explorer[.]zip

Resubmissions

02/01/2023, 15:58

230102-tekflaeg63 8

02/01/2023, 15:37

230102-s2n7maeg38 8

Sharing

Copy URL Twitter E-mail

General

Target

explorer.zip
Size

2.3MB
MD5

31eb88c45f6c817b25c5a25d1855a542
SHA1

12592743c06138173601582f05d9f306c2e8dcaa
SHA256

7cae73804c2ff71229e3915e68022367dbf796ce715193e2725956df0b6b16a5
SHA512

0ce1bfbf016a3f4e28f3b3d52fc30fa347499b1f4960f9e50098875fde9502309260a0c90ec79299669ff468ec0941d1e3c8cd7b54b50569fef1c11213e1b992
SSDEEP

49152:EAjMmkRnXiIR4ucKowiM9aMalrZUwHMNWb0R+6D6m7/iEllGOygUHU:GP1dcZYoGwpkXD6UqHxgUHU

Score

8^/10

macro xlm

Malware Config

Signatures

Suspicious Office macro 1 IoCs

Office document equipped with 4.0 macros.

macro xlm

resource	yara_rule
static1/unpack002/comempty.dat	office_xlm_macros

Files

explorer.zip
.zip
comadmin.zip
.zip
MigRegDB.exe
.exe windows x64

8970a513038eb47c18c01c23c3893b4d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExW
RegCloseKey
RegDeleteValueW

kernel32

FindClose
GetLastError
ExpandEnvironmentStringsW
TerminateProcess
GetCurrentProcess
FindFirstFileW
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
ExitProcess
FindNextFileW
HeapSetInformation
UnhandledExceptionFilter

msvcrt

_cexit
__CxxFrameHandler4
_vsnwprintf
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
swscanf
_wtol

clbcatq

ComPlusMigrate
OpenComponentLibraryEx

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
comadmin.dll
.dll regsvr32 windows x64

818f0b11cbba14d2278377dfc403f423

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memcpy
_purecall
memcmp
memset
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
__CxxFrameHandler4
_amsg_exit
_XcptFilter
_vsnwprintf
_wtol
_wtoi
wcscpy_s
realloc
_waccess
wcsrchr
wcscat_s
malloc
free
__C_specific_handler
_itow
_wcsicmp
_local_unwind
wcscmp

mfcsubs

?RemoveAll@CMapStringToPtr@@QEAAXXZ
??1CMapStringToPtr@@UEAA@XZ
??ACMapStringToPtr@@QEAAAEAPEAXPEBG@Z
??0CMapStringToPtr@@QEAA@H@Z
?InsertAt@CStringArray@@QEAAXHPEBGH@Z
?TrimRight@CString@@QEAAXXZ
?TrimLeft@CString@@QEAAXXZ
?FindOneOf@CString@@QEBAHPEBG@Z
??0CString@@QEAA@PEBG@Z
?Copy@CStringArray@@QEAAXAEBV1@@Z
??0CString@@QEAA@AEBV0@@Z
??1CString@@QEAA@XZ
?SetSize@CStringArray@@QEAAXHH@Z
?SetAtGrow@CStringArray@@QEAAXHPEBG@Z
?Lookup@CMapStringToPtr@@QEBAHPEBGAEAPEAX@Z
??1CStringArray@@UEAA@XZ
??0CStringArray@@QEAA@XZ

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
StringFromGUID2
CoTaskMemAlloc
CLSIDFromString
CoCreateGuid
CoGetObjectContext
CoCreateInstance
CoCreateInstanceEx
CoTaskMemRealloc
CoTaskMemFree

oleaut32

LoadRegTypeLi
SysAllocStringLen
VariantClear
SysAllocString
SysStringLen
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
VariantCopyInd
VariantChangeType
VariantCopy
SysStringByteLen
SysAllocStringByteLen
RegisterTypeLi
LoadTypeLi
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy
SafeArrayUnaccessData
VariantInit
SysFreeString
VarUI4FromStr

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection

api-ms-win-core-libraryloader-l1-2-0

LockResource
LoadResource
SizeofResource
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FreeLibrary
FindResourceExW
DisableThreadLibraryCalls
GetProcAddress
LoadStringW

api-ms-win-core-string-l2-1-0

CharPrevW
CharNextW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery
VirtualAlloc

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
GetLocalTime

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-heap-l1-1-0

HeapDestroy

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThread
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
CreateProcessW
GetCurrentThreadId
OpenThreadToken
OpenProcessToken

api-ms-win-security-base-l1-1-0

GetTokenInformation
AdjustTokenPrivileges
ImpersonateSelf
RevertToSelf

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags

api-ms-win-core-file-l1-1-0

SetFileAttributesW
FindFirstFileW
GetFileAttributesW
DeleteFileW
FindClose
CreateDirectoryW
GetFullPathNameW
FindNextFileW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l2-1-0

CopyFileExW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-string-obsolete-l1-1-0

lstrcpynW
lstrcmpiW
lstrcpyW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

kernel32

GetComputerNameW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
comempty.dat
.msi
comrepl.exe
.exe windows x64

5bd25a3a189a3c31323d2c02495592d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CompareStringW
GetConsoleOutputCP
GetStdHandle
WaitForMultipleObjects
SetThreadUILanguage
MultiByteToWideChar
FormatMessageW
GetLastError
CloseHandle
CreateThread
HeapSetInformation
WriteConsoleW
LocalFree
LoadLibraryExW

msvcrt

_commode
_fmode
_lock
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__dllonexit
_onexit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_wsetlocale
printf
fgetws
_flushall
?terminate@@YAXXZ
_wcsicmp
_vsnwprintf
__CxxFrameHandler4
__iob_func
_unlock
memset

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

SysFreeString
SysAllocStringLen

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mtsadmin.tlb
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
explorer.exe
.exe windows x64

d4f5dbed35754e9ab00b33c1d7392c24

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:f7:5e:02:79:57:b6:f5:08:52:56:46:2d:dd:e2:35:21:d0:a9:f2:b0:67:8d:4c:e5:df:06:54:f7:0b:74:09
Signer

Actual PE Digest

07:f7:5e:02:79:57:b6:f5:08:52:56:46:2d:dd:e2:35:21:d0:a9:f2:b0:67:8d:4c:e5:df:06:54:f7:0b:74:09

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/12/2022, 13:55
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
_Cnd_wait
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
_Wcscoll
_Wcsxfrm
?id@?$collate@G@std@@2V0locale@2@A
_Thrd_yield
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?width@ios_base@std@@QEAA_J_J@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
_Mtx_unlock
_Mtx_lock
?_Xout_of_range@std@@YAXPEBD@Z
??Bid@locale@std@@QEAA_KXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Thrd_detach
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit

api-ms-win-crt-runtime-l1-1-0

_set_error_mode
_register_thread_local_exe_atexit_callback
_initterm
_c_exit
_initterm_e

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

strncmp
memset
wcsncmp
wcscmp
wcscspn

api-ms-win-crt-private-l1-1-0

_o_exit
_o_floor
_o_floorf
_o_fmod
_o_free
_o_iswspace
_o_lround
_o_lroundf
_o_malloc
_o_memcpy_s
_o_pow
_o_realloc
_o_sqrt
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_o__wtoi
_o__invalid_parameter_noinfo_noreturn
_o__wcsnicmp
_o__wcslwr_s
_o__wcsicmp
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o_ceilf
_o__set_new_mode
_o__set_fmode
_o__set_errno
_o__set_app_type
_o__seh_filter_exe
_o__register_onexit_function
_o__recalloc
_o_ceil
_o__purecall
_o__mktime64
_o_abort
_o__ltow_s
_o__get_wide_winmain_command_line
_o__get_errno
_o__localtime64
_o__exit
_o__errno
_o__difftime64
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__beginthreadex
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o__itow_s
_o__itoa_s
_o___p__commode
wcschr
wcsrchr
wcsstr
__std_terminate
__CxxFrameHandler4
_CxxThrowException
__C_specific_handler_noexcept
memcmp
memcpy
memmove

aepic

PicRetrieveFileInfo
PicFreeFileInfo

twinapi

ord9

api-ms-win-core-job-l2-1-0

OpenJobObjectW
QueryInformationJobObject
AssignProcessToJobObject
SetInformationJobObject
CreateJobObjectW

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-core-url-l1-1-0

UrlUnescapeW
PathIsURLW
HashData

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata
WerUnregisterCustomMetadata

api-ms-win-core-kernel32-private-l1-1-0

CheckElevation
CheckElevationEnabled

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetBoolUSValueW
SHRegGetUSValueW

api-ms-win-core-com-private-l1-1-0

CoRegisterMessageFilter
CoRevokeInitializeSpy
CoRegisterInitializeSpy

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
ReleaseActCtx
ActivateActCtx
CreateActCtxW

ntdll

RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
NtClose
RtlCaptureContext
NtDeviceIoControlFile
NtOpenFile
RtlAnsiStringToUnicodeString
RtlImageDirectoryEntryToData
ZwUnmapViewOfSection
RtlNtPathNameToDosPathName
RtlUpcaseUnicodeChar
ZwCreateSection
RtlxAnsiStringToUnicodeSize
ZwQueryInformationProcess
RtlpEnsureBufferSize
RtlGetNativeSystemInformation
RtlVerifyVersionInfo
ZwQueryDirectoryFile
ZwSetInformationProcess
RtlInitUnicodeStringEx
ZwMapViewOfSection
RtlFormatCurrentUserKeyPath
ZwEnumerateKey
RtlInitString
ZwOpenFile
ZwQueryInformationFile
LdrResSearchResource
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlInitUnicodeString
NtQueryWnfStateData
NtSetInformationProcess
NtQueryInformationProcess
RtlFlushHeaps
NtSetSystemInformation
RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAppendUnicodeToString
strchr
memmove_s
RtlDosPathNameToNtPathName_U_WithStatus
NtQueryInformationFile
ZwCreateFile
RtlAppendUnicodeStringToString
RtlFreeUnicodeString
ZwEnumerateValueKey
RtlReAllocateHeap
RtlAllocateHeap
RtlFreeHeap
RtlCompareUnicodeString
NtOpenProcessToken
ZwClose
WinSqmAddToStream
WinSqmIsOptedIn
NtQueryInformationToken
NtOpenThreadToken
wcsspn
ZwOpenKey
RtlRunOnceExecuteOnce
ZwQueryValueKey
ZwQuerySystemInformation
RtlCopyUnicodeString
RtlUpcaseUnicodeString
RtlGetVersion
RtlQueryResourcePolicy
RtlNtStatusToDosErrorNoTeb
NtSetThreadExecutionState
NtPowerInformation
VerSetConditionMask
RtlNtStatusToDosError

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LoadResource
GetModuleHandleA
LoadLibraryExW
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
FindResourceExW
GetModuleHandleW
GetModuleFileNameW
SizeofResource
FindStringOrdinal
GetProcAddress
LockResource

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
CreateSemaphoreExW
OpenMutexW
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
CreateMutexW
InitializeSRWLock
WaitForMultipleObjectsEx
ReleaseSRWLockShared
ResetEvent
CreateEventExW
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateEventW
SleepEx
EnterCriticalSection
ReleaseSRWLockExclusive
TryEnterCriticalSection
SetEvent
ReleaseMutex
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
OpenEventW
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError
UnhandledExceptionFilter
SetErrorMode
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
CreateFileW
DeleteFileW
GetLongPathNameW
WriteFile

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventActivityIdControl
EventWriteTransfer
EventUnregister
EventEnabled
EventWrite
EventSetInformation

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWork
WaitForThreadpoolWaitCallbacks
SubmitThreadpoolWork
TrySubmitThreadpoolCallback
CloseThreadpoolWait

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThread
OpenProcessToken
QueueUserAPC
TlsSetValue
TerminateProcess
GetCurrentThreadId
DeleteProcThreadAttributeList
GetCurrentProcess
UpdateProcThreadAttribute
ProcessIdToSessionId
GetThreadPriority
CreateProcessW
SetThreadPriority
InitializeProcThreadAttributeList
TlsAlloc
TlsGetValue
OpenThread
TlsFree
GetProcessId
ResumeThread
GetPriorityClass
SetThreadPriorityBoost
SetPriorityClass
GetStartupInfoW
ExitProcess
OpenThreadToken
GetExitCodeProcess
SetProcessShutdownParameters
CreateThread

api-ms-win-core-localization-l1-2-0

GetCalendarInfoW
FormatMessageW
GetLocaleInfoEx
GetThreadUILanguage
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

oleaut32

SafeArrayUnaccessData
SafeArrayDestroy
VariantInit
SafeArrayCreate
SysAllocString
SysStringLen
VariantClear
SafeArrayAccessData
VarUI4FromStr
SysAllocStringByteLen
SysFreeString

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-shcore-sysinfo-l1-1-0

SetCurrentProcessExplicitAppUserModelID
IsOS

api-ms-win-core-com-l1-1-0

CoFreeUnusedLibraries
CoCreateFreeThreadedMarshaler
CoUninitialize
CoGetApartmentType
CoCancelCall
CoDisableCallCancellation
CoEnableCallCancellation
CoWaitForMultipleHandles
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoGetCallContext
CoSetProxyBlanket
StringFromCLSID
CLSIDFromString
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoCreateGuid
CoRegisterClassObject
IIDFromString
StringFromIID
CoRevokeClassObject
CoReleaseMarshalData
CoGetStdMarshalEx
StringFromGUID2
CoGetMalloc
PropVariantClear
CoGetObjectContext
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrIW
StrCmpNIW
StrToIntW
StrCmpW
QISearch
StrCmpNICW
StrCmpIW
StrCmpICA
StrChrW
StrCmpICW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-registry-l1-1-0

RegLoadMUIStringW
RegDeleteTreeW
RegEnumKeyExW
RegDeleteKeyExW
RegQueryValueExW
RegCreateKeyExW
RegOpenCurrentUser
RegSetValueExW
RegGetValueW
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_QueryService
IUnknown_GetSite
IUnknown_SetSite
IUnknown_Set

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalFree
LocalReAlloc
GlobalAlloc

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
GetLocalTime
GetWindowsDirectoryW
GetTickCount64
GetVersionExW

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetCommandLineW
GetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW
PathGetDriveNumberW
PathFileExistsW
PathQuoteSpacesW
PathGetArgsW
PathFindFileNameW
PathRemoveBlanksW
PathCommonPrefixW
SHExpandEnvironmentStringsW
PathCombineW
PathIsFileSpecW
PathRemoveFileSpecW
PathParseIconLocationW

api-ms-win-shcore-registry-l1-1-0

SHDeleteValueW
SHRegGetValueW
SHDeleteKeyW
SHGetValueW
SHSetValueW
SHEnumKeyExW
SHQueryInfoKeyW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-winrt-string-l1-1-0

WindowsCompareStringOrdinal
WindowsSubstringWithSpecifiedLength
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference
WindowsDuplicateString

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef
SetProcessReference
SHSetThreadRef
SHCreateThread
SHCreateThreadRef

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-security-base-l1-1-0

SetKernelObjectSecurity
EqualSid
GetAce
DeleteAce
InitializeAcl
AddAce
FreeSid
AllocateAndInitializeSid
CreateWellKnownSid
CheckTokenMembership
DuplicateToken
MakeAbsoluteSD
GetTokenInformation
CopySid
GetLengthSid
IsValidSid
GetAclInformation
GetSecurityDescriptorDacl

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW
K32EnumProcessModules
QueryFullProcessImageNameW
K32EnumProcesses
K32GetModuleBaseNameW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription
SetProcessInformation

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoActivateInstance
RoGetActivationFactory

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchCombine
PathCchAppend
PathCchAddExtension
PathAllocCombine

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrlenW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
VirtualFree
VirtualProtect
VirtualAlloc
OpenFileMappingW

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-shcore-stream-l1-1-0

IStream_Reset
SHOpenRegStream2W
IStream_Write
SHCreateMemStream
SHCreateStreamOnFileEx
SHCreateStreamOnFileW
IStream_Read

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
UnregisterWaitEx
DeleteTimerQueueTimer
ChangeTimerQueueTimer

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

userenv

DeriveAppContainerSidFromAppContainerName
GetProfileType

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
GetDynamicTimeZoneInformation
SystemTimeToFileTime

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
GetComputerNameW
GetSystemPowerStatus

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW
QueryServiceConfigW

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
GetQueuedCompletionStatus

api-ms-win-shcore-registry-l1-1-1

SHRegGetValueFromHKCUHKLM

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor
ord244

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-stringansi-l1-1-0

CharNextA

api-ms-win-power-base-l1-1-0

CallNtPowerInformation
GetPwrCapabilities

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-shlwapi-winrt-storage-l1-1-1

StrRetToBufW
SHIsChildOrSelf
ord197
ord479
ord292
SHPinDllOfCLSID
ord279
ord165
IUnknown_GetWindow
StrRetToStrW
ord544
PathRemoveArgsW
AssocQueryStringW
ord478
ShellMessageBoxW
ord509
ord635
SHCreateWorkerWindowW
ord481

api-ms-win-ntuser-sysparams-l1-1-0

EnumDisplayMonitors
QueryDisplayConfig
GetSystemMetrics
GetDisplayConfigBufferSizes
SystemParametersInfoW
GetMonitorInfoW
EnumDisplayDevicesW

api-ms-win-ntuser-rectangle-l1-1-0

IntersectRect
InflateRect
OffsetRect
IsRectEmpty
EqualRect
UnionRect
SubtractRect
SetRectEmpty
PtInRect
SetRect
CopyRect

api-ms-win-rtcore-ntuser-winevent-l1-1-0

SetWinEventHook
NotifyWinEvent
UnhookWinEvent

api-ms-win-shell-namespace-l1-1-0

SHBindToParent
SHParseDisplayName
SHGetNameFromIDList
SHGetIDListFromObject
ILCloneFirst
ILCombine
ILGetSize
SHCreateItemFromIDList
SHBindToFolderIDListParent
ILIsParent
SHCreateItemFromParsingName
ILRemoveLastID
ILIsEqual
SHBindToObject
ILFindLastID
ILClone
ILFree

dxgi

DXGIDeclareAdapterRemovalSupport

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

EnableMouseInPointer
GetPointerType
GetCurrentInputMessageSource
GetPointerDevices
GetPointerInfo

api-ms-win-storage-exports-internal-l1-1-0

SHGetKnownFolderIDList
SHGetFolderPathEx
GetThreadFlags
SetThreadFlags

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFullName
GetPackagesByPackageFamily

api-ms-win-rtcore-ntuser-wmpointer-l1-1-2

SetWindowFeedbackSetting

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

RegisterClipboardFormatW

api-ms-win-shell-dataobject-l1-1-1

DragQueryFileW

api-ms-win-rtcore-ntuser-private-l1-1-0

GetWindowBand
CreateWindowInBand

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

UnregisterPowerSettingNotification
RegisterPowerSettingNotification

api-ms-win-shell-changenotify-l1-1-1

SHChangeNotifyRegister
SHHandleUpdateImage
SHChangeNotifyDeregister
SHChangeNotifyRegisterThread
SHChangeNotification_Unlock
SHChangeNotification_Lock

propsys

PropVariantToBoolean
PSCreateMemoryPropertyStore
PSGetPropertyFromPropertyStorage
InitVariantFromGUIDAsString
InitVariantFromResource
PSPropertyBag_WriteStr
PropVariantToStringAlloc
PropVariantToUInt32
PSPropertyBag_WriteDWORD

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

api-ms-win-shell-dataobject-l1-1-0

SHCreateDataObject

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId
FindPackagesByPackageFamily

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

gdi32

SetTextAlign
GetTextMetricsW
ExtTextOutW
GetTextExtentPoint32W
CreateRectRgnIndirect
GetGlyphOutlineW
GetOutlineTextMetricsW
GetClipRgn
SelectClipRgn
CreateFontIndirectW
SelectObject
CreateCompatibleDC
DeleteDC
GetObjectW
DeleteObject
CombineRgn
OffsetRgn
SetRectRgn
CreateRectRgn
GetStockObject
GetDeviceCaps
SetTextColor
GetCurrentObject
GetClipBox
Rectangle
SetStretchBltMode
ExcludeClipRect
StretchBlt

kernel32

HeapDestroy
HeapReAlloc
HeapSize
GetModuleHandleExA
IsBadWritePtr
RtlCompareMemory

wininet

InternetCrackUrlW

shcore

ord142
ord200
ord184
ord186
ord187
ord123
ord190
ord191
ord121
ord174
ord109
ord126
ord213
ord183
ord210
ord192
ord1
SHUnicodeToAnsi
ord141
ord162

shell32

ord60
SHUpdateRecycleBinIcon
ord711
SHFileOperationW
SHGetPathFromIDListW
ord753
ord733
ord67
SHCreateItemInKnownFolder
ord206
ord201
ord188
ord896
ShellExecuteExW
ord245
ord61
ord89
ord190
ord85
ord100
SHAddToRecentDocs
SHEnableServiceObject
ord54
ord254
DuplicateIcon
SHGetStockIconInfo
ord6
Shell_NotifyIconGetRect
Shell_NotifyIconW
ord137
ord132
ord244
SHEvaluateSystemCommandTemplate
ord866
ord764
SHGetPropertyStoreForWindow
SHGetLocalizedName
ShellExecuteW
ord895
ord906
ord894
SHAppBarMessage
ord162
ord727
ord792
ord790
Shell_GetCachedImageIndexW
ord899
ord43
ord134
ord172
ord680
ord723
ord22
ord907
ord885
ord95
ord850
ord743
ord200
ord91
ExtractIconExW
ord181

shlwapi

AssocCreate
ord164
PathIsDirectoryW
ord413
ord548
ord163
ord467
AssocQueryKeyW
ChrCmpIW
PathIsRelativeW

uxtheme

IsAppThemed
IsCompositionActive
DrawThemeTextEx
IsThemePartDefined
GetThemeFont
GetThemeBackgroundExtent
GetThemeBool
OpenThemeData
OpenThemeDataForDpi
GetThemeMargins
ord138
BufferedPaintSetAlpha
ord126
GetThemePartSize
IsThemeActive
GetBufferedPaintBits
GetThemeInt
GetThemeColor
GetThemeMetric
SetWindowTheme
GetWindowTheme
BufferedPaintUnInit
EndBufferedPaint
BeginBufferedPaint
BufferedPaintInit
CloseThemeData
DrawThemeParentBackground
DrawThemeBackground
ord86

dwmapi

ord114
ord113
DwmRegisterThumbnail
DwmSetWindowAttribute
ord139
ord138
ord141
ord140
DwmGetWindowAttribute
ord159
DwmQueryThumbnailSourceSize
ord124
DwmUpdateThumbnailProperties
DwmUnregisterThumbnail
DwmEnableBlurBehindWindow
DwmIsCompositionEnabled

user32

SetScrollInfo
GetMenuState
IsTopLevelWindow
EndTask
GhostWindowFromHungWindow
ord2573
BringWindowToTop
InsertMenuW
ShowWindowAsync
GetCursorInfo
SetScrollPos
GetMenuStringW
InternalGetWindowText
GetLayeredWindowAttributes
GetPhysicalCursorPos
GetClassLongW
DrawTextExW
IsProcessDPIAware
SetThreadDpiAwarenessContext
GetWindowCompositionAttribute
GetWindowProcessHandle
GetClassLongPtrW
UpdateLayeredWindow
ord2521
UnregisterClassW
ord2522
GetClassWord
WindowFromDC
GetMenuInfo
SetMenuInfo
GetDpiForSystem
GetWindowDpiAwarenessContext
AreDpiAwarenessContextsEqual
CharLowerW
IsCharAlphaNumericW
GetIconInfo
GetLastActivePopup
GetIconInfoExW
SetLayeredWindowAttributes
GetSysColorBrush
GetSystemMenu
GetAsyncKeyState
UnregisterHotKey
RegisterHotKey
SendDlgItemMessageW
EndDialog
ReplyMessage
MonitorFromPoint
GetMenuItemInfoW
GetMenuItemCount
ExitWindowsEx
CreateIconIndirect
GetSubMenu
LoadMenuW
GetKeyState
DrawTextW
FillRect
DeleteMenu
TrackPopupMenuEx
SetMenuDefaultItem
RemoveMenu
EnableMenuItem
CheckMenuItem
LoadImageW
SetGestureConfig
AdjustWindowRectEx
GetDC
ReleaseDC
CreatePopupMenu
IsIconic
LoadIconW
GetSystemMetricsForDpi
ord2005
HungWindowFromGhostWindow
CascadeWindows
TileWindows
LockWorkStation
InjectMouseInput
MapVirtualKeyExW
TrackMouseEvent
SetCapture
GetCapture
InjectKeyboardInput
GetCaretBlinkTime
ReleaseCapture
GetSysColor
CopyImage
GetDoubleClickTime
CalculatePopupWindowPosition
CopyIcon
GetLastInputInfo
GetCursorFrameInfo
AdjustWindowRect
GetMenuDefaultItem
DestroyMenu
SendInput
SetDesktopColorTransform
UnregisterClassA
LoadCursorW
SetCursor
SetMenuItemInfoW
MonitorFromWindow
DefWindowProcA
IsWindowUnicode
LoadAcceleratorsW
ChangeWindowMessageFilterEx
TranslateAcceleratorW
ord2611
GetDpiForWindow
MonitorFromRect
GetGuiResources
GetScrollInfo
ord2574
IsHungAppWindow
ModifyMenuW
SetWindowCompositionAttribute
DestroyIcon
DrawIconEx
SwitchToThisWindow

sspicli

GetUserNameExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW
PowerSetRequest
PowerCreateRequest

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-kernel32-legacy-l1-1-2

SetTermsrvAppInstallMode

api-ms-win-shell-shdirectory-l1-1-0

ord292

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
StopTraceW
StartTraceW

api-ms-win-core-job-l1-1-0

IsProcessInJob

rpcrt4

RpcBindingFree
NdrClientCall3
RpcStringFreeW
RpcBindingSetAuthInfoExW
I_RpcExceptionFilter
RpcStringBindingComposeW
RpcBindingFromStringBindingW

api-ms-win-appmodel-runtime-l1-1-3

GetStagedPackagePathByFullName2

api-ms-win-core-biptcltapi-l1-1-7

BiPtQueryWorkItem
BiPtEnumerateWorkItemsForPackageName
BiPtFreeMemory
BiPtAssociateApplicationEntryPoint

api-ms-win-rtcore-ntuser-shell-l1-1-0

GetShellWindow

api-ms-win-ro-typeresolution-l1-1-1

RoCreatePropertySetSerializer

combase

GetErrorInfo
SetErrorInfo

Exports

Exports

g_trayTriageBlock

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 644KB - Virtual size: 642KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

8970a513038eb47c18c01c23c3893b4d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

clbcatq

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 312B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 48B

818f0b11cbba14d2278377dfc403f423

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

mfcsubs

ntdll

api-ms-win-core-com-l1-1-0

oleaut32

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

kernel32

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 130KB

.rdata Size: 64KB - Virtual size: 61KB

.data Size: 12KB - Virtual size: 18KB

.pdata Size: 8KB - Virtual size: 5KB

.didat Size: 4KB - Virtual size: 80B

.rsrc Size: 48KB - Virtual size: 44KB

.reloc Size: 4KB - Virtual size: 3KB

5bd25a3a189a3c31323d2c02495592d7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

api-ms-win-core-com-l1-1-0

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 312B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 48B

.text
Size: 132KB - Virtual size: 130KB

.rdata
Size: 64KB - Virtual size: 61KB

.data
Size: 12KB - Virtual size: 18KB

.pdata
Size: 8KB - Virtual size: 5KB

.didat
Size: 4KB - Virtual size: 80B

.rsrc
Size: 48KB - Virtual size: 44KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 1KB

.pdata
Size: 4KB - Virtual size: 408B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 52B

.rdata
Size: 4KB - Virtual size: 256B

.rsrc
Size: 20KB - Virtual size: 17KB

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

07:f7:5e:02:79:57:b6:f5:08:52:56:46:2d:dd:e2:35:21:d0:a9:f2:b0:67:8d:4c:e5:df:06:54:f7:0b:74:09
Signer

15/12/2022, 13:55
Valid: false