Malicious
Classifications
Downloader
Threat Names
-
Dynamic Analysis Report
Created on 2022-08-13T18:41:32+00:00
template[1].doc
Word Document
Remarks (1/1)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "17 minutes, 10 seconds" to "103.0 milliseconds" to reveal dormant functionality.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\RDhJ0CNFevzX\Desktop\template[1].doc | Sample File | Word Document |
Malicious
|
...
|
»
| MIME Type | application/vnd.ms-word.document.macroEnabled.12 |
| File Size | 59.00 KB |
| MD5 |
8f21756219d4e736219011174eb0534b
|
| SHA1 |
4429c35b62d55abe159e130c095fc988e640f3fd
|
| SHA256 |
394c97cc9d567e556a357f129aea03f737cbd2a1761df32146ef69d93afc73dc
|
| SSDeep |
768:urH9EDL1s1p6qCS1ioGwmFRdoUzQLgRlpqVmbTzD1CNJbOz+zaN18OIZ5grp/0GR:ur6Lm1p7QDdoaQLgRYm7pQNOz71IW5R
|
| ImpHash | - |
Office Information
»
| Creator | ismail - [2010] |
| Last Modified By | ismail - [2010] |
| Revision | 1 |
| Create Time | 2021-11-01 10:30 (UTC+1) |
| Modify Time | 2022-08-08 11:27 (UTC+2) |
| Application | Microsoft Office Word |
| App Version | 14.0000 |
| Template | Normal.dotm |
| Company | home |
| Document Security | NONE |
| Editing Time | 403197.0 |
| Page Count | 1 |
| Title | 1 |
| ScaleCrop | False |
| SharedDoc | False |
VBA Macros (1)
»
Macro #1: ThisDocument (Truncated)
»
| C:\Users\RDHJ0C~1\AppData\Local\Temp\dnrdfsi11023.dll | Dropped File | Binary |
Clean
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 310.00 KB |
| MD5 |
7709d2944759147d85784ade5fef6100
|
| SHA1 |
9fa4bfd60c15007850eb741a4934b7a2dd405eeb
|
| SHA256 |
3a11cd850a5c7d077d270f39f68d1f16a174a7d4bfc057dd95fa79b8133a4d6f
|
| SSDeep |
6144:axrC44CaeuO7/wcO65lqceAy0gaMewnNrR/cr9/BiQOsKMAuEqZL1nR8vDhfIw5D:SNufRqOfw1QSiWRSnk5s
|
| ImpHash |
76092ced27bdaa31d5e79a1b5708ef59
|
PE Information
»
| Image Base | 0x10000000 |
| Entry Point | 0x10020809 |
| Size Of Code | 0x0003B200 |
| Size Of Initialized Data | 0x00014600 |
| File Type | IMAGE_FILE_DLL |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 2022-08-09 15:02 (UTC+2) |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x10001000 | 0x0003B12C | 0x0003B200 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.59 |
| .rdata | 0x1003D000 | 0x0000CE8A | 0x0000D000 | 0x0003B600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.89 |
| .data | 0x1004A000 | 0x00004368 | 0x00002000 | 0x00048600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.27 |
| .rsrc | 0x1004F000 | 0x000001E0 | 0x00000200 | 0x0004A600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.72 |
| .reloc | 0x10050000 | 0x00002ECC | 0x00003000 | 0x0004A800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.51 |
Imports (6)
»
KERNEL32.dll (89)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ExpandEnvironmentStringsW | - | 0x1003D018 | 0x00049518 | 0x00047B18 | 0x00000155 |
| CreateProcessW | - | 0x1003D01C | 0x0004951C | 0x00047B1C | 0x000000DB |
| CreateDirectoryW | - | 0x1003D020 | 0x00049520 | 0x00047B20 | 0x000000B2 |
| GetModuleHandleExW | - | 0x1003D024 | 0x00049524 | 0x00047B24 | 0x00000266 |
| GetComputerNameW | - | 0x1003D028 | 0x00049528 | 0x00047B28 | 0x000001D1 |
| WideCharToMultiByte | - | 0x1003D02C | 0x0004952C | 0x00047B2C | 0x000005CB |
| Sleep | - | 0x1003D030 | 0x00049530 | 0x00047B30 | 0x00000550 |
| ReleaseMutex | - | 0x1003D034 | 0x00049534 | 0x00047B34 | 0x0000048B |
| MultiByteToWideChar | - | 0x1003D038 | 0x00049538 | 0x00047B38 | 0x000003D1 |
| GetTempPathW | - | 0x1003D03C | 0x0004953C | 0x00047B3C | 0x000002E3 |
| GetModuleHandleA | - | 0x1003D040 | 0x00049540 | 0x00047B40 | 0x00000264 |
| CloseHandle | - | 0x1003D044 | 0x00049544 | 0x00047B44 | 0x0000007F |
| GetWindowsDirectoryW | - | 0x1003D048 | 0x00049548 | 0x00047B48 | 0x00000310 |
| DeleteFileW | - | 0x1003D04C | 0x0004954C | 0x00047B4C | 0x0000010A |
| GetProcAddress | - | 0x1003D050 | 0x00049550 | 0x00047B50 | 0x0000029D |
| GetLastError | - | 0x1003D054 | 0x00049554 | 0x00047B54 | 0x00000250 |
| LoadLibraryW | - | 0x1003D058 | 0x00049558 | 0x00047B58 | 0x000003A8 |
| FreeLibrary | - | 0x1003D05C | 0x0004955C | 0x00047B5C | 0x0000019E |
| GetModuleFileNameW | - | 0x1003D060 | 0x00049560 | 0x00047B60 | 0x00000263 |
| CreateMutexW | - | 0x1003D064 | 0x00049564 | 0x00047B64 | 0x000000D1 |
| LocalFree | - | 0x1003D068 | 0x00049568 | 0x00047B68 | 0x000003B2 |
| lstrlenA | - | 0x1003D06C | 0x0004956C | 0x00047B6C | 0x00000608 |
| SetEnvironmentVariableA | - | 0x1003D070 | 0x00049570 | 0x00047B70 | 0x000004EC |
| CreateFileW | - | 0x1003D074 | 0x00049574 | 0x00047B74 | 0x000000C2 |
| OutputDebugStringW | - | 0x1003D078 | 0x00049578 | 0x00047B78 | 0x000003FA |
| WriteConsoleW | - | 0x1003D07C | 0x0004957C | 0x00047B7C | 0x000005DE |
| SetStdHandle | - | 0x1003D080 | 0x00049580 | 0x00047B80 | 0x00000520 |
| ReadConsoleW | - | 0x1003D084 | 0x00049584 | 0x00047B84 | 0x0000044D |
| RtlUnwind | - | 0x1003D088 | 0x00049588 | 0x00047B88 | 0x000004AC |
| LoadLibraryExW | - | 0x1003D08C | 0x0004958C | 0x00047B8C | 0x000003A7 |
| LCMapStringW | - | 0x1003D090 | 0x00049590 | 0x00047B90 | 0x00000396 |
| CompareStringW | - | 0x1003D094 | 0x00049594 | 0x00047B94 | 0x00000093 |
| GetTimeFormatW | - | 0x1003D098 | 0x00049598 | 0x00047B98 | 0x000002F7 |
| GetDateFormatW | - | 0x1003D09C | 0x0004959C | 0x00047B9C | 0x00000213 |
| EnumSystemLocalesW | - | 0x1003D0A0 | 0x000495A0 | 0x00047BA0 | 0x00000147 |
| GetUserDefaultLCID | - | 0x1003D0A4 | 0x000495A4 | 0x00047BA4 | 0x000002FC |
| EncodePointer | - | 0x1003D0A8 | 0x000495A8 | 0x00047BA8 | 0x00000121 |
| DecodePointer | - | 0x1003D0AC | 0x000495AC | 0x00047BAC | 0x000000FE |
| IsDebuggerPresent | - | 0x1003D0B0 | 0x000495B0 | 0x00047BB0 | 0x00000367 |
| IsProcessorFeaturePresent | - | 0x1003D0B4 | 0x000495B4 | 0x00047BB4 | 0x0000036D |
| HeapFree | - | 0x1003D0B8 | 0x000495B8 | 0x00047BB8 | 0x00000333 |
| HeapReAlloc | - | 0x1003D0BC | 0x000495BC | 0x00047BBC | 0x00000336 |
| EnterCriticalSection | - | 0x1003D0C0 | 0x000495C0 | 0x00047BC0 | 0x00000125 |
| LeaveCriticalSection | - | 0x1003D0C4 | 0x000495C4 | 0x00047BC4 | 0x000003A2 |
| GetFileAttributesExW | - | 0x1003D0C8 | 0x000495C8 | 0x00047BC8 | 0x00000232 |
| GetSystemTimeAsFileTime | - | 0x1003D0CC | 0x000495CC | 0x00047BCC | 0x000002D6 |
| GetCommandLineA | - | 0x1003D0D0 | 0x000495D0 | 0x00047BD0 | 0x000001C8 |
| GetCurrentThreadId | - | 0x1003D0D4 | 0x000495D4 | 0x00047BD4 | 0x0000020E |
| IsValidCodePage | - | 0x1003D0D8 | 0x000495D8 | 0x00047BD8 | 0x00000372 |
| GetACP | - | 0x1003D0DC | 0x000495DC | 0x00047BDC | 0x000001A4 |
| GetOEMCP | - | 0x1003D0E0 | 0x000495E0 | 0x00047BE0 | 0x00000286 |
| GetCPInfo | - | 0x1003D0E4 | 0x000495E4 | 0x00047BE4 | 0x000001B3 |
| SetLastError | - | 0x1003D0E8 | 0x000495E8 | 0x00047BE8 | 0x0000050A |
| ExitProcess | - | 0x1003D0EC | 0x000495EC | 0x00047BEC | 0x00000151 |
| AreFileApisANSI | - | 0x1003D0F0 | 0x000495F0 | 0x00047BF0 | 0x0000001B |
| HeapSize | - | 0x1003D0F4 | 0x000495F4 | 0x00047BF4 | 0x00000338 |
| UnhandledExceptionFilter | - | 0x1003D0F8 | 0x000495F8 | 0x00047BF8 | 0x00000580 |
| SetUnhandledExceptionFilter | - | 0x1003D0FC | 0x000495FC | 0x00047BFC | 0x00000541 |
| InitializeCriticalSectionAndSpinCount | - | 0x1003D100 | 0x00049600 | 0x00047C00 | 0x00000348 |
| GetCurrentProcess | - | 0x1003D104 | 0x00049604 | 0x00047C04 | 0x00000209 |
| TerminateProcess | - | 0x1003D108 | 0x00049608 | 0x00047C08 | 0x0000055F |
| TlsAlloc | - | 0x1003D10C | 0x0004960C | 0x00047C0C | 0x00000571 |
| TlsGetValue | - | 0x1003D110 | 0x00049610 | 0x00047C10 | 0x00000573 |
| TlsSetValue | - | 0x1003D114 | 0x00049614 | 0x00047C14 | 0x00000574 |
| TlsFree | - | 0x1003D118 | 0x00049618 | 0x00047C18 | 0x00000572 |
| GetStartupInfoW | - | 0x1003D11C | 0x0004961C | 0x00047C1C | 0x000002BE |
| GetModuleHandleW | - | 0x1003D120 | 0x00049620 | 0x00047C20 | 0x00000267 |
| RaiseException | - | 0x1003D124 | 0x00049624 | 0x00047C24 | 0x0000043F |
| HeapAlloc | - | 0x1003D128 | 0x00049628 | 0x00047C28 | 0x0000032F |
| GetProcessHeap | - | 0x1003D12C | 0x0004962C | 0x00047C2C | 0x000002A2 |
| GetStdHandle | - | 0x1003D130 | 0x00049630 | 0x00047C30 | 0x000002C0 |
| GetFileType | - | 0x1003D134 | 0x00049634 | 0x00047C34 | 0x0000023E |
| DeleteCriticalSection | - | 0x1003D138 | 0x00049638 | 0x00047C38 | 0x00000105 |
| GetTimeZoneInformation | - | 0x1003D13C | 0x0004963C | 0x00047C3C | 0x000002F9 |
| ReadFile | - | 0x1003D140 | 0x00049640 | 0x00047C40 | 0x0000044F |
| SetFilePointerEx | - | 0x1003D144 | 0x00049644 | 0x00047C44 | 0x000004FC |
| FlushFileBuffers | - | 0x1003D148 | 0x00049648 | 0x00047C48 | 0x00000192 |
| WriteFile | - | 0x1003D14C | 0x0004964C | 0x00047C4C | 0x000005DF |
| GetConsoleCP | - | 0x1003D150 | 0x00049650 | 0x00047C50 | 0x000001DC |
| GetConsoleMode | - | 0x1003D154 | 0x00049654 | 0x00047C54 | 0x000001EE |
| GetStringTypeW | - | 0x1003D158 | 0x00049658 | 0x00047C58 | 0x000002C5 |
| GetModuleFileNameA | - | 0x1003D15C | 0x0004965C | 0x00047C5C | 0x00000262 |
| QueryPerformanceCounter | - | 0x1003D160 | 0x00049660 | 0x00047C60 | 0x0000042D |
| GetCurrentProcessId | - | 0x1003D164 | 0x00049664 | 0x00047C64 | 0x0000020A |
| GetEnvironmentStringsW | - | 0x1003D168 | 0x00049668 | 0x00047C68 | 0x00000227 |
| FreeEnvironmentStringsW | - | 0x1003D16C | 0x0004966C | 0x00047C6C | 0x0000019D |
| GetLocaleInfoW | - | 0x1003D170 | 0x00049670 | 0x00047C70 | 0x00000254 |
| IsValidLocale | - | 0x1003D174 | 0x00049674 | 0x00047C74 | 0x00000374 |
| SetEndOfFile | - | 0x1003D178 | 0x00049678 | 0x00047C78 | 0x000004E9 |
ADVAPI32.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegCloseKey | - | 0x1003D000 | 0x00049500 | 0x00047B00 | 0x00000254 |
| RegEnumKeyExW | - | 0x1003D004 | 0x00049504 | 0x00047B04 | 0x00000273 |
| RegOpenKeyExW | - | 0x1003D008 | 0x00049508 | 0x00047B08 | 0x00000285 |
| RegQueryValueExW | - | 0x1003D00C | 0x0004950C | 0x00047B0C | 0x00000292 |
| GetUserNameW | - | 0x1003D010 | 0x00049510 | 0x00047B10 | 0x0000017A |
SHELL32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ShellExecuteW | - | 0x1003D194 | 0x00049694 | 0x00047C94 | 0x00000137 |
| SHGetFolderPathW | - | 0x1003D198 | 0x00049698 | 0x00047C98 | 0x000000D2 |
ole32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CoUninitialize | - | 0x1003D1B4 | 0x000496B4 | 0x00047CB4 | 0x0000007F |
| CoInitialize | - | 0x1003D1B8 | 0x000496B8 | 0x00047CB8 | 0x0000004F |
| CoInitializeEx | - | 0x1003D1BC | 0x000496BC | 0x00047CBC | 0x00000050 |
| CoCreateInstance | - | 0x1003D1C0 | 0x000496C0 | 0x00047CC0 | 0x0000001A |
OLEAUT32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SysFreeString | 0x00000006 | 0x1003D180 | 0x00049680 | 0x00047C80 | - |
| VariantInit | 0x00000008 | 0x1003D184 | 0x00049684 | 0x00047C84 | - |
| VariantClear | 0x00000009 | 0x1003D188 | 0x00049688 | 0x00047C88 | - |
| SysAllocString | 0x00000002 | 0x1003D18C | 0x0004968C | 0x00047C8C | - |
WININET.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| InternetCloseHandle | - | 0x1003D1A0 | 0x000496A0 | 0x00047CA0 | 0x00000092 |
| InternetOpenA | - | 0x1003D1A4 | 0x000496A4 | 0x00047CA4 | 0x000000C2 |
| HttpOpenRequestA | - | 0x1003D1A8 | 0x000496A8 | 0x00047CA8 | 0x00000075 |
| InternetConnectA | - | 0x1003D1AC | 0x000496AC | 0x00047CAC | 0x00000098 |
Exports (2)
»
| API Name | EAT Address | Ordinal |
|---|---|---|
| Rdwmnjioffws | 0x00003530 | 0x00000001 |
| Tswmnjioffws | 0x000035E0 | 0x00000002 |
| C:\Users\RDHJ0C~1\AppData\Local\Temp\wnitmpo.dll | Dropped File | Binary |
Clean
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 310.00 KB |
| MD5 |
d723f4615adc69bd185ae88fe80a3064
|
| SHA1 |
3c24113e8d27ea46f180fcc7432b172d41b07da7
|
| SHA256 |
022ee269651686570c983e78450948c8e2dcfda0244d0d7d2aac7f8723507298
|
| SSDeep |
6144:axrC44CaeuO7/wcO65lqceAy0gaMewnNrR/cr9/BiQOsKMAuEqZL1nR8vDhfIw5+:SNufRqOfw1QSiWRSnk5
|
| ImpHash |
76092ced27bdaa31d5e79a1b5708ef59
|
PE Information
»
| Image Base | 0x10000000 |
| Entry Point | 0x10020809 |
| Size Of Code | 0x0003B200 |
| Size Of Initialized Data | 0x00014600 |
| File Type | IMAGE_FILE_DLL |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 2022-08-09 15:02 (UTC+2) |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x10001000 | 0x0003B12C | 0x0003B200 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.59 |
| .rdata | 0x1003D000 | 0x0000CE8A | 0x0000D000 | 0x0003B600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.89 |
| .data | 0x1004A000 | 0x00004368 | 0x00002000 | 0x00048600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.27 |
| .rsrc | 0x1004F000 | 0x000001E0 | 0x00000200 | 0x0004A600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.72 |
| .reloc | 0x10050000 | 0x00002ECC | 0x00003000 | 0x0004A800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.51 |
Imports (6)
»
KERNEL32.dll (89)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ExpandEnvironmentStringsW | - | 0x1003D018 | 0x00049518 | 0x00047B18 | 0x00000155 |
| CreateProcessW | - | 0x1003D01C | 0x0004951C | 0x00047B1C | 0x000000DB |
| CreateDirectoryW | - | 0x1003D020 | 0x00049520 | 0x00047B20 | 0x000000B2 |
| GetModuleHandleExW | - | 0x1003D024 | 0x00049524 | 0x00047B24 | 0x00000266 |
| GetComputerNameW | - | 0x1003D028 | 0x00049528 | 0x00047B28 | 0x000001D1 |
| WideCharToMultiByte | - | 0x1003D02C | 0x0004952C | 0x00047B2C | 0x000005CB |
| Sleep | - | 0x1003D030 | 0x00049530 | 0x00047B30 | 0x00000550 |
| ReleaseMutex | - | 0x1003D034 | 0x00049534 | 0x00047B34 | 0x0000048B |
| MultiByteToWideChar | - | 0x1003D038 | 0x00049538 | 0x00047B38 | 0x000003D1 |
| GetTempPathW | - | 0x1003D03C | 0x0004953C | 0x00047B3C | 0x000002E3 |
| GetModuleHandleA | - | 0x1003D040 | 0x00049540 | 0x00047B40 | 0x00000264 |
| CloseHandle | - | 0x1003D044 | 0x00049544 | 0x00047B44 | 0x0000007F |
| GetWindowsDirectoryW | - | 0x1003D048 | 0x00049548 | 0x00047B48 | 0x00000310 |
| DeleteFileW | - | 0x1003D04C | 0x0004954C | 0x00047B4C | 0x0000010A |
| GetProcAddress | - | 0x1003D050 | 0x00049550 | 0x00047B50 | 0x0000029D |
| GetLastError | - | 0x1003D054 | 0x00049554 | 0x00047B54 | 0x00000250 |
| LoadLibraryW | - | 0x1003D058 | 0x00049558 | 0x00047B58 | 0x000003A8 |
| FreeLibrary | - | 0x1003D05C | 0x0004955C | 0x00047B5C | 0x0000019E |
| GetModuleFileNameW | - | 0x1003D060 | 0x00049560 | 0x00047B60 | 0x00000263 |
| CreateMutexW | - | 0x1003D064 | 0x00049564 | 0x00047B64 | 0x000000D1 |
| LocalFree | - | 0x1003D068 | 0x00049568 | 0x00047B68 | 0x000003B2 |
| lstrlenA | - | 0x1003D06C | 0x0004956C | 0x00047B6C | 0x00000608 |
| SetEnvironmentVariableA | - | 0x1003D070 | 0x00049570 | 0x00047B70 | 0x000004EC |
| CreateFileW | - | 0x1003D074 | 0x00049574 | 0x00047B74 | 0x000000C2 |
| OutputDebugStringW | - | 0x1003D078 | 0x00049578 | 0x00047B78 | 0x000003FA |
| WriteConsoleW | - | 0x1003D07C | 0x0004957C | 0x00047B7C | 0x000005DE |
| SetStdHandle | - | 0x1003D080 | 0x00049580 | 0x00047B80 | 0x00000520 |
| ReadConsoleW | - | 0x1003D084 | 0x00049584 | 0x00047B84 | 0x0000044D |
| RtlUnwind | - | 0x1003D088 | 0x00049588 | 0x00047B88 | 0x000004AC |
| LoadLibraryExW | - | 0x1003D08C | 0x0004958C | 0x00047B8C | 0x000003A7 |
| LCMapStringW | - | 0x1003D090 | 0x00049590 | 0x00047B90 | 0x00000396 |
| CompareStringW | - | 0x1003D094 | 0x00049594 | 0x00047B94 | 0x00000093 |
| GetTimeFormatW | - | 0x1003D098 | 0x00049598 | 0x00047B98 | 0x000002F7 |
| GetDateFormatW | - | 0x1003D09C | 0x0004959C | 0x00047B9C | 0x00000213 |
| EnumSystemLocalesW | - | 0x1003D0A0 | 0x000495A0 | 0x00047BA0 | 0x00000147 |
| GetUserDefaultLCID | - | 0x1003D0A4 | 0x000495A4 | 0x00047BA4 | 0x000002FC |
| EncodePointer | - | 0x1003D0A8 | 0x000495A8 | 0x00047BA8 | 0x00000121 |
| DecodePointer | - | 0x1003D0AC | 0x000495AC | 0x00047BAC | 0x000000FE |
| IsDebuggerPresent | - | 0x1003D0B0 | 0x000495B0 | 0x00047BB0 | 0x00000367 |
| IsProcessorFeaturePresent | - | 0x1003D0B4 | 0x000495B4 | 0x00047BB4 | 0x0000036D |
| HeapFree | - | 0x1003D0B8 | 0x000495B8 | 0x00047BB8 | 0x00000333 |
| HeapReAlloc | - | 0x1003D0BC | 0x000495BC | 0x00047BBC | 0x00000336 |
| EnterCriticalSection | - | 0x1003D0C0 | 0x000495C0 | 0x00047BC0 | 0x00000125 |
| LeaveCriticalSection | - | 0x1003D0C4 | 0x000495C4 | 0x00047BC4 | 0x000003A2 |
| GetFileAttributesExW | - | 0x1003D0C8 | 0x000495C8 | 0x00047BC8 | 0x00000232 |
| GetSystemTimeAsFileTime | - | 0x1003D0CC | 0x000495CC | 0x00047BCC | 0x000002D6 |
| GetCommandLineA | - | 0x1003D0D0 | 0x000495D0 | 0x00047BD0 | 0x000001C8 |
| GetCurrentThreadId | - | 0x1003D0D4 | 0x000495D4 | 0x00047BD4 | 0x0000020E |
| IsValidCodePage | - | 0x1003D0D8 | 0x000495D8 | 0x00047BD8 | 0x00000372 |
| GetACP | - | 0x1003D0DC | 0x000495DC | 0x00047BDC | 0x000001A4 |
| GetOEMCP | - | 0x1003D0E0 | 0x000495E0 | 0x00047BE0 | 0x00000286 |
| GetCPInfo | - | 0x1003D0E4 | 0x000495E4 | 0x00047BE4 | 0x000001B3 |
| SetLastError | - | 0x1003D0E8 | 0x000495E8 | 0x00047BE8 | 0x0000050A |
| ExitProcess | - | 0x1003D0EC | 0x000495EC | 0x00047BEC | 0x00000151 |
| AreFileApisANSI | - | 0x1003D0F0 | 0x000495F0 | 0x00047BF0 | 0x0000001B |
| HeapSize | - | 0x1003D0F4 | 0x000495F4 | 0x00047BF4 | 0x00000338 |
| UnhandledExceptionFilter | - | 0x1003D0F8 | 0x000495F8 | 0x00047BF8 | 0x00000580 |
| SetUnhandledExceptionFilter | - | 0x1003D0FC | 0x000495FC | 0x00047BFC | 0x00000541 |
| InitializeCriticalSectionAndSpinCount | - | 0x1003D100 | 0x00049600 | 0x00047C00 | 0x00000348 |
| GetCurrentProcess | - | 0x1003D104 | 0x00049604 | 0x00047C04 | 0x00000209 |
| TerminateProcess | - | 0x1003D108 | 0x00049608 | 0x00047C08 | 0x0000055F |
| TlsAlloc | - | 0x1003D10C | 0x0004960C | 0x00047C0C | 0x00000571 |
| TlsGetValue | - | 0x1003D110 | 0x00049610 | 0x00047C10 | 0x00000573 |
| TlsSetValue | - | 0x1003D114 | 0x00049614 | 0x00047C14 | 0x00000574 |
| TlsFree | - | 0x1003D118 | 0x00049618 | 0x00047C18 | 0x00000572 |
| GetStartupInfoW | - | 0x1003D11C | 0x0004961C | 0x00047C1C | 0x000002BE |
| GetModuleHandleW | - | 0x1003D120 | 0x00049620 | 0x00047C20 | 0x00000267 |
| RaiseException | - | 0x1003D124 | 0x00049624 | 0x00047C24 | 0x0000043F |
| HeapAlloc | - | 0x1003D128 | 0x00049628 | 0x00047C28 | 0x0000032F |
| GetProcessHeap | - | 0x1003D12C | 0x0004962C | 0x00047C2C | 0x000002A2 |
| GetStdHandle | - | 0x1003D130 | 0x00049630 | 0x00047C30 | 0x000002C0 |
| GetFileType | - | 0x1003D134 | 0x00049634 | 0x00047C34 | 0x0000023E |
| DeleteCriticalSection | - | 0x1003D138 | 0x00049638 | 0x00047C38 | 0x00000105 |
| GetTimeZoneInformation | - | 0x1003D13C | 0x0004963C | 0x00047C3C | 0x000002F9 |
| ReadFile | - | 0x1003D140 | 0x00049640 | 0x00047C40 | 0x0000044F |
| SetFilePointerEx | - | 0x1003D144 | 0x00049644 | 0x00047C44 | 0x000004FC |
| FlushFileBuffers | - | 0x1003D148 | 0x00049648 | 0x00047C48 | 0x00000192 |
| WriteFile | - | 0x1003D14C | 0x0004964C | 0x00047C4C | 0x000005DF |
| GetConsoleCP | - | 0x1003D150 | 0x00049650 | 0x00047C50 | 0x000001DC |
| GetConsoleMode | - | 0x1003D154 | 0x00049654 | 0x00047C54 | 0x000001EE |
| GetStringTypeW | - | 0x1003D158 | 0x00049658 | 0x00047C58 | 0x000002C5 |
| GetModuleFileNameA | - | 0x1003D15C | 0x0004965C | 0x00047C5C | 0x00000262 |
| QueryPerformanceCounter | - | 0x1003D160 | 0x00049660 | 0x00047C60 | 0x0000042D |
| GetCurrentProcessId | - | 0x1003D164 | 0x00049664 | 0x00047C64 | 0x0000020A |
| GetEnvironmentStringsW | - | 0x1003D168 | 0x00049668 | 0x00047C68 | 0x00000227 |
| FreeEnvironmentStringsW | - | 0x1003D16C | 0x0004966C | 0x00047C6C | 0x0000019D |
| GetLocaleInfoW | - | 0x1003D170 | 0x00049670 | 0x00047C70 | 0x00000254 |
| IsValidLocale | - | 0x1003D174 | 0x00049674 | 0x00047C74 | 0x00000374 |
| SetEndOfFile | - | 0x1003D178 | 0x00049678 | 0x00047C78 | 0x000004E9 |
ADVAPI32.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegCloseKey | - | 0x1003D000 | 0x00049500 | 0x00047B00 | 0x00000254 |
| RegEnumKeyExW | - | 0x1003D004 | 0x00049504 | 0x00047B04 | 0x00000273 |
| RegOpenKeyExW | - | 0x1003D008 | 0x00049508 | 0x00047B08 | 0x00000285 |
| RegQueryValueExW | - | 0x1003D00C | 0x0004950C | 0x00047B0C | 0x00000292 |
| GetUserNameW | - | 0x1003D010 | 0x00049510 | 0x00047B10 | 0x0000017A |
SHELL32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ShellExecuteW | - | 0x1003D194 | 0x00049694 | 0x00047C94 | 0x00000137 |
| SHGetFolderPathW | - | 0x1003D198 | 0x00049698 | 0x00047C98 | 0x000000D2 |
ole32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CoUninitialize | - | 0x1003D1B4 | 0x000496B4 | 0x00047CB4 | 0x0000007F |
| CoInitialize | - | 0x1003D1B8 | 0x000496B8 | 0x00047CB8 | 0x0000004F |
| CoInitializeEx | - | 0x1003D1BC | 0x000496BC | 0x00047CBC | 0x00000050 |
| CoCreateInstance | - | 0x1003D1C0 | 0x000496C0 | 0x00047CC0 | 0x0000001A |
OLEAUT32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SysFreeString | 0x00000006 | 0x1003D180 | 0x00049680 | 0x00047C80 | - |
| VariantInit | 0x00000008 | 0x1003D184 | 0x00049684 | 0x00047C84 | - |
| VariantClear | 0x00000009 | 0x1003D188 | 0x00049688 | 0x00047C88 | - |
| SysAllocString | 0x00000002 | 0x1003D18C | 0x0004968C | 0x00047C8C | - |
WININET.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| InternetCloseHandle | - | 0x1003D1A0 | 0x000496A0 | 0x00047CA0 | 0x00000092 |
| InternetOpenA | - | 0x1003D1A4 | 0x000496A4 | 0x00047CA4 | 0x000000C2 |
| HttpOpenRequestA | - | 0x1003D1A8 | 0x000496A8 | 0x00047CA8 | 0x00000075 |
| InternetConnectA | - | 0x1003D1AC | 0x000496AC | 0x00047CAC | 0x00000098 |
Exports (2)
»
| API Name | EAT Address | Ordinal |
|---|---|---|
| Rdwmnjioffws | 0x00003530 | 0x00000001 |
| Tswmnjioffws | 0x000035E0 | 0x00000002 |
| MIME Type | text/plain |
| File Size | 88 Bytes |
| MD5 |
f5fb1295c316d4b0642228ea608848b0
|
| SHA1 |
4d0e22e75e3ff58efa4fbd75ad6f32cb25fbc62e
|
| SHA256 |
460b4e4095c0c983517b80c81ab918a0d24149fa222d2625b9ad78a8e9e0f5bb
|
| SSDeep |
3:1LLI9d0ZIJ1GIcwf2SLFninf4cR2cMn:1LL42Z6cwf1Binf4AMn
|
| ImpHash | - |
| C:\Users\RDHJ0C~1\AppData\Local\Temp\wnitmpo.dll | Downloaded File | Stream |
Clean
|
...
|
»
| Also Known As |
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\ie\h8ucitgd\oghayzzfhfctspqorbfnymrxhn7txilz8vjv1tpmuyrc2yiu[1].mp3 (Extracted File, Downloaded File)
|
| MIME Type | application/octet-stream |
| File Size | 310.00 KB |
| MD5 |
8720709440954d9ca7777d9062d9c2a6
|
| SHA1 |
6a51b603c7b53718666f6058cf32139b95a24339
|
| SHA256 |
c5480e975998c3556f1c0d70924ce3d9e8b56676fe13639ebf409add3ccf20c3
|
| SSDeep |
6144:pxrC44CaeuO7/wcO65lqceAy0gaMewnNrR/cr9/BiQOsKMAuEqZL1nR8vDhfIw5+:fNufRqOfw1QSiWRSnk5
|
| ImpHash | - |
| C:\Users\RDhJ0CNFevzX\AppData\Local\Microsoft\Windows\INetCache\IE\5RNK44FE\OGHAYZZFhfCtspqorBFNYMrxHN7TXIlz8vjv1TPmuyrc2yIu[1].ico | Downloaded File | Stream |
Clean
|
...
|
»
| MIME Type | application/octet-stream |
| File Size | 4.04 KB |
| MD5 |
7a1b1d91bcb6f5362fd76e449ce62be1
|
| SHA1 |
cb99c2667425d26f487033e0c867ae9ce8e182ed
|
| SHA256 |
95db57f061cf2727bed50ec9a5c91fb10d94fc6b49897ea6857f91c7affb4ffe
|
| SSDeep |
96:T+iZ3xZdMuZHTvnlWrsoFgFPhQBoNsFFjhQB/FghQBrFCFshQBV17I3tV:icTPZHrloFgFPy+kFjy5FgydFCFsyzx8
|
| ImpHash | - |
| 5bcaa3dc31090a32e9f7813b5583f5df7a8a8d9d65e0f80daa013df5d8ba35c1 | Downloaded File | HTML |
Clean
|
...
|
»
| MIME Type | text/html |
| File Size | 1.55 KB |
| MD5 |
2b2d58abc985cc21ed7d7c4c26021b5f
|
| SHA1 |
0d44f406a7b64b02ed85dd13a5302e4b081046a1
|
| SHA256 |
5bcaa3dc31090a32e9f7813b5583f5df7a8a8d9d65e0f80daa013df5d8ba35c1
|
| SSDeep |
24:hY6sv7zSU6pedQf3Zvcn1BZdAe1nCr1LTHI5zF5zeR:3q3+pUAew85zvSR
|
| ImpHash | - |
| b5e0eee6e28efca6d6ad05d7b8a94631576037ec9e5ff6d305fe89faa0e1032e | Downloaded File | Text |
Clean
|
...
|
»
| MIME Type | text/plain |
| File Size | 5 Bytes |
| MD5 |
b3b44e43aa5421d268e5747dd2d5f5c8
|
| SHA1 |
67805069b9d0f7161a6d0b0cda48eba8af532e0b
|
| SHA256 |
b5e0eee6e28efca6d6ad05d7b8a94631576037ec9e5ff6d305fe89faa0e1032e
|
| SSDeep |
3:7:7
|
| ImpHash | - |
| c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat | Modified File | Stream |
Clean
|
...
|
»
| MIME Type | application/octet-stream |
| File Size | 128 Bytes |
| MD5 |
cc90851958032b8c8bbb7b24ec6271dd
|
| SHA1 |
e027ad2ea4049374a3b01af2e3626b667dc816bc
|
| SHA256 |
c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858
|
| SSDeep |
3:Fl:
|
| ImpHash | - |
