Behavioral task
behavioral1
Sample
d75372d178f61a171fd8b644d5c083d3de596c99d9086dda69490409a327b7f3.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
d75372d178f61a171fd8b644d5c083d3de596c99d9086dda69490409a327b7f3.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
d75372d178f61a171fd8b644d5c083d3de596c99d9086dda69490409a327b7f3
-
Size
2.1MB
-
MD5
d8df182efecdb8fc35c4fbab5960e579
-
SHA1
775e5872133070eaee3a665156f36266c9e72102
-
SHA256
d75372d178f61a171fd8b644d5c083d3de596c99d9086dda69490409a327b7f3
-
SHA512
a7380a6f3dddc109ead69bbc6a62240f6ea2b934fbdb71d2e69e341826a689d41e0319520c6de9ac042679af1c50090d3e2da9cc91625a722e9c0f17f4097d65
-
SSDEEP
24576:NrA3gINMWZRO7w5TxXIb4uu0PQGGL0xkFeyD6AgBnu0P0GGL0xkFeyD6:xINNZRiw5TFpu2GGAcPDRiSGGAcPD
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_tcp
192.168.240.128:5110
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d75372d178f61a171fd8b644d5c083d3de596c99d9086dda69490409a327b7f3
Files
-
d75372d178f61a171fd8b644d5c083d3de596c99d9086dda69490409a327b7f3.exe windows:4 windows x86 arch:x86
c53f453a093f4fd7e73918ef405928e5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
adapt_for_imports
?AddCrashReportHelperFile@CrashReportLoader@crash_report@@QAEHPB_W00K@Z
?Uninit@CrashReportLoader@crash_report@@QAEXXZ
?Instance@CrashReportLoader@crash_report@@SAAAV12@XZ
?Init@CrashReportLoader@crash_report@@QAEXPB_W_K1HP6GHPAUtagCrashReportHelperCallbackInfo@@@Z0@Z
lua51
lua_type
lua_settop
lua_gettop
lua_pcall
lua_getfield
lua_pushstring
lua_tolstring
common
?reg_service@@YAXPBDV?$function@$$A6AXV?$shared_ptr@Umsg_base@@@std@@@Z@std@@PAX@Z
?reg_service@@YAXPBDV?$function@$$A6AXPBDAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@PAX@Z
?send_msg@@YAXPBDV?$shared_ptr@Umsg_base@@@std@@@Z
?post_msg@@YAXPBDV?$shared_ptr@Umsg_base@@@std@@@Z
?get_comp_mgr_instance@common@ierd_tgp@@YAAAVComponent_mgr@12@XZ
?find_component@Component_mgr@common@ierd_tgp@@QAE?AV?$weak_ptr@UIComponent@common@ierd_tgp@@@std@@ABVcomponent_interface_type@23@@Z
?file_size@filesystem@ierd_tgp@@YA_KABVpath@12@@Z
?exists@filesystem@ierd_tgp@@YA_NABVpath@12@AAVerror_code@std@@@Z
?from_json@jsonbind@@YAHPAXABVValue@Json@@@Z
??1ShareMemory@Memory@ierd_tgp@@QAE@XZ
??$json_value_to_obj@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@@YAHABVValue@Json@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??$json_value_to_obj@Vjsonb_bool@@@@YAHABVValue@Json@@AAVjsonb_bool@@@Z
??$json_value_to_obj@Vjsonb_uint64@@@@YAHABVValue@Json@@AAVjsonb_uint64@@@Z
??$json_value_to_obj@Vjsonb_int64@@@@YAHABVValue@Json@@AAVjsonb_int64@@@Z
??$json_value_to_obj@Vjsonb_int@@@@YAHABVValue@Json@@AAVjsonb_int@@@Z
??$obj_to_json_value@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@@YAHAAVValue@Json@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??$obj_to_json_value@Vjsonb_uint64@@@@YAHAAVValue@Json@@AAVjsonb_uint64@@@Z
??$obj_to_json_value@Vjsonb_int64@@@@YAHAAVValue@Json@@AAVjsonb_int64@@@Z
??$obj_to_json_value@Vjsonb_bool@@@@YAHAAVValue@Json@@AAVjsonb_bool@@@Z
??$obj_to_json_value@Vjsonb_int@@@@YAHAAVValue@Json@@AAVjsonb_int@@@Z
?MD5FileSafe@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@@Z
?appdata_project_folder@File_info@common@ierd_tgp@@SA?AVpath@filesystem@3@XZ
?get_log_instance@base@@YAPAVILogger@1@XZ
?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z
?get_cpu_name@Sys_wrapper@common@ierd_tgp@@SAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?directory_iterator_increment@detail@filesystem@ierd_tgp@@YAXAAVdirectory_iterator@23@PAVerror_code@std@@@Z
?directory_iterator_construct@detail@filesystem@ierd_tgp@@YAXAAVdirectory_iterator@23@ABVpath@23@PAVerror_code@std@@@Z
?dir_itr_close@detail@filesystem@ierd_tgp@@YAXAAPAX@Z
?extension@path@filesystem@ierd_tgp@@QBE?AV123@XZ
?filename@path@filesystem@ierd_tgp@@QBE?AV123@XZ
?open@Shared_mem_obj@common@ierd_tgp@@QAEPAXW4mode_t@interprocess@boost@@_N@Z
?StartThread@CThread@@QAEHPAXH@Z
??1CThread@@UAE@XZ
??0CThread@@QAE@XZ
?get_hdd_name@Sys_wrapper@common@ierd_tgp@@SAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Create@ShareMemory@Memory@ierd_tgp@@QAEHH@Z
?GetBuffer@ShareMemory@Memory@ierd_tgp@@QBEPAEXZ
?set_same_client_type_multi_instance@util_multi_instance@ierd_tgp@@YAX_N@Z
?get_coexist_name@util_multi_instance@ierd_tgp@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBD@Z
?get_process_count@util_multi_instance@ierd_tgp@@YAHPBD@Z
?IsSubWegameProcess@util_multi_instance@ierd_tgp@@YA_NXZ
?GetWegameProcessCount@util_multi_instance@ierd_tgp@@YAHXZ
?get_client_id@util_client_info@ierd_tgp@@YAHXZ
?GetUpdatedFilePath@silence_update@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PB_W0@Z
?is_certificate_open@util_curl_certificate@ierd_tgp@@YA_NXZ
?get_cert_pwd@util_curl_certificate@ierd_tgp@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?export_crt_file@util_curl_certificate@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@000@Z
??0WndMsgReceiver@Tenio@@QAE@XZ
??1WndMsgReceiver@Tenio@@QAE@XZ
?Init@WndMsgReceiver@Tenio@@QAE_NPBD@Z
?Uninit@WndMsgReceiver@Tenio@@QAE_NXZ
?CreateWnd@WndMsgReceiver2@Tenio@@UAEPAUHWND__@@PBD@Z
?unreg_all_msg_handler@@YAXPAX@Z
?get_ie_version@Sys_wrapper@common@ierd_tgp@@SAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?unreg_all_service@@YAXPAX@Z
??0Shared_mem_obj@common@ierd_tgp@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I0_N@Z
?name@Shared_mem_obj@common@ierd_tgp@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?size@Shared_mem_obj@common@ierd_tgp@@QAEIXZ
?get_workingdir_path@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?instance@Application@common@ierd_tgp@@SAPAV123@XZ
?MD5String@@YAPADPAD@Z
?MD5Buffer@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PADI@Z
?GetTpfUiVfsPath@silence_update@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?IsXpOs@Sys_wrapper@common@ierd_tgp@@SA_NXZ
?is_shared_mem_exist@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??_0path@filesystem@ierd_tgp@@QAEAAV012@ABV012@@Z
??_0path@filesystem@ierd_tgp@@QAEAAV012@PB_W@Z
?remove_filename@path@filesystem@ierd_tgp@@QAEAAV123@XZ
?parent_path@path@filesystem@ierd_tgp@@QBE?AV123@XZ
?exists@filesystem@ierd_tgp@@YA_NABVpath@12@@Z
?is_regular_file@filesystem@ierd_tgp@@YA_NABVpath@12@AAVerror_code@std@@@Z
?copy_file@filesystem@ierd_tgp@@YAXABVpath@12@0W4copy_option@12@AAVerror_code@std@@@Z
?to_string@version_t@common@ierd_tgp@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??0Application@common@ierd_tgp@@QAE@HQAPAD_NKK1ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1Application@common@ierd_tgp@@UAE@XZ
?get_session_id@Application@common@ierd_tgp@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get_machine_id@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?set_machine_guid_async@Application@common@ierd_tgp@@SAXXZ
?GetAutoRunRegKeyW@Sys_wrapper@common@ierd_tgp@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?IsStartFromUrlProtocol@Sys_wrapper@common@ierd_tgp@@SA_NXZ
?get_exe_path@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get_exe_path_ex@Application@common@ierd_tgp@@SA?AVpath@filesystem@3@XZ
?get_workingdir_path_ex@Application@common@ierd_tgp@@SA?AVpath@filesystem@3@XZ
?get_app_sub_path@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V45@@Z
?get_app_sub_path_ex@Application@common@ierd_tgp@@SA?AVpath@filesystem@3@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_app_path@Application@common@ierd_tgp@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?exit_app@Application@common@ierd_tgp@@QAEXH@Z
?process@Application@common@ierd_tgp@@QAEXXZ
?TaskBarPin@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z
?get_ret@Application@common@ierd_tgp@@QBEHXZ
?PushAsyncTask@common@ierd_tgp@@YAXV?$function@$$A6AXXZ@std@@K@Z
?MainThreadTaskUpdate@common@ierd_tgp@@YAXXZ
?u16_to_loc@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
?PrefetchImage@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?ReadPrivateProfile@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@00AAV45@1@Z
?ReadPrivateProfile@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0AAHAAV45@@Z
?load_config@Component_mgr@common@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?init@Component_mgr@common@ierd_tgp@@QAE_NXZ
?inited@Component_mgr@common@ierd_tgp@@QAEXXZ
?uninitialize@Component_mgr@common@ierd_tgp@@QAEXXZ
?tick@Component_mgr@common@ierd_tgp@@QAEXN@Z
?enable_profile_on@common@ierd_tgp@@YAX_N@Z
?set_quick_login_uin@common@ierd_tgp@@YAXK@Z
?get_quick_login_uin@common@ierd_tgp@@YAKXZ
?enable_static_detail_log@common@ierd_tgp@@YAX_N@Z
?is_static_detail_log@common@ierd_tgp@@YA_NXZ
?enable_one_more_instance@common@ierd_tgp@@YAX_N@Z
?enable_offline_mode_on@common@ierd_tgp@@YAX_N@Z
?is_offline_mode_on@common@ierd_tgp@@YA_NXZ
?set_offline_login_account@common@ierd_tgp@@YAX_K@Z
?WritePrivateProfile@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@000@Z
?IsLaptop@Sys_wrapper@common@ierd_tgp@@SA_NXZ
?set_game_launcher_flag@common@ierd_tgp@@YAX_N@Z
?stamp_init@@YAXXZ
?close@Shared_mem_obj@common@ierd_tgp@@QAEXXZ
?stamp_point@@YAXPBD@Z
??1Shared_mem_obj@common@ierd_tgp@@QAE@XZ
?stamp_uninit@@YAXXZ
?set_game_launcher_msg@common@ierd_tgp@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_restart_after_update@common@ierd_tgp@@YAX_N@Z
?enable_app_session_end@common@ierd_tgp@@YAX_N@Z
?set_start_from_host@common@ierd_tgp@@YAX_N@Z
?get_cfg_by_path@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@_N@Z
?set_cfg_by_path@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@Z
?set_qos_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXK@Z
?set_ver@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABUversion_t@common@4@@Z
?set_machine_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_qm_report_guid@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_launcher_info@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_K@Z
?set_session_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_uid@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_channel_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABH@Z
?set_bind_game_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXAB_K@Z
?report@Qos@qos@adapt_for_imports@ierd_tgp@@QAE_NABUQos_data_base@234@W4Qos_occasion@234@@Z
?WaitForStop@Qos@qos@adapt_for_imports@ierd_tgp@@QAE_NI@Z
?SetStartForID@Qos@qos@adapt_for_imports@ierd_tgp@@QAEX_K@Z
?SetCurrentStage@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXW4ProcessStage@234@@Z
?GetCurrentStage@Qos@qos@adapt_for_imports@ierd_tgp@@QAE?AW4ProcessStage@234@XZ
?set_account_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_client_version_type@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXH@Z
?SetCrashInfo@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABUCrashInfo@234@@Z
?SetIsMultiInstance@Qos@qos@adapt_for_imports@ierd_tgp@@QAEX_N@Z
?get_qos_instance@qos@adapt_for_imports@ierd_tgp@@YAAAVQos@123@XZ
?save_proxy_settings@client_helper@net@ierd_tgp@@YAXPBD@Z
?sync_proxy_settings@client_helper@net@ierd_tgp@@YAXXZ
?get_client_version_type@overseas@ierd_tgp@@YAHXZ
?extract_path@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z
?extract_name@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z
?extract_name@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV34@@Z
?file_exists@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?scale_path2absolute_path@common@ierd_tgp@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV34@@Z
?GetLastLoginedUin@common@ierd_tgp@@YA_KXZ
?GetLastLoginedWegameId@common@ierd_tgp@@YAIXZ
?open_web@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?extract_op_from_cmd@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0AAV45@@Z
?extract_op_from_cmd@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAV45@@Z
?extract_op_from_cmd@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAH@Z
?get_system_name@Sys_wrapper@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get_system_hardware@Sys_wrapper@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get_system_all_build_version@Sys_wrapper@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?StopThread@CThread@@QAEXXZ
?get_graphic_card_name@Sys_wrapper@common@ierd_tgp@@SAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?remove@filesystem@ierd_tgp@@YA_NABVpath@12@AAVerror_code@std@@@Z
??0ShareMemory@Memory@ierd_tgp@@QAE@PB_WK@Z
?to_json@jsonbind@@YAHPAXAAVValue@Json@@@Z
psapi
GetModuleFileNameExW
shlwapi
PathFileExistsA
PathFindFileNameW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathFindExtensionW
kernel32
InitializeSListHead
WaitForSingleObjectEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
ResetEvent
CreateEventW
InitializeCriticalSection
CreateThread
GetFileAttributesExW
LeaveCriticalSection
EnterCriticalSection
FlushFileBuffers
SetFileAttributesW
SetEndOfFile
SetFilePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
Process32Next
Process32First
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
MoveFileW
FindNextFileW
FindFirstFileW
RemoveDirectoryW
GetTempPathW
GetPrivateProfileIntW
OutputDebugStringA
SetEnvironmentVariableW
GetEnvironmentVariableW
QueryPerformanceCounter
GetCommandLineA
CreateProcessW
CreateFileMappingW
OpenEventA
CreateEventA
CreateMutexA
UnmapViewOfFile
MapViewOfFile
GetTickCount
FindClose
Sleep
WaitForSingleObject
SetEvent
SetLastError
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
OpenProcess
LocalFree
FreeLibrary
WideCharToMultiByte
GetFileAttributesW
CreateDirectoryW
OutputDebugStringW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
LoadLibraryW
GetFileSize
GetLongPathNameW
GetProcAddress
GetSystemInfo
DeleteFileW
CreateFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetLocalTime
CloseHandle
ReadFile
WriteFile
GetLastError
GetCurrentThreadId
GetSystemTimeAsFileTime
FormatMessageA
GetCommandLineW
QueryPerformanceFrequency
LoadLibraryA
user32
MessageBoxA
SetCursor
ClipCursor
FindWindowA
FindWindowW
PostMessageA
SendMessageA
DefWindowProcA
IsWindow
shell32
SHCreateDirectoryExW
CommandLineToArgvW
ole32
CoInitializeEx
CoUninitialize
advapi32
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
msvcp140
?bad@ios_base@std@@QBE_NXZ
?fail@ios_base@std@@QBE_NXZ
?eof@ios_base@std@@QBE_NXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?narrow@?$ctype@_W@std@@QBED_WD@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?c_str@?$_Yarn@D@std@@QBEPBDXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
_Wcsxfrm
_Wcscoll
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?unsetf@ios_base@std@@QAEXH@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?precision@ios_base@std@@QAE_J_J@Z
?flags@ios_base@std@@QAEHH@Z
?flags@ios_base@std@@QBEHXZ
?exceptions@ios_base@std@@QAEXH@Z
?good@ios_base@std@@QBE_NXZ
??Bios_base@std@@QBE_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?narrow@?$ctype@D@std@@QBEDDD@Z
?widen@?$ctype@D@std@@QBEDD@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??Bid@locale@std@@QAEIXZ
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Winerror_message@std@@YAKKPADK@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Xlength_error@std@@YAXPBD@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
_Open_dir
_Read_dir
_Close_dir
_To_byte
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$collate@_W@std@@2V0locale@2@A
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setf@ios_base@std@@QAEHH@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
vcruntime140
_except_handler4_common
memmove
memcpy
_purecall
strrchr
__std_terminate
__std_type_info_name
strchr
memchr
__RTDynamicCast
__std_type_info_compare
__std_exception_destroy
__std_exception_copy
wcsrchr
wcschr
memcmp
__CxxFrameHandler3
_CxxThrowException
memset
api-ms-win-crt-runtime-l1-1-0
_get_initial_narrow_environment
_initterm_e
_set_app_type
_seh_filter_exe
exit
_cexit
_exit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
__p___argv
_c_exit
_initterm
_errno
strerror
_invalid_parameter_noinfo
_crt_atexit
_invalid_parameter_noinfo_noreturn
__p___argc
terminate
_controlfp_s
_register_thread_local_exe_atexit_callback
api-ms-win-crt-stdio-l1-1-0
__p__commode
fwrite
ftell
__stdio_common_vsprintf
ferror
__acrt_iob_func
__stdio_common_vsnprintf_s
__stdio_common_vfprintf
__stdio_common_vswprintf_s
__stdio_common_vfwprintf
fseek
fopen_s
_ftelli64
__stdio_common_vsscanf
_set_fmode
fputc
fopen
__stdio_common_vsnwprintf_s
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
__stdio_common_vsprintf_s
ungetc
setvbuf
_fseeki64
fsetpos
fread
api-ms-win-crt-string-l1-1-0
wcsncpy_s
wcscmp
wcslen
wcsncpy
strncpy
wcscpy_s
wcscat_s
wcsncat_s
strlen
strcmp
_wcsicmp
_stricmp
isprint
_wcsnicmp
strncpy_s
strcpy_s
strpbrk
towlower
api-ms-win-crt-heap-l1-1-0
free
malloc
realloc
_set_new_mode
_callnewh
api-ms-win-crt-filesystem-l1-1-0
_wmkdir
_wremove
_wrmdir
_waccess
_unlock_file
_lock_file
_wsplitpath_s
api-ms-win-crt-convert-l1-1-0
strtoul
_wtoi
api-ms-win-crt-math-l1-1-0
_ldtest
_dsign
_dtest
_except1
__setusermatherr
api-ms-win-crt-locale-l1-1-0
localeconv
_configthreadlocale
api-ms-win-crt-utility-l1-1-0
rand
api-ms-win-crt-environment-l1-1-0
_wgetcwd
api-ms-win-crt-time-l1-1-0
_time64
Sections
.text Size: 490KB - Virtual size: 490KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 154KB - Virtual size: 154KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 754KB - Virtual size: 754KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 754KB - Virtual size: 754KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ