D:\nstools\nsSetup\HofoInstallers-2.0\Release\Install_comm.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-04-11_fb0801025d9d0859f0a679971fa1e6ec_mafia.exe
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-04-11_fb0801025d9d0859f0a679971fa1e6ec_mafia.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
2024-04-11_fb0801025d9d0859f0a679971fa1e6ec_mafia
-
Size
10.3MB
-
MD5
fb0801025d9d0859f0a679971fa1e6ec
-
SHA1
5f12e7cd195cd8a4cf40fe88a595a114ca503457
-
SHA256
8ad39dd7ca941f99775f05e8c533e32a1fec72c3c485b2f03869ca9eed6b089a
-
SHA512
12077043d198f85b12a240c84c915ac8a1986ef82b5b8730eb46c8b86b13f3e991c003d3f543d2fcddb2e40f4ded2a0967c4847e08ceccb5f235f5b9b056f888
-
SSDEEP
196608:3rQzYgvqwo8hGXbmAnzwmD3WIeSX9iPA0gJl6m1WREF0Vef++whQ84ss+k9bQ:3r/KnQbmKBGHSXIPA0gb8aFES+7hT4Nm
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-04-11_fb0801025d9d0859f0a679971fa1e6ec_mafia
Files
-
2024-04-11_fb0801025d9d0859f0a679971fa1e6ec_mafia.exe windows:5 windows x86 arch:x86
446eab04270fea6e383edf37b8ba545d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
ExitThread
FindClose
GetDriveTypeW
FindFirstFileExW
MoveFileW
GetFullPathNameW
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryW
SetEndOfFile
GetTimeZoneInformation
CompareStringW
CloseHandle
GetLastError
CreateMutexW
lstrcpyW
GetCurrentThread
SetThreadPriority
GetCurrentProcess
SetPriorityClass
GetModuleFileNameW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetTickCount
ExitProcess
IsProcessorFeaturePresent
WriteFile
GetStdHandle
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryW
RtlUnwind
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
GetStringTypeW
SetStdHandle
WriteConsoleW
CreateFileW
FlushFileBuffers
lstrcmpW
lstrcatW
FreeResource
GlobalLock
GlobalUnlock
GetFileSize
ReadFile
FindFirstFileW
FindNextFileW
GlobalFree
WaitForSingleObject
TerminateThread
lstrlenA
GetVersionExW
CreateDirectoryW
GetDiskFreeSpaceExW
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
lstrcpynW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
UnmapViewOfFile
LCMapStringA
GetSystemPowerStatus
lstrcmpiW
GetTempPathW
SetFileAttributesW
GetSystemDirectoryW
DeleteFileW
SetCurrentDirectoryW
GetSystemWow64DirectoryW
CreateThread
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetLocalTime
InitializeCriticalSection
CreateEventW
ResetEvent
LocalFree
lstrlenW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GlobalAlloc
GetModuleHandleW
Sleep
SetEnvironmentVariableA
user32
GetWindowLongW
DefWindowProcW
LoadCursorW
SetWindowLongW
DestroyWindow
UnregisterClassW
LoadIconW
PostMessageW
SetCursor
MoveWindow
SetWindowPos
IsWindowVisible
SetWindowTextW
FindWindowW
SetForegroundWindow
DispatchMessageW
TranslateMessage
GetMessageW
EnableWindow
CreateWindowExW
RegisterClassExW
GetSystemMetrics
SetWindowRgn
OffsetRect
FillRect
ReleaseDC
GetWindowRect
GetDC
PostQuitMessage
UpdateLayeredWindow
wsprintfW
BeginPaint
EndPaint
ShowWindow
GetClientRect
IsIconic
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetWindow
PrivateExtractIconsW
LoadImageW
DrawIconEx
ClientToScreen
SetLayeredWindowAttributes
SetCapture
GetCursorPos
ReleaseCapture
SendMessageW
TrackMouseEvent
GetClipboardData
gdi32
CreateSolidBrush
BitBlt
GetTextExtentPoint32W
CreateDCW
DeleteDC
DeleteObject
CreateRectRgn
CombineRgn
OffsetRgn
SetRectRgn
CreateDIBSection
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
CreateFontIndirectW
GetStockObject
GetObjectW
LineTo
MoveToEx
SetROP2
GetObjectA
CreatePen
ole32
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance
OleRun
shlwapi
PathFileExistsW
gdiplus
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageGraphicsContext
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipResetWorldTransform
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawString
GdipDrawImageRectI
GdipDrawImagePointsI
GdipDrawImageRectRectI
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipLoadImageFromStreamICM
GdipSetStringFormatAlign
GdipSetImageAttributesColorMatrix
GdipSaveImageToFile
GdipSaveImageToStream
GdipGetImageWidth
GdipGetImageHeight
GdipImageRotateFlip
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipFree
GdipCreateStringFormat
GdipDisposeImage
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipLoadImageFromStream
GdipSetImageAttributesColorKeys
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipMeasureString
GdipDeleteGraphics
GdipCloneStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipStringFormatGetGenericTypographic
GdipCreateFromHDC
GdipCloneImage
dbghelp
MiniDumpWriteDump
comdlg32
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW
advapi32
OpenServiceW
StartServiceW
ControlService
DeleteService
RegOpenKeyW
RegCreateKeyW
RegSetValueW
RegNotifyChangeKeyValue
RegDeleteValueW
CreateServiceW
OpenSCManagerW
RegEnumKeyExW
CloseServiceHandle
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
shell32
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW
oleaut32
SysAllocString
VariantChangeType
VariantInit
VariantClear
SysFreeString
wininet
FtpOpenFileW
HttpOpenRequestW
InternetReadFile
HttpSendRequestW
FtpGetFileSize
GetUrlCacheEntryInfoW
HttpQueryInfoW
InternetGetConnectedState
InternetOpenW
InternetSetOptionW
InternetConnectW
InternetCloseHandle
HttpAddRequestHeadersW
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
winmm
mciSendStringW
PlaySoundW
crypt32
CertCreateCertificateContext
CertOpenStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertCloseStore
CertFindCertificateInStore
wintrust
WinVerifyTrust
urlmon
URLDownloadToFileW
Exports
Exports
??0CLock@@QAE@XZ
??0CNsApp@@QAE@XZ
??0CNsDC@@QAE@PAUHDC__@@AAUtagRECT@@_N2PAUHWND__@@@Z
??0CNsDC@@QAE@XZ
??0CNsDownload@@QAE@XZ
??0CNsFont@@QAE@ABV0@@Z
??0CNsFont@@QAE@XZ
??0CNsImage@@QAE@ABV0@@Z
??0CNsImage@@QAE@XZ
??0CNsInstaller@@QAE@ABV0@@Z
??0CNsInstaller@@QAE@XZ
??0CNsLog@@QAE@ABV0@@Z
??0CNsLog@@QAE@XZ
??0CNsNet@@QAE@XZ
??0CNsPacket@@QAE@ABV0@@Z
??0CNsProcess@@QAE@XZ
??0CNsReg@@QAE@XZ
??0CNsSkin@@QAE@ABV0@@Z
??0CNsSkin@@QAE@XZ
??0CNsThread@@QAE@ABV0@@Z
??0CNsThread@@QAE@XZ
??0CNsUpdate@@QAE@ABV0@@Z
??0CNsUpdate@@QAE@XZ
??0CNsXml@@QAE@ABV0@@Z
??0CNsXml@@QAE@XZ
??0CNsZlib@@QAE@XZ
??0CnsDump@@QAE@ABV0@@Z
??0CnsDump@@QAE@XZ
??1CLock@@QAE@XZ
??1CNsApp@@QAE@XZ
??1CNsDC@@QAE@XZ
??1CNsDownload@@QAE@XZ
??1CNsFont@@QAE@XZ
??1CNsImage@@QAE@XZ
??1CNsInstaller@@QAE@XZ
??1CNsLog@@QAE@XZ
??1CNsNet@@QAE@XZ
??1CNsProcess@@QAE@XZ
??1CNsReg@@QAE@XZ
??1CNsSkin@@QAE@XZ
??1CNsThread@@QAE@XZ
??1CNsUpdate@@QAE@XZ
??1CNsXml@@QAE@XZ
??1CNsZlib@@QAE@XZ
??1CnsDump@@QAE@XZ
??4CLock@@QAEAAV0@ABV0@@Z
??4CNsApp@@QAEAAV0@ABV0@@Z
??4CNsDC@@QAEAAV0@ABV0@@Z
??4CNsDownload@@QAEAAV0@ABV0@@Z
??4CNsFont@@QAEAAV0@ABV0@@Z
??4CNsImage@@QAEAAV0@ABV0@@Z
??4CNsInstaller@@QAEAAV0@ABV0@@Z
??4CNsLog@@QAEAAV0@ABV0@@Z
??4CNsNet@@QAEAAV0@ABV0@@Z
??4CNsPacket@@QAEAAV0@ABV0@@Z
??4CNsProcess@@QAEAAV0@ABV0@@Z
??4CNsReg@@QAEAAV0@ABV0@@Z
??4CNsSkin@@QAEAAV0@ABV0@@Z
??4CNsThread@@QAEAAV0@ABV0@@Z
??4CNsUpdate@@QAEAAV0@ABV0@@Z
??4CNsXml@@QAEAAV0@ABV0@@Z
??4CNsZlib@@QAEAAV0@ABV0@@Z
??4CnsDump@@QAEAAV0@ABV0@@Z
??_B?1??Instance@CNsDownload@@SAAAV1@XZ@51
??_B?1??Instance@CNsLog@@SAAAV1@XZ@51
??_B?1??Instance@CNsNet@@SAAAV1@XZ@51
??_B?1??Instance@CNsProcess@@SAAAV1@XZ@51
??_B?1??Instance@CNsReg@@SAAAV1@XZ@51
??_B?1??Instance@CNsUpdate@@SAAAV1@XZ@51
??_B?1??Instance@CNsXml@@SAAAV1@XZ@51
??_B?1??Instance@CNsZlib@@SAAAV1@XZ@51
?AddDelInfo@CNsInstaller@@AAE_NAAUtagDelInfo@@@Z
?AddMovie@CNsImage@@QAE_NPAUHWND__@@HPB_WHHHHHHHHPAUHDC__@@@Z
?AddMovie@CNsImage@@QAE_NPAUHWND__@@PB_WHHHHHHHHPAUHDC__@@@Z
?AddShellMenu@@YAHPB_W0H0H@Z
?AddTask@CNsDownload@@QAEHPB_W0@Z
?AddTimer@CNsThread@@AAEPAUtagNsTimer@@AAU2@@Z
?AutoRun@CNsInstaller@@QAEXXZ
?BmToStream@CNsImage@@QAE_NPAUHBITMAP__@@PAUIStream@@PB_W@Z
?CertExists@@YAHPB_W@Z
?CheckComponent@CNsInstaller@@QAE_NXZ
?CheckDir@CNsInstaller@@QAEXPB_W0@Z
?CheckFont@CNsFont@@QAEHPB_W@Z
?CheckImage@CNsImage@@QAE_NPB_W@Z
?CheckInstalled@@YAHPB_W@Z
?CheckNotice@CNsInstaller@@QAEXXZ
?CheckOneInstance@@YAHPB_W0@Z
?CheckTask@CNsUpdate@@AAEXPB_W@Z
?CheckUpdate@CNsUpdate@@QAEHPB_WP6GXHHH@ZP6GXH0_J2N@Z@Z
?CheckValid@CNsInstaller@@QAEXXZ
?CompVersion@@YAHPB_W0@Z
?CreateCompatibleBitmapEx@CNsDC@@QAEPAUHBITMAP__@@UtagRECT@@@Z
?CreateDirTree@@YAHPB_W@Z
?CreateFolder@@YAHPB_W@Z
?CreateMemDC@CNsDC@@QAEXPAUHDC__@@AAUtagRECT@@_N2PAUHWND__@@@Z
?CreateNewFont@CNsFont@@AAEPAUHFONT__@@AAUtagFontInfo@@@Z
?CreateShareMem@@YAPAXPB_WK@Z
?CreateShortcut@@YAHPB_W000G0H@Z
?CreateShortcuts@CNsInstaller@@QAEXPAUtagSetupInfo@@@Z
?CreateUID@@YAXPA_WH@Z
?CreateUninstallCfg@CNsInstaller@@QAEXPAUtagSetupInfo@@@Z
?CreateUrlShortcut@@YAHPB_W0@Z
?CreateUserShortcuts@CNsInstaller@@AAEXXZ
?DecodeFile@CNsZlib@@QAEJPB_W0K@Z
?DecodeGZipBuffer@CNsZlib@@QAEJPAEJPAPAEPAJ@Z
?DelTask@CNsDownload@@QAEHPB_W@Z
?DelTray@@YAHPAUHWND__@@@Z
?DesGo@@YAXQBDPADHH@Z
?DisableFsRedirection@@YAXPAPAX@Z
?DoFunc@@YAHPB_W0@Z
?DoReport@@YAXPB_W00@Z
?DoRun@@YAHPB_W0HH@Z
?DoSetup@CNsInstaller@@AAEXPB_W@Z
?DoUpdate@CNsInstaller@@QAEX_NPB_W@Z
?DownComponent@CNsInstaller@@AAEXPB_W@Z
?DownNotify@CNsInstaller@@CGXHPB_W_J1N@Z
?DownloadThread@CNsDownload@@CGIPAX@Z
?Draw@CNsDC@@QAEXXZ
?DrawCaret@CNsApp@@QAEXPAUHWND__@@@Z
?DrawImg@CNsImage@@QAE_NPAUHDC__@@HPB_WHHHHPAUtagRECT@@@Z
?DrawImg@CNsImage@@QAE_NPAUHDC__@@PAUIStream@@HHHHPAUtagRECT@@@Z
?DrawImg@CNsImage@@QAE_NPAUHDC__@@PAVImage@Gdiplus@@HHHHPAUtagRECT@@PAVImageAttributes@4@@Z
?DrawImg@CNsImage@@QAE_NPAUHDC__@@PB_WHHHHPAUtagRECT@@@Z
?DrawImgEx@CNsImage@@QAE_NPAUHDC__@@HPB_WMMMMHHHH@Z
?DrawImgEx@CNsImage@@QAE_NPAUHDC__@@PAUIStream@@MMMMHHHH@Z
?DrawImgEx@CNsImage@@QAE_NPAUHDC__@@PB_WMMMMHHHH@Z
?DrawRotate3D@CNsImage@@QAEXPAUHDC__@@HPB_WHHHHHH@Z
?DrawRotate3D@CNsImage@@QAEXPAUHDC__@@PAUIStream@@HHHHHH@Z
?DrawRotate@CNsImage@@QAE_NPAUHDC__@@HPB_WHHHHH@Z
?DrawRotate@CNsImage@@QAE_NPAUHDC__@@PAUIStream@@HHHHH@Z
?DrawRotate@CNsImage@@QAE_NPAUHDC__@@PB_WHHHHH@Z
?DrawRotateFlip@CNsImage@@QAE_NPAUHDC__@@HPB_WHHHHW4RotateFlipType@Gdiplus@@M@Z
?DrawRotateFlip@CNsImage@@QAE_NPAUHDC__@@PAUIStream@@HHHHW4RotateFlipType@Gdiplus@@M@Z
?DrawRotateFlip@CNsImage@@QAE_NPAUHDC__@@PB_WHHHHW4RotateFlipType@Gdiplus@@M@Z
?DrawSplitH@CNsImage@@AAE_NPAUHDC__@@PAVImage@Gdiplus@@HHHHPAUtagRECT@@H@Z
?DrawSplitV@CNsImage@@AAE_NPAUHDC__@@PAVImage@Gdiplus@@HHHHPAUtagRECT@@HH@Z
?DrawStretchImg@CNsImage@@QAE_NPAUHDC__@@HPB_WHHHHHHHH@Z
?DrawStretchImg@CNsImage@@QAE_NPAUHDC__@@PAUIStream@@HHHHHHHH@Z
?DrawStretchImg@CNsImage@@QAE_NPAUHDC__@@PAVImage@Gdiplus@@HHHHHHHH@Z
?DrawStretchImg@CNsImage@@QAE_NPAUHDC__@@PB_WHHHHHHHH@Z
?DrawString@CNsImage@@QAEXPAUHDC__@@PAUHFONT__@@PB_WHHHHKH_N3H@Z
?DrawTranImg@CNsImage@@QAE_NPAUHDC__@@HPB_WKKHHHH@Z
?DrawTranImg@CNsImage@@QAE_NPAUHDC__@@PAUIStream@@KKHHHH@Z
?DrawTranImg@CNsImage@@QAE_NPAUHDC__@@PB_WKKHHHH@Z
?EasyEncode@@YAXPADH@Z
?EncodeFile@CNsZlib@@QAEJPB_W0H@Z
?ExceptionFilter@CnsDump@@CGJPAU_EXCEPTION_POINTERS@@@Z
?ExecScript@CNsInstaller@@QAEXPB_W@Z
?ExitApp@CNsApp@@QAEXXZ
?ExitThread@CNsThread@@QAEXPAXH@Z
?ExtractFile@CNsInstaller@@AAE_NPAUtagPacketInfo@@PAU_iobuf@@@Z
?ExtractFileEx@CNsInstaller@@AAE_NPAUtagPacketInfo@@@Z
?ExtractPath@@YAXPA_W@Z
?FileSize@@YA_JPB_W@Z
?FileTime@@YAHPB_WPAU_SYSTEMTIME@@11@Z
?FindRes@CNsSkin@@AAE_NPB_WPAUIStream@@@Z
?ForceLog@CNsLog@@QAEX_N@Z
?FreeSkin@CNsSkin@@QAEXXZ
?GbToTraditional@@YAXPADH@Z
?GetAdvInfo@CNsInstaller@@QAE_NAAUtagStyleInfo@@@Z
?GetCPUID@@YAXPAD@Z
?GetClipboard@@YAHPA_WH@Z
?GetCloudInfo@CNsInstaller@@QAE_NAAUtagCloudInfo@@@Z
?GetColorDlg@@YAKPAUHWND__@@K@Z
?GetCurPath@@YAXPA_W@Z
?GetCurPathEx@@YAXPB_WPA_W@Z
?GetDefaultSize@CNsFont@@QAEHXZ
?GetDeskWin@@YAPAUHWND__@@XZ
?GetDesktopPath@@YAHPA_W@Z
?GetEncoderClsid@CNsImage@@QAEHPB_WPAU_GUID@@@Z
?GetFileIcon@@YAPAUHICON__@@PB_WHH@Z
?GetFileVer@@YAHPB_WPA_W@Z
?GetFont@CNsFont@@AAEPAUHFONT__@@AAUtagFontInfo@@@Z
?GetFont@CNsFont@@QAEPAUHFONT__@@HPB_WHHH@Z
?GetFtpFile@CNsDownload@@QAEHPB_W0HP6GXH0_J1N@Z00@Z
?GetHttpFile@CNsDownload@@QAEHPB_W0HP6GXH0_J1N@Z@Z
?GetImgSize@CNsImage@@QAE_NHAAH0@Z
?GetImgSize@CNsImage@@QAE_NPB_WAAH1@Z
?GetInfoLen@CNsNet@@QAEHXZ
?GetLogFileName@CNsLog@@AAEXAAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?GetMovieIndex@CNsImage@@QAEHH@Z
?GetNodeAttr@CNsXml@@QAEHPB_W0PA_W@Z
?GetOsName@@YAHPA_W@Z
?GetPathUseSpace@@YA_KPB_W@Z
?GetProcByName@CNsProcess@@QAE_NPB_WPAUtagPROCESSENTRY32W@@@Z
?GetProcList@CNsProcess@@QAE_NAAV?$vector@UtagPROCESSENTRY32W@@V?$allocator@UtagPROCESSENTRY32W@@@std@@@std@@@Z
?GetProgramFilePath@@YAHPA_W@Z
?GetProgramsPath@@YAHPA_W@Z
?GetQuickLaunchPath@@YAHPA_WH@Z
?GetRegInfo@@YAHPAUHKEY__@@PA_W1H1@Z
?GetRegInfo@CNsReg@@QAEHPAUHKEY__@@PA_W1H1@Z
?GetRes@CNsSkin@@QAE_NPB_WPAUIStream@@@Z
?GetResType@CNsSkin@@QAEHXZ
?GetSetupInfo@CNsInstaller@@QAE_NAAUtagSetupInfo@@@Z
?GetSetupInfoEx@CNsInstaller@@QAE_NAAUtagSetupInfo@@@Z
?GetShortcutIcon@@YAHPB_WPA_WPAH@Z
?GetShortcutUrl@@YAHPB_WPA_W@Z
?GetSoftVer@@YAHPB_WPA_W@Z
?GetStartMenuPath@@YAHPA_W@Z
?GetStrSize@CNsImage@@QAE?AUtagSIZE@@PB_WPAUHWND__@@PAUHFONT__@@VRectF@Gdiplus@@@Z
?GetStrWidth@CNsImage@@QAEHPB_WPAUHWND__@@PAUHFONT__@@_N@Z
?GetThemesPath@CNsSkin@@QAEXPA_W@Z
?GetUrlCacheIcon@@YAPAUHICON__@@PB_WH@Z
?GetUrlCacheIconPath@@YAHPB_WPA_W@Z
?GetUrlInfo@@YAHPB_WPADH@Z
?GetUrlInfo@CNsNet@@QAEHPB_WPADHH@Z
?GetUrlShortcutIcon@@YAHPB_WPA_WH@Z
?GetXmlNode@CNsXml@@QAEHPA_WAAH@Z
?GetXmlNodeCount@@YAHPB_W@Z
?GetXmlNodeCount@CNsXml@@QAEHPB_W@Z
?GetXmlNodeValue2@@YAHPB_WPA_WH@Z
?GetXmlNodeValue3@@YAHPB_WPA_WPAH@Z
?GetXmlNodeValue@@YAHPB_WPA_W@Z
?GetXmlNodeValue@CNsXml@@QAEHPB_WPA_W@Z
?GetXmlNodeValue@CNsXml@@QAEHPB_WPA_WH@Z
?GetXmlNodeValue@CNsXml@@QAEHPB_WPA_WPAH@Z
?HideProcess@CNsProcess@@QAEXH@Z
?ImportCACert@@YAHPAXH@Z
?ImportCertFile@@YAHPB_W@Z
?ImportReg@CNsInstaller@@QAEXXZ
?InitPath@CNsInstaller@@AAEXAAUtagSetupInfo@@@Z
?InitZlib@CNsZlib@@QAEJPB_W@Z
?Inject@CNsProcess@@QAE_NKPBD0@Z
?Install@CnsDump@@QAEXPB_W0@Z
?InstallCloudFunc@CNsInstaller@@AAE_NXZ
?InstallCloudThread@CNsInstaller@@CGIPAX@Z
?InstallComponent@CNsInstaller@@AAEXXZ
?InstallDump@@YAXPB_W0@Z
?InstallFunc@CNsInstaller@@AAE_NXZ
?InstallFuncEx@CNsInstaller@@AAE_NXZ
?InstallThread@CNsInstaller@@CGIPAX@Z
?InstallUserComponent@CNsInstaller@@AAEXXZ
?Instance@CNsDownload@@SAAAV1@XZ
?Instance@CNsLog@@SAAAV1@XZ
?Instance@CNsNet@@SAAAV1@XZ
?Instance@CNsProcess@@SAAAV1@XZ
?Instance@CNsReg@@SAAAV1@XZ
?Instance@CNsUpdate@@SAAAV1@XZ
?Instance@CNsXml@@SAAAV1@XZ
?Instance@CNsZlib@@SAAAV1@XZ
?IntToStrSize@@YAX_JPA_W@Z
?IsLockRead@CLock@@QAE_NXZ
?IsLockWrite@CLock@@QAE_NXZ
?KillProcess@CNsProcess@@QAEXK@Z
?KillProcess@CNsProcess@@QAEXPB_W@Z
?KillTimer@CNsThread@@QAEXH@Z
?LnkToRealPath@@YAJPB_WPA_W@Z
?LoadDrv@@YAHPB_W0@Z
?LoadPngFromRes@CNsImage@@AAEPAVImage@Gdiplus@@HPB_W@Z
?LoadProxyConfig@CNsDownload@@QAEXXZ
?LoadProxyConfig@CNsNet@@QAEXXZ
?LoadSkin@CNsSkin@@QAE_NPB_W@Z
?Lock@CLock@@QAEXXZ
?LockRead@CLock@@QAEXXZ
?MD5Go@@YAHPAD0@Z
?MakeSkin@CNsSkin@@QAE_NPB_W0@Z
?MonitorReg@CNsReg@@QAEHPAUHKEY__@@PA_WHP6GXPAX@Z2@Z
?MonitorThread@CNsReg@@SGKPAX@Z
?MovePos@CNsInstaller@@AAEXPAUtagPacketInfo@@PAU_iobuf@@@Z
?MovieThread@CNsImage@@CGIPAX@Z
?MsgLoop@CNsApp@@QAEHXZ
?NsAddJob@@YAHPB_W0H@Z
?NsDelJob@@YAHXZ
?NsEncode@@YAXQBDPADHH@Z
?NsEncodeFile@@YAHPB_W0@Z
?NsGetStrWidth@@YAHPB_WPAUHWND__@@PAUHFONT__@@@Z
?NsReadFile@@YAHPB_WPAXAAK@Z
?NsResGetBuff@@YAHHPB_WPAX@Z
?NsResGetBuffEx@@YAHPB_WH0PAX@Z
?NsResGetStream@@YAPAUIStream@@HPB_W@Z
?NsResSave@@YAHHPB_W0@Z
?NsResSaveEx@@YAHPB_WH00@Z
?NsResSize@@YAHHPB_W@Z
?NsResUpdate2@@YAHPB_WH0PAXH@Z
?NsResUpdate@@YAHPB_WH00@Z
?NsWriteFile@@YAHPB_WPAXK@Z
?OpenUrl@@YAXPB_WH@Z
?Parse@@YAHPB_W@Z
?Parse@CNsXml@@QAEHPB_W@Z
?ParseParams@CNsInstaller@@QAEXPB_W@Z
?PauseMP3@@YAXPB_W@Z
?PlayMP3@@YAXPB_WH@Z
?PlayWav@@YAHPB_WH@Z
?Post@CNsNet@@QAEHPB_WPAXHPADHH@Z
?ReadShareMem2@@YAHPB_WPAXHH@Z
?ReadShareMem@@YAHPB_WPA_W@Z
?RefreshIconCache@@YAXXZ
?RegFileRelation@@YAXPB_W0000@Z
?RegProtocol@@YAXPB_W0@Z
?ReplaceExeIco@@YAHPB_W0H@Z
?ReplaceSysPath@CNsInstaller@@AAEXAAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?ResumeMP3@@YAXPB_W@Z
?ResumeProc@CNsProcess@@QAE_NK@Z
?RevertFsRedirection@@YAXPAPAX@Z
?SavePic@CNsImage@@QAE_NPAUHDC__@@UtagRECT@@PB_W2@Z
?SavePic@CNsImage@@QAE_NPAUHWND__@@PB_W1@Z
?SavePic@CNsImage@@QAE_NPB_W00@Z
?SaveScreen@CNsImage@@QAE_NPB_W0@Z
?SaveUpdateCfg@CNsUpdate@@AAEXXZ
?SetAppName@CNsApp@@QAEXPB_W@Z
?SetAutoRun@@YAHPB_WH0@Z
?SetAutoRun@CNsReg@@QAEHPB_WH0@Z
?SetClipboard@@YAHPB_W@Z
?SetDefaultFont@CNsFont@@QAEXHPB_WH@Z
?SetDelay@CNsUpdate@@QAEXH@Z
?SetFolderIcon@@YAHPB_W0H@Z
?SetIcon@@YAHPAUHWND__@@PAUHICON__@@@Z
?SetInst@CNsImage@@QAEXPAUHINSTANCE__@@@Z
?SetMemName@CNsLog@@QAEXPB_WH@Z
?SetPath@CNsUpdate@@QAEXPB_W@Z
?SetPrivilege@@YAHPB_WH@Z
?SetRegInfo@@YAHPAUHKEY__@@PA_W1HPB_W@Z
?SetRegInfo@CNsReg@@QAEHPAUHKEY__@@PA_W1HPB_W@Z
?SetResType@CNsSkin@@QAEXH@Z
?SetRetry@CNsDownload@@QAEXHH@Z
?SetShortcutIcon@@YAHPB_W0@Z
?SetSkinName@CNsSkin@@QAEXPB_W@Z
?SetThemesName@CNsSkin@@QAEXPB_W@Z
?SetTip@@YAHPAUHWND__@@PB_W@Z
?ShowBalloon@@YAHPAUHWND__@@PB_W1H@Z
?ShowLicense@CNsInstaller@@QAEXXZ
?ShowOpenFileDlg@@YAHPA_WHPAUHWND__@@PB_W2H@Z
?ShowSaveFileDlg@@YAHPA_WPAUHWND__@@PB_W2@Z
?ShowSelDir@@YAHPA_WPAUHWND__@@@Z
?ShowTray@@YAHPAUHWND__@@PAUHICON__@@PB_WI@Z
?StartDownload@CNsDownload@@QAEXPB_W0P6GXH0_J1N@ZH@Z
?StartInstall@CNsInstaller@@QAEXPB_WPAUHWND__@@H1@Z
?StartInstallCloud@CNsInstaller@@QAEXPAUHWND__@@H@Z
?StartMonitor@@YAXPAUHKEY__@@PB_WHP6GXPAX@Z2@Z
?StartMonitor@CNsReg@@QAEXPAUHKEY__@@PB_WHP6GXPAX@Z2@Z
?StartMovie@CNsImage@@QAEXH@Z
?StartThread@CNsThread@@QAEPAXP6GIPAX@Z0H@Z
?StartTimer@CNsThread@@QAEXHP6GXPAX@ZH0@Z
?StartUpdate@CNsUpdate@@QAEXPB_WP6GXHHH@ZP6GXH0_J2N@Z@Z
?Stop@CNsInstaller@@QAEXXZ
?Stop@CNsNet@@QAEXXZ
?Stop@CNsThread@@QAEXXZ
?StopMP3@@YAXPB_W@Z
?StopMonitor@@YAXXZ
?StopMonitor@CNsReg@@QAEXXZ
?StopMovie@CNsImage@@QAEXH@Z
?StopTask@CNsDownload@@QAEXPB_WH@Z
?StopUpdate@CNsUpdate@@QAEXXZ
?StrToIntSize@@YA_JPB_W@Z
?SuspendProc@CNsProcess@@QAE_NK@Z
?TimerThread@CNsThread@@CGIPAX@Z
?ToAsc@@YAXPADH@Z
?ToHex@@YAXPADH@Z
?URLEncode@@YAHPA_W@Z
?UnLoadDrv@@YAHPB_W@Z
?UninitZlib@CNsZlib@@QAEXXZ
?Unlock@CLock@@QAEXXZ
?UnlockRead@CLock@@QAEXXZ
?UpdateNotify@CNsInstaller@@CGXHHH@Z
?UpdateThread@CNsUpdate@@CGIPAX@Z
?VerifyFile@CNsUpdate@@QAEHPB_W0H@Z
?VerifySignature@@YAHPB_W@Z
?WaitInstall@CNsInstaller@@AAEXPB_W@Z
?WaitUpdate@CNsInstaller@@QAEXXZ
?WriteLog2@CNsLog@@QAAXPB_WZZ
?WriteLog3@CNsLog@@QAAXPB_WZZ
?WriteLog@@YAXPB_W@Z
?WriteLog@CNsLog@@QAEXPB_W@Z
?WriteReg@CNsInstaller@@QAEHPAUtagSetupInfo@@@Z
?WriteShareMem2@@YAHPB_WPAXHH@Z
?WriteShareMem@@YAHPB_W0H@Z
?WriteSkin@CNsSkin@@AAEXPAU_iobuf@@AAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?Zoom@CNsImage@@QAE_NPB_WMHH00@Z
?_ins@?1??Instance@CNsZlib@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsDownload@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsLog@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsNet@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsProcess@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsReg@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsUpdate@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsXml@@SAAAV2@XZ@4V2@A
?gb2big@@YAXPADH@Z
?isCancel@CNsUpdate@@QAEHXZ
?isConnected@@YAHPB_W@Z
?isConnected@CNsNet@@QAEHPB_W@Z
?isDigital@@YAHPBD@Z
?isDir@@YAHPB_W@Z
?isEnableUAC@@YAHXZ
?isEnglish@@YAHXZ
?isError@CNsUpdate@@QAEHXZ
?isExistsMovie@CNsImage@@AAE_NH@Z
?isExistsShareMem@@YAHPB_W@Z
?isGzip@CNsDownload@@AAEHPAX@Z
?isGzip@CNsNet@@QAEHPAX@Z
?isHZ@@YAHPBD@Z
?isLicense@CNsInstaller@@QAE_NXZ
?isLog@CNsLog@@AAE_NXZ
?isNotebook@@YAHXZ
?isRestart@CNsUpdate@@QAEHXZ
?isSimplified@@YAHXZ
?isStop@CNsDownload@@QAEHPB_W@Z
?isStop@CNsImage@@QAE_NH@Z
?isSupportYaHei@CNsFont@@QAEHXZ
?isTraditional@@YAHXZ
?isWin7@@YAHXZ
?isWin8@@YAHXZ
?isWow64@@YAHXZ
?m_bUpdated@CNsInstaller@@0_NA
Sections
.text Size: 324KB - Virtual size: 324KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 79KB - Virtual size: 79KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 95KB - Virtual size: 95KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ