CreateUIInstance
DestroyUIInstance
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Shiratama/2c37032b41b6b2b8cd0bf851e5d25a45/电科文档乱码恢复.exe
Resource
win7-20230703-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
Shiratama/2c37032b41b6b2b8cd0bf851e5d25a45/电科文档乱码恢复.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral3
Sample
Shiratama/d010315437618fddb6e538901b17750c.exe
Resource
win7-20230705-en
windows7-x64
12 signatures
150 seconds
Behavioral task
behavioral4
Sample
Shiratama/d010315437618fddb6e538901b17750c.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
13 signatures
150 seconds
General
-
Target
Shiratama.zip
-
Size
502KB
-
MD5
5ade1615379f42eb53ef61e685f7f825
-
SHA1
63759ee835033980c5c24d8a54d2f11183eb45c8
-
SHA256
e81fce25617caf8ebdc60cced46cfdd1ab71bc2ac1e04d0c94180a4829a662f7
-
SHA512
4382732165b2fe81a3be59bfd22127cca047324f4fe745dff8894ae2c05f03d09c9c8793ce8510272b7b65b5670726baace80e7403820ecc5ec524ac5c669159
-
SSDEEP
12288:aRF3tsp4J7TIGjKSHKZH4jG+2GmUP9jrzsiDDaFWdoqLl5a:aRFupiTHKgG+MUFjrzJKFXqLDa
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Shiratama/2c37032b41b6b2b8cd0bf851e5d25a45/hpcustpartui.dll
Files
-
Shiratama.zip.zip
Password: infected
-
Shiratama/2c37032b41b6b2b8cd0bf851e5d25a45/hpcustpartui.dll.dll windows x64
93a620d8558dac713e2d10dae28753be
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
ReadFile
GetCurrentProcess
SetFilePointer
CreateFileA
CloseHandle
GetFileSize
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetStdHandle
GetFileType
WriteFile
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
SetStdHandle
GetStringTypeW
ReadConsoleW
CreateFileW
HeapSize
HeapReAlloc
WriteConsoleW
SetEndOfFile
Exports
Exports
Sections
.text Size: 88KB - Virtual size: 88KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 248B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Shiratama/2c37032b41b6b2b8cd0bf851e5d25a45/电科文档乱码恢复.exe.exe windows x64
4454219c2600f149810e86fd92309596
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before08/11/2006, 00:00Not After07/11/2021, 23:59SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
44:23:9c:21:87:ef:ae:7b:a9:f3:cd:89:c4:fe:9d:84Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before27/08/2012, 00:00Not After03/09/2015, 23:59SubjectCN=Hewlett Packard,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop Consumer Solutions,O=Hewlett Packard,L=San Diego,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
18:93:74:84:5a:c0:ca:ee:02:64:6a:f7:72:38:e1:f7:7f:c8:a5:c4Signer
Actual PE Digest18:93:74:84:5a:c0:ca:ee:02:64:6a:f7:72:38:e1:f7:7f:c8:a5:c4Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
VerSetConditionMask
GetFullPathNameW
WritePrivateProfileStringA
WritePrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileStringW
VerifyVersionInfoW
SetLastError
QueryPerformanceCounter
GetModuleFileNameW
ExpandEnvironmentStringsW
InitializeCriticalSection
GetCurrentProcessId
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetTickCount
CreateFileW
Sleep
SetFilePointer
WriteFile
CloseHandle
OutputDebugStringW
GetCurrentThreadId
OpenProcess
GetFileAttributesExW
GetCommandLineW
GetTempFileNameW
GetLongPathNameW
SearchPathW
FormatMessageW
LocalFree
CreateMutexW
WaitForSingleObject
CreateFileMappingW
MapViewOfFile
ReleaseMutex
UnmapViewOfFile
LoadLibraryW
GetProcAddress
FreeLibrary
QueryPerformanceFrequency
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
GetUserGeoID
GetGeoInfoW
EnumSystemGeoID
GetLocaleInfoW
CreateSemaphoreW
GetStringTypeW
EncodePointer
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetDateFormatW
GetTimeFormatW
GetStartupInfoW
GetSystemTimeAsFileTime
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
LCMapStringW
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetModuleHandleW
ExitProcess
GetTimeZoneInformation
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
GetVersion
HeapCreate
GetConsoleCP
GetConsoleMode
ReadFile
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetStdHandle
SetEndOfFile
CompareStringW
SetEnvironmentVariableA
ReleaseSemaphore
ExitThread
GetLastError
WideCharToMultiByte
GetUserDefaultLangID
SetFileAttributesW
CopyFileW
MoveFileExW
GetSystemDirectoryW
DeviceIoControl
GetFileTime
GlobalFree
GlobalUnlock
GlobalLock
ProcessIdToSessionId
GlobalAlloc
LocalAlloc
SetCurrentDirectoryW
GetCurrentDirectoryW
GetComputerNameExW
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
GetSystemDefaultUILanguage
GetSystemDefaultLCID
FlushViewOfFile
GetVersionExW
CreateProcessW
GetTempPathW
GetDiskFreeSpaceExW
CreateThread
GetExitCodeThread
GetExitCodeProcess
TerminateThread
CreateEventW
OpenEventW
ResetEvent
SetEvent
GetLocalTime
GetSystemTime
GetFileAttributesW
OpenMutexW
CreateDirectoryW
GetShortPathNameW
GetFileSizeEx
PeekNamedPipe
GetEnvironmentVariableW
TryEnterCriticalSection
WaitForMultipleObjects
CreatePipe
GlobalMemoryStatusEx
OpenFileMappingW
user32
LoadIconW
MsgWaitForMultipleObjectsEx
WaitForInputIdle
GetAsyncKeyState
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
GetKeyState
OpenWindowStationW
CloseWindowStation
GetProcessWindowStation
SetProcessWindowStation
GetThreadDesktop
SetThreadDesktop
OpenDesktopW
CloseDesktop
ExitWindowsEx
AllowSetForegroundWindow
GetSystemMetrics
SystemParametersInfoW
DestroyIcon
RegisterWindowMessageW
SetTimer
GetMessageW
SendMessageCallbackW
shlwapi
PathFindExtensionW
PathIsFileSpecW
PathFindFileNameW
PathRemoveFileSpecW
psapi
EnumProcesses
GetModuleFileNameExW
EnumProcessModules
GetModuleBaseNameW
advapi32
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
GetUserNameW
RegEnumValueW
RegDeleteValueW
RegSetValueExW
CheckTokenMembership
OpenProcessToken
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegEnumKeyExW
shell32
ShellExecuteExW
ExtractIconW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW
ole32
CoUninitialize
CLSIDFromString
CoCreateInstance
CoCreateGuid
OleInitialize
OleUninitialize
CreateStreamOnHGlobal
CoInitializeSecurity
CoSetProxyBlanket
CoInitialize
CoInitializeEx
oleaut32
VariantCopy
VariantClear
SysAllocString
SysFreeString
rpcrt4
UuidToStringW
RpcStringFreeW
UuidCreate
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
secur32
GetUserNameExW
Sections
.text Size: 248KB - Virtual size: 247KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 109KB - Virtual size: 109KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 196KB - Virtual size: 195KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Shiratama/d010315437618fddb6e538901b17750c.exe.exe windows x86
fb3bb2a326a35ae09397b565839e4f1b
Code Sign
cd:79:ef:70:ea:e1:55:19:15:ba:7d:89:03:6a:4b:a5Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/01/2021, 00:00Not After12/01/2024, 23:59SubjectCN=AI Harbor Company Limited,O=AI Harbor Company Limited,STREET=33F TML Tower 3 Hoi Shing Road Tsuen Wan Hong Kong (SAR),L=Hong Kong,C=HKExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/03/2019, 00:00Not After31/12/2028, 23:59SubjectCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before03/05/2023, 00:00Not After02/08/2034, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
cd:79:ef:70:ea:e1:55:19:15:ba:7d:89:03:6a:4b:a5Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/01/2021, 00:00Not After12/01/2024, 23:59SubjectCN=AI Harbor Company Limited,O=AI Harbor Company Limited,STREET=33F TML Tower 3 Hoi Shing Road Tsuen Wan Hong Kong (SAR),L=Hong Kong,C=HKExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/03/2019, 00:00Not After31/12/2028, 23:59SubjectCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before03/05/2023, 00:00Not After02/08/2034, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
fe:3b:cf:86:39:ec:d6:2f:f3:b9:2e:f9:47:56:96:05:63:23:4c:90:71:ce:df:62:f1:82:b1:95:af:17:af:1aSigner
Actual PE Digestfe:3b:cf:86:39:ec:d6:2f:f3:b9:2e:f9:47:56:96:05:63:23:4c:90:71:ce:df:62:f1:82:b1:95:af:17:af:1aDigest Algorithmsha256PE Digest Matchesfalse39:a6:0b:a0:ec:30:54:8c:31:6f:6d:3c:84:23:47:b9:7b:53:39:78Signer
Actual PE Digest39:a6:0b:a0:ec:30:54:8c:31:6f:6d:3c:84:23:47:b9:7b:53:39:78Digest Algorithmsha1PE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ConvertThreadToFiber
CreateFiber
DeleteCriticalSection
DeleteFiber
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
SwitchToFiber
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualProtectEx
VirtualQuery
msvcrt
__getmainargs
__initenv
__lconv_init
__p__acmdln
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_initterm
_iob
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf
rpcrt4
UuidFromStringA
user32
CreateWindowExA
DefWindowProcA
DispatchMessageA
GetMessageA
LoadCursorA
LoadIconA
MessageBoxA
PostQuitMessage
RegisterClassExA
TranslateMessage
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 1000B
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 52B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
/4 Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/19 Size: 241KB - Virtual size: 241KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/31 Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/45 Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/57 Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/70 Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/81 Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/92 Size: 1024B - Virtual size: 608B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ