WTSRegisterSessionNotification
WTSUnRegisterSessionNotification
Static task
static1
Behavioral task
behavioral1
Sample
ҵƻ/ҵƻ/ҵƻ.pdf.lnk
Resource
win7-20220812-en
windows7-x64
6 signatures
300 seconds
Behavioral task
behavioral2
Sample
ҵƻ/ҵƻ/ҵƻ.pdf.lnk
Resource
win10v2004-20220812-en
windows10-2004-x64
8 signatures
300 seconds
Behavioral task
behavioral3
Sample
ҵƻ/ҵƻ//.__MACOS__/.__MACOS__/._MACOS_/WTSAPI32.dll
Resource
win7-20220901-en
windows7-x64
0 signatures
300 seconds
Behavioral task
behavioral4
Sample
ҵƻ/ҵƻ//.__MACOS__/.__MACOS__/._MACOS_/WTSAPI32.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
0 signatures
300 seconds
Behavioral task
behavioral5
Sample
ҵƻ/ҵƻ//.__MACOS__/.__MACOS__/._MACOS_/WeChat.exe
Resource
win7-20220812-en
windows7-x64
5 signatures
300 seconds
Behavioral task
behavioral6
Sample
ҵƻ/ҵƻ//.__MACOS__/.__MACOS__/._MACOS_/WeChat.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
5 signatures
300 seconds
Behavioral task
behavioral7
Sample
ҵƻ/ҵƻ//.__MACOS__/.__MACOS__/._MACOS_/defender.exe
Resource
win7-20221111-en
windows7-x64
1 signatures
300 seconds
Behavioral task
behavioral8
Sample
ҵƻ/ҵƻ//.__MACOS__/.__MACOS__/._MACOS_/defender.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
300 seconds
General
-
Target
1.zip
-
Size
881KB
-
MD5
a8e4aa4882d19e5229048e7dbe386bc5
-
SHA1
32435066851fc218ddb37a30c298565b26687e20
-
SHA256
efa0bfa6d5e4439358dc0db66c119f0e45f4b5c1946052d69a308f241c36225f
-
SHA512
d3d528c95d00a889175741caf4cdcd5d052c8b594be539e471af5cb6d63e1ab7106446ed39115ba1d61709841201f0a242a897ea1eda5a16fec6fab4a322509e
-
SSDEEP
24576:sXoxI4DfA1hQ8b9/arUgC1jP0gmjDpIXP:s8I4jA1W8b9yrU71jMni
Score
N/A
Malware Config
Signatures
Files
-
1.zip.zip
-
ҵƻ/ҵƻ/ҵƻ.pdf.lnk.lnk
-
ҵƻ/ҵƻ//.__MACOS__/.__MACOS__/._MACOS_/WTSAPI32.dll.dll windows x64
e3128ac6468aed6c2be441d5046fd897
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
GetModuleFileNameA
CreateFileA
GetFileSize
ReadFile
GetCurrentProcess
VirtualAlloc
WriteProcessMemory
CreateThread
WaitForSingleObject
CloseHandle
GetProcAddress
GetModuleHandleA
WriteConsoleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
Exports
Exports
Sections
.text Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 248B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ҵƻ/ҵƻ//.__MACOS__/.__MACOS__/._MACOS_/WeChat.exe.exe windows x86
677ea1c9727776a612085233aaebf21b
Code Sign
0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40Certificate
IssuerCN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before25/11/2020, 00:00Not After22/02/2024, 23:59SubjectCN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before11/02/2011, 12:00Not After10/02/2026, 12:00SubjectCN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6Certificate
IssuerCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before25/11/2020, 00:00Not After22/02/2024, 23:59SubjectCN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before29/03/2022, 00:00Not After14/03/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
f2:2b:02:6e:88:a3:eb:86:a4:65:77:a2:c9:92:a0:21:d6:ae:91:df:f7:8b:80:71:d9:43:26:66:24:fc:fa:75Signer
Actual PE Digestf2:2b:02:6e:88:a3:eb:86:a4:65:77:a2:c9:92:a0:21:d6:ae:91:df:f7:8b:80:71:d9:43:26:66:24:fc:fa:75Digest Algorithmsha256PE Digest MatchestrueSignature Validations
TrustedtrueVerification
Signing CertificateCN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN05/08/2022, 11:34 Valid: true
Chain 1
CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN
CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US
CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
cf:ba:15:b0:ed:50:51:8b:c5:5a:8c:de:f9:19:34:0c:8a:86:f0:b0Signer
Actual PE Digestcf:ba:15:b0:ed:50:51:8b:c5:5a:8c:de:f9:19:34:0c:8a:86:f0:b0Digest Algorithmsha1PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN28/11/2022, 11:52 Valid: false
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetModuleHandleA
GetModuleHandleW
GetLastError
GetSystemDirectoryW
LoadLibraryW
FreeLibrary
LocalAlloc
LocalFree
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
GetModuleFileNameW
GetCurrentProcess
TerminateProcess
Sleep
SetDllDirectoryW
GetShortPathNameW
GetPrivateProfileStringW
VerifyVersionInfoW
Process32FirstW
Process32NextW
CloseHandle
CreateFileW
DecodePointer
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetStringTypeW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
VerSetConditionMask
GetProcAddress
GetVersionExW
CreateToolhelp32Snapshot
GetSystemInfo
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetCurrentThreadId
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
WriteFile
HeapFree
HeapAlloc
GetFileType
LCMapStringW
WriteConsoleW
user32
GetSystemMetrics
MessageBoxW
advapi32
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHCreateDirectoryExW
ShellExecuteW
ole32
CoTaskMemFree
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
shlwapi
PathFileExistsW
PathRemoveFileSpecW
Sections
.text Size: 114KB - Virtual size: 114KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 418KB - Virtual size: 417KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ҵƻ/ҵƻ//.__MACOS__/.__MACOS__/._MACOS_/defender.exe.exe windows x64
6a6f951309f111a0d45edde6a5996828
Code Sign
61:20:4d:b4:00:00:00:00:00:27Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before15/04/2011, 19:45Not After15/04/2021, 19:55SubjectCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6eCertificate
IssuerCN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before13/06/2016, 00:00Not After24/01/2019, 12:00SubjectSERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2014, 00:00Not After22/10/2024, 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before18/04/2012, 12:00Not After18/04/2027, 12:00SubjectCN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10/11/2006, 00:00Not After10/11/2021, 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:2f:68:b2:be:77:b6:b3:5e:cc:00:00:00:00:00:2fCertificate
IssuerCN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12/02/2016, 00:54Not After12/05/2017, 00:54SubjectCN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0b:aa:c1:00:00:00:00:00:09Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before18/04/2012, 23:48Not After18/04/2027, 23:58SubjectCN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
00:eb:94:0b:3e:c8:9c:e2:9d:c5:97:bd:9f:13:65:74:58:1e:dc:b8:42:fd:ca:bd:b0:de:87:1a:0c:e7:6d:a6Signer
Actual PE Digest00:eb:94:0b:3e:c8:9c:e2:9d:c5:97:bd:9f:13:65:74:58:1e:dc:b8:42:fd:ca:bd:b0:de:87:1a:0c:e7:6d:a6Digest Algorithmsha256PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US28/11/2022, 11:52 Valid: false
c8:2e:7b:69:e6:ee:48:fe:99:44:aa:b6:7e:f3:4d:ae:7c:0b:30:9aSigner
Actual PE Digestc8:2e:7b:69:e6:ee:48:fe:99:44:aa:b6:7e:f3:4d:ae:7c:0b:30:9aDigest Algorithmsha1PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateSERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e27/12/2016, 08:16 Valid: false
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
wtsapi32
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification
propsys
PropVariantToString
PropVariantCompareEx
PropVariantToUInt32
setupapi
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
kernel32
CompareStringA
LoadLibraryExW
GetLocaleInfoW
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
GetCurrentThread
TlsGetValue
TlsAlloc
GlobalReAlloc
GlobalHandle
TlsSetValue
LocalReAlloc
TlsFree
FileTimeToSystemTime
GlobalFlags
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
GetTickCount
HeapAlloc
GetStartupInfoW
HeapReAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
SuspendThread
ExitProcess
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlVirtualUnwind
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
SetEnvironmentVariableA
SetThreadPriority
GetCurrentProcessId
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetModuleHandleW
GetVersionExA
GetModuleFileNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
lstrcmpA
FormatMessageW
MulDiv
SetLastError
RaiseException
LoadLibraryA
GetProcessHeap
HeapFree
lstrlenA
LocalAlloc
LocalFree
GetFileAttributesW
GetFirmwareEnvironmentVariableA
CreateMutexW
GetExitCodeThread
ResumeThread
DuplicateHandle
Sleep
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringW
MultiByteToWideChar
FreeLibrary
LoadLibraryW
FindResourceExW
GetSystemInfo
GetUserDefaultUILanguage
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SetEvent
CreateThread
CreateEventW
WaitForMultipleObjects
CreateFileW
GetLastError
QueryFullProcessImageNameW
lstrlenW
DeviceIoControl
GetVersionExW
CreateProcessW
GetSystemDirectoryW
GetSystemDirectoryA
WideCharToMultiByte
WaitForSingleObject
CloseHandle
GetCurrentProcess
OpenProcess
GetModuleHandleA
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FindResourceW
LoadResource
LockResource
SizeofResource
ExitThread
user32
CharNextW
CopyAcceleratorTableW
IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
ValidateRect
MoveWindow
SetWindowTextW
IsDialogMessageW
IsWindowEnabled
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
IsChild
GetCapture
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
UnregisterClassA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
ReleaseCapture
GetMenu
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CreateDialogIndirectParamW
PtInRect
DefWindowProcW
CallWindowProcW
SetWindowLongW
OffsetRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
TabbedTextOutW
GetDC
ReleaseDC
IntersectRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
LoadIconW
IsWindowVisible
TranslateMessage
PeekMessageW
DispatchMessageW
PostQuitMessage
SendInput
MapVirtualKeyW
KillTimer
ChangeWindowMessageFilter
SetTimer
UnregisterDeviceNotification
EnumDisplaySettingsW
RegisterDeviceNotificationW
CallNextHookEx
FindWindowExW
RegisterWindowMessageW
CharUpperW
SetWindowPos
DrawFocusRect
InflateRect
SetRect
CopyRect
RedrawWindow
GetSysColorBrush
SetCapture
UnregisterClassW
DestroyMenu
DrawTextW
EnableWindow
LoadCursorW
SetWindowContextHelpId
MapDialogRect
SetCursor
SendMessageW
GetDesktopWindow
GetWindow
GetClientRect
GetParent
GetWindowRect
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
EnumThreadWindows
InvalidateRect
SetForegroundWindow
GetForegroundWindow
GetWindowThreadProcessId
UnhookWindowsHookEx
UpdateWindow
SetWindowsHookExW
ShowWindow
GetWindowLongW
SystemParametersInfoW
GetSysColor
PostMessageW
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
CheckMenuItem
EnableMenuItem
GetMessageW
GetActiveWindow
EqualRect
GetCursorPos
GetDlgCtrlID
RemovePropW
gdi32
PtVisible
RectVisible
TextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetBkColor
GetTextColor
GetRgnBox
ExtTextOutW
GetDeviceCaps
GetWindowExtEx
GetStockObject
GetViewportExtEx
GetMapMode
CreateCompatibleBitmap
DeleteObject
CreateDIBSection
GetObjectW
SetDIBColorTable
CreateCompatibleDC
DeleteDC
SelectObject
CreateFontW
BitBlt
GetClipBox
SetMapMode
SetTextColor
SetBkMode
RestoreDC
SaveDC
CreateBitmap
CreateRectRgnIndirect
SetBkColor
msimg32
AlphaBlend
comdlg32
GetFileTitleW
winspool.drv
ClosePrinter
DocumentPropertiesW
OpenPrinterW
advapi32
LookupPrivilegeValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
AdjustTokenPrivileges
RegCloseKey
OpenProcessToken
RegDeleteValueW
RegNotifyChangeKeyValue
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
shell32
SHGetKnownFolderPath
SHGetFolderPathW
comctl32
InitCommonControlsEx
shlwapi
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW
oledlg
OleUIBusyW
ole32
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
PropVariantClear
StringFromGUID2
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
CoInitialize
CoFreeUnusedLibrariesEx
FreePropVariantArray
PropVariantCopy
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoSetProxyBlanket
CoFreeUnusedLibraries
oleaut32
VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysStringLen
OleCreateFontIndirect
VariantChangeType
GetErrorInfo
VariantCopy
SysAllocStringLen
SafeArrayPutElement
SysFreeString
SafeArrayCreateVector
SafeArrayAccessData
VariantClear
SysAllocString
SafeArrayUnaccessData
gdiplus
GdipGetImagePixelFormat
GdipDisposeImage
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipGetImagePaletteSize
GdipAlloc
GdiplusShutdown
GdipFree
GdiplusStartup
GdipCloneImage
GdipGetImagePalette
GdipDrawImageI
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
Sections
.text Size: 723KB - Virtual size: 722KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 227KB - Virtual size: 226KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 54KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 46KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 408KB - Virtual size: 408KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ