Static task
static1
Behavioral task
behavioral1
Sample
bd5ecf7feb0dce18cf2564b2f0bb89307093552a0e76e6b395c5a56cf896dd74.exe
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral2
Sample
bd5ecf7feb0dce18cf2564b2f0bb89307093552a0e76e6b395c5a56cf896dd74.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
bd5ecf7feb0dce18cf2564b2f0bb89307093552a0e76e6b395c5a56cf896dd74
-
Size
114KB
-
MD5
8d0afebff57e146a661ea7c3ce2a7ead
-
SHA1
4a76c3ea69a7b9f9857caa589c8df42a3ee8136e
-
SHA256
bd5ecf7feb0dce18cf2564b2f0bb89307093552a0e76e6b395c5a56cf896dd74
-
SHA512
c35132255b76b7d304e41879936a9229bbcf54f5449827e4d439f8192bbdc7f9c21f92cc4c996da3b2029656bdc54671c9a3dbe1ed92f76eab2d4be70ddadbfc
-
SSDEEP
1536:9rHf+/9aQmUSliecczQnRK3JZTwKZmP7p7p3lFO+efKW5qHz:d2IXccceJZcDff6qHz
Malware Config
Signatures
Files
-
bd5ecf7feb0dce18cf2564b2f0bb89307093552a0e76e6b395c5a56cf896dd74.exe windows x86
84ab5efd0b9bf5f7b9cbbfff0361e59b
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
rpcrt4
NdrPointerMarshall
NdrCorrelationPass
NdrEncapsulatedUnionBufferSize
I_RpcBindingInqTransportType
NdrConformantStructMarshall
I_RpcTransConnectionFreePacket
RpcNetworkInqProtseqsW
NdrEncapsulatedUnionUnmarshall
DceErrorInqTextA
MesEncodeFixedBufferHandleCreate
NDRCContextUnmarshall
NdrServerInitializeNew
NdrStubCall2
NdrMesTypeAlignSize2
RpcEpRegisterNoReplaceW
NdrFullPointerXlatInit
NdrUserMarshalMarshall
RpcStringFreeW
NdrFixedArrayMarshall
RpcSsEnableAllocate
NdrConformantVaryingStructFree
I_RpcFreeBuffer
RpcTestCancel
I_RpcNsInterfaceUnexported
NdrConformantArrayMemorySize
NdrUserMarshalMemorySize
NdrEncapsulatedUnionMarshall
RpcBindingFromStringBindingA
NdrXmitOrRepAsMarshall
RpcMgmtEpEltInqNextW
RpcCancelThread
NdrConformantStringBufferSize
CStdStubBuffer_QueryInterface
NdrConformantArrayMarshall
NdrOleAllocate
NdrRpcSmSetClientToOsf
MesDecodeIncrementalHandleCreate
NdrServerContextNewUnmarshall
NdrNonConformantStringMemorySize
RpcMgmtSetCancelTimeout
RpcBindingSetAuthInfoA
I_RpcBindingCopy
RpcNetworkIsProtseqValidW
I_RpcBCacheAllocate
NdrVaryingArrayUnmarshall
NdrStubInitialize
NdrServerContextUnmarshall
TowerExplode
RpcServerTestCancel
NdrUserMarshalBufferSize
RpcCertGeneratePrincipalNameA
NdrNonEncapsulatedUnionUnmarshall
NdrSimpleStructUnmarshall
NdrVaryingArrayMemorySize
RpcEpRegisterW
RpcServerUseProtseqExA
NdrServerContextMarshall
I_RpcServerUseProtseq2W
MesEncodeIncrementalHandleCreate
RpcMgmtIsServerListening
RpcSsSwapClientAllocFree
NdrFixedArrayFree
NdrDllCanUnloadNow
NdrConformantStructBufferSize
NdrFreeBuffer
RpcSmClientFree
I_RpcSendReceive
I_RpcServerUseProtseqEp2A
NdrXmitOrRepAsBufferSize
NdrStubCall
NdrServerInitializePartial
RpcServerRegisterIf
NdrComplexArrayUnmarshall
IUnknown_QueryInterface_Proxy
NdrMesSimpleTypeEncode
NdrMesSimpleTypeDecode
NdrConformantVaryingStructMarshall
NdrConformantArrayFree
NdrInterfacePointerUnmarshall
NdrComplexStructMarshall
I_RpcBindingInqDynamicEndpointW
I_RpcConnectionInqSockBuffSize
NdrOleFree
RpcSsDestroyClientContext
NdrVaryingArrayBufferSize
RpcBindingToStringBindingW
NdrConformantVaryingArrayUnmarshall
RpcBindingToStringBindingA
NDRSContextMarshallEx
NdrServerMarshall
NdrRpcSsDefaultAllocate
I_RpcNsBindingSetEntryNameW
RpcMgmtEpEltInqNextA
RpcSmDisableAllocate
NdrMesTypeEncode2
NdrFixedArrayBufferSize
I_RpcAsyncSetHandle
I_RpcTransGetThreadEvent
RpcServerRegisterIf2
RpcBindingSetOption
RpcMgmtSetAuthorizationFn
RpcServerUseAllProtseqsIf
RpcSmSetClientAllocFree
NdrFixedArrayMemorySize
NdrXmitOrRepAsMemorySize
I_RpcDeleteMutex
RpcBindingSetObject
UuidCreate
I_RpcServerRegisterForwardFunction
NdrProxySendReceive
RpcSsFree
NdrContextHandleSize
NDRCContextMarshall
NdrComplexStructFree
I_RpcTransDatagramAllocate2
RpcNetworkIsProtseqValidA
I_RpcNsBindingSetEntryNameA
NdrDllRegisterProxy
NdrXmitOrRepAsFree
RpcBindingInqAuthInfoA
NdrSimpleTypeUnmarshall
RpcCertGeneratePrincipalNameW
I_RpcGetCurrentCallHandle
MesHandleFree
NdrNonEncapsulatedUnionMarshall
RpcObjectSetInqFn
NdrSendReceive
NdrConformantArrayBufferSize
NdrSimpleStructBufferSize
NdrInterfacePointerMemorySize
NdrConformantVaryingArrayMemorySize
NdrClientInitializeNew
I_RpcServerUseProtseq2A
NDRSContextUnmarshall
NdrUserMarshalFree
RpcServerUseProtseqEpW
NdrNonConformantStringBufferSize
RpcIfIdVectorFree
RpcMgmtInqStats
RpcServerInqDefaultPrincNameW
RpcSsSetClientAllocFree
NdrConformantStructUnmarshall
NdrConformantVaryingStructUnmarshall
RpcServerInqDefaultPrincNameA
I_RpcGetBuffer
RpcServerUseProtseqIfExW
RpcBindingInqAuthClientExA
I_RpcGetBufferWithObject
NDRSContextMarshall2
I_RpcSsDontSerializeContext
I_RpcServerUseProtseqEp2W
NDRSContextMarshall
RpcBindingReset
RpcAsyncCompleteCall
NdrConformantStringUnmarshall
NdrComplexStructMemorySize
NdrDllUnregisterProxy
NdrProxyErrorHandler
UuidHash
RpcBindingSetAuthInfoExW
NdrNsGetBuffer
NdrProxyGetBuffer
NdrCorrelationInitialize
I_RpcReceive
RpcEpRegisterNoReplaceA
RpcSsDontSerializeContext
UuidFromStringA
NdrUserMarshalSimpleTypeConvert
RpcServerUseProtseqA
RpcBindingVectorFree
IUnknown_AddRef_Proxy
ws2_32
WSAEventSelect
inet_addr
socket
bind
WSASendTo
WSAUnhookBlockingHook
WSAConnect
select
WSAAsyncGetProtoByName
WSANtohl
WSAStringToAddressA
WSAIsBlocking
gethostname
shutdown
WSASetLastError
WSANtohs
WSASetServiceA
gethostbyname
WSAAddressToStringW
accept
setsockopt
WEP
WSAHtonl
WSCInstallNameSpace
WSAAsyncSelect
WSADuplicateSocketA
__WSAFDIsSet
WSAGetOverlappedResult
WSCWriteNameSpaceOrder
WSASetEvent
WSALookupServiceEnd
gethostbyaddr
WSAEnumNameSpaceProvidersW
WSAAsyncGetHostByName
WSACancelBlockingCall
WSALookupServiceNextA
listen
WSAIoctl
WSARecv
WSAInstallServiceClassW
WSAResetEvent
WSAHtons
WSAGetServiceClassInfoA
recv
getsockname
WSAGetServiceClassNameByClassIdA
ntohs
WSAEnumProtocolsW
WSAAddressToStringA
WSACloseEvent
WSARemoveServiceClass
getsockopt
kernel32
GetProcAddress
GlobalFindAtomW
scesrv
ScesrvInitializeServer
crypt32
CertRegisterSystemStore
CertAddStoreToCollection
CryptAcquireCertificatePrivateKey
CryptFindLocalizedName
CertStrToNameW
CertSetCRLContextProperty
PFXVerifyPassword
CertAddEncodedCertificateToSystemStoreW
CertGetSubjectCertificateFromStore
CryptProtectData
CertGetNameStringW
CryptVerifyDetachedMessageSignature
CertAddCTLLinkToStore
CryptLoadSip
CertRemoveEnhancedKeyUsageIdentifier
CryptDecryptAndVerifyMessageSignature
CryptSIPPutSignedDataMsg
CertSetCTLContextProperty
CryptEnumOIDInfo
CertFindSubjectInCTL
CertAddCRLContextToStore
CertDeleteCertificateFromStore
CryptFindCertificateKeyProvInfo
CryptMsgCalculateEncodedLength
CryptVerifyMessageHash
CryptInstallOIDFunctionAddress
CertDeleteCRLFromStore
CertRemoveStoreFromCollection
CryptFindOIDInfo
CertControlStore
CertGetCRLContextProperty
CryptExportPublicKeyInfoEx
CryptSetOIDFunctionValue
CertEnumCertificateContextProperties
CertComparePublicKeyInfo
CertFindExtension
CertEnumSystemStoreLocation
CryptHashToBeSigned
PFXIsPFXBlob
CertEnumPhysicalStore
CertAddCertificateContextToStore
CryptVerifyMessageSignatureWithKey
CertGetCertificateContextProperty
CertOpenStore
CryptSignAndEncryptMessage
CryptSignCertificate
CryptSetKeyIdentifierProperty
CertVerifyRevocation
CryptMsgUpdate
CertVerifyCertificateChainPolicy
CertVerifySubjectCertificateContext
CertVerifyCRLRevocation
CertDuplicateStore
CertAddCRLLinkToStore
CertGetIntendedKeyUsage
CertFindCRLInStore
CryptGetDefaultOIDFunctionAddress
CryptSIPRemoveProvider
CryptMsgVerifyCountersignatureEncodedEx
CertVerifyCTLUsage
CryptUnregisterDefaultOIDFunction
CryptMsgOpenToDecode
CertFreeCTLContext
CertGetEnhancedKeyUsage
CertGetCertificateChain
CryptDecodeObject
CertSetCertificateContextProperty
CertNameToStrW
CertOpenSystemStoreW
CryptSIPCreateIndirectData
CertAddCertificateLinkToStore
CertGetIssuerCertificateFromStore
CertAddEncodedCTLToStore
CertCompareIntegerBlob
CertSaveStore
CryptMsgCountersignEncoded
CryptSetAsyncParam
CertSetEnhancedKeyUsage
CertGetNameStringA
CertSetStoreProperty
CryptGetAsyncParam
CryptEncryptMessage
CryptSignMessageWithKey
CryptMsgDuplicate
CertAddEncodedCRLToStore
CryptMemFree
CryptEncodeObject
CertFreeCertificateContext
CryptMsgControl
CertEnumCTLContextProperties
CryptMsgClose
CertGetValidUsages
CryptImportPublicKeyInfoEx
CertVerifyTimeValidity
CryptRegisterOIDInfo
CryptEnumOIDFunction
CryptHashPublicKeyInfo
CertVerifyValidityNesting
CertCreateCTLContext
CryptUnprotectData
CertSerializeCertificateStoreElement
urlmon
Extract
HlinkGoBack
CoInternetCreateZoneManager
FindMediaTypeClass
GetClassURL
samlib
SamCreateUser2InDomain
SamGetAliasMembership
SamGetDisplayEnumerationIndex
SamiChangePasswordUser
SamQueryInformationUser
SamCreateGroupInDomain
SamRemoveMemberFromForeignDomain
SamSetInformationUser
SamDeleteAlias
SamConnectWithCreds
SamOpenDomain
SamAddMemberToGroup
SamEnumerateDomainsInSamServer
SamOpenAlias
SamQueryInformationAlias
SamiEncryptPasswords
SamTestPrivateFunctionsUser
winmm
mmioRenameA
waveOutMessage
mciGetDeviceIDA
midiStreamProperty
waveOutGetVolume
joyGetPos
midiOutSetVolume
mixerSetControlDetails
midiInPrepareHeader
waveInGetDevCapsA
joyGetDevCapsA
mmioClose
mixerGetNumDevs
mciExecute
waveOutPause
mmTaskYield
waveOutGetID
mod32Message
midiOutGetID
waveInClose
joyConfigChanged
mmTaskBlock
mmioStringToFOURCCW
timeSetEvent
midiOutReset
waveOutGetNumDevs
joyGetNumDevs
mmioSeek
waveOutOpen
waveOutGetPitch
midiInGetNumDevs
mmioAdvance
midiOutGetErrorTextA
waveInAddBuffer
midiStreamPause
auxGetNumDevs
auxGetVolume
aux32Message
auxGetDevCapsW
CloseDriver
joyGetDevCapsW
mmioInstallIOProcW
wid32Message
mciSendStringA
mxd32Message
waveOutPrepareHeader
timeEndPeriod
mmioRead
mmTaskCreate
mmioDescend
waveOutClose
waveInOpen
midiStreamStop
midiInGetErrorTextW
DriverCallback
timeGetDevCaps
mciSendStringW
waveInGetErrorTextA
mixerGetID
mmsystemGetVersion
midiOutLongMsg
sndPlaySoundW
DrvGetModuleHandle
sndPlaySoundA
wod32Message
mmioGetInfo
WOW32ResolveMultiMediaHandle
mmioSendMessage
midiInGetDevCapsW
mmioFlush
joySetThreshold
timeGetTime
mixerGetDevCapsW
version
VerFindFileA
GetFileVersionInfoA
VerQueryValueA
oledlg
OleUIConvertA
OleUIChangeSourceA
OleUICanConvertOrActivateAs
OleUIChangeSourceW
OleUIAddVerbMenuA
OleUIConvertW
OleUIChangeIconW
shlwapi
StrToIntExA
UrlUnescapeA
SHQueryInfoKeyW
PathSkipRootA
PathIsRootA
StrIsIntlEqualW
PathRemoveArgsW
PathStripToRootW
PathCommonPrefixW
ColorHLSToRGB
SHSetValueW
PathFileExistsW
StrFromTimeIntervalW
PathBuildRootW
UrlIsOpaqueA
PathIsDirectoryW
SHRegisterValidateTemplate
SHGetThreadRef
StrCmpNA
SHIsLowMemoryMachine
PathStripPathW
SHRegWriteUSValueW
PathIsDirectoryA
PathUndecorateA
PathCombineW
SHQueryInfoKeyA
ColorAdjustLuma
PathRemoveFileSpecA
PathRemoveBlanksA
StrStrA
StrChrIA
StrDupA
StrDupW
PathSearchAndQualifyA
SHOpenRegStreamA
PathIsUNCServerW
StrSpnW
PathIsNetworkPathW
StrRetToStrW
wvnsprintfA
PathParseIconLocationW
SHCreateShellPalette
PathSetDlgItemPathW
PathAppendA
StrCpyNW
UrlEscapeW
StrCmpNIA
PathUnquoteSpacesW
PathStripToRootA
PathIsUNCServerShareW
SHStrDupA
SHRegSetUSValueA
SHSetThreadRef
winspool.drv
EnumPrinterDataW
StartDocDlgA
ConvertUnicodeDevModeToAnsiDevmode
DeleteMonitorW
SetPrinterA
AddPrinterDriverA
EndPagePrinter
DeviceCapabilitiesW
GetPrintProcessorDirectoryW
FindNextPrinterChangeNotification
GetPrinterDriverDirectoryA
GetPrinterDataA
DocumentEvent
ClosePrinter
FreePrinterNotifyInfo
DeletePrinterKeyA
PrinterProperties
DocumentPropertiesW
SetFormA
EnumPrintProcessorDatatypesW
QuerySpoolMode
EnumPrinterDataExA
SetPortW
SetPrinterDataExA
EnumJobsA
SetPrinterDataExW
QueryColorProfile
StartPagePrinter
EnumPrintersW
SetPrinterDataW
OpenPrinterA
EnumPrinterKeyW
SetDefaultPrinterW
GetJobW
AddJobW
SetPrinterDataA
AddPortExA
GetPrinterDriverA
DeleteMonitorA
PrinterMessageBoxA
StartDocPrinterW
AddPrintProcessorW
FindFirstPrinterChangeNotification
AddPortExW
AddPrinterA
DeviceMode
DeletePortA
EnumPrintProcessorDatatypesA
SetJobW
ConfigurePortW
DocumentPropertySheets
AddPrintProvidorA
AddMonitorW
DEVICECAPABILITIES
DeletePrintProcessorW
DeletePrinterDataA
SetPrinterW
EnumJobsW
EnumPrinterDataA
AddPrinterW
CreatePrinterIC
ScheduleJob
AddPrinterDriverW
AbortPrinter
GetPrinterDataW
userenv
GetAllUsersProfileDirectoryW
GetAppliedGPOListW
LeaveCriticalPolicySection
ProcessGroupPolicyCompleted
LoadUserProfileW
LoadUserProfileA
ExpandEnvironmentStringsForUserA
mscms
InternalGetDeviceConfig
GetColorProfileFromHandle
winsta
LogonIdFromWinStationNameA
ServerSetInternetConnectorStatus
WinStationGetTermSrvCountersValue
ServerQueryInetConnectorInformationW
WinStationWaitSystemEvent
WinStationConnectA
_WinStationBreakPoint
ServerQueryInetConnectorInformationA
rasapi32
RasGetErrorStringW
RasGetCustomAuthDataA
RasGetSubEntryPropertiesW
RasCreatePhonebookEntryW
RasSetCredentialsW
RasSetCustomAuthDataA
RasGetHport
RasSetAutodialParamW
RasSetEntryPropertiesW
RasGetAutodialEnableA
RasSetCredentialsA
RasGetConnectionStatistics
RasSetAutodialParamA
RasSetSubEntryPropertiesW
RasSetAutodialAddressA
RasGetAutodialParamA
RasAutoDialSharedConnection
RasRenameEntryW
RasGetCredentialsW
RasEnumEntriesA
RasSetOldPassword
RasGetCountryInfoA
RasEnumConnectionsW
RasRenameEntryA
RasQueryRedialOnLinkFailure
RasGetConnectStatusA
RasConnectionNotificationW
RasDialW
RasEnumDevicesA
RasGetEntryPropertiesA
RasQuerySharedConnection
RasSetEntryPropertiesA
RasGetAutodialAddressW
RasAutodialAddressToNetwork
RasInvokeEapUI
RasClearConnectionStatistics
RasFreeEapUserIdentityA
RasCreatePhonebookEntryA
RasHangUpW
RasEditPhonebookEntryA
RasGetEapUserIdentityW
RasEnumDevicesW
RasSetEntryDialParamsW
RasAutodialEntryToNetwork
RasDialA
RasIsSharedConnection
RasGetProjectionInfoW
RasEnumAutodialAddressesA
msacm32
acmFormatTagDetailsA
acmGetVersion
acmFilterTagDetailsW
acmStreamReset
acmStreamConvert
acmMessage32
acmMetrics
acmDriverRemove
acmStreamMessage
acmFormatTagEnumW
acmFilterChooseA
acmFormatTagDetailsW
acmDriverMessage
acmFilterEnumW
acmFilterTagEnumA
acmFormatEnumA
acmFormatChooseW
acmFilterTagEnumW
acmStreamUnprepareHeader
wininet
FtpCommandW
FtpDeleteFileA
UnlockUrlCacheEntryFileA
HttpAddRequestHeadersA
FtpGetFileW
InternetWriteFileExW
HttpEndRequestW
FtpCreateDirectoryW
DeleteUrlCacheContainerW
InternetGetCertByURLA
InternetOpenUrlA
FtpGetCurrentDirectoryW
InternetTimeToSystemTimeW
FtpPutFileA
DetectAutoProxyUrl
FtpSetCurrentDirectoryW
InternetSetOptionW
CreateUrlCacheGroup
InternetReadFileExW
GetUrlCacheHeaderData
FindNextUrlCacheEntryA
InternetSetStatusCallbackA
IsUrlCacheEntryExpiredA
InternetWriteFile
CreateUrlCacheEntryW
InternetSetCookieA
CreateUrlCacheEntryA
InternetTimeToSystemTimeA
ParseX509EncodedCertificateForListBoxEntry
InternetAutodialCallback
InternetGetConnectedStateExA
CreateUrlCacheContainerA
InternetConfirmZoneCrossingW
InternetSetOptionExA
InternetCreateUrlW
InternetOpenW
FindNextUrlCacheContainerW
FtpGetFileA
InternetCombineUrlW
GetUrlCacheGroupAttributeA
InternetDialA
FindFirstUrlCacheEntryW
FindCloseUrlCache
InternetDialW
InternetFortezzaCommand
FtpGetFileSize
InternetOpenA
InternetReadFileExA
SetUrlCacheEntryGroupA
GetUrlCacheConfigInfoW
InternetGetLastResponseInfoA
FreeUrlCacheSpaceA
InternetSetFilePointer
InternetWriteFileExA
InternetOpenUrlW
FindFirstUrlCacheContainerA
InternetTimeFromSystemTimeW
FtpGetFileEx
FtpPutFileW
IncrementUrlCacheHeaderData
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
ReadUrlCacheEntryStream
ShowCertificate
InternetCanonicalizeUrlW
FtpDeleteFileW
InternetInitializeAutoProxyDll
InternetQueryFortezzaStatus
RetrieveUrlCacheEntryStreamA
FreeUrlCacheSpaceW
HttpEndRequestA
DeleteUrlCacheEntryA
InternetGetLastResponseInfoW
SetUrlCacheEntryInfoA
DeleteUrlCacheGroup
GetUrlCacheGroupAttributeW
SetUrlCacheConfigInfoA
FtpGetCurrentDirectoryA
InternetGoOnlineW
RetrieveUrlCacheEntryFileW
GetUrlCacheEntryInfoExA
FindNextUrlCacheContainerA
FindFirstUrlCacheEntryExA
ShowClientAuthCerts
GetUrlCacheEntryInfoW
ole32
CreateILockBytesOnHGlobal
StgCreatePropStg
CoIsHandlerConnected
StringFromIID
HACCEL_UserMarshal
WriteOleStg
HDC_UserFree
WriteFmtUserTypeStg
OleQueryCreateFromData
ProgIDFromCLSID
IsEqualGUID
CoReleaseMarshalData
CoEnableCallCancellation
CreateClassMoniker
CoUnmarshalInterface
IsValidIid
MonikerRelativePathTo
CoGetObjectContext
OleFlushClipboard
CoDisableCallCancellation
IsValidInterface
CLIPFORMAT_UserMarshal
CoSuspendClassObjects
OleCreateFromData
CoDeactivateObject
CoGetContextToken
IsValidPtrOut
OleRegGetUserType
CoGetInterfaceAndReleaseStream
CoResumeClassObjects
HDC_UserMarshal
OleCreateLinkToFileEx
CoGetCallContext
RegisterDragDrop
ReadOleStg
CoRegisterClassObject
HBITMAP_UserMarshal
CoImpersonateClient
UtConvertDvtd32toDvtd16
CoGetCancelObject
OleDestroyMenuDescriptor
HWND_UserMarshal
OleCreateDefaultHandler
HACCEL_UserUnmarshal
CoFileTimeToDosDateTime
HDC_UserSize
SetConvertStg
CoFileTimeNow
OleDoAutoConvert
OleInitialize
ReadStringStream
StgCreatePropSetStg
GetRunningObjectTable
CoInstall
WdtpInterfacePointer_UserUnmarshal
CoGetInstanceFromFile
CoRegisterChannelHook
CoBuildVersion
CoGetStandardMarshal
CoUnloadingWOW
GetClassFile
HGLOBAL_UserFree
UtGetDvtd16Info
ReadClassStm
OleRegEnumFormatEtc
CreateBindCtx
HBRUSH_UserFree
OleCreateFromFileEx
OleGetIconOfClass
PropVariantClear
HPALETTE_UserUnmarshal
CoQueryReleaseObject
StgGetIFillLockBytesOnFile
CreateFileMoniker
CoMarshalHresult
HMENU_UserMarshal
SNB_UserFree
DoDragDrop
CreatePointerMoniker
CoIsOle1Class
CoInitialize
HICON_UserFree
OleCreateLinkToFile
HPALETTE_UserMarshal
HMETAFILEPICT_UserFree
ReadFmtUserTypeStg
CoGetObject
CoWaitForMultipleHandles
CoInitializeEx
OleCreate
CoGetMalloc
OleIsRunning
CreateStdProgressIndicator
StgOpenStorage
StringFromGUID2
CoCopyProxy
StgCreateDocfile
UtConvertDvtd16toDvtd32
IsAccelerator
OleRun
HWND_UserFree
OleSetMenuDescriptor
CoGetClassVersion
CoGetPSClsid
CoFreeLibrary
CoQueryProxyBlanket
CreateStreamOnHGlobal
OleRegEnumVerbs
HBRUSH_UserSize
CoMarshalInterface
HWND_UserSize
HMENU_UserFree
CoRevokeMallocSpy
PropSysAllocString
StgGetIFillLockBytesOnILockBytes
CLSIDFromProgIDEx
CoUninitialize
HGLOBAL_UserSize
CreateDataAdviseHolder
HICON_UserUnmarshal
CreateDataCache
StgOpenAsyncDocfileOnIFillLockBytes
STGMEDIUM_UserSize
OleIsCurrentClipboard
HWND_UserUnmarshal
CoLockObjectExternal
CoRegisterSurrogateEx
OleSetAutoConvert
OleLoad
MonikerCommonPrefixWith
OleSetContainedObject
CoQueryAuthenticationServices
MkParseDisplayName
OleCreateLinkEx
HBRUSH_UserUnmarshal
HMETAFILEPICT_UserSize
CoCreateFreeThreadedMarshaler
HPALETTE_UserFree
CLSIDFromProgID
CoCreateInstanceEx
OleCreateLinkFromData
HBITMAP_UserFree
StgSetTimes
HACCEL_UserFree
OleLockRunning
StgPropertyLengthAsVariant
OleCreateStaticFromData
OleGetAutoConvert
CoInitializeSecurity
CoSwitchCallContext
GetHookInterface
RevokeDragDrop
OleQueryLinkFromData
GetHGlobalFromILockBytes
OleSetClipboard
UpdateDCOMSettings
CoSetCancelObject
HENHMETAFILE_UserMarshal
DcomChannelSetHResult
GetDocumentBitStg
CoFreeUnusedLibraries
HBITMAP_UserSize
OleSaveToStream
user32
DialogBoxParamW
Sections
.text Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.bss Size: 1KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rdata Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 26KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ