Edit tour

Windows Analysis Report
Jr2YluqEVG.dll

Overview

General Information

Sample name:	Jr2YluqEVG.dll renamed because original name is a hash value
Original sample name:	700a8957c6864ffbd6b093d57f31271beb5815a5a8eaccc446d4f6f9f575ad3d.dll
Analysis ID:	1544799
MD5:	9fcb34e9e4f331403ccb98f6ead542bc
SHA1:	e9544c70795cd7807f2d7f6fc32cf716448b8b2b
SHA256:	700a8957c6864ffbd6b093d57f31271beb5815a5a8eaccc446d4f6f9f575ad3d
Tags:	2024bankerdllgolangloadermekotiouser-johnk3r
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Checks if the current process is being debugged

Creates a process in suspended mode (likely to inject code)

Program does not show much activity (idle)

Uses 32bit PE files

Classification

Process Tree

System is w10x64

loaddll32.exe (PID: 8152 cmdline: loaddll32.exe "C:\Users\user\Desktop\Jr2YluqEVG.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)

conhost.exe (PID: 7192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 7366FBEFE66BA0F1F5304F7D6FEF09FE)

cmd.exe (PID: 7324 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\Jr2YluqEVG.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

rundll32.exe (PID: 7396 cmdline: rundll32.exe "C:\Users\user\Desktop\Jr2YluqEVG.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 7352 cmdline: rundll32.exe C:\Users\user\Desktop\Jr2YluqEVG.dll,?gb_FB2CImage@@YAHPAXHHAAVCImage@ATL@@_N@Z MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 7596 cmdline: rundll32.exe C:\Users\user\Desktop\Jr2YluqEVG.dll,?gb_get_widget_image_with_alpha@@YAHPAXAAVCImage@ATL@@_N@Z MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 7684 cmdline: rundll32.exe C:\Users\user\Desktop\Jr2YluqEVG.dll,UG_ArcCreate MD5: 889B99C52A60DD49227C5E485A016679)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Jr2YluqEVG.dll

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL

Source: Jr2YluqEVG.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source: Jr2YluqEVG.dll

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL

Source: classification engine

Classification label: clean2.winDLL@12/0@0/0

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7192:120:WilError_03

Source: Jr2YluqEVG.dll

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\Jr2YluqEVG.dll,?gb_FB2CImage@@YAHPAXHHAAVCImage@ATL@@_N@Z

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\Jr2YluqEVG.dll"
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\Jr2YluqEVG.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\Jr2YluqEVG.dll,?gb_FB2CImage@@YAHPAXHHAAVCImage@ATL@@_N@Z
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\Jr2YluqEVG.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\Jr2YluqEVG.dll,?gb_get_widget_image_with_alpha@@YAHPAXAAVCImage@ATL@@_N@Z
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\Jr2YluqEVG.dll,UG_ArcCreate
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\Jr2YluqEVG.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\Jr2YluqEVG.dll,?gb_FB2CImage@@YAHPAXHHAAVCImage@ATL@@_N@Z	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\Jr2YluqEVG.dll,?gb_get_widget_image_with_alpha@@YAHPAXAAVCImage@ATL@@_N@Z	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\Jr2YluqEVG.dll,UG_ArcCreate	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\Jr2YluqEVG.dll",#1	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: lvgl.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Jr2YluqEVG.dll

Static PE information: More than 466 > 100 exports found

Source: Jr2YluqEVG.dll

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: Jr2YluqEVG.dll

Static file information: File size 3079680 > 1048576

Source: Jr2YluqEVG.dll

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x245200

Source: Jr2YluqEVG.dll	Static PE information: More than 200 imports for USER32.dll
Source: Jr2YluqEVG.dll	Static PE information: More than 200 imports for lvgl.dll

Source: Jr2YluqEVG.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Jr2YluqEVG.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Jr2YluqEVG.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Jr2YluqEVG.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Jr2YluqEVG.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Jr2YluqEVG.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: Jr2YluqEVG.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source: Jr2YluqEVG.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: Jr2YluqEVG.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Jr2YluqEVG.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Jr2YluqEVG.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Jr2YluqEVG.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Jr2YluqEVG.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\loaddll32.exe

Process queried: DebugPort

Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\Jr2YluqEVG.dll",#1

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	11 Process Injection	1 Virtualization/Sandbox Evasion	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Rundll32	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Process Injection	Security Account Manager	1 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Jr2YluqEVG.dll	0%	ReversingLabs

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1544799
Start date and time:	2024-10-29 18:53:13 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Jr2YluqEVG.dll renamed because original name is a hash value
Original Sample Name:	700a8957c6864ffbd6b093d57f31271beb5815a5a8eaccc446d4f6f9f575ad3d.dll
Detection:	CLEAN
Classification:	clean2.winDLL@12/0@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .dll Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): www.bing.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: Jr2YluqEVG.dll

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.795604895634087
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Jr2YluqEVG.dll
File size:	3'079'680 bytes
MD5:	9fcb34e9e4f331403ccb98f6ead542bc
SHA1:	e9544c70795cd7807f2d7f6fc32cf716448b8b2b
SHA256:	700a8957c6864ffbd6b093d57f31271beb5815a5a8eaccc446d4f6f9f575ad3d
SHA512:	cc3ae2f701e7185a2648c33bcf54830c77a5c53e6c66281f5c6a9dd39a15de2193c42c266cb937bdd2918663784d690d1a4e3e3523c92fb4be3af2a2648680f9
SSDEEP:	49152:9YQQJyfZa987jV/waLFZVhVEl/NALAQFkAnho06roCo/s6dXfL0owU/cbFf/tNwC:9YQfZaOfVIaBZVUesDAhoPro//Jdv4oZ
TLSH:	1BE5AD62BA734022D05701347A5EB73BE5BD53B0E73960C772BCAA2C7D250C356396AB
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........H~..)...)...)...B...)...B...)...B...)...Q...)..zP...)...B...)...B...)...B...)...)...-...Q...)...Q...)...Q...(..zP..g)..zP...).

File Icon


Icon Hash:	7ae282899bbab082

Static PE Info

General

Entrypoint:	0x10209563
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x10000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x66ED1FFA [Fri Sep 20 07:10:50 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	56a2acdfacad6216ca2356226adef1f5

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
cmp dword ptr [ebp+0Ch], 01h
jne 00007FDBE4FE7F97h
call 00007FDBE4FE8818h
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+08h]
call 00007FDBE4FE7E43h
add esp, 0Ch
pop ebp
retn 000Ch
mov ecx, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], ecx
pop ecx
pop edi
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
push ecx
ret
mov ecx, dword ptr [ebp-10h]
xor ecx, ebp
call 00007FDBE4FE72B2h
jmp 00007FDBE4FE7F72h
mov ecx, dword ptr [ebp-14h]
xor ecx, ebp
call 00007FDBE4FE72A3h
jmp 00007FDBE4FE7F63h
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [102C5DCCh]
xor eax, ebp
push eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [102C5DCCh]
xor eax, ebp
push eax
mov dword ptr [ebp-10h], eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [eax+eax+00h]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x2bb6e0	0x386c	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2bef4c	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x2f2000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x2f3000	0x275c8	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x2a2c20	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x2a2c80	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x2a2b60	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x247000	0xea8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x2451cc	0x245200	d1d6d373f9cbc3634cc9be745d25a26d	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x247000	0x7d440	0x7d600	8f9f5bb45ecee8ae6b46e30ef5574cff	False	0.39000771124127614	data	6.079892008032184	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x2c5000	0x2c380	0x5a00	05fb798f47d563e6aae7e75cb68ae63e	False	0.25473090277777777	data	4.89538078889069	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x2f2000	0x1e0	0x200	b583cfeda582697be8ce5f97a1981036	False	0.525390625	data	4.703795642277185	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x2f3000	0x275c8	0x27600	43c0fb01d0544c82d57ee7c0e45ca43c	False	0.503577628968254	data	6.612043215924755	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x2f2060	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
KERNEL32.dll	GetConsoleOutputCP, DeleteFileW, EnumSystemLocalesW, IsValidLocale, LCMapStringW, CompareStringW, GetTimeFormatW, GetDateFormatW, GetStdHandle, ExitProcess, GetFileType, SetStdHandle, QueryPerformanceFrequency, GetCommandLineW, GetCommandLineA, SetFilePointerEx, FreeLibraryAndExitThread, ExitThread, HeapQueryInformation, VirtualQuery, VirtualAlloc, GetSystemInfo, InterlockedFlushSList, RtlUnwind, OutputDebugStringW, FindFirstFileExW, LCMapStringEx, VerifyVersionInfoW, GetConsoleMode, ReadConsoleW, GetModuleHandleExW, Sleep, ReadFile, WriteFile, PurgeComm, WaitForMultipleObjects, CreateMutexW, WaitForSingleObject, CreateFileW, ReleaseMutex, SetupComm, CreateEventW, GetLastError, WaitCommEvent, GetCommState, CloseHandle, CreateThread, ClearCommError, GetOverlappedResult, SetCommMask, SetCommTimeouts, SetCommState, lstrcatW, WideCharToMultiByte, GetModuleHandleW, CreateDirectoryA, HeapFree, GetTimeZoneInformation, FindNextFileW, IsValidCodePage, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, WriteConsoleW, MultiByteToWideChar, InitializeSListHead, GetSystemTimeAsFileTime, QueryPerformanceCounter, GetStartupInfoW, IsDebuggerPresent, WaitForSingleObjectEx, ResetEvent, IsProcessorFeaturePresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetUserDefaultLCID, GetTempFileNameA, SearchPathA, GetProfileIntA, GetTempPathA, VerifyVersionInfoA, VerSetConditionMask, GetWindowsDirectoryA, FindResourceExW, lstrcpyA, GetACP, GetCurrentDirectoryA, GetCPInfo, GetOEMCP, VirtualProtect, GetUserDefaultUILanguage, GetLocaleInfoW, SystemTimeToTzSpecificLocalTime, GetFileTime, GetFileSizeEx, GetFileAttributesExA, GetFileAttributesA, FileTimeToLocalFileTime, GetVersionExA, GlobalFindAtomA, FindResourceA, lstrcmpW, GlobalDeleteAtom, LoadLibraryExW, GetSystemDirectoryW, EncodePointer, lstrcmpiA, LoadLibraryA, GetCurrentProcess, DuplicateHandle, GetVolumeInformationA, UnlockFile, SetFilePointer, SetEndOfFile, LockFile, GetFullPathNameA, GetFileSize, FlushFileBuffers, FindFirstFileA, FindClose, CreateFileA, GlobalAddAtomA, ResumeThread, SetThreadPriority, GetCurrentThreadId, SetEvent, GlobalFlags, FreeLibrary, CompareStringA, GetModuleFileNameA, GetCurrentProcessId, LocalReAlloc, LocalAlloc, GlobalHandle, GlobalReAlloc, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSection, FileTimeToSystemTime, GlobalGetAtomNameA, lstrcmpA, LoadLibraryW, GetProcAddress, GetModuleHandleA, GetModuleFileNameW, InitializeCriticalSectionAndSpinCount, OutputDebugStringA, CopyFileA, FormatMessageA, MulDiv, LocalFree, GlobalSize, SetLastError, GetTickCount, GlobalUnlock, GlobalLock, GlobalFree, GlobalAlloc, GetTempPathW, GetLongPathNameW, FindResourceW, LoadResource, LockResource, SizeofResource, GetProcessHeap, DeleteCriticalSection, DecodePointer, HeapAlloc, RaiseException, HeapReAlloc, HeapSize, InitializeCriticalSectionEx, LeaveCriticalSection, GetStringTypeW, EnterCriticalSection, lstrlenW
USER32.dll	InvertRect, HideCaret, EnableScrollBar, MessageBeep, GetIconInfo, DrawIconEx, LoadImageA, IsRectEmpty, DrawFocusRect, WindowFromPoint, ReleaseCapture, SetCapture, GetNextDlgGroupItem, LoadImageW, TrackMouseEvent, InvalidateRect, KillTimer, SetTimer, DeleteMenu, SetCursor, ShowOwnedPopups, MapDialogRect, GetAsyncKeyState, GetNextDlgTabItem, EndDialog, CreateDialogIndirectParamA, OffsetRect, SetRectEmpty, CopyImage, SystemParametersInfoA, GetMenuItemInfoA, DestroyMenu, PostQuitMessage, LoadBitmapW, SetMenuItemInfoA, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, EnableMenuItem, CheckMenuItem, GetMonitorInfoA, MonitorFromWindow, WinHelpA, GetScrollInfo, SetScrollInfo, LoadIconA, GetTopWindow, GetClassLongA, EqualRect, MapWindowPoints, AdjustWindowRectEx, GetClientRect, RemovePropA, GetPropA, SetPropA, ShowScrollBar, GetScrollRange, SetScrollRange, ScrollWindow, RedrawWindow, SetForegroundWindow, GetForegroundWindow, SetActiveWindow, UpdateWindow, TrackPopupMenuEx, TrackPopupMenu, SetMenu, GetMenu, GetCapture, IsIconic, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, SetWindowPlacement, GetWindowPlacement, DestroyWindow, IsChild, IsMenu, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, CallWindowProcA, DefWindowProcA, PostMessageA, GetMessageTime, GetMessagePos, RegisterWindowMessageA, DestroyIcon, NotifyWinEvent, SetWindowsHookExA, GetCursorPos, ValidateRect, GetKeyState, GetActiveWindow, IsWindowVisible, PeekMessageA, DispatchMessageA, GetMessageA, MessageBoxW, DefWindowProcW, PostMessageW, CreateWindowExW, SendMessageW, GetScrollPos, SetScrollPos, RealChildWindowFromPoint, GetClassNameA, GetDesktopWindow, PtInRect, GetWindowRect, IsDialogMessageA, GetWindow, SetWindowLongA, SetWindowTextA, GetFocus, SetFocus, GetDlgCtrlID, SendDlgItemMessageA, CheckDlgButton, CreatePopupMenu, GetMenuDefaultItem, MapVirtualKeyA, GetKeyNameTextA, SetLayeredWindowAttributes, EnumDisplayMonitors, OpenClipboard, CloseClipboard, SetClipboardData, EmptyClipboard, DrawStateA, SetClassLongA, SetWindowRgn, SetParent, RegisterClassExW, wsprintfW, AppendMenuW, LoadIconW, TranslateMessage, PeekMessageW, DispatchMessageW, ReleaseDC, GetDC, CharUpperA, GetMenuStringA, GetMenuState, GetSubMenu, GetMenuItemID, GetMenuItemCount, InsertMenuA, AppendMenuA, RemoveMenu, DrawTextA, DrawTextExA, GrayStringA, TabbedTextOutA, GetWindowDC, BeginPaint, EndPaint, ClientToScreen, ScreenToClient, GetSysColor, FillRect, GetWindowTextA, GetWindowTextLengthA, UnhookWindowsHookEx, SendMessageA, EnableWindow, IsWindowEnabled, MessageBoxA, GetWindowLongA, GetParent, GetWindowThreadProcessId, GetLastActivePopup, GetSystemMetrics, GetSysColorBrush, LoadCursorA, CopyRect, InflateRect, IntersectRect, IsWindow, ShowWindow, DrawIcon, UnionRect, UpdateLayeredWindow, MonitorFromPoint, LoadCursorW, DrawEdge, DrawFrameControl, IsZoomed, LoadMenuW, GetSystemMenu, BringWindowToTop, SetCursorPos, FrameRect, MoveWindow, SetWindowPos, GetDlgItem, LoadAcceleratorsA, TranslateAcceleratorA, LoadMenuA, DestroyAcceleratorTable, CopyIcon, InsertMenuItemA, UnpackDDElParam, ReuseDDElParam, GetComboBoxInfo, PostThreadMessageA, WaitMessage, GetKeyboardLayout, IsCharLowerA, MapVirtualKeyExA, GetKeyboardState, ToAsciiEx, LoadAcceleratorsW, CreateAcceleratorTableA, DestroyCursor, GetWindowRgn, CreateMenu, SubtractRect, TranslateMDISysAccel, DefMDIChildProcA, DefFrameProcA, DrawMenuBar, GetUpdateRect, IsClipboardFormatAvailable, CharUpperBuffA, RegisterClipboardFormatA, ModifyMenuA, GetDoubleClickTime, SetMenuDefaultItem, LockWindowUpdate, SetRect, CopyAcceleratorTableA, CallNextHookEx
GDI32.dll	DeleteDC, GetObjectW, CreateDIBSection, SelectPalette, GetDeviceCaps, GetStockObject, RealizePalette, CopyMetaFileA, CreateDCA, BitBlt, CreateBitmap, CreateCompatibleDC, CreateHatchBrush, CreatePen, CreatePatternBrush, CreateRectRgn, CreateSolidBrush, Escape, ExcludeClipRect, GetClipBox, GetObjectType, GetPixel, GetViewportExtEx, GetWindowExtEx, IntersectClipRect, LineTo, PtVisible, RectVisible, RestoreDC, SaveDC, SelectClipRgn, ExtSelectClipRgn, SelectObject, SetBkColor, SetBkMode, SetMapMode, SetLayout, GetLayout, SetPolyFillMode, SetROP2, SetStretchBltMode, SetTextColor, SetTextAlign, GetObjectA, MoveToEx, TextOutA, ExtTextOutA, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, OffsetViewportOrgEx, OffsetWindowOrgEx, ScaleViewportExtEx, ScaleWindowExtEx, CombineRgn, CreateFontIndirectA, CreateRectRgnIndirect, PatBlt, SetRectRgn, DPtoLP, GetTextExtentPoint32A, GetTextMetricsA, EnumFontFamiliesExA, CreatePalette, GetNearestPaletteIndex, GetPaletteEntries, GetSystemPaletteEntries, GetBkColor, CreateCompatibleBitmap, CreateDIBitmap, EnumFontFamiliesA, GetTextCharsetInfo, SetPixel, StretchBlt, SetDIBColorTable, CreateEllipticRgn, Ellipse, GetTextColor, CreatePolygonRgn, Polygon, Polyline, CreateRoundRectRgn, LPtoDP, Rectangle, GetRgnBox, OffsetRgn, RoundRect, FillRgn, FrameRgn, GetBoundsRect, PtInRegion, ExtFloodFill, SetPaletteEntries, SetPixelV, GetWindowOrgEx, GetViewportOrgEx, PlgBlt, GetTextFaceA, DeleteObject
WINSPOOL.DRV	ClosePrinter, OpenPrinterA, DocumentPropertiesA
ADVAPI32.dll	CryptAcquireContextW, CryptGetHashParam, CryptDestroyHash, CryptHashData, CryptCreateHash, RegCloseKey, RegQueryValueExA, RegSetValueExA, RegEnumKeyExA, RegDeleteValueA, RegOpenKeyExA, RegDeleteKeyA, RegCreateKeyExA, CryptReleaseContext
SHELL32.dll	SHGetFileInfoA, ShellExecuteA, SHGetPathFromIDListA, SHGetSpecialFolderLocation, SHGetDesktopFolder, DragQueryFileA, DragFinish, SHAppBarMessage, SHBrowseForFolderA
ole32.dll	IsAccelerator, OleTranslateAccelerator, OleDestroyMenuDescriptor, OleCreateMenuDescriptor, OleLockRunning, RevokeDragDrop, RegisterDragDrop, CoLockObjectExternal, OleGetClipboard, DoDragDrop, CreateStreamOnHGlobal, CoInitializeEx, CoInitialize, CoUninitialize, CoDisconnectObject, CoCreateInstance, ReleaseStgMedium, OleDuplicateData, CoTaskMemFree, CoTaskMemAlloc
OLEAUT32.dll	VariantClear, VariantTimeToSystemTime, SystemTimeToVariantTime, SysStringLen, SysAllocStringLen, SysAllocStringByteLen, SysFreeString, LoadTypeLib, VariantInit, SysAllocString, VariantCopy, VariantChangeType, VarBstrFromDate
lvgl.dll	lv_tileview_set_anim_time, lv_disp_get_default, lv_indev_get_obj_act, lv_obj_del, lv_indev_reset, lv_disp_get_hor_res, lv_tick_elaps, lv_disp_get_buf, lv_disp_is_true_double_buf, lv_tileview_add_element, lv_obj_invalidate, _lv_memcpy, lv_tileview_set_tile_act_by_index, lv_obj_set_pos, lv_obj_set_x, lv_refr_vdb_flush, lv_disp_flush_ready, lv_obj_set_y, lv_img_set_src, lv_tick_get, _lv_obj_set_style_local_opa, lv_obj_set_size, lv_mem_alloc, lv_mem_free, lv_arc_set_start_angle, lv_arc_set_end_angle, lv_arc_get_angle_start, lv_arc_get_angle_end, lv_label_create, lv_obj_get_parent, lv_label_get_text, lv_bar_set_anim_time, lv_bar_get_min_value, lv_bar_get_value, lv_bar_set_value, lv_bar_get_max_value, lv_bar_get_anim_time, lv_bar_set_range, lv_btn_get_state, lv_checkbox_set_checked, lv_dropdown_close, lv_dropdown_clear_options, lv_dropdown_add_option, lv_dropdown_open, lv_dropdown_get_selected, lv_obj_is_visible, lv_dropdown_get_selected_str, lv_dropdown_set_selected, lv_img_get_zoom, lv_img_get_angle, lv_img_set_zoom, lv_img_set_angle, lv_img_get_auto_size, lv_img_get_src, lv_img_set_auto_size, lv_btn_get_checkable, lv_imgbtn_set_state, lv_tileview_get_tile_act, _lv_obj_get_style_color, lv_label_get_long_mode, lv_label_ins_text, lv_label_set_text_fmt, lv_label_set_long_mode, lv_list_get_btn_selected, lv_list_clean, lv_list_get_btn_text, lv_list_get_btn_index, lv_list_focus_btn, lv_list_add_btn, lv_roller_get_selected, lv_roller_set_selected, lv_roller_get_selected_str, lv_slider_get_value, lv_switch_off, lv_switch_on, lv_textarea_add_text, lv_textarea_del_char, lv_textarea_set_text, lv_textarea_get_text, _lv_obj_get_style_int, lv_obj_get_width, lv_obj_set_width, lv_obj_get_x, lv_obj_set_height, _lv_obj_get_style_opa, lv_obj_get_height, lv_obj_get_y, lv_disp_drv_init, lv_deinit, lv_init, lv_disp_drv_register, lv_disp_buf_init, lv_split_jpeg_init, lv_anim_del_all, _lv_disp_buf_projection_first, _lv_area_intersect, lv_draw_label, lv_area_set_height, lv_draw_rect_dsc_init, _lv_memset, _lv_mem_buf_get, lv_draw_label_dsc_init, lv_img_cf_is_chroma_keyed, lv_draw_mask_apply, lv_draw_rect, lv_img_cf_has_alpha, _lv_img_buf_get_transformed_area, _lv_mem_buf_release, lv_draw_mask_get_cnt, lv_area_get_size, lv_img_decoder_read_line, lv_img_cf_get_px_size, _lv_trigo_sin, lv_obj_init_draw_label_dsc, _lv_obj_get_style_ptr, lv_tileview_set_tile_act, lv_img_decoder_get_info, lv_theme_apply, lv_obj_handle_get_type_signal, lv_obj_get_coords, lv_obj_get_signal_cb, lv_obj_refresh_style, lv_draw_mask_radius_init, lv_obj_is_point_on_coords, lv_obj_init_draw_img_dsc, lv_draw_mask_remove_custom, lv_obj_set_signal_cb, lv_img_src_get_type, lv_obj_set_adv_hittest, lv_draw_mask_add, lv_obj_set_design_cb, lv_obj_get_ext_attr, _lv_area_is_point_on, lv_obj_init_draw_rect_dsc, lv_obj_allocate_ext_attr, lv_obj_refresh_ext_draw_pad, _lv_txt_get_size, _lv_area_is_in, _lv_txt_get_width, lv_obj_get_design_cb, lv_btn_create, lv_task_set_period, lv_fs_write, lv_fs_trunc, lv_line_set_points, _lv_style_set_color, lv_obj_add_style, lv_line_create, lv_label_set_align, lv_obj_align, _lv_style_set_int, lv_style_init, lv_style_reset, lv_canvas_draw_line, lv_draw_line_dsc_init, lv_indev_grab, lv_task_reset, lv_arc_set_bg_angles, lv_arc_set_adjustable, lv_arc_set_rotation, lv_arc_create, lv_arc_set_angles, lv_arc_set_type, lv_obj_set_gesture_parent, lv_obj_get_hidden, lv_cont_set_layout, lv_obj_get_child_back, lv_obj_set_custom_view_data, lv_obj_get_custom_view_data, lv_obj_clean, lv_cont_set_fit4, lv_cont_create, _lv_style_set_opa, lv_bar_create, lv_btn_set_checkable, lv_canvas_set_buffer, lv_canvas_create, lv_indev_get_point, lv_canvas_fill_bg, lv_chart_add_series, lv_chart_set_next, lv_chart_set_y_tick_texts, lv_chart_set_y_range, lv_chart_set_div_line_count, lv_chart_set_update_mode, lv_chart_set_point_count, lv_chart_set_x_tick_texts, lv_chart_set_type, lv_chart_create, lv_checkbox_set_text, _lv_style_set_ptr, lv_checkbox_create, lv_img_set_pivot, lv_dropdown_set_options, lv_dropdown_set_max_height, lv_dropdown_create, lv_imgbtn_set_src, lv_imgbtn_set_recolor_opa, lv_imgbtn_set_recolor, lv_tileview_set_remap_mode, lv_obj_set_gesture_parent_dir, lv_obj_set_drag, lv_tileview_set_ramap_range, lv_label_refr_text, lv_anim_del, lv_obj_invalidate_area, lv_anim_init, lv_anim_start, _lv_style_list_add_style, lv_list_get_btn_label, lv_obj_get_style_list, lv_list_create, lv_roller_set_visible_row_count, lv_roller_set_options, lv_roller_set_align, lv_roller_create, lv_roller_set_auto_fit, lv_slider_create, lv_switch_create, lv_textarea_set_pwd_mode, lv_keyboard_set_cursor_manage, lv_obj_get_screen, lv_textarea_get_cursor_hidden, lv_keyboard_def_event_cb, lv_textarea_get_label, lv_keyboard_set_mode, lv_keyboard_set_textarea, lv_disp_get_layer_sys, lv_textarea_set_placeholder_text, lv_obj_get_event_cb, lv_keyboard_create, lv_textarea_create, lv_textarea_set_cursor_hidden, lv_obj_set_state, lv_indev_drv_init, lv_task_enable, lv_indev_drv_register, lv_mem_monitor, lv_anim_get, lv_event_get_data, lv_obj_create, lv_tileview_create, lv_disp_get_ver_res, lv_tileview_set_valid_positions, lv_draw_img_dsc_init, lv_task_del, lv_img_create, lv_page_set_edge_flash, _lv_mem_get_base, lv_indev_wait_release, lv_obj_set_event_cb, lv_page_get_scrollable, _lv_refr_get_disp_refreshing, lv_event_send, lv_disp_get_rotation, lv_indev_get_type, lv_indev_get_act, _lv_obj_set_event_cb_interceptor, lv_indev_get_gesture_dir, lv_list_get_next_btn, lv_img_decoder_close, lv_img_decoder_open, lv_img_decoder_uncompress, lv_task_handler, lv_refr_now, lv_disp_load_scr, lv_disp_get_scr_act, lv_task_create, lv_fs_tell, lv_fs_seek, lv_font_load, lv_font_free, lv_font_load_from_opened_file, lv_fs_open, lv_fs_close, lv_fs_read, _lv_mem_get_size, lv_obj_set_hidden, lv_label_set_text, lv_obj_get_type, _lv_obj_set_style_local_ptr, lv_obj_get_child, _lv_obj_set_style_local_color, _lv_obj_set_style_local_int, lv_obj_set_click, lv_canvas_draw_img
MSIMG32.dll	TransparentBlt, AlphaBlend
COMCTL32.dll	ImageList_AddMasked, ImageList_Create, ImageList_Replace
SHLWAPI.dll	PathFindExtensionA, StrFormatKBSizeA, PathIsUNCA, PathFindFileNameA, PathStripToRootA, PathRemoveFileSpecW, PathFindExtensionW
UxTheme.dll	IsThemeBackgroundPartiallyTransparent, GetThemePartSize, GetThemeSysColor, IsAppThemed, GetWindowTheme, GetCurrentThemeName, DrawThemeText, DrawThemeParentBackground, OpenThemeData, CloseThemeData, DrawThemeBackground, GetThemeColor
gdiplus.dll	GdipCreateBitmapFromHBITMAP, GdipAlloc, GdipCloneImage, GdipGetImageEncoders, GdiplusStartup, GdipGetImageGraphicsContext, GdipGetImageWidth, GdipGetImageHeight, GdipGetImagePixelFormat, GdipFree, GdipBitmapLockBits, GdipBitmapUnlockBits, GdipDeleteGraphics, GdipDrawImageI, GdipCreateFromHDC, GdipSetInterpolationMode, GdipDrawImageRectI, GdipDisposeImage, GdipGetImageEncodersSize, GdiplusShutdown, GdipSaveImageToFile, GdipGetImagePalette, GdipCreateBitmapFromScan0, GdipCreateBitmapFromStream, GdipGetImagePaletteSize
OLEACC.dll	LresultFromObject, AccessibleObjectFromWindow, CreateStdAccessibleObject
IMM32.dll	ImmReleaseContext, ImmGetOpenStatus, ImmGetContext
WINMM.dll	waveOutOpen, waveOutWrite, waveOutReset, waveOutClose, waveOutPrepareHeader, PlaySoundA
COMDLG32.dll	GetSaveFileNameW

Exports

Name	Ordinal	Address
?gb_FB2CImage@@YAHPAXHHAAVCImage@ATL@@_N@Z	1	0x10039be0
?gb_get_widget_image_with_alpha@@YAHPAXAAVCImage@ATL@@_N@Z	2	0x10039bb0
UG_ArcCreate	3	0x100535b0
UG_ArcGetProgress	4	0x100538a0
UG_ArcGetProgressMax	5	0x100538c0
UG_ArcGetProgressMin	6	0x100538b0
UG_ArcSetBackAngle	7	0x10053790
UG_ArcSetBackColor	8	0x10053730
UG_ArcSetBackOpa	9	0x100538d0
UG_ArcSetClockwise	10	0x100537d0
UG_ArcSetColor	11	0x100536f0
UG_ArcSetEndAngle	12	0x10053770
UG_ArcSetGradColor	13	0x10053710
UG_ArcSetProgress	14	0x10053870
UG_ArcSetProgressMax	15	0x10053840
UG_ArcSetProgressMin	16	0x10053810
UG_ArcSetRadius	17	0x100538f0
UG_ArcSetRotation	18	0x100537f0
UG_ArcSetStartAngle	19	0x10053750
UG_ArcSetStrokeWidth	20	0x100536d0
UG_BarCreate	21	0x10054410
UG_BarGetValMax	22	0x100538a0
UG_BarGetValMin	23	0x100538c0
UG_BarGetValue	24	0x100538b0
UG_BarSetBackColor	25	0x10054720
UG_BarSetBorderColor	26	0x10054740
UG_BarSetBorderWidth	27	0x10054760
UG_BarSetIndicColor	28	0x100536f0
UG_BarSetIndicGradColor	29	0x10053710
UG_BarSetValMax	30	0x100546e0
UG_BarSetValMin	31	0x100546a0
UG_BarSetValue	32	0x100544f0
UG_ButtonCreate	33	0x10052160
UG_ButtonGetAlignment	34	0x10052510
UG_ButtonGetAlternateBackColor	35	0x10052450
UG_ButtonGetAlternateForeColor	36	0x10052430
UG_ButtonGetBackColor	37	0x10052410
UG_ButtonGetFont	38	0x10052490
UG_ButtonGetForeColor	39	0x100523f0
UG_ButtonGetHSpace	40	0x100524d0
UG_ButtonGetStyle	41	0x100524b0
UG_ButtonGetText	42	0x10052470
UG_ButtonGetVSpace	43	0x100524f0
UG_ButtonSetAlignment	44	0x100523d0
UG_ButtonSetAlternateBackColor	45	0x100522c0
UG_ButtonSetAlternateForeColor	46	0x100522a0
UG_ButtonSetBackColor	47	0x10052280
UG_ButtonSetFont	48	0x10052300
UG_ButtonSetForeColor	49	0x10052260
UG_ButtonSetHSpace	50	0x10052390
UG_ButtonSetStyle	51	0x10052320
UG_ButtonSetText	52	0x100522e0
UG_ButtonSetVSpace	53	0x100523b0
UG_CheckboxCreate	54	0x10052790
UG_CheckboxGetAlignment	55	0x10052510
UG_CheckboxGetAlternateBackColor	56	0x10052450
UG_CheckboxGetAlternateForeColor	57	0x10052430
UG_CheckboxGetBackColor	58	0x10052410
UG_CheckboxGetChecked	59	0x100528c0
UG_CheckboxGetFont	60	0x10052490
UG_CheckboxGetForeColor	61	0x100523f0
UG_CheckboxGetHSpace	62	0x100524d0
UG_CheckboxGetStyle	63	0x100524b0
UG_CheckboxGetText	64	0x10052470
UG_CheckboxGetVSpace	65	0x100524f0
UG_CheckboxSetAlignment	66	0x100523d0
UG_CheckboxSetAlternateBackColor	67	0x100522c0
UG_CheckboxSetAlternateForeColor	68	0x100522a0
UG_CheckboxSetBackColor	69	0x10052280
UG_CheckboxSetCheched	70	0x100528a0
UG_CheckboxSetFont	71	0x10052300
UG_CheckboxSetForeColor	72	0x10052260
UG_CheckboxSetHSpace	73	0x10052390
UG_CheckboxSetStyle	74	0x10052320
UG_CheckboxSetText	75	0x100522e0
UG_CheckboxSetVSpace	76	0x100523b0
UG_Deinit	77	0x1004fa60
UG_DrawArc	78	0x100505d0
UG_DrawBMP	79	0x10051690
UG_DrawCircle	80	0x10050180
UG_DrawFrame	81	0x1004ffd0
UG_DrawLine	82	0x10050930
UG_DrawMesh	83	0x1004fed0
UG_DrawPixel	84	0x10050130
UG_DrawRoundFrame	85	0x10050020
UG_DriverDisable	86	0x10051450
UG_DriverEnable	87	0x10051420
UG_DriverRegister	88	0x100513f0
UG_FONT_MONTSERRAT_10	89	0x1027e9bc
UG_FillCircle	90	0x10050470
UG_FillFrame	91	0x1004fb30
UG_FillRoundFrame	92	0x1004fd10
UG_FillScreen	93	0x1004fb00
UG_FindObject	94	0x10051170
UG_FontGetHSpace	95	0x10050e20
UG_FontGetVSpace	96	0x10050e30
UG_FontSelect	97	0x1004fad0
UG_FontSetHSpace	98	0x10050e00
UG_FontSetVSpace	99	0x10050e10
UG_GetGUI	100	0x1004fac0
UG_GetXDim	101	0x10050de0
UG_GetYDim	102	0x10050df0
UG_ImageCreate	103	0x10055130
UG_ImageSetBMP	104	0x10055200
UG_ImageSetRecolor	105	0x10055230
UG_Init	106	0x1004f8f0
UG_LabelCreate	107	0x10055ba0
UG_LabelGetAlignment	108	0x10055f60
UG_LabelGetBackColor	109	0x10055ea0
UG_LabelGetBackOpa	110	0x10055ec0
UG_LabelGetFont	111	0x10055f00
UG_LabelGetForeColor	112	0x10055e80
UG_LabelGetHSpace	113	0x10055f20
UG_LabelGetText	114	0x10055ee0
UG_LabelGetVSpace	115	0x10055f40
UG_LabelSetAlignment	116	0x10055e40
UG_LabelSetBackColor	117	0x10055cb0
UG_LabelSetBackGradColor	118	0x10055cd0
UG_LabelSetBackGradDir	119	0x10055cf0
UG_LabelSetBackOpa	120	0x10055d10
UG_LabelSetFont	121	0x10055de0
UG_LabelSetForeColor	122	0x10055c90
UG_LabelSetHSpace	123	0x10055e00
UG_LabelSetLongMode	124	0x10055e60
UG_LabelSetText	125	0x10055d30
UG_LabelSetTextStatic	126	0x10055db0
UG_LabelSetVSpace	127	0x10055e20
UG_LevelImgCreate	128	0x10056e90
UG_LevelImgGetLevel	129	0x10056ff0
UG_LevelImgGetLevelNum	130	0x10056fe0
UG_LevelImgSetAnimReadyCb	131	0x100570c0
UG_LevelImgSetLevel	132	0x10056f40
UG_LevelImgSetRecolor	133	0x10055230
UG_LevelImgStartAutoAnim	134	0x10057000
UG_LevelImgStopAutoAnim	135	0x10056cf0
UG_MeasureString	136	0x10050cd0
UG_ObjectDelete	137	0x100511b0
UG_ObjectGetRelX	138	0x10052090
UG_ObjectGetRelY	139	0x100520a0
UG_ObjectHide	140	0x10051f40
UG_ObjectIsVisible	141	0x10052080
UG_ObjectSetPos	142	0x100520b0
UG_ObjectShow	143	0x10051ff0
UG_PutString	144	0x10050c00
UG_SelectGUI	145	0x1004faa0
UG_TickGet	146	0x10051680
UG_TickInc	147	0x10051670
UG_TimerCreate	148	0x1004e970
UG_TimerDelete	149	0x1004e9e0
UG_TimerSetPeriod	150	0x1004ea20
UG_TimerStart	151	0x1004ea40
UG_TimerStop	152	0x1004ea50
UG_TouchUpdate	153	0x100517a0
UG_Update	154	0x10051480
UG_WaitForUpdate	155	0x10051660
UG_WindowCreate	156	0x10051830
UG_WindowDelete	157	0x100518d0
UG_WindowGetArea	158	0x10051e60
UG_WindowGetBackColor	159	0x10051da0
UG_WindowGetForeColor	160	0x10051d80
UG_WindowGetStyle	161	0x10051e40
UG_WindowGetXEnd	162	0x10051e00
UG_WindowGetXStart	163	0x10051dc0
UG_WindowGetYEnd	164	0x10051e20
UG_WindowGetYStart	165	0x10051de0
UG_WindowHide	166	0x100519e0
UG_WindowResize	167	0x10051a70
UG_WindowSetBackColor	168	0x10051c10
UG_WindowSetForeColor	169	0x10051be0
UG_WindowSetStyle	170	0x10051d40
UG_WindowSetXEnd	171	0x10051cc0
UG_WindowSetXStart	172	0x10051c40
UG_WindowSetYEnd	173	0x10051d00
UG_WindowSetYStart	174	0x10051c80
UG_WindowShow	175	0x10051940
_UG_AttachObject	176	0x10051130
_UG_FreeObject	177	0x10051820
_UG_NewObject	178	0x100517d0
_UG_ObjectApplyId	179	0x100510d0
_UG_ObjectDefRequire	180	0x10051100
_framework_app_ezoc_obj	181	0x102c689c
_framework_arc_ezoc_obj	182	0x102c68a8
_framework_artchar_ezoc_obj	183	0x102c68ac
_framework_avi_ezoc_obj	184	0x102c68b0
_framework_bar_ezoc_obj	185	0x102c68b4
_framework_button_ezoc_obj	186	0x102c68b8
_framework_canvas_ezoc_obj	187	0x102c68bc
_framework_chart_ezoc_obj	188	0x102c68c0
_framework_checkbox_ezoc_obj	189	0x102c68c4
_framework_clock_ezoc_obj	190	0x102c68c8
_framework_dropdown_ezoc_obj	191	0x102c68cc
_framework_image_btn_ezoc_obj	192	0x102c68d4
_framework_image_ezoc_obj	193	0x102c68d0
_framework_imgroller_ezoc_obj	194	0x102c68d8
_framework_label_ezoc_obj	195	0x102c68dc
_framework_levelimg_ezoc_obj	196	0x102c68e0
_framework_list_ezoc_obj	197	0x102c68e4
_framework_roller_ezoc_obj	198	0x102c68e8
_framework_screen_ezoc_obj	199	0x102c68ec
_framework_slider_ezoc_obj	200	0x102c68f0
_framework_switch_ezoc_obj	201	0x102c68f4
_framework_textarea_ezoc_obj	202	0x102c68f8
_framework_timer_ezoc_obj	203	0x102c68fc
_framework_touch_ezoc_obj	204	0x102c6900
_framework_ui_ezoc_obj	205	0x102c68a0
_framework_var_ezoc_obj	206	0x102c68a4
_framework_widget_ezoc_obj	207	0x102c6904
_synwit_sdcmd_add	208	0x10003c80
_synwit_ug_set_screen_map	209	0x1004f260
_synwit_ug_set_widget_map	210	0x1004f280
_ug_app_screen_register	211	0x10001c50
_ug_mem_get_size	212	0x1004b8c0
_ug_widget_register	213	0x1004b990
action_back_register	214	0x10001f80
action_execute_register	215	0x10002260
action_goto_screen_register	216	0x10003210
action_pause_avi_register	217	0x10002390
action_play_avi_register	218	0x10002440
action_replay_avi_register	219	0x100024f0
action_set_bg_color_register	220	0x100026e0
action_set_font_by_name_register	221	0x10002970
action_set_text_color_register	222	0x10002da0
action_set_text_register	223	0x10002b40
action_set_text_with_color_and_font_register	224	0x10003560
action_set_visibility_register	225	0x10003690
action_slide_to_screen_register	226	0x10003ae0
action_stop_avi_register	227	0x10003b90
app_register_screens	228	0x10044bd0
cls_arc_naming	229	0x10058200
cls_arc_register	230	0x100581e0
cls_artchar_naming	231	0x10058f60
cls_artchar_register	232	0x10058f40
cls_avi_naming	233	0x1005a170
cls_avi_register	234	0x1005a150
cls_bar_naming	235	0x1005bc70
cls_bar_register	236	0x1005bc50
cls_button_naming	237	0x1005c740
cls_button_register	238	0x1005c720
cls_canvas_naming	239	0x1005db70
cls_canvas_register	240	0x1005db50
cls_chart_naming	241	0x1005e230
cls_chart_register	242	0x1005e210
cls_checkbox_naming	243	0x1005f340
cls_checkbox_register	244	0x1005f320
cls_clock_naming	245	0x10060160
cls_clock_register	246	0x10060140
cls_dropdown_naming	247	0x100614c0
cls_dropdown_register	248	0x100614a0
cls_image_btn_naming	249	0x10062e70
cls_image_btn_register	250	0x10062e50
cls_image_naming	251	0x100625c0
cls_image_register	252	0x100625a0
cls_imgroller_naming	253	0x10063cc0
cls_imgroller_register	254	0x10063ca0
cls_label_naming	255	0x100649c0
cls_label_register	256	0x100649a0
cls_levelimg_naming	257	0x10065680
cls_levelimg_register	258	0x10065660
cls_list_naming	259	0x100674d0
cls_list_register	260	0x100674b0
cls_roller_naming	261	0x10068820
cls_roller_register	262	0x10068800
cls_screen_naming	263	0x10069720
cls_screen_register	264	0x10069700
cls_slider_naming	265	0x10069cd0
cls_slider_register	266	0x10069cb0
cls_switch_naming	267	0x1006a9b0
cls_switch_register	268	0x1006a990
cls_textarea_naming	269	0x1006b400
cls_textarea_register	270	0x1006b3e0
cls_timer_naming	271	0x1006ce20
cls_timer_register	272	0x1006ce00
cls_touch_naming	273	0x1006d250
cls_touch_register	274	0x1006d230
cls_ug_arc_naming	275	0x10052e20
cls_ug_arc_register	276	0x10052e00
cls_ug_bar_naming	277	0x10053af0
cls_ug_bar_register	278	0x10053ad0
cls_ug_image_naming	279	0x10054910
cls_ug_image_register	280	0x100548f0
cls_ug_label_naming	281	0x10055350
cls_ug_label_register	282	0x10055330
cls_ug_levelimg_naming	283	0x10056180
cls_ug_levelimg_register	284	0x10056160
cls_ug_screen_naming	285	0x10057100
cls_ug_screen_register	286	0x100570e0
cls_widget_naming	287	0x1006d490
cls_widget_register	288	0x1006d470
ezoc_interpreter	289	0x102c6898
ezoc_label_helper_create_private_data	290	0x10031710
ezoc_label_helper_get	291	0x10031810
ezoc_label_helper_release_private_data	292	0x10031750
ezoc_label_helper_set	293	0x10031ac0
gb_deinit	294	0x10035000
gb_export	295	0x10034d60
gb_export_ui_dsc	296	0x10035d00
gb_font_del_by_name	297	0x10007a80
gb_font_import	298	0x100079f0
gb_font_set_flag	299	0x10007a10
gb_ftconv	300	0x10034c30
gb_ftconv_with_progress	301	0x100344e0
gb_get_avi_info	302	0x1005a9b0
gb_get_font_alias	303	0x10008270
gb_get_gui_platform	304	0x10035310
gb_get_image_size	305	0x10020630
gb_get_virtual_render_buffer	306	0x10035330
gb_image_conv	307	0x10020730
gb_init	308	0x10035340
gb_init_widget_id_allocator	309	0x1006e7b0
gb_prop_transaction_begin	310	0x1006e7f0
gb_prop_transaction_commit	311	0x1006e850
gb_reaction_del	312	0x1006e150
gb_reaction_set_action	313	0x1006dfb0
gb_serial_display_next_frame	314	0x100227e0
gb_serial_display_send	315	0x10022960
gb_serial_display_server_start	316	0x10022500
gb_serial_display_server_stop	317	0x10022a60
gb_set_entry_screen	318	0x1006e2a0
gb_set_gui_platform	319	0x10035320
gb_take_snapshot	320	0x10039e50
gb_widget_add_reaction	321	0x1006df40
gb_widget_adj_layer	322	0x1006e2d0
gb_widget_clear_image_list	323	0x1006e380
gb_widget_create	324	0x1006dc70
gb_widget_del	325	0x1006e910
gb_widget_get_class_name	326	0x1006e720
gb_widget_get_id	327	0x10043040
gb_widget_set_id	328	0x1006e770
gb_widget_set_property	329	0x1006de60
gb_widget_switch_part	330	0x1006e230
gb_widget_switch_state	331	0x1006e1a0
gps_tracker_clear_tags	332	0x100580d0
gps_tracker_colorize_line	333	0x10058180
gps_tracker_create	334	0x10057e60
gps_tracker_del	335	0x100581a0
gps_tracker_feed	336	0x10058050
gps_tracker_get_view_range	337	0x10058030
gps_tracker_set_line_width	338	0x10058160
gps_tracker_set_origin	339	0x10057f70
gps_tracker_set_spin_transition	340	0x10058130
gps_tracker_set_view_range	341	0x10057fb0
gps_tracker_tag	342	0x10058090
lv_artchar_get_text	343	0x10059b50
lv_artchar_set_text	344	0x10059b00
lv_avi_create	345	0x1005bb40
lv_avi_del	346	0x1005bba0
lv_avi_enable_audio_output	347	0x1005b8c0
lv_avi_forward	348	0x1005ba90
lv_avi_get_cur_frame_index	349	0x1005b800
lv_avi_get_state	350	0x1005b790
lv_avi_get_total_frame	351	0x1005b7d0
lv_avi_get_volume	352	0x1005ba40
lv_avi_get_wav_duration	353	0x1005b830
lv_avi_get_wav_elapsed	354	0x1005b860
lv_avi_pause	355	0x1005b6e0
lv_avi_play	356	0x1005b430
lv_avi_replay	357	0x1005b750
lv_avi_set_on_completed_cb	358	0x1005b400
lv_avi_set_progress_bar	359	0x1005b8a0
lv_avi_set_repeat_count	360	0x1005b770
lv_avi_set_src	361	0x1005b280
lv_avi_set_stop_style	362	0x1005b7b0
lv_avi_set_volume	363	0x1005b9c0
lv_avi_stop	364	0x1005a370
lv_canvas_clear	365	0x1005e1e0
lv_canvas_draw_line_by_brush	366	0x1005e140
lv_canvas_set_brush_color	367	0x1005e180
lv_canvas_set_brush_width	368	0x1005e1b0
lv_clock_set_time	369	0x10061310
lv_clock_set_time_string	370	0x10061370
lv_clock_start_auto_anim	371	0x10061470
lv_clock_stop_auto_anim	372	0x100608f0
lv_imgex_create	373	0x10062d00
lv_imgex_set_src	374	0x10062d10
lv_levelimg_get_anim_end_level	375	0x10067480
lv_levelimg_get_anim_start_level	376	0x10067450
lv_levelimg_get_interval	377	0x10067390
lv_levelimg_get_level	378	0x100670e0
lv_levelimg_get_level_num	379	0x10067110
lv_levelimg_get_positive_order	380	0x100673f0
lv_levelimg_get_repeat_count	381	0x100673c0
lv_levelimg_get_reverse_order	382	0x10067420
lv_levelimg_set_anim_range	383	0x100671c0
lv_levelimg_set_frame_interval	384	0x100672b0
lv_levelimg_set_level	385	0x100663c0
lv_levelimg_set_playtime	386	0x10067230
lv_levelimg_set_ready_cb	387	0x10067360
lv_levelimg_start_auto_anim	388	0x10067190
lv_levelimg_stop_auto_anim	389	0x10067140
lv_list_decorate_btn	390	0x10068190
lv_textarea_set_on_kb_create_cb	391	0x1006cdd0
lv_timer_get_period	392	0x1006d180
lv_timer_get_repeat	393	0x1006d1b0
lv_timer_get_tick	394	0x1006d200
lv_timer_set_period	395	0x1006d110
lv_timer_set_repeat	396	0x1006d150
lv_timer_set_tick	397	0x1006d1e0
lv_timer_start	398	0x1006d070
lv_timer_stop	399	0x1006d0d0
lv_win32_set_toolbar_icons	400	0x100d2c60
lv_win32_update_memory_info	401	0x100d32a0
path_utf8_to_local	402	0x10043870
render_invalidate_area	403	0x1004bfb0
synwit_ezoc_add_ops	404	0x10005a20
synwit_ezoc_remove_ops	405	0x10005c10
synwit_ezoc_run	406	0x10005d30
synwit_sdcmd_end	407	0x10003dd0
synwit_sdcmd_getter_begin	408	0x10003c60
synwit_sdcmd_run	409	0x10021f10
synwit_sdcmd_setter_begin	410	0x10003c40
synwit_ug_get_cur_screen_id	411	0x1004f140
synwit_ug_get_cur_window	412	0x1004f150
synwit_ug_get_platform_version_name	413	0x10025cc0
synwit_ug_load_screen	414	0x1004eb30
synwit_ug_reset_glyph_cache	415	0x1004b570
synwit_ug_start	416	0x1004f2a0
synwit_ug_start_scr_timer	417	0x1004f160
synwit_ug_stop_scr_timer	418	0x1004f220
synwit_ui_find_lv_obj	419	0x10025890
synwit_ui_find_lv_obj_by_name	420	0x100258c0
synwit_ui_font_get	421	0x10008340
synwit_ui_font_load	422	0x10008360
synwit_ui_font_unload	423	0x100083d0
synwit_ui_get_cur_screen_id	424	0x10025ca0
synwit_ui_get_platform_version_name	425	0x10025cc0
synwit_ui_get_screen_id_by_name	426	0x100258e0
synwit_ui_init_load_scr_dsc	427	0x10025960
synwit_ui_load_image_file	428	0x100208e0
synwit_ui_load_screen	429	0x10025bd0
synwit_ui_load_screen_with_dsc	430	0x10025980
synwit_ui_pref_close	431	0x10042c50
synwit_ui_pref_get_int	432	0x10042de0
synwit_ui_pref_get_key_by_idx	433	0x10043020
synwit_ui_pref_get_num	434	0x10043040
synwit_ui_pref_get_string	435	0x10042e30
synwit_ui_pref_get_value_by_idx	436	0x10042ff0
synwit_ui_pref_open	437	0x10042c30
synwit_ui_pref_remove	438	0x10042f20
synwit_ui_pref_save	439	0x10042c60
synwit_ui_pref_set_int	440	0x10042ea0
synwit_ui_pref_set_string	441	0x10042e80
synwit_ui_reg_screen	442	0x10025d00
synwit_ui_start	443	0x10008410
synwit_ui_start_scr_timer	444	0x10025c30
synwit_ui_stop_scr_timer	445	0x10025c70
synwit_ui_transition_screen	446	0x10025bf0
synwit_ui_unload_image	447	0x10020c30
synwit_ui_use_interpreter	448	0x10001fe0
synwit_wav_close	449	0x100420f0
synwit_wav_open	450	0x10042040
synwit_wav_pause	451	0x10042450
synwit_wav_play	452	0x10042350
synwit_wav_play_sync	453	0x10042140
synwit_wav_set_on_completed_cb	454	0x10042480
synwit_wav_stop	455	0x100423e0
te_compile	456	0x1002f510
te_eval	457	0x1002f040
te_free	458	0x1002e280
te_interp	459	0x1002f5f0
te_print	460	0x1002f790
ug_mem_alloc	461	0x1004b5e0
ug_mem_deinit	462	0x1004b5c0
ug_mem_free	463	0x1004b700
ug_mem_init	464	0x1004b590
ug_mem_monitor	465	0x1004b8e0
ug_mem_realloc	466	0x1004b810
ugui031_get_summary_of_screens	467	0x1004e750

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll32.exePID: 8152, Parent PID: 640

General

Target ID:	1
Start time:	13:54:23
Start date:	29/10/2024
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe "C:\Users\user\Desktop\Jr2YluqEVG.dll"
Imagebase:	0xfc0000
File size:	126'464 bytes
MD5 hash:	51E6071F9CBA48E79F10C84515AAE618
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 7192, Parent PID: 8152

General

Target ID:	2
Start time:	13:54:23
Start date:	29/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff720030000
File size:	873'472 bytes
MD5 hash:	7366FBEFE66BA0F1F5304F7D6FEF09FE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7324, Parent PID: 8152

General

Target ID:	3
Start time:	13:54:24
Start date:	29/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\Jr2YluqEVG.dll",#1
Imagebase:	0xb80000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 7352, Parent PID: 8152

General

Target ID:	4
Start time:	13:54:24
Start date:	29/10/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\Jr2YluqEVG.dll,?gb_FB2CImage@@YAHPAXHHAAVCImage@ATL@@_N@Z
Imagebase:	0x8a0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 7396, Parent PID: 7324

General

Target ID:	5
Start time:	13:54:24
Start date:	29/10/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\Jr2YluqEVG.dll",#1
Imagebase:	0x8a0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 7596, Parent PID: 8152

General

Target ID:	6
Start time:	13:54:27
Start date:	29/10/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\Jr2YluqEVG.dll,?gb_get_widget_image_with_alpha@@YAHPAXAAVCImage@ATL@@_N@Z
Imagebase:	0x8a0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 7684, Parent PID: 8152

General

Target ID:	7
Start time:	13:54:30
Start date:	29/10/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\Jr2YluqEVG.dll,UG_ArcCreate
Imagebase:	0x8a0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Jr2YluqEVG.dll

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: loaddll32.exePID: 8152, Parent PID: 640

General

Chronological Activities

Analysis Process: conhost.exePID: 7192, Parent PID: 8152

General

Chronological Activities

Analysis Process: cmd.exePID: 7324, Parent PID: 8152

General

Chronological Activities

Analysis Process: rundll32.exePID: 7352, Parent PID: 8152

General

Chronological Activities

Analysis Process: rundll32.exePID: 7396, Parent PID: 7324

Windows Analysis Report
Jr2YluqEVG.dll