MalScore
100/100
MalFamily
Barys

5.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 13/68
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 308.00 KB (315392 bytes)
Compile time: 2018-08-03 17:14:01
MD5: 16525cfab8a7813b3f11b4ce7831bb2e
SHA1: 2e2b35d70f41b78c4f858d52e64ab78f60c7339c
SHA256: 7a3e7440fb0f0ea6d2b3bfa24dd6bb0c176ecb4b0d4d9d9dbf185f005be26e76
Import hash: 146fcdf0e331e14c6535276e0b157377
Sections 3 .text .data .rsrc
Directories 2 import resource
First submission: 2018-08-03 21:21:04
Last submission: 2018-08-03 21:21:04
Filename detected: - 5.exe (1)
URL file hosting
hXXp://205.185.121.209/5.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-08-03 16:43:24 [13/68] VirusTotal
PE Sections 0 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x1000 0x414f0 270336 264700bd56d7dfd1e29e4496d7393797 7495342f9290cb606fdfece9130a3125da693e58
.data 0x43000 0x8018 4096 620f0b67a91f7f74151bc5be745b7110 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d
.rsrc 0x4c000 0x8654 36864 5832bff8c897ff306b2f8a67e1855bdb 5f0ccf150316ba255e292555a10e3ddb1d5883a1
PE Resources
Name Offset Size Language Sublanguage Data
RT_BITMAP 0x4e9be 23560 LANG_ENGLISH SUBLANG_ENGLISH_US
RT_ICON 0x4c5be 4264 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_STRING 0x545c6 68 LANG_AFRIKAANS SUBLANG_DEFAULT
RT_GROUP_ICON 0x4c580 62 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x4c240 832 LANG_ENGLISH SUBLANG_ENGLISH_US
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: samsuNG
InternalName: Spotlysenes7
FileVersion: 7.01.0007
CompanyName: samsuNG
LegalTrademarks: samsuNG
Comments: samsuNG
ProductName: samsuNG
ProductVersion: 7.01.0007
FileDescription: samsuNG
Translation: 0x0409 0x04b0
OriginalFilename: Spotlysenes7.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual Basic v5.0
Microsoft Visual Basic v5.0 - v6.0
File found
FIle type: Autogen
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
FIle type: Library
WINMM.dll
comdlg32.dll
MSVBVM60.DLL
LZ32.dll
SHELL32.dll
ADVAPI32.dll
IMM32.dll
VERSION.dll
MPR.dll
VBA6.DLL
IP Found
No IP detected
URL(s)
No URL found
Spotlysenes7.exe
samsuNG
dfgh
VarFileInfo
samsuNG
Comments
Version
PATH
SOFTWARE\Microsoft\Shared Tools\MSINFO
dfg
InternalName
SOFTWARE\Microsoft\Shared Tools Location
About
\MSINFO32.EXE
MSINFO
StringFileInfo
Translation
efg
FileVersion
Renullifying
VS_VERSION_INFO
Caption
ProductVersion
FileDescription
System Information Is Unavailable At This Time
OriginalFilename
LegalCopyright
7.01.0007
CompanyName
040904B0
LegalTrademarks
ProductName
Spotlysenes7
!*2~
x>owQ
jv$q
ReleaseMutex
rn4#)
ResizePalette
8T&`V
PathToRegion
UnTu
H_\zk
%^&G
h|-
$Ynv
1nrz
GetTextExtentPointA
mJNU
SetMenuItemInfoA
3tec e
h(@e
4xKa
ZopI
GetLogicalDrives
mK4H
@3zP
StartPagePrinter
G4}iY
YHMaq#
NtSetInformationProcess
/%S[7g
` p4}

c``<s
eyVa
c<Pj
n-OM
U;C@
qOShX
9 pE
(Pq/
GetSystemPaletteUse
V(?s
igftigf
,;6hb
wb 2
ACreateFileMappingA
emVw
AdjustTokenGroups
OpenServiceA
T2gh
GetCurrentPositionEx
\ <Qe
B~gGCkEk=G
Subprostatic
EnumFontsA
|cD:>
,)f
4< _
__vbaExceptHandler
g-rX
!?dV
i'rG_
oERV
Forudbestem
Iq< q
F :,^_
qI3
SetHandleInformation
*7l:E
]^e`
95,D
SetAclInformation
Z|c2
dkzc
JC+:
vv``
GetTextColor
0g\IV
o}1Y]
_Mx%
kberes
WN8
m<I|z
YrCq
lVM|z
DisableThreadLibraryCalls
GetClipboardOwner
qonomlljiigfecba`_^]\YXWonm
__vbaFreeObjList
GetSecurityDescriptorLength
E5F.b
?Kv_
tely
/B^v
}Ro*
SIK9M
GetMessageExtraInfo
IB{'
(T-_quq^l
mmioSetInfo
DeletePrinterDriverA
.(=]b
K^]
{UO(
KA,_s
a<UT
r iz
4T,CR
?u>=
biXy
&QI[9
Kxx
&j5a
EnumResourceNamesA
Streptokinase5
;UZm~
A^b
Undegrebets
WrN'
,\NX
X/~v
D]JX6
hV[,gC
A`<WL
`sm
5n"n
DeletePrintProcessorA
rponmlomlmjikhgigffeddcbba`_^]^\[\[ZWVUXWV
u J
YMV~Gh_$
-V7H/(
\_&{ Z
fcL3
7+Qa_>S
aaaa
magikere
`=d
jM"m
aTd^
MessageBeep
PUI*
__vbaVarForInit
xn m
3Slw
'R"k
o=Td
MoveWindow
Porkman6
wT{XP7JF
EqualPrefixSid
ChooseFontA
dska
$w^^V
tSys
HeapUnlock
&(H
SetDoubleClickTime
sede
x8a2 =
o,RB
ObjectCloseAuditAlarmA
akR2$}
QSqh
]J :;
popQ%;
kW#M
WZ1p
rt =s,
mz(
PlayEnhMetaFileRecord
GetMessagePos
TntG
+B2,u'
.9pv ]
}G+-
]qx:y;V
9ukp
Us J
GetMessageTime
jlhntdlT
Wherve6
o)\^
aQ4o
1J-&
5mvv
GetDIBits
:vAG
?^J4
h/+{
d@1\zi
GetLogicalDriveStringsA
~Aqf_
Stningssekvens
}f+$
j[&O
Gc4p
r}SH
RegisterClassExA
ymC
pQY;p
]?G]%
z%j$
A}concrescible
Cj {
$!|Z
D ~j>
"EL~
l&s"
5~T;
Stannide
CloseServiceHandle
A$m)
eyEx
CbbF
]dk"
PtInRegion
[C4\>
ukA$
Z3A}M
gz {4
,-x1
'q3 X
^gdu
Ha {
9e%Qa
XB?D
CreateEnhMetaFileA
~DB:
?6U!k
v\$
ceennacuelum
xvurontrq}{z
Fi]peristeromorphae
Ek4%
waveOutUnprepareHeader
EnumEnhMetaFile
SearchPathA
VirtualQueryEx
yu[%O
BackupSeek
MapWindowPoints
#":sa
ws1^
ALQt
+(Gy
__vbaI4Cy
OffsetRect
SetFormA
H J
Qa}w
9Q {
'\p}
2ew}5l
HM,!
&/@F-
B`"Q
J48S.
GetMapMode
X,W~
M {"
inO&
waveInMessage
nl
YupR
"y~Z
BackupWrite
iuf,igfCigfdigf}igfhigfIigf,igf igf
i"zb
`&-MW
HX H
+9 *
CreateBitmap
+:eZ:x-
s&p,>U
Mn<R?
"i#N9
DdeGetLastError
ExtractAssociatedIconA
RP`i
{+il
SetClipboardDataA
h,u@
ljidbaa`__^]\[ZZXWXW
__vbaNew2
db| E
P?(%
A*FU |
h0c@
c@Nm
741!G
CreateFileA
BD:I
8E_t
LineDDA
f_[w
jihJ
IkT9cS
Mesopotamic8
g%=-
usrponpnmnlkljijhggfeedcca``_^^]\\[ZXWVYXW
P ]Z
'DOOO
.text
nt C
0*E,
__vbaFPException
(K{O
DYjU
3M<+
'&@_
n3jO
CascadeWindows
hpc@
.&+s
vF40
(000#
W^x
\$,E6
\kg1o
O 8)p
OemKeyScan
_gI<
&GT+
Tillgspensioner
Sanddru6
YJ\C^!;^
N;pj
]NZ/y(
U0Vv>
~VOJ
IsRectEmpty
o+5b
k}JK
%ZJM
KU@a-
Sn^m
g_"i
_CItan
v7 Z
h4w@
|sI.
M=jEA
afD#B
uPa[t
44>4&7
DestroyMenu
~69F
MJkY
Fq1h
Wb{K
RRR=
N ~H
M)Ik3
X3Fi
ear8
Loxodrome
Forfear8
GetTapePosition
SetActiveWindow
WaitCommEvent
__vbaObjSetAddref
GetKernelObjectSecurity
B"|#o'jO
ImpersonateSelf
=}I
H+C@*
[Y;|
7huge
X}z(?5P
ZkJ|
VY W^
InSendMessage
ImmGetConversionListA
/s!F$
B^A6
~$/v
cp?k
Wk]
}zy]y
GetStringTypeExA
/[]b
P:
DestroyWindow
l{=F
B{A%
M;sGE
XLX0
Stnkedes3
l<9e}5
CreateFontIndirectA
__vbaLenBstr
Spotlysenes7
} Q
waveOutSetPlaybackRate
ImmGetStatusWindowPos
$^qaLT*
*fMo
L&:U
RGVY
R*JN|w
lVy5
>z<\
Wm2'Y-?E)
uu55R.[
kFL&3
IsCharAlphaA
qUW+ M
DestroyCaret
0MFI
cb``mij
Z yW
hXv@
TO}
d;0H^^^>Tg
ef%]U~N
winspool.drv
y"=j
.bh+
midiInAddBuffer
CCWy
Z yr
MI{>
(uPs-
'faCv
FI!z
/ Wpu
].6_%C
l>F|z
ij>:Ap
=VSi A
$+2F
jf*W.
^^t[ZZYUTR
sdFl
.jpno$
pnmtpnm
\Lacr)
3s M
triplicature
__vbaStrCmp
SetBitmapBits
Rg!x
V}):
SetEvent
__vbaVarLateMemSt
=}3T
Pd.t\
y/6(
F@%[
GetWindowRect
GetFileSize
GetPixelFormat
%_#,
c7Glllll
d?"~
/[4YQ
PdhVbAddCounter
SetDIBitsToDevice
kpH[
^}bX
=0)j
2cT~
` Y>
WriteProfileSectionA
NJ-a3
LoadIconA
o^fH
.22$
StartServiceA
m% w
hp>@
7h_W
4z zv
DestroyPrivateObjectSecurity
<hxF
kernel32
:g_$
GetScrollInfo
Vn)q!Y{
'`>J
mnY|z
"rUn
ControlService
vt~#
;gA>4
m$O|z
_adj_fpatan
P)d^
fPg"9
PdhCloseQuery
SetupComm
beW=
_lwrite
=Drm'
KbZ
im!G
!d]2I
GetCompressedFileSizeA
Bx@Q
F|~D
TvH
Kejserkronen5
GetWindowRgn
4\.
{(LR
MapViewOfFile
Y iSH
DrawEscape
^g@x)'
Oz70l
].2m
m6aq
GetFileVersionInfoA
3T:;
d$T
DuplicateIcon
QX]i
UvfT
pzjD
GetPrintProcessorDirectoryA
pG5k
SetFocus
CreateMetaFileA
p;@
ScrollConsoleScreenBufferA
(sY=
'^#w
#h}h
Oc6I
M|ur
OYcb
ny/
vweO
Udvejningsvgtene
OemToCharBuffA
-{:#w
waveOutPause
oHe
SetErrorMode
ooooo
N+wb
mB W
$psAg
P|z^
GetCommModemStatus
PlgBlt
n,'1
CreatePalette
j`f#
+`m7
=L5hVx
!&5p:
RjwN
+kid
indlejredes
4xyM8
__vbaLateIdCallLd
ueGQ
cS A
FindNextChangeNotification
ywvqonponxvu
r&[h&
Po8R
G/5n
D`s|3
EVENT_SINK_QueryInterface
x\&/
==rrLRq%
winmm.dll
'Xd*
Beep
_r6[
?_c)BI
mc_|z
G+l$
{lt
/>+?
fs}|#
;=kR
/G40
r95Y
MOXd
_adj_fdiv_m64
OKEf
DdJB
-J?v,
9999? [[[
GetJobA
garhwali
= "Z
gRA%
~vc9
....OOO
peristeromorphae
AddAce
wrqM
LocalCompact
GetWindowExtEx
gceller
<5M)
g!#T
KU]I
(:vfh
nR\;@
N bS
c;'%
:Y-{ x
: %
z;I|
PT{D e)
CreateDCA
l~Bg
__vbaFreeVarList
5 ;
`}8&n
VX=p
V+CSE
Q%qh
2M/I
4@i#*ou
[_ae
[ _l
\ <o
V I-
b(:2b
gTIh
i0Ap
YOS]'i
:t'b
Stabilisatoren
?M.Z
__vbaVarMove
3)uM
E(VZ
8m h
65~G
snuppendes
h v@
LCLS
_adj_fdiv_m32
T. Ei
IntersectRect
t$i5n
GhKz
PSn1A"c
!tP6BX
[#~? im
midiOutGetErrorTextA
iYRW;i
waveInPrepareHeader
n,rm
SetTapePosition
~5j$
^ 0w
oRRR
SetScrollInfo
F`lU
SetSysColors
Fxl="
pWb)
O5 \w
^LwW
F<G.
gnzH
DdeNameService
' VxGT
(x8
] 7z
Rz _
gP-Y#
9Lj=
R?{nh&
&NY47
~ {c
!g\Z
,+D/
CreateSolidBrush
mciGetDeviceIDA
__vbaFpI4
gdi32
Rj98S
zs}YC.
xL1_
tz;L%)
!W@@
ged1fdc
~g{S
GetHandleInformation
(y$\:^
!}`v
K7y&DcE
=u*/l
X3<
ImmGetCompositionStringA
8p_m
Magtens8
6:lZ
3>(`
7UQ3
0)Ry
Tindingebenene5
FindResourceExA
3333
GetUserNameA
E:SxD
shell32
aLg"
{l"7S1
f@G(
FnK?b
MoveFileA
y,_-8
hgfigffdccba`
ru~1
waveInGetPosition
GetKerningPairsA
1CPS
,*wK
W[L?
9Nx=
Engagerende
_adj_fdiv_m16i
A3DGp
e%<
GetUserDefaultLangID
"1Ht
0G{rR
Rich
__vbaStrToUnicode
[3[x7
SetSecurityDescriptorDacl
TranslateCharsetInfo
OffsetViewportOrgEx
Form
CreateSemaphoreA
$@-s
GaV*
__vbaStrMove
h|w@
Foru
/ X^8 Y
comdlg32.dll
TG`2
]bXrohr
>K0a
midiOutOpen
*fG~V
DdeConnect
:G {K
hTp@
((dc
\&UQ
OpenDesktopA
5~| $
M]A5
h yX*
GetNearestPaletteIndex
3)4 0
2WX8
][8>
GetSysColorBrush
4nQ}
{}7_5$
phth
e41G
WNetGetUserA
~+QiV
OZ`
rxw5
jYiW
91f3S 5
HSoPu!
G(G
GlobalSize
%9Q\
B(d
1R*{
DeleteFileA
&LcF
i:3J'
{"Rp
SP9T
EnumJobsA
TD)v
++[<
p6+U
MSVBVM60.DLL
Bran
FE;^
inISw
xIET
6kR{
'Dcj*c
[H'=
CE 8
}E Fr
ReuseDDElParam
dpvb, r
advapi32
@/ntKc7
: yu
K$it
c':s
ddI3Sth
N~Yf7u3vh#
U6W4
{|B}
VBuwe
GetEnhMetaFilePaletteEntries
9vt *ZUW
#aN5?
MessageBoxIndirectA
pind
N7uV
mpa~
mmioClose
9p.5+"
PneEm
=l}\Zt
Platten
DdeQueryNextServer
Ornately
bjMr
vH&Gz
WriteFileEx
SetArcDirection
A/H6
h c@
EnumFontFamiliesExA
\ghI
&?Hh
T'Wu
gnlW
\g6K}
HeapCreate
BackupEventLogA
indbindingsmetoden
"(A%\
S)2t
GetDefaultCommConfigA
~[L
{aJ6H
epYN
FileTimeToSystemTime
UOib
}0-
RegCreateKeyA
sedeserne
t6d(
&oV\
ZU&`"
hgZx
a/SJ
k n
GetOpenFileNameA
.ya_
n*A8j
Oi`$Z
-^Ghb
~DWF
Renullifying
y_60|
7Jdg
f XC4
Juv;
1^B6Sn
tern
:YJn
V}nW
h6 Ky?
i-5 S
jc<N@
_|M;
ZXXX iWq .......
2c..
JpEqp
GetMenuContextHelpId
v;yuL(,
Z?GFk
Y[e{
aP&Cbx-OCMl r
WK*
.rsrc
TextOutA
O7pWC\
L/GR=
ImmIsIME
H;4jS
ValidateRgn
doq/
+^1AyK
~; sP-
5?# .
3aJ |
ImmEscapeA
T2 g
$o+,%
m\K?
3Cvn
q=gG
F '|c
<8X9
Abr=
GetWindowPlacement
NDF2
SHFreeNameMappings
i=-a
IsIconic
_Gz=
fd eY
EnumPropsA
Fearedly
7aY\
GetKeyboardLayout
Y0 [
H ?k
x>C^(
sgMK
8
vot}
TN7_p
S9b
@R_M#
'k~`
I6Z
]ns)h
LZSeek
ClipCursor
)ch<
FlushFileBuffers
ttuQ<
S[bT
Electromagnetisms5
}n{
Y(rnj
]Y=&
KF_H
SetCommMask
b#>#
=L"
p\)]
J' VV
WcJo
CheckMenuItem
JnK*|
LP=>^
]3BUM
dc?Z,e
K=59
fOt*<
ToA)AB,
9]N/
/ 6=>
;M2F[A
TlsSetValue
=|/
n.1o
v7M/
`&kQ
9>hZ
S>0`
AdjustTokenPrivileges
MY16
A.;X?c
(n"3
v\|N
\CEYT
GetGlyphOutlineA
,(^*
nq&Fo
3)c gS
kDMnS`
ordensduks
1<#I
{8Rr
_adj_fdivr_m16i
rVBq
I1t/
C*?p
B+RN
ExtFloodFill
tq/~
DragAcceptFiles
<CWG}f
d5.H;
v^x0
6=S
U`{.
2NVG
.dFx3I:8
RegQueryInfoKeyA
q C:7
NotifyChangeEventLog
a2\a
Inddatategnene
_(JT
IsBadStringPtrA
< }s
lji2kih
k]*A
3**v
pOmD
ZZ_4
+* z
Ag'c
Ibm~
&m)7
{?"+
SetSecurityDescriptorSacl
[[XI:****:B''III
recuperation
u^@w nd
x4F#
j-<\
"yjxJH
( O)
ea N
3R^25q-OXL
_-GG.
ImmGetProperty
{S"N6
n.d*
DcN4
skoleskemaers
plyhC
[&C2
`rJ5L
evMAP%
CreateCaret
;,;T
e5|
WritePrinter
/P=b
;0
GetPropA
Z|z#
}lD]
ROOO
is#_
AddAccessAllowedAce
:Ndx
^`}5
$_,(
S6UFz
o8s>
r1KKxB
m K|
DeletePrintProvidorA
Z|zL
Z|zM
@]CYR
GetKeyboardLayoutList
hDr@
Frifind7
G0@4%
Iyd8
NoMc
J oEW
D7:B
Palletere7
zT J
k|l&
PVzKpuZwj
__vbaChkstk
hPz@
:I/
Udstraales
EVENT_SINK_Release
BeginPaint
S U0
^Yqx
evB
~U.v
6} j
StartSysInfo
Indfrselsforbudenes0
C$@v
5s&J
B~6t
6"H[
h\b@
Ol?G
G/]*
GetCharWidthA
{6AF:5_N
"7=JFr0m
S f+
w,Ip
xYko
yt';[I,
Skaanevaskene2
_adj_fdivr_m32
3Mwv
%NkJ
GetComputerNameA
kS9v
R6O
godkendelsesbekendtgrelses
vPV"
"Z}q
119hh
c$MGU
PostThreadMessageA
t=`X
DmE6
*joZh
8W<@
USER32.DLL
Vinduestyper8
} j`h@c@
"g8:
-7S\
SetProcessShutdownParameters
<f]]
VirtualQuery
Dd2*
GetColorAdjustment
3Hou
RegSetValueExA
+ _~
LoadKeyboardLayoutA
AY;`
NY_*
dD7wb<
z>&s
MenuItemFromPoint
SetClassWord
*==;
Ppi6
W4s.
1<<'
CreateRoundRectRgn
s}$@
zx<!
Chord
IsCharUpperA
OJ8E
midiStreamRestart
76'5oN
.$ v9
midiStreamOpen
AddPrintProvidorA
waveOutGetErrorTextA
092
D]#u
bBmZ1c
}_j`v}i
InitializeAcl
d3:'
RegCloseKey
+WAOM
SystemTimeToTzSpecificLocalTime
7 8,
DeleteCriticalSection
rIn|I/
t} R
ScrollWindowEx
__vbaCopyBytes
gI9=<
`E](
vNt-_
EnumDateFormats
<[~ Oa
W$G,
Z ]x
54Rz\
dez3
L<n#v#
hw#B
Fa5-
joySetCapture
q9th
F$"LT
Soporiferously
GetWindowTextA
+04%
waveInOpen
,it
b%)4RF
0slDh
Pu[*
$D@o
[('5
DYI;
K|zb
SetProcessWorkingSetSize
Maskernes
AD23
93[xAQ.
8a?E
`~Q y..
.u*
midiOutMessage
dxt-
Snderjyllands4
Moisty1
uX%4
Monophthong1
Fulfilment5
)Yt8
`:+
^]39
;-#1
_CIsqrt
H0yP
Dispose0
Flagger7
5-Af
q9d !
?ck&
0R (
__vbaStrCat
SfIa(
cqhd
XP+'
CreatePen
nG%#jK
ys/?
BP`s
`pD&9
Planendes
=65>
h4n@
%XO8
mmioSendMessage
M(+I
rmegabet
|x zT
dR\Q
zxr3p
GetNamedPipeInfo
=sp]
SetWindowLongA
__vbaExitProc
GetConsoleScreenBufferInfo
_/8s
Bygning
CreateDIBPatternBrushPt
6{p?,
bortrationaliseringernes
8 n6
'Bmd
,_cK
?EBe4
6nQ?
~WdE
SetCommConfig
2:L3
Pebe
'TY<M
qXL|
Q!i[
nDqV
,T:M
CreateHalftonePalette
GetSecurityDescriptorControl
G6x;
3,X+/
mRO22
O [
|5:|
lUV>
c}ZNg
b%+=
M]qzl
,fTO
MZMt
} W
preapprising
[[[ci
VE@`v
EnumPrintProcessorsA
__vbaStrToAnsi
<x>7
U\Qi
p[eD
_CIsin
mmioGetInfo
bQQQ
CuT*
/rJ;
+qy-Sk
uN`]
GetSystemTimeAdjustment
SIBB:
9f _
ewkG
u~/
K2ba
EnableWindow
a09?x
0 TM
GetStdHandle
D5GG
Nl+b
JvGw
-nMv
.....
GetROP2
mO;r
TVu
zfz
O8n:3
ImmGetGuideLineA
6z|h
,:0+
G,Zb
og"f
!t4`+
Ock*I+
dbaecbecbcbab`_`_^^]\][Z[ZYYXWUTSQPO
sf_`
CreateEllipticRgn
W Hz
7o| W*
k,(Z
_CIlog
am5M
+o\S;K
jdr
" V5
9qd[,*
u& EO
AddFormA
(06R!
....O
__vbaStrI2
__vbaStrI4
s!WO
unholiday
@eyQ@
GetExpandedNameA
bhrN
__vbaInStrB
ctA;
O["
GetUserObjectInformationA
LPtoDP
|g46l
Overrates0
hTc@
NI~7
Fugleflugten4
3gTgj
i lh3
JD9
+5r
2qy,?
VHq}
rfN'
BA\`
LZRead
0ltA
9i0`
V'K8p+
G+Vb
> XR
+9K{*
mW_)
5RKa
X`:`
&-(}
Bowleggedness1
6 ,Nr
SetWindowContextHelpId
ExitWindowsEx
PMRZ
`V:xOh
ImmCreateContext
ImmSetCompositionFontA
y jl
WindowFromDC
ju }
"Kv)
DoI$
%o
[ `f
Urw~
8'+Y
fu$S
BjjT
M&{2
`vFO"|!n.
"/[`
5 4y
H~m"^
y3!X
mmioSeek
yIzm1O
__vbaStrVarMove
fvj
H+ I
Vtb1
A|z)
2AJP
HNC{
MOjl
:'O{
RectVisible
SDBV
,L0/
<>bm
f&~
S[E3
ky6|
LXmd$
vg)X
RUe
SetWindowOrgEx
ewfIp
Bj0 0
C6sg%
!w=k
#0>V
ao|BJ
B3YyV
GetTextCharset
|kV3
mixerGetLineControlsA
Caris4
@ _w
mMC|zY
GetKBCodePage
MakeAbsoluteSD
ZUT
3u
AbortSystemShutdownA
K<ntm
AdjustWindowRectEx
LKT#,7o
{.7xW
#^ =
)W]M
<\x.
L2|2
F+V#Q#
SetSystemPowerState
icro<4
O-f m
h<}@
FrameRect
N{jh
RRRRRR
!This program cannot be run in DOS mode. $
4! i='
xvurqpqpoomlmkjkihhgffdcdbaa`__3]][ZYXW]\[
5/Rp
LZClose
a(Hc
U$?w
W!W
LeDQ
^)]!@
d{0Ym}
|Gc-
OpenPrinterA
^[ K
adrenalinets
yXfU3
GetTextMetricsA
5_&8*
lhPm
C:g&
Gwa24
QM9
DispatchMessageA
OhG<
aZ_^BSu
E1z
]flK
NVp]z]x
_adj_fdiv_r
|$0_#
t1?h
c~x
oooRRRRr
n9ON
waveInAddBuffer
=-+g
-Pq
gP /W
.l3Sd.
Sh L
'Q>h
SetScrollPos
OOO|1
bbrc+
g ~1u
I3Y@
GetActiveWindow
__vbaFreeStr
ywv9wut
,+uB
5sA/X
goik
15crr`
{:23r
utskihhfehfehfejihqon|{z
hd|@
ImmAssociateContext
GetDIBColorTable
5ULt
ImmNotifyIME
P
_iI7
M_:}
`s!Yg
DMCG
gavekortets
.Z(?
WaI
D }20
cLn+
M*03
7\v=
GetKeyNameTextA
C|z
FlushInstructionCache
9LGl
GetLogColorSpaceA
[_*O
GetIconInfo
c|o/I
N&`@
tO l
)Y+-
fallostomy
OutputDebugStringA
L(Wx
ibHm
GetSubMenu
=idZ
\\/G
p`[Jn^Y
Yr1f
'L1%
DeferWindowPos
3GUee\4$
ii,IX
(8o9
>Iu6)
K/f7G
YmG
SetHandleCount
lz32.dll
nacu
b`8o-
8^Yh
H=M|
+ h
PDAq
]b3g
u6RQT
js>6
:r|
0uWb
EM@Y
.#05HJ
OtCI
GetTempFileNameA
sV]7 '
(s;V
UoJt
p:?"
D}Sg
M&z
O-K#d
d6oCL
]6KgMM E#
(c&q}i
Brandmandskab8
l_L"
R,Q$
_adj_fdiv_m32i
`8}s%&
hj%_
LoadMenuA
1cx0
GetEnvironmentStringsA
G32ya
rpiDa
~T4-
User32
`&:i
IsDBCSLeadByte
>l&I
RRoc
\]E3{i
`k>+
Sortskjortens8
hfe
St[8^7
nQv;
34`Q
srqkihljijhghfegeddcbba`a_^^]\\[ZZYXUTS\[Z
x8PF
hfei
hfek
oRRR:?'a OO
JSum
z2;^2B
hfe^
UnmapViewOfFile
k;"M
.OO*
OZ2`W^
wR5E
:DN
DeleteMetaFile
66 -
|{k{yx
"(bb
O=B-
_adj_fdivr_m64
GetConsoleOutputCP
EQ
_U-_ ]c
`hy~
`.data
tz) I
2f\=
B:5Qm
RK#[
Lj C
0q`^)
CreateDesktopA
N1S,
~R)^-
(Urq
&Sm\
3"Xm~
/&2'C
x|btr
>omL
)\!:
E?>K
GetStringTypeA
i;i9GVu
{+JX
!&x3
d)79
rNohJKE
|M@`}
4t@
v lk
GetEnvironmentVariableA
k9,x
EnumClipboardFormats
GetServiceDisplayNameA
h Q1b
Pebermynternes5
O* x+
H U/
7=h
EqualRect
Iq]/[
K. A
Tv|1
&}!t
&`<
Pu|A
m*&z
!.WY>
<rIS
SetThreadPriority
\J7Qk
mI9
-W;\
m !'
__vbaFreeVar
&0SF[U
rF}+PCV
[[...
\ARN
{dnis
CSGF
!t2dK
Wu*u
00Ga
igfa_^^]\]\[\ZYZYXXXWXVUWVUa`_
%hVq
EnumThreadWindows
QueryServiceLockStatusA
9{Ag
ikaC
1r~$
CharPrevA
midiOutGetID
Kejs
y@ e
dUxk{
midiInStart
?u%f
8i1N%7Ea
_<I8 @
c$6m
!}o
Rectangle
QH3N
middagsselskabernes
SetScrollRange
eWG,
R<A1
Process32First
sp.[
x)3I
j ~
2C~4
Plan
1[ rZ
wEi@
yOFI*
g_qW
Vizcachas4
E[+V;
I"C6
),$A h
-A;j
KeyRoot
x]cPp
K@%3#I
J-w+
)X-)
-V@3
GetDesktopWindow
CreateEventA
@&&J
K3$N
]r~bH
hfe,
EmptyClipboard
Cq;?
fed!
GetFileTime
GetPrinterDataA
midiStreamPosition
*-HAa
DeviceCapabilitiesA
l]o?
FindWindowA
w9`M\$"
HeapCompact
,LSA
~wr]
0e#f_
[`Vx
,gf]
sS7
I-of
;K0=6
ZDi)
CreateFontA
TileWindows
GlobalFlags
z~Y-
h0m@
@0DB
2W~S
profluent
obitual
S#9S
IsMenu
RRL?,
eIxo
LocalShrink
:vt )C
NRi|
KfgR
GetFileVersionInfoSizeA
EnumDesktopsA
GetWindowOrgEx
6k<4N
ZZZW[[[[[[
cHZ!
I?EZt
@0#<U%5
'J
B98\
=['
ImmSetOpenStatus
FreeEnvironmentStringsA
Ee
SubKeyRef
o bh
w E"Y
GetLocaleInfoA
+ *i
=qE
bromalbumin
VTr`
Fon9
Cq-<
xlpJ
wY/
SetStdHandle
E@Q2
E26J
=U6%
_lopen
CharLowerBuffA
].B[<
Ks .
__vbaI4Var
Z^!&
%QfA 2
K :-
dFqu|
Uc1X
z,;G
f192,Wp~
nN y'
VerLanguageNameA
waveOutReset
hfe[ged%fdc
[5:B
9],+
'.&k
)J 1\7o
L70jKA
6;?a"
ColorMatchToTarget
ooRRRr
fSCA
h`~@
m l
` g
,vK:
yeh5
M=Tp
GPG`
%_
VJ[51
n"TP{
n{os
JX$c
|i '
__vbaPowerR8
@)3+
!FJf
="Bc
&:C6
?><h6
("un
S#q%
ObjectPrivilegeAuditAlarmA
DrawFocusRect
WaitForMultipleObjectsEx
]8zG
RAwU
coinquinate
ltD{>
IsWindowUnicode
iyi
__vbaVarDup
6)n@X`
mkjljijhggedcba`_^\[ZWVUtsr
DdeAbandonTransaction
spilddampes
SetCommBreak
:LayM
LZOpenFileA
r|MC3!
keybd_event
\<mN
_Wx^
myRmpuT
EnumPortsA
9qd[
EJa r
InvertRgn
basketaget
MEM)
Ela1
>Wi~
ZZsa
Y20&
?06 &%aY?uy
LoadModule
Wl"-r4
'}Y U
RQf5~
w*bc
rK c|6
FJ$
;SAh|
1=<)
A0vhy
+8D6
GetMenuCheckMarkDimensions
u]HDC
o!m5A
\C =
aKERNEL32
2Z+H
}b>%
FreeSid
f2D#
KeyVal
1<LM5;G
Unanalogically5
qqps
GetPrivateProfileSectionA
shell32.dll
;a"K
1&Y[}
.Op+G
!E&<
}&3B
eelblenny
? ?
\0 <
zs7I3
])16
4!z Z
h4{@
_ \5
@,qv$t
hI{C+
%8|
&Dk8
{V=u
*]h6
8 M"#
=EqO
?%a@
EndDeferWindowPos
0Bfw
<?ne[
SetServiceStatus
mmioStringToFOURCCA
^ `'
vts*urq
kamikkens
C X$^
e j4
W)@6
{Zu>
fQ:Z
&2]{
sL>-
YSortskjortens8
,{ts
qM\9
GetTabbedTextExtentA
verfende
Gwell_NotifyIconW
...........
Xyq<R`=[i4
Wpd
22$#
CreatePrivateObjectSecurity
30+r
CreateDiscardableBitmap
GetDriveTypeA
9}?&
8@M
` 5
SelectClipRgn
$ Re
GetTapeParameters
DdeDisconnect
` B<>
mG6
x=}j
X;N+
VB5!6&*
PzC_gww
" pV
wd\o
WA>%
I+e%t0
6tBr(
v or
OnSK
Undervisningsomraadernes3
"xuR_
GetCPInfo
'RZe7wxq|
X~d\
CreateDIBitmap
OOOOO
hd&H
GetNextDlgTabItem
mmioSetBuffer
BeY4
:Y!j
/m f
VuT~
=DU-u|5"
qq9hh
Y} t
E#BW=
SetWinMetaFileBits
__vbaFreeStrList
V)q~
)P:
.lb9-[
2jES
:?K%
RegQueryValueExA
%J'L
LR/p
HeapAlloc
N;TQx/
a[%z
J|zM
XbA&
hW6ge
Gennemgangsleds0
7w "
__vbaSetSystemError
S'~ N
N=6/
@ir!IK
EnumFontFamiliesA
mmioRenameA
}e\1
buK[m(ijt*
LockFileEx
GetArcDirection
|'SN3"
ScaleWindowExtEx
<da8q
c45u
A'D)j
SetEnvironmentVariableA
GetWindowLongA
RV G/
o%dn>S
\Tjcl]
GetCommState
SHAppBarMessage
HYdG
.pMW
DFX)
>ZJ>9?
GetKeyValue
Z''V
JNVFX
Yn4
FloodFill
n?(p
ebyL
~6.L
P:@I
midiOutSetVolume
xTWv
PaintRgn
GGI[
O-A$
WV8U1k$;
3Q('G
EnumSystemLocales
a9 s
waveOutGetPlaybackRate
5a&m
CreatePatternBrush
w?^d
__vbaFreeObj
@EcM
T4i-+
_CIcos
r0',
ScreenToClient
;,#=
7,zB_
.vu-
3jG5
;=qF
e^p_
[|z
2ms9
<dK5
-j'&
S99k
nboWe
0h b
m^m}
pvEo
mciGetErrorStringA
XC|G
FG3z
e[a(
S !#R$
mC)@
?_" $
8xv'
__vbaVarAdd
BackupRead
-_R;
k)O"
3gZn
d{kE
TKmM
K r
_CIatan
7a/u
Xho-_
StartServiceCtrlDispatcherA
3 30>OQ
i &0la4
GS#h
_6jMJ
SetPrinterA
.+oh
UIBm
<$B!2
?(hR
K:_y
2-(V
(*D
LoadBitmapA
/AU7
@bf&
ywvtrqronpmlnkjlihjfegcbdbaa_^`]\][YYXW\ZYmkj
(d~K
:}ZE
ba&U
l9p#
Y`Wr
-)No#j/
2Brj
Z(Zp
EqualRgn
DYR
`iy;]
D3N`8:_
ImmUnregisterWordA
synaptid
staalgraas
J #+
_adj_fprem1
SetMessageExtraInfo
\w
sgC(`
+z/s
SetWindowExtEx
OT| Hq>
$0kA
:WB?
h0Ab"f
H&-O&+
lUY|
$ p?
OffsetRgn
-EvX
$3c.
WriteTapemark
Y ^Y
Dk0]
<A|z
W5<P
__vbaInStr
2s{
P7{j
ow:S
)Yo2
SUH7R
[C7v
!XzM
fsf^
@0Ho
GetWindow
dds$$'uXu
e0VY
=fQ]
Mrrc
_lclose
?W5n
LocalFlags
IsZoomed
4%I/
u$&f=/.wN
PtVisible
_allmul
ADVAPI32.DLL
i`I6e
`VM(
ExtEscape
LX>s
InitializeSecurityDescriptor
II?OO
:pX6
`=,
PIrt
hdx@
`6d~
PatBlt
hhs@
BuPL
Wb :2
pW rY
(lG)
;|&fW0
CreateCompatibleDC
__vbaVarForNext
K i#ZQ
Z*@-
|vX[(
O;h"
nE^h
E A;K
Valu
<L[4@
zP a
GlobalReAlloc
iu>
M)v@
ExtTextOutA
"j=j
+|i
FillConsoleOutputAttribute
f_S f
+Inddatategnene
6X,Q
d n,
x8|$
@tn
_o{
L^R:`
DefineDosDeviceA
P$4@
imm32.dll
1)(w
g;O
N()9UM
afviklingstiden
SetMenu
!"
T"lW
^N
`eb5
GetKeyState
Mz`*
<N`a
| ]_eF
qcIv
cC@&u
g#5=
+M t)%
SendMessageTimeoutA
SetBrushOrgEx
__vbaObjSet
@,|}
cp|K
Vdm7
!=lT
^{P.
u"[L1
Gvc7E
?ne%i
[A,P
\YKD
SetWindowRgn
s|M|g
Ao`vD
uwJj"
!|R|
PlayMetaFile
5pmy
CreatePipe
hDy@
SetSystemTime
GdiGetBatchLimit
Phlc@
s, {}
R t1
;S;[
eS%#<P
GetBinaryTypeA
E8(zEdx
RegOpenKeyExA
RZ1d
|A.V
'3\'
k]j4
~,9>
onen
OdCC
g C1
IsBadHugeReadPtr
x"|[
HeapReAlloc
oz|ryyktteoqbjm`hk_ijbjk`ijV`cejkyww
LoadMenuIndirectA
OYm&x
TransmitCommChar
cYk3
*+ns-
fs $YmR
r !9
%tl
~a7
LocalLock
deployeringens
ReadPrinter
j?Rx
">q
{CxR/ac
X< }8
gvX~
rIqa
h@c@
e=E{
;mO'
42Y>f
WlT3
En*$
m*|Q=m
mEX|z>
.[FX
E==~
FrameRgn
Kp1N
{<M5w
*84?
SdIa(
Vgarhwali
BcC
7*m
i[+?0
^`n&f[@'
Y"mW
DialogBoxIndirectParamA
_adj_fprem
oR.6
SetPrivateObjectSecurity
ri$:
RegQ
RegO
]xN[
nonsubtlety
\s LC
iL&-
K=J]`
CharLowerA
GetStartupInfoA
{:_RRy7
K:6s},K
zk,\
KeyName
EnumPrinterDriversA
Hs0)
p1C+Q<3Oq
DescribePixelFormat
Hb]
VHKVt
GetStockObject
__vbaStrVarVal
|`io
Jr<u
sY<te
-#u
u\*K
N \2
AttachThreadInput
Stutter8
midiStreamPause
hdo@
,98C
CharToOemA
CreatePolygonRgn
~+jK
"XTo/
!/-`>,
Carts
vv(*
k{nG
EVENT_SINK_AddRef
)d-N
WaitForSingleObjectEx
_':=
QgQb
hv:::v I8
" t66
BuildCommDCBAndTimeoutsA
3' #
CancelDC
concrescible
.)4=
%; ;
3oc?
ebI4
kV|R
"EDEIU
lINy
s3\%
version.dll
@cl} 5j
LW{.
DKia
~ywvtrqvss|zy
Vizc
? Q(S
\ pn
lp]Y
}=6gG
PolyBezier
mixerGetDevCapsA
Afmystificeringernes
zNdl
MB&z
# K]U
Z:ZP'!h
'M|U
h`q@
&(nt
&Hre
cgnOr
;M6~
dU2*[
hf 3'S
!piu
%s[4
bA]y
;%<e
i2pgJF=l
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
q$*L<Q
:_3/%
x>'$
~~);
0 "fq.K
GetCharABCWidthsA
QSZs
U# >?
m1M-{
Y74[
4=GA3:
mpr.dll
Fv\n\
;0H#
=El1~
#h]6
)* F
LZ 9
b N{=
stykkende
Sgn MAR4dOKj
h s@
iY,m
_>(&k
hfe=igfwiif
MZSl
SmLQ
1##Z
__vbaHresultCheckObj
-/Oo
i}?6Y
;rg_
MZSz
SSST
SetTextAlign
_adj_fptan
VBA6.DLL
lep-
ywvsrqsrqzyx
GV<?
1s(
InitializeCriticalSection
Slvs
SetLocaleInfoA
"mc?
NgU$c
w|6F
lose
\[?H
"bQQ
Nm J
Yn;"5.&
%'2p
}p$@
AI
FeW4z
*Bt_
__vbaCyStr
QueryPerformanceFrequency
mF}[
K/]
Slvstols
DllFunctionCall
xL@d
lsSE
$zK()
@^9R
~0v<
ax&
wP6|
nide
DdeQueryConvInfo
q-OVU
w\6^
Lo2^_7
Afplukningen3
OK $
$fJnvFZ
ldIZ
XaY
V[ U
__vbaOnError
_adj_fdivr_m32i
vWn"
3ByJ
prverne
Ttl_=p
}(:1
gZ
s" ;
I#fzDS
TerminateThread
1G~I
E. &-6
ng1I
CopyIcon
_0L7
n Ku(
waveInStop
tY{Px
m|][
]+L3
RegGetKeySecurity
gV> y
hHt@
(\!
j ?yv
OmE M
O>7:p
B6PN*
u6g X
lEa[?
Hawaiianskes
6]g\Q%f]
U:|3,.@
D{I^
InsertMenuA
w #(
lAF4
/i:j
pallescent
aCvBk
GetNumberOfConsoleInputEvents
/w-%7
OpenClipboard
EOvi%
Y]oH
n5!\
igf igf
ecrufarvets
SS7O*
v:^+(
valutapukkelen
I?OO
GetACP
eLFH/;
__vbaStrCopy
[r
P"a+
igf9
11?Iv8
Ahh>%
MessageBoxA
#feB
htu@
9vv7J
+IY;
Y7ZIJ2
M"G"
ywvgedhgfgedfdcdbaaa``_^_]J][Z[YXXWV[QPfed
timeGetTime
%? =
vli\
mmioAscend
FindFirstFileA
LookupPrivilegeNameA
y W_..
}|sqppnmnkijgfgcbb`^_\[ZYXcba
`
WriteConsoleOutputCharacterA
_CIexp
DPtoLP
igfk
FindResourceA
I3EGh
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2018-08-03 21:18:03 2018-08-03 21:20:59 176

1 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2018-08-03 21:18:03 2018-08-03 21:20:59 176

5 Summary items with data

Files

\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\5.exe.cfg
C:\Windows\sysnative\C_932.NLS
C:\Windows\sysnative\C_949.NLS
C:\Windows\sysnative\C_950.NLS
C:\Windows\sysnative\C_936.NLS
C:\Windows\SysWOW64\it-IT\USER32.dll.mui
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Users\Seven01\AppData\Local\Temp\5.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
C:\Windows\WindowsShell.Manifest
C:\Users\Seven01\AppData\Local\Temp\*.*
C:\
C:\Users\Seven01\AppData\Local\Temp
C:\Users\Seven01\AppData\Local\Temp\IPHlpApi.DLL
C:\Windows\System32\IPHLPAPI.DLL
C:\Users\Seven01\AppData\Local\Temp\WINNSI.DLL
C:\Windows\System32\winnsi.dll

Read Files

\Device\KsecDD
C:\Windows\SysWOW64\it-IT\USER32.dll.mui
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
C:\Windows\WindowsShell.Manifest
C:\Windows\System32\IPHLPAPI.DLL
C:\Windows\System32\winnsi.dll

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Codepage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\932
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\949
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\936
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CMF\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\932
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\949
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\936
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
oleaut32.dll.OleLoadPictureEx
oleaut32.dll.DispCallFunc
oleaut32.dll.LoadTypeLibEx
oleaut32.dll.UnRegisterTypeLib
oleaut32.dll.CreateTypeLib2
oleaut32.dll.VarDateFromUdate
oleaut32.dll.VarUdateFromDate
oleaut32.dll.GetAltMonthNames
oleaut32.dll.VarNumFromParseNum
oleaut32.dll.VarParseNumFromStr
oleaut32.dll.VarDecFromR4
oleaut32.dll.VarDecFromR8
oleaut32.dll.VarDecFromDate
oleaut32.dll.VarDecFromI4
oleaut32.dll.VarDecFromCy
oleaut32.dll.VarR4FromDec
oleaut32.dll.GetRecordInfoFromTypeInfo
oleaut32.dll.GetRecordInfoFromGuids
oleaut32.dll.SafeArrayGetRecordInfo
oleaut32.dll.SafeArraySetRecordInfo
oleaut32.dll.SafeArrayGetIID
oleaut32.dll.SafeArraySetIID
oleaut32.dll.SafeArrayCopyData
oleaut32.dll.SafeArrayAllocDescriptorEx
oleaut32.dll.SafeArrayCreateEx
oleaut32.dll.VarFormat
oleaut32.dll.VarFormatDateTime
oleaut32.dll.VarFormatNumber
oleaut32.dll.VarFormatPercent
oleaut32.dll.VarFormatCurrency
oleaut32.dll.VarWeekdayName
oleaut32.dll.VarMonthName
oleaut32.dll.VarAdd
oleaut32.dll.VarAnd
oleaut32.dll.VarCat
oleaut32.dll.VarDiv
oleaut32.dll.VarEqv
oleaut32.dll.VarIdiv
oleaut32.dll.VarImp
oleaut32.dll.VarMod
oleaut32.dll.VarMul
oleaut32.dll.VarOr
oleaut32.dll.VarPow
oleaut32.dll.VarSub
oleaut32.dll.VarXor
oleaut32.dll.VarAbs
oleaut32.dll.VarFix
oleaut32.dll.VarInt
oleaut32.dll.VarNeg
oleaut32.dll.VarNot
oleaut32.dll.VarRound
oleaut32.dll.VarCmp
oleaut32.dll.VarDecAdd
oleaut32.dll.VarDecCmp
oleaut32.dll.VarBstrCat
oleaut32.dll.VarCyMulI4
oleaut32.dll.VarBstrCmp
ole32.dll.CoCreateInstanceEx
ole32.dll.CLSIDFromProgIDEx
sxs.dll.SxsOleAut32MapIIDOrCLSIDToTypeLibrary
user32.dll.GetSystemMetrics
user32.dll.MonitorFromWindow
user32.dll.MonitorFromRect
user32.dll.MonitorFromPoint
user32.dll.EnumDisplayMonitors
user32.dll.GetMonitorInfoA
dwmapi.dll.DwmIsCompositionEnabled
lpk.dll.LpkEditControl
comctl32.dll.HIMAGELIST_QueryInterface
comctl32.dll.DrawShadowText
comctl32.dll.DrawSizeBox
comctl32.dll.DrawScrollBar
comctl32.dll.SizeBoxHwnd
comctl32.dll.ScrollBar_MouseMove
comctl32.dll.ScrollBar_Menu
comctl32.dll.HandleScrollCmd
comctl32.dll.DetachScrollBars
comctl32.dll.AttachScrollBars
comctl32.dll.CCSetScrollInfo
comctl32.dll.CCGetScrollInfo
comctl32.dll.CCEnableScrollBar
comctl32.dll.QuerySystemGestureStatus
uxtheme.dll.#49
uxtheme.dll.CloseThemeData
uxtheme.dll.DrawThemeBackground
kernel32.dll.NlsGetCacheUpdateCount
user32.dll.EnumThreadWindows
shell32.dll.Shell_NotifyIconW
kernel32.dll.CreateFileMappingA
kernel32.dll.MapViewOfFile
ntdll.dll.NtSetInformationProcess
kernel32.dll.Sleep
user32.dll.GetDesktopWindow
kernel32.dll.HeapAlloc
kernel32.dll.SetLastError
kernel32.dll.SetErrorMode
ntdll.dll.NtYieldExecution
ntdll.dll.NtProtectVirtualMemory
kernel32.dll.CreateFileA
kernel32.dll.WriteFile
kernel32.dll.CloseHandle
kernel32.dll.ReadFile
kernel32.dll.GetFileSize
kernel32.dll.UnmapViewOfFile
kernel32.dll.VirtualProtectEx
kernel32.dll.GetLongPathNameA
kernel32.dll.TerminateProcess
iphlpapi.dll.GetAdaptersInfo
kernel32.dll.VirtualAllocEx
shell32.dll.ShellExecuteA
user32.dll.EnumWindows
user32.dll.DestroyWindow

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-08-03 21:21:06

Detected family: #Barys

TheSystem Itself @ 2018-08-03 21:26:02