Windows
Analysis Report
HDDScan.exe
Overview
General Information
Detection
Score: | 3 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Signatures
Classification
Analysis Advice
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
Sample crashes during execution, try analyze it on another analysis machine |
- System is w10x64
- HDDScan.exe (PID: 6916 cmdline:
"C:\Users\ user\Deskt op\HDDScan .exe" MD5: 6EF8DE39A76D481E8C2047A4744D4089) - WerFault.exe (PID: 6336 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 916 -s 596 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Static PE information: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Process created: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_3_028A1EC2 | |
Source: | Code function: | 0_2_0019C015 | |
Source: | Code function: | 0_2_0019C325 | |
Source: | Code function: | 0_2_0019B965 | |
Source: | Code function: | 0_2_0019DCE8 | |
Source: | Code function: | 0_2_0019C0B5 | |
Source: | Code function: | 0_2_0019D57F | |
Source: | Code function: | 0_2_0019BFFD |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 2 Process Injection | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 21 Security Software Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 2 Process Injection | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 11 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
6% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1417299 |
Start date and time: | 2024-03-28 22:23:02 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 31s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | HDDScan.exe |
Detection: | CLEAN |
Classification: | clean3.winEXE@2/5@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 104.208.16.94, 20.189.173.20
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, onedsblobprdcus16.centralus.cloudapp.azure.com
- Execution Graph export aborted for target HDDScan.exe, PID 6916 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: HDDScan.exe
Time | Type | Description |
---|---|---|
22:24:08 | API Interceptor |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_HDDScan.exe_ea76cdead1d43b14caecbb56706fddae3cce72_2ee009fe_89fc0316-4654-4def-96d8-ca5193bfe192\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9752450921726032 |
Encrypted: | false |
SSDEEP: | 192:y0Mswcq0PsAP55jBzPJ8zuiFEZ24IO8B2:FicxPBP55jIzuiFEY4IO8B |
MD5: | 6876E802241209621B78BD688AA1C78D |
SHA1: | 2874AA32E7C7E79D853A68D5C95B315B4335CA5C |
SHA-256: | 0294B746C997E229B803434643C2956876C81C0962B9F502978C299765AD2F2F |
SHA-512: | 4748417C191032A9130636330C27F46CE1AF493D7FCB45E2AB6E4AED9B38943405D404788A92567B4692B28CCD1447E340F01B24F79A9F3BF788CDFE59A95CDE |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 62640 |
Entropy (8bit): | 2.0027326969246797 |
Encrypted: | false |
SSDEEP: | 384:JPPloeVGQCm0K/b/QO3lH2UyC8NfvQDj1kB0:JnlRVGu0K/boOVByC8NADjqy |
MD5: | 717BADE1A63266EF7803B6423120C7E5 |
SHA1: | F75E8F60D541E0B11986B138B375CD3555D4B023 |
SHA-256: | 67DD871AA2F2CEDAA8F3416BC2BB8B8A97898B468E9F64565347A74C20B24168 |
SHA-512: | 4E9D518F3DED218B3A9982E5539EFB865BA41AD20CBED9609C6B843C48C917624514C994C416E82B721E6DFE4DD4DBCEABAFAE02CB3F97299E6185DC0858FD41 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8306 |
Entropy (8bit): | 3.7001124387704056 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJ+U6d6Y9sSU9U7Rgmf+YoprP89bHVsfntm:R6lXJd6d6Y2SU9U9gmf+4Hufw |
MD5: | 63CAC989F0C148A4162F10C582900389 |
SHA1: | BB76D9F9534E3E314715E6A9063B6BE4188B53B8 |
SHA-256: | BAE64DEF8DB0E5B23988EBE61CD8880C944D6D6055BEC4197AC05961DA36B5F3 |
SHA-512: | C9911DACF82D80395F546EE81CA864FCD47846CE0404AAB04ACA93BBB1AA1D802A2D4720FF7F432A0C72FE3D536D05DA4C4DA5522A01CF80B1B72DBD0F7D8BA7 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4562 |
Entropy (8bit): | 4.450229117864001 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsMtJg77aI98fWpW8VY7IYm8M4JWFrgF7T8+q8ipbxSXLfouInhdd:uIjfMHI7aO7V4JW9WT87p9SXLfo9nhdd |
MD5: | 01BF7738BA859EAE1421A27AE60AD70D |
SHA1: | 3E884E1AC4B9E0235FCA322E2AAD92B9523587E3 |
SHA-256: | F1918436EE230732DB712B2F6C94D0B197D48133B68923333D3DB8FD1CB7D3CB |
SHA-512: | 5AC3CBC9BE63DDFC26947B5E63AD859CF6F1AAED888055F5C8BE1882FF308248B124C610C8A2E75946ECF5786607079638FCF89EFB251A77FD5E763419D730CE |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.4654160667501746 |
Encrypted: | false |
SSDEEP: | 6144:TIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNpdwBCswSbv:EXD94+WlLZMM6YFHz+v |
MD5: | 6157D9C6EDFBC71DCD8C2CF7D414CE16 |
SHA1: | C2006840F68837DA88E316CCD51816326373C1E5 |
SHA-256: | 7FFF1364645D466F5CE242AB4E07B5401E13D88452CB61C8ED3A93163ED13CDA |
SHA-512: | 5079367E76F1DA42EC53D4C388CDDA047BE09ECBAF224DB28CD5D2DB1F0A33D24325695BA0C158434D82FADF7909BE6275D2E853018D811C95809FDF9A2BEA36 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.778900610955359 |
TrID: |
|
File name: | HDDScan.exe |
File size: | 7'131'648 bytes |
MD5: | 6ef8de39a76d481e8c2047a4744d4089 |
SHA1: | f0068385962b420c2864f9af3f428b5a06b2fc4f |
SHA256: | cdd981b92ffa81a9d3b51c4aba50892e3548a2f7e2058a35b4581993591251af |
SHA512: | 02051a1710b71a420d4ac1f5d6efaddb4e31aba139846541114ee85caf8e57c1da75dd31db95a8a7512091b6ee508bd17ec96743397c87e548b49d0dd5768423 |
SSDEEP: | 98304:L0MiKIR1tX+DvVx1T/QUU/HA/tmB4EmJsHSeThD:AFfuJTzQJHvV |
TLSH: | 11768E9372C4942AD6670735843F9AE0583FBE217E16889B2BA43E0CDF75542393AF17 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 31717179686cf871 |
Entrypoint: | 0x885d64 |
Entrypoint Section: | .itext |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x5D6AACAB [Sat Aug 31 17:21:47 2019 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 2d642067629684caa72978192daa3f17 |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFE8h |
push ebx |
push esi |
push edi |
xor eax, eax |
mov dword ptr [ebp-14h], eax |
mov dword ptr [ebp-18h], eax |
mov eax, 00874130h |
call 00007FB73808E1FAh |
xor eax, eax |
push ebp |
push 00885F13h |
push dword ptr fs:[eax] |
mov dword ptr fs:[eax], esp |
mov eax, dword ptr [00893100h] |
mov eax, dword ptr [eax] |
call 00007FB73826300Ch |
xor ecx, ecx |
mov dl, 01h |
mov eax, dword ptr [00873E60h] |
call 00007FB7382586B6h |
mov edx, dword ptr [008929F8h] |
mov dword ptr [edx], eax |
mov eax, dword ptr [00893100h] |
mov eax, dword ptr [eax] |
mov edx, 00885F30h |
call 00007FB738262A15h |
xor eax, eax |
push ebp |
push 00885E80h |
push dword ptr fs:[eax] |
mov dword ptr fs:[eax], esp |
call 00007FB738086E6Ah |
test eax, eax |
jnle 00007FB7385079DDh |
mov eax, dword ptr [008929F8h] |
mov eax, dword ptr [eax] |
call 00007FB73825E40Ah |
mov eax, dword ptr [008929F8h] |
mov eax, dword ptr [eax] |
mov edx, dword ptr [eax] |
call dword ptr [edx+000000B0h] |
mov ecx, dword ptr [00892E54h] |
mov eax, dword ptr [00893100h] |
mov eax, dword ptr [eax] |
mov edx, dword ptr [0086C45Ch] |
call 00007FB738262FB3h |
mov ecx, dword ptr [00892A9Ch] |
mov eax, dword ptr [00893100h] |
mov eax, dword ptr [eax] |
mov edx, dword ptr [0086B3C0h] |
call 00007FB738262F9Bh |
mov ecx, dword ptr [00892BD0h] |
mov eax, dword ptr [00893100h] |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x4a3000 | 0x5e | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x49c000 | 0x458e | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x501000 | 0x1d9e00 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x4a6000 | 0x5a93c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x4a5000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x49ccb4 | 0xa98 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x4a1000 | 0x1d60 | .didata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x4805d0 | 0x480600 | 4e7b074513682e6413f6093a5381f115 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.itext | 0x482000 | 0x3f78 | 0x4000 | b36deb5fd7fae212b63a7c0f97ce6800 | False | 0.49267578125 | data | 6.116806989939226 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x486000 | 0xd634 | 0xd800 | 91f4dd5894bab875207a8a36351b329d | False | 0.43849464699074076 | data | 6.197194788584571 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.bss | 0x494000 | 0x7674 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0x49c000 | 0x458e | 0x4600 | 596c80b79e53e8f8d8e3a6b75bb05d0e | False | 0.30747767857142855 | data | 5.235726068826933 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.didata | 0x4a1000 | 0x1d60 | 0x1e00 | 3354bffe50a2072a50cd6f6713503ba2 | False | 0.29140625 | data | 4.74051788361583 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.edata | 0x4a3000 | 0x5e | 0x200 | 9f6defa4d5233d9e1d18938896699bde | False | 0.1640625 | data | 1.1072615392411285 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.tls | 0x4a4000 | 0x48 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x4a5000 | 0x5d | 0x200 | 6b8c1ecfb6541db717540a1f0fc5543b | False | 0.189453125 | data | 1.3760818752217987 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x4a6000 | 0x5a93c | 0x5aa00 | 1131c2715b07d01c36f76ddd9d6e211a | False | 0.5639628232758621 | data | 6.724379605647983 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.rsrc | 0x501000 | 0x1d9e00 | 0x1d9e00 | 43dd88efdd82fc6d3942ec806c154315 | False | 0.5078398056251648 | data | 6.980809714478211 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x502f94 | 0x134 | data | English | United States | 0.2922077922077922 |
RT_CURSOR | 0x5030c8 | 0x134 | data | English | United States | 0.4642857142857143 |
RT_CURSOR | 0x5031fc | 0x134 | data | English | United States | 0.4805194805194805 |
RT_CURSOR | 0x503330 | 0x134 | data | English | United States | 0.38311688311688313 |
RT_CURSOR | 0x503464 | 0x134 | data | English | United States | 0.36038961038961037 |
RT_CURSOR | 0x503598 | 0x134 | data | English | United States | 0.4090909090909091 |
RT_CURSOR | 0x5036cc | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.4967532467532468 |
RT_CURSOR | 0x503800 | 0x134 | data | English | United States | 0.38636363636363635 |
RT_CURSOR | 0x503934 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.38636363636363635 |
RT_BITMAP | 0x503a68 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.43103448275862066 |
RT_BITMAP | 0x503c38 | 0x1e4 | Device independent bitmap graphic, 36 x 19 x 4, image size 380 | English | United States | 0.46487603305785125 |
RT_BITMAP | 0x503e1c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.43103448275862066 |
RT_BITMAP | 0x503fec | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39870689655172414 |
RT_BITMAP | 0x5041bc | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.4245689655172414 |
RT_BITMAP | 0x50438c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5021551724137931 |
RT_BITMAP | 0x50455c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5064655172413793 |
RT_BITMAP | 0x50472c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39655172413793105 |
RT_BITMAP | 0x5048fc | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5344827586206896 |
RT_BITMAP | 0x504acc | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39655172413793105 |
RT_BITMAP | 0x504c9c | 0x488 | data | Russian | Russia | 0.8836206896551724 |
RT_BITMAP | 0x505124 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.5208333333333334 |
RT_BITMAP | 0x5051e4 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.42857142857142855 |
RT_BITMAP | 0x5052c4 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.4955357142857143 |
RT_BITMAP | 0x5053a4 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.38392857142857145 |
RT_BITMAP | 0x505484 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.4947916666666667 |
RT_BITMAP | 0x505544 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.484375 |
RT_BITMAP | 0x505604 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.42410714285714285 |
RT_BITMAP | 0x5056e4 | 0xc58 | Device independent bitmap graphic, 51 x 20 x 24, image size 3120 | English | United States | 0.45126582278481014 |
RT_BITMAP | 0x50633c | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 768, resolution 3780 x 3780 px/m | English | United States | 0.14975247524752475 |
RT_BITMAP | 0x506664 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.5104166666666666 |
RT_BITMAP | 0x506724 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.5 |
RT_BITMAP | 0x506804 | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | English | United States | 0.4870689655172414 |
RT_BITMAP | 0x5068ec | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 768, resolution 3780 x 3780 px/m | English | United States | 0.12995049504950495 |
RT_BITMAP | 0x506c14 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.4895833333333333 |
RT_BITMAP | 0x506cd4 | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 768, resolution 3780 x 3780 px/m | English | United States | 0.12128712871287128 |
RT_BITMAP | 0x506ffc | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colors | English | United States | 0.3829268292682927 |
RT_BITMAP | 0x507664 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colors | English | United States | 0.39146341463414636 |
RT_BITMAP | 0x507ccc | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colors | English | United States | 0.3853658536585366 |
RT_BITMAP | 0x508334 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colors | English | United States | 0.39207317073170733 |
RT_BITMAP | 0x50899c | 0x110 | Device independent bitmap graphic, 24 x 14 x 4, image size 168 | English | United States | 0.40808823529411764 |
RT_BITMAP | 0x508aac | 0x110 | Device independent bitmap graphic, 24 x 14 x 4, image size 168 | English | United States | 0.4117647058823529 |
RT_BITMAP | 0x508bbc | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colors | English | United States | 0.35548780487804876 |
RT_BITMAP | 0x509224 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colors | English | United States | 0.3853658536585366 |
RT_BITMAP | 0x50988c | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colors | English | United States | 0.43902439024390244 |
RT_BITMAP | 0x509ef4 | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 768, resolution 3780 x 3780 px/m | English | United States | 0.13861386138613863 |
RT_BITMAP | 0x50a21c | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 768, resolution 3780 x 3780 px/m | English | United States | 0.07054455445544554 |
RT_BITMAP | 0x50a544 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.3794642857142857 |
RT_ICON | 0x50a624 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 0 | English | United States | 0.32247426949012187 |
RT_ICON | 0x51ae4c | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | United States | 0.5320539419087137 |
RT_ICON | 0x51d3f4 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | United States | 0.6104596622889306 |
RT_ICON | 0x51e49c | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | United States | 0.7819148936170213 |
RT_DIALOG | 0x51e904 | 0x52 | data | 0.7682926829268293 | ||
RT_DIALOG | 0x51e958 | 0x52 | data | 0.7560975609756098 | ||
RT_STRING | 0x51e9ac | 0x4c | data | 0.618421052631579 | ||
RT_STRING | 0x51e9f8 | 0xaa | data | 0.6647058823529411 | ||
RT_STRING | 0x51eaa4 | 0x186 | data | 0.5743589743589743 | ||
RT_STRING | 0x51ec2c | 0x1ce | data | 0.5303030303030303 | ||
RT_STRING | 0x51edfc | 0x146 | data | 0.5460122699386503 | ||
RT_STRING | 0x51ef44 | 0x7e | data | 0.6666666666666666 | ||
RT_STRING | 0x51efc4 | 0x24 | data | 0.4166666666666667 | ||
RT_STRING | 0x51efe8 | 0x20c | data | 0.4732824427480916 | ||
RT_STRING | 0x51f1f4 | 0x4f0 | data | 0.3647151898734177 | ||
RT_STRING | 0x51f6e4 | 0x190 | data | 0.49 | ||
RT_STRING | 0x51f874 | 0x250 | AmigaOS bitmap font "p", fc_YSize 19712, 16640 elements, 2nd " ", 3rd "T" | 0.42736486486486486 | ||
RT_STRING | 0x51fac4 | 0x31c | data | 0.4158291457286432 | ||
RT_STRING | 0x51fde0 | 0x3c8 | data | 0.41838842975206614 | ||
RT_STRING | 0x5201a8 | 0x298 | data | 0.4382530120481928 | ||
RT_STRING | 0x520440 | 0x380 | Targa image data - Color 110 x 103 x 32 +121 +105 "t" | 0.34486607142857145 | ||
RT_STRING | 0x5207c0 | 0x33c | AmigaOS bitmap font "P", fc_YSize 29696, 18944 elements, 2nd "i", 3rd "p" | 0.4251207729468599 | ||
RT_STRING | 0x520afc | 0xa24 | data | 0.2862095531587057 | ||
RT_STRING | 0x521520 | 0x81c | data | 0.31165703275529866 | ||
RT_STRING | 0x521d3c | 0x444 | data | 0.3305860805860806 | ||
RT_STRING | 0x522180 | 0x274 | data | 0.5095541401273885 | ||
RT_STRING | 0x5223f4 | 0x3e0 | data | 0.41935483870967744 | ||
RT_STRING | 0x5227d4 | 0xd8 | data | 0.6666666666666666 | ||
RT_STRING | 0x5228ac | 0xd0 | data | 0.6634615384615384 | ||
RT_STRING | 0x52297c | 0x2c8 | data | 0.425561797752809 | ||
RT_STRING | 0x522c44 | 0x284 | data | 0.4829192546583851 | ||
RT_STRING | 0x522ec8 | 0x410 | data | 0.36538461538461536 | ||
RT_STRING | 0x5232d8 | 0x37c | data | 0.3901345291479821 | ||
RT_STRING | 0x523654 | 0x464 | data | 0.297153024911032 | ||
RT_STRING | 0x523ab8 | 0x374 | data | 0.4287330316742081 | ||
RT_STRING | 0x523e2c | 0x3b0 | data | 0.3707627118644068 | ||
RT_STRING | 0x5241dc | 0x3cc | data | 0.3713991769547325 | ||
RT_STRING | 0x5245a8 | 0x384 | data | 0.35444444444444445 | ||
RT_STRING | 0x52492c | 0x470 | data | 0.3890845070422535 | ||
RT_STRING | 0x524d9c | 0x1d0 | data | 0.40301724137931033 | ||
RT_STRING | 0x524f6c | 0xcc | data | 0.6225490196078431 | ||
RT_STRING | 0x525038 | 0x17c | data | 0.55 | ||
RT_STRING | 0x5251b4 | 0x384 | data | 0.3811111111111111 | ||
RT_STRING | 0x525538 | 0x358 | data | 0.37616822429906543 | ||
RT_STRING | 0x525890 | 0x310 | data | 0.37755102040816324 | ||
RT_STRING | 0x525ba0 | 0x334 | data | 0.33414634146341465 | ||
RT_RCDATA | 0x525ed4 | 0xcbf | PNG image data, 60 x 20, 8-bit/color RGBA, non-interlaced | English | United States | 1.0033711308611708 |
RT_RCDATA | 0x526b94 | 0x3a5 | PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced | English | United States | 1.0117899249732047 |
RT_RCDATA | 0x526f3c | 0xd58 | PNG image data, 33 x 33, 8-bit/color RGBA, non-interlaced | Russian | Russia | 1.0032201405152226 |
RT_RCDATA | 0x527c94 | 0xd0d | PNG image data, 33 x 33, 8-bit/color RGBA, non-interlaced | Russian | Russia | 1.003292427416941 |
RT_RCDATA | 0x5289a4 | 0x10 | data | 1.5 | ||
RT_RCDATA | 0x5289b4 | 0x10a4 | data | 0.5328638497652582 | ||
RT_RCDATA | 0x529a58 | 0x2 | data | English | United States | 5.0 |
RT_RCDATA | 0x529a5c | 0x5ea | PNG image data, 48 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 1.0072655217965654 |
RT_RCDATA | 0x52a048 | 0x5c9 | PNG image data, 48 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 1.0074274139095205 |
RT_RCDATA | 0x52a614 | 0x314 | PNG image data, 48 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 1.013959390862944 |
RT_RCDATA | 0x52a928 | 0xb88 | PNG image data, 48 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 0.9088753387533876 |
RT_RCDATA | 0x52b4b0 | 0xabc | PNG image data, 48 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 0.8966521106259098 |
RT_RCDATA | 0x52bf6c | 0x415c8 | TrueType Font data, 19 tables, 1st "GPOS", 16 names, Macintosh, \(g\)\252 fonts 1999\251ElektraMediumTransType 3 MAC;Elektra;001.000;18/07/06 23:22:47ElektraVer | English | United States | 0.10237935156133274 |
RT_RCDATA | 0x56d534 | 0x5f80 | TrueType Font data, 15 tables, 1st "OS/2", 21 names, Unicode | English | United States | 0.3445271596858639 |
RT_RCDATA | 0x5734b4 | 0x60d | Delphi compiled form 'TfmAbout' | 0.3983214977404777 | ||
RT_RCDATA | 0x573ac4 | 0x13dcf | Delphi compiled form 'TfmBootUp' | 0.31331506041126367 | ||
RT_RCDATA | 0x587894 | 0x556 | Delphi compiled form 'TfmError' | 0.4128843338213763 | ||
RT_RCDATA | 0x587dec | 0x457 | Delphi compiled form 'TfmLicense' | 0.48874887488748875 | ||
RT_RCDATA | 0x588244 | 0x10e1d0 | Delphi compiled form 'TfmMain' | 0.5643234252929688 | ||
RT_RCDATA | 0x696414 | 0x106ce | Delphi compiled form 'TfmPopupTests' | 0.8994916614643718 | ||
RT_RCDATA | 0x6a6ae4 | 0x14933 | Delphi compiled form 'TfmPopupTools' | 0.9558825274399289 | ||
RT_RCDATA | 0x6bb418 | 0x3f74 | Delphi compiled form 'TfmSMARTForm' | 0.9453952228515144 | ||
RT_RCDATA | 0x6bf38c | 0x699 | Delphi compiled form 'TfmSmartMonForm' | 0.38188277087033745 | ||
RT_RCDATA | 0x6bfa28 | 0x3467 | Delphi compiled form 'TfmSmartTest' | 0.9279910547894148 | ||
RT_RCDATA | 0x6c2e90 | 0x135a2 | Delphi compiled form 'TfmTestForm' | 0.6492443166048495 | ||
RT_RCDATA | 0x6d6434 | 0x665 | Delphi compiled form 'TPathDialogForm' | 0.4935858277336591 | ||
RT_RCDATA | 0x6d6a9c | 0x19a7 | Delphi compiled form 'TsCalcForm' | 0.19400030455306838 | ||
RT_RCDATA | 0x6d8444 | 0x1e35 | Delphi compiled form 'TsColorDialogForm' | 0.2595370490107332 | ||
RT_RCDATA | 0x6da27c | 0x2d7 | Delphi compiled form 'TsPopupCalendar' | 0.594222833562586 | ||
RT_GROUP_CURSOR | 0x6da554 | 0x14 | data | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x6da568 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x6da57c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x6da590 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x6da5a4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x6da5b8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x6da5cc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x6da5e0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x6da5f4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_ICON | 0x6da608 | 0x3e | data | English | United States | 0.8387096774193549 |
RT_VERSION | 0x6da648 | 0x19c | data | English | United States | 0.529126213592233 |
RT_MANIFEST | 0x6da7e4 | 0x452 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4674502712477396 |
DLL | Import |
---|---|
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
advapi32.dll | RegQueryValueExW, RegOpenKeyExW, RegCloseKey |
user32.dll | MessageBoxA, CharNextW, LoadStringW |
kernel32.dll | Sleep, VirtualFree, VirtualAlloc, lstrlenW, VirtualQuery, QueryPerformanceCounter, GetTickCount, GetSystemInfo, GetVersion, CompareStringW, IsDBCSLeadByteEx, IsValidLocale, SetThreadLocale, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetLocaleInfoW, WideCharToMultiByte, MultiByteToWideChar, GetConsoleOutputCP, GetConsoleCP, GetACP, LoadLibraryExW, GetStartupInfoW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetCommandLineW, FreeLibrary, GetLastError, UnhandledExceptionFilter, RtlUnwind, RaiseException, ExitProcess, ExitThread, SwitchToThread, GetCurrentThreadId, CreateThread, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, FindFirstFileW, FindClose, SetCurrentDirectoryW, GetCurrentDirectoryW, WriteFile, SetFilePointer, SetEndOfFile, ReadFile, GetFileType, GetFileSize, CreateFileW, GetStdHandle, CloseHandle |
kernel32.dll | GetProcAddress, RaiseException, LoadLibraryA, GetLastError, TlsSetValue, TlsGetValue, LocalFree, LocalAlloc, GetModuleHandleW, FreeLibrary |
user32.dll | SetClassLongW, GetClassLongW, SetWindowLongW, GetWindowLongW, CreateWindowExW, WindowFromPoint, WindowFromDC, WaitMessage, ValidateRect, UpdateWindow, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenuEx, TrackPopupMenu, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCaret, SetWindowRgn, SetWindowsHookExW, SetWindowTextW, SetWindowPos, SetWindowPlacement, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetKeyboardState, SetForegroundWindow, SetFocus, SetDlgItemTextW, SetCursorPos, SetCursor, SetClipboardData, SetCaretPos, SetCapture, SetActiveWindow, SendMessageA, SendMessageW, SendDlgItemMessageW, ScrollWindowEx, ScrollWindow, ScreenToClient, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PtInRect, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OpenClipboard, OffsetRect, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MoveWindow, MessageBoxIndirectW, MessageBoxA, MessageBoxW, MessageBeep, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadMenuW, LoadKeyboardLayoutW, LoadIconW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsDialogMessageW, IsChild, IsCharAlphaNumericW, IsCharAlphaW, InvalidateRect, IntersectRect, InsertMenuItemW, InsertMenuW, InflateRect, HideCaret, GetWindowThreadProcessId, GetWindowTextLengthW, GetWindowTextW, GetWindowRgn, GetWindowRect, GetWindowPlacement, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetScrollBarInfo, GetPropW, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMessageExtraInfo, GetMenuStringW, GetMenuState, GetMenuItemRect, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDoubleClickTime, GetDlgItem, GetDlgCtrlID, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameW, GetClassInfoExW, GetClassInfoW, GetCaretPos, GetCapture, GetAsyncKeyState, GetActiveWindow, FrameRect, FindWindowExW, FindWindowW, FillRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EnumChildWindows, EndPaint, EndMenu, EndDeferWindowPos, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExW, DrawTextA, DrawTextW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DestroyCaret, DeleteMenu, DeferWindowPos, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIconIndirect, CreateIconFromResource, CreateIcon, CreateCaret, CountClipboardFormats, CopyRect, CopyImage, CopyIcon, CloseClipboard, ClientToScreen, ChildWindowFromPoint, CheckMenuItem, CharUpperBuffW, CharUpperW, CharNextW, CharLowerBuffW, CharLowerW, CallWindowProcW, CallNextHookEx, BeginPaint, BeginDeferWindowPos, AdjustWindowRectEx, ActivateKeyboardLayout |
gdi32.dll | WidenPath, UnrealizeObject, TextOutW, StrokePath, StrokeAndFillPath, StretchDIBits, StretchBlt, SetWindowOrgEx, SetWindowExtEx, SetWinMetaFileBits, SetViewportOrgEx, SetViewportExtEx, SetTextCharacterExtra, SetTextColor, SetTextAlign, SetStretchBltMode, SetROP2, SetPixelV, SetPixel, SetMapMode, SetGraphicsMode, SetEnhMetaFileBits, SetDIBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetBitmapBits, SetArcDirection, SelectPalette, SelectObject, SelectClipRgn, SelectClipPath, SaveDC, RoundRect, RestoreDC, ResizePalette, Rectangle, RectVisible, RealizePalette, PtVisible, PolylineTo, Polyline, Polygon, PolyPolyline, PolyBezierTo, PolyBezier, PlgBlt, PlayEnhMetaFile, Pie, PathToRegion, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetViewportOrgEx, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32W, GetTextCharacterExtra, GetTextAlign, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectW, GetNearestPaletteIndex, GetMapMode, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionW, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetCurrentPositionEx, GetClipRgn, GetClipBox, GetBrushOrgEx, GetBkMode, GetBkColor, GetBitmapDimensionEx, GetBitmapBits, GdiFlush, FrameRgn, FillPath, ExtTextOutW, ExtSelectClipRgn, ExtFloodFill, ExtCreatePen, ExcludeClipRect, EnumFontFamiliesExW, EndPath, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRoundRectRgn, CreateRectRgn, CreatePolygonRgn, CreatePenIndirect, CreatePen, CreatePalette, CreateHalftonePalette, CreateFontIndirectW, CreateEnhMetaFileW, CreateEllipticRgnIndirect, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileW, CombineRgn, CloseFigure, CloseEnhMetaFile, Chord, BitBlt, BeginPath, ArcTo, Arc, AngleArc |
version.dll | VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW |
kernel32.dll | lstrlenW, lstrcmpW, WriteProcessMemory, WritePrivateProfileStringW, WriteFile, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQueryEx, VirtualQuery, VirtualProtect, VirtualFreeEx, VirtualFree, VirtualAllocEx, VirtualAlloc, VerSetConditionMask, VerifyVersionInfoW, SwitchToThread, SuspendThread, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetPriorityClass, SetLastError, SetFilePointerEx, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryW, ReleaseMutex, ReadProcessMemory, ReadFile, QueryPerformanceFrequency, QueryPerformanceCounter, OpenProcess, MulDiv, LockResource, LocalFree, LocalAlloc, LoadResource, LoadLibraryW, LeaveCriticalSection, IsValidLocale, InitializeCriticalSection, HeapFree, HeapDestroy, HeapCreate, HeapAlloc, GlobalUnlock, GlobalSize, GlobalLock, GlobalFree, GlobalFindAtomW, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomW, GetVersionExW, GetVersion, GetUserDefaultLCID, GetTickCount, GetThreadPriority, GetThreadLocale, GetSystemInfo, GetSystemDirectoryW, GetStdHandle, GetProcAddress, GetPrivateProfileStringW, GetPriorityClass, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileAttributesW, GetExitCodeThread, GetExitCodeProcess, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetComputerNameW, GetCPInfoExW, GetCPInfo, GetACP, FreeResource, InterlockedExchange, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FindResourceW, FindNextFileW, FindFirstFileW, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoW, EnterCriticalSection, DeviceIoControl, DeleteFileW, DeleteCriticalSection, CreateThread, CreateProcessW, CreateMutexW, CreateFileW, CreateEventW, CreateDirectoryW, CopyFileW, CompareStringW, CloseHandle |
advapi32.dll | RegSetValueExW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegFlushKey, RegEnumValueW, RegEnumKeyExW, RegDeleteKeyW, RegCreateKeyExW, RegCloseKey, OpenThreadToken, OpenProcessToken, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid |
kernel32.dll | Sleep |
oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit |
oleaut32.dll | CreateErrorInfo, GetErrorInfo, SetErrorInfo, GetActiveObject, SafeArrayPutElement, SafeArrayCreate, SysFreeString, SysAllocString |
ole32.dll | CreateStreamOnHGlobal, IsAccelerator, OleDraw, OleSetMenuDescriptor, RevokeDragDrop, RegisterDragDrop, OleUninitialize, OleInitialize, CoTaskMemFree, CoTaskMemAlloc, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID |
comctl32.dll | InitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls |
user32.dll | EnumDisplayMonitors, GetMonitorInfoW, MonitorFromPoint, MonitorFromWindow |
msvcrt.dll | memset, memcpy |
shell32.dll | ShellExecuteW, Shell_NotifyIconW |
wininet.dll | InternetSetOptionW, InternetOpenW, InternetConnectW, InternetCloseHandle |
URLMON.DLL | CoInternetCreateZoneManager, CoInternetCreateSecurityManager, URLDownloadToFileW |
shell32.dll | SHGetSpecialFolderLocation, SHGetMalloc, SHGetDesktopFolder |
comdlg32.dll | GetSaveFileNameW, GetOpenFileNameW |
kernel32.dll | MulDiv |
SetupApi.dll | SetupDiGetDeviceRegistryPropertyW, SetupDiGetDeviceRegistryPropertyA, SetupDiGetClassDevsW, SetupDiGetDeviceInterfaceDetailW, SetupDiEnumDeviceInterfaces, SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo |
kernel32.dll | SetThreadExecutionState |
cfgmgr32.dll | CM_Get_DevNode_Registry_PropertyA, CM_Get_Parent |
Name | Ordinal | Address |
---|---|---|
TMethodImplementationIntercept | 1 | 0x458640 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
Russian | Russia |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 22:23:48 |
Start date: | 28/03/2024 |
Path: | C:\Users\user\Desktop\HDDScan.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 7'131'648 bytes |
MD5 hash: | 6EF8DE39A76D481E8C2047A4744D4089 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 22:23:57 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x850000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |