General

Malware Config

Signatures

Files

• 0da59c6cad3dc76c1fdad012825408034b900a830bd45c885378b8c77db5680c

  .zip
• 360hbtheme.dll

  .dll windows:6 windows x64

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DLL

  Exports

  Exports

  ?CloseManagers@@YAX_N@Z

  ?DllExecuteNamedCommand@@YA_NPEB_W@Z

  ?DllExportSettingsXml@@YA_NPEB_W@Z

  ?DllGetSettingBool@@YA_NPEB_W@Z

  ?DllGetSettingInt@@YAHPEB_W@Z

  ?DllImportSettingsXml@@YA_NPEB_W@Z

  ?DllLoadStringEx@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@H@Z

  ?DllLogToFile@@YAXPEB_W0ZZ

  ?DllUpdateSettings@@YAXXZ

  ?EditSettings@@YAX_NH@Z

  ?FindTaskBar@@YAPEAUHWND__@@K@Z

  ?HookInject@@YA_JH_K_J@Z

  ?InitManagers@@YAX_N@Z

  ?MiniDumpType@@3W4_MINIDUMP_TYPE@@A

  ?ToggleStartMenu@@YAPEAUHWND__@@H_N@Z

  ?TopLevelFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z

  ?WaitDllInitThread@@YAXXZ

  ?g_OwnerWindow@@3PEAUHWND__@@EA

  ?g_TaskBar@@3PEAUHWND__@@EA

  Sections

  Size: 87KB - Virtual size: 161KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  Size: 34KB - Virtual size: 76KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 1024B - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 5KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 512B - Virtual size: 348B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 512B - Virtual size: 248B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 1KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .edata

  Size: 2KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .idata

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .themida

  Size: 18.0MB - Virtual size: 18.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• 360hbtheme.exe

  .exe windows:6 windows x64

  61fbf438d521e1d78aadba43af5233ec

  
  

  Code Sign

  77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed

  Certificate

  Issuer

  CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

  Not Before

  28-07-2020 00:00

  Not After

  28-07-2030 00:00

  Subject

  CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  29:5b:f8:6e:85:26:53:40:33:13:83:7b

  Certificate

  Issuer

  CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

  Not Before

  26-04-2023 03:04

  Not After

  26-04-2026 03:04

  Subject

  SERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  14-07-2023 00:00

  Not After

  13-10-2034 23:59

  Subject

  CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  9b:c0:ff:81:1b:87:ba:d2:32:ab:76:7c:06:39:53:d3:1f:36:3b:51:c3:dc:56:77:38:ec:f6:84:f8:a9:9a:5c

  Signer

  Actual PE Digest

  9b:c0:ff:81:1b:87:ba:d2:32:ab:76:7c:06:39:53:d3:1f:36:3b:51:c3:dc:56:77:38:ec:f6:84:f8:a9:9a:5c

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  DecodePointer

  HeapAlloc

  HeapReAlloc

  GetProcessHeap

  WriteConsoleW

  HeapSize

  SetStdHandle

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineW

  FormatMessageW

  GetOEMCP

  GetACP

  IsValidCodePage

  GetStringTypeW

  GetConsoleOutputCP

  GetConsoleMode

  SetFilePointerEx

  HeapFree

  SetLastError

  RaiseException

  ReleaseMutex

  CreateMutexW

  SetUnhandledExceptionFilter

  FlushFileBuffers

  SetCurrentDirectoryW

  LCMapStringW

  FlsFree

  FlsSetValue

  FlsGetValue

  FlsAlloc

  GetFileType

  GetStdHandle

  GetModuleHandleExW

  ExitProcess

  GetExitCodeProcess

  WaitForSingleObject

  CreateProcessW

  GetModuleFileNameW

  GetFileAttributesW

  LeaveCriticalSection

  EnterCriticalSection

  GetCurrentThreadId

  InitializeCriticalSectionEx

  DeleteCriticalSection

  GetLastError

  CloseHandle

  K32GetModuleFileNameExW

  OpenProcess

  Sleep

  GetModuleHandleW

  GetCommandLineA

  GetProcAddress

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  InitializeCriticalSectionAndSpinCount

  RtlPcToFileHeader

  RtlUnwindEx

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  QueryPerformanceCounter

  GetStartupInfoW

  IsProcessorFeaturePresent

  TerminateProcess

  UnhandledExceptionFilter

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  FindResourceW

  LoadResource

  LockResource

  LoadLibraryExW

  FreeLibrary

  GetVersion

  FindFirstFileW

  FindClose

  GetCPInfo

  OutputDebugStringW

  MultiByteToWideChar

  WideCharToMultiByte

  CreateFileW

  FindNextFileW

  WriteFile

  EncodePointer

  InitializeSListHead

  InterlockedPopEntrySList

  InterlockedPushEntrySList

  GetCurrentProcess

  FlushInstructionCache

  VirtualAlloc

  VirtualFree

  LoadLibraryExA

  IsDebuggerPresent

  FindFirstFileExW

  user32

  PostMessageW

  CallWindowProcW

  DefWindowProcW

  SetWindowsHookExW

  GetWindowThreadProcessId

  GetWindowLongPtrW

  FindWindowExW

  FindWindowW

  UnhookWindowsHookEx

  SetWindowLongPtrW

  CreateWindowExW

  LoadCursorW

  GetClassInfoExW

  RegisterClassExW

  DestroyWindow

  GetMessageW

  IsWindow

  ChangeWindowMessageFilter

  AllowSetForegroundWindow

  GetUserObjectInformationW

  GetThreadDesktop

  GetKeyState

  DispatchMessageW

  TranslateMessage

  PeekMessageW

  MessageBoxW

  KillTimer

  SetTimer

  PostQuitMessage

  RegisterWindowMessageW

  UnregisterClassW

  advapi32

  RegSetValueExW

  RegQueryValueExW

  RegOpenKeyExW

  RegCloseKey

  GetUserNameW

  shell32

  ShellExecuteW

  SHEvaluateSystemCommandTemplate

  ShellExecuteExW

  DoEnvironmentSubstW

  ole32

  OleUninitialize

  OleInitialize

  CoUninitialize

  CoInitialize

  CoTaskMemFree

  360hbtheme

  ?DllUpdateSettings@@YAXXZ

  ?CloseManagers@@YAX_N@Z

  ?EditSettings@@YAX_NH@Z

  ?InitManagers@@YAX_N@Z

  ?TopLevelFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z

  ?MiniDumpType@@3W4_MINIDUMP_TYPE@@A

  ?DllExportSettingsXml@@YA_NPEB_W@Z

  ?DllImportSettingsXml@@YA_NPEB_W@Z

  ?DllExecuteNamedCommand@@YA_NPEB_W@Z

  ?DllGetSettingInt@@YAHPEB_W@Z

  ?DllGetSettingBool@@YA_NPEB_W@Z

  ?WaitDllInitThread@@YAXXZ

  ?DllLoadStringEx@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@H@Z

  ?HookInject@@YA_JH_K_J@Z

  ?g_TaskBar@@3PEAUHWND__@@EA

  ?ToggleStartMenu@@YAPEAUHWND__@@H_N@Z

  ?FindTaskBar@@YAPEAUHWND__@@K@Z

  ?DllLogToFile@@YAXPEB_W0ZZ

  shlwapi

  PathFileExistsW

  PathFindFileNameW

  Sections

  .text

  Size: 97KB - Virtual size: 97KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 61KB - Virtual size: 60KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 6KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  _RDATA

  Size: 512B - Virtual size: 348B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 36KB - Virtual size: 36KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• 360hbthemeOrg.dll

  .dll windows:6 windows x64

  254ea8b20e60777010a5e9db19b67265

  
  

  Code Sign

  77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed

  Certificate

  Issuer

  CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

  Not Before

  28-07-2020 00:00

  Not After

  28-07-2030 00:00

  Subject

  CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  29:5b:f8:6e:85:26:53:40:33:13:83:7b

  Certificate

  Issuer

  CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

  Not Before

  26-04-2023 03:04

  Not After

  26-04-2026 03:04

  Subject

  SERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  14-07-2023 00:00

  Not After

  13-10-2034 23:59

  Subject

  CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  e9:55:ec:22:7f:c3:23:57:1c:e1:99:01:67:c4:77:19:e3:59:72:d7:4d:b0:30:f9:85:cf:c3:bb:4a:82:da:33

  Signer

  Actual PE Digest

  e9:55:ec:22:7f:c3:23:57:1c:e1:99:01:67:c4:77:19:e3:59:72:d7:4d:b0:30:f9:85:cf:c3:bb:4a:82:da:33

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DLL

  Imports

  comctl32

  ImageList_Add

  ImageList_SetOverlayImage

  ImageList_AddMasked

  ImageList_Remove

  ImageList_Replace

  ImageList_DrawEx

  ImageList_ReplaceIcon

  ord345

  ImageList_Destroy

  HIMAGELIST_QueryInterface

  ImageList_SetImageCount

  ImageList_Create

  ord412

  ord410

  ImageList_GetIconSize

  ord413

  uxtheme

  SetWindowTheme

  EnableThemeDialogTexture

  DrawThemeParentBackground

  IsAppThemed

  OpenThemeData

  GetThemeColor

  DrawThemeBackground

  CloseThemeData

  GetThemePartSize

  GetWindowTheme

  DrawThemeTextEx

  DrawThemeText

  BeginBufferedPaint

  BufferedPaintSetAlpha

  EndBufferedPaint

  BeginPanningFeedback

  EndPanningFeedback

  UpdatePanningFeedback

  BufferedPaintUnInit

  BufferedPaintInit

  wtsapi32

  WTSDisconnectSession

  secur32

  GetUserNameExW

  msimg32

  AlphaBlend

  netapi32

  DsGetDcNameW

  NetApiBufferFree

  dwmapi

  DwmSetWindowAttribute

  DwmEnableBlurBehindWindow

  DwmExtendFrameIntoClientArea

  DwmIsCompositionEnabled

  powrprof

  SetSuspendState

  GetPwrCapabilities

  oleacc

  LresultFromObject

  CreateStdAccessibleObject

  winmm

  PlaySoundW

  propsys

  PSGetPropertyKeyFromName

  kernel32

  GetCurrentProcess

  CloseHandle

  TerminateProcess

  CreateThread

  WaitForSingleObject

  GlobalAddAtomW

  GetTickCount

  SetEvent

  FindResourceW

  LoadResource

  LockResource

  VirtualProtect

  SetUnhandledExceptionFilter

  OpenThread

  QueueUserAPC

  Sleep

  FreeLibraryAndExitThread

  ExpandEnvironmentStringsW

  CreateEventW

  GetModuleFileNameW

  AcquireSRWLockExclusive

  AcquireSRWLockShared

  ReleaseSRWLockExclusive

  ReleaseSRWLockShared

  GetFileSize

  GlobalAlloc

  GlobalLock

  GlobalUnlock

  ReadFile

  GlobalFree

  GlobalSize

  SizeofResource

  FindResourceExW

  MultiByteToWideChar

  CompareFileTime

  GetFileAttributesW

  InitializeSRWLock

  InitializeCriticalSection

  GetSystemTime

  FileTimeToSystemTime

  GetSystemTimeAsFileTime

  GetFileInformationByHandleEx

  GetFileAttributesExW

  FindFirstChangeNotificationW

  WaitForMultipleObjects

  FindNextChangeNotification

  ResetEvent

  FindCloseChangeNotification

  SetThreadPriority

  GetCurrentThread

  WriteFile

  SetFilePointer

  GetUserPreferredUILanguages

  MoveFileExW

  WideCharToMultiByte

  FormatMessageW

  LocalFree

  CreateProcessW

  SetFileTime

  GetTempPathW

  CreateDirectoryW

  CompareStringW

  CopyFileW

  QueryPerformanceCounter

  QueryPerformanceFrequency

  FindNLSStringEx

  GetEnvironmentVariableW

  LoadLibraryExW

  DecodePointer

  ExpandEnvironmentStringsA

  SetEndOfFile

  SetStdHandle

  GetStringTypeW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineW

  GetCommandLineA

  GetOEMCP

  GetACP

  IsValidCodePage

  FindFirstFileExW

  ReadConsoleW

  LCMapStringW

  FlushFileBuffers

  SetFilePointerEx

  GetFileSizeEx

  GetConsoleMode

  GetConsoleOutputCP

  GetFileType

  GetModuleHandleExW

  ExitProcess

  VirtualQuery

  GetSystemInfo

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  InitializeCriticalSectionAndSpinCount

  InterlockedFlushSList

  RtlPcToFileHeader

  RtlUnwindEx

  GetStartupInfoW

  IsProcessorFeaturePresent

  UnhandledExceptionFilter

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  SleepConditionVariableSRW

  WakeAllConditionVariable

  FlsFree

  FlsSetValue

  FlsGetValue

  FlsAlloc

  LoadLibraryExA

  FlushInstructionCache

  InterlockedPushEntrySList

  InterlockedPopEntrySList

  InitializeSListHead

  EncodePointer

  IsDebuggerPresent

  SystemTimeToFileTime

  GetCurrentDirectoryW

  LocalFileTimeToFileTime

  EnumResourceNamesW

  SetFileAttributesW

  VirtualFree

  VirtualAlloc

  GetVersion

  GetLocalTime

  WriteConsoleW

  GetStdHandle

  AttachConsole

  GetLocaleInfoW

  GetLocaleInfoEx

  GetUserDefaultUILanguage

  OutputDebugStringW

  GetCPInfo

  GetCurrentProcessId

  DeleteCriticalSection

  GetLastError

  InitializeCriticalSectionEx

  HeapDestroy

  HeapSize

  HeapReAlloc

  HeapFree

  HeapAlloc

  GetProcessHeap

  EnterCriticalSection

  GetCurrentThreadId

  LeaveCriticalSection

  RaiseException

  SetLastError

  FreeLibrary

  MulDiv

  RemoveDirectoryW

  FindFirstFileW

  FindClose

  DeleteFileW

  FindNextFileW

  GetProcAddress

  GetModuleHandleW

  LoadLibraryW

  CreateFileW

  user32

  SetGestureConfig

  SetActiveWindow

  GetCapture

  CloseGestureInfoHandle

  MapVirtualKeyW

  GetKeyNameTextW

  DestroyCursor

  GetGestureInfo

  wsprintfW

  ExitWindowsEx

  GetWindowPlacement

  IsZoomed

  GetSystemMenu

  IsChild

  LoadIconW

  UnregisterClassW

  GetFocus

  GetWindowRect

  DialogBoxParamW

  LockWorkStation

  SetScrollPos

  GetWindowTextW

  GetWindowTextLengthW

  LockSetForegroundWindow

  PeekMessageW

  TranslateMessage

  DispatchMessageW

  InsertMenuW

  GetMenuItemCount

  MapWindowPoints

  PtInRect

  ScreenToClient

  PostMessageW

  SetWindowLongPtrW

  GetWindowLongPtrW

  DefWindowProcW

  CallWindowProcW

  RegisterClassExW

  GetClassInfoExW

  LoadCursorW

  CreateWindowExW

  GetSystemMetrics

  LoadImageW

  SetWindowPos

  GetWindowLongW

  GetMenu

  AdjustWindowRectEx

  GetClientRect

  GetMenuItemID

  DeleteMenu

  SetMenuDefaultItem

  EnableMenuItem

  CheckMenuItem

  SetMenuItemInfoW

  GetMenuItemInfoW

  TrackPopupMenuEx

  ClientToScreen

  GetActiveWindow

  GetMessageW

  SetLayeredWindowAttributes

  SetCursor

  SetScrollInfo

  DestroyIcon

  CreateDialogIndirectParamW

  TrackPopupMenu

  AppendMenuW

  IsDialogMessageW

  IsDlgButtonChecked

  GetWindow

  CheckDlgButton

  MessageBoxW

  CreateIconIndirect

  SetWindowLongW

  DrawFocusRect

  DrawEdge

  SwitchToThisWindow

  GetForegroundWindow

  GetShellWindow

  ReleaseCapture

  SetCapture

  GetScrollPos

  UpdateWindow

  DestroyWindow

  KillTimer

  FillRect

  InflateRect

  DrawFrameControl

  DrawIconEx

  GetSysColor

  DrawTextW

  UpdateLayeredWindow

  SetTimer

  GetMessagePos

  WindowFromPoint

  SystemParametersInfoW

  SendMessageW

  GetParent

  MonitorFromPoint

  GetClassNameW

  GetWindowThreadProcessId

  EnumWindows

  FindWindowExW

  GetDesktopWindow

  EnumThreadWindows

  RegisterClipboardFormatW

  RegisterWindowMessageW

  IsWindow

  MonitorFromRect

  GetMonitorInfoW

  GetWindowRgnBox

  OffsetRect

  UnionRect

  ShowWindow

  InvalidateRect

  MonitorFromWindow

  FindWindowW

  EnumDisplayMonitors

  GetGUIThreadInfo

  NotifyWinEvent

  GetClassLongPtrW

  SetClassLongPtrW

  AdjustWindowRect

  SendDlgItemMessageW

  EndDialog

  GetDlgItemTextW

  SetDlgItemTextW

  SetWindowTextW

  PostQuitMessage

  GetMenuDefaultItem

  DestroyMenu

  CreatePopupMenu

  ReleaseDC

  GetDC

  GetIconInfo

  EnableWindow

  CopyImage

  GetClipboardFormatNameW

  CharUpperW

  TrackMouseEvent

  UnhookWindowsHookEx

  SetWindowsHookExW

  GetAncestor

  RedrawWindow

  GetPropW

  SendInput

  SetForegroundWindow

  EndPaint

  BeginPaint

  GetMessageTime

  PostThreadMessageW

  GetDlgItem

  GetKeyState

  SetFocus

  SetWindowRgn

  IntersectRect

  IsWindowVisible

  UnregisterHotKey

  RegisterHotKey

  CallNextHookEx

  gdi32

  GetTextMetricsW

  CreateFontIndirectW

  GetTextExtentPointW

  CreateBitmap

  CreateCompatibleBitmap

  OffsetViewportOrgEx

  GetTextExtentPoint32W

  Rectangle

  SetDCPenColor

  SelectClipRgn

  IntersectClipRect

  ExtCreateRegion

  GetRegionData

  OffsetRgn

  SetBkColor

  GetCurrentObject

  CombineRgn

  SetViewportOrgEx

  GetDIBits

  GetDeviceCaps

  SetDCBrushColor

  StretchBlt

  SetStretchBltMode

  StretchDIBits

  BitBlt

  CreateRectRgn

  CreateDIBSection

  GetObjectW

  DeleteDC

  SetBkMode

  SetTextColor

  GetStockObject

  SelectObject

  SetLayout

  CreateCompatibleDC

  DeleteObject

  CreateFontW

  comdlg32

  GetOpenFileNameW

  ChooseFontW

  GetSaveFileNameW

  ChooseColorW

  advapi32

  RegSetValueExW

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  GetTokenInformation

  InitiateShutdownW

  GetUserNameW

  RegEnumValueW

  RegDeleteValueW

  GetCurrentHwProfileW

  OpenSCManagerW

  RegCloseKey

  RegOpenKeyExA

  RegQueryValueExA

  RegOpenKeyExW

  RegQueryValueExW

  RegEnumKeyExW

  RegCreateKeyExW

  OpenServiceW

  OpenProcessToken

  QueryServiceStatus

  CloseServiceHandle

  shell32

  SHCreateItemInKnownFolder

  SHGetIDListFromObject

  ord18

  ord75

  SHGetPathFromIDListW

  DoEnvironmentSubstW

  SHAppBarMessage

  ShellExecuteW

  ord155

  ord17

  SHGetNameFromIDList

  ord152

  SHGetKnownFolderPath

  SHGetDesktopFolder

  SHBindToObject

  SHOpenFolderAndSelectItems

  ord47

  SHCreateItemWithParent

  ord100

  SHFileOperationW

  SHEvaluateSystemCommandTemplate

  ShellExecuteExW

  ord16

  ord21

  SHGetFileInfoW

  ord74

  ord25

  SHGetKnownFolderItem

  SHCreateDataObject

  ord88

  SHBindToParent

  ord727

  SHSetLocalizedName

  SHCreateShellItemArrayFromIDLists

  SHCreateItemFromParsingName

  SHGetKnownFolderIDList

  ord162

  ord165

  SHParseDisplayName

  ord23

  SHCreateItemFromIDList

  ExtractIconExW

  ExtractIconExA

  SHGetLocalizedName

  ord190

  SHCreateShellItemArrayFromDataObject

  ole32

  RevokeDragDrop

  RegisterDragDrop

  CoTaskMemFree

  CoInitialize

  CoUninitialize

  CoTaskMemAlloc

  StringFromCLSID

  PropVariantClear

  CLSIDFromProgID

  CLSIDFromString

  CoGetInterfaceAndReleaseStream

  CoMarshalInterThreadInterfaceInStream

  CoDisconnectContext

  OleInitialize

  OleUninitialize

  CoCreateInstance

  CreateBindCtx

  oleaut32

  SysStringLen

  SysAllocStringLen

  SysAllocString

  VariantClear

  VariantCopy

  VarCmp

  VariantInit

  SafeArrayDestroy

  SysAllocStringByteLen

  SysStringByteLen

  VariantChangeType

  SysFreeString

  shlwapi

  PathCombineW

  PathRemoveFileSpecW

  PathFileExistsW

  ord176

  PathFindFileNameW

  PathIsDirectoryW

  PathAppendW

  PathFindExtensionW

  PathIsNetworkPathW

  ord487

  PathIsDirectoryEmptyW

  StrCmpLogicalW

  AssocQueryStringW

  PathRemoveBackslashW

  PathMatchSpecW

  SHAutoComplete

  StrCmpW

  ord12

  PathUnExpandEnvStringsW

  PathRemoveExtensionW

  PathIsRootW

  StrStrIW

  StrRetToStrW

  wininet

  HttpOpenRequestW

  HttpSendRequestW

  InternetCrackUrlW

  InternetQueryOptionW

  InternetReadFile

  InternetCloseHandle

  HttpQueryInfoW

  InternetConnectW

  InternetOpenW

  Exports

  Exports

  ?CloseManagers@@YAX_N@Z

  ?DllExecuteNamedCommand@@YA_NPEB_W@Z

  ?DllExportSettingsXml@@YA_NPEB_W@Z

  ?DllGetSettingBool@@YA_NPEB_W@Z

  ?DllGetSettingInt@@YAHPEB_W@Z

  ?DllImportSettingsXml@@YA_NPEB_W@Z

  ?DllLoadStringEx@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@H@Z

  ?DllLogToFile@@YAXPEB_W0ZZ

  ?DllUpdateSettings@@YAXXZ

  ?EditSettings@@YAX_NH@Z

  ?FindTaskBar@@YAPEAUHWND__@@K@Z

  ?HookInject@@YA_JH_K_J@Z

  ?InitManagers@@YAX_N@Z

  ?MiniDumpType@@3W4_MINIDUMP_TYPE@@A

  ?ToggleStartMenu@@YAPEAUHWND__@@H_N@Z

  ?TopLevelFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z

  ?WaitDllInitThread@@YAXXZ

  ?g_OwnerWindow@@3PEAUHWND__@@EA

  ?g_TaskBar@@3PEAUHWND__@@EA

  Sections

  .text

  Size: 1.2MB - Virtual size: 1.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 274KB - Virtual size: 274KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 83KB - Virtual size: 153KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 33KB - Virtual size: 33KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  _RDATA

  Size: 512B - Virtual size: 348B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 775KB - Virtual size: 774KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• PLKE