30650f32a0185812e4f10a6220d1d6705bbe6578318196df279ed93ee31b72e5

Sharing

Copy URL Twitter E-mail

General

Target

30650f32a0185812e4f10a6220d1d6705bbe6578318196df279ed93ee31b72e5
Size

5.5MB
MD5

559eb69d990c26d5ef8c40d1f9fa7623
SHA1

f98cd7027ea7ff6203c809fbbf69d9535ee5c69e
SHA256

30650f32a0185812e4f10a6220d1d6705bbe6578318196df279ed93ee31b72e5
SHA512

14117c8d9c36722ee769b94a9875d679c8c74d038dc19f02176e699bafc74327bf8632eb07d1c7cb6f1820276ce393e1178976df25dd41542f62389c7c562e49
SSDEEP

98304:ileJ9bIwiJQkjci8W1E84WWotEKtqEobLFz+CT38lUJR34UqCMrmd:ileUZddj4Ved4DfNsUJGUqdW

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/rdp tool.all/x64/Launcher.dll
unpack001/rdp tool.all/x64/Launcher.exe
unpack001/rdp tool.all/x64/MFC14XU.dll
unpack001/rdp tool.all/x64/RenderMaintainer.exe
unpack001/rdp tool.all/x64/ShadowBotRDP.exe
unpack001/rdp tool.all/x64/ShadowBotRDP_Win7Helper.dll
unpack001/rdp tool.all/x86/Launcher.dll
unpack001/rdp tool.all/x86/Launcher.exe
unpack001/rdp tool.all/x86/MFC14XU.dll
unpack001/rdp tool.all/x86/RenderMaintainer.exe
unpack001/rdp tool.all/x86/ShadowBotRDP.exe
unpack001/rdp tool.all/x86/ShadowBotRDP_Win7Helper.dll

Files

30650f32a0185812e4f10a6220d1d6705bbe6578318196df279ed93ee31b72e5
.zip
rdp tool.all/x64/Launcher.deps.json
rdp tool.all/x64/Launcher.dll
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdp tool.all/x64/Launcher.dll.config
rdp tool.all/x64/Launcher.exe
.exe windows:6 windows x64

6dbf27f4c70fe2c8ed3e0122ba75d641

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
FindClose
MultiByteToWideChar
GetLastError
GetFileAttributesExW
GetFullPathNameW
GetProcAddress
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EnterCriticalSection
FindFirstFileExW
OutputDebugStringW
LoadLibraryA
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW

user32

MessageBoxW

shell32

ShellExecuteW

advapi32

RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey

api-ms-win-crt-runtime-l1-1-0

_exit
__p___argc
_initterm_e
_initterm
_get_initial_wide_environment
_invalid_parameter_noinfo_noreturn
_initialize_wide_environment
_configure_wide_argv
_initialize_onexit_table
_set_app_type
__p___wargv
_seh_filter_exe
_register_onexit_function
_cexit
terminate
_errno
exit
abort
_crt_atexit
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

setvbuf
fflush
_wfopen
__stdio_common_vswprintf
__stdio_common_vfwprintf
_set_fmode
__stdio_common_vsprintf_s
__acrt_iob_func
fputwc
fputws
__p__commode

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
malloc
calloc

api-ms-win-crt-string-l1-1-0

wcsnlen
strcpy_s
_wcsdup
strcspn
wcsncmp
toupper

api-ms-win-crt-convert-l1-1-0

_wtoi
wcstoul

api-ms-win-crt-locale-l1-1-0

setlocale
___lc_locale_name_func
localeconv
_unlock_locales
_lock_locales
___mb_cur_max_func
_configthreadlocale
__pctype_func
___lc_codepage_func

api-ms-win-crt-math-l1-1-0

frexp
__setusermatherr

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_time64
wcsftime

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdp tool.all/x64/Launcher.runtimeconfig.json
rdp tool.all/x64/MFC14XU.dll
.dll windows:6 windows x64

79a1158798fb666625f740926535a969

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

uxtheme

IsAppThemed
DrawThemeParentBackground
GetWindowTheme
DrawThemeBackground
GetThemeColor
OpenThemeData
CloseThemeData
GetCurrentThemeName
GetThemeSysColor
DrawThemeText
IsThemeBackgroundPartiallyTransparent
GetThemePartSize

winspool.drv

GetJobW
ClosePrinter
DocumentPropertiesW
OpenPrinterW

user32

EndDialog
CreateDialogIndirectParamW
GetDlgItem
GetMessageTime
GetMessagePos
GetPropW
RemovePropW
SetPropW
MapDialogRect
GetDialogBaseUnits
GetDCEx
RemoveMenu
CharToOemBuffA
GetTabbedTextExtentW
OemToCharBuffA
MsgWaitForMultipleObjectsEx
CharNextW
IsDialogMessageW
SetWindowContextHelpId
ClipCursor
SendNotifyMessageW
MapVirtualKeyExW
GetKeyboardLayout
GetKeyNameTextW
IsCharLowerW
EnableWindow
SetRect
IsWindow
RedrawWindow
GetWindowTextLengthW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
InvalidateRgn
MoveWindow
InSendMessage
GetMenuStringW
CreateMenu
SetActiveWindow
CallWindowProcW
SetWindowLongPtrW
GetMenuCheckMarkDimensions
SetMenuItemInfoW
SetMenuItemBitmaps
SetWindowLongW
MessageBoxW
GetWindowThreadProcessId
ShowOwnedPopups
UnregisterClassW
PostQuitMessage
DrawEdge
CharUpperBuffW
GetComboBoxInfo
RegisterClipboardFormatW
GetActiveWindow
InsertMenuW
IsWindowEnabled
ShowScrollBar
FrameRect
GetWindowRgn
ReleaseDC
GetDC
GetDoubleClickTime
GetWindowTextW
EnumChildWindows
InvertRect
HideCaret
SetMenuDefaultItem
GetMenuDefaultItem
GetScrollPos
EnableScrollBar
UpdateLayeredWindow
GetMessageW
InvalidateRect
SendMessageW
GetWindowRect
SetRectEmpty
KillTimer
GetClientRect
IsWindowVisible
GetCursorPos
ScreenToClient
TrackMouseEvent
SetTimer
UpdateWindow
PtInRect
OffsetRect
InflateRect
DrawIconEx
GetParent
SetClassLongPtrW
GetSysColorBrush
EqualRect
DeferWindowPos
PostMessageW
GetDlgCtrlID
IsRectEmpty
GetWindowPlacement
GetSysColor
SetParent
GetClassNameW
GetLastActivePopup
SubtractRect
DrawFrameControl
GetMenuItemInfoW
WindowFromDC
SetScrollRange
AdjustWindowRectEx
CountClipboardFormats
GetMenu
SetFocus
CheckMenuItem
GetMenuState
SetWindowTextW
CharUpperW
MapVirtualKeyW
ToUnicodeEx
GetKeyboardState
CopyAcceleratorTableW
DestroyIcon
RegisterWindowMessageW
BringWindowToTop
CopyIcon
CreateAcceleratorTableW
DestroyCursor
IsClipboardFormatAvailable
GetClassLongPtrW
ShowWindow
ReleaseCapture
SetCapture
ClientToScreen
WindowFromPoint
SetCursorPos
MessageBeep
MapWindowPoints
LoadBitmapW
CopyRect
NotifyWinEvent
FillRect
GetIconInfo
CopyImage
LoadImageW
GetWindowLongW
SetCursor
DrawFocusRect
GetNextDlgGroupItem
LoadIconW
TrackPopupMenu
IsChild
GetFocus
LoadCursorW
SetForegroundWindow
PeekMessageW
TranslateMessage
DispatchMessageW
WaitMessage
GetDesktopWindow
GetAsyncKeyState
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawStateW
GetCapture
LoadAcceleratorsW
TranslateAcceleratorW
GetSystemMetrics
DestroyMenu
LoadMenuW
SetMenu
GetSubMenu
PostThreadMessageW
GetClassInfoW
DefWindowProcW
GetWindow
GetMenuItemCount
GetMenuItemID
IsIconic
GetForegroundWindow
DrawIcon
GetMonitorInfoW
MonitorFromPoint
SystemParametersInfoW
ValidateRect
SetLayeredWindowAttributes
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
GetUpdateRect
UnionRect
SetWindowPos
LockWindowUpdate
GetKeyState
BeginDeferWindowPos
EndDeferWindowPos
AppendMenuW
CreatePopupMenu
IntersectRect
SetScrollPos
EnableMenuItem
GetNextDlgTabItem
GetSystemMenu
IsMenu
IsZoomed
ModifyMenuW
DeleteMenu
SetWindowRgn
DestroyAcceleratorTable
GetTopWindow
DestroyWindow
MonitorFromRect
EnumDisplayMonitors
RealChildWindowFromPoint
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
SendDlgItemMessageW
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
DefFrameProcW
GetWindowDC
GetMenuBarInfo
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
SendDlgItemMessageA
EndPaint
BeginPaint
MonitorFromWindow
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
WinHelpW
RegisterClassW
TrackPopupMenuEx
SetWindowPlacement
CreateWindowExW
GetWindowLongPtrW
GetClassInfoExW

advapi32

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumKeyW
RegQueryValueW
RegSetValueW
GetFileSecurityW
SetFileSecurityW
IsTextUnicode
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW

ole32

ReadClassStg
GetHGlobalFromILockBytes
OleGetIconOfClass
WriteClassStm
CreateGenericComposite
OleSetMenuDescriptor
OleQueryCreateFromData
OleQueryLinkFromData
OleIsRunning
OleRun
CreateFileMoniker
CreateBindCtx
GetClassFile
OleRegGetUserType
OleGetClipboard
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
StgCreateDocfile
StgIsStorageFile
StgOpenStorage
CoGetMalloc
OleSave
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoRegisterClassObject
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
IsAccelerator
OleTranslateAccelerator
GetRunningObjectTable
WriteClassStg
OleDuplicateData
WriteFmtUserTypeStg
SetConvertStg
CoTreatAsClass
CoRegisterMessageFilter
CoDisconnectObject
OleRegEnumVerbs
OleRegGetMiscStatus
OleDraw
OleCreate
OleCreateLinkToFile
OleCreateFromFile
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleSetContainedObject
StringFromCLSID
OleLockRunning
StgOpenStorageOnILockBytes
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
PropVariantCopy
CoInitializeEx
StringFromGUID2
ReadFmtUserTypeStg
OleLoadFromStream
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
ReadClassStm
OleSaveToStream
CreateOleAdviseHolder
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
ReleaseStgMedium
CreateDataAdviseHolder
CreateDataCache
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
PropVariantClear
OleLoad
CoTaskMemAlloc
CoCreateGuid
CoTaskMemFree
DoDragDrop
CoCreateInstance
CreateItemMoniker

shell32

DragFinish
DragAcceptFiles
SHAddToRecentDocs
ExtractIconW
SHBrowseForFolderW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW
SHAppBarMessage
DragQueryFileW

oleaut32

OleTranslateColor
OleCreateFontIndirect
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
OleCreatePictureIndirect
VarBstrFromDate
VarBstrFromCy
SystemTimeToVariantTime
VarCyFromStr
SysAllocStringByteLen
SafeArrayRedim
OleLoadPicture
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
VariantInit
DispCallFunc
VarBstrCmp
OleCreatePropertyFrame
SafeArrayUnlock
VariantCopy
SysReAllocStringLen
SafeArrayDestroy
SysStringByteLen
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
SysAllocString
SysStringLen
SysFreeString
VariantChangeType
VariantClear
VariantTimeToSystemTime
SafeArrayDestroyData
VarParseNumFromStr
SafeArrayCreateVector
VarBstrFromDec
VarDecFromStr
VarDateFromStr
SafeArrayDestroyDescriptor
SafeArrayCreate

shlwapi

PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
StrFormatKBSizeW
UrlUnescapeW

wininet

HttpSendRequestExW
InternetFindNextFileW
GopherFindFirstFileW
InternetGetLastResponseInfoW
HttpQueryInfoW
FtpFindFirstFileW
GopherGetAttributeW
InternetSetOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetQueryOptionW
InternetOpenW
InternetCloseHandle
InternetOpenUrlW
InternetSetStatusCallbackW
InternetSetCookieW
InternetGetCookieW
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetQueryDataAvailable
InternetConnectW
FtpDeleteFileW
FtpRenameFileW
FtpCreateDirectoryW
FtpRemoveDirectoryW
HttpEndRequestW
FtpGetCurrentDirectoryW
FtpOpenFileW
FtpCommandW
FtpPutFileW
FtpGetFileW
GopherCreateLocatorW
FtpSetCurrentDirectoryW
GopherOpenFileW
HttpOpenRequestW
InternetErrorDlg
HttpAddRequestHeadersW
HttpSendRequestW

ws2_32

WSACleanup
WSAStartup
WSASetLastError
WSAGetLastError
getpeername
ntohs
inet_ntoa
getsockname
accept
htonl
inet_addr
htons
bind
closesocket
gethostbyname
recv
send
WSAAsyncSelect
select
socket
recvfrom
sendto
connect

gdi32

CreateRectRgnIndirect
OffsetRgn
CreateDIBSection
Ellipse
SetPixel
GetBkColor
CreateFontIndirectW
GetDeviceCaps
GetTextCharsetInfo
EnumFontFamiliesW
CreatePen
CreatePatternBrush
CreateDIBitmap
SetPaletteEntries
ExtFloodFill
StartPage
EndPage
EndDoc
GetCurrentObject
DeleteDC
PatBlt
CombineRgn
GetBoundsRect
FillRgn
SetRectRgn
CreateRoundRectRgn
EnumFontFamiliesExW
CreateBitmap
SetBkColor
StretchBlt
SelectPalette
GetDIBits
SetDIBColorTable
Polyline
ExtTextOutW
CreateHatchBrush
CreateEllipticRgn
RoundRect
StretchDIBits
CreateFontW
GetCharWidthW
LPtoDP
CreateMetaFileW
CloseMetaFile
DeleteMetaFile
GetViewportOrgEx
PtVisible
RectVisible
TextOutW
Escape
GetClipBox
GetTextAlign
GetCurrentPositionEx
MoveToEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetRgnBox
RestoreDC
GetROP2
GetBkMode
GetPolyFillMode
GetStretchBltMode
GetNearestColor
GetTextFaceW
GetWindowExtEx
GetViewportExtEx
SetTextColor
SetMapMode
SetWindowExtEx
ScaleWindowExtEx
GetWindowOrgEx
SetWindowOrgEx
IntersectClipRect
CreateDCW
SetBrushOrgEx
SetAbortProc
StartDocW
DPtoLP
AbortDoc
CopyMetaFileW
UnrealizeObject
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
OffsetWindowOrgEx
SelectClipRgn
ExcludeClipRect
OffsetClipRgn
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetLayout
SetLayout
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
SelectClipPath
GetClipRgn
ExtSelectClipRgn
PlayMetaFileRecord
PlayMetaFile
EnumMetaFile
ExtCreatePen
CreateDIBPatternBrushPt
GetMapMode
BitBlt
SetPixelV
FrameRgn
CreateCompatibleBitmap
PtInRegion
CreatePolygonRgn
GetPixel
GetSystemPaletteEntries
GetNearestPaletteIndex
RealizePalette
CreatePalette
GetPaletteEntries
GetStockObject
Rectangle
Polygon
GetTextColor
GetObjectType
DeleteObject
SelectObject
CreateCompatibleDC
GetObjectW
CreateSolidBrush
GetTextExtentPoint32W
SaveDC
CreateRectRgn
GetTextMetricsW

gdiplus

GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDrawImageI
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectI
GdiplusShutdown
GdipCreateBitmapFromFile

msimg32

AlphaBlend
TransparentBlt

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

odbc32

ord110
ord3
ord111
ord13
ord61
ord5
ord16
ord9
ord14
ord15
ord176
ord145
ord139
ord23
ord2
ord1
ord141
ord43
ord68
ord12
ord119
ord4
ord72
ord49
ord48
ord20
ord117
ord59
ord108
ord44
ord138
ord18

crypt32

CryptProtectData
CryptUnprotectData

oledlg

OleUIChangeIconW
OleUIEditLinksW
OleUIUpdateLinksW
OleUIPasteSpecialW
OleUIConvertW
OleUIObjectPropertiesW
OleUIChangeSourceW
OleUIAddVerbMenuW
OleUIInsertObjectW
OleUIBusyW

urlmon

IsAsyncMoniker
CreateAsyncBindCtx
RegisterBindStatusCallback
CreateURLMoniker

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

kernel32

TerminateProcess
AreFileApisANSI
GlobalFlags
GlobalFindAtomW
GetSystemTime
LocalUnlock
LocalLock
GlobalGetAtomNameW
GetAtomNameW
SetEvent
CopyFileW
WaitForMultipleObjects
CreateEventW
ReleaseMutex
CreateMutexW
ReleaseSemaphore
CreateSemaphoreW
FormatMessageA
GetEnvironmentVariableA
GetEnvironmentVariableW
FormatMessageW
SetFileAttributesW
LocalFileTimeToFileTime
GetFileAttributesExW
GetFileSizeEx
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetShortPathNameW
GetStringTypeExW
GetThreadLocale
FindClose
FindFirstFileW
GetVolumeInformationW
MoveFileW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
ReadFile
ResumeThread
SuspendThread
WaitForSingleObject
DuplicateHandle
GetCurrentProcess
GetProfileIntW
SystemTimeToFileTime
ReplaceFileW
GetFileTime
GetSystemTimeAsFileTime
ExpandEnvironmentStringsA
IsDebuggerPresent
GetFullPathNameW
GetDiskFreeSpaceW
GetTempFileNameW
VirtualProtect
lstrcpyA
CompareStringW
IsDBCSLeadByte
GetUserDefaultLCID
FindResourceExW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GlobalAddAtomW
GetCurrentProcessId
SetErrorMode
GlobalDeleteAtom
CompareStringA
lstrcmpA
WideCharToMultiByte
GetVersionExW
GetCurrentThread
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
SearchPathW
GlobalSize
GetFileAttributesW
GetFileSize
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsFree
TlsAlloc
LocalFree
LocalAlloc
SetThreadPriority
lstrcmpiW
GetWindowsDirectoryW
GetTickCount
GlobalFree
GetSystemDirectoryW
lstrcmpW
GetCurrentDirectoryW
Sleep
SetFilePointer
CreateFileW
GetTempPathW
CloseHandle
FreeLibrary
VerifyVersionInfoW
VerSetConditionMask
MulDiv
GetModuleHandleW
DeleteFileW
InitializeCriticalSection
GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpyW
MultiByteToWideChar
OutputDebugStringA
QueryActCtxW
GetModuleHandleExW
GetModuleFileNameW
CreateActCtxW
FindActCtxSectionStringW
ActivateActCtx
GetProcAddress
LoadLibraryW
DeactivateActCtx
SetLastError
__C_specific_handler
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
OutputDebugStringW
RtlCaptureContext
RtlLookupFunctionEntry
InitializeSListHead
QueryPerformanceCounter
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetFileTime

msvcr14x

abort
__std_terminate
_invalid_parameter_noinfo
_errno
_wcslwr_s
toupper
wcsnlen
_purecall
wmemcpy_s
__stdio_common_vswprintf_s
__stdio_common_vswprintf
wcschr
iswspace
wcsstr
free
malloc
_wtoi
_wcsupr_s
calloc
_wcsicmp
wcspbrk
wcsrchr
wcscspn
wcsspn
clock
_wsplitpath_s
wcscoll
_wcsicoll
wcsncmp
wcscpy_s
iswdigit
iswalpha
iswalnum
iswprint
towupper
towlower
_wtol
wcstoul
__stdio_common_vswscanf
wcscat_s
_localtime64_s
_endthread
_beginthread
_wcsdup
_wmakepath_s
_time64
wcstod
_resetstkoflw
_recalloc
__stdio_common_vsnwprintf_s
__p___argc
__p___wargv
_strnicmp
wcsncpy_s
_itow_s
_ltow_s
_wcsnicmp
strnlen
_mktime64
_mbscmp
wcstol
realloc
rand_s
__stdio_common_vsprintf_s
__CxxFrameHandler4
__stdio_common_vsprintf
_wfullpath
_get_osfhandle
_fileno
_open_osfhandle
_fdopen
__doserrno
fread
feof
ferror
clearerr_s
fwrite
fputws
fgetws
fseek
ftell
fflush
fclose
_mbsinc
_mbsicoll
wcscmp
_mbspbrk
_ismbcspace
_wcsrev
_mbsrchr
_mbscoll
_mbsspn
_mbsrev
_mbslwr_s
_mbsupr_s
_mbschr
_mbscspn
_mbsicmp
_mbsstr
_ultow_s
_endthreadex
_beginthreadex
_msize
_expand
memset
memmove
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
terminate
__current_exception
__current_exception_context
_initterm
_initterm_e
__std_type_info_destroy_list
_CxxThrowException
atan2
ceil
cos
exp
floor
memcmp
memcpy
sin
sqrt
strcpy_s

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 882KB - Virtual size: 881KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdp tool.all/x64/RenderMaintainer.exe
.exe windows:5 windows x64

82e12ff60b82bbbcd4805e4ba7ee8eb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegOpenKeyW

shlwapi

PathFindFileNameW
PathFindExtensionW

gdi32

DeleteObject
GetObjectW
CreateDIBSection
CreateCompatibleDC
DeleteDC
SelectObject
BitBlt
GetDeviceCaps

user32

GetWindowThreadProcessId
GetLastActivePopup
ReleaseDC
SetTimer
GetSystemMetrics
SendMessageW
MonitorFromWindow
GetDC
PostMessageW
GetMonitorInfoW
EnableWindow
LoadIconW
EndDialog
SetDlgItemTextW
SetWindowPos
MessageBoxW
GetSystemMenu
AppendMenuW
IsIconic
GetClientRect
DrawIcon
GetDesktopWindow
ShowWindowAsync
GetWindowRect
GetProcessWindowStation
GetUserObjectInformationW
GetClassNameW
EnumWindows
MessageBoxA
GetActiveWindow

mfc140u

ord6285
ord2686
ord8507
ord4721
ord4726
ord10727
ord1369
ord878
ord3713
ord2301
ord4725
ord10163
ord2344
ord3599
ord2212
ord990
ord6342
ord9946
ord5916
ord5582
ord11850
ord3812
ord11806
ord2629
ord5723
ord13354
ord11406
ord6631
ord14217
ord7651
ord14211
ord2967
ord4352
ord9384
ord4360
ord4828
ord4767
ord4752
ord4837
ord4853
ord4788
ord4843
ord1755
ord1734
ord1748
ord1722
ord1700
ord13513
ord3173
ord12212
ord11854
ord983
ord13545
ord6122
ord14289
ord6123
ord14290
ord6121
ord14288
ord11665
ord11664
ord2011
ord3949
ord9089
ord12223
ord12222
ord8947
ord10691
ord6729
ord11902
ord8656
ord14209
ord11625
ord3718
ord11771
ord8822
ord11415
ord11414
ord5451
ord9979
ord9975
ord9977
ord9978
ord9976
ord14360
ord2698
ord7913
ord3209
ord3212
ord13401
ord6002
ord3096
ord4083
ord8440
ord2907
ord3748
ord14194
ord2689
ord7233
ord446
ord8830
ord2697
ord13397
ord6000
ord3307
ord3308
ord11085
ord10704
ord8731
ord11813
ord4949
ord4955
ord12241
ord316
ord310
ord1034
ord8901
ord296
ord1033
ord4656
ord11944
ord11940
ord4776
ord4806
ord4800
ord2370
ord10070
ord7393
ord1450
ord7716
ord2273
ord2269
ord2178
ord3951
ord1089
ord1157
ord2288
ord4445
ord6614
ord8900
ord9941
ord7922
ord5227
ord7450
ord7461
ord7460
ord5062
ord5229
ord5083
ord5555
ord5339
ord9041
ord5552
ord5363
ord5080
ord12606
ord11901
ord11933
ord10124
ord7920
ord11929
ord11921
ord5706
ord3731
ord7719
ord8058
ord12563
ord12442
ord278
ord4675
ord4947
ord2921
ord3071
ord285
ord5709
ord13986
ord2909
ord286
ord12240
ord2415
ord280
ord1503
ord8161
ord2431
ord1501
ord2187
ord3172
ord3278
ord3279
ord4814
ord4859
ord4782
ord2346
ord2350
ord8167
ord8084
ord12544
ord8023
ord5183
ord2439
ord14210
ord7650
ord14216
ord4011
ord12625
ord7668
ord14088
ord4794

kernel32

TlsGetValue
GetModuleHandleW
DeleteCriticalSection
DeleteFileW
TlsAlloc
OutputDebugStringW
GetFileAttributesExW
FormatMessageW
OpenThread
IsProcessorFeaturePresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
TlsSetValue
CreateDirectoryW
UnregisterWaitEx
GetLocalTime
SetEnvironmentVariableW
WTSGetActiveConsoleSessionId
OpenProcess
ProcessIdToSessionId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetFileSizeEx
GetExitCodeProcess
CreateProcessW
GetCommandLineW
DeleteTimerQueueTimer
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
GetCurrentProcessId
LocalFree
GetProcAddress
HeapAlloc
ResetEvent
LoadLibraryW
RaiseException
CloseHandle
SetEvent
GetLastError
Sleep
GetExitCodeThread
MultiByteToWideChar
CreateEventW
GetCurrentThreadId
GetSystemDirectoryW
ReleaseMutex
GetVersionExW
GetFileAttributesW
CreateFileW
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessId
GetModuleFileNameW
TerminateProcess
RegisterWaitForSingleObject
ReleaseSemaphore
GetCurrentProcess
EnterCriticalSection
SetLastError
HeapFree
CreateTimerQueueTimer

comctl32

InitCommonControlsEx

oleaut32

SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
VariantChangeType
GetErrorInfo

gdiplus

GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipSaveImageToFile
GdiplusStartup
GdiplusShutdown

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

winsta

WinStationQueryInformationW

ntdll

RtlGetVersion
RtlSetHeapInformation
RtlCreateHeap
NtCreateKeyedEvent
NtQueryInformationJobObject
NtOpenProcess
NtQuerySystemInformationEx
NtQuerySystemInformation
NtQueryObject
RtlInterlockedPopEntrySList
RtlFreeHeap
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlRaiseStatus
RtlInitializeSListHead
RtlInterlockedPushEntrySList
RtlGetCurrentPeb
NtDuplicateObject
NtClose
NtResumeProcess
NtSuspendProcess

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
__std_exception_destroy
__std_exception_copy
memset
__std_terminate
__current_exception_context
__current_exception
memcpy
__C_specific_handler

api-ms-win-crt-string-l1-1-0

_wcsicmp
_wcsnicmp
wcsncmp
wcsncpy

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_seh_filter_exe
_configure_wide_argv
_errno
exit
_invalid_parameter_noinfo
_initterm
_initterm_e
_exit
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_resetstkoflw
_initialize_wide_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_beginthreadex
_get_wide_winmain_command_line

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__p__commode
_set_fmode
fclose
fwrite
_wfopen
fread

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
free
_recalloc
malloc
_set_new_mode

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdp tool.all/x64/ShadowBotRDP.exe
.exe windows:5 windows x64

ba9bc0f5f28dc13e839518b765279342

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc140u

ord8167
ord8084
ord12544
ord8023
ord5183
ord2439
ord12222
ord12223
ord14210
ord7650
ord14216
ord9089
ord4011
ord3949
ord12625
ord7668
ord2011
ord11664
ord11665
ord14088
ord12212
ord7719
ord14288
ord6121
ord14290
ord6123
ord14289
ord6122
ord3731
ord5706
ord11921
ord11929
ord7920
ord10124
ord11933
ord11901
ord12606
ord5555
ord9941
ord6614
ord4445
ord1089
ord3951
ord13545
ord2178
ord7716
ord1450
ord983
ord7393
ord10070
ord8161
ord1503
ord1033
ord286
ord296
ord12240
ord446
ord2370
ord3203
ord1489
ord990
ord1454
ord2212
ord7182
ord8900
ord9946
ord7922
ord3599
ord5227
ord7450
ord7461
ord7460
ord5916
ord4675
ord2222
ord2909
ord10163
ord5120
ord2415
ord2431
ord2301
ord3713
ord878
ord1369
ord10727
ord8507
ord13767
ord7191
ord13864
ord11854
ord8731
ord6285
ord8901
ord3172
ord2697
ord13397
ord6000
ord3071
ord3307
ord3308
ord11085
ord1491
ord10704
ord265
ord2346
ord4725
ord2350
ord5062
ord5229
ord5083
ord4656
ord7233
ord4726
ord2686
ord266
ord6002
ord13401
ord3212
ord3209
ord7913
ord2698
ord14360
ord9976
ord9978
ord9977
ord9975
ord9979
ord5451
ord11414
ord11415
ord8830
ord11771
ord3718
ord11625
ord14209
ord8656
ord11902
ord6729
ord10691
ord8947
ord3173
ord13513
ord11944
ord11940
ord1700
ord1722
ord1748
ord1734
ord1755
ord4776
ord11813
ord4843
ord4788
ord4947
ord2187
ord4806
ord4800
ord4794
ord4853
ord4837
ord4782
ord4859
ord4814
ord4752
ord4767
ord4828
ord4360
ord9384
ord4352
ord2967
ord14211
ord7651
ord14217
ord6631
ord11406
ord13354
ord5723
ord2629
ord11806
ord3812
ord3279
ord3278
ord11850
ord5080
ord5363
ord5552
ord9041
ord5339
ord5582

kernel32

LoadLibraryA
OutputDebugStringW
FormatMessageW
OpenProcess
GetModuleHandleA
lstrcmpA
GetCurrentThreadId
lstrcpynW
DeleteCriticalSection
FreeLibrary
GetCurrentProcessId
LocalFree
GetProcAddress
LoadLibraryW
CloseHandle
GetLastError
Sleep
MultiByteToWideChar
GetVersionExW
GetFileAttributesW
LocalAlloc
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
TerminateProcess
lstrcmpiA
GetExitCodeProcess
ProcessIdToSessionId
GetCommandLineW
ResumeThread
ReadProcessMemory
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
lstrcpynA
GetCurrentProcess
VirtualFree
SetLastError
VirtualProtect

user32

GetWindow
GetActiveWindow
MessageBoxA
BringWindowToTop
ShowWindowAsync
IsZoomed
DrawIcon
CallWindowProcW
AppendMenuW
GetSystemMenu
GetLastActivePopup
LoadIconW
GetClassNameW
GetUserObjectInformationW
GetClientRect
GetProcessWindowStation
SetForegroundWindow
IsIconic
DefWindowProcW
SetWindowLongPtrW
SendMessageW
GetSystemMetrics
MessageBoxW
PostQuitMessage
EnableWindow
GetWindowRect

advapi32

LookupAccountSidW
OpenProcessToken
RegOpenKeyW
GetTokenInformation
RegCloseKey
RegQueryValueExW

shell32

CommandLineToArgvW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathRemoveExtensionA
PathIsRelativeW
PathUnquoteSpacesW

ole32

CoTaskMemAlloc
CoCreateInstance

oleaut32

SysFreeString
GetErrorInfo
VariantClear
SysAllocString

winsta

WinStationQueryInformationW

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
__current_exception_context
_CxxThrowException
memcpy
strchr
wcschr
__C_specific_handler
wcsrchr
__std_terminate
memset

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_cexit
_exit
_initterm_e
_initterm
exit
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_c_exit
_set_app_type
_seh_filter_exe
terminate
_register_onexit_function

api-ms-win-crt-string-l1-1-0

strncpy
wcsncpy
strcmp
_wcsicmp
wcsncmp
strncat
_wcsnicmp
_stricmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswscanf
__stdio_common_vswprintf_s
_set_fmode
__p__commode

api-ms-win-crt-convert-l1-1-0

_wtoi
_wtol

api-ms-win-crt-heap-l1-1-0

free
calloc
malloc
_recalloc
_set_new_mode

api-ms-win-crt-environment-l1-1-0

_wgetenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdp tool.all/x64/ShadowBotRDP_Win7Helper.dll
.dll windows:6 windows x64

2482ad0333afdd4d8e471559da5259a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
DisableThreadLibraryCalls
CloseHandle
HeapAlloc
GetWindowsDirectoryW
GetProcAddress
ReadProcessMemory
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
SleepEx
GetTickCount
QueryPerformanceCounter
OutputDebugStringW
OpenProcess
InitializeCriticalSectionEx
GetModuleFileNameW
GetCurrentProcess
SetLastError
HeapFree
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
IsDebuggerPresent

advapi32

GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
CloseServiceHandle
OpenSCManagerW
SetTokenInformation
IsWellKnownSid
OpenProcessToken
SetThreadToken
StartServiceW
CreateProcessAsUserW
OpenServiceW
DuplicateTokenEx
QueryServiceStatusEx

ole32

CoInitializeEx
CoUninitialize
CoGetObject

wtsapi32

WTSEnumerateProcessesW
WTSEnumerateSessionsW
WTSFreeMemory

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

vcruntime140

__C_specific_handler
__std_type_info_destroy_list
memcpy
memset

api-ms-win-crt-string-l1-1-0

wcscat_s
_wcsicmp
wcscpy_s

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdp tool.all/x86/Launcher.deps.json
rdp tool.all/x86/Launcher.dll
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdp tool.all/x86/Launcher.dll.config
rdp tool.all/x86/Launcher.exe
.exe windows:6 windows x86

ffff45487d1e51fa972c8409931457df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
FindClose
MultiByteToWideChar
GetLastError
GetFileAttributesExW
GetFullPathNameW
GetProcAddress
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EnterCriticalSection
FindFirstFileExW
OutputDebugStringW
LoadLibraryA
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SetLastError
RaiseException
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW

user32

MessageBoxW

shell32

ShellExecuteW

advapi32

RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_seh_filter_exe
terminate
_set_app_type
_controlfp_s
_invalid_parameter_noinfo_noreturn
_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
exit
__p___argc
__p___wargv
_errno
_c_exit
_cexit
abort
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

__p__commode
__acrt_iob_func
fputwc
fputws
__stdio_common_vsprintf_s
fflush
__stdio_common_vfwprintf
__stdio_common_vswprintf
_wfopen
setvbuf
_set_fmode

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
malloc
calloc

api-ms-win-crt-string-l1-1-0

strcpy_s
strcspn
wcsncmp
toupper
wcsnlen
_wcsdup

api-ms-win-crt-convert-l1-1-0

_wtoi
wcstoul

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
_lock_locales
___lc_locale_name_func
___mb_cur_max_func
___lc_codepage_func
__pctype_func
setlocale
_unlock_locales
localeconv

api-ms-win-crt-math-l1-1-0

frexp
__setusermatherr

api-ms-win-crt-time-l1-1-0

_gmtime64_s
wcsftime
_time64

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdp tool.all/x86/Launcher.runtimeconfig.json
rdp tool.all/x86/MFC14XU.dll
.dll windows:6 windows x86

cab510432b34c8a623c634f7060ed21e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

uxtheme

DrawThemeParentBackground
IsAppThemed
GetWindowTheme
DrawThemeBackground
GetThemeColor
OpenThemeData
CloseThemeData
GetCurrentThemeName
GetThemeSysColor
DrawThemeText
IsThemeBackgroundPartiallyTransparent
GetThemePartSize

winspool.drv

ClosePrinter
DocumentPropertiesW
GetJobW
OpenPrinterW

user32

GetMessagePos
GetMessageTime
EndDialog
CreateDialogIndirectParamW
GetDlgItem
GetTabbedTextExtentW
GetWindowTextLengthW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
InvalidateRgn
MoveWindow
CreateMenu
SetActiveWindow
GetPropW
RemovePropW
SetPropW
MapDialogRect
GetDialogBaseUnits
GetDCEx
RemoveMenu
CharToOemBuffA
CallWindowProcW
OemToCharBuffA
MsgWaitForMultipleObjectsEx
CharNextW
IsDialogMessageW
SetWindowContextHelpId
ClipCursor
SendNotifyMessageW
InSendMessage
MapVirtualKeyExW
GetKeyboardLayout
GetKeyNameTextW
IsCharLowerW
EnableWindow
SetRect
IsWindow
RedrawWindow
InvalidateRect
SendMessageW
GetWindowRect
SetRectEmpty
KillTimer
GetClientRect
IsWindowVisible
GetCursorPos
ScreenToClient
TrackMouseEvent
GetMenuStringW
WindowFromDC
GetMenuCheckMarkDimensions
SetMenuItemInfoW
SetMenuItemBitmaps
SetWindowLongW
MessageBoxW
GetWindowThreadProcessId
ShowOwnedPopups
UnregisterClassW
PostQuitMessage
DrawEdge
CharUpperBuffW
GetComboBoxInfo
RegisterClipboardFormatW
GetActiveWindow
InsertMenuW
IsWindowEnabled
ShowScrollBar
FrameRect
GetWindowRgn
ReleaseDC
GetDC
GetDoubleClickTime
GetWindowTextW
EnumChildWindows
InvertRect
HideCaret
SetMenuDefaultItem
GetMenuDefaultItem
GetScrollPos
EnableScrollBar
UpdateLayeredWindow
GetMessageW
GetLastActivePopup
SetTimer
UpdateWindow
PtInRect
OffsetRect
InflateRect
DrawIconEx
GetParent
SetClassLongW
GetSysColorBrush
EqualRect
DeferWindowPos
PostMessageW
GetClassLongW
IsRectEmpty
GetWindowPlacement
ShowWindow
SetParent
GetClassNameW
DestroyIcon
RegisterWindowMessageW
BringWindowToTop
CopyIcon
ReleaseCapture
SetCapture
ClientToScreen
WindowFromPoint
SetCursorPos
MessageBeep
MapWindowPoints
LoadBitmapW
CopyRect
SubtractRect
DrawFrameControl
GetMenuItemInfoW
SetFocus
SetScrollRange
AdjustWindowRectEx
CountClipboardFormats
GetMenu
SetMenu
CheckMenuItem
GetMenuState
SetWindowTextW
CharUpperW
MapVirtualKeyW
ToUnicodeEx
GetKeyboardState
NotifyWinEvent
FillRect
GetIconInfo
CopyImage
LoadImageW
GetWindowLongW
CopyAcceleratorTableW
CreateAcceleratorTableW
DestroyCursor
IsClipboardFormatAvailable
GetDlgCtrlID
SetCursor
DrawFocusRect
GetNextDlgGroupItem
LoadIconW
TrackPopupMenu
IsChild
GetFocus
LoadCursorW
SetForegroundWindow
PeekMessageW
TranslateMessage
DispatchMessageW
WaitMessage
GetDesktopWindow
GetAsyncKeyState
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawStateW
GetCapture
LoadAcceleratorsW
TranslateAcceleratorW
GetSystemMetrics
DestroyMenu
LoadMenuW
GetClassInfoExW
GetSubMenu
PostThreadMessageW
GetClassInfoW
DefWindowProcW
GetWindow
GetMenuItemCount
GetMenuItemID
IsIconic
GetForegroundWindow
DrawIcon
GetMonitorInfoW
MonitorFromPoint
SystemParametersInfoW
ValidateRect
SetLayeredWindowAttributes
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
GetUpdateRect
UnionRect
SetWindowPos
LockWindowUpdate
GetKeyState
BeginDeferWindowPos
EndDeferWindowPos
AppendMenuW
CreatePopupMenu
IntersectRect
SetScrollPos
EnableMenuItem
GetNextDlgTabItem
GetSystemMenu
IsMenu
IsZoomed
ModifyMenuW
DeleteMenu
SetWindowRgn
DestroyAcceleratorTable
GetTopWindow
DestroyWindow
MonitorFromRect
EnumDisplayMonitors
GetSysColor
CreateWindowExW
RealChildWindowFromPoint
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
SendDlgItemMessageW
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
DefFrameProcW
GetWindowDC
GetMenuBarInfo
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
SendDlgItemMessageA
EndPaint
BeginPaint
MonitorFromWindow
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
WinHelpW
RegisterClassW
TrackPopupMenuEx
SetWindowPlacement

advapi32

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumKeyW
RegQueryValueW
RegSetValueW
GetFileSecurityW
SetFileSecurityW
IsTextUnicode
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW

ole32

GetHGlobalFromILockBytes
OleGetIconOfClass
WriteClassStm
CreateItemMoniker
OleSetMenuDescriptor
OleQueryCreateFromData
OleQueryLinkFromData
OleIsRunning
OleRun
CreateFileMoniker
CreateBindCtx
GetClassFile
OleRegGetUserType
OleGetClipboard
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
StgCreateDocfile
StgIsStorageFile
StgOpenStorage
CoGetMalloc
DoDragDrop
OleLoad
RegisterDragDrop
RevokeDragDrop
CoRegisterClassObject
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleSave
CreateGenericComposite
IsAccelerator
OleTranslateAccelerator
GetRunningObjectTable
OleCreate
OleCreateLinkToFile
OleCreateFromFile
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleSetContainedObject
StringFromCLSID
OleLockRunning
StgOpenStorageOnILockBytes
CLSIDFromString
CLSIDFromProgID
PropVariantCopy
CoInitializeEx
CoGetClassObject
StringFromGUID2
ReadFmtUserTypeStg
OleLoadFromStream
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
ReadClassStm
OleSaveToStream
CreateOleAdviseHolder
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
ReleaseStgMedium
CreateDataAdviseHolder
CreateDataCache
WriteClassStg
OleDuplicateData
WriteFmtUserTypeStg
SetConvertStg
CoTreatAsClass
CoRegisterMessageFilter
CoDisconnectObject
OleRegEnumVerbs
OleRegGetMiscStatus
OleDraw
ReadClassStg
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
PropVariantClear
CoTaskMemAlloc
CoCreateGuid
CoTaskMemFree
CoLockObjectExternal
CoCreateInstance

shell32

DragFinish
DragAcceptFiles
SHAddToRecentDocs
ExtractIconW
SHBrowseForFolderW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW
SHAppBarMessage
DragQueryFileW

oleaut32

SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
VarBstrFromCy
VarCyFromStr
SysAllocStringByteLen
SafeArrayRedim
SystemTimeToVariantTime
VarBstrFromDate
OleCreatePropertyFrame
OleTranslateColor
OleCreateFontIndirect
OleCreatePictureIndirect
OleLoadPicture
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
VariantInit
DispCallFunc
VarBstrCmp
SafeArrayUnlock
VariantCopy
SysReAllocStringLen
SafeArrayDestroy
SysStringByteLen
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
SysAllocString
SysStringLen
SysFreeString
VariantChangeType
VariantClear
VariantTimeToSystemTime
SafeArrayDestroyData
VarParseNumFromStr
SafeArrayCreateVector
VarBstrFromDec
VarDecFromStr
VarDateFromStr
SafeArrayDestroyDescriptor
SafeArrayCreate

shlwapi

PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
StrFormatKBSizeW
UrlUnescapeW

wininet

HttpSendRequestExW
InternetFindNextFileW
GopherFindFirstFileW
InternetGetLastResponseInfoW
HttpQueryInfoW
FtpFindFirstFileW
InternetSetOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetQueryOptionW
InternetOpenW
InternetCloseHandle
InternetOpenUrlW
InternetSetStatusCallbackW
InternetSetCookieW
InternetGetCookieW
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetQueryDataAvailable
InternetConnectW
FtpDeleteFileW
FtpRenameFileW
FtpCreateDirectoryW
FtpRemoveDirectoryW
FtpSetCurrentDirectoryW
GopherGetAttributeW
FtpOpenFileW
FtpCommandW
FtpPutFileW
FtpGetFileW
GopherCreateLocatorW
FtpGetCurrentDirectoryW
GopherOpenFileW
HttpOpenRequestW
InternetErrorDlg
HttpAddRequestHeadersW
HttpSendRequestW
HttpEndRequestW

ws2_32

WSAStartup
WSASetLastError
WSAGetLastError
getpeername
ntohs
inet_ntoa
getsockname
accept
WSACleanup
inet_addr
htons
bind
connect
sendto
recvfrom
socket
select
WSAAsyncSelect
send
recv
gethostbyname
closesocket
htonl

gdi32

CreateRectRgnIndirect
OffsetRgn
CreateDIBSection
Ellipse
SetPixel
GetBkColor
CreateFontIndirectW
GetDeviceCaps
GetTextCharsetInfo
EnumFontFamiliesW
CreatePen
CreatePatternBrush
CreateDIBitmap
SetPaletteEntries
StartPage
EndPage
EndDoc
GetCurrentObject
DeleteDC
PatBlt
CreateRectRgn
CombineRgn
GetBoundsRect
FillRgn
SetRectRgn
CreateRoundRectRgn
EnumFontFamiliesExW
CreateBitmap
SetBkColor
StretchBlt
SelectPalette
GetDIBits
SetDIBColorTable
Polyline
ExtTextOutW
CreateHatchBrush
CreateEllipticRgn
RoundRect
StretchDIBits
CreateFontW
GetCharWidthW
LPtoDP
CreateMetaFileW
CloseMetaFile
DeleteMetaFile
GetViewportOrgEx
PtVisible
RectVisible
TextOutW
Escape
GetClipBox
GetTextAlign
GetCurrentPositionEx
MoveToEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetRgnBox
RestoreDC
GetROP2
GetBkMode
GetPolyFillMode
GetStretchBltMode
GetNearestColor
GetTextFaceW
GetWindowExtEx
GetViewportExtEx
SetTextColor
SetMapMode
SetWindowExtEx
ScaleWindowExtEx
GetWindowOrgEx
SetWindowOrgEx
IntersectClipRect
CreateDCW
SetBrushOrgEx
SetAbortProc
StartDocW
DPtoLP
AbortDoc
CopyMetaFileW
UnrealizeObject
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
OffsetWindowOrgEx
SelectClipRgn
ExcludeClipRect
OffsetClipRgn
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetLayout
SetLayout
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
SelectClipPath
GetClipRgn
ExtSelectClipRgn
PlayMetaFileRecord
PlayMetaFile
EnumMetaFile
ExtCreatePen
CreateDIBPatternBrushPt
GetMapMode
BitBlt
SetPixelV
FrameRgn
CreateCompatibleBitmap
PtInRegion
CreatePolygonRgn
GetPixel
GetSystemPaletteEntries
GetNearestPaletteIndex
RealizePalette
CreatePalette
GetPaletteEntries
GetStockObject
Rectangle
Polygon
GetTextColor
GetObjectType
DeleteObject
SelectObject
CreateCompatibleDC
GetObjectW
CreateSolidBrush
GetTextExtentPoint32W
SaveDC
ExtFloodFill
GetTextMetricsW

gdiplus

GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDrawImageI
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectI
GdiplusShutdown
GdipGetImagePalette
GdipGetImagePaletteSize

msimg32

AlphaBlend
TransparentBlt

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

odbc32

ord110
ord3
ord111
ord18
ord13
ord61
ord5
ord16
ord9
ord14
ord15
ord176
ord145
ord139
ord23
ord2
ord4
ord72
ord49
ord48
ord20
ord117
ord59
ord108
ord44
ord138
ord119
ord12
ord68
ord43
ord141
ord1

crypt32

CryptProtectData
CryptUnprotectData

oledlg

OleUIConvertW
OleUIChangeIconW
OleUIEditLinksW
OleUIUpdateLinksW
OleUIPasteSpecialW
OleUIBusyW
OleUIObjectPropertiesW
OleUIChangeSourceW
OleUIAddVerbMenuW
OleUIInsertObjectW

urlmon

CreateAsyncBindCtx
IsAsyncMoniker
RegisterBindStatusCallback
CreateURLMoniker

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

kernel32

TerminateProcess
AreFileApisANSI
GlobalFlags
GlobalFindAtomW
GetSystemTime
LocalUnlock
LocalLock
GlobalGetAtomNameW
GetAtomNameW
SetEvent
CopyFileW
WaitForMultipleObjects
CreateEventW
ReleaseMutex
CreateMutexW
ReleaseSemaphore
CreateSemaphoreW
FormatMessageA
GetEnvironmentVariableA
GetEnvironmentVariableW
FormatMessageW
SetFileAttributesW
LocalFileTimeToFileTime
GetFileAttributesExW
GetFileSizeEx
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetShortPathNameW
GetStringTypeExW
GetThreadLocale
FindClose
FindFirstFileW
GetVolumeInformationW
MoveFileW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
ReadFile
ResumeThread
SuspendThread
WaitForSingleObject
DuplicateHandle
GetCurrentProcess
GetProfileIntW
SystemTimeToFileTime
ReplaceFileW
SetFileTime
GetFullPathNameW
GetDiskFreeSpaceW
GetTempFileNameW
VirtualProtect
lstrcpyA
IsDBCSLeadByte
GetUserDefaultLCID
GetSystemTimeAsFileTime
FindResourceExW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GlobalAddAtomW
GetCurrentProcessId
SetErrorMode
GlobalDeleteAtom
lstrcmpA
WideCharToMultiByte
GetVersionExW
GetCurrentThread
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
SearchPathW
GlobalSize
GetFileAttributesW
GetFileSize
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsFree
TlsAlloc
LocalFree
LocalAlloc
SetThreadPriority
lstrcmpiW
GetWindowsDirectoryW
GetTickCount
GlobalFree
GetSystemDirectoryW
lstrcmpW
GetCurrentDirectoryW
Sleep
SetFilePointer
CreateFileW
GetTempPathW
CloseHandle
FreeLibrary
VerifyVersionInfoW
VerSetConditionMask
MulDiv
DeleteFileW
InitializeCriticalSection
GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpyW
MultiByteToWideChar
OutputDebugStringA
GetModuleFileNameW
LoadLibraryW
LoadLibraryA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
SetLastError
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
ExpandEnvironmentStringsA
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetFileTime

msvcr14x

abort
__std_terminate
_invalid_parameter_noinfo
_errno
_wcslwr_s
toupper
wcsnlen
_purecall
wmemcpy_s
__stdio_common_vswprintf_s
__stdio_common_vswprintf
wcschr
iswspace
wcsstr
free
malloc
_wtoi
_wcsupr_s
calloc
_wcsicmp
wcspbrk
wcsrchr
wcscspn
wcsspn
clock
_wsplitpath_s
wcscoll
_wcsicoll
wcsncmp
wcscpy_s
iswdigit
iswalpha
iswalnum
iswprint
towupper
towlower
_wtol
wcstoul
__stdio_common_vswscanf
wcscat_s
_localtime64_s
_endthread
_beginthread
_wcsdup
_wmakepath_s
_time64
wcstod
_resetstkoflw
_recalloc
__stdio_common_vsnwprintf_s
__p___argc
__p___wargv
_strnicmp
wcsncpy_s
_itow_s
_ltow_s
_wcsnicmp
strnlen
_mktime64
_mbscmp
wcstol
realloc
rand_s
__stdio_common_vsprintf_s
__CxxFrameHandler3
__stdio_common_vsprintf
_wfullpath
_get_osfhandle
_fileno
_open_osfhandle
_fdopen
__doserrno
fread
feof
ferror
clearerr_s
fwrite
fputws
fgetws
fseek
ftell
fflush
fclose
_mbsinc
_mbsicoll
_mbspbrk
_ismbcspace
_wcsrev
_mbsrchr
_mbscoll
_mbsspn
_mbsrev
memcpy
_mbslwr_s
_mbsupr_s
_mbschr
_mbscspn
_mbsicmp
_mbsstr
_ultow_s
_endthreadex
_beginthreadex
_msize
_expand
memset
memmove
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_except_handler4_common
terminate
__current_exception
__current_exception_context
_initterm
_initterm_e
__std_type_info_destroy_list
_CIatan2
_CIcos
_CIexp
_CIsin
_CIsqrt
_CxxThrowException
ceil
floor
memcmp
strcpy_s

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 568KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdp tool.all/x86/RenderMaintainer.exe
.exe windows:5 windows x86

67e416e6e6c70ceb9107a8db573774da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegOpenKeyW

shlwapi

PathFindFileNameW
PathFindExtensionW

gdi32

DeleteObject
GetObjectW
CreateDIBSection
CreateCompatibleDC
DeleteDC
SelectObject
BitBlt
GetDeviceCaps

user32

GetWindowThreadProcessId
GetLastActivePopup
ReleaseDC
SetTimer
GetSystemMetrics
SendMessageW
MonitorFromWindow
GetDC
PostMessageW
GetMonitorInfoW
EnableWindow
LoadIconW
EndDialog
SetDlgItemTextW
SetWindowPos
MessageBoxW
GetSystemMenu
AppendMenuW
IsIconic
GetClientRect
DrawIcon
GetDesktopWindow
ShowWindowAsync
GetWindowRect
GetProcessWindowStation
GetUserObjectInformationW
GetClassNameW
EnumWindows
MessageBoxA
GetActiveWindow

mfc140u

ord2246
ord1002
ord6588
ord10255
ord6129
ord5790
ord12168
ord3941
ord12124
ord2682
ord5935
ord13703
ord11717
ord6877
ord14596
ord7923
ord14590
ord3055
ord4494
ord9693
ord4502
ord4988
ord4927
ord4912
ord4997
ord5013
ord4948
ord5003
ord1777
ord1756
ord1770
ord1744
ord1722
ord13878
ord3266
ord9256
ord11002
ord6978
ord12220
ord8965
ord11936
ord3838
ord12089
ord9131
ord11726
ord11725
ord5652
ord10288
ord10284
ord310
ord1046
ord12762
ord9350
ord3697
ord2409
ord278
ord4834
ord3009
ord3164
ord285
ord5921
ord14364
ord2996
ord286
ord10286
ord10287
ord10285
ord14785
ord2761
ord8210
ord3302
ord3305
ord13756
ord6220
ord3189
ord4224
ord8745
ord2994
ord3874
ord14573
ord2753
ord7493
ord458
ord2385
ord2389
ord8470
ord8386
ord12865
ord8324
ord5357
ord2486
ord14589
ord7922
ord14595
ord4152
ord12947
ord2383
ord10472
ord4885
ord2335
ord3833
ord890
ord1391
ord11038
ord4886
ord4881
ord8817
ord2750
ord6531
ord9210
ord12172
ord9139
ord2760
ord13752
ord6218
ord3403
ord3404
ord11396
ord11015
ord9040
ord12131
ord5112
ord5118
ord12559
ord2458
ord280
ord1525
ord8464
ord2477
ord1523
ord2215
ord3265
ord3371
ord3372
ord12560
ord4974
ord5019
ord4942
ord995
ord13911
ord316
ord5110
ord6349
ord14668
ord4954
ord6350
ord14669
ord6348
ord4960
ord10379
ord4966
ord7653
ord1472
ord4936
ord7997
ord12258
ord2307
ord2303
ord2205
ord4092
ord1111
ord12262
ord4815
ord1179
ord2322
ord4589
ord1045
ord6860
ord9209
ord10250
ord8219
ord5409
ord7712
ord7723
ord7722
ord296
ord5228
ord12541
ord5411
ord5252
ord5763
ord5525
ord14667
ord12542
ord9398
ord8360
ord4090
ord2034
ord11982
ord12884
ord14588
ord7941
ord14466
ord12531
ord8000
ord3852
ord5918
ord12239
ord12247
ord8217
ord10433
ord12251
ord12219
ord12928
ord5249
ord5549
ord5760
ord11983

kernel32

DeleteCriticalSection
DeleteFileW
TlsAlloc
OutputDebugStringW
GetFileAttributesExW
FormatMessageW
TlsGetValue
OpenThread
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
TlsSetValue
CreateDirectoryW
UnregisterWaitEx
GetLocalTime
SetEnvironmentVariableW
OpenProcess
ProcessIdToSessionId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetFileSizeEx
GetExitCodeProcess
CreateProcessW
GetCommandLineW
DeleteTimerQueueTimer
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
GetModuleHandleW
GetCurrentProcessId
LocalFree
GetProcAddress
HeapAlloc
ResetEvent
LoadLibraryW
RaiseException
CloseHandle
SetEvent
GetLastError
Sleep
GetExitCodeThread
MultiByteToWideChar
CreateEventW
GetSystemDirectoryW
ReleaseMutex
GetVersionExW
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
IsDebuggerPresent
GetStartupInfoW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
TerminateProcess
RegisterWaitForSingleObject
ReleaseSemaphore
GetCurrentProcess
EnterCriticalSection
SetLastError
HeapFree
CreateTimerQueueTimer

comctl32

InitCommonControlsEx

oleaut32

SysFreeString
GetErrorInfo
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
VariantChangeType

gdiplus

GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipSaveImageToFile
GdiplusShutdown
GdiplusStartup

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

winsta

WinStationQueryInformationW

ntdll

RtlGetVersion
RtlSetHeapInformation
RtlCreateHeap
NtCreateKeyedEvent
NtQueryInformationJobObject
NtOpenProcess
NtQuerySystemInformationEx
NtQuerySystemInformation
NtQueryObject
RtlInterlockedPopEntrySList
RtlFreeHeap
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlRaiseStatus
RtlInitializeSListHead
RtlInterlockedPushEntrySList
RtlGetCurrentPeb
NtDuplicateObject
NtClose
NtResumeProcess
NtSuspendProcess

vcruntime140

_CxxThrowException
__std_exception_destroy
__std_exception_copy
memset
__current_exception
_except_handler4_common
__current_exception_context
wcsrchr
__std_terminate
__CxxFrameHandler3
memcpy

api-ms-win-crt-string-l1-1-0

wcsncmp
wcsncpy
_wcsnicmp
_wcsicmp

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_invalid_parameter_noinfo
_errno
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_beginthreadex
_resetstkoflw
exit
_seh_filter_exe
_cexit
_c_exit
_crt_atexit
_register_thread_local_exe_atexit_callback
_controlfp_s
terminate
_exit
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-stdio-l1-1-0

__p__commode
fread
__stdio_common_vswprintf
fclose
fwrite
_wfopen
_set_fmode

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
malloc
calloc
_recalloc

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdp tool.all/x86/ShadowBotRDP.exe
.exe windows:5 windows x86

4e7af5a5fbba958c3fc1353ba3e079e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc140u

ord3055
ord14590
ord7923
ord14596
ord6877
ord11717
ord13703
ord5935
ord2682
ord12124
ord3941
ord3372
ord3371
ord12168
ord5249
ord5549
ord5760
ord9350
ord5525
ord5790
ord5252
ord5411
ord5228
ord6129
ord7722
ord7723
ord7712
ord5409
ord8219
ord10255
ord9209
ord2389
ord4885
ord2385
ord265
ord7441
ord1476
ord9693
ord4502
ord4988
ord9256
ord4834
ord4927
ord3266
ord12559
ord4912
ord4974
ord11002
ord5019
ord4942
ord4997
ord5013
ord4815
ord7493
ord4886
ord2750
ord266
ord6220
ord13756
ord3305
ord4494
ord296
ord286
ord1045
ord1525
ord8464
ord10379
ord7653
ord995
ord1472
ord7997
ord2205
ord13911
ord4092
ord1111
ord4589
ord6860
ord10250
ord5763
ord12928
ord12219
ord12251
ord10433
ord8217
ord12247
ord12239
ord5918
ord3852
ord6349
ord14668
ord1002
ord1511
ord3296
ord6350
ord14669
ord6348
ord14667
ord8000
ord12531
ord14466
ord11983
ord11982
ord2034
ord7941
ord12947
ord4090
ord4152
ord9398
ord14595
ord7922
ord14589
ord12542
ord12541
ord2486
ord5357
ord8324
ord12865
ord8386
ord8470
ord458
ord3302
ord8210
ord2761
ord13878
ord1513
ord12262
ord14785
ord2215
ord12258
ord2246
ord10285
ord3697
ord10287
ord10286
ord2256
ord2996
ord10284
ord10288
ord5652
ord11725
ord10472
ord5289
ord11726
ord9139
ord1722
ord1744
ord2458
ord2477
ord2335
ord3833
ord1770
ord1756
ord12089
ord3838
ord11936
ord14588
ord8965
ord890
ord12220
ord1391
ord6978
ord11038
ord1777
ord8817
ord4936
ord5003
ord4948
ord4966
ord5110
ord4960
ord12131
ord11015
ord11396
ord3404
ord3403
ord3164
ord6218
ord13752
ord2760
ord3265
ord9210
ord6531
ord9040
ord12172
ord14234
ord7450
ord4954
ord14137
ord2409

kernel32

GetStartupInfoW
IsDebuggerPresent
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReadProcessMemory
ResumeThread
GetCommandLineW
ProcessIdToSessionId
GetExitCodeProcess
Module32NextW
lstrcmpiA
lstrcpynA
DeleteCriticalSection
Module32FirstW
LoadLibraryA
OutputDebugStringW
FormatMessageW
CreateToolhelp32Snapshot
OpenProcess
lstrcmpA
lstrcpynW
GetSystemTimeAsFileTime
FreeLibrary
GetModuleHandleW
GetCurrentProcessId
LocalFree
GetProcAddress
LoadLibraryW
CloseHandle
GetLastError
Sleep
MultiByteToWideChar
GetModuleHandleA
GetVersionExW
GetCurrentThreadId
GetFileAttributesW
LocalAlloc
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
VirtualFree
SetLastError
VirtualProtect

user32

GetActiveWindow
MessageBoxW
GetWindow
MessageBoxA
GetLastActivePopup
LoadIconW
GetSystemMenu
AppendMenuW
CallWindowProcW
DrawIcon
IsZoomed
ShowWindowAsync
BringWindowToTop
GetClassNameW
EnableWindow
PostQuitMessage
GetWindowRect
SetWindowLongW
GetSystemMetrics
SendMessageW
DefWindowProcW
IsIconic
SetForegroundWindow
GetProcessWindowStation
GetClientRect
GetUserObjectInformationW

advapi32

LookupAccountSidW
OpenProcessToken
RegOpenKeyW
GetTokenInformation
RegCloseKey
RegQueryValueExW

shell32

CommandLineToArgvW

comctl32

InitCommonControlsEx

shlwapi

PathUnquoteSpacesW
PathIsRelativeW
PathRemoveExtensionA
PathFindFileNameW

ole32

CoTaskMemAlloc
CoCreateInstance

oleaut32

VariantClear
GetErrorInfo
SysFreeString
SysAllocString

winsta

WinStationQueryInformationW

vcruntime140

strchr
memcpy
_CxxThrowException
__current_exception_context
__current_exception
_except_handler4_common
memset
wcschr
wcsrchr
__std_terminate
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

exit
_controlfp_s
terminate
_crt_atexit
_register_onexit_function
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_exit
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

strncat
wcsncmp
_stricmp
strncpy
wcsncpy
_wcsicmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__stdio_common_vswscanf
_set_fmode
__p__commode

api-ms-win-crt-convert-l1-1-0

_wtoi
_wtol

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_recalloc
free
calloc
malloc

api-ms-win-crt-environment-l1-1-0

_wgetenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdp tool.all/x86/ShadowBotRDP_Win7Helper.dll
.dll windows:6 windows x86

904df9a8b8680029218ede090cd0ebf7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
DisableThreadLibraryCalls
CloseHandle
HeapAlloc
GetWindowsDirectoryW
GetProcAddress
ReadProcessMemory
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
SleepEx
GetTickCount
QueryPerformanceCounter
OutputDebugStringW
OpenProcess
InitializeCriticalSectionEx
GetModuleFileNameW
GetCurrentProcess
SetLastError
HeapFree
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent

advapi32

SetThreadToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CloseServiceHandle
OpenSCManagerW
SetTokenInformation
IsWellKnownSid
OpenProcessToken
StartServiceW
CreateProcessAsUserW
OpenServiceW
DuplicateTokenEx
QueryServiceStatusEx
GetTokenInformation

ole32

CoInitializeEx
CoUninitialize
CoGetObject

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW
WTSEnumerateSessionsW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
memset
memcpy

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcscpy_s
wcscat_s

api-ms-win-crt-heap-l1-1-0

free
malloc

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_configure_narrow_argv

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 172KB - Virtual size: 172KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

6dbf27f4c70fe2c8ed3e0122ba75d641

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

advapi32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 5KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 792B

79a1158798fb666625f740926535a969

Headers

DLL Characteristics

File Characteristics

Imports

uxtheme

winspool.drv

user32

advapi32

ole32

shell32

oleaut32

shlwapi

wininet

ws2_32

gdi32

gdiplus

msimg32

imm32

winmm

odbc32

crypt32

oledlg

urlmon

oleacc

kernel32

msvcr14x

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 882KB - Virtual size: 881KB

.data Size: 52KB - Virtual size: 77KB

.pdata Size: 142KB - Virtual size: 141KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 92KB - Virtual size: 91KB

82e12ff60b82bbbcd4805e4ba7ee8eb7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

.text
Size: 172KB - Virtual size: 172KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 5KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 792B

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 882KB - Virtual size: 881KB

.data
Size: 52KB - Virtual size: 77KB

.pdata
Size: 142KB - Virtual size: 141KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 92KB - Virtual size: 91KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 154KB - Virtual size: 153KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 69KB - Virtual size: 69KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 69KB - Virtual size: 69KB

.reloc
Size: 1024B - Virtual size: 1004B