Analysis

Category Package Started Completed Duration Options Log
FILE Extraction 2019-09-11 18:31:44 2019-09-11 18:35:47 243 seconds Show Options Show Log
route = internet
procdump = 0
2019-09-11 19:31:48,015 [root] INFO: Date set to: 09-11-19, time set to: 18:31:48, timeout set to: 200
2019-09-11 19:31:48,279 [root] DEBUG: Starting analyzer from: C:\ikczfomzr
2019-09-11 19:31:48,279 [root] DEBUG: Storing results at: C:\IsVQLKx
2019-09-11 19:31:48,279 [root] DEBUG: Pipe server name: \\.\PIPE\dYnOMHI
2019-09-11 19:31:48,279 [root] INFO: Analysis package "Extraction" has been specified.
2019-09-11 19:31:55,253 [root] DEBUG: Started auxiliary module Browser
2019-09-11 19:31:55,253 [root] DEBUG: Started auxiliary module Curtain
2019-09-11 19:31:55,253 [modules.auxiliary.digisig] DEBUG: Checking for a digitial signature.
2019-09-11 19:31:59,528 [modules.auxiliary.digisig] DEBUG: File has an invalid signature.
2019-09-11 19:31:59,528 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2019-09-11 19:31:59,528 [root] DEBUG: Started auxiliary module DigiSig
2019-09-11 19:31:59,543 [root] DEBUG: Started auxiliary module Disguise
2019-09-11 19:31:59,543 [root] DEBUG: Started auxiliary module Human
2019-09-11 19:31:59,543 [root] DEBUG: Started auxiliary module Screenshots
2019-09-11 19:31:59,543 [root] DEBUG: Started auxiliary module Sysmon
2019-09-11 19:31:59,559 [root] DEBUG: Started auxiliary module Usage
2019-09-11 19:31:59,559 [root] INFO: Analyzer: DLL set to Extraction.dll from package modules.packages.Extraction
2019-09-11 19:31:59,559 [root] INFO: Analyzer: DLL_64 set to Extraction_x64.dll from package modules.packages.Extraction
2019-09-11 19:31:59,762 [lib.api.process] INFO: Successfully executed process from path "C:\Users\user\AppData\Local\Temp\Cashback.exe" with arguments "" with pid 1912
2019-09-11 19:31:59,762 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2019-09-11 19:31:59,762 [lib.api.process] INFO: 32-bit DLL to inject is C:\ikczfomzr\dll\lQSQuT.dll, loader C:\ikczfomzr\bin\iDdFJXw.exe
2019-09-11 19:32:00,135 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\dYnOMHI.
2019-09-11 19:32:00,151 [root] DEBUG: Loader: Injecting process 1912 (thread 880) with C:\ikczfomzr\dll\lQSQuT.dll.
2019-09-11 19:32:00,151 [root] DEBUG: Process image base: 0x01090000
2019-09-11 19:32:00,151 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\ikczfomzr\dll\lQSQuT.dll.
2019-09-11 19:32:00,151 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x011B5000 - 0x77380000
2019-09-11 19:32:00,151 [root] DEBUG: InjectDllViaIAT: Allocated 0x1f0 bytes for new import table at 0x011C0000.
2019-09-11 19:32:00,151 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-09-11 19:32:00,151 [root] DEBUG: Successfully injected DLL C:\ikczfomzr\dll\lQSQuT.dll.
2019-09-11 19:32:00,151 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1912
2019-09-11 19:32:02,164 [lib.api.process] INFO: Successfully resumed process with pid 1912
2019-09-11 19:32:02,164 [root] INFO: Added new process to list with pid: 1912
2019-09-11 19:32:02,305 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-09-11 19:32:02,305 [root] DEBUG: Process dumps disabled.
2019-09-11 19:32:02,601 [root] INFO: Disabling sleep skipping.
2019-09-11 19:32:02,601 [root] INFO: Disabling sleep skipping.
2019-09-11 19:32:02,601 [root] INFO: Disabling sleep skipping.
2019-09-11 19:32:02,601 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-09-11 19:32:02,601 [root] INFO: Disabling sleep skipping.
2019-09-11 19:32:02,601 [root] DEBUG: WoW64 detected: 64-bit ntdll base: 0x77380000, KiUserExceptionDispatcher: 0x0, NtSetContextThread: 0x773d124a, Wow64PrepareForException: 0x0
2019-09-11 19:32:02,601 [root] DEBUG: WoW64 workaround: KiUserExceptionDispatcher hook installed at: 0x80000
2019-09-11 19:32:02,601 [root] DEBUG: Debugger initialised.
2019-09-11 19:32:02,601 [root] DEBUG: CAPE initialised: 32-bit Extraction package loaded in process 1912 at 0x74af0000, image base 0x1090000, stack from 0x1e6000-0x1f0000
2019-09-11 19:32:02,601 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Users\user\AppData\Local\Temp\Cashback.exe".
2019-09-11 19:32:02,617 [root] DEBUG: AddTrackedRegion: EntryPoint 0x67cc, Entropy 7.927218e+00
2019-09-11 19:32:02,617 [root] DEBUG: AddTrackedRegion: Region at 0x01090000 size 0x1000 added to tracked regions.
2019-09-11 19:32:02,617 [root] DEBUG: ExtractionInit: Adding main image base to tracked regions.
2019-09-11 19:32:02,617 [root] INFO: Monitor successfully loaded in process with pid 1912.
2019-09-11 19:32:02,631 [root] WARNING: File at path "C:\Users\user\AppData\Local\Temp\IXP000.TMP\TMP4351$.TMP" does not exist, skip.
2019-09-11 19:32:02,694 [root] DEBUG: DLL loaded at 0x74820000: C:\Windows\system32\feclient (0xc000 bytes).
2019-09-11 19:32:02,694 [root] DEBUG: DLL unloaded from 0x75760000.
2019-09-11 19:32:02,960 [root] DEBUG: DLL loaded at 0x747F0000: C:\Windows\system32\advpack (0x2e000 bytes).
2019-09-11 19:32:03,085 [root] DEBUG: DLL loaded at 0x758B0000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-09-11 19:32:03,085 [root] DEBUG: DLL loaded at 0x76A40000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-09-11 19:32:03,085 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\OLEAUT32 (0x8f000 bytes).
2019-09-11 19:32:03,099 [root] DEBUG: DLL loaded at 0x76770000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-09-11 19:32:03,099 [root] DEBUG: DLL unloaded from 0x747F0000.
2019-09-11 19:32:03,163 [root] DEBUG: DLL loaded at 0x74CB0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-09-11 19:32:03,349 [root] INFO: Announced 32-bit process name: temp.exe pid: 1668
2019-09-11 19:32:03,397 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2019-09-11 19:32:03,397 [lib.api.process] INFO: 32-bit DLL to inject is C:\ikczfomzr\dll\lQSQuT.dll, loader C:\ikczfomzr\bin\iDdFJXw.exe
2019-09-11 19:32:03,411 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\dYnOMHI.
2019-09-11 19:32:03,411 [root] DEBUG: Loader: Injecting process 1668 (thread 1444) with C:\ikczfomzr\dll\lQSQuT.dll.
2019-09-11 19:32:03,411 [root] DEBUG: Process image base: 0x00400000
2019-09-11 19:32:03,411 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\ikczfomzr\dll\lQSQuT.dll.
2019-09-11 19:32:03,411 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x004B8000 - 0x004C0000
2019-09-11 19:32:03,411 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x008C0000 - 0x77380000
2019-09-11 19:32:03,427 [root] DEBUG: InjectDllViaIAT: Allocated 0x3f8 bytes for new import table at 0x008C0000.
2019-09-11 19:32:03,427 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-09-11 19:32:03,427 [root] DEBUG: Successfully injected DLL C:\ikczfomzr\dll\lQSQuT.dll.
2019-09-11 19:32:03,427 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1668
2019-09-11 19:32:03,599 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-09-11 19:32:03,599 [root] DEBUG: Process dumps disabled.
2019-09-11 19:32:03,599 [root] INFO: Disabling sleep skipping.
2019-09-11 19:32:03,677 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-09-11 19:32:03,677 [root] DEBUG: WoW64 detected: 64-bit ntdll base: 0x77380000, KiUserExceptionDispatcher: 0x0, NtSetContextThread: 0x773d124a, Wow64PrepareForException: 0x0
2019-09-11 19:32:03,677 [root] DEBUG: WoW64 workaround: KiUserExceptionDispatcher hook installed at: 0x170000
2019-09-11 19:32:03,677 [root] DEBUG: Debugger initialised.
2019-09-11 19:32:03,677 [root] DEBUG: CAPE initialised: 32-bit Extraction package loaded in process 1668 at 0x74af0000, image base 0x400000, stack from 0x8b6000-0x8c0000
2019-09-11 19:32:03,677 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\temp.exe.
2019-09-11 19:32:03,677 [root] DEBUG: AddTrackedRegion: EntryPoint 0xb62cb, Entropy 4.197784e+00
2019-09-11 19:32:03,677 [root] DEBUG: AddTrackedRegion: Region at 0x00400000 size 0x1000 added to tracked regions.
2019-09-11 19:32:03,693 [root] DEBUG: ExtractionInit: Adding main image base to tracked regions.
2019-09-11 19:32:03,693 [root] INFO: Added new process to list with pid: 1668
2019-09-11 19:32:03,693 [root] INFO: Monitor successfully loaded in process with pid 1668.
2019-09-11 19:32:03,957 [root] DEBUG: DLL loaded at 0x74F80000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-09-11 19:32:03,957 [root] DEBUG: DLL loaded at 0x74F40000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-09-11 19:32:04,380 [root] DEBUG: DLL unloaded from 0x75760000.
2019-09-11 19:32:04,473 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1668).
2019-09-11 19:32:04,473 [root] DEBUG: ProcessImageBase: Modified image detected at image base 0x00400000 - new entropy 6.483835e+00.
2019-09-11 19:32:04,473 [root] DEBUG: ApiReader: module list size: 29
2019-09-11 19:32:04,473 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-09-11 19:32:04,489 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-09-11 19:32:04,489 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2019-09-11 19:32:04,489 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-09-11 19:32:04,489 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-09-11 19:32:04,489 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2019-09-11 19:32:04,489 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2019-09-11 19:32:04,503 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2019-09-11 19:32:04,503 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2019-09-11 19:32:04,503 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2019-09-11 19:32:04,503 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2019-09-11 19:32:04,503 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2019-09-11 19:32:04,503 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2019-09-11 19:32:04,503 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2019-09-11 19:32:04,503 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-09-11 19:32:04,519 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2019-09-11 19:32:04,519 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\wsock32.dll
2019-09-11 19:32:04,519 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ws2_32.dll
2019-09-11 19:32:04,519 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\nsi.dll
2019-09-11 19:32:04,519 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\winmm.dll
2019-09-11 19:32:04,519 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\version.dll
2019-09-11 19:32:04,519 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
2019-09-11 19:32:04,536 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\comdlg32.dll
2019-09-11 19:32:04,536 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-09-11 19:32:04,536 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\oleaut32.dll
2019-09-11 19:32:04,536 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2019-09-11 19:32:04,536 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2019-09-11 19:32:04,536 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\cryptsp.dll
2019-09-11 19:32:04,536 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\rsaenh.dll
2019-09-11 19:32:04,536 [root] DEBUG: DumpCurrentProcessFixImports: Instantiating PeParser with address: 0x00400000.
2019-09-11 19:32:04,551 [root] DEBUG: DumpCurrentProcessFixImports: Module entry point VA is 0x000B62CB.
2019-09-11 19:32:04,566 [root] INFO: Added new CAPE file to list with path: C:\IsVQLKx\CAPE\1668_9728272134322111392019
2019-09-11 19:32:04,566 [root] DEBUG: DumpCurrentProcessFixImports: Module image dump success C:\IsVQLKx\CAPE\1668_9728272134322111392019
2019-09-11 19:32:04,582 [root] DEBUG: DumpCurrentProcessFixImports: Warning - Unable to find IAT in scan, import reconstruction failed.
2019-09-11 19:32:04,582 [root] DEBUG: DLL unloaded from 0x75700000.
2019-09-11 19:32:04,582 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1668).
2019-09-11 19:32:04,582 [root] INFO: Notified of termination of process with pid 1668.
2019-09-11 19:32:04,737 [root] INFO: Announced 32-bit process name: ironman.exe pid: 1556
2019-09-11 19:32:04,737 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2019-09-11 19:32:04,737 [lib.api.process] INFO: 32-bit DLL to inject is C:\ikczfomzr\dll\lQSQuT.dll, loader C:\ikczfomzr\bin\iDdFJXw.exe
2019-09-11 19:32:04,753 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\dYnOMHI.
2019-09-11 19:32:04,753 [root] DEBUG: Loader: Injecting process 1556 (thread 1648) with C:\ikczfomzr\dll\lQSQuT.dll.
2019-09-11 19:32:04,753 [root] DEBUG: Process image base: 0x00400000
2019-09-11 19:32:04,769 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\ikczfomzr\dll\lQSQuT.dll.
2019-09-11 19:32:04,769 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x0048D000 - 0x77380000
2019-09-11 19:32:04,769 [root] DEBUG: InjectDllViaIAT: Allocated 0x25b8 bytes for new import table at 0x00490000.
2019-09-11 19:32:04,785 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-09-11 19:32:04,785 [root] DEBUG: Successfully injected DLL C:\ikczfomzr\dll\lQSQuT.dll.
2019-09-11 19:32:04,785 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1556
2019-09-11 19:32:04,815 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-09-11 19:32:04,815 [root] DEBUG: Process dumps disabled.
2019-09-11 19:32:04,848 [root] INFO: Disabling sleep skipping.
2019-09-11 19:32:04,878 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-09-11 19:32:04,878 [root] DEBUG: WoW64 detected: 64-bit ntdll base: 0x77380000, KiUserExceptionDispatcher: 0x0, NtSetContextThread: 0x773d124a, Wow64PrepareForException: 0x0
2019-09-11 19:32:04,910 [root] DEBUG: WoW64 workaround: KiUserExceptionDispatcher hook installed at: 0x2b0000
2019-09-11 19:32:04,910 [root] DEBUG: Debugger initialised.
2019-09-11 19:32:04,926 [root] DEBUG: CAPE initialised: 32-bit Extraction package loaded in process 1556 at 0x74af0000, image base 0x400000, stack from 0x186000-0x190000
2019-09-11 19:32:04,926 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\ironman.exe.
2019-09-11 19:32:04,940 [root] DEBUG: AddTrackedRegion: EntryPoint 0x631f0, Entropy 5.997032e+00
2019-09-11 19:32:04,940 [root] DEBUG: AddTrackedRegion: Region at 0x00400000 size 0x1000 added to tracked regions.
2019-09-11 19:32:04,971 [root] DEBUG: ExtractionInit: Adding main image base to tracked regions.
2019-09-11 19:32:04,971 [root] INFO: Added new process to list with pid: 1556
2019-09-11 19:32:04,971 [root] INFO: Monitor successfully loaded in process with pid 1556.
2019-09-11 19:32:04,971 [root] DEBUG: Allocation: 0x002C0000 - 0x002C1000, size: 0x1000, protection: 0x40.
2019-09-11 19:32:04,987 [root] DEBUG: AddTrackedRegion: Region at 0x002C0000 size 0x1000 added to tracked regions.
2019-09-11 19:32:05,128 [root] DEBUG: DLL loaded at 0x747F0000: C:\Windows\system32\olepro32 (0x19000 bytes).
2019-09-11 19:32:05,221 [root] INFO: Process with pid 1668 has terminated
2019-09-11 19:32:05,237 [root] DEBUG: DLL loaded at 0x74770000: C:\Windows\system32\uxtheme (0x80000 bytes).
2019-09-11 19:32:05,440 [root] DEBUG: DLL unloaded from 0x74BE0000.
2019-09-11 19:32:31,289 [root] DEBUG: DLL loaded at 0x74760000: C:\Windows\system32\shfolder (0x5000 bytes).
2019-09-11 19:32:31,305 [root] DEBUG: CAPEExceptionFilter: Exception 0xc0000005 caught at RVA 0x292ad in capemon caught accessing 0x0 (expected in memory scans), passing to next handler.
2019-09-11 19:32:32,108 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-09-11 19:32:32,118 [root] DEBUG: DLL loaded at 0x75670000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-09-11 19:32:56,400 [root] DEBUG: CAPEExceptionFilter: Exception 0xc0000005 caught at RVA 0x292ad in capemon caught accessing 0x0 (expected in memory scans), passing to next handler.
2019-09-11 19:32:56,578 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-09-11 19:33:21,244 [root] DEBUG: CAPEExceptionFilter: Exception 0xc0000005 caught at RVA 0x292ad in capemon caught accessing 0x0 (expected in memory scans), passing to next handler.
2019-09-11 19:33:22,002 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-09-11 19:33:46,266 [root] DEBUG: CAPEExceptionFilter: Exception 0xc0000005 caught at RVA 0x292ad in capemon caught accessing 0x0 (expected in memory scans), passing to next handler.
2019-09-11 19:33:47,272 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-09-11 19:34:11,249 [root] DEBUG: CAPEExceptionFilter: Exception 0xc0000005 caught at RVA 0x292ad in capemon caught accessing 0x0 (expected in memory scans), passing to next handler.
2019-09-11 19:34:11,697 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-09-11 19:34:36,309 [root] DEBUG: CAPEExceptionFilter: Exception 0xc0000005 caught at RVA 0x292ad in capemon caught accessing 0x0 (expected in memory scans), passing to next handler.
2019-09-11 19:34:37,005 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-09-11 19:35:01,282 [root] DEBUG: CAPEExceptionFilter: Exception 0xc0000005 caught at RVA 0x292ad in capemon caught accessing 0x0 (expected in memory scans), passing to next handler.
2019-09-11 19:35:02,368 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-09-11 19:35:24,022 [root] INFO: Analysis timeout hit (200 seconds), terminating analysis.
2019-09-11 19:35:24,022 [root] INFO: Created shutdown mutex.
2019-09-11 19:35:25,036 [lib.api.process] INFO: Successfully received reply to terminate_event, pid 1912
2019-09-11 19:35:25,036 [root] DEBUG: Terminate Event: Processing tracked regions before shutdown (process 1912).
2019-09-11 19:35:25,036 [root] INFO: Terminate event set for process 1912.
2019-09-11 19:35:25,036 [root] INFO: Terminating process 1912 before shutdown.
2019-09-11 19:35:25,036 [root] INFO: Waiting for process 1912 to exit.
2019-09-11 19:35:25,066 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 1912
2019-09-11 19:35:26,049 [lib.api.process] INFO: Successfully received reply to terminate_event, pid 1556
2019-09-11 19:35:26,049 [root] DEBUG: Terminate Event: Processing tracked regions before shutdown (process 1556).
2019-09-11 19:35:26,049 [root] INFO: Terminate event set for process 1556.
2019-09-11 19:35:26,049 [root] INFO: Terminating process 1556 before shutdown.
2019-09-11 19:35:26,049 [root] INFO: Waiting for process 1556 to exit.
2019-09-11 19:35:26,049 [root] DEBUG: DumpPEsInRange: Scanning range 0x002C0000 - 0x002C1000.
2019-09-11 19:35:26,049 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x2c0000-0x2c1000.
2019-09-11 19:35:26,049 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x002C0000 - 0x002C1000.
2019-09-11 19:35:26,049 [root] DEBUG: DumpMemory: CAPE output file C:\IsVQLKx\CAPE\1556_27775928626351811392019 successfully created, size 0x1000
2019-09-11 19:35:26,065 [root] INFO: Added new CAPE file to list with path: C:\IsVQLKx\CAPE\1556_27775928626351811392019
2019-09-11 19:35:26,065 [root] DEBUG: DumpRegion: Dumped entire allocation from 0x002C0000, size 0x1000.
2019-09-11 19:35:26,065 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x002C0000.
2019-09-11 19:35:26,065 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x2c0000 - 0x2c1000.
2019-09-11 19:35:26,081 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 1556
2019-09-11 19:35:27,063 [root] INFO: Shutting down package.
2019-09-11 19:35:27,063 [root] INFO: Stopping auxiliary modules.
2019-09-11 19:35:27,063 [root] INFO: Finishing auxiliary modules.
2019-09-11 19:35:27,063 [root] INFO: Shutting down pipe server and dumping dropped files.
2019-09-11 19:35:27,063 [root] WARNING: File at path "C:\IsVQLKx\debugger" does not exist, skip.
2019-09-11 19:35:27,063 [root] INFO: Analysis completed.

MalScore

10.0

Malicious

Machine

Name Label Manager Started On Shutdown On
target-02 target-02 ESX 2019-09-11 18:31:44 2019-09-11 18:35:45

File Details

File Name Cashback.exe
File Size 1198936 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ed431f3209eb43d80fc3dbea1e994c9a
SHA1 6508cc5a264d0e010c59665016dbc97d852a4d7d
SHA256 a127323192abed93aed53648d03ca84de3b5b006b641033eb46a520b7a3c16fc
SHA512 48546290facda1725b9768773baf85a9a847537b6c373ceeaee42235b612a4cb73489efcd57b5c33201632678d0ecd40c5a4628b2418e2d5c9d787ec2d56812f
CRC32 6FA81BF5
Ssdeep 24576:lQGhHu75RbAJEh3R3NSfOOKeDQ74sDVbi0+0Z+5HoMyAQk:lQG9e5RbsEXOrDQ7RDVbi0FZ+6MyAQk
TrID
  • 64.5% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 13.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 9.3% (.EXE) Win32 Executable (generic) (4508/7/1)
  • 4.1% (.EXE) OS/2 Executable (generic) (2029/13)
  • 4.1% (.EXE) Generic Win/DOS Executable (2002/3)
ClamAV None matched
Yara None matched
CAPE Yara None matched
Resubmit sample

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Hit: PID 0 trigged the Yara rule 'shellcode'
Possible date expiration check, exits too soon after checking local time
process: temp.exe, PID 1668
Anomalous file deletion behavior detected (10+)
DeletedFile: C:\Users\user\AppData\Local\Temp\iron.txt
DeletedFile: C:\Users\user\AppData\Local\Temp\iron.txt
DeletedFile: C:\Users\user\AppData\Local\Temp\iron.txt
DeletedFile: C:\Users\user\AppData\Local\Temp\iron.txt
DeletedFile: C:\Users\user\AppData\Local\Temp\iron.txt
DeletedFile: C:\Users\user\AppData\Local\Temp\iron.txt
DeletedFile: C:\Users\user\AppData\Local\Temp\iron.txt
DeletedFile: C:\Users\user\AppData\Local\Temp\iron.txt
DeletedFile: C:\Users\user\AppData\Local\Temp\iron.txt
DeletedFile: C:\Users\user\AppData\Local\Temp\iron.txt
DeletedFile: C:\Users\user\AppData\Local\Temp\iron.txt
DeletedFile: C:\Users\user\AppData\Local\Temp\iron.txt
DeletedFile: C:\Users\user\AppData\Local\Temp\iron.txt
DeletedFile: C:\Users\user\AppData\Local\Temp\iron.txt
Dynamic (imported) function loading detected
DynamicLoader: IMM32.DLL/ImmCreateContext
DynamicLoader: IMM32.DLL/ImmDestroyContext
DynamicLoader: IMM32.DLL/ImmNotifyIME
DynamicLoader: IMM32.DLL/ImmAssociateContext
DynamicLoader: IMM32.DLL/ImmReleaseContext
DynamicLoader: IMM32.DLL/ImmGetContext
DynamicLoader: IMM32.DLL/ImmGetCompositionStringA
DynamicLoader: IMM32.DLL/ImmSetCompositionStringA
DynamicLoader: IMM32.DLL/ImmGetCompositionStringW
DynamicLoader: IMM32.DLL/ImmSetCompositionStringW
DynamicLoader: IMM32.DLL/ImmSetCandidateWindow
DynamicLoader: kernel32.dll/HeapSetInformation
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: ADVAPI32.dll/DecryptFileA
DynamicLoader: feclient.dll/FeClientInitialize
DynamicLoader: advpack.dll/DelNodeRunDLL32
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: KERNELBASE.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: kernel32.dll/ProcessIdToSessionId
DynamicLoader: IMM32.DLL/ImmCreateContext
DynamicLoader: IMM32.DLL/ImmDestroyContext
DynamicLoader: IMM32.DLL/ImmNotifyIME
DynamicLoader: IMM32.DLL/ImmAssociateContext
DynamicLoader: IMM32.DLL/ImmReleaseContext
DynamicLoader: IMM32.DLL/ImmGetContext
DynamicLoader: IMM32.DLL/ImmGetCompositionStringA
DynamicLoader: IMM32.DLL/ImmSetCompositionStringA
DynamicLoader: IMM32.DLL/ImmGetCompositionStringW
DynamicLoader: IMM32.DLL/ImmSetCompositionStringW
DynamicLoader: IMM32.DLL/ImmSetCandidateWindow
DynamicLoader: kernel32.dll/VirtualProtect
DynamicLoader: WSOCK32.dll/
DynamicLoader: WSOCK32.dll/
DynamicLoader: WSOCK32.dll/
DynamicLoader: WSOCK32.dll/
DynamicLoader: WSOCK32.dll/
DynamicLoader: WINMM.dll/mixerSetControlDetails
DynamicLoader: WINMM.dll/waveOutGetVolume
DynamicLoader: WINMM.dll/joyGetPosEx
DynamicLoader: WINMM.dll/mixerGetControlDetailsA
DynamicLoader: WINMM.dll/mixerOpen
DynamicLoader: WINMM.dll/mixerGetDevCapsA
DynamicLoader: WINMM.dll/mixerGetLineControlsA
DynamicLoader: WINMM.dll/waveOutSetVolume
DynamicLoader: WINMM.dll/mixerClose
DynamicLoader: WINMM.dll/mciSendStringA
DynamicLoader: WINMM.dll/joyGetDevCapsA
DynamicLoader: WINMM.dll/mixerGetLineInfoA
DynamicLoader: VERSION.dll/VerQueryValueA
DynamicLoader: VERSION.dll/GetFileVersionInfoA
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeA
DynamicLoader: COMCTL32.dll/ImageList_Create
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/ImageList_ReplaceIcon
DynamicLoader: COMCTL32.dll/InitCommonControlsEx
DynamicLoader: COMCTL32.dll/ImageList_GetIconSize
DynamicLoader: COMCTL32.dll/ImageList_Destroy
DynamicLoader: COMCTL32.dll/ImageList_AddMasked
DynamicLoader: PSAPI.DLL/GetModuleBaseNameA
DynamicLoader: PSAPI.DLL/GetModuleFileNameExA
DynamicLoader: kernel32.dll/LoadResource
DynamicLoader: kernel32.dll/LockResource
DynamicLoader: kernel32.dll/FindFirstFileA
DynamicLoader: kernel32.dll/FindNextFileA
DynamicLoader: kernel32.dll/FindClose
DynamicLoader: kernel32.dll/FileTimeToLocalFileTime
DynamicLoader: kernel32.dll/SetEnvironmentVariableA
DynamicLoader: kernel32.dll/Beep
DynamicLoader: kernel32.dll/MoveFileA
DynamicLoader: kernel32.dll/OutputDebugStringA
DynamicLoader: kernel32.dll/CreateProcessA
DynamicLoader: kernel32.dll/GetFileAttributesA
DynamicLoader: kernel32.dll/GetExitCodeProcess
DynamicLoader: kernel32.dll/WriteProcessMemory
DynamicLoader: kernel32.dll/ReadProcessMemory
DynamicLoader: kernel32.dll/GetCurrentProcessId
DynamicLoader: kernel32.dll/OpenProcess
DynamicLoader: kernel32.dll/TerminateProcess
DynamicLoader: kernel32.dll/SetPriorityClass
DynamicLoader: kernel32.dll/SetLastError
DynamicLoader: kernel32.dll/GetEnvironmentVariableA
DynamicLoader: kernel32.dll/GetLocalTime
DynamicLoader: kernel32.dll/GetDateFormatA
DynamicLoader: kernel32.dll/GetTimeFormatA
DynamicLoader: kernel32.dll/GetDiskFreeSpaceA
DynamicLoader: kernel32.dll/SetVolumeLabelA
DynamicLoader: kernel32.dll/CreateFileA
DynamicLoader: kernel32.dll/DeviceIoControl
DynamicLoader: kernel32.dll/GetDriveTypeA
DynamicLoader: kernel32.dll/GetVolumeInformationA
DynamicLoader: kernel32.dll/CreateDirectoryA
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/GetACP
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/DeleteFileA
DynamicLoader: kernel32.dll/SetFileAttributesA
DynamicLoader: kernel32.dll/LocalFileTimeToFileTime
DynamicLoader: kernel32.dll/SetFileTime
DynamicLoader: kernel32.dll/GetFileSizeEx
DynamicLoader: kernel32.dll/GetSystemTime
DynamicLoader: kernel32.dll/GetSystemDefaultUILanguage
DynamicLoader: kernel32.dll/GetComputerNameA
DynamicLoader: kernel32.dll/GetWindowsDirectoryA
DynamicLoader: kernel32.dll/GetTempPathA
DynamicLoader: kernel32.dll/GetFullPathNameA
DynamicLoader: kernel32.dll/GetShortPathNameA
DynamicLoader: kernel32.dll/SizeofResource
DynamicLoader: kernel32.dll/LeaveCriticalSection
DynamicLoader: kernel32.dll/VirtualProtect
DynamicLoader: kernel32.dll/QueryDosDeviceA
DynamicLoader: kernel32.dll/CompareStringA
DynamicLoader: kernel32.dll/GetFullPathNameW
DynamicLoader: kernel32.dll/RemoveDirectoryA
DynamicLoader: kernel32.dll/CopyFileA
DynamicLoader: kernel32.dll/GetCurrentProcess
DynamicLoader: kernel32.dll/FormatMessageA
DynamicLoader: kernel32.dll/GetPrivateProfileStringA
DynamicLoader: kernel32.dll/GetPrivateProfileSectionA
DynamicLoader: kernel32.dll/GetPrivateProfileSectionNamesA
DynamicLoader: kernel32.dll/WritePrivateProfileStringA
DynamicLoader: kernel32.dll/WritePrivateProfileSectionA
DynamicLoader: kernel32.dll/SetEndOfFile
DynamicLoader: kernel32.dll/GetFileType
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/SetFilePointerEx
DynamicLoader: kernel32.dll/SystemTimeToFileTime
DynamicLoader: kernel32.dll/FileTimeToSystemTime
DynamicLoader: kernel32.dll/GetFileSize
DynamicLoader: kernel32.dll/VirtualAllocEx
DynamicLoader: kernel32.dll/VirtualFreeEx
DynamicLoader: kernel32.dll/EnumResourceNamesA
DynamicLoader: kernel32.dll/LoadLibraryExA
DynamicLoader: kernel32.dll/GlobalSize
DynamicLoader: kernel32.dll/TlsGetValue
DynamicLoader: kernel32.dll/TlsAlloc
DynamicLoader: kernel32.dll/IsValidCodePage
DynamicLoader: kernel32.dll/GetOEMCP
DynamicLoader: kernel32.dll/InterlockedDecrement
DynamicLoader: kernel32.dll/InterlockedIncrement
DynamicLoader: kernel32.dll/GetStartupInfoW
DynamicLoader: kernel32.dll/HeapSetInformation
DynamicLoader: kernel32.dll/GetCommandLineA
DynamicLoader: kernel32.dll/HeapQueryInformation
DynamicLoader: kernel32.dll/HeapSize
DynamicLoader: kernel32.dll/HeapReAlloc
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/GetModuleHandleW
DynamicLoader: kernel32.dll/HeapAlloc
DynamicLoader: kernel32.dll/HeapFree
DynamicLoader: kernel32.dll/UnhandledExceptionFilter
DynamicLoader: kernel32.dll/SetUnhandledExceptionFilter
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: kernel32.dll/HeapCreate
DynamicLoader: kernel32.dll/GetModuleFileNameW
DynamicLoader: kernel32.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: kernel32.dll/FindResourceA
DynamicLoader: kernel32.dll/GetSystemTimeAsFileTime
DynamicLoader: kernel32.dll/GetModuleFileNameA
DynamicLoader: kernel32.dll/DeleteCriticalSection
DynamicLoader: kernel32.dll/GetCPInfo
DynamicLoader: kernel32.dll/GetVersionExW
DynamicLoader: kernel32.dll/FreeLibrary
DynamicLoader: kernel32.dll/LoadLibraryA
DynamicLoader: kernel32.dll/MultiByteToWideChar
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/CreateMutexA
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: kernel32.dll/GetExitCodeThread
DynamicLoader: kernel32.dll/SetThreadPriority
DynamicLoader: kernel32.dll/CreateThread
DynamicLoader: kernel32.dll/GetStringTypeExA
DynamicLoader: kernel32.dll/lstrcmpiA
DynamicLoader: kernel32.dll/WideCharToMultiByte
DynamicLoader: kernel32.dll/GetCurrentThreadId
DynamicLoader: kernel32.dll/GlobalUnlock
DynamicLoader: kernel32.dll/GlobalFree
DynamicLoader: kernel32.dll/GlobalAlloc
DynamicLoader: kernel32.dll/GlobalLock
DynamicLoader: kernel32.dll/GetCurrentDirectoryA
DynamicLoader: kernel32.dll/SetErrorMode
DynamicLoader: kernel32.dll/InitializeCriticalSection
DynamicLoader: kernel32.dll/SetCurrentDirectoryA
DynamicLoader: kernel32.dll/Sleep
DynamicLoader: kernel32.dll/GetTickCount
DynamicLoader: kernel32.dll/MulDiv
DynamicLoader: kernel32.dll/TlsSetValue
DynamicLoader: kernel32.dll/TlsFree
DynamicLoader: kernel32.dll/LoadLibraryW
DynamicLoader: kernel32.dll/SetHandleCount
DynamicLoader: kernel32.dll/IsProcessorFeaturePresent
DynamicLoader: kernel32.dll/GetStringTypeW
DynamicLoader: kernel32.dll/RaiseException
DynamicLoader: kernel32.dll/RtlUnwind
DynamicLoader: kernel32.dll/GetConsoleCP
DynamicLoader: kernel32.dll/GetConsoleMode
DynamicLoader: kernel32.dll/FreeEnvironmentStringsW
DynamicLoader: kernel32.dll/GetEnvironmentStringsW
DynamicLoader: kernel32.dll/QueryPerformanceCounter
DynamicLoader: kernel32.dll/SetFilePointer
DynamicLoader: kernel32.dll/FlushFileBuffers
DynamicLoader: kernel32.dll/LCMapStringW
DynamicLoader: kernel32.dll/WriteConsoleW
DynamicLoader: kernel32.dll/SetStdHandle
DynamicLoader: kernel32.dll/GetProcessHeap
DynamicLoader: kernel32.dll/CreateFileW
DynamicLoader: kernel32.dll/EnterCriticalSection
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: USER32.dll/ExitWindowsEx
DynamicLoader: USER32.dll/SetMenu
DynamicLoader: USER32.dll/FlashWindow
DynamicLoader: USER32.dll/GetPropA
DynamicLoader: USER32.dll/SetPropA
DynamicLoader: USER32.dll/RemovePropA
DynamicLoader: USER32.dll/MapWindowPoints
DynamicLoader: USER32.dll/RedrawWindow
DynamicLoader: USER32.dll/SetParent
DynamicLoader: USER32.dll/SendMessageW
DynamicLoader: USER32.dll/GetClassInfoExA
DynamicLoader: USER32.dll/GetAncestor
DynamicLoader: USER32.dll/UpdateWindow
DynamicLoader: USER32.dll/GetMessagePos
DynamicLoader: USER32.dll/GetClassLongA
DynamicLoader: USER32.dll/DefDlgProcA
DynamicLoader: USER32.dll/CallWindowProcA
DynamicLoader: USER32.dll/CheckRadioButton
DynamicLoader: USER32.dll/IntersectRect
DynamicLoader: USER32.dll/GetUpdateRect
DynamicLoader: USER32.dll/PtInRect
DynamicLoader: USER32.dll/CreateDialogIndirectParamA
DynamicLoader: USER32.dll/CreateAcceleratorTableA
DynamicLoader: USER32.dll/DestroyAcceleratorTable
DynamicLoader: USER32.dll/InsertMenuItemA
DynamicLoader: USER32.dll/SetMenuDefaultItem
DynamicLoader: USER32.dll/RemoveMenu
DynamicLoader: USER32.dll/SetMenuItemInfoA
DynamicLoader: USER32.dll/IsMenu
DynamicLoader: USER32.dll/GetMenuItemInfoA
DynamicLoader: USER32.dll/CreateMenu
DynamicLoader: USER32.dll/CreatePopupMenu
DynamicLoader: USER32.dll/SetMenuInfo
DynamicLoader: USER32.dll/AppendMenuA
DynamicLoader: USER32.dll/DestroyMenu
DynamicLoader: USER32.dll/TrackPopupMenuEx
DynamicLoader: USER32.dll/GetDesktopWindow
DynamicLoader: USER32.dll/CopyImage
DynamicLoader: USER32.dll/CreateIconIndirect
DynamicLoader: USER32.dll/CreateIconFromResourceEx
DynamicLoader: USER32.dll/EnumClipboardFormats
DynamicLoader: USER32.dll/GetWindow
DynamicLoader: USER32.dll/BringWindowToTop
DynamicLoader: USER32.dll/MessageBoxA
DynamicLoader: USER32.dll/GetTopWindow
DynamicLoader: USER32.dll/DrawTextA
DynamicLoader: USER32.dll/SetRect
DynamicLoader: USER32.dll/GetIconInfo
DynamicLoader: USER32.dll/SetWindowTextA
DynamicLoader: USER32.dll/IsWindowVisible
DynamicLoader: USER32.dll/CheckMenuItem
DynamicLoader: USER32.dll/GetMenuStringA
DynamicLoader: USER32.dll/ChangeClipboardChain
DynamicLoader: USER32.dll/SetClipboardViewer
DynamicLoader: USER32.dll/EnableMenuItem
DynamicLoader: USER32.dll/GetMenu
DynamicLoader: USER32.dll/CreateWindowExA
DynamicLoader: USER32.dll/RegisterClassExA
DynamicLoader: USER32.dll/LoadCursorA
DynamicLoader: USER32.dll/DestroyIcon
DynamicLoader: USER32.dll/DestroyWindow
DynamicLoader: USER32.dll/IsCharAlphaA
DynamicLoader: USER32.dll/MapVirtualKeyA
DynamicLoader: USER32.dll/MapVirtualKeyExA
DynamicLoader: USER32.dll/DefWindowProcA
DynamicLoader: USER32.dll/GetGUIThreadInfo
DynamicLoader: USER32.dll/GetWindowTextA
DynamicLoader: USER32.dll/mouse_event
DynamicLoader: USER32.dll/WindowFromPoint
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: USER32.dll/keybd_event
DynamicLoader: USER32.dll/SetKeyboardState
DynamicLoader: USER32.dll/GetKeyboardState
DynamicLoader: USER32.dll/GetCursorPos
DynamicLoader: USER32.dll/PostMessageW
DynamicLoader: USER32.dll/GetAsyncKeyState
DynamicLoader: USER32.dll/AttachThreadInput
DynamicLoader: USER32.dll/SendInput
DynamicLoader: USER32.dll/UnregisterHotKey
DynamicLoader: USER32.dll/RegisterHotKey
DynamicLoader: USER32.dll/PostQuitMessage
DynamicLoader: USER32.dll/SendMessageTimeoutA
DynamicLoader: USER32.dll/UnhookWindowsHookEx
DynamicLoader: USER32.dll/SetWindowsHookExA
DynamicLoader: USER32.dll/PostThreadMessageA
DynamicLoader: USER32.dll/IsCharAlphaNumericA
DynamicLoader: USER32.dll/IsCharUpperA
DynamicLoader: USER32.dll/IsCharLowerA
DynamicLoader: USER32.dll/ToAsciiEx
DynamicLoader: USER32.dll/GetKeyboardLayout
DynamicLoader: USER32.dll/CallNextHookEx
DynamicLoader: USER32.dll/CharLowerA
DynamicLoader: USER32.dll/ReleaseDC
DynamicLoader: USER32.dll/GetDC
DynamicLoader: USER32.dll/OpenClipboard
DynamicLoader: USER32.dll/GetClipboardData
DynamicLoader: USER32.dll/GetClipboardFormatNameA
DynamicLoader: USER32.dll/CloseClipboard
DynamicLoader: USER32.dll/SetClipboardData
DynamicLoader: USER32.dll/EmptyClipboard
DynamicLoader: USER32.dll/PostMessageA
DynamicLoader: USER32.dll/FindWindowA
DynamicLoader: USER32.dll/GetSubMenu
DynamicLoader: USER32.dll/GetMenuItemID
DynamicLoader: USER32.dll/GetMenuItemCount
DynamicLoader: USER32.dll/GetSystemMenu
DynamicLoader: USER32.dll/GetLastInputInfo
DynamicLoader: USER32.dll/GetCursor
DynamicLoader: USER32.dll/ClientToScreen
DynamicLoader: USER32.dll/MessageBeep
DynamicLoader: USER32.dll/SetDlgItemTextA
DynamicLoader: USER32.dll/GetDlgItem
DynamicLoader: USER32.dll/SendDlgItemMessageA
DynamicLoader: USER32.dll/DialogBoxParamA
DynamicLoader: USER32.dll/LoadImageA
DynamicLoader: USER32.dll/SetForegroundWindow
DynamicLoader: USER32.dll/EndDialog
DynamicLoader: USER32.dll/IsWindow
DynamicLoader: USER32.dll/DispatchMessageA
DynamicLoader: USER32.dll/TranslateMessage
DynamicLoader: USER32.dll/ShowWindow
DynamicLoader: USER32.dll/CountClipboardFormats
DynamicLoader: USER32.dll/SetWindowLongA
DynamicLoader: USER32.dll/ScreenToClient
DynamicLoader: USER32.dll/IsDialogMessageA
DynamicLoader: USER32.dll/SendMessageA
DynamicLoader: USER32.dll/FillRect
DynamicLoader: USER32.dll/DrawIconEx
DynamicLoader: USER32.dll/GetSysColorBrush
DynamicLoader: USER32.dll/GetSysColor
DynamicLoader: USER32.dll/RegisterWindowMessageA
DynamicLoader: USER32.dll/IsIconic
DynamicLoader: USER32.dll/IsZoomed
DynamicLoader: USER32.dll/EnumWindows
DynamicLoader: USER32.dll/GetWindowTextLengthA
DynamicLoader: USER32.dll/EnableWindow
DynamicLoader: USER32.dll/InvalidateRect
DynamicLoader: USER32.dll/SetLayeredWindowAttributes
DynamicLoader: USER32.dll/SetWindowPos
DynamicLoader: USER32.dll/SetWindowRgn
DynamicLoader: USER32.dll/SetFocus
DynamicLoader: USER32.dll/SetActiveWindow
DynamicLoader: USER32.dll/EnumChildWindows
DynamicLoader: USER32.dll/MoveWindow
DynamicLoader: USER32.dll/GetQueueStatus
DynamicLoader: USER32.dll/GetWindowRect
DynamicLoader: USER32.dll/GetClientRect
DynamicLoader: USER32.dll/IsWindowEnabled
DynamicLoader: USER32.dll/GetWindowLongA
DynamicLoader: USER32.dll/GetKeyState
DynamicLoader: USER32.dll/TranslateAcceleratorA
DynamicLoader: USER32.dll/KillTimer
DynamicLoader: USER32.dll/PeekMessageA
DynamicLoader: USER32.dll/GetFocus
DynamicLoader: USER32.dll/GetClassNameA
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: USER32.dll/GetForegroundWindow
DynamicLoader: USER32.dll/GetMessageA
DynamicLoader: USER32.dll/SetTimer
DynamicLoader: USER32.dll/GetParent
DynamicLoader: USER32.dll/GetDlgCtrlID
DynamicLoader: USER32.dll/CharUpperA
DynamicLoader: USER32.dll/IsClipboardFormatAvailable
DynamicLoader: USER32.dll/SystemParametersInfoA
DynamicLoader: USER32.dll/VkKeyScanExA
DynamicLoader: USER32.dll/AdjustWindowRectEx
DynamicLoader: USER32.dll/LoadAcceleratorsA
DynamicLoader: GDI32.dll/GetPixel
DynamicLoader: GDI32.dll/GetClipRgn
DynamicLoader: GDI32.dll/GetCharABCWidthsA
DynamicLoader: GDI32.dll/SetBkMode
DynamicLoader: GDI32.dll/CreatePatternBrush
DynamicLoader: GDI32.dll/SetBrushOrgEx
DynamicLoader: GDI32.dll/EnumFontFamiliesExA
DynamicLoader: GDI32.dll/CreateDIBSection
DynamicLoader: GDI32.dll/GdiFlush
DynamicLoader: GDI32.dll/SetBkColor
DynamicLoader: GDI32.dll/ExcludeClipRect
DynamicLoader: GDI32.dll/SetTextColor
DynamicLoader: GDI32.dll/GetClipBox
DynamicLoader: GDI32.dll/BitBlt
DynamicLoader: GDI32.dll/CreateCompatibleBitmap
DynamicLoader: GDI32.dll/GetSystemPaletteEntries
DynamicLoader: GDI32.dll/GetDIBits
DynamicLoader: GDI32.dll/CreateCompatibleDC
DynamicLoader: GDI32.dll/CreatePolygonRgn
DynamicLoader: GDI32.dll/CreateRectRgn
DynamicLoader: GDI32.dll/CreateRoundRectRgn
DynamicLoader: GDI32.dll/CreateEllipticRgn
DynamicLoader: GDI32.dll/DeleteDC
DynamicLoader: GDI32.dll/GetObjectA
DynamicLoader: GDI32.dll/GetTextMetricsA
DynamicLoader: GDI32.dll/GetTextFaceA
DynamicLoader: GDI32.dll/SelectObject
DynamicLoader: GDI32.dll/GetStockObject
DynamicLoader: GDI32.dll/CreateDCA
DynamicLoader: GDI32.dll/CreateSolidBrush
DynamicLoader: GDI32.dll/CreateFontA
DynamicLoader: GDI32.dll/FillRgn
DynamicLoader: GDI32.dll/GetDeviceCaps
DynamicLoader: GDI32.dll/DeleteObject
DynamicLoader: COMDLG32.dll/CommDlgExtendedError
DynamicLoader: COMDLG32.dll/GetSaveFileNameA
DynamicLoader: COMDLG32.dll/GetOpenFileNameA
DynamicLoader: ADVAPI32.dll/RegDeleteKeyA
DynamicLoader: ADVAPI32.dll/RegSetValueExA
DynamicLoader: ADVAPI32.dll/RegCreateKeyExA
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueA
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/CloseServiceHandle
DynamicLoader: ADVAPI32.dll/UnlockServiceDatabase
DynamicLoader: ADVAPI32.dll/LockServiceDatabase
DynamicLoader: ADVAPI32.dll/OpenSCManagerA
DynamicLoader: ADVAPI32.dll/GetUserNameA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: ADVAPI32.dll/RegEnumValueA
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyA
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegConnectRegistryA
DynamicLoader: ADVAPI32.dll/RegDeleteValueA
DynamicLoader: SHELL32.dll/DragQueryPoint
DynamicLoader: SHELL32.dll/SHEmptyRecycleBinA
DynamicLoader: SHELL32.dll/SHFileOperationA
DynamicLoader: SHELL32.dll/SHGetPathFromIDListA
DynamicLoader: SHELL32.dll/SHBrowseForFolderA
DynamicLoader: SHELL32.dll/SHGetDesktopFolder
DynamicLoader: SHELL32.dll/SHGetMalloc
DynamicLoader: SHELL32.dll/SHGetFolderPathA
DynamicLoader: SHELL32.dll/ShellExecuteExA
DynamicLoader: SHELL32.dll/Shell_NotifyIconA
DynamicLoader: SHELL32.dll/DragFinish
DynamicLoader: SHELL32.dll/DragQueryFileA
DynamicLoader: SHELL32.dll/ExtractIconA
DynamicLoader: ole32.dll/OleInitialize
DynamicLoader: ole32.dll/OleUninitialize
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoInitialize
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CLSIDFromString
DynamicLoader: ole32.dll/CoGetObject
DynamicLoader: ole32.dll/StringFromGUID2
DynamicLoader: ole32.dll/CreateStreamOnHGlobal
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: ntdll.dll/RtlGetVersion
DynamicLoader: USER32.dll/SendInput
DynamicLoader: USER32.dll/RemoveClipboardFormatListener
DynamicLoader: USER32.dll/AddClipboardFormatListener
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: ADVAPI32.dll/CryptAcquireContextW
DynamicLoader: ADVAPI32.dll/CryptCreateHash
DynamicLoader: ADVAPI32.dll/CryptHashData
DynamicLoader: ADVAPI32.dll/CryptDeriveKey
DynamicLoader: ADVAPI32.dll/CryptGetKeyParam
DynamicLoader: USER32.dll/LoadLibrary
DynamicLoader: kernel32.dll/LoadLibrary
DynamicLoader: COMCTL32.dll/LoadLibrary
DynamicLoader: GDI32.dll/LoadLibrary
DynamicLoader: USER32.dll/LoadLibraryA
DynamicLoader: kernel32.dll/LoadLibraryA
DynamicLoader: USER32.dll/GetProcAddress
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: USER32.dll/FreeLibrary
DynamicLoader: kernel32.dll/FreeLibrary
DynamicLoader: ADVAPI32.dll/CryptEncrypt
DynamicLoader: USER32.dll/LoadLibrary
DynamicLoader: kernel32.dll/LoadLibrary
DynamicLoader: COMCTL32.dll/LoadLibrary
DynamicLoader: GDI32.dll/LoadLibrary
DynamicLoader: USER32.dll/LoadLibraryA
DynamicLoader: kernel32.dll/LoadLibraryA
DynamicLoader: USER32.dll/GetProcAddress
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: USER32.dll/FreeLibrary
DynamicLoader: kernel32.dll/FreeLibrary
DynamicLoader: ADVAPI32.dll/CryptDecrypt
DynamicLoader: ADVAPI32.dll/CryptDestroyKey
DynamicLoader: ADVAPI32.dll/CryptDestroyHash
DynamicLoader: ADVAPI32.dll/CryptReleaseContext
DynamicLoader: ADVAPI32.dll/CryptAcquireContextW
DynamicLoader: ADVAPI32.dll/CryptCreateHash
DynamicLoader: ADVAPI32.dll/CryptHashData
DynamicLoader: ADVAPI32.dll/CryptDeriveKey
DynamicLoader: ADVAPI32.dll/CryptDestroyHash
DynamicLoader: ADVAPI32.dll/CryptCreateHash
DynamicLoader: ADVAPI32.dll/CryptSetHashParam
DynamicLoader: USER32.dll/GetModuleHandleW
DynamicLoader: kernel32.dll/GetModuleHandleW
DynamicLoader: USER32.dll/LoadLibraryW
DynamicLoader: kernel32.dll/LoadLibraryW
DynamicLoader: USER32.dll/GetProcAddress
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: ADVAPI32.dll/CryptHashData
DynamicLoader: ADVAPI32.dll/CryptGetHashParam
DynamicLoader: ADVAPI32.dll/CryptGetHashParam
DynamicLoader: USER32.dll/FreeLibrary
DynamicLoader: kernel32.dll/FreeLibrary
DynamicLoader: ADVAPI32.dll/CryptDestroyHash
DynamicLoader: ADVAPI32.dll/CryptDestroyKey
DynamicLoader: ADVAPI32.dll/CryptReleaseContext
DynamicLoader: USER32.dll/FormatMessageW
DynamicLoader: kernel32.dll/FormatMessageW
DynamicLoader: ADVAPI32.dll/CryptSetKeyParam
DynamicLoader: ADVAPI32.dll/CryptGetKeyParam
DynamicLoader: ADVAPI32.dll/CryptGetKeyParam
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptDeriveKey
DynamicLoader: CRYPTSP.dll/CryptGetKeyParam
DynamicLoader: ADVAPI32.dll/CryptDecrypt
DynamicLoader: CRYPTSP.dll/CryptDecrypt
DynamicLoader: CRYPTSP.dll/CryptDestroyKey
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: KERNELBASE.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: kernel32.dll/ProcessIdToSessionId
DynamicLoader: IMM32.DLL/ImmCreateContext
DynamicLoader: IMM32.DLL/ImmDestroyContext
DynamicLoader: IMM32.DLL/ImmNotifyIME
DynamicLoader: IMM32.DLL/ImmAssociateContext
DynamicLoader: IMM32.DLL/ImmReleaseContext
DynamicLoader: IMM32.DLL/ImmGetContext
DynamicLoader: IMM32.DLL/ImmGetCompositionStringA
DynamicLoader: IMM32.DLL/ImmSetCompositionStringA
DynamicLoader: IMM32.DLL/ImmGetCompositionStringW
DynamicLoader: IMM32.DLL/ImmSetCompositionStringW
DynamicLoader: IMM32.DLL/ImmSetCandidateWindow
DynamicLoader: kernel32.dll/GetDiskFreeSpaceExA
DynamicLoader: oleaut32.dll/VariantChangeTypeEx
DynamicLoader: oleaut32.dll/VarNeg
DynamicLoader: oleaut32.dll/VarNot
DynamicLoader: oleaut32.dll/VarAdd
DynamicLoader: oleaut32.dll/VarSub
DynamicLoader: oleaut32.dll/VarMul
DynamicLoader: oleaut32.dll/VarDiv
DynamicLoader: oleaut32.dll/VarIdiv
DynamicLoader: oleaut32.dll/VarMod
DynamicLoader: oleaut32.dll/VarAnd
DynamicLoader: oleaut32.dll/VarOr
DynamicLoader: oleaut32.dll/VarXor
DynamicLoader: oleaut32.dll/VarCmp
DynamicLoader: oleaut32.dll/VarI4FromStr
DynamicLoader: oleaut32.dll/VarR4FromStr
DynamicLoader: oleaut32.dll/VarR8FromStr
DynamicLoader: oleaut32.dll/VarDateFromStr
DynamicLoader: oleaut32.dll/VarCyFromStr
DynamicLoader: oleaut32.dll/VarBoolFromStr
DynamicLoader: oleaut32.dll/VarBstrFromCy
DynamicLoader: oleaut32.dll/VarBstrFromDate
DynamicLoader: oleaut32.dll/VarBstrFromBool
DynamicLoader: USER32.dll/GetMonitorInfoA
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: USER32.dll/EnumDisplayMonitors
DynamicLoader: USER32.dll/AnimateWindow
DynamicLoader: comctl32.dll/InitializeFlatSB
DynamicLoader: comctl32.dll/UninitializeFlatSB
DynamicLoader: comctl32.dll/FlatSB_GetScrollProp
DynamicLoader: comctl32.dll/FlatSB_SetScrollProp
DynamicLoader: comctl32.dll/FlatSB_EnableScrollBar
DynamicLoader: comctl32.dll/FlatSB_ShowScrollBar
DynamicLoader: comctl32.dll/FlatSB_GetScrollRange
DynamicLoader: comctl32.dll/FlatSB_GetScrollInfo
DynamicLoader: comctl32.dll/FlatSB_GetScrollPos
DynamicLoader: comctl32.dll/FlatSB_SetScrollPos
DynamicLoader: comctl32.dll/FlatSB_SetScrollInfo
DynamicLoader: comctl32.dll/FlatSB_SetScrollRange
DynamicLoader: USER32.dll/SetLayeredWindowAttributes
DynamicLoader: ole32.dll/CoCreateInstanceEx
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoAddRefServerProcess
DynamicLoader: ole32.dll/CoReleaseServerProcess
DynamicLoader: ole32.dll/CoResumeClassObjects
DynamicLoader: ole32.dll/CoSuspendClassObjects
DynamicLoader: olepro32.dll/OleCreatePropertyFrame
DynamicLoader: olepro32.dll/OleCreateFontIndirect
DynamicLoader: olepro32.dll/OleCreatePictureIndirect
DynamicLoader: olepro32.dll/OleLoadPicture
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: uxtheme.dll/OpenThemeData
DynamicLoader: uxtheme.dll/CloseThemeData
DynamicLoader: uxtheme.dll/DrawThemeBackground
DynamicLoader: uxtheme.dll/DrawThemeText
DynamicLoader: uxtheme.dll/GetThemeBackgroundContentRect
DynamicLoader: uxtheme.dll/GetThemePartSize
DynamicLoader: uxtheme.dll/GetThemeTextExtent
DynamicLoader: uxtheme.dll/GetThemeTextMetrics
DynamicLoader: uxtheme.dll/GetThemeBackgroundRegion
DynamicLoader: uxtheme.dll/HitTestThemeBackground
DynamicLoader: uxtheme.dll/DrawThemeEdge
DynamicLoader: uxtheme.dll/DrawThemeIcon
DynamicLoader: uxtheme.dll/IsThemePartDefined
DynamicLoader: uxtheme.dll/IsThemeBackgroundPartiallyTransparent
DynamicLoader: uxtheme.dll/GetThemeColor
DynamicLoader: uxtheme.dll/GetThemeMetric
DynamicLoader: uxtheme.dll/GetThemeString
DynamicLoader: uxtheme.dll/GetThemeBool
DynamicLoader: uxtheme.dll/GetThemeInt
DynamicLoader: uxtheme.dll/GetThemeEnumValue
DynamicLoader: uxtheme.dll/GetThemePosition
DynamicLoader: uxtheme.dll/GetThemeFont
DynamicLoader: uxtheme.dll/GetThemeRect
DynamicLoader: uxtheme.dll/GetThemeMargins
DynamicLoader: uxtheme.dll/GetThemeIntList
DynamicLoader: uxtheme.dll/GetThemePropertyOrigin
DynamicLoader: uxtheme.dll/SetWindowTheme
DynamicLoader: uxtheme.dll/GetThemeFilename
DynamicLoader: uxtheme.dll/GetThemeSysColor
DynamicLoader: uxtheme.dll/GetThemeSysColorBrush
DynamicLoader: uxtheme.dll/GetThemeSysBool
DynamicLoader: uxtheme.dll/GetThemeSysSize
DynamicLoader: uxtheme.dll/GetThemeSysFont
DynamicLoader: uxtheme.dll/GetThemeSysString
DynamicLoader: uxtheme.dll/GetThemeSysInt
DynamicLoader: uxtheme.dll/IsThemeActive
DynamicLoader: uxtheme.dll/IsAppThemed
DynamicLoader: uxtheme.dll/GetWindowTheme
DynamicLoader: uxtheme.dll/EnableThemeDialogTexture
DynamicLoader: uxtheme.dll/IsThemeDialogTextureEnabled
DynamicLoader: uxtheme.dll/GetThemeAppProperties
DynamicLoader: uxtheme.dll/SetThemeAppProperties
DynamicLoader: uxtheme.dll/GetCurrentThemeName
DynamicLoader: uxtheme.dll/GetThemeDocumentationProperty
DynamicLoader: uxtheme.dll/DrawThemeParentBackground
DynamicLoader: uxtheme.dll/EnableTheming
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: GDI32.dll/GetLayout
DynamicLoader: GDI32.dll/GdiRealizationInfo
DynamicLoader: GDI32.dll/FontIsLinked
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: GDI32.dll/GetFontAssocStatus
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: GDI32.dll/GetTextFaceAliasW
DynamicLoader: GDI32.dll/GetTextExtentExPointWPri
DynamicLoader: kernel32.dll/DeleteCriticalSection
DynamicLoader: kernel32.dll/LeaveCriticalSection
DynamicLoader: kernel32.dll/EnterCriticalSection
DynamicLoader: kernel32.dll/InitializeCriticalSection
DynamicLoader: kernel32.dll/VirtualFree
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: kernel32.dll/GetVersion
DynamicLoader: kernel32.dll/GetCurrentThreadId
DynamicLoader: kernel32.dll/InterlockedDecrement
DynamicLoader: kernel32.dll/InterlockedIncrement
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: kernel32.dll/WideCharToMultiByte
DynamicLoader: kernel32.dll/MultiByteToWideChar
DynamicLoader: kernel32.dll/lstrlenA
DynamicLoader: kernel32.dll/lstrcpynA
DynamicLoader: kernel32.dll/LoadLibraryExA
DynamicLoader: kernel32.dll/GetThreadLocale
DynamicLoader: kernel32.dll/GetStartupInfoA
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/GetModuleFileNameA
DynamicLoader: kernel32.dll/GetLocaleInfoA
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/GetCommandLineA
DynamicLoader: kernel32.dll/FreeLibrary
DynamicLoader: kernel32.dll/FindFirstFileA
DynamicLoader: kernel32.dll/FindClose
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/UnhandledExceptionFilter
DynamicLoader: kernel32.dll/SetFilePointer
DynamicLoader: kernel32.dll/SetEndOfFile
DynamicLoader: kernel32.dll/RtlUnwind
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/RaiseException
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/GetFileSize
DynamicLoader: kernel32.dll/GetFileType
DynamicLoader: kernel32.dll/CreateFileA
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: USER32.dll/GetKeyboardType
DynamicLoader: USER32.dll/LoadStringA
DynamicLoader: USER32.dll/MessageBoxA
DynamicLoader: USER32.dll/CharNextA
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: oleaut32.dll/SysFreeString
DynamicLoader: oleaut32.dll/SysReAllocStringLen
DynamicLoader: oleaut32.dll/SysAllocStringLen
DynamicLoader: kernel32.dll/TlsSetValue
DynamicLoader: kernel32.dll/TlsGetValue
DynamicLoader: kernel32.dll/TlsFree
DynamicLoader: kernel32.dll/TlsAlloc
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: ADVAPI32.dll/RegSetValueExA
DynamicLoader: ADVAPI32.dll/RegOpenKeyA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: kernel32.dll/SizeofResource
DynamicLoader: kernel32.dll/SetFilePointer
DynamicLoader: kernel32.dll/SetEvent
DynamicLoader: kernel32.dll/SetEndOfFile
DynamicLoader: kernel32.dll/ResetEvent
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/LockResource
DynamicLoader: kernel32.dll/LoadResource
DynamicLoader: kernel32.dll/LeaveCriticalSection
DynamicLoader: kernel32.dll/InitializeCriticalSection
DynamicLoader: kernel32.dll/GetVersionExA
DynamicLoader: kernel32.dll/GetThreadLocale
DynamicLoader: kernel32.dll/GetStringTypeExA
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/GetModuleFileNameW
DynamicLoader: kernel32.dll/GetModuleFileNameA
DynamicLoader: kernel32.dll/GetLocaleInfoA
DynamicLoader: kernel32.dll/GetLocalTime
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/GetFullPathNameA
DynamicLoader: kernel32.dll/GetDiskFreeSpaceA
DynamicLoader: kernel32.dll/GetDateFormatA
DynamicLoader: kernel32.dll/GetCurrentThreadId
DynamicLoader: kernel32.dll/GetCPInfo
DynamicLoader: kernel32.dll/GetACP
DynamicLoader: kernel32.dll/FormatMessageA
DynamicLoader: kernel32.dll/FindResourceA
DynamicLoader: kernel32.dll/FindFirstFileA
DynamicLoader: kernel32.dll/FindClose
DynamicLoader: kernel32.dll/FileTimeToLocalFileTime
DynamicLoader: kernel32.dll/FileTimeToDosDateTime
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/EnumCalendarInfoA
DynamicLoader: kernel32.dll/EnterCriticalSection
DynamicLoader: kernel32.dll/DeleteCriticalSection
DynamicLoader: kernel32.dll/CreateFileA
DynamicLoader: kernel32.dll/CreateEventA
DynamicLoader: kernel32.dll/CreateDirectoryA
DynamicLoader: kernel32.dll/CompareStringA
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: USER32.dll/MessageBoxA
DynamicLoader: USER32.dll/LoadStringA
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: USER32.dll/CallWindowProcW
DynamicLoader: USER32.dll/CharNextA
DynamicLoader: USER32.dll/CharToOemA
DynamicLoader: kernel32.dll/Sleep
DynamicLoader: oleaut32.dll/SafeArrayPtrOfIndex
DynamicLoader: oleaut32.dll/SafeArrayGetUBound
DynamicLoader: oleaut32.dll/SafeArrayGetLBound
DynamicLoader: oleaut32.dll/SafeArrayCreate
DynamicLoader: oleaut32.dll/VariantChangeType
DynamicLoader: oleaut32.dll/VariantCopy
DynamicLoader: oleaut32.dll/VariantClear
DynamicLoader: oleaut32.dll/VariantInit
DynamicLoader: shfolder.dll/SHGetFolderPathA
DynamicLoader: USER32.dll/MonitorFromWindow
DynamicLoader: GDI32.dll/GetTextFaceAliasW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: GDI32.dll/GdiIsMetaPrintDC
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: kernel32.dll/DeleteCriticalSection
DynamicLoader: kernel32.dll/LeaveCriticalSection
DynamicLoader: kernel32.dll/EnterCriticalSection
DynamicLoader: kernel32.dll/InitializeCriticalSection
DynamicLoader: kernel32.dll/VirtualFree
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: kernel32.dll/GetVersion
DynamicLoader: kernel32.dll/GetCurrentThreadId
DynamicLoader: kernel32.dll/InterlockedDecrement
DynamicLoader: kernel32.dll/InterlockedIncrement
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: kernel32.dll/WideCharToMultiByte
DynamicLoader: kernel32.dll/MultiByteToWideChar
DynamicLoader: kernel32.dll/lstrlenA
DynamicLoader: kernel32.dll/lstrcpynA
DynamicLoader: kernel32.dll/LoadLibraryExA
DynamicLoader: kernel32.dll/GetThreadLocale
DynamicLoader: kernel32.dll/GetStartupInfoA
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/GetModuleFileNameA
DynamicLoader: kernel32.dll/GetLocaleInfoA
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/GetCommandLineA
DynamicLoader: kernel32.dll/FreeLibrary
DynamicLoader: kernel32.dll/FindFirstFileA
DynamicLoader: kernel32.dll/FindClose
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/UnhandledExceptionFilter
DynamicLoader: kernel32.dll/SetFilePointer
DynamicLoader: kernel32.dll/SetEndOfFile
DynamicLoader: kernel32.dll/RtlUnwind
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/RaiseException
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/GetFileSize
DynamicLoader: kernel32.dll/GetFileType
DynamicLoader: kernel32.dll/CreateFileA
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: USER32.dll/GetKeyboardType
DynamicLoader: USER32.dll/LoadStringA
DynamicLoader: USER32.dll/MessageBoxA
DynamicLoader: USER32.dll/CharNextA
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: oleaut32.dll/SysFreeString
DynamicLoader: oleaut32.dll/SysReAllocStringLen
DynamicLoader: oleaut32.dll/SysAllocStringLen
DynamicLoader: kernel32.dll/TlsSetValue
DynamicLoader: kernel32.dll/TlsGetValue
DynamicLoader: kernel32.dll/TlsFree
DynamicLoader: kernel32.dll/TlsAlloc
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: ADVAPI32.dll/RegSetValueExA
DynamicLoader: ADVAPI32.dll/RegOpenKeyA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: kernel32.dll/SizeofResource
DynamicLoader: kernel32.dll/SetFilePointer
DynamicLoader: kernel32.dll/SetEvent
DynamicLoader: kernel32.dll/SetEndOfFile
DynamicLoader: kernel32.dll/ResetEvent
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/LockResource
DynamicLoader: kernel32.dll/LoadResource
DynamicLoader: kernel32.dll/LeaveCriticalSection
DynamicLoader: kernel32.dll/InitializeCriticalSection
DynamicLoader: kernel32.dll/GetVersionExA
DynamicLoader: kernel32.dll/GetThreadLocale
DynamicLoader: kernel32.dll/GetStringTypeExA
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/GetModuleFileNameW
DynamicLoader: kernel32.dll/GetModuleFileNameA
DynamicLoader: kernel32.dll/GetLocaleInfoA
DynamicLoader: kernel32.dll/GetLocalTime
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/GetFullPathNameA
DynamicLoader: kernel32.dll/GetDiskFreeSpaceA
DynamicLoader: kernel32.dll/GetDateFormatA
DynamicLoader: kernel32.dll/GetCurrentThreadId
DynamicLoader: kernel32.dll/GetCPInfo
DynamicLoader: kernel32.dll/GetACP
DynamicLoader: kernel32.dll/FormatMessageA
DynamicLoader: kernel32.dll/FindResourceA
DynamicLoader: kernel32.dll/FindFirstFileA
DynamicLoader: kernel32.dll/FindClose
DynamicLoader: kernel32.dll/FileTimeToLocalFileTime
DynamicLoader: kernel32.dll/FileTimeToDosDateTime
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/EnumCalendarInfoA
DynamicLoader: kernel32.dll/EnterCriticalSection
DynamicLoader: kernel32.dll/DeleteCriticalSection
DynamicLoader: kernel32.dll/CreateFileA
DynamicLoader: kernel32.dll/CreateEventA
DynamicLoader: kernel32.dll/CreateDirectoryA
DynamicLoader: kernel32.dll/CompareStringA
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: USER32.dll/MessageBoxA
DynamicLoader: USER32.dll/LoadStringA
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: USER32.dll/CallWindowProcW
DynamicLoader: USER32.dll/CharNextA
DynamicLoader: USER32.dll/CharToOemA
DynamicLoader: kernel32.dll/Sleep
DynamicLoader: oleaut32.dll/SafeArrayPtrOfIndex
DynamicLoader: oleaut32.dll/SafeArrayGetUBound
DynamicLoader: oleaut32.dll/SafeArrayGetLBound
DynamicLoader: oleaut32.dll/SafeArrayCreate
DynamicLoader: oleaut32.dll/VariantChangeType
DynamicLoader: oleaut32.dll/VariantCopy
DynamicLoader: oleaut32.dll/VariantClear
DynamicLoader: oleaut32.dll/VariantInit
DynamicLoader: shfolder.dll/SHGetFolderPathA
DynamicLoader: kernel32.dll/DeleteCriticalSection
DynamicLoader: kernel32.dll/LeaveCriticalSection
DynamicLoader: kernel32.dll/EnterCriticalSection
DynamicLoader: kernel32.dll/InitializeCriticalSection
DynamicLoader: kernel32.dll/VirtualFree
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: kernel32.dll/GetVersion
DynamicLoader: kernel32.dll/GetCurrentThreadId
DynamicLoader: kernel32.dll/InterlockedDecrement
DynamicLoader: kernel32.dll/InterlockedIncrement
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: kernel32.dll/WideCharToMultiByte
DynamicLoader: kernel32.dll/MultiByteToWideChar
DynamicLoader: kernel32.dll/lstrlenA
DynamicLoader: kernel32.dll/lstrcpynA
DynamicLoader: kernel32.dll/LoadLibraryExA
DynamicLoader: kernel32.dll/GetThreadLocale
DynamicLoader: kernel32.dll/GetStartupInfoA
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/GetModuleFileNameA
DynamicLoader: kernel32.dll/GetLocaleInfoA
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/GetCommandLineA
DynamicLoader: kernel32.dll/FreeLibrary
DynamicLoader: kernel32.dll/FindFirstFileA
DynamicLoader: kernel32.dll/FindClose
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/UnhandledExceptionFilter
DynamicLoader: kernel32.dll/SetFilePointer
DynamicLoader: kernel32.dll/SetEndOfFile
DynamicLoader: kernel32.dll/RtlUnwind
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/RaiseException
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/GetFileSize
DynamicLoader: kernel32.dll/GetFileType
DynamicLoader: kernel32.dll/CreateFileA
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: USER32.dll/GetKeyboardType
DynamicLoader: USER32.dll/LoadStringA
DynamicLoader: USER32.dll/MessageBoxA
DynamicLoader: USER32.dll/CharNextA
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: oleaut32.dll/SysFreeString
DynamicLoader: oleaut32.dll/SysReAllocStringLen
DynamicLoader: oleaut32.dll/SysAllocStringLen
DynamicLoader: kernel32.dll/TlsSetValue
DynamicLoader: kernel32.dll/TlsGetValue
DynamicLoader: kernel32.dll/TlsFree
DynamicLoader: kernel32.dll/TlsAlloc
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: ADVAPI32.dll/RegSetValueExA
DynamicLoader: ADVAPI32.dll/RegOpenKeyA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: kernel32.dll/SizeofResource
DynamicLoader: kernel32.dll/SetFilePointer
DynamicLoader: kernel32.dll/SetEvent
DynamicLoader: kernel32.dll/SetEndOfFile
DynamicLoader: kernel32.dll/ResetEvent
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/LockResource
DynamicLoader: kernel32.dll/LoadResource
DynamicLoader: kernel32.dll/LeaveCriticalSection
DynamicLoader: kernel32.dll/InitializeCriticalSection
DynamicLoader: kernel32.dll/GetVersionExA
DynamicLoader: kernel32.dll/GetThreadLocale
DynamicLoader: kernel32.dll/GetStringTypeExA
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/GetModuleFileNameW
DynamicLoader: kernel32.dll/GetModuleFileNameA
DynamicLoader: kernel32.dll/GetLocaleInfoA
DynamicLoader: kernel32.dll/GetLocalTime
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/GetFullPathNameA
DynamicLoader: kernel32.dll/GetDiskFreeSpaceA
DynamicLoader: kernel32.dll/GetDateFormatA
DynamicLoader: kernel32.dll/GetCurrentThreadId
DynamicLoader: kernel32.dll/GetCPInfo
DynamicLoader: kernel32.dll/GetACP
DynamicLoader: kernel32.dll/FormatMessageA
DynamicLoader: kernel32.dll/FindResourceA
DynamicLoader: kernel32.dll/FindFirstFileA
DynamicLoader: kernel32.dll/FindClose
DynamicLoader: kernel32.dll/FileTimeToLocalFileTime
DynamicLoader: kernel32.dll/FileTimeToDosDateTime
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/EnumCalendarInfoA
DynamicLoader: kernel32.dll/EnterCriticalSection
DynamicLoader: kernel32.dll/DeleteCriticalSection
DynamicLoader: kernel32.dll/CreateFileA
DynamicLoader: kernel32.dll/CreateEventA
DynamicLoader: kernel32.dll/CreateDirectoryA
DynamicLoader: kernel32.dll/CompareStringA
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: USER32.dll/MessageBoxA
DynamicLoader: USER32.dll/LoadStringA
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: USER32.dll/CallWindowProcW
DynamicLoader: USER32.dll/CharNextA
DynamicLoader: USER32.dll/CharToOemA
DynamicLoader: kernel32.dll/Sleep
DynamicLoader: oleaut32.dll/SafeArrayPtrOfIndex
DynamicLoader: oleaut32.dll/SafeArrayGetUBound
DynamicLoader: oleaut32.dll/SafeArrayGetLBound
DynamicLoader: oleaut32.dll/SafeArrayCreate
DynamicLoader: oleaut32.dll/VariantChangeType
DynamicLoader: oleaut32.dll/VariantCopy
DynamicLoader: oleaut32.dll/VariantClear
DynamicLoader: oleaut32.dll/VariantInit
DynamicLoader: shfolder.dll/SHGetFolderPathA
DynamicLoader: kernel32.dll/DeleteCriticalSection
DynamicLoader: kernel32.dll/LeaveCriticalSection
DynamicLoader: kernel32.dll/EnterCriticalSection
DynamicLoader: kernel32.dll/InitializeCriticalSection
DynamicLoader: kernel32.dll/VirtualFree
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: kernel32.dll/GetVersion
DynamicLoader: kernel32.dll/GetCurrentThreadId
DynamicLoader: kernel32.dll/InterlockedDecrement
DynamicLoader: kernel32.dll/InterlockedIncrement
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: kernel32.dll/WideCharToMultiByte
DynamicLoader: kernel32.dll/MultiByteToWideChar
DynamicLoader: kernel32.dll/lstrlenA
DynamicLoader: kernel32.dll/lstrcpynA
DynamicLoader: kernel32.dll/LoadLibraryExA
DynamicLoader: kernel32.dll/GetThreadLocale
DynamicLoader: kernel32.dll/GetStartupInfoA
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/GetModuleFileNameA
DynamicLoader: kernel32.dll/GetLocaleInfoA
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/GetCommandLineA
DynamicLoader: kernel32.dll/FreeLibrary
DynamicLoader: kernel32.dll/FindFirstFileA
DynamicLoader: kernel32.dll/FindClose
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/UnhandledExceptionFilter
DynamicLoader: kernel32.dll/SetFilePointer
DynamicLoader: kernel32.dll/SetEndOfFile
DynamicLoader: kernel32.dll/RtlUnwind
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/RaiseException
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/GetFileSize
DynamicLoader: kernel32.dll/GetFileType
DynamicLoader: kernel32.dll/CreateFileA
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: USER32.dll/GetKeyboardType
DynamicLoader: USER32.dll/LoadStringA
DynamicLoader: USER32.dll/MessageBoxA
DynamicLoader: USER32.dll/CharNextA
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: oleaut32.dll/SysFreeString
DynamicLoader: oleaut32.dll/SysReAllocStringLen
DynamicLoader: oleaut32.dll/SysAllocStringLen
DynamicLoader: kernel32.dll/TlsSetValue
DynamicLoader: kernel32.dll/TlsGetValue
DynamicLoader: kernel32.dll/TlsFree
DynamicLoader: kernel32.dll/TlsAlloc
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: ADVAPI32.dll/RegSetValueExA
DynamicLoader: ADVAPI32.dll/RegOpenKeyA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: kernel32.dll/SizeofResource
DynamicLoader: kernel32.dll/SetFilePointer
DynamicLoader: kernel32.dll/SetEvent
DynamicLoader: kernel32.dll/SetEndOfFile
DynamicLoader: kernel32.dll/ResetEvent
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/LockResource
DynamicLoader: kernel32.dll/LoadResource
DynamicLoader: kernel32.dll/LeaveCriticalSection
DynamicLoader: kernel32.dll/InitializeCriticalSection
DynamicLoader: kernel32.dll/GetVersionExA
DynamicLoader: kernel32.dll/GetThreadLocale
DynamicLoader: kernel32.dll/GetStringTypeExA
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/GetModuleFileNameW
DynamicLoader: kernel32.dll/GetModuleFileNameA
DynamicLoader: kernel32.dll/GetLocaleInfoA
DynamicLoader: kernel32.dll/GetLocalTime
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/GetFullPathNameA
DynamicLoader: kernel32.dll/GetDiskFreeSpaceA
DynamicLoader: kernel32.dll/GetDateFormatA
DynamicLoader: kernel32.dll/GetCurrentThreadId
DynamicLoader: kernel32.dll/GetCPInfo
DynamicLoader: kernel32.dll/GetACP
DynamicLoader: kernel32.dll/FormatMessageA
DynamicLoader: kernel32.dll/FindResourceA
DynamicLoader: kernel32.dll/FindFirstFileA
DynamicLoader: kernel32.dll/FindClose
DynamicLoader: kernel32.dll/FileTimeToLocalFileTime
DynamicLoader: kernel32.dll/FileTimeToDosDateTime
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/EnumCalendarInfoA
DynamicLoader: kernel32.dll/EnterCriticalSection
DynamicLoader: kernel32.dll/DeleteCriticalSection
DynamicLoader: kernel32.dll/CreateFileA
DynamicLoader: kernel32.dll/CreateEventA
DynamicLoader: kernel32.dll/CreateDirectoryA
DynamicLoader: kernel32.dll/CompareStringA
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: USER32.dll/MessageBoxA
DynamicLoader: USER32.dll/LoadStringA
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: USER32.dll/CallWindowProcW
DynamicLoader: USER32.dll/CharNextA
DynamicLoader: USER32.dll/CharToOemA
DynamicLoader: kernel32.dll/Sleep
DynamicLoader: oleaut32.dll/SafeArrayPtrOfIndex
DynamicLoader: oleaut32.dll/SafeArrayGetUBound
DynamicLoader: oleaut32.dll/SafeArrayGetLBound
DynamicLoader: oleaut32.dll/SafeArrayCreate
DynamicLoader: oleaut32.dll/VariantChangeType
DynamicLoader: oleaut32.dll/VariantCopy
DynamicLoader: oleaut32.dll/VariantClear
DynamicLoader: oleaut32.dll/VariantInit
DynamicLoader: shfolder.dll/SHGetFolderPathA
DynamicLoader: kernel32.dll/DeleteCriticalSection
DynamicLoader: kernel32.dll/LeaveCriticalSection
DynamicLoader: kernel32.dll/EnterCriticalSection
DynamicLoader: kernel32.dll/InitializeCriticalSection
DynamicLoader: kernel32.dll/VirtualFree
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: kernel32.dll/GetVersion
DynamicLoader: kernel32.dll/GetCurrentThreadId
DynamicLoader: kernel32.dll/InterlockedDecrement
DynamicLoader: kernel32.dll/InterlockedIncrement
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: kernel32.dll/WideCharToMultiByte
DynamicLoader: kernel32.dll/MultiByteToWideChar
DynamicLoader: kernel32.dll/lstrlenA
DynamicLoader: kernel32.dll/lstrcpynA
DynamicLoader: kernel32.dll/LoadLibraryExA
DynamicLoader: kernel32.dll/GetThreadLocale
DynamicLoader: kernel32.dll/GetStartupInfoA
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/GetModuleFileNameA
DynamicLoader: kernel32.dll/GetLocaleInfoA
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/GetCommandLineA
DynamicLoader: kernel32.dll/FreeLibrary
DynamicLoader: kernel32.dll/FindFirstFileA
DynamicLoader: kernel32.dll/FindClose
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/UnhandledExceptionFilter
DynamicLoader: kernel32.dll/SetFilePointer
DynamicLoader: kernel32.dll/SetEndOfFile
DynamicLoader: kernel32.dll/RtlUnwind
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/RaiseException
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/GetFileSize
DynamicLoader: kernel32.dll/GetFileType
DynamicLoader: kernel32.dll/CreateFileA
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: USER32.dll/GetKeyboardType
DynamicLoader: USER32.dll/LoadStringA
DynamicLoader: USER32.dll/MessageBoxA
DynamicLoader: USER32.dll/CharNextA
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: oleaut32.dll/SysFreeString
DynamicLoader: oleaut32.dll/SysReAllocStringLen
DynamicLoader: oleaut32.dll/SysAllocStringLen
DynamicLoader: kernel32.dll/TlsSetValue
DynamicLoader: kernel32.dll/TlsGetValue
DynamicLoader: kernel32.dll/TlsFree
DynamicLoader: kernel32.dll/TlsAlloc
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: ADVAPI32.dll/RegSetValueExA
DynamicLoader: ADVAPI32.dll/RegOpenKeyA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: kernel32.dll/SizeofResource
DynamicLoader: kernel32.dll/SetFilePointer
DynamicLoader: kernel32.dll/SetEvent
DynamicLoader: kernel32.dll/SetEndOfFile
DynamicLoader: kernel32.dll/ResetEvent
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/LockResource
DynamicLoader: kernel32.dll/LoadResource
DynamicLoader: kernel32.dll/LeaveCriticalSection
DynamicLoader: kernel32.dll/InitializeCriticalSection
DynamicLoader: kernel32.dll/GetVersionExA
DynamicLoader: kernel32.dll/GetThreadLocale
DynamicLoader: kernel32.dll/GetStringTypeExA
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/GetModuleFileNameW
DynamicLoader: kernel32.dll/GetModuleFileNameA
DynamicLoader: kernel32.dll/GetLocaleInfoA
DynamicLoader: kernel32.dll/GetLocalTime
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/GetFullPathNameA
DynamicLoader: kernel32.dll/GetDiskFreeSpaceA
DynamicLoader: kernel32.dll/GetDateFormatA
DynamicLoader: kernel32.dll/GetCurrentThreadId
DynamicLoader: kernel32.dll/GetCPInfo
DynamicLoader: kernel32.dll/GetACP
DynamicLoader: kernel32.dll/FormatMessageA
DynamicLoader: kernel32.dll/FindResourceA
DynamicLoader: kernel32.dll/FindFirstFileA
DynamicLoader: kernel32.dll/FindClose
DynamicLoader: kernel32.dll/FileTimeToLocalFileTime
DynamicLoader: kernel32.dll/FileTimeToDosDateTime
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/EnumCalendarInfoA
DynamicLoader: kernel32.dll/EnterCriticalSection
DynamicLoader: kernel32.dll/DeleteCriticalSection
DynamicLoader: kernel32.dll/CreateFileA
DynamicLoader: kernel32.dll/CreateEventA
DynamicLoader: kernel32.dll/CreateDirectoryA
DynamicLoader: kernel32.dll/CompareStringA
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: USER32.dll/MessageBoxA
DynamicLoader: USER32.dll/LoadStringA
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: USER32.dll/CallWindowProcW
DynamicLoader: USER32.dll/CharNextA
DynamicLoader: USER32.dll/CharToOemA
DynamicLoader: kernel32.dll/Sleep
DynamicLoader: oleaut32.dll/SafeArrayPtrOfIndex
DynamicLoader: oleaut32.dll/SafeArrayGetUBound
DynamicLoader: oleaut32.dll/SafeArrayGetLBound
DynamicLoader: oleaut32.dll/SafeArrayCreate
DynamicLoader: oleaut32.dll/VariantChangeType
DynamicLoader: oleaut32.dll/VariantCopy
DynamicLoader: oleaut32.dll/VariantClear
DynamicLoader: oleaut32.dll/VariantInit
DynamicLoader: shfolder.dll/SHGetFolderPathA
DynamicLoader: kernel32.dll/DeleteCriticalSection
DynamicLoader: kernel32.dll/LeaveCriticalSection
DynamicLoader: kernel32.dll/EnterCriticalSection
DynamicLoader: kernel32.dll/InitializeCriticalSection
DynamicLoader: kernel32.dll/VirtualFree
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: kernel32.dll/GetVersion
DynamicLoader: kernel32.dll/GetCurrentThreadId
DynamicLoader: kernel32.dll/InterlockedDecrement
DynamicLoader: kernel32.dll/InterlockedIncrement
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: kernel32.dll/WideCharToMultiByte
DynamicLoader: kernel32.dll/MultiByteToWideChar
DynamicLoader: kernel32.dll/lstrlenA
DynamicLoader: kernel32.dll/lstrcpynA
DynamicLoader: kernel32.dll/LoadLibraryExA
DynamicLoader: kernel32.dll/GetThreadLocale
DynamicLoader: kernel32.dll/GetStartupInfoA
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/GetModuleFileNameA
DynamicLoader: kernel32.dll/GetLocaleInfoA
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/GetCommandLineA
DynamicLoader: kernel32.dll/FreeLibrary
DynamicLoader: kernel32.dll/FindFirstFileA
DynamicLoader: kernel32.dll/FindClose
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/UnhandledExceptionFilter
DynamicLoader: kernel32.dll/SetFilePointer
DynamicLoader: kernel32.dll/SetEndOfFile
DynamicLoader: kernel32.dll/RtlUnwind
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/RaiseException
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/GetFileSize
DynamicLoader: kernel32.dll/GetFileType
DynamicLoader: kernel32.dll/CreateFileA
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: USER32.dll/GetKeyboardType
DynamicLoader: USER32.dll/LoadStringA
DynamicLoader: USER32.dll/MessageBoxA
DynamicLoader: USER32.dll/CharNextA
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: oleaut32.dll/SysFreeString
DynamicLoader: oleaut32.dll/SysReAllocStringLen
DynamicLoader: oleaut32.dll/SysAllocStringLen
DynamicLoader: kernel32.dll/TlsSetValue
DynamicLoader: kernel32.dll/TlsGetValue
DynamicLoader: kernel32.dll/TlsFree
DynamicLoader: kernel32.dll/TlsAlloc
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: ADVAPI32.dll/RegSetValueExA
DynamicLoader: ADVAPI32.dll/RegOpenKeyA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: kernel32.dll/SizeofResource
DynamicLoader: kernel32.dll/SetFilePointer
DynamicLoader: kernel32.dll/SetEvent
DynamicLoader: kernel32.dll/SetEndOfFile
DynamicLoader: kernel32.dll/ResetEvent
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/LockResource
DynamicLoader: kernel32.dll/LoadResource
DynamicLoader: kernel32.dll/LeaveCriticalSection
DynamicLoader: kernel32.dll/InitializeCriticalSection
DynamicLoader: kernel32.dll/GetVersionExA
DynamicLoader: kernel32.dll/GetThreadLocale
DynamicLoader: kernel32.dll/GetStringTypeExA
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/GetModuleFileNameW
DynamicLoader: kernel32.dll/GetModuleFileNameA
DynamicLoader: kernel32.dll/GetLocaleInfoA
DynamicLoader: kernel32.dll/GetLocalTime
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/GetFullPathNameA
DynamicLoader: kernel32.dll/GetDiskFreeSpaceA
DynamicLoader: kernel32.dll/GetDateFormatA
DynamicLoader: kernel32.dll/GetCurrentThreadId
DynamicLoader: kernel32.dll/GetCPInfo
DynamicLoader: kernel32.dll/GetACP
DynamicLoader: kernel32.dll/FormatMessageA
DynamicLoader: kernel32.dll/FindResourceA
DynamicLoader: kernel32.dll/FindFirstFileA
DynamicLoader: kernel32.dll/FindClose
DynamicLoader: kernel32.dll/FileTimeToLocalFileTime
DynamicLoader: kernel32.dll/FileTimeToDosDateTime
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/EnumCalendarInfoA
DynamicLoader: kernel32.dll/EnterCriticalSection
DynamicLoader: kernel32.dll/DeleteCriticalSection
DynamicLoader: kernel32.dll/CreateFileA
DynamicLoader: kernel32.dll/CreateEventA
DynamicLoader: kernel32.dll/CreateDirectoryA
DynamicLoader: kernel32.dll/CompareStringA
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: USER32.dll/MessageBoxA
DynamicLoader: USER32.dll/LoadStringA
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: USER32.dll/CallWindowProcW
DynamicLoader: USER32.dll/CharNextA
DynamicLoader: USER32.dll/CharToOemA
DynamicLoader: kernel32.dll/Sleep
DynamicLoader: oleaut32.dll/SafeArrayPtrOfIndex
DynamicLoader: oleaut32.dll/SafeArrayGetUBound
DynamicLoader: oleaut32.dll/SafeArrayGetLBound
DynamicLoader: oleaut32.dll/SafeArrayCreate
DynamicLoader: oleaut32.dll/VariantChangeType
DynamicLoader: oleaut32.dll/VariantCopy
DynamicLoader: oleaut32.dll/VariantClear
DynamicLoader: oleaut32.dll/VariantInit
DynamicLoader: shfolder.dll/SHGetFolderPathA
DynamicLoader: kernel32.dll/DeleteCriticalSection
DynamicLoader: kernel32.dll/LeaveCriticalSection
DynamicLoader: kernel32.dll/EnterCriticalSection
DynamicLoader: kernel32.dll/InitializeCriticalSection
DynamicLoader: kernel32.dll/VirtualFree
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: kernel32.dll/GetVersion
DynamicLoader: kernel32.dll/GetCurrentThreadId
DynamicLoader: kernel32.dll/InterlockedDecrement
DynamicLoader: kernel32.dll/InterlockedIncrement
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: kernel32.dll/WideCharToMultiByte
DynamicLoader: kernel32.dll/MultiByteToWideChar
DynamicLoader: kernel32.dll/lstrlenA
DynamicLoader: kernel32.dll/lstrcpynA
DynamicLoader: kernel32.dll/LoadLibraryExA
DynamicLoader: kernel32.dll/GetThreadLocale
DynamicLoader: kernel32.dll/GetStartupInfoA
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/GetModuleFileNameA
DynamicLoader: kernel32.dll/GetLocaleInfoA
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/GetCommandLineA
DynamicLoader: kernel32.dll/FreeLibrary
DynamicLoader: kernel32.dll/FindFirstFileA
DynamicLoader: kernel32.dll/FindClose
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/UnhandledExceptionFilter
DynamicLoader: kernel32.dll/SetFilePointer
DynamicLoader: kernel32.dll/SetEndOfFile
DynamicLoader: kernel32.dll/RtlUnwind
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/RaiseException
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/GetFileSize
DynamicLoader: kernel32.dll/GetFileType
DynamicLoader: kernel32.dll/CreateFileA
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: USER32.dll/GetKeyboardType
DynamicLoader: USER32.dll/LoadStringA
DynamicLoader: USER32.dll/MessageBoxA
DynamicLoader: USER32.dll/CharNextA
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: oleaut32.dll/SysFreeString
DynamicLoader: oleaut32.dll/SysReAllocStringLen
DynamicLoader: oleaut32.dll/SysAllocStringLen
DynamicLoader: kernel32.dll/TlsSetValue
DynamicLoader: kernel32.dll/TlsGetValue
DynamicLoader: kernel32.dll/TlsFree
DynamicLoader: kernel32.dll/TlsAlloc
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: ADVAPI32.dll/RegSetValueExA
DynamicLoader: ADVAPI32.dll/RegOpenKeyA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: kernel32.dll/SizeofResource
DynamicLoader: kernel32.dll/SetFilePointer
DynamicLoader: kernel32.dll/SetEvent
DynamicLoader: kernel32.dll/SetEndOfFile
DynamicLoader: kernel32.dll/ResetEvent
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/LockResource
DynamicLoader: kernel32.dll/LoadResource
DynamicLoader: kernel32.dll/LeaveCriticalSection
DynamicLoader: kernel32.dll/InitializeCriticalSection
DynamicLoader: kernel32.dll/GetVersionExA
DynamicLoader: kernel32.dll/GetThreadLocale
DynamicLoader: kernel32.dll/GetStringTypeExA
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/GetModuleFileNameW
DynamicLoader: kernel32.dll/GetModuleFileNameA
DynamicLoader: kernel32.dll/GetLocaleInfoA
DynamicLoader: kernel32.dll/GetLocalTime
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/GetFullPathNameA
DynamicLoader: kernel32.dll/GetDiskFreeSpaceA
DynamicLoader: kernel32.dll/GetDateFormatA
DynamicLoader: kernel32.dll/GetCurrentThreadId
DynamicLoader: kernel32.dll/GetCPInfo
DynamicLoader: kernel32.dll/GetACP
DynamicLoader: kernel32.dll/FormatMessageA
DynamicLoader: kernel32.dll/FindResourceA
DynamicLoader: kernel32.dll/FindFirstFileA
DynamicLoader: kernel32.dll/FindClose
DynamicLoader: kernel32.dll/FileTimeToLocalFileTime
DynamicLoader: kernel32.dll/FileTimeToDosDateTime
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/EnumCalendarInfoA
DynamicLoader: kernel32.dll/EnterCriticalSection
DynamicLoader: kernel32.dll/DeleteCriticalSection
DynamicLoader: kernel32.dll/CreateFileA
DynamicLoader: kernel32.dll/CreateEventA
DynamicLoader: kernel32.dll/CreateDirectoryA
DynamicLoader: kernel32.dll/CompareStringA
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: USER32.dll/MessageBoxA
DynamicLoader: USER32.dll/LoadStringA
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: USER32.dll/CallWindowProcW
DynamicLoader: USER32.dll/CharNextA
DynamicLoader: USER32.dll/CharToOemA
DynamicLoader: kernel32.dll/Sleep
DynamicLoader: oleaut32.dll/SafeArrayPtrOfIndex
DynamicLoader: oleaut32.dll/SafeArrayGetUBound
DynamicLoader: oleaut32.dll/SafeArrayGetLBound
DynamicLoader: oleaut32.dll/SafeArrayCreate
DynamicLoader: oleaut32.dll/VariantChangeType
DynamicLoader: oleaut32.dll/VariantCopy
DynamicLoader: oleaut32.dll/VariantClear
DynamicLoader: oleaut32.dll/VariantInit
DynamicLoader: shfolder.dll/SHGetFolderPathA
CAPE extracted potentially suspicious content
temp.exe: Extracted PE Image
ironman.exe: Extracted Shellcode
Performs some HTTP requests
url: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
url: http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D
url: http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D
The binary likely contains encrypted or compressed data.
section: name: .rsrc, entropy: 7.99, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x00116c00, virtual_size: 0x00116a90
Installs itself for autorun at Windows startup
key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0
data: rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\"
Network activity detected but not expressed in API logs
Drops a binary and executes it
binary: C:\Users\user\AppData\Local\Temp\IXP000.TMP\temp.exe
binary: C:\Users\user\AppData\Local\Temp\IXP000.TMP\ironman.exe
Anomalous binary characteristics
anomaly: Actual checksum does not match that reported in PE header

Screenshots


Hosts

Direct IP Country Name
N 88.221.134.178 [VT] Europe
Y 8.8.8.8 [VT] United States
N 72.247.177.161 [VT] Netherlands
N 23.51.123.27 [VT] Netherlands

DNS

Name Response Post-Analysis Lookup
www.download.windowsupdate.com [VT] CNAME 2-01-3cf7-0009.cdx.cedexis.net [VT]
A 72.247.177.161 [VT]
CNAME download.windowsupdate.com.edgesuite.net [VT]
A 72.247.177.169 [VT]
CNAME a767.dspw65.akamai.net [VT]
ocsp.thawte.com [VT] CNAME ocsp-ds.ws.symantec.com.edgekey.net [VT]
CNAME e8218.dscb1.akamaiedge.net [VT]
A 23.51.123.27 [VT]
th.symcd.com [VT]
crl.microsoft.com [VT] A 88.221.134.240 [VT]
A 88.221.134.178 [VT]
CNAME crl.www.ms.akadns.net [VT]
CNAME a1363.dscg.akamai.net [VT]

Summary

C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\user\AppData\Local\Temp\IXP000.TMP
C:\Users\user\AppData\Local\Temp\IXP000.TMP\TMP4351$.TMP
C:\Users\user\AppData\Local\Temp\IXP000.TMP\
C:\
C:\Users\user\AppData\Local\Temp
C:\Windows
C:\Users\user\AppData\Local\Temp\IXP000.TMP\iron.bmp
C:\Users\user\AppData\Local\Temp\IXP000.TMP\temp
C:\Users\user\AppData\Local\Temp\IXP000.TMP\temp.exe
C:\Users\user\AppData\Local\Temp\IXP000.TMP\ironman.exe
\Device\KsecDD
C:\Users
C:\Users\user
C:\Users\user\AppData
C:\Users\user\AppData\Local
C:\Users\user\AppData\Local\Temp\IXP000.TMP\ironman.ENG
C:\Users\user\AppData\Local\Temp\IXP000.TMP\ironman.ENG.DLL
C:\Users\user\AppData\Local\Temp\IXP000.TMP\ironman.EN
C:\Users\user\AppData\Local\Temp\IXP000.TMP\ironman.EN.DLL
C:\Windows\Fonts\staticcache.dat
C:\Users\user\Qrm\iron.bmp
C:\Users\user\AppData\Local\Temp\iron.txt
C:\Windows\SysWOW64\en-US\MSCTF.dll.mui
C:\Windows\Globalization\Sorting\sortdefault.nls
\Device\KsecDD
C:\Users\user\AppData\Local\Temp\IXP000.TMP\temp
C:\Windows\Fonts\staticcache.dat
C:\Users\user\AppData\Local\Temp\iron.txt
C:\Users\user\AppData\Local\Temp\IXP000.TMP\iron.bmp
C:\Windows\SysWOW64\en-US\MSCTF.dll.mui
C:\Users\user\AppData\Local\Temp\IXP000.TMP\TMP4351$.TMP
C:\Users\user\AppData\Local\Temp\IXP000.TMP\iron.bmp
C:\Users\user\AppData\Local\Temp\IXP000.TMP\temp
C:\Users\user\AppData\Local\Temp\IXP000.TMP\temp.exe
C:\Users\user\AppData\Local\Temp\IXP000.TMP\ironman.exe
C:\Users\user\AppData\Local\Temp\iron.txt
C:\Users\user\AppData\Local\Temp\IXP000.TMP
C:\Users\user\AppData\Local\Temp\iron.txt
HKEY_CURRENT_USER
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\PendingFileRenameOperations
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\temp.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Borland\Locales
HKEY_LOCAL_MACHINE\Software\Borland\Locales
HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000809
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
\xe5\xa9\xa0\xc8\xa7EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Sans Serif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\ironman.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{70FAF614-E0B1-11D3-8F5C-00C04F9CF4AC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\PendingFileRenameOperations
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000809
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
\xe5\xa9\xa0\xc8\xa7EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0
kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
kernelbase.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.ProcessIdToSessionId
imm32.dll.ImmCreateContext
imm32.dll.ImmDestroyContext
imm32.dll.ImmNotifyIME
imm32.dll.ImmAssociateContext
imm32.dll.ImmReleaseContext
imm32.dll.ImmGetContext
imm32.dll.ImmGetCompositionStringA
imm32.dll.ImmSetCompositionStringA
imm32.dll.ImmGetCompositionStringW
imm32.dll.ImmSetCompositionStringW
imm32.dll.ImmSetCandidateWindow
kernel32.dll.HeapSetInformation
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
advapi32.dll.DecryptFileA
feclient.dll.FeClientInitialize
advpack.dll.DelNodeRunDLL32
kernel32.dll.VirtualProtect
wsock32.dll.#116
wsock32.dll.#11
wsock32.dll.#52
wsock32.dll.#57
wsock32.dll.#115
winmm.dll.mixerSetControlDetails
winmm.dll.waveOutGetVolume
winmm.dll.joyGetPosEx
winmm.dll.mixerGetControlDetailsA
winmm.dll.mixerOpen
winmm.dll.mixerGetDevCapsA
winmm.dll.mixerGetLineControlsA
winmm.dll.waveOutSetVolume
winmm.dll.mixerClose
winmm.dll.mciSendStringA
winmm.dll.joyGetDevCapsA
winmm.dll.mixerGetLineInfoA
version.dll.VerQueryValueA
version.dll.GetFileVersionInfoA
version.dll.GetFileVersionInfoSizeA
comctl32.dll.ImageList_Create
comctl32.dll.#6
comctl32.dll.ImageList_ReplaceIcon
comctl32.dll.InitCommonControlsEx
comctl32.dll.ImageList_GetIconSize
comctl32.dll.ImageList_Destroy
comctl32.dll.ImageList_AddMasked
psapi.dll.GetModuleBaseNameA
psapi.dll.GetModuleFileNameExA
kernel32.dll.LoadResource
kernel32.dll.LockResource
kernel32.dll.FindFirstFileA
kernel32.dll.FindNextFileA
kernel32.dll.FindClose
kernel32.dll.FileTimeToLocalFileTime
kernel32.dll.SetEnvironmentVariableA
kernel32.dll.Beep
kernel32.dll.MoveFileA
kernel32.dll.OutputDebugStringA
kernel32.dll.CreateProcessA
kernel32.dll.GetFileAttributesA
kernel32.dll.GetExitCodeProcess
kernel32.dll.WriteProcessMemory
kernel32.dll.ReadProcessMemory
kernel32.dll.GetCurrentProcessId
kernel32.dll.OpenProcess
kernel32.dll.TerminateProcess
kernel32.dll.SetPriorityClass
kernel32.dll.SetLastError
kernel32.dll.GetEnvironmentVariableA
kernel32.dll.GetLocalTime
kernel32.dll.GetDateFormatA
kernel32.dll.GetTimeFormatA
kernel32.dll.GetDiskFreeSpaceA
kernel32.dll.SetVolumeLabelA
kernel32.dll.CreateFileA
kernel32.dll.DeviceIoControl
kernel32.dll.GetDriveTypeA
kernel32.dll.GetVolumeInformationA
kernel32.dll.CreateDirectoryA
kernel32.dll.ReadFile
kernel32.dll.GetACP
kernel32.dll.WriteFile
kernel32.dll.DeleteFileA
kernel32.dll.SetFileAttributesA
kernel32.dll.LocalFileTimeToFileTime
kernel32.dll.SetFileTime
kernel32.dll.GetFileSizeEx
kernel32.dll.GetSystemTime
kernel32.dll.GetSystemDefaultUILanguage
kernel32.dll.GetComputerNameA
kernel32.dll.GetWindowsDirectoryA
kernel32.dll.GetTempPathA
kernel32.dll.GetFullPathNameA
kernel32.dll.GetShortPathNameA
kernel32.dll.SizeofResource
kernel32.dll.LeaveCriticalSection
kernel32.dll.QueryDosDeviceA
kernel32.dll.CompareStringA
kernel32.dll.GetFullPathNameW
kernel32.dll.RemoveDirectoryA
kernel32.dll.CopyFileA
kernel32.dll.GetCurrentProcess
kernel32.dll.FormatMessageA
kernel32.dll.GetPrivateProfileStringA
kernel32.dll.GetPrivateProfileSectionA
kernel32.dll.GetPrivateProfileSectionNamesA
kernel32.dll.WritePrivateProfileStringA
kernel32.dll.WritePrivateProfileSectionA
kernel32.dll.SetEndOfFile
kernel32.dll.GetFileType
kernel32.dll.GetStdHandle
kernel32.dll.SetFilePointerEx
kernel32.dll.SystemTimeToFileTime
kernel32.dll.FileTimeToSystemTime
kernel32.dll.GetFileSize
kernel32.dll.VirtualAllocEx
kernel32.dll.VirtualFreeEx
kernel32.dll.EnumResourceNamesA
kernel32.dll.LoadLibraryExA
kernel32.dll.GlobalSize
kernel32.dll.TlsGetValue
kernel32.dll.TlsAlloc
kernel32.dll.IsValidCodePage
kernel32.dll.GetOEMCP
kernel32.dll.InterlockedDecrement
kernel32.dll.InterlockedIncrement
kernel32.dll.GetStartupInfoW
kernel32.dll.GetCommandLineA
kernel32.dll.HeapQueryInformation
kernel32.dll.HeapSize
kernel32.dll.HeapReAlloc
kernel32.dll.ExitProcess
kernel32.dll.GetModuleHandleW
kernel32.dll.HeapAlloc
kernel32.dll.HeapFree
kernel32.dll.UnhandledExceptionFilter
kernel32.dll.SetUnhandledExceptionFilter
kernel32.dll.IsDebuggerPresent
kernel32.dll.HeapCreate
kernel32.dll.GetModuleFileNameW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.FindResourceA
kernel32.dll.GetSystemTimeAsFileTime
kernel32.dll.GetModuleFileNameA
kernel32.dll.DeleteCriticalSection
kernel32.dll.GetCPInfo
kernel32.dll.GetVersionExW
kernel32.dll.FreeLibrary
kernel32.dll.LoadLibraryA
kernel32.dll.MultiByteToWideChar
kernel32.dll.GetModuleHandleA
kernel32.dll.GetProcAddress
kernel32.dll.GetLastError
kernel32.dll.CreateMutexA
kernel32.dll.CloseHandle
kernel32.dll.GetExitCodeThread
kernel32.dll.SetThreadPriority
kernel32.dll.CreateThread
kernel32.dll.GetStringTypeExA
kernel32.dll.lstrcmpiA
kernel32.dll.WideCharToMultiByte
kernel32.dll.GetCurrentThreadId
kernel32.dll.GlobalUnlock
kernel32.dll.GlobalFree
kernel32.dll.GlobalAlloc
kernel32.dll.GlobalLock
kernel32.dll.GetCurrentDirectoryA
kernel32.dll.SetErrorMode
kernel32.dll.InitializeCriticalSection
kernel32.dll.SetCurrentDirectoryA
kernel32.dll.Sleep
kernel32.dll.GetTickCount
kernel32.dll.MulDiv
kernel32.dll.TlsSetValue
kernel32.dll.TlsFree
kernel32.dll.LoadLibraryW
kernel32.dll.SetHandleCount
kernel32.dll.IsProcessorFeaturePresent
kernel32.dll.GetStringTypeW
kernel32.dll.RaiseException
kernel32.dll.RtlUnwind
kernel32.dll.GetConsoleCP
kernel32.dll.GetConsoleMode
kernel32.dll.FreeEnvironmentStringsW
kernel32.dll.GetEnvironmentStringsW
kernel32.dll.QueryPerformanceCounter
kernel32.dll.SetFilePointer
kernel32.dll.FlushFileBuffers
kernel32.dll.LCMapStringW
kernel32.dll.WriteConsoleW
kernel32.dll.SetStdHandle
kernel32.dll.GetProcessHeap
kernel32.dll.CreateFileW
kernel32.dll.EnterCriticalSection
kernel32.dll.VirtualQuery
user32.dll.ExitWindowsEx
user32.dll.SetMenu
user32.dll.FlashWindow
user32.dll.GetPropA
user32.dll.SetPropA
user32.dll.RemovePropA
user32.dll.MapWindowPoints
user32.dll.RedrawWindow
user32.dll.SetParent
user32.dll.SendMessageW
user32.dll.GetClassInfoExA
user32.dll.GetAncestor
user32.dll.UpdateWindow
user32.dll.GetMessagePos
user32.dll.GetClassLongA
user32.dll.DefDlgProcA
user32.dll.CallWindowProcA
user32.dll.CheckRadioButton
user32.dll.IntersectRect
user32.dll.GetUpdateRect
user32.dll.PtInRect
user32.dll.CreateDialogIndirectParamA
user32.dll.CreateAcceleratorTableA
user32.dll.DestroyAcceleratorTable
user32.dll.InsertMenuItemA
user32.dll.SetMenuDefaultItem
user32.dll.RemoveMenu
user32.dll.SetMenuItemInfoA
user32.dll.IsMenu
user32.dll.GetMenuItemInfoA
user32.dll.CreateMenu
user32.dll.CreatePopupMenu
user32.dll.SetMenuInfo
user32.dll.AppendMenuA
user32.dll.DestroyMenu
user32.dll.TrackPopupMenuEx
user32.dll.GetDesktopWindow
user32.dll.CopyImage
user32.dll.CreateIconIndirect
user32.dll.CreateIconFromResourceEx
user32.dll.EnumClipboardFormats
user32.dll.GetWindow
user32.dll.BringWindowToTop
user32.dll.MessageBoxA
user32.dll.GetTopWindow
user32.dll.DrawTextA
user32.dll.SetRect
user32.dll.GetIconInfo
user32.dll.SetWindowTextA
user32.dll.IsWindowVisible
user32.dll.CheckMenuItem
user32.dll.GetMenuStringA
user32.dll.ChangeClipboardChain
user32.dll.SetClipboardViewer
user32.dll.EnableMenuItem
user32.dll.GetMenu
user32.dll.CreateWindowExA
user32.dll.RegisterClassExA
user32.dll.LoadCursorA
user32.dll.DestroyIcon
user32.dll.DestroyWindow
user32.dll.IsCharAlphaA
user32.dll.MapVirtualKeyA
user32.dll.MapVirtualKeyExA
user32.dll.DefWindowProcA
user32.dll.GetGUIThreadInfo
user32.dll.GetWindowTextA
user32.dll.mouse_event
user32.dll.WindowFromPoint
user32.dll.GetSystemMetrics
user32.dll.keybd_event
user32.dll.SetKeyboardState
user32.dll.GetKeyboardState
user32.dll.GetCursorPos
user32.dll.PostMessageW
user32.dll.GetAsyncKeyState
user32.dll.AttachThreadInput
user32.dll.SendInput
user32.dll.UnregisterHotKey
user32.dll.RegisterHotKey
user32.dll.PostQuitMessage
user32.dll.SendMessageTimeoutA
user32.dll.UnhookWindowsHookEx
user32.dll.SetWindowsHookExA
user32.dll.PostThreadMessageA
user32.dll.IsCharAlphaNumericA
user32.dll.IsCharUpperA
user32.dll.IsCharLowerA
user32.dll.ToAsciiEx
user32.dll.GetKeyboardLayout
user32.dll.CallNextHookEx
user32.dll.CharLowerA
user32.dll.ReleaseDC
user32.dll.GetDC
user32.dll.OpenClipboard
user32.dll.GetClipboardData
user32.dll.GetClipboardFormatNameA
user32.dll.CloseClipboard
user32.dll.SetClipboardData
user32.dll.EmptyClipboard
user32.dll.PostMessageA
user32.dll.FindWindowA
user32.dll.GetSubMenu
user32.dll.GetMenuItemID
user32.dll.GetMenuItemCount
user32.dll.GetSystemMenu
user32.dll.GetLastInputInfo
user32.dll.GetCursor
user32.dll.ClientToScreen
user32.dll.MessageBeep
user32.dll.SetDlgItemTextA
user32.dll.GetDlgItem
user32.dll.SendDlgItemMessageA
user32.dll.DialogBoxParamA
user32.dll.LoadImageA
user32.dll.SetForegroundWindow
user32.dll.EndDialog
user32.dll.IsWindow
user32.dll.DispatchMessageA
user32.dll.TranslateMessage
user32.dll.ShowWindow
user32.dll.CountClipboardFormats
user32.dll.SetWindowLongA
user32.dll.ScreenToClient
user32.dll.IsDialogMessageA
user32.dll.SendMessageA
user32.dll.FillRect
user32.dll.DrawIconEx
user32.dll.GetSysColorBrush
user32.dll.GetSysColor
user32.dll.RegisterWindowMessageA
user32.dll.IsIconic
user32.dll.IsZoomed
user32.dll.EnumWindows
user32.dll.GetWindowTextLengthA
user32.dll.EnableWindow
user32.dll.InvalidateRect
user32.dll.SetLayeredWindowAttributes
user32.dll.SetWindowPos
user32.dll.SetWindowRgn
user32.dll.SetFocus
user32.dll.SetActiveWindow
user32.dll.EnumChildWindows
user32.dll.MoveWindow
user32.dll.GetQueueStatus
user32.dll.GetWindowRect
user32.dll.GetClientRect
user32.dll.IsWindowEnabled
user32.dll.GetWindowLongA
user32.dll.GetKeyState
user32.dll.TranslateAcceleratorA
user32.dll.KillTimer
user32.dll.PeekMessageA
user32.dll.GetFocus
user32.dll.GetClassNameA
user32.dll.GetWindowThreadProcessId
user32.dll.GetForegroundWindow
user32.dll.GetMessageA
user32.dll.SetTimer
user32.dll.GetParent
user32.dll.GetDlgCtrlID
user32.dll.CharUpperA
user32.dll.IsClipboardFormatAvailable
user32.dll.SystemParametersInfoA
user32.dll.VkKeyScanExA
user32.dll.AdjustWindowRectEx
user32.dll.LoadAcceleratorsA
gdi32.dll.GetPixel
gdi32.dll.GetClipRgn
gdi32.dll.GetCharABCWidthsA
gdi32.dll.SetBkMode
gdi32.dll.CreatePatternBrush
gdi32.dll.SetBrushOrgEx
gdi32.dll.EnumFontFamiliesExA
gdi32.dll.CreateDIBSection
gdi32.dll.GdiFlush
gdi32.dll.SetBkColor
gdi32.dll.ExcludeClipRect
gdi32.dll.SetTextColor
gdi32.dll.GetClipBox
gdi32.dll.BitBlt
gdi32.dll.CreateCompatibleBitmap
gdi32.dll.GetSystemPaletteEntries
gdi32.dll.GetDIBits
gdi32.dll.CreateCompatibleDC
gdi32.dll.CreatePolygonRgn
gdi32.dll.CreateRectRgn
gdi32.dll.CreateRoundRectRgn
gdi32.dll.CreateEllipticRgn
gdi32.dll.DeleteDC
gdi32.dll.GetObjectA
gdi32.dll.GetTextMetricsA
gdi32.dll.GetTextFaceA
gdi32.dll.SelectObject
gdi32.dll.GetStockObject
gdi32.dll.CreateDCA
gdi32.dll.CreateSolidBrush
gdi32.dll.CreateFontA
gdi32.dll.FillRgn
gdi32.dll.GetDeviceCaps
gdi32.dll.DeleteObject
comdlg32.dll.CommDlgExtendedError
comdlg32.dll.GetSaveFileNameA
comdlg32.dll.GetOpenFileNameA
advapi32.dll.RegDeleteKeyA
advapi32.dll.RegSetValueExA
advapi32.dll.RegCreateKeyExA
advapi32.dll.RegQueryValueExA
advapi32.dll.AdjustTokenPrivileges
advapi32.dll.LookupPrivilegeValueA
advapi32.dll.OpenProcessToken
advapi32.dll.CloseServiceHandle
advapi32.dll.UnlockServiceDatabase
advapi32.dll.LockServiceDatabase
advapi32.dll.OpenSCManagerA
advapi32.dll.GetUserNameA
advapi32.dll.RegEnumKeyExA
advapi32.dll.RegEnumValueA
advapi32.dll.RegQueryInfoKeyA
advapi32.dll.RegOpenKeyExA
advapi32.dll.RegCloseKey
advapi32.dll.RegConnectRegistryA
advapi32.dll.RegDeleteValueA
shell32.dll.DragQueryPoint
shell32.dll.SHEmptyRecycleBinA
shell32.dll.SHFileOperationA
shell32.dll.SHGetPathFromIDListA
shell32.dll.SHBrowseForFolderA
shell32.dll.SHGetDesktopFolder
shell32.dll.SHGetMalloc
shell32.dll.SHGetFolderPathA
shell32.dll.ShellExecuteExA
shell32.dll.Shell_NotifyIconA
shell32.dll.DragFinish
shell32.dll.DragQueryFileA
shell32.dll.ExtractIconA
ole32.dll.OleInitialize
ole32.dll.OleUninitialize
ole32.dll.CoCreateInstance
ole32.dll.CoInitialize
ole32.dll.CoUninitialize
ole32.dll.CLSIDFromString
ole32.dll.CoGetObject
ole32.dll.StringFromGUID2
ole32.dll.CreateStreamOnHGlobal
oleaut32.dll.#20
oleaut32.dll.#35
oleaut32.dll.#418
oleaut32.dll.#24
oleaut32.dll.#18
oleaut32.dll.#23
oleaut32.dll.#22
oleaut32.dll.#148
oleaut32.dll.#21
oleaut32.dll.#17
oleaut32.dll.#16
oleaut32.dll.#19
oleaut32.dll.#11
oleaut32.dll.#27
oleaut32.dll.#2
oleaut32.dll.#12
oleaut32.dll.#9
oleaut32.dll.#15
oleaut32.dll.#6
oleaut32.dll.#7
cryptbase.dll.SystemFunction036
ntdll.dll.RtlGetVersion
user32.dll.RemoveClipboardFormatListener
user32.dll.AddClipboardFormatListener
kernel32.dll.IsWow64Process
advapi32.dll.CryptAcquireContextW
advapi32.dll.CryptCreateHash
advapi32.dll.CryptHashData
advapi32.dll.CryptDeriveKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptEncrypt
advapi32.dll.CryptDecrypt
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptSetHashParam
advapi32.dll.CryptGetHashParam
kernel32.dll.FormatMessageW
advapi32.dll.CryptSetKeyParam
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptDeriveKey
cryptsp.dll.CryptGetKeyParam
cryptsp.dll.CryptDecrypt
cryptsp.dll.CryptDestroyKey
cryptsp.dll.CryptDestroyHash
cryptsp.dll.CryptReleaseContext
oleaut32.dll.#500
kernel32.dll.GetDiskFreeSpaceExA
oleaut32.dll.VariantChangeTypeEx
oleaut32.dll.VarNeg
oleaut32.dll.VarNot
oleaut32.dll.VarAdd
oleaut32.dll.VarSub
oleaut32.dll.VarMul
oleaut32.dll.VarDiv
oleaut32.dll.VarIdiv
oleaut32.dll.VarMod
oleaut32.dll.VarAnd
oleaut32.dll.VarOr
oleaut32.dll.VarXor
oleaut32.dll.VarCmp
oleaut32.dll.VarI4FromStr
oleaut32.dll.VarR4FromStr
oleaut32.dll.VarR8FromStr
oleaut32.dll.VarDateFromStr
oleaut32.dll.VarCyFromStr
oleaut32.dll.VarBoolFromStr
oleaut32.dll.VarBstrFromCy
oleaut32.dll.VarBstrFromDate
oleaut32.dll.VarBstrFromBool
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.AnimateWindow
comctl32.dll.InitializeFlatSB
comctl32.dll.UninitializeFlatSB
comctl32.dll.FlatSB_GetScrollProp
comctl32.dll.FlatSB_SetScrollProp
comctl32.dll.FlatSB_EnableScrollBar
comctl32.dll.FlatSB_ShowScrollBar
comctl32.dll.FlatSB_GetScrollRange
comctl32.dll.FlatSB_GetScrollInfo
comctl32.dll.FlatSB_GetScrollPos
comctl32.dll.FlatSB_SetScrollPos
comctl32.dll.FlatSB_SetScrollInfo
comctl32.dll.FlatSB_SetScrollRange
ole32.dll.CoCreateInstanceEx
ole32.dll.CoInitializeEx
ole32.dll.CoAddRefServerProcess
ole32.dll.CoReleaseServerProcess
ole32.dll.CoResumeClassObjects
ole32.dll.CoSuspendClassObjects
olepro32.dll.OleCreatePropertyFrame
olepro32.dll.OleCreateFontIndirect
olepro32.dll.OleCreatePictureIndirect
olepro32.dll.OleLoadPicture
uxtheme.dll.OpenThemeData
uxtheme.dll.CloseThemeData
uxtheme.dll.DrawThemeBackground
uxtheme.dll.DrawThemeText
uxtheme.dll.GetThemeBackgroundContentRect
uxtheme.dll.GetThemePartSize
uxtheme.dll.GetThemeTextExtent
uxtheme.dll.GetThemeTextMetrics
uxtheme.dll.GetThemeBackgroundRegion
uxtheme.dll.HitTestThemeBackground
uxtheme.dll.DrawThemeEdge
uxtheme.dll.DrawThemeIcon
uxtheme.dll.IsThemePartDefined
uxtheme.dll.IsThemeBackgroundPartiallyTransparent
uxtheme.dll.GetThemeColor
uxtheme.dll.GetThemeMetric
uxtheme.dll.GetThemeString
uxtheme.dll.GetThemeBool
uxtheme.dll.GetThemeInt
uxtheme.dll.GetThemeEnumValue
uxtheme.dll.GetThemePosition
uxtheme.dll.GetThemeFont
uxtheme.dll.GetThemeRect
uxtheme.dll.GetThemeMargins
uxtheme.dll.GetThemeIntList
uxtheme.dll.GetThemePropertyOrigin
uxtheme.dll.SetWindowTheme
uxtheme.dll.GetThemeFilename
uxtheme.dll.GetThemeSysColor
uxtheme.dll.GetThemeSysColorBrush
uxtheme.dll.GetThemeSysBool
uxtheme.dll.GetThemeSysSize
uxtheme.dll.GetThemeSysFont
uxtheme.dll.GetThemeSysString
uxtheme.dll.GetThemeSysInt
uxtheme.dll.IsThemeActive
uxtheme.dll.IsAppThemed
uxtheme.dll.GetWindowTheme
uxtheme.dll.EnableThemeDialogTexture
uxtheme.dll.IsThemeDialogTextureEnabled
uxtheme.dll.GetThemeAppProperties
uxtheme.dll.SetThemeAppProperties
uxtheme.dll.GetCurrentThemeName
uxtheme.dll.GetThemeDocumentationProperty
uxtheme.dll.DrawThemeParentBackground
uxtheme.dll.EnableTheming
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryValueExW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
gdi32.dll.GetTextFaceAliasW
gdi32.dll.GetTextExtentExPointWPri
kernel32.dll.VirtualFree
kernel32.dll.VirtualAlloc
kernel32.dll.LocalFree
kernel32.dll.LocalAlloc
kernel32.dll.GetVersion
kernel32.dll.lstrlenA
kernel32.dll.lstrcpynA
kernel32.dll.GetThreadLocale
kernel32.dll.GetStartupInfoA
kernel32.dll.GetLocaleInfoA
user32.dll.GetKeyboardType
user32.dll.LoadStringA
user32.dll.CharNextA
oleaut32.dll.SysFreeString
oleaut32.dll.SysReAllocStringLen
oleaut32.dll.SysAllocStringLen
advapi32.dll.RegOpenKeyA
kernel32.dll.WaitForSingleObject
kernel32.dll.SetEvent
kernel32.dll.ResetEvent
kernel32.dll.GetVersionExA
kernel32.dll.FileTimeToDosDateTime
kernel32.dll.EnumCalendarInfoA
kernel32.dll.CreateEventA
user32.dll.CallWindowProcW
user32.dll.CharToOemA
oleaut32.dll.SafeArrayPtrOfIndex
oleaut32.dll.SafeArrayGetUBound
oleaut32.dll.SafeArrayGetLBound
oleaut32.dll.SafeArrayCreate
oleaut32.dll.VariantChangeType
oleaut32.dll.VariantCopy
oleaut32.dll.VariantClear
oleaut32.dll.VariantInit
shfolder.dll.SHGetFolderPathA
user32.dll.MonitorFromWindow
advapi32.dll.RegEnumValueW
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
gdi32.dll.GdiIsMetaPrintDC
C:\Users\user\AppData\Local\Temp\IXP000.TMP\temp.exe
C:\Users\user\AppData\Local\Temp\IXP000.TMP\ironman.exe
Local\MSCTF.Asm.MutexDefault1

Binary Entropy

PE Information

Image Base 0x00400000
Entry Point 0x004067cc
Reported Checksum 0x00123622
Actual Checksum 0x0012d630
Minimum OS Version 6.3
PDB Path wextract.pdb
Compile Time 2013-10-14 05:50:27
Import Hash bc70c4fa605f17c85050b7c7b6d42e44

Sections

Name Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00001000 0x000065cc 0x00006600 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.38
.data 0x00008000 0x00001a8c 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.18
.idata 0x0000a000 0x00001078 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.05
.rsrc 0x0000c000 0x00116a90 0x00116c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.99
.reloc 0x00123000 0x000013ae 0x00001400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 3.72

Overlay

Offset 0x00120000
Size 0x00004b58

Imports

Library ADVAPI32.dll:
0x40a000 OpenProcessToken
0x40a004 GetTokenInformation
0x40a008 RegSetValueExA
0x40a00c EqualSid
0x40a010 RegQueryValueExA
0x40a018 RegCreateKeyExA
0x40a01c RegOpenKeyExA
0x40a020 RegQueryInfoKeyA
0x40a024 RegDeleteValueA
0x40a02c FreeSid
0x40a034 RegCloseKey
Library KERNEL32.dll:
0x40a064 GetFileAttributesA
0x40a068 IsDBCSLeadByte
0x40a06c GetSystemDirectoryA
0x40a070 GlobalUnlock
0x40a074 GetShortPathNameA
0x40a078 CreateDirectoryA
0x40a07c FindFirstFileA
0x40a080 GetLastError
0x40a084 GetProcAddress
0x40a088 RemoveDirectoryA
0x40a08c SetFileAttributesA
0x40a090 GlobalFree
0x40a094 FindClose
0x40a09c LoadLibraryA
0x40a0a0 LocalAlloc
0x40a0a8 GetModuleFileNameA
0x40a0ac FindNextFileA
0x40a0b0 CompareStringA
0x40a0b4 _lopen
0x40a0b8 CloseHandle
0x40a0bc LocalFree
0x40a0c0 DeleteFileA
0x40a0c4 ExitProcess
0x40a0cc CreateFileA
0x40a0d0 FindResourceA
0x40a0d4 GlobalAlloc
0x40a0dc LoadResource
0x40a0e0 WaitForSingleObject
0x40a0e4 SetEvent
0x40a0e8 GetModuleHandleW
0x40a0ec FormatMessageA
0x40a0f0 SetFileTime
0x40a0f4 WriteFile
0x40a0f8 GetDriveTypeA
0x40a100 TerminateThread
0x40a104 SizeofResource
0x40a108 CreateEventA
0x40a10c GetExitCodeProcess
0x40a110 CreateProcessA
0x40a114 _llseek
0x40a11c GetTempFileNameA
0x40a120 ResetEvent
0x40a124 LockResource
0x40a128 GetSystemInfo
0x40a12c LoadLibraryExA
0x40a130 CreateMutexA
0x40a138 GetVersionExA
0x40a13c GetVersion
0x40a140 GetTempPathA
0x40a144 CreateThread
0x40a14c SetFilePointer
0x40a154 lstrcmpA
0x40a158 _lclose
0x40a15c GlobalLock
0x40a160 GetCurrentProcess
0x40a164 FreeResource
0x40a168 FreeLibrary
0x40a16c Sleep
0x40a170 GetStartupInfoA
0x40a17c TerminateProcess
0x40a180 OutputDebugStringA
0x40a184 RtlUnwind
0x40a188 GetModuleHandleA
0x40a190 GetCurrentProcessId
0x40a194 GetCurrentThreadId
0x40a19c GetTickCount
0x40a1a4 MulDiv
0x40a1a8 GetDiskFreeSpaceA
0x40a1ac ReadFile
Library GDI32.dll:
0x40a058 GetDeviceCaps
Library USER32.dll:
0x40a1b4 GetDC
0x40a1b8 SendMessageA
0x40a1bc SetForegroundWindow
0x40a1c4 SendDlgItemMessageA
0x40a1c8 GetWindowRect
0x40a1cc MessageBoxA
0x40a1d0 GetWindowLongA
0x40a1d4 PeekMessageA
0x40a1d8 ReleaseDC
0x40a1dc GetDlgItem
0x40a1e0 SetWindowPos
0x40a1e4 ShowWindow
0x40a1e8 DispatchMessageA
0x40a1ec SetWindowTextA
0x40a1f0 EnableWindow
0x40a1f4 CallWindowProcA
0x40a1fc GetDlgItemTextA
0x40a200 LoadStringA
0x40a204 MessageBeep
0x40a208 CharUpperA
0x40a20c CharNextA
0x40a210 ExitWindowsEx
0x40a214 CharPrevA
0x40a218 EndDialog
0x40a21c GetDesktopWindow
0x40a220 SetDlgItemTextA
0x40a224 SetWindowLongA
0x40a228 GetSystemMetrics
Library msvcrt.dll:
0x40a240 memset
0x40a244 ?terminate@@YAXXZ
0x40a248 _controlfp
0x40a24c memcpy
0x40a250 _ismbblead
0x40a254 __p__fmode
0x40a258 _cexit
0x40a25c _exit
0x40a260 exit
0x40a264 __set_app_type
0x40a268 __getmainargs
0x40a26c _acmdln
0x40a270 _initterm
0x40a274 _amsg_exit
0x40a278 __p__commode
0x40a27c _XcptFilter
0x40a280 _errno
0x40a284 _vsnprintf
0x40a288 __setusermatherr
Library COMCTL32.dll:
0x40a03c None
Library Cabinet.dll:
0x40a044 None
0x40a048 None
0x40a04c None
0x40a050 None
Library VERSION.dll:
0x40a230 GetFileVersionInfoA
0x40a238 VerQueryValueA

.text
`.data
.idata
@.rsrc
@.reloc
advapi32.dll
CheckTokenMembership
Reboot
AdvancedINF
Version
setupx.dll
setupapi.dll
SeShutdownPrivilege
advpack.dll
DelNodeRunDLL32
wininit.ini
Software\Microsoft\Windows\CurrentVersion\App Paths
HeapSetInformation
TITLE
EXTRACTOPT
INSTANCECHECK
VERCHECK
DecryptFileA
LICENSE
<None>
REBOOT
SHOWWINDOW
ADMQCMD
USRQCMD
RUNPROGRAM
POSTRUNPROGRAM
FINISHMSG
LoadString() Error. Could not load string resource.
CABINET
FILESIZES
PACKINSTSPACE
UPROMPT
IXP%03d.TMP
alpha
msdownld.tmp
TMP4351$.TMP
RegServer
UPDFILE%lu
Control Panel\Desktop\ResourceLocale
wextract.pdb
D$HjDj
Sh#J@
Phgd@
jXhhu@
XPVSh
rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"
System\CurrentControlSet\Control\Session Manager
System\CurrentControlSet\Control\Session Manager\FileRenameOperations
wextract_cleanup%d
Command.com /c %s
rundll32.exe %s,InstallHinfSection %s 128 %s
Software\Microsoft\Windows\CurrentVersion\RunOnce
DefaultInstall
%s /D:%s
PendingFileRenameOperations
*MEMCAB
SHBrowseForFolder
SHELL32.DLL
DoInfInstall
SHGetPathFromIDList
OpenProcessToken
GetTokenInformation
RegSetValueExA
EqualSid
RegQueryValueExA
LookupPrivilegeValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteValueA
AllocateAndInitializeSid
FreeSid
AdjustTokenPrivileges
RegCloseKey
ADVAPI32.dll
lstrcmpA
_llseek
FreeLibrary
GetCurrentProcess
GlobalLock
_lclose
ExpandEnvironmentStringsA
GetWindowsDirectoryA
GlobalAlloc
GetPrivateProfileIntA
GetFileAttributesA
IsDBCSLeadByte
GetSystemDirectoryA
GlobalUnlock
GetShortPathNameA
CreateDirectoryA
FindFirstFileA
GetLastError
GetProcAddress
RemoveDirectoryA
SetFileAttributesA
GlobalFree
FindClose
GetPrivateProfileStringA
LoadLibraryA
LocalAlloc
WritePrivateProfileStringA
GetModuleFileNameA
FindNextFileA
CompareStringA
_lopen
CloseHandle
LocalFree
DeleteFileA
ExitProcess
DosDateTimeToFileTime
CreateFileA
FindResourceA
SetFilePointer
FreeResource
LoadResource
WaitForSingleObject
SetEvent
GetModuleHandleW
FormatMessageA
SetFileTime
WriteFile
GetDriveTypeA
GetVolumeInformationA
TerminateThread
SizeofResource
CreateEventA
GetExitCodeProcess
CreateProcessA
ReadFile
SetCurrentDirectoryA
GetTempFileNameA
ResetEvent
LockResource
GetSystemInfo
LoadLibraryExA
CreateMutexA
GetCurrentDirectoryA
GetVersionExA
GetVersion
GetTempPathA
CreateThread
LocalFileTimeToFileTime
KERNEL32.dll
GetDeviceCaps
GDI32.dll
SetDlgItemTextA
GetDesktopWindow
EndDialog
CharPrevA
ExitWindowsEx
CharNextA
CharUpperA
MessageBeep
LoadStringA
GetDlgItemTextA
DialogBoxIndirectParamA
CallWindowProcA
EnableWindow
SetWindowTextA
DispatchMessageA
ShowWindow
SetWindowPos
GetDlgItem
ReleaseDC
PeekMessageA
GetWindowLongA
MessageBoxA
SetWindowLongA
GetDC
SendMessageA
SetForegroundWindow
MsgWaitForMultipleObjects
SendDlgItemMessageA
GetWindowRect
USER32.dll
_vsnprintf
_errno
_XcptFilter
__p__commode
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
__p__fmode
_ismbblead
__setusermatherr
_initterm
_acmdln
msvcrt.dll
memcpy
memset
?terminate@@YAXXZ
_controlfp
COMCTL32.dll
Cabinet.dll
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VERSION.dll
Sleep
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
RtlUnwind
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
EnumResourceLanguagesA
MulDiv
GetDiskFreeSpaceA
GetSystemMetrics
<None>
iron.bmp
temp.exe
/)$Vo
RlOY3
1pGIvG
z b[Dj
D*8>7_
3<n&d
VQ$sA
`]$};M
tMP$I
J@/BC
Zj(t@
u9`N9Qk_V0
?xS~}
+.XEe
#rq>N
6+y\(
{ H_5
n|L=ud=
;<(kX\+/y
1VPVc4C
Wpaix9G
upGQX
R%~db<
<None>
<None>
ironman.exe
"temp.exe"
<None>
<None>
Gact2.0Omaha
appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={9A33AF93-8E8E-48FB-2464-C5D0683F42CD}&lang=ru&browser=3&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=defaultbrowser
Kernel32.dll
USRQCMD
License
MS Shell Dlg
Please read the following license agreement. Press the PAGE DOWN key to see the rest of the agreement.
Do you accept all of the terms of the preceding License Agreement? If you choose No, Install will close. To install you must accept this agreement.
MS Shell Dlg
"Page Down".
Temporary folder
MS Shell Dlg
Please type the location where you want to place the extracted files.
&Browse...
Cancel
MS Shell Dlg
Overwrite file
MS Shell Dlg
Do you want to overwrite the file:
Yes To &All
MS Shell Dlg
Extract
MS Shell Dlg
&Cancel
Extracting
Initializing... Please wait...
msctls_progress32
Generic1
SysAnimate32
User1
MS Shell Dlg
msctls_progress32
Generic1
SysAnimate32
User1
Extract
MS Shell Dlg
&Cancel
Extracting
Initializing... Please wait...
MS Shell Dlg
Warning
MS Shell Dlg
E&xit
&Continue
Do you want to continue?
MS Shell Dlg
System Message: %s.&A required resource cannot be located. Are you sure you want to cancel?
8Unable to retrieve operating system version information.!Memory allocation request failed.
#Unable to create extraction thread.
!Could not update folder edit box.5Could not load functions required for browser dialog.7Could not load Shell32.dll required for browser dialog.
Do you still want to continue?
Error retrieving Windows folder
System message: %s.xSetup could not find a drive with %s KB free disk space to install the program. Please free up some space and try again.eThe installation program appears to be damaged or corrupted. Contact the vendor of this application.
Windows
Do you want to restart your computer now?
Could not find the file: %s.
: %s.
You do not have administrator privileges on this machine. Some installations cannot be completed correctly unless they are run by an administrator.
:The folder '%s' does not exist. Do you want to create it?hAnother copy of the '%s' package is already running on your system. You can only run one copy at a time.OThe '%s' package is not compatible with the version of Windows you are running.SThe '%s' package is not compatible with the version of the file: %s on your system.
This file is not on VirusTotal.

Process Tree


Cashback.exe, PID: 1912, Parent PID: 2644
Full Path: C:\Users\user\AppData\Local\Temp\Cashback.exe
Command Line: "C:\Users\user\AppData\Local\Temp\Cashback.exe"
temp.exe, PID: 1668, Parent PID: 1912
Full Path: C:\Users\user\AppData\Local\Temp\IXP000.TMP\temp.exe
Command Line: C:\Users\user\AppData\Local\Temp\IXP000.TMP\temp.exe
ironman.exe, PID: 1556, Parent PID: 1912
Full Path: C:\Users\user\AppData\Local\Temp\IXP000.TMP\ironman.exe
Command Line: C:\Users\user\AppData\Local\Temp\IXP000.TMP\ironman.exe

Hosts

Direct IP Country Name
N 88.221.134.178 [VT] Europe
Y 8.8.8.8 [VT] United States
N 72.247.177.161 [VT] Netherlands
N 23.51.123.27 [VT] Netherlands

TCP

Source Source Port Destination Destination Port
192.168.35.22 49160 23.51.123.27 ocsp.thawte.com 80
192.168.35.22 49161 23.51.123.27 ocsp.thawte.com 80
192.168.35.22 49159 72.247.177.161 www.download.windowsupdate.com 80
192.168.35.22 49176 88.221.134.178 crl.microsoft.com 80

UDP

Source Source Port Destination Destination Port
192.168.35.22 58774 8.8.8.8 53
192.168.35.22 59887 8.8.8.8 53
192.168.35.22 61809 8.8.8.8 53
192.168.35.22 63733 8.8.8.8 53

DNS

Name Response Post-Analysis Lookup
www.download.windowsupdate.com [VT] CNAME 2-01-3cf7-0009.cdx.cedexis.net [VT]
A 72.247.177.161 [VT]
CNAME download.windowsupdate.com.edgesuite.net [VT]
A 72.247.177.169 [VT]
CNAME a767.dspw65.akamai.net [VT]
ocsp.thawte.com [VT] CNAME ocsp-ds.ws.symantec.com.edgekey.net [VT]
CNAME e8218.dscb1.akamaiedge.net [VT]
A 23.51.123.27 [VT]
th.symcd.com [VT]
crl.microsoft.com [VT] A 88.221.134.240 [VT]
A 88.221.134.178 [VT]
CNAME crl.www.ms.akadns.net [VT]
CNAME a1363.dscg.akamai.net [VT]

HTTP Requests

URI Data
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 86400
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 19 Apr 2017 22:43:31 GMT
If-None-Match: "80ab755e5eb9d21:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com

http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com

http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: th.symcd.com

http://crl.microsoft.com/pki/crl/products/WinPCA.crl
GET /pki/crl/products/WinPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 02 Dec 2015 18:30:06 GMT
If-None-Match: "0cb60772f2dd11:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

File name iron.bmp
Associated Filenames
C:\Users\user\AppData\Local\Temp\IXP000.TMP\iron.bmp
File Size 314978 bytes
File Type PC bitmap, Windows 3.x format, 801 x 131 x 24
MD5 4be9694ef66d247038424a00101af092
SHA1 b681b10470a6622624a1cf445e71ceca41e73f43
SHA256 59ce4aa32eef6dfb1adda581787d2e29072976f80504f9b6efa9d127dd0082a9
CRC32 F000D83E
Ssdeep 6144:nlOlTIlo5UidPBc3y2zwrEnBNl6fFBInGzXRRwLBHc5BAE/B7QSAHU:nAlTH3ZcnzwQNQunQXROl85BAGB7CU
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name temp
Associated Filenames
C:\Users\user\AppData\Local\Temp\IXP000.TMP\temp
File Size 544768 bytes
File Type data
MD5 7d1847bd47deaf9ce4f8f3800a7c744b
SHA1 7c73706be6156530ee31d7e7fe16d7566e809a44
SHA256 31eb5372d29ff52fcad74ab5f9798d90f3d7fc3b529ba83a3bd099a5b7029e0c
CRC32 558EE830
Ssdeep 12288:NRSh3RtT+Mhkm6hxfr255eu51wm3SK+7b4HzAZOvbH:Nsh3RF+QwrrgemiX4Hz1bH
ClamAV None
Yara
  • shellcode - Matched shellcode byte patterns
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name temp.exe
Associated Filenames
C:\Users\user\AppData\Local\Temp\IXP000.TMP\temp.exe
File Size 307200 bytes
File Type MS-DOS executable, MZ for MS-DOS
MD5 cbabf86a14c5b5da2fa40245fd69074a
SHA1 4a2000cdefd7864245d68b92acb8ba8ae3858702
SHA256 ebdba4b1d1de65a1c6b14012b674e7fa7f8c5f5a8a5a2a9c3c338f02dd726aad
CRC32 A8096340
Ssdeep 6144:KOdLE9dDKHpCj00JIhAnTyrBdp3pxPx3UJjWUnvyFIvXU2H:KOKdDKHpCI0VWrHp3HWMUSIvX
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name ironman.exe
Associated Filenames
C:\Users\user\AppData\Local\Temp\IXP000.TMP\ironman.exe
File Size 544768 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2e53705a6b9e70444ad77f274d741cd7
SHA1 24b6f7bdd67fac7825c9c98b3b66abcdd0c24c5e
SHA256 2c41b93add9ac5080a12bf93966470f8ab3bde003001492a10f63758867f2a88
CRC32 40FB05E2
Ssdeep 6144:AfiWiKdn8mdY/oo5xotj3DCoUcvJpDVu/kPSYvymx1siPjDma2eWOJPeNn4xcI0/:LWld8xokxqTFhBVsiPlBWhnBI0XuOqO
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name iron.txt
Associated Filenames
C:\Users\user\AppData\Local\Temp\iron.txt
File Size 189440 bytes
File Type data
MD5 3aae3c3e8b251f696a4bdf5f0d25ea4f
SHA1 98a48413202b50d13e9a956d77c9579fe6aceac2
SHA256 4a8c021987de1f8ae4f167d77a93e50682e6cb755649924bc074bedcfaca7e89
CRC32 CC78544B
Ssdeep 3072:p4QMCY1FEgStGl/lZ37WcIyBs8en+SNQDbLLwFTYqxD9OGWYgcVQbfFm+Myj:pOCuhE2/lFRIKMqLLwSacGWYofFHMyj
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name iron.txt
Associated Filenames
C:\Users\user\AppData\Local\Temp\iron.txt
File Size 74043 bytes
File Type data
MD5 c9c255b79f7b4506e8dea0b63d318abb
SHA1 8d8d9080dfbf69f2ebd4011c105e8abec427ed92
SHA256 a619b49e51a67b6629911e362059c062ad029af567c8621ff794e8fe263b2335
CRC32 ECE1FA6D
Ssdeep 1536:pS1b7lQMTxkq+Kr5hfrPx+rwTSt7dcl82l6uNtBN:p4QMCY1FEgStGl/lZ3
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
Type Extracted PE Image
Size 743424 bytes
Virtual Address 0x00400000
Process temp.exe
PID 1668
Path C:\Users\user\AppData\Local\Temp\IXP000.TMP\temp.exe
MD5 ad55625868efccb50830cfa048ba49d6
SHA1 c4071a04694311faadaebc188a7dee39730df857
SHA256 35cf81606f771b51d982d11becafc78dde2b62908170539487ec8f52ff12b503
CRC32 DFBA5108
Ssdeep 12288:UO462JZ8JufUhwSYL4n6v24Vn2YRpzHMzZjHv7X6sTX8Q0Or7CbsJQE60U4zCvQ3:U+2H8JufCYL4n6uI5HzSCbRV4WvQVWfE
Yara None matched
CAPE Yara None matched
Download Download ZIP
Type Extracted Shellcode
Size 4096 bytes
Virtual Address 0x002C0000
Process ironman.exe
PID 1556
Path C:\Users\user\AppData\Local\Temp\IXP000.TMP\ironman.exe
MD5 55d113d37f82534d754d777f3fb669f1
SHA1 4df250b2f5e1a1ae17acbe7f0f456ca102e25125
SHA256 b0032c95631f2551e4079bff806e6f4c532800fcdc40ecaf88d7b0150a4e5855
CRC32 2CCC7A28
Ssdeep 48:ywHcMjUwlASfLC0RnstjL28POmr0e4j7s0MTWStC2sxQMvajiDa0SXhqHvtPSl/:ywXP/C6sZL2VArXSQMOuoXhIe
Yara None matched
CAPE Yara None matched
Download Download ZIP
Sorry! No process dumps.

Comments



No comments posted

Processing ( 8.407 seconds )

  • 2.842 CAPE
  • 1.788 Static
  • 1.666 Dropped
  • 0.693 TargetInfo
  • 0.65 BehaviorAnalysis
  • 0.443 Deduplicate
  • 0.12 TrID
  • 0.089 AnalysisInfo
  • 0.078 Strings
  • 0.037 NetworkAnalysis
  • 0.001 Debug

Signatures ( 0.31 seconds )

  • 0.021 antidbg_windows
  • 0.019 decoy_document
  • 0.018 Doppelganging
  • 0.017 api_spamming
  • 0.013 injection_createremotethread
  • 0.012 InjectionCreateRemoteThread
  • 0.012 antiav_detectreg
  • 0.011 InjectionProcessHollowing
  • 0.011 injection_runpe
  • 0.01 antiemu_wine_func
  • 0.01 dynamic_function_loading
  • 0.009 malicious_dynamic_function_loading
  • 0.009 InjectionInterProcess
  • 0.009 Extraction
  • 0.008 infostealer_browser_password
  • 0.008 kovter_behavior
  • 0.007 ransomware_files
  • 0.006 stealth_timeout
  • 0.005 antidebug_guardpages
  • 0.005 exploit_heapspray
  • 0.005 exploit_getbasekerneladdress
  • 0.005 virus
  • 0.005 infostealer_ftp
  • 0.004 sets_autoconfig_url
  • 0.004 bootkit
  • 0.004 mimics_filetime
  • 0.004 exploit_gethaldispatchtable
  • 0.004 ransomware_message
  • 0.003 stack_pivot
  • 0.003 ipc_namedpipe
  • 0.003 persistence_autorun
  • 0.003 securityxploded_modules
  • 0.003 antiav_detectfile
  • 0.003 infostealer_im
  • 0.003 ransomware_extensions
  • 0.002 disables_spdy
  • 0.002 reads_self
  • 0.002 uac_bypass_cmstp
  • 0.002 disables_wfp
  • 0.002 antianalysis_detectreg
  • 0.002 browser_security
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_mail
  • 0.001 tinba_behavior
  • 0.001 antivm_vbox_libs
  • 0.001 rat_nanocore
  • 0.001 antiav_avast_libs
  • 0.001 office_write_exe
  • 0.001 infostealer_browser
  • 0.001 stealth_file
  • 0.001 antivm_vbox_window
  • 0.001 betabot_behavior
  • 0.001 antivm_generic_disk
  • 0.001 office_postscript
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_vbox_files
  • 0.001 antivm_vbox_keys
  • 0.001 geodo_banking_trojan
  • 0.001 disables_browser_warn
  • 0.001 network_torgateway

Reporting ( 0.004 seconds )

  • 0.004 CompressResults
Task ID 90428
Mongo ID 5d793e902851828535632422
Cuckoo release 1.3-CAPE
Delete