setup[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup.rar
Size

27.6MB
MD5

c8c1341a7e1106abb5adda0bf7d39aa9
SHA1

747088ee7d6f77752b3c6c6876b1fab4d777f860
SHA256

ac57e4b80bbfca437944618899c18d7da1699c0c0301589dd9d04baefa60478c
SHA512

d4fce6b642a3c89fbdb0e8e2de75f22adda166288dd247f7fdb9fdf8a1fac21d6b1d696e6a5eb6f53044e67e07f83faa0ae9ec079f595588048c89e16ec3a809
SSDEEP

786432:xy5AlcKKdMJimG5/n367Mi0y2D33/LX+V3kADd5a51u3p:xyQLJXu/UMi0yEX+lkk3w6p

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PROPAMAT/ActivationClient.dll
unpack001/PROPAMAT/ActivationManager.dll
unpack001/PROPAMAT/activeds.dll
unpack001/PROPAMAT/activeds.tlb
unpack001/Setup.exe
unpack001/Templates/AcGenral.dll
unpack001/Templates/AcLayers.dll
unpack001/Templates/acledit.dll
unpack001/Templates/aclui.dll
unpack001/Templates/acppage.dll

Files

setup.rar
.rar

Password: 1234
PROPAMAT/ActivationClient.dll
.dll windows:10 windows x86

Password: 1234

2392a4dd077a2bf1ca79f5370d98befe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
memcpy
_o__seh_filter_dll
_o_free
_o_malloc
_except_handler4_common
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler3
_CxxThrowException

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetProcAddress
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

ReleaseMutex
CreateMutexExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSemaphore
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSRWLockShared
CreateSemaphoreExW
AcquireSRWLockShared
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemRealloc
CoSetProxyBlanket
CoTaskMemFree

api-ms-win-core-winrt-propertysetprivate-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

combase

ord140

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PROPAMAT/ActivationManager.dll
.dll windows:10 windows x86

Password: 1234

01ffae27bd2f4006b1c9da2adb5b805c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__ui64tow_s
_o__wcsicmp
memmove
_o_ceil
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcstok_s
_except_handler4_common
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__get_errno
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__crt_atexit
_o__configure_narrow_argv
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__cexit
_o__callnewh
wcschr
wcsrchr
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
memmove_s
wcscspn

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
FreeLibrary
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateEventExW
InitializeCriticalSection
SetEvent
InitializeCriticalSectionAndSpinCount
ResetEvent
InitializeSRWLock
OpenEventW
EnterCriticalSection
LeaveCriticalSection
CreateEventW
InitializeCriticalSectionEx
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapDestroy
HeapAlloc
HeapFree
GetProcessHeap
HeapSize

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoOriginateErrorW
RoTransformError

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolWait
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetProcessId
CreateThread
GetThreadId
OpenProcessToken
GetCurrentThread
GetCurrentProcessId
OpenThreadToken
OpenThread
CreateProcessAsUserW
SetThreadPriority
ProcessIdToSessionId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
SetThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

oleaut32

SysFreeString

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventProviderEnabled
EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

ntdll

RtlLengthSid
NtClose
RtlCopySid
NtOpenProcessToken
RtlWakeAllConditionVariable
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlGetDeviceFamilyInfoEnum
RtlIsMultiSessionSku
NtOpenProcessTokenEx
NtQueryInformationToken
RtlNtStatusToDosError
RtlIsParentOfChildAppContainer
RtlQueryTokenHostIdAsUlong64
RtlExpandEnvironmentStrings
RtlInitUnicodeString
NtQuerySecurityAttributesToken
RtlCapabilityCheck
NtQueryInformationProcess
RtlFreeHeap
RtlSleepConditionVariableSRW
RtlAllocateHeap
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
NtTerminateProcess

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoAddRefServerProcess
CoGetApartmentType
CoGetStdMarshalEx
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
CoWaitForMultipleHandles
CoMarshalInterThreadInterfaceInStream
CoIncrementMTAUsage
CoCreateFreeThreadedMarshaler
CoGetCallerTID
CoGetCallContext
CoInitializeEx
CoImpersonateClient
CoRevertToSelf
CoEnableCallCancellation
CoDisableCallCancellation
CoCancelCall
CoRegisterClassObject
CoGetMalloc
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoReleaseServerProcess
CoCreateGuid
CLSIDFromString
CoResumeClassObjects
CoCreateInstance
CoTaskMemFree

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance
RoRegisterActivationFactories
RoRevokeActivationFactories

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce
Sleep

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsSubstringWithSpecifiedLength
WindowsDuplicateString
WindowsConcatString
WindowsGetStringRawBuffer
WindowsCreateString

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount64
GetTickCount
GetWindowsDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-appmodel-runtime-internal-l1-1-3

CouldMultiUserAppsBehaviorBePossibleForPackage

api-ms-win-appmodel-runtime-internal-l1-1-4

IsOnDemandRegistrationSupportedForExtensionCategory
GetExtensionApplicationUserModelId

api-ms-win-appmodel-runtime-internal-l1-1-1

GetPackageStatus
GetPackageFullNameFromToken
GetPackageStatusForUser

api-ms-win-appmodel-runtime-internal-l1-1-0

GetPackageApplicationPropertyString
GetPackageApplicationContext

api-ms-win-appmodel-runtime-internal-l1-1-6

OpenPackageInfoByFullNameForMachine

api-ms-win-appmodel-runtime-internal-l1-1-2

GetEffectivePackageStatusForUser

appxdeploymentclient

ord68

twinapi.appcore

ord2
ord3

msvcp_win

??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?exceptions@ios_base@std@@QAEXH@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
??Bios_base@std@@QBE_NXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG0@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
LocalFree

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegCloseKey
RegGetValueW
RegQueryValueExW
RegDeleteTreeW
RegOpenCurrentUser
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-com-private-l1-1-0

CoRevokeRacActivationToken
CoGetErrorInfo
CoRegisterRacActivationToken
CoSetErrorInfo

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_SetSite
IUnknown_QueryService

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetProductInfo

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-psm-key-l1-1-1

PsmCreateKeyWithDynamicId

api-ms-win-core-psm-key-l1-1-0

PsmGetKeyFromToken
PsmCreateKey
PsmGetKeyFromProcess

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
StartServiceW
OpenSCManagerW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

rpcrt4

RpcStringFreeW
RpcAsyncCancelCall
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcServerInqCallAttributesW
RpcRevertToSelf
RpcImpersonateClient
NdrAsyncClientCall
RpcAsyncCompleteCall
I_RpcBindingInqLocalClientPID
RpcAsyncInitializeHandle
I_RpcExceptionFilter
RpcBindingFromStringBindingW
RpcStringBindingComposeW

api-ms-win-core-winrt-propertysetprivate-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
CreateWellKnownSid
RevertToSelf
GetAce
GetTokenInformation
DuplicateTokenEx
GetLengthSid
IsWellKnownSid
FreeSid
CopySid
IsValidSid

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpLogicalW
StrCmpIW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

api-ms-win-appmodel-identity-l1-2-0

AppXGetOSMaxVersionTested

coremessaging

CoreUICreateEx
CoreUICreate
MsgStringCreateShared
MsgRelease
MsgBlobCreateShared

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathIsPrefixW
PathIsRelativeW

api-ms-win-core-winrt-registration-l1-1-0

RoGetActivatableClassRegistration

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchAppend
PathCchRemoveFileSpec

api-ms-win-core-file-l1-1-0

GetFileAttributesW

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
UnregisterWaitEx
CreateTimerQueueTimer

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W

profapi

ord102
ord101

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW

api-ms-win-security-sddlparsecond-l1-1-0

LocalGetStringForCondition

mpr

WNetGetConnectionW

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

combase

ord79
ord140
ord65
ord159

api-ms-win-shcore-stream-l1-1-0

IStream_Write

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-appmodel-state-l1-2-0

GetSystemAppDataKey
OpenStateExplicit
CloseState

Exports

Exports

DisableAppXDebuggingForPackage
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
EnableAppXDebuggingForPackage
FreeAppXLaunchContext
GetPackageExecutionContextForAumid
GetPackageExecutionContextForAumidAndUser
GetPackageExecutionContextForDeviceFamilyName
GetPackageExecutionContextForPackageByFullName
PostCreateProcessAppXActivation
PrepareAppXActivation
RegisterAppXPackageIfNecessary
RegisterAppXPackageIfNecessary2

Sections

.text
Size: 587KB - Virtual size: 586KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PROPAMAT/activeds.dll
.dll windows:10 windows x86

Password: 1234

a84d85413a75cd6302ee7e19425039c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

?terminate@@YAXXZ
memset
_ftol2_sse
memcmp
malloc
memcpy
free
_initterm
_except_handler4_common
_amsg_exit
_XcptFilter
iswspace
_wcsnicmp
_snwprintf_s
memcpy_s
wcstok
wcschr
wcscpy_s
swscanf_s
wcscat_s
swprintf_s
_wcsicmp
wcsncpy_s
__CxxFrameHandler3

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetUserDefaultLCID

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
TerminateProcess
GetCurrentProcessId
OpenThreadToken
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
RegGetKeySecurity
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegSetKeySecurity

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

ntdll

RtlNtStatusToDosError

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

adsldpc

FreeADsMem
AllocADsMem
AllocADsStr
ConvertU2TrusteeToSid
LdapCrackUserDNtoNTLMUser2
ConvertSidToString
ConvertSidToU2Trustee
GetServerAndPort
GetDomainDNSNameForDomain
ADsGetLastError
ADsSetLastError
ReallocADsMem
FreeADsStr

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ADsBuildEnumerator
ADsBuildVarArrayInt
ADsBuildVarArrayStr
ADsDecodeBinaryData
ADsEncodeBinaryData
ADsEnumerateNext
ADsFreeEnumerator
ADsGetLastError
ADsGetObject
ADsOpenObject
ADsSetLastError
AdsFreeAdsValues
AdsTypeToPropVariant
AdsTypeToPropVariant2
AllocADsMem
AllocADsStr
BinarySDToSecurityDescriptor
ConvertSecDescriptorToVariant
ConvertSecurityDescriptorToSecDes
ConvertTrusteeToSid
DllCanUnloadNow
DllGetClassObject
FreeADsMem
FreeADsStr
PropVariantToAdsType
PropVariantToAdsType2
ReallocADsMem
ReallocADsStr
SecurityDescriptorToBinarySD

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PROPAMAT/activeds.tlb
.dll windows:10 windows x86

Password: 1234

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PROPAMAT/batn.pg
.zip .js

Password: 1234
battle_royale_progression/extension.xml
battle_royale_progression/gui/gameface/_dist/production/BattleQuestAwardsView/BattleQuestAwardsView.css
battle_royale_progression/gui/gameface/_dist/production/BattleQuestAwardsView/BattleQuestAwardsView.html
.html
battle_royale_progression/gui/gameface/_dist/production/BattleQuestAwardsView/BattleQuestAwardsView.js
.js
battle_royale_progression/gui/gameface/_dist/production/ProgressionMainView/ProgressionMainView.css
battle_royale_progression/gui/gameface/_dist/production/ProgressionMainView/ProgressionMainView.html
.html
battle_royale_progression/gui/gameface/_dist/production/ProgressionMainView/ProgressionMainView.js
.js
battle_royale_progression/gui/gameface/_dist/production/lib/vendors.js
.js
battle_royale_progression/gui/gameface/_dist/production/lib/vendors.js.LICENSE.txt
battle_royale_progression/gui/gameface/styles/default.css
battle_royale_progression/gui/maps/backgrounds/main_bg.png
.png
battle_royale_progression/gui/maps/battleQuestAwards/bg_warning.png
.png
battle_royale_progression/gui/maps/battleQuestAwards/emblem_done_130_130.png
.png
battle_royale_progression/gui/maps/battleQuestAwards/emblem_done_150_150.png
.png
battle_royale_progression/gui/maps/battleQuestAwards/emblem_in_progress_130_130.png
.png
battle_royale_progression/gui/maps/battleQuestAwards/emblem_in_progress_150_150.png
.png
battle_royale_progression/gui/maps/battleQuestAwards/glow_done.png
.png
battle_royale_progression/gui/maps/battleQuestAwards/glow_in_progress.png
.png
battle_royale_progression/gui/maps/battleQuestAwards/glow_small.png
.png
battle_royale_progression/gui/maps/battleQuestAwards/gold_ribbon_1366.png
.png
battle_royale_progression/gui/maps/battleQuestAwards/gold_ribbon_1600.png
.png
battle_royale_progression/gui/maps/battleQuestAwards/gold_ribbon_1920.png
.png
battle_royale_progression/gui/maps/battleQuestAwards/main_bg.png
.png
battle_royale_progression/gui/maps/battleQuestAwards/mode_icon_glow.png
.png
battle_royale_progression/gui/maps/battleQuestAwards/radial_lines.png
.png
battle_royale_progression/gui/maps/battleQuestAwards/red_ribbon_1366.png
.png
battle_royale_progression/gui/maps/battleQuestAwards/red_ribbon_1600.png
.png
battle_royale_progression/gui/maps/battleQuestAwards/red_ribbon_1920.png
.png
battle_royale_progression/gui/maps/battleQuestAwards/splash.png
.png
battle_royale_progression/gui/maps/progression/arrow_button.png
.png
battle_royale_progression/gui/maps/progression/arrow_button_locked.png
.png
battle_royale_progression/gui/maps/progression/bg_big_timer.png
.png
battle_royale_progression/gui/maps/progression/bg_current_large.png
.png
battle_royale_progression/gui/maps/progression/bg_current_small.png
.png
battle_royale_progression/gui/maps/progression/bg_rare_light_current.png
.png
battle_royale_progression/gui/maps/progression/completed.png
.png
battle_royale_progression/gui/maps/progression/ellipse.png
.png
battle_royale_progression/gui/maps/progression/icon_now_rewards_title.png
.png
battle_royale_progression/gui/maps/progression/noise.png
.png
battle_royale_progression/gui/maps/progression/token_battle_royale.png
.png
battle_royale_progression/gui/messenger.xml
battle_royale_progression/scripts/client/BattleRoyaleProgressionPersonality.pyc
battle_royale_progression/scripts/client/__init__.pyc
battle_royale_progression/scripts/client/battle_royale_progression/__init__.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/__init__.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/game_control/__init__.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/game_control/awards_controller.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/game_control/progression_controller.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/gui_constants.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/impl/__init__.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/impl/gen/__init__.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/impl/gen/view_models/__init__.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/impl/gen/view_models/views/__init__.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/impl/gen/view_models/views/lobby/__init__.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/impl/gen/view_models/views/lobby/views/__init__.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/impl/gen/view_models/views/lobby/views/battle_quest_awards_model.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/impl/gen/view_models/views/lobby/views/battle_quests_model.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/impl/gen/view_models/views/lobby/views/progression/__init__.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/impl/gen/view_models/views/lobby/views/progression/progress_level_model.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/impl/gen/view_models/views/lobby/views/progression/progression_main_view_model.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/impl/gen/view_models/views/lobby/views/progression/progression_view_model.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/impl/gen/view_models/views/lobby/views/task_conditions_model.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/impl/lobby/__init__.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/impl/lobby/views/__init__.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/impl/lobby/views/battle_quest_awards_view.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/impl/lobby/views/bonus_packer.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/impl/lobby/views/progression_main_view.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/impl/lobby/views/progression_view.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/impl/lobby/views/quests_packer.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/shared/__init__.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/shared/event_dispatcher.pyc
battle_royale_progression/scripts/client/battle_royale_progression/gui/sounds_constants.pyc
battle_royale_progression/scripts/client/battle_royale_progression/messenger/__init__.pyc
battle_royale_progression/scripts/client/battle_royale_progression/messenger/formatters/__init__.pyc
battle_royale_progression/scripts/client/battle_royale_progression/messenger/formatters/service_channel.pyc
battle_royale_progression/scripts/client/battle_royale_progression/notification/__init__.pyc
battle_royale_progression/scripts/client/battle_royale_progression/notification/actions_handlers.pyc
battle_royale_progression/scripts/client/battle_royale_progression/notification/decorators.pyc
battle_royale_progression/scripts/client/battle_royale_progression/skeletons/__init__.pyc
battle_royale_progression/scripts/client/battle_royale_progression/skeletons/game_controller.pyc
PROPAMAT/de.dat
Setup.exe
.exe windows:6 windows x64

Password: 1234

46afc61b34fb8e20ac7399f0df86ba31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

InitializeCriticalSectionEx
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

Sections

.text
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

‹¿/.�
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

‹¿/.�
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

‹¿/.�
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 315KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Templates/AcGenral.dll
.dll windows:10 windows x86

Password: 1234

cfac9aa030965dc89cae24a8eff928cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

apphelp

SE_COM_AddHook
SE_COM_HookObject
SE_COM_Lookup
SE_COM_HookInterface
SE_CALLBACK_Lookup
SE_ShimDPF
SE_GetShimId
SdbInitDatabase
SdbGetPDBFromGUID
SdbResolveDatabase
SdbOpenLocalDatabase
SE_COM_AddServer
SE_CALLBACK_AddHook
SdbReleaseDatabase
SdbGetStringTagPtr
SdbFindNextTag
SdbFindFirstTag

msvcrt

memcmp
_local_unwind4
_CxxThrowException
memcpy
__CxxFrameHandler3
_wcsicmp
_vsnwprintf
_XcptFilter
_amsg_exit
free
malloc
_initterm
?terminate@@YAXXZ
_except_handler4_common
_lock
memmove
__dllonexit
_onexit
??1type_info@@UAE@XZ
_vscprintf
_wcsupr
wcspbrk
wcschr
wcscpy_s
towupper
towlower
iswctype
wcsspn
toupper
wcsrchr
memset
_unlock
strrchr
wcstoul
_errno
_wcsnicmp
strchr
strtoul
wcstol
atoi
_vscwprintf
_vsnprintf
wcsncmp
strtok
atol
wcsstr
_stricmp
strstr
qsort
_wtoi
wprintf
_wcslwr_s
_wcslwr
_wsplitpath_s
iswspace
swscanf_s
_strnicmp
strncmp
wcscat_s
wcstok_s
_tempnam

ntdll

RtlIsNameInExpression
RtlInitializeCriticalSection
NtQueryInformationThread
NtQueryVirtualMemory
NtProtectVirtualMemory
DbgPrint
NtSetInformationProcess
NtClose
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlUnicodeStringToInteger
RtlInitUnicodeString
RtlGUIDFromString
RtlIsDosDeviceName_U
RtlCreateServiceSid
RtlGetNtSystemRoot
RtlDosPathNameToNtPathName_U
NtOpenFile
NtQuerySecurityObject
RtlGetOwnerSecurityDescriptor
RtlEqualSid
NtOpenKey
NtQueryValueKey
NtCreateKey
NtSetValueKey
RtlFormatCurrentUserKeyPath
NtQueryObject
NtConnectPort
NtQueryVolumeInformationFile
RtlFreeUnicodeString
RtlOemStringToUnicodeString
RtlNtStatusToDosError
RtlImageNtHeader
RtlReAllocateHeap
RtlSubAuthoritySid
NtRequestWaitReplyPort
RtlGetDaclSecurityDescriptor
RtlSubAuthorityCountSid
NtQueryInformationToken
RtlFreeHeap
RtlAllocateHeap
RtlIdentifierAuthoritySid
RtlLengthRequiredSid
NtOpenThreadToken
NtOpenProcessToken
RtlInitializeSid
NtQueryInformationProcess

api-ms-win-service-core-l1-1-1

EnumDependentServicesW

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW
CreateServiceW
StartServiceW
DeleteService

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW
QueryServiceStatusEx

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

shlwapi

SHGetValueW
SHStrDupW
ord619
SHDeleteKeyW

uxtheme

SetThemeAppProperties
ord67

user32

AllowSetForegroundWindow
MsgWaitForMultipleObjects
PeekMessageW
SetWindowsHookExAW
SetCursor
GetWindowLongA
mouse_event
GetForegroundWindow
ShowWindow
InvalidateRect
SetForegroundWindow
PostMessageW
GetAncestor
GetClassNameW
EmptyClipboard
CharUpperW
DestroyIcon
CreateIconIndirect
GetIconInfo
SetPropW
RemovePropW
PostQuitMessage
RegisterWindowMessageA
EnumDesktopWindows
GetWindowTextA
GetWindowTextLengthA
ScreenToClient
GetWindowInfo
IsWindowVisible
GetWindow
IsChild
WindowFromDC
GetUpdateRgn
ShowCursor
GetActiveWindow
DefWindowProcA
GetShellWindow
SystemParametersInfoA
CloseDesktop
CharNextA
SetThreadDesktop
OpenInputDesktop
EnumDisplayDevicesW
ReleaseDC
GetDC
CallNextHookEx
GetKeyState
SetWindowsHookExA
DispatchMessageW
TranslateMessage
GetMessageW
SetSystemCursor
DestroyCursor
CopyIcon
LoadCursorW
GetWindowLongW
CallWindowProcA
EnumDisplaySettingsW
SendMessageW
RegisterSuspendResumeNotification
GetParent
SetWindowPos
GetWindowRect
GetDesktopWindow
GetMonitorInfoW
MonitorFromRect
GetSystemMetrics
SetRect
SystemParametersInfoW
GetWindowThreadProcessId
GetGUIThreadInfo
wvsprintfA
ChangeWindowMessageFilterEx
ChangeDisplaySettingsA
EnumDisplaySettingsA
SetDlgItemTextA
IsWindow
GetClientRect
IsCharAlphaA
GetPropW

gdi32

SelectPalette
RealizePalette
DeleteObject
GetCurrentObject
GetPaletteEntries
GetClipBox
CreateRectRgnIndirect
CreatePalette
CreateRectRgn
SetRectRgn
CombineRgn
GetStockObject
CreateDIBSection
GetObjectW
CreateCompatibleDC
GetRgnBox
SelectObject
SetSystemPaletteUse
SetViewportOrgEx
DeleteDC
BitBlt
CreateDCW
GetDeviceCaps

winmm

mciSendCommandA

samcli

NetLocalGroupAddMembers
NetLocalGroupAdd

ole32

CoUninitialize
CoInitialize
CoGetObject
CoTaskMemFree
StringFromCLSID
StringFromGUID2
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
RegisterTypeLibForUser

msacm32

acmStreamOpen
acmStreamSize

version

GetFileVersionInfoExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shell32

SHGetFolderPathEx
SHGetFolderPathW
SHChangeNotify
SHCreateDirectoryExW
SHGetSpecialFolderPathA
ShellExecuteExA
SHGetMalloc
ShellExecuteExW
ord165
SHGetSpecialFolderPathW

userenv

GetUserProfileDirectoryA
GetUserProfileDirectoryW
GetAllUsersProfileDirectoryW

dwmapi

DwmIsCompositionEnabled

urlmon

CoInternetSetFeatureEnabled

kernel32

GetDriveTypeA
WritePrivateProfileStringW
GetPrivateProfileStringW
CompareStringOrdinal
CompareStringW
CompareStringA
IsDBCSLeadByteEx
lstrlenA
GetLocaleInfoW
IsValidLocale
lstrcmpA
GetVolumeInformationW
DeviceIoControl
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetProcessAffinityMask
GetLogicalProcessorInformationEx
GetCurrentProcessorNumberEx
GetModuleHandleA
CheckElevationEnabled
ExpandEnvironmentStringsW
GetUserDefaultUILanguage
ResumeThread
WriteProcessMemory
DuplicateHandle
VirtualAllocEx
ReadProcessMemory
OpenProcess
GetSystemInfo
GetWindowsDirectoryW
lstrcmpW
FormatMessageW
QueryPerformanceFrequency
GetSystemTime
ReadFile
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetSystemWindowsDirectoryW
AddDllDirectory
IsNLSDefinedString
FindNLSStringEx
WideCharToMultiByte
HeapReAlloc
FindNextFileA
InitializeCriticalSection
OutputDebugStringA
RaiseException
SearchPathA
QueryActCtxSettingsW
GetShortPathNameW
GetLongPathNameW
GetFullPathNameW
GetTempPathW
GetTempFileNameW
SearchPathW
lstrcmpiW
GlobalAlloc
ResolveDelayLoadedAPI
DelayLoadFailureHook
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
ProcessIdToSessionId
CreateActCtxW
LCMapStringEx
GetLocaleInfoEx
LCIDToLocaleName
CompareStringEx
GetTickCount64
GetBinaryTypeW
GetShortPathNameA
Module32First
CreateToolhelp32Snapshot
SetEvent
ResetEvent
WaitForMultipleObjects
CreateEventW
LoadLibraryA
GetSystemDirectoryA
CreateThread
ReleaseActCtx
QueryActCtxW
SetThreadPriority
SetThreadPriorityBoost
GetVersionExW
GetCommandLineW
GetDiskFreeSpaceExW
GetDiskFreeSpaceExA
GlobalFree
GetUserDefaultLCID
FreeLibrary
LoadLibraryExW
SetEnvironmentVariableA
FlushFileBuffers
DeleteFileW
FreeResource
GetFileSize
MapViewOfFile
UnmapViewOfFile
SetFileAttributesA
CopyFileA
MoveFileA
GetFileAttributesA
GetEnvironmentVariableA
MultiByteToWideChar
FindResourceW
CloseHandle
OpenMutexW
GetCurrentProcessId
CreateMutexW
Sleep
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
GetProcAddress
HeapAlloc
GetProcessHeap
GetCommandLineA
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateProcessA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
HeapSize
HeapValidate
InitializeCriticalSectionAndSpinCount
VirtualAlloc
VirtualFree
SetProcessInformation
IsWow64Process
WaitForSingleObject
GetExitCodeProcess
GetModuleFileNameW
HeapFree
GetCurrentThread
CreateFileMappingA
CreateFileMappingW
GetLastError
LocalFree
GetDriveTypeW
CopyFileW
SetFileAttributesW
GetSystemDirectoryW
LoadLibraryW
MoveFileExW
GetTempPathA
GetTempFileNameA
CreateProcessW
WriteFile
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
GetLogicalDrives
lstrlenW
FindResourceA
SizeofResource
LocalAlloc
LoadResource
LockResource
CreateFileA
DeleteFileA
SetErrorMode
SetLastError
GetCurrentDirectoryW
IsDBCSLeadByte
IsBadWritePtr
IsBadReadPtr
IsBadStringPtrA
IsBadStringPtrW
VirtualQuery
VirtualProtect
GlobalMemoryStatusEx
GetModuleFileNameA
CreateFileW
DeleteCriticalSection

advapi32

RegSetKeySecurity
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegSetValueExW
RegEnumKeyExW
ConvertStringSidToSidW
LookupAccountSidW
RegOpenKeyExA
RegQueryValueExA
SetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
OpenProcessToken
LookupPrivilegeValueW
QueryServiceStatus
GetTokenInformation
CheckTokenMembership
RegUnLoadKeyW
RegLoadKeyW
GetNamedSecurityInfoW
RegGetValueW
FreeSid
AllocateAndInitializeSid
EqualSid
GetAclInformation
SetEntriesInAclW
GetExplicitEntriesFromAclW
GetAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AdjustTokenPrivileges
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorLength
RegGetKeySecurity
LsaClose
LsaAddAccountRights
LsaNtStatusToWinError
LsaOpenPolicy
CreateWellKnownSid
RegSetValueExA
RegDeleteValueW
RegDeleteKeyExW
RegOpenKeyExW

winspool.drv

OpenPrinterA
ord201
GetPrinterA
ClosePrinter
EnumPrintersA

rpcrt4

RpcBindingSetAuthInfoExW
I_RpcExceptionFilter
RpcAsyncCompleteCall
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcAsyncInitializeHandle
NdrAsyncClientCall
RpcStringFreeW
RpcAsyncCancelCall
RpcBindingFree

mpr

WNetGetConnectionW

sspicli

GetUserNameExW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

GetHookAPIs
NotifyShims

Sections

.text
Size: 673KB - Virtual size: 673KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEXT
Size: 512B - Virtual size: 237B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Templates/AcLayers.dll
.dll windows:10 windows x86

Password: 1234

d8b4bde806a7d2da00a2d12d72eea15b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

apphelp

SE_COM_AddServer
SE_COM_HookObject
SE_COM_Lookup
SE_ShimDPF
SE_COM_AddHook
SE_GetShimId

msvcrt

memcpy
memcmp
_CxxThrowException
memmove
__CxxFrameHandler3
_wcsicmp
_vscwprintf
_vsnwprintf
_vsnprintf
_stricmp
atol
strstr
sprintf_s
vsprintf_s
sscanf_s
wcsncmp
_wcsnicmp
_scwprintf
wcsrchr
wcsspn
iswctype
towlower
wcscpy_s
wcscat_s
wcschr
wcspbrk
_wcslwr
wcsstr
_vscprintf
iswspace
_XcptFilter
_amsg_exit
free
malloc
_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler4_common
memset

ntdll

RtlAllocateHeap
RtlFreeHeap
NtQueryKey
RtlNtStatusToDosError
RtlInitUnicodeString
RtlEqualUnicodeString
RtlImageNtHeader
NtClose
RtlReportException
NtTerminateProcess
RtlRaiseException
NtQueryInformationProcess
RtlUniform
RtlValidateHeap
RtlCaptureStackBackTrace
RtlCaptureContext
WinSqmAddToStream
NtOpenFile
NtQueryObject
LdrAccessResource
NtQuerySystemInformation
RtlLengthRequiredSid
RtlInitializeSid
NtQueryInformationToken
RtlSubAuthoritySid
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString
RtlMultiByteToUnicodeN
RtlUnicodeToMultiByteSize
RtlUnicodeToMultiByteN
NtOpenKey
NtQueryValueKey
RtlGetOwnerSecurityDescriptor
RtlEqualSid
RtlAppendUnicodeToString
RtlFormatCurrentUserKeyPath
RtlGetLastNtStatus
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlCreateServiceSid
RtlGetNtSystemRoot
RtlDosPathNameToNtPathName_U
NtQuerySecurityObject

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExA
RegGetKeySecurity
RegDeleteKeyExW
RegEnumKeyExW
RegOpenKeyExW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
GetTokenInformation
GetAce
CheckTokenMembership
GetFileSecurityW
CopySid
AllocateAndInitializeSid
GetAclInformation
FreeSid

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

user32

AllowSetForegroundWindow
MsgWaitForMultipleObjects
CharUpperW
EnumDisplaySettingsW
GetCapture
ScreenToClient
GetAncestor
WindowFromPoint
InvalidateRect
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
KillTimer
EndPaint
BeginPaint
DefWindowProcW
GetSystemMetrics
PostQuitMessage
SetWindowPos
ChangeDisplaySettingsA
EnumDisplaySettingsA
GetWindowThreadProcessId
GetGUIThreadInfo
GetDesktopWindow
GetMonitorInfoW
PeekMessageW
SetCursor
EnableWindow
SetLayeredWindowAttributes

gdi32

GdiFlush
CreateCompatibleDC
CreateDIBSection
GetDIBits
DeleteObject
DeleteDC
CreateSolidBrush
OffsetWindowOrgEx
CreateCompatibleBitmap
SelectObject
OffsetClipRgn
OffsetRgn
GetObjectType

shell32

ShellExecuteExW
SHGetFolderPathW
SHGetFolderPathA

shlwapi

StrChrA
StrRChrA
StrCmpNA
ord10
ord9
ord8
StrStrIA
StrCSpnA
StrToIntA
StrChrW
StrRChrW
StrCmpNW
ord7
StrStrW
ord346
StrCSpnW
StrToIntW
StrChrIA
StrChrIW
StrRChrIA
StrRChrIW
StrRStrIA
StrRStrIW
StrCSpnIA
StrCSpnIW
IntlStrEqWorkerA
IntlStrEqWorkerW
PathFindFileNameW
StrCmpNIW
StrRetToBufW
StrStrA
StrCmpNIA
StrStrIW

oleaut32

SysReAllocString

mpr

WNetGetConnectionW

kernel32

WaitForSingleObject
GetCommandLineW
ReadFile
CancelIo
OutputDebugStringA
InitializeCriticalSection
CreateEventW
DeleteCriticalSection
SetNamedPipeHandleState
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
InitializeSRWLock
GetCurrentThread
WerRegisterMemoryBlock
CreateProcessW
IsDebuggerPresent
IsWow64Process
ProcessIdToSessionId
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DelayLoadFailureHook
ResolveDelayLoadedAPI
SearchPathW
GetFullPathNameW
GetCurrentDirectoryW
CreateMutexW
OpenMutexW
CreateActCtxW
GetTempFileNameW
GetTempFileNameA
GetTempPathA
GetFileSize
SetFilePointer
CreateFileW
GetVolumeNameForVolumeMountPointW
GetSystemDirectoryW
GetModuleFileNameW
GetWindowsDirectoryW
GetDriveTypeW
GetLogicalDriveStringsW
QueryPerformanceFrequency
QueryPerformanceCounter
WaitForSingleObjectEx
CreateThread
ResetEvent
SetEvent
GetFileAttributesW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
lstrcmpA
RegisterApplicationRestart
GetApplicationRestartSettings
ExpandEnvironmentStringsA
TlsAlloc
GetShortPathNameW
TlsSetValue
GetShortPathNameA
lstrcmpiA
TlsGetValue
GetVersionExW
CompareStringW
CompareStringA
FindClose
FindNextFileW
FindFirstFileW
CreateDirectoryW
GetTempPathW
DeleteFileW
CopyFileW
DeleteFileA
CopyFileA
QueryFullProcessImageNameW
LoadLibraryW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
GetCurrentThreadId
AcquireSRWLockShared
AddAtomW
FindNLSStringEx
IsNLSDefinedString
HeapReAlloc
LCMapStringEx
HeapFree
MultiByteToWideChar
GetProcessHeap
HeapAlloc
GetLocaleInfoEx
CompareStringEx
LCIDToLocaleName
WideCharToMultiByte
ExpandEnvironmentStringsW
DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
ResumeThread
SetLastError
ReleaseActCtx
QueryActCtxW
GetCurrentActCtx
LocalFree
LocalAlloc
GetLastError
ExitProcess
GetCurrentProcess
GetModuleHandleW
GetSystemFirmwareTable
CloseHandle
CreateFileA
Sleep
GetCurrentProcessId
IsBadReadPtr
GetEnvironmentVariableA
SetEnvironmentVariableA
WriteFile
GetStartupInfoA
LoadLibraryA
GetProcAddress
GetCommandLineA
GetModuleHandleA
GetVersion
WaitForDebugEvent
ReadProcessMemory
WriteProcessMemory

setupapi

PnpIsFilePnpDriver

sfc

SfcIsFileProtected
SfcIsKeyProtected

winspool.drv

ord203

rpcrt4

RpcBindingFromStringBindingW
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
RpcStringFreeW
RpcAsyncCancelCall
RpcBindingFree
RpcBindingSetAuthInfoExW
NdrAsyncClientCall

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

GetHookAPIs
NotifyShims

Sections

.text
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Templates/acledit.dll
.dll windows:10 windows x86

73b56fcaa206b14596a4684588e01d6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_except_handler4_common
_initterm
malloc
free
_amsg_exit
_XcptFilter
memset

user32

MessageBoxW
LoadStringW

kernel32

TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls

Exports

Exports

DllMain
EditAuditInfo
EditOwnerInfo
EditPermissionInfo
FMExtensionProcW
SedDiscretionaryAclEditor
SedSystemAclEditor
SedTakeOwnership

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 674B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Templates/aclui.dll
.dll windows:10 windows x86

0314d8dbe7713e425b31788a84d5fd91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcstok_s
_wcsnicmp
_wcstoui64
_ultow_s
iswctype
wcstoul
swprintf_s
wcsncpy_s
_ultow
_ui64tow_s
_i64tow_s
_CxxThrowException
_wcstoi64
memcpy_s
??1exception@@UAE@XZ
__RTDynamicCast
_ftol2_sse
floor
memcmp
memcpy
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_vsnprintf_s
__CxxFrameHandler3
free
_vsnwprintf
wcschr
memmove_s
_itow_s
wcsncmp
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
wcspbrk
wcsspn
wcscspn
iswspace
wcscpy_s
malloc
wcsrchr
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UAE@XZ
_errno
realloc
_except_handler4_common
memmove
wcsnlen
memset

shell32

ord259
ord258
ord6

shlwapi

PathAppendW
ord628
ord12
ord165
ord219
StrChrW
StrRChrW

advapi32

EventWrite
InitializeAcl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
EqualPrefixSid
AllocateAndInitializeSid
EqualSid
GetLengthSid
IsValidSid
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
SetThreadToken
AdjustTokenPrivileges
DuplicateTokenEx
OpenThreadToken
LsaGetAppliedCAPIDs
GetWindowsAccountDomainSid
LsaLookupSids
GetSidSubAuthority
IsValidAcl
IsValidSecurityDescriptor
IsWellKnownSid
LookupAccountSidW
DeleteAce
LookupAccountNameW
OpenProcessToken
GetSidSubAuthorityCount
LsaOpenPolicy
AddConditionalAce
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
AddAccessAllowedAce
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
CopySid
EventUnregister
EventRegister
GetAce
LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
InitializeSecurityDescriptor

gdi32

CreateDIBSection
DeleteObject
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
SetTextColor
SetBkColor
SetBkMode
GetObjectW
CreateFontIndirectW

kernel32

LoadLibraryExW
CreateThread
FreeLibrary
FreeLibraryAndExitThread
HeapReAlloc
GetCurrentProcess
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
GlobalLock
GlobalUnlock
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
lstrcmpiW
HeapSize
HeapDestroy
VirtualFree
VirtualAlloc
LoadLibraryExA
EncodePointer
DecodePointer
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
OutputDebugStringA
lstrcmpW
FindResourceW
GetCurrentThread
CreateActCtxW
ActivateActCtx
DeactivateActCtx
DelayLoadFailureHook
ResolveDelayLoadedAPI
ReleaseActCtx
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
LocalAlloc
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
LocalFree
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
TlsGetValue
EnterCriticalSection
LeaveCriticalSection
RaiseException
MulDiv
InitOnceExecuteOnce
CompareStringW
CheckElevationEnabled
CreateThreadpoolWait
SetThreadpoolWait
AcquireSRWLockShared
ReleaseSRWLockShared
SetEvent
CompareStringEx
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceExW
DisableThreadLibraryCalls
InitializeCriticalSection
TlsAlloc
TlsFree
DeleteCriticalSection
LocalReAlloc

ntdll

EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlLengthSid
RtlCreateUnicodeString
RtlFreeUnicodeString
RtlIsPackageSid
RtlInitializeCriticalSectionEx
RtlDeleteCriticalSection
RtlGetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlEqualSid
RtlFirstFreeAce
RtlAddAccessDeniedObjectAce
RtlAddAccessAllowedObjectAce
RtlAddAccessDeniedAceEx
RtlCopySid
RtlAbsoluteToSelfRelativeSD
RtlGetGroupSecurityDescriptor
RtlAddAce
RtlSubAuthorityCountSid
RtlGetOwnerSecurityDescriptor
RtlAddAccessAllowedAceEx
RtlAddAuditAccessAceEx
RtlGetAce
RtlConvertSidToUnicodeString
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
RtlAddAuditAccessObjectAce
RtlGetControlSecurityDescriptor
RtlInitializeSid
RtlSetOwnerSecurityDescriptor
RtlValidSid
RtlSetSaclSecurityDescriptor
RtlValidAcl
RtlRunOnceExecuteOnce
EtwTraceMessage
RtlGetSaclSecurityDescriptor
RtlNtStatusToDosErrorNoTeb
RtlNtStatusToDosError
RtlEqualUnicodeString
RtlGetNtProductType
RtlInitUnicodeString
RtlAddScopedPolicyIDAce
RtlCreateAcl
WinSqmIsOptedIn
WinSqmEndSession
WinSqmSetString
WinSqmStartSession
WinSqmIsOptedInEx
WinSqmSetDWORD
WinSqmIncrementDWORD
WinSqmAddToStream
RtlIsCapabilitySid

ntdsapi

DsBindWithSpnExW
DsFreeNameResultW
DsCrackNamesW
DsUnBindW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
CoGetMalloc
CoTaskMemRealloc
ReleaseStgMedium
CoCreateGuid

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SysReAllocStringLen
SysAllocStringLen
SysAllocString
SysFreeString

user32

GetParent
EnableWindow
SetDlgItemTextW
SetWindowPos
MapWindowPoints
ShowWindow
GetDlgItem
LoadCursorW
SetCursor
SendDlgItemMessageW
SendMessageW
DestroyWindow
LoadStringW
GetDlgItemTextW
SetWindowLongW
PostMessageW
EndDialog
GetActiveWindow
SetWindowTextW
DialogBoxParamW
ReleaseDC
GetDC
RedrawWindow
IsWindowEnabled
GetWindowLongW
MessageBoxW
LoadIconW
GetAncestor
LoadImageW
RegisterWindowMessageW
GetWindow
GetWindowPlacement
GetFocus
SetFocus
IsWindowVisible
GetClientRect
GetWindowRect
SetWindowPlacement
RegisterClassW
UnregisterClassW
MapDialogRect
SystemParametersInfoW
UnregisterClassA
DrawTextW
RegisterClipboardFormatW
ClientToScreen
KillTimer
SetTimer
keybd_event
CreateWindowExW
EnumDisplaySettingsW
DrawFocusRect
GetSysColor
GetSysColorBrush
FrameRect
InflateRect
ShowScrollBar
MoveWindow
OffsetRect
CallWindowProcW
SetScrollInfo
ScrollWindow
SetScrollPos
GetScrollInfo
DefWindowProcW
GetDlgCtrlID
DestroyIcon
GetSystemMetrics

xmllite

CreateXmlReader

Exports

Exports

CreateSecurityPage
EditConditionalAceClaims
EditResourceCondition
EditSecurity
EditSecurityAdvanced
GetLocalizedStringForCondition
GetTlsIndexForClaimDictionary
IID_ISecurityInformation

Sections

.text
Size: 377KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Templates/acppage.dll
.dll windows:10 windows x86

0f7acee614453223947ba7cd29cb1642

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcschr
wcsncmp
_wcslwr
wcscat_s
_purecall
sscanf_s
memcpy
wcsrchr
memmove
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
wcscpy_s
_callnewh
malloc
free
_wcsnicmp
wcsstr
_wcsupr
_wcsicmp
_vsnwprintf
memcmp
memset

ntdll

ZwQueryValueKey
RtlInitUnicodeStringEx
ZwOpenKey
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
ZwClose
ZwEnumerateKey
RtlReAllocateHeap
NtQuerySection
RtlNtStatusToDosError
NtCreateSection
RtlImageRvaToVa
RtlImageDirectoryEntryToData
RtlFreeHeap
RtlAllocateHeap
NtOpenThreadToken
NtClose
NtQueryInformationToken
NtOpenProcessToken
RtlIsPartialPlaceholder
RtlInitUnicodeString

kernel32

GetLocalTime
CreateFileMappingW
MapViewOfFile
FileTimeToSystemTime
GetFileTime
GetVersionExW
QueryActCtxW
UnmapViewOfFile
SystemTimeToFileTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
FindFirstFileW
FindClose
GetLastError
lstrcmpiA
RegQueryValueExW
HeapFree
BasepGetExeArchType
ExpandEnvironmentStringsW
EncodePointer
RegOpenKeyExW
CreateFileW
GetSystemDirectoryW
CloseHandle
LoadLibraryW
HeapAlloc
DecodePointer
CheckElevationEnabled
GetProcAddress
LocalFree
GetProcessHeap
CreateProcessW
RegCloseKey
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
LoadLibraryExW
GetModuleFileNameW
FreeLibrary
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
GetModuleHandleW

user32

GetWindowLongW
SendMessageW
EndDialog
GetSystemMetrics
SetWindowTextW
SendDlgItemMessageW
SetThreadDpiAwarenessContext
IsWindowEnabled
SetWindowLongW
GetDlgItem
GetParent
EnableWindow
GetWindowTextW
LoadStringA
DialogBoxParamW
LoadStringW
InsertMenuW

shlwapi

StrCmpIW
PathFindFileNameW
PathFindExtensionW
ord176

advapi32

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

shell32

SHGetItemFromDataObject
SHChangeNotify
SHGetNameFromIDList
ShellExecuteW
ord155
SHParseDisplayName
SHGetPathFromIDListW

ole32

CoTaskMemFree
CoCreateInstance
HWND_UserMarshal
StringFromGUID2
HWND_UserFree
HWND_UserUnmarshal
ObjectStublessClient3
HWND_UserSize
CoGetObject

rpcrt4

CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_QueryInterface
NdrDllGetClassObject
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrCStdStubBuffer_Release
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_Invoke

sfc

SfcIsFileProtected

msi

ord173
ord201

aepic

PicFreeFileInfo
PicRetrieveFileInfo

apphelp

SdbQueryFlagMask
SdbGetPathSystemSdb
SdbInitDatabase
SdbGetMatchingExe
SdbReleaseDatabase

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetExeFromLnk

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

2392a4dd077a2bf1ca79f5370d98befe

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-propertysetprivate-l1-1-1

api-ms-win-shcore-taskpool-l1-1-0

combase

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

Password: 1234

01ffae27bd2f4006b1c9da2adb5b805c

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-eventing-provider-l1-1-0

ntdll

api-ms-win-core-util-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-appmodel-runtime-internal-l1-1-3

api-ms-win-appmodel-runtime-internal-l1-1-4

api-ms-win-appmodel-runtime-internal-l1-1-1

api-ms-win-appmodel-runtime-internal-l1-1-0

api-ms-win-appmodel-runtime-internal-l1-1-6

api-ms-win-appmodel-runtime-internal-l1-1-2

.text
Size: 32KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 587KB - Virtual size: 586KB

.data
Size: 2KB - Virtual size: 4KB

.idata
Size: 17KB - Virtual size: 17KB

.didat
Size: 512B - Virtual size: 416B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 32KB