Adobe Dcim Full Malware[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

Adobe Dcim Full Malware.7z
Size

19.5MB
MD5

09ac693d20a98e3b4cc86faf86b0064b
SHA1

b93f69504f3c813d726821de945bce7a03cb46f9
SHA256

baa584520f1eaa42c4c6b1f1b99172f2032255087950169578f64a8a0526da46
SHA512

9d42c731958cd422feffa0c525400e84f7317daaed4b0576363942fb26658b62d5c9c217ba4ef20eb3d63828c3ab50e07a0c26e8627d1c0252c42a175b544308
SSDEEP

393216:TzA3iwlXxdBajNfpS1YQQ2JNGhidfNiCWZQp7Mb8QblSR/781D3Nh/t:XwfqZfpSXQwNGUEZQRuFJSR/7IrNh1

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/1/Adobe PhotoShop/def.exe	pyinstaller

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1/Adobe PhotoShop/Startrun.pif
unpack001/1/Adobe PhotoShop/def.exe
unpack001/1/Adobe PhotoShop/runsc.exe

Files

Adobe Dcim Full Malware.7z
.7z

Password: infected
1/Adobe PhotoShop/Photo.Jpeg
.vbs
1/Adobe PhotoShop/Share/DCIM/Photo.Jpeg
.vbs
1/Adobe PhotoShop/Startrun.pif
.exe windows:10 windows x86 arch:x86

Password: infected

b90d1215a23cbfc37f9bec432d2d360e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_itow
wcsrchr
strcpy_s
swprintf_s
_swab
wcscat_s
memmove
_except_handler4_common
_itow_s
_vsnwprintf
_wcsicmp
_wcsnicmp
wcsncmp
bsearch
free
_callnewh
malloc
sprintf_s
wcscpy_s
_vsnprintf
_beginthread
_endthread
_ftol2
memcpy
memset

oleaut32

SafeArrayGetElement
VariantInit
UnRegisterTypeLi
SafeArrayCreate
SafeArrayPutElement
SafeArrayGetUBound
VariantCopy
SafeArrayCopy
SafeArrayGetLBound
LoadTypeLibEx
SysAllocString
LoadRegTypeLi
SysFreeString
SafeArrayDestroy
VariantChangeType
SysStringLen
SysAllocStringLen
VariantClear
SysAllocStringByteLen
LoadTypeLi
CreateErrorInfo
SetErrorInfo

kernel32

DeleteCriticalSection
GetCurrentThreadId
InitializeCriticalSection
GetPrivateProfileIntW
GetModuleHandleA
GetStartupInfoA
ExitProcess
LeaveCriticalSection
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetLocaleInfoW
GetCommandLineW
GetProcessHeap
HeapAlloc
GetCommandLineA
MultiByteToWideChar
EnterCriticalSection
GetPrivateProfileIntA
GetPrivateProfileStringA
WideCharToMultiByte
CreateFileW
UnmapViewOfFile
HeapFree
GetFullPathNameA
CreateFileMappingA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetFullPathNameW
GetCPInfo
GetFileAttributesA
GetPrivateProfileStringW
GetACP
GetFileAttributesW
FindClose
FindFirstFileA
FindFirstFileW
GetConsoleMode
GetStdHandle
CreateEventA
CreateThread
SetEvent
GetUserDefaultLCID
FlushFileBuffers
GetTempFileNameA
GetSystemDirectoryA
CreateFileA
GetTempPathA
GetFileSize
LoadLibraryExA
WriteFile
MapViewOfFile
SearchPathW
GetVersionExA
CloseHandle
SetLastError
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetModuleFileNameW
GetVersionExW
FindResourceExW
LoadResource
HeapReAlloc
FormatMessageA
LocalFree
FormatMessageW
LoadLibraryExW
GetProcAddress
FreeLibrary
LocalAlloc
CreateFileMappingW

user32

PostMessageA
GetClassNameA
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
SetTimer
SetWindowLongA
GetParent
IsWindowVisible
PostThreadMessageA
PostQuitMessage
KillTimer
PeekMessageA
EnumThreadWindows
GetWindowLongA
SendMessageA
RegisterClassA
GetMessageA
LoadStringW
LoadStringA
DispatchMessageA
DefWindowProcA
CreateWindowExA
TranslateMessage
GetClassInfoA
MessageBoxW
GetActiveWindow
CharNextA

ole32

CreateFileMoniker
CoRegisterMessageFilter
CoGetTreatAsClass
MkParseDisplayName
CoRevokeClassObject
CoGetMalloc
CoRegisterClassObject
CreateBindCtx
CoInitializeSecurity
StringFromCLSID
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoInitialize
CLSIDFromString
CoGetClassObject
CLSIDFromProgID

advapi32

RegQueryValueExA
LookupAccountNameW
RegOpenKeyExA
ReportEventW
RegisterEventSourceW
RegEnumKeyExA
IsTextUnicode
GetUserNameW
DeregisterEventSource
ImpersonateLoggedOnUser
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegOpenKeyA
RegSetValueA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyExW
RegQueryValueA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW

version

GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1/Adobe PhotoShop/def.exe
.exe windows:5 windows x64 arch:x64

Password: infected

20d446c1cb128febd23deb17efb67cf6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
IsValidCodePage
GetACP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
CreateSymbolicLinkW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetOEMCP
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetEndOfFile
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
win.pyc
1/Adobe PhotoShop/runsc.exe
.exe windows:10 windows x86 arch:x86

Password: infected

b90d1215a23cbfc37f9bec432d2d360e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_itow
wcsrchr
strcpy_s
swprintf_s
_swab
wcscat_s
memmove
_except_handler4_common
_itow_s
_vsnwprintf
_wcsicmp
_wcsnicmp
wcsncmp
bsearch
free
_callnewh
malloc
sprintf_s
wcscpy_s
_vsnprintf
_beginthread
_endthread
_ftol2
memcpy
memset

oleaut32

SafeArrayGetElement
VariantInit
UnRegisterTypeLi
SafeArrayCreate
SafeArrayPutElement
SafeArrayGetUBound
VariantCopy
SafeArrayCopy
SafeArrayGetLBound
LoadTypeLibEx
SysAllocString
LoadRegTypeLi
SysFreeString
SafeArrayDestroy
VariantChangeType
SysStringLen
SysAllocStringLen
VariantClear
SysAllocStringByteLen
LoadTypeLi
CreateErrorInfo
SetErrorInfo

kernel32

DeleteCriticalSection
GetCurrentThreadId
InitializeCriticalSection
GetPrivateProfileIntW
GetModuleHandleA
GetStartupInfoA
ExitProcess
LeaveCriticalSection
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetLocaleInfoW
GetCommandLineW
GetProcessHeap
HeapAlloc
GetCommandLineA
MultiByteToWideChar
EnterCriticalSection
GetPrivateProfileIntA
GetPrivateProfileStringA
WideCharToMultiByte
CreateFileW
UnmapViewOfFile
HeapFree
GetFullPathNameA
CreateFileMappingA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetFullPathNameW
GetCPInfo
GetFileAttributesA
GetPrivateProfileStringW
GetACP
GetFileAttributesW
FindClose
FindFirstFileA
FindFirstFileW
GetConsoleMode
GetStdHandle
CreateEventA
CreateThread
SetEvent
GetUserDefaultLCID
FlushFileBuffers
GetTempFileNameA
GetSystemDirectoryA
CreateFileA
GetTempPathA
GetFileSize
LoadLibraryExA
WriteFile
MapViewOfFile
SearchPathW
GetVersionExA
CloseHandle
SetLastError
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetModuleFileNameW
GetVersionExW
FindResourceExW
LoadResource
HeapReAlloc
FormatMessageA
LocalFree
FormatMessageW
LoadLibraryExW
GetProcAddress
FreeLibrary
LocalAlloc
CreateFileMappingW

user32

PostMessageA
GetClassNameA
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
SetTimer
SetWindowLongA
GetParent
IsWindowVisible
PostThreadMessageA
PostQuitMessage
KillTimer
PeekMessageA
EnumThreadWindows
GetWindowLongA
SendMessageA
RegisterClassA
GetMessageA
LoadStringW
LoadStringA
DispatchMessageA
DefWindowProcA
CreateWindowExA
TranslateMessage
GetClassInfoA
MessageBoxW
GetActiveWindow
CharNextA

ole32

CreateFileMoniker
CoRegisterMessageFilter
CoGetTreatAsClass
MkParseDisplayName
CoRevokeClassObject
CoGetMalloc
CoRegisterClassObject
CreateBindCtx
CoInitializeSecurity
StringFromCLSID
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoInitialize
CLSIDFromString
CoGetClassObject
CLSIDFromProgID

advapi32

RegQueryValueExA
LookupAccountNameW
RegOpenKeyExA
ReportEventW
RegisterEventSourceW
RegEnumKeyExA
IsTextUnicode
GetUserNameW
DeregisterEventSource
ImpersonateLoggedOnUser
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegOpenKeyA
RegSetValueA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyExW
RegQueryValueA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW

version

GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1/Adobe PhotoShop/zz.exe
.exe windows:6 windows x64 arch:x64

Password: infected

de41d4e0545d977de6ca665131bb479a

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/07/2021, 00:00

Not After

10/07/2024, 23:59

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

21:00:7e:81:1d:66:63:b0:28:5d:a2:b1:d9:ae:4e:4d:d5:23:b0:23:e0:aa:ac:18:20:01:78:26:97:95:ae:92
Signer

Actual PE Digest

21:00:7e:81:1d:66:63:b0:28:5d:a2:b1:d9:ae:4e:4d:d5:23:b0:23:e0:aa:ac:18:20:01:78:26:97:95:ae:92

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_commode
_fmode
_initterm
_onexit
_wcsicmp
_wcsnicmp
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
memset
signal
strlen
strncmp
vfprintf
wcscat
wcscpy
wcslen
wcsncmp

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1/DCIM.lnk
.lnk
1/shell32.dll
.dll regsvr32 windows:10 windows x86 arch:x86

Password: infected

268ff5c638b2fff77fbc69964d640e0b

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

96:26:00:a6:4e:04:e7:48:00:52:40:d0:6a:84:9c:3e:83:24:60:8b:1b:25:9c:fd:f8:e4:18:9b:2f:af:16:ce
Signer

Actual PE Digest

96:26:00:a6:4e:04:e7:48:00:52:40:d0:6a:84:9c:3e:83:24:60:8b:1b:25:9c:fd:f8:e4:18:9b:2f:af:16:ce

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsncmp
wcscspn
wcspbrk
wcsspn

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o_qsort
_o_rand
_o_realloc
_o_srand
_o_strncpy_s
_o_strtol
_o_toupper
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstol
_o_wcstoul
strchr
wcsrchr
_except_handler4_common
__CxxFrameHandler3
_o_malloc
_o_floor
_o_ceil
_o_calloc
_o_bsearch
_o__wtoi
memmove
_o__wcsupr
_o__wcstoui64
_o__wcsnicmp
_o__wcsicmp
_o__ui64tow_s
_o__strnicmp
_o_iswalpha
_o__set_errno
_o__seh_filter_dll
_o__resetstkoflw
_o__register_onexit_function
_o__purecall
_o_isdigit
_o_isalpha
_o_free
_o__itow
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__get_errno
_o__execute_onexit_table
_o__errno
_o__difftime32
_o__crt_atexit
_o__configure_narrow_argv
_o__CIsqrt
_o__CIpow
_o__CIlog
_o__CIexp
_o__cexit
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
wcschr
wcsstr
memcmp
memcpy

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalAlloc
GlobalAlloc
GlobalFree
LocalFree

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegDeleteTreeW
RegSetValueExW
RegGetKeySecurity
RegOpenKeyExW
RegDeleteKeyExW
RegQueryInfoKeyA
RegOpenCurrentUser
RegOpenKeyExA
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegQueryValueExA
RegDeleteValueW
RegGetValueW
RegEnumValueW
RegEnumKeyExW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LoadStringW
EnumResourceNamesExW
FreeLibrary
LoadResource
FindStringOrdinal
GetModuleHandleExW
GetModuleHandleW
LoadStringA
LoadLibraryExA
LoadLibraryExW
FindResourceExW
LockResource
GetModuleFileNameA
GetProcAddress
DisableThreadLibraryCalls
SizeofResource
FreeResource

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetTickCount64
GetTickCount
GetVersionExW
GetLocalTime
GetSystemInfo
GetComputerNameExW
GetWindowsDirectoryW
GlobalMemoryStatusEx

api-ms-win-core-memory-l1-1-0

VirtualQuery
OpenFileMappingW
WriteProcessMemory
VirtualAlloc
VirtualProtect
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
VirtualFree
ReadProcessMemory

api-ms-win-core-file-l1-1-0

FindFirstFileW
FindNextFileW
FindClose
GetFileSize
GetLongPathNameW
GetDiskFreeSpaceW
FileTimeToLocalFileTime
GetFileAttributesExW
GetShortPathNameW
FindFirstFileExW
GetVolumePathNameW
GetTempFileNameW
ReadFile
GetDriveTypeW
GetFileInformationByHandle
GetFullPathNameW
SetFilePointer
DefineDosDeviceW
CreateDirectoryW
WriteFile
RemoveDirectoryW
SetFileAttributesW
DeleteFileW
SetEndOfFile
LocalFileTimeToFileTime
GetLogicalDrives
GetFileAttributesW
CompareFileTime
SetFileTime
GetVolumeInformationW
FindFirstVolumeW
QueryDosDeviceW
FindNextVolumeW
FindVolumeClose
GetFileSizeEx
SetFileInformationByHandle
CreateFileW
SetFilePointerEx
FlushFileBuffers
GetDiskFreeSpaceExW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeExW
CompareStringEx
GetStringTypeW
CompareStringOrdinal
CompareStringW

api-ms-win-core-synch-l1-1-0

CreateMutexW
CreateMutexExW
WaitForSingleObject
AcquireSRWLockShared
TryAcquireSRWLockShared
SetWaitableTimer
CreateWaitableTimerExW
ReleaseSRWLockShared
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
TryEnterCriticalSection
OpenEventW
CreateSemaphoreExW
CreateEventW
OpenSemaphoreW
SetEvent
InitializeCriticalSectionEx
CreateEventExW
InitializeSRWLock
TryAcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection
OpenMutexW
ReleaseMutex
WaitForMultipleObjectsEx
ResetEvent

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
SetThreadPriority
SetThreadToken
GetThreadId
OpenThread
GetExitCodeThread
ResumeThread
GetCurrentProcessId
CreateProcessW
OpenProcessToken
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateProcessAsUserW
SetPriorityClass
CreateThread
GetProcessId
ExitProcess
OpenThreadToken
GetCurrentThread
TlsFree
TlsAlloc
ProcessIdToSessionId
TlsSetValue
TlsGetValue
GetThreadPriority

api-ms-win-core-string-l2-1-0

CharLowerW
CharUpperW
IsCharAlphaW
CharNextW
CharPrevW
CharUpperBuffW
CharLowerBuffW

api-ms-win-core-file-l2-1-0

ReadDirectoryChangesW
GetFileInformationByHandleEx
MoveFileExW
CreateHardLinkW
CopyFile2
ReplaceFileW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW
SearchPathW
GetCommandLineW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
ExpandEnvironmentStringsA

api-ms-win-core-localization-l1-2-0

VerLanguageNameW
GetThreadLocale
GetUserDefaultLangID
GetACP
LCMapStringW
IsValidLocaleName
FormatMessageW
GetLocaleInfoW
LCMapStringEx
GetThreadUILanguage
FindNLSStringEx
GetSystemDefaultLangID
LocaleNameToLCID
GetSystemPreferredUILanguages
FindNLSString
ResolveLocaleName
GetSystemDefaultLCID
GetUserPreferredUILanguages
IsDBCSLeadByte
GetCPInfo
GetUserDefaultLCID

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
AccessCheck
DeleteAce
DuplicateTokenEx
GetSecurityDescriptorOwner
ImpersonateSelf
RevertToSelf
IsWellKnownSid
GetSidIdentifierAuthority
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
InitializeAcl
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetFileSecurityW
CheckTokenMembership
CreateWellKnownSid
EqualSid
GetTokenInformation
AddAccessAllowedAceEx
AddAce
GetAce
GetAclInformation
AddAccessDeniedAceEx
CopySid
GetSecurityDescriptorControl
DuplicateToken
SetFileSecurityW
SetSecurityDescriptorOwner
GetLengthSid
IsValidSid
GetSidSubAuthorityCount
AdjustTokenPrivileges
SetTokenInformation
FreeSid

api-ms-win-core-heap-l1-1-0

HeapFree
HeapDestroy
HeapReAlloc
HeapAlloc
GetProcessHeap

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-timezone-l1-1-0

TzSpecificLocalTimeToSystemTime
GetTimeZoneInformationForYear
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolWork
WaitForThreadpoolWaitCallbacks
SubmitThreadpoolWork
CloseThreadpoolWait
CreateThreadpoolWait
SetThreadpoolWait

api-ms-win-core-processthreads-l1-1-1

OpenProcess
FlushInstructionCache
IsProcessorFeaturePresent

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW
QueryFullProcessImageNameW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete
Sleep

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAddBackslash
PathCchRemoveExtension
PathCchStripPrefix
PathCchStripToRoot
PathCchCanonicalize
PathAllocCanonicalize
PathCchAppend
PathIsUNCEx
PathCchAddBackslashEx
PathCchRemoveFileSpec
PathCchAppendEx
PathCchRemoveBackslash
PathCchAddExtension
PathCchRenameExtension
PathCchSkipRoot
PathCchCombineEx
PathAllocCombine

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
GetTempPathW

api-ms-win-core-io-l1-1-0

GetQueuedCompletionStatus
DeviceIoControl
GetOverlappedResult
CreateIoCompletionPort
CancelIoEx

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
GetNativeSystemInfo

api-ms-win-core-wow64-l1-1-0

IsWow64Process
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_PropertyW
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_IDW
CM_Locate_DevNodeW

api-ms-win-core-wow64-l1-1-1

IsWow64Process2
GetSystemWow64DirectoryW

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-sysinfo-l1-2-3

GetIntegratedDisplaySize

api-ms-win-core-memory-l1-1-1

PrefetchVirtualMemory

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventProviderEnabled
EventRegister
EventActivityIdControl

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceEnableLevel
UnregisterTraceGuids

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrA
StrCmpNW
StrChrIW
StrToIntA
StrSpnW
StrPBrkW
StrCmpNCW
StrCpyNXW
StrCSpnW
StrCmpLogicalW
StrCmpNICW
StrDupA
StrCmpW
StrTrimW
StrToIntExW
StrChrW
StrCmpICA
StrCmpIW
QISearch
StrDupW
StrCmpNA
StrTrimA
StrCmpCW
StrToIntW
StrCmpICW
StrCmpNIA
StrStrW
StrStrIW
StrStrIA
StrStrA
StrRStrIW
StrRStrIA
StrRChrW
StrRChrIW
StrRChrIA
StrRChrA
StrCmpNIW
StrChrIA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrlenW
lstrcmpiA
lstrcmpW
lstrcmpA
lstrlenA

api-ms-win-core-stringansi-l1-1-0

CharPrevA
CharNextA

api-ms-win-core-privateprofile-l1-1-0

GetProfileSectionW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetProfileIntW
GetPrivateProfileIntW
GetPrivateProfileStringW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalFlags
GlobalSize
GlobalUnlock
GlobalReAlloc
LocalSize
GlobalLock

api-ms-win-core-localization-obsolete-l1-2-0

GetNumberFormatW
EnumUILanguagesW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-atoms-l1-1-0

FindAtomW
GlobalGetAtomNameW
GlobalDeleteAtom
GlobalAddAtomW
GetAtomNameW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsUNCServerShareW
PathUnquoteSpacesW
PathFindExtensionW
PathParseIconLocationW
PathRemoveExtensionW
PathFindFileNameW
PathQuoteSpacesW
PathQuoteSpacesA
PathIsUNCW
PathAppendW
SHExpandEnvironmentStringsW
PathGetDriveNumberW
SHExpandEnvironmentStringsA
PathSkipRootW
PathFileExistsW
PathCombineW
PathRemoveFileSpecW
PathMatchSpecW
PathStripToRootW
PathIsRootW
PathIsRelativeW
PathFindNextComponentW
PathMatchSpecExW
PathRemoveBlanksW
PathGetArgsW
PathStripPathW
PathIsValidCharW
PathIsFileSpecW
PathRemoveBackslashW
PathGetCharTypeW
PathRemoveFileSpecA
PathIsRootA
PathAppendA
IsCharSpaceW
PathIsPrefixW
PathIsSameRootW
PathCommonPrefixW
PathIsUNCServerW
PathUnExpandEnvStringsW
PathAddBackslashW

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
GetShortPathNameA
UnregisterWait
GetComputerNameW
MulDiv
GetSystemPowerStatus
SetVolumeLabelW
WTSGetActiveConsoleSessionId

api-ms-win-core-kernel32-legacy-l1-1-1

PowerClearRequest
PowerSetRequest
PowerCreateRequest

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
DeleteTimerQueueTimer
CreateTimerQueueTimer
QueueUserWorkItem

api-ms-win-core-kernel32-legacy-l1-1-2

GetBinaryTypeW

api-ms-win-core-url-l1-1-0

PathCreateFromUrlW
ParseURLW
UrlUnescapeW
UrlApplySchemeW
UrlGetPartW
HashData
UrlFixupW
UrlCanonicalizeW
UrlCreateFromPathW
PathCreateFromUrlAlloc
UrlUnescapeA
UrlCompareW
UrlEscapeW
PathIsURLW
UrlIsW

api-ms-win-core-registryuserspecific-l1-1-0

SHRegOpenUSKeyW
SHRegEnumUSKeyW
SHRegGetUSValueW
SHRegCloseUSKey
SHRegOpenUSKeyA
SHRegQueryUSValueW
SHRegGetBoolUSValueW

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled
CheckElevation
Wow64EnableWow64FsRedirection

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-sidebyside-l1-1-0

QueryActCtxW
DeactivateActCtx
CreateActCtxW
ActivateActCtx
ReleaseActCtx

api-ms-win-shcore-path-l1-1-0

ord170
ord172

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-storage-exports-internal-l1-1-0

IsLibraryCreatedByPolicy
CMruLongList_CreateInstance
SHGetSpecialFolderLocation
SHGetKnownFolderIDList
CFSFolder_CreateFolder
IsLibraryPolicyEnabled
SendNotificationsForLibraryItem
CShellItemArrayWithCommonParent_CreateInstance
CShellItemArrayAsVirtualizedObjectArray_CreateInstance
CPrivateProfileCache_Save
CTaskAddDoc_Create
StateRepoVerbsCache_GetContextMenuVerbs
GetRegDataDrivenCommandWithAssociation
Global_WindowsStorage_lProcessClassCount
StateRepoVerbsCache_RebuildCacheAsync
Global_WindowsStorage_Untyped_FileClassSRWLock
Global_WindowsStorage_Untyped_pFileHanderMap
Global_WindowsStorage_Untyped_pFileClassCacheTable
CreateExtrinsicPropertyStore
GetInfoForFileInUse
DataAccessCaches_InvalidateForLibrary
CRegFolder_CreateAndInit
_CleanRecentDocs
SHGetFolderPathEx
CCachedShellItem_CreateInstance
CFSFolder_AdjustForSlowColumn
SHCreateItemWithParentAndChildId
_PredictReasonableImpact
RegistryVerbs_GetHandlerMultiSelectModel
HideExtension
IsNameListedUnderKey
CopyDefaultLibrariesFromGroupPolicy
SHGetKnownFolderIDList_Internal
CreateItemArrayFromItemStore
GetFileUndoText
Global_WindowsStorage_ulNextID
Global_WindowsStorage_tlsChangeClientProxy
Global_WindowsStorage_hwndSCN
Global_WindowsStorage_csSCN
CShellItemArray_CreateInstance
Global_WindowsStorage_Untyped_MountPoint
Global_WindowsStorage_fIconCacheHasBeenSuccessfullyCreated
Global_WindowsStorage_fNeedsInitBroadcast
Global_WindowsStorage_iLastSysIcon
Global_WindowsStorage_lrFlags
Global_WindowsStorage_csIconCache
Global_WindowsStorage_iLastSystemColorDepth
Global_WindowsStorage_MaxIcons
Global_WindowsStorage_afNotRedirected
Global_WindowsStorage_fIconCacheIsValid
Global_WindowsStorage_ccIcon
Global_WindowsStorage_fEndInitialized
Global_WindowsStorage_dwThreadInitializing
GetRegDataDrivenCommand
GetSelectionStateFromItemArray
SetThreadFlags
SHResolveLibrary
SHSetFolderPathW
SHSetFolderPathA
SHGetFolderPathAndSubDirA
SHKnownFolderFromCSIDL
SHPrepareKnownFoldersCommon
SHPrepareKnownFoldersUser
CustomStatePropertyDescription_CreateWithItemPropertyStore
CDesktopFolder_CreateInstanceWithBindContext
Global_WindowsStorage_dwThreadBindCtx
CShellItem_CreateInstance
CFileOperationRecorder_CreateInstance
Global_WindowsStorage_iUseLinkPrefix
Global_WindowsStorage_Untyped_rgshil
CShellItemArrayAsCollection_CreateInstance
GetThreadFlags
DetermineFolderDestinationParentAppID
EnumShellItemsFromEnumFullIdList
SHFileOperationWithAdditionalFlags
Global_WindowsStorage_esServerMode
GetCommandProviderForFolderType
CCollectionFactory_CreateInstance
CreateItemArrayFromObjectArray
CreateLocalizationDesktopIni
GetFindDataForPath
SHGetKnownFolderItem
Global_WindowsStorage_tlsIconCache
CreateSortColumnArray
CViewSettings_CreateInstance

api-ms-win-storage-exports-external-l1-1-0

STORAGE_CreateSortColumnArrayFromListDesc
STORAGE_MakeDestinationItem
STORAGE_ClearDestinationsForAllApps
STORAGE_AddNewFolderToFrequentPlaces
STORAGE_SHAddToRecentDocsEx
STORAGE_SHAddToRecentDocs
STORAGE_AddItemToRecentDocs
STORAGE_CEnumFiles_CreateInstance
STORAGE_SHPathPrepareForWriteA
STORAGE_SHPathPrepareForWriteW
STORAGE_SHValidateMSUri
STORAGE_SHGetPathFromMsUri
STORAGE_GetSystemPersistedStorageItemList
STORAGE_CreateStorageItemFromPath_FullTrustCaller_ForPackage
STORAGE_CreateStorageItemFromPath_PartialTrustCaller
STORAGE_GetShellItemFromStorageItem
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller_UseImplicitFlagsAndPackage
STORAGE_SHGetDesktopFolderWorker
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller_ForPackage_WithProcessHandle
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller_ForPackage
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller
STORAGE_CreateStorageItemFromPath_FullTrustCaller
STORAGE_CStorageItem_GetValidatedStorageItemObject
STORAGE_CStorageItem_GetValidatedStorageItem
STORAGE_SHFreeNameMappings
STORAGE_SHFileOperation
STORAGE_SHFileOperationA
STORAGE_SHCreateDirectoryExA
STORAGE_SHCreateDirectory
STORAGE_SHConfirmOperation
STORAGE_SHCreateShellItemArrayFromShellItem
STORAGE_SHCreateShellItemArrayFromIDLists
STORAGE_SHCreateShellItemArrayFromDataObject
STORAGE_SHCreateShellItemArray

api-ms-win-shell-shellcom-l1-1-0

SHCoCreateInstance

api-ms-win-shell-shellfolders-l1-1-0

SHGetKnownFolderPath
SHGetFolderLocation
SHSetKnownFolderPath
SHGetFolderPathA
SHGetFolderPathAndSubDirW
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
SHGetFolderPathW

kernelbase

GetCurrentPackageInfo
GetPackagesByPackageFamily
GetPackageFullName
OpenState
OpenStateExplicit
GetStateFolder
CloseState
ExtensionProgIdExists
GetExtensionProgIds
GetEffectivePackageStatusForUser
PackageNameAndPublisherIdFromFamilyName
NotifyRedirectedStringChange
GetStagedPackagePathByFullName
OpenPackageInfoByFullName
GetPackageInfo
ClosePackageInfo
GetSystemAppDataKey

user32

SetRect
GetMonitorInfoW
MonitorFromPoint
GetUserObjectInformationW
GetThreadDesktop
GetProcessWindowStation
ChangeWindowMessageFilterEx
RegisterWindowMessageW
GetMessagePos
GetKeyboardLayout
SetClipboardViewer
TranslateAcceleratorW
CreateMenu
InsertMenuW
EndMenu
DestroyAcceleratorTable
PtInRect
GetMessageExtraInfo
SetGestureConfig
CloseGestureInfoHandle
GetGestureInfo
ChangeClipboardChain
MapWindowPoints
GetMenuItemID
EnableMenuItem
InsertMenuItemW
GetFocus
CheckMenuItem
CheckMenuRadioItem
AppendMenuW
GetDoubleClickTime
MessageBeep
TrackPopupMenu
SetMessageExtraInfo
SetMenuDefaultItem
SetMenuItemInfoW
LoadAcceleratorsW
GetMenuStringW
GetDesktopWindow
GetForegroundWindow
NotifyWinEvent
SendNotifyMessageW
SystemParametersInfoW
GetMenuItemInfoW
GetMenuItemCount
EnumWindows
IsWindow
WaitForInputIdle
GetWindowThreadProcessId
GetMenuDefaultItem
GetLastActivePopup
SwitchToThisWindow
GetCursorPos
RegisterClipboardFormatW
GetWindow
FindWindowW
GetClassNameW
GetAncestor
MsgWaitForMultipleObjectsEx
PeekMessageW
PostQuitMessage
SetForegroundWindow
ShutdownBlockReasonDestroy
ShutdownBlockReasonCreate
LoadMenuW
GetSubMenu
RemoveMenu
DeleteMenu
DestroyMenu
CreatePopupMenu
SetProcessDPIAware
DispatchMessageW
TranslateMessage
GetMessageW
IsWindowVisible
GetUpdateRect
TrackMouseEvent
UpdateWindow
KillTimer
SetTimer
AdjustWindowRectEx
DestroyWindow
EnableWindow
SetFocus
GetDlgItemInt
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
GetDlgItemTextA
GetKeyState
MapVirtualKeyW
GrayStringW
IsWindowEnabled
TabbedTextOutW
DrawTextW
EndPaint
DrawFrameControl
FillRect
DrawEdge
InflateRect
OffsetRect
BeginPaint
ExitWindowsEx
CopyRect
DefWindowProcW
GetWindowRect
UnregisterClassW
RegisterClassW
ReleaseDC
GetDC
PostMessageW
CheckDlgButton
GetParent
CharToOemBuffA
OemToCharBuffA
DrawFocusRect
DrawIcon
GetSysColor
EndDialog
GetWindowLongW
SetWindowLongW
GetWindowTextW
SetWindowPos
GetClientRect
ShowWindow
SetWindowTextW
GetDlgItem
InvalidateRect
LoadCursorW
SetCursor
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
ScreenToClient
SendMessageW
LookupIconIdFromDirectory
CreateIconIndirect
GetIconInfo
DestroyIcon
PrivateExtractIconsW
LoadIconW
GetSystemMetrics
LoadImageW
GetClipboardOwner
IsHungAppWindow
CountClipboardFormats
GetMenuState
ModifyMenuW
IsMenu
SetPropW
RemovePropW
GetPropW
CopyIcon
IsIconic
SendMessageTimeoutW
GetScrollInfo
RegisterClassExW
SetWindowCompositionAttribute
EnumDisplayDevicesW
GetClassInfoExW
MonitorFromRect
TrackPopupMenuEx
GetCapture
ReleaseCapture
SetCapture
IsDialogMessageW
SetDialogDpiChangeBehavior
PostThreadMessageW
GetSystemMenu
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
WindowFromPoint
SetParent
IsRectEmpty
ClientToScreen
CheckRadioButton
LoadBitmapW
GetMessageTime
CreateAcceleratorTableW
EnumDisplayMonitors
SetShellWindowEx
GetClassLongW
EnumDisplaySettingsW
ord2707
LockWindowUpdate
WaitMessage
DdeQueryConvInfo
DdeGetData
DdeGetLastError
DdeCreateDataHandle
DdeCreateStringHandleW
DdeFreeStringHandle
DdeQueryStringW
DdeDisconnect
DdeNameService
DdeUninitialize
DdeInitializeW
UnpackDDElParam
wsprintfW
SetSysColors
DisplayConfigGetDeviceInfo
SystemParametersInfoForDpi
SetShellWindow
SetWinEventHook
UnhookWinEvent
IsWinEventHookInstalled
GetMenuInfo
EmptyClipboard
GetCurrentInputMessageSource
UnionRect
IsChild
UpdateLayeredWindow
ord2521
GetAsyncKeyState
MonitorFromWindow
IntersectRect
EqualRect
IsSETEnabled
AllowSetForegroundWindow
GetProcessDefaultLayout
IsProcessDPIAware
DrawIconEx
GetWindowBand
SetActiveWindow
MapDialogRect
CopyImage
GetWindowTextLengthW
GetClassInfoW
GetTaskmanWindow
SetTaskmanWindow
DeregisterShellHookWindow
RegisterShellHookWindow
IsWindowUnicode
DefWindowProcA
AttachThreadInput
MoveWindow
CopyAcceleratorTableW
DeferWindowPos
MessageBoxW
SendMessageCallbackW
UnregisterDeviceNotification
RegisterDeviceNotificationW
MsgWaitForMultipleObjects
GetShellWindow
GetShellChangeNotifyWindow
SetShellChangeNotifyWindow
GetDlgCtrlID
AdjustWindowRect
BeginDeferWindowPos
EndDeferWindowPos
GetSystemMetricsForDpi
GetDpiForSystem
CreateWindowInBand
OpenInputDesktop
CloseDesktop
RedrawWindow
EnumPropsExW
OpenClipboard
GetClipboardData
SetClipboardData
CloseClipboard
EnumChildWindows
SetThreadDpiAwarenessContext
GetWindowPlacement
BroadcastSystemMessageW
GetDpiForWindow
DialogBoxParamW
SetRectEmpty
GetPointerDevices
GetWindowDC
SetLayeredWindowAttributes
CreateWindowIndirect
SubtractRect
AdjustWindowRectExForDpi
ActivateKeyboardLayout
DrawTextExW
RegisterWindowMessageA
FindWindowExW
CreateWindowExW
WinHelpW
SystemParametersInfoA
GetLastInputInfo
GetDialogBaseUnits
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowRgn
SetScrollInfo
QueryDisplayConfig
GetDisplayConfigBufferSizes
CreateDialogParamW
ChildWindowFromPoint
SetMenu
LockSetForegroundWindow
ShowCaret
HideCaret
GetCursor
AnimateWindow
ShowScrollBar
ord2705
SetScrollPos
CallWindowProcW
AreDpiAwarenessContextsEqual
CallNextHookEx
SetCoalescableTimer
GetSysColorBrush
SetMenuInfo
GetWindowDpiAwarenessContext

ntdll

NtQueryAttributesFile
RtlFlushHeaps
RtlAreLongPathsEnabled
RtlQueryResourcePolicy
NtPowerInformation
RtlDosPathNameToRelativeNtPathName_U
EtwGetTraceEnableLevel
NtOpenThreadToken
NtOpenProcessToken
NtQueryInformationToken
RtlDllShutdownInProgress
RtlGetDeviceFamilyInfoEnum
WinSqmAddToStreamEx
NtSetCachedSigningLevel
NtCompareSigningLevels
NtGetCachedSigningLevel
RtlMapGenericMask
WinSqmSetDWORD
WinSqmIncrementDWORD
WinSqmAddToStream
EtwTraceMessage
EtwEventWrite
EtwEventEnabled
EtwEventActivityIdControl
RtlInitializeResource
RtlAcquireResourceExclusive
RtlReleaseResource
RtlDeleteResource
EtwEventSetInformation
EtwEventRegister
EtwEventUnregister
RtlDestroyEnvironment
RtlSetCurrentEnvironment
RtlCreateEnvironment
RtlExpandEnvironmentStrings_U
RtlSetEnvironmentVariable
RtlQueryEnvironmentVariable_U
RtlInitUnicodeStringEx
RtlGetLastNtStatus
RtlFreeUnicodeString
RtlReleaseRelativeName
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtQueryVolumeInformationFile
EtwLogTraceEvent
RtlFreeHeap
RtlDosPathNameToNtPathName_U_WithStatus
NtOpenFile
NtSetInformationFile
RtlUnicodeStringToOemString
NtFsControlFile
NtClose
NtCreateFile
RtlNtStatusToDosError
NtQueryInformationFile
RtlPrefixString
RtlInitUnicodeString
EtwEventWriteTransfer
NtQueryInformationProcess
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlAllocateHeap
NtSetInformationToken
RtlQueryWnfStateData
RtlGetNtSystemRoot
RtlQueryRegistryValuesEx
RtlCheckRegistryKey
NtQuerySystemInformation
NtQueryObject
NtQueryKey
RtlIsPartialPlaceholder
NtSetSecurityObject
NtQuerySecurityObject
RtlDosPathNameToNtPathName_U
ShipAssert
RtlIsNonEmptyDirectoryReparsePointAllowed
ZwQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlRandomEx
RtlCreateUnicodeString
RtlPublishWnfStateData
NtQueryWnfStateData
NtQueryInformationThread
RtlCreateServiceSid
RtlLengthRequiredSid
RtlGetNtProductType
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle

gdi32

SetViewportOrgEx
SetBkColor
GetLayout
ExcludeClipRect
SetLayout
SelectObject
GetStockObject
GetTextMetricsW
AddFontResourceW
PatBlt
TextOutA
GetTextExtentPoint32A
CreateFontW
GetPixel
GetDIBColorTable
SetDIBits
ExtTextOutW
GetObjectType
GetWindowOrgEx
GetRegionData
GetRgnBox
CombineRgn
SaveDC
RestoreDC
CreateRectRgnIndirect
SetDCBrushColor
PlgBlt
ExtSelectClipRgn
GetViewportOrgEx
DeleteMetaFile
PlayMetaFile
SetMetaFileBitsEx
LPtoDP
SelectClipRgn
IntersectClipRect
GetClipRgn
CreateRectRgn
GetClipBox
StretchDIBits
SetViewportExtEx
DeleteObject
SetWindowExtEx
SetMapMode
GetTextAlign
CreatePolygonRgn
LineTo
MoveToEx
SetStretchBltMode
SetTextAlign
Rectangle
CreatePen
CreateFontIndirectW
GetCurrentObject
GetTextColor
GdiTransparentBlt
StretchBlt
GetDIBits
CreateBitmap
CreateCompatibleBitmap
GdiAlphaBlend
CreateDCW
CreateDIBSection
GetTextExtentPointW
GetObjectW
SetWindowOrgEx
OffsetWindowOrgEx
CreateSolidBrush
GetDeviceCaps
SetBkMode
CreateFontA
EnumFontFamiliesA
DeleteDC
BitBlt
CreateCompatibleDC
GetTextExtentPoint32W
SetTextColor

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-job-l2-1-0

CreateJobObjectW
SetInformationJobObject
AssignProcessToJobObject

api-ms-win-security-cryptoapi-l1-1-0

CryptGenRandom

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AppCompat_RunDLLW
AssocCreateForClasses
AssocGetDetailsOfPropKey
CDefFolderMenu_Create2
CIDLData_CreateFromIDArray
CStorageItem_GetValidatedStorageItemObject
CheckEscapesW
CommandLineToArgvW
Control_RunDLL
Control_RunDLLA
Control_RunDLLAsUserW
Control_RunDLLW
CreateStorageItemFromPath_FullTrustCaller
CreateStorageItemFromPath_FullTrustCaller_ForPackage
CreateStorageItemFromPath_PartialTrustCaller
CreateStorageItemFromShellItem_FullTrustCaller
CreateStorageItemFromShellItem_FullTrustCaller_ForPackage
CreateStorageItemFromShellItem_FullTrustCaller_ForPackage_WithProcessHandle
CreateStorageItemFromShellItem_FullTrustCaller_UseImplicitFlagsAndPackage
DAD_AutoScroll
DAD_DragEnterEx
DAD_DragEnterEx2
DAD_DragLeave
DAD_DragMove
DAD_SetDragImage
DAD_ShowDragImage
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllUnregisterServer
DoEnvironmentSubstA
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
DragQueryPoint
DriveType
DuplicateIcon
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconA
ExtractIconEx
ExtractIconExA
ExtractIconExW
ExtractIconW
FindExecutableA
FindExecutableW
FreeIconList
GetCurrentProcessExplicitAppUserModelID
GetFileNameFromBrowse
GetSystemPersistedStorageItemList
ILAppendID
ILClone
ILCloneFirst
ILCombine
ILCreateFromPath
ILCreateFromPathA
ILCreateFromPathW
ILFindChild
ILFindLastID
ILFree
ILGetNext
ILGetSize
ILIsEqual
ILIsParent
ILLoadFromStreamEx
ILRemoveLastID
ILSaveToStream
InitNetworkAddressControl
InternalExtractIconListA
InternalExtractIconListW
IsDesktopExplorerProcess
IsLFNDrive
IsLFNDriveA
IsLFNDriveW
IsNetDrive
IsProcessAnExplorer
IsUserAnAdmin
LaunchMSHelp_RunDLLW
OpenAs_RunDLL
OpenAs_RunDLLA
OpenAs_RunDLLW
OpenRegStream
Options_RunDLL
Options_RunDLLA
Options_RunDLLW
PathCleanupSpec
PathGetShortPath
PathIsExe
PathIsSlowA
PathIsSlowW
PathMakeUniqueName
PathQualify
PathResolve
PathYetAnotherMakeUniqueName
PickIconDlg
PifMgr_CloseProperties
PifMgr_GetProperties
PifMgr_OpenProperties
PifMgr_SetProperties
PrepareDiscForBurnRunDllW
PrintersGetCommand_RunDLL
PrintersGetCommand_RunDLLA
PrintersGetCommand_RunDLLW
ReadCabinetState
RealDriveType
RealShellExecuteA
RealShellExecuteExA
RealShellExecuteExW
RealShellExecuteW
RegenerateUserEnvironment
RestartDialog
RestartDialogEx
RunAsNewUser_RunDLLW
SHAddDefaultPropertiesByExt
SHAddFromPropSheetExtArray
SHAddToRecentDocs
SHAlloc
SHAppBarMessage
SHAssocEnumHandlers
SHAssocEnumHandlersForProtocolByApplication
SHBindToFolderIDListParent
SHBindToFolderIDListParentEx
SHBindToObject
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHBrowseForFolderW
SHCLSIDFromString
SHChangeNotification_Lock
SHChangeNotification_Unlock
SHChangeNotify
SHChangeNotifyDeregister
SHChangeNotifyRegister
SHChangeNotifyRegisterThread
SHChangeNotifySuspendResume
SHCloneSpecialIDList
SHCoCreateInstance
SHCoCreateInstanceWorker
SHCreateAssociationRegistration
SHCreateCategoryEnum
SHCreateDataObject
SHCreateDefaultContextMenu
SHCreateDefaultExtractIcon
SHCreateDefaultPropertiesOp
SHCreateDirectory
SHCreateDirectoryExA
SHCreateDirectoryExW
SHCreateDrvExtIcon
SHCreateFileExtractIconW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHCreateItemFromRelativeName
SHCreateItemInKnownFolder
SHCreateItemWithParent
SHCreateLocalServerRunDll
SHCreateProcessAsUserW
SHCreatePropSheetExtArray
SHCreateQueryCancelAutoPlayMoniker
SHCreateShellFolderView
SHCreateShellFolderViewEx
SHCreateShellItem
SHCreateShellItemArray
SHCreateShellItemArrayFromDataObject
SHCreateShellItemArrayFromIDLists
SHCreateShellItemArrayFromShellItem
SHCreateStdEnumFmtEtc
SHDefExtractIconA
SHDefExtractIconW
SHDestroyPropSheetExtArray
SHDoDragDrop
SHELL32_AddToBackIconTable
SHELL32_AddToFrontIconTable
SHELL32_AreAllItemsAvailable
SHELL32_BindToFilePlaceholderHandler
SHELL32_CCommonPlacesFolder_CreateInstance
SHELL32_CDBurn_CloseSession
SHELL32_CDBurn_DriveSupportedForDataBurn
SHELL32_CDBurn_Erase
SHELL32_CDBurn_GetCDInfo
SHELL32_CDBurn_GetLiveFSDiscInfo
SHELL32_CDBurn_GetStagingPathOrNormalPath
SHELL32_CDBurn_GetTaskInfo
SHELL32_CDBurn_IsBlankDisc
SHELL32_CDBurn_IsBlankDisc2
SHELL32_CDBurn_IsLiveFS
SHELL32_CDBurn_OnDeviceChange
SHELL32_CDBurn_OnEject
SHELL32_CDBurn_OnMediaChange
SHELL32_CDefFolderMenu_Create2
SHELL32_CDefFolderMenu_Create2Ex
SHELL32_CDefFolderMenu_MergeMenu
SHELL32_CDrivesContextMenu_Create
SHELL32_CDrivesDropTarget_Create
SHELL32_CDrives_CreateSFVCB
SHELL32_CFSDropTarget_CreateInstance
SHELL32_CFSFolderCallback_Create
SHELL32_CFillPropertiesTask_CreateInstance
SHELL32_CLibraryDropTarget_CreateInstance
SHELL32_CLocationContextMenu_Create
SHELL32_CLocationFolderUI_CreateInstance
SHELL32_CMountPoint_DoAutorun
SHELL32_CMountPoint_DoAutorunPrompt
SHELL32_CMountPoint_IsAutoRunDriveAndEnabledByPolicy
SHELL32_CMountPoint_ProcessAutoRunFile
SHELL32_CMountPoint_WantAutorunUI
SHELL32_CMountPoint_WantAutorunUIGetReady
SHELL32_CNetFolderUI_CreateInstance
SHELL32_CPL_CategoryIdArrayFromVariant
SHELL32_CPL_IsLegacyCanonicalNameListedUnderKey
SHELL32_CPL_ModifyWowDisplayName
SHELL32_CRecentDocsContextMenu_CreateInstance
SHELL32_CSyncRootManager_CreateInstance
SHELL32_CTransferConfirmation_CreateInstance
SHELL32_CallFileCopyHooks
SHELL32_CanDisplayWin8CopyDialog
SHELL32_CloseAutoplayPrompt
SHELL32_CommandLineFromMsiDescriptor
SHELL32_CopyFilePlaceholderToNewFile
SHELL32_CopySecondaryTiles
SHELL32_CreateConfirmationInterrupt
SHELL32_CreateConflictInterrupt
SHELL32_CreateDefaultOperationDataProvider
SHELL32_CreateFileFolderContextMenu
SHELL32_CreateLinkInfoW
SHELL32_CreatePlaceholderFile
SHELL32_CreateQosRecorder
SHELL32_CreateSharePointView
SHELL32_Create_IEnumUICommand
SHELL32_DestroyLinkInfo
SHELL32_EncryptDirectory
SHELL32_EncryptedFileKeyInfo
SHELL32_EnumCommonTasks
SHELL32_FilePlaceholder_BindToPrimaryStream
SHELL32_FilePlaceholder_CreateInstance
SHELL32_FreeEncryptedFileKeyInfo
SHELL32_GenerateAppID
SHELL32_GetAppIDRoot
SHELL32_GetCommandProviderForFolderType
SHELL32_GetDPIAdjustedLogicalSize
SHELL32_GetDiskCleanupPath
SHELL32_GetFileNameFromBrowse
SHELL32_GetIconOverlayManager
SHELL32_GetLinkInfoData
SHELL32_GetPlaceholderStatesFromFileAttributesAndReparsePointTag
SHELL32_GetRatingBucket
SHELL32_GetSkyDriveNetworkStates
SHELL32_GetSqmableFileName
SHELL32_GetThumbnailAdornerFromFactory
SHELL32_GetThumbnailAdornerFromFactory2
SHELL32_HandleUnrecognizedFileSystem
SHELL32_IconCacheCreate
SHELL32_IconCacheDestroy
SHELL32_IconCacheHandleAssociationChanged
SHELL32_IconCacheRestore
SHELL32_IconCache_AboutToExtractIcons
SHELL32_IconCache_DoneExtractingIcons
SHELL32_IconCache_ExpandEnvAndSearchPath
SHELL32_IconCache_RememberRecentlyExtractedIconsW
SHELL32_IconOverlayManagerInit
SHELL32_IsGetKeyboardLayoutPresent
SHELL32_IsSystemUpgradeInProgress
SHELL32_IsValidLinkInfo
SHELL32_LegacyEnumSpecialTasksByType
SHELL32_LegacyEnumTasks
SHELL32_LookupBackIconIndex
SHELL32_LookupFrontIconIndex
SHELL32_NormalizeRating
SHELL32_NotifyLinkTrackingServiceOfMove
SHELL32_PifMgr_CloseProperties
SHELL32_PifMgr_GetProperties
SHELL32_PifMgr_OpenProperties
SHELL32_PifMgr_SetProperties
SHELL32_Printers_CreateBindInfo
SHELL32_Printjob_GetPidl
SHELL32_PurgeSystemIcon
SHELL32_RefreshOverlayImages
SHELL32_ResolveLinkInfoW
SHELL32_SHAddSparseIcon
SHELL32_SHCreateByValueOperationInterrupt
SHELL32_SHCreateDefaultContextMenu
SHELL32_SHCreateLocalServer
SHELL32_SHCreateShellFolderView
SHELL32_SHDuplicateEncryptionInfoFile
SHELL32_SHEncryptFile
SHELL32_SHFormatDriveAsync
SHELL32_SHGetThreadUndoManager
SHELL32_SHGetUserNameW
SHELL32_SHIsVirtualDevice
SHELL32_SHLaunchPropSheet
SHELL32_SHLogILFromFSIL
SHELL32_SHOpenWithDialog
SHELL32_SHStartNetConnectionDialogW
SHELL32_SHUICommandFromGUID
SHELL32_SendToMenu_InvokeTargetedCommand
SHELL32_SendToMenu_VerifyTargetedCommand
SHELL32_SetPlaceholderReparsePointAttribute
SHELL32_SetPlaceholderReparsePointAttribute2
SHELL32_ShowHideIconOnlyOnDesktop
SHELL32_SimpleRatingToFilterCondition
SHELL32_StampIconForFile
SHELL32_SuspendUndo
SHELL32_TryVirtualDiscImageDriveEject
SHELL32_UpdateFilePlaceholderStates
SHELL32_VerifySaferTrust
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHEnableServiceObject
SHEnumerateUnreadMailAccountsW
SHEvaluateSystemCommandTemplate
SHExtractIconsW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFindFiles
SHFind_InitMenuPopup
SHFlushSFCache
SHFormatDrive
SHFree
SHFreeNameMappings
SHGetAttributesFromDataObject
SHGetDataFromIDListA
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceExW
SHGetDriveMedia
SHGetFileInfo
SHGetFileInfoA
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetFolderPathAndSubDirA
SHGetFolderPathAndSubDirW
SHGetFolderPathEx
SHGetFolderPathW
SHGetIDListFromObject
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetImageList
SHGetInstanceExplorer
SHGetItemFromDataObject
SHGetItemFromObject
SHGetKnownFolderIDList
SHGetKnownFolderItem
SHGetKnownFolderPath
SHGetLocalizedName
SHGetMalloc
SHGetNameFromIDList
SHGetNewLinkInfo
SHGetNewLinkInfoA
SHGetNewLinkInfoW
SHGetPathFromIDList
SHGetPathFromIDListA
SHGetPathFromIDListEx
SHGetPathFromIDListW
SHGetPropertyStoreForWindow
SHGetPropertyStoreFromIDList
SHGetPropertyStoreFromParsingName
SHGetRealIDL
SHGetSetFolderCustomSettings
SHGetSetSettings
SHGetSettings
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHGetStockIconInfo
SHGetTemporaryPropertyForItem
SHGetUnreadMailCountW
SHHandleUpdateImage
SHHelpShortcuts_RunDLL
SHHelpShortcuts_RunDLLA
SHHelpShortcuts_RunDLLW
SHILCreateFromPath
SHInvokePrinterCommandA
SHInvokePrinterCommandW
SHIsFileAvailableOffline
SHLimitInputEdit
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHMapPIDLToSystemImageListIndex
SHMultiFileProperties
SHObjectProperties
SHOpenFolderAndSelectItems
SHOpenPropSheetW
SHOpenWithDialog
SHParseDisplayName
SHPathPrepareForWriteA
SHPathPrepareForWriteW
SHPropStgCreate
SHPropStgReadMultiple
SHPropStgWriteMultiple
SHQueryRecycleBinA
SHQueryRecycleBinW
SHQueryUserNotificationState
SHRemoveLocalizedName
SHReplaceFromPropSheetExtArray
SHResolveLibrary
SHRestricted
SHSetDefaultProperties
SHSetFolderPathA
SHSetFolderPathW
SHSetInstanceExplorer
SHSetKnownFolderPath
SHSetLocalizedName
SHSetTemporaryPropertyForItem
SHSetUnreadMailCountW
SHShellFolderView_Message
SHShowManageLibraryUI
SHSimpleIDListFromPath
SHStartNetConnectionDialogW
SHTestTokenMembership
SHUpdateImageA
SHUpdateImageW
SHUpdateRecycleBinIcon
SHValidateUNC
SetCurrentProcessExplicitAppUserModelID
SheChangeDirA
SheChangeDirExW
SheGetDirA
SheSetCurDrive
ShellAboutA
ShellAboutW
ShellExec_RunDLL
ShellExec_RunDLLA
ShellExec_RunDLLW
ShellExecuteA
ShellExecuteEx
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
ShellHookProc
ShellMessageBoxA
ShellMessageBoxW
Shell_GetCachedImageIndex
Shell_GetCachedImageIndexA
Shell_GetCachedImageIndexW
Shell_GetImageLists
Shell_MergeMenus
Shell_NotifyIcon
Shell_NotifyIconA
Shell_NotifyIconGetRect
Shell_NotifyIconW
SignalFileOpen
StateRepoNewMenuCache_RebuildCacheAsync
StgMakeUniqueName
StrChrA
StrChrIA
StrChrIW
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrCmpNW
StrNCmpA
StrNCmpIA
StrNCmpIW
StrNCmpW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrA
StrRStrIA
StrRStrIW
StrRStrW
StrStrA
StrStrIA
StrStrIW
StrStrW
UsersLibrariesFolderUI_CreateInstance
WOWShellExecute
WaitForExplorerRestartW
Win32DeleteFile
WriteCabinetState

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

b90d1215a23cbfc37f9bec432d2d360e

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

oleaut32

kernel32

user32

ole32

advapi32

version

Sections

.text Size: 92KB - Virtual size: 91KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 39KB - Virtual size: 38KB

.reloc Size: 6KB - Virtual size: 6KB

Password: infected

20d446c1cb128febd23deb17efb67cf6

Headers

DLL Characteristics

File Characteristics

Imports

user32

comctl32

kernel32

advapi32

gdi32

Sections

.text Size: 167KB - Virtual size: 166KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 3KB - Virtual size: 12KB

.pdata Size: 9KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 188KB - Virtual size: 188KB

.reloc Size: 2KB - Virtual size: 1KB

Password: infected

b90d1215a23cbfc37f9bec432d2d360e

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

oleaut32

kernel32

user32

ole32

advapi32

version

Sections

.text Size: 92KB - Virtual size: 91KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 39KB - Virtual size: 38KB

.reloc Size: 6KB - Virtual size: 6KB

Password: infected

de41d4e0545d977de6ca665131bb479a

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

.text
Size: 92KB - Virtual size: 91KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 39KB - Virtual size: 38KB

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 167KB - Virtual size: 166KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 188KB - Virtual size: 188KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 92KB - Virtual size: 91KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 39KB - Virtual size: 38KB

.reloc
Size: 6KB - Virtual size: 6KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

21:00:7e:81:1d:66:63:b0:28:5d:a2:b1:d9:ae:4e:4d:d5:23:b0:23:e0:aa:ac:18:20:01:78:26:97:95:ae:92
Signer

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 2.7MB - Virtual size: 2.7MB

.pdata
Size: 512B - Virtual size: 408B

.00cfg
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 114KB - Virtual size: 113KB

.reloc
Size: 512B - Virtual size: 120B

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

96:26:00:a6:4e:04:e7:48:00:52:40:d0:6a:84:9c:3e:83:24:60:8b:1b:25:9c:fd:f8:e4:18:9b:2f:af:16:ce
Signer