Windows Analysis Report Firmware Update - HD-HD1A-V1.7.2_GPS.exe
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus detection for dropped file |
Source: | Avira: |
Source: | Static PE information: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | File created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | Mutant created: |
Source: | File created: |
Source: | Static PE information: |
Source: | Section loaded: |
Source: | File read: |
Source: | Key opened: |
Source: | File read: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Window detected: |
Source: | Key value created or modified: |
Source: | Static file information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | File opened / queried: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | File Volume queried: | ||
Source: | File Volume queried: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | DLL Side-Loading1 | Process Injection1 | Masquerading22 | OS Credential Dumping | Security Software Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Data Obfuscation | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Registry Run Keys / Startup Folder1 | DLL Side-Loading1 | Virtualization/Sandbox Evasion1 | LSASS Memory | Virtualization/Sandbox Evasion1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Registry Run Keys / Startup Folder1 | Process Injection1 | Security Account Manager | File and Directory Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | DLL Side-Loading1 | NTDS | System Information Discovery12 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
No Antivirus matches |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Dropper.Gen |
No Antivirus matches |
---|
No Antivirus matches |
---|
No Antivirus matches |
---|
No contacted domains info |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 86 |
Start date: | 29.06.2021 |
Start time: | 21:39:37 |
Joe Sandbox Product: | CloudBasic |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Firmware Update - HD-HD1A-V1.7.2_GPS.exe |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Detection: | MAL |
Classification: | mal48.winEXE@5/18@0/0 |
Warnings: | Show All
|
Process: | C:\Users\alfredo\Desktop\Firmware Update - HD-HD1A-V1.7.2_GPS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 454656 |
Entropy (8bit): | 7.334997258346603 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\Firmware Update - HD-HD1A-V1.7.2_GPS.exe |
File Type: | |
Category: | modified |
Size (bytes): | 346654 |
Entropy (8bit): | 7.889148607317336 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\Firmware Update - HD-HD1A-V1.7.2_GPS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 116442 |
Entropy (8bit): | 4.729001881244087 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\Firmware Update - HD-HD1A-V1.7.2_GPS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 167926 |
Entropy (8bit): | 6.206632501179402 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\Firmware Update - HD-HD1A-V1.7.2_GPS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 167926 |
Entropy (8bit): | 3.147025307853983 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\Firmware Update - HD-HD1A-V1.7.2_GPS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 167926 |
Entropy (8bit): | 4.394500643269032 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\Firmware Update - HD-HD1A-V1.7.2_GPS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 167926 |
Entropy (8bit): | 3.6147958656153993 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\Firmware Update - HD-HD1A-V1.7.2_GPS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 1.6176853708804466 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\Firmware Update - HD-HD1A-V1.7.2_GPS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 167926 |
Entropy (8bit): | 6.018738622681652 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\Firmware Update - HD-HD1A-V1.7.2_GPS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 48128 |
Entropy (8bit): | 6.3377933069406085 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\Firmware Update - HD-HD1A-V1.7.2_GPS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1326 |
Entropy (8bit): | 4.633540847225508 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\Firmware Update - HD-HD1A-V1.7.2_GPS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1191 |
Entropy (8bit): | 4.588838213435859 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\Firmware Update - HD-HD1A-V1.7.2_GPS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1290 |
Entropy (8bit): | 4.667919376770167 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\Firmware Update - HD-HD1A-V1.7.2_GPS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322560 |
Entropy (8bit): | 6.022042357945053 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\Firmware Update - HD-HD1A-V1.7.2_GPS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 397824 |
Entropy (8bit): | 5.945413428477709 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\Firmware Update - HD-HD1A-V1.7.2_GPS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 119808 |
Entropy (8bit): | 5.950998905309213 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\Firmware Update - HD-HD1A-V1.7.2_GPS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 163480 |
Entropy (8bit): | 5.796385844990045 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\Firmware Update - HD-HD1A-V1.7.2_GPS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1070232 |
Entropy (8bit): | 6.301401815183038 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.980160847169625 |
TrID: |
|
File name: | Firmware Update - HD-HD1A-V1.7.2_GPS.exe |
File size: | 2774325 |
MD5: | 654dbe89655b5c9defa4e02ef17f5bd7 |
SHA1: | ab77cc7aa63e90884a531173e89413110a3ebfe3 |
SHA256: | 853f3f4b030b482657da5f72ba243087ca0d2064986ba1ae6fff0cfdcd512389 |
SHA512: | 709ef8dec7810995702f4f0b451dedaba97ad23aac1638074058c7466230520cfa5e790f5aa2d70e48b7c40093433b173189f290a3830af465d885fe4518a564 |
SSDEEP: | 49152:pjGmekmoOSbE33Mpia9m1tJRAaKG3v4y7YIwjDKPa+9E94oNs:pdekESb+30ia81fRPKFy7YIwXQ |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P...1...1...1...-...1..*....1..A-...1..*....1.......1.......1...1...1.......1...1..91..=....1...7...1..Rich.1................. |
File Icon |
---|
Icon Hash: | c8d49ccde690ae46 |
General | |
---|---|
Entrypoint: | 0x4253ca |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x40813A96 [Sat Apr 17 14:09:26 2004 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 76d5c02c1b61ff55cf8d344cde5d8b26 |
Instruction |
---|
push ebp |
mov ebp, esp |
push FFFFFFFFh |
push 00428828h |
push 00424EE0h |
mov eax, dword ptr fs:[00000000h] |
push eax |
mov dword ptr fs:[00000000h], esp |
sub esp, 58h |
push ebx |
push esi |
push edi |
mov dword ptr [ebp-18h], esp |
call dword ptr [0042812Ch] |
xor edx, edx |
mov dl, ah |
mov dword ptr [0047F344h], edx |
mov ecx, eax |
and ecx, 000000FFh |
mov dword ptr [0047F340h], ecx |
shl ecx, 08h |
add ecx, edx |
mov dword ptr [0047F33Ch], ecx |
shr eax, 10h |
mov dword ptr [0047F338h], eax |
xor esi, esi |
push esi |
call 00007F967C542EC5h |
pop ecx |
test eax, eax |
jne 00007F967C542DEAh |
push 0000001Ch |
call 00007F967C542E95h |
pop ecx |
mov dword ptr [ebp-04h], esi |
call 00007F967C544218h |
call dword ptr [00428108h] |
mov dword ptr [0047F840h], eax |
call 00007F967C5440D6h |
mov dword ptr [0047F378h], eax |
call 00007F967C543E7Fh |
call 00007F967C543DC1h |
call 00007F967C542593h |
mov dword ptr [ebp-30h], esi |
lea eax, dword ptr [ebp-5Ch] |
push eax |
call dword ptr [0042818Ch] |
call 00007F967C543D52h |
mov dword ptr [ebp-64h], eax |
test byte ptr [ebp-30h], 00000001h |
je 00007F967C542DE8h |
movzx eax, word ptr [ebp-2Ch] |
jmp 00007F967C542DE5h |
push 0000000Ah |
pop eax |
push eax |
push dword ptr [ebp-64h] |
push esi |
push esi |
call dword ptr [0042822Ch] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x28b88 | 0xf0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x80000 | 0xfb0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x28000 | 0x418 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x26ae0 | 0x26c00 | False | 0.58205015121 | data | 6.59632180574 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x28000 | 0x2208 | 0x2400 | False | 0.415907118056 | zlib compressed data | 5.57765758968 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x2b000 | 0x54858 | 0x3200 | False | 0.465703125 | data | 5.50529776871 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x80000 | 0xfb0 | 0x1000 | False | 0.37744140625 | data | 4.30991765431 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_CURSOR | 0x80e60 | 0x134 | data | Finnish | Finland |
RT_BITMAP | 0x80c88 | 0x1d4 | data | Finnish | Finland |
RT_ICON | 0x806d0 | 0x2e8 | data | Finnish | Finland |
RT_DIALOG | 0x802a0 | 0xf0 | data | Finnish | Finland |
RT_DIALOG | 0x80438 | 0x1e0 | data | Finnish | Finland |
RT_DIALOG | 0x80390 | 0xa6 | data | Finnish | Finland |
RT_DIALOG | 0x80618 | 0xb6 | data | Finnish | Finland |
RT_GROUP_CURSOR | 0x80f98 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Finnish | Finland |
RT_GROUP_ICON | 0x809b8 | 0x14 | data | Finnish | Finland |
RT_MANIFEST | 0x809d0 | 0x2b8 | XML 1.0 document, ASCII text, with CRLF line terminators | Finnish | Finland |
DLL | Import |
---|---|
KERNEL32.dll | WaitForSingleObject, GetModuleFileNameA, GetDateFormatA, GetSystemDirectoryA, GetWindowsDirectoryA, GetCommandLineA, GetVersionExA, CreateMutexA, GetPrivateProfileIntA, GetPrivateProfileStringA, lstrcmpA, GetSystemTime, LocalFree, LocalAlloc, GetVersion, GetSystemInfo, GetComputerNameA, SetEndOfFile, LCMapStringA, GetStringTypeW, GetStringTypeA, GetOEMCP, lstrcpynA, GetCPInfo, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, HeapSize, HeapReAlloc, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, GetStartupInfoA, RtlUnwind, TerminateProcess, HeapAlloc, HeapFree, GetExitCodeProcess, SetFileTime, GlobalMemoryStatus, GetShortPathNameA, SetErrorMode, WritePrivateProfileStringA, WritePrivateProfileSectionA, MoveFileExA, GetCurrentProcess, ExitProcess, WideCharToMultiByte, CreateProcessA, RemoveDirectoryA, GetFileTime, VerLanguageNameA, CompareFileTime, CopyFileA, GetFileSize, GetLogicalDriveStringsA, FreeLibrary, GetCurrentDirectoryA, SetCurrentDirectoryA, MultiByteToWideChar, SetFileAttributesA, LCMapStringW, GetTempPathA, GetFileAttributesA, CreateDirectoryA, GetLocaleInfoA, FindFirstFileA, lstrcmpiA, FindNextFileA, FindClose, GetDriveTypeA, lstrcatA, GetModuleHandleA, LoadLibraryA, GetProcAddress, GetTickCount, Sleep, GetCurrentThread, QueryPerformanceFrequency, QueryPerformanceCounter, GetThreadPriority, SetThreadPriority, GlobalReAlloc, GlobalUnlock, GlobalFree, GlobalAlloc, GlobalLock, MulDiv, lstrlenA, GetLastError, FormatMessageA, WriteFile, ReadFile, lstrcpyA, SetFilePointer, CreateFileA, CloseHandle, GetACP, DeleteFileA |
USER32.dll | FindWindowA, IsIconic, PostMessageA, RegisterClassA, SetRectEmpty, ExitWindowsEx, MsgWaitForMultipleObjects, GetMessageA, TranslateMessage, DispatchMessageA, FillRect, PostQuitMessage, EnableWindow, SetWindowPos, SetTimer, GetDlgItemTextA, CreateDialogParamA, GetWindowLongA, IsWindowEnabled, GetSystemMetrics, RegisterClassExA, GetClientRect, IsWindowVisible, PtInRect, SetCursor, EndDialog, GetActiveWindow, WaitMessage, IsDialogMessageA, MessageBoxA, CopyRect, KillTimer, DrawEdge, GetDlgItem, SendDlgItemMessageA, SetDlgItemTextA, PeekMessageA, SetWindowTextA, ReleaseDC, EnumDisplaySettingsA, LoadBitmapA, GetDC, DestroyWindow, DefWindowProcA, GetWindowRect, InvalidateRect, LoadIconA, LoadImageA, GetSysColor, GetDesktopWindow, SystemParametersInfoA, SetForegroundWindow, DialogBoxParamA, GetWindowTextLengthA, GetWindowTextA, CreateWindowExA, SetWindowLongA, SetFocus, GetSystemMenu, DeleteMenu, AppendMenuA, ShowWindow, LoadCursorA, GetCursorPos, ScreenToClient, SendMessageA |
GDI32.dll | SaveDC, SetMapMode, SetViewportOrgEx, RestoreDC, StartDocA, StartPage, EndPage, TextOutA, SetBkMode, SelectObject, CreateFontA, GetDeviceCaps, BitBlt, DeleteDC, DeleteObject, CreateSolidBrush, GetStockObject, SetBkColor, SetTextColor, CreateCompatibleBitmap, CreateCompatibleDC, StretchDIBits, GetTextExtentPoint32A, CreateBitmap, CreateDIBitmap, CreatePalette, AddFontResourceA, CreateScalableFontResourceA, EndDoc, RemoveFontResourceA |
comdlg32.dll | GetOpenFileNameA, PrintDlgA |
ADVAPI32.dll | RegCloseKey, RegOpenKeyExA, AdjustTokenPrivileges, LookupPrivilegeValueA, RegDeleteValueA, RegQueryInfoKeyA, RegEnumKeyExA, OpenThreadToken, DuplicateToken, AllocateAndInitializeSid, InitializeSecurityDescriptor, GetLengthSid, InitializeAcl, AddAccessAllowedAce, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, IsValidSecurityDescriptor, AccessCheck, FreeSid, GetUserNameA, RegSetValueExA, RegCreateKeyExA, OpenProcessToken, RegQueryValueExA |
SHELL32.dll | SHFileOperationA, SHBrowseForFolderA, SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, ShellExecuteA, SHChangeNotify |
ole32.dll | CoUninitialize, CoInitialize, OleInitialize, CoCreateInstance, OleUninitialize |
OLEAUT32.dll | RegisterTypeLib, LoadTypeLib |
WINMM.dll | waveOutGetNumDevs, midiOutGetNumDevs, joyGetPos |
COMCTL32.dll | ImageList_Create, ImageList_Add |
VERSION.dll | GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Finnish | Finland |