f854f854e245409f17761886cfee88f4

Sharing

Copy URL Twitter E-mail

General

Target

f854f854e245409f17761886cfee88f4
Size

3.9MB
MD5

f854f854e245409f17761886cfee88f4
SHA1

700a4f83adf31cc9a677c660a6b3f86148e18403
SHA256

52e044cc83c14d2d1753156d919e3ed87d12dab57f41f797f886e56a591c7e31
SHA512

7f3884f178a7119159d755e8121c41ab3eaf7317e5f684c4ad08a80f3b3a0ed3d1f86c12b4d0759b96b0d1dcce6044e16448e59ddfb546b1ecc0cc2df99591c7
SSDEEP

98304:oWe7LYIkVvl0zWISzGZGzybkn2CeYvwCTFaaZe:E78VIWDy4n2HyaaU

Score

3^/10

Malware Config

Signatures

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup/ACCTRES.dll
unpack001/setup/WcnEapPeerProxy.dll
unpack001/setup/aaclient.dll
unpack001/setup/accessibilitycpl.dll
unpack001/setup/acledit.dll
unpack001/setup/acppage.dll
unpack001/setup/acproxy.dll
unpack001/setup/dswave.dll
unpack001/setup/encapi.dll
unpack001/setup/ifmon.dll
unpack001/setup/msacm32.drv
unpack001/setup/perfnet.dll
unpack001/setup/setup.exe
unpack001/setup/winrnr.dll

Files

f854f854e245409f17761886cfee88f4
.rar
Readme.txt
setup/ACCTRES.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setup/AcSignExt.dll
.dll windows:5 windows x86 arch:x86

25d70b94feb096e1234aa0374c7908b1

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:4d:a0:4b:d2:42:85:3c:4a:cb:9a:e8:61:c2:19:bb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

27/08/2009, 00:00

Not After

20/09/2012, 23:59

Subject

CN=Autodesk\, Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Design Solutions Group,O=Autodesk\, Inc,L=San Rafael,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathCanonicalizeW

mfc90u

ord265
ord811
ord266
ord286
ord799
ord2676
ord935
ord938
ord5867
ord813
ord5851
ord2694
ord600
ord296
ord801
ord2326
ord933
ord290

msvcr90

__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
wcscat_s
_get_tzname
_tzset
__CxxFrameHandler3
_wcsicmp
wcsrchr
wcscpy_s
wcsstr
wcsncpy_s
_CxxThrowException
memset
_wcslwr_s

kernel32

SystemTimeToTzSpecificLocalTime
GetVersion
HeapFree
GetProcessHeap
CloseHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
FileTimeToSystemTime
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
InterlockedDecrement
ReadFile
CreateFileW
FreeLibrary
SystemTimeToFileTime
LoadLibraryW

user32

SendMessageW
SetWindowLongW
LoadStringW
LoadIconW
GetDlgItem
SetDlgItemTextW
EnableWindow
SendDlgItemMessageW

shell32

DragQueryFileW

comctl32

CreatePropertySheetPageW
DestroyPropertySheetPage

ole32

CoCreateInstance
OleInitialize
ReleaseStgMedium
OleUninitialize

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/WcnEapPeerProxy.dll
.dll windows:6 windows x86 arch:x86

f3b1928fecc745b4aa51ace0baeb9b4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_except_handler4_common
memset
memcpy
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
free
_CxxThrowException
_callnewh
_onexit
_lock
__dllonexit
_unlock
__CxxFrameHandler3
??1type_info@@UAE@XZ
_amsg_exit
_initterm
_XcptFilter
malloc

ntdll

EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwTraceMessage
EtwEventRegister
EtwEventUnregister
EtwEventWrite

rpcrt4

NdrClientCall2
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcEpResolveBinding
RpcMgmtInqServerPrincNameW
UuidCreate
RpcExceptionFilter
RpcSmDestroyClientContext
RpcBindingFree
RpcStringFreeW
RpcBindingSetAuthInfoExW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-interlocked-l1-1-0

InterlockedExchange
InterlockedCompareExchange

api-ms-win-core-libraryloader-l1-1-0

DisableThreadLibraryCalls

api-ms-win-core-misc-l1-1-0

Sleep
LocalFree
LocalAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

Exports

Exports

EapPeerFreeErrorMemory
EapPeerFreeMemory
EapPeerGetInfo
EapPeerGetMethodProperties

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/aaclient.dll
.dll windows:6 windows x86 arch:x86

73e4ad2db9fc270a3666c8a0ef068077

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
ferror
_itoa
_snprintf
_iob
isleadbyte
__mb_cur_max
mbtowc
memcpy
_onexit
_lock
__dllonexit
_unlock
_amsg_exit
_initterm
_XcptFilter
_errno
__CxxFrameHandler
malloc
free
memset
??2@YAPAXI@Z
_purecall
??3@YAXPAX@Z
_ltow
_ultow
wcsrchr

ws2_32

htonl

mstscax

RegisterTransportExtDll

kernel32

InterlockedCompareExchange
UnregisterWaitEx
RegisterWaitForSingleObject
VerSetConditionMask
VerifyVersionInfoW
LoadLibraryExW
lstrlenW
GetProcessHeap
HeapAlloc
HeapFree
WideCharToMultiByte
GetComputerNameW
WaitForSingleObject
SetEvent
CreateEventW
GetModuleFileNameW
GetVersion
GetLastError
GetProcAddress
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
GetQueuedCompletionStatus
LeaveCriticalSection
EnterCriticalSection
PostQueuedCompletionStatus
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateThread
CreateIoCompletionPort
InterlockedPopEntrySList
InterlockedPushEntrySList
InitializeSListHead
LocalAlloc
Sleep
LocalFree
GetComputerNameExW
DelayLoadFailureHook
FreeLibrary
SetUnhandledExceptionFilter
LoadLibraryExA
InterlockedExchange
OutputDebugStringA
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

Exports

Exports

LoadClientAdapter
OpenKeyReader
OpenKeyReaderWriter
g_fnStartTransport

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/accessibilitycpl.dll
.dll regsvr32 windows:6 windows x86 arch:x86

1e5c1b1163ff73d791afe64d3a04e87d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_unlock
memmove_s
??1type_info@@UAE@XZ
__CxxFrameHandler3
_ltow_s
wcsrchr
wcscspn
wcsspn
_wcslwr_s
_vsnwprintf
free
wcschr
_vscwprintf
vswprintf_s
_itow_s
??_V@YAXPAX@Z
_wtoi
??_U@YAPAXI@Z
malloc
memset
wcsstr
_onexit
_lock
__dllonexit
memcpy_s
_except_handler4_common
_amsg_exit
_initterm
_XcptFilter
calloc
_wcsicmp

ntdll

WinSqmAddToStream
WinSqmIsOptedIn
WinSqmIncrementDWORD
WinSqmSetDWORD
EtwLogTraceEvent

kernel32

HeapReAlloc
CompareStringOrdinal
GetModuleFileNameW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
GetModuleHandleW
SizeofResource
RaiseException
DisableThreadLibraryCalls
LockResource
LoadResource
FindResourceW
FindResourceExW
GetLastError
HeapAlloc
GetProcessHeap
HeapFree
InterlockedIncrement
InterlockedDecrement
GetLocaleInfoW
GetUserDefaultLCID
GetAtomNameW
ExpandEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
GetProcAddress
LoadLibraryW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
WideCharToMultiByte
GetThreadUILanguage
GetFileAttributesW
DeleteFileW
IsProcessInJob
K32EnumProcesses
ProcessIdToSessionId
OpenProcess
K32EnumProcessModules
K32GetModuleBaseNameW
CloseHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
MultiByteToWideChar
InterlockedExchange
HeapSize
FreeLibrary
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection

advapi32

CheckTokenMembership
FreeSid
RegEnumKeyExW
RegGetValueW
RegLoadMUIStringW
EventWrite
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
EventUnregister
EventRegister
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
AllocateAndInitializeSid

shlwapi

ord278
ord637
ord158
ord496
ord199
ord176
ord256
ord437
ord493
ord156
ord618
ord494
ord24
ord514
SHStrDupW
ord219
ord204
ord174
ord172

shell32

ShellExecuteExW
SHParseDisplayName
SHBindToObject
ord155
ord18
ord25
SHGetStockIconInfo
ShellExecuteW

ole32

StringFromGUID2
CoGetObject
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

VariantClear
SysAllocString

user32

GetWindowLongW
DestroyWindow
KillTimer
UnregisterClassA
SendMessageTimeoutW
GetKeyState
SetTimer
DestroyIcon
LoadImageW
GetSystemMetrics
DefWindowProcW
SendMessageW
LoadStringW
SystemParametersInfoW
GetFocus
SendInput

dui70

?GetRoot@XProvider@DirectUI@@IAEPAVElement@2@XZ
?AddRef@XProvider@DirectUI@@UAGKXZ
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UAGJ_N@Z
?SetRegisteredDefaultButton@XProvider@DirectUI@@UAGJPAVElement@2@@Z
?ClickDefaultButton@XProvider@DirectUI@@UAGHXZ
?SetDefaultButtonTracking@XProvider@DirectUI@@UAGJ_N@Z
?ForceThemeChange@XProvider@DirectUI@@UAGJIJ@Z
?GetHostedElementID@XProvider@DirectUI@@UAGJPAG@Z
?FindElementWithShortcutAndDoDefaultAction@XProvider@DirectUI@@UAGHGH@Z
?CanSetFocus@XProvider@DirectUI@@UAGJPA_N@Z
?Navigate@XProvider@DirectUI@@UAGJHPA_N@Z
?SetFocus@XProvider@DirectUI@@UAGJPAVElement@2@@Z
?IsDescendent@XProvider@DirectUI@@UAGJPAVElement@2@PA_N@Z
?GetDesiredSize@XProvider@DirectUI@@UAGJHHPAUtagSIZE@@@Z
?SetParameter@XProvider@DirectUI@@UAGJABU_GUID@@PAX@Z
??1XProvider@DirectUI@@UAE@XZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SGPAUIClassInfo@2@XZ
?CreateDUI@XProvider@DirectUI@@UAGJPAVIXElementCP@2@PAPAUHWND__@@@Z
?SetHandleEnterKey@XProvider@DirectUI@@IAEX_N@Z
?Create@XResourceProvider@DirectUI@@SGJPAUHINSTANCE__@@PBG11PAPAV12@@Z
?Initialize@XProvider@DirectUI@@QAEJPAVElement@2@PAVIXProviderCP@2@@Z
?QueryInterface@XProvider@DirectUI@@UAGJABU_GUID@@PAPAX@Z
?GetContentString@Element@DirectUI@@QAEPBGPAPAVValue@2@@Z
?BackgroundProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?ForegroundProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?AddListener@Element@DirectUI@@QAEJPAUIElementListener@2@@Z
?RemoveListener@Element@DirectUI@@QAEXPAUIElementListener@2@@Z
??0IDataEngine@DirectUI@@QAE@XZ
??1IDataEngine@DirectUI@@UAE@XZ
??1IDataEntry@DirectUI@@UAE@XZ
??0IDataEntry@DirectUI@@QAE@XZ
?ClassProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?GetValue@Element@DirectUI@@QAEPAVValue@2@P6GPBUPropertyInfo@2@XZHPAUUpdateCache@2@@Z
?SetActive@Element@DirectUI@@QAEJH@Z
?Initialize@Element@DirectUI@@QAEJIPAV12@PAK@Z
?Destroy@Element@DirectUI@@QAEJ_N@Z
?GetFactoryLock@Element@DirectUI@@SGPAU_RTL_CRITICAL_SECTION@@XZ
?ClassExist@ClassInfoBase@DirectUI@@SG_NPAPAUIClassInfo@2@PBQBUPropertyInfo@2@IPAU32@PAUHINSTANCE__@@PBG_N@Z
?Register@ClassInfoBase@DirectUI@@QAEJXZ
?Initialize@ClassInfoBase@DirectUI@@QAEJPAUHINSTANCE__@@PBG_NPBQBUPropertyInfo@2@I@Z
??0XProvider@DirectUI@@QAE@XZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UBEXXZ
?GetChildren@ClassInfoBase@DirectUI@@UBEHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UAEXXZ
?AddChild@ClassInfoBase@DirectUI@@UAEXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UBE_NXZ
?GetModule@ClassInfoBase@DirectUI@@UBEPAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UBE_NPAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UBE_NPBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UBEPBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UBEIXZ
?GetPICount@ClassInfoBase@DirectUI@@UBEIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UAEHXZ
?AddRef@ClassInfoBase@DirectUI@@UAEXXZ
??0ClassInfoBase@DirectUI@@QAE@XZ
??1Element@DirectUI@@UAE@XZ
?HandleUiaEventListener@Element@DirectUI@@UAEXPAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ
?GetElementProviderImpl@Element@DirectUI@@UAEJPAVInvokeHelper@2@PAPAVElementProvider@2@@Z
?DefaultAction@Element@DirectUI@@UAEJXZ
?GetAccessibleImpl@Element@DirectUI@@UAEJPAPAUIAccessible@@@Z
?GetKeyFocused@Element@DirectUI@@UAE_NXZ
?RemoveTooltip@Element@DirectUI@@MAEXPAV12@@Z
?ActivateTooltip@Element@DirectUI@@MAEXPAV12@K@Z
?UpdateTooltip@Element@DirectUI@@MAEXPAV12@@Z
?OnUnHosted@Element@DirectUI@@MAEXPAV12@@Z
?OnHosted@Element@DirectUI@@MAEXPAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MAE?AUtagSIZE@@HHPAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MAEXHH@Z
?MessageCallback@Element@DirectUI@@UAEIPAUtagGMSG@@@Z
?SetKeyFocus@Element@DirectUI@@UAEXXZ
?EnsureVisible@Element@DirectUI@@UAE_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UAEPAV12@PAV12@HPBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UAEJPAPAV12@I@Z
?Insert@Element@DirectUI@@UAEJPAPAV12@II@Z
?Add@Element@DirectUI@@UAEJPAPAV12@I@Z
?GetContentSize@Element@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z
?Paint@Element@DirectUI@@UAEXPAUHDC__@@PBUtagRECT@@1PAU4@2@Z
?GetAtomZero@Value@DirectUI@@SGPAV12@XZ
?GetStringNull@Value@DirectUI@@SGPAV12@XZ
?GetString@Value@DirectUI@@QAEPBGXZ
?GetValue@Element@DirectUI@@QAEPAVValue@2@PBUPropertyInfo@2@HPAUUpdateCache@2@@Z
?GetClassInfoPtr@Element@DirectUI@@SGPAUIClassInfo@2@XZ
?QueryInterface@Element@DirectUI@@UAGJABU_GUID@@PAPAX@Z
?GetUnset@Value@DirectUI@@SGPAV12@XZ
??1CritSecLock@DirectUI@@QAE@XZ
??0CritSecLock@DirectUI@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
?Register@Element@DirectUI@@SGJXZ
?GetAtom@Value@DirectUI@@QAEGXZ
?Init@NavReference@DirectUI@@QAEXPAVElement@2@PAUtagRECT@@@Z
InitProcessPriv
UnInitProcessPriv
InitThread
??1ClassInfoBase@DirectUI@@UAE@XZ
?GetChildren@Element@DirectUI@@QAEPAV?$DynamicArray@PAVElement@DirectUI@@$0A@@2@PAPAVValue@2@@Z
?OnEvent@Element@DirectUI@@UAEXPAUEvent@2@@Z
?OnDestroy@Element@DirectUI@@UAEXXZ
?OnMouseFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnInput@Element@DirectUI@@UAEXPAUInputEvent@2@@Z
?OnGroupChanged@Element@DirectUI@@UAEXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UAEPBGPAPAVValue@2@@Z
?IsContentProtected@Element@DirectUI@@UAE_NXZ
?IsRTLReading@Element@DirectUI@@UAE_NXZ
??0Element@DirectUI@@QAE@XZ
?SetAccessible@Element@DirectUI@@QAEJ_N@Z
?SetWidth@Element@DirectUI@@QAEJH@Z
?SetShortcut@Element@DirectUI@@QAEJH@Z
GetElementDataEntry
UnInitThread
?Release@Value@DirectUI@@QAEXXZ
?SetContentString@Element@DirectUI@@QAEJPBG@Z
?SetSelection@Combobox@DirectUI@@QAEJH@Z
?AddString@Combobox@DirectUI@@QAEHPBG@Z
?GetClassInfoPtr@CCSysLink@DirectUI@@SGPAUIClassInfo@2@XZ
?GetClassInfoPtr@CCCheckBox@DirectUI@@SGPAUIClassInfo@2@XZ
?GetClassInfoPtr@ScrollViewer@DirectUI@@SGPAUIClassInfo@2@XZ
?GetClassInfoPtr@CCBase@DirectUI@@SGPAUIClassInfo@2@XZ
?GetClassInfoPtr@CCTrackBar@DirectUI@@SGPAUIClassInfo@2@XZ
?GetClassInfoPtr@Combobox@DirectUI@@SGPAUIClassInfo@2@XZ
?SetEnabled@Element@DirectUI@@QAEJ_N@Z
?SetLayoutPos@Element@DirectUI@@QAEJH@Z
?SetDataEngine@Repeater@DirectUI@@QAEXPAUIDataEngine@2@@Z
?SetSelected@Element@DirectUI@@QAEJ_N@Z
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
?Click@Button@DirectUI@@SG?AVUID@@XZ
?SelectionChange@Combobox@DirectUI@@SG?AVUID@@XZ
StrToID

dwmapi

DwmIsCompositionEnabled

slc

SLGetWindowsInformationDWORD

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/acledit.dll
.dll windows:6 windows x86 arch:x86

d8d1997437e1dc99916ac8cfbb458cac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter
memset

user32

MessageBoxW
LoadStringW

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
DisableThreadLibraryCalls
InterlockedExchange

Exports

Exports

DllMain
EditAuditInfo
EditOwnerInfo
EditPermissionInfo
FMExtensionProcW
SedDiscretionaryAclEditor
SedSystemAclEditor
SedTakeOwnership

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 330B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/acppage.dll
.dll regsvr32 windows:6 windows x86 arch:x86

6c18c9c9a548dcdd554eefb0c609c42e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memcpy
_wcsicmp
??_U@YAPAXI@Z
malloc
_wcsupr
_XcptFilter
_initterm
_amsg_exit
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
wcsstr
??3@YAXPAX@Z
??2@YAPAXI@Z
memset
_vsnwprintf
??_V@YAXPAX@Z
wcscat_s
wcsncpy_s
wcscpy_s
free

kernel32

ReleaseActCtx
CreateActCtxW
DeactivateActCtx
FreeLibrary
CreateDirectoryW
ActivateActCtx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
LoadLibraryW
GetProcAddress
GetModuleHandleW
RegCloseKey
RegOpenKeyExW
GetModuleFileNameW
RegQueryInfoKeyW
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
SetThreadLocale
GetThreadLocale
HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
CreateProcessW
ExpandEnvironmentStringsW
lstrcmpiA
RegQueryValueExW
DecodePointer
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
CheckElevationEnabled
EncodePointer
GetSystemDirectoryW
LocalFree
GetBinaryTypeW
GetVersionExA
InterlockedExchange

user32

EnableWindow
UnregisterClassA
SetWindowLongW
GetParent
SendMessageW
SendDlgItemMessageW
GetDlgItem
IsWindowEnabled
LoadStringA
GetWindowLongW
LoadStringW
InsertMenuW
SetProcessDPIAware
CharNextW
GetSystemMetrics

shlwapi

PathFindFileNameW
PathFindExtensionW
PathFileExistsW
StrCmpIW
ord16

shell32

DragQueryFileW
SHParseDisplayName
ord155
SHGetNameFromIDList
SHGetPathFromIDListW
SHChangeNotify

ole32

HWND_UserFree
HWND_UserUnmarshal
CoTaskMemFree
CoGetObject
CoInitializeEx
CoUninitialize
ReleaseStgMedium
CoCreateInstance
StringFromGUID2
CoCreateGuid
HWND_UserSize
HWND_UserMarshal

rpcrt4

CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrStubForwardingFunction
NdrStubCall2
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
NdrOleFree
NdrOleAllocate
CStdStubBuffer_Connect
IUnknown_AddRef_Proxy

oleaut32

LoadRegTypeLi
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
SysStringLen
RegisterTypeLi

sfc

SfcIsFileProtected

msi

ord173
ord201

ntdll

NtOpenThreadToken
NtOpenProcessToken
NtClose
NtQueryInformationToken
RtlStringFromGUID
RtlFreeUnicodeString

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wer

WerReportAddFile
WerReportCloseHandle
WerReportSubmit
WerReportSetParameter
WerReportCreate

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetExeFromLnk

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/acproxy.dll
.dll windows:6 windows x86 arch:x86

705fb4b7b95340a6ee8e7ae9aa55d341

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_except_handler4_common
_XcptFilter
_amsg_exit
_initterm
free
malloc

ntdll

WinSqmIsOptedInEx
RtlFreeHeap
RtlAllocateHeap

kernel32

TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentProcess
QueryPerformanceCounter
InterlockedCompareExchange
InterlockedExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThreadId
GetTickCount
Sleep
GetLastError
CloseHandle
ReadFile
CreateFileW
FindVolumeClose
DeleteFileW
GetDriveTypeW
FindNextVolumeW
FindFirstVolumeW

advapi32

RegisterEventSourceW
ReportEventW
DeregisterEventSource

ulib

??0DSTRING@@QAE@XZ
?UploadSqmFromFile@SQMEXPORT@@SGEPAX@Z
??1DSTRING@@UAE@XZ
??1HMEM@@UAE@XZ
??1OBJECT@@UAE@XZ
?Strcat@WSTRING@@QAEEPBV1@@Z
?Initialize@WSTRING@@QAEEPBGK@Z
?Initialize@WSTRING@@QAEEPBV1@KK@Z
?Resize@HMEM@@QAEEKK@Z
?Initialize@FSTRING@@QAEPAVWSTRING@@PAGK@Z
?Acquire@HMEM@@UAEPAXKK@Z
?Initialize@HMEM@@QAEEXZ
??0FSTRING@@QAE@XZ
??0HMEM@@QAE@XZ

Exports

Exports

PerformAutochkOperations

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/dswave.dll
.dll regsvr32 windows:6 windows x86 arch:x86

cb272776346f9c0e654205ba813469c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
free
malloc
_XcptFilter
memmove
_amsg_exit
memcpy
_purecall
wcstombs
__CxxFrameHandler3
??2@YAPAXI@Z
_except_handler4_common
memset
??3@YAXPAX@Z

kernel32

EnterCriticalSection
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedDecrement
InterlockedIncrement
GetVersionExA
DisableThreadLibraryCalls
lstrlenA
GetModuleFileNameA
DeleteCriticalSection
GlobalFree
GlobalHandle
GlobalUnlock
GlobalLock
GlobalAlloc
MultiByteToWideChar
LeaveCriticalSection
InterlockedCompareExchange
InitializeCriticalSection
InterlockedExchange
Sleep

advapi32

RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyA
RegCloseKey

msacm32

acmStreamPrepareHeader
acmStreamConvert
acmStreamSize
acmStreamUnprepareHeader
acmStreamClose
acmFormatSuggest
acmStreamOpen

ole32

StringFromCLSID
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/encapi.dll
.dll regsvr32 windows:6 windows x86 arch:x86

62cdbe2c3954e3719eeffffd40e09a55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
_vsnwprintf

kernel32

SetUnhandledExceptionFilter
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
CloseHandle
GetOverlappedResult
DeviceIoControl
GetLastError
CreateEventA
WaitForSingleObject
WaitForMultipleObjects
ResetEvent
GetVersionExW
DisableThreadLibraryCalls
InterlockedDecrement
InterlockedIncrement
FreeLibrary
InterlockedExchange
CreateEventW
GetProcAddress
GetModuleHandleW
GetCurrentThreadId
GetTickCount
CreateThread
lstrlenW
MultiByteToWideChar
lstrlenA
UnhandledExceptionFilter
GetCurrentProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetModuleFileNameA

advapi32

RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegSetValueW
RegCreateKeyW
RegOpenKeyExW

ole32

CoInitialize
CoFreeUnusedLibraries
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
IIDFromString

oleaut32

SysAllocString
SysStringLen
SysStringByteLen
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/ifmon.dll
.dll windows:6 windows x86 arch:x86

a3c8af5a6b820538a7533b1fe663357f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_XcptFilter
malloc
free
_amsg_exit
_except_handler4_common
_initterm
wcschr
_wcsicmp
memset

advapi32

RegGetValueW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
CloseHandle
GetCurrentProcess
DeviceIoControl
DisableThreadLibraryCalls
lstrcmpiW
InterlockedIncrement
GetProductInfo
GetVersionExW
HeapFree
GetProcessHeap
SetLastError
GetLastError
HeapAlloc
CompareStringW
DelayLoadFailureHook
GetProcAddress
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
Sleep
QueryPerformanceCounter
GetTickCount

mprapi

MprAdminMIBServerConnect
MprConfigGetGuidName
MprConfigInterfaceEnum
MprConfigGetFriendlyName
MprAdminInterfaceConnect
MprAdminInterfaceDisconnect
MprAdminServerConnect
MprAdminIsServiceRunning
MprConfigServerConnect
MprAdminMIBServerDisconnect
MprAdminServerDisconnect
MprConfigServerDisconnect
MprConfigBufferFree
MprConfigInterfaceGetInfo
MprConfigInterfaceGetHandle
MprAdminInterfaceSetInfo
MprAdminInterfaceGetInfo
MprAdminInterfaceGetHandle
MprConfigInterfaceSetInfo
MprAdminBufferFree

netsh.exe

PrintMessageFromModule
PrintError
RegisterContext
RegisterHelper
FreeString
MakeString
PrintMessage
MatchTagsInCmdLine
MatchEnumTag
MatchToken

ntdll

RtlNtStatusToDosError
RtlInitUnicodeString
RtlGUIDFromString
NtOpenFile

ole32

CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
CoInitialize
CoUninitialize

rpcrt4

UuidFromStringW

ws2_32

WSAStartup

setupapi

SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsW
SetupDiOpenDevRegKey
CM_Get_DevNode_Status_Ex
SetupDiDestroyDeviceInfoList
SetupDiChangeState
SetupDiGetClassDevsW

nci

NciSetConnectionName
NciGetConnectionName

iphlpapi

NhGetInterfaceNameFromGuid

Exports

Exports

InitHelperDll

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1010B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/msacm32.drv
.dll windows:6 windows x86 arch:x86

ad91f85cecfb43158503b22d2ca2c15f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
_XcptFilter
malloc
free
_initterm
_amsg_exit
_except_handler4_common
memcpy
memset

kernel32

InterlockedExchange
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
ReleaseMutex
WaitForSingleObject
GlobalFree
GlobalUnlock
GlobalHandle
InterlockedIncrement
GlobalLock
GlobalAlloc
CloseHandle
CreateThread
CreateEventW
GlobalReAlloc
ResetEvent
InterlockedCompareExchange
CreateMutexW
DisableThreadLibraryCalls
InterlockedDecrement
SetEvent
QueryPerformanceCounter

user32

GetDesktopWindow
SetMessageQueue
TranslateMessage
DispatchMessageW
LoadStringW
PostThreadMessageW
GetMessageW

winmm

DefDriverProc
waveOutMessage
waveOutGetPosition
DriverCallback
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveInMessage
waveInGetPosition
waveInAddBuffer
waveInUnprepareHeader
waveInPrepareHeader
waveInClose
waveOutWrite
waveInStart
waveOutReset
waveOutPause
waveInReset
waveInStop
waveOutGetDevCapsW
waveInGetDevCapsW
waveInGetNumDevs
waveOutGetNumDevs
waveInGetID
waveOutGetID
waveOutSetPlaybackRate
waveOutGetPlaybackRate
waveOutSetPitch
waveOutGetPitch
waveOutSetVolume
waveOutGetVolume
waveOutBreakLoop
waveOutRestart
waveInOpen

msacm32

acmGetVersion
acmStreamConvert
acmStreamUnprepareHeader
acmStreamSize
acmStreamPrepareHeader
acmMetrics
acmStreamClose
acmDriverEnum
acmFormatSuggest
acmDriverClose
acmDriverOpen
acmFormatTagDetailsW
acmStreamOpen

mmdevapi

ord5

Exports

Exports

DriverProc
widMessage
wodMessage

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/perfnet.dll
.dll windows:6 windows x86 arch:x86

48bdfc06cdd4d15328bab9fd74ed4d76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memset
memmove
_XcptFilter
malloc
free
_initterm
_amsg_exit
_except_handler4_common
_vsnwprintf

ntdll

RtlNtStatusToDosError
RtlFreeUnicodeString
NtClose
NtOpenFile
RtlAnsiStringToUnicodeString
RtlInitString
NtQuerySystemInformation
NtFsControlFile
RtlInitUnicodeString
RtlIntegerToUnicodeString
NtCreateFile

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
Sleep
InterlockedExchange
SetErrorMode
LoadLibraryW
FreeLibrary
GetProcAddress
GetLastError
lstrlenW
HeapFree
HeapAlloc
InterlockedCompareExchange
DisableThreadLibraryCalls
HeapCreate
HeapDestroy

advapi32

DeregisterEventSource
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegisterEventSourceW
ReportEventA

Exports

Exports

CloseNetSvcsObject
CollectNetSvcsObjectData
OpenNetSvcsObject

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 790B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/setup.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setup/winrnr.dll
.dll windows:6 windows x86 arch:x86

726629f61661d04b9c5bb3a2e07cb14b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter
wcschr
memset
memcpy

api-ms-win-core-libraryloader-l1-1-0

LoadLibraryExA
FreeLibrary
GetProcAddress
DisableThreadLibraryCalls

kernel32

LocalFree
LocalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
SetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
DelayLoadFailureHook
GetLastError
InterlockedCompareExchange
InterlockedExchange
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess

Exports

Exports

InstallNTDSProvider
NSPStartup
RemoveNTDSProvider

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 38KB - Virtual size: 37KB

25d70b94feb096e1234aa0374c7908b1

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

23:4d:a0:4b:d2:42:85:3c:4a:cb:9a:e8:61:c2:19:bbCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

mfc90u

msvcr90

kernel32

user32

shell32

comctl32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

f3b1928fecc745b4aa51ace0baeb9b4c

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

rpcrt4

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

73e4ad2db9fc270a3666c8a0ef068077

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ws2_32

mstscax

kernel32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 111KB

.data Size: 2KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

1e5c1b1163ff73d791afe64d3a04e87d

.rsrc
Size: 38KB - Virtual size: 37KB

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

23:4d:a0:4b:d2:42:85:3c:4a:cb:9a:e8:61:c2:19:bb
Certificate

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 112KB - Virtual size: 111KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 110KB - Virtual size: 109KB

.data
Size: 1KB - Virtual size: 12KB

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 16KB - Virtual size: 16KB

.text
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 852B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 330B

.text
Size: 35KB - Virtual size: 35KB

.orpc
Size: 512B - Virtual size: 184B

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB