File identification
Static PE information
Analysis
Layers & regions
VirusTotal scans
Summary
Visibility Public
Main file's SHA256 400598f3cec6d03d4b8e5bd23003c0eea18c258d1c03eade9eced77bdaf0f14d
Complexity Type V
Packer identification (signature based) beria_v0_07_public_WIP_symbiont
Number of processes 2
Number of layers 2
Packer analysis graph

File identification

General information
SHA256 400598f3cec6d03d4b8e5bd23003c0eea18c258d1c03eade9eced77bdaf0f14d
SHA1 91aa5fb21b0555e7377a8fa2d19bc3b538026976
MD5 1e7d7c48399d56a3de3397e02eee65fb
ssdeep 768:4PQNkhE2uVBQnSf4BMNRy0kdh747k3vwqwKlRxVobY6AxCdy6F6:44eyQnSGvuYey6F6
sdhash sdbf:03:0::110080:sha1:256:5:7ff:160:7:34:hA9D50oaGXwEJBBBo1APiAAgBo2a6IIRiCSVeYOBMkqgyEOIWByKhAASBRUjfAEbIHJQRyAdg2BgMQRQEMDcpOwDmsBrJQjAEOs/CMsWhNqBFCMKmhGx0iAUgFi8qWhiC0OmZYDbgIAjgAJnABIKFEFITwQJwZ1AghIgY0RgyiUArGyQATYEJUSMElOCHKUEHM6EB4vNjFkA2WxoikAEJCMMARgCosB4S0SpaBLQEBYAgRg0ReiCcKqQJkhRAKQ+NGjkMApykxHAwKhCKAECD4FPNhZQEDIoVI0gAIzgMINFHDKciIRAw8QmARToCAKggBkAMkAE2UbAVDkETAUC+wO0KkagAi4tCmBQhCSKAESJKBAqSCQreCAhIlUDJBAgh6wATWCjhibAtGkiDJgQpEihdgFsizXIgPGg5IBvXYfi44FAoAskAhUwRBhBCGYaQRil6eBlDTAEjwlJIkCJEQVoGFcWGwZUo56xsJJCPcMZYqYGLEIgEqAEZg22Th03CpqBFQURltIQfAKKBAKcmhiAQkMIJJEA6JQUgQaCGAA0TGFIUGVgACkAAmcFQDE2EBQiImgIBQZASCAB1iRgpGgASFKIiCQzIxEYDkDpjgCNocmUycQFUQFiSSZQBIAUCgcSQGIhC4CIgUUoAQiECBMSoNQGBv2CFVkIQhsB4IqkAKAAJTOAjBADAYFiBCAGAFoFGFSABAKplqqACB14CGoKkABg0giBCAFJMCkpRyATMEIa1JDD8QACIbggUEAxggMsQJ0CTqhtJIoAoCFFngQBhaoUTcF040kMdcKjFxgOEoFosghkKbhFs4AJDwhkQDXRq8Aisa+8s8CBJwXEQwjaiIFAZxBK5rFUIQCOiAGggCEeQVClACmSDpCylEBQgSRohQHMcwCaBAJgCOpIk8ExQAlKzxgZJAAgHA6LAsoG6AQUlZAQ5TKUOFjELJBQxRANlIR4JMERE7dJOKCog74ryoHisFYEWDmALEANhoQgpBIIJIF0CHHAwaEAQokAIz+wsBEhiiAydNcgJsCgxSJ3xAzSUbWKREJRgLQo6CIA3QLAPNcmipURxEQGwyEBBCARLHxTKlwoUgIQQCCVI6wcCpIQB8AZAAoqCaCgRRiPA0VoBAEXbgBIBhQBBNEVAiYk+JQBlQmGBFwEJJCaTA9mATPlwjjBIuSCQRQAgJFQjIVBB2giTEIYFUEBGQQAWcGZAAACIiEAAsoQa4oOABE0EzNwhQSSHAIACwQgROzTJtBBWLC7kSAVWCoIIAmMIhBtkA9AAIsYThD1aAyEGDAQEwQwmiYAp0w3DJkBgBCaFmiGGBBmwDNsUwQYEkCwAJUTiMAyLqKBiijsRFEnAoFAA1oH4agIcGAOSSAADigCUgNkOCUBFQR1wBiS0ChLYsEAGGhQyDPVlBB0BCGKbGEgGDsYULJP8LYGIgDA8nLOUGEiIggEVOGAQFEgcPgQCi4SR4UWglAJgCUAEQKyDkBmmIFAoAHAqA64LMyBNAUwJSukwmEsEFBJIB4WQgQUFsFFENpwMiBiSCShMDAZKSljC8AjBfVwBMLJTTjGNIi2bDa0GIaHECCU4kAISIFAQcQDRAK3w9PgoQn8QwgJ1MQEC4bACaoZKIXjTQCgUIpwpUsIQChCChpjjTIkTWgKKvEUnGB2OqCwNc0MTDBmkYSnUAHZBBKYACALVKwGohKDBBSMQWJAiZIQAVCgnUwVBLFbCQBCAZCdO1EESSe4AJ4csyKArLgAAEAioYDAT43ANkwBAHKbooBM8gkCLZohNeiQ8gCrqbgxxxvFAUAYLbAQiTUGDCYNiakCALqiYQ9owGZJFAASpJEscFgIwwoNigLIYCijEjBESIBKEKSMmBQV5CgyRAwpkABCQAOAIgIqplAiJ5ZDpAJiwYEhbKBCKzwTBAfM4URkBedmUEPGMIEmAgCGcSWkSYwiCDATIUGrAAghQ3AM4PENqIiQCVAMYAJijJgCgEpKNhLZqCLaA27BpAAAc4XYvngHFYBAslhZkFACGAAI0AumhLACCVLAAAAAAAAQCAAAAACAAAAAAQAAAABMAgmAhEAAAAFQAA0BAAAAIAAAEgBAAAQCAAAARAAAAQAAAAIIGIECAACAAAQAIgAAQQLAQAECIAAAQAABAAIAgACAAAAAIwABAZAAAAAAAAACIZAAAAQACAQAABAAAASCAAAAAAkgAAAAAAAAgAAgAAAAAABAAAAAAAAASAQIgIADEQAACIAAAAAEAIIABIEACAAQAAFAAAABAIAQAABAABIEEAAAAAgAIAAACAAIBAADIAAQAghAABCBBAQAEgAAAAYAIABAAAwAQhwBYBCBIgAYAAgAgAAIAAAAAIAgAQAAAAAAEAIAACBgAA==
imphash 690605e32c06fee77e385106844c46ca
authentihash -
File type PE32 executable (GUI) Intel 80386, for MS Windows
MIME type application/x-dosexec
First seen 2016-05-10 13:46:10
Size 110080
Known names 1e7d7c48399d56a3de3397e02eee65fb
TrID - File Identifier
Percentage Type
14.2% (.DLL) Win32 Dynamic Link Library (generic)
9.7% (.EXE) Win32 Executable (generic)
4.3% (.EXE) Generic Win/DOS Executable
4.3% (.EXE) DOS Executable Generic
67.3% (.EXE) Win32 Executable MS Visual C++ (generic)

Auxiliary files

Behavioural packer analysis report

Packer analysis
Complexity type Type V
Granularity Page
Execution time 1049s
Number of processes 2
Number of layers 2
Number of regions 5
Number of upward transitions 78
Number of downward transitions 78
Number of multiframe layers 1
Number of processes with interprocess communication 2
Number of regions that call special APIs 3
Last executed region
Process 0
Layer number 0
Region number 0
Address 0x401000
Size 7978
Memory type Module
Number of API functions called 6415217
Number of different APIs called 260
Calls APIs of GetVersion* family? No
Calls APIs of GetCommandLine* family? Yes
Calls APIs of GetModuleHandle* family? Yes
Modified by external process? No
Writes an executed region? Yes
Potential regions with original code
Process Layer number Region number Address Size Memory type Number of API functions called Number of different APIs called Calls APIs of GetVersion* family? Calls APIs of GetCommandLine* family? Calls APIs of GetModuleHandle* family? Modified by external process? Writes an executed region?
1 1 2 0x401000 4097 Module 191756 177 Yes No No Yes No
1 1 3 0x4040d1 1663 Module 31541 38 No No No Yes No
Remote memory writes
Type Source address Dest. address Source process Dest. process Size
NtWriteVirtualMemory - 0x3b0044 0 1 1
NtWriteVirtualMemory - 0x12fc50 0 1 4
NtWriteVirtualMemory - 0x4050f0 0 1 4
NtWriteVirtualMemory - 0x3b003c 0 1 1
NtWriteVirtualMemory - 0x405068 0 1 4
NtWriteVirtualMemory - 0x3b0031 0 1 1
NtWriteVirtualMemory - 0x3b001a 0 1 1
NtWriteVirtualMemory - 0x3b0033 0 1 1
NtWriteVirtualMemory - 0x10000 0 1 1956
NtWriteVirtualMemory - 0x405054 0 1 4
NtWriteVirtualMemory - 0x3c0000 0 1 1
NtWriteVirtualMemory - 0x4050cc 0 1 4
NtWriteVirtualMemory - 0x12fc64 0 1 4
NtWriteVirtualMemory - 0x3b003b 0 1 1
NtWriteVirtualMemory - 0x3b001c 0 1 1
NtWriteVirtualMemory - 0x405048 0 1 4
NtWriteVirtualMemory - 0x3b0011 0 1 1
NtWriteVirtualMemory - 0x4050c0 0 1 4
NtWriteVirtualMemory - 0x12ffb4 0 1 4
NtWriteVirtualMemory - 0x3b0045 0 1 1
NtWriteVirtualMemory - 0x4050b8 0 1 4
NtWriteVirtualMemory - 0x40502c 0 1 4
NtWriteVirtualMemory - 0x3b003d 0 1 1
NtWriteVirtualMemory - 0x3b0026 0 1 1
NtWriteVirtualMemory - 0x3b001b 0 1 1
NtWriteVirtualMemory - 0x7ffd4010 0 1 4
NtWriteVirtualMemory - 0x12ffa8 0 1 4
NtWriteVirtualMemory - 0x40511c 0 1 4
NtWriteVirtualMemory - 0x405020 0 1 4
NtWriteVirtualMemory - 0x12ff94 0 1 4
NtWriteVirtualMemory - 0x401000 0 1 4096
NtWriteVirtualMemory - 0x405098 0 1 4
NtWriteVirtualMemory - 0x3b0028 0 1 1
NtWriteVirtualMemory - 0x40500c 0 1 4
NtWriteVirtualMemory - 0x3b001d 0 1 1
NtWriteVirtualMemory - 0x405110 0 1 4
NtWriteVirtualMemory - 0x3b0006 0 1 1
NtWriteVirtualMemory - 0x4050e0 0 1 4
NtWriteVirtualMemory - 0x405084 0 1 4
NtWriteVirtualMemory - 0x3b000f 0 1 1
NtWriteVirtualMemory - 0x12fc5c 0 1 4
NtWriteVirtualMemory - 0x4050ac 0 1 4
NtWriteVirtualMemory - 0x405000 0 1 4
NtWriteVirtualMemory - 0x3b0032 0 1 1
NtWriteVirtualMemory - 0x3b0027 0 1 1
NtWriteVirtualMemory - 0x3b0008 0 1 1
NtWriteVirtualMemory - 0x40506c 0 1 4
NtWriteVirtualMemory - 0x12fc54 0 1 4
NtWriteVirtualMemory - 0x4050e4 0 1 4
NtWriteVirtualMemory - 0x7ffd41e8 0 1 4
NtWriteVirtualMemory - 0x3b0034 0 1 1
NtWriteVirtualMemory - 0x405060 0 1 4
NtWriteVirtualMemory - 0x3b0029 0 1 1
NtWriteVirtualMemory - 0x3b0012 0 1 1
NtWriteVirtualMemory - 0x12fc58 0 1 4
NtWriteVirtualMemory - 0x3b0007 0 1 1
NtWriteVirtualMemory - 0x40504c 0 1 4
NtWriteVirtualMemory - 0x12fc24 0 1 4
NtWriteVirtualMemory - 0x3b003e 0 1 1
NtWriteVirtualMemory - 0x4050bc 0 1 4
NtWriteVirtualMemory - 0x3b0043 0 1 1
NtWriteVirtualMemory - 0x3b0014 0 1 1
NtWriteVirtualMemory - 0x405040 0 1 4
NtWriteVirtualMemory - 0x3b0009 0 1 1
NtWriteVirtualMemory - 0x160000 0 1 26
NtWriteVirtualMemory - 0x12fc38 0 1 4
NtWriteVirtualMemory - 0x12ffac 0 1 4
NtWriteVirtualMemory - 0x4050b0 0 1 4
NtWriteVirtualMemory - 0x405024 0 1 4
NtWriteVirtualMemory - 0x3b0035 0 1 1
NtWriteVirtualMemory - 0x405128 0 1 4
NtWriteVirtualMemory - 0x3b001e 0 1 1
NtWriteVirtualMemory - 0x40509c 0 1 4
NtWriteVirtualMemory - 0x3b0013 0 1 1
NtWriteVirtualMemory - 0x12ffa0 0 1 4
NtWriteVirtualMemory - 0x405114 0 1 4
NtWriteVirtualMemory - 0x404000 0 1 4096
NtWriteVirtualMemory - 0x4050f8 0 1 4
NtWriteVirtualMemory - 0x405018 0 1 4
NtWriteVirtualMemory - 0x12fc44 0 1 4
NtWriteVirtualMemory - 0x405090 0 1 4
NtWriteVirtualMemory - 0x3b0020 0 1 1
NtWriteVirtualMemory - 0x405004 0 1 4
NtWriteVirtualMemory - 0x3b0015 0 1 1
NtWriteVirtualMemory - 0x405108 0 1 4
NtWriteVirtualMemory - 0x4050fc 0 1 4
NtWriteVirtualMemory - 0x12fc48 0 1 4
NtWriteVirtualMemory - 0x405078 0 1 4
NtWriteVirtualMemory - 0x3b002a 0 1 1
NtWriteVirtualMemory - 0x3b001f 0 1 1
NtWriteVirtualMemory - 0x3b0000 0 1 1
NtWriteVirtualMemory - 0x405064 0 1 4
NtWriteVirtualMemory - 0x4050dc 0 1 4
NtWriteVirtualMemory - 0x405120 0 1 4
NtWriteVirtualMemory - 0x402000 0 1 4096
NtWriteVirtualMemory - 0x12fc2c 0 1 4
NtWriteVirtualMemory - 0x3b002c 0 1 1
NtWriteVirtualMemory - 0x405058 0 1 4
NtWriteVirtualMemory - 0x3b0021 0 1 1
NtWriteVirtualMemory - 0x40d000 0 1 4096
NtWriteVirtualMemory - 0x3b000a 0 1 1
NtWriteVirtualMemory - 0x4050d0 0 1 4
NtWriteVirtualMemory - 0x401660 0 1 1
NtWriteVirtualMemory - 0x405044 0 1 4
NtWriteVirtualMemory - 0x40503c 0 1 4
NtWriteVirtualMemory - 0x3b0003 0 1 1
NtWriteVirtualMemory - 0x12ffc0 0 1 4
NtWriteVirtualMemory - 0x3b0036 0 1 1
NtWriteVirtualMemory - 0x3b002b 0 1 1
NtWriteVirtualMemory - 0x4050e8 0 1 4
NtWriteVirtualMemory - 0x3b000c 0 1 1
NtWriteVirtualMemory - 0x12ffb8 0 1 4
NtWriteVirtualMemory - 0x3b0001 0 1 1
NtWriteVirtualMemory - 0x4050b4 0 1 4
NtWriteVirtualMemory - 0x405030 0 1 4
NtWriteVirtualMemory - 0x3b0040 0 1 1
NtWriteVirtualMemory - 0x12ffa4 0 1 4
NtWriteVirtualMemory - 0x3b003f 0 1 1
NtWriteVirtualMemory - 0x4050a8 0 1 4
NtWriteVirtualMemory - 0x3b0038 0 1 1
NtWriteVirtualMemory - 0x40501c 0 1 4
NtWriteVirtualMemory - 0x3b002d 0 1 1
NtWriteVirtualMemory - 0x150000 0 1 100
NtWriteVirtualMemory - 0x3b0016 0 1 1
NtWriteVirtualMemory - 0x3b000b 0 1 1
NtWriteVirtualMemory - 0x12ff98 0 1 4
NtWriteVirtualMemory - 0x40510c 0 1 4
NtWriteVirtualMemory - 0x405010 0 1 4
NtWriteVirtualMemory - 0x12fc28 0 1 4
NtWriteVirtualMemory - 0x12fc60 0 1 4
NtWriteVirtualMemory - 0x3b0037 0 1 1
NtWriteVirtualMemory - 0x3b0018 0 1 1
NtWriteVirtualMemory - 0x40507c 0 1 4
NtWriteVirtualMemory - 0x3b000d 0 1 1
NtWriteVirtualMemory - 0x405100 0 1 4
NtWriteVirtualMemory - 0x4050f4 0 1 4
NtWriteVirtualMemory - 0x12fc34 0 1 4
NtWriteVirtualMemory - 0x3b0041 0 1 1
NtWriteVirtualMemory - 0x405070 0 1 4
NtWriteVirtualMemory - 0x3b0039 0 1 1
NtWriteVirtualMemory - 0x12fc68 0 1 4
NtWriteVirtualMemory - 0x3b0022 0 1 1
NtWriteVirtualMemory - 0x12fc30 0 1 4
NtWriteVirtualMemory - 0x3b0017 0 1 1
NtWriteVirtualMemory - 0x40505c 0 1 4
NtWriteVirtualMemory - 0x4050d4 0 1 4
NtWriteVirtualMemory - 0x4050d8 0 1 4
NtWriteVirtualMemory - 0x4050a4 0 1 4
NtWriteVirtualMemory - 0x3b0024 0 1 1
NtWriteVirtualMemory - 0x405050 0 1 4
NtWriteVirtualMemory - 0x3b0019 0 1 1
NtWriteVirtualMemory - 0x3b0002 0 1 1
NtWriteVirtualMemory - 0x3b002f 0 1 1
NtWriteVirtualMemory - 0x4050c8 0 1 4
NtWriteVirtualMemory - 0x12ffbc 0 1 4
NtWriteVirtualMemory - 0x12fc4c 0 1 4
NtWriteVirtualMemory - 0x405034 0 1 4
NtWriteVirtualMemory - 0x3b002e 0 1 1
NtWriteVirtualMemory - 0x160000 0 1 66
NtWriteVirtualMemory - 0x3b0023 0 1 1
NtWriteVirtualMemory - 0x3b0004 0 1 1
NtWriteVirtualMemory - 0x12ffb0 0 1 4
NtWriteVirtualMemory - 0x20000 0 1 1716
NtWriteVirtualMemory - 0x405028 0 1 4
NtWriteVirtualMemory - 0x12ff9c 0 1 4
NtWriteVirtualMemory - 0x405000 0 1 4096
NtWriteVirtualMemory - 0x4050a0 0 1 4
NtWriteVirtualMemory - 0x3b0030 0 1 1
NtWriteVirtualMemory - 0x405014 0 1 4
NtWriteVirtualMemory - 0x406000 0 1 4096
NtWriteVirtualMemory - 0x3b0025 0 1 1
NtWriteVirtualMemory - 0x405118 0 1 4
NtWriteVirtualMemory - 0x3b000e 0 1 1
NtWriteVirtualMemory - 0x40508c 0 1 4
NtWriteVirtualMemory - 0x3b0042 0 1 1
NtWriteVirtualMemory - 0x140000 0 1 100
NtWriteVirtualMemory - 0x405008 0 1 4
NtWriteVirtualMemory - 0x3b003a 0 1 1
NtWriteVirtualMemory - 0x405080 0 1 4
NtWriteVirtualMemory - 0x3b0010 0 1 1
NtWriteVirtualMemory - 0x405074 0 1 4
NtWriteVirtualMemory - 0x3b0005 0 1 1
NtWriteVirtualMemory - 0x4050ec 0 1 4
NtWriteVirtualMemory - 0x405094 0 1 4
Type Source address Dest. address Source process Dest. process Size
Memory unmap|deallocate - 0x3a0000 0 0 4096
Type Source address Dest. address Source process Dest. process Size
NtReadVirtualMemory - 0x12f6f0 1 0 4
NtReadVirtualMemory - 0x14da88 1 0 4096
NtReadVirtualMemory - 0x12ff60 1 0 4
NtReadVirtualMemory - 0x14dad8 1 0 4096
NtReadVirtualMemory - 0x12ff38 1 0 4
NtReadVirtualMemory - 0x12f1b0 1 0 256
Type Source address Dest. address Source process Dest. process Size
ReadFile - 0x3f4448 1 1 4096
ReadFile - 0x3f4448 1 1 512
ReadFile - 0x3f4448 1 1 165
ReadFile - 0x3f4448 1 1 105
ReadFile - 0x3f4448 1 1 33
ReadFile - 0x3f4448 1 1 138
ReadFile - 0x3fdc38 1 1 512
ReadFile - 0x3fea38 1 1 1536
ReadFile - 0x3f4448 1 1 66
ReadFile - 0x3f4448 1 1 171
ReadFile - 0x3f4448 1 1 204
ReadFile - 0x3f4448 1 1 198
ReadFile - 0x3f4448 1 1 350
ReadFile - 0x3f4448 1 1 39
ReadFile - 0x3f4448 1 1 72
ReadFile - 0x3f4448 1 1 6
ReadFile - 0xa70048 1 1 1024
ReadFile - 0x3f4448 1 1 99
ReadFile - 0x3f4448 1 1 132
ReadFile - 0x3f4448 1 1 310
Loaded modules
By PID Start address Size Name
1144 0x400000 225280 1e7d7c48399d56a3de3397e02eee65fb
1140 0x400000 225280 1e7d7c48399d56a3de3397e02eee65fb
1144 0x77da0000 704512 advapi32.dll
1140 0x77da0000 704512 advapi32.dll
1144 0x77ef0000 299008 gdi32.dll
1144 0x7c800000 1060864 kernel32.dll
1140 0x7c800000 1060864 kernel32.dll
1144 0x746b0000 311296 msctf.dll
1144 0x77be0000 360448 msvcrt.dll
1144 0x7c910000 741376 ntdll.dll
1140 0x7c910000 741376 ntdll.dll
1144 0x77e50000 598016 rpcrt4.dll
1140 0x77e50000 598016 rpcrt4.dll
1144 0x77fc0000 69632 secur32.dll
1140 0x77fc0000 69632 secur32.dll
1144 0x7e390000 593920 user32.dll
1144 0x5b150000 229376 uxtheme.dll
1144 0x76b00000 188416 winmm.dll

Layers and regions

Summary
Layer Size Number of regions Number of frames Lowest address Highest address
0 7978 KB 1 0 0x401000 0x401000
1 5797 KB 4 5 0x140000 0x4040d1
API calls
Layer Number of API calls
0 6415217
  Region number Address space Number of API calls
0 0x401000-0x402f2a 6415217
DLL Function/s
ADVAPI32.dll
  1. CheckTokenMembership
  2. CreateWellKnownSid
  3. DuplicateToken
  4. DuplicateTokenEx
  5. GetSidLengthRequired
  6. GetTokenInformation
  7. RegCloseKey
  8. RegOpenCurrentUser
  9. RegOpenKeyExW
  10. RegQueryValueExW
  11. SaferCloseLevel
  12. SaferComputeTokenFromLevel
  13. SaferIdentifyLevel
ntdll.dll
  1. _allshl
  2. _stricmp
  3. _strnicmp
  4. _wcsicmp
  5. bsearch
  6. CsrClientCallServer
  7. DbgPrintEx
  8. DbgUiConnectToDbg
  9. DbgUiContinue
  10. DbgUiConvertStateChangeStructure
  11. DbgUiGetThreadDebugObject
  12. DbgUiWaitStateChange
  13. KiFastSystemCall
  14. KiFastSystemCallRet
  15. LdrAccessResource
  16. LdrAlternateResourcesEnabled
  17. LdrCreateOutOfProcessImage
  18. LdrDestroyOutOfProcessImage
  19. LdrDisableThreadCalloutsForDll
  20. LdrEnumerateLoadedModules
  21. LdrFindCreateProcessManifest
  22. LdrFindResource_U
  23. LdrFindResourceDirectory_U
  24. LdrGetDllHandle
  25. LdrGetDllHandleEx
  26. LdrGetProcedureAddress
  27. LdrLoadAlternateResourceModule
  28. LdrLoadDll
  29. LdrLockLoaderLock
  30. LdrQueryImageFileExecutionOptions
  31. LdrUnloadDll
  32. LdrUnlockLoaderLock
  33. memmove
  34. RtlAcquirePebLock
  35. RtlAcquireResourceExclusive
  36. RtlActivateActivationContextUnsafeFast
  37. RtlAddAccessAllowedAce
  38. RtlAllocateAndInitializeSid
  39. RtlAllocateHandle
  40. RtlAllocateHeap
  41. RtlAnsiStringToUnicodeString
  42. RtlAppendUnicodeStringToString
  43. RtlAppendUnicodeToString
  44. RtlConvertSidToUnicodeString
  45. RtlCopySid
  46. RtlCopyUnicodeString
  47. RtlCreateAcl
  48. RtlCreateProcessParameters
  49. RtlCreateSecurityDescriptor
  50. RtlCreateUnicodeString
  51. RtlDeactivateActivationContextUnsafeFast
  52. RtlDeNormalizeProcessParams
  53. RtlDestroyProcessParameters
  54. RtlDetermineDosPathNameType_U
  55. RtlDosApplyFileIsolationRedirection_Ustr
  56. RtlDosPathNameToNtPathName_U
  57. RtlDosSearchPath_Ustr
  58. RtlDuplicateUnicodeString
  59. RtlEnterCriticalSection
  60. RtlEnumerateGenericTableWithoutSplaying
  61. RtlEqualSid
  62. RtlEqualUnicodeString
  63. RtlExpandEnvironmentStrings_U
  64. RtlFindActivationContextSectionString
  65. RtlFindCharInUnicodeString
  66. RtlFindClearBits
  67. RtlFindClearBitsAndSet
  68. RtlFirstFreeAce
  69. RtlFormatCurrentUserKeyPath
  70. RtlFreeHandle
  71. RtlFreeHeap
  72. RtlFreeUnicodeString
  73. RtlGetActiveActivationContext
  74. RtlGetFullPathName_U
  75. RtlGetNtGlobalFlags
  76. RtlGUIDFromString
  77. RtlHashUnicodeString
  78. RtlImageDirectoryEntryToData
  79. RtlImageNtHeader
  80. RtlInitAnsiString
  81. RtlInitializeCriticalSection
  82. RtlInitializeCriticalSectionAndSpinCount
  83. RtlInitializeGenericTable
  84. RtlInitializeHandleTable
  85. RtlInitializeResource
  86. RtlInitializeSid
  87. RtlInitString
  88. RtlInitUnicodeString
  89. RtlInitUnicodeStringEx
  90. RtlInsertElementGenericTable
  91. RtlIntegerToChar
  92. RtlIntegerToUnicodeString
  93. RtlIsGenericTableEmpty
  94. RtlIsValidHandle
  95. RtlIsValidIndexHandle
  96. RtlLeaveCriticalSection
  97. RtlLengthRequiredSid
  98. RtlLengthSid
  99. RtlLockHeap
  100. RtlLogStackBackTrace
  101. RtlLookupElementGenericTable
  102. RtlMultiAppendUnicodeStringBuffer
  103. RtlMultiByteToUnicodeN
  104. RtlNtStatusToDosError
  105. RtlNtStatusToDosErrorNoTeb
  106. RtlOpenCurrentUser
  107. RtlpEnsureBufferSize
  108. RtlPrefixUnicodeString
  109. RtlQueryEnvironmentVariable_U
  110. RtlReAllocateHeap
  111. RtlRealSuccessor
  112. RtlReleasePebLock
  113. RtlReleaseResource
  114. RtlSetBits
  115. RtlSetDaclSecurityDescriptor
  116. RtlSetGroupSecurityDescriptor
  117. RtlSetOwnerSecurityDescriptor
  118. RtlSplay
  119. RtlSubAuthoritySid
  120. RtlUnlockHeap
  121. RtlUpcaseUnicodeChar
  122. RtlValidAcl
  123. RtlValidateUnicodeString
  124. RtlValidSid
  125. strchr
  126. strncmp
  127. vDbgPrintExWithPrefix
  128. wcscat
  129. wcschr
  130. wcscpy
  131. wcslen
  132. wcsncmp
  133. wcsncpy
  134. wcsrchr
  135. wcsstr
  136. ZwAccessCheck
  137. ZwAllocateVirtualMemory
  138. ZwClose
  139. ZwCreateDebugObject
  140. ZwCreateProcessEx
  141. ZwCreateSection
  142. ZwCreateSemaphore
  143. ZwCreateThread
  144. ZwDebugContinue
  145. ZwDuplicateToken
  146. ZwEnumerateKey
  147. ZwFlushInstructionCache
  148. ZwFreeVirtualMemory
  149. ZwGetContextThread
  150. ZwMapViewOfSection
  151. ZwOpenDirectoryObject
  152. ZwOpenFile
  153. ZwOpenKey
  154. ZwOpenMutant
  155. ZwOpenProcessToken
  156. ZwOpenProcessTokenEx
  157. ZwOpenSection
  158. ZwOpenSymbolicLinkObject
  159. ZwOpenThread
  160. ZwOpenThreadToken
  161. ZwOpenThreadTokenEx
  162. ZwProtectVirtualMemory
  163. ZwQueryAttributesFile
  164. ZwQueryDebugFilterState
  165. ZwQueryDefaultLocale
  166. ZwQueryDefaultUILanguage
  167. ZwQueryInformationFile
  168. ZwQueryInformationJobObject
  169. ZwQueryInformationProcess
  170. ZwQueryInformationThread
  171. ZwQueryInformationToken
  172. ZwQueryInstallUILanguage
  173. ZwQuerySection
  174. ZwQuerySymbolicLinkObject
  175. ZwQuerySystemInformation
  176. ZwQueryValueKey
  177. ZwQueryVolumeInformationFile
  178. ZwReadVirtualMemory
  179. ZwReleaseMutant
  180. ZwRequestWaitReplyPort
  181. ZwResumeThread
  182. ZwSetContextThread
  183. ZwSetInformationObject
  184. ZwSetInformationProcess
  185. ZwUnmapViewOfSection
  186. ZwWaitForDebugEvent
  187. ZwWaitForSingleObject
  188. ZwWriteVirtualMemory
KERNEL32.DLL
  1. BaseCheckAppcompatCache
  2. BaseInitAppcompatCache
  3. BasepCheckWinSaferRestrictions
  4. CloseHandle
  5. ContinueDebugEvent
  6. CreateFileMappingW
  7. CreateProcessA
  8. CreateProcessInternalA
  9. CreateProcessInternalW
  10. DisableThreadLibraryCalls
  11. FindResourceExW
  12. FlushInstructionCache
  13. FreeLibrary
  14. GetCommandLineA
  15. GetFileAttributesW
  16. GetFileSizeEx
  17. GetFullPathNameW
  18. GetLongPathNameW
  19. GetModuleHandleA
  20. GetModuleHandleW
  21. GetProcAddress
  22. GetProcessHeap
  23. GetProcessVersion
  24. GetSystemInfo
  25. GetSystemTimeAsFileTime
  26. GetSystemWindowsDirectoryW
  27. GetThreadContext
  28. GetWindowsDirectoryW
  29. GlobalAlloc
  30. GlobalFree
  31. GlobalReAlloc
  32. InitializeCriticalSection
  33. InterlockedCompareExchange
  34. IsBadWritePtr
  35. LoadLibraryA
  36. LoadLibraryExA
  37. LoadLibraryExW
  38. LoadResource
  39. LocalAlloc
  40. LocalFree
  41. lstrlenW
  42. MapViewOfFile
  43. MapViewOfFileEx
  44. OpenFileMappingW
  45. OpenMutexW
  46. OpenThread
  47. ReadProcessMemory
  48. ReleaseMutex
  49. SearchPathW
  50. SetErrorMode
  51. SetThreadContext
  52. TlsAlloc
  53. UnmapViewOfFile
  54. VirtualAllocEx
  55. VirtualProtectEx
  56. WaitForDebugEvent
  57. WaitForSingleObject
  58. WaitForSingleObjectEx
  59. WriteProcessMemory
1 239150
  Region number Address space Number of API calls
0 0x140000-0x140011 5296
DLL Function/s
KERNEL32.DLL
  1. CompareStringW
  2. CreateEventW
  3. DisableThreadLibraryCalls
  4. FreeEnvironmentStringsW
  5. GetACP
  6. GetCommandLineA
  7. GetCommandLineW
  8. GetCPInfo
  9. GetCurrentThreadId
  10. GetEnvironmentStringsW
  11. GetEnvironmentVariableA
  12. GetFileType
  13. GetModuleFileNameW
  14. GetModuleHandleA
  15. GetModuleHandleW
  16. GetProcAddress
  17. GetProcessHeap
  18. GetStartupInfoA
  19. GetStdHandle
  20. GetStringTypeW
  21. GetSystemTimeAsFileTime
  22. GetThreadLocale
  23. GetTickCount
  24. GetVersionExA
  25. GetVersionExW
  26. HeapCreate
  27. InitializeCriticalSection
  28. InitializeCriticalSectionAndSpinCount
  29. InterlockedCompareExchange
  30. IsBadWritePtr
  31. LCMapStringW
  32. LoadLibraryA
  33. LoadLibraryExA
  34. LoadLibraryExW
  35. LocalAlloc
  36. lstrcmpiW
  37. lstrcpyW
  38. MultiByteToWideChar
  39. RegisterWaitForInputIdle
  40. SetHandleCount
  41. SetUnhandledExceptionFilter
  42. TlsAlloc
  43. TlsSetValue
  44. VerifyConsoleIoHandle
  45. VirtualQuery
  46. VirtualQueryEx
  47. WideCharToMultiByte
ADVAPI32.dll
  1. CreateWellKnownSid
  2. GetSidLengthRequired
  3. RegCloseKey
  4. RegOpenKeyExW
  5. RegQueryValueExW
ntdll.dll
  1. _stricmp
  2. _strnicmp
  3. bsearch
  4. CsrAllocateCaptureBuffer
  5. CsrAllocateMessagePointer
  6. CsrClientCallServer
  7. CsrClientConnectToServer
  8. CsrFreeCaptureBuffer
  9. KiFastSystemCall
  10. KiFastSystemCallRet
  11. KiUserCallbackDispatcher
  12. LdrDisableThreadCalloutsForDll
  13. LdrEnumerateLoadedModules
  14. LdrFindResourceDirectory_U
  15. LdrGetDllHandle
  16. LdrGetDllHandleEx
  17. LdrGetProcedureAddress
  18. LdrLoadDll
  19. LdrLockLoaderLock
  20. LdrQueryImageFileExecutionOptions
  21. LdrUnlockLoaderLock
  22. memmove
  23. RtlAcquirePebLock
  24. RtlAcquireResourceExclusive
  25. RtlActivateActivationContextUnsafeFast
  26. RtlAllocateHeap
  27. RtlAnsiStringToUnicodeString
  28. RtlAppendUnicodeStringToString
  29. RtlAppendUnicodeToString
  30. RtlCompareMemory
  31. RtlCompareMemoryUlong
  32. RtlConvertSidToUnicodeString
  33. RtlCopyUnicodeString
  34. RtlCreateHeap
  35. RtlDeactivateActivationContextUnsafeFast
  36. RtlDecodePointer
  37. RtlDetermineDosPathNameType_U
  38. RtlDosApplyFileIsolationRedirection_Ustr
  39. RtlDosPathNameToNtPathName_U
  40. RtlDosSearchPath_U
  41. RtlEncodePointer
  42. RtlEnterCriticalSection
  43. RtlEqualSid
  44. RtlEqualUnicodeString
  45. RtlFillMemoryUlong
  46. RtlFindActivationContextSectionString
  47. RtlFindCharInUnicodeString
  48. RtlFindClearBits
  49. RtlFindClearBitsAndSet
  50. RtlFormatCurrentUserKeyPath
  51. RtlFreeHeap
  52. RtlFreeUnicodeString
  53. RtlGetActiveActivationContext
  54. RtlGetFullPathName_U
  55. RtlGetNtGlobalFlags
  56. RtlGetNtProductType
  57. RtlGetNtVersionNumbers
  58. RtlGetVersion
  59. RtlHashUnicodeString
  60. RtlImageDirectoryEntryToData
  61. RtlImageNtHeader
  62. RtlInitAnsiString
  63. RtlInitializeCriticalSection
  64. RtlInitializeCriticalSectionAndSpinCount
  65. RtlInitializeGenericTable
  66. RtlInitializeHandleTable
  67. RtlInitializeResource
  68. RtlInitializeSid
  69. RtlInitString
  70. RtlInitUnicodeString
  71. RtlInitUnicodeStringEx
  72. RtlLeaveCriticalSection
  73. RtlLengthRequiredSid
  74. RtlLogStackBackTrace
  75. RtlMultiByteToUnicodeN
  76. RtlNtStatusToDosError
  77. RtlNtStatusToDosErrorNoTeb
  78. RtlQueryEnvironmentVariable_U
  79. RtlReleasePebLock
  80. RtlReleaseResource
  81. RtlSetBits
  82. RtlSubAuthoritySid
  83. RtlUnicodeStringToAnsiString
  84. RtlUnicodeToMultiByteN
  85. RtlUpcaseUnicodeChar
  86. RtlValidateUnicodeString
  87. RtlValidSid
  88. strchr
  89. strncmp
  90. wcschr
  91. wcscpy
  92. wcslen
  93. wcsncat
  94. wcsncmp
  95. wcsncpy
  96. wcsrchr
  97. ZwAllocateVirtualMemory
  98. ZwCallbackReturn
  99. ZwClose
  100. ZwCreateEvent
  101. ZwCreateSection
  102. ZwCreateSemaphore
  103. ZwFsControlFile
  104. ZwMapViewOfSection
  105. ZwOpenDirectoryObject
  106. ZwOpenFile
  107. ZwOpenKey
  108. ZwOpenProcessToken
  109. ZwOpenProcessTokenEx
  110. ZwOpenSection
  111. ZwOpenThreadTokenEx
  112. ZwQueryAttributesFile
  113. ZwQueryInformationProcess
  114. ZwQueryInformationToken
  115. ZwQuerySection
  116. ZwQuerySystemInformation
  117. ZwQueryTimerResolution
  118. ZwQueryValueKey
  119. ZwQueryVirtualMemory
  120. ZwRequestWaitReplyPort
  121. ZwSetInformationObject
USER32.DLL
  1. ClientThreadSetup
  2. GetAppCompatFlags2
  3. GetSysColor
  4. LoadCursorW
  5. RegisterWindowMessageW
  6. UserClientDllInitialize
1 0x150000-0x150014 10557
DLL Function/s
KERNEL32.DLL
  1. CloseHandle
  2. CompareStringA
  3. CompareStringW
  4. CreateFileA
  5. CreateFileMappingA
  6. CreateFileMappingW
  7. CreateFileW
  8. CreateMutexA
  9. CreateMutexW
  10. DeleteFileA
  11. DeleteFileW
  12. FindResourceA
  13. FindResourceExA
  14. FindResourceExW
  15. FreeLibrary
  16. GetACP
  17. GetCurrentProcess
  18. GetCurrentProcessId
  19. GetCurrentThreadId
  20. GetFullPathNameA
  21. GetLocaleInfoA
  22. GetLocaleInfoW
  23. GetModuleFileNameA
  24. GetModuleFileNameW
  25. GetModuleHandleA
  26. GetModuleHandleW
  27. GetProcAddress
  28. GetStringTypeW
  29. GetSystemDirectoryA
  30. GetThreadLocale
  31. GetTickCount
  32. GetUserDefaultUILanguage
  33. GetVersionExA
  34. GetVersionExW
  35. InitializeCriticalSectionAndSpinCount
  36. InterlockedDecrement
  37. InterlockedExchange
  38. InterlockedIncrement
  39. IsBadReadPtr
  40. IsBadStringPtrW
  41. IsBadWritePtr
  42. IsDebuggerPresent
  43. IsValidCodePage
  44. LoadLibraryExW
  45. LoadLibraryW
  46. LoadResource
  47. LocalAlloc
  48. LocalFree
  49. lstrcmpA
  50. lstrcpynA
  51. lstrlenA
  52. lstrlenW
  53. MapViewOfFile
  54. MapViewOfFileEx
  55. MulDiv
  56. OpenFileMappingA
  57. OpenFileMappingW
  58. ReleaseMutex
  59. TlsAlloc
  60. TlsGetValue
  61. TlsSetValue
  62. WaitForSingleObject
  63. WaitForSingleObjectEx
  64. WideCharToMultiByte
  65. WriteFile
ADVAPI32.dll
  1. ConvertSidToStringSidA
  2. ConvertSidToStringSidW
  3. GetTokenInformation
  4. OpenProcessToken
  5. RegCloseKey
  6. RegOpenCurrentUser
  7. RegOpenKeyExA
  8. RegOpenKeyExW
  9. RegQueryValueExA
  10. RegQueryValueExW
ntdll.dll
  1. _stricmp
  2. _strnicmp
  3. _wcsicmp
  4. bsearch
  5. CsrClientCallServer
  6. KiFastSystemCall
  7. KiFastSystemCallRet
  8. KiUserCallbackDispatcher
  9. LdrAccessResource
  10. LdrAlternateResourcesEnabled
  11. LdrFindResource_U
  12. LdrFindResourceDirectory_U
  13. LdrGetDllHandle
  14. LdrGetDllHandleEx
  15. LdrGetProcedureAddress
  16. LdrLoadAlternateResourceModule
  17. LdrLoadDll
  18. LdrLockLoaderLock
  19. LdrQueryImageFileExecutionOptions
  20. LdrUnloadDll
  21. LdrUnlockLoaderLock
  22. memmove
  23. RtlAcquirePebLock
  24. RtlActivateActivationContextUnsafeFast
  25. RtlAddRefActivationContext
  26. RtlAllocateHeap
  27. RtlAnsiStringToUnicodeString
  28. RtlAppendUnicodeStringToString
  29. RtlAppendUnicodeToString
  30. RtlCompareMemory
  31. RtlCompareMemoryUlong
  32. RtlConvertSidToUnicodeString
  33. RtlCopyUnicodeString
  34. RtlCreateUnicodeString
  35. RtlCreateUnicodeStringFromAsciiz
  36. RtlDeactivateActivationContextUnsafeFast
  37. RtlDetermineDosPathNameType_U
  38. RtlDosApplyFileIsolationRedirection_Ustr
  39. RtlDosPathNameToNtPathName_U
  40. RtlDosSearchPath_U
  41. RtlEnterCriticalSection
  42. RtlEqualUnicodeString
  43. RtlFillMemoryUlong
  44. RtlFindActivationContextSectionString
  45. RtlFindCharInUnicodeString
  46. RtlFindClearBits
  47. RtlFindClearBitsAndSet
  48. RtlFormatCurrentUserKeyPath
  49. RtlFreeHeap
  50. RtlFreeUnicodeString
  51. RtlGetActiveActivationContext
  52. RtlGetFullPathName_U
  53. RtlGetLastWin32Error
  54. RtlGetNtGlobalFlags
  55. RtlGetNtProductType
  56. RtlGetVersion
  57. RtlHashUnicodeString
  58. RtlImageDirectoryEntryToData
  59. RtlImageNtHeader
  60. RtlInitAnsiString
  61. RtlInitializeCriticalSection
  62. RtlInitializeCriticalSectionAndSpinCount
  63. RtlInitString
  64. RtlInitUnicodeString
  65. RtlInitUnicodeStringEx
  66. RtlLeaveCriticalSection
  67. RtlLogStackBackTrace
  68. RtlMultiAppendUnicodeStringBuffer
  69. RtlMultiByteToUnicodeN
  70. RtlNtStatusToDosError
  71. RtlNtStatusToDosErrorNoTeb
  72. RtlOpenCurrentUser
  73. RtlpEnsureBufferSize
  74. RtlQueryEnvironmentVariable_U
  75. RtlQueryInformationActivationContext
  76. RtlQueryInformationActiveActivationContext
  77. RtlReAllocateHeap
  78. RtlReleasePebLock
  79. RtlSetBits
  80. RtlSetLastWin32Error
  81. RtlTryEnterCriticalSection
  82. RtlUnicodeStringToAnsiString
  83. RtlUnicodeToMultiByteN
  84. RtlUnicodeToMultiByteSize
  85. RtlUpcaseUnicodeChar
  86. RtlValidateUnicodeString
  87. RtlValidSid
  88. strchr
  89. strncmp
  90. wcschr
  91. wcscpy
  92. wcslen
  93. wcsncmp
  94. wcsncpy
  95. wcsrchr
  96. ZwAllocateVirtualMemory
  97. ZwClose
  98. ZwConnectPort
  99. ZwCreateFile
  100. ZwCreateMutant
  101. ZwCreateSection
  102. ZwFlushInstructionCache
  103. ZwMapViewOfSection
  104. ZwOpenFile
  105. ZwOpenKey
  106. ZwOpenProcessToken
  107. ZwOpenProcessTokenEx
  108. ZwOpenSection
  109. ZwOpenThreadTokenEx
  110. ZwProtectVirtualMemory
  111. ZwQueryAttributesFile
  112. ZwQueryDefaultLocale
  113. ZwQueryDefaultUILanguage
  114. ZwQueryInformationFile
  115. ZwQueryInformationProcess
  116. ZwQueryInformationToken
  117. ZwQueryInstallUILanguage
  118. ZwQuerySection
  119. ZwQueryValueKey
  120. ZwReleaseMutant
  121. ZwRequestWaitReplyPort
  122. ZwSetInformationFile
  123. ZwSetInformationObject
  124. ZwUnmapViewOfSection
  125. ZwWaitForSingleObject
  126. ZwWriteFile
USER32.DLL
  1. CallNextHookEx
  2. CharNextW
  3. DefDlgProcA
  4. DefWindowProcA
  5. DialogBoxIndirectParamAorW
  6. DialogBoxParamA
  7. GetAppCompatFlags2
  8. GetClassLongW
  9. GetClassNameW
  10. GetClientRect
  11. GetDC
  12. GetDlgItem
  13. GetForegroundWindow
  14. GetGUIThreadInfo
  15. GetKeyboardLayout
  16. GetProcessWindowStation
  17. GetPropW
  18. GetSystemMetrics
  19. GetThreadDesktop
  20. GetUserObjectInformationA
  21. GetUserObjectInformationW
  22. GetWindowDC
  23. GetWindowLongW
  24. GetWindowThreadProcessId
  25. IsWindow
  26. LoadBitmapA
  27. LoadCursorA
  28. LoadCursorW
  29. OffsetRect
  30. RegisterClassExA
  31. RegisterWindowMessageA
  32. ReleaseDC
  33. RemovePropW
  34. SetCursor
  35. SetPropW
  36. SetWindowRgn
  37. SetWindowsHookExA
  38. WCSToMBEx
2 0x401000-0x402001 191756
DLL Function/s
KERNEL32.DLL
  1. CloseHandle
  2. CompareStringW
  3. CreateEventW
  4. DeviceIoControl
  5. DuplicateHandle
  6. FindResourceExW
  7. GetACP
  8. GetCurrentProcess
  9. GetCurrentThread
  10. GetCurrentThreadId
  11. GetModuleFileNameW
  12. GetProcessHeap
  13. GetThreadLocale
  14. GetTickCount
  15. GetVersionExA
  16. GetVersionExW
  17. GlobalMemoryStatusEx
  18. InitializeCriticalSection
  19. InterlockedCompareExchange
  20. InterlockedDecrement
  21. InterlockedExchange
  22. InterlockedIncrement
  23. IsBadReadPtr
  24. LoadLibraryExW
  25. LoadLibraryW
  26. LoadResource
  27. lstrcmpiW
  28. lstrcpyW
  29. lstrlenW
  30. MapViewOfFile
  31. MapViewOfFileEx
  32. OpenEventW
  33. OpenFileMappingW
  34. SetEvent
  35. TlsGetValue
  36. WaitForSingleObject
  37. WaitForSingleObjectEx
ADVAPI32.dll
  1. AddAccessAllowedAce
  2. CloseServiceHandle
  3. InitializeAcl
  4. InitializeSecurityDescriptor
  5. MD4Final
  6. MD4Init
  7. MD4Update
  8. OpenSCManagerW
  9. OpenServiceW
  10. QueryServiceStatus
  11. RegCloseKey
  12. RegOpenKeyExA
  13. RegOpenKeyExW
  14. RegQueryValueExA
  15. SetSecurityDescriptorDacl
  16. SystemFunction036
ntdll.dll
  1. _allmul
  2. _chkstk
  3. _wcsicmp
  4. bsearch
  5. KiFastSystemCall
  6. KiFastSystemCallRet
  7. KiUserCallbackDispatcher
  8. LdrAccessResource
  9. LdrAlternateResourcesEnabled
  10. LdrFindResource_U
  11. LdrLoadAlternateResourceModule
  12. LdrLoadDll
  13. LdrLockLoaderLock
  14. LdrUnlockLoaderLock
  15. memmove
  16. RtlAcquirePebLock
  17. RtlAcquireResourceShared
  18. RtlActivateActivationContextUnsafeFast
  19. RtlAddAccessAllowedAce
  20. RtlAddRefActivationContext
  21. RtlAllocateHeap
  22. RtlAnsiStringToUnicodeString
  23. RtlAppendUnicodeToString
  24. RtlCompareMemory
  25. RtlCompareMemoryUlong
  26. RtlConvertSidToUnicodeString
  27. RtlCopySid
  28. RtlCopyUnicodeString
  29. RtlCreateAcl
  30. RtlCreateSecurityDescriptor
  31. RtlCreateUnicodeStringFromAsciiz
  32. RtlDeactivateActivationContextUnsafeFast
  33. RtlDeleteCriticalSection
  34. RtlDllShutdownInProgress
  35. RtlDosApplyFileIsolationRedirection_Ustr
  36. RtlEnterCriticalSection
  37. RtlEqualUnicodeString
  38. RtlExtendedMagicDivide
  39. RtlFillMemoryUlong
  40. RtlFindActivationContextSectionString
  41. RtlFindCharInUnicodeString
  42. RtlFirstFreeAce
  43. RtlFormatCurrentUserKeyPath
  44. RtlFreeHeap
  45. RtlFreeUnicodeString
  46. RtlGetNtGlobalFlags
  47. RtlGetNtProductType
  48. RtlGetVersion
  49. RtlHashUnicodeString
  50. RtlImageDirectoryEntryToData
  51. RtlImageNtHeader
  52. RtlInitAnsiString
  53. RtlInitializeCriticalSection
  54. RtlInitializeCriticalSectionAndSpinCount
  55. RtlInitUnicodeString
  56. RtlInitUnicodeStringEx
  57. RtlLeaveCriticalSection
  58. RtlLogStackBackTrace
  59. RtlMultiByteToUnicodeN
  60. RtlNtStatusToDosError
  61. RtlNtStatusToDosErrorNoTeb
  62. RtlOpenCurrentUser
  63. RtlQueryEnvironmentVariable_U
  64. RtlQueryInformationActivationContext
  65. RtlQueryInformationActiveActivationContext
  66. RtlReleasePebLock
  67. RtlReleaseResource
  68. RtlSetCriticalSectionSpinCount
  69. RtlSetDaclSecurityDescriptor
  70. RtlTimeToSecondsSince1980
  71. RtlUnicodeStringToAnsiString
  72. RtlUnicodeToMultiByteN
  73. RtlUpcaseUnicodeChar
  74. RtlValidAcl
  75. RtlValidateUnicodeString
  76. RtlValidSid
  77. wcschr
  78. wcscpy
  79. wcslen
  80. wcsncat
  81. wcsncmp
  82. wcsncpy
  83. wcsrchr
  84. ZwAllocateVirtualMemory
  85. ZwClose
  86. ZwConnectPort
  87. ZwCreateEvent
  88. ZwDeviceIoControlFile
  89. ZwDuplicateObject
  90. ZwMapViewOfSection
  91. ZwOpenEvent
  92. ZwOpenFile
  93. ZwOpenKey
  94. ZwOpenProcessTokenEx
  95. ZwOpenSection
  96. ZwOpenThreadTokenEx
  97. ZwQueryDefaultLocale
  98. ZwQueryInformationProcess
  99. ZwQueryInformationToken
  100. ZwQuerySystemInformation
  101. ZwQuerySystemTime
  102. ZwQueryValueKey
  103. ZwRequestWaitReplyPort
  104. ZwSetEvent
  105. ZwWaitForSingleObject
USER32.DLL
  1. CallNextHookEx
  2. DefDlgProcA
  3. DefWindowProcA
  4. GetClassLongW
  5. GetDC
  6. GetDlgItem
  7. GetPropW
  8. GetWindow
  9. GetWindowLongW
  10. GetWindowThreadProcessId
  11. IsServerSideWindow
  12. IsWindow
  13. IsWindowInDestroy
  14. LoadBitmapW
  15. OffsetRect
  16. ReleaseDC
  17. SendMessageW
  18. SetPropW
  19. SetWindowPos
3 0x4040d1-0x404750 31541
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. memmove
  4. RtlAcquirePebLock
  5. RtlAllocateHeap
  6. RtlAnsiStringToUnicodeString
  7. RtlCompareMemory
  8. RtlCompareMemoryUlong
  9. RtlDetermineDosPathNameType_U
  10. RtlDosPathNameToNtPathName_U
  11. RtlEnterCriticalSection
  12. RtlEqualUnicodeString
  13. RtlFillMemoryUlong
  14. RtlFreeHeap
  15. RtlGetNtGlobalFlags
  16. RtlInitAnsiString
  17. RtlInitializeCriticalSectionAndSpinCount
  18. RtlInitUnicodeString
  19. RtlInitUnicodeStringEx
  20. RtlLeaveCriticalSection
  21. RtlLogStackBackTrace
  22. RtlMultiByteToUnicodeN
  23. RtlReleasePebLock
  24. wcslen
  25. ZwAllocateVirtualMemory
  26. ZwClose
  27. ZwCreateFile
  28. ZwQueryInformationFile
  29. ZwQueryVolumeInformationFile
  30. ZwReadFile
  31. ZwSetInformationFile
KERNEL32.DLL
  1. CloseHandle
  2. CreateFileA
  3. CreateFileW
  4. GetFileType
  5. InitializeCriticalSectionAndSpinCount
  6. ReadFile
  7. SetFilePointer

Static PE information

General information
Overlay size No overlay
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-08-02 02:24:12
Entry point 0x1660
Imports


DLL Function/s
KERNEL32.DLL
  1. CloseHandle
  2. ContinueDebugEvent
  3. CreateProcessA
  4. FlushInstructionCache
  5. GetCommandLineA
  6. GetProcAddress
  7. GetSystemInfo
  8. GetThreadContext
  9. GlobalAlloc
  10. GlobalFree
  11. GlobalReAlloc
  12. LoadLibraryA
  13. OpenThread
  14. ReadProcessMemory
  15. SetThreadContext
  16. VirtualAllocEx
  17. VirtualProtectEx
  18. WaitForDebugEvent
  19. WriteProcessMemory

Exports

PE resources

Resource #1
Type Size Name
data 744 RT_ICON
SHA256 d31b412c311316d09c182d07e938a09befeb2679583a55d557943e68c26757dc
SHA1 7d527c83faa8abd5297668f7972c9ea675ffa217
MD5 6cc0fde45af1c9ccb49561847fac8622
ssdeep 6:clk8bIz/llt/ixe8//8xd/is/Gl/vfzn/K8uQFMJdVOzr:Uki2jt/Ee8sxWSfJXc
sdhash sdbf:03:0::744:sha1:256:5:7ff:160:1:8:AAAAAAAAAAAAAAAAAAAAAAAAAAAEAAiAAAAAAAFAAAQAAAAAAAAAAgAAAAQAAAAABAAAAAAAAAAAAAAAAAAAAAAAIgAAAALAQAEAAAAAAAAAAAAAAAAAAAAAAgABARAAAAAAAAAAIBAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAIAAAAAAAACAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAACAAAQAAAAABABAAQAAgAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAA==
Resource #2
Type Size Name
MS Windows icon resource - 1 icon 20 RT_GROUP_ICON
SHA256 a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf
SHA1 a022d5c1cfdd8aace0089f3e72f2eedd41bda464
MD5 42cf62b780813706e75fb9f2b2e8c258
ssdeep 3:wX/sn:9n
sdhash Not applicable
Resource #3
Type Size Name
data 1140 RT_BITMAP
SHA256 87bb1ef8b874b6beff9b72a885cd900ab2d3ed097c7bda0c9a673179199ccf23
SHA1 13af8ada9efca2473ac826acaebd5041e6a91069
MD5 15b385e41ecad9f24a8271cc126dc900
ssdeep 12:KsuNXdaY0xX8Dc9Bu54894T9Ru6Wo1Rtl7uxhnw11X/aCpvTwflwtC9n:puNaYc944894T9I6bv74y9p8qt0n
sdhash sdbf:03:0::1140:sha1:256:5:7ff:160:1:17:AAAAAAAQCAAAAACAAAAAAQAAAABIAAEABEAAAABQAAkBAAAAAAAAEAAAAAAAAAAAQAAAAAAAAAIIEIACAACAAAQAIAAAAQAAQAACAAAAQAAAAAIAgACAAAAAIQAAAIAAAAAAAAACAAAAAAAACAAAAAAAAASCAAAAAAgAAAAAAAAAgAAgAAAAAABAAAAAAAAACAAAgIAAAQAAAIAAAAAAAIIABIEAAAAQAAAAAAAAAIAQAABAABIAEAAAAAgAIAAAAAAABAABAAAAAAAAAACAAAAAAAAAAAYAIABAAAQAQAwBIAAAIgAYAAAAgAAAAAAAAIAAAQAAAAAAAAIAACAAAA==
Resource #4
Type Size Name
data 264 RT_DIALOG
SHA256 1c04daad9c4274c47dc3e8420d1977c9c174760ad076266a30df117fb82a6797
SHA1 3c5e3f06f82ed13f8803ff8168683ff48c88dc1f
MD5 3dfbad02f20537dfb06833a7c2341590
ssdeep 3:axHQXtlzlegWflD8Z/XPlU0rSlizAqknrll/lU0jdlC0L6n2ZllZ/aXlG141JlAI:aUkTND840GLqSxk0zCH2ZD4dAOMkdh
sdhash Not applicable
Resource #5
Type Size Name
data 308 RT_CURSOR
SHA256 6e6953e04665db73b4b9cd7bde438efb1cce408829ccb21d6303b37a611b9458
SHA1 453df630842b2da5d27d9e372c7235f24aeeddeb
MD5 3d75e6cf6962b7f79b89bea9a4257e59
ssdeep 3:Nl/t+lklel/e/illvtEMlt/l2vllUl7N9/Nt/tllRRejqYaeWaWuxaADRaACaARG:sls623yPoqudncW8KF
sdhash Not applicable
Resource #6
Type Size Name
Fasttracker II module sound data Title: "dorak \032FastTracker v2.00 \004\001\024\001" 22115 MUSIC
SHA256 4e58e41f94980d37370dcbcaf939e680db7371b9c30ec6f32591cf7f9fa65a93
SHA1 2816717b9478bad44e86d00476d1628e60cf64b5
MD5 a3248fc1ba6ee74c3e4f1474dd0631a4
ssdeep 384:VQdh747k3vwqwKlRxVo2egi0qZC6A/5sxOouDwNEvp:Odh747k3vwqwKlRxVobY6AxCG
sdhash sdbf:03:0::22115:sha1:256:5:7ff:160:2:122:Iy+wMBEhiiASdNcgJsCgxSJ3xAzSUbWKREZRgLQg6AAA2wJAONcmipERyEQGwyEABSARBHxTKlwoUgIQQCCVI6wcKtKQB8CZAAoqCaCgRRiPA0VoBAEXagBIBjQBBJEVAiYk+BQAlQmOAFwEJJCaTA9mAbPkwjjBIuSCQRQAgBFQzIVBB2giTMIYFUEBGQQAWcGZAAACIyEAAsoQ64oOAJE0EzNwhRSSHAAAIwSgQO7TJtBBWKS7ESAVWCoIIAmMIphtkA9AAIsYThD9aAyEGDAQEwQwmiaAp0w2DJkBgBGaFmiGGBBmwDNsUwQQEsCwAJQTiMAyLqKRiijsRFEvAgBQE9IF4YAIMGAOCAAACmgCQoEgoCEAFARgwRCSqChiYkQAiExQwCPVlARUBoGBbSEgGChYQKBNgEIAIADAkHIKEGEgIAgEWOEAQFEgMLgQCCYQBwESAhQAAAMQAQByDEAmiInAoQAAqA6oLESBNA0gJSuwY2AsAEBBAAoEQgSUFMAFERpwMABiCDChMSAZCSFhi4ADATRABMLATCiANIg2fDawWIYHEDCWAkgIAAXEAQQDRQC1g9PgsRggSwgAlOQEIIKJCaIJCAWjZGAgFJoQMBoMQCgAChpjhTAMRAAAIpEQhEAyQqCQJNkIXDBkkQQlUAHZJBKIAKAJ1IgDoxI=
Resource #7
Type Size Name
Lotus 1-2-3 20 RT_GROUP_CURSOR
SHA256 c53efa8085835ba129c1909beaff8a67b45f50837707f22dfff0f24d8cd26710
SHA1 e8217df98038141ab4e449cb979b1c3bbea12da3
MD5 a2baa01ccdea3190e4998a54dbc202a4
ssdeep 3:GlFlslw3:GlfslO
sdhash Not applicable

PE sections

Section #1: .text
Name Type Entropy Raw address Raw size Virtual address Virtual size Flags
.text Code 6.17616 0x1f3e 8192 0x1000 7998 0x20000000, 0x40, 0x7fffffff, 0x80, 0x20, 0x40000000
SHA256 af7eb3a30599c31941d7fd90e3aae1305aeb026b5c751e59f6f2a012ce383e93
SHA1 c838cbbfbd2354991c32bda77e6fb291086d76f2
MD5 7eb97577b36f3b0fc66380182c6cb541
ssdeep 192:SklPPRpuUv06QJ1Hp/APRJEkhvch75CK:hPRDvKHtkhECK
sdhash sdbf:03:0::8192:sha1:256:5:7ff:160:1:123:gA8DZ0oaGXwEJABBo1AKiAAgBo2SKIIBiCSFSYIBMkqAyEOIWBgKgAASBBUjfAEbIBIQRQAdA2BgMQBQAMCcpKwDkoBLIQjAAOs8CMkGhMCBFCMIGAChUiAQgAiYqAhgCUOkZYBbgIAjgAAmABICBAFISAQJwZ1AghAAY0RgyiUArGSQATYEJUSMElOCHKUEHM4EBotNDBkA2GwIikAEJCIMAQgCooBYSwSJYABQEBYAgRg0BeiCcAiQIghQAKA+ICjkEApykxHAQChAKAEADYBLEhZQEDIAQAUgAITgMIBBEDKYiIRAQwAkABToCACgAAkAMkAE2EbAUDgERAQC2Q==
Section #2: .rdata
Name Type Entropy Raw address Raw size Virtual address Virtual size Flags
.rdata Data 3.20759 0x23e 1024 0x3000 574 0x20000000, 0x40, 0x7fffffff, 0x80, 0x20, 0x40000000
SHA256 d0e9966e67751d5527e997618877c3fb54ac6075a7ab70f1668e0d942d14bd0b
SHA1 feb997d189e0a3c29a39edff5972e5cfe10da6f2
MD5 0793676f7e7fa1358f0e989bb6414db0
ssdeep 12:1r+IUDUr+IUDw39bZ9jeuNERC8SwnFHapqLKGpMujN5:IluNZ9euERvS2HapqWvO5
sdhash sdbf:03:0::1024:sha1:256:5:7ff:160:1:7:AAAAAAAAAAAAABAAAAABAAAAAAAAQAAQAAAAIAAAAAAAAAAAAACAAAAAAAAAAAAAAABAAiAAAAAAAAQAAABAAAAAAAAABAAAAAAAAAAQAAAAAAAAAAEAAAAEAAAAACAAAAACAACAAAAAAAAAAAAAAAAAAwAAAAAAAAIgAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAABAAAIAAAAAAAAAACAAAAAgAAIAAAAAAAAAAAAAgAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAARAAAAAAAAA==
Section #3: .data
Name Type Entropy Raw address Raw size Virtual address Virtual size Flags
.data Data 0.348411 0x41c 512 0x4000 1052 0x20000000, 0x40, 0x7fffffff, 0x80, 0x20, 0x40000000
SHA256 754f28cd5e1333b56597e28202410b742637741bfbfa707accc7029561911a11
SHA1 6a3301333437846fafb59967aa131cc1a5bd42fe
MD5 67207b3ee5126f77b5220e4ade15c3f4
ssdeep 3:PXlll/GJsvtPut:/lPv8t
sdhash sdbf:03:0::512:sha1:256:5:7ff:160:1:1:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
Section #4: .reloc
Name Type Entropy Raw address Raw size Virtual address Virtual size Flags
.reloc Data 0.0 0x3e2 1024 0x5000 994 0x20000000, 0x40, 0x7fffffff, 0x80, 0x20, 0x2000000, 0x40000000
SHA256 5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef
SHA1 60cacbf3d72e1e7834203da608037b1bf83b40e8
MD5 0f343b0931126a20f133d67c2b018a3b
ssdeep 3::
sdhash sdbf:03:0::1024:sha1:256:5:7ff:160:1:0:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
Section #5: t_sec
Name Type Entropy Raw address Raw size Virtual address Virtual size Flags
t_sec Data 5.4583 0x1f000 25600 0x6000 126976 0x20000000, 0x40, 0x7fffffff, 0x80, 0x20, 0x40000000
SHA256 f8f3875b7b5e47fef27cab7bd0e9f2935e3a7c9d477d0e3ae10b3fe6604b0462
SHA1 9e307afa887fd9bba0846d29b8483bf588c24c5e
MD5 52f0b6f6fa53125c5ce30cf511c84e68
ssdeep 384:R0RUTjsYXBQNlEtfsemoKBMTJg4NkmrDs6U:jVBQnSf4BMNRy0
sdhash sdbf:03:0::25600:sha1:256:5:7ff:160:2:145:A7BqRiACLi0KYFCAJIoARAkoECpIhCt4IAEyVQOkACCjrABNYKWGJsA0aQIMGBCkSKF0QWyLNciA8aBEkGddh2LDgUCgCyQCFTAFGEMIRhpBCCVr4nUNMASPCUkmQYkRBWgYVxYTBlSjnrGxkEItw1hipAYoQqASoARmDTZOHTcKmoEFBRGW0hB8AooEAryaGABCAwgkkUDolBShBoIYADVMYUhQJWAAKUACbxfAITIQFCIiSAgBAqJIJEFXJGSkaABIQoiIJDMjkRgOQOmOAI2gyZTJxAVxAepIJlAEgBMKBxJAYCEJgMgDRSgBCIYIkxKg1AYG/YIRWQlCGwHgqqQEgAClM4CMAAMBhUIEIAaAWAUYVKAAAqmwqpAJHVgIbgiQCGDCCIEIoEEwKahHIBswQhvQgMPgAAAguCBYABHAIwQADQJOKG0gwgDAAWWeBBCFohBMxVTnCQxVwqMWGQ4QgSCyCGYpsEWzgItOGGRBNdMrxCCQi7gzwICnBURDCNiIkUAnEErGtVChAI6IATCAA19BUKQAKZAOkDaUQFABIGiNAUhDAJoEAkAIaliVwRFAKCDPHBxEACAcjIsCygbgABaVkBDgM5QoUMAskFDFEQ2UjGgkQRETL0E4oKCFPiPCAeKwVgRYsYAsQA0GhCCkEgAEgXAIRcDBoQBCiQA=
Section #6: e_sec
Name Type Entropy Raw address Raw size Virtual address Virtual size Flags
e_sec Data 4.11236 0x12000 72704 0x25000 73728 0x20000000, 0x40, 0x7fffffff, 0x80, 0x20, 0x40000000
SHA256 91c2f2d807cd7e3aae48b70370cea238ccd71de17eeed9bc5d7c7331e8d486f9
SHA1 cfa149ba0f3c03adbe0f7804db1663cda9c4225b
MD5 60d1de167a69f8a276363931dfe99f0a
ssdeep 384:mQdh747k3vwqwKlRxVo2egi0qZC6A/5sxOouDwNEvOy6F60Jw:1dh747k3vwqwKlRxVobY6AxCdy6F6
sdhash sdbf:03:0::72704:sha1:256:5:7ff:160:4:61:Iy+wMBEhiiAQVFMgJsCghSJnxAzQUbWKREbQgLQg6AAA2wBAONcmgpERyEQGQyEABSARBDxTKl0oUgMQQCBVI64cKtKQB8KZAA4qCaCgQRiPA8VoBAEXagBIBjQBBJEVAiYk+BQAlQmOAFwEIJGaRAoGAbPkwjnlJuSCQRQEgBFQzoVBB2giTOIYBEEBHQQA2cG5AAACIyEAAsoQ64oOAJE0EzNwhTSSHAAAIwSgAOrTJtBBWqS7ESAVWDoKIAmMIphtkA9AAI8YThDdbAyACDAQAwQwmiaAp0y2DJEAiBOaHmiGGBBmwDNsUwQQAsCwAJATCOAyLqKximjsRFEvAgBQE9IH4YoIcmCOSQCACmgCUoMgqiUBFQRgwRiS+ChrYkQCmGxQyDvVlBR0BqGBbWEgGCtcQKBP4PIEIgDA0HKOUGEgMggEWOGAYFEgMPwQCC4SR4ESglQIACcQAQDyDEAmmInAoRHAqA64LEyBNA01ZSu042AsEFBJIAoEQgSUFMFFEdpwMiBiSDGhMSAZKSlji4ADBbVwBMLITDjENIi2fDayWIYHEDCWQkgICEXEQQQDRQK3g9PgsRnoSwgBlOQEI4aJCaIZKIejbGAgFJoQsFoMQCgCChpjhTAsRWAIKvEQnGA2WqCwJN0IXDBkkQQnUIHZJBKYAKAL1IwHoxKDBBSMAGJgiTIwAVCgmUwVBLFTTBBGAYCdP0EESSe4Ah6NoyKArKgABUACoQTAT4TANkwRAHKbIpDM8gkALbohdejQ8gCrqbwxxxvEAEAYLbIQiRcGDCYNiYkAAJiCYQ8o4GZJFAABpJEMcFyMQwIIiALAYCihGjBESIBeEqSMmBYU5CiyRAwhkABGQAKQIgIrJkhiJ5ZDJAJCwYEhboBAKxwTBAbMoURghedmWEHGMAHmAwCGc2WkQYwiHBASKUGLAAghQ3AM8OEF6ImQgVAMYAdjhJgCwEpKNArbqCvaA27BNAgAd6TYLnkHBYhA8hjZkFACGAAI0AumhLAiC1LAAAAAAEFQCICAAADAAAQAAQAACAFMAgmQlEIQAEFXAA2BEBEAIAAQEgBAIISCAAAJRAAAAQACAIIIHIECAiCAACQAIhAAQQLAUIECIQEAUAABAAIggACAAAAgIwCjIZAAQEAAARACM5AAIAQACIQIBRIACASKAgAAAAkgAAAAAAAAgQAoAkAACBBAAEABACAASqRYgKMDE4AAKIAAAAAkAoIgBIEBCEEQBAHCAAADhICQIABAAhIEEAkAAAggIQABqAAIBAADIAAQCghAABjBBAQAEggAAAYAIBJQAAwAQhwBYJCBIgAdAJwQgBAIAIBAAIAgAwAAAIABFAYAACFgAA==

Virus Total scans

File: 400598f3cec6d03d4b8e5bd23003c0eea18c258d1c03eade9eced77bdaf0f14d

Scan date: 2016-03-04 07:56:32
Antivirus Result Update
Ad-Aware Gen:Variant.Barys.8703 20160304
AegisLab Goodware 20160304
Agnitum Backdoor.Ciadoor!QS3zBxgI1k4 20160303
AhnLab-V3 Win-Trojan/Ciadoor.192000 20160303
Alibaba Goodware 20160304
ALYac Gen:Variant.Barys.8703 20160304
Antiy-AVL Trojan[Backdoor]/Win32.Ciadoor 20160304
Arcabit Trojan.Barys.D21FF 20160304
Avast Win32:Trojan-gen 20160304
AVG BackDoor.Generic15.CNAM 20160304
Avira TR/Dropper.Gen 20160304
AVware Backdoor.Ciadoor 20160304
Baidu-International Backdoor.Win32.Ciadoor.cga 20160303
BitDefender Gen:Variant.Barys.8703 20160304
Bkav Goodware 20160303
ByteHero Goodware 20160304
CAT-QuickHeal Goodware 20160304
ClamAV Goodware 20160304
CMC Backdoor.Win32.Ciadoor!O 20160303
Comodo UnclassifiedMalware 20160304
Cyren W32/Backdoor.CELZ-2548 20160304
DrWeb BackDoor.Bifrost.49 20160304
Emsisoft Gen:Variant.Barys.8703 (B) 20160229
ESET-NOD32 Goodware 20160304
F-Prot W32/Backdoor2.CSQI 20160304
F-Secure Gen:Variant.Barys.8703 20160304
Fortinet W32/Ciadoor.CGA!tr.bdr 20160304
GData Gen:Variant.Barys.8703 20160304
Ikarus Backdoor.Win32.Ciadoor 20160304
Jiangmin Goodware 20160304
K7AntiVirus Riskware ( 0040eff71 ) 20160303
K7GW Riskware ( 0040eff71 ) 20160304
Kaspersky Backdoor.Win32.Ciadoor.cga 20160304
Malwarebytes Goodware 20160304
McAfee Artemis!1E7D7C48399D 20160304
McAfee-GW-Edition BehavesLike.Win32.Worm.cm 20160304
Microsoft Trojan:Win32/Malagent!gmb 20160304
MicroWorld-eScan Gen:Variant.Barys.8703 20160304
NANO-Antivirus Trojan.Win32.Bifrost.wesor 20160304
nProtect Backdoor/W32.Ciadoor.110080.B 20160303
Panda Trj/CI.A 20160303
Qihoo-360 HEUR/Malware.QVM19.Gen 20160304
Rising PE:Backdoor.Win32.CiaDoor.a!100038176 [F] 20160302
Sophos Troj/Ciadoor-DP 20160304
SUPERAntiSpyware Goodware 20160304
Symantec W32.Rontokbro@mm 20160303
Tencent Win32.Backdoor.Ciadoor.Eaxx 20160304
TheHacker Goodware 20160302
TotalDefense Goodware 20160303
TrendMicro PAK_Generic.001 20160304
TrendMicro-HouseCall PAK_Generic.001 20160304
VBA32 Backdoor.Ciadoor.13 20160303
VIPRE Backdoor.Ciadoor 20160304
ViRobot Backdoor.Win32.Ciadoor.205312[h] 20160304
Zillya Goodware 20160303
Zoner Goodware 20160304

Comments