Windows Analysis Report
msimg32.dll

Overview

General Information

Sample name: msimg32.dll
Analysis ID: 1538457
MD5: b4f2a28b37eaccd3127d0cb4c4fa990f
SHA1: ebcb32378d1d9795bef11632d83937eb416b6c9b
SHA256: 0c53f398b982342ad9d336bf2a6bfc0d93e5687d1814f3bf761832795df69cd2
Infos:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to simulate mouse events
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: msimg32.dll Virustotal: Detection: 9% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 92.7% probability
Uses 32bit PE files
Source: msimg32.dll Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, 32BIT_MACHINE, DLL
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6468724C __PHYSFS_platformEnumerateFiles,__PHYSFS_initSmallAlloc,__PHYSFS_initSmallAlloc,PHYSFS_utf8ToUcs2,__PHYSFS_initSmallAlloc,WideCharToMultiByte,FindFirstFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,__PHYSFS_smallFree,FindNextFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,PHYSFS_utf8FromUcs2,FindClose,FindNextFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,__PHYSFS_setError, 0_2_6468724C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_6468724C __PHYSFS_platformEnumerateFiles,__PHYSFS_initSmallAlloc,__PHYSFS_initSmallAlloc,PHYSFS_utf8ToUcs2,__PHYSFS_initSmallAlloc,WideCharToMultiByte,FindFirstFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,__PHYSFS_smallFree,FindNextFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,PHYSFS_utf8FromUcs2,FindClose,FindNextFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,__PHYSFS_setError, 4_2_6468724C
Source: msimg32.dll String found in binary or memory: http://icculus.org/physfs/
Source: loaddll32.exe, 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.1815870196.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000005.00000002.1817751739.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000006.00000002.1830346417.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000007.00000002.1831068963.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, msimg32.dll String found in binary or memory: http://icculus.org/physfs/4
Source: loaddll32.exe, 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.1815870196.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000005.00000002.1817751739.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000006.00000002.1830346417.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000007.00000002.1831068963.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, msimg32.dll String found in binary or memory: http://icculus.org/physfs/T
Source: msimg32.dll String found in binary or memory: http://icculus.org/physfs/t
Source: msimg32.dll String found in binary or memory: http://www.3dmm2.com/doom/
Creates a DirectInput object (often for capturing keystrokes)
Source: loaddll32.exe Binary or memory string: DirectInput8Create
Installs a raw input device (often for capturing keystrokes)
Source: loaddll32.exe Binary or memory string: GetRawInputData
Contains functionality to call native functions
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_647108CC bitreader_read_from_client_,ntohl,ntohl, 4_2_647108CC
Detected potential crypto function
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DCC48 0_2_645DCC48
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D7A37 0_2_645D7A37
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D5455 0_2_645D5455
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6473347C 0_2_6473347C
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DA479 0_2_645DA479
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6467E454 0_2_6467E454
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D540F 0_2_645D540F
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DB4D7 0_2_645DB4D7
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D44C0 0_2_645D44C0
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DA4C0 0_2_645DA4C0
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D24C3 0_2_645D24C3
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DB498 0_2_645DB498
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E0492 0_2_645E0492
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D2483 0_2_645D2483
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D44B8 0_2_645D44B8
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D54BB 0_2_645D54BB
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D5544 0_2_645D5544
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DC579 0_2_645DC579
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DC505 0_2_645DC505
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D5538 0_2_645D5538
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DA532 0_2_645DA532
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DC528 0_2_645DC528
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D45D8 0_2_645D45D8
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E45D1 0_2_645E45D1
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DD5CC 0_2_645DD5CC
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D5584 0_2_645D5584
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DD5B7 0_2_645DD5B7
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D95B1 0_2_645D95B1
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E4621 0_2_645E4621
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_646746E0 0_2_646746E0
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_646736E8 0_2_646736E8
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D46E4 0_2_645D46E4
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_646F66A8 0_2_646F66A8
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DC695 0_2_645DC695
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6467A680 0_2_6467A680
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DD759 0_2_645DD759
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D4754 0_2_645D4754
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DD74C 0_2_645DD74C
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DA743 0_2_645DA743
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DC773 0_2_645DC773
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DD76A 0_2_645DD76A
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DA7F0 0_2_645DA7F0
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DC7E1 0_2_645DC7E1
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_647197CC 0_2_647197CC
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DD794 0_2_645DD794
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DA791 0_2_645DA791
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DD7B7 0_2_645DD7B7
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DD04B 0_2_645DD04B
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DD07D 0_2_645DD07D
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E0074 0_2_645E0074
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E0065 0_2_645E0065
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D6018 0_2_645D6018
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DB005 0_2_645DB005
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D20D0 0_2_645D20D0
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DB0F9 0_2_645DB0F9
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D40E4 0_2_645D40E4
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_646590B0 0_2_646590B0
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E5087 0_2_645E5087
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DD0B9 0_2_645DD0B9
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DC0B5 0_2_645DC0B5
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DD0A2 0_2_645DD0A2
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DC147 0_2_645DC147
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E017F 0_2_645E017F
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E017A 0_2_645E017A
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DB173 0_2_645DB173
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D0164 0_2_645D0164
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DB12B 0_2_645DB12B
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645EB1D6 0_2_645EB1D6
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D21D7 0_2_645D21D7
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DD1CC 0_2_645DD1CC
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E51C4 0_2_645E51C4
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D21E0 0_2_645D21E0
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645EC195 0_2_645EC195
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D2246 0_2_645D2246
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D2271 0_2_645D2271
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DC217 0_2_645DC217
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D420C 0_2_645D420C
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D4204 0_2_645D4204
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DB220 0_2_645DB220
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D5222 0_2_645D5222
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DB2DD 0_2_645DB2DD
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D22DA 0_2_645D22DA
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D42D4 0_2_645D42D4
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D52FA 0_2_645D52FA
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DA2F2 0_2_645DA2F2
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DF2EA 0_2_645DF2EA
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_646032D8 0_2_646032D8
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DC295 0_2_645DC295
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DA296 0_2_645DA296
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DB286 0_2_645DB286
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DB2B8 0_2_645DB2B8
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DD2BB 0_2_645DD2BB
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D42B4 0_2_645D42B4
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E02B4 0_2_645E02B4
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E52A8 0_2_645E52A8
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E42A1 0_2_645E42A1
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E034F 0_2_645E034F
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D234F 0_2_645D234F
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645EC377 0_2_645EC377
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6468D35C 0_2_6468D35C
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E036B 0_2_645E036B
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D2365 0_2_645D2365
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D4318 0_2_645D4318
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DA32B 0_2_645DA32B
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D93CF 0_2_645D93CF
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D23C0 0_2_645D23C0
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D5390 0_2_645D5390
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D2386 0_2_645D2386
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D43B4 0_2_645D43B4
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D53B7 0_2_645D53B7
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D43AC 0_2_645D43AC
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D43A4 0_2_645D43A4
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_64677C74 0_2_64677C74
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DAC46 0_2_645DAC46
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D6C6A 0_2_645D6C6A
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D8C1C 0_2_645D8C1C
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E3C37 0_2_645E3C37
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DACC2 0_2_645DACC2
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_64626CC8 0_2_64626CC8
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D6C99 0_2_645D6C99
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D4CA4 0_2_645D4CA4
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DCD5C 0_2_645DCD5C
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DCD4C 0_2_645DCD4C
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E0D76 0_2_645E0D76
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DCD74 0_2_645DCD74
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DAD1D 0_2_645DAD1D
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DCD37 0_2_645DCD37
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DAE16 0_2_645DAE16
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DAE07 0_2_645DAE07
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D7E38 0_2_645D7E38
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DAEEE 0_2_645DAEEE
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D5EE0 0_2_645D5EE0
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DAEAC 0_2_645DAEAC
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DAF4A 0_2_645DAF4A
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645C8F1C 0_2_645C8F1C
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E0F0D 0_2_645E0F0D
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DCFD5 0_2_645DCFD5
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DAFFC 0_2_645DAFFC
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DCFE0 0_2_645DCFE0
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DAF9A 0_2_645DAF9A
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E1FA9 0_2_645E1FA9
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DD878 0_2_645DD878
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_64674834 0_2_64674834
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D383F 0_2_645D383F
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E082D 0_2_645E082D
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D28DF 0_2_645D28DF
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D28EE 0_2_645D28EE
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DA8E7 0_2_645DA8E7
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E1891 0_2_645E1891
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DD887 0_2_645DD887
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E1880 0_2_645E1880
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D2975 0_2_645D2975
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D296E 0_2_645D296E
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D5965 0_2_645D5965
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DD919 0_2_645DD919
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DD904 0_2_645DD904
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D2907 0_2_645D2907
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DD930 0_2_645DD930
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D3921 0_2_645D3921
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D89CC 0_2_645D89CC
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_646119C0 0_2_646119C0
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_646799C8 0_2_646799C8
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D5993 0_2_645D5993
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D59B5 0_2_645D59B5
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D69AC 0_2_645D69AC
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DA9AF 0_2_645DA9AF
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D6A59 0_2_645D6A59
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D6A4D 0_2_645D6A4D
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DAA48 0_2_645DAA48
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E1A71 0_2_645E1A71
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D6A14 0_2_645D6A14
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D6A08 0_2_645D6A08
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D5A06 0_2_645D5A06
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_64676A14 0_2_64676A14
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DAACD 0_2_645DAACD
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DAAFF 0_2_645DAAFF
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6467CB64 0_2_6467CB64
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D5B41 0_2_645D5B41
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DAB24 0_2_645DAB24
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D8BD8 0_2_645D8BD8
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DCBD8 0_2_645DCBD8
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D2BC8 0_2_645D2BC8
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_647CBBC4 0_2_647CBBC4
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DBBE4 0_2_645DBBE4
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DCB9A 0_2_645DCB9A
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645D3B8C 0_2_645D3B8C
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645DAB80 0_2_645DAB80
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645E0BA8 0_2_645E0BA8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DCC48 4_2_645DCC48
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D7A37 4_2_645D7A37
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DA479 4_2_645DA479
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_6467E454 4_2_6467E454
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_64712400 4_2_64712400
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D44C0 4_2_645D44C0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DA4C0 4_2_645DA4C0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D24C3 4_2_645D24C3
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E0492 4_2_645E0492
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D2483 4_2_645D2483
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D44B8 4_2_645D44B8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DC579 4_2_645DC579
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DC505 4_2_645DC505
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DA532 4_2_645DA532
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DC528 4_2_645DC528
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D45D8 4_2_645D45D8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E45D1 4_2_645E45D1
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E4621 4_2_645E4621
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_646746E0 4_2_646746E0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D46E4 4_2_645D46E4
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_646F66A8 4_2_646F66A8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DC695 4_2_645DC695
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_6467A680 4_2_6467A680
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D4754 4_2_645D4754
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DA743 4_2_645DA743
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DC773 4_2_645DC773
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DA7F0 4_2_645DA7F0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DC7E1 4_2_645DC7E1
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DA791 4_2_645DA791
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E0074 4_2_645E0074
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E0065 4_2_645E0065
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D6018 4_2_645D6018
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D20D0 4_2_645D20D0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_647200C4 4_2_647200C4
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D40E4 4_2_645D40E4
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DC0B5 4_2_645DC0B5
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DC147 4_2_645DC147
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E017F 4_2_645E017F
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E017A 4_2_645E017A
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D0164 4_2_645D0164
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D21D7 4_2_645D21D7
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_647141D8 4_2_647141D8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D21E0 4_2_645D21E0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_6470C1B8 4_2_6470C1B8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D2246 4_2_645D2246
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D2271 4_2_645D2271
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DC217 4_2_645DC217
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D420C 4_2_645D420C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D4204 4_2_645D4204
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D22DA 4_2_645D22DA
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D42D4 4_2_645D42D4
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DA2F2 4_2_645DA2F2
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DC295 4_2_645DC295
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DA296 4_2_645DA296
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D42B4 4_2_645D42B4
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E02B4 4_2_645E02B4
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E42A1 4_2_645E42A1
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E034F 4_2_645E034F
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D234F 4_2_645D234F
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645EC377 4_2_645EC377
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E036B 4_2_645E036B
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D2365 4_2_645D2365
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D4318 4_2_645D4318
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DA32B 4_2_645DA32B
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D23C0 4_2_645D23C0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D2386 4_2_645D2386
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D43B4 4_2_645D43B4
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D43AC 4_2_645D43AC
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D43A4 4_2_645D43A4
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DAC46 4_2_645DAC46
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D6C6A 4_2_645D6C6A
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D8C1C 4_2_645D8C1C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DACC2 4_2_645DACC2
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_64626CC8 4_2_64626CC8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D6C99 4_2_645D6C99
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D4CA4 4_2_645D4CA4
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DCD5C 4_2_645DCD5C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DCD4C 4_2_645DCD4C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E0D76 4_2_645E0D76
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DCD74 4_2_645DCD74
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DAD1D 4_2_645DAD1D
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DCD37 4_2_645DCD37
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DAE16 4_2_645DAE16
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DAE07 4_2_645DAE07
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DAEEE 4_2_645DAEEE
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DAEAC 4_2_645DAEAC
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DAF4A 4_2_645DAF4A
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645C8F1C 4_2_645C8F1C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E0F0D 4_2_645E0F0D
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DCFD5 4_2_645DCFD5
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_64712FD0 4_2_64712FD0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DAFFC 4_2_645DAFFC
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DCFE0 4_2_645DCFE0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DAF9A 4_2_645DAF9A
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_64674834 4_2_64674834
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_6470E824 4_2_6470E824
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E082D 4_2_645E082D
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_64712804 4_2_64712804
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D28DF 4_2_645D28DF
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D28EE 4_2_645D28EE
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DA8E7 4_2_645DA8E7
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D2975 4_2_645D2975
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D296E 4_2_645D296E
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D2907 4_2_645D2907
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_64714900 4_2_64714900
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_647109F8 4_2_647109F8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D89CC 4_2_645D89CC
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D69AC 4_2_645D69AC
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DA9AF 4_2_645DA9AF
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D6A59 4_2_645D6A59
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D6A4D 4_2_645D6A4D
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DAA48 4_2_645DAA48
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D6A14 4_2_645D6A14
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D6A08 4_2_645D6A08
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_64676A14 4_2_64676A14
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DAACD 4_2_645DAACD
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DAAFF 4_2_645DAAFF
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_6467CB64 4_2_6467CB64
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DAB24 4_2_645DAB24
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D8BD8 4_2_645D8BD8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DCBD8 4_2_645DCBD8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D2BC8 4_2_645D2BC8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DCB9A 4_2_645DCB9A
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DAB80 4_2_645DAB80
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E0BA8 4_2_645E0BA8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D5455 4_2_645D5455
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_6473347C 4_2_6473347C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D540F 4_2_645D540F
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DB4D7 4_2_645DB4D7
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_647114E8 4_2_647114E8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DB498 4_2_645DB498
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D54BB 4_2_645D54BB
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D5544 4_2_645D5544
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D5538 4_2_645D5538
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DD5CC 4_2_645DD5CC
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D5584 4_2_645D5584
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DD5B7 4_2_645DD5B7
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D95B1 4_2_645D95B1
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_646736E8 4_2_646736E8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_64721770 4_2_64721770
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DD759 4_2_645DD759
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DD74C 4_2_645DD74C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DD76A 4_2_645DD76A
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_647197CC 4_2_647197CC
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DD794 4_2_645DD794
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DD7B7 4_2_645DD7B7
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DD04B 4_2_645DD04B
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DD07D 4_2_645DD07D
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DB005 4_2_645DB005
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DB0F9 4_2_645DB0F9
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_646590B0 4_2_646590B0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E5087 4_2_645E5087
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DD0B9 4_2_645DD0B9
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DD0A2 4_2_645DD0A2
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DB173 4_2_645DB173
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DB12B 4_2_645DB12B
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645EB1D6 4_2_645EB1D6
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DD1CC 4_2_645DD1CC
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E51C4 4_2_645E51C4
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DB220 4_2_645DB220
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D5222 4_2_645D5222
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DB2DD 4_2_645DB2DD
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D52FA 4_2_645D52FA
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DF2EA 4_2_645DF2EA
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_646032D8 4_2_646032D8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DB286 4_2_645DB286
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DB2B8 4_2_645DB2B8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DD2BB 4_2_645DD2BB
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E52A8 4_2_645E52A8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_6468D35C 4_2_6468D35C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D93CF 4_2_645D93CF
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D5390 4_2_645D5390
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D53B7 4_2_645D53B7
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_64677C74 4_2_64677C74
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E3C37 4_2_645E3C37
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D7E38 4_2_645D7E38
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D5EE0 4_2_645D5EE0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_64715F80 4_2_64715F80
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E1FA9 4_2_645E1FA9
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_64715870 4_2_64715870
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DD878 4_2_645DD878
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D383F 4_2_645D383F
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E1891 4_2_645E1891
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DD887 4_2_645DD887
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E1880 4_2_645E1880
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_64711898 4_2_64711898
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D5965 4_2_645D5965
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DD919 4_2_645DD919
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DD904 4_2_645DD904
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DD930 4_2_645DD930
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D3921 4_2_645D3921
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_6470B9E0 4_2_6470B9E0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_646119C0 4_2_646119C0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_646799C8 4_2_646799C8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D5993 4_2_645D5993
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D59B5 4_2_645D59B5
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645E1A71 4_2_645E1A71
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D5A06 4_2_645D5A06
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D5B41 4_2_645D5B41
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_647CBBC4 4_2_647CBBC4
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645DBBE4 4_2_645DBBE4
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_645D3B8C 4_2_645D3B8C
Found potential string decryption / allocating functions
Source: C:\Windows\System32\loaddll32.exe Code function: String function: 6460BB88 appears 243 times
Source: C:\Windows\System32\loaddll32.exe Code function: String function: 6460370C appears 59 times
Source: C:\Windows\System32\loaddll32.exe Code function: String function: 6460BD60 appears 149 times
Source: C:\Windows\System32\loaddll32.exe Code function: String function: 64603730 appears 125 times
Source: C:\Windows\System32\loaddll32.exe Code function: String function: 645C478C appears 51 times
Source: C:\Windows\System32\loaddll32.exe Code function: String function: 646808C4 appears 107 times
Source: C:\Windows\System32\loaddll32.exe Code function: String function: 647672B0 appears 1948 times
Source: C:\Windows\System32\loaddll32.exe Code function: String function: 645E6AD4 appears 252 times
Source: C:\Windows\SysWOW64\rundll32.exe Code function: String function: 6460BB88 appears 243 times
Source: C:\Windows\SysWOW64\rundll32.exe Code function: String function: 6460370C appears 59 times
Source: C:\Windows\SysWOW64\rundll32.exe Code function: String function: 6460BD60 appears 149 times
Source: C:\Windows\SysWOW64\rundll32.exe Code function: String function: 64603730 appears 125 times
Source: C:\Windows\SysWOW64\rundll32.exe Code function: String function: 645C478C appears 51 times
Source: C:\Windows\SysWOW64\rundll32.exe Code function: String function: 646808C4 appears 107 times
Source: C:\Windows\SysWOW64\rundll32.exe Code function: String function: 647672B0 appears 1948 times
Source: C:\Windows\SysWOW64\rundll32.exe Code function: String function: 645E6AD4 appears 252 times
PE file contains more sections than normal
Source: msimg32.dll Static PE information: Number of sections : 20 > 10
Uses 32bit PE files
Source: msimg32.dll Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, 32BIT_MACHINE, DLL
Source: classification engine Classification label: mal52.winDLL@12/0@0/0
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7832:120:WilError_03
Source: msimg32.dll Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\loaddll32.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\msimg32.dll,AlphaBlend
Source: msimg32.dll Virustotal: Detection: 9%
Source: unknown Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\msimg32.dll"
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\msimg32.dll",#1
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\msimg32.dll,AlphaBlend
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\msimg32.dll",#1
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\msimg32.dll,AppendCaptureDeviceList
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\msimg32.dll,AppendDeviceList
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\msimg32.dll",#1 Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\msimg32.dll,AlphaBlend Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\msimg32.dll,AppendCaptureDeviceList Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\msimg32.dll,AppendDeviceList Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\msimg32.dll",#1 Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: opengl32.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: glu32.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: msimg32.dll Static PE information: More than 4564 > 100 exports found
Source: msimg32.dll Static PE information: Virtual size of .text is bigger than: 0x100000
Source: msimg32.dll Static PE information: Image base 0x645c0000 > 0x60000000
Source: msimg32.dll Static file information: File size 3937280 > 1048576
Source: msimg32.dll Static PE information: Raw size of .text is bigger than: 0x100000 < 0x218600
Contains functionality to dynamically determine API calls
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_64687C10 __PHYSFS_platformInit,GetVersionExA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetLastError,__PHYSFS_setError,GetProcAddress,PHYSFS_utf8FromUcs2,__PHYSFS_setError,__PHYSFS_setError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_64687C10
PE file contains an invalid checksum
Source: msimg32.dll Static PE information: real checksum: 0x386e1e should be: 0x3cac1d
PE file contains sections with non-standard names
Source: msimg32.dll Static PE information: section name: /4
Source: msimg32.dll Static PE information: section name: /14
Source: msimg32.dll Static PE information: section name: /29
Source: msimg32.dll Static PE information: section name: /45
Source: msimg32.dll Static PE information: section name: /61
Source: msimg32.dll Static PE information: section name: /73
Source: msimg32.dll Static PE information: section name: /87
Source: msimg32.dll Static PE information: section name: /99
Source: msimg32.dll Static PE information: section name: /112
Source: msimg32.dll Static PE information: section name: /123
Source: msimg32.dll Static PE information: section name: /134
Uses code obfuscation techniques (call, push, ret)
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6469C434 push edx; mov dword ptr [esp], 64876604h 0_2_6469C751
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_646884F0 push edi; mov dword ptr [esp], ebx 0_2_6468855B
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_647D25E8 push eax; mov dword ptr [esp], 64877B98h 0_2_647D2649
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_647D25E8 push ecx; mov dword ptr [esp], 647D2698h 0_2_647D2656
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6469A59C push eax; mov dword ptr [esp], 64876604h 0_2_6469A5B1
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6469A59C push ebx; mov dword ptr [esp], 64876604h 0_2_6469A615
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_64688650 push eax; mov dword ptr [esp], ebx 0_2_64688772
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6469A6F4 push eax; mov dword ptr [esp], 64876604h 0_2_6469A709
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6469A6F4 push edx; mov dword ptr [esp], 64876604h 0_2_6469A7D9
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6469977C push eax; mov dword ptr [esp], 64876604h 0_2_64699791
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6469977C push eax; mov dword ptr [esp], 64876604h 0_2_646997E9
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_64699064 push eax; mov dword ptr [esp], 64876604h 0_2_64699079
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_64699064 push eax; mov dword ptr [esp], 64876604h 0_2_646990E9
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_64699140 push edx; mov dword ptr [esp], 64876604h 0_2_646991D9
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6468813C push eax; mov dword ptr [esp], ebx 0_2_646881A4
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6469B20C push eax; mov dword ptr [esp], 64876604h 0_2_6469B8C3
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6469B20C push eax; mov dword ptr [esp], 64876604h 0_2_6469B904
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6469B20C push ecx; mov dword ptr [esp], 64876604h 0_2_6469B944
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6469B20C push eax; mov dword ptr [esp], 64876604h 0_2_6469B984
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6469B20C push ecx; mov dword ptr [esp], 64876604h 0_2_6469B9D6
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6469B20C push eax; mov dword ptr [esp], 64876604h 0_2_6469BA34
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6469B20C push eax; mov dword ptr [esp], 64876604h 0_2_6469BA74
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6469B20C push eax; mov dword ptr [esp], 64876604h 0_2_6469BAB4
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6469B20C push ecx; mov dword ptr [esp], 64876604h 0_2_6469BAF4
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6469B20C push eax; mov dword ptr [esp], 64876604h 0_2_6469BB34
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_64699218 push eax; mov dword ptr [esp], 64876604h 0_2_646992A5
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_645FE2E8 push eax; mov dword ptr [esp], ebp 0_2_645FE328
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6466C3EC push eax; mov dword ptr [esp], esi 0_2_6466C42E
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_64699388 push ecx; mov dword ptr [esp], 64876604h 0_2_646993A0
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_64699388 push edi; mov dword ptr [esp], 64876604h 0_2_646994F3
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_64699388 push edx; mov dword ptr [esp], 64876604h 0_2_64699529
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_64687C10 __PHYSFS_platformInit,GetVersionExA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetLastError,__PHYSFS_setError,GetProcAddress,PHYSFS_utf8FromUcs2,__PHYSFS_setError,__PHYSFS_setError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_64687C10
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Found large amount of non-executed APIs
Source: C:\Windows\System32\loaddll32.exe API coverage: 0.0 %
Source: C:\Windows\SysWOW64\rundll32.exe API coverage: 0.0 %
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6468724C __PHYSFS_platformEnumerateFiles,__PHYSFS_initSmallAlloc,__PHYSFS_initSmallAlloc,PHYSFS_utf8ToUcs2,__PHYSFS_initSmallAlloc,WideCharToMultiByte,FindFirstFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,__PHYSFS_smallFree,FindNextFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,PHYSFS_utf8FromUcs2,FindClose,FindNextFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,__PHYSFS_setError, 0_2_6468724C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_6468724C __PHYSFS_platformEnumerateFiles,__PHYSFS_initSmallAlloc,__PHYSFS_initSmallAlloc,PHYSFS_utf8ToUcs2,__PHYSFS_initSmallAlloc,WideCharToMultiByte,FindFirstFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,__PHYSFS_smallFree,FindNextFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,PHYSFS_utf8FromUcs2,FindClose,FindNextFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,__PHYSFS_setError, 4_2_6468724C
Contains functionality to dynamically determine API calls
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_64687C10 __PHYSFS_platformInit,GetVersionExA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetLastError,__PHYSFS_setError,GetProcAddress,PHYSFS_utf8FromUcs2,__PHYSFS_setError,__PHYSFS_setError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_64687C10
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Contains functionality to simulate mouse events
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6460B7CC al_get_mouse_event_source, 0_2_6460B7CC
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\msimg32.dll",#1 Jump to behavior
Source: loaddll32.exe, 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.1815870196.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000005.00000002.1817751739.00000000647E4000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: MbPAd:\Libraries\build\allegro\src\allegro-git\allegro-git\src\win\wunicode.c_al_win_utf16_al_win_utf8d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\win\wwindow.cShell_traywndy
Source: loaddll32.exe, loaddll32.exe, 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, rundll32.exe, 00000004.00000002.1815870196.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000005.00000002.1817751739.00000000647E4000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: Shell_traywnd
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_64681488 PHYSFS_init,__PHYSFS_platformInit,__PHYSFS_platformCreateMutex,__PHYSFS_platformCreateMutex,__PHYSFS_platformCalcBaseDir,__PHYSFS_platformRealPath,__PHYSFS_platformGetUserDir,__PHYSFS_platformRealPath,__PHYSFS_platformGrabMutex,__PHYSFS_platformGetThreadID,__PHYSFS_platformReleaseMutex,__PHYSFS_setError,__PHYSFS_setError,__PHYSFS_platformSetDefaultAllocator,__PHYSFS_setError,__PHYSFS_platformDestroyMutex,__PHYSFS_platformDestroyMutex,__PHYSFS_platformGetUserName,__PHYSFS_platformReleaseMutex,__PHYSFS_setError,__PHYSFS_setError,__PHYSFS_setError, 0_2_64681488
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_64686880 FileTimeToSystemTime,GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,FileTimeToSystemTime,GetLastError,PHYSFS_utf8FromUcs2,__PHYSFS_setError,GetLastError,GetLastError,__PHYSFS_setError, 0_2_64686880
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_64687C10 __PHYSFS_platformInit,GetVersionExA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetLastError,__PHYSFS_setError,GetProcAddress,PHYSFS_utf8FromUcs2,__PHYSFS_setError,__PHYSFS_setError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_64687C10
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_64602158 _al_parse_key_binding,al_ustr_new,al_ustr_trim_ws,al_ustr_size,al_ustr_find_set_cstr,al_ustr_set_chr,al_cstr,_al_stricmp,_al_stricmp,_al_stricmp,al_ustr_free,al_cstr,_al_stricmp,_al_stricmp,_al_stricmp,_al_stricmp,_al_stricmp, 0_2_64602158
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_64677C74 SzGetNextFolderItem,SzByteBufferCreate,SzReadNumber32,SzReadNumber32,SzCoderInfoInit,SzFolderFindBindPairForInStream,SzReadNumber32, 0_2_64677C74
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6467EAE8 SzFolderFindBindPairForInStream, 0_2_6467EAE8
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_6467EB18 SzFolderFindBindPairForOutStream, 0_2_6467EB18
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_646AE03C alGetListener3f,GetContextSuspended,alSetError,alSetError, 4_2_646AE03C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_64602158 _al_parse_key_binding,al_ustr_new,al_ustr_trim_ws,al_ustr_size,al_ustr_find_set_cstr,al_ustr_set_chr,al_cstr,_al_stricmp,_al_stricmp,_al_stricmp,al_ustr_free,al_cstr,_al_stricmp,_al_stricmp,_al_stricmp,_al_stricmp,_al_stricmp, 4_2_64602158
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_646AE114 alGetListenerfv,GetContextSuspended,alSetError,alSetError, 4_2_646AE114
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_646AE250 alGetListeneri,GetContextSuspended,alSetError,alSetError, 4_2_646AE250
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_646AE2B0 alGetListener3i,GetContextSuspended,alSetError,alSetError, 4_2_646AE2B0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_646AE3E8 alGetListeneriv,GetContextSuspended,alSetError,alSetError, 4_2_646AE3E8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_6467EAE8 SzFolderFindBindPairForInStream, 4_2_6467EAE8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_6467EB18 SzFolderFindBindPairForOutStream, 4_2_6467EB18
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_64677C74 SzGetNextFolderItem,SzByteBufferCreate,SzReadNumber32,SzReadNumber32,SzCoderInfoInit,SzFolderFindBindPairForInStream,SzReadNumber32, 4_2_64677C74
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_646ADD64 alListeneri,GetContextSuspended,alSetError, 4_2_646ADD64
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_646ADD98 alListener3i,GetContextSuspended,alSetError,GetContextSuspended,alSetError,ProcessContext,ProcessContext, 4_2_646ADD98
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_646ADEC8 alListeneriv,GetContextSuspended,alSetError,ProcessContext,alListenerfv,alListenerfv,alSetError, 4_2_646ADEC8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_646ADFA0 alGetListenerf,GetContextSuspended,alSetError,alSetError, 4_2_646ADFA0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_646AD944 alListenerf,GetContextSuspended,alSetError,alSetError, 4_2_646AD944
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_646ADA10 alListener3f,GetContextSuspended,alSetError, 4_2_646ADA10
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 4_2_646ADAE0 alListenerfv,GetContextSuspended,alSetError,GetContextSuspended,alSetError,ProcessContext,GetContextSuspended,alSetError,ProcessContext,alSetError,alSetError, 4_2_646ADAE0
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1538457 Sample: msimg32.dll Startdate: 21/10/2024 Architecture: WINDOWS Score: 52 19 Multi AV Scanner detection for submitted file 2->19 21 AI detected suspicious sample 2->21 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 conhost.exe 7->11         started        13 rundll32.exe 7->13         started        15 2 other processes 7->15 process5 17 rundll32.exe 9->17         started       
No contacted IP infos