Static task
static1
Behavioral task
behavioral1
Sample
malcat.exe
Resource
win10-20231025-en
windows10-1703-x64
General
-
Target
malcat.exe
-
Size
10.1MB
-
MD5
d64758eb00a68c150f262049e4694284
-
SHA1
38e8379aca972754f047f7463ab725e233cd27c4
-
SHA256
3eef2a5e3f1562b49e65c510315347ecc85b4511b1afc068428bd067cd613f06
-
SHA512
d8ac41d2552f15bf6610236f4904dc048b41cd560e3378d8f59cc33b2e26a4a780abef82f2c56b13fb40ff8d6e628b8cd2ee1741285bab84c2569f197167473b
-
SSDEEP
196608:2XEAB/VUP4+MnMfzRKgryqoYZJwWHNA6MAbL02VMZgQ:2UABtUP4+8MdNryqoYZjHNAM0bW
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource malcat.exe
Files
-
malcat.exe.exe windows:6 windows x64
737fc915d10521e16c3da58474da4240
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
cgraph
agattr
agxset
agclose
agxget
agfstout
agnode
agnxtout
Agstrictdirected
agsubg
agedge
agopen
gvc
gvContext
gvFreeContext
gvLayout
gvFreeLayout
gvAddLibrary
gvplugin_dot_layout
gvplugin_dot_layout_LTX_library
kanal
??1xml_document@pugi@@QEAA@XZ
?GetNormalizedPath@VirtualFile@kanal@@QEBA?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?Error@Analysis@kanal@@QEAAXW4AnalysisErrorCode@2@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I_K@Z
?GetLastError@Analysis@kanal@@QEBA?BUAnalysisError@2@XZ
?HasAnnotation@Analysis@kanal@@QEAA_NI@Z
??0FileSnippet@kanal@@QEAA@V?$shared_ptr@VFile@kanal@@@std@@_K1AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z
?Open@FileType@kanal@@QEBA?AV?$shared_ptr@VFile@kanal@@@std@@AEBVVirtualFile@2@@Z
?GetVirtualFileSystem@FileType@kanal@@QEBAAEBV?$list@VVirtualFile@kanal@@V?$allocator@VVirtualFile@kanal@@@std@@@std@@XZ
?GetStart@LocalizedNote@kanal@@QEBA_KXZ
?path2wstring@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBVpath@filesystem@2@@Z
?GetIdString@HardwareId@kanal@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetApplicationName@AnalysisEnvironment@kanal@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetPybindLock@KScript@kanal@@QEAAAEAVmutex@std@@XZ
?AddToPath@KScript@kanal@@QEAAXAEBVpath@filesystem@std@@@Z
??1KScript@kanal@@QEAA@XZ
??0KScript@kanal@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0ActivationCode@kanal@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??8HardwareId@kanal@@QEBA_NAEBV01@@Z
?Rva2Ea@MappingAnnotation@kanal@@QEBA_K_K@Z
??0FileBuffer@kanal@@QEAA@$$QEAV?$vector@EV?$allocator@E@std@@@std@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@1@Z
??0NumberPattern@kanal@@QEAA@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N1111111@Z
??0StructurePattern@kanal@@QEAA@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N11@Z
??0RegexPattern@kanal@@QEAA@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N111@Z
??0StringPattern@kanal@@QEAA@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N1111@Z
??0HexPattern@kanal@@QEAA@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Signatures@kanal@@QEAA@AEAVAnalysis@1@@Z
?Tag2Category@ScanRule@kanal@@SA?AW4ScanRuleCategory@12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetIntelligenceServicesConfig@Intelligence@kanal@@SA?AV?$vector@UIntelligenceServiceConfig@kanal@@V?$allocator@UIntelligenceServiceConfig@kanal@@@std@@@std@@XZ
?ByteToWcharCustom@@YA_WEW4AsciiCharset@@@Z
?wstring2path@@YA?AVpath@filesystem@std@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z
?ContainsNoCase@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?Transform@Transformer@kanal@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBE_KAEBV34@AEBV?$vector@V?$variant@_NM_JV?$vector@EV?$allocator@E@std@@@std@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@@std@@V?$allocator@V?$variant@_NM_JV?$vector@EV?$allocator@E@std@@@std@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@@std@@@2@@4@@Z
?GetTransform@Transformer@kanal@@QEAA?AUTransformInfo@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetAvailableTransforms@Transformer@kanal@@QEAAAEBV?$vector@UTransformInfo@kanal@@V?$allocator@UTransformInfo@kanal@@@std@@@std@@XZ
?IsDynamic@UserTypeDefinition@kanal@@QEBA_NXZ
?InstanciateType@FileStructure@kanal@@QEAA?AVStructAccess@2@_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ParseTypesDefinitions@FileStructure@kanal@@QEAA?AV?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VUserTypeDefinition@kanal@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VUserTypeDefinition@kanal@@@std@@@2@@std@@XZ
?FullAccess@FileStructure@kanal@@QEBA?AV?$vector@VStructAccess@kanal@@V?$allocator@VStructAccess@kanal@@@std@@@std@@VStructAccess@2@_K@Z
??0FileStructure@kanal@@QEAA@AEAVAnalysis@1@@Z
??4ScriptableNote@kanal@@QEAAAEAV01@AEBV01@@Z
??4NamedNote@kanal@@QEAAAEAV01@AEBV01@@Z
??4CategorizedNote@kanal@@QEAAAEAV01@AEBV01@@Z
??4LocalizedNote@kanal@@QEAAAEAV01@AEBV01@@Z
??0StructAccess@kanal@@QEAA@AEBV01@@Z
?GetField@FieldAccess@kanal@@QEBAAEBVField@2@XZ
?GetName@FieldAccess@kanal@@QEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??1LocalizedNote@kanal@@QEAA@XZ
?Contains@LocalizedNote@kanal@@QEBA_N_K@Z
?GetSize@LocalizedNote@kanal@@UEBA_KXZ
?MakePythonBindings@Analysis@kanal@@SAXAEAVKScript@2@@Z
?DiffAgainstFile@Analysis@kanal@@QEAAXV?$shared_ptr@VAnalysis@kanal@@@std@@_NW4DiffMode@DiffAnnotation@2@EI@Z
?SearchInFile@Analysis@kanal@@QEAAXV?$shared_ptr@VFindPattern@kanal@@@std@@_N@Z
?Run@Analysis@kanal@@QEAAX_N@Z
??0FileMapped@kanal@@QEAA@AEBVpath@filesystem@std@@@Z
?ResolveDataPath@AnalysisEnvironment@kanal@@QEBA?AVpath@filesystem@std@@AEBV345@@Z
?NewAnalysis@AnalysisEnvironment@kanal@@QEBA?AV?$shared_ptr@VAnalysis@kanal@@@std@@V?$shared_ptr@VFile@kanal@@@4@@Z
??0AnalysisEnvironment@kanal@@QEAA@AEBVpath@filesystem@std@@000I00@Z
??0CFile@kanal@@QEAA@AEBVpath@filesystem@std@@@Z
?GetArchitecture@FileType@kanal@@QEBA?AW4FileArchitecture@2@XZ
?GetCategory@FileType@kanal@@QEBA?AW4FileCategory@2@XZ
?PathExtractParent@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV12@@Z
?GetLastSelection@Selected@kanal@@QEBAAEBVSelectedRange@2@XZ
??0SelectedRange@kanal@@QEAA@_K0@Z
??0Symbols@kanal@@QEAA@AEAVAnalysis@1@@Z
?CheckIntelligence@Analysis@kanal@@QEAAX_N@Z
?Select@Analysis@kanal@@QEAAX$$QEAVSelectedRange@2@@Z
?InvalidateCache@Analysis@kanal@@QEAAXXZ
?InvalidateAndRun@Analysis@kanal@@QEAAXXZ
?Interrupt@Analysis@kanal@@QEAAXXZ
?GetBookmark@UserBookmarks@kanal@@QEBA_KI@Z
??0LocalizedNote@kanal@@QEAA@AEBV01@@Z
?GetFullSig@FunctionPrototype@kanal@@QEBA?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z
?ContainsVa@MappingAnnotation@kanal@@QEBA_N_K@Z
??0Functions@kanal@@QEAA@AEAVAnalysis@1@@Z
??0CrossReference@kanal@@QEAA@AEAVAnalysis@1@@Z
??0Strings@kanal@@QEAA@AEAVAnalysis@1@@Z
??0CFG@kanal@@QEAA@AEAVAnalysis@1@@Z
??0Constants@kanal@@QEAA@AEAVAnalysis@1@@Z
?end@MultiAnnotation@kanal@@QEBA?AVMultiIterator@2@XZ
?find@MultiAnnotation@kanal@@QEBA?AVMultiIterator@2@_K@Z
?GetEnd@LocalizedNote@kanal@@QEBA_KXZ
?GetFullName@FunctionPrototype@kanal@@QEBA?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?Match@SigScanner@kanal@@QEBA?AV?$optional@VSigMatch@kanal@@@std@@PEBE_K@Z
?GetSymbolsAt@Symbols@kanal@@QEBA?AV?$vector@VSymbol@kanal@@V?$allocator@VSymbol@kanal@@@std@@@std@@_K@Z
?HasDefaultName@Function@kanal@@QEBA_NXZ
??1AtomicNote@kanal@@QEAA@XZ
pcre2_compile_8
pcre2_match_8
pcre2_match_data_create_8
pcre2_get_ovector_pointer_8
pcre2_code_free_8
pcre2_match_data_free_8
?GetSha256@Entropy@kanal@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??0Entropy@kanal@@QEAA@AEAVAnalysis@1@@Z
?GetFiletypeName@FileType@kanal@@QEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetInstructionStart@CFG@kanal@@QEBA_K_KPEBVBasicBlock@2@@Z
?find@Annotation@kanal@@QEBA?AViterator@12@_K@Z
?GetAnnotation@Analysis@kanal@@QEAA?AV?$shared_ptr@VAnnotation@kanal@@@std@@I@Z
?ReadCStringUtf16@File@kanal@@QEAA?AU?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_K@std@@_K0_N@Z
?ReadCStringUtf8@File@kanal@@QEAA?AU?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_K@std@@_K0@Z
?ConvertFromUtf16@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@_N@Z
?ReadEnum@FieldAccess@kanal@@QEBA?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?CstringEscape@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV12@@Z
?CstringEscape@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV12@@Z
?TruncatedString@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV12@_KV12@@Z
?TruncatedString@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV12@_KV12@@Z
??1Region@kanal@@UEAA@XZ
?RunTemplate@Analysis@kanal@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@Vpath@filesystem@4@@Z
?GetEntropyForRange@Entropy@kanal@@QEBAE_K0@Z
?GetSha1@Entropy@kanal@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetMd5@Entropy@kanal@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetTlsh@Entropy@kanal@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetImpHash@Entropy@kanal@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?begin@MultiAnnotation@kanal@@QEBA?AVMultiIterator@2@XZ
?ConvertFromUtf8@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$vector@EV?$allocator@E@std@@@2@@Z
?GetRule@Signatures@kanal@@QEBAPEBVScanRule@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ContainsNoCase@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
?RunScriptWithinScope@KScript@kanal@@QEAA_NAEBVpath@filesystem@std@@AEAVdict@pybind11@@AEBV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@5@_N@Z
??0Intelligence@kanal@@QEAA@AEAVAnalysis@1@@Z
?find_or_next@MultiAnnotation@kanal@@QEBA?AVMultiIterator@2@_K@Z
?source@MultiIterator@kanal@@QEAA?AV?$shared_ptr@VAnnotation@kanal@@@std@@XZ
?eof@MultiIterator@kanal@@UEBA_NXZ
?AddAnnotation@MultiAnnotation@kanal@@QEAAXI@Z
??0MultiAnnotation@kanal@@QEAA@AEAVAnalysis@1@_N1@Z
??0Loops@kanal@@QEAA@AEAVAnalysis@1@@Z
??0CorpusAnnotation@kanal@@QEAA@AEAVAnalysis@1@V?$shared_ptr@VFindPattern@kanal@@@std@@@Z
?toSEHException@@YAHHPEAU_EXCEPTION_POINTERS@@PEAPEAVSEHException@@@Z
??0DiffAnnotation@kanal@@QEAA@AEAVAnalysis@1@V?$weak_ptr@VAnalysis@kanal@@@std@@_NW4DiffMode@01@E_K4@Z
?Compute@Exceptions@kanal@@UEAAXXZ
?Expand@UserComment@kanal@@QEBA?AV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@XZ
??0UserType@kanal@@QEAA@AEBV01@@Z
?Type@Analysis@kanal@@QEAAX_KVUserType@2@@Z
??4AtomicNote@kanal@@QEAAAEAV01@AEBV01@@Z
?Label@Analysis@kanal@@QEAAX_KVUserLabel@2@@Z
??0UserLabel@kanal@@QEAA@AEBV01@@Z
??0Serialisable@kanal@@QEAA@AEBV01@@Z
??0CategorizedNote@kanal@@QEAA@AEBV01@@Z
?ToXml@FunctionParameter@kanal@@UEBA_NAEAVxml_node@pugi@@@Z
?FromXml@FunctionParameter@kanal@@UEAA_NAEBVxml_node@pugi@@@Z
?ToXml@FunctionPrototype@kanal@@UEBA_NAEAVxml_node@pugi@@@Z
?FromXml@FunctionPrototype@kanal@@UEAA_NAEBVxml_node@pugi@@@Z
?UndefineFunctions@Analysis@kanal@@QEAAX_K0@Z
?DefineFunction@Analysis@kanal@@QEAAXVDebugFunction@2@@Z
?DefineFunctions@Analysis@kanal@@QEAAXAEBV?$vector@VDebugFunction@kanal@@V?$allocator@VDebugFunction@kanal@@@std@@@std@@@Z
?Comment@Analysis@kanal@@QEAAXVUserComment@2@@Z
??0UserComment@kanal@@QEAA@AEBV01@@Z
??0UserComment@kanal@@QEAA@_K$$QEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@W4CommentType@01@@Z
?SetFile@Analysis@kanal@@QEAAXV?$shared_ptr@VFile@kanal@@@std@@@Z
?GetLog@Analysis@kanal@@QEBA?BV?$vector@UAnalysisError@kanal@@V?$allocator@UAnalysisError@kanal@@@std@@@std@@XZ
??1xml_writer@pugi@@UEAA@XZ
??0LocalizedNote@kanal@@QEAA@_K0@Z
??0FindPattern@kanal@@QEAA@XZ
??0UserType@kanal@@QEAA@$$QEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0NamedNote@kanal@@QEAA@XZ
??0Serialisable@kanal@@QEAA@XZ
??0CategorizedNote@kanal@@QEAA@XZ
?SetCorpusDirectories@Analysis@kanal@@QEAAXAEBV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@Vpath@filesystem@2@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@Vpath@filesystem@2@@std@@@2@@std@@@Z
??0xml_writer@pugi@@QEAA@XZ
?FullAccess@FileStructure@kanal@@QEBA?AV?$vector@VStructAccess@kanal@@V?$allocator@VStructAccess@kanal@@@std@@@std@@_K@Z
??0UserHighlight@kanal@@QEAA@AEBV01@@Z
??0UserHighlight@kanal@@QEAA@_K0$$QEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@1W4NoteCategory@1@@Z
??0FunctionPrototype@kanal@@QEAA@$$QEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0$$QEAV?$vector@UFunctionParameter@kanal@@V?$allocator@UFunctionParameter@kanal@@@std@@@3@$$QEAUType@1@$$QEAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@3@_N44W4Visbility@1@@Z
?GetAlignment@DiffAnnotation@kanal@@QEBA_K_K@Z
?Wait@Analysis@kanal@@QEAAXXZ
?Invalidate@Analysis@kanal@@QEAAXI@Z
?GetAnnotations@Analysis@kanal@@QEAA?AV?$unordered_map@IV?$shared_ptr@VAnnotation@kanal@@@std@@U?$hash@I@2@U?$equal_to@I@2@V?$allocator@U?$pair@$$CBIV?$shared_ptr@VAnnotation@kanal@@@std@@@std@@@2@@std@@XZ
?Bookmark@Analysis@kanal@@QEAAXI_K@Z
?Highlight@Analysis@kanal@@QEAAXVUserHighlight@2@@Z
?SearchInCorpus@Analysis@kanal@@QEAAXV?$shared_ptr@VFindPattern@kanal@@@std@@_N@Z
?RegisterCB@Analysis@kanal@@QEAAXV?$function@$$A6AXIE@Z@std@@@Z
?RegisterCB@Analysis@kanal@@QEAAXV?$function@$$A6AXW4AnalysisStatus@kanal@@@Z@std@@@Z
?RegisterCB@Analysis@kanal@@QEAAXV?$function@$$A6AXXZ@std@@@Z
?ClearAllCallbacks@Analysis@kanal@@QEAAXXZ
?SetIntelligenceServices@Analysis@kanal@@QEAAXAEBV?$vector@UIntelligenceService@kanal@@V?$allocator@UIntelligenceService@kanal@@@std@@@std@@@Z
?ReadPointer@Analysis@kanal@@QEAA_K_K@Z
?ToXml@DebugFunction@kanal@@UEBA_NAEAVxml_node@pugi@@@Z
?ReadCStringAscii@File@kanal@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_K0@Z
??0UserLabel@kanal@@QEAA@$$QEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?Ea2Rva@MappingAnnotation@kanal@@QEBAI_K@Z
?ChainTransform@Transformer@kanal@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBE_KAEBV?$vector@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@V?$variant@_NM_JV?$vector@EV?$allocator@E@std@@@std@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@@std@@V?$allocator@V?$variant@_NM_JV?$vector@EV?$allocator@E@std@@@std@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@@std@@@2@@2@@std@@V?$allocator@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@V?$variant@_NM_JV?$vector@EV?$allocator@E@std@@@std@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@@std@@V?$allocator@V?$variant@_NM_JV?$vector@EV?$allocator@E@std@@@std@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@@std@@@2@@2@@std@@@2@@4@@Z
?ToXml@Type@kanal@@UEBA_NAEAVxml_node@pugi@@@Z
?FromXml@Type@kanal@@UEAA_NAEBVxml_node@pugi@@@Z
??0YaraPattern@kanal@@QEAA@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?GetNiceID@Annotation@kanal@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?SaveAs@File@kanal@@QEAA_NAEBVpath@filesystem@std@@@Z
?ReadCopyVector@File@kanal@@QEAA?AV?$vector@EV?$allocator@E@std@@@std@@_K0@Z
?OverrideWriteFunction@File@kanal@@QEAAXV?$function@$$A6A_N_KPEBE0@Z@std@@@Z
??0xml_document@pugi@@QEAA@XZ
?FromXml@DebugFunction@kanal@@UEAA_NAEBVxml_node@pugi@@@Z
?load_buffer_inplace@xml_document@pugi@@QEAA?AUxml_parse_result@2@PEAX_KIW4xml_encoding@2@@Z
?save@xml_document@pugi@@QEBAXAEAVxml_writer@2@PEB_WIW4xml_encoding@2@@Z
?get@xml_text@pugi@@QEBAPEB_WXZ
?as_uint@xml_text@pugi@@QEBAII@Z
?as_float@xml_text@pugi@@QEBAMM@Z
?as_bool@xml_text@pugi@@QEBA_N_N@Z
?set@xml_text@pugi@@QEAA_N_N@Z
?set@xml_text@pugi@@QEAA_NM@Z
?set@xml_text@pugi@@QEAA_NI@Z
?set@xml_text@pugi@@QEAA_NPEB_W@Z
??Bxml_parse_result@pugi@@QEBA_NXZ
?as_string@xml_attribute@pugi@@QEBAPEB_WPEB_W@Z
?as_uint@xml_attribute@pugi@@QEBAII@Z
?as_ullong@xml_attribute@pugi@@QEBA_K_K@Z
?set_value@xml_attribute@pugi@@QEAA_N_K@Z
?set_value@xml_attribute@pugi@@QEAA_NI@Z
?set_value@xml_attribute@pugi@@QEAA_NH@Z
?set_value@xml_attribute@pugi@@QEAA_NPEB_W@Z
??Bxml_node@pugi@@QEBAP6AXPEAPEAPEAV01@@ZXZ
?next_sibling@xml_node@pugi@@QEBA?AV12@PEB_W@Z
?text@xml_node@pugi@@QEBA?AVxml_text@2@XZ
?child@xml_node@pugi@@QEBA?AV12@PEB_W@Z
?attribute@xml_node@pugi@@QEBA?AVxml_attribute@2@PEB_W@Z
?append_attribute@xml_node@pugi@@QEAA?AVxml_attribute@2@PEB_W@Z
?append_child@xml_node@pugi@@QEAA?AV12@PEB_W@Z
?ComputeSha1@kanal@@YA?AVSHA1@@PEBE_K@Z
?ComputeSha256@kanal@@YA?AVSHA256@@PEBE_K@Z
?ComputeHistogram@kanal@@YA?AV?$vector@IV?$allocator@I@std@@@std@@PEBE_K@Z
?ComputeMd5@kanal@@YA?AVMD5@@PEBE_K@Z
?ConvertToPhysicalInterval@MappingAnnotation@kanal@@QEBA?AV?$interval@_K@@_K0@Z
?ComputeCrc32@kanal@@YA?AVCRC32@@PEBE_K@Z
?ComputeTlsh@kanal@@YA?AVTlsh@@PEBE_K@Z
?getHash@SHA1@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getHash@MD5@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getHash@SHA256@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getHash@Tlsh@@QEBAPEBDH@Z
??1Tlsh@@QEAA@XZ
?getHash@CRC32@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??0FieldAccess@kanal@@QEAA@AEBV01@@Z
?ConvertToUtf8@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@@Z
??0Anomalies@kanal@@QEAA@AEAVAnalysis@1@@Z
??0StructAccess@kanal@@QEAA@VFieldAccess@1@_KPEBVStructure@1@@Z
??0FieldAccess@kanal@@QEAA@AEBVFileTypeLayout@1@AEBVField@1@_KE$$QEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??AFieldAccess@kanal@@QEBA?BV01@I@Z
?GetCount@FieldAccess@kanal@@QEBA_KXZ
?GetTarget@FieldAccess@kanal@@QEBA_KAEBVAnalysis@2@@Z
?Write@FieldAccess@kanal@@QEBA_NAEBV?$variant@_NECGFIH_K_JMV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@VFieldAccess@kanal@@@std@@@Z
?GetFile@FieldAccess@kanal@@QEBAAEAVFile@2@XZ
?ReadCopy@File@kanal@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_K0@Z
?ConvertToUtf16@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@_N@Z
?ConvertFromUtf8@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEBE_K@Z
?BytesToWcharsCustom@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@W4AsciiCharset@@@Z
?ConvertFromUtf16@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEBE_K_N@Z
??0NamedNote@kanal@@QEAA@AEBV01@@Z
??0Note@kanal@@QEAA@AEBV01@@Z
??1Note@kanal@@QEAA@XZ
??AFileTypeLayout@kanal@@QEBA?BVFieldAccess@1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Has@FileTypeLayout@kanal@@QEBA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??AFieldAccess@kanal@@QEBA?BV01@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetFileInterval@FieldAccess@kanal@@QEBA?BV?$interval@_K@@XZ
?GetSize@FieldAccess@kanal@@QEBA_KXZ
?Read@FieldAccess@kanal@@QEBA?AV?$variant@_NECGFIH_K_JMV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@VFieldAccess@kanal@@@std@@XZ
kernel32
TerminateProcess
IsDebuggerPresent
GetEnvironmentVariableW
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcessId
GetCommandLineW
CopyFileW
GetFileType
GetTempFileNameW
GetTempPathW
GetLongPathNameW
GetFileSize
GetFileAttributesW
FindFirstFileW
FindClose
CreateFileW
FormatMessageW
LocalFree
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsAlloc
ResumeThread
SetThreadPriority
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
CreateSemaphoreW
Sleep
CreateMutexW
WaitForSingleObject
ReleaseMutex
ReleaseSemaphore
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
SetErrorMode
RtlCaptureContext
GetACP
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
FindNextFileW
WriteFile
ReadFile
SetHandleInformation
CreatePipe
SetNamedPipeHandleState
PeekNamedPipe
GetModuleFileNameW
GlobalMemoryStatusEx
GetVersionExW
GetNativeSystemInfo
LoadResource
LockResource
SizeofResource
SetEvent
CreateEventW
WaitForMultipleObjects
GetExitCodeProcess
CreateThread
CreateProcessW
IsBadReadPtr
IsBadStringPtrA
GetSystemDirectoryA
LoadLibraryA
MulDiv
SetLastError
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
GlobalHandle
GlobalFree
GetStdHandle
FreeConsole
AttachConsole
WriteConsoleA
WriteConsoleW
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
ReadConsoleOutputCharacterA
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
InitializeSListHead
RtlLookupFunctionEntry
ExitProcess
FindResourceW
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
GetComputerNameW
IsValidCodePage
GetCPInfo
GetDriveTypeW
GetLogicalDriveStringsW
ExpandEnvironmentStringsW
SetCurrentDirectoryW
OutputDebugStringW
user32
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
SetMenuInfo
InsertMenuItemW
SetMenuItemInfoW
RegisterWindowMessageW
SetMenu
CreatePopupMenu
DrawEdge
CreateMenu
DrawFrameControl
CheckMenuItem
GetMenuItemID
GetSysColorBrush
CheckMenuRadioItem
mouse_event
ValidateRgn
GetWindowTextW
MessageBeep
GetClassNameW
CreateAcceleratorTableW
DestroyAcceleratorTable
TranslateAcceleratorW
GetMessageW
ValidateRect
FindWindowExW
ScreenToClient
ClientToScreen
GetCursorPos
SetCursorPos
GetWindowRect
GetClientRect
SetWindowTextW
EnableScrollBar
ScrollWindow
RedrawWindow
InvalidateRect
GetUpdateRgn
ReleaseDC
GetDC
UpdateWindow
GetMenuItemInfoW
TrackPopupMenu
GetMenuItemCount
GetSystemMetrics
IsWindowEnabled
EnableWindow
ReleaseCapture
SetCapture
GetCapture
MapVirtualKeyW
VkKeyScanW
GetAsyncKeyState
GetKeyState
GetFocus
GetActiveWindow
SetFocus
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
MoveWindow
AnimateWindow
ShowWindow
IsWindow
CallWindowProcW
PostQuitMessage
GetMessageTime
GetMessagePos
UnregisterHotKey
RegisterHotKey
GetSubMenu
GetIconInfo
LoadImageW
GetComboBoxInfo
LoadBitmapW
KillTimer
SetTimer
MsgWaitForMultipleObjects
DispatchMessageW
DestroyWindow
UnregisterClassW
DefWindowProcW
SendMessageW
PeekMessageW
LoadCursorW
SetCursor
BringWindowToTop
CreateWindowExW
RegisterClassW
PostMessageW
PostThreadMessageW
MessageBoxW
GetWindowDC
BeginPaint
EndPaint
GetClassInfoW
SetProcessDPIAware
MapWindowPoints
WindowFromPoint
ChildWindowFromPointEx
GetSysColor
FillRect
InflateRect
PtInRect
GetWindowLongW
SetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
GetParent
SetParent
GetWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
IsDialogMessageW
SetScrollInfo
GetScrollInfo
SystemParametersInfoW
CreateDialogParamW
GetDlgItem
DestroyCursor
CreateIconIndirect
DrawTextW
DrawFocusRect
GetDoubleClickTime
GetCaretBlinkTime
DestroyIcon
DrawIconEx
SetLayeredWindowAttributes
FlashWindowEx
GetWindowPlacement
IsIconic
IsZoomed
CreateDialogIndirectParamW
GetDialogBaseUnits
DrawMenuBar
GetSystemMenu
EnableMenuItem
SetForegroundWindow
RegisterClipboardFormatW
GetClipboardFormatNameW
SetWindowRgn
DestroyMenu
ChildWindowFromPoint
TranslateMessage
IsRectEmpty
GetProcessDefaultLayout
SetCaretPos
GetDesktopWindow
IsMenu
keybd_event
GetWindowTextLengthW
HideCaret
ShowCaret
DrawStateW
SetRect
SetRectEmpty
DestroyCaret
CreateCaret
wsprintfW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
GetMenuState
MonitorFromPoint
EnumDisplaySettingsW
ChangeDisplaySettingsExW
GetPropW
UnionRect
OffsetRect
CopyRect
IsClipboardFormatAvailable
LoadIconW
ws2_32
select
recvfrom
WSAAsyncSelect
WSACleanup
recv
listen
getsockopt
getsockname
connect
closesocket
WSAStartup
ioctlsocket
WSAGetLastError
WSASetLastError
getservbyname
getservbyport
gethostbyname
gethostbyaddr
bind
ntohs
ntohl
accept
inet_ntoa
inet_addr
htons
__WSAFDIsSet
sendto
htonl
socket
shutdown
setsockopt
send
comctl32
ImageList_Copy
ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_GetIcon
ImageList_Remove
ImageList_Replace
ImageList_Draw
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
ord17
ord16
rpcrt4
RpcStringFreeW
UuidToStringW
uxtheme
GetThemeSysColor
GetThemeInt
GetThemePartSize
IsThemePartDefined
GetCurrentThemeName
GetThemeBackgroundExtent
GetThemeFont
GetThemeMargins
SetWindowTheme
DrawThemeParentBackground
GetThemeColor
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundContentRect
DrawThemeBackground
CloseThemeData
OpenThemeData
GetThemeSysFont
IsThemeActive
IsAppThemed
msvcp140
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?uncaught_exception@std@@YA_NXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?width@ios_base@std@@QEAA_J_J@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?__ExceptionPtrSwap@@YAXPEAX0@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??Bid@locale@std@@QEAA_KXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Query_perf_counter
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Query_perf_frequency
_Thrd_detach
?_Xbad_function_call@std@@YAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_lock
_Mtx_unlock
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Winerror_message@std@@YAKKPEADK@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_signal
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Throw_Cpp_error@std@@YAXH@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Cnd_do_broadcast_at_thread_exit
_Cnd_destroy
_Cnd_wait
_Mtx_init
_Thrd_start
_Thrd_id
_Mtx_destroy
_Cnd_init
_Thrd_join
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
python38
PyUnicode_DecodeUTF8
PyEval_SaveThread
_PyThreadState_UncheckedGet
PyExc_RuntimeError
PyObject_SetAttrString
PyInstanceMethod_Type
PyExc_MemoryError
PyCapsule_GetContext
PyFrame_GetLineNumber
PyFloat_AsDouble
PyRun_StringFlags
PyGILState_Release
PyBytes_AsStringAndSize
_Py_NoneStruct
PyTuple_New
PyDict_Size
PyLong_FromLongLong
PyErr_SetString
PyNumber_Add
PyExc_ValueError
PyDict_Next
PyThreadState_New
_Py_FalseStruct
PyFloat_Type
PyType_IsSubtype
PyErr_Restore
PyExc_OverflowError
_Py_Dealloc
PyTuple_GetItem
PyErr_ExceptionMatches
PyCapsule_GetPointer
PyErr_Fetch
PyLong_AsLong
PyObject_ClearWeakRefs
PyList_New
PyUnicode_DecodeUTF16
PyType_Ready
PyObject_GetAttrString
PyErr_Clear
PyList_Append
PyErr_Occurred
PyThread_tss_get
PyException_SetTraceback
PyCapsule_New
PyCapsule_GetName
PyBytes_Size
PyDict_New
PySequence_Check
PyEval_GetGlobals
PyInstanceMethod_New
PyObject_IsInstance
PyMem_Free
PyTuple_SetItem
PyThread_tss_set
PyDict_GetItemString
PyObject_GetItem
PyObject_CallObject
PyEval_InitThreads
PyObject_HasAttrString
PyProperty_Type
_Py_NotImplementedStruct
PyGILState_Ensure
PyCapsule_SetContext
PyNumber_Check
PyNumber_Long
PyThread_tss_alloc
PyThreadState_DeleteCurrent
PyExc_TypeError
PyThreadState_Clear
PyCFunction_NewEx
PyCapsule_Type
PyEval_GetBuiltins
PyDict_Copy
PyObject_Str
PyUnicode_AsUTF8String
PyExc_IndexError
_Py_TrueStruct
PyExc_SystemError
PyObject_SetItem
PyDict_DelItemString
PyUnicode_FromString
PyLong_FromSize_t
PyEval_AcquireThread
PySequence_GetItem
PyErr_NormalizeException
PyBytes_AsString
PyImport_ImportModule
PyLong_AsUnsignedLong
PyThreadState_Get
PyWeakref_NewRef
PyCFunction_Type
PyMem_Calloc
PyBaseObject_Type
PySequence_List
PyUnicode_AsEncodedString
PySequence_Size
PyThread_tss_create
PyTuple_Size
PyDict_Contains
_PyType_Lookup
PyGILState_GetThisThreadState
PyObject_Repr
PyFloat_FromDouble
PyNumber_Float
PyType_Type
_PyObject_GetDictPtr
PyLong_FromUnsignedLongLong
PyExc_BufferError
PyObject_SetAttr
PyObject_Malloc
PyErr_SetInterrupt
PyList_Size
PyErr_Format
PyUnicode_FromFormat
PyList_GetItem
PyModule_Type
PyBuffer_Release
PySequence_Tuple
PyLong_FromSsize_t
shlwapi
SHAutoComplete
AssocQueryStringW
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
msimg32
AlphaBlend
GradientFill
imm32
ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmGetContext
vcruntime140
__std_type_info_compare
__std_exception_copy
_purecall
__CxxFrameHandler3
longjmp
__std_terminate
__RTtypeid
__std_type_info_name
__C_specific_handler
memchr
wcsstr
memcpy
memmove
memset
_CxxThrowException
strchr
_set_se_translator
strstr
wcschr
memcmp
__RTCastToVoid
__intrinsic_setjmp
__RTDynamicCast
__std_exception_destroy
api-ms-win-crt-heap-l1-1-0
_callnewh
malloc
_aligned_free
_set_new_mode
free
realloc
_aligned_malloc
calloc
api-ms-win-crt-runtime-l1-1-0
_set_app_type
_cexit
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
_beginthreadex
_register_onexit_function
abort
_seh_filter_exe
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_configure_narrow_argv
terminate
exit
_errno
api-ms-win-crt-math-l1-1-0
tan
fmod
ceilf
floorf
sqrt
sin
_fdopen
lround
cos
pow
atan2
lroundf
sqrtf
ceil
__setusermatherr
floor
api-ms-win-crt-time-l1-1-0
_localtime64
_time64
_get_timezone
wcsftime
_tzset
_mktime64
_gmtime64
strftime
api-ms-win-crt-stdio-l1-1-0
__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__stdio_common_vfprintf
__p__commode
__stdio_common_vsscanf
__stdio_common_vswscanf
_set_fmode
__stdio_common_vfwprintf
fflush
__stdio_common_vswprintf_p
__stdio_common_vswprintf
fwrite
_ftelli64
_fseeki64
fread
ferror
feof
fclose
clearerr
_wfopen
_telli64
_lseeki64
_write
_read
_commit
_close
_wsopen_dispatch
_get_osfhandle
_fileno
_open_osfhandle
api-ms-win-crt-string-l1-1-0
isalnum
isspace
isdigit
isalpha
wcsncat
iswalnum
wcsncpy
_strdup
strcmp
strcpy_s
strcat_s
strncpy_s
_wcsicmp
wcspbrk
toupper
towlower
strncmp
isupper
towupper
iswdigit
iswalpha
tolower
isxdigit
isgraph
islower
ispunct
iswprint
iswxdigit
strncpy
iswspace
api-ms-win-crt-convert-l1-1-0
atoi
_wtoi
wcstod
_wcstod_l
wcstol
_wtol
atof
strtoul
_wcstoi64
wcstoul
_wcstoui64
api-ms-win-crt-utility-l1-1-0
rand_s
qsort
bsearch
api-ms-win-crt-filesystem-l1-1-0
_wrename
_wmkdir
_wrmdir
_wremove
api-ms-win-crt-environment-l1-1-0
_wgetenv
getenv
_wgetcwd
api-ms-win-crt-locale-l1-1-0
setlocale
_create_locale
_free_locale
___lc_codepage_func
_configthreadlocale
gdi32
GetDeviceCaps
RealizePalette
SelectObject
SelectPalette
GetTextMetricsW
SetBrushOrgEx
CreateRectRgn
CreateCompatibleDC
DeleteDC
StretchBlt
SetStretchBltMode
SetBkMode
SetTextColor
BitBlt
CreateBitmap
ExcludeClipRect
GetObjectW
SetBkColor
GdiFlush
DeleteObject
CreateBitmapIndirect
EnumFontFamiliesExW
CreateDCW
GetEnhMetaFileW
DeleteEnhMetaFile
SetViewportOrgEx
GetSystemPaletteEntries
GetTextExtentExPointW
GetCharABCWidthsW
SetDIBColorTable
GetDIBColorTable
CreateDIBSection
GetDIBits
CreateDIBitmap
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
MoveToEx
LineTo
GetBkColor
CreateICW
GetTextExtentPoint32W
CreateRectRgnIndirect
RectInRegion
PtInRegion
OffsetRgn
GetRgnBox
EqualRgn
CombineRgn
ExtCreatePen
CreatePen
CreateSolidBrush
CreatePatternBrush
CreateHatchBrush
SetWindowOrgEx
SetWindowExtEx
SetViewportExtEx
PolyBezier
Polyline
Polygon
LPtoDP
DPtoLP
CreatePolygonRgn
ExtTextOutW
ModifyWorldTransform
SetWorldTransform
GetWorldTransform
SetROP2
StretchDIBits
SetPolyFillMode
SetPixel
GetLayout
SetLayout
SetMapMode
SetGraphicsMode
ExtSelectClipRgn
SelectClipRgn
RoundRect
Rectangle
PolyPolygon
Pie
MaskBlt
GetWindowExtEx
GetViewportExtEx
GetRegionData
GetPixel
GetObjectType
GetGraphicsMode
GetClipBox
ExtFloodFill
ExtCreateRegion
Ellipse
Arc
GetStockObject
GetOutlineTextMetricsW
CreateFontIndirectW
CreateCompatibleBitmap
comdlg32
GetOpenFileNameW
ChooseColorW
CommDlgExtendedError
ChooseFontW
GetSaveFileNameW
advapi32
GetUserNameW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
shell32
DragQueryPoint
DragFinish
DragAcceptFiles
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
SHGetFileInfoW
ord6
CommandLineToArgvW
DragQueryFileW
ExtractIconW
SHGetMalloc
ExtractIconExW
ole32
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
DoDragDrop
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
OleUninitialize
OleInitialize
CoCreateInstance
Sections
.text Size: 6.7MB - Virtual size: 6.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.8MB - Virtual size: 2.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 152KB - Virtual size: 381KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 279KB - Virtual size: 278KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 160KB - Virtual size: 160KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ