TMethodImplementationIntercept
Overview
overview
10Static
static
8install.bat
windows7_x64
10install.bat
windows10-2004_x64
10install.vbs
windows7_x64
10install.vbs
windows10-2004_x64
10mailsend.exe
windows7_x64
1mailsend.exe
windows10-2004_x64
1rfusclient.exe
windows7_x64
1rfusclient.exe
windows10-2004_x64
1rutserv.exe
windows7_x64
10rutserv.exe
windows10-2004_x64
10vp8decoder.dll
windows7_x64
1vp8decoder.dll
windows10-2004_x64
1vp8encoder.dll
windows7_x64
1vp8encoder.dll
windows10-2004_x64
1Static task
static1
Behavioral task
behavioral1
Sample
install.bat
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
install.bat
Resource
win10v2004-20220310-en
windows10-2004_x64
0 signatures
0 seconds
Behavioral task
behavioral3
Sample
install.vbs
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral4
Sample
install.vbs
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
Behavioral task
behavioral5
Sample
mailsend.exe
Resource
win7-20220310-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral6
Sample
mailsend.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
Behavioral task
behavioral7
Sample
rfusclient.exe
Resource
win7-20220310-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral8
Sample
rfusclient.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
Behavioral task
behavioral9
Sample
rutserv.exe
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral10
Sample
rutserv.exe
Resource
win10v2004-20220310-en
windows10-2004_x64
0 signatures
0 seconds
Behavioral task
behavioral11
Sample
vp8decoder.dll
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral12
Sample
vp8decoder.dll
Resource
win10v2004-20220310-en
windows10-2004_x64
0 signatures
0 seconds
Behavioral task
behavioral13
Sample
vp8encoder.dll
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral14
Sample
vp8encoder.dll
Resource
win10v2004-20220310-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
a2c9e4f09745da32b05cb9dec107f05c84b0772164cb91ccaa09bce68cfef606
-
Size
5.7MB
-
MD5
13ad05b323e39f7fb19ed388d5d40dbc
-
SHA1
11a6d4b7fe999c2db77894925283f1d83de6124a
-
SHA256
a2c9e4f09745da32b05cb9dec107f05c84b0772164cb91ccaa09bce68cfef606
-
SHA512
a378af4b22787354081f56c8034ab9230f3f93f29a3e41f3ed2a30ec6b44be6ff4042340d264a0af7aa7d10f3feb8c08dfc12dab32a29f1eca218f30cc5adc3e
Score
8/10
Malware Config
Signatures
-
resource yara_rule static1/unpack002/rfusclient.exe aspack_v212_v242
Files
-
a2c9e4f09745da32b05cb9dec107f05c84b0772164cb91ccaa09bce68cfef606.zip
Password: infected
-
Server.rar.rar
-
English.lg
-
Russian.lg
-
install.bat
-
install.vbs.vbs
-
mailsend.exe.exe windows x86
02def8d867f9e08b5fc306bbb07e294a
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
shutdown
WSAAddressToStringA
WSAGetLastError
WSASetLastError
WSAStartup
getservbyname
getservbyport
gethostbyname
gethostbyaddr
socket
setsockopt
send
select
recv
ntohs
inet_ntoa
inet_addr
htons
htonl
getsockopt
ioctlsocket
connect
closesocket
advapi32
SystemFunction036
RegisterEventSourceA
ReportEventA
DeregisterEventSource
user32
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
kernel32
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
SetEnvironmentVariableA
FindClose
GetProcessHeap
DeleteFileW
SetEndOfFile
SetFilePointerEx
GetFileAttributesExW
HeapReAlloc
SetStdHandle
WriteConsoleW
HeapSize
DecodePointer
RaiseException
FindFirstFileExA
SetConsoleCtrlHandler
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
LocalFree
FormatMessageA
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
GetStdHandle
GetFileType
WriteFile
GetLastError
GetCurrentThreadId
GetModuleHandleA
MultiByteToWideChar
CloseHandle
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
GlobalMemoryStatus
FlushConsoleInputBuffer
SetLastError
GetSystemTime
SystemTimeToFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetCurrentDirectoryW
GetModuleFileNameW
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetFullPathNameW
GetFullPathNameA
ReadFile
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
GetModuleFileNameA
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
FlushFileBuffers
GetConsoleCP
GetStringTypeW
ReadConsoleW
GetTimeZoneInformation
Sections
.text Size: 825KB - Virtual size: 824KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 274KB - Virtual size: 274KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 77KB - Virtual size: 94KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 192B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 46KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
regedit.reg
-
rfusclient.exe.exe windows x86
Code Sign
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Exports
Exports
Sections
.text Size: 1.2MB - Virtual size: 4.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.itext Size: 6KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 38KB - Virtual size: 88KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 542KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 6KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didata Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 96B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: - Virtual size: 384KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 174KB - Virtual size: 520KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.aspack Size: 50KB - Virtual size: 52KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.adata Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
rutserv.exe.exe windows x86
8fac1a605c1f7b811be0b9e6913d9c74
Code Sign
34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before17-11-2006 00:00Not After16-07-2036 23:59SubjectCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before10-12-2013 00:00Not After09-12-2023 23:59SubjectCN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
60:ed:1a:3f:21:d8:f3:70:00:ef:de:14:81:ed:34:85Certificate
IssuerCN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=USNot Before02-06-2017 00:00Not After02-06-2019 23:59SubjectCN=Ter-Osipov Aleksey Vladimirovich,O=Ter-Osipov Aleksey Vladimirovich,L=Shakhty,ST=Rostovskaya oblast,C=RUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22-10-2014 00:00Not After22-10-2024 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10-11-2006 00:00Not After10-11-2021 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
27:95:b1:43:fb:ce:35:63:6a:66:c9:e9:bf:45:d4:58:a7:2b:e3:51Signer
Actual PE Digest27:95:b1:43:fb:ce:35:63:6a:66:c9:e9:bf:45:d4:58:a7:2b:e3:51Digest Algorithmsha1PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Ter-Osipov Aleksey Vladimirovich,O=Ter-Osipov Aleksey Vladimirovich,L=Shakhty,ST=Rostovskaya oblast,C=RU31-08-2017 21:01 Valid: false
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
winmm
sndPlaySoundW
PlaySoundW
timeGetTime
wininet
InternetCloseHandle
InternetReadFile
InternetQueryOptionW
InternetOpenA
InternetOpenUrlA
winspool.drv
DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW
comdlg32
GetSaveFileNameW
GetSaveFileNameA
PrintDlgW
comctl32
ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_AddMasked
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage
shell32
PathCleanupSpec
SHGetMalloc
SHGetFolderPathW
SHGetSpecialFolderLocation
Shell_NotifyIconW
ShellExecuteW
ShellExecuteA
SHGetPathFromIDListA
ShellExecuteExW
ShellExecuteExA
user32
CopyImage
MoveWindow
SetMenuItemInfoW
GetMenuItemInfoW
DefFrameProcW
DrawTextA
ScrollWindowEx
GetDlgCtrlID
GetUpdateRgn
FrameRect
RegisterWindowMessageW
GetMenuStringW
FillRect
UnregisterClassA
SendMessageA
IsClipboardFormatAvailable
EnumWindows
ShowOwnedPopups
GetClassInfoExW
GetClassInfoW
GetScrollRange
SetActiveWindow
GetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
EnumChildWindows
CreateDialogParamW
SendMessageTimeoutA
SendNotifyMessageW
GetScrollBarInfo
UnhookWindowsHookEx
SetCapture
GetCapture
ChildWindowFromPointEx
CreatePopupMenu
LoadMenuW
ShowCaret
GetMenuItemID
DestroyCaret
CharLowerBuffW
PostMessageW
SetWindowLongW
RegisterClassExW
DrawMenuBar
SetParent
IsZoomed
InvalidateRgn
GetClientRect
IsChild
LoadImageA
IntersectRect
IsIconic
CallNextHookEx
CloseDesktop
ShowWindow
SetForegroundWindow
GetWindowTextW
GetAsyncKeyState
PostThreadMessageA
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetFocus
GetDC
SetThreadDesktop
GetThreadDesktop
SetFocus
ReleaseDC
mouse_event
ExitWindowsEx
CreateWindowExA
GetClassLongW
GetMessageA
DrawTextW
SetScrollRange
PeekMessageA
MessageBeep
SetClassLongW
SetRectEmpty
RemovePropW
AttachThreadInput
GetSubMenu
OpenInputDesktop
EqualRect
DestroyIcon
IsWindowVisible
CharToOemW
DispatchMessageA
PtInRect
GetGuiResources
UnregisterClassW
GetTopWindow
SendMessageW
GetMessageTime
GetComboBoxInfo
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetWindowRgn
GetMenuItemCount
GetSysColorBrush
GetWindowDC
DrawTextExW
CharLowerBuffA
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
DrawIconEx
keybd_event
GetClassNameW
GetMessagePos
GetIconInfo
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
SetCursorPos
GetCursorPos
SetMenu
GetMenuState
GetMenu
SetRect
GetKeyState
IsRectEmpty
ValidateRect
GetCursor
GetWindowTextA
KillTimer
BeginDeferWindowPos
WaitMessage
RegisterClassA
TranslateMDISysAccel
GetWindowPlacement
CreateIconIndirect
GetMenuItemRect
CreateWindowExW
ChildWindowFromPoint
OpenDesktopW
GetMessageW
GetDCEx
PeekMessageW
MonitorFromWindow
GetUpdateRect
MessageBoxA
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
MapVirtualKeyW
OffsetRect
IsWindowUnicode
DispatchMessageW
CreateAcceleratorTableW
DefMDIChildProcW
GetSystemMenu
SetScrollPos
GetScrollPos
InflateRect
DrawFocusRect
ReleaseCapture
SendInput
LoadCursorW
ScrollWindow
GetLastActivePopup
GetCursorInfo
CallWindowProcA
GetSystemMetrics
SetWindowTextA
CharUpperBuffW
GetClassNameA
ClientToScreen
SetClipboardData
GetClipboardData
SetWindowPlacement
GetMonitorInfoW
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
EnableWindow
GetWindowThreadProcessId
RedrawWindow
EndPaint
MsgWaitForMultipleObjectsEx
FindWindowA
LoadKeyboardLayoutW
ActivateKeyboardLayout
GetParent
CreateCaret
MonitorFromRect
InsertMenuItemW
GetPropW
MessageBoxW
SetPropW
UpdateWindow
MsgWaitForMultipleObjects
DestroyMenu
OemToCharA
SetWindowsHookExW
EmptyClipboard
GetAncestor
GetDlgItem
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
BringWindowToTop
SetCursor
CreateIcon
RemoveMenu
GetKeyboardLayoutNameW
OpenClipboard
TranslateMessage
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
PostMessageA
CharUpperBuffA
CopyIcon
PostQuitMessage
GetProcessWindowStation
ShowScrollBar
EnableMenuItem
LoadImageW
DeferWindowPos
EndDeferWindowPos
HideCaret
FindWindowExW
MonitorFromPoint
LoadIconW
SystemParametersInfoW
GetWindow
DefWindowProcA
GetWindowLongW
GetWindowRect
InsertMenuW
PostThreadMessageW
IsWindowEnabled
IsDialogMessageA
FindWindowW
DeleteMenu
GetUserObjectInformationW
GetKeyboardLayout
version
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA
oleaut32
SafeArrayPutElement
SetErrorInfo
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SafeArrayAccessData
SysReAllocStringLen
SafeArrayCreate
CreateErrorInfo
SafeArrayGetElement
GetActiveObject
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopyInd
VariantChangeType
msvcrt
memcpy
memset
advapi32
CryptExportKey
ControlService
CryptDecrypt
CryptDestroyKey
CryptImportKey
CryptEncrypt
CreateServiceW
RegDisablePredefinedCache
RegisterServiceCtrlHandlerExW
RegUnLoadKeyW
CryptReleaseContext
RegSaveKeyW
DeleteService
RegReplaceKeyW
SetTokenInformation
GetTokenInformation
LookupAccountSidW
ChangeServiceConfigW
RegCreateKeyExA
RegCreateKeyExW
CryptAcquireContextA
CryptAcquireContextW
SetSecurityDescriptorDacl
SetEntriesInAclW
RevertToSelf
RegEnumKeyExW
QueryServiceConfigW
OpenSCManagerW
RegOpenKeyExA
RegOpenKeyExW
AllocateAndInitializeSid
RegDeleteValueW
RegDeleteValueA
ImpersonateLoggedOnUser
RegFlushKey
RegEnumValueW
RegQueryValueExA
RegQueryValueExW
InitializeSecurityDescriptor
RegRestoreKeyW
EnumServicesStatusW
CloseServiceHandle
RegSetValueExA
RegSetValueExW
RegConnectRegistryW
StartServiceCtrlDispatcherW
LookupAccountNameW
GetUserNameA
GetUserNameW
DeregisterEventSource
DuplicateToken
RegQueryInfoKeyW
SetServiceStatus
StartServiceW
RegisterEventSourceW
ChangeServiceConfig2W
OpenServiceW
RegLoadKeyW
QueryServiceConfig2W
RegDeleteKeyW
CryptGenKey
OpenProcessToken
FreeSid
ReportEventW
SetNamedSecurityInfoW
ConvertSidToStringSidW
RegCloseKey
netapi32
NetWkstaGetInfo
NetApiBufferFree
winhttp
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
kernel32
SetFileTime
GetFileType
GetFileTime
GetACP
GetStringTypeExW
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
GetSystemDefaultLangID
GetCurrentProcessId
Beep
TerminateThread
SetHandleInformation
IsDebuggerPresent
GetHandleInformation
GetFullPathNameW
FindNextFileW
GlobalSize
GetCPInfoExW
GetSystemTime
SetUnhandledExceptionFilter
GetTempPathA
EnumSystemLocalesW
GetTimeZoneInformation
FileTimeToLocalFileTime
GetVersionExA
FreeLibrary
HeapDestroy
GetUserDefaultLCID
GetDiskFreeSpaceA
FindFirstFileA
SetLastError
WaitNamedPipeW
GetModuleFileNameW
GetLastError
GlobalAlloc
GlobalUnlock
CompareStringW
CreateThread
GetGeoInfoW
CreateMutexW
LoadLibraryA
ResetEvent
GetVolumeInformationW
OpenEventW
RaiseException
FormatMessageW
GetCurrentThread
CreateFileMappingA
IsBadReadPtr
ExpandEnvironmentStringsW
GetComputerNameA
LoadLibraryExW
FileTimeToSystemTime
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
Sleep
SetFilePointer
FlushFileBuffers
LoadResource
SuspendThread
GetTickCount
WritePrivateProfileStringW
WaitForMultipleObjects
OpenFileMappingA
FindNextFileA
GetFileSize
GetStartupInfoW
GetFileAttributesW
LocalSize
VerLanguageNameW
GetThreadPriority
SetThreadPriority
VirtualAlloc
GetSystemInfo
GetTempPathW
LeaveCriticalSection
GetLogicalDriveStringsW
WinExec
GetModuleHandleA
HeapCreate
VerSetConditionMask
GetDiskFreeSpaceW
GetUserDefaultUILanguage
GetConsoleOutputCP
GetModuleFileNameA
CompareStringA
CopyFileA
HeapFree
WideCharToMultiByte
MultiByteToWideChar
FindClose
LoadLibraryW
SetEvent
GetLocaleInfoW
FormatMessageA
ConnectNamedPipe
GetLocalTime
WaitForSingleObject
DeleteCriticalSection
SetErrorMode
GetComputerNameW
SleepEx
IsValidLocale
LoadLibraryExA
LocalAlloc
GetPrivateProfileStringW
WaitForMultipleObjectsEx
SetFileAttributesW
VirtualProtect
CreateSemaphoreW
ReadProcessMemory
OpenFileMappingW
lstrcmpiW
QueryPerformanceFrequency
VirtualFree
GetThreadContext
FlushInstructionCache
GetProcessHeap
ExitProcess
HeapAlloc
GetFileAttributesA
GetCurrentDirectoryA
GetLongPathNameW
RtlUnwind
GetCPInfo
GetCommandLineA
GetStdHandle
DisconnectNamedPipe
GetModuleHandleW
TryEnterCriticalSection
GetWindowsDirectoryA
FileTimeToDosDateTime
ReadFile
CreateProcessW
HeapSize
FindResourceW
lstrlenA
GetUserGeoID
CopyFileW
lstrcmpA
MapViewOfFile
MulDiv
CreateFileA
GetLocaleInfoA
GetVersion
GetDriveTypeW
GetComputerNameExW
FreeResource
DeleteFileA
MoveFileW
GlobalAddAtomW
OpenProcess
SwitchToThread
GetExitCodeThread
GetStringTypeW
OutputDebugStringW
SetNamedPipeHandleState
CreateDirectoryA
SetPriorityClass
TerminateProcess
LockResource
RemoveDirectoryA
GetCurrentThreadId
UnhandledExceptionFilter
PeekNamedPipe
CreateEventA
GlobalFree
SetFileAttributesA
EnterCriticalSection
ReleaseMutex
GetStringTypeExA
GlobalDeleteAtom
GetCurrentDirectoryW
InitializeCriticalSection
GlobalLock
GetCurrentProcess
GetCommandLineW
DuplicateHandle
ResumeThread
GetProcAddress
GetVersionExW
VerifyVersionInfoW
DeviceIoControl
LCMapStringW
FindFirstFileW
CreateProcessA
UnmapViewOfFile
GetConsoleCP
GlobalHandle
SetProcessShutdownParameters
FindResourceA
lstrlenW
QueryPerformanceCounter
SetEndOfFile
CopyFileExW
lstrcmpW
CreateMutexA
ReleaseSemaphore
SystemTimeToFileTime
CreateFileW
EnumResourceNamesW
GetSystemDirectoryW
DeleteFileW
IsDBCSLeadByteEx
GetEnvironmentVariableW
WriteFile
CreateFileMappingW
CreateNamedPipeW
ExitThread
CreatePipe
TlsGetValue
GetDateFormatW
ExpandEnvironmentStringsA
TlsSetValue
GetSystemDefaultUILanguage
CreateDirectoryW
EnumCalendarInfoW
RemoveDirectoryW
OpenSemaphoreW
GlobalMemoryStatus
CreateEventW
SetThreadLocale
GetThreadLocale
wintrust
WinVerifyTrust
shfolder
SHGetFolderPathW
wsock32
htons
ntohl
setsockopt
select
WSAStartup
WSACleanup
gethostbyname
bind
closesocket
inet_ntoa
socket
recv
ioctlsocket
WSAGetLastError
connect
inet_addr
recvfrom
sendto
send
ole32
OleRegEnumVerbs
IsAccelerator
CoCreateInstance
CoUninitialize
IsEqualGUID
CoLockObjectExternal
CoFreeUnusedLibraries
CreateStreamOnHGlobal
OleInitialize
ProgIDFromCLSID
CLSIDFromProgID
CoInitializeEx
OleUninitialize
CoGetClassObject
CoInitialize
CoTaskMemFree
OleDraw
CoTaskMemAlloc
OleSetMenuDescriptor
StringFromCLSID
gdi32
Pie
SetBkMode
TextOutA
CreateCompatibleBitmap
CreatePolygonRgn
BeginPath
GetEnhMetaFileHeader
CloseEnhMetaFile
RectVisible
AngleArc
ResizePalette
SetAbortProc
SetTextColor
GetTextColor
StretchBlt
PathToRegion
CreateFontA
RoundRect
SelectClipRgn
RectInRegion
RestoreDC
SetRectRgn
FillPath
GetTextMetricsW
GetWindowOrgEx
CreatePalette
CreateDCW
CreateICW
CreatePen
PolyBezierTo
FillRgn
GetStockObject
CreateSolidBrush
GetBkMode
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
GetTextExtentPoint32A
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
CreatePenIndirect
GetEnhMetaFilePaletteEntries
SetMapMode
CreateFontIndirectW
PolyBezier
LPtoDP
GetNearestColor
EndDoc
GetObjectW
GetCurrentObject
GetWinMetaFileBits
SetROP2
GetTextExtentExPointW
GetROP2
PtVisible
GetEnhMetaFileDescriptionW
ArcTo
GetTextFaceA
CreateEnhMetaFileW
Arc
CreateRectRgnIndirect
TextOutW
SelectPalette
SetGraphicsMode
ExcludeClipRect
SetWindowOrgEx
MaskBlt
CreatePatternBrush
EndPage
EndPath
EqualRgn
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
GetViewportOrgEx
CreateRectRgn
RealizePalette
CreateFontW
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
CreateEllipticRgn
Rectangle
DeleteDC
SaveDC
BitBlt
SetWorldTransform
FrameRgn
GetDeviceCaps
GetTextExtentPoint32W
PtInRegion
GetClipBox
GetClipRgn
Polyline
StartDocA
IntersectClipRect
CombineTransform
CreateBitmap
CombineRgn
SetWinMetaFileBits
CreateDIBitmap
GetStretchBltMode
CreateDIBSection
SetStretchBltMode
GetDIBits
ExtCreateRegion
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
DeleteObject
SelectObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
OffsetRgn
SetBkColor
CreateCompatibleDC
GetObjectA
GetBrushOrgEx
GetCurrentPositionEx
GetNearestPaletteIndex
SetTextAlign
GetTextAlign
CreateRoundRectRgn
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
WidenPath
GetPaletteEntries
Exports
Exports
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
madTraceProcess
Sections
.text Size: 7.5MB - Virtual size: 7.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 125KB - Virtual size: 124KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 634KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didata Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 179B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: - Virtual size: 1KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 93B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 668KB - Virtual size: 667KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
vp8decoder.dll.dll regsvr32 windows x86
8b7c6930eb0fdf061b0ef57bef61e484
Code Sign
34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before17-11-2006 00:00Not After16-07-2036 23:59SubjectCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before10-12-2013 00:00Not After09-12-2023 23:59SubjectCN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
60:ed:1a:3f:21:d8:f3:70:00:ef:de:14:81:ed:34:85Certificate
IssuerCN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=USNot Before02-06-2017 00:00Not After02-06-2019 23:59SubjectCN=Ter-Osipov Aleksey Vladimirovich,O=Ter-Osipov Aleksey Vladimirovich,L=Shakhty,ST=Rostovskaya oblast,C=RUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22-10-2014 00:00Not After22-10-2024 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10-11-2006 00:00Not After10-11-2021 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
86:2c:51:cf:2c:a8:1f:f8:67:10:01:bb:8c:4e:0f:93:fc:28:c0:2cSigner
Actual PE Digest86:2c:51:cf:2c:a8:1f:f8:67:10:01:bb:8c:4e:0f:93:fc:28:c0:2cDigest Algorithmsha1PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Ter-Osipov Aleksey Vladimirovich,O=Ter-Osipov Aleksey Vladimirovich,L=Shakhty,ST=Rostovskaya oblast,C=RU29-06-2017 11:56 Valid: false
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
Sleep
ReleaseSemaphore
CreateSemaphoreW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
GetProcAddress
GetSystemInfo
QueryPerformanceCounter
LocalFree
CreateEventW
SetEvent
CloseHandle
ReleaseMutex
CreateMutexW
GetLastError
GetModuleHandleW
GetModuleFileNameW
CreateFileW
WriteConsoleW
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableA
GetStringTypeW
OutputDebugStringW
SetFilePointerEx
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
HeapFree
RtlUnwind
CreateThread
ExitThread
LoadLibraryExW
HeapAlloc
HeapReAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
RaiseException
SetLastError
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WriteFile
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetConsoleCP
GetConsoleMode
CompareStringW
LCMapStringW
user32
SetRectEmpty
advapi32
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
ole32
CoCreateInstance
CoTaskMemAlloc
StringFromGUID2
CoWaitForMultipleHandles
CoTaskMemFree
OleRun
oleaut32
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
shlwapi
SHDeleteKeyW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 264KB - Virtual size: 263KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 83KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rodata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
vp8encoder.dll.dll regsvr32 windows x86
7ba762a7cdd87ce0325ece4efb88e233
Code Sign
34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before17-11-2006 00:00Not After16-07-2036 23:59SubjectCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before10-12-2013 00:00Not After09-12-2023 23:59SubjectCN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
60:ed:1a:3f:21:d8:f3:70:00:ef:de:14:81:ed:34:85Certificate
IssuerCN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=USNot Before02-06-2017 00:00Not After02-06-2019 23:59SubjectCN=Ter-Osipov Aleksey Vladimirovich,O=Ter-Osipov Aleksey Vladimirovich,L=Shakhty,ST=Rostovskaya oblast,C=RUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22-10-2014 00:00Not After22-10-2024 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10-11-2006 00:00Not After10-11-2021 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
52:d1:09:17:ca:d8:81:67:05:9f:74:7a:b7:ca:84:7e:89:2c:9c:58Signer
Actual PE Digest52:d1:09:17:ca:d8:81:67:05:9f:74:7a:b7:ca:84:7e:89:2c:9c:58Digest Algorithmsha1PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Ter-Osipov Aleksey Vladimirovich,O=Ter-Osipov Aleksey Vladimirovich,L=Shakhty,ST=Rostovskaya oblast,C=RU29-06-2017 11:56 Valid: false
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CreateEventW
QueryPerformanceCounter
WaitForSingleObject
ReleaseSemaphore
QueryPerformanceFrequency
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
Sleep
CreateSemaphoreW
GetModuleHandleW
GetProcAddress
GetSystemInfo
SetThreadPriority
SetEvent
LocalFree
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
OutputDebugStringW
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
CloseHandle
ReleaseMutex
CreateMutexW
GetModuleFileNameW
SetLastError
GetLastError
MultiByteToWideChar
LCMapStringW
CompareStringW
GetConsoleMode
GetConsoleCP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
DecodePointer
HeapFree
HeapAlloc
GetCommandLineA
GetCurrentThreadId
RtlUnwind
HeapReAlloc
CreateThread
ExitThread
LoadLibraryExW
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapSize
RaiseException
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
GetProcessHeap
GetStdHandle
WriteFile
GetFileType
GetStartupInfoW
GetModuleFileNameA
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
user32
DestroyWindow
GetWindowRect
InvalidateRect
GetWindowLongW
SetRectEmpty
SetWindowLongW
GetDesktopWindow
ShowWindow
CreateDialogParamW
MessageBoxW
GetDlgItemTextW
SetDlgItemTextW
SendMessageW
MoveWindow
GetDlgItem
advapi32
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
ole32
OleRun
CoTaskMemAlloc
StringFromGUID2
CoWaitForMultipleHandles
CoTaskMemFree
CoCreateInstance
oleaut32
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
shlwapi
SHDeleteKeyW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 191KB - Virtual size: 190KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 220KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rodata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ