Static task
static1
Behavioral task
behavioral1
Sample
204c3767cbc6881849b19838cf589924765e402541a0c7799930582a95c8f716.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
204c3767cbc6881849b19838cf589924765e402541a0c7799930582a95c8f716.exe
Resource
win10v2004-20230915-en
General
-
Target
204c3767cbc6881849b19838cf589924765e402541a0c7799930582a95c8f716
-
Size
6.1MB
-
MD5
5925d5a2db6e60b30510a7368710af0c
-
SHA1
0978a7e85a9a577e2a466819883fcb311cfc2e45
-
SHA256
204c3767cbc6881849b19838cf589924765e402541a0c7799930582a95c8f716
-
SHA512
428810c4e7facd81fd42054073e631ac94a395a2a76916b6b115dc373f1065c006262ef1f42c276960f433ff09a4ad40ab5ac2711cb98fbf248d646fde53565e
-
SSDEEP
98304:aJn/y0KLD5/2vLSRxxgTwhlI7ETRP6bbrCirP6XWwOXc74ayfV:l0KIvuRfSwD96rCirP6eXc7Y
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 204c3767cbc6881849b19838cf589924765e402541a0c7799930582a95c8f716
Files
-
204c3767cbc6881849b19838cf589924765e402541a0c7799930582a95c8f716.exe windows:5 windows x86
0d11dc1c74f32b8e6c2c11eeadc2d861
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
winmm
timeGetTime
timeBeginPeriod
imagehlp
StackWalk
SymGetSymFromAddr
SymGetModuleBase
SymGetOptions
SymFunctionTableAccess
SymGetLineFromAddr
SymInitialize
SymCleanup
SymLoadModule
SymSetOptions
MapFileAndCheckSumA
shlwapi
SHDeleteKeyA
ws2_32
inet_ntoa
bind
socket
setsockopt
htonl
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
recv
WSACreateEvent
WSAEventSelect
connect
WSAStartup
WSACleanup
WSASocketA
closesocket
send
inet_addr
gethostbyaddr
gethostbyname
htons
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
d3d9
Direct3DCreate9
stlport.5.0
?_S_next_size@?$_Stl_prime@_N@priv@stlp_std@@SAII@Z
??A?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAEAAPAU_Slist_node_base@priv@1@I@Z
?begin@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAEPAPAU_Slist_node_base@priv@2@XZ
?swap@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAEXAAV12@@Z
??0?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAE@IABQAU_Slist_node_base@priv@1@ABV?$allocator@PAU_Slist_node_base@priv@stlp_std@@@1@@Z
?get_allocator@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QBE?AV?$allocator@PAU_Slist_node_base@priv@stlp_std@@@2@XZ
?begin@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QBEPBQAU_Slist_node_base@priv@2@XZ
??A?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QBEABQAU_Slist_node_base@priv@1@I@Z
?compare@?$char_traits@D@stlp_std@@SAHPBD0I@Z
?data@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEPBDXZ
?size@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEIXZ
?__splice_after@?$_Sl_global@_N@priv@stlp_std@@SAXPAU_Slist_node_base@23@00@Z
??4?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV01@PBD@Z
?__stl_throw_out_of_range@stlp_std@@YAXPBD@Z
??4?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@V?$__move_source@V?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@@1@@Z
??Y?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV01@D@Z
?append@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV12@PBDI@Z
??A?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEABDI@Z
?length@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEIXZ
??_D?$basic_ostringstream@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEXXZ
?reserve@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAEXI@Z
??6?$basic_ostream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV01@H@Z
??0?$basic_ostringstream@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@H@Z
?reserve@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEXI@Z
?empty@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBE_NXZ
??Y?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV01@PBD@Z
??Y?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEID@Z
?c_str@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEPBDXZ
?assign@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAEXIABQAU_Slist_node_base@priv@2@@Z
??0?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAE@ABV?$allocator@PAU_Slist_node_base@priv@stlp_std@@@1@@Z
?append@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV12@ABV12@@Z
??1?$_Osentry@DV?$char_traits@D@stlp_std@@@stlp_std@@QAE@XZ
?sputn@?$basic_streambuf@DV?$char_traits@D@stlp_std@@@stlp_std@@QAE_JPBD_J@Z
?rdbuf@?$basic_ios@DV?$char_traits@D@stlp_std@@@stlp_std@@QBEPAV?$basic_streambuf@DV?$char_traits@D@stlp_std@@@2@XZ
??1?$allocator@PAU_Slist_node_base@priv@stlp_std@@@stlp_std@@QAE@XZ
??1?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAE@XZ
??0?$allocator@D@stlp_std@@QAE@XZ
??0?$basic_ifstream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAE@XZ
??0?$basic_ofstream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAE@XZ
?open@?$basic_ifstream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEXPBDH@Z
?seekg@?$basic_istream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAE?AV?$fpos@H@2@XZ
?read@?$basic_istream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV12@PAD_J@Z
?close@?$basic_filebuf@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEPAV12@XZ
?setstate@?$basic_ios@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEXH@Z
??1?$basic_ofstream@DV?$char_traits@D@stlp_std@@@stlp_std@@UAE@XZ
??_7?$basic_ios@DV?$char_traits@D@stlp_std@@@stlp_std@@6B@
??1ios_base@stlp_std@@UAE@XZ
??1?$basic_ifstream@DV?$char_traits@D@stlp_std@@@stlp_std@@UAE@XZ
?open@?$basic_ofstream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEXPBDH@Z
?write@?$basic_ostream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV12@PBD_J@Z
??_D?$basic_ifstream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEXXZ
??_D?$basic_ofstream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEXXZ
??0?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@ABV?$allocator@D@1@@Z
?_M_assign@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@IAEAAV12@PBD0@Z
?find@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEIPBDII@Z
?erase@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV12@II@Z
?width@ios_base@stlp_std@@QAE_J_J@Z
?flags@ios_base@stlp_std@@QBEHXZ
?_Rebalance@?$_Rb_global@_N@stlp_std@@SAXPAU_Rb_tree_node_base@2@AAPAU32@@Z
??0?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@PBDABV?$allocator@D@1@@Z
?allocate@?$__node_alloc@$00$0A@@stlp_std@@SAPAXI@Z
?_M_decrement@?$_Rb_global@_N@stlp_std@@SAPAU_Rb_tree_node_base@2@PAU32@@Z
?_M_increment@?$_Rb_global@_N@stlp_std@@SAPAU_Rb_tree_node_base@2@PAU32@@Z
?deallocate@?$__node_alloc@$00$0A@@stlp_std@@SAXPAXI@Z
?_M_compare@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@SAHPBD000@Z
??1?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@XZ
??1?$allocator@D@stlp_std@@QAE@XZ
??B?$_Osentry@DV?$char_traits@D@stlp_std@@@stlp_std@@QBE_NXZ
??0?$_Osentry@DV?$char_traits@D@stlp_std@@@stlp_std@@QAE@AAV?$basic_ostream@DV?$char_traits@D@stlp_std@@@1@@Z
?_M_append@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@IAEAAV12@PBD0@Z
??0?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@U_String_reserve_t@1@IABV?$allocator@D@1@@Z
?eq_int_type@?$__char_traits_base@DH@stlp_std@@SA_NABH0@Z
?sputc@?$basic_streambuf@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEHD@Z
?eof@?$__char_traits_base@DH@stlp_std@@SAHXZ
?fill@?$basic_ios@DV?$char_traits@D@stlp_std@@@stlp_std@@QBEDXZ
?get@?$basic_istream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEHXZ
?peek@?$basic_istream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEHXZ
?get_allocator@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBE?AV?$allocator@D@2@XZ
?str@?$basic_ostringstream@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBE?AV?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@2@XZ
?good@ios_base@stlp_std@@QBE_NXZ
?assign@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV12@PBDI@Z
?at@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAADI@Z
??A?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAADI@Z
?close@?$basic_ofstream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEXXZ
??0?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@ABV01@@Z
?_M_put_nowiden@?$basic_ostream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEXPBD@Z
?size@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QBEIXZ
mfc80
ord3931
ord2288
ord2280
ord911
ord304
ord386
ord655
ord1443
ord5970
ord5111
ord421
ord5613
ord1425
ord2748
ord2469
ord5287
ord1151
ord1123
ord4035
ord784
ord762
ord2020
ord577
ord4032
ord293
ord1084
ord3210
ord1934
ord2368
ord3161
ord1280
ord1063
ord1279
ord5637
ord2367
ord602
ord5731
ord347
ord565
ord3332
ord4273
ord4486
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2862
ord2714
ord4307
ord2835
ord2731
ord2537
ord5200
ord1599
ord1655
ord1656
ord1964
ord5174
ord1361
ord4967
ord3344
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2403
ord2415
ord2392
ord2408
ord2413
ord2396
ord2398
ord2400
ord2394
ord2410
ord2390
ord934
ord930
ord932
ord928
ord923
ord5233
ord5235
ord5960
ord1600
ord4282
ord4722
ord3403
ord5214
ord4185
ord6275
ord5073
ord1908
ord5151
ord4244
ord2751
ord3946
ord1617
ord1620
ord5915
ord6725
ord3974
ord4861
ord4864
ord4379
ord4384
ord4381
ord4399
ord4401
ord4386
ord4777
ord4591
ord4181
ord4172
ord4980
ord4781
ord4204
ord4790
ord4443
ord4444
ord756
ord3682
ord3591
ord6037
ord5727
ord2372
ord4125
ord1903
ord572
ord3164
ord4261
ord2991
ord5175
ord1362
ord3345
ord5152
ord4232
ord1545
ord587
ord563
ord753
ord3989
ord3684
ord4115
ord3317
ord4240
ord1591
ord2095
ord741
ord3576
ord777
ord709
ord5642
ord501
ord4394
ord3477
ord410
ord2717
ord1562
ord5166
ord1360
ord5206
ord1619
ord5914
ord6764
ord4860
ord4863
ord4776
ord4178
ord4171
ord4389
ord3740
ord4914
ord4519
ord4520
ord4920
ord4559
ord5049
ord4439
ord4368
ord4501
ord4846
ord4970
ord4529
ord4480
ord4971
ord4516
ord4673
ord4948
ord4794
ord4287
ord4376
ord4963
ord4796
ord4710
ord4805
ord5053
ord4964
ord4649
ord4946
ord4507
ord4961
ord4131
ord1302
ord2008
ord4132
ord2419
ord2420
ord2421
ord2418
ord2417
ord648
ord4377
ord6090
ord4127
ord4364
ord4674
ord4200
ord5988
ord6091
ord4587
ord4928
ord3650
ord4752
ord3204
ord1091
ord3441
ord354
ord4262
ord5203
ord1401
ord5912
ord6724
ord1551
ord1670
ord1671
ord4890
ord4735
ord4212
ord1207
ord605
ord4580
ord6067
ord2657
ord3641
ord1794
ord6065
ord3683
ord4541
ord757
ord566
ord3333
ord4481
ord2838
ord5566
ord5213
ord5230
ord4568
ord3948
ord2248
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord1054
ord3182
ord4749
ord591
ord736
ord2654
ord4320
ord2164
ord3633
ord3602
ord2141
ord6236
ord1482
ord5807
ord2662
ord1058
ord3171
ord4234
ord1547
ord2089
ord4098
ord1483
ord1931
ord3312
ord1588
ord1646
ord1875
ord2899
ord4118
ord280
ord1743
ord1966
ord774
ord310
ord781
ord2468
ord1440
ord631
ord1486
ord578
ord4104
ord776
ord265
ord5918
ord266
ord1191
ord1187
ord764
ord1402
ord5182
msvcr80
fprintf
fopen
fwrite
sprintf
sprintf_s
strcpy_s
ftell
fseek
_splitpath
_strlwr
fread
sscanf
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
atoi
strtok_s
_makepath
wprintf_s
strchr
fgets
vsprintf_s
memmove
strrchr
_localtime64
_time64
fflush
strftime
_exit
sscanf_s
_snprintf
strncat
strcat_s
strcmp
fscanf
strcat
strlen
feof
strncpy
_msize
qsort
_beginthreadex
rand
srand
strncmp
strcpy
strcspn
_atoi64
atof
realloc
fputs
fgetpos
fopen_s
ferror
fputc
_vsnprintf_s
isalpha
isalnum
isspace
tolower
_localtime64_s
vsprintf
strtok
printf
clock
memcmp
_lrotl
_lrotr
__iob_func
_except_handler4_common
?terminate@@YAXXZ
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
fclose
exit
strncpy_s
memcpy
memset
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBDH@Z
_vswprintf
strstr
_purecall
__CxxFrameHandler3
calloc
free
malloc
_stricmp
_setmbcp
_fileno
_filelength
kernel32
GetThreadLocale
InterlockedExchange
GetACP
UnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
VirtualAlloc
GetLocalTime
VirtualFree
OutputDebugStringW
LocalFree
ExitProcess
OpenMutexA
CreateMutexA
GetFileAttributesA
SetFileAttributesA
SetEndOfFile
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
IsDebuggerPresent
lstrcatA
GetSystemTimeAsFileTime
lstrcpyA
GetSystemInfo
VirtualQuery
GetFileSize
GetFileTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
RaiseException
GetCurrentThreadId
WriteFile
GetProcAddress
GetCurrentThread
GetModuleHandleA
FormatMessageA
OutputDebugStringA
IsBadCodePtr
GetCurrentProcessId
IsBadReadPtr
GetCurrentProcess
ReadProcessMemory
GetProcessHeap
HeapFree
CreateFileA
IsBadWritePtr
SetLastError
lstrcpynA
SetUnhandledExceptionFilter
GlobalMemoryStatus
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
GetPrivateProfileStringA
WritePrivateProfileStringA
GetModuleFileNameA
CreateEventA
Sleep
GetLocaleInfoA
MoveFileA
GetCommandLineA
CreateProcessA
DeleteFileA
RemoveDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDiskFreeSpaceExA
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
Process32Next
CreateDirectoryA
PulseEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
WideCharToMultiByte
GetLastError
lstrlenW
lstrlenA
CloseHandle
TerminateThread
WaitForSingleObject
MultiByteToWideChar
GetVersionExA
LoadLibraryA
FreeLibrary
TerminateProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GetLocalTime
GlobalFree
LocalAlloc
LocalFree
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
FlushFileBuffers
GetCurrentProcessId
GetLastError
GetModuleFileNameW
CreateEventA
GetModuleHandleA
GetSystemTimeAsFileTime
VirtualQuery
ExitProcess
CreateFileA
ReadFile
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
user32
GetClientRect
GetCapture
InvalidateRect
MessageBoxW
MessageBoxA
LoadBitmapA
wvsprintfW
GetActiveWindow
FindWindowA
GetLastActivePopup
ShowWindow
SetForegroundWindow
SetWindowTextA
wvsprintfA
SetLastErrorEx
wsprintfA
SetActiveWindow
EnumDisplaySettingsA
GetDlgCtrlID
GetSystemMetrics
SetTimer
IsIconic
DrawIcon
GetDlgItem
SetPropA
GetWindowLongA
SetCapture
ClientToScreen
ReleaseCapture
GetDC
LoadCursorA
SetCursor
GetPropA
CallWindowProcA
SetWindowLongA
RemovePropA
DrawTextW
PtInRect
SendMessageA
GetParent
ReleaseDC
GetWindowRect
WindowFromDC
LoadImageA
EnableWindow
SetRect
CharUpperBuffW
MessageBoxW
gdi32
GetObjectA
CreateCompatibleDC
BitBlt
TextOutW
CreateSolidBrush
CreateFontIndirectA
DeleteObject
SetTextColor
CreateFontA
GetStockObject
SelectObject
CreateCompatibleBitmap
CreateBitmap
advapi32
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegCreateKeyA
CryptDecrypt
CryptDeriveKey
CryptEncrypt
CryptDestroyKey
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptSetProviderA
CryptAcquireContextA
GetUserNameA
RegCloseKey
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
EnumServicesStatusExW
OpenSCManagerW
shell32
ShellExecuteA
comctl32
_TrackMouseEvent
dbghelp
MiniDumpWriteDump
wtsapi32
WTSSendMessageW
Sections
.text Size: 356KB - Virtual size: 356KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 84KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 156KB - Virtual size: 156KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.upx0 Size: 2.7MB - Virtual size: 2.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.upx1 Size: 2.7MB - Virtual size: 2.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.l1 Size: 36KB - Virtual size: 36KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE