General

Malware Config

Signatures

Files

• by RyosXpl0its [Goddy's].zip

  .zip

  Password: NjzNXMtXOsOvQxDb

• Aur0raV1.rar

  .rar

  Password: NjzNXMtXOsOvQxDb

• Aur0raV1/AUR0RA.exe

  .exe windows:4 windows x86 arch:x86

  Password: NjzNXMtXOsOvQxDb

  f4639a0b3116c2cfc71144b88a929cfd

  
  

  Code Sign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  29-04-2021 00:00

  Not After

  28-04-2036 23:59

  Subject

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  14-07-2023 00:00

  Not After

  13-10-2034 23:59

  Subject

  CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  03:15:43:e7:6c:a9:71:57:5e:ed:f2:2a:a3:71:9d:cc

  Certificate

  Issuer

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Not Before

  06-06-2023 00:00

  Not After

  07-08-2024 23:59

  Subject

  CN=Brave Software\, Inc.,O=Brave Software\, Inc.,L=San Francisco,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  01

  Certificate

  Issuer

  CN=Unknown issuer

  Not Before

  01-01-2013 10:00

  Not After

  01-04-2013 10:00

  Subject

  CN=Dummy certificate

  Extended Key Usages

  Key Usages

  KeyUsageCertSign

  08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  29-04-2021 00:00

  Not After

  28-04-2036 23:59

  Subject

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  03:15:43:e7:6c:a9:71:57:5e:ed:f2:2a:a3:71:9d:cc

  Certificate

  Issuer

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Not Before

  06-06-2023 00:00

  Not After

  07-08-2024 23:59

  Subject

  CN=Brave Software\, Inc.,O=Brave Software\, Inc.,L=San Francisco,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  14-07-2023 00:00

  Not After

  13-10-2034 23:59

  Subject

  CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  ea:c1:77:8a:27:b8:a3:9e:46:23:d7:2a:bb:41:14:51:8d:2b:a3:2b:10:2a:3a:96:7b:8c:22:56:cf:37:f4:f6

  Signer

  Actual PE Digest

  ea:c1:77:8a:27:b8:a3:9e:46:23:d7:2a:bb:41:14:51:8d:2b:a3:2b:10:2a:3a:96:7b:8c:22:56:cf:37:f4:f6

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  1f:60:86:0d:94:c4:e4:41:5c:56:82:3e:29:46:4e:4a:04:cd:27:2a

  Signer

  Actual PE Digest

  1f:60:86:0d:94:c4:e4:41:5c:56:82:3e:29:46:4e:4a:04:cd:27:2a

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  advapi32

  RegEnumValueW

  RegEnumKeyW

  RegQueryValueExW

  RegSetValueExW

  RegCloseKey

  RegDeleteValueW

  RegDeleteKeyW

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  OpenProcessToken

  RegOpenKeyExW

  RegCreateKeyExW

  shell32

  SHGetPathFromIDListW

  SHBrowseForFolderW

  SHGetFileInfoW

  SHFileOperationW

  ShellExecuteExW

  ole32

  CoCreateInstance

  OleUninitialize

  OleInitialize

  IIDFromString

  CoTaskMemFree

  comctl32

  ImageList_Destroy

  ord17

  ImageList_AddMasked

  ImageList_Create

  user32

  MessageBoxIndirectW

  GetDlgItemTextW

  SetDlgItemTextW

  CreatePopupMenu

  AppendMenuW

  TrackPopupMenu

  OpenClipboard

  EmptyClipboard

  SetClipboardData

  CloseClipboard

  IsWindowVisible

  CallWindowProcW

  GetMessagePos

  CheckDlgButton

  LoadCursorW

  SetCursor

  GetSysColor

  SetWindowPos

  GetWindowLongW

  IsWindowEnabled

  SetClassLongW

  GetSystemMenu

  EnableMenuItem

  GetWindowRect

  ScreenToClient

  EndDialog

  RegisterClassW

  SystemParametersInfoW

  CharPrevW

  GetClassInfoW

  DialogBoxParamW

  CharNextW

  ExitWindowsEx

  DestroyWindow

  CreateDialogParamW

  SetTimer

  SetWindowTextW

  PostQuitMessage

  SetForegroundWindow

  ShowWindow

  wsprintfW

  SendMessageTimeoutW

  FindWindowExW

  IsWindow

  GetDlgItem

  SetWindowLongW

  LoadImageW

  GetDC

  ReleaseDC

  EnableWindow

  InvalidateRect

  SendMessageW

  DefWindowProcW

  BeginPaint

  GetClientRect

  FillRect

  DrawTextW

  EndPaint

  CharNextA

  wsprintfA

  DispatchMessageW

  CreateWindowExW

  PeekMessageW

  GetSystemMetrics

  gdi32

  GetDeviceCaps

  SetBkColor

  SelectObject

  DeleteObject

  CreateBrushIndirect

  CreateFontIndirectW

  SetBkMode

  SetTextColor

  kernel32

  lstrcmpiA

  CreateFileW

  GetTempFileNameW

  RemoveDirectoryW

  CreateProcessW

  CreateDirectoryW

  GetLastError

  CreateThread

  GlobalLock

  GlobalUnlock

  GetDiskFreeSpaceW

  WideCharToMultiByte

  lstrcpynW

  lstrlenW

  SetErrorMode

  GetVersionExW

  GetCommandLineW

  GetTempPathW

  GetWindowsDirectoryW

  WriteFile

  CopyFileW

  ExitProcess

  GetCurrentProcess

  GetModuleFileNameW

  GetFileSize

  GetTickCount

  Sleep

  SetFileAttributesW

  GetFileAttributesW

  SetCurrentDirectoryW

  MoveFileW

  GetFullPathNameW

  GetShortPathNameW

  SearchPathW

  CompareFileTime

  SetFileTime

  CloseHandle

  lstrcmpiW

  lstrcmpW

  ExpandEnvironmentStringsW

  GlobalFree

  GlobalAlloc

  GetModuleHandleW

  LoadLibraryExW

  FreeLibrary

  WritePrivateProfileStringW

  GetPrivateProfileStringW

  lstrlenA

  MultiByteToWideChar

  ReadFile

  SetFilePointer

  FindClose

  FindNextFileW

  FindFirstFileW

  DeleteFileW

  MulDiv

  lstrcpyA

  MoveFileExW

  lstrcatW

  GetSystemDirectoryW

  GetProcAddress

  GetModuleHandleA

  GetExitCodeProcess

  WaitForSingleObject

  SetEnvironmentVariableW

  Sections

  .text

  Size: 26KB - Virtual size: 26KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1KB - Virtual size: 170KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .ndata

  Size: - Virtual size: 64KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 21KB - Virtual size: 20KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• $INTERNET_CACHE/Airfare
• $INTERNET_CACHE/Aluminum
• $INTERNET_CACHE/Benjamin
• $INTERNET_CACHE/Brought
• $INTERNET_CACHE/Cabinets
• $INTERNET_CACHE/Counters
• $INTERNET_CACHE/Divisions

  .ps1
• $INTERNET_CACHE/Gsm
• $INTERNET_CACHE/Hospitality
• $INTERNET_CACHE/Nearly
• $INTERNET_CACHE/Nz
• $INTERNET_CACHE/Powder
• $INTERNET_CACHE/Spanking
• $INTERNET_CACHE/Story
• $INTERNET_CACHE/Teens
• $INTERNET_CACHE/Toxic
• $INTERNET_CACHE/Wait
• Aur0raV1/scripts/scripts.dll

  .dll regsvr32 windows:5 windows x86 arch:x86

  Password: NjzNXMtXOsOvQxDb

  a9fd3e7f71a802c8eee0a502f46de991

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  04-03-2014 00:00

  Not After

  03-03-2024 23:59

  Subject

  CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  4e:a1:e8:9e:15:ea:4f:fa:93:79:84:d8:8f:54:5f:ba

  Certificate

  Issuer

  CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  14-05-2015 00:00

  Not After

  07-05-2017 23:59

  Subject

  SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Flash Player,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  58:87:9f:24:25:99:c5:8a:6a:3d:a1:73:d2:9f:04:d8:cb:0a:4b:54

  Signer

  Actual PE Digest

  58:87:9f:24:25:99:c5:8a:6a:3d:a1:73:d2:9f:04:d8:cb:0a:4b:54

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  Flash.pdb

  Imports

  version

  VerQueryValueW

  GetFileVersionInfoW

  VerQueryValueA

  GetFileVersionInfoA

  GetFileVersionInfoSizeA

  GetFileVersionInfoSizeW

  winmm

  mixerGetID

  waveInGetDevCapsA

  waveOutGetDevCapsA

  waveOutMessage

  waveOutGetDevCapsW

  waveInGetDevCapsW

  waveOutGetNumDevs

  waveInGetNumDevs

  waveInStart

  waveInAddBuffer

  waveInStop

  waveInMessage

  waveInUnprepareHeader

  waveInReset

  waveInPrepareHeader

  waveInOpen

  timeKillEvent

  timeGetTime

  timeSetEvent

  timeEndPeriod

  timeBeginPeriod

  timeGetDevCaps

  waveOutWrite

  waveOutPrepareHeader

  waveOutUnprepareHeader

  waveOutReset

  waveOutClose

  waveOutOpen

  waveOutGetPosition

  mixerClose

  mixerGetLineControlsA

  mixerGetLineInfoA

  mixerGetDevCapsA

  mixerOpen

  mixerGetControlDetailsA

  waveOutRestart

  waveOutPause

  mixerSetControlDetails

  waveInClose

  waveInGetPosition

  wininet

  InternetSetCookieW

  InternetGetCookieW

  crypt32

  CertFindCertificateInStore

  CertVerifySubjectCertificateContext

  CertCreateCertificateContext

  CryptGetMessageCertificates

  CryptVerifyMessageSignature

  CertAddStoreToCollection

  CertOpenStore

  CertVerifyRevocation

  CertFreeCertificateContext

  CertCompareCertificate

  CertEnumCertificatesInStore

  CertAddCertificateContextToStore

  CertCompareCertificateName

  CryptFindOIDInfo

  CertRDNValueToStrW

  CertFindRDNAttr

  CryptDecodeObjectEx

  CertNameToStrW

  CertCloseStore

  CertVerifyTimeValidity

  oleaut32

  SysAllocString

  VariantClear

  VariantInit

  SysStringByteLen

  SysStringLen

  SysAllocStringLen

  SysFreeString

  RegisterTypeLi

  VarUI4FromStr

  LoadRegTypeLi

  LoadTypeLi

  VarBstrCat

  SysAllocStringByteLen

  SafeArrayUnlock

  SafeArrayLock

  SafeArrayCreateVector

  SafeArrayUnaccessData

  SafeArrayDestroy

  SafeArrayAccessData

  VariantChangeType

  OleCreatePropertyFrame

  UnRegisterTypeLi

  dsound

  ord1

  ord8

  msimg32

  AlphaBlend

  kernel32

  GetTickCount

  LCMapStringW

  CreateProcessA

  GetSystemDirectoryW

  GetSystemWow64DirectoryW

  FindClose

  FindNextFileW

  RemoveDirectoryW

  FindFirstFileW

  SystemTimeToFileTime

  GetSystemTime

  GetFileSizeEx

  CreateFileW

  CreateDirectoryW

  GetProcessTimes

  GetCurrentProcessId

  GlobalSize

  GetSystemDirectoryA

  GetTempFileNameW

  GetSystemInfo

  GetUserDefaultUILanguage

  MoveFileExW

  VirtualQuery

  GetUserDefaultLangID

  DeleteFileA

  CreateFileA

  WriteFile

  SetFilePointer

  VerifyVersionInfoW

  VerSetConditionMask

  ReadFile

  GetFileSize

  CreateThread

  LockResource

  FindResourceExA

  FindResourceExW

  SetUnhandledExceptionFilter

  GetTempPathW

  GetTimeZoneInformation

  ReleaseSemaphore

  CreateSemaphoreW

  DeviceIoControl

  GetFileAttributesExW

  ExpandEnvironmentStringsA

  GetLongPathNameW

  GetTempFileNameA

  GetTempPathA

  CreateDirectoryA

  FindResourceW

  SetFilePointerEx

  GetCurrentDirectoryW

  SetCurrentDirectoryW

  GetFullPathNameW

  OutputDebugStringA

  GetFileInformationByHandle

  GetVolumeInformationW

  TryEnterCriticalSection

  UnmapViewOfFile

  ReleaseMutex

  MapViewOfFile

  CreateFileMappingA

  GetExitCodeThread

  DuplicateHandle

  TerminateThread

  CreateWaitableTimerW

  SetThreadPriority

  CompareFileTime

  QueryPerformanceCounter

  QueryPerformanceFrequency

  QueueUserAPC

  OpenThread

  SleepEx

  SwitchToThread

  SetEndOfFile

  FlushFileBuffers

  GlobalMemoryStatusEx

  IsDebuggerPresent

  SetSystemTime

  FileTimeToSystemTime

  TlsAlloc

  TlsFree

  ResumeThread

  CreateTimerQueueTimer

  DeleteTimerQueueTimer

  CreateSemaphoreA

  HeapAlloc

  HeapFree

  HeapUnlock

  HeapWalk

  HeapLock

  HeapCreate

  HeapDestroy

  VirtualProtect

  GetNumberFormatW

  GetCurrencyFormatW

  CompareStringW

  GetDateFormatW

  GetTimeFormatW

  GetUserDefaultLCID

  IsValidLocale

  EnumSystemLocalesW

  GetProcessHeap

  GetProcessAffinityMask

  IsProcessorFeaturePresent

  ExitProcess

  UnhandledExceptionFilter

  RtlUnwind

  GetCommandLineA

  ExitThread

  HeapReAlloc

  GetLocaleInfoW

  GetSystemTimeAsFileTime

  GetStdHandle

  SetConsoleCtrlHandler

  InitializeCriticalSectionAndSpinCount

  GetOEMCP

  IsValidCodePage

  SetHandleCount

  GetFileType

  GetStartupInfoA

  LCMapStringA

  GetConsoleCP

  GetConsoleMode

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  SetStdHandle

  GetStringTypeA

  GetStringTypeW

  EnumSystemLocalesA

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  CompareStringA

  SetEnvironmentVariableA

  GetNativeSystemInfo

  lstrcpynW

  GlobalMemoryStatus

  FlushConsoleInputBuffer

  LoadResource

  SizeofResource

  DisableThreadLibraryCalls

  SetLastError

  OutputDebugStringW

  GetCurrentThreadId

  GetModuleFileNameW

  GetVersionExA

  GetModuleFileNameA

  GetFileAttributesA

  SetFileAttributesA

  LocalAlloc

  LocalFree

  GlobalLock

  GlobalUnlock

  MulDiv

  GetCurrentProcess

  FlushInstructionCache

  lstrcmpiW

  CreateMutexW

  LoadLibraryW

  LoadLibraryA

  GetProcAddress

  WaitForMultipleObjects

  FreeLibrary

  WaitForSingleObject

  ResetEvent

  CloseHandle

  CreateEventW

  SetEvent

  GetModuleHandleW

  GlobalAlloc

  GetLastError

  GetVersionExW

  GetLocaleInfoA

  lstrlenW

  lstrlenA

  WideCharToMultiByte

  GlobalFree

  InterlockedDecrement

  InterlockedIncrement

  DeleteFileW

  GetFileAttributesW

  GetCurrentThread

  SetThreadAffinityMask

  TlsSetValue

  IsDBCSLeadByte

  GetACP

  GetCPInfo

  MultiByteToWideChar

  RaiseException

  HeapSize

  DebugBreak

  ExpandEnvironmentStringsW

  InterlockedExchange

  InterlockedCompareExchange

  Sleep

  LeaveCriticalSection

  EnterCriticalSection

  DeleteCriticalSection

  InitializeCriticalSection

  TlsGetValue

  SetConsoleMode

  ReadConsoleInputA

  GetModuleHandleA

  CreateEventA

  CreateWaitableTimerA

  SetWaitableTimer

  CancelWaitableTimer

  InterlockedExchangeAdd

  GetVersion

  VirtualAlloc

  VirtualFree

  CopyFileW

  TerminateProcess

  LoadLibraryExW

  CreateMutexA

  user32

  RegisterClipboardFormatW

  GetWindowThreadProcessId

  RemoveMenu

  SetMenuItemInfoW

  GetMenuItemInfoW

  InsertMenuItemW

  CreatePopupMenu

  TrackPopupMenu

  DestroyMenu

  DrawMenuBar

  CreateMenu

  SetMenuInfo

  CharUpperW

  CharLowerW

  PostThreadMessageW

  GetMessageW

  CloseWindow

  WaitForInputIdle

  TranslateMessage

  DispatchMessageW

  SetWindowTextA

  RedrawWindow

  DialogBoxIndirectParamW

  SetWindowTextW

  SendMessageTimeoutW

  CreateIconIndirect

  GetMonitorInfoW

  SetRectEmpty

  GetCursor

  DestroyIcon

  LoadImageW

  GetPropW

  SetPropW

  GetSystemMetrics

  InflateRect

  GetClipboardFormatNameA

  RegisterClipboardFormatA

  IsWindow

  PtInRect

  EqualRect

  SetWindowRgn

  BeginPaint

  EndPaint

  GetSubMenu

  MapVirtualKeyW

  LoadStringW

  IntersectRect

  CloseClipboard

  GetClipboardData

  OpenClipboard

  IsClipboardFormatAvailable

  SetClipboardData

  EmptyClipboard

  EnumDisplayDevicesW

  DestroyCaret

  ShowCaret

  CreateCaret

  SetCaretPos

  MoveWindow

  GetActiveWindow

  UnregisterClassA

  LoadIconA

  DeleteMenu

  RegisterClassExA

  CreateWindowExA

  ReleaseCapture

  UpdateWindow

  SystemParametersInfoW

  GetMessageTime

  LoadIconW

  RegisterClassW

  IsWindowVisible

  DialogBoxParamW

  GetDlgItem

  EndDialog

  SetWindowPos

  GetKeyState

  LoadStringA

  MessageBoxA

  SendMessageW

  GetQueueStatus

  SetTimer

  GetCapture

  SetCursor

  GetCursorPos

  WindowFromPoint

  ScreenToClient

  GetClientRect

  SetCapture

  MessageBoxW

  KillTimer

  PeekMessageW

  EnableMenuItem

  CheckMenuItem

  GetWindowInfo

  CopyRect

  PostQuitMessage

  ClientToScreen

  SendInput

  ActivateKeyboardLayout

  GetKeyboardLayout

  GetWindowRect

  UpdateLayeredWindow

  UnregisterClassW

  GetParent

  GetFocus

  IsChild

  SetFocus

  RegisterClassExW

  InvalidateRect

  DefWindowProcW

  UnionRect

  CallWindowProcW

  GetDC

  ReleaseDC

  LoadCursorW

  GetClassInfoExW

  GetWindowLongW

  SetWindowLongW

  CharNextW

  SetRect

  GetForegroundWindow

  GetDesktopWindow

  EnumDisplayDevicesA

  MonitorFromWindow

  FillRect

  OffsetRect

  FlashWindowEx

  GetSystemMenu

  IsZoomed

  GetWindowPlacement

  SetWindowPlacement

  ShowWindowAsync

  IsIconic

  EnumDisplaySettingsW

  MapWindowPoints

  GetWindowTextLengthW

  CreateWindowExW

  ShowWindow

  DestroyWindow

  GetDoubleClickTime

  EnumWindows

  PostMessageW

  IsWindowEnabled

  GetWindow

  GetClassNameA

  GetWindowTextW

  GetWindowTextA

  DefWindowProcA

  GetWindowLongA

  LoadCursorA

  SetWindowLongA

  PostMessageA

  RegisterWindowMessageA

  EnumDisplayMonitors

  MonitorFromRect

  GetMonitorInfoA

  wsprintfW

  GetUserObjectInformationW

  GetProcessWindowStation

  SetCursorPos

  gdi32

  GetDeviceCaps

  CreateDIBSection

  SelectObject

  GetStockObject

  GetObjectW

  DeleteObject

  GdiFlush

  DeleteDC

  CreateMetaFileW

  GetClipBox

  SetViewportOrgEx

  LPtoDP

  CreateRectRgnIndirect

  GetObjectType

  GetICMProfileA

  CreateDCA

  SetPixel

  TextOutW

  SetTextAlign

  DeleteMetaFile

  CreateBitmap

  CreateFontIndirectW

  GetTextExtentPoint32A

  ExtTextOutA

  GetTextExtentPoint32W

  GetTextMetricsW

  SetTextColor

  CreateFontIndirectA

  IntersectClipRect

  GetClipRgn

  CreateRectRgn

  SetBkMode

  SelectClipRgn

  SetTextCharacterExtra

  GetTextAlign

  GetBkMode

  GetTextColor

  GetCurrentObject

  GetBkColor

  EnumFontFamiliesA

  CreatePen

  DPtoLP

  GetTextCharacterExtra

  SetWorldTransform

  SetGraphicsMode

  GetWorldTransform

  StartDocW

  EndDoc

  StrokePath

  ExtCreatePen

  FillPath

  StartPage

  EndPage

  BeginPath

  EndPath

  SetPolyFillMode

  PolyBezierTo

  SelectClipPath

  CloseMetaFile

  RestoreDC

  SetWindowExtEx

  SetWindowOrgEx

  SaveDC

  GdiAlphaBlend

  StretchBlt

  BitBlt

  SetStretchBltMode

  CreateCompatibleBitmap

  ExtTextOutW

  SetBkColor

  GetStretchBltMode

  EnumFontFamiliesW

  CreateSolidBrush

  GetFontData

  EnumFontFamiliesExW

  LineTo

  MoveToEx

  Rectangle

  StretchDIBits

  CreateCompatibleDC

  RectVisible

  comdlg32

  GetSaveFileNameW

  GetOpenFileNameW

  CommDlgExtendedError

  PrintDlgW

  advapi32

  CryptDecrypt

  CryptSetKeyParam

  CryptGetHashParam

  CryptHashData

  CryptDestroyHash

  CryptAcquireContextA

  CryptCreateHash

  CryptAcquireContextW

  CryptGenRandom

  CryptReleaseContext

  RegisterEventSourceA

  ReportEventA

  DeregisterEventSource

  OpenProcessToken

  GetTokenInformation

  IsValidSid

  GetSidSubAuthorityCount

  GetSidSubAuthority

  CryptImportKey

  CryptGenKey

  CryptDestroyKey

  CryptExportKey

  CryptEncrypt

  RegOpenKeyA

  RegQueryValueExW

  RegCreateKeyA

  RegEnumKeyExW

  RegCreateKeyExA

  RegSetValueExA

  RegQueryInfoKeyW

  RegSetValueExW

  RegOpenKeyExW

  RegCreateKeyExW

  RegDeleteValueW

  RegDeleteKeyW

  RegOpenKeyExA

  RegQueryValueExA

  RegCloseKey

  shell32

  SHGetFolderLocation

  SHGetFolderPathW

  ShellExecuteW

  SHGetSpecialFolderPathW

  SHFileOperationW

  SHGetFolderPathA

  SHGetPathFromIDListW

  SHBrowseForFolderW

  SHAppBarMessage

  SHGetSettings

  SHGetDiskFreeSpaceExW

  ord165

  ole32

  CoTaskMemRealloc

  CreateOleAdviseHolder

  OleRegEnumVerbs

  OleRegGetUserType

  OleRegGetMiscStatus

  CreateDataAdviseHolder

  StringFromGUID2

  WriteClassStm

  OleSaveToStream

  ReadClassStm

  MkParseDisplayName

  PropVariantClear

  OleFlushClipboard

  OleIsCurrentClipboard

  OleSetClipboard

  OleGetClipboard

  OleUninitialize

  OleInitialize

  CoInitializeEx

  CoRegisterMessageFilter

  CoSetProxyBlanket

  CoTaskMemFree

  CoFreeUnusedLibraries

  CoInitialize

  CreateBindCtx

  CoTaskMemAlloc

  ReleaseStgMedium

  CoCreateInstance

  CoUninitialize

  ws2_32

  socket

  WSAIoctl

  WSAGetLastError

  WSAAsyncSelect

  closesocket

  WSACleanup

  WSASocketA

  ntohl

  gethostname

  WSASocketW

  select

  __WSAFDIsSet

  connect

  ioctlsocket

  WSAEnumNetworkEvents

  WSAEventSelect

  WSACreateEvent

  WSAAddressToStringA

  bind

  sendto

  recvfrom

  WSASetLastError

  getservbyport

  gethostbyaddr

  getservbyname

  htonl

  inet_ntoa

  gethostbyname

  inet_addr

  WSACloseEvent

  htons

  getsockname

  ntohs

  send

  WSAStartup

  setsockopt

  recv

  shlwapi

  UrlCanonicalizeW

  ord158

  PathFindFileNameW

  StrRStrIW

  StrStrIW

  AssocQueryStringW

  urlmon

  HlinkSimpleNavigateToMoniker

  RegisterBindStatusCallback

  CreateURLMoniker

  CopyStgMedium

  mscms

  DeleteColorTransform

  CloseColorProfile

  CreateColorTransformW

  OpenColorProfileW

  TranslateBitmapBits

  iphlpapi

  GetAdaptersAddresses

  psapi

  GetProcessMemoryInfo

  Exports

  Exports

  AdobeCPGetAPI

  DllCanUnloadNow

  DllGetClassObject

  DllRegisterServer

  DllUnregisterServer

  IAEModule_AEModule_PutKernel

  IAEModule_IAEKernel_LoadModule

  IAEModule_IAEKernel_UnloadModule

  Sections

  .text

  Size: 13.1MB - Virtual size: 13.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rodata

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 3.6MB - Virtual size: 3.6MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 836KB - Virtual size: 1.8MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 583KB - Virtual size: 582KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 700KB - Virtual size: 699KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• README.txt