Windows
Analysis Report
SecuriteInfo.com.BScope.Backdoor.Androm.14487.24591.exe
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- SecuriteInfo.com.BScope.Backdoor.Androm.14487.24591.exe (PID: 6752 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. BScope.Bac kdoor.Andr om.14487.2 4591.exe" MD5: B1F4DE35BBE7146F49C7D99E1E3428D7)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Binary or memory string: | memstr_0502a3fa-a |
Source: | Static PE information: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Virustotal: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Process Injection | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 DLL Side-Loading | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | 1 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
12% | ReversingLabs | |||
7% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | unknown |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1429026 |
Start date and time: | 2024-04-20 05:31:09 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 2 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SecuriteInfo.com.BScope.Backdoor.Androm.14487.24591.exe |
Detection: | MAL |
Classification: | mal48.winEXE@1/0@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
File type: | |
Entropy (8bit): | 6.66864180726874 |
TrID: |
|
File name: | SecuriteInfo.com.BScope.Backdoor.Androm.14487.24591.exe |
File size: | 6'604'800 bytes |
MD5: | b1f4de35bbe7146f49c7d99e1e3428d7 |
SHA1: | 9327fda584f1bead79ca9e88350213cfe11d86d7 |
SHA256: | 89d19fc31c09ba59b296449138111a40baee2e5d3d85d3ea93874e369db82604 |
SHA512: | 18b390a6ffc8b9f998520504e84280bc313ab12aea0f493a9a80b97377f9ce9088af4b97c87de989e899435508a25f2fac1b0978a14d3209ec411b2981d6836b |
SSDEEP: | 98304:8sA6oJtLXOkEhawOrbo2zJIsZrvYn7lEReWAKgf:82oJtLOkEhawOrb8qTj12f |
TLSH: | 03668D13B285543FD0AB1A36483F9798693FBB603A2A8D5B67F00C5C8F356817D26B47 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 0f0f1d65651f0f0f |
Entrypoint: | 0x93a994 |
Entrypoint Section: | .itext |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x5FA41B1B [Thu Nov 5 15:32:43 2020 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | c7365ceb54c7201bf3502e2b1988b288 |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFF0h |
push ebx |
mov eax, 00928CDCh |
call 00007F6160E33304h |
mov eax, dword ptr [00951D78h] |
mov eax, dword ptr [eax] |
cmp byte ptr [eax+40h], 00000000h |
je 00007F616135B9E2h |
mov eax, dword ptr [00951D78h] |
mov eax, dword ptr [eax] |
call 00007F6161040CAFh |
test al, al |
je 00007F616135B9DEh |
mov eax, dword ptr [00951D78h] |
mov eax, dword ptr [eax] |
mov edx, dword ptr [eax] |
call dword ptr [edx+48h] |
mov ecx, dword ptr [00951AA4h] |
mov eax, dword ptr [00951D78h] |
mov eax, dword ptr [eax] |
mov edx, dword ptr [00928A04h] |
mov ebx, dword ptr [eax] |
call dword ptr [ebx+44h] |
mov eax, dword ptr [00951D78h] |
mov eax, dword ptr [eax] |
mov edx, dword ptr [eax] |
call dword ptr [edx+4Ch] |
pop ebx |
call 00007F6160E2BAD1h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x5e2000 | 0xa0 | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x5dc000 | 0x4700 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x64b000 | 0x90c00 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x5e5000 | 0x65284 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x5e4000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x5dcd40 | 0xae8 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x5e1000 | 0xb0e | .didata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x533af8 | 0x533c00 | 4c2d7f86b007507acec708e0429b4184 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.itext | 0x535000 | 0x59f8 | 0x5a00 | 4b432f63730af58acd1f5c39e593e2e4 | False | 0.46197916666666666 | data | 5.946727425075548 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x53b000 | 0x17438 | 0x17600 | b8afb01465de1d29a4fb40979aefa775 | False | 0.6573466744652406 | data | 6.658850933731549 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.bss | 0x553000 | 0x886a4 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0x5dc000 | 0x4700 | 0x4800 | 8b3b4df6c3a34e3601d3719fc8d4c4bf | False | 0.3083767361111111 | data | 5.263301922913206 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.didata | 0x5e1000 | 0xb0e | 0xc00 | 074f3b7b976d8d9ccebe93027d5aa10b | False | 0.3310546875 | data | 3.987196740345137 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.edata | 0x5e2000 | 0xa0 | 0x200 | f9295b5289476acc35fe1f21c02e7aa8 | False | 0.267578125 | data | 1.986654226521265 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.tls | 0x5e3000 | 0x58 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x5e4000 | 0x5c | 0x200 | 4dfe9679c9789aaf6be6f6643656d090 | False | 0.1875 | data | 1.3630099847922963 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x5e5000 | 0x65284 | 0x65400 | e26fd5601e39d912eeb123b906146665 | False | 0.565721450617284 | data | 6.719712844822282 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.rsrc | 0x64b000 | 0x90c00 | 0x90c00 | b9cbf7a5da4674fd72bc446ca406639a | False | 0.46383176813471505 | data | 6.4062212517945465 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
UNICODEDATA | 0x64dd58 | 0x723f | data | 0.36769583205115053 | ||
UNICODEDATA | 0x654f98 | 0x7ebd | data | 0.42552011095700415 | ||
UNICODEDATA | 0x65ce58 | 0x6a8 | data | 0.5985915492957746 | ||
UNICODEDATA | 0x65d500 | 0xaf7d | data | 0.4191430161380078 | ||
UNICODEDATA | 0x668480 | 0xd3cf | data | 0.4500857569666009 | ||
UNICODEDATA | 0x675850 | 0x14c5 | data | 0.6482979123565921 | ||
RT_CURSOR | 0x676d18 | 0x134 | data | English | United States | 0.2922077922077922 |
RT_CURSOR | 0x676e4c | 0x134 | data | English | United States | 0.4642857142857143 |
RT_CURSOR | 0x676f80 | 0x134 | data | English | United States | 0.4805194805194805 |
RT_CURSOR | 0x6770b4 | 0x134 | data | English | United States | 0.38311688311688313 |
RT_CURSOR | 0x6771e8 | 0x134 | data | English | United States | 0.36038961038961037 |
RT_CURSOR | 0x67731c | 0x134 | data | English | United States | 0.4090909090909091 |
RT_CURSOR | 0x677450 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.4967532467532468 |
RT_CURSOR | 0x677584 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | 0.3961038961038961 | ||
RT_CURSOR | 0x6776b8 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | 0.31493506493506496 | ||
RT_CURSOR | 0x6777ec | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.38636363636363635 |
RT_BITMAP | 0x677920 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.43103448275862066 |
RT_BITMAP | 0x677af0 | 0x1e4 | Device independent bitmap graphic, 36 x 19 x 4, image size 380 | English | United States | 0.46487603305785125 |
RT_BITMAP | 0x677cd4 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.43103448275862066 |
RT_BITMAP | 0x677ea4 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39870689655172414 |
RT_BITMAP | 0x678074 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.4245689655172414 |
RT_BITMAP | 0x678244 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5021551724137931 |
RT_BITMAP | 0x678414 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5064655172413793 |
RT_BITMAP | 0x6785e4 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39655172413793105 |
RT_BITMAP | 0x6787b4 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5344827586206896 |
RT_BITMAP | 0x678984 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39655172413793105 |
RT_BITMAP | 0x678b54 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.5208333333333334 |
RT_BITMAP | 0x678c14 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.42857142857142855 |
RT_BITMAP | 0x678cf4 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.4955357142857143 |
RT_BITMAP | 0x678dd4 | 0x5c | Device independent bitmap graphic, 6 x 11 x 1, image size 44 | English | United States | 0.391304347826087 |
RT_BITMAP | 0x678e30 | 0x5c | Device independent bitmap graphic, 6 x 11 x 1, image size 44 | English | United States | 0.532608695652174 |
RT_BITMAP | 0x678e8c | 0x5c | Device independent bitmap graphic, 6 x 11 x 1, image size 44 | English | United States | 0.4782608695652174 |
RT_BITMAP | 0x678ee8 | 0x5c | Device independent bitmap graphic, 6 x 11 x 1, image size 44 | English | United States | 0.5543478260869565 |
RT_BITMAP | 0x678f44 | 0x5c | Device independent bitmap graphic, 6 x 11 x 1, image size 44 | English | United States | 0.4673913043478261 |
RT_BITMAP | 0x678fa0 | 0x46e | Device independent bitmap graphic, 28 x 13 x 24, image size 1094, resolution 2834 x 2834 px/m | English | United States | 0.328042328042328 |
RT_BITMAP | 0x679410 | 0x46e | Device independent bitmap graphic, 28 x 13 x 24, image size 1094, resolution 2834 x 2834 px/m | English | United States | 0.3289241622574956 |
RT_BITMAP | 0x679880 | 0x46e | Device independent bitmap graphic, 28 x 13 x 24, image size 1094, resolution 2834 x 2834 px/m | English | United States | 0.40476190476190477 |
RT_BITMAP | 0x679cf0 | 0x46e | Device independent bitmap graphic, 28 x 13 x 24, image size 1094, resolution 2834 x 2834 px/m | English | United States | 0.09435626102292768 |
RT_BITMAP | 0x67a160 | 0x46e | Device independent bitmap graphic, 28 x 13 x 24, image size 1094, resolution 2834 x 2834 px/m | English | United States | 0.23721340388007053 |
RT_BITMAP | 0x67a5d0 | 0x46e | Device independent bitmap graphic, 28 x 13 x 24, image size 1094, resolution 2834 x 2834 px/m | English | United States | 0.29188712522045857 |
RT_BITMAP | 0x67aa40 | 0x46e | Device independent bitmap graphic, 28 x 13 x 24, image size 1094, resolution 2834 x 2834 px/m | English | United States | 0.1675485008818342 |
RT_BITMAP | 0x67aeb0 | 0x46e | Device independent bitmap graphic, 28 x 13 x 24, image size 1094, resolution 2834 x 2834 px/m | English | United States | 0.2892416225749559 |
RT_BITMAP | 0x67b320 | 0x46e | Device independent bitmap graphic, 28 x 13 x 24, image size 1094, resolution 2834 x 2834 px/m | English | United States | 0.2751322751322751 |
RT_BITMAP | 0x67b790 | 0x46e | Device independent bitmap graphic, 28 x 13 x 24, image size 1094, resolution 2834 x 2834 px/m | English | United States | 0.30776014109347444 |
RT_BITMAP | 0x67bc00 | 0x46e | Device independent bitmap graphic, 28 x 13 x 24, image size 1094, resolution 2834 x 2834 px/m | English | United States | 0.2777777777777778 |
RT_BITMAP | 0x67c070 | 0x46e | Device independent bitmap graphic, 28 x 13 x 24, image size 1094, resolution 2834 x 2834 px/m | English | United States | 0.41887125220458554 |
RT_BITMAP | 0x67c4e0 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.38392857142857145 |
RT_BITMAP | 0x67c5c0 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.4947916666666667 |
RT_BITMAP | 0x67c680 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.484375 |
RT_BITMAP | 0x67c740 | 0x2a4 | Device independent bitmap graphic, 84 x 13 x 4, image size 572, 16 important colors | 0.257396449704142 | ||
RT_BITMAP | 0x67c9e4 | 0x128 | Device independent bitmap graphic, 28 x 12 x 4, image size 192 | 0.5337837837837838 | ||
RT_BITMAP | 0x67cb0c | 0x128 | Device independent bitmap graphic, 28 x 12 x 4, image size 192, 16 important colors | 0.5067567567567568 | ||
RT_BITMAP | 0x67cc34 | 0xc8 | Device independent bitmap graphic, 14 x 12 x 4, image size 96, resolution 2835 x 2835 px/m, 16 important colors | 0.48 | ||
RT_BITMAP | 0x67ccfc | 0xc8 | Device independent bitmap graphic, 14 x 12 x 4, image size 96, resolution 2835 x 2835 px/m, 16 important colors | 0.58 | ||
RT_BITMAP | 0x67cdc4 | 0xc8 | Device independent bitmap graphic, 14 x 12 x 4, image size 96 | 0.535 | ||
RT_BITMAP | 0x67ce8c | 0xc8 | Device independent bitmap graphic, 14 x 12 x 4, image size 96, resolution 3811 x 3811 px/m, 16 important colors | 0.65 | ||
RT_BITMAP | 0x67cf54 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.42410714285714285 |
RT_BITMAP | 0x67d034 | 0xc58 | Device independent bitmap graphic, 51 x 20 x 24, image size 3120 | English | United States | 0.45126582278481014 |
RT_BITMAP | 0x67dc8c | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.5104166666666666 |
RT_BITMAP | 0x67dd4c | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.5 |
RT_BITMAP | 0x67de2c | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | English | United States | 0.4870689655172414 |
RT_BITMAP | 0x67df14 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.4895833333333333 |
RT_BITMAP | 0x67dfd4 | 0xc8 | Device independent bitmap graphic, 13 x 12 x 4, image size 96 | English | United States | 0.445 |
RT_BITMAP | 0x67e09c | 0xc8 | Device independent bitmap graphic, 13 x 12 x 4, image size 96 | English | United States | 0.48 |
RT_BITMAP | 0x67e164 | 0x4e8 | Device independent bitmap graphic, 13 x 12 x 8, image size 192 | English | United States | 0.39888535031847133 |
RT_BITMAP | 0x67e64c | 0xd0 | Device independent bitmap graphic, 12 x 13 x 4, image size 104 | English | United States | 0.5625 |
RT_BITMAP | 0x67e71c | 0xd0 | Device independent bitmap graphic, 12 x 13 x 4, image size 104 | English | United States | 0.4855769230769231 |
RT_BITMAP | 0x67e7ec | 0xd0 | Device independent bitmap graphic, 12 x 13 x 4, image size 104 | English | United States | 0.4326923076923077 |
RT_BITMAP | 0x67e8bc | 0xd0 | Device independent bitmap graphic, 12 x 13 x 4, image size 104 | English | United States | 0.5576923076923077 |
RT_BITMAP | 0x67e98c | 0xd0 | Device independent bitmap graphic, 12 x 13 x 4, image size 104 | English | United States | 0.4807692307692308 |
RT_BITMAP | 0x67ea5c | 0xd0 | Device independent bitmap graphic, 12 x 13 x 4, image size 104 | English | United States | 0.5625 |
RT_BITMAP | 0x67eb2c | 0x4e8 | Device independent bitmap graphic, 13 x 12 x 8, image size 192 | English | United States | 0.4036624203821656 |
RT_BITMAP | 0x67f014 | 0x4e8 | Device independent bitmap graphic, 13 x 12 x 8, image size 192 | English | United States | 0.4124203821656051 |
RT_BITMAP | 0x67f4fc | 0x4e8 | Device independent bitmap graphic, 13 x 12 x 8, image size 192 | English | United States | 0.4028662420382166 |
RT_BITMAP | 0x67f9e4 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.3794642857142857 |
RT_ICON | 0x67fac4 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | United States | 0.6897163120567376 |
RT_ICON | 0x67ff2c | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | English | United States | 0.5733606557377049 |
RT_ICON | 0x6808b4 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | United States | 0.4896810506566604 |
RT_ICON | 0x68195c | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | United States | 0.38392116182572616 |
RT_ICON | 0x683f04 | 0x9978 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9986000814498066 |
RT_DIALOG | 0x68d87c | 0x52 | data | 0.7682926829268293 | ||
RT_DIALOG | 0x68d8d0 | 0x52 | data | 0.7560975609756098 | ||
RT_STRING | 0x68d924 | 0x102 | data | Russian | Russia | 0.5891472868217055 |
RT_STRING | 0x68da28 | 0xd0 | data | English | United States | 0.6105769230769231 |
RT_STRING | 0x68daf8 | 0x40 | data | English | United States | 0.53125 |
RT_STRING | 0x68db38 | 0xc4 | Matlab v4 mat-file (little endian) u, numeric, rows 0, columns 0 | French | France | 0.6377551020408163 |
RT_STRING | 0x68dbfc | 0xa0 | data | French | France | 0.6375 |
RT_STRING | 0x68dc9c | 0x7c | data | German | Germany | 0.7016129032258065 |
RT_STRING | 0x68dd18 | 0xbe | data | German | Germany | 0.6263157894736842 |
RT_STRING | 0x68ddd8 | 0x150 | data | Italian | Italy | 0.5476190476190477 |
RT_STRING | 0x68df28 | 0xde | data | Polish | Poland | 0.6711711711711712 |
RT_STRING | 0x68e008 | 0x46 | AmigaOS bitmap font "r", 21504 elements, 2nd, 3rd | Polish | Poland | 0.6285714285714286 |
RT_STRING | 0x68e050 | 0xac | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | Portuguese | Portugal | 0.6976744186046512 |
RT_STRING | 0x68e0fc | 0x9a | data | Portuguese | Portugal | 0.6233766233766234 |
RT_STRING | 0x68e198 | 0x66 | data | 0.6764705882352942 | ||
RT_STRING | 0x68e200 | 0xd6 | data | 0.6074766355140186 | ||
RT_STRING | 0x68e2d8 | 0x6a | data | 0.5849056603773585 | ||
RT_STRING | 0x68e344 | 0x8e | data | 0.6690140845070423 | ||
RT_STRING | 0x68e3d4 | 0x1d6 | data | 0.5319148936170213 | ||
RT_STRING | 0x68e5ac | 0x244 | data | 0.49482758620689654 | ||
RT_STRING | 0x68e7f0 | 0x19a | data | 0.5219512195121951 | ||
RT_STRING | 0x68e98c | 0x92 | data | 0.678082191780822 | ||
RT_STRING | 0x68ea20 | 0x24 | data | 0.4166666666666667 | ||
RT_STRING | 0x68ea44 | 0x468 | data | 0.3820921985815603 | ||
RT_STRING | 0x68eeac | 0xbac | data | 0.23560910307898258 | ||
RT_STRING | 0x68fa58 | 0x3f8 | data | 0.4360236220472441 | ||
RT_STRING | 0x68fe50 | 0x884 | data | 0.11788990825688074 | ||
RT_STRING | 0x6906d4 | 0x888 | data | 0.13873626373626374 | ||
RT_STRING | 0x690f5c | 0x7fc | data | 0.15851272015655576 | ||
RT_STRING | 0x691758 | 0x810 | data | 0.15746124031007752 | ||
RT_STRING | 0x691f68 | 0x9b4 | data | 0.12077294685990338 | ||
RT_STRING | 0x69291c | 0x968 | data | 0.12666112956810632 | ||
RT_STRING | 0x693284 | 0x3b8 | data | 0.40756302521008403 | ||
RT_STRING | 0x69363c | 0x240 | data | 0.3784722222222222 | ||
RT_STRING | 0x69387c | 0x19c | data | 0.470873786407767 | ||
RT_STRING | 0x693a18 | 0x124 | data | 0.5205479452054794 | ||
RT_STRING | 0x693b3c | 0xfc | data | 0.6190476190476191 | ||
RT_STRING | 0x693c38 | 0x144 | data | 0.5432098765432098 | ||
RT_STRING | 0x693d7c | 0x440 | data | 0.42371323529411764 | ||
RT_STRING | 0x6941bc | 0x590 | data | 0.34831460674157305 | ||
RT_STRING | 0x69474c | 0x5a4 | data | 0.3656509695290859 | ||
RT_STRING | 0x694cf0 | 0x588 | data | 0.375 | ||
RT_STRING | 0x695278 | 0x3e4 | data | 0.3493975903614458 | ||
RT_STRING | 0x69565c | 0x70c | data | 0.21840354767184036 | ||
RT_STRING | 0x695d68 | 0x48c | data | 0.41323024054982815 | ||
RT_STRING | 0x6961f4 | 0x404 | data | 0.3424124513618677 | ||
RT_STRING | 0x6965f8 | 0x4bc | data | 0.2623762376237624 | ||
RT_STRING | 0x696ab4 | 0x400 | data | 0.33203125 | ||
RT_STRING | 0x696eb4 | 0x488 | data | 0.41724137931034483 | ||
RT_STRING | 0x69733c | 0x688 | data | 0.30801435406698563 | ||
RT_STRING | 0x6979c4 | 0x3d0 | data | 0.4108606557377049 | ||
RT_STRING | 0x697d94 | 0x410 | data | 0.31826923076923075 | ||
RT_STRING | 0x6981a4 | 0x374 | data | 0.4287330316742081 | ||
RT_STRING | 0x698518 | 0x36c | data | 0.4223744292237443 | ||
RT_STRING | 0x698884 | 0x3ec | data | 0.34760956175298807 | ||
RT_STRING | 0x698c70 | 0x584 | data | 0.2556657223796034 | ||
RT_STRING | 0x6991f4 | 0x4a4 | data | 0.35353535353535354 | ||
RT_STRING | 0x699698 | 0x3dc | data | 0.3248987854251012 | ||
RT_STRING | 0x699a74 | 0x404 | data | 0.43093385214007784 | ||
RT_STRING | 0x699e78 | 0x3f8 | data | 0.4124015748031496 | ||
RT_STRING | 0x69a270 | 0x424 | data | 0.3650943396226415 | ||
RT_STRING | 0x69a694 | 0x2b8 | StarOffice Gallery theme l, 1677731072 objects, 1st l | 0.45545977011494254 | ||
RT_STRING | 0x69a94c | 0xa0 | data | 0.7125 | ||
RT_STRING | 0x69a9ec | 0xe4 | data | 0.6359649122807017 | ||
RT_STRING | 0x69aad0 | 0x2c4 | data | 0.4138418079096045 | ||
RT_STRING | 0x69ad94 | 0x254 | data | 0.4865771812080537 | ||
RT_STRING | 0x69afe8 | 0x3d0 | data | 0.3698770491803279 | ||
RT_STRING | 0x69b3b8 | 0x3b8 | data | 0.3760504201680672 | ||
RT_STRING | 0x69b770 | 0x444 | data | 0.358974358974359 | ||
RT_STRING | 0x69bbb4 | 0x350 | data | 0.30778301886792453 | ||
RT_STRING | 0x69bf04 | 0x3d8 | data | 0.4247967479674797 | ||
RT_STRING | 0x69c2dc | 0x45c | data | 0.38082437275985664 | ||
RT_STRING | 0x69c738 | 0x57c | data | 0.34971509971509973 | ||
RT_STRING | 0x69ccb4 | 0x394 | data | 0.38318777292576417 | ||
RT_STRING | 0x69d048 | 0x3a0 | data | 0.3286637931034483 | ||
RT_STRING | 0x69d3e8 | 0x40c | data | 0.3735521235521235 | ||
RT_STRING | 0x69d7f4 | 0xd0 | data | 0.5288461538461539 | ||
RT_STRING | 0x69d8c4 | 0xb8 | data | 0.6467391304347826 | ||
RT_STRING | 0x69d97c | 0x298 | data | 0.4819277108433735 | ||
RT_STRING | 0x69dc14 | 0x438 | data | 0.3212962962962963 | ||
RT_STRING | 0x69e04c | 0x344 | data | 0.39593301435406697 | ||
RT_STRING | 0x69e390 | 0x2dc | data | 0.38114754098360654 | ||
RT_STRING | 0x69e66c | 0x34c | data | 0.3246445497630332 | ||
RT_RCDATA | 0x69e9b8 | 0xcbf | PNG image data, 60 x 20, 8-bit/color RGBA, non-interlaced | English | United States | 1.0033711308611708 |
RT_RCDATA | 0x69f678 | 0x3a5 | PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced | English | United States | 1.0117899249732047 |
RT_RCDATA | 0x69fa20 | 0x286ac | TrueType Font data, 13 tables, 1st "FFTM", 24 names, Macintosh | English | United States | 0.5930183390919854 |
RT_RCDATA | 0x6c80cc | 0x10 | data | 1.5 | ||
RT_RCDATA | 0x6c80dc | 0x1394 | data | 0.5203511572226656 | ||
RT_RCDATA | 0x6c9470 | 0x2 | data | English | United States | 5.0 |
RT_RCDATA | 0x6c9474 | 0x5ea | PNG image data, 48 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 1.0072655217965654 |
RT_RCDATA | 0x6c9a60 | 0x5c9 | PNG image data, 48 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 1.0074274139095205 |
RT_RCDATA | 0x6ca02c | 0x314 | PNG image data, 48 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 1.013959390862944 |
RT_RCDATA | 0x6ca340 | 0xb88 | PNG image data, 48 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 0.9088753387533876 |
RT_RCDATA | 0x6caec8 | 0xabc | PNG image data, 48 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 0.8966521106259098 |
RT_RCDATA | 0x6cb984 | 0xb4af | Delphi compiled form 'Td' | 0.18999027132201923 | ||
RT_RCDATA | 0x6d6e34 | 0x153 | Delphi compiled form 'TForm2' | 0.7197640117994101 | ||
RT_RCDATA | 0x6d6f88 | 0xc3 | Delphi compiled form 'Tfscarga' | 0.8615384615384616 | ||
RT_RCDATA | 0x6d704c | 0x494 | Delphi compiled form 'TLoginDialog' | 0.48976109215017066 | ||
RT_RCDATA | 0x6d74e0 | 0x3c4 | Delphi compiled form 'TPasswordDialog' | 0.4678423236514523 | ||
RT_RCDATA | 0x6d78a4 | 0x572 | Delphi compiled form 'TPathDialogForm' | 0.5186513629842181 | ||
RT_RCDATA | 0x6d7e18 | 0x1984 | Delphi compiled form 'TsCalcForm' | 0.1979485609308022 | ||
RT_RCDATA | 0x6d979c | 0x15b4 | Delphi compiled form 'TsColorDialogForm' | 0.32199424046076314 | ||
RT_RCDATA | 0x6dad50 | 0x1c0 | Delphi compiled form 'TsPopupCalendar' | 0.671875 | ||
RT_GROUP_CURSOR | 0x6daf10 | 0x14 | data | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x6daf24 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x6daf38 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x6daf4c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x6daf60 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x6daf74 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x6daf88 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x6daf9c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x6dafb0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x6dafc4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_ICON | 0x6dafd8 | 0x4c | data | English | United States | 0.7763157894736842 |
RT_VERSION | 0x6db024 | 0x34c | data | English | United States | 0.4537914691943128 |
RT_MANIFEST | 0x6db370 | 0x69f | XML 1.0 document, ASCII text, with CRLF, LF line terminators | English | United States | 0.4176991150442478 |
DLL | Import |
---|---|
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
advapi32.dll | RegQueryValueExW, RegOpenKeyExW, RegCloseKey |
user32.dll | CharNextW, LoadStringW |
kernel32.dll | Sleep, VirtualFree, VirtualAlloc, lstrlenW, VirtualQuery, QueryPerformanceCounter, GetTickCount, GetSystemInfo, GetVersion, CompareStringW, IsDBCSLeadByteEx, IsValidLocale, SetThreadLocale, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetLocaleInfoW, WideCharToMultiByte, MultiByteToWideChar, GetConsoleOutputCP, GetConsoleCP, GetACP, LoadLibraryExW, GetStartupInfoW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetCommandLineW, FreeLibrary, GetLastError, UnhandledExceptionFilter, RtlUnwind, RaiseException, ExitProcess, ExitThread, SwitchToThread, GetCurrentThreadId, CreateThread, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, FindFirstFileW, FindClose, CreateDirectoryW, WriteFile, SetFilePointer, SetEndOfFile, ReadFile, GetFileType, GetFileSize, CreateFileW, GetStdHandle, CloseHandle |
kernel32.dll | GetProcAddress, RaiseException, LoadLibraryA, GetLastError, TlsSetValue, TlsGetValue, LocalFree, LocalAlloc, GetModuleHandleW, FreeLibrary |
user32.dll | SetClassLongW, GetClassLongW, SetWindowLongW, GetWindowLongW, CreateWindowExW, WindowFromPoint, WindowFromDC, WaitMessage, ValidateRect, UpdateWindow, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCaret, SetWindowRgn, SetWindowsHookExW, SetWindowTextW, SetWindowPos, SetWindowPlacement, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetKeyboardState, SetForegroundWindow, SetFocus, SetCursorPos, SetCursor, SetClipboardData, SetCaretPos, SetCapture, SetActiveWindow, SendMessageA, SendMessageW, ScrollWindowEx, ScrollWindow, ScreenToClient, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PtInRect, PostThreadMessageW, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OpenClipboard, OffsetRect, NotifyWinEvent, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MoveWindow, MessageBoxIndirectW, MessageBoxA, MessageBoxW, MessageBeep, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadKeyboardLayoutW, LoadImageW, LoadIconW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsDialogMessageW, IsClipboardFormatAvailable, IsChild, IsCharAlphaNumericW, IsCharAlphaW, InvalidateRect, InsertMenuItemW, InsertMenuW, HideCaret, GetWindowThreadProcessId, GetWindowTextLengthW, GetWindowTextW, GetWindowRgn, GetWindowRect, GetWindowPlacement, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetScrollBarInfo, GetPropW, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMessageExtraInfo, GetMessageW, GetMenuStringW, GetMenuState, GetMenuItemRect, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDoubleClickTime, GetDlgCtrlID, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameW, GetClassInfoExW, GetClassInfoW, GetCaretPos, GetCapture, GetAsyncKeyState, GetActiveWindow, FrameRect, FindWindowExW, FindWindowW, FillRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EnumChildWindows, EndPaint, EndMenu, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExW, DrawTextW, DrawStateW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DestroyCaret, DeleteMenu, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIconIndirect, CreateIcon, CreateCaret, CreateAcceleratorTableW, CountClipboardFormats, CopyRect, CopyImage, CopyIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CharUpperBuffW, CharUpperW, CharNextW, CharLowerBuffW, CharLowerW, CallWindowProcW, CallNextHookEx, BeginPaint, CharLowerBuffA, CharUpperBuffA, AdjustWindowRectEx, ActivateKeyboardLayout |
gdi32.dll | UnrealizeObject, StretchDIBits, StretchBlt, StartPage, StartDocW, SetWindowOrgEx, SetWindowExtEx, SetWinMetaFileBits, SetViewportOrgEx, SetViewportExtEx, SetTextColor, SetStretchBltMode, SetRectRgn, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBits, SetDIBColorTable, SetDCPenColor, SetBrushOrgEx, SetBkMode, SetBkColor, SetBitmapBits, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, ResizePalette, RemoveFontMemResourceEx, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PolyPolyline, PolyBezierTo, PolyBezier, PlgBlt, PlayEnhMetaFile, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetViewportOrgEx, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32W, GetSystemPaletteEntries, GetStretchBltMode, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectW, GetNearestPaletteIndex, GetGlyphOutlineW, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionW, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetCurrentPositionEx, GetCurrentObject, GetClipBox, GetBrushOrgEx, GetBitmapDimensionEx, GetBitmapBits, GdiFlush, FrameRgn, ExtTextOutW, ExtFloodFill, ExtCreatePen, ExcludeClipRect, EnumFontsW, EnumFontFamiliesExW, EndPage, EndDoc, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePen, CreatePalette, CreateICW, CreateHalftonePalette, CreateFontIndirectW, CreateDIBitmap, CreateDIBSection, CreateDCW, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileW, CombineRgn, Chord, BitBlt, ArcTo, Arc, AngleArc, AddFontMemResourceEx, AbortDoc |
version.dll | VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW |
kernel32.dll | lstrcmpiA, lstrcmpW, WriteProcessMemory, WriteFile, WideCharToMultiByte, WaitNamedPipeW, WaitForSingleObject, WaitForMultipleObjectsEx, WaitForMultipleObjects, VirtualQueryEx, VirtualQuery, VirtualProtectEx, VirtualProtect, VirtualFreeEx, VirtualFree, VirtualAllocEx, VirtualAlloc, VerSetConditionMask, VerifyVersionInfoW, TryEnterCriticalSection, TerminateThread, SwitchToThread, SuspendThread, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetNamedPipeHandleState, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryW, ReleaseMutex, ReadProcessMemory, ReadFile, RaiseException, QueryPerformanceFrequency, QueryPerformanceCounter, IsDebuggerPresent, OpenProcess, MultiByteToWideChar, MulDiv, MoveFileW, LockResource, LocalFree, LoadResource, LoadLibraryW, LoadLibraryExW, LeaveCriticalSection, IsValidLocale, InitializeCriticalSection, HeapSize, HeapFree, HeapDestroy, HeapCreate, HeapAlloc, GlobalUnlock, GlobalSize, GlobalLock, GlobalFree, GlobalFindAtomW, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomW, GetVersionExW, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadPriority, GetThreadLocale, GetSystemInfo, GetStringTypeExA, GetStringTypeExW, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileAttributesW, GetExitCodeThread, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCPInfoExW, GetCPInfo, GetACP, FreeResource, FreeLibrary, FormatMessageW, FindResourceW, FindNextFileW, FindNextChangeNotification, FindFirstFileW, FindFirstChangeNotificationW, FindCloseChangeNotification, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumSystemLocalesW, EnumResourceNamesW, EnumCalendarInfoW, EnterCriticalSection, DeleteFileW, DeleteCriticalSection, CreateThread, CreateMutexW, CreateFileW, CreateEventW, CreateDirectoryW, CompareStringA, CompareStringW, CloseHandle |
advapi32.dll | ReportEventW, RegisterEventSourceW, RegUnLoadKeyW, RegSetValueExW, RegSaveKeyW, RegRestoreKeyW, RegReplaceKeyW, RegQueryValueExA, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExA, RegOpenKeyExW, RegLoadKeyW, RegFlushKey, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegConnectRegistryW, RegCloseKey, DeregisterEventSource |
advapi32.dll | StartServiceCtrlDispatcherW, SetServiceStatus, RegisterServiceCtrlHandlerW, OpenServiceW, OpenSCManagerW, DeleteService, CreateServiceW, CloseServiceHandle |
IMAGEHLP.DLL | ImageDirectoryEntryToData |
kernel32.dll | Sleep |
netapi32.dll | NetApiBufferFree, NetWkstaGetInfo |
oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit |
oleaut32.dll | GetErrorInfo, VariantInit, SysStringLen, SysFreeString |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoTaskMemAlloc, StringFromCLSID, CoCreateInstance, CoGetMalloc, CoUninitialize, CoInitialize, IsEqualGUID |
comctl32.dll | InitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_GetImageInfo, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Copy, ImageList_LoadImageW, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_SetOverlayImage, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls |
user32.dll | EnumDisplayMonitors, GetMonitorInfoW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow |
msvcrt.dll | memset, memcpy |
shell32.dll | ShellExecuteExW, ShellExecuteW, Shell_NotifyIconW, ExtractIconW |
shell32.dll | SHGetSpecialFolderLocation, SHGetMalloc, SHGetDesktopFolder |
winspool.drv | OpenPrinterW, EnumPrintersW, DocumentPropertiesW, ClosePrinter |
winspool.drv | GetDefaultPrinterW |
wsock32.dll | __WSAFDIsSet, WSACleanup, WSAStartup, WSAGetLastError, gethostbyname, socket, shutdown, setsockopt, send, select, recv, ntohs, listen, ioctlsocket, inet_ntoa, inet_addr, htons, getsockopt, getsockname, connect, closesocket, bind, accept |
winmm.dll | sndPlaySoundW |
kernel32.dll | MulDiv |
oleacc.dll | LresultFromObject |
kernel32.dll | GetVersionExW |
Name | Ordinal | Address |
---|---|---|
TMethodImplementationIntercept | 3 | 0x469904 |
__dbk_fcall_wrapper | 2 | 0x4121a8 |
dbkFCallWrapperAddr | 1 | 0x956634 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
Russian | Russia | |
French | France | |
German | Germany | |
Italian | Italy | |
Polish | Poland | |
Portuguese | Portugal |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Analysis Process: SecuriteInfo.com.BScope.Backdoor.Androm.14487.24591.exePID: 6752, Parent PID: 1028
Target ID: | 0 |
Start time: | 05:32:02 |
Start date: | 20/04/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.BScope.Backdoor.Androm.14487.24591.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 6'604'800 bytes |
MD5 hash: | B1F4DE35BBE7146F49C7D99E1E3428D7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |
Has exited: | true |