VTI SCORE: 100/100
Dynamic Analysis Report |
Classification: |
Spyware
|
Threat Names: |
Gen:Variant.Zusy.305535
|
qPp5UU0Zt1HNYJXn.exe
Windows Exe (x86-32)
Created at 2020-06-22T06:02:00
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
Filename | Category | Type | Severity | Actions |
---|
C:\Users\FD1HVy\Desktop\qPp5UU0Zt1HNYJXn.exe | Sample File | Binary |
Malicious
|
...
|
»
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x4446b4 |
Size Of Code | 0x47a00 |
Size Of Initialized Data | 0x10a00 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2020-06-18 18:48:06+00:00 |
Sections (4)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x401000 | 0x47889 | 0x47a00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.7 |
.rdata | 0x449000 | 0xad8e | 0xae00 | 0x47e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.68 |
.data | 0x454000 | 0x1ffc | 0x600 | 0x52c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.43 |
.reloc | 0x456000 | 0x3abc | 0x3c00 | 0x53200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.7 |
Imports (19)
»
KERNEL32.dll (87)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetCurrentProcess | 0x0 | 0x44900c | 0x527d8 | 0x515d8 | 0x217 |
WriteFile | 0x0 | 0x449010 | 0x527dc | 0x515dc | 0x612 |
LeaveCriticalSection | 0x0 | 0x449014 | 0x527e0 | 0x515e0 | 0x3bd |
SetFilePointer | 0x0 | 0x449018 | 0x527e4 | 0x515e4 | 0x522 |
InitializeCriticalSectionEx | 0x0 | 0x44901c | 0x527e8 | 0x515e8 | 0x360 |
CreateMutexA | 0x0 | 0x449020 | 0x527ec | 0x515ec | 0xd7 |
UnmapViewOfFile | 0x0 | 0x449024 | 0x527f0 | 0x515f0 | 0x5b0 |
HeapSize | 0x0 | 0x449028 | 0x527f4 | 0x515f4 | 0x34e |
MultiByteToWideChar | 0x0 | 0x44902c | 0x527f8 | 0x515f8 | 0x3ef |
Sleep | 0x0 | 0x449030 | 0x527fc | 0x515fc | 0x57d |
GetFileInformationByHandle | 0x0 | 0x449034 | 0x52800 | 0x51600 | 0x247 |
GetLastError | 0x0 | 0x449038 | 0x52804 | 0x51604 | 0x261 |
CreateFileA | 0x0 | 0x44903c | 0x52808 | 0x51608 | 0xc3 |
FileTimeToSystemTime | 0x0 | 0x449040 | 0x5280c | 0x5160c | 0x16a |
LoadLibraryA | 0x0 | 0x449044 | 0x52810 | 0x51610 | 0x3c1 |
LockResource | 0x0 | 0x449048 | 0x52814 | 0x51614 | 0x3db |
HeapReAlloc | 0x0 | 0x44904c | 0x52818 | 0x51618 | 0x34c |
CloseHandle | 0x0 | 0x449050 | 0x5281c | 0x5161c | 0x86 |
RaiseException | 0x0 | 0x449054 | 0x52820 | 0x51620 | 0x462 |
GetSystemInfo | 0x0 | 0x449058 | 0x52824 | 0x51624 | 0x2e3 |
FindResourceExW | 0x0 | 0x44905c | 0x52828 | 0x51628 | 0x195 |
LoadResource | 0x0 | 0x449060 | 0x5282c | 0x5162c | 0x3c7 |
FindResourceW | 0x0 | 0x449064 | 0x52830 | 0x51630 | 0x196 |
HeapAlloc | 0x0 | 0x449068 | 0x52834 | 0x51634 | 0x345 |
GetLocalTime | 0x0 | 0x44906c | 0x52838 | 0x51638 | 0x262 |
HeapDestroy | 0x0 | 0x449070 | 0x5283c | 0x5163c | 0x348 |
GetProcAddress | 0x0 | 0x449074 | 0x52840 | 0x51640 | 0x2ae |
CreateFileMappingA | 0x0 | 0x449078 | 0x52844 | 0x51644 | 0xc4 |
GetFileSize | 0x0 | 0x44907c | 0x52848 | 0x51648 | 0x24b |
DeleteCriticalSection | 0x0 | 0x449080 | 0x5284c | 0x5164c | 0x110 |
GetProcessHeap | 0x0 | 0x449084 | 0x52850 | 0x51650 | 0x2b4 |
SystemTimeToFileTime | 0x0 | 0x449088 | 0x52854 | 0x51654 | 0x588 |
FreeLibrary | 0x0 | 0x44908c | 0x52858 | 0x51658 | 0x1ab |
WideCharToMultiByte | 0x0 | 0x449090 | 0x5285c | 0x5165c | 0x5fe |
EnterCriticalSection | 0x0 | 0x449094 | 0x52860 | 0x51660 | 0x131 |
GetTickCount | 0x0 | 0x449098 | 0x52864 | 0x51664 | 0x307 |
IsWow64Process | 0x0 | 0x44909c | 0x52868 | 0x51668 | 0x391 |
AreFileApisANSI | 0x0 | 0x4490a0 | 0x5286c | 0x5166c | 0x23 |
GetFullPathNameW | 0x0 | 0x4490a4 | 0x52870 | 0x51670 | 0x259 |
LockFile | 0x0 | 0x4490a8 | 0x52874 | 0x51674 | 0x3d9 |
InitializeCriticalSection | 0x0 | 0x4490ac | 0x52878 | 0x51678 | 0x35e |
GetFullPathNameA | 0x0 | 0x4490b0 | 0x5287c | 0x5167c | 0x256 |
SetEndOfFile | 0x0 | 0x4490b4 | 0x52880 | 0x51680 | 0x510 |
GetTempPathW | 0x0 | 0x4490b8 | 0x52884 | 0x51684 | 0x2f6 |
CreateFileW | 0x0 | 0x4490bc | 0x52888 | 0x51688 | 0xcb |
GetFileAttributesW | 0x0 | 0x4490c0 | 0x5288c | 0x5168c | 0x245 |
GetCurrentThreadId | 0x0 | 0x4490c4 | 0x52890 | 0x51690 | 0x21c |
GetTempPathA | 0x0 | 0x4490c8 | 0x52894 | 0x51694 | 0x2f5 |
GetFileAttributesA | 0x0 | 0x4490cc | 0x52898 | 0x51698 | 0x240 |
GetVersionExA | 0x0 | 0x4490d0 | 0x5289c | 0x5169c | 0x31a |
DeleteFileA | 0x0 | 0x4490d4 | 0x528a0 | 0x516a0 | 0x112 |
DeleteFileW | 0x0 | 0x4490d8 | 0x528a4 | 0x516a4 | 0x115 |
LoadLibraryW | 0x0 | 0x4490dc | 0x528a8 | 0x516a8 | 0x3c4 |
UnlockFile | 0x0 | 0x4490e0 | 0x528ac | 0x516ac | 0x5ae |
LockFileEx | 0x0 | 0x4490e4 | 0x528b0 | 0x516b0 | 0x3da |
GetCurrentProcessId | 0x0 | 0x4490e8 | 0x528b4 | 0x516b4 | 0x218 |
GetSystemTimeAsFileTime | 0x0 | 0x4490ec | 0x528b8 | 0x516b8 | 0x2e9 |
GetSystemTime | 0x0 | 0x4490f0 | 0x528bc | 0x516bc | 0x2e7 |
FormatMessageA | 0x0 | 0x4490f4 | 0x528c0 | 0x516c0 | 0x1a6 |
QueryPerformanceCounter | 0x0 | 0x4490f8 | 0x528c4 | 0x516c4 | 0x44d |
FlushFileBuffers | 0x0 | 0x4490fc | 0x528c8 | 0x516c8 | 0x19f |
GetCurrentDirectoryW | 0x0 | 0x449100 | 0x528cc | 0x516cc | 0x211 |
CreateDirectoryW | 0x0 | 0x449104 | 0x528d0 | 0x516d0 | 0xba |
FindClose | 0x0 | 0x449108 | 0x528d4 | 0x516d4 | 0x175 |
FindFirstFileExW | 0x0 | 0x44910c | 0x528d8 | 0x516d8 | 0x17b |
FindNextFileW | 0x0 | 0x449110 | 0x528dc | 0x516dc | 0x18c |
GetFileAttributesExW | 0x0 | 0x449114 | 0x528e0 | 0x516e0 | 0x242 |
RemoveDirectoryW | 0x0 | 0x449118 | 0x528e4 | 0x516e4 | 0x4b9 |
HeapFree | 0x0 | 0x44911c | 0x528e8 | 0x516e8 | 0x349 |
SizeofResource | 0x0 | 0x449120 | 0x528ec | 0x516ec | 0x57c |
MapViewOfFile | 0x0 | 0x449124 | 0x528f0 | 0x516f0 | 0x3de |
ReadFile | 0x0 | 0x449128 | 0x528f4 | 0x516f4 | 0x473 |
SetLastError | 0x0 | 0x44912c | 0x528f8 | 0x516f8 | 0x532 |
GetModuleHandleW | 0x0 | 0x449130 | 0x528fc | 0x516fc | 0x278 |
CopyFileW | 0x0 | 0x449134 | 0x52900 | 0x51700 | 0xad |
IsDebuggerPresent | 0x0 | 0x449138 | 0x52904 | 0x51704 | 0x37f |
OutputDebugStringW | 0x0 | 0x44913c | 0x52908 | 0x51708 | 0x419 |
InitializeCriticalSectionAndSpinCount | 0x0 | 0x449140 | 0x5290c | 0x5170c | 0x35f |
SetEvent | 0x0 | 0x449144 | 0x52910 | 0x51710 | 0x516 |
ResetEvent | 0x0 | 0x449148 | 0x52914 | 0x51714 | 0x4c6 |
WaitForSingleObjectEx | 0x0 | 0x44914c | 0x52918 | 0x51718 | 0x5d8 |
CreateEventW | 0x0 | 0x449150 | 0x5291c | 0x5171c | 0xbf |
UnhandledExceptionFilter | 0x0 | 0x449154 | 0x52920 | 0x51720 | 0x5ad |
SetUnhandledExceptionFilter | 0x0 | 0x449158 | 0x52924 | 0x51724 | 0x56d |
IsProcessorFeaturePresent | 0x0 | 0x44915c | 0x52928 | 0x51728 | 0x386 |
InitializeSListHead | 0x0 | 0x449160 | 0x5292c | 0x5172c | 0x363 |
TerminateProcess | 0x0 | 0x449164 | 0x52930 | 0x51730 | 0x58c |
USER32.dll (6)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetDC | 0x0 | 0x4491d0 | 0x5299c | 0x5179c | 0x140 |
GetDesktopWindow | 0x0 | 0x4491d4 | 0x529a0 | 0x517a0 | 0x143 |
FindWindowA | 0x0 | 0x4491d8 | 0x529a4 | 0x517a4 | 0x111 |
GetSystemMetrics | 0x0 | 0x4491dc | 0x529a8 | 0x517a8 | 0x1c4 |
ShowWindow | 0x0 | 0x4491e0 | 0x529ac | 0x517ac | 0x380 |
ReleaseDC | 0x0 | 0x4491e4 | 0x529b0 | 0x517b0 | 0x2f5 |
GDI32.dll (2)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
DeleteObject | 0x0 | 0x449000 | 0x527cc | 0x515cc | 0x17f |
GetObjectA | 0x0 | 0x449004 | 0x527d0 | 0x515d0 | 0x2a6 |
MSVCP140.dll (21)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z | 0x0 | 0x44916c | 0x52938 | 0x51738 | 0xb1 |
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z | 0x0 | 0x449170 | 0x5293c | 0x5173c | 0x1b8 |
?narrow@?$ctype@_W@std@@QBEPB_WPB_W0DPAD@Z | 0x0 | 0x449174 | 0x52940 | 0x51740 | 0x42c |
??Bid@locale@std@@QAEIXZ | 0x0 | 0x449178 | 0x52944 | 0x51744 | 0x131 |
?_Getname@_Locinfo@std@@QBEPBDXZ | 0x0 | 0x44917c | 0x52948 | 0x51748 | 0x1de |
??1_Locinfo@std@@QAE@XZ | 0x0 | 0x449180 | 0x5294c | 0x5174c | 0xa4 |
??0_Locinfo@std@@QAE@HPBD@Z | 0x0 | 0x449184 | 0x52950 | 0x51750 | 0x6b |
??1_Lockit@std@@QAE@XZ | 0x0 | 0x449188 | 0x52954 | 0x51754 | 0xa5 |
??0_Lockit@std@@QAE@H@Z | 0x0 | 0x44918c | 0x52958 | 0x51758 | 0x6d |
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z | 0x0 | 0x449190 | 0x5295c | 0x5175c | 0x1a6 |
?_Xruntime_error@std@@YAXPBD@Z | 0x0 | 0x449194 | 0x52960 | 0x51760 | 0x292 |
?_Syserror_map@std@@YAPBDH@Z | 0x0 | 0x449198 | 0x52964 | 0x51764 | 0x273 |
?_Xlength_error@std@@YAXPBD@Z | 0x0 | 0x44919c | 0x52968 | 0x51768 | 0x28e |
?_Winerror_map@std@@YAHH@Z | 0x0 | 0x4491a0 | 0x5296c | 0x5176c | 0x285 |
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z | 0x0 | 0x4491a4 | 0x52970 | 0x51770 | 0x23a |
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z | 0x0 | 0x4491a8 | 0x52974 | 0x51774 | 0x243 |
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ | 0x0 | 0x4491ac | 0x52978 | 0x51778 | 0x1d5 |
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z | 0x0 | 0x4491b0 | 0x5297c | 0x5177c | 0x20f |
?_Winerror_message@std@@YAKKPADK@Z | 0x0 | 0x4491b4 | 0x52980 | 0x51780 | 0x286 |
?id@?$ctype@_W@std@@2V0locale@2@A | 0x0 | 0x4491b8 | 0x52984 | 0x51784 | 0x3d1 |
?_Xout_of_range@std@@YAXPBD@Z | 0x0 | 0x4491bc | 0x52988 | 0x51788 | 0x28f |
SHLWAPI.dll (2)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
PathFindExtensionW | 0x0 | 0x4491c4 | 0x52990 | 0x51790 | 0x4b |
PathFindExtensionA | 0x0 | 0x4491c8 | 0x52994 | 0x51794 | 0x4a |
gdiplus.dll (8)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GdiplusStartup | 0x0 | 0x44937c | 0x52b48 | 0x51948 | 0x275 |
GdipCreateBitmapFromHBITMAP | 0x0 | 0x449380 | 0x52b4c | 0x5194c | 0x4d |
GdipGetImageEncoders | 0x0 | 0x449384 | 0x52b50 | 0x51950 | 0x11e |
GdiplusShutdown | 0x0 | 0x449388 | 0x52b54 | 0x51954 | 0x274 |
GdipDisposeImage | 0x0 | 0x44938c | 0x52b58 | 0x51958 | 0x98 |
GdipGetImageEncodersSize | 0x0 | 0x449390 | 0x52b5c | 0x5195c | 0x11f |
GdipCreateBitmapFromScan0 | 0x0 | 0x449394 | 0x52b60 | 0x51960 | 0x50 |
GdipSaveImageToFile | 0x0 | 0x449398 | 0x52b64 | 0x51964 | 0x1f0 |
WININET.dll (9)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
HttpEndRequestA | 0x0 | 0x449228 | 0x529f4 | 0x517f4 | 0x71 |
HttpSendRequestExA | 0x0 | 0x44922c | 0x529f8 | 0x517f8 | 0x80 |
InternetCloseHandle | 0x0 | 0x449230 | 0x529fc | 0x517fc | 0x95 |
InternetConnectA | 0x0 | 0x449234 | 0x52a00 | 0x51800 | 0x9b |
InternetWriteFile | 0x0 | 0x449238 | 0x52a04 | 0x51804 | 0xef |
InternetOpenA | 0x0 | 0x44923c | 0x52a08 | 0x51808 | 0xc6 |
HttpOpenRequestA | 0x0 | 0x449240 | 0x52a0c | 0x5180c | 0x78 |
InternetReadFile | 0x0 | 0x449244 | 0x52a10 | 0x51810 | 0xce |
HttpSendRequestA | 0x0 | 0x449248 | 0x52a14 | 0x51814 | 0x7f |
VCRUNTIME140.dll (14)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CxxThrowException | 0x0 | 0x4491ec | 0x529b8 | 0x517b8 | 0x1 |
__CxxFrameHandler3 | 0x0 | 0x4491f0 | 0x529bc | 0x517bc | 0x10 |
__std_exception_destroy | 0x0 | 0x4491f4 | 0x529c0 | 0x517c0 | 0x22 |
memmove | 0x0 | 0x4491f8 | 0x529c4 | 0x517c4 | 0x47 |
__current_exception | 0x0 | 0x4491fc | 0x529c8 | 0x517c8 | 0x1c |
memcpy | 0x0 | 0x449200 | 0x529cc | 0x517cc | 0x46 |
__std_exception_copy | 0x0 | 0x449204 | 0x529d0 | 0x517d0 | 0x21 |
memcmp | 0x0 | 0x449208 | 0x529d4 | 0x517d4 | 0x45 |
__current_exception_context | 0x0 | 0x44920c | 0x529d8 | 0x517d8 | 0x1d |
_except_handler3 | 0x0 | 0x449210 | 0x529dc | 0x517dc | 0x34 |
memchr | 0x0 | 0x449214 | 0x529e0 | 0x517e0 | 0x44 |
_except_handler4_common | 0x0 | 0x449218 | 0x529e4 | 0x517e4 | 0x35 |
__std_terminate | 0x0 | 0x44921c | 0x529e8 | 0x517e8 | 0x23 |
memset | 0x0 | 0x449220 | 0x529ec | 0x517ec | 0x48 |
api-ms-win-crt-runtime-l1-1-0.dll (23)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_configure_narrow_argv | 0x0 | 0x44929c | 0x52a68 | 0x51868 | 0x19 |
_initialize_narrow_environment | 0x0 | 0x4492a0 | 0x52a6c | 0x5186c | 0x35 |
_invalid_parameter_noinfo_noreturn | 0x0 | 0x4492a4 | 0x52a70 | 0x51870 | 0x3b |
_register_onexit_function | 0x0 | 0x4492a8 | 0x52a74 | 0x51874 | 0x3e |
_crt_atexit | 0x0 | 0x4492ac | 0x52a78 | 0x51878 | 0x1f |
_cexit | 0x0 | 0x4492b0 | 0x52a7c | 0x5187c | 0x17 |
_seh_filter_exe | 0x0 | 0x4492b4 | 0x52a80 | 0x51880 | 0x42 |
_errno | 0x0 | 0x4492b8 | 0x52a84 | 0x51884 | 0x23 |
terminate | 0x0 | 0x4492bc | 0x52a88 | 0x51888 | 0x6a |
_get_initial_narrow_environment | 0x0 | 0x4492c0 | 0x52a8c | 0x5188c | 0x2a |
_initterm | 0x0 | 0x4492c4 | 0x52a90 | 0x51890 | 0x38 |
_initterm_e | 0x0 | 0x4492c8 | 0x52a94 | 0x51894 | 0x39 |
_exit | 0x0 | 0x4492cc | 0x52a98 | 0x51898 | 0x25 |
_invalid_parameter_noinfo | 0x0 | 0x4492d0 | 0x52a9c | 0x5189c | 0x3a |
__p___argc | 0x0 | 0x4492d4 | 0x52aa0 | 0x518a0 | 0x5 |
__p___argv | 0x0 | 0x4492d8 | 0x52aa4 | 0x518a4 | 0x6 |
_c_exit | 0x0 | 0x4492dc | 0x52aa8 | 0x518a8 | 0x16 |
_register_thread_local_exe_atexit_callback | 0x0 | 0x4492e0 | 0x52aac | 0x518ac | 0x3f |
exit | 0x0 | 0x4492e4 | 0x52ab0 | 0x518b0 | 0x58 |
_resetstkoflw | 0x0 | 0x4492e8 | 0x52ab4 | 0x518b4 | 0x40 |
_set_app_type | 0x0 | 0x4492ec | 0x52ab8 | 0x518b8 | 0x44 |
_controlfp_s | 0x0 | 0x4492f0 | 0x52abc | 0x518bc | 0x1d |
_initialize_onexit_table | 0x0 | 0x4492f4 | 0x52ac0 | 0x518c0 | 0x36 |
api-ms-win-crt-time-l1-1-0.dll (4)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
clock | 0x0 | 0x449358 | 0x52b24 | 0x51924 | 0x45 |
asctime | 0x0 | 0x44935c | 0x52b28 | 0x51928 | 0x43 |
_time64 | 0x0 | 0x449360 | 0x52b2c | 0x5192c | 0x30 |
_localtime64 | 0x0 | 0x449364 | 0x52b30 | 0x51930 | 0x23 |
api-ms-win-crt-string-l1-1-0.dll (13)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
wcscspn | 0x0 | 0x449320 | 0x52aec | 0x518ec | 0xa2 |
strlen | 0x0 | 0x449324 | 0x52af0 | 0x518f0 | 0x8b |
isspace | 0x0 | 0x449328 | 0x52af4 | 0x518f4 | 0x6e |
isalnum | 0x0 | 0x44932c | 0x52af8 | 0x518f8 | 0x64 |
isdigit | 0x0 | 0x449330 | 0x52afc | 0x518fc | 0x68 |
wcsspn | 0x0 | 0x449334 | 0x52b00 | 0x51900 | 0xab |
strcmp | 0x0 | 0x449338 | 0x52b04 | 0x51904 | 0x86 |
wcslen | 0x0 | 0x44933c | 0x52b08 | 0x51908 | 0xa3 |
tolower | 0x0 | 0x449340 | 0x52b0c | 0x5190c | 0x97 |
isxdigit | 0x0 | 0x449344 | 0x52b10 | 0x51910 | 0x7e |
_wcsicmp | 0x0 | 0x449348 | 0x52b14 | 0x51914 | 0x4a |
wmemcpy_s | 0x0 | 0x44934c | 0x52b18 | 0x51918 | 0xb0 |
strcpy | 0x0 | 0x449350 | 0x52b1c | 0x5191c | 0x88 |
api-ms-win-crt-heap-l1-1-0.dll (7)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_recalloc | 0x0 | 0x449260 | 0x52a2c | 0x5182c | 0x15 |
free | 0x0 | 0x449264 | 0x52a30 | 0x51830 | 0x18 |
_set_new_mode | 0x0 | 0x449268 | 0x52a34 | 0x51834 | 0x16 |
calloc | 0x0 | 0x44926c | 0x52a38 | 0x51838 | 0x17 |
realloc | 0x0 | 0x449270 | 0x52a3c | 0x5183c | 0x1a |
_callnewh | 0x0 | 0x449274 | 0x52a40 | 0x51840 | 0x8 |
malloc | 0x0 | 0x449278 | 0x52a44 | 0x51844 | 0x19 |
api-ms-win-crt-utility-l1-1-0.dll (3)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
srand | 0x0 | 0x44936c | 0x52b38 | 0x51938 | 0x1d |
rand | 0x0 | 0x449370 | 0x52b3c | 0x5193c | 0x1b |
labs | 0x0 | 0x449374 | 0x52b40 | 0x51940 | 0x15 |
api-ms-win-crt-stdio-l1-1-0.dll (8)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
fopen | 0x0 | 0x4492fc | 0x52ac8 | 0x518c8 | 0x7d |
__stdio_common_vsprintf | 0x0 | 0x449300 | 0x52acc | 0x518cc | 0xd |
feof | 0x0 | 0x449304 | 0x52ad0 | 0x518d0 | 0x75 |
fclose | 0x0 | 0x449308 | 0x52ad4 | 0x518d4 | 0x74 |
__p__commode | 0x0 | 0x44930c | 0x52ad8 | 0x518d8 | 0x1 |
_set_fmode | 0x0 | 0x449310 | 0x52adc | 0x518dc | 0x54 |
fread | 0x0 | 0x449314 | 0x52ae0 | 0x518e0 | 0x83 |
fwrite | 0x0 | 0x449318 | 0x52ae4 | 0x518e4 | 0x8a |
api-ms-win-crt-multibyte-l1-1-0.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_mbsicmp | 0x0 | 0x449294 | 0x52a60 | 0x51860 | 0x6b |
api-ms-win-crt-environment-l1-1-0.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
getenv | 0x0 | 0x449258 | 0x52a24 | 0x51824 | 0x10 |
api-ms-win-crt-convert-l1-1-0.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
atoi | 0x0 | 0x449250 | 0x52a1c | 0x5181c | 0x50 |
api-ms-win-crt-locale-l1-1-0.dll (2)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_configthreadlocale | 0x0 | 0x449280 | 0x52a4c | 0x5184c | 0x8 |
___lc_codepage_func | 0x0 | 0x449284 | 0x52a50 | 0x51850 | 0x0 |
api-ms-win-crt-math-l1-1-0.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
__setusermatherr | 0x0 | 0x44928c | 0x52a58 | 0x51858 | 0x2e |
Memory Dumps (2)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | AV | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|---|
qpp5uu0zt1hnyjxn.exe | 1 | 0x001C0000 | 0x00219FFF | Relevant Image | 32-bit | 0x001DDE90 |
...
|
|||
qpp5uu0zt1hnyjxn.exe | 1 | 0x001C0000 | 0x00219FFF | Process Termination | 32-bit | - |
...
|
Local AV Matches (1)
»
Threat Name | Severity |
---|---|
Gen:Variant.Zusy.305535 |
Malicious
|
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\JLIBUEONUL.COYQJDGQP | Dropped File | Sqlite |
Whitelisted
|
...
|
»
File Reputation Information
»
Severity |
Whitelisted
|
c:\users\fd1hvy\appdata\local\microsoft\windows\inetcache\counters2.dat | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\JLIBUEONUL.COYQJDGQP | Dropped File | Sqlite |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\JLIBUEONUL.COYQJDGQP | Dropped File | Sqlite |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\JLIBUEONUL.COYQJDGQP | Dropped File | Sqlite |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\JLIBUEONUL.COYQJDGQP | Dropped File | Sqlite |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\DNKQWP.EWOBKKWOTL | Dropped File | Text |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\JLIBUEONUL.COYQJDGQP | Dropped File | Sqlite |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\IFMNPTSMFC.XYNWYSIBQ | Dropped File | Sqlite |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\IFMNPTSMFC.XYNWYSIBQ | Dropped File | Sqlite |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\PNCWEC.JUGYDYGNFY | Dropped File | Text |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\EYOMIEVEUVPBHSRHJOV.KCFEUCGNKIVHGOLQ | Dropped File | Image |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\KDYYPOLFJWSDSNEGVSIX.TQKT | Dropped File | Text |
Unknown
|
...
|
»