Windows
Analysis Report
Lostitem.exe
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
Lostitem.exe (PID: 7576 cmdline:
"C:\Users\ user\Deskt op\Lostite m.exe" MD5: B76E8B0FF4AA3AEC76919FA82D8122AC) WerFault.exe (PID: 7648 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 7 576 -s 416 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Process created: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 Process Injection | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 21 Security Software Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Software Packing | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
30% | ReversingLabs | Win64.Virus.Virut |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1467154 |
Start date and time: | 2024-07-03 19:23:36 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 8s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Run with higher sleep bypass |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Lostitem.exe |
Detection: | MAL |
Classification: | mal48.winEXE@2/5@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.182.143.212
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Lostitem.exe
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Lostitem.exe_ed5bf9fc84baaaa4fe9d7bc8a34484cefcec24_10c8ff2b_079e8aba-c121-45cb-8fc1-8890f46db496\Report.wer ![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAXCAYAAAARIY8tAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTQyIDc5LjE2MDkyNCwgMjAxNy8wNy8xMy0wMTowNjozOSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIChXaW5kb3dzKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDo1MURGMTcxMEUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDo1MURGMTcxMUUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjUxREYxNzBFRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjUxREYxNzBGRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+ndzG2gAAA2JJREFUeNq0VVtIlEEU/nZXaTc1txbLMkrFxAuolA+Z3dQgqIdE0dSy1gclezJt1VWrh9TSBzUqKCorMs1L0ENJqV0helBMxTCSykUSzby77pKX7czorr/r6mLggcPMf/453zdz5pwzIoPBgNUUMVZZRJaM0evlUTRUrRArpmpouNIqAYFLaeggdV0hgYbUm0h01kJ0zhK4o9NGwdzJEsF20tRl74B270xDltC2RiZDpEqFTa7bTbbNHh6ISEvj/8xETRhbljtBPqm90JBV8xTa4WF8a2w02b5++oSJ0VGoq2vMCezmMBYTEPNOGpTmHjIHBwz09CyKB7OtXbfOUqhOEVagpROULJVVTCS2tjiafJYrm1vJzBIi4Vg2grTct5THjl2BiM5UQz8xwb8PxsXhc339ciTBDJa0UjyXloWWVsns7XmIjqWk8H29vH0Lz2/eoLmI29g/pktIAWHLJL4yqYo+IheckQAOxMZCVV4BhYuLKU19gvfCOygILp6eszcqlyPk5AmMDQ5C095uTiAn1TECVrGmbbj6+UFVVoag8HA8K7mGvzodnN3dIRaLURgXi8baFzxEM9PTNK9F3b27iL14CbvDj+FHSwuG+/qEJL4iOoZamFqn869AameHJ7mXMdLfj/tdGlxPSsSeiEhMjIxgemoKDooNeFv2GOdpIwlUHyyUx7NzwBrnwyy1kCCHZVExaZfRohsbw920VA5uFL1Wi5E//TicmIgjyckY6u0lsBnTf934OB5dyOG1YdY6iiRf9PopChNLdJZJ3PG3RjMPTs5JxSWccJu3z2wN/OrhlVyZl4vvzc3cZpiZYc7o7+42up6hvtQiEhTaB5aqIoo1XywQB4UCUekZ/ARMXt25g+rCAowNDCwsgHnfjwyLCAwS023IpK00JNEuRHaOjvwS2WIGHpOdjdD4eNSVlqKzqQmHlErYr5fzOUsCiY0NmA+bs8OwrCTwnkXtmk5RSkMCq9SQuBPw3b8P/qFh+NnaigfqTHR3dPB1W728kHDlKtwCAtD65jXa33/Au4pyTE9Ost8PCVxp8T2Y66adxobHct/N3w8tDQ0WKykgjMjb2oQJoSX1NO5+qQdHbd4RVyA5BJ5n7cFZkLYrfNGKrD76tAM9Den/QZBh/lwy+SfAAK5qO2iUYLhmAAAAAElFTkSuQmCC)
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7908818519540545 |
Encrypted: | false |
SSDEEP: | 96:hSwuFtqsVieNWSI2ssnBeslbLfQQXIDcQ7c6xcEjcw3wtp+HbHgA5JHQgih88WpK:EVBU92B0V1pBjzvqzuiFeZ24lO85I |
MD5: | 95DE9D5C3EB76E6B2429F5194C977F29 |
SHA1: | C90D8F12D45F81151271676FE059B195EB933286 |
SHA-256: | 7B5DBB63DE6460E1C9D38BA3CC073E667F6B1ED89F186C97AFD59B9255500893 |
SHA-512: | CD7164A8229103AE93BCDE91F6F87BE215023AD10D8058480C23CF44B6AAAE46A375851AE25BDC0E8DF96CD4EA4B34CBF36929788B1D77A5EC35095C2D3D40E0 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 53906 |
Entropy (8bit): | 1.5604703456901028 |
Encrypted: | false |
SSDEEP: | 96:5m8wZbqDSh+CF82UcAZh0WFoE7gdHBSi7YTP/ng2t3/EPFdvvzi3G7MYfNfu4xSV:XmujedkOYLPzG9dVfNfu40jynmxVN |
MD5: | 8B3BBABDDA9B29AC021DF7CAE68F80B0 |
SHA1: | 2321D19E6EC4062D62157674D5A86D0468D0D192 |
SHA-256: | 921685B1458792C69ED6EECA5F8217E190DE071BCE780B70EFBC5A7C55B36C14 |
SHA-512: | 4240337799E1FDA5051474C1191A18D0C6ED8368D28310D71E710F0592AE107A1D0B68202DB6DEC2BFDE6E0F3D8465982F023EFC9D255725B1F238E71D3D9701 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8708 |
Entropy (8bit): | 3.695792574969849 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJ7YCC6Y94kKPGgmfbfprT89b9XEf//m:R6lXJEn6YykbgmfbW9Ufm |
MD5: | 64CE7F4D6092363A779D0E3E93E81883 |
SHA1: | 1F0C9F12146C1AA5DA11D48BA2A279F9F61E85F7 |
SHA-256: | 541385A2A330C6FE47D5AD382C988C5EF049C2BAC27909324087B9D2BD27E1EE |
SHA-512: | DD1FF8170517102F85F1B786E84424A0A5DA51CD2633A05C745C9B5D0989124F720E371A21C69089203489CBD44D0E5BD8C60EBB707E390816509B0A6940EF67 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4623 |
Entropy (8bit): | 4.437278380314611 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsNLiJg771I9oDWpW8VY2q5Ym8M4JjMmlMlZFwVyq858M8MNnODMAVWd:uIjfdwI7vy7V0oJjXdVDf9YAVWd |
MD5: | 076D03AED28D76BFC25322D9CFF4AAE0 |
SHA1: | 5DC53C5D6572BE848CBC6CB505A55F551946EF02 |
SHA-256: | C8850DA3396E91A54ECFFE1F8903076564B1DCA5F67DEDC6EEDDE2D20BD2F8AF |
SHA-512: | C49242270843FA688D690EF611CF64387E251573496B5698D403255101B775563C8F5F289CFC1C839D3404F5C46E0FAC4D8556E4BD1FA3F90F92F404BA8D4141 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.465585744982373 |
Encrypted: | false |
SSDEEP: | 6144:eIXfpi67eLPU9skLmb0b4WWSPKaJG8nAgejZMMhA2gX4WABl0uNJdwBCswSbq:zXD94WWlLZMM6YFHr+q |
MD5: | DB33D9EB7EA7E801D498D0330E1E7D09 |
SHA1: | 494F00051C8A27920F02121C193EC51AEEF94F47 |
SHA-256: | 13A63244A54BAB68EA30680E9F82C132B9286AAFE9FF68E894821E11ABBEFA6E |
SHA-512: | 93A7198DE640133B33A4EC2D379777A2221DE1A8841FA7DBF32D1B8E84D844984584347E6FDE650B2379A102050025CDC7372F6734AC74D3D6ABE127560F66E6 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.194529409359724 |
TrID: |
|
File name: | Lostitem.exe |
File size: | 7'083'008 bytes |
MD5: | b76e8b0ff4aa3aec76919fa82d8122ac |
SHA1: | 4676bb3243294ad2fc0c844300efb40b6b4f3ba0 |
SHA256: | 323dab7dc9e97c725f053e5021d367d76ac17885145bc27b42c06dac785eb352 |
SHA512: | 93def118f6e7cfa2c5f57b629f3bc1ecd022daad000e8a0a7bdf50197eff74d03109f59b6354877a9ba654481e4ace0874678006c7fb1d037e395a1cfc597959 |
SSDEEP: | 49152:+t0NZUdxqWurM+wcoMpSaJoOiJlHwBnj81Xu4Cae1G6US8a0a+6mQDf1bJ0hjfWa:+CQdgKd1CaUuxe187r9YA |
TLSH: | 90666C7B71A4812DC12ED27AC1B78F00E533B5B11B77C2FB979112561F6AAC49E3E620 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win64..$7....................................................................................................................................... |
Icon Hash: | 0769d656ea4d330f |
Entrypoint: | 0x9241dc |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x4B19103F [Fri Dec 4 13:35:59 2009 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 86e744d21ca8cca0b71b42fefe229f67 |
Instruction |
---|
inc cl |
add ecx, ADEED773h |
mov ecx, BDC94E6Bh |
cmp ch, FFFFFFF4h |
dec edx |
push 00006A18h |
clc |
pop eax |
not ecx |
jmp 00007F2DD4F75C21h |
add byte ptr [eax], al |
add byte ptr [eax+eax+00h], bl |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x5c1000 | 0x71 | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x5ba000 | 0x4b24 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x644000 | 0x9f800 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x5c4000 | 0x3c820 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x5c3000 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x5bb2c8 | 0x11b0 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x5bf000 | 0x1164 | .didata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x523200 | 0x523200 | cea1f790886903ab6e69422dcbdf0bd8 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x525000 | 0x726d8 | 0x72800 | 04ba7c144513c1dc43854ae9c34ec484 | False | 0.2685738775927948 | data | 4.860900233232423 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.bss | 0x598000 | 0x2177c | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0x5ba000 | 0x4b24 | 0x4c00 | 499c3914bd592c3653675807cbf34578 | False | 0.25801809210526316 | data | 4.394750706313722 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.didata | 0x5bf000 | 0x1164 | 0x1200 | 196f30d652db9395c2862bf382b54907 | False | 0.2595486111111111 | data | 3.4465430702443594 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.edata | 0x5c1000 | 0x71 | 0x200 | 33e833a36d8d91e8be54512d46a3558c | False | 0.181640625 | data | 1.3571941527050162 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.tls | 0x5c2000 | 0x280 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x5c3000 | 0x6d | 0x200 | 4c9847c894573d2b61e22fb01e319f74 | False | 0.197265625 | data | 1.384366201237787 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x5c4000 | 0x3c820 | 0x3ca00 | 8a7c2868c138dd3f2991db5ae71dcf14 | False | 0.4610744201030928 | data | 6.452970259326724 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.pdata | 0x601000 | 0x42420 | 0x42600 | f2d5edab3f09bfa6fd80b3fe5d8db39b | False | 0.4946739642184557 | data | 6.422077484908901 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x644000 | 0xa6800 | 0xa6400 | d3676f1ee7c67a8e57974a65aa4f4be3 | False | 0.7165531015037594 | data | 7.509470533792128 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
VCLSTYLE | 0x645470 | 0x28d80 | data | English | United States | 0.9276611514919664 |
VCLSTYLE | 0x66e1f0 | 0x3336c | data | English | United States | 0.9360067120492725 |
RT_CURSOR | 0x6a155c | 0x134 | data | English | United States | 0.43506493506493504 |
RT_CURSOR | 0x6a1690 | 0x134 | data | English | United States | 0.4642857142857143 |
RT_CURSOR | 0x6a17c4 | 0x134 | data | English | United States | 0.4805194805194805 |
RT_CURSOR | 0x6a18f8 | 0x134 | data | English | United States | 0.38311688311688313 |
RT_CURSOR | 0x6a1a2c | 0x134 | data | English | United States | 0.36038961038961037 |
RT_CURSOR | 0x6a1b60 | 0x134 | data | English | United States | 0.4090909090909091 |
RT_CURSOR | 0x6a1c94 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.4967532467532468 |
RT_CURSOR | 0x6a1dc8 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.38636363636363635 |
RT_ICON | 0x6a1efc | 0x3974 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9956486265977699 |
RT_ICON | 0x6a5870 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536 | English | United States | 0.07938010173902757 |
RT_ICON | 0x6b6098 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16384 | English | United States | 0.14365847897968823 |
RT_ICON | 0x6ba2c0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | English | United States | 0.18890041493775933 |
RT_ICON | 0x6bc868 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | English | United States | 0.26852720450281425 |
RT_ICON | 0x6bd910 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | English | United States | 0.4858156028368794 |
RT_STRING | 0x6bdd78 | 0x81c | data | 0.302504816955684 | ||
RT_STRING | 0x6be594 | 0xb04 | data | 0.23120567375886525 | ||
RT_STRING | 0x6bf098 | 0x898 | data | 0.3109090909090909 | ||
RT_STRING | 0x6bf930 | 0x106c | data | 0.21741198858230257 | ||
RT_STRING | 0x6c099c | 0x9f8 | data | 0.32053291536050155 | ||
RT_STRING | 0x6c1394 | 0x894 | data | 0.3087431693989071 | ||
RT_STRING | 0x6c1c28 | 0x87c | data | 0.27532228360957645 | ||
RT_STRING | 0x6c24a4 | 0x400 | data | 0.392578125 | ||
RT_STRING | 0x6c28a4 | 0x2bc | data | 0.4257142857142857 | ||
RT_STRING | 0x6c2b60 | 0x5b0 | data | 0.34203296703296704 | ||
RT_STRING | 0x6c3110 | 0x3e4 | data | 0.4166666666666667 | ||
RT_STRING | 0x6c34f4 | 0x408 | data | 0.4108527131782946 | ||
RT_STRING | 0x6c38fc | 0x35c | data | 0.4197674418604651 | ||
RT_STRING | 0x6c3c58 | 0x478 | data | 0.38286713286713286 | ||
RT_STRING | 0x6c40d0 | 0x358 | data | 0.4287383177570093 | ||
RT_STRING | 0x6c4428 | 0x394 | data | 0.35262008733624456 | ||
RT_STRING | 0x6c47bc | 0x264 | data | 0.4542483660130719 | ||
RT_STRING | 0x6c4a20 | 0x464 | data | 0.33629893238434166 | ||
RT_STRING | 0x6c4e84 | 0x448 | data | 0.3521897810218978 | ||
RT_STRING | 0x6c52cc | 0x348 | data | 0.3607142857142857 | ||
RT_STRING | 0x6c5614 | 0x398 | Targa image data - Color 99 x 107 x 32 +68 +111 "z" | 0.42934782608695654 | ||
RT_STRING | 0x6c59ac | 0x324 | data | 0.4539800995024876 | ||
RT_STRING | 0x6c5cd0 | 0xac | data | 0.7209302325581395 | ||
RT_STRING | 0x6c5d7c | 0x15c | data | 0.5545977011494253 | ||
RT_STRING | 0x6c5ed8 | 0x3c4 | data | 0.3993775933609959 | ||
RT_STRING | 0x6c629c | 0x3c8 | data | 0.3822314049586777 | ||
RT_STRING | 0x6c6664 | 0x3dc | data | 0.395748987854251 | ||
RT_STRING | 0x6c6a40 | 0x428 | data | 0.37781954887218044 | ||
RT_STRING | 0x6c6e68 | 0x400 | data | 0.298828125 | ||
RT_STRING | 0x6c7268 | 0x2c4 | data | 0.3559322033898305 | ||
RT_STRING | 0x6c752c | 0x434 | data | 0.40055762081784385 | ||
RT_STRING | 0x6c7960 | 0x610 | data | 0.34213917525773196 | ||
RT_STRING | 0x6c7f70 | 0x568 | data | 0.3634393063583815 | ||
RT_STRING | 0x6c84d8 | 0x3a0 | data | 0.3728448275862069 | ||
RT_STRING | 0x6c8878 | 0x32c | data | 0.4187192118226601 | ||
RT_STRING | 0x6c8ba4 | 0x3bc | data | 0.36610878661087864 | ||
RT_STRING | 0x6c8f60 | 0x3b0 | data | 0.3781779661016949 | ||
RT_STRING | 0x6c9310 | 0xd0 | data | 0.5288461538461539 | ||
RT_STRING | 0x6c93e0 | 0xb8 | data | 0.6467391304347826 | ||
RT_STRING | 0x6c9498 | 0x298 | data | 0.4819277108433735 | ||
RT_STRING | 0x6c9730 | 0x438 | data | 0.3212962962962963 | ||
RT_STRING | 0x6c9b68 | 0x344 | data | 0.4043062200956938 | ||
RT_STRING | 0x6c9eac | 0x2dc | data | 0.3770491803278688 | ||
RT_STRING | 0x6ca188 | 0x318 | data | 0.33080808080808083 | ||
RT_RCDATA | 0x6ca4a0 | 0x10 | data | 1.5 | ||
RT_RCDATA | 0x6ca4b0 | 0x148b | PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced | English | United States | 1.0020916524054002 |
RT_RCDATA | 0x6cb93c | 0x111e | PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced | English | United States | 1.0025102692834322 |
RT_RCDATA | 0x6cca5c | 0xd8c | PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced | English | United States | 1.0031718569780854 |
RT_RCDATA | 0x6cd7e8 | 0xec4 | data | 0.49206349206349204 | ||
RT_RCDATA | 0x6ce6ac | 0x2 | data | English | United States | 5.0 |
RT_RCDATA | 0x6ce6b0 | 0x3c0f | Delphi compiled form 'TForm1' | 0.31278048780487805 | ||
RT_RCDATA | 0x6d22c0 | 0x3970 | PNG image data, 4800 x 64, 8-bit/color RGBA, non-interlaced | English | United States | 0.9263465723612623 |
RT_RCDATA | 0x6d5c30 | 0x333d | PNG image data, 768 x 64, 8-bit/color RGBA, non-interlaced | English | United States | 0.9950445986124876 |
RT_RCDATA | 0x6d8f70 | 0x4d4e | PNG image data, 768 x 64, 8-bit/color RGBA, non-interlaced | English | United States | 0.9888832743810005 |
RT_RCDATA | 0x6ddcc0 | 0xe43 | PNG image data, 512 x 64, 8-bit/color RGBA, non-interlaced | English | United States | 0.9726102437688304 |
RT_RCDATA | 0x6deb04 | 0xbc3 | PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced | English | United States | 1.0036532713384259 |
RT_RCDATA | 0x6df6c8 | 0xc58 | PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced | English | United States | 1.0034810126582279 |
RT_RCDATA | 0x6e0320 | 0xbd1 | PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced | English | United States | 1.0036363636363637 |
RT_RCDATA | 0x6e0ef4 | 0xcfa | PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced | English | United States | 1.0033112582781456 |
RT_RCDATA | 0x6e1bf0 | 0x117c | PNG image data, 1024 x 64, 8-bit/color RGBA, non-interlaced | English | United States | 0.9159964253798034 |
RT_GROUP_CURSOR | 0x6e2d6c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x6e2d80 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x6e2d94 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x6e2da8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x6e2dbc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x6e2dd0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x6e2de4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x6e2df8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_ICON | 0x6e2e0c | 0x5a | data | English | United States | 0.7666666666666667 |
RT_VERSION | 0x6e2e68 | 0x230 | data | English | United States | 0.49642857142857144 |
RT_MANIFEST | 0x6e3098 | 0x70b | XML 1.0 document, ASCII text, with CRLF, LF line terminators | English | United States | 0.403771491957848 |
DLL | Import |
---|---|
winspool.drv | DocumentPropertiesW, ClosePrinter, OpenPrinterW, GetDefaultPrinterW, EnumPrintersW |
comdlg32.dll | FindTextW |
comctl32.dll | ImageList_GetImageInfo, FlatSB_SetScrollInfo, InitCommonControls, ImageList_DragMove, ImageList_Destroy, _TrackMouseEvent, ImageList_DragShowNolock, ImageList_Add, FlatSB_SetScrollProp, ImageList_GetDragImage, ImageList_Create, ImageList_EndDrag, ImageList_DrawEx, ImageList_SetImageCount, FlatSB_GetScrollPos, FlatSB_SetScrollPos, InitializeFlatSB, ImageList_Copy, FlatSB_GetScrollInfo, ImageList_Write, ImageList_DrawIndirect, ImageList_SetBkColor, ImageList_GetBkColor, ImageList_BeginDrag, ImageList_GetIcon, ImageList_Replace, ImageList_GetImageCount, ImageList_DragEnter, ImageList_GetIconSize, ImageList_SetIconSize, ImageList_Read, ImageList_DragLeave, ImageList_LoadImageW, ImageList_Draw, ImageList_Remove, ImageList_ReplaceIcon, ImageList_SetOverlayImage |
shell32.dll | Shell_NotifyIconW, SHAppBarMessage, ShellExecuteW |
user32.dll | CopyImage, MoveWindow, SetMenuItemInfoW, GetMenuItemInfoW, SetCaretPos, GetCaretPos, DefFrameProcW, ScrollWindowEx, GetDlgCtrlID, FrameRect, RegisterWindowMessageW, GetMenuStringW, FillRect, SendMessageA, IsClipboardFormatAvailable, EnumWindows, ShowOwnedPopups, GetClassInfoExW, GetClassInfoW, GetScrollRange, SetActiveWindow, GetActiveWindow, DrawEdge, GetKeyboardLayoutList, LoadBitmapW, EnumChildWindows, GetScrollBarInfo, UnhookWindowsHookEx, SetCapture, GetCapture, ShowCaret, CreatePopupMenu, GetMenuItemID, DestroyCaret, CharLowerBuffW, PostMessageW, IsZoomed, SetParent, DrawMenuBar, GetClientRect, IsChild, IsIconic, CallNextHookEx, ShowWindow, SetForegroundWindow, GetWindowTextW, IsDialogMessageW, DestroyWindow, RegisterClassW, EndMenu, CharNextW, GetFocus, GetDC, SetFocus, ReleaseDC, mouse_event, SetScrollRange, DrawTextW, PeekMessageA, MessageBeep, RegisterHotKey, RemovePropW, GetSubMenu, DestroyIcon, IsWindowVisible, PtInRect, DispatchMessageA, UnregisterClassW, GetTopWindow, SendMessageW, GetMessageTime, GetComboBoxInfo, GetWindowLongPtrW, SetWindowLongPtrW, LoadStringW, CreateMenu, CharLowerW, SetWindowRgn, SetWindowPos, GetMenuItemCount, GetSysColorBrush, GetWindowDC, DrawTextExW, EnumClipboardFormats, GetScrollInfo, SetWindowTextW, GetMessageExtraInfo, GetSysColor, EnableScrollBar, TrackPopupMenu, keybd_event, DrawIconEx, GetClassNameW, GetMessagePos, GetIconInfo, SetScrollInfo, GetKeyNameTextW, GetDesktopWindow, SetCursorPos, GetCursorPos, SetMenu, GetMenuState, GetMenu, UnregisterHotKey, SetRect, GetKeyState, IsRectEmpty, ValidateRect, IsCharAlphaW, GetCursor, KillTimer, BeginDeferWindowPos, WaitMessage, TranslateMDISysAccel, GetWindowPlacement, GetMenuItemRect, CreateIconIndirect, CreateWindowExW, GetDCEx, PeekMessageW, MonitorFromWindow, GetUpdateRect, SetTimer, WindowFromPoint, BeginPaint, RegisterClipboardFormatW, MapVirtualKeyW, OffsetRect, IsWindowUnicode, DispatchMessageW, CreateAcceleratorTableW, DefMDIChildProcW, GetSystemMenu, SetScrollPos, GetScrollPos, InflateRect, DrawFocusRect, ReleaseCapture, LoadCursorW, ScrollWindow, GetLastActivePopup, GetSystemMetrics, CharUpperBuffW, SetClassLongPtrW, GetClassLongPtrW, ClientToScreen, SetClipboardData, GetClipboardData, SetWindowPlacement, GetMonitorInfoW, CheckMenuItem, CharUpperW, DefWindowProcW, GetForegroundWindow, EnableWindow, GetWindowThreadProcessId, RedrawWindow, EndPaint, MsgWaitForMultipleObjectsEx, LoadKeyboardLayoutW, ActivateKeyboardLayout, GetParent, CreateCaret, MonitorFromRect, InsertMenuItemW, GetPropW, MessageBoxW, SetPropW, UpdateWindow, MsgWaitForMultipleObjects, DestroyMenu, SetWindowsHookExW, GetDoubleClickTime, EmptyClipboard, GetDlgItem, AdjustWindowRectEx, IsWindow, DrawIcon, EnumThreadWindows, InvalidateRect, SetKeyboardState, GetKeyboardState, ScreenToClient, DrawFrameControl, IsCharAlphaNumericW, BringWindowToTop, SetCursor, CreateIcon, RemoveMenu, GetKeyboardLayoutNameW, OpenClipboard, TranslateMessage, MapWindowPoints, EnumDisplayMonitors, CallWindowProcW, CountClipboardFormats, CloseClipboard, DestroyCursor, CopyIcon, PostQuitMessage, ShowScrollBar, EnableMenuItem, DeferWindowPos, HideCaret, EndDeferWindowPos, FindWindowExW, MonitorFromPoint, LoadIconW, SystemParametersInfoW, GetWindow, GetWindowRect, InsertMenuW, IsWindowEnabled, IsDialogMessageA, FindWindowW, GetKeyboardLayout, DeleteMenu |
version.dll | GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW |
oleaut32.dll | SafeArrayPutElement, GetErrorInfo, VariantInit, VariantClear, SysFreeString, SafeArrayAccessData, SysReAllocStringLen, SafeArrayCreate, SafeArrayGetElement, SysAllocStringLen, SafeArrayUnaccessData, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetUBound, SafeArrayGetLBound, VariantChangeType |
WTSAPI32.DLL | WTSUnRegisterSessionNotification, WTSRegisterSessionNotification |
advapi32.dll | RegSetValueExW, RegConnectRegistryW, RegEnumKeyExW, RegLoadKeyW, RegDeleteKeyW, RegOpenKeyExW, RegQueryInfoKeyW, RegUnLoadKeyW, RegSaveKeyW, RegDeleteValueW, RegReplaceKeyW, RegFlushKey, RegQueryValueExW, RegEnumValueW, RegCloseKey, RegCreateKeyExW, RegRestoreKeyW |
kernel32.dll | GetFileType, RtlUnwindEx, GetACP, CloseHandle, LocalFree, GetCurrentProcessId, SizeofResource, OpenFileMappingW, QueryPerformanceFrequency, IsDebuggerPresent, GetFullPathNameW, VirtualFree, GetProcessHeap, ExitProcess, HeapAlloc, GetCPInfoExW, GlobalSize, RtlUnwind, GetCPInfo, EnumSystemLocalesW, GetStdHandle, GetTimeZoneInformation, GetModuleHandleW, FreeLibrary, TryEnterCriticalSection, HeapDestroy, ReadFile, GetLastError, GetModuleFileNameW, SetLastError, GlobalAlloc, GlobalUnlock, FindResourceW, CreateThread, CompareStringW, MapViewOfFile, LoadLibraryA, ResetEvent, OpenEventW, MulDiv, FreeResource, GetVersion, RaiseException, GlobalAddAtomW, FormatMessageW, OpenProcess, SwitchToThread, GetExitCodeThread, OutputDebugStringW, GetCurrentThread, LoadLibraryExW, TerminateProcess, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, GlobalFindAtomW, VirtualQuery, GlobalFree, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, WritePrivateProfileStringW, GetFileSize, GlobalDeleteAtom, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, GetCurrentProcess, SetThreadPriority, GlobalLock, VirtualAlloc, GetTempPathW, GetCommandLineW, GetSystemInfo, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, LCMapStringW, GetDiskFreeSpaceW, VerSetConditionMask, FindFirstFileW, GetUserDefaultUILanguage, GetConsoleOutputCP, UnmapViewOfFile, GetConsoleCP, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, MultiByteToWideChar, FindClose, LoadLibraryW, SetEvent, GetLocaleInfoW, CreateFileW, EnumResourceNamesW, DeleteFileW, IsDBCSLeadByteEx, GetEnvironmentVariableW, GetLocalTime, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, GetDateFormatW, TlsGetValue, SetErrorMode, GetComputerNameW, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, RemoveDirectoryW, CreateEventW, GetPrivateProfileStringW, WaitForMultipleObjectsEx, GetThreadLocale, SetThreadLocale |
ole32.dll | IsEqualGUID, OleInitialize, OleUninitialize, CoInitialize, CoCreateInstance, CoUninitialize, CoTaskMemFree, CoTaskMemAlloc |
api-ms-win-crt-string-l1-1-0.dll | memset |
gdi32.dll | Pie, SetBkMode, CreateCompatibleBitmap, GetEnhMetaFileHeader, RectVisible, AngleArc, ResizePalette, SetAbortProc, SetTextColor, GetTextColor, StretchBlt, RoundRect, SelectClipRgn, RestoreDC, SetRectRgn, GetTextMetricsW, GetWindowOrgEx, CreatePalette, CreateDCW, CreateICW, PolyBezierTo, GetStockObject, CreateSolidBrush, GetBkMode, Polygon, MoveToEx, PlayEnhMetaFile, Ellipse, StartPage, GetBitmapBits, StartDocW, AbortDoc, GetSystemPaletteEntries, GetEnhMetaFileBits, GetEnhMetaFilePaletteEntries, CreatePenIndirect, SetMapMode, CreateFontIndirectW, PolyBezier, ExtCreatePen, EndDoc, GetObjectW, GetCurrentObject, GetWinMetaFileBits, SetROP2, GetEnhMetaFileDescriptionW, ArcTo, Arc, SelectPalette, SetGraphicsMode, ExcludeClipRect, MaskBlt, SetWindowOrgEx, EndPage, DeleteEnhMetaFile, Chord, SetDIBits, SetViewportOrgEx, GetViewportOrgEx, CreateRectRgn, RealizePalette, SetDIBColorTable, GetDIBColorTable, CreateBrushIndirect, PatBlt, SetEnhMetaFileBits, Rectangle, SaveDC, DeleteDC, BitBlt, SetWorldTransform, FrameRgn, GetDeviceCaps, GetTextExtentPoint32W, GetClipBox, IntersectClipRect, Polyline, CreateBitmap, CombineRgn, SetWinMetaFileBits, CreateDIBitmap, GetStretchBltMode, CreateDIBSection, SetStretchBltMode, GetDIBits, ExtCreateRegion, LineTo, GetRgnBox, EnumFontsW, SetWindowExtEx, CreateHalftonePalette, SelectObject, DeleteObject, ExtFloodFill, UnrealizeObject, CopyEnhMetaFileW, SetBkColor, CreateCompatibleDC, GetBrushOrgEx, GetCurrentPositionEx, SetDCPenColor, GetNearestPaletteIndex, CreateRoundRectRgn, GetTextExtentPointW, ExtTextOutW, SetBrushOrgEx, GetPixel, GdiFlush, SetViewportExtEx, SetPixel, PolyPolyline, EnumFontFamiliesExW, StretchDIBits, GetPaletteEntries |
Name | Ordinal | Address |
---|---|---|
__dbk_fcall_wrapper | 2 | 0x41bf70 |
dbkFCallWrapperAddr | 1 | 0x99e2a8 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 13:24:24 |
Start date: | 03/07/2024 |
Path: | C:\Users\user\Desktop\Lostitem.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 7'083'008 bytes |
MD5 hash: | B76E8B0FF4AA3AEC76919FA82D8122AC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 13:24:24 |
Start date: | 03/07/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6e7f60000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |