Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

C2/Generic-A Lokibot Lokibot.v2

Dynamic Analysis Report

Created on 2022-05-05T07:01:27+00:00

d2ce3b2a5f3efb1fcede96304e57a531.virus.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "10 hours, 47 minutes" to "20 seconds" to reveal dormant functionality.

Remarks

(0x0200004A): 4 dump(s) were skipped because they exceeded the maximum dump size of 7 MB. The largest one was 8 MB.

(0x0200001D): The maximum number of extracted files was exceeded. Some files may be missing in the report.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\d2ce3b2a5f3efb1fcede96304e57a531.virus.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 123.74 KB
MD5 d2ce3b2a5f3efb1fcede96304e57a531 Copy to Clipboard
SHA1 d74be8fe0be4ec13340dad9c0fdeb653c9c8b90e Copy to Clipboard
SHA256 e0a4948a58829f4ecd9e6fb9b28e127a6827bd8761ded085d2069a248f6f5462 Copy to Clipboard
SSDeep 3072:l1NjcVVnLpPunbrclqvVjW/GAk+dOH6yzqwr1O+5ZFy:HNeZmrc+/AkDBzqwwqi Copy to Clipboard
ImpHash 56a78d55f3f7af51443e58e0ce2fb5f6 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x004034F7
Size Of Code 0x00006600
Size Of Initialized Data 0x00022A00
Size Of Uninitialized Data 0x00000800
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2021-09-25 23:55 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x00006515 0x00006600 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.44
.rdata 0x00408000 0x0000139A 0x00001400 0x00006A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.15
.data 0x0040A000 0x00020338 0x00000600 0x00007E00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.01
.ndata 0x0042B000 0x00010000 0x00000000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rsrc 0x0043B000 0x00000A50 0x00000C00 0x00008400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.18
Imports (7)
»
ADVAPI32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCreateKeyExW - 0x00408000 0x000085A4 0x00006FA4 0x000001D2
RegEnumKeyW - 0x00408004 0x000085A8 0x00006FA8 0x000001E0
RegQueryValueExW - 0x00408008 0x000085AC 0x00006FAC 0x000001F8
RegSetValueExW - 0x0040800C 0x000085B0 0x00006FB0 0x00000205
RegCloseKey - 0x00408010 0x000085B4 0x00006FB4 0x000001CB
RegDeleteValueW - 0x00408014 0x000085B8 0x00006FB8 0x000001D9
RegDeleteKeyW - 0x00408018 0x000085BC 0x00006FBC 0x000001D7
AdjustTokenPrivileges - 0x0040801C 0x000085C0 0x00006FC0 0x0000001C
LookupPrivilegeValueW - 0x00408020 0x000085C4 0x00006FC4 0x00000150
OpenProcessToken - 0x00408024 0x000085C8 0x00006FC8 0x000001AC
SetFileSecurityW - 0x00408028 0x000085CC 0x00006FCC 0x0000022F
RegOpenKeyExW - 0x0040802C 0x000085D0 0x00006FD0 0x000001ED
RegEnumValueW - 0x00408030 0x000085D4 0x00006FD4 0x000001E2
SHELL32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetSpecialFolderLocation - 0x00408178 0x0000871C 0x0000711C 0x000000C3
SHFileOperationW - 0x0040817C 0x00008720 0x00007120 0x0000009B
SHBrowseForFolderW - 0x00408180 0x00008724 0x00007124 0x0000007A
SHGetPathFromIDListW - 0x00408184 0x00008728 0x00007128 0x000000BD
ShellExecuteExW - 0x00408188 0x0000872C 0x0000712C 0x0000010A
SHGetFileInfoW - 0x0040818C 0x00008730 0x00007130 0x000000AD
ole32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleInitialize - 0x00408298 0x0000883C 0x0000723C 0x000000EE
OleUninitialize - 0x0040829C 0x00008840 0x00007240 0x00000105
CoCreateInstance - 0x004082A0 0x00008844 0x00007244 0x00000010
IIDFromString - 0x004082A4 0x00008848 0x00007248 0x000000C6
CoTaskMemFree - 0x004082A8 0x0000884C 0x0000724C 0x00000065
COMCTL32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
None 0x00000011 0x00408038 0x000085DC 0x00006FDC -
ImageList_Create - 0x0040803C 0x000085E0 0x00006FE0 0x00000037
ImageList_Destroy - 0x00408040 0x000085E4 0x00006FE4 0x00000038
ImageList_AddMasked - 0x00408044 0x000085E8 0x00006FE8 0x00000034
USER32.dll (64)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetClientRect - 0x00408194 0x00008738 0x00007138 0x000000FF
EndPaint - 0x00408198 0x0000873C 0x0000713C 0x000000C8
DrawTextW - 0x0040819C 0x00008740 0x00007140 0x000000BF
IsWindowEnabled - 0x004081A0 0x00008744 0x00007144 0x000001AE
DispatchMessageW - 0x004081A4 0x00008748 0x00007148 0x000000A2
wsprintfA - 0x004081A8 0x0000874C 0x0000714C 0x000002D7
CharNextA - 0x004081AC 0x00008750 0x00007150 0x0000002A
CharPrevW - 0x004081B0 0x00008754 0x00007154 0x0000002F
MessageBoxIndirectW - 0x004081B4 0x00008758 0x00007158 0x000001E3
GetDlgItemTextW - 0x004081B8 0x0000875C 0x0000715C 0x00000114
SetDlgItemTextW - 0x004081BC 0x00008760 0x00007160 0x00000254
GetSystemMetrics - 0x004081C0 0x00008764 0x00007164 0x0000015D
FillRect - 0x004081C4 0x00008768 0x00007168 0x000000E2
AppendMenuW - 0x004081C8 0x0000876C 0x0000716C 0x00000009
TrackPopupMenu - 0x004081CC 0x00008770 0x00007170 0x000002A4
OpenClipboard - 0x004081D0 0x00008774 0x00007174 0x000001F6
SetClipboardData - 0x004081D4 0x00008778 0x00007178 0x0000024A
CloseClipboard - 0x004081D8 0x0000877C 0x0000717C 0x00000042
IsWindowVisible - 0x004081DC 0x00008780 0x00007180 0x000001B1
CallWindowProcW - 0x004081E0 0x00008784 0x00007184 0x0000001C
GetMessagePos - 0x004081E4 0x00008788 0x00007188 0x0000013C
CheckDlgButton - 0x004081E8 0x0000878C 0x0000718C 0x00000038
LoadCursorW - 0x004081EC 0x00008790 0x00007190 0x000001BD
SetCursor - 0x004081F0 0x00008794 0x00007194 0x0000024D
GetSysColor - 0x004081F4 0x00008798 0x00007198 0x0000015A
SetWindowPos - 0x004081F8 0x0000879C 0x0000719C 0x00000283
GetWindowLongW - 0x004081FC 0x000087A0 0x000071A0 0x0000016F
PeekMessageW - 0x00408200 0x000087A4 0x000071A4 0x00000201
SetClassLongW - 0x00408204 0x000087A8 0x000071A8 0x00000248
GetSystemMenu - 0x00408208 0x000087AC 0x000071AC 0x0000015C
EnableMenuItem - 0x0040820C 0x000087B0 0x000071B0 0x000000C2
GetWindowRect - 0x00408210 0x000087B4 0x000071B4 0x00000174
ScreenToClient - 0x00408214 0x000087B8 0x000071B8 0x00000231
EndDialog - 0x00408218 0x000087BC 0x000071BC 0x000000C6
RegisterClassW - 0x0040821C 0x000087C0 0x000071C0 0x00000219
SystemParametersInfoW - 0x00408220 0x000087C4 0x000071C4 0x0000029A
CreateWindowExW - 0x00408224 0x000087C8 0x000071C8 0x00000061
GetClassInfoW - 0x00408228 0x000087CC 0x000071CC 0x000000F9
DialogBoxParamW - 0x0040822C 0x000087D0 0x000071D0 0x0000009F
CharNextW - 0x00408230 0x000087D4 0x000071D4 0x0000002C
ExitWindowsEx - 0x00408234 0x000087D8 0x000071D8 0x000000E1
DestroyWindow - 0x00408238 0x000087DC 0x000071DC 0x00000099
CreateDialogParamW - 0x0040823C 0x000087E0 0x000071E0 0x00000056
SetTimer - 0x00408240 0x000087E4 0x000071E4 0x0000027A
SetWindowTextW - 0x00408244 0x000087E8 0x000071E8 0x00000287
PostQuitMessage - 0x00408248 0x000087EC 0x000071EC 0x00000204
SetForegroundWindow - 0x0040824C 0x000087F0 0x000071F0 0x00000257
ShowWindow - 0x00408250 0x000087F4 0x000071F4 0x00000292
wsprintfW - 0x00408254 0x000087F8 0x000071F8 0x000002D8
SendMessageTimeoutW - 0x00408258 0x000087FC 0x000071FC 0x0000023F
FindWindowExW - 0x0040825C 0x00008800 0x00007200 0x000000E5
IsWindow - 0x00408260 0x00008804 0x00007204 0x000001AD
GetDlgItem - 0x00408264 0x00008808 0x00007208 0x00000111
SetWindowLongW - 0x00408268 0x0000880C 0x0000720C 0x00000281
LoadImageW - 0x0040826C 0x00008810 0x00007210 0x000001C1
GetDC - 0x00408270 0x00008814 0x00007214 0x0000010C
ReleaseDC - 0x00408274 0x00008818 0x00007218 0x0000022A
EnableWindow - 0x00408278 0x0000881C 0x0000721C 0x000000C4
InvalidateRect - 0x0040827C 0x00008820 0x00007220 0x00000193
SendMessageW - 0x00408280 0x00008824 0x00007224 0x00000240
DefWindowProcW - 0x00408284 0x00008828 0x00007228 0x0000008F
BeginPaint - 0x00408288 0x0000882C 0x0000722C 0x0000000D
EmptyClipboard - 0x0040828C 0x00008830 0x00007230 0x000000C1
CreatePopupMenu - 0x00408290 0x00008834 0x00007234 0x0000005E
GDI32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetBkMode - 0x0040804C 0x000085F0 0x00006FF0 0x00000216
SetBkColor - 0x00408050 0x000085F4 0x00006FF4 0x00000215
GetDeviceCaps - 0x00408054 0x000085F8 0x00006FF8 0x0000016B
CreateFontIndirectW - 0x00408058 0x000085FC 0x00006FFC 0x0000003D
CreateBrushIndirect - 0x0040805C 0x00008600 0x00007000 0x00000029
DeleteObject - 0x00408060 0x00008604 0x00007004 0x0000008F
SetTextColor - 0x00408064 0x00008608 0x00007008 0x0000023C
SelectObject - 0x00408068 0x0000860C 0x0000700C 0x0000020E
KERNEL32.dll (65)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetExitCodeProcess - 0x00408070 0x00008614 0x00007014 0x0000015A
WaitForSingleObject - 0x00408074 0x00008618 0x00007018 0x00000390
GetModuleHandleA - 0x00408078 0x0000861C 0x0000701C 0x0000017F
GetProcAddress - 0x0040807C 0x00008620 0x00007020 0x000001A0
GetSystemDirectoryW - 0x00408080 0x00008624 0x00007024 0x000001C2
lstrcatW - 0x00408084 0x00008628 0x00007028 0x000003BE
Sleep - 0x00408088 0x0000862C 0x0000702C 0x00000356
lstrcpyA - 0x0040808C 0x00008630 0x00007030 0x000003C6
WriteFile - 0x00408090 0x00008634 0x00007034 0x000003A4
GetTempFileNameW - 0x00408094 0x00008638 0x00007038 0x000001D4
CreateFileW - 0x00408098 0x0000863C 0x0000703C 0x00000056
lstrcmpiA - 0x0040809C 0x00008640 0x00007040 0x000003C3
RemoveDirectoryW - 0x004080A0 0x00008644 0x00007044 0x000002C5
CreateProcessW - 0x004080A4 0x00008648 0x00007048 0x00000069
CreateDirectoryW - 0x004080A8 0x0000864C 0x0000704C 0x0000004E
GetLastError - 0x004080AC 0x00008650 0x00007050 0x00000171
CreateThread - 0x004080B0 0x00008654 0x00007054 0x0000006F
GlobalLock - 0x004080B4 0x00008658 0x00007058 0x00000203
GlobalUnlock - 0x004080B8 0x0000865C 0x0000705C 0x0000020A
GetDiskFreeSpaceW - 0x004080BC 0x00008660 0x00007060 0x00000150
WideCharToMultiByte - 0x004080C0 0x00008664 0x00007064 0x00000394
lstrcpynW - 0x004080C4 0x00008668 0x00007068 0x000003CA
lstrlenW - 0x004080C8 0x0000866C 0x0000706C 0x000003CD
SetErrorMode - 0x004080CC 0x00008670 0x00007070 0x00000315
GetVersionExW - 0x004080D0 0x00008674 0x00007074 0x000001EA
GetCommandLineW - 0x004080D4 0x00008678 0x00007078 0x00000111
GetTempPathW - 0x004080D8 0x0000867C 0x0000707C 0x000001D6
GetWindowsDirectoryW - 0x004080DC 0x00008680 0x00007080 0x000001F4
SetEnvironmentVariableW - 0x004080E0 0x00008684 0x00007084 0x00000314
CopyFileW - 0x004080E4 0x00008688 0x00007088 0x00000046
ExitProcess - 0x004080E8 0x0000868C 0x0000708C 0x000000B9
GetCurrentProcess - 0x004080EC 0x00008690 0x00007090 0x00000142
GetModuleFileNameW - 0x004080F0 0x00008694 0x00007094 0x0000017E
GetFileSize - 0x004080F4 0x00008698 0x00007098 0x00000163
GetTickCount - 0x004080F8 0x0000869C 0x0000709C 0x000001DF
MulDiv - 0x004080FC 0x000086A0 0x000070A0 0x00000274
SetFileAttributesW - 0x00408100 0x000086A4 0x000070A4 0x0000031A
GetFileAttributesW - 0x00408104 0x000086A8 0x000070A8 0x00000161
SetCurrentDirectoryW - 0x00408108 0x000086AC 0x000070AC 0x0000030B
MoveFileW - 0x0040810C 0x000086B0 0x000070B0 0x00000271
GetFullPathNameW - 0x00408110 0x000086B4 0x000070B4 0x0000016A
GetShortPathNameW - 0x00408114 0x000086B8 0x000070B8 0x000001B6
SearchPathW - 0x00408118 0x000086BC 0x000070BC 0x000002DC
CompareFileTime - 0x0040811C 0x000086C0 0x000070C0 0x00000039
SetFileTime - 0x00408120 0x000086C4 0x000070C4 0x0000031F
CloseHandle - 0x00408124 0x000086C8 0x000070C8 0x00000034
lstrcmpiW - 0x00408128 0x000086CC 0x000070CC 0x000003C4
lstrcmpW - 0x0040812C 0x000086D0 0x000070D0 0x000003C1
ExpandEnvironmentStringsW - 0x00408130 0x000086D4 0x000070D4 0x000000BD
GlobalFree - 0x00408134 0x000086D8 0x000070D8 0x000001FF
GlobalAlloc - 0x00408138 0x000086DC 0x000070DC 0x000001F8
GetModuleHandleW - 0x0040813C 0x000086E0 0x000070E0 0x00000182
LoadLibraryExW - 0x00408140 0x000086E4 0x000070E4 0x00000254
MoveFileExW - 0x00408144 0x000086E8 0x000070E8 0x00000270
FreeLibrary - 0x00408148 0x000086EC 0x000070EC 0x000000F8
WritePrivateProfileStringW - 0x0040814C 0x000086F0 0x000070F0 0x000003AA
GetPrivateProfileStringW - 0x00408150 0x000086F4 0x000070F4 0x0000019D
lstrlenA - 0x00408154 0x000086F8 0x000070F8 0x000003CC
MultiByteToWideChar - 0x00408158 0x000086FC 0x000070FC 0x00000275
ReadFile - 0x0040815C 0x00008700 0x00007100 0x000002B5
SetFilePointer - 0x00408160 0x00008704 0x00007104 0x0000031B
FindClose - 0x00408164 0x00008708 0x00007108 0x000000CE
FindNextFileW - 0x00408168 0x0000870C 0x0000710C 0x000000DD
FindFirstFileW - 0x0040816C 0x00008710 0x00007110 0x000000D5
DeleteFileW - 0x00408170 0x00008714 0x00007114 0x00000084
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
d2ce3b2a5f3efb1fcede96304e57a531.virus.exe 1 0x00400000 0x0043BFFF Relevant Image False 32-bit 0x004068D4 False
...
d2ce3b2a5f3efb1fcede96304e57a531.virus.exe 1 0x00400000 0x0043BFFF Process Termination False 32-bit - False
...
C:\Users\RDHJ0C~1\AppData\Local\Temp\cbgsujmwws.exe Dropped File Binary
Malicious
...
»
Also Known As C:\Users\RDhJ0CNFevzX\AppData\Roaming\9EDDE9\9BDC8A.exe (Dropped File, Accessed File)
MIME Type application/vnd.microsoft.portable-executable
File Size 5.50 KB
MD5 f9e42c92e371cedc22c78e2900418651 Copy to Clipboard
SHA1 3e99ba4a4a007d2ad1cfa6e3fda91b01a710839d Copy to Clipboard
SHA256 f340bf91627787a2770c897aa9555bb82382cdcc2232904b5707238ab0a85e39 Copy to Clipboard
SSDeep 96:X5xoZGYXbECrq+M4Ix+MeBZtXIpXSdOWPmoynsx:X5xogYXN24geBZVIpidPPmoyn Copy to Clipboard
ImpHash 5b50209ffc5ccd137d05909624bb044c Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x00401000
Size Of Code 0x00000400
Size Of Initialized Data 0x00000E00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2022-05-05 02:25 (UTC+2)
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x0000036A 0x00000400 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 4.85
.rdata 0x00402000 0x000009D6 0x00000A00 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.92
.data 0x00403000 0x0000003C 0x00000200 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.02
.rsrc 0x00404000 0x000001E0 0x00000200 0x00001400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.7
Imports (10)
»
SHLWAPI.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathIsURLW - 0x004020A0 0x00002464 0x00000C64 0x00000077
UrlApplySchemeW - 0x004020A4 0x00002468 0x00000C68 0x0000015C
PathSkipRootW - 0x004020A8 0x0000246C 0x00000C6C 0x00000097
StrDupW - 0x004020AC 0x00002470 0x00000C70 0x00000131
PathIsSystemFolderW - 0x004020B0 0x00002474 0x00000C74 0x0000006F
PathStripToRootA - 0x004020B4 0x00002478 0x00000C78 0x0000009A
KERNEL32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
EnumSystemCodePagesW - 0x0040202C 0x000023F0 0x00000BF0 0x0000014C
VirtualAlloc - 0x00402030 0x000023F4 0x00000BF4 0x000005C6
GetModuleHandleW - 0x00402034 0x000023F8 0x00000BF8 0x00000278
GetStartupInfoW - 0x00402038 0x000023FC 0x00000BFC 0x000002D0
wsnmp32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
None 0x00000068 0x00402134 0x000024F8 0x00000CF8 -
None 0x00000388 0x00402138 0x000024FC 0x00000CFC -
None 0x0000025B 0x0040213C 0x00002500 0x00000D00 -
None 0x00000259 0x00402140 0x00002504 0x00000D04 -
None 0x00000065 0x00402144 0x00002508 0x00000D08 -
None 0x00000389 0x00402148 0x0000250C 0x00000D0C -
None 0x00000190 0x0040214C 0x00002510 0x00000D10 -
RESUTILS.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ResUtilDupString - 0x00402080 0x00002444 0x00000C44 0x00000034
ResUtilGetMultiSzProperty - 0x00402084 0x00002448 0x00000C48 0x00000057
ClusWorkerCheckTerminate - 0x00402088 0x0000244C 0x00000C4C 0x00000004
ResUtilResourcesEqual - 0x0040208C 0x00002450 0x00000C50 0x00000076
ResUtilStopResourceService - 0x00402090 0x00002454 0x00000C54 0x00000088
ResUtilGetResourceNameDependency - 0x00402094 0x00002458 0x00000C58 0x00000068
ResUtilFreeParameterBlock - 0x00402098 0x0000245C 0x00000C5C 0x00000048
WINMM.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
mmioRead - 0x004020BC 0x00002480 0x00000C80 0x00000080
mixerSetControlDetails - 0x004020C0 0x00002484 0x00000C84 0x0000006E
midiStreamProperty - 0x004020C4 0x00002488 0x00000C88 0x0000005E
midiOutGetID - 0x004020C8 0x0000248C 0x00000C8C 0x0000004E
mmioRenameW - 0x004020CC 0x00002490 0x00000C90 0x00000082
waveInGetDevCapsW - 0x004020D0 0x00002494 0x00000C94 0x0000009A
waveOutReset - 0x004020D4 0x00002498 0x00000C98 0x000000B7
joyGetDevCapsA - 0x004020D8 0x0000249C 0x00000C9C 0x00000017
ole32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleSetMenuDescriptor - 0x00402110 0x000024D4 0x00000CD4 0x0000018A
WriteOleStg - 0x00402114 0x000024D8 0x00000CD8 0x000001D9
UtGetDvtd32Info - 0x00402118 0x000024DC 0x00000CDC 0x000001D1
OleRegEnumVerbs - 0x0040211C 0x000024E0 0x00000CE0 0x0000017F
HENHMETAFILE_UserFree - 0x00402120 0x000024E4 0x00000CE4 0x000000D1
HACCEL_UserUnmarshal - 0x00402124 0x000024E8 0x00000CE8 0x000000C4
CreateILockBytesOnHGlobal - 0x00402128 0x000024EC 0x00000CEC 0x000000A2
StgIsStorageILockBytes - 0x0040212C 0x000024F0 0x00000CF0 0x000001BF
msi.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
None 0x0000003E 0x004020E0 0x000024A4 0x00000CA4 -
None 0x0000007A 0x004020E4 0x000024A8 0x00000CA8 -
None 0x00000088 0x004020E8 0x000024AC 0x00000CAC -
None 0x00000007 0x004020EC 0x000024B0 0x00000CB0 -
None 0x0000006E 0x004020F0 0x000024B4 0x00000CB4 -
None 0x00000070 0x004020F4 0x000024B8 0x00000CB8 -
None 0x00000062 0x004020F8 0x000024BC 0x00000CBC -
None 0x000000A1 0x004020FC 0x000024C0 0x00000CC0 -
None 0x0000007D 0x00402100 0x000024C4 0x00000CC4 -
None 0x00000073 0x00402104 0x000024C8 0x00000CC8 -
None 0x00000040 0x00402108 0x000024CC 0x00000CCC -
GDI32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateDiscardableBitmap - 0x0040200C 0x000023D0 0x00000BD0 0x0000003A
CreateDCA - 0x00402010 0x000023D4 0x00000BD4 0x00000032
SelectClipRgn - 0x00402014 0x000023D8 0x00000BD8 0x0000035A
SetDCPenColor - 0x00402018 0x000023DC 0x00000BDC 0x0000036B
CreateFontIndirectExW - 0x0040201C 0x000023E0 0x00000BE0 0x00000042
GetTextExtentPoint32W - 0x00402020 0x000023E4 0x00000BE4 0x000002CA
GetDeviceGammaRamp - 0x00402024 0x000023E8 0x00000BE8 0x00000277
CRYPT32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CertCreateCertificateContext - 0x00402000 0x000023C4 0x00000BC4 0x0000001C
CertFreeCertificateContext - 0x00402004 0x000023C8 0x00000BC8 0x00000040
MSVCRT.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__set_app_type - 0x00402040 0x00002404 0x00000C04 0x00000081
__p__fmode - 0x00402044 0x00002408 0x00000C08 0x0000006F
_controlfp - 0x00402048 0x0000240C 0x00000C0C 0x000000B7
_wfopen - 0x0040204C 0x00002410 0x00000C10 0x00000203
fread - 0x00402050 0x00002414 0x00000C14 0x0000025D
_except_handler3 - 0x00402054 0x00002418 0x00000C18 0x000000CA
_exit - 0x00402058 0x0000241C 0x00000C1C 0x000000D3
__p__commode - 0x0040205C 0x00002420 0x00000C20 0x0000006A
_adjust_fdiv - 0x00402060 0x00002424 0x00000C24 0x0000009D
__setusermatherr - 0x00402064 0x00002428 0x00000C28 0x00000083
_initterm - 0x00402068 0x0000242C 0x00000C2C 0x0000010F
__wgetmainargs - 0x0040206C 0x00002430 0x00000C30 0x0000008B
_wcmdln - 0x00402070 0x00002434 0x00000C34 0x000001E7
exit - 0x00402074 0x00002438 0x00000C38 0x00000249
_XcptFilter - 0x00402078 0x0000243C 0x00000C3C 0x00000048
Memory Dumps (218)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
cbgsujmwws.exe 2 0x00400000 0x00404FFF Relevant Image False 32-bit - False
...
buffer 2 0x001F0000 0x001F1FFF First Execution False 32-bit 0x001F0000 False
...
buffer 3 0x00400000 0x004A1FFF First Execution False 32-bit 0x004139DE False
...
buffer 2 0x001F0000 0x001F1FFF Process Termination False 32-bit - False
...
buffer 2 0x00450000 0x00469FFF Process Termination False 32-bit - False
...
cbgsujmwws.exe 2 0x00400000 0x00404FFF Process Termination False 32-bit - False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00414059 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412FEB False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004092CC False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x0040C9C2 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00407AA2 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00408952 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x0040DB78 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00410676 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x0040F44A False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x0040ED17 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00411954 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00401BBD False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004048AE False
...
buffer 3 0x0019B000 0x0019FFFF First Network Behavior False 32-bit - False
...
buffer 3 0x00400000 0x004A1FFF First Network Behavior False 32-bit - False
...
buffer 3 0x006B4378 0x006B457F First Network Behavior False 32-bit - False
...
buffer 3 0x006B5C98 0x006B701F First Network Behavior False 32-bit - False
...
buffer 3 0x006B8D70 0x006B8F77 First Network Behavior False 32-bit - False
...
buffer 3 0x006BAE98 0x006BB03C First Network Behavior False 32-bit - False
...
buffer 3 0x006BB458 0x006BC7DF First Network Behavior False 32-bit - False
...
buffer 3 0x006BD1C8 0x006BD3D9 First Network Behavior False 32-bit - False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412FEB False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x0040F980 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00410000 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00405D24 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00406489 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004048AE False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00406489 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004048AE False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004146F5 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00403AEA False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004048AE False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413BCC False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00403115 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402BAB False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004048AE False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004A0000 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00414167 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402BAB False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004048AE False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413BCC False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00414083 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402BC6 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00404EA5 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004A0000 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402BAB False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00404EA5 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413BCC False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00403115 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402BAB False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00405D0B False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004048AE False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004A0000 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402B7C False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00404EE8 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004A0000 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00414167 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402BAB False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004048AE False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413C27 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402C51 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004048AE False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413C27 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004A0000 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00414167 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402C5C False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00405EF6 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00404EA5 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413C27 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00414167 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402BAB False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004048AE False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413BCC False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004A0000 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00414167 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402B7C False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00404EE8 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004A0000 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402BAB False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004048AE False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413C27 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004A0000 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402C5C False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004048AE False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413BCC False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402BAB False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00405D0B False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413BCC False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402CA4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402BAB False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00404EE8 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413BCC False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00414083 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402B7C False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00405EF6 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004048AE False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413BCC False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00414102 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402B7C False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00414167 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004048AE False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413BCC False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x0040311C False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402CA4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402BAB False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00404EE8 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413BCC False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00414083 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402CA4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00405D0B False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00404EA5 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413BCC False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x0040308D False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402B7C False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004048AE False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413C27 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004A0000 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00414167 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402BAB False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00405D0B False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00404EE8 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402B7C False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00404EE8 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413C27 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00414167 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00403AEA False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402C36 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00404EE8 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413C27 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402BAB False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004048AE False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413BCC False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00414167 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402CA4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00405D0B False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413BCC False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004031E5 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004048AE False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413BCC False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00414167 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402BAB False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00405D0B False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004048AE False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413BCC False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x0040311C False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402B7C False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00405D0B False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413BCC False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00404EEA False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004039AE False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402C36 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004067C4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00405D0B False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413C27 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x0040311C False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412F30 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004048AE False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00413BCC False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004039AE False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00402CA4 False
...
buffer 3 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00405D24 False
...
C:\Users\RDHJ0C~1\AppData\Local\Temp\jurqlvqzsu80j5x5 Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 104.00 KB
MD5 d36bfa103f3793806490cc1e20ceb429 Copy to Clipboard
SHA1 9ffc447f3faf0bd6047af095650237c6be04cc5e Copy to Clipboard
SHA256 098b0f7a8e149f3f30525c7d956324bdef23f43648ad136ed21b393f21e64f99 Copy to Clipboard
SSDeep 1536:DqjPKwwio2fyBOo0vlv/RR53SfpU1FzziiEoDMFZDwgPgLJ68a34ou:Dqz02fOR09XT5CIzziTogbjkJ68aS Copy to Clipboard
ImpHash -
C:\Users\RDHJ0C~1\AppData\Local\Temp\jplmbcuny Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 4.76 KB
MD5 0dbceb0fc7bcb589c214a5cbdf34b95b Copy to Clipboard
SHA1 e7f948a31c2ce8ac25cce1169654435cec455bef Copy to Clipboard
SHA256 7a5c8835a40792321f57502a295e3972d2b1b1288ae9bd2e8899169a67941097 Copy to Clipboard
SSDeep 96:mZgnifiA8jYSIHGhUgwmthwwNAPnzoUJKAf:jAiq2UJmteRJ5f Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 Dropped File Stream
Clean
Known to be clean.
...
»
MIME Type application/octet-stream
File Size 53 Bytes
MD5 eca0470178275ac94e5de381969ed232 Copy to Clipboard
SHA1 d6de27e734eec57d1dda73489b4a6d6eecae3038 Copy to Clipboard
SHA256 353fd628b7f6e7d426e5d6a27d1bc3ac22fa7f812e7594cf2ec5ca1175785b50 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 53 Bytes
MD5 9c3c1a69a3c43835d6a2579570e6aa0d Copy to Clipboard
SHA1 8af2c3b90473b35f1bb936de12a8bf72fe658468 Copy to Clipboard
SHA256 e641ff8107a4197ded9f558d1891e716811e9a7f109f14e876f5a8394844dc34 Copy to Clipboard
SSDeep 3:/l4l5mrc9l:e4rc9l Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\AppData\Roaming\9EDDE9\9BDC8A.hdb Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 4 Bytes
MD5 90f2527e58191a885a8cc35c99b89ba8 Copy to Clipboard
SHA1 10455ce0eb31eead75481e75dcba232d28c7e4c7 Copy to Clipboard
SHA256 859ffdca62ee0971821a4b2dedfc023d0f9a021391b5ac336ddb49d53d28330e Copy to Clipboard
SSDeep 3:Kn:Kn Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\AppData\Roaming\9EDDE9\9BDC8A.lck Dropped File Stream
Clean
Known to be clean.
...
»
MIME Type application/octet-stream
File Size 1 Bytes
MD5 c4ca4238a0b923820dcc509a6f75849b Copy to Clipboard
SHA1 356a192b7913b04c54574d18c28d46e6395428ab Copy to Clipboard
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Copy to Clipboard
SSDeep 3:U:U Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
C:\Users\RDHJ0C~1\AppData\Local\Temp\nsl9F76.tmp Dropped File Empty
Clean
...
  • Actions
»
Also Known As C:\Users\RDHJ0C~1\AppData\Local\Temp\nsl9F76.tmp\ (Accessed File)
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
C:\Users\RDHJ0C~1\AppData\Local\Temp\nsi990C.tmp Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image