Static task
static1
Behavioral task
behavioral1
Sample
e9964c9a88e4532797437ed9e8e3bf428c550bc78bc1931d456646f25174e9db.exe
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral2
Sample
e9964c9a88e4532797437ed9e8e3bf428c550bc78bc1931d456646f25174e9db.exe
Resource
win10v2004-20231025-en
windows10-2004-x64
General
-
Target
e9964c9a88e4532797437ed9e8e3bf428c550bc78bc1931d456646f25174e9db
-
Size
4.7MB
-
MD5
2940547102c3dc68b8ad4f968775d75b
-
SHA1
0c0340125b3d058ce825bed19dd0c78d42033624
-
SHA256
e9964c9a88e4532797437ed9e8e3bf428c550bc78bc1931d456646f25174e9db
-
SHA512
6ec3a31e2f40c2de6f0c08c48f868eb3a61a1a37d6550fd22d39c4a649fddea67effaa07c5554ec4172be66d29b067bedb5bee718ecbf0d09747329763e03dd7
-
SSDEEP
12288:L0k/wfJdY9HoQjiZDhhuIqQXcz76LneOfmQ8DaPPrLzC2qxcN3EZPm:L0k/wh/DEI8z76KIEDaPP7b3EA
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e9964c9a88e4532797437ed9e8e3bf428c550bc78bc1931d456646f25174e9db
Files
-
e9964c9a88e4532797437ed9e8e3bf428c550bc78bc1931d456646f25174e9db.exe windows:4 windows x86
696b7f879f27074c231abc8d3218ec0e
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
psapi
EnumProcesses
GetModuleBaseNameW
EnumProcessModules
sqlite3
sqlite3_bind_text
sqlite3_reset
sqlite3_changes
sqlite3_free_table
sqlite3_errmsg
sqlite3_close
sqlite3_exec
sqlite3_last_insert_rowid
sqlite3_busy_timeout
sqlite3_prepare
sqlite3_open16
sqlite3_finalize
sqlite3_bind_int
sqlite3_column_type
sqlite3_bind_double
sqlite3_bind_blob
sqlite3_bind_null
sqlite3_open
sqlite3_column_decltype
sqlite3_column_name
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_double
sqlite3_column_int
sqlite3_column_text
sqlite3_column_count
sqlite3_vmprintf
sqlite3_free
sqlite3_mprintf
sqlite3_key
sqlite3_step
sqlite3_rekey
sqlite3_get_table
emailmodule
SendEmail
ft_nd_api
epas_CreateContext
epas_DeleteContext
epas_GetProperty
epas_CloseDevice
epas_ChangeDir
epas_MD5_HMAC
MD5_HMAC
epas_CreateDir
epas_DeleteDir
epas_CreateFile
epas_Write
epas_OpenDevice
ftpclient
FtpClient
mfc80u
ord1474
ord1922
ord265
ord266
ord762
ord2489
ord2311
ord2651
ord5742
ord2313
ord287
ord2648
ord578
ord310
ord872
ord5398
ord620
ord3189
ord4388
ord6058
ord2521
ord5607
ord6056
ord5604
ord6050
ord4155
ord6053
ord5884
ord6033
ord5723
ord5638
ord5643
ord5519
ord5584
ord5410
ord5397
ord5917
ord5715
ord3174
ord330
ord589
ord5609
ord5633
ord4109
ord1920
ord4026
ord1006
ord6251
ord2247
ord386
ord631
ord2271
ord2279
ord3925
ord2742
ord2745
ord5711
ord1182
ord1178
ord4074
ord3841
ord899
ord5705
ord2444
ord300
ord6161
ord3590
ord4119
ord1386
ord3645
ord5053
ord4558
ord3396
ord2362
ord4228
ord1545
ord6063
ord557
ord745
ord2867
ord2151
ord326
ord1176
ord6282
ord1172
ord5316
ord6293
ord5327
ord3249
ord1784
ord3296
ord6167
ord6173
ord304
ord6279
ord2365
ord4743
ord1790
ord416
ord651
ord1555
ord2364
ord2155
ord907
ord784
ord297
ord3395
ord5867
ord1789
ord1791
ord1086
ord2893
ord2588
ord783
ord2896
ord4535
ord3677
ord566
ord757
ord1064
ord3824
ord1110
ord1049
ord5971
ord2239
ord3327
ord4475
ord2832
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord6201
ord1908
ord4347
ord332
ord2046
ord442
ord548
ord4038
ord675
ord5712
ord1431
ord444
ord677
ord5454
ord5489
ord2701
ord2696
ord3237
ord998
ord3176
ord4101
ord4078
ord2260
ord3991
ord5559
ord6170
ord6176
ord2462
ord2981
ord3322
ord754
ord3877
ord4092
ord2861
ord385
ord630
ord2012
ord3082
ord1840
ord1782
ord3842
ord860
ord1156
ord4094
ord2085
ord3238
ord1274
ord1946
ord1416
ord3165
ord5869
ord591
ord5485
ord5524
ord4100
ord1479
ord282
ord6111
ord280
ord776
ord6086
ord3417
ord1536
ord4226
ord3158
ord1894
ord1118
ord2366
ord1079
ord1719
ord5829
ord6061
ord3756
ord2361
ord3678
ord753
ord563
ord3198
ord587
ord2985
ord2077
ord2461
ord3927
ord896
ord900
ord1476
ord2261
ord5558
ord3990
ord290
ord6700
ord1472
ord5178
ord4206
ord4729
ord4884
ord2011
ord1662
ord1661
ord1542
ord6720
ord5908
ord1611
ord1608
ord3940
ord1392
ord4238
ord5148
ord1899
ord5067
ord6271
ord4179
ord5199
ord3397
ord4716
ord4276
ord1591
ord5956
ord5231
ord5229
ord920
ord925
ord929
ord927
ord931
ord2384
ord2404
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4256
ord2587
ord5636
ord1270
ord602
ord347
ord709
ord501
ord777
ord5727
ord4314
ord1271
ord1058
ord2895
ord3869
ord4574
ord2460
ord870
ord2876
ord293
ord4098
ord6232
ord3635
ord1785
ord1883
ord3155
ord3204
ord1925
ord3157
ord658
ord572
ord760
ord3224
ord4255
ord2952
ord5210
ord4232
ord1393
ord5911
ord6721
ord2083
ord577
ord283
ord605
ord354
ord3435
ord774
ord764
ord2080
ord5864
ord1538
ord1198
ord2877
msvcr80
wprintf
fseek
fflush
strstr
_pgmptr
strrchr
isalnum
iswspace
wcsstr
_mktime64
sprintf_s
_findfirst64i32
_findnext64i32
_findclose
memmove
realloc
_itoa_s
atol
tolower
memcpy_s
ftell
vswprintf_s
_wtoi64
fopen
swprintf_s
fgetws
_access
calloc
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_recalloc
strtol
ceil
memmove_s
vsprintf_s
_purecall
_msize
_wfindfirst64i32
_wfindnext64i32
memcpy
_CxxThrowException
strlen
strcat_s
strcpy_s
strcmp
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
fread
fwrite
strncpy
wcsncpy
_errno
_wcslwr
fprintf
__iob_func
fwprintf
_localtime64_s
printf
_wcsicmp
strchr
wcschr
fclose
fputs
_wfopen
wcsftime
_time64
_vswprintf
vwprintf
vsprintf
vprintf
strftime
_localtime64
_wrename
_wremove
?_wopen@@YAHPB_WHH@Z
wcstol
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
sprintf
atof
atoi
free
malloc
wcsncpy_s
wcscpy_s
wcscat_s
_wsplitpath
_waccess
_wtoi
_swprintf
wcsrchr
_chsize
_close
_strlwr
_itoa
_stricmp
_mkdir
__CxxFrameHandler3
memset
kernel32
InitializeCriticalSection
CreateProcessW
GetModuleFileNameW
GetCurrentProcess
GetSystemDirectoryW
OutputDebugStringA
GetSystemDirectoryA
GetNativeSystemInfo
FindFirstFileW
RemoveDirectoryW
DeleteCriticalSection
FindClose
CopyFileW
lstrcpynW
CreateNamedPipeA
ConnectNamedPipe
DisconnectNamedPipe
WriteFileEx
EnterCriticalSection
PeekNamedPipe
TransactNamedPipe
GetNamedPipeHandleStateW
GetNamedPipeInfo
SetNamedPipeHandleState
CallNamedPipeW
WaitNamedPipeW
CreateMutexW
ReleaseMutex
CreateThread
lstrlenW
CreateEventW
TerminateThread
WriteFile
GetDriveTypeW
GetLogicalDriveStringsW
DeleteFileA
GetDriveTypeA
LeaveCriticalSection
GetLocalTime
GetFileAttributesExW
GetVersion
Beep
WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
SetLastError
VirtualQueryEx
VirtualAllocEx
ResumeThread
CreateProcessA
ExitProcess
GetEnvironmentVariableA
GetEnvironmentVariableW
LoadLibraryExW
LoadLibraryExA
VirtualQuery
GetModuleHandleW
VirtualProtect
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FlushFileBuffers
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
SetFileAttributesW
GetSystemInfo
Sleep
DeleteFileW
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateDirectoryW
GetLastError
InitializeCriticalSectionAndSpinCount
AreFileApisANSI
OutputDebugStringW
GetTickCount
GetVolumeInformationW
GetSystemWindowsDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
OpenProcess
CloseHandle
GlobalUnlock
GlobalFree
FindResourceW
SizeofResource
LockResource
LoadResource
GlobalAlloc
GlobalLock
GetFileAttributesW
CreateFileW
GetFileSizeEx
SetFilePointer
SetHandleInformation
ReadFile
CreateToolhelp32Snapshot
Process32FirstW
GetVersionExW
WaitForSingleObject
GetExitCodeProcess
GetFileSize
Process32NextW
ReadFileEx
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetCurrentProcessId
FindNextFileW
TerminateProcess
user32
ReleaseDC
GetDC
SetForegroundWindow
ShowWindow
MessageBoxTimeoutW
GetWindowTextW
GetClassNameW
LoadStringA
FindWindowExW
IsMenu
GetSubMenu
GetMenu
GetMenuItemID
GetMenuItemCount
RegisterWindowMessageW
PostQuitMessage
LoadIconW
FindWindowW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetDlgItem
SetWindowTextW
GetCursorPos
DrawIcon
DrawFocusRect
GetSystemMetrics
AppendMenuW
GetSystemMenu
GetDesktopWindow
SetParent
SystemParametersInfoW
wsprintfW
SetTimer
KillTimer
PtInRect
RedrawWindow
GetFocus
IsZoomed
GetActiveWindow
MessageBoxW
IsWindow
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
EqualRect
GetClientRect
GetWindowThreadProcessId
GetWindowLongW
EnumWindows
LoadStringW
MessageBoxA
PostMessageW
GetParent
SetCursor
WindowFromPoint
ClientToScreen
InvalidateRect
LoadImageW
GetSysColor
CopyRect
DrawStateW
FillRect
OffsetRect
InflateRect
SetMenuDefaultItem
LoadMenuW
SetWindowRgn
DeleteMenu
TrackPopupMenu
IsIconic
SendMessageW
LoadBitmapW
GetWindowRect
EnableWindow
DestroyCursor
SetWindowLongW
gdi32
SelectPalette
CreateDCW
SetTextColor
SetBkMode
StretchBlt
GetDeviceCaps
CreateSolidBrush
CreateFontW
CombineRgn
GetPixel
CreateRectRgn
GetStockObject
GetTextExtentPoint32W
PtVisible
RealizePalette
TextOutW
ExtTextOutW
Escape
CreateFontIndirectW
GetObjectW
DeleteDC
SetBkColor
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
CreateCompatibleDC
CreatePatternBrush
GetDIBits
RectVisible
comdlg32
GetSaveFileNameW
advapi32
GetUserNameA
RegSetValueExW
RegOpenKeyW
StartServiceA
ControlService
StartServiceW
QueryServiceStatus
GetUserNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenServiceW
OpenSCManagerW
RegCloseKey
CloseServiceHandle
OpenServiceA
OpenSCManagerA
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
shell32
Shell_NotifyIconW
ShellExecuteExW
SHChangeNotify
ShellExecuteW
SHFileOperationW
SHGetPathFromIDListA
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
comctl32
InitCommonControlsEx
_TrackMouseEvent
shlwapi
StrStrIW
ole32
CreateStreamOnHGlobal
CoCreateInstance
CoCreateGuid
CoInitialize
CoUninitialize
CoTaskMemFree
oleaut32
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
msvcp80
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IBEPB_WXZ
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IBEPBDXZ
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?compare@?$char_traits@D@std@@SAHPBD0I@Z
?eq@?$char_traits@D@std@@SA_NABD0@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?flags@ios_base@std@@QAEHH@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE_W_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
libcrypto-1_1
EVP_MD_CTX_free
EC_POINT_free
EC_GROUP_free
BN_CTX_free
BN_CTX_end
EVP_DigestFinal_ex
EVP_DigestInit_ex
ECDH_KDF_X9_62
EVP_sm3
BN_bn2binpad
EC_POINT_get_affine_coordinates_GFp
EC_POINT_is_at_infinity
EC_POINT_mul
EC_GROUP_get0_cofactor
EC_POINT_is_on_curve
EC_POINT_set_affine_coordinates_GFp
BN_CTX_new
BN_CTX_start
BN_CTX_get
EC_GROUP_new_by_curve_name
EC_POINT_new
EVP_DigestUpdate
EVP_MD_CTX_new
BN_bin2bn
netapi32
NetUserEnum
NetApiBufferFree
Netbios
captureimage
ord1
setruledata
InitWorkThread
gdiplus
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRect
GdiplusStartup
GdiplusShutdown
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateBitmapFromStreamICM
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateImageAttributes
GdipDrawImageI
GdipDeleteGraphics
GdipCreateFromHDC
GdipAlloc
GdipFree
GdipCloneImage
winmm
PlaySoundW
iphlpapi
GetAdaptersInfo
GetNetworkParams
ws2_32
listen
__WSAFDIsSet
bind
WSAGetLastError
setsockopt
WSACleanup
recv
send
getsockopt
ntohl
inet_ntoa
gethostbyname
accept
WSAStartup
inet_addr
htons
select
connect
ioctlsocket
closesocket
socket
datamodule
SetPolicyEx
SetPolicy
GetPolicy
GetCurUserPriv
SetCurUserPriv
Clipboard_SetSwitch
Clipboard_GetSwitch
Hook_USBFile_SetSwitch
GetPolicyEx
Printer_SetSwitch
Printer_GetSwitch
?Mouse_SetSwitch@@YGXH@Z
Data_SetProtectProc
?Mouse_GetSwitch@@YGHXZ
Keyboard_SetSwitch
Data_GetProtectProc
QQ_GetCutScreenSwitch
QQ_SetCutScreenSwitch
Data_SetEnOpenProList
Hook_USBFile_GetSwitch
Data_GetEnOpenProList
?Data_InitShareLock@@YGXXZ
?Data_UninitShareLock@@YGXXZ
Keyboard_GetSwitch
procmodule
Proc_StopModule
Proc_StopDrvClipPretect
InitRenameShare
UnInitRenameShare
Proc_StartModule
keyboardmodule
?Keyboard_InstallHook@@YGHXZ
?Keyboard_UnInstallHook@@YGXXZ
wtsapi32
WTSFreeMemory
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification
WTSQuerySessionInformationW
encryptfilehead
EncryptFileHead
Sections
.text Size: 728KB - Virtual size: 724KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 176KB - Virtual size: 173KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.8MB - Virtual size: 3.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ