Malicious
Classifications
Injector Spyware
Threat Names
Trojan.Agent.FNJS Generic.Exploit.Shellcode.RDI.1.83306058 Gen:Variant.Cerbu.64651
Dynamic Analysis Report
Created on 2021-09-27T18:00:00
c3b12369d950f2420697e8b05b80a29a0cea58fd7d858d7a622611291d3496f5.exe
Windows Exe (x86-32)
Remarks (2/2)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "5 hours, 35 minutes, 35 seconds" to "28 seconds" to reveal dormant functionality.
(0x02000010): The operating system was rebooted during the analysis.
Remarks
(0x0200004A): One dump of 782 MB was skipped because it exceeded the maximum dump size of 7 MB.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\RDhJ0CNFevzX\Desktop\c3b12369d950f2420697e8b05b80a29a0cea58fd7d858d7a622611291d3496f5.exe | Sample File | Binary |
malicious
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 516.06 KB |
| MD5 |
7bb8f00948d80dc7a3936c4c1fa2b276
|
| SHA1 |
e60d2828c4a5716d1d96ba1a141e239a2df374f8
|
| SHA256 |
c3b12369d950f2420697e8b05b80a29a0cea58fd7d858d7a622611291d3496f5
|
| SSDeep |
12288:cbVMh0tRyr3W3SfniM+uwkMx8nXoTT0WJZmo:WMh0tRy73lY8X2xJZmo
|
| ImpHash |
675872e23dfc0f62ffbc2f69c316f4bc
|
AV Matches (1)
»
| Threat Name | Verdict |
|---|---|
| Trojan.Agent.FNJS |
malicious
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x4057bd |
| Size Of Code | 0x26000 |
| Size Of Initialized Data | 0x5a000 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2021-07-06 21:26:21+00:00 |
Version Information (9)
»
| CompanyName | - |
| FileDescription | HistogramTest MFC Application |
| FileVersion | 1, 0, 0, 1 |
| InternalName | HistogramTest |
| LegalCopyright | Copyright (C) 1998 |
| LegalTrademarks | - |
| OriginalFilename | HistogramTest.EXE |
| ProductName | HistogramTest Application |
| ProductVersion | 1, 0, 0, 1 |
Sections (4)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x253a6 | 0x26000 | 0x1000 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.48 |
| .rdata | 0x427000 | 0x79ee | 0x8000 | 0x27000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.82 |
| .data | 0x42f000 | 0x50e8 | 0x2000 | 0x2f000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.6 |
| .rsrc | 0x435000 | 0x4f6e8 | 0x50000 | 0x31000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.24 |
Imports (8)
»
KERNEL32.dll (141)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetFileTime | - | 0x42715c | 0x2ca70 | 0x2ca70 | 0x114 |
| LocalFileTimeToFileTime | - | 0x427160 | 0x2ca74 | 0x2ca74 | 0x1ca |
| SystemTimeToFileTime | - | 0x427164 | 0x2ca78 | 0x2ca78 | 0x29b |
| SetFileTime | - | 0x427168 | 0x2ca7c | 0x2ca7c | 0x26c |
| SetFileAttributesA | - | 0x42716c | 0x2ca80 | 0x2ca80 | 0x268 |
| RtlUnwind | - | 0x427170 | 0x2ca84 | 0x2ca84 | 0x22f |
| HeapAlloc | - | 0x427174 | 0x2ca88 | 0x2ca88 | 0x199 |
| GetStartupInfoA | - | 0x427178 | 0x2ca8c | 0x2ca8c | 0x150 |
| GetCommandLineA | - | 0x42717c | 0x2ca90 | 0x2ca90 | 0xca |
| RaiseException | - | 0x427180 | 0x2ca94 | 0x2ca94 | 0x20b |
| HeapFree | - | 0x427184 | 0x2ca98 | 0x2ca98 | 0x19f |
| TerminateProcess | - | 0x427188 | 0x2ca9c | 0x2ca9c | 0x29e |
| CreateThread | - | 0x42718c | 0x2caa0 | 0x2caa0 | 0x4a |
| ExitThread | - | 0x427190 | 0x2caa4 | 0x2caa4 | 0x7e |
| GetTimeZoneInformation | - | 0x427194 | 0x2caa8 | 0x2caa8 | 0x170 |
| GetSystemTime | - | 0x427198 | 0x2caac | 0x2caac | 0x15d |
| GetLocalTime | - | 0x42719c | 0x2cab0 | 0x2cab0 | 0x11b |
| GetACP | - | 0x4271a0 | 0x2cab4 | 0x2cab4 | 0xb9 |
| HeapSize | - | 0x4271a4 | 0x2cab8 | 0x2cab8 | 0x1a3 |
| HeapReAlloc | - | 0x4271a8 | 0x2cabc | 0x2cabc | 0x1a2 |
| FatalAppExitA | - | 0x4271ac | 0x2cac0 | 0x2cac0 | 0x85 |
| Sleep | - | 0x4271b0 | 0x2cac4 | 0x2cac4 | 0x296 |
| HeapDestroy | - | 0x4271b4 | 0x2cac8 | 0x2cac8 | 0x19d |
| HeapCreate | - | 0x4271b8 | 0x2cacc | 0x2cacc | 0x19b |
| VirtualFree | - | 0x4271bc | 0x2cad0 | 0x2cad0 | 0x2bf |
| VirtualAlloc | - | 0x4271c0 | 0x2cad4 | 0x2cad4 | 0x2bb |
| IsBadWritePtr | - | 0x4271c4 | 0x2cad8 | 0x2cad8 | 0x1b8 |
| GetFileSize | - | 0x4271c8 | 0x2cadc | 0x2cadc | 0x112 |
| FreeEnvironmentStringsA | - | 0x4271cc | 0x2cae0 | 0x2cae0 | 0xb2 |
| FreeEnvironmentStringsW | - | 0x4271d0 | 0x2cae4 | 0x2cae4 | 0xb3 |
| GetEnvironmentStrings | - | 0x4271d4 | 0x2cae8 | 0x2cae8 | 0x106 |
| GetEnvironmentStringsW | - | 0x4271d8 | 0x2caec | 0x2caec | 0x108 |
| SetHandleCount | - | 0x4271dc | 0x2caf0 | 0x2caf0 | 0x26d |
| GetStdHandle | - | 0x4271e0 | 0x2caf4 | 0x2caf4 | 0x152 |
| GetFileType | - | 0x4271e4 | 0x2caf8 | 0x2caf8 | 0x115 |
| SetUnhandledExceptionFilter | - | 0x4271e8 | 0x2cafc | 0x2cafc | 0x28b |
| LCMapStringA | - | 0x4271ec | 0x2cb00 | 0x2cb00 | 0x1bf |
| LCMapStringW | - | 0x4271f0 | 0x2cb04 | 0x2cb04 | 0x1c0 |
| GetStringTypeA | - | 0x4271f4 | 0x2cb08 | 0x2cb08 | 0x153 |
| GetStringTypeW | - | 0x4271f8 | 0x2cb0c | 0x2cb0c | 0x156 |
| IsBadReadPtr | - | 0x4271fc | 0x2cb10 | 0x2cb10 | 0x1b5 |
| IsBadCodePtr | - | 0x427200 | 0x2cb14 | 0x2cb14 | 0x1b2 |
| IsValidLocale | - | 0x427204 | 0x2cb18 | 0x2cb18 | 0x1be |
| IsValidCodePage | - | 0x427208 | 0x2cb1c | 0x2cb1c | 0x1bd |
| GetLocaleInfoA | - | 0x42720c | 0x2cb20 | 0x2cb20 | 0x11c |
| EnumSystemLocalesA | - | 0x427210 | 0x2cb24 | 0x2cb24 | 0x77 |
| GetUserDefaultLCID | - | 0x427214 | 0x2cb28 | 0x2cb28 | 0x171 |
| GetVersionExA | - | 0x427218 | 0x2cb2c | 0x2cb2c | 0x175 |
| SetConsoleCtrlHandler | - | 0x42721c | 0x2cb30 | 0x2cb30 | 0x241 |
| GetLocaleInfoW | - | 0x427220 | 0x2cb34 | 0x2cb34 | 0x11d |
| CompareStringA | - | 0x427224 | 0x2cb38 | 0x2cb38 | 0x21 |
| CompareStringW | - | 0x427228 | 0x2cb3c | 0x2cb3c | 0x22 |
| SetEnvironmentVariableA | - | 0x42722c | 0x2cb40 | 0x2cb40 | 0x262 |
| GetFileAttributesA | - | 0x427230 | 0x2cb44 | 0x2cb44 | 0x10d |
| GetShortPathNameA | - | 0x427234 | 0x2cb48 | 0x2cb48 | 0x14e |
| GetProfileStringA | - | 0x427238 | 0x2cb4c | 0x2cb4c | 0x14b |
| GetThreadLocale | - | 0x42723c | 0x2cb50 | 0x2cb50 | 0x168 |
| GetStringTypeExA | - | 0x427240 | 0x2cb54 | 0x2cb54 | 0x154 |
| GetFullPathNameA | - | 0x427244 | 0x2cb58 | 0x2cb58 | 0x116 |
| GetVolumeInformationA | - | 0x427248 | 0x2cb5c | 0x2cb5c | 0x177 |
| FindFirstFileA | - | 0x42724c | 0x2cb60 | 0x2cb60 | 0x94 |
| FindClose | - | 0x427250 | 0x2cb64 | 0x2cb64 | 0x90 |
| DeleteFileA | - | 0x427254 | 0x2cb68 | 0x2cb68 | 0x57 |
| MoveFileA | - | 0x427258 | 0x2cb6c | 0x2cb6c | 0x1dd |
| SetEndOfFile | - | 0x42725c | 0x2cb70 | 0x2cb70 | 0x261 |
| UnlockFile | - | 0x427260 | 0x2cb74 | 0x2cb74 | 0x2ae |
| LockFile | - | 0x427264 | 0x2cb78 | 0x2cb78 | 0x1d3 |
| FlushFileBuffers | - | 0x427268 | 0x2cb7c | 0x2cb7c | 0xaa |
| SetFilePointer | - | 0x42726c | 0x2cb80 | 0x2cb80 | 0x26a |
| WriteFile | - | 0x427270 | 0x2cb84 | 0x2cb84 | 0x2df |
| ReadFile | - | 0x427274 | 0x2cb88 | 0x2cb88 | 0x218 |
| CreateFileA | - | 0x427278 | 0x2cb8c | 0x2cb8c | 0x34 |
| GetCurrentProcess | - | 0x42727c | 0x2cb90 | 0x2cb90 | 0xf7 |
| DuplicateHandle | - | 0x427280 | 0x2cb94 | 0x2cb94 | 0x63 |
| SetErrorMode | - | 0x427284 | 0x2cb98 | 0x2cb98 | 0x264 |
| SizeofResource | - | 0x427288 | 0x2cb9c | 0x2cb9c | 0x295 |
| GetCurrentDirectoryA | - | 0x42728c | 0x2cba0 | 0x2cba0 | 0xf5 |
| WritePrivateProfileStringA | - | 0x427290 | 0x2cba4 | 0x2cba4 | 0x2e5 |
| GetPrivateProfileStringA | - | 0x427294 | 0x2cba8 | 0x2cba8 | 0x13a |
| GetPrivateProfileIntA | - | 0x427298 | 0x2cbac | 0x2cbac | 0x134 |
| GetOEMCP | - | 0x42729c | 0x2cbb0 | 0x2cbb0 | 0x131 |
| GetCPInfo | - | 0x4272a0 | 0x2cbb4 | 0x2cbb4 | 0xbf |
| GetProcessVersion | - | 0x4272a4 | 0x2cbb8 | 0x2cbb8 | 0x145 |
| GlobalFlags | - | 0x4272a8 | 0x2cbbc | 0x2cbbc | 0x187 |
| TlsGetValue | - | 0x4272ac | 0x2cbc0 | 0x2cbc0 | 0x2a4 |
| LocalReAlloc | - | 0x4272b0 | 0x2cbc4 | 0x2cbc4 | 0x1cf |
| TlsSetValue | - | 0x4272b4 | 0x2cbc8 | 0x2cbc8 | 0x2a5 |
| EnterCriticalSection | - | 0x4272b8 | 0x2cbcc | 0x2cbcc | 0x66 |
| GlobalReAlloc | - | 0x4272bc | 0x2cbd0 | 0x2cbd0 | 0x18f |
| LeaveCriticalSection | - | 0x4272c0 | 0x2cbd4 | 0x2cbd4 | 0x1c1 |
| TlsFree | - | 0x4272c4 | 0x2cbd8 | 0x2cbd8 | 0x2a3 |
| GlobalHandle | - | 0x4272c8 | 0x2cbdc | 0x2cbdc | 0x18b |
| DeleteCriticalSection | - | 0x4272cc | 0x2cbe0 | 0x2cbe0 | 0x55 |
| TlsAlloc | - | 0x4272d0 | 0x2cbe4 | 0x2cbe4 | 0x2a2 |
| InitializeCriticalSection | - | 0x4272d4 | 0x2cbe8 | 0x2cbe8 | 0x1aa |
| LocalFree | - | 0x4272d8 | 0x2cbec | 0x2cbec | 0x1cc |
| LocalAlloc | - | 0x4272dc | 0x2cbf0 | 0x2cbf0 | 0x1c8 |
| lstrcpynA | - | 0x4272e0 | 0x2cbf4 | 0x2cbf4 | 0x305 |
| GetLastError | - | 0x4272e4 | 0x2cbf8 | 0x2cbf8 | 0x11a |
| FileTimeToLocalFileTime | - | 0x4272e8 | 0x2cbfc | 0x2cbfc | 0x89 |
| FileTimeToSystemTime | - | 0x4272ec | 0x2cc00 | 0x2cc00 | 0x8a |
| GlobalFree | - | 0x4272f0 | 0x2cc04 | 0x2cc04 | 0x188 |
| CreateEventA | - | 0x4272f4 | 0x2cc08 | 0x2cc08 | 0x31 |
| SuspendThread | - | 0x4272f8 | 0x2cc0c | 0x2cc0c | 0x298 |
| SetThreadPriority | - | 0x4272fc | 0x2cc10 | 0x2cc10 | 0x287 |
| ResumeThread | - | 0x427300 | 0x2cc14 | 0x2cc14 | 0x22c |
| SetEvent | - | 0x427304 | 0x2cc18 | 0x2cc18 | 0x265 |
| WaitForSingleObject | - | 0x427308 | 0x2cc1c | 0x2cc1c | 0x2ce |
| CloseHandle | - | 0x42730c | 0x2cc20 | 0x2cc20 | 0x1b |
| GetModuleFileNameA | - | 0x427310 | 0x2cc24 | 0x2cc24 | 0x124 |
| GlobalAlloc | - | 0x427314 | 0x2cc28 | 0x2cc28 | 0x181 |
| lstrcmpA | - | 0x427318 | 0x2cc2c | 0x2cc2c | 0x2fc |
| GetCurrentThread | - | 0x42731c | 0x2cc30 | 0x2cc30 | 0xf9 |
| ExitProcess | - | 0x427320 | 0x2cc34 | 0x2cc34 | 0x7d |
| MultiByteToWideChar | - | 0x427324 | 0x2cc38 | 0x2cc38 | 0x1e4 |
| WideCharToMultiByte | - | 0x427328 | 0x2cc3c | 0x2cc3c | 0x2d2 |
| lstrlenA | - | 0x42732c | 0x2cc40 | 0x2cc40 | 0x308 |
| InterlockedDecrement | - | 0x427330 | 0x2cc44 | 0x2cc44 | 0x1ad |
| InterlockedIncrement | - | 0x427334 | 0x2cc48 | 0x2cc48 | 0x1b0 |
| GlobalLock | - | 0x427338 | 0x2cc4c | 0x2cc4c | 0x18c |
| GlobalUnlock | - | 0x42733c | 0x2cc50 | 0x2cc50 | 0x193 |
| MulDiv | - | 0x427340 | 0x2cc54 | 0x2cc54 | 0x1e3 |
| SetLastError | - | 0x427344 | 0x2cc58 | 0x2cc58 | 0x271 |
| LoadLibraryA | - | 0x427348 | 0x2cc5c | 0x2cc5c | 0x1c2 |
| FreeLibrary | - | 0x42734c | 0x2cc60 | 0x2cc60 | 0xb4 |
| FindResourceA | - | 0x427350 | 0x2cc64 | 0x2cc64 | 0xa3 |
| LoadResource | - | 0x427354 | 0x2cc68 | 0x2cc68 | 0x1c7 |
| LockResource | - | 0x427358 | 0x2cc6c | 0x2cc6c | 0x1d5 |
| GetVersion | - | 0x42735c | 0x2cc70 | 0x2cc70 | 0x174 |
| lstrcatA | - | 0x427360 | 0x2cc74 | 0x2cc74 | 0x2f9 |
| GetCurrentThreadId | - | 0x427364 | 0x2cc78 | 0x2cc78 | 0xfa |
| GlobalGetAtomNameA | - | 0x427368 | 0x2cc7c | 0x2cc7c | 0x189 |
| lstrcmpiA | - | 0x42736c | 0x2cc80 | 0x2cc80 | 0x2ff |
| GlobalAddAtomA | - | 0x427370 | 0x2cc84 | 0x2cc84 | 0x17f |
| GlobalFindAtomA | - | 0x427374 | 0x2cc88 | 0x2cc88 | 0x184 |
| GlobalDeleteAtom | - | 0x427378 | 0x2cc8c | 0x2cc8c | 0x183 |
| lstrcpyA | - | 0x42737c | 0x2cc90 | 0x2cc90 | 0x302 |
| GetModuleHandleA | - | 0x427380 | 0x2cc94 | 0x2cc94 | 0x126 |
| GetProcAddress | - | 0x427384 | 0x2cc98 | 0x2cc98 | 0x13e |
| LoadLibraryW | - | 0x427388 | 0x2cc9c | 0x2cc9c | 0x1c5 |
| UnhandledExceptionFilter | - | 0x42738c | 0x2cca0 | 0x2cca0 | 0x2ad |
USER32.dll (162)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ScrollWindowEx | - | 0x4273a8 | 0x2ccbc | 0x2ccbc | 0x20e |
| IsDialogMessageA | - | 0x4273ac | 0x2ccc0 | 0x2ccc0 | 0x188 |
| SetWindowTextA | - | 0x4273b0 | 0x2ccc4 | 0x2ccc4 | 0x25e |
| MoveWindow | - | 0x4273b4 | 0x2ccc8 | 0x2ccc8 | 0x1c9 |
| ShowWindow | - | 0x4273b8 | 0x2cccc | 0x2cccc | 0x26a |
| IsWindowEnabled | - | 0x4273bc | 0x2ccd0 | 0x2ccd0 | 0x190 |
| GetNextDlgTabItem | - | 0x4273c0 | 0x2ccd4 | 0x2ccd4 | 0x133 |
| EnableMenuItem | - | 0x4273c4 | 0x2ccd8 | 0x2ccd8 | 0xb5 |
| CheckMenuItem | - | 0x4273c8 | 0x2ccdc | 0x2ccdc | 0x34 |
| SetMenuItemBitmaps | - | 0x4273cc | 0x2cce0 | 0x2cce0 | 0x239 |
| ModifyMenuA | - | 0x4273d0 | 0x2cce4 | 0x2cce4 | 0x1c4 |
| GetMenuState | - | 0x4273d4 | 0x2cce8 | 0x2cce8 | 0x127 |
| LoadBitmapA | - | 0x4273d8 | 0x2ccec | 0x2ccec | 0x198 |
| GetMenuCheckMarkDimensions | - | 0x4273dc | 0x2ccf0 | 0x2ccf0 | 0x11e |
| ClientToScreen | - | 0x4273e0 | 0x2ccf4 | 0x2ccf4 | 0x3a |
| GetDC | - | 0x4273e4 | 0x2ccf8 | 0x2ccf8 | 0xfd |
| ReleaseDC | - | 0x4273e8 | 0x2ccfc | 0x2ccfc | 0x203 |
| GetWindowDC | - | 0x4273ec | 0x2cd00 | 0x2cd00 | 0x154 |
| BeginPaint | - | 0x4273f0 | 0x2cd04 | 0x2cd04 | 0xc |
| EndPaint | - | 0x4273f4 | 0x2cd08 | 0x2cd08 | 0xbb |
| TabbedTextOutA | - | 0x4273f8 | 0x2cd0c | 0x2cd0c | 0x273 |
| DrawTextA | - | 0x4273fc | 0x2cd10 | 0x2cd10 | 0xaf |
| GrayStringA | - | 0x427400 | 0x2cd14 | 0x2cd14 | 0x164 |
| CharToOemA | - | 0x427404 | 0x2cd18 | 0x2cd18 | 0x2b |
| OemToCharA | - | 0x427408 | 0x2cd1c | 0x2cd1c | 0x1ce |
| PostQuitMessage | - | 0x42740c | 0x2cd20 | 0x2cd20 | 0x1e0 |
| ShowOwnedPopups | - | 0x427410 | 0x2cd24 | 0x2cd24 | 0x267 |
| SetCursor | - | 0x427414 | 0x2cd28 | 0x2cd28 | 0x226 |
| GetCursorPos | - | 0x427418 | 0x2cd2c | 0x2cd2c | 0xfc |
| ValidateRect | - | 0x42741c | 0x2cd30 | 0x2cd30 | 0x29a |
| GetActiveWindow | - | 0x427420 | 0x2cd34 | 0x2cd34 | 0xdd |
| TranslateMessage | - | 0x427424 | 0x2cd38 | 0x2cd38 | 0x282 |
| GetMessageA | - | 0x427428 | 0x2cd3c | 0x2cd3c | 0x12a |
| CreateDialogIndirectParamA | - | 0x42742c | 0x2cd40 | 0x2cd40 | 0x4c |
| EndDialog | - | 0x427430 | 0x2cd44 | 0x2cd44 | 0xb9 |
| LoadStringA | - | 0x427434 | 0x2cd48 | 0x2cd48 | 0x1ab |
| DestroyMenu | - | 0x427438 | 0x2cd4c | 0x2cd4c | 0x8d |
| GetClassNameA | - | 0x42743c | 0x2cd50 | 0x2cd50 | 0xed |
| PtInRect | - | 0x427440 | 0x2cd54 | 0x2cd54 | 0x1ea |
| GetDesktopWindow | - | 0x427444 | 0x2cd58 | 0x2cd58 | 0xff |
| LoadCursorA | - | 0x427448 | 0x2cd5c | 0x2cd5c | 0x19a |
| GetSysColorBrush | - | 0x42744c | 0x2cd60 | 0x2cd60 | 0x144 |
| SetCapture | - | 0x427450 | 0x2cd64 | 0x2cd64 | 0x21d |
| ReleaseCapture | - | 0x427454 | 0x2cd68 | 0x2cd68 | 0x202 |
| WaitMessage | - | 0x427458 | 0x2cd6c | 0x2cd6c | 0x2a5 |
| GetWindowThreadProcessId | - | 0x42745c | 0x2cd70 | 0x2cd70 | 0x162 |
| WindowFromPoint | - | 0x427460 | 0x2cd74 | 0x2cd74 | 0x2a9 |
| InsertMenuA | - | 0x427464 | 0x2cd78 | 0x2cd78 | 0x174 |
| DeleteMenu | - | 0x427468 | 0x2cd7c | 0x2cd7c | 0x87 |
| GetMenuStringA | - | 0x42746c | 0x2cd80 | 0x2cd80 | 0x128 |
| GetDialogBaseUnits | - | 0x427470 | 0x2cd84 | 0x2cd84 | 0x100 |
| SetRectEmpty | - | 0x427474 | 0x2cd88 | 0x2cd88 | 0x245 |
| LoadAcceleratorsA | - | 0x427478 | 0x2cd8c | 0x2cd8c | 0x196 |
| TranslateAcceleratorA | - | 0x42747c | 0x2cd90 | 0x2cd90 | 0x27f |
| LoadMenuA | - | 0x427480 | 0x2cd94 | 0x2cd94 | 0x1a6 |
| SetMenu | - | 0x427484 | 0x2cd98 | 0x2cd98 | 0x235 |
| ReuseDDElParam | - | 0x427488 | 0x2cd9c | 0x2cd9c | 0x209 |
| UnpackDDElParam | - | 0x42748c | 0x2cda0 | 0x2cda0 | 0x28a |
| BringWindowToTop | - | 0x427490 | 0x2cda4 | 0x2cda4 | 0xe |
| CharUpperA | - | 0x427494 | 0x2cda8 | 0x2cda8 | 0x2f |
| CheckRadioButton | - | 0x427498 | 0x2cdac | 0x2cdac | 0x36 |
| CheckDlgButton | - | 0x42749c | 0x2cdb0 | 0x2cdb0 | 0x33 |
| PostMessageA | - | 0x4274a0 | 0x2cdb4 | 0x2cdb4 | 0x1de |
| UpdateWindow | - | 0x4274a4 | 0x2cdb8 | 0x2cdb8 | 0x291 |
| SendDlgItemMessageA | - | 0x4274a8 | 0x2cdbc | 0x2cdbc | 0x20f |
| MapWindowPoints | - | 0x4274ac | 0x2cdc0 | 0x2cdc0 | 0x1b9 |
| GetSysColor | - | 0x4274b0 | 0x2cdc4 | 0x2cdc4 | 0x143 |
| PeekMessageA | - | 0x4274b4 | 0x2cdc8 | 0x2cdc8 | 0x1dc |
| DispatchMessageA | - | 0x4274b8 | 0x2cdcc | 0x2cdcc | 0x95 |
| GetFocus | - | 0x4274bc | 0x2cdd0 | 0x2cdd0 | 0x107 |
| SetActiveWindow | - | 0x4274c0 | 0x2cdd4 | 0x2cdd4 | 0x21c |
| IsWindow | - | 0x4274c4 | 0x2cdd8 | 0x2cdd8 | 0x18f |
| SetFocus | - | 0x4274c8 | 0x2cddc | 0x2cddc | 0x22f |
| IsDlgButtonChecked | - | 0x4274cc | 0x2cde0 | 0x2cde0 | 0x18a |
| ScreenToClient | - | 0x4274d0 | 0x2cde4 | 0x2cde4 | 0x20a |
| EqualRect | - | 0x4274d4 | 0x2cde8 | 0x2cde8 | 0xd1 |
| DeferWindowPos | - | 0x4274d8 | 0x2cdec | 0x2cdec | 0x86 |
| BeginDeferWindowPos | - | 0x4274dc | 0x2cdf0 | 0x2cdf0 | 0xb |
| CopyRect | - | 0x4274e0 | 0x2cdf4 | 0x2cdf4 | 0x44 |
| EndDeferWindowPos | - | 0x4274e4 | 0x2cdf8 | 0x2cdf8 | 0xb8 |
| IsWindowVisible | - | 0x4274e8 | 0x2cdfc | 0x2cdfc | 0x192 |
| ScrollWindow | - | 0x4274ec | 0x2ce00 | 0x2ce00 | 0x20d |
| GetScrollInfo | - | 0x4274f0 | 0x2ce04 | 0x2ce04 | 0x13e |
| SetScrollInfo | - | 0x4274f4 | 0x2ce08 | 0x2ce08 | 0x246 |
| ShowScrollBar | - | 0x4274f8 | 0x2ce0c | 0x2ce0c | 0x268 |
| GetScrollRange | - | 0x4274fc | 0x2ce10 | 0x2ce10 | 0x140 |
| SetScrollRange | - | 0x427500 | 0x2ce14 | 0x2ce14 | 0x248 |
| SetScrollPos | - | 0x427504 | 0x2ce18 | 0x2ce18 | 0x247 |
| GetTopWindow | - | 0x427508 | 0x2ce1c | 0x2ce1c | 0x14c |
| MessageBoxA | - | 0x42750c | 0x2ce20 | 0x2ce20 | 0x1be |
| IsChild | - | 0x427510 | 0x2ce24 | 0x2ce24 | 0x185 |
| GetParent | - | 0x427514 | 0x2ce28 | 0x2ce28 | 0x135 |
| GetCapture | - | 0x427518 | 0x2ce2c | 0x2ce2c | 0xe4 |
| WinHelpA | - | 0x42751c | 0x2ce30 | 0x2ce30 | 0x2a6 |
| wsprintfA | - | 0x427520 | 0x2ce34 | 0x2ce34 | 0x2ac |
| GetClassInfoA | - | 0x427524 | 0x2ce38 | 0x2ce38 | 0xe7 |
| RegisterClassA | - | 0x427528 | 0x2ce3c | 0x2ce3c | 0x1f2 |
| GetMenu | - | 0x42752c | 0x2ce40 | 0x2ce40 | 0x11c |
| GetMenuItemCount | - | 0x427530 | 0x2ce44 | 0x2ce44 | 0x122 |
| GetSubMenu | - | 0x427534 | 0x2ce48 | 0x2ce48 | 0x142 |
| GetMenuItemID | - | 0x427538 | 0x2ce4c | 0x2ce4c | 0x123 |
| TrackPopupMenu | - | 0x42753c | 0x2ce50 | 0x2ce50 | 0x27c |
| SetWindowPlacement | - | 0x427540 | 0x2ce54 | 0x2ce54 | 0x25a |
| GetDlgItem | - | 0x427544 | 0x2ce58 | 0x2ce58 | 0x102 |
| GetWindowTextLengthA | - | 0x427548 | 0x2ce5c | 0x2ce5c | 0x15f |
| GetWindowTextA | - | 0x42754c | 0x2ce60 | 0x2ce60 | 0x15e |
| GetDlgCtrlID | - | 0x427550 | 0x2ce64 | 0x2ce64 | 0x101 |
| GetKeyState | - | 0x427554 | 0x2ce68 | 0x2ce68 | 0x112 |
| DefWindowProcA | - | 0x427558 | 0x2ce6c | 0x2ce6c | 0x84 |
| DestroyWindow | - | 0x42755c | 0x2ce70 | 0x2ce70 | 0x8e |
| CreateWindowExA | - | 0x427560 | 0x2ce74 | 0x2ce74 | 0x59 |
| SetWindowsHookExA | - | 0x427564 | 0x2ce78 | 0x2ce78 | 0x262 |
| CallNextHookEx | - | 0x427568 | 0x2ce7c | 0x2ce7c | 0x15 |
| GetClassLongA | - | 0x42756c | 0x2ce80 | 0x2ce80 | 0xeb |
| SetPropA | - | 0x427570 | 0x2ce84 | 0x2ce84 | 0x242 |
| UnhookWindowsHookEx | - | 0x427574 | 0x2ce88 | 0x2ce88 | 0x286 |
| GetPropA | - | 0x427578 | 0x2ce8c | 0x2ce8c | 0x13a |
| CallWindowProcA | - | 0x42757c | 0x2ce90 | 0x2ce90 | 0x16 |
| RemovePropA | - | 0x427580 | 0x2ce94 | 0x2ce94 | 0x205 |
| GetMessageTime | - | 0x427584 | 0x2ce98 | 0x2ce98 | 0x12d |
| GetMessagePos | - | 0x427588 | 0x2ce9c | 0x2ce9c | 0x12c |
| GetLastActivePopup | - | 0x42758c | 0x2cea0 | 0x2cea0 | 0x119 |
| GetForegroundWindow | - | 0x427590 | 0x2cea4 | 0x2cea4 | 0x108 |
| SetForegroundWindow | - | 0x427594 | 0x2cea8 | 0x2cea8 | 0x230 |
| GetWindow | - | 0x427598 | 0x2ceac | 0x2ceac | 0x152 |
| GetWindowLongA | - | 0x42759c | 0x2ceb0 | 0x2ceb0 | 0x156 |
| SetWindowLongA | - | 0x4275a0 | 0x2ceb4 | 0x2ceb4 | 0x258 |
| SetWindowPos | - | 0x4275a4 | 0x2ceb8 | 0x2ceb8 | 0x25b |
| RegisterWindowMessageA | - | 0x4275a8 | 0x2cebc | 0x2cebc | 0x200 |
| OffsetRect | - | 0x4275ac | 0x2cec0 | 0x2cec0 | 0x1d2 |
| IntersectRect | - | 0x4275b0 | 0x2cec4 | 0x2cec4 | 0x179 |
| SystemParametersInfoA | - | 0x4275b4 | 0x2cec8 | 0x2cec8 | 0x271 |
| GetWindowPlacement | - | 0x4275b8 | 0x2cecc | 0x2cecc | 0x15b |
| EnableWindow | - | 0x4275bc | 0x2ced0 | 0x2ced0 | 0xb7 |
| FillRect | - | 0x4275c0 | 0x2ced4 | 0x2ced4 | 0xd4 |
| UnregisterClassA | - | 0x4275c4 | 0x2ced8 | 0x2ced8 | 0x28b |
| HideCaret | - | 0x4275c8 | 0x2cedc | 0x2cedc | 0x166 |
| ShowCaret | - | 0x4275cc | 0x2cee0 | 0x2cee0 | 0x265 |
| ExcludeUpdateRgn | - | 0x4275d0 | 0x2cee4 | 0x2cee4 | 0xd2 |
| KillTimer | - | 0x4275d4 | 0x2cee8 | 0x2cee8 | 0x195 |
| SetTimer | - | 0x4275d8 | 0x2ceec | 0x2ceec | 0x252 |
| IsIconic | - | 0x4275dc | 0x2cef0 | 0x2cef0 | 0x18c |
| DrawIcon | - | 0x4275e0 | 0x2cef4 | 0x2cef4 | 0xa9 |
| GetSystemMetrics | - | 0x4275e4 | 0x2cef8 | 0x2cef8 | 0x146 |
| SendMessageA | - | 0x4275e8 | 0x2cefc | 0x2cefc | 0x214 |
| GetWindowRect | - | 0x4275ec | 0x2cf00 | 0x2cf00 | 0x15c |
| GetSystemMenu | - | 0x4275f0 | 0x2cf04 | 0x2cf04 | 0x145 |
| AppendMenuA | - | 0x4275f4 | 0x2cf08 | 0x2cf08 | 0x7 |
| SetDlgItemTextA | - | 0x4275f8 | 0x2cf0c | 0x2cf0c | 0x22c |
| SetDlgItemInt | - | 0x4275fc | 0x2cf10 | 0x2cf10 | 0x22b |
| GetDlgItemTextA | - | 0x427600 | 0x2cf14 | 0x2cf14 | 0x104 |
| AdjustWindowRectEx | - | 0x427604 | 0x2cf18 | 0x2cf18 | 0x2 |
| GetDlgItemInt | - | 0x427608 | 0x2cf1c | 0x2cf1c | 0x103 |
| LoadIconA | - | 0x42760c | 0x2cf20 | 0x2cf20 | 0x19e |
| InvalidateRect | - | 0x427610 | 0x2cf24 | 0x2cf24 | 0x17a |
| GetClientRect | - | 0x427614 | 0x2cf28 | 0x2cf28 | 0xf0 |
| IsWindowUnicode | - | 0x427618 | 0x2cf2c | 0x2cf2c | 0x191 |
| CharNextA | - | 0x42761c | 0x2cf30 | 0x2cf30 | 0x25 |
| InflateRect | - | 0x427620 | 0x2cf34 | 0x2cf34 | 0x171 |
| DefDlgProcA | - | 0x427624 | 0x2cf38 | 0x2cf38 | 0x7e |
| DrawFocusRect | - | 0x427628 | 0x2cf3c | 0x2cf3c | 0xa6 |
| GetScrollPos | - | 0x42762c | 0x2cf40 | 0x2cf40 | 0x13f |
GDI32.dll (75)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| StartDocA | - | 0x42702c | 0x2c940 | 0x2c940 | 0x1fc |
| SaveDC | - | 0x427030 | 0x2c944 | 0x2c944 | 0x1c0 |
| RestoreDC | - | 0x427034 | 0x2c948 | 0x2c948 | 0x1b9 |
| GetStockObject | - | 0x427038 | 0x2c94c | 0x2c94c | 0x15f |
| SelectPalette | - | 0x42703c | 0x2c950 | 0x2c950 | 0x1c8 |
| SetBkMode | - | 0x427040 | 0x2c954 | 0x2c954 | 0x1ce |
| SetPolyFillMode | - | 0x427044 | 0x2c958 | 0x2c958 | 0x1eb |
| SetROP2 | - | 0x427048 | 0x2c95c | 0x2c95c | 0x1ec |
| SetStretchBltMode | - | 0x42704c | 0x2c960 | 0x2c960 | 0x1ef |
| SetMapMode | - | 0x427050 | 0x2c964 | 0x2c964 | 0x1e2 |
| SetViewportOrgEx | - | 0x427054 | 0x2c968 | 0x2c968 | 0x1f6 |
| OffsetViewportOrgEx | - | 0x427058 | 0x2c96c | 0x2c96c | 0x18c |
| SetViewportExtEx | - | 0x42705c | 0x2c970 | 0x2c970 | 0x1f5 |
| ScaleViewportExtEx | - | 0x427060 | 0x2c974 | 0x2c974 | 0x1c1 |
| SetWindowOrgEx | - | 0x427064 | 0x2c978 | 0x2c978 | 0x1fa |
| OffsetWindowOrgEx | - | 0x427068 | 0x2c97c | 0x2c97c | 0x18d |
| SetWindowExtEx | - | 0x42706c | 0x2c980 | 0x2c980 | 0x1f9 |
| ScaleWindowExtEx | - | 0x427070 | 0x2c984 | 0x2c984 | 0x1c2 |
| SelectClipRgn | - | 0x427074 | 0x2c988 | 0x2c988 | 0x1c5 |
| ExcludeClipRect | - | 0x427078 | 0x2c98c | 0x2c98c | 0x98 |
| IntersectClipRect | - | 0x42707c | 0x2c990 | 0x2c990 | 0x180 |
| OffsetClipRgn | - | 0x427080 | 0x2c994 | 0x2c994 | 0x18a |
| MoveToEx | - | 0x427084 | 0x2c998 | 0x2c998 | 0x188 |
| LineTo | - | 0x427088 | 0x2c99c | 0x2c99c | 0x184 |
| SetTextAlign | - | 0x42708c | 0x2c9a0 | 0x2c9a0 | 0x1f1 |
| SetTextJustification | - | 0x427090 | 0x2c9a4 | 0x2c9a4 | 0x1f4 |
| SetTextCharacterExtra | - | 0x427094 | 0x2c9a8 | 0x2c9a8 | 0x1f2 |
| SetMapperFlags | - | 0x427098 | 0x2c9ac | 0x2c9ac | 0x1e3 |
| GetCurrentPositionEx | - | 0x42709c | 0x2c9b0 | 0x2c9b0 | 0x11f |
| ArcTo | - | 0x4270a0 | 0x2c9b4 | 0x2c9b4 | 0xb |
| DeleteDC | - | 0x4270a4 | 0x2c9b8 | 0x2c9b8 | 0x50 |
| PolyDraw | - | 0x4270a8 | 0x2c9bc | 0x2c9bc | 0x19e |
| PolylineTo | - | 0x4270ac | 0x2c9c0 | 0x2c9c0 | 0x1a6 |
| SetColorAdjustment | - | 0x4270b0 | 0x2c9c4 | 0x2c9c4 | 0x1d1 |
| PolyBezierTo | - | 0x4270b4 | 0x2c9c8 | 0x2c9c8 | 0x19d |
| DeleteObject | - | 0x4270b8 | 0x2c9cc | 0x2c9cc | 0x53 |
| GetClipRgn | - | 0x4270bc | 0x2c9d0 | 0x2c9d0 | 0x11b |
| CreateRectRgn | - | 0x4270c0 | 0x2c9d4 | 0x2c9d4 | 0x48 |
| SelectClipPath | - | 0x4270c4 | 0x2c9d8 | 0x2c9d8 | 0x1c4 |
| ExtSelectClipRgn | - | 0x4270c8 | 0x2c9dc | 0x2c9dc | 0x9d |
| PlayMetaFileRecord | - | 0x4270cc | 0x2c9e0 | 0x2c9e0 | 0x19a |
| GetObjectType | - | 0x4270d0 | 0x2c9e4 | 0x2c9e4 | 0x150 |
| EnumMetaFile | - | 0x4270d4 | 0x2c9e8 | 0x2c9e8 | 0x92 |
| PlayMetaFile | - | 0x4270d8 | 0x2c9ec | 0x2c9ec | 0x199 |
| GetDeviceCaps | - | 0x4270dc | 0x2c9f0 | 0x2c9f0 | 0x125 |
| GetViewportExtEx | - | 0x4270e0 | 0x2c9f4 | 0x2c9f4 | 0x178 |
| GetWindowExtEx | - | 0x4270e4 | 0x2c9f8 | 0x2c9f8 | 0x17b |
| CreatePen | - | 0x4270e8 | 0x2c9fc | 0x2c9fc | 0x44 |
| ExtCreatePen | - | 0x4270ec | 0x2ca00 | 0x2ca00 | 0x99 |
| CreateSolidBrush | - | 0x4270f0 | 0x2ca04 | 0x2ca04 | 0x4d |
| CreateHatchBrush | - | 0x4270f4 | 0x2ca08 | 0x2ca08 | 0x3d |
| CreatePatternBrush | - | 0x4270f8 | 0x2ca0c | 0x2ca0c | 0x43 |
| CreateDIBPatternBrushPt | - | 0x4270fc | 0x2ca10 | 0x2ca10 | 0x2e |
| PtVisible | - | 0x427100 | 0x2ca14 | 0x2ca14 | 0x1aa |
| RectVisible | - | 0x427104 | 0x2ca18 | 0x2ca18 | 0x1ae |
| TextOutA | - | 0x427108 | 0x2ca1c | 0x2ca1c | 0x205 |
| ExtTextOutA | - | 0x42710c | 0x2ca20 | 0x2ca20 | 0x9e |
| Escape | - | 0x427110 | 0x2ca24 | 0x2ca24 | 0x95 |
| GetTextExtentPoint32A | - | 0x427114 | 0x2ca28 | 0x2ca28 | 0x16e |
| GetTextMetricsA | - | 0x427118 | 0x2ca2c | 0x2ca2c | 0x175 |
| CreateFontIndirectA | - | 0x42711c | 0x2ca30 | 0x2ca30 | 0x37 |
| CreateBitmap | - | 0x427120 | 0x2ca34 | 0x2ca34 | 0x24 |
| GetObjectA | - | 0x427124 | 0x2ca38 | 0x2ca38 | 0x14f |
| SetBkColor | - | 0x427128 | 0x2ca3c | 0x2ca3c | 0x1cd |
| SetTextColor | - | 0x42712c | 0x2ca40 | 0x2ca40 | 0x1f3 |
| GetClipBox | - | 0x427130 | 0x2ca44 | 0x2ca44 | 0x11a |
| GetDCOrgEx | - | 0x427134 | 0x2ca48 | 0x2ca48 | 0x121 |
| BitBlt | - | 0x427138 | 0x2ca4c | 0x2ca4c | 0x11 |
| SelectObject | - | 0x42713c | 0x2ca50 | 0x2ca50 | 0x1c7 |
| CreateCompatibleDC | - | 0x427140 | 0x2ca54 | 0x2ca54 | 0x2a |
| SetArcDirection | - | 0x427144 | 0x2ca58 | 0x2ca58 | 0x1ca |
| CreateDIBitmap | - | 0x427148 | 0x2ca5c | 0x2ca5c | 0x30 |
| PatBlt | - | 0x42714c | 0x2ca60 | 0x2ca60 | 0x194 |
| GetTextExtentPointA | - | 0x427150 | 0x2ca64 | 0x2ca64 | 0x170 |
| CreateCompatibleBitmap | - | 0x427154 | 0x2ca68 | 0x2ca68 | 0x29 |
comdlg32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetFileTitleA | - | 0x427644 | 0x2cf58 | 0x2cf58 | 0x7 |
WINSPOOL.DRV (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DocumentPropertiesA | - | 0x427634 | 0x2cf48 | 0x2cf48 | 0x47 |
| ClosePrinter | - | 0x427638 | 0x2cf4c | 0x2cf4c | 0x1c |
| OpenPrinterA | - | 0x42763c | 0x2cf50 | 0x2cf50 | 0x7c |
ADVAPI32.dll (8)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegSetValueExA | - | 0x427000 | 0x2c914 | 0x2c914 | 0x186 |
| RegOpenKeyA | - | 0x427004 | 0x2c918 | 0x2c918 | 0x171 |
| RegDeleteKeyA | - | 0x427008 | 0x2c91c | 0x2c91c | 0x162 |
| RegDeleteValueA | - | 0x42700c | 0x2c920 | 0x2c920 | 0x164 |
| RegCloseKey | - | 0x427010 | 0x2c924 | 0x2c924 | 0x15b |
| RegQueryValueExA | - | 0x427014 | 0x2c928 | 0x2c928 | 0x17b |
| RegOpenKeyExA | - | 0x427018 | 0x2c92c | 0x2c92c | 0x172 |
| RegCreateKeyExA | - | 0x42701c | 0x2c930 | 0x2c930 | 0x15f |
SHELL32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DragQueryFileA | - | 0x427394 | 0x2cca8 | 0x2cca8 | 0x14 |
| DragFinish | - | 0x427398 | 0x2ccac | 0x2ccac | 0x12 |
| DragAcceptFiles | - | 0x42739c | 0x2ccb0 | 0x2ccb0 | 0x11 |
| SHGetFileInfoA | - | 0x4273a0 | 0x2ccb4 | 0x2ccb4 | 0x48 |
COMCTL32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| (by ordinal) | 0x11 | 0x427024 | 0x2c938 | 0x2c938 | - |
Memory Dumps (33)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|---|
| c3b12369d950f2420697e8b05b80a29a0cea58fd7d858d7a622611291d3496f5.exe | 1 | 0x00400000 | 0x00484FFF | Relevant Image |
|
32-bit | 0x00409A4A |
|
|
...
|
| buffer | 1 | 0x02040000 | 0x0207BFFF | First Execution |
|
32-bit | 0x02040000 |
|
|
...
|
| buffer | 1 | 0x021F0000 | 0x0222EFFF | First Execution |
|
32-bit | 0x021F2720 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | First Execution |
|
32-bit | 0x02361000 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | Content Changed |
|
32-bit | 0x02362C90 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | Content Changed |
|
32-bit | 0x02366090 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | Content Changed |
|
32-bit | 0x023800E0 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | Content Changed |
|
32-bit | 0x02381B30 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | Content Changed |
|
32-bit | 0x0237E8C0 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | Content Changed |
|
32-bit | 0x02382030 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | Content Changed |
|
32-bit | 0x02399BC0 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | Content Changed |
|
32-bit | 0x0237F1B0 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | Content Changed |
|
32-bit | 0x02365E40 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | Content Changed |
|
32-bit | 0x02364000 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | Content Changed |
|
32-bit | 0x0237FF37 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | Content Changed |
|
32-bit | 0x02366090 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | Content Changed |
|
32-bit | 0x02381DD0 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | Content Changed |
|
32-bit | 0x02365819 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | Content Changed |
|
32-bit | 0x0237E4E0 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | Content Changed |
|
32-bit | 0x02399BE0 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | Content Changed |
|
32-bit | 0x0236110A |
|
|
...
|
| buffer | 1 | 0x02020000 | 0x02020FFF | First Execution |
|
32-bit | 0x02020000 |
|
|
...
|
| buffer | 1 | 0x10000000 | 0x10002FFF | First Execution |
|
32-bit | 0x10001000 |
|
|
...
|
| buffer | 1 | 0x10000000 | 0x10002FFF | Content Changed |
|
32-bit | 0x10002000 |
|
|
...
|
| buffer | 1 | 0x10000000 | 0x10002FFF | Content Changed |
|
32-bit | 0x10001BB9 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | Content Changed |
|
32-bit | 0x02365B00 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | Content Changed |
|
32-bit | 0x02366090 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | Content Changed |
|
32-bit | 0x0237E4E0 |
|
|
...
|
| buffer | 1 | 0x02360000 | 0x0239AFFF | Content Changed |
|
32-bit | 0x02399BE0 |
|
|
...
|
| buffer | 1 | 0x006E0000 | 0x006E3FFF | Image In Buffer |
|
32-bit | - |
|
|
...
|
| buffer | 1 | 0x006F0000 | 0x006F0FFF | Marked Executable |
|
32-bit | - |
|
|
...
|
| buffer | 1 | 0x023A0000 | 0x023CBFFF | Marked Executable |
|
32-bit | - |
|
|
...
|
| c3b12369d950f2420697e8b05b80a29a0cea58fd7d858d7a622611291d3496f5.exe | 1 | 0x00400000 | 0x00484FFF | Process Termination |
|
32-bit | - |
|
|
...
|
| c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat | Modified File | Stream |
clean
|
...
|
»
| MIME Type | application/octet-stream |
| File Size | 128 Bytes |
| MD5 |
cc90851958032b8c8bbb7b24ec6271dd
|
| SHA1 |
e027ad2ea4049374a3b01af2e3626b667dc816bc
|
| SHA256 |
c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858
|
| SSDeep |
3:Fl:
|
| ImpHash | - |
