86d4a2f2...d320 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Trojan
Threat Names:
Gen:Variant.Ulise.93860
Win32.Trojan.Frs

CreateCheckboxImageListTest.exe

Windows Exe (x86-32)

Created at 2020-01-31T02:17:00

...
Filters:
Filename Category Type Severity Actions
C:\Users\FD1HVy\Desktop\CreateCheckboxImageListTest.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 544.77 KB
MD5 ed9a57e4d82488ffec4b0b09b0eef15c Copy to Clipboard
SHA1 b0a6cd399b1b7dcc8c23ca8f35ef898fdc1b213c Copy to Clipboard
SHA256 86d4a2f22a0e0ecbef99769371c459c368e917d0e5efedbaa47d258ec331d320 Copy to Clipboard
SSDeep 12288:x3o0LKBTElEdd/fqFAoxABKI68mb1PPa/3msZ/tCP0Qw:x3ufqFJkm5na/WsZ/tc0Qw Copy to Clipboard
ImpHash efdc35735357c371c2916dcdf05fea7a Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2020-01-14 04:44 (UTC+1)
Last Seen 2020-01-26 07:23 (UTC+1)
Names Win32.Trojan.Frs
Families Frs
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x4126c8
Size Of Code 0x25400
Size Of Initialized Data 0x18400
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2016-05-19 16:02:18+00:00
Version Information (8)
»
Article www.codeproject.com
E-mail hdietrich@gmail.com
FileDescription CreateCheckboxImageListTest MFC Application
FileVersion 1, 0, 0, 1
LegalCopyright Copyright © 2008 Hans Dietrich
OriginalFilename CreateCheckboxImageListTest.exe
ProductName CreateCheckboxImageListTest Application
ProductVersion 1, 0, 0, 1
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x253f0 0x25400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.56
.rdata 0x427000 0x9fb4 0xa000 0x25800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.93
.data 0x431000 0xd918 0x9c00 0x2f800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.47
.rsrc 0x43f000 0x4784 0x4800 0x39400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.82
Imports (9)
»
KERNEL32.dll (109)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RtlUnwind 0x0 0x4270c0 0x2f8c4 0x2e0c4 0x392
RaiseException 0x0 0x4270c4 0x2f8c8 0x2e0c8 0x35a
HeapReAlloc 0x0 0x4270c8 0x2f8cc 0x2e0cc 0x2a4
Sleep 0x0 0x4270cc 0x2f8d0 0x2e0d0 0x421
ExitProcess 0x0 0x4270d0 0x2f8d4 0x2e0d4 0x104
HeapSize 0x0 0x4270d4 0x2f8d8 0x2e0d8 0x2a6
SetUnhandledExceptionFilter 0x0 0x4270d8 0x2f8dc 0x2e0dc 0x415
GetStdHandle 0x0 0x4270dc 0x2f8e0 0x2e0e0 0x23b
GetModuleFileNameA 0x0 0x4270e0 0x2f8e4 0x2e0e4 0x1f4
FreeEnvironmentStringsW 0x0 0x4270e4 0x2f8e8 0x2e0e8 0x14b
GetEnvironmentStringsW 0x0 0x4270e8 0x2f8ec 0x2e0ec 0x1c1
GetCommandLineW 0x0 0x4270ec 0x2f8f0 0x2e0f0 0x170
SetHandleCount 0x0 0x4270f0 0x2f8f4 0x2e0f4 0x3e8
GetFileType 0x0 0x4270f4 0x2f8f8 0x2e0f8 0x1d7
GetStartupInfoA 0x0 0x4270f8 0x2f8fc 0x2e0fc 0x239
HeapCreate 0x0 0x4270fc 0x2f900 0x2e100 0x29f
VirtualFree 0x0 0x427100 0x2f904 0x2e104 0x457
QueryPerformanceCounter 0x0 0x427104 0x2f908 0x2e108 0x354
GetTickCount 0x0 0x427108 0x2f90c 0x2e10c 0x266
GetSystemTimeAsFileTime 0x0 0x42710c 0x2f910 0x2e110 0x24f
TerminateProcess 0x0 0x427110 0x2f914 0x2e114 0x42d
UnhandledExceptionFilter 0x0 0x427114 0x2f918 0x2e118 0x43e
IsDebuggerPresent 0x0 0x427118 0x2f91c 0x2e11c 0x2d1
HeapFree 0x0 0x42711c 0x2f920 0x2e120 0x2a1
VirtualAlloc 0x0 0x427120 0x2f924 0x2e124 0x454
InitializeCriticalSectionAndSpinCount 0x0 0x427124 0x2f928 0x2e128 0x2b5
GetCPInfo 0x0 0x427128 0x2f92c 0x2e12c 0x15b
GetACP 0x0 0x42712c 0x2f930 0x2e130 0x152
GetOEMCP 0x0 0x427130 0x2f934 0x2e134 0x213
IsValidCodePage 0x0 0x427134 0x2f938 0x2e138 0x2db
GetConsoleCP 0x0 0x427138 0x2f93c 0x2e13c 0x183
GetConsoleMode 0x0 0x42713c 0x2f940 0x2e140 0x195
GetLocaleInfoA 0x0 0x427140 0x2f944 0x2e144 0x1e8
GetStringTypeA 0x0 0x427144 0x2f948 0x2e148 0x23d
GetStringTypeW 0x0 0x427148 0x2f94c 0x2e14c 0x240
LCMapStringA 0x0 0x42714c 0x2f950 0x2e150 0x2e1
LCMapStringW 0x0 0x427150 0x2f954 0x2e154 0x2e3
SetStdHandle 0x0 0x427154 0x2f958 0x2e158 0x3fc
WriteConsoleA 0x0 0x427158 0x2f95c 0x2e15c 0x482
GetConsoleOutputCP 0x0 0x42715c 0x2f960 0x2e160 0x199
WriteConsoleW 0x0 0x427160 0x2f964 0x2e164 0x48c
CreateFileA 0x0 0x427164 0x2f968 0x2e168 0x78
HeapAlloc 0x0 0x427168 0x2f96c 0x2e16c 0x29d
GetStartupInfoW 0x0 0x42716c 0x2f970 0x2e170 0x23a
SetErrorMode 0x0 0x427170 0x2f974 0x2e174 0x3d2
GetCurrentProcess 0x0 0x427174 0x2f978 0x2e178 0x1a9
FlushFileBuffers 0x0 0x427178 0x2f97c 0x2e17c 0x141
SetFilePointer 0x0 0x42717c 0x2f980 0x2e180 0x3df
WriteFile 0x0 0x427180 0x2f984 0x2e184 0x48d
WritePrivateProfileStringW 0x0 0x427184 0x2f988 0x2e188 0x493
lstrlenA 0x0 0x427188 0x2f98c 0x2e18c 0x4b5
GlobalFlags 0x0 0x42718c 0x2f990 0x2e190 0x28b
TlsFree 0x0 0x427190 0x2f994 0x2e194 0x433
DeleteCriticalSection 0x0 0x427194 0x2f998 0x2e198 0xbe
LocalReAlloc 0x0 0x427198 0x2f99c 0x2e19c 0x300
TlsSetValue 0x0 0x42719c 0x2f9a0 0x2e1a0 0x435
TlsAlloc 0x0 0x4271a0 0x2f9a4 0x2e1a4 0x432
InitializeCriticalSection 0x0 0x4271a4 0x2f9a8 0x2e1a8 0x2b4
GlobalHandle 0x0 0x4271a8 0x2f9ac 0x2e1ac 0x28f
GlobalReAlloc 0x0 0x4271ac 0x2f9b0 0x2e1b0 0x293
EnterCriticalSection 0x0 0x4271b0 0x2f9b4 0x2e1b4 0xd9
TlsGetValue 0x0 0x4271b4 0x2f9b8 0x2e1b8 0x434
LeaveCriticalSection 0x0 0x4271b8 0x2f9bc 0x2e1bc 0x2ef
LocalAlloc 0x0 0x4271bc 0x2f9c0 0x2e1c0 0x2f9
InterlockedIncrement 0x0 0x4271c0 0x2f9c4 0x2e1c4 0x2c0
GetModuleHandleA 0x0 0x4271c4 0x2f9c8 0x2e1c8 0x1f6
InterlockedDecrement 0x0 0x4271c8 0x2f9cc 0x2e1cc 0x2bc
GetCurrentProcessId 0x0 0x4271cc 0x2f9d0 0x2e1d0 0x1aa
CloseHandle 0x0 0x4271d0 0x2f9d4 0x2e1d4 0x43
GetCurrentThread 0x0 0x4271d4 0x2f9d8 0x2e1d8 0x1ac
ConvertDefaultLocale 0x0 0x4271d8 0x2f9dc 0x2e1dc 0x5a
EnumResourceLanguagesW 0x0 0x4271dc 0x2f9e0 0x2e1e0 0xe9
GetModuleFileNameW 0x0 0x4271e0 0x2f9e4 0x2e1e4 0x1f5
lstrcmpA 0x0 0x4271e4 0x2f9e8 0x2e1e8 0x4a9
GetLocaleInfoW 0x0 0x4271e8 0x2f9ec 0x2e1ec 0x1ea
InterlockedExchange 0x0 0x4271ec 0x2f9f0 0x2e1f0 0x2bd
GetCurrentThreadId 0x0 0x4271f0 0x2f9f4 0x2e1f4 0x1ad
GlobalAddAtomW 0x0 0x4271f4 0x2f9f8 0x2e1f8 0x284
GlobalFindAtomW 0x0 0x4271f8 0x2f9fc 0x2e1fc 0x289
GlobalDeleteAtom 0x0 0x4271fc 0x2fa00 0x2e200 0x287
GetVersionExW 0x0 0x427200 0x2fa04 0x2e204 0x276
CompareStringW 0x0 0x427204 0x2fa08 0x2e208 0x55
LoadLibraryA 0x0 0x427208 0x2fa0c 0x2e20c 0x2f1
lstrcmpW 0x0 0x42720c 0x2fa10 0x2e210 0x4aa
GetVersionExA 0x0 0x427210 0x2fa14 0x2e214 0x275
MultiByteToWideChar 0x0 0x427214 0x2fa18 0x2e218 0x31a
FreeResource 0x0 0x427218 0x2fa1c 0x2e21c 0x14f
GlobalFree 0x0 0x42721c 0x2fa20 0x2e220 0x28c
GlobalAlloc 0x0 0x427220 0x2fa24 0x2e224 0x285
GlobalLock 0x0 0x427224 0x2fa28 0x2e228 0x290
GlobalUnlock 0x0 0x427228 0x2fa2c 0x2e22c 0x297
FormatMessageW 0x0 0x42722c 0x2fa30 0x2e230 0x148
LocalFree 0x0 0x427230 0x2fa34 0x2e234 0x2fd
MulDiv 0x0 0x427234 0x2fa38 0x2e238 0x319
WideCharToMultiByte 0x0 0x427238 0x2fa3c 0x2e23c 0x47a
lstrlenW 0x0 0x42723c 0x2fa40 0x2e240 0x4b6
WinExec 0x0 0x427240 0x2fa44 0x2e244 0x47b
GetWindowsDirectoryW 0x0 0x427244 0x2fa48 0x2e248 0x281
GetModuleHandleW 0x0 0x427248 0x2fa4c 0x2e24c 0x1f9
GetLastError 0x0 0x42724c 0x2fa50 0x2e250 0x1e6
SetLastError 0x0 0x427250 0x2fa54 0x2e254 0x3ec
VirtualProtect 0x0 0x427254 0x2fa58 0x2e258 0x45a
GetProcAddress 0x0 0x427258 0x2fa5c 0x2e25c 0x220
LoadLibraryW 0x0 0x42725c 0x2fa60 0x2e260 0x2f4
FreeLibrary 0x0 0x427260 0x2fa64 0x2e264 0x14c
FindResourceW 0x0 0x427264 0x2fa68 0x2e268 0x139
LoadResource 0x0 0x427268 0x2fa6c 0x2e26c 0x2f6
LockResource 0x0 0x42726c 0x2fa70 0x2e270 0x307
SizeofResource 0x0 0x427270 0x2fa74 0x2e274 0x420
USER32.dll (121)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
EndPaint 0x0 0x42729c 0x2faa0 0x2e2a0 0xd5
BeginPaint 0x0 0x4272a0 0x2faa4 0x2e2a4 0xe
ClientToScreen 0x0 0x4272a4 0x2faa8 0x2e2a8 0x45
GrayStringW 0x0 0x4272a8 0x2faac 0x2e2ac 0x194
DrawTextExW 0x0 0x4272ac 0x2fab0 0x2e2b0 0xc7
TabbedTextOutW 0x0 0x4272b0 0x2fab4 0x2e2b4 0x2c7
DestroyMenu 0x0 0x4272b4 0x2fab8 0x2e2b8 0x9e
GetWindowThreadProcessId 0x0 0x4272b8 0x2fabc 0x2e2bc 0x190
GetMessageW 0x0 0x4272bc 0x2fac0 0x2e2c0 0x14e
TranslateMessage 0x0 0x4272c0 0x2fac4 0x2e2c4 0x2d5
GetCursorPos 0x0 0x4272c4 0x2fac8 0x2e2c8 0x119
ValidateRect 0x0 0x4272c8 0x2facc 0x2e2cc 0x2f2
PostQuitMessage 0x0 0x4272cc 0x2fad0 0x2e2d0 0x220
ShowWindow 0x0 0x4272d0 0x2fad4 0x2e2d4 0x2b8
SetWindowTextW 0x0 0x4272d4 0x2fad8 0x2e2d8 0x2ac
IsDialogMessageW 0x0 0x4272d8 0x2fadc 0x2e2dc 0x1b9
SetMenuItemBitmaps 0x0 0x4272dc 0x2fae0 0x2e2e0 0x283
GetMenuCheckMarkDimensions 0x0 0x4272e0 0x2fae4 0x2e2e4 0x13e
LoadBitmapW 0x0 0x4272e4 0x2fae8 0x2e2e8 0x1d1
ModifyMenuW 0x0 0x4272e8 0x2faec 0x2e2ec 0x201
EnableMenuItem 0x0 0x4272ec 0x2faf0 0x2e2f0 0xcf
CheckMenuItem 0x0 0x4272f0 0x2faf4 0x2e2f4 0x3d
SendDlgItemMessageW 0x0 0x4272f4 0x2faf8 0x2e2f8 0x25a
SendDlgItemMessageA 0x0 0x4272f8 0x2fafc 0x2e2fc 0x259
WinHelpW 0x0 0x4272fc 0x2fb00 0x2e300 0x300
GetCapture 0x0 0x427300 0x2fb04 0x2e304 0x101
SetWindowsHookExW 0x0 0x427304 0x2fb08 0x2e308 0x2b0
CallNextHookEx 0x0 0x427308 0x2fb0c 0x2e30c 0x1b
GetClassLongW 0x0 0x42730c 0x2fb10 0x2e310 0x109
GetClassNameW 0x0 0x427310 0x2fb14 0x2e314 0x10b
SetPropW 0x0 0x427314 0x2fb18 0x2e318 0x290
GetFocus 0x0 0x427318 0x2fb1c 0x2e31c 0x124
GetForegroundWindow 0x0 0x42731c 0x2fb20 0x2e320 0x125
GetLastActivePopup 0x0 0x427320 0x2fb24 0x2e324 0x138
DispatchMessageW 0x0 0x427324 0x2fb28 0x2e328 0xa9
GetTopWindow 0x0 0x427328 0x2fb2c 0x2e32c 0x175
UnhookWindowsHookEx 0x0 0x42732c 0x2fb30 0x2e330 0x2d9
GetMessageTime 0x0 0x427330 0x2fb34 0x2e334 0x14d
PeekMessageW 0x0 0x427334 0x2fb38 0x2e338 0x21c
MapWindowPoints 0x0 0x427338 0x2fb3c 0x2e33c 0x1f3
ScrollWindow 0x0 0x42733c 0x2fb40 0x2e340 0x257
GetKeyState 0x0 0x427340 0x2fb44 0x2e344 0x131
SetMenu 0x0 0x427344 0x2fb48 0x2e348 0x27f
GetScrollRange 0x0 0x427348 0x2fb4c 0x2e34c 0x168
SetForegroundWindow 0x0 0x42734c 0x2fb50 0x2e350 0x27a
IsWindowVisible 0x0 0x427350 0x2fb54 0x2e354 0x1ca
UpdateWindow 0x0 0x427354 0x2fb58 0x2e358 0x2e9
MessageBoxW 0x0 0x427358 0x2fb5c 0x2e35c 0x1ff
CreateWindowExW 0x0 0x42735c 0x2fb60 0x2e360 0x68
GetClassInfoExW 0x0 0x427360 0x2fb64 0x2e364 0x106
GetClassInfoW 0x0 0x427364 0x2fb68 0x2e368 0x107
RegisterClassW 0x0 0x427368 0x2fb6c 0x2e36c 0x236
AdjustWindowRectEx 0x0 0x42736c 0x2fb70 0x2e370 0x3
GetScrollInfo 0x0 0x427370 0x2fb74 0x2e374 0x166
SetScrollInfo 0x0 0x427374 0x2fb78 0x2e378 0x293
CopyRect 0x0 0x427378 0x2fb7c 0x2e37c 0x4f
GetDlgCtrlID 0x0 0x42737c 0x2fb80 0x2e380 0x11e
DefWindowProcW 0x0 0x427380 0x2fb84 0x2e384 0x96
CallWindowProcW 0x0 0x427384 0x2fb88 0x2e388 0x1d
GetMenu 0x0 0x427388 0x2fb8c 0x2e38c 0x13c
SetWindowPos 0x0 0x42738c 0x2fb90 0x2e390 0x2a7
SystemParametersInfoA 0x0 0x427390 0x2fb94 0x2e394 0x2c4
GetWindowPlacement 0x0 0x427394 0x2fb98 0x2e398 0x187
EnableWindow 0x0 0x427398 0x2fb9c 0x2e39c 0xd1
DrawFrameControl 0x0 0x42739c 0x2fba0 0x2e3a0 0xbe
ReleaseDC 0x0 0x4273a0 0x2fba4 0x2e3a4 0x24c
SendMessageW 0x0 0x4273a4 0x2fba8 0x2e3a8 0x263
GetWindowTextLengthW 0x0 0x4273a8 0x2fbac 0x2e3ac 0x18e
GetWindowTextW 0x0 0x4273ac 0x2fbb0 0x2e3b0 0x18f
GetScrollPos 0x0 0x4273b0 0x2fbb4 0x2e3b4 0x167
SetScrollPos 0x0 0x4273b4 0x2fbb8 0x2e3b8 0x294
GetWindow 0x0 0x4273b8 0x2fbbc 0x2e3bc 0x17d
SetFocus 0x0 0x4273bc 0x2fbc0 0x2e3c0 0x279
GetDesktopWindow 0x0 0x4273c0 0x2fbc4 0x2e3c4 0x11c
GetActiveWindow 0x0 0x4273c4 0x2fbc8 0x2e3c8 0xf9
SetActiveWindow 0x0 0x4273c8 0x2fbcc 0x2e3cc 0x266
CreateDialogIndirectParamW 0x0 0x4273cc 0x2fbd0 0x2e3d0 0x5b
DestroyWindow 0x0 0x4273d0 0x2fbd4 0x2e3d4 0xa0
GetWindowLongW 0x0 0x4273d4 0x2fbd8 0x2e3d8 0x182
GetDlgItem 0x0 0x4273d8 0x2fbdc 0x2e3dc 0x11f
UnregisterClassW 0x0 0x4273dc 0x2fbe0 0x2e3e0 0x2df
IsWindowEnabled 0x0 0x4273e0 0x2fbe4 0x2e3e4 0x1c6
GetNextDlgTabItem 0x0 0x4273e4 0x2fbe8 0x2e3e8 0x153
EndDialog 0x0 0x4273e8 0x2fbec 0x2e3ec 0xd3
GetSysColorBrush 0x0 0x4273ec 0x2fbf0 0x2e3f0 0x16d
WindowFromPoint 0x0 0x4273f0 0x2fbf4 0x2e3f4 0x303
RemovePropW 0x0 0x4273f4 0x2fbf8 0x2e3f8 0x250
LoadIconW 0x0 0x4273f8 0x2fbfc 0x2e3fc 0x1d7
GetSystemMenu 0x0 0x4273fc 0x2fc00 0x2e400 0x16e
AppendMenuW 0x0 0x427400 0x2fc04 0x2e404 0xa
GetWindowRect 0x0 0x427404 0x2fc08 0x2e408 0x188
IsIconic 0x0 0x427408 0x2fc0c 0x2e40c 0x1bd
GetSystemMetrics 0x0 0x42740c 0x2fc10 0x2e410 0x16f
GetClientRect 0x0 0x427410 0x2fc14 0x2e414 0x10d
DrawIcon 0x0 0x427414 0x2fc18 0x2e418 0xbf
IsWindow 0x0 0x427418 0x2fc1c 0x2e41c 0x1c5
PostMessageW 0x0 0x42741c 0x2fc20 0x2e420 0x21f
GetDC 0x0 0x427420 0x2fc24 0x2e424 0x11a
GetSysColor 0x0 0x427424 0x2fc28 0x2e428 0x16c
DrawTextW 0x0 0x427428 0x2fc2c 0x2e42c 0xc8
RedrawWindow 0x0 0x42742c 0x2fc30 0x2e430 0x232
RegisterWindowMessageW 0x0 0x427430 0x2fc34 0x2e434 0x24a
DestroyCursor 0x0 0x427434 0x2fc38 0x2e438 0x9c
KillTimer 0x0 0x427438 0x2fc3c 0x2e43c 0x1cd
SetWindowLongW 0x0 0x42743c 0x2fc40 0x2e440 0x2a5
MessageBeep 0x0 0x427440 0x2fc44 0x2e444 0x1f7
InvalidateRect 0x0 0x427444 0x2fc48 0x2e448 0x1aa
GetMenuState 0x0 0x427448 0x2fc4c 0x2e44c 0x147
GetMenuItemID 0x0 0x42744c 0x2fc50 0x2e450 0x143
GetMenuItemCount 0x0 0x427450 0x2fc54 0x2e454 0x142
GetSubMenu 0x0 0x427454 0x2fc58 0x2e458 0x16b
CopyIcon 0x0 0x427458 0x2fc5c 0x2e45c 0x4d
LoadCursorW 0x0 0x42745c 0x2fc60 0x2e460 0x1d5
InflateRect 0x0 0x427460 0x2fc64 0x2e464 0x1a1
GetParent 0x0 0x427464 0x2fc68 0x2e468 0x155
SetCursor 0x0 0x427468 0x2fc6c 0x2e46c 0x270
PtInRect 0x0 0x42746c 0x2fc70 0x2e470 0x229
ScreenToClient 0x0 0x427470 0x2fc74 0x2e474 0x254
GetMessagePos 0x0 0x427474 0x2fc78 0x2e478 0x14c
SetTimer 0x0 0x427478 0x2fc7c 0x2e47c 0x29e
GetPropW 0x0 0x42747c 0x2fc80 0x2e480 0x15c
GDI32.dll (34)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetWindowExtEx 0x0 0x427034 0x2f838 0x2e038 0x293
ScaleWindowExtEx 0x0 0x427038 0x2f83c 0x2e03c 0x259
SetWindowOrgEx 0x0 0x42703c 0x2f840 0x2e040 0x294
CreatePen 0x0 0x427040 0x2f844 0x2e044 0x49
SetViewportExtEx 0x0 0x427044 0x2f848 0x2e048 0x28f
ScaleViewportExtEx 0x0 0x427048 0x2f84c 0x2e04c 0x258
OffsetViewportOrgEx 0x0 0x42704c 0x2f850 0x2e050 0x225
SetViewportOrgEx 0x0 0x427050 0x2f854 0x2e054 0x290
Escape 0x0 0x427054 0x2f858 0x2e058 0x119
TextOutW 0x0 0x427058 0x2f85c 0x2e05c 0x2a0
RectVisible 0x0 0x42705c 0x2f860 0x2e060 0x245
PtVisible 0x0 0x427060 0x2f864 0x2e064 0x241
ExtTextOutW 0x0 0x427064 0x2f868 0x2e068 0x123
MoveToEx 0x0 0x427068 0x2f86c 0x2e06c 0x221
LineTo 0x0 0x42706c 0x2f870 0x2e070 0x21d
SetMapMode 0x0 0x427070 0x2f874 0x2e074 0x27b
SetBkMode 0x0 0x427074 0x2f878 0x2e078 0x266
RestoreDC 0x0 0x427078 0x2f87c 0x2e07c 0x250
SaveDC 0x0 0x42707c 0x2f880 0x2e080 0x257
CreateBitmap 0x0 0x427080 0x2f884 0x2e084 0x28
SetTextColor 0x0 0x427084 0x2f888 0x2e088 0x28d
GetClipBox 0x0 0x427088 0x2f88c 0x2e08c 0x1aa
GetDeviceCaps 0x0 0x42708c 0x2f890 0x2e090 0x1b5
CreateFontIndirectW 0x0 0x427090 0x2f894 0x2e094 0x3e
GetObjectW 0x0 0x427094 0x2f898 0x2e098 0x1e4
GetStockObject 0x0 0x427098 0x2f89c 0x2e09c 0x1f4
GetTextExtentPoint32W 0x0 0x42709c 0x2f8a0 0x2e0a0 0x205
DeleteDC 0x0 0x4270a0 0x2f8a4 0x2e0a4 0xcd
StretchBlt 0x0 0x4270a4 0x2f8a8 0x2e0a8 0x29a
SetBkColor 0x0 0x4270a8 0x2f8ac 0x2e0ac 0x265
DeleteObject 0x0 0x4270ac 0x2f8b0 0x2e0b0 0xd0
SelectObject 0x0 0x4270b0 0x2f8b4 0x2e0b4 0x25e
CreateCompatibleDC 0x0 0x4270b4 0x2f8b8 0x2e0b8 0x2e
CreateCompatibleBitmap 0x0 0x4270b8 0x2f8bc 0x2e0bc 0x2d
WINSPOOL.DRV (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DocumentPropertiesW 0x0 0x427484 0x2fc88 0x2e488 0x4e
OpenPrinterW 0x0 0x427488 0x2fc8c 0x2e48c 0x8f
ClosePrinter 0x0 0x42748c 0x2fc90 0x2e490 0x1d
ADVAPI32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegOpenKeyW 0x0 0x427000 0x2f804 0x2e004 0x25e
RegQueryValueW 0x0 0x427004 0x2f808 0x2e008 0x269
RegSetValueExW 0x0 0x427008 0x2f80c 0x2e00c 0x278
RegCreateKeyExW 0x0 0x42700c 0x2f810 0x2e010 0x233
RegOpenKeyExW 0x0 0x427010 0x2f814 0x2e014 0x25b
RegEnumKeyW 0x0 0x427014 0x2f818 0x2e018 0x24a
RegDeleteKeyW 0x0 0x427018 0x2f81c 0x2e01c 0x23e
RegQueryValueExW 0x0 0x42701c 0x2f820 0x2e020 0x268
RegCloseKey 0x0 0x427020 0x2f824 0x2e024 0x22a
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteW 0x0 0x427288 0x2fa8c 0x2e28c 0x118
COMCTL32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_Add 0x0 0x427028 0x2f82c 0x2e02c 0x4d
ImageList_Create 0x0 0x42702c 0x2f830 0x2e030 0x53
SHLWAPI.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathFindFileNameW 0x0 0x427290 0x2fa94 0x2e294 0x49
PathFindExtensionW 0x0 0x427294 0x2fa98 0x2e298 0x47
OLEAUT32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VariantClear 0x9 0x427278 0x2fa7c 0x2e27c -
VariantChangeType 0xc 0x42727c 0x2fa80 0x2e280 -
VariantInit 0x8 0x427280 0x2fa84 0x2e284 -
Icons (1)
»
Memory Dumps (5)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
createcheckboximagelisttest.exe 1 0x00400000 0x00443FFF Relevant Image True 32-bit 0x00415496 True False
...
createcheckboximagelisttest.exe 1 0x00400000 0x00443FFF Content Changed True 32-bit 0x00433268 True False
...
ntdll.dll 1 0x024E0000 0x0266DFFF Content Changed True 32-bit - False False
...
buffer 1 0x006F0000 0x00778FFF Image In Buffer True 32-bit - False False
...
createcheckboximagelisttest.exe 1 0x00400000 0x00443FFF Final Dump True 32-bit - True False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Ulise.93860
Malicious
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image