CreateCoreShell
GetSoundShell
_GetDecryptProc@4
_GetEncryptProc@4
_SetDecryptionKey@4
Behavioral task
behavioral1
Sample
85424d02b4058c37d0d3913c280cb3862fe2571088aeb2c6cfda057cd1d8577f.exe
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
85424d02b4058c37d0d3913c280cb3862fe2571088aeb2c6cfda057cd1d8577f.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
85424d02b4058c37d0d3913c280cb3862fe2571088aeb2c6cfda057cd1d8577f
-
Size
5.4MB
-
MD5
b2e45e33d4ef12f1099bac79f0bb8b94
-
SHA1
4074d30fbd423210a7cdb77db80205e42cdc5ddd
-
SHA256
85424d02b4058c37d0d3913c280cb3862fe2571088aeb2c6cfda057cd1d8577f
-
SHA512
a8f7e416e85e4920a1959a7f5931ea75647b1cf85c3645753b20d55f71af6bb1d9f2b9db7263c74f6764e75e401a7e0edae868625a65f865afb58aebdedda332
-
SSDEEP
98304:+CxP/O/Ac9C3yuCmiCG+iaKKJ0VYuTy+uK6q0fG5VBpB86g2yfe3:zxP/OYc9wyuCmiCG+iaKKJ0VYuTy+uK
Score
7/10
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 85424d02b4058c37d0d3913c280cb3862fe2571088aeb2c6cfda057cd1d8577f
Files
-
85424d02b4058c37d0d3913c280cb3862fe2571088aeb2c6cfda057cd1d8577f.exe windows:4 windows x86 arch:x86
1a18d9e3136b519b0c99ac19aeb8186b
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCloseKey
RegQueryValueExA
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyW
filtertext
CreateTextFilter
gdi32
DeleteObject
Rectangle
SetROP2
SelectObject
CreateHatchBrush
RealizePalette
SelectPalette
CreatePalette
GetDeviceCaps
imm32
ImmAssociateContext
kernel32
SystemTimeToTzSpecificLocalTime
WritePrivateProfileStringA
InterlockedExchange
GetEnvironmentVariableW
MultiByteToWideChar
GetEnvironmentVariableA
CompareStringW
CompareStringA
WideCharToMultiByte
lstrlenW
GetStringTypeExW
GetStringTypeA
lstrcmpiW
lstrcmpiA
lstrlenA
GetLastError
CreateProcessA
CreateSemaphoreA
OpenSemaphoreA
CreateEventA
SetEvent
LoadLibraryW
GetWindowsDirectoryW
GetPrivateProfileIntW
WritePrivateProfileStringW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetPrivateProfileStringW
GetComputerNameA
GetSystemDirectoryW
GetDiskFreeSpaceExW
FindResourceW
OpenProcess
TerminateProcess
ReadProcessMemory
GetCurrentProcessId
GetCurrentDirectoryA
GetCurrentProcess
Sleep
Module32Next
Module32First
CreateToolhelp32Snapshot
LeaveCriticalSection
EnterCriticalSection
ResetEvent
DeleteCriticalSection
InitializeCriticalSection
FileTimeToSystemTime
LocalFileTimeToFileTime
SystemTimeToFileTime
InterlockedDecrement
InterlockedIncrement
InterlockedCompareExchange
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
SetLastError
CreateMutexA
OpenMutexA
VirtualProtect
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
HeapSize
HeapReAlloc
HeapFree
LoadLibraryA
GetProcAddress
WaitForSingleObject
FreeLibrary
GetExitCodeThread
TerminateThread
CloseHandle
CreateThread
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
GetTempFileNameA
VirtualAllocEx
SetThreadContext
FlushInstructionCache
VirtualProtectEx
HeapAlloc
HeapDestroy
RaiseException
GetPrivateProfileIntA
GetLocalTime
GetVersion
FindFirstFileA
SetFileAttributesA
DeleteFileA
FindNextFileA
FindClose
RemoveDirectoryA
AllocConsole
FreeConsole
GetModuleFileNameA
GetDiskFreeSpaceExA
GetThreadLocale
GetLocaleInfoA
GetACP
CreateFileMappingA
MapViewOfFile
GetTickCount
GetVersionExA
UnmapViewOfFile
GetProcessTimes
GetThreadContext
ResumeThread
GetProcessHeap
lualibdll
lua_pushuint
lua_pushint
lua_remove
lua_next
lua_stackspace
lua_gettopindex
lua_rawseti
lua_error
lua_getglobal
lua_curpack
lua_settop
lua_isstring
lua_rawget
lua_touint
lua_getn
lua_rawgeti
lua_toint
lua_type
lua_pushnil
lua_newtable
lua_pushstring
lua_settable
lua_pushnumber
lua_tonumber
lua_gettop
lua_tostring
lua_pushcclosure
lua_typename
lua_setglobal
msvcp80
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?_Myptr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@IAEPAGXZ
?_Myptr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@IAEPAGXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
msvcr80
malloc
memmove
_mbsicmp
memmove_s
sprintf_s
isspace
abs
_difftime32
memcmp
rand
sscanf
_mktime32
strncat
strcpy_s
fclose
fwrite
fopen
_access
srand
vsprintf_s
abs
isdigit
_mbsstr
remove
_ui64toa
_i64toa
fflush
fprintf
_gmtime32
realloc
strncpy_s
floor
_resetstkoflw
wcscpy_s
wcslen
_chmod
calloc
_recalloc
vsprintf
_time64
_wtol
_vscwprintf
vswprintf_s
wcscmp
memcpy_s
strtoul
_vsnprintf
_ctime32
exit
_mkdir
_mbslwr
_CIsqrt
ceil
strncmp
puts
_atoi64
_CIcos
_CIsin
atof
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
free
strtok
__iob_func
freopen
printf
atoi
isgraph
__RTDynamicCast
strftime
strcat
_purecall
_localtime32
memcpy
strcmp
??_V@YAXPAX@Z
memset
strlen
_snprintf
_time32
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
_CxxThrowException
_invalid_parameter_noinfo
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
strchr
strstr
sprintf
strcpy
strncpy
_itoa
_stricmp
_getcwd
_strlwr
strrchr
__CxxFrameHandler
oleaut32
CreateErrorInfo
SetErrorInfo
VariantInit
VariantChangeType
SysAllocString
VariantClear
GetErrorInfo
SysFreeString
shell32
ShellExecuteA
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
user32
CopyRect
InvalidateRect
MessageBoxA
ReleaseDC
SetWindowLongA
GetWindowLongA
MoveWindow
BringWindowToTop
GetDC
UnregisterClassA
SetWindowTextA
CharUpperA
CharUpperW
CharLowerA
CharLowerW
wsprintfA
ReleaseCapture
SetCapture
SetCursorPos
InSendMessage
GetMessagePos
ScreenToClient
GetKeyState
SetClipboardData
OpenClipboard
GetClipboardData
EmptyClipboard
CloseClipboard
SetCaretPos
EnableWindow
ShowWindow
SetFocus
DestroyWindow
IsWindow
GetClientRect
ClientToScreen
SetWindowPos
CreateWindowExA
ShowCursor
LoadCursorFromFileA
LoadCursorA
SetCursor
SendMessageA
GetParent
wininet
InternetCloseHandle
InternetReadFile
InternetOpenA
InternetOpenUrlA
winmm
timeGetTime
ws2_32
inet_ntoa
comdlg32
GetSaveFileNameA
GetOpenFileNameA
engine
??0KWin32App@@QAE@XZ
?InitClass@KWin32App@@MAEHPAUHINSTANCE__@@@Z
?InitWindow@KWin32App@@MAEHPAUHINSTANCE__@@@Z
?ShowMouse@KWin32App@@UAEXH@Z
?SetMultiGame@KWin32App@@UAEXH@Z
?MsgProc@KWin32App@@UAEJPAUHWND__@@IIJ@Z
?SetMouseHoverTime@KWin32App@@QAEXI@Z
?Start@KTimer@@QAEXXZ
?GetElapse@KTimer@@QAEKXZ
InitTextRender
?g_InitEngine@@YAHPBD0@Z
?g_ExitEngine@@YAXXZ
?g_DebugLog@@YAXPBDZZ
EDOneTimePad_Encipher
RegisterInlineCtrl
RemoveInlineWndCtrl
?g_StrCpy@@YAXPADPBD@Z
?g_StrCmpLen@@YAHPBD0H@Z
?SetKeepDataForOutMaxWidth@KTabFile@@QAEXH@Z
?Init@KSG_LogFile@@QAEHPBD@Z
?puts@KSG_LogFile@@QAEXPBD@Z
??0KMutex@@QAE@XZ
?Lock@KMutex@@QAEXXZ
?Unlock@KMutex@@QAEXXZ
??1KMutex@@QAE@XZ
?write_date_time@KSG_LogFile@@QAEXXZ
?GetScript@KLuaScriptSet@@QAEPAVKLuaScript@@PBD@Z
?LoadScriptByRelPath@KLuaScriptSet@@QAE?AW4_CODE_RESULT@@PBDPAPAVKLuaScript@@H@Z
?FormatCallByVaList@KLuaCall@@QAEHPBDPAH0PAD@Z
?SetGlobalName@KLuaScript@@QAEXPBD@Z
?GetTmpScript@KLuaScriptSet@@QAEPAVKLuaScript@@XZ
?GetNodeCount@KList@@QBEJXZ
??1KNode@@UAE@XZ
?GetLoadedScriptCount@KLuaScriptSet@@QAEHXZ
?RegisterFunctions@KLuaScriptSet@@QAEHPAUTLua_Funcs@@H@Z
?SetGlobalInt@KLuaScriptSet@@QAEXPBDH@Z
?SetRootPath@KLuaScriptSet@@QAEXPBD@Z
?ReLoadScript@KLuaScriptSet@@QAE?AW4_CODE_RESULT@@PBD@Z
?GetFloat@KTabFile@@UAEHHPBDMPAMH@Z
?Insert@KLinkArray@@QAEXK@Z
?Init@KLinkArray@@QAEXI@Z
?FindColumn@KTabFile@@UAEHPBD@Z
??0KLuaScriptSet@@QAE@HH@Z
??1KLuaScriptSet@@QAE@XZ
?SetGlobalName@KLuaCall@@QAEXPBD@Z
?g_FileName2Id@@YAKPBD@Z
?Remove@KNode@@QAEXXZ
??0KNode@@QAE@XZ
?AddTail@KList@@QAEXPAVKNode@@@Z
??0KList@@QAE@XZ
?CallFunction@KLuaScript@@QAEHPBDH0PAD@Z
?GetScript@KLuaScriptSet@@QAEPAVKLuaScript@@K@Z
?GetWidth@KTabFile@@UAEHXZ
?g_GetRandomSeed@@YAIXZ
?GetValuesFromStack@KLuaScript@@QAAHPBDZZ
?g_StrWrap@@YAXPADPBDH@Z
?GetNext@KLinkArray@@QBEKK@Z
??1KLinkArray@@QAE@XZ
??0KLinkArray@@QAE@XZ
?Remove@KLinkArray@@QAEXK@Z
?g_UnitePathAndName@@YAXPBD0PAD@Z
?KSG_StringGetInt@@YAHPAPBDH@Z
?KSG_StringSkipSymbol@@YA_NPAPBDH@Z
?g_StrCat@@YAXPADPBD@Z
?KG_MemoryCreateBuffer@@YAPAUIKG_Buffer@@I@Z
??1KSoundCache@@QAE@XZ
?Exit@KDirectSound@@QAEXXZ
?SetVolume@KWavSound@@QAEXH@Z
?SetPan@KWavSound@@QAEXH@Z
?Stop@KWavSound@@QAEXXZ
?IsPlaying@KWavSound@@QAEHXZ
??0KDirectSound@@QAE@XZ
??1KDirectSound@@QAE@XZ
??1KMusic@@UAE@XZ
??0KMemClass@@QAE@XZ
??_7KMp3Music@@6B@
??0KMusic@@QAE@XZ
??0KSoundCache@@QAE@XZ
?Init@KDirectSound@@QAEHXZ
?Open@KMp3Music@@UAEHPAD@Z
?Close@KMusic@@UAEXXZ
?Play@KMusic@@UAEXH@Z
?Stop@KMusic@@UAEXXZ
?Rewind@KMp3Music@@UAEXXZ
?SetVolume@KMusic@@UAEXJ@Z
?Init@KWin32App@@UAEHPAUHINSTANCE__@@PAD@Z
?IsPlaying@KMusic@@UAEHXZ
?Init@KMusic@@MAEHXZ
?InitSoundFormat@KMp3Music@@MAEXXZ
?InitSoundBuffer@KMusic@@MAEHXZ
?FreeSoundBuffer@KMusic@@MAEXXZ
?InitSoundNotify@KMusic@@MAEHXZ
?FreeSoundNotify@KMusic@@MAEXXZ
?InitEventHandle@KMusic@@MAEHXZ
?FreeEventHandle@KMusic@@MAEXXZ
?FillBufferWithSound@KMusic@@MAEHK@Z
?FillBufferWithSilence@KMusic@@MAEHXZ
?ReadWaveData@KMp3Music@@MAEKPAEK@Z
?Mp3Init@KMp3Music@@MAEHXZ
?Mp3FillBuffer@KMp3Music@@MAEHXZ
?Mp3Decode@KMp3Music@@MAEKPAEK@Z
?Mp3FileOpen@KMp3Music@@MAEHPAD@Z
?Mp3FileRead@KMp3Music@@MAEKPAEK@Z
?Mp3FileSeek@KMp3Music@@MAEKJ@Z
?Seek@KMp3Music@@UAEXH@Z
??1KMemClass@@QAE@XZ
?Play@KWavSound@@QAEXHHH@Z
?GetPrev@KLinkArray@@QBEKK@Z
?GetString@KTabFile@@UAEHPBD00PADK@Z
?GetCenterPos@KPolygon@@QAEXPAUtagPOINT@@@Z
?IsPointInPolygon@KPolygon@@QAEHUtagPOINT@@@Z
?Clear@KPolygon@@QAEXXZ
??0KPolygon@@QAE@XZ
?AddHead@KList@@QAEXPAVKNode@@@Z
?RemoveHead@KList@@QAEPAVKNode@@XZ
?GetRect@KIniFile@@QAEXPBD0PAUtagRECT@@@Z
?Seek@KPakFile@@QAEKHI@Z
?Stop@KTimer@@QAEXXZ
?GetFloat@KTabFile@@UAEHHHMPAM@Z
?KGLogPrintf@@YAHW4KGLOG_PRIORITY@@QBDZZ
?IsEmpty@KList@@QBEHXZ
gAdviseMemFileNotify
?GetInteger@KTabFile@@UAEHPBD0HPAH@Z
?GetActionScriptID@KLuaScript@@SAKPAUlua_State@@@Z
?AddIncluder@KLuaScript@@QAEXK@Z
?GetActionScriptName@KLuaScript@@SAPBDPAUlua_State@@@Z
?IsLoaded@KLuaScript@@QBEHXZ
?KSG_Json2Lua@@YAHPBDPAUlua_State@@@Z
?GetMemPtr@KMemClass@@QAEPAXXZ
?Alloc@KMemClass@@QAEPAXK@Z
?WriteString@KTabFileCtrl@@QAEHHPBD0H@Z
?WriteString@KTabFileCtrl@@QAEHHHPBDK@Z
?Search@KTabFile@@QAEHPBD0H@Z
?Search@KTabFile@@QAEHPBDHH@Z
?Save@KTabFileCtrl@@QAEHXZ
?Save@KTabFile@@UAEHPBD@Z
?FindRow@KTabFile@@UAEHPBDH@Z
?GetFloat@KTabFile@@UAEHPBD0MPAM@Z
??0KTabFileCtrl@@QAE@XZ
?Load@KTabFileCtrl@@UAEHPBD@Z
?Save@KTabFileCtrl@@UAEHPBD@Z
?FindRow@KTabFileCtrl@@UAEHPBDH@Z
?FindColumn@KTabFileCtrl@@UAEHPBD@Z
?GetWidth@KTabFileCtrl@@UAEHXZ
?GetHeight@KTabFileCtrl@@UAEHXZ
?GetString@KTabFileCtrl@@UAEHPBD00PADK@Z
?GetString@KTabFileCtrl@@UAEHHHPBDPADK@Z
?GetString@KTabFileCtrl@@UAEHHPBD0PADKH@Z
?GetInteger@KTabFileCtrl@@UAEHPBD0HPAH@Z
?GetInteger@KTabFileCtrl@@UAEHHHHPAH@Z
?GetInteger@KTabFileCtrl@@UAEHHPBDHPAHH@Z
?GetFloat@KTabFileCtrl@@UAEHPBD0MPAM@Z
?GetFloat@KTabFileCtrl@@UAEHHHMPAM@Z
?GetFloat@KTabFileCtrl@@UAEHHPBDMPAMH@Z
?Clear@KTabFileCtrl@@UAEXXZ
??1KTabFileCtrl@@UAE@XZ
gAddToMemFileManager
gOnUpdateFinishForMemFileManager
?release_image@@YAXPAUKSGImageContent@@@Z
?g_FileExists@@YAHPBD@Z
?Tell@KPakFile@@QAEKXZ
?RemoveTail@KList@@QAEPAVKNode@@XZ
?GetTail@KList@@QBEPAVKNode@@XZ
?GetGlobalName@KLuaScript@@QAEXPBD@Z
?GetBaseIndex@KLuaCall@@QBEHXZ
?g_GetRootPath@@YAXPADI@Z
?g_StrLen@@YAHPBD@Z
?GetInteger@KTabFile@@UAEHHHHPAH@Z
?GetString@KTabFile@@UAEHHHPBDPADK@Z
?PushString@KLuaCall@@QAEXPBD@Z
?ValueToNumber@KLuaCall@@QAEIH@Z
?Run@KWin32App@@UAEXXZ
?HandleNotify@KMusic@@UAEHXZ
?g_RandomSeed@@YAXI@Z
?SafeCallBegin@KLuaScript@@QAEXPAH@Z
?SafeCallEnd@KLuaScript@@QAEXH@Z
TGetEncodedTextOutputLenPos
TGetEncodedTextEffectCtrls
?g_Random@@YAII@Z
?Clear@KTabFile@@UAEXXZ
?Open@KFile@@QAEHPBD@Z
?Read@KFile@@QAEKPAXK@Z
?KG_GetTickCount@@YAKXZ
?Load@KTabFile@@UAEHPBD@Z
?GetHeight@KTabFile@@UAEHXZ
?GetInteger@KTabFile@@UAEHHPBDHPAHH@Z
?GetString@KTabFile@@UAEHHPBD0PADKH@Z
??1KTabFile@@UAE@XZ
??0KTabFile@@QAE@XZ
TSplitEncodedString
?IsSectionExist@KIniFile@@QAEHPBD@Z
?KSG_StringToMD5String@@YAHQADQBD@Z
?WriteStruct@KIniFile@@QAEXPBD0PAXK@Z
?EraseKey@KIniFile@@QAEXPBD0@Z
?GetStruct@KIniFile@@QAEXPBD0PAXK@Z
TClearSpecialCtrlInEncodedText
TGetLimitLenEncodedString
TGetEncodedWordWrap
?g_GetDrawHWnd@@YAPAUHWND__@@XZ
TEncodeTextAndPickCtrl
?GetInteger2@KIniFile@@QAEHPBD0PAH1@Z
TRemoveCtrlInEncodedText
TIsLocalChar
GetCtrlHandle
??1KIme@@QAE@XZ
??0KIme@@QAE@XZ
TIsLocalWord
TSplitString
TSplitStringLine
TIsHightChar
?EnableLanguageChange@KIme@@QAEXXZ
?OpenIME@KIme@@QAEXXZ
?SetCaretPos@KIme@@QAEXHH@Z
?IsIme@KIme@@QAEHXZ
TGetLimitLenString
??0KPakFile@@QAE@XZ
??0KFile@@QAE@XZ
?Create@KFile@@QAEHPBD@Z
?Open@KPakFile@@QAEHPBD@Z
?Size@KPakFile@@QAEKXZ
?Read@KPakFile@@QAEKPAXI@Z
?Close@KPakFile@@QAEXXZ
??1KFile@@QAE@XZ
??1KPakFile@@QAE@XZ
TGetEncodedTextLineCount
TFindSpecialCtrlInEncodedText
?GetNextSection@KIniFile@@QAEHPBDPAD@Z
?g_StrCmp@@YAHPBD0@Z
??0KTimer@@QAE@XZ
?Clear@KIniFile@@QAEXXZ
?Close@KFile@@QAEXXZ
?Write@KFile@@QAEKPBXK@Z
?Seek@KFile@@QAEKJK@Z
?g_pIme@@3PAVKIme@@A
?DisableLanguageChange@KIme@@QAEXXZ
?CloseIME@KIme@@QAEXXZ
?TurnOn@KIme@@QAEXXZ
?EraseSection@KIniFile@@QAEXPBD@Z
?LoadBuffer@KLuaScript@@QAEHPAEKPBD@Z
?ExecuteCode@KLuaScript@@QAEHXZ
?Release@KLuaScript@@QAEXXZ
?CreateScript@KLuaScriptSet@@QAEPAVKLuaScript@@XZ
?RegisterFunctions@KLuaScript@@QAEHPAUTLua_Funcs@@H@Z
?g_StrToColor@@YAKPBD@Z
?WriteInteger@KIniFile@@QAEXPBD0H@Z
?Save@KIniFile@@QAEHPBD@Z
?g_GetFullPath@@YAXPADIPBD@Z
?GetNextKey@KIniFile@@QAEHPBD0PADH@Z
?g_StrCpyLen@@YAXPADPBDH@Z
?g_GetMainHWnd@@YAPAUHWND__@@XZ
?g_CreatePath@@YAXPBD@Z
??1KSG_LogFile@@UAE@XZ
??0KSG_LogFile@@QAE@PBD@Z
EDOneTimePad_Decipher
??1KIniFile@@QAE@XZ
?GetString@KIniFile@@QAEHPBD00PADK@Z
?Load@KIniFile@@QAEHPBD@Z
??0KIniFile@@QAE@XZ
?GetInteger@KIniFile@@QAEHPBD0HPAH@Z
?InitWithDate@KSG_LogFile@@QAEHPBD0H@Z
?printf_t@KSG_LogFile@@QAAXPBDZZ
?WriteString@KIniFile@@QAEXPBD00@Z
?g_HashString2Id@@YAKPBD@Z
?GetHead@KList@@QBEPAVKNode@@XZ
?GetNext@KNode@@QBEPAV1@XZ
?ValueToString@KLuaCall@@QAEPBDH@Z
TEncodeText
??0KLuaCall@@QAE@PAVKLuaScript@@H@Z
?PushNumber@KLuaCall@@QAEXN@Z
?GetTopIndex@KLuaCall@@QBEHXZ
?StackCall@KLuaCall@@QAEHPBDHHPAH@Z
?ValueToInt@KLuaCall@@QAEHH@Z
??1KLuaCall@@QAE@XZ
?FormatCall@KLuaCall@@QAAHPBDPAH0ZZ
iphlpapi
GetAdaptersInfo
ole32
CoGetMalloc
OleCreate
StgCreateDocfile
OleUninitialize
OleInitialize
OleSetContainedObject
OleDraw
CoCreateGuid
OleSave
Exports
Exports
Sections
UPX0 Size: 4.2MB - Virtual size: 21.8MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.SCY Size: 21KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE