Hancitor Malware | Files
Try VMRay Analyzer
File Information
Sample files count 1
Created files count 5
Modified files count 0
quickbooks_expenses_report_6241186.doc
-
File Properties
Names quickbooks_expenses_report_6241186.doc (Sample File)
Size 312.50 KB (320000 bytes)
Hash Values MD5: cbb60bfa61964f0fddb792cb4e2bce2c
SHA1: 79b146a68010592fb40aa240bfbd8f8b45778e5a
SHA256: 2a6ed4487df71f0adffebeb42c6dd183a422fbf948dbf77e7f1631dcdeaae524
Actions
c:\users\hjrd1k~1\appdata\local\temp\vbe\msforms.exd
-
File Properties
Names c:\users\hjrd1k~1\appdata\local\temp\vbe\msforms.exd (Created File)
Size 148.49 KB (152056 bytes)
Hash Values MD5: 3216ec2560c6583449f44e7dd9549b4b
SHA1: ccc83c8644eec8cf1bb6c0950dfb868d4f46b42c
SHA256: 4851a74564adb270cbb68d67ab645ad18d1ba0921b2972372679352c09209192
Actions
c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\forms\winword.box, ...
-
File Properties
Names c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\forms\winword.box (Created File)
c:\users\hjrd1koky ds8lujv\appdata\roaming\dpx.dll (Created File)
Size 0.00 KB (0 bytes)
Hash Values MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
c:\users\hjrd1koky ds8lujv\appdata\roaming\convincingly.exe
-
File Properties
Names c:\users\hjrd1koky ds8lujv\appdata\roaming\convincingly.exe (Created File)
Size 73.00 KB (74752 bytes)
Hash Values MD5: eeef5204913a313f64a2e06dea22b936
SHA1: 74a5c8175391184a5fd7b32dfde7b9a27386aadf
SHA256: 927810b771a85383ab0679c559ef7544bb7666f60d84f8e180c405fda1659005
Actions
PE Information
+
File Properties
Image Base 0x400000
Entry Point 0x403b87
Size Of Code 0x8a00
Size Of Initialized Data 0xa200
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2016-07-06 12:21:23
Compiler/Packer Unknown
Sections (4)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x8884 0x8a00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.6
.rdata 0x40a000 0x3290 0x3400 0x8e00 CNT_INITIALIZED_DATA, MEM_READ 5.51
.data 0x40e000 0x183c 0xe00 0xc200 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 2.33
.rsrc 0x410000 0x5388 0x5400 0xd000 CNT_INITIALIZED_DATA, MEM_READ 7.43
Imports (282)
+
KERNEL32.dll (154)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
TlsAlloc 0x0 0x40a0b8 0xbaf0 0xa8f0
GetCurrentThread 0x0 0x40a0bc 0xbaf4 0xa8f4
lstrcmpiW 0x0 0x40a0c0 0xbaf8 0xa8f8
FatalAppExitA 0x0 0x40a0c4 0xbafc 0xa8fc
WriteFile 0x0 0x40a0c8 0xbb00 0xa900
LoadLibraryA 0x0 0x40a0cc 0xbb04 0xa904
DeleteCriticalSection 0x0 0x40a0d0 0xbb08 0xa908
SetStdHandle 0x0 0x40a0d4 0xbb0c 0xa90c
TlsGetValue 0x0 0x40a0d8 0xbb10 0xa910
CreateFileMappingA 0x0 0x40a0dc 0xbb14 0xa914
lstrcmpW 0x0 0x40a0e0 0xbb18 0xa918
GetLocalTime 0x0 0x40a0e4 0xbb1c 0xa91c
CreateEventA 0x0 0x40a0e8 0xbb20 0xa920
LCMapStringA 0x0 0x40a0ec 0xbb24 0xa924
WaitForMultipleObjects 0x0 0x40a0f0 0xbb28 0xa928
GetFileType 0x0 0x40a0f4 0xbb2c 0xa92c
lstrcpyA 0x0 0x40a0f8 0xbb30 0xa930
GetTimeFormatW 0x0 0x40a0fc 0xbb34 0xa934
GetConsoleMode 0x0 0x40a100 0xbb38 0xa938
SleepEx 0x0 0x40a104 0xbb3c 0xa93c
FileTimeToSystemTime 0x0 0x40a108 0xbb40 0xa940
QueryPerformanceCounter 0x0 0x40a10c 0xbb44 0xa944
CompareStringW 0x0 0x40a110 0xbb48 0xa948
GetLocaleInfoW 0x0 0x40a114 0xbb4c 0xa94c
SetConsoleCtrlHandler 0x0 0x40a118 0xbb50 0xa950
UnhandledExceptionFilter 0x0 0x40a11c 0xbb54 0xa954
GetEnvironmentVariableA 0x0 0x40a120 0xbb58 0xa958
lstrcatW 0x0 0x40a124 0xbb5c 0xa95c
GetTimeZoneInformation 0x0 0x40a128 0xbb60 0xa960
OpenMutexA 0x0 0x40a12c 0xbb64 0xa964
GetOverlappedResult 0x0 0x40a130 0xbb68 0xa968
GlobalFree 0x0 0x40a134 0xbb6c 0xa96c
TerminateThread 0x0 0x40a138 0xbb70 0xa970
FreeEnvironmentStringsA 0x0 0x40a13c 0xbb74 0xa974
GlobalAlloc 0x0 0x40a140 0xbb78 0xa978
WaitForSingleObject 0x0 0x40a144 0xbb7c 0xa97c
lstrlenW 0x0 0x40a148 0xbb80 0xa980
FileTimeToLocalFileTime 0x0 0x40a14c 0xbb84 0xa984
WriteConsoleW 0x0 0x40a150 0xbb88 0xa988
FormatMessageA 0x0 0x40a154 0xbb8c 0xa98c
Sleep 0x0 0x40a158 0xbb90 0xa990
WriteConsoleA 0x0 0x40a15c 0xbb94 0xa994
LocalLock 0x0 0x40a160 0xbb98 0xa998
GetComputerNameA 0x0 0x40a164 0xbb9c 0xa99c
GetConsoleOutputCP 0x0 0x40a168 0xbba0 0xa9a0
GetFileSize 0x0 0x40a16c 0xbba4 0xa9a4
FindClose 0x0 0x40a170 0xbba8 0xa9a8
FreeEnvironmentStringsW 0x0 0x40a174 0xbbac 0xa9ac
ResetEvent 0x0 0x40a178 0xbbb0 0xa9b0
GetStringTypeA 0x0 0x40a17c 0xbbb4 0xa9b4
GetFullPathNameA 0x0 0x40a180 0xbbb8 0xa9b8
ExitProcess 0x0 0x40a184 0xbbbc 0xa9bc
LocalFree 0x0 0x40a188 0xbbc0 0xa9c0
WriteProfileStringW 0x0 0x40a18c 0xbbc4 0xa9c4
FindFirstFileA 0x0 0x40a190 0xbbc8 0xa9c8
CreateEventW 0x0 0x40a194 0xbbcc 0xa9cc
GetTickCount 0x0 0x40a198 0xbbd0 0xa9d0
CreateFileW 0x0 0x40a19c 0xbbd4 0xa9d4
lstrcpynW 0x0 0x40a1a0 0xbbd8 0xa9d8
GetProfileStringW 0x0 0x40a1a4 0xbbdc 0xa9dc
IsValidLocale 0x0 0x40a1a8 0xbbe0 0xa9e0
GetProfileIntW 0x0 0x40a1ac 0xbbe4 0xa9e4
SetLastError 0x0 0x40a1b0 0xbbe8 0xa9e8
MultiByteToWideChar 0x0 0x40a1b4 0xbbec 0xa9ec
GetSystemTimeAsFileTime 0x0 0x40a1b8 0xbbf0 0xa9f0
GetCommandLineW 0x0 0x40a1bc 0xbbf4 0xa9f4
CreateMutexA 0x0 0x40a1c0 0xbbf8 0xa9f8
EraseTape 0x0 0x40a1c4 0xbbfc 0xa9fc
DebugSetProcessKillOnExit 0x0 0x40a1c8 0xbc00 0xaa00
GetCurrentActCtx 0x0 0x40a1cc 0xbc04 0xaa04
GetModuleHandleA 0x0 0x40a1d0 0xbc08 0xaa08
GetHandleInformation 0x0 0x40a1d4 0xbc0c 0xaa0c
DeviceIoControl 0x0 0x40a1d8 0xbc10 0xaa10
FindAtomA 0x0 0x40a1dc 0xbc14 0xaa14
DefineDosDeviceW 0x0 0x40a1e0 0xbc18 0xaa18
GlobalDeleteAtom 0x0 0x40a1e4 0xbc1c 0xaa1c
GetLastError 0x0 0x40a1e8 0xbc20 0xaa20
DisableThreadLibraryCalls 0x0 0x40a1ec 0xbc24 0xaa24
GetCommConfig 0x0 0x40a1f0 0xbc28 0xaa28
CreateFileA 0x0 0x40a1f4 0xbc2c 0xaa2c
GetStringTypeW 0x0 0x40a1f8 0xbc30 0xaa30
LCMapStringW 0x0 0x40a1fc 0xbc34 0xaa34
GetLocaleInfoA 0x0 0x40a200 0xbc38 0xaa38
HeapSize 0x0 0x40a204 0xbc3c 0xaa3c
RtlUnwind 0x0 0x40a208 0xbc40 0xaa40
HeapReAlloc 0x0 0x40a20c 0xbc44 0xaa44
HeapAlloc 0x0 0x40a210 0xbc48 0xaa48
IsValidCodePage 0x0 0x40a214 0xbc4c 0xaa4c
GetACP 0x0 0x40a218 0xbc50 0xaa50
InitializeCriticalSectionAndSpinCount 0x0 0x40a21c 0xbc54 0xaa54
IsDebuggerPresent 0x0 0x40a220 0xbc58 0xaa58
GetCurrentProcess 0x0 0x40a224 0xbc5c 0xaa5c
TerminateProcess 0x0 0x40a228 0xbc60 0xaa60
EnterCriticalSection 0x0 0x40a22c 0xbc64 0xaa64
GetCurrentProcessId 0x0 0x40a230 0xbc68 0xaa68
VirtualFree 0x0 0x40a234 0xbc6c 0xaa6c
HeapCreate 0x0 0x40a238 0xbc70 0xaa70
InterlockedDecrement 0x0 0x40a23c 0xbc74 0xaa74
GetCurrentThreadId 0x0 0x40a240 0xbc78 0xaa78
InterlockedIncrement 0x0 0x40a244 0xbc7c 0xaa7c
TlsSetValue 0x0 0x40a248 0xbc80 0xaa80
SetHandleCount 0x0 0x40a24c 0xbc84 0xaa84
GetEnvironmentStringsW 0x0 0x40a250 0xbc88 0xaa88
GetEnvironmentStrings 0x0 0x40a254 0xbc8c 0xaa8c
GetModuleFileNameA 0x0 0x40a258 0xbc90 0xaa90
SetUnhandledExceptionFilter 0x0 0x40a25c 0xbc94 0xaa94
GetStartupInfoA 0x0 0x40a260 0xbc98 0xaa98
GetCommandLineA 0x0 0x40a264 0xbc9c 0xaa9c
WideCharToMultiByte 0x0 0x40a268 0xbca0 0xaaa0
CloseHandle 0x0 0x40a26c 0xbca4 0xaaa4
SetEnvironmentVariableA 0x0 0x40a270 0xbca8 0xaaa8
CreateFileMappingW 0x0 0x40a274 0xbcac 0xaaac
GetCurrentDirectoryA 0x0 0x40a278 0xbcb0 0xaab0
LeaveCriticalSection 0x0 0x40a27c 0xbcb4 0xaab4
SetFilePointer 0x0 0x40a280 0xbcb8 0xaab8
LocalUnlock 0x0 0x40a284 0xbcbc 0xaabc
lstrcatA 0x0 0x40a288 0xbcc0 0xaac0
DosDateTimeToFileTime 0x0 0x40a28c 0xbcc4 0xaac4
DeleteFileA 0x0 0x40a290 0xbcc8 0xaac8
GetCPInfo 0x0 0x40a294 0xbccc 0xaacc
GetFileAttributesW 0x0 0x40a298 0xbcd0 0xaad0
RaiseException 0x0 0x40a29c 0xbcd4 0xaad4
lstrcpynA 0x0 0x40a2a0 0xbcd8 0xaad8
GetOEMCP 0x0 0x40a2a4 0xbcdc 0xaadc
WriteFileEx 0x0 0x40a2a8 0xbce0 0xaae0
InitializeCriticalSection 0x0 0x40a2ac 0xbce4 0xaae4
CompareStringA 0x0 0x40a2b0 0xbce8 0xaae8
SetEndOfFile 0x0 0x40a2b4 0xbcec 0xaaec
ExpandEnvironmentStringsA 0x0 0x40a2b8 0xbcf0 0xaaf0
FlushFileBuffers 0x0 0x40a2bc 0xbcf4 0xaaf4
GetStdHandle 0x0 0x40a2c0 0xbcf8 0xaaf8
GetUserDefaultUILanguage 0x0 0x40a2c4 0xbcfc 0xaafc
HeapFree 0x0 0x40a2c8 0xbd00 0xab00
FormatMessageW 0x0 0x40a2cc 0xbd04 0xab04
GetUserDefaultLCID 0x0 0x40a2d0 0xbd08 0xab08
TlsFree 0x0 0x40a2d4 0xbd0c 0xab0c
SetEvent 0x0 0x40a2d8 0xbd10 0xab10
FindResourceA 0x0 0x40a2dc 0xbd14 0xab14
LoadResource 0x0 0x40a2e0 0xbd18 0xab18
LockResource 0x0 0x40a2e4 0xbd1c 0xab1c
SizeofResource 0x0 0x40a2e8 0xbd20 0xab20
VirtualAlloc 0x0 0x40a2ec 0xbd24 0xab24
LoadLibraryW 0x0 0x40a2f0 0xbd28 0xab28
GetModuleHandleW 0x0 0x40a2f4 0xbd2c 0xab2c
GetProcAddress 0x0 0x40a2f8 0xbd30 0xab30
GetModuleFileNameW 0x0 0x40a2fc 0xbd34 0xab34
RtlZeroMemory 0x0 0x40a300 0xbd38 0xab38
CreateProcessW 0x0 0x40a304 0xbd3c 0xab3c
VirtualAllocEx 0x0 0x40a308 0xbd40 0xab40
WriteProcessMemory 0x0 0x40a30c 0xbd44 0xab44
GetThreadContext 0x0 0x40a310 0xbd48 0xab48
SetThreadContext 0x0 0x40a314 0xbd4c 0xab4c
SearchPathA 0x0 0x40a318 0xbd50 0xab50
ResumeThread 0x0 0x40a31c 0xbd54 0xab54
USER32.dll (78)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
SetDlgItemTextW 0x0 0x40a338 0xbd70 0xab70
IsZoomed 0x0 0x40a33c 0xbd74 0xab74
GetDlgItemTextW 0x0 0x40a340 0xbd78 0xab78
CreateWindowExW 0x0 0x40a344 0xbd7c 0xab7c
ScreenToClient 0x0 0x40a348 0xbd80 0xab80
SetActiveWindow 0x0 0x40a34c 0xbd84 0xab84
LoadStringA 0x0 0x40a350 0xbd88 0xab88
InvalidateRgn 0x0 0x40a354 0xbd8c 0xab8c
CheckMenuItem 0x0 0x40a358 0xbd90 0xab90
CheckRadioButton 0x0 0x40a35c 0xbd94 0xab94
SetCursor 0x0 0x40a360 0xbd98 0xab98
CreateWindowExA 0x0 0x40a364 0xbd9c 0xab9c
DispatchMessageA 0x0 0x40a368 0xbda0 0xaba0
SetClipboardData 0x0 0x40a36c 0xbda4 0xaba4
DrawTextExW 0x0 0x40a370 0xbda8 0xaba8
TranslateAcceleratorA 0x0 0x40a374 0xbdac 0xabac
CharLowerW 0x0 0x40a378 0xbdb0 0xabb0
BeginPaint 0x0 0x40a37c 0xbdb4 0xabb4
SetMenu 0x0 0x40a380 0xbdb8 0xabb8
EndPaint 0x0 0x40a384 0xbdbc 0xabbc
GetDC 0x0 0x40a388 0xbdc0 0xabc0
LoadIconW 0x0 0x40a38c 0xbdc4 0xabc4
GetProcessDefaultLayout 0x0 0x40a390 0xbdc8 0xabc8
EndDialog 0x0 0x40a394 0xbdcc 0xabcc
SetProcessDefaultLayout 0x0 0x40a398 0xbdd0 0xabd0
LoadCursorA 0x0 0x40a39c 0xbdd4 0xabd4
GetParent 0x0 0x40a3a0 0xbdd8 0xabd8
IsWindow 0x0 0x40a3a4 0xbddc 0xabdc
SetForegroundWindow 0x0 0x40a3a8 0xbde0 0xabe0
IsIconic 0x0 0x40a3ac 0xbde4 0xabe4
LoadCursorW 0x0 0x40a3b0 0xbde8 0xabe8
GetMenuState 0x0 0x40a3b4 0xbdec 0xabec
GetMenuCheckMarkDimensions 0x0 0x40a3b8 0xbdf0 0xabf0
SetWindowTextW 0x0 0x40a3bc 0xbdf4 0xabf4
SetDlgItemTextA 0x0 0x40a3c0 0xbdf8 0xabf8
OpenClipboard 0x0 0x40a3c4 0xbdfc 0xabfc
SendDlgItemMessageW 0x0 0x40a3c8 0xbe00 0xac00
GetSystemMetrics 0x0 0x40a3cc 0xbe04 0xac04
GetWindowThreadProcessId 0x0 0x40a3d0 0xbe08 0xac08
SendDlgItemMessageA 0x0 0x40a3d4 0xbe0c 0xac0c
ReleaseDC 0x0 0x40a3d8 0xbe10 0xac10
SendMessageA 0x0 0x40a3dc 0xbe14 0xac14
GetSysColorBrush 0x0 0x40a3e0 0xbe18 0xac18
GetDlgCtrlID 0x0 0x40a3e4 0xbe1c 0xac1c
LoadBitmapA 0x0 0x40a3e8 0xbe20 0xac20
FindWindowA 0x0 0x40a3ec 0xbe24 0xac24
LoadAcceleratorsW 0x0 0x40a3f0 0xbe28 0xac28
UnhookWinEvent 0x0 0x40a3f4 0xbe2c 0xac2c
InsertMenuItemA 0x0 0x40a3f8 0xbe30 0xac30
PostQuitMessage 0x0 0x40a3fc 0xbe34 0xac34
IsClipboardFormatAvailable 0x0 0x40a400 0xbe38 0xac38
IsDialogMessageA 0x0 0x40a404 0xbe3c 0xac3c
MsgWaitForMultipleObjects 0x0 0x40a408 0xbe40 0xac40
EnableWindow 0x0 0x40a40c 0xbe44 0xac44
AttachThreadInput 0x0 0x40a410 0xbe48 0xac48
GetDlgItem 0x0 0x40a414 0xbe4c 0xac4c
GetMessageA 0x0 0x40a418 0xbe50 0xac50
DialogBoxParamA 0x0 0x40a41c 0xbe54 0xac54
PeekMessageA 0x0 0x40a420 0xbe58 0xac58
CharNextW 0x0 0x40a424 0xbe5c 0xac5c
DestroyWindow 0x0 0x40a428 0xbe60 0xac60
InvalidateRect 0x0 0x40a42c 0xbe64 0xac64
ShowWindow 0x0 0x40a430 0xbe68 0xac68
PeekMessageW 0x0 0x40a434 0xbe6c 0xac6c
SetWindowLongW 0x0 0x40a438 0xbe70 0xac70
GetMessageW 0x0 0x40a43c 0xbe74 0xac74
GetSysColor 0x0 0x40a440 0xbe78 0xac78
DrawTextW 0x0 0x40a444 0xbe7c 0xac7c
SendMessageW 0x0 0x40a448 0xbe80 0xac80
DialogBoxIndirectParamA 0x0 0x40a44c 0xbe84 0xac84
CallWindowProcA 0x0 0x40a450 0xbe88 0xac88
SystemParametersInfoW 0x0 0x40a454 0xbe8c 0xac8c
GetClientRect 0x0 0x40a458 0xbe90 0xac90
ReleaseCapture 0x0 0x40a45c 0xbe94 0xac94
CharNextA 0x0 0x40a460 0xbe98 0xac98
GetMenuItemCount 0x0 0x40a464 0xbe9c 0xac9c
LoadAcceleratorsA 0x0 0x40a468 0xbea0 0xaca0
CreateDialogParamW 0x0 0x40a46c 0xbea4 0xaca4
GDI32.dll (23)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
SelectObject 0x0 0x40a058 0xba90 0xa890
SetBkColor 0x0 0x40a05c 0xba94 0xa894
CreateFontA 0x0 0x40a060 0xba98 0xa898
GetTextMetricsW 0x0 0x40a064 0xba9c 0xa89c
EnumFontsW 0x0 0x40a068 0xbaa0 0xa8a0
CreateCompatibleDC 0x0 0x40a06c 0xbaa4 0xa8a4
GetObjectW 0x0 0x40a070 0xbaa8 0xa8a8
TextOutW 0x0 0x40a074 0xbaac 0xa8ac
StartDocW 0x0 0x40a078 0xbab0 0xa8b0
StartPage 0x0 0x40a07c 0xbab4 0xa8b4
GetTextExtentPoint32A 0x0 0x40a080 0xbab8 0xa8b8
EndPage 0x0 0x40a084 0xbabc 0xa8bc
DeleteDC 0x0 0x40a088 0xbac0 0xa8c0
DeleteObject 0x0 0x40a08c 0xbac4 0xa8c4
CreateFontIndirectA 0x0 0x40a090 0xbac8 0xa8c8
SetTextColor 0x0 0x40a094 0xbacc 0xa8cc
SetBkMode 0x0 0x40a098 0xbad0 0xa8d0
GetTextMetricsA 0x0 0x40a09c 0xbad4 0xa8d4
StartDocA 0x0 0x40a0a0 0xbad8 0xa8d8
GetDeviceCaps 0x0 0x40a0a4 0xbadc 0xa8dc
ExtTextOutA 0x0 0x40a0a8 0xbae0 0xa8e0
CreateDCW 0x0 0x40a0ac 0xbae4 0xa8e4
SetViewportExtEx 0x0 0x40a0b0 0xbae8 0xa8e8
WINSPOOL.DRV (2)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetPrinterDriverW 0x0 0x40a474 0xbeac 0xacac
ClosePrinter 0x0 0x40a478 0xbeb0 0xacb0
COMDLG32.dll (7)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetSaveFileNameW 0x0 0x40a038 0xba70 0xa870
GetSaveFileNameA 0x0 0x40a03c 0xba74 0xa874
PrintDlgExW 0x0 0x40a040 0xba78 0xa878
GetFileTitleW 0x0 0x40a044 0xba7c 0xa87c
ChooseFontW 0x0 0x40a048 0xba80 0xa880
ChooseColorA 0x0 0x40a04c 0xba84 0xa884
FindTextW 0x0 0x40a050 0xba88 0xa888
ADVAPI32.dll (13)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
IsTextUnicode 0x0 0x40a000 0xba38 0xa838
RegOpenKeyExA 0x0 0x40a004 0xba3c 0xa83c
QueryServiceStatus 0x0 0x40a008 0xba40 0xa840
ControlService 0x0 0x40a00c 0xba44 0xa844
OpenServiceA 0x0 0x40a010 0xba48 0xa848
RegSetValueExW 0x0 0x40a014 0xba4c 0xa84c
OpenProcessToken 0x0 0x40a018 0xba50 0xa850
RegCreateKeyA 0x0 0x40a01c 0xba54 0xa854
RegQueryValueExW 0x0 0x40a020 0xba58 0xa858
OpenSCManagerA 0x0 0x40a024 0xba5c 0xa85c
DeleteService 0x0 0x40a028 0xba60 0xa860
LookupPrivilegeValueA 0x0 0x40a02c 0xba64 0xa864
RegOpenKeyA 0x0 0x40a030 0xba68 0xa868
SHELL32.dll (4)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
DragFinish 0x0 0x40a324 0xbd5c 0xab5c
ShellAboutW 0x0 0x40a328 0xbd60 0xab60
DragAcceptFiles 0x0 0x40a32c 0xbd64 0xab64
ShellExecuteExA 0x0 0x40a330 0xbd68 0xab68
ntdll.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
memmove 0x0 0x40a480 0xbeb8 0xacb8
c:\users\hjrd1koky ds8lujv\appdata\roaming\dpx.dll
-
File Properties
Names c:\users\hjrd1koky ds8lujv\appdata\roaming\dpx.dll (Created File)
Size 251.00 KB (257024 bytes)
Hash Values MD5: 0c0df0f05baea320fa301f34e256e08b
SHA1: 0af69a2dff3208af234b22f3b100363c0c29f9d7
SHA256: 9d6c3cc1138aabec66eabd13905c24170f7f1fe6d7aa5dd6bf51f1d3bf66f03d
Actions
PE Information
+
File Properties
Image Base 0xe440000
Entry Point 0xe4412b0
Size Of Code 0x3b400
Size Of Initialized Data 0x3400
Size Of Uninitialized Data 0x0
Format x86
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2010-11-20 12:58:53
Compiler/Packer Unknown
Sections (4)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0xe441000 0x3b31c 0x3b400 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.4
.data 0xe47d000 0xb7c 0xc00 0x3b800 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.89
.rsrc 0xe47e000 0x408 0x600 0x3c400 CNT_INITIALIZED_DATA, MEM_READ 2.51
.reloc 0xe47f000 0x2070 0x2200 0x3ca00 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 6.48
Imports (119)
+
msvcrt.dll (34)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_write 0x0 0xe441000 0x3b8cc 0x3accc
_lseeki64 0x0 0xe441004 0x3b8d0 0x3acd0
_fileno 0x0 0xe441008 0x3b8d4 0x3acd4
__pioinfo 0x0 0xe44100c 0x3b8d8 0x3acd8
__badioinfo 0x0 0xe441010 0x3b8dc 0x3acdc
ferror 0x0 0xe441014 0x3b8e0 0x3ace0
_itoa 0x0 0xe441018 0x3b8e4 0x3ace4
_snprintf 0x0 0xe44101c 0x3b8e8 0x3ace8
_iob 0x0 0xe441020 0x3b8ec 0x3acec
isleadbyte 0x0 0xe441024 0x3b8f0 0x3acf0
__mb_cur_max 0x0 0xe441028 0x3b8f4 0x3acf4
mbtowc 0x0 0xe44102c 0x3b8f8 0x3acf8
_isatty 0x0 0xe441030 0x3b8fc 0x3acfc
?terminate@@YAXXZ 0x0 0xe441034 0x3b900 0x3ad00
_onexit 0x0 0xe441038 0x3b904 0x3ad04
_lock 0x0 0xe44103c 0x3b908 0x3ad08
__dllonexit 0x0 0xe441040 0x3b90c 0x3ad0c
_unlock 0x0 0xe441044 0x3b910 0x3ad10
??1type_info@@UAE@XZ 0x0 0xe441048 0x3b914 0x3ad14
_amsg_exit 0x0 0xe44104c 0x3b918 0x3ad18
_initterm 0x0 0xe441050 0x3b91c 0x3ad1c
_XcptFilter 0x0 0xe441054 0x3b920 0x3ad20
wcsstr 0x0 0xe441058 0x3b924 0x3ad24
_vsnwprintf 0x0 0xe44105c 0x3b928 0x3ad28
_vscwprintf 0x0 0xe441060 0x3b92c 0x3ad2c
memset 0x0 0xe441064 0x3b930 0x3ad30
memcpy 0x0 0xe441068 0x3b934 0x3ad34
_purecall 0x0 0xe44106c 0x3b938 0x3ad38
_vsnprintf 0x0 0xe441070 0x3b93c 0x3ad3c
_CxxThrowException 0x0 0xe441074 0x3b940 0x3ad40
malloc 0x0 0xe441078 0x3b944 0x3ad44
free 0x0 0xe44107c 0x3b948 0x3ad48
_errno 0x0 0xe441080 0x3b94c 0x3ad4c
__CxxFrameHandler 0x0 0xe441084 0x3b950 0x3ad50
KERNEL32.dll (61)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
LocalAlloc 0x0 0xe44108c 0x3b958 0x3ad58
LoadLibraryA 0x0 0xe441090 0x3b95c 0x3ad5c
RaiseException 0x0 0xe441094 0x3b960 0x3ad60
SetUnhandledExceptionFilter 0x0 0xe441098 0x3b964 0x3ad64
UnhandledExceptionFilter 0x0 0xe44109c 0x3b968 0x3ad68
GetCurrentProcess 0x0 0xe4410a0 0x3b96c 0x3ad6c
TerminateProcess 0x0 0xe4410a4 0x3b970 0x3ad70
GetCurrentProcessId 0x0 0xe4410a8 0x3b974 0x3ad74
GetCurrentThreadId 0x0 0xe4410ac 0x3b978 0x3ad78
GetTickCount 0x0 0xe4410b0 0x3b97c 0x3ad7c
QueryPerformanceCounter 0x0 0xe4410b4 0x3b980 0x3ad80
RtlUnwind 0x0 0xe4410b8 0x3b984 0x3ad84
OutputDebugStringA 0x0 0xe4410bc 0x3b988 0x3ad88
InterlockedCompareExchange 0x0 0xe4410c0 0x3b98c 0x3ad8c
InterlockedExchange 0x0 0xe4410c4 0x3b990 0x3ad90
SetFilePointer 0x0 0xe4410c8 0x3b994 0x3ad94
GetFileSize 0x0 0xe4410cc 0x3b998 0x3ad98
GetLongPathNameW 0x0 0xe4410d0 0x3b99c 0x3ad9c
GetSystemTimeAsFileTime 0x0 0xe4410d4 0x3b9a0 0x3ada0
DosDateTimeToFileTime 0x0 0xe4410d8 0x3b9a4 0x3ada4
LocalFileTimeToFileTime 0x0 0xe4410dc 0x3b9a8 0x3ada8
CreateEventW 0x0 0xe4410e0 0x3b9ac 0x3adac
ResetEvent 0x0 0xe4410e4 0x3b9b0 0x3adb0
SetEvent 0x0 0xe4410e8 0x3b9b4 0x3adb4
WaitForSingleObjectEx 0x0 0xe4410ec 0x3b9b8 0x3adb8
CloseHandle 0x0 0xe4410f0 0x3b9bc 0x3adbc
VirtualFree 0x0 0xe4410f4 0x3b9c0 0x3adc0
DeleteCriticalSection 0x0 0xe4410f8 0x3b9c4 0x3adc4
EnterCriticalSection 0x0 0xe4410fc 0x3b9c8 0x3adc8
LeaveCriticalSection 0x0 0xe441100 0x3b9cc 0x3adcc
VirtualAlloc 0x0 0xe441104 0x3b9d0 0x3add0
InitializeCriticalSectionAndSpinCount 0x0 0xe441108 0x3b9d4 0x3add4
ExpandEnvironmentStringsW 0x0 0xe44110c 0x3b9d8 0x3add8
GetEnvironmentVariableW 0x0 0xe441110 0x3b9dc 0x3addc
SetFileAttributesW 0x0 0xe441114 0x3b9e0 0x3ade0
GetFileAttributesW 0x0 0xe441118 0x3b9e4 0x3ade4
RemoveDirectoryW 0x0 0xe44111c 0x3b9e8 0x3ade8
DeleteFileW 0x0 0xe441120 0x3b9ec 0x3adec
Sleep 0x0 0xe441124 0x3b9f0 0x3adf0
GetLastError 0x0 0xe441128 0x3b9f4 0x3adf4
MoveFileExW 0x0 0xe44112c 0x3b9f8 0x3adf8
FindClose 0x0 0xe441130 0x3b9fc 0x3adfc
GetFileSizeEx 0x0 0xe441134 0x3ba00 0x3ae00
ReadFile 0x0 0xe441138 0x3ba04 0x3ae04
SetFilePointerEx 0x0 0xe44113c 0x3ba08 0x3ae08
LCMapStringW 0x0 0xe441140 0x3ba0c 0x3ae0c
WideCharToMultiByte 0x0 0xe441144 0x3ba10 0x3ae10
MultiByteToWideChar 0x0 0xe441148 0x3ba14 0x3ae14
CreateFileW 0x0 0xe44114c 0x3ba18 0x3ae18
GetFullPathNameW 0x0 0xe441150 0x3ba1c 0x3ae1c
FindNextFileW 0x0 0xe441154 0x3ba20 0x3ae20
FindFirstFileW 0x0 0xe441158 0x3ba24 0x3ae24
CreateDirectoryW 0x0 0xe44115c 0x3ba28 0x3ae28
WriteFile 0x0 0xe441160 0x3ba2c 0x3ae2c
SetEndOfFile 0x0 0xe441164 0x3ba30 0x3ae30
SetFileTime 0x0 0xe441168 0x3ba34 0x3ae34
FreeLibrary 0x0 0xe44116c 0x3ba38 0x3ae38
GetWindowsDirectoryW 0x0 0xe441170 0x3ba3c 0x3ae3c
GetProcAddress 0x0 0xe441174 0x3ba40 0x3ae40
LoadLibraryW 0x0 0xe441178 0x3ba44 0x3ae44
GetModuleHandleW 0x0 0xe44117c 0x3ba48 0x3ae48
ADVAPI32.dll (23)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
TraceEvent 0x0 0xe441184 0x3ba50 0x3ae50
ControlTraceW 0x0 0xe441188 0x3ba54 0x3ae54
UnregisterTraceGuids 0x0 0xe44118c 0x3ba58 0x3ae58
RegisterTraceGuidsW 0x0 0xe441190 0x3ba5c 0x3ae5c
GetTraceLoggerHandle 0x0 0xe441194 0x3ba60 0x3ae60
GetTraceEnableLevel 0x0 0xe441198 0x3ba64 0x3ae64
GetTraceEnableFlags 0x0 0xe44119c 0x3ba68 0x3ae68
RegQueryValueExW 0x0 0xe4411a0 0x3ba6c 0x3ae6c
RegOpenKeyExW 0x0 0xe4411a4 0x3ba70 0x3ae70
CryptReleaseContext 0x0 0xe4411a8 0x3ba74 0x3ae74
CryptDestroyHash 0x0 0xe4411ac 0x3ba78 0x3ae78
CryptCreateHash 0x0 0xe4411b0 0x3ba7c 0x3ae7c
RegCloseKey 0x0 0xe4411b4 0x3ba80 0x3ae80
RegCreateKeyW 0x0 0xe4411b8 0x3ba84 0x3ae84
RegOpenCurrentUser 0x0 0xe4411bc 0x3ba88 0x3ae88
RegSetValueExW 0x0 0xe4411c0 0x3ba8c 0x3ae8c
RegQueryInfoKeyW 0x0 0xe4411c4 0x3ba90 0x3ae90
RegEnumKeyW 0x0 0xe4411c8 0x3ba94 0x3ae94
RegOpenKeyW 0x0 0xe4411cc 0x3ba98 0x3ae98
RegDeleteKeyW 0x0 0xe4411d0 0x3ba9c 0x3ae9c
CryptGetHashParam 0x0 0xe4411d4 0x3baa0 0x3aea0
CryptHashData 0x0 0xe4411d8 0x3baa4 0x3aea4
CryptAcquireContextA 0x0 0xe4411dc 0x3baa8 0x3aea8
RPCRT4.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
UuidCreate 0x0 0xe4411e4 0x3bab0 0x3aeb0
Exports (3)
+
Api name EAT Address Ordinal
DpxFreeMemory 0xe4432e5 0x1
DpxNewJob 0xe443302 0x2
DpxRestoreJob 0xe44331d 0x3
c:\users\hjrd1koky ds8lujv\appdata\roaming\dpx.dll
-
File Properties
Names c:\users\hjrd1koky ds8lujv\appdata\roaming\dpx.dll (Created File)
Size 251.00 KB (257024 bytes)
Hash Values MD5: 230c01bcc9b3ee3a62457f5273cb2659
SHA1: aea7dac045da8978dd72e80adfb6e50029eb5447
SHA256: 6edcf00bd139af3e079c4ec417af6d733bc7d55ae686fa77de2eb277c0ba7b55
Actions
PE Information
+
File Properties
Image Base 0xe440000
Entry Point 0xe4412b0
Size Of Code 0x3b400
Size Of Initialized Data 0x3400
Size Of Uninitialized Data 0x0
Format x86
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2010-11-20 12:58:53
Compiler/Packer Unknown
Sections (4)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0xe441000 0x3b31c 0x3b400 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.41
.data 0xe47d000 0xb7c 0xc00 0x3b800 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.89
.rsrc 0xe47e000 0x408 0x600 0x3c400 CNT_INITIALIZED_DATA, MEM_READ 2.51
.reloc 0xe47f000 0x2070 0x2200 0x3ca00 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 6.48
Imports (119)
+
msvcrt.dll (34)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_write 0x0 0xe441000 0x3b8cc 0x3accc
_lseeki64 0x0 0xe441004 0x3b8d0 0x3acd0
_fileno 0x0 0xe441008 0x3b8d4 0x3acd4
__pioinfo 0x0 0xe44100c 0x3b8d8 0x3acd8
__badioinfo 0x0 0xe441010 0x3b8dc 0x3acdc
ferror 0x0 0xe441014 0x3b8e0 0x3ace0
_itoa 0x0 0xe441018 0x3b8e4 0x3ace4
_snprintf 0x0 0xe44101c 0x3b8e8 0x3ace8
_iob 0x0 0xe441020 0x3b8ec 0x3acec
isleadbyte 0x0 0xe441024 0x3b8f0 0x3acf0
__mb_cur_max 0x0 0xe441028 0x3b8f4 0x3acf4
mbtowc 0x0 0xe44102c 0x3b8f8 0x3acf8
_isatty 0x0 0xe441030 0x3b8fc 0x3acfc
?terminate@@YAXXZ 0x0 0xe441034 0x3b900 0x3ad00
_onexit 0x0 0xe441038 0x3b904 0x3ad04
_lock 0x0 0xe44103c 0x3b908 0x3ad08
__dllonexit 0x0 0xe441040 0x3b90c 0x3ad0c
_unlock 0x0 0xe441044 0x3b910 0x3ad10
??1type_info@@UAE@XZ 0x0 0xe441048 0x3b914 0x3ad14
_amsg_exit 0x0 0xe44104c 0x3b918 0x3ad18
_initterm 0x0 0xe441050 0x3b91c 0x3ad1c
_XcptFilter 0x0 0xe441054 0x3b920 0x3ad20
wcsstr 0x0 0xe441058 0x3b924 0x3ad24
_vsnwprintf 0x0 0xe44105c 0x3b928 0x3ad28
_vscwprintf 0x0 0xe441060 0x3b92c 0x3ad2c
memset 0x0 0xe441064 0x3b930 0x3ad30
memcpy 0x0 0xe441068 0x3b934 0x3ad34
_purecall 0x0 0xe44106c 0x3b938 0x3ad38
_vsnprintf 0x0 0xe441070 0x3b93c 0x3ad3c
_CxxThrowException 0x0 0xe441074 0x3b940 0x3ad40
malloc 0x0 0xe441078 0x3b944 0x3ad44
free 0x0 0xe44107c 0x3b948 0x3ad48
_errno 0x0 0xe441080 0x3b94c 0x3ad4c
__CxxFrameHandler 0x0 0xe441084 0x3b950 0x3ad50
KERNEL32.dll (61)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
LocalAlloc 0x0 0xe44108c 0x3b958 0x3ad58
LoadLibraryA 0x0 0xe441090 0x3b95c 0x3ad5c
RaiseException 0x0 0xe441094 0x3b960 0x3ad60
SetUnhandledExceptionFilter 0x0 0xe441098 0x3b964 0x3ad64
UnhandledExceptionFilter 0x0 0xe44109c 0x3b968 0x3ad68
GetCurrentProcess 0x0 0xe4410a0 0x3b96c 0x3ad6c
TerminateProcess 0x0 0xe4410a4 0x3b970 0x3ad70
GetCurrentProcessId 0x0 0xe4410a8 0x3b974 0x3ad74
GetCurrentThreadId 0x0 0xe4410ac 0x3b978 0x3ad78
GetTickCount 0x0 0xe4410b0 0x3b97c 0x3ad7c
QueryPerformanceCounter 0x0 0xe4410b4 0x3b980 0x3ad80
RtlUnwind 0x0 0xe4410b8 0x3b984 0x3ad84
OutputDebugStringA 0x0 0xe4410bc 0x3b988 0x3ad88
InterlockedCompareExchange 0x0 0xe4410c0 0x3b98c 0x3ad8c
InterlockedExchange 0x0 0xe4410c4 0x3b990 0x3ad90
SetFilePointer 0x0 0xe4410c8 0x3b994 0x3ad94
GetFileSize 0x0 0xe4410cc 0x3b998 0x3ad98
GetLongPathNameW 0x0 0xe4410d0 0x3b99c 0x3ad9c
GetSystemTimeAsFileTime 0x0 0xe4410d4 0x3b9a0 0x3ada0
DosDateTimeToFileTime 0x0 0xe4410d8 0x3b9a4 0x3ada4
LocalFileTimeToFileTime 0x0 0xe4410dc 0x3b9a8 0x3ada8
CreateEventW 0x0 0xe4410e0 0x3b9ac 0x3adac
ResetEvent 0x0 0xe4410e4 0x3b9b0 0x3adb0
SetEvent 0x0 0xe4410e8 0x3b9b4 0x3adb4
WaitForSingleObjectEx 0x0 0xe4410ec 0x3b9b8 0x3adb8
CloseHandle 0x0 0xe4410f0 0x3b9bc 0x3adbc
VirtualFree 0x0 0xe4410f4 0x3b9c0 0x3adc0
DeleteCriticalSection 0x0 0xe4410f8 0x3b9c4 0x3adc4
EnterCriticalSection 0x0 0xe4410fc 0x3b9c8 0x3adc8
LeaveCriticalSection 0x0 0xe441100 0x3b9cc 0x3adcc
VirtualAlloc 0x0 0xe441104 0x3b9d0 0x3add0
InitializeCriticalSectionAndSpinCount 0x0 0xe441108 0x3b9d4 0x3add4
ExpandEnvironmentStringsW 0x0 0xe44110c 0x3b9d8 0x3add8
GetEnvironmentVariableW 0x0 0xe441110 0x3b9dc 0x3addc
SetFileAttributesW 0x0 0xe441114 0x3b9e0 0x3ade0
GetFileAttributesW 0x0 0xe441118 0x3b9e4 0x3ade4
RemoveDirectoryW 0x0 0xe44111c 0x3b9e8 0x3ade8
DeleteFileW 0x0 0xe441120 0x3b9ec 0x3adec
Sleep 0x0 0xe441124 0x3b9f0 0x3adf0
GetLastError 0x0 0xe441128 0x3b9f4 0x3adf4
MoveFileExW 0x0 0xe44112c 0x3b9f8 0x3adf8
FindClose 0x0 0xe441130 0x3b9fc 0x3adfc
GetFileSizeEx 0x0 0xe441134 0x3ba00 0x3ae00
ReadFile 0x0 0xe441138 0x3ba04 0x3ae04
SetFilePointerEx 0x0 0xe44113c 0x3ba08 0x3ae08
LCMapStringW 0x0 0xe441140 0x3ba0c 0x3ae0c
WideCharToMultiByte 0x0 0xe441144 0x3ba10 0x3ae10
MultiByteToWideChar 0x0 0xe441148 0x3ba14 0x3ae14
CreateFileW 0x0 0xe44114c 0x3ba18 0x3ae18
GetFullPathNameW 0x0 0xe441150 0x3ba1c 0x3ae1c
FindNextFileW 0x0 0xe441154 0x3ba20 0x3ae20
FindFirstFileW 0x0 0xe441158 0x3ba24 0x3ae24
CreateDirectoryW 0x0 0xe44115c 0x3ba28 0x3ae28
WriteFile 0x0 0xe441160 0x3ba2c 0x3ae2c
SetEndOfFile 0x0 0xe441164 0x3ba30 0x3ae30
SetFileTime 0x0 0xe441168 0x3ba34 0x3ae34
FreeLibrary 0x0 0xe44116c 0x3ba38 0x3ae38
GetWindowsDirectoryW 0x0 0xe441170 0x3ba3c 0x3ae3c
GetProcAddress 0x0 0xe441174 0x3ba40 0x3ae40
LoadLibraryW 0x0 0xe441178 0x3ba44 0x3ae44
GetModuleHandleW 0x0 0xe44117c 0x3ba48 0x3ae48
ADVAPI32.dll (23)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
TraceEvent 0x0 0xe441184 0x3ba50 0x3ae50
ControlTraceW 0x0 0xe441188 0x3ba54 0x3ae54
UnregisterTraceGuids 0x0 0xe44118c 0x3ba58 0x3ae58
RegisterTraceGuidsW 0x0 0xe441190 0x3ba5c 0x3ae5c
GetTraceLoggerHandle 0x0 0xe441194 0x3ba60 0x3ae60
GetTraceEnableLevel 0x0 0xe441198 0x3ba64 0x3ae64
GetTraceEnableFlags 0x0 0xe44119c 0x3ba68 0x3ae68
RegQueryValueExW 0x0 0xe4411a0 0x3ba6c 0x3ae6c
RegOpenKeyExW 0x0 0xe4411a4 0x3ba70 0x3ae70
CryptReleaseContext 0x0 0xe4411a8 0x3ba74 0x3ae74
CryptDestroyHash 0x0 0xe4411ac 0x3ba78 0x3ae78
CryptCreateHash 0x0 0xe4411b0 0x3ba7c 0x3ae7c
RegCloseKey 0x0 0xe4411b4 0x3ba80 0x3ae80
RegCreateKeyW 0x0 0xe4411b8 0x3ba84 0x3ae84
RegOpenCurrentUser 0x0 0xe4411bc 0x3ba88 0x3ae88
RegSetValueExW 0x0 0xe4411c0 0x3ba8c 0x3ae8c
RegQueryInfoKeyW 0x0 0xe4411c4 0x3ba90 0x3ae90
RegEnumKeyW 0x0 0xe4411c8 0x3ba94 0x3ae94
RegOpenKeyW 0x0 0xe4411cc 0x3ba98 0x3ae98
RegDeleteKeyW 0x0 0xe4411d0 0x3ba9c 0x3ae9c
CryptGetHashParam 0x0 0xe4411d4 0x3baa0 0x3aea0
CryptHashData 0x0 0xe4411d8 0x3baa4 0x3aea4
CryptAcquireContextA 0x0 0xe4411dc 0x3baa8 0x3aea8
RPCRT4.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
UuidCreate 0x0 0xe4411e4 0x3bab0 0x3aeb0
Exports (3)
+
Api name EAT Address Ordinal
DpxFreeMemory 0xe4432e5 0x1
DpxNewJob 0xe443302 0x2
DpxRestoreJob 0xe44331d 0x3
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image