D:\code\workspace\yebaolauncher\output\Update.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-04-09_8247bc098e342560ca6dd1ef73b8253c_magniber_revil.exe
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-04-09_8247bc098e342560ca6dd1ef73b8253c_magniber_revil.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
2024-04-09_8247bc098e342560ca6dd1ef73b8253c_magniber_revil
-
Size
3.7MB
-
MD5
8247bc098e342560ca6dd1ef73b8253c
-
SHA1
402760516ec10384a0981848a7ae8bdcaa8bb105
-
SHA256
c0e63eea775be5d601af14913cfc6f2b9618a88e1115a0e24f94bf1696508e5c
-
SHA512
3f5b33e61ada5c2619a61f68383b1a2b630d28a52811a914a975c8ce3f92a84df69d3d5433ea81b4f34ec33e0cd341b5589d912477c734ea4d876574c7528747
-
SSDEEP
49152:+07gJtFbK2ZimRivJWzk8IpDHA64b29qQBluZ6otHDeBTE3DP5iOgbY2Yc35ZNTX:+MqtovMzk8IhX4KYQDswsdiOgbY
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-04-09_8247bc098e342560ca6dd1ef73b8253c_magniber_revil
Files
-
2024-04-09_8247bc098e342560ca6dd1ef73b8253c_magniber_revil.exe windows:6 windows x86 arch:x86
a748d1094e48305c454c4c46e481dd6a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
utilities
?OnInitFinished@?$SObjectImpl@UIObject@SOUI@@@SOUI@@UAEXVxml_node@pugi@@@Z
??1?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAE@XZ
?GetObjectType@?$SObjectImpl@UIObject@SOUI@@@SOUI@@UBEHXZ
?SetAttribute@?$SObjectImpl@UIObject@SOUI@@@SOUI@@UAEJPBD0H@Z
?SetAttribute@?$SObjectImpl@UIObject@SOUI@@@SOUI@@UAEJABV?$TStringT@DUchar_traits@SOUI@@@2@0H@Z
?GetBuffer@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAEPA_WH@Z
?Format@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAA?AV12@PB_WZZ
?GetClassType@IObject@SOUI@@SAHXZ
?Right@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QBE?AV12@H@Z
?Compare@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QBEHPB_W@Z
??Y?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAEABV01@PB_W@Z
??4?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAEAAV01@PB_W@Z
??4?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAEAAV01@ABV01@@Z
??B?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QBEPB_WXZ
?IsEmpty@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QBE_NXZ
?GetLength@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QBEHXZ
?SouiFree@soui_mem_wrapper@SOUI@@SAXPAX@Z
??0?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAE@PB_W@Z
??0?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAE@ABV01@@Z
??0?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAE@XZ
??1?$TStringT@DUchar_traits@SOUI@@@SOUI@@QAE@XZ
??0?$TStringT@DUchar_traits@SOUI@@@SOUI@@QAE@PBD@Z
?ConcatCopy@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@IAE_NHPB_WH0@Z
?GetData@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@IBEPAUTStringData@2@XZ
?SafeStrlen@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@SAHPB_W@Z
?GetData@?$TStringT@DUchar_traits@SOUI@@@SOUI@@IBEPAUTStringData@2@XZ
?Mid@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QBE?AV12@HH@Z
??A?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QBE_WH@Z
?Mid@?$TStringT@DUchar_traits@SOUI@@@SOUI@@QBE?AV12@HH@Z
??B?$TStringT@DUchar_traits@SOUI@@@SOUI@@QBEPBDXZ
??A?$TStringT@DUchar_traits@SOUI@@@SOUI@@QBEDH@Z
?GetLength@?$TStringT@DUchar_traits@SOUI@@@SOUI@@QBEHXZ
?SouiCalloc@soui_mem_wrapper@SOUI@@SAPAXII@Z
soui
??1ISlotFunctor@SOUI@@UAE@XZ
??0ISlotFunctor@SOUI@@QAE@XZ
?GetEventSet@SWindow@SOUI@@QAEPAVSEventSet@2@XZ
?GetClassNameW@SAnimateImgWnd@SOUI@@SAPB_WXZ
?SetVisible@SWindow@SOUI@@QAEXHH@Z
?subscribeEvent@SEventSet@SOUI@@QAE_NKABUISlotFunctor@2@@Z
?GetObjectType@SWindow@SOUI@@UBEHXZ
?GetLayoutParam@SWindow@SOUI@@UBEPAUILayoutParam@2@XZ
?GetName@SWindow@SOUI@@UBEPB_WXZ
?GetID@SWindow@SOUI@@UBEHXZ
?IsSiblingsAutoGroupped@SWindow@SOUI@@UAEHXZ
?GetSelectedSiblingInGroup@SWindow@SOUI@@UAEPAV12@XZ
?IsClipClient@SWindow@SOUI@@UAEHXZ
?OnUpdateFloatPosition@SWindow@SOUI@@UAEXABVCRect@2@@Z
?SwndProc@SWindow@SOUI@@MAEHIIJAAJ@Z
?ProcessSwndMessage@SWindow@SOUI@@MAEHIIJAAJ@Z
?SetAttribute@SWindow@SOUI@@UAEJABV?$TStringT@_WUwchar_traits@SOUI@@@2@0H@Z
?GetClassNameW@SStatic@SOUI@@SAPB_WXZ
?GetClassNameW@SProgress@SOUI@@SAPB_WXZ
?GetClassNameW@STabCtrl@SOUI@@SAPB_WXZ
?GetClassNameW@SRichEdit@SOUI@@SAPB_WXZ
?GetObjectType@SwndContainerImpl@SOUI@@UBEHXZ
?FrameToHost@SwndContainerImpl@SOUI@@MAEXAAUtagRECT@@@Z
?GetAcceleratorMgr@SwndContainerImpl@SOUI@@MAEPAUIAcceleratorMgr@2@XZ
?DestroyWindow@CSimpleWnd@SOUI@@QAEHXZ
?GetObjectClass@SHostWnd@SOUI@@UBEPB_WXZ
?GetObjectType@SHostWnd@SOUI@@UBEHXZ
?IsClass@SHostWnd@SOUI@@UBEHPB_W@Z
?GetNative@SHostWnd@SOUI@@QAEPAVCSimpleWnd@2@XZ
?IsLayeredWindow@SHostWnd@SOUI@@MBEHXZ
?_HandleEvent@SHostWnd@SOUI@@UAEHPAVEventArgs@2@@Z
?ProcessWindowMessage@SHostWnd@SOUI@@UAEHPAUHWND__@@IIJAAJK@Z
?OnFinalRelease@?$TObjRefImpl2@UIObjRef@@VSWindow@SOUI@@@SOUI@@UAEXXZ
?getSingleton@?$SSingleton@VSApplication@SOUI@@@SOUI@@SAAAVSApplication@2@XZ
?Release@?$TObjRefImpl@UIObjRef@@@SOUI@@UAEJXZ
?AddRef@?$TObjRefImpl@UIObjRef@@@SOUI@@UAEJXZ
?getSingletonPtr@?$SSingleton@VSApplication@SOUI@@@SOUI@@SAPAVSApplication@2@XZ
??0SHostWnd@SOUI@@QAE@PB_W@Z
??1SHostWnd@SOUI@@UAE@XZ
?Create@SHostWnd@SOUI@@QAEPAUHWND__@@PAU3@KKHHHH@Z
?InitFromXml@SHostWnd@SOUI@@UAEHVxml_node@pugi@@@Z
?DestroyWindow@SHostWnd@SOUI@@QAEHXZ
?SetTimer@SHostWnd@SOUI@@QAEIII@Z
?KillTimer@SHostWnd@SOUI@@QAEHI@Z
?GetClientRect@SHostWnd@SOUI@@UBE?AVCRect@2@XZ
?OnDestroy@SHostWnd@SOUI@@IAEXXZ
?OnFireEvent@SHostWnd@SOUI@@MAEHAAVEventArgs@2@@Z
?GetContainerRect@SHostWnd@SOUI@@MAE?AVCRect@2@XZ
?GetHostHwnd@SHostWnd@SOUI@@MAEPAUHWND__@@XZ
?GetTranslatorContext@SHostWnd@SOUI@@MBEABV?$TStringT@_WUwchar_traits@SOUI@@@2@XZ
?OnGetRenderTarget@SHostWnd@SOUI@@MAEPAUIRenderTarget@2@ABVCRect@2@K@Z
?OnReleaseRenderTarget@SHostWnd@SOUI@@MAEXPAUIRenderTarget@2@ABVCRect@2@K@Z
?OnRedraw@SHostWnd@SOUI@@MAEXABVCRect@2@@Z
?OnReleaseSwndCapture@SHostWnd@SOUI@@MAEHXZ
?OnSetSwndCapture@SHostWnd@SOUI@@MAEKK@Z
?IsTranslucent@SHostWnd@SOUI@@MBEHXZ
?IsSendWheel2Hover@SHostWnd@SOUI@@MBEHXZ
?OnCreateCaret@SHostWnd@SOUI@@MAEHKPAUHBITMAP__@@HH@Z
?OnShowCaret@SHostWnd@SOUI@@MAEHH@Z
?OnSetCaretPos@SHostWnd@SOUI@@MAEHHH@Z
?UpdateWindow@SHostWnd@SOUI@@MAEHXZ
?UpdateTooltip@SHostWnd@SOUI@@MAEXXZ
?RegisterTimelineHandler@SHostWnd@SOUI@@MAEHPAUITimelineHandler@2@@Z
?UnregisterTimelineHandler@SHostWnd@SOUI@@MAEHPAUITimelineHandler@2@@Z
?GetMsgLoop@SHostWnd@SOUI@@MAEPAVSMessageLoop@2@XZ
?GetScriptModule@SHostWnd@SOUI@@MAEPAUIScriptModule@2@XZ
?GetScale@SHostWnd@SOUI@@MBEHXZ
?BeforePaint@SHostWnd@SOUI@@MAEXPAUIRenderTarget@2@AAVSPainter@2@@Z
?AfterPaint@SHostWnd@SOUI@@MAEXPAUIRenderTarget@2@AAVSPainter@2@@Z
?UpdateLayout@SHostWnd@SOUI@@MAEXXZ
?OnLanguageChanged@SHostWnd@SOUI@@MAEJXZ
?OnScaleChanged@SHostWnd@SOUI@@MAEXH@Z
?RequestRelayout@SHostWnd@SOUI@@UAEXKH@Z
?onRootResize@SHostWnd@SOUI@@UAE_NPAVEventArgs@2@@Z
?SetValue@SProgress@SOUI@@QAEHH@Z
?GetWindowTextW@SWindow@SOUI@@UAE?AV?$TStringT@_WUwchar_traits@SOUI@@@2@H@Z
?SetWindowTextW@SWindow@SOUI@@UAEXPB_W@Z
?SetToolTipText@SWindow@SOUI@@UAEXPB_W@Z
?GetToolTipText@SWindow@SOUI@@UAE?AV?$TStringT@_WUwchar_traits@SOUI@@@2@XZ
?GetClientRect@SWindow@SOUI@@UBEXPAUtagRECT@@@Z
?IsContainPoint@SWindow@SOUI@@UBEHABUtagPOINT@@H@Z
?OnColorize@SWindow@SOUI@@MAEXK@Z
?FindChildByName@SWindow@SOUI@@QAEPAV12@PB_WH@Z
?CreateChildren@SWindow@SOUI@@UAEHVxml_node@pugi@@@Z
?SSendMessage@SWindow@SOUI@@QAEJIIJPAH@Z
?GetSelectedChildInGroup@SWindow@SOUI@@UAEPAV12@XZ
?OnSetCursor@SWindow@SOUI@@UAEHABVCPoint@2@@Z
?OnUpdateToolTip@SWindow@SOUI@@UAEHVCPoint@2@AAUSwndToolTipInfo@2@@Z
?OnStateChanging@SWindow@SOUI@@UAEXKK@Z
?OnStateChanged@SWindow@SOUI@@UAEXKK@Z
?OnContentChanged@SWindow@SOUI@@UAEXXZ
?tr@SWindow@SOUI@@UAE?AV?$TStringT@_WUwchar_traits@SOUI@@@2@ABV32@@Z
?SwndFromPoint@SWindow@SOUI@@UAEKVCPoint@2@H@Z
?FireEvent@SWindow@SOUI@@UAEHAAVEventArgs@2@@Z
?OnGetDlgCode@SWindow@SOUI@@UAEIXZ
?IsFocusable@SWindow@SOUI@@UAEHXZ
?OnNcHitTest@SWindow@SOUI@@UAEHVCPoint@2@@Z
?UpdateChildrenPosition@SWindow@SOUI@@UAEXXZ
?OnRelayout@SWindow@SOUI@@UAEHABVCRect@2@@Z
?GetChildrenLayoutRect@SWindow@SOUI@@UAE?AVCRect@2@XZ
?GetDesiredSize@SWindow@SOUI@@UAE?AVCSize@2@HH@Z
?GetDesiredSize@SWindow@SOUI@@UAE?AVCSize@2@PBUtagRECT@@@Z
?NeedRedrawWhenStateChange@SWindow@SOUI@@UAEHXZ
?GetTextRect@SWindow@SOUI@@UAEXPAUtagRECT@@@Z
?DrawTextW@SWindow@SOUI@@UAEXPAUIRenderTarget@2@PB_WHPAUtagRECT@@I@Z
?DrawFocus@SWindow@SOUI@@UAEXPAUIRenderTarget@2@@Z
?GetTrCtx@SWindow@SOUI@@UBEABV?$TStringT@_WUwchar_traits@SOUI@@@2@XZ
?CreateCaret@SWindow@SOUI@@UAEHPAUHBITMAP__@@HH@Z
?ShowCaret@SWindow@SOUI@@UAEXH@Z
?SetCaretPos@SWindow@SOUI@@UAEXHH@Z
?IsDrawToCache@SWindow@SOUI@@MBE_NXZ
?DefAttributeProc@SWindow@SOUI@@MAEJABV?$TStringT@_WUwchar_traits@SOUI@@@2@0H@Z
?AfterAttribute@SWindow@SOUI@@MAEJABV?$TStringT@_WUwchar_traits@SOUI@@@2@0HJ@Z
?GetAttribute@SWindow@SOUI@@MBE?AV?$TStringT@_WUwchar_traits@SOUI@@@2@ABV32@@Z
?RegisterDragDrop@SwndContainerImpl@SOUI@@MAEHKPAUIDropTarget@@@Z
?RevokeDragDrop@SwndContainerImpl@SOUI@@MAEHK@Z
?DoFrameEvent@SwndContainerImpl@SOUI@@MAEJIIJ@Z
?OnSetSwndFocus@SwndContainerImpl@SOUI@@MAEXK@Z
?OnGetSwndCapture@SwndContainerImpl@SOUI@@MAEKXZ
?GetFocus@SwndContainerImpl@SOUI@@MAEKXZ
?GetHover@SwndContainerImpl@SOUI@@MAEKXZ
?RegisterTrackMouseEvent@SwndContainerImpl@SOUI@@MAEHK@Z
?UnregisterTrackMouseEvent@SwndContainerImpl@SOUI@@MAEHK@Z
?MarkWndTreeZorderDirty@SwndContainerImpl@SOUI@@MAEXXZ
?BuildWndTreeZorder@SwndContainerImpl@SOUI@@MAEXXZ
?OnNextFrame@SwndContainerImpl@SOUI@@UAEXXZ
?GetLogManager@SApplication@SOUI@@QAEPAUILog4zManager@2@XZ
?SetCurSel@STabCtrl@SOUI@@QAEHH@Z
?ReflectNotifications@CSimpleWnd@SOUI@@QAEJIIJAAH@Z
?OnFinalMessage@CSimpleWnd@SOUI@@MAEXPAUHWND__@@@Z
??0SObjectInfo@SOUI@@QAE@ABV?$TStringT@_WUwchar_traits@SOUI@@@1@H@Z
?RegisterSystemObjects@SApplication@SOUI@@MAEXXZ
??0SObjectDefaultRegister@SOUI@@QAE@XZ
?GetClassType@SSkinObjBase@SOUI@@SAHXZ
?GetObjectType@SSkinObjBase@SOUI@@UBEHXZ
?GetAlpha@SSkinObjBase@SOUI@@UBEEXZ
?SetAlpha@SSkinObjBase@SOUI@@UAEXE@Z
?Draw@SSkinObjBase@SOUI@@UAEXPAUIRenderTarget@2@PBUtagRECT@@KE@Z
?Draw@SSkinObjBase@SOUI@@UAEXPAUIRenderTarget@2@PBUtagRECT@@K@Z
?GetScale@SSkinObjBase@SOUI@@UBEHXZ
?Scale@SSkinObjBase@SOUI@@UAEPAVISkinObj@2@H@Z
?GetName@SSkinObjBase@SOUI@@UBEPB_WXZ
?GetClassType@SSkinImgList@SOUI@@SAHXZ
?GetObjectType@SSkinImgList@SOUI@@UBEHXZ
?SetStates@SSkinImgList@SOUI@@UAEXH@Z
?SetImage@SSkinImgList@SOUI@@UAE_NPAUIBitmap@2@@Z
?GetImage@SSkinImgList@SOUI@@UAEPAUIBitmap@2@XZ
?SetTile@SSkinImgList@SOUI@@UAEXH@Z
?IsTile@SSkinImgList@SOUI@@UAEHXZ
?SetVertical@SSkinImgList@SOUI@@UAEXH@Z
?IsVertical@SSkinImgList@SOUI@@UAEHXZ
?GetClassNameW@SSkinScrollbar@SOUI@@SAPB_WXZ
?GetClassType@SSkinScrollbar@SOUI@@SAHXZ
?GetObjectType@SSkinScrollbar@SOUI@@UBEHXZ
?IsClass@SSkinScrollbar@SOUI@@UBEHPB_W@Z
?SetAttribute@SSkinScrollbar@SOUI@@UAEJABV?$TStringT@_WUwchar_traits@SOUI@@@2@0H@Z
?SendMessageW@CSimpleWnd@SOUI@@QAEJIIJ@Z
?ShowWindow@CSimpleWnd@SOUI@@QAEHH@Z
??1SSkinScrollbar@SOUI@@UAE@XZ
?OnFinalRelease@?$TObjRefImpl@V?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@@SOUI@@UAEXXZ
?Release@?$TObjRefImpl@V?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@@SOUI@@UAEJXZ
?AddRef@?$TObjRefImpl@V?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@@SOUI@@UAEJXZ
?OnInitFinished@?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@UAEXVxml_node@pugi@@@Z
?GetAttribute@?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@UBE?AV?$TStringT@_WUwchar_traits@SOUI@@@2@ABV32@@Z
?GetObjectType@?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@UBEHXZ
?SetAttribute@?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@UAEJPBD0H@Z
?SetAttribute@?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@UAEJABV?$TStringT@DUchar_traits@SOUI@@@2@0H@Z
?AfterAttribute@?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@UAEJABV?$TStringT@_WUwchar_traits@SOUI@@@2@0HJ@Z
?GetID@?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@UBEHXZ
?InitFromXml@?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@UAEHVxml_node@pugi@@@Z
?DefAttributeProc@?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@UAEJABV?$TStringT@_WUwchar_traits@SOUI@@@2@0H@Z
??1SObjectInfo@SOUI@@QAE@XZ
??0SSkinScrollbar@SOUI@@QAE@XZ
?_Draw@SSkinScrollbar@SOUI@@MAEXPAUIRenderTarget@2@PBUtagRECT@@KE@Z
?_Scale@SSkinScrollbar@SOUI@@MAEXPAVISkinObj@2@H@Z
?CreateResProvider@SOUI@@YAHW4BUILTIN_RESTYPE@1@PAPAUIObjRef@@@Z
?Create@SHostWnd@SOUI@@QAEPAUHWND__@@PAU3@HHHH@Z
?RegisterFactory@SObjectFactoryMgr@SOUI@@QAE_NAAVSObjectFactory@2@_N@Z
?CreateObject@SObjectFactoryMgr@SOUI@@UBEPAUIObject@2@ABVSObjectInfo@2@@Z
?GetSkinSize@SSkinImgList@SOUI@@UAE?AUtagSIZE@@XZ
?IgnoreState@SSkinImgList@SOUI@@UAEHXZ
?GetStates@SSkinImgList@SOUI@@UAEHXZ
?OnColorize@SSkinImgList@SOUI@@UAEXK@Z
?GetExpandMode@SSkinImgList@SOUI@@MAEIXZ
??0SApplication@SOUI@@QAE@PAUIRenderFactory@1@PAUHINSTANCE__@@PB_WABUISystemObjectRegister@1@H@Z
??1SApplication@SOUI@@UAE@XZ
?Run@SApplication@SOUI@@QAEHPAUHWND__@@@Z
?CreateWindowByName@SApplication@SOUI@@UBEPAVSWindow@2@PB_W@Z
?CreateSkinByName@SApplication@SOUI@@UBEPAVISkinObj@2@PB_W@Z
?CreateInterpolatorByName@SApplication@SOUI@@UBEPAUIInterpolator@2@PB_W@Z
?CreateAccProxy@SApplication@SOUI@@UBEPAUIAccProxy@2@PAVSWindow@2@@Z
?CreateAccessible@SApplication@SOUI@@UBEPAUIAccessible@@PAVSWindow@2@@Z
?AddResProvider@SResProviderMgr@SOUI@@QAEXPAUIResProvider@2@PB_W@Z
?CenterWindow@CSimpleWnd@SOUI@@QAEHPAUHWND__@@@Z
kernel32
GetSystemTime
SystemTimeToFileTime
GetEnvironmentVariableW
ReadConsoleA
SetConsoleMode
SwitchToFiber
GlobalFree
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
MoveFileW
lstrcmpW
GetTickCount
lstrcpyW
CopyFileW
DeleteFileW
lstrcatW
OutputDebugStringW
Sleep
CreateMutexW
GetTempPathW
TerminateProcess
GetCurrentProcess
FindNextFileW
FindFirstFileW
DeleteCriticalSection
DecodePointer
GetLastError
InitializeCriticalSectionEx
SetEndOfFile
WriteConsoleW
GetFullPathNameW
GetCurrentDirectoryW
HeapSize
GetProcessHeap
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
FindClose
GetTimeZoneInformation
HeapReAlloc
SetConsoleCtrlHandler
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileSizeEx
HeapFree
HeapAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCurrentThread
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
DeleteFiber
GetFileAttributesExW
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetVersionExW
CreateFileW
SetFilePointer
WriteFile
GetFileSize
SetFileAttributesW
CreateDirectoryW
SetFileTime
SetLastError
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
GetEnvironmentVariableA
CompareFileTime
WaitForSingleObject
MoveFileExA
VerifyVersionInfoW
GetSystemDirectoryW
VerSetConditionMask
SleepEx
RaiseException
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
CompareStringEx
GetStringTypeW
CreateSymbolicLinkW
GetFileInformationByHandleEx
GetModuleHandleW
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
InitOnceExecuteOnce
SetFileInformationByHandle
LCMapStringEx
GetLocaleInfoEx
LocalFree
EncodePointer
QueryPerformanceFrequency
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FormatMessageA
GetNativeSystemInfo
GetExitCodeThread
SwitchToThread
WaitForSingleObjectEx
GetCurrentThreadId
WideCharToMultiByte
OutputDebugStringA
FreeLibrary
GetCurrentProcessId
GetProcAddress
SetCurrentDirectoryW
LoadLibraryW
CloseHandle
SetEvent
OpenEventW
GetModuleFileNameW
CreateFiber
FormatMessageW
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
ExitProcess
MultiByteToWideChar
user32
PostMessageW
UnregisterClassW
EnumWindows
SendMessageW
GetPropW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
OffsetRect
GetActiveWindow
advapi32
CryptAcquireContextW
CryptCreateHash
CryptDestroyKey
CryptEnumProvidersW
CryptSignHashW
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptGenRandom
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGetKeyParam
CryptDecrypt
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
shell32
SHGetSpecialFolderPathW
ole32
OleUninitialize
OleInitialize
shlwapi
PathIsDirectoryW
PathCanonicalizeW
PathRemoveFileSpecW
PathFileExistsW
winhttp
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
crypt32
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertFindCertificateInStore
CertOpenSystemStoreA
CertCloseStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertOpenStore
wldap32
ord216
ord14
ord301
ord46
ord219
ord147
ord133
ord79
ord145
ord167
ord127
ord208
ord26
ord117
ord73
ord142
ord41
ord27
ws2_32
listen
ioctlsocket
__WSAFDIsSet
gethostbyname
select
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getaddrinfo
freeaddrinfo
recvfrom
sendto
gethostname
ntohl
getsockname
getpeername
connect
shutdown
getnameinfo
bind
WSAGetLastError
send
recv
closesocket
htonl
getsockopt
Sections
.text Size: 2.6MB - Virtual size: 2.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 607KB - Virtual size: 607KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 26KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 411KB - Virtual size: 410KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 104KB - Virtual size: 103KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ