WorkshopDL[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

WorkshopDL.zip
Size

2.2MB
MD5

c60eee58ee7bd368e040761478c46b5c
SHA1

697d4ef84e9745baf148cc56e31c7d64a1e3371a
SHA256

5232efc248f0ea5e2f450faef60d59c4c7b503a2de3645c78cc3603df2493086
SHA512

0ebe70699c0dd19b9a50eacbf64446cc87d3931c52f5ab8ef95e1d9f07f9b41e917f3eefe9829eeaf36b209bb7d6a7982b745499e9f282b471e4bf70d4a90cba
SSDEEP

49152:TLB6yube0yONVGHY19NMuU+bQVWZBoo4h4e3INg7BESxF7/Yo+4:p6yub7yONwN/+8VWZBt4X3Ug9EAN/L+4

Score

3^/10

Malware Config

Signatures

Unsigned PE 21 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Modules/AdvTray.mfx
unpack001/Modules/Archive.mfx
unpack001/Modules/Download.mfx
unpack001/Modules/Get.mfx
unpack001/Modules/KcBoxA.mfx
unpack001/Modules/KcBoxB.mfx
unpack001/Modules/KcButton.mfx
unpack001/Modules/PopupMenu.mfx
unpack001/Modules/ProgressBar.mfx
unpack001/Modules/TreeControl.mfx
unpack001/Modules/fcFolder.mfx
unpack001/Modules/kccombo.mfx
unpack001/Modules/kcedit.mfx
unpack001/Modules/kcfile.mfx
unpack001/Modules/kcini.mfx
unpack001/Modules/kcinput.mfx
unpack001/Modules/kclist.mfx
unpack001/Modules/kcpop.mfx
unpack001/Modules/kcriched.mfx
unpack001/Modules/kcwctrl.mfx
unpack001/WorkshopDL.exe

Files

WorkshopDL.zip
.zip
Modules/AdvTray.mfx
.dll windows x86

adfdfb55da2524187c8d8fcb433d7624

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mmfs2

ord383

kernel32

GetModuleFileNameA
DecodePointer
GetLastError
FormatMessageA
GetModuleHandleA
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
HeapAlloc
LCMapStringW
HeapFree
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize

user32

FindWindowExA
LoadIconA
GetCursorPos
GetWindowRect
ShowWindow
DrawAnimatedRects
GetTitleBarInfo
FindWindowA

shell32

ExtractIconA
Shell_NotifyIconA

Exports

Exports

ContinueRunObject
CreateFromFile
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
DuplicateObject
EditDebugItem
EditObject
EditParameter
EditProp
EndApp
EndFrame
Free
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetDebugItem
GetDebugTree
GetDependencies
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionParam
GetExpressionString
GetExpressionTitle
GetFilters
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetParameterString
GetPropCheck
GetPropCreateParam
GetPropValue
GetProperties
GetRegID
GetRunObjectDataSize
GetRunObjectInfos
GetTextAlignment
GetTextCaps
GetTextClr
GetTextFont
HandleRunObject
InitParameter
Initialize
IsPropEnabled
IsTransparent
LoadObject
PauseRunObject
PrepareToWriteObject
PutObject
ReleasePropCreateParam
ReleaseProperties
RemoveObject
SetPropCheck
SetPropValue
SetTextAlignment
SetTextClr
SetTextFont
StartApp
StartFrame
UnloadObject
UpdateEditStructure
UpdateFileNames
UsesFile
WindowProc

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/Archive.mfx
.dll windows x86

c280913dfe896887accb6737462d3ee8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
CloseHandle
GetFileSize
CreateFileA
GetFileAttributesA
InterlockedExchange
CreateThread
FindFirstFileA
CreateDirectoryA
Sleep
SetFilePointer
ReadFile
SystemTimeToFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryA
SetFileTime
FileTimeToSystemTime
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
GetLocalTime
UnmapViewOfFile
GetTickCount
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
GetSystemTimeAsFileTime

user32

wsprintfA
GetDesktopWindow

msvcp90

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

msvcr90

_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
memmove_s
??_V@YAXPAX@Z
remove
memset
memcpy
calloc
free
__CxxFrameHandler3
strstr
_stricmp
rand
srand
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
??0exception@std@@QAE@XZ
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
malloc
_invalid_parameter_noinfo

Exports

Exports

ContinueRunObject
CreateFromFile
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
DuplicateObject
EditDebugItem
EditObject
EditParameter
EditProp
EndApp
EndFrame
Free
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetDebugItem
GetDebugTree
GetDependencies
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionParam
GetExpressionString
GetExpressionTitle
GetFilters
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetParameterString
GetPropCheck
GetPropCreateParam
GetPropValue
GetProperties
GetRegID
GetRunObjectDataSize
GetRunObjectInfos
GetTextAlignment
GetTextCaps
GetTextClr
GetTextFont
HandleRunObject
InitParameter
Initialize
IsPropEnabled
IsTransparent
LoadObject
PauseRunObject
PrepareToWriteObject
PutObject
ReleasePropCreateParam
ReleaseProperties
RemoveObject
SetPropCheck
SetPropValue
SetTextAlignment
SetTextClr
SetTextFont
StartApp
StartFrame
UnloadObject
UpdateEditStructure
UpdateFileNames
UsesFile

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/Download.mfx
.dll windows x86

6ccbc6e5ee4a90207502a7f69462fc26

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryW
CloseHandle
TerminateThread
WaitForSingleObject
CreateFileW
Sleep
WriteFile
OutputDebugStringW

winmm

timeGetTime

msvcrt

_wcsdup
free
_wtoi
_ftol
_beginthreadex
_wtoi64
malloc
_initterm
_adjust_fdiv

Exports

Exports

ContinueRunObject
CreateFromFile
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
DuplicateObject
EditDebugItem
EditObject
EditParameter
EditProp
EndApp
EndFrame
Free
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetDebugItem
GetDebugTree
GetDependencies
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionParam
GetExpressionString
GetExpressionTitle
GetFilters
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetParameterString
GetPropCheck
GetPropCreateParam
GetPropValue
GetProperties
GetRunObjectDataSize
GetRunObjectInfos
GetTextAlignment
GetTextCaps
GetTextClr
GetTextFont
HandleRunObject
InitParameter
Initialize
IsPropEnabled
IsTransparent
LoadObject
PauseRunObject
PrepareToWriteObject
PutObject
ReleasePropCreateParam
ReleaseProperties
RemoveObject
SetPropCheck
SetPropValue
SetTextAlignment
SetTextClr
SetTextFont
StartApp
StartFrame
UnloadObject
UpdateEditStructure
UpdateFileNames
UsesFile

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/Get.mfx
.dll windows x86

61d29fbd6ac69b706207394c13f96389

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEvent
OutputDebugStringW
MultiByteToWideChar
InterlockedExchange
CreateThread
GetLastError
WaitForSingleObject
Sleep
CloseHandle
InterlockedCompareExchange
CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueTimer
DeleteTimerQueue
WideCharToMultiByte
OutputDebugStringA
DecodePointer
SetEndOfFile
HeapReAlloc
HeapSize
GlobalAlloc
GetFileAttributesW
CreateEventW
FormatMessageW
WriteConsoleW
FlushFileBuffers
SetStdHandle
CreateFileW
GetStringTypeW
SetConsoleCtrlHandler
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ReadFile
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
HeapAlloc
HeapFree
GetCurrentThread
GetACP
GetStdHandle
GetFileType
GetConsoleMode
ReadConsoleW
SetFilePointerEx
WriteFile
GetConsoleCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WaitForSingleObjectEx

user32

wsprintfW
MessageBoxW
GetPropW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysFreeString

wininet

InternetCanonicalizeUrlW
InternetCrackUrlW
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetReadFile
InternetQueryOptionW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoA
HttpQueryInfoW
InternetSetOptionW

Exports

Exports

ContinueRunObject
CreateFromFile
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
DuplicateObject
EditDebugItem
EditObject
EditParameter
EditProp
EndApp
EndFrame
Free
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetDebugItem
GetDebugTree
GetDependencies
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionParam
GetExpressionString
GetExpressionTitle
GetFilters
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetParameterString
GetPropCheck
GetPropCreateParam
GetPropValue
GetProperties
GetRunObjectDataSize
GetRunObjectInfos
HandleRunObject
InitParameter
Initialize
IsPropEnabled
IsTransparent
LoadObject
PauseRunObject
PrepareAndroidBuild
PrepareToWriteObject
PutObject
ReleasePropCreateParam
ReleaseProperties
RemoveObject
SetPropCheck
SetPropValue
StartApp
StartFrame
UnloadObject
UpdateEditStructure
UpdateFileNames
UsesFile

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/KcBoxA.mfx
.dll windows x86

c2cabe8290915bcd7397e0dbd553cb6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
GlobalFree
GlobalLock
WriteFile
MultiByteToWideChar
GlobalUnlock
GlobalAlloc
GlobalAddAtomW
GlobalDeleteAtom
ReadFile

user32

GetSysColor
GetActiveWindow
CopyRect
ReleaseCapture
GetCapture
KillTimer
SetPropW
SendMessageW
GetClientRect
CreateWindowExW
LoadStringW
RemovePropW
DestroyWindow
EnableMenuItem
GetParent
GetKeyState
GetDC
ReleaseDC
GetCursorPos
ChildWindowFromPoint
SetTimer
LoadCursorW
SetCapture
PostMessageW
CheckMenuItem
GetMessageTime
GetMenu
GetMenuState
GetWindowLongW
GetWindowRect
ScreenToClient
ClientToScreen
GetPropW

gdi32

SetPixel
SelectObject
DeleteObject
CreateCompatibleDC
CreateFontIndirectW
CreateCompatibleBitmap
GetDIBits
GetDeviceCaps
DeleteDC

mmfs2

ord585
ord493
ord169
ord541
ord476
ord724
ord520
ord343
ord756
ord620
ord762
ord170
ord286
ord1029
ord679
ord372
ord753
ord445
ord355
ord1076
ord1075
ord1072
ord34
ord39
ord50
ord176
ord24
ord18
ord47
ord1068
ord443
ord264

comctl32

ord17

msvcrt

calloc
realloc
malloc
??3@YAXPAX@Z
??2@YAPAXI@Z
_ftol
wcslen
wcscpy
wcscmp
_initterm
_adjust_fdiv
free

Exports

Exports

ContinueRunObject
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
EditorDisplay
EndApp
EndFrame
EnumElts
Free
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionString
GetExpressionTitle
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetRunObjectDataSize
GetRunObjectFont
GetRunObjectInfos
GetRunObjectTextColor
GetTextAlignment
GetTextCaps
GetTextClr
GetTextFont
HandleRunObject
Initialize
LoadRunObject
MakeIconEx
PauseRunObject
ReInitRunObject
SaveRunObject
SelectPopup
SetEditSize
SetRunObjectFont
SetRunObjectTextColor
SetTextAlignment
SetTextClr
SetTextFont
StartApp
StartFrame
UpdateEditStructure
WToA
WindowProc

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/KcBoxB.mfx
.dll windows x86

28d4bec7523689f23e5fa36dec91f3ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
GlobalFree
GlobalLock
MultiByteToWideChar
GlobalUnlock
GlobalAlloc
GlobalAddAtomW
GlobalDeleteAtom
ReadFile
WriteFile

user32

SetPropW
GetCapture
ReleaseCapture
SendMessageW
GetActiveWindow
GetSysColor
GetDC
ReleaseDC
GetClientRect
CreateWindowExW
GetPropW
GetCursorPos
GetMessageTime
GetParent
GetWindowLongW
ScreenToClient
EnableMenuItem
GetMenu
DestroyWindow
RemovePropW
LoadStringW
CopyRect

gdi32

SetPixel
SelectObject
DeleteObject
CreateCompatibleDC
GetDeviceCaps
CreateFontIndirectW
CreateCompatibleBitmap
GetDIBits
DeleteDC

mmfs2

ord50
ord176
ord18
ord47
ord1068
ord443
ord264
ord493
ord169
ord541
ord476
ord34
ord1072
ord1075
ord1076
ord355
ord445
ord753
ord372
ord39
ord679
ord1029
ord286
ord170
ord762
ord620
ord756
ord343
ord520
ord585
ord724

comctl32

ord17

msvcrt

_adjust_fdiv
_initterm
wcscmp
wcscpy
wcslen
_ftol
??2@YAPAXI@Z
??3@YAXPAX@Z
malloc
realloc
calloc
free

Exports

Exports

ContinueRunObject
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
EditorDisplay
EndApp
EndFrame
EnumElts
Free
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionString
GetExpressionTitle
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetRunObjectDataSize
GetRunObjectFont
GetRunObjectInfos
GetRunObjectTextColor
GetTextAlignment
GetTextCaps
GetTextClr
GetTextFont
HandleRunObject
Initialize
LoadRunObject
MakeIconEx
PauseRunObject
ReInitRunObject
SaveRunObject
SelectPopup
SetEditSize
SetRunObjectFont
SetRunObjectTextColor
SetTextAlignment
SetTextClr
SetTextFont
StartApp
StartFrame
UpdateEditStructure
WToA
WindowProc

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 950B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/KcButton.mfx
.dll windows x86

79f391906f526c5900e0665d2a0a04f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalLock
MultiByteToWideChar
GlobalUnlock
GlobalAlloc
ReadFile
WriteFile
GlobalFindAtomW
FreeLibrary
LoadLibraryW
GetProcAddress
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc

user32

GetMessagePos
KillTimer
CallWindowProcW
GetPropW
SetTimer
InvalidateRect
GetClientRect
PostMessageW
EndPaint
IsWindowEnabled
SendMessageW
GetWindowTextW
GetWindowRect
BeginPaint
MapWindowPoints
GetParent
CreateWindowExW
DestroyWindow
EnableWindow
EnableMenuItem
GetWindowTextLengthW
IsWindowVisible
CheckMenuItem
DrawFrameControl
CopyRect
DrawTextW
OffsetRect
GetSysColor
SetWindowRgn
SetWindowTextW
SetWindowPos
ShowWindow
UpdateWindow
IsWindow
GetMenu
GetMenuState
ScreenToClient
SetWindowLongW

gdi32

SelectObject
RealizePalette
SelectPalette
CreateSolidBrush
CreateFontIndirectW
DeleteObject
StretchDIBits
DeleteDC
GetDIBits
CreateCompatibleDC
CreateCompatibleBitmap
CombineRgn
CreateRectRgn
OffsetRgn
ExtCreateRegion
SetTextColor
SetBkMode
GetStockObject
BitBlt

mmfs2

ord490
ord28
ord153
ord47
ord17
ord16
ord50
ord170
ord756
ord445
ord753
ord571
ord1062
ord179
ord554
ord264
ord169
ord585
ord520
ord30
ord489
ord172
ord372
ord1058
ord343
ord710
ord286
ord373

msvcrt

calloc
free
wcscpy
wcslen
malloc
_ftol
realloc
wcscmp
__dllonexit
_onexit
_initterm
_adjust_fdiv

Exports

Exports

ContinueRunObject
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
EditObject
EditProp
EditorDisplay
EnumElts
ExportTexts
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionString
GetExpressionTitle
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetPropCheck
GetPropValue
GetProperties
GetRunObjectDataSize
GetRunObjectFont
GetRunObjectInfos
GetRunObjectTextColor
GetTextCaps
GetTextFont
HandleRunObject
ImportTexts
Initialize
IsPropEnabled
LoadRunObject
MakeIconEx
PauseRunObject
ReInitRunObject
SaveRunObject
SetEditSize
SetPropCheck
SetPropValue
SetRunObjectFont
SetRunObjectTextColor
SetTextFont
UpdateEditStructure
WindowProc

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/PopupMenu.mfx
.dll windows x86

1b9c4a2d7aacf5d861a60f7073fed377

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
SetFilePointer
ReadFile
GlobalAlloc
MultiByteToWideChar
InterlockedIncrement

user32

EnableMenuItem
CheckMenuItem
TrackPopupMenu
ClientToScreen
GetCursorPos
DeleteMenu
LoadMenuW
LoadStringW
RegisterClassExW
LoadCursorW
EndPaint
BeginPaint
GetWindowLongW
DefWindowProcW
GetMenuState
SetMenuItemInfoW
GetMenuItemCount
GetMenuItemInfoW
GetWindowRect
SetWindowPos
DestroyMenu
DestroyWindow
CreateWindowExW
SetWindowLongW
CreatePopupMenu
AppendMenuW
GetMenuStringW

msvcrt

_adjust_fdiv
_initterm
_wcsicmp
malloc
free
??2@YAPAXI@Z
wcslen
wcscpy
??3@YAXPAX@Z

Exports

Exports

ContinueRunObject
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
EditProp
Free
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetDebugItem
GetDebugTree
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionParam
GetExpressionString
GetExpressionTitle
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetProperties
GetRunObjectDataSize
GetRunObjectInfos
HandleRunObject
Initialize
LoadRunObject
PauseRunObject
ReInitRunObject
SaveRunObject
SelectPopup
UpdateEditStructure

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 478B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/ProgressBar.mfx
.dll windows x86

12a45afa25d6330bd38f6c772d8c6065

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

DispatchMessageA
TranslateMessage
IsDialogMessageA
PeekMessageA
GetSystemMetrics
GetSysColor
CreateDialogParamA
DestroyWindow
GetPropA
AdjustWindowRect
SetWindowPos
GetWindowLongA
SendDlgItemMessageA
SetWindowLongA
SendMessageA
GetDlgItem
ShowWindow
CreateWindowExA
EnableWindow

msvcrt

_adjust_fdiv
malloc
_initterm
free
??3@YAXPAX@Z
_ftol
??2@YAPAXI@Z

Exports

Exports

ContinueRunObject
CreateFromFile
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
EditObject
EditorDisplay
EnumElts
Free
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionString
GetExpressionTitle
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetRunObjectDataSize
GetRunObjectInfos
HandleRunObject
Initialize
IsTransparent
LoadObject
MakeIcon
PauseRunObject
PrepareToWriteObject
PutObject
RemoveObject
SetEditSize
UnloadObject
UpdateEditStructure
UpdateFileNames
UsesFile
WindowProc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 594B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/TreeControl.mfx
.dll windows x86

7b367168d0db1274b9da0dea1b6abf63

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
FindClose
GlobalLock
FindFirstFileW
GlobalUnlock
GlobalAlloc
CreateFileW
CloseHandle
SetFilePointer
WriteFile
MultiByteToWideChar
ReadFile
FindNextFileW

user32

CreateWindowExW
DestroyWindow
SetWindowPos
GetWindowRect
SendMessageW
DestroyIcon
LoadIconW
GetDC
ReleaseDC
GetWindowTextLengthW
GetWindowTextW
GetMessagePos
ScreenToClient
GetPropW
LoadStringW
GetMenuStringW
LoadMenuW
GetSubMenu
CreatePopupMenu
DestroyMenu
SetFocus
MoveWindow
EnableWindow
ShowWindow
wsprintfW
GetFocus
IsWindowVisible
InvalidateRect

gdi32

DeleteObject
CreateFontIndirectW
GetDeviceCaps

mmfs2

ord677
ord1057
ord476
ord724
ord344
ord611
ord1062
ord785
ord280
ord254
ord264
ord169
ord571
ord383
ord170
ord286
ord443
ord34
ord685
ord372

comctl32

ImageList_Destroy
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Create

msvcrt

wcscpy
wcslen
??2@YAPAXI@Z
wcscat
memmove
wcschr
swscanf
_wtoi
wcscmp
_wcsicmp
_ftol
_CIpow
free
_initterm
malloc
_adjust_fdiv
??3@YAXPAX@Z

Exports

Exports

ContinueRunObject
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
EditObject
EditProp
EditorDisplay
EnumElts
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetDebugItem
GetDebugTree
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionParam
GetExpressionString
GetExpressionTitle
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetPropCheck
GetPropValue
GetProperties
GetRunObjectDataSize
GetRunObjectFont
GetRunObjectInfos
GetRunObjectTextColor
GetTextCaps
GetTextClr
GetTextFont
HandleRunObject
LoadRunObject
PauseRunObject
ReInitRunObject
SaveRunObject
SetEditSize
SetPropCheck
SetPropValue
SetRunObjectFont
SetRunObjectTextColor
SetTextClr
SetTextFont
UpdateEditStructure
WindowProc

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/appids.txt
Modules/fcFolder.mfx
.dll windows x86

b721f9459d6f66b03b3fb40e61b21313

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

FreeLibrary
GetProcAddress
GetShortPathNameW
GetLongPathNameW
GetLastError
FindClose
LoadLibraryW
CreateDirectoryW
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileW
GetUserDefaultLangID
FlushFileBuffers
DecodePointer
RemoveDirectoryW
GetFileAttributesExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapSize
GetTimeZoneInformation
WriteFile
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RaiseException
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
WriteConsoleW
SetFileAttributesW
CreateFileW
GetDriveTypeW
GetFileType
CloseHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
CompareStringW
LCMapStringW
SetStdHandle
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ord239
ord43
ShellExecuteW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

Exports

Exports

ContinueRunObject
CreateFromFile
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
DuplicateObject
EditDebugItem
EditParameter
EditProp
EndApp
EndFrame
Free
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetDebugItem
GetDebugTree
GetDependencies
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionParam
GetExpressionString
GetExpressionTitle
GetFilters
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetParameterString
GetPropCheck
GetPropCreateParam
GetPropValue
GetProperties
GetRunObjectDataSize
GetRunObjectInfos
GetTextAlignment
GetTextCaps
GetTextClr
GetTextFont
HandleRunObject
InitParameter
Initialize
IsPropEnabled
IsTransparent
LoadObject
PauseRunObject
PrepareToWriteObject
PutObject
ReleasePropCreateParam
ReleaseProperties
RemoveObject
SetPropCheck
SetPropValue
SetTextAlignment
SetTextClr
SetTextFont
StartApp
StartFrame
UnloadObject
UpdateEditStructure
UpdateFileNames
UsesFile

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/games.txt
Modules/kccombo.mfx
.dll windows x86

e5c1633fbfa4ca732dadbfe413072472

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
MultiByteToWideChar
GlobalUnlock
GlobalAlloc
MulDiv
FindFirstFileW
FindNextFileW
FindClose
GlobalFindAtomW
ReadFile
GlobalFree
WriteFile

user32

GetWindowTextLengthW
InvalidateRect
SetFocus
GetDC
wsprintfW
GetWindowDC
ReleaseDC
GetFocus
GetParent
SetPropW
CallWindowProcW
GetPropW
EnableWindow
SetWindowTextW
GetWindowTextW
GetClientRect
SetWindowPos
ShowWindow
UpdateWindow
DestroyWindow
CreateWindowExW
SendMessageW
SetWindowLongW
GetSysColor

gdi32

EnumFontFamiliesExW
EnumFontFamiliesW
GetDeviceCaps
CreateSolidBrush
CreateFontIndirectW
DeleteObject
SetBkColor
SetBkMode
SetTextColor

mmfs2

ord47
ord16
ord1075
ord17

msvcrt

free
malloc
memcpy
wcslen
_ftol
wcscpy
memset
swprintf
calloc
strcpy
strlen
_initterm
_adjust_fdiv
wcscat

Exports

Exports

ContinueRunObject
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
EditObject
EditorDisplay
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetDebugItem
GetDebugTree
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionParam
GetExpressionString
GetExpressionTitle
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetPropCheck
GetPropValue
GetProperties
GetRunObjectDataSize
GetRunObjectFont
GetRunObjectInfos
GetRunObjectTextColor
GetTextCaps
GetTextClr
GetTextFont
HandleRunObject
IsPropEnabled
LoadRunObject
PauseRunObject
ReInitRunObject
SaveRunObject
SetEditSize
SetPropCheck
SetPropValue
SetRunObjectFont
SetRunObjectTextColor
SetTextClr
SetTextFont
UpdateEditStructure
WindowProc

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 690B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/kcedit.mfx
.dll windows x86

7151a7218ab54b5257a153c7e592ff93

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
GlobalFree
WriteFile
GlobalFindAtomW
ReadFile

user32

InvalidateRect
SetWindowLongW
SendMessageW
GetWindowRect
CreateWindowExW
DestroyWindow
UpdateWindow
ShowWindow
SetWindowPos
MapWindowPoints
GetParent
SetFocus
GetSysColor
LoadStringW
SetWindowTextW
GetFocus
GetKeyState
CallWindowProcW
EnableWindow
GetWindowTextLengthW
GetWindowTextW
GetClientRect
GetPropW

gdi32

BitBlt
CreateFontIndirectW
DeleteObject
RealizePalette
SelectPalette
SetBkColor
GetStockObject
SetTextColor
SetBkMode
CreateSolidBrush

comdlg32

ChooseColorW
GetSaveFileNameW
GetOpenFileNameW
ChooseFontW

mmfs2

ord47
ord16
ord30
ord28
ord1075
ord1076
ord17

msvcrt

free
wcscpy
calloc
wcsspn
wcscat
wcsncpy
wcslen
_wtol
_ftol
malloc
_adjust_fdiv
_initterm

Exports

Exports

ContinueRunObject
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
EditDebugItem
EditorDisplay
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetDebugItem
GetDebugTree
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionString
GetExpressionTitle
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetPropCheck
GetPropValue
GetProperties
GetRunObjectDataSize
GetRunObjectFont
GetRunObjectInfos
GetRunObjectTextColor
GetTextAlignment
GetTextCaps
GetTextClr
GetTextFont
HandleRunObject
Initialize
IsPropEnabled
LoadRunObject
PauseRunObject
ReInitRunObject
SaveRunObject
SetEditSize
SetPropCheck
SetPropValue
SetRunObjectFont
SetRunObjectTextColor
SetTextAlignment
SetTextClr
SetTextFont
UpdateEditStructure
WToA
WindowProc

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 730B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/kcfile.mfx
.dll windows x86

24a4c462ef36770e86c586341f070bd8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

mmfs2

ord433
ord432
ord422
ord419
ord1033
ord425

kernel32

SetEndOfFile
HeapReAlloc
HeapSize
GetTimeZoneInformation
WriteConsoleW
SetFilePointerEx
WriteFile
ReadFile
SetErrorMode
CloseHandle
GetDriveTypeW
GetSystemDirectoryW
GetTempPathW
GetTempFileNameW
GetWindowsDirectoryW
CreateFileW
GetVolumeInformationW
WideCharToMultiByte
FlushFileBuffers
GetStringTypeW
GetProcessHeap
GetLogicalDriveStringsW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
DecodePointer
RaiseException
GetFullPathNameW
DeleteFileW
GetFileAttributesExW
MoveFileExW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
HeapAlloc
HeapFree
GetACP
GetConsoleMode
ReadConsoleW
GetConsoleCP
CompareStringW
LCMapStringW
SetStdHandle
GetStdHandle
FindClose
FindFirstFileExA
FindNextFileA

user32

wsprintfW
SendMessageW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetMalloc

ole32

CoUninitialize
CoInitialize

Exports

Exports

ContinueRunObject
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionParam
GetExpressionString
GetExpressionTitle
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetRunObjectDataSize
GetRunObjectInfos
HandleRunObject
LoadRunObject
PauseRunObject
ReInitRunObject
SaveRunObject
UpdateEditStructure

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/kcini.mfx
.dll windows x86

e2787d9a548bd0a3d6305062f94cc683

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
WriteFile
ReadFile
FindClose
OpenFile
GetPrivateProfileStringA
GetPrivateProfileStringW
WritePrivateProfileStringA
WritePrivateProfileStringW
GetWindowsDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
FindFirstFileW
CopyFileW
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
DecodePointer
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
SetEnvironmentVariableW
CreateDirectoryW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapAlloc
HeapFree
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
CreateFileW

user32

wsprintfW

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation

Exports

Exports

ContinueRunObject
CreateFromFile
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
EditDebugItem
EditObject
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetDebugItem
GetDebugTree
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionParam
GetExpressionString
GetExpressionTitle
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetPropCheck
GetPropValue
GetProperties
GetRunObjectDataSize
GetRunObjectInfos
HandleRunObject
Initialize
IsPropEnabled
LoadRunObject
PauseRunObject
ReInitRunObject
SaveRunObject
SetPropCheck
SetPropValue
UpdateEditStructure
UpdateFileNames
UsesFile
WToA

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/kcinput.mfx
.dll windows x86

40d723750076127682978bcb0e5d596e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LockResource
LoadResource
FindResourceA
LocalFree
LocalAlloc
FreeResource

user32

GetSubMenu
CreatePopupMenu
SetDlgItemInt
GetMenuStringA
GetMenuItemID
AppendMenuA
GetMenuItemCount
DestroyMenu
LoadMenuA
LoadStringA
GetWindowLongA
GetDlgItemTextA
EndDialog
SetWindowLongA
SetDlgItemTextA
SendDlgItemMessageA
SetWindowTextA
GetDlgItem
SetFocus
DialogBoxParamA
GetMenuState

msvcrt

_adjust_fdiv
malloc
_initterm
free
atoi
memcpy
atol
strcpy

Exports

Exports

ContinueRunObject
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
EditorDisplay
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionString
GetExpressionTitle
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetRunObjectDataSize
GetRunObjectInfos
HandleRunObject
IsTransparent
LoadObject
MakeIcon
PauseRunObject
PrepareToWriteObject
PutObject
ReInitRunObject
RemoveObject
SelectPopup
UnloadObject
UpdateEditStructure
UpdateFileNames

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 406B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/kclist.mfx
.dll windows x86

a5c593c4385b38deaa1e81d1b807f282

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalLock
MultiByteToWideChar
GlobalUnlock
GlobalAlloc
MulDiv
FindFirstFileW
FindNextFileW
FindClose
ReadFile
WideCharToMultiByte
WriteFile

user32

GetSysColor
InvalidateRect
SetFocus
GetDC
wsprintfW
GetWindowDC
ReleaseDC
GetFocus
GetPropW
EnableWindow
GetClientRect
SetWindowPos
ShowWindow
UpdateWindow
DestroyWindow
CreateWindowExW
SendMessageW

gdi32

CreateSolidBrush
DeleteObject
SetBkColor
SetBkMode
SetTextColor
EnumFontFamiliesExW
GetDeviceCaps
EnumFontFamiliesW
CreateFontIndirectW

mmfs2

ord47
ord17
ord1076
ord1075
ord16

msvcrt

wcslen
_ftol
free
wcscpy
wcscat
swprintf
calloc
_initterm
_adjust_fdiv
malloc

Exports

Exports

ContinueRunObject
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
EditObject
EditorDisplay
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetDebugItem
GetDebugTree
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionParam
GetExpressionString
GetExpressionTitle
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetPropCheck
GetPropValue
GetProperties
GetRunObjectDataSize
GetRunObjectFont
GetRunObjectInfos
GetRunObjectTextColor
GetTextCaps
GetTextClr
GetTextFont
HandleRunObject
IsPropEnabled
LoadRunObject
PauseRunObject
ReInitRunObject
SaveRunObject
SetEditSize
SetPropCheck
SetPropValue
SetRunObjectFont
SetRunObjectTextColor
SetTextClr
SetTextFont
UpdateEditStructure
WToA
WindowProc

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/kcpop.mfx
.dll windows x86

3c95d96c7466e1ad1194df46d0bfa957

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LockResource
LoadResource
FindResourceA
LocalFree
LocalAlloc
FreeResource

user32

LoadMenuA
LoadStringA
DestroyMenu
AppendMenuA
GetMenuItemID
GetMenuStringA
GetMenuState
CreatePopupMenu
GetSubMenu
MessageBoxA
GetMenuItemCount

msvcrt

_adjust_fdiv
malloc
_initterm
free
memcpy
strcpy

Exports

Exports

ContinueRunObject
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
EditorDisplay
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionString
GetExpressionTitle
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetRunObjectDataSize
GetRunObjectInfos
HandleRunObject
IsTransparent
LoadObject
MakeIcon
PauseRunObject
PrepareToWriteObject
PutObject
ReInitRunObject
RemoveObject
SelectPopup
UnloadObject
UpdateEditStructure
UpdateFileNames

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/kcriched.mfx
.dll windows x86

c3caddc7e2406a2751fef16e23966102

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFindAtomW
MultiByteToWideChar
CloseHandle
CreateFileW
ReadFile
WriteFile
SetFilePointer
FreeLibrary
LoadLibraryW

user32

ValidateRect
CallWindowProcW
EnableWindow
IsWindowEnabled
SetWindowLongW
GetClientRect
GetSysColor
SendMessageW
CreateWindowExW
DestroyWindow
UpdateWindow
ShowWindow
SetWindowPos
MessageBoxW
SetFocus
LoadStringW
GetDC
ReleaseDC
IsClipboardFormatAvailable
GetFocus
ChildWindowFromPoint
MapWindowPoints
InSendMessage
LoadCursorW
SetCursor
PostMessageW
GetPropW

gdi32

StartDocW
DeleteObject
GetTextExtentPoint32W
SelectObject
AbortDoc
EndDoc
EndPage
StartPage
SetBkMode
GetDeviceCaps
Escape
CreateFontIndirectW

comdlg32

GetOpenFileNameW
ChooseFontW
ChooseColorW
PrintDlgW
GetSaveFileNameW

ole32

CoCreateInstance
CoRegisterClassObject
OleInitialize
OleUninitialize
CoRevokeClassObject
CoLockObjectExternal
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal

mmfs2

ord17
ord16
ord1036
ord47
ord1062
ord1048

msvcrt

_ftol
free
wcscpy
_wcsicmp
wcslen
_wmakepath
_wsplitpath
malloc
_wtoi
wcschr
wcsncpy
??3@YAXPAX@Z
??2@YAPAXI@Z
_initterm
_adjust_fdiv
calloc

Exports

Exports

ContinueRunObject
CreateFromFile
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
EditorDisplay
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionParam
GetExpressionString
GetExpressionTitle
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetPropCheck
GetPropValue
GetProperties
GetRunObjectDataSize
GetRunObjectInfos
GetTextCaps
GetTextClr
GetTextFont
HandleRunObject
IsPropEnabled
LoadRunObject
PauseRunObject
ReInitRunObject
SaveRunObject
SelectPopup
SetEditSize
SetPropCheck
SetPropValue
SetTextClr
SetTextFont
UpdateEditStructure
UpdateFileNames
UsesFile
WindowProc

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/kcwctrl.mfx
.dll windows x86

92322080accb4919c9d313df6d7159b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mmfs2

ord19
ord101
ord102
ord103
ord16
ord32
ord173
ord174
ord372
ord610
ord493
ord341
ord417
ord342
ord445
ord361
ord1000
ord982
ord63

user32

GetActiveWindow
SetFocus
IsZoomed
IsIconic
GetSystemMetrics
SetWindowPos
FlashWindow
ShowWindow
IsWindow
SendMessageW
GetFocus
GetDC
ReleaseDC
InvalidateRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
GetWindowRect
AdjustWindowRect
ScreenToClient
MapWindowPoints
GetWindowLongW
GetParent
SetParent
FindWindowW
MonitorFromWindow
GetMonitorInfoW
IsWindowVisible

gdi32

GetDeviceCaps

kernel32

DecodePointer
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
CreateFileW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
HeapFree
HeapAlloc
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentStringsW
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetModuleFileNameA
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW

Exports

Exports

ContinueRunObject
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetDebugItem
GetDebugTree
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionString
GetExpressionTitle
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetRunObjectDataSize
GetRunObjectInfos
HandleRunObject
PauseRunObject
ReInitRunObject
WindowProc

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/mmfs2.dll
.dll windows x86

fb76a0ebed426f70a384439c25a3c837

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:06:71:9c:4a:1a:31:e2:5f:f2:72:51:72:f1:b6:3c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/11/2020, 00:00

Not After

08/01/2023, 23:59

Subject

CN=Clickteam SARL,O=Clickteam SARL,L=Boulogne Billancourt,ST=Ile de France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6e:24:42:a9:0d:79:7f:c2:14:4e:bc:30:e3:c0:ff:43:4e:bd:74:f3
Signer

Actual PE Digest

6e:24:42:a9:0d:79:7f:c2:14:4e:bc:30:e3:c0:ff:43:4e:bd:74:f3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeSetEvent
timeGetTime
mciSendCommandW
mciSendCommandA
timeKillEvent

ddraw

DirectDrawCreate

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExA
LCMapStringW
DecodePointer
GetProcessHeap
HeapReAlloc
GetACP
GetStdHandle
HeapAlloc
GetModuleHandleExW
ExitProcess
HeapCompact
HeapSize
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
EncodePointer
SetLastError
InterlockedFlushSList
RaiseException
RtlUnwind
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetVersion
InterlockedExchange
LocalFree
LocalAlloc
WriteConsoleW
SetErrorMode
GetCurrentProcessId
FindResourceA
GetSystemInfo
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCurrentThreadId
FreeResource
CreateFileW
CreateFileA
CloseHandle
SetFilePointerEx
SetFilePointer
ReadFile
WriteFile
GetLastError
GetVersionExW
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
LoadLibraryW
LoadLibraryA
FindClose
GetProcAddress
FreeLibrary
GetVersionExA
FindResourceW
LoadResource
LockResource
Sleep
GetModuleFileNameA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WideCharToMultiByte
MultiByteToWideChar
HeapFree

user32

GetWindow
SetActiveWindow
RegisterClassExA
RegisterClassA
PeekMessageA
DispatchMessageA
TranslateMessage
ChangeDisplaySettingsA
ClientToScreen
GetClassNameA
GetWindowDC
CreateIconIndirect
IntersectRect
DrawTextExW
DrawTextExA
SetRect
LoadStringW
LoadStringA
SetDlgItemTextW
GetWindowLongA
GetSysColor
ScreenToClient
MessageBoxW
InvalidateRect
SetDlgItemTextA
SetDlgItemInt
GetDlgItem
ShowWindow
DrawEdge
wsprintfW
CopyRect
DrawFocusRect
SendMessageW
DefMDIChildProcW
DefMDIChildProcA
DefFrameProcW
DefFrameProcA
GetClassNameW
GetParent
FillRect
EndPaint
BeginPaint
IsIconic
DefWindowProcW
DefWindowProcA
EnumDisplaySettingsA
LoadCursorA
SetWindowLongW
SetWindowLongA
SetCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
ReleaseDC
GetDC
SetMenu
GetSystemMetrics
GetKeyboardState
SetWindowPos
DestroyWindow
CreateWindowExW
CreateWindowExA
SendMessageA

gdi32

BitBlt
SetDIBits
SelectClipRgn
IntersectClipRect
GetDIBits
GetClipRgn
DeleteDC
CreateRectRgn
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
ExtTextOutW
ExtTextOutA
GetObjectW
GetObjectA
SetTextAlign
SetTextColor
GetTextAlign
CreateFontIndirectW
StretchBlt
RealizePalette
GetPaletteEntries
CreatePalette
GdiFlush
Polyline
SetROP2
SetBkMode
SetBkColor
SelectObject
Rectangle
GetClipBox
SetPixel
SelectPalette
GetSystemPaletteEntries
GetStockObject
GetPixel
GetDeviceCaps
DeleteObject
CreateFontIndirectA
StretchDIBits
MoveToEx
Polygon
CreateDIBSection
SetDIBColorTable
SetWindowOrgEx
CreateSolidBrush
Ellipse
CreateHalftonePalette
CreatePen
LineTo

comdlg32

GetOpenFileNameW
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameA

dsound

ord1

Sections

.text
Size: 405KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SourceCode/WorkshopDLv200.mfa
SourceCode/readme.txt
WorkshopDL.dat
WorkshopDL.exe
.exe windows x86

1c4661ad7d3fc8350c55edf0f712d992

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

winmm

timeBeginPeriod
joyGetDevCapsW
joyGetPosEx
timeEndPeriod

kernel32

WideCharToMultiByte
GlobalAddAtomW
GlobalDeleteAtom
lstrlenW
GetCommandLineW
GetExitCodeProcess
GlobalAlloc
GlobalLock
GlobalUnlock
SetErrorMode
GetCurrentDirectoryW
GlobalFree
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindNextFileA
FindFirstFileExA
DecodePointer
GetFileType
GetProcessHeap
LCMapStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetOEMCP
IsValidCodePage
GetStringTypeW
GetCPInfo
HeapFree
HeapReAlloc
HeapAlloc
GetStdHandle
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
SetEnvironmentVariableW
DeleteFileW
HeapSize
GetACP
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RtlUnwind
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryExA
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
SetCurrentDirectoryW
FindNextFileW
CreateMutexW
WriteFile
GetModuleFileNameW
Sleep
ReleaseMutex
WaitForSingleObject
FindClose
FindFirstFileW
CloseHandle
SetFilePointer
GetLastError
ReadFile
CreateFileW
CreateDirectoryW
GetTempFileNameW
GetTempPathW
WriteConsoleW
RemoveDirectoryW
GetVersionExW
GetLocaleInfoW
FreeLibrary
GetProcAddress
LoadLibraryExW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
GetModuleFileNameA

user32

OffsetRect
DestroyWindow
PostQuitMessage
DrawTextW
FillRect
GetUpdateRect
DefMDIChildProcW
EndPaint
BeginPaint
InflateRect
GetClassNameW
GetDlgItemTextW
SendDlgItemMessageW
EndDialog
GetDlgItem
SetDlgItemTextW
DrawEdge
MapVirtualKeyW
GetInputState
DrawMenuBar
SetMenuInfo
DestroyMenu
LoadMenuIndirectW
GetMenuItemCount
SetWindowPlacement
GetWindowPlacement
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetDesktopWindow
GetSystemMenu
UpdateWindow
GetWindow
RegisterClassW
GetTabbedTextExtentW
ModifyMenuW
GetMenuStringW
DialogBoxIndirectParamW
GetMenuItemID
RegisterClassExW
LoadImageW
LoadIconW
GetMonitorInfoW
MonitorFromWindow
GetSystemMetrics
RedrawWindow
IsIconic
IsDialogMessageW
SetTimer
GetClipboardData
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
IsClipboardFormatAvailable
CheckMenuItem
EnableMenuItem
GetMenu
PtInRect
PostMessageW
InvalidateRect
SetFocus
GetFocus
CallWindowProcW
RemovePropW
SetPropW
SetWindowLongW
GetPropW
MessageBoxW
GetParent
GetActiveWindow
ShowCursor
SetCapture
ReleaseCapture
GetKeyState
GetWindowRect
GetWindowDC
SetCursorPos
ClientToScreen
ScreenToClient
GetCursorPos
LoadStringW
MapWindowPoints
SetWindowPos
IsZoomed
GetWindowLongW
AdjustWindowRectEx
SendMessageW
LockWindowUpdate
ShowWindow
IsWindowVisible
GetClientRect
SetWindowTextW
wsprintfW
IntersectRect
KillTimer
DestroyIcon
GetSubMenu
DeleteMenu
GetMenuState
LoadCursorW
SetCursor
SystemParametersInfoW
GetSysColor
ReleaseDC
CreateIconIndirect
GetDC
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
TranslateMDISysAccel
GetMessageW
PeekMessageW
DialogBoxParamW

gdi32

CreatePalette
SelectPalette
RealizePalette
EnumFontFamiliesExW
GetStockObject
SelectObject
GetTextExtentPointW
GetDeviceCaps
GetObjectW
CreateFontIndirectW
DeleteObject
CreatePen
Rectangle
LineTo
SetBkColor
ExtTextOutW
SetTextColor
SetBkMode
CreateRectRgn
GetClipRgn
ExcludeClipRect
SelectClipRgn
SetDIBits
CreateCompatibleBitmap
CreateSolidBrush
CreateBitmap

comdlg32

GetSaveFileNameW
GetOpenFileNameW

shell32

DragFinish
DragQueryFileW
ShellExecuteExW
DragAcceptFiles

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 519KB - Virtual size: 518KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
exit_steamcmd.bat
steamcmd.exe
.exe windows x86

b577ab37d933fff75ff8d0214ef60e64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:a9:38:ed:c7:ae:ac:8d:c7:1d:cb:b4:b4:f6:11:f8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/09/2012, 00:00

Not After

23/11/2015, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a4:df:78:f1:73:09:0a:05:db:01:b8:01:c9:bf:a6:a8:09:44:9e:ed
Signer

Actual PE Digest

a4:df:78:f1:73:09:0a:05:db:01:b8:01:c9:bf:a6:a8:09:44:9e:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

select
__WSAFDIsSet
WSASendTo
WSARecvFrom
closesocket
shutdown
accept
WSAGetLastError
bind
WSAIoctl
ioctlsocket
getsockname
gethostbyname
ntohl
ntohs
htons
htonl
recv
send
connect
setsockopt
WSASocketA
WSAStartup

kernel32

GetTickCount
GetCurrentProcess
LocalFree
GetFileAttributesW
FreeLibrary
LoadLibraryA
SetFileAttributesA
GetFileAttributesA
SetLastError
Sleep
DeleteFileA
GetModuleFileNameA
RemoveDirectoryW
GetFullPathNameW
GlobalUnlock
GlobalAlloc
GlobalLock
InterlockedIncrement
InterlockedDecrement
GetFileSize
FindClose
GetDriveTypeA
DeviceIoControl
HeapCreate
HeapSetInformation
ExitProcess
FindFirstFileExA
FileTimeToLocalFileTime
MoveFileA
RtlUnwind
GetFullPathNameA
PostQueuedCompletionStatus
CreateIoCompletionPort
GetVersion
GlobalFree
GetLocalTime
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
SetProcessAffinityMask
GetProcessAffinityMask
GetSystemInfo
CopyFileA
HeapAlloc
HeapFree
HeapSize
InterlockedExchangeAdd
HeapValidate
InterlockedCompareExchange
DebugBreak
InterlockedExchange
MoveFileExW
SetErrorMode
SetEnvironmentVariableA
GetModuleHandleA
GetProcAddress
CreateProcessA
GetConsoleOutputCP
SetConsoleOutputCP
GetLastError
WriteFile
ReadFile
CreateFileA
WideCharToMultiByte
InitializeCriticalSection
CreateEventA
CreateThread
GetVersionExA
GetCurrentThreadId
ResetEvent
SetEvent
DeleteCriticalSection
CloseHandle
MultiByteToWideChar
OutputDebugStringA
GetCurrentDirectoryA
WaitForSingleObject
LeaveCriticalSection
GetProcessHeaps
HeapQueryInformation
SetUnhandledExceptionFilter
GetCurrentDirectoryW
SetCurrentDirectoryW
EnterCriticalSection
HeapReAlloc
SetEnvironmentVariableW
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetModuleFileNameW
VirtualFree
VirtualProtect
ResumeThread
SuspendThread
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsGetValue
GetACP
TlsFree
TlsAlloc
CreateMutexA
GetCurrentProcessId
WriteConsoleW
SetStdHandle
CompareStringW
VirtualQuery
RaiseException
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
PeekNamedPipe
GetConsoleMode
GetConsoleCP
GetStartupInfoW
GetFileType
SetHandleCount
GetStdHandle
IsValidCodePage
GetOEMCP
SetThreadAffinityMask
TerminateThread
GetCPInfo
GetThreadPriority
OpenThread
GetExitCodeThread
GetCurrentThread
LCMapStringW
LoadLibraryExA
LoadLibraryW
LoadLibraryExW
GetModuleHandleW
SetFilePointer
GetFileSizeEx
SetEndOfFile
FlushFileBuffers
GetFileInformationByHandle
FindNextFileW
SleepEx
CreateFileW
CreateDirectoryW
SetFilePointerEx
SetFileAttributesW
SetFileTime
GetFileTime
DeleteFileW
GetDiskFreeSpaceA
GetDiskFreeSpaceExW
GetDriveTypeW
FindFirstFileW
WriteFileEx
VirtualAlloc
GetProcessHeap
HeapUnlock
HeapWalk
HeapLock
TerminateProcess
GetCommandLineA
IsDebuggerPresent
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime

user32

MessageBoxA
SetDlgItemTextA
SetDlgItemInt
GetWindowRect
GetDesktopWindow
SetWindowPos
EndDialog
DialogBoxParamA
IsWindowVisible
GetDlgItemInt
EnumWindows
GetWindowThreadProcessId
CloseClipboard
SetClipboardData
wsprintfA
GetDlgItem
EmptyClipboard
OpenClipboard
GetWindowTextLengthA

advapi32

CryptGenRandom
RegCloseKey
SetSecurityDescriptorDacl
RegQueryValueExA
InitializeSecurityDescriptor
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExA
RegOpenKeyA

shell32

ord680
SHGetFileInfoW

oleaut32

VariantClear

Exports

Exports

CanSetClientBeta
ClientUpdateRunFrame
CreateInterface
GetBaseUserContentDir
GetBaseUserContentDirUTF8
GetBaseUserDir
GetBaseUserDirUTF8
GetBootstrapperVersion
GetClientUpdateBytesDownloaded
GetClientUpdateBytesToDownload
GetCurrentClientBeta
GetEUniverse
GetSteamExePath
GetSteamExePathUTF8
GetSteamInstallDir
GetSteamInstallDirUTF8
IsCheckingForUpdates
IsClientUpdateAvailable
PermitDownloadClientUpdates
SetClientBeta
StartCheckingForUpdates
g_dwDllEntryThreadId

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adfdfb55da2524187c8d8fcb433d7624

Headers

DLL Characteristics

File Characteristics

Imports

mmfs2

kernel32

user32

shell32

Exports

Exports

Sections

.text Size: 61KB - Virtual size: 60KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 2KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

c280913dfe896887accb6737462d3ee8

Headers

File Characteristics

Imports

kernel32

user32

msvcp90

msvcr90

Exports

Exports

Sections

.text Size: 70KB - Virtual size: 70KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

6ccbc6e5ee4a90207502a7f69462fc26

Headers

File Characteristics

Imports

kernel32

winmm

msvcrt

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 524B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 240B

61d29fbd6ac69b706207394c13f96389

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wininet

Exports

Exports

Sections

.text Size: 266KB - Virtual size: 265KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 10KB - Virtual size: 9KB

c2cabe8290915bcd7397e0dbd553cb6e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

mmfs2

.text
Size: 61KB - Virtual size: 60KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 70KB - Virtual size: 70KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 524B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 240B

.text
Size: 266KB - Virtual size: 265KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 10KB - Virtual size: 9KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 950B

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 876B

.rsrc
Size: 4KB - Virtual size: 872B

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 564B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 478B

.text
Size: 7KB - Virtual size: 7KB