Malware Uses JAR | Files
Try VMRay Analyzer
File Information
Sample files count 1
Created files count 12
Modified files count 4
c:\users\dssdpmx042\desktop\Duplicata0.jar
-
File Properties
Names c:\users\dssdpmx042\desktop\Duplicata0.jar (Sample File)
Size 27.46 KB (28123 bytes)
Hash Values MD5: 53e9f702c6ca434311cc05f09acf1923
SHA1: fba04d13da22168a6f6d0e0a9d893b0938d4abbf
SHA256: a2b467819bd03974f8b4ac326d9d488eb80680ee43cea984e160922122f1f048
Actions
c:\users\dssdpmx042\.oracle_jre_usage\90737d32e3abaa4.timestamp
-
File Properties
Names c:\users\dssdpmx042\.oracle_jre_usage\90737d32e3abaa4.timestamp (Modified File)
Size 0.05 KB (50 bytes)
Hash Values MD5: 9fffd4e723eebc43d03333c1a4413ab4
SHA1: 5a93ce0f655c05c5318bfbdb488e6eceaf29d96e
SHA256: 48d355d323548fb06decc335335b6deb3155b593756826c6771ff9d25743ea63
Actions
c:\users\public\n3eg\id
-
File Properties
Names c:\users\public\n3eg\id (Created File)
Size 0.01 KB (7 bytes)
Hash Values MD5: 97558baebf6eb308ff83d8fe474e294a
SHA1: 954cfe56df08de38d177d12bab69170cf1674b03
SHA256: 7a788184a2507c5de3f4cfc973810695d3ca41e29c6e90a21f87d419e1601c94
Actions
c:\users\public\n3eg\idw
-
File Properties
Names c:\users\public\n3eg\idw (Created File)
Size 0.00 KB (2 bytes)
Hash Values MD5: 26657d5ff9020d2abefe558796b99584
SHA1: 6fb84aed32facd1299ee1e77c8fd2b1a6352669e
SHA256: 7b1a278f5abe8e9da907fc9c29dfd432d60dc76e17b0fabab659d2a508bc65c4
Actions
c:\users\public\n3eg\n3eg1.zip
-
File Properties
Names c:\users\public\n3eg\n3eg1.zip (Created File)
Size 1.58 MB (1661608 bytes)
Hash Values MD5: 16dbf6ce67e389a442ce8d032637654d
SHA1: 0b4068e0d543bb6cd9e549df207a3069a7e18388
SHA256: 555a58f9a1d235b075fa645a058a5b93215bd27432a4c8e120f4310eb8655c47
Actions
c:\users\public\n3eg\n3eg2.zip
-
File Properties
Names c:\users\public\n3eg\n3eg2.zip (Created File)
Size 730.94 KB (748483 bytes)
Hash Values MD5: 7088647800a215d2d77570ff3f999e74
SHA1: aad42e745069e801900a01f1fd897b82067f988e
SHA256: 572d8553fc28c6cdd680aa782cd73d2e6cbd7316145f060a3986a7ce0e40515e
Actions
c:\users\public\n3eg\n3eg4.zip
-
File Properties
Names c:\users\public\n3eg\n3eg4.zip (Created File)
Size 411.42 KB (421293 bytes)
Hash Values MD5: d5a2e7e6f866f119cd9fe3b3d6232acc
SHA1: 8af3b0406e8e6780cea28a603f46ef2eec7d2b9f
SHA256: 09973947c6b59a27d5adf9ce1d0b2edf342a18ae746d58dec72cc24b31d46a59
Actions
c:\users\public\n3eg\ljkg4, ...
-
File Properties
Names c:\users\public\n3eg\ljkg4 (Created File)
c:\users\public\n3eg\n3eg4.51n3e (Created File)
Size 452.50 KB (463360 bytes)
Hash Values MD5: 9c413a78860adeb716ce3a6c9c90aeb3
SHA1: 3b12a0e1afae98db7e665ea6bc45b1c7bf875b30
SHA256: 8be47f70911221c257dd2def3ce76a1d4db6d26685de6fbc16409baeb8ba8722
Actions
PE Information
+
File Properties
Image Base 0x400000
Entry Point 0x4148d4
Size Of Code 0x13a00
Size Of Initialized Data 0x5d400
Size Of Uninitialized Data 0x0
Format x86
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 1992-06-20 00:22:17
Compiler/Packer Unknown
Sections (6)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x1396c 0x13a00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.47
DATA 0x415000 0x59c 0x600 0x13e00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 3.98
BSS 0x416000 0x889 0x0 0x14400 MEM_READ, MEM_WRITE 0.0
.idata 0x417000 0xad6 0xc00 0x14400 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.42
.reloc 0x418000 0x18c4 0x1a00 0x15000 CNT_INITIALIZED_DATA, MEM_SHARED, MEM_READ 6.53
.rsrc 0x41a000 0x5a800 0x5a800 0x16a00 CNT_INITIALIZED_DATA, MEM_SHARED, MEM_READ 7.99
Imports (115)
+
kernel32.dll (34)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
DeleteCriticalSection 0x0 0x4170c8 0x170c8 0x144c8
LeaveCriticalSection 0x0 0x4170cc 0x170cc 0x144cc
EnterCriticalSection 0x0 0x4170d0 0x170d0 0x144d0
InitializeCriticalSection 0x0 0x4170d4 0x170d4 0x144d4
VirtualFree 0x0 0x4170d8 0x170d8 0x144d8
VirtualAlloc 0x0 0x4170dc 0x170dc 0x144dc
LocalFree 0x0 0x4170e0 0x170e0 0x144e0
LocalAlloc 0x0 0x4170e4 0x170e4 0x144e4
GetVersion 0x0 0x4170e8 0x170e8 0x144e8
GetCurrentThreadId 0x0 0x4170ec 0x170ec 0x144ec
InterlockedDecrement 0x0 0x4170f0 0x170f0 0x144f0
InterlockedIncrement 0x0 0x4170f4 0x170f4 0x144f4
VirtualQuery 0x0 0x4170f8 0x170f8 0x144f8
WideCharToMultiByte 0x0 0x4170fc 0x170fc 0x144fc
MultiByteToWideChar 0x0 0x417100 0x17100 0x14500
lstrlenA 0x0 0x417104 0x17104 0x14504
lstrcpynA 0x0 0x417108 0x17108 0x14508
LoadLibraryExA 0x0 0x41710c 0x1710c 0x1450c
GetThreadLocale 0x0 0x417110 0x17110 0x14510
GetStartupInfoA 0x0 0x417114 0x17114 0x14514
GetProcAddress 0x0 0x417118 0x17118 0x14518
GetModuleHandleA 0x0 0x41711c 0x1711c 0x1451c
GetModuleFileNameA 0x0 0x417120 0x17120 0x14520
GetLocaleInfoA 0x0 0x417124 0x17124 0x14524
GetCommandLineA 0x0 0x417128 0x17128 0x14528
FreeLibrary 0x0 0x41712c 0x1712c 0x1452c
FindFirstFileA 0x0 0x417130 0x17130 0x14530
FindClose 0x0 0x417134 0x17134 0x14534
ExitProcess 0x0 0x417138 0x17138 0x14538
WriteFile 0x0 0x41713c 0x1713c 0x1453c
UnhandledExceptionFilter 0x0 0x417140 0x17140 0x14540
RtlUnwind 0x0 0x417144 0x17144 0x14544
RaiseException 0x0 0x417148 0x17148 0x14548
GetStdHandle 0x0 0x41714c 0x1714c 0x1454c
user32.dll (4)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetKeyboardType 0x0 0x417154 0x17154 0x14554
LoadStringA 0x0 0x417158 0x17158 0x14558
MessageBoxA 0x0 0x41715c 0x1715c 0x1455c
CharNextA 0x0 0x417160 0x17160 0x14560
advapi32.dll (3)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegQueryValueExA 0x0 0x417168 0x17168 0x14568
RegOpenKeyExA 0x0 0x41716c 0x1716c 0x1456c
RegCloseKey 0x0 0x417170 0x17170 0x14570
oleaut32.dll (3)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
SysFreeString 0x0 0x417178 0x17178 0x14578
SysReAllocStringLen 0x0 0x41717c 0x1717c 0x1457c
SysAllocStringLen 0x0 0x417180 0x17180 0x14580
kernel32.dll (6)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
TlsSetValue 0x0 0x417188 0x17188 0x14588
TlsGetValue 0x0 0x41718c 0x1718c 0x1458c
TlsFree 0x0 0x417190 0x17190 0x14590
TlsAlloc 0x0 0x417194 0x17194 0x14594
LocalFree 0x0 0x417198 0x17198 0x14598
LocalAlloc 0x0 0x41719c 0x1719c 0x1459c
kernel32.dll (51)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
WriteFile 0x0 0x4171a4 0x171a4 0x145a4
WaitForSingleObject 0x0 0x4171a8 0x171a8 0x145a8
VirtualQuery 0x0 0x4171ac 0x171ac 0x145ac
VirtualProtect 0x0 0x4171b0 0x171b0 0x145b0
VirtualFree 0x0 0x4171b4 0x171b4 0x145b4
VirtualAlloc 0x0 0x4171b8 0x171b8 0x145b8
SetFilePointer 0x0 0x4171bc 0x171bc 0x145bc
SetEvent 0x0 0x4171c0 0x171c0 0x145c0
SetEndOfFile 0x0 0x4171c4 0x171c4 0x145c4
ResetEvent 0x0 0x4171c8 0x171c8 0x145c8
ReadFile 0x0 0x4171cc 0x171cc 0x145cc
LoadLibraryA 0x0 0x4171d0 0x171d0 0x145d0
LeaveCriticalSection 0x0 0x4171d4 0x171d4 0x145d4
IsBadReadPtr 0x0 0x4171d8 0x171d8 0x145d8
InitializeCriticalSection 0x0 0x4171dc 0x171dc 0x145dc
HeapFree 0x0 0x4171e0 0x171e0 0x145e0
HeapAlloc 0x0 0x4171e4 0x171e4 0x145e4
GlobalUnlock 0x0 0x4171e8 0x171e8 0x145e8
GlobalReAlloc 0x0 0x4171ec 0x171ec 0x145ec
GlobalHandle 0x0 0x4171f0 0x171f0 0x145f0
GlobalLock 0x0 0x4171f4 0x171f4 0x145f4
GlobalFree 0x0 0x4171f8 0x171f8 0x145f8
GlobalAlloc 0x0 0x4171fc 0x171fc 0x145fc
GetVersionExA 0x0 0x417200 0x17200 0x14600
GetThreadLocale 0x0 0x417204 0x17204 0x14604
GetStringTypeExA 0x0 0x417208 0x17208 0x14608
GetStdHandle 0x0 0x41720c 0x1720c 0x1460c
GetProcessHeap 0x0 0x417210 0x17210 0x14610
GetProcAddress 0x0 0x417214 0x17214 0x14614
GetModuleHandleA 0x0 0x417218 0x17218 0x14618
GetModuleFileNameA 0x0 0x41721c 0x1721c 0x1461c
GetLocaleInfoA 0x0 0x417220 0x17220 0x14620
GetLocalTime 0x0 0x417224 0x17224 0x14624
GetLastError 0x0 0x417228 0x17228 0x14628
GetFullPathNameA 0x0 0x41722c 0x1722c 0x1462c
GetDiskFreeSpaceA 0x0 0x417230 0x17230 0x14630
GetDateFormatA 0x0 0x417234 0x17234 0x14634
GetCurrentThreadId 0x0 0x417238 0x17238 0x14638
GetComputerNameA 0x0 0x41723c 0x1723c 0x1463c
GetCPInfo 0x0 0x417240 0x17240 0x14640
GetACP 0x0 0x417244 0x17244 0x14644
FreeLibrary 0x0 0x417248 0x17248 0x14648
FormatMessageA 0x0 0x41724c 0x1724c 0x1464c
EnumCalendarInfoA 0x0 0x417250 0x17250 0x14650
EnterCriticalSection 0x0 0x417254 0x17254 0x14654
DeleteCriticalSection 0x0 0x417258 0x17258 0x14658
CreateThread 0x0 0x41725c 0x1725c 0x1465c
CreateFileA 0x0 0x417260 0x17260 0x14660
CreateEventA 0x0 0x417264 0x17264 0x14664
CompareStringA 0x0 0x417268 0x17268 0x14668
CloseHandle 0x0 0x41726c 0x1726c 0x1466c
user32.dll (5)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
MessageBoxA 0x0 0x417274 0x17274 0x14674
LoadStringA 0x0 0x417278 0x17278 0x14678
GetSystemMetrics 0x0 0x41727c 0x1727c 0x1467c
CharNextA 0x0 0x417280 0x17280 0x14680
CharToOemA 0x0 0x417284 0x17284 0x14684
kernel32.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
Sleep 0x0 0x41728c 0x1728c 0x1468c
oleaut32.dll (8)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
SafeArrayPtrOfIndex 0x0 0x417294 0x17294 0x14694
SafeArrayGetUBound 0x0 0x417298 0x17298 0x14698
SafeArrayGetLBound 0x0 0x41729c 0x1729c 0x1469c
SafeArrayCreate 0x0 0x4172a0 0x172a0 0x146a0
VariantChangeType 0x0 0x4172a4 0x172a4 0x146a4
VariantCopy 0x0 0x4172a8 0x172a8 0x146a8
VariantClear 0x0 0x4172ac 0x172ac 0x146ac
VariantInit 0x0 0x4172b0 0x172b0 0x146b0
c:\users\public\n3eg\ljkg1, ...
-
File Properties
Names c:\users\public\n3eg\ljkg1 (Created File)
c:\users\public\n3eg\n3eg1.51n3e (Created File)
Size 2.56 MB (2689537 bytes)
Hash Values MD5: 8eaa07e05c7f46d1c2949d11c9ba645d
SHA1: 1dc6bc4043ce00b856bfe462147064b34ae16dc2
SHA256: 866218b20d0ebcae237e288cf8616d7a9293c974a1df14ec8f7c37b7ee0dd7e4
Actions
c:\users\public\n3eg\ljkg2, ...
-
File Properties
Names c:\users\public\n3eg\ljkg2 (Created File)
c:\users\public\n3eg\n3eg2.51n3e (Created File)
Size 1.29 MB (1356288 bytes)
Hash Values MD5: 23adce0295127671e5bc3c4c9d1e2eb7
SHA1: cf28f7c38c1a3e17458e6b7eb1dc38baef72d290
SHA256: 7cfbfff8aaf3bd0cc707e61a075a1f45644f422f9d1c55573edec637c27b6534
Actions
PE Information
+
File Properties
Image Base 0x400000
Entry Point 0x4d8670
Size Of Code 0xd7000
Size Of Initialized Data 0x73e00
Size Of Uninitialized Data 0x0
Format x86
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2016-08-12 02:11:27
Compiler/Packer Unknown
Sections (8)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xd63dc 0xd6400 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.46
.itext 0x4d8000 0xbc0 0xc00 0xd6800 CNT_CODE, MEM_EXECUTE, MEM_READ 6.2
.data 0x4d9000 0x3a2c 0x3c00 0xd7400 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 5.28
.bss 0x4dd000 0x5070 0x0 0xdb000 MEM_READ, MEM_WRITE 0.0
.idata 0x4e3000 0xe06 0x1000 0xdb000 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.59
.didata 0x4e4000 0x154 0x200 0xdc000 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 2.36
.reloc 0x4e5000 0x143bc 0x14400 0xdc200 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 6.71
.rsrc 0x4fa000 0x5ac00 0x5ac00 0xf0600 CNT_INITIALIZED_DATA, MEM_READ 7.98
Imports (127)
+
oleaut32.dll (3)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
SysFreeString 0x0 0x4e32e8 0xe30c8 0xdb0c8
SysReAllocStringLen 0x0 0x4e32ec 0xe30cc 0xdb0cc
SysAllocStringLen 0x0 0x4e32f0 0xe30d0 0xdb0d0
advapi32.dll (3)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegQueryValueExW 0x0 0x4e32f8 0xe30d8 0xdb0d8
RegOpenKeyExW 0x0 0x4e32fc 0xe30dc 0xdb0dc
RegCloseKey 0x0 0x4e3300 0xe30e0 0xdb0e0
user32.dll (3)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
MessageBoxA 0x0 0x4e3308 0xe30e8 0xdb0e8
CharNextW 0x0 0x4e330c 0xe30ec 0xdb0ec
LoadStringW 0x0 0x4e3310 0xe30f0 0xdb0f0
kernel32.dll (39)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
Sleep 0x0 0x4e3318 0xe30f8 0xdb0f8
VirtualFree 0x0 0x4e331c 0xe30fc 0xdb0fc
VirtualAlloc 0x0 0x4e3320 0xe3100 0xdb100
lstrlenW 0x0 0x4e3324 0xe3104 0xdb104
VirtualQuery 0x0 0x4e3328 0xe3108 0xdb108
GetTickCount 0x0 0x4e332c 0xe310c 0xdb10c
GetSystemInfo 0x0 0x4e3330 0xe3110 0xdb110
GetVersion 0x0 0x4e3334 0xe3114 0xdb114
CompareStringW 0x0 0x4e3338 0xe3118 0xdb118
IsValidLocale 0x0 0x4e333c 0xe311c 0xdb11c
SetThreadLocale 0x0 0x4e3340 0xe3120 0xdb120
GetSystemDefaultUILanguage 0x0 0x4e3344 0xe3124 0xdb124
GetUserDefaultUILanguage 0x0 0x4e3348 0xe3128 0xdb128
GetLocaleInfoW 0x0 0x4e334c 0xe312c 0xdb12c
WideCharToMultiByte 0x0 0x4e3350 0xe3130 0xdb130
MultiByteToWideChar 0x0 0x4e3354 0xe3134 0xdb134
GetACP 0x0 0x4e3358 0xe3138 0xdb138
LoadLibraryExW 0x0 0x4e335c 0xe313c 0xdb13c
GetStartupInfoW 0x0 0x4e3360 0xe3140 0xdb140
GetProcAddress 0x0 0x4e3364 0xe3144 0xdb144
GetModuleHandleW 0x0 0x4e3368 0xe3148 0xdb148
GetModuleFileNameW 0x0 0x4e336c 0xe314c 0xdb14c
GetCommandLineW 0x0 0x4e3370 0xe3150 0xdb150
FreeLibrary 0x0 0x4e3374 0xe3154 0xdb154
GetLastError 0x0 0x4e3378 0xe3158 0xdb158
UnhandledExceptionFilter 0x0 0x4e337c 0xe315c 0xdb15c
RtlUnwind 0x0 0x4e3380 0xe3160 0xdb160
RaiseException 0x0 0x4e3384 0xe3164 0xdb164
ExitProcess 0x0 0x4e3388 0xe3168 0xdb168
GetCurrentThreadId 0x0 0x4e338c 0xe316c 0xdb16c
DeleteCriticalSection 0x0 0x4e3390 0xe3170 0xdb170
LeaveCriticalSection 0x0 0x4e3394 0xe3174 0xdb174
EnterCriticalSection 0x0 0x4e3398 0xe3178 0xdb178
InitializeCriticalSection 0x0 0x4e339c 0xe317c 0xdb17c
FindFirstFileW 0x0 0x4e33a0 0xe3180 0xdb180
FindClose 0x0 0x4e33a4 0xe3184 0xdb184
WriteFile 0x0 0x4e33a8 0xe3188 0xdb188
GetStdHandle 0x0 0x4e33ac 0xe318c 0xdb18c
CloseHandle 0x0 0x4e33b0 0xe3190 0xdb190
kernel32.dll (11)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetProcAddress 0x0 0x4e33b8 0xe3198 0xdb198
RaiseException 0x0 0x4e33bc 0xe319c 0xdb19c
LoadLibraryA 0x0 0x4e33c0 0xe31a0 0xdb1a0
GetLastError 0x0 0x4e33c4 0xe31a4 0xdb1a4
TlsSetValue 0x0 0x4e33c8 0xe31a8 0xdb1a8
TlsGetValue 0x0 0x4e33cc 0xe31ac 0xdb1ac
TlsFree 0x0 0x4e33d0 0xe31b0 0xdb1b0
TlsAlloc 0x0 0x4e33d4 0xe31b4 0xdb1b4
LocalFree 0x0 0x4e33d8 0xe31b8 0xdb1b8
LocalAlloc 0x0 0x4e33dc 0xe31bc 0xdb1bc
FreeLibrary 0x0 0x4e33e0 0xe31c0 0xdb1c0
user32.dll (6)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
MessageBoxW 0x0 0x4e33e8 0xe31c8 0xdb1c8
LoadStringW 0x0 0x4e33ec 0xe31cc 0xdb1cc
GetSystemMetrics 0x0 0x4e33f0 0xe31d0 0xdb1d0
CharUpperBuffW 0x0 0x4e33f4 0xe31d4 0xdb1d4
CharUpperW 0x0 0x4e33f8 0xe31d8 0xdb1d8
CharLowerBuffW 0x0 0x4e33fc 0xe31dc 0xdb1dc
kernel32.dll (53)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
WriteFile 0x0 0x4e3404 0xe31e4 0xdb1e4
WideCharToMultiByte 0x0 0x4e3408 0xe31e8 0xdb1e8
WaitForSingleObject 0x0 0x4e340c 0xe31ec 0xdb1ec
VirtualQueryEx 0x0 0x4e3410 0xe31f0 0xdb1f0
VirtualQuery 0x0 0x4e3414 0xe31f4 0xdb1f4
VirtualProtect 0x0 0x4e3418 0xe31f8 0xdb1f8
VirtualFree 0x0 0x4e341c 0xe31fc 0xdb1fc
TryEnterCriticalSection 0x0 0x4e3420 0xe3200 0xdb200
SwitchToThread 0x0 0x4e3424 0xe3204 0xdb204
SetLastError 0x0 0x4e3428 0xe3208 0xdb208
SetFilePointer 0x0 0x4e342c 0xe320c 0xdb20c
SetEvent 0x0 0x4e3430 0xe3210 0xdb210
SetEndOfFile 0x0 0x4e3434 0xe3214 0xdb214
ResetEvent 0x0 0x4e3438 0xe3218 0xdb218
ReadFile 0x0 0x4e343c 0xe321c 0xdb21c
LocalFree 0x0 0x4e3440 0xe3220 0xdb220
LoadLibraryW 0x0 0x4e3444 0xe3224 0xdb224
LeaveCriticalSection 0x0 0x4e3448 0xe3228 0xdb228
IsValidLocale 0x0 0x4e344c 0xe322c 0xdb22c
InitializeCriticalSection 0x0 0x4e3450 0xe3230 0xdb230
HeapSize 0x0 0x4e3454 0xe3234 0xdb234
HeapFree 0x0 0x4e3458 0xe3238 0xdb238
HeapDestroy 0x0 0x4e345c 0xe323c 0xdb23c
HeapCreate 0x0 0x4e3460 0xe3240 0xdb240
HeapAlloc 0x0 0x4e3464 0xe3244 0xdb244
GetVersionExW 0x0 0x4e3468 0xe3248 0xdb248
GetThreadLocale 0x0 0x4e346c 0xe324c 0xdb24c
GetStdHandle 0x0 0x4e3470 0xe3250 0xdb250
GetProcAddress 0x0 0x4e3474 0xe3254 0xdb254
GetModuleHandleW 0x0 0x4e3478 0xe3258 0xdb258
GetModuleFileNameW 0x0 0x4e347c 0xe325c 0xdb25c
GetLocaleInfoW 0x0 0x4e3480 0xe3260 0xdb260
GetLocalTime 0x0 0x4e3484 0xe3264 0xdb264
GetLastError 0x0 0x4e3488 0xe3268 0xdb268
GetFullPathNameW 0x0 0x4e348c 0xe326c 0xdb26c
GetDiskFreeSpaceW 0x0 0x4e3490 0xe3270 0xdb270
GetDateFormatW 0x0 0x4e3494 0xe3274 0xdb274
GetCurrentThreadId 0x0 0x4e3498 0xe3278 0xdb278
GetCurrentProcess 0x0 0x4e349c 0xe327c 0xdb27c
GetComputerNameW 0x0 0x4e34a0 0xe3280 0xdb280
GetCPInfoExW 0x0 0x4e34a4 0xe3284 0xdb284
GetCPInfo 0x0 0x4e34a8 0xe3288 0xdb288
GetACP 0x0 0x4e34ac 0xe328c 0xdb28c
FreeLibrary 0x0 0x4e34b0 0xe3290 0xdb290
FormatMessageW 0x0 0x4e34b4 0xe3294 0xdb294
EnumSystemLocalesW 0x0 0x4e34b8 0xe3298 0xdb298
EnumCalendarInfoW 0x0 0x4e34bc 0xe329c 0xdb29c
EnterCriticalSection 0x0 0x4e34c0 0xe32a0 0xdb2a0
DeleteCriticalSection 0x0 0x4e34c4 0xe32a4 0xdb2a4
CreateFileW 0x0 0x4e34c8 0xe32a8 0xdb2a8
CreateEventW 0x0 0x4e34cc 0xe32ac 0xdb2ac
CompareStringW 0x0 0x4e34d0 0xe32b0 0xdb2b0
CloseHandle 0x0 0x4e34d4 0xe32b4 0xdb2b4
kernel32.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
Sleep 0x0 0x4e34dc 0xe32bc 0xdb2bc
oleaut32.dll (8)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
SafeArrayPtrOfIndex 0x0 0x4e34e4 0xe32c4 0xdb2c4
SafeArrayGetUBound 0x0 0x4e34e8 0xe32c8 0xdb2c8
SafeArrayGetLBound 0x0 0x4e34ec 0xe32cc 0xdb2cc
SafeArrayCreate 0x0 0x4e34f0 0xe32d0 0xdb2d0
VariantChangeType 0x0 0x4e34f4 0xe32d4 0xdb2d4
VariantCopy 0x0 0x4e34f8 0xe32d8 0xdb2d8
VariantClear 0x0 0x4e34fc 0xe32dc 0xdb2dc
VariantInit 0x0 0x4e3500 0xe32e0 0xdb2e0
c:\users\public\n3eg\wvs
-
File Properties
Names c:\users\public\n3eg\wvs (Created File)
Size 0.00 KB (4 bytes)
Hash Values MD5: f4314bbaf858170dd3b5d1610b3370fa
SHA1: fb456dcb16fcac006136471acaf71089398f2063
SHA256: 45e26aeb4a0e45265193e9293e88a93d9b3c89af4e401cb1812161c4568d0b51
Actions
c:\users\public\n3eg\idx
-
File Properties
Names c:\users\public\n3eg\idx (Created File)
Size 0.01 KB (10 bytes)
Hash Values MD5: a26185275591cd0849899d86349265a0
SHA1: 209b5d24d976b7399dd37ee9669c312ddc3da214
SHA256: 7361213f5c9ebbdf90b6865202c7f02607e3d57ec9b070448dba250bef7061f4
Actions
c:\users\public\n3eg\n3e.vbs
-
File Properties
Names c:\users\public\n3eg\n3e.vbs (Created File)
Size 4.10 KB (4199 bytes)
Hash Values MD5: 519b80fd9d6073f6034820a5c0f0241c
SHA1: 5d7d06d0b1100817dfccf7c87c824650da296fc1
SHA256: 7ac2bab32a34ef844ac2a63864db4d238011723b81f4072f22b148a4535a56d8
Actions
c:\users\public\n3eg\uc
-
File Properties
Names c:\users\public\n3eg\uc (Created File)
Size 0.00 KB (4 bytes)
Hash Values MD5: 27ff7ea9ce50076cfc8e794d64957f7c
SHA1: d765803318ad03df1a1fbdc66fd542945dd81a84
SHA256: 885fa5c5cb5f80fdb414f1b3e0b94c4b1366db1ce83e82358c4cb67da2ab73e4
Actions
c:\users\dssdpmx042\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
-
File Properties
Names c:\users\dssdpmx042\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat (Modified File)
Size 80.00 KB (81920 bytes)
Hash Values MD5: 489a66c81bd1deebd347a3fce46c31d7
SHA1: fc27e597ef7a216a9c7eb63779d18ed1a1f8b5fc
SHA256: 177fb57447305271f05151adc9fabf9dd69d3e052c98f9fcaac79ced241bb5ad
Actions
c:\users\dssdpmx042\appdata\roaming\microsoft\windows\cookies\index.dat, ...
-
File Properties
Names c:\users\dssdpmx042\appdata\roaming\microsoft\windows\cookies\index.dat (Modified File)
process_00000003-region_00000663-addr_0x00000000053e0000-size_0x0000000000008000-perm_rw.bin (Process Dump)
process_00000015-region_00002025-addr_0x00000000035a0000-size_0x0000000000008000-perm_rw.bin (Process Dump)
Size 32.00 KB (32768 bytes)
Hash Values MD5: 9da9b46d28aaa6d10d5ba425639fc03a
SHA1: 2602ba59732e5f2cca492e65771897d415805d78
SHA256: b0871c556380772c12490db86b7a1c20917ee3b4e6115e080eec8355d7b3d9f5
Actions
c:\users\dssdpmx042\appdata\local\microsoft\windows\history\history.ie5\index.dat
-
File Properties
Names c:\users\dssdpmx042\appdata\local\microsoft\windows\history\history.ie5\index.dat (Modified File)
Size 48.00 KB (49152 bytes)
Hash Values MD5: c4afe452c2cd7b22ab13582f920725c5
SHA1: adabacab480544deed5ca4966cbb1624ec5840d2
SHA256: 39ebb553a8f620ee98ad0560a6ee2cd5c01049d92d65c1f34947c531a9f54be6
Actions
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy". 



    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image