Windows
Analysis Report
DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe (PID: 5032 cmdline:
C:\Users\u ser\Deskto p\DPR60285 9651100125 001V110012 5154830E 3 -2-2023#U0 0b7pdf.exe MD5: 91C0C4710DB096A4689D40E2CEB3814D)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | String found in binary or memory: |
Source: | Code function: |
Source: | Static PE information: |
Source: | Code function: |
Source: | File created: | Jump to behavior |
Source: | Code function: | ||
Source: | Code function: |
Source: | Process Stats: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: |
Source: | Key value queried: |
Source: | Code function: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: |
Source: | File read: | Jump to behavior |
Source: | Code function: |
Source: | Static PE information: |
Source: | Code function: |
Source: | Code function: |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | API call chain: | ||
Source: | API call chain: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | Code function: |
Source: | Code function: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Native API | Path Interception | 1 Access Token Manipulation | 11 Masquerading | OS Credential Dumping | 3 File and Directory Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | LSASS Memory | 3 System Information Discovery | Remote Desktop Protocol | 1 Clipboard Data | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
47% | ReversingLabs | Win32.Trojan.Nsisx | ||
46% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
1% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 798398 |
Start date and time: | 2023-02-04 03:44:08 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 36s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample file name: | DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe |
Detection: | MAL |
Classification: | mal48.winEXE@1/7@0/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
Process: | C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 34794 |
Entropy (8bit): | 3.9997795398371228 |
Encrypted: | false |
SSDEEP: | 768:ccaHQHD7RgNO/PDcbf/CBrmE4Hi1r1scfUos2cX7nhL/djYY2v:iQHDyO4mrei7sqc7BdsYG |
MD5: | DD18A90498456DFCAE95A46AFC33C475 |
SHA1: | 65AB8F8342AF9C08FE39E7664E3DF9C9646DF211 |
SHA-256: | 856D7590AB2EFC8C760BC37D652D5AE8A5DE982891ADB7A678E43A91D268DDE9 |
SHA-512: | BC6F1AED9B60D3C383E0A65C19E2FF031252DC9B193AE6AD3B5B6F3767EC2F7E6E6E4B3F65D2A3CBD501ED38C838C89A9648D255EAF1110BD7C5A0142F0A6A10 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 223928 |
Entropy (8bit): | 7.720384553629306 |
Encrypted: | false |
SSDEEP: | 3072:c5Nv/wHlbfgXh62+XKffH2i5A3Mz3xDD1TiBonOxOo0TUhBj4g2RgYyv:c5NvAbfgsrX6qMFdTiBQhooSBj4g2d4 |
MD5: | B32FFE1EC6ECA11009C35A0829450CB1 |
SHA1: | 146529AFE038064ED79CAE0C62B108A14276D459 |
SHA-256: | 151A299FCA8F459B7670EA4922931161D6E8024B19F1C723130F6576ACBDBC83 |
SHA-512: | CC32C0713B6E3C83D00682A73F2DB20FEAB0EBCD39A2CD768728FA9AD437CE0C24A6EBA7367DEC162447C14533064B93A2EB8422C843186AADADD6BEB99D7E4C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 147 |
Entropy (8bit): | 5.579261213353732 |
Encrypted: | false |
SSDEEP: | 3:yionv//thPl3MrpxyPuReVl/nRwPd/ggZcFmz3iVVyjXrC5RlH1p:6v/lhP6TwOeVV6Pd/MmgEK5RlVp |
MD5: | 0CA13C84736F193C4DDC36408B63EB79 |
SHA1: | DAF222B1B08D7F2645FDC2E25E63BE2AA50E9B79 |
SHA-256: | 9B7DA86B40E8FE9DA37BA2A4337C9BCE14B07153A9722DD3DE7772C1C5933DED |
SHA-512: | 1F95694E920B1BE5A7D9A4C4F7EABCCDE8326965D8B1E3211085C67E84229F76300AED6AE29E2D79E817857CFE7608919233057FAD6FDA3BF515C59F3604099C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Deskriptiv155\Hjertere\multimedia-volume-control-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 651 |
Entropy (8bit): | 5.228667299529662 |
Encrypted: | false |
SSDEEP: | 12:t4Cp9xXnlWjoprGDWXYmfM26oprGhyGuC1hz4AeWrGdKdK:t4CpPlWsrGDoY32/rGYG/4AeWrGMQ |
MD5: | 367D90E6DF90CE72BAD009701DC3D941 |
SHA1: | C2070B79640687DBB8A64BFAC953CFA7625F7FFF |
SHA-256: | 2F11A00CC5DD755C1E5054AEF16CE293716532140B3DDB0F0623ABD460F99571 |
SHA-512: | F6DA3687D0676C11CD4B3D3F4C71797059DD62B05F09DC981684155671EB7924E6096B084DF43664D09B1A13BFADFE61C1FB678B3323ED7E9984EB8D7A2D19BC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 629 |
Entropy (8bit): | 4.45278069770929 |
Encrypted: | false |
SSDEEP: | 12:TMHdPnnl/nu3tln5CfYUtLLgpvAjmAKWlzmOA/e7/lsEbWlM:2dPnnxu3tlQfjngEmAKvOA/U/lsEbN |
MD5: | DA3858070B89AA5D3B4D5FC724BED12F |
SHA1: | A923CDD523E0519E96147A05DE6D0024135127E4 |
SHA-256: | 3CC19ADDFE48119EB91D48E7FE510920394DC96F3006C384FFD4F63B92A73480 |
SHA-512: | FF7BE5CC591CD146E56DD22BCB9FD82A21272592EA7E807B57F8D33E77DA7FB2C632CA12980B0B8CDA4028C5802EA803BC75A642714B80AAC244538E4819E502 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 296163 |
Entropy (8bit): | 7.470506584929792 |
Encrypted: | false |
SSDEEP: | 6144:X5NvAbfgsrX6qMFdTiBQhooSBj4g2dgQ20cP7m:JjvTiapwjGdf20cP7m |
MD5: | E0FD6297CF0E89D773C0AE44ED514229 |
SHA1: | EE4E3DEC2FFAD8B11887DD600B3A5D75982F0170 |
SHA-256: | 5511DCF0AEFA2FDE583BEB5703774277C3ECB68B48AFA8B5D7F89F641B1F87F3 |
SHA-512: | 5911A30953430870D7468C7BD48B57435FD6898800FC81EFA42FD340222E938D1C0889432C413163BC777044B412EF92A72740489FA620FE7220143D0A5A1C56 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11776 |
Entropy (8bit): | 5.656065698421856 |
Encrypted: | false |
SSDEEP: | 192:eY24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol+Sl:E8QIl975eXqlWBrz7YLOl+ |
MD5: | 17ED1C86BD67E78ADE4712BE48A7D2BD |
SHA1: | 1CC9FE86D6D6030B4DAE45ECDDCE5907991C01A0 |
SHA-256: | BD046E6497B304E4EA4AB102CAB2B1F94CE09BDE0EEBBA4C59942A732679E4EB |
SHA-512: | 0CBED521E7D6D1F85977B3F7D3CA7AC34E1B5495B69FD8C7BFA1A846BAF53B0ECD06FE1AD02A3599082FFACAF8C71A3BB4E32DEC05F8E24859D736B828092CD5 |
Malicious: | false |
Antivirus: |
|
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.836361315282437 |
TrID: |
|
File name: | DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe |
File size: | 348136 |
MD5: | 91c0c4710db096a4689d40e2ceb3814d |
SHA1: | 63880c602b960c5f91e55cbe4d5d18c7b8f1d63a |
SHA256: | a4d4961d124ea4276512c1584f1ebd30951cd469659b3a623594d6361772fae7 |
SHA512: | b5fc41a609efb2946ddce21f383b5ae8e70d93b0fd0dec8e48b27f7660569ccdbafe806bf56fc0cd7c4e43826b79f065d57cd66da3c27e865cdced3ca865eb2a |
SSDEEP: | 6144:twq3NpWyFr7S0HFwnNHF6pmK2DIuua9ma+T4cX+tTMZP3qtTaPwkYn5inpT4:tzayFfDwNg4RE864c4MZ/c2UinS |
TLSH: | C6741208B548D9A7C9630932ED628AF67ABDDE613BB1A70733006F7C7D312618F45365 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..*_...P...P..OP..*_...P...s...P...V...P..Rich.P..........PE..L...8.MX.................b...*......J4............@ |
Icon Hash: | 00c4c4dcdcd4d410 |
Entrypoint: | 0x40344a |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x584DCA38 [Sun Dec 11 21:50:48 2016 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 4ea4df5d94204fc550be1874e1b77ea7 |
Instruction |
---|
sub esp, 000002D4h |
push ebx |
push esi |
push edi |
push 00000020h |
pop edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+14h], ebx |
mov dword ptr [esp+10h], 0040A230h |
mov dword ptr [esp+1Ch], ebx |
call dword ptr [004080B4h] |
call dword ptr [004080B0h] |
cmp ax, 00000006h |
je 00007F0E40A5E5A3h |
push ebx |
call 00007F0E40A616FCh |
cmp eax, ebx |
je 00007F0E40A5E599h |
push 00000C00h |
call eax |
mov esi, 004082B8h |
push esi |
call 00007F0E40A61676h |
push esi |
call dword ptr [0040815Ch] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], 00000000h |
jne 00007F0E40A5E57Ch |
push ebp |
push 00000009h |
call 00007F0E40A616CEh |
push 00000007h |
call 00007F0E40A616C7h |
mov dword ptr [0042A244h], eax |
call dword ptr [0040803Ch] |
push ebx |
call dword ptr [004082A4h] |
mov dword ptr [0042A2F8h], eax |
push ebx |
lea eax, dword ptr [esp+34h] |
push 000002B4h |
push eax |
push ebx |
push 004216E8h |
call dword ptr [00408188h] |
push 0040A384h |
push 00429240h |
call 00007F0E40A612B0h |
call dword ptr [004080ACh] |
mov ebp, 00435000h |
push eax |
push ebp |
call 00007F0E40A6129Eh |
push ebx |
call dword ptr [00408174h] |
add word ptr [eax], 0000h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8504 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x68000 | 0x19ef0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b4 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x61f1 | 0x6200 | False | 0.6656967474489796 | data | 6.477074763411717 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x13a4 | 0x1400 | False | 0.4529296875 | data | 5.163001655755973 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x20338 | 0x600 | False | 0.501953125 | data | 3.9745558434885093 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x2b000 | 0x3d000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x68000 | 0x19ef0 | 0x1a000 | False | 0.8527644230769231 | data | 7.543225711963014 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x683a0 | 0xbdfc | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x741a0 | 0x743a | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x7b5e0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States |
RT_ICON | 0x7db88 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States |
RT_ICON | 0x7ec30 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | English | United States |
RT_ICON | 0x7fad8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States |
RT_ICON | 0x80380 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1152 | English | United States |
RT_ICON | 0x809e8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States |
RT_ICON | 0x80f50 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States |
RT_ICON | 0x813b8 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | English | United States |
RT_ICON | 0x816a0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | English | United States |
RT_DIALOG | 0x817c8 | 0x100 | data | English | United States |
RT_DIALOG | 0x818c8 | 0x11c | data | English | United States |
RT_DIALOG | 0x819e8 | 0xc4 | data | English | United States |
RT_DIALOG | 0x81ab0 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x81b10 | 0xa0 | data | English | United States |
RT_MANIFEST | 0x81bb0 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | SetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, CreateFileW, GetFileSize, MoveFileW, SetFileAttributesW, GetModuleFileNameW, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, WaitForSingleObject, GetCurrentProcess, CompareFileTime, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GlobalFree, GlobalAlloc, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, ExpandEnvironmentStringsW, lstrcmpW, GetDiskFreeSpaceW, lstrlenW, lstrcpynW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
USER32.dll | GetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, LoadImageW, SetTimer, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, DrawTextW, EndPaint, CreateDialogParamW, SendMessageTimeoutW, SetForegroundWindow |
GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW |
ADVAPI32.dll | RegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
COMCTL32.dll | ImageList_AddMasked, ImageList_Destroy, ImageList_Create |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Target ID: | 0 |
Start time: | 03:44:57 |
Start date: | 04/02/2023 |
Path: | C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 348136 bytes |
MD5 hash: | 91C0C4710DB096A4689D40E2CEB3814D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |