??0CShellShortcut@@QAE@ABV0@@Z
??4CSecurity@@QAEAAV0@ABV0@@Z
??4CShellShortcut@@QAEAAV0@ABV0@@Z
??4FCabLib@@QAEAAV0@ABV0@@Z
??4FCabinet@@QAEAAV0@ABV0@@Z
??_7CShellShortcut@@6B@
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
08baee8f54f51f5f54cf8b62a488c601.exe
Resource
win7-20231215-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
08baee8f54f51f5f54cf8b62a488c601.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
08baee8f54f51f5f54cf8b62a488c601
-
Size
928KB
-
MD5
08baee8f54f51f5f54cf8b62a488c601
-
SHA1
42d5cebffb9ec5595376153d4aef11030552535d
-
SHA256
e7e8bbf11e1d95165f711b4396e4c4acafe8c07e4484184165d36190b39972a8
-
SHA512
5669d9ce2dde7bd66ea27f3c54ebf6c437b4d5419a596a57f4afbd0882d6a41a6adb47824a48fe3c89fb616a5d727ad4b40d861455d573fa22ce014a31dfd2d1
-
SSDEEP
24576:Y77ujs32Vq4EWGQ09vSq7DaY0AiMwOtBH8Aa0pg6dl:YB3D4EWGDSqnL0XOtCall
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 08baee8f54f51f5f54cf8b62a488c601
Files
-
08baee8f54f51f5f54cf8b62a488c601.exe windows:4 windows x86 arch:x86
600fe705631c21d883466349e9d168c0
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
epsmtl32
?PageRegQueryValueEx@CAppBase@@QAEPAXPAVCReg@@PAUHKEY__@@PBD2PAK3@Z
?GetDstFileName@CCopyFile@@QAEPADXZ
?GetInfoListLpstrArray@MTools2@@QAEPAVLpstrArray@@PBDPAVInfWalkEx@@@Z
?OpenDevRegKey@MSetupApiTool@@QAEHPAPAUHKEY__@@HK@Z
?OpenDevRegKey16@MSetupApiTool@@QAEPAUHKEY__@@PAXPAPAU2@H@Z
?RegEnumValueA@CReg@@QAEHPAUHKEY__@@KPADPAK22PAE2@Z
?QueryFileObjectInCopyList@CCopyFile@@SAPAV1@PAV?$TList@VCCopyFile@@@@PBD1@Z
?GetFileVersionQueryInfo@Enum@@QAEHPADPAP6GHXZPAX@Z
??0CCopyFile@@QAE@PBD0000K@Z
?f_strncpy@MTools3@@SAPADPADPBDH@Z
?IsValidDirectory@RFile@@SAHPBD@Z
?AppendCopyFile@MTools2@@QAEXPAPAV?$TList@VCCopyFile@@@@PAVCCopyFile@@@Z
?InstallProfilesInfo@InstallAppInfo@@QAEHPAUHKEY__@@PBD11111@Z
?InstallFilesInfoEx@InstallAppInfo@@QAEHPAUHKEY__@@PBD11111@Z
?InstallFilesInfo@InstallAppInfo@@QAEHPAUHKEY__@@PBD11111@Z
?SetCurDefDevice@DefPrinter@@QAEXXZ
?FileName@MStrPath@@QAEPBDPBD@Z
??1MSetupApiTool@@QAE@XZ
?Terminate16@MSetupApiTool@@QAEXXZ
?SearchRename@MTools2@@SAXPBD0PAVMString@@@Z
?GetWildCardToFileName@MTools2@@SAHPBDPAVMString@@@Z
?GetRenameInfo@MTools2@@QAEXPBDPAV?$TList@VLpstrArray@@@@PAVMString@@PAVInfWalkEx@@@Z
?GetCommonDependentInfo@MTools2@@QAEPBDPAVMString@@@Z
?CloseInfFile@InfWalkEx@@UAEXXZ
?FindNextMatchLine@CInfWalk@@UAEHPBD@Z
?SaveRestorePosition@CInfWalk@@UAEHH@Z
?GetStringField@CInfWalk@@UAEHKPADKPAK@Z
?FindFirstLine@CInfWalk@@UAEHPBD0@Z
?OpenInfFile@InfWalkEx@@UAEHPBDK@Z
?DeleteFileEtc@RFile@@SAHPBD@Z
?ShowErrorProfile@MTools2@@SAXPBD@Z
F_GlobalAlloc2
?GenWininitRename@CCtlPath@@QAEHPBD0K@Z
?RenameFile@RFile@@QAEHPBD0@Z
?F_SetupCloseFileQueue@RSetupApi@@QAEXPAX@Z
?F_SetupCommitFileQueue@RSetupApi@@QAEHPAUHWND__@@PAXP6GI1III@Z1@Z
?F_SetupInitDefaultQueueCallback@RSetupApi@@QAEPAXPAUHWND__@@@Z
?F_SetupInitDefaultQueueCallbackEx@RSetupApi@@QAEPAXPAUHWND__@@0IKPAX@Z
?SetupCloseFileQueue16@MSetupApiTool@@QAEHXZ
?F_SetupQueueCopy@RSetupApi@@QAEHPAXPBD111111K@Z
?SetupQueueCopy16@MSetupApiTool@@QAEHPBD0000@Z
?QueryInfFileVersion@MTools2@@QAEHPAVInfWalkEx@@@Z
?ExtractFileFromCabinet@FCabLib@@QAEHPAE000@Z
?F_CreateDirectory@RWin32Api@@SAHPBDPAX@Z
?GetLinerFileName@MStrPath@@QAEXPBDPAV?$TList@VCCopyFile@@@@PAVMString@@@Z
?GetDriverNameFromDeviceName@MTools2@@QAEHPBDPAVMString@@@Z
?GetUniqueFileName@MStrPath@@QAEXPAVCCopyFile@@PAVMString@@1@Z
?GetSetupDiskType@MTools2@@QAEHPAD@Z
?F_SetupOpenFileQueue@RSetupApi@@QAEPAXXZ
?SetupOpenFileQueue16@MSetupApiTool@@QAEXPAUHWND__@@H@Z
??1RSHApi@@QAE@XZ
??1MInfFile@@QAE@XZ
??1MStrPath@@QAE@XZ
??0MTools2@@QAE@XZ
??0RSHApi@@QAE@XZ
??0MInfFile@@QAE@XZ
??0MStrPath@@QAE@XZ
??1MTools2@@QAE@XZ
?PickupInfoList@MTools2@@QAEHPBDPAPAV?$TList@VLpstrArray@@@@PAXPAVInfWalkEx@@@Z
?GetOptionString@MTools2@@QAEPADPADPAVMString@@@Z
?IsSameOption@MTools2@@QAEHPADPBD@Z
?RegOpenKeyExB@MTools2@@QAEHPAUHKEY__@@PBDKKPAPAU2@@Z
?RegEnumKeyExA@CReg@@QAEHPAUHKEY__@@KPADPAK212PAU_FILETIME@@@Z
?WritePrivateProfileStringA@CProfile@@SAKPBD0@Z
??1CShellShortcut@@UAE@XZ
?WritePrivateProfileDWORD@CProfile@@SAKPBDK@Z
?F_SetupScanFileQueue@RSetupApi@@QAEHPAXKPAUHWND__@@P6GI0III@Z0PAK@Z
?IsCompleteMatch@RFile@@SAHPBD0@Z
?DestroyDeviceInfo@MSetupApiTool@@QAEXXZ
?F_EnumDriverInfo@RSetupApi@@QAEHPAXPAU_SP_DEVINFO_DATA@@KKPAU_SP_DRVINFO_DATA_A@@@Z
?CreateDeviceInfoList@MSetupApiTool@@QAEPAXPBDK0H@Z
?DispatchMessageQueue@MTools2@@QAEXPAUHWND__@@@Z
?IsFieldInInfLine@MTools2@@QAEHPBD0@Z
?DebugProfileDump@MTools2@@SAXPBD@Z
?AppendIconItem@MTools2@@QAEXPAPAV?$TList@U_CIconItem@@@@PAU_CIconItem@@@Z
?AppendIconResource@MTools2@@QAEXPAPAV?$TList@VCIconResource@@@@PAVCIconResource@@@Z
??0CIconResource@@QAE@PBD@Z
?GetResourceID@CIconResource@@QAEPBDXZ
??0RemoveLinkAppBase@@QAE@HPAVMString@@PAVInfWalkEx@@PAVCReg@@PAVMTools2@@@Z
??1RemoveLinkAppBase@@QAE@XZ
?ExpandPathName@MTools2@@QAEXPBDPAVMString@@@Z
?IsDeletableFile@RFile@@QAEHPBD@Z
?GetEnumPrinterDriversSize@Enum@@QAEHK@Z
?f_strrchr@MTools3@@SAPADPADI@Z
?RemoveDirectoryAll@RFile@@QAEHPBDHPAP6GHXZPAX@Z
?BuildDeviceNodeName@MTools3@@SAHPBD0PADK@Z
?RemoveDirectoryA@RFile@@SAHPBD@Z
?DeleteTempFileEtc@RFile@@QAEHPBD@Z
?GetLinkedApplocationInfo@RemoveLinkAppBase@@QAEPAXPBD@Z
?GetEnumPrintersSize@Enum@@QAEHKK@Z
?IsReservedFolder@RemoveLinkBase@@QAEHPBD@Z
?FileNameExcludeSlash@MTools2@@QAEPADPBD@Z
F_GlobalReAlloc
??0RColorProfiles@@QAE@XZ
?UninstallColorProfiles@RColorProfiles@@QAEHPBD@Z
?F_SetupDiRemoveDevice@RSetupApi@@QAEHPAXPAU_SP_DEVINFO_DATA@@@Z
?DestroyDeviceInfo16@MSetupApiTool@@QAEXXZ
?RemoveDevice16@MSetupApiTool@@QAEHPAX@Z
?GetlpNextDi@MSetupApiTool@@QAEPAXPAX@Z
?GetszDescription@MSetupApiTool@@QAEPBDPAX@Z
?GetClassDevs16@MSetupApiTool@@QAEHHPBD@Z
?RunOnce@DelInstallWizard@@QAEHPAUHWND__@@@Z
?GetHardwareID@RemoveBase@@QAEHIPBDPAVMString@@@Z
??1LpstrArray@@QAE@XZ
??0LpstrArray@@QAE@XZ
?RemoveDevice@CPrintProcessor@@QAEIPAVCWnd@@PBDPAVLpstrArray@@@Z
?InitRemoveDeviceInfo@CPrintProcessor@@QAEHPBD@Z
??0CPrintProcessor@@QAE@PAVInfWalkEx@@PAVCReg@@PAVEnum@@@Z
?GetDefPrinter@DefPrinter@@QAEHPAD@Z
?RemoveLinkObjects@RemoveLinkBase@@QAEKPAVLpstrArray@@@Z
?GetDriverRegistryLinkedInfo@RemoveLinkAppBase@@QAEPAXPAUHKEY__@@PBD1@Z
?GetPrinterSize@Enum@@QAEHKPAX@Z
??1CDiskName@@QAE@XZ
?RegDeleteValueA@CReg@@QAEHPAUHKEY__@@PBD@Z
??0DelInstallWizard@@QAE@XZ
??0CReg@@QAE@XZ
?ChangeModule@MTools2@@SAXPBD00@Z
?ResourceToFile@MTools2@@SAHPAUHINSTANCE__@@PBD11@Z
Set_mstr_wflg
set_profile_level
?EnableAddRemovePrinter@CSecurity@@QAEHXZ
??0CSecurity@@QAE@XZ
??0FCabLib@@QAE@XZ
??0Enum@@QAE@XZ
Set_bWriteLog
Set_OSVersionInfo
??1CProfile@@QAE@XZ
??1FCabLib@@QAE@XZ
??1CReg@@QAE@XZ
??1Enum@@QAE@XZ
?QueryUniqueProfileSection@CProfile@@SAXPAVMString@@@Z
?OpenInfFile2@MInfFile@@QAEHPBDPAVInfWalkEx@@PAV?$TList@PAD@@PAV?$TList@VLpstrArray@@@@H@Z
?QueryPreferentialDriver@MTools2@@QAEHPADPAVLpstrArray@@@Z
?GetDriverNameFromPrinterName@MStrPath@@QAEXPAD@Z
?ReplaceLine@InfWalkEx@@QAEHPAVMString@@H@Z
?ReplaceKeywordInMessage@MTools2@@QAEXPAVMString@@PBD1@Z
?Replace@InfWalkEx@@QAEXPAVMString@@PBDPAD@Z
?SetInfVersion@MTools2@@SAXH@Z
?MakeOSIdList@MTools2@@QAEHPAVInfWalkEx@@@Z
?OpenInfFile@MInfFile@@QAEHPBDPAVInfWalkEx@@PAV?$TList@PAD@@@Z
?ReplaceMacroString@InfWalkEx@@QAEHXZ
?Set_hInstance@CReg@@QAEXPAUHINSTANCE__@@@Z
??1DelInstallWizard@@QAE@XZ
?IsPC98Windows@CCtlPath@@QAEHXZ
?ShowNewDefaultPrinter@DefPrinter@@QAEHPAVMString@@@Z
?GetInfFilePath@MStrPath@@QAEXPAVMString@@PBD@Z
?DoInstallFinalShortCut@InstallShortCutUrl@@QAEIPBD0@Z
?CtlSetLddPath@CCtlPath@@QAEHKPAD@Z
?RegOpenKeyExA@CReg@@QAEHPAUHKEY__@@PBDKKPAPAU2@@Z
?RegQueryValueExA@CReg@@QAEHPAUHKEY__@@PBDPAK2PAE2@Z
?RegSetValueExA@CReg@@QAEHPAUHKEY__@@PBDKKPAEK@Z
??0PortMain@@QAE@PAVInfWalkEx@@PAVCReg@@PAVEnum@@PAVMTools2@@H@Z
?GetRecommendedPortName@PortMain@@QAEHPBDPAVMString@@@Z
?GetEnumPrinterDrivers@Enum@@QAEHKPAP6GHXZ000@Z
?MakeDiskNameList@CDiskName@@QAEXPAVInfWalkEx@@@Z
?GetLineCurrent@InfWalkEx@@QAEHPAVMString@@@Z
?RegCreateKeyExA@CReg@@QAEHPAUHKEY__@@PBDKPADKKPAXPAPAU2@PAK@Z
?RegCloseKey@CReg@@QAEHPAUHKEY__@@@Z
?RegisterUninstaller@InstallAppInfo@@QAEXPAV?$TList@VCCopyFile@@@@PBD1PAVMString@@1@Z
?DoInstallShortCutUrl@InstallShortCutUrl@@QAEIPBD0PAV?$TList@VCCopyFile@@@@@Z
?UpdateSessionManager@RSessionManager@@QAEXPAV?$TList@VCCopyFile@@@@@Z
?RSHApiTerminate@RSHApi@@SAXXZ
?GetDriverInfo@Enum@@QAEHKPADPAP6GHXZ@Z
?RegDeleteKeyA@CReg@@QAEHPAUHKEY__@@PBDH@Z
?f_strchr@MTools3@@SAPADPBDH@Z
?ReplaceApostropheToQuote@CInfWalk@@SGXPAD@Z
?CreateSharedMemoryRegion@MTools3@@SAPAXKKPADPAPAX1@Z
?GetSpecialFolderLocation@RSHApi@@QAEHHPAD@Z
?IsFieldInInfo@MTools2@@QAEHPBD0@Z
?AddDQ@MString@@QAEPBDXZ
?AddField@MTools2@@SAXPAVMString@@PBD@Z
?RemoveAt@LpstrArray@@QAEXH@Z
?QuerySourceDiskPath@MStrPath@@QAEHPBD0PAVMString@@@Z
?GetDiskNumber@MTools2@@QAEKPBD@Z
?GetDiskName@CDiskName@@QAEPADK@Z
?FormatString1@MTools2@@QAEXIPBD@Z
?ReplaceControlCharToControlCode@CInfWalk@@SGXPAVMString@@@Z
?Cancel@DelInstallWizard@@QAEXXZ
?SetForceCancel@DelInstallWizard@@QAEXH@Z
?Start@DelInstallWizard@@QAEXPAUHWND__@@@Z
?LookupKickOption@MTools2@@QAEHPBDPAUHWND__@@PAVMString@@_J@Z
?GetParam@MTools3@@SAPADPADPAPAD@Z
?F_CreateProcess@RWin32Api@@SAHKPAD0KPAU_PROCESS_INFORMATION@@@Z
?GetPrinterInfo@Enum@@QAEHPADPAP6GHXZK@Z
?F_GetModuleFileName@RWin32Api@@SAHPAUHWND__@@PADK@Z
?FormatString2@MTools2@@QAEXIPBD0@Z
?QueryMessageFromScriptFile@MTools2@@QAEHPBDIPAI@Z
?Empty@MString@@QAEXXZ
??0InfWalkEx@@QAE@XZ
?infParseField@InfWalkEx@@UAEHPADH0HH@Z
??1InfWalkEx@@UAE@XZ
?QueryInfoLine@MTools2@@QAEHPAVMString@@PAV?$TList@VLpstrArray@@@@PBD@Z
?F_WideCharToMultiByte@RWin32Api@@SAHPBGPADH@Z
?GetEnumPorts@Enum@@QAEHKPAP6GHXZ000@Z
?GetEnumPrinters@Enum@@QAEXKPAP6GHXZ000@Z
?GetMStringField@MTools3@@SAHPBDHPAVMString@@PAHHH22@Z
?Find@MString@@QAEHH@Z
??0RemoveBase@@QAE@HPAVInfWalkEx@@PAVCReg@@PAVMTools2@@@Z
?GetInfFileName@RemoveBase@@QAEHIPBDPAVMString@@@Z
?IsDriveFirst@MTools2@@SAHPAVMString@@@Z
?IsFileExist@RFile@@SAHPAD@Z
??1RemoveBase@@QAE@XZ
?GetDriverInfPath@MStrPath@@QAEXPAVMString@@@Z
?SetDefPrinter@DefPrinter@@QAEHPBDH0@Z
??0PAssociate@@QAE@HPAVInfWalkEx@@PAVCReg@@PAVMTools2@@PAUHWND__@@@Z
?ProcessAssociatedInfFileIni@PAssociate@@QAEHPBDPAPADK0PAVMString@@2P6GHXZPAXI@Z
?ProcessProfileSettings@PAssociate@@QAEHPBD0@Z
??0DefPrinter@@QAE@PAVInfWalkEx@@PAVEnum@@PAVMTools2@@@Z
??1DefPrinter@@QAE@XZ
??1PAssociate@@QAE@XZ
??0RColorProfiles@@QAE@PAVInfWalkEx@@PAVCReg@@PAVEnum@@@Z
?InstallColorProfiles@RColorProfiles@@QAEHPBDPAD0@Z
??1RColorProfiles@@QAE@XZ
?DoReName@CCopyFile@@QAEPADPBD@Z
?f_strstr@MTools3@@SAPADPADPBD@Z
?GetPrintDriverDirectory@Enum@@QAEPADXZ
?CtlGetLddPath@CCtlPath@@QAEHKPAD@Z
?GetRelativePath@MTools3@@SAHPBD0PAVMString@@@Z
?catPath@InfWalkEx@@SAPADPAVMString@@PBD@Z
?StripPathName@CInfWalk@@SGPADPAD@Z
?hatol@CInfWalk@@SGJPBD@Z
?catpath@CInfWalk@@SGPADPADPBD@Z
?GetExt@MTools3@@SAPBDPAD@Z
?FileName@CInfWalk@@SGPADPBD@Z
?CreateStartupShortcut@CShellShortcut@@SAHPBD00000KK@Z
??0CShellShortcut@@QAE@XZ
??0RSetupApi@@QAE@H@Z
??0CDiskName@@QAE@XZ
??1InstallAppInfo@@QAE@XZ
??1PortMain@@QAE@XZ
??1CPrintProcessor@@QAE@XZ
??1InstallShortCutUrl@@QAE@XZ
??1CAppBase@@QAE@XZ
??0RSessionManager@@QAE@PAVEnum@@PAVCReg@@PAVInfWalkEx@@@Z
??0InstallAppInfo@@QAE@XZ
?RenameFile2@RFile@@QAEHPBD0@Z
??0InstallShortCutUrl@@QAE@PAVMTools2@@PAVInfWalkEx@@PAVEnum@@_JK@Z
??1RSessionManager@@QAE@XZ
??1CIconResource@@QAE@XZ
?GetNumericValue@MTools2@@QAEHPAD@Z
?SetPostMessage@DelInstallWizard@@QAEXXZ
?CreateQuerySectionName@MTools2@@QAEHPAVMString@@HHPAX@Z
F_GlobalAlloc
F_ReAlloc
?PickupEnvironmentIdentifier@MTools2@@QAEHPAVLpstrArray@@@Z
??YMString@@QAEXPAD@Z
?GetLineText2@InfWalkEx@@QAEPADPAVMString@@H@Z
?infParseField@InfWalkEx@@QAEHPADHPAVMString@@H@Z
?GetDefaultSetting@MTools2@@QAEHPBDH@Z
?AllocCopy@MTools2@@QAEPADPBD@Z
?ExpandInstallPath2@MStrPath@@QAEXPAVMString@@PBD1@Z
?CreateUniquePrinterName@MTools2@@QAEHPBDPAVMString@@@Z
?GetFullPath@MTools3@@SAPADPADPBD1I@Z
??0CProfile@@QAE@PBD@Z
?RemoveAssociatedModules@RemoveBase@@QAEXPBDH_J@Z
?F_GetSystemWindowsDirectory@RWin32Api@@SAKPADI@Z
F_ReAllocFree
F_GlobalFree
?F_SHBrowseForFolder@RSHApi@@QAEHPAUHWND__@@HPAD1I@Z
?QueryMessageFromScriptFile2@MTools2@@QAEHPBDIPADPAI@Z
?Append@LpstrArray@@QAEHPAD@Z
?DeletePickupInfoList@MTools2@@QAEXPAV?$TList@VLpstrArray@@@@@Z
CreateObjectByNames
??4MString@@QAEXPAD@Z
??BMString@@QAEPBDXZ
DeleteObjects
?CloseSharedMemoryRegion@MTools3@@SAXPAPAX0@Z
kernel32
DeleteCriticalSection
HeapDestroy
HeapSize
MultiByteToWideChar
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
HeapReAlloc
TerminateProcess
GetACP
GetTimeZoneInformation
HeapAlloc
ExitProcess
GetStartupInfoA
HeapFree
RaiseException
RtlUnwind
SetEndOfFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
SetErrorMode
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
WideCharToMultiByte
InterlockedIncrement
GlobalAlloc
lstrcmpA
GetCurrentThread
lstrlenA
lstrcpynA
GlobalFree
InterlockedDecrement
LockResource
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
GetEnvironmentVariableA
ReleaseMutex
GetModuleHandleA
GetVersionExA
GetCommandLineA
GetModuleFileNameA
GetPrivateProfileStringA
OpenMutexA
CreateMutexA
GetTempPathA
GetTempFileNameA
WriteFile
GetExitCodeThread
OpenProcess
Sleep
GetComputerNameA
WritePrivateProfileStringA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
MoveFileExA
GetSystemTime
FormatMessageA
LocalFree
MoveFileA
GetFileAttributesA
SetFileAttributesA
FindNextFileA
GlobalFlags
CreateEventA
CreateThread
ResumeThread
SetEvent
WaitForSingleObject
CopyFileA
GetShortPathNameA
GetUserDefaultLangID
GetExitCodeProcess
FindFirstFileA
CreateFileA
FindClose
ReadFile
CloseHandle
FindResourceA
LoadResource
IsDBCSLeadByte
LoadLibraryExA
GetLastError
LoadLibraryA
GetProcAddress
GetSystemDirectoryA
IsBadHugeReadPtr
FreeLibrary
MulDiv
GetWindowsDirectoryA
GlobalLock
user32
CharNextA
LoadIconA
MoveWindow
GetForegroundWindow
DestroyMenu
GetSysColorBrush
GetMessageA
ValidateRect
GetCursorPos
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
GetNextDlgTabItem
IsWindowEnabled
IsDialogMessageA
SendDlgItemMessageA
MapWindowPoints
IsWindow
AdjustWindowRectEx
CopyRect
IsWindowVisible
GetScrollInfo
SetScrollPos
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgCtrlID
GetKeyState
DestroyWindow
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
GetMessageTime
GetMessagePos
SendMessageA
RegisterWindowMessageA
GetWindowPlacement
GrayStringA
TabbedTextOutA
EndPaint
BeginPaint
ClientToScreen
DestroyIcon
IsCharAlphaNumericA
IsCharAlphaA
GetLastActivePopup
BringWindowToTop
IsIconic
CharLowerA
SystemParametersInfoA
PeekMessageA
TranslateMessage
DispatchMessageA
GetClassNameA
InflateRect
GetSystemMetrics
PtInRect
LoadBitmapA
CharPrevA
PostQuitMessage
FindWindowA
CreateWindowExA
CallWindowProcA
PostMessageA
RedrawWindow
LoadStringA
ExitWindowsEx
SetForegroundWindow
SetActiveWindow
FindWindowExA
SetCursor
MsgWaitForMultipleObjects
GetDesktopWindow
GetFocus
wsprintfA
DrawTextA
GetWindow
CheckRadioButton
GetDialogBaseUnits
MessageBoxA
CharUpperA
SetRect
FillRect
GetWindowLongA
SetWindowLongA
GetSystemMenu
EnableMenuItem
GetClientRect
GetSysColor
InvalidateRect
LoadCursorA
DefWindowProcA
GetWindowTextA
SetFocus
GetParent
UnregisterClassA
ShowWindow
EnableWindow
UpdateWindow
GetDlgItem
GetDC
ReleaseDC
GetWindowRect
SetWindowPos
ScreenToClient
SetWindowTextA
gdi32
CreateBitmap
Escape
TextOutA
RectVisible
PtVisible
CreatePen
GetTextExtentPoint32A
LineTo
MoveToEx
GetClipBox
ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetBkColor
RestoreDC
SaveDC
DeleteDC
GetStockObject
CreateCompatibleDC
BitBlt
StretchBlt
GetObjectA
UpdateICMRegKeyA
SetMapMode
SetWindowExtEx
SetViewportExtEx
SetViewportOrgEx
CreateSolidBrush
CreateFontIndirectA
SelectObject
SetTextColor
SetBkMode
ExtTextOutA
EnumFontFamiliesA
GetDeviceCaps
CreatePalette
SelectPalette
RealizePalette
DeleteObject
winspool.drv
DeletePrinterDriverA
DeleteMonitorA
DocumentPropertiesA
DeletePrinterConnectionA
DeletePrinter
GetPrinterDriverA
EnumPrinterDriversA
GetPrinterDataA
SetPrinterDataA
OpenPrinterA
GetPrinterA
EnumPrintersA
ClosePrinter
advapi32
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
shell32
ExtractIconExA
comctl32
ord17
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
Exports
Exports
Sections
.text Size: 304KB - Virtual size: 303KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 44KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 36KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 540KB - Virtual size: 539KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ