023a862b502ae7c9b778c142c7203b0f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

023a862b502ae7c9b778c142c7203b0f_JaffaCakes118
Size

6.6MB
MD5

023a862b502ae7c9b778c142c7203b0f
SHA1

596985fd9ffdf01486ca0887d31427156fd5f716
SHA256

76b441e8a1ad17d63220acb9023569322103e1e961acf879bd2d921d92412429
SHA512

042a86493fd5ebb1613092b86ca5ed576cf154e349c09e60830a96d0567a76fc59f8e1b5e8b2e45361e468b454da2b233b058ecee73671e11ea30b157748ca18
SSDEEP

196608:EuwxCHz/Z9PP3/jjS9G4JqWr87poTBX8M4RwvRlurS:VwIBhPbI3o7poFX8M4qvRR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup.exe

Files

023a862b502ae7c9b778c142c7203b0f_JaffaCakes118
.zip
CTAC.json
SERIAL.txt
WdfCoInstaller01011.dll
.dll windows:6 windows x64 arch:x64

553dfc6cd5891a057991f0695d243342

Code Sign

61:02:92:4a:00:00:00:00:00:20
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

09/01/2012, 22:25

Not After

09/04/2013, 22:25

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:05:dd:42:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

26/03/2012, 21:37

Not After

26/06/2013, 21:37

Subject

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15/09/2005, 21:55

Not After

15/03/2016, 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/03/2017, 19:05

Not After

01/06/2018, 19:05

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:74:37:a3:05:3b:16:9c:08:97:37:aa:12:48:99:06:ef:23:b7:35:ba:d0:5c:1b:29:3d:ae:ca:3c:9a:4a:b2
Signer

Actual PE Digest

13:74:37:a3:05:3b:16:9c:08:97:37:aa:12:48:99:06:ef:23:b7:35:ba:d0:5c:1b:29:3d:ae:ca:3c:9a:4a:b2

Digest Algorithm

sha256

PE Digest Matches

true

3c:aa:50:ed:7a:7b:75:89:86:2f:97:5d:01:74:0e:5b:fe:6f:ba:ea
Signer

Actual PE Digest

3c:aa:50:ed:7a:7b:75:89:86:2f:97:5d:01:74:0e:5b:fe:6f:ba:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WdfCoInstaller01011.pdb

Imports

msvcrt

free
_wtoi
_wcsnicmp
_amsg_exit
malloc
_ultow
_XcptFilter
_initterm
_wcsicmp
__C_specific_handler
_vsnwprintf
memcpy
memset

setupapi

SetupDiGetActualSectionToInstallW
SetupLogErrorW
SetupDiGetDeviceInstallParamsW
CM_Set_DevNode_Problem_Ex
SetupCloseInfFile
SetupOpenInfFileW
SetupCloseLog
SetupDiSetDeviceInstallParamsW
SetupOpenLog
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupGetStringFieldW
SetupPromptReboot
SetupFindFirstLineW
SetupGetLineCountW
SetupFindNextMatchLineW

kernel32

FindClose
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
VerSetConditionMask
GetModuleHandleW
GetVersionExW
GetModuleFileNameW
VerifyVersionInfoW
GetLastError
GetProcAddress
GlobalFree
LocalAlloc
GetWindowsDirectoryW
LocalFree
FreeLibrary
LoadLibraryW
FindFirstFileW
FindResourceW
LoadResource
CreateProcessW
CreateDirectoryW
WaitForSingleObject
OutputDebugStringW
WriteFile
SizeofResource
FormatMessageW
GetExitCodeProcess
TerminateProcess
CreateFileW
SetLastError
GetCurrentThreadId
GetLocalTime
LockResource
RemoveDirectoryW
FindNextFileW
CloseHandle
DeleteFileW
ExpandEnvironmentStringsW
LoadLibraryExW
Sleep
QueryPerformanceCounter
GetCurrentProcessId

advapi32

EventUnregister
EventRegister
QueryServiceConfigW
ChangeServiceConfigW
RegFlushKey
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
EventWrite
QueryServiceStatusEx
RegQueryValueExW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle

shell32

CommandLineToArgvW

user32

IsCharAlphaNumericW
LoadStringW
IsCharAlphaW

shlwapi

PathFileExistsW

Exports

Exports

WdfCoInstaller
WdfPostDeviceInstall
WdfPostDeviceRemove
WdfPreDeviceInstall
WdfPreDeviceInstallEx
WdfPreDeviceRemove

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dnssd.exp
lang/cef_extensions.pak
.js
lang/libGLESv2.dll
.dll windows:5 windows x86 arch:x86

82ea2e0411755a995020c5465b52ceb7

Code Sign

07:c7:0f:7c:ab:14:5b:c1:ed:38:5f:be:69:fa:31:30
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06/09/2016, 00:00

Not After

04/10/2019, 12:00

Subject

CN=AVAST Software s.r.o.,O=AVAST Software s.r.o.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16/05/2017, 00:00

Not After

24/06/2020, 12:00

Subject

CN=AVAST Software s.r.o.,O=AVAST Software s.r.o.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c4:82:45:88:5b:c1:02:f0:3a:89:5b:8a:ee:23:10:76:68:0f:9c:43:d7:92:c6:22:37:75:a9:f5:26:d9:63:f1
Signer

Actual PE Digest

c4:82:45:88:5b:c1:02:f0:3a:89:5b:8a:ee:23:10:76:68:0f:9c:43:d7:92:c6:22:37:75:a9:f5:26:d9:63:f1

Digest Algorithm

sha256

PE Digest Matches

true

1e:41:ae:66:6c:f3:3b:f7:80:bd:1e:7e:42:24:cd:c5:66:2c:1d:7f
Signer

Actual PE Digest

1e:41:ae:66:6c:f3:3b:f7:80:bd:1e:7e:42:24:cd:c5:66:2c:1d:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Y:\work\CEF3_git\chromium\src\out\Release_GN_x86\libGLESv2.dll.pdb

Imports

advapi32

RegOpenKeyExA
RegEnumValueA

gdi32

ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
SwapBuffers
GetPixelFormat

kernel32

GetCurrentProcessId
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryA
LoadLibraryW
Sleep
VerSetConditionMask
VerifyVersionInfoW
GetLastError
GetModuleHandleExA
QueryPerformanceCounter
QueryPerformanceFrequency
GetTempPathA
GetTempFileNameA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetCurrentDirectoryA
GetCurrentDirectoryA
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
InitOnceExecuteOnce
GetEnvironmentVariableA
OutputDebugStringA
InitializeCriticalSection
WideCharToMultiByte
EncodePointer
DecodePointer
RaiseException
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
QueueUserWorkItem
IsProcessorFeaturePresent
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
GetSystemTimeAsFileTime
GetTickCount
CloseHandle
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
GetCurrentThread
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
InitializeSListHead
CreateTimerQueue
SetEvent
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitProcess
GetModuleHandleExW
ReadFile
FindClose
FindFirstFileExW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
HeapAlloc
HeapFree
HeapReAlloc
GetACP
GetStdHandle
GetFileType
WriteFile
GetConsoleCP
GetConsoleMode
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
SetFilePointerEx
ReadConsoleW
GetFileAttributesExW
GetProcessHeap
GetTimeZoneInformation
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
CreateFileW
WriteConsoleW
HeapSize
SetEndOfFile

shlwapi

PathIsRelativeA

user32

WindowFromDC
DefWindowProcW
RegisterClassA
UnregisterClassA
CreateWindowExA
IsWindow
DestroyWindow
GetDC
ReleaseDC
GetWindowThreadProcessId
LoadCursorA
CreateWindowExW
GetClientRect
IsIconic
InvalidateRect

d3d9

D3DPERF_BeginEvent
D3DPERF_EndEvent
D3DPERF_SetMarker
D3DPERF_GetStatus
Direct3DCreate9

Exports

Exports

?ActiveShaderProgram@gl@@YGXII@Z
?ActiveTexture@gl@@YGXI@Z
?AttachShader@gl@@YGXII@Z
?BeginQuery@gl@@YGXII@Z
?BeginQueryEXT@gl@@YGXII@Z
?BeginTransformFeedback@gl@@YGXI@Z
?BindAPI@egl@@YGII@Z
?BindAttribLocation@gl@@YGXIIPBD@Z
?BindBuffer@gl@@YGXII@Z
?BindBufferBase@gl@@YGXIII@Z
?BindBufferRange@gl@@YGXIIIJJ@Z
?BindFragmentInputLocationCHROMIUM@gl@@YGXIHPBD@Z
?BindFramebuffer@gl@@YGXII@Z
?BindImageTexture@gl@@YGXIIHEHII@Z
?BindProgramPipeline@gl@@YGXI@Z
?BindRenderbuffer@gl@@YGXII@Z
?BindSampler@gl@@YGXII@Z
?BindTexImage@egl@@YGIPAX0H@Z
?BindTexture@gl@@YGXII@Z
?BindTransformFeedback@gl@@YGXII@Z
?BindUniformLocationCHROMIUM@gl@@YGXIHPBD@Z
?BindVertexArray@gl@@YGXI@Z
?BindVertexArrayOES@gl@@YGXI@Z
?BindVertexBuffer@gl@@YGXIIJH@Z
?BlendColor@gl@@YGXMMMM@Z
?BlendEquation@gl@@YGXI@Z
?BlendEquationSeparate@gl@@YGXII@Z
?BlendFunc@gl@@YGXII@Z
?BlendFuncSeparate@gl@@YGXIIII@Z
?BlitFramebuffer@gl@@YGXHHHHHHHHII@Z
?BlitFramebufferANGLE@gl@@YGXHHHHHHHHII@Z
?BufferData@gl@@YGXIJPBXI@Z
?BufferSubData@gl@@YGXIJJPBX@Z
?CheckFramebufferStatus@gl@@YGII@Z
?ChooseConfig@egl@@YGIPAXPBHPAPAXHPAH@Z
?Clear@gl@@YGXI@Z
?ClearBufferfi@gl@@YGXIHMH@Z
?ClearBufferfv@gl@@YGXIHPBM@Z
?ClearBufferiv@gl@@YGXIHPBH@Z
?ClearBufferuiv@gl@@YGXIHPBI@Z
?ClearColor@gl@@YGXMMMM@Z
?ClearDepthf@gl@@YGXM@Z
?ClearStencil@gl@@YGXH@Z
?ClientWaitSync@egl@@YGHPAX0H_K@Z
?ClientWaitSync@gl@@YGIPAU__GLsync@@I_K@Z
?ColorMask@gl@@YGXEEEE@Z
?CompileShader@gl@@YGXI@Z
?CompressedCopyTextureCHROMIUM@gl@@YGXII@Z
?CompressedTexImage2D@gl@@YGXIHIHHHHPBX@Z
?CompressedTexImage3D@gl@@YGXIHIHHHHHPBX@Z
?CompressedTexSubImage2D@gl@@YGXIHHHHHIHPBX@Z
?CompressedTexSubImage3D@gl@@YGXIHHHHHHHIHPBX@Z
?CopyBufferSubData@gl@@YGXIIJJJ@Z
?CopyBuffers@egl@@YGIPAX0PAUHBITMAP__@@@Z
?CopySubTextureCHROMIUM@gl@@YGXIIHHHHHHEEE@Z
?CopyTexImage2D@gl@@YGXIHIHHHHH@Z
?CopyTexSubImage2D@gl@@YGXIHHHHHHH@Z
?CopyTexSubImage3D@gl@@YGXIHHHHHHHH@Z
?CopyTextureCHROMIUM@gl@@YGXIIHIEEE@Z
?CoverFillPathCHROMIUM@gl@@YGXII@Z
?CoverFillPathInstancedCHROMIUM@gl@@YGXHIPBXIIIPBM@Z
?CoverStrokePathCHROMIUM@gl@@YGXII@Z
?CoverStrokePathInstancedCHROMIUM@gl@@YGXHIPBXIIIPBM@Z
?CoverageModulationCHROMIUM@gl@@YGXI@Z
?CreateContext@egl@@YGPAXPAX00PBH@Z
?CreateDeviceANGLE@egl@@YGPAXHPAXPBH@Z
?CreateImage@egl@@YGPAXPAX0I0PBH@Z
?CreateImageKHR@egl@@YGPAXPAX0I0PBH@Z
?CreatePbufferFromClientBuffer@egl@@YGPAXPAXI00PBH@Z
?CreatePbufferSurface@egl@@YGPAXPAX0PBH@Z
?CreatePixmapSurface@egl@@YGPAXPAX0PAUHBITMAP__@@PBH@Z
?CreatePlatformPixmapSurface@egl@@YGPAXPAX00PBH@Z
?CreatePlatformWindowSurface@egl@@YGPAXPAX00PBH@Z
?CreateProgram@gl@@YGIXZ
?CreateShader@gl@@YGII@Z
?CreateShaderProgramv@gl@@YGIIHPBQBD@Z
?CreateStreamKHR@egl@@YGPAXPAXPBH@Z
?CreateStreamProducerD3DTextureNV12ANGLE@egl@@YGIPAX0PBH@Z
?CreateSync@egl@@YGPAXPAXIPBH@Z
?CreateWindowSurface@egl@@YGPAXPAX0PAUHWND__@@PBH@Z
?CullFace@gl@@YGXI@Z
?DebugMessageCallbackKHR@gl@@YGXP6GXIIIIHPBDPBX@Z1@Z
?DebugMessageControlKHR@gl@@YGXIIIHPBIE@Z
?DebugMessageInsertKHR@gl@@YGXIIIIHPBD@Z
?DeleteBuffers@gl@@YGXHPBI@Z
?DeleteFencesNV@gl@@YGXHPBI@Z
?DeleteFramebuffers@gl@@YGXHPBI@Z
?DeletePathsCHROMIUM@gl@@YGXIH@Z
?DeleteProgram@gl@@YGXI@Z
?DeleteProgramPipelines@gl@@YGXHPBI@Z
?DeleteQueries@gl@@YGXHPBI@Z
?DeleteQueriesEXT@gl@@YGXHPBI@Z
?DeleteRenderbuffers@gl@@YGXHPBI@Z
?DeleteSamplers@gl@@YGXHPBI@Z
?DeleteShader@gl@@YGXI@Z
?DeleteSync@gl@@YGXPAU__GLsync@@@Z
?DeleteTextures@gl@@YGXHPBI@Z
?DeleteTransformFeedbacks@gl@@YGXHPBI@Z
?DeleteVertexArrays@gl@@YGXHPBI@Z
?DeleteVertexArraysOES@gl@@YGXHPBI@Z
?DepthFunc@gl@@YGXI@Z
?DepthMask@gl@@YGXE@Z
?DepthRangef@gl@@YGXMM@Z
?DestroyContext@egl@@YGIPAX0@Z
?DestroyImage@egl@@YGIPAX0@Z
?DestroyImageKHR@egl@@YGIPAX0@Z
?DestroyStreamKHR@egl@@YGIPAX0@Z
?DestroySurface@egl@@YGIPAX0@Z
?DestroySync@egl@@YGIPAX0@Z
?DetachShader@gl@@YGXII@Z
?Disable@gl@@YGXI@Z
?DisableVertexAttribArray@gl@@YGXI@Z
?DiscardFramebufferEXT@gl@@YGXIHPBI@Z
?DispatchCompute@gl@@YGXIII@Z
?DispatchComputeIndirect@gl@@YGXJ@Z
?DrawArrays@gl@@YGXIHH@Z
?DrawArraysIndirect@gl@@YGXIPBX@Z
?DrawArraysInstanced@gl@@YGXIHHH@Z
?DrawArraysInstancedANGLE@gl@@YGXIHHH@Z
?DrawBuffers@gl@@YGXHPBI@Z
?DrawBuffersEXT@gl@@YGXHPBI@Z
?DrawElements@gl@@YGXIHIPBX@Z
?DrawElementsIndirect@gl@@YGXIIPBX@Z
?DrawElementsInstanced@gl@@YGXIHIPBXH@Z
?DrawElementsInstancedANGLE@gl@@YGXIHIPBXH@Z
?DrawRangeElements@gl@@YGXIIIHIPBX@Z
?EGLImageTargetRenderbufferStorageOES@gl@@YGXIPAX@Z
?EGLImageTargetTexture2DOES@gl@@YGXIPAX@Z
?Enable@gl@@YGXI@Z
?EnableVertexAttribArray@gl@@YGXI@Z
?EndQuery@gl@@YGXI@Z
?EndQueryEXT@gl@@YGXI@Z
?EndTransformFeedback@gl@@YGXXZ
?FenceSync_@gl@@YGPAU__GLsync@@II@Z
?Finish@gl@@YGXXZ
?FinishFenceNV@gl@@YGXI@Z
?Flush@gl@@YGXXZ
?FlushMappedBufferRange@gl@@YGXIJJ@Z
?FlushMappedBufferRangeEXT@gl@@YGXIJJ@Z
?FramebufferParameteri@gl@@YGXIIH@Z
?FramebufferRenderbuffer@gl@@YGXIIII@Z
?FramebufferTexture2D@gl@@YGXIIIIH@Z
?FramebufferTextureLayer@gl@@YGXIIIHH@Z
?FrontFace@gl@@YGXI@Z
?GenBuffers@gl@@YGXHPAI@Z
?GenFencesNV@gl@@YGXHPAI@Z
?GenFramebuffers@gl@@YGXHPAI@Z
?GenPathsCHROMIUM@gl@@YGIH@Z
?GenProgramPipelines@gl@@YGXHPAI@Z
?GenQueries@gl@@YGXHPAI@Z
?GenQueriesEXT@gl@@YGXHPAI@Z
?GenRenderbuffers@gl@@YGXHPAI@Z
?GenSamplers@gl@@YGXHPAI@Z
?GenTextures@gl@@YGXHPAI@Z
?GenTransformFeedbacks@gl@@YGXHPAI@Z
?GenVertexArrays@gl@@YGXHPAI@Z
?GenVertexArraysOES@gl@@YGXHPAI@Z
?GenerateMipmap@gl@@YGXI@Z
?GetActiveAttrib@gl@@YGXIIHPAH0PAIPAD@Z
?GetActiveUniform@gl@@YGXIIHPAH0PAIPAD@Z
?GetActiveUniformBlockName@gl@@YGXIIHPAHPAD@Z
?GetActiveUniformBlockiv@gl@@YGXIIIPAH@Z
?GetActiveUniformBlockivRobustANGLE@gl@@YGXIIIHPAH0@Z
?GetActiveUniformsiv@gl@@YGXIHPBIIPAH@Z
?GetAttachedShaders@gl@@YGXIHPAHPAI@Z
?GetAttribLocation@gl@@YGHIPBD@Z
?GetBooleani_v@gl@@YGXIIPAE@Z
?GetBooleani_vRobustANGLE@gl@@YGXIIHPAHPAE@Z
?GetBooleanv@gl@@YGXIPAE@Z
?GetBooleanvRobustANGLE@gl@@YGXIHPAHPAE@Z
?GetBufferParameteri64v@gl@@YGXIIPA_J@Z
?GetBufferParameteri64vRobustANGLE@gl@@YGXIIHPAHPA_J@Z
?GetBufferParameteriv@gl@@YGXIIPAH@Z
?GetBufferParameterivRobustANGLE@gl@@YGXIIHPAH0@Z
?GetBufferPointerv@gl@@YGXIIPAPAX@Z
?GetBufferPointervOES@gl@@YGXIIPAPAX@Z
?GetBufferPointervRobustANGLE@gl@@YGXIIHPAHPAPAX@Z
?GetConfigAttrib@egl@@YGIPAX0HPAH@Z
?GetConfigs@egl@@YGIPAXPAPAXHPAH@Z
?GetCurrentContext@egl@@YGPAXXZ
?GetCurrentDisplay@egl@@YGPAXXZ
?GetCurrentSurface@egl@@YGPAXH@Z
?GetDebugMessageLogKHR@gl@@YGIIHPAI000PAHPAD@Z
?GetDisplay@egl@@YGPAXPAUHDC__@@@Z
?GetError@egl@@YGHXZ
?GetError@gl@@YGIXZ
?GetFenceivNV@gl@@YGXIIPAH@Z
?GetFloatv@gl@@YGXIPAM@Z
?GetFloatvRobustANGLE@gl@@YGXIHPAHPAM@Z
?GetFragDataLocation@gl@@YGHIPBD@Z
?GetFramebufferAttachmentParameteriv@gl@@YGXIIIPAH@Z
?GetFramebufferAttachmentParameterivRobustANGLE@gl@@YGXIIIHPAH0@Z
?GetFramebufferParameteriv@gl@@YGXIIPAH@Z
?GetFramebufferParameterivRobustANGLE@gl@@YGXIIHPAH0@Z
?GetGraphicsResetStatusEXT@gl@@YGIXZ
?GetInteger64i_v@gl@@YGXIIPA_J@Z
?GetInteger64i_vRobustANGLE@gl@@YGXIIHPAHPA_J@Z
?GetInteger64v@gl@@YGXIPA_J@Z
?GetInteger64vRobustANGLE@gl@@YGXIHPAHPA_J@Z
?GetIntegeri_v@gl@@YGXIIPAH@Z
?GetIntegeri_vRobustANGLE@gl@@YGXIIHPAH0@Z
?GetIntegerv@gl@@YGXIPAH@Z
?GetIntegervRobustANGLE@gl@@YGXIHPAH0@Z
?GetInternalformativ@gl@@YGXIIIHPAH@Z
?GetInternalformativRobustANGLE@gl@@YGXIIIHPAH0@Z
?GetMultisamplefv@gl@@YGXIIPAM@Z
?GetMultisamplefvRobustANGLE@gl@@YGXIIHPAHPAM@Z
?GetObjectLabelKHR@gl@@YGXIIHPAHPAD@Z
?GetObjectPtrLabelKHR@gl@@YGXPBXHPAHPAD@Z
?GetPathParameterfCHROMIUM@gl@@YGXIIPAM@Z
?GetPathParameteriCHROMIUM@gl@@YGXIIPAH@Z
?GetPlatformDisplay@egl@@YGPAXIPAXPBH@Z
?GetPlatformDisplayEXT@egl@@YGPAXIPAXPBH@Z
?GetPointervKHR@gl@@YGXIPAPAX@Z
?GetPointervRobustANGLERobustANGLE@gl@@YGXIHPAHPAPAX@Z
?GetProcAddress@egl@@YGP6AXXZPBD@Z
?GetProgramBinary@gl@@YGXIHPAHPAIPAX@Z
?GetProgramBinaryOES@gl@@YGXIHPAHPAIPAX@Z
?GetProgramInfoLog@gl@@YGXIHPAHPAD@Z
?GetProgramInterfaceiv@gl@@YGXIIIPAH@Z
?GetProgramInterfaceivRobustANGLE@gl@@YGXIIIHPAH0@Z
?GetProgramPipelineInfoLog@gl@@YGXIHPAHPAD@Z
?GetProgramPipelineiv@gl@@YGXIIPAH@Z
?GetProgramResourceIndex@gl@@YGIIIPBD@Z
?GetProgramResourceLocation@gl@@YGHIIPBD@Z
?GetProgramResourceName@gl@@YGXIIIHPAHPAD@Z
?GetProgramResourceiv@gl@@YGXIIIHPBIHPAH1@Z
?GetProgramiv@gl@@YGXIIPAH@Z
?GetProgramivRobustANGLE@gl@@YGXIIHPAH0@Z
?GetQueryObjecti64vEXT@gl@@YGXIIPA_J@Z
?GetQueryObjecti64vRobustANGLE@gl@@YGXIIHPAHPA_J@Z
?GetQueryObjectivEXT@gl@@YGXIIPAH@Z
?GetQueryObjectivRobustANGLE@gl@@YGXIIHPAH0@Z
?GetQueryObjectui64vEXT@gl@@YGXIIPA_K@Z
?GetQueryObjectui64vRobustANGLE@gl@@YGXIIHPAHPA_K@Z
?GetQueryObjectuiv@gl@@YGXIIPAI@Z
?GetQueryObjectuivEXT@gl@@YGXIIPAI@Z
?GetQueryObjectuivRobustANGLE@gl@@YGXIIHPAHPAI@Z
?GetQueryiv@gl@@YGXIIPAH@Z
?GetQueryivEXT@gl@@YGXIIPAH@Z
?GetQueryivRobustANGLE@gl@@YGXIIHPAH0@Z
?GetRenderbufferParameteriv@gl@@YGXIIPAH@Z
?GetRenderbufferParameterivRobustANGLE@gl@@YGXIIHPAH0@Z
?GetSamplerParameterIivRobustANGLE@gl@@YGXIIHPAH0@Z
?GetSamplerParameterIuivRobustANGLE@gl@@YGXIIHPAHPAI@Z
?GetSamplerParameterfv@gl@@YGXIIPAM@Z
?GetSamplerParameterfvRobustANGLE@gl@@YGXIIHPAHPAM@Z
?GetSamplerParameteriv@gl@@YGXIIPAH@Z
?GetSamplerParameterivRobustANGLE@gl@@YGXIIHPAH0@Z
?GetShaderInfoLog@gl@@YGXIHPAHPAD@Z
?GetShaderPrecisionFormat@gl@@YGXIIPAH0@Z
?GetShaderSource@gl@@YGXIHPAHPAD@Z
?GetShaderiv@gl@@YGXIIPAH@Z
?GetShaderivRobustANGLE@gl@@YGXIIHPAH0@Z
?GetString@gl@@YGPBEI@Z
?GetStringi@gl@@YGPBEII@Z
?GetSyncAttrib@egl@@YGIPAX0HPAH@Z
?GetSynciv@gl@@YGXPAU__GLsync@@IHPAH1@Z
?GetTexLevelParameterfv@gl@@YGXIHIPAM@Z
?GetTexLevelParameterfvRobustANGLE@gl@@YGXIHIHPAHPAM@Z
?GetTexLevelParameteriv@gl@@YGXIHIPAH@Z
?GetTexLevelParameterivRobustANGLE@gl@@YGXIHIHPAH0@Z
?GetTexParameterIivRobustANGLE@gl@@YGXIIHPAH0@Z
?GetTexParameterIuivRobustANGLE@gl@@YGXIIHPAHPAI@Z
?GetTexParameterfv@gl@@YGXIIPAM@Z
?GetTexParameterfvRobustANGLE@gl@@YGXIIHPAHPAM@Z
?GetTexParameteriv@gl@@YGXIIPAH@Z
?GetTexParameterivRobustANGLE@gl@@YGXIIHPAH0@Z
?GetTransformFeedbackVarying@gl@@YGXIIHPAH0PAIPAD@Z
?GetTranslatedShaderSourceANGLE@gl@@YGXIHPAHPAD@Z
?GetUniformBlockIndex@gl@@YGIIPBD@Z
?GetUniformIndices@gl@@YGXIHPBQBDPAI@Z
?GetUniformLocation@gl@@YGHIPBD@Z
?GetUniformfv@gl@@YGXIHPAM@Z
?GetUniformfvRobustANGLE@gl@@YGXIHHPAHPAM@Z
?GetUniformiv@gl@@YGXIHPAH@Z
?GetUniformivRobustANGLE@gl@@YGXIHHPAH0@Z
?GetUniformuiv@gl@@YGXIHPAI@Z
?GetUniformuivRobustANGLE@gl@@YGXIHHPAHPAI@Z
?GetVertexAttribIiv@gl@@YGXIIPAH@Z
?GetVertexAttribIivRobustANGLE@gl@@YGXIIHPAH0@Z
?GetVertexAttribIuiv@gl@@YGXIIPAI@Z
?GetVertexAttribIuivRobustANGLE@gl@@YGXIIHPAHPAI@Z
?GetVertexAttribPointerv@gl@@YGXIIPAPAX@Z
?GetVertexAttribPointervRobustANGLE@gl@@YGXIIHPAHPAPAX@Z
?GetVertexAttribfv@gl@@YGXIIPAM@Z
?GetVertexAttribfvRobustANGLE@gl@@YGXIIHPAHPAM@Z
?GetVertexAttribiv@gl@@YGXIIPAH@Z
?GetVertexAttribivRobustANGLE@gl@@YGXIIHPAH0@Z
?GetnUniformfvEXT@gl@@YGXIHHPAM@Z
?GetnUniformfvRobustANGLE@gl@@YGXIHHPAHPAM@Z
?GetnUniformivEXT@gl@@YGXIHHPAH@Z
?GetnUniformivRobustANGLE@gl@@YGXIHHPAH0@Z
?GetnUniformuivRobustANGLE@gl@@YGXIHHPAHPAI@Z
?Hint@gl@@YGXII@Z
?Initialize@egl@@YGIPAXPAH1@Z
?InsertEventMarkerEXT@gl@@YGXHPBD@Z
?InvalidateFramebuffer@gl@@YGXIHPBI@Z
?InvalidateSubFramebuffer@gl@@YGXIHPBIHHHH@Z
?IsBuffer@gl@@YGEI@Z
?IsEnabled@gl@@YGEI@Z
?IsFenceNV@gl@@YGEI@Z
?IsFramebuffer@gl@@YGEI@Z
?IsPathCHROMIUM@gl@@YGEI@Z
?IsProgram@gl@@YGEI@Z
?IsProgramPipeline@gl@@YGEI@Z
?IsQuery@gl@@YGEI@Z
?IsQueryEXT@gl@@YGEI@Z
?IsRenderbuffer@gl@@YGEI@Z
?IsSampler@gl@@YGEI@Z
?IsShader@gl@@YGEI@Z
?IsSync@gl@@YGEPAU__GLsync@@@Z
?IsTexture@gl@@YGEI@Z
?IsTransformFeedback@gl@@YGEI@Z
?IsVertexArray@gl@@YGEI@Z
?IsVertexArrayOES@gl@@YGEI@Z
?LineWidth@gl@@YGXM@Z
?LinkProgram@gl@@YGXI@Z
?MakeCurrent@egl@@YGIPAX000@Z
?MapBufferOES@gl@@YGPAXII@Z
?MapBufferRange@gl@@YGPAXIJJI@Z
?MapBufferRangeEXT@gl@@YGPAXIJJI@Z
?MatrixLoadIdentityCHROMIUM@gl@@YGXI@Z
?MatrixLoadfCHROMIUM@gl@@YGXIPBM@Z
?MemoryBarrier@gl@@YGXI@Z
?MemoryBarrierByRegion@gl@@YGXI@Z
?ObjectLabelKHR@gl@@YGXIIHPBD@Z
?ObjectPtrLabelKHR@gl@@YGXPBXHPBD@Z
?PathCommandsCHROMIUM@gl@@YGXIHPBEHIPBX@Z
?PathParameterfCHROMIUM@gl@@YGXIIM@Z
?PathParameteriCHROMIUM@gl@@YGXIIH@Z
?PathStencilFuncCHROMIUM@gl@@YGXIHI@Z
?PauseTransformFeedback@gl@@YGXXZ
?PixelStorei@gl@@YGXIH@Z
?PolygonOffset@gl@@YGXMM@Z
?PopDebugGroupKHR@gl@@YGXXZ
?PopGroupMarkerEXT@gl@@YGXXZ
?PostSubBufferNV@egl@@YGIPAX0HHHH@Z
?ProgramBinary@gl@@YGXIIPBXH@Z
?ProgramBinaryOES@gl@@YGXIIPBXH@Z
?ProgramParameteri@gl@@YGXIIH@Z
?ProgramPathFragmentInputGenCHROMIUM@gl@@YGXIHIHPBM@Z
?ProgramUniform1f@gl@@YGXIHM@Z
?ProgramUniform1fv@gl@@YGXIHHPBM@Z
?ProgramUniform1i@gl@@YGXIHH@Z
?ProgramUniform1iv@gl@@YGXIHHPBH@Z
?ProgramUniform1ui@gl@@YGXIHI@Z
?ProgramUniform1uiv@gl@@YGXIHHPBI@Z
?ProgramUniform2f@gl@@YGXIHMM@Z
?ProgramUniform2fv@gl@@YGXIHHPBM@Z
?ProgramUniform2i@gl@@YGXIHHH@Z
?ProgramUniform2iv@gl@@YGXIHHPBH@Z
?ProgramUniform2ui@gl@@YGXIHII@Z
?ProgramUniform2uiv@gl@@YGXIHHPBI@Z
?ProgramUniform3f@gl@@YGXIHMMM@Z
?ProgramUniform3fv@gl@@YGXIHHPBM@Z
?ProgramUniform3i@gl@@YGXIHHHH@Z
?ProgramUniform3iv@gl@@YGXIHHPBH@Z
?ProgramUniform3ui@gl@@YGXIHIII@Z
?ProgramUniform3uiv@gl@@YGXIHHPBI@Z
?ProgramUniform4f@gl@@YGXIHMMMM@Z
?ProgramUniform4fv@gl@@YGXIHHPBM@Z
?ProgramUniform4i@gl@@YGXIHHHHH@Z
?ProgramUniform4iv@gl@@YGXIHHPBH@Z
?ProgramUniform4ui@gl@@YGXIHIIII@Z
?ProgramUniform4uiv@gl@@YGXIHHPBI@Z
?ProgramUniformMatrix2fv@gl@@YGXIHHEPBM@Z
?ProgramUniformMatrix2x3fv@gl@@YGXIHHEPBM@Z
?ProgramUniformMatrix2x4fv@gl@@YGXIHHEPBM@Z
?ProgramUniformMatrix3fv@gl@@YGXIHHEPBM@Z
?ProgramUniformMatrix3x2fv@gl@@YGXIHHEPBM@Z
?ProgramUniformMatrix3x4fv@gl@@YGXIHHEPBM@Z
?ProgramUniformMatrix4fv@gl@@YGXIHHEPBM@Z
?ProgramUniformMatrix4x2fv@gl@@YGXIHHEPBM@Z
?ProgramUniformMatrix4x3fv@gl@@YGXIHHEPBM@Z
?PushDebugGroupKHR@gl@@YGXIIHPBD@Z
?PushGroupMarkerEXT@gl@@YGXHPBD@Z
?QueryAPI@egl@@YGIXZ
?QueryContext@egl@@YGIPAX0HPAH@Z
?QueryCounterEXT@gl@@YGXII@Z
?QueryDeviceAttribEXT@egl@@YGIPAXHPAH@Z
?QueryDeviceStringEXT@egl@@YGPBDPAXH@Z
?QueryDisplayAttribEXT@egl@@YGIPAXHPAH@Z
?QueryStreamKHR@egl@@YGIPAX0IPAH@Z
?QueryStreamu64KHR@egl@@YGIPAX0IPA_K@Z
?QueryString@egl@@YGPBDPAXH@Z
?QuerySurface@egl@@YGIPAX0HPAH@Z
?QuerySurfacePointerANGLE@egl@@YGIPAX0HPAPAX@Z
?ReadBuffer@gl@@YGXI@Z
?ReadPixels@gl@@YGXHHHHIIPAX@Z
?ReadPixelsRobustANGLE@gl@@YGXHHHHIIHPAHPAX@Z
?ReadnPixelsEXT@gl@@YGXHHHHIIHPAX@Z
?ReadnPixelsRobustANGLE@gl@@YGXHHHHIIHPAHPAX@Z
?ReleaseDeviceANGLE@egl@@YGIPAX@Z
?ReleaseShaderCompiler@gl@@YGXXZ
?ReleaseTexImage@egl@@YGIPAX0H@Z
?ReleaseThread@egl@@YGIXZ
?RenderbufferStorage@gl@@YGXIIHH@Z
?RenderbufferStorageMultisample@gl@@YGXIHIHH@Z
?RenderbufferStorageMultisampleANGLE@gl@@YGXIHIHH@Z
?RequestExtensionANGLE@gl@@YGXPBD@Z
?ResumeTransformFeedback@gl@@YGXXZ
?SampleCoverage@gl@@YGXME@Z
?SampleMaski@gl@@YGXII@Z
?SamplerParameterIivRobustANGLE@gl@@YGXIIHPBH@Z
?SamplerParameterIuivRobustANGLE@gl@@YGXIIHPBI@Z
?SamplerParameterf@gl@@YGXIIM@Z
?SamplerParameterfv@gl@@YGXIIPBM@Z
?SamplerParameterfvRobustANGLE@gl@@YGXIIHPBM@Z
?SamplerParameteri@gl@@YGXIIH@Z
?SamplerParameteriv@gl@@YGXIIPBH@Z
?SamplerParameterivRobustANGLE@gl@@YGXIIHPBH@Z
?Scissor@gl@@YGXHHHH@Z
?SetFenceNV@gl@@YGXII@Z
?ShaderBinary@gl@@YGXHPBIIPBXH@Z
?ShaderSource@gl@@YGXIHPBQBDPBH@Z
?StencilFillPathCHROMIUM@gl@@YGXIII@Z
?StencilFillPathInstancedCHROMIUM@gl@@YGXHIPBXIIIIPBM@Z
?StencilFunc@gl@@YGXIHI@Z
?StencilFuncSeparate@gl@@YGXIIHI@Z
?StencilMask@gl@@YGXI@Z
?StencilMaskSeparate@gl@@YGXII@Z
?StencilOp@gl@@YGXIII@Z
?StencilOpSeparate@gl@@YGXIIII@Z
?StencilStrokePathCHROMIUM@gl@@YGXIHI@Z
?StencilStrokePathInstancedCHROMIUM@gl@@YGXHIPBXIHIIPBM@Z
?StencilThenCoverFillPathCHROMIUM@gl@@YGXIIII@Z
?StencilThenCoverFillPathInstancedCHROMIUM@gl@@YGXHIPBXIIIIIPBM@Z
?StencilThenCoverStrokePathCHROMIUM@gl@@YGXIHII@Z
?StencilThenCoverStrokePathInstancedCHROMIUM@gl@@YGXHIPBXIHIIIPBM@Z
?StreamAttribKHR@egl@@YGIPAX0IH@Z
?StreamConsumerAcquireKHR@egl@@YGIPAX0@Z
?StreamConsumerGLTextureExternalAttribsNV@egl@@YGIPAX0PBH@Z
?StreamConsumerGLTextureExternalKHR@egl@@YGIPAX0@Z
?StreamConsumerReleaseKHR@egl@@YGIPAX0@Z
?StreamPostD3DTextureNV12ANGLE@egl@@YGIPAX00PBH@Z
?SurfaceAttrib@egl@@YGIPAX0HH@Z
?SwapBuffers@egl@@YGIPAX0@Z
?SwapBuffersWithDamageEXT@egl@@YAIPAX0PAHH@Z
?SwapInterval@egl@@YGIPAXH@Z
?Terminate@egl@@YGIPAX@Z
?TestFenceNV@gl@@YGEI@Z
?TexImage2D@gl@@YGXIHHHHHIIPBX@Z
?TexImage2DRobustANGLE@gl@@YGXIHHHHHIIHPBX@Z
?TexImage3D@gl@@YGXIHHHHHHIIPBX@Z
?TexImage3DRobustANGLE@gl@@YGXIHHHHHHIIHPBX@Z
?TexParameterIivRobustANGLE@gl@@YGXIIHPBH@Z
?TexParameterIuivRobustANGLE@gl@@YGXIIHPBI@Z
?TexParameterf@gl@@YGXIIM@Z
?TexParameterfv@gl@@YGXIIPBM@Z
?TexParameterfvRobustANGLE@gl@@YGXIIHPBM@Z
?TexParameteri@gl@@YGXIIH@Z
?TexParameteriv@gl@@YGXIIPBH@Z
?TexParameterivRobustANGLE@gl@@YGXIIHPBH@Z
?TexStorage2D@gl@@YGXIHIHH@Z
?TexStorage2DEXT@gl@@YGXIHIHH@Z
?TexStorage2DMultisample@gl@@YGXIHIHHE@Z
?TexStorage3D@gl@@YGXIHIHHH@Z
?TexSubImage2D@gl@@YGXIHHHHHIIPBX@Z
?TexSubImage2DRobustANGLE@gl@@YGXIHHHHHIIHPBX@Z
?TexSubImage3D@gl@@YGXIHHHHHHHIIPBX@Z
?TexSubImage3DRobustANGLE@gl@@YGXIHHHHHHHIIHPBX@Z
?TransformFeedbackVaryings@gl@@YGXIHPBQBDI@Z
?Uniform1f@gl@@YGXHM@Z
?Uniform1fv@gl@@YGXHHPBM@Z
?Uniform1i@gl@@YGXHH@Z
?Uniform1iv@gl@@YGXHHPBH@Z
?Uniform1ui@gl@@YGXHI@Z
?Uniform1uiv@gl@@YGXHHPBI@Z
?Uniform2f@gl@@YGXHMM@Z
?Uniform2fv@gl@@YGXHHPBM@Z
?Uniform2i@gl@@YGXHHH@Z
?Uniform2iv@gl@@YGXHHPBH@Z
?Uniform2ui@gl@@YGXHII@Z
?Uniform2uiv@gl@@YGXHHPBI@Z
?Uniform3f@gl@@YGXHMMM@Z
?Uniform3fv@gl@@YGXHHPBM@Z
?Uniform3i@gl@@YGXHHHH@Z
?Uniform3iv@gl@@YGXHHPBH@Z
?Uniform3ui@gl@@YGXHIII@Z
?Uniform3uiv@gl@@YGXHHPBI@Z
?Uniform4f@gl@@YGXHMMMM@Z
?Uniform4fv@gl@@YGXHHPBM@Z
?Uniform4i@gl@@YGXHHHHH@Z
?Uniform4iv@gl@@YGXHHPBH@Z
?Uniform4ui@gl@@YGXHIIII@Z
?Uniform4uiv@gl@@YGXHHPBI@Z
?UniformBlockBinding@gl@@YGXIII@Z
?UniformMatrix2fv@gl@@YGXHHEPBM@Z
?UniformMatrix2x3fv@gl@@YGXHHEPBM@Z
?UniformMatrix2x4fv@gl@@YGXHHEPBM@Z
?UniformMatrix3fv@gl@@YGXHHEPBM@Z
?UniformMatrix3x2fv@gl@@YGXHHEPBM@Z
?UniformMatrix3x4fv@gl@@YGXHHEPBM@Z
?UniformMatrix4fv@gl@@YGXHHEPBM@Z
?UniformMatrix4x2fv@gl@@YGXHHEPBM@Z
?UniformMatrix4x3fv@gl@@YGXHHEPBM@Z
?UnmapBuffer@gl@@YGEI@Z
?UnmapBufferOES@gl@@YGEI@Z
?UseProgram@gl@@YGXI@Z

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 429KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sedplugins.dll
.dll windows:10 windows x64 arch:x64

f0ff3f9101ac57c7da398f9d63b4c82c

Code Sign

33:00:00:01:c3:13:a0:85:c3:56:e2:99:d7:00:00:00:00:01:c3
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:79:19:53:16:63:2d:64:c4:2e:7c:7d:f9:23:dc:8a:0b:23:c3:b5:cc:ba:43:32:a8:47:e5:c8:5d:f9:28:9e
Signer

Actual PE Digest

5e:79:19:53:16:63:2d:64:c4:2e:7c:7d:f9:23:dc:8a:0b:23:c3:b5:cc:ba:43:32:a8:47:e5:c8:5d:f9:28:9e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sedplugins.pdb

Imports

api-ms-win-crt-locale-l1-1-0

_lock_locales
_unlock_locales

api-ms-win-crt-string-l1-1-0

strcspn
wcsnlen
wcscmp
memset
__strncnt
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__localtime64
_o__lock_file
_o__malloc_base
_o__mktime64
_o__purecall
_o__realloc_base
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__Strftime
_o__unlock_file
_o__W_Getdays
_o__W_Getmonths
_o__W_Gettnames
_o__wcsdup
_o__Wcsftime
_o__wcsicmp
_o__wcsnicmp
_o__wcstoi64
_o__wcsupr_s
_o__wfsopen
_o__wtoi
_o__wtol
_o_abort
_o_calloc
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputwc
_o_free
_o_frexp
_o_fsetpos
_o_fwrite
_o_islower
_o_isspace
_o_isupper
_o_ldexp
_o_localeconv
_o_malloc
_o_mbstowcs
_o_mbstowcs_s
_o_pow
_o_powf
_o_realloc
_o_round
_o_setlocale
_o_setvbuf
_o_strncpy_s
_o_strtod
_o_strtof
_o_strtol
_o_terminate
_o_tolower
_o_towlower
_o_ungetc
_o_ungetwc
_o_wcscpy_s
_o_wcstok_s
_o_wcstol
_o_wcstombs
_o_wcstoul
_o_wcstoull
__uncaught_exception
memchr
__C_specific_handler
_CxxThrowException
_o__ismbblead
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__Gettnames
_o__Getmonths
_o__Getdays
_o__fseeki64
_o__free_base
_o__execute_onexit_table
_o__errno
wcsstr
_o__difftime64
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__calloc_base
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o____mb_cur_max_func
_o____lc_locale_name_func
_o____lc_collate_cp_func
_o____lc_codepage_func
strrchr
wcsrchr
strchr
wcschr
memmove
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-core-file-l1-1-0

GetFileAttributesW
GetDriveTypeW
GetDiskFreeSpaceExW
CreateDirectoryW
CreateFileW
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
ReadFile
GetTempFileNameW
GetVolumeInformationW
WriteFile
FlushFileBuffers
SetEndOfFile
GetFileSize
FileTimeToLocalFileTime
RemoveDirectoryW
CompareFileTime
SetFileAttributesW

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleA
LoadLibraryExW
LoadLibraryExA
GetModuleFileNameA
GetModuleHandleW
FreeLibrary
LoadResource
GetModuleHandleExW
LockResource
GetProcAddress
SizeofResource

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
StartTraceW
EnableTraceEx2

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegCloseKey
RegGetValueW
RegSetValueExW
RegDeleteTreeW
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW

api-ms-win-core-synch-l1-1-0

ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
CreateMutexExW
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSection
OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObjectEx
CreateSemaphoreExW
ReleaseMutex
CreateEventW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapSize
HeapReAlloc
HeapDestroy

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoTaskMemRealloc
CoInitializeEx
CoTaskMemAlloc
CoCreateGuid
CoSetProxyBlanket
CLSIDFromString

api-ms-win-eventing-legacy-l1-1-0

QueryTraceW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
MoveFileW
CopyFileW
FindResourceW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalFree
LocalFree
LocalAlloc

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetCurrentThreadId
GetCurrentProcess
GetExitCodeProcess
CreateProcessAsUserW
TerminateProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetVersionExA
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetLocalTime
GetVersionExW

api-ms-win-core-localization-l1-2-0

GetCPInfo
FormatMessageW
GetLocaleInfoEx
GetUserDefaultLocaleName
LCMapStringEx
GetUserGeoID

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

SetHandleInformation
CloseHandle

oleaut32

SysAllocStringLen
SysFreeString
VariantClear
SysStringLen
VariantTimeToSystemTime
VarBstrCmp
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantChangeType

api-ms-win-core-timezone-l1-1-0

TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegEnumKeyW
RegSetKeyValueW

api-ms-win-core-string-l1-1-0

CompareStringEx
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

shell32

CommandLineToArgvW
SHGetKnownFolderPath

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-path-l1-1-0

PathCchCombine

ext-ms-win-storage-sense-l1-1-0

TriggerStorageCleanup

dmcmnutils

DecodeBase64W
EncodeBase64W

ext-ms-win-session-wtsapi32-l1-1-0

WTSEnumerateProcessesW
WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken
WTSQuerySessionInformationW

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetSpecialFolderPathW
SHGetFolderPathW

ext-ms-win-shell-shlwapi-l1-1-0

PathIsDirectoryW

ext-ms-win-wer-reporting-l1-1-0

WerReportAddFile
WerReportCreate
WerReportSubmit
WerReportSetParameter
WerReportCloseHandle

api-ms-win-crt-time-l1-1-0

_time64

winhttp

WinHttpSetTimeouts
WinHttpSendRequest
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpOpen
WinHttpQueryOption

crypt32

CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CryptStringToBinaryW
CertFreeCertificateContext

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
SetSystemTime
GetNativeSystemInfo

ntdll

NtQueryVolumeInformationFile
RtlConvertDeviceFamilyInfoToString
RtlNtStatusToDosError
NtPowerInformation
RtlGetVersion

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-core-psapi-l1-1-0

K32GetModuleBaseNameW
K32EnumProcesses

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW
CreateServiceW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW
QueryServiceConfig2W
ChangeServiceConfig2W

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

netutils

NetApiBufferFree

samcli

NetUserGetInfo

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
EqualSid

wkscli

NetGetJoinInformation

iphlpapi

IcmpSendEcho
IcmpCreateFile

ws2_32

WSAStartup
inet_ntoa
inet_addr
getaddrinfo

api-ms-win-core-namedpipe-l1-1-0

CreatePipe

xmllite

CreateXmlReader

bcrypt

BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptGetProperty
BCryptHashData

kernel32

PowerSetRequest
PowerCreateRequest
PowerClearRequest
GetCompressedFileSizeW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW

user32

UnregisterClassA

netapi32

NetGetAadJoinInformation
NetFreeAadJoinInformation

atl

ord30

wininet

InternetOpenW
InternetOpenUrlW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle

ext-ms-win-setupapi-classinstallers-l1-1-2

SetupIterateCabinetW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

cryptsp

CryptCreateHash
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
CryptReleaseContext
CryptHashData

Exports

Exports

CheckShellTask
EnumeratePlugins
EnumeratePluginsWithApplicationSource
ExecuteShell
GetPluginDefaultSettings
GetSettingsName
Plugin_DetectCondition
Plugin_Init
Plugin_IsActionApplicable
Plugin_IsEnabled
Plugin_IsInteractiveOnly
Plugin_PerformAction
Plugin_Process
Plugin_Uninit
SedimentDriver_Init
SedimentDriver_Uninit

Sections

.text
Size: 716KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.exe
.exe windows:6 windows x86 arch:x86

2689906c6b41df3c46a2084eb8832a3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
WriteConsoleW
CloseHandle
CreateFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
DecodePointer

urlmon

CreateURLMoniker

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kii
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 826KB - Virtual size: 825KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

553dfc6cd5891a057991f0695d243342

Code Sign

61:02:92:4a:00:00:00:00:00:20Certificate

Extended Key Usages

61:05:dd:42:00:00:00:00:00:14Certificate

Extended Key Usages

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:07:02:dc:00:00:00:00:00:0bCertificate

Extended Key Usages

Key Usages

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

13:74:37:a3:05:3b:16:9c:08:97:37:aa:12:48:99:06:ef:23:b7:35:ba:d0:5c:1b:29:3d:ae:ca:3c:9a:4a:b2Signer

3c:aa:50:ed:7a:7b:75:89:86:2f:97:5d:01:74:0e:5b:fe:6f:ba:eaSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

setupapi

kernel32

advapi32

shell32

user32

shlwapi

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 55KB

.data Size: 512B - Virtual size: 18KB

.pdata Size: 1KB - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 512B - Virtual size: 108B

82ea2e0411755a995020c5465b52ceb7

Code Sign

07:c7:0f:7c:ab:14:5b:c1:ed:38:5f:be:69:fa:31:30Certificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

c4:82:45:88:5b:c1:02:f0:3a:89:5b:8a:ee:23:10:76:68:0f:9c:43:d7:92:c6:22:37:75:a9:f5:26:d9:63:f1Signer

1e:41:ae:66:6c:f3:3b:f7:80:bd:1e:7e:42:24:cd:c5:66:2c:1d:7fSigner

Headers

DLL Characteristics

File Characteristics

61:02:92:4a:00:00:00:00:00:20
Certificate

61:05:dd:42:00:00:00:00:00:14
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:07:02:dc:00:00:00:00:00:0b
Certificate

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

13:74:37:a3:05:3b:16:9c:08:97:37:aa:12:48:99:06:ef:23:b7:35:ba:d0:5c:1b:29:3d:ae:ca:3c:9a:4a:b2
Signer

3c:aa:50:ed:7a:7b:75:89:86:2f:97:5d:01:74:0e:5b:fe:6f:ba:ea
Signer

.text
Size: 55KB - Virtual size: 55KB

.data
Size: 512B - Virtual size: 18KB

.pdata
Size: 1KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 512B - Virtual size: 108B

07:c7:0f:7c:ab:14:5b:c1:ed:38:5f:be:69:fa:31:30
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

c4:82:45:88:5b:c1:02:f0:3a:89:5b:8a:ee:23:10:76:68:0f:9c:43:d7:92:c6:22:37:75:a9:f5:26:d9:63:f1
Signer

1e:41:ae:66:6c:f3:3b:f7:80:bd:1e:7e:42:24:cd:c5:66:2c:1d:7f
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 429KB - Virtual size: 428KB

.data
Size: 9KB - Virtual size: 23KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 73KB - Virtual size: 72KB

33:00:00:01:c3:13:a0:85:c3:56:e2:99:d7:00:00:00:00:01:c3
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

5e:79:19:53:16:63:2d:64:c4:2e:7c:7d:f9:23:dc:8a:0b:23:c3:b5:cc:ba:43:32:a8:47:e5:c8:5d:f9:28:9e
Signer