Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BDFirm180.exe

Overview

General Information

Sample name:BDFirm180.exe
Analysis ID:1432310
MD5:d1d78d33fb33f1d0a0d217c77febb364
SHA1:f1eb83f04a4d6a57f546164846f99db6a4e3c569
SHA256:3493225143e3b0935083fd7b2c66cead25b4d639486520934e2f18e6b4540254
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Drops PE files
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64_ra
  • BDFirm180.exe (PID: 6924 cmdline: "C:\Users\user\Desktop\BDFirm180.exe" MD5: D1D78D33FB33F1D0A0D217C77FEBB364)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: BDFirm180.exeVirustotal: Detection: 16%Perma Link
Source: BDFirm180.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: BDFirm180.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: BDFirm180.exeStatic PE information: Resource name: DLL type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: BDFirm180.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal48.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\BDFirm180.exeMutant created: \Sessions\1\BaseNamedObjects\Roland Firmware Installer
Source: C:\Users\user\Desktop\BDFirm180.exeMutant created: \Sessions\1\BaseNamedObjects\Global\RemoteController ROBI
Source: C:\Users\user\Desktop\BDFirm180.exeFile created: C:\Users\user\AppData\Local\Temp\RemoteCTR.DLL
Source: BDFirm180.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\BDFirm180.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: BDFirm180.exeVirustotal: Detection: 16%
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: apphelp.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: msimg32.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: dwmapi.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: wsock32.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: snmpapi.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: mgmtapi.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: oleacc.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: winmm.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: wsnmp32.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: dnsapi.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: mswsock.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: textshaping.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: napinsp.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: pnrpnsp.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: wshbth.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: nlaapi.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: winrnr.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\BDFirm180.exeSection loaded: rasadhlp.dll
Source: BDFirm180.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: BDFirm180.exeStatic file information: File size 6023168 > 1048576
Source: BDFirm180.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x14e000
Source: BDFirm180.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x3b9600
Source: BDFirm180.exeStatic PE information: More than 200 imports for USER32.dll
Source: BDFirm180.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: BDFirm180.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: BDFirm180.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: BDFirm180.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: BDFirm180.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: BDFirm180.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\BDFirm180.exeFile created: C:\Users\user\AppData\Local\Temp\RemoteCTR.DLLJump to dropped file
Source: C:\Users\user\Desktop\BDFirm180.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\BDFirm180.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\BDFirm180.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\BDFirm180.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\BDFirm180.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RemoteCTR.DLLJump to dropped file

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
DLL Side-Loading		1
DLL Side-Loading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
BDFirm180.exe17%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\RemoteCTR.DLL0%ReversingLabs
C:\Users\user\AppData\Local\Temp\RemoteCTR.DLL0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1432310
Start date and time:2024-04-26 20:44:16 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:17
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Sample name:BDFirm180.exe
Detection:MAL
Classification:mal48.winEXE@1/1@0/0
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Local\Temp\RemoteCTR.DLL

Download File
Process:C:\Users\user\Desktop\BDFirm180.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):159744
Entropy (8bit):5.609642457588111
Encrypted:false
SSDEEP:
MD5:09F1A7B67302A71EA2EA1B42C48E8D7C
SHA1:84DD174986CA6D03D9D7166E42315987FDD5BF7F
SHA-256:5AE3F1CC2D31693AF555093D73985F678DCE8E34F0D43A998E64A6E56B457DB1
SHA-512:8FD9CEEC43777CCCBA078CE2053E270DF3DB9731FE9755105013955BFD992612958EA3764EDB965EC296664A00B80D2D19BFFD4E22EB008641EB56EBA34A9A00
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................................................R.....j.....Rich...........................PE..L......R...........!.....`...0.......H.......p..........................................................................y...........0..X"...................`..|....................................................p...............................text...NR.......`.................. ..`.rdata..yJ...p...P...p..............@..@.data...@n.......@..................@....rsrc...X"...0...0..................@..@.reloc..*0...`...@...0..............@..B........................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):7.422332789308003
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:BDFirm180.exe
File size:6'023'168 bytes
MD5:d1d78d33fb33f1d0a0d217c77febb364
SHA1:f1eb83f04a4d6a57f546164846f99db6a4e3c569
SHA256:3493225143e3b0935083fd7b2c66cead25b4d639486520934e2f18e6b4540254
SHA512:926a863e57ac213b171307fd518f35c59f95b8f010021904546e43342a3254969800f4e7b15ce28802e8efcc72502aa02fc27246cce70353bb83f11cabf74952
SSDEEP:98304:SKInouWSR9VquHQ7VzQ69Rh/h+rrL+/wUbfoblz73CkCgiHRBFeC:g3HQu69Rh/ATEbAB33CkCvxBh
TLSH:F7560232F9918076D5731271DB9CB3B866EDBB700F320287A7A45E2D6E718835938763
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........'..fIA.fIA.fIA<..A.fIA<..A.fIA<..A.fIA<..A.fIA...A.fIA...AtfIA...A.gIA.i.A.fIA.fHA.eIA...A.fIA...A.fIA.f.A.fIA...A.fIARich.fI

File Icon

Icon Hash:0f33313353f8a667

Static PE Info

General

Entrypoint:0x5255bb
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x66221E90 [Fri Apr 19 07:34:40 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:777669d4de7505c9eca41244575a69cd

Entrypoint Preview

Instruction
call 00007FD6F18B2A69h
jmp 00007FD6F18AA800h
cmp ecx, dword ptr [005A2740h]
jne 00007FD6F18AA974h
rep ret
jmp 00007FD6F18AC0B3h
push ecx
mov dword ptr [ecx], 0057920Ch
call 00007FD6F18B2D41h
pop ecx
ret
push ebp
mov ebp, esp
lea eax, dword ptr [ecx+09h]
push eax
mov eax, dword ptr [ebp+08h]
add eax, 09h
push eax
call 00007FD6F18B2CA0h
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
pop ebp
retn 0004h
push ebp
mov ebp, esp
push esi
mov esi, ecx
call 00007FD6F18AA93Eh
test byte ptr [ebp+08h], 00000001h
je 00007FD6F18AA979h
push esi
call 00007FD6F17952EFh
pop ecx
mov eax, esi
pop esi
pop ebp
retn 0004h
push ebp
mov ebp, esp
push dword ptr [ebp+18h]
push 00000000h
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+08h]
call 00007FD6F18AA97Ah
add esp, 18h
pop ebp
ret
push ebp
mov ebp, esp
push ecx
cmp dword ptr [ebp+14h], 00000000h
jne 00007FD6F18AA987h
call 00007FD6F18AD6C4h
mov dword ptr [eax], 00000016h
call 00007FD6F18B2E96h
or eax, FFFFFFFFh
leave
ret
push ebx
push esi
mov esi, dword ptr [ebp+08h]
push edi
mov edi, dword ptr [ebp+10h]
test edi, edi
jne 00007FD6F18AA986h
test esi, esi
jne 00007FD6F18AA98Ah
cmp dword ptr [ebp+0Ch], esi
jne 00007FD6F18AAA24h
xor eax, eax
jmp 00007FD6F18AAA2Fh
test esi, esi
je 00007FD6F18AAA15h

Rich Headers

Programming Language:
  • [RES] VS2012 build 50727
  • [LNK] VS2012 build 50727

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x19a7000x1e0.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x1ac0000x3b9450.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x5660000x1c8a8.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x180b180x40.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x14f0000xa5c.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x14df330x14e000b7066e358c834afa4b282c7383d79247False0.5564834686096557data6.542419943843688IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x14f0000x4eefe0x4f000c0cb6e5af38e4a92c2cb432a060bc9dcFalse0.27534735957278483data4.997763322955576IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x19e0000xdfb80x6400aa62322af65801ed0e3ab276ea4d795bFalse0.2782421875MPEG-4 LOAS, single stream4.726504345231075IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x1ac0000x3b94500x3b9600e370d164eaea0e2298d3d8efe62e239bunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x5660000x6186c0x61a00a3cb163c2ae5f8107b00900eb1fc7020False0.1226867597631242data2.7049225718682943IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
DLL0x527de80x27000PE32 executable (DLL) (GUI) Intel 80386, for MS Windows0.44139372996794873
FIRMWARE0x1ad0500x37ad92data0.9871482849121094
RT_CURSOR0x560cf00x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"JapaneseJapan0.4805194805194805
RT_CURSOR0x560e280xb4Targa image data - Map 32 x 65536 x 1 +16 "\001"JapaneseJapan0.7
RT_CURSOR0x560f080x134AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdJapaneseJapan0.36363636363636365
RT_CURSOR0x5610580x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"JapaneseJapan0.35714285714285715
RT_CURSOR0x5611a80x134dataJapaneseJapan0.37337662337662336
RT_CURSOR0x5612f80x134dataJapaneseJapan0.37662337662337664
RT_CURSOR0x5614480x134Targa image data 64 x 65536 x 1 +32 "\001"JapaneseJapan0.36688311688311687
RT_CURSOR0x5615980x134Targa image data 64 x 65536 x 1 +32 "\001"JapaneseJapan0.37662337662337664
RT_CURSOR0x5616e80x134Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"JapaneseJapan0.36688311688311687
RT_CURSOR0x5618380x134Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"JapaneseJapan0.38636363636363635
RT_CURSOR0x5619880x134dataJapaneseJapan0.44155844155844154
RT_CURSOR0x561ad80x134dataJapaneseJapan0.4155844155844156
RT_CURSOR0x561c280x134AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdJapaneseJapan0.5422077922077922
RT_CURSOR0x561d780x134dataJapaneseJapan0.2662337662337662
RT_CURSOR0x561ec80x134dataJapaneseJapan0.2824675324675325
RT_CURSOR0x5620180x134dataJapaneseJapan0.3246753246753247
RT_BITMAP0x55e2680xc10Device independent bitmap graphic, 144 x 29 x 8, 1 compression, image size 2024, 256 important colors0.7470854922279793
RT_BITMAP0x55ee780x4e8Device independent bitmap graphic, 144 x 29 x 8, 1 compression, image size 192, 256 important colors0.7746815286624203
RT_BITMAP0x55f3600x1478Device independent bitmap graphic, 144 x 29 x 8, image size 4176, 256 important colors0.4347328244274809
RT_BITMAP0x5622880xb8Device independent bitmap graphic, 12 x 10 x 4, image size 80JapaneseJapan0.44565217391304346
RT_BITMAP0x5623400x144Device independent bitmap graphic, 33 x 11 x 4, image size 220JapaneseJapan0.37962962962962965
RT_ICON0x54ede80x568Device independent bitmap graphic, 16 x 32 x 8, image size 3200.32875722543352603
RT_ICON0x54f3500x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 11520.44584837545126355
RT_ICON0x54fbf80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 26880.46668443496801704
RT_ICON0x550aa00x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.5859929078014184
RT_ICON0x550f080x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.3925891181988743
RT_ICON0x551fb00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.3421161825726141
RT_ICON0x5545b80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.35124481327800827
RT_ICON0x556b780x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.35383817427385894
RT_ICON0x5591380x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.350103734439834
RT_ICON0x55b6f80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.3578838174273859
RT_DIALOG0x55dcb80x1c0data0.5580357142857143
RT_DIALOG0x560a700x27edataEnglishUnited States0.46865203761755486
RT_DIALOG0x5607d80x298dataJapaneseJapan0.49849397590361444
RT_DIALOG0x55de780x9edata0.7341772151898734
RT_DIALOG0x5621680xe8dataJapaneseJapan0.6336206896551724
RT_DIALOG0x5622500x34dataJapaneseJapan0.9038461538461539
RT_STRING0x562bd80xfedataEnglishUnited States0.6181102362204725
RT_STRING0x5625200x9cdataJapaneseJapan0.9358974358974359
RT_STRING0x562cd80x672dataEnglishUnited States0.30242424242424243
RT_STRING0x5625c00x428dataJapaneseJapan0.4605263157894737
RT_STRING0x5633500x2b8dataEnglishUnited States0.382183908045977
RT_STRING0x5629e80x192dataJapaneseJapan0.6119402985074627
RT_STRING0x5624880x94Matlab v4 mat-file (little endian) D, numeric, rows 0, columns 00.7297297297297297
RT_STRING0x5636080x52dataEnglishUnited States0.6585365853658537
RT_STRING0x562b800x52dataJapaneseJapan0.6585365853658537
RT_STRING0x5636600x82StarOffice Gallery theme p, 536899072 objects, 1st nJapaneseJapan0.7153846153846154
RT_STRING0x5636e80x2adataJapaneseJapan0.5476190476190477
RT_STRING0x5637180x184dataJapaneseJapan0.48711340206185566
RT_STRING0x5638a00x4e6dataJapaneseJapan0.37719298245614036
RT_STRING0x5641180x264dataJapaneseJapan0.3333333333333333
RT_STRING0x563e380x2dadataJapaneseJapan0.3698630136986301
RT_STRING0x564b600x8adataJapaneseJapan0.6594202898550725
RT_STRING0x563d880xacdataJapaneseJapan0.45348837209302323
RT_STRING0x564a500xdedataJapaneseJapan0.536036036036036
RT_STRING0x5643800x4a8dataJapaneseJapan0.3221476510067114
RT_STRING0x5648280x228dataJapaneseJapan0.4003623188405797
RT_STRING0x564b300x2cdataJapaneseJapan0.5227272727272727
RT_STRING0x564bf00x53cdataJapaneseJapan0.2947761194029851
RT_GROUP_CURSOR0x560ee00x22Lotus unknown worksheet or configuration, revision 0x2JapaneseJapan1.0294117647058822
RT_GROUP_CURSOR0x5616d00x14Lotus unknown worksheet or configuration, revision 0x1JapaneseJapan1.3
RT_GROUP_CURSOR0x5610400x14Lotus unknown worksheet or configuration, revision 0x1JapaneseJapan1.3
RT_GROUP_CURSOR0x5615800x14Lotus unknown worksheet or configuration, revision 0x1JapaneseJapan1.3
RT_GROUP_CURSOR0x5614300x14Lotus unknown worksheet or configuration, revision 0x1JapaneseJapan1.3
RT_GROUP_CURSOR0x561d600x14Lotus unknown worksheet or configuration, revision 0x1JapaneseJapan1.3
RT_GROUP_CURSOR0x5612e00x14Lotus unknown worksheet or configuration, revision 0x1JapaneseJapan1.3
RT_GROUP_CURSOR0x5619700x14Lotus unknown worksheet or configuration, revision 0x1JapaneseJapan1.3
RT_GROUP_CURSOR0x5611900x14Lotus unknown worksheet or configuration, revision 0x1JapaneseJapan1.3
RT_GROUP_CURSOR0x5618200x14Lotus unknown worksheet or configuration, revision 0x1JapaneseJapan1.3
RT_GROUP_CURSOR0x561ac00x14Lotus unknown worksheet or configuration, revision 0x1JapaneseJapan1.3
RT_GROUP_CURSOR0x561c100x14Lotus unknown worksheet or configuration, revision 0x1JapaneseJapan1.3
RT_GROUP_CURSOR0x561eb00x14Lotus unknown worksheet or configuration, revision 0x1JapaneseJapan1.3
RT_GROUP_CURSOR0x5620000x14Lotus unknown worksheet or configuration, revision 0x1JapaneseJapan1.3
RT_GROUP_CURSOR0x5621500x14Lotus unknown worksheet or configuration, revision 0x1JapaneseJapan1.3
RT_GROUP_ICON0x5545580x5adata0.7
RT_GROUP_ICON0x5591200x14data1.25
RT_GROUP_ICON0x55b6e00x14data1.25
RT_GROUP_ICON0x55dca00x14data1.25
RT_GROUP_ICON0x556b600x14data1.25
RT_VERSION0x55df180x34cdata0.4549763033175355
RT_MANIFEST0x5651300x31cXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (736), with CRLF line terminatorsEnglishUnited States0.5238693467336684

Imports

DLLImport
iphlpapi.dllGetIfEntry, GetIpAddrTable
KERNEL32.dllSetUnhandledExceptionFilter, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, TerminateProcess, GetStringTypeW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, QueryPerformanceCounter, GetConsoleCP, GetConsoleMode, ReadConsoleW, SetFilePointerEx, OutputDebugStringW, LCMapStringEx, WriteConsoleW, SetEnvironmentVariableA, GetStartupInfoW, InitOnceExecuteOnce, GetProcessHeap, GetStdHandle, GetFileType, SetStdHandle, GetSystemTimeAsFileTime, HeapQueryInformation, HeapSize, InitializeCriticalSectionEx, ExitThread, CreateThread, VirtualQuery, VirtualAlloc, GetSystemInfo, SetThreadStackGuarantee, HeapReAlloc, RtlUnwind, RaiseException, HeapAlloc, HeapFree, IsProcessorFeaturePresent, IsDebuggerPresent, GetModuleHandleExW, ExitProcess, DecodePointer, EncodePointer, GetCommandLineW, GetUserDefaultUILanguage, FindResourceExW, VirtualProtect, SearchPathW, GetProfileIntW, Sleep, GetTempFileNameW, VerifyVersionInfoW, VerSetConditionMask, GetWindowsDirectoryW, GetCurrentDirectoryW, SetErrorMode, GetFileTime, GetFileSizeEx, GetFileAttributesExW, FileTimeToLocalFileTime, FileTimeToSystemTime, GlobalGetAtomNameW, LocalReAlloc, LocalAlloc, GlobalHandle, GlobalReAlloc, TlsFree, UnhandledExceptionFilter, FreeEnvironmentStringsW, GetEnvironmentStringsW, TlsGetValue, TlsAlloc, InitializeCriticalSection, InterlockedIncrement, GlobalFlags, CompareStringEx, GlobalFindAtomW, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, LeaveCriticalSection, EnterCriticalSection, GlobalAddAtomW, WritePrivateProfileStringW, GetPrivateProfileStringW, GetPrivateProfileIntW, ResumeThread, SetThreadPriority, WaitForSingleObject, FreeResource, GetLocaleInfoEx, GetThreadPreferredUILanguages, ApplicationRecoveryFinished, ApplicationRecoveryInProgress, RegisterApplicationRestart, RegisterApplicationRecoveryCallback, lstrcmpW, lstrcmpA, GlobalDeleteAtom, GetVersionExW, GetCurrentThreadId, GetCurrentThread, InterlockedExchange, LoadLibraryA, lstrcmpiW, LoadLibraryExW, GetModuleHandleW, GetModuleHandleA, GetVersion, GetCurrentProcess, DuplicateHandle, OutputDebugStringA, UnlockFile, SetFilePointer, SetEndOfFile, ReadFile, LockFile, GetVolumeInformationW, GetFullPathNameW, GetFileSize, GetFileAttributesW, FlushFileBuffers, FindFirstFileW, FindClose, DeleteFileW, InterlockedDecrement, SetLastError, CopyFileW, FormatMessageW, LocalFree, GlobalFree, GlobalSize, GlobalAlloc, GetModuleFileNameW, GetCurrentProcessId, GlobalUnlock, GlobalLock, WriteFile, DeviceIoControl, CreateFileW, CloseHandle, GetTickCount, lstrcpyW, lstrcpynW, GetLastError, CreateMutexW, WideCharToMultiByte, MultiByteToWideChar, GetProcAddress, LoadLibraryW, LockResource, LoadResource, SizeofResource, FindResourceW, GetTempPathW, FreeLibrary, MulDiv, TlsSetValue, GetTickCount64, GetTimeZoneInformation
USER32.dllGetComboBoxInfo, TrackMouseEvent, MonitorFromPoint, UpdateLayeredWindow, IsMenu, SetWindowRgn, DrawFrameControl, DrawEdge, DrawStateW, EmptyClipboard, SetClipboardData, CloseClipboard, OpenClipboard, EnumDisplayMonitors, SetLayeredWindowAttributes, LockWindowUpdate, SetRect, NotifyWinEvent, InvertRect, HideCaret, EnableScrollBar, GetAsyncKeyState, MessageBeep, GetIconInfo, DrawIconEx, DrawFocusRect, GetNextDlgGroupItem, SetParent, IsRectEmpty, UnionRect, MapVirtualKeyW, GetKeyNameTextW, GetMenuDefaultItem, ReuseDDElParam, UnpackDDElParam, OffsetRect, SetRectEmpty, InsertMenuItemW, CreatePopupMenu, TranslateAcceleratorW, LoadAcceleratorsW, BringWindowToTop, DestroyIcon, IsIconic, SendDlgItemMessageA, InvalidateRect, DeleteMenu, CopyImage, ReleaseCapture, UnregisterClassW, LoadCursorW, GetSysColorBrush, RealChildWindowFromPoint, IntersectRect, LoadMenuW, WindowFromPoint, InflateRect, GetMenuItemInfoW, DestroyMenu, GetMonitorInfoW, MonitorFromWindow, WinHelpW, GetScrollInfo, SetScrollInfo, GetTopWindow, GetClassNameW, GetClassLongW, PtInRect, EqualRect, CopyRect, MapWindowPoints, AdjustWindowRectEx, GetWindowRect, GetClientRect, RemovePropW, CopyIcon, CharUpperBuffW, IsZoomed, GetScrollRange, SetScrollRange, GetScrollPos, SetScrollPos, ScrollWindow, RedrawWindow, SetForegroundWindow, GetForegroundWindow, UpdateWindow, TrackPopupMenu, SetMenu, GetMenu, GetCapture, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, SetWindowPlacement, GetWindowPlacement, IsChild, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, CallWindowProcW, DefWindowProcW, GetMessageTime, GetMessagePos, RegisterWindowMessageW, SetWindowLongW, GetWindowTextLengthW, GetWindowTextW, SetWindowTextW, SetFocus, GetDlgCtrlID, CheckDlgButton, SetDlgItemTextW, SetWindowPos, MoveWindow, ShowWindow, SetCursor, ShowOwnedPopups, CallNextHookEx, SetWindowsHookExW, GetCursorPos, ValidateRect, GetKeyState, IsWindowVisible, GetMessageW, GetDoubleClickTime, ChangeWindowMessageFilter, LoadBitmapW, SetMenuItemInfoW, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, RegisterClipboardFormatW, ModifyMenuW, EnableMenuItem, CheckMenuItem, GetFocus, GetDesktopWindow, SetActiveWindow, GetActiveWindow, GetNextDlgTabItem, GetDlgItem, EndDialog, CreateDialogIndirectParamW, DestroyWindow, IsWindow, WaitMessage, PostQuitMessage, PostMessageW, PostThreadMessageW, GetKeyboardLayout, IsCharLowerW, MapVirtualKeyExW, ToUnicodeEx, GetKeyboardState, CreateAcceleratorTableW, DestroyAcceleratorTable, CopyAcceleratorTableW, SetCursorPos, DrawIcon, GetWindowRgn, DestroyCursor, MapDialogRect, CreateMenu, GetSystemMetrics, CharUpperW, SubtractRect, GetUpdateRect, IsClipboardFormatAvailable, TranslateMDISysAccel, DefMDIChildProcW, DefFrameProcW, DrawMenuBar, ShowScrollBar, FrameRect, SetPropW, SetMenuDefaultItem, GetPropW, SetClassLongW, UnhookWindowsHookEx, RemoveMenu, InsertMenuW, GetMenuItemCount, GetMenuItemID, GetSubMenu, GetMenuState, GetMenuStringW, GetLastActivePopup, GetWindowThreadProcessId, GetParent, GetWindowLongW, MessageBoxW, IsWindowEnabled, FillRect, ScreenToClient, ClientToScreen, EndPaint, BeginPaint, GetWindowDC, TabbedTextOutW, GrayStringW, DrawTextExW, DrawTextW, GetWindow, SystemParametersInfoW, KillTimer, SetTimer, DispatchMessageW, TranslateMessage, IsDialogMessageW, PeekMessageW, EnableWindow, ReleaseDC, GetDC, GetSysColor, SendMessageW, AppendMenuW, GetSystemMenu, LoadIconW, LoadImageW, SetCapture
GDI32.dllMoveToEx, TextOutW, ExtTextOutW, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, OffsetViewportOrgEx, OffsetWindowOrgEx, ScaleViewportExtEx, ScaleWindowExtEx, CopyMetaFileW, CreateDCW, CombineRgn, CreateRectRgnIndirect, PatBlt, SetRectRgn, DPtoLP, GetTextMetricsW, CreateCompatibleBitmap, CreatePalette, GetNearestPaletteIndex, GetPaletteEntries, GetSystemPaletteEntries, RealizePalette, GetBkColor, CreateDIBitmap, EnumFontFamiliesW, GetTextCharsetInfo, SetPixel, StretchBlt, SetDIBColorTable, CreateEllipticRgn, Ellipse, GetTextColor, Polygon, Polyline, Rectangle, EnumFontFamiliesExW, GetRgnBox, OffsetRgn, CreateRoundRectRgn, RoundRect, FrameRgn, PtInRegion, SetPixelV, ExtFloodFill, SetPaletteEntries, FillRgn, GetBoundsRect, GetWindowOrgEx, LPtoDP, GetViewportOrgEx, GetTextFaceW, SetPolyFillMode, GetLayout, SetLayout, SetMapMode, SetBkMode, SetROP2, SetTextAlign, SetTextColor, CreatePolygonRgn, DeleteObject, SetBkColor, SelectPalette, SelectObject, ExtSelectClipRgn, SelectClipRgn, SaveDC, RestoreDC, RectVisible, PtVisible, LineTo, IntersectClipRect, GetWindowExtEx, GetViewportExtEx, GetStockObject, GetPixel, GetObjectType, GetDeviceCaps, GetClipBox, ExcludeClipRect, Escape, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePatternBrush, CreatePen, CreateHatchBrush, CreateBitmap, CreateFontIndirectW, GetTextExtentPoint32W, BitBlt, GetDIBColorTable, CreateCompatibleDC, CreateDIBSection, GetObjectW
MSIMG32.dllAlphaBlend, TransparentBlt
WINSPOOL.DRVOpenPrinterW, StartDocPrinterW, StartPagePrinter, WritePrinter, ClosePrinter, DocumentPropertiesW, EndDocPrinter, EndPagePrinter
ADVAPI32.dllRegSetValueExW, RegEnumKeyExW, RegEnumValueW, RegQueryValueW, RegEnumKeyW, RegOpenKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegQueryValueExW, RegCloseKey
SHELL32.dllSHBrowseForFolderW, SHGetFileInfoW, InitNetworkAddressControl, SHCreateItemFromParsingName, SHGetKnownFolderPath, DragQueryFileW, DragFinish, ShellExecuteW, SHGetPathFromIDListW, SHAppBarMessage, SHGetSpecialFolderPathW, SHGetDesktopFolder, SHGetSpecialFolderLocation
COMCTL32.dllInitCommonControlsEx
SHLWAPI.dllSHGetValueW, PathAppendW, PathFileExistsW, SHEnumKeyExW, PathIsUNCW, PathStripToRootW, PathFindExtensionW, PathFindFileNameW, StrFormatKBSizeW, PathRemoveFileSpecW
UxTheme.dllBeginBufferedPaint, GetThemeColor, GetCurrentThemeName, GetThemeSysColor, GetWindowTheme, BufferedPaintUnInit, BufferedPaintInit, DrawThemeTextEx, IsAppThemed, GetThemePartSize, CloseThemeData, OpenThemeData, DrawThemeParentBackground, IsThemeBackgroundPartiallyTransparent, DrawThemeBackground, EndBufferedPaint
dwmapi.dllDwmIsCompositionEnabled, DwmDefWindowProc, DwmSetWindowAttribute
ole32.dllDoDragDrop, OleDuplicateData, ReleaseStgMedium, CoUninitialize, CoCreateGuid, CoCreateInstance, CoInitialize, CoInitializeEx, CreateStreamOnHGlobal, OleLockRunning, CoTaskMemFree, CoTaskMemAlloc, RevokeDragDrop, RegisterDragDrop, CoLockObjectExternal, OleGetClipboard, IsAccelerator, OleTranslateAccelerator, OleDestroyMenuDescriptor, OleCreateMenuDescriptor
OLEAUT32.dllSysFreeString, VarBstrFromDate, VariantTimeToSystemTime, SystemTimeToVariantTime, SysStringLen, VariantChangeType, VariantClear, VariantInit, SysAllocStringLen, SysAllocString
WSOCK32.dllinet_addr, WSAGetLastError, setsockopt, accept, bind, closesocket, getservbyname, htons, htonl, ioctlsocket, ntohl, ntohs, connect, recv, WSAAsyncSelect, WSASetLastError, WSACleanup, WSAStartup, socket, sendto, send, select, recvfrom
snmpapi.dllSnmpUtilMemAlloc, SnmpUtilVarBindListFree
mgmtapi.dllSnmpMgrRequest, SnmpMgrStrToOid, SnmpMgrOpen, SnmpMgrClose
RPCRT4.dllUuidFromStringW
SETUPAPI.dllSetupDiGetClassDevsW, SetupDiGetDeviceInterfaceDetailW, SetupDiEnumDeviceInterfaces
OLEACC.dllCreateStdAccessibleObject, AccessibleObjectFromWindow, LresultFromObject
gdiplus.dllGdipFree, GdiplusStartup, GdiplusShutdown, GdipCloneImage, GdipDisposeImage, GdipGetImageGraphicsContext, GdipGetImageWidth, GdipGetImageHeight, GdipAlloc, GdipGetImagePalette, GdipGetImagePaletteSize, GdipSetInterpolationMode, GdipDrawImageRectI, GdipCreateBitmapFromStream, GdipDeleteGraphics, GdipDrawImageI, GdipCreateBitmapFromHBITMAP, GdipGetImagePixelFormat, GdipCreateFromHDC, GdipBitmapLockBits, GdipCreateBitmapFromScan0, GdipBitmapUnlockBits
IMM32.dllImmGetOpenStatus, ImmReleaseContext, ImmGetContext
WINMM.dllPlaySoundW

Possible Origin

Language of compilation systemCountry where language is spokenMap
JapaneseJapan
EnglishUnited States