Static task
static1
Behavioral task
behavioral1
Sample
9aae52d532c0a60c02331391c64500c4.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
9aae52d532c0a60c02331391c64500c4.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
9aae52d532c0a60c02331391c64500c4
-
Size
8.4MB
-
MD5
9aae52d532c0a60c02331391c64500c4
-
SHA1
2fc8106704029aeab3da58321e0e911e54b18ef8
-
SHA256
2fa22ffe6aefec9c306f142e7ae83c10e1050e4b646b883085eede88b488ab26
-
SHA512
8caa5ae16475fb24ce1ddbd3e35d7ec1dca0d4ff5c827fac3e91e5ddcaa5a6fb9ea03f73f7d4f6395072e8ba60e49a1147ae8799dbf20d8840426bea1957c0a0
-
SSDEEP
196608:difXgXqT3GrszYwLuKqLLnPAmap/RRsp9Q:cfiWMp6
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 9aae52d532c0a60c02331391c64500c4
Files
-
9aae52d532c0a60c02331391c64500c4.exe windows:6 windows x86 arch:x86
d97d178faa9c11b214d9d5633b5825de
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
FreeLibraryAndExitThread
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
LocalAlloc
LocalFree
DeleteAtom
lstrcpyA
lstrcpyW
lstrcatW
lstrlenA
lstrlenW
CreateSemaphoreW
CreateWaitableTimerW
LoadLibraryA
LoadLibraryW
Wow64EnableWow64FsRedirection
ReadDirectoryChangesW
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
IsBadStringPtrW
FileTimeToSystemTime
MultiByteToWideChar
WideCharToMultiByte
GetThreadLocale
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
GetConsoleScreenBufferInfo
SetConsoleScreenBufferSize
SetConsoleCursorPosition
SetConsoleCursorInfo
SetConsoleWindowInfo
FreeConsole
ProcessIdToSessionId
AllocConsole
GetConsoleMode
SetConsoleCtrlHandler
SetConsoleMode
GetConsoleWindow
K32EnumProcessModulesEx
K32GetModuleInformation
RtlZeroMemory
RtlMoveMemory
SetPriorityClass
CreateProcessW
ResumeThread
SuspendThread
GetExitCodeThread
ExitThread
SetThreadPriority
OpenThread
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetProcessTimes
QueueUserAPC
Sleep
SetWaitableTimer
OpenEventW
FreeLibrary
GetComputerNameA
CreateSemaphoreA
SetFileTime
SetEndOfFile
ReadFile
GetProcessHeaps
HeapValidate
InitializeCriticalSection
GetOEMCP
GetACP
GetComputerNameW
FormatMessageA
MoveFileExW
MoveFileW
CopyFileW
GetTempPathA
GetModuleHandleA
GetTempPathW
SetFilePointer
GetFullPathNameW
GetCurrentDirectoryA
SystemTimeToFileTime
GetLocalTime
GetSystemTime
CompareFileTime
CreateThread
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
EncodePointer
Wow64DisableWow64FsRedirection
MapViewOfFile
CreateFileMappingW
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
VirtualAllocEx
VirtualProtect
VirtualFree
VirtualAlloc
GetNativeSystemInfo
GetTickCount64
GetTickCount
OpenProcess
GetThreadContext
CreateEventW
SleepEx
WaitForSingleObject
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSectionEx
DeviceIoControl
GetProcessHeap
HeapFree
HeapAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
SetLastError
GetLastError
RaiseException
CloseHandle
DecodePointer
CheckRemoteDebuggerPresent
OutputDebugStringW
DebugBreak
IsDebuggerPresent
WriteFile
SetFileAttributesW
RemoveDirectoryW
GetVolumePathNameW
GetShortPathNameW
GetFileTime
GetFileSizeEx
GetFileSize
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
DeleteFileW
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
GetProcessIdOfThread
GetThreadId
GetVersionExA
GetProcessId
SetCurrentDirectoryW
GetEnvironmentVariableW
SetStdHandle
GetStdHandle
SetConsoleTitleW
RtlCaptureContext
VirtualQuery
user32
ShutdownBlockReasonCreate
InternalGetWindowText
SystemParametersInfoW
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
GetClassNameW
EnumWindows
DeregisterShellHookWindow
RegisterShellHookWindow
FindWindowW
SetParent
GetParent
SetWindowLongW
wsprintfW
LoadKeyboardLayoutW
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SendNotifyMessageW
PostMessageW
DefWindowProcW
RegisterClassW
UnregisterClassW
CreateWindowExW
IsWindow
DestroyWindow
ShowWindow
IsWindowVisible
IsIconic
BringWindowToTop
OpenClipboard
CloseClipboard
SetClipboardData
GetActiveWindow
GetFocus
SendInput
IsWindowEnabled
GetSystemMetrics
GetForegroundWindow
SetForegroundWindow
GetWindowLongW
ChildWindowFromPoint
WindowFromPoint
GetCursorPos
MessageBoxW
GetClientRect
GetWindowTextLengthW
GetWindowTextW
ReleaseDC
ShutdownBlockReasonDestroy
GetDC
gdi32
GetObjectW
SetStretchBltMode
StretchBlt
GetDIBits
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SelectObject
advapi32
RegCreateKeyW
CryptSetHashParam
CryptImportKey
CryptExportKey
CryptDeriveKey
SetNamedSecurityInfoW
SetEntriesInAclW
NotifyServiceStatusChangeW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
EnumServicesStatusExW
ControlService
CloseServiceHandle
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegDeleteTreeW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegDeleteKeyExW
RegCreateKeyExW
CryptSignHashA
RegCloseKey
GetUserNameA
LookupPrivilegeValueW
PrivilegeCheck
IsValidSid
ImpersonateSelf
ImpersonateLoggedOnUser
GetLengthSid
DuplicateTokenEx
CopySid
AdjustTokenPrivileges
OpenProcessToken
RegCreateKeyExA
RegOpenKeyExA
CryptAcquireContextA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
CryptGenRandom
CryptGetKeyParam
CryptGetProvParam
CryptGetUserKey
CryptEnumProvidersA
CryptDestroyKey
shell32
ShellExecuteExW
SHGetSpecialFolderPathW
SHChangeNotify
ExtractIconW
CommandLineToArgvW
ole32
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoInitialize
oleaut32
VariantClear
SysAllocString
SysFreeString
msvcr120
_fileno
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
_except_handler4_common
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
_except1
_vsnprintf
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_except_handler3
?what@exception@std@@UBEPBDXZ
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
_getch
setlocale
??0bad_cast@std@@QAE@PBD@Z
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_wrmdir
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
_unlock_file
_lock_file
_wfopen
swscanf
_vswprintf
_vsnwprintf
_vswprintf_c
vswprintf_s
ungetwc
fputwc
fgetwc
ungetc
setvbuf
printf
fwrite
_fseeki64
ftell
fseek
fsetpos
fread
fputs
fputc
fopen
fgetpos
fgetc
fflush
fclose
pow
_wtol
wcstol
realloc
malloc
free
srand
rand
_byteswap_ushort
qsort
bsearch
atol
atoi
exit
_wcsnicmp
wcsncpy
wcslen
wcscmp
strtok
_strdup
strcmp
strcat
strcpy
memcpy_s
memcmp
memchr
toupper
isalnum
isspace
isdigit
__CxxFrameHandler3
_CxxThrowException
sprintf
memmove
strlen
memset
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
_stricmp
tolower
strstr
wcsstr
strchr
strnlen
strncmp
_strnicmp
ferror
_telli64
_filelengthi64
_filelength
_chsize_s
_atoi64
fgets
towlower
towupper
fprintf
fopen_s
_time64
_mktime64
_localtime64_s
_tzset
_get_timezone
_get_daylight
strtol
_dupenv_s
atof
msvcp120
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDH@std@@2V0locale@2@A
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$codecvt@_WDH@std@@2V0locale@2@A
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Random_device@std@@YAIXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPAPA_W0PAH001@Z
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W0@Z
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?unsetf@ios_base@std@@QAEXH@Z
?setf@ios_base@std@@QAEHHH@Z
?setf@ios_base@std@@QAEHH@Z
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
??0id@locale@std@@QAE@I@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@_WDH@std@@QBEHAAHPBD1AAPBDPA_W3AAPA_W@Z
?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z
?unshift@?$codecvt@_WDH@std@@QBEHAAHPAD1AAPAD@Z
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
shlwapi
StrDupW
StrCatW
PathFindExtensionW
PathIsDirectoryW
StrDupA
ntdll
NtRemoveProcessDebug
NtOpenThread
RtlExitUserProcess
NtOpenProcess
NtQueryInformationProcess
NtSetInformationDebugObject
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlGetLastWin32Error
RtlGetLastNtStatus
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlInitializeSRWLock
NtUnloadDriver
NtLoadDriver
LdrUnloadDll
LdrEnumerateLoadedModules
NtQueryInformationToken
NtOpenProcessToken
RtlFreeSid
NtQueryEvent
NtOpenEvent
NtSetEvent
NtResetEvent
NtPulseEvent
NtClearEvent
NtWaitForSingleObject
NtUnmapViewOfSection
NtAreMappedFilesTheSame
NtMapViewOfSection
NtCreateSection
NtQueryVirtualMemory
NtWriteVirtualMemory
NtReadVirtualMemory
LdrFindEntryForAddress
RtlCreateUserThread
RtlAdjustPrivilege
NtQuerySemaphore
RtlSecondsSince1970ToTime
RtlDoesFileExists_U
RtlDosPathNameToNtPathName_U
NtDeleteFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtOpenFile
RtlUpcaseUnicodeChar
NtQuerySystemInformation
NtClose
NtMakePermanentObject
NtDuplicateObject
NtSetInformationObject
NtQueryObject
NtOpenDirectoryObject
RtlConvertSidToUnicodeString
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlFreeUnicodeString
RtlEqualUnicodeString
RtlCompareUnicodeString
RtlAppendUnicodeToString
RtlReleasePebLock
RtlAcquirePebLock
RtlCreateUnicodeStringFromAsciiz
RtlCreateUnicodeString
RtlInitUnicodeString
CsrGetProcessId
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
NtProtectVirtualMemory
RtlValidateHeap
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
NtTerminateProcess
NtTerminateThread
NtResumeThread
NtAlertResumeThread
NtTestAlert
NtAlertThread
NtSetContextThread
NtGetContextThread
NtQueryInformationThread
NtQueueApcThread
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
wininet
InternetReadFile
InternetOpenW
InternetQueryDataAvailable
InternetCheckConnectionW
InternetCloseHandle
InternetOpenUrlW
HttpQueryInfoW
wtsapi32
WTSUnRegisterSessionNotification
WTSFreeMemoryExW
WTSEnumerateProcessesExW
WTSRegisterSessionNotification
dbghelp
SymGetOptions
SymFromAddrW
SymUnloadModule64
SymLoadModuleExW
ImageNtHeader
SymGetModuleBase64
SymFunctionTableAccess64
SymCleanup
SymInitialize
SymSetOptions
StackWalk64
wintrust
CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
ws2_32
bind
accept
setsockopt
__WSAFDIsSet
connect
ioctlsocket
closesocket
getpeername
getsockname
getsockopt
WSAStartup
WSACleanup
WSAGetLastError
WSAPoll
InetPtonW
gethostname
gethostbyname
socket
shutdown
htons
inet_addr
inet_ntoa
listen
ntohs
recv
select
sendto
send
crypt32
CryptUnprotectMemory
CryptProtectMemory
CertGetNameStringW
CertDuplicateCertificateContext
CertFreeCertificateContext
iphlpapi
GetAdaptersInfo
SetTcpEntry
GetExtendedTcpTable
GetExtendedUdpTable
fltlib
FilterFindClose
FilterFindNext
FilterFindFirst
d3d9
Direct3DCreate9
Sections
.text Size: 4.8MB - Virtual size: 4.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 188KB - Virtual size: 187KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ