Windows
Analysis Report
Project1.exe
Overview
General Information
Detection
Score: | 22 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
Analysis Advice
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Sample may be VM or Sandbox-aware, try analysis on a native machine |
- System is w10x64_ra
- Project1.exe (PID: 7072 cmdline:
"C:\Users\ user\Deskt op\Project 1.exe" MD5: A98614FF6F0FEE1D5A158FB077E9784B)
- rundll32.exe (PID: 7124 cmdline:
C:\Windows \System32\ rundll32.e xe C:\Wind ows\System 32\shell32 .dll,SHCre ateLocalSe rverRunDll {9aa46009 -3ce0-458a -a354-7156 10a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
- Project1.exe (PID: 4892 cmdline:
"C:\Users\ user\Deskt op\Project 1.exe" MD5: A98614FF6F0FEE1D5A158FB077E9784B)
- Project1.exe (PID: 3528 cmdline:
"C:\Users\ user\Deskt op\Project 1.exe" MD5: A98614FF6F0FEE1D5A158FB077E9784B)
- Project1.exe (PID: 6152 cmdline:
"C:\Users\ user\Deskt op\Project 1.exe" MD5: A98614FF6F0FEE1D5A158FB077E9784B)
- cleanup
Click to jump to signature section
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Window detected: |
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | User Timer Set: | Jump to behavior | ||
Source: | User Timer Set: | Jump to behavior | ||
Source: | User Timer Set: | Jump to behavior | ||
Source: | User Timer Set: | Jump to behavior | ||
Source: | User Timer Set: | Jump to behavior | ||
Source: | User Timer Set: | Jump to behavior | ||
Source: | User Timer Set: | Jump to behavior | ||
Source: | User Timer Set: | Jump to behavior | ||
Source: | User Timer Set: | Jump to behavior | ||
Source: | User Timer Set: | Jump to behavior | ||
Source: | User Timer Set: | Jump to behavior | ||
Source: | User Timer Set: | Jump to behavior | ||
Source: | User Timer Set: | Jump to behavior |
Source: | System information queried: | Jump to behavior | ||
Source: | System information queried: | Jump to behavior | ||
Source: | System information queried: | Jump to behavior | ||
Source: | System information queried: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 11 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 System Time Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Rundll32 | LSASS Memory | 11 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428645 |
Start date and time: | 2024-04-19 10:58:02 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 42s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 1 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Project1.exe |
Detection: | SUS |
Classification: | sus22.evad.winEXE@5/0@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
File type: | |
Entropy (8bit): | 6.562012100345723 |
TrID: |
|
File name: | Project1.exe |
File size: | 589'312 bytes |
MD5: | a98614ff6f0fee1d5a158fb077e9784b |
SHA1: | ae98f356c63118507e02e5c8a671f06b8bc0c18e |
SHA256: | c90808bf9349b6abeca3b81ce2c5b69331503a231bbd54d03e1816c708e47176 |
SHA512: | c459fa707557f109b7dc3b509344b978821fb50278edd980e781c6368b085ddef943113ab358e87fb27720d0416b8301626f3c7fc47ae34ce3833d952abd322a |
SSDEEP: | 12288:6p526NucGPOlWFFCBQpqhK305aTFQ9O/cMUwiDf4y6:6prD2FFKv5aTWdTq |
TLSH: | F9C47D7672E0883BC0631B788DFBA675653EBF10292445472BF01E4C6F3DB517A262A7 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | c5e4abc9e97e3f31 |
Entrypoint: | 0x40136c |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | |
Time Stamp: | 0x4B1D4141 [Mon Dec 7 17:54:09 2009 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 5ef64ef7359a687e7ec03d6983dd3853 |
Instruction |
---|
jmp 00007F3B4D416B62h |
bound di, dword ptr [edx] |
inc ebx |
sub ebp, dword ptr [ebx] |
dec eax |
dec edi |
dec edi |
dec ebx |
nop |
jmp 00007F3B4D88EBEDh |
mov eax, dword ptr [0047808Bh] |
shl eax, 02h |
mov dword ptr [0047808Fh], eax |
push edx |
push 00000000h |
call 00007F3B4D48C6CEh |
mov edx, eax |
call 00007F3B4D48135Bh |
pop edx |
call 00007F3B4D4812B9h |
call 00007F3B4D481390h |
push 00000000h |
call 00007F3B4D4827C5h |
pop ecx |
push 00478034h |
push 00000000h |
call 00007F3B4D48C6A8h |
mov dword ptr [00478093h], eax |
push 00000000h |
jmp 00007F3B4D487BC0h |
jmp 00007F3B4D4827F3h |
xor eax, eax |
mov al, byte ptr [0047807Dh] |
ret |
mov eax, dword ptr [00478093h] |
ret |
pushad |
mov ebx, BCB05000h |
push ebx |
push 00000BADh |
ret |
mov ecx, 000000B4h |
or ecx, ecx |
je 00007F3B4D416B9Fh |
cmp dword ptr [0047808Bh], 00000000h |
jnc 00007F3B4D416B5Ch |
mov eax, 000000FEh |
call 00007F3B4D416B2Ch |
mov ecx, 000000B4h |
push ecx |
push 00000008h |
call 00007F3B4D48C665h |
push eax |
call 00007F3B4D48C6D7h |
or eax, eax |
jne 00007F3B4D416B5Ch |
mov eax, 000000FDh |
call 00007F3B4D416B0Bh |
push eax |
push eax |
push dword ptr [0047808Bh] |
call 00007F3B4D487D8Ah |
push dword ptr [0047808Bh] |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x88000 | 0x251 | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x85000 | 0x25c1 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x89000 | 0x7e00 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x91000 | 0x8684 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x84000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x77000 | 0x76800 | 33edfaf41517ff617094dfe6c30dbae6 | False | 0.5203924380274262 | data | 6.534933867938111 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x78000 | 0xb000 | 0x5c00 | 03a243b37ba6920be0fa74acf095dbce | False | 0.33479110054347827 | data | 5.124995215670946 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0x83000 | 0x1000 | 0x200 | bf619eac0cdf3f68d496ea9344137e8b | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x84000 | 0x1000 | 0x200 | 278cbfe8e6dd722be9dc5bf1e4b13337 | False | 0.05078125 | MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "H" | 0.2108262677871819 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.idata | 0x85000 | 0x3000 | 0x2600 | 3a6c5798c69ba47236cce3692a2cf47b | False | 0.32391036184210525 | PGP symmetric key encrypted data - Plaintext or unencrypted data | 5.03042090288161 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.edata | 0x88000 | 0x1000 | 0x400 | cbf01772c66a3893709ddfb5f1fdce89 | False | 0.328125 | data | 3.5309664978782545 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x89000 | 0x8000 | 0x7e00 | 68b55207c08414ad5ff85e25816e30ac | False | 0.2611607142857143 | data | 4.568164673284517 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x91000 | 0x9000 | 0x8800 | dafa229b41c3393d23aff83c652e72f3 | False | 0.6110696231617647 | data | 6.626052500240583 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x89858 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | 0.38636363636363635 | ||
RT_CURSOR | 0x8998c | 0x134 | data | 0.4642857142857143 | ||
RT_CURSOR | 0x89ac0 | 0x134 | data | 0.4805194805194805 | ||
RT_CURSOR | 0x89bf4 | 0x134 | data | 0.38311688311688313 | ||
RT_CURSOR | 0x89d28 | 0x134 | data | 0.36038961038961037 | ||
RT_CURSOR | 0x89e5c | 0x134 | data | 0.4090909090909091 | ||
RT_CURSOR | 0x89f90 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | 0.4967532467532468 | ||
RT_ICON | 0x8a0c4 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | German | Germany | 0.3531894934333959 |
RT_STRING | 0x8b16c | 0x360 | data | 0.4097222222222222 | ||
RT_STRING | 0x8b4cc | 0xfc | data | 0.5912698412698413 | ||
RT_STRING | 0x8b5c8 | 0x1e4 | data | 0.48140495867768596 | ||
RT_STRING | 0x8b7ac | 0x6b4 | data | 0.3473193473193473 | ||
RT_STRING | 0x8be60 | 0x344 | data | 0.4126794258373206 | ||
RT_STRING | 0x8c1a4 | 0xd4 | data | 0.5330188679245284 | ||
RT_STRING | 0x8c278 | 0xb4 | data | 0.5555555555555556 | ||
RT_STRING | 0x8c32c | 0x418 | data | 0.4026717557251908 | ||
RT_STRING | 0x8c744 | 0x440 | data | 0.3805147058823529 | ||
RT_STRING | 0x8cb84 | 0x354 | data | 0.4061032863849765 | ||
RT_STRING | 0x8ced8 | 0x42c | data | 0.3951310861423221 | ||
RT_STRING | 0x8d304 | 0x51c | data | 0.38685015290519875 | ||
RT_STRING | 0x8d820 | 0x61c | data | 0.3663682864450128 | ||
RT_RCDATA | 0x8de3c | 0x10 | data | 1.5 | ||
RT_RCDATA | 0x8de4c | 0x1941 | Delphi compiled form 'Tfrm_1' | 0.38174787316318637 | ||
RT_RCDATA | 0x8f790 | 0x2a5 | Delphi compiled form 'Tfrm_gewonnen' | 0.5420974889217134 | ||
RT_RCDATA | 0x8fa38 | 0x3cb | Delphi compiled form 'Tfrm_highscore' | 0.5159629248197735 | ||
RT_RCDATA | 0x8fe04 | 0x434 | Delphi compiled form 'Tfrm_hilfe' | 0.5938661710037175 | ||
RT_RCDATA | 0x90238 | 0x4ef | Delphi compiled form 'Tfrm_name' | 0.3721298495645289 | ||
RT_RCDATA | 0x90728 | 0x2a5 | Delphi compiled form 'Tfrm_verloren' | 0.5361890694239291 | ||
RT_GROUP_CURSOR | 0x909d0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.25 | ||
RT_GROUP_CURSOR | 0x909e4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.25 | ||
RT_GROUP_CURSOR | 0x909f8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x90a0c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x90a20 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x90a34 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x90a48 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_ICON | 0x90a5c | 0x14 | data | German | Germany | 1.1 |
RT_VERSION | 0x90a70 | 0x2e8 | data | German | Germany | 0.47043010752688175 |
DLL | Import |
---|---|
ADVAPI32.DLL | RegCloseKey, RegOpenKeyExA, RegQueryValueExA |
KERNEL32.DLL | CloseHandle, CompareStringA, CreateEventA, CreateFileA, CreateThread, DeleteCriticalSection, EnterCriticalSection, EnumCalendarInfoA, ExitProcess, FindClose, FindFirstFileA, FindResourceA, FormatMessageA, FreeLibrary, FreeResource, GetACP, GetCPInfo, GetCommandLineA, GetCurrentProcessId, GetCurrentThreadId, GetDiskFreeSpaceA, GetEnvironmentStrings, GetFileSize, GetFileType, GetLastError, GetLocalTime, GetLocaleInfoA, GetModuleFileNameA, GetModuleHandleA, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoA, GetStdHandle, GetStringTypeExA, GetStringTypeW, GetSystemInfo, GetThreadLocale, GetTickCount, GetTimeZoneInformation, GetVersion, GetVersionExA, GlobalAddAtomA, GlobalAlloc, GlobalDeleteAtom, GlobalFindAtomA, GlobalFree, GlobalHandle, GlobalLock, GlobalReAlloc, GlobalUnlock, HeapAlloc, HeapFree, InitializeCriticalSection, InterlockedDecrement, InterlockedIncrement, LCMapStringA, LeaveCriticalSection, LoadLibraryA, LoadLibraryExA, LoadResource, LocalAlloc, LocalFree, LockResource, MulDiv, MultiByteToWideChar, RaiseException, ReadFile, ResetEvent, RtlUnwind, SetConsoleCtrlHandler, SetEndOfFile, SetErrorMode, SetEvent, SetFilePointer, SetHandleCount, SetLastError, SetThreadLocale, SizeofResource, Sleep, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, VirtualQuery, WaitForSingleObject, WideCharToMultiByte, WriteFile, lstrcpyA, lstrcpynA, lstrlenA |
COMCTL32.DLL | ImageList_Add, ImageList_BeginDrag, ImageList_Create, ImageList_Destroy, ImageList_DragEnter, ImageList_DragLeave, ImageList_DragMove, ImageList_DragShowNolock, ImageList_Draw, ImageList_DrawEx, ImageList_EndDrag, ImageList_GetBkColor, ImageList_GetDragImage, ImageList_GetIconSize, ImageList_GetImageCount, ImageList_Read, ImageList_Remove, ImageList_ReplaceIcon, ImageList_SetBkColor, ImageList_SetDragCursorImage, ImageList_SetIconSize, ImageList_Write |
GDI32.DLL | BitBlt, CopyEnhMetaFileA, CreateBitmap, CreateBrushIndirect, CreateCompatibleBitmap, CreateCompatibleDC, CreateDIBSection, CreateDIBitmap, CreateFontIndirectA, CreateHalftonePalette, CreatePalette, CreatePenIndirect, CreateSolidBrush, DeleteDC, DeleteEnhMetaFile, DeleteObject, Ellipse, ExcludeClipRect, ExtCreatePen, ExtTextOutA, GetBitmapBits, GetBrushOrgEx, GetClipBox, GetCurrentPositionEx, GetDCOrgEx, GetDIBColorTable, GetDIBits, GetDeviceCaps, GetEnhMetaFileBits, GetEnhMetaFileHeader, GetEnhMetaFilePaletteEntries, GetObjectA, GetPaletteEntries, GetPixel, GetStockObject, GetSystemPaletteEntries, GetTextExtentPoint32A, GetTextMetricsA, GetWinMetaFileBits, GetWindowOrgEx, IntersectClipRect, LineTo, MaskBlt, MoveToEx, PatBlt, PlayEnhMetaFile, PolyPolyline, Polyline, RealizePalette, RectVisible, Rectangle, RestoreDC, RoundRect, SaveDC, SelectObject, SelectPalette, SetBkColor, SetBkMode, SetBrushOrgEx, SetDIBColorTable, SetEnhMetaFileBits, SetMapMode, SetPixel, SetROP2, SetStretchBltMode, SetTextColor, SetViewportExtEx, SetViewportOrgEx, SetWinMetaFileBits, SetWindowExtEx, SetWindowOrgEx, StretchBlt, UnrealizeObject |
USER32.DLL | ActivateKeyboardLayout, AdjustWindowRectEx, BeginDeferWindowPos, BeginPaint, CallNextHookEx, CallWindowProcA, CharLowerA, CharLowerBuffA, CharNextA, CharUpperBuffA, CheckMenuItem, ClientToScreen, CloseClipboard, CreateIcon, CreateMenu, CreatePopupMenu, CreateWindowExA, DefFrameProcA, DefMDIChildProcA, DefWindowProcA, DeferWindowPos, DeleteMenu, DestroyCursor, DestroyIcon, DestroyMenu, DestroyWindow, DispatchMessageA, DrawEdge, DrawFocusRect, DrawFrameControl, DrawIcon, DrawIconEx, DrawMenuBar, DrawTextA, EmptyClipboard, EnableMenuItem, EnableScrollBar, EnableWindow, EndDeferWindowPos, EndPaint, EnumClipboardFormats, EnumThreadWindows, EnumWindows, EqualRect, FillRect, FindWindowA, FrameRect, GetActiveWindow, GetCapture, GetCaretPos, GetClassInfoA, GetClassNameA, GetClientRect, GetClipboardData, GetCursor, GetCursorPos, GetDC, GetDCEx, GetDesktopWindow, GetDoubleClickTime, GetFocus, GetForegroundWindow, GetIconInfo, GetKeyNameTextA, GetKeyState, GetKeyboardLayout, GetKeyboardLayoutList, GetKeyboardState, GetKeyboardType, GetLastActivePopup, GetMenu, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuState, GetMenuStringA, GetMessageTime, GetParent, GetPropA, GetScrollInfo, GetScrollPos, GetScrollRange, GetSubMenu, GetSystemMenu, GetSystemMetrics, GetTopWindow, GetWindow, GetWindowDC, GetWindowLongA, GetWindowPlacement, GetWindowRect, GetWindowTextA, GetWindowThreadProcessId, InflateRect, InsertMenuA, InsertMenuItemA, IntersectRect, InvalidateRect, IsCharAlphaA, IsCharAlphaNumericA, IsChild, IsDialogMessageA, IsIconic, IsRectEmpty, IsWindow, IsWindowEnabled, IsWindowVisible, IsZoomed, KillTimer, LoadBitmapA, LoadCursorA, LoadIconA, LoadKeyboardLayoutA, LoadStringA, MapVirtualKeyA, MapWindowPoints, MessageBeep, MessageBoxA, OemToCharA, OffsetRect, OpenClipboard, PeekMessageA, PostMessageA, PostQuitMessage, PtInRect, RedrawWindow, RegisterClassA, RegisterClipboardFormatA, RegisterWindowMessageA, ReleaseCapture, ReleaseDC, RemoveMenu, RemovePropA, ScreenToClient, ScrollWindow, ScrollWindowEx, SendMessageA, SetActiveWindow, SetCapture, SetClassLongA, SetClipboardData, SetCursor, SetFocus, SetForegroundWindow, SetKeyboardState, SetMenu, SetMenuItemInfoA, SetPropA, SetRect, SetScrollInfo, SetScrollPos, SetScrollRange, SetTimer, SetWindowLongA, SetWindowPlacement, SetWindowPos, SetWindowTextA, SetWindowsHookExA, ShowCursor, ShowOwnedPopups, ShowScrollBar, ShowWindow, SystemParametersInfoA, TrackPopupMenu, TranslateMDISysAccel, TranslateMessage, UnhookWindowsHookEx, UnionRect, UnregisterClassA, UpdateWindow, ValidateRect, WaitMessage, WinHelpA, WindowFromPoint, wsprintfA, GetSysColor |
OLEAUT32.DLL | SafeArrayCreate, SafeArrayGetElement, SafeArrayGetLBound, SafeArrayGetUBound, SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayRedim, SysAllocStringLen, SysFreeString, SysReAllocStringLen, VarBoolFromStr, VarBstrFromBool, VarBstrFromCy, VarBstrFromDate, VarCyFromStr, VarDateFromStr, VarI4FromStr, VarNeg, VarNot, VarR8FromStr, VariantChangeTypeEx, VariantClear, VariantCopy, VariantCopyInd, VariantInit |
Name | Ordinal | Address |
---|---|---|
@@Gewonnen@Finalize | 9 | 0x403120 |
@@Gewonnen@Initialize | 8 | 0x403110 |
@@Highscore@Finalize | 5 | 0x402df0 |
@@Highscore@Initialize | 4 | 0x402de0 |
@@Hilfe@Finalize | 11 | 0x403278 |
@@Hilfe@Initialize | 10 | 0x403268 |
@@Name@Finalize | 13 | 0x4035d0 |
@@Name@Initialize | 12 | 0x4035c0 |
@@Spiel@Finalize | 3 | 0x402a7c |
@@Spiel@Initialize | 2 | 0x402a64 |
@@Verloren@Finalize | 7 | 0x402f88 |
@@Verloren@Initialize | 6 | 0x402f78 |
__GetExceptDLLinfo | 1 | 0x4013c5 |
___CPPdebugHook | 14 | 0x478098 |
_frm_1 | 15 | 0x47db78 |
_frm_gewonnen | 18 | 0x47dbe4 |
_frm_highscore | 16 | 0x47dbd4 |
_frm_hilfe | 19 | 0x47dbec |
_frm_name | 20 | 0x47dbf4 |
_frm_verloren | 17 | 0x47dbdc |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
German | Germany |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:58:30 |
Start date: | 19/04/2024 |
Path: | C:\Users\user\Desktop\Project1.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 589'312 bytes |
MD5 hash: | A98614FF6F0FEE1D5A158FB077E9784B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | low |
Has exited: | true |
Target ID: | 12 |
Start time: | 10:59:07 |
Start date: | 19/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b4640000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 13 |
Start time: | 10:59:10 |
Start date: | 19/04/2024 |
Path: | C:\Users\user\Desktop\Project1.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 589'312 bytes |
MD5 hash: | A98614FF6F0FEE1D5A158FB077E9784B |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | Borland Delphi |
Reputation: | low |
Has exited: | true |
Target ID: | 18 |
Start time: | 10:59:44 |
Start date: | 19/04/2024 |
Path: | C:\Users\user\Desktop\Project1.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 589'312 bytes |
MD5 hash: | A98614FF6F0FEE1D5A158FB077E9784B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | low |
Has exited: | true |
Target ID: | 19 |
Start time: | 10:59:52 |
Start date: | 19/04/2024 |
Path: | C:\Users\user\Desktop\Project1.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 589'312 bytes |
MD5 hash: | A98614FF6F0FEE1D5A158FB077E9784B |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | Borland Delphi |
Reputation: | low |
Has exited: | false |