?UnicodeStr@FObj@@YA?AVCUnicodeString@1@ABVCRect@1@@Z
__FineObjUsed
Behavioral task
behavioral1
Sample
0dd5448d8b037d4ada9d14ccaf7193e9decd613acca9ebe3e0c9f130d51a605a.exe
Resource
win7-20220812-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
0dd5448d8b037d4ada9d14ccaf7193e9decd613acca9ebe3e0c9f130d51a605a.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
0dd5448d8b037d4ada9d14ccaf7193e9decd613acca9ebe3e0c9f130d51a605a
-
Size
756KB
-
MD5
43dfeae33d126c8b7c202551aa42d842
-
SHA1
429f92249497ec6b1e717f8e6719f3522578e5a0
-
SHA256
0dd5448d8b037d4ada9d14ccaf7193e9decd613acca9ebe3e0c9f130d51a605a
-
SHA512
e2b7333aec3d6dfa89778cb92a1c313bf71609da792890b583b6dd89aa4321149763e355fa2b890681788fe4da97800a0af9a2f71f981521469cb0d5339eda08
-
SSDEEP
12288:ibvrpWbrDuJlEswjYqG5YNLzqlpMzfTReZKdx:ibjpsawclzMzEKdx
Score
8/10
Malware Config
Signatures
-
Processes:
resource yara_rule sample upx
Files
-
0dd5448d8b037d4ada9d14ccaf7193e9decd613acca9ebe3e0c9f130d51a605a.exe windows x86
4e09d99f61659389cedb545d2f73e6e1
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
InterlockedIncrement
LoadResource
GlobalFree
GlobalUnlock
GlobalLock
InterlockedDecrement
GetModuleFileNameA
GetLastError
LoadLibraryA
GetSystemDirectoryA
ResetEvent
GlobalAlloc
LockResource
FreeLibrary
GetUserDefaultLCID
MulDiv
lstrcpynA
GetTickCount
GetUserDefaultLangID
GetSystemDefaultLangID
GetSystemTime
GlobalMemoryStatus
GetLocalTime
CompareStringA
InterlockedExchange
GetModuleHandleA
WaitForMultipleObjects
GetWindowsDirectoryA
GetComputerNameA
ReleaseMutex
SetLastError
CloseHandle
WaitForSingleObject
GetCurrentProcessId
ExitProcess
WriteFile
user32
GetDC
UpdateWindow
DrawEdge
PostQuitMessage
ReleaseDC
SetFocus
EnableMenuItem
IsWindow
GetMenuItemCount
GetKeyState
InvalidateRect
DestroyWindow
GetFocus
IsChild
GetCapture
SetForegroundWindow
KillTimer
SetTimer
SetActiveWindow
AdjustWindowRect
GetWindowRect
SetParent
GetParent
DrawFocusRect
IsIconic
ClientToScreen
IsWindowVisible
SetWindowPos
GetDlgCtrlID
GetWindow
GetClientRect
SetCursor
GetSubMenu
CopyRect
GetDesktopWindow
TrackPopupMenu
IsWindowEnabled
MessageBoxA
GetSysColor
GetSystemMetrics
GetCursorPos
ShowScrollBar
FillRect
SetCapture
ReleaseCapture
SetCursorPos
ScreenToClient
DrawTextA
DestroyIcon
DestroyCursor
GetAsyncKeyState
GetLastActivePopup
MsgWaitForMultipleObjects
GetQueueStatus
gdi32
CreatePen
CreatePalette
CreateDIBitmap
RealizePalette
SelectPalette
GetDeviceCaps
DeleteObject
GetStockObject
DeleteDC
StretchDIBits
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetTextColor
PatBlt
CreateRectRgnIndirect
SetBkMode
Rectangle
BitBlt
comdlg32
CommDlgExtendedError
fineobj
??0CUnicodeSet@FObj@@QAE@PBG@Z
?GetStatus@CFile@FObj@@SAXABVCUnicodeString@2@AAUCFileStatus@2@@Z
??0CTime@FObj@@QAE@HHHHHHHH@Z
?HashKey@@YAHPBG@Z
?UnicodeStr@FObj@@YA?AVCUnicodeString@1@KH@Z
?UpperPrimeNumber@FObj@@YAHH@Z
?ERR_CANT_LOAD_DLL@FObj@@3VCError@1@A
?ThrowUserException@FObj@@YAXXZ
?GetFineObjectsVersion@FObj@@YAHXZ
?GetModuleFileNameW@FileSystem@FObj@@YA?AVCUnicodeString@2@PAUHINSTANCE__@@@Z
?IsWindows95@FObj@@YA_NXZ
??1CUnicodeSet@FObj@@QAE@XZ
?GetDrivePath@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
?replaceStr@CUnicodeString@FObj@@AAEXHHPBGH@Z
?Value@CUnicodeString@FObj@@QBE_NAAKH@Z
?CompareSubstr@CUnicodeString@FObj@@QBEHHPBGH@Z
?Trim@CUnicodeString@FObj@@QAEXXZ
?SubstParam@CMessage@FObj@@QBE?AVCUnicodeString@2@ABV32@000@Z
?GetApplicationDataPath@FileSystem@FObj@@YA?AVCUnicodeString@2@W4TApplicationDataPathType@12@@Z
?GetTemporaryDir@TempFile@FObj@@YA?AVCUnicodeString@2@XZ
?MessageBoxW@FObj@@YAHPBGH@Z
?RemoveIgnoreErrors@FileSystem@FObj@@YA_NABVCUnicodeString@2@@Z
??0CUnicodeString@FObj@@QAE@PBGH@Z
??0CUnicodeString@FObj@@QAE@GH@Z
?GetBufferSetLength@CUnicodeString@FObj@@QAEPAGH@Z
??0CString@FObj@@QAE@DH@Z
??GCPoint@FObj@@QBE?AVCSize@1@UtagPOINT@@@Z
??0CPoint@FObj@@QAE@UtagSIZE@@@Z
??0rational@FObj@@QAE@HH@Z
??0CString@FObj@@QAE@PBGI@Z
?IsRegisteredClassName@FObj@@YA_NABVCUnicodeString@1@@Z
?GetObjectClassName@FObj@@YA?AVCUnicodeString@1@PBVIObject@1@@Z
?HasRegisteredClassName@FObj@@YA_NABVtype_info@@@Z
?Value@CUnicodeString@FObj@@QBE_NAAN@Z
?Cmp@CUnicodeString@FObj@@SAHPBV12@0@Z
?getWritePtr@CArchive@FObj@@AAEPAXH@Z
?RegisterCreateObjectFunction@FObj@@YAXP6A?AV?$CPtr@VIObject@FObj@@@1@XZABVtype_info@@ABVCUnicodeString@1@@Z
?UnregisterCreateObjectFunction@FObj@@YAXABVtype_info@@@Z
?Close@CFile@FObj@@UAEXXZ
?GetAttributes@FileSystem@FObj@@YAKABVCUnicodeString@2@@Z
?SetLength@CFile@FObj@@UAEXH@Z
?GetLength@CFile@FObj@@UBEHXZ
?Flush@CFile@FObj@@UAEXXZ
?IsTempFile@TempFile@FObj@@YA_NABVCUnicodeString@2@@Z
?Delete@TempFile@FObj@@YAXABVCUnicodeString@2@@Z
??0CFile@FObj@@QAE@ABVCUnicodeString@1@I@Z
?Seek@CFile@FObj@@UAEHHW4TSeekPosition@CBaseFile@2@@Z
?ERR_BAD_ARCHIVE_VERSION@FObj@@3VCError@1@A
??5FObj@@YAAAVCArchive@0@AAV10@AAVCString@0@@Z
??6FObj@@YAAAVCArchive@0@AAV10@ABVCString@0@@Z
?fillBuffer@CArchive@FObj@@AAEXH@Z
?Write@CMemoryFile@FObj@@UAEXPBXH@Z
??0CMessage@FObj@@QAE@PBGH@Z
??1CMessage@FObj@@QAE@XZ
??1CUnicodeString@FObj@@QAE@XZ
?destroy@CUnicodeStringBody@FObj@@QAEXXZ
??0CUnicodeString@FObj@@QAE@PBG@Z
??3@YAXPAX@Z
??1CString@FObj@@QAE@XZ
?concatStr@CUnicodeString@FObj@@AAEXPBGH@Z
?UnicodeStr@CMessage@FObj@@QBE?AVCUnicodeString@2@XZ
?destroy@CStringBody@FObj@@QAEXXZ
?SubstParam@CMessage@FObj@@QBE?AVCUnicodeString@2@ABV32@0@Z
?CreateUnicodeString@CString@FObj@@QBE?AVCUnicodeString@2@I@Z
??0CString@FObj@@QAE@PBD@Z
?FindResourceW@FObj@@YAPAUHINSTANCE__@@PBG0@Z
?GenAssert@FObj@@YAXPBGJ@Z
??0CSetupBase@FObj@@IAE@ABVCUnicodeString@1@0W4TSetupType@1@@Z
??2@YAPAXI@Z
?LoadModule@FObj@@YAPAUHINSTANCE__@@PBG@Z
?LoadStringW@FObj@@YA_NHAAVCUnicodeString@1@@Z
?emptyStringBody@CUnicodeStringBody@FObj@@2V12@A
?assignStr@CUnicodeString@FObj@@AAEXPBGH@Z
??0CMemoryFile@FObj@@QAE@H@Z
?Delete@CException@FObj@@QAEXXZ
?Warning@FObj@@YAXPAVCException@1@@Z
?GetName@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
?SubstParam@CMessage@FObj@@QBE?AVCUnicodeString@2@ABV32@@Z
?AccessFile@FileSystem@FObj@@YA_NABVCUnicodeString@2@I@Z
?CompareNoCase@CUnicodeString@FObj@@QBEHPBG@Z
?GetExt@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
?DecRef@CUnicodeStringBody@FObj@@QAEXXZ
?ReplaceExt@FileSystem@FObj@@YAXAAVCUnicodeString@2@ABV32@@Z
?Value@CUnicodeString@FObj@@QBE_NAAHH@Z
?GetString@CSetupBase@FObj@@QBE?AVCUnicodeString@2@XZ
?SetString@CSetupBase@FObj@@QAEXABVCUnicodeString@2@@Z
??_7CSetupBase@FObj@@6B@
?UnicodeStr@FObj@@YA?AVCUnicodeString@1@JH@Z
?CmpNames@FileSystem@FObj@@YAHPBVCUnicodeString@2@0@Z
?GetBuffer@CUnicodeString@FObj@@QAEPAGH@Z
?MergePath@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@0@Z
?FindLastSeparator@FileSystem@FObj@@YAHABVCUnicodeString@2@@Z
?ReleaseBuffer@CUnicodeString@FObj@@QAEXH@Z
?AddExtIfNone@FileSystem@FObj@@YAXAAVCUnicodeString@2@ABV32@@Z
?reduce@rational@FObj@@CAXAA_J0@Z
?GenCheck@FObj@@YAXAAVCError@1@PBG11@Z
?ERR_RATIONAL_OVERFLOW@FObj@@3VCError@1@A
?ERR_DIVIDE_ZERO@FObj@@3VCError@1@A
?make@rational@FObj@@CA?AV12@_J0@Z
?UnionRect@CRect@FObj@@QAE_NABUtagRECT@@0@Z
?IntersectRect@CRect@FObj@@QAE_NABUtagRECT@@0@Z
?Format@FObj@@YA?AVCUnicodeString@1@PBGZZ
?safeMake@rational@FObj@@CA?AV12@_J0@Z
?SubstParam@CMessage@FObj@@QBE?AVCUnicodeString@2@ABV32@00@Z
?concatStr@CUnicodeString@FObj@@CAPAVCUnicodeStringBody@2@PBGH0H@Z
??0CRect@FObj@@QAE@HHHH@Z
?DoCreateObject@FObj@@YA?AV?$CPtr@VIObject@FObj@@@1@ABVCUnicodeString@1@@Z
?IsUNCRootPath@FileSystem@FObj@@YA_NABVCUnicodeString@2@@Z
?MakeFullPath@FileSystem@FObj@@YAXAAVCUnicodeString@2@@Z
??1CSetupBase@FObj@@MAE@XZ
??0CCacheSetupEnum@FObj@@QAE@ABVCUnicodeString@1@0HPBUCEnumItem@1@W4TSetupType@1@@Z
??1CCacheSetupEnum@FObj@@UAE@XZ
??0CCacheSetupColor@FObj@@QAE@ABVCUnicodeString@1@0KW4TSetupType@1@@Z
??1CCacheSetupColor@FObj@@UAE@XZ
??0CSetupStringArray@FObj@@QAE@ABVCUnicodeString@1@0W4TSetupType@1@@Z
??1CSetupStringArray@FObj@@UAE@XZ
?Get@CSetupStringArray@FObj@@UAEXAAV?$CArray@VCUnicodeString@FObj@@VCurrentMemoryManager@2@@2@@Z
??4CUnicodeString@FObj@@QAEAAV01@ABV01@@Z
??1CCriticalSectionLock@FObj@@QAE@XZ
??0CCriticalSectionLock@FObj@@QAE@PAVCCriticalSection@1@_N@Z
?cacheSetupSection@FObj@@3VCCriticalSection@1@A
?SetRelativeApplicationDataPath@FileSystem@FObj@@YAXABVCUnicodeString@2@@Z
?IsWindows2000@FObj@@YA_NXZ
?GetEXEDir@FileSystem@FObj@@YA?AVCUnicodeString@2@XZ
?GetSpecialFolder@FileSystem@FObj@@YA?AVCUnicodeString@2@W4TSpecialFolder@12@@Z
?AccessDir@FileSystem@FObj@@YA_NABVCUnicodeString@2@@Z
??0CUnicodeString@FObj@@QAE@ABV01@@Z
?Set@CSetupStringArray@FObj@@UAEXABV?$CArray@VCUnicodeString@FObj@@VCurrentMemoryManager@2@@2@@Z
??1CMemoryManagerSwitcher@FObj@@QAE@XZ
??0CMemoryManagerSwitcher@FObj@@QAE@PAVIMemoryManager@1@@Z
?Value@CUnicodeString@FObj@@QBE_NAA_N@Z
?UnicodeStr@FObj@@YA?AVCUnicodeString@1@_N@Z
??1CFile@FObj@@UAE@XZ
??0CFile@FObj@@QAE@XZ
?ERR_BAD_TEXT_FILE@FObj@@3VCError@1@A
?ReadRecord@CFile@FObj@@QAEXPAXH@Z
?Open@CFile@FObj@@QAEXABVCUnicodeString@2@I@Z
?Left@CUnicodeString@FObj@@QBE?AV12@H@Z
?Left@CString@FObj@@QBE?AV12@H@Z
?ReleaseBuffer@CString@FObj@@QAEXH@Z
?GetBuffer@CString@FObj@@QAEPADH@Z
?emptyStringBody@CStringBody@FObj@@2V12@A
?Mid@CUnicodeString@FObj@@QBE?AV12@H@Z
?Mid@CUnicodeString@FObj@@QBE?AV12@HH@Z
?StrDel@CUnicodeString@FObj@@QAEXH@Z
?StrDel@CUnicodeString@FObj@@QAEXHH@Z
?MessageID@FObj@@YAHABVCMessage@1@@Z
?GetNameExt@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
?NormalizePath@FileSystem@FObj@@YAXAAVCUnicodeString@2@@Z
?CharPos@CUnicodeString@FObj@@QBEHGH@Z
??_V@YAXPAX@Z
??_U@YAPAXI@Z
??0CError@FObj@@QAE@PBGH@Z
??1CError@FObj@@QAE@XZ
?Merge@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@0@Z
?GetCurrentLanguageCode@FObj@@YAHXZ
?SetAppTitle@FObj@@YAXABVCUnicodeString@1@@Z
?Initialize@FObj@@YA_NPBG0@Z
?AddResourcePrefix@FObj@@YAXPBG0@Z
?SetCurrentLanguageCode@FObj@@YAXH@Z
?FindLanguageIndex@FObj@@YAHH@Z
?Clean@FObj@@YAXXZ
??0CUnicodeString@FObj@@QAE@XZ
??0CIniFile@FObj@@QAE@ABVCUnicodeString@1@@Z
??1CIniFile@FObj@@QAE@XZ
?ReverseFind@CUnicodeString@FObj@@QBEHG@Z
?GetString@CIniFile@FObj@@QBE?AVCUnicodeString@2@ABV32@00@Z
?SetString@CIniFile@FObj@@QAEXABVCUnicodeString@2@00@Z
?CreateString@CUnicodeString@FObj@@QBE?AVCString@2@I@Z
?ERR_NO_GDI_RESOURCE@FObj@@3VCError@1@A
?CommonPref@CUnicodeString@FObj@@QBEHPBGH@Z
?MakeUpper@CUnicodeString@FObj@@QAEXXZ
?MessageBoxW@FObj@@YAHAAVCMessage@1@H@Z
?Sprintf@FObj@@YA?AVCUnicodeString@1@PBGZZ
?Right@CUnicodeString@FObj@@QBE?AV12@H@Z
?TrimRight@CUnicodeString@FObj@@QAEXXZ
?IsWindowsXP@FObj@@YA_NXZ
?GetAt@CUnicodeString@FObj@@QBEGH@Z
?GetLanguageDisplayName@FObj@@YA?AVCUnicodeString@1@H@Z
?GetLanguageCode@FObj@@YAHH@Z
?NumberOfLanguages@FObj@@YAHXZ
?UnicodeStr@CMessage@FObj@@QBE?AVCUnicodeString@2@H@Z
??0CUnicodeString@FObj@@QAE@PBDI@Z
??0rational@FObj@@QAE@H@Z
?WriteSmallValue@CArchive@FObj@@QAEXH@Z
?ReadSmallValue@CArchive@FObj@@QAEHXZ
??6FObj@@YAAAVCArchive@0@AAV10@ABVCUnicodeString@0@@Z
??5FObj@@YAAAVCArchive@0@AAV10@AAVCUnicodeString@0@@Z
?getReadPtr@CArchive@FObj@@AAEPBXH@Z
?Flush@CArchive@FObj@@QAEXXZ
?SerializeVersion@CArchive@FObj@@QAEHH@Z
?CopyObject@FObj@@YAXPBVIObject@1@PAV21@@Z
??9CRect@FObj@@QBE_NABUtagRECT@@@Z
?Write@CArchive@FObj@@QAEXPBXH@Z
?Read@CArchive@FObj@@QAEXPAXH@Z
?ERR_BAD_ARCHIVE@FObj@@3VCError@1@A
?UnicodeName@CArchive@FObj@@QBE?AVCUnicodeString@2@XZ
??1CMemoryFile@FObj@@UAE@XZ
??1CArchive@FObj@@UAE@XZ
?Read@CMemoryFile@FObj@@UAEHPAXH@Z
?GetLength@CMemoryFile@FObj@@UBEHXZ
?Close@CArchive@FObj@@QAEXXZ
??0CArchive@FObj@@QAE@PAVCBaseFile@1@W4TDirection@01@H@Z
msvcrt
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp
wcslen
exit
_CxxThrowException
memmove
wcspbrk
_purecall
_ftol
swscanf
wcscmp
strchr
wcsncpy
free
_adjust_fdiv
__RTDynamicCast
_wcsdup
__RTtypeid
wcsstr
_exit
_XcptFilter
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
isalnum
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
malloc
__CxxFrameHandler
comctl32
ImageList_AddMasked
ImageList_GetIconSize
ImageList_Add
ImageList_Destroy
fineobjfc
ord5159
ord2581
ord4400
ord4511
ord3897
ord5111
ord4709
ord4145
ord4378
ord6586
ord6481
ord4072
ord3957
ord3485
ord2236
ord4689
ord4594
ord4987
ord4468
ord3636
ord4213
ord5626
ord4291
ord6607
ord4530
ord6246
ord3559
ord1462
ord3859
ord5383
ord2163
ord4725
ord4802
ord4656
ord4132
ord4650
ord5916
ord501
ord6581
ord6464
ord2595
ord4516
ord5712
ord4220
ord4888
ord2228
ord1101
ord4620
ord3298
ord511
ord512
ord6582
ord6466
ord3693
ord4484
ord2348
ord4292
ord2873
ord323
ord6555
ord6369
ord5662
ord6341
ord2118
ord1384
ord3826
ord3822
ord1369
ord6075
ord1743
ord675
ord3384
ord1734
ord5139
ord4154
ord4824
ord5942
ord3898
ord1589
ord4185
ord5115
ord2090
ord5006
ord6293
ord4127
ord5149
ord3606
ord2352
ord1710
ord6286
ord3553
ord4901
ord1542
ord5135
ord2158
ord1789
ord5146
ord2707
ord2882
ord3007
ord4247
ord2870
ord3011
ord2710
ord2815
ord2701
ord3651
ord3652
ord3646
ord2813
ord3901
ord4420
ord4204
ord676
ord6119
ord2344
ord3265
ord4968
ord4408
ord4476
ord4233
ord4474
ord886
ord6285
ord4264
ord2255
ord2211
ord5590
ord3745
ord2109
ord3103
ord5176
ord5178
ord3900
ord4495
ord5183
ord5158
ord5573
ord4415
ord4203
ord645
ord2261
ord5177
ord2336
ord1078
ord539
ord5086
ord290
ord1267
ord3985
ord5609
ord1182
ord863
ord561
ord5042
ord1297
ord1274
ord826
ord633
ord734
ord643
ord822
ord5665
ord6378
ord6559
ord4493
ord2793
ord2800
ord6252
ord2209
ord5117
ord5599
ord1550
ord5452
ord2907
ord5532
ord4199
ord4635
ord4167
ord3218
ord2934
ord4416
ord4206
ord687
ord336
ord2243
ord2241
ord559
ord5970
ord6077
ord4375
ord4913
ord4115
ord4123
ord4705
ord4318
ord4333
ord4331
ord4313
ord4316
ord4311
ord4789
ord4786
ord3931
ord5945
ord1590
ord5114
ord4652
ord4222
ord3552
ord1540
ord5134
ord6344
ord4046
ord2290
ord3443
ord2150
ord3633
ord3454
ord3406
ord3413
ord2128
ord1451
ord4406
ord1296
ord2239
ord6461
ord495
ord2578
ord2093
ord1370
ord888
ord586
ord3356
ord657
ord2165
ord300
ord2429
ord2102
ord2794
ord4938
ord4941
ord4249
ord4081
ord3107
ord4838
ord1062
ord5348
ord3163
ord2593
ord2592
ord3975
ord5645
ord6027
ord2353
ord1477
ord4217
ord876
ord728
ord3046
ord6053
ord2231
ord4140
ord3875
ord5347
ord3942
ord2101
ord4924
ord1524
ord1530
ord5108
ord6287
ord5148
ord4900
ord5122
ord2156
ord1334
ord5883
ord4192
ord5857
ord2825
ord3944
ord6510
ord3162
ord589
ord890
ord1824
ord807
ord479
ord6352
ord6599
ord4044
ord2284
ord3367
ord2124
ord1675
ord4176
ord2598
ord5649
ord3058
ord6101
ord5749
ord1662
ord1736
ord6145
ord4059
ord6103
ord5620
ord2574
ord3697
ord2573
ord1349
ord2822
ord3604
ord3613
ord5750
ord2642
ord3040
ord637
ord5751
??0CString@MFC@@QAE@ABVCUnicodeString@FObj@@@Z
ord282
ord1235
ord1615
ord6386
ord4428
ord4399
ord4552
ord4844
ord4153
ord4654
ord4649
ord3113
ord354
ord2214
ord5530
ord3400
ord349
??2CException@MFC@@SGPAXI@Z
ord3269
ord3216
ord4517
ord4074
ord436
ord2577
ord536
ord6250
ord6507
ord6598
ord583
ord6013
ord3768
ord2316
ord1656
ord3729
ord2431
ord6394
ord6563
ord4230
ord4477
ord4472
ord713
ord648
ord859
ord2291
ord4139
ord1522
ord1529
ord4182
ord5132
ord4138
ord4922
ord1523
ord1528
ord6291
ord4899
ord548
ord519
ord368
ord1782
ord4239
ord4334
ord4727
ord4281
ord3691
ord5126
ord5151
ord4207
ord6113
ord4521
ord4772
ord4155
ord2213
ord5156
ord6491
ord6589
ord6000
ord4923
ord3936
ord3904
ord284
ord5956
ord3251
ord5958
ord1661
ord6069
ord5741
ord1450
ord3635
ord2357
ord1481
ord5915
ord5914
ord1454
ord1241
ord482
ord6177
ord6499
ord6592
ord389
ord575
ord1822
ord4236
ord3989
ord6046
ord2753
ord4497
ord1756
ord2166
ord2576
ord4884
ord4992
ord3502
ord2276
ord6331
ord2685
ord5647
ord275
ord5641
ord2417
ord4634
ord6470
ord6583
ord4885
ord1227
ord6354
ord1773
ord4174
ord3359
ord2596
ord2212
ord286
ord1586
ord6277
ord2127
ord1676
ord4045
ord2287
ord4179
ord3428
ord1577
ord4576
ord1502
ord5157
ord1709
ord4212
ord2338
ord5514
ord5711
ord3243
ord3874
ord1593
ord3407
ord2751
ord2215
ord362
ord4717
ord3244
ord3358
ord846
ord4867
ord5648
ord5999
ord2457
rpcrt4
NdrSimpleStructMarshall
NdrSimpleStructBufferSize
NdrClientInitializeNew
NDRCContextBinding
RpcBindingFromStringBindingW
RpcBindingFromStringBindingA
RpcStringBindingComposeW
RpcStringBindingComposeA
NdrConformantArrayUnmarshall
NdrComplexStructUnmarshall
NdrSimpleStructUnmarshall
NdrFixedArrayUnmarshall
NdrConformantStringBufferSize
NdrConformantStringMarshall
RpcStringFreeA
RpcRaiseException
RpcStringFreeW
NdrGetBuffer
NdrClientContextMarshall
NdrSendReceive
NdrConvert
NdrClientContextUnmarshall
NdrFreeBuffer
NdrMapCommAndFaultStatus
RpcBindingFree
advapi32
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
shell32
SHGetMalloc
Exports
Exports
Sections
.text Size: 464KB - Virtual size: 460KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 112KB - Virtual size: 109KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 44KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 28KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.UPX0 Size: 104KB - Virtual size: 252KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE