Rainmeter-4[.]2[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Rainmeter-4.2.exe
Size

2.3MB
MD5

e65611f4069a222e7b7f8ff0f67dc0f9
SHA1

50d23c374df9b020dfe9e14266503566ae1577fe
SHA256

5ab964f7eea7864ca6ec97229d2dad184f85565ebc72b990189ab5cfeda0fca2
SHA512

1671663521038c1fd15958807f8a359921a6ef19428c268e8f92eaa2ed2f6c1a261f1b1daf1a5678ff4501ddad3e612373470f1c057bfd916607a4897e15fbcf
SSDEEP

49152:fw+Dvrj38wjPdcai1QdXBxI2ILcte7Tc+awHiHrtgnHG:zvrj38vLS7ZILcte7Q+a7HJgnHG

Score

3^/10

Malware Config

Signatures

Unsigned PE 27 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/MoreInfo.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UAC.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/Plugins/ActionTimer.dll
unpack001/Plugins/AdvancedCPU.dll
unpack001/Plugins/AudioLevel.dll
unpack001/Plugins/CoreTemp.dll
unpack001/Plugins/FileView.dll
unpack001/Plugins/FolderInfo.dll
unpack001/Plugins/InputText.dll
unpack001/Plugins/PerfMon.dll
unpack001/Plugins/PingPlugin.dll
unpack001/Plugins/PowerPlugin.dll
unpack001/Plugins/Process.dll
unpack001/Plugins/QuotePlugin.dll
unpack001/Plugins/ResMon.dll
unpack001/Plugins/RunCommand.dll
unpack001/Plugins/SpeedFanPlugin.dll
unpack001/Plugins/SysInfo.dll
unpack001/Plugins/UsageMonitor.dll
unpack001/Plugins/WifiStatus.dll
unpack001/Plugins/Win7AudioPlugin.dll
unpack001/Plugins/WindowMessagePlugin.dll
unpack001/Plugins/iTunesPlugin.dll

Files

Rainmeter-4.2.exe
.exe windows:4 windows x86 arch:x86

1f23f452093b5c1ff091a2f9fb4fa3e9

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

15:64:3c:53:07:05:44:2b:0a:cf:66:0a:64:d7:13:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2018, 00:00

Not After

06/02/2021, 23:59

Subject

CN=Firebit OU,OU=IT,O=Firebit OU,POSTALCODE=15551,STREET=Sepapaja tn 6,L=Tallinn,ST=Harjumaa,C=EE,2.5.4.18=#13053135353531

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:64:3c:53:07:05:44:2b:0a:cf:66:0a:64:d7:13:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2018, 00:00

Not After

06/02/2021, 23:59

Subject

CN=Firebit OU,OU=IT,O=Firebit OU,POSTALCODE=15551,STREET=Sepapaja tn 6,L=Tallinn,ST=Harjumaa,C=EE,2.5.4.18=#13053135353531

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

91:77:11:82:8f:97:44:a7:ed:61:44:84:99:54:d1:2f:f1:1c:3a:f9:14:2a:2b:bc:ca:dc:0a:3f:3f:7b:ba:09
Signer

Actual PE Digest

91:77:11:82:8f:97:44:a7:ed:61:44:84:99:54:d1:2f:f1:1c:3a:f9:14:2a:2b:bc:ca:dc:0a:3f:3f:7b:ba:09

Digest Algorithm

sha256

PE Digest Matches

true

7f:1b:f9:e7:e1:08:91:27:ee:42:1b:4c:e8:05:d8:ca:c9:06:24:e6
Signer

Actual PE Digest

7f:1b:f9:e7:e1:08:91:27:ee:42:1b:4c:e8:05:d8:ca:c9:06:24:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
SetCurrentDirectoryW
GetFileAttributesW
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
CopyFileW
GetShortPathNameW
GlobalLock
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
MoveFileW
GetFullPathNameW
SetFileTime
SearchPathW
CompareFileTime
lstrcmpW
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalUnlock
GetDiskFreeSpaceW
GlobalAlloc
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
lstrlenA
MulDiv
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

user32

GetSystemMenu
SetClassLongW
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
GetDC
SetTimer
SetWindowTextW
LoadImageW
SetForegroundWindow
ShowWindow
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
EndPaint
CreateDialogParamW
SendMessageTimeoutW
wsprintfW
PostQuitMessage

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 136KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

3e8d18bb71c7ebbda2ddc2a4bb03547b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
GlobalFree
lstrcpynW
lstrcmpW
GlobalAlloc
MulDiv
GetModuleHandleW
lstrcpyW

user32

DialogBoxParamW
SetDlgItemTextW
SendDlgItemMessageW
EndDialog
SetWindowTextW
LoadIconW
ShowWindow
SendMessageW
GetDC

gdi32

GetDeviceCaps
CreateFontIndirectW
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 681B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/MoreInfo.dll
.dll windows:4 windows x86 arch:x86

149adf074d317fbf0d2f17314bd18969

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

t:\untgz\MoreInfo\SRC\Release\MoreInfo.pdb

Imports

user32

wsprintfW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

lstrlenW
lstrcpyW
lstrcpynW
lstrcatW
GlobalAlloc
GetSystemDirectoryW
GlobalFree

Exports

Exports

GetComments
GetCompanyName
GetFileDescription
GetFileVersion
GetInternalName
GetLegalCopyright
GetLegalTrademarks
GetOSUserinterfaceLanguage
GetOriginalFilename
GetPrivateBuild
GetProductName
GetProductVersion
GetSpecialBuild
GetUserDefined

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

0ef725341a4aecf8398c0e2132f38049

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetCurrentProcessId
GetCommandLineW
GetProcAddress
CreateThread
GlobalFree
LoadLibraryA
OpenProcess
GlobalAlloc
CreateFileMappingW
Sleep
MapViewOfFile
GetModuleHandleW
UnmapViewOfFile
CreateEventW
SetCurrentDirectoryW
GetVersionExW
GetExitCodeProcess
lstrcatW
LocalFree
GetPrivateProfileStringW
FormatMessageW
GetPrivateProfileIntW
CreateProcessW
CloseHandle
GetLastError
DuplicateHandle
GetCurrentThreadId
lstrlenW
SetEvent
WaitForSingleObject
lstrcmpiW
GetExitCodeThread
GetModuleFileNameW

user32

SetWindowPos
GetClientRect
GetWindowThreadProcessId
SetWindowLongW
DefWindowProcW
GetDlgItem
CallWindowProcW
CallNextHookEx
GetClassNameW
PeekMessageW
DestroyWindow
SendMessageW
SetForegroundWindow
IsWindowVisible
MsgWaitForMultipleObjects
LoadStringW
EndDialog
EnableWindow
DialogBoxParamW
LoadImageW
MessageBoxW
GetWindowLongW
DispatchMessageW
ShowWindow
wsprintfW
CreateDialogParamW
GetWindowRect
IsDialogMessageW
FindWindowExW
CharNextW
CreateWindowExW
LoadIconW
PostMessageW
SetWindowsHookExW
UnhookWindowsHookEx
TranslateMessage

shell32

ShellExecuteExW

advapi32

OpenServiceW
QueryServiceStatus
CloseServiceHandle
OpenProcessToken
OpenSCManagerW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
EqualSid

ole32

CoInitialize

Exports

Exports

_

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

e1c0bd3d5b9f3f5cec7ea773ff66ac6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentProcess
GlobalAlloc
GetCurrentThread
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW

advapi32

OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 694B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

e2ee55bddad4241d619d6a8a38e2d869

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
GetDlgItem
GetSysColor
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/ActionTimer.dll
.dll windows:6 windows x86 arch:x86

93b17af2cee876df26b6dfcbcd774b54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Rainmeter4\x32-Release\Obj\PluginActionTimer\ActionTimer.pdb

Imports

rainmeter

RmLogF
RmReplaceVariables
RmReadString
RmReadFormula
RmGet

user32

SendNotifyMessageW
FindWindowW

kernel32

GetModuleHandleA
CreateFileW
DecodePointer
WriteConsoleW
HeapReAlloc
HeapSize
SetFilePointerEx
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetLastError
WideCharToMultiByte
CloseHandle
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentProcess
GetCurrentThread
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
CreateTimerQueue
SetEvent
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
RaiseException
HeapAlloc
HeapFree
ExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
MultiByteToWideChar
GetStringTypeW
GetACP
GetProcessHeap
LCMapStringW
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode

Exports

Exports

ExecuteBang
Finalize
Initialize
Reload
Update

Sections

.text
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/AdvancedCPU.dll
.dll windows:6 windows x86 arch:x86

24b93a2aba9615640e2aca36ef95f061

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Rainmeter4\x32-Release\Obj\PluginAdvancedCPU\AdvancedCPU.pdb

Imports

rainmeter

RmReadFormula
RmReadString

kernel32

GetModuleHandleW
GetTickCount
lstrcpyW
GetProcAddress
lstrlenW
CloseHandle
WriteConsoleW
DecodePointer
IsBadStringPtrW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx

user32

wsprintfW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

Exports

Exports

Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/AudioLevel.dll
.dll windows:6 windows x86 arch:x86

bd3082b15bb7df8f72bfac6376777d73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Rainmeter4\x32-Release\Obj\PluginAudioLevel\AudioLevel.pdb

Imports

rainmeter

RmReadString
RmLogF
LSLog
RmReadFormula
RmGet

kernel32

WideCharToMultiByte
DecodePointer
QueryPerformanceFrequency
QueryPerformanceCounter
WriteConsoleW
CloseHandle
SetFilePointerEx
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
CreateFileW
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode

ole32

CoCreateInstance
CoTaskMemFree
PropVariantClear

Exports

Exports

Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/CoreTemp.dll
.dll windows:6 windows x86 arch:x86

1b238f5a0991635589c767a62565d87c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Rainmeter4\x32-Release\Obj\PluginCoreTemp\CoreTemp.pdb

Imports

rainmeter

RmReadFormula
RmLogF
RmReadString

kernel32

MultiByteToWideChar
GetLastError
SetLastError
CreateMutexW
WaitForSingleObject
ReleaseMutex
OpenFileMappingW
UnmapViewOfFile
CloseHandle
MapViewOfFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
InterlockedFlushSList
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
CreateFileW
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
SetStdHandle
HeapSize
HeapReAlloc
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
DecodePointer
WriteConsoleW

Exports

Exports

Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/FileView.dll
.dll windows:6 windows x86 arch:x86

0835ee100616552f3b1cb30cc53f4aba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Rainmeter4\x32-Release\Obj\PluginFileView\FileView.pdb

Imports

shlwapi

PathMatchSpecW

rainmeter

RmReplaceVariables
RmGet
RmReadFormula
RmLogF
RmPathToAbsolute
RmReadString
RmLog
RmExecute

kernel32

HeapSize
GetCurrentDirectoryW
GetLogicalDrives
CompareFileTime
FindFirstFileExW
EnterCriticalSection
FindNextFileW
LeaveCriticalSection
InitializeCriticalSection
FindClose
GetPrivateProfileStringW
FileTimeToSystemTime
DisableThreadLibraryCalls
TerminateThread
CloseHandle
HeapReAlloc
DeleteCriticalSection
SystemTimeToFileTime
WinExec
SystemTimeToTzSpecificLocalTime
GetDateFormatW
WriteConsoleW
SetFilePointerEx
FlushFileBuffers
SetStdHandle
CreateFileW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetEndOfFile
ReadFile
ReadConsoleW
GetTimeFormatW
GetCurrentThreadId
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetFileType
GetStdHandle
GetDriveTypeW
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
DecodePointer
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetFullPathNameW
ExitProcess
GetModuleFileNameA
HeapFree
HeapAlloc
GetACP
GetStringTypeW
WriteFile
GetConsoleCP
GetConsoleMode

user32

ReleaseDC
GetCursorPos
DestroyMenu
DestroyIcon
CreatePopupMenu
GetIconInfo
GetDC
GetWindowRect
TrackPopupMenuEx
PrivateExtractIconsW

gdi32

GetObjectW
DeleteObject
GetDIBits

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHParseDisplayName
ShellExecuteExW
SHBindToParent
ord727
SHGetFileInfoW

ole32

CoInitializeEx
CoUninitialize

Exports

Exports

ExecuteBang
Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/FolderInfo.dll
.dll windows:6 windows x86 arch:x86

36fbf10ebfad4f8c8f725a6729002206

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Rainmeter4\x32-Release\Obj\PluginFolderInfo\FolderInfo.pdb

Imports

rainmeter

ord6
RmPathToAbsolute
RmGet
RmReadFormula
ord5
RmReadString

kernel32

DecodePointer
WriteConsoleW
CloseHandle
FindFirstFileW
FindNextFileW
FindClose
GetTickCount
SetFilePointerEx
GetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP

user32

wsprintfW

Exports

Exports

Finalize
Initialize
Reload
Update

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/InputText.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Exports

Exports

ExecuteBang
Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 195B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PerfMon.dll
.dll windows:6 windows x86 arch:x86

821a899b154d1c3775f3b39bd560c94a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Rainmeter4\x32-Release\Obj\PluginPerfMon\PerfMon.pdb

Imports

rainmeter

RmReadFormula
RmReadString

kernel32

IsBadStringPtrW
lstrcpyW
CloseHandle
WriteConsoleW
DecodePointer
lstrlenW
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
CreateFileW
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx

user32

wsprintfW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

Exports

Exports

Finalize
Initialize
Reload
Update

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PingPlugin.dll
.dll windows:6 windows x86 arch:x86

79eabbb9c1e2f2b83c69f9cd3e23eb6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Rainmeter4\x32-Release\Obj\PluginPing\PingPlugin.pdb

Imports

ws2_32

WSACleanup
gethostbyname
WSAStartup
inet_addr

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

rainmeter

RmGet
RmReadFormula
RmReadString
RmExecute
RmLog

kernel32

WriteConsoleW
DecodePointer
GetProcAddress
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
EnterCriticalSection
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSection
FreeLibraryAndExitThread
DisableThreadLibraryCalls
CloseHandle
CreateThread
DeleteCriticalSection
WideCharToMultiByte
SetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
CreateFileW
LoadLibraryExW
ExitProcess
GetModuleFileNameA
MultiByteToWideChar
HeapFree
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc

Exports

Exports

Finalize
Initialize
Reload
Update

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PowerPlugin.dll
.dll windows:6 windows x86 arch:x86

8eac3874cb40675a5e1dbbcf2db6fd4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Rainmeter4\x32-Release\Obj\PluginPower\PowerPlugin.pdb

Imports

rainmeter

RmReadString

kernel32

HeapAlloc
DecodePointer
GetSystemPowerStatus
GetSystemInfo
WriteConsoleW
RaiseException
GetLastError
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedFlushSList
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
CreateFileW
GetACP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetTimeZoneInformation
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle

Exports

Exports

Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Process.dll
.dll windows:6 windows x86 arch:x86

6947a95e45bc1821523286f00af60483

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Rainmeter4\x32-Release\Obj\PluginProcess\Process.pdb

Imports

rainmeter

RmReadString

kernel32

HeapAlloc
DecodePointer
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
CreateFileW
GetACP
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx

Exports

Exports

Finalize
Initialize
Reload
Update

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/QuotePlugin.dll
.dll windows:6 windows x86 arch:x86

0847262502113d8f4fc33633c0dd0d94

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Rainmeter4\x32-Release\Obj\PluginQuote\QuotePlugin.pdb

Imports

shlwapi

PathIsDirectoryW
PathMatchSpecW

rainmeter

RmReadFormula
RmPathToAbsolute
RmReadString

kernel32

GetModuleFileNameA
DecodePointer
SetEndOfFile
WriteConsoleW
MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
FindFirstFileW
FindNextFileW
FindClose
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ReadFile
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType
GetStringTypeW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
CloseHandle
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
CreateFileW
HeapSize

Exports

Exports

Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/ResMon.dll
.dll windows:6 windows x86 arch:x86

e0e8b7eebe36a422b7f123df101517e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Rainmeter4\x32-Release\Obj\PluginResMon\ResMon.pdb

Imports

psapi

EnumProcesses
GetModuleBaseNameW
EnumProcessModules

rainmeter

RmLogF
RmReadString

kernel32

DecodePointer
WriteConsoleW
OpenProcess
CloseHandle
GetProcessHandleCount
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile

user32

EnumChildWindows
GetGuiResources

Exports

Exports

Finalize
Initialize
Reload
Update

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/RunCommand.dll
.dll windows:6 windows x86 arch:x86

92588b26d87305eec6faf692af3ca52c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Rainmeter4\x32-Release\Obj\PluginRunCommand\RunCommand.pdb

Imports

rainmeter

RmExecute
RmReplaceVariables
RmLog
RmLogF
RmReadString
RmReadFormula
RmGet
RmPathToAbsolute

kernel32

GetNumaHighestNodeNumber
ReadConsoleW
SetEndOfFile
DecodePointer
WriteConsoleW
HeapReAlloc
HeapSize
SetFilePointerEx
ReadFile
GetCurrentProcess
WriteFile
GetModuleHandleExW
TerminateProcess
CreatePipe
PeekNamedPipe
WaitForSingleObject
FreeLibraryAndExitThread
DuplicateHandle
DisableThreadLibraryCalls
CloseHandle
CreateProcessW
GetExitCodeProcess
SetStdHandle
CreateFileW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetLastError
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
WaitForSingleObjectEx
Sleep
GetCurrentThread
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
CreateTimerQueue
SetEvent
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
RaiseException
HeapAlloc
HeapFree
ExitThread
ExitProcess
GetModuleFileNameA
GetACP
GetStringTypeW
GetStdHandle
GetFileType
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

PostMessageW
GetWindowThreadProcessId
EnumWindows

Exports

Exports

ExecuteBang
Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SpeedFanPlugin.dll
.dll windows:6 windows x86 arch:x86

f5da2614b9bff03517aefde35843be7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Rainmeter4\x32-Release\Obj\PluginSpeedFan\SpeedFanPlugin.pdb

Imports

rainmeter

RmReadFormula
RmReadString
LSLog
RmGet

kernel32

WideCharToMultiByte
OpenFileMappingW
UnmapViewOfFile
CloseHandle
MapViewOfFile
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
CreateFileW
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
SetStdHandle
HeapSize
HeapReAlloc
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
DecodePointer

Exports

Exports

Finalize
Initialize
Reload
Update

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SysInfo.dll
.dll windows:6 windows x86 arch:x86

d5b0fc976b9f440d8d7c0843c9fdd1ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Rainmeter4\x32-Release\Obj\PluginSysInfo\SysInfo.pdb

Imports

iphlpapi

GetAdaptersInfo
GetNetworkParams
GetBestInterface
GetIpAddrTable

rainmeter

RmGet
LSLog
RmReadString
RmReadFormula

kernel32

FileTimeToLocalFileTime
GetComputerNameW
GetTickCount
GetNativeSystemInfo
GetTimeZoneInformation
CreateFileW
CloseHandle
MultiByteToWideChar
WriteConsoleW
DecodePointer
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
RaiseException
GetLastError
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
VerifyVersionInfoW
VerSetConditionMask
GetCurrentProcess
WideCharToMultiByte
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedFlushSList
RtlUnwind
SetLastError
EnterCriticalSection
WriteFile
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapAlloc
GetACP
GetStringTypeW
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
HeapReAlloc
LeaveCriticalSection

user32

wsprintfW
GetLastInputInfo
EnumDisplayMonitors
GetSystemMetrics
GetMonitorInfoW

advapi32

GetUserNameW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyW

ole32

CoCreateInstance

Exports

Exports

Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/UsageMonitor.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Exports

Exports

Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/WifiStatus.dll
.dll windows:6 windows x86 arch:x86

14d5d23b7cd6c096a710b5c420cd446a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Rainmeter4\x32-Release\Obj\PluginWifiStatus\WifiStatus.pdb

Imports

wlanapi

WlanGetAvailableNetworkList
WlanFreeMemory
WlanCloseHandle
WlanEnumInterfaces
WlanQueryInterface
WlanOpenHandle

rainmeter

RmReadFormula
RmLogF
RmReadString
RmLog

kernel32

DecodePointer
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
MultiByteToWideChar
WriteFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
CreateFileW
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle

Exports

Exports

Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Win7AudioPlugin.dll
.dll windows:6 windows x86 arch:x86

e24a0c2a450e15fb1454d728942e10bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Rainmeter4\x32-Release\Obj\PluginWin7Audio\Win7AudioPlugin.pdb

Imports

rainmeter

LSLog

user32

wsprintfW

ole32

CoInitialize
CoTaskMemFree
CoUninitialize
PropVariantClear
CoCreateInstance

kernel32

HeapAlloc
CreateFileW
DecodePointer
WriteConsoleW
CloseHandle
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
WriteFile
GetACP
GetStringTypeW
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
HeapReAlloc
GetConsoleMode
FlushFileBuffers
GetConsoleCP

Exports

Exports

ExecuteBang
Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/WindowMessagePlugin.dll
.dll windows:6 windows x86 arch:x86

d92fb79544b3551a845269ad506649f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Rainmeter4\x32-Release\Obj\PluginWindowMessage\WindowMessagePlugin.pdb

Imports

rainmeter

RmReadString
RmLog

user32

GetWindowTextW
FindWindowW
SendMessageW
PostMessageW

kernel32

GetStringTypeW
CreateFileW
DecodePointer
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
SetFilePointerEx
GetACP
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
HeapReAlloc
GetConsoleMode
FlushFileBuffers
WriteFile
GetConsoleCP
CloseHandle

Exports

Exports

ExecuteBang
Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/iTunesPlugin.dll
.dll windows:6 windows x86 arch:x86

5c161b70f01cb628bd0336b8e03b022c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Rainmeter4\x32-Release\Obj\PluginiTunes\iTunesPlugin.pdb

Imports

rainmeter

LSLog
ReadConfigString

kernel32

WideCharToMultiByte
CreateDirectoryW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
CreateFileW
DecodePointer
WriteConsoleW
WriteFile
SetStdHandle
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
GetLastError
RaiseException
InterlockedFlushSList
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
QueryPerformanceFrequency
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
HeapSize
HeapFree
HeapAlloc
GetACP
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
CloseHandle

user32

wsprintfW
FindWindowW

ole32

OleRun
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
LoadRegTypeLi

Exports

Exports

ExecuteBang
Finalize
GetPluginAuthor
GetPluginVersion
GetString
Initialize
Update

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rainmeter.dll
.dll windows:6 windows x86 arch:x86

5a79233347ab14832f6b689c8c02c959

Code Sign

15:64:3c:53:07:05:44:2b:0a:cf:66:0a:64:d7:13:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2018, 00:00

Not After

06/02/2021, 23:59

Subject

CN=Firebit OU,OU=IT,O=Firebit OU,POSTALCODE=15551,STREET=Sepapaja tn 6,L=Tallinn,ST=Harjumaa,C=EE,2.5.4.18=#13053135353531

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

12:61:11:e7:78:75:3b:03:1c:07:61:2a:03:a0:82:36:15:8e:18:02:c8:d9:d7:60:45:e9:3c:3e:e7:2d:39:a3
Signer

Actual PE Digest

12:61:11:e7:78:75:3b:03:1c:07:61:2a:03:a0:82:36:15:8e:18:02:c8:d9:d7:60:45:e9:3c:3e:e7:2d:39:a3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Rainmeter4\x32-Release\Obj\Library\Rainmeter.pdb

Imports

comctl32

ord410
ImageList_Create
ord412
ord413
ImageList_ReplaceIcon
ord17

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlW
DeleteUrlCacheEntryW
InternetOpenW
InternetGetLastResponseInfoW

uxtheme

EnableThemeDialogTexture
SetWindowTheme

gdiplus

GdipFillPolygonI
GdipSetSmoothingMode
GdipDrawImageRectRect
GdipSetWorldTransform
GdipRotateMatrix
GdipTranslateMatrix
GdipCreateMatrix
GdipSetImageAttributesColorMatrix
GdipImageRotateFlip
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetImageRawFormat
GdipCreateHICONFromBitmap
GdipSaveImageToFile
GdipCreateBitmapFromFile
GdipIsMatrixIdentity
GdiplusShutdown
GdiplusStartup
GdipDeleteFontFamily
GdipGetFamilyName
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipGetFontCollectionFamilyCount
GdipNewInstalledFontCollection
GdipAddPathArc
GdipResetWorldTransform
GdipDrawImageRectI
GdipRotateWorldTransform
GdipCreateBitmapFromStream
GdipDrawPath
GdipSetPenLineJoin
GdipAddPathLine
GdipDrawLine
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipFillPath
GdipResetClip
GdipSetClipPath
GdipAddPathRectangleI
GdipDeletePath
GdipCreatePath
GdipBitmapGetPixel
GdipDrawCachedBitmap
GdipCreateCachedBitmap
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipDeleteCachedBitmap
GdipGetImageHeight
GdipGetImageWidth
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipFillRectangleI
GdipCreateLineBrushFromRectWithAngleI
GdipSetPixelOffsetMode
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateMatrix2
GdipAlloc
GdipSetMatrixElements
GdipFree
GdipDeleteMatrix
GdipGetWorldTransform
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetSolidFillColor
GdipGraphicsClear
GdipTranslateWorldTransform
GdipGetMatrixElements

shlwapi

PathSetDlgItemPathW
PathRemoveExtensionW
PathCanonicalizeW
PathIsDirectoryW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathAddBackslashW
PathCreateFromUrlW
AssocQueryStringW
PathFileExistsW

kernel32

CreateProcessA
FlushFileBuffers
GetOEMCP
IsValidCodePage
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
GetStdHandle
GetModuleFileNameA
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetACP
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
GetFileAttributesExW
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
CompareStringW
DecodePointer
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStringTypeW
QueryPerformanceFrequency
QueryPerformanceCounter
CreateFileA
GetModuleHandleA
SetEndOfFile
SetFilePointer
GetCurrentProcess
LCMapStringW
WideCharToMultiByte
ExpandEnvironmentStringsW
LoadLibraryExA
VirtualQuery
VirtualProtect
RaiseException
GetProcessHeap
FindFirstFileExA
FindNextFileA
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileAttributesW
SetEnvironmentVariableA
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetCurrentThreadId
GetModuleHandleW
FindFirstFileW
GetProcAddress
FreeLibrary
FindNextFileW
FindClose
GetLocaleInfoW
GetUserDefaultLCID
GetPrivateProfileIntW
ReleaseMutex
CreateFileW
WriteFile
CloseHandle
MultiByteToWideChar
GetTempPathW
GetTempFileNameW
DeleteFileW
GetPrivateProfileStringW
CreateDirectoryW
WritePrivateProfileSectionW
GetLastError
GetVersionExW
LoadLibraryExW
MoveFileW
ReadFile
FindFirstFileExW
DeleteCriticalSection
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTimes
GetSystemInfo
GetDriveTypeW
GetDiskFreeSpaceExW
GetVolumeInformationW
GlobalMemoryStatusEx
SetDllDirectoryW
CreateThread
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
GetLocalTime
FormatMessageW
TerminateThread
GetShortPathNameW
LocalFree
UnmapViewOfFile
GetTickCount
OpenFileMappingW
MapViewOfFile
OpenProcess
TerminateProcess
ReadProcessMemory
LoadLibraryW
VerifyVersionInfoW
VerSetConditionMask
GetModuleFileNameW
CreateMutexW
BeginUpdateResourceW
FindResourceW
SizeofResource
LoadResource
LockResource
UpdateResourceW
EndUpdateResourceW
SetFileAttributesW
WaitForSingleObject
GetExitCodeProcess
GetCurrentDirectoryW
SetLastError
Sleep
SetCurrentDirectoryW
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetFileSize
GetFileTime
MoveFileExW
SetStdHandle
WriteConsoleW
HeapSize
WritePrivateProfileStringW

user32

GetWindowPlacement
SetWindowPlacement
LoadImageW
GetWindowTextW
GetKeyState
GetSysColor
SetWindowLongW
SetWindowTextW
FindWindowW
DialogBoxParamW
EndDialog
ShowWindow
GetWindowRect
MapWindowPoints
MoveWindow
MessageBoxW
LoadMenuW
CreateWindowExW
SendDlgItemMessageW
GetWindowLongW
ShowScrollBar
TrackMouseEvent
InvalidateRect
GetFocus
GetDlgCtrlID
ScreenToClient
SetFocus
FlashWindow
GetWindowTextLengthW
GetMessageExtraInfo
SendInput
wsprintfW
LoadIconW
DestroyIcon
LoadCursorFromFileW
LoadCursorW
DestroyCursor
IsWindow
RegisterClassW
UnregisterClassW
DefWindowProcW
SetTimer
FindWindowExW
KillTimer
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
GetDlgItem
GetSystemMetrics
RegisterClassExW
RegisterRawInputDevices
GetWindow
MonitorFromRect
UpdateLayeredWindow
IsWindowVisible
GetAncestor
SetCursor
GetParent
IntersectRect
GetRawInputData
SetWinEventHook
UnhookWinEvent
GetMonitorInfoW
EnumDisplayDevicesW
EnumDisplaySettingsW
MonitorFromPoint
EnumDisplayMonitors
GetShellWindow
GetClassNameW
EnumWindows
GetMessagePos
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
RegisterWindowMessageW
CopyIcon
LoadStringW
MapDialogRect
GetWindowThreadProcessId
GetForegroundWindow
CreatePopupMenu
DestroyMenu
WindowFromPoint
HiliteMenuItem
InsertMenuW
DeleteMenu
GetSubMenu
CheckMenuItem
EnableMenuItem
SetMenuDefaultItem
GetCursorPos
PostMessageW
SetWindowPos
BringWindowToTop
AttachThreadInput
DestroyWindow
CreateDialogParamW
SetForegroundWindow
ReleaseDC
DrawFrameControl
IsWindowEnabled
GetDC
GetClientRect
SendMessageW
EnumChildWindows
SystemParametersInfoW
SetMenuItemInfoW
GetMenuItemInfoW
IsDialogMessageW
CreateDialogIndirectParamW
AppendMenuW
GetMenuStringW
GetMenuState
GetMenuItemCount
ModifyMenuW
CheckMenuRadioItem
TrackPopupMenu
SendMessageTimeoutW
EnableWindow

gdi32

CombineRgn
CreateEllipticRgn
SelectObject
DeleteDC
CreateFontIndirectW
CreateDIBSection
CreateRoundRectRgn
CreateRectRgn
GetObjectW
CreateSolidBrush
DeleteObject
CreateCompatibleDC

comdlg32

GetOpenFileNameW

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegEnumKeyW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFolderPathW
SHQueryRecycleBinW
SHEmptyRecycleBinW
Shell_NotifyIconW
Shell_NotifyIconGetRect
ShellExecuteExW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString

d2d1

ord1
ord2
ord3

dwrite

DWriteCreateFactory

Exports

Exports

LSLog
PluginBridge
ReadConfigString
RmExecute
RmGet
RmLog
RmLogF
RmPathToAbsolute
RmReadFormula
RmReadString
RmReplaceVariables

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rainmeter.exe
.exe windows:6 windows x86 arch:x86

9a66e65f22017f3d7b9d3b2daf36e546

Code Sign

15:64:3c:53:07:05:44:2b:0a:cf:66:0a:64:d7:13:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2018, 00:00

Not After

06/02/2021, 23:59

Subject

CN=Firebit OU,OU=IT,O=Firebit OU,POSTALCODE=15551,STREET=Sepapaja tn 6,L=Tallinn,ST=Harjumaa,C=EE,2.5.4.18=#13053135353531

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c8:e7:77:d5:8e:15:8c:9a:5a:6a:b1:5e:81:9b:0f:f9:b7:29:6e:49:7c:16:64:56:01:ab:44:eb:c3:33:98:27
Signer

Actual PE Digest

c8:e7:77:d5:8e:15:8c:9a:5a:6a:b1:5e:81:9b:0f:f9:b7:29:6e:49:7c:16:64:56:01:ab:44:eb:c3:33:98:27

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Rainmeter4\x32-Release\Obj\Application\Rainmeter.pdb

Imports

kernel32

FindResourceW
GetLastError
GetProcAddress
ExitProcess
SetErrorMode
LoadLibraryW
lstrcatW
SetCurrentDirectoryW
GetCommandLineW

user32

wsprintfW
MessageBoxW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rainmeter.exe.config
.xml
SkinInstaller.exe
.exe windows:6 windows x86 arch:x86

d1c635d2dd9d0f09293048819fd6e737

Code Sign

15:64:3c:53:07:05:44:2b:0a:cf:66:0a:64:d7:13:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2018, 00:00

Not After

06/02/2021, 23:59

Subject

CN=Firebit OU,OU=IT,O=Firebit OU,POSTALCODE=15551,STREET=Sepapaja tn 6,L=Tallinn,ST=Harjumaa,C=EE,2.5.4.18=#13053135353531

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6c:c5:fc:63:23:21:20:09:9d:60:5d:f5:72:60:b6:32:a4:6a:61:78:c1:79:ef:51:36:6f:79:51:85:df:f9:48
Signer

Actual PE Digest

6c:c5:fc:63:23:21:20:09:9d:60:5d:f5:72:60:b6:32:a4:6a:61:78:c1:79:ef:51:36:6f:79:51:85:df:f9:48

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Rainmeter4\x32-Release\Obj\SkinInstallerLauncher\SkinInstaller.pdb

Imports

kernel32

SetErrorMode
ExitProcess
GetCommandLineW

rainmeter

ord8

Sections

.text
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f23f452093b5c1ff091a2f9fb4fa3e9

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

15:64:3c:53:07:05:44:2b:0a:cf:66:0a:64:d7:13:38Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

15:64:3c:53:07:05:44:2b:0a:cf:66:0a:64:d7:13:38Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

91:77:11:82:8f:97:44:a7:ed:61:44:84:99:54:d1:2f:f1:1c:3a:f9:14:2a:2b:bc:ca:dc:0a:3f:3f:7b:ba:09Signer

7f:1b:f9:e7:e1:08:91:27:ee:42:1b:4c:e8:05:d8:ca:c9:06:24:e6Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 136KB

.rsrc Size: 35KB - Virtual size: 34KB

3e8d18bb71c7ebbda2ddc2a4bb03547b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 681B

.data Size: 512B - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 352B

149adf074d317fbf0d2f17314bd18969

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

version

kernel32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: - Virtual size: 44B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 188B

fc0224e99e736751432961db63a41b76

Headers

File Characteristics

Imports

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

15:64:3c:53:07:05:44:2b:0a:cf:66:0a:64:d7:13:38
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

15:64:3c:53:07:05:44:2b:0a:cf:66:0a:64:d7:13:38
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

91:77:11:82:8f:97:44:a7:ed:61:44:84:99:54:d1:2f:f1:1c:3a:f9:14:2a:2b:bc:ca:dc:0a:3f:3f:7b:ba:09
Signer

7f:1b:f9:e7:e1:08:91:27:ee:42:1b:4c:e8:05:d8:ca:c9:06:24:e6
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 136KB

.rsrc
Size: 35KB - Virtual size: 34KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 681B

.data
Size: 512B - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 352B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 44B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 188B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 608B

.text
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 100B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1024B - Virtual size: 694B

.rdata
Size: 1024B - Virtual size: 673B

.data
Size: 512B - Virtual size: 144B

.reloc
Size: 512B - Virtual size: 240B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 630B