File[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

File.zip
Size

9.0MB
MD5

35a460be9884c5d087a9c2c440e88b90
SHA1

a7e2b5d3bcb0f4e94cb574392bc34c7d7d60bfa4
SHA256

7b241d6657a863d3df9b0ed571d1324483695cbddb12e1ac7ddd039ae1b1e59d
SHA512

5d8144c0ed06ffc455b9b2c5ad78e887890c09e26bee0ba90f8f469f867738301963c62ca45d435f787874462ef1059fabdb5c92e81f15dff8971f49a2b39b42
SSDEEP

196608:pcDlrgF3Uo6Ykx58t6a3/tfBgzgxN4fplnGqTfj8rI9j0PpEJr:poa6Ykx589Ptf2ymHVsr40GR

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/Install.exe	vmprotect

Files

File.zip
.zip

Password: 1234
Install.exe
.exe windows x86

Password: 1234

b0a438491df559e2ae875aca71787ff8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionEx
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharNextA
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

Sections

.text
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 139KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cdp.dll
.dll regsvr32 windows x64

Password: 1234

0e1a202dad98ab1e9ecba1e3421ad059

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__localtime64_s
_o__mkgmtime64
_o__mktime64
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__stricmp
_o__strnicmp
_o__strtoui64
_o__wcsicmp
_o_atoi
memmove
_o_free
_o_iswspace
_o_malloc
_o_modf
_o_pow
_o_rand
_o_realloc
_o_strcpy_s
_o_strftime
_o_strncpy_s
_o_strtol
_o_strtoul
_o_terminate
_o_tolower
_o_toupper
_o_wcstoul
__C_specific_handler
_o___std_type_info_destroy_list
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__gmtime64_s
strstr
_o___std_exception_destroy
_o___std_exception_copy
_o__get_errno
_o__execute_onexit_table
_o__errno
_o__dtest
_o__difftime64
__CxxFrameHandler4
__std_terminate
__std_type_info_compare
strchr
wcschr
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
memchr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strpbrk
strncmp
wcsncmp
memset

combase

ord4
ord12
ord6
ord14
ord17
ord2
CStdStubBuffer_DebugServerQueryInterface
ord10
ord13
ord11
CStdStubBuffer_Invoke
ord154
NdrCStdStubBuffer_Release
ord5
ord7
ord8
CStdStubBuffer_CountRefs
CStdStubBuffer_AddRef
ord24
ord16
ord9
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerRelease
ord15
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
ord3
CStdStubBuffer2_CountRefs
ord21
ord26
ord27
ord19
ord22
CStdStubBuffer2_Disconnect
CStdStubBuffer2_QueryInterface
ord23
CStdStubBuffer2_Connect
NdrCStdStubBuffer2_Release
ord32
ord20
ord25
ord34
ord33
ord18

ntdll

RtlNtStatusToDosError
NtOpenSemaphore
RtlIsMultiUsersInSessionSku
RtlGetDeviceFamilyInfoEnum
NtCreateWnfStateName
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlSidDominates
RtlInitUnicodeString
NtCreateSemaphore
RtlGetTokenNamedObjectPath
RtlFreeUnicodeString
RtlPublishWnfStateData
NtOpenMutant
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
NtDeleteWnfStateName

rpcrt4

NdrClientCall3
IUnknown_AddRef_Proxy
RpcServerInqCallAttributesW
NdrStubCall3
NdrOleFree
IUnknown_Release_Proxy
UuidFromStringW
NdrOleAllocate
NdrStubForwardingFunction
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
IUnknown_QueryInterface_Proxy

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleW
FindStringOrdinal
GetModuleHandleA
FreeLibrary
LockResource
LoadResource
GetModuleHandleExW
GetProcAddress
FindResourceExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenProcessToken
OpenThreadToken
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
SetThreadToken
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetLocalTime
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetVersionExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
RaiseException
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

shcore

IStream_ReadStr
SHCreateMemStream
IStream_Write
IStream_Reset
IStream_WriteStr
IStream_Size
IStream_Read
ord190

msvcp_win

?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
?setf@ios_base@std@@QEAAHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setf@ios_base@std@@QEAAHHH@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
_Thrd_detach
_Cnd_wait
_Cnd_do_broadcast_at_thread_exit
_Cnd_broadcast
_Thrd_hardware_concurrency
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?is@?$ctype@D@std@@QEBA_NFD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?id@?$collate@D@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@D@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Incref@facet@locale@std@@UEAAXXZ
_Thrd_yield
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
_Strcoll
_Thrd_id
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
_Thrd_join
_Unlock_shared_ptr_spin_lock
_Lock_shared_ptr_spin_lock
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Syserror_map@std@@YAPEBDH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Xbad_alloc@std@@YAXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
_Thrd_sleep
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Random_device@std@@YAIXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Throw_C_error@std@@YAXH@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
_Cnd_register_at_thread_exit
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
_Mtx_lock
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
_Mtx_init_in_situ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??7ios_base@std@@QEBA_NXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
_Mtx_destroy_in_situ
?good@ios_base@std@@QEBA_NXZ
_Mtx_unlock
?_Xout_of_range@std@@YAXPEBD@Z
_Cnd_signal
_Query_perf_counter
_Query_perf_frequency
_Cnd_timedwait
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?uncaught_exception@std@@YA_NXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Xtime_get_ticks
_Mtx_current_owns
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_unregister_at_thread_exit
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
_Strxfrm

api-ms-win-crt-time-l1-1-0

clock
_time64

umpdc

Pdcv2ActivationClientRegister
Pdcv2ActivationClientDeactivate
Pdcv2ActivationClientActivate
Pdcv2ActivationClientUnregister

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
HSTRING_UserSize
WindowsCreateString
HSTRING_UserFree64
HSTRING_UserSize64
HSTRING_UserFree
HSTRING_UserMarshal64
HSTRING_UserUnmarshal
HSTRING_UserUnmarshal64
HSTRING_UserMarshal
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-localization-l1-2-0

GetSystemPreferredUILanguages
FormatMessageW
GetLocaleInfoEx

api-ms-win-core-com-l1-1-0

CLSIDFromString
CoCreateInstance
CoSwitchCallContext
CoRevertToSelf
StringFromCLSID
CoTaskMemRealloc
CoSetProxyBlanket
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoImpersonateClient
CoTaskMemAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoGetActivationFactory
RoActivateInstance

api-ms-win-core-synch-l1-1-0

CreateEventExW
CreateSemaphoreExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
OpenMutexW
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
CreateEventW
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
TryAcquireSRWLockExclusive
ResetEvent
AcquireSRWLockExclusive
OpenSemaphoreW
ReleaseSRWLockExclusive
SetEvent
CreateMutexW
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
SetThreadpoolThreadMinimum
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
CreateThreadpoolTimer
CloseThreadpool
SetThreadpoolTimer
CreateThreadpool
SetThreadpoolThreadMaximum

api-ms-win-core-registry-l1-1-0

RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegSetValueExW
RegCreateKeyExA
RegCreateKeyExW
RegNotifyChangeKeyValue
RegGetValueW
RegCloseKey
RegGetValueA

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister
EventProviderEnabled

api-ms-win-appmodel-runtime-l1-1-0

GetCurrentPackageInfo

api-ms-win-appmodel-runtime-l1-1-1

GetPackageFamilyNameFromToken
GetApplicationUserModelIdFromToken

api-ms-win-core-sysinfo-l2-1-0

GetUserNameW

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf
GetTokenInformation
CreateWellKnownSid
CopySid
GetLengthSid

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-file-l1-1-0

GetFullPathNameW
CreateFileW
SetFilePointerEx
RemoveDirectoryW
FindNextFileW
FindFirstFileW
DeleteFileW
ReadFile
CreateDirectoryW
FindClose
WriteFile
SetFilePointer
SetEndOfFile
GetFileSizeEx
GetFileAttributesW
CreateDirectoryA
FlushFileBuffers

api-ms-win-core-file-l1-2-0

CreateFile2

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l2-1-0

MoveFileExW
GetFileInformationByHandleEx

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchSkipRoot

api-ms-win-core-com-l1-1-1

RoGetAgileReference

crypt32

CertOpenStore
CertCreateCertificateContext
CryptProtectData
CryptUnprotectData
CertGetCertificateContextProperty
CertGetNameStringW
CertDeleteCertificateFromStore
CertCreateSelfSignCertificate
CertFreeCertificateContext
CertAddCertificateContextToStore
CertSaveStore
CertDuplicateCertificateContext
CertCloseStore
CertFindCertificateInStore
CertStrToNameW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-io-l1-1-0

GetQueuedCompletionStatus
CreateIoCompletionPort
DeviceIoControl
CancelIoEx
PostQueuedCompletionStatus

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-devices-query-l1-1-0

DevCloseObjectQuery
DevCreateObjectQuery

propsys

PSPropertyBag_WriteStr
PSCreateMemoryPropertyStore
PSPropertyBag_WriteUnknown

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

kernelbase

BaseFormatObjectAttributes

dsreg

DsrGetJoinInfo
DsrFreeJoinInfo

api-ms-win-security-capability-l1-1-0

CapabilityCheck
RpcClientCapabilityCheck

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

CDPAccountFromWebAccount
CDPAcquireNetworkingInternal
CDPCreateAFSRegistrationClientInternal
CDPCreateAFSUserSettingsInternal
CDPCreateAccountInternalForUser
CDPCreateAccountInternalWithStableUserId
CDPCreateAccountProviderInternal
CDPCreateActivity
CDPCreateActivityAsset
CDPCreateActivityInternal
CDPCreateActivityStoreInfoInternal
CDPCreateActivityStoreInfoWatcher
CDPCreateActivityStoreInfoWatcherForUser
CDPCreateActivityStoreInfoWatcherInternal
CDPCreateActivityStoreReader
CDPCreateActivityStoreReaderForUser
CDPCreateActivityStoreReaderInternal
CDPCreateAllDevicesQuery
CDPCreateAllDevicesQueryForUser
CDPCreateAnonymousAccount
CDPCreateAnonymousAccountInternal
CDPCreateAppControlClient
CDPCreateAppControlClientInternal
CDPCreateAppId
CDPCreateAppRegistrationManager
CDPCreateAppRegistrationManagerForUser
CDPCreateAppRegistrationManagerInternal
CDPCreateAzureActiveDirectoryAccount
CDPCreateBeaconControl
CDPCreateBeaconControlInternal
CDPCreateBinaryClient
CDPCreateBinaryClientInternal
CDPCreateBinaryHost
CDPCreateBinaryHostInternal
CDPCreateBinaryHostWithSettings
CDPCreateCallbackNotifierInternal
CDPCreateCloudNotification
CDPCreateComObjectInternal
CDPCreateCrossPlatformAppId
CDPCreateCrossPlatformAppIdFromAppId
CDPCreateCurrentCrossPlatformAppId
CDPCreateDedupedDevice
CDPCreateDedupedDeviceQuery
CDPCreateDedupedDeviceQueryForUser
CDPCreateDedupedDeviceQueryInternal
CDPCreateDedupedDeviceQueryParameters
CDPCreateDeviceInternal
CDPCreateDeviceQuery
CDPCreateDeviceQueryForSessionInternal
CDPCreateDeviceQueryForUser
CDPCreateDeviceQueryInternal
CDPCreateDeviceQueryWithIdentity
CDPCreateDirectNotificationHost
CDPCreateEmptyAccountSettings
CDPCreateEnvironmentManagerInternal
CDPCreateHttpRequestInternal
CDPCreateMessagingHost
CDPCreateMessagingHostInternal
CDPCreateMicrosoftAccount
CDPCreateOrGetDdsRegistrationUserObjectInternal
CDPCreatePlatformSettingsInternal
CDPCreateRemoteUserInternal
CDPCreateResource
CDPCreateResourceCollection
CDPCreateSettingsInteropInternal
CDPCreateTask
CDPCreateTaskInternal
CDPCreateTelemetryTask
CDPCreateTelemetryTaskInternal
CDPCreateTestActivityAsset
CDPCreateUserInternal
CDPCreateUserNotificationClientInternal
CDPCreateUserServiceNotificationClient
CDPCreateUserServiceNotificationClientForUser
CDPCreateUuid
CDPFixAccounts
CDPGetAFCInitializer
CDPGetAccountProviderInternal
CDPGetAccountsNeedAttention
CDPGetAccountsSettings
CDPGetActivityStore
CDPGetActivityStoreForAccount
CDPGetActivityStoreForAccountInternal
CDPGetActivityStoreForStoreInfo
CDPGetActivityStoreForStoreInfoAndUser
CDPGetActivityStoreForStoreInfoInternal
CDPGetActivityStoreForUser
CDPGetActivityStoreInternal
CDPGetCloudNotificationProviderInternal
CDPGetCoreInitializer
CDPGetDeviceCache
CDPGetDeviceCacheInternal
CDPGetHost
CDPGetLogger
CDPGetNearShareAuthorizationPolicyOfInteractiveUser
CDPGetRelayInitializer
CDPGetResourceHandler
CDPGetResourceManager
CDPGetSDKAuthorizationPolicyOfInteractiveUser
CDPGetSGSocket
CDPGetSystemAppId
CDPGetUserActivitySettings
CDPGetUserActivitySettingsForUser
CDPGetUserActivitySettingsInternal
CDPGetUserCollectionInternal
CDPInitialize
CDPInitializeForService
CDPInitializeSGPowerOnPacket
CDPInitializeUserService
CDPInitializeUserServicePhase2
CDPIsEnabled
CDPPreShutdown
CDPRegisterActivityConflictResolverInternal
CDPReleaseNetworkingInternal
CDPResume
CDPSetAccountProviderInternal
CDPSetAppControlHostCallback
CDPSetExtendedLocalDeviceStatus
CDPSetResourceConfigProvider
CDPSetServicePid
CDPShutdown
CDPShutdownBluetooth
CDPStartCCSPolling
CDPStopCCSPolling
CDPSuspend
CDPUninitializeUserService
CDPWriteAccountSettings
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cdprt.dll
.dll windows x64

Password: 1234

7dc6eafdeead3fe582715d4bde91237e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__stricmp
_o__wcsicmp
_o__wcstoui64
memmove
_o_atoi
_o_ceil
_o_free
_o_malloc
_o_modf
_o_realloc
_o_strcpy_s
_o_strncpy_s
_o_strtol
_o_terminate
_o_toupper
__C_specific_handler
_o__ui64tow_s
strstr
_o__dtest
_CxxThrowException
__CxxFrameHandler3
wcsrchr
wcschr
__std_type_info_compare
strchr
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__errno
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsspn

cdp

CDPCreateAccountInternalWithStableUserId
CDPCreateResourceCollection
CDPCreateAppRegistrationManager
CDPCreateActivityStoreReader
CDPCreateDeviceQuery
CDPCreateUuid
CDPCreateAppRegistrationManagerForUser
CDPGetSystemAppId
CDPCreateBinaryHost
CDPCreateAppId
CDPCreateBinaryClient
CDPCreateBinaryHostInternal
CDPCreateCrossPlatformAppId
CDPCreateActivityStoreInfoInternal
CDPGetActivityStoreForStoreInfoAndUser
CDPGetActivityStore
CDPGetActivityStoreForAccount
CDPGetActivityStoreForStoreInfo
CDPGetActivityStoreForUser
CDPGetUserActivitySettings
CDPAccountFromWebAccount
CDPCreateActivity
CDPCreateDedupedDeviceQueryParameters
CDPCreateDedupedDeviceQueryForUser
CDPCreateDedupedDevice
CDPInitialize
CDPShutdown
CDPGetLogger
CDPCreateAppControlClient
CDPCreateAllDevicesQuery
CDPCreateTelemetryTask

windows.storage

SHCreateItemFromParsingName

kernelbase

GetApplicationUserModelIdFromToken
LocalAlloc
GetPackageFullName
Sleep
GetPackageFamilyName
GetCurrentPackageFamilyName
GetCurrentPackageFullName
CouldMultiUserAppsBehaviorBePossibleForPackage
GetPackageFullNameFromToken
CloseState
GetSystemAppDataKey
OpenStateExplicit

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
GetModuleHandleExW
LoadStringW
GetProcAddress
GetModuleFileNameW
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
CreateEventW
CreateEventExW
CreateSemaphoreExW
EnterCriticalSection
InitializeSRWLock
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
SetEvent
CreateMutexExW
DeleteCriticalSection
AcquireSRWLockShared
ResetEvent
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDuplicateString
WindowsCompareStringOrdinal
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateString
WindowsGetStringLen

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetProcessId
GetCurrentThread
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetProcessTimes
OpenProcessToken

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW
GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoGetInterfaceAndReleaseStream
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemRealloc
CoReleaseMarshalData
CoWaitForMultipleHandles
CoMarshalInterface
CoGetCallContext
CoCreateInstance
CoCreateGuid
CoTaskMemFree
CoCreateFreeThreadedMarshaler

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventProviderEnabled
EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-security-base-l1-1-0

GetTokenInformation

ws2_32

GetAddrInfoW
inet_ntoa
WSAGetLastError
FreeAddrInfoW

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegGetValueA
RegCreateKeyExW
RegOpenKeyExA
RegCloseKey
RegSetValueExW

ntdll

RtlFreeHeap
NtQueryInformationToken
RtlQueryPackageClaims
RtlPublishWnfStateData
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlGetDeviceFamilyInfoEnum
RtlInitUnicodeString

rpcrt4

I_RpcBindingInqLocalClientPID

api-ms-win-rtcore-ntuser-window-l1-1-0

GetActiveWindow

api-ms-win-core-kernel32-legacy-l1-1-1

PowerSetRequest
PowerCreateRequest

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-security-capability-l1-1-0

CapabilityCheck
RpcClientCapabilityCheck

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

combase

ord90
ord157

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
_Mtx_lock
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?uncaught_exception@std@@YA_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
_Thrd_detach
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?setf@ios_base@std@@QEAAHHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Cnd_signal
_Mtx_current_owns
_Thrd_yield
_Query_perf_frequency
_Cnd_timedwait
_Query_perf_counter
_Xtime_get_ticks
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Mtx_destroy_in_situ
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Throw_C_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Cnd_init_in_situ
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_unregister_at_thread_exit
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
_Cnd_destroy_in_situ
_Cnd_broadcast
_Cnd_wait
_Mtx_unlock
_Cnd_register_at_thread_exit
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setf@ios_base@std@@QEAAHH@Z
??7ios_base@std@@QEBA_NXZ
_Mtx_init_in_situ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 359KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fonts/Alakob.ttf
fonts/AlaskanNights.ttf
fonts/Arggotsc.ttf
fonts/Army Condensed.ttf
fonts/Army Thin.ttf
fonts/BELL.TTF
fonts/BELLB.TTF
fonts/BELLI.TTF
fonts/BOD_BI.TTF
fonts/BOD_BLAI.TTF
fonts/BOD_I.TTF
fonts/CALISTB.TTF
fonts/CALISTBI.TTF
fonts/CENTAUR.TTF
fonts/Cabana-Regular.ttf
fonts/baby_csp.ttf
fonts/black.ttf
fonts/bold_0.ttf
fonts/browa.ttf
fonts/browau.ttf
fonts/browauz.ttf
fonts/browaz.ttf
fonts/deathrattlebb_reg.ttf
langs/Arabic.ini
langs/Belarusian.ini
langs/Bulgarian.ini
langs/Croatian.ini
langs/Czech.ini
langs/Danish.ini
langs/English.ini
langs/Farsi.ini
langs/Finnish.ini
langs/Hebrew.ini
langs/Hindi.ini
langs/Hungarian.ini
.ps1
langs/Indonesian.ini
langs/Japanese.ini
langs/Kazakh.ini
langs/Korean.ini
.ps1
langs/Kurdish.ini
langs/Lithuanian.ini
langs/Norwegian.ini
langs/Russian.ini
langs/SimpChinese.ini
langs/Sinhala.ini
langs/Slovak.ini
langs/Swedish.ini
langs/Thai.ini
langs/TradChinese.ini
langs/Ukrainian.ini
langs/Uyghur.ini
langs/UyghurLatin.ini
langs/Uzbek.ini
langs/Vietnamese.ini

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

b0a438491df559e2ae875aca71787ff8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: - Virtual size: 2.0MB

.rdata Size: - Virtual size: 168KB

.data Size: - Virtual size: 34KB

.vmp0 Size: - Virtual size: 1.6MB

.vmp1 Size: 4.8MB - Virtual size: 4.8MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 139KB - Virtual size: 2.1MB

Password: 1234

0e1a202dad98ab1e9ecba1e3421ad059

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

combase

ntdll

rpcrt4

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-1

shcore

msvcp_win

api-ms-win-crt-time-l1-1-0

umpdc

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-localization-l1-2-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-appmodel-runtime-l1-1-0

api-ms-win-appmodel-runtime-l1-1-1

api-ms-win-core-sysinfo-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-synch-l1-2-1

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-com-l1-1-1

crypt32

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

.text
Size: - Virtual size: 2.0MB

.rdata
Size: - Virtual size: 168KB

.data
Size: - Virtual size: 34KB

.vmp0
Size: - Virtual size: 1.6MB

.vmp1
Size: 4.8MB - Virtual size: 4.8MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 139KB - Virtual size: 2.1MB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 49KB - Virtual size: 57KB

.pdata
Size: 188KB - Virtual size: 188KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 40KB - Virtual size: 39KB