Try VMRay Platform
Malicious
Classifications

Keylogger Spyware

Threat Names

Phoenix Trojan.NSISX.Spy.Gen.4 DeepScan:Generic.MSIL.PasswordStealerA.47BAF09B

Dynamic Analysis Report

Created on 2021-09-27T18:06:00

9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "21 hours, 25 minutes, 45 seconds" to "10 seconds" to reveal dormant functionality.

Remarks

(0x0200004A): One dump of 190 MB was skipped because it exceeded the maximum dump size of 16 MB.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe Sample File Binary
malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 318.29 KB
MD5 fcce8f5a7e5fcdf78c02d6543c1af2bd Copy to Clipboard
SHA1 b2ea7197933811fc65425d46324af8ee231117f3 Copy to Clipboard
SHA256 9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0 Copy to Clipboard
SSDeep 6144:F8LxBs9fvNLROF9fYjzpeoG7DDCImlUR7WJDVcQTJ8iL2A03cu:/p1LQUj9eL7SIm87WJHJ8+2b3cu Copy to Clipboard
ImpHash b76363e9cb88bf9390860da8e50999d2 Copy to Clipboard
AV Matches (1)
»
Threat Name Verdict
Trojan.NSISX.Spy.Gen.4
malicious
PE Information
»
Image Base 0x400000
Entry Point 0x40312a
Size Of Code 0x6000
Size Of Initialized Data 0x28400
Size Of Uninitialized Data 0x400
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2016-04-02 03:20:13+00:00
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x5e66 0x6000 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.44
.rdata 0x407000 0x12a2 0x1400 0x6400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.06
.data 0x409000 0x25d18 0x600 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.19
.ndata 0x42f000 0x8000 0x0 0x0 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rsrc 0x437000 0x9e0 0xa00 0x7e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.5
Imports (7)
»
KERNEL32.dll (58)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetTickCount - 0x407064 0x7628 0x6a28 0x1df
GetShortPathNameA - 0x407068 0x762c 0x6a2c 0x1b5
GetFullPathNameA - 0x40706c 0x7630 0x6a30 0x169
MoveFileA - 0x407070 0x7634 0x6a34 0x26e
SetCurrentDirectoryA - 0x407074 0x7638 0x6a38 0x30a
GetFileAttributesA - 0x407078 0x763c 0x6a3c 0x15e
SetFileAttributesA - 0x40707c 0x7640 0x6a40 0x319
CompareFileTime - 0x407080 0x7644 0x6a44 0x39
SearchPathA - 0x407084 0x7648 0x6a48 0x2db
GetFileSize - 0x407088 0x764c 0x6a4c 0x163
GetModuleFileNameA - 0x40708c 0x7650 0x6a50 0x17d
GetCurrentProcess - 0x407090 0x7654 0x6a54 0x142
CopyFileA - 0x407094 0x7658 0x6a58 0x43
ExitProcess - 0x407098 0x765c 0x6a5c 0xb9
GetWindowsDirectoryA - 0x40709c 0x7660 0x6a60 0x1f3
GetTempPathA - 0x4070a0 0x7664 0x6a64 0x1d5
Sleep - 0x4070a4 0x7668 0x6a68 0x356
lstrcmpiA - 0x4070a8 0x766c 0x6a6c 0x3c3
GetVersion - 0x4070ac 0x7670 0x6a70 0x1e8
SetErrorMode - 0x4070b0 0x7674 0x6a74 0x315
lstrcpynA - 0x4070b4 0x7678 0x6a78 0x3c9
GetDiskFreeSpaceA - 0x4070b8 0x767c 0x6a7c 0x14d
GlobalUnlock - 0x4070bc 0x7680 0x6a80 0x20a
GlobalLock - 0x4070c0 0x7684 0x6a84 0x203
CreateThread - 0x4070c4 0x7688 0x6a88 0x6f
GetLastError - 0x4070c8 0x768c 0x6a8c 0x171
CreateDirectoryA - 0x4070cc 0x7690 0x6a90 0x4b
CreateProcessA - 0x4070d0 0x7694 0x6a94 0x66
RemoveDirectoryA - 0x4070d4 0x7698 0x6a98 0x2c4
CreateFileA - 0x4070d8 0x769c 0x6a9c 0x53
GetTempFileNameA - 0x4070dc 0x76a0 0x6aa0 0x1d3
lstrcatA - 0x4070e0 0x76a4 0x6aa4 0x3bd
GetSystemDirectoryA - 0x4070e4 0x76a8 0x6aa8 0x1c1
WaitForSingleObject - 0x4070e8 0x76ac 0x6aac 0x390
SetFileTime - 0x4070ec 0x76b0 0x6ab0 0x31f
CloseHandle - 0x4070f0 0x76b4 0x6ab4 0x34
GlobalFree - 0x4070f4 0x76b8 0x6ab8 0x1ff
lstrcmpA - 0x4070f8 0x76bc 0x6abc 0x3c0
ExpandEnvironmentStringsA - 0x4070fc 0x76c0 0x6ac0 0xbc
GetExitCodeProcess - 0x407100 0x76c4 0x6ac4 0x15a
GlobalAlloc - 0x407104 0x76c8 0x6ac8 0x1f8
lstrlenA - 0x407108 0x76cc 0x6acc 0x3cc
GetCommandLineA - 0x40710c 0x76d0 0x6ad0 0x110
GetProcAddress - 0x407110 0x76d4 0x6ad4 0x1a0
FindFirstFileA - 0x407114 0x76d8 0x6ad8 0xd2
FindNextFileA - 0x407118 0x76dc 0x6adc 0xdc
DeleteFileA - 0x40711c 0x76e0 0x6ae0 0x83
SetFilePointer - 0x407120 0x76e4 0x6ae4 0x31b
ReadFile - 0x407124 0x76e8 0x6ae8 0x2b5
FindClose - 0x407128 0x76ec 0x6aec 0xce
GetPrivateProfileStringA - 0x40712c 0x76f0 0x6af0 0x19c
WritePrivateProfileStringA - 0x407130 0x76f4 0x6af4 0x3a9
WriteFile - 0x407134 0x76f8 0x6af8 0x3a4
MulDiv - 0x407138 0x76fc 0x6afc 0x274
MultiByteToWideChar - 0x40713c 0x7700 0x6b00 0x275
LoadLibraryExA - 0x407140 0x7704 0x6b04 0x253
GetModuleHandleA - 0x407144 0x7708 0x6b08 0x17f
FreeLibrary - 0x407148 0x770c 0x6b0c 0xf8
USER32.dll (62)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetCursor - 0x40716c 0x7730 0x6b30 0x24d
GetWindowRect - 0x407170 0x7734 0x6b34 0x174
EnableMenuItem - 0x407174 0x7738 0x6b38 0xc2
GetSystemMenu - 0x407178 0x773c 0x6b3c 0x15c
SetClassLongA - 0x40717c 0x7740 0x6b40 0x247
IsWindowEnabled - 0x407180 0x7744 0x6b44 0x1ae
SetWindowPos - 0x407184 0x7748 0x6b48 0x283
GetSysColor - 0x407188 0x774c 0x6b4c 0x15a
EndDialog - 0x40718c 0x7750 0x6b50 0xc6
ScreenToClient - 0x407190 0x7754 0x6b54 0x231
LoadCursorA - 0x407194 0x7758 0x6b58 0x1ba
CheckDlgButton - 0x407198 0x775c 0x6b5c 0x38
GetMessagePos - 0x40719c 0x7760 0x6b60 0x13c
LoadBitmapA - 0x4071a0 0x7764 0x6b64 0x1b8
CallWindowProcA - 0x4071a4 0x7768 0x6b68 0x1b
IsWindowVisible - 0x4071a8 0x776c 0x6b6c 0x1b1
CloseClipboard - 0x4071ac 0x7770 0x6b70 0x42
SetForegroundWindow - 0x4071b0 0x7774 0x6b74 0x257
GetWindowLongA - 0x4071b4 0x7778 0x6b78 0x16e
RegisterClassA - 0x4071b8 0x777c 0x6b7c 0x216
TrackPopupMenu - 0x4071bc 0x7780 0x6b80 0x2a4
AppendMenuA - 0x4071c0 0x7784 0x6b84 0x8
CreatePopupMenu - 0x4071c4 0x7788 0x6b88 0x5e
GetSystemMetrics - 0x4071c8 0x778c 0x6b8c 0x15d
SetDlgItemTextA - 0x4071cc 0x7790 0x6b90 0x253
GetDlgItemTextA - 0x4071d0 0x7794 0x6b94 0x113
MessageBoxIndirectA - 0x4071d4 0x7798 0x6b98 0x1e2
CharPrevA - 0x4071d8 0x779c 0x6b9c 0x2d
DispatchMessageA - 0x4071dc 0x77a0 0x6ba0 0xa1
PeekMessageA - 0x4071e0 0x77a4 0x6ba4 0x200
GetDC - 0x4071e4 0x77a8 0x6ba8 0x10c
EnableWindow - 0x4071e8 0x77ac 0x6bac 0xc4
InvalidateRect - 0x4071ec 0x77b0 0x6bb0 0x193
SendMessageA - 0x4071f0 0x77b4 0x6bb4 0x23b
DefWindowProcA - 0x4071f4 0x77b8 0x6bb8 0x8e
BeginPaint - 0x4071f8 0x77bc 0x6bbc 0xd
GetClientRect - 0x4071fc 0x77c0 0x6bc0 0xff
FillRect - 0x407200 0x77c4 0x6bc4 0xe2
DrawTextA - 0x407204 0x77c8 0x6bc8 0xbc
SystemParametersInfoA - 0x407208 0x77cc 0x6bcc 0x299
CreateWindowExA - 0x40720c 0x77d0 0x6bd0 0x60
GetClassInfoA - 0x407210 0x77d4 0x6bd4 0xf6
DialogBoxParamA - 0x407214 0x77d8 0x6bd8 0x9e
CharNextA - 0x407218 0x77dc 0x6bdc 0x2a
ExitWindowsEx - 0x40721c 0x77e0 0x6be0 0xe1
SetTimer - 0x407220 0x77e4 0x6be4 0x27a
PostQuitMessage - 0x407224 0x77e8 0x6be8 0x204
SetWindowLongA - 0x407228 0x77ec 0x6bec 0x280
SendMessageTimeoutA - 0x40722c 0x77f0 0x6bf0 0x23e
LoadImageA - 0x407230 0x77f4 0x6bf4 0x1c0
wsprintfA - 0x407234 0x77f8 0x6bf8 0x2d7
GetDlgItem - 0x407238 0x77fc 0x6bfc 0x111
FindWindowExA - 0x40723c 0x7800 0x6c00 0xe4
IsWindow - 0x407240 0x7804 0x6c04 0x1ad
SetClipboardData - 0x407244 0x7808 0x6c08 0x24a
EmptyClipboard - 0x407248 0x780c 0x6c0c 0xc1
OpenClipboard - 0x40724c 0x7810 0x6c10 0x1f6
EndPaint - 0x407250 0x7814 0x6c14 0xc8
CreateDialogParamA - 0x407254 0x7818 0x6c18 0x55
DestroyWindow - 0x407258 0x781c 0x6c1c 0x99
ShowWindow - 0x40725c 0x7820 0x6c20 0x292
SetWindowTextA - 0x407260 0x7824 0x6c24 0x286
GDI32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SelectObject - 0x407040 0x7604 0x6a04 0x20e
SetBkMode - 0x407044 0x7608 0x6a08 0x216
CreateFontIndirectA - 0x407048 0x760c 0x6a0c 0x3a
SetTextColor - 0x40704c 0x7610 0x6a10 0x23c
DeleteObject - 0x407050 0x7614 0x6a14 0x8f
GetDeviceCaps - 0x407054 0x7618 0x6a18 0x16b
CreateBrushIndirect - 0x407058 0x761c 0x6a1c 0x29
SetBkColor - 0x40705c 0x7620 0x6a20 0x215
SHELL32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetSpecialFolderLocation - 0x407150 0x7714 0x6b14 0xc3
SHGetPathFromIDListA - 0x407154 0x7718 0x6b18 0xbc
SHBrowseForFolderA - 0x407158 0x771c 0x6b1c 0x79
SHGetFileInfoA - 0x40715c 0x7720 0x6b20 0xac
SHFileOperationA - 0x407160 0x7724 0x6b24 0x9a
ShellExecuteA - 0x407164 0x7728 0x6b28 0x107
ADVAPI32.dll (10)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegDeleteValueA - 0x407000 0x75c4 0x69c4 0x1d8
SetFileSecurityA - 0x407004 0x75c8 0x69c8 0x22e
RegOpenKeyExA - 0x407008 0x75cc 0x69cc 0x1ec
RegDeleteKeyA - 0x40700c 0x75d0 0x69d0 0x1d4
RegEnumValueA - 0x407010 0x75d4 0x69d4 0x1e1
RegCloseKey - 0x407014 0x75d8 0x69d8 0x1cb
RegCreateKeyExA - 0x407018 0x75dc 0x69dc 0x1d1
RegSetValueExA - 0x40701c 0x75e0 0x69e0 0x204
RegQueryValueExA - 0x407020 0x75e4 0x69e4 0x1f7
RegEnumKeyA - 0x407024 0x75e8 0x69e8 0x1dd
COMCTL32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_AddMasked - 0x40702c 0x75f0 0x69f0 0x34
ImageList_Destroy - 0x407030 0x75f4 0x69f4 0x38
ImageList_Create - 0x407034 0x75f8 0x69f8 0x37
(by ordinal) 0x11 0x407038 0x75fc 0x69fc -
ole32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleUninitialize - 0x407268 0x782c 0x6c2c 0x105
OleInitialize - 0x40726c 0x7830 0x6c30 0xee
CoTaskMemFree - 0x407270 0x7834 0x6c34 0x65
CoCreateInstance - 0x407274 0x7838 0x6c38 0x10
Memory Dumps (12)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe 1 0x00400000 0x00437FFF Relevant Image False 32-bit 0x00405F57 False False
...
sbolbwplhfo.dll 1 0x6C460000 0x6C46FFFF First Execution False 32-bit 0x6C467500 False False
...
buffer 2 0x00400000 0x00449FFF First Execution False 32-bit 0x0040188B False False
...
buffer 1 0x0E4D0000 0x0E515FFF Image In Buffer False 32-bit - True False
...
9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe 1 0x00400000 0x00437FFF Process Termination False 32-bit - False False
...
buffer 2 0x00400000 0x00449FFF Content Changed False 32-bit 0x0040208D False False
...
buffer 2 0x00400000 0x00449FFF Content Changed False 32-bit 0x00403D3F False False
...
buffer 2 0x00400000 0x00449FFF Content Changed False 32-bit 0x004045AA False False
...
buffer 2 0x00400000 0x00449FFF Content Changed False 32-bit 0x00405A6D False False
...
buffer 2 0x00400000 0x00449FFF Content Changed False 32-bit 0x00407AEC False False
...
buffer 2 0x00400000 0x00449FFF Content Changed False 32-bit 0x0040B1EB False False
...
buffer 2 0x04650000 0x04673FFF Image In Buffer False 32-bit - False False
...
C:\Users\RDHJ0C~1\AppData\Local\Temp\nss3BF.tmp Dropped File Unknown
clean
...
  • Actions
»
MIME Type -
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
C:\Users\RDHJ0C~1\AppData\Local\Temp\150qx0uurbj07478t Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 279.50 KB
MD5 58e960ada46422911469c6736ec07378 Copy to Clipboard
SHA1 8e6e429ba453a550deeac0143f5a89b0be16a90e Copy to Clipboard
SHA256 4a32b80c0753d81b6675d53341fd77d1622c9ae376f2d6654fd2a20fb8e5749e Copy to Clipboard
SSDeep 6144:guGADqFm61UqReSJr/m81S3kqvtxmZr7pEyAqR7WJuVcQTJYiL2A01:HGADqVLReSJcMr7nAE7WJeJY+2b1 Copy to Clipboard
ImpHash -
C:\Users\RDHJ0C~1\AppData\Local\Temp\nss3BF.tmp\sbolbwplhfo.dll Dropped File Binary
clean
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 48.00 KB
MD5 1982c77d094d91ea36d299f4e8879b9e Copy to Clipboard
SHA1 4faf7dd4bf9f8bec2c0f421980b8fb2ab628835d Copy to Clipboard
SHA256 7660cdd2db7356c36acb9d2472ac2c89ebdfd79eef56de9dbfed34fcde381790 Copy to Clipboard
SSDeep 768:yiljJiW4mQHeRfNzHMUNAf7momUEKRnJyQuJYDc2y2NnAHKlv/JWQvI2jIRo1imj:ljJiW4qzSzxvlv/JWQVZHVuIXxCReqdC Copy to Clipboard
ImpHash 43a55c2d244fa869779f48427aaa4d6f Copy to Clipboard
PE Information
»
Image Base 0x10000000
Size Of Code 0x6a00
Size Of Initialized Data 0x5200
Size Of Uninitialized Data 0x200
File Type FileType.dll
Subsystem Subsystem.windows_cui
Machine Type MachineType.i386
Compile Timestamp 2021-09-27 15:56:19+00:00
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x68d8 0x6a00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.41
.bss 0x10008000 0x18 0x0 0x0 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x10009000 0xe2c 0x1000 0x6e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.64
.data 0x1000a000 0x363a 0x3800 0x7e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.91
.rsrc 0x1000e000 0x1e0 0x200 0xb600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.71
.reloc 0x1000f000 0x714 0x800 0xb800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.96
Imports (10)
»
IMM32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImmDestroyIMCC - 0x10009000 0x9950 0x7750 0x23
ImmGetRegisterWordStyleW - 0x10009004 0x9954 0x7754 0x50
ImmGetGuideLineW - 0x10009008 0x9958 0x7758 0x43
ImmConfigureIMEW - 0x1000900c 0x995c 0x775c 0x1e
ImmGetCompositionStringA - 0x10009010 0x9960 0x7760 0x38
ImmIsUIMessageW - 0x10009014 0x9964 0x7764 0x5d
ImmSetStatusWindowPos - 0x10009018 0x9968 0x7768 0x7b
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VerQueryValueA - 0x10009094 0x99e4 0x77e4 0xf
GetFileVersionInfoSizeA - 0x10009098 0x99e8 0x77e8 0x4
GetFileVersionInfoA - 0x1000909c 0x99ec 0x77ec 0x0
KERNEL32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
EnumResourceTypesA - 0x10009020 0x9970 0x7770 0x145
ReadProcessMemory - 0x10009024 0x9974 0x7774 0x46f
VirtualAlloc - 0x10009028 0x9978 0x7778 0x5be
GetLastError - 0x1000902c 0x997c 0x777c 0x25d
SetLastError - 0x10009030 0x9980 0x7780 0x52a
OpenProcess - 0x10009034 0x9984 0x7784 0x406
WINSPOOL.DRV (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PrinterProperties - 0x100090a4 0x99f4 0x77f4 0x9d
WaitForPrinterChange - 0x100090a8 0x99f8 0x77f8 0xc2
EnumJobsW - 0x100090ac 0x99fc 0x77fc 0x58
OLEAUT32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VarDecFromStr 0xc5 0x10009054 0x99a4 0x77a4 -
CreateDispTypeInfo 0x1f 0x10009058 0x99a8 0x77a8 -
VarBoolFromUI4 0xeb 0x1000905c 0x99ac 0x77ac -
VarI2FromUI1 0x30 0x10009060 0x99b0 0x77b0 -
loadperf.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
UnloadPerfCounterTextStringsW - 0x100090b4 0x9a04 0x7804 0xb
UnloadPerfCounterTextStringsA - 0x100090b8 0x9a08 0x7808 0xa
LoadPerfCounterTextStringsW - 0x100090bc 0x9a0c 0x780c 0x4
MAPI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0xaf 0x1000903c 0x998c 0x778c -
(by ordinal) 0xab 0x10009040 0x9990 0x7790 -
(by ordinal) 0x43 0x10009044 0x9994 0x7794 -
(by ordinal) 0xc4 0x10009048 0x9998 0x7798 -
(by ordinal) 0xb1 0x1000904c 0x999c 0x779c -
SETUPAPI.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetupDefaultQueueCallbackA - 0x10009080 0x99d0 0x77d0 0x117
SetupDiGetSelectedDevice - 0x10009084 0x99d4 0x77d4 0x180
SetupDiGetDriverInstallParamsW - 0x10009088 0x99d8 0x77d8 0x176
SetupDiGetHwProfileListExA - 0x1000908c 0x99dc 0x77dc 0x17c
RPCRT4.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NdrSimpleTypeMarshall - 0x10009068 0x99b8 0x77b8 0x13c
NdrNonConformantStringMarshall - 0x1000906c 0x99bc 0x77bc 0x106
NdrDcomAsyncClientCall - 0x10009070 0x99c0 0x77c0 0xd2
RpcBindingInqObject - 0x10009074 0x99c4 0x77c4 0x178
NdrMesSimpleTypeEncode - 0x10009078 0x99c8 0x77c8 0xfd
mscms.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateProfileFromLogColorSpaceW - 0x100090c4 0x9a14 0x7814 0x1a
OpenColorProfileW - 0x100090c8 0x9a18 0x7818 0x4c
CheckColors - 0x100090cc 0x9a1c 0x781c 0x3
GetColorProfileElement - 0x100090d0 0x9a20 0x7820 0x2c
CloseColorProfile - 0x100090d4 0x9a24 0x7824 0x4
CheckBitmapBits - 0x100090d8 0x9a28 0x7828 0x2
GetColorProfileFromHandle - 0x100090dc 0x9a2c 0x782c 0x2e
Exports (1)
»
Api name EAT Address Ordinal
TclpOwkq 0x7500 0x1
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image