VTI SCORE: 100/100
Dynamic Analysis Report |
Classification: |
Spyware
|
Threat Names: |
Gen:Variant.Razy.680355
|
hpketi.exe
Windows Exe (x86-32)
Created at 2020-06-16T12:40:00
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
Filename | Category | Type | Severity | Actions |
---|
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x488c65 |
Size Of Code | 0x8d200 |
Size Of Initialized Data | 0x18800 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2020-06-02 15:41:24+00:00 |
Sections (4)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x401000 | 0x8d17f | 0x8d200 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.23 |
.rdata | 0x48f000 | 0xd27a | 0xd400 | 0x8d600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.22 |
.data | 0x49d000 | 0x20f0 | 0x600 | 0x9aa00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.34 |
.reloc | 0x4a0000 | 0x9164 | 0x9200 | 0x9b000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.8 |
Imports (19)
»
KERNEL32.dll (87)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetCurrentProcess | 0x0 | 0x48f00c | 0x9ac80 | 0x99280 | 0x217 |
WriteFile | 0x0 | 0x48f010 | 0x9ac84 | 0x99284 | 0x612 |
LeaveCriticalSection | 0x0 | 0x48f014 | 0x9ac88 | 0x99288 | 0x3bd |
SetFilePointer | 0x0 | 0x48f018 | 0x9ac8c | 0x9928c | 0x522 |
InitializeCriticalSectionEx | 0x0 | 0x48f01c | 0x9ac90 | 0x99290 | 0x360 |
CreateMutexA | 0x0 | 0x48f020 | 0x9ac94 | 0x99294 | 0xd7 |
UnmapViewOfFile | 0x0 | 0x48f024 | 0x9ac98 | 0x99298 | 0x5b0 |
HeapSize | 0x0 | 0x48f028 | 0x9ac9c | 0x9929c | 0x34e |
MultiByteToWideChar | 0x0 | 0x48f02c | 0x9aca0 | 0x992a0 | 0x3ef |
Sleep | 0x0 | 0x48f030 | 0x9aca4 | 0x992a4 | 0x57d |
GetFileInformationByHandle | 0x0 | 0x48f034 | 0x9aca8 | 0x992a8 | 0x247 |
GetLastError | 0x0 | 0x48f038 | 0x9acac | 0x992ac | 0x261 |
CreateFileA | 0x0 | 0x48f03c | 0x9acb0 | 0x992b0 | 0xc3 |
FileTimeToSystemTime | 0x0 | 0x48f040 | 0x9acb4 | 0x992b4 | 0x16a |
LoadLibraryA | 0x0 | 0x48f044 | 0x9acb8 | 0x992b8 | 0x3c1 |
LockResource | 0x0 | 0x48f048 | 0x9acbc | 0x992bc | 0x3db |
HeapReAlloc | 0x0 | 0x48f04c | 0x9acc0 | 0x992c0 | 0x34c |
CloseHandle | 0x0 | 0x48f050 | 0x9acc4 | 0x992c4 | 0x86 |
RaiseException | 0x0 | 0x48f054 | 0x9acc8 | 0x992c8 | 0x462 |
GetSystemInfo | 0x0 | 0x48f058 | 0x9accc | 0x992cc | 0x2e3 |
FindResourceExW | 0x0 | 0x48f05c | 0x9acd0 | 0x992d0 | 0x195 |
LoadResource | 0x0 | 0x48f060 | 0x9acd4 | 0x992d4 | 0x3c7 |
FindResourceW | 0x0 | 0x48f064 | 0x9acd8 | 0x992d8 | 0x196 |
HeapAlloc | 0x0 | 0x48f068 | 0x9acdc | 0x992dc | 0x345 |
GetLocalTime | 0x0 | 0x48f06c | 0x9ace0 | 0x992e0 | 0x262 |
HeapDestroy | 0x0 | 0x48f070 | 0x9ace4 | 0x992e4 | 0x348 |
GetProcAddress | 0x0 | 0x48f074 | 0x9ace8 | 0x992e8 | 0x2ae |
CreateFileMappingA | 0x0 | 0x48f078 | 0x9acec | 0x992ec | 0xc4 |
GetFileSize | 0x0 | 0x48f07c | 0x9acf0 | 0x992f0 | 0x24b |
DeleteCriticalSection | 0x0 | 0x48f080 | 0x9acf4 | 0x992f4 | 0x110 |
GetProcessHeap | 0x0 | 0x48f084 | 0x9acf8 | 0x992f8 | 0x2b4 |
SystemTimeToFileTime | 0x0 | 0x48f088 | 0x9acfc | 0x992fc | 0x588 |
FreeLibrary | 0x0 | 0x48f08c | 0x9ad00 | 0x99300 | 0x1ab |
WideCharToMultiByte | 0x0 | 0x48f090 | 0x9ad04 | 0x99304 | 0x5fe |
EnterCriticalSection | 0x0 | 0x48f094 | 0x9ad08 | 0x99308 | 0x131 |
GetTickCount | 0x0 | 0x48f098 | 0x9ad0c | 0x9930c | 0x307 |
IsWow64Process | 0x0 | 0x48f09c | 0x9ad10 | 0x99310 | 0x391 |
AreFileApisANSI | 0x0 | 0x48f0a0 | 0x9ad14 | 0x99314 | 0x23 |
GetFullPathNameW | 0x0 | 0x48f0a4 | 0x9ad18 | 0x99318 | 0x259 |
LockFile | 0x0 | 0x48f0a8 | 0x9ad1c | 0x9931c | 0x3d9 |
InitializeCriticalSection | 0x0 | 0x48f0ac | 0x9ad20 | 0x99320 | 0x35e |
GetFullPathNameA | 0x0 | 0x48f0b0 | 0x9ad24 | 0x99324 | 0x256 |
SetEndOfFile | 0x0 | 0x48f0b4 | 0x9ad28 | 0x99328 | 0x510 |
GetTempPathW | 0x0 | 0x48f0b8 | 0x9ad2c | 0x9932c | 0x2f6 |
CreateFileW | 0x0 | 0x48f0bc | 0x9ad30 | 0x99330 | 0xcb |
GetFileAttributesW | 0x0 | 0x48f0c0 | 0x9ad34 | 0x99334 | 0x245 |
GetCurrentThreadId | 0x0 | 0x48f0c4 | 0x9ad38 | 0x99338 | 0x21c |
GetTempPathA | 0x0 | 0x48f0c8 | 0x9ad3c | 0x9933c | 0x2f5 |
GetFileAttributesA | 0x0 | 0x48f0cc | 0x9ad40 | 0x99340 | 0x240 |
GetVersionExA | 0x0 | 0x48f0d0 | 0x9ad44 | 0x99344 | 0x31a |
DeleteFileA | 0x0 | 0x48f0d4 | 0x9ad48 | 0x99348 | 0x112 |
DeleteFileW | 0x0 | 0x48f0d8 | 0x9ad4c | 0x9934c | 0x115 |
LoadLibraryW | 0x0 | 0x48f0dc | 0x9ad50 | 0x99350 | 0x3c4 |
UnlockFile | 0x0 | 0x48f0e0 | 0x9ad54 | 0x99354 | 0x5ae |
LockFileEx | 0x0 | 0x48f0e4 | 0x9ad58 | 0x99358 | 0x3da |
GetCurrentProcessId | 0x0 | 0x48f0e8 | 0x9ad5c | 0x9935c | 0x218 |
GetSystemTimeAsFileTime | 0x0 | 0x48f0ec | 0x9ad60 | 0x99360 | 0x2e9 |
GetSystemTime | 0x0 | 0x48f0f0 | 0x9ad64 | 0x99364 | 0x2e7 |
FormatMessageA | 0x0 | 0x48f0f4 | 0x9ad68 | 0x99368 | 0x1a6 |
QueryPerformanceCounter | 0x0 | 0x48f0f8 | 0x9ad6c | 0x9936c | 0x44d |
FlushFileBuffers | 0x0 | 0x48f0fc | 0x9ad70 | 0x99370 | 0x19f |
GetCurrentDirectoryW | 0x0 | 0x48f100 | 0x9ad74 | 0x99374 | 0x211 |
CreateDirectoryW | 0x0 | 0x48f104 | 0x9ad78 | 0x99378 | 0xba |
FindClose | 0x0 | 0x48f108 | 0x9ad7c | 0x9937c | 0x175 |
FindFirstFileExW | 0x0 | 0x48f10c | 0x9ad80 | 0x99380 | 0x17b |
FindNextFileW | 0x0 | 0x48f110 | 0x9ad84 | 0x99384 | 0x18c |
GetFileAttributesExW | 0x0 | 0x48f114 | 0x9ad88 | 0x99388 | 0x242 |
RemoveDirectoryW | 0x0 | 0x48f118 | 0x9ad8c | 0x9938c | 0x4b9 |
HeapFree | 0x0 | 0x48f11c | 0x9ad90 | 0x99390 | 0x349 |
SizeofResource | 0x0 | 0x48f120 | 0x9ad94 | 0x99394 | 0x57c |
MapViewOfFile | 0x0 | 0x48f124 | 0x9ad98 | 0x99398 | 0x3de |
ReadFile | 0x0 | 0x48f128 | 0x9ad9c | 0x9939c | 0x473 |
SetLastError | 0x0 | 0x48f12c | 0x9ada0 | 0x993a0 | 0x532 |
GetModuleHandleW | 0x0 | 0x48f130 | 0x9ada4 | 0x993a4 | 0x278 |
CopyFileW | 0x0 | 0x48f134 | 0x9ada8 | 0x993a8 | 0xad |
IsDebuggerPresent | 0x0 | 0x48f138 | 0x9adac | 0x993ac | 0x37f |
OutputDebugStringW | 0x0 | 0x48f13c | 0x9adb0 | 0x993b0 | 0x419 |
InitializeCriticalSectionAndSpinCount | 0x0 | 0x48f140 | 0x9adb4 | 0x993b4 | 0x35f |
SetEvent | 0x0 | 0x48f144 | 0x9adb8 | 0x993b8 | 0x516 |
ResetEvent | 0x0 | 0x48f148 | 0x9adbc | 0x993bc | 0x4c6 |
WaitForSingleObjectEx | 0x0 | 0x48f14c | 0x9adc0 | 0x993c0 | 0x5d8 |
CreateEventW | 0x0 | 0x48f150 | 0x9adc4 | 0x993c4 | 0xbf |
UnhandledExceptionFilter | 0x0 | 0x48f154 | 0x9adc8 | 0x993c8 | 0x5ad |
SetUnhandledExceptionFilter | 0x0 | 0x48f158 | 0x9adcc | 0x993cc | 0x56d |
IsProcessorFeaturePresent | 0x0 | 0x48f15c | 0x9add0 | 0x993d0 | 0x386 |
InitializeSListHead | 0x0 | 0x48f160 | 0x9add4 | 0x993d4 | 0x363 |
TerminateProcess | 0x0 | 0x48f164 | 0x9add8 | 0x993d8 | 0x58c |
USER32.dll (6)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetDC | 0x0 | 0x48f1d0 | 0x9ae44 | 0x99444 | 0x140 |
GetDesktopWindow | 0x0 | 0x48f1d4 | 0x9ae48 | 0x99448 | 0x143 |
FindWindowA | 0x0 | 0x48f1d8 | 0x9ae4c | 0x9944c | 0x111 |
GetSystemMetrics | 0x0 | 0x48f1dc | 0x9ae50 | 0x99450 | 0x1c4 |
ShowWindow | 0x0 | 0x48f1e0 | 0x9ae54 | 0x99454 | 0x380 |
ReleaseDC | 0x0 | 0x48f1e4 | 0x9ae58 | 0x99458 | 0x2f5 |
GDI32.dll (2)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
DeleteObject | 0x0 | 0x48f000 | 0x9ac74 | 0x99274 | 0x17f |
GetObjectA | 0x0 | 0x48f004 | 0x9ac78 | 0x99278 | 0x2a6 |
MSVCP140.dll (21)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z | 0x0 | 0x48f16c | 0x9ade0 | 0x993e0 | 0xb1 |
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z | 0x0 | 0x48f170 | 0x9ade4 | 0x993e4 | 0x1b8 |
?narrow@?$ctype@_W@std@@QBEPB_WPB_W0DPAD@Z | 0x0 | 0x48f174 | 0x9ade8 | 0x993e8 | 0x42c |
??Bid@locale@std@@QAEIXZ | 0x0 | 0x48f178 | 0x9adec | 0x993ec | 0x131 |
?_Getname@_Locinfo@std@@QBEPBDXZ | 0x0 | 0x48f17c | 0x9adf0 | 0x993f0 | 0x1de |
??1_Locinfo@std@@QAE@XZ | 0x0 | 0x48f180 | 0x9adf4 | 0x993f4 | 0xa4 |
??0_Locinfo@std@@QAE@HPBD@Z | 0x0 | 0x48f184 | 0x9adf8 | 0x993f8 | 0x6b |
??1_Lockit@std@@QAE@XZ | 0x0 | 0x48f188 | 0x9adfc | 0x993fc | 0xa5 |
??0_Lockit@std@@QAE@H@Z | 0x0 | 0x48f18c | 0x9ae00 | 0x99400 | 0x6d |
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z | 0x0 | 0x48f190 | 0x9ae04 | 0x99404 | 0x1a6 |
?_Xruntime_error@std@@YAXPBD@Z | 0x0 | 0x48f194 | 0x9ae08 | 0x99408 | 0x292 |
?_Syserror_map@std@@YAPBDH@Z | 0x0 | 0x48f198 | 0x9ae0c | 0x9940c | 0x273 |
?_Xlength_error@std@@YAXPBD@Z | 0x0 | 0x48f19c | 0x9ae10 | 0x99410 | 0x28e |
?_Winerror_map@std@@YAHH@Z | 0x0 | 0x48f1a0 | 0x9ae14 | 0x99414 | 0x285 |
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z | 0x0 | 0x48f1a4 | 0x9ae18 | 0x99418 | 0x23a |
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z | 0x0 | 0x48f1a8 | 0x9ae1c | 0x9941c | 0x243 |
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ | 0x0 | 0x48f1ac | 0x9ae20 | 0x99420 | 0x1d5 |
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z | 0x0 | 0x48f1b0 | 0x9ae24 | 0x99424 | 0x20f |
?_Winerror_message@std@@YAKKPADK@Z | 0x0 | 0x48f1b4 | 0x9ae28 | 0x99428 | 0x286 |
?id@?$ctype@_W@std@@2V0locale@2@A | 0x0 | 0x48f1b8 | 0x9ae2c | 0x9942c | 0x3d1 |
?_Xout_of_range@std@@YAXPBD@Z | 0x0 | 0x48f1bc | 0x9ae30 | 0x99430 | 0x28f |
SHLWAPI.dll (2)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
PathFindExtensionW | 0x0 | 0x48f1c4 | 0x9ae38 | 0x99438 | 0x4b |
PathFindExtensionA | 0x0 | 0x48f1c8 | 0x9ae3c | 0x9943c | 0x4a |
gdiplus.dll (11)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GdiplusStartup | 0x0 | 0x48f380 | 0x9aff4 | 0x995f4 | 0x275 |
GdipCreateBitmapFromHBITMAP | 0x0 | 0x48f384 | 0x9aff8 | 0x995f8 | 0x4d |
GdipGetImageEncoders | 0x0 | 0x48f388 | 0x9affc | 0x995fc | 0x11e |
GdipCloneImage | 0x0 | 0x48f38c | 0x9b000 | 0x99600 | 0x36 |
GdipAlloc | 0x0 | 0x48f390 | 0x9b004 | 0x99604 | 0x21 |
GdiplusShutdown | 0x0 | 0x48f394 | 0x9b008 | 0x99608 | 0x274 |
GdipDisposeImage | 0x0 | 0x48f398 | 0x9b00c | 0x9960c | 0x98 |
GdipFree | 0x0 | 0x48f39c | 0x9b010 | 0x99610 | 0xed |
GdipGetImageEncodersSize | 0x0 | 0x48f3a0 | 0x9b014 | 0x99614 | 0x11f |
GdipCreateBitmapFromScan0 | 0x0 | 0x48f3a4 | 0x9b018 | 0x99618 | 0x50 |
GdipSaveImageToFile | 0x0 | 0x48f3a8 | 0x9b01c | 0x9961c | 0x1f0 |
WININET.dll (9)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
HttpEndRequestA | 0x0 | 0x48f228 | 0x9ae9c | 0x9949c | 0x71 |
HttpSendRequestExA | 0x0 | 0x48f22c | 0x9aea0 | 0x994a0 | 0x80 |
InternetCloseHandle | 0x0 | 0x48f230 | 0x9aea4 | 0x994a4 | 0x95 |
InternetConnectA | 0x0 | 0x48f234 | 0x9aea8 | 0x994a8 | 0x9b |
InternetWriteFile | 0x0 | 0x48f238 | 0x9aeac | 0x994ac | 0xef |
InternetOpenA | 0x0 | 0x48f23c | 0x9aeb0 | 0x994b0 | 0xc6 |
HttpOpenRequestA | 0x0 | 0x48f240 | 0x9aeb4 | 0x994b4 | 0x78 |
InternetReadFile | 0x0 | 0x48f244 | 0x9aeb8 | 0x994b8 | 0xce |
HttpSendRequestA | 0x0 | 0x48f248 | 0x9aebc | 0x994bc | 0x7f |
VCRUNTIME140.dll (14)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CxxThrowException | 0x0 | 0x48f1ec | 0x9ae60 | 0x99460 | 0x1 |
__CxxFrameHandler3 | 0x0 | 0x48f1f0 | 0x9ae64 | 0x99464 | 0x10 |
__std_exception_destroy | 0x0 | 0x48f1f4 | 0x9ae68 | 0x99468 | 0x22 |
memmove | 0x0 | 0x48f1f8 | 0x9ae6c | 0x9946c | 0x47 |
__current_exception | 0x0 | 0x48f1fc | 0x9ae70 | 0x99470 | 0x1c |
memcpy | 0x0 | 0x48f200 | 0x9ae74 | 0x99474 | 0x46 |
__std_exception_copy | 0x0 | 0x48f204 | 0x9ae78 | 0x99478 | 0x21 |
memcmp | 0x0 | 0x48f208 | 0x9ae7c | 0x9947c | 0x45 |
__current_exception_context | 0x0 | 0x48f20c | 0x9ae80 | 0x99480 | 0x1d |
_except_handler3 | 0x0 | 0x48f210 | 0x9ae84 | 0x99484 | 0x34 |
memchr | 0x0 | 0x48f214 | 0x9ae88 | 0x99488 | 0x44 |
_except_handler4_common | 0x0 | 0x48f218 | 0x9ae8c | 0x9948c | 0x35 |
__std_terminate | 0x0 | 0x48f21c | 0x9ae90 | 0x99490 | 0x23 |
memset | 0x0 | 0x48f220 | 0x9ae94 | 0x99494 | 0x48 |
api-ms-win-crt-runtime-l1-1-0.dll (23)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_configure_narrow_argv | 0x0 | 0x48f29c | 0x9af10 | 0x99510 | 0x19 |
_initialize_narrow_environment | 0x0 | 0x48f2a0 | 0x9af14 | 0x99514 | 0x35 |
_invalid_parameter_noinfo_noreturn | 0x0 | 0x48f2a4 | 0x9af18 | 0x99518 | 0x3b |
_register_onexit_function | 0x0 | 0x48f2a8 | 0x9af1c | 0x9951c | 0x3e |
_crt_atexit | 0x0 | 0x48f2ac | 0x9af20 | 0x99520 | 0x1f |
_cexit | 0x0 | 0x48f2b0 | 0x9af24 | 0x99524 | 0x17 |
_seh_filter_exe | 0x0 | 0x48f2b4 | 0x9af28 | 0x99528 | 0x42 |
_errno | 0x0 | 0x48f2b8 | 0x9af2c | 0x9952c | 0x23 |
terminate | 0x0 | 0x48f2bc | 0x9af30 | 0x99530 | 0x6a |
_get_initial_narrow_environment | 0x0 | 0x48f2c0 | 0x9af34 | 0x99534 | 0x2a |
_initterm | 0x0 | 0x48f2c4 | 0x9af38 | 0x99538 | 0x38 |
_initterm_e | 0x0 | 0x48f2c8 | 0x9af3c | 0x9953c | 0x39 |
_exit | 0x0 | 0x48f2cc | 0x9af40 | 0x99540 | 0x25 |
_invalid_parameter_noinfo | 0x0 | 0x48f2d0 | 0x9af44 | 0x99544 | 0x3a |
__p___argc | 0x0 | 0x48f2d4 | 0x9af48 | 0x99548 | 0x5 |
__p___argv | 0x0 | 0x48f2d8 | 0x9af4c | 0x9954c | 0x6 |
_c_exit | 0x0 | 0x48f2dc | 0x9af50 | 0x99550 | 0x16 |
_register_thread_local_exe_atexit_callback | 0x0 | 0x48f2e0 | 0x9af54 | 0x99554 | 0x3f |
exit | 0x0 | 0x48f2e4 | 0x9af58 | 0x99558 | 0x58 |
_resetstkoflw | 0x0 | 0x48f2e8 | 0x9af5c | 0x9955c | 0x40 |
_set_app_type | 0x0 | 0x48f2ec | 0x9af60 | 0x99560 | 0x44 |
_controlfp_s | 0x0 | 0x48f2f0 | 0x9af64 | 0x99564 | 0x1d |
_initialize_onexit_table | 0x0 | 0x48f2f4 | 0x9af68 | 0x99568 | 0x36 |
api-ms-win-crt-time-l1-1-0.dll (4)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
clock | 0x0 | 0x48f35c | 0x9afd0 | 0x995d0 | 0x45 |
asctime | 0x0 | 0x48f360 | 0x9afd4 | 0x995d4 | 0x43 |
_time64 | 0x0 | 0x48f364 | 0x9afd8 | 0x995d8 | 0x30 |
_localtime64 | 0x0 | 0x48f368 | 0x9afdc | 0x995dc | 0x23 |
api-ms-win-crt-string-l1-1-0.dll (14)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
wcscspn | 0x0 | 0x48f320 | 0x9af94 | 0x99594 | 0xa2 |
strlen | 0x0 | 0x48f324 | 0x9af98 | 0x99598 | 0x8b |
isspace | 0x0 | 0x48f328 | 0x9af9c | 0x9959c | 0x6e |
isalnum | 0x0 | 0x48f32c | 0x9afa0 | 0x995a0 | 0x64 |
isdigit | 0x0 | 0x48f330 | 0x9afa4 | 0x995a4 | 0x68 |
wcsspn | 0x0 | 0x48f334 | 0x9afa8 | 0x995a8 | 0xab |
strcmp | 0x0 | 0x48f338 | 0x9afac | 0x995ac | 0x86 |
wcslen | 0x0 | 0x48f33c | 0x9afb0 | 0x995b0 | 0xa3 |
strcat | 0x0 | 0x48f340 | 0x9afb4 | 0x995b4 | 0x84 |
tolower | 0x0 | 0x48f344 | 0x9afb8 | 0x995b8 | 0x97 |
isxdigit | 0x0 | 0x48f348 | 0x9afbc | 0x995bc | 0x7e |
_wcsicmp | 0x0 | 0x48f34c | 0x9afc0 | 0x995c0 | 0x4a |
wmemcpy_s | 0x0 | 0x48f350 | 0x9afc4 | 0x995c4 | 0xb0 |
strcpy | 0x0 | 0x48f354 | 0x9afc8 | 0x995c8 | 0x88 |
api-ms-win-crt-heap-l1-1-0.dll (7)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_recalloc | 0x0 | 0x48f260 | 0x9aed4 | 0x994d4 | 0x15 |
free | 0x0 | 0x48f264 | 0x9aed8 | 0x994d8 | 0x18 |
_set_new_mode | 0x0 | 0x48f268 | 0x9aedc | 0x994dc | 0x16 |
calloc | 0x0 | 0x48f26c | 0x9aee0 | 0x994e0 | 0x17 |
realloc | 0x0 | 0x48f270 | 0x9aee4 | 0x994e4 | 0x1a |
_callnewh | 0x0 | 0x48f274 | 0x9aee8 | 0x994e8 | 0x8 |
malloc | 0x0 | 0x48f278 | 0x9aeec | 0x994ec | 0x19 |
api-ms-win-crt-utility-l1-1-0.dll (3)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
srand | 0x0 | 0x48f370 | 0x9afe4 | 0x995e4 | 0x1d |
rand | 0x0 | 0x48f374 | 0x9afe8 | 0x995e8 | 0x1b |
labs | 0x0 | 0x48f378 | 0x9afec | 0x995ec | 0x15 |
api-ms-win-crt-stdio-l1-1-0.dll (8)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
fopen | 0x0 | 0x48f2fc | 0x9af70 | 0x99570 | 0x7d |
__stdio_common_vsprintf | 0x0 | 0x48f300 | 0x9af74 | 0x99574 | 0xd |
feof | 0x0 | 0x48f304 | 0x9af78 | 0x99578 | 0x75 |
fclose | 0x0 | 0x48f308 | 0x9af7c | 0x9957c | 0x74 |
__p__commode | 0x0 | 0x48f30c | 0x9af80 | 0x99580 | 0x1 |
_set_fmode | 0x0 | 0x48f310 | 0x9af84 | 0x99584 | 0x54 |
fread | 0x0 | 0x48f314 | 0x9af88 | 0x99588 | 0x83 |
fwrite | 0x0 | 0x48f318 | 0x9af8c | 0x9958c | 0x8a |
api-ms-win-crt-multibyte-l1-1-0.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_mbsicmp | 0x0 | 0x48f294 | 0x9af08 | 0x99508 | 0x6b |
api-ms-win-crt-environment-l1-1-0.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
getenv | 0x0 | 0x48f258 | 0x9aecc | 0x994cc | 0x10 |
api-ms-win-crt-convert-l1-1-0.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
atoi | 0x0 | 0x48f250 | 0x9aec4 | 0x994c4 | 0x50 |
api-ms-win-crt-locale-l1-1-0.dll (2)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_configthreadlocale | 0x0 | 0x48f280 | 0x9aef4 | 0x994f4 | 0x8 |
___lc_codepage_func | 0x0 | 0x48f284 | 0x9aef8 | 0x994f8 | 0x0 |
api-ms-win-crt-math-l1-1-0.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
__setusermatherr | 0x0 | 0x48f28c | 0x9af00 | 0x99500 | 0x2e |
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
Issued by | Microsoft Corporation |
Parent Certificate | Microsoft Code Signing PCA 2011 |
Country Name | US |
Valid From | 2020-03-04 18:39:47+00:00 |
Valid Until | 2021-03-03 18:39:47+00:00 |
Algorithm | sha256_rsa |
Serial Number | 33 00 00 01 87 72 17 72 15 59 40 C7 09 00 00 00 00 01 87 |
Thumbprint | 24 85 A7 AF A9 8E 17 8C B8 F3 0C 98 38 34 6B 51 4A EA 47 69 |
Certificate: Microsoft Code Signing PCA 2011
»
Issued by | Microsoft Code Signing PCA 2011 |
Country Name | US |
Valid From | 2011-07-08 20:59:09+00:00 |
Valid Until | 2026-07-08 21:09:09+00:00 |
Algorithm | sha256_rsa |
Serial Number | 61 0E 90 D2 00 00 00 00 00 03 |
Thumbprint | F2 52 E7 94 FE 43 8E 35 AC E6 E5 37 62 C0 A2 34 A2 C5 21 35 |
Memory Dumps (2)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | AV | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|---|
hpketi.exe | 1 | 0x00AF0000 | 0x00B99FFF | Relevant Image | 32-bit | 0x00AF13DD |
...
|
|||
hpketi.exe | 1 | 0x00AF0000 | 0x00B99FFF | Process Termination | 32-bit | - |
...
|
Local AV Matches (1)
»
Threat Name | Severity |
---|---|
Gen:Variant.Razy.680355 |
Malicious
|
C:\Users\FD1HVy\AppData\Local\Temp\VIYCWSGNGBBUKKLTBWYB\JCRILOMHYW.DPBKNGHLX | Dropped File | Sqlite |
Whitelisted
|
...
|
»
File Reputation Information
»
Severity |
Whitelisted
|
c:\users\fd1hvy\appdata\local\microsoft\windows\inetcache\counters2.dat | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\VIYCWSGNGBBUKKLTBWYB\JCRILOMHYW.DPBKNGHLX | Dropped File | Sqlite |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\VIYCWSGNGBBUKKLTBWYB\JCRILOMHYW.DPBKNGHLX | Dropped File | Sqlite |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\VIYCWSGNGBBUKKLTBWYB\JCRILOMHYW.DPBKNGHLX | Dropped File | Sqlite |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\VIYCWSGNGBBUKKLTBWYB\VBQQQRFIODBPXNDESMP.GIGLXSTPIUTSJFBF | Dropped File | Image |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\VIYCWSGNGBBUKKLTBWYB\HDRTFJKRBSVBLCRDRRLQ.IHRI | Dropped File | Text |
Unknown
|
...
|
»