C:\Users\lecke\Downloads\silence\output\build\silence-workspace.pdb
General
-
Target
ethic_by_acedia_1.rar
-
Size
7.8MB
-
MD5
cf097f54d78041fef5f294603baacd47
-
SHA1
c31a33a604b2b4119499717850a24d91d1eada1b
-
SHA256
1258cc402efe43bacc953e46a8df7d1d9349c0fc48dfa0b3d94bd408158353aa
-
SHA512
37405978ec9195ab7fe77c65ad8a26a929a830c5d7c4bec5e6ee9a739824eebdd9bae4f33fd79d9c544c0668fea2f6c3414d6292b7b6b7a2bc0382f44d2e8ba1
-
SSDEEP
196608:VIqE/KYtTHSj6CWV7cPwTCGStyxtl+3cixuK+wb3ycSU:4KuHIWV7cPeCGStyxtl+siwgz7
Score
7/10
Malware Config
Signatures
-
resource yara_rule static1/unpack001/ethic_by_acedia.exe themida -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/ethic_by_acedia.exe unpack001/rosense_paid_trail.exe
Files
-
ethic_by_acedia_1.rar.rar
-
ethic_by_acedia.exe.exe windows:6 windows x64 arch:x64
1c2f7b04b4b4590e24bb81a988046301
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
advapi32
CryptGetHashParam
RegQueryValueExA
RegCloseKey
OpenProcessToken
RegSetValueExA
RegDeleteKeyA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyA
GetUserNameW
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
InitializeAcl
IsValidSid
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
RegOpenKeyExA
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
CopySid
SetSecurityInfo
crypt32
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateChain
CertOpenStore
d3dcompiler_47
D3DCompile
gdi32
CreateSolidBrush
imm32
ImmReleaseContext
ImmSetCandidateWindow
ImmGetContext
ImmSetCompositionWindow
kernel32
Sleep
GetConsoleWindow
VirtualFree
VirtualAlloc
Process32First
CreateToolhelp32Snapshot
Process32Next
lstrcmpiA
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
VerSetConditionMask
QueryPerformanceCounter
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
ExitProcess
CreateFileMappingW
GetModuleHandleW
QueryFullProcessImageNameW
CloseHandle
LocalFree
EnterCriticalSection
DeviceIoControl
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
GetTickCount
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
IsDebuggerPresent
SetFileInformationByHandle
GetFullPathNameW
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateDirectoryW
GetLocaleInfoEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStdHandle
SetConsoleTitleA
SetConsoleTextAttribute
FormatMessageA
FreeLibrary
GetProcAddress
GetLastError
MapViewOfFile
CreateFileW
LoadLibraryExA
GetModuleFileNameA
LeaveCriticalSection
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
SleepConditionVariableSRW
WakeAllConditionVariable
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileInformationByHandleEx
GetCurrentProcessId
MoveFileExA
CreateThread
CreateFileA
GetModuleHandleA
UnmapViewOfFile
TerminateProcess
GetCurrentProcess
VirtualProtect
GetTempPathW
AreFileApisANSI
SetLastError
msvcp140
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?setf@ios_base@std@@QEAAHHH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??0facet@locale@std@@IEAA@_K@Z
??1?$codecvt@DDU_Mbstatet@@@std@@MEAA@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
_Query_perf_frequency
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_counter
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?do_encoding@?$codecvt@_SDU_Mbstatet@@@std@@MEBAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Thrd_join
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
_Thrd_detach
?id@?$ctype@D@std@@2V0locale@2@A
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Strxfrm
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??4?$_Iosb@H@std@@QEAAAEAV01@$$QEAV01@@Z
?do_encoding@?$codecvt@_SDU_Mbstatet@@@std@@MEBAHXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
normaliz
IdnToAscii
psapi
GetModuleInformation
rpcrt4
RpcStringFreeA
UuidCreate
UuidToStringA
shell32
ShellExecuteA
SHGetFolderPathW
user32
TranslateMessage
LoadIconA
PeekMessageA
SetLayeredWindowAttributes
CreateWindowExA
DefWindowProcA
MoveWindow
SetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
ShowWindow
ScreenToClient
GetAsyncKeyState
GetForegroundWindow
GetMonitorInfoA
GetWindowLongA
SetWindowLongA
GetSystemMetrics
UnregisterClassA
PostQuitMessage
RegisterClassExA
UpdateWindow
GetKeyState
LoadCursorA
FindWindowA
GetCursorPos
SendInput
GetWindowRect
SetWindowPos
SetWindowDisplayAffinity
DestroyWindow
DispatchMessageA
MonitorFromWindow
GetCapture
ClientToScreen
TrackMouseEvent
SetCapture
SetCursor
GetClientRect
SetProcessDPIAware
ReleaseCapture
MessageBoxA
userenv
UnloadUserProfile
vcruntime140
__std_exception_copy
__std_terminate
strstr
strchr
longjmp
strrchr
__C_specific_handler
_CxxThrowException
memchr
memcmp
memcpy
memcpy
memset
__current_exception
__current_exception_context
__intrinsic_setjmp
__std_exception_destroy
vcruntime140_1
__CxxFrameHandler4
wldap32
ldap_set_optionA
ldap_simple_bind_sA
ldap_sslinitA
ldap_bind_sA
ldap_search_sA
ldap_msgfree
ldap_initA
ldap_err2stringA
ldap_first_entry
ldap_next_entry
ldap_first_attributeA
ldap_next_attributeA
ldap_get_values_lenA
ldap_value_free_len
ldap_get_dnA
ldap_unbind_s
ldap_memfreeA
ber_free
ws2_32
sendto
closesocket
recv
send
WSAGetLastError
bind
connect
getpeername
getsockname
gethostname
htonl
FreeAddrInfoW
getsockopt
getaddrinfo
htons
htons
setsockopt
select
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
recvfrom
ucrtbase
_strtoui64
strtol
strtoul
atoi
_strtoi64
strtod
atof
getenv
_unlock_file
_lock_file
_access
_unlink
_stat64
rename
remove
_fstat64
_callnewh
calloc
_set_new_mode
malloc
free
realloc
___lc_codepage_func
localeconv
setlocale
_configthreadlocale
tan
ceil
_dclass
atan2f
atan2
asin
fmod
fmodf
cos
acos
log
log10
cosf
pow
ldexp
exp
powf
sin
sinf
sqrt
ceilf
acosf
frexp
sqrtf
floor
_dsign
__setusermatherr
_seh_filter_exe
_get_initial_narrow_environment
_initterm
_initterm_e
abort
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_cexit
_errno
system
_beginthreadex
terminate
_crt_atexit
strerror
_Exit
_Exit
_register_onexit_function
quick_exit
exit
_set_app_type
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_configure_narrow_argv
__sys_nerr
_invalid_parameter_noinfo
_getpid
_resetstkoflw
__stdio_common_vfprintf
_lseeki64
fgets
__acrt_iob_func
_set_fmode
fputs
ftell
_open
clearerr
__stdio_common_vsscanf
_wfopen
freopen
fseek
_close
_pclose
_write
_read
_get_stream_buffer_pointers
fsetpos
fgetpos
fgetc
ferror
fopen
fputc
tmpfile
setvbuf
_popen
ungetc
fwrite
_ftelli64
_fseeki64
fread
fflush
tmpnam
__stdio_common_vsprintf
fclose
getc
feof
__p__commode
_mbsdup
strpbrk
isgraph
isupper
tolower
isspace
iscntrl
ispunct
islower
strcoll
isxdigit
_stricmp
strncmp
strcspn
isdigit
strspn
isalpha
isalnum
toupper
strcmp
strncpy
_mktime64
_difftime64
_gmtime64
_localtime64
_time64
strftime
clock
rand
qsort
d3d11
D3D11CreateDeviceAndSwapChain
dbghelp
ImageRvaToVa
ImageDirectoryEntryToData
ImageNtHeader
dwmapi
DwmExtendFrameIntoClientArea
ntdll
RtlVirtualUnwind
RtlInitAnsiString
RtlCaptureContext
RtlLookupFunctionEntry
RtlAnsiStringToUnicodeString
NtQuerySystemInformation
Sections
.text Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 220KB - Virtual size: 232KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 302KB - Virtual size: 340KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 46KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: 6.1MB - Virtual size: 6.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 3.6MB - Virtual size: 3.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
.SCY Size: 17KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
rosense_paid_trail.exe.exe windows:6 windows x64 arch:x64
cbc5cf0319d2944d86bd0ad80c5c0d60
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
MoveFileExA
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetProcessHeap
GetFileInformationByHandleEx
AreFileApisANSI
GetTempPathW
SetFileInformationByHandle
GetFullPathNameW
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileExW
GetTickCount
FindClose
CreateDirectoryW
GetLocaleInfoEx
GetFileType
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetSystemDirectoryA
SleepEx
LeaveCriticalSection
EnterCriticalSection
LocalFree
ExitProcess
QueryPerformanceCounter
VerSetConditionMask
QueryPerformanceFrequency
GetLocaleInfoA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
lstrcmpiA
Process32Next
CreateFileA
CreateToolhelp32Snapshot
CreateFileW
Process32First
GetCurrentProcess
SetLastError
CloseHandle
LoadLibraryA
GetCurrentProcessId
GetModuleHandleA
VirtualAlloc
DeviceIoControl
GetModuleFileNameA
VirtualFree
QueryFullProcessImageNameW
GetModuleHandleW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
ReadFile
GetStdHandle
GetEnvironmentVariableA
VerifyVersionInfoA
WaitForSingleObjectEx
VirtualProtect
CreateThread
DeleteCriticalSection
FindFirstFileW
InitializeCriticalSectionEx
Sleep
SetConsoleTitleA
FormatMessageA
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryExA
user32
SetWindowLongA
SetWindowDisplayAffinity
GetMonitorInfoA
MoveWindow
DestroyWindow
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
LoadIconA
PeekMessageA
UnregisterClassA
PostQuitMessage
RegisterClassExA
UpdateWindow
GetKeyState
GetMessageExtraInfo
LoadCursorA
MonitorFromWindow
GetWindowRect
GetCapture
ShowWindow
TrackMouseEvent
GetKeyboardLayout
SetCapture
DispatchMessageA
SetCursor
GetClientRect
SetProcessDPIAware
IsWindowUnicode
ReleaseCapture
SetCursorPos
GetSystemMetrics
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
MessageBoxA
ScreenToClient
GetAsyncKeyState
GetForegroundWindow
GetCursorPos
SendInput
ClientToScreen
FindWindowA
gdi32
CreateSolidBrush
advapi32
CryptAcquireContextA
RegQueryValueExA
RegCloseKey
OpenProcessToken
RegSetValueExA
RegDeleteKeyA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
RegOpenKeyExA
ConvertSidToStringSidA
CopySid
SetSecurityInfo
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
shell32
ShellExecuteA
SHGetFolderPathW
msvcp140
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
_Query_perf_frequency
_Query_perf_counter
_Thrd_detach
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Strxfrm
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Xtime_get_ticks
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Syserror_map@std@@YAPEBDH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Winerror_map@std@@YAHH@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
ntdll
RtlInitAnsiString
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlInitUnicodeString
NtQuerySystemInformation
RtlCaptureContext
RtlAnsiStringToUnicodeString
dbghelp
ImageRvaToVa
ImageNtHeader
ImageDirectoryEntryToData
d3d11
D3D11CreateDeviceAndSwapChain
imm32
ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
d3dcompiler_47
D3DCompile
dwmapi
DwmExtendFrameIntoClientArea
rpcrt4
RpcStringFreeA
UuidCreate
UuidToStringA
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
_purecall
strstr
strchr
longjmp
strrchr
__std_exception_copy
__intrinsic_setjmp
_CxxThrowException
memchr
memcmp
memcpy
__std_exception_destroy
memmove
memset
__current_exception
__C_specific_handler
__current_exception_context
__std_terminate
api-ms-win-crt-runtime-l1-1-0
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_getpid
_resetstkoflw
_invalid_parameter_noinfo
__sys_nerr
perror
_beginthreadex
system
exit
abort
strerror
_errno
_invalid_parameter_noinfo_noreturn
terminate
api-ms-win-crt-heap-l1-1-0
_callnewh
free
malloc
realloc
_set_new_mode
calloc
api-ms-win-crt-math-l1-1-0
log
log10
tan
fmodf
pow
llround
frexp
exp
_dsign
powf
__setusermatherr
cosf
cos
ceilf
fmod
ceil
atan2f
ldexp
floor
roundf
sin
sinf
sqrt
sqrtf
atan2
asin
acosf
_dclass
acos
api-ms-win-crt-string-l1-1-0
strcoll
islower
isblank
iscntrl
isalpha
tolower
isupper
isgraph
isdigit
strspn
strcmp
strcspn
isxdigit
_strdup
isalnum
_stricmp
strpbrk
toupper
strncmp
strncpy
isspace
ispunct
api-ms-win-crt-stdio-l1-1-0
freopen
ferror
fopen
__acrt_iob_func
fflush
fclose
getc
__stdio_common_vfprintf
_fseeki64
feof
fread
_popen
__stdio_common_vsprintf
setvbuf
ungetc
_open
_close
_write
_read
tmpfile
__p__commode
_set_fmode
_pclose
_lseeki64
clearerr
fputs
fwrite
__stdio_common_vsscanf
_wfopen
_ftelli64
tmpnam
fseek
ftell
fgets
fputc
_get_stream_buffer_pointers
fsetpos
fgetpos
fgetc
api-ms-win-crt-locale-l1-1-0
localeconv
setlocale
_configthreadlocale
___lc_codepage_func
api-ms-win-crt-time-l1-1-0
clock
_mktime64
strftime
_gmtime64
_localtime64
_difftime64
_time64
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-convert-l1-1-0
strtoul
strtol
atoi
strtoull
atof
strtod
strtoll
api-ms-win-crt-filesystem-l1-1-0
_fstat64
_unlock_file
_lock_file
_access
remove
_unlink
rename
_stat64
api-ms-win-crt-utility-l1-1-0
rand
qsort
ws2_32
htons
getsockopt
getsockname
getpeername
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
accept
setsockopt
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
connect
recvfrom
closesocket
recv
send
htonl
bind
WSAGetLastError
ntohs
sendto
gethostname
ntohl
normaliz
IdnToAscii
crypt32
CertGetNameStringA
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CertFindExtension
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptDecodeObjectEx
wldap32
ord22
ord41
ord50
ord45
ord60
ord27
ord26
ord32
ord46
ord301
ord217
ord143
ord33
ord35
ord79
ord200
ord211
ord30
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 265KB - Virtual size: 264KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 53KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ