Try VMRay Platform
Malicious
Classifications

Downloader Spyware

Threat Names

Mal/Generic-S Trojan.GenericKD.37569209

Dynamic Analysis Report

Created on 2021-09-13T14:03:00

977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "15 seconds" to "10 seconds" to reveal dormant functionality.

Remarks

(0x0200004A): 2 dumps were skipped because they exceeded the maximum dump size of 7 MB. The largest one was 100 MB.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe Sample File Binary
malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 458.48 KB
MD5 14e351015c5d632f888dbcac03871fae Copy to Clipboard
SHA1 b5471c5eea356ce87ac5c2df8bbd9bc72cf84da9 Copy to Clipboard
SHA256 977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa Copy to Clipboard
SSDeep 6144:ebzheqatJY9oxu70Y7uh0doi9g9aPmaq/Ox4:O9aJYacQSuhqUaeb/L Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Verdict
malicious
Names Mal/Generic-S
AV Matches (1)
»
Threat Name Verdict
Trojan.GenericKD.37569209
malicious
PE Information
»
Image Base 0x400000
Entry Point 0x46fdc2
Size Of Code 0x6ddc8
Size Of Initialized Data 0x2600
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2015-11-13 22:54:36+00:00
Version Information (10)
»
Comments Application Insights SDK Persistence channel
CompanyName Microsoft
FileDescription Microsoft.ApplicationInsights.Channel.PersistenceChannel
FileVersion 0.17.2.179
InternalName Microsoft.ApplicationInsights.PersistenceChannel.dll
LegalCopyright Copyright © Microsoft. All Rights Reserved.
OriginalFilename Microsoft.ApplicationInsights.PersistenceChannel.dll
ProductName Application Insights SDK Windows Persistence channel
ProductVersion 0.17.2.179
Assembly Version 0.17.2.179
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x6ddc8 0x6de00 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 4.54
.rsrc 0x470000 0x2238 0x2400 0x6e000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.45
.reloc 0x474000 0xc 0x200 0x70400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x402000 0x6fccc 0x6decc 0x0
Digital Signature Information
»
Verification Status Valid
Certificate: Outer Join Srl
»
Issued by Outer Join Srl
Parent Certificate DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Country Name BE
Valid From 2021-08-17 02:00 (UTC+2)
Valid Until 2022-08-14 01:59 (UTC+2)
Algorithm sha256_rsa
Serial Number 06 8A 81 AF E2 E4 F9 65 74 74 94 39 D8 ED B8 9B
Thumbprint 15 DF 03 F2 D9 27 8D 90 15 3F 81 D5 07 1E AD 7B A4 86 97 E0
Certificate: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
»
Issued by DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Parent Certificate DigiCert Trusted Root G4
Country Name US
Valid From 2021-04-29 02:00 (UTC+2)
Valid Until 2036-04-29 01:59 (UTC+2)
Algorithm sha384_rsa
Serial Number 08 AD 40 B2 60 D2 9C 4C 9F 5E CD A9 BD 93 AE D9
Thumbprint 7B 0F 36 0B 77 5F 76 C9 4A 12 CA 48 44 5A A2 D2 A8 75 70 1C
Certificate: DigiCert Trusted Root G4
»
Issued by DigiCert Trusted Root G4
Country Name US
Valid From 2013-08-01 14:00 (UTC+2)
Valid Until 2038-01-15 13:00 (UTC+1)
Algorithm sha384_rsa
Serial Number 05 9B 1B 57 9E 8E 21 32 E2 39 07 BD A7 77 75 5C
Thumbprint DD FB 16 CD 49 31 C9 73 A2 03 7D 3F C8 3A 4D 7D 77 5D 05 E4
Memory Dumps (13)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe 1 0x00400000 0x00475FFF Relevant Image False 32-bit - False False
...
amsi.dll 1 0x6D300000 0x6D30CFFF Content Changed False 32-bit - False False
...
buffer 2 0x00400000 0x0041CFFF First Execution False 32-bit 0x004057F0 False False
...
buffer 2 0x00400000 0x0041CFFF Content Changed False 32-bit 0x0040AF00 False False
...
buffer 2 0x00400000 0x0041CFFF Content Changed False 32-bit 0x0040B000 False False
...
buffer 2 0x00400000 0x0041CFFF Content Changed False 32-bit 0x0040575A False False
...
buffer 2 0x00400000 0x0041CFFF Content Changed False 32-bit 0x00402000 False False
...
buffer 2 0x00400000 0x0041CFFF Content Changed False 32-bit 0x0040BAC0 False False
...
buffer 2 0x00400000 0x0041CFFF Content Changed False 32-bit 0x0040582B False False
...
buffer 2 0x00400000 0x0041CFFF Content Changed False 32-bit 0x00403D30 False False
...
buffer 2 0x00400000 0x0041CFFF Content Changed False 32-bit 0x00407560 False False
...
buffer 2 0x00400000 0x0041CFFF Content Changed False 32-bit 0x004013E0 False False
...
buffer 2 0x00400000 0x0041CFFF Content Changed False 32-bit 0x0040ADA9 False False
...
c:\lsarpc Dropped File Unknown
N/A
Not Available because the file was not extracted successfully.
...
  • Actions
»
MIME Type -
File Size -
MD5 -
SHA1 -
SHA256 -
SSDeep -
ImpHash -
C:\ProgramData\sqlite3.dll Downloaded File Binary
clean
Known to be clean.
...
»
Also Known As c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\ie\x46qld2f\sqlite3[1].dll (Downloaded File)
MIME Type application/vnd.microsoft.portable-executable
File Size 630.46 KB
MD5 e477a96c8f2b18d6b5c27bde49c990bf Copy to Clipboard
SHA1 e980c9bf41330d1e5bd04556db4646a0210f7409 Copy to Clipboard
SHA256 16574f51785b0e2fc29c2c61477eb47bb39f714829999511dc8952b43ab17660 Copy to Clipboard
SSDeep 12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh Copy to Clipboard
ImpHash 12baaaec299bc9ff52d20c16e4d0e96a Copy to Clipboard
PE Information
»
Image Base 0x60900000
Entry Point 0x60901058
Size Of Code 0x6d000
Size Of Initialized Data 0x7e000
Size Of Uninitialized Data 0x600
File Type FileType.dll
Subsystem Subsystem.windows_cui
Machine Type MachineType.i386
Compile Timestamp 2014-04-03 17:22:50+00:00
Sections (19)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x60901000 0x6cec0 0x6d000 0x600 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.data 0x6096e000 0xfb0 0x1000 0x6d600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.06
.rdata 0x6096f000 0xad24 0xae00 0x6e600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ 6.41
.bss 0x6097a000 0x498 0x0 0x0 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.edata 0x6097b000 0x1998 0x1a00 0x79400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ 5.35
.idata 0x6097d000 0xa4c 0xc00 0x7ae00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.76
.CRT 0x6097e000 0x18 0x200 0x7ba00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.15
.tls 0x6097f000 0x20 0x200 0x7bc00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.29
.reloc 0x60980000 0x27fc 0x2800 0x7be00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.55
/4 0x60983000 0x160 0x200 0x7e600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 1.85
/19 0x60984000 0x3c8 0x400 0x7e800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.64
/35 0x60985000 0x64d 0x800 0x7ec00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.3
/51 0x60986000 0x4360 0x4400 0x7f400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.97
/63 0x6098b000 0xd84 0xe00 0x83800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.33
/77 0x6098c000 0xb94 0xc00 0x84600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.56
/89 0x6098d000 0x504 0x600 0x85200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.4
/102 0x6098e000 0x10d 0x200 0x85800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 3.3
/113 0x6098f000 0x19db 0x1a00 0x85a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 3.37
/124 0x60991000 0x1b0 0x200 0x87400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 1.78
Imports (2)
»
KERNEL32.dll (71)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AreFileApisANSI - 0x6097d1ac 0x7d03c 0x7ae3c 0x15
CloseHandle - 0x6097d1b0 0x7d040 0x7ae40 0x52
CreateFileA - 0x6097d1b4 0x7d044 0x7ae44 0x87
CreateFileMappingA - 0x6097d1b8 0x7d048 0x7ae48 0x88
CreateFileMappingW - 0x6097d1bc 0x7d04c 0x7ae4c 0x8b
CreateFileW - 0x6097d1c0 0x7d050 0x7ae50 0x8e
CreateMutexW - 0x6097d1c4 0x7d054 0x7ae54 0x9d
DeleteCriticalSection - 0x6097d1c8 0x7d058 0x7ae58 0xcf
DeleteFileA - 0x6097d1cc 0x7d05c 0x7ae5c 0xd1
DeleteFileW - 0x6097d1d0 0x7d060 0x7ae60 0xd4
EnterCriticalSection - 0x6097d1d4 0x7d064 0x7ae64 0xec
FlushFileBuffers - 0x6097d1d8 0x7d068 0x7ae68 0x155
FormatMessageA - 0x6097d1dc 0x7d06c 0x7ae6c 0x15b
FormatMessageW - 0x6097d1e0 0x7d070 0x7ae70 0x15c
FreeLibrary - 0x6097d1e4 0x7d074 0x7ae74 0x160
GetCurrentProcessId - 0x6097d1e8 0x7d078 0x7ae78 0x1bf
GetDiskFreeSpaceA - 0x6097d1ec 0x7d07c 0x7ae7c 0x1ca
GetDiskFreeSpaceW - 0x6097d1f0 0x7d080 0x7ae80 0x1cd
GetFileAttributesA - 0x6097d1f4 0x7d084 0x7ae84 0x1e1
GetFileAttributesExW - 0x6097d1f8 0x7d088 0x7ae88 0x1e3
GetFileAttributesW - 0x6097d1fc 0x7d08c 0x7ae8c 0x1e6
GetFileSize - 0x6097d200 0x7d090 0x7ae90 0x1ec
GetFullPathNameA - 0x6097d204 0x7d094 0x7ae94 0x1f4
GetFullPathNameW - 0x6097d208 0x7d098 0x7ae98 0x1f7
GetLastError - 0x6097d20c 0x7d09c 0x7ae9c 0x1fe
GetModuleHandleA - 0x6097d210 0x7d0a0 0x7aea0 0x211
GetProcAddress - 0x6097d214 0x7d0a4 0x7aea4 0x241
GetProcessHeap - 0x6097d218 0x7d0a8 0x7aea8 0x246
GetSystemInfo - 0x6097d21c 0x7d0ac 0x7aeac 0x26f
GetSystemTime - 0x6097d220 0x7d0b0 0x7aeb0 0x273
GetSystemTimeAsFileTime - 0x6097d224 0x7d0b4 0x7aeb4 0x275
GetTempPathA - 0x6097d228 0x7d0b8 0x7aeb8 0x280
GetTempPathW - 0x6097d22c 0x7d0bc 0x7aebc 0x281
GetTickCount - 0x6097d230 0x7d0c0 0x7aec0 0x290
GetVersionExA - 0x6097d234 0x7d0c4 0x7aec4 0x29f
GetVersionExW - 0x6097d238 0x7d0c8 0x7aec8 0x2a0
HeapAlloc - 0x6097d23c 0x7d0cc 0x7aecc 0x2c7
HeapCompact - 0x6097d240 0x7d0d0 0x7aed0 0x2c8
HeapCreate - 0x6097d244 0x7d0d4 0x7aed4 0x2c9
HeapDestroy - 0x6097d248 0x7d0d8 0x7aed8 0x2ca
HeapFree - 0x6097d24c 0x7d0dc 0x7aedc 0x2cb
HeapReAlloc - 0x6097d250 0x7d0e0 0x7aee0 0x2ce
HeapSize - 0x6097d254 0x7d0e4 0x7aee4 0x2d0
HeapValidate - 0x6097d258 0x7d0e8 0x7aee8 0x2d3
InitializeCriticalSection - 0x6097d25c 0x7d0ec 0x7aeec 0x2de
InterlockedCompareExchange - 0x6097d260 0x7d0f0 0x7aef0 0x2e6
LeaveCriticalSection - 0x6097d264 0x7d0f4 0x7aef4 0x32e
LoadLibraryA - 0x6097d268 0x7d0f8 0x7aef8 0x331
LoadLibraryW - 0x6097d26c 0x7d0fc 0x7aefc 0x334
LocalFree - 0x6097d270 0x7d100 0x7af00 0x33d
LockFile - 0x6097d274 0x7d104 0x7af04 0x347
LockFileEx - 0x6097d278 0x7d108 0x7af08 0x348
MapViewOfFile - 0x6097d27c 0x7d10c 0x7af0c 0x34c
MultiByteToWideChar - 0x6097d280 0x7d110 0x7af10 0x35c
OutputDebugStringA - 0x6097d284 0x7d114 0x7af14 0x37c
OutputDebugStringW - 0x6097d288 0x7d118 0x7af18 0x37d
QueryPerformanceCounter - 0x6097d28c 0x7d11c 0x7af1c 0x39a
ReadFile - 0x6097d290 0x7d120 0x7af20 0x3b3
SetEndOfFile - 0x6097d294 0x7d124 0x7af24 0x423
SetFilePointer - 0x6097d298 0x7d128 0x7af28 0x436
Sleep - 0x6097d29c 0x7d12c 0x7af2c 0x480
SystemTimeToFileTime - 0x6097d2a0 0x7d130 0x7af30 0x48b
TlsGetValue - 0x6097d2a4 0x7d134 0x7af34 0x495
UnlockFile - 0x6097d2a8 0x7d138 0x7af38 0x4a2
UnlockFileEx - 0x6097d2ac 0x7d13c 0x7af3c 0x4a3
UnmapViewOfFile - 0x6097d2b0 0x7d140 0x7af40 0x4a4
VirtualProtect - 0x6097d2b4 0x7d144 0x7af44 0x4bd
VirtualQuery - 0x6097d2b8 0x7d148 0x7af48 0x4bf
WaitForSingleObject - 0x6097d2bc 0x7d14c 0x7af4c 0x4c7
WideCharToMultiByte - 0x6097d2c0 0x7d150 0x7af50 0x4df
WriteFile - 0x6097d2c4 0x7d154 0x7af54 0x4f3
msvcrt.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__dllonexit - 0x6097d2cc 0x7d15c 0x7af5c 0x34
_errno - 0x6097d2d0 0x7d160 0x7af60 0xb6
_iob - 0x6097d2d4 0x7d164 0x7af64 0x10a
_winmajor - 0x6097d2d8 0x7d168 0x7af68 0x21a
abort - 0x6097d2dc 0x7d16c 0x7af6c 0x247
calloc - 0x6097d2e0 0x7d170 0x7af70 0x253
fflush - 0x6097d2e4 0x7d174 0x7af74 0x262
free - 0x6097d2e8 0x7d178 0x7af78 0x271
fwrite - 0x6097d2ec 0x7d17c 0x7af7c 0x279
localtime - 0x6097d2f0 0x7d180 0x7af80 0x2a0
malloc - 0x6097d2f4 0x7d184 0x7af84 0x2a4
memcmp - 0x6097d2f8 0x7d188 0x7af88 0x2a9
memmove - 0x6097d2fc 0x7d18c 0x7af8c 0x2ab
memset - 0x6097d300 0x7d190 0x7af90 0x2ac
qsort - 0x6097d304 0x7d194 0x7af94 0x2b7
realloc - 0x6097d308 0x7d198 0x7af98 0x2ba
strcmp - 0x6097d30c 0x7d19c 0x7af9c 0x2cb
strncmp - 0x6097d310 0x7d1a0 0x7afa0 0x2d3
vfprintf - 0x6097d314 0x7d1a4 0x7afa4 0x2ec
Exports (209)
»
Api name EAT Address Ordinal
sqlite3_aggregate_context 0x13e92 0x1
sqlite3_aggregate_count 0x5599 0x2
sqlite3_auto_extension 0x16f2e 0x3
sqlite3_backup_finish 0x3a81c 0x4
sqlite3_backup_init 0x39097 0x5
sqlite3_backup_pagecount 0x4ad9 0x6
sqlite3_backup_remaining 0x4ace 0x7
sqlite3_backup_step 0x3f42e 0x8
sqlite3_bind_blob 0x2562a 0x9
sqlite3_bind_double 0x2570b 0xa
sqlite3_bind_int 0x256e5 0xb
sqlite3_bind_int64 0x25686 0xc
sqlite3_bind_null 0x25655 0xd
sqlite3_bind_parameter_count 0x576b 0xe
sqlite3_bind_parameter_index 0xf435 0xf
sqlite3_bind_parameter_name 0x577d 0x10
sqlite3_bind_text 0x255ff 0x11
sqlite3_bind_text16 0x255d4 0x12
sqlite3_bind_value 0x25778 0x13
sqlite3_bind_zeroblob 0x254b1 0x14
sqlite3_blob_bytes 0x58e8 0x15
sqlite3_blob_close 0x40849 0x16
sqlite3_blob_open 0x62fef 0x17
sqlite3_blob_read 0x405ed 0x18
sqlite3_blob_reopen 0x62f28 0x19
sqlite3_blob_write 0x405cb 0x1a
sqlite3_busy_handler 0x8415 0x1b
sqlite3_busy_timeout 0x84d1 0x1c
sqlite3_cancel_auto_extension 0x121cc 0x1d
sqlite3_changes 0x82e7 0x1e
sqlite3_clear_bindings 0xc1d6 0x1f
sqlite3_close 0x3a510 0x20
sqlite3_close_v2 0x3a4fc 0x21
sqlite3_collation_needed 0x87a8 0x22
sqlite3_collation_needed16 0x87ec 0x23
sqlite3_column_blob 0x1d57e 0x24
sqlite3_column_bytes 0x1d5dc 0x25
sqlite3_column_bytes16 0x1d5ad 0x26
sqlite3_column_count 0x55a7 0x27
sqlite3_column_database_name 0x56b7 0x28
sqlite3_column_database_name16 0x56d5 0x29
sqlite3_column_decltype 0x567b 0x2a
sqlite3_column_decltype16 0x5699 0x2b
sqlite3_column_double 0x1d523 0x2c
sqlite3_column_int 0x1d4f4 0x2d
sqlite3_column_int64 0x1d4c2 0x2e
sqlite3_column_name 0x563f 0x2f
sqlite3_column_name16 0x565d 0x30
sqlite3_column_origin_name 0x572f 0x31
sqlite3_column_origin_name16 0x574d 0x32
sqlite3_column_table_name 0x56f3 0x33
sqlite3_column_table_name16 0x5711 0x34
sqlite3_column_text 0x1d54f 0x35
sqlite3_column_text16 0x1d460 0x36
sqlite3_column_type 0x1d433 0x37
sqlite3_column_value 0x1d48f 0x38
sqlite3_commit_hook 0x85ff 0x39
sqlite3_compileoption_get 0x1200 0x3a
sqlite3_compileoption_used 0x2148 0x3b
sqlite3_complete 0x7e5c 0x3c
sqlite3_complete16 0x295d9 0x3d
sqlite3_config 0x12243 0x3e
sqlite3_context_db_handle 0x555e 0x3f
sqlite3_create_collation 0x24932 0x40
sqlite3_create_collation16 0x24860 0x41
sqlite3_create_collation_v2 0x248db 0x42
sqlite3_create_function 0x24d8c 0x43
sqlite3_create_function16 0x24c45 0x44
sqlite3_create_function_v2 0x24cce 0x45
sqlite3_create_module 0x24f87 0x46
sqlite3_create_module_v2 0x24f66 0x47
sqlite3_data_count 0x55b9 0x48
sqlite3_db_config 0xa75d 0x49
sqlite3_db_filename 0x10af7 0x4a
sqlite3_db_handle 0x57a7 0x4b
sqlite3_db_mutex 0x820d 0x4c
sqlite3_db_readonly 0x8953 0x4d
sqlite3_db_release_memory 0x8218 0x4e
sqlite3_db_status 0x1034f 0x4f
sqlite3_declare_vtab 0x5b7d1 0x50
sqlite3_enable_load_extension 0x1218e 0x51
sqlite3_enable_shared_cache 0x44a7 0x52
sqlite3_errcode 0x251aa 0x53
sqlite3_errmsg 0x258a8 0x54
sqlite3_errmsg16 0x250bb 0x55
sqlite3_errstr 0x8766 0x56
sqlite3_exec 0x4cbb8 0x57
sqlite3_expired 0x54bf 0x58
sqlite3_extended_errcode 0x2514d 0x59
sqlite3_extended_result_codes 0x8841 0x5a
sqlite3_file_control 0x88c4 0x5b
sqlite3_finalize 0x4064b 0x5c
sqlite3_free 0x1c61 0x5d
sqlite3_free_table 0x6eeb 0x5e
sqlite3_get_autocommit 0x8830 0x5f
sqlite3_get_auxdata 0x5569 0x60
sqlite3_get_table 0x5f5d9 0x61
sqlite3_global_recover 0x6cee6 0x62
sqlite3_initialize 0x12453 0x63
sqlite3_interrupt 0x8569 0x64
sqlite3_last_insert_rowid 0x82d9 0x65
sqlite3_libversion 0x80d9 0x66
sqlite3_libversion_number 0x80ed 0x67
sqlite3_limit 0x8772 0x68
sqlite3_load_extension 0x29fe9 0x69
sqlite3_log 0x23a49 0x6a
sqlite3_malloc 0x16fba 0x6b
sqlite3_memory_alarm 0x11c60 0x6c
sqlite3_memory_highwater 0x25013 0x6d
sqlite3_memory_used 0x25040 0x6e
sqlite3_mprintf 0x296aa 0x6f
sqlite3_mutex_alloc 0x2a4ec 0x70
sqlite3_mutex_enter 0x17da 0x71
sqlite3_mutex_free 0x17c3 0x72
sqlite3_mutex_leave 0x180a 0x73
sqlite3_mutex_try 0x17f1 0x74
sqlite3_next_stmt 0x57ee 0x75
sqlite3_open 0x6ce31 0x76
sqlite3_open16 0x6ce4f 0x77
sqlite3_open_v2 0x6ce16 0x78
sqlite3_os_end 0x11fe6 0x79
sqlite3_os_init 0x2a5dc 0x7a
sqlite3_overload_function 0x24b9b 0x7b
sqlite3_prepare 0x5ee7f 0x7c
sqlite3_prepare16 0x5ec4b 0x7d
sqlite3_prepare16_v2 0x5ec20 0x7e
sqlite3_prepare_v2 0x5ec76 0x7f
sqlite3_profile 0x85bd 0x80
sqlite3_progress_handler 0x8463 0x81
sqlite3_randomness 0x2ab53 0x82
sqlite3_realloc 0x129d5 0x83
sqlite3_release_memory 0x188c 0x84
sqlite3_reset 0x41c40 0x85
sqlite3_reset_auto_extension 0x12859 0x86
sqlite3_result_blob 0x139da 0x87
sqlite3_result_double 0xc115 0x88
sqlite3_result_error 0x13ab4 0x89
sqlite3_result_error16 0x13a83 0x8a
sqlite3_result_error_code 0x1369d 0x8b
sqlite3_result_error_nomem 0x5529 0x8c
sqlite3_result_error_toobig 0x135d1 0x8d
sqlite3_result_int 0xbe64 0x8e
sqlite3_result_int64 0xbe05 0x8f
sqlite3_result_null 0x5517 0x90
sqlite3_result_text 0x13778 0x91
sqlite3_result_text16 0x13756 0x92
sqlite3_result_text16be 0x13737 0x93
sqlite3_result_text16le 0x13718 0x94
sqlite3_result_value 0x13385 0x95
sqlite3_result_zeroblob 0xc0e1 0x96
sqlite3_rollback_hook 0x8683 0x97
sqlite3_rtree_geometry_callback 0x6ceed 0x98
sqlite3_set_authorizer 0x6044 0x99
sqlite3_set_auxdata 0xbb0e 0x9a
sqlite3_shutdown 0x128a9 0x9b
sqlite3_sleep 0x2a68c 0x9c
sqlite3_snprintf 0x17354 0x9d
sqlite3_soft_heap_limit 0x2a4cb 0x9e
sqlite3_soft_heap_limit64 0x2a43e 0x9f
sqlite3_sourceid 0x80e3 0xa0
sqlite3_sql 0x4ddc 0xa1
sqlite3_status 0x24fa9 0xa2
sqlite3_step 0x49b66 0xa3
sqlite3_stmt_busy 0x57ce 0xa4
sqlite3_stmt_readonly 0x57b7 0xa5
sqlite3_stmt_status 0x5827 0xa6
sqlite3_strglob 0x11fed 0xa7
sqlite3_stricmp 0x20ad 0xa8
sqlite3_strnicmp 0x20f2 0xa9
sqlite3_table_column_metadata 0x4d33b 0xaa
sqlite3_test_control 0x2accb 0xab
sqlite3_thread_cleanup 0x883c 0xac
sqlite3_threadsafe 0x80f7 0xad
sqlite3_total_changes 0x82f2 0xae
sqlite3_trace 0x857b 0xaf
sqlite3_transfer_bindings 0xeae5 0xb0
sqlite3_update_hook 0x8641 0xb1
sqlite3_uri_boolean 0xa2ae 0xb2
sqlite3_uri_int64 0xa259 0xb3
sqlite3_uri_parameter 0xa20d 0xb4
sqlite3_user_data 0x5551 0xb5
sqlite3_value_blob 0x1a09c 0xb6
sqlite3_value_bytes 0x1a184 0xb7
sqlite3_value_bytes16 0x1a150 0xb8
sqlite3_value_double 0x54d9 0xb9
sqlite3_value_int 0x54e8 0xba
sqlite3_value_int64 0x54f5 0xbb
sqlite3_value_numeric_type 0x58b2 0xbc
sqlite3_value_text 0x183f4 0xbd
sqlite3_value_text16 0x183e0 0xbe
sqlite3_value_text16be 0x183cc 0xbf
sqlite3_value_text16le 0x183b8 0xc0
sqlite3_value_type 0x5501 0xc1
sqlite3_vfs_find 0x2a62c 0xc2
sqlite3_vfs_register 0x2a570 0xc3
sqlite3_vfs_unregister 0x1821 0xc4
sqlite3_vmprintf 0x29643 0xc5
sqlite3_vsnprintf 0x172fb 0xc6
sqlite3_vtab_config 0x24dd8 0xc7
sqlite3_vtab_on_conflict 0x71c1 0xc8
sqlite3_wal_autocheckpoint 0x86c5 0xc9
sqlite3_wal_checkpoint 0x27bfc 0xca
sqlite3_wal_checkpoint_v2 0x27b26 0xcb
sqlite3_wal_hook 0x8724 0xcc
sqlite3_win32_mbcs_to_utf8 0x11de4 0xcd
sqlite3_win32_set_directory 0x12960 0xce
sqlite3_win32_sleep 0x11cdd 0xcf
sqlite3_win32_utf8_to_mbcs 0x11e98 0xd0
sqlite3_win32_write_debug 0x11c81 0xd1
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image