Loading ...

Similarity Report

Overview

General Information

Joe Sandbox Version:23.0.0
Analysis ID:59569
Start date:29.08.2018
Start time:13:27:26
Joe Sandbox Product:Cloud
Overall analysis duration:0h 6m 25s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:csshead.exe
Cookbook file name:default.jbs
Analysis system description:W10 Native physical Machine for testing VM-aware malware (Office 2010, Java 1.8.0_91, Flash 22.0.0.192, Acrobat Reader DC 15.016.20039, Internet Explorer 11, Chrome 55, Firefox 50)
Number of analysed new started processes analysed:2
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies
  • HCA enabled
  • EGA enabled
  • HDC enabled
Analysis stop reason:Timeout
Detection:MAL
Classification:mal88.evad.winEXE@3/0@0/0
EGA Information:
  • Successful, ratio: 100%
HDC Information:
  • Successful, ratio: 32.7% (good quality ratio 29.3%)
  • Quality average: 80.9%
  • Quality standard deviation: 32.2%
HCA Information:
  • Successful, ratio: 57%
  • Number of executed functions: 89
  • Number of non-executed functions: 244
Cookbook Comments:
  • Adjust boot time
  • Found application associated with file extension: .exe

Static File Info

File type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy (8bit):7.868755127097456
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.39%
  • UPX compressed Win32 Executable (30571/9) 0.30%
  • Win32 EXE Yoda's Crypter (26571/9) 0.26%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
File name:csshead.exe
File size:165888
MD5:f0309aa0519ee70c29bbb471352781e7
SHA1:c0c4dd4c997f2a590eb5d9947e2ba81e79ce3c13
SHA256:7c13b9ab1ce7fdeeb8fbb235ed593e4affdedf317a6b7eac06ca3a64ab62daba
SHA512:3e0f96ccc07b3ded937e7ec01a5f2a858ceb8b88db53ad5a289172ae7b9f5722de689f4a0ecc39275b4c8c1a0be32466d147187a2025911dfadd199af4302ada
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*I.dn(.7n(.7n(.7.^?7k(.7u..7J(.7gP.7i(.7gP.7I(.7n(.7.).7u.>7.(.7u.?7/(.7u..7o(.7u..7o(.7Richn(.7........PE..L...F.9[...........

Similarity Information

Algorithm:APISTRING
Total Signature IDs in Database:4108360
Total Processes Database:48855
Total similar Processes:5077
Total similar Functions:20318

Similar Processes

  • csshead.exe (MD5: F0309AA0519EE70C29BBB471352781E7, PID: 1288)
    • jAqtHkfbz6.exe (PID: 3856, MD5: 201218D74CB36FA3B507B52B3F542E31 AnalysisID: 63349 Similar Functions: 61)
    • paint.exe (PID: 3424, MD5: 9A1C6993B7571ED6460D06833B78966C AnalysisID: 71976 Similar Functions: 57)
    • file2.exe (PID: 3684, MD5: 2B6E31835DAF786F3E9DEEC103C208BB AnalysisID: 66847 Similar Functions: 54)
    • winsvc.exe (PID: 3644, MD5: F80376F6E67D79147715E70823DE3A00 AnalysisID: 65110 Similar Functions: 54)
    • winsvc.exe (PID: 3652, MD5: F80376F6E67D79147715E70823DE3A00 AnalysisID: 65102 Similar Functions: 54)
    • winsvc.exe (PID: 3648, MD5: F80376F6E67D79147715E70823DE3A00 AnalysisID: 65090 Similar Functions: 49)
    • splugin.exe (PID: 3252, MD5: C09F5356DE9941991CD3B3D6D67D9106 AnalysisID: 41148 Similar Functions: 48)
    • tr.exe (PID: 2832, MD5: B63A39FAD3EDC42EF9968A870BB5ED84 AnalysisID: 31223 Similar Functions: 46)
    • 6683962.exe (PID: 3736, MD5: 941FA30BE8DCFEF277CE62DE74FFBF99 AnalysisID: 56382 Similar Functions: 45)
    • mlsd.exe (PID: 3440, MD5: 6EED20CCE1D8877E9953E4375AC750CE AnalysisID: 59838 Similar Functions: 45)
    • 3666712.exe (PID: 3484, MD5: EFB98185CB4A95C8E3F209B05EB4AEBC AnalysisID: 50392 Similar Functions: 45)
    • TempcQb83.eXe (PID: 3620, MD5: F80376F6E67D79147715E70823DE3A00 AnalysisID: 65112 Similar Functions: 44)
    • mxdn.exe (PID: 3456, MD5: 00FE617BE3854F8B3EB373E8272148DD AnalysisID: 49462 Similar Functions: 44)
    • winsvc.exe (PID: 3640, MD5: F80376F6E67D79147715E70823DE3A00 AnalysisID: 65115 Similar Functions: 44)
    • 9669353.exe (PID: 2772, MD5: 37C2017497122FE4AFCAD7FF30A24EF8 AnalysisID: 53041 Similar Functions: 43)
    • IPCPlgSvr.exe (PID: 3252, MD5: 91C6DFDA8F1B59308B7554A5E5666045 AnalysisID: 36661 Similar Functions: 38)
    • winsvc.exe (PID: 3656, MD5: F80376F6E67D79147715E70823DE3A00 AnalysisID: 65079 Similar Functions: 37)
    • press.exe (PID: 3212, MD5: C58F5A736C6E80CF3C4426DA67540F95 AnalysisID: 47139 Similar Functions: 36)
    • hjEjEgfnS.exe (PID: 3644, MD5: EFDB6033DCCF27FE103B8FC13BC4F2D7 AnalysisID: 378142 Similar Functions: 36)
    • speakface.exe (PID: 3612, MD5: 59360C0B24903D470D51A3544258A763 AnalysisID: 52753 Similar Functions: 36)
    • vtype.exe (PID: 3244, MD5: 1B8683494257868642655C7842B39CAA AnalysisID: 47031 Similar Functions: 36)
    • speakface.exe (PID: 3928, MD5: 59360C0B24903D470D51A3544258A763 AnalysisID: 52739 Similar Functions: 36)
    • speakface.exe (PID: 3632, MD5: 59360C0B24903D470D51A3544258A763 AnalysisID: 52699 Similar Functions: 35)
    • pvideo.exe (PID: 3248, MD5: B01470F68E56B010951D66644DEE76F4 AnalysisID: 40334 Similar Functions: 35)
    • 855985.exe (PID: 3580, MD5: 57EE4F77C5D58591B70400C4B4860399 AnalysisID: 55567 Similar Functions: 32)
    • 181948.exe (PID: 3584, MD5: 57EE4F77C5D58591B70400C4B4860399 AnalysisID: 55567 Similar Functions: 32)
    • proshuto8.exe (PID: 2668, MD5: 6F2AA155D82BF38A17AE83131F1A152D AnalysisID: 296551 Similar Functions: 32)
    • java.exe (PID: 1208, MD5: 6F4EB294ACF731771AFE3EF6F7EE812D AnalysisID: 271850 Similar Functions: 30)
    • speakface.exe (PID: 3624, MD5: 59360C0B24903D470D51A3544258A763 AnalysisID: 52761 Similar Functions: 30)
    • speakface.exe (PID: 3608, MD5: 59360C0B24903D470D51A3544258A763 AnalysisID: 52658 Similar Functions: 30)
  • explorer.exe (MD5: FCBCED2A237DCD7EF86CED551B731742, PID: 340)
    • splugin.exe (PID: 3252, MD5: C09F5356DE9941991CD3B3D6D67D9106 AnalysisID: 41148 Similar Functions: 29)
    • pvideo.exe (PID: 3248, MD5: B01470F68E56B010951D66644DEE76F4 AnalysisID: 40334 Similar Functions: 29)
    • press.exe (PID: 3212, MD5: C58F5A736C6E80CF3C4426DA67540F95 AnalysisID: 47139 Similar Functions: 28)
    • paint.exe (PID: 3424, MD5: 9A1C6993B7571ED6460D06833B78966C AnalysisID: 71976 Similar Functions: 28)
    • vtype.exe (PID: 3244, MD5: 1B8683494257868642655C7842B39CAA AnalysisID: 47031 Similar Functions: 28)
    • 3666712.exe (PID: 3484, MD5: EFB98185CB4A95C8E3F209B05EB4AEBC AnalysisID: 50392 Similar Functions: 28)
    • 6683962.exe (PID: 3736, MD5: 941FA30BE8DCFEF277CE62DE74FFBF99 AnalysisID: 56382 Similar Functions: 28)
    • mxdn.exe (PID: 3456, MD5: 00FE617BE3854F8B3EB373E8272148DD AnalysisID: 49462 Similar Functions: 28)
    • mlsd.exe (PID: 3440, MD5: 6EED20CCE1D8877E9953E4375AC750CE AnalysisID: 59838 Similar Functions: 28)
    • tr.exe (PID: 2832, MD5: B63A39FAD3EDC42EF9968A870BB5ED84 AnalysisID: 31223 Similar Functions: 27)
    • 9669353.exe (PID: 2772, MD5: 37C2017497122FE4AFCAD7FF30A24EF8 AnalysisID: 53041 Similar Functions: 26)
    • jAqtHkfbz6.exe (PID: 3856, MD5: 201218D74CB36FA3B507B52B3F542E31 AnalysisID: 63349 Similar Functions: 23)
    • 2016080813380002,jpg.jpg.exe (PID: 2816, MD5: 26BFC108EC961EA10CA20AFCE4594D95 AnalysisID: 25668 Similar Functions: 14)
    • id654093871066.pdf.exe (PID: 3020, MD5: 69BE1E62B00BA27CC4AE0E3B41720D41 AnalysisID: 28881 Similar Functions: 14)
    • explorer.exe (PID: 3100, MD5: 8B88EBBB05A0E56B7DCC708498C02B3E AnalysisID: 28881 Similar Functions: 13)
    • dwm.exe (PID: 1420, MD5: 505BF4D1CADEB8D4F8BCD08D944DE25D AnalysisID: 56574 Similar Functions: 7)
    • taskhost.exe (PID: 3424, MD5: 72E953215CADE1A726C04AAFDF6B463D AnalysisID: 355921 Similar Functions: 5)
    • dwm.exe (PID: 1704, MD5: 505BF4D1CADEB8D4F8BCD08D944DE25D AnalysisID: 28958 Similar Functions: 4)
    • reader_sl.exe (PID: 1900, MD5: 505F022493D471025ADD399A4162208B AnalysisID: 24588 Similar Functions: 4)
    • taskhost.exe (PID: 2956, MD5: 72E953215CADE1A726C04AAFDF6B463D AnalysisID: 249130 Similar Functions: 3)
    • explorer.exe (PID: 1712, MD5: 8B88EBBB05A0E56B7DCC708498C02B3E AnalysisID: 28958 Similar Functions: 3)
    • taskhost.exe (PID: 1256, MD5: 72E953215CADE1A726C04AAFDF6B463D AnalysisID: 356353 Similar Functions: 3)
    • dwm.exe (PID: 3480, MD5: 505BF4D1CADEB8D4F8BCD08D944DE25D AnalysisID: 355921 Similar Functions: 3)
    • taskhost.exe (PID: 2568, MD5: 72E953215CADE1A726C04AAFDF6B463D AnalysisID: 247333 Similar Functions: 3)
    • dwm.exe (PID: 1684, MD5: 505BF4D1CADEB8D4F8BCD08D944DE25D AnalysisID: 24588 Similar Functions: 3)
    • hitmanpro.3.7.x-patch.exe (PID: 3256, MD5: 92018B6185D8822BF7194CAE21E5C7EB AnalysisID: 41260 Similar Functions: 3)
    • taskhost.exe (PID: 3100, MD5: 72E953215CADE1A726C04AAFDF6B463D AnalysisID: 258313 Similar Functions: 3)
    • poweriso.6.x.patch.exe (PID: 2816, MD5: 57F4BC6B07929B5C183D69EBAE904FDB AnalysisID: 30238 Similar Functions: 3)
    • etup.exe (PID: 3748, MD5: 8AD504D873DBA440325BDCE426FD2CE7 AnalysisID: 49904 Similar Functions: 2)
    • glasswire-patch[Settings-fixed].exe (PID: 2820, MD5: C8398C45B86F64452448F1360580C710 AnalysisID: 30860 Similar Functions: 2)

Similar Functions

  • Function_00014397 API ID: GetModuleHandleGetProcAddress, String ID: CorExitProcess$[FILE], Total Matches: 2031
  • Function_00014FEB API ID: IsDebuggerPresentSetUnhandledExceptionFilterUnhandledExceptionFilter, String ID: , Total Matches: 1574
  • Function_0001CD2B API ID: _parse_cmdline$GetModuleFileName, String ID: [FILE], Total Matches: 1436
  • Function_0001D0C2 API ID: GetCurrentProcessIdGetCurrentThreadIdGetSystemTimeAsFileTimeGetTickCountRtlQueryPerformanceCounter, String ID: , Total Matches: 1399
  • Function_0001CDE6 API ID: FreeEnvironmentStringsWideCharToMultiByte$GetEnvironmentStrings, String ID: , Total Matches: 1214
  • Function_000186E5 API ID: __cftof2_l__fltout2, String ID: -, Total Matches: 1199
  • Function_000187A6 API ID: __cftof2_l__fltout2, String ID: -, Total Matches: 1199
  • Function_0001580D API ID: InterlockedDecrementInterlockedIncrement$__getptd, String ID: , Total Matches: 1129
  • Function_0001826C API ID: __alldvrm$__cftoe_strrchr, String ID: 0, Total Matches: 1040
  • Function_0001A651 API ID: __getptd, String ID: csm, Total Matches: 945
  • Function_00015504 API ID: InterlockedDecrementInterlockedIncrement__amsg_exit__getptd, String ID: , Total Matches: 891
  • Function_00015DBE API ID: GetModuleHandleInterlockedIncrement, String ID: KERNEL32.DLL, Total Matches: 793
  • EntryPoint API ID: VirtualProtect$ExitProcessGetProcAddressLoadLibrary, String ID: , Total Matches: 529
  • Function_0001C6E0 API ID: LCMapString$MultiByteToWideChar$WideCharToMultiByte, String ID: , Total Matches: 514
  • Function_00018185 API ID: __fltout2, String ID: -$e+000, Total Matches: 485
  • Function_000042D4 API ID: GetTokenInformation$CloseHandleGetLastErrorGetSidSubAuthorityGetSidSubAuthorityCountOpenProcessToken, String ID: , Total Matches: 383
  • Function_000042D4 API ID: GetTokenInformation$CloseHandleGetLastErrorGetSidSubAuthorityGetSidSubAuthorityCountOpenProcessToken, String ID: , Total Matches: 383
  • Function_0001A8D8 API ID: _UnwindNestedFrames, String ID: csm$csm, Total Matches: 379
  • Function_0001A946 API ID: __getptd$_CallSETranslator_GetRangeOfTrysToCheck, String ID: MOC$RCC$csm$csm$csm, Total Matches: 376
  • Function_0001CAB5 API ID: _strlen, String ID: , Total Matches: 365
  • Function_0000FC10 API ID: GetTopWindow$GetWindowSendMessage, String ID: , Total Matches: 248
  • Function_00015E72 API ID: GetCurrentThreadIdGetLastErrorRtlDecodePointerSetLastError, String ID: , Total Matches: 124
  • Function_00022A40 API ID: GetLastErrorMultiByteToWideChar$SysAllocStringlstrlen, String ID: , Total Matches: 119
  • Function_000139DD API ID: GetModuleHandleGetProcAddressGetSystemInfoVirtualAllocVirtualProtectVirtualQuery, String ID: SetThreadStackGuarantee$[FILE], Total Matches: 114
  • Function_000160A2 API ID: GetProcAddressRtlEncodePointer$RtlDecodePointer$GetCurrentThreadIdGetModuleHandleTlsAllocTlsSetValue, String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL, Total Matches: 92
  • Function_00001A50 API ID: CallWindowProcGetWindowLong$SetWindowLong, String ID: $, Total Matches: 77
  • Function_00010390 API ID: CallWindowProcGetWindowLong$SetWindowLong, String ID: $, Total Matches: 77
  • Function_000041C8 API ID: AllocateAndInitializeSidCloseHandleEqualSidFreeSidGetCurrentProcessGetCurrentThreadGetLastErrorGetTokenInformationOpenProcessTokenOpenThreadToken, String ID: , Total Matches: 51
  • Function_000041CC API ID: AllocateAndInitializeSidCloseHandleEqualSidFreeSidGetCurrentProcessGetCurrentThreadGetLastErrorGetTokenInformationOpenProcessTokenOpenThreadToken, String ID: , Total Matches: 51
  • Function_000041C8 API ID: AllocateAndInitializeSidCloseHandleEqualSidFreeSidGetCurrentProcessGetCurrentThreadGetLastErrorGetTokenInformationOpenProcessTokenOpenThreadToken, String ID: , Total Matches: 51
  • Function_000041CC API ID: AllocateAndInitializeSidCloseHandleEqualSidFreeSidGetCurrentProcessGetCurrentThreadGetLastErrorGetTokenInformationOpenProcessTokenOpenThreadToken, String ID: , Total Matches: 51
  • Function_00019A60 API ID: __FindPESection$_ValidateScopeTableHandlers$VirtualQuery, String ID: , Total Matches: 41
  • Function_0000485C API ID: CloseHandleCreateFileFlushFileBuffersWriteFile, String ID: , Total Matches: 39
  • Function_0000485C API ID: CloseHandleCreateFileFlushFileBuffersWriteFile, String ID: , Total Matches: 39
  • Function_00016034 API ID: TlsGetValue$RtlDecodePointerTlsSetValue, String ID: , Total Matches: 31
  • Function_00005026 API ID: CloseHandle$CreateFileMappingCreateProcessGetExitCodeProcessGetModuleHandleGetThreadContextMapViewOfFileResumeThreadVirtualProtectExWaitForSingleObjectWriteProcessMemory, String ID: D$_section, Total Matches: 30
  • Function_00005028 API ID: CloseHandle$CreateFileMappingCreateProcessGetExitCodeProcessGetModuleHandleGetThreadContextMapViewOfFileResumeThreadVirtualProtectExWaitForSingleObjectWriteProcessMemory, String ID: D$_section, Total Matches: 30
  • Function_00005028 API ID: CloseHandle$CreateFileMappingCreateProcessGetExitCodeProcessGetModuleHandleGetThreadContextMapViewOfFileResumeThreadVirtualProtectExWaitForSingleObjectWriteProcessMemory, String ID: D$_section, Total Matches: 30
  • Function_00005026 API ID: CloseHandle$CreateFileMappingCreateProcessGetExitCodeProcessGetModuleHandleGetThreadContextMapViewOfFileResumeThreadVirtualProtectExWaitForSingleObjectWriteProcessMemory, String ID: D$_section, Total Matches: 30
  • Function_000080C0 API ID: CloseHandleSHDeleteKey$CreateEventExitProcessReleaseMutexRtlRemoveVectoredExceptionHandlerSendMessageWaitForSingleObject, String ID: .lnk, Total Matches: 28
  • Function_000080BE API ID: CloseHandleSHDeleteKey$CreateEventExitProcessReleaseMutexRtlRemoveVectoredExceptionHandlerSendMessageWaitForSingleObject, String ID: .lnk, Total Matches: 28
  • Function_00007C4E API ID: CreateFileReadFile$CloseHandleSetFilePointer, String ID: , Total Matches: 27
  • Function_00007C50 API ID: CreateFileReadFile$CloseHandleSetFilePointer, String ID: , Total Matches: 27
  • Function_00007C4E API ID: CreateFileReadFile$CloseHandleSetFilePointer, String ID: , Total Matches: 27
  • Function_00007C50 API ID: CreateFileReadFile$CloseHandleSetFilePointer, String ID: , Total Matches: 27
  • Function_00010A00 API ID: CreateWindowExFlushInstructionCacheGetCurrentProcessSetLastError, String ID: , Total Matches: 23
  • Function_00004406 API ID: ConvertStringSecurityDescriptorToSecurityDescriptorGetSecurityDescriptorSaclInitializeSecurityDescriptorLocalFreeSetSecurityDescriptorDaclSetSecurityDescriptorSacl, String ID: , Total Matches: 22
  • Function_00004408 API ID: ConvertStringSecurityDescriptorToSecurityDescriptorGetSecurityDescriptorSaclInitializeSecurityDescriptorLocalFreeSetSecurityDescriptorDaclSetSecurityDescriptorSacl, String ID: , Total Matches: 22
  • Function_00004408 API ID: ConvertStringSecurityDescriptorToSecurityDescriptorGetSecurityDescriptorSaclInitializeSecurityDescriptorLocalFreeSetSecurityDescriptorDaclSetSecurityDescriptorSacl, String ID: , Total Matches: 22
  • Function_00004406 API ID: ConvertStringSecurityDescriptorToSecurityDescriptorGetSecurityDescriptorSaclInitializeSecurityDescriptorLocalFreeSetSecurityDescriptorDaclSetSecurityDescriptorSacl, String ID: , Total Matches: 22
  • Function_00008258 API ID: WSACleanupWSAStartupgethostbynamegethostnameinet_ntoa, String ID: , Total Matches: 16
  • Function_000047AC API ID: CreateFile$CloseHandleGetFileSizeReadFile, String ID: , Total Matches: 15
  • Function_0000660C API ID: Sleep$GetTickCount, String ID: d, Total Matches: 15
  • Function_00008AA4 API ID: CreateWindowExDispatchMessageGetMessageRegisterClassExRtlExitUserThreadTranslateMessage, String ID: 0, Total Matches: 15
  • Function_00008AA4 API ID: CreateWindowExDispatchMessageGetMessageRegisterClassExRtlExitUserThreadTranslateMessage, String ID: 0, Total Matches: 15
  • Function_000047AC API ID: CreateFile$CloseHandleGetFileSizeReadFile, String ID: , Total Matches: 15
  • Function_0000660C API ID: Sleep$GetTickCount, String ID: d, Total Matches: 15
  • Function_00004608 API ID: Sleep$CloseHandleCreateFileDeleteFileFlushFileBuffersGetFileSizeWriteFile, String ID: d, Total Matches: 14
  • Function_000082F4 API ID: CreateProcessGetTempPathSleepwsprintf, String ID: >UD $D, Total Matches: 14
  • Function_00004608 API ID: Sleep$CloseHandleCreateFileDeleteFileFlushFileBuffersGetFileSizeWriteFile, String ID: d, Total Matches: 14
  • Function_000082F4 API ID: CreateProcessGetTempPathSleepwsprintf, String ID: >UD $D, Total Matches: 14
  • Function_00001910 API ID: MonitorFromPoint$GetMonitorInfo, String ID: (, Total Matches: 13
  • Function_00009230 API ID: CloseHandleExitProcessOpenMutexSleep, String ID: -, Total Matches: 12
  • Function_00005640 API ID: FindCloseFindFirstFileFindNextFileSHGetSpecialFolderPath, String ID: ., Total Matches: 12
  • Function_00003C28 API ID: CloseHandleCreateFileWriteFile, String ID: P, Total Matches: 12
  • Function_000076A0 API ID: MoveFileEx, String ID: .lnk$.txt, Total Matches: 12
  • Function_00008D0C API ID: GetCurrentProcess$CreateMutexGetCursorPosLocalAllocLocalFreeRtlExitUserThreadRtlInitializeCriticalSectionSleep, String ID: .lnk, Total Matches: 12
  • Function_00007D3C API ID: GetTempPathShellExecute, String ID: , Total Matches: 12
  • Function_00001440 API ID: SendMessage$GetClientRectGetMenuItemCount, String ID: , Total Matches: 12
  • Function_00001530 API ID: SendMessage$GetClientRectGetMenuItemCount, String ID: , Total Matches: 12
  • Function_00005640 API ID: FindCloseFindFirstFileFindNextFileSHGetSpecialFolderPath, String ID: ., Total Matches: 12
  • Function_00003C28 API ID: CloseHandleCreateFileWriteFile, String ID: P, Total Matches: 12
  • Function_00009230 API ID: CloseHandleExitProcessOpenMutexSleep, String ID: -, Total Matches: 12
  • Function_00007D3C API ID: GetTempPathShellExecute, String ID: , Total Matches: 12
  • Function_00002574 API ID: LoadLibrary, String ID: '\/$'`+9$+WJ$:H$A;=S$B=K$D$C2$Psapi$WO$W[Q$_p5:$`M<$ad$j$xtz:$z{y<, Total Matches: 11
  • Function_00002574 API ID: LoadLibrary, String ID: '\/$'`+9$+WJ$:H$A;=S$B=K$D$C2$Psapi$WO$W[Q$_p5:$`M<$ad$j$xtz:$z{y<, Total Matches: 11
  • Function_0000E750 API ID: SendMessage$GetClientRectSetWindowPos, String ID: , Total Matches: 10
  • Function_00008760 API ID: GetWindowLongGetWindowRectSendMessage$InvalidateRect, String ID: , Total Matches: 9
  • Function_00006430 API ID: GetClassNamelstrcmp$CallNextHookEx, String ID: #32768, Total Matches: 8
  • Function_00000EB0 API ID: SendMessage$GetActiveWindowGetCurrentProcessIdGetWindowThreadProcessIdIsWindowEnabled, String ID: , Total Matches: 8
  • Function_0000F120 API ID: RtlLeaveCriticalSection$RaiseExceptionRtlEnterCriticalSection, String ID: , Total Matches: 5
  • Function_00000AE0 API ID: FreeLibrary$GetProcAddressLoadLibrary, String ID: DllGetVersion, Total Matches: 5
  • Function_00013C45 API ID: GetLastError$CreateThreadGetCurrentThreadIdRtlExitUserThread___fls_getvalue@4___fls_setvalue@8__getptd, String ID: , Total Matches: 5
  • Function_00013C51 API ID: GetLastError$CreateThreadGetCurrentThreadIdRtlExitUserThread___fls_getvalue@4___fls_setvalue@8__getptd, String ID: , Total Matches: 5
  • Function_00000C00 API ID: GetProcAddress$FreeLibraryLoadLibrary, String ID: IsAppThemed$IsThemeActive$[FILE], Total Matches: 5
  • Function_00006ECE API ID: CharLowerBuffSetupDiDestroyDeviceInfoListSetupDiEnumDeviceInfoSetupDiGetClassDevsSetupDiGetDeviceRegistryProperty$LoadLibrary, String ID: n@, Total Matches: 4
  • Function_00006EEC API ID: CharLowerBuffSetupDiDestroyDeviceInfoListSetupDiEnumDeviceInfoSetupDiGetClassDevsSetupDiGetDeviceRegistryProperty$LoadLibrary, String ID: n@, Total Matches: 4
  • Function_00006900 API ID: GetComputerNameRegOpenKeyEx, String ID: t!@, Total Matches: 4
  • Function_00006904 API ID: GetComputerNameRegOpenKeyEx, String ID: t!@, Total Matches: 4
  • Function_00004B9B API ID: GetComputerNameGetVolumeInformationRegOpenKeyEx, String ID: t!@, Total Matches: 4
  • Function_00004BA0 API ID: GetComputerNameGetVolumeInformationRegOpenKeyEx, String ID: t!@, Total Matches: 4
  • Function_000040E0 API ID: IsWindow$SendMessageSetFocus, String ID: , Total Matches: 4
  • Function_00008ED0 API ID: PeekMessage$DestroyMenuGetMenuItemCountMapWindowPointsPtInRectRemoveMenu, String ID: , Total Matches: 4
  • Function_000017F0 API ID: GetWindowLong$SetWindowLong, String ID: $, Total Matches: 3
  • Function_00004A68 API ID: GetCurrentProcess$GetComputerNameRegOpenKeyEx, String ID: t!@, Total Matches: 2
  • Function_000090B8 API ID: VirtualProtect, String ID: !@, Total Matches: 2
  • Function_00006110 API ID: GetSysColorBrush$FillRect$FrameRect$DrawEdgeGetMenuItemInfoGetSysColorInflateRectOffsetRectSetBkMode, String ID: , Total Matches: 2
  • Function_00003E50 API ID: SelectObjectSendMessage$DrawTextSetBkModeSetTextColor, String ID: , Total Matches: 2
  • Function_00002A20 API ID: DrawText$SetTextColorlstrlen, String ID: , Total Matches: 1
  • Function_00003B70 API ID: RegisterClipboardFormatRtlEnterCriticalSectionRtlLeaveCriticalSection, String ID: WTL_CmdBar_InternalGetBarMsg, Total Matches: 1
  • Function_00003B20 API ID: RegisterClipboardFormatRtlEnterCriticalSectionRtlLeaveCriticalSection, String ID: WTL_CmdBar_InternalAutoPopupMsg, Total Matches: 1
  • Function_0000F4A0 API ID: DeleteObject$FindResourceLoadBitmapLoadImageLoadResourceLockResource, String ID: , Total Matches: 1
  • Function_0000FD50 API ID: SetWindowTextlstrcpylstrlenwsprintf, String ID: :%d, Total Matches: 1
  • Function_0000FDD0 API ID: lstrcat$SetWindowTextlstrcpylstrlenwsprintf, String ID: - $:%d, Total Matches: 1
  • Function_00011E10 API ID: GetProcessHeap$HeapFreeInterlockedCompareExchangeIsProcessorFeaturePresentRtlAllocateHeap, String ID: , Total Matches: 1
  • Function_000056C0 API ID: PostMessageSendMessage$GetFocusIsWindow$RaiseException, String ID: , Total Matches: 1
  • Function_00001F60 API ID: GetMenuDefaultItemGetSystemMenuGetWindowRectPtInRectSendMessage, String ID: , Total Matches: 1
  • Function_00011F2E API ID: RtlInterlockedPopEntrySList$GetProcessHeapRtlAllocateHeapRtlInterlockedPushEntrySListVirtualAllocVirtualFree, String ID: , Total Matches: 1