installerV2[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

installerV2.rar
Size

121.9MB
MD5

82ab5b4a18a092cca8ae7c2ae1118e93
SHA1

d68470cd405e8e19390323a7b786ed9e31cb965c
SHA256

dd4969ec0f6c148d29f36fea730fa05edfa33bc510fdbe9afb9624e1d746412c
SHA512

37d757752040f59a7870a8b289165e12cada2ed1559c72a68c703118e8185dd54b5060a04a3af629d41fb9357ec7eec2e0448ced6a7c6475d48313744a363fa0
SSDEEP

3145728:kmY243QsJ8So41ZXzmN1VRAHoR7vWbnWHE41DoC//Z:/Yd3QsGJ4vzmrVR7enWkCcC5

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/installerV2/Set-up.exe
unpack001/installerV2/packages/Config/libcef.dll
unpack001/installerV2/packages/Data/libcef.dll
unpack001/installerV2/packages/INFO/libcef.dll
unpack001/installerV2/packages/cash/libcef.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/installerV2/Set-up.exe	nsis_installer_1
static1/unpack001/installerV2/Set-up.exe	nsis_installer_2

Files

installerV2.rar
.rar
installerV2/Set-up.exe
.exe windows:4 windows x86 arch:x86

Password: 2023

ced282d9b261d1462772017fe2f6972b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
RegOpenKeyExA
RegEnumValueA

shell32

SHGetFileInfoA
SHFileOperationA
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation
SHBrowseForFolderA

ole32

IIDFromString
OleInitialize
OleUninitialize
CoCreateInstance
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

SetClipboardData
CharPrevA
CallWindowProcA
PeekMessageA
DispatchMessageA
MessageBoxIndirectA
GetDlgItemTextA
SetDlgItemTextA
GetSystemMetrics
CreatePopupMenu
AppendMenuA
TrackPopupMenu
FillRect
EmptyClipboard
LoadCursorA
GetMessagePos
CheckDlgButton
GetSysColor
SetCursor
GetWindowLongA
SetClassLongA
SetWindowPos
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassA
ScreenToClient
EndDialog
GetClassInfoA
SystemParametersInfoA
CreateWindowExA
ExitWindowsEx
DialogBoxParamA
CharNextA
SetTimer
DestroyWindow
CreateDialogParamA
SetForegroundWindow
SetWindowTextA
PostQuitMessage
SendMessageTimeoutA
ShowWindow
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
GetDC
SetWindowLongA
LoadImageA
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageA
DefWindowProcA
DrawTextA
GetClientRect
EndPaint
IsWindowVisible
CloseClipboard
OpenClipboard

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetProcAddress
GetSystemDirectoryA
WideCharToMultiByte
MoveFileExA
ReadFile
GetTempFileNameA
WriteFile
RemoveDirectoryA
CreateProcessA
CreateFileA
GetLastError
CreateThread
CreateDirectoryA
GlobalUnlock
GetDiskFreeSpaceA
GlobalLock
SetErrorMode
GetVersion
lstrcpynA
GetCommandLineA
GetTempPathA
lstrlenA
SetEnvironmentVariableA
ExitProcess
GetWindowsDirectoryA
GetCurrentProcess
GetModuleFileNameA
CopyFileA
GetTickCount
Sleep
GetFileSize
GetFileAttributesA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetShortPathNameA
MoveFileA
CompareFileTime
SetFileTime
SearchPathA
lstrcmpiA
lstrcmpA
CloseHandle
GlobalFree
GlobalAlloc
ExpandEnvironmentStringsA
LoadLibraryExA
FreeLibrary
lstrcpyA
lstrcatA
FindClose
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
SetFilePointer
GetModuleHandleA
FindNextFileA
FindFirstFileA
DeleteFileA
MulDiv

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
installerV2/dllhelper64.dll
.dll windows:5 windows x64 arch:x64

Password: 2023

c8820c92458429ac52b291ca51bad0e4

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:55:db:cf:a2:75:1e:85:ba:b8:2f:2a:ea:1c:f2:e8
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/04/2020, 00:00

Not After

16/06/2023, 12:00

Subject

SERIALNUMBER=1962832,CN=International Media Ltd,O=International Media Ltd,ST=Tortola,C=VG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025647

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:d6:da:1a:da:8f:d6:b3:69:a2:ea:e1:6a:07:31:ef
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/04/2020, 00:00

Not After

16/06/2023, 12:00

Subject

SERIALNUMBER=1962832,CN=International Media Ltd,O=International Media Ltd,ST=Tortola,C=VG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025647

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:c2:ef:fc:08:27:a1:fb:4b:f8:58:8b:3e:f5:7e:3c:b5:71:4e:26:20:7b:ed:13:a8:4a:0f:30:7b:4b:50:94
Signer

Actual PE Digest

24:c2:ef:fc:08:27:a1:fb:4b:f8:58:8b:3e:f5:7e:3c:b5:71:4e:26:20:7b:ed:13:a8:4a:0f:30:7b:4b:50:94

Digest Algorithm

sha256

PE Digest Matches

true

37:3f:c6:23:c3:cf:ff:ba:35:17:70:cb:48:f8:d5:ed:57:d9:b5:83
Signer

Actual PE Digest

37:3f:c6:23:c3:cf:ff:ba:35:17:70:cb:48:f8:d5:ed:57:d9:b5:83

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
RtlUnwindEx
GetACP
CloseHandle
LocalFree
TlsAlloc
GetTickCount
OpenFileMappingW
VirtualFree
GetStartupInfoW
ExitProcess
InitializeCriticalSection
VirtualAlloc
RtlUnwind
GetCPInfo
GetCommandLineW
GetSystemInfo
GetProcAddress
LeaveCriticalSection
EnumSystemLocalesW
GetStdHandle
GetVersionExW
VerifyVersionInfoW
GetModuleHandleW
FreeLibrary
GetDiskFreeSpaceW
VerSetConditionMask
GetUserDefaultUILanguage
FindFirstFileW
TlsFree
GetModuleFileNameW
GetLastError
lstrlenW
CompareStringA
CompareStringW
CreateThread
WideCharToMultiByte
MapViewOfFile
MultiByteToWideChar
FindClose
LoadLibraryW
LoadLibraryA
ResetEvent
SetEvent
GetLocaleInfoW
GetVersion
RaiseException
SwitchToThread
GetLocalTime
WaitForSingleObject
WriteFile
DeleteCriticalSection
TlsGetValue
IsValidLocale
TlsSetValue
LoadLibraryExW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
CreateEventW
GetThreadLocale
Sleep
SetThreadLocale

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CallNextHookEx
CharUpperBuffW
CharNextW
CharLowerBuffW
SetWindowsHookExW
UnhookWindowsHookEx
LoadStringW
CharUpperW
GetSystemMetrics
MessageBoxW

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

Exports

Exports

StartHook
StopHook

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 41KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 153B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
installerV2/packages/ApplicationInfo.xml
.xml
installerV2/packages/Config/cef.pak
.js
installerV2/packages/Config/cef_100_percent.pak
.js
installerV2/packages/Config/data_0
installerV2/packages/Config/data_1
installerV2/packages/Config/data_2
installerV2/packages/Config/data_3
installerV2/packages/Config/index
installerV2/packages/Config/libcef.dll
.dll windows:5 windows x86 arch:x86

Password: 2023

193a1d2ffd1996a30078d785f256ce6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
OpenTraceW
ProcessTrace
CloseTrace
LookupAccountNameW
ConvertSidToStringSidA
ConvertSidToStringSidW
CreateWellKnownSid
EqualSid
GetAce
SetSecurityDescriptorDacl
SetEntriesInAclW
LogonUserW
GetUserNameW
GetSecurityInfo
SetThreadToken
LookupPrivilegeValueW
DuplicateTokenEx
DuplicateToken
CreateRestrictedToken
CopySid
RegDisablePredefinedCache
ConvertStringSidToSidW
SetSecurityInfo
SetTokenInformation
SetKernelObjectSecurity
GetSecurityDescriptorSacl
GetLengthSid
GetKernelObjectSecurity
RevertToSelf
ImpersonateAnonymousToken
CryptGenRandom
CryptAcquireContextW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptSetHashParam
CryptReleaseContext
RegQueryValueExA
RegOpenKeyExA
EventWrite
EventRegister
EventUnregister
StartTraceW
ControlTraceW
RegNotifyChangeKeyValue
RegEnumValueW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CreateProcessAsUserW
SystemFunction036
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
ImpersonateNamedPipeClient

gdi32

ExtCreatePen
WidenPath
StrokePath
StrokeAndFillPath
SetMiterLimit
SelectClipPath
FillPath
EndPath
CloseFigure
BeginPath
SetPolyFillMode
LineTo
GetObjectType
GetClipBox
CreatePen
CreateFontA
EnumFontFamiliesExA
GetCharWidthW
CreateFontIndirectA
SaveDC
RestoreDC
IntersectClipRect
SetEnhMetaFileBits
PlayEnhMetaFileRecord
PlayEnhMetaFile
GetEnhMetaFileHeader
MoveToEx
StretchDIBits
ExtEscape
GetTextFaceA
GetWorldTransform
StretchBlt
GetDIBits
GetRgnBox
EqualRgn
CreateRectRgn
CombineRgn
SetDIBitsToDevice
CreateCompatibleBitmap
EnumEnhMetaFile
PtInRegion
EndPage
StartPage
GetClipRgn
EndDoc
StartDocW
CancelDC
SwapBuffers
SetPixelFormat
ChoosePixelFormat
SetRectRgn
DeleteEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileBits
PolyBezierTo
CloseEnhMetaFile
GetStockObject
ModifyWorldTransform
SetMapMode
GetTextExtentPoint32W
SetDIBits
CreateBitmap
GetRegionData
GetICMProfileW
CreateDCW
GetDeviceCaps
AddFontMemResourceEx
GetFontUnicodeRanges
GdiFlush
GetTextExtentPointI
GetGlyphIndicesW
GetCharABCWidthsW
GetGlyphOutlineW
RemoveFontMemResourceEx
GetOutlineTextMetricsW
SetTextAlign
ExtTextOutW
SetBrushOrgEx
BitBlt
CreateDIBSection
GdiAlphaBlend
SetBkMode
SetArcDirection
SetDCBrushColor
SetStretchBltMode
SetROP2
GetCurrentObject
SetDCPenColor
SetWorldTransform
SetGraphicsMode
CreateRectRgnIndirect
SelectClipRgn
SetAbortProc
SetTextColor
SetBkColor
GetBkColor
CreateSolidBrush
CreateFontIndirectW
DeleteObject
SelectObject
GetTextMetricsW
EnumFontFamiliesExW
CreateCompatibleDC
DeleteDC
CreateFontW
GetFontData
GetObjectW
GetTextFaceW
GdiComment

kernel32

WaitForSingleObject
Sleep
GetConsoleCP
GetFileType
GetStdHandle
DuplicateHandle
ConnectNamedPipe
LocalFree
WaitNamedPipeW
CreateNamedPipeW
GetCurrentProcessId
GetModuleFileNameW
QueryInformationJobObject
IsProcessInJob
ResumeThread
GetCurrentProcess
GetLongPathNameW
CloseHandle
WriteFile
ReadFile
FlushFileBuffers
CreateFileW
GetModuleHandleW
LoadLibraryA
RegisterWaitForSingleObject
UnregisterWaitEx
GetCurrentThreadId
LoadLibraryExW
GetProcAddress
ExpandEnvironmentStringsW
ResetEvent
WaitForMultipleObjects
CreateEventW
SetEvent
SetLastError
GetLastError
ReleaseSRWLockExclusive
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ExitProcess
GetNumaHighestNodeNumber
GetConsoleMode
ExitThread
GetModuleFileNameA
ReadConsoleW
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
HeapQueryInformation
UnregisterWait
GetOEMCP
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
InterlockedPopEntrySList
LCMapStringW
CompareStringW
GetStringTypeW
EncodePointer
GetSystemDirectoryA
GetWindowsDirectoryA
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
DeleteFileW
MultiByteToWideChar
RaiseException
SleepEx
QueueUserAPC
CreateThread
SetThreadPriority
SetFilePointerEx
GetModuleHandleA
FormatMessageA
FreeLibrary
DecodePointer
InitializeCriticalSectionAndSpinCount
LoadResource
SizeofResource
FindResourceW
lstrcmpiW
PowerCreateRequest
PowerSetRequest
PowerClearRequest
DeviceIoControl
GetOverlappedResult
CancelIo
CreateFileA
GetSystemPowerStatus
WriteConsoleW
GetComputerNameW
GetSystemTimeAsFileTime
InterlockedPushEntrySList
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
LoadLibraryExA
GetStartupInfoW
ReleaseMutex
CreateMutexW
GetUserDefaultUILanguage
lstrcmpiA
GetEnvironmentVariableA
DisconnectNamedPipe
GetFileInformationByHandleEx
SetNamedPipeHandleState
TransactNamedPipe
GetVersion
GetVolumeInformationW
GetSystemDirectoryW
FormatMessageW
VirtualAlloc
VirtualFree
AttachConsole
GetCPInfo
FlushInstructionCache
FreeLibraryAndExitThread
InterlockedFlushSList
GetCommandLineW
WideCharToMultiByte
QueryDepthSList
CreateTimerQueue
RtlUnwind
IsValidCodePage
SetStdHandle
SuspendThread
GetThreadContext
OpenThread
TlsGetValue
TlsSetValue
TlsAlloc
SwitchToThread
IsWow64Process
GetSystemTime
EnumSystemLocalesEx
GetUserDefaultLCID
GetUserDefaultLangID
TryEnterCriticalSection
OpenProcess
HeapCreate
HeapDestroy
OutputDebugStringA
GetLocalTime
GetCurrentDirectoryW
GetTickCount
GetFileSizeEx
SetFileTime
LockFile
SetEndOfFile
GetFileInformationByHandle
UnlockFile
QueryThreadCycleTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
GetCurrentThread
QueryPerformanceFrequency
GetThreadPriority
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
CreateDirectoryW
QueryDosDeviceW
RemoveDirectoryW
GetTempPathW
GetVolumePathNameW
GetFileAttributesW
UnmapViewOfFile
SetFileAttributesW
GetLogicalDriveStringsW
GetFileAttributesExW
SetCurrentDirectoryW
MoveFileExW
ReplaceFileW
CopyFileW
CreateFileMappingW
MapViewOfFile
MoveFileW
VirtualQuery
PeekNamedPipe
GetThreadId
IsDebuggerPresent
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
LoadLibraryW
GetModuleHandleExA
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
HeapSetInformation
SetPriorityClass
TerminateProcess
GetPriorityClass
GetExitCodeProcess
GetProcessId
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetVersionExW
GetNativeSystemInfo
SetInformationJobObject
SetHandleInformation
AssignProcessToJobObject
CreateProcessW
AllocConsole
SetEnvironmentVariableW
GetEnvironmentVariableW
FindFirstFileExW
FindNextFileW
FindClose
FindFirstChangeNotificationW
FindCloseChangeNotification
lstrlenW
FlushViewOfFile
GetSystemInfo
GetProcessTimes
VirtualQueryEx
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetModuleHandleExW
HeapLock
HeapWalk
HeapUnlock
TlsFree
GetWindowsDirectoryW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
LockResource
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
InitOnceExecuteOnce
GetLocaleInfoEx
GetNumberFormatEx
GetCurrencyFormatEx
ResolveLocaleName
GetTimeZoneInformation
GetTimeFormatEx
GetDateFormatEx
GetUserDefaultLocaleName
GetGeoInfoW
GetUserGeoID
GlobalFree
SetFilePointer
GetComputerNameExW
FindFirstFileW
ReleaseSemaphore
CreateSemaphoreW
GetProcessAffinityMask
InitializeCriticalSectionEx
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableCS
WaitForSingleObjectEx
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
GetPrivateProfileStringW
GetThreadTimes
QueryUnbiasedInterruptTime
GetProcessHeap
GetFileSize
LockFileEx
HeapCompact
DeleteFileA
OutputDebugStringW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
GetFullPathNameA
GetDiskFreeSpaceW
GetFullPathNameW
AreFileApisANSI
LocalAlloc
SetThreadAffinityMask
CreateSemaphoreA
VirtualAllocEx
TerminateJobObject
WriteProcessMemory
ProcessIdToSessionId
GetProcessHandleCount
GetProcessHeaps
SignalObjectAndWait
VirtualProtectEx
ReadProcessMemory
VirtualFreeEx
CreateJobObjectW
CreateRemoteThread
DebugBreak
SearchPathW
ClearCommBreak
ClearCommError
EscapeCommFunction
GetCommModemStatus
GetCommState
PurgeComm
SetCommBreak
SetCommMask
SetCommState
SetCommTimeouts
WaitCommEvent
GetDriveTypeW
GetThreadLocale
GetSystemDefaultLCID
SetProcessShutdownParameters
SetConsoleCtrlHandler
Module32FirstW
Module32NextW
VirtualProtect
GetTempFileNameA
GetACP
GetLocaleInfoW
LocaleNameToLCID
SetErrorMode
FindFirstFileExA
FindNextFileA

ole32

CLSIDFromString
StringFromGUID2
OleInitialize
CoInitialize
CoCreateGuid
OleUninitialize
ReleaseStgMedium
OleDuplicateData
RevokeDragDrop
DoDragDrop
CoUninitialize
CoTaskMemRealloc
RegisterDragDrop
CoAllowSetForegroundWindow
CreateStreamOnHGlobal
GetHGlobalFromStream
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
CoTaskMemFree
PropVariantClear

oleaut32

VariantInit
SysFreeString
VarUI4FromStr
LoadTypeLi
VariantClear
SysAllocString
SysStringLen
LoadRegTypeLi

psapi

GetPerformanceInfo
QueryWorkingSetEx
GetMappedFileNameW
GetProcessMemoryInfo
QueryWorkingSet
GetModuleInformation
EnumProcessModules

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteA
SHGetFileInfoW
SHOpenFolderAndSelectItems
SHChangeNotify
SHOpenWithDialog
DragQueryFileW
ShellExecuteW
ord680
SHGetKnownFolderPath
CommandLineToArgvW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetDesktopFolder
SHGetPropertyStoreForWindow
ShellExecuteExW

shlwapi

AssocQueryStringW
PathMatchSpecW
ord437
PathFindExtensionW
PathFindFileNameW
PathRemoveExtensionW

user32

MapVirtualKeyW
GetMenu
GetClientRect
AdjustWindowRectEx
SendMessageW
GetActiveWindow
SendInput
FindWindowW
GetTopWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CreateDialogParamW
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
EnableWindow
IsWindowEnabled
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
IsDialogMessageW
DrawEdge
GetMenuState
GetSystemMenu
CreatePopupMenu
DestroyMenu
GetSubMenu
GetMenuItemCount
TrackPopupMenu
GetMenuInfo
SetMenuInfo
EndMenu
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextExW
GetSysColor
FillRect
ValidateRect
SetPropW
PostQuitMessage
KillTimer
TranslateMessage
GetQueueStatus
MsgWaitForMultipleObjectsEx
PeekMessageW
SetTimer
DispatchMessageW
MonitorFromPoint
MonitorFromWindow
EnumDisplayMonitors
EnumDisplaySettingsW
LoadImageW
DrawIconEx
CreateIconIndirect
GetIconInfo
IsRectEmpty
GetClassNameW
PtInRect
OpenClipboard
CloseClipboard
GetClipboardSequenceNumber
SetClipboardData
GetClipboardData
RegisterClipboardFormatW
EmptyClipboard
IsClipboardFormatAvailable
GetLastInputInfo
LoadIconW
OpenInputDesktop
CloseDesktop
GetMessageTime
GetMessageExtraInfo
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
SetKeyboardState
SetCapture
ReleaseCapture
SetCursor
CloseWindowStation
CreateDesktopW
GetThreadDesktop
CreateWindowStationW
SetProcessWindowStation
GetProcessWindowStation
PostThreadMessageW
GetCaretBlinkTime
ShowCursor
SetCursorPos
SetRectEmpty
GetMessagePos
FlashWindowEx
GetWindowPlacement
SetWindowPlacement
IsIconic
GetFocus
CloseTouchInputHandle
EnableMenuItem
SetMenuDefaultItem
SetForegroundWindow
GetWindowDC
SetWindowRgn
GetWindowRgn
RedrawWindow
OffsetRect
EnumChildWindows
GetGuiResources
GetCursorInfo
DrawFrameControl
GetSysColorBrush
DrawFocusRect
FrameRect
InvertRect
InflateRect
GetRawInputDeviceInfoW
GetRawInputDeviceList
PrintWindow
GetLayeredWindowAttributes
EnumWindows
EnumDisplaySettingsExW
BringWindowToTop
SetThreadDesktop
MessageBeep
LoadCursorW
DestroyIcon
GetDC
ReleaseDC
GetSystemMetrics
GetDoubleClickTime
GetAsyncKeyState
GetCursorPos
ClientToScreen
ScreenToClient
GetRawInputData
GetClassLongW
ExitWindowsEx
UnregisterHotKey
RegisterHotKey
GetMessageW
SetCaretPos
MessageBoxW
EnumDisplayDevicesW
SetWindowLongW
GetWindowLongW
MapWindowPoints
SystemParametersInfoW
GetKeyState
DestroyWindow
CreateWindowExW
DestroyCaret
CreateCaret
GetKeyboardLayoutList
RegisterClassExW
UnregisterClassW
DefWindowProcW
UnregisterDeviceNotification
RegisterDeviceNotificationW
DefRawInputProc
CharNextW
NotifyWinEvent
GetWindowThreadProcessId
TrackMouseEvent
CallWindowProcW
GetClassInfoExW
IsWindow
RegisterRawInputDevices
ShowWindow
SetWindowPos
RegisterTouchWindow
GetCapture
BeginPaint
EndPaint
GetPropW
RemovePropW
WindowFromPoint
GetDesktopWindow
GetParent
SetParent
IsZoomed
GetWindowRect
ClipCursor
PostMessageW
IsWindowVisible
SetFocus
EnumThreadWindows
GetWindow
GetAncestor
UpdateLayeredWindow
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
GetForegroundWindow
RegisterClassW
MoveWindow
MessageBoxA
IntersectRect
IsChild
GetUserObjectInformationW
GetKeyboardLayoutNameW
InvalidateRect
MonitorFromRect
GetMonitorInfoW

winmm

timeEndPeriod
timeBeginPeriod
midiOutGetNumDevs
midiOutGetDevCapsW
midiOutOpen
midiOutClose
timeGetTime
waveOutReset
waveOutRestart
midiOutPrepareHeader
midiOutUnprepareHeader
midiOutShortMsg
waveOutPause
midiInReset
midiInStart
midiInAddBuffer
midiInUnprepareHeader
midiInPrepareHeader
midiInClose
midiInOpen
midiInGetDevCapsW
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveInGetNumDevs
waveOutGetNumDevs
midiInGetNumDevs
midiOutReset
midiOutLongMsg

ws2_32

WSAResetEvent
WSASendTo
WSAStartup
WSARecvFrom
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
accept
listen
recv
recvfrom
WSAIoctl
WSAGetLastError
WSALookupServiceBeginW
WSASetEvent
send
WSAWaitForMultipleEvents
getsockopt
getsockname
WSALookupServiceNextW
WSALookupServiceEnd
WSASocketW
getaddrinfo
freeaddrinfo
getpeername
htonl
htons
ntohl
ntohs
socket
WSASetServiceW
WSAEnumNameSpaceProvidersW
WSCEnumProtocols
WSCGetProviderPath
setsockopt
WSASend
sendto
connect
closesocket
bind
gethostname
shutdown
ioctlsocket

netapi32

NetUserGetInfo
NetApiBufferFree

comctl32

InitCommonControlsEx

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

wintrust

CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminAcquireContext

hid

HidD_GetAttributes
HidD_GetPreparsedData
HidD_FreePreparsedData
HidD_GetProductString
HidD_GetSerialNumberString
HidP_GetCaps
HidP_GetValueCaps
HidP_GetButtonCaps

chrome_elf

InjectDumpForHungInput_ExportThunk
InjectDumpForHungInputNoCrashKeys_ExportThunk
RequestSingleCrashUpload_ExportThunk
GetCrashReports_ExportThunk
SignalChromeElf
SignalInitializeCrashReporting

comdlg32

GetOpenFileNameW
PrintDlgExW
GetSaveFileNameW
ChooseColorW

dbghelp

SymGetLineFromAddr64
SymGetSearchPathW
SymInitialize
SymFromAddr
SymSetOptions
SymSetSearchPathW

usp10

ScriptFreeCache
ScriptItemize
ScriptShape
ScriptStringAnalyse
ScriptStringFree
ScriptStringOut

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

cryptui

CryptUIDlgViewCertificateW
CryptUIDlgCertMgr

dwmapi

DwmExtendFrameIntoClientArea
DwmSetWindowAttribute
DwmGetWindowAttribute
DwmGetCompositionTimingInfo
DwmIsCompositionEnabled
DwmDefWindowProc

crypt32

CertOpenSystemStoreW
CertFindChainInStore
CertCompareCertificateName
CryptVerifyCertificateSignatureEx
CryptAcquireCertificatePrivateKey
CryptDecodeObjectEx
CryptInstallOIDFunctionAddress
CertGetIssuerCertificateFromStore
CertDuplicateCertificateContext
CertFindExtension
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertGetIntendedKeyUsage
CertCreateCertificateChainEngine
CertVerifyTimeValidity
CertAddCertificateContextToStore
CryptMsgClose
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CryptQueryObject
CryptUnprotectData
CryptProtectData
CertAddEncodedCertificateToStore
CertGetCertificateContextProperty
CertSetCertificateContextProperty
CertCloseStore
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertOpenStore

dhcpcsvc

DhcpRequestParams
DhcpCApiInitialize

iphlpapi

FreeMibTable
IpRenewAddress
IpReleaseAddress
GetInterfaceInfo
CancelIPChangeNotify
NotifyAddrChange
GetAdaptersAddresses
GetIfTable2

ncrypt

NCryptSignHash
NCryptFreeObject

secur32

GetUserNameExW
QuerySecurityPackageInfoW
FreeContextBuffer
DeleteSecurityContext
InitializeSecurityContextW
FreeCredentialsHandle
AcquireCredentialsHandleW
AcquireCredentialsHandleA
CompleteAuthToken
InitializeSecurityContextA

urlmon

CoInternetCreateSecurityManager

winhttp

WinHttpConnect
WinHttpGetProxyForUrl
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpReadData
WinHttpWriteData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpReceiveResponse

dwrite

DWriteCreateFactory

d3d9

Direct3DCreate9Ex

d3d11

D3D11CreateDevice

dxva2

DXVA2CreateDirect3DDeviceManager9
DXVA2CreateVideoService

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

dxgi

CreateDXGIFactory1

winspool.drv

ClosePrinter
OpenPrinterW
EnumPrintersW
DeviceCapabilitiesW
ord203
GetPrinterW
GetPrinterDriverW
DocumentPropertiesW

imm32

ImmAssociateContextEx
ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW
ImmGetConversionStatus
ImmSetConversionStatus
ImmSetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow

Exports

Exports

GetHandleVerifier
IsSandboxedProcess
RelaunchChromeBrowserWithNewCommandLineIfNeeded
cef_add_cross_origin_whitelist_entry
cef_api_hash
cef_base64decode
cef_base64encode
cef_begin_tracing
cef_binary_value_create
cef_browser_host_create_browser
cef_browser_host_create_browser_sync
cef_browser_view_create
cef_browser_view_get_for_browser
cef_clear_cross_origin_whitelist
cef_clear_scheme_handler_factories
cef_command_line_create
cef_command_line_get_global
cef_cookie_manager_create_manager
cef_cookie_manager_get_global_manager
cef_crash_reporting_enabled
cef_create_context_shared
cef_create_directory
cef_create_new_temp_directory
cef_create_temp_directory_in_directory
cef_create_url
cef_currently_on
cef_delete_file
cef_dictionary_value_create
cef_directory_exists
cef_display_get_alls
cef_display_get_count
cef_display_get_matching_bounds
cef_display_get_nearest_point
cef_display_get_primary
cef_do_message_loop_work
cef_drag_data_create
cef_enable_highdpi_support
cef_end_tracing
cef_execute_java_script_with_user_gesture_for_tests
cef_execute_process
cef_format_url_for_security_display
cef_get_current_platform_thread_handle
cef_get_current_platform_thread_id
cef_get_extensions_for_mime_type
cef_get_geolocation
cef_get_mime_type
cef_get_min_log_level
cef_get_path
cef_get_temp_directory
cef_get_vlog_level
cef_image_create
cef_initialize
cef_is_cert_status_error
cef_is_cert_status_minor_error
cef_is_web_plugin_unstable
cef_label_button_create
cef_launch_process
cef_list_value_create
cef_load_crlsets_file
cef_log
cef_menu_button_create
cef_menu_model_create
cef_now_from_system_trace_time
cef_panel_create
cef_parse_json
cef_parse_jsonand_return_error
cef_parse_url
cef_post_data_create
cef_post_data_element_create
cef_post_delayed_task
cef_post_task
cef_print_settings_create
cef_process_message_create
cef_quit_message_loop
cef_refresh_web_plugins
cef_register_extension
cef_register_scheme_handler_factory
cef_register_web_plugin_crash
cef_register_widevine_cdm
cef_remove_cross_origin_whitelist_entry
cef_request_context_create_context
cef_request_context_get_global_context
cef_request_create
cef_resource_bundle_get_global
cef_response_create
cef_run_message_loop
cef_scroll_view_create
cef_server_create
cef_set_crash_key_value
cef_set_osmodal_loop
cef_shutdown
cef_stream_reader_create_for_data
cef_stream_reader_create_for_file
cef_stream_reader_create_for_handler
cef_stream_writer_create_for_file
cef_stream_writer_create_for_handler
cef_string_ascii_to_utf16
cef_string_ascii_to_wide
cef_string_list_alloc
cef_string_list_append
cef_string_list_clear
cef_string_list_copy
cef_string_list_free
cef_string_list_size
cef_string_list_value
cef_string_map_alloc
cef_string_map_append
cef_string_map_clear
cef_string_map_find
cef_string_map_free
cef_string_map_key
cef_string_map_size
cef_string_map_value
cef_string_multimap_alloc
cef_string_multimap_append
cef_string_multimap_clear
cef_string_multimap_enumerate
cef_string_multimap_find_count
cef_string_multimap_free
cef_string_multimap_key
cef_string_multimap_size
cef_string_multimap_value
cef_string_userfree_utf16_alloc
cef_string_userfree_utf16_free
cef_string_userfree_utf8_alloc
cef_string_userfree_utf8_free
cef_string_userfree_wide_alloc
cef_string_userfree_wide_free
cef_string_utf16_clear
cef_string_utf16_cmp
cef_string_utf16_set
cef_string_utf16_to_lower
cef_string_utf16_to_upper
cef_string_utf16_to_utf8
cef_string_utf16_to_wide
cef_string_utf8_clear
cef_string_utf8_cmp
cef_string_utf8_set
cef_string_utf8_to_utf16
cef_string_utf8_to_wide
cef_string_wide_clear
cef_string_wide_cmp
cef_string_wide_set
cef_string_wide_to_utf16
cef_string_wide_to_utf8
cef_task_runner_get_for_current_thread
cef_task_runner_get_for_thread
cef_textfield_create
cef_thread_create
cef_time_delta
cef_time_from_doublet
cef_time_from_timet
cef_time_now
cef_time_to_doublet
cef_time_to_timet
cef_trace_counter
cef_trace_counter_id
cef_trace_event_async_begin
cef_trace_event_async_end
cef_trace_event_async_step_into
cef_trace_event_async_step_past
cef_trace_event_begin
cef_trace_event_end
cef_trace_event_instant
cef_translator_test_create
cef_translator_test_ref_ptr_library_child_child_create
cef_translator_test_ref_ptr_library_child_create
cef_translator_test_ref_ptr_library_create
cef_translator_test_scoped_library_child_child_create
cef_translator_test_scoped_library_child_create
cef_translator_test_scoped_library_create
cef_unregister_internal_web_plugin
cef_uridecode
cef_uriencode
cef_urlrequest_create
cef_v8context_get_current_context
cef_v8context_get_entered_context
cef_v8context_in_context
cef_v8stack_trace_get_current
cef_v8value_create_array
cef_v8value_create_bool
cef_v8value_create_date
cef_v8value_create_double
cef_v8value_create_function
cef_v8value_create_int
cef_v8value_create_null
cef_v8value_create_object
cef_v8value_create_string
cef_v8value_create_uint
cef_v8value_create_undefined
cef_value_create
cef_version_info
cef_visit_web_plugin_info
cef_waitable_event_create
cef_window_create_top_level
cef_write_json
cef_xml_reader_create
cef_zip_directory
cef_zip_reader_create

Sections

.text
Size: 54.2MB - Virtual size: 54.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_text32
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 286KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
installerV2/packages/Data/cef.pak
.js
installerV2/packages/Data/cef_100_percent.pak
.js
installerV2/packages/Data/data_0
installerV2/packages/Data/data_1
installerV2/packages/Data/data_2
installerV2/packages/Data/data_3
installerV2/packages/Data/index
installerV2/packages/Data/libcef.dll
.dll windows:5 windows x86 arch:x86

Password: 2023

193a1d2ffd1996a30078d785f256ce6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
OpenTraceW
ProcessTrace
CloseTrace
LookupAccountNameW
ConvertSidToStringSidA
ConvertSidToStringSidW
CreateWellKnownSid
EqualSid
GetAce
SetSecurityDescriptorDacl
SetEntriesInAclW
LogonUserW
GetUserNameW
GetSecurityInfo
SetThreadToken
LookupPrivilegeValueW
DuplicateTokenEx
DuplicateToken
CreateRestrictedToken
CopySid
RegDisablePredefinedCache
ConvertStringSidToSidW
SetSecurityInfo
SetTokenInformation
SetKernelObjectSecurity
GetSecurityDescriptorSacl
GetLengthSid
GetKernelObjectSecurity
RevertToSelf
ImpersonateAnonymousToken
CryptGenRandom
CryptAcquireContextW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptSetHashParam
CryptReleaseContext
RegQueryValueExA
RegOpenKeyExA
EventWrite
EventRegister
EventUnregister
StartTraceW
ControlTraceW
RegNotifyChangeKeyValue
RegEnumValueW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CreateProcessAsUserW
SystemFunction036
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
ImpersonateNamedPipeClient

gdi32

ExtCreatePen
WidenPath
StrokePath
StrokeAndFillPath
SetMiterLimit
SelectClipPath
FillPath
EndPath
CloseFigure
BeginPath
SetPolyFillMode
LineTo
GetObjectType
GetClipBox
CreatePen
CreateFontA
EnumFontFamiliesExA
GetCharWidthW
CreateFontIndirectA
SaveDC
RestoreDC
IntersectClipRect
SetEnhMetaFileBits
PlayEnhMetaFileRecord
PlayEnhMetaFile
GetEnhMetaFileHeader
MoveToEx
StretchDIBits
ExtEscape
GetTextFaceA
GetWorldTransform
StretchBlt
GetDIBits
GetRgnBox
EqualRgn
CreateRectRgn
CombineRgn
SetDIBitsToDevice
CreateCompatibleBitmap
EnumEnhMetaFile
PtInRegion
EndPage
StartPage
GetClipRgn
EndDoc
StartDocW
CancelDC
SwapBuffers
SetPixelFormat
ChoosePixelFormat
SetRectRgn
DeleteEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileBits
PolyBezierTo
CloseEnhMetaFile
GetStockObject
ModifyWorldTransform
SetMapMode
GetTextExtentPoint32W
SetDIBits
CreateBitmap
GetRegionData
GetICMProfileW
CreateDCW
GetDeviceCaps
AddFontMemResourceEx
GetFontUnicodeRanges
GdiFlush
GetTextExtentPointI
GetGlyphIndicesW
GetCharABCWidthsW
GetGlyphOutlineW
RemoveFontMemResourceEx
GetOutlineTextMetricsW
SetTextAlign
ExtTextOutW
SetBrushOrgEx
BitBlt
CreateDIBSection
GdiAlphaBlend
SetBkMode
SetArcDirection
SetDCBrushColor
SetStretchBltMode
SetROP2
GetCurrentObject
SetDCPenColor
SetWorldTransform
SetGraphicsMode
CreateRectRgnIndirect
SelectClipRgn
SetAbortProc
SetTextColor
SetBkColor
GetBkColor
CreateSolidBrush
CreateFontIndirectW
DeleteObject
SelectObject
GetTextMetricsW
EnumFontFamiliesExW
CreateCompatibleDC
DeleteDC
CreateFontW
GetFontData
GetObjectW
GetTextFaceW
GdiComment

kernel32

WaitForSingleObject
Sleep
GetConsoleCP
GetFileType
GetStdHandle
DuplicateHandle
ConnectNamedPipe
LocalFree
WaitNamedPipeW
CreateNamedPipeW
GetCurrentProcessId
GetModuleFileNameW
QueryInformationJobObject
IsProcessInJob
ResumeThread
GetCurrentProcess
GetLongPathNameW
CloseHandle
WriteFile
ReadFile
FlushFileBuffers
CreateFileW
GetModuleHandleW
LoadLibraryA
RegisterWaitForSingleObject
UnregisterWaitEx
GetCurrentThreadId
LoadLibraryExW
GetProcAddress
ExpandEnvironmentStringsW
ResetEvent
WaitForMultipleObjects
CreateEventW
SetEvent
SetLastError
GetLastError
ReleaseSRWLockExclusive
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ExitProcess
GetNumaHighestNodeNumber
GetConsoleMode
ExitThread
GetModuleFileNameA
ReadConsoleW
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
HeapQueryInformation
UnregisterWait
GetOEMCP
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
InterlockedPopEntrySList
LCMapStringW
CompareStringW
GetStringTypeW
EncodePointer
GetSystemDirectoryA
GetWindowsDirectoryA
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
DeleteFileW
MultiByteToWideChar
RaiseException
SleepEx
QueueUserAPC
CreateThread
SetThreadPriority
SetFilePointerEx
GetModuleHandleA
FormatMessageA
FreeLibrary
DecodePointer
InitializeCriticalSectionAndSpinCount
LoadResource
SizeofResource
FindResourceW
lstrcmpiW
PowerCreateRequest
PowerSetRequest
PowerClearRequest
DeviceIoControl
GetOverlappedResult
CancelIo
CreateFileA
GetSystemPowerStatus
WriteConsoleW
GetComputerNameW
GetSystemTimeAsFileTime
InterlockedPushEntrySList
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
LoadLibraryExA
GetStartupInfoW
ReleaseMutex
CreateMutexW
GetUserDefaultUILanguage
lstrcmpiA
GetEnvironmentVariableA
DisconnectNamedPipe
GetFileInformationByHandleEx
SetNamedPipeHandleState
TransactNamedPipe
GetVersion
GetVolumeInformationW
GetSystemDirectoryW
FormatMessageW
VirtualAlloc
VirtualFree
AttachConsole
GetCPInfo
FlushInstructionCache
FreeLibraryAndExitThread
InterlockedFlushSList
GetCommandLineW
WideCharToMultiByte
QueryDepthSList
CreateTimerQueue
RtlUnwind
IsValidCodePage
SetStdHandle
SuspendThread
GetThreadContext
OpenThread
TlsGetValue
TlsSetValue
TlsAlloc
SwitchToThread
IsWow64Process
GetSystemTime
EnumSystemLocalesEx
GetUserDefaultLCID
GetUserDefaultLangID
TryEnterCriticalSection
OpenProcess
HeapCreate
HeapDestroy
OutputDebugStringA
GetLocalTime
GetCurrentDirectoryW
GetTickCount
GetFileSizeEx
SetFileTime
LockFile
SetEndOfFile
GetFileInformationByHandle
UnlockFile
QueryThreadCycleTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
GetCurrentThread
QueryPerformanceFrequency
GetThreadPriority
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
CreateDirectoryW
QueryDosDeviceW
RemoveDirectoryW
GetTempPathW
GetVolumePathNameW
GetFileAttributesW
UnmapViewOfFile
SetFileAttributesW
GetLogicalDriveStringsW
GetFileAttributesExW
SetCurrentDirectoryW
MoveFileExW
ReplaceFileW
CopyFileW
CreateFileMappingW
MapViewOfFile
MoveFileW
VirtualQuery
PeekNamedPipe
GetThreadId
IsDebuggerPresent
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
LoadLibraryW
GetModuleHandleExA
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
HeapSetInformation
SetPriorityClass
TerminateProcess
GetPriorityClass
GetExitCodeProcess
GetProcessId
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetVersionExW
GetNativeSystemInfo
SetInformationJobObject
SetHandleInformation
AssignProcessToJobObject
CreateProcessW
AllocConsole
SetEnvironmentVariableW
GetEnvironmentVariableW
FindFirstFileExW
FindNextFileW
FindClose
FindFirstChangeNotificationW
FindCloseChangeNotification
lstrlenW
FlushViewOfFile
GetSystemInfo
GetProcessTimes
VirtualQueryEx
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetModuleHandleExW
HeapLock
HeapWalk
HeapUnlock
TlsFree
GetWindowsDirectoryW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
LockResource
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
InitOnceExecuteOnce
GetLocaleInfoEx
GetNumberFormatEx
GetCurrencyFormatEx
ResolveLocaleName
GetTimeZoneInformation
GetTimeFormatEx
GetDateFormatEx
GetUserDefaultLocaleName
GetGeoInfoW
GetUserGeoID
GlobalFree
SetFilePointer
GetComputerNameExW
FindFirstFileW
ReleaseSemaphore
CreateSemaphoreW
GetProcessAffinityMask
InitializeCriticalSectionEx
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableCS
WaitForSingleObjectEx
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
GetPrivateProfileStringW
GetThreadTimes
QueryUnbiasedInterruptTime
GetProcessHeap
GetFileSize
LockFileEx
HeapCompact
DeleteFileA
OutputDebugStringW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
GetFullPathNameA
GetDiskFreeSpaceW
GetFullPathNameW
AreFileApisANSI
LocalAlloc
SetThreadAffinityMask
CreateSemaphoreA
VirtualAllocEx
TerminateJobObject
WriteProcessMemory
ProcessIdToSessionId
GetProcessHandleCount
GetProcessHeaps
SignalObjectAndWait
VirtualProtectEx
ReadProcessMemory
VirtualFreeEx
CreateJobObjectW
CreateRemoteThread
DebugBreak
SearchPathW
ClearCommBreak
ClearCommError
EscapeCommFunction
GetCommModemStatus
GetCommState
PurgeComm
SetCommBreak
SetCommMask
SetCommState
SetCommTimeouts
WaitCommEvent
GetDriveTypeW
GetThreadLocale
GetSystemDefaultLCID
SetProcessShutdownParameters
SetConsoleCtrlHandler
Module32FirstW
Module32NextW
VirtualProtect
GetTempFileNameA
GetACP
GetLocaleInfoW
LocaleNameToLCID
SetErrorMode
FindFirstFileExA
FindNextFileA

ole32

CLSIDFromString
StringFromGUID2
OleInitialize
CoInitialize
CoCreateGuid
OleUninitialize
ReleaseStgMedium
OleDuplicateData
RevokeDragDrop
DoDragDrop
CoUninitialize
CoTaskMemRealloc
RegisterDragDrop
CoAllowSetForegroundWindow
CreateStreamOnHGlobal
GetHGlobalFromStream
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
CoTaskMemFree
PropVariantClear

oleaut32

VariantInit
SysFreeString
VarUI4FromStr
LoadTypeLi
VariantClear
SysAllocString
SysStringLen
LoadRegTypeLi

psapi

GetPerformanceInfo
QueryWorkingSetEx
GetMappedFileNameW
GetProcessMemoryInfo
QueryWorkingSet
GetModuleInformation
EnumProcessModules

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteA
SHGetFileInfoW
SHOpenFolderAndSelectItems
SHChangeNotify
SHOpenWithDialog
DragQueryFileW
ShellExecuteW
ord680
SHGetKnownFolderPath
CommandLineToArgvW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetDesktopFolder
SHGetPropertyStoreForWindow
ShellExecuteExW

shlwapi

AssocQueryStringW
PathMatchSpecW
ord437
PathFindExtensionW
PathFindFileNameW
PathRemoveExtensionW

user32

MapVirtualKeyW
GetMenu
GetClientRect
AdjustWindowRectEx
SendMessageW
GetActiveWindow
SendInput
FindWindowW
GetTopWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CreateDialogParamW
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
EnableWindow
IsWindowEnabled
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
IsDialogMessageW
DrawEdge
GetMenuState
GetSystemMenu
CreatePopupMenu
DestroyMenu
GetSubMenu
GetMenuItemCount
TrackPopupMenu
GetMenuInfo
SetMenuInfo
EndMenu
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextExW
GetSysColor
FillRect
ValidateRect
SetPropW
PostQuitMessage
KillTimer
TranslateMessage
GetQueueStatus
MsgWaitForMultipleObjectsEx
PeekMessageW
SetTimer
DispatchMessageW
MonitorFromPoint
MonitorFromWindow
EnumDisplayMonitors
EnumDisplaySettingsW
LoadImageW
DrawIconEx
CreateIconIndirect
GetIconInfo
IsRectEmpty
GetClassNameW
PtInRect
OpenClipboard
CloseClipboard
GetClipboardSequenceNumber
SetClipboardData
GetClipboardData
RegisterClipboardFormatW
EmptyClipboard
IsClipboardFormatAvailable
GetLastInputInfo
LoadIconW
OpenInputDesktop
CloseDesktop
GetMessageTime
GetMessageExtraInfo
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
SetKeyboardState
SetCapture
ReleaseCapture
SetCursor
CloseWindowStation
CreateDesktopW
GetThreadDesktop
CreateWindowStationW
SetProcessWindowStation
GetProcessWindowStation
PostThreadMessageW
GetCaretBlinkTime
ShowCursor
SetCursorPos
SetRectEmpty
GetMessagePos
FlashWindowEx
GetWindowPlacement
SetWindowPlacement
IsIconic
GetFocus
CloseTouchInputHandle
EnableMenuItem
SetMenuDefaultItem
SetForegroundWindow
GetWindowDC
SetWindowRgn
GetWindowRgn
RedrawWindow
OffsetRect
EnumChildWindows
GetGuiResources
GetCursorInfo
DrawFrameControl
GetSysColorBrush
DrawFocusRect
FrameRect
InvertRect
InflateRect
GetRawInputDeviceInfoW
GetRawInputDeviceList
PrintWindow
GetLayeredWindowAttributes
EnumWindows
EnumDisplaySettingsExW
BringWindowToTop
SetThreadDesktop
MessageBeep
LoadCursorW
DestroyIcon
GetDC
ReleaseDC
GetSystemMetrics
GetDoubleClickTime
GetAsyncKeyState
GetCursorPos
ClientToScreen
ScreenToClient
GetRawInputData
GetClassLongW
ExitWindowsEx
UnregisterHotKey
RegisterHotKey
GetMessageW
SetCaretPos
MessageBoxW
EnumDisplayDevicesW
SetWindowLongW
GetWindowLongW
MapWindowPoints
SystemParametersInfoW
GetKeyState
DestroyWindow
CreateWindowExW
DestroyCaret
CreateCaret
GetKeyboardLayoutList
RegisterClassExW
UnregisterClassW
DefWindowProcW
UnregisterDeviceNotification
RegisterDeviceNotificationW
DefRawInputProc
CharNextW
NotifyWinEvent
GetWindowThreadProcessId
TrackMouseEvent
CallWindowProcW
GetClassInfoExW
IsWindow
RegisterRawInputDevices
ShowWindow
SetWindowPos
RegisterTouchWindow
GetCapture
BeginPaint
EndPaint
GetPropW
RemovePropW
WindowFromPoint
GetDesktopWindow
GetParent
SetParent
IsZoomed
GetWindowRect
ClipCursor
PostMessageW
IsWindowVisible
SetFocus
EnumThreadWindows
GetWindow
GetAncestor
UpdateLayeredWindow
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
GetForegroundWindow
RegisterClassW
MoveWindow
MessageBoxA
IntersectRect
IsChild
GetUserObjectInformationW
GetKeyboardLayoutNameW
InvalidateRect
MonitorFromRect
GetMonitorInfoW

winmm

timeEndPeriod
timeBeginPeriod
midiOutGetNumDevs
midiOutGetDevCapsW
midiOutOpen
midiOutClose
timeGetTime
waveOutReset
waveOutRestart
midiOutPrepareHeader
midiOutUnprepareHeader
midiOutShortMsg
waveOutPause
midiInReset
midiInStart
midiInAddBuffer
midiInUnprepareHeader
midiInPrepareHeader
midiInClose
midiInOpen
midiInGetDevCapsW
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveInGetNumDevs
waveOutGetNumDevs
midiInGetNumDevs
midiOutReset
midiOutLongMsg

ws2_32

WSAResetEvent
WSASendTo
WSAStartup
WSARecvFrom
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
accept
listen
recv
recvfrom
WSAIoctl
WSAGetLastError
WSALookupServiceBeginW
WSASetEvent
send
WSAWaitForMultipleEvents
getsockopt
getsockname
WSALookupServiceNextW
WSALookupServiceEnd
WSASocketW
getaddrinfo
freeaddrinfo
getpeername
htonl
htons
ntohl
ntohs
socket
WSASetServiceW
WSAEnumNameSpaceProvidersW
WSCEnumProtocols
WSCGetProviderPath
setsockopt
WSASend
sendto
connect
closesocket
bind
gethostname
shutdown
ioctlsocket

netapi32

NetUserGetInfo
NetApiBufferFree

comctl32

InitCommonControlsEx

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

wintrust

CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminAcquireContext

hid

HidD_GetAttributes
HidD_GetPreparsedData
HidD_FreePreparsedData
HidD_GetProductString
HidD_GetSerialNumberString
HidP_GetCaps
HidP_GetValueCaps
HidP_GetButtonCaps

chrome_elf

InjectDumpForHungInput_ExportThunk
InjectDumpForHungInputNoCrashKeys_ExportThunk
RequestSingleCrashUpload_ExportThunk
GetCrashReports_ExportThunk
SignalChromeElf
SignalInitializeCrashReporting

comdlg32

GetOpenFileNameW
PrintDlgExW
GetSaveFileNameW
ChooseColorW

dbghelp

SymGetLineFromAddr64
SymGetSearchPathW
SymInitialize
SymFromAddr
SymSetOptions
SymSetSearchPathW

usp10

ScriptFreeCache
ScriptItemize
ScriptShape
ScriptStringAnalyse
ScriptStringFree
ScriptStringOut

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

cryptui

CryptUIDlgViewCertificateW
CryptUIDlgCertMgr

dwmapi

DwmExtendFrameIntoClientArea
DwmSetWindowAttribute
DwmGetWindowAttribute
DwmGetCompositionTimingInfo
DwmIsCompositionEnabled
DwmDefWindowProc

crypt32

CertOpenSystemStoreW
CertFindChainInStore
CertCompareCertificateName
CryptVerifyCertificateSignatureEx
CryptAcquireCertificatePrivateKey
CryptDecodeObjectEx
CryptInstallOIDFunctionAddress
CertGetIssuerCertificateFromStore
CertDuplicateCertificateContext
CertFindExtension
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertGetIntendedKeyUsage
CertCreateCertificateChainEngine
CertVerifyTimeValidity
CertAddCertificateContextToStore
CryptMsgClose
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CryptQueryObject
CryptUnprotectData
CryptProtectData
CertAddEncodedCertificateToStore
CertGetCertificateContextProperty
CertSetCertificateContextProperty
CertCloseStore
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertOpenStore

dhcpcsvc

DhcpRequestParams
DhcpCApiInitialize

iphlpapi

FreeMibTable
IpRenewAddress
IpReleaseAddress
GetInterfaceInfo
CancelIPChangeNotify
NotifyAddrChange
GetAdaptersAddresses
GetIfTable2

ncrypt

NCryptSignHash
NCryptFreeObject

secur32

GetUserNameExW
QuerySecurityPackageInfoW
FreeContextBuffer
DeleteSecurityContext
InitializeSecurityContextW
FreeCredentialsHandle
AcquireCredentialsHandleW
AcquireCredentialsHandleA
CompleteAuthToken
InitializeSecurityContextA

urlmon

CoInternetCreateSecurityManager

winhttp

WinHttpConnect
WinHttpGetProxyForUrl
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpReadData
WinHttpWriteData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpReceiveResponse

dwrite

DWriteCreateFactory

d3d9

Direct3DCreate9Ex

d3d11

D3D11CreateDevice

dxva2

DXVA2CreateDirect3DDeviceManager9
DXVA2CreateVideoService

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

dxgi

CreateDXGIFactory1

winspool.drv

ClosePrinter
OpenPrinterW
EnumPrintersW
DeviceCapabilitiesW
ord203
GetPrinterW
GetPrinterDriverW
DocumentPropertiesW

imm32

ImmAssociateContextEx
ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW
ImmGetConversionStatus
ImmSetConversionStatus
ImmSetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow

Exports

Exports

GetHandleVerifier
IsSandboxedProcess
RelaunchChromeBrowserWithNewCommandLineIfNeeded
cef_add_cross_origin_whitelist_entry
cef_api_hash
cef_base64decode
cef_base64encode
cef_begin_tracing
cef_binary_value_create
cef_browser_host_create_browser
cef_browser_host_create_browser_sync
cef_browser_view_create
cef_browser_view_get_for_browser
cef_clear_cross_origin_whitelist
cef_clear_scheme_handler_factories
cef_command_line_create
cef_command_line_get_global
cef_cookie_manager_create_manager
cef_cookie_manager_get_global_manager
cef_crash_reporting_enabled
cef_create_context_shared
cef_create_directory
cef_create_new_temp_directory
cef_create_temp_directory_in_directory
cef_create_url
cef_currently_on
cef_delete_file
cef_dictionary_value_create
cef_directory_exists
cef_display_get_alls
cef_display_get_count
cef_display_get_matching_bounds
cef_display_get_nearest_point
cef_display_get_primary
cef_do_message_loop_work
cef_drag_data_create
cef_enable_highdpi_support
cef_end_tracing
cef_execute_java_script_with_user_gesture_for_tests
cef_execute_process
cef_format_url_for_security_display
cef_get_current_platform_thread_handle
cef_get_current_platform_thread_id
cef_get_extensions_for_mime_type
cef_get_geolocation
cef_get_mime_type
cef_get_min_log_level
cef_get_path
cef_get_temp_directory
cef_get_vlog_level
cef_image_create
cef_initialize
cef_is_cert_status_error
cef_is_cert_status_minor_error
cef_is_web_plugin_unstable
cef_label_button_create
cef_launch_process
cef_list_value_create
cef_load_crlsets_file
cef_log
cef_menu_button_create
cef_menu_model_create
cef_now_from_system_trace_time
cef_panel_create
cef_parse_json
cef_parse_jsonand_return_error
cef_parse_url
cef_post_data_create
cef_post_data_element_create
cef_post_delayed_task
cef_post_task
cef_print_settings_create
cef_process_message_create
cef_quit_message_loop
cef_refresh_web_plugins
cef_register_extension
cef_register_scheme_handler_factory
cef_register_web_plugin_crash
cef_register_widevine_cdm
cef_remove_cross_origin_whitelist_entry
cef_request_context_create_context
cef_request_context_get_global_context
cef_request_create
cef_resource_bundle_get_global
cef_response_create
cef_run_message_loop
cef_scroll_view_create
cef_server_create
cef_set_crash_key_value
cef_set_osmodal_loop
cef_shutdown
cef_stream_reader_create_for_data
cef_stream_reader_create_for_file
cef_stream_reader_create_for_handler
cef_stream_writer_create_for_file
cef_stream_writer_create_for_handler
cef_string_ascii_to_utf16
cef_string_ascii_to_wide
cef_string_list_alloc
cef_string_list_append
cef_string_list_clear
cef_string_list_copy
cef_string_list_free
cef_string_list_size
cef_string_list_value
cef_string_map_alloc
cef_string_map_append
cef_string_map_clear
cef_string_map_find
cef_string_map_free
cef_string_map_key
cef_string_map_size
cef_string_map_value
cef_string_multimap_alloc
cef_string_multimap_append
cef_string_multimap_clear
cef_string_multimap_enumerate
cef_string_multimap_find_count
cef_string_multimap_free
cef_string_multimap_key
cef_string_multimap_size
cef_string_multimap_value
cef_string_userfree_utf16_alloc
cef_string_userfree_utf16_free
cef_string_userfree_utf8_alloc
cef_string_userfree_utf8_free
cef_string_userfree_wide_alloc
cef_string_userfree_wide_free
cef_string_utf16_clear
cef_string_utf16_cmp
cef_string_utf16_set
cef_string_utf16_to_lower
cef_string_utf16_to_upper
cef_string_utf16_to_utf8
cef_string_utf16_to_wide
cef_string_utf8_clear
cef_string_utf8_cmp
cef_string_utf8_set
cef_string_utf8_to_utf16
cef_string_utf8_to_wide
cef_string_wide_clear
cef_string_wide_cmp
cef_string_wide_set
cef_string_wide_to_utf16
cef_string_wide_to_utf8
cef_task_runner_get_for_current_thread
cef_task_runner_get_for_thread
cef_textfield_create
cef_thread_create
cef_time_delta
cef_time_from_doublet
cef_time_from_timet
cef_time_now
cef_time_to_doublet
cef_time_to_timet
cef_trace_counter
cef_trace_counter_id
cef_trace_event_async_begin
cef_trace_event_async_end
cef_trace_event_async_step_into
cef_trace_event_async_step_past
cef_trace_event_begin
cef_trace_event_end
cef_trace_event_instant
cef_translator_test_create
cef_translator_test_ref_ptr_library_child_child_create
cef_translator_test_ref_ptr_library_child_create
cef_translator_test_ref_ptr_library_create
cef_translator_test_scoped_library_child_child_create
cef_translator_test_scoped_library_child_create
cef_translator_test_scoped_library_create
cef_unregister_internal_web_plugin
cef_uridecode
cef_uriencode
cef_urlrequest_create
cef_v8context_get_current_context
cef_v8context_get_entered_context
cef_v8context_in_context
cef_v8stack_trace_get_current
cef_v8value_create_array
cef_v8value_create_bool
cef_v8value_create_date
cef_v8value_create_double
cef_v8value_create_function
cef_v8value_create_int
cef_v8value_create_null
cef_v8value_create_object
cef_v8value_create_string
cef_v8value_create_uint
cef_v8value_create_undefined
cef_value_create
cef_version_info
cef_visit_web_plugin_info
cef_waitable_event_create
cef_window_create_top_level
cef_write_json
cef_xml_reader_create
cef_zip_directory
cef_zip_reader_create

Sections

.text
Size: 54.2MB - Virtual size: 54.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_text32
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 286KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
installerV2/packages/INFO/cef.pak
.js
installerV2/packages/INFO/cef_100_percent.pak
.js
installerV2/packages/INFO/data_0
installerV2/packages/INFO/data_1
installerV2/packages/INFO/data_2
installerV2/packages/INFO/data_3
installerV2/packages/INFO/index
installerV2/packages/INFO/libcef.dll
.dll windows:5 windows x86 arch:x86

Password: 2023

193a1d2ffd1996a30078d785f256ce6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
OpenTraceW
ProcessTrace
CloseTrace
LookupAccountNameW
ConvertSidToStringSidA
ConvertSidToStringSidW
CreateWellKnownSid
EqualSid
GetAce
SetSecurityDescriptorDacl
SetEntriesInAclW
LogonUserW
GetUserNameW
GetSecurityInfo
SetThreadToken
LookupPrivilegeValueW
DuplicateTokenEx
DuplicateToken
CreateRestrictedToken
CopySid
RegDisablePredefinedCache
ConvertStringSidToSidW
SetSecurityInfo
SetTokenInformation
SetKernelObjectSecurity
GetSecurityDescriptorSacl
GetLengthSid
GetKernelObjectSecurity
RevertToSelf
ImpersonateAnonymousToken
CryptGenRandom
CryptAcquireContextW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptSetHashParam
CryptReleaseContext
RegQueryValueExA
RegOpenKeyExA
EventWrite
EventRegister
EventUnregister
StartTraceW
ControlTraceW
RegNotifyChangeKeyValue
RegEnumValueW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CreateProcessAsUserW
SystemFunction036
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
ImpersonateNamedPipeClient

gdi32

ExtCreatePen
WidenPath
StrokePath
StrokeAndFillPath
SetMiterLimit
SelectClipPath
FillPath
EndPath
CloseFigure
BeginPath
SetPolyFillMode
LineTo
GetObjectType
GetClipBox
CreatePen
CreateFontA
EnumFontFamiliesExA
GetCharWidthW
CreateFontIndirectA
SaveDC
RestoreDC
IntersectClipRect
SetEnhMetaFileBits
PlayEnhMetaFileRecord
PlayEnhMetaFile
GetEnhMetaFileHeader
MoveToEx
StretchDIBits
ExtEscape
GetTextFaceA
GetWorldTransform
StretchBlt
GetDIBits
GetRgnBox
EqualRgn
CreateRectRgn
CombineRgn
SetDIBitsToDevice
CreateCompatibleBitmap
EnumEnhMetaFile
PtInRegion
EndPage
StartPage
GetClipRgn
EndDoc
StartDocW
CancelDC
SwapBuffers
SetPixelFormat
ChoosePixelFormat
SetRectRgn
DeleteEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileBits
PolyBezierTo
CloseEnhMetaFile
GetStockObject
ModifyWorldTransform
SetMapMode
GetTextExtentPoint32W
SetDIBits
CreateBitmap
GetRegionData
GetICMProfileW
CreateDCW
GetDeviceCaps
AddFontMemResourceEx
GetFontUnicodeRanges
GdiFlush
GetTextExtentPointI
GetGlyphIndicesW
GetCharABCWidthsW
GetGlyphOutlineW
RemoveFontMemResourceEx
GetOutlineTextMetricsW
SetTextAlign
ExtTextOutW
SetBrushOrgEx
BitBlt
CreateDIBSection
GdiAlphaBlend
SetBkMode
SetArcDirection
SetDCBrushColor
SetStretchBltMode
SetROP2
GetCurrentObject
SetDCPenColor
SetWorldTransform
SetGraphicsMode
CreateRectRgnIndirect
SelectClipRgn
SetAbortProc
SetTextColor
SetBkColor
GetBkColor
CreateSolidBrush
CreateFontIndirectW
DeleteObject
SelectObject
GetTextMetricsW
EnumFontFamiliesExW
CreateCompatibleDC
DeleteDC
CreateFontW
GetFontData
GetObjectW
GetTextFaceW
GdiComment

kernel32

WaitForSingleObject
Sleep
GetConsoleCP
GetFileType
GetStdHandle
DuplicateHandle
ConnectNamedPipe
LocalFree
WaitNamedPipeW
CreateNamedPipeW
GetCurrentProcessId
GetModuleFileNameW
QueryInformationJobObject
IsProcessInJob
ResumeThread
GetCurrentProcess
GetLongPathNameW
CloseHandle
WriteFile
ReadFile
FlushFileBuffers
CreateFileW
GetModuleHandleW
LoadLibraryA
RegisterWaitForSingleObject
UnregisterWaitEx
GetCurrentThreadId
LoadLibraryExW
GetProcAddress
ExpandEnvironmentStringsW
ResetEvent
WaitForMultipleObjects
CreateEventW
SetEvent
SetLastError
GetLastError
ReleaseSRWLockExclusive
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ExitProcess
GetNumaHighestNodeNumber
GetConsoleMode
ExitThread
GetModuleFileNameA
ReadConsoleW
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
HeapQueryInformation
UnregisterWait
GetOEMCP
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
InterlockedPopEntrySList
LCMapStringW
CompareStringW
GetStringTypeW
EncodePointer
GetSystemDirectoryA
GetWindowsDirectoryA
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
DeleteFileW
MultiByteToWideChar
RaiseException
SleepEx
QueueUserAPC
CreateThread
SetThreadPriority
SetFilePointerEx
GetModuleHandleA
FormatMessageA
FreeLibrary
DecodePointer
InitializeCriticalSectionAndSpinCount
LoadResource
SizeofResource
FindResourceW
lstrcmpiW
PowerCreateRequest
PowerSetRequest
PowerClearRequest
DeviceIoControl
GetOverlappedResult
CancelIo
CreateFileA
GetSystemPowerStatus
WriteConsoleW
GetComputerNameW
GetSystemTimeAsFileTime
InterlockedPushEntrySList
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
LoadLibraryExA
GetStartupInfoW
ReleaseMutex
CreateMutexW
GetUserDefaultUILanguage
lstrcmpiA
GetEnvironmentVariableA
DisconnectNamedPipe
GetFileInformationByHandleEx
SetNamedPipeHandleState
TransactNamedPipe
GetVersion
GetVolumeInformationW
GetSystemDirectoryW
FormatMessageW
VirtualAlloc
VirtualFree
AttachConsole
GetCPInfo
FlushInstructionCache
FreeLibraryAndExitThread
InterlockedFlushSList
GetCommandLineW
WideCharToMultiByte
QueryDepthSList
CreateTimerQueue
RtlUnwind
IsValidCodePage
SetStdHandle
SuspendThread
GetThreadContext
OpenThread
TlsGetValue
TlsSetValue
TlsAlloc
SwitchToThread
IsWow64Process
GetSystemTime
EnumSystemLocalesEx
GetUserDefaultLCID
GetUserDefaultLangID
TryEnterCriticalSection
OpenProcess
HeapCreate
HeapDestroy
OutputDebugStringA
GetLocalTime
GetCurrentDirectoryW
GetTickCount
GetFileSizeEx
SetFileTime
LockFile
SetEndOfFile
GetFileInformationByHandle
UnlockFile
QueryThreadCycleTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
GetCurrentThread
QueryPerformanceFrequency
GetThreadPriority
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
CreateDirectoryW
QueryDosDeviceW
RemoveDirectoryW
GetTempPathW
GetVolumePathNameW
GetFileAttributesW
UnmapViewOfFile
SetFileAttributesW
GetLogicalDriveStringsW
GetFileAttributesExW
SetCurrentDirectoryW
MoveFileExW
ReplaceFileW
CopyFileW
CreateFileMappingW
MapViewOfFile
MoveFileW
VirtualQuery
PeekNamedPipe
GetThreadId
IsDebuggerPresent
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
LoadLibraryW
GetModuleHandleExA
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
HeapSetInformation
SetPriorityClass
TerminateProcess
GetPriorityClass
GetExitCodeProcess
GetProcessId
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetVersionExW
GetNativeSystemInfo
SetInformationJobObject
SetHandleInformation
AssignProcessToJobObject
CreateProcessW
AllocConsole
SetEnvironmentVariableW
GetEnvironmentVariableW
FindFirstFileExW
FindNextFileW
FindClose
FindFirstChangeNotificationW
FindCloseChangeNotification
lstrlenW
FlushViewOfFile
GetSystemInfo
GetProcessTimes
VirtualQueryEx
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetModuleHandleExW
HeapLock
HeapWalk
HeapUnlock
TlsFree
GetWindowsDirectoryW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
LockResource
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
InitOnceExecuteOnce
GetLocaleInfoEx
GetNumberFormatEx
GetCurrencyFormatEx
ResolveLocaleName
GetTimeZoneInformation
GetTimeFormatEx
GetDateFormatEx
GetUserDefaultLocaleName
GetGeoInfoW
GetUserGeoID
GlobalFree
SetFilePointer
GetComputerNameExW
FindFirstFileW
ReleaseSemaphore
CreateSemaphoreW
GetProcessAffinityMask
InitializeCriticalSectionEx
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableCS
WaitForSingleObjectEx
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
GetPrivateProfileStringW
GetThreadTimes
QueryUnbiasedInterruptTime
GetProcessHeap
GetFileSize
LockFileEx
HeapCompact
DeleteFileA
OutputDebugStringW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
GetFullPathNameA
GetDiskFreeSpaceW
GetFullPathNameW
AreFileApisANSI
LocalAlloc
SetThreadAffinityMask
CreateSemaphoreA
VirtualAllocEx
TerminateJobObject
WriteProcessMemory
ProcessIdToSessionId
GetProcessHandleCount
GetProcessHeaps
SignalObjectAndWait
VirtualProtectEx
ReadProcessMemory
VirtualFreeEx
CreateJobObjectW
CreateRemoteThread
DebugBreak
SearchPathW
ClearCommBreak
ClearCommError
EscapeCommFunction
GetCommModemStatus
GetCommState
PurgeComm
SetCommBreak
SetCommMask
SetCommState
SetCommTimeouts
WaitCommEvent
GetDriveTypeW
GetThreadLocale
GetSystemDefaultLCID
SetProcessShutdownParameters
SetConsoleCtrlHandler
Module32FirstW
Module32NextW
VirtualProtect
GetTempFileNameA
GetACP
GetLocaleInfoW
LocaleNameToLCID
SetErrorMode
FindFirstFileExA
FindNextFileA

ole32

CLSIDFromString
StringFromGUID2
OleInitialize
CoInitialize
CoCreateGuid
OleUninitialize
ReleaseStgMedium
OleDuplicateData
RevokeDragDrop
DoDragDrop
CoUninitialize
CoTaskMemRealloc
RegisterDragDrop
CoAllowSetForegroundWindow
CreateStreamOnHGlobal
GetHGlobalFromStream
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
CoTaskMemFree
PropVariantClear

oleaut32

VariantInit
SysFreeString
VarUI4FromStr
LoadTypeLi
VariantClear
SysAllocString
SysStringLen
LoadRegTypeLi

psapi

GetPerformanceInfo
QueryWorkingSetEx
GetMappedFileNameW
GetProcessMemoryInfo
QueryWorkingSet
GetModuleInformation
EnumProcessModules

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteA
SHGetFileInfoW
SHOpenFolderAndSelectItems
SHChangeNotify
SHOpenWithDialog
DragQueryFileW
ShellExecuteW
ord680
SHGetKnownFolderPath
CommandLineToArgvW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetDesktopFolder
SHGetPropertyStoreForWindow
ShellExecuteExW

shlwapi

AssocQueryStringW
PathMatchSpecW
ord437
PathFindExtensionW
PathFindFileNameW
PathRemoveExtensionW

user32

MapVirtualKeyW
GetMenu
GetClientRect
AdjustWindowRectEx
SendMessageW
GetActiveWindow
SendInput
FindWindowW
GetTopWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CreateDialogParamW
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
EnableWindow
IsWindowEnabled
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
IsDialogMessageW
DrawEdge
GetMenuState
GetSystemMenu
CreatePopupMenu
DestroyMenu
GetSubMenu
GetMenuItemCount
TrackPopupMenu
GetMenuInfo
SetMenuInfo
EndMenu
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextExW
GetSysColor
FillRect
ValidateRect
SetPropW
PostQuitMessage
KillTimer
TranslateMessage
GetQueueStatus
MsgWaitForMultipleObjectsEx
PeekMessageW
SetTimer
DispatchMessageW
MonitorFromPoint
MonitorFromWindow
EnumDisplayMonitors
EnumDisplaySettingsW
LoadImageW
DrawIconEx
CreateIconIndirect
GetIconInfo
IsRectEmpty
GetClassNameW
PtInRect
OpenClipboard
CloseClipboard
GetClipboardSequenceNumber
SetClipboardData
GetClipboardData
RegisterClipboardFormatW
EmptyClipboard
IsClipboardFormatAvailable
GetLastInputInfo
LoadIconW
OpenInputDesktop
CloseDesktop
GetMessageTime
GetMessageExtraInfo
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
SetKeyboardState
SetCapture
ReleaseCapture
SetCursor
CloseWindowStation
CreateDesktopW
GetThreadDesktop
CreateWindowStationW
SetProcessWindowStation
GetProcessWindowStation
PostThreadMessageW
GetCaretBlinkTime
ShowCursor
SetCursorPos
SetRectEmpty
GetMessagePos
FlashWindowEx
GetWindowPlacement
SetWindowPlacement
IsIconic
GetFocus
CloseTouchInputHandle
EnableMenuItem
SetMenuDefaultItem
SetForegroundWindow
GetWindowDC
SetWindowRgn
GetWindowRgn
RedrawWindow
OffsetRect
EnumChildWindows
GetGuiResources
GetCursorInfo
DrawFrameControl
GetSysColorBrush
DrawFocusRect
FrameRect
InvertRect
InflateRect
GetRawInputDeviceInfoW
GetRawInputDeviceList
PrintWindow
GetLayeredWindowAttributes
EnumWindows
EnumDisplaySettingsExW
BringWindowToTop
SetThreadDesktop
MessageBeep
LoadCursorW
DestroyIcon
GetDC
ReleaseDC
GetSystemMetrics
GetDoubleClickTime
GetAsyncKeyState
GetCursorPos
ClientToScreen
ScreenToClient
GetRawInputData
GetClassLongW
ExitWindowsEx
UnregisterHotKey
RegisterHotKey
GetMessageW
SetCaretPos
MessageBoxW
EnumDisplayDevicesW
SetWindowLongW
GetWindowLongW
MapWindowPoints
SystemParametersInfoW
GetKeyState
DestroyWindow
CreateWindowExW
DestroyCaret
CreateCaret
GetKeyboardLayoutList
RegisterClassExW
UnregisterClassW
DefWindowProcW
UnregisterDeviceNotification
RegisterDeviceNotificationW
DefRawInputProc
CharNextW
NotifyWinEvent
GetWindowThreadProcessId
TrackMouseEvent
CallWindowProcW
GetClassInfoExW
IsWindow
RegisterRawInputDevices
ShowWindow
SetWindowPos
RegisterTouchWindow
GetCapture
BeginPaint
EndPaint
GetPropW
RemovePropW
WindowFromPoint
GetDesktopWindow
GetParent
SetParent
IsZoomed
GetWindowRect
ClipCursor
PostMessageW
IsWindowVisible
SetFocus
EnumThreadWindows
GetWindow
GetAncestor
UpdateLayeredWindow
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
GetForegroundWindow
RegisterClassW
MoveWindow
MessageBoxA
IntersectRect
IsChild
GetUserObjectInformationW
GetKeyboardLayoutNameW
InvalidateRect
MonitorFromRect
GetMonitorInfoW

winmm

timeEndPeriod
timeBeginPeriod
midiOutGetNumDevs
midiOutGetDevCapsW
midiOutOpen
midiOutClose
timeGetTime
waveOutReset
waveOutRestart
midiOutPrepareHeader
midiOutUnprepareHeader
midiOutShortMsg
waveOutPause
midiInReset
midiInStart
midiInAddBuffer
midiInUnprepareHeader
midiInPrepareHeader
midiInClose
midiInOpen
midiInGetDevCapsW
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveInGetNumDevs
waveOutGetNumDevs
midiInGetNumDevs
midiOutReset
midiOutLongMsg

ws2_32

WSAResetEvent
WSASendTo
WSAStartup
WSARecvFrom
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
accept
listen
recv
recvfrom
WSAIoctl
WSAGetLastError
WSALookupServiceBeginW
WSASetEvent
send
WSAWaitForMultipleEvents
getsockopt
getsockname
WSALookupServiceNextW
WSALookupServiceEnd
WSASocketW
getaddrinfo
freeaddrinfo
getpeername
htonl
htons
ntohl
ntohs
socket
WSASetServiceW
WSAEnumNameSpaceProvidersW
WSCEnumProtocols
WSCGetProviderPath
setsockopt
WSASend
sendto
connect
closesocket
bind
gethostname
shutdown
ioctlsocket

netapi32

NetUserGetInfo
NetApiBufferFree

comctl32

InitCommonControlsEx

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

wintrust

CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminAcquireContext

hid

HidD_GetAttributes
HidD_GetPreparsedData
HidD_FreePreparsedData
HidD_GetProductString
HidD_GetSerialNumberString
HidP_GetCaps
HidP_GetValueCaps
HidP_GetButtonCaps

chrome_elf

InjectDumpForHungInput_ExportThunk
InjectDumpForHungInputNoCrashKeys_ExportThunk
RequestSingleCrashUpload_ExportThunk
GetCrashReports_ExportThunk
SignalChromeElf
SignalInitializeCrashReporting

comdlg32

GetOpenFileNameW
PrintDlgExW
GetSaveFileNameW
ChooseColorW

dbghelp

SymGetLineFromAddr64
SymGetSearchPathW
SymInitialize
SymFromAddr
SymSetOptions
SymSetSearchPathW

usp10

ScriptFreeCache
ScriptItemize
ScriptShape
ScriptStringAnalyse
ScriptStringFree
ScriptStringOut

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

cryptui

CryptUIDlgViewCertificateW
CryptUIDlgCertMgr

dwmapi

DwmExtendFrameIntoClientArea
DwmSetWindowAttribute
DwmGetWindowAttribute
DwmGetCompositionTimingInfo
DwmIsCompositionEnabled
DwmDefWindowProc

crypt32

CertOpenSystemStoreW
CertFindChainInStore
CertCompareCertificateName
CryptVerifyCertificateSignatureEx
CryptAcquireCertificatePrivateKey
CryptDecodeObjectEx
CryptInstallOIDFunctionAddress
CertGetIssuerCertificateFromStore
CertDuplicateCertificateContext
CertFindExtension
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertGetIntendedKeyUsage
CertCreateCertificateChainEngine
CertVerifyTimeValidity
CertAddCertificateContextToStore
CryptMsgClose
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CryptQueryObject
CryptUnprotectData
CryptProtectData
CertAddEncodedCertificateToStore
CertGetCertificateContextProperty
CertSetCertificateContextProperty
CertCloseStore
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertOpenStore

dhcpcsvc

DhcpRequestParams
DhcpCApiInitialize

iphlpapi

FreeMibTable
IpRenewAddress
IpReleaseAddress
GetInterfaceInfo
CancelIPChangeNotify
NotifyAddrChange
GetAdaptersAddresses
GetIfTable2

ncrypt

NCryptSignHash
NCryptFreeObject

secur32

GetUserNameExW
QuerySecurityPackageInfoW
FreeContextBuffer
DeleteSecurityContext
InitializeSecurityContextW
FreeCredentialsHandle
AcquireCredentialsHandleW
AcquireCredentialsHandleA
CompleteAuthToken
InitializeSecurityContextA

urlmon

CoInternetCreateSecurityManager

winhttp

WinHttpConnect
WinHttpGetProxyForUrl
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpReadData
WinHttpWriteData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpReceiveResponse

dwrite

DWriteCreateFactory

d3d9

Direct3DCreate9Ex

d3d11

D3D11CreateDevice

dxva2

DXVA2CreateDirect3DDeviceManager9
DXVA2CreateVideoService

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

dxgi

CreateDXGIFactory1

winspool.drv

ClosePrinter
OpenPrinterW
EnumPrintersW
DeviceCapabilitiesW
ord203
GetPrinterW
GetPrinterDriverW
DocumentPropertiesW

imm32

ImmAssociateContextEx
ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW
ImmGetConversionStatus
ImmSetConversionStatus
ImmSetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow

Exports

Exports

GetHandleVerifier
IsSandboxedProcess
RelaunchChromeBrowserWithNewCommandLineIfNeeded
cef_add_cross_origin_whitelist_entry
cef_api_hash
cef_base64decode
cef_base64encode
cef_begin_tracing
cef_binary_value_create
cef_browser_host_create_browser
cef_browser_host_create_browser_sync
cef_browser_view_create
cef_browser_view_get_for_browser
cef_clear_cross_origin_whitelist
cef_clear_scheme_handler_factories
cef_command_line_create
cef_command_line_get_global
cef_cookie_manager_create_manager
cef_cookie_manager_get_global_manager
cef_crash_reporting_enabled
cef_create_context_shared
cef_create_directory
cef_create_new_temp_directory
cef_create_temp_directory_in_directory
cef_create_url
cef_currently_on
cef_delete_file
cef_dictionary_value_create
cef_directory_exists
cef_display_get_alls
cef_display_get_count
cef_display_get_matching_bounds
cef_display_get_nearest_point
cef_display_get_primary
cef_do_message_loop_work
cef_drag_data_create
cef_enable_highdpi_support
cef_end_tracing
cef_execute_java_script_with_user_gesture_for_tests
cef_execute_process
cef_format_url_for_security_display
cef_get_current_platform_thread_handle
cef_get_current_platform_thread_id
cef_get_extensions_for_mime_type
cef_get_geolocation
cef_get_mime_type
cef_get_min_log_level
cef_get_path
cef_get_temp_directory
cef_get_vlog_level
cef_image_create
cef_initialize
cef_is_cert_status_error
cef_is_cert_status_minor_error
cef_is_web_plugin_unstable
cef_label_button_create
cef_launch_process
cef_list_value_create
cef_load_crlsets_file
cef_log
cef_menu_button_create
cef_menu_model_create
cef_now_from_system_trace_time
cef_panel_create
cef_parse_json
cef_parse_jsonand_return_error
cef_parse_url
cef_post_data_create
cef_post_data_element_create
cef_post_delayed_task
cef_post_task
cef_print_settings_create
cef_process_message_create
cef_quit_message_loop
cef_refresh_web_plugins
cef_register_extension
cef_register_scheme_handler_factory
cef_register_web_plugin_crash
cef_register_widevine_cdm
cef_remove_cross_origin_whitelist_entry
cef_request_context_create_context
cef_request_context_get_global_context
cef_request_create
cef_resource_bundle_get_global
cef_response_create
cef_run_message_loop
cef_scroll_view_create
cef_server_create
cef_set_crash_key_value
cef_set_osmodal_loop
cef_shutdown
cef_stream_reader_create_for_data
cef_stream_reader_create_for_file
cef_stream_reader_create_for_handler
cef_stream_writer_create_for_file
cef_stream_writer_create_for_handler
cef_string_ascii_to_utf16
cef_string_ascii_to_wide
cef_string_list_alloc
cef_string_list_append
cef_string_list_clear
cef_string_list_copy
cef_string_list_free
cef_string_list_size
cef_string_list_value
cef_string_map_alloc
cef_string_map_append
cef_string_map_clear
cef_string_map_find
cef_string_map_free
cef_string_map_key
cef_string_map_size
cef_string_map_value
cef_string_multimap_alloc
cef_string_multimap_append
cef_string_multimap_clear
cef_string_multimap_enumerate
cef_string_multimap_find_count
cef_string_multimap_free
cef_string_multimap_key
cef_string_multimap_size
cef_string_multimap_value
cef_string_userfree_utf16_alloc
cef_string_userfree_utf16_free
cef_string_userfree_utf8_alloc
cef_string_userfree_utf8_free
cef_string_userfree_wide_alloc
cef_string_userfree_wide_free
cef_string_utf16_clear
cef_string_utf16_cmp
cef_string_utf16_set
cef_string_utf16_to_lower
cef_string_utf16_to_upper
cef_string_utf16_to_utf8
cef_string_utf16_to_wide
cef_string_utf8_clear
cef_string_utf8_cmp
cef_string_utf8_set
cef_string_utf8_to_utf16
cef_string_utf8_to_wide
cef_string_wide_clear
cef_string_wide_cmp
cef_string_wide_set
cef_string_wide_to_utf16
cef_string_wide_to_utf8
cef_task_runner_get_for_current_thread
cef_task_runner_get_for_thread
cef_textfield_create
cef_thread_create
cef_time_delta
cef_time_from_doublet
cef_time_from_timet
cef_time_now
cef_time_to_doublet
cef_time_to_timet
cef_trace_counter
cef_trace_counter_id
cef_trace_event_async_begin
cef_trace_event_async_end
cef_trace_event_async_step_into
cef_trace_event_async_step_past
cef_trace_event_begin
cef_trace_event_end
cef_trace_event_instant
cef_translator_test_create
cef_translator_test_ref_ptr_library_child_child_create
cef_translator_test_ref_ptr_library_child_create
cef_translator_test_ref_ptr_library_create
cef_translator_test_scoped_library_child_child_create
cef_translator_test_scoped_library_child_create
cef_translator_test_scoped_library_create
cef_unregister_internal_web_plugin
cef_uridecode
cef_uriencode
cef_urlrequest_create
cef_v8context_get_current_context
cef_v8context_get_entered_context
cef_v8context_in_context
cef_v8stack_trace_get_current
cef_v8value_create_array
cef_v8value_create_bool
cef_v8value_create_date
cef_v8value_create_double
cef_v8value_create_function
cef_v8value_create_int
cef_v8value_create_null
cef_v8value_create_object
cef_v8value_create_string
cef_v8value_create_uint
cef_v8value_create_undefined
cef_value_create
cef_version_info
cef_visit_web_plugin_info
cef_waitable_event_create
cef_window_create_top_level
cef_write_json
cef_xml_reader_create
cef_zip_directory
cef_zip_reader_create

Sections

.text
Size: 54.2MB - Virtual size: 54.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_text32
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 286KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
installerV2/packages/cash/cef.pak
.js
installerV2/packages/cash/cef_100_percent.pak
.js
installerV2/packages/cash/data_0
installerV2/packages/cash/data_1
installerV2/packages/cash/data_2
installerV2/packages/cash/data_3
installerV2/packages/cash/index
installerV2/packages/cash/libcef.dll
.dll windows:5 windows x86 arch:x86

Password: 2023

193a1d2ffd1996a30078d785f256ce6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
OpenTraceW
ProcessTrace
CloseTrace
LookupAccountNameW
ConvertSidToStringSidA
ConvertSidToStringSidW
CreateWellKnownSid
EqualSid
GetAce
SetSecurityDescriptorDacl
SetEntriesInAclW
LogonUserW
GetUserNameW
GetSecurityInfo
SetThreadToken
LookupPrivilegeValueW
DuplicateTokenEx
DuplicateToken
CreateRestrictedToken
CopySid
RegDisablePredefinedCache
ConvertStringSidToSidW
SetSecurityInfo
SetTokenInformation
SetKernelObjectSecurity
GetSecurityDescriptorSacl
GetLengthSid
GetKernelObjectSecurity
RevertToSelf
ImpersonateAnonymousToken
CryptGenRandom
CryptAcquireContextW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptSetHashParam
CryptReleaseContext
RegQueryValueExA
RegOpenKeyExA
EventWrite
EventRegister
EventUnregister
StartTraceW
ControlTraceW
RegNotifyChangeKeyValue
RegEnumValueW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CreateProcessAsUserW
SystemFunction036
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
ImpersonateNamedPipeClient

gdi32

ExtCreatePen
WidenPath
StrokePath
StrokeAndFillPath
SetMiterLimit
SelectClipPath
FillPath
EndPath
CloseFigure
BeginPath
SetPolyFillMode
LineTo
GetObjectType
GetClipBox
CreatePen
CreateFontA
EnumFontFamiliesExA
GetCharWidthW
CreateFontIndirectA
SaveDC
RestoreDC
IntersectClipRect
SetEnhMetaFileBits
PlayEnhMetaFileRecord
PlayEnhMetaFile
GetEnhMetaFileHeader
MoveToEx
StretchDIBits
ExtEscape
GetTextFaceA
GetWorldTransform
StretchBlt
GetDIBits
GetRgnBox
EqualRgn
CreateRectRgn
CombineRgn
SetDIBitsToDevice
CreateCompatibleBitmap
EnumEnhMetaFile
PtInRegion
EndPage
StartPage
GetClipRgn
EndDoc
StartDocW
CancelDC
SwapBuffers
SetPixelFormat
ChoosePixelFormat
SetRectRgn
DeleteEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileBits
PolyBezierTo
CloseEnhMetaFile
GetStockObject
ModifyWorldTransform
SetMapMode
GetTextExtentPoint32W
SetDIBits
CreateBitmap
GetRegionData
GetICMProfileW
CreateDCW
GetDeviceCaps
AddFontMemResourceEx
GetFontUnicodeRanges
GdiFlush
GetTextExtentPointI
GetGlyphIndicesW
GetCharABCWidthsW
GetGlyphOutlineW
RemoveFontMemResourceEx
GetOutlineTextMetricsW
SetTextAlign
ExtTextOutW
SetBrushOrgEx
BitBlt
CreateDIBSection
GdiAlphaBlend
SetBkMode
SetArcDirection
SetDCBrushColor
SetStretchBltMode
SetROP2
GetCurrentObject
SetDCPenColor
SetWorldTransform
SetGraphicsMode
CreateRectRgnIndirect
SelectClipRgn
SetAbortProc
SetTextColor
SetBkColor
GetBkColor
CreateSolidBrush
CreateFontIndirectW
DeleteObject
SelectObject
GetTextMetricsW
EnumFontFamiliesExW
CreateCompatibleDC
DeleteDC
CreateFontW
GetFontData
GetObjectW
GetTextFaceW
GdiComment

kernel32

WaitForSingleObject
Sleep
GetConsoleCP
GetFileType
GetStdHandle
DuplicateHandle
ConnectNamedPipe
LocalFree
WaitNamedPipeW
CreateNamedPipeW
GetCurrentProcessId
GetModuleFileNameW
QueryInformationJobObject
IsProcessInJob
ResumeThread
GetCurrentProcess
GetLongPathNameW
CloseHandle
WriteFile
ReadFile
FlushFileBuffers
CreateFileW
GetModuleHandleW
LoadLibraryA
RegisterWaitForSingleObject
UnregisterWaitEx
GetCurrentThreadId
LoadLibraryExW
GetProcAddress
ExpandEnvironmentStringsW
ResetEvent
WaitForMultipleObjects
CreateEventW
SetEvent
SetLastError
GetLastError
ReleaseSRWLockExclusive
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ExitProcess
GetNumaHighestNodeNumber
GetConsoleMode
ExitThread
GetModuleFileNameA
ReadConsoleW
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
HeapQueryInformation
UnregisterWait
GetOEMCP
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
InterlockedPopEntrySList
LCMapStringW
CompareStringW
GetStringTypeW
EncodePointer
GetSystemDirectoryA
GetWindowsDirectoryA
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
DeleteFileW
MultiByteToWideChar
RaiseException
SleepEx
QueueUserAPC
CreateThread
SetThreadPriority
SetFilePointerEx
GetModuleHandleA
FormatMessageA
FreeLibrary
DecodePointer
InitializeCriticalSectionAndSpinCount
LoadResource
SizeofResource
FindResourceW
lstrcmpiW
PowerCreateRequest
PowerSetRequest
PowerClearRequest
DeviceIoControl
GetOverlappedResult
CancelIo
CreateFileA
GetSystemPowerStatus
WriteConsoleW
GetComputerNameW
GetSystemTimeAsFileTime
InterlockedPushEntrySList
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
LoadLibraryExA
GetStartupInfoW
ReleaseMutex
CreateMutexW
GetUserDefaultUILanguage
lstrcmpiA
GetEnvironmentVariableA
DisconnectNamedPipe
GetFileInformationByHandleEx
SetNamedPipeHandleState
TransactNamedPipe
GetVersion
GetVolumeInformationW
GetSystemDirectoryW
FormatMessageW
VirtualAlloc
VirtualFree
AttachConsole
GetCPInfo
FlushInstructionCache
FreeLibraryAndExitThread
InterlockedFlushSList
GetCommandLineW
WideCharToMultiByte
QueryDepthSList
CreateTimerQueue
RtlUnwind
IsValidCodePage
SetStdHandle
SuspendThread
GetThreadContext
OpenThread
TlsGetValue
TlsSetValue
TlsAlloc
SwitchToThread
IsWow64Process
GetSystemTime
EnumSystemLocalesEx
GetUserDefaultLCID
GetUserDefaultLangID
TryEnterCriticalSection
OpenProcess
HeapCreate
HeapDestroy
OutputDebugStringA
GetLocalTime
GetCurrentDirectoryW
GetTickCount
GetFileSizeEx
SetFileTime
LockFile
SetEndOfFile
GetFileInformationByHandle
UnlockFile
QueryThreadCycleTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
GetCurrentThread
QueryPerformanceFrequency
GetThreadPriority
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
CreateDirectoryW
QueryDosDeviceW
RemoveDirectoryW
GetTempPathW
GetVolumePathNameW
GetFileAttributesW
UnmapViewOfFile
SetFileAttributesW
GetLogicalDriveStringsW
GetFileAttributesExW
SetCurrentDirectoryW
MoveFileExW
ReplaceFileW
CopyFileW
CreateFileMappingW
MapViewOfFile
MoveFileW
VirtualQuery
PeekNamedPipe
GetThreadId
IsDebuggerPresent
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
LoadLibraryW
GetModuleHandleExA
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
HeapSetInformation
SetPriorityClass
TerminateProcess
GetPriorityClass
GetExitCodeProcess
GetProcessId
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetVersionExW
GetNativeSystemInfo
SetInformationJobObject
SetHandleInformation
AssignProcessToJobObject
CreateProcessW
AllocConsole
SetEnvironmentVariableW
GetEnvironmentVariableW
FindFirstFileExW
FindNextFileW
FindClose
FindFirstChangeNotificationW
FindCloseChangeNotification
lstrlenW
FlushViewOfFile
GetSystemInfo
GetProcessTimes
VirtualQueryEx
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetModuleHandleExW
HeapLock
HeapWalk
HeapUnlock
TlsFree
GetWindowsDirectoryW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
LockResource
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
InitOnceExecuteOnce
GetLocaleInfoEx
GetNumberFormatEx
GetCurrencyFormatEx
ResolveLocaleName
GetTimeZoneInformation
GetTimeFormatEx
GetDateFormatEx
GetUserDefaultLocaleName
GetGeoInfoW
GetUserGeoID
GlobalFree
SetFilePointer
GetComputerNameExW
FindFirstFileW
ReleaseSemaphore
CreateSemaphoreW
GetProcessAffinityMask
InitializeCriticalSectionEx
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableCS
WaitForSingleObjectEx
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
GetPrivateProfileStringW
GetThreadTimes
QueryUnbiasedInterruptTime
GetProcessHeap
GetFileSize
LockFileEx
HeapCompact
DeleteFileA
OutputDebugStringW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
GetFullPathNameA
GetDiskFreeSpaceW
GetFullPathNameW
AreFileApisANSI
LocalAlloc
SetThreadAffinityMask
CreateSemaphoreA
VirtualAllocEx
TerminateJobObject
WriteProcessMemory
ProcessIdToSessionId
GetProcessHandleCount
GetProcessHeaps
SignalObjectAndWait
VirtualProtectEx
ReadProcessMemory
VirtualFreeEx
CreateJobObjectW
CreateRemoteThread
DebugBreak
SearchPathW
ClearCommBreak
ClearCommError
EscapeCommFunction
GetCommModemStatus
GetCommState
PurgeComm
SetCommBreak
SetCommMask
SetCommState
SetCommTimeouts
WaitCommEvent
GetDriveTypeW
GetThreadLocale
GetSystemDefaultLCID
SetProcessShutdownParameters
SetConsoleCtrlHandler
Module32FirstW
Module32NextW
VirtualProtect
GetTempFileNameA
GetACP
GetLocaleInfoW
LocaleNameToLCID
SetErrorMode
FindFirstFileExA
FindNextFileA

ole32

CLSIDFromString
StringFromGUID2
OleInitialize
CoInitialize
CoCreateGuid
OleUninitialize
ReleaseStgMedium
OleDuplicateData
RevokeDragDrop
DoDragDrop
CoUninitialize
CoTaskMemRealloc
RegisterDragDrop
CoAllowSetForegroundWindow
CreateStreamOnHGlobal
GetHGlobalFromStream
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
CoTaskMemFree
PropVariantClear

oleaut32

VariantInit
SysFreeString
VarUI4FromStr
LoadTypeLi
VariantClear
SysAllocString
SysStringLen
LoadRegTypeLi

psapi

GetPerformanceInfo
QueryWorkingSetEx
GetMappedFileNameW
GetProcessMemoryInfo
QueryWorkingSet
GetModuleInformation
EnumProcessModules

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteA
SHGetFileInfoW
SHOpenFolderAndSelectItems
SHChangeNotify
SHOpenWithDialog
DragQueryFileW
ShellExecuteW
ord680
SHGetKnownFolderPath
CommandLineToArgvW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetDesktopFolder
SHGetPropertyStoreForWindow
ShellExecuteExW

shlwapi

AssocQueryStringW
PathMatchSpecW
ord437
PathFindExtensionW
PathFindFileNameW
PathRemoveExtensionW

user32

MapVirtualKeyW
GetMenu
GetClientRect
AdjustWindowRectEx
SendMessageW
GetActiveWindow
SendInput
FindWindowW
GetTopWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CreateDialogParamW
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
EnableWindow
IsWindowEnabled
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
IsDialogMessageW
DrawEdge
GetMenuState
GetSystemMenu
CreatePopupMenu
DestroyMenu
GetSubMenu
GetMenuItemCount
TrackPopupMenu
GetMenuInfo
SetMenuInfo
EndMenu
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextExW
GetSysColor
FillRect
ValidateRect
SetPropW
PostQuitMessage
KillTimer
TranslateMessage
GetQueueStatus
MsgWaitForMultipleObjectsEx
PeekMessageW
SetTimer
DispatchMessageW
MonitorFromPoint
MonitorFromWindow
EnumDisplayMonitors
EnumDisplaySettingsW
LoadImageW
DrawIconEx
CreateIconIndirect
GetIconInfo
IsRectEmpty
GetClassNameW
PtInRect
OpenClipboard
CloseClipboard
GetClipboardSequenceNumber
SetClipboardData
GetClipboardData
RegisterClipboardFormatW
EmptyClipboard
IsClipboardFormatAvailable
GetLastInputInfo
LoadIconW
OpenInputDesktop
CloseDesktop
GetMessageTime
GetMessageExtraInfo
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
SetKeyboardState
SetCapture
ReleaseCapture
SetCursor
CloseWindowStation
CreateDesktopW
GetThreadDesktop
CreateWindowStationW
SetProcessWindowStation
GetProcessWindowStation
PostThreadMessageW
GetCaretBlinkTime
ShowCursor
SetCursorPos
SetRectEmpty
GetMessagePos
FlashWindowEx
GetWindowPlacement
SetWindowPlacement
IsIconic
GetFocus
CloseTouchInputHandle
EnableMenuItem
SetMenuDefaultItem
SetForegroundWindow
GetWindowDC
SetWindowRgn
GetWindowRgn
RedrawWindow
OffsetRect
EnumChildWindows
GetGuiResources
GetCursorInfo
DrawFrameControl
GetSysColorBrush
DrawFocusRect
FrameRect
InvertRect
InflateRect
GetRawInputDeviceInfoW
GetRawInputDeviceList
PrintWindow
GetLayeredWindowAttributes
EnumWindows
EnumDisplaySettingsExW
BringWindowToTop
SetThreadDesktop
MessageBeep
LoadCursorW
DestroyIcon
GetDC
ReleaseDC
GetSystemMetrics
GetDoubleClickTime
GetAsyncKeyState
GetCursorPos
ClientToScreen
ScreenToClient
GetRawInputData
GetClassLongW
ExitWindowsEx
UnregisterHotKey
RegisterHotKey
GetMessageW
SetCaretPos
MessageBoxW
EnumDisplayDevicesW
SetWindowLongW
GetWindowLongW
MapWindowPoints
SystemParametersInfoW
GetKeyState
DestroyWindow
CreateWindowExW
DestroyCaret
CreateCaret
GetKeyboardLayoutList
RegisterClassExW
UnregisterClassW
DefWindowProcW
UnregisterDeviceNotification
RegisterDeviceNotificationW
DefRawInputProc
CharNextW
NotifyWinEvent
GetWindowThreadProcessId
TrackMouseEvent
CallWindowProcW
GetClassInfoExW
IsWindow
RegisterRawInputDevices
ShowWindow
SetWindowPos
RegisterTouchWindow
GetCapture
BeginPaint
EndPaint
GetPropW
RemovePropW
WindowFromPoint
GetDesktopWindow
GetParent
SetParent
IsZoomed
GetWindowRect
ClipCursor
PostMessageW
IsWindowVisible
SetFocus
EnumThreadWindows
GetWindow
GetAncestor
UpdateLayeredWindow
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
GetForegroundWindow
RegisterClassW
MoveWindow
MessageBoxA
IntersectRect
IsChild
GetUserObjectInformationW
GetKeyboardLayoutNameW
InvalidateRect
MonitorFromRect
GetMonitorInfoW

winmm

timeEndPeriod
timeBeginPeriod
midiOutGetNumDevs
midiOutGetDevCapsW
midiOutOpen
midiOutClose
timeGetTime
waveOutReset
waveOutRestart
midiOutPrepareHeader
midiOutUnprepareHeader
midiOutShortMsg
waveOutPause
midiInReset
midiInStart
midiInAddBuffer
midiInUnprepareHeader
midiInPrepareHeader
midiInClose
midiInOpen
midiInGetDevCapsW
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveInGetNumDevs
waveOutGetNumDevs
midiInGetNumDevs
midiOutReset
midiOutLongMsg

ws2_32

WSAResetEvent
WSASendTo
WSAStartup
WSARecvFrom
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
accept
listen
recv
recvfrom
WSAIoctl
WSAGetLastError
WSALookupServiceBeginW
WSASetEvent
send
WSAWaitForMultipleEvents
getsockopt
getsockname
WSALookupServiceNextW
WSALookupServiceEnd
WSASocketW
getaddrinfo
freeaddrinfo
getpeername
htonl
htons
ntohl
ntohs
socket
WSASetServiceW
WSAEnumNameSpaceProvidersW
WSCEnumProtocols
WSCGetProviderPath
setsockopt
WSASend
sendto
connect
closesocket
bind
gethostname
shutdown
ioctlsocket

netapi32

NetUserGetInfo
NetApiBufferFree

comctl32

InitCommonControlsEx

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

wintrust

CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminAcquireContext

hid

HidD_GetAttributes
HidD_GetPreparsedData
HidD_FreePreparsedData
HidD_GetProductString
HidD_GetSerialNumberString
HidP_GetCaps
HidP_GetValueCaps
HidP_GetButtonCaps

chrome_elf

InjectDumpForHungInput_ExportThunk
InjectDumpForHungInputNoCrashKeys_ExportThunk
RequestSingleCrashUpload_ExportThunk
GetCrashReports_ExportThunk
SignalChromeElf
SignalInitializeCrashReporting

comdlg32

GetOpenFileNameW
PrintDlgExW
GetSaveFileNameW
ChooseColorW

dbghelp

SymGetLineFromAddr64
SymGetSearchPathW
SymInitialize
SymFromAddr
SymSetOptions
SymSetSearchPathW

usp10

ScriptFreeCache
ScriptItemize
ScriptShape
ScriptStringAnalyse
ScriptStringFree
ScriptStringOut

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

cryptui

CryptUIDlgViewCertificateW
CryptUIDlgCertMgr

dwmapi

DwmExtendFrameIntoClientArea
DwmSetWindowAttribute
DwmGetWindowAttribute
DwmGetCompositionTimingInfo
DwmIsCompositionEnabled
DwmDefWindowProc

crypt32

CertOpenSystemStoreW
CertFindChainInStore
CertCompareCertificateName
CryptVerifyCertificateSignatureEx
CryptAcquireCertificatePrivateKey
CryptDecodeObjectEx
CryptInstallOIDFunctionAddress
CertGetIssuerCertificateFromStore
CertDuplicateCertificateContext
CertFindExtension
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertGetIntendedKeyUsage
CertCreateCertificateChainEngine
CertVerifyTimeValidity
CertAddCertificateContextToStore
CryptMsgClose
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CryptQueryObject
CryptUnprotectData
CryptProtectData
CertAddEncodedCertificateToStore
CertGetCertificateContextProperty
CertSetCertificateContextProperty
CertCloseStore
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertOpenStore

dhcpcsvc

DhcpRequestParams
DhcpCApiInitialize

iphlpapi

FreeMibTable
IpRenewAddress
IpReleaseAddress
GetInterfaceInfo
CancelIPChangeNotify
NotifyAddrChange
GetAdaptersAddresses
GetIfTable2

ncrypt

NCryptSignHash
NCryptFreeObject

secur32

GetUserNameExW
QuerySecurityPackageInfoW
FreeContextBuffer
DeleteSecurityContext
InitializeSecurityContextW
FreeCredentialsHandle
AcquireCredentialsHandleW
AcquireCredentialsHandleA
CompleteAuthToken
InitializeSecurityContextA

urlmon

CoInternetCreateSecurityManager

winhttp

WinHttpConnect
WinHttpGetProxyForUrl
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpReadData
WinHttpWriteData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpReceiveResponse

dwrite

DWriteCreateFactory

d3d9

Direct3DCreate9Ex

d3d11

D3D11CreateDevice

dxva2

DXVA2CreateDirect3DDeviceManager9
DXVA2CreateVideoService

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

dxgi

CreateDXGIFactory1

winspool.drv

ClosePrinter
OpenPrinterW
EnumPrintersW
DeviceCapabilitiesW
ord203
GetPrinterW
GetPrinterDriverW
DocumentPropertiesW

imm32

ImmAssociateContextEx
ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW
ImmGetConversionStatus
ImmSetConversionStatus
ImmSetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow

Exports

Exports

GetHandleVerifier
IsSandboxedProcess
RelaunchChromeBrowserWithNewCommandLineIfNeeded
cef_add_cross_origin_whitelist_entry
cef_api_hash
cef_base64decode
cef_base64encode
cef_begin_tracing
cef_binary_value_create
cef_browser_host_create_browser
cef_browser_host_create_browser_sync
cef_browser_view_create
cef_browser_view_get_for_browser
cef_clear_cross_origin_whitelist
cef_clear_scheme_handler_factories
cef_command_line_create
cef_command_line_get_global
cef_cookie_manager_create_manager
cef_cookie_manager_get_global_manager
cef_crash_reporting_enabled
cef_create_context_shared
cef_create_directory
cef_create_new_temp_directory
cef_create_temp_directory_in_directory
cef_create_url
cef_currently_on
cef_delete_file
cef_dictionary_value_create
cef_directory_exists
cef_display_get_alls
cef_display_get_count
cef_display_get_matching_bounds
cef_display_get_nearest_point
cef_display_get_primary
cef_do_message_loop_work
cef_drag_data_create
cef_enable_highdpi_support
cef_end_tracing
cef_execute_java_script_with_user_gesture_for_tests
cef_execute_process
cef_format_url_for_security_display
cef_get_current_platform_thread_handle
cef_get_current_platform_thread_id
cef_get_extensions_for_mime_type
cef_get_geolocation
cef_get_mime_type
cef_get_min_log_level
cef_get_path
cef_get_temp_directory
cef_get_vlog_level
cef_image_create
cef_initialize
cef_is_cert_status_error
cef_is_cert_status_minor_error
cef_is_web_plugin_unstable
cef_label_button_create
cef_launch_process
cef_list_value_create
cef_load_crlsets_file
cef_log
cef_menu_button_create
cef_menu_model_create
cef_now_from_system_trace_time
cef_panel_create
cef_parse_json
cef_parse_jsonand_return_error
cef_parse_url
cef_post_data_create
cef_post_data_element_create
cef_post_delayed_task
cef_post_task
cef_print_settings_create
cef_process_message_create
cef_quit_message_loop
cef_refresh_web_plugins
cef_register_extension
cef_register_scheme_handler_factory
cef_register_web_plugin_crash
cef_register_widevine_cdm
cef_remove_cross_origin_whitelist_entry
cef_request_context_create_context
cef_request_context_get_global_context
cef_request_create
cef_resource_bundle_get_global
cef_response_create
cef_run_message_loop
cef_scroll_view_create
cef_server_create
cef_set_crash_key_value
cef_set_osmodal_loop
cef_shutdown
cef_stream_reader_create_for_data
cef_stream_reader_create_for_file
cef_stream_reader_create_for_handler
cef_stream_writer_create_for_file
cef_stream_writer_create_for_handler
cef_string_ascii_to_utf16
cef_string_ascii_to_wide
cef_string_list_alloc
cef_string_list_append
cef_string_list_clear
cef_string_list_copy
cef_string_list_free
cef_string_list_size
cef_string_list_value
cef_string_map_alloc
cef_string_map_append
cef_string_map_clear
cef_string_map_find
cef_string_map_free
cef_string_map_key
cef_string_map_size
cef_string_map_value
cef_string_multimap_alloc
cef_string_multimap_append
cef_string_multimap_clear
cef_string_multimap_enumerate
cef_string_multimap_find_count
cef_string_multimap_free
cef_string_multimap_key
cef_string_multimap_size
cef_string_multimap_value
cef_string_userfree_utf16_alloc
cef_string_userfree_utf16_free
cef_string_userfree_utf8_alloc
cef_string_userfree_utf8_free
cef_string_userfree_wide_alloc
cef_string_userfree_wide_free
cef_string_utf16_clear
cef_string_utf16_cmp
cef_string_utf16_set
cef_string_utf16_to_lower
cef_string_utf16_to_upper
cef_string_utf16_to_utf8
cef_string_utf16_to_wide
cef_string_utf8_clear
cef_string_utf8_cmp
cef_string_utf8_set
cef_string_utf8_to_utf16
cef_string_utf8_to_wide
cef_string_wide_clear
cef_string_wide_cmp
cef_string_wide_set
cef_string_wide_to_utf16
cef_string_wide_to_utf8
cef_task_runner_get_for_current_thread
cef_task_runner_get_for_thread
cef_textfield_create
cef_thread_create
cef_time_delta
cef_time_from_doublet
cef_time_from_timet
cef_time_now
cef_time_to_doublet
cef_time_to_timet
cef_trace_counter
cef_trace_counter_id
cef_trace_event_async_begin
cef_trace_event_async_end
cef_trace_event_async_step_into
cef_trace_event_async_step_past
cef_trace_event_begin
cef_trace_event_end
cef_trace_event_instant
cef_translator_test_create
cef_translator_test_ref_ptr_library_child_child_create
cef_translator_test_ref_ptr_library_child_create
cef_translator_test_ref_ptr_library_create
cef_translator_test_scoped_library_child_child_create
cef_translator_test_scoped_library_child_create
cef_translator_test_scoped_library_create
cef_unregister_internal_web_plugin
cef_uridecode
cef_uriencode
cef_urlrequest_create
cef_v8context_get_current_context
cef_v8context_get_entered_context
cef_v8context_in_context
cef_v8stack_trace_get_current
cef_v8value_create_array
cef_v8value_create_bool
cef_v8value_create_date
cef_v8value_create_double
cef_v8value_create_function
cef_v8value_create_int
cef_v8value_create_null
cef_v8value_create_object
cef_v8value_create_string
cef_v8value_create_uint
cef_v8value_create_undefined
cef_value_create
cef_version_info
cef_visit_web_plugin_info
cef_waitable_event_create
cef_window_create_top_level
cef_write_json
cef_xml_reader_create
cef_zip_directory
cef_zip_reader_create

Sections

.text
Size: 54.2MB - Virtual size: 54.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_text32
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 286KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
installerV2/resources/AdobePIM.dll
.dll windows:5 windows x86 arch:x86

Password: 2023

bad4069efbb0fea858e33d102d409210

Code Sign

05:35:93:bf:71:f7:48:1b:9f:b7:6b:cb:4e:cc:f5:78
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2020, 00:00

Not After

20/12/2022, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ec:cc:74:af:3f:ff:e1:cd:b7:59:c9:19:0e:52:ca:a8:49:7b:fe:33:5c:94:8a:f7:0d:ba:cb:7d:44:1f:28:93
Signer

Actual PE Digest

ec:cc:74:af:3f:ff:e1:cd:b7:59:c9:19:0e:52:ca:a8:49:7b:fe:33:5c:94:8a:f7:0d:ba:cb:7d:44:1f:28:93

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
CreateSemaphoreW
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
LockFileEx
GetFileSize
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
ReleaseSemaphore
MultiByteToWideChar
GetTempPathW
CreateDirectoryW
GetDateFormatW
GetTimeFormatW
GetLocalTime
GetCommandLineW
GetExitCodeProcess
lstrcmpW
lstrcmpiW
CopyFileW
CreateProcessW
LocalFree
ResetEvent
CreateThread
CloseHandle
OpenSemaphoreW
Process32FirstW
GetDiskFreeSpaceExW
ReleaseMutex
SetEvent
Process32NextW
Sleep
CreateEventW
CreateToolhelp32Snapshot
SetFileAttributesW
OpenProcess
GetVersionExW
LocalAlloc
WaitForSingleObject
FindClose
RemoveDirectoryW
TerminateProcess
FindNextFileW
FindFirstFileW
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetFileType
GetStdHandle
EnumSystemLocalesW
IsValidLocale
ExitProcess
GetTimeZoneInformation
GetModuleHandleExW
ExitThread
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
LoadLibraryExW
FreeLibraryAndExitThread
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
QueryPerformanceFrequency
GetLocaleInfoW
CompareStringW
InitializeCriticalSectionEx
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateMutexW
InitializeCriticalSectionAndSpinCount
GetExitCodeThread
SwitchToThread
GetStringTypeW
GetCurrentProcess
GetFileSizeEx
lstrlenW
GetACP
SetFilePointerEx
GlobalFree
ResumeThread
TerminateThread
SetThreadPriority
GetCurrentThread
SizeofResource
GetModuleFileNameW
LockResource
LoadResource
FindResourceW
MoveFileExW
GlobalAlloc
VerSetConditionMask
GetModuleHandleW
VerifyVersionInfoW
SetLastError
DuplicateHandle
ProcessIdToSessionId
FindResourceExW
lstrcpyW
GetThreadTimes
QueryFullProcessImageNameW
GetUserDefaultLangID
GetUserDefaultLCID
LCMapStringW
FileTimeToSystemTime
OpenMutexW
VirtualFree
VirtualAlloc
GetUserDefaultUILanguage

user32

wsprintfW
GetWindowThreadProcessId
GetShellWindow
EnumWindows

advapi32

CryptAcquireContextW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
LookupAccountSidW
CreateWellKnownSid
EqualSid
GetTokenInformation
DuplicateTokenEx
GetUserNameW
ConvertSidToStringSidW
ImpersonateLoggedOnUser
ConvertStringSidToSidW
RevertToSelf
CryptReleaseContext
SetSecurityDescriptorDacl
RegCloseKey
RegDeleteKeyExW
AllocateAndInitializeSid
SetEntriesInAclW
RegCreateKeyExW
RegSetValueExW
FreeSid
InitializeSecurityDescriptor
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash

shell32

SHGetKnownFolderPath
ord680
SHGetFolderLocation
SHGetFolderPathW
SHGetPathFromIDListW
ShellExecuteExW
SHCreateDirectoryExW
SHCreateItemFromParsingName
SHGetSpecialFolderPathW
CommandLineToArgvW
ord51

ole32

OleRun
CLSIDFromProgID
StringFromGUID2
CoCreateGuid
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoInitializeEx
CoInitialize
CLSIDFromString
CoTaskMemFree

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear
GetErrorInfo
VariantCopy
SysStringLen
VariantChangeType

msi

ord145
ord74
ord147

winhttp

WinHttpSendRequest
WinHttpSetCredentials
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpQueryAuthSchemes
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpSetOption
WinHttpReadData
WinHttpSetTimeouts

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcessModules

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

shlwapi

PathFileExistsW
PathIsDirectoryW
PathRenameExtensionW
PathAppendW
PathRemoveBackslashW
PathStripPathW
PathAppendA
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsA
PathIsRootW
PathIsSystemFolderW
PathIsDirectoryEmptyW
PathIsDirectoryA
PathRemoveFileSpecA
PathRemoveExtensionW
PathAddExtensionW
PathIsFileSpecW

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain

bcrypt

BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptHashData

Exports

Exports

AAMIU_Uninstall
AAMIU_getDeploymentValidationStatus
AAMIU_preInstallPropertySet
pim_createLibraryRef
pim_freeLibraryRef
pim_freeLiraryRef
pim_freeString
pim_getAppletAndPackageInfo
pim_getAppletRegistrationInfo
pim_getAppletRelationshipInfo
pim_getCurrentCCVersion
pim_getCurrentPackagesVersion
pim_getInstallStatus
pim_getInstalledPackagesInfo
pim_launchACCCUninstallerExecutableAsAdmin
pim_selfUpdateCheck
pim_selfUpdateCheckWithData
pim_selfUpdateCheckWithDataV2
pim_startWorkflow
pim_startWorkflowWithData
pim_syncFromPathToACF
pim_syncFromPathToPath
pim_syncUSFToACF
pim_uninstallAAMFromAAMCleanerTool
pim_uninstallAAMUsingAAMCleanerTool
pim_uninstallACCC64FromACCCCleanerTool
pim_uninstallACCCFromACCCCleanerTool
pim_uninstallADC64UsingADCCleanerTool
pim_uninstallADCUsingADCCleanerTool

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
installerV2/resources/Config.xml
.xml
installerV2/resources/content/images/appIcon.png
.png

Password: 2023

Sharing

General

Malware Config

Signatures

Files

Password: 2023

ced282d9b261d1462772017fe2f6972b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 149KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 68KB - Virtual size: 67KB

Password: 2023

c8820c92458429ac52b291ca51bad0e4

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

03:55:db:cf:a2:75:1e:85:ba:b8:2f:2a:ea:1c:f2:e8Certificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

02:d6:da:1a:da:8f:d6:b3:69:a2:ea:e1:6a:07:31:efCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

24:c2:ef:fc:08:27:a1:fb:4b:f8:58:8b:3e:f5:7e:3c:b5:71:4e:26:20:7b:ed:13:a8:4a:0f:30:7b:4b:50:94Signer

37:3f:c6:23:c3:cf:ff:ba:35:17:70:cb:48:f8:d5:ed:57:d9:b5:83Signer

Headers

File Characteristics

Imports

kernel32

version

user32

oleaut32

netapi32

advapi32

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 164KB

.data Size: 19KB - Virtual size: 18KB

.bss Size: - Virtual size: 41KB

.idata Size: 3KB - Virtual size: 3KB

.didata Size: 1024B - Virtual size: 608B

.edata Size: 512B - Virtual size: 153B

.rdata Size: 512B - Virtual size: 69B

.reloc Size: 8KB - Virtual size: 7KB

.pdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 5KB - Virtual size: 5KB

Password: 2023

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 149KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 68KB - Virtual size: 67KB

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

03:55:db:cf:a2:75:1e:85:ba:b8:2f:2a:ea:1c:f2:e8
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

02:d6:da:1a:da:8f:d6:b3:69:a2:ea:e1:6a:07:31:ef
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

24:c2:ef:fc:08:27:a1:fb:4b:f8:58:8b:3e:f5:7e:3c:b5:71:4e:26:20:7b:ed:13:a8:4a:0f:30:7b:4b:50:94
Signer

37:3f:c6:23:c3:cf:ff:ba:35:17:70:cb:48:f8:d5:ed:57:d9:b5:83
Signer

.text
Size: 164KB - Virtual size: 164KB

.data
Size: 19KB - Virtual size: 18KB

.bss
Size: - Virtual size: 41KB

.idata
Size: 3KB - Virtual size: 3KB

.didata
Size: 1024B - Virtual size: 608B

.edata
Size: 512B - Virtual size: 153B

.rdata
Size: 512B - Virtual size: 69B

.reloc
Size: 8KB - Virtual size: 7KB

.pdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 54.2MB - Virtual size: 54.2MB

_text32
Size: 53KB - Virtual size: 53KB

.rdata
Size: 10.5MB - Virtual size: 10.5MB

.data
Size: 286KB - Virtual size: 1.1MB

.rodata
Size: 5KB - Virtual size: 5KB

CPADinfo
Size: 512B - Virtual size: 36B

.rsrc
Size: 127KB - Virtual size: 127KB

.reloc
Size: 2.1MB - Virtual size: 2.1MB