asyncrat | ArrowRAT[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

ArrowRAT.rar
Size

34.6MB
MD5

eabb480bc40017b545600709d18994db
SHA1

4fa85af4297d27f3a0752f29e4a2499307b172dd
SHA256

6e73250921bd8406903b402610fd6a2ce3cf87cfbf69b4d5097c4af00468687e
SHA512

8e3b9cbfaa82bca31e00db9450479a05f87d62b49bbb560c267c7cd41c3e11f0f6fd68c0f61242e28253cc76d552078e7c704af7582d1515b73e6fc471dffadb
SSDEEP

786432:z6ia1AlOHfMfiJG2cCqa3BVCCpBmVhUatvgjmORZiqqMNJ:OiWtGCG2z3BVCCpkV/h7rqqGJ

Score

10^/10

themida rat system 32 asyncrat

Malware Config

Extracted

Family

asyncrat

Version

VenomRAT_HVNC 5.0.4

Botnet

System 32

127.0.0.1:2322

127.0.0.1:14846

8.tcp.ngrok.io:2322

8.tcp.ngrok.io:14846

Mutex

g12l0zuGx

Attributes

delay
3
install
true
install_file
System 32.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack002/System.exe	family_asyncrat

Asyncrat family
asyncrat

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack002/ArrowRAT.exe	themida

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7z.dll
unpack001/7z.exe
unpack001/ArrowRAT.exe
unpack002/ArrowRAT.exe
unpack002/System.exe
unpack001/SHELL32.DLL

NSIS installer 3 IoCs

installer

resource	yara_rule
sample	nsis_installer_2
static1/unpack001/ArrowRAT.exe	nsis_installer_1
static1/unpack001/ArrowRAT.exe	nsis_installer_2

Files

ArrowRAT.rar
.rar
7z.dll
.dll windows:4 windows x64 arch:x64

bf0f23560274fe8e79ae2e632566ae8c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleaut32

SysStringLen
VariantClear
VariantCopy
SysAllocString
SysAllocStringByteLen
SysFreeString
SysAllocStringLen

user32

CharUpperW
CharPrevExA

msvcrt

memset
realloc
free
malloc
__CxxFrameHandler
strlen
strcpy
_CxxThrowException
wcscmp
strcmp
memmove
memcpy
memcmp
_purecall
strchr
__C_specific_handler
_beginthreadex
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
strstr

kernel32

GetProcAddress
Sleep
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
VirtualFree
VirtualAlloc
QueryPerformanceCounter
FileTimeToLocalFileTime
DeleteCriticalSection
LocalFileTimeToFileTime
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GetSystemInfo
CompareFileTime
WriteFile
ReadFile
GetFileAttributesW
GetModuleHandleA
FindFirstFileW
FindClose
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
CreateFileW
SetFileAttributesW
GetModuleHandleW
CreateDirectoryW
DeleteFileW
GetTempPathW
SetLastError
GetCurrentProcessId
GetTickCount
GetCurrentThreadId

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7z.exe
.exe windows:4 windows x64 arch:x64

06ccda30750899d24ec1383d46a36e65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysStringLen
VariantClear
VariantCopy
SysAllocString
SysStringByteLen
SysFreeString
SysAllocStringLen

user32

CharUpperW

advapi32

OpenProcessToken
GetFileSecurityW
SetFileSecurityW
RegOpenKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey

msvcrt

_exit
_c_exit
_XcptFilter
_onexit
__dllonexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__C_specific_handler
_beginthreadex
_isatty
_purecall
strlen
memcmp
memset
wcsstr
_cexit
wcscmp
strcmp
memmove
fflush
fputc
fputs
_iob
fgetc
fclose
free
_CxxThrowException
malloc
__CxxFrameHandler
memcpy
__initenv
exit
__getmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type

kernel32

VirtualAlloc
VirtualFree
WaitForSingleObject
SetEvent
InitializeCriticalSection
LocalFree
GetConsoleMode
SetConsoleMode
SetFileApisToOEM
GetCommandLineW
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
FileTimeToLocalFileTime
GetProcessTimes
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetProcessAffinityMask
OpenEventW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToDosDateTime
GlobalMemoryStatusEx
GetSystemInfo
FileTimeToSystemTime
CompareFileTime
GetCurrentProcess
GetDiskFreeSpaceW
GetFileInformationByHandle
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
DeviceIoControl
GetLogicalDriveStringsW
GetFileAttributesW
GetModuleHandleA
FindNextFileW
FindFirstFileW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
FormatMessageW
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
SetLastError
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose

Sections

.text
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ArrowRAT.exe
.exe windows:4 windows x86 arch:x86

29b61e5a552b3a9bc00953de1c93be41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CompareFileTime
SearchPathA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
CreateDirectoryA
lstrcmpiA
GetCommandLineA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
LoadLibraryA
SetFileTime
CloseHandle
GlobalFree
lstrcmpA
ExpandEnvironmentStringsA
GetExitCodeProcess
GlobalAlloc
WaitForSingleObject
GetWindowsDirectoryA
GetTempPathA
GetProcAddress
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
ReadFile
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
MulDiv
LoadLibraryExA
GetModuleHandleA
MultiByteToWideChar
FreeLibrary

user32

GetWindowRect
EnableMenuItem
GetSystemMenu
ScreenToClient
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetForegroundWindow
PostQuitMessage
RegisterClassA
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
OpenClipboard
TrackPopupMenu
SendMessageTimeoutA
GetDC
LoadImageA
GetDlgItem
FindWindowExA
IsWindow
SetClipboardData
SetWindowLongA
EmptyClipboard
SetTimer
CreateDialogParamA
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_Destroy
ord17
ImageList_AddMasked

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ArrowRAT.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 17.6MB - Virtual size: 18.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 143KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 17.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 10.1MB - Virtual size: 10.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
System.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ArrowRAT.exe.config
READ.ME..txt
SHELL32.DLL
.dll regsvr32 windows:10 windows x64 arch:x64

4c6a425b69ad3e18ace611520e54e884

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

shell32.pdb

Imports

msvcrt

wcsspn
_wcstoui64
difftime
time
isdigit
ceil
wcsncpy_s
expf
floor
floorf
log
logf
memcmp
memcpy
memmove
memset
pow
sqrt
ceilf
calloc
sqrtf
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
_initterm
_amsg_exit
_XcptFilter
bsearch
toupper
_wcsupr
qsort
iswalpha
_ui64tow_s
rand
srand
_vsnprintf
malloc
wcstoul
_itow
swscanf_s
wcstol
wcscat_s
wcscpy_s
wcsrchr
_resetstkoflw
realloc
wcstok_s
wcscspn
wcspbrk
isalpha
wcsncmp
strncpy_s
strchr
sprintf_s
_wcsnicmp
memmove_s
_vsnprintf_s
_get_errno
_set_errno
memcpy_s
_strnicmp
_wcsicmp
wcschr
wcsstr
_vsnwprintf
_wtoi
__C_specific_handler
free
wcscmp

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalReAlloc
LocalFree
LocalAlloc
GlobalFree

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegGetKeySecurity
RegQueryValueExA
RegQueryValueExW
RegQueryInfoKeyW
RegGetValueW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenCurrentUser
RegOpenKeyExA
RegCloseKey
RegOpenKeyExW
RegNotifyChangeKeyValue
RegDeleteKeyExW
RegQueryInfoKeyA

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
GetModuleFileNameW
GetModuleFileNameA
LoadResource
LoadLibraryExA
DisableThreadLibraryCalls
SizeofResource
LockResource
FindStringOrdinal
FreeResource
FreeLibrary
GetModuleHandleExW
LoadStringW
GetModuleHandleW
LoadLibraryExW
EnumResourceNamesExW
GetProcAddress
LoadStringA

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GlobalMemoryStatusEx
GetTickCount
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetTickCount64
GetVersionExW
GetLocalTime
GetWindowsDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
VirtualQuery
VirtualAlloc
VirtualProtect
CreateFileMappingW
VirtualFree

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceW
SetFilePointer
GetDiskFreeSpaceExW
GetFinalPathNameByHandleW
SetFileTime
CompareFileTime
FindVolumeClose
FindClose
FindNextFileW
FindFirstFileW
FileTimeToLocalFileTime
GetFileAttributesExW
GetVolumePathNameW
SetFileInformationByHandle
GetLogicalDrives
SetFilePointerEx
CreateDirectoryW
DeleteFileW
FlushFileBuffers
LocalFileTimeToFileTime
GetFileAttributesW
CreateFileW
GetFileSizeEx
SetFileAttributesW
GetDriveTypeW
RemoveDirectoryW
WriteFile
QueryDosDeviceW
GetTempFileNameW
FindFirstFileExW
SetEndOfFile
GetFileInformationByHandle
DefineDosDeviceW
FindFirstVolumeW
ReadFile
GetFileSize
FindNextVolumeW
GetLongPathNameW
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringOrdinal
WideCharToMultiByte
GetStringTypeExW
CompareStringEx
MultiByteToWideChar
CompareStringW

api-ms-win-core-synch-l1-1-0

SetEvent
EnterCriticalSection
CreateMutexExW
OpenEventW
ReleaseSRWLockShared
LeaveCriticalSection
OpenMutexW
InitializeCriticalSectionEx
TryEnterCriticalSection
CreateSemaphoreExW
WaitForSingleObjectEx
CreateMutexW
CreateWaitableTimerExW
CreateEventExW
InitializeSRWLock
InitializeCriticalSection
OpenSemaphoreW
AcquireSRWLockShared
SetWaitableTimer
DeleteCriticalSection
TryAcquireSRWLockShared
CreateEventW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSemaphore
WaitForSingleObject
TryAcquireSRWLockExclusive
ResetEvent
WaitForMultipleObjectsEx
ReleaseMutex

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetErrorMode
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TlsSetValue
SetThreadPriority
GetThreadPriority
TerminateProcess
TlsGetValue
CreateThread
TlsFree
GetProcessId
SetThreadToken
OpenProcessToken
OpenThread
CreateProcessW
TlsAlloc
GetExitCodeThread
GetCurrentThreadId
ResumeThread
GetCurrentThread
TerminateThread
SetPriorityClass
OpenThreadToken
GetThreadId
ProcessIdToSessionId
GetExitCodeProcess
GetCurrentProcessId
CreateProcessAsUserW
ExitProcess

api-ms-win-core-string-l2-1-0

CharUpperW
IsCharAlphaW
CharNextW
CharPrevW
CharUpperBuffW
CharLowerW
CharLowerBuffW

api-ms-win-core-file-l2-1-0

MoveFileExW
CreateHardLinkW
ReadDirectoryChangesW
CopyFile2
GetFileInformationByHandleEx
ReplaceFileW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
SearchPathW
GetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
ExpandEnvironmentStringsA
SetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSidSubAuthorityCount
GetSidLengthRequired
RevertToSelf
ImpersonateSelf
GetSecurityDescriptorOwner
GetSidIdentifierAuthority
InitializeSid
GetSidSubAuthority
SetSecurityDescriptorOwner
DuplicateTokenEx
DeleteAce
SetFileSecurityW
DuplicateToken
EqualSid
FreeSid
AllocateAndInitializeSid
CreateWellKnownSid
IsWellKnownSid
SetTokenInformation
CheckTokenMembership
AddAccessDeniedAceEx
InitializeAcl
AddAccessAllowedAceEx
AddAce
GetAce
GetAclInformation
CopySid
GetLengthSid
IsValidSid
GetFileSecurityW
AccessCheck
GetSecurityDescriptorControl
AdjustTokenPrivileges
GetTokenInformation

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapDestroy
HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-localization-l1-2-0

ResolveLocaleName
GetSystemDefaultLCID
IsDBCSLeadByte
GetCPInfo
GetUserPreferredUILanguages
GetUserDefaultLangID
VerLanguageNameW
LCMapStringW
LocaleNameToLCID
GetSystemPreferredUILanguages
GetLocaleInfoW
FindNLSString
GetUserDefaultLCID
LCMapStringEx
GetACP
IsValidLocaleName
GetThreadUILanguage
GetThreadLocale
FormatMessageW
GetSystemDefaultLangID
FindNLSStringEx

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
GetTimeZoneInformationForYear
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
CreateThreadpoolWait
CreateThreadpoolWork
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWork
SetThreadpoolTimer
SubmitThreadpoolWork
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-1

OpenProcess
FlushInstructionCache

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32GetProcessImageFileNameW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceExecuteOnce

api-ms-win-core-path-l1-1-0

PathCchAddExtension
PathCchAddBackslash
PathAllocCanonicalize
PathCchCanonicalize
PathCchSkipRoot
PathCchCombineEx
PathCchRemoveExtension
PathCchAddBackslashEx
PathCchAppend
PathCchStripToRoot
PathCchAppendEx
PathCchCombine
PathCchRemoveFileSpec
PathCchRemoveBackslash
PathCchStripPrefix
PathIsUNCEx
PathAllocCombine
PathCchRenameExtension

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
GetTempPathW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
CancelIoEx
DeviceIoControl
GetQueuedCompletionStatus
CreateIoCompletionPort

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

api-ms-win-core-wow64-l1-1-1

Wow64SetThreadDefaultGuestMachine
IsWow64Process2
GetSystemWow64DirectoryW

api-ms-win-core-wow64-l1-1-0

Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-devices-config-l1-1-1

CM_Get_Device_IDW
CM_Locate_DevNodeW
CM_Get_Device_Interface_PropertyW
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-sysinfo-l1-2-3

GetIntegratedDisplaySize

api-ms-win-core-memory-l1-1-1

PrefetchVirtualMemory

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventProviderEnabled
EventActivityIdControl

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrRStrIA
StrRStrIW
StrStrA
StrStrIA
StrStrIW
StrStrW
StrCmpICW
StrToIntW
StrCmpCW
QISearch
StrCmpIW
StrCmpNA
StrCmpNIA
StrCmpICA
StrToIntExW
StrDupW
StrCmpNIW
StrCmpNW
StrRChrIW
StrTrimW
StrDupA
StrCmpW
StrCmpNICW
StrCmpLogicalW
StrCSpnW
StrCpyNXW
StrRChrIA
StrCmpNCW
StrPBrkW
StrSpnW
StrRChrA
StrChrW
StrToIntA
StrRChrW
StrChrIW
StrChrA
StrChrIA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA
lstrlenW
lstrlenA
lstrcmpA
lstrcmpW
lstrcmpiW

api-ms-win-core-stringansi-l1-1-0

CharPrevA
CharNextA

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalLock
LocalSize
GlobalFlags

api-ms-win-core-localization-obsolete-l1-2-0

GetNumberFormatW
GetUserDefaultUILanguage
EnumUILanguagesW
GetSystemDefaultUILanguage

api-ms-win-core-privateprofile-l1-1-0

WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetProfileSectionW

api-ms-win-core-atoms-l1-1-0

FindAtomW
GlobalGetAtomNameW
GetAtomNameW
GlobalDeleteAtom
GlobalAddAtomW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsUNCServerShareW
PathUnquoteSpacesW
PathUnExpandEnvStringsW
PathAddBackslashW
PathParseIconLocationW
PathCombineW
PathRemoveExtensionW
PathFindFileNameW
PathQuoteSpacesW
PathIsUNCW
PathAppendW
PathIsUNCServerW
PathGetDriveNumberW
PathSkipRootW
PathFileExistsW
PathRemoveFileSpecW
PathFindExtensionW
PathIsRootW
PathIsRelativeW
PathFindNextComponentW
PathMatchSpecExW
PathRemoveBlanksW
PathGetArgsW
PathStripPathW
PathIsValidCharW
PathIsFileSpecW
PathGetCharTypeW
PathRemoveBackslashW
PathRemoveFileSpecA
PathIsRootA
SHExpandEnvironmentStringsW
PathAppendA
IsCharSpaceW
PathIsPrefixW
PathIsSameRootW
PathCommonPrefixW
SHExpandEnvironmentStringsA
PathMatchSpecW
PathStripToRootW

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId
RegisterWaitForSingleObject
UnregisterWait
GetSystemPowerStatus
MulDiv
SetVolumeLabelW
GetComputerNameW
GetShortPathNameA

api-ms-win-core-kernel32-legacy-l1-1-1

PowerClearRequest
PowerCreateRequest
PowerSetRequest

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer
QueueUserWorkItem
UnregisterWaitEx

api-ms-win-core-kernel32-legacy-l1-1-2

GetBinaryTypeW

api-ms-win-core-url-l1-1-0

UrlFixupW
HashData
UrlGetPartW
UrlCanonicalizeW
PathIsURLW
UrlIsW
PathCreateFromUrlW
UrlEscapeW
UrlCreateFromPathW
UrlCompareW
UrlUnescapeW
UrlApplySchemeW
ParseURLW
UrlUnescapeA
PathCreateFromUrlAlloc

api-ms-win-core-registryuserspecific-l1-1-0

SHRegEnumUSKeyW
SHRegOpenUSKeyW
SHRegCloseUSKey
SHRegOpenUSKeyA
SHRegGetUSValueW
SHRegQueryUSValueW
SHRegGetBoolUSValueW

api-ms-win-core-kernel32-private-l1-1-0

CheckElevation
CheckElevationEnabled

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
QueryActCtxW
ReleaseActCtx
DeactivateActCtx
CreateActCtxW

api-ms-win-shcore-path-l1-1-0

ord170
ord172

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-storage-exports-internal-l1-1-0

Global_WindowsStorage_lProcessClassCount
StateRepoVerbsCache_RebuildCacheAsync
Global_WindowsStorage_Untyped_FileClassSRWLock
Global_WindowsStorage_Untyped_pFileHanderMap
Global_WindowsStorage_Untyped_pFileClassCacheTable
CreateExtrinsicPropertyStore
GetInfoForFileInUse
CreateSortColumnArray
CRegFolder_CreateInstance
CRegFolder_CreateAndInit
_CleanRecentDocs
DetermineFolderDestinationParentAppID
CCachedShellItem_CreateInstance
CFSFolder_AdjustForSlowColumn
HideExtension
SHCreateItemWithParentAndChildId
_PredictReasonableImpact
RegistryVerbs_GetHandlerMultiSelectModel
IsNameListedUnderKey
CopyDefaultLibrariesFromGroupPolicy
SHGetKnownFolderIDList_Internal
CreateItemArrayFromItemStore
GetFileUndoText
Global_WindowsStorage_ulNextID
Global_WindowsStorage_tlsChangeClientProxy
Global_WindowsStorage_hwndSCN
Global_WindowsStorage_csSCN
CShellItemArray_CreateInstance
Global_WindowsStorage_Untyped_MountPoint
Global_WindowsStorage_fIconCacheHasBeenSuccessfullyCreated
Global_WindowsStorage_fNeedsInitBroadcast
GetRegDataDrivenCommandWithAssociation
StateRepoVerbsCache_GetContextMenuVerbs
Global_WindowsStorage_iLastSysIcon
Global_WindowsStorage_lrFlags
CTaskAddDoc_Create
CPrivateProfileCache_Save
Global_WindowsStorage_csIconCache
Global_WindowsStorage_iLastSystemColorDepth
Global_WindowsStorage_MaxIcons
Global_WindowsStorage_afNotRedirected
Global_WindowsStorage_fIconCacheIsValid
Global_WindowsStorage_ccIcon
Global_WindowsStorage_fEndInitialized
CShellItemArrayAsVirtualizedObjectArray_CreateInstance
Global_WindowsStorage_dwThreadInitializing
GetRegDataDrivenCommand
CShellItemArrayWithCommonParent_CreateInstance
SendNotificationsForLibraryItem
IsLibraryPolicyEnabled
IsLibraryCreatedByPolicy
CMruLongList_CreateInstance
CViewSettings_CreateInstance
GetSelectionStateFromItemArray
SetThreadFlags
SHResolveLibrary
SHGetKnownFolderItem
SHSetFolderPathW
SHSetFolderPathA
SHGetFolderPathAndSubDirA
SHKnownFolderFromCSIDL
SHPrepareKnownFoldersCommon
SHPrepareKnownFoldersUser
CustomStatePropertyDescription_CreateWithItemPropertyStore
CDesktopFolder_CreateInstanceWithBindContext
Global_WindowsStorage_dwThreadBindCtx
GetFindDataForPath
CShellItem_CreateInstance
CFileOperationRecorder_CreateInstance
Global_WindowsStorage_iUseLinkPrefix
CreateLocalizationDesktopIni
Global_WindowsStorage_Untyped_rgshil
CShellItemArrayAsCollection_CreateInstance
SHGetFolderPathEx
CFSFolder_CreateFolder
GetThreadFlags
Global_WindowsStorage_tlsIconCache
EnumShellItemsFromEnumFullIdList
SHGetKnownFolderIDList
SHFileOperationWithAdditionalFlags
Global_WindowsStorage_esServerMode
GetCommandProviderForFolderType
CCollectionFactory_CreateInstance
SHGetSpecialFolderLocation
CreateItemArrayFromObjectArray
DataAccessCaches_InvalidateForLibrary

api-ms-win-storage-exports-external-l1-1-0

STORAGE_SHGetPathFromMsUri
STORAGE_GetSystemPersistedStorageItemList
STORAGE_CreateStorageItemFromPath_FullTrustCaller_ForPackage
STORAGE_CreateStorageItemFromPath_PartialTrustCaller
STORAGE_CEnumFiles_CreateInstance
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller_UseImplicitFlagsAndPackage
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller_ForPackage_WithProcessHandle
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller_ForPackage
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller
STORAGE_CreateStorageItemFromPath_FullTrustCaller
STORAGE_CStorageItem_GetValidatedStorageItemObject
STORAGE_CStorageItem_GetValidatedStorageItem
STORAGE_SHFreeNameMappings
STORAGE_SHValidateMSUri
STORAGE_SHFileOperationA
STORAGE_SHCreateDirectoryExA
STORAGE_SHCreateDirectory
STORAGE_SHConfirmOperation
STORAGE_SHCreateShellItemArrayFromShellItem
STORAGE_SHCreateShellItemArrayFromIDLists
STORAGE_SHCreateShellItemArrayFromDataObject
STORAGE_SHCreateShellItemArray
STORAGE_SHGetDesktopFolderWorker
STORAGE_AddItemToRecentDocs
STORAGE_SHAddToRecentDocs
STORAGE_SHAddToRecentDocsEx
STORAGE_AddNewFolderToFrequentPlaces
STORAGE_ClearDestinationsForAllApps
STORAGE_MakeDestinationItem
STORAGE_SHPathPrepareForWriteW
STORAGE_SHFileOperation
STORAGE_CreateSortColumnArrayFromListDesc
STORAGE_SHPathPrepareForWriteA
STORAGE_GetShellItemFromStorageItem

api-ms-win-shell-shellcom-l1-1-0

SHCoCreateInstance

api-ms-win-shell-shellfolders-l1-1-0

SHGetKnownFolderPath
SHGetFolderPathW
SHGetFolderPathAndSubDirW
SHSetKnownFolderPath
SHGetFolderLocation
SHGetSpecialFolderPathA
SHGetFolderPathA
SHGetSpecialFolderPathW

kernelbase

GetCurrentPackageInfo
GetPackagesByPackageFamily
GetPackageFullName
OpenState
OpenStateExplicit
GetStateFolder
CloseState
GetSystemAppDataKey
ExtensionProgIdExists
GetExtensionProgIds
GetEffectivePackageStatusForUser
ClosePackageInfo
PackageNameAndPublisherIdFromFamilyName
GetPackageInfo
NotifyRedirectedStringChange
OpenPackageInfoByFullName
GetStagedPackagePathByFullName

user32

SetMessageExtraInfo
TrackPopupMenu
GetCursorPos
RegisterClipboardFormatW
SwitchToThisWindow
SetMenuItemInfoW
GetWindow
MessageBeep
GetDoubleClickTime
LoadAcceleratorsW
AppendMenuW
CheckMenuRadioItem
GetMenuStringW
ReleaseDC
GetDC
NotifyWinEvent
CheckMenuItem
SystemParametersInfoW
GetMenuItemInfoW
GetMenuItemCount
IsWindow
SetMenuDefaultItem
WaitForInputIdle
GetSystemMetrics
GetMenuDefaultItem
AnimateWindow
GetCursor
LoadIconW
PrivateExtractIconsW
GetFocus
InsertMenuItemW
EnableMenuItem
HideCaret
DestroyIcon
ShowCaret
LockSetForegroundWindow
SetMenu
GetIconInfo
ChildWindowFromPoint
CreateDialogParamW
GetDisplayConfigBufferSizes
QueryDisplayConfig
GetClassLongW
GetCurrentInputMessageSource
GetWindowDpiAwarenessContext
AreDpiAwarenessContextsEqual
CreateIconIndirect
GetMenuItemID
LookupIconIdFromDirectory
MapWindowPoints
SendMessageW
ScreenToClient
SendDlgItemMessageW
GetDlgItemTextW
SetDlgItemTextW
GetWindowPlacement
SetCursor
GetDesktopWindow
ChangeClipboardChain
LoadCursorW
InvalidateRect
GetGestureInfo
GetDlgItem
SetWindowTextW
CloseGestureInfoHandle
SetGestureConfig
GetMessageExtraInfo
ShowWindow
PtInRect
DestroyAcceleratorTable
EndMenu
GetClientRect
InsertMenuW
CreateMenu
SetWindowPos
GetWindowTextW
TranslateAcceleratorW
SetClipboardViewer
OffsetRect
SetWindowLongPtrW
GetKeyboardLayout
EmptyClipboard
GetMenuInfo
GetWindowLongPtrW
IsWinEventHookInstalled
UnhookWinEvent
EndDialog
SetWinEventHook
SetShellWindow
GetSysColor
SystemParametersInfoForDpi
DrawIcon
DrawFocusRect
GetWindowLongW
SetWindowLongW
DisplayConfigGetDeviceInfo
DestroyWindow
AdjustWindowRectEx
SetSysColors
wsprintfW
InflateRect
GetKeyState
GetMessagePos
GetWindowThreadProcessId
UnpackDDElParam
DdeInitializeW
DdeUninitialize
GetForegroundWindow
DdeNameService
DdeDisconnect
DdeQueryStringW
DdeFreeStringHandle
DdeCreateStringHandleW
DdeCreateDataHandle
DdeGetLastError
DdeGetData
RegisterWindowMessageW
DdeQueryConvInfo
FindWindowW
WaitMessage
ChangeWindowMessageFilterEx
LockWindowUpdate
ord2707
EnumDisplaySettingsW
GetClassLongPtrW
SetShellWindowEx
EnumDisplayMonitors
CreateAcceleratorTableW
SetTimer
GetProcessWindowStation
GetClassNameW
GetMessageTime
LoadBitmapW
CheckRadioButton
GetDlgItemInt
SetDlgItemInt
ClientToScreen
IsRectEmpty
SetParent
KillTimer
RegisterClassW
DefWindowProcW
GetWindowRect
WindowFromPoint
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetSystemMenu
PostThreadMessageW
SetDialogDpiChangeBehavior
IsDialogMessageW
SetCapture
ReleaseCapture
GetCapture
TrackPopupMenuEx
UpdateWindow
GetThreadDesktop
TrackMouseEvent
MonitorFromRect
GetClassInfoExW
SetMenuInfo
SetCoalescableTimer
CallNextHookEx
GetUpdateRect
GetUserObjectInformationW
CallWindowProcW
BeginPaint
SetScrollPos
ord2705
ShowScrollBar
SetScrollInfo
SetWindowRgn
SetWindowsHookExW
UnhookWindowsHookEx
GetDialogBaseUnits
GetLastInputInfo
SystemParametersInfoA
WinHelpW
CreateWindowExW
FindWindowExW
RegisterWindowMessageA
DrawTextExW
ActivateKeyboardLayout
AdjustWindowRectExForDpi
SubtractRect
CreateWindowIndirect
SetLayeredWindowAttributes
GetWindowDC
GetPointerDevices
SetRectEmpty
DialogBoxParamW
GetDpiForWindow
BroadcastSystemMessageW
GetAncestor
EndPaint
FillRect
GetSysColorBrush
MonitorFromPoint
EnableWindow
DrawEdge
SetThreadDpiAwarenessContext
EnumChildWindows
CloseClipboard
SetClipboardData
GetClipboardData
OpenClipboard
EnumPropsExW
RedrawWindow
CloseDesktop
OpenInputDesktop
GetMonitorInfoW
CreateWindowInBand
GetDpiForSystem
GetSystemMetricsForDpi
CopyRect
SetRect
MsgWaitForMultipleObjectsEx
LoadImageW
ExitWindowsEx
EndDeferWindowPos
IsWindowVisible
BeginDeferWindowPos
AdjustWindowRect
GetDlgCtrlID
SetDlgItemTextA
SetFocus
SetShellChangeNotifyWindow
GetShellChangeNotifyWindow
PeekMessageW
GetShellWindow
MsgWaitForMultipleObjects
RegisterDeviceNotificationW
UnregisterDeviceNotification
SendMessageCallbackW
MessageBoxW
GetClipboardOwner
IsHungAppWindow
CountClipboardFormats
GetMenuState
GetMessageW
ModifyMenuW
DeferWindowPos
CopyAcceleratorTableW
MoveWindow
AttachThreadInput
DefWindowProcA
IsWindowUnicode
TranslateMessage
RegisterShellHookWindow
DeregisterShellHookWindow
SetTaskmanWindow
GetTaskmanWindow
DispatchMessageW
SetProcessDPIAware
PostMessageW
CreatePopupMenu
GetClassInfoW
GetWindowTextLengthW
CopyImage
MapDialogRect
SetActiveWindow
GetWindowBand
DestroyMenu
IsWindowEnabled
DrawIconEx
IsProcessDPIAware
GetProcessDefaultLayout
AllowSetForegroundWindow
IsSETEnabled
EqualRect
IntersectRect
MonitorFromWindow
DeleteMenu
GetAsyncKeyState
CheckDlgButton
IsDlgButtonChecked
ord2521
UpdateLayeredWindow
IsChild
IsMenu
DrawTextW
UnionRect
EnumDisplayDevicesW
GetParent
SetWindowCompositionAttribute
RemoveMenu
RegisterClassExW
GetSubMenu
SetPropW
LoadMenuW
ShutdownBlockReasonCreate
GetScrollInfo
SendNotifyMessageW
RemovePropW
SendMessageTimeoutW
IsIconic
ShutdownBlockReasonDestroy
CopyIcon
EnumWindows
SetForegroundWindow
GetPropW
PostQuitMessage
GetLastActivePopup

ntdll

RtlAreLongPathsEnabled
RtlQueryResourcePolicy
RtlFlushHeaps
NtOpenThreadToken
RtlInitializeResource
RtlAcquireResourceExclusive
RtlReleaseResource
RtlDeleteResource
EtwLogTraceEvent
NtQuerySystemInformationEx
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlAllocateHeap
NtSetInformationToken
RtlQueryWnfStateData
RtlGetNtSystemRoot
RtlQueryRegistryValuesEx
RtlCheckRegistryKey
NtQuerySystemInformation
NtQueryObject
NtQueryKey
RtlIsPartialPlaceholder
NtSetSecurityObject
NtQuerySecurityObject
RtlDosPathNameToNtPathName_U
ShipAssert
RtlIsNonEmptyDirectoryReparsePointAllowed
ZwQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlRandomEx
RtlCreateUnicodeString
RtlPublishWnfStateData
NtQueryWnfStateData
RtlCreateServiceSid
RtlLengthRequiredSid
RtlGetNtProductType
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
NtPowerInformation
NtQueryInformationProcess
NtQueryAttributesFile
RtlDosPathNameToRelativeNtPathName_U
NtOpenProcessToken
NtQueryInformationToken
RtlDllShutdownInProgress
RtlGetDeviceFamilyInfoEnum
WinSqmAddToStreamEx
NtSetCachedSigningLevel
NtCompareSigningLevels
NtGetCachedSigningLevel
RtlMapGenericMask
WinSqmSetDWORD
WinSqmIncrementDWORD
WinSqmAddToStream
EtwTraceMessage
EtwEventWrite
EtwEventEnabled
EtwEventActivityIdControl
EtwEventSetInformation
EtwEventRegister
EtwEventUnregister
RtlDestroyEnvironment
RtlSetCurrentEnvironment
RtlCreateEnvironment
RtlExpandEnvironmentStrings_U
RtlSetEnvironmentVariable
RtlQueryEnvironmentVariable_U
RtlInitUnicodeStringEx
RtlGetLastNtStatus
RtlFreeUnicodeString
RtlReleaseRelativeName
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtQueryVolumeInformationFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U_WithStatus
NtOpenFile
NtSetInformationFile
RtlUnicodeStringToOemString
NtFsControlFile
NtClose
NtCreateFile
RtlNtStatusToDosError
NtQueryInformationFile
RtlPrefixString
RtlInitUnicodeString
EtwEventWriteTransfer

gdi32

GdiTransparentBlt
LPtoDP
SetMetaFileBitsEx
StretchBlt
GetDIBits
CreateBitmap
CreateCompatibleBitmap
SelectClipRgn
IntersectClipRect
GetClipRgn
CreateRectRgn
GetClipBox
StretchDIBits
BitBlt
GdiAlphaBlend
CreateDCW
SetViewportExtEx
DeleteDC
CreateCompatibleDC
CreateDIBSection
GetTextExtentPointW
GetObjectW
SetWindowOrgEx
SetViewportOrgEx
OffsetWindowOrgEx
CreateSolidBrush
GetDeviceCaps
SetTextColor
SetWindowExtEx
SelectObject
SetMapMode
TextOutA
GetTextExtentPoint32A
CreateFontW
GetPixel
GetDIBColorTable
SetDIBits
ExtTextOutW
GetObjectType
GetWindowOrgEx
GetRegionData
GetRgnBox
CombineRgn
SaveDC
RestoreDC
CreateRectRgnIndirect
SetDCBrushColor
PlgBlt
ExtSelectClipRgn
GetViewportOrgEx
DeleteMetaFile
PlayMetaFile
GetTextAlign
CreatePolygonRgn
SetBkMode
GetStockObject
SetLayout
LineTo
GetLayout
ExcludeClipRect
MoveToEx
PatBlt
SetStretchBltMode
SetTextAlign
GetTextExtentPoint32W
SetBkColor
DeleteObject
GetTextMetricsW
Rectangle
CreatePen
CreateFontIndirectW
GetCurrentObject
GetTextColor

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-job-l2-1-0

CreateJobObjectW
SetInformationJobObject
AssignProcessToJobObject

api-ms-win-security-cryptoapi-l1-1-0

CryptGenRandom

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AppCompat_RunDLLW
AssocCreateForClasses
AssocGetDetailsOfPropKey
CDefFolderMenu_Create2
CIDLData_CreateFromIDArray
CStorageItem_GetValidatedStorageItemObject
CheckEscapesW
CommandLineToArgvW
Control_RunDLL
Control_RunDLLA
Control_RunDLLAsUserW
Control_RunDLLW
CreateStorageItemFromPath_FullTrustCaller
CreateStorageItemFromPath_FullTrustCaller_ForPackage
CreateStorageItemFromPath_PartialTrustCaller
CreateStorageItemFromShellItem_FullTrustCaller
CreateStorageItemFromShellItem_FullTrustCaller_ForPackage
CreateStorageItemFromShellItem_FullTrustCaller_ForPackage_WithProcessHandle
CreateStorageItemFromShellItem_FullTrustCaller_UseImplicitFlagsAndPackage
DAD_AutoScroll
DAD_DragEnterEx
DAD_DragEnterEx2
DAD_DragLeave
DAD_DragMove
DAD_SetDragImage
DAD_ShowDragImage
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllUnregisterServer
DoEnvironmentSubstA
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
DragQueryPoint
DriveType
DuplicateIcon
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconA
ExtractIconEx
ExtractIconExA
ExtractIconExW
ExtractIconW
FindExecutableA
FindExecutableW
FreeIconList
GetCurrentProcessExplicitAppUserModelID
GetFileNameFromBrowse
GetSystemPersistedStorageItemList
ILAppendID
ILClone
ILCloneFirst
ILCombine
ILCreateFromPath
ILCreateFromPathA
ILCreateFromPathW
ILFindChild
ILFindLastID
ILFree
ILGetNext
ILGetSize
ILIsEqual
ILIsParent
ILLoadFromStreamEx
ILRemoveLastID
ILSaveToStream
InitNetworkAddressControl
InternalExtractIconListA
InternalExtractIconListW
IsDesktopExplorerProcess
IsLFNDrive
IsLFNDriveA
IsLFNDriveW
IsNetDrive
IsProcessAnExplorer
IsUserAnAdmin
LaunchMSHelp_RunDLLW
OpenAs_RunDLL
OpenAs_RunDLLA
OpenAs_RunDLLW
OpenRegStream
Options_RunDLL
Options_RunDLLA
Options_RunDLLW
PathCleanupSpec
PathGetShortPath
PathIsExe
PathIsSlowA
PathIsSlowW
PathMakeUniqueName
PathQualify
PathResolve
PathYetAnotherMakeUniqueName
PickIconDlg
PifMgr_CloseProperties
PifMgr_GetProperties
PifMgr_OpenProperties
PifMgr_SetProperties
PrepareDiscForBurnRunDllW
PrintersGetCommand_RunDLL
PrintersGetCommand_RunDLLA
PrintersGetCommand_RunDLLW
ReadCabinetState
RealDriveType
RealShellExecuteA
RealShellExecuteExA
RealShellExecuteExW
RealShellExecuteW
RegenerateUserEnvironment
RestartDialog
RestartDialogEx
RunAsNewUser_RunDLLW
SHAddDefaultPropertiesByExt
SHAddFromPropSheetExtArray
SHAddToRecentDocs
SHAlloc
SHAppBarMessage
SHAssocEnumHandlers
SHAssocEnumHandlersForProtocolByApplication
SHBindToFolderIDListParent
SHBindToFolderIDListParentEx
SHBindToObject
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHBrowseForFolderW
SHCLSIDFromString
SHChangeNotification_Lock
SHChangeNotification_Unlock
SHChangeNotify
SHChangeNotifyDeregister
SHChangeNotifyRegister
SHChangeNotifyRegisterThread
SHChangeNotifySuspendResume
SHCloneSpecialIDList
SHCoCreateInstance
SHCoCreateInstanceWorker
SHCreateAssociationRegistration
SHCreateCategoryEnum
SHCreateDataObject
SHCreateDefaultContextMenu
SHCreateDefaultExtractIcon
SHCreateDefaultPropertiesOp
SHCreateDirectory
SHCreateDirectoryExA
SHCreateDirectoryExW
SHCreateDrvExtIcon
SHCreateFileExtractIconW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHCreateItemFromRelativeName
SHCreateItemInKnownFolder
SHCreateItemWithParent
SHCreateLocalServerRunDll
SHCreateProcessAsUserW
SHCreatePropSheetExtArray
SHCreateQueryCancelAutoPlayMoniker
SHCreateShellFolderView
SHCreateShellFolderViewEx
SHCreateShellItem
SHCreateShellItemArray
SHCreateShellItemArrayFromDataObject
SHCreateShellItemArrayFromIDLists
SHCreateShellItemArrayFromShellItem
SHCreateStdEnumFmtEtc
SHDefExtractIconA
SHDefExtractIconW
SHDestroyPropSheetExtArray
SHDoDragDrop
SHELL32_AddToBackIconTable
SHELL32_AddToFrontIconTable
SHELL32_AreAllItemsAvailable
SHELL32_BindToFilePlaceholderHandler
SHELL32_CCommonPlacesFolder_CreateInstance
SHELL32_CDBurn_CloseSession
SHELL32_CDBurn_DriveSupportedForDataBurn
SHELL32_CDBurn_Erase
SHELL32_CDBurn_GetCDInfo
SHELL32_CDBurn_GetLiveFSDiscInfo
SHELL32_CDBurn_GetStagingPathOrNormalPath
SHELL32_CDBurn_GetTaskInfo
SHELL32_CDBurn_IsBlankDisc
SHELL32_CDBurn_IsBlankDisc2
SHELL32_CDBurn_IsLiveFS
SHELL32_CDBurn_OnDeviceChange
SHELL32_CDBurn_OnEject
SHELL32_CDBurn_OnMediaChange
SHELL32_CDefFolderMenu_Create2
SHELL32_CDefFolderMenu_Create2Ex
SHELL32_CDefFolderMenu_MergeMenu
SHELL32_CDrivesContextMenu_Create
SHELL32_CDrivesDropTarget_Create
SHELL32_CDrives_CreateSFVCB
SHELL32_CFSDropTarget_CreateInstance
SHELL32_CFSFolderCallback_Create
SHELL32_CFillPropertiesTask_CreateInstance
SHELL32_CLibraryDropTarget_CreateInstance
SHELL32_CLocationContextMenu_Create
SHELL32_CLocationFolderUI_CreateInstance
SHELL32_CMountPoint_DoAutorun
SHELL32_CMountPoint_DoAutorunPrompt
SHELL32_CMountPoint_IsAutoRunDriveAndEnabledByPolicy
SHELL32_CMountPoint_ProcessAutoRunFile
SHELL32_CMountPoint_WantAutorunUI
SHELL32_CMountPoint_WantAutorunUIGetReady
SHELL32_CPL_CategoryIdArrayFromVariant
SHELL32_CPL_IsLegacyCanonicalNameListedUnderKey
SHELL32_CPL_ModifyWowDisplayName
SHELL32_CRecentDocsContextMenu_CreateInstance
SHELL32_CSyncRootManager_CreateInstance
SHELL32_CTransferConfirmation_CreateInstance
SHELL32_CallFileCopyHooks
SHELL32_CanDisplayWin8CopyDialog
SHELL32_CloseAutoplayPrompt
SHELL32_CommandLineFromMsiDescriptor
SHELL32_CopyFilePlaceholderToNewFile
SHELL32_CopySecondaryTiles
SHELL32_CreateConfirmationInterrupt
SHELL32_CreateConflictInterrupt
SHELL32_CreateDefaultOperationDataProvider
SHELL32_CreateFileFolderContextMenu
SHELL32_CreateLinkInfoW
SHELL32_CreatePlaceholderFile
SHELL32_CreateQosRecorder
SHELL32_CreateSharePointView
SHELL32_Create_IEnumUICommand
SHELL32_DestroyLinkInfo
SHELL32_EncryptDirectory
SHELL32_EncryptedFileKeyInfo
SHELL32_EnumCommonTasks
SHELL32_FilePlaceholder_BindToPrimaryStream
SHELL32_FilePlaceholder_CreateInstance
SHELL32_FreeEncryptedFileKeyInfo
SHELL32_GenerateAppID
SHELL32_GetAppIDRoot
SHELL32_GetCommandProviderForFolderType
SHELL32_GetDPIAdjustedLogicalSize
SHELL32_GetDiskCleanupPath
SHELL32_GetFileNameFromBrowse
SHELL32_GetIconOverlayManager
SHELL32_GetLinkInfoData
SHELL32_GetPlaceholderStatesFromFileAttributesAndReparsePointTag
SHELL32_GetRatingBucket
SHELL32_GetSkyDriveNetworkStates
SHELL32_GetSqmableFileName
SHELL32_GetThumbnailAdornerFromFactory
SHELL32_GetThumbnailAdornerFromFactory2
SHELL32_HandleUnrecognizedFileSystem
SHELL32_IconCacheCreate
SHELL32_IconCacheDestroy
SHELL32_IconCacheHandleAssociationChanged
SHELL32_IconCacheRestore
SHELL32_IconCache_AboutToExtractIcons
SHELL32_IconCache_DoneExtractingIcons
SHELL32_IconCache_ExpandEnvAndSearchPath
SHELL32_IconCache_RememberRecentlyExtractedIconsW
SHELL32_IconOverlayManagerInit
SHELL32_IsGetKeyboardLayoutPresent
SHELL32_IsSystemUpgradeInProgress
SHELL32_IsValidLinkInfo
SHELL32_LegacyEnumSpecialTasksByType
SHELL32_LegacyEnumTasks
SHELL32_LookupBackIconIndex
SHELL32_LookupFrontIconIndex
SHELL32_NormalizeRating
SHELL32_NotifyLinkTrackingServiceOfMove
SHELL32_PifMgr_CloseProperties
SHELL32_PifMgr_GetProperties
SHELL32_PifMgr_OpenProperties
SHELL32_PifMgr_SetProperties
SHELL32_Printers_CreateBindInfo
SHELL32_Printjob_GetPidl
SHELL32_PurgeSystemIcon
SHELL32_RefreshOverlayImages
SHELL32_ResolveLinkInfoW
SHELL32_SHAddSparseIcon
SHELL32_SHCreateByValueOperationInterrupt
SHELL32_SHCreateDefaultContextMenu
SHELL32_SHCreateLocalServer
SHELL32_SHCreateShellFolderView
SHELL32_SHDuplicateEncryptionInfoFile
SHELL32_SHEncryptFile
SHELL32_SHFormatDriveAsync
SHELL32_SHGetThreadUndoManager
SHELL32_SHGetUserNameW
SHELL32_SHIsVirtualDevice
SHELL32_SHLaunchPropSheet
SHELL32_SHLogILFromFSIL
SHELL32_SHOpenWithDialog
SHELL32_SHStartNetConnectionDialogW
SHELL32_SHUICommandFromGUID
SHELL32_SendToMenu_InvokeTargetedCommand
SHELL32_SendToMenu_VerifyTargetedCommand
SHELL32_SetPlaceholderReparsePointAttribute
SHELL32_SetPlaceholderReparsePointAttribute2
SHELL32_ShowHideIconOnlyOnDesktop
SHELL32_SimpleRatingToFilterCondition
SHELL32_StampIconForFile
SHELL32_SuspendUndo
SHELL32_TryVirtualDiscImageDriveEject
SHELL32_UpdateFilePlaceholderStates
SHELL32_VerifySaferTrust
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHEnableServiceObject
SHEnumerateUnreadMailAccountsW
SHEvaluateSystemCommandTemplate
SHExtractIconsW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFindFiles
SHFind_InitMenuPopup
SHFlushSFCache
SHFormatDrive
SHFree
SHFreeNameMappings
SHGetAttributesFromDataObject
SHGetDataFromIDListA
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceExW
SHGetDriveMedia
SHGetFileInfo
SHGetFileInfoA
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetFolderPathAndSubDirA
SHGetFolderPathAndSubDirW
SHGetFolderPathEx
SHGetFolderPathW
SHGetIDListFromObject
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetImageList
SHGetInstanceExplorer
SHGetItemFromDataObject
SHGetItemFromObject
SHGetKnownFolderIDList
SHGetKnownFolderItem
SHGetKnownFolderPath
SHGetLocalizedName
SHGetMalloc
SHGetNameFromIDList
SHGetNewLinkInfo
SHGetNewLinkInfoA
SHGetNewLinkInfoW
SHGetPathFromIDList
SHGetPathFromIDListA
SHGetPathFromIDListEx
SHGetPathFromIDListW
SHGetPropertyStoreForWindow
SHGetPropertyStoreFromIDList
SHGetPropertyStoreFromParsingName
SHGetRealIDL
SHGetSetFolderCustomSettings
SHGetSetSettings
SHGetSettings
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHGetStockIconInfo
SHGetTemporaryPropertyForItem
SHGetUnreadMailCountW
SHHandleUpdateImage
SHHelpShortcuts_RunDLL
SHHelpShortcuts_RunDLLA
SHHelpShortcuts_RunDLLW
SHILCreateFromPath
SHInvokePrinterCommandA
SHInvokePrinterCommandW
SHIsFileAvailableOffline
SHLimitInputEdit
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHMapPIDLToSystemImageListIndex
SHMultiFileProperties
SHObjectProperties
SHOpenFolderAndSelectItems
SHOpenPropSheetW
SHOpenWithDialog
SHParseDisplayName
SHPathPrepareForWriteA
SHPathPrepareForWriteW
SHPropStgCreate
SHPropStgReadMultiple
SHPropStgWriteMultiple
SHQueryRecycleBinA
SHQueryRecycleBinW
SHQueryUserNotificationState
SHRemoveLocalizedName
SHReplaceFromPropSheetExtArray
SHResolveLibrary
SHRestricted
SHSetDefaultProperties
SHSetFolderPathA
SHSetFolderPathW
SHSetInstanceExplorer
SHSetKnownFolderPath
SHSetLocalizedName
SHSetTemporaryPropertyForItem
SHSetUnreadMailCountW
SHShellFolderView_Message
SHShowManageLibraryUI
SHSimpleIDListFromPath
SHStartNetConnectionDialogW
SHTestTokenMembership
SHUpdateImageA
SHUpdateImageW
SHUpdateRecycleBinIcon
SHValidateUNC
SetCurrentProcessExplicitAppUserModelID
SheChangeDirA
SheChangeDirExW
SheGetDirA
SheSetCurDrive
ShellAboutA
ShellAboutW
ShellExec_RunDLL
ShellExec_RunDLLA
ShellExec_RunDLLW
ShellExecuteA
ShellExecuteEx
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
ShellHookProc
ShellMessageBoxA
ShellMessageBoxW
Shell_GetCachedImageIndex
Shell_GetCachedImageIndexA
Shell_GetCachedImageIndexW
Shell_GetImageLists
Shell_MergeMenus
Shell_NotifyIcon
Shell_NotifyIconA
Shell_NotifyIconGetRect
Shell_NotifyIconW
SignalFileOpen
StgMakeUniqueName
StrChrA
StrChrIA
StrChrIW
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrCmpNW
StrNCmpA
StrNCmpIA
StrNCmpIW
StrNCmpW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrA
StrRStrIA
StrRStrIW
StrRStrW
StrStrA
StrStrIA
StrStrIW
StrStrW
UsersLibrariesFolderUI_CreateInstance
WOWShellExecute
WaitForExplorerRestartW
Win32DeleteFile
WriteCabinetState

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14.1MB - Virtual size: 14.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ServerCertificate.p12

Sharing

General

Malware Config

Extracted

Signatures

Files

bf0f23560274fe8e79ae2e632566ae8c

Headers

File Characteristics

Imports

oleaut32

user32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 309KB - Virtual size: 308KB

.data Size: 2KB - Virtual size: 35KB

.pdata Size: 70KB - Virtual size: 69KB

.rsrc Size: 95KB - Virtual size: 94KB

.reloc Size: 12KB - Virtual size: 11KB

06ccda30750899d24ec1383d46a36e65

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

advapi32

msvcrt

kernel32

Sections

.text Size: 300KB - Virtual size: 299KB

.rdata Size: 108KB - Virtual size: 107KB

.data Size: 2KB - Virtual size: 11KB

.pdata Size: 24KB - Virtual size: 23KB

.rsrc Size: 1024B - Virtual size: 784B

29b61e5a552b3a9bc00953de1c93be41

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 151KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 17KB - Virtual size: 16KB

Headers

DLL Characteristics

File Characteristics

Sections

Size: 17.6MB - Virtual size: 18.2MB

Size: 143KB - Virtual size: 341KB

Size: 15B - Virtual size: 12B

.imports Size: 512B - Virtual size: 8KB

.rsrc Size: 342KB - Virtual size: 342KB

.themida Size: - Virtual size: 17.0MB

.boot Size: 10.1MB - Virtual size: 10.1MB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 61KB - Virtual size: 60KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 12B

4c6a425b69ad3e18ace611520e54e884

Headers

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 309KB - Virtual size: 308KB

.data
Size: 2KB - Virtual size: 35KB

.pdata
Size: 70KB - Virtual size: 69KB

.rsrc
Size: 95KB - Virtual size: 94KB

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 300KB - Virtual size: 299KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 2KB - Virtual size: 11KB

.pdata
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 1024B - Virtual size: 784B

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 151KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 17KB - Virtual size: 16KB

.imports
Size: 512B - Virtual size: 8KB

.rsrc
Size: 342KB - Virtual size: 342KB

.themida
Size: - Virtual size: 17.0MB

.boot
Size: 10.1MB - Virtual size: 10.1MB

.text
Size: 61KB - Virtual size: 60KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 12B