa9a8 | 0x91a8 | 0x19d |
| _amsg_exit | 0x0 | 0x407188 | 0xa9ac | 0x91ac | 0x217 |
| __getmainargs | 0x0 | 0x40718c | 0xa9b0 | 0x91b0 | 0x1b6 |
| __set_app_type | 0x0 | 0x407190 | 0xa9b4 | 0x91b4 | 0x1f2 |
| exit | 0x0 | 0x407194 | 0xa9b8 | 0x91b8 | 0x64e |
| _exit | 0x0 | 0x407198 | 0xa9bc | 0x91bc | 0x283 |
| _cexit | 0x0 | 0x40719c | 0xa9c0 | 0x91c0 | 0x22f |
| _ismbblead | 0x0 | 0x4071a0 | 0xa9c4 | 0x91c4 | 0x331 |
| _fmode | 0x0 | 0x4071a4 | 0xa9c8 | 0x91c8 | 0x2a2 |
Digital Signatures (2)
»
Certificate: Adobe Systems, Incorporated
»
| Issued by | Adobe Systems, Incorporated |
| Parent Certificate | Symantec Class 3 Extended Validation Code Signing CA - G2 |
| Country Name | US |
| Valid From | 2015-05-14 00:00:00+00:00 |
| Valid Until | 2017-05-07 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 10 FB 71 33 19 02 7F 3F 1F 1C 06 67 B3 C3 8C A9 |
| Thumbprint | 45 54 8B 92 B8 0C B7 9A 7C 62 8B 83 D9 DB A3 7B 9C 86 97 1D |
Certificate: Symantec Class 3 Extended Validation Code Signing CA - G2
»
| Issued by | Symantec Class 3 Extended Validation Code Signing CA - G2 |
| Country Name | US |
| Valid From | 2014-03-04 00:00:00+00:00 |
| Valid Until | 2024-03-03 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 19 1A 32 CB 75 9C 97 B8 CF AC 11 8D D5 12 7F 49 |
| Thumbprint | 5B 8F 88 C8 0A 73 D3 5F 76 CD 41 2A 9E 74 E9 16 59 4D FA 67 |
| C:\Program Files\Java\jre1.8.0_144\bin\rmid.exe | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\rmid.exe.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 15.58 KB |
| MD5 |
316577ca2005a57c5146a5554bef77d7
|
| SHA1 |
e2ff4aedb30c9b44719c6d31cc74070a1666e755
|
| SHA256 |
5075618c8c5dc44f04590310a27441154b2940e3426d9f323cccb68f19b9d5c2
|
| SSDeep |
192:RnKvjQgnvTy7jXIKEfo8MT51ee5sU9nYe+PjPriT0fwSJl0F:tKUgnvTyYKNDT51ee2QnYPLr7Hw
|
| C:\Program Files\Java\jre1.8.0_144\bin\rmiregistry.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 16.08 KB |
| MD5 |
d7462b3df6941acf674e92674655694d
|
| SHA1 |
12c357208a0e6fe239a3ede47a3a96895404073d
|
| SHA256 |
6eac2355daf573a54a74d578398399c5e2a41f113fcb6194385cf6a62915d65d
|
| SSDeep |
192:2dFfFyTnTtTi6CIKEfolrZee0UGnYe+PjPriT0fwxDHe:ifq1i4KNZZee03nYPLr7
|
| ImpHash |
2c43cda2243b5af72e180e8d1f09446d
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x14000141c |
| Size Of Code | 0x800 |
| Size Of Initialized Data | 0x1c00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2017-07-22 05:07:23+00:00 |
Version Information (9)
»
| CompanyName | Oracle Corporation |
| FileDescription | Java(TM) Platform SE binary |
| FileVersion | 8.0.1440.1 |
| Full Version | 1.8.0_144-b01 |
| InternalName | rmiregistry |
| LegalCopyright | Copyright © 2017 |
| OriginalFilename | rmiregistry.exe |
| ProductName | Java(TM) Platform SE 8 |
| ProductVersion | 8.0.1440.1 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x7e2 | 0x800 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.84 |
| .rdata | 0x140002000 | 0x80a | 0xa00 | 0xc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.83 |
| .data | 0x140003000 | 0xc8 | 0x200 | 0x1600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.99 |
| .pdata | 0x140004000 | 0xc0 | 0x200 | 0x1800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.56 |
| .rsrc | 0x140005000 | 0xa68 | 0xc00 | 0x1a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.24 |
| .reloc | 0x140006000 | 0x4a | 0x200 | 0x2600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.47 |
Imports (3)
»
jli.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| JLI_CmdToArgs | 0x0 | 0x140002120 | 0x2560 | 0x1160 | 0x0 |
| JLI_GetStdArgc | 0x0 | 0x140002128 | 0x2568 | 0x1168 | 0x1 |
| JLI_MemAlloc | 0x0 | 0x140002130 | 0x2570 | 0x1170 | 0x5 |
| JLI_GetStdArgs | 0x0 | 0x140002138 | 0x2578 | 0x1178 | 0x2 |
| JLI_Launch | 0x0 | 0x140002140 | 0x2580 | 0x1180 | 0x3 |
MSVCR100.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __getmainargs | 0x0 | 0x140002058 | 0x2498 | 0x1098 | 0x152 |
| __C_specific_handler | 0x0 | 0x140002060 | 0x24a0 | 0x10a0 | 0x11e |
| _XcptFilter | 0x0 | 0x140002068 | 0x24a8 | 0x10a8 | 0x11a |
| _exit | 0x0 | 0x140002070 | 0x24b0 | 0x10b0 | 0x200 |
| _cexit | 0x0 | 0x140002078 | 0x24b8 | 0x10b8 | 0x1b5 |
| exit | 0x0 | 0x140002080 | 0x24c0 | 0x10c0 | 0x548 |
| __initenv | 0x0 | 0x140002088 | 0x24c8 | 0x10c8 | 0x153 |
| _amsg_exit | 0x0 | 0x140002090 | 0x24d0 | 0x10d0 | 0x19e |
| _initterm_e | 0x0 | 0x140002098 | 0x24d8 | 0x10d8 | 0x287 |
| _configthreadlocale | 0x0 | 0x1400020a0 | 0x24e0 | 0x10e0 | 0x1c5 |
| __setusermatherr | 0x0 | 0x1400020a8 | 0x24e8 | 0x10e8 | 0x17c |
| _commode | 0x0 | 0x1400020b0 | 0x24f0 | 0x10f0 | 0x1c4 |
| _fmode | 0x0 | 0x1400020b8 | 0x24f8 | 0x10f8 | 0x21c |
| __set_app_type | 0x0 | 0x1400020c0 | 0x2500 | 0x1100 | 0x179 |
| ?terminate@@YAXXZ | 0x0 | 0x1400020c8 | 0x2508 | 0x1108 | 0x100 |
| _unlock | 0x0 | 0x1400020d0 | 0x2510 | 0x1110 | 0x45b |
| __dllonexit | 0x0 | 0x1400020d8 | 0x2518 | 0x1118 | 0x148 |
| _lock | 0x0 | 0x1400020e0 | 0x2520 | 0x1120 | 0x2f6 |
| _onexit | 0x0 | 0x1400020e8 | 0x2528 | 0x1128 | 0x39d |
| getenv | 0x0 | 0x1400020f0 | 0x2530 | 0x1130 | 0x573 |
| printf | 0x0 | 0x1400020f8 | 0x2538 | 0x1138 | 0x5b3 |
| __argc | 0x0 | 0x140002100 | 0x2540 | 0x1140 | 0x13d |
| __argv | 0x0 | 0x140002108 | 0x2548 | 0x1148 | 0x13e |
| _initterm | 0x0 | 0x140002110 | 0x2550 | 0x1150 | 0x286 |
KERNEL32.dll (10)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetSystemTimeAsFileTime | 0x0 | 0x140002000 | 0x2440 | 0x1040 | 0x280 |
| GetCurrentProcessId | 0x0 | 0x140002008 | 0x2448 | 0x1048 | 0x1c7 |
| GetCurrentThreadId | 0x0 | 0x140002010 | 0x2450 | 0x1050 | 0x1cb |
| GetTickCount | 0x0 | 0x140002018 | 0x2458 | 0x1058 | 0x29a |
| QueryPerformanceCounter | 0x0 | 0x140002020 | 0x2460 | 0x1060 | 0x3a9 |
| SetUnhandledExceptionFilter | 0x0 | 0x140002028 | 0x2468 | 0x1068 | 0x4b3 |
| EncodePointer | 0x0 | 0x140002030 | 0x2470 | 0x1070 | 0xee |
| Sleep | 0x0 | 0x140002038 | 0x2478 | 0x1078 | 0x4c0 |
| GetCommandLineA | 0x0 | 0x140002040 | 0x2480 | 0x1080 | 0x18c |
| DecodePointer | 0x0 | 0x140002048 | 0x2488 | 0x1088 | 0xcb |
Digital Signatures (2)
»
Certificate: Oracle America, Inc.
»
| Issued by | Oracle America, Inc. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2015-04-14 00:00:00+00:00 |
| Valid Until | 2018-04-13 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52 |
| Thumbprint | 3B 75 81 6D 15 A6 D8 F4 59 8E 9C F5 60 3F 18 39 EE 84 D7 3D |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00:00+00:00 |
| Valid Until | 2023-12-09 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\Program Files\Java\jre1.8.0_144\bin\rmiregistry.exe.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\rmiregistry.exe (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 16.08 KB |
| MD5 |
ed51632d021930384c346e50ec6709cd
|
| SHA1 |
1cc5f481cc3d479d1f1b04e2d9b026b3522398c5
|
| SHA256 |
c13dbe190f3f5b8416dda7e9dd200e29a939180942a81df096604c08521aea24
|
| SSDeep |
192:R09cJ80clOIcIKEfolrZee0UGnYe+PjPriT0fwxDHe:C9c60clXKNZZee03nYPLr7
|
| C:\588bce7c90097ed212\watermark.bmp | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\watermark.bmp.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 101.65 KB |
| MD5 |
2d61de036acfa58815a429821550fa19
|
| SHA1 |
4900eb0cb96310ce823c4510732af453b026a256
|
| SHA256 |
2a6019d1b95c6fd3207e97fa4d76919ee28a913a82b875713d35bf2c034a98a7
|
| SSDeep |
768:XCJbKZKUpOeBmAj72KbvEvffvCv7cTIMUHuRzHA8X9H51T9ho4xw7CgBl:XaKZKULmAfbvEv47cIHzE9vo4SuUl
|
| C:\588bce7c90097ed212\1025\eula.rtf | Modified File | Text |
Unknown
|
...
|
»
| Mime Type | text/rtf |
| File Size | 7.41 KB |
| MD5 |
2c75720b6ef67db6f951290be93a2315
|
| SHA1 |
e16d99c6fc95cb2a5a5f0ed2bac6a8562a1c365b
|
| SHA256 |
d8eec5529ce28ea15c33e76998c0b74e1b44069912583728db25b0c268e94663
|
| SSDeep |
192:sf3yLpQxL75CD7sH08JUXthIT2M+bOx7BnT7QUmDH:AyLpQxL7YsH08JUXQT2M+s7BnT7QUmDH
|
RTF Information
»
Document Content
»
| MICROSOFT MICROSOFT .NET FRAMEWORK 4 WINDOWS MICROSOFT MICROSOFT .NET FRAMEWORK 4 CLIENT PROFILE WINDOWS MICROSOFT Microsoft Corporation ( ) . Microsoft Windows ( ) ( "") . . . . . . . . . 1. f0 . Microsoft www.support.microsoft.com/common/international.aspx . 2. f0 MICROSOFT .NET FRAMEWORK . . NET Framework ( " NET ."). . go.microsoft.com/fwlink/?LinkID=66406 . Microsoft Microsoft NET . go.microsoft.com/fwlink/?LinkID=66406 . |
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 1.08 KB |
| MD5 |
5e591da44d2f0e83677cef2d44cd69c8
|
| SHA1 |
f6ac41298fe34d53902b18b666ef86bf28d7c79c
|
| SHA256 |
5d29b67e98d7b5d4e41340d7a326a3a59473fb6b4bd883a526d0017981f690cd
|
| SSDeep |
24:Ku3fwo1NUThutyFgjdBXWgA4bZY8e5sZvCoHttq3jYl:33YoXUT5SjGgJb2h5sZvCfjE
|
| C:\Program Files\Java\jre1.8.0_144\bin\servertool.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 16.08 KB |
| MD5 |
0b3c73e1bc8b36c055a765ab8634f367
|
| SHA1 |
3bcc104cc7edd0f5e3fd0060d75176c94c12f9c5
|
| SHA256 |
4427e96087e872d49351969ea42077f8267fd280cb08ef7cbd5bdd728f7f973e
|
| SSDeep |
192:2UP1yTHTkv2i6MIKEfof71eegUDBnYe+PjPriT0fwTRNM:5PaK2iWKNf71eegUnYPLr7x
|
| ImpHash |
2c43cda2243b5af72e180e8d1f09446d
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x14000141c |
| Size Of Code | 0x800 |
| Size Of Initialized Data | 0x1c00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2017-07-22 05:07:23+00:00 |
Version Information (9)
»
| CompanyName | Oracle Corporation |
| FileDescription | Java(TM) Platform SE binary |
| FileVersion | 8.0.1440.1 |
| Full Version | 1.8.0_144-b01 |
| InternalName | servertool |
| LegalCopyright | Copyright © 2017 |
| OriginalFilename | servertool.exe |
| ProductName | Java(TM) Platform SE 8 |
| ProductVersion | 8.0.1440.1 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x7e2 | 0x800 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.84 |
| .rdata | 0x140002000 | 0x81a | 0xa00 | 0xc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.86 |
| .data | 0x140003000 | 0xc8 | 0x200 | 0x1600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.99 |
| .pdata | 0x140004000 | 0xc0 | 0x200 | 0x1800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.56 |
| .rsrc | 0x140005000 | 0xa64 | 0xc00 | 0x1a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.24 |
| .reloc | 0x140006000 | 0x4a | 0x200 | 0x2600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.47 |
Imports (3)
»
jli.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| JLI_CmdToArgs | 0x0 | 0x140002120 | 0x2570 | 0x1170 | 0x0 |
| JLI_GetStdArgc | 0x0 | 0x140002128 | 0x2578 | 0x1178 | 0x1 |
| JLI_MemAlloc | 0x0 | 0x140002130 | 0x2580 | 0x1180 | 0x5 |
| JLI_GetStdArgs | 0x0 | 0x140002138 | 0x2588 | 0x1188 | 0x2 |
| JLI_Launch | 0x0 | 0x140002140 | 0x2590 | 0x1190 | 0x3 |
MSVCR100.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __getmainargs | 0x0 | 0x140002058 | 0x24a8 | 0x10a8 | 0x152 |
| __C_specific_handler | 0x0 | 0x140002060 | 0x24b0 | 0x10b0 | 0x11e |
| _XcptFilter | 0x0 | 0x140002068 | 0x24b8 | 0x10b8 | 0x11a |
| _exit | 0x0 | 0x140002070 | 0x24c0 | 0x10c0 | 0x200 |
| _cexit | 0x0 | 0x140002078 | 0x24c8 | 0x10c8 | 0x1b5 |
| exit | 0x0 | 0x140002080 | 0x24d0 | 0x10d0 | 0x548 |
| __initenv | 0x0 | 0x140002088 | 0x24d8 | 0x10d8 | 0x153 |
| _amsg_exit | 0x0 | 0x140002090 | 0x24e0 | 0x10e0 | 0x19e |
| _initterm_e | 0x0 | 0x140002098 | 0x24e8 | 0x10e8 | 0x287 |
| _configthreadlocale | 0x0 | 0x1400020a0 | 0x24f0 | 0x10f0 | 0x1c5 |
| __setusermatherr | 0x0 | 0x1400020a8 | 0x24f8 | 0x10f8 | 0x17c |
| _commode | 0x0 | 0x1400020b0 | 0x2500 | 0x1100 | 0x1c4 |
| _fmode | 0x0 | 0x1400020b8 | 0x2508 | 0x1108 | 0x21c |
| __set_app_type | 0x0 | 0x1400020c0 | 0x2510 | 0x1110 | 0x179 |
| ?terminate@@YAXXZ | 0x0 | 0x1400020c8 | 0x2518 | 0x1118 | 0x100 |
| _unlock | 0x0 | 0x1400020d0 | 0x2520 | 0x1120 | 0x45b |
| __dllonexit | 0x0 | 0x1400020d8 | 0x2528 | 0x1128 | 0x148 |
| _lock | 0x0 | 0x1400020e0 | 0x2530 | 0x1130 | 0x2f6 |
| _onexit | 0x0 | 0x1400020e8 | 0x2538 | 0x1138 | 0x39d |
| getenv | 0x0 | 0x1400020f0 | 0x2540 | 0x1140 | 0x573 |
| printf | 0x0 | 0x1400020f8 | 0x2548 | 0x1148 | 0x5b3 |
| __argc | 0x0 | 0x140002100 | 0x2550 | 0x1150 | 0x13d |
| __argv | 0x0 | 0x140002108 | 0x2558 | 0x1158 | 0x13e |
| _initterm | 0x0 | 0x140002110 | 0x2560 | 0x1160 | 0x286 |
KERNEL32.dll (10)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetSystemTimeAsFileTime | 0x0 | 0x140002000 | 0x2450 | 0x1050 | 0x280 |
| GetCurrentProcessId | 0x0 | 0x140002008 | 0x2458 | 0x1058 | 0x1c7 |
| GetCurrentThreadId | 0x0 | 0x140002010 | 0x2460 | 0x1060 | 0x1cb |
| GetTickCount | 0x0 | 0x140002018 | 0x2468 | 0x1068 | 0x29a |
| QueryPerformanceCounter | 0x0 | 0x140002020 | 0x2470 | 0x1070 | 0x3a9 |
| SetUnhandledExceptionFilter | 0x0 | 0x140002028 | 0x2478 | 0x1078 | 0x4b3 |
| EncodePointer | 0x0 | 0x140002030 | 0x2480 | 0x1080 | 0xee |
| Sleep | 0x0 | 0x140002038 | 0x2488 | 0x1088 | 0x4c0 |
| GetCommandLineA | 0x0 | 0x140002040 | 0x2490 | 0x1090 | 0x18c |
| DecodePointer | 0x0 | 0x140002048 | 0x2498 | 0x1098 | 0xcb |
Digital Signatures (2)
»
Certificate: Oracle America, Inc.
»
| Issued by | Oracle America, Inc. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2015-04-14 00:00:00+00:00 |
| Valid Until | 2018-04-13 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52 |
| Thumbprint | 3B 75 81 6D 15 A6 D8 F4 59 8E 9C F5 60 3F 18 39 EE 84 D7 3D |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00:00+00:00 |
| Valid Until | 2023-12-09 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\Program Files\Java\jre1.8.0_144\bin\servertool.exe.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\servertool.exe (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 16.08 KB |
| MD5 |
e29995cfc1db14a02bd0becc9032cdc8
|
| SHA1 |
a320b70baaccaee499725c287a947c542141d0ca
|
| SHA256 |
229ea1cbcd155850a2df96c656178d71eff0419fe61a9cd42c5c6728fca95f0d
|
| SSDeep |
192:RBg3lnnMOLY2oJIZdoEIKEfof71eegUDBnYe+PjPriT0fwTRNM:TqACZdiKNf71eegUnYPLr7x
|
| C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 3.52 MB |
| MD5 |
057b9c472dfbffe30cba467856bd7218
|
| SHA1 |
60f5162dbc61b7cac5918ad3389dcf8c06debdde
|
| SHA256 |
ee7c78143d91fd083d329b8ddf68727fb4093cbb409f57775c7c0a82e5500f0c
|
| SSDeep |
24576:6ehVph0e2vKErcJs69zAwhgEfUnU5W8ns4B1SJGpufrxWVoP/EG+X6w5AYawdGPV:6QjJsqd8i/rpwgOd
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf | Modified File |
Unknown
|
...
|
»
| Mime Type | application/pdf |
| File Size | 75.69 KB |
| MD5 |
4b2b1301c42225cbbfc4b3f0adeb162d
|
| SHA1 |
ea21a4ccfee3050d543195f6b349becb05055d3f
|
| SHA256 |
a857550e47e2a3fc921ede6b7f7e6d1a0ad04547eaa5c46a4aac1e56ab2a5719
|
| SSDeep |
1536:9s9ECWrHBDGkGIGK7cvQ0VPp/8jsATzV8nG:i94lZ5/7Ap/D6zKnG
|
PDF Information
»
| Title | Getting Started with Acrobat Reader |
| Subject | - |
| Author | - |
| Creator | Adobe InDesign CC 2015 (Macintosh) |
| Keywords | - |
| Producer | Adobe PDF Library 15.0 |
| Page Count | 5 |
| Encrypted |
|
| Create Time | 2015-09-22 22:28:17+00:00 |
| Modify Time | 2016-09-01 08:28:16+00:00 |
YARA Matches (1)
»
| Rule Name | Rule Description | Classification | Score | Actions |
|---|---|---|---|---|
| PDF_Data_after_last_EOF | PDF has data appended after the last EOF marker; possible malicious payload | - |
1/5
|
...
|
Embedded URLs (3)
»
| URL | First Seen | Categories | Threat Names | Reputation Status | WHOIS Data |
|---|---|---|---|---|---|
| https://forums.adobe.com/community/adobe_reader_forums | - | - | - |
Unknown
|
Not Queried
|
| https://helpx.adobe.com/reader.html | - | - | - |
Unknown
|
Not Queried
|
| http://blogs.adobe.com/documentcloud/category/reader/ | - | - | - |
Unknown
|
Not Queried
|
| C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 452.18 KB |
| MD5 |
18f106653da8794c79cfdf8163f03bfe
|
| SHA1 |
3fe432962329c9763862cc118fee773f33ce5304
|
| SHA256 |
811742bf548975b8420a3cbd6da3c88767f8038602217947d67fe2cae937511a
|
| SSDeep |
12288:5ymOcB+pwPprnVmLmDsC+FU+ZOSz09tzZuE8EE2:5LOsDFncLmKDZOSzoFvE2
|
| ImpHash |
dcbe94b8cc54b8e53867c61cc96811d6
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x427e1e |
| Size Of Code | 0x38c00 |
| Size Of Initialized Data | 0x22c00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2014-04-29 18:27:40+00:00 |
Version Information (8)
»
| CompanyName | Microsoft Corporation |
| FileDescription | Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 |
| FileVersion | 12.0.30501.0 |
| InternalName | setup |
| LegalCopyright | Copyright (c) Microsoft Corporation. All rights reserved. |
| OriginalFilename | vcredist_x64.exe |
| ProductName | Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 |
| ProductVersion | 12.0.30501.0 |
Sections (7)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x38b74 | 0x38c00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.51 |
| .rdata | 0x43a000 | 0x19aae | 0x19c00 | 0x39000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.96 |
| .data | 0x454000 | 0x3020 | 0x1000 | 0x52c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.67 |
| .wixburn | 0x458000 | 0x38 | 0x200 | 0x53c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 0.58 |
| .tls | 0x459000 | 0x9 | 0x200 | 0x53e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .rsrc | 0x45a000 | 0x37e4 | 0x3800 | 0x54000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.44 |
| .reloc | 0x45e000 | 0x42fa | 0x4400 | 0x57800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.7 |
Imports (14)
»
ADVAPI32.dll (44)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| AdjustTokenPrivileges | 0x0 | 0x43a000 | 0x522a0 | 0x512a0 | 0x1f |
| LookupPrivilegeValueW | 0x0 | 0x43a004 | 0x522a4 | 0x512a4 | 0x197 |
| OpenProcessToken | 0x0 | 0x43a008 | 0x522a8 | 0x512a8 | 0x1f7 |
| ConvertStringSecurityDescriptorToSecurityDescriptorW | 0x0 | 0x43a00c | 0x522ac | 0x512ac | 0x72 |
| RegCloseKey | 0x0 | 0x43a010 | 0x522b0 | 0x512b0 | 0x230 |
| RegDeleteValueW | 0x0 | 0x43a014 | 0x522b4 | 0x512b4 | 0x248 |
| RegQueryValueExW | 0x0 | 0x43a018 | 0x522b8 | 0x512b8 | 0x26e |
| GetUserNameW | 0x0 | 0x43a01c | 0x522bc | 0x512bc | 0x165 |
| InitiateSystemShutdownExW | 0x0 | 0x43a020 | 0x522c0 | 0x512c0 | 0x17d |
| CreateWellKnownSid | 0x0 | 0x43a024 | 0x522c4 | 0x512c4 | 0x83 |
| InitializeAcl | 0x0 | 0x43a028 | 0x522c8 | 0x512c8 | 0x176 |
| SetEntriesInAclW | 0x0 | 0x43a02c | 0x522cc | 0x512cc | 0x2a6 |
| DecryptFileW | 0x0 | 0x43a030 | 0x522d0 | 0x512d0 | 0xd8 |
| ChangeServiceConfigW | 0x0 | 0x43a034 | 0x522d4 | 0x512d4 | 0x50 |
| ControlService | 0x0 | 0x43a038 | 0x522d8 | 0x512d8 | 0x5c |
| CloseServiceHandle | 0x0 | 0x43a03c | 0x522dc | 0x512dc | 0x57 |
| QueryServiceStatus | 0x0 | 0x43a040 | 0x522e0 | 0x512e0 | 0x228 |
| OpenServiceW | 0x0 | 0x43a044 | 0x522e4 | 0x512e4 | 0x1fb |
| OpenSCManagerW | 0x0 | 0x43a048 | 0x522e8 | 0x512e8 | 0x1f9 |
| CryptAcquireContextW | 0x0 | 0x43a04c | 0x522ec | 0x512ec | 0xb1 |
| CryptCreateHash | 0x0 | 0x43a050 | 0x522f0 | 0x512f0 | 0xb3 |
| CryptHashData | 0x0 | 0x43a054 | 0x522f4 | 0x512f4 | 0xc8 |
| CryptGetHashParam | 0x0 | 0x43a058 | 0x522f8 | 0x512f8 | 0xc4 |
| CryptDestroyHash | 0x0 | 0x43a05c | 0x522fc | 0x512fc | 0xb6 |
| CryptReleaseContext | 0x0 | 0x43a060 | 0x52300 | 0x51300 | 0xcb |
| RegDeleteKeyW | 0x0 | 0x43a064 | 0x52304 | 0x51304 | 0x244 |
| RegCreateKeyExW | 0x0 | 0x43a068 | 0x52308 | 0x51308 | 0x239 |
| RegEnumKeyExW | 0x0 | 0x43a06c | 0x5230c | 0x5130c | 0x24f |
| RegEnumValueW | 0x0 | 0x43a070 | 0x52310 | 0x51310 | 0x252 |
| RegQueryInfoKeyW | 0x0 | 0x43a074 | 0x52314 | 0x51314 | 0x268 |
| RegSetValueExW | 0x0 | 0x43a078 | 0x52318 | 0x51318 | 0x27e |
| SetEntriesInAclA | 0x0 | 0x43a07c | 0x5231c | 0x5131c | 0x2a5 |
| SetSecurityDescriptorGroup | 0x0 | 0x43a080 | 0x52320 | 0x51320 | 0x2b7 |
| RegOpenKeyExW | 0x0 | 0x43a084 | 0x52324 | 0x51324 | 0x261 |
| GetTokenInformation | 0x0 | 0x43a088 | 0x52328 | 0x51328 | 0x15a |
| CheckTokenMembership | 0x0 | 0x43a08c | 0x5232c | 0x5132c | 0x51 |
| AllocateAndInitializeSid | 0x0 | 0x43a090 | 0x52330 | 0x51330 | 0x20 |
| FreeSid | 0x0 | 0x43a094 | 0x52334 | 0x51334 | 0x120 |
| LookupAccountNameW | 0x0 | 0x43a098 | 0x52338 | 0x51338 | 0x18f |
| SetNamedSecurityInfoW | 0x0 | 0x43a09c | 0x5233c | 0x5133c | 0x2b1 |
| InitializeSecurityDescriptor | 0x0 | 0x43a0a0 | 0x52340 | 0x51340 | 0x177 |
| SetSecurityDescriptorDacl | 0x0 | 0x43a0a4 | 0x52344 | 0x51344 | 0x2b6 |
| SetSecurityDescriptorOwner | 0x0 | 0x43a0a8 | 0x52348 | 0x51348 | 0x2b8 |
| QueryServiceConfigW | 0x0 | 0x43a0ac | 0x5234c | 0x5134c | 0x224 |
USER32.dll (23)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetMessageW | 0x0 | 0x43a358 | 0x525f8 | 0x515f8 | 0x15d |
| PeekMessageW | 0x0 | 0x43a35c | 0x525fc | 0x515fc | 0x233 |
| PostMessageW | 0x0 | 0x43a360 | 0x52600 | 0x51600 | 0x236 |
| PostThreadMessageW | 0x0 | 0x43a364 | 0x52604 | 0x51604 | 0x239 |
| PostQuitMessage | 0x0 | 0x43a368 | 0x52608 | 0x51608 | 0x237 |
| SetWindowLongW | 0x0 | 0x43a36c | 0x5260c | 0x5160c | 0x2c4 |
| DefWindowProcW | 0x0 | 0x43a370 | 0x52610 | 0x51610 | 0x9c |
| UnregisterClassW | 0x0 | 0x43a374 | 0x52614 | 0x51614 | 0x306 |
| DispatchMessageW | 0x0 | 0x43a378 | 0x52618 | 0x51618 | 0xaf |
| TranslateMessage | 0x0 | 0x43a37c | 0x5261c | 0x5161c | 0x2fc |
| GetMonitorInfoW | 0x0 | 0x43a380 | 0x52620 | 0x51620 | 0x15f |
| IsDialogMessageW | 0x0 | 0x43a384 | 0x52624 | 0x51624 | 0x1cd |
| MessageBoxW | 0x0 | 0x43a388 | 0x52628 | 0x51628 | 0x215 |
| GetWindowLongW | 0x0 | 0x43a38c | 0x5262c | 0x5162c | 0x196 |
| RegisterClassW | 0x0 | 0x43a390 | 0x52630 | 0x51630 | 0x24e |
| IsWindow | 0x0 | 0x43a394 | 0x52634 | 0x51634 | 0x1db |
| MsgWaitForMultipleObjects | 0x0 | 0x43a398 | 0x52638 | 0x51638 | 0x21c |
| WaitForInputIdle | 0x0 | 0x43a39c | 0x5263c | 0x5163c | 0x326 |
| LoadCursorW | 0x0 | 0x43a3a0 | 0x52640 | 0x51640 | 0x1eb |
| LoadBitmapW | 0x0 | 0x43a3a4 | 0x52644 | 0x51644 | 0x1e7 |
| GetCursorPos | 0x0 | 0x43a3a8 | 0x52648 | 0x51648 | 0x120 |
| MonitorFromPoint | 0x0 | 0x43a3ac | 0x5264c | 0x5164c | 0x218 |
| CreateWindowExW | 0x0 | 0x43a3b0 | 0x52650 | 0x51650 | 0x6e |
OLEAUT32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SysFreeString | 0x6 | 0x43a32c | 0x525cc | 0x515cc | - |
| SysAllocString | 0x2 | 0x43a330 | 0x525d0 | 0x515d0 | - |
| VariantInit | 0x8 | 0x43a334 | 0x525d4 | 0x515d4 | - |
| VariantClear | 0x9 | 0x43a338 | 0x525d8 | 0x515d8 | - |
GDI32.dll (6)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DeleteObject | 0x0 | 0x43a0d0 | 0x52370 | 0x51370 | 0xe6 |
| GetObjectW | 0x0 | 0x43a0d4 | 0x52374 | 0x51374 | 0x1fd |
| CreateCompatibleDC | 0x0 | 0x43a0d8 | 0x52378 | 0x51378 | 0x30 |
| SelectObject | 0x0 | 0x43a0dc | 0x5237c | 0x5137c | 0x277 |
| DeleteDC | 0x0 | 0x43a0e0 | 0x52380 | 0x51380 | 0xe3 |
| StretchBlt | 0x0 | 0x43a0e4 | 0x52384 | 0x51384 | 0x2b3 |
SHELL32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ShellExecuteExW | 0x0 | 0x43a348 | 0x525e8 | 0x515e8 | 0x121 |
| SHGetFolderPathW | 0x0 | 0x43a34c | 0x525ec | 0x515ec | 0xc3 |
| CommandLineToArgvW | 0x0 | 0x43a350 | 0x525f0 | 0x515f0 | 0x6 |
ole32.dll (8)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CoTaskMemFree | 0x0 | 0x43a45c | 0x526fc | 0x516fc | 0x68 |
| CoInitializeSecurity | 0x0 | 0x43a460 | 0x52700 | 0x51700 | 0x40 |
| CLSIDFromProgID | 0x0 | 0x43a464 | 0x52704 | 0x51704 | 0x6 |
| CoCreateInstance | 0x0 | 0x43a468 | 0x52708 | 0x51708 | 0x10 |
| CoInitialize | 0x0 | 0x43a46c | 0x5270c | 0x5170c | 0x3e |
| StringFromGUID2 | 0x0 | 0x43a470 | 0x52710 | 0x51710 | 0x179 |
| CoInitializeEx | 0x0 | 0x43a474 | 0x52714 | 0x51714 | 0x3f |
| CoUninitialize | 0x0 | 0x43a478 | 0x52718 | 0x51718 | 0x6c |
KERNEL32.dll (143)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ReadFile | 0x0 | 0x43a0ec | 0x5238c | 0x5138c | 0x3c0 |
| SetFilePointerEx | 0x0 | 0x43a0f0 | 0x52390 | 0x51390 | 0x467 |
| CreateFileW | 0x0 | 0x43a0f4 | 0x52394 | 0x51394 | 0x8f |
| GetCurrentProcessId | 0x0 | 0x43a0f8 | 0x52398 | 0x51398 | 0x1c1 |
| GetProcessId | 0x0 | 0x43a0fc | 0x5239c | 0x5139c | 0x24c |
| WriteFile | 0x0 | 0x43a100 | 0x523a0 | 0x513a0 | 0x525 |
| ConnectNamedPipe | 0x0 | 0x43a104 | 0x523a4 | 0x513a4 | 0x65 |
| SetNamedPipeHandleState | 0x0 | 0x43a108 | 0x523a8 | 0x513a8 | 0x47c |
| lstrlenW | 0x0 | 0x43a10c | 0x523ac | 0x513ac | 0x54e |
| CompareStringW | 0x0 | 0x43a110 | 0x523b0 | 0x513b0 | 0x64 |
| LocalFree | 0x0 | 0x43a114 | 0x523b4 | 0x513b4 | 0x348 |
| CreateNamedPipeW | 0x0 | 0x43a118 | 0x523b8 | 0x513b8 | 0xa0 |
| WaitForSingleObject | 0x0 | 0x43a11c | 0x523bc | 0x513bc | 0x4f9 |
| OpenProcess | 0x0 | 0x43a120 | 0x523c0 | 0x513c0 | 0x380 |
| lstrlenA | 0x0 | 0x43a124 | 0x523c4 | 0x513c4 | 0x54d |
| RemoveDirectoryW | 0x0 | 0x43a128 | 0x523c8 | 0x513c8 | 0x403 |
| GetFileAttributesW | 0x0 | 0x43a12c | 0x523cc | 0x513cc | 0x1ea |
| ExpandEnvironmentStringsW | 0x0 | 0x43a130 | 0x523d0 | 0x513d0 | 0x11d |
| LeaveCriticalSection | 0x0 | 0x43a134 | 0x523d4 | 0x513d4 | 0x339 |
| EnterCriticalSection | 0x0 | 0x43a138 | 0x523d8 | 0x513d8 | 0xee |
| FreeLibrary | 0x0 | 0x43a13c | 0x523dc | 0x513dc | 0x162 |
| GetProcAddress | 0x0 | 0x43a140 | 0x523e0 | 0x513e0 | 0x245 |
| VerifyVersionInfoW | 0x0 | 0x43a144 | 0x523e4 | 0x513e4 | 0x4e8 |
| VerSetConditionMask | 0x0 | 0x43a148 | 0x523e8 | 0x513e8 | 0x4e4 |
| GetComputerNameW | 0x0 | 0x43a14c | 0x523ec | 0x513ec | 0x18f |
| GetTempPathW | 0x0 | 0x43a150 | 0x523f0 | 0x513f0 | 0x285 |
| GetSystemDirectoryW | 0x0 | 0x43a154 | 0x523f4 | 0x513f4 | 0x270 |
| GetSystemWow64DirectoryW | 0x0 | 0x43a158 | 0x523f8 | 0x513f8 | 0x27e |
| GetVolumePathNameW | 0x0 | 0x43a15c | 0x523fc | 0x513fc | 0x2ab |
| GetWindowsDirectoryW | 0x0 | 0x43a160 | 0x52400 | 0x51400 | 0x2af |
| GetSystemDefaultLangID | 0x0 | 0x43a164 | 0x52404 | 0x51404 | 0x26c |
| RtlUnwind | 0x0 | 0x43a168 | 0x52408 | 0x51408 | 0x418 |
| GetDateFormatW | 0x0 | 0x43a16c | 0x5240c | 0x5140c | 0x1c8 |
| GetSystemTime | 0x0 | 0x43a170 | 0x52410 | 0x51410 | 0x277 |
| InterlockedExchange | 0x0 | 0x43a174 | 0x52414 | 0x51414 | 0x2ec |
| LoadLibraryW | 0x0 | 0x43a178 | 0x52418 | 0x51418 | 0x33f |
| InterlockedCompareExchange | 0x0 | 0x43a17c | 0x5241c | 0x5141c | 0x2e9 |
| GetExitCodeThread | 0x0 | 0x43a180 | 0x52420 | 0x51420 | 0x1e0 |
| CreateThread | 0x0 | 0x43a184 | 0x52424 | 0x51424 | 0xb5 |
| SetEvent | 0x0 | 0x43a188 | 0x52428 | 0x51428 | 0x459 |
| WaitForMultipleObjects | 0x0 | 0x43a18c | 0x5242c | 0x5142c | 0x4f7 |
| CreateEventW | 0x0 | 0x43a190 | 0x52430 | 0x51430 | 0x85 |
| ProcessIdToSessionId | 0x0 | 0x43a194 | 0x52434 | 0x51434 | 0x399 |
| InterlockedIncrement | 0x0 | 0x43a198 | 0x52438 | 0x51438 | 0x2ef |
| InterlockedDecrement | 0x0 | 0x43a19c | 0x5243c | 0x5143c | 0x2eb |
| GetStringTypeW | 0x0 | 0x43a1a0 | 0x52440 | 0x51440 | 0x269 |
| GetModuleHandleW | 0x0 | 0x43a1a4 | 0x52444 | 0x51444 | 0x218 |
| FindClose | 0x0 | 0x43a1a8 | 0x52448 | 0x51448 | 0x12e |
| FindNextFileW | 0x0 | 0x43a1ac | 0x5244c | 0x5144c | 0x145 |
| FindFirstFileW | 0x0 | 0x43a1b0 | 0x52450 | 0x51450 | 0x139 |
| CreateProcessW | 0x0 | 0x43a1b4 | 0x52454 | 0x51454 | 0xa8 |
| SetCurrentDirectoryW | 0x0 | 0x43a1b8 | 0x52458 | 0x51458 | 0x44d |
| GetCurrentDirectoryW | 0x0 | 0x43a1bc | 0x5245c | 0x5145c | 0x1bf |
| GetExitCodeProcess | 0x0 | 0x43a1c0 | 0x52460 | 0x51460 | 0x1df |
| DuplicateHandle | 0x0 | 0x43a1c4 | 0x52464 | 0x51464 | 0xe8 |
| SetThreadExecutionState | 0x0 | 0x43a1c8 | 0x52468 | 0x51468 | 0x493 |
| CopyFileExW | 0x0 | 0x43a1cc | 0x5246c | 0x5146c | 0x72 |
| UnmapViewOfFile | 0x0 | 0x43a1d0 | 0x52470 | 0x51470 | 0x4d6 |
| MapViewOfFile | 0x0 | 0x43a1d4 | 0x52474 | 0x51474 | 0x357 |
| CreateFileMappingW | 0x0 | 0x43a1d8 | 0x52478 | 0x51478 | 0x8c |
| CreateMutexW | 0x0 | 0x43a1dc | 0x5247c | 0x5147c | 0x9e |
| SetEndOfFile | 0x0 | 0x43a1e0 | 0x52480 | 0x51480 | 0x453 |
| ResetEvent | 0x0 | 0x43a1e4 | 0x52484 | 0x51484 | 0x40f |
| SetFileTime | 0x0 | 0x43a1e8 | 0x52488 | 0x51488 | 0x46a |
| LocalFileTimeToFileTime | 0x0 | 0x43a1ec | 0x5248c | 0x5148c | 0x346 |
| DosDateTimeToFileTime | 0x0 | 0x43a1f0 | 0x52490 | 0x51490 | 0xe4 |
| CreateFileA | 0x0 | 0x43a1f4 | 0x52494 | 0x51494 | 0x88 |
| CompareStringA | 0x0 | 0x43a1f8 | 0x52498 | 0x51498 | 0x61 |
| GetSystemTimeAsFileTime | 0x0 | 0x43a1fc | 0x5249c | 0x5149c | 0x279 |
| VirtualFree | 0x0 | 0x43a200 | 0x524a0 | 0x514a0 | 0x4ec |
| VirtualAlloc | 0x0 | 0x43a204 | 0x524a4 | 0x514a4 | 0x4e9 |
| DeleteFileW | 0x0 | 0x43a208 | 0x524a8 | 0x514a8 | 0xd6 |
| GetThreadLocale | 0x0 | 0x43a20c | 0x524ac | 0x514ac | 0x28c |
| GetVersionExW | 0x0 | 0x43a210 | 0x524b0 | 0x514b0 | 0x2a4 |
| GetCurrentThreadId | 0x0 | 0x43a214 | 0x524b4 | 0x514b4 | 0x1c5 |
| TlsAlloc | 0x0 | 0x43a218 | 0x524b8 | 0x514b8 | 0x4c5 |
| TlsSetValue | 0x0 | 0x43a21c | 0x524bc | 0x514bc | 0x4c8 |
| ReleaseMutex | 0x0 | 0x43a220 | 0x524c0 | 0x514c0 | 0x3fa |
| GetLastError | 0x0 | 0x43a224 | 0x524c4 | 0x514c4 | 0x202 |
| Sleep | 0x0 | 0x43a228 | 0x524c8 | 0x514c8 | 0x4b2 |
| TlsGetValue | 0x0 | 0x43a22c | 0x524cc | 0x514cc | 0x4c7 |
| CloseHandle | 0x0 | 0x43a230 | 0x524d0 | 0x514d0 | 0x52 |
| DeleteCriticalSection | 0x0 | 0x43a234 | 0x524d4 | 0x514d4 | 0xd1 |
| GetTimeZoneInformation | 0x0 | 0x43a238 | 0x524d8 | 0x514d8 | 0x298 |
| GetACP | 0x0 | 0x43a23c | 0x524dc | 0x514dc | 0x168 |
| GetCPInfo | 0x0 | 0x43a240 | 0x524e0 | 0x514e0 | 0x172 |
| RaiseException | 0x0 | 0x43a244 | 0x524e4 | 0x514e4 | 0x3b1 |
| HeapAlloc | 0x0 | 0x43a248 | 0x524e8 | 0x514e8 | 0x2cb |
| HeapFree | 0x0 | 0x43a24c | 0x524ec | 0x514ec | 0x2cf |
| IsDebuggerPresent | 0x0 | 0x43a250 | 0x524f0 | 0x514f0 | 0x300 |
| UnhandledExceptionFilter | 0x0 | 0x43a254 | 0x524f4 | 0x514f4 | 0x4d3 |
| TerminateProcess | 0x0 | 0x43a258 | 0x524f8 | 0x514f8 | 0x4c0 |
| IsProcessorFeaturePresent | 0x0 | 0x43a25c | 0x524fc | 0x514fc | 0x304 |
| SystemTimeToTzSpecificLocalTime | 0x0 | 0x43a260 | 0x52500 | 0x51500 | 0x4be |
| SystemTimeToFileTime | 0x0 | 0x43a264 | 0x52504 | 0x51504 | 0x4bd |
| GlobalAlloc | 0x0 | 0x43a268 | 0x52508 | 0x51508 | 0x2b3 |
| GlobalFree | 0x0 | 0x43a26c | 0x5250c | 0x5150c | 0x2ba |
| SetFilePointer | 0x0 | 0x43a270 | 0x52510 | 0x51510 | 0x466 |
| WideCharToMultiByte | 0x0 | 0x43a274 | 0x52514 | 0x51514 | 0x511 |
| GetConsoleCP | 0x0 | 0x43a278 | 0x52518 | 0x51518 | 0x19a |
| GetConsoleMode | 0x0 | 0x43a27c | 0x5251c | 0x5151c | 0x1ac |
| TlsFree | 0x0 | 0x43a280 | 0x52520 | 0x51520 | 0x4c6 |
| InitializeCriticalSection | 0x0 | 0x43a284 | 0x52524 | 0x51524 | 0x2e2 |
| GetCurrentProcess | 0x0 | 0x43a288 | 0x52528 | 0x51528 | 0x1c0 |
| HeapSetInformation | 0x0 | 0x43a28c | 0x5252c | 0x5152c | 0x2d3 |
| GetOEMCP | 0x0 | 0x43a290 | 0x52530 | 0x51530 | 0x237 |
| SetFileAttributesW | 0x0 | 0x43a294 | 0x52534 | 0x51534 | 0x461 |
| IsValidCodePage | 0x0 | 0x43a298 | 0x52538 | 0x51538 | 0x30a |
| HeapSize | 0x0 | 0x43a29c | 0x5253c | 0x5153c | 0x2d4 |
| HeapReAlloc | 0x0 | 0x43a2a0 | 0x52540 | 0x51540 | 0x2d2 |
| LCMapStringW | 0x0 | 0x43a2a4 | 0x52544 | 0x51544 | 0x32d |
| MultiByteToWideChar | 0x0 | 0x43a2a8 | 0x52548 | 0x51548 | 0x367 |
| SetStdHandle | 0x0 | 0x43a2ac | 0x5254c | 0x5154c | 0x487 |
| WriteConsoleW | 0x0 | 0x43a2b0 | 0x52550 | 0x51550 | 0x524 |
| FlushFileBuffers | 0x0 | 0x43a2b4 | 0x52554 | 0x51554 | 0x157 |
| GetLocalTime | 0x0 | 0x43a2b8 | 0x52558 | 0x51558 | 0x203 |
| FormatMessageW | 0x0 | 0x43a2bc | 0x5255c | 0x5155c | 0x15e |
| GetTempFileNameW | 0x0 | 0x43a2c0 | 0x52560 | 0x51560 | 0x283 |
| GetFullPathNameW | 0x0 | 0x43a2c4 | 0x52564 | 0x51564 | 0x1fb |
| CreateDirectoryW | 0x0 | 0x43a2c8 | 0x52568 | 0x51568 | 0x81 |
| GetProcessHeap | 0x0 | 0x43a2cc | 0x5256c | 0x5156c | 0x24a |
| GetModuleHandleA | 0x0 | 0x43a2d0 | 0x52570 | 0x51570 | 0x215 |
| GetFileSizeEx | 0x0 | 0x43a2d4 | 0x52574 | 0x51574 | 0x1f1 |
| GetUserDefaultLangID | 0x0 | 0x43a2d8 | 0x52578 | 0x51578 | 0x29c |
| GetTickCount | 0x0 | 0x43a2dc | 0x5257c | 0x5157c | 0x293 |
| QueryPerformanceCounter | 0x0 | 0x43a2e0 | 0x52580 | 0x51580 | 0x3a7 |
| HeapCreate | 0x0 | 0x43a2e4 | 0x52584 | 0x51584 | 0x2cd |
| SetLastError | 0x0 | 0x43a2e8 | 0x52588 | 0x51588 | 0x473 |
| EncodePointer | 0x0 | 0x43a2ec | 0x5258c | 0x5158c | 0xea |
| GetFileType | 0x0 | 0x43a2f0 | 0x52590 | 0x51590 | 0x1f3 |
| InitializeCriticalSectionAndSpinCount | 0x0 | 0x43a2f4 | 0x52594 | 0x51594 | 0x2e3 |
| SetHandleCount | 0x0 | 0x43a2f8 | 0x52598 | 0x51598 | 0x46f |
| GetEnvironmentStringsW | 0x0 | 0x43a2fc | 0x5259c | 0x5159c | 0x1da |
| MoveFileExW | 0x0 | 0x43a300 | 0x525a0 | 0x515a0 | 0x360 |
| FreeEnvironmentStringsW | 0x0 | 0x43a304 | 0x525a4 | 0x515a4 | 0x161 |
| GetModuleFileNameW | 0x0 | 0x43a308 | 0x525a8 | 0x515a8 | 0x214 |
| GetStdHandle | 0x0 | 0x43a30c | 0x525ac | 0x515ac | 0x264 |
| DecodePointer | 0x0 | 0x43a310 | 0x525b0 | 0x515b0 | 0xca |
| GetCommandLineW | 0x0 | 0x43a314 | 0x525b4 | 0x515b4 | 0x187 |
| GetStartupInfoW | 0x0 | 0x43a318 | 0x525b8 | 0x515b8 | 0x263 |
| SetUnhandledExceptionFilter | 0x0 | 0x43a31c | 0x525bc | 0x515bc | 0x4a5 |
| ExitProcess | 0x0 | 0x43a320 | 0x525c0 | 0x515c0 | 0x119 |
| CopyFileW | 0x0 | 0x43a324 | 0x525c4 | 0x515c4 | 0x75 |
Cabinet.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| (by ordinal) | 0x17 | 0x43a0c0 | 0x52360 | 0x51360 | - |
| (by ordinal) | 0x16 | 0x43a0c4 | 0x52364 | 0x51364 | - |
| (by ordinal) | 0x14 | 0x43a0c8 | 0x52368 | 0x51368 | - |
CRYPT32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CryptHashPublicKeyInfo | 0x0 | 0x43a0b4 | 0x52354 | 0x51354 | 0xa1 |
| CertGetCertificateContextProperty | 0x0 | 0x43a0b8 | 0x52358 | 0x51358 | 0x46 |
msi.dll (19)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| (by ordinal) | 0x74 | 0x43a40c | 0x526ac | 0x516ac | - |
| (by ordinal) | 0x11 | 0x43a410 | 0x526b0 | 0x516b0 | - |
| (by ordinal) | 0x7d | 0x43a414 | 0x526b4 | 0x516b4 | - |
| (by ordinal) | 0xab | 0x43a418 | 0x526b8 | 0x516b8 | - |
| (by ordinal) | 0x8 | 0x43a41c | 0x526bc | 0x516bc | - |
| (by ordinal) | 0x73 | 0x43a420 | 0x526c0 | 0x516c0 | - |
| (by ordinal) | 0x76 | 0x43a424 | 0x526c4 | 0x516c4 | - |
| (by ordinal) | 0xcd | 0x43a428 | 0x526c8 | 0x516c8 | - |
| (by ordinal) | 0x2d | 0x43a42c | 0x526cc | 0x516cc | - |
| (by ordinal) | 0x89 | 0x43a430 | 0x526d0 | 0x516d0 | - |
| (by ordinal) | 0x8d | 0x43a434 | 0x526d4 | 0x516d4 | - |
| (by ordinal) | 0xee | 0x43a438 | 0x526d8 | 0x516d8 | - |
| (by ordinal) | 0xbe | 0x43a43c | 0x526dc | 0x516dc | - |
| (by ordinal) | 0x58 | 0x43a440 | 0x526e0 | 0x516e0 | - |
| (by ordinal) | 0x5a | 0x43a444 | 0x526e4 | 0x516e4 | - |
| (by ordinal) | 0xad | 0x43a448 | 0x526e8 | 0x516e8 | - |
| (by ordinal) | 0x6f | 0x43a44c | 0x526ec | 0x516ec | - |
| (by ordinal) | 0x46 | 0x43a450 | 0x526f0 | 0x516f0 | - |
| (by ordinal) | 0xa9 | 0x43a454 | 0x526f4 | 0x516f4 | - |
RPCRT4.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| UuidCreate | 0x0 | 0x43a340 | 0x525e0 | 0x515e0 | 0x1fb |
WININET.dll (11)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| InternetCrackUrlW | 0x0 | 0x43a3c8 | 0x52668 | 0x51668 | 0x74 |
| HttpQueryInfoW | 0x0 | 0x43a3cc | 0x5266c | 0x5166c | 0x5a |
| InternetCloseHandle | 0x0 | 0x43a3d0 | 0x52670 | 0x51670 | 0x6b |
| HttpAddRequestHeadersW | 0x0 | 0x43a3d4 | 0x52674 | 0x51674 | 0x53 |
| HttpOpenRequestW | 0x0 | 0x43a3d8 | 0x52678 | 0x51678 | 0x58 |
| InternetErrorDlg | 0x0 | 0x43a3dc | 0x5267c | 0x5167c | 0x7c |
| InternetReadFile | 0x0 | 0x43a3e0 | 0x52680 | 0x51680 | 0x9f |
| HttpSendRequestW | 0x0 | 0x43a3e4 | 0x52684 | 0x51684 | 0x5e |
| InternetSetOptionW | 0x0 | 0x43a3e8 | 0x52688 | 0x51688 | 0xaf |
| InternetConnectW | 0x0 | 0x43a3ec | 0x5268c | 0x5168c | 0x72 |
| InternetOpenW | 0x0 | 0x43a3f0 | 0x52690 | 0x51690 | 0x9a |
WINTRUST.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CryptCATAdminCalcHashFromFileHandle | 0x0 | 0x43a3f8 | 0x52698 | 0x51698 | 0x4 |
| WTHelperProvDataFromStateData | 0x0 | 0x43a3fc | 0x5269c | 0x5169c | 0x5c |
| WTHelperGetProvSignerFromChain | 0x0 | 0x43a400 | 0x526a0 | 0x516a0 | 0x59 |
| WinVerifyTrust | 0x0 | 0x43a404 | 0x526a4 | 0x516a4 | 0x73 |
VERSION.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetFileVersionInfoW | 0x0 | 0x43a3b8 | 0x52658 | 0x51658 | 0x6 |
| GetFileVersionInfoSizeW | 0x0 | 0x43a3bc | 0x5265c | 0x5165c | 0x5 |
| VerQueryValueW | 0x0 | 0x43a3c0 | 0x52660 | 0x51660 | 0xe |
Icons (1)
»
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
| Issued by | Microsoft Corporation |
| Parent Certificate | Microsoft Code Signing PCA |
| Country Name | US |
| Valid From | 2014-04-22 17:39:00+00:00 |
| Valid Until | 2015-07-22 17:39:00+00:00 |
| Algorithm | sha1_rsa |
| Serial Number | 33 00 00 00 CA 6C D5 32 12 35 C4 E1 55 00 01 00 00 00 CA |
| Thumbprint | 67 B1 75 78 63 E3 EF F7 60 EA 9E BB 02 84 9A F0 7D 3A 80 80 |
Certificate: Microsoft Code Signing PCA
»
| Issued by | Microsoft Code Signing PCA |
| Country Name | US |
| Valid From | 2010-08-31 22:19:32+00:00 |
| Valid Until | 2020-08-31 22:29:32+00:00 |
| Algorithm | sha1_rsa |
| Serial Number | 61 33 26 1A 00 00 00 00 00 31 |
| Thumbprint | 3C AF 9B A2 DB 55 70 CA F7 69 42 FF 99 10 1B 99 38 88 E2 57 |
| C:\Program Files\Java\jre1.8.0_144\bin\ssvagent.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 68.58 KB |
| MD5 |
486ee03da1682391417a2eee394ba2e3
|
| SHA1 |
46ebfecd79ae5c53c9d04467285f4b2635992004
|
| SHA256 |
da88e1e5fa6adef4316958a40423829b5568890d8ab4fefd35fdc3bb17d960d4
|
| SSDeep |
1536:xZE7BbrdjSaq7jaNSK7gHGNnzOw82t/23:xAxeJKNSKEmdzOwVt/Y
|
| ImpHash |
9700e41d9f5b705a4ee7dfc464140f7f
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x1400090c4 |
| Size Of Code | 0x9200 |
| Size Of Initialized Data | 0x6a00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2017-07-22 05:21:08+00:00 |
Version Information (9)
»
| CompanyName | Oracle Corporation |
| FileDescription | Java(TM) Platform SE binary |
| FileVersion | 11.144.2.01 |
| Full Version | 11.144.2.01 |
| InternalName | Java SSV Agent Process |
| LegalCopyright | Copyright © 2017 |
| OriginalFilename | ssvagent.exe |
| ProductName | Java(TM) Platform SE 8 U144 |
| ProductVersion | 8.0.1440.1 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x9010 | 0x9200 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.15 |
| .rdata | 0x14000b000 | 0x4d1e | 0x4e00 | 0x9600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.29 |
| .data | 0x140010000 | 0x9f0 | 0x400 | 0xe400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.8 |
| .pdata | 0x140011000 | 0x720 | 0x800 | 0xe800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.08 |
| .rsrc | 0x140012000 | 0x7e0 | 0x800 | 0xf000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.64 |
| .reloc | 0x140013000 | 0x198 | 0x200 | 0xf800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 3.21 |
Imports (5)
»
KERNEL32.dll (56)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RaiseException | 0x0 | 0x14000b000 | 0xf0e0 | 0xd6e0 | 0x3b4 |
| GetLastError | 0x0 | 0x14000b008 | 0xf0e8 | 0xd6e8 | 0x208 |
| InitializeCriticalSectionAndSpinCount | 0x0 | 0x14000b010 | 0xf0f0 | 0xd6f0 | 0x2eb |
| DeleteCriticalSection | 0x0 | 0x14000b018 | 0xf0f8 | 0xd6f8 | 0xd2 |
| GetProcAddress | 0x0 | 0x14000b020 | 0xf100 | 0xd700 | 0x24c |
| GetModuleHandleW | 0x0 | 0x14000b028 | 0xf108 | 0xd708 | 0x21e |
| lstrlenW | 0x0 | 0x14000b030 | 0xf110 | 0xd710 | 0x561 |
| EnterCriticalSection | 0x0 | 0x14000b038 | 0xf118 | 0xd718 | 0xf2 |
| LeaveCriticalSection | 0x0 | 0x14000b040 | 0xf120 | 0xd720 | 0x33b |
| lstrcmpiW | 0x0 | 0x14000b048 | 0xf128 | 0xd728 | 0x558 |
| FreeLibrary | 0x0 | 0x14000b050 | 0xf130 | 0xd730 | 0x168 |
| MultiByteToWideChar | 0x0 | 0x14000b058 | 0xf138 | 0xd738 | 0x369 |
| SizeofResource | 0x0 | 0x14000b060 | 0xf140 | 0xd740 | 0x4bf |
| LoadResource | 0x0 | 0x14000b068 | 0xf148 | 0xd748 | 0x343 |
| FindResourceW | 0x0 | 0x14000b070 | 0xf150 | 0xd750 | 0x154 |
| LoadLibraryExW | 0x0 | 0x14000b078 | 0xf158 | 0xd758 | 0x340 |
| GetModuleFileNameW | 0x0 | 0x14000b080 | 0xf160 | 0xd760 | 0x21a |
| LoadLibraryW | 0x0 | 0x14000b088 | 0xf168 | 0xd768 | 0x341 |
| GlobalMemoryStatusEx | 0x0 | 0x14000b090 | 0xf170 | 0xd770 | 0x2c8 |
| GetVersionExW | 0x0 | 0x14000b098 | 0xf178 | 0xd778 | 0x2ac |
| VerifyVersionInfoW | 0x0 | 0x14000b0a0 | 0xf180 | 0xd780 | 0x4f7 |
| VerSetConditionMask | 0x0 | 0x14000b0a8 | 0xf188 | 0xd788 | 0x4f3 |
| GetCurrentProcess | 0x0 | 0x14000b0b0 | 0xf190 | 0xd790 | 0x1c6 |
| GetNativeSystemInfo | 0x0 | 0x14000b0b8 | 0xf198 | 0xd798 | 0x22b |
| CloseHandle | 0x0 | 0x14000b0c0 | 0xf1a0 | 0xd7a0 | 0x52 |
| CreateFileW | 0x0 | 0x14000b0c8 | 0xf1a8 | 0xd7a8 | 0x8f |
| GetSystemDirectoryW | 0x0 | 0x14000b0d0 | 0xf1b0 | 0xd7b0 | 0x277 |
| CreateProcessW | 0x0 | 0x14000b0d8 | 0xf1b8 | 0xd7b8 | 0xa8 |
| WaitForSingleObject | 0x0 | 0x14000b0e0 | 0xf1c0 | 0xd7c0 | 0x508 |
| GetEnvironmentVariableW | 0x0 | 0x14000b0e8 | 0xf1c8 | 0xd7c8 | 0x1e3 |
| GetWindowsDirectoryW | 0x0 | 0x14000b0f0 | 0xf1d0 | 0xd7d0 | 0x2b7 |
| LocalFree | 0x0 | 0x14000b0f8 | 0xf1d8 | 0xd7d8 | 0x34a |
| LocalAlloc | 0x0 | 0x14000b100 | 0xf1e0 | 0xd7e0 | 0x346 |
| FormatMessageW | 0x0 | 0x14000b108 | 0xf1e8 | 0xd7e8 | 0x164 |
| GetLongPathNameW | 0x0 | 0x14000b110 | 0xf1f0 | 0xd7f0 | 0x215 |
| GetShortPathNameW | 0x0 | 0x14000b118 | 0xf1f8 | 0xd7f8 | 0x268 |
| GetTempPathW | 0x0 | 0x14000b120 | 0xf200 | 0xd800 | 0x28c |
| GetLocalTime | 0x0 | 0x14000b128 | 0xf208 | 0xd808 | 0x209 |
| OutputDebugStringW | 0x0 | 0x14000b130 | 0xf210 | 0xd810 | 0x38c |
| GetCurrentProcessId | 0x0 | 0x14000b138 | 0xf218 | 0xd818 | 0x1c7 |
| GetCurrentThreadId | 0x0 | 0x14000b140 | 0xf220 | 0xd820 | 0x1cb |
| LoadLibraryA | 0x0 | 0x14000b148 | 0xf228 | 0xd828 | 0x33e |
| GetSystemTimeAsFileTime | 0x0 | 0x14000b150 | 0xf230 | 0xd830 | 0x280 |
| GetTickCount | 0x0 | 0x14000b158 | 0xf238 | 0xd838 | 0x29a |
| QueryPerformanceCounter | 0x0 | 0x14000b160 | 0xf240 | 0xd840 | 0x3a9 |
| RtlCaptureContext | 0x0 | 0x14000b168 | 0xf248 | 0xd848 | 0x418 |
| RtlLookupFunctionEntry | 0x0 | 0x14000b170 | 0xf250 | 0xd850 | 0x41f |
| RtlVirtualUnwind | 0x0 | 0x14000b178 | 0xf258 | 0xd858 | 0x426 |
| IsDebuggerPresent | 0x0 | 0x14000b180 | 0xf260 | 0xd860 | 0x302 |
| SetUnhandledExceptionFilter | 0x0 | 0x14000b188 | 0xf268 | 0xd868 | 0x4b3 |
| UnhandledExceptionFilter | 0x0 | 0x14000b190 | 0xf270 | 0xd870 | 0x4e2 |
| TerminateProcess | 0x0 | 0x14000b198 | 0xf278 | 0xd878 | 0x4ce |
| GetStartupInfoW | 0x0 | 0x14000b1a0 | 0xf280 | 0xd880 | 0x26a |
| Sleep | 0x0 | 0x14000b1a8 | 0xf288 | 0xd888 | 0x4c0 |
| DecodePointer | 0x0 | 0x14000b1b0 | 0xf290 | 0xd890 | 0xcb |
| EncodePointer | 0x0 | 0x14000b1b8 | 0xf298 | 0xd898 | 0xee |
USER32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| OpenInputDesktop | 0x0 | 0x14000b3b0 | 0xf490 | 0xda90 | 0x22e |
| CloseDesktop | 0x0 | 0x14000b3b8 | 0xf498 | 0xda98 | 0x4a |
| wsprintfW | 0x0 | 0x14000b3c0 | 0xf4a0 | 0xdaa0 | 0x33b |
| CharNextW | 0x0 | 0x14000b3c8 | 0xf4a8 | 0xdaa8 | 0x31 |
ole32.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CoCreateInstance | 0x0 | 0x14000b3d8 | 0xf4b8 | 0xdab8 | 0x14 |
| CoTaskMemFree | 0x0 | 0x14000b3e0 | 0xf4c0 | 0xdac0 | 0x6c |
| StringFromCLSID | 0x0 | 0x14000b3e8 | 0xf4c8 | 0xdac8 | 0x1b4 |
| CoTaskMemRealloc | 0x0 | 0x14000b3f0 | 0xf4d0 | 0xdad0 | 0x6d |
| CoTaskMemAlloc | 0x0 | 0x14000b3f8 | 0xf4d8 | 0xdad8 | 0x6b |
OLEAUT32.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| VarUI4FromStr | 0x115 | 0x14000b380 | 0xf460 | 0xda60 | - |
| SysAllocStringByteLen | 0x96 | 0x14000b388 | 0xf468 | 0xda68 | - |
| SysStringLen | 0x7 | 0x14000b390 | 0xf470 | 0xda70 | - |
| SysAllocString | 0x2 | 0x14000b398 | 0xf478 | 0xda78 | - |
| SysFreeString | 0x6 | 0x14000b3a0 | 0xf480 | 0xda80 | - |
MSVCR100.dll (54)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __crt_debugger_hook | 0x0 | 0x14000b1c8 | 0xf2a8 | 0xd8a8 | 0x146 |
| ?_type_info_dtor_internal_method@type_info@@QEAAXXZ | 0x0 | 0x14000b1d0 | 0xf2b0 | 0xd8b0 | 0xee |
| ??3@YAXPEAX@Z | 0x0 | 0x14000b1d8 | 0xf2b8 | 0xd8b8 | 0x65 |
| memset | 0x0 | 0x14000b1e0 | 0xf2c0 | 0xd8c0 | 0x5ad |
| ??2@YAPEAX_K@Z | 0x0 | 0x14000b1e8 | 0xf2c8 | 0xd8c8 | 0x63 |
| ??_V@YAXPEAX@Z | 0x0 | 0x14000b1f0 | 0xf2d0 | 0xd8d0 | 0x7a |
| __CxxFrameHandler3 | 0x0 | 0x14000b1f8 | 0xf2d8 | 0xd8d8 | 0x128 |
| memcpy_s | 0x0 | 0x14000b200 | 0xf2e0 | 0xd8e0 | 0x5aa |
| wcsstr | 0x0 | 0x14000b208 | 0xf2e8 | 0xd8e8 | 0x625 |
| malloc | 0x0 | 0x14000b210 | 0xf2f0 | 0xd8f0 | 0x59e |
| free | 0x0 | 0x14000b218 | 0xf2f8 | 0xd8f8 | 0x563 |
| _CxxThrowException | 0x0 | 0x14000b220 | 0xf300 | 0xd900 | 0x10e |
| wcsncpy_s | 0x0 | 0x14000b228 | 0xf308 | 0xd908 | 0x61e |
| _recalloc | 0x0 | 0x14000b230 | 0xf310 | 0xd910 | 0x3b5 |
| ??_U@YAPEAX_K@Z | 0x0 | 0x14000b238 | 0xf318 | 0xd918 | 0x78 |
| __argc | 0x0 | 0x14000b240 | 0xf320 | 0xd920 | 0x13d |
| __wargv | 0x0 | 0x14000b248 | 0xf328 | 0xd928 | 0x18c |
| _wstat64i32 | 0x0 | 0x14000b250 | 0xf330 | 0xd930 | 0x513 |
| swprintf_s | 0x0 | 0x14000b258 | 0xf338 | 0xd938 | 0x5f1 |
| _wtoi | 0x0 | 0x14000b260 | 0xf340 | 0xd940 | 0x51e |
| wcscpy_s | 0x0 | 0x14000b268 | 0xf348 | 0xd948 | 0x616 |
| fclose | 0x0 | 0x14000b270 | 0xf350 | 0xd950 | 0x54c |
| _wsplitpath_s | 0x0 | 0x14000b278 | 0xf358 | 0xd958 | 0x50f |
| wcscat_s | 0x0 | 0x14000b280 | 0xf360 | 0xd960 | 0x611 |
| _wfopen_s | 0x0 | 0x14000b288 | 0xf368 | 0xd968 | 0x4e2 |
| _wdupenv_s | 0x0 | 0x14000b290 | 0xf370 | 0xd970 | 0x4ce |
| fwprintf_s | 0x0 | 0x14000b298 | 0xf378 | 0xd978 | 0x56d |
| _wputenv | 0x0 | 0x14000b2a0 | 0xf380 | 0xd980 | 0x4f9 |
| _localtime64 | 0x0 | 0x14000b2a8 | 0xf388 | 0xd988 | 0x2f4 |
| _snwprintf_s | 0x0 | 0x14000b2b0 | 0xf390 | 0xd990 | 0x3eb |
| wcsftime | 0x0 | 0x14000b2b8 | 0xf398 | 0xd998 | 0x618 |
| _ftime64_s | 0x0 | 0x14000b2c0 | 0xf3a0 | 0xd9a0 | 0x23e |
| _vsnwprintf_s | 0x0 | 0x14000b2c8 | 0xf3a8 | 0xd9a8 | 0x487 |
| memcpy | 0x0 | 0x14000b2d0 | 0xf3b0 | 0xd9b0 | 0x5a9 |
| ?terminate@@YAXXZ | 0x0 | 0x14000b2d8 | 0xf3b8 | 0xd9b8 | 0x100 |
| __C_specific_handler | 0x0 | 0x14000b2e0 | 0xf3c0 | 0xd9c0 | 0x11e |
| _unlock | 0x0 | 0x14000b2e8 | 0xf3c8 | 0xd9c8 | 0x45b |
| __dllonexit | 0x0 | 0x14000b2f0 | 0xf3d0 | 0xd9d0 | 0x148 |
| _lock | 0x0 | 0x14000b2f8 | 0xf3d8 | 0xd9d8 | 0x2f6 |
| _onexit | 0x0 | 0x14000b300 | 0xf3e0 | 0xd9e0 | 0x39d |
| _amsg_exit | 0x0 | 0x14000b308 | 0xf3e8 | 0xd9e8 | 0x19e |
| __wgetmainargs | 0x0 | 0x14000b310 | 0xf3f0 | 0xd9f0 | 0x190 |
| _XcptFilter | 0x0 | 0x14000b318 | 0xf3f8 | 0xd9f8 | 0x11a |
| _exit | 0x0 | 0x14000b320 | 0xf400 | 0xda00 | 0x200 |
| _cexit | 0x0 | 0x14000b328 | 0xf408 | 0xda08 | 0x1b5 |
| exit | 0x0 | 0x14000b330 | 0xf410 | 0xda10 | 0x548 |
| _wcmdln | 0x0 | 0x14000b338 | 0xf418 | 0xda18 | 0x49f |
| _initterm | 0x0 | 0x14000b340 | 0xf420 | 0xda20 | 0x286 |
| _initterm_e | 0x0 | 0x14000b348 | 0xf428 | 0xda28 | 0x287 |
| _configthreadlocale | 0x0 | 0x14000b350 | 0xf430 | 0xda30 | 0x1c5 |
| __setusermatherr | 0x0 | 0x14000b358 | 0xf438 | 0xda38 | 0x17c |
| _commode | 0x0 | 0x14000b360 | 0xf440 | 0xda40 | 0x1c4 |
| _fmode | 0x0 | 0x14000b368 | 0xf448 | 0xda48 | 0x21c |
| __set_app_type | 0x0 | 0x14000b370 | 0xf450 | 0xda50 | 0x179 |
Digital Signatures (2)
»
Certificate: Oracle America, Inc.
»
| Issued by | Oracle America, Inc. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2015-04-14 00:00:00+00:00 |
| Valid Until | 2018-04-13 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52 |
| Thumbprint | 3B 75 81 6D 15 A6 D8 F4 59 8E 9C F5 60 3F 18 39 EE 84 D7 3D |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00:00+00:00 |
| Valid Until | 2023-12-09 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 75.69 KB |
| MD5 |
cf05bf4f6f5bf2fd495b380b860541dc
|
| SHA1 |
d6215f6631cbcca6c4de50c14dd6442b814d5bdb
|
| SHA256 |
6a7a667dd3d26ab703eca2901a87055bfecbde41d58897a8c229fa772b017dea
|
| SSDeep |
1536:RsECWrHBDGkGIGK7cvQ0VPp/8jsATzV8nG:u4lZ5/7Ap/D6zKnG
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 114.20 KB |
| MD5 |
1245e76406df228db171c135986f49bd
|
| SHA1 |
59692e1751ac8dc58ddf80da6982ccfb39745409
|
| SHA256 |
09d98e4f51946360e0fbbf2c6a045c6cdac324f9b083ac4fe2d281660682c400
|
| SSDeep |
3072:pAHaqQzTh+Ej7EZnD3XpTeCZbZvk+46eyemcr3i5:pihQzTwcYHdeC0qef7y5
|
| ImpHash |
19d5fde8be25751c7946eb965b6f6eee
|
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x1400033ac |
| Size Of Code | 0xe200 |
| Size Of Initialized Data | 0xf000 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2016-05-03 11:49:54+00:00 |
Version Information (8)
»
| CompanyName | Adobe Systems, Inc |
| FileDescription | Adobe Reader WOW Helper |
| FileVersion | 15.16.20039.185268 |
| InternalName | wow_helper.exe |
| LegalCopyright | Copyright 2010-2016 Adobe Systems Incorporated and its licensors. All rights reserved. |
| OriginalFilename | wow_helper.exe |
| ProductName | Adobe Reader WOW Helper |
| ProductVersion | 15.16.20039.185268 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0xe0ef | 0xe200 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.43 |
| .rdata | 0x140010000 | 0x90ea | 0x9200 | 0xe600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.09 |
| .data | 0x14001a000 | 0x3f78 | 0x1a00 | 0x17800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.16 |
| .pdata | 0x14001e000 | 0xce4 | 0xe00 | 0x19200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.59 |
| .rsrc | 0x14001f000 | 0x5e0 | 0x600 | 0x1a000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.13 |
| .reloc | 0x140020000 | 0x80c | 0xa00 | 0x1a600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 4.94 |
Imports (1)
»
KERNEL32.dll (68)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| VirtualProtectEx | 0x0 | 0x140010000 | 0x189c0 | 0x16fc0 | 0x5b2 |
| ReadProcessMemory | 0x0 | 0x140010008 | 0x189c8 | 0x16fc8 | 0x457 |
| WriteProcessMemory | 0x0 | 0x140010010 | 0x189d0 | 0x16fd0 | 0x5fa |
| GetModuleHandleW | 0x0 | 0x140010018 | 0x189d8 | 0x16fd8 | 0x26d |
| GetProcAddress | 0x0 | 0x140010020 | 0x189e0 | 0x16fe0 | 0x2a4 |
| OpenProcess | 0x0 | 0x140010028 | 0x189e8 | 0x16fe8 | 0x3f1 |
| RtlLookupFunctionEntry | 0x0 | 0x140010030 | 0x189f0 | 0x16ff0 | 0x4b5 |
| RtlUnwindEx | 0x0 | 0x140010038 | 0x189f8 | 0x16ff8 | 0x4bb |
| EncodePointer | 0x0 | 0x140010040 | 0x18a00 | 0x17000 | 0x125 |
| DecodePointer | 0x0 | 0x140010048 | 0x18a08 | 0x17008 | 0xff |
| RtlPcToFileHeader | 0x0 | 0x140010050 | 0x18a10 | 0x17010 | 0x4b7 |
| RaiseException | 0x0 | 0x140010058 | 0x18a18 | 0x17018 | 0x444 |
| GetCommandLineW | 0x0 | 0x140010060 | 0x18a20 | 0x17020 | 0x1cf |
| HeapAlloc | 0x0 | 0x140010068 | 0x18a28 | 0x17028 | 0x338 |
| GetLastError | 0x0 | 0x140010070 | 0x18a30 | 0x17030 | 0x256 |
| HeapFree | 0x0 | 0x140010078 | 0x18a38 | 0x17038 | 0x33c |
| SetLastError | 0x0 | 0x140010080 | 0x18a40 | 0x17040 | 0x519 |
| GetCurrentThreadId | 0x0 | 0x140010088 | 0x18a48 | 0x17048 | 0x214 |
| IsProcessorFeaturePresent | 0x0 | 0x140010090 | 0x18a50 | 0x17050 | 0x370 |
| ExitProcess | 0x0 | 0x140010098 | 0x18a58 | 0x17058 | 0x157 |
| GetModuleHandleExW | 0x0 | 0x1400100a0 | 0x18a60 | 0x17060 | 0x26c |
| MultiByteToWideChar | 0x0 | 0x1400100a8 | 0x18a68 | 0x17068 | 0x3d4 |
| WideCharToMultiByte | 0x0 | 0x1400100b0 | 0x18a70 | 0x17070 | 0x5dd |
| HeapSize | 0x0 | 0x1400100b8 | 0x18a78 | 0x17078 | 0x341 |
| IsDebuggerPresent | 0x0 | 0x1400100c0 | 0x18a80 | 0x17080 | 0x36a |
| GetStringTypeW | 0x0 | 0x1400100c8 | 0x18a88 | 0x17088 | 0x2cc |
| GetProcessHeap | 0x0 | 0x1400100d0 | 0x18a90 | 0x17090 | 0x2a9 |
| GetStdHandle | 0x0 | 0x1400100d8 | 0x18a98 | 0x17098 | 0x2c7 |
| GetFileType | 0x0 | 0x1400100e0 | 0x18aa0 | 0x170a0 | 0x245 |
| DeleteCriticalSection | 0x0 | 0x1400100e8 | 0x18aa8 | 0x170a8 | 0x106 |
| GetStartupInfoW | 0x0 | 0x1400100f0 | 0x18ab0 | 0x170b0 | 0x2c5 |
| GetModuleFileNameW | 0x0 | 0x1400100f8 | 0x18ab8 | 0x170b8 | 0x269 |
| WriteFile | 0x0 | 0x140010100 | 0x18ac0 | 0x170c0 | 0x5f1 |
| QueryPerformanceCounter | 0x0 | 0x140010108 | 0x18ac8 | 0x170c8 | 0x430 |
| GetCurrentProcessId | 0x0 | 0x140010110 | 0x18ad0 | 0x170d0 | 0x210 |
| GetSystemTimeAsFileTime | 0x0 | 0x140010118 | 0x18ad8 | 0x170d8 | 0x2dd |
| GetEnvironmentStringsW | 0x0 | 0x140010120 | 0x18ae0 | 0x170e0 | 0x22e |
| FreeEnvironmentStringsW | 0x0 | 0x140010128 | 0x18ae8 | 0x170e8 | 0x1a3 |
| RtlCaptureContext | 0x0 | 0x140010130 | 0x18af0 | 0x170f0 | 0x4ae |
| RtlVirtualUnwind | 0x0 | 0x140010138 | 0x18af8 | 0x170f8 | 0x4bc |
| UnhandledExceptionFilter | 0x0 | 0x140010140 | 0x18b00 | 0x17100 | 0x592 |
| SetUnhandledExceptionFilter | 0x0 | 0x140010148 | 0x18b08 | 0x17108 | 0x552 |
| InitializeCriticalSectionAndSpinCount | 0x0 | 0x140010150 | 0x18b10 | 0x17110 | 0x351 |
| Sleep | 0x0 | 0x140010158 | 0x18b18 | 0x17118 | 0x561 |
| GetCurrentProcess | 0x0 | 0x140010160 | 0x18b20 | 0x17120 | 0x20f |
| TerminateProcess | 0x0 | 0x140010168 | 0x18b28 | 0x17128 | 0x570 |
| TlsAlloc | 0x0 | 0x140010170 | 0x18b30 | 0x17130 | 0x582 |
| TlsGetValue | 0x0 | 0x140010178 | 0x18b38 | 0x17138 | 0x584 |
| TlsSetValue | 0x0 | 0x140010180 | 0x18b40 | 0x17140 | 0x585 |
| TlsFree | 0x0 | 0x140010188 | 0x18b48 | 0x17148 | 0x583 |
| EnterCriticalSection | 0x0 | 0x140010190 | 0x18b50 | 0x17150 | 0x129 |
| LeaveCriticalSection | 0x0 | 0x140010198 | 0x18b58 | 0x17158 | 0x3a5 |
| IsValidCodePage | 0x0 | 0x1400101a0 | 0x18b60 | 0x17160 | 0x375 |
| GetACP | 0x0 | 0x1400101a8 | 0x18b68 | 0x17168 | 0x1aa |
| GetOEMCP | 0x0 | 0x1400101b0 | 0x18b70 | 0x17170 | 0x28d |
| GetCPInfo | 0x0 | 0x1400101b8 | 0x18b78 | 0x17178 | 0x1b9 |
| LCMapStringW | 0x0 | 0x1400101c0 | 0x18b80 | 0x17180 | 0x399 |
| LoadLibraryExW | 0x0 | 0x1400101c8 | 0x18b88 | 0x17188 | 0x3aa |
| HeapReAlloc | 0x0 | 0x1400101d0 | 0x18b90 | 0x17190 | 0x33f |
| OutputDebugStringW | 0x0 | 0x1400101d8 | 0x18b98 | 0x17198 | 0x3fd |
| FlushFileBuffers | 0x0 | 0x1400101e0 | 0x18ba0 | 0x171a0 | 0x198 |
| GetConsoleCP | 0x0 | 0x1400101e8 | 0x18ba8 | 0x171a8 | 0x1e2 |
| GetConsoleMode | 0x0 | 0x1400101f0 | 0x18bb0 | 0x171b0 | 0x1f4 |
| SetStdHandle | 0x0 | 0x1400101f8 | 0x18bb8 | 0x171b8 | 0x530 |
| SetFilePointerEx | 0x0 | 0x140010200 | 0x18bc0 | 0x171c0 | 0x50c |
| WriteConsoleW | 0x0 | 0x140010208 | 0x18bc8 | 0x171c8 | 0x5f0 |
| CloseHandle | 0x0 | 0x140010210 | 0x18bd0 | 0x171d0 | 0x7f |
| CreateFileW | 0x0 | 0x140010218 | 0x18bd8 | 0x171d8 | 0xc2 |
Digital Signatures (2)
»
Certificate: Adobe Systems, Incorporated
»
| Issued by | Adobe Systems, Incorporated |
| Parent Certificate | Symantec Class 3 Extended Validation Code Signing CA - G2 |
| Country Name | US |
| Valid From | 2015-05-14 00:00:00+00:00 |
| Valid Until | 2017-05-07 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 10 FB 71 33 19 02 7F 3F 1F 1C 06 67 B3 C3 8C A9 |
| Thumbprint | 45 54 8B 92 B8 0C B7 9A 7C 62 8B 83 D9 DB A3 7B 9C 86 97 1D |
Certificate: Symantec Class 3 Extended Validation Code Signing CA - G2
»
| Issued by | Symantec Class 3 Extended Validation Code Signing CA - G2 |
| Country Name | US |
| Valid From | 2014-03-04 00:00:00+00:00 |
| Valid Until | 2024-03-03 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 19 1A 32 CB 75 9C 97 B8 CF AC 11 8D D5 12 7F 49 |
| Thumbprint | 5B 8F 88 C8 0A 73 D3 5F 76 CD 41 2A 9E 74 E9 16 59 4D FA 67 |
| C:\588bce7c90097ed212\1025\eula.rtf | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\1025\eula.rtf.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 7.41 KB |
| MD5 |
d6b057e1a0a75b08fb61d4b603c5c856
|
| SHA1 |
03057aabbbaa9d7125c1f4ca7e095cea9acc3f7c
|
| SHA256 |
b25875ddfd2ba65575f55edfb3072720db9e6495ed3c93b1dd3bb20e4a2c4fe6
|
| SSDeep |
192:qdVbwc1M0nTsc01PuWLDzR2M+bOx7BnT7QUmDH:EwcGoDo2UDzR2M+s7BnT7QUmDH
|
| C:\588bce7c90097ed212\1025\LocalizedData.xml | Modified File | Text |
Unknown
|
...
|
»
| Mime Type | text/xml |
| File Size | 72.49 KB |
| MD5 |
f1cf99cfddc7d3f432cbbbf9e362367b
|
| SHA1 |
e8764708b937ab0fda0593e071b5ad20ab09ec25
|
| SHA256 |
94d531d63192a34b6d2870f5f8839b3fdb8a6d7078363a2aff6074cd648ef9f1
|
| SSDeep |
384:4w1hDxsSsxGMZzhKtQOsitz0SBijTJ3ejrwdd0:PhDxsnxGMdAVBijTJ3eH5
|
| C:\Program Files\Java\jre1.8.0_144\bin\ssvagent.exe.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\ssvagent.exe (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 68.58 KB |
| MD5 |
d0320802d7bda5e7163edd2897a395f1
|
| SHA1 |
973477f48518081f445379531c5d466d2b8a1dfa
|
| SHA256 |
23f010893631afb7f700f5e66cc96ed4e95659ca10f4afa0194731c7ffd38ae4
|
| SSDeep |
1536:t73E7BbrdjSaq7jaNSK7gHGNnzOw82t/23:tOxeJKNSKEmdzOwVt/Y
|
| C:\Program Files\Java\jre1.8.0_144\bin\tnameserv.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 16.08 KB |
| MD5 |
b62dbbfe20607cd7c372e12fd87b00fd
|
| SHA1 |
8da0d4a5761ec3c1ce1609fa933664546ebbddb9
|
| SHA256 |
de4dc7896a05f56125152ae019daf1056d8e65a3c097ca9178dac2e07bdb4d24
|
| SSDeep |
192:2g7+vmg3Fz5vMipIKEfoqnzeefU9nYe+PjPriT0fwaM95YV:7M7bMiOKNqnzeefonYPLr7Uj2
|
| ImpHash |
2c43cda2243b5af72e180e8d1f09446d
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x140001420 |
| Size Of Code | 0x800 |
| Size Of Initialized Data | 0x1c00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2017-07-22 05:07:23+00:00 |
Version Information (9)
»
| CompanyName | Oracle Corporation |
| FileDescription | Java(TM) Platform SE binary |
| FileVersion | 8.0.1440.1 |
| Full Version | 1.8.0_144-b01 |
| InternalName | tnameserv |
| LegalCopyright | Copyright © 2017 |
| OriginalFilename | tnameserv.exe |
| ProductName | Java(TM) Platform SE 8 |
| ProductVersion | 8.0.1440.1 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x7e2 | 0x800 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.86 |
| .rdata | 0x140002000 | 0x8aa | 0xa00 | 0xc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.18 |
| .data | 0x140003000 | 0xe0 | 0x200 | 0x1600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.17 |
| .pdata | 0x140004000 | 0xc0 | 0x200 | 0x1800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.59 |
| .rsrc | 0x140005000 | 0xa5c | 0xc00 | 0x1a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.24 |
| .reloc | 0x140006000 | 0x50 | 0x200 | 0x2600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.56 |
Imports (3)
»
jli.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| JLI_CmdToArgs | 0x0 | 0x140002120 | 0x2600 | 0x1200 | 0x0 |
| JLI_GetStdArgc | 0x0 | 0x140002128 | 0x2608 | 0x1208 | 0x1 |
| JLI_MemAlloc | 0x0 | 0x140002130 | 0x2610 | 0x1210 | 0x5 |
| JLI_GetStdArgs | 0x0 | 0x140002138 | 0x2618 | 0x1218 | 0x2 |
| JLI_Launch | 0x0 | 0x140002140 | 0x2620 | 0x1220 | 0x3 |
MSVCR100.dll (24)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __getmainargs | 0x0 | 0x140002058 | 0x2538 | 0x1138 | 0x152 |
| __C_specific_handler | 0x0 | 0x140002060 | 0x2540 | 0x1140 | 0x11e |
| _XcptFilter | 0x0 | 0x140002068 | 0x2548 | 0x1148 | 0x11a |
| _exit | 0x0 | 0x140002070 | 0x2550 | 0x1150 | 0x200 |
| _cexit | 0x0 | 0x140002078 | 0x2558 | 0x1158 | 0x1b5 |
| exit | 0x0 | 0x140002080 | 0x2560 | 0x1160 | 0x548 |
| __initenv | 0x0 | 0x140002088 | 0x2568 | 0x1168 | 0x153 |
| _amsg_exit | 0x0 | 0x140002090 | 0x2570 | 0x1170 | 0x19e |
| _initterm_e | 0x0 | 0x140002098 | 0x2578 | 0x1178 | 0x287 |
| _configthreadlocale | 0x0 | 0x1400020a0 | 0x2580 | 0x1180 | 0x1c5 |
| __setusermatherr | 0x0 | 0x1400020a8 | 0x2588 | 0x1188 | 0x17c |
| _commode | 0x0 | 0x1400020b0 | 0x2590 | 0x1190 | 0x1c4 |
| _fmode | 0x0 | 0x1400020b8 | 0x2598 | 0x1198 | 0x21c |
| __set_app_type | 0x0 | 0x1400020c0 | 0x25a0 | 0x11a0 | 0x179 |
| ?terminate@@YAXXZ | 0x0 | 0x1400020c8 | 0x25a8 | 0x11a8 | 0x100 |
| _unlock | 0x0 | 0x1400020d0 | 0x25b0 | 0x11b0 | 0x45b |
| __dllonexit | 0x0 | 0x1400020d8 | 0x25b8 | 0x11b8 | 0x148 |
| _lock | 0x0 | 0x1400020e0 | 0x25c0 | 0x11c0 | 0x2f6 |
| _onexit | 0x0 | 0x1400020e8 | 0x25c8 | 0x11c8 | 0x39d |
| getenv | 0x0 | 0x1400020f0 | 0x25d0 | 0x11d0 | 0x573 |
| printf | 0x0 | 0x1400020f8 | 0x25d8 | 0x11d8 | 0x5b3 |
| __argc | 0x0 | 0x140002100 | 0x25e0 | 0x11e0 | 0x13d |
| __argv | 0x0 | 0x140002108 | 0x25e8 | 0x11e8 | 0x13e |
| _initterm | 0x0 | 0x140002110 | 0x25f0 | 0x11f0 | 0x286 |
KERNEL32.dll (10)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetSystemTimeAsFileTime | 0x0 | 0x140002000 | 0x24e0 | 0x10e0 | 0x280 |
| GetCurrentProcessId | 0x0 | 0x140002008 | 0x24e8 | 0x10e8 | 0x1c7 |
| GetCurrentThreadId | 0x0 | 0x140002010 | 0x24f0 | 0x10f0 | 0x1cb |
| GetTickCount | 0x0 | 0x140002018 | 0x24f8 | 0x10f8 | 0x29a |
| QueryPerformanceCounter | 0x0 | 0x140002020 | 0x2500 | 0x1100 | 0x3a9 |
| SetUnhandledExceptionFilter | 0x0 | 0x140002028 | 0x2508 | 0x1108 | 0x4b3 |
| EncodePointer | 0x0 | 0x140002030 | 0x2510 | 0x1110 | 0xee |
| Sleep | 0x0 | 0x140002038 | 0x2518 | 0x1118 | 0x4c0 |
| GetCommandLineA | 0x0 | 0x140002040 | 0x2520 | 0x1120 | 0x18c |
| DecodePointer | 0x0 | 0x140002048 | 0x2528 | 0x1128 | 0xcb |
Digital Signatures (2)
»
Certificate: Oracle America, Inc.
»
| Issued by | Oracle America, Inc. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2015-04-14 00:00:00+00:00 |
| Valid Until | 2018-04-13 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52 |
| Thumbprint | 3B 75 81 6D 15 A6 D8 F4 59 8E 9C F5 60 3F 18 39 EE 84 D7 3D |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00:00+00:00 |
| Valid Until | 2023-12-09 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 452.18 KB |
| MD5 |
049ec8b751cd35cea16eb611b9780ffc
|
| SHA1 |
67b1356d6c093ce44cc9d38c2ed2894c0a3177a4
|
| SHA256 |
ac64f59dcc78a3c5836b41693a491dd6b4f953d07ca4830ccb4386c6f5fbdc4c
|
| SSDeep |
12288:mymOcB+pwPprnVmLmDsC+FU+ZOSz09tzZuE8EE2:mLOsDFncLmKDZOSzoFvE2
|
| C:\588bce7c90097ed212\1025\LocalizedData.xml.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\1025\LocalizedData.xml (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 72.49 KB |
| MD5 |
95475312ac05ed17ed8a4dc3c042923d
|
| SHA1 |
751effff55e74f55cbd916f24b7fbc47ec715952
|
| SHA256 |
f1adf91330580d51077dbf536bde925130f043ce218cb1d236c6d864f44e4b8b
|
| SSDeep |
384:sMsazfZxDJ3caC12cwxsSsxGMZzhKtQOsitz0SBijTJ3ejrwdd0:sMXxDtwkxsnxGMdAVBijTJ3eH5
|
| C:\588bce7c90097ed212\1028\eula.rtf | Modified File | Text |
Unknown
|
...
|
»
| Mime Type | text/rtf |
| File Size | 6.18 KB |
| MD5 |
3be45a152c40abce65f005a0e75c14e9
|
| SHA1 |
ae416ae50c7e7ffb35d0bedc8092bb1ec0c556ca
|
| SHA256 |
84576ab0240116142c4c4e3bc0ceaf1c7c65c91c7da70f47be3487a850018953
|
| SSDeep |
96:/R8NRf8TTVKTu4LuTu4LrzZD41raZM4HbegdxqKZJQ1/FSMZJujgzc/MpD1JzIfH:/R4Rfm2NBZMjOfro2n6CAH
|
RTF Information
»
Document Content
»
| MICROSOFT MICROSOFT WINDOWS MICROSOFT .NET FRAMEWORK 4 MICROSOFT WINDOWS MICROSOFT .NET FRAMEWORK 4 Microsoft ( ) Microsoft Windows ( ) ( ) 1. lang1028 Microsoft www.support.microsoft.com/common/international.aspx 2. f0 MICROSOFT .NET FRAMEWORK .NET Framework (.NET ) http://go.microsoft.com/fwlink/?LinkID=66406 Microsoft http://go.microsoft.com/fwlink/?LinkID=66406 Microsoft .NET 'b4 |
Embedded URLs (1)
»
| URL | First Seen | Categories | Threat Names | Reputation Status | WHOIS Data |
|---|---|---|---|---|---|
| http://go.microsoft.com/fwlink/?LinkID=66406 | - | - | - |
Unknown
|
Not Queried
|
| C:\Program Files\Java\jre1.8.0_144\bin\tnameserv.exe | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\tnameserv.exe.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 16.08 KB |
| MD5 |
444fe92cd9c940545c5d556904e7ab1a
|
| SHA1 |
8be0db4e59ea2b1cd117a75ad68963c94d425d6b
|
| SHA256 |
6d74dd0d5cde7ef42d5d65f516d3dc5287319db7671f98a70a4736ed8997fb13
|
| SSDeep |
192:RWPQDjN8UWRp/kayG4JJTIKEfoqnzeefU9nYe+PjPriT0fwaM95YV:oP+N/WRp/UuKNqnzeefonYPLr7Uj2
|
| C:\Program Files\Java\jre1.8.0_144\bin\unpack200.exe | Modified File | Binary |
Unknown
|
...
|
»
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 192.58 KB |
| MD5 |
22b7236401ef452c5cdca68900fc3023
|
| SHA1 |
ba56388571c183dc093169b03e8492619d933973
|
| SHA256 |
1254e91a77029c19f2c5320b37358fc055164a987208666a92da542c252b27c2
|
| SSDeep |
3072:u/Hh4JGbU6jzcZ33A2QBKmK7NYyog7TBfUfy/NTwph6Y5TU:OHh4P63cZHP4oKy1TBcfy/NTwph0
|
| ImpHash |
e1a3b9c755b6e615b4050d0bd623bb5b
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x14001e920 |
| Size Of Code | 0x1fe00 |
| Size Of Initialized Data | 0xe800 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.amd64 |
| Compile Timestamp | 2017-07-22 05:07:23+00:00 |
Version Information (9)
»
| CompanyName | Oracle Corporation |
| FileDescription | Java(TM) Platform SE binary |
| FileVersion | 8.0.1440.1 |
| Full Version | 1.8.0_144-b01 |
| InternalName | unpack200 |
| LegalCopyright | Copyright © 2017 |
| OriginalFilename | unpack200.exe |
| ProductName | Java(TM) Platform SE 8 |
| ProductVersion | 8.0.1440.1 |
Sections (7)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x1fdca | 0x1fe00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.6 |
| .rdata | 0x140021000 | 0xad97 | 0xae00 | 0x20200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.12 |
| .data | 0x14002c000 | 0x1b00 | 0x1000 | 0x2b000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.06 |
| .pdata | 0x14002e000 | 0xd98 | 0xe00 | 0x2c000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.54 |
| .idata | 0x14002f000 | 0xc6f | 0xe00 | 0x2ce00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.11 |
| .rsrc | 0x140030000 | 0x60c | 0x800 | 0x2dc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.74 |
| .reloc | 0x140031000 | 0x43d | 0x600 | 0x2e400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 2.36 |
Imports (2)
»
MSVCR100.dll (57)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| strcmp | 0x0 | 0x14002f498 | 0x2f130 | 0x2cf30 | 0x5d8 |
| strchr | 0x0 | 0x14002f4a0 | 0x2f138 | 0x2cf38 | 0x5d7 |
| remove | 0x0 | 0x14002f4a8 | 0x2f140 | 0x2cf40 | 0x5c0 |
| fclose | 0x0 | 0x14002f4b0 | 0x2f148 | 0x2cf48 | 0x54c |
| exit | 0x0 | 0x14002f4b8 | 0x2f150 | 0x2cf50 | 0x548 |
| fopen | 0x0 | 0x14002f4c0 | 0x2f158 | 0x2cf58 | 0x559 |
| _time64 | 0x0 | 0x14002f4c8 | 0x2f160 | 0x2cf60 | 0x43f |
| strcat | 0x0 | 0x14002f4d0 | 0x2f168 | 0x2cf68 | 0x5d5 |
| strncat | 0x0 | 0x14002f4d8 | 0x2f170 | 0x2cf70 | 0x5e1 |
| fflush | 0x0 | 0x14002f4e0 | 0x2f178 | 0x2cf78 | 0x54f |
| qsort | 0x0 | 0x14002f4e8 | 0x2f180 | 0x2cf80 | 0x5ba |
| _snprintf | 0x0 | 0x14002f4f0 | 0x2f188 | 0x2cf88 | 0x3df |
| atoi | 0x0 | 0x14002f4f8 | 0x2f190 | 0x2cf90 | 0x538 |
| strcpy | 0x0 | 0x14002f500 | 0x2f198 | 0x2cf98 | 0x5da |
| abort | 0x0 | 0x14002f508 | 0x2f1a0 | 0x2cfa0 | 0x52a |
| _gmtime64 | 0x0 | 0x14002f510 | 0x2f1a8 | 0x2cfa8 | 0x277 |
| fwrite | 0x0 | 0x14002f518 | 0x2f1b0 | 0x2cfb0 | 0x56e |
| _amsg_exit | 0x0 | 0x14002f520 | 0x2f1b8 | 0x2cfb8 | 0x19e |
| strncmp | 0x0 | 0x14002f528 | 0x2f1c0 | 0x2cfc0 | 0x5e3 |
| __C_specific_handler | 0x0 | 0x14002f530 | 0x2f1c8 | 0x2cfc8 | 0x11e |
| _XcptFilter | 0x0 | 0x14002f538 | 0x2f1d0 | 0x2cfd0 | 0x11a |
| _exit | 0x0 | 0x14002f540 | 0x2f1d8 | 0x2cfd8 | 0x200 |
| _cexit | 0x0 | 0x14002f548 | 0x2f1e0 | 0x2cfe0 | 0x1b5 |
| __initenv | 0x0 | 0x14002f550 | 0x2f1e8 | 0x2cfe8 | 0x153 |
| _initterm | 0x0 | 0x14002f558 | 0x2f1f0 | 0x2cff0 | 0x286 |
| _initterm_e | 0x0 | 0x14002f560 | 0x2f1f8 | 0x2cff8 | 0x287 |
| _configthreadlocale | 0x0 | 0x14002f568 | 0x2f200 | 0x2d000 | 0x1c5 |
| __setusermatherr | 0x0 | 0x14002f570 | 0x2f208 | 0x2d008 | 0x17c |
| _commode | 0x0 | 0x14002f578 | 0x2f210 | 0x2d010 | 0x1c4 |
| _fmode | 0x0 | 0x14002f580 | 0x2f218 | 0x2d018 | 0x21c |
| __set_app_type | 0x0 | 0x14002f588 | 0x2f220 | 0x2d020 | 0x179 |
| __crt_debugger_hook | 0x0 | 0x14002f590 | 0x2f228 | 0x2d028 | 0x146 |
| ?terminate@@YAXXZ | 0x0 | 0x14002f598 | 0x2f230 | 0x2d030 | 0x100 |
| _unlock | 0x0 | 0x14002f5a0 | 0x2f238 | 0x2d038 | 0x45b |
| __dllonexit | 0x0 | 0x14002f5a8 | 0x2f240 | 0x2d040 | 0x148 |
| _lock | 0x0 | 0x14002f5b0 | 0x2f248 | 0x2d048 | 0x2f6 |
| _onexit | 0x0 | 0x14002f5b8 | 0x2f250 | 0x2d050 | 0x39d |
| getenv | 0x0 | 0x14002f5c0 | 0x2f258 | 0x2d058 | 0x573 |
| strtok | 0x0 | 0x14002f5c8 | 0x2f260 | 0x2d060 | 0x5ec |
| fprintf | 0x0 | 0x14002f5d0 | 0x2f268 | 0x2d068 | 0x55b |
| strrchr | 0x0 | 0x14002f5d8 | 0x2f270 | 0x2d070 | 0x5e8 |
| __iob_func | 0x0 | 0x14002f5e0 | 0x2f278 | 0x2d078 | 0x154 |
| fread | 0x0 | 0x14002f5e8 | 0x2f280 | 0x2d080 | 0x561 |
| _errno | 0x0 | 0x14002f5f0 | 0x2f288 | 0x2d088 | 0x1f7 |
| sprintf | 0x0 | 0x14002f5f8 | 0x2f290 | 0x2d090 | 0x5ce |
| strlen | 0x0 | 0x14002f600 | 0x2f298 | 0x2d098 | 0x5e0 |
| memcmp | 0x0 | 0x14002f608 | 0x2f2a0 | 0x2d0a0 | 0x5a8 |
| realloc | 0x0 | 0x14002f610 | 0x2f2a8 | 0x2d0a8 | 0x5bf |
| memchr | 0x0 | 0x14002f618 | 0x2f2b0 | 0x2d0b0 | 0x5a7 |
| free | 0x0 | 0x14002f620 | 0x2f2b8 | 0x2d0b8 | 0x563 |
| malloc | 0x0 | 0x14002f628 | 0x2f2c0 | 0x2d0c0 | 0x59e |
| memset | 0x0 | 0x14002f630 | 0x2f2c8 | 0x2d0c8 | 0x5ad |
| __getmainargs | 0x0 | 0x14002f638 | 0x2f2d0 | 0x2d0d0 | 0x152 |
| memcpy | 0x0 | 0x14002f640 | 0x2f2d8 | 0x2d0d8 | 0x5a9 |
| _strdup | 0x0 | 0x14002f648 | 0x2f2e0 | 0x2d0e0 | 0x40b |
| _fileno | 0x0 | 0x14002f650 | 0x2f2e8 | 0x2d0e8 | 0x20e |
| _mkdir | 0x0 | 0x14002f658 | 0x2f2f0 | 0x2d0f0 | 0x393 |
KERNEL32.dll (16)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetCurrentProcessId | 0x0 | 0x14002f3a8 | 0x2f040 | 0x2ce40 | 0x1c7 |
| GetCurrentThreadId | 0x0 | 0x14002f3b0 | 0x2f048 | 0x2ce48 | 0x1cb |
| GetTickCount | 0x0 | 0x14002f3b8 | 0x2f050 | 0x2ce50 | 0x29a |
| QueryPerformanceCounter | 0x0 | 0x14002f3c0 | 0x2f058 | 0x2ce58 | 0x3a9 |
| DecodePointer | 0x0 | 0x14002f3c8 | 0x2f060 | 0x2ce60 | 0xcb |
| RtlCaptureContext | 0x0 | 0x14002f3d0 | 0x2f068 | 0x2ce68 | 0x418 |
| RtlLookupFunctionEntry | 0x0 | 0x14002f3d8 | 0x2f070 | 0x2ce70 | 0x41f |
| RtlVirtualUnwind | 0x0 | 0x14002f3e0 | 0x2f078 | 0x2ce78 | 0x426 |
| IsDebuggerPresent | 0x0 | 0x14002f3e8 | 0x2f080 | 0x2ce80 | 0x302 |
| SetUnhandledExceptionFilter | 0x0 | 0x14002f3f0 | 0x2f088 | 0x2ce88 | 0x4b3 |
| UnhandledExceptionFilter | 0x0 | 0x14002f3f8 | 0x2f090 | 0x2ce90 | 0x4e2 |
| GetCurrentProcess | 0x0 | 0x14002f400 | 0x2f098 | 0x2ce98 | 0x1c6 |
| TerminateProcess | 0x0 | 0x14002f408 | 0x2f0a0 | 0x2cea0 | 0x4ce |
| EncodePointer | 0x0 | 0x14002f410 | 0x2f0a8 | 0x2cea8 | 0xee |
| Sleep | 0x0 | 0x14002f418 | 0x2f0b0 | 0x2ceb0 | 0x4c0 |
| GetSystemTimeAsFileTime | 0x0 | 0x14002f420 | 0x2f0b8 | 0x2ceb8 | 0x280 |
Digital Signatures (2)
»
Certificate: Oracle America, Inc.
»
| Issued by | Oracle America, Inc. |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2015-04-14 00:00:00+00:00 |
| Valid Until | 2018-04-13 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52 |
| Thumbprint | 3B 75 81 6D 15 A6 D8 F4 59 8E 9C F5 60 3F 18 39 EE 84 D7 3D |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | US |
| Valid From | 2013-12-10 00:00:00+00:00 |
| Valid Until | 2023-12-09 23:59:59+00:00 |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
| C:\588bce7c90097ed212\1028\eula.rtf.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\1028\eula.rtf (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 6.18 KB |
| MD5 |
2be79d7dfca8a2ae863b4a5a0a53bad0
|
| SHA1 |
8ba65185ff2667994f4522e4b65f2f7b06ef7cdf
|
| SHA256 |
2a527d8e4d0a63af8e3e8e854a2a77ec40e927829206477a49dd87316d76ebc8
|
| SSDeep |
96:L+IaCEftt7RlIJC7PvuOtHuUBPbDVlxVAxa/MpD1JzIfcHvR2k0cvzr7DDrz70c+:iwY7fPvuquWboxAOfro2n6CAH
|
| C:\Program Files\Java\jre1.8.0_144\bin\unpack200.exe | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\unpack200.exe.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 192.58 KB |
| MD5 |
fc41d583032a3dcf0ca81981b1a1e9ef
|
| SHA1 |
d2d8e797eee99f2003d1f3e50faa38e2d8f2e783
|
| SHA256 |
7fc9a51916dcfe5706fd2dc0d9062a30324654059a1be2f051f1049cfa42dcac
|
| SSDeep |
3072:38/Hh4JGbU6jzcZ33A2QBKmK7NYyog7TBfUfy/NTwph6Y5TU:38Hh4P63cZHP4oKy1TBcfy/NTwph0
|
| C:\Program Files\Java\jre1.8.0_144\bin\server\Xusage.txt | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\server\Xusage.txt.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 1.39 KB |
| MD5 |
2739fb9d89dc49852539b65c6929c38b
|
| SHA1 |
843d83dacd2c76fa78b90d9895e6c63082988418
|
| SHA256 |
e4f9fa893f95ccf19fbb4e047b76d033e3491d044795825f9415c473d329c066
|
| SSDeep |
24:LRtel9wYlGavYLWGwomtb/1iR92mEGEVGPsQ894asuaIa51uN3DxXuED:LRt69wYf0WdoO/1g9IfJf4axa7GDx+ED
|
| C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 5.67 MB |
| MD5 |
551bf545c7e17b0bdbcb6a22ae640eb6
|
| SHA1 |
30192182b80c40fe84eba81c8bc6e7f08d0e8aaf
|
| SHA256 |
40dc7e817c45c7e8a1b4e76e3609ba9021f5a802404fdf56ec56737174ee3874
|
| SSDeep |
24576:p9dQp76lAnOANi0ppvgXoKeeXduCzmosvuV0Ui0K8SQFUFp7LDUxzx3ncllAW8Sx:Fqq3NIX3NIIaa
|
| C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As |
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml (Modified File)
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.gоod (Dropped File) C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 624 bytes |
| MD5 |
d99786050cf680e0121bbae379f9c526
|
| SHA1 |
f1cc37f85f63b5ba4d67461b02c7486a70024b9f
|
| SHA256 |
c1288542131e93d3d93480aed47d58a67f2b9842308d7c3baa769b66c1ad0168
|
| SSDeep |
12:HXXEKOfSNsM3M3/L2BA2v6dV1gExlqu6d7KzmthSseQbBkmiZF7WBR6TnGHqh:ZNsM8vqBVwhfxKtsseASZZFKX6Tt
|
| C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml | Modified File | Text |
Unknown
|
...
|
»
| Mime Type | text/xml |
| File Size | 3.56 MB |
| MD5 |
358d00a3db788c674a71b05f2dfa9aba
|
| SHA1 |
7aae982b506e2ba4e9ab9086df55ae4c11bac227
|
| SHA256 |
9baf564492b94204fc7a3aed48832870a63d39acec9d731c4a4614593e401f48
|
| SSDeep |
98304:voHqkrf2YkGbeR9U5jURQCMjyjPSDZKwyI38K:Q
|
| C:\588bce7c90097ed212\1029\LocalizedData.xml | Modified File | Text |
Unknown
|
...
|
»
| Mime Type | text/xml |
| File Size | 79.09 KB |
| MD5 |
2be9349ab8fc01e60a1e38f0e6e0d7ee
|
| SHA1 |
efcd599398bf48fa50fd7fb114cb088b3b5f7383
|
| SHA256 |
f73a423753ee7c6c23f1520a1c226a83e9263fe0de1cf4010387a24d03a6b760
|
| SSDeep |
384:4w9jRY/svLov/QvQovOLeyndT/jfB7eyNdT9eTiyn15byYOMbqav8qAMrZEXw/FC:Wt/jPvoZJZ03
|
| C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 1.23 MB |
| MD5 |
9ea189c2a1831b02d8256d50db0a914f
|
| SHA1 |
0b36754fd413b32bda5e061f5c051417a479a906
|
| SHA256 |
01ff6cb77b0233d23104c49529379d6323050fb57d742ad722b454d46b7f1dbe
|
| SSDeep |
24576:XUSo/0kJ9pMJvk20LhUx60T8w82a9l+99+xFAF8O1GnLzQMHOWGfXztP2xgb:EfUJMvNUt8w8J+9QxqFVGnfYWWXUxE
|
| C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi | Modified File | Unknown |
Unknown
|
...
|
»
| Mime Type | application/x-msi |
| File Size | 144.02 KB |
| MD5 |
c59bd2e69e40bf0a7a1fa92b63eba589
|
| SHA1 |
cce03d9620eccb3befbad5bdf14ff8ca5a7c0db3
|
| SHA256 |
44635a3860cf81ce237ec87bd937614c6956f91a70c667f7a8cdfb9d47e70759
|
| SSDeep |
3072:e0Vj1eHwzvcXcSqviamCIngQA5DN341Ba:rbvcXgvibA21Ba
|
| C:\588bce7c90097ed212\1029\LocalizedData.xml | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\1029\LocalizedData.xml.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 79.09 KB |
| MD5 |
cff25aecc03bdf8892a8eeeabbfedfaf
|
| SHA1 |
5d389e79afc27aabb62b25b8f405131b7b10d59c
|
| SHA256 |
588fee3fc6cb19d9bf107014e1b9681b41190de044ebadd57f7413634903c2a2
|
| SSDeep |
384:snc4I7jvsNQ8/svLov/QvQovOLeyndT/jfB7eyNdT9eTiyn15byYOMbqav8qAMru:s3qYFt/jPvoZJZ03
|
| C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 144.02 KB |
| MD5 |
366e6dcc1909705f5cacbf12ce000ef5
|
| SHA1 |
2b86caaacb14e1e8fd23c2226dd0cfd49c221360
|
| SHA256 |
1c5b92a6ab0dc76c7f5a9aad9349b72afff6bdcc8860907d7a0dc9f90b3c916d
|
| SSDeep |
3072:sl+0jBxl0Vj1eHwzvcXcSqviamCIngQA5DN341Ba:sldjbobvcXgvibA21Ba
|
| C:\588bce7c90097ed212\1030\eula.rtf.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\1030\eula.rtf (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 3.25 KB |
| MD5 |
d26ee2d17218e3703c38f3896d15b174
|
| SHA1 |
1b26903ac2bdcb94a19351b60bad8df9e0cb74d9
|
| SHA256 |
1f8b49989f8e80d0576f442ba1a0328178665f52cb6ae62dd1bb6a53aedd6eea
|
| SSDeep |
96:jb1jWkryXWSxNpmppN5zMaDqaaZ8Vaf8/K1oA:PTyXWgpiJD+6V67oA
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt | Modified File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 26.41 KB |
| MD5 |
83987af08fc1792c60d043d017104176
|
| SHA1 |
0adfc7ab8c1cf0bd1174a1b766fa0ccefc5a37b3
|
| SHA256 |
971cb4788343c36926522dbb929bd341fff752f104e0507e3ec783f549a5024b
|
| SSDeep |
384:m4c7vlmpMaBZN018X6sT6AATeINgKP+nHQ41fgcmmItyOQeM9YfWEJZBfuod:Evgpm8OTeDnLqFXTflJZBfuod
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_100_percent.pak.gоod | Dropped File | Text |
Unknown
|
...
|
»
| Also Known As |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef.pak (Modified File)
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_200_percent.pak.gоod (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_200_percent.pak (Modified File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_100_percent.pak (Modified File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.gоod (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_extensions.pak (Modified File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_extensions.pak.gоod (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat (Modified File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef.pak.gоod (Dropped File) |
| Mime Type | text/plain |
| File Size | 16 bytes |
| MD5 |
0e1d5e3fe2004567d37a0b7d17629fd9
|
| SHA1 |
ad1a294e38d8b313aec18d7ddf202d00bff8b7ef
|
| SHA256 |
a46756499d0eae2256366be0598c6c722339a312c7ee7b8b0d6b4d9e89d0a85f
|
| SSDeep |
3:a2s+R:bnR
|
| C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml | Modified File | Text |
Unknown
|
...
|
»
| Mime Type | text/xml |
| File Size | 15.79 KB |
| MD5 |
1229b9d6eb0df93f1732da32887856dd
|
| SHA1 |
0cbf394f4f986a169f9ecb4d54d4169493db8817
|
| SHA256 |
dc07a1548bde550dac7bfcaab2686a0f6f83486699aab6ed5fab8ba19136ced3
|
| SSDeep |
192:0xa2VrL1NSDUC1BDUC1Q6Y2whyM3hARUCjg8W:383HPcqcQ6YRvh3mg8W
|
| C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml | Modified File | Text |
Unknown
|
...
|
»
| Mime Type | text/plain |
| File Size | 23.00 KB |
| MD5 |
641abc7632fa64bd0b4cc37a017bc7e9
|
| SHA1 |
46f87b12e7bb08bf1c1a05585f17cc4bb1e8d8af
|
| SHA256 |
05b8f75e26c0a5f1fc67ae63195d28d16bcf033949aee45fd55a12d7d0c26c79
|
| SSDeep |
384:UNfD+5n8dZGyW0jzm6m4P9+VN2SE3w7JLWwra4GbWpEa5YMr6PTmH3UTS:UY5n8dZGyW0jzm6m4P9+VN2SE3w7JLWK
|
| C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 23.00 KB |
| MD5 |
a5ee6c94379be59092acc6f1b8ce9151
|
| SHA1 |
3288186d0e2fa861fd9547c571505feb66a9fc13
|
| SHA256 |
c0d1c54615a48e4ff98970c66b927619dc9b7bf44bd7df00326987110cb466f2
|
| SSDeep |
384:OeTtmHToNCd5zTHw+5n8dZGyW0jzm6m4P9+VN2SE3w7JLWwra4GbWpEa5YMr6PT8:xtcT/Hz5n8dZGyW0jzm6m4P9+VN2SE3k
|
| C:\588bce7c90097ed212\1030\LocalizedData.xml.gоod | Dropped File | Stream |
Unknown
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\1030\LocalizedData.xml (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 75.94 KB |
| MD5 |
ea982b1851960fad0fe86ce934c2a839
|
| SHA1 |
04aad5b7967b99229728a23f915a5ffaf6ed6e4f
|
| SHA256 |
d49d6e00492a9399dc3adfae109be167b8dce37095cca18db918f9750a76a408
|
| SSDeep |
384:sS4twYt4NYsFrCYQTjtLCpCggWuUyl+JMcf/zmSmRLAgRQJmS+e/JAu1O2Xx+E:sS4t74NYYeYQTjtLCYggWuUMe+e/JX
|
| C:\ProgramData\Microsoft\User Account Pictures\Default User.dat | Modified File | Stream |
Unknown
|
...
|
»
| Mime Type | application/octet-stream |
| File Size | 588.22 KB |
| MD5 |
b25cb83d7c12fe8174648a91a5f69358
|
| SHA1 |
1a2e5bf075e1ebe05ceaf8754136ad6625f5ef7d
|
| SHA256 |
050b98e8ddc7017b5b68e92a7665617f314a27396b3e3a2df5536b65f1d37ac9
|
| SSDeep |
48:nnkXfv+iwkeaG/Ni6B4vtctwsNW6B4RU4SQB5pmyhbvNSFfCXDvSKqVvNThGUDRX:nnssNW6BRx
|
| C:\Program Files\Java\jre1.8.0_144\lib\charsets.jar.gоod | Dropped File | Unknown |
Unknown
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\lib\charsets.jar (Modified File) |
| Mime Type | application/java-archive |
| File Size | 2.90 MB |
| MD5 |
dca3ab4fa8b74b728946005f731c246b
|
| SHA1 |
6f6145faf078503c9bb82d64cfccfc7e7f028007
|
| SHA256 |
1622b61a3d2d5640e9accd92d89f5296e319877b7eb45069f73ceb9e15417b51
|
| SSDeep |
49152:oCi4xz1nZUh7Bj4zw4FgEcLZHnvvFRlbIYy6F:oCikzNGhcONn37lbI8
|
| C:\Program Files\Java\jre1.8.0_144\lib\classlist | Modified File | Text |
Unknown
|
...
|
»
| Mime Type | text/plain |
| File Size | 82.39 KB |
| MD5 |
669f5a301d2679b3e426e45990fd71f1
|
| SHA1 |
96e92e5640fb202c379b70777927c5ac47d8df23
|
| SHA256 |
5d25f70a27f6547e81d6e352becb6333205fb66a2ce3aeab3721629347dbd0c4
|
| SSDeep |
1536:4X/nxfn5rxLyMznYolTzlff5OK3COHoHNG5rb/cxNwmCX1g86K2oWdAqNqc+KMjL:qxn5rxLyMzbf5OK3CJNG51g86E
|
| C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log | Modified File | Text |
Not Queried
|
...
|
»
| Mime Type | text/plain |
| File Size | 41.69 KB |
| MD5 |
497dda950565ebddf4f01069815efd1b
|
| SHA1 |
5c7bb037e1fbf7fe4b965b267637f19dd5a38734
|
| SHA256 |
d0b56cba802a7c69b8bafec5f5f6b3c0e85bd5f963e6604561a00efb9198f696
|
| SSDeep |
384:ge+pQcczWstGm8OEz7W6SqrFdFMFSFFLoVwATKKhRdprlF+BxHcP8YaUavWKDXvm:grHCIZoVv+KhRb7ODfy0Fa/
|
| C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log | Modified File | Text |
Not Queried
|
...
|
»
| Mime Type | text/plain |
| File Size | 5.88 KB |
| MD5 |
cc964f7765436558a50c01c2401beea1
|
| SHA1 |
516dbdb86f63964a5b0614d32c1de69bdb40dc38
|
| SHA256 |
f29c080d7373c60ae20eb4ad51fa8b14388e9d9fe4807266546811e459f4cdd3
|
| SSDeep |
96:JDpsfZ/ZjZDrEqEMFzYVefsUCFEgGFElWE4FELla+QFEkPVAxColaA:kdrz1F2eU1FiF/FSiFCz
|
| C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log | Modified File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 5.88 KB |
| MD5 |
12674ffd548e8e2eb622049ec38c4bba
|
| SHA1 |
dc378980b7fe66724f8c1d5b0c88b976b9e88cee
|
| SHA256 |
4c10315afa92a6b76c1c470d3bddf58f46de456e0415d60cc490538b1062b3ed
|
| SSDeep |
96:KF21YrFMPtPsTDCG5xJkC6yT862Jf7RJqF0aa8zNk5QzUBqFGFElWE4FELla+QFU:KFHFpmG5xJL6yz2JfSFd3zNk5wUfF/F4
|
| Mime Type | application/octet-stream |
| File Size | 64.02 KB |
| MD5 |
91bf4888133ba2cd105a5ac3399bca7a
|
| SHA1 |
f93b0f98a229b60c5ab6bbd8efe16064969e1bd3
|
| SHA256 |
a32309a6f5a5fc1dc40cd11ac065ede7fa59ad54a46da2260e54842509d3b2b5
|
| SSDeep |
24:YMJNu5fnygi5fbY5fqqtWk4qrlk465fwtaS5fOuU5f09N5fCk5fW6iT5fR15fmrP:3o/49TclTqh89p1es6bh0yqYy
|
| C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log | Modified File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 48 bytes |
| MD5 |
b84a674902ba9e3efa466d232b869b4f
|
| SHA1 |
af98c521159d07259e17196ade22e45703c03967
|
| SHA256 |
93d72fa8fac8dbdff08db4c454d9f593c3d288317a1375500d9a8bb7cdb54d60
|
| SSDeep |
3:0YXWXoKQ514iHmn:0EWXoKs146mn
|
| C:\588bce7c90097ed212\DisplayIcon.ico | Modified File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\DisplayIcon.ico.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 86.47 KB |
| MD5 |
83d0536c8fabf4d4666f855c8bda053a
|
| SHA1 |
472fedd0c6182c963fdf1c5037a7a1d3787033e9
|
| SHA256 |
a0188ba799fc9c1d69cd4b2088c129af096bf43d14243adfe9f5861c104b662d
|
| SSDeep |
1536:/8MwwyqxMQP8ZOs0JOG58d8vo2zYOvvHAj/4/aXj/Nhhg73BVp5vEdx:/8MQ/gB4H8vo2no0/aX7C7Dcn
|
| C:\Program Files\Java\jre1.8.0_144\release | Modified File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\release.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 544 bytes |
| MD5 |
83f9fcc07a019fb47c35c57709226294
|
| SHA1 |
a849d1163f4871f5c5d9e1aea45d887feb9acf2e
|
| SHA256 |
0f6a39d18455c315ac4c9d779c83c6042dcaea535f975432025cf939ff7b1541
|
| SSDeep |
12:/twZq0GzvrHmNbiXxUtRoPJqZ2/JlxB1D/tlh73WY8iFvXa0Uvbz1:/L0qvrHse2uBi2/J7BLlhTXaXt
|
| C:\588bce7c90097ed212\header.bmp | Modified File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\header.bmp.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 3.55 KB |
| MD5 |
f391e1dae367d9b1f08e9a8b150d6556
|
| SHA1 |
9f91e738f07e74c999954388c884cff5bf638fb2
|
| SHA256 |
8cbaebc94aa0763504c57c8fbabf9ad64a9602e9fe94d9f5529e15704af58d47
|
| SSDeep |
96:lV9RN5iyz+SOGOZX+Xtz/8ZCrlQ5VHpx5kQ:hQyoGOZCRQTj5kQ
|
| C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME-JAVAFX.txt | Modified File | Text |
Not Queried
|
...
|
»
| Mime Type | text/plain |
| File Size | 62.45 KB |
| MD5 |
2406c352a00bbe9097e88fa06b7b8ca7
|
| SHA1 |
b4792c3023dbaf32d3158450700da4d6e1e3b52a
|
| SHA256 |
da09e8945da99fe102fbb97b86aeb7c2cab0588576a5dfecd68e0836cb4a04b4
|
| SSDeep |
1536:CMgEarxVXre2yMtzs6CSTmLNvkuiYLYKU:ZgnrxJr4QzP/yZ8xQ0
|
| C:\Program Files\Java\jre1.8.0_144\bin\java.exe.gоod | Dropped File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\java.exe (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 202.08 KB |
| MD5 |
53ba9c0049060ee8c977fd92d2a93e3d
|
| SHA1 |
0c06a7d396ef8a89dd5eb4b5d2a1063137afde54
|
| SHA256 |
126e85800520f274022c902d34003e2d2e0bc6bcfd31c459d64038a7f800e51a
|
| SSDeep |
3072:avwgV/wTmkrTHjzvBQdT7qKBnusl/Kbi6oyQS9wTBfYx2ZX6ZL4jZqMNOb1k:vgSTmUHvOdT7duCKbi6ozowTBkRYvKi
|
| C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.gоod | Dropped File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 973.70 KB |
| MD5 |
0e1260613851d0fe18797d2218880ae8
|
| SHA1 |
773ca459bd117a396e7fc25b1bb98dcdb2fba0c3
|
| SHA256 |
7476eea6fc5f8c9172baed88179d5fc577409ce5605b793f6eeeaade3da5ac9f
|
| SSDeep |
12288:ebKhh4wRyjIryAelsIwEuomOyqKywY+BNnVgOUq6iqOnJB9I3PWbURdqWxb2tiSo:ebKFRyjI4fLuvX96ixnLaf5rAi7zNUe
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | Modified File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 44.00 KB |
| MD5 |
464f966d4b2c4c9dad68536cc487c1b7
|
| SHA1 |
7c984540c781f7cfac6da92531687a6a704f5039
|
| SHA256 |
81df0a4a88eab57d7d8b8377dc4a4ac766999583b73b8088575e2df9b5ccf0f7
|
| SSDeep |
768:COvSAW7C/sqNhZcGGTA6VPdzGEbJOaNmyZk3E0zwhWZ6r63wh1:XSAW7C/RNhZcGWdz7vHuhwhe62gh1
|
| C:\588bce7c90097ed212\ParameterInfo.xml | Modified File | Text |
Not Queried
|
...
|
»
| Mime Type | text/xml |
| File Size | 265.69 KB |
| MD5 |
b6cc145dabeb36f4e88ded4f75189215
|
| SHA1 |
f593f2cb4e8bb591fe8ecb8f3386d4ecc8561040
|
| SHA256 |
cbaa52b5f134c104fe1e56ad99553838d02d989836268b1ca83e1b194271b364
|
| SSDeep |
384:EYSROAGiYNVrkT+8TodTBltw11VTvcL1wCiUj78leRqmH9Hej2iXWKYP4JUaGMLi:EFROYoVQTLTQTDFdhaaot6PcbrI1
|
| C:\588bce7c90097ed212\SetupUi.xsd | Modified File | Text |
Not Queried
|
...
|
»
| Mime Type | text/xml |
| File Size | 29.43 KB |
| MD5 |
8d45e35c89b2cc4cf0ff785008837de0
|
| SHA1 |
a43beabc0d650dff66e0131cbd939872e5665516
|
| SHA256 |
648799a112921b078c178c111628caa0b9fb821abb399a4933722cef0e271476
|
| SSDeep |
768:hlzLm8eYhsPs05F8/ET/chT+cxcW8G2P4oeTMW:1wchT+cxcDK
|
| C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat | Modified File | Stream |
Not Queried
|
...
|
»
| Mime Type | application/octet-stream |
| File Size | 3.52 MB |
| MD5 |
5ab853176474c8907f17f1f0db01a5b5
|
| SHA1 |
c3b4f5e33bbbf33799dfdb9d0fa50a2bbf82eeea
|
| SHA256 |
885bbbb0ce57495062f3d9c3877b2d6c101856aaebf9429d88a7f81fb0d7d19d
|
| SSDeep |
24576:cv2LphZeZvKErxJP6gPAqHoENunUsWwk48BJTQAkufl5W4oP/EG+X6w5AYawdGPV:cvhJPjZALKLki4fd
|
| C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe | Modified File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 445.05 KB |
| MD5 |
83d44202e1f76b4f0e45f68836f70226
|
| SHA1 |
e320bff2ca96ebaa1a9cd7dc4be7a0c228e4be4c
|
| SHA256 |
c671521dcaf3b173da1f1dca4150a8116999800c98303c24cef694a88077eddc
|
| SSDeep |
12288:g+Zc0IursYCYQeSnyZJiqlEbXSb9NtoqOFBqkYH0:RMYenGJiKEbXWtpOLlF
|
| C:\588bce7c90097ed212\SplashScreen.bmp | Modified File | Image |
Not Queried
|
...
|
»
| Mime Type | image/x-ms-bmp |
| File Size | 40.13 KB |
| MD5 |
f0210b190c25df364bf844d60f9cef46
|
| SHA1 |
5f766ee24c29e4939af4a760b3618f968f707194
|
| SHA256 |
bc9bd48a3f5b1640456e296acdc137e4eeae0e7d3d81869364c8089eacd5421a
|
| SSDeep |
384:G1o2kgxmJGEsU3pP28+Qq1ms68/tUqHUlHGwM7bwv3ETbFr2:kkpoapTbimsqHGE
|
| C:\588bce7c90097ed212\SplashScreen.bmp | Modified File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\SplashScreen.bmp.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 40.13 KB |
| MD5 |
e5128c9cc2bbf7926de164962d1d7967
|
| SHA1 |
06114d25b6e75e84983960e8672d1e74c3c3510f
|
| SHA256 |
52456ffa6a68f17b65cbf41a9102e47cce953c2d8fddd1d22ec22ca5ca8bff79
|
| SSDeep |
384:SZckE/vCDfE26zkgxmJGEsU3pP28+Qq1ms68/tUqHUlHGwM7bwv3ETbFr2:SZcrvCQ2DpoapTbimsqHGE
|
| C:\Program Files\Java\jre1.8.0_144\bin\klist.exe.gоod | Dropped File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\bin\klist.exe (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 16.08 KB |
| MD5 |
f85bab0d09a29d3d72d974438281b421
|
| SHA1 |
6fb1cfc12fefc6efcc12362b31e01ebef64254ef
|
| SHA256 |
6e568323e35867fa7c26e982e571558a68d5b1308bd61f637ce4a88258d7e323
|
| SSDeep |
192:RgFjIMSUqloGQHIoIIKEfoV1eeVUEnYe+PjPriT0fwts:aFcMSZlCoWKNV1eeVVnYPLr7P
|
| C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml | Modified File | Text |
Not Queried
|
...
|
»
| Also Known As | C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml (Modified File) |
| Mime Type | text/plain |
| File Size | 21.59 KB |
| MD5 |
6f074c92b01daa3825c27c074d11314b
|
| SHA1 |
2beb68f8d74045d2376fcc0d93b8a05d5ed4c38b
|
| SHA256 |
ac777fb06aabddeb19eab53f42dbadce92d1319e4afc5f3f13e49b0fefae7ed7
|
| SSDeep |
384:Eb/BZBJdZGyW0v6mm4P9+VN2SE3w7JLWraGbWpEa5YMr6PmHUT8:EbpZDdZGyW0v6mm4P9+VN2SE3w7JLWrS
|
| C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat | Modified File | Stream |
Not Queried
|
...
|
»
| Mime Type | application/octet-stream |
| File Size | 861.96 KB |
| MD5 |
ab381becd50fcc411a9ce8dec79715c8
|
| SHA1 |
d781d9925bc5184370a69d5dc0834398d5e490b2
|
| SHA256 |
d8983d702ca77ff932232eb0bbf2b79dd8f1851294df474d05b6d9cc7a100d49
|
| SSDeep |
6144:+C9FNIqVls5asFrAGHzgrqcHGNBSTXv9+1KbM4QLJQ6L8:xFNzEraTY1n4t
|
| C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat | Modified File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 861.96 KB |
| MD5 |
8f6ee95e1725b8a50323277ba9e6f392
|
| SHA1 |
c9c01142dd06cb133a1622af52aa9eba3d1905e3
|
| SHA256 |
3e182f6902cf405d3c7ff66acbfd4cdb401ec359307c10889acfb0d90e9f7318
|
| SSDeep |
6144:IDoWC9FNIqVls5asFrAGHzgrqcHGNBSTXv9+1KbM4QLJQ6L8:IiFNzEraTY1n4t
|
| C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml | Modified File | Text |
Not Queried
|
...
|
»
| Also Known As |
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml (Modified File)
C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml (Modified File) |
| Mime Type | text/plain |
| File Size | 20.53 KB |
| MD5 |
f3fa776f0dec8bb3a3f0d20994ca526f
|
| SHA1 |
4e8394a1d16a4b9c3fcf95f5beb7859a4e4f7e2b
|
| SHA256 |
b4550ccc06c2fd95cfc8720a3d026e651ff255f09943f2968b59ddc4709058d9
|
| SSDeep |
384:EeAdZGyW0v6mm4P9+VN2SE3w7JLWraGbWpEa5YMr6PmHUTS:EeAdZGyW0v6mm4P9+VN2SE3w7JLWraGa
|
| C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat | Modified File | Stream |
Not Queried
|
...
|
»
| Mime Type | application/octet-stream |
| File Size | 3.52 MB |
| MD5 |
7cc8c99caa1e49ab2dedb598342cc764
|
| SHA1 |
a285084ebd50ead94fd5bb1bec46b5dbda20260b
|
| SHA256 |
b61dd9024de630ae5d6eea485c5bb71efcf57e98f661f639ac1d99bb3306d8f2
|
| SSDeep |
24576:qehVph0e2vKErcJs69zAwhgEfUnU5W8ns4B1SJGpufrxWVoP/EG+X6w5AYawdGPV:qQjJsqd8i/rpwgOd
|
| C:\588bce7c90097ed212\watermark.bmp | Modified File | Image |
Not Queried
|
...
|
»
| Mime Type | image/x-ms-bmp |
| File Size | 101.65 KB |
| MD5 |
331ba2983a7b42d9c4369c69cf7470dd
|
| SHA1 |
66fd016992cc72602c73aac42bf2e72669aed3de
|
| SHA256 |
bd44b8bec9e3e70b3776527c936ffa9c6e8839ad06ac769699f1974dc44005af
|
| SSDeep |
768:QKUpOeBmAj72KbvEvffvCv7cTIMUHuRzHA8X9H51T9ho4xw7CgBl:QKULmAfbvEv47cIHzE9vo4SuUl
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe | Modified File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 52.59 KB |
| MD5 |
a397bfb63717325c20bf1bab4a838d8a
|
| SHA1 |
6e568c256dffa8eaaf2f9679796601926c553382
|
| SHA256 |
944be3e08846fb994d3c6ca26e45076ed80777a0848f897431b7a5b5b48480f0
|
| SSDeep |
768:PLFjr7QTanFOI9/ScWkPAG51JFPXdLbZmscCWvy3ELTibwjh3Ddg7ocAhQ:PLNr7SUL9sG/ZEs2g7bwjh367/AhQ
|
| C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.gоod | Dropped File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 148.02 KB |
| MD5 |
cf9fd15c27595a0892c9115bf9661f11
|
| SHA1 |
6de3ed9b7391c0433d0608af7ec82eb053a1e194
|
| SHA256 |
4bddfc6a0434e59f67aab0de6ffdfe990611da7a7139ae1c2b13f60ae2e127a3
|
| SSDeep |
3072:sl+0jBxHUGQr09nGe3D+VYawa5bJc3nW4Wb4NmlST8X:sldjb1qsgwawm4WtS8
|
| C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.gоod | Dropped File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 640 bytes |
| MD5 |
cb124a968e44dd6b6092cb4025b10835
|
| SHA1 |
f138f608b9153c886790e290cf279bc60907288d
|
| SHA256 |
5c8a46cc05378ddabec78172fd3f59b6a38ba4c18cb871b40b26d6ab5d04793b
|
| SSDeep |
12:8VUJK4U02vC0uj7ofE42z/zJX/VOcVKWAIPUg/HEywgk2uQt5QkYip7h:86IlDvCrofwrCxWNMg/r9ue5Qkvp7h
|
| C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml | Modified File | Text |
Not Queried
|
...
|
»
| Mime Type | text/plain |
| File Size | 5.67 MB |
| MD5 |
c5878862b25d606c65067f0cf7fa8f58
|
| SHA1 |
0fe22d41902722e8a4420a5d42026c48f356e8b1
|
| SHA256 |
831874c9aad13865bed5291762275b702fb66d5806e5c7fa647c9e1d64f9ef00
|
| SSDeep |
24576:W9dQp76lAnOANi0ppvgXoKeeXduCzmosvuV0Ui0K8SQFUFp7LDUxzx3ncllAW8Sx:0qq3NIX3NIIaa
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe.gоod | Dropped File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 114.20 KB |
| MD5 |
1051e35ffbeb8f905a3b72b0ed3a079c
|
| SHA1 |
be4f0461c96a505a78b5edb439651d0b884b0e5a
|
| SHA256 |
2651161b423961049523380e92470e3789c3fb1dec62471c9fae8bdc86f505e8
|
| SSDeep |
3072:+X6yAHaqQzTh+Ej7EZnD3XpTeCZbZvk+46eyemcr3i5:oihQzTwcYHdeC0qef7y5
|
| C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab | Modified File | Unknown |
Not Queried
|
...
|
»
| Mime Type | application/vnd.ms-cab-compressed |
| File Size | 1.23 MB |
| MD5 |
99fcf9b3b522797356f8e3cf2987478b
|
| SHA1 |
b2b1869551123f3d98d2d201329ec9d3d9aa5f7c
|
| SHA256 |
417fc87097c6d0a1b84398cb797e056ff99bcd06a784f8d943b2a0facd375c7d
|
| SSDeep |
24576:ESo/0kJ9pMJvk20LhUx60T8w82a9l+99+xFAF8O1GnLzQMHOWGfXztP2xgb:EfUJMvNUt8w8J+9QxqFVGnfYWWXUxE
|
| C:\588bce7c90097ed212\1028\LocalizedData.xml | Modified File | Text |
Not Queried
|
...
|
»
| Mime Type | text/xml |
| File Size | 59.41 KB |
| MD5 |
55bfbdab8f0ce7d350561ecb3754535b
|
| SHA1 |
251b92202065248427bb422a6d1e267f1316acd1
|
| SHA256 |
8ff5a88b321de0225eb8c83970b39f5cf3b76bbc7dcf5d002e98d1c27df9d6be
|
| SSDeep |
384:4wCGbCWB6rFk+2jP8lxtrzh1hsPN7ODPnPgQy50sJCXnofDPiY:tbCWYFrewYTJCI
|
| C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man | Modified File | Text |
Not Queried
|
...
|
»
| Mime Type | text/plain |
| File Size | 275.55 KB |
| MD5 |
d385c0c42cd0345a0fb95fa9180e4c0b
|
| SHA1 |
688384b04a347c314b20a806d3b942d0c364343b
|
| SHA256 |
dcd118e80ae790e546967366af147cb2f75d52d705bbcac68f316c0f570343cc
|
| SSDeep |
1536:SZA6XcWshc0+ixYAFYbGVLEFd/HUfnSdwNiqRif7YhYjqOxTyxrGABDsX0:cjSThMA1
|
| C:\588bce7c90097ed212\1028\LocalizedData.xml | Modified File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\1028\LocalizedData.xml.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 59.41 KB |
| MD5 |
86bef37e6a5c011c6ee62ede7348ab4b
|
| SHA1 |
2898220ca264cd65cd3582a124fce9b18010d90e
|
| SHA256 |
e45603afebda7e9b2a01ba78f91212b5f004dfba3e67f4981f1dc0345b08778a
|
| SSDeep |
384:so0IV/CKbCWB6rFk+2jP8lxtrzh1hsPN7ODPnPgQy50sJCXnofDPiY:so0ILbCWYFrewYTJCI
|
| C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man | Modified File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 275.55 KB |
| MD5 |
6644275b73360870104e0b3c1ad414bd
|
| SHA1 |
db8adf08aefaa390d1e0c8760f6a9064330029e9
|
| SHA256 |
dbb98f569a69b87bc491c6e84709bd4c922740cb91ef45f978f1ef983c0f3eef
|
| SSDeep |
1536:TwCzA6XcWshc0+ixYAFYbGVLEFd/HUfnSdwNiqRif7YhYjqOxTyxrGABDsX0:TwC7jSThMA1
|
| C:\588bce7c90097ed212\1029\eula.rtf | Modified File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\588bce7c90097ed212\1029\eula.rtf.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 3.64 KB |
| MD5 |
8323f827d8b44e2f6cc99a11282ee564
|
| SHA1 |
9400d308273258cd7baa78328d5258df1191ce05
|
| SHA256 |
48a52196cb1b799c34683cfd56e6485e57bf3e6a13ac2150e494c43daf9d304d
|
| SSDeep |
96:1BBsE7nGb5k97/9OAm7E45hLResy/IB2OM+pnCQt:1XsV5kN9BZ4XLMBIB2OFVCU
|
| C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml | Modified File | Text |
Not Queried
|
...
|
»
| Mime Type | text/xml |
| File Size | 36.50 KB |
| MD5 |
14c98ff6644d9e42815988bcff1932f7
|
| SHA1 |
a040ac12a615ab5a5219c6f856d4ce75fff8eae7
|
| SHA256 |
59066ee3168a38e6f315c18540e21fb7a4211a35fdd095deb78e64668a55cc5e
|
| SSDeep |
384:6bmJ5EfR+x8mQtXj6KAE1l9Vh94I3MZXF0EMuRusWqhq2D+p/F4Hue38hsXJ:ARmmjbROqDpd4H
|
| C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml | Modified File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 36.50 KB |
| MD5 |
13cfbb3df5b581ec79f63d22e0e1b7c0
|
| SHA1 |
4b92a5f7117b151f5cd2f50c079f731e716aa196
|
| SHA256 |
69519ea88850136baddb456ae74b0962e1ff6fd087bde26d53a5067d2f969c13
|
| SSDeep |
384:iamM3+hUi2qXT15EfR+x8mQtXj6KAE1l9Vh94I3MZXF0EMuRusWqhq2D+p/F4HuU:i5M3pYXTammjbROqDpd4H
|
| C:\Program Files\Java\jre1.8.0_144\lib\charsets.jar | Modified File | Unknown |
Not Queried
|
...
|
»
| Mime Type | application/java-archive |
| File Size | 2.90 MB |
| MD5 |
42fd687b22a8c38612744abb33d018bb
|
| SHA1 |
7fb226c2b03a178ef63d74e269d2bad484477ebf
|
| SHA256 |
03f91641ab29df7afccf9943ed6606e496ab908655117d77eb0cb6fcb381c9d1
|
| SSDeep |
49152:ECi4xz1nZUh7Bj4zw4FgEcLZHnvvFRlbIYy6F:ECikzNGhcONn37lbI8
|
| C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml | Modified File | Text |
Not Queried
|
...
|
»
| Mime Type | text/xml |
| File Size | 57.79 KB |
| MD5 |
adbb20d7eeb0267684ada6d7c07dd5a5
|
| SHA1 |
46e70688302590bf2302c77175d5b255304cde08
|
| SHA256 |
5118ee360a052f89329c5ebb630eb2fc660219cdaaf614713b64af8960b3198c
|
| SSDeep |
192:ruJZlGISuwCV0sAmCSFvDusXSs2sIgsgssysn3xQ85azZ94IackhQ6IhWZokawdt:wGISqZ1DrnUhY3mn6TJaXnRI
|
| C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml | Modified File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 57.79 KB |
| MD5 |
0ab2f6cc355a998ba39b70c7a089d119
|
| SHA1 |
5c8253f844ee593671fd52ec4a7e4f0cba6c0966
|
| SHA256 |
8bb18f58051cd04712de1e7c93ce33b7ed74b2b4a27ec7cc4f31c26c4c0fba66
|
| SSDeep |
384:Vd5JfVwkb1okaMZ1DrnUhY3mn6TJaXnRI:Vd53wkphFJaK
|
| C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab | Modified File | Unknown |
Not Queried
|
...
|
»
| Mime Type | application/vnd.ms-cab-compressed |
| File Size | 4.96 MB |
| MD5 |
c2a15dba3ac630bc26fe82dd922facf9
|
| SHA1 |
44727400b85d9a77775dff7e8b0beceb5befc8e0
|
| SHA256 |
83d5c0bf2fdd288f9877672888930099aba84be51297f6797a499786128307a0
|
| SSDeep |
98304:1J8gMPYN9FSnMsVNHOcrQ3K3L3HdTzbV33UoGEsr0JTVlAT1EQzOsg7ov1/oB:oPY7F4NfH03ETzbR9sIlATHCfQ1/oB
|
| C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.gоod | Dropped File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 2.00 KB |
| MD5 |
696fd88c285cf89249b8655d135b733a
|
| SHA1 |
ed3052f0b59d7c4005f0e67a94b7f984aabb7242
|
| SHA256 |
361f81af7c55b114cb1731fb922b75ae3c17933c5c38d4f5952f7f752dbfb535
|
| SSDeep |
48:mUITfBq0E0mGxCg8C+qdO4Y8RkrjPEgjCOb3d1uqUk/sshWHv5:mUITnE5GxwCvMX8RkrQOb3d1uassho5
|
| C:\588bce7c90097ed212\1030\LocalizedData.xml | Modified File | Text |
Not Queried
|
...
|
»
| Mime Type | text/xml |
| File Size | 75.94 KB |
| MD5 |
7c0f30505fb5c02decd9054d86e118b5
|
| SHA1 |
2260e3f763f448dca8cb2f5d27660e12e53d4553
|
| SHA256 |
0194f6bcef5062afbce4c371035c0204f12c4a7dc8f196603fffa80e13e8a227
|
| SSDeep |
384:4wvo3sGYQTjtLCpCggWuUyl+JMcf/zmSmRLAgRQJmS+e/JAu1O2Xx+E:9o8GYQTjtLCYggWuUMe+e/JX
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt | Modified File | Text |
Not Queried
|
...
|
»
| Mime Type | text/plain |
| File Size | 26.41 KB |
| MD5 |
4e011fc9f30a867e269698db081201c7
|
| SHA1 |
cc6a1ed45c3d188886585ba1c09bd560d0237934
|
| SHA256 |
b910358721ae14ef164cdc893d1efd80406148eda1b8a18cd6d6e6467e3d33bb
|
| SSDeep |
384:4j5BIk+x/vIqk018X6sT6AATeINgKP+nHQ41fgcmmItyOQeM9YfWEJZBfuod:4lBJs/8OTeDnLqFXTflJZBfuod
|
| C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml | Modified File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 3.56 MB |
| MD5 |
37ab8d8de27f51bacf7ef2ffa1bcecb1
|
| SHA1 |
c8ffe5e84c31d9360e225ec51944072978ac473f
|
| SHA256 |
94638c86f7c3e89e11452b0b05899cd51e9570025c86313530f755c85c956933
|
| SSDeep |
98304:moHqkrf2YkGbeR9U5jURQCMjyjPSDZKwyI38K:P
|
| C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml | Modified File | Text |
Not Queried
|
...
|
»
| Mime Type | text/xml |
| File Size | 1.87 MB |
| MD5 |
d458eeaf2695c627e443dd3b6f467d83
|
| SHA1 |
57e67ea8899aa567f327187b73fa265bb7de277d
|
| SHA256 |
4aef292b88175115476a8aab72724454840ad8d36f8b47e9659581c3948f7821
|
| SSDeep |
6144:nUfVrzOKGokPu1pbYpUrEGQd0g8AfiSDQMkJaBflsy2W8Kga6uGX5+p1oFDz7GbB:nkrzL11fATrF2BQ0JQKo8XU
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\LICENSE.txt | Modified File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\LICENSE.txt.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 1.66 KB |
| MD5 |
9611b07265cf01f89b9039175bdf9da7
|
| SHA1 |
2e2be3bb30062583b48f7193443ebf33cf37c61a
|
| SHA256 |
b67dbe234279d7f152f2b020682ac3c3280523fbbfcdd7f4b5e61a9d17c19314
|
| SSDeep |
24:TnMmuVO7byAdf1JtGcT1ig7dKGv2YhhQYLmZfwZltfi1ZvClvNf/P13dQTUM3WhQ:D8O7byANHtGcpiq1XyZs7NfHB/Mmn8B
|
| C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.gоod | Dropped File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 15.79 KB |
| MD5 |
31b13a2ff14b03272f102cd38fe5426b
|
| SHA1 |
318ad0e78355068a619f78780ea581256f93dc83
|
| SHA256 |
fe015a67c6944da07eb38278695247ce5c07a29905696ad6b78017421e7f0ede
|
| SSDeep |
192:sLGLZ9BvPduQcY8OH0JrfCowSDUC1BDUC1Q6Y2whyM3hARUCjg8W:bZTvPdhZ9H0JjCBPcqcQ6YRvh3mg8W
|
| C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml | Modified File | Text |
Not Queried
|
...
|
»
| Mime Type | text/xml |
| File Size | 9.60 KB |
| MD5 |
139ddf4e0ae310f930b5aadcd0097f82
|
| SHA1 |
197921a59e8a1e5b4925312ca005c8ccaf6d514c
|
| SHA256 |
b15e336740de2f6f18e40e786b5a5133c7b8f0da444b23b22b6b157895a5b6d0
|
| SSDeep |
96:elrUn5DUqR0QNcwUn5eGuoXwUqeGuWQ1pW08yhwx5+yNhxNTxfAxjQdq0GBsDPBd:lnu5bngGpbzG4q2cRL7Gc
|
| C:\Program Files\Java\jre1.8.0_144\lib\classlist.gоod | Dropped File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\Program Files\Java\jre1.8.0_144\lib\classlist (Modified File) |
| Mime Type | application/octet-stream |
| File Size | 82.39 KB |
| MD5 |
e837653e4d18354b5b092659a9da951f
|
| SHA1 |
fa4b6622fd0d8a9e96f56777c835a5d2ea4faafb
|
| SHA256 |
86ead08fff28c84b49709c8cb058ee9f02013470acd9c7b934bb78c3759659b4
|
| SSDeep |
1536:2I9Fy0nxfn5rxLyMznYolTzlff5OK3COHoHNG5rb/cxNwmCX1g86K2oWdAqNqc+R:2IHyexn5rxLyMzbf5OK3CJNG51g86E
|
| C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab | Modified File | Stream |
Not Queried
|
...
|
»
| Also Known As | C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab.gоod (Dropped File) |
| Mime Type | application/octet-stream |
| File Size | 4.96 MB |
| MD5 |
a73b90d610fc81c916adb8568d72c29f
|
| SHA1 |
91aa45ef749034d328df40ed937ab01886eec8e9
|
| SHA256 |
147b128b61888342f9b21c9eac9bba991ddf4154aafb3b48d10dfc932c7ee13b
|
| SSDeep |
49152:+jN8gMd1YN9FtQnY2iZEWsVNHOgjVSyQy/0zKTMe1bL3HdS:+J8gMPYN9FSnMsVNHOcrQ3K3L3HdS
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\HOW_TO_RECOVER_FILES.txt | Dropped File | Text |
Not Queried
|
...
|
»
| Also Known As |
C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\HOW_TO_RECOVER_FILES.txt (Dropped File)
c:\users\how_to_recover_files.txt (Dropped File) C:\$GetCurrent\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\es-MX\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\ClickToRun\MachineData\Integration\ShortcutBackups\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\UEV\Templates\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\UEV\InboxTemplates\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Logs\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\Storage Health\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Program Files\Java\jre1.8.0_144\bin\plugin2\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\sk-SK\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\UEV\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\it-IT\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\el-GR\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\$GetCurrent\Logs\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\Resources\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\588bce7c90097ed212\1025\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\qps-ploc\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\Speech_OneCore\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\fr-CA\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Program Files\Java\jre1.8.0_144\bin\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\$Recycle.Bin\S-1-5-18\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\Spectrum\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\ClickToRun\MachineData\Integration\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\zh-HK\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\sr-Latn-CS\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\fi-FI\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Adobe\ARM\Reader_15.007.20033\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\de-DE\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\bg-BG\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\fr-FR\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\ro-RO\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\nb-NO\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\tr-TR\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\en-US\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\PerfLogs\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\pl-PL\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\lt-LT\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\588bce7c90097ed212\1030\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\588bce7c90097ed212\1029\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\Settings\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\ja-JP\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\ko-KR\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\sl-SI\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\et-EE\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Program Files\Java\jre1.8.0_144\bin\server\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\Fonts\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\588bce7c90097ed212\1028\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\ClickToRun\MachineData\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\da-DK\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\sr-Latn-RS\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\en-GB\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\es-ES\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\ru-RU\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ESD\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\sv-SE\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\Resources\en-US\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\lv-LV\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\pt-PT\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\cs-CZ\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\UEV\Scripts\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\pt-BR\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\$Recycle.Bin\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\$GetCurrent\SafeOS\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\zh-TW\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\uk-UA\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\zh-CN\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\hr-HR\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\hu-HU\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Microsoft\Settings\Accounts\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\Boot\nl-NL\HOW_TO_RECOVER_FILES.txt (Dropped File) C:\ProgramData\Adobe\ARM\Reader_15.023.20070\HOW_TO_RECOVER_FILES.txt (Dropped File) |
| Mime Type | text/plain |
| File Size | 1.45 KB |
| MD5 |
c25e52e180ed143127434f7ff3551897
|
| SHA1 |
e76c671e886b7f02c5659db3ca7198f1f6236bca
|
| SHA256 |
58a5d6fa67f443c45693cd504d52de95162bbcbed1acf8ce1b228f83d0192f28
|
| SSDeep |
24:FE4rVP01jhs7O/kQEX2HtKo/nR3rOeoz41QpwRLF9RSc3LYCkoPQwWRDdav:15MhDwoPRryz4ipOPIc3sCkoPqDMv
|
