Malicious
Classifications
-
Threat Names
CryptOne Gen:Heur.Mint.Jamg.1 Generic.Mint.Zamg.3.3897D085 Trojan.Ransom.Shade.E +1
Dynamic Analysis Report
Created on 2021-09-28T10:52:00
d158534622b057b387a617ebe2931fef6d5c7d386b6dfbeb652c4781846f87c1.exe
Windows Exe (x86-32)
Remarks (2/2)
(0x02000057): Static Analysis failed to decrypt some TLS connections.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\RDhJ0CNFevzX\Desktop\d158534622b057b387a617ebe2931fef6d5c7d386b6dfbeb652c4781846f87c1.exe | Sample File | Binary |
malicious
|
...
|
»
| Also Known As | C:\ProgramData\Windows\csrss.exe (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 1.19 MB |
| MD5 |
1d46afb839b846ede01cb925470f0488
|
| SHA1 |
8cffc99cda16d5d6b5192c62fefae6c0ac89b33d
|
| SHA256 |
d158534622b057b387a617ebe2931fef6d5c7d386b6dfbeb652c4781846f87c1
|
| SSDeep |
24576:XHtrdKYVVSrqGDohJ3STZG8vIn/sCBGnWsY0Dy0:XHtV7GwBSTc8An/4YF0
|
| ImpHash |
b90027f65707ca9644c551e337fa02ad
|
File Reputation Information
»
| Verdict |
malicious
|
AV Matches (1)
»
| Threat Name | Verdict |
|---|---|
| Gen:Heur.Mint.Jamg.1 |
malicious
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x513860 |
| Size Of Code | 0x113200 |
| Size Of Initialized Data | 0x1bc00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2019-02-27 09:39:43+00:00 |
Version Information (8)
»
| CompanyName | Microsoft Corporation |
| FileDescription | Win32 Cabinet Self-Extractor |
| FileVersion | 8.00.7600.16385 (win7_rtm.090713-1255) |
| InternalName | Wextract |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | WEXTRACT.EXE |
| ProductName | Windows® Internet Explorer |
| ProductVersion | 8.00.7600.16385 |
Sections (4)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x11313c | 0x113200 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.12 |
| .rdata | 0x515000 | 0x2b2e | 0x2c00 | 0x113600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.57 |
| .data | 0x518000 | 0x358 | 0x200 | 0x116200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.12 |
| .rsrc | 0x519000 | 0xeead8 | 0x18c00 | 0x116400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.14 |
Imports (5)
»
KERNEL32.dll (155)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetStringTypeW | - | 0x5150e4 | 0x115d30 | 0x114330 | 0x240 |
| GetSystemDefaultLCID | - | 0x5150e8 | 0x115d34 | 0x114334 | 0x241 |
| GetSystemTimeAsFileTime | - | 0x5150ec | 0x115d38 | 0x114338 | 0x24f |
| GetThreadLocale | - | 0x5150f0 | 0x115d3c | 0x11433c | 0x25f |
| GetThreadPriority | - | 0x5150f4 | 0x115d40 | 0x114340 | 0x261 |
| GetTickCount | - | 0x5150f8 | 0x115d44 | 0x114344 | 0x266 |
| GetUserDefaultUILanguage | - | 0x5150fc | 0x115d48 | 0x114348 | 0x270 |
| GetVersionExA | - | 0x515100 | 0x115d4c | 0x11434c | 0x275 |
| GetVersionExW | - | 0x515104 | 0x115d50 | 0x114350 | 0x276 |
| GlobalAddAtomW | - | 0x515108 | 0x115d54 | 0x114354 | 0x284 |
| GlobalAlloc | - | 0x51510c | 0x115d58 | 0x114358 | 0x285 |
| GlobalDeleteAtom | - | 0x515110 | 0x115d5c | 0x11435c | 0x287 |
| GlobalFindAtomW | - | 0x515114 | 0x115d60 | 0x114360 | 0x289 |
| GlobalFlags | - | 0x515118 | 0x115d64 | 0x114364 | 0x28b |
| GlobalFree | - | 0x51511c | 0x115d68 | 0x114368 | 0x28c |
| GlobalHandle | - | 0x515120 | 0x115d6c | 0x11436c | 0x28f |
| GlobalLock | - | 0x515124 | 0x115d70 | 0x114370 | 0x290 |
| GlobalReAlloc | - | 0x515128 | 0x115d74 | 0x114374 | 0x293 |
| GlobalUnlock | - | 0x51512c | 0x115d78 | 0x114378 | 0x297 |
| Heap32ListNext | - | 0x515130 | 0x115d7c | 0x11437c | 0x29b |
| HeapAlloc | - | 0x515134 | 0x115d80 | 0x114380 | 0x29d |
| HeapCreate | - | 0x515138 | 0x115d84 | 0x114384 | 0x29f |
| HeapFree | - | 0x51513c | 0x115d88 | 0x114388 | 0x2a1 |
| HeapReAlloc | - | 0x515140 | 0x115d8c | 0x11438c | 0x2a4 |
| HeapSize | - | 0x515144 | 0x115d90 | 0x114390 | 0x2a6 |
| HeapValidate | - | 0x515148 | 0x115d94 | 0x114394 | 0x2a9 |
| InitializeCriticalSection | - | 0x51514c | 0x115d98 | 0x114398 | 0x2b4 |
| InitializeCriticalSectionAndSpinCount | - | 0x515150 | 0x115d9c | 0x11439c | 0x2b5 |
| InterlockedDecrement | - | 0x515154 | 0x115da0 | 0x1143a0 | 0x2bc |
| InterlockedExchange | - | 0x515158 | 0x115da4 | 0x1143a4 | 0x2bd |
| InterlockedIncrement | - | 0x51515c | 0x115da8 | 0x1143a8 | 0x2c0 |
| IsDebuggerPresent | - | 0x515160 | 0x115dac | 0x1143ac | 0x2d1 |
| IsValidCodePage | - | 0x515164 | 0x115db0 | 0x1143b0 | 0x2db |
| LCMapStringA | - | 0x515168 | 0x115db4 | 0x1143b4 | 0x2e1 |
| LCMapStringW | - | 0x51516c | 0x115db8 | 0x1143b8 | 0x2e3 |
| LeaveCriticalSection | - | 0x515170 | 0x115dbc | 0x1143bc | 0x2ef |
| LoadLibraryA | - | 0x515174 | 0x115dc0 | 0x1143c0 | 0x2f1 |
| LoadLibraryW | - | 0x515178 | 0x115dc4 | 0x1143c4 | 0x2f4 |
| LoadResource | - | 0x51517c | 0x115dc8 | 0x1143c8 | 0x2f6 |
| LocalAlloc | - | 0x515180 | 0x115dcc | 0x1143cc | 0x2f9 |
| LocalFree | - | 0x515184 | 0x115dd0 | 0x1143d0 | 0x2fd |
| LocalReAlloc | - | 0x515188 | 0x115dd4 | 0x1143d4 | 0x300 |
| LocalSize | - | 0x51518c | 0x115dd8 | 0x1143d8 | 0x302 |
| LockResource | - | 0x515190 | 0x115ddc | 0x1143dc | 0x307 |
| MapViewOfFile | - | 0x515194 | 0x115de0 | 0x1143e0 | 0x30a |
| MultiByteToWideChar | - | 0x515198 | 0x115de4 | 0x1143e4 | 0x31a |
| OpenEventW | - | 0x51519c | 0x115de8 | 0x1143e8 | 0x328 |
| OpenMutexW | - | 0x5151a0 | 0x115dec | 0x1143ec | 0x330 |
| OpenSemaphoreA | - | 0x5151a4 | 0x115df0 | 0x1143f0 | 0x335 |
| GetStringTypeExW | - | 0x5151a8 | 0x115df4 | 0x1143f4 | 0x23f |
| OutputDebugStringA | - | 0x5151ac | 0x115df8 | 0x1143f8 | 0x33a |
| QueryPerformanceCounter | - | 0x5151b0 | 0x115dfc | 0x1143fc | 0x354 |
| RaiseException | - | 0x5151b4 | 0x115e00 | 0x114400 | 0x35a |
| ReadConsoleW | - | 0x5151b8 | 0x115e04 | 0x114404 | 0x366 |
| ReadFile | - | 0x5151bc | 0x115e08 | 0x114408 | 0x368 |
| ReleaseMutex | - | 0x5151c0 | 0x115e0c | 0x11440c | 0x377 |
| ReplaceFileA | - | 0x5151c4 | 0x115e10 | 0x114410 | 0x386 |
| RtlUnwind | - | 0x5151c8 | 0x115e14 | 0x114414 | 0x392 |
| SetComputerNameExA | - | 0x5151cc | 0x115e18 | 0x114418 | 0x3a2 |
| SetConsoleCtrlHandler | - | 0x5151d0 | 0x115e1c | 0x11441c | 0x3a7 |
| SetConsoleMode | - | 0x5151d4 | 0x115e20 | 0x114420 | 0x3b7 |
| SetConsoleOutputCP | - | 0x5151d8 | 0x115e24 | 0x114424 | 0x3bc |
| SetConsoleTextAttribute | - | 0x5151dc | 0x115e28 | 0x114428 | 0x3c0 |
| SetErrorMode | - | 0x5151e0 | 0x115e2c | 0x11442c | 0x3d2 |
| SetEvent | - | 0x5151e4 | 0x115e30 | 0x114430 | 0x3d3 |
| SetFilePointer | - | 0x5151e8 | 0x115e34 | 0x114434 | 0x3df |
| SetHandleCount | - | 0x5151ec | 0x115e38 | 0x114438 | 0x3e8 |
| SetLastError | - | 0x5151f0 | 0x115e3c | 0x11443c | 0x3ec |
| SetStdHandle | - | 0x5151f4 | 0x115e40 | 0x114440 | 0x3fc |
| SetThreadLocale | - | 0x5151f8 | 0x115e44 | 0x114444 | 0x409 |
| SetUnhandledExceptionFilter | - | 0x5151fc | 0x115e48 | 0x114448 | 0x415 |
| SetVolumeMountPointW | - | 0x515200 | 0x115e4c | 0x11444c | 0x41b |
| SizeofResource | - | 0x515204 | 0x115e50 | 0x114450 | 0x420 |
| Sleep | - | 0x515208 | 0x115e54 | 0x114454 | 0x421 |
| SystemTimeToFileTime | - | 0x51520c | 0x115e58 | 0x114458 | 0x42a |
| TerminateProcess | - | 0x515210 | 0x115e5c | 0x11445c | 0x42d |
| TerminateThread | - | 0x515214 | 0x115e60 | 0x114460 | 0x42e |
| TlsAlloc | - | 0x515218 | 0x115e64 | 0x114464 | 0x432 |
| TlsFree | - | 0x51521c | 0x115e68 | 0x114468 | 0x433 |
| TlsGetValue | - | 0x515220 | 0x115e6c | 0x11446c | 0x434 |
| TlsSetValue | - | 0x515224 | 0x115e70 | 0x114470 | 0x435 |
| UnhandledExceptionFilter | - | 0x515228 | 0x115e74 | 0x114474 | 0x43e |
| UnmapViewOfFile | - | 0x51522c | 0x115e78 | 0x114478 | 0x441 |
| VerLanguageNameA | - | 0x515230 | 0x115e7c | 0x11447c | 0x44d |
| VirtualAlloc | - | 0x515234 | 0x115e80 | 0x114480 | 0x454 |
| VirtualFree | - | 0x515238 | 0x115e84 | 0x114484 | 0x457 |
| WaitForMultipleObjects | - | 0x51523c | 0x115e88 | 0x114488 | 0x462 |
| WaitForSingleObject | - | 0x515240 | 0x115e8c | 0x11448c | 0x464 |
| WideCharToMultiByte | - | 0x515244 | 0x115e90 | 0x114490 | 0x47a |
| WriteConsoleA | - | 0x515248 | 0x115e94 | 0x114494 | 0x482 |
| WriteConsoleW | - | 0x51524c | 0x115e98 | 0x114498 | 0x48c |
| WriteFile | - | 0x515250 | 0x115e9c | 0x11449c | 0x48d |
| WritePrivateProfileStringW | - | 0x515254 | 0x115ea0 | 0x1144a0 | 0x493 |
| _lwrite | - | 0x515258 | 0x115ea4 | 0x1144a4 | 0x4a4 |
| lstrcmpA | - | 0x51525c | 0x115ea8 | 0x1144a8 | 0x4a9 |
| lstrcmpW | - | 0x515260 | 0x115eac | 0x1144ac | 0x4aa |
| lstrlenA | - | 0x515264 | 0x115eb0 | 0x1144b0 | 0x4b5 |
| lstrlenW | - | 0x515268 | 0x115eb4 | 0x1144b4 | 0x4b6 |
| GetStringTypeA | - | 0x51526c | 0x115eb8 | 0x1144b8 | 0x23d |
| GetStdHandle | - | 0x515270 | 0x115ebc | 0x1144bc | 0x23b |
| GetStartupInfoW | - | 0x515274 | 0x115ec0 | 0x1144c0 | 0x23a |
| GetStartupInfoA | - | 0x515278 | 0x115ec4 | 0x1144c4 | 0x239 |
| GetShortPathNameW | - | 0x51527c | 0x115ec8 | 0x1144c8 | 0x238 |
| GetProcessHeaps | - | 0x515280 | 0x115ecc | 0x1144cc | 0x224 |
| GetProcessHeap | - | 0x515284 | 0x115ed0 | 0x1144d0 | 0x223 |
| GetProcAddress | - | 0x515288 | 0x115ed4 | 0x1144d4 | 0x220 |
| GetOEMCP | - | 0x51528c | 0x115ed8 | 0x1144d8 | 0x213 |
| GetModuleHandleW | - | 0x515290 | 0x115edc | 0x1144dc | 0x1f9 |
| GetModuleHandleA | - | 0x515294 | 0x115ee0 | 0x1144e0 | 0x1f6 |
| GetModuleFileNameW | - | 0x515298 | 0x115ee4 | 0x1144e4 | 0x1f5 |
| GetModuleFileNameA | - | 0x51529c | 0x115ee8 | 0x1144e8 | 0x1f4 |
| GetLocaleInfoW | - | 0x5152a0 | 0x115eec | 0x1144ec | 0x1ea |
| GetLocaleInfoA | - | 0x5152a4 | 0x115ef0 | 0x1144f0 | 0x1e8 |
| GetLocalTime | - | 0x5152a8 | 0x115ef4 | 0x1144f4 | 0x1e7 |
| GetLastError | - | 0x5152ac | 0x115ef8 | 0x1144f8 | 0x1e6 |
| GetFileType | - | 0x5152b0 | 0x115efc | 0x1144fc | 0x1d7 |
| GetExitCodeThread | - | 0x5152b4 | 0x115f00 | 0x114500 | 0x1c6 |
| GetEnvironmentStringsW | - | 0x5152b8 | 0x115f04 | 0x114504 | 0x1c1 |
| GetCurrentThreadId | - | 0x5152bc | 0x115f08 | 0x114508 | 0x1ad |
| GetCurrentThread | - | 0x5152c0 | 0x115f0c | 0x11450c | 0x1ac |
| GetCurrentProcessId | - | 0x5152c4 | 0x115f10 | 0x114510 | 0x1aa |
| GetCurrentProcess | - | 0x5152c8 | 0x115f14 | 0x114514 | 0x1a9 |
| GetConsoleScreenBufferInfo | - | 0x5152cc | 0x115f18 | 0x114518 | 0x19b |
| GetConsoleOutputCP | - | 0x5152d0 | 0x115f1c | 0x11451c | 0x199 |
| GetConsoleMode | - | 0x5152d4 | 0x115f20 | 0x114520 | 0x195 |
| GetConsoleFontSize | - | 0x5152d8 | 0x115f24 | 0x114524 | 0x18d |
| GetConsoleCP | - | 0x5152dc | 0x115f28 | 0x114528 | 0x183 |
| GetComputerNameW | - | 0x5152e0 | 0x115f2c | 0x11452c | 0x178 |
| GetCommandLineW | - | 0x5152e4 | 0x115f30 | 0x114530 | 0x170 |
| GetCPInfo | - | 0x5152e8 | 0x115f34 | 0x114534 | 0x15b |
| GetACP | - | 0x5152ec | 0x115f38 | 0x114538 | 0x152 |
| FreeLibrary | - | 0x5152f0 | 0x115f3c | 0x11453c | 0x14c |
| FreeEnvironmentStringsW | - | 0x5152f4 | 0x115f40 | 0x114540 | 0x14b |
| FormatMessageW | - | 0x5152f8 | 0x115f44 | 0x114544 | 0x148 |
| FlushFileBuffers | - | 0x5152fc | 0x115f48 | 0x114548 | 0x141 |
| FindResourceW | - | 0x515300 | 0x115f4c | 0x11454c | 0x139 |
| FindNextFileW | - | 0x515304 | 0x115f50 | 0x114550 | 0x130 |
| FindFirstFileW | - | 0x515308 | 0x115f54 | 0x114554 | 0x124 |
| FindClose | - | 0x51530c | 0x115f58 | 0x114558 | 0x119 |
| FileTimeToLocalFileTime | - | 0x515310 | 0x115f5c | 0x11455c | 0x10f |
| FileTimeToDosDateTime | - | 0x515314 | 0x115f60 | 0x114560 | 0x10e |
| ExitProcess | - | 0x515318 | 0x115f64 | 0x114564 | 0x104 |
| EnumResourceLanguagesW | - | 0x51531c | 0x115f68 | 0x114568 | 0xe9 |
| EnterCriticalSection | - | 0x515320 | 0x115f6c | 0x11456c | 0xd9 |
| DeleteCriticalSection | - | 0x515324 | 0x115f70 | 0x114570 | 0xbe |
| CreateThread | - | 0x515328 | 0x115f74 | 0x114574 | 0xa3 |
| CreateMutexW | - | 0x51532c | 0x115f78 | 0x114578 | 0x8e |
| CreateMutexA | - | 0x515330 | 0x115f7c | 0x11457c | 0x8b |
| CreateFileW | - | 0x515334 | 0x115f80 | 0x114580 | 0x7f |
| CreateFileMappingW | - | 0x515338 | 0x115f84 | 0x114584 | 0x7c |
| CreateFileA | - | 0x51533c | 0x115f88 | 0x114588 | 0x78 |
| CreateEventW | - | 0x515340 | 0x115f8c | 0x11458c | 0x75 |
| ConvertDefaultLocale | - | 0x515344 | 0x115f90 | 0x114590 | 0x5a |
| OpenThread | - | 0x515348 | 0x115f94 | 0x114594 | 0x337 |
| CloseHandle | - | 0x51534c | 0x115f98 | 0x114598 | 0x43 |
USER32.dll (150)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GrayStringW | - | 0x515360 | 0x115fac | 0x1145ac | 0x194 |
| IsIconic | - | 0x515364 | 0x115fb0 | 0x1145b0 | 0x1bd |
| IsWindow | - | 0x515368 | 0x115fb4 | 0x1145b4 | 0x1c5 |
| IsWindowEnabled | - | 0x51536c | 0x115fb8 | 0x1145b8 | 0x1c6 |
| IsWindowVisible | - | 0x515370 | 0x115fbc | 0x1145bc | 0x1ca |
| LoadBitmapW | - | 0x515374 | 0x115fc0 | 0x1145c0 | 0x1d1 |
| LoadCursorW | - | 0x515378 | 0x115fc4 | 0x1145c4 | 0x1d5 |
| LoadIconW | - | 0x51537c | 0x115fc8 | 0x1145c8 | 0x1d7 |
| LoadMenuW | - | 0x515380 | 0x115fcc | 0x1145cc | 0x1e1 |
| LoadStringW | - | 0x515384 | 0x115fd0 | 0x1145d0 | 0x1e4 |
| MapWindowPoints | - | 0x515388 | 0x115fd4 | 0x1145d4 | 0x1f3 |
| MessageBoxA | - | 0x51538c | 0x115fd8 | 0x1145d8 | 0x1f8 |
| MessageBoxW | - | 0x515390 | 0x115fdc | 0x1145dc | 0x1ff |
| ModifyMenuW | - | 0x515394 | 0x115fe0 | 0x1145e0 | 0x201 |
| MsgWaitForMultipleObjectsEx | - | 0x515398 | 0x115fe4 | 0x1145e4 | 0x207 |
| NotifyWinEvent | - | 0x51539c | 0x115fe8 | 0x1145e8 | 0x208 |
| PeekMessageW | - | 0x5153a0 | 0x115fec | 0x1145ec | 0x21c |
| PostMessageW | - | 0x5153a4 | 0x115ff0 | 0x1145f0 | 0x21f |
| PostQuitMessage | - | 0x5153a8 | 0x115ff4 | 0x1145f4 | 0x220 |
| PostThreadMessageA | - | 0x5153ac | 0x115ff8 | 0x1145f8 | 0x221 |
| PostThreadMessageW | - | 0x5153b0 | 0x115ffc | 0x1145fc | 0x222 |
| PtInRect | - | 0x5153b4 | 0x116000 | 0x114600 | 0x229 |
| RegisterClassW | - | 0x5153b8 | 0x116004 | 0x114604 | 0x236 |
| RegisterWindowMessageW | - | 0x5153bc | 0x116008 | 0x114608 | 0x24a |
| ReleaseDC | - | 0x5153c0 | 0x11600c | 0x11460c | 0x24c |
| RemovePropW | - | 0x5153c4 | 0x116010 | 0x114610 | 0x250 |
| SendMessageA | - | 0x5153c8 | 0x116014 | 0x114614 | 0x25e |
| SendMessageW | - | 0x5153cc | 0x116018 | 0x114618 | 0x263 |
| SetCursor | - | 0x5153d0 | 0x11601c | 0x11461c | 0x270 |
| SetForegroundWindow | - | 0x5153d4 | 0x116020 | 0x114620 | 0x27a |
| SetMenu | - | 0x5153d8 | 0x116024 | 0x114624 | 0x27f |
| SetMenuItemBitmaps | - | 0x5153dc | 0x116028 | 0x114628 | 0x283 |
| SetMessageQueue | - | 0x5153e0 | 0x11602c | 0x11462c | 0x287 |
| SetPropW | - | 0x5153e4 | 0x116030 | 0x114630 | 0x290 |
| SetWindowLongW | - | 0x5153e8 | 0x116034 | 0x114634 | 0x2a5 |
| SetWindowPos | - | 0x5153ec | 0x116038 | 0x114638 | 0x2a7 |
| SetWindowTextW | - | 0x5153f0 | 0x11603c | 0x11463c | 0x2ac |
| SetWindowsHookExW | - | 0x5153f4 | 0x116040 | 0x114640 | 0x2b0 |
| ShowWindow | - | 0x5153f8 | 0x116044 | 0x114644 | 0x2b8 |
| SystemParametersInfoA | - | 0x5153fc | 0x116048 | 0x114648 | 0x2c4 |
| TabbedTextOutW | - | 0x515400 | 0x11604c | 0x11464c | 0x2c7 |
| TranslateMessage | - | 0x515404 | 0x116050 | 0x114650 | 0x2d5 |
| UnhookWinEvent | - | 0x515408 | 0x116054 | 0x114654 | 0x2d7 |
| UnhookWindowsHookEx | - | 0x51540c | 0x116058 | 0x114658 | 0x2d9 |
| UnregisterClassW | - | 0x515410 | 0x11605c | 0x11465c | 0x2df |
| UnregisterDeviceNotification | - | 0x515414 | 0x116060 | 0x114660 | 0x2e0 |
| ValidateRect | - | 0x515418 | 0x116064 | 0x114664 | 0x2f2 |
| WinHelpW | - | 0x51541c | 0x116068 | 0x114668 | 0x300 |
| WindowFromDC | - | 0x515420 | 0x11606c | 0x11466c | 0x301 |
| LoadCursorFromFileA | - | 0x515424 | 0x116070 | 0x114670 | 0x1d3 |
| GetClipboardData | - | 0x515428 | 0x116074 | 0x114674 | 0x10f |
| InSendMessage | - | 0x51542c | 0x116078 | 0x114678 | 0x19f |
| IsMenu | - | 0x515430 | 0x11607c | 0x11467c | 0x1be |
| DestroyIcon | - | 0x515434 | 0x116080 | 0x114680 | 0x9d |
| CharLowerW | - | 0x515438 | 0x116084 | 0x114684 | 0x2c |
| GetMenuContextHelpId | - | 0x51543c | 0x116088 | 0x114688 | 0x13f |
| VkKeyScanA | - | 0x515440 | 0x11608c | 0x11468c | 0x2f4 |
| CountClipboardFormats | - | 0x515444 | 0x116090 | 0x114690 | 0x50 |
| IsCharAlphaA | - | 0x515448 | 0x116094 | 0x114694 | 0x1ad |
| IsCharAlphaNumericA | - | 0x51544c | 0x116098 | 0x114698 | 0x1ae |
| GetProcessWindowStation | - | 0x515450 | 0x11609c | 0x11469c | 0x159 |
| IsWindowUnicode | - | 0x515454 | 0x1160a0 | 0x1146a0 | 0x1c9 |
| GetKeyboardLayout | - | 0x515458 | 0x1160a4 | 0x1146a4 | 0x132 |
| VkKeyScanW | - | 0x51545c | 0x1160a8 | 0x1146a8 | 0x2f7 |
| GetKBCodePage | - | 0x515460 | 0x1160ac | 0x1146ac | 0x12e |
| GetClipboardOwner | - | 0x515464 | 0x1160b0 | 0x1146b0 | 0x112 |
| GetAsyncKeyState | - | 0x515468 | 0x1160b4 | 0x1146b4 | 0x100 |
| DestroyCursor | - | 0x51546c | 0x1160b8 | 0x1146b8 | 0x9c |
| CloseClipboard | - | 0x515470 | 0x1160bc | 0x1146bc | 0x47 |
| PaintDesktop | - | 0x515474 | 0x1160c0 | 0x1146c0 | 0x218 |
| GetInputState | - | 0x515478 | 0x1160c4 | 0x1146c4 | 0x12c |
| GetCursor | - | 0x51547c | 0x1160c8 | 0x1146c8 | 0x116 |
| CloseDesktop | - | 0x515480 | 0x1160cc | 0x1146cc | 0x48 |
| ReleaseCapture | - | 0x515484 | 0x1160d0 | 0x1146d0 | 0x24b |
| EnumClipboardFormats | - | 0x515488 | 0x1160d4 | 0x1146d4 | 0xd9 |
| GetWindowContextHelpId | - | 0x51548c | 0x1160d8 | 0x1146d8 | 0x17e |
| GetWindowTextLengthA | - | 0x515490 | 0x1160dc | 0x1146dc | 0x18d |
| GetClipboardViewer | - | 0x515494 | 0x1160e0 | 0x1146e0 | 0x114 |
| GetThreadDesktop | - | 0x515498 | 0x1160e4 | 0x1146e4 | 0x173 |
| IsCharAlphaW | - | 0x51549c | 0x1160e8 | 0x1146e8 | 0x1b0 |
| AnyPopup | - | 0x5154a0 | 0x1160ec | 0x1146ec | 0x8 |
| CharUpperW | - | 0x5154a4 | 0x1160f0 | 0x1146f0 | 0x3a |
| IsCharLowerW | - | 0x5154a8 | 0x1160f4 | 0x1146f4 | 0x1b2 |
| IsClipboardFormatAvailable | - | 0x5154ac | 0x1160f8 | 0x1146f8 | 0x1b6 |
| GetQueueStatus | - | 0x5154b0 | 0x1160fc | 0x1146fc | 0x15d |
| CloseWindow | - | 0x5154b4 | 0x116100 | 0x114700 | 0x49 |
| GetDialogBaseUnits | - | 0x5154b8 | 0x116104 | 0x114704 | 0x11d |
| OemKeyScan | - | 0x5154bc | 0x116108 | 0x114708 | 0x209 |
| CharNextA | - | 0x5154c0 | 0x11610c | 0x11470c | 0x2d |
| LoadIconA | - | 0x5154c4 | 0x116110 | 0x114710 | 0x1d6 |
| GetWindowThreadProcessId | - | 0x5154c8 | 0x116114 | 0x114714 | 0x190 |
| GetWindowTextW | - | 0x5154cc | 0x116118 | 0x114718 | 0x18f |
| GetWindowRect | - | 0x5154d0 | 0x11611c | 0x11471c | 0x188 |
| GetWindowPlacement | - | 0x5154d4 | 0x116120 | 0x114720 | 0x187 |
| GetWindowLongW | - | 0x5154d8 | 0x116124 | 0x114724 | 0x182 |
| GetWindow | - | 0x5154dc | 0x116128 | 0x114728 | 0x17d |
| GetTopWindow | - | 0x5154e0 | 0x11612c | 0x11472c | 0x175 |
| GetSystemMetrics | - | 0x5154e4 | 0x116130 | 0x114730 | 0x16f |
| GetSysColorBrush | - | 0x5154e8 | 0x116134 | 0x114734 | 0x16d |
| GetSysColor | - | 0x5154ec | 0x116138 | 0x114738 | 0x16c |
| GetSubMenu | - | 0x5154f0 | 0x11613c | 0x11473c | 0x16b |
| GetScrollPos | - | 0x5154f4 | 0x116140 | 0x114740 | 0x167 |
| GetPropW | - | 0x5154f8 | 0x116144 | 0x114744 | 0x15c |
| GetParent | - | 0x5154fc | 0x116148 | 0x114748 | 0x155 |
| GetMessageW | - | 0x515500 | 0x11614c | 0x11474c | 0x14e |
| GetMessageTime | - | 0x515504 | 0x116150 | 0x114750 | 0x14d |
| GetMessagePos | - | 0x515508 | 0x116154 | 0x114754 | 0x14c |
| GetMessageExtraInfo | - | 0x51550c | 0x116158 | 0x114758 | 0x14b |
| GetMenuState | - | 0x515510 | 0x11615c | 0x11475c | 0x147 |
| GetMenuItemID | - | 0x515514 | 0x116160 | 0x114760 | 0x143 |
| GetMenuItemCount | - | 0x515518 | 0x116164 | 0x114764 | 0x142 |
| GetMenuCheckMarkDimensions | - | 0x51551c | 0x116168 | 0x114768 | 0x13e |
| GetMenu | - | 0x515520 | 0x11616c | 0x11476c | 0x13c |
| GetLastActivePopup | - | 0x515524 | 0x116170 | 0x114770 | 0x138 |
| GetKeyState | - | 0x515528 | 0x116174 | 0x114774 | 0x131 |
| GetForegroundWindow | - | 0x51552c | 0x116178 | 0x114778 | 0x125 |
| GetFocus | - | 0x515530 | 0x11617c | 0x11477c | 0x124 |
| GetDlgItem | - | 0x515534 | 0x116180 | 0x114780 | 0x11f |
| GetDlgCtrlID | - | 0x515538 | 0x116184 | 0x114784 | 0x11e |
| GetDC | - | 0x51553c | 0x116188 | 0x114788 | 0x11a |
| GetCursorPos | - | 0x515540 | 0x11618c | 0x11478c | 0x119 |
| GetClientRect | - | 0x515544 | 0x116190 | 0x114790 | 0x10d |
| GetClassLongW | - | 0x515548 | 0x116194 | 0x114794 | 0x109 |
| GetClassInfoW | - | 0x51554c | 0x116198 | 0x114798 | 0x107 |
| GetClassInfoExW | - | 0x515550 | 0x11619c | 0x11479c | 0x106 |
| GetCapture | - | 0x515554 | 0x1161a0 | 0x1147a0 | 0x101 |
| GetActiveWindow | - | 0x515558 | 0x1161a4 | 0x1147a4 | 0xf9 |
| EnableWindow | - | 0x51555c | 0x1161a8 | 0x1147a8 | 0xd1 |
| EnableMenuItem | - | 0x515560 | 0x1161ac | 0x1147ac | 0xcf |
| EmptyClipboard | - | 0x515564 | 0x1161b0 | 0x1147b0 | 0xce |
| DrawTextW | - | 0x515568 | 0x1161b4 | 0x1147b4 | 0xc8 |
| DrawTextExW | - | 0x51556c | 0x1161b8 | 0x1147b8 | 0xc7 |
| DispatchMessageW | - | 0x515570 | 0x1161bc | 0x1147bc | 0xa9 |
| DestroyWindow | - | 0x515574 | 0x1161c0 | 0x1147c0 | 0xa0 |
| DestroyMenu | - | 0x515578 | 0x1161c4 | 0x1147c4 | 0x9e |
| DefWindowProcW | - | 0x51557c | 0x1161c8 | 0x1147c8 | 0x96 |
| DefWindowProcA | - | 0x515580 | 0x1161cc | 0x1147cc | 0x95 |
| DdeQueryConvInfo | - | 0x515584 | 0x1161d0 | 0x1147d0 | 0x85 |
| CreateWindowExW | - | 0x515588 | 0x1161d4 | 0x1147d4 | 0x68 |
| CreateDialogParamW | - | 0x51558c | 0x1161d8 | 0x1147d8 | 0x5d |
| CopyRect | - | 0x515590 | 0x1161dc | 0x1147dc | 0x4f |
| ClientToScreen | - | 0x515594 | 0x1161e0 | 0x1147e0 | 0x45 |
| CheckMenuItem | - | 0x515598 | 0x1161e4 | 0x1147e4 | 0x3d |
| CharToOemW | - | 0x51559c | 0x1161e8 | 0x1147e8 | 0x36 |
| CharNextW | - | 0x5155a0 | 0x1161ec | 0x1147ec | 0x2f |
| CharLowerA | - | 0x5155a4 | 0x1161f0 | 0x1147f0 | 0x29 |
| CallWindowProcW | - | 0x5155a8 | 0x1161f4 | 0x1147f4 | 0x1d |
| CallNextHookEx | - | 0x5155ac | 0x1161f8 | 0x1147f8 | 0x1b |
| AdjustWindowRectEx | - | 0x5155b0 | 0x1161fc | 0x1147fc | 0x3 |
| GetClassNameW | - | 0x5155b4 | 0x116200 | 0x114800 | 0x10b |
GDI32.dll (42)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CreateSolidBrush | - | 0x515038 | 0x115c84 | 0x114284 | 0x52 |
| SaveDC | - | 0x51503c | 0x115c88 | 0x114288 | 0x257 |
| FlattenPath | - | 0x515040 | 0x115c8c | 0x11428c | 0x12f |
| GdiGetBatchLimit | - | 0x515044 | 0x115c90 | 0x114290 | 0x162 |
| AbortDoc | - | 0x515048 | 0x115c94 | 0x114294 | 0x0 |
| GetStockObject | - | 0x51504c | 0x115c98 | 0x114298 | 0x1f4 |
| GetLayout | - | 0x515050 | 0x115c9c | 0x11429c | 0x1d4 |
| GetBkColor | - | 0x515054 | 0x115ca0 | 0x1142a0 | 0x193 |
| GdiFlush | - | 0x515058 | 0x115ca4 | 0x1142a4 | 0x160 |
| CreateHalftonePalette | - | 0x51505c | 0x115ca8 | 0x1142a8 | 0x40 |
| GetSystemPaletteUse | - | 0x515060 | 0x115cac | 0x1142ac | 0x1fa |
| GetObjectType | - | 0x515064 | 0x115cb0 | 0x1142b0 | 0x1e3 |
| DeleteObject | - | 0x515068 | 0x115cb4 | 0x1142b4 | 0xd0 |
| AddFontResourceW | - | 0x51506c | 0x115cb8 | 0x1142b8 | 0x7 |
| EngQueryLocalTime | - | 0x515070 | 0x115cbc | 0x1142bc | 0x102 |
| GetPolyFillMode | - | 0x515074 | 0x115cc0 | 0x1142c0 | 0x1ed |
| GetGraphicsMode | - | 0x515078 | 0x115cc4 | 0x1142c4 | 0x1cd |
| AbortPath | - | 0x51507c | 0x115cc8 | 0x1142c8 | 0x1 |
| DeleteColorSpace | - | 0x515080 | 0x115ccc | 0x1142cc | 0xcc |
| CreateCompatibleDC | - | 0x515084 | 0x115cd0 | 0x1142d0 | 0x2e |
| UnrealizeObject | - | 0x515088 | 0x115cd4 | 0x1142d4 | 0x2a3 |
| GetDCPenColor | - | 0x51508c | 0x115cd8 | 0x1142d8 | 0x1b2 |
| UpdateColors | - | 0x515090 | 0x115cdc | 0x1142dc | 0x2a4 |
| CreatePatternBrush | - | 0x515094 | 0x115ce0 | 0x1142e0 | 0x48 |
| StrokePath | - | 0x515098 | 0x115ce4 | 0x1142e4 | 0x29d |
| SwapBuffers | - | 0x51509c | 0x115ce8 | 0x1142e8 | 0x29e |
| GetTextCharset | - | 0x5150a0 | 0x115cec | 0x1142ec | 0x1fd |
| XLATEOBJ_cGetPalette | - | 0x5150a4 | 0x115cf0 | 0x1142f0 | 0x2aa |
| XFORMOBJ_iGetXform | - | 0x5150a8 | 0x115cf4 | 0x1142f4 | 0x2a9 |
| StartDocW | - | 0x5150ac | 0x115cf8 | 0x1142f8 | 0x297 |
| SetWindowExtEx | - | 0x5150b0 | 0x115cfc | 0x1142fc | 0x293 |
| SetTextColor | - | 0x5150b4 | 0x115d00 | 0x114300 | 0x28d |
| GetTextColor | - | 0x5150b8 | 0x115d04 | 0x114304 | 0x1ff |
| GetICMProfileW | - | 0x5150bc | 0x115d08 | 0x114308 | 0x1d0 |
| GetCharABCWidthsA | - | 0x5150c0 | 0x115d0c | 0x11430c | 0x19b |
| GdiStartDocEMF | - | 0x5150c4 | 0x115d10 | 0x114310 | 0x189 |
| GdiDllInitialize | - | 0x5150c8 | 0x115d14 | 0x114314 | 0x14b |
| GetColorSpace | - | 0x5150cc | 0x115d18 | 0x114318 | 0x1ad |
| CopyMetaFileW | - | 0x5150d0 | 0x115d1c | 0x11431c | 0x27 |
| EngLoadModule | - | 0x5150d4 | 0x115d20 | 0x114320 | 0xfa |
| DPtoLP | - | 0x5150d8 | 0x115d24 | 0x114324 | 0x92 |
| EngReleaseSemaphore | - | 0x5150dc | 0x115d28 | 0x114328 | 0x103 |
ADVAPI32.dll (13)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegSetValueExA | - | 0x515000 | 0x115c4c | 0x11424c | 0x277 |
| RegQueryValueW | - | 0x515004 | 0x115c50 | 0x114250 | 0x269 |
| RegQueryValueExW | - | 0x515008 | 0x115c54 | 0x114254 | 0x268 |
| RegQueryValueExA | - | 0x51500c | 0x115c58 | 0x114258 | 0x267 |
| RegOpenKeyW | - | 0x515010 | 0x115c5c | 0x11425c | 0x25e |
| RegOpenKeyExW | - | 0x515014 | 0x115c60 | 0x114260 | 0x25b |
| RegOpenKeyExA | - | 0x515018 | 0x115c64 | 0x114264 | 0x25a |
| RegEnumKeyW | - | 0x51501c | 0x115c68 | 0x114268 | 0x24a |
| RegDeleteKeyW | - | 0x515020 | 0x115c6c | 0x11426c | 0x23e |
| RegCreateKeyExW | - | 0x515024 | 0x115c70 | 0x114270 | 0x233 |
| RegCreateKeyExA | - | 0x515028 | 0x115c74 | 0x114274 | 0x232 |
| RegCloseKey | - | 0x51502c | 0x115c78 | 0x114278 | 0x22a |
| RegSetValueExW | - | 0x515030 | 0x115c7c | 0x11427c | 0x278 |
SHLWAPI.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| PathFindFileNameW | - | 0x515354 | 0x115fa0 | 0x1145a0 | 0x49 |
| PathFindExtensionW | - | 0x515358 | 0x115fa4 | 0x1145a4 | 0x47 |
Digital Signature Information
»
| Verification Status | Failed |
| Verification Error | The signature hash does not match the file contents |
Certificate: OCVZWWJW
»
| Issued by | OCVZWWJW |
| Country Name | - |
| Valid From | 2019-02-26 12:42 (UTC+1) |
| Valid Until | 2040-01-01 00:59 (UTC+1) |
| Algorithm | sha1_rsa |
| Serial Number | B2 0E 94 03 A2 1C 6D 95 46 63 33 3C 1B 5C BF D0 |
| Thumbprint | 22 64 5D A2 30 23 46 3F A0 3C 4F D9 E8 26 12 B3 D3 54 09 56 |
Memory Dumps (7)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|---|
| d158534622b057b387a617ebe2931fef6d5c7d386b6dfbeb652c4781846f87c1.exe | 1 | 0x00400000 | 0x00607FFF | Relevant Image |
|
32-bit | 0x00513903 |
|
|
...
|
| buffer | 1 | 0x00810000 | 0x008E4FFF | First Execution |
|
32-bit | 0x008E40E0 |
|
|
...
|
| buffer | 1 | 0x00134000 | 0x00206FFF | Marked Executable |
|
32-bit | - |
|
|
...
|
| d158534622b057b387a617ebe2931fef6d5c7d386b6dfbeb652c4781846f87c1.exe | 1 | 0x00400000 | 0x00607FFF | Content Changed |
|
32-bit | 0x00566990 |
|
|
...
|
| buffer | 1 | 0x02180000 | 0x02253FFF | Image In Buffer |
|
32-bit | - |
|
|
...
|
| buffer | 1 | 0x02260000 | 0x02467FFF | Image In Buffer |
|
32-bit | - |
|
|
...
|
| d158534622b057b387a617ebe2931fef6d5c7d386b6dfbeb652c4781846f87c1.exe | 1 | 0x00400000 | 0x00607FFF | Final Dump |
|
32-bit | 0x005223F9 |
|
|
...
|
| C:\Users\RDHJ0C~1\AppData\Local\Temp\6893A5~1\lock | Dropped File | Unknown |
N/A
Not Available because the file was not extracted successfully.
|
...
|
»
| MIME Type | - |
| File Size | - |
| MD5 | - |
| SHA1 | - |
| SHA256 | - |
| SSDeep | - |
| ImpHash | - |
| C:\Users\RDHJ0C~1\AppData\Local\Temp\6893A5~1\state.tmp | Dropped File | Text |
clean
|
...
|
»
| Also Known As | C:\Users\RDHJ0C~1\AppData\Local\Temp\6893A5~1\state (Dropped File) |
| MIME Type | text/plain |
| File Size | 199 Bytes |
| MD5 |
5b5c6c32f5c1a4855d6fa4919ef54400
|
| SHA1 |
27a5a6dc794d6e6b78506ed490004bdc6149ed9b
|
| SHA256 |
08254868a618fce4061ba6803e228bd9ecd53d37e4e0ba586184667db6db5cdb
|
| SSDeep |
6:SbdWwxXN57EonXr87+QVe2vwR/EtbWCd8D5Z5mn:bwxXn7EoXr87HVBvwNi2ZEn
|
| ImpHash | - |
