Static task
static1
Behavioral task
behavioral1
Sample
9456dccee3d9262d204857913a63c6fdb0a5767ce087cf5eabda758c7864b683.exe
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral2
Sample
9456dccee3d9262d204857913a63c6fdb0a5767ce087cf5eabda758c7864b683.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
General
-
Target
9456dccee3d9262d204857913a63c6fdb0a5767ce087cf5eabda758c7864b683
-
Size
798KB
-
MD5
a03c080b131c7ffdd0fa35c219c12383
-
SHA1
579b4012714ef6ac2de4f535bdf07c0f6e9132af
-
SHA256
9456dccee3d9262d204857913a63c6fdb0a5767ce087cf5eabda758c7864b683
-
SHA512
d834bc089acc9f80c2c71c504178b5ce0fd720dfb7f98f69ade6f5b9399ceff5b7da237402f28a8d3819fd1d4ee24a6000fb1ee96efa42abdf4c3e10770a1151
-
SSDEEP
12288:RJXGqdlI43clKUXYjq8/7BnFCcZGVRHR0e54YHwB:zXGqdZMlNIjtDCRHR0ePHwB
Malware Config
Signatures
Files
-
9456dccee3d9262d204857913a63c6fdb0a5767ce087cf5eabda758c7864b683.exe windows x86
431d442e83e6d909563ec411a319a09f
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
btwapi
?HSP_DisconnectGateway@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?FaxRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?LapDisconnect@CWBtAPI@@QAE?AW4WBtRc@@QAE@Z
?DunRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?SppRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?SetOnSppStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?SetOnDunStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?SetOnLapStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?SetOnFaxStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?SetOnHSPConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JJ@Z0@Z
?SetOnHidStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEHJ@Z0@Z
?SetOnSyncSynchronizeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEJ@Z0@Z
?SetOnSyncProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEJJJJ@Z0@Z
?SyncSynchronize@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBD@Z
?SyncAbort@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SetOnSyncAbortCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJ@Z0@Z
?ClearSyncAbortCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearSyncSynchronizeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearSyncProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearHidStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearHSPConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SppCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?DunCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?LapCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?FaxCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?HAG_ConnectHeadsetUuid@CWBtAPI@@QAE?AW4WBtRc@@QAEPBDG@Z
?HSP_ConnectGateway@CWBtAPI@@QAE?AW4WBtRc@@QAEPBD@Z
?Hid_Connect@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?BTAuthorizeRequestCallback@CWBtAPI@@QAE?AW4WBtRc@@QAE00JJJ@Z
?FTP_ServerEventAuthorization@CWBtAPI@@QAE?AW4WBtRc@@JJJPA_W@Z
?OPP_ServerEventAuthorization@CWBtAPI@@QAE?AW4WBtRc@@JJJPA_W@Z
?OAPP_AuthenticateAuthentication@CWBtAPI@@QAE?AW4WBtRc@@JJJPBD0@Z
?SyncResolveConflict@CWBtAPI@@QAE?AW4WBtRc@@JJH@Z
?SyncAuthorize0Vcf@CWBtAPI@@QAE?AW4WBtRc@@JJJPA_W@Z
?SyncDeleteConfirmation@CWBtAPI@@QAE?AW4WBtRc@@JH@Z
?BTManageSecurity@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SetOnBTPINCodeRequest@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11PA_W@Z0@Z
?SetOnBTAuthorizeRequest@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JPA_W@Z0@Z
?SetOnAuthenticationCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11J@Z0@Z
?SetOnLinkKeyNotificationCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE111@Z0@Z
?SetOnStackStateChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJ@Z0@Z
?SetOnOPPServerEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAE11JPA_W@Z0@Z
?SetOnFTPServerEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAE11JPA_W@Z0@Z
?SetOnOAPPAuthenticateCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAE11_N2JPA_W3@Z0@Z
?SetOnSyncServerEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAE11JPA_W@Z0@Z
?SetOnSyncConflictEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JPA_WJJ@Z0@Z
?SetOnSync0VcfEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JPA_W@Z0@Z
?SetOnHFPNotificationCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JJJPA_W@Z0@Z
?SetOnSyncDeleteEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JPA_WJ@Z0@Z
?SetOnConfigurationResetCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAX@Z0@Z
?SetOnLocalServiceStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXPAUtBT_SERVICE_INFO@@@Z0@Z
?SetOnHAGConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JJ@Z0@Z
?BTPINCodeRequestCallback@CWBtAPI@@QAE?AW4WBtRc@@QAE000FJJJ@Z
?GapGetInquiredDevices@CWBtAPI@@QAE?AW4WBtRc@@PAJJPAUtBT_BASIC_DEV_INFO@@@Z
?BtmDeviceIsReady@CWBtAPI@@QAEHXZ
?GapBond@CWBtAPI@@QAE?AW4WBtRc@@QAEJ0J@Z
?GapBond_64@CWBtAPI@@QAE?AW4WBtRc@@QAEJ0JJ@Z
?ClearDeviceLostCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?Hid_Disconnect@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?GapGetLocalServices@CWBtAPI@@QAE?AW4WBtRc@@PAHHPAUtBT_SERVICE_INFO@@@Z
?ClearHAGConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearFaxStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearLapStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearDunStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearSppStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SetOnDeviceFoundCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11H@Z0@Z
?ConnectToServer@CWBtAPI@@QAE?AW4WBtRc@@_NI00@Z
??0CWBtAPI@@QAE@XZ
?GapGetServiceState@CWBtAPI@@QAE?AW4WBtRc@@QAEPAU_GUID@@PBDPAJ3@Z
?GapGetActiveConnections@CWBtAPI@@QAE?AW4WBtRc@@PAJJPAUtBT_ACTIVE_CONNS@@@Z
?LapRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?GapStopInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SetOnDeviceLostCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE@Z0@Z
?SetOnDeviceStatusCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
?SetOnInquiryCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJF@Z0@Z
?SetOnOppPushCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPA_WJ@Z0@Z
?SetOnOppPullCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPA_WJ@Z0@Z
?SetOnOppExchangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPA_WJ@Z0@Z
?GapGetAvailableServices@CWBtAPI@@QAE?AW4WBtRc@@QAEPAHHPAUtBT_SERVICE_INFO@@@Z
?GapGetApplicationState@CWBtAPI@@QAE?AW4WBtRc@@QAEPAU_GUID@@PBDPAJ3@Z
??1CWBtAPI@@QAE@XZ
?OppAbort@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?ClearDeviceFoundCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SetOnOppProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPA_WJJJ@Z0@Z
?SetOnOppAbortCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
?GapStartInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ
?HAG_DisconnectHeadset@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?ClearDeviceStatusCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?OppExchange@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBDPA_W3PAJ@Z
?OppPush@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBDPA_WPAJ@Z
?OppPull@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBDPA_WPAJJ@Z
?SetOnDiscoveryEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEGJ@Z0@Z
?BtmResetConfiguration@CWBtAPI@@QAE?AW4WBtRc@@XZ
?GapStartDiscovery@CWBtAPI@@QAE?AW4WBtRc@@PAEH@Z
?ClearDiscoveryEventCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
btosif
?getJobTitle@CBTvCard@@QAEHPADH@Z
?getID@CBTvCard@@QAEHPADH@Z
OSIF_FreeObject
OSIF_GetObjectName
OSIF_CodeToString
OSIF_WriteObject
OSIF_GetNextObject
?getTitle@CBTvCard@@QAEHPADH@Z
OSIF_GetObjectById
OSIF_AddObject
OSIF_ModifyObject
OSIF_ObjectsConflict
?getCompany@CBTvCard@@QAEHPADH@Z
OSIF_ReadObjects
OSIF_GetObjectCount
OSIF_Close
OSIF_OpenX
OSIF_Open
OSIF_IsPresent
OSIF_IsPimSupported
OSIF_IsSupported
?getSuffix@CBTvCard@@QAEHPADH@Z
?getEmailAddress@CBTvCard@@QAEHPADH@Z
??0CBTvCard@@QAE@XZ
?Parse@CBTvCard@@QAEHPA_W@Z
?getDepartment@CBTvCard@@QAEHPADH@Z
?getWorkPhone@CBTvCard@@QAEHPADH@Z
?getWorkFax@CBTvCard@@QAEHPADH@Z
?getMobilePhone@CBTvCard@@QAEHPADH@Z
?getHomePhone@CBTvCard@@QAEHPADH@Z
?getWorkAddress@CBTvCard@@QAEHPADH@Z
?getHomeAddress@CBTvCard@@QAEHPADH@Z
?LoadFromVCard@CBTvCard@@QAEXABUtagvCard@@@Z
?getFirstName@CBTvCard@@QAEHPADH@Z
?getLastName@CBTvCard@@QAEHPADH@Z
OSIF_FindObject
?getMiddleName@CBTvCard@@QAEHPADH@Z
?getName@CBTvCard@@QAEHPADH@Z
OSIF_GetFirstObject
??1CBTvCard@@QAE@XZ
setupapi
SetupGetInfFileListW
SetupOpenInfFileW
SetupGetLineCountW
SetupDiEnumDeviceInfo
SetupGetStringFieldW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupGetFieldCount
SetupDiGetDeviceRegistryPropertyW
SetupGetLineByIndexW
SetupDiOpenDevRegKey
SetupCloseInfFile
SetupDiGetDeviceInterfaceDetailW
SetupDiClassGuidsFromNameW
SetupDiDestroyDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiGetDeviceInstanceIdW
SetupDiOpenDeviceInterfaceRegKey
SetupDiCreateDeviceInfoList
shlwapi
SHGetValueW
SHSetValueW
PathIsDirectoryW
PathFindExtensionW
PathFileExistsW
rasapi32
RasGetErrorStringW
winmm
PlaySoundW
msi
ord76
ord74
btwhidcs
?WaitNoInstallEvents@CBtHidExtRoot@@QAEHKK@Z
?getStack@@YAPAVCBtHidExtRoot@@XZ
?readSettings@CBtHidExtRoot@@SAXPAHPAK001111@Z
?getBatteryStatus@CBtHidExtRoot@@QAEHPAE0PAH1@Z
ws2_32
bind
getsockname
socket
closesocket
WSACleanup
WSAStartup
WSALookupServiceBeginW
WSALookupServiceNextW
WSAGetLastError
WSALookupServiceEnd
WSAAddressToStringW
irprops.cpl
BluetoothIsDiscoverable
mfc80u
ord581
ord1200
ord1162
ord1087
ord315
ord765
ord4226
ord1174
ord5343
ord6306
ord2465
ord2305
ord917
ord6211
ord4054
ord6291
ord5325
ord2904
ord5873
ord5626
ord2116
ord5091
ord2744
ord2747
ord2740
ord3092
ord3314
ord2321
ord555
ord5342
ord1443
ord764
ord443
ord3238
ord676
ord577
ord280
ord5727
ord2361
ord2895
ord3678
ord760
ord3331
ord4255
ord4480
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2856
ord2708
ord4301
ord2829
ord2725
ord2531
ord5196
ord1590
ord1646
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4716
ord3397
ord5210
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1393
ord3940
ord1608
ord1611
ord5911
ord6721
ord762
ord4276
ord1243
ord6000
ord1176
ord3157
ord3204
ord1925
ord1271
ord3198
ord870
ord2362
ord2085
ord4094
ord1946
ord3635
ord605
ord4026
ord776
ord293
ord354
ord3176
ord4256
ord5199
ord1392
ord5908
ord6720
ord1542
ord1661
ord1662
ord2011
ord4884
ord4206
ord5178
ord1784
ord1883
ord6232
ord1386
ord6063
ord287
ord3756
ord2651
ord4574
ord4729
ord899
ord283
ord1479
ord282
ord6700
ord4119
ord583
ord591
ord658
ord896
ord774
ord1785
ord2311
ord2860
ord3249
ord6086
ord2155
ord2167
ord1299
ord3869
ord1555
ord416
ord4347
ord777
ord2310
ord5869
ord3855
ord1476
ord2893
ord2942
ord5803
ord3922
ord266
ord265
ord6061
ord5485
ord5438
ord1182
ord1178
ord5709
ord1079
ord2366
ord1894
ord572
ord3165
ord2985
ord4228
ord1538
ord2080
ord4092
ord1474
ord1922
ord3224
ord2952
ord4232
ord2083
ord2364
ord5862
ord3873
ord6751
ord6749
ord3390
ord3151
ord1534
ord1626
ord1058
ord1605
ord3590
ord3902
ord3677
ord4535
ord757
ord566
ord3327
ord4475
ord2832
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord1049
ord2239
ord3589
ord570
ord5563
ord4563
ord5223
ord759
ord2240
ord3629
ord3435
ord715
ord741
ord3311
ord4234
ord1582
ord2086
ord3286
ord1572
ord1634
ord4112
ord2159
ord900
ord5609
ord1472
ord4109
ord1906
ord860
ord5524
ord3927
ord6111
ord5829
ord1731
ord2932
ord1274
ord4902
ord6140
ord6219
ord6116
ord5398
ord2460
ord1970
ord2261
ord4078
ord4098
ord587
ord291
ord3158
ord1198
ord1536
ord2077
ord1765
ord3990
ord3330
ord6173
ord1118
ord1396
ord2656
ord745
ord557
ord1403
ord2788
ord2657
ord2491
ord2260
ord3645
ord2151
ord2867
ord2340
ord5327
ord6293
ord1571
ord6282
ord1172
ord5316
ord2936
ord314
ord5406
ord1616
ord461
ord380
ord3264
ord2696
ord2700
ord5489
ord2121
ord6002
ord5712
ord5711
ord3195
ord2697
ord629
ord384
ord5558
ord6167
ord1457
ord866
ord744
msvcr80
?terminate@@YAXXZ
_except_handler4_common
_decode_pointer
_onexit
_lock
_invoke_watson
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_controlfp_s
_crt_debugger_hook
__dllonexit
__wgetmainargs
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
__CxxFrameHandler3
_beginthreadex
memset
memcmp
strlen
memcpy
strncpy_s
free
_swprintf
wcscpy
swscanf
calloc
_recalloc
_wcsicmp
_time64
labs
wcscat
wcslen
_memicmp
_stricmp
strcpy
_purecall
_wsplitpath
wcscat_s
_localtime64_s
ceil
floor
wcsncpy
wcsncat
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
memmove_s
vsprintf_s
realloc
wcscmp
wcscpy_s
rand
srand
atof
sprintf
wcsrchr
sscanf
strcmp
_wcsupr
wcsstr
malloc
strncmp
strcat
isprint
wcsncmp
_strupr
strstr
_wtoi
vswprintf_s
_wcsdup
wcschr
_wtof
wcstok_s
_vswprintf
vsprintf
toupper
isdigit
strncpy
wcsftime
wcstombs
strchr
__doserrno
fputs
clearerr_s
feof
fgets
strtok
_strdup
_amsg_exit
exit
_cexit
_exit
_XcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
kernel32
lstrlenW
lstrlenA
GetLocaleInfoW
IsValidCodePage
MultiByteToWideChar
GetVersionExW
CreateFileA
OutputDebugStringA
WideCharToMultiByte
Sleep
WaitForSingleObject
TerminateThread
CreateFileW
SetThreadPriority
DeviceIoControl
GetLastError
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
CloseHandle
InterlockedCompareExchange
LocalAlloc
LoadLibraryA
ExpandEnvironmentStringsA
GetSystemDefaultLangID
CreateDirectoryW
GetCurrentDirectoryW
GetUserDefaultUILanguage
GlobalMemoryStatus
DeleteFileW
GetModuleFileNameW
GetFileAttributesW
GetModuleHandleA
lstrcmpiW
GlobalAlloc
GlobalFree
FormatMessageW
LocalFree
GetEnvironmentVariableW
GetExitCodeProcess
FindFirstFileW
FindClose
CreateMutexW
CallNamedPipeA
ReleaseMutex
GetTempPathW
EnumResourceNamesW
lstrcpynW
GetVersion
ExpandEnvironmentStringsW
LoadLibraryExW
OpenEventW
InterlockedExchange
lstrcmpW
lstrcpyW
GetCurrentProcess
SuspendThread
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateThread
GetWindowsDirectoryW
SetThreadExecutionState
SetEvent
GetTickCount
GetSystemTime
WinExec
GetSystemDirectoryW
CreateProcessW
CreateEventW
WaitForMultipleObjects
ResetEvent
GetComputerNameW
OutputDebugStringW
FreeLibrary
InterlockedDecrement
DeleteCriticalSection
InterlockedIncrement
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
LoadLibraryW
GetProcAddress
SetLastError
user32
TranslateMessage
GetSystemMetrics
GetDC
ReleaseDC
GetWindowLongW
GetWindowTextW
GetClassNameW
DestroyWindow
GetWindowThreadProcessId
DispatchMessageW
MsgWaitForMultipleObjects
SetWindowPos
SetDlgItemTextW
IsWindow
TranslateAcceleratorW
LoadAcceleratorsW
RegisterWindowMessageW
KillTimer
ClientToScreen
GetMenuState
GetMenuItemCount
EnableMenuItem
AppendMenuW
DeleteMenu
IsMenu
SetTimer
FindWindowExW
SetMenuDefaultItem
DestroyIcon
GetCursorPos
TrackPopupMenu
LoadMenuW
GetSubMenu
DestroyMenu
SetWinEventHook
UnhookWinEvent
UnregisterDeviceNotification
RegisterDeviceNotificationW
MessageBoxW
GetParent
LoadIconW
LoadImageW
PostThreadMessageW
FindWindowW
wvsprintfW
GetDesktopWindow
InvalidateRect
UpdateWindow
SetClassLongW
CreateWindowExW
CheckRadioButton
CheckDlgButton
GetDlgItem
LoadStringW
SendInput
GetForegroundWindow
CallWindowProcW
CreatePopupMenu
GetClientRect
SendMessageW
IsRectEmpty
PostMessageW
GetSysColor
LoadCursorW
SetCursor
wsprintfW
FillRect
EnableWindow
PeekMessageW
BringWindowToTop
GetWindowRect
SetForegroundWindow
gdi32
GetTextExtentPoint32W
GetCurrentObject
Polyline
GetObjectW
CreateFontIndirectW
CreateSolidBrush
comdlg32
GetOpenFileNameW
winspool.drv
EnumJobsW
OpenPrinterW
ClosePrinter
ord203
GetPrinterW
EnumPrintersW
advapi32
CryptGenKey
OpenServiceW
OpenSCManagerW
RegEnumKeyW
RegEnumValueW
RegDeleteValueW
ControlService
StartServiceW
CryptAcquireContextW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CloseEventLog
NotifyChangeEventLog
OpenEventLogW
ReadEventLogW
GetOldestEventLogRecord
GetNumberOfEventLogRecords
RegNotifyChangeKeyValue
RegCreateKeyExW
RegSetValueExW
CryptReleaseContext
CryptSetProvParam
InitializeSecurityDescriptor
CryptDestroyKey
CryptEncrypt
RegOpenKeyExA
GetUserNameW
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
CryptImportKey
CryptDecrypt
CryptGetUserKey
CryptExportKey
QueryServiceStatus
shell32
ShellExecuteW
SHCreateDirectoryExW
SHAppBarMessage
Shell_NotifyIconW
ole32
CoUninitialize
CoInitializeEx
oleaut32
SystemTimeToVariantTime
SysAllocString
SysFreeString
VarBstrFromDate
VariantTimeToSystemTime
msvcp80
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
btballoon
BalloonTooltip_Delete
BalloonTooltip_Create
BalloonTooltip_Move
BalloonTooltip_RegisterClass
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
Sections
.text Size: 496KB - Virtual size: 492KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 168KB - Virtual size: 165KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 24KB - Virtual size: 367KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 100KB - Virtual size: 100KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE