Static task
static1
Behavioral task
behavioral1
Sample
c7e282af963cab2297a4c0d14ed91c8121a1fb0c663c5e681b12bddd245c7b30.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
c7e282af963cab2297a4c0d14ed91c8121a1fb0c663c5e681b12bddd245c7b30.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
General
-
Target
c7e282af963cab2297a4c0d14ed91c8121a1fb0c663c5e681b12bddd245c7b30
-
Size
431KB
-
MD5
1b4149c637c925082ee78dfdfd322210
-
SHA1
972515af63c02ec38feff8454ab3e42c5c2bbfa6
-
SHA256
c7e282af963cab2297a4c0d14ed91c8121a1fb0c663c5e681b12bddd245c7b30
-
SHA512
9eb4050da55c41b47520a6d5a37279bd1bb138ce838e29f5b62c76623a2b3fe29b6d1509afcafbdb5c80e56d8da72667cea5a3fbea5817b281436ff43bbcb2a2
-
SSDEEP
12288:F31EFHSleoOld3e3tjTdl/ITRDcr3clycTh:1B0oOld3KT+Dtl31
Malware Config
Signatures
Files
-
c7e282af963cab2297a4c0d14ed91c8121a1fb0c663c5e681b12bddd245c7b30.exe windows x86
bd30a48f6ea9deca2daf27d81f88ea08
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
imagehlp
SymEnumerateModules
GetImageConfigInformation
SymUnDName
SymGetModuleBase
SymFunctionTableAccess
CheckSumMappedFile
MapAndLoad
SymLoadModule
EnumerateLoadedModules
BindImageEx
SymGetSymFromName
SymCleanup
TouchFileTimes
SplitSymbols
ReBaseImage
SymRegisterCallback
SymGetLineNext
UnmapDebugInformation
ImageRvaToSection
SymEnumerateSymbols
ImageAddCertificate
ImageUnload
FindExecutableImage
StackWalk
MapDebugInformation
UpdateDebugInfoFile
ImageDirectoryEntryToData
SymGetLineFromName
ImageGetDigestStream
ImageRvaToVa
UnMapAndLoad
BindImage
SymGetSymNext
SymGetSymFromAddr
SymSetSearchPath
ImagehlpApiVersion
SetImageConfigInformation
ImageGetCertificateHeader
SymUnloadModule
SymGetSearchPath
SymGetOptions
SymInitialize
SymGetLinePrev
ImageEnumerateCertificates
MapFileAndCheckSumA
MapFileAndCheckSumW
SymGetLineFromAddr
MakeSureDirectoryPathExists
GetImageUnusedHeaderBytes
ImageNtHeader
ImageRemoveCertificate
FindDebugInfoFile
GetTimestampForLoadedLibrary
UpdateDebugInfoFileEx
SymMatchFileName
UnDecorateSymbolName
SymGetSymPrev
SymGetModuleInfo
SymSetOptions
winmm
mciSendStringA
mciSendCommandA
waveOutSetVolume
auxSetVolume
midiStreamPause
PlaySoundA
mixerOpen
midiOutGetDevCapsW
waveInGetErrorTextA
mixerGetLineInfoW
midiOutGetErrorTextA
waveOutGetDevCapsW
midiInGetDevCapsW
joyGetPos
waveOutGetPosition
midiInMessage
midiStreamOpen
waveInGetDevCapsW
mmioRenameW
mixerMessage
midiInGetErrorTextA
mciGetDeviceIDFromElementIDW
auxGetNumDevs
midiOutClose
joyGetDevCapsW
mmioStringToFOURCCW
PlaySoundW
midiOutCachePatches
auxGetVolume
mmioAdvance
midiOutGetDevCapsA
midiInAddBuffer
mixerGetControlDetailsA
timeSetEvent
timeBeginPeriod
mciGetYieldProc
DefDriverProc
auxGetDevCapsA
waveOutWrite
waveOutReset
midiInClose
mmioAscend
mmioFlush
mciGetCreatorTask
midiConnect
midiOutOpen
waveOutGetErrorTextW
mixerGetDevCapsW
midiOutGetVolume
mciSendStringW
waveInAddBuffer
joySetThreshold
msvcrt
exit
__getmainargs
_exit
_onexit
_initterm
_XcptFilter
_acmdln
__setusermatherr
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
__dllonexit
??3@YAXPAX@Z
memcmp
__CxxFrameHandler
_setmbcp
_adjust_fdiv
msimg32
GradientFill
AlphaBlend
setupapi
SetupDiEnumDriverInfoW
SetupDiGetClassInstallParamsW
SetupDiGetClassDevsExW
SetupLogErrorW
SetupGetLineTextW
SetupDiGetClassDescriptionExA
SetupDiSelectDevice
SetupDiCreateDeviceInterfaceRegKeyA
SetupDiOpenDeviceInterfaceRegKey
SetupGetInfInformationA
SetupCreateDiskSpaceListA
SetupDiOpenDevRegKey
SetupQuerySpaceRequiredOnDriveW
SetupCopyErrorW
SetupDiSetDeviceInstallParamsW
SetupQueueRenameSectionA
SetupDiGetDeviceInstanceIdA
SetupCloseFileQueue
SetupDiGetDeviceRegistryPropertyA
SetupDiDeleteDeviceInfo
SetupFindFirstLineW
SetupAddToDiskSpaceListW
SetupOpenAppendInfFileW
SetupDiInstallDriverFiles
SetupDiCreateDevRegKeyA
SetupDiClassNameFromGuidExA
SetupInitDefaultQueueCallbackEx
SetupSetPlatformPathOverrideA
SetupCommitFileQueueW
SetupRemoveInstallSectionFromDiskSpaceListW
SetupRemoveSectionFromDiskSpaceListA
SetupInstallFilesFromInfSectionA
SetupGetLineCountA
SetupDiInstallClassExA
SetupDiSetClassInstallParamsA
SetupCloseInfFile
SetupDiGetSelectedDriverW
SetupGetSourceFileLocationW
SetupDiRegisterCoDeviceInstallers
SetupGetInfInformationW
SetupIterateCabinetA
SetupDiSetDeviceInstallParamsA
SetupDiCallClassInstaller
SetupDiGetSelectedDriverA
SetupDiGetClassDescriptionExW
SetupDiGetHwProfileFriendlyNameW
SetupDiDeleteDeviceInterfaceData
SetupQueueCopySectionA
SetupDiBuildDriverInfoList
SetupQueueRenameA
SetupFreeSourceListA
SetupInstallServicesFromInfSectionW
SetupSetPlatformPathOverrideW
SetupDiSelectOEMDrv
SetupDiCreateDeviceInfoListExW
SetupDiClassGuidsFromNameW
SetupSetDirectoryIdA
SetupDiGetClassImageListExW
SetupAddToDiskSpaceListA
SetupDiGetHwProfileList
SetupInitializeFileLogA
SetupGetTargetPathA
SetupDiOpenClassRegKey
SetupGetStringFieldW
SetupQueryInfFileInformationW
SetupTerminateFileLog
SetupInstallFromInfSectionA
SetupDiCreateDeviceInfoA
SetupDiGetDeviceInterfaceDetailW
SetupQueueDefaultCopyW
SetupSetDirectoryIdW
SetupDiOpenDeviceInterfaceA
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsA
SetupRenameErrorA
SetupSetSourceListW
SetupAddSectionToDiskSpaceListA
SetupAddSectionToDiskSpaceListW
SetupQueueDefaultCopyA
SetupDeleteErrorA
SetupDiInstallClassA
SetupFindNextMatchLineW
SetupDiGetDeviceInstallParamsA
SetupGetSourceFileSizeW
SetupDiMoveDuplicateDevice
SetupQueueCopySectionW
SetupCopyOEMInfW
SetupInstallFromInfSectionW
SetupScanFileQueueW
SetupDiOpenClassRegKeyExW
SetupDiGetDriverInstallParamsA
SetupInitializeFileLogW
SetupDiGetClassDevsW
SetupGetSourceFileLocationA
SetupLogFileA
SetupDiGetDeviceInfoListDetailW
SetupDestroyDiskSpaceList
SetupDiGetClassDescriptionW
SetupOpenInfFileW
SetupGetFileCompressionInfoA
SetupIterateCabinetW
SetupSetSourceListA
SetupCopyOEMInfA
SetupInstallFileW
SetupDiSetDriverInstallParamsW
SetupDiDeleteDeviceInterfaceRegKey
SetupRemoveFromSourceListA
SetupDiClassGuidsFromNameExA
SetupDiUnremoveDevice
SetupDiDrawMiniIcon
SetupDiGetDeviceInfoListClass
SetupDiClassNameFromGuidExW
SetupDiGetSelectedDevice
SetupDiClassNameFromGuidA
SetupGetFileCompressionInfoW
SetupGetSourceInfoA
SetupInstallServicesFromInfSectionExW
SetupDiGetClassInstallParamsA
SetupDiGetHwProfileListExW
SetupQueryDrivesInDiskSpaceListA
SetupQuerySpaceRequiredOnDriveA
SetupDiGetDeviceInstanceIdW
SetupAddToSourceListA
SetupPromptReboot
SetupDiGetDeviceInterfaceAlias
SetupDiGetDriverInfoDetailA
SetupGetMultiSzFieldW
SetupDiEnumDeviceInfo
SetupInstallFileA
SetupGetFieldCount
SetupQueueRenameW
SetupDiClassGuidsFromNameA
SetupQueueDeleteW
SetupDiCreateDeviceInfoList
SetupLogErrorA
SetupQueueCopyW
SetupDiInstallDevice
SetupInstallServicesFromInfSectionA
SetupDiBuildClassInfoListExW
SetupDiGetClassDevsExA
SetupAddToSourceListW
SetupGetBinaryField
SetupQueueCopyA
SetupDiLoadClassIcon
SetupGetLineCountW
SetupDiEnumDriverInfoA
SetupDiSetSelectedDevice
SetupDiSetDeviceRegistryPropertyA
SetupFreeSourceListW
SetupDiDestroyDriverInfoList
SetupDiGetClassImageListExA
SetupDiGetDriverInfoDetailW
SetupDeleteErrorW
SetupDiGetClassImageIndex
SetupQueueRenameSectionW
SetupOpenFileQueue
SetupDiAskForOEMDisk
SetupQueryInfFileInformationA
SetupPromptForDiskW
SetupDiBuildClassInfoList
SetupDiGetINFClassA
SetupDiDestroyClassImageList
SetupScanFileQueueA
SetupCommitFileQueueA
SetupGetLineTextA
SetupDiSelectBestCompatDrv
SetupQueryInfVersionInformationA
SetupDiInstallDeviceInterfaces
SetupDiGetHwProfileFriendlyNameExW
SetupQueryFileLogA
SetupDiGetClassImageList
SetupDiBuildClassInfoListExA
SetupQueueDeleteSectionW
SetupDecompressOrCopyFileA
SetupDiCancelDriverInfoSearch
SetupQueryFileLogW
SetupSetDirectoryIdExA
SetupGetMultiSzFieldA
SetupDiOpenDeviceInfoW
SetupCloseLog
SetupCreateDiskSpaceListW
SetupGetSourceFileSizeA
SetupDiCreateDeviceInterfaceW
SetupDiCreateDeviceInterfaceRegKeyW
SetupInstallFilesFromInfSectionW
SetupInstallFileExW
SetupDefaultQueueCallbackA
SetupOpenInfFileA
SetupDiOpenDeviceInterfaceW
SetupDiRegisterDeviceInfo
SetupGetStringFieldA
SetupDiGetWizardPage
SetupDiGetDeviceInstallParamsW
SetupTermDefaultQueueCallback
SetupFindFirstLineA
SetupDiSetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoA
SetupDiChangeState
SetupGetSourceInfoW
SetupQueueDeleteA
SetupGetLineByIndexW
SetupDiGetDeviceInfoListDetailA
SetupFindNextLine
SetupQuerySourceListA
SetupDiSetSelectedDriverA
SetupOpenAppendInfFileA
SetupRemoveInstallSectionFromDiskSpaceListA
SetupDiClassNameFromGuidW
SetupAdjustDiskSpaceListA
SetupDiCreateDeviceInterfaceA
SetupDiRemoveDeviceInterface
SetupOpenLog
SetupLogFileW
SetupQuerySourceListW
SetupDiRemoveDevice
SetupDiGetClassDevPropertySheetsA
SetupInstallFileExA
SetupDiDestroyDeviceInfoList
shell32
ShellExecuteW
SHGetPathFromIDListA
SHQueryRecycleBinW
SHLoadInProc
ord180
SHGetFileInfoA
SHGetPathFromIDListW
FindExecutableW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
ord179
SHGetFileInfoW
Shell_NotifyIconA
SHBrowseForFolderW
CommandLineToArgvW
ExtractIconExA
DragQueryFileA
SHBrowseForFolderA
ShellExecuteExA
SHFileOperationW
DragQueryPoint
user32
GetDlgItemTextA
EnableWindow
RedrawWindow
CreateCaret
IsWindowUnicode
MessageBoxIndirectW
CallNextHookEx
IntersectRect
GetMenu
DdeCreateStringHandleA
MessageBoxIndirectA
GetKeyNameTextW
CharLowerA
CreateDialogParamW
CharLowerW
UnpackDDElParam
DefDlgProcA
MessageBeep
GetKeyboardLayout
IsIconic
LoadImageA
CloseClipboard
SetScrollInfo
GetWindowLongA
GetMenuDefaultItem
AppendMenuW
UnregisterClassA
GetMenuStringW
CloseWindow
CharNextA
GetPropW
GetDesktopWindow
TranslateMessage
CreateDialogIndirectParamW
GetClassInfoExA
ToUnicodeEx
CopyAcceleratorTableA
IsChild
SetWindowPos
GetSystemMetrics
SetParent
CreateAcceleratorTableA
FindWindowExW
CharLowerBuffW
OemToCharBuffA
DrawEdge
GetActiveWindow
NotifyWinEvent
DrawMenuBar
WindowFromPoint
GrayStringA
ChildWindowFromPoint
SetDlgItemInt
IsWindow
MapDialogRect
SendMessageCallbackW
IsWindowEnabled
ModifyMenuW
GetKeyState
RegisterClassW
CheckMenuRadioItem
CharToOemA
TrackPopupMenu
SystemParametersInfoW
ScrollWindowEx
DefWindowProcW
ShowScrollBar
IsDialogMessageA
GetClassInfoA
DdeCreateDataHandle
FlashWindow
GetClassNameW
EnableScrollBar
SetMenu
LoadAcceleratorsA
GetTopWindow
GetNextDlgTabItem
GetWindowPlacement
DestroyMenu
EqualRect
EndDialog
DrawTextW
GetSubMenu
LoadCursorW
ole32
OleCreateStaticFromData
CoMarshalInterface
CoResumeClassObjects
HACCEL_UserSize
CreateItemMoniker
DoDragDrop
HGLOBAL_UserMarshal
OleRegEnumFormatEtc
OleSetClipboard
HMENU_UserMarshal
SetConvertStg
OleInitialize
OleDoAutoConvert
CoLockObjectExternal
WriteClassStm
StgOpenStorageOnILockBytes
OleQueryCreateFromData
OleGetClipboard
CreateBindCtx
StgOpenStorage
CoGetInterfaceAndReleaseStream
OleCreate
CoMarshalHresult
CreateStdProgressIndicator
CoGetStandardMarshal
OleBuildVersion
CoRevokeClassObject
CoSuspendClassObjects
CoRegisterClassObject
CLIPFORMAT_UserFree
OleCreateLinkToFile
CoTaskMemAlloc
CoGetMalloc
OleSave
StringFromCLSID
OleSetAutoConvert
CreateAntiMoniker
CoCreateInstance
CoRegisterPSClsid
StgGetIFillLockBytesOnILockBytes
OleConvertIStorageToOLESTREAM
OleCreateFromFileEx
ReadFmtUserTypeStg
HGLOBAL_UserFree
CoGetClassObject
OleGetIconOfClass
PropVariantClear
CoCreateGuid
HACCEL_UserFree
CreateFileMoniker
STGMEDIUM_UserFree
OleCreateFromFile
WriteClassStg
CreateDataCache
HACCEL_UserUnmarshal
StgSetTimes
CreateClassMoniker
OleCreateLink
HMENU_UserUnmarshal
CoTaskMemRealloc
OleConvertOLESTREAMToIStorage
HBITMAP_UserUnmarshal
CLSIDFromProgID
StgCreateDocfile
STGMEDIUM_UserMarshal
ReleaseStgMedium
CoUninitialize
OleConvertIStorageToOLESTREAMEx
OleCreateEx
GetHGlobalFromILockBytes
OleLockRunning
HGLOBAL_UserUnmarshal
CoAddRefServerProcess
OleCreateEmbeddingHelper
HMENU_UserFree
StgCreateDocfileOnILockBytes
CoRegisterSurrogate
CoGetStdMarshalEx
CreateGenericComposite
OleRun
HBITMAP_UserMarshal
OleNoteObjectVisible
CoTaskMemFree
StgCreatePropSetStg
HPALETTE_UserSize
SNB_UserUnmarshal
CoGetTreatAsClass
GetRunningObjectTable
OleGetIconOfFile
CoLoadLibrary
FreePropVariantArray
CoMarshalInterThreadInterfaceInStream
STGMEDIUM_UserUnmarshal
OleConvertOLESTREAMToIStorageEx
CoFreeUnusedLibraries
OleRegGetMiscStatus
CoFileTimeNow
CreateStreamOnHGlobal
OleDuplicateData
GetClassFile
OleDestroyMenuDescriptor
OleSaveToStream
OleRegGetUserType
MonikerRelativePathTo
CoFreeLibrary
SNB_UserSize
OleSetMenuDescriptor
CoUnmarshalInterface
HWND_UserFree
WriteFmtUserTypeStg
OleGetAutoConvert
CreateDataAdviseHolder
StgCreatePropStg
CoDisconnectObject
StringFromIID
HGLOBAL_UserSize
CoGetCurrentProcess
CreateILockBytesOnHGlobal
HWND_UserUnmarshal
StgOpenAsyncDocfileOnIFillLockBytes
CoBuildVersion
CLSIDFromString
HWND_UserSize
BindMoniker
mpr
WNetOpenEnumA
WNetAddConnectionW
WNetGetNetworkInformationA
WNetUseConnectionA
MultinetGetConnectionPerformanceW
WNetCancelConnectionA
WNetCancelConnection2A
WNetAddConnection3W
WNetGetUserA
WNetGetConnectionA
MultinetGetConnectionPerformanceA
WNetConnectionDialog
WNetGetUserW
WNetGetUniversalNameW
WNetCancelConnectionW
WNetAddConnection2W
WNetAddConnection2A
imm32
ImmSetCompositionFontW
ImmGetOpenStatus
ImmSimulateHotKey
ImmEscapeA
ImmIsUIMessageA
winspool.drv
EndPagePrinter
AddPortW
AbortPrinter
DeviceCapabilitiesA
SetPrinterDataA
DeletePortA
DeleteFormW
AddPrinterDriverW
AddPrinterConnectionW
EnumMonitorsA
DeletePrinterConnectionA
DeletePortW
DocumentPropertiesA
OpenPrinterW
DeletePrinterDataA
DeletePrinterConnectionW
AddPrintProcessorW
StartDocPrinterA
GetJobA
EnumPrintProcessorsW
ResetPrinterW
EnumPrinterDriversW
DeletePrinterKeyA
AddFormA
EnumFormsA
EnumPortsA
DeletePrintProcessorW
EnumPrintProcessorDatatypesW
GetPrinterA
GetFormA
EnumPrinterDataExW
EndDocPrinter
EnumFormsW
ClosePrinter
GetPrinterDataW
SetPortA
GetPrinterDriverW
DeletePrinterDataExA
DeletePrinterDataExW
FindFirstPrinterChangeNotification
FindNextPrinterChangeNotification
DeletePrintProcessorA
GetPrinterW
FreePrinterNotifyInfo
EnumPortsW
PrinterProperties
EnumPrinterDataExA
GetPrinterDataA
EnumPrinterKeyW
WritePrinter
shlwapi
StrCmpIW
PathIsSystemFolderW
PathIsFileSpecA
SHGetValueA
PathFindNextComponentA
PathStripPathA
PathCompactPathExW
PathCanonicalizeW
PathGetArgsA
PathParseIconLocationA
PathFindFileNameW
PathRelativePathToW
StrToIntW
PathStripPathW
SHDeleteValueA
SHRegEnumUSKeyW
StrToIntExW
StrToIntExA
SHRegWriteUSValueW
SHEnumKeyExW
PathRemoveFileSpecA
PathIsSameRootW
SHRegGetUSValueA
PathCompactPathA
PathAddBackslashW
SHRegCreateUSKeyW
PathRemoveFileSpecW
PathIsUNCServerW
comctl32
ImageList_GetIcon
oleaut32
VarBstrFromUI1
VarCyMulI4
VarCyFromI1
VarDecInt
LoadTypeLi
CreateTypeLi
VarDateFromUdate
VarWeekdayName
SafeArrayRedim
VarI4FromR4
SafeArraySetIID
LPSAFEARRAY_UserFree
SafeArrayCreateVectorEx
VarR4FromBool
VarDateFromUI2
VarFix
VarR8Pow
VarFormatCurrency
SafeArrayPutElement
VarCyMul
VarDecDiv
VarUI1FromBool
VarBstrFromR4
VarI2FromDate
VarBoolFromDec
VarUI1FromDec
SafeArrayPtrOfIndex
VarDecFromI2
SafeArrayGetUBound
VarDecFromDate
VarCyAbs
VarCySu
SafeArraySetRecordInfo
VarDateFromI2
SafeArrayCreate
VarDecFromR4
VarCyFromR8
VarBoolFromUI2
VarI4FromR8
SysAllocStringByteLen
VarFormatFromTokens
SysFreeString
VarI4FromUI1
rpcrt4
UuidCreate
NdrUserMarshalMarshall
data_into_ndr
RpcSsSetClientAllocFree
NdrEncapsulatedUnionFree
NdrConformantVaryingStructMarshall
NdrConformantVaryingArrayFree
I_RpcReceive
NdrConformantStructBufferSize
long_array_from_ndr
NdrNonConformantStringMemorySize
RpcBindingSetAuthInfoA
tree_into_ndr
MesDecodeBufferHandleCreate
RpcSmGetThreadHandle
RpcBindingInqAuthClientA
NdrNonEncapsulatedUnionUnmarshall
NdrFixedArrayMarshall
RpcMgmtSetComTimeout
RpcServerUseProtseqA
MesEncodeDynBufferHandleCreate
NDRCContextUnmarshall
RpcEpRegisterW
NdrOleAllocate
RpcServerUseAllProtseqsIfEx
RpcBindingInqAuthInfoExW
NdrRpcSsDisableAllocate
data_size_ndr
NdrComplexStructBufferSize
NdrUserMarshalFree
RpcProtseqVectorFreeW
NdrConformantVaryingStructFree
NdrConformantVaryingStructBufferSize
NdrConformantStructFree
RpcBindingInqAuthInfoExA
NdrConformantStringMarshall
UuidFromStringW
NdrSendReceive
RpcServerUseProtseqIfExW
NdrServerInitializeMarshall
RpcMgmtInqIfIds
NdrOleFree
NdrXmitOrRepAsUnmarshall
NdrPointerBufferSize
NdrFullPointerFree
RpcProtseqVectorFreeA
NdrComplexArrayMarshall
UuidEqual
NdrSimpleTypeUnmarshall
NDRSContextMarshallEx
RpcEpRegisterNoReplaceW
NdrFixedArrayUnmarshall
NdrSimpleStructMarshall
NdrServerInitializePartial
NdrSimpleStructMemorySize
MesIncrementalHandleReset
RpcAsyncAbortCall
NdrConformantVaryingStructUnmarshall
RpcServerListen
NdrConformantArrayMemorySize
UuidIsNil
NdrComplexArrayBufferSize
NdrServerUnmarshall
RpcAsyncRegisterInfo
NdrAllocate
RpcStringFreeW
RpcBindingVectorFree
RpcNsBindingInqEntryNameA
NdrFullPointerQueryRefId
NdrUserMarshalSimpleTypeConvert
NdrMesSimpleTypeAlignSize
NdrInterfacePointerMemorySize
RpcServerUnregisterIf
I_RpcIfInqTransferSyntaxes
NdrEncapsulatedUnionUnmarshall
RpcServerUseProtseqExA
RpcObjectSetType
NdrConformantVaryingStructMemorySize
NdrServerInitialize
IUnknown_QueryInterface_Proxy
NdrNonEncapsulatedUnionFree
RpcStringBindingComposeW
RpcMgmtStopServerListening
UuidHash
NdrUserMarshalBufferSize
NdrVaryingArrayMemorySize
RpcBindingInqOption
NdrNsSendReceive
NdrStubCall2
enum_from_ndr
NdrUserMarshalUnmarshall
NdrFreeBuffer
I_RpcDeleteMutex
RpcMgmtEpEltInqNextW
RpcServerTestCancel
NdrNonConformantStringMarshall
NdrInterfacePointerFree
short_from_ndr_temp
RpcServerUseProtseqIfA
RpcMgmtSetCancelTimeout
RpcSsAllocate
MesEncodeFixedBufferHandleCreate
RpcRevertToSelf
NdrSimpleStructFree
MIDL_wchar_strlen
NdrMapCommAndFaultStatus
RpcEpResolveBinding
RpcRevertToSelfEx
NdrRpcSmClientAllocate
NdrComplexStructMarshall
RpcMgmtInqStats
RpcBindingSetAuthInfoExW
NdrFullPointerXlatInit
RpcImpersonateClient
IUnknown_AddRef_Proxy
I_RpcBindingInqDynamicEndpointW
short_from_ndr
NdrRpcSsDefaultAllocate
NdrServerContextMarshall
UuidToStringA
NdrPointerMarshall
RpcAsyncGetCallStatus
NdrSimpleStructBufferSize
NdrNonEncapsulatedUnionMarshall
RpcCancelThread
I_RpcPauseExecution
RpcSsSetThreadHandle
NdrServerCall2
NdrClientInitialize
NdrMesSimpleTypeEncode
RpcSsFree
NdrStubCall
NdrConformantStringUnmarshall
NdrRpcSmClientFree
MesInqProcEncodingId
I_RpcBindingInqDynamicEndpointA
short_array_from_ndr
NdrFixedArrayBufferSize
I_RpcServerInqTransportType
data_from_ndr
NdrServerInitializeNew
NdrConvert
RpcServerRegisterIfEx
I_RpcNsBindingSetEntryNameA
RpcSmFree
RpcMgmtInqComTimeout
NdrAsyncServerCall
NDRSContextUnmarshallEx
NdrConformantStringMemorySize
tree_peek_ndr
I_RpcAsyncAbortCall
RpcServerUseProtseqIfExA
RpcServerInqIf
I_RpcBindingInqTransportType
NdrSimpleStructUnmarshall
NdrPointerFree
NdrServerCall
NdrConvert2
MesEncodeIncrementalHandleCreate
UuidFromStringA
long_from_ndr
NdrMesTypeAlignSize
RpcBindingInqAuthInfoA
NdrSimpleTypeMarshall
RpcBindingToStringBindingA
NdrGetDcomProtocolVersion
NdrServerContextUnmarshall
NdrRpcSsDefaultFree
RpcServerUseAllProtseqs
advapi32
OpenProcessToken
RegGetKeySecurity
RegSetKeySecurity
RegCloseKey
OpenSCManagerW
GetSidSubAuthorityCount
RevertToSelf
CloseServiceHandle
RegQueryValueExA
LookupAccountNameW
RegQueryValueExW
RegOpenKeyA
SetSecurityDescriptorGroup
LsaRetrievePrivateData
RegisterServiceCtrlHandlerW
SetNamedSecurityInfoA
DuplicateTokenEx
AccessCheck
GetAce
AllocateLocallyUniqueId
GetSecurityDescriptorSacl
LsaOpenPolicy
RegCreateKeyW
RegEnumKeyA
LookupPrivilegeValueA
QueryServiceStatus
MakeSelfRelativeSD
SetFileSecurityA
DeleteService
FreeSid
SetEntriesInAclW
GetUserNameW
RegEnumValueW
LsaAddAccountRights
RegSetValueA
RegEnumValueA
ImpersonateLoggedOnUser
DuplicateToken
RegisterEventSourceW
LogonUserW
GetKernelObjectSecurity
RegSaveKeyA
ControlService
IsValidSid
EncryptFileW
StartServiceCtrlDispatcherW
RegDeleteKeyW
RegEnumKeyExW
RegCreateKeyA
GetSecurityInfo
RegisterEventSourceA
SetSecurityInfo
LsaEnumerateAccountRights
LockServiceDatabase
IsValidAcl
IsTextUnicode
QueryServiceConfigA
EnumDependentServicesW
GetSecurityDescriptorDacl
GetSidLengthRequired
RegOpenKeyW
AddAccessDeniedAce
GetSecurityDescriptorOwner
GetTokenInformation
RegisterServiceCtrlHandlerA
GetFileSecurityA
RegCreateKeyExW
SetThreadToken
AllocateAndInitializeSid
RegSetValueExA
RegSetValueExW
RegRestoreKeyW
GetNamedSecurityInfoW
LookupPrivilegeValueW
AddAce
RegNotifyChangeKeyValue
RegUnLoadKeyW
InitiateSystemShutdownA
MakeAbsoluteSD
RegDeleteKeyA
RegQueryValueW
RegDeleteValueA
LsaNtStatusToWinError
SetServiceStatus
RegOpenKeyExW
LsaClose
CopySid
RegUnLoadKeyA
RegQueryInfoKeyW
SetTokenInformation
GetFileSecurityW
SetSecurityDescriptorOwner
RegCreateKeyExA
MapGenericMask
GetLengthSid
EqualSid
RegConnectRegistryA
AdjustTokenPrivileges
RegConnectRegistryW
OpenServiceA
LsaQueryInformationPolicy
SetSecurityDescriptorSacl
ReportEventA
SetFileSecurityW
ChangeServiceConfigA
InitializeSecurityDescriptor
LsaFreeMemory
RegOpenKeyExA
StartServiceCtrlDispatcherA
GetAclInformation
SetEntriesInAclA
AddAccessAllowedAce
UnlockServiceDatabase
OpenServiceW
ReportEventW
GetSidSubAuthority
RegDeleteValueW
GetSecurityDescriptorGroup
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
ChangeServiceConfigW
RegLoadKeyA
RegLoadKeyW
DeregisterEventSource
GetSidIdentifierAuthority
ImpersonateSelf
resutils
ResUtilGetDwordValue
ResUtilGetBinaryProperty
ResUtilDupParameterBlock
ResUtilStopService
ResUtilGetPrivateProperties
ResUtilFindDwordProperty
ResUtilEnumPrivateProperties
ResUtilStopResourceService
ResUtilVerifyPropertyTable
ResUtilSetPropertyParameterBlock
ResUtilGetBinaryValue
ResUtilGetResourceDependency
ResUtilAddUnknownProperties
kernel32
FreeLibrary
GetCommState
FindAtomA
CreateDirectoryA
GetSystemDirectoryW
GetBinaryTypeA
GetProcessHeap
CreateProcessA
GetModuleHandleA
GetStartupInfoA
GetExitCodeProcess
mfc42
ord4274
ord815
ord2514
ord641
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord4673
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord4234
ord5265
ord4376
ord4853
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord1576
ord3830
ord1168
Sections
.text Size: 116KB - Virtual size: 113KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 108KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ