Windows
Analysis Report
SecuriteInfo.com.Heur.7529.3828.exe
Overview
General Information
Detection
Score: | 39 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 0% |
Signatures
Classification
- System is w10x64
- SecuriteInfo.com.Heur.7529.3828.exe (PID: 1176 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Heur.7529. 3828.exe" MD5: 6EEC575753A25441C6FADE4F961195C4)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Keylogger_Generic | Yara detected Keylogger Generic | Joe Security | ||
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Keylogger_Generic | Yara detected Keylogger Generic | Joe Security | ||
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security | ||
JoeSecurity_Keylogger_Generic | Yara detected Keylogger Generic | Joe Security |
Click to jump to signature section
Source: | Static PE information: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Code function: | 0_2_05BFD1B4 | |
Source: | Code function: | 0_2_05C12E28 | |
Source: | Code function: | 0_2_05BFCBE8 |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Spam, unwanted Advertisements and Ransom Demands |
---|
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_05CA85C8 | |
Source: | Code function: | 0_2_05CA84D8 | |
Source: | Code function: | 0_2_05CA83B8 | |
Source: | Code function: | 0_2_05CA82C8 | |
Source: | Code function: | 0_2_05CA6ED8 | |
Source: | Code function: | 0_2_05C3080C | |
Source: | Code function: | 0_2_05CB174C | |
Source: | Code function: | 0_2_05CA71B8 | |
Source: | Code function: | 0_2_05BFB96C | |
Source: | Code function: | 0_2_05CB1890 |
Source: | Code function: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_05C1310C |
Source: | Code function: | 0_2_05CAAE54 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File written: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_05C544C2 | |
Source: | Code function: | 0_2_05CC443C | |
Source: | Code function: | 0_2_05C0A7FE | |
Source: | Code function: | 0_2_05BFE7E5 | |
Source: | Code function: | 0_2_05BFE7CD | |
Source: | Code function: | 0_2_05BFE6B9 | |
Source: | Code function: | 0_2_05BFE695 | |
Source: | Code function: | 0_2_05BFE6DD | |
Source: | Code function: | 0_2_05BFE635 | |
Source: | Code function: | 0_2_05BFE64D | |
Source: | Code function: | 0_2_05BFE641 | |
Source: | Code function: | 0_2_05CC2164 | |
Source: | Code function: | 0_2_05C56128 | |
Source: | Code function: | 0_2_05BFE01D | |
Source: | Code function: | 0_2_05C5C3CC | |
Source: | Code function: | 0_2_05C5E370 | |
Source: | Code function: | 0_2_05CBE386 | |
Source: | Code function: | 0_2_05CBE2E5 | |
Source: | Code function: | 0_2_05CC424C | |
Source: | Code function: | 0_2_05C5A218 | |
Source: | Code function: | 0_2_05C58D44 | |
Source: | Code function: | 0_2_05C1ECD9 | |
Source: | Code function: | 0_2_05C00CDD | |
Source: | Code function: | 0_2_05C1ECA9 | |
Source: | Code function: | 0_2_05C0ACEC | |
Source: | Code function: | 0_2_05C28E7B | |
Source: | Code function: | 0_2_05CCC9C9 | |
Source: | Code function: | 0_2_05C0A9D2 | |
Source: | Code function: | 0_2_05C62985 | |
Source: | Code function: | 0_2_05C009A9 | |
Source: | Code function: | 0_2_05C62A2D |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Registry key created: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Code function: | 0_2_05BFD1B4 | |
Source: | Code function: | 0_2_05C12E28 | |
Source: | Code function: | 0_2_05BFCBE8 |
Source: | Code function: | 0_2_05BFDE88 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-45690 |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_05CB908C |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_05BF7C38 |
Source: | Code function: | 0_2_05BFD2EC | |
Source: | Code function: | 0_2_05C1A510 | |
Source: | Code function: | 0_2_05BFC78C | |
Source: | Code function: | 0_2_05C1A328 | |
Source: | Code function: | 0_2_05C16DE4 | |
Source: | Code function: | 0_2_05C16E30 |
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_05C15288 |
Source: | Code function: | 0_2_05BFDE9C |
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Replication Through Removable Media | 2 Command and Scripting Interpreter | 1 Windows Service | 1 Windows Service | 1 Masquerading | 1 Credential API Hooking | 1 System Time Discovery | Remote Services | 1 Credential API Hooking | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 Process Injection | 1 Virtualization/Sandbox Evasion | LSASS Memory | 121 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 1 Process Injection | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | 14 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Obfuscated Files or Information | LSA Secrets | 11 Peripheral Device Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 3 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 File Deletion | DCSync | 45 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | Virustotal | Browse | ||
3% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
privazer.com | 94.23.156.117 | true | false |
| unknown |
www.privazer.com | unknown | unknown | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
94.23.156.117 | privazer.com | France | 16276 | OVHFR | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1502166 |
Start date and time: | 2024-08-31 11:26:13 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 51s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SecuriteInfo.com.Heur.7529.3828.exe |
Detection: | SUS |
Classification: | sus39.rans.evad.winEXE@1/9@2/1 |
EGA Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): SearchFilterHost.exe, dllhost.exe, SearchProtocolHost.exe, WMIADAP.exe, SIHClient.exe, SearchIndexer.exe, svchost.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadFile calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
Time | Type | Description |
---|---|---|
05:27:07 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
94.23.156.117 | Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
OVHFR | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | CobaltStrike, Metasploit | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Captcha Phish, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, PureLog Stealer, Vidar | Browse |
| ||
Get hash | malicious | LummaC, PureLog Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, PureLog Stealer, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\000\leveldb-viewer.exe | Get hash | malicious | Unknown | Browse | ||
C:\Users\user\AppData\Local\Temp\000\json.dll | Get hash | malicious | Unknown | Browse | ||
C:\Users\user\AppData\Local\Temp\000\sqlite3.dll | Get hash | malicious | Unknown | Browse |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30274 |
Entropy (8bit): | 3.7726676835319526 |
Encrypted: | false |
SSDEEP: | 384:wGU/ZMwdLWp9HF406bFkI0rrr6Ng7nBn/Din1Pu3oGnA+QjzeHCEDdko2AlG9MHc:wHBSozsd6mAB3J+SdZ8sazG7jzv |
MD5: | B4CD0BA1301D6D453E79F209144C77E1 |
SHA1: | 8C1B5D49F314AA9CF8580ECADFEA8300087C5935 |
SHA-256: | 05A6507895665DDA3DD6C877C3A91C8A25BE7A39CBCC9E4421F492B569D64B90 |
SHA-512: | AAC9DB83072782068BF4A7648B687A35523F4A36C11D12E2B65E55CA5E0E8225E81F4CBC091638F40638DAD15C89FB9D85F30008EDB722D63E76AB1C624425CC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File Type: | |
Category: | modified |
Size (bytes): | 30504 |
Entropy (8bit): | 3.781059806699538 |
Encrypted: | false |
SSDEEP: | 384:9U/Zt9wB5NnWyW0j9HpjM3c40vNbzDt0kI0rrr6UENg7SLBnqd/StDin1Pu3oGnC:iByAzVlqmAB3hOldYEkzrf7rzv |
MD5: | 671CD2F1FA35D019006FCF0865C4AADB |
SHA1: | D85B5D3FDAFFEE2B4FD904E9DA353299AB35C1C4 |
SHA-256: | F98EBA0F9E1466CC091BE1ED7C5AFCBBFF8F837DECF3F1DBB50EDD129C8E2ADC |
SHA-512: | 80B9D04D5A65E95D279DBAA2AD19DC10D829563B056CC3CC93D26BE6A53EC8740BA4822D5E9B1E914E64B78C9DB952AC08EBF7B9DB8C2339737D5F133C14BCFC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 153 |
Entropy (8bit): | 4.7027960170837115 |
Encrypted: | false |
SSDEEP: | 3:XOXA224IZoNSiWYR4GRLlJ9AWv+QwZMWRN7y:XgAzZoNrWYbLlzAW2GSNO |
MD5: | 45559BDE2C38B6BD413E6B82E4C07939 |
SHA1: | 358EB05EC90DD1E21D52AFAF8CC0CCA37F05A1CF |
SHA-256: | 8B383FBCB145BEAF30F7C0F1B71E0019B6DA9DF4F650613F08B3D7B0C7B9D0D2 |
SHA-512: | 175780864D083F53860F9BCAEB4F6EACE529E2A08772AB535912322772C62380CF831BFAE0A301A1132E026A8D3380A93156C0C631D76CEE8403280EE697E72F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2727904 |
Entropy (8bit): | 6.631826151141906 |
Encrypted: | false |
SSDEEP: | 49152:VolOHhecHMHzlwvyjNmXLy5PlYTo25hKieciS4i5ppZdkXvy+QiUu8:V6OHhHHMTlgsJHUu8 |
MD5: | 862EB74EF2D18DC4BBD27BBBF072AC27 |
SHA1: | 0C8D2E9FC1569E27B99CC4AA222FBC777A75942A |
SHA-256: | BF51CDFC3080F17655056D00504D5AF2FC12441C36ADA627827CE3ECC6743517 |
SHA-512: | BA8BA4499132075AB165E5697135BA5E161AC6F6551D17C6C83A3E67B9F96F82AFA2D144816E28E0F86A90A1D8B91076CB077DF3CB8E2E468E2CFDC82BDC9857 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2686024 |
Entropy (8bit): | 6.142547137168233 |
Encrypted: | false |
SSDEEP: | 24576:DNd+PjszxkN1IH8abnVJns+ydE43kVTMW3esjfDcoHUXU0fb+ddR2GKccSw92jPW:P+PQzxz3yTy+cRGcvwti3fs9eEF |
MD5: | 180D2372F0FB3F6431EED893417F1989 |
SHA1: | 19027132A8620802DD8FB11F99B5CB5E53514F18 |
SHA-256: | 21097BF047F6EB5A2E2033103AA1DE7825F0087DFF2C0CD254D689213187140E |
SHA-512: | 980F5E2E5F684084BBCF905B243F6808EA7C6BA2F4A52EF8C7C56047A6159F1B6CA1179BD4E27C27B9A997EBA2873E98C0DD7EFF4A312B254C4B9AB46A3439CD |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 196 |
Entropy (8bit): | 5.098952451791238 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezocKqD:J0+oxBeRmR9etdzRxGez1T |
MD5: | 62962DAA1B19BBCC2DB10B7BFD531EA6 |
SHA1: | D64BAE91091EDA6A7532EBEC06AA70893B79E1F8 |
SHA-256: | 80C3FE2AE1062ABF56456F52518BD670F9EC3917B7F85E152B347AC6B6FAF880 |
SHA-512: | 9002A0475FDB38541E78048709006926655C726E93E823B84E2DBF5B53FD539A5342E7266447D23DB0E5528E27A19961B115B180C94F2272FF124C7E5C8304E7 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 308013 |
Entropy (8bit): | 7.907513443547922 |
Encrypted: | false |
SSDEEP: | 6144:jczYv01jGsKdfbnBgJ59ef5MO1u5IHN1wDA2U2qnmFU4ZIUsvanmC6:jU1vtJuf7YuP2UydaC6 |
MD5: | 40EB8445F9440962DA3F64CBA064EDF9 |
SHA1: | D76FB27CAB135CBBC998404F8FC3FC18EE88EB6F |
SHA-256: | 8DEFBFFA55515DC2D2451177944C28724D7D7F63FECAF09709EEEBB2239AC041 |
SHA-512: | E27BBB5DC0F15AE355FA3FEC8F533A11E578A1B4BD737508F064F68D10EA2821CDDEAC82EADE987A9F5A9320F557D5F31AAADC29E6340C84FB6C9AF8DAE13B1E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2505696 |
Entropy (8bit): | 6.076420802474236 |
Encrypted: | false |
SSDEEP: | 49152:GY7LE5gv9G8jd4QoOLtwnscD2bJQI/H4YFr15E8:GY7LOgbjdAitAT43H4g5d |
MD5: | EA1FEF49618036CF262389F8B163737C |
SHA1: | AD14B8B3891043BA313934D4C96A67C4F726A0D6 |
SHA-256: | E44D60ACDBB9DAEC105432407F6B0EC6C19B9AD60456256788AC5A53DDF0CB70 |
SHA-512: | 331A6D00DA0D8B47B13E9E04C73D8620D8EE721D353426655B0C30A4AB1DD9C21F7E45D02F90FAFB6339771C4C9622E8BD7E7F59B811696698B9FF963A2ED687 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1452 |
Entropy (8bit): | 3.496489415646173 |
Encrypted: | false |
SSDEEP: | 24:Q+z/tLqiuZFAn1yu92YXKS/ScljyJW3peGl9NYEjyJWgusRcljGMJplI+19aRayR:rzMisFG1ysJ35VsyXYrusRcljJSy9iI8 |
MD5: | 9272B8BDA67F013EBECF218C77AD1D5B |
SHA1: | 50EBF568B2E6C7205EC8F6D6023829AF6D8EABD9 |
SHA-256: | C19D282CBF82AE2E16D1CB014DBED76D11B29EDA4D1357CE13699620F2CC4ED4 |
SHA-512: | B3C71738CC240DE0BCD4FC8058315B61BEDFE6123AE2F17CF216910B3B910FE335E9281F6F60060A364C4C7BCDDB3EEA0A2E85E9391120D0FD241AC611685675 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.746513065616034 |
TrID: |
|
File name: | SecuriteInfo.com.Heur.7529.3828.exe |
File size: | 29'240'904 bytes |
MD5: | 6eec575753a25441c6fade4f961195c4 |
SHA1: | 69ba87145777b46ca4e06c5563ebe77d4394d9e7 |
SHA256: | 85433453aa370dd4059262be9a53d8cfed907908d7728226462a5fa6a667e921 |
SHA512: | 64a8e6e952649f48fdaad9f1a13a8d559cc8a773d62bd264682ecf46953c89338d72f0e9f3ec7c4eb95af875a84871e6cd30dce2931dc6570ee13f88f3f8606f |
SSDEEP: | 393216:3klccCBUdnAbrIwYJ2UqTqyxn5S+ZofBgq2EOKU2KgYgsMenuGGwRIYKj1SN8Ojg:3wMrdZBEO994GGwRIYKj1SN8OjxF7+aO |
TLSH: | 01578B15B340923AC85763F48407B2A95B342DA15B21DAD7398EBE1CFFB52C1AD382D7 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 89793299cc3eac53 |
Entrypoint: | 0xa3b568 |
Entrypoint Section: | CODE |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | efaf2bdeb2dca70615e241968bbd75f4 |
Signature Valid: | true |
Signature Issuer: | CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 827CA6FA6F7D1ED0D0148D0655CB1DDC |
Thumbprint SHA-1: | 878CCACA0F4073B68E4D216A9DBC4D9C31B7CD0C |
Thumbprint SHA-256: | 21D3CBAC3322E04AF050CFA5C6C3E357C22BC78D743DD0B47628C3BE6FA09BCA |
Serial: | 009C91D8D991C56342F031B82DA330CCAF |
Instruction |
---|
push ebp |
mov ebp, esp |
mov ecx, 00000048h |
push 00000000h |
push 00000000h |
dec ecx |
jne 00007F1A64816F7Bh |
push ecx |
push ebx |
push esi |
push edi |
mov eax, 00A3A978h |
call 00007F1A641E2ACCh |
mov edi, dword ptr [00A55DB8h] |
xor eax, eax |
push ebp |
push 00A3DDA7h |
push dword ptr fs:[eax] |
mov dword ptr fs:[eax], esp |
mov ax, 027Fh |
call 00007F1A641DD6FBh |
mov eax, dword ptr [00A55698h] |
mov eax, dword ptr [eax] |
call 00007F1A6426D457h |
mov eax, dword ptr [00A55698h] |
mov eax, dword ptr [eax] |
mov dword ptr [eax+78h], 0000000Ah |
mov eax, dword ptr [00A55698h] |
mov eax, dword ptr [eax] |
mov dword ptr [eax+74h], 00003A98h |
mov eax, dword ptr [00A55698h] |
mov eax, dword ptr [eax] |
mov edx, 00FFFFFFh |
call 00007F1A6426DB32h |
mov eax, dword ptr [00A55698h] |
mov eax, dword ptr [eax] |
mov dl, 01h |
call 00007F1A6426DAD4h |
mov eax, dword ptr [00A55698h] |
mov eax, dword ptr [eax] |
mov edx, 00A3DDC4h |
mov ecx, dword ptr [eax] |
call dword ptr [ecx+18h] |
call 00007F1A647BE366h |
push 00000001h |
call 00007F1A641E351Fh |
lea eax, dword ptr [ebp-14h] |
call 00007F1A6458C45Bh |
mov edx, dword ptr [ebp-14h] |
mov eax, 00A856C8h |
call 00007F1A641DFD6Ah |
mov eax, 00A85498h |
mov edx, 00A3DDD8h |
call 00007F1A641E75D3h |
push 00A85498h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x68c000 | 0x4f | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x686000 | 0x50dc | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x6e3000 | 0x152ec39 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x1bdd400 | 0x5a48 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x68f000 | 0x53ca4 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x68e000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
CODE | 0x1000 | 0x63dce8 | 0x63de00 | fb9c2227a68e33fb1ffcaa57c709316f | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
DATA | 0x63f000 | 0x16fc8 | 0x17000 | e813719402f5156ae425c5359ec8a68f | False | 0.5426290760869565 | data | 6.182660583779649 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
BSS | 0x656000 | 0x2f6d5 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0x686000 | 0x50dc | 0x5200 | 66e88bc6c18e47696b18c6aa15e0866e | False | 0.3386528201219512 | data | 5.004285759438656 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.edata | 0x68c000 | 0x4f | 0x200 | 99b8b0699b843abf02895af576562311 | False | 0.134765625 | data | 0.8585119567054085 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.tls | 0x68d000 | 0x25c | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x68e000 | 0x18 | 0x200 | 553803eac1acf49fe8c055c9df7de6a3 | False | 0.056640625 | data | 0.2147325177871819 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.reloc | 0x68f000 | 0x53ca4 | 0x53e00 | d01a7222eab8f6870b4195c5db39bf91 | False | 0.6171904107675111 | data | 6.769685983367294 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.rsrc | 0x6e3000 | 0x152ec39 | 0x152ee00 | 608c6118221cf4b87ce0b467d9d75dde | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
EXEFILE | 0x6e8008 | 0x299fe0 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | 0.33449363708496094 | ||
EXEFILE | 0x981fe8 | 0x28fc48 | PE32 executable (console) Intel 80386, for MS Windows | 0.39478302001953125 | ||
EXEFILE | 0xc11c30 | 0x11f | zlib compressed data | 1.038327526132404 | ||
EXEFILE | 0xc11d50 | 0x178 | zlib compressed data | 1.0292553191489362 | ||
EXEFILE | 0xc11ec8 | 0x4b32d | Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 256 kbps, 48 kHz, Stereo | 0.984887001522663 | ||
EXEFILE | 0xc5d1f8 | 0x263be0 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | 0.4352073669433594 | ||
EXEFILE | 0xec0dd8 | 0x12f | zlib compressed data | 1.0363036303630364 | ||
EXEFILE | 0xec0f08 | 0x12d | zlib compressed data | 1.0365448504983388 | ||
EXEFILE | 0xec1038 | 0xfe028 | PE32 executable (GUI) Intel 80386, for MS Windows | 0.5044491476551868 | ||
MAD | 0xfbf060 | 0x14 | data | 1.35 | ||
MAD | 0xfbf074 | 0x68e0 | data | 1.000595947556615 | ||
TXT | 0xfc5954 | 0x186a1 | data | 1.000409995900041 | ||
TXT | 0xfddff8 | 0x23d9d | GNU message catalog (little endian), revision 0.0, 1556 messages, Project-Id-Version: no '\330\247\331\204\331\205\330\255\331\201\331\210\330\270\330\247\330\252 "\330\247\331\204\330\260\331\207\330\247\330\250 \330\245\331\204\331\211"' | 0.3310429364295686 | ||
TXT | 0x1001d98 | 0x29402 | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\bg\LC_MESSAGES\default.bg.po ( '"O\321\202\320\270\320\264\320\270 \320\262" \320\270\321\201\321\202\320\276\321\200\320\270\321\217' | 0.3001976775843089 | ||
TXT | 0x102b19c | 0x1fdab | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\ca\LC_MESSAGES\default.ca.po ( 'Historial de "Ves a"' | 0.35981605671584593 | ||
TXT | 0x104af48 | 0x1f43f | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\cs\LC_MESSAGES\default.cs.po ( '"Go to" Historie' | 0.3659370778444984 | ||
TXT | 0x106a388 | 0x1e94f | GNU message catalog (little endian), revision 0.0, 1556 messages, Project-Id-Version: PrivaZer '"G\303\245 til" historik' | 0.36404205551519603 | ||
TXT | 0x1088cd8 | 0x2062d | GNU message catalog (little endian), revision 0.0, 1556 messages, Project-Id-Version: a '"Gehe zu"-Historie' | 0.3516467776831282 | ||
TXT | 0x10a9308 | 0x2b1b5 | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\el\LC_MESSAGES\default.el.po ( '"Go to" \316\231\317\203\317\204\316\277\317\201\316\271\316\272\317\214' | 0.3004502591113754 | ||
TXT | 0x10d44c0 | 0x200fa | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\es\LC_MESSAGES\default.es.po ( '"Go to" historial' | 0.3535431991593183 | ||
TXT | 0x10f45bc | 0x20688 | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\fr\LC_MESSAGES\default.fr.po ( 'Historique "Aller \303\240"' | 0.3487916591333695 | ||
TXT | 0x1114c44 | 0x22a4a | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\he\LC_MESSAGES\default.he.po ( '\327\224\327\231\327\241\327\230\327\225\327\250\327\231\327\231\327\252 "\327\242\327\221\327\225\327\250 \327\220\327\234"' | 0.33047682137873685 | ||
TXT | 0x1137690 | 0x1f423 | GNU message catalog (little endian), revision 0.0, 1556 messages, Project-Id-Version: a '"Idi" Povijest' | 0.3610419026047565 | ||
TXT | 0x1156ab4 | 0x20f70 | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\hu\LC_MESSAGES\default.hu.po ( '"Ugr\303\241s" az el\305\221zm\303\251nyekhez' | 0.35527758028202394 | ||
TXT | 0x1177a24 | 0x20152 | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\it\LC_MESSAGES\default.it.po ( 'Cronologia di "Vai A"' | 0.3528346396773457 | ||
TXT | 0x1197b78 | 0x23962 | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\ja\LC_MESSAGES\default.ja.po ( '"Go to" \343\203\222\343\202\271\343\203\210\343\203\252\343\203\274' | 0.3276436931436177 | ||
TXT | 0x11bb4dc | 0x1fc86 | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\lt\LC_MESSAGES\default.lt.po ( '/"Eiti/"istorija ' | 0.3625462813599422 | ||
TXT | 0x11db164 | 0x1ffba | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\lv\LC_MESSAGES\default.lv.po ( '"P\304\201riet uz" v\304\223sture' | 0.36029220927924765 | ||
TXT | 0x11fb120 | 0x1f7c6 | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\nl\LC_MESSAGES\default.nl.po ( '"Go to" Historie' | 0.3577764682164291 | ||
TXT | 0x121a8e8 | 0x2005c | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\pl\LC_MESSAGES\default.pl.po ( '"Id\305\272 do" historia' | 0.35943551584276173 | ||
TXT | 0x123a944 | 0x1fbad | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\pt\LC_MESSAGES\default.pt.po ( '"Ir para" hist\303\263rico' | 0.35616512137883277 | ||
TXT | 0x125a4f4 | 0x1fda7 | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\ro\LC_MESSAGES\default.ro.po ( '"Go to" istoric' | 0.35926757670286885 | ||
TXT | 0x127a29c | 0x28e14 | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\ru\LC_MESSAGES\default.ru.po ( '"\320\237\320\265\321\200\320\265\320\271\321\202\320\270" \320\270\321\201\321\202\320\276\321\200\320\270\321\217' | 0.3049198538018681 | ||
TXT | 0x12a30b0 | 0x1f580 | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\sk\LC_MESSAGES\default.sk.po ( '"\303\215s\305\245 na" hist\303\263ria' | 0.36147027666999004 | ||
TXT | 0x12c2630 | 0x1f5fc | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\sl\LC_MESSAGES\default.sl.po ( '"Pojdi" zgodovina' | 0.3624599246739503 | ||
TXT | 0x12e1c2c | 0x1f8aa | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\sr\LC_MESSAGES\default.sr.po ( '"Idi na" istoriju' | 0.3644286886387913 | ||
TXT | 0x13014d8 | 0x1e44d | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\fr\LC_MESSAGES\default.fr.po ( '"G\303\245 till" historik' | 0.36476556891781803 | ||
TXT | 0x131f928 | 0x200d3 | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\tr\LC_MESSAGES\default.tr.po ( 'ge\303\247mi\305\237e git' | 0.3583632305782165 | ||
TXT | 0x133f9fc | 0x27a67 | GNU message catalog (little endian), revision 0.0, 1556 messages, #-#-#-#-# C: \Documents and Settings\Administrateur\Mes documents\privazer\locale_lang_external\uk\LC_MESSAGES\default.uk.po ( '\320\206\321\201\321\202\320\276\321\200\321\226\321\217 "Go to"' | 0.31083019820574237 | ||
TXT | 0x1367464 | 0x1da2c | GNU message catalog (little endian), revision 0.0, 1556 messages, Project-Id-Version: a '\350\267\263\350\275\254\345\210\227\350\241\250\347\232\204\345\216\206\345\217\262\350\256\260\345\275\225' | 0.3734965564965235 | ||
TXT | 0x1384e90 | 0x1da26 | GNU message catalog (little endian), revision 0.0, 1556 messages, Project-Id-Version: a '\350\267\263\350\275\211\345\210\227\350\241\250\347\232\204\346\255\267\345\217\262\350\250\230\351\214\204' | 0.3743635794434101 | ||
TXT | 0x13a28b8 | 0x4a3 | ASCII text, with CRLF line terminators | 0.44903117101937656 | ||
TXT | 0x13a2d5c | 0x465 | ASCII text, with CRLF line terminators | 0.488 | ||
RT_CURSOR | 0x13a31c4 | 0x134 | data | 0.37012987012987014 | ||
RT_CURSOR | 0x13a32f8 | 0x134 | data | 0.4642857142857143 | ||
RT_CURSOR | 0x13a342c | 0x134 | data | 0.4805194805194805 | ||
RT_CURSOR | 0x13a3560 | 0x134 | data | English | United States | 0.5941558441558441 |
RT_CURSOR | 0x13a3694 | 0x134 | data | 0.36038961038961037 | ||
RT_CURSOR | 0x13a37c8 | 0x134 | data | 0.4090909090909091 | ||
RT_CURSOR | 0x13a38fc | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | 0.4967532467532468 | ||
RT_CURSOR | 0x13a3a30 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.19385026737967914 |
RT_CURSOR | 0x13a3d1c | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.18716577540106952 |
RT_CURSOR | 0x13a4008 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.2179144385026738 |
RT_CURSOR | 0x13a42f4 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.21122994652406418 |
RT_CURSOR | 0x13a45e0 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294967064, 3584 elements, 2nd "\377\270w\377\377\370\177\377\377\370\177\377\377\370\177\377\377\370\177\377\377\370\177\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | German | Germany | 0.32792207792207795 |
RT_CURSOR | 0x13a4714 | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.32142857142857145 |
RT_CURSOR | 0x13a4848 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | 0.3538961038961039 | ||
RT_CURSOR | 0x13a497c | 0x134 | data | English | United States | 0.2564935064935065 |
RT_CURSOR | 0x13a4ab0 | 0x134 | data | English | United States | 0.39935064935064934 |
RT_CURSOR | 0x13a4be4 | 0x134 | Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.2694805194805195 |
RT_CURSOR | 0x13a4d18 | 0x134 | Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.2305194805194805 |
RT_CURSOR | 0x13a4e4c | 0x134 | Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.22402597402597402 |
RT_CURSOR | 0x13a4f80 | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.35064935064935066 |
RT_CURSOR | 0x13a50b4 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | German | Germany | 0.5292207792207793 |
RT_CURSOR | 0x13a51e8 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.18983957219251338 |
RT_CURSOR | 0x13a54d4 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.19117647058823528 |
RT_CURSOR | 0x13a57c0 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.19786096256684493 |
RT_CURSOR | 0x13a5aac | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.18983957219251338 |
RT_CURSOR | 0x13a5d98 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.19518716577540107 |
RT_CURSOR | 0x13a6084 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.19518716577540107 |
RT_CURSOR | 0x13a6370 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | 0.38636363636363635 | ||
RT_CURSOR | 0x13a64a4 | 0x134 | data | 0.38311688311688313 | ||
RT_BITMAP | 0x13a65d8 | 0xe8 | Device independent bitmap graphic, 8 x 8 x 24, image size 192 | English | United States | 0.4353448275862069 |
RT_BITMAP | 0x13a66c0 | 0xe8 | Device independent bitmap graphic, 8 x 8 x 24, image size 192 | English | United States | 0.22413793103448276 |
RT_BITMAP | 0x13a67a8 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.43103448275862066 | ||
RT_BITMAP | 0x13a6978 | 0x1e4 | Device independent bitmap graphic, 36 x 19 x 4, image size 380 | 0.46487603305785125 | ||
RT_BITMAP | 0x13a6b5c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.43103448275862066 | ||
RT_BITMAP | 0x13a6d2c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.39870689655172414 | ||
RT_BITMAP | 0x13a6efc | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.4245689655172414 | ||
RT_BITMAP | 0x13a70cc | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.5021551724137931 | ||
RT_BITMAP | 0x13a729c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.5064655172413793 | ||
RT_BITMAP | 0x13a746c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.39655172413793105 | ||
RT_BITMAP | 0x13a763c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.5344827586206896 | ||
RT_BITMAP | 0x13a780c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.39655172413793105 | ||
RT_BITMAP | 0x13a79dc | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | 0.3577586206896552 | ||
RT_BITMAP | 0x13a7ac4 | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | English | United States | 0.30603448275862066 |
RT_BITMAP | 0x13a7bac | 0x4d8 | Device independent bitmap graphic, 20 x 20 x 24, image size 1200, resolution 2834 x 2834 px/m | German | Germany | 0.15564516129032258 |
RT_BITMAP | 0x13a8084 | 0x4d8 | Device independent bitmap graphic, 20 x 20 x 24, image size 1200, resolution 2834 x 2834 px/m | 0.19274193548387097 | ||
RT_BITMAP | 0x13a855c | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | German | Germany | 0.4396551724137931 |
RT_BITMAP | 0x13a8644 | 0x5cc | Device independent bitmap graphic, 19 x 19 x 32, image size 1444, resolution 3779 x 3779 px/m | 0.4865229110512129 | ||
RT_BITMAP | 0x13a8c10 | 0x5cc | Device independent bitmap graphic, 19 x 19 x 32, image size 1444, resolution 3779 x 3779 px/m | 0.601078167115903 | ||
RT_BITMAP | 0x13a91dc | 0x5cc | Device independent bitmap graphic, 19 x 19 x 32, image size 1444, resolution 2834 x 2834 px/m | 0.5579514824797843 | ||
RT_BITMAP | 0x13a97a8 | 0x5cc | Device independent bitmap graphic, 19 x 19 x 32, image size 1444, resolution 3779 x 3779 px/m | 0.477088948787062 | ||
RT_BITMAP | 0x13a9d74 | 0x5cc | Device independent bitmap graphic, 19 x 19 x 32, image size 1444, resolution 3779 x 3779 px/m | 0.5990566037735849 | ||
RT_BITMAP | 0x13aa340 | 0x5cc | Device independent bitmap graphic, 19 x 19 x 32, image size 1444, resolution 2834 x 2834 px/m | 0.5559299191374663 | ||
RT_BITMAP | 0x13aa90c | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | 0.5208333333333334 | ||
RT_BITMAP | 0x13aa9cc | 0x50 | Device independent bitmap graphic, 8 x 8 x 1, image size 32 | English | United States | 0.55 |
RT_BITMAP | 0x13aaa1c | 0xd8 | Device independent bitmap graphic, 14 x 14 x 4, image size 112 | 0.4074074074074074 | ||
RT_BITMAP | 0x13aaaf4 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | 0.42857142857142855 | ||
RT_BITMAP | 0x13aabd4 | 0x128 | Device independent bitmap graphic, 21 x 16 x 4, image size 192 | 0.39864864864864863 | ||
RT_BITMAP | 0x13aacfc | 0x128 | Device independent bitmap graphic, 19 x 16 x 4, image size 192 | 0.3885135135135135 | ||
RT_BITMAP | 0x13aae24 | 0x128 | Device independent bitmap graphic, 21 x 16 x 4, image size 192 | 0.3885135135135135 | ||
RT_BITMAP | 0x13aaf4c | 0xe8 | Device independent bitmap graphic, 13 x 16 x 4, image size 128 | 0.36637931034482757 | ||
RT_BITMAP | 0x13ab034 | 0x128 | Device independent bitmap graphic, 17 x 16 x 4, image size 192 | 0.3614864864864865 | ||
RT_BITMAP | 0x13ab15c | 0x128 | Device independent bitmap graphic, 20 x 16 x 4, image size 192 | 0.3783783783783784 | ||
RT_BITMAP | 0x13ab284 | 0xd0 | Device independent bitmap graphic, 13 x 13 x 4, image size 104 | 0.49038461538461536 | ||
RT_BITMAP | 0x13ab354 | 0x128 | Device independent bitmap graphic, 21 x 16 x 4, image size 192 | 0.3716216216216216 | ||
RT_BITMAP | 0x13ab47c | 0x128 | Device independent bitmap graphic, 17 x 16 x 4, image size 192 | 0.2905405405405405 | ||
RT_BITMAP | 0x13ab5a4 | 0x16c | Device independent bitmap graphic, 9 x 9 x 32, image size 324 | English | United States | 0.37637362637362637 |
RT_BITMAP | 0x13ab710 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | 0.4955357142857143 | ||
RT_BITMAP | 0x13ab7f0 | 0x5c | Device independent bitmap graphic, 6 x 11 x 1, image size 44 | 0.391304347826087 | ||
RT_BITMAP | 0x13ab84c | 0x5c | Device independent bitmap graphic, 6 x 11 x 1, image size 44 | 0.532608695652174 | ||
RT_BITMAP | 0x13ab8a8 | 0x5c | Device independent bitmap graphic, 6 x 11 x 1, image size 44 | 0.4782608695652174 | ||
RT_BITMAP | 0x13ab904 | 0x5c | Device independent bitmap graphic, 6 x 11 x 1, image size 44 | 0.5543478260869565 | ||
RT_BITMAP | 0x13ab960 | 0x5c | Device independent bitmap graphic, 6 x 11 x 1, image size 44 | 0.4673913043478261 | ||
RT_BITMAP | 0x13ab9bc | 0x138 | Device independent bitmap graphic, 28 x 13 x 4, image size 208 | 0.41025641025641024 | ||
RT_BITMAP | 0x13abaf4 | 0x138 | Device independent bitmap graphic, 28 x 13 x 4, image size 208 | 0.27564102564102566 | ||
RT_BITMAP | 0x13abc2c | 0x138 | Device independent bitmap graphic, 28 x 13 x 4, image size 208 | 0.3685897435897436 | ||
RT_BITMAP | 0x13abd64 | 0x138 | Device independent bitmap graphic, 28 x 13 x 4, image size 208 | 0.3685897435897436 | ||
RT_BITMAP | 0x13abe9c | 0x138 | Device independent bitmap graphic, 28 x 13 x 4, image size 208 | 0.34294871794871795 | ||
RT_BITMAP | 0x13abfd4 | 0x138 | Device independent bitmap graphic, 28 x 13 x 4, image size 208 | 0.3717948717948718 | ||
RT_BITMAP | 0x13ac10c | 0x104 | Device independent bitmap graphic, 20 x 13 x 4, image size 156 | 0.5038461538461538 | ||
RT_BITMAP | 0x13ac210 | 0x138 | Device independent bitmap graphic, 28 x 13 x 4, image size 208 | 0.4326923076923077 | ||
RT_BITMAP | 0x13ac348 | 0x104 | Device independent bitmap graphic, 20 x 13 x 4, image size 156 | 0.5153846153846153 | ||
RT_BITMAP | 0x13ac44c | 0x138 | Device independent bitmap graphic, 28 x 13 x 4, image size 208 | 0.46474358974358976 | ||
RT_BITMAP | 0x13ac584 | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | 0.3577586206896552 | ||
RT_BITMAP | 0x13ac66c | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 768, resolution 2834 x 2834 px/m | 0.06188118811881188 | ||
RT_BITMAP | 0x13ac994 | 0x528 | Device independent bitmap graphic, 16 x 16 x 8, image size 256 | German | Germany | 0.38257575757575757 |
RT_BITMAP | 0x13acebc | 0x128 | Device independent bitmap graphic, 21 x 16 x 4, image size 192 | 0.38175675675675674 | ||
RT_BITMAP | 0x13acfe4 | 0x128 | Device independent bitmap graphic, 19 x 16 x 4, image size 192 | 0.3783783783783784 | ||
RT_BITMAP | 0x13ad10c | 0x128 | Device independent bitmap graphic, 21 x 16 x 4, image size 192 | 0.3783783783783784 | ||
RT_BITMAP | 0x13ad234 | 0xe8 | Device independent bitmap graphic, 12 x 16 x 4, image size 128 | 0.3620689655172414 | ||
RT_BITMAP | 0x13ad31c | 0x128 | Device independent bitmap graphic, 17 x 16 x 4, image size 192 | 0.3581081081081081 | ||
RT_BITMAP | 0x13ad444 | 0x128 | Device independent bitmap graphic, 20 x 16 x 4, image size 192 | 0.375 | ||
RT_BITMAP | 0x13ad56c | 0xd0 | Device independent bitmap graphic, 13 x 13 x 4, image size 104 | 0.47115384615384615 | ||
RT_BITMAP | 0x13ad63c | 0x128 | Device independent bitmap graphic, 21 x 16 x 4, image size 192 | 0.36824324324324326 | ||
RT_BITMAP | 0x13ad764 | 0x128 | Device independent bitmap graphic, 17 x 16 x 4, image size 192 | 0.28716216216216217 | ||
RT_BITMAP | 0x13ad88c | 0x128 | Device independent bitmap graphic, 21 x 16 x 4, image size 192 | 0.3885135135135135 | ||
RT_BITMAP | 0x13ad9b4 | 0x128 | Device independent bitmap graphic, 19 x 16 x 4, image size 192 | 0.375 | ||
RT_BITMAP | 0x13adadc | 0x128 | Device independent bitmap graphic, 21 x 16 x 4, image size 192 | 0.375 | ||
RT_BITMAP | 0x13adc04 | 0xe8 | Device independent bitmap graphic, 13 x 16 x 4, image size 128 | 0.36637931034482757 | ||
RT_BITMAP | 0x13adcec | 0x128 | Device independent bitmap graphic, 17 x 16 x 4, image size 192 | 0.35135135135135137 | ||
RT_BITMAP | 0x13ade14 | 0x128 | Device independent bitmap graphic, 20 x 16 x 4, image size 192 | 0.36486486486486486 | ||
RT_BITMAP | 0x13adf3c | 0xd0 | Device independent bitmap graphic, 13 x 13 x 4, image size 104 | 0.47115384615384615 | ||
RT_BITMAP | 0x13ae00c | 0x128 | Device independent bitmap graphic, 21 x 16 x 4, image size 192 | 0.3581081081081081 | ||
RT_BITMAP | 0x13ae134 | 0x128 | Device independent bitmap graphic, 17 x 16 x 4, image size 192 | 0.28716216216216217 | ||
RT_BITMAP | 0x13ae25c | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | 0.38392857142857145 | ||
RT_BITMAP | 0x13ae33c | 0x16c | Device independent bitmap graphic, 9 x 9 x 32, image size 324 | English | United States | 0.3956043956043956 |
RT_BITMAP | 0x13ae4a8 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | 0.4947916666666667 | ||
RT_BITMAP | 0x13ae568 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | 0.484375 | ||
RT_BITMAP | 0x13ae628 | 0xd0 | Device independent bitmap graphic, 8 x 7 x 24, image size 168 | English | United States | 0.22115384615384615 |
RT_BITMAP | 0x13ae6f8 | 0xd0 | Device independent bitmap graphic, 8 x 7 x 24, image size 168 | English | United States | 0.23076923076923078 |
RT_BITMAP | 0x13ae7c8 | 0x230 | Device independent bitmap graphic, 13 x 13 x 24, image size 520, resolution 2834 x 2834 px/m | 0.07857142857142857 | ||
RT_BITMAP | 0x13ae9f8 | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 768, resolution 2834 x 2834 px/m | 0.05198019801980198 | ||
RT_BITMAP | 0x13aed20 | 0x4d8 | Device independent bitmap graphic, 20 x 20 x 24, image size 1200, resolution 2834 x 2834 px/m | 0.037096774193548385 | ||
RT_BITMAP | 0x13af1f8 | 0x6a0 | Device independent bitmap graphic, 23 x 23 x 24, image size 1656, resolution 2834 x 2834 px/m | 0.0330188679245283 | ||
RT_BITMAP | 0x13af898 | 0x848 | Device independent bitmap graphic, 26 x 26 x 24, image size 2080, resolution 2834 x 2834 px/m | 0.027830188679245284 | ||
RT_BITMAP | 0x13b00e0 | 0xa20 | Device independent bitmap graphic, 29 x 29 x 24, image size 2552, resolution 2834 x 2834 px/m | 0.02353395061728395 | ||
RT_BITMAP | 0x13b0b00 | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | English | United States | 0.34051724137931033 |
RT_BITMAP | 0x13b0be8 | 0x230 | Device independent bitmap graphic, 13 x 13 x 24, image size 520, resolution 2834 x 2834 px/m | 0.3107142857142857 | ||
RT_BITMAP | 0x13b0e18 | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 768, resolution 2834 x 2834 px/m | 0.2264851485148515 | ||
RT_BITMAP | 0x13b1140 | 0x4d8 | Device independent bitmap graphic, 20 x 20 x 24, image size 1200, resolution 2834 x 2834 px/m | 0.17661290322580644 | ||
RT_BITMAP | 0x13b1618 | 0x6a0 | Device independent bitmap graphic, 23 x 23 x 24, image size 1656, resolution 2834 x 2834 px/m | 0.1474056603773585 | ||
RT_BITMAP | 0x13b1cb8 | 0x848 | Device independent bitmap graphic, 26 x 26 x 24, image size 2080, resolution 2834 x 2834 px/m | 0.125 | ||
RT_BITMAP | 0x13b2500 | 0xa20 | Device independent bitmap graphic, 29 x 29 x 24, image size 2552, resolution 2834 x 2834 px/m | 0.1246141975308642 | ||
RT_BITMAP | 0x13b2f20 | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | German | Germany | 0.34913793103448276 |
RT_BITMAP | 0x13b3008 | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | German | Germany | 0.29310344827586204 |
RT_BITMAP | 0x13b30f0 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | 0.42410714285714285 | ||
RT_BITMAP | 0x13b31d0 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.43103448275862066 | ||
RT_BITMAP | 0x13b33a0 | 0x1e4 | Device independent bitmap graphic, 36 x 19 x 4, image size 380 | 0.46487603305785125 | ||
RT_BITMAP | 0x13b3584 | 0x74 | Device independent bitmap graphic, 5 x 3 x 4, image size 12 | German | Germany | 0.5258620689655172 |
RT_BITMAP | 0x13b35f8 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.43103448275862066 | ||
RT_BITMAP | 0x13b37c8 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.39870689655172414 | ||
RT_BITMAP | 0x13b3998 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.4245689655172414 | ||
RT_BITMAP | 0x13b3b68 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.5021551724137931 | ||
RT_BITMAP | 0x13b3d38 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.5064655172413793 | ||
RT_BITMAP | 0x13b3f08 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.39655172413793105 | ||
RT_BITMAP | 0x13b40d8 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.5344827586206896 | ||
RT_BITMAP | 0x13b42a8 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.39655172413793105 | ||
RT_BITMAP | 0x13b4478 | 0xd8 | Device independent bitmap graphic, 14 x 14 x 4, image size 112 | 0.38425925925925924 | ||
RT_BITMAP | 0x13b4550 | 0x1028 | Device independent bitmap graphic, 32 x 32 x 32, image size 4096 | 0.41392649903288203 | ||
RT_BITMAP | 0x13b5578 | 0x428 | Device independent bitmap graphic, 16 x 16 x 32, image size 1024 | 0.2161654135338346 | ||
RT_BITMAP | 0x13b59a0 | 0x428 | Device independent bitmap graphic, 16 x 16 x 32, image size 1024 | 0.5018796992481203 | ||
RT_BITMAP | 0x13b5dc8 | 0x428 | Device independent bitmap graphic, 16 x 16 x 32, image size 1024 | 0.3167293233082707 | ||
RT_BITMAP | 0x13b61f0 | 0x1028 | Device independent bitmap graphic, 32 x 32 x 32, image size 4096 | 0.5548839458413927 | ||
RT_BITMAP | 0x13b7218 | 0x428 | Device independent bitmap graphic, 16 x 16 x 32, image size 1024 | 0.5582706766917294 | ||
RT_BITMAP | 0x13b7640 | 0x428 | Device independent bitmap graphic, 16 x 16 x 32, image size 1024 | 0.48402255639097747 | ||
RT_BITMAP | 0x13b7a68 | 0x428 | Device independent bitmap graphic, 16 x 16 x 32, image size 1024 | 0.5469924812030075 | ||
RT_BITMAP | 0x13b7e90 | 0x428 | Device independent bitmap graphic, 16 x 16 x 32, image size 1024 | 0.4906015037593985 | ||
RT_BITMAP | 0x13b82b8 | 0x1028 | Device independent bitmap graphic, 32 x 32 x 32, image size 4096 | 0.3034332688588008 | ||
RT_BITMAP | 0x13b92e0 | 0x428 | Device independent bitmap graphic, 16 x 16 x 32, image size 1024 | 0.48872180451127817 | ||
RT_BITMAP | 0x13b9708 | 0xd8 | Device independent bitmap graphic, 14 x 14 x 4, image size 112 | 0.35185185185185186 | ||
RT_BITMAP | 0x13b97e0 | 0x1d8 | Device independent bitmap graphic, 12 x 12 x 24, image size 432 | English | United States | 0.2966101694915254 |
RT_BITMAP | 0x13b99b8 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | 0.5104166666666666 | ||
RT_BITMAP | 0x13b9a78 | 0x1b4 | Device independent bitmap graphic, 11 x 11 x 24, image size 396 | English | United States | 0.1628440366972477 |
RT_BITMAP | 0x13b9c2c | 0xd8 | Device independent bitmap graphic, 14 x 14 x 4, image size 112 | 0.5509259259259259 | ||
RT_BITMAP | 0x13b9d04 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | 0.5 | ||
RT_BITMAP | 0x13b9de4 | 0xd8 | Device independent bitmap graphic, 14 x 14 x 4, image size 112 | 0.4074074074074074 | ||
RT_BITMAP | 0x13b9ebc | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | 0.4870689655172414 | ||
RT_BITMAP | 0x13b9fa4 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | 0.4895833333333333 | ||
RT_BITMAP | 0x13ba064 | 0x54 | Device independent bitmap graphic, 5 x 9 x 1, image size 36 | English | United States | 0.5714285714285714 |
RT_BITMAP | 0x13ba0b8 | 0xdc | Device independent bitmap graphic, 19 x 3 x 24, image size 180 | English | United States | 0.2681818181818182 |
RT_BITMAP | 0x13ba194 | 0xdc | Device independent bitmap graphic, 19 x 3 x 24, image size 180 | English | United States | 0.2681818181818182 |
RT_BITMAP | 0x13ba270 | 0xdc | Device independent bitmap graphic, 19 x 3 x 24, image size 180 | English | United States | 0.2681818181818182 |
RT_BITMAP | 0x13ba34c | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | English | United States | 0.3017241379310345 |
RT_BITMAP | 0x13ba434 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | German | Germany | 0.3010204081632653 |
RT_BITMAP | 0x13ba5bc | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | German | Germany | 0.38010204081632654 |
RT_BITMAP | 0x13ba744 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | German | Germany | 0.3647959183673469 |
RT_BITMAP | 0x13ba8cc | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | 0.3794642857142857 | ||
RT_BITMAP | 0x13ba9ac | 0x1cc | Device independent bitmap graphic, 3 x 35 x 24, image size 420 | English | United States | 0.11956521739130435 |
RT_BITMAP | 0x13bab78 | 0xce8 | Device independent bitmap graphic, 400 x 16 x 4, image size 3200 | 0.1089588377723971 | ||
RT_BITMAP | 0x13bb860 | 0xce8 | Device independent bitmap graphic, 400 x 16 x 4, image size 3200 | 0.10714285714285714 | ||
RT_BITMAP | 0x13bc548 | 0xce8 | Device independent bitmap graphic, 400 x 16 x 4, image size 3200 | 0.0950363196125908 | ||
RT_BITMAP | 0x13bd230 | 0x268 | Device independent bitmap graphic, 32 x 32 x 4, image size 512 | 0.21266233766233766 | ||
RT_BITMAP | 0x13bd498 | 0x268 | Device independent bitmap graphic, 32 x 32 x 4, image size 512 | 0.17207792207792208 | ||
RT_BITMAP | 0x13bd700 | 0x268 | Device independent bitmap graphic, 32 x 32 x 4, image size 512 | 0.1672077922077922 | ||
RT_BITMAP | 0x13bd968 | 0xce8 | Device independent bitmap graphic, 400 x 16 x 4, image size 3200 | 0.11955205811138014 | ||
RT_BITMAP | 0x13be650 | 0xce8 | Device independent bitmap graphic, 400 x 16 x 4, image size 3200 | 0.11561743341404358 | ||
RT_BITMAP | 0x13bf338 | 0xd28 | Device independent bitmap graphic, 144 x 16 x 8, image size 2304 | 0.23634204275534443 | ||
RT_BITMAP | 0x13c0060 | 0x4b2a | Device independent bitmap graphic, 400 x 16 x 24, image size 0, resolution 2834 x 2834 px/m | 0.2749194470429269 | ||
RT_BITMAP | 0x13c4b8c | 0x126 | Device independent bitmap graphic, 9 x 9 x 24, image size 0, resolution 2834 x 2834 px/m | 0.5850340136054422 | ||
RT_BITMAP | 0x13c4cb4 | 0x126 | Device independent bitmap graphic, 9 x 9 x 24, image size 0, resolution 2834 x 2834 px/m | 0.5918367346938775 | ||
RT_BITMAP | 0x13c4ddc | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 768, resolution 2834 x 2834 px/m | 0.06188118811881188 | ||
RT_ICON | 0x13c5104 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.524822695035461 |
RT_ICON | 0x13c556c | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.4377049180327869 |
RT_ICON | 0x13c5ef4 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.3562382739212008 |
RT_ICON | 0x13c6f9c | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.2884854771784232 |
RT_ICON | 0x13c9544 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States | 0.23901747756258857 |
RT_ICON | 0x13cd76c | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | English | United States | 0.19912760142947236 |
RT_ICON | 0x13d6c14 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | United States | 0.1601206672187389 |
RT_ICON | 0x13e743c | 0x6594 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9916166743577911 |
RT_DIALOG | 0x13ed9d0 | 0x52 | data | 0.7682926829268293 | ||
RT_STRING | 0x13eda24 | 0x764 | data | 0.3192389006342495 | ||
RT_STRING | 0x13ee188 | 0x8f0 | data | 0.27972027972027974 | ||
RT_STRING | 0x13eea78 | 0x520 | data | 0.34375 | ||
RT_STRING | 0x13eef98 | 0x3e0 | data | 0.3629032258064516 | ||
RT_STRING | 0x13ef378 | 0x5c0 | data | 0.3845108695652174 | ||
RT_STRING | 0x13ef938 | 0x210 | data | 0.4015151515151515 | ||
RT_STRING | 0x13efb48 | 0x2c0 | data | 0.3877840909090909 | ||
RT_STRING | 0x13efe08 | 0x344 | data | 0.4461722488038278 | ||
RT_STRING | 0x13f014c | 0x460 | data | 0.41517857142857145 | ||
RT_STRING | 0x13f05ac | 0x2ac | data | 0.4137426900584795 | ||
RT_STRING | 0x13f0858 | 0x360 | data | 0.4131944444444444 | ||
RT_STRING | 0x13f0bb8 | 0x4c0 | data | 0.3125 | ||
RT_STRING | 0x13f1078 | 0x510 | data | 0.2708333333333333 | ||
RT_STRING | 0x13f1588 | 0x400 | data | 0.36328125 | ||
RT_STRING | 0x13f1988 | 0x1d4 | data | 0.3952991452991453 | ||
RT_STRING | 0x13f1b5c | 0x180 | data | 0.5130208333333334 | ||
RT_STRING | 0x13f1cdc | 0x1e8 | data | 0.5061475409836066 | ||
RT_STRING | 0x13f1ec4 | 0x3d8 | data | 0.41565040650406504 | ||
RT_STRING | 0x13f229c | 0x1d4 | data | 0.5256410256410257 | ||
RT_STRING | 0x13f2470 | 0xe8 | data | 0.5905172413793104 | ||
RT_STRING | 0x13f2558 | 0x1cc | data | 0.49130434782608695 | ||
RT_STRING | 0x13f2724 | 0x27c | data | 0.46855345911949686 | ||
RT_STRING | 0x13f29a0 | 0x490 | data | 0.3792808219178082 | ||
RT_STRING | 0x13f2e30 | 0x388 | data | 0.39048672566371684 | ||
RT_STRING | 0x13f31b8 | 0x3bc | data | 0.3817991631799163 | ||
RT_STRING | 0x13f3574 | 0x3b8 | data | 0.33718487394957986 | ||
RT_STRING | 0x13f392c | 0x460 | data | 0.3669642857142857 | ||
RT_STRING | 0x13f3d8c | 0x190 | data | 0.475 | ||
RT_STRING | 0x13f3f1c | 0xec | data | 0.5508474576271186 | ||
RT_STRING | 0x13f4008 | 0x20c | data | 0.5 | ||
RT_STRING | 0x13f4214 | 0x454 | data | 0.3231046931407942 | ||
RT_STRING | 0x13f4668 | 0x3a0 | data | 0.3728448275862069 | ||
RT_STRING | 0x13f4a08 | 0x2fc | data | 0.36387434554973824 | ||
RT_STRING | 0x13f4d04 | 0x368 | data | 0.30160550458715596 | ||
RT_RCDATA | 0x13f506c | 0x10 | data | 1.5 | ||
RT_RCDATA | 0x13f507c | 0x1488 | data | 0.5551750380517504 | ||
RT_RCDATA | 0x13f6504 | 0x4cd | Delphi compiled form 'TEmbedForm' | 0.5467860048820179 | ||
RT_RCDATA | 0x13f69d4 | 0x24cdca | Delphi compiled form 'TForm1' | 0.1662740707397461 | ||
RT_RCDATA | 0x16437a0 | 0x887ca | Delphi compiled form 'TForm2' | 0.1582774349342635 | ||
RT_RCDATA | 0x16cbf6c | 0xc2a2d | Delphi compiled form 'TForm21' | 0.14434372056209696 | ||
RT_RCDATA | 0x178e99c | 0xb61 | Delphi compiled form 'TForm27' | 0.544799176107106 | ||
RT_RCDATA | 0x178f500 | 0x6dc | Delphi compiled form 'TForm28' | 0.3582004555808656 | ||
RT_RCDATA | 0x178fbdc | 0x1e29 | Delphi compiled form 'TForm3' | 0.14557699779821268 | ||
RT_RCDATA | 0x1791a08 | 0x411c58 | Delphi compiled form 'TForm4' | 0.16619396209716797 | ||
RT_RCDATA | 0x1ba3660 | 0x3827 | Delphi compiled form 'TForm5' | 0.8648347826086956 | ||
RT_RCDATA | 0x1ba6e88 | 0x1b2b | Delphi compiled form 'TForm50' | 0.8369518332135154 | ||
RT_RCDATA | 0x1ba89b4 | 0xb0f | Delphi compiled form 'TForm500' | 0.5969622041681385 | ||
RT_RCDATA | 0x1ba94c4 | 0x7a3 | Delphi compiled form 'TForm6' | 0.4030690537084399 | ||
RT_RCDATA | 0x1ba9c68 | 0xbe6 | Delphi compiled form 'TForm61' | 0.37458962573867366 | ||
RT_RCDATA | 0x1baa850 | 0x2240c | Delphi compiled form 'TForm7' | 0.07957947255880257 | ||
RT_RCDATA | 0x1bccc5c | 0x317b | Delphi compiled form 'TForm8' | 0.6460882608352412 | ||
RT_RCDATA | 0x1bcfdd8 | 0x5a97 | Delphi compiled form 'TFrame1' | 0.17493855374929929 | ||
RT_RCDATA | 0x1bd5870 | 0x39586 | Delphi compiled form 'TFrame8' | 0.2620845857139208 | ||
RT_RCDATA | 0x1c0edf8 | 0x494 | Delphi compiled form 'TLoginDialog' | 0.4931740614334471 | ||
RT_RCDATA | 0x1c0f28c | 0xc07 | Delphi compiled form 'TMadExcept' | 0.47385514777525173 | ||
RT_RCDATA | 0x1c0fe94 | 0x34e | Delphi compiled form 'TMEContactForm' | 0.43498817966903075 | ||
RT_RCDATA | 0x1c101e4 | 0x21b | Delphi compiled form 'TMEContactForm2' | 0.549165120593692 | ||
RT_RCDATA | 0x1c10400 | 0x228 | Delphi compiled form 'TMEDetailsForm' | 0.5416666666666666 | ||
RT_RCDATA | 0x1c10628 | 0x2a3 | Delphi compiled form 'TMEScrShotForm' | 0.5333333333333333 | ||
RT_RCDATA | 0x1c108cc | 0x3c4 | Delphi compiled form 'TPasswordDialog' | 0.4678423236514523 | ||
RT_GROUP_CURSOR | 0x1c10c90 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1c10ca4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1c10cb8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1c10ccc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1c10ce0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1c10cf4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1c10d08 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1c10d1c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1c10d30 | 0x14 | data | 1.4 | ||
RT_GROUP_CURSOR | 0x1c10d44 | 0x14 | data | 1.4 | ||
RT_GROUP_CURSOR | 0x1c10d58 | 0x14 | data | 1.4 | ||
RT_GROUP_CURSOR | 0x1c10d6c | 0x14 | data | 1.4 | ||
RT_GROUP_CURSOR | 0x1c10d80 | 0x14 | data | 1.4 | ||
RT_GROUP_CURSOR | 0x1c10d94 | 0x14 | data | 1.4 | ||
RT_GROUP_CURSOR | 0x1c10da8 | 0x14 | data | 1.4 | ||
RT_GROUP_CURSOR | 0x1c10dbc | 0x14 | data | 1.4 | ||
RT_GROUP_CURSOR | 0x1c10dd0 | 0x14 | data | 1.4 | ||
RT_GROUP_CURSOR | 0x1c10de4 | 0x14 | data | 1.4 | ||
RT_GROUP_CURSOR | 0x1c10df8 | 0x14 | data | 1.4 | ||
RT_GROUP_CURSOR | 0x1c10e0c | 0x14 | data | 1.4 | ||
RT_GROUP_CURSOR | 0x1c10e20 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.25 | ||
RT_GROUP_CURSOR | 0x1c10e34 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x1c10e48 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.25 | ||
RT_GROUP_CURSOR | 0x1c10e5c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x1c10e70 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x1c10e84 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x1c10e98 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x1c10eac | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_ICON | 0x1c10ec0 | 0x76 | data | English | United States | 0.7372881355932204 |
RT_VERSION | 0x1c10f38 | 0x304 | data | French | France | 0.4533678756476684 |
RT_MANIFEST | 0x1c1123c | 0x9fd | XML 1.0 document, ASCII text, with CRLF line terminators | 0.3793508017207665 |
DLL | Import |
---|---|
kernel32.dll | LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, HeapFree, HeapReAlloc, HeapAlloc, GetProcessHeap, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle |
user32.dll | LoadStringA, MessageBoxA, CharNextA |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
kernel32.dll | TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA |
advapi32.dll | SetSecurityDescriptorDacl, RegSetValueExW, RegSetValueExA, RegQueryValueExW, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExW, RegOpenKeyExA, RegFlushKey, RegEnumValueA, RegEnumKeyA, RegEnumKeyExA, RegDeleteValueW, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExW, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, LookupPrivilegeNameA, LookupPrivilegeDisplayNameA, LookupAccountSidA, LookupAccountNameA, IsValidSid, InitializeSecurityDescriptor, InitializeAcl, GetUserNameW, GetUserNameA, GetTokenInformation, GetSecurityDescriptorControl, GetLengthSid, GetAclInformation, GetAce, FreeSid, EqualSid, DeleteAce, AllocateAndInitializeSid, AdjustTokenPrivileges, AddAce, AddAccessAllowedAce |
kernel32.dll | lstrlenW, lstrlenA, lstrcpyA, lstrcmpiW, lstrcmpW, lstrcmpA, WriteProcessMemory, WritePrivateProfileStringA, WriteFile, WinExec, WideCharToMultiByte, WaitNamedPipeA, WaitForSingleObject, WaitForMultipleObjectsEx, WaitForMultipleObjects, VirtualQueryEx, VirtualQuery, VirtualProtectEx, VirtualProtect, VirtualFree, VirtualAlloc, VerLanguageNameA, UnmapViewOfFile, TryEnterCriticalSection, TerminateThread, TerminateProcess, SystemTimeToTzSpecificLocalTime, SystemTimeToFileTime, SuspendThread, Sleep, SizeofResource, SetUnhandledExceptionFilter, SetThreadPriority, SetThreadLocale, SetThreadContext, SetThreadAffinityMask, SetPriorityClass, SetNamedPipeHandleState, SetLastError, SetFileTime, SetFilePointer, SetFileAttributesW, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, SetCurrentDirectoryA, SearchPathA, ResumeThread, ResetEvent, RemoveDirectoryW, RemoveDirectoryA, ReleaseMutex, ReadProcessMemory, ReadFile, RaiseException, QueryPerformanceFrequency, QueryPerformanceCounter, QueryDosDeviceA, PulseEvent, PeekNamedPipe, OutputDebugStringA, OpenProcess, OpenFileMappingA, OpenEventA, MultiByteToWideChar, MulDiv, MoveFileExA, MoveFileW, MoveFileA, MapViewOfFile, LockResource, LocalSize, LocalFree, LocalFileTimeToFileTime, LocalAlloc, LoadResource, LoadLibraryExA, LoadLibraryW, LoadLibraryA, LeaveCriticalSection, IsValidLocale, IsBadReadPtr, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalReAlloc, GlobalMemoryStatus, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVolumeInformationW, GetVolumeInformationA, GetVersionExW, GetVersionExA, GetVersion, GetUserDefaultLangID, GetUserDefaultLCID, GetTimeZoneInformation, GetTickCount, GetThreadPriority, GetThreadLocale, GetThreadContext, GetTempPathW, GetTempPathA, GetSystemTimeAsFileTime, GetSystemTime, GetSystemInfo, GetSystemDirectoryW, GetSystemDirectoryA, GetSystemDefaultLangID, GetSystemDefaultLCID, GetStringTypeExW, GetStringTypeExA, GetStdHandle, GetStartupInfoA, GetShortPathNameA, GetProcessWorkingSetSize, GetProcessVersion, GetProcessTimes, GetProcessAffinityMask, GetProcAddress, GetPrivateProfileStringA, GetPriorityClass, GetModuleHandleW, GetModuleHandleA, GetModuleFileNameW, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoW, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameW, GetFullPathNameA, GetFileTime, GetFileSize, GetFileAttributesExW, GetFileAttributesExA, GetFileAttributesW, GetFileAttributesA, GetExitCodeThread, GetExitCodeProcess, GetEnvironmentVariableA, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCurrentDirectoryW, GetCurrentDirectoryA, GetComputerNameW, GetComputerNameA, GetCommandLineW, GetCommandLineA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageW, FormatMessageA, FlushViewOfFile, FlushInstructionCache, FlushFileBuffers, FindResourceW, FindResourceA, FindNextFileW, FindNextFileA, FindNextChangeNotification, FindFirstFileW, FindFirstFileA, FindFirstChangeNotificationA, FindCloseChangeNotification, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, ExpandEnvironmentStringsW, ExpandEnvironmentStringsA, ExitThread, ExitProcess, EnumCalendarInfoA, EnterCriticalSection, DuplicateHandle, DosDateTimeToFileTime, DisconnectNamedPipe, DeviceIoControl, DeleteFileW, DeleteFileA, DeleteCriticalSection, DebugBreak, CreateThread, CreateSemaphoreA, CreateRemoteThread, CreateProcessW, CreateProcessA, CreatePipe, CreateNamedPipeA, CreateMutexA, CreateFileMappingW, CreateFileMappingA, CreateFileW, CreateFileA, CreateEventA, CreateDirectoryW, CreateDirectoryA, CopyFileW, CopyFileA, ConnectNamedPipe, CompareStringW, CompareStringA, CloseHandle, CallNamedPipeA, Beep |
mpr.dll | WNetOpenEnumA, WNetGetUniversalNameA, WNetGetConnectionA, WNetEnumResourceA, WNetCloseEnum |
version.dll | VerQueryValueW, VerQueryValueA, GetFileVersionInfoSizeW, GetFileVersionInfoSizeA, GetFileVersionInfoW, GetFileVersionInfoA |
gdi32.dll | UnrealizeObject, TextOutW, TextOutA, StretchDIBits, StretchBlt, StartPage, StartDocW, StartDocA, SetWindowOrgEx, SetWindowExtEx, SetWinMetaFileBits, SetViewportOrgEx, SetViewportExtEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetPaletteEntries, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, ResizePalette, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PolyPolyline, PlayEnhMetaFile, PatBlt, OffsetWindowOrgEx, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetViewportOrgEx, GetTextMetricsA, GetTextFaceA, GetTextExtentPointW, GetTextExtentPointA, GetTextExtentPoint32W, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetNearestPaletteIndex, GetNearestColor, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExtTextOutW, ExtTextOutA, ExtCreatePen, ExcludeClipRect, EndPage, EndDoc, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRoundRectRgn, CreateRectRgnIndirect, CreateRectRgn, CreatePolygonRgn, CreatePenIndirect, CreatePen, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateFontA, CreateEnhMetaFileA, CreateEllipticRgn, CreateDIBitmap, CreateDIBSection, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, CloseEnhMetaFile, BitBlt |
user32.dll | CreateWindowExW, CreateWindowExA, wvsprintfA, WindowFromPoint, WinHelpA, WaitMessage, WaitForInputIdle, ValidateRect, UpdateWindow, UnregisterClassW, UnregisterClassA, UnionRect, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowRgn, SetWindowsHookExW, SetWindowsHookExA, SetWindowTextW, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRectEmpty, SetRect, SetPropA, SetParent, SetMenuItemInfoW, SetMenuItemInfoA, SetMenu, SetKeyboardState, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageTimeoutA, SendMessageCallbackA, SendMessageW, SendMessageA, ScrollWindowEx, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterDeviceNotificationA, RegisterClipboardFormatA, RegisterClassExA, RegisterClassW, RegisterClassA, RedrawWindow, PtInRect, PostThreadMessageA, PostQuitMessage, PostMessageW, PostMessageA, PeekMessageW, PeekMessageA, OpenClipboard, OffsetRect, OemToCharW, OemToCharBuffA, OemToCharA, MsgWaitForMultipleObjects, MessageBoxW, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyW, MapVirtualKeyA, LoadStringW, LoadStringA, LoadKeyboardLayoutA, LoadImageW, LoadImageA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsClipboardFormatAvailable, IsChild, IsCharAlphaNumericA, IsCharAlphaA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextLengthW, GetWindowTextW, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMessageW, GetMessageA, GetMenuStringW, GetMenuStringA, GetMenuState, GetMenuItemInfoW, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDoubleClickTime, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameW, GetClassNameA, GetClassLongA, GetClassInfoW, GetClassInfoA, GetCaretPos, GetCapture, GetActiveWindow, FrameRect, FindWindowExA, FindWindowA, FillRect, ExitWindowsEx, EqualRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExW, DrawTextExA, DrawTextW, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DrawAnimatedRects, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DestroyCaret, DeleteMenu, DefWindowProcW, DefWindowProcA, DefMDIChildProcW, DefMDIChildProcA, DefFrameProcW, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateMDIWindowW, CreateIcon, CloseClipboard, ClientToScreen, ChildWindowFromPointEx, ChildWindowFromPoint, CheckMenuItem, CharUpperBuffW, CharUpperW, CharLowerBuffW, CharLowerW, CallWindowProcW, CallWindowProcA, CallNextHookEx, BringWindowToTop, BeginPaint, AttachThreadInput, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharUpperA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout |
ole32.dll | CLSIDFromString, CoTaskMemFree, StringFromCLSID |
kernel32.dll | Sleep |
oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit |
ole32.dll | CreateStreamOnHGlobal, IsAccelerator, OleDraw, OleSetMenuDescriptor, OleUninitialize, OleInitialize, CoTaskMemFree, CoTaskMemAlloc, CoCreateGuid, CLSIDFromProgID, ProgIDFromCLSID, CLSIDFromString, StringFromCLSID, CoCreateInstance, CoSetProxyBlanket, CoInitializeSecurity, CoGetClassObject, CoGetMalloc, CoUninitialize, CoInitializeEx, CoInitialize, IsEqualGUID |
oleaut32.dll | CreateErrorInfo, GetErrorInfo, SetErrorInfo, GetActiveObject, SysStringLen, SysFreeString |
comctl32.dll | ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls |
shell32.dll | Shell_NotifyIconW, Shell_NotifyIconA, ShellExecuteExW, ShellExecuteExA, ShellExecuteA, SHGetFileInfoA, SHAppBarMessage |
wininet.dll | InternetQueryOptionA, FindNextUrlCacheEntryA, FindFirstUrlCacheEntryA, FindCloseUrlCache, DeleteUrlCacheEntry |
shell32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder, SHChangeNotify, SHBrowseForFolderA |
comdlg32.dll | PrintDlgA, GetSaveFileNameW, GetSaveFileNameA, GetOpenFileNameW, GetOpenFileNameA |
kernel32.dll | MulDiv |
wsock32.dll | WSACleanup, WSAStartup, WSAGetLastError, gethostbyname, socket, setsockopt, sendto, send, select, recvfrom, recv, ioctlsocket, inet_addr, htons, connect, closesocket, bind |
shell32.dll | SHGetPathFromIDListA, SHGetSpecialFolderLocation, SHGetMalloc |
kernel32.dll | RtlUnwind |
SHFolder.dll | SHGetFolderPathA |
advapi32.dll | StartServiceA, QueryServiceStatus, OpenServiceA, OpenSCManagerA, EnumServicesStatusA, ControlService, CloseServiceHandle, ChangeServiceConfigA |
winmm.dll | timeEndPeriod, mciSendCommandA, mciGetErrorStringA |
comctl32.dll | InitCommonControls |
user32.dll | DdeCmpStringHandles, DdeFreeStringHandle, DdeQueryStringA, DdeCreateStringHandleA, DdeGetLastError, DdeFreeDataHandle, DdeUnaccessData, DdeAccessData, DdeCreateDataHandle, DdeClientTransaction, DdeNameService, DdePostAdvise, DdeSetUserHandle, DdeQueryConvInfo, DdeDisconnect, DdeConnect, DdeUninitialize, DdeInitializeA |
ole32.dll | GetHGlobalFromStream, CreateStreamOnHGlobal |
comctl32.dll | ImageList_Write |
kernel32.dll | GetVersionExA |
ADVAPI32.DLL | GetNamedSecurityInfoA |
kernel32.dll | GetVolumeNameForVolumeMountPointA |
PowrProf.dll | SetSuspendState |
kernel32.dll | SetFilePointerEx, GetFileSizeEx |
advapi32.dll | GetNamedSecurityInfoW, SetNamedSecurityInfoW |
kernel32.dll | SetFileValidData |
ole32.dll | StgOpenStorageEx, StgCreateStorageEx |
shell32.dll | SHUpdateRecycleBinIcon, ILCombine, SHCreateShellItem |
kernel32.dll | SetThreadExecutionState, TzSpecificLocalTimeToSystemTime |
ntdll.dll | NtSetInformationKey, NtClose, NtCreateFile, RtlInitUnicodeString, RtlCompressBuffer, RtlGetCompressionWorkSpaceSize |
ADVAPI32.DLL | ConvertSidToStringSidA |
psapi.dll | EmptyWorkingSet |
msi.dll | MsiQueryProductStateA |
kernel32.dll | GlobalMemoryStatusEx |
Name | Ordinal | Address |
---|---|---|
madTraceProcess | 1 | 0x525f60 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
German | Germany | |
French | France |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 31, 2024 11:27:18.423257113 CEST | 49714 | 443 | 192.168.2.6 | 94.23.156.117 |
Aug 31, 2024 11:27:18.423295975 CEST | 443 | 49714 | 94.23.156.117 | 192.168.2.6 |
Aug 31, 2024 11:27:18.423372984 CEST | 49714 | 443 | 192.168.2.6 | 94.23.156.117 |
Aug 31, 2024 11:27:18.428704023 CEST | 49714 | 443 | 192.168.2.6 | 94.23.156.117 |
Aug 31, 2024 11:27:18.428719997 CEST | 443 | 49714 | 94.23.156.117 | 192.168.2.6 |
Aug 31, 2024 11:27:19.060359001 CEST | 443 | 49714 | 94.23.156.117 | 192.168.2.6 |
Aug 31, 2024 11:27:19.060551882 CEST | 49714 | 443 | 192.168.2.6 | 94.23.156.117 |
Aug 31, 2024 11:27:19.062761068 CEST | 49714 | 443 | 192.168.2.6 | 94.23.156.117 |
Aug 31, 2024 11:27:19.062768936 CEST | 443 | 49714 | 94.23.156.117 | 192.168.2.6 |
Aug 31, 2024 11:27:19.062994957 CEST | 443 | 49714 | 94.23.156.117 | 192.168.2.6 |
Aug 31, 2024 11:27:19.106410027 CEST | 49714 | 443 | 192.168.2.6 | 94.23.156.117 |
Aug 31, 2024 11:27:19.152506113 CEST | 443 | 49714 | 94.23.156.117 | 192.168.2.6 |
Aug 31, 2024 11:27:19.321569920 CEST | 443 | 49714 | 94.23.156.117 | 192.168.2.6 |
Aug 31, 2024 11:27:19.321628094 CEST | 443 | 49714 | 94.23.156.117 | 192.168.2.6 |
Aug 31, 2024 11:27:19.321799040 CEST | 49714 | 443 | 192.168.2.6 | 94.23.156.117 |
Aug 31, 2024 11:27:19.325292110 CEST | 49714 | 443 | 192.168.2.6 | 94.23.156.117 |
Aug 31, 2024 11:27:19.325309038 CEST | 443 | 49714 | 94.23.156.117 | 192.168.2.6 |
Aug 31, 2024 11:27:19.325321913 CEST | 49714 | 443 | 192.168.2.6 | 94.23.156.117 |
Aug 31, 2024 11:27:19.325328112 CEST | 443 | 49714 | 94.23.156.117 | 192.168.2.6 |
Aug 31, 2024 11:27:19.337569952 CEST | 49715 | 443 | 192.168.2.6 | 94.23.156.117 |
Aug 31, 2024 11:27:19.337604046 CEST | 443 | 49715 | 94.23.156.117 | 192.168.2.6 |
Aug 31, 2024 11:27:19.337677956 CEST | 49715 | 443 | 192.168.2.6 | 94.23.156.117 |
Aug 31, 2024 11:27:19.337968111 CEST | 49715 | 443 | 192.168.2.6 | 94.23.156.117 |
Aug 31, 2024 11:27:19.337984085 CEST | 443 | 49715 | 94.23.156.117 | 192.168.2.6 |
Aug 31, 2024 11:27:20.066592932 CEST | 443 | 49715 | 94.23.156.117 | 192.168.2.6 |
Aug 31, 2024 11:27:20.066679001 CEST | 49715 | 443 | 192.168.2.6 | 94.23.156.117 |
Aug 31, 2024 11:27:20.067738056 CEST | 49715 | 443 | 192.168.2.6 | 94.23.156.117 |
Aug 31, 2024 11:27:20.067749977 CEST | 443 | 49715 | 94.23.156.117 | 192.168.2.6 |
Aug 31, 2024 11:27:20.067992926 CEST | 443 | 49715 | 94.23.156.117 | 192.168.2.6 |
Aug 31, 2024 11:27:20.069621086 CEST | 49715 | 443 | 192.168.2.6 | 94.23.156.117 |
Aug 31, 2024 11:27:20.116493940 CEST | 443 | 49715 | 94.23.156.117 | 192.168.2.6 |
Aug 31, 2024 11:27:20.339138985 CEST | 443 | 49715 | 94.23.156.117 | 192.168.2.6 |
Aug 31, 2024 11:27:20.339205027 CEST | 443 | 49715 | 94.23.156.117 | 192.168.2.6 |
Aug 31, 2024 11:27:20.339266062 CEST | 49715 | 443 | 192.168.2.6 | 94.23.156.117 |
Aug 31, 2024 11:27:20.378001928 CEST | 49715 | 443 | 192.168.2.6 | 94.23.156.117 |
Aug 31, 2024 11:27:20.378032923 CEST | 443 | 49715 | 94.23.156.117 | 192.168.2.6 |
Aug 31, 2024 11:27:20.378046989 CEST | 49715 | 443 | 192.168.2.6 | 94.23.156.117 |
Aug 31, 2024 11:27:20.378051996 CEST | 443 | 49715 | 94.23.156.117 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 31, 2024 11:27:18.152189970 CEST | 63098 | 53 | 192.168.2.6 | 1.1.1.1 |
Aug 31, 2024 11:27:18.347718954 CEST | 53 | 63098 | 1.1.1.1 | 192.168.2.6 |
Aug 31, 2024 11:27:19.328217983 CEST | 51597 | 53 | 192.168.2.6 | 1.1.1.1 |
Aug 31, 2024 11:27:19.336911917 CEST | 53 | 51597 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Aug 31, 2024 11:27:18.152189970 CEST | 192.168.2.6 | 1.1.1.1 | 0x857c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Aug 31, 2024 11:27:19.328217983 CEST | 192.168.2.6 | 1.1.1.1 | 0x5e39 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Aug 31, 2024 11:27:18.347718954 CEST | 1.1.1.1 | 192.168.2.6 | 0x857c | No error (0) | privazer.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Aug 31, 2024 11:27:18.347718954 CEST | 1.1.1.1 | 192.168.2.6 | 0x857c | No error (0) | 94.23.156.117 | A (IP address) | IN (0x0001) | false | ||
Aug 31, 2024 11:27:19.336911917 CEST | 1.1.1.1 | 192.168.2.6 | 0x5e39 | No error (0) | 94.23.156.117 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49714 | 94.23.156.117 | 443 | 1176 | C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-31 09:27:19 UTC | 198 | OUT | |
2024-08-31 09:27:19 UTC | 237 | IN | |
2024-08-31 09:27:19 UTC | 162 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.6 | 49715 | 94.23.156.117 | 443 | 1176 | C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-31 09:27:20 UTC | 194 | OUT | |
2024-08-31 09:27:20 UTC | 163 | IN | |
2024-08-31 09:27:20 UTC | 196 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 05:27:04 |
Start date: | 31/08/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 29'240'904 bytes |
MD5 hash: | 6EEC575753A25441C6FADE4F961195C4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 0.6% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 13.3% |
Total number of Nodes: | 211 |
Total number of Limit Nodes: | 11 |
Graph
Function 05BFD2EC Relevance: 3.1, APIs: 2, Instructions: 63COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BFD1B4 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BFDE88 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BFCDD8 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05CBB8EC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59registryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF9718 Relevance: 6.2, APIs: 4, Instructions: 158threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BFD3B8 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BFD4DC Relevance: 3.1, APIs: 2, Instructions: 55libraryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05C03134 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BFC264 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05CBB754 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF4FE0 Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BFCBE8 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05CAAE54 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BFC78C Relevance: 4.6, APIs: 3, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05CB908C Relevance: 3.1, APIs: 2, Instructions: 61COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05C12E28 Relevance: 3.0, APIs: 2, Instructions: 23fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05C1310C Relevance: 1.5, APIs: 1, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05C16DE4 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05C1A510 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05C16E30 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05C1A328 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BFDE9C Relevance: 1.5, APIs: 1, Instructions: 15COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05C15288 Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05C3080C Relevance: .5, Instructions: 500COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05CA6ED8 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05CA71B8 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05CB174C Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05CB1890 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05CA85C8 Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05CA83B8 Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05CA84D8 Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05CA82C8 Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BFB96C Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF7C38 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF714C Relevance: 19.7, APIs: 13, Instructions: 189COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05C0318C Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61windowregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05C17660 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 175threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05C16E5C Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 219threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BFEFA4 Relevance: 13.8, APIs: 9, Instructions: 258COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF8744 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 65libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF99C4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40filewindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF567C Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05C2E8C4 Relevance: 12.1, APIs: 8, Instructions: 95synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF5874 Relevance: 10.9, APIs: 7, Instructions: 407COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF52F8 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05C2DEF8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05C28A58 Relevance: 7.8, APIs: 5, Instructions: 332COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05C2DFCC Relevance: 7.6, APIs: 5, Instructions: 86windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05C12E68 Relevance: 7.6, APIs: 5, Instructions: 63COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05C12F00 Relevance: 7.5, APIs: 5, Instructions: 41fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05C15640 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78threadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BFC988 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF60E4 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 285windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|