shell32.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
shell32.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
General
-
Target
shell32.dll
-
Size
12.3MB
-
MD5
518c6116079414e7074e726925d07a41
-
SHA1
cc82028c9d8791ce8413e05a70b8b2cc8c757076
-
SHA256
419db5cb061eaa5dcc4e6c91e02889c3681da9f69d663a891fbdc3df591a9247
-
SHA512
a1abfb6cbb942d9dba2b6b9ed293d772ed88892c1af59fd9d93df2e354b06eb3845d32ad84ff983b0044cb5c990b8572cfb6b0831b6d3fe902966c3fcbe54762
-
SSDEEP
98304:aQYZih25Lwcg5wAzugNKFKNhl1SyHqQu/tVGeStJAyEQKv/kSKUMgA/rjvjWZ/vY:RYu258rpXSyK5/+J7Ez/MycMpP0TIU
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource shell32.dll
Files
-
shell32.dll.dll regsvr32 windows:6 windows x86 arch:x86
Password: infected
a0ce3d2e5a208a05ce19d021b97fceac
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
memcpy
memset
_wtoi
wcschr
wcsstr
memmove
_wcsicmp
_strnicmp
wcsncmp
wcsrchr
_ftol2_sse
iswalpha
_wcsnicmp
isalpha
wcspbrk
_ltow_s
wcstol
free
realloc
ceil
wcstok_s
swscanf_s
_CIexp
floor
_CIlog
_ftol2
_ui64tow_s
_CIpow
_itow
_vsnprintf
qsort
malloc
__CxxFrameHandler3
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
memcpy_s
memmove_s
_CxxThrowException
_resetstkoflw
iswprint
iswspace
iswcntrl
iswalnum
isdigit
_XcptFilter
_initterm
_amsg_exit
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
??1type_info@@UAE@XZ
_vsnwprintf
kernelbase
EnumSystemLocalesEx
GetNumberFormatW
LCIDToLocaleName
GetUserDefaultUILanguage
EnumUILanguagesW
NotifyRedirectedStringChange
IsDBCSLeadByte
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
OutputDebugStringA
api-ms-win-core-errorhandling-l1-1-0
SetLastError
SetErrorMode
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
api-ms-win-core-file-l1-1-0
GetFileAttributesExW
GetVolumeInformationW
GetLogicalDrives
GetFileSize
GetShortPathNameW
GetFileAttributesA
GetDriveTypeW
ReadFile
SetFilePointer
CompareFileTime
WriteFile
RemoveDirectoryW
CreateDirectoryW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
QueryDosDeviceW
CreateFileW
GetFileSizeEx
SetFileTime
GetDiskFreeSpaceW
GetLongPathNameW
FindClose
FindNextFileW
GetDiskFreeSpaceExW
FindFirstFileW
FindCloseChangeNotification
GetFullPathNameW
FindNextChangeNotification
FindFirstChangeNotificationW
FlushFileBuffers
GetVolumePathNameW
GetFileInformationByHandle
GetTempFileNameW
FileTimeToSystemTime
FindFirstFileExW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
SetEndOfFile
api-ms-win-core-handle-l1-1-0
CloseHandle
DuplicateHandle
api-ms-win-core-heap-l1-1-0
HeapAlloc
GetProcessHeap
HeapDestroy
HeapReAlloc
HeapFree
api-ms-win-core-interlocked-l1-1-0
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
InterlockedCompareExchange
InterlockedCompareExchange64
api-ms-win-core-io-l1-1-0
CancelIoEx
GetOverlappedResult
DeviceIoControl
api-ms-win-core-libraryloader-l1-1-0
GetModuleFileNameW
FreeResource
LoadResource
LoadStringW
FreeLibrary
GetModuleHandleW
LoadStringA
GetProcAddress
LoadLibraryExA
FreeLibraryAndExitThread
DisableThreadLibraryCalls
LoadLibraryExW
SizeofResource
GetModuleHandleExW
LockResource
api-ms-win-core-localization-l1-1-0
FindNLSString
GetCPInfoExW
GetLocaleInfoEx
GetSystemDefaultLangID
GetCPInfo
GetLocaleInfoW
GetACP
LCMapStringW
GetThreadLocale
GetUserDefaultLCID
GetThreadUILanguage
GetSystemDefaultLCID
VerLanguageNameW
GetOEMCP
api-ms-win-core-localregistry-l1-1-0
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegDeleteKeyExW
RegDeleteValueW
RegGetValueW
RegQueryInfoKeyW
RegQueryInfoKeyA
RegEnumKeyExW
RegDeleteTreeW
RegOpenKeyExA
RegOpenCurrentUser
RegQueryValueExA
RegQueryValueExW
api-ms-win-core-memory-l1-1-0
UnmapViewOfFile
VirtualProtect
CreateFileMappingW
OpenFileMappingW
ReadProcessMemory
VirtualFree
VirtualAlloc
VirtualQuery
MapViewOfFile
api-ms-win-core-misc-l1-1-0
lstrlenA
Wow64DisableWow64FsRedirection
GlobalAlloc
GlobalFree
Sleep
IsWow64Process
lstrcmpiA
lstrcmpA
LocalReAlloc
FormatMessageW
LocalFree
LocalAlloc
lstrlenW
lstrcmpiW
lstrcmpW
Wow64RevertWow64FsRedirection
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentDirectoryW
GetEnvironmentVariableW
SearchPathW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetEnvironmentStringsW
api-ms-win-core-processthreads-l1-1-0
ExitProcess
TerminateProcess
GetExitCodeProcess
GetCurrentThread
OpenThreadToken
GetExitCodeThread
GetThreadId
OpenThread
SetThreadPriority
GetThreadPriority
InitializeProcThreadAttributeList
ResumeThread
GetStartupInfoW
GetProcessTimes
TlsAlloc
TlsFree
ProcessIdToSessionId
GetCurrentProcessId
TlsGetValue
TlsSetValue
CreateThread
GetCurrentProcess
OpenProcessToken
GetCurrentThreadId
DeleteProcThreadAttributeList
CreateProcessAsUserW
SetThreadToken
CreateProcessW
api-ms-win-core-profile-l1-1-0
QueryPerformanceFrequency
QueryPerformanceCounter
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal
GetStringTypeExW
CompareStringEx
GetStringTypeW
CompareStringW
api-ms-win-core-synch-l1-1-0
ReleaseSRWLockExclusive
CreateEventW
ResetEvent
WaitForSingleObject
ReleaseSemaphore
SetEvent
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
TryEnterCriticalSection
InitializeSRWLock
OpenMutexW
OpenProcess
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseMutex
OpenEventW
AcquireSRWLockExclusive
SetWaitableTimer
api-ms-win-core-sysinfo-l1-1-0
GetVersionExW
SystemTimeToFileTime
GetSystemInfo
GetSystemTime
GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount64
GetSystemWindowsDirectoryW
GetLocalTime
GlobalMemoryStatusEx
GetComputerNameExW
GetWindowsDirectoryW
api-ms-win-security-base-l1-1-0
AddAccessAllowedAce
GetSecurityDescriptorControl
GetLengthSid
InitializeAcl
AddAce
GetAclInformation
GetAce
DeleteAce
QuerySecurityAccessMask
GetKernelObjectSecurity
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidLengthRequired
AdjustTokenPrivileges
GetSidSubAuthority
GetSidIdentifierAuthority
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
IsWellKnownSid
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
ImpersonateSelf
RevertToSelf
AllocateAndInitializeSid
FreeSid
CreateWellKnownSid
CheckTokenMembership
GetFileSecurityW
AccessCheck
EqualSid
GetTokenInformation
SetFileSecurityW
SetSecurityDescriptorOwner
DuplicateTokenEx
CopySid
IsValidSid
DuplicateToken
AddAccessAllowedAceEx
AddAccessDeniedAceEx
SetTokenInformation
InitializeSid
shlwapi
PathIsFileSpecW
ord152
ord6
ord192
ord157
GetMenuPosFromID
ord476
SHGetThreadRef
ord260
PathMakePrettyW
PathRemoveFileSpecA
PathIsRootA
ord445
PathAppendA
PathFindNextComponentW
ord4
PathStripToRootW
ord452
PathGetCharTypeW
PathRemoveBackslashW
ord448
PathIsURLW
PathFindOnPathW
ord597
ord596
SHCreateStreamOnFileW
ord214
ord194
ord513
SHOpenRegStream2W
ord512
ord225
ord154
ord213
ord239
ord628
ord537
PathCombineW
SHDeleteKeyA
ord484
ord540
ord538
ord172
ord197
ord193
ord11
UrlGetPartW
PathIsDirectoryW
UrlApplySchemeW
StrToIntExW
ord433
ord515
ord626
ord439
AssocQueryStringByKeyW
ord519
ord409
ord381
ord407
ord236
ord510
ord631
ord278
ord400
PathCompactPathExW
PathFindSuffixArrayW
PathIsSameRootW
PathMatchSpecExW
StrDupA
ord288
ord198
ord164
ord545
ord481
ord179
ord478
ord204
ord173
ord514
ord256
ord382
StrRetToStrW
ord316
ord344
ord634
ord23
ord163
ord611
ord268
ord206
ord2
PathCreateFromUrlW
UrlGetLocationW
ord506
ord534
ord567
ord505
ord365
PathSkipRootW
ord496
ord520
ord472
ord485
SHCreateStreamOnFileEx
HashData
ord509
ord636
ord559
ord20
ord21
ord22
PathGetArgsA
ord19
PathRelativePathToW
PathSetDlgItemPathW
ord617
ord572
ord17
ord466
PathRemoveArgsW
ord186
ord233
ord235
ord295
ord267
ord12
PathIsPrefixW
ord536
ord616
ord614
ord531
ord613
ord532
ord575
UrlCanonicalizeW
PathAddExtensionW
PathIsContentTypeW
ord462
ord237
SHRegQueryUSValueW
SHRegCloseUSKey
SHRegEnumUSKeyW
StrTrimW
SHRegOpenUSKeyA
ord280
ord269
ord354
ord292
PathIsDirectoryEmptyW
ord580
ord583
ord581
UrlUnescapeA
ord284
ord283
ord282
ord231
AssocIsDangerous
ord627
ord621
StrSpnW
StrPBrkW
ord29
ord166
ord317
ord177
ord331
SHStrDupA
SHSkipJunction
PathIsDirectoryA
PathRenameExtensionW
ord271
PathBuildRootA
PathGetDriveNumberA
ord497
ord571
ord546
ord479
ord167
PathCommonPrefixW
SHRegGetPathW
IntlStrEqWorkerW
ord568
UrlCompareW
ord240
StrToIntA
ord384
PathCanonicalizeW
SHRegSetPathW
ord178
ord464
ord218
ord637
ord533
StrRetToBSTR
ord639
SHRegGetUSValueW
StrStrNIW
StrFormatByteSizeEx
ord570
ord201
ColorHLSToRGB
ColorRGBToHLS
ord210
ord208
ord211
ord200
ord221
ord220
ord363
ord195
StrStrW
StrStrIW
StrStrIA
PathAddBackslashW
UrlIsW
UrlUnescapeW
UrlCreateFromPathW
ord7
ord8
ord10
ord9
AssocQueryKeyW
ord600
ord615
ord294
SHRegGetBoolUSValueW
ord635
ord487
ord446
ord175
ord348
PathIsRelativeW
PathRemoveBlanksW
ord471
ord456
ord630
ord632
ord618
PathIsNetworkPathW
PathIsRootW
SHStrDupW
PathGetArgsW
StrRetToBufW
ord355
ord184
ord212
ord266
SHDeleteKeyW
ord529
ord168
ord477
PathFileExistsW
PathRemoveFileSpecW
PathGetDriveNumberW
SHEnumValueW
ord176
ord508
StrFormatByteSizeW
StrStrA
StrRStrIW
StrRStrIA
StrRChrW
StrRChrIW
StrRChrIA
StrRChrA
StrCmpNW
StrCmpNIW
StrCmpNIA
StrCmpNA
StrChrW
StrChrIW
StrChrIA
StrChrA
ord461
ord511
PathStripPathW
AssocGetPerceivedType
ord517
StrCSpnW
ord544
SHRegOpenUSKeyW
ord216
ord270
PathMatchSpecW
ord629
SHQueryValueExW
ord507
ord499
ord530
ord535
ord495
ord494
ord174
SHSetValueW
SHDeleteValueW
PathBuildRootW
SHGetValueW
PathCompactPathW
AssocQueryStringW
StrCmpW
ord516
AssocCreate
StrCmpIW
ord16
ord219
ord199
StrDupW
PathAppendW
PathIsUNCW
PathQuoteSpacesA
StrTrimA
SHAutoComplete
PathQuoteSpacesW
ord388
ord165
PathFindFileNameW
PathRemoveExtensionW
ord156
PathMakeSystemFolderW
PathParseIconLocationW
ord24
PathUnExpandEnvStringsW
ord460
ord459
PathUnquoteSpacesW
PathIsUNCServerW
PathIsUNCServerShareW
PathFindExtensionW
ord158
StrToIntW
ord217
SHRegGetValueW
ord215
ord18
ord633
StrCmpLogicalW
SHEnumKeyExW
ord437
ntdll
RtlFreeHeap
RtlUnicodeStringToOemString
NtSetInformationFile
NtOpenFile
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
NtQueryInformationFile
RtlNtStatusToDosError
NtCreateFile
NtClose
NtFsControlFile
EtwEventWrite
RtlGetLastNtStatus
RtlExpandEnvironmentStrings_U
RtlInitUnicodeStringEx
RtlSetEnvironmentVariable
RtlQueryEnvironmentVariable_U
RtlDestroyEnvironment
RtlSetCurrentEnvironment
RtlCreateEnvironment
NtQueryLicenseValue
WinSqmIncrementDWORD
EtwTraceMessage
EtwEventEnabled
WinSqmAddToStream
RtlMapGenericMask
NtQueryInformationProcess
NtQueryInformationToken
NtOpenProcessToken
NtSetInformationToken
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwEventRegister
EtwEventUnregister
NtQuerySystemInformation
RtlGetNtProductType
WinSqmIsOptedIn
NtQueryVolumeInformationFile
NtSetInformationThread
NtQueryInformationThread
WinSqmSetDWORD
wcsncpy_s
wcscat_s
ord1
RtlFreeUnicodeString
RtlCreateUnicodeString
RtlRandomEx
NtQueryDirectoryFile
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlReleaseRelativeName
RtlDosPathNameToRelativeNtPathName_U
NtSetSecurityObject
NtSetEaFile
NtQuerySecurityObject
NtQueryEaFile
RtlDowncaseUnicodeString
RtlOemStringToUnicodeString
RtlInitString
RtlDosPathNameToNtPathName_U
ShipAssert
NtQueryObject
EtwLogTraceEvent
NtOpenThreadToken
RtlPrefixString
user32
AdjustWindowRect
SetRect
CharNextW
CharNextA
SetCursor
DrawIcon
CharToOemBuffA
OemToCharBuffA
PostMessageW
UnregisterClassW
GetSysColorBrush
CopyRect
GrayStringW
IsWindowEnabled
DrawFrameControl
DrawEdge
OffsetRect
MapVirtualKeyW
SetDlgItemTextA
GetDlgItemTextA
IsCharAlphaW
CharUpperW
GetAncestor
SetForegroundWindow
FindWindowW
SetProcessDPIAware
ShutdownBlockReasonDestroy
ShutdownBlockReasonCreate
DestroyMenu
CreatePopupMenu
DeleteMenu
KillTimer
SetTimer
DestroyWindow
CharPrevA
GetMessagePos
GetWindowThreadProcessId
GetWindow
InsertMenuItemW
GetMenuItemInfoW
InsertMenuW
GetMenuItemCount
TrackPopupMenu
GetForegroundWindow
ChangeWindowMessageFilterEx
RegisterWindowMessageW
GetUserObjectInformationW
GetThreadDesktop
GetProcessWindowStation
MonitorFromPoint
GetClassNameW
RemoveMenu
GetSubMenu
LoadMenuW
SystemParametersInfoA
LoadImageW
CharLowerW
RegisterClipboardFormatW
GetShellWindow
EnableMenuItem
SendMessageTimeoutW
GetClipboardOwner
ModifyMenuW
GetMenuState
GetMenuDefaultItem
SetMenuItemInfoW
IsMenu
SetMenuDefaultItem
PtInRect
CountClipboardFormats
GetMenuItemID
MessageBeep
GetMenuStringW
CharPrevW
CharUpperBuffW
SetPropW
RemovePropW
GetPropW
EnumWindows
IsIconic
GetLastActivePopup
CopyIcon
EnumDisplayDevicesW
GetDoubleClickTime
UnionRect
GetScrollInfo
UpdateLayeredWindow
GetCursorPos
RegisterClassExW
GetDesktopWindow
ExitWindowsEx
GetAsyncKeyState
EqualRect
IntersectRect
MonitorFromWindow
IsSETEnabled
SystemParametersInfoW
RedrawWindow
IsProcessDPIAware
DrawIconEx
BroadcastSystemMessageW
MapDialogRect
SetActiveWindow
GetWindowTextLengthW
GetClassInfoW
GetWindowPlacement
DeregisterShellHookWindow
GetTaskmanWindow
RegisterShellHookWindow
SetTaskmanWindow
WaitForInputIdle
MessageBoxW
AllowSetForegroundWindow
DeferWindowPos
EndDeferWindowPos
BeginDeferWindowPos
SendNotifyMessageW
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterDeviceNotification
MsgWaitForMultipleObjects
SendMessageCallbackW
RegisterDeviceNotificationW
PostQuitMessage
CloseDesktop
OpenInputDesktop
NotifyWinEvent
ord2000
TranslateAcceleratorW
SetClipboardViewer
CheckMenuItem
CheckMenuRadioItem
ChangeClipboardChain
CreateMenu
LoadAcceleratorsW
AppendMenuW
EndMenu
DestroyAcceleratorTable
CloseGestureInfoHandle
GetGestureInfo
SetGestureConfig
UpdateWindow
EnumPropsExW
CloseClipboard
SetClipboardData
GetClipboardData
OpenClipboard
EnumChildWindows
DialogBoxParamW
CopyImage
AdjustWindowRectEx
GetMessageW
TrackPopupMenuEx
RegisterWindowMessageA
SetWindowRgn
ShowScrollBar
SetScrollInfo
CallNextHookEx
CallWindowProcW
UnhookWindowsHookEx
SetWindowsHookExW
SetScrollPos
IsWindowUnicode
GetDialogBaseUnits
WinHelpW
GetClassWord
FindWindowExW
GetKeyboardLayout
CreateWindowExW
AttachThreadInput
CopyAcceleratorTableW
BringWindowToTop
FreeDDElParam
UnpackDDElParam
PackDDElParam
PostThreadMessageW
GetSystemMenu
IsDialogMessageW
GetCapture
TrackMouseEvent
SetCapture
ReleaseCapture
GetUpdateRect
GetWindowDC
ActivateKeyboardLayout
SetRectEmpty
GetLastInputInfo
SetMenuInfo
CharLowerBuffW
SwitchToThisWindow
SetParent
IsRectEmpty
GetClassInfoExW
ClientToScreen
WindowFromPoint
GetMessageTime
CreateAcceleratorTableW
EnumDisplayMonitors
SubtractRect
SetShellWindowEx
PaintMonitor
PaintDesktop
WaitMessage
LockWindowUpdate
GetClassLongW
DdeQueryConvInfo
DdeCreateDataHandle
DdeNameService
DdeGetLastError
DdeGetData
DdeDisconnect
DdeUninitialize
DdeFreeStringHandle
DdeCreateStringHandleW
DdeQueryStringW
DdeInitializeW
wsprintfW
SetWinEventHook
UnhookWinEvent
EmptyClipboard
GetMenuInfo
MsgWaitForMultipleObjectsEx
GetProcessDefaultLayout
IsWinEventHookInstalled
FindWindowA
AnimateWindow
HideCaret
GetCursor
ShowCaret
LockSetForegroundWindow
ChildWindowFromPoint
SetMenu
CreateDialogParamW
MessageBoxIndirectW
GetDisplayConfigBufferSizes
MoveWindow
SetWindowPos
MonitorFromRect
GetMonitorInfoW
LoadBitmapW
IsChild
IsWindowVisible
GetWindowTextW
SetDlgItemTextW
SetWindowTextW
MapWindowPoints
GetDlgItemTextW
GetSysColor
IsWindow
TabbedTextOutW
LoadCursorW
RegisterClassW
EnableWindow
IsDlgButtonChecked
ShowWindow
CheckDlgButton
GetFocus
EndDialog
EnumDisplaySettingsW
InvalidateRect
GetDlgCtrlID
GetDlgItemInt
SetDlgItemInt
CheckRadioButton
DrawTextW
GetWindowLongW
GetParent
BeginPaint
GetClientRect
SendDlgItemMessageW
FrameRect
InflateRect
FillRect
EndPaint
SetFocus
GetDC
GetWindowRect
ScreenToClient
DrawFocusRect
ReleaseDC
DefWindowProcW
GetKeyState
GetNextDlgTabItem
SetWindowLongW
LookupIconIdFromDirectory
LoadIconW
PrivateExtractIconsW
DestroyIcon
GetIconInfo
CreateIconIndirect
GetDlgItem
SendMessageW
GetSystemMetrics
gdi32
GetViewportOrgEx
GetClipBox
CreateRectRgn
GetClipRgn
IntersectClipRect
SelectClipRgn
SetMetaFileBitsEx
PlayMetaFile
DeleteMetaFile
LPtoDP
SetStretchBltMode
StretchBlt
GetTextAlign
SetTextAlign
SetMapMode
SetViewportOrgEx
SetWindowExtEx
SetViewportExtEx
CreatePolygonRgn
MoveToEx
LineTo
GetCurrentObject
CreatePen
Rectangle
GetTextColor
GdiTransparentBlt
CreateBitmap
TextOutW
CreateDIBSection
GdiFlush
GetPixel
GdiAlphaBlend
GetDeviceCaps
GetTextExtentPointW
SetBkMode
OffsetWindowOrgEx
SetWindowOrgEx
EnumFontFamiliesA
AddFontResourceW
CreateFontA
GetLayout
SetLayout
CreateCompatibleBitmap
SetFontEnumeration
GetTextFaceW
CreateDCW
EnumFontFamiliesExW
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
GetTextMetricsW
PatBlt
CreateCompatibleDC
BitBlt
DeleteDC
SetTextColor
SetBkColor
SelectObject
GetNearestColor
PlgBlt
GetObjectType
GetWindowOrgEx
CreateRectRgnIndirect
RestoreDC
SaveDC
GetDIBColorTable
ExtTextOutW
CreateFontW
TextOutA
GetTextExtentPoint32A
CreateSolidBrush
GetStockObject
TranslateCharsetInfo
DeleteObject
kernel32
ResolveLocaleName
LocaleNameToLCID
AssignProcessToJobObject
TerminateThread
GetProcessId
CreateIoCompletionPort
SetInformationJobObject
GetQueuedCompletionStatus
IsProcessInJob
CreateJobObjectW
ExpandEnvironmentStringsA
GetAtomNameW
FindResourceExW
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
LoadLibraryA
GetPhysicallyInstalledSystemMemory
FlushInstructionCache
QueueUserWorkItem
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
CreateHardLinkW
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetSystemWow64DirectoryW
GetProductInfo
FindAtomW
CancelSynchronousIo
UnregisterWait
GlobalFlags
SetVolumeLabelW
WaitForMultipleObjects
CreateSemaphoreW
LocalSize
RegisterWaitForSingleObject
UnregisterWaitEx
WritePrivateProfileStringW
WritePrivateProfileSectionW
QueryFullProcessImageNameW
GetPrivateProfileSectionNamesW
ActivateActCtx
DeactivateActCtx
DosDateTimeToFileTime
FileTimeToDosDateTime
GlobalGetAtomNameW
FindResourceW
GetComputerNameW
MoveFileExW
EnumResourceNamesW
LoadLibraryW
GetPrivateProfileStringW
MulDiv
GetPrivateProfileIntW
GetProfileIntW
GetShortPathNameA
GlobalUnlock
GlobalLock
GlobalReAlloc
DelayLoadFailureHook
GetTempPathW
GetDateFormatW
CheckElevationEnabled
GetProfileSectionW
GetVolumeNameForVolumeMountPointW
GlobalSize
ReplaceFileW
MoveFileW
QueryActCtxW
GlobalDeleteAtom
GlobalAddAtomW
GetNativeSystemInfo
CreateActCtxW
ReleaseActCtx
CheckElevation
Wow64EnableWow64FsRedirection
GetBinaryTypeW
GetCompressedFileSizeW
CopyFileW
WerpNotifyUseStringResource
CreateWaitableTimerW
ReadDirectoryChangesW
GetFileInformationByHandleEx
PowerClearRequest
PowerSetRequest
PowerCreateRequest
WTSGetActiveConsoleSessionId
GetPrivateProfileSectionW
GetVolumePathNamesForVolumeNameW
InitOnceExecuteOnce
GetSystemPreferredUILanguages
Exports
Exports
AppCompat_RunDLLW
AssocCreateForClasses
AssocGetDetailsOfPropKey
CDefFolderMenu_Create2
CIDLData_CreateFromIDArray
CheckEscapesW
CommandLineToArgvW
Control_RunDLL
Control_RunDLLA
Control_RunDLLAsUserW
Control_RunDLLW
DAD_AutoScroll
DAD_DragEnterEx
DAD_DragEnterEx2
DAD_DragLeave
DAD_DragMove
DAD_SetDragImage
DAD_ShowDragImage
DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllUnregisterServer
DoEnvironmentSubstA
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
DragQueryPoint
DriveType
DuplicateIcon
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconA
ExtractIconEx
ExtractIconExA
ExtractIconExW
ExtractIconW
FindExecutableA
FindExecutableW
FreeIconList
GetCurrentProcessExplicitAppUserModelID
GetFileNameFromBrowse
ILAppendID
ILClone
ILCloneFirst
ILCombine
ILCreateFromPath
ILCreateFromPathA
ILCreateFromPathW
ILFindChild
ILFindLastID
ILFree
ILGetNext
ILGetSize
ILIsEqual
ILIsParent
ILLoadFromStreamEx
ILRemoveLastID
ILSaveToStream
InitNetworkAddressControl
InternalExtractIconListA
InternalExtractIconListW
IsLFNDrive
IsLFNDriveA
IsLFNDriveW
IsNetDrive
IsUserAnAdmin
LaunchMSHelp_RunDLLW
OpenAs_RunDLL
OpenAs_RunDLLA
OpenAs_RunDLLW
OpenRegStream
Options_RunDLL
Options_RunDLLA
Options_RunDLLW
PathCleanupSpec
PathGetShortPath
PathIsExe
PathIsSlowA
PathIsSlowW
PathMakeUniqueName
PathQualify
PathResolve
PathYetAnotherMakeUniqueName
PickIconDlg
PifMgr_CloseProperties
PifMgr_GetProperties
PifMgr_OpenProperties
PifMgr_SetProperties
PrepareDiscForBurnRunDllW
PrintersGetCommand_RunDLL
PrintersGetCommand_RunDLLA
PrintersGetCommand_RunDLLW
ReadCabinetState
RealDriveType
RealShellExecuteA
RealShellExecuteExA
RealShellExecuteExW
RealShellExecuteW
RegenerateUserEnvironment
RestartDialog
RestartDialogEx
RunAsNewUser_RunDLLW
SHAddDefaultPropertiesByExt
SHAddFromPropSheetExtArray
SHAddToRecentDocs
SHAlloc
SHAppBarMessage
SHAssocEnumHandlers
SHAssocEnumHandlersForProtocolByApplication
SHBindToFolderIDListParent
SHBindToFolderIDListParentEx
SHBindToObject
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHBrowseForFolderW
SHCLSIDFromString
SHChangeNotification_Lock
SHChangeNotification_Unlock
SHChangeNotify
SHChangeNotifyDeregister
SHChangeNotifyRegister
SHChangeNotifyRegisterThread
SHChangeNotifySuspendResume
SHCloneSpecialIDList
SHCoCreateInstance
SHCreateAssociationRegistration
SHCreateDataObject
SHCreateDefaultContextMenu
SHCreateDefaultExtractIcon
SHCreateDefaultPropertiesOp
SHCreateDirectory
SHCreateDirectoryExA
SHCreateDirectoryExW
SHCreateFileExtractIconW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHCreateItemFromRelativeName
SHCreateItemInKnownFolder
SHCreateItemWithParent
SHCreateLocalServerRunDll
SHCreateProcessAsUserW
SHCreatePropSheetExtArray
SHCreateQueryCancelAutoPlayMoniker
SHCreateShellFolderView
SHCreateShellFolderViewEx
SHCreateShellItem
SHCreateShellItemArray
SHCreateShellItemArrayFromDataObject
SHCreateShellItemArrayFromIDLists
SHCreateShellItemArrayFromShellItem
SHCreateStdEnumFmtEtc
SHDefExtractIconA
SHDefExtractIconW
SHDestroyPropSheetExtArray
SHDoDragDrop
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHEnableServiceObject
SHEnumerateUnreadMailAccountsW
SHEvaluateSystemCommandTemplate
SHExtractIconsW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFindFiles
SHFind_InitMenuPopup
SHFlushSFCache
SHFormatDrive
SHFree
SHFreeNameMappings
SHGetAttributesFromDataObject
SHGetDataFromIDListA
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceExW
SHGetDriveMedia
SHGetFileInfo
SHGetFileInfoA
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetFolderPathAndSubDirA
SHGetFolderPathAndSubDirW
SHGetFolderPathEx
SHGetFolderPathW
SHGetIDListFromObject
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetImageList
SHGetInstanceExplorer
SHGetItemFromDataObject
SHGetItemFromObject
SHGetKnownFolderIDList
SHGetKnownFolderItem
SHGetKnownFolderPath
SHGetLocalizedName
SHGetMalloc
SHGetNameFromIDList
SHGetNewLinkInfo
SHGetNewLinkInfoA
SHGetNewLinkInfoW
SHGetPathFromIDList
SHGetPathFromIDListA
SHGetPathFromIDListEx
SHGetPathFromIDListW
SHGetPropertyStoreForWindow
SHGetPropertyStoreFromIDList
SHGetPropertyStoreFromParsingName
SHGetRealIDL
SHGetSetFolderCustomSettings
SHGetSetSettings
SHGetSettings
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHGetStockIconInfo
SHGetTemporaryPropertyForItem
SHGetUnreadMailCountW
SHHandleUpdateImage
SHHelpShortcuts_RunDLL
SHHelpShortcuts_RunDLLA
SHHelpShortcuts_RunDLLW
SHILCreateFromPath
SHInvokePrinterCommandA
SHInvokePrinterCommandW
SHIsFileAvailableOffline
SHLimitInputEdit
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHMapPIDLToSystemImageListIndex
SHMultiFileProperties
SHObjectProperties
SHOpenFolderAndSelectItems
SHOpenPropSheetW
SHOpenWithDialog
SHParseDisplayName
SHPathPrepareForWriteA
SHPathPrepareForWriteW
SHPropStgCreate
SHPropStgReadMultiple
SHPropStgWriteMultiple
SHQueryRecycleBinA
SHQueryRecycleBinW
SHQueryUserNotificationState
SHRemoveLocalizedName
SHReplaceFromPropSheetExtArray
SHResolveLibrary
SHRestricted
SHSetDefaultProperties
SHSetFolderPathA
SHSetFolderPathW
SHSetInstanceExplorer
SHSetKnownFolderPath
SHSetLocalizedName
SHSetTemporaryPropertyForItem
SHSetUnreadMailCountW
SHShellFolderView_Message
SHShowManageLibraryUI
SHSimpleIDListFromPath
SHStartNetConnectionDialogW
SHTestTokenMembership
SHUpdateImageA
SHUpdateImageW
SHUpdateRecycleBinIcon
SHValidateUNC
SetCurrentProcessExplicitAppUserModelID
SheChangeDirA
SheChangeDirExW
SheGetDirA
SheSetCurDrive
ShellAboutA
ShellAboutW
ShellExec_RunDLL
ShellExec_RunDLLA
ShellExec_RunDLLW
ShellExecuteA
ShellExecuteEx
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
ShellHookProc
ShellMessageBoxA
ShellMessageBoxW
Shell_GetCachedImageIndex
Shell_GetCachedImageIndexA
Shell_GetCachedImageIndexW
Shell_GetImageLists
Shell_MergeMenus
Shell_NotifyIcon
Shell_NotifyIconA
Shell_NotifyIconGetRect
Shell_NotifyIconW
SignalFileOpen
StgMakeUniqueName
StrChrA
StrChrIA
StrChrIW
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrCmpNW
StrNCmpA
StrNCmpIA
StrNCmpIW
StrNCmpW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrA
StrRStrIA
StrRStrIW
StrRStrW
StrStrA
StrStrIA
StrStrIW
StrStrW
WOWShellExecute
WaitForExplorerRestartW
Win32DeleteFile
WriteCabinetState
Sections
.text Size: 3.8MB - Virtual size: 3.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8.3MB - Virtual size: 8.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 206KB - Virtual size: 205KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ