Report - ZeroBOX

ScreenShot

Info
Location map


Created	2023.05.24 17:54	Machine	s1_win7_x6402
Filename	zRqNu.dll
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
AI Score	3	Behavior Score	1.4
ZERO API	file : clean
VT API (file)
md5	8e371c48b36abdaf30b8f35f07f190b4
sha256	876a4a9fe896cd9b34201640081edeb7301344cab299f3b6f25381a475fee211
ssdeep	12288:E0Q/BH9YuINd+Sm2n2jl9tWUAAfPpaNXoLa/:E0QeVm2Ol9tZfPaY
imphash	eb1ea6150fa1c9db76d3739f2665d648
impfuzzy	24:gdKAWlKbTWkP95DoKncp44WdbmbtsS1zO5g2xC2cn03VwJ38:grW6Wk95cp6MtsS1zJw20W8

Network IP location

Signature (5cnts)

Level	Description
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	Checks if process is being debugged by a debugger
info	One or more processes crashed
info	This executable has a PDB path

Rules (7cnts)

Level	Name	Description	Collection
danger	Win32_Trojan_Gen_1_0904B0_Zero	Win32 Trojan Emotet	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (upload)
info	IsDLL	(no description)	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	OS_Processor_Check_Zero	OS Processor Check	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)
info	Win32_Trojan_Gen_2_0904B0_Zero	Win32 Trojan Gen	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
0x1003a000 RaiseException
0x1003a004 ReleaseSRWLockExclusive
0x1003a008 AcquireSRWLockExclusive
0x1003a00c ReleaseSRWLockShared
0x1003a010 AcquireSRWLockShared
0x1003a014 FormatMessageW
0x1003a018 GetProcAddress
0x1003a01c LoadLibraryExW
0x1003a020 HeapFree
0x1003a024 EnterCriticalSection
0x1003a028 LeaveCriticalSection
0x1003a02c InitializeCriticalSectionEx
0x1003a030 GetLastError
0x1003a034 OutputDebugStringW
0x1003a038 HeapAlloc
0x1003a03c DeleteCriticalSection
0x1003a040 GetProcessHeap
0x1003a044 CreateEventExW
0x1003a048 WaitForMultipleObjectsEx
0x1003a04c SetEvent
0x1003a050 CloseHandle
0x1003a054 DecodePointer
0x1003a058 InitializeSRWLock
0x1003a05c TryAcquireSRWLockShared
0x1003a060 UnhandledExceptionFilter
0x1003a064 SetUnhandledExceptionFilter
0x1003a068 GetCurrentProcess
0x1003a06c TerminateProcess
0x1003a070 IsProcessorFeaturePresent
0x1003a074 IsDebuggerPresent
0x1003a078 QueryPerformanceCounter
0x1003a07c GetCurrentProcessId
0x1003a080 GetCurrentThreadId
0x1003a084 GetSystemTimeAsFileTime
0x1003a088 DisableThreadLibraryCalls
0x1003a08c InitializeSListHead
ole32.dll
0x1003a1c4 CoTaskMemAlloc
0x1003a1c8 CoGetApartmentType
0x1003a1cc CoMarshalInterThreadInterfaceInStream
0x1003a1d0 CoGetInterfaceAndReleaseStream
0x1003a1d4 CoAddRefServerProcess
0x1003a1d8 CoGetContextToken
0x1003a1dc CoGetObjectContext
0x1003a1e0 CoCreateFreeThreadedMarshaler
0x1003a1e4 CoTaskMemFree
0x1003a1e8 CoReleaseServerProcess

EAT(Export Address Table) Library

0x1001f5e0 P@Exception@Platform@@U$AAAXXZ
0x100264f0 P@String@Platform@@U$AAAXXZ
0x10026620 P@Type@Platform@@U$AAAXXZ
0x1001fc50 P?0AccessDeniedException@Platform@@Q$AAA@P$AAVString@1@@Z
0x1001fc10 P?0AccessDeniedException@Platform@@Q$AAA@XZ
0x1000c0b0 P?0Attribute@Metadata@Platform@@Q$AAA@XZ
0x1000c960 P?0Boolean@Platform@@QAA@_N@Z
0x1001f8b0 P?0COMException@Platform@@Q$AAA@H@Z
0x1001f8f0 P?0COMException@Platform@@Q$AAA@HP$AAVString@1@@Z
0x1001fe00 P?0ChangedStateException@Platform@@Q$AAA@P$AAVString@1@@Z
0x1001fdc0 P?0ChangedStateException@Platform@@Q$AAA@XZ
0x1001ff20 P?0ClassNotRegisteredException@Platform@@Q$AAA@P$AAVString@1@@Z
0x1001fee0 P?0ClassNotRegisteredException@Platform@@Q$AAA@XZ
0x1001dd10 P?0Delegate@Platform@@Q$AAA@XZ
0x1001ffb0 P?0DisconnectedException@Platform@@Q$AAA@P$AAVString@1@@Z
0x1001ff70 P?0DisconnectedException@Platform@@Q$AAA@XZ
0x100226f0 P?0Enum@Platform@@Q$AAA@XZ
0x1001f400 P?0Exception@Platform@@Q$AAA@H@Z
0x1001f4b0 P?0Exception@Platform@@Q$AAA@HP$AAVString@1@@Z
0x1001fce0 P?0FailureException@Platform@@Q$AAA@P$AAVString@1@@Z
0x1001fca0 P?0FailureException@Platform@@Q$AAA@XZ
0x1000e5c0 P?0GridLength@Xaml@UI@Windows@@QAA@NW4GridUnitType@123@@Z
0x1000cc10 P?0IntPtr@Platform@@QAA@H@Z
0x1000cc10 P?0IntPtr@Platform@@QAA@PAX@Z
0x1001fa10 P?0InvalidArgumentException@Platform@@Q$AAA@P$AAVString@1@@Z
0x1001f9d0 P?0InvalidArgumentException@Platform@@Q$AAA@XZ
0x1001faa0 P?0InvalidCastException@Platform@@Q$AAA@P$AAVString@1@@Z
0x1001fa60 P?0InvalidCastException@Platform@@Q$AAA@XZ
0x1000c1b0 P?0MTAThreadAttribute@Platform@@Q$AAA@XZ
0x1001fbc0 P?0NotImplementedException@Platform@@Q$AAA@P$AAVString@1@@Z
0x1001fb80 P?0NotImplementedException@Platform@@Q$AAA@XZ
0x1001fb30 P?0NullReferenceException@Platform@@Q$AAA@P$AAVString@1@@Z
0x1001faf0 P?0NullReferenceException@Platform@@Q$AAA@XZ
0x100221b0 P?0Object@Platform@@Q$AAA@XZ
0x100200d0 P?0ObjectDisposedException@Platform@@Q$AAA@P$AAVString@1@@Z
0x10020090 P?0ObjectDisposedException@Platform@@Q$AAA@XZ
0x1000c220 P?0OnePhaseConstructedAttribute@CompilerServices@Runtime@Platform@@Q$AAA@XZ
0x1001fe90 P?0OperationCanceledException@Platform@@Q$AAA@P$AAVString@1@@Z
0x1001fe50 P?0OperationCanceledException@Platform@@Q$AAA@XZ
0x1001fd70 P?0OutOfBoundsException@Platform@@Q$AAA@P$AAVString@1@@Z
0x1001fd30 P?0OutOfBoundsException@Platform@@Q$AAA@XZ
0x1001f980 P?0OutOfMemoryException@Platform@@Q$AAA@P$AAVString@1@@Z
0x1001f930 P?0OutOfMemoryException@Platform@@Q$AAA@XZ
0x1000d330 P?0Rect@Foundation@Windows@@QAA@VPoint@12@0@Z
0x1000d450 P?0Rect@Foundation@Windows@@QAA@VPoint@12@VSize@12@@Z
0x1000e570 P?0RepeatBehavior@Animation@Media@Xaml@UI@Windows@@QAA@N@Z
0x1000c150 P?0STAThreadAttribute@Platform@@Q$AAA@XZ
0x1000cc10 P?0SizeT@Platform@@QAA@H@Z
0x1000cc10 P?0SizeT@Platform@@QAA@PAX@Z
0x100267e0 P?0Type@Platform@@Q$AAA@P$AAVObject@1@@Z
0x10026640 P?0Type@Platform@@Q$AAA@VIntPtr@1@@Z
0x10026680 P?0Type@Platform@@Q$AAA@VTypeName@Interop@Xaml@UI@Windows@@@Z
0x10022700 P?0ValueType@Platform@@Q$AAA@XZ
0x10020040 P?0WrongThreadException@Platform@@Q$AAA@P$AAVString@1@@Z
0x10020000 P?0WrongThreadException@Platform@@Q$AAA@XZ
0x1000c880 P?0char16@default@@QAA@_W@Z
0x1000cf60 P?0float32@default@@QAA@M@Z
0x1000d050 P?0float64@default@@QAA@N@Z
0x1000c880 P?0int16@default@@QAA@F@Z
0x1000cc10 P?0int32@default@@QAA@H@Z
0x1000cda0 P?0int64@default@@QAA@_J@Z
0x1000c960 P?0int8@default@@QAA@C@Z
0x1000c880 P?0uint16@default@@QAA@G@Z
0x1000cc10 P?0uint32@default@@QAA@I@Z
0x1000cda0 P?0uint64@default@@QAA@_K@Z
0x1000c960 P?0uint8@default@@QAA@E@Z
0x1000cc10 P?BIntPtr@Platform@@SA?AV01@H@Z
0x1000cc10 P?BIntPtr@Platform@@SA?AV01@PAX@Z
0x1000e610 P?BIntPtr@Platform@@SAPAXV01@@Z
0x100269e0 P?BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@P$AAV01@@Z
0x10026b20 P?BType@Platform@@SAP$AAV01@VTypeName@Interop@Xaml@UI@Windows@@@Z
0x1000e2a0 P?DMatrix3D@Media3D@Media@Xaml@UI@Windows@@SA?AV012345@V012345@0@Z
0x1000d960 P?GDuration@Xaml@UI@Windows@@SA?AV0123@V0123@0@Z
0x1000d910 P?HDuration@Xaml@UI@Windows@@SA?AV0123@V0123@0@Z
0x1000da40 P?MDuration@Xaml@UI@Windows@@SA_NV0123@0@Z
0x1000da80 P?NDuration@Xaml@UI@Windows@@SA_NV0123@0@Z
0x1000d9b0 P?ODuration@Xaml@UI@Windows@@SA_NV0123@0@Z
0x1000d9f0 P?PDuration@Xaml@UI@Windows@@SA_NV0123@0@Z
0x10021d50 PAlignedAllocate@Heap@Details@Platform@@SAPAXII@Z
0x10021c00 PAlignedAllocate@Heap@Details@Platform@@SAPAXIII@Z
0x10021dd0 PAlignedAllocateException@Heap@Details@Platform@@SAPAXII@Z
0x10021ce0 PAlignedAllocateException@Heap@Details@Platform@@SAPAXIII@Z
0x10021d70 PAlignedFree@Heap@Details@Platform@@SAXPAX@Z
0x10021df0 PAlignedFreeException@Heap@Details@Platform@@SAXPAX@Z
0x10021b20 PAllocate@Heap@Details@Platform@@SAPAXI@Z
0x10021b80 PAllocate@Heap@Details@Platform@@SAPAXII@Z
0x10021d90 PAllocateException@Heap@Details@Platform@@SAPAXI@Z
0x10021c90 PAllocateException@Heap@Details@Platform@@SAPAXII@Z
0x1000dad0 PCompare@Duration@Xaml@UI@Windows@@SAHV1234@0@Z
0x1000d520 PContains@Rect@Foundation@Windows@@QAA_NVPoint@23@@Z
0x10020570 PCreateException@Exception@Platform@@SAP$AAV12@H@Z
0x10020860 PCreateException@Exception@Platform@@SAP$AAV12@HP$AAVString@2@@Z
0x1000f980 PCreateValue@Details@Platform@@YGP$AAVObject@2@W4TypeCode@2@PBX@Z
0x100279d0 PEnableFactoryCache@@YAXXZ
0x10021ef0 PEnumerateAllocatedObjects@Heap@Details@Platform@@SAXP$AAVHeapEntryHandler@23@@Z
0x1000c110 PEquals@Attribute@Metadata@Platform@@Q$AAA_NP$AAVObject@3@@Z
0x1000d170 PEquals@Boolean@Platform@@QAA_NP$AAVObject@2@@Z
0x1001dd20 PEquals@Delegate@Platform@@Q$AAA_NP$AAVObject@2@@Z
0x10022750 PEquals@Enum@Platform@@Q$AAA_NP$AAVObject@2@@Z
0x1001f660 PEquals@Exception@Platform@@U$AAA_NP$AAVObject@2@@Z
0x1000c110 PEquals@MTAThreadAttribute@Platform@@Q$AAA_NP$AAVObject@2@@Z
0x100223c0 PEquals@Object@Platform@@Q$AAA_NP$AAV12@@Z
0x1000c110 PEquals@OnePhaseConstructedAttribute@CompilerServices@Runtime@Platform@@Q$AAA_NP$AAVObject@4@@Z
0x1000c110 PEquals@STAThreadAttribute@Platform@@Q$AAA_NP$AAVObject@2@@Z
0x10026980 PEquals@Type@Platform@@U$AAA_NP$AAVObject@2@@Z
0x10022750 PEquals@ValueType@Platform@@Q$AAA_NP$AAVObject@2@@Z
0x1000c8c0 PEquals@char16@default@@QAA_NP$AAVObject@Platform@@@Z
0x1000cfa0 PEquals@float32@default@@QAA_NP$AAVObject@Platform@@@Z
0x1000d090 PEquals@float64@default@@QAA_NP$AAVObject@Platform@@@Z
0x1000caa0 PEquals@int16@default@@QAA_NP$AAVObject@Platform@@@Z
0x1000cc50 PEquals@int32@default@@QAA_NP$AAVObject@Platform@@@Z
0x1000cdf0 PEquals@int64@default@@QAA_NP$AAVObject@Platform@@@Z
0x1000c9a0 PEquals@int8@default@@QAA_NP$AAVObject@Platform@@@Z
0x1000cb70 PEquals@uint16@default@@QAA_NP$AAVObject@Platform@@@Z
0x1000cd10 PEquals@uint32@default@@QAA_NP$AAVObject@Platform@@@Z
0x1000cec0 PEquals@uint64@default@@QAA_NP$AAVObject@Platform@@@Z
0x1000c9e0 PEquals@uint8@default@@QAA_NP$AAVObject@Platform@@@Z
0x1001e410 PEventSourceAdd@Details@Platform@@YG?AVEventRegistrationToken@Foundation@Windows@@PAPAXPAUEventLock@12@P$AAVDelegate@2@@Z
0x1001e300 PEventSourceGetTargetArray@Details@Platform@@YGPAXPAXPAUEventLock@12@@Z
0x1001e360 PEventSourceGetTargetArrayEvent@Details@Platform@@YGPAXPAXIPBXPA_J@Z
0x1001e340 PEventSourceGetTargetArraySize@Details@Platform@@YGIPAX@Z
0x1001e2d0 PEventSourceInitialize@Details@Platform@@YGXPAPAX@Z
0x1001e5f0 PEventSourceRemove@Details@Platform@@YGXPAPAXPAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
0x1001e2e0 PEventSourceUninitialize@Details@Platform@@YGXPAPAX@Z
0x100279e0 PFlushFactoryCache@@YGXXZ
0x10021d30 PFree@Heap@Details@Platform@@SAXPAX@Z
0x10021db0 PFreeException@Heap@Details@Platform@@SAXPAX@Z
0x100270b0 PGetActivationFactory@Details@Platform@@YGJPAVModuleBase@1WRL@Microsoft@@PAUHSTRING__@@PAPAUIActivationFactory@@@Z
0x10027a00 PGetActivationFactoryByPCWSTR@@YGJPAXAAVGuid@Platform@@PAPAX@Z
0x100270f0 PGetCmdArguments@Details@Platform@@YAPAPA_WPAH@Z
0x1000c0c0 PGetHashCode@Attribute@Metadata@Platform@@Q$AAAHXZ
0x1000d250 PGetHashCode@Boolean@Platform@@QAAHXZ
0x1000e610 PGetHashCode@Delegate@Platform@@Q$AAAHXZ
0x10022710 PGetHashCode@Enum@Platform@@Q$AAAHXZ
0x1001f700 PGetHashCode@Exception@Platform@@U$AAAHXZ
0x1000c7f0 PGetHashCode@Guid@Platform@@QAAHXZ
0x1000c1d0 PGetHashCode@MTAThreadAttribute@Platform@@Q$AAAHXZ
0x100221c0 PGetHashCode@Object@Platform@@Q$AAAHXZ
0x1000c1d0 PGetHashCode@OnePhaseConstructedAttribute@CompilerServices@Runtime@Platform@@Q$AAAHXZ
0x1000c0c0 PGetHashCode@STAThreadAttribute@Platform@@Q$AAAHXZ
0x10022710 PGetHashCode@Type@Platform@@U$AAAHXZ
0x10022710 PGetHashCode@ValueType@Platform@@Q$AAAHXZ
0x1000c780 PGetHashCode@char16@default@@QAAHXZ
0x1000c840 PGetHashCode@float32@default@@QAAHXZ
0x1000c860 PGetHashCode@float64@default@@QAAHXZ
0x1000c7c0 PGetHashCode@int16@default@@QAAHXZ
0x1000c7f0 PGetHashCode@int32@default@@QAAHXZ
0x1000c800 PGetHashCode@int64@default@@QAAHXZ
0x1000c7a0 PGetHashCode@int8@default@@QAAHXZ
0x1000c7e0 PGetHashCode@uint16@default@@QAAHXZ
0x1000c7f0 PGetHashCode@uint32@default@@QAAHXZ
0x1000c820 PGetHashCode@uint64@default@@QAAHXZ
0x1000c7b0 PGetHashCode@uint8@default@@QAAHXZ
0x1000f970 PGetIBoxArrayVtable@Details@Platform@@YGPAXPAX@Z
0x1000ea70 PGetIBoxVtable@Details@Platform@@YGPAXPAX@Z
0x10027a90 PGetIidsFn@@YGJHPAKPBU__s_GUID@@PAPAVGuid@Platform@@@Z
0x10028ae0 PGetObjectContext@Details@Platform@@YGPAUIUnknown@@XZ
0x10028b70 PGetProxyImpl@Details@Platform@@YGJPAUIUnknown@@ABU_GUID@@0PAPAU3@@Z
0x1000d140 PGetType@Boolean@Platform@@QAAP$AAVType@2@XZ
0x1000d2e0 PGetType@Guid@Platform@@QAAP$AAVType@2@XZ
0x10022380 PGetType@Object@Platform@@Q$AAAP$AAVType@2@XZ
0x1000c890 PGetType@char16@default@@QAAP$AAVType@Platform@@XZ
0x1000cf70 PGetType@float32@default@@QAAP$AAVType@Platform@@XZ
0x1000d060 PGetType@float64@default@@QAAP$AAVType@Platform@@XZ
0x1000ca70 PGetType@int16@default@@QAAP$AAVType@Platform@@XZ
0x1000cc20 PGetType@int32@default@@QAAP$AAVType@Platform@@XZ
0x1000cdc0 PGetType@int64@default@@QAAP$AAVType@Platform@@XZ
0x1000c970 PGetType@int8@default@@QAAP$AAVType@Platform@@XZ
0x1000cb40 PGetType@uint16@default@@QAAP$AAVType@Platform@@XZ
0x1000cce0 PGetType@uint32@default@@QAAP$AAVType@Platform@@XZ
0x1000ce90 PGetType@uint64@default@@QAAP$AAVType@Platform@@XZ
0x1000c9b0 PGetType@uint8@default@@QAAP$AAVType@Platform@@XZ
0x10026940 PGetTypeCode@Type@Platform@@SA?AW4TypeCode@2@P$AAV12@@Z
0x10028950 PGetWeakReference@Details@Platform@@YGPAU__abi_IUnknown@@Q$ADVObject@2@@Z
0x10028920 PInitControlBlock@ControlBlock@Details@Platform@@AAEXPAX_N11@Z
0x10027060 PInitializeData@Details@Platform@@YAJH@Z
0x1000d630 PIntersect@Rect@Foundation@Windows@@QAAXV123@@Z
0x1000d5b0 PIntersectsWith@Rect@Foundation@Windows@@QAA_NV123@@Z
0x1000e240 PInvert@Matrix3D@Media3D@Media@Xaml@UI@Windows@@QAAXXZ
0x10020540 PReCreateException@Exception@Platform@@SAP$AAV12@H@Z
0x1001dd20 PReferenceEquals@Object@Platform@@SA_NP$AAV12@0@Z
0x100226c0 PReferenceEquals@Object@Platform@@SA_NP$AAVString@2@0@Z
0x10025990 PRegisterFactories@Details@Platform@@YGP$AAVObject@2@PAPAVModuleBase@1WRL@Microsoft@@PAPAU__abi_Module@@P6GXXZ@Z
0x10028c20 PReleaseInContextImpl@Details@Platform@@YGJPAUIUnknown@@0@Z
0x10028870 PReleaseTarget@ControlBlock@Details@Platform@@AAEXXZ
0x100289d0 PResolveWeakReference@Details@Platform@@YGP$AAVObject@2@ABU_GUID@@PAPAU__abi_IUnknown@@@Z
0x100259d0 PRunApplicationServer@Details@Platform@@YGXPAPAVModuleBase@1WRL@Microsoft@@PAPAU__abi_Module@@PB_W@Z
0x100259b0 PRunServer@Details@Platform@@YGXPAPAVModuleBase@1WRL@Microsoft@@PAPAU__abi_Module@@PB_W@Z
0x100270d0 PTerminateModule@Details@Platform@@YG_NPAVModuleBase@1WRL@Microsoft@@@Z
0x1000c7f0 PToInt32@IntPtr@Platform@@QAAHXZ
0x1000c0d0 PToString@Attribute@Metadata@Platform@@Q$AAAP$AAVString@3@XZ
0x1000d200 PToString@Boolean@Platform@@QAAP$AAVString@2@XZ
0x1001dcd0 PToString@Delegate@Platform@@Q$AAAP$AAVString@2@XZ
0x10022720 PToString@Enum@Platform@@Q$AAAP$AAVString@2@XZ
0x1001f630 PToString@Exception@Platform@@U$AAAP$AAVString@2@XZ
0x1000d260 PToString@Guid@Platform@@QAAP$AAVString@2@XZ
0x1000c1e0 PToString@MTAThreadAttribute@Platform@@Q$AAAP$AAVString@2@XZ
0x1000c240 PToString@OnePhaseConstructedAttribute@CompilerServices@Runtime@Platform@@Q$AAAP$AAVString@4@XZ
0x1000c170 PToString@STAThreadAttribute@Platform@@Q$AAAP$AAVString@2@XZ
0x10026950 PToString@Type@Platform@@U$AAAP$AAVString@2@XZ
0x10022720 PToString@ValueType@Platform@@Q$AAAP$AAVString@2@XZ
0x1000c730 PToString@char16@default@@QAAP$AAVString@Platform@@XZ
0x1000c690 PToString@float32@default@@QAAP$AAVString@Platform@@XZ
0x1000c6e0 PToString@float64@default@@QAAP$AAVString@Platform@@XZ
0x1000c4b0 PToString@int16@default@@QAAP$AAVString@Platform@@XZ
0x1000c550 PToString@int32@default@@QAAP$AAVString@Platform@@XZ
0x1000c5f0 PToString@int64@default@@QAAP$AAVString@Platform@@XZ
0x1000c410 PToString@int8@default@@QAAP$AAVString@Platform@@XZ
0x1000c500 PToString@uint16@default@@QAAP$AAVString@Platform@@XZ
0x1000c5a0 PToString@uint32@default@@QAAP$AAVString@Platform@@XZ
0x1000c640 PToString@uint64@default@@QAAP$AAVString@Platform@@XZ
0x1000c460 PToString@uint8@default@@QAAP$AAVString@Platform@@XZ
0x10027090 PUninitializeData@Details@Platform@@YAXH@Z
0x1000d770 PUnion@Rect@Foundation@Windows@@QAAXV123@@Z
0x1000d570 PUnion@Rect@Foundation@Windows@@QAAXVPoint@23@@Z
0x1001dc70 PWriteLine@Console@Details@Platform@@SAXP$AAVObject@3@@Z
0x1001dc50 PWriteLine@Console@Details@Platform@@SAXP$AAVString@3@@Z
0x1001dcc0 PWriteLine@Console@Details@Platform@@SAXXZ
0x10027020 P__abi_FailFast@@YGXXZ
0x10022760 P__abi_ObjectToString@__abi_details@@YGP$AAVString@Platform@@P$AAVObject@3@_N@Z
0x100288c0 P__abi_Resolve@ControlBlock@Details@Platform@@UAGJAAVGuid@3@PAPAU__abi_IInspectable@@@Z
0x10020260 P__abi_WinRTraiseAccessDeniedException@@YGXXZ
0x100204a0 P__abi_WinRTraiseCOMException@@YGXJ@Z
0x10020360 P__abi_WinRTraiseChangedStateException@@YGXXZ
0x100203a0 P__abi_WinRTraiseClassNotRegisteredException@@YGXXZ
0x10020420 P__abi_WinRTraiseDisconnectedException@@YGXXZ
0x10020220 P__abi_WinRTraiseFailureException@@YGXXZ
0x100202e0 P__abi_WinRTraiseInvalidArgumentException@@YGXXZ
0x10020160 P__abi_WinRTraiseInvalidCastException@@YGXXZ
0x10020120 P__abi_WinRTraiseNotImplementedException@@YGXXZ
0x100201a0 P__abi_WinRTraiseNullReferenceException@@YGXXZ
0x10020460 P__abi_WinRTraiseObjectDisposedException@@YGXXZ
0x100201e0 P__abi_WinRTraiseOperationCanceledException@@YGXXZ
0x10020320 P__abi_WinRTraiseOutOfBoundsException@@YGXXZ
0x100202a0 P__abi_WinRTraiseOutOfMemoryException@@YGXXZ
0x100203e0 P__abi_WinRTraiseWrongThreadException@@YGXXZ
0x10026430 P__abi_cast_Object_to_String@__abi_details@@YGP$AAVString@Platform@@_NP$AAVObject@3@@Z
0x10026410 P__abi_cast_String_to_Object@__abi_details@@YGP$AAVObject@Platform@@P$AAVString@3@@Z
0x10026b90 P__abi_make_type_id@@YGP$AAVType@Platform@@ABU__abi_type_descriptor@@@Z
0x100204e0 P__abi_translateCurrentException@@YGJ_N@Z
0x10027240 P__getActivationFactoryByHSTRING@@YGJPAUHSTRING__@@AAVGuid@Platform@@PAPAX@Z
0x1000d4f0 Pget@Bottom@Rect@Foundation@Windows@@QAAMXZ
0x10021ea0 Pget@BreakOnAllocationId@Heap@Details@Platform@@SAHXZ
0x10021ec0 Pget@BreakOnFreeId@Heap@Details@Platform@@SAHXZ
0x10021e90 Pget@CurrentAllocationId@Heap@Details@Platform@@SAHXZ
0x1000d430 Pget@Empty@Rect@Foundation@Windows@@SA?AV234@XZ
0x1000d310 Pget@Empty@Size@Foundation@Windows@@SA?AV234@XZ
0x10026900 Pget@FullName@Type@Platform@@Q$AAAP$AAVString@3@XZ
0x1000e210 Pget@HasInverse@Matrix3D@Media3D@Media@Xaml@UI@Windows@@QAA_NXZ
0x1001f710 Pget@Message@Exception@Platform@@Q$AAAP$AAVString@3@XZ
0x10021ee0 Pget@ObjectCount@Heap@Details@Platform@@SAHXZ
0x10021e20 Pget@Right@Rect@Foundation@Windows@@QAAMXZ
0x10021e10 Pget@TrackingLevel@Heap@Details@Platform@@SA?AW4HeapAllocationTrackingLevel@34@XZ
0x10021eb0 Pset@BreakOnAllocationId@Heap@Details@Platform@@SAXH@Z
0x10021ed0 Pset@BreakOnFreeId@Heap@Details@Platform@@SAXH@Z
0x1000d4b0 Test

Report - zRqNu.dll

Signature (5cnts)

Rules (7cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure