Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 6728 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: B7A66864AEDC3FA7A4686498EAF2B251)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Compliance |
---|
Source: | Unpacked PE file: |
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_033F1135 | |
Source: | Code function: | 0_2_033F517A | |
Source: | Code function: | 0_2_033F776A | |
Source: | Code function: | 0_2_033F5766 | |
Source: | Code function: | 0_2_033F4FDF | |
Source: | Code function: | 0_2_033F1E12 | |
Source: | Code function: | 0_2_033F1CB0 | |
Source: | Code function: | 0_2_0340448A | |
Source: | Code function: | 0_2_033F20EA | |
Source: | Code function: | 0_2_0348C6AA |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | Code function: | 0_2_033F4DC9 | |
Source: | Code function: | 0_2_033F6649 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Key value queried: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 Security Software Discovery | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Software Packing | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 22 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | ReversingLabs | Win64.Dropper.Generic | ||
8% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
jirafasaltas.fun | 188.114.96.3 | true | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
188.114.96.3 | jirafasaltas.fun | European Union | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1500933 |
Start date and time: | 2024-08-29 06:23:09 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 54s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal60.evad.winEXE@1/0@1/1 |
EGA Information: | Failed |
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target file.exe, PID 6728 because there are no executed function
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
00:24:18 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
188.114.96.3 | Get hash | malicious | FormBook, GuLoader, Remcos | Browse |
| |
Get hash | malicious | DBatLoader, FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Nitol | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Azorult | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
jirafasaltas.fun | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Amadey, AsyncRAT, Cryptbot, PureLog Stealer, RedLine, SmokeLoader, Stealc | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Cryptbot, PureLog Stealer, RedLine, SmokeLoader, Stealc | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, MicroClip | Browse |
| ||
Get hash | malicious | DBatLoader, FormBook | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
File type: | |
Entropy (8bit): | 6.574678275475394 |
TrID: |
|
File name: | file.exe |
File size: | 8'751'104 bytes |
MD5: | b7a66864aedc3fa7a4686498eaf2b251 |
SHA1: | 045154b73c8c25e29c5db10d297d44e5371af940 |
SHA256: | d51fbbda89b717b798dc784dbe3eb4aa151e9ef095c054e19368698fe923317e |
SHA512: | f1ffab89f395247c69121fe3a700798c8cd5a9af94f33674995642471160f428c2931fa86c6686558ba75e0d6a20131854b987790160cae19a533a7f40862957 |
SSDEEP: | 98304:qAlUumHHsfNHU/J1vD3NSPUv3KWQSy+Bk:Dquh+RlfKkhBk |
TLSH: | EB968DFB22E6462DC12D923BC093CF01C437B9794737C6D702915A38DA6AAC15E7EA35 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win64..$7....................................................................................................................................... |
Icon Hash: | 0f71e969e9f96117 |
Entrypoint: | 0x8c4e30 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | |
Time Stamp: | 0x66CF1D1A [Wed Aug 28 12:50:34 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 2 |
File Version Major: | 5 |
File Version Minor: | 2 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 2 |
Import Hash: | 937ab3e955faac33827861f288cec9e5 |
Instruction |
---|
push ebp |
dec eax |
sub esp, 20h |
dec eax |
mov ebp, esp |
nop |
dec eax |
lea ecx, dword ptr [FFFEE388h] |
call 00007FCE84AC5540h |
dec eax |
mov eax, dword ptr [00063B94h] |
dec eax |
mov ecx, dword ptr [eax] |
call 00007FCE84D5FBF1h |
dec eax |
mov eax, dword ptr [00063B85h] |
dec eax |
mov ecx, dword ptr [eax] |
mov dl, 01h |
call 00007FCE84D628A0h |
dec eax |
mov eax, dword ptr [00063B74h] |
dec eax |
mov ecx, dword ptr [eax] |
dec eax |
mov edx, dword ptr [FFFEDCDAh] |
dec esp |
mov eax, dword ptr [0006387Bh] |
call 00007FCE84D5FBF3h |
dec eax |
mov eax, dword ptr [00063B57h] |
dec eax |
mov ecx, dword ptr [eax] |
call 00007FCE84D5FE04h |
call 00007FCE84ABD49Fh |
jmp 00007FCE84F72D4Ah |
nop |
nop |
call 00007FCE84ABD696h |
nop |
dec eax |
lea esp, dword ptr [ebp+20h] |
pop ebp |
ret |
dec eax |
nop |
dec eax |
lea eax, dword ptr [00000000h+eax] |
dec eax |
sub esp, 28h |
call 00007FCE84ABCC2Ch |
dec eax |
add esp, 28h |
ret |
int3 |
int3 |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x544000 | 0x9c | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x536000 | 0x4c44 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5ca000 | 0x2a0400 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x588000 | 0x410dc | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x547000 | 0x4083c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x546000 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x537398 | 0x1208 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x53b000 | 0x8d6a | .didata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x4c3ec0 | 0x4c4000 | eb6f3eec577ce0124d0cb6c66b3e6b81 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x4c5000 | 0x642c8 | 0x64400 | 487de922e1e42c249aa1bbd78953f0b0 | False | 0.2396377221009975 | data | 4.708144578377961 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.bss | 0x52a000 | 0xb75c | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0x536000 | 0x4c44 | 0x4e00 | 29fbdd4e74c9683ef29e7a67a8b2df87 | False | 0.23913261217948717 | data | 4.289813206389611 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.didata | 0x53b000 | 0x8d6a | 0x8e00 | 2845d3f12a4110b85b14963d477f5351 | False | 0.17058208626760563 | data | 3.981325083586943 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.edata | 0x544000 | 0x9c | 0x200 | 7fa7ebcc509ab4bfbae6047d77b9249e | False | 0.26171875 | data | 1.8963699670102752 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.tls | 0x545000 | 0x1e4 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x546000 | 0x6d | 0x200 | 13c41f6a7226e3b091416c6c3aca58ee | False | 0.1953125 | data | 1.3902637598484393 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x547000 | 0x4083c | 0x40a00 | dbf93e541c6d8fdf42f95373c32760e7 | False | 0.4654481987427466 | data | 6.447929463732892 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.pdata | 0x588000 | 0x410dc | 0x41200 | d26c09bdff615edc673d4a34c3090b93 | False | 0.49405065379078694 | data | 6.382261050809335 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x5ca000 | 0x2a0400 | 0x2a0400 | 8b007c0da5ccf8180a13a8503df917ec | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x5cbd0c | 0x134 | data | English | United States | 0.38636363636363635 |
RT_CURSOR | 0x5cbe40 | 0x134 | data | English | United States | 0.4642857142857143 |
RT_CURSOR | 0x5cbf74 | 0x134 | data | English | United States | 0.4805194805194805 |
RT_CURSOR | 0x5cc0a8 | 0x134 | data | English | United States | 0.38311688311688313 |
RT_CURSOR | 0x5cc1dc | 0x134 | data | English | United States | 0.36038961038961037 |
RT_CURSOR | 0x5cc310 | 0x134 | data | English | United States | 0.4090909090909091 |
RT_CURSOR | 0x5cc444 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.4967532467532468 |
RT_CURSOR | 0x5cc578 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.38636363636363635 |
RT_BITMAP | 0x5cc6ac | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.43103448275862066 |
RT_BITMAP | 0x5cc87c | 0x1e4 | Device independent bitmap graphic, 36 x 19 x 4, image size 380 | English | United States | 0.46487603305785125 |
RT_BITMAP | 0x5cca60 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.43103448275862066 |
RT_BITMAP | 0x5ccc30 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39870689655172414 |
RT_BITMAP | 0x5cce00 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.4245689655172414 |
RT_BITMAP | 0x5ccfd0 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5021551724137931 |
RT_BITMAP | 0x5cd1a0 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5064655172413793 |
RT_BITMAP | 0x5cd370 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39655172413793105 |
RT_BITMAP | 0x5cd540 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5344827586206896 |
RT_BITMAP | 0x5cd710 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39655172413793105 |
RT_BITMAP | 0x5cd8e0 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.5208333333333334 |
RT_BITMAP | 0x5cd9a0 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.42857142857142855 |
RT_BITMAP | 0x5cda80 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.4955357142857143 |
RT_BITMAP | 0x5cdb60 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.38392857142857145 |
RT_BITMAP | 0x5cdc40 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.4947916666666667 |
RT_BITMAP | 0x5cdd00 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.484375 |
RT_BITMAP | 0x5cddc0 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.42410714285714285 |
RT_BITMAP | 0x5cdea0 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.5104166666666666 |
RT_BITMAP | 0x5cdf60 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.5 |
RT_BITMAP | 0x5ce040 | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | English | United States | 0.4870689655172414 |
RT_BITMAP | 0x5ce128 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.4895833333333333 |
RT_BITMAP | 0x5ce1e8 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | English | United States | 0.34438775510204084 |
RT_BITMAP | 0x5ce370 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | English | United States | 0.45918367346938777 |
RT_BITMAP | 0x5ce4f8 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | English | United States | 0.30357142857142855 |
RT_BITMAP | 0x5ce680 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | English | United States | 0.3392857142857143 |
RT_BITMAP | 0x5ce808 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colors | English | United States | 0.3829268292682927 |
RT_BITMAP | 0x5cee70 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colors | English | United States | 0.39146341463414636 |
RT_BITMAP | 0x5cf4d8 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colors | English | United States | 0.3853658536585366 |
RT_BITMAP | 0x5cfb40 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | English | United States | 0.42857142857142855 |
RT_BITMAP | 0x5cfcc8 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colors | English | United States | 0.39207317073170733 |
RT_BITMAP | 0x5d0330 | 0x110 | Device independent bitmap graphic, 24 x 14 x 4, image size 168 | English | United States | 0.40808823529411764 |
RT_BITMAP | 0x5d0440 | 0x110 | Device independent bitmap graphic, 24 x 14 x 4, image size 168 | English | United States | 0.4117647058823529 |
RT_BITMAP | 0x5d0550 | 0x70 | Device independent bitmap graphic, 16 x 16 x 1, image size 64 | English | United States | 0.3125 |
RT_BITMAP | 0x5d05c0 | 0x70 | Device independent bitmap graphic, 16 x 16 x 1, image size 64 | English | United States | 0.41964285714285715 |
RT_BITMAP | 0x5d0630 | 0x70 | Device independent bitmap graphic, 16 x 16 x 1, image size 64 | English | United States | 0.3482142857142857 |
RT_BITMAP | 0x5d06a0 | 0x70 | Device independent bitmap graphic, 16 x 16 x 1, image size 64 | English | United States | 0.38392857142857145 |
RT_BITMAP | 0x5d0710 | 0x70 | Device independent bitmap graphic, 16 x 16 x 1, image size 64 | English | United States | 0.3392857142857143 |
RT_BITMAP | 0x5d0780 | 0x70 | Device independent bitmap graphic, 16 x 16 x 1, image size 64 | English | United States | 0.32142857142857145 |
RT_BITMAP | 0x5d07f0 | 0x70 | Device independent bitmap graphic, 16 x 16 x 1, image size 64 | English | United States | 0.36607142857142855 |
RT_BITMAP | 0x5d0860 | 0x70 | Device independent bitmap graphic, 16 x 16 x 1, image size 64 | English | United States | 0.33035714285714285 |
RT_BITMAP | 0x5d08d0 | 0x70 | Device independent bitmap graphic, 16 x 16 x 1, image size 64 | English | United States | 0.41964285714285715 |
RT_BITMAP | 0x5d0940 | 0x70 | Device independent bitmap graphic, 16 x 16 x 1, image size 64 | English | United States | 0.30357142857142855 |
RT_BITMAP | 0x5d09b0 | 0x70 | Device independent bitmap graphic, 16 x 16 x 1, image size 64 | English | United States | 0.33035714285714285 |
RT_BITMAP | 0x5d0a20 | 0x70 | Device independent bitmap graphic, 16 x 16 x 1, image size 64 | English | United States | 0.41964285714285715 |
RT_BITMAP | 0x5d0a90 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | English | United States | 0.4107142857142857 |
RT_BITMAP | 0x5d0c18 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | English | United States | 0.3239795918367347 |
RT_BITMAP | 0x5d0da0 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | English | United States | 0.31887755102040816 |
RT_BITMAP | 0x5d0f28 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | English | United States | 0.30612244897959184 |
RT_BITMAP | 0x5d10b0 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | English | United States | 0.32142857142857145 |
RT_BITMAP | 0x5d1238 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colors | English | United States | 0.35548780487804876 |
RT_BITMAP | 0x5d18a0 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | English | United States | 0.375 |
RT_BITMAP | 0x5d1a28 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | English | United States | 0.44939024390243903 |
RT_BITMAP | 0x5d2090 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | English | United States | 0.3826530612244898 |
RT_BITMAP | 0x5d2218 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colors | English | United States | 0.3853658536585366 |
RT_BITMAP | 0x5d2880 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colors | English | United States | 0.43902439024390244 |
RT_BITMAP | 0x5d2ee8 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.3794642857142857 |
RT_ICON | 0x5d2fc8 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2953 x 2953 px/m | 0.059328049213297054 | ||
RT_DIALOG | 0x5e37f0 | 0x52 | data | 0.7682926829268293 | ||
RT_DIALOG | 0x5e3844 | 0x52 | data | 0.7560975609756098 | ||
RT_STRING | 0x5e3898 | 0x410 | data | 0.4028846153846154 | ||
RT_STRING | 0x5e3ca8 | 0x3d8 | data | 0.4095528455284553 | ||
RT_STRING | 0x5e4080 | 0x3a0 | data | 0.4040948275862069 | ||
RT_STRING | 0x5e4420 | 0x40c | data | 0.4015444015444015 | ||
RT_STRING | 0x5e482c | 0x3f8 | data | 0.42322834645669294 | ||
RT_STRING | 0x5e4c24 | 0x374 | data | 0.39819004524886875 | ||
RT_STRING | 0x5e4f98 | 0x378 | data | 0.33783783783783783 | ||
RT_STRING | 0x5e5310 | 0x2e0 | data | 0.4470108695652174 | ||
RT_STRING | 0x5e55f0 | 0x468 | data | 0.3554964539007092 | ||
RT_STRING | 0x5e5a58 | 0x2d0 | data | 0.3888888888888889 | ||
RT_STRING | 0x5e5d28 | 0x364 | data | 0.43663594470046085 | ||
RT_STRING | 0x5e608c | 0x1ac | data | 0.5186915887850467 | ||
RT_STRING | 0x5e6238 | 0xcc | data | 0.6666666666666666 | ||
RT_STRING | 0x5e6304 | 0x114 | data | 0.6086956521739131 | ||
RT_STRING | 0x5e6418 | 0x2b4 | data | 0.4638728323699422 | ||
RT_STRING | 0x5e66cc | 0x408 | data | 0.3817829457364341 | ||
RT_STRING | 0x5e6ad4 | 0x374 | data | 0.39705882352941174 | ||
RT_STRING | 0x5e6e48 | 0x4b4 | data | 0.31727574750830567 | ||
RT_STRING | 0x5e72fc | 0x308 | data | 0.38788659793814434 | ||
RT_STRING | 0x5e7604 | 0x3bc | data | 0.4006276150627615 | ||
RT_STRING | 0x5e79c0 | 0x4fc | data | 0.3785266457680251 | ||
RT_STRING | 0x5e7ebc | 0x454 | data | 0.3303249097472924 | ||
RT_STRING | 0x5e8310 | 0x380 | data | 0.36049107142857145 | ||
RT_STRING | 0x5e8690 | 0x450 | data | 0.3903985507246377 | ||
RT_STRING | 0x5e8ae0 | 0x17c | data | 0.4631578947368421 | ||
RT_STRING | 0x5e8c5c | 0xcc | data | 0.6225490196078431 | ||
RT_STRING | 0x5e8d28 | 0x1d0 | data | 0.5344827586206896 | ||
RT_STRING | 0x5e8ef8 | 0x3dc | data | 0.3765182186234818 | ||
RT_STRING | 0x5e92d4 | 0x38c | data | 0.3535242290748899 | ||
RT_STRING | 0x5e9660 | 0x354 | data | 0.3826291079812207 | ||
RT_STRING | 0x5e99b4 | 0x2e4 | data | 0.40540540540540543 | ||
RT_RCDATA | 0x5e9c98 | 0x10 | data | 1.5 | ||
RT_RCDATA | 0x5e9ca8 | 0xe58 | data | 0.4863834422657952 | ||
RT_RCDATA | 0x5eab00 | 0x19b77 | Delphi compiled form 'TBrushDialog' | 0.6545877438648122 | ||
RT_RCDATA | 0x604678 | 0x415c8 | TrueType Font data, 19 tables, 1st "GPOS", 16 names, Macintosh, \(g\)\252 fonts 1999\251ElektraMediumTransType 3 MAC;Elektra;001.000;18/07/06 23:22:47ElektraVer | English | United States | 0.10237935156133274 |
RT_RCDATA | 0x645c40 | 0x5f80 | TrueType Font data, 15 tables, 1st "OS/2", 21 names, Unicode | English | United States | 0.3445271596858639 |
RT_RCDATA | 0x64bbc0 | 0x21b871 | data | English | United States | 0.8604679107666016 |
RT_RCDATA | 0x867434 | 0x15f | Delphi compiled form 'Toejtrewer' | 0.7293447293447294 | ||
RT_RCDATA | 0x867594 | 0xc59 | Delphi compiled form 'TPenDialog' | 0.4134767478645998 | ||
RT_RCDATA | 0x8681f0 | 0x692 | Delphi compiled form 'TTeeGalleryForm' | 0.4768133174791914 | ||
RT_RCDATA | 0x868884 | 0x1661 | Delphi compiled form 'TTeeGradientEditor' | 0.3459591551754233 | ||
RT_GROUP_CURSOR | 0x869ee8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x869efc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x869f10 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x869f24 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x869f38 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x869f4c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x869f60 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x869f74 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_ICON | 0x869f88 | 0x14 | data | 1.15 | ||
RT_VERSION | 0x869f9c | 0x2e4 | data | 0.4418918918918919 |
DLL | Import |
---|---|
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
advapi32.dll | RegQueryValueExW, RegOpenKeyExW, RegCloseKey |
user32.dll | CharNextW, LoadStringW |
kernel32.dll | Sleep, VirtualFree, VirtualAlloc, lstrlenW, VirtualQuery, QueryPerformanceCounter, GetTickCount, GetSystemInfo, GetVersion, CompareStringW, IsValidLocale, SetThreadLocale, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetLocaleInfoW, WideCharToMultiByte, MultiByteToWideChar, GetACP, LoadLibraryExW, GetStartupInfoW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetCommandLineW, FreeLibrary, GetLastError, UnhandledExceptionFilter, RtlUnwindEx, RtlUnwind, RaiseException, ExitProcess, ExitThread, SwitchToThread, GetCurrentThreadId, CreateThread, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, FindFirstFileW, FindClose, WriteFile, GetStdHandle, CloseHandle |
kernel32.dll | GetProcAddress, RaiseException, LoadLibraryA, GetLastError, TlsSetValue, TlsGetValue, LocalFree, LocalAlloc, GetModuleHandleW, FreeLibrary |
user32.dll | SetClassLongPtrW, GetClassLongPtrW, SetWindowLongPtrW, GetWindowLongPtrW, CreateWindowExW, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCaret, SetWindowRgn, SetWindowsHookExW, SetWindowTextW, SetWindowPos, SetWindowPlacement, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetForegroundWindow, SetFocus, SetCursorPos, SetCursor, SetClipboardData, SetCapture, SetActiveWindow, SendMessageA, SendMessageW, ScrollWindow, ScreenToClient, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OpenClipboard, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MessageBoxW, MessageBeep, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadKeyboardLayoutW, LoadIconW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsIconic, IsDialogMessageA, IsDialogMessageW, IsClipboardFormatAvailable, IsChild, InvalidateRect, IntersectRect, InsertMenuItemW, InsertMenuW, HideCaret, GetWindowThreadProcessId, GetWindowTextW, GetWindowRect, GetWindowPlacement, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetScrollBarInfo, GetPropW, GetParent, GetWindow, GetMessagePos, GetMessageExtraInfo, GetMenuStringW, GetMenuState, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgCtrlID, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameW, GetClassInfoExW, GetClassInfoW, GetCapture, GetActiveWindow, FrameRect, FindWindowExW, FindWindowW, FillRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EnumChildWindows, EndPaint, EndMenu, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExW, DrawTextW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIcon, CreateAcceleratorTableW, CountClipboardFormats, CopyImage, CopyIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CharUpperBuffW, CharUpperW, CharNextW, CharLowerBuffW, CharLowerW, CallWindowProcW, CallNextHookEx, BeginPaint, AdjustWindowRectEx, ActivateKeyboardLayout |
gdi32.dll | WidenPath, UnrealizeObject, TextOutW, StrokePath, StrokeAndFillPath, StretchDIBits, StretchBlt, StartPage, StartDocW, SetWindowOrgEx, SetWindowExtEx, SetWinMetaFileBits, SetViewportOrgEx, SetViewportExtEx, SetTextCharacterExtra, SetTextColor, SetTextAlign, SetStretchBltMode, SetRectRgn, SetROP2, SetPixel, SetMapMode, SetGraphicsMode, SetEnhMetaFileBits, SetDIBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetArcDirection, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SelectClipPath, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, PtVisible, PolylineTo, Polyline, Polygon, PolyBezierTo, PolyBezier, PlayEnhMetaFile, Pie, PathToRegion, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32W, GetTextCharacterExtra, GetTextAlign, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetObjectW, GetMapMode, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionW, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetCurrentPositionEx, GetClipRgn, GetClipBox, GetBrushOrgEx, GetBkMode, GetBkColor, GetBitmapBits, GdiFlush, FrameRgn, FillPath, ExtTextOutW, ExtSelectClipRgn, ExtFloodFill, ExtCreatePen, ExcludeClipRect, EnumFontsW, EnumFontFamiliesExW, EndPath, EndPage, EndDoc, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRoundRectRgn, CreateRectRgn, CreatePolygonRgn, CreatePenIndirect, CreatePalette, CreateICW, CreateHalftonePalette, CreateFontIndirectW, CreateEnhMetaFileW, CreateEllipticRgnIndirect, CreateDIBitmap, CreateDIBSection, CreateDCW, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileW, CloseFigure, CloseEnhMetaFile, Chord, BitBlt, BeginPath, ArcTo, Arc, AngleArc, AbortDoc |
version.dll | VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW |
kernel32.dll | WriteFile, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQueryEx, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, VerSetConditionMask, VerifyVersionInfoW, TryEnterCriticalSection, SwitchToThread, SuspendThread, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryW, ReadFile, RaiseException, QueryPerformanceFrequency, QueryPerformanceCounter, IsDebuggerPresent, MulDiv, LockResource, LocalFree, LoadResource, LoadLibraryW, LeaveCriticalSection, IsValidLocale, InitializeCriticalSection, HeapSize, HeapFree, HeapDestroy, HeapCreate, HeapAlloc, GlobalUnlock, GlobalSize, GlobalLock, GlobalFree, GlobalFindAtomW, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomW, GetVersionExW, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadPriority, GetThreadLocale, GetTempPathW, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeThread, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCPInfoExW, GetCPInfo, GetACP, FreeResource, FreeLibrary, FormatMessageW, FindResourceW, FindFirstFileW, FindClose, EnumSystemLocalesW, EnumResourceNamesW, EnumCalendarInfoW, EnterCriticalSection, DeleteFileW, DeleteCriticalSection, CreateThread, CreateFileW, CreateEventW, CopyFileW, CompareStringW, CloseHandle |
advapi32.dll | RegUnLoadKeyW, RegSetValueExW, RegSaveKeyW, RegRestoreKeyW, RegReplaceKeyW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegLoadKeyW, RegFlushKey, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegConnectRegistryW, RegCloseKey |
kernel32.dll | Sleep |
oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit |
oleaut32.dll | GetErrorInfo, SysFreeString |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoTaskMemAlloc, CoCreateInstance, CoUninitialize, CoInitialize, IsEqualGUID |
comctl32.dll | InitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_GetImageInfo, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Copy, ImageList_LoadImageW, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_SetOverlayImage, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create |
user32.dll | EnumDisplayMonitors, GetMonitorInfoW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow |
shell32.dll | Shell_NotifyIconW |
winspool.drv | OpenPrinterW, EnumPrintersW, DocumentPropertiesW, ClosePrinter |
winspool.drv | GetDefaultPrinterW |
Name | Ordinal | Address |
---|---|---|
TMethodImplementationIntercept | 3 | 0x4977c0 |
__dbk_fcall_wrapper | 2 | 0x4172f0 |
dbkFCallWrapperAddr | 1 | 0x92ef58 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 29, 2024 06:24:21.351891994 CEST | 49715 | 443 | 192.168.2.6 | 188.114.96.3 |
Aug 29, 2024 06:24:21.351926088 CEST | 443 | 49715 | 188.114.96.3 | 192.168.2.6 |
Aug 29, 2024 06:24:21.352006912 CEST | 49715 | 443 | 192.168.2.6 | 188.114.96.3 |
Aug 29, 2024 06:24:21.353596926 CEST | 49715 | 443 | 192.168.2.6 | 188.114.96.3 |
Aug 29, 2024 06:24:21.353609085 CEST | 443 | 49715 | 188.114.96.3 | 192.168.2.6 |
Aug 29, 2024 06:24:21.827838898 CEST | 443 | 49715 | 188.114.96.3 | 192.168.2.6 |
Aug 29, 2024 06:24:21.827971935 CEST | 49715 | 443 | 192.168.2.6 | 188.114.96.3 |
Aug 29, 2024 06:24:21.830313921 CEST | 49715 | 443 | 192.168.2.6 | 188.114.96.3 |
Aug 29, 2024 06:24:21.830337048 CEST | 443 | 49715 | 188.114.96.3 | 192.168.2.6 |
Aug 29, 2024 06:24:21.830656052 CEST | 443 | 49715 | 188.114.96.3 | 192.168.2.6 |
Aug 29, 2024 06:24:21.875257015 CEST | 49715 | 443 | 192.168.2.6 | 188.114.96.3 |
Aug 29, 2024 06:24:21.930613995 CEST | 49715 | 443 | 192.168.2.6 | 188.114.96.3 |
Aug 29, 2024 06:24:21.930613995 CEST | 49715 | 443 | 192.168.2.6 | 188.114.96.3 |
Aug 29, 2024 06:24:21.930803061 CEST | 443 | 49715 | 188.114.96.3 | 192.168.2.6 |
Aug 29, 2024 06:24:22.274483919 CEST | 443 | 49715 | 188.114.96.3 | 192.168.2.6 |
Aug 29, 2024 06:24:22.274553061 CEST | 443 | 49715 | 188.114.96.3 | 192.168.2.6 |
Aug 29, 2024 06:24:22.274748087 CEST | 49715 | 443 | 192.168.2.6 | 188.114.96.3 |
Aug 29, 2024 06:24:22.274780989 CEST | 443 | 49715 | 188.114.96.3 | 192.168.2.6 |
Aug 29, 2024 06:24:22.274792910 CEST | 49715 | 443 | 192.168.2.6 | 188.114.96.3 |
Aug 29, 2024 06:24:22.274801016 CEST | 443 | 49715 | 188.114.96.3 | 192.168.2.6 |
Aug 29, 2024 06:24:22.274816990 CEST | 49715 | 443 | 192.168.2.6 | 188.114.96.3 |
Aug 29, 2024 06:24:22.274821043 CEST | 443 | 49715 | 188.114.96.3 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 29, 2024 06:24:21.327296972 CEST | 52009 | 53 | 192.168.2.6 | 1.1.1.1 |
Aug 29, 2024 06:24:21.344835997 CEST | 53 | 52009 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Aug 29, 2024 06:24:21.327296972 CEST | 192.168.2.6 | 1.1.1.1 | 0x157b | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Aug 29, 2024 06:24:21.344835997 CEST | 1.1.1.1 | 192.168.2.6 | 0x157b | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Aug 29, 2024 06:24:21.344835997 CEST | 1.1.1.1 | 192.168.2.6 | 0x157b | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49715 | 188.114.96.3 | 443 | 6728 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 04:24:21 UTC | 322 | OUT | |
2024-08-29 04:24:21 UTC | 96 | OUT | |
2024-08-29 04:24:22 UTC | 516 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 00:24:03 |
Start date: | 29/08/2024 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 8'751'104 bytes |
MD5 hash: | B7A66864AEDC3FA7A4686498EAF2B251 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | low |
Has exited: | true |
Function 033F1CB0 Relevance: 2.8, Strings: 2, Instructions: 252COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 033F1E12 Relevance: 2.7, Strings: 2, Instructions: 248COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0348C6AA Relevance: 1.4, Strings: 1, Instructions: 167COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 033F1135 Relevance: .2, Instructions: 188COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 033F5766 Relevance: .2, Instructions: 188COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 033F20EA Relevance: .2, Instructions: 166COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 033F517A Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 033F4FDF Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 033F776A Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0340448A Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|