0f94594cbef489a8ddca285f1ca52ca4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0f94594cbef489a8ddca285f1ca52ca4_JaffaCakes118
Size

2.9MB
MD5

0f94594cbef489a8ddca285f1ca52ca4
SHA1

88bfb5abc03b93e43076d4bca13c25cdd8498b52
SHA256

2d849d1e6cda005bc5ddc6e95247ed6e0e1184db2d1380fe99999e3765fd8a67
SHA512

abe6df2db5521f4c43d887a788e09abbd8e84292ad7d29a656ecb0ab7a8a4f9b3e20ea458e5a6d18276447ba5b6f628cfc04456fe994a6ab3d19b3473ed5bccb
SSDEEP

49152:FrAS1ZsOLcjtmCmL9X95++9PQOHy34fKseTq0XStBDbJ1oAPC2Sa1sUb9w7nhBY:FrAKOJmZ7I+9pS35seTjXStRbTo+QaCc

Score

3^/10

Malware Config

Signatures

Unsigned PE 21 IoCs

Checks for missing Authenticode signature.

resource
0f94594cbef489a8ddca285f1ca52ca4_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/KmdUtil.exe
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/SbieDll.dll
unpack001/$PLUGINSDIR/SbieMsg.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/32/SbieDll.dll
unpack001/32/SbieSvc.exe
unpack001/SandboxieBITS.exe
unpack001/SandboxieCrypto.exe
unpack001/SandboxieDcomLaunch.exe
unpack001/SandboxieRpcSs.exe
unpack001/SandboxieWUAU.exe
unpack001/SbieCtrl.exe
unpack001/SbieDll.dll
unpack001/SbieIni.exe
unpack001/SbieMsg.dll
unpack001/SbieSvc.exe
unpack001/SboxHostDll.dll
unpack001/Start.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

0f94594cbef489a8ddca285f1ca52ca4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ab6770b0a8635b9d92a5838920cfe770

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CompareFileTime
SearchPathA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
CreateDirectoryA
lstrcmpiA
GetTempPathA
GetCommandLineA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
LoadLibraryA
SetFileTime
CloseHandle
GlobalFree
lstrcmpA
ExpandEnvironmentStringsA
GetExitCodeProcess
GlobalAlloc
WaitForSingleObject
ExitProcess
GetWindowsDirectoryA
GetProcAddress
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
ReadFile
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
MulDiv
LoadLibraryExA
GetModuleHandleA
MultiByteToWideChar
FreeLibrary

user32

GetWindowRect
EnableMenuItem
GetSystemMenu
ScreenToClient
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetForegroundWindow
PostQuitMessage
RegisterClassA
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
OpenClipboard
TrackPopupMenu
SendMessageTimeoutA
GetDC
LoadImageA
GetDlgItem
FindWindowExA
IsWindow
SetClipboardData
SetWindowLongA
EmptyClipboard
SetTimer
CreateDialogParamA
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_Destroy
ord17
ImageList_AddMasked

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

738dc9bb91549f627cf1953c2000e1d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryA
MultiByteToWideChar
SetCurrentDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock

user32

GetDlgCtrlID
CloseClipboard
GetClipboardData
MapWindowPoints
LoadCursorA
GetClientRect
SetWindowRgn
LoadIconA
GetWindowLongA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
SetCursor
PtInRect
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
EnableMenuItem
DrawTextA
GetSystemMenu
OpenClipboard
LoadImageA

gdi32

SetTextColor
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectA

shell32

SHGetPathFromIDListA
ShellExecuteA
SHBrowseForFolderA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallType.ini
$PLUGINSDIR/KmdUtil.exe
.exe windows:6 windows x64 arch:x64

b8b599595af087487fcb027000b05c56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\Sandboxie\Sandboxie\Bin\x64\SbieRelease\kmdutil.pdb

Imports

ntdll

RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtUnloadDriver
RtlInitUnicodeString

psapi

EnumProcesses
GetModuleBaseNameW
EnumProcessModules

sbiedll

SbieApi_QueryConf
SbieApi_GetVersion
Sbie_swprintf
SbieApi_IsBoxEnabled
SbieApi_CallZero

kernel32

SetLastError
HeapAlloc
GetProcessHeap
Sleep
GetModuleFileNameW
LocalAlloc
LocalFree
FormatMessageW
LoadLibraryW
CloseHandle
GetCurrentProcess
HeapFree
GetCurrentProcessId
ExitProcess
TerminateProcess
ProcessIdToSessionId
OpenProcess
GetModuleHandleW
GetProcAddress
ReadFile
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
MultiByteToWideChar
GetACP
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
GetStdHandle
GetFileType
GetStartupInfoW
GetConsoleMode
GetLastError
SetFilePointerEx
WriteFile
GetConsoleCP
GetStringTypeW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryExW
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
CreateFileW
SetStdHandle
FlushFileBuffers
WriteConsoleW
GetModuleHandleExW
SetEndOfFile
RaiseException
HeapSize
HeapReAlloc
GetCommandLineW
QueryPerformanceCounter
InitializeSListHead
GetModuleFileNameA
FindClose
FindFirstFileExA
FindNextFileA
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW

user32

DestroyWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
ShowWindow
SendMessageW
DispatchMessageW
GetMessageW
MessageBoxW
SetFocus
GetFocus
GetWindowRect
GetWindowLongW
GetDesktopWindow
GetParent
GetWindow
SystemParametersInfoW
LoadIconW
PostMessageW
LoadCursorW

gdi32

CreateFontIndirectW
GetStockObject

advapi32

DeleteService
CloseServiceHandle
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
ControlService
CreateServiceW
LookupPrivilegeValueW
OpenSCManagerW
OpenServiceW
StartServiceW
OpenProcessToken
AdjustTokenPrivileges

shell32

CommandLineToArgvW

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

4e5f0ae8071ae04cdb537283701198ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetACP
GlobalFree
GetModuleHandleA
lstrcpynA
lstrcmpA
MulDiv
GlobalAlloc
lstrlenA
lstrcpyA

user32

SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
SetWindowTextA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

DeleteObject
CreateFontIndirectA
GetDeviceCaps

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SbieDll.dll
.dll windows:6 windows x64 arch:x64

f0720de5fdc56f1106865beb1ce65e40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieDll.pdb

Imports

ntdll

RtlAddAccessAllowedAceEx
RtlCreateSecurityDescriptor
strstr
_strlwr
RtlCreateAcl
NtUnmapViewOfSection
NtCreateJobObject
NtAssignProcessToJobObject
NtSetInformationJobObject
NtAdjustPrivilegesToken
NtDuplicateObject
NtSetInformationToken
NtOpenProcess
RtlConvertSidToUnicodeString
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtSetSecurityObject
NtQuerySecurityObject
RtlNtStatusToDosError
NtQueryVirtualMemory
iswctype
NtProtectVirtualMemory
NtLoadDriver
LdrQueryImageFileExecutionOptions
LdrQueryProcessModuleInformation
LdrUnloadDll
LdrLoadDll
NtYieldExecution
_stricmp
tolower
NtNotifyChangeMultipleKeys
NtNotifyChangeKey
NtEnumerateValueKey
NtQueryMultipleValueKey
NtSaveKey
NtLoadKey
NtDeleteValueKey
NtDeleteKey
NtSetInformationKey
NtQueryKey
NtImpersonateAnonymousToken
NtImpersonateThread
NtDuplicateToken
NtQueryInformationToken
NtOpenThreadToken
NtOpenSection
NtCreateSection
NtOpenSemaphore
NtCreateSemaphore
NtOpenMutant
NtCreateMutant
NtOpenEvent
NtCreateEvent
NtImpersonateClientOfPort
NtSecureConnectPort
NtCreatePort
RtlUnicodeStringToAnsiString
NtOpenThread
NtQueryInformationThread
__chkstk
wcstoul
NtOpenProcessToken
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitString
NtQueryInformationProcess
strncmp
strchr
NtSetInformationThread
_wtoi
RtlGetFullPathName_U
RtlSetCurrentDirectory_U
RtlGetCurrentDirectory_U
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlCompareUnicodeString
NtQuerySystemInformation
NtSetInformationProcess
NtQueryVolumeInformationFile
NtCreateNamedPipeFile
NtCreateMailslotFile
NtFsControlFile
NtDeviceIoControlFile
NtWriteFile
NtReadFile
NtDeleteFile
NtSetInformationFile
NtQueryFullAttributesFile
NtQueryAttributesFile
NtQueryInformationFile
NtQueryDirectoryFile
NtOpenFile
NtCreateFile
NtOpenDirectoryObject
NtQueryObject
wcsncpy
wcstol
wcsrchr
__C_specific_handler
_wcslwr
memcmp
LdrGetProcedureAddress
NtSetValueKey
NtEnumerateKey
NtCreateKey
NtOpenKey
wcsstr
_wcsicmp
wcsncmp
_itow
NtQueryValueKey
wcschr
memmove
memset
memcpy
RtlInitUnicodeString
NtRequestWaitReplyPort
NtRegisterThreadTerminatePort
NtConnectPort
NtClose
towlower
NtMapViewOfSection
_wcsnicmp

kernel32

OpenThread
SetLocaleInfoW
SetLocaleInfoA
PostQueuedCompletionStatus
EnumResourceNamesW
SizeofResource
ReadFile
FormatMessageW
LoadLibraryExW
GetVersionExW
GetLongPathNameW
GetFullPathNameW
OpenMutexW
WinExec
CreateProcessA
TerminateProcess
QueueUserWorkItem
CreateFileA
GetProcessId
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetWindowsDirectoryW
CreateMutexW
ReleaseMutex
HeapDestroy
HeapCreate
ResumeThread
SetThreadPriority
GetExitCodeProcess
OpenEventW
DeleteCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
RaiseException
GlobalAddAtomW
UnmapViewOfFile
MapViewOfFileEx
GetThreadTimes
FindResourceW
FindResourceA
LockResource
LoadResource
GlobalUnlock
GlobalLock
GlobalSize
GetConsoleWindow
AllocConsole
SetConsoleTitleW
SetConsoleTitleA
GetConsoleTitleW
GetConsoleTitleA
WaitForMultipleObjects
GetStartupInfoW
CreateThread
GetCurrentThreadId
WideCharToMultiByte
GetSystemInfo
OpenProcess
GetCurrentProcess
Sleep
GetSystemWindowsDirectoryW
ReplaceFileW
MoveFileWithProgressW
MoveFileExW
GetPrivateProfileStringW
GetTickCount
GetCurrentThread
QueueUserAPC
TryEnterCriticalSection
GetFileAttributesW
DeleteFileW
CreateFileW
CreateDirectoryW
GetEnvironmentVariableW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleA
VirtualFree
GetCurrentProcessId
SetEvent
InitializeCriticalSection
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
VirtualProtect
CreateProcessW
ExitProcess
SetEnvironmentVariableW
GetCommandLineW
WaitForSingleObject
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
GetModuleHandleW
FreeLibrary
OutputDebugStringW
ExpandEnvironmentStringsW
CreateEventW
CloseHandle
GlobalFree
GlobalAlloc
GetProcAddress
SetLastError
GetLastError
LoadLibraryW

psapi

GetModuleInformation

Exports

Exports

SbieApi_CallOne
SbieApi_CallThree
SbieApi_CallTwo
SbieApi_CallZero
SbieApi_CheckInternetAccess
SbieApi_DisableForceProcess
SbieApi_EnumBoxes
SbieApi_EnumBoxesEx
SbieApi_EnumProcessEx
SbieApi_GetFileName
SbieApi_GetHomePath
SbieApi_GetMessage
SbieApi_GetUnmountHive
SbieApi_GetVersion
SbieApi_HookTramp
SbieApi_IsBoxEnabled
SbieApi_Log
SbieApi_LogEx
SbieApi_MonitorControl
SbieApi_MonitorGet
SbieApi_MonitorGetEx
SbieApi_MonitorPut
SbieApi_MonitorPut2
SbieApi_OpenProcess
SbieApi_QueryBoxPath
SbieApi_QueryConf
SbieApi_QueryConfBool
SbieApi_QueryPathList
SbieApi_QueryProcess
SbieApi_QueryProcessEx
SbieApi_QueryProcessEx2
SbieApi_QueryProcessInfo
SbieApi_QueryProcessPath
SbieApi_ReloadConf
SbieApi_SessionLeader
SbieApi_SetUserName
SbieApi_vLogEx
SbieDll_AssocQueryCommand
SbieDll_AssocQueryProgram
SbieDll_CallServer
SbieDll_ComCreateProxy
SbieDll_ComCreateStub
SbieDll_DeviceChange
SbieDll_DisableElevationHook
SbieDll_ExpandAndRunProgram
SbieDll_FormatMessage
SbieDll_FormatMessage0
SbieDll_FormatMessage1
SbieDll_FormatMessage2
SbieDll_FreeMem
SbieDll_GetDrivePath
SbieDll_GetHandlePath
SbieDll_GetLanguage
SbieDll_GetServiceRegistryValue
SbieDll_GetStartError
SbieDll_GetTokenElevationType
SbieDll_GetUserPathEx
SbieDll_Hook
SbieDll_InitPStore
SbieDll_IsBoxedService
SbieDll_IsDirectory
SbieDll_IsOpenCOM
SbieDll_IsOpenClsid
SbieDll_KillAll
SbieDll_KillOne
SbieDll_PortName
SbieDll_QueueCreate
SbieDll_QueueGetReq
SbieDll_QueueGetRpl
SbieDll_QueuePutReq
SbieDll_QueuePutRpl
SbieDll_RegisterDllCallback
SbieDll_RunFromHome
SbieDll_RunSandboxed
SbieDll_StartBoxedService
SbieDll_StartCOM
SbieDll_StartSbieSvc
SbieDll_TranslateNtToDosPath
SbieDll_UpdateConf
Sbie_sprintf
Sbie_swprintf

Sections

.text
Size: 439KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SbieMsg.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieMsg.pdb

Sections

.rdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

f2ac1ab587d5531d5f1bf76c094aef4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GlobalAlloc
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Warning.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
32/SbieDll.dll
.dll windows:6 windows x86 arch:x86

ce070c348ee9364cd79560d2fcfdcd67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\Sandboxie\Sandboxie\Bin\Win32\SbieRelease\SbieDll.pdb

Imports

ntdll

RtlConvertSidToUnicodeString
NtOpenProcess
NtSetInformationToken
NtDuplicateObject
NtAdjustPrivilegesToken
RtlCreateAcl
RtlAddAccessAllowedAceEx
RtlCreateSecurityDescriptor
RtlSetSaclSecurityDescriptor
_strlwr
NtMapViewOfSection
NtUnmapViewOfSection
NtCreateJobObject
NtAssignProcessToJobObject
NtSetInformationJobObject
RtlUnwind
RtlSetDaclSecurityDescriptor
NtSetSecurityObject
NtQuerySecurityObject
RtlNtStatusToDosError
NtQueryVirtualMemory
iswctype
NtLoadDriver
LdrQueryImageFileExecutionOptions
LdrQueryProcessModuleInformation
LdrUnloadDll
LdrLoadDll
NtYieldExecution
strcmp
tolower
NtNotifyChangeMultipleKeys
NtNotifyChangeKey
NtEnumerateValueKey
NtQueryMultipleValueKey
NtSaveKey
NtLoadKey
NtDeleteValueKey
NtDeleteKey
NtSetInformationKey
NtQueryKey
NtImpersonateAnonymousToken
NtImpersonateThread
NtDuplicateToken
NtQueryInformationToken
NtOpenThreadToken
NtOpenSection
NtCreateSection
NtOpenSemaphore
NtCreateSemaphore
NtOpenMutant
NtCreateMutant
NtOpenEvent
NtCreateEvent
NtImpersonateClientOfPort
NtSecureConnectPort
NtCreatePort
RtlUnicodeStringToAnsiString
NtOpenThread
NtQueryInformationThread
wcstoul
NtOpenProcessToken
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitString
NtQueryInformationProcess
strncmp
strcpy
strchr
NtSetInformationThread
_allshl
_wtoi
RtlGetFullPathName_U
RtlSetCurrentDirectory_U
RtlGetCurrentDirectory_U
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlCompareUnicodeString
NtQuerySystemInformation
NtSetInformationProcess
NtQueryVolumeInformationFile
NtCreateNamedPipeFile
NtCreateMailslotFile
NtFsControlFile
NtDeviceIoControlFile
NtWriteFile
NtReadFile
NtDeleteFile
NtSetInformationFile
NtQueryFullAttributesFile
NtQueryAttributesFile
NtQueryInformationFile
NtQueryDirectoryFile
NtOpenFile
NtCreateFile
NtOpenDirectoryObject
NtQueryObject
strlen
wcsncpy
wcscmp
wcstol
wcsrchr
NtProtectVirtualMemory
_stricmp
_wcslwr
LdrGetProcedureAddress
NtSetValueKey
NtEnumerateKey
NtCreateKey
NtOpenKey
wcsstr
_wcsicmp
wcsncmp
_itow
NtQueryValueKey
wcscat
wcschr
memmove
memcmp
RtlInitUnicodeString
NtRequestWaitReplyPort
NtRegisterThreadTerminatePort
NtConnectPort
NtClose
wcslen
wcscpy
memset
memcpy
towlower
strstr
_wcsnicmp

kernel32

GetSystemInfo
SetLocaleInfoW
SetLocaleInfoA
PostQueuedCompletionStatus
EnumResourceNamesW
SizeofResource
ReadFile
FormatMessageW
LoadLibraryExW
GetVersionExW
GetLongPathNameW
GetFullPathNameW
OpenMutexW
WinExec
CreateProcessA
TerminateProcess
QueueUserWorkItem
CreateFileA
GetProcessId
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetWindowsDirectoryW
CreateMutexW
ReleaseMutex
HeapDestroy
HeapCreate
ResumeThread
SetThreadPriority
GetExitCodeProcess
OpenEventW
DeleteCriticalSection
RaiseException
GlobalAddAtomW
UnmapViewOfFile
MapViewOfFileEx
GetThreadTimes
FindResourceW
FindResourceA
LockResource
LoadResource
GlobalUnlock
GlobalLock
GlobalSize
GetConsoleWindow
AllocConsole
SetConsoleTitleW
SetConsoleTitleA
GetConsoleTitleW
GetConsoleTitleA
WaitForMultipleObjects
GetStartupInfoW
OpenThread
GetCurrentThreadId
WideCharToMultiByte
CreateThread
OpenProcess
Sleep
ReplaceFileW
MoveFileWithProgressW
MoveFileExW
GetPrivateProfileStringW
GetSystemWindowsDirectoryW
GetTickCount
GetCurrentThread
QueueUserAPC
TryEnterCriticalSection
InitializeCriticalSection
GetFileAttributesW
DeleteFileW
CreateFileW
CreateDirectoryW
GetEnvironmentVariableW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleA
VirtualFree
GetCurrentProcessId
SetEvent
VirtualAlloc
GetModuleFileNameW
VirtualProtect
CreateProcessW
ExitProcess
SetEnvironmentVariableW
GetCommandLineW
WaitForSingleObject
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
GetModuleHandleW
FreeLibrary
GetProcessHeap
HeapFree
HeapAlloc
OutputDebugStringW
ExpandEnvironmentStringsW
GetCurrentProcess
CreateEventW
CloseHandle
GlobalFree
GlobalAlloc
GetProcAddress
SetLastError
GetLastError
LoadLibraryW

psapi

GetModuleInformation

Exports

Exports

SbieApi_CallOne
SbieApi_CallTwo
SbieApi_CallZero
SbieApi_CheckInternetAccess
SbieApi_DisableForceProcess
SbieApi_EnumBoxes
SbieApi_EnumProcessEx
SbieApi_GetFileName
SbieApi_GetHomePath
SbieApi_GetMessage
SbieApi_GetUnmountHive
SbieApi_GetVersion
SbieApi_HookTramp
SbieApi_IsBoxEnabled
SbieApi_Log
SbieApi_LogEx
SbieApi_MonitorControl
SbieApi_MonitorGet
SbieApi_MonitorGetEx
SbieApi_MonitorPut
SbieApi_MonitorPut2
SbieApi_OpenProcess
SbieApi_QueryBoxPath
SbieApi_QueryConf
SbieApi_QueryConfBool
SbieApi_QueryPathList
SbieApi_QueryProcess
SbieApi_QueryProcessEx
SbieApi_QueryProcessInfo
SbieApi_QueryProcessPath
SbieApi_ReloadConf
SbieApi_SessionLeader
SbieApi_SetUserName
SbieDll_AssocQueryCommand
SbieDll_AssocQueryProgram
SbieDll_CallServer
SbieDll_ComCreateProxy
SbieDll_ComCreateStub
SbieDll_DeviceChange
SbieDll_DisableElevationHook
SbieDll_ExpandAndRunProgram
SbieDll_FormatMessage
SbieDll_FormatMessage0
SbieDll_FormatMessage1
SbieDll_FormatMessage2
SbieDll_FreeMem
SbieDll_GetDrivePath
SbieDll_GetHandlePath
SbieDll_GetLanguage
SbieDll_GetServiceRegistryValue
SbieDll_GetStartError
SbieDll_GetTokenElevationType
SbieDll_GetUserPathEx
SbieDll_Hook
SbieDll_InitPStore
SbieDll_IsBoxedService
SbieDll_IsDirectory
SbieDll_IsOpenCOM
SbieDll_IsOpenClsid
SbieDll_KillAll
SbieDll_KillOne
SbieDll_PortName
SbieDll_QueueCreate
SbieDll_QueueGetReq
SbieDll_QueueGetRpl
SbieDll_QueuePutReq
SbieDll_QueuePutRpl
SbieDll_RegisterDllCallback
SbieDll_RunFromHome
SbieDll_RunSandboxed
SbieDll_StartBoxedService
SbieDll_StartCOM
SbieDll_StartSbieSvc
SbieDll_TranslateNtToDosPath
SbieDll_UpdateConf
Sbie_sprintf
Sbie_swprintf
_SbieApi_CallOne@8
_SbieApi_CallThree@16
_SbieApi_CallTwo@12
_SbieApi_CallZero@4
_SbieApi_CheckInternetAccess@12
_SbieApi_DisableForceProcess@8
_SbieApi_EnumBoxes@8
_SbieApi_EnumBoxesEx@12
_SbieApi_EnumProcessEx@16
_SbieApi_GetFileName@12
_SbieApi_GetHomePath@16
_SbieApi_GetMessage@24
_SbieApi_GetUnmountHive@4
_SbieApi_GetVersion@4
_SbieApi_HookTramp@8
_SbieApi_IsBoxEnabled@4
_SbieApi_MonitorControl@8
_SbieApi_MonitorGet@8
_SbieApi_MonitorGetEx@16
_SbieApi_MonitorPut2@12
_SbieApi_MonitorPut@8
_SbieApi_OpenProcess@8
_SbieApi_QueryBoxPath@28
_SbieApi_QueryConf@20
_SbieApi_QueryConfBool@12
_SbieApi_QueryPathList@16
_SbieApi_QueryProcess@20
_SbieApi_QueryProcessEx2@28
_SbieApi_QueryProcessEx@24
_SbieApi_QueryProcessInfo@8
_SbieApi_QueryProcessPath@28
_SbieApi_ReloadConf@4
_SbieApi_SessionLeader@8
_SbieApi_SetUserName@8
_SbieApi_vLogEx@16
_SbieDll_AssocQueryCommand@4
_SbieDll_AssocQueryProgram@4
_SbieDll_CallServer@4
_SbieDll_ComCreateProxy@16
_SbieDll_ComCreateStub@16
_SbieDll_DeviceChange@8
_SbieDll_DisableElevationHook@0
_SbieDll_ExpandAndRunProgram@4
_SbieDll_FormatMessage0@4
_SbieDll_FormatMessage1@8
_SbieDll_FormatMessage2@12
_SbieDll_FormatMessage@8
_SbieDll_FreeMem@4
_SbieDll_GetDrivePath@4
_SbieDll_GetHandlePath@12
_SbieDll_GetLanguage@4
_SbieDll_GetServiceRegistryValue@12
_SbieDll_GetStartError@0
_SbieDll_GetTokenElevationType@0
_SbieDll_GetUserPathEx@4
_SbieDll_Hook@12
_SbieDll_InitPStore@0
_SbieDll_IsBoxedService@4
_SbieDll_IsDirectory@4
_SbieDll_IsOpenCOM@0
_SbieDll_IsOpenClsid@12
_SbieDll_KillAll@8
_SbieDll_KillOne@4
_SbieDll_PortName@0
_SbieDll_QueueCreate@8
_SbieDll_QueueGetReq@24
_SbieDll_QueueGetRpl@16
_SbieDll_QueuePutReq@20
_SbieDll_QueuePutRpl@16
_SbieDll_RegisterDllCallback@4
_SbieDll_RunFromHome@16
_SbieDll_RunSandboxed@24
_SbieDll_StartBoxedService@8
_SbieDll_StartCOM@4
_SbieDll_StartSbieSvc@4
_SbieDll_TranslateNtToDosPath@4
_SbieDll_UpdateConf@20

Sections

.text
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
32/SbieSvc.exe
.exe windows:6 windows x86 arch:x86

84e3b1fee1ea50c0e30f232ce1bb064e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Projects\Sandboxie\Sandboxie\Bin\Win32\SbieRelease\SbieSvc.pdb

Imports

sbiedll

_SbieDll_FormatMessage0@4
_SbieDll_GetLanguage@4
_SbieApi_OpenProcess@8
_SbieApi_ReloadConf@4
_SbieApi_SessionLeader@8
_SbieApi_CallTwo@12
_SbieApi_QueryConfBool@12
_SbieApi_CheckInternetAccess@12
_SbieApi_QueryConf@20
_SbieDll_QueuePutRpl@16
_SbieDll_QueueGetReq@24
_SbieDll_QueueCreate@8
SbieApi_Log
_SbieDll_KillOne@4
_SbieApi_QueryPathList@16
_SbieApi_QueryProcessInfo@8
_SbieApi_QueryProcessEx2@28
_SbieApi_QueryProcessPath@28
_SbieDll_PortName@0
_SbieDll_FormatMessage2@12
_SbieDll_GetServiceRegistryValue@12
_SbieApi_GetUnmountHive@4
_SbieApi_SetUserName@8
_SbieApi_EnumProcessEx@16
_SbieApi_GetHomePath@16
_SbieApi_GetMessage@24
_SbieApi_GetVersion@4
_SbieApi_CallOne@8
_SbieApi_CallZero@4
_SbieDll_RunSandboxed@24
_SbieApi_IsBoxEnabled@4
_SbieDll_IsOpenClsid@12
_SbieDll_ComCreateStub@16
_SbieDll_RunFromHome@16
_SbieApi_QueryProcess@20
SbieApi_LogEx
_SbieDll_FreeMem@4

ntdll

NtQueryInformationToken
NtClose
NtOpenFile
NtOpenKey
NtUnloadKey
NtCreatePort
NtRequestPort
NtReplyWaitReceivePort
RtlInitUnicodeString
RtlInitString
NtLoadDriver
NtAllocateVirtualMemory
RtlNtStatusToDosError
RtlSetDaclSecurityDescriptor
NtCreateFile
NtQueryDirectoryFile
NtDuplicateObject
NtOpenProcess
NtSetInformationProcess
NtOpenDirectoryObject
NtImpersonateClientOfPort
NtCompleteConnectPort
NtAcceptConnectPort
NtRequestWaitReplyPort
RtlUnwind
NtFilterToken
NtDuplicateToken
NtConnectPort
NtOpenThreadToken
NtOpenProcessToken
NtSetInformationThread
NtQueryInformationProcess
RtlCreateSecurityDescriptor
NtLoadKey
NtQuerySystemInformation
NtWriteFile
NtReadFile
NtSetInformationFile
NtQueryInformationFile

kernel32

LCMapStringW
GetFileType
GetACP
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
CloseHandle
GetLastError
HeapCreate
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateMutexW
OpenMutexW
CreateEventW
OpenEventW
Sleep
ExitProcess
TerminateProcess
CreateThread
GetCurrentThread
GetTickCount
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LocalFree
WaitForMultipleObjects
GetEnvironmentVariableW
SetCurrentDirectoryW
GetFullPathNameW
CreateFileW
SetFilePointer
WriteFile
DuplicateHandle
SetLastError
GetProcessTimes
GetCurrentProcess
SetThreadPriority
TerminateThread
OpenProcess
GetLocalTime
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtectEx
ReadProcessMemory
WriteProcessMemory
GetProcAddress
LoadResource
LockResource
SizeofResource
LocalAlloc
GetSystemWindowsDirectoryW
ResetEvent
GetCurrentProcessId
GetCurrentThreadId
ProcessIdToSessionId
IsProcessInJob
GetModuleHandleW
GlobalSize
LoadLibraryW
RegisterWaitForSingleObject
UnregisterWait
CreateJobObjectW
AssignProcessToJobObject
QueryInformationJobObject
SetInformationJobObject
AllocConsole
GetConsoleWindow
GetConsoleProcessList
OutputDebugStringW
RaiseException
InitializeCriticalSectionAndSpinCount
GetCommandLineW
GetSystemInfo
CancelIo
DefineDosDeviceW
OpenThread
TlsAlloc
TlsGetValue
TlsSetValue
ResumeThread
QueueUserWorkItem
GetExitCodeProcess
DeleteFileW
GetFileAttributesW
SetEndOfFile
SetFileAttributesW
HeapReAlloc
GetWindowsDirectoryW
CopyFileW
SuspendThread
CreateProcessW
GetModuleFileNameW
MulDiv
GetModuleHandleExW
GetStringTypeW
LoadLibraryExW
FreeLibrary
TlsFree
VirtualQuery
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
SetStdHandle
HeapSize
GetConsoleMode
FlushFileBuffers
FindClose
FindFirstFileExA
GetConsoleCP
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindResourceW
SetFilePointerEx
WriteConsoleW
GetPrivateProfileStringW
DecodePointer

user32

ShowWindow
RegisterClassExW
PackDDElParam
UserHandleGrantAccess
GetWindowInfo
MonitorFromWindow
ChangeDisplaySettingsExW
ChangeDisplaySettingsExA
GetIconInfo
GetWindow
GetWindowThreadProcessId
GetClassNameW
GetClassNameA
EnumThreadWindows
EnumWindows
GetShellWindow
FindWindowExW
FindWindowExA
FindWindowW
FindWindowA
EnumChildWindows
GetParent
GetDesktopWindow
GetClassLongW
GetClassLongA
GetWindowLongW
BeginPaint
MapWindowPoints
ScreenToClient
ClientToScreen
ClipCursor
SetCursorPos
GetWindowRect
GetClientRect
wsprintfW
GetMessageW
DispatchMessageW
SetTimer
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
CreateDesktopW
SetThreadDesktop
GetThreadDesktop
CreateWindowStationW
SetProcessWindowStation
GetProcessWindowStation
SendMessageA
SendMessageW
GetPropW
GetPropA
SetPropW
EndPaint
GetMonitorInfoW
GetWindowLongA
SendMessageTimeoutW
SendNotifyMessageA
SendNotifyMessageW
ReleaseDC
GetDC
SetForegroundWindow
IsWindowEnabled
IsWindowUnicode
KillTimer
EnumClipboardFormats
GetClipboardData
GetClipboardSequenceNumber
IsIconic
IsWindowVisible
SetWindowPos
DestroyWindow
IsWindow
CreateWindowExW
PostMessageA
PostMessageW
RegisterClassW
DefWindowProcW
IsZoomed

advapi32

InitializeSecurityDescriptor
GetTokenInformation
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
LookupAccountSidW
AdjustTokenPrivileges
OpenProcessToken
DuplicateTokenEx
OpenThreadToken
CreateProcessAsUserW
SetSecurityDescriptorDacl
SetTokenInformation
SetSecurityInfo
CloseServiceHandle
ControlService
EnumServicesStatusExW
OpenSCManagerW
OpenServiceW
StartServiceW
OpenEventLogW
ReportEventW
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
RevertToSelf
SetThreadToken
AddAccessAllowedAce
DuplicateToken
GetLengthSid
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
CryptAcquireContextW
GetSecurityInfo
AccessCheck
QueryServiceStatusEx
QueryServiceConfig2W
QueryServiceConfigW
EnumServicesStatusW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext

psapi

EnumProcessModules
GetModuleBaseNameW

ole32

CreateStreamOnHGlobal
CoInitializeEx
CoGetClassObject
CoMarshalInterface
CoUnmarshalInterface
CoInitializeSecurity
CoQueryProxyBlanket
CoSetProxyBlanket
CoCopyProxy
StringFromGUID2
CoTaskMemFree
CoGetObject
CoRegisterClassObject
CoRevokeClassObject
CoInitialize

crypt32

CryptProtectData
CryptUnprotectData

secur32

LsaDeregisterLogonProcess
LsaConnectUntrusted
LsaLookupAuthenticationPackage

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

gdi32

CreateCompatibleDC
GetDIBits
GetMetaFileBitsEx
GetEnhMetaFileBits
CreateFontW
CreateSolidBrush
GetDeviceCaps
SelectObject
SetBkColor
SetTextColor
TextOutW
DeleteDC

netapi32

NetUseAdd

wtsapi32

WTSQueryUserToken

rpcrt4

RpcStringFreeW
RpcMgmtEpEltInqBegin
RpcMgmtEpEltInqDone
RpcMgmtEpEltInqNextW
RpcBindingToStringBindingW

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LICENSE.TXT
Manifest0.txt
Manifest1.txt
.xml
Manifest2.txt
.xml
SandboxieBITS.exe
.exe windows:6 windows x64 arch:x64

6b71d7f79db3c857f06517742d556164

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SandboxieBITS.pdb

Imports

advapi32

SetThreadToken
OpenProcessToken
DuplicateTokenEx
LogonUserW
StartServiceCtrlDispatcherW

kernel32

CloseHandle
GetLastError
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
CreateEventW
GetCurrentProcess
GetCurrentProcessId
CreateThread
GetCurrentThreadId
GetModuleHandleW
GetProcAddress
LoadLibraryW
RaiseException
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapSize
GetStringTypeW
SetStdHandle
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
TerminateProcess
GetModuleHandleExW
GetACP
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
CreateFileW

user32

wsprintfW
MessageBoxW

ole32

CoImpersonateClient

wtsapi32

WTSQueryUserToken

sbiedll

SbieDll_Hook

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SandboxieCrypto.exe
.exe windows:6 windows x64 arch:x64

6162d7ab6bf5caea8505b89458f502d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SandboxieCrypto.pdb

Imports

sbiedll

SbieDll_Hook

kernel32

SetEvent
WaitForSingleObject
CreateMutexW
OpenMutexW
CreateEventW
OpenEventW
GetCurrentProcessId
CreateThread
GetCurrentThreadId
GetProcessHeap
TlsGetValue
TlsSetValue
GetModuleHandleW
GetProcAddress
LoadLibraryW
HeapFree
HeapAlloc
SetLastError
GetLastError
DuplicateHandle
CloseHandle
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
RaiseException
TlsAlloc
UnhandledExceptionFilter
HeapSize
GetStringTypeW
SetStdHandle
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
CreateFileW
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
GetACP
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW

advapi32

StartServiceCtrlDispatcherW
SetServiceStatus
GetTokenInformation
DuplicateToken
AccessCheckByType
OpenProcessToken
SetThreadToken

user32

MessageBoxW
wsprintfW

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlCaptureContext

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SandboxieDcomLaunch.exe
.exe windows:6 windows x64 arch:x64

cd0dee3ce8ebf27bf66607df49b16ad9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SandboxieDcomLaunch.pdb

Imports

sbiedll

SbieDll_StartBoxedService
SbieApi_QueryProcess
SbieApi_EnumProcessEx
SbieApi_OpenProcess
SbieDll_Hook
SbieDll_IsBoxedService

kernel32

WaitForSingleObject
CreateEventW
OpenEventW
GetCurrentProcessId
ExitProcess
CreateThread
GetCurrentThreadId
TlsAlloc
SetEvent
TlsSetValue
OpenProcess
GetVersionExW
CreateFileMappingW
GetModuleHandleW
GetProcAddress
LocalFree
LoadLibraryW
GetProcessHeap
HeapFree
HeapAlloc
SetLastError
GetLastError
CloseHandle
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
RaiseException
TlsGetValue
SetUnhandledExceptionFilter
HeapSize
GetStringTypeW
SetStdHandle
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
CreateFileW
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
GetACP
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW

advapi32

StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
QueryServiceStatusEx
QueryServiceStatus
OpenServiceW
ControlService
CloseServiceHandle
GetTokenInformation
DuplicateToken
AccessCheckByType
OpenProcessToken
SetThreadToken
ConvertSidToStringSidW

ntdll

RtlAdjustPrivilege
NtQueryInformationProcess

user32

MessageBoxW
wsprintfW

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SandboxieRpcSs.exe
.exe windows:6 windows x64 arch:x64

eeeb2fafcce3c4928f88f18ce7b28949

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SandboxieRpcSs.pdb

Imports

sbiedll

SbieApi_QueryProcessInfo
SbieDll_QueueCreate
SbieDll_QueueGetReq
SbieDll_QueuePutRpl
SbieDll_IsBoxedService
SbieDll_IsOpenCOM
SbieDll_CallServer
SbieDll_Hook
SbieApi_Log
SbieDll_ExpandAndRunProgram
SbieApi_QueryProcess
SbieApi_EnumProcessEx
SbieApi_OpenProcess
SbieApi_QueryConf
SbieDll_KillAll
SbieDll_StartBoxedService
SbieDll_FreeMem

ws2_32

bind
listen
gethostname
WSAStartup
WSASetLastError
WSASocketW
gethostbyname

advapi32

StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
QueryServiceStatusEx
QueryServiceStatus
OpenServiceW
ControlService
CloseServiceHandle
RegQueryValueExW
RegOpenKeyExW
GetTokenInformation
DuplicateToken
AccessCheckByType
OpenThreadToken
OpenProcessToken
SetThreadToken
ConvertSidToStringSidW

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
LCMapStringW
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
RaiseException
GetModuleHandleW
CloseHandle
HeapAlloc
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
GetProcessTimes
ExitProcess
CreateThread
OpenProcess
GetSystemTimeAsFileTime
RegisterWaitForSingleObject
GetLastError
SetLastError
HeapFree
CreateMutexW
OpenMutexW
OpenEventW
GetCurrentProcessId
GetCurrentThreadId
SetThreadPriority
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
GetVersionExW
CreateFileMappingW
GetProcAddress
LocalFree
LoadLibraryW
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateFileW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetFileType
GetACP
GetModuleHandleExW
TerminateProcess
QueryPerformanceCounter
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwindEx
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess

ntdll

NtMapViewOfSection
NtUnmapViewOfSection
NtYieldExecution
RtlAdjustPrivilege

user32

DispatchMessageW
DefWindowProcW
RegisterClassW
CreateWindowExW
GetWindowLongW
EnumWindows
GetWindowThreadProcessId
wsprintfW
MessageBoxW
GetMessageW

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SandboxieWUAU.exe
.exe windows:6 windows x64 arch:x64

064a17cde4775404badced095bed7097

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SandboxieWUAU.pdb

Imports

sbiedll

SbieApi_EnumProcessEx
SbieDll_Hook
SbieApi_QueryProcess

kernel32

GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
RaiseException
EnterCriticalSection
HeapReAlloc
HeapSize
GetStringTypeW
HeapFree
SetLastError
GetCurrentThreadId
GetVersionExW
GetLastError
CloseHandle
HeapAlloc
GetProcAddress
GetCurrentProcessId
GetProcessHeap
CreateProcessW
GetModuleHandleW
SetStdHandle
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
CreateFileW
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
GetACP
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlCaptureContext

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieCtrl.exe
.exe windows:6 windows x64 arch:x64

327164236dd80be8897658bb6de26244

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieCtrl.pdb

Imports

sbiedll

SbieDll_GetTokenElevationType
SbieDll_KillOne
SbieApi_QueryConf
SbieApi_ReloadConf
SbieApi_SessionLeader
SbieApi_GetHomePath
SbieApi_MonitorGetEx
SbieApi_MonitorControl
SbieApi_GetMessage
SbieApi_CallOne
SbieDll_GetStartError
SbieDll_StartSbieSvc
SbieApi_GetVersion
SbieApi_EnumProcessEx
SbieApi_QueryProcessInfo
SbieApi_QueryProcessEx
SbieDll_TranslateNtToDosPath
SbieDll_GetUserPathEx
SbieDll_GetDrivePath
SbieApi_GetFileName
SbieApi_QueryBoxPath
SbieDll_KillAll
SbieApi_DisableForceProcess
SbieApi_Log
SbieDll_RunFromHome
SbieDll_GetLanguage
SbieDll_FormatMessage2
SbieDll_FormatMessage1
SbieDll_FormatMessage0
SbieDll_FormatMessage
SbieDll_UpdateConf
SbieDll_FreeMem
SbieDll_CallServer
SbieApi_IsBoxEnabled
SbieApi_EnumBoxesEx
SbieDll_DeviceChange

ntdll

NtQueryFullAttributesFile
NtClose
NtCreateFile
NtQueryDirectoryFile
NtOpenDirectoryObject
NtQueryDirectoryObject
NtOpenKey
VerSetConditionMask
RtlPcToFileHeader
RtlUnwindEx
RtlInitUnicodeString

psapi

GetModuleFileNameExW

kernel32

lstrcpyW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExW
SystemTimeToTzSpecificLocalTime
VerifyVersionInfoW
GetTempFileNameW
GetTempPathW
GetProfileIntW
SearchPathW
WriteFile
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
LCMapStringW
GetStringTypeW
GetACP
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
ExitProcess
OutputDebugStringW
lstrcmpiW
GetCurrentProcess
DuplicateHandle
WriteConsoleW
SetEnvironmentVariableA
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
GetCurrentDirectoryW
FindResourceExW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
FileTimeToSystemTime
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetCurrentThread
GlobalGetAtomNameW
lstrcmpA
ResumeThread
SuspendThread
SetThreadPriority
SetEvent
VirtualProtect
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleExW
FreeResource
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
WideCharToMultiByte
SetLastError
OpenProcess
GetProcessTimes
WaitForMultipleObjects
CreateEventW
CopyFileW
GetModuleFileNameW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
DeleteFileW
GetDriveTypeW
CreateThread
ExpandEnvironmentStringsW
MoveFileW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
FindClose
CreateDirectoryW
FreeLibrary
GetSystemTimeAsFileTime
OpenEventW
WaitForSingleObject
ProcessIdToSessionId
OpenMutexW
CreateMutexW
GetShortPathNameW
SetCurrentDirectoryW
GetCommandLineW
GetSystemWindowsDirectoryW
GetVersionExW
GetCurrentProcessId
GlobalSize
ReadFile
GetFileSizeEx
CreateFileW
Sleep
MulDiv
GetWindowsDirectoryW
GetFileTime
LoadLibraryW
GetProcAddress
GetCurrentThreadId
MultiByteToWideChar
GetFileAttributesW
GetTickCount
FormatMessageW
LocalAlloc
CloseHandle
LocalFree
DeleteCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
HeapSize
HeapReAlloc
GetLastError
RaiseException
DecodePointer
FindResourceW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
GetModuleHandleW
GetProcessHeap
HeapFree
HeapAlloc
GetOEMCP

user32

GetWindowRgn
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
GetUpdateRect
GetDoubleClickTime
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
GetComboBoxInfo
UpdateLayeredWindow
DrawIcon
FrameRect
CopyIcon
SetCursorPos
IsZoomed
DrawFrameControl
DrawEdge
EnumDisplayMonitors
NotifyWinEvent
HideCaret
EnableScrollBar
MessageBeep
DrawFocusRect
GetNextDlgGroupItem
LockWindowUpdate
GetMenuDefaultItem
TrackMouseEvent
CharUpperW
SetParent
GetSystemMenu
UnionRect
SendDlgItemMessageA
CopyImage
RealChildWindowFromPoint
ShowOwnedPopups
ReuseDDElParam
UnpackDDElParam
SetRectEmpty
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
DestroyMenu
MapVirtualKeyW
GetKeyNameTextW
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
SendDlgItemMessageW
CheckDlgButton
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassLongPtrW
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetDC
ReleaseDC
SendMessageW
PostMessageW
DefWindowProcW
GetCapture
GetDlgItem
SetWindowPlacement
GetWindowPlacement
IsChild
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetMessageTime
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
GetLastActivePopup
IsWindowEnabled
IntersectRect
InflateRect
FillRect
RemoveMenu
GetMenuState
GetMenuStringW
EnumWindows
GetSysColorBrush
IsWindow
GetIconInfo
CreateIconIndirect
LoadImageW
MonitorFromRect
MonitorFromPoint
SetMenuDefaultItem
ModifyMenuW
AppendMenuW
InsertMenuW
GetMenuItemID
CreatePopupMenu
SetFocus
PostQuitMessage
UpdateWindow
LoadMenuW
GetActiveWindow
RegisterWindowMessageW
wsprintfW
IsRectEmpty
TabbedTextOutW
GrayStringW
DrawTextExW
SystemParametersInfoW
DrawStateW
DrawTextW
GetMenuItemRect
SetMenuItemInfoW
GetMenuItemInfoW
DeleteMenu
GetMenuItemCount
IsMenu
GetMessagePos
GetMessageW
DrawIconEx
FindWindowExW
SetForegroundWindow
GetDlgCtrlID
IsIconic
InvalidateRect
RegisterClassExW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
EnableWindow
GetClientRect
GetWindowRect
GetDesktopWindow
GetParent
GetClassNameW
LoadCursorW
UnregisterClassW
TranslateMessage
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
ScreenToClient
SetTimer
KillTimer
BeginPaint
EndPaint
GetSysColor
CopyRect
CharUpperBuffW
ShowWindow
FlashWindowEx
GetWindowLongW
EnumThreadWindows
CreateWindowExW
DestroyWindow
SetLayeredWindowAttributes
SetWindowPos
GetSystemMetrics
GetForegroundWindow
SetWindowRgn
GetCursorPos
WindowFromPoint
SetClassLongPtrW
FindWindowW
GetWindowThreadProcessId
LoadIconW
MonitorFromWindow
GetMonitorInfoW
GetTitleBarInfo
RegisterClipboardFormatW
GetWindow
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
GetFocus
GetKeyState
EnableMenuItem
GetSubMenu
ClientToScreen
DestroyIcon
CallWindowProcW
SetCapture
ReleaseCapture
GetWindowDC
SetCursor
InvertRect
SetRect
OffsetRect
PtInRect
SetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
EnumChildWindows
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
LoadBitmapW
DestroyCursor

gdi32

GetTextExtentPoint32W
GetStockObject
LPtoDP
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetDeviceCaps
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
PatBlt
DeleteDC
GetTextFaceW
SelectObject
GetViewportOrgEx
GetTextMetricsW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetBkColor
GetTextColor
CreateSolidBrush
DeleteObject
CreatePolygonRgn
CreateFontIndirectW
SetPixel
GetObjectW
CombineRgn
CreateEllipticRgn
CreateRectRgn
Ellipse
GetPixel
Rectangle
CreatePen
Escape
GetClipBox
GetCurrentObject
PtVisible
RectVisible
SetTextColor
Polyline
Polygon
SetDIBColorTable
CreateDIBSection
StretchBlt
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
DPtoLP
SetRectRgn
TextOutW
ExtTextOutW
CreatePatternBrush
CopyMetaFileW
CreateDCW
CreateBitmap
CreateHatchBrush
ExcludeClipRect
CreateRectRgnIndirect
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetObjectType
CreateRoundRectRgn

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetOpenFileNameW
ChooseColorW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

EnumServicesStatusW
OpenEventLogW
ReadEventLogW
GetUserNameW
RegCloseKey
RegEnumValueW
RegOpenKeyW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueW
RegEnumKeyW
OpenSCManagerW
CloseEventLog
CloseServiceHandle
RegNotifyChangeKeyValue
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetFileInfoW
ShellExecuteExW
Shell_NotifyIconW
DragQueryFileW
SHFileOperationW
SHAppBarMessage
SHGetDesktopFolder
DragAcceptFiles
SHGetSpecialFolderLocation
DragFinish
ExtractIconExW
SHGetFolderPathW
ord165
SHGetPathFromIDListW

comctl32

_TrackMouseEvent
ImageList_Draw
ImageList_GetIcon
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Remove
ImageList_GetIconSize
ImageList_GetImageInfo

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW

uxtheme

OpenThemeData
IsAppThemed
GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
DrawThemeText
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
GetThemePartSize
CloseThemeData
GetThemeColor

ole32

OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoDisconnectObject
CoCreateGuid
CoUninitialize
ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
OleDuplicateData
CoTaskMemAlloc
CoInitialize
CoCreateInstance
GetRunningObjectTable
CreateClassMoniker
CoTaskMemFree
CreateStreamOnHGlobal
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CoInitializeEx

oleaut32

VarBstrFromDate
VariantCopy
SysAllocString
SysFreeString
SysStringLen
SysAllocStringByteLen
SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
LoadTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime

gdiplus

GdipGetPropertyItemSize
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipLoadImageFromStream
GdipFree
GdipAlloc
GdiplusShutdown
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdiplusStartup

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 797KB - Virtual size: 797KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieDll.dll
.dll windows:6 windows x64 arch:x64

f0720de5fdc56f1106865beb1ce65e40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieDll.pdb

Imports

ntdll

RtlAddAccessAllowedAceEx
RtlCreateSecurityDescriptor
strstr
_strlwr
RtlCreateAcl
NtUnmapViewOfSection
NtCreateJobObject
NtAssignProcessToJobObject
NtSetInformationJobObject
NtAdjustPrivilegesToken
NtDuplicateObject
NtSetInformationToken
NtOpenProcess
RtlConvertSidToUnicodeString
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtSetSecurityObject
NtQuerySecurityObject
RtlNtStatusToDosError
NtQueryVirtualMemory
iswctype
NtProtectVirtualMemory
NtLoadDriver
LdrQueryImageFileExecutionOptions
LdrQueryProcessModuleInformation
LdrUnloadDll
LdrLoadDll
NtYieldExecution
_stricmp
tolower
NtNotifyChangeMultipleKeys
NtNotifyChangeKey
NtEnumerateValueKey
NtQueryMultipleValueKey
NtSaveKey
NtLoadKey
NtDeleteValueKey
NtDeleteKey
NtSetInformationKey
NtQueryKey
NtImpersonateAnonymousToken
NtImpersonateThread
NtDuplicateToken
NtQueryInformationToken
NtOpenThreadToken
NtOpenSection
NtCreateSection
NtOpenSemaphore
NtCreateSemaphore
NtOpenMutant
NtCreateMutant
NtOpenEvent
NtCreateEvent
NtImpersonateClientOfPort
NtSecureConnectPort
NtCreatePort
RtlUnicodeStringToAnsiString
NtOpenThread
NtQueryInformationThread
__chkstk
wcstoul
NtOpenProcessToken
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitString
NtQueryInformationProcess
strncmp
strchr
NtSetInformationThread
_wtoi
RtlGetFullPathName_U
RtlSetCurrentDirectory_U
RtlGetCurrentDirectory_U
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlCompareUnicodeString
NtQuerySystemInformation
NtSetInformationProcess
NtQueryVolumeInformationFile
NtCreateNamedPipeFile
NtCreateMailslotFile
NtFsControlFile
NtDeviceIoControlFile
NtWriteFile
NtReadFile
NtDeleteFile
NtSetInformationFile
NtQueryFullAttributesFile
NtQueryAttributesFile
NtQueryInformationFile
NtQueryDirectoryFile
NtOpenFile
NtCreateFile
NtOpenDirectoryObject
NtQueryObject
wcsncpy
wcstol
wcsrchr
__C_specific_handler
_wcslwr
memcmp
LdrGetProcedureAddress
NtSetValueKey
NtEnumerateKey
NtCreateKey
NtOpenKey
wcsstr
_wcsicmp
wcsncmp
_itow
NtQueryValueKey
wcschr
memmove
memset
memcpy
RtlInitUnicodeString
NtRequestWaitReplyPort
NtRegisterThreadTerminatePort
NtConnectPort
NtClose
towlower
NtMapViewOfSection
_wcsnicmp

kernel32

OpenThread
SetLocaleInfoW
SetLocaleInfoA
PostQueuedCompletionStatus
EnumResourceNamesW
SizeofResource
ReadFile
FormatMessageW
LoadLibraryExW
GetVersionExW
GetLongPathNameW
GetFullPathNameW
OpenMutexW
WinExec
CreateProcessA
TerminateProcess
QueueUserWorkItem
CreateFileA
GetProcessId
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetWindowsDirectoryW
CreateMutexW
ReleaseMutex
HeapDestroy
HeapCreate
ResumeThread
SetThreadPriority
GetExitCodeProcess
OpenEventW
DeleteCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
RaiseException
GlobalAddAtomW
UnmapViewOfFile
MapViewOfFileEx
GetThreadTimes
FindResourceW
FindResourceA
LockResource
LoadResource
GlobalUnlock
GlobalLock
GlobalSize
GetConsoleWindow
AllocConsole
SetConsoleTitleW
SetConsoleTitleA
GetConsoleTitleW
GetConsoleTitleA
WaitForMultipleObjects
GetStartupInfoW
CreateThread
GetCurrentThreadId
WideCharToMultiByte
GetSystemInfo
OpenProcess
GetCurrentProcess
Sleep
GetSystemWindowsDirectoryW
ReplaceFileW
MoveFileWithProgressW
MoveFileExW
GetPrivateProfileStringW
GetTickCount
GetCurrentThread
QueueUserAPC
TryEnterCriticalSection
GetFileAttributesW
DeleteFileW
CreateFileW
CreateDirectoryW
GetEnvironmentVariableW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleA
VirtualFree
GetCurrentProcessId
SetEvent
InitializeCriticalSection
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
VirtualProtect
CreateProcessW
ExitProcess
SetEnvironmentVariableW
GetCommandLineW
WaitForSingleObject
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
GetModuleHandleW
FreeLibrary
OutputDebugStringW
ExpandEnvironmentStringsW
CreateEventW
CloseHandle
GlobalFree
GlobalAlloc
GetProcAddress
SetLastError
GetLastError
LoadLibraryW

psapi

GetModuleInformation

Exports

Exports

SbieApi_CallOne
SbieApi_CallThree
SbieApi_CallTwo
SbieApi_CallZero
SbieApi_CheckInternetAccess
SbieApi_DisableForceProcess
SbieApi_EnumBoxes
SbieApi_EnumBoxesEx
SbieApi_EnumProcessEx
SbieApi_GetFileName
SbieApi_GetHomePath
SbieApi_GetMessage
SbieApi_GetUnmountHive
SbieApi_GetVersion
SbieApi_HookTramp
SbieApi_IsBoxEnabled
SbieApi_Log
SbieApi_LogEx
SbieApi_MonitorControl
SbieApi_MonitorGet
SbieApi_MonitorGetEx
SbieApi_MonitorPut
SbieApi_MonitorPut2
SbieApi_OpenProcess
SbieApi_QueryBoxPath
SbieApi_QueryConf
SbieApi_QueryConfBool
SbieApi_QueryPathList
SbieApi_QueryProcess
SbieApi_QueryProcessEx
SbieApi_QueryProcessEx2
SbieApi_QueryProcessInfo
SbieApi_QueryProcessPath
SbieApi_ReloadConf
SbieApi_SessionLeader
SbieApi_SetUserName
SbieApi_vLogEx
SbieDll_AssocQueryCommand
SbieDll_AssocQueryProgram
SbieDll_CallServer
SbieDll_ComCreateProxy
SbieDll_ComCreateStub
SbieDll_DeviceChange
SbieDll_DisableElevationHook
SbieDll_ExpandAndRunProgram
SbieDll_FormatMessage
SbieDll_FormatMessage0
SbieDll_FormatMessage1
SbieDll_FormatMessage2
SbieDll_FreeMem
SbieDll_GetDrivePath
SbieDll_GetHandlePath
SbieDll_GetLanguage
SbieDll_GetServiceRegistryValue
SbieDll_GetStartError
SbieDll_GetTokenElevationType
SbieDll_GetUserPathEx
SbieDll_Hook
SbieDll_InitPStore
SbieDll_IsBoxedService
SbieDll_IsDirectory
SbieDll_IsOpenCOM
SbieDll_IsOpenClsid
SbieDll_KillAll
SbieDll_KillOne
SbieDll_PortName
SbieDll_QueueCreate
SbieDll_QueueGetReq
SbieDll_QueueGetRpl
SbieDll_QueuePutReq
SbieDll_QueuePutRpl
SbieDll_RegisterDllCallback
SbieDll_RunFromHome
SbieDll_RunSandboxed
SbieDll_StartBoxedService
SbieDll_StartCOM
SbieDll_StartSbieSvc
SbieDll_TranslateNtToDosPath
SbieDll_UpdateConf
Sbie_sprintf
Sbie_swprintf

Sections

.text
Size: 439KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieDrv.sys.rc4
SbieIni.exe
.exe windows:6 windows x64 arch:x64

2632883fcd6c2213476c1ec3a069a17f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieIni.pdb

Imports

sbiedll

SbieDll_UpdateConf
SbieApi_QueryConf
SbieDll_TranslateNtToDosPath
SbieApi_EnumBoxesEx
SbieApi_IsBoxEnabled

kernel32

WideCharToMultiByte
CreateFileW
WriteConsoleW
SetFilePointerEx
HeapReAlloc
HeapSize
GetCommandLineW
HeapAlloc
GetProcessHeap
ExitProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
RaiseException
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
GetCommandLineA
GetACP
HeapFree
CompareStringW
LCMapStringW
GetFileType
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieMsg.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieMsg.pdb

Sections

.rdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SbieSvc.exe
.exe windows:6 windows x64 arch:x64

84e14501b027156a26cbcf49dcfe42d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieSvc.pdb

Imports

sbiedll

SbieDll_FormatMessage0
SbieDll_GetLanguage
SbieApi_OpenProcess
SbieApi_ReloadConf
SbieApi_SessionLeader
SbieApi_CallTwo
SbieApi_QueryConfBool
SbieApi_CheckInternetAccess
SbieApi_QueryConf
SbieDll_QueuePutRpl
SbieDll_QueueGetReq
SbieDll_QueueCreate
SbieApi_Log
SbieDll_KillOne
SbieApi_QueryPathList
SbieApi_QueryProcessInfo
SbieApi_QueryProcessEx2
SbieApi_QueryProcessPath
SbieDll_PortName
SbieDll_FormatMessage2
SbieDll_GetServiceRegistryValue
SbieApi_GetUnmountHive
SbieApi_SetUserName
SbieApi_EnumProcessEx
SbieApi_GetHomePath
SbieApi_GetMessage
SbieApi_GetVersion
SbieApi_CallOne
SbieApi_CallZero
SbieDll_RunSandboxed
SbieApi_IsBoxEnabled
SbieDll_IsOpenClsid
SbieDll_ComCreateStub
SbieDll_RunFromHome
SbieApi_QueryProcess
SbieApi_LogEx
SbieDll_FreeMem

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
NtClose
NtOpenFile
NtOpenKey
NtUnloadKey
NtCreatePort
NtRequestPort
NtReplyWaitReceivePort
RtlInitUnicodeString
NtLoadDriver
NtAllocateVirtualMemory
RtlNtStatusToDosError
RtlSetDaclSecurityDescriptor
NtCreateFile
NtQueryDirectoryFile
NtQueryInformationFile
NtDuplicateObject
NtOpenProcess
NtSetInformationProcess
NtOpenDirectoryObject
NtImpersonateClientOfPort
NtCompleteConnectPort
NtSetInformationFile
NtRequestWaitReplyPort
NtConnectPort
NtFilterToken
NtDuplicateToken
NtQueryInformationToken
NtOpenThreadToken
NtOpenProcessToken
NtSetInformationThread
NtQueryInformationProcess
RtlCreateSecurityDescriptor
NtLoadKey
NtQuerySystemInformation
NtQueryKey
NtWriteFile
NtReadFile
NtAcceptConnectPort

kernel32

GetFileType
GetACP
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
GetModuleHandleExW
CloseHandle
GetLastError
HeapCreate
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateMutexW
OpenMutexW
CreateEventW
OpenEventW
Sleep
ExitProcess
TerminateProcess
CreateThread
GetCurrentThread
OpenProcess
GetTickCount
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LocalFree
WaitForMultipleObjects
GetEnvironmentVariableW
SetCurrentDirectoryW
FreeEnvironmentStringsW
GetPrivateProfileStringW
CreateFileW
SetFilePointer
WriteFile
DuplicateHandle
SetLastError
GetProcessTimes
GetCurrentProcess
SetThreadPriority
TerminateThread
GetLocalTime
GetVersionExW
VirtualAlloc
VirtualFree
VirtualAllocEx
VirtualProtectEx
ReadProcessMemory
WriteProcessMemory
GetModuleHandleA
LoadResource
LockResource
SizeofResource
FindResourceW
GetSystemWindowsDirectoryW
ResetEvent
GetCurrentProcessId
GetCurrentThreadId
ProcessIdToSessionId
IsProcessInJob
GetModuleHandleW
GlobalSize
LoadLibraryW
RegisterWaitForSingleObject
UnregisterWait
CreateJobObjectW
AssignProcessToJobObject
QueryInformationJobObject
SetInformationJobObject
AllocConsole
GetConsoleWindow
GetConsoleProcessList
OutputDebugStringW
RaiseException
InitializeCriticalSectionAndSpinCount
GetCommandLineW
GetSystemInfo
CancelIo
DefineDosDeviceW
OpenThread
TlsAlloc
TlsGetValue
TlsSetValue
ResumeThread
QueueUserWorkItem
GetExitCodeProcess
DeleteFileW
GetFileAttributesW
SetEndOfFile
SetFileAttributesW
HeapReAlloc
GetWindowsDirectoryW
CopyFileW
SuspendThread
CreateProcessW
GetModuleFileNameW
MulDiv
GetStringTypeW
LoadLibraryExW
FreeLibrary
TlsFree
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
SetStdHandle
HeapSize
LCMapStringW
FindClose
FindFirstFileExA
GetConsoleMode
FindNextFileA
IsValidCodePage
GetCPInfo
GetOEMCP
GetCommandLineA
LocalAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetConsoleCP
SetFilePointerEx
GetFullPathNameW
WriteConsoleW

user32

GetMonitorInfoW
EndPaint
BeginPaint
ShowWindow
RegisterClassExW
PackDDElParam
UserHandleGrantAccess
GetWindowInfo
MonitorFromWindow
ChangeDisplaySettingsExW
ChangeDisplaySettingsExA
GetIconInfo
GetWindow
GetWindowThreadProcessId
GetClassNameW
GetClassNameA
EnumThreadWindows
EnumWindows
GetShellWindow
FindWindowExW
FindWindowExA
FindWindowW
FindWindowA
EnumChildWindows
GetParent
GetDesktopWindow
GetClassLongPtrW
GetClassLongPtrA
GetClassLongW
GetClassLongA
GetWindowLongPtrW
GetWindowLongPtrA
GetWindowLongW
GetWindowLongA
MapWindowPoints
ScreenToClient
ClientToScreen
ClipCursor
SetCursorPos
GetWindowRect
GetClientRect
GetPropW
GetPropA
wsprintfW
GetMessageW
DispatchMessageW
SetTimer
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
CreateDesktopW
SetThreadDesktop
GetThreadDesktop
CreateWindowStationW
SetProcessWindowStation
GetProcessWindowStation
SendMessageA
SendMessageW
SetPropW
ReleaseDC
GetDC
SendMessageTimeoutW
SendNotifyMessageA
SendNotifyMessageW
SetForegroundWindow
IsWindowEnabled
IsWindowUnicode
KillTimer
EnumClipboardFormats
GetClipboardData
IsZoomed
IsIconic
IsWindowVisible
SetWindowPos
DestroyWindow
IsWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
PostMessageA
PostMessageW
GetClipboardSequenceNumber

advapi32

ConvertStringSidToSidW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
LookupAccountSidW
AdjustTokenPrivileges
OpenProcessToken
DuplicateTokenEx
OpenThreadToken
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenUserClassesRoot
RegOpenCurrentUser
GetSecurityDescriptorSacl
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetTokenInformation
SetSecurityInfo
CloseServiceHandle
ControlService
EnumServicesStatusExW
OpenSCManagerW
OpenServiceW
StartServiceW
OpenEventLogW
ReportEventW
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
RevertToSelf
SetThreadToken
AddAccessAllowedAce
DuplicateToken
GetLengthSid
AllocateAndInitializeSid
CheckTokenMembership
AccessCheck
QueryServiceStatusEx
QueryServiceConfig2W
QueryServiceConfigW
EnumServicesStatusW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
FreeSid
GetSecurityInfo

psapi

EnumProcessModules
GetModuleBaseNameW

ole32

CreateStreamOnHGlobal
CoInitializeEx
CoGetClassObject
CoMarshalInterface
CoUnmarshalInterface
CoInitializeSecurity
CoQueryProxyBlanket
CoSetProxyBlanket
CoCopyProxy
StringFromGUID2
CoTaskMemFree
CoGetObject
CoRegisterClassObject
CoRevokeClassObject
CoInitialize

crypt32

CryptProtectData
CryptUnprotectData

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

gdi32

CreateCompatibleDC
GetDIBits
GetMetaFileBitsEx
GetEnhMetaFileBits
CreateFontW
CreateSolidBrush
GetDeviceCaps
SelectObject
SetBkColor
SetTextColor
TextOutW
DeleteDC

netapi32

NetUseAdd

wtsapi32

WTSQueryUserToken

rpcrt4

RpcStringFreeW
RpcMgmtEpEltInqBegin
RpcMgmtEpEltInqDone
RpcMgmtEpEltInqNextW
RpcBindingToStringBindingW

Sections

.text
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SboxHostDll.dll
.dll windows:6 windows x64 arch:x64

68896ca8adf90da4b445a788587b75c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SboxHostDll.pdb

Imports

sbiedll

SbieDll_Hook
SbieApi_QueryProcessInfo

psapi

EnumProcesses

kernel32

GetModuleHandleW
CreateMutexW
CloseHandle
GetProcessId
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
lstrcmpiW
GetModuleFileNameW
OpenProcess
GetProcAddress
InitializeCriticalSectionAndSpinCount
RaiseException
DeleteCriticalSection
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
GetConsoleMode
GetConsoleCP
SetFilePointerEx
WriteConsoleW
LocalFree
TlsAlloc
FlushFileBuffers
WriteFile
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
EncodePointer
CreateFileW
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwindEx
InterlockedFlushSList
SetLastError
GetCurrentProcess
TerminateProcess
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle

advapi32

GetTokenInformation
IsValidSid
GetLengthSid
CopySid
ConvertSidToStringSidW

userenv

UnloadUserProfile

Exports

Exports

InjectDllMain

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Start.exe
.exe windows:6 windows x64 arch:x64

50771a4e24d4aafea3e777bd4d648c9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\Sandboxie\Sandboxie\Bin\x64\SbieRelease\Start.pdb

Imports

ntdll

NtCreateFile
VerSetConditionMask
NtQueryInformationFile
NtSetInformationFile
RtlInitUnicodeString
RtlNtStatusToDosError
NtOpenKey
RtlVirtualUnwind
NtTerminateProcess
NtTerminateThread
RtlUnwindEx
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlCaptureContext
NtClose

user32

GetSystemMenu
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
DrawIcon
UnionRect
UpdateLayeredWindow
MonitorFromPoint
LoadAcceleratorsW
TranslateAcceleratorW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
GetWindowRgn
DestroyCursor
IsZoomed
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetParent
SetWindowRgn
SetClassLongPtrW
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadMenuW
GetKeyNameTextW
MapVirtualKeyW
GetMenuDefaultItem
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
MessageBeep
GetIconInfo
IsRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
KillTimer
SetTimer
SetCursor
ShowOwnedPopups
InvalidateRect
TrackMouseEvent
IntersectRect
MapDialogRect
GetNextDlgTabItem
CreateDialogIndirectParamW
PostQuitMessage
OffsetRect
SetRectEmpty
SendDlgItemMessageA
CopyImage
SystemParametersInfoW
InflateRect
GetMenuItemInfoW
FillRect
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RealChildWindowFromPoint
CharUpperW
IsDialogMessageW
CheckDlgButton
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetWindow
GetTopWindow
GetClassNameW
GetClassLongPtrW
PtInRect
EqualRect
CopyRect
AdjustWindowRectEx
RemovePropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
EndPaint
BeginPaint
GetForegroundWindow
SetActiveWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
IsWindow
GetClassInfoExW
GetClassInfoW
PostMessageW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
GetWindowTextLengthW
LoadCursorW
GetSysColor
ReleaseDC
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
GetLastActivePopup
GetWindowThreadProcessId
GetParent
AllowSetForegroundWindow
GetAsyncKeyState
PostThreadMessageW
GetMessageW
SetWindowLongW
GetWindowLongW
MapWindowPoints
GetWindowTextW
IsWindowEnabled
MoveWindow
DrawIconEx
GetSysColorBrush
GetDC
SetForegroundWindow
InsertMenuItemW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
GetMenuItemCount
DestroyMenu
CreatePopupMenu
CreateMenu
RegisterClassW
DefWindowProcW
DestroyIcon
ExitWindowsEx
wsprintfW
LoadImageW
GetDesktopWindow
SetWindowLongPtrW
GetWindowLongPtrW
ScreenToClient
ClientToScreen
MessageBoxW
GetWindowRect
GetClientRect
SetWindowTextW
GetPropW
SetPropW
GetSystemMetrics
EnableWindow
SetFocus
SendDlgItemMessageW
SetDlgItemTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
DialogBoxParamW
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
CallWindowProcW
SendMessageW
UnhookWindowsHookEx
DeleteMenu
LoadBitmapW

shell32

ExtractAssociatedIconW
ExtractIconW
ExtractIconExW
SHGetFolderPathW
SHBindToParent
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
DragFinish
SHBrowseForFolderW
SHAppBarMessage

shlwapi

AssocQueryStringW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathRemoveFileSpecW
StrFormatKBSizeW
SHAutoComplete

kernel32

IsValidCodePage
GetOEMCP
GetCPInfo
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
GetModuleHandleExW
GetFileType
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
InitializeCriticalSection
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
LocalAlloc
LocalReAlloc
GlobalSize
MulDiv
CopyFileW
SetEvent
SetThreadPriority
ResumeThread
lstrcmpA
GlobalGetAtomNameW
FileTimeToSystemTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetACP
MultiByteToWideChar
GetStringTypeW
IsProcessorFeaturePresent
GetSystemDirectoryW
FreeResource
GetFileAttributesExW
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
DeleteCriticalSection
HeapSize
RaiseException
DecodePointer
LoadLibraryW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
GetFileSize
GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
DuplicateHandle
lstrcmpiW
GetUserDefaultUILanguage
GlobalFlags
VirtualProtect
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
lstrcpyW
FindResourceExW
GetWindowsDirectoryW
VerifyVersionInfoW
GetTempFileNameW
GetTempPathW
GetTickCount
GetProfileIntW
SearchPathW
FormatMessageW
GetProcAddress
GetVersionExW
GetCurrentThreadId
GetLastError
WriteFile
GetCurrentDirectoryW
SetCurrentDirectoryW
GetCommandLineW
GetStdHandle
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
HeapReAlloc
GetLogicalDrives
CreateFileW
GetSystemWindowsDirectoryW
GetFullPathNameW
GetFileAttributesW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetModuleFileNameW
GetSystemTimeAsFileTime
ProcessIdToSessionId
CreateProcessW
GetExitCodeProcess
ExitProcess
Sleep
LCMapStringW
CompareStringW
InitializeCriticalSectionAndSpinCount
CreateEventW
WaitForSingleObject
HeapDestroy
ResetEvent
QueryPerformanceCounter
InitializeSListHead
ExitThread
FreeLibraryAndExitThread
HeapQueryInformation
GetCommandLineA
GetSystemInfo
VirtualAlloc
VirtualQuery
QueryPerformanceFrequency
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcessId
GetStartupInfoW
GetModuleHandleW
LocalFree
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
RemoveDirectoryW
CloseHandle
SetLastError
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindNextFileA
FindFirstFileExA
HeapCreate
GetTimeZoneInformation
GetModuleFileNameA

gdi32

CombineRgn
GetTextExtentPoint32W
CreateFontIndirectW
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetTextMetricsW
GetClipBox
ExcludeClipRect
Escape
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreatePatternBrush
CreatePen
CreateHatchBrush
BitBlt
DeleteObject
GetObjectW
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps
CreateDCW
CopyMetaFileW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
SetRectRgn
CreateRectRgn
DPtoLP
EnumFontFamiliesExW
GetTextFaceW
SelectObject
PatBlt
CreateCompatibleDC
CreateCompatibleBitmap

sbiedll

SbieApi_QueryProcessInfo
SbieDll_GetHandlePath
SbieDll_IsDirectory
SbieDll_FormatMessage1
SbieDll_TranslateNtToDosPath
SbieApi_EnumBoxes
SbieApi_EnumProcessEx
SbieApi_QueryBoxPath
SbieDll_FreeMem
SbieApi_QueryConfBool
SbieApi_QueryConf
SbieApi_QueryProcess
SbieDll_InitPStore
SbieApi_GetHomePath
SbieApi_DisableForceProcess
SbieApi_ReloadConf
SbieApi_IsBoxEnabled
SbieDll_StartSbieSvc
SbieDll_GetStartError
SbieDll_GetTokenElevationType
SbieDll_FormatMessage
SbieDll_RunSandboxed
SbieDll_CallServer
SbieDll_StartCOM
SbieDll_RunFromHome
SbieApi_EnumBoxesEx
SbieDll_GetLanguage
SbieDll_FormatMessage0
SbieDll_KillAll

ole32

OleDuplicateData
ReleaseStgMedium
CoDisconnectObject
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoInitialize

advapi32

RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegEnumValueW

comctl32

InitCommonControlsEx

comdlg32

GetOpenFileNameW

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

uxtheme

DrawThemeBackground
GetThemePartSize
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemeColor
GetCurrentThemeName
GetWindowTheme
IsAppThemed

oleaut32

SysAllocStringLen
SysStringLen
LoadTypeLi
SysFreeString
SysAllocString
VariantInit
VarBstrFromDate
VariantChangeType
VariantCopy
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipDisposeImage

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 620KB - Virtual size: 619KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Templates.ini

Sharing

General

Malware Config

Signatures

Files

ab6770b0a8635b9d92a5838920cfe770

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 108KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 29KB - Virtual size: 28KB

738dc9bb91549f627cf1953c2000e1d6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

b8b599595af087487fcb027000b05c56

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

psapi

sbiedll

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 109KB - Virtual size: 109KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 160B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

4e5f0ae8071ae04cdb537283701198ff

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 320B

f0720de5fdc56f1106865beb1ce65e40

Headers

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 108KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 29KB - Virtual size: 28KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 109KB - Virtual size: 109KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 160B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 320B

.text
Size: 439KB - Virtual size: 439KB

.rdata
Size: 110KB - Virtual size: 110KB

.data
Size: 7KB - Virtual size: 15KB

.pdata
Size: 24KB - Virtual size: 24KB

.idata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 276B

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 512B - Virtual size: 510B

.text
Size: 444KB - Virtual size: 443KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 74KB - Virtual size: 79KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 25KB - Virtual size: 24KB