VTI SCORE: 100/100
| Dynamic Analysis Report |
| Classification: |
Spyware
|
| Threat Names: |
Trojan.GenericKD.33533023
Gen:Variant.Razy.539718
Mal/HTMLGen-A
...
|
file1.exe
Windows Exe (x86-32)
Created at 2020-03-12T15:46:00
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| Filename | Category | Type | Severity | Actions |
|---|
| Mime Type | application/vnd.microsoft.portable-executable |
| File Size | 718.50 KB |
| MD5 |
99785ae0679d6d3e27de83af403c23b0
|
| SHA1 |
f59fba6772d6699aab9bc099a226362eb5d6064d
|
| SHA256 |
a08db3b44c713a96fe07e0bfc440ca9cf2e3d152a5d13a70d6102c15004c4240
|
| SSDeep |
12288:Qs3AWchNZYks0YCnn2JiSLcByX9wNEwkL2f8x8ZWx0/08/bYA8o98NCl0f1vvx:Qs3AZZYkstCnn2ASAByNw/5fWKs8EA8x
|
| ImpHash |
4176ba388759b1da7430bf62a64d5734
|
File Reputation Information
»
| Severity |
Blacklisted
|
| Names | Mal/Generic-S |
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x44a7be |
| Size Of Code | 0x5a800 |
| Size Of Initialized Data | 0x58e00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2020-03-08 10:51:10+00:00 |
Version Information (9)
»
| Comments | Focusing Arcane Mullis Hba Subexpressions |
| CompanyName | DocuSign |
| FileDescription | Focusing Arcane Mullis Hba Subexpressions |
| FileVersion | 7.4.3.7 |
| LegalCopyright | ©DocuSign. All rights reserved. |
| OriginalFilename | GelcatinNetware |
| PrivateBuild | 7.4.3.7 |
| ProductName | GelcatinNetware |
| ProductVersion | 7.4.3.7 |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x5a6c0 | 0x5a800 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.56 |
| .rdata | 0x45c000 | 0x17bba | 0x17c00 | 0x5ac00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.63 |
| .data | 0x474000 | 0x68e4 | 0x3000 | 0x72800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.01 |
| .rsrc | 0x47b000 | 0x3624c | 0x36400 | 0x75800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.38 |
| .reloc | 0x4b2000 | 0x7cfa | 0x7e00 | 0xabc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.81 |
Imports (23)
»
KERNEL32.dll (107)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetCurrentProcessId | 0x0 | 0x45c110 | 0x71c08 | 0x70808 | 0x1c1 |
| GetEnvironmentStringsW | 0x0 | 0x45c114 | 0x71c0c | 0x7080c | 0x1da |
| FreeEnvironmentStringsW | 0x0 | 0x45c118 | 0x71c10 | 0x70810 | 0x161 |
| LoadLibraryW | 0x0 | 0x45c11c | 0x71c14 | 0x70814 | 0x33f |
| GetStringTypeW | 0x0 | 0x45c120 | 0x71c18 | 0x70818 | 0x269 |
| HeapCreate | 0x0 | 0x45c124 | 0x71c1c | 0x7081c | 0x2cd |
| HeapSize | 0x0 | 0x45c128 | 0x71c20 | 0x70820 | 0x2d4 |
| SetHandleCount | 0x0 | 0x45c12c | 0x71c24 | 0x70824 | 0x46f |
| FlushFileBuffers | 0x0 | 0x45c130 | 0x71c28 | 0x70828 | 0x157 |
| GetConsoleMode | 0x0 | 0x45c134 | 0x71c2c | 0x7082c | 0x1ac |
| GetConsoleCP | 0x0 | 0x45c138 | 0x71c30 | 0x70830 | 0x19a |
| IsProcessorFeaturePresent | 0x0 | 0x45c13c | 0x71c34 | 0x70834 | 0x304 |
| TerminateProcess | 0x0 | 0x45c140 | 0x71c38 | 0x70838 | 0x4c0 |
| IsDebuggerPresent | 0x0 | 0x45c144 | 0x71c3c | 0x7083c | 0x300 |
| SetUnhandledExceptionFilter | 0x0 | 0x45c148 | 0x71c40 | 0x70840 | 0x4a5 |
| UnhandledExceptionFilter | 0x0 | 0x45c14c | 0x71c44 | 0x70844 | 0x4d3 |
| LCMapStringW | 0x0 | 0x45c150 | 0x71c48 | 0x70848 | 0x32d |
| LocalFree | 0x0 | 0x45c154 | 0x71c4c | 0x7084c | 0x348 |
| SetLastError | 0x0 | 0x45c158 | 0x71c50 | 0x70850 | 0x473 |
| TlsFree | 0x0 | 0x45c15c | 0x71c54 | 0x70854 | 0x4c6 |
| SetStdHandle | 0x0 | 0x45c160 | 0x71c58 | 0x70858 | 0x487 |
| TlsGetValue | 0x0 | 0x45c164 | 0x71c5c | 0x7085c | 0x4c7 |
| TlsAlloc | 0x0 | 0x45c168 | 0x71c60 | 0x70860 | 0x4c5 |
| IsValidCodePage | 0x0 | 0x45c16c | 0x71c64 | 0x70864 | 0x30a |
| GetOEMCP | 0x0 | 0x45c170 | 0x71c68 | 0x70868 | 0x237 |
| GetCPInfo | 0x0 | 0x45c174 | 0x71c6c | 0x7086c | 0x172 |
| GetStartupInfoW | 0x0 | 0x45c178 | 0x71c70 | 0x70870 | 0x263 |
| HeapSetInformation | 0x0 | 0x45c17c | 0x71c74 | 0x70874 | 0x2d3 |
| GetCommandLineA | 0x0 | 0x45c180 | 0x71c78 | 0x70878 | 0x186 |
| GetSystemTimeAsFileTime | 0x0 | 0x45c184 | 0x71c7c | 0x7087c | 0x279 |
| VirtualQuery | 0x0 | 0x45c188 | 0x71c80 | 0x70880 | 0x4f1 |
| GetSystemInfo | 0x0 | 0x45c18c | 0x71c84 | 0x70884 | 0x273 |
| GetModuleHandleW | 0x0 | 0x45c190 | 0x71c88 | 0x70888 | 0x218 |
| VirtualAlloc | 0x0 | 0x45c194 | 0x71c8c | 0x7088c | 0x4e9 |
| VirtualProtect | 0x0 | 0x45c198 | 0x71c90 | 0x70890 | 0x4ef |
| GetModuleFileNameW | 0x0 | 0x45c19c | 0x71c94 | 0x70894 | 0x214 |
| GetStdHandle | 0x0 | 0x45c1a0 | 0x71c98 | 0x70898 | 0x264 |
| WriteConsoleW | 0x0 | 0x45c1a4 | 0x71c9c | 0x7089c | 0x524 |
| HeapReAlloc | 0x0 | 0x45c1a8 | 0x71ca0 | 0x708a0 | 0x2d2 |
| HeapAlloc | 0x0 | 0x45c1ac | 0x71ca4 | 0x708a4 | 0x2cb |
| HeapFree | 0x0 | 0x45c1b0 | 0x71ca8 | 0x708a8 | 0x2cf |
| RtlUnwind | 0x0 | 0x45c1b4 | 0x71cac | 0x708ac | 0x418 |
| EncodePointer | 0x0 | 0x45c1b8 | 0x71cb0 | 0x708b0 | 0xea |
| DecodePointer | 0x0 | 0x45c1bc | 0x71cb4 | 0x708b4 | 0xca |
| CreateEventA | 0x0 | 0x45c1c0 | 0x71cb8 | 0x708b8 | 0x82 |
| GlobalFree | 0x0 | 0x45c1c4 | 0x71cbc | 0x708bc | 0x2ba |
| CreateMutexA | 0x0 | 0x45c1c8 | 0x71cc0 | 0x708c0 | 0x9b |
| WaitForSingleObject | 0x0 | 0x45c1cc | 0x71cc4 | 0x708c4 | 0x4f9 |
| ReleaseMutex | 0x0 | 0x45c1d0 | 0x71cc8 | 0x708c8 | 0x3fa |
| SetPriorityClass | 0x0 | 0x45c1d4 | 0x71ccc | 0x708cc | 0x47d |
| CreateFileW | 0x0 | 0x45c1d8 | 0x71cd0 | 0x708d0 | 0x8f |
| TlsSetValue | 0x0 | 0x45c1dc | 0x71cd4 | 0x708d4 | 0x4c8 |
| QueryPerformanceFrequency | 0x0 | 0x45c1e0 | 0x71cd8 | 0x708d8 | 0x3a8 |
| QueryPerformanceCounter | 0x0 | 0x45c1e4 | 0x71cdc | 0x708dc | 0x3a7 |
| OutputDebugStringW | 0x0 | 0x45c1e8 | 0x71ce0 | 0x708e0 | 0x38a |
| CreateThread | 0x0 | 0x45c1ec | 0x71ce4 | 0x708e4 | 0xb5 |
| LoadLibraryExA | 0x0 | 0x45c1f0 | 0x71ce8 | 0x708e8 | 0x33d |
| IsDBCSLeadByte | 0x0 | 0x45c1f4 | 0x71cec | 0x708ec | 0x2fe |
| lstrcmpiA | 0x0 | 0x45c1f8 | 0x71cf0 | 0x708f0 | 0x544 |
| lstrlenA | 0x0 | 0x45c1fc | 0x71cf4 | 0x708f4 | 0x54d |
| lstrlenW | 0x0 | 0x45c200 | 0x71cf8 | 0x708f8 | 0x54e |
| FreeLibrary | 0x0 | 0x45c204 | 0x71cfc | 0x708fc | 0x162 |
| GetLocalTime | 0x0 | 0x45c208 | 0x71d00 | 0x70900 | 0x203 |
| InitializeCriticalSectionAndSpinCount | 0x0 | 0x45c20c | 0x71d04 | 0x70904 | 0x2e3 |
| RaiseException | 0x0 | 0x45c210 | 0x71d08 | 0x70908 | 0x3b1 |
| WriteFile | 0x0 | 0x45c214 | 0x71d0c | 0x7090c | 0x525 |
| SetFileTime | 0x0 | 0x45c218 | 0x71d10 | 0x70910 | 0x46a |
| CreateDirectoryA | 0x0 | 0x45c21c | 0x71d14 | 0x70914 | 0x7c |
| DosDateTimeToFileTime | 0x0 | 0x45c220 | 0x71d18 | 0x70918 | 0xe4 |
| SystemTimeToFileTime | 0x0 | 0x45c224 | 0x71d1c | 0x7091c | 0x4bd |
| GetCurrentProcess | 0x0 | 0x45c228 | 0x71d20 | 0x70920 | 0x1c0 |
| DuplicateHandle | 0x0 | 0x45c22c | 0x71d24 | 0x70924 | 0xe8 |
| GetFileType | 0x0 | 0x45c230 | 0x71d28 | 0x70928 | 0x1f3 |
| SetFilePointer | 0x0 | 0x45c234 | 0x71d2c | 0x7092c | 0x466 |
| ExitProcess | 0x0 | 0x45c238 | 0x71d30 | 0x70930 | 0x119 |
| GetCurrentDirectoryA | 0x0 | 0x45c23c | 0x71d34 | 0x70934 | 0x1be |
| GetModuleFileNameA | 0x0 | 0x45c240 | 0x71d38 | 0x70938 | 0x213 |
| FindResourceA | 0x0 | 0x45c244 | 0x71d3c | 0x7093c | 0x14b |
| LoadResource | 0x0 | 0x45c248 | 0x71d40 | 0x70940 | 0x341 |
| FreeResource | 0x0 | 0x45c24c | 0x71d44 | 0x70944 | 0x165 |
| SizeofResource | 0x0 | 0x45c250 | 0x71d48 | 0x70948 | 0x4b1 |
| LockResource | 0x0 | 0x45c254 | 0x71d4c | 0x7094c | 0x354 |
| GetLastError | 0x0 | 0x45c258 | 0x71d50 | 0x70950 | 0x202 |
| GetModuleHandleA | 0x0 | 0x45c25c | 0x71d54 | 0x70954 | 0x215 |
| WideCharToMultiByte | 0x0 | 0x45c260 | 0x71d58 | 0x70958 | 0x511 |
| CreateFileA | 0x0 | 0x45c264 | 0x71d5c | 0x7095c | 0x88 |
| GetFileSize | 0x0 | 0x45c268 | 0x71d60 | 0x70960 | 0x1f0 |
| CloseHandle | 0x0 | 0x45c26c | 0x71d64 | 0x70964 | 0x52 |
| ReadFile | 0x0 | 0x45c270 | 0x71d68 | 0x70968 | 0x3c0 |
| GlobalAlloc | 0x0 | 0x45c274 | 0x71d6c | 0x7096c | 0x2b3 |
| GlobalLock | 0x0 | 0x45c278 | 0x71d70 | 0x70970 | 0x2be |
| GlobalUnlock | 0x0 | 0x45c27c | 0x71d74 | 0x70974 | 0x2c5 |
| InterlockedDecrement | 0x0 | 0x45c280 | 0x71d78 | 0x70978 | 0x2eb |
| InterlockedIncrement | 0x0 | 0x45c284 | 0x71d7c | 0x7097c | 0x2ef |
| LoadLibraryA | 0x0 | 0x45c288 | 0x71d80 | 0x70980 | 0x33c |
| GetProcAddress | 0x0 | 0x45c28c | 0x71d84 | 0x70984 | 0x245 |
| GetACP | 0x0 | 0x45c290 | 0x71d88 | 0x70988 | 0x168 |
| MultiByteToWideChar | 0x0 | 0x45c294 | 0x71d8c | 0x7098c | 0x367 |
| MulDiv | 0x0 | 0x45c298 | 0x71d90 | 0x70990 | 0x366 |
| GetTickCount | 0x0 | 0x45c29c | 0x71d94 | 0x70994 | 0x293 |
| LeaveCriticalSection | 0x0 | 0x45c2a0 | 0x71d98 | 0x70998 | 0x339 |
| EnterCriticalSection | 0x0 | 0x45c2a4 | 0x71d9c | 0x7099c | 0xee |
| DeleteCriticalSection | 0x0 | 0x45c2a8 | 0x71da0 | 0x709a0 | 0xd1 |
| GetVersionExA | 0x0 | 0x45c2ac | 0x71da4 | 0x709a4 | 0x2a3 |
| InitializeCriticalSection | 0x0 | 0x45c2b0 | 0x71da8 | 0x709a8 | 0x2e2 |
| Sleep | 0x0 | 0x45c2b4 | 0x71dac | 0x709ac | 0x4b2 |
| GetCurrentThreadId | 0x0 | 0x45c2b8 | 0x71db0 | 0x709b0 | 0x1c5 |
USER32.dll (99)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| UnionRect | 0x0 | 0x45c334 | 0x71e2c | 0x70a2c | 0x301 |
| KillTimer | 0x0 | 0x45c338 | 0x71e30 | 0x70a30 | 0x1e3 |
| IsWindowVisible | 0x0 | 0x45c33c | 0x71e34 | 0x70a34 | 0x1e0 |
| GetUpdateRect | 0x0 | 0x45c340 | 0x71e38 | 0x70a38 | 0x187 |
| GetActiveWindow | 0x0 | 0x45c344 | 0x71e3c | 0x70a3c | 0x100 |
| DrawTextA | 0x0 | 0x45c348 | 0x71e40 | 0x70a40 | 0xcd |
| CharPrevA | 0x0 | 0x45c34c | 0x71e44 | 0x70a44 | 0x32 |
| SetRect | 0x0 | 0x45c350 | 0x71e48 | 0x70a48 | 0x2ae |
| OffsetRect | 0x0 | 0x45c354 | 0x71e4c | 0x70a4c | 0x225 |
| SetMenu | 0x0 | 0x45c358 | 0x71e50 | 0x70a50 | 0x29c |
| InsertMenuItemA | 0x0 | 0x45c35c | 0x71e54 | 0x70a54 | 0x1b8 |
| GetMenuCheckMarkDimensions | 0x0 | 0x45c360 | 0x71e58 | 0x70a58 | 0x14d |
| IsZoomed | 0x0 | 0x45c364 | 0x71e5c | 0x70a5c | 0x1e2 |
| GetWindowRect | 0x0 | 0x45c368 | 0x71e60 | 0x70a60 | 0x19c |
| UpdateWindow | 0x0 | 0x45c36c | 0x71e64 | 0x70a64 | 0x311 |
| MoveWindow | 0x0 | 0x45c370 | 0x71e68 | 0x70a68 | 0x21b |
| DestroyWindow | 0x0 | 0x45c374 | 0x71e6c | 0x70a6c | 0xa6 |
| ReleaseDC | 0x0 | 0x45c378 | 0x71e70 | 0x70a70 | 0x265 |
| GetDC | 0x0 | 0x45c37c | 0x71e74 | 0x70a74 | 0x121 |
| ReleaseCapture | 0x0 | 0x45c380 | 0x71e78 | 0x70a78 | 0x264 |
| SetCapture | 0x0 | 0x45c384 | 0x71e7c | 0x70a7c | 0x280 |
| FillRect | 0x0 | 0x45c388 | 0x71e80 | 0x70a80 | 0xf6 |
| InvalidateRect | 0x0 | 0x45c38c | 0x71e84 | 0x70a84 | 0x1be |
| InvalidateRgn | 0x0 | 0x45c390 | 0x71e88 | 0x70a88 | 0x1bf |
| DefWindowProcA | 0x0 | 0x45c394 | 0x71e8c | 0x70a8c | 0x9b |
| MessageBoxA | 0x0 | 0x45c398 | 0x71e90 | 0x70a90 | 0x20e |
| CreatePopupMenu | 0x0 | 0x45c39c | 0x71e94 | 0x70a94 | 0x6b |
| CreateMenu | 0x0 | 0x45c3a0 | 0x71e98 | 0x70a98 | 0x6a |
| LoadIconA | 0x0 | 0x45c3a4 | 0x71e9c | 0x70a9c | 0x1ec |
| GetDlgItem | 0x0 | 0x45c3a8 | 0x71ea0 | 0x70aa0 | 0x127 |
| PeekMessageA | 0x0 | 0x45c3ac | 0x71ea4 | 0x70aa4 | 0x232 |
| LoadAcceleratorsA | 0x0 | 0x45c3b0 | 0x71ea8 | 0x70aa8 | 0x1e4 |
| LoadStringW | 0x0 | 0x45c3b4 | 0x71eac | 0x70aac | 0x1fa |
| SetScrollPos | 0x0 | 0x45c3b8 | 0x71eb0 | 0x70ab0 | 0x2b1 |
| SetTimer | 0x0 | 0x45c3bc | 0x71eb4 | 0x70ab4 | 0x2bb |
| EndPaint | 0x0 | 0x45c3c0 | 0x71eb8 | 0x70ab8 | 0xdc |
| BeginPaint | 0x0 | 0x45c3c4 | 0x71ebc | 0x70abc | 0xe |
| PtInRect | 0x0 | 0x45c3c8 | 0x71ec0 | 0x70ac0 | 0x240 |
| ScreenToClient | 0x0 | 0x45c3cc | 0x71ec4 | 0x70ac4 | 0x26d |
| ClientToScreen | 0x0 | 0x45c3d0 | 0x71ec8 | 0x70ac8 | 0x47 |
| GetGUIThreadInfo | 0x0 | 0x45c3d4 | 0x71ecc | 0x70acc | 0x12e |
| GetClientRect | 0x0 | 0x45c3d8 | 0x71ed0 | 0x70ad0 | 0x114 |
| ShowWindow | 0x0 | 0x45c3dc | 0x71ed4 | 0x70ad4 | 0x2df |
| SetFocus | 0x0 | 0x45c3e0 | 0x71ed8 | 0x70ad8 | 0x292 |
| CreateAcceleratorTableA | 0x0 | 0x45c3e4 | 0x71edc | 0x70adc | 0x57 |
| SetCursor | 0x0 | 0x45c3e8 | 0x71ee0 | 0x70ae0 | 0x288 |
| LoadCursorA | 0x0 | 0x45c3ec | 0x71ee4 | 0x70ae4 | 0x1e8 |
| IntersectRect | 0x0 | 0x45c3f0 | 0x71ee8 | 0x70ae8 | 0x1bd |
| GetParent | 0x0 | 0x45c3f4 | 0x71eec | 0x70aec | 0x164 |
| GetMonitorInfoA | 0x0 | 0x45c3f8 | 0x71ef0 | 0x70af0 | 0x15e |
| MonitorFromWindow | 0x0 | 0x45c3fc | 0x71ef4 | 0x70af4 | 0x21a |
| MapWindowPoints | 0x0 | 0x45c400 | 0x71ef8 | 0x70af8 | 0x209 |
| GetFocus | 0x0 | 0x45c404 | 0x71efc | 0x70afc | 0x12c |
| GetCursorPos | 0x0 | 0x45c408 | 0x71f00 | 0x70b00 | 0x120 |
| SetWindowPos | 0x0 | 0x45c40c | 0x71f04 | 0x70b04 | 0x2c6 |
| IsRectEmpty | 0x0 | 0x45c410 | 0x71f08 | 0x70b08 | 0x1d4 |
| SendMessageA | 0x0 | 0x45c414 | 0x71f0c | 0x70b0c | 0x277 |
| GetWindowTextA | 0x0 | 0x45c418 | 0x71f10 | 0x70b10 | 0x1a0 |
| GetWindowTextLengthA | 0x0 | 0x45c41c | 0x71f14 | 0x70b14 | 0x1a1 |
| SetWindowTextA | 0x0 | 0x45c420 | 0x71f18 | 0x70b18 | 0x2ca |
| EnableWindow | 0x0 | 0x45c424 | 0x71f1c | 0x70b1c | 0xd8 |
| GetCaretPos | 0x0 | 0x45c428 | 0x71f20 | 0x70b20 | 0x10a |
| GetCaretBlinkTime | 0x0 | 0x45c42c | 0x71f24 | 0x70b24 | 0x109 |
| CreateCaret | 0x0 | 0x45c430 | 0x71f28 | 0x70b28 | 0x59 |
| HideCaret | 0x0 | 0x45c434 | 0x71f2c | 0x70b2c | 0x1a9 |
| ShowCaret | 0x0 | 0x45c438 | 0x71f30 | 0x70b30 | 0x2d9 |
| SetCaretPos | 0x0 | 0x45c43c | 0x71f34 | 0x70b34 | 0x282 |
| GetSysColor | 0x0 | 0x45c440 | 0x71f38 | 0x70b38 | 0x17b |
| GetKeyState | 0x0 | 0x45c444 | 0x71f3c | 0x70b3c | 0x13d |
| GetWindowLongA | 0x0 | 0x45c448 | 0x71f40 | 0x70b40 | 0x195 |
| wsprintfA | 0x0 | 0x45c44c | 0x71f44 | 0x70b44 | 0x332 |
| SetWindowLongA | 0x0 | 0x45c450 | 0x71f48 | 0x70b48 | 0x2c3 |
| IsWindow | 0x0 | 0x45c454 | 0x71f4c | 0x70b4c | 0x1db |
| PostQuitMessage | 0x0 | 0x45c458 | 0x71f50 | 0x70b50 | 0x237 |
| DispatchMessageA | 0x0 | 0x45c45c | 0x71f54 | 0x70b54 | 0xae |
| TranslateMessage | 0x0 | 0x45c460 | 0x71f58 | 0x70b58 | 0x2fc |
| GetMessageA | 0x0 | 0x45c464 | 0x71f5c | 0x70b5c | 0x159 |
| CreateWindowExA | 0x0 | 0x45c468 | 0x71f60 | 0x70b60 | 0x6d |
| GetClassInfoExA | 0x0 | 0x45c46c | 0x71f64 | 0x70b64 | 0x10c |
| RegisterClassExA | 0x0 | 0x45c470 | 0x71f68 | 0x70b68 | 0x24c |
| RegisterClassA | 0x0 | 0x45c474 | 0x71f6c | 0x70b6c | 0x24b |
| RemovePropA | 0x0 | 0x45c478 | 0x71f70 | 0x70b70 | 0x268 |
| DrawFrameControl | 0x0 | 0x45c47c | 0x71f74 | 0x70b74 | 0xc6 |
| AppendMenuA | 0x0 | 0x45c480 | 0x71f78 | 0x70b78 | 0x9 |
| PostMessageA | 0x0 | 0x45c484 | 0x71f7c | 0x70b7c | 0x235 |
| SetPropA | 0x0 | 0x45c488 | 0x71f80 | 0x70b80 | 0x2ac |
| GetWindow | 0x0 | 0x45c48c | 0x71f84 | 0x70b84 | 0x18e |
| IsIconic | 0x0 | 0x45c490 | 0x71f88 | 0x70b88 | 0x1d1 |
| LoadImageA | 0x0 | 0x45c494 | 0x71f8c | 0x70b8c | 0x1ee |
| CallWindowProcA | 0x0 | 0x45c498 | 0x71f90 | 0x70b90 | 0x1d |
| GetPropA | 0x0 | 0x45c49c | 0x71f94 | 0x70b94 | 0x16a |
| TrackMouseEvent | 0x0 | 0x45c4a0 | 0x71f98 | 0x70b98 | 0x2f5 |
| MessageBoxW | 0x0 | 0x45c4a4 | 0x71f9c | 0x70b9c | 0x215 |
| DrawFocusRect | 0x0 | 0x45c4a8 | 0x71fa0 | 0x70ba0 | 0xc4 |
| BeginDeferWindowPos | 0x0 | 0x45c4ac | 0x71fa4 | 0x70ba4 | 0xd |
| GetSystemMenu | 0x0 | 0x45c4b0 | 0x71fa8 | 0x70ba8 | 0x17d |
| wvsprintfA | 0x0 | 0x45c4b4 | 0x71fac | 0x70bac | 0x334 |
| CharNextA | 0x0 | 0x45c4b8 | 0x71fb0 | 0x70bb0 | 0x2f |
| SetWindowRgn | 0x0 | 0x45c4bc | 0x71fb4 | 0x70bb4 | 0x2c7 |
GDI32.dll (43)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SetTextColor | 0x0 | 0x45c04c | 0x71b44 | 0x70744 | 0x2a6 |
| CreatePatternBrush | 0x0 | 0x45c050 | 0x71b48 | 0x70748 | 0x4a |
| CreateSolidBrush | 0x0 | 0x45c054 | 0x71b4c | 0x7074c | 0x54 |
| DeleteObject | 0x0 | 0x45c058 | 0x71b50 | 0x70750 | 0xe6 |
| GetDeviceCaps | 0x0 | 0x45c05c | 0x71b54 | 0x70754 | 0x1cb |
| CreateRoundRectRgn | 0x0 | 0x45c060 | 0x71b58 | 0x70758 | 0x51 |
| StretchBlt | 0x0 | 0x45c064 | 0x71b5c | 0x7075c | 0x2b3 |
| CreateDIBSection | 0x0 | 0x45c068 | 0x71b60 | 0x70760 | 0x35 |
| SetStretchBltMode | 0x0 | 0x45c06c | 0x71b64 | 0x70764 | 0x2a2 |
| ExtTextOutA | 0x0 | 0x45c070 | 0x71b68 | 0x70768 | 0x137 |
| SetBkColor | 0x0 | 0x45c074 | 0x71b6c | 0x7076c | 0x27e |
| LineTo | 0x0 | 0x45c078 | 0x71b70 | 0x70770 | 0x236 |
| MoveToEx | 0x0 | 0x45c07c | 0x71b74 | 0x70774 | 0x23a |
| SetBkMode | 0x0 | 0x45c080 | 0x71b78 | 0x70778 | 0x27f |
| RoundRect | 0x0 | 0x45c084 | 0x71b7c | 0x7077c | 0x26a |
| TextOutA | 0x0 | 0x45c088 | 0x71b80 | 0x70780 | 0x2b8 |
| GetTextExtentPoint32A | 0x0 | 0x45c08c | 0x71b84 | 0x70784 | 0x21d |
| GetCharABCWidthsA | 0x0 | 0x45c090 | 0x71b88 | 0x70788 | 0x1b1 |
| ExtSelectClipRgn | 0x0 | 0x45c094 | 0x71b8c | 0x7078c | 0x136 |
| GdiFlush | 0x0 | 0x45c098 | 0x71b90 | 0x70790 | 0x175 |
| DescribePixelFormat | 0x0 | 0x45c09c | 0x71b94 | 0x70794 | 0xe7 |
| SetTextJustification | 0x0 | 0x45c0a0 | 0x71b98 | 0x70798 | 0x2a7 |
| GetWindowOrgEx | 0x0 | 0x45c0a4 | 0x71b9c | 0x7079c | 0x22c |
| EnumFontFamiliesExA | 0x0 | 0x45c0a8 | 0x71ba0 | 0x707a0 | 0x124 |
| GetObjectA | 0x0 | 0x45c0ac | 0x71ba4 | 0x707a4 | 0x1fb |
| CreateFontIndirectA | 0x0 | 0x45c0b0 | 0x71ba8 | 0x707a8 | 0x3d |
| GetStockObject | 0x0 | 0x45c0b4 | 0x71bac | 0x707ac | 0x20d |
| GetTextMetricsA | 0x0 | 0x45c0b8 | 0x71bb0 | 0x707b0 | 0x225 |
| SelectObject | 0x0 | 0x45c0bc | 0x71bb4 | 0x707b4 | 0x277 |
| CreatePen | 0x0 | 0x45c0c0 | 0x71bb8 | 0x707b8 | 0x4b |
| DeleteDC | 0x0 | 0x45c0c4 | 0x71bbc | 0x707bc | 0xe3 |
| SetWindowOrgEx | 0x0 | 0x45c0c8 | 0x71bc0 | 0x707c0 | 0x2ad |
| Rectangle | 0x0 | 0x45c0cc | 0x71bc4 | 0x707c4 | 0x25f |
| RestoreDC | 0x0 | 0x45c0d0 | 0x71bc8 | 0x707c8 | 0x269 |
| BitBlt | 0x0 | 0x45c0d4 | 0x71bcc | 0x707cc | 0x13 |
| SaveDC | 0x0 | 0x45c0d8 | 0x71bd0 | 0x707d0 | 0x270 |
| CreateCompatibleBitmap | 0x0 | 0x45c0dc | 0x71bd4 | 0x707d4 | 0x2f |
| CreateCompatibleDC | 0x0 | 0x45c0e0 | 0x71bd8 | 0x707d8 | 0x30 |
| SelectClipRgn | 0x0 | 0x45c0e4 | 0x71bdc | 0x707dc | 0x275 |
| CombineRgn | 0x0 | 0x45c0e8 | 0x71be0 | 0x707e0 | 0x22 |
| CreateRectRgnIndirect | 0x0 | 0x45c0ec | 0x71be4 | 0x707e4 | 0x50 |
| CreatePenIndirect | 0x0 | 0x45c0f0 | 0x71be8 | 0x707e8 | 0x4c |
| GetClipBox | 0x0 | 0x45c0f4 | 0x71bec | 0x707ec | 0x1c0 |
ADVAPI32.dll (11)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegCreateKeyExA | 0x0 | 0x45c000 | 0x71af8 | 0x706f8 | 0x238 |
| RegDeleteKeyA | 0x0 | 0x45c004 | 0x71afc | 0x706fc | 0x23d |
| RegDeleteValueA | 0x0 | 0x45c008 | 0x71b00 | 0x70700 | 0x247 |
| RegCloseKey | 0x0 | 0x45c00c | 0x71b04 | 0x70704 | 0x230 |
| RegSetValueExA | 0x0 | 0x45c010 | 0x71b08 | 0x70708 | 0x27d |
| RegQueryInfoKeyW | 0x0 | 0x45c014 | 0x71b0c | 0x7070c | 0x268 |
| RegEnumKeyExA | 0x0 | 0x45c018 | 0x71b10 | 0x70710 | 0x24e |
| RegisterEventSourceA | 0x0 | 0x45c01c | 0x71b14 | 0x70714 | 0x282 |
| LogonUserA | 0x0 | 0x45c020 | 0x71b18 | 0x70718 | 0x189 |
| ImpersonateLoggedOnUser | 0x0 | 0x45c024 | 0x71b1c | 0x7071c | 0x173 |
| RegOpenKeyExA | 0x0 | 0x45c028 | 0x71b20 | 0x70720 | 0x260 |
SHELL32.dll (7)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SHGetFolderPathW | 0x0 | 0x45c308 | 0x71e00 | 0x70a00 | 0xc3 |
| SHFileOperationA | 0x0 | 0x45c30c | 0x71e04 | 0x70a04 | 0xab |
| SHGetDesktopFolder | 0x0 | 0x45c310 | 0x71e08 | 0x70a08 | 0xb6 |
| SHBrowseForFolderA | 0x0 | 0x45c314 | 0x71e0c | 0x70a0c | 0x7a |
| SHChangeNotify | 0x0 | 0x45c318 | 0x71e10 | 0x70a10 | 0x7f |
| ShellExecuteA | 0x0 | 0x45c31c | 0x71e14 | 0x70a14 | 0x11e |
| SHGetMalloc | 0x0 | 0x45c320 | 0x71e18 | 0x70a18 | 0xcf |
ole32.dll (15)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| StgCreateDocfile | 0x0 | 0x45c618 | 0x72110 | 0x70d10 | 0x167 |
| RevokeDragDrop | 0x0 | 0x45c61c | 0x72114 | 0x70d14 | 0x159 |
| GetHGlobalFromStream | 0x0 | 0x45c620 | 0x72118 | 0x70d18 | 0x95 |
| CoTaskMemFree | 0x0 | 0x45c624 | 0x7211c | 0x70d1c | 0x68 |
| CoTaskMemRealloc | 0x0 | 0x45c628 | 0x72120 | 0x70d20 | 0x69 |
| CoTaskMemAlloc | 0x0 | 0x45c62c | 0x72124 | 0x70d24 | 0x67 |
| OleUninitialize | 0x0 | 0x45c630 | 0x72128 | 0x70d28 | 0x149 |
| CreateStreamOnHGlobal | 0x0 | 0x45c634 | 0x7212c | 0x70d2c | 0x86 |
| CoCreateInstance | 0x0 | 0x45c638 | 0x72130 | 0x70d30 | 0x10 |
| OleLockRunning | 0x0 | 0x45c63c | 0x72134 | 0x70d34 | 0x138 |
| CLSIDFromString | 0x0 | 0x45c640 | 0x72138 | 0x70d38 | 0x8 |
| CLSIDFromProgID | 0x0 | 0x45c644 | 0x7213c | 0x70d3c | 0x6 |
| CoUninitialize | 0x0 | 0x45c648 | 0x72140 | 0x70d40 | 0x6c |
| CoInitialize | 0x0 | 0x45c64c | 0x72144 | 0x70d44 | 0x3e |
| OleInitialize | 0x0 | 0x45c650 | 0x72148 | 0x70d48 | 0x132 |
OLEAUT32.dll (7)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SysFreeString | 0x6 | 0x45c2dc | 0x71dd4 | 0x709d4 | - |
| VariantInit | 0x8 | 0x45c2e0 | 0x71dd8 | 0x709d8 | - |
| SysAllocString | 0x2 | 0x45c2e4 | 0x71ddc | 0x709dc | - |
| SystemTimeToVariantTime | 0xb8 | 0x45c2e8 | 0x71de0 | 0x709e0 | - |
| VarUI4FromStr | 0x115 | 0x45c2ec | 0x71de4 | 0x709e4 | - |
| SysAllocStringLen | 0x4 | 0x45c2f0 | 0x71de8 | 0x709e8 | - |
| VariantClear | 0x9 | 0x45c2f4 | 0x71dec | 0x709ec | - |
ODBC32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| (by ordinal) | 0x9 | 0x45c2d4 | 0x71dcc | 0x709cc | - |
gdiplus.dll (43)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GdipCreateFromHDC | 0x0 | 0x45c558 | 0x72050 | 0x70c50 | 0x5b |
| GdipFree | 0x0 | 0x45c55c | 0x72054 | 0x70c54 | 0xed |
| GdipAlloc | 0x0 | 0x45c560 | 0x72058 | 0x70c58 | 0x21 |
| GdipGetImageEncoders | 0x0 | 0x45c564 | 0x7205c | 0x70c5c | 0x11e |
| GdipGetImageEncodersSize | 0x0 | 0x45c568 | 0x72060 | 0x70c60 | 0x11f |
| GdipCloneBrush | 0x0 | 0x45c56c | 0x72064 | 0x70c64 | 0x32 |
| GdipGetFamily | 0x0 | 0x45c570 | 0x72068 | 0x70c68 | 0x109 |
| GdipCreateFontFromLogfontA | 0x0 | 0x45c574 | 0x7206c | 0x70c6c | 0x59 |
| GdipCreateFontFromDC | 0x0 | 0x45c578 | 0x72070 | 0x70c70 | 0x58 |
| GdipDrawImage | 0x0 | 0x45c57c | 0x72074 | 0x70c74 | 0xae |
| GdipDrawString | 0x0 | 0x45c580 | 0x72078 | 0x70c78 | 0xc8 |
| GdipGraphicsClear | 0x0 | 0x45c584 | 0x7207c | 0x70c7c | 0x195 |
| GdipDeleteGraphics | 0x0 | 0x45c588 | 0x72080 | 0x70c80 | 0x90 |
| GdipSetSmoothingMode | 0x0 | 0x45c58c | 0x72084 | 0x70c84 | 0x249 |
| GdipSetInterpolationMode | 0x0 | 0x45c590 | 0x72088 | 0x70c88 | 0x218 |
| GdipSetTextRenderingHint | 0x0 | 0x45c594 | 0x7208c | 0x70c8c | 0x254 |
| GdipSetCompositingQuality | 0x0 | 0x45c598 | 0x72090 | 0x70c90 | 0x203 |
| GdipGetImageGraphicsContext | 0x0 | 0x45c59c | 0x72094 | 0x70c94 | 0x121 |
| GdipSetStringFormatLineAlign | 0x0 | 0x45c5a0 | 0x72098 | 0x70c98 | 0x24f |
| GdipSetStringFormatAlign | 0x0 | 0x45c5a4 | 0x7209c | 0x70c9c | 0x24b |
| GdipCreateLineBrushI | 0x0 | 0x45c5a8 | 0x720a0 | 0x70ca0 | 0x69 |
| GdiplusShutdown | 0x0 | 0x45c5ac | 0x720a4 | 0x70ca4 | 0x274 |
| GdiplusStartup | 0x0 | 0x45c5b0 | 0x720a8 | 0x70ca8 | 0x275 |
| GdipCreateBitmapFromScan0 | 0x0 | 0x45c5b4 | 0x720ac | 0x70cac | 0x50 |
| GdipDeleteFont | 0x0 | 0x45c5b8 | 0x720b0 | 0x70cb0 | 0x8e |
| GdipDeleteFontFamily | 0x0 | 0x45c5bc | 0x720b4 | 0x70cb4 | 0x8f |
| GdipDeleteStringFormat | 0x0 | 0x45c5c0 | 0x720b8 | 0x70cb8 | 0x97 |
| GdipCreateStringFormat | 0x0 | 0x45c5c4 | 0x720bc | 0x70cbc | 0x84 |
| GdipDeleteBrush | 0x0 | 0x45c5c8 | 0x720c0 | 0x70cc0 | 0x8a |
| GdipCloneImage | 0x0 | 0x45c5cc | 0x720c4 | 0x70cc4 | 0x36 |
| GdipDrawImageRectI | 0x0 | 0x45c5d0 | 0x720c8 | 0x70cc8 | 0xb8 |
| GdipSetPixelOffsetMode | 0x0 | 0x45c5d4 | 0x720cc | 0x70ccc | 0x246 |
| GdipGetPropertyItem | 0x0 | 0x45c5d8 | 0x720d0 | 0x70cd0 | 0x176 |
| GdipGetPropertyItemSize | 0x0 | 0x45c5dc | 0x720d4 | 0x70cd4 | 0x177 |
| GdipImageSelectActiveFrame | 0x0 | 0x45c5e0 | 0x720d8 | 0x70cd8 | 0x19c |
| GdipImageGetFrameCount | 0x0 | 0x45c5e4 | 0x720dc | 0x70cdc | 0x198 |
| GdipImageGetFrameDimensionsList | 0x0 | 0x45c5e8 | 0x720e0 | 0x70ce0 | 0x19a |
| GdipImageGetFrameDimensionsCount | 0x0 | 0x45c5ec | 0x720e4 | 0x70ce4 | 0x199 |
| GdipGetImageHeight | 0x0 | 0x45c5f0 | 0x720e8 | 0x70ce8 | 0x122 |
| GdipGetImageWidth | 0x0 | 0x45c5f4 | 0x720ec | 0x70cec | 0x12c |
| GdipDisposeImage | 0x0 | 0x45c5f8 | 0x720f0 | 0x70cf0 | 0x98 |
| GdipLoadImageFromStreamICM | 0x0 | 0x45c5fc | 0x720f4 | 0x70cf4 | 0x1b8 |
| GdipLoadImageFromStream | 0x0 | 0x45c600 | 0x720f8 | 0x70cf8 | 0x1b7 |
IMM32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ImmReleaseContext | 0x0 | 0x45c0fc | 0x71bf4 | 0x707f4 | 0x68 |
| ImmSetCompositionWindow | 0x0 | 0x45c100 | 0x71bf8 | 0x707f8 | 0x74 |
| ImmGetContext | 0x0 | 0x45c104 | 0x71bfc | 0x707fc | 0x38 |
| ImmSetCompositionFontA | 0x0 | 0x45c108 | 0x71c00 | 0x70800 | 0x70 |
PSAPI.DLL (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| EnumPageFilesA | 0x0 | 0x45c2fc | 0x71df4 | 0x709f4 | 0x2 |
| GetProcessMemoryInfo | 0x0 | 0x45c300 | 0x71df8 | 0x709f8 | 0x15 |
COMCTL32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| _TrackMouseEvent | 0x0 | 0x45c030 | 0x71b28 | 0x70728 | 0x92 |
| (by ordinal) | 0x11 | 0x45c034 | 0x71b2c | 0x7072c | - |
WINMM.dll (10)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| timeSetEvent | 0x0 | 0x45c4f0 | 0x71fe8 | 0x70be8 | 0x96 |
| timeGetTime | 0x0 | 0x45c4f4 | 0x71fec | 0x70bec | 0x94 |
| waveOutClose | 0x0 | 0x45c4f8 | 0x71ff0 | 0x70bf0 | 0xa8 |
| waveOutRestart | 0x0 | 0x45c4fc | 0x71ff4 | 0x70bf4 | 0xb8 |
| waveOutWrite | 0x0 | 0x45c500 | 0x71ff8 | 0x70bf8 | 0xbd |
| timeBeginPeriod | 0x0 | 0x45c504 | 0x71ffc | 0x70bfc | 0x90 |
| waveOutUnprepareHeader | 0x0 | 0x45c508 | 0x72000 | 0x70c00 | 0xbc |
| waveOutOpen | 0x0 | 0x45c50c | 0x72004 | 0x70c04 | 0xb4 |
| waveOutPrepareHeader | 0x0 | 0x45c510 | 0x72008 | 0x70c08 | 0xb6 |
| waveOutReset | 0x0 | 0x45c514 | 0x7200c | 0x70c0c | 0xb7 |
WS2_32.dll (14)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __WSAFDIsSet | 0x97 | 0x45c51c | 0x72014 | 0x70c14 | - |
| select | 0x12 | 0x45c520 | 0x72018 | 0x70c18 | - |
| accept | 0x1 | 0x45c524 | 0x7201c | 0x70c1c | - |
| WSAStartup | 0x73 | 0x45c528 | 0x72020 | 0x70c20 | - |
| WSASocketA | 0x0 | 0x45c52c | 0x72024 | 0x70c24 | 0x52 |
| getsockopt | 0x7 | 0x45c530 | 0x72028 | 0x70c28 | - |
| closesocket | 0x3 | 0x45c534 | 0x7202c | 0x70c2c | - |
| listen | 0xd | 0x45c538 | 0x72030 | 0x70c30 | - |
| WSAGetLastError | 0x6f | 0x45c53c | 0x72034 | 0x70c34 | - |
| WSACleanup | 0x74 | 0x45c540 | 0x72038 | 0x70c38 | - |
| socket | 0x17 | 0x45c544 | 0x7203c | 0x70c3c | - |
| htons | 0x9 | 0x45c548 | 0x72040 | 0x70c40 | - |
| bind | 0x2 | 0x45c54c | 0x72044 | 0x70c44 | - |
| recv | 0x10 | 0x45c550 | 0x72048 | 0x70c48 | - |
SHLWAPI.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| PathMatchSpecW | 0x0 | 0x45c328 | 0x71e20 | 0x70a20 | 0x7b |
| StrRetToBufA | 0x0 | 0x45c32c | 0x71e24 | 0x70a24 | 0x13d |
UxTheme.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DrawThemeText | 0x0 | 0x45c4cc | 0x71fc4 | 0x70bc4 | 0x10 |
| GetThemeInt | 0x0 | 0x45c4d0 | 0x71fc8 | 0x70bc8 | 0x27 |
MSACM32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| acmDriverClose | 0x0 | 0x45c2c0 | 0x71db8 | 0x709b8 | 0x3 |
| acmFormatTagDetailsA | 0x0 | 0x45c2c4 | 0x71dbc | 0x709bc | 0x1d |
NETAPI32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| NetShareGetInfo | 0x0 | 0x45c2cc | 0x71dc4 | 0x709c4 | 0xf1 |
WININET.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| InternetHangUp | 0x0 | 0x45c4d8 | 0x71fd0 | 0x70bd0 | 0x94 |
| InternetGetCookieW | 0x0 | 0x45c4dc | 0x71fd4 | 0x70bd4 | 0x89 |
| InternetGoOnlineW | 0x0 | 0x45c4e0 | 0x71fd8 | 0x70bd8 | 0x93 |
| InternetGetPerSiteCookieDecisionW | 0x0 | 0x45c4e4 | 0x71fdc | 0x70bdc | 0x8d |
| InternetInitializeAutoProxyDll | 0x0 | 0x45c4e8 | 0x71fe0 | 0x70be0 | 0x95 |
USERENV.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ExpandEnvironmentStringsForUserA | 0x0 | 0x45c4c4 | 0x71fbc | 0x70bbc | 0xb |
msi.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| (by ordinal) | 0x8 | 0x45c608 | 0x72100 | 0x70d00 | - |
| (by ordinal) | 0x11 | 0x45c60c | 0x72104 | 0x70d04 | - |
| (by ordinal) | 0x40 | 0x45c610 | 0x72108 | 0x70d08 | - |
CRYPTUI.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CryptUIWizFreeDigitalSignContext | 0x0 | 0x45c03c | 0x71b34 | 0x70734 | 0x29 |
ESENT.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| JetTruncateLogInstance | 0x0 | 0x45c044 | 0x71b3c | 0x7073c | 0x149 |
Icons (1)
»
Memory Dumps (18)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|---|
| file1.exe | 1 | 0x00C30000 | 0x00CE9FFF | Relevant Image |
|
32-bit | 0x00C7FFEF |
|
|
...
|
| buffer | 1 | 0x027A0000 | 0x027B4FFF | First Execution |
|
32-bit | 0x027A0000 |
|
|
...
|
| buffer | 1 | 0x027A0000 | 0x027B4FFF | Content Changed |
|
32-bit | 0x027A2B0E |
|
|
...
|
| file1.exe | 1 | 0x00C30000 | 0x00CE9FFF | Content Changed |
|
32-bit | 0x00C42B74 |
|
|
...
|
| file1.exe | 1 | 0x00C30000 | 0x00CE9FFF | Content Changed |
|
32-bit | 0x00C35CD6 |
|
|
...
|
| file1.exe | 1 | 0x00C30000 | 0x00CE9FFF | Content Changed |
|
32-bit | 0x00C33DC9 |
|
|
...
|
| file1.exe | 1 | 0x00C30000 | 0x00CE9FFF | Content Changed |
|
32-bit | 0x00C45B36 |
|
|
...
|
| file1.exe | 1 | 0x00C30000 | 0x00CE9FFF | Content Changed |
|
32-bit | 0x00C44337 |
|
|
...
|
| file1.exe | 1 | 0x00C30000 | 0x00CE9FFF | Content Changed |
|
32-bit | 0x00C3B7AB |
|
|
...
|
| file1.exe | 1 | 0x00C30000 | 0x00CE9FFF | Content Changed |
|
32-bit | 0x00C3C4F6 |
|
|
...
|
| file1.exe | 1 | 0x00C30000 | 0x00CE9FFF | Content Changed |
|
32-bit | 0x00C40239 |
|
|
...
|
| file1.exe | 1 | 0x00C30000 | 0x00CE9FFF | Content Changed |
|
32-bit | 0x00C426DD |
|
|
...
|
| file1.exe | 1 | 0x00C30000 | 0x00CE9FFF | Content Changed |
|
32-bit | 0x00C3ADAA |
|
|
...
|
| file1.exe | 1 | 0x00C30000 | 0x00CE9FFF | Content Changed |
|
32-bit | 0x00C3DFF7 |
|
|
...
|
| file1.exe | 1 | 0x00C30000 | 0x00CE9FFF | Content Changed |
|
32-bit | 0x00C3B88A |
|
|
...
|
| file1.exe | 1 | 0x00C30000 | 0x00CE9FFF | Content Changed |
|
32-bit | 0x00C3CAC8 |
|
|
...
|
| file1.exe | 1 | 0x00C30000 | 0x00CE9FFF | Content Changed |
|
32-bit | 0x00C41A0A |
|
|
...
|
| file1.exe | 1 | 0x00C30000 | 0x00CE9FFF | Process Termination |
|
32-bit | - |
|
|
...
|
Local AV Matches (1)
»
| Threat Name | Severity |
|---|---|
| Trojan.GenericKD.33533023 |
Malicious
|
| c:\users\fd1hvy\appdata\local\microsoft\windows\inetcache\counters2.dat | Modified File | Stream |
Unknown
|
...
|
»
| Mime Type | application/octet-stream |
| File Size | 128 Bytes |
| MD5 |
f3344e084c76cf0e0a3ad5bacde88678
|
| SHA1 |
7609c6b4fe4da79d21ddea0cbc56b9e0ce5822a7
|
| SHA256 |
67a2c36c1223e17b98b6114a85c345a63696aabb2d8225e7c3423762f7109ed7
|
| SSDeep |
3:iu/B:i
|
| ImpHash | - |
