Windows
Analysis Report
ArsClip.exe
Overview
General Information
Detection
Score: | 3 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
ArsClip.exe (PID: 5444 cmdline:
C:\Users\u ser\Deskto p\ArsClip. exe MD5: D55F25D20D06270E1EE4FB74DD520935)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
- • Compliance
- • Networking
- • Key, Mouse, Clipboard, Microphone and Screen Capturing
- • System Summary
- • Data Obfuscation
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Static PE information: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Classification label: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File created: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 2 Command and Scripting Interpreter | Path Interception | Path Interception | 1 Masquerading | 1 Input Capture | 11 System Information Discovery | Remote Services | 1 Input Capture | Exfiltration Over Other Network Medium | Data Obfuscation | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
10% | ReversingLabs | |||
3% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
Joe Sandbox Version: | 37.1.0 Beryl |
Analysis ID: | 886489 |
Start date and time: | 2023-06-13 11:11:22 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 39s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 2 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample file name: | ArsClip.exe |
Detection: | CLEAN |
Classification: | clean3.winEXE@1/1@0/0 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): audiodg.exe - Excluded domains from analysis
(whitelisted): ctldl.windowsu pdate.com
Process: | C:\Users\user\Desktop\ArsClip.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 1.5 |
Encrypted: | false |
SSDEEP: | 3:P:P |
MD5: | 8E9555A941CA09F34EDAD613FA5056F0 |
SHA1: | BCE700D07EA8E1A520017ADDA35694091EFF6D2A |
SHA-256: | 15E267C790456C7C819473CAF878B4B6B126C132385377044EC2862A3769604B |
SHA-512: | 39FDAE37F0FE2E483730F58517124C336CC1447ABDDCA07F197D819945B775B2B78D5ECC6C6E596CCD9DF66A1B0FEFC836790BF860D7435B70B39230AFB932AE |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.572892392052099 |
TrID: |
|
File name: | ArsClip.exe |
File size: | 4961792 |
MD5: | d55f25d20d06270e1ee4fb74dd520935 |
SHA1: | 2ccfa7b5a81f6782ede89eee7a912f818218546c |
SHA256: | 3a43b9f506c3ece842718de4a91e9215bd84e738284e605befc0e097d684d159 |
SHA512: | 1c91bdd790fdf8cbb03f63aee513d73a9ac10b5f60daa866ce0561f64e600efebe769797933634b391c915f547e160997c7039efbbe7c8ccdce13da81744bbfa |
SSDEEP: | 98304:zY/zvmnWO4S41zrXjdQYaIT9WtI9pE/1ErSy/Q:zYj9zDjd9aQlpEO/Q |
TLSH: | D1367D12B244643BC477167A9C67E3A5783EBF602A22DC4B2BB03D4C5F766817D2A707 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 064f5616963333cc |
Entrypoint: | 0x73f350 |
Entrypoint Section: | .itext |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x5B280B58 [Mon Jun 18 19:43:20 2018 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 8c015e65b8deee6e52ccf1cfd161c2ee |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFD0h |
xor eax, eax |
mov dword ptr [ebp-2Ch], eax |
mov dword ptr [ebp-30h], eax |
mov dword ptr [ebp-14h], eax |
mov dword ptr [ebp-18h], eax |
mov dword ptr [ebp-20h], eax |
mov dword ptr [ebp-24h], eax |
mov eax, 00734680h |
call 00007FE6710563EDh |
xor eax, eax |
push ebp |
push 0073FBFFh |
push dword ptr fs:[eax] |
mov dword ptr fs:[eax], esp |
mov byte ptr [00752DACh], 00000000h |
mov eax, 00752DA8h |
call 00007FE67105210Eh |
call 00007FE67104E1B5h |
dec eax |
jne 00007FE671388BB7h |
lea edx, dword ptr [ebp-30h] |
mov eax, 00000001h |
call 00007FE67104E205h |
mov eax, dword ptr [ebp-30h] |
lea edx, dword ptr [ebp-2Ch] |
call 00007FE67106B26Eh |
mov edx, dword ptr [ebp-2Ch] |
mov eax, 00752DA8h |
call 00007FE6710524C1h |
lea eax, dword ptr [ebp-14h] |
mov edx, dword ptr [00752DA8h] |
call 00007FE6710524FBh |
lea eax, dword ptr [ebp-18h] |
mov edx, 0073FC18h |
call 00007FE6710524EEh |
mov eax, dword ptr [ebp-14h] |
cmp eax, dword ptr [ebp-18h] |
jne 00007FE671388B98h |
mov byte ptr [ebp-19h], 00000001h |
jmp 00007FE671388BB5h |
cmp dword ptr [ebp-14h], 00000000h |
je 00007FE671388B98h |
cmp dword ptr [ebp-18h], 00000000h |
jne 00007FE671388B98h |
mov byte ptr [ebp-19h], 00000000h |
jmp 00007FE671388BA3h |
mov edx, dword ptr [ebp-18h] |
mov eax, dword ptr [ebp-14h] |
call 00007FE67106B36Bh |
test eax, eax |
sete byte ptr [ebp-19h] |
cmp byte ptr [ebp-19h], 00000000h |
je 00007FE671388BC6h |
mov eax, dword ptr [0074CB80h] |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x353000 | 0x43d4 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x39e000 | 0x128e00 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x35b000 | 0x424cc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x35a000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x353c9c | 0xa58 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x358000 | 0x88a | .didata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x33bc9c | 0x33be00 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.itext | 0x33d000 | 0x31c8 | 0x3200 | False | 0.4921875 | data | 6.071311108040413 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x341000 | 0xbd90 | 0xbe00 | False | 0.5257606907894737 | data | 5.984114652662673 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.bss | 0x34d000 | 0x5db0 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0x353000 | 0x43d4 | 0x4400 | False | 0.31135110294117646 | data | 5.082211816081088 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.didata | 0x358000 | 0x88a | 0xa00 | False | 0.321484375 | data | 3.751048456423829 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0x359000 | 0x4c | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x35a000 | 0x18 | 0x200 | False | 0.05078125 | data | 0.2108262677871819 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x35b000 | 0x424cc | 0x42600 | False | 0.5528815030602636 | data | 6.702845387908835 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.rsrc | 0x39e000 | 0x128e00 | 0x128e00 | False | 0.42487993421052633 | data | 6.470474015995619 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_CURSOR | 0x3a04a0 | 0x134 | data | English | United States |
RT_CURSOR | 0x3a05d4 | 0x134 | data | English | United States |
RT_CURSOR | 0x3a0708 | 0x134 | data | English | United States |
RT_CURSOR | 0x3a083c | 0x134 | data | English | United States |
RT_CURSOR | 0x3a0970 | 0x134 | data | English | United States |
RT_CURSOR | 0x3a0aa4 | 0x134 | data | English | United States |
RT_CURSOR | 0x3a0bd8 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States |
RT_CURSOR | 0x3a0d0c | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States |
RT_BITMAP | 0x3a0e40 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States |
RT_BITMAP | 0x3a1010 | 0x1e4 | Device independent bitmap graphic, 36 x 19 x 4, image size 380 | English | United States |
RT_BITMAP | 0x3a11f4 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States |
RT_BITMAP | 0x3a13c4 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States |
RT_BITMAP | 0x3a1594 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States |
RT_BITMAP | 0x3a1764 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States |
RT_BITMAP | 0x3a1934 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States |
RT_BITMAP | 0x3a1b04 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States |
RT_BITMAP | 0x3a1cd4 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States |
RT_BITMAP | 0x3a1ea4 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States |
RT_BITMAP | 0x3a2074 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States |
RT_BITMAP | 0x3a2134 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States |
RT_BITMAP | 0x3a2214 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States |
RT_BITMAP | 0x3a22f4 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States |
RT_BITMAP | 0x3a23d4 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States |
RT_BITMAP | 0x3a2494 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States |
RT_BITMAP | 0x3a2554 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States |
RT_BITMAP | 0x3a2634 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States |
RT_BITMAP | 0x3a26f4 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States |
RT_BITMAP | 0x3a27d4 | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | English | United States |
RT_BITMAP | 0x3a28bc | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States |
RT_BITMAP | 0x3a297c | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States |
RT_ICON | 0x3a2a5c | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152, 256 important colors | English | United States |
RT_ICON | 0x3a3304 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colors | English | United States |
RT_ICON | 0x3a386c | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States |
RT_ICON | 0x3a5e14 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States |
RT_ICON | 0x3a6ebc | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States |
RT_ICON | 0x3a7324 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States |
RT_ICON | 0x3a778c | 0x368 | Device independent bitmap graphic, 16 x 32 x 24, image size 832 | English | United States |
RT_ICON | 0x3a7af4 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States |
RT_ICON | 0x3a7f5c | 0x368 | Device independent bitmap graphic, 16 x 32 x 24, image size 832 | English | United States |
RT_ICON | 0x3a82c4 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States |
RT_ICON | 0x3a872c | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States |
RT_ICON | 0x3a8b94 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States |
RT_ICON | 0x3a8ffc | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | United States |
RT_ICON | 0x3a9124 | 0x368 | Device independent bitmap graphic, 16 x 32 x 24, image size 832 | English | United States |
RT_ICON | 0x3a948c | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States |
RT_ICON | 0x3a98f4 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States |
RT_ICON | 0x3a9d5c | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States |
RT_ICON | 0x3aa604 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States |
RT_ICON | 0x3aab6c | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States |
RT_ICON | 0x3ad114 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States |
RT_ICON | 0x3ae1bc | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States |
RT_DIALOG | 0x3ae624 | 0x52 | data | ||
RT_DIALOG | 0x3ae678 | 0x52 | data | ||
RT_STRING | 0x3ae6cc | 0x308 | data | ||
RT_STRING | 0x3ae9d4 | 0x3d8 | data | ||
RT_STRING | 0x3aedac | 0x2f0 | data | ||
RT_STRING | 0x3af09c | 0x850 | data | ||
RT_STRING | 0x3af8ec | 0xb20 | data | ||
RT_STRING | 0x3b040c | 0x424 | data | ||
RT_STRING | 0x3b0830 | 0x408 | data | ||
RT_STRING | 0x3b0c38 | 0x404 | data | ||
RT_STRING | 0x3b103c | 0x3c8 | data | ||
RT_STRING | 0x3b1404 | 0x4ac | data | ||
RT_STRING | 0x3b18b0 | 0x200 | data | ||
RT_STRING | 0x3b1ab0 | 0xc8 | data | ||
RT_STRING | 0x3b1b78 | 0x118 | data | ||
RT_STRING | 0x3b1c90 | 0x254 | data | ||
RT_STRING | 0x3b1ee4 | 0x3d0 | data | ||
RT_STRING | 0x3b22b4 | 0x3d4 | data | ||
RT_STRING | 0x3b2688 | 0x490 | data | ||
RT_STRING | 0x3b2b18 | 0x308 | data | ||
RT_STRING | 0x3b2e20 | 0x428 | data | ||
RT_STRING | 0x3b3248 | 0x47c | data | ||
RT_STRING | 0x3b36c4 | 0x490 | data | ||
RT_STRING | 0x3b3b54 | 0x388 | data | ||
RT_STRING | 0x3b3edc | 0x404 | data | ||
RT_STRING | 0x3b42e0 | 0x290 | data | ||
RT_STRING | 0x3b4570 | 0xc0 | data | ||
RT_STRING | 0x3b4630 | 0x9c | data | ||
RT_STRING | 0x3b46cc | 0x334 | data | ||
RT_STRING | 0x3b4a00 | 0x48c | data | ||
RT_STRING | 0x3b4e8c | 0x354 | data | ||
RT_STRING | 0x3b51e0 | 0x2c4 | data | ||
RT_RCDATA | 0x3b54a4 | 0x10 | data | ||
RT_RCDATA | 0x3b54b4 | 0xd76 | ASCII text, with CRLF line terminators | English | United States |
RT_RCDATA | 0x3b622c | 0xf14 | data | ||
RT_RCDATA | 0x3b7140 | 0x2 | data | English | United States |
RT_RCDATA | 0x3b7144 | 0xc0553 | PE32 executable (DLL) (console) Intel 80386, for MS Windows | English | United States |
RT_RCDATA | 0x477698 | 0x4ad | Delphi compiled form 'TACPopupPrototype' | ||
RT_RCDATA | 0x477b48 | 0x3b2 | Delphi compiled form 'TFrameClipDisplay' | ||
RT_RCDATA | 0x477efc | 0xbae | Delphi compiled form 'TFrameImport' | ||
RT_RCDATA | 0x478aac | 0xad4 | Delphi compiled form 'TFramePermanentClips' | ||
RT_RCDATA | 0x479580 | 0x100b | Delphi compiled form 'TFrmAbout' | ||
RT_RCDATA | 0x47a58c | 0x18c | Delphi compiled form 'TFrmChainWatcher' | ||
RT_RCDATA | 0x47a718 | 0x283 | Delphi compiled form 'TFrmCheckForUpdate' | ||
RT_RCDATA | 0x47a99c | 0x349d | Delphi compiled form 'TfrmClipboardBar' | ||
RT_RCDATA | 0x47de3c | 0x16d4 | Delphi compiled form 'TfrmClipboardManager' | ||
RT_RCDATA | 0x47f510 | 0xc59 | Delphi compiled form 'TFrmClipMenuNew' | ||
RT_RCDATA | 0x48016c | 0x1c1d6 | Delphi compiled form 'TFrmConfig' | ||
RT_RCDATA | 0x49c344 | 0x201 | Delphi compiled form 'TfrmDatabaseUpdate' | ||
RT_RCDATA | 0x49c548 | 0x2ff | Delphi compiled form 'TFrmDebug' | ||
RT_RCDATA | 0x49c848 | 0x170 | Delphi compiled form 'TFrmDummyAllwaysOnTopFix' | ||
RT_RCDATA | 0x49c9b8 | 0x119 | Delphi compiled form 'TFrmDummyInstance' | ||
RT_RCDATA | 0x49cad4 | 0x11d | Delphi compiled form 'TFrmDummyShellForm' | ||
RT_RCDATA | 0x49cbf4 | 0x1d1 | Delphi compiled form 'TFrmDummyUnicodeTooltip' | ||
RT_RCDATA | 0x49cdc8 | 0x5e69 | Delphi compiled form 'TfrmEditHistory' | ||
RT_RCDATA | 0x4a2c34 | 0x988 | Delphi compiled form 'TFrmEditItem' | ||
RT_RCDATA | 0x4a35bc | 0x1db | Delphi compiled form 'TfrmEditTextExternal' | ||
RT_RCDATA | 0x4a3798 | 0x444 | Delphi compiled form 'TFrmHotkey' | ||
RT_RCDATA | 0x4a3bdc | 0x385 | Delphi compiled form 'TFrmImport' | ||
RT_RCDATA | 0x4a3f64 | 0x117 | Delphi compiled form 'TFrmJumpList' | ||
RT_RCDATA | 0x4a407c | 0xb0c1 | Delphi compiled form 'TFrmMainPopup' | ||
RT_RCDATA | 0x4af140 | 0xa6b | Delphi compiled form 'TFrmPasteSelected' | ||
RT_RCDATA | 0x4afbac | 0x38a8 | Delphi compiled form 'TFrmPermanent' | ||
RT_RCDATA | 0x4b3454 | 0x724c | Delphi compiled form 'TFrmPermanentEdit' | ||
RT_RCDATA | 0x4ba6a0 | 0x19f | Delphi compiled form 'TFrmPermanentPreview' | ||
RT_RCDATA | 0x4ba840 | 0x140 | Delphi compiled form 'TfrmPreviewPopup' | ||
RT_RCDATA | 0x4ba980 | 0x411 | Delphi compiled form 'TFrmRatTrap' | ||
RT_RCDATA | 0x4bad94 | 0x496 | Delphi compiled form 'TFrmReportError' | ||
RT_RCDATA | 0x4bb22c | 0x506 | Delphi compiled form 'TfrmSearch' | ||
RT_RCDATA | 0x4bb734 | 0x4ba | Delphi compiled form 'TfrmShared' | ||
RT_RCDATA | 0x4bbbf0 | 0x48a | Delphi compiled form 'TfrmSizeRichtext' | ||
RT_RCDATA | 0x4bc07c | 0x414f | Delphi compiled form 'TfrmSysTrayMenu' | ||
RT_RCDATA | 0x4c01cc | 0x72e | Delphi compiled form 'TFrmTooltipNew' | ||
RT_RCDATA | 0x4c08fc | 0x4dd2 | Delphi compiled form 'TFrmTriggerWindow' | ||
RT_RCDATA | 0x4c56d0 | 0x1036 | Delphi compiled form 'TMySlide' | ||
RT_GROUP_CURSOR | 0x4c6708 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x4c671c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x4c6730 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x4c6744 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x4c6758 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x4c676c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x4c6780 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x4c6794 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_ICON | 0x4c67a8 | 0x4c | data | English | United States |
RT_GROUP_ICON | 0x4c67f4 | 0x14 | data | English | United States |
RT_GROUP_ICON | 0x4c6808 | 0x14 | data | English | United States |
RT_GROUP_ICON | 0x4c681c | 0x14 | data | English | United States |
RT_GROUP_ICON | 0x4c6830 | 0x14 | data | English | United States |
RT_GROUP_ICON | 0x4c6844 | 0x4c | data | English | United States |
RT_GROUP_ICON | 0x4c6890 | 0x14 | data | English | United States |
RT_GROUP_ICON | 0x4c68a4 | 0x14 | data | English | United States |
RT_GROUP_ICON | 0x4c68b8 | 0x14 | data | English | United States |
RT_GROUP_ICON | 0x4c68cc | 0x30 | data | English | United States |
RT_GROUP_ICON | 0x4c68fc | 0x14 | data | English | United States |
RT_VERSION | 0x4c6910 | 0x164 | data | English | United States |
RT_MANIFEST | 0x4c6a74 | 0x21c | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States |
DLL | Import |
---|---|
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
advapi32.dll | RegQueryValueExW, RegOpenKeyExW, RegCloseKey |
user32.dll | MessageBoxA, CharNextW, LoadStringW |
kernel32.dll | Sleep, VirtualFree, VirtualAlloc, lstrlenW, lstrcpynW, VirtualQuery, QueryPerformanceCounter, GetTickCount, GetSystemInfo, GetVersion, CompareStringW, IsDBCSLeadByteEx, IsValidLocale, SetThreadLocale, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetLocaleInfoW, WideCharToMultiByte, MultiByteToWideChar, GetConsoleOutputCP, GetConsoleCP, GetACP, LoadLibraryExW, GetStartupInfoW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetCommandLineW, FreeLibrary, GetLastError, UnhandledExceptionFilter, RtlUnwind, RaiseException, ExitProcess, ExitThread, SwitchToThread, GetCurrentThreadId, CreateThread, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, FindFirstFileW, FindClose, CreateDirectoryW, WriteFile, SetFilePointer, SetEndOfFile, ReadFile, GetFileType, GetFileSize, CreateFileW, GetStdHandle, CloseHandle |
kernel32.dll | GetProcAddress, RaiseException, LoadLibraryA, GetLastError, TlsSetValue, TlsGetValue, LocalFree, LocalAlloc, GetModuleHandleW, FreeLibrary |
user32.dll | SetClassLongW, GetClassLongW, SetWindowLongW, GetWindowLongW, CreateWindowExW, mouse_event, keybd_event, WindowFromPoint, WaitMessage, WaitForInputIdle, VkKeyScanW, UpdateWindow, UnregisterHotKey, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, TrackMouseEvent, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCaret, SetWindowRgn, SetWindowsHookExW, SetWindowTextW, SetWindowPos, SetWindowPlacement, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetForegroundWindow, SetFocus, SetCursorPos, SetCursor, SetClipboardViewer, SetClipboardData, SetCapture, SetActiveWindow, SendMessageTimeoutW, SendMessageA, SendMessageW, SendInput, SendDlgItemMessageW, ScrollWindow, ScreenToClient, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterHotKey, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PtInRect, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OpenClipboard, OffsetRect, NotifyWinEvent, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MessageBoxW, MessageBeep, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadKeyboardLayoutW, LoadIconW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsIconic, IsDialogMessageA, IsDialogMessageW, IsClipboardFormatAvailable, IsChild, InvalidateRect, InsertMenuItemW, InsertMenuW, InflateRect, HideCaret, GetWindowThreadProcessId, GetWindowTextW, GetWindowRect, GetWindowPlacement, GetWindowDC, GetUpdateRect, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetScrollBarInfo, GetPropW, GetParent, GetWindow, GetMessagePos, GetMessageExtraInfo, GetMenuStringW, GetMenuState, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDlgCtrlID, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardViewer, GetClipboardOwner, GetClipboardSequenceNumber, GetClipboardFormatNameW, GetClipboardData, GetClientRect, GetClassNameW, GetClassInfoExW, GetClassInfoW, GetCaretPos, GetCapture, GetAsyncKeyState, GetActiveWindow, FrameRect, FindWindowExW, FindWindowW, FillRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EnumChildWindows, EndPaint, EndMenu, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExW, DrawTextW, DrawStateW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIconIndirect, CreateIcon, CreateAcceleratorTableW, CountClipboardFormats, CopyRect, CopyImage, CopyIcon, CloseClipboard, ClientToScreen, ChildWindowFromPoint, CheckMenuItem, CharUpperBuffW, CharUpperW, CharNextW, CharLowerBuffW, CharLowerW, ChangeClipboardChain, CallWindowProcW, CallNextHookEx, BringWindowToTop, BeginPaint, AttachThreadInput, AdjustWindowRectEx, ActivateKeyboardLayout |
msimg32.dll | GradientFill, AlphaBlend |
gdi32.dll | UnrealizeObject, TextOutW, StretchDIBits, StretchBlt, StartPage, StartDocW, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBits, SetDIBColorTable, SetDCPenColor, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, ResizePalette, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PolyBezierTo, PolyBezier, PlayEnhMetaFile, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32W, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectW, GetNearestPaletteIndex, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionW, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, FrameRgn, ExtTextOutW, ExtFloodFill, ExcludeClipRect, EnumFontsW, EnumFontFamiliesExW, EndPage, EndDoc, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgnIndirect, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateICW, CreateHalftonePalette, CreateFontIndirectW, CreateDIBitmap, CreateDIBSection, CreateDCW, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileW, CombineRgn, Chord, BitBlt, ArcTo, Arc, AngleArc, AbortDoc |
version.dll | VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW |
kernel32.dll | lstrcmpW, WritePrivateProfileStringW, WriteFile, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQueryEx, VirtualQuery, VirtualFree, VirtualAlloc, UnmapViewOfFile, TryEnterCriticalSection, SwitchToThread, SuspendThread, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryW, ReadFile, RaiseException, QueryDosDeviceW, IsDebuggerPresent, OpenProcess, MulDiv, MoveFileW, MapViewOfFile, LockResource, LocalFree, LocalAlloc, LoadResource, LoadLibraryW, LeaveCriticalSection, IsValidLocale, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalLock, GlobalFree, GlobalFindAtomW, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomW, GetVolumeInformationW, GetVersionExW, GetVersion, GetTickCount, GetThreadPriority, GetThreadLocale, GetTempPathW, GetStdHandle, GetLongPathNameW, GetProcAddress, GetPrivateProfileStringW, GetModuleHandleW, GetModuleFileNameW, GetLogicalDriveStringsW, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileTime, GetFileSize, GetFileAttributesExW, GetFileAttributesW, GetExitCodeThread, GetDriveTypeW, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetComputerNameW, GetCPInfoExW, GetCPInfo, GetACP, FreeResource, InterlockedExchangeAdd, InterlockedExchange, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FindResourceW, FindNextFileW, FindFirstFileW, FindFirstChangeNotificationW, FindCloseChangeNotification, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, ExpandEnvironmentStringsW, ExitProcess, EnumSystemLocalesW, EnumResourceNamesW, EnumCalendarInfoW, EnterCriticalSection, DeviceIoControl, DeleteFileW, DeleteCriticalSection, DeleteAtom, CreateThread, CreateProcessW, CreateMutexW, CreateFileMappingW, CreateFileW, CreateEventW, CreateDirectoryW, CopyFileW, CompareStringW, CloseHandle |
advapi32.dll | RegUnLoadKeyW, RegSetValueExW, RegSaveKeyW, RegRestoreKeyW, RegReplaceKeyW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegLoadKeyW, RegFlushKey, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegConnectRegistryW, RegCloseKey, OpenProcessToken, IsValidSid, GetUserNameW, GetTokenInformation, GetSidSubAuthorityCount, GetSidSubAuthority |
kernel32.dll | Sleep |
oleaut32.dll | GetErrorInfo, VariantInit, SysFreeString |
ole32.dll | RevokeDragDrop, RegisterDragDrop, OleUninitialize, OleInitialize, CoTaskMemFree, CoTaskMemAlloc, StringFromCLSID, CoCreateInstance, CoUninitialize, CoInitialize, IsEqualGUID |
oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit |
comctl32.dll | InitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_GetImageInfo, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Copy, ImageList_LoadImageW, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_SetOverlayImage, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls |
user32.dll | EnumDisplayMonitors, GetMonitorInfoW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow |
msvcrt.dll | memset, memcpy |
shell32.dll | ShellExecuteExW, ShellExecuteW, Shell_NotifyIconW, SHAppBarMessage, DuplicateIcon, DragQueryFileW |
shell32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHGetMalloc, SHGetDesktopFolder, SHBrowseForFolderW |
comdlg32.dll | ChooseFontW, FindTextW, ChooseColorW, GetSaveFileNameW, GetOpenFileNameW |
winspool.drv | OpenPrinterW, EnumPrintersW, DocumentPropertiesW, ClosePrinter |
winspool.drv | GetDefaultPrinterW |
oleacc.dll | LresultFromObject |
winmm.dll | sndPlaySoundW |
kernel32.dll | GetProcessId |
ole32.dll | DoDragDrop, OleUninitialize, OleInitialize, IsEqualGUID |
shlwapi.dll | SHAutoComplete |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 11:12:19 |
Start date: | 13/06/2023 |
Path: | C:\Users\user\Desktop\ArsClip.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 4961792 bytes |
MD5 hash: | D55F25D20D06270E1EE4FB74DD520935 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |