Windows
Analysis Report
SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe (PID: 3044 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Win32.Adwa re-gen.138 61.28606.e xe" MD5: AF1E56057951887A763D4E97670A1036)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Keylogger_Generic | Yara detected Keylogger Generic | Joe Security | ||
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security | ||
JoeSecurity_Keylogger_Generic | Yara detected Keylogger Generic | Joe Security | ||
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security | ||
JoeSecurity_Keylogger_Generic | Yara detected Keylogger Generic | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Keylogger_Generic | Yara detected Keylogger Generic | Joe Security | ||
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Registry value created: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Classification label: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File written: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Registry value created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | Windows Management Instrumentation | 1 Scripting | 1 Process Injection | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Modify Registry | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 2 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 2 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 21 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
71% | ReversingLabs | Win32.Trojan.Generic | ||
100% | Joe Sandbox ML |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
report.thorzip.muxin.fun | unknown | unknown | false | unknown | |
hotnews.dftoutiao.com | unknown | unknown | false | unknown | |
files.news.baidu.com | unknown | unknown | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | high | |||
false | high | |||
false | high | |||
false | unknown | |||
false | high | |||
false | high | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | high | |||
false | high | |||
false | unknown | |||
false | high | |||
false | high | |||
false | high | |||
false | unknown | |||
false | high | |||
false | unknown | |||
false | unknown | |||
false | unknown |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428706 |
Start date and time: | 2024-04-19 12:28:09 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Detection: | MAL |
Classification: | mal52.winEXE@1/1@7/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
File Type: | |
Category: | modified |
Size (bytes): | 282 |
Entropy (8bit): | 3.514693737970008 |
Encrypted: | false |
SSDEEP: | 6:QyqRsioTA5wmHOlRaQmZWGokJqAMhAlWygDAlLwkAl2FlRaQmZWGokJISlfY:QZsiL5wmHOlDmo0qmWvclLwr2FlDmo0I |
MD5: | 9E36CC3537EE9EE1E3B10FA4E761045B |
SHA1: | 7726F55012E1E26CC762C9982E7C6C54CA7BB303 |
SHA-256: | 4B9D687AC625690FD026ED4B236DAD1CAC90EF69E7AD256CC42766A065B50026 |
SHA-512: | 5F92493C533D3ADD10B4CE2A364624817EBD10E32DAA45EE16593E913073602DB5E339430A3F7D2C44ABF250E96CA4E679F1F09F8CA807D58A47CF3D5C9C3790 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 6.741488181478588 |
TrID: |
|
File name: | SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
File size: | 1'112'208 bytes |
MD5: | af1e56057951887a763d4e97670a1036 |
SHA1: | bc0b8c98c0fdbb805b8e8415a860be0966de30be |
SHA256: | 5eb65feae4e36b791ced20aa9fb912311ab3f920613857819a51df2ccba9a485 |
SHA512: | 4a778b1c6ee14ad3f790ab00b421b351d06f05b688a6c80525133a158363602f417a10adfeb09724a2f20e39736df628bbcffe03f44e145550a1cd48d7900269 |
SSDEEP: | 24576:/ZepAVvX2Z3XFt81lUu28MMxO17zJZVtL0n31QIChuUO/vDBTo:BeyWf9HHhVOnl |
TLSH: | A9359E72F7C04833D5331D399D1B93A8952ABD113E29994A3BD83E4C6F39B4139292D7 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 31ec96e89ad6c873 |
Entrypoint: | 0x4baca0 |
Entrypoint Section: | .itext |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x5F34BA0C [Thu Aug 13 03:57:00 2020 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 46416c8511b63786a1666009e2ddb338 |
Signature Valid: | true |
Signature Issuer: | CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | B7FB0098F484B9F0FF7BA177DA2BD9E2 |
Thumbprint SHA-1: | F1CC84829CECD842F8477329822C14778BC319DD |
Thumbprint SHA-256: | 54538B17A367F8712895D95E68227F0AED93C480074D6F0366D91021AAE13B91 |
Serial: | 3257CFD411114333C7EF69768757C055 |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFD8h |
push ebx |
xor eax, eax |
mov dword ptr [ebp-28h], eax |
mov dword ptr [ebp-20h], eax |
mov dword ptr [ebp-1Ch], eax |
mov eax, 004B93E4h |
call 00007F32C4C4F2D5h |
xor eax, eax |
push ebp |
push 004BAED4h |
push dword ptr fs:[eax] |
mov dword ptr fs:[eax], esp |
call 00007F32C4CFFCC2h |
test al, al |
je 00007F32C4D02B08h |
call 00007F32C4C4F59Dh |
mov edx, eax |
lea eax, dword ptr [ebp-1Ch] |
call 00007F32C4C4CE6Bh |
mov eax, dword ptr [ebp-1Ch] |
mov dword ptr [ebp-18h], eax |
mov eax, dword ptr [004BF184h] |
mov eax, dword ptr [eax] |
mov dword ptr [ebp-14h], eax |
lea edx, dword ptr [ebp-18h] |
mov ecx, 00000001h |
mov eax, 004BAEECh |
call 00007F32C4CEF831h |
jmp 00007F32C4D02C7Dh |
mov eax, dword ptr [004BEFF0h] |
cmp byte ptr [eax], 00000000h |
je 00007F32C4D02ADEh |
xor eax, eax |
call 00007F32C4CFF427h |
jmp 00007F32C4D02C67h |
push 00000000h |
push 00000000h |
push 00000000h |
push 00000000h |
push 00000000h |
push 00000000h |
push 00000000h |
call 00007F32C4C4FF63h |
mov eax, dword ptr [004BF19Ch] |
mov eax, dword ptr [eax] |
call 00007F32C4CAF6AFh |
mov eax, dword ptr [004BF19Ch] |
mov eax, dword ptr [eax] |
mov dl, 01h |
call 00007F32C4CB1579h |
call 00007F32C4C4F524h |
mov edx, eax |
lea eax, dword ptr [ebp-20h] |
call 00007F32C4C4CDF2h |
mov eax, dword ptr [ebp-20h] |
mov dword ptr [ebp-18h], eax |
mov eax, dword ptr [004BF184h] |
mov eax, dword ptr [eax] |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc6000 | 0x38bc | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xd8000 | 0x3fa00 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x10d800 | 0x2090 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xcc000 | 0xbd60 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xcb000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xc6ae8 | 0x890 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xb888c | 0xb8a00 | 8770e4a74b05c3dc027df9d42c1b77f0 | False | 0.5139495704976303 | data | 6.590052866643412 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.itext | 0xba000 | 0xf68 | 0x1000 | 2dda39ad0b61184bac071bf88cec4c7c | False | 0.5947265625 | data | 6.262895342213027 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0xbb000 | 0x4440 | 0x4600 | f23457ca3e1d367e8600cc3c1415a959 | False | 0.46004464285714286 | data | 5.1042395000718415 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.bss | 0xc0000 | 0x50a4 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0xc6000 | 0x38bc | 0x3a00 | d2dfe90d644c3fd2873923c8b6328d3e | False | 0.30994073275862066 | data | 5.11583766335277 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0xca000 | 0x38 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0xcb000 | 0x18 | 0x200 | 69dbf0c74609e74a983a570cfc32ffff | False | 0.052734375 | data | 0.20544562813451883 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xcc000 | 0xbd60 | 0xbe00 | 58b19b47703c68e056f2ae85cbba7ea7 | False | 0.6100328947368421 | data | 6.696396278077283 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.rsrc | 0xd8000 | 0x3fa00 | 0x3fa00 | 08230b26bf45d902048d40d3caaba966 | False | 0.4607993614931238 | data | 6.328319191889762 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
TYPELIB | 0xd9c44 | 0x9e8 | data | 0.3801261829652997 | ||
RT_CURSOR | 0xda62c | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.38636363636363635 |
RT_CURSOR | 0xda760 | 0x134 | data | English | United States | 0.4642857142857143 |
RT_CURSOR | 0xda894 | 0x134 | data | English | United States | 0.4805194805194805 |
RT_CURSOR | 0xda9c8 | 0x134 | data | English | United States | 0.38311688311688313 |
RT_CURSOR | 0xdaafc | 0x134 | data | English | United States | 0.36038961038961037 |
RT_CURSOR | 0xdac30 | 0x134 | data | English | United States | 0.4090909090909091 |
RT_CURSOR | 0xdad64 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.4967532467532468 |
RT_BITMAP | 0xdae98 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.43103448275862066 |
RT_BITMAP | 0xdb068 | 0x1e4 | Device independent bitmap graphic, 36 x 19 x 4, image size 380 | English | United States | 0.46487603305785125 |
RT_BITMAP | 0xdb24c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.43103448275862066 |
RT_BITMAP | 0xdb41c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39870689655172414 |
RT_BITMAP | 0xdb5ec | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.4245689655172414 |
RT_BITMAP | 0xdb7bc | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5021551724137931 |
RT_BITMAP | 0xdb98c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5064655172413793 |
RT_BITMAP | 0xdbb5c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39655172413793105 |
RT_BITMAP | 0xdbd2c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5344827586206896 |
RT_BITMAP | 0xdbefc | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39655172413793105 |
RT_BITMAP | 0xdc0cc | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | English | United States | 0.4870689655172414 |
RT_ICON | 0xdc1b4 | 0xb0 | Device independent bitmap graphic, 16 x 32 x 1, image size 128 | Chinese | China | 0.5511363636363636 |
RT_ICON | 0xdc264 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 256 | Chinese | China | 0.5855263157894737 |
RT_ICON | 0xdc394 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | Chinese | China | 0.5844594594594594 |
RT_ICON | 0xdc4bc | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | Chinese | China | 0.5362903225806451 |
RT_ICON | 0xdc7a4 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320 | Chinese | China | 0.4963872832369942 |
RT_ICON | 0xdcd0c | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152 | Chinese | China | 0.47518050541516244 |
RT_ICON | 0xdd5b4 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Chinese | China | 0.34169793621013134 |
RT_ICON | 0xde65c | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Chinese | China | 0.2674273858921162 |
RT_ICON | 0xe0c04 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | Chinese | China | 0.20164147378365613 |
RT_ICON | 0xe4e2c | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | Chinese | China | 0.13193540754761623 |
RT_ICON | 0xf5654 | 0x93d0 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | Chinese | China | 0.9823731501057082 |
RT_DIALOG | 0xfea24 | 0x52 | data | 0.7682926829268293 | ||
RT_DIALOG | 0xfea78 | 0x52 | data | 0.7560975609756098 | ||
RT_STRING | 0xfeacc | 0x2e | Matlab v4 mat-file (little endian) 3, numeric, rows 0, columns 0 | Chinese | China | 0.5434782608695652 |
RT_STRING | 0xfeafc | 0x530 | data | 0.3546686746987952 | ||
RT_STRING | 0xff02c | 0x258 | data | 0.47333333333333333 | ||
RT_STRING | 0xff284 | 0x3f0 | data | 0.3948412698412698 | ||
RT_STRING | 0xff674 | 0x304 | StarOffice Gallery theme N, 1677750016 objects, 1st U | 0.3756476683937824 | ||
RT_STRING | 0xff978 | 0x2ac | data | 0.4649122807017544 | ||
RT_STRING | 0xffc24 | 0xc8 | data | 0.67 | ||
RT_STRING | 0xffcec | 0x108 | data | 0.6060606060606061 | ||
RT_STRING | 0xffdf4 | 0x2a8 | data | 0.4764705882352941 | ||
RT_STRING | 0x10009c | 0x400 | data | 0.388671875 | ||
RT_STRING | 0x10049c | 0x374 | data | 0.40271493212669685 | ||
RT_STRING | 0x100810 | 0x374 | data | 0.36877828054298645 | ||
RT_STRING | 0x100b84 | 0x410 | data | 0.37403846153846154 | ||
RT_STRING | 0x100f94 | 0xd0 | data | 0.5288461538461539 | ||
RT_STRING | 0x101064 | 0xb8 | data | 0.6467391304347826 | ||
RT_STRING | 0x10111c | 0x254 | data | 0.4949664429530201 | ||
RT_STRING | 0x101370 | 0x3c0 | data | 0.315625 | ||
RT_STRING | 0x101730 | 0x368 | data | 0.37844036697247707 | ||
RT_STRING | 0x101a98 | 0x2d0 | data | 0.40555555555555556 | ||
RT_RCDATA | 0x101d68 | 0x168 | PNG image data, 900 x 40, 8-bit/color RGBA, non-interlaced | English | United States | 0.5277777777777778 |
RT_RCDATA | 0x101ed0 | 0x3fc | PNG image data, 35 x 21, 8-bit/color RGBA, non-interlaced | English | United States | 0.6696078431372549 |
RT_RCDATA | 0x1022cc | 0x327 | PNG image data, 900 x 40, 8-bit/color RGBA, non-interlaced | English | United States | 0.3444857496902107 |
RT_RCDATA | 0x1025f4 | 0x327 | PNG image data, 900 x 40, 8-bit/color RGBA, non-interlaced | English | United States | 0.3444857496902107 |
RT_RCDATA | 0x10291c | 0x69d1 | PNG image data, 900 x 40, 8-bit/color RGBA, non-interlaced | English | United States | 0.9856768429990033 |
RT_RCDATA | 0x1092f0 | 0x327 | PNG image data, 900 x 40, 8-bit/color RGBA, non-interlaced | English | United States | 0.3444857496902107 |
RT_RCDATA | 0x109618 | 0xdb | PNG image data, 29 x 28, 8-bit/color RGBA, non-interlaced | English | United States | 1.0365296803652968 |
RT_RCDATA | 0x1096f4 | 0x12a | PNG image data, 29 x 28, 8-bit/color RGBA, non-interlaced | English | United States | 1.0369127516778522 |
RT_RCDATA | 0x109820 | 0x134 | PNG image data, 29 x 28, 8-bit/color RGBA, non-interlaced | English | United States | 1.0357142857142858 |
RT_RCDATA | 0x109954 | 0x10 | data | 1.5 | ||
RT_RCDATA | 0x109964 | 0x670 | PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced | English | United States | 0.8228155339805825 |
RT_RCDATA | 0x109fd4 | 0x1d7 | PNG image data, 12 x 13, 8-bit/color RGBA, interlaced | English | United States | 1.0233545647558386 |
RT_RCDATA | 0x10a1ac | 0x840 | PNG image data, 80 x 20, 8-bit/color RGBA, non-interlaced | English | United States | 1.0052083333333333 |
RT_RCDATA | 0x10a9ec | 0x6cd | PNG image data, 78 x 20, 8-bit/color RGBA, non-interlaced | English | United States | 1.006318207926479 |
RT_RCDATA | 0x10b0bc | 0x959 | PNG image data, 79 x 20, 8-bit/color RGBA, non-interlaced | English | United States | 1.0045967404931049 |
RT_RCDATA | 0x10ba18 | 0x7ce | PNG image data, 100 x 20, 8-bit/color RGBA, non-interlaced | English | United States | 1.0055055055055055 |
RT_RCDATA | 0x10c1e8 | 0x81 | PNG image data, 29 x 28, 8-bit/color RGBA, non-interlaced | English | United States | 0.9534883720930233 |
RT_RCDATA | 0x10c26c | 0xa9 | PNG image data, 29 x 28, 8-bit/color RGBA, non-interlaced | English | United States | 1.029585798816568 |
RT_RCDATA | 0x10c318 | 0xa9 | PNG image data, 29 x 28, 8-bit/color RGBA, non-interlaced | English | United States | 1.029585798816568 |
RT_RCDATA | 0x10c3c4 | 0x4d4 | PNG image data, 33 x 33, 8-bit/color RGBA, interlaced | English | United States | 1.0088996763754046 |
RT_RCDATA | 0x10c898 | 0x4d4 | PNG image data, 33 x 33, 8-bit/color RGBA, interlaced | English | United States | 1.0088996763754046 |
RT_RCDATA | 0x10cd6c | 0x4d4 | PNG image data, 33 x 33, 8-bit/color RGBA, interlaced | English | United States | 1.0088996763754046 |
RT_RCDATA | 0x10d240 | 0x43c | PNG image data, 35 x 21, 8-bit/color RGBA, non-interlaced | English | United States | 0.6964944649446494 |
RT_RCDATA | 0x10d67c | 0x44a | PNG image data, 35 x 21, 8-bit/color RGB, non-interlaced | English | United States | 0.7085610200364298 |
RT_RCDATA | 0x10dac8 | 0x488 | PNG image data, 35 x 21, 8-bit/color RGB, non-interlaced | English | United States | 0.7267241379310345 |
RT_RCDATA | 0x10df50 | 0x334 | PNG image data, 21 x 21, 8-bit/color RGBA, interlaced | English | United States | 1.0134146341463415 |
RT_RCDATA | 0x10e284 | 0x334 | PNG image data, 21 x 21, 8-bit/color RGBA, interlaced | English | United States | 1.0134146341463415 |
RT_RCDATA | 0x10e5b8 | 0x334 | PNG image data, 21 x 21, 8-bit/color RGBA, interlaced | English | United States | 1.0134146341463415 |
RT_RCDATA | 0x10e8ec | 0x3d7 | PNG image data, 35 x 21, 8-bit/color RGBA, non-interlaced | English | United States | 0.6459816887080366 |
RT_RCDATA | 0x10ecc4 | 0x3d7 | PNG image data, 35 x 21, 8-bit/color RGB, non-interlaced | English | United States | 0.646998982706002 |
RT_RCDATA | 0x10f09c | 0x3d7 | PNG image data, 35 x 21, 8-bit/color RGB, non-interlaced | English | United States | 0.659206510681587 |
RT_RCDATA | 0x10f474 | 0x3cd | PNG image data, 35 x 21, 8-bit/color RGBA, non-interlaced | English | United States | 0.6361767728674204 |
RT_RCDATA | 0x10f844 | 0x3cb | PNG image data, 35 x 21, 8-bit/color RGB, non-interlaced | English | United States | 0.6405767250257467 |
RT_RCDATA | 0x10fc10 | 0x3cb | PNG image data, 35 x 21, 8-bit/color RGB, non-interlaced | English | United States | 0.6364572605561277 |
RT_RCDATA | 0x10ffdc | 0x14a | PNG image data, 9 x 11, 8-bit/color RGBA, interlaced | English | United States | 1.0333333333333334 |
RT_RCDATA | 0x110128 | 0x15d | PNG image data, 9 x 10, 8-bit/color RGBA, interlaced | English | United States | 1.0315186246418337 |
RT_RCDATA | 0x110288 | 0x158 | PNG image data, 9 x 10, 8-bit/color RGBA, interlaced | English | United States | 1.0319767441860466 |
RT_RCDATA | 0x1103e0 | 0x3e5 | PNG image data, 35 x 21, 8-bit/color RGBA, non-interlaced | English | United States | 0.6800401203610833 |
RT_RCDATA | 0x1107c8 | 0x3ea | PNG image data, 35 x 21, 8-bit/color RGB, non-interlaced | English | United States | 0.6826347305389222 |
RT_RCDATA | 0x110bb4 | 0x3ea | PNG image data, 35 x 21, 8-bit/color RGB, non-interlaced | English | United States | 0.6816367265469062 |
RT_RCDATA | 0x110fa0 | 0x1d8 | PNG image data, 29 x 28, 8-bit/color RGBA, non-interlaced | English | United States | 1.0233050847457628 |
RT_RCDATA | 0x111178 | 0x1f9 | PNG image data, 29 x 28, 8-bit/color RGBA, non-interlaced | English | United States | 1.0217821782178218 |
RT_RCDATA | 0x111374 | 0x1f6 | PNG image data, 29 x 28, 8-bit/color RGBA, non-interlaced | English | United States | 1.0219123505976095 |
RT_RCDATA | 0x11156c | 0x70c | data | 0.6407982261640798 | ||
RT_RCDATA | 0x111c78 | 0xcf5 | Delphi compiled form 'TFormMain' | 0.4485981308411215 | ||
RT_RCDATA | 0x112970 | 0x2d39 | Delphi compiled form 'TFormMiniReader' | 0.26664939103394664 | ||
RT_RCDATA | 0x1156ac | 0x1c2 | Delphi compiled form 'TFormSkinADBase' | 0.6644444444444444 | ||
RT_RCDATA | 0x115870 | 0xd4c | PNG image data, 134 x 40, 8-bit/color RGBA, non-interlaced | English | United States | 1.0032314923619272 |
RT_RCDATA | 0x1165bc | 0x1bb | PNG image data, 29 x 28, 8-bit/color RGBA, non-interlaced | English | United States | 1.0248306997742664 |
RT_RCDATA | 0x116778 | 0x1be | PNG image data, 29 x 28, 8-bit/color RGBA, non-interlaced | English | United States | 1.0246636771300448 |
RT_RCDATA | 0x116938 | 0x1b3 | PNG image data, 29 x 28, 8-bit/color RGBA, non-interlaced | English | United States | 1.025287356321839 |
RT_GROUP_CURSOR | 0x116aec | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x116b00 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x116b14 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x116b28 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x116b3c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x116b50 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x116b64 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_ICON | 0x116b78 | 0xa0 | data | Chinese | China | 0.65625 |
RT_VERSION | 0x116c18 | 0x260 | data | Chinese | China | 0.5328947368421053 |
RT_MANIFEST | 0x116e78 | 0xa09 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.31218372907746206 |
DLL | Import |
---|---|
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
user32.dll | GetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA |
kernel32.dll | GetACP, Sleep, VirtualFree, VirtualAlloc, GetTickCount, QueryPerformanceCounter, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, CompareStringA, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle |
kernel32.dll | TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA |
user32.dll | CreateWindowExA, WindowFromPoint, WaitMessage, UpdateLayeredWindow, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenuEx, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetDlgItemTextA, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageTimeoutA, SendMessageW, SendMessageA, SendInput, SendDlgItemMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MoveWindow, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadMenuA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsClipboardFormatAvailable, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextLengthA, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastInputInfo, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgCtrlID, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursorInfo, GetCursor, GetClipboardData, GetClientRect, GetClassNameW, GetClassNameA, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowExA, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcW, CallWindowProcA, CallNextHookEx, BeginPaint, AttachThreadInput, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout |
gdi32.dll | UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetNearestPaletteIndex, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CloseEnhMetaFile, BitBlt |
version.dll | VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA |
kernel32.dll | lstrlenW, lstrcpyA, WriteProcessMemory, WriteFile, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualFree, VirtualAllocEx, VirtualAlloc, TerminateProcess, Sleep, SizeofResource, SetThreadLocale, SetThreadAffinityMask, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReadFile, QueryDosDeviceA, OpenProcess, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVolumeInformationA, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLogicalDriveStringsA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileAttributesA, GetExitCodeThread, GetEnvironmentVariableA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCommandLineA, GetCPInfo, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindFirstFileA, FindClose, ExitProcess, EnumCalendarInfoA, EnterCriticalSection, DeviceIoControl, DeleteCriticalSection, CreateThread, CreateRemoteThread, CreateProcessA, CreateFileA, CreateEventA, CompareStringA, CloseHandle |
advapi32.dll | RegSetValueExA, RegSetValueA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegFlushKey, RegEnumValueA, RegEnumKeyExA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, RegOpenCurrentUser, LookupAccountNameA, GetUserNameA |
kernel32.dll | Sleep |
ole32.dll | IsEqualGUID, CoTaskMemFree, StringFromCLSID, CoCreateGuid |
oleaut32.dll | CreateErrorInfo, GetErrorInfo, SetErrorInfo, GetActiveObject, DispGetIDsOfNames, LoadTypeLib, SysFreeString |
ole32.dll | CreateStreamOnHGlobal, IsAccelerator, OleDraw, OleSetMenuDescriptor, RevokeDragDrop, RegisterDragDrop, OleUninitialize, OleInitialize, CoTaskMemFree, CoTaskMemAlloc, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID |
oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit |
comctl32.dll | _TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create |
URLMON.DLL | CoInternetCreateZoneManager, CoInternetCreateSecurityManager, UrlMkGetSessionOption, UrlMkSetSessionOption |
wininet.dll | InternetSetOptionA, InternetReadFile, InternetOpenA, InternetConnectA, InternetCloseHandle, HttpSendRequestA, HttpQueryInfoA, HttpOpenRequestA |
shell32.dll | Shell_NotifyIconA, ShellExecuteA, ExtractIconA |
shell32.dll | SHGetSpecialFolderPathA |
winmm.dll | timeGetTime |
wsock32.dll | send |
kernel32.dll | GetProcAddress, LoadLibraryA, GetModuleHandleA |
ntdll.dll | NtQuerySystemInformation, NtQueryInformationProcess |
advapi32.dll | OpenSCManagerA, EnumServicesStatusA, CloseServiceHandle |
Iphlpapi.dll | GetAdaptersInfo |
kernel32.dll | GetVersionExW |
kernel32.dll | GetComputerNameExA |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, StringFromCLSID |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
Chinese | China |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 12:29:00.450416088 CEST | 55846 | 53 | 192.168.2.7 | 1.1.1.1 |
Apr 19, 2024 12:29:01.462941885 CEST | 55846 | 53 | 192.168.2.7 | 1.1.1.1 |
Apr 19, 2024 12:29:02.478410959 CEST | 55846 | 53 | 192.168.2.7 | 1.1.1.1 |
Apr 19, 2024 12:29:03.049814939 CEST | 53 | 55846 | 1.1.1.1 | 192.168.2.7 |
Apr 19, 2024 12:29:03.049834967 CEST | 53 | 55846 | 1.1.1.1 | 192.168.2.7 |
Apr 19, 2024 12:29:03.049846888 CEST | 53 | 55846 | 1.1.1.1 | 192.168.2.7 |
Apr 19, 2024 12:29:03.268181086 CEST | 65516 | 53 | 192.168.2.7 | 1.1.1.1 |
Apr 19, 2024 12:29:03.595885992 CEST | 53 | 65516 | 1.1.1.1 | 192.168.2.7 |
Apr 19, 2024 12:29:03.652626038 CEST | 61859 | 53 | 192.168.2.7 | 1.1.1.1 |
Apr 19, 2024 12:29:04.650317907 CEST | 61859 | 53 | 192.168.2.7 | 1.1.1.1 |
Apr 19, 2024 12:29:05.650367022 CEST | 61859 | 53 | 192.168.2.7 | 1.1.1.1 |
Apr 19, 2024 12:29:06.136006117 CEST | 53 | 61859 | 1.1.1.1 | 192.168.2.7 |
Apr 19, 2024 12:29:06.136070967 CEST | 53 | 61859 | 1.1.1.1 | 192.168.2.7 |
Apr 19, 2024 12:29:06.136090994 CEST | 53 | 61859 | 1.1.1.1 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 19, 2024 12:29:00.450416088 CEST | 192.168.2.7 | 1.1.1.1 | 0xbbff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 12:29:01.462941885 CEST | 192.168.2.7 | 1.1.1.1 | 0xbbff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 12:29:02.478410959 CEST | 192.168.2.7 | 1.1.1.1 | 0xbbff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 12:29:03.268181086 CEST | 192.168.2.7 | 1.1.1.1 | 0xa7c6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 12:29:03.652626038 CEST | 192.168.2.7 | 1.1.1.1 | 0xd641 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 12:29:04.650317907 CEST | 192.168.2.7 | 1.1.1.1 | 0xd641 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 12:29:05.650367022 CEST | 192.168.2.7 | 1.1.1.1 | 0xd641 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 19, 2024 12:29:03.049814939 CEST | 1.1.1.1 | 192.168.2.7 | 0xbbff | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 12:29:03.049834967 CEST | 1.1.1.1 | 192.168.2.7 | 0xbbff | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 12:29:03.049846888 CEST | 1.1.1.1 | 192.168.2.7 | 0xbbff | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 12:29:03.595885992 CEST | 1.1.1.1 | 192.168.2.7 | 0xa7c6 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 12:29:06.136006117 CEST | 1.1.1.1 | 192.168.2.7 | 0xd641 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 12:29:06.136070967 CEST | 1.1.1.1 | 192.168.2.7 | 0xd641 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 12:29:06.136090994 CEST | 1.1.1.1 | 192.168.2.7 | 0xd641 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 12:28:58 |
Start date: | 19/04/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'112'208 bytes |
MD5 hash: | AF1E56057951887A763D4E97670A1036 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |
Has exited: | true |