215a0916919d9528f8472534b43d37c3

Sharing

Copy URL

Twitter E-mail

General

Target

215a0916919d9528f8472534b43d37c3
Size

794KB
MD5

215a0916919d9528f8472534b43d37c3
SHA1

7226a52a228aaa892ada207763bd210c12132f5b
SHA256

8e1006e5f230f269bb9ce80e5c2b7f3b930cb68f3d975697d45b4e4bae33ce58
SHA512

e196e998ec89678ecb7eddeed765d9102685b1e9e4603fbf1a0ea31f3689af097b94c60a298d9e81dbf9e3a2a1fa1a26b4c462d6c47d6e115887126017798ccb
SSDEEP

12288:27eiliVwg/H+XKUXFYfiDPGxmJ0fCx3luYqORPDajQ1n+QeGAWi3KO5rIkLGAhEG:qj8eXKAFiaFG3Y/R+81evbik+DPkx7x

Score

3^/10

Malware Config

Signatures

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack001/getword/GetWordDemo/GetWord.api
unpack001/getword/GetWordDemo/GetWord.ocx
unpack001/getword/GetWordDemo/GetWordDemo.exe
unpack001/getword/GetWordDemo/GetWordNT.dll
unpack001/getword/GetWordDemo/ICall.dll
unpack001/getword/GetWordDemo/KeyboardHook.dll
unpack001/getword/GetWordDemo/MouseHook.dll
unpack001/getword/GetWordDemo/install_plugin.exe
unpack001/getword/TextCapture/GetWord.api
unpack001/getword/TextCapture/GetWord.ocx
unpack001/getword/TextCapture/GetWordNT.dll
unpack001/getword/TextCapture/ICall.dll
unpack001/getword/TextCapture/KeyboardHook.dll
unpack001/getword/TextCapture/MouseHook.dll
unpack001/getword/TextCapture/TextCapture.exe
unpack001/getword/TextCapture/install_plugin.exe

Files

215a0916919d9528f8472534b43d37c3
.rar
getword/GetWordDemo/GetWord.api
.dll windows:4 windows x86 arch:x86

065532edfda080bc96202809c301a176

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
DisableThreadLibraryCalls
OutputDebugStringA
MapViewOfFile
CreateFileMappingA
CreateEventA
CreateMutexA
LocalFree
UnmapViewOfFile
CloseHandle
FlushViewOfFile
GetStringTypeW
GetStringTypeA
ReleaseMutex
GetCurrentProcessId
GetCurrentThreadId
WaitForSingleObject
OpenFileMappingA
SetEvent
RtlUnwind
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
EnterCriticalSection
LeaveCriticalSection
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
CreateFileA
InitializeCriticalSection
CreateFileW
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile
ReadFile
LCMapStringA
LCMapStringW
HeapSize
GetLocaleInfoA

user32

wsprintfA
WindowFromPoint
GetWindowRect
OffsetRect
GetDC
ReleaseDC
PtInRect
WindowFromDC
GetClassNameA

advapi32

GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA

Exports

Exports

PlugInMain

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
getword/GetWordDemo/GetWord.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

e49119c0bf5c5f68bae876ad33d75679

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
SetErrorMode
GlobalFlags
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
GetThreadLocale
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileA
GetVolumeInformationA
LocalAlloc
GetShortPathNameA
CreateFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
FindResourceExA
GetFileAttributesA
GetFileTime
GetProfileIntA
RtlUnwind
ExitProcess
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
RaiseException
HeapSize
Sleep
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetACP
LCMapStringA
LCMapStringW
VirtualFree
HeapDestroy
HeapCreate
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
CopyFileA
GlobalSize
FormatMessageA
LocalFree
MulDiv
IsDBCSLeadByte
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetUserDefaultLCID
GlobalFree
GlobalUnlock
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
SetLastError
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
GlobalLock
lstrcmpA
GlobalAlloc
GlobalDeleteAtom
GetModuleHandleA
lstrlenA
CompareStringW
CompareStringA
lstrlenW
GetVersion
MultiByteToWideChar
InterlockedExchange
GetVersionExA
GetLastError
CloseHandle
WritePrivateProfileStringA
GetPrivateProfileStringA
FreeLibrary
LoadLibraryA
GetProcAddress
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
GetFullPathNameA
SizeofResource

user32

CreateDialogIndirectParamA
RemoveMenu
InsertMenuA
AppendMenuA
GetMenuStringA
EnumChildWindows
LockWindowUpdate
UnregisterClassA
ClientToScreen
FillRect
GetWindowDC
BeginPaint
EndPaint
GetSysColorBrush
DestroyIcon
GetTabbedTextExtentA
GetDialogBaseUnits
GetDCEx
LoadCursorA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetCapture
ReleaseDC
GetDC
ReleaseCapture
MoveWindow
SetWindowTextA
IsDialogMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetWindowTextA
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetNextDlgTabItem
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
PtInRect
GetDlgCtrlID
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
CallWindowProcA
GetMenu
SetWindowPos
DestroyWindow
GetDesktopWindow
SetWindowLongA
InvalidateRect
UpdateWindow
GetWindowRect
GetSubMenu
GetMenuItemID
GetMenuItemCount
OffsetRect
InflateRect
DefWindowProcA
CopyRect
ShowWindow
DrawEdge
SetParent
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowLongA
PostMessageA
WindowFromPoint
GetCursorPos
RegisterWindowMessageA
GetLastActivePopup
IsWindowEnabled
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
EndDialog
RegisterClipboardFormatA
SetRect
SetTimer
KillTimer
EnableWindow
UnregisterHotKey
RegisterHotKey
GetSystemMetrics
MessageBoxA
CharUpperA
SetWindowRgn
IsRectEmpty
CreateMenu
DestroyMenu
SetRectEmpty
PostQuitMessage
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
SendMessageA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
PeekMessageA
GetKeyState
GetClassInfoA

advapi32

RegDeleteValueA
RegSetValueA
RegCreateKeyA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

oleaut32

OleCreatePropertyFrame
VariantClear
VariantChangeType
LoadTypeLi
SysAllocStringByteLen
OleLoadPicture
VariantCopy
OleCreateFontIndirect
RegisterTypeLi
SysStringLen
SysStringByteLen
VariantInit
SysAllocStringLen
SysFreeString
SysAllocString
LoadRegTypeLi
OleCreatePictureIndirect

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

CreatePatternBrush
GetStockObject
CreatePen
CreateSolidBrush
CreateFontIndirectA
GetTextExtentPoint32A
GetDeviceCaps
LPtoDP
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
DeleteDC
GetClipBox
SetTextColor
SetBkColor
GetObjectA
CombineRgn
GetCurrentPositionEx
PtVisible
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
TextOutA
ExtTextOutA
Escape
CreateRectRgnIndirect
CopyMetaFileA
CreateDCA
DeleteObject
SaveDC
RestoreDC
SetBkMode
SetROP2
SetMapMode
GetTextAlign
GetTextMetricsA
EnumFontFamiliesExA
SetRectRgn
PatBlt
Rectangle
UnrealizeObject
RectVisible
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CreateBitmap
CreateRectRgn
SelectClipRgn
MoveToEx

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetFileTitleA

shell32

ExtractIconA

ole32

StgCreateDocfileOnILockBytes
OleLoadFromStream
CoCreateInstance
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoDisconnectObject
OleDuplicateData
ReadClassStm
CoRegisterClassObject
ReadFmtUserTypeStg
ReleaseStgMedium
CreateDataAdviseHolder
OleSaveToStream
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateOleAdviseHolder
CoTaskMemAlloc
CreateDataCache
StringFromGUID2
StringFromCLSID
CoTaskMemFree
CoRevokeClassObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
getword/GetWordDemo/GetWordDemo.exe
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

81ae694b7741cf0eaae69f7965a256cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GetStartupInfoW
RtlUnwind
RaiseException
ExitProcess
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
HeapAlloc
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
GetCPInfo
GetACP
GetOEMCP
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
HeapFree
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
GetTickCount
FileTimeToSystemTime
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringW
lstrlenA
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleHandleA
InterlockedDecrement
FormatMessageW
LocalFree
MulDiv
GlobalUnlock
GlobalFree
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
WideCharToMultiByte
CompareStringA
InterlockedExchange
GlobalLock
GlobalAlloc
GetThreadLocale
InterlockedIncrement
lstrlenW
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
FreeLibrary
CompareStringW
LoadLibraryA
SetLastError
lstrcmpW
GetModuleHandleW
GetProcAddress
GetVersionExA
GetShortPathNameW
CreateFileW
GetFileInformationByHandle
CopyFileW
GetModuleFileNameW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
CreateEventW
CreateSemaphoreW
GetLastError
GetSystemTimeAsFileTime
CloseHandle

user32

PostThreadMessageW
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
LoadCursorW
GetSysColorBrush
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetWindowContextHelpId
MapDialogRect
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
SetCursor
GetMessageW
TranslateMessage
GetActiveWindow
ValidateRect
PostQuitMessage
CharNextW
IsWindowEnabled
MoveWindow
SetWindowTextW
SetDlgItemInt
GetDlgItemInt
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
SendDlgItemMessageW
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
IsWindowVisible
UpdateWindow
GetMenu
PostMessageW
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
RegisterClipboardFormatW
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
CharUpperW
IsDialogMessageW
AdjustWindowRectEx
GetParent
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetWindowLongW
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
WindowFromPoint
GetClassNameW
GetCursorPos
RegisterWindowMessageW
GetSystemMetrics
LoadIconW
GetClientRect
IsIconic
SendMessageW
DrawIcon
FindWindowW
ShowWindow
SetForegroundWindow
EnableWindow
SendDlgItemMessageA
UnregisterClassA

gdi32

ExtSelectClipRgn
DeleteDC
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetWindowExtEx
GetViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetTextColor
GetBkColor
GetDeviceCaps
GetStockObject
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

ShellExecuteW

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringLen
SysFreeString
OleCreateFontIndirect
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
getword/GetWordDemo/GetWordNT.dll
.dll windows:4 windows x86 arch:x86

3bca79075ac67a24b597d7174e85b589

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msimg32

TransparentBlt

kernel32

FlushViewOfFile
GlobalUnlock
MultiByteToWideChar
GetACP
GlobalLock
GlobalSize
ReleaseMutex
WaitForSingleObject
OpenEventA
GetLastError
OpenMutexA
MapViewOfFile
OpenFileMappingA
UnmapViewOfFile
GetVersionExA
WideCharToMultiByte
GetTickCount
FreeLibrary
lstrcmpA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
SetFilePointer
GetLocaleInfoA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
SetEvent
GetCurrentThreadId
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
LoadLibraryA
VirtualQuery
lstrcmpiA
VirtualProtect
GetCurrentProcess
WriteProcessMemory
Module32Next
Module32First
CreateToolhelp32Snapshot
CloseHandle
GetCurrentProcessId
GetModuleHandleA
GetProcAddress
GetSystemInfo
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
RtlUnwind
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
ExitProcess
GetCommandLineA
GetProcessHeap
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
Sleep
HeapSize
InitializeCriticalSection
GetCPInfo
GetOEMCP
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetHandleCount

user32

RegisterWindowMessageA
OffsetRect
InflateRect
PtInRect
UnhookWindowsHookEx
CallNextHookEx
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageA
OpenClipboard
GetClassNameA
GetUpdateRect
WindowFromDC
SetWindowsHookExA

gdi32

GetTextExtentPoint32W
GetCurrentObject
GetFontUnicodeRanges
GetGlyphIndicesW
StretchBlt
LPtoDP
BitBlt
ExtTextOutW
ExtTextOutA
TextOutW
GetTextAlign
GetTextCharacterExtra
GetCurrentPositionEx
GetTextMetricsA
GetDCOrgEx
TextOutA
GetObjectA

dbghelp

ImageDirectoryEntryToData

Exports

Exports

Func001
Func002
Func003
Func004
Func005
Func006
Func007
Func008
Func009
Func010
Func011
Func012
Func023
Func024
Func025
Func026
GetTextBufferCount
HookAllTextOut
InitCapture
RemoveAPIHook
SetAPIHook
StartCapture
StopCapture
UnHookAllTextOut

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Share
Size: 4KB - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
getword/GetWordDemo/Help.chm
.chm
getword/GetWordDemo/How_to_Use/readme.htm
.html
getword/GetWordDemo/How_to_Use/register_1.jpg
.jpg
getword/GetWordDemo/How_to_Use/register_2.jpg
.jpg
getword/GetWordDemo/How_to_Use/run_as_admin.jpg
.jpg
getword/GetWordDemo/ICall.dll
.dll windows:4 windows x86 arch:x86

21fb0d7af16d5e47eb750aa2fd979336

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetVersionExA
FormatMessageW
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleHandleA
Sleep
lstrcmpA
GetCurrentProcessId
OpenFileMappingA
SetEvent
WaitForSingleObject
FlushViewOfFile
ReleaseMutex
CloseHandle
UnmapViewOfFile
LocalFree
CreateMutexA
CreateEventA
CreateFileMappingA
MapViewOfFile
GetLastError
GetStdHandle
FreeConsole
GetConsoleScreenBufferInfo
ReadConsoleOutputCharacterW
FreeLibrary
LoadLibraryA
GetProcAddress
lstrlenA
WideCharToMultiByte
CompareStringA
CompareStringW
SizeofResource
LockResource
LoadResource
FindResourceA
FormatMessageA
GlobalFree
SetLastError
GlobalDeleteAtom
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GlobalAddAtomA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
GetThreadLocale
GetCurrentProcess
CreateFileA
GetModuleFileNameW
InterlockedDecrement
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
SetErrorMode
InterlockedIncrement
GlobalGetAtomNameA
GlobalFlags
lstrcmpW
GlobalFindAtomA
GetFileAttributesA
GetCPInfo
GetOEMCP
HeapFree
HeapAlloc
RtlUnwind
VirtualAlloc
RaiseException
HeapReAlloc
ExitProcess
GetSystemTimeAsFileTime
GetCommandLineA
GetProcessHeap
HeapSize
HeapDestroy
HeapCreate
VirtualFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
InterlockedExchange
GetVersion
GetACP
MultiByteToWideChar
GlobalLock
GlobalAlloc
GlobalUnlock

user32

GetMessagePos
GetMessageTime
DestroyWindow
GetForegroundWindow
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetCapture
WinHelpA
LoadIconA
DestroyMenu
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetForegroundWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
SetWindowLongA
IsIconic
GetWindowPlacement
IsWindowVisible
GetTopWindow
GetWindow
EndDialog
SetWindowPos
SetTimer
ShowWindow
GetSystemMetrics
MoveWindow
GetDlgItem
SetWindowTextA
EnableWindow
KillTimer
GetClassNameW
SetRectEmpty
SystemParametersInfoA
PostMessageA
RegisterWindowMessageA
MessageBoxA
DialogBoxParamA
GetClipboardSequenceNumber
SendInput
ClientToScreen
GetWindowTextA
SendMessageTimeoutA
PostThreadMessageA
RedrawWindow
WindowFromPoint
GetParent
FindWindowExA
GetWindowRect
PtInRect
GetWindowLongA
RealChildWindowFromPoint
GetDC
ReleaseDC
GetCursorPos
GetDesktopWindow
MapWindowPoints
GetWindowThreadProcessId
OffsetRect
GetClientRect
ScreenToClient
IsWindow
GetClassNameA
EnableMenuItem
ModifyMenuA
SendMessageA
GetFocus
GrayStringA
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
PeekMessageA
GetKeyState
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
SetCursor
IsWindowEnabled
GetLastActivePopup
UnhookWindowsHookEx
UnregisterClassA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDlgCtrlID
LoadCursorA
GetSysColor
GetSysColorBrush
CheckMenuItem

gdi32

GetDeviceCaps
GetClipBox
SetMapMode
SetTextColor
RectInRegion
PtInRegion
LPtoDP
GetRgnBox
CreateRectRgn
CombineRgn
OffsetRgn
DeleteObject
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

advapi32

GetSecurityDescriptorSacl
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
SetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

oleaut32

VariantChangeType
SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantClear

shlwapi

PathFindExtensionA
PathFindFileNameA

oleacc

WindowFromAccessibleObject
AccessibleChildren
GetStateTextW
GetRoleTextW
AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromPoint

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

Exports

Exports

EnableHighlightCapture
EnableKeyboardHotkey
EnableMouseHotkey
GetHighlightText
GetParagraph
GetRealWindow
GetRectWord
GetRectWordPairs
GetWord
GetWordBstr
GetWordEnableCap
GetWordIsCapEnable
MouseEnableCap
MouseSetDelay
RemoveKeyboardHook
RemoveMouseHook
SetCapWndWidth
SetHighlightNotifyWnd
SetKeyboardHook
SetMouseHook

Sections

.text
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
getword/GetWordDemo/KeyboardHook.dll
.dll windows:4 windows x86 arch:x86

dba6edee7ebe2893bf98c9e9e052176d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetACP
MapViewOfFile
OpenFileMappingA
CloseHandle
UnmapViewOfFile
OpenMutexA
ReleaseMutex
FlushViewOfFile
WaitForSingleObject
GetLastError
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetCPInfo
GetOEMCP
HeapSize

user32

RegisterWindowMessageA
UnhookWindowsHookEx
SetWindowsHookExA
PostMessageA
CallNextHookEx

Exports

Exports

EnableKeyboardHotkey
RemoveKeyboardHook
SetKeyboardHook

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
getword/GetWordDemo/MouseHook.dll
.dll windows:4 windows x86 arch:x86

3756ecab265617922da92e9ac38bc320

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetACP
GetLastError
OpenMutexA
OpenEventA
CloseHandle
MapViewOfFile
OpenFileMappingA
UnmapViewOfFile
ReleaseMutex
FlushViewOfFile
WaitForSingleObject
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapSize
GetOEMCP
GetCPInfo
CreateFileA
WriteConsoleW
GetConsoleOutputCP
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteConsoleA

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetCursorPos
GetKeyState
PostMessageA
RegisterWindowMessageA

winmm

timeGetDevCaps
timeEndPeriod
timeKillEvent
timeSetEvent
timeBeginPeriod

Exports

Exports

EnableMouseHookCap
EnableMouseHotkey
RemoveMouseHook
SetMouseHook

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
getword/GetWordDemo/Register.bat
getword/GetWordDemo/UnRegister.bat
getword/GetWordDemo/install_plugin.exe
.exe windows:4 windows x86 arch:x86

63d71b3e661ed3e4bc805a9eba5205af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetOEMCP
RtlUnwind
ExitProcess
TerminateProcess
HeapFree
RaiseException
HeapReAlloc
HeapSize
HeapAlloc
GetACP
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
Sleep
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentProcess
GetProcessVersion
LoadLibraryA
FreeLibrary
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
GetProcAddress
SetLastError
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
InterlockedExchange
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
CloseHandle
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
lstrlenA
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetModuleFileNameA
CopyFileA
GetCommandLineA
FreeEnvironmentStringsW
GetModuleHandleA

user32

GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
LoadIconA
ShowWindow
LoadCursorA
GetSysColorBrush
DestroyMenu
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
LoadStringA
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
wsprintfA
UnhookWindowsHookEx
GetLastActivePopup
IsWindowEnabled
MessageBoxA
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowLongA
GetClassNameA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetParent
GetNextDlgTabItem
SetCursor
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
PostQuitMessage
PostMessageA
GetMessagePos
GetDlgItem
SendMessageA
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
EnableWindow

gdi32

SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
DeleteObject

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA

comctl32

ord17

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
getword/TextCapture/GetWord.api
.dll windows:4 windows x86 arch:x86

065532edfda080bc96202809c301a176

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
DisableThreadLibraryCalls
OutputDebugStringA
MapViewOfFile
CreateFileMappingA
CreateEventA
CreateMutexA
LocalFree
UnmapViewOfFile
CloseHandle
FlushViewOfFile
GetStringTypeW
GetStringTypeA
ReleaseMutex
GetCurrentProcessId
GetCurrentThreadId
WaitForSingleObject
OpenFileMappingA
SetEvent
RtlUnwind
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
EnterCriticalSection
LeaveCriticalSection
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
CreateFileA
InitializeCriticalSection
CreateFileW
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile
ReadFile
LCMapStringA
LCMapStringW
HeapSize
GetLocaleInfoA

user32

wsprintfA
WindowFromPoint
GetWindowRect
OffsetRect
GetDC
ReleaseDC
PtInRect
WindowFromDC
GetClassNameA

advapi32

GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA

Exports

Exports

PlugInMain

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
getword/TextCapture/GetWord.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

e49119c0bf5c5f68bae876ad33d75679

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
SetErrorMode
GlobalFlags
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
GetThreadLocale
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileA
GetVolumeInformationA
LocalAlloc
GetShortPathNameA
CreateFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
FindResourceExA
GetFileAttributesA
GetFileTime
GetProfileIntA
RtlUnwind
ExitProcess
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
RaiseException
HeapSize
Sleep
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetACP
LCMapStringA
LCMapStringW
VirtualFree
HeapDestroy
HeapCreate
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
CopyFileA
GlobalSize
FormatMessageA
LocalFree
MulDiv
IsDBCSLeadByte
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetUserDefaultLCID
GlobalFree
GlobalUnlock
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
SetLastError
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
GlobalLock
lstrcmpA
GlobalAlloc
GlobalDeleteAtom
GetModuleHandleA
lstrlenA
CompareStringW
CompareStringA
lstrlenW
GetVersion
MultiByteToWideChar
InterlockedExchange
GetVersionExA
GetLastError
CloseHandle
WritePrivateProfileStringA
GetPrivateProfileStringA
FreeLibrary
LoadLibraryA
GetProcAddress
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
GetFullPathNameA
SizeofResource

user32

CreateDialogIndirectParamA
RemoveMenu
InsertMenuA
AppendMenuA
GetMenuStringA
EnumChildWindows
LockWindowUpdate
UnregisterClassA
ClientToScreen
FillRect
GetWindowDC
BeginPaint
EndPaint
GetSysColorBrush
DestroyIcon
GetTabbedTextExtentA
GetDialogBaseUnits
GetDCEx
LoadCursorA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetCapture
ReleaseDC
GetDC
ReleaseCapture
MoveWindow
SetWindowTextA
IsDialogMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetWindowTextA
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetNextDlgTabItem
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
PtInRect
GetDlgCtrlID
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
CallWindowProcA
GetMenu
SetWindowPos
DestroyWindow
GetDesktopWindow
SetWindowLongA
InvalidateRect
UpdateWindow
GetWindowRect
GetSubMenu
GetMenuItemID
GetMenuItemCount
OffsetRect
InflateRect
DefWindowProcA
CopyRect
ShowWindow
DrawEdge
SetParent
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowLongA
PostMessageA
WindowFromPoint
GetCursorPos
RegisterWindowMessageA
GetLastActivePopup
IsWindowEnabled
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
EndDialog
RegisterClipboardFormatA
SetRect
SetTimer
KillTimer
EnableWindow
UnregisterHotKey
RegisterHotKey
GetSystemMetrics
MessageBoxA
CharUpperA
SetWindowRgn
IsRectEmpty
CreateMenu
DestroyMenu
SetRectEmpty
PostQuitMessage
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
SendMessageA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
PeekMessageA
GetKeyState
GetClassInfoA

advapi32

RegDeleteValueA
RegSetValueA
RegCreateKeyA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

oleaut32

OleCreatePropertyFrame
VariantClear
VariantChangeType
LoadTypeLi
SysAllocStringByteLen
OleLoadPicture
VariantCopy
OleCreateFontIndirect
RegisterTypeLi
SysStringLen
SysStringByteLen
VariantInit
SysAllocStringLen
SysFreeString
SysAllocString
LoadRegTypeLi
OleCreatePictureIndirect

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

CreatePatternBrush
GetStockObject
CreatePen
CreateSolidBrush
CreateFontIndirectA
GetTextExtentPoint32A
GetDeviceCaps
LPtoDP
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
DeleteDC
GetClipBox
SetTextColor
SetBkColor
GetObjectA
CombineRgn
GetCurrentPositionEx
PtVisible
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
TextOutA
ExtTextOutA
Escape
CreateRectRgnIndirect
CopyMetaFileA
CreateDCA
DeleteObject
SaveDC
RestoreDC
SetBkMode
SetROP2
SetMapMode
GetTextAlign
GetTextMetricsA
EnumFontFamiliesExA
SetRectRgn
PatBlt
Rectangle
UnrealizeObject
RectVisible
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CreateBitmap
CreateRectRgn
SelectClipRgn
MoveToEx

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetFileTitleA

shell32

ExtractIconA

ole32

StgCreateDocfileOnILockBytes
OleLoadFromStream
CoCreateInstance
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoDisconnectObject
OleDuplicateData
ReadClassStm
CoRegisterClassObject
ReadFmtUserTypeStg
ReleaseStgMedium
CreateDataAdviseHolder
OleSaveToStream
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateOleAdviseHolder
CoTaskMemAlloc
CreateDataCache
StringFromGUID2
StringFromCLSID
CoTaskMemFree
CoRevokeClassObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
getword/TextCapture/GetWordNT.dll
.dll windows:4 windows x86 arch:x86

3bca79075ac67a24b597d7174e85b589

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msimg32

TransparentBlt

kernel32

FlushViewOfFile
GlobalUnlock
MultiByteToWideChar
GetACP
GlobalLock
GlobalSize
ReleaseMutex
WaitForSingleObject
OpenEventA
GetLastError
OpenMutexA
MapViewOfFile
OpenFileMappingA
UnmapViewOfFile
GetVersionExA
WideCharToMultiByte
GetTickCount
FreeLibrary
lstrcmpA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
SetFilePointer
GetLocaleInfoA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
SetEvent
GetCurrentThreadId
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
LoadLibraryA
VirtualQuery
lstrcmpiA
VirtualProtect
GetCurrentProcess
WriteProcessMemory
Module32Next
Module32First
CreateToolhelp32Snapshot
CloseHandle
GetCurrentProcessId
GetModuleHandleA
GetProcAddress
GetSystemInfo
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
RtlUnwind
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
ExitProcess
GetCommandLineA
GetProcessHeap
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
Sleep
HeapSize
InitializeCriticalSection
GetCPInfo
GetOEMCP
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetHandleCount

user32

RegisterWindowMessageA
OffsetRect
InflateRect
PtInRect
UnhookWindowsHookEx
CallNextHookEx
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageA
OpenClipboard
GetClassNameA
GetUpdateRect
WindowFromDC
SetWindowsHookExA

gdi32

GetTextExtentPoint32W
GetCurrentObject
GetFontUnicodeRanges
GetGlyphIndicesW
StretchBlt
LPtoDP
BitBlt
ExtTextOutW
ExtTextOutA
TextOutW
GetTextAlign
GetTextCharacterExtra
GetCurrentPositionEx
GetTextMetricsA
GetDCOrgEx
TextOutA
GetObjectA

dbghelp

ImageDirectoryEntryToData

Exports

Exports

Func001
Func002
Func003
Func004
Func005
Func006
Func007
Func008
Func009
Func010
Func011
Func012
Func023
Func024
Func025
Func026
GetTextBufferCount
HookAllTextOut
InitCapture
RemoveAPIHook
SetAPIHook
StartCapture
StopCapture
UnHookAllTextOut

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Share
Size: 4KB - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
getword/TextCapture/Help.chm
.chm
getword/TextCapture/ICall.dll
.dll windows:4 windows x86 arch:x86

21fb0d7af16d5e47eb750aa2fd979336

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetVersionExA
FormatMessageW
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleHandleA
Sleep
lstrcmpA
GetCurrentProcessId
OpenFileMappingA
SetEvent
WaitForSingleObject
FlushViewOfFile
ReleaseMutex
CloseHandle
UnmapViewOfFile
LocalFree
CreateMutexA
CreateEventA
CreateFileMappingA
MapViewOfFile
GetLastError
GetStdHandle
FreeConsole
GetConsoleScreenBufferInfo
ReadConsoleOutputCharacterW
FreeLibrary
LoadLibraryA
GetProcAddress
lstrlenA
WideCharToMultiByte
CompareStringA
CompareStringW
SizeofResource
LockResource
LoadResource
FindResourceA
FormatMessageA
GlobalFree
SetLastError
GlobalDeleteAtom
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GlobalAddAtomA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
GetThreadLocale
GetCurrentProcess
CreateFileA
GetModuleFileNameW
InterlockedDecrement
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
SetErrorMode
InterlockedIncrement
GlobalGetAtomNameA
GlobalFlags
lstrcmpW
GlobalFindAtomA
GetFileAttributesA
GetCPInfo
GetOEMCP
HeapFree
HeapAlloc
RtlUnwind
VirtualAlloc
RaiseException
HeapReAlloc
ExitProcess
GetSystemTimeAsFileTime
GetCommandLineA
GetProcessHeap
HeapSize
HeapDestroy
HeapCreate
VirtualFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
InterlockedExchange
GetVersion
GetACP
MultiByteToWideChar
GlobalLock
GlobalAlloc
GlobalUnlock

user32

GetMessagePos
GetMessageTime
DestroyWindow
GetForegroundWindow
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetCapture
WinHelpA
LoadIconA
DestroyMenu
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetForegroundWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
SetWindowLongA
IsIconic
GetWindowPlacement
IsWindowVisible
GetTopWindow
GetWindow
EndDialog
SetWindowPos
SetTimer
ShowWindow
GetSystemMetrics
MoveWindow
GetDlgItem
SetWindowTextA
EnableWindow
KillTimer
GetClassNameW
SetRectEmpty
SystemParametersInfoA
PostMessageA
RegisterWindowMessageA
MessageBoxA
DialogBoxParamA
GetClipboardSequenceNumber
SendInput
ClientToScreen
GetWindowTextA
SendMessageTimeoutA
PostThreadMessageA
RedrawWindow
WindowFromPoint
GetParent
FindWindowExA
GetWindowRect
PtInRect
GetWindowLongA
RealChildWindowFromPoint
GetDC
ReleaseDC
GetCursorPos
GetDesktopWindow
MapWindowPoints
GetWindowThreadProcessId
OffsetRect
GetClientRect
ScreenToClient
IsWindow
GetClassNameA
EnableMenuItem
ModifyMenuA
SendMessageA
GetFocus
GrayStringA
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
PeekMessageA
GetKeyState
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
SetCursor
IsWindowEnabled
GetLastActivePopup
UnhookWindowsHookEx
UnregisterClassA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDlgCtrlID
LoadCursorA
GetSysColor
GetSysColorBrush
CheckMenuItem

gdi32

GetDeviceCaps
GetClipBox
SetMapMode
SetTextColor
RectInRegion
PtInRegion
LPtoDP
GetRgnBox
CreateRectRgn
CombineRgn
OffsetRgn
DeleteObject
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

advapi32

GetSecurityDescriptorSacl
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
SetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

oleaut32

VariantChangeType
SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantClear

shlwapi

PathFindExtensionA
PathFindFileNameA

oleacc

WindowFromAccessibleObject
AccessibleChildren
GetStateTextW
GetRoleTextW
AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromPoint

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

Exports

Exports

EnableHighlightCapture
EnableKeyboardHotkey
EnableMouseHotkey
GetHighlightText
GetParagraph
GetRealWindow
GetRectWord
GetRectWordPairs
GetWord
GetWordBstr
GetWordEnableCap
GetWordIsCapEnable
MouseEnableCap
MouseSetDelay
RemoveKeyboardHook
RemoveMouseHook
SetCapWndWidth
SetHighlightNotifyWnd
SetKeyboardHook
SetMouseHook

Sections

.text
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
getword/TextCapture/KeyboardHook.dll
.dll windows:4 windows x86 arch:x86

dba6edee7ebe2893bf98c9e9e052176d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetACP
MapViewOfFile
OpenFileMappingA
CloseHandle
UnmapViewOfFile
OpenMutexA
ReleaseMutex
FlushViewOfFile
WaitForSingleObject
GetLastError
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetCPInfo
GetOEMCP
HeapSize

user32

RegisterWindowMessageA
UnhookWindowsHookEx
SetWindowsHookExA
PostMessageA
CallNextHookEx

Exports

Exports

EnableKeyboardHotkey
RemoveKeyboardHook
SetKeyboardHook

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
getword/TextCapture/MouseHook.dll
.dll windows:4 windows x86 arch:x86

3756ecab265617922da92e9ac38bc320

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetACP
GetLastError
OpenMutexA
OpenEventA
CloseHandle
MapViewOfFile
OpenFileMappingA
UnmapViewOfFile
ReleaseMutex
FlushViewOfFile
WaitForSingleObject
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapSize
GetOEMCP
GetCPInfo
CreateFileA
WriteConsoleW
GetConsoleOutputCP
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteConsoleA

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetCursorPos
GetKeyState
PostMessageA
RegisterWindowMessageA

winmm

timeGetDevCaps
timeEndPeriod
timeKillEvent
timeSetEvent
timeBeginPeriod

Exports

Exports

EnableMouseHookCap
EnableMouseHotkey
RemoveMouseHook
SetMouseHook

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
getword/TextCapture/Register.bat
getword/TextCapture/TextCapture.exe
.exe windows:4 windows x86 arch:x86

4d90a4e5e6d5c36b6e7d5914dfdb6e4f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
RaiseException
HeapReAlloc
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStartupInfoW
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetProcessHeap
HeapAlloc
HeapFree
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
GetTickCount
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringW
FileTimeToSystemTime
lstrlenA
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetThreadLocale
InterlockedIncrement
GetCurrentProcessId
GetModuleHandleA
WideCharToMultiByte
InterlockedDecrement
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
lstrlenW
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
FreeLibrary
CompareStringW
LoadLibraryA
SetLastError
lstrcmpW
GetVersionExA
Beep
CreateEventW
CreateSemaphoreW
GetLastError
GetShortPathNameW
CreateFileW
GetFileInformationByHandle
CloseHandle
LocalUnlock
LocalFree
CopyFileW
MultiByteToWideChar
GetModuleFileNameW
Sleep
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleHandleW
TerminateProcess
GetProcAddress

user32

RegisterClipboardFormatW
PostThreadMessageW
UnregisterClassW
GetSysColorBrush
DestroyMenu
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetMessageW
TranslateMessage
ValidateRect
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
CharNextW
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
IsWindowEnabled
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemInt
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
MessageBeep
GetMenuState
EnableMenuItem
CheckMenuItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
UpdateWindow
GetMenu
PostMessageW
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
GetNextDlgGroupItem
CharUpperW
RegisterClassW
GetSysColor
AdjustWindowRectEx
CopyRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetDesktopWindow
ReleaseCapture
SetCapture
InvalidateRgn
ModifyMenuW
CopyAcceleratorTableW
FindWindowExW
IsWindowVisible
IsWindow
GetTopWindow
GetWindow
PtInRect
WindowFromPoint
GetCursorPos
RegisterWindowMessageW
LoadIconW
GetWindowRect
IsIconic
DrawIcon
OffsetRect
FindWindowW
ShowWindow
SetForegroundWindow
ClipCursor
WindowFromDC
FillRect
GetAsyncKeyState
SendMessageW
GetParent
ScreenToClient
ClientToScreen
EqualRect
SetRectEmpty
IsRectEmpty
GetDC
ReleaseDC
GetSystemMetrics
SetCursor
LoadCursorW
EnableWindow
InvalidateRect
GetClientRect
SetRect
GetWindowLongW
SetWindowLongW
SetFocus
UnregisterClassA

gdi32

ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
SetViewportExtEx
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetMapMode
GetRgnBox
SetViewportOrgEx
OffsetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteDC
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateSolidBrush
CreateDCW
GetDeviceCaps
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetROP2
SetROP2
BeginPath
CreatePen
Rectangle
EndPath
SetPolyFillMode
StrokePath
DeleteObject
BitBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey

oledlg

OleUIBusyW

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromString

oleaut32

SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysFreeString

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

Sections

.text
Size: 224KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
getword/TextCapture/UnRegister.bat
getword/TextCapture/install_plugin.exe
.exe windows:4 windows x86 arch:x86

63d71b3e661ed3e4bc805a9eba5205af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetOEMCP
RtlUnwind
ExitProcess
TerminateProcess
HeapFree
RaiseException
HeapReAlloc
HeapSize
HeapAlloc
GetACP
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
Sleep
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentProcess
GetProcessVersion
LoadLibraryA
FreeLibrary
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
GetProcAddress
SetLastError
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
InterlockedExchange
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
CloseHandle
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
lstrlenA
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetModuleFileNameA
CopyFileA
GetCommandLineA
FreeEnvironmentStringsW
GetModuleHandleA

user32

GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
LoadIconA
ShowWindow
LoadCursorA
GetSysColorBrush
DestroyMenu
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
LoadStringA
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
wsprintfA
UnhookWindowsHookEx
GetLastActivePopup
IsWindowEnabled
MessageBoxA
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowLongA
GetClassNameA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetParent
GetNextDlgTabItem
SetCursor
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
PostQuitMessage
PostMessageA
GetMessagePos
GetDlgItem
SendMessageA
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
EnableWindow

gdi32

SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
DeleteObject

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA

comctl32

ord17

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
getword/readme.txt
getword/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

065532edfda080bc96202809c301a176

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 52KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 4KB

e49119c0bf5c5f68bae876ad33d75679

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

shlwapi

oleacc

gdi32

winspool.drv

comdlg32

shell32

ole32

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 245KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 32KB - Virtual size: 29KB

81ae694b7741cf0eaae69f7965a256cd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 216KB - Virtual size: 215KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 20KB - Virtual size: 18KB

3bca79075ac67a24b597d7174e85b589

Headers

File Characteristics

Imports

msimg32

kernel32

user32

gdi32

dbghelp

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 20KB

.Share Size: 4KB - Virtual size: 532B

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 56KB - Virtual size: 52KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 248KB - Virtual size: 245KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 32KB - Virtual size: 29KB

.text
Size: 216KB - Virtual size: 215KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 20KB - Virtual size: 18KB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 20KB

.Share
Size: 4KB - Virtual size: 532B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 200KB - Virtual size: 198KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 12KB - Virtual size: 85KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 24KB - Virtual size: 22KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 88KB - Virtual size: 86KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 4KB - Virtual size: 1KB