win32[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

win32.rar
Size

26.4MB
MD5

fcf60c01dc42e5cc5ca9f550401a2549
SHA1

62b8088e69ba094b809f99a2242b36198fb2c740
SHA256

ed38a436640986f373b49e008fb897c4339dbc894aba4026e37cf4affb9caa44
SHA512

75b9116224e82b7ac22fb21c9fc513644238c8cbf67a5f287ecc5393f1f37a659c92d4e5201efe6223c61cf298f74dd91d0b72005c378db36807f3b3a442bda8
SSDEEP

786432:yIGH/SvLqY5zQWG4MOt3+ROwhdWRpwZzYCDnJCFP/zeTnL:0SDqY5zQp4rtQ9cpCzNDnJCFzeTL

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

Processes:

resource	yara_rule
static1/unpack001/renderer_d.dll	cryptone

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/freeglut.dll
unpack001/renderer.dll
unpack001/renderer.exe
unpack001/renderer_d.dll
unpack001/renderer_d.exe

Files

win32.rar
.rar
freeglut.dll
.dll windows:5 windows x86 arch:x86

316e75cbedd944b4dfe7dfc2f8453f42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
SetEnvironmentVariableA
CompareStringW
CompareStringA
MultiByteToWideChar
GetLocaleInfoA
HeapSize
CloseHandle
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
LoadLibraryA
InterlockedDecrement
SetLastError
BuildCommDCBA
GetCommTimeouts
FlushFileBuffers
ReadFile
SetCommState
SetCommTimeouts
WriteFile
GetCommState
CreateFileA
IsValidCodePage
GetModuleHandleA
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
HeapDestroy
HeapCreate
HeapReAlloc
VirtualAlloc
VirtualFree
DeleteCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCommandLineA
GetCurrentThreadId
HeapFree
GetLastError
ExitProcess
GetProcAddress
Sleep
GetModuleHandleW
LeaveCriticalSection
RaiseException
EnterCriticalSection
HeapAlloc

user32

LoadCursorA
SetClassLongA
SetCursorPos
SetCursor
ClientToScreen
DestroyWindow
ShowCursor
SetWindowLongA
UnregisterClassA
GetWindowLongA
CreateWindowExA
ShowWindow
SetWindowTextA
UpdateWindow
AdjustWindowRect
MoveWindow
EndPaint
GetMessageA
ScreenToClient
GetWindowRect
PostQuitMessage
SetCapture
ToAscii
MsgWaitForMultipleObjects
GetKeyState
BeginPaint
TranslateMessage
GetKeyboardState
PeekMessageA
DefWindowProcA
RedrawWindow
SetWindowPos
GetCursorPos
DispatchMessageA
ReleaseCapture
LoadIconA
GetDC
ReleaseDC
GetDesktopWindow
GetClassInfoA
GetSystemMetrics
RegisterClassA
EnumDisplaySettingsA
ChangeDisplaySettingsExA
ChangeDisplaySettingsA

gdi32

SetPixelFormat
GetPixelFormat
GetDeviceCaps
SwapBuffers
ChoosePixelFormat

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA

opengl32

glScaled
glEvalMesh2
glTranslated
glRotated
glMapGrid2d
glMap2d
glEnable
wglGetCurrentDC
glDrawBuffer
glReadBuffer
wglDeleteContext
glFlush
wglGetProcAddress
glVertex2f
glPixelStorei
glEnd
glPopClientAttrib
glGetBooleanv
glGetIntegerv
glGetError
glLoadIdentity
glColor4fv
glMatrixMode
glPushAttrib
glColor4f
glDisable
glPopAttrib
glVertex2i
glOrtho
glRasterPos2i
glViewport
wglMakeCurrent
wglGetCurrentContext
wglCreateContext
glVertex3dv
glNormal3dv
glPushMatrix
glPopMatrix
glNormal3d
glVertex3d
glTranslatef
glPushClientAttrib
glBegin
glBitmap
glGetString

winmm

timeBeginPeriod
joyGetDevCapsA
joyGetPosEx
timeGetTime
timeEndPeriod

Exports

Exports

__glutCreateMenuWithExit
__glutCreateWindowWithExit
__glutInitWithExit
glutAddMenuEntry
glutAddSubMenu
glutAttachMenu
glutBitmapCharacter
glutBitmapHeight
glutBitmapLength
glutBitmapString
glutBitmapWidth
glutButtonBoxFunc
glutChangeToMenuEntry
glutChangeToSubMenu
glutCloseFunc
glutCopyColormap
glutCreateMenu
glutCreateSubWindow
glutCreateWindow
glutDestroyMenu
glutDestroyWindow
glutDetachMenu
glutDeviceGet
glutDialsFunc
glutDisplayFunc
glutEnterGameMode
glutEntryFunc
glutEstablishOverlay
glutExit
glutExtensionSupported
glutForceJoystickFunc
glutFullScreen
glutFullScreenToggle
glutGameModeGet
glutGameModeString
glutGet
glutGetColor
glutGetMenu
glutGetMenuData
glutGetModeValues
glutGetModifiers
glutGetProcAddress
glutGetWindow
glutGetWindowData
glutHideOverlay
glutHideWindow
glutIconifyWindow
glutIdleFunc
glutIgnoreKeyRepeat
glutInit
glutInitContextFlags
glutInitContextProfile
glutInitContextVersion
glutInitDisplayMode
glutInitDisplayString
glutInitWindowPosition
glutInitWindowSize
glutJoystickFunc
glutKeyboardFunc
glutKeyboardUpFunc
glutLayerGet
glutLeaveGameMode
glutLeaveMainLoop
glutMainLoop
glutMainLoopEvent
glutMenuDestroyFunc
glutMenuStateFunc
glutMenuStatusFunc
glutMotionFunc
glutMouseFunc
glutMouseWheelFunc
glutOverlayDisplayFunc
glutPassiveMotionFunc
glutPopWindow
glutPositionWindow
glutPostOverlayRedisplay
glutPostRedisplay
glutPostWindowOverlayRedisplay
glutPostWindowRedisplay
glutPushWindow
glutRemoveMenuItem
glutRemoveOverlay
glutReportErrors
glutReshapeFunc
glutReshapeWindow
glutSetColor
glutSetCursor
glutSetIconTitle
glutSetKeyRepeat
glutSetMenu
glutSetMenuData
glutSetOption
glutSetWindow
glutSetWindowData
glutSetWindowTitle
glutSetupVideoResizing
glutShowOverlay
glutShowWindow
glutSolidCone
glutSolidCube
glutSolidCylinder
glutSolidDodecahedron
glutSolidIcosahedron
glutSolidOctahedron
glutSolidRhombicDodecahedron
glutSolidSierpinskiSponge
glutSolidSphere
glutSolidTeapot
glutSolidTetrahedron
glutSolidTorus
glutSpaceballButtonFunc
glutSpaceballMotionFunc
glutSpaceballRotateFunc
glutSpecialFunc
glutSpecialUpFunc
glutStopVideoResizing
glutStrokeCharacter
glutStrokeHeight
glutStrokeLength
glutStrokeString
glutStrokeWidth
glutSwapBuffers
glutTabletButtonFunc
glutTabletMotionFunc
glutTimerFunc
glutUseLayer
glutVideoPan
glutVideoResize
glutVideoResizeGet
glutVisibilityFunc
glutWMCloseFunc
glutWarpPointer
glutWindowStatusFunc
glutWireCone
glutWireCube
glutWireCylinder
glutWireDodecahedron
glutWireIcosahedron
glutWireOctahedron
glutWireRhombicDodecahedron
glutWireSierpinskiSponge
glutWireSphere
glutWireTeapot
glutWireTetrahedron
glutWireTorus

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
renderer.dll
.dll windows:5 windows x86 arch:x86

b844bfa40321c91226f7e16830b29d15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\work\rgsc\src\dev_ng\rage\3rdparty\Berkelium\win32\renderer.pdb

Imports

user32

SetCursor
WindowFromPoint
TrackMouseEvent
ReleaseCapture
GetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetCursorPos
SetActiveWindow
GetWindowPlacement
CloseDesktop
GetUserObjectInformationW
OpenInputDesktop
GetLastInputInfo
DestroyCaret
SetCaretPos
CreateCaret
CreateWindowStationW
CreateDesktopW
GetThreadDesktop
UnregisterClassA
PostQuitMessage
CallMsgFilterW
TranslateMessage
DispatchMessageW
KillTimer
PostMessageW
WaitForInputIdle
wsprintfW
SystemParametersInfoW
GetClassNameW
GetKeyState
CharUpperW
SendMessageW
InvalidateRect
IsWindowVisible
MonitorFromPoint
GetAncestor
GetForegroundWindow
MapWindowPoints
AdjustWindowRectEx
MonitorFromRect
GetMonitorInfoW
SetWindowPos
MessageBoxW
GetWindowDC
GetWindowRect
GetWindowInfo
IsWindow
MonitorFromWindow
GetDoubleClickTime
GetSystemMetrics
LoadIconW
RegisterClassW
CreateWindowExW
UnregisterClassW
GetClientRect
DefWindowProcW
GetGuiResources
RemovePropW
GetWindowLongW
SetLayeredWindowAttributes
SetWindowLongW
GetPropW
CallWindowProcW
ValidateRect
GetParent
GetDC
CreateIconIndirect
ReleaseDC
DestroyIcon
LoadCursorW
EmptyClipboard
RegisterClipboardFormatW
IsClipboardFormatAvailable
GetClipboardData
MsgWaitForMultipleObjects
GetAsyncKeyState
GetDesktopWindow
SetScrollInfo
SetFocus
GetMenuInfo
RealChildWindowFromPoint
GetSubMenu
GetMenuState
SetParent
SendMessageCallbackW
EndDialog
GetSysColor
EnumDisplayMonitors
GetMessagePos
EnumChildWindows
IsChild
GetCursorPos
CreatePopupMenu
DestroyMenu
DrawTextExW
TrackPopupMenuEx
GetKeyboardLayoutList
RegisterWindowMessageW
SendNotifyMessageW
GetFocus
GetTopWindow
SetWindowsHookExW
CallNextHookEx
SendInput
UnhookWindowsHookEx
GetMenuItemCount
InsertMenuItemW
GetSystemMenu
GetMenuItemInfoW
SetMenuItemInfoW
GetIconInfo
EnableWindow
SetWindowRgn
FindWindowW
UpdateWindow
CopyAcceleratorTableW
FlashWindowEx
GetActiveWindow
CopyRect
UpdateLayeredWindow
IsIconic
LoadAcceleratorsW
FindWindowExW
SetForegroundWindow
GetWindowThreadProcessId
SetClipboardData
CloseClipboard
OpenClipboard
InvertRect
AllowSetForegroundWindow
SendMessageTimeoutW
EnumThreadWindows
ScrollDC
EndPaint
IsHungAppWindow
GetKeyboardState
SetCapture
RedrawWindow
AttachThreadInput
SetMenuInfo
GetWindow
GetClassLongW
MessageBeep
GetKeyboardLayout
ActivateKeyboardLayout
NotifyWinEvent
EnableMenuItem
UnionRect
MenuItemFromPoint
BeginPaint
FillRect
GetClassInfoExW
DrawEdge
GetSysColorBrush
FrameRect
InflateRect
DrawFocusRect
DrawFrameControl
CreateDialogIndirectParamW
SetDlgItemTextW
DrawIcon
DrawTextW
GetMessageTime
EnumDisplaySettingsW
DrawIconEx
GetCaretBlinkTime
RealGetWindowClassW
LoadKeyboardLayoutW
DefWindowProcA
SetWindowLongA
GetCursor
TrackPopupMenu
MessageBoxA
CharNextW
DestroyWindow
SetRectEmpty
MapVirtualKeyW
LoadImageW
GetComboBoxInfo
ScreenToClient
GetCaretPos
IntersectRect
OffsetRect
GetUpdateRect
ClientToScreen
GetWindowTextLengthW
GetWindowTextW
IsWindowEnabled
PtInRect
GetWindowRgn
EnumWindows
EndMenu
GetScrollInfo
PeekMessageW
IsZoomed
ScrollWindowEx
ShowWindow
GetUpdateRgn
MoveWindow
SetWindowTextW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
CloseWindowStation
MsgWaitForMultipleObjectsEx
WaitMessage
RegisterClassExW
SetPropW
SetTimer
GetQueueStatus
PostThreadMessageW

kernel32

RtlCaptureStackBackTrace
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetSystemDirectoryW
GetWindowsDirectoryW
RegisterWaitForSingleObject
UnregisterWaitEx
GlobalLock
GlobalUnlock
GlobalSize
FlushInstructionCache
FreeConsole
ReadConsoleW
SetConsoleTextAttribute
IsWow64Process
GetNativeSystemInfo
GetStartupInfoW
GetGeoInfoW
GetUserGeoID
GetEnvironmentVariableW
MulDiv
GetShortPathNameW
TerminateThread
OpenThread
FindCloseChangeNotification
FindFirstChangeNotificationW
lstrlenA
SetThreadExecutionState
DeviceIoControl
DefineDosDeviceW
SetErrorMode
ResumeThread
OpenEventW
SetInformationJobObject
TerminateJobObject
WriteProcessMemory
GetThreadContext
AssignProcessToJobObject
CreateJobObjectW
VirtualFreeEx
VirtualAllocEx
VirtualProtectEx
SearchPathW
DebugBreak
ReadProcessMemory
SuspendThread
SignalObjectAndWait
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
QueueUserWorkItem
GetFileInformationByHandle
SetFileTime
ExpandEnvironmentStringsW
OpenFileMappingW
WaitForMultipleObjects
CreateEventW
SetEvent
ResetEvent
GetUserDefaultLangID
GetFileSize
GetTempFileNameW
GetLongPathNameW
GetLogicalDriveStringsW
QueryDosDeviceW
GetCurrentDirectoryW
GetTempPathW
FindFirstFileW
FindNextFileW
GetFullPathNameW
CreateDirectoryW
RemoveDirectoryW
SetCurrentDirectoryW
GetFileAttributesExW
GetFileAttributesW
CopyFileW
ReplaceFileW
MoveFileExW
CompareFileTime
GetFileTime
FileTimeToLocalFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
QueryPerformanceFrequency
FormatMessageW
GetCommandLineW
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
InitializeCriticalSection
LoadLibraryW
SizeofResource
LeaveCriticalSection
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
RaiseException
GetLastError
GetProcAddress
EnterCriticalSection
lstrcmpiW
MoveFileW
SetFileAttributesA
ExitThread
HeapSetInformation
FreeLibrary
FindResourceW
InterlockedExchange
InterlockedCompareExchange
DeleteCriticalSection
GetCurrentThreadId
GetTickCount
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
ExitProcess
GetCommandLineA
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetProcessTimes
GetProcessId
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
LocalAlloc
GetLocalTime
SetEnvironmentVariableW
GlobalMemoryStatus
GetLogicalDrives
GetComputerNameA
GetVolumeInformationA
Process32FirstW
Process32NextW
SetPriorityClass
VirtualQueryEx
GetProcessIoCounters
GetExitCodeProcess
OpenProcess
AllocConsole
FormatMessageA
OutputDebugStringA
CreateMutexW
CreateProcessW
DeleteFileW
ReleaseMutex
WaitForSingleObject
CreateThread
TryEnterCriticalSection
GetCurrencyFormatW
GetNumberFormatW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetSystemPowerStatus
LockResource
GetDateFormatW
GetTimeFormatW
GetModuleHandleExW
GetFileSizeEx
SetFilePointerEx
GetSystemDirectoryA
ReadFile
CreateNamedPipeW
LocalFree
CreateFileW
CancelIo
ConnectNamedPipe
InterlockedExchangeAdd
SetEndOfFile
Module32First
Module32Next
CreateToolhelp32Snapshot
GetVersionExW
FindFirstFileA
FindClose
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualFree
GetEnvironmentVariableA
GetModuleHandleA
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapCreate
DuplicateHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CloseHandle
CreateFileA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
CreateDirectoryA
CreateFileMappingA
GetVersionExA
CreateProcessA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetFileAttributesA
UnlockFile
LockFileEx
LockFile
AreFileApisANSI
GetPrivateProfileStringW
RtlCaptureContext
CreateSemaphoreA
IsBadWritePtr
GetThreadTimes
GlobalAlloc
GlobalFree
lstrcmpiA
SetFileAttributesW
GetThreadLocale
GetComputerNameW
GetVolumeInformationW
GetTempPathA
GetTempFileNameA
GetDriveTypeW
GlobalDeleteAtom
GlobalAddAtomW
GlobalGetAtomNameW
GetNamedPipeHandleStateW
SetNamedPipeHandleState
DisconnectNamedPipe
PeekNamedPipe
GetSystemTime
ReleaseSemaphore
CreateSemaphoreW
MapViewOfFileEx
VirtualProtect
SwitchToThread
SetThreadPriority
GetFullPathNameA
GetDriveTypeA
GetCurrentDirectoryA
DeleteFileA
IsProcessorFeaturePresent
GetProcessHeap
LoadResource

advapi32

RegCreateKeyExW
IsValidSid
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExA
RegQueryValueExA
CreateProcessAsUserW
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
SetSecurityInfo
SetEntriesInAclW
CreateWellKnownSid
GetSecurityInfo
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW
RegQueryValueExW
RegNotifyChangeKeyValue
SetThreadToken
GetSecurityDescriptorSacl
SetTokenInformation
GetLengthSid
ConvertStringSidToSidW
TraceEvent
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
CryptDecrypt
CryptDuplicateKey
CryptSetKeyParam
CryptEncrypt
CryptGetKeyParam
CryptDuplicateHash
CryptSignHashW
CryptExportKey
CryptVerifySignatureW
CryptCreateHash
CryptSetHashParam
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
CryptImportKey
InitializeAcl
AddAccessAllowedAce
CryptGenKey
CryptDestroyKey
CryptReleaseContext
GetUserNameW
LookupAccountSidW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
LookupAccountNameW
RegEnumValueA
RegDisablePredefinedCache
RevertToSelf
CreateRestrictedToken
DuplicateTokenEx
DuplicateToken
EqualSid
LookupPrivilegeValueW
CopySid
RegQueryInfoKeyW

shell32

Shell_NotifyIconW
SHBrowseForFolderW
SHGetFileInfoW
SHGetSpecialFolderPathW
ord680
DragFinish
SHChangeNotify
SHGetDesktopFolder
ShellExecuteA
DragQueryFileW
SHGetPathFromIDListW
SHGetFolderPathW
SHFileOperationW
CommandLineToArgvW
ShellExecuteW
SHAppBarMessage
ShellExecuteExW

ole32

OleDuplicateData
ReleaseStgMedium
CoDisconnectObject
RegisterDragDrop
CLSIDFromString
DoDragDrop
RevokeDragDrop
OleInitialize
OleUninitialize
CoCreateGuid
StringFromGUID2
GetHGlobalFromStream
CreateStreamOnHGlobal
PropVariantClear
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance

oleaut32

SysFreeString
VariantInit
SystemTimeToVariantTime
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysStringLen
SafeArrayGetLBound
VariantClear
SafeArrayCreate
SafeArrayGetVartype
SafeArrayRedim
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
VarUI4FromStr
SafeArrayGetUBound

shlwapi

PathRemoveExtensionW
SHDeleteKeyW
SHStrDupW
SHGetValueA
PathFindFileNameW
PathGetCharTypeW
SHDeleteEmptyKeyW
UrlCreateFromPathA
PathIsUNCA
PathFileExistsA
UrlCreateFromPathW
PathIsUNCW
PathFindExtensionW
PathFileExistsW

comctl32

ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon

userenv

RegisterGPNotification

rpcrt4

UuidToStringW
UuidCreateSequential
RpcStringFreeW
UuidCreate

oleacc

LresultFromObject
ObjectFromLresult
AccessibleObjectFromWindow
CreateStdAccessibleObject

riched20

ord4

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

QueryWorkingSet
GetMappedFileNameW
GetModuleFileNameExW
GetProcessMemoryInfo

winmm

waveOutUnprepareHeader
waveOutWrite
waveOutOpen
waveOutRestart
waveOutPause
waveOutReset
waveOutClose
waveInPrepareHeader
waveOutPrepareHeader
waveInAddBuffer
waveInOpen
waveInStart
waveInReset
timeGetTime
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
waveOutGetNumDevs
waveInUnprepareHeader
waveInGetNumDevs
waveInClose

gdi32

GetFontData
GetCurrentObject
StartDocW
SaveDC
GetDeviceCaps
RestoreDC
EndDoc
GetWorldTransform
EnumEnhMetaFile
ModifyWorldTransform
PtInRegion
EndPage
PlayEnhMetaFile
GdiComment
GetEnhMetaFileBits
GetEnhMetaFileHeader
DeleteEnhMetaFile
CloseEnhMetaFile
GetEnhMetaFileW
CreateEnhMetaFileW
SetEnhMetaFileBits
PlayEnhMetaFileRecord
ExtEscape
CreateFontW
GetTextFaceW
PatBlt
CreateDCW
StretchDIBits
SwapBuffers
ChoosePixelFormat
SetPixelFormat
SetRectRgn
CombineRgn
GdiFlush
BitBlt
GdiAlphaBlend
GetObjectW
AddFontMemResourceEx
GetOutlineTextMetricsW
CreateFontIndirectW
CreateRectRgn
CreateRectRgnIndirect
PathToRegion
SelectClipRgn
SetPolyFillMode
BeginPath
PolyBezier
AbortPath
EndPath
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetBrushOrgEx
SetArcDirection
SetBkColor
SetTextColor
SetDCBrushColor
SetDCPenColor
SetROP2
CreateCompatibleDC
CreateDIBSection
SetDIBits
SelectObject
SetBkMode
CreateBitmap
DeleteObject
DeleteDC
Rectangle
GetStockObject
ExtTextOutW
LineTo
MoveToEx
CreatePen
CreateCompatibleBitmap
GetTextMetricsW
SetICMMode
EnumFontFamiliesExW
GetRegionData
GetGlyphOutlineW
CreatePolygonRgn
RemoveFontMemResourceEx
GetFontUnicodeRanges
GetTextColor
GetGlyphIndicesW
GetCharWidthI
LPtoDP
GetTextExtentPoint32W
CreateSolidBrush
GetClipBox
SetMiterLimit
ExtCreatePen
GetStretchBltMode
StrokePath
StrokeAndFillPath
StretchBlt
SetMapMode
GetBkColor
ExcludeClipRect
GetRgnBox
EqualRgn
SetLayout
SetViewportOrgEx
CancelDC
SetAbortProc
TextOutW
IntersectClipRect
StartPage
CreateDCA

usp10

ScriptGetFontProperties
ScriptFreeCache
ScriptCPtoX
ScriptXtoCP
ScriptTextOut
ScriptItemize
ScriptJustify
ScriptShape
ScriptPlace

secur32

FreeCredentialsHandle
DeleteSecurityContext
CompleteAuthToken
AcquireCredentialsHandleA
InitializeSecurityContextA
QueryContextAttributesW
FreeContextBuffer
AcquireCredentialsHandleW
EncryptMessage
InitializeSecurityContextW
DecryptMessage
QuerySecurityPackageInfoW
ApplyControlToken

Exports

Exports

??0Context@Berkelium@@IAE@XZ
??0Context@Berkelium@@QAE@ABV01@@Z
??0Cursor@Berkelium@@AAE@QAUHICON__@@@Z
??0Cursor@Berkelium@@AAE@XZ
??0ErrorDelegate@Berkelium@@QAE@ABV01@@Z
??0ErrorDelegate@Berkelium@@QAE@XZ
??0ResourceInterceptor@Berkelium@@QAE@ABV01@@Z
??0ResourceInterceptor@Berkelium@@QAE@XZ
??0ResourceRequestJob@Berkelium@@QAE@ABV01@@Z
??0ResourceRequestJob@Berkelium@@QAE@XZ
??0Variant@Script@Berkelium@@AAE@U?$WeakString@_W@2@W4Type@012@@Z
??0Variant@Script@Berkelium@@AAE@W4Type@012@@Z
??0Variant@Script@Berkelium@@QAE@ABV012@@Z
??0Variant@Script@Berkelium@@QAE@H@Z
??0Variant@Script@Berkelium@@QAE@N@Z
??0Variant@Script@Berkelium@@QAE@PBD@Z
??0Variant@Script@Berkelium@@QAE@PB_W@Z
??0Variant@Script@Berkelium@@QAE@U?$WeakString@_W@2@@Z
??0Variant@Script@Berkelium@@QAE@XZ
??0Variant@Script@Berkelium@@QAE@_N@Z
??0Widget@Berkelium@@QAE@ABV01@@Z
??0Widget@Berkelium@@QAE@XZ
??0Window@Berkelium@@IAE@PBVContext@1@@Z
??0Window@Berkelium@@IAE@XZ
??0Window@Berkelium@@QAE@ABV01@@Z
??0WindowDelegate@Berkelium@@QAE@ABV01@@Z
??0WindowDelegate@Berkelium@@QAE@XZ
??1Context@Berkelium@@UAE@XZ
??1ErrorDelegate@Berkelium@@UAE@XZ
??1ResourceInterceptor@Berkelium@@UAE@XZ
??1ResourceRequestJob@Berkelium@@UAE@XZ
??1Variant@Script@Berkelium@@QAE@XZ
??1Widget@Berkelium@@UAE@XZ
??1Window@Berkelium@@UAE@XZ
??1WindowDelegate@Berkelium@@UAE@XZ
??4Context@Berkelium@@QAEAAV01@ABV01@@Z
??4Cursor@Berkelium@@QAEAAV01@ABV01@@Z
??4ErrorDelegate@Berkelium@@QAEAAV01@ABV01@@Z
??4ResourceInterceptor@Berkelium@@QAEAAV01@ABV01@@Z
??4ResourceRequestJob@Berkelium@@QAEAAV01@ABV01@@Z
??4Variant@Script@Berkelium@@QAEAAV012@ABV012@@Z
??4Widget@Berkelium@@QAEAAV01@ABV01@@Z
??4Window@Berkelium@@QAEAAV01@ABV01@@Z
??4WindowDelegate@Berkelium@@QAEAAV01@ABV01@@Z
??_7Context@Berkelium@@6B@
??_7ErrorDelegate@Berkelium@@6B@
??_7ResourceInterceptor@Berkelium@@6B@
??_7ResourceRequestJob@Berkelium@@6B@
??_7Widget@Berkelium@@6B@
??_7Window@Berkelium@@6B@
??_7WindowDelegate@Berkelium@@6B@
?GetCursor@Cursor@Berkelium@@QBEPAUHICON__@@XZ
?HandleAssert@ErrorDelegate@Berkelium@@UAEXPBD@Z
?HandleError@ErrorDelegate@Berkelium@@UAEXPBD@Z
?HandleMessage@ErrorDelegate@Berkelium@@UAE_NHPBD@Z
?UTF16ToUTF8@Berkelium@@YA?AU?$WeakString@D@1@ABU?$WeakString@G@1@@Z
?UTF16ToWide@Berkelium@@YA?AU?$WeakString@_W@1@ABU?$WeakString@G@1@@Z
?UTF8ToUTF16@Berkelium@@YA?AU?$WeakString@G@1@ABU?$WeakString@D@1@@Z
?UTF8ToWide@Berkelium@@YA?AU?$WeakString@_W@1@ABU?$WeakString@D@1@@Z
?WideToUTF16@Berkelium@@YA?AU?$WeakString@G@1@ABU?$WeakString@_W@1@@Z
?WideToUTF8@Berkelium@@YA?AU?$WeakString@D@1@ABU?$WeakString@_W@1@@Z
?appendWidget@Window@Berkelium@@IAEXPAVWidget@2@@Z
?backEnd@Window@Berkelium@@QBE?AV?$_Vector_const_iterator@PAVWidget@Berkelium@@V?$allocator@PAVWidget@Berkelium@@@std@@@std@@XZ
?backIter@Window@Berkelium@@QBE?AV?$_Vector_const_iterator@PAVWidget@Berkelium@@V?$allocator@PAVWidget@Berkelium@@@std@@@std@@XZ
?bindFunction@Variant@Script@Berkelium@@SA?AV123@U?$WeakString@_W@3@_N@Z
?create@Context@Berkelium@@SAPAV12@XZ
?create@Window@Berkelium@@SAPAV12@PBVContext@2@@Z
?destroy@Berkelium@@YAXXZ
?destroy@Context@Berkelium@@QAEXXZ
?destroy@Variant@Script@Berkelium@@QAEXXZ
?destroy@Widget@Berkelium@@QAEXXZ
?destroy@Window@Berkelium@@QAEXXZ
?emptyArray@Variant@Script@Berkelium@@SA?AV123@XZ
?emptyObject@Variant@Script@Berkelium@@SA?AV123@XZ
?forkedProcessHook@Berkelium@@YAXP6APAVBrokerServices@sandbox@@XZP6APAVTargetServices@3@XZP6A_NW4DepEnforcement@3@@Z@Z
?freeLastScriptAlert@WindowDelegate@Berkelium@@UAEXU?$WeakString@_W@2@@Z
?fromJSON@Script@Berkelium@@YA_NU?$WeakString@_W@2@AAVVariant@12@@Z
?frontEnd@Window@Berkelium@@QBE?AV?$reverse_iterator@V?$_Vector_const_iterator@PAVWidget@Berkelium@@V?$allocator@PAVWidget@Berkelium@@@std@@@std@@@std@@XZ
?frontIter@Window@Berkelium@@QBE?AV?$reverse_iterator@V?$_Vector_const_iterator@PAVWidget@Berkelium@@V?$allocator@PAVWidget@Berkelium@@@std@@@std@@@std@@XZ
?getContext@Window@Berkelium@@QBEPAVContext@2@XZ
?getWidgetAtPoint@Window@Berkelium@@QBEPAVWidget@2@HH_N@Z
?hasString@Variant@Script@Berkelium@@AAE_NXZ
?init@Berkelium@@YA_NU?$WeakString@_W@1@PAVErrorDelegate@1@_NPBD@Z
?initbool@Variant@Script@Berkelium@@QAEX_N@Z
?initdbl@Variant@Script@Berkelium@@QAEXN@Z
?initint@Variant@Script@Berkelium@@QAEXH@Z
?initmb@Variant@Script@Berkelium@@QAEXPBDI@Z
?initnull@Variant@Script@Berkelium@@QAEXW4Type@123@@Z
?initvariant@Variant@Script@Berkelium@@QAEXABV123@@Z
?initwc@Variant@Script@Berkelium@@QAEXPB_WI@Z
?navigateTo@Window@Berkelium@@QAE_NPBDI@Z
?onAddressBarChanged@WindowDelegate@Berkelium@@UAEXPAVWindow@2@U?$WeakString@D@2@@Z
?onConsoleMessage@WindowDelegate@Berkelium@@UAEXPAVWindow@2@U?$WeakString@_W@2@1H@Z
?onCrashed@WindowDelegate@Berkelium@@UAEXPAVWindow@2@@Z
?onCrashedPlugin@WindowDelegate@Berkelium@@UAEXPAVWindow@2@U?$WeakString@_W@2@@Z
?onCrashedWorker@WindowDelegate@Berkelium@@UAEXPAVWindow@2@@Z
?onCreatedWindow@WindowDelegate@Berkelium@@UAEXPAVWindow@2@0ABURect@2@@Z
?onCursorUpdated@WindowDelegate@Berkelium@@UAEXPAVWindow@2@ABVCursor@2@@Z
?onExternalHost@WindowDelegate@Berkelium@@UAEXPAVWindow@2@U?$WeakString@_W@2@U?$WeakString@D@2@2@Z
?onJavascriptCallback@WindowDelegate@Berkelium@@UAEXPAVWindow@2@PAXU?$WeakString@D@2@U?$WeakString@_W@2@PAVVariant@Script@2@I@Z
?onLoad@WindowDelegate@Berkelium@@UAEXPAVWindow@2@@Z
?onLoadingStateChanged@WindowDelegate@Berkelium@@UAEXPAVWindow@2@_N@Z
?onNavigationRequested@WindowDelegate@Berkelium@@UAEXPAVWindow@2@U?$WeakString@D@2@1_NAA_N@Z
?onPaint@WindowDelegate@Berkelium@@UAEXPAVWindow@2@PBEABURect@2@IPBU42@HH2@Z
?onProvisionalLoadError@WindowDelegate@Berkelium@@UAEXPAVWindow@2@U?$WeakString@D@2@H_N@Z
?onResponsive@WindowDelegate@Berkelium@@UAEXPAVWindow@2@@Z
?onRunFileChooser@WindowDelegate@Berkelium@@UAEXPAVWindow@2@HU?$WeakString@_W@2@1@Z
?onScriptAlert@WindowDelegate@Berkelium@@UAEXPAVWindow@2@U?$WeakString@_W@2@1U?$WeakString@D@2@HAA_NAAU42@@Z
?onShowContextMenu@WindowDelegate@Berkelium@@UAEXPAVWindow@2@ABUContextMenuEventArgs@2@@Z
?onStartLoading@WindowDelegate@Berkelium@@UAEXPAVWindow@2@U?$WeakString@D@2@@Z
?onTitleChanged@WindowDelegate@Berkelium@@UAEXPAVWindow@2@U?$WeakString@_W@2@@Z
?onTooltipChanged@WindowDelegate@Berkelium@@UAEXPAVWindow@2@U?$WeakString@_W@2@@Z
?onUnresponsive@WindowDelegate@Berkelium@@UAEXPAVWindow@2@@Z
?onWidgetCreated@WindowDelegate@Berkelium@@UAEXPAVWindow@2@PAVWidget@2@H@Z
?onWidgetDestroyed@WindowDelegate@Berkelium@@UAEXPAVWindow@2@PAVWidget@2@@Z
?onWidgetMove@WindowDelegate@Berkelium@@UAEXPAVWindow@2@PAVWidget@2@HH@Z
?onWidgetPaint@WindowDelegate@Berkelium@@UAEXPAVWindow@2@PAVWidget@2@PBEABURect@2@IPBU52@HH3@Z
?onWidgetResize@WindowDelegate@Berkelium@@UAEXPAVWindow@2@PAVWidget@2@HH@Z
?removeWidget@Window@Berkelium@@IAEXPAVWidget@2@@Z
?setDelegate@Window@Berkelium@@QAEXPAVWindowDelegate@2@@Z
?setErrorHandler@Berkelium@@YAXPAVErrorDelegate@1@@Z
?stringUtil_free@Berkelium@@YAXU?$WeakString@D@1@@Z
?stringUtil_free@Berkelium@@YAXU?$WeakString@G@1@@Z
?stringUtil_free@Berkelium@@YAXU?$WeakString@_W@1@@Z
?toBoolean@Variant@Script@Berkelium@@QBE_NXZ
?toDouble@Variant@Script@Berkelium@@QBENXZ
?toFunctionName@Variant@Script@Berkelium@@QBE?AU?$WeakString@_W@3@XZ
?toInteger@Variant@Script@Berkelium@@QBEHXZ
?toJSON@Script@Berkelium@@YA?AU?$WeakString@_W@2@ABVVariant@12@@Z
?toJSON_free@Script@Berkelium@@YAXU?$WeakString@_W@2@@Z
?toString@Variant@Script@Berkelium@@QBE?AU?$WeakString@_W@3@XZ
?type@Variant@Script@Berkelium@@QBE?AW4Type@123@XZ
?update@Berkelium@@YAXXZ
RelaunchChromeBrowserWithNewCommandLineIfNeeded
_DelayedLowerToken@4
_TargetCreateEventW@20
_TargetCreateNamedPipeW@36
_TargetCreateProcessA@44
_TargetCreateProcessW@44
_TargetNtCreateFile@48
_TargetNtCreateKey@32
_TargetNtMapViewOfSection@44
_TargetNtOpenFile@28
_TargetNtOpenKey@16
_TargetNtOpenKeyEx@20
_TargetNtOpenProcess@20
_TargetNtOpenProcessToken@16
_TargetNtOpenProcessTokenEx@20
_TargetNtOpenThread@20
_TargetNtOpenThreadToken@20
_TargetNtOpenThreadTokenEx@24
_TargetNtQueryAttributesFile@12
_TargetNtQueryFullAttributesFile@12
_TargetNtSetInformationFile@24
_TargetNtSetInformationThread@20
_TargetNtUnmapViewOfSection@12
_TargetOpenEventW@16
g_interceptions
g_nt
g_originals
g_shared_IPC_size
g_shared_delayed_integrity_level
g_shared_policy_size
g_shared_section

Sections

.text
Size: 19.2MB - Virtual size: 19.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 234KB - Virtual size: 861KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 33B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.unwante
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
renderer.exe
.exe windows:5 windows x86 arch:x86

68802fa5d3e24fc1af91e2038218d38e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\work\rgsc\src\dev_ng\rage\3rdparty\Berkelium\win32\renderer_exe.pdb

Imports

renderer

?forkedProcessHook@Berkelium@@YAXP6APAVBrokerServices@sandbox@@XZP6APAVTargetServices@3@XZP6A_NW4DepEnforcement@3@@Z@Z

kernel32

WriteProcessMemory
MapViewOfFile
CreateFileMappingW
GetExitCodeProcess
GetThreadContext
AssignProcessToJobObject
InterlockedIncrement
InterlockedDecrement
UnregisterWaitEx
RegisterWaitForSingleObject
GetVersionExW
CreateJobObjectW
CreateMutexW
GetCurrentProcessId
VirtualFreeEx
VirtualAllocEx
VirtualProtectEx
CreateNamedPipeW
CreateProcessW
OpenEventW
SearchPathW
DebugBreak
lstrlenW
WideCharToMultiByte
VirtualQuery
GetCurrentDirectoryW
ReadProcessMemory
SuspendThread
GetModuleFileNameW
GetLongPathNameW
GetFileAttributesW
CreateFileW
QueryDosDeviceW
ReleaseMutex
DeleteFileW
SetFilePointer
WriteFile
LoadLibraryW
FormatMessageA
GetModuleHandleA
Sleep
RaiseException
IsDebuggerPresent
FormatMessageW
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
RtlCaptureStackBackTrace
GetCurrentThread
GetCommandLineW
ExpandEnvironmentStringsW
CompareStringA
CreateFileA
GetLocaleInfoW
ReadFile
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeA
GetLocaleInfoA
LoadLibraryA
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
SetConsoleCtrlHandler
IsValidCodePage
GetOEMCP
GetACP
VirtualAlloc
SetEnvironmentVariableA
FreeLibrary
SignalObjectAndWait
InterlockedExchange
InterlockedCompareExchange
ResumeThread
LocalFree
PostQueuedCompletionStatus
DeleteCriticalSection
CreateIoCompletionPort
CreateEventW
CreateThread
GetCurrentThreadId
DuplicateHandle
ResetEvent
GetQueuedCompletionStatus
SetEvent
TerminateJobObject
CloseHandle
InitializeCriticalSection
GetLastError
SetLastError
WaitForSingleObject
SetInformationJobObject
LeaveCriticalSection
EnterCriticalSection
GetTickCount
TerminateProcess
GetModuleHandleW
GetProcAddress
GetCurrentProcess
CompareStringW
OutputDebugStringA
FatalAppExitA
HeapSize
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
ExitProcess
HeapAlloc
HeapReAlloc
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA

user32

CreateDesktopW
UserHandleGrantAccess
CreateWindowStationW
GetProcessWindowStation
GetThreadDesktop
SetProcessWindowStation
GetDesktopWindow
CloseWindowStation
GetUserObjectInformationW
GetClassNameW
CharUpperW
WaitForInputIdle
wsprintfW
SystemParametersInfoW
MessageBoxW
GetKeyState
GetPropW
RemovePropW
SetPropW
GetWindowLongW
SetWindowLongW
CloseDesktop

advapi32

RegCloseKey
RegDeleteValueW
RegSetValueExW
RegNotifyChangeKeyValue
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegQueryValueExW
ConvertSidToStringSidW
RegCreateKeyExW
SetEntriesInAclW
GetSecurityInfo
CreateWellKnownSid
CopySid
LookupPrivilegeValueW
GetTokenInformation
EqualSid
DuplicateToken
DuplicateTokenEx
CreateRestrictedToken
CreateProcessAsUserW
SetThreadToken
OpenProcessToken
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityInfo
RevertToSelf
RegDisablePredefinedCache
RegOpenKeyExW

shell32

CommandLineToArgvW

ole32

PropVariantClear

shlwapi

SHDeleteKeyW
SHStrDupW

dbghelp

StackWalk64
SymGetModuleBase64
SymFunctionTableAccess64
SymGetLineFromAddr64
SymFromAddr
SymInitialize
SymSetOptions

Exports

Exports

_TargetCreateEventW@20
_TargetCreateNamedPipeW@36
_TargetCreateProcessA@44
_TargetCreateProcessW@44
_TargetNtCreateFile@48
_TargetNtCreateKey@32
_TargetNtMapViewOfSection@44
_TargetNtOpenFile@28
_TargetNtOpenKey@16
_TargetNtOpenKeyEx@20
_TargetNtOpenProcess@20
_TargetNtOpenProcessToken@16
_TargetNtOpenProcessTokenEx@20
_TargetNtOpenThread@20
_TargetNtOpenThreadToken@20
_TargetNtOpenThreadTokenEx@24
_TargetNtQueryAttributesFile@12
_TargetNtQueryFullAttributesFile@12
_TargetNtSetInformationFile@24
_TargetNtSetInformationThread@20
_TargetNtUnmapViewOfSection@12
_TargetOpenEventW@16
g_interceptions
g_nt
g_originals
g_shared_IPC_size
g_shared_delayed_integrity_level
g_shared_policy_size
g_shared_section

Sections

.text
Size: 448KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
renderer_d.dll
.dll windows:5 windows x86 arch:x86

eafe278c562adaa5fe86727e35ffa4ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\work\rgsc\src\dev_ng\rage\3rdparty\Berkelium\win32\renderer_d.pdb

Imports

user32

RedrawWindow
GetKeyboardLayoutList
GetKeyboardState
RealChildWindowFromPoint
TrackMouseEvent
ReleaseCapture
GetCapture
SetCapture
AttachThreadInput
SetMenuInfo
GetLastInputInfo
CloseDesktop
GetUserObjectInformationW
OpenInputDesktop
CreateCaret
DestroyCaret
SetCaretPos
UserHandleGrantAccess
CreateWindowStationW
CreateDesktopW
GetThreadDesktop
UnregisterClassA
DispatchMessageA
GetMessageA
GetMessageW
IsWindowUnicode
PeekMessageA
MsgWaitForMultipleObjectsEx
GetQueueStatus
WaitMessage
RegisterClassExW
KillTimer
SetTimer
PostMessageW
WaitForInputIdle
GetClassNameW
GetKeyState
wsprintfW
SystemParametersInfoW
CharUpperW
SendMessageW
InvalidateRect
LoadIconW
RegisterClassW
CreateWindowExW
DefWindowProcW
MessageBoxW
GetWindowDC
GetClientRect
IsWindowVisible
MonitorFromPoint
GetAncestor
GetForegroundWindow
IsWindow
MonitorFromWindow
MapWindowPoints
GetWindowInfo
AdjustWindowRectEx
MonitorFromRect
GetMonitorInfoW
SetWindowPos
GetWindowRect
GetDoubleClickTime
GetSystemMetrics
GetGuiResources
MsgWaitForMultipleObjects
GetWindowLongW
SetPropW
SetWindowLongW
GetPropW
ValidateRect
CallWindowProcW
GetParent
DestroyIcon
LoadCursorW
GetDC
CreateIconIndirect
ReleaseDC
SetClipboardData
RegisterClipboardFormatW
IsClipboardFormatAvailable
GetClipboardData
GetAsyncKeyState
SetScrollInfo
SetFocus
GetDesktopWindow
SetParent
IsIconic
EnableMenuItem
RegisterWindowMessageW
CopyRect
MessageBeep
EnumDisplayMonitors
GetTopWindow
SendInput
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetSysColor
GetMessagePos
GetActiveWindow
DestroyMenu
TrackPopupMenuEx
EndMenu
SendNotifyMessageW
WindowFromPoint
SetCursor
GetFocus
GetMenuItemCount
InsertMenuItemW
GetSystemMenu
GetMenuItemInfoW
SetMenuItemInfoW
IsChild
EnumChildWindows
EndDialog
SendMessageCallbackW
GetIconInfo
GetCursorPos
EnableWindow
SetWindowRgn
FindWindowW
UpdateWindow
LoadAcceleratorsW
CopyAcceleratorTableW
FlashWindowEx
GetSubMenu
GetMenuState
CreatePopupMenu
GetMenuInfo
DrawTextExW
UpdateLayeredWindow
CreateDialogParamW
GetDlgItem
SetForegroundWindow
GetWindowThreadProcessId
CloseClipboard
OpenClipboard
EmptyClipboard
InvertRect
DrawEdge
GetSysColorBrush
FrameRect
InflateRect
DrawFrameControl
AllowSetForegroundWindow
SendMessageTimeoutW
EnumThreadWindows
FindWindowExW
ScrollDC
GetClassInfoExW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsHungAppWindow
GetWindow
GetClassLongW
IsWindowEnabled
ClientToScreen
OffsetRect
IntersectRect
GetKeyboardLayout
ActivateKeyboardLayout
SetRectEmpty
MenuItemFromPoint
MapVirtualKeyW
FillRect
EndPaint
BeginPaint
DrawFocusRect
SetDlgItemTextW
CreateDialogIndirectParamW
DrawIcon
DrawTextW
GetMessageTime
EnumDisplaySettingsW
DrawIconEx
GetCaretBlinkTime
GetCursor
TrackPopupMenu
LoadKeyboardLayoutW
RealGetWindowClassW
DefWindowProcA
SetWindowLongA
MessageBoxA
UnregisterClassW
DestroyWindow
CharNextW
LoadImageW
GetComboBoxInfo
GetScrollInfo
PostThreadMessageW
GetUpdateRect
GetCaretPos
GetUpdateRgn
MoveWindow
NotifyWinEvent
ScreenToClient
GetWindowTextLengthW
GetWindowTextW
GetWindowPlacement
SetActiveWindow
SetCursorPos
IsZoomed
PtInRect
GetWindowRgn
EnumWindows
UnionRect
SetLayeredWindowAttributes
ScrollWindowEx
ShowWindow
SetWindowTextW
EnumDisplayDevicesW
GetProcessWindowStation
OpenWindowStationW
SetProcessWindowStation
DispatchMessageW
PostQuitMessage
CallMsgFilterW
RemovePropW
TranslateMessage
CloseWindowStation
PeekMessageW

kernel32

QueueUserWorkItem
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
GetSystemDirectoryW
GetWindowsDirectoryW
RegisterWaitForSingleObject
UnregisterWaitEx
GlobalLock
GlobalUnlock
GlobalSize
FlushInstructionCache
ReadConsoleW
SetConsoleTextAttribute
FreeConsole
IsWow64Process
GetNativeSystemInfo
GetStartupInfoW
GetGeoInfoW
GetUserGeoID
GetEnvironmentVariableW
GetShortPathNameW
MulDiv
TerminateThread
OpenThread
FindCloseChangeNotification
FindFirstChangeNotificationW
SetThreadExecutionState
DefineDosDeviceW
DeviceIoControl
SetErrorMode
ResumeThread
OpenEventW
SetInformationJobObject
TerminateJobObject
GetThreadContext
AssignProcessToJobObject
WriteProcessMemory
SearchPathW
CreateJobObjectW
VirtualFreeEx
VirtualAllocEx
VirtualProtectEx
SignalObjectAndWait
ReadProcessMemory
SuspendThread
RtlCaptureStackBackTrace
GetFileInformationByHandle
SetFileTime
ExpandEnvironmentStringsW
OpenFileMappingW
WaitForMultipleObjects
SetEvent
ResetEvent
CreateEventW
GetUserDefaultLangID
GetFileSize
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFileAttributesExW
CreateDirectoryW
GetTempFileNameW
GetLongPathNameW
GetTempPathW
GetFileTime
GetFileAttributesW
CopyFileW
ReplaceFileW
MoveFileExW
RemoveDirectoryW
FindFirstFileW
CompareFileTime
FindNextFileW
GetFullPathNameW
GetLogicalDriveStringsW
QueryDosDeviceW
QueryPerformanceFrequency
FileTimeToLocalFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
SetPriorityClass
GetProcessHeaps
GetProcessIoCounters
GetProcessTimes
VirtualQueryEx
Process32FirstW
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
lstrlenW
GetLastError
InitializeCriticalSection
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
DeleteCriticalSection
GetCurrentThreadId
HeapSetInformation
GetModuleHandleW
GetProcAddress
MoveFileW
GetThreadSelectorEntry
SetFileAttributesA
ExitThread
LoadLibraryW
InterlockedExchange
InterlockedCompareExchange
FindResourceW
LoadLibraryExW
lstrcmpiW
GetTickCount
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
ExitProcess
WriteConsoleW
GetFileType
GetStdHandle
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
WriteFile
GetModuleFileNameA
FatalAppExitA
SetConsoleCtrlHandler
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
SetHandleCount
GetStartupInfoA
Process32NextW
GetExitCodeProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
DebugBreak
lstrlenA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoW
LocalAlloc
GetLocalTime
SetEnvironmentVariableW
GetPriorityClass
GlobalMemoryStatus
GetLogicalDrives
GetComputerNameA
GetVolumeInformationA
GetProcessAffinityMask
SetThreadAffinityMask
RemoveDirectoryA
CreatePipe
SetHandleInformation
GetProcessId
OpenProcess
AttachConsole
AllocConsole
FormatMessageW
GetCommandLineW
TryEnterCriticalSection
CreateThread
FormatMessageA
OutputDebugStringA
CreateProcessW
ReleaseMutex
WaitForSingleObject
CreateMutexW
DeleteFileW
GetCurrencyFormatW
GetNumberFormatW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetSystemPowerStatus
LockResource
GetModuleHandleExW
GetDateFormatW
GetTimeFormatW
GetHandleInformation
GetFileSizeEx
SetFilePointerEx
GetSystemDirectoryA
ReadFile
ConnectNamedPipe
CreateNamedPipeW
LocalFree
CreateFileW
CancelIo
InterlockedExchangeAdd
SetEndOfFile
Module32First
Module32Next
CreateToolhelp32Snapshot
GetVersionExW
GetEnvironmentVariableA
FindFirstFileA
FindNextFileA
FindClose
VirtualFree
VirtualAlloc
GetSystemInfo
HeapSize
HeapReAlloc
HeapCreate
DuplicateHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
CloseHandle
CreateFileA
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
VirtualQuery
GetProcessHeap
HeapAlloc
HeapFree
FlushFileBuffers
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
CreateDirectoryA
MoveFileA
GetVersionExA
CreateProcessA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetFileAttributesA
LockFileEx
LockFile
UnlockFile
AreFileApisANSI
GetPrivateProfileStringW
CreateSemaphoreA
RtlCaptureContext
IsBadWritePtr
GetThreadTimes
GlobalAlloc
GlobalFree
lstrcmpiA
SetFileAttributesW
GetThreadLocale
GetVolumeInformationW
GetComputerNameW
GetTempPathA
GetTempFileNameA
GetDriveTypeW
GlobalDeleteAtom
GlobalAddAtomW
GlobalGetAtomNameW
GetNamedPipeHandleStateW
SetNamedPipeHandleState
DisconnectNamedPipe
PeekNamedPipe
GetSystemTime
ReleaseSemaphore
CreateSemaphoreW
MapViewOfFileEx
VirtualProtect
SwitchToThread
SetThreadPriority
GetFullPathNameA
GetDriveTypeA
SetCurrentDirectoryA
GetCurrentDirectoryA
Beep
DeleteFileA
OpenFileMappingA
CreateFileMappingA
IsProcessorFeaturePresent
OutputDebugStringW
OpenEventA
RaiseException

advapi32

RegDeleteKeyW
IsValidSid
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyExA
SetSecurityInfo
SetEntriesInAclW
CreateWellKnownSid
GetTokenInformation
OpenProcessToken
GetSecurityInfo
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSidSubAuthority
GetSidSubAuthorityCount
CreateProcessAsUserW
RegEnumValueW
RegQueryValueExW
RegNotifyChangeKeyValue
SetThreadToken
GetSecurityDescriptorSacl
SetTokenInformation
GetLengthSid
ConvertStringSidToSidW
TraceEvent
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
CryptDecrypt
CryptEncrypt
CryptDuplicateKey
CryptSetKeyParam
CryptGetKeyParam
CryptDuplicateHash
CryptGenRandom
CryptSignHashW
CryptExportKey
CryptVerifySignatureW
CryptCreateHash
CryptSetHashParam
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
CryptImportKey
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
InitializeAcl
AddAccessAllowedAce
CryptGenKey
CryptDestroyKey
CryptReleaseContext
GetUserNameW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
LookupAccountSidW
LookupAccountNameW
RegGetKeySecurity
MakeAbsoluteSD
RegSetKeySecurity
GetAclInformation
GetAce
RegEnumValueA
OpenThreadToken
RegDisablePredefinedCache
RevertToSelf
DuplicateTokenEx
CreateRestrictedToken
DuplicateToken
EqualSid
LookupPrivilegeValueW
CopySid
RegDeleteValueW

shell32

Shell_NotifyIconW
SHBrowseForFolderW
SHGetFileInfoW
SHGetSpecialFolderPathW
ord680
DragFinish
SHChangeNotify
ShellExecuteA
SHGetDesktopFolder
DragQueryFileW
SHGetPathFromIDListW
SHGetFolderPathW
SHFileOperationW
CommandLineToArgvW
SHAppBarMessage
ShellExecuteW
ShellExecuteExW

ole32

CoReleaseMarshalData
CoMarshalInterface
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
ReleaseStgMedium
OleDuplicateData
CoDisconnectObject
CoGetObject
RegisterDragDrop
CLSIDFromString
DoDragDrop
RevokeDragDrop
OleInitialize
OleUninitialize
CoCreateGuid
StringFromGUID2
GetHGlobalFromStream
CreateStreamOnHGlobal
PropVariantClear
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoUnmarshalInterface

oleaut32

VariantClear
SystemTimeToVariantTime
SafeArrayGetLBound
SysAllocString
SysStringLen
LoadTypeLi
LoadRegTypeLi
SafeArrayGetUBound
VariantInit
SafeArrayLock
SafeArrayGetVartype
VarCmp
VariantCopy
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SafeArrayUnlock
SafeArrayCreate
SafeArrayRedim
SafeArrayDestroy
SysFreeString
VarUI4FromStr
SafeArrayGetDim

shlwapi

PathIsUNCW
SHDeleteKeyW
SHStrDupW
SHGetValueA
PathFindFileNameW
PathGetCharTypeW
UrlCanonicalizeW
SHDeleteEmptyKeyW
PathRemoveExtensionW
PathFindExtensionW
UrlCreateFromPathA
PathIsUNCA
PathFileExistsA
UrlCreateFromPathW
PathFileExistsW

comctl32

ImageList_Create
ImageList_Destroy
InitCommonControlsEx
ImageList_ReplaceIcon

userenv

RegisterGPNotification
CreateEnvironmentBlock
DestroyEnvironmentBlock

rpcrt4

UuidToStringW
UuidCreateSequential
RpcStringFreeW
UuidCreate

oleacc

LresultFromObject
ObjectFromLresult
AccessibleObjectFromWindow
CreateStdAccessibleObject

riched20

ord4

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

QueryWorkingSet
GetMappedFileNameW
GetModuleFileNameExW
GetProcessMemoryInfo

winmm

waveOutPrepareHeader
waveOutUnprepareHeader
waveOutRestart
waveOutWrite
waveOutPause
waveOutReset
waveOutOpen
waveInOpen
waveInPrepareHeader
waveInUnprepareHeader
waveInStart
waveInReset
waveInClose
timeGetDevCaps
waveOutGetNumDevs
waveInAddBuffer
waveOutClose
waveInGetNumDevs
timeGetTime
timeBeginPeriod
timeEndPeriod

gdi32

GetFontData
GetCurrentObject
CreateDCA
RestoreDC
EndDoc
StartDocW
GetDeviceCaps
SaveDC
GdiComment
ModifyWorldTransform
AddFontMemResourceEx
EndPage
PlayEnhMetaFileRecord
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetWorldTransform
EnumEnhMetaFile
PlayEnhMetaFile
DeleteEnhMetaFile
CloseEnhMetaFile
GetEnhMetaFileW
CreateEnhMetaFileW
SetEnhMetaFileBits
ExtEscape
CreateFontW
GetTextFaceW
CreateDCW
StretchDIBits
SwapBuffers
ChoosePixelFormat
SetPixelFormat
PatBlt
SetRectRgn
CombineRgn
GdiFlush
BitBlt
GdiAlphaBlend
GetObjectW
Rectangle
GetGlyphOutlineW
CreateFontIndirectW
CreateRectRgn
CreateRectRgnIndirect
PathToRegion
SelectClipRgn
SetWorldTransform
SetPolyFillMode
BeginPath
PolyBezier
AbortPath
EndPath
SetGraphicsMode
SetStretchBltMode
SetBrushOrgEx
SetArcDirection
SetBkColor
SetTextColor
SetDCBrushColor
SetDCPenColor
SetROP2
CreateCompatibleDC
CreateDIBSection
SetDIBits
SelectObject
SetBkMode
CreateBitmap
DeleteObject
DeleteDC
GetStockObject
GetRegionData
CreateCompatibleBitmap
LineTo
MoveToEx
CreatePen
GetObjectType
ExtTextOutW
SetICMMode
EnumFontFamiliesExW
CreatePolygonRgn
GetOutlineTextMetricsW
PtInRegion
RemoveFontMemResourceEx
GetFontUnicodeRanges
GetTextColor
GetGlyphIndicesW
GetCharWidthI
CreateSolidBrush
GetClipBox
LPtoDP
GetTextExtentPoint32W
StrokePath
StrokeAndFillPath
SetMiterLimit
ExtCreatePen
GetStretchBltMode
StretchBlt
SetMapMode
GetRgnBox
ExcludeClipRect
EqualRgn
GetBkColor
SetViewportOrgEx
SetLayout
SetAbortProc
CancelDC
TextOutW
IntersectClipRect
StartPage
GetTextMetricsW

usp10

ScriptFreeCache
ScriptGetFontProperties
ScriptJustify
ScriptCPtoX
ScriptXtoCP
ScriptTextOut
ScriptItemize
ScriptShape
ScriptPlace

secur32

QueryCredentialsAttributesW
ApplyControlToken
CompleteAuthToken
FreeCredentialsHandle
AcquireCredentialsHandleA
InitializeSecurityContextA
DeleteSecurityContext
AcquireCredentialsHandleW
QueryContextAttributesW
FreeContextBuffer
InitializeSecurityContextW
DecryptMessage
EncryptMessage
QuerySecurityPackageInfoW

Exports

Exports

??0Context@Berkelium@@IAE@XZ
??0Context@Berkelium@@QAE@ABV01@@Z
??0Cursor@Berkelium@@AAE@QAUHICON__@@@Z
??0Cursor@Berkelium@@AAE@XZ
??0ErrorDelegate@Berkelium@@QAE@ABV01@@Z
??0ErrorDelegate@Berkelium@@QAE@XZ
??0ResourceInterceptor@Berkelium@@QAE@ABV01@@Z
??0ResourceInterceptor@Berkelium@@QAE@XZ
??0ResourceRequestJob@Berkelium@@QAE@ABV01@@Z
??0ResourceRequestJob@Berkelium@@QAE@XZ
??0Variant@Script@Berkelium@@AAE@U?$WeakString@_W@2@W4Type@012@@Z
??0Variant@Script@Berkelium@@AAE@W4Type@012@@Z
??0Variant@Script@Berkelium@@QAE@ABV012@@Z
??0Variant@Script@Berkelium@@QAE@H@Z
??0Variant@Script@Berkelium@@QAE@N@Z
??0Variant@Script@Berkelium@@QAE@PBD@Z
??0Variant@Script@Berkelium@@QAE@PB_W@Z
??0Variant@Script@Berkelium@@QAE@U?$WeakString@_W@2@@Z
??0Variant@Script@Berkelium@@QAE@XZ
??0Variant@Script@Berkelium@@QAE@_N@Z
??0Widget@Berkelium@@QAE@ABV01@@Z
??0Widget@Berkelium@@QAE@XZ
??0Window@Berkelium@@IAE@PBVContext@1@@Z
??0Window@Berkelium@@IAE@XZ
??0Window@Berkelium@@QAE@ABV01@@Z
??0WindowDelegate@Berkelium@@QAE@ABV01@@Z
??0WindowDelegate@Berkelium@@QAE@XZ
??1Context@Berkelium@@UAE@XZ
??1ErrorDelegate@Berkelium@@UAE@XZ
??1ResourceInterceptor@Berkelium@@UAE@XZ
??1ResourceRequestJob@Berkelium@@UAE@XZ
??1Variant@Script@Berkelium@@QAE@XZ
??1Widget@Berkelium@@UAE@XZ
??1Window@Berkelium@@UAE@XZ
??1WindowDelegate@Berkelium@@UAE@XZ
??4Context@Berkelium@@QAEAAV01@ABV01@@Z
??4Cursor@Berkelium@@QAEAAV01@ABV01@@Z
??4ErrorDelegate@Berkelium@@QAEAAV01@ABV01@@Z
??4ResourceInterceptor@Berkelium@@QAEAAV01@ABV01@@Z
??4ResourceRequestJob@Berkelium@@QAEAAV01@ABV01@@Z
??4Variant@Script@Berkelium@@QAEAAV012@ABV012@@Z
??4Widget@Berkelium@@QAEAAV01@ABV01@@Z
??4Window@Berkelium@@QAEAAV01@ABV01@@Z
??4WindowDelegate@Berkelium@@QAEAAV01@ABV01@@Z
??_7Context@Berkelium@@6B@
??_7ErrorDelegate@Berkelium@@6B@
??_7ResourceInterceptor@Berkelium@@6B@
??_7ResourceRequestJob@Berkelium@@6B@
??_7Widget@Berkelium@@6B@
??_7Window@Berkelium@@6B@
??_7WindowDelegate@Berkelium@@6B@
?GetCursor@Cursor@Berkelium@@QBEPAUHICON__@@XZ
?HandleAssert@ErrorDelegate@Berkelium@@UAEXPBD@Z
?HandleError@ErrorDelegate@Berkelium@@UAEXPBD@Z
?HandleMessage@ErrorDelegate@Berkelium@@UAE_NHPBD@Z
?UTF16ToUTF8@Berkelium@@YA?AU?$WeakString@D@1@ABU?$WeakString@G@1@@Z
?UTF16ToWide@Berkelium@@YA?AU?$WeakString@_W@1@ABU?$WeakString@G@1@@Z
?UTF8ToUTF16@Berkelium@@YA?AU?$WeakString@G@1@ABU?$WeakString@D@1@@Z
?UTF8ToWide@Berkelium@@YA?AU?$WeakString@_W@1@ABU?$WeakString@D@1@@Z
?WideToUTF16@Berkelium@@YA?AU?$WeakString@G@1@ABU?$WeakString@_W@1@@Z
?WideToUTF8@Berkelium@@YA?AU?$WeakString@D@1@ABU?$WeakString@_W@1@@Z
?appendWidget@Window@Berkelium@@IAEXPAVWidget@2@@Z
?backEnd@Window@Berkelium@@QBE?AV?$_Vector_const_iterator@PAVWidget@Berkelium@@V?$allocator@PAVWidget@Berkelium@@@std@@@std@@XZ
?backIter@Window@Berkelium@@QBE?AV?$_Vector_const_iterator@PAVWidget@Berkelium@@V?$allocator@PAVWidget@Berkelium@@@std@@@std@@XZ
?bindFunction@Variant@Script@Berkelium@@SA?AV123@U?$WeakString@_W@3@_N@Z
?create@Context@Berkelium@@SAPAV12@XZ
?create@Window@Berkelium@@SAPAV12@PBVContext@2@@Z
?destroy@Berkelium@@YAXXZ
?destroy@Context@Berkelium@@QAEXXZ
?destroy@Variant@Script@Berkelium@@QAEXXZ
?destroy@Widget@Berkelium@@QAEXXZ
?destroy@Window@Berkelium@@QAEXXZ
?emptyArray@Variant@Script@Berkelium@@SA?AV123@XZ
?emptyObject@Variant@Script@Berkelium@@SA?AV123@XZ
?forkedProcessHook@Berkelium@@YAXP6APAVBrokerServices@sandbox@@XZP6APAVTargetServices@3@XZP6A_NW4DepEnforcement@3@@Z@Z
?freeLastScriptAlert@WindowDelegate@Berkelium@@UAEXU?$WeakString@_W@2@@Z
?fromJSON@Script@Berkelium@@YA_NU?$WeakString@_W@2@AAVVariant@12@@Z
?frontEnd@Window@Berkelium@@QBE?AV?$reverse_iterator@V?$_Vector_const_iterator@PAVWidget@Berkelium@@V?$allocator@PAVWidget@Berkelium@@@std@@@std@@@std@@XZ
?frontIter@Window@Berkelium@@QBE?AV?$reverse_iterator@V?$_Vector_const_iterator@PAVWidget@Berkelium@@V?$allocator@PAVWidget@Berkelium@@@std@@@std@@@std@@XZ
?getContext@Window@Berkelium@@QBEPAVContext@2@XZ
?getWidgetAtPoint@Window@Berkelium@@QBEPAVWidget@2@HH_N@Z
?hasString@Variant@Script@Berkelium@@AAE_NXZ
?init@Berkelium@@YA_NU?$WeakString@_W@1@PAVErrorDelegate@1@_NPBD@Z
?initbool@Variant@Script@Berkelium@@QAEX_N@Z
?initdbl@Variant@Script@Berkelium@@QAEXN@Z
?initint@Variant@Script@Berkelium@@QAEXH@Z
?initmb@Variant@Script@Berkelium@@QAEXPBDI@Z
?initnull@Variant@Script@Berkelium@@QAEXW4Type@123@@Z
?initvariant@Variant@Script@Berkelium@@QAEXABV123@@Z
?initwc@Variant@Script@Berkelium@@QAEXPB_WI@Z
?navigateTo@Window@Berkelium@@QAE_NPBDI@Z
?onAddressBarChanged@WindowDelegate@Berkelium@@UAEXPAVWindow@2@U?$WeakString@D@2@@Z
?onConsoleMessage@WindowDelegate@Berkelium@@UAEXPAVWindow@2@U?$WeakString@_W@2@1H@Z
?onCrashed@WindowDelegate@Berkelium@@UAEXPAVWindow@2@@Z
?onCrashedPlugin@WindowDelegate@Berkelium@@UAEXPAVWindow@2@U?$WeakString@_W@2@@Z
?onCrashedWorker@WindowDelegate@Berkelium@@UAEXPAVWindow@2@@Z
?onCreatedWindow@WindowDelegate@Berkelium@@UAEXPAVWindow@2@0ABURect@2@@Z
?onCursorUpdated@WindowDelegate@Berkelium@@UAEXPAVWindow@2@ABVCursor@2@@Z
?onExternalHost@WindowDelegate@Berkelium@@UAEXPAVWindow@2@U?$WeakString@_W@2@U?$WeakString@D@2@2@Z
?onJavascriptCallback@WindowDelegate@Berkelium@@UAEXPAVWindow@2@PAXU?$WeakString@D@2@U?$WeakString@_W@2@PAVVariant@Script@2@I@Z
?onLoad@WindowDelegate@Berkelium@@UAEXPAVWindow@2@@Z
?onLoadingStateChanged@WindowDelegate@Berkelium@@UAEXPAVWindow@2@_N@Z
?onNavigationRequested@WindowDelegate@Berkelium@@UAEXPAVWindow@2@U?$WeakString@D@2@1_NAA_N@Z
?onPaint@WindowDelegate@Berkelium@@UAEXPAVWindow@2@PBEABURect@2@IPBU42@HH2@Z
?onProvisionalLoadError@WindowDelegate@Berkelium@@UAEXPAVWindow@2@U?$WeakString@D@2@H_N@Z
?onResponsive@WindowDelegate@Berkelium@@UAEXPAVWindow@2@@Z
?onRunFileChooser@WindowDelegate@Berkelium@@UAEXPAVWindow@2@HU?$WeakString@_W@2@1@Z
?onScriptAlert@WindowDelegate@Berkelium@@UAEXPAVWindow@2@U?$WeakString@_W@2@1U?$WeakString@D@2@HAA_NAAU42@@Z
?onShowContextMenu@WindowDelegate@Berkelium@@UAEXPAVWindow@2@ABUContextMenuEventArgs@2@@Z
?onStartLoading@WindowDelegate@Berkelium@@UAEXPAVWindow@2@U?$WeakString@D@2@@Z
?onTitleChanged@WindowDelegate@Berkelium@@UAEXPAVWindow@2@U?$WeakString@_W@2@@Z
?onTooltipChanged@WindowDelegate@Berkelium@@UAEXPAVWindow@2@U?$WeakString@_W@2@@Z
?onUnresponsive@WindowDelegate@Berkelium@@UAEXPAVWindow@2@@Z
?onWidgetCreated@WindowDelegate@Berkelium@@UAEXPAVWindow@2@PAVWidget@2@H@Z
?onWidgetDestroyed@WindowDelegate@Berkelium@@UAEXPAVWindow@2@PAVWidget@2@@Z
?onWidgetMove@WindowDelegate@Berkelium@@UAEXPAVWindow@2@PAVWidget@2@HH@Z
?onWidgetPaint@WindowDelegate@Berkelium@@UAEXPAVWindow@2@PAVWidget@2@PBEABURect@2@IPBU52@HH3@Z
?onWidgetResize@WindowDelegate@Berkelium@@UAEXPAVWindow@2@PAVWidget@2@HH@Z
?removeWidget@Window@Berkelium@@IAEXPAVWidget@2@@Z
?setDelegate@Window@Berkelium@@QAEXPAVWindowDelegate@2@@Z
?setErrorHandler@Berkelium@@YAXPAVErrorDelegate@1@@Z
?stringUtil_free@Berkelium@@YAXU?$WeakString@D@1@@Z
?stringUtil_free@Berkelium@@YAXU?$WeakString@G@1@@Z
?stringUtil_free@Berkelium@@YAXU?$WeakString@_W@1@@Z
?toBoolean@Variant@Script@Berkelium@@QBE_NXZ
?toDouble@Variant@Script@Berkelium@@QBENXZ
?toFunctionName@Variant@Script@Berkelium@@QBE?AU?$WeakString@_W@3@XZ
?toInteger@Variant@Script@Berkelium@@QBEHXZ
?toJSON@Script@Berkelium@@YA?AU?$WeakString@_W@2@ABVVariant@12@@Z
?toJSON_free@Script@Berkelium@@YAXU?$WeakString@_W@2@@Z
?toString@Variant@Script@Berkelium@@QBE?AU?$WeakString@_W@3@XZ
?type@Variant@Script@Berkelium@@QBE?AW4Type@123@XZ
?update@Berkelium@@YAXXZ
RelaunchChromeBrowserWithNewCommandLineIfNeeded
_DelayedLowerToken@4
_TargetCreateEventW@20
_TargetCreateNamedPipeW@36
_TargetCreateProcessA@44
_TargetCreateProcessW@44
_TargetNtCreateFile@48
_TargetNtCreateKey@32
_TargetNtMapViewOfSection@44
_TargetNtOpenFile@28
_TargetNtOpenKey@16
_TargetNtOpenKeyEx@20
_TargetNtOpenProcess@20
_TargetNtOpenProcessToken@16
_TargetNtOpenProcessTokenEx@20
_TargetNtOpenThread@20
_TargetNtOpenThreadToken@20
_TargetNtOpenThreadTokenEx@24
_TargetNtQueryAttributesFile@12
_TargetNtQueryFullAttributesFile@12
_TargetNtSetInformationFile@24
_TargetNtSetInformationThread@20
_TargetNtUnmapViewOfSection@12
_TargetOpenEventW@16
g_interceptions
g_nt
g_originals
g_shared_IPC_size
g_shared_delayed_integrity_level
g_shared_policy_size
g_shared_section

Sections

.text
Size: 53.8MB - Virtual size: 53.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54.3MB - Virtual size: 54.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 834KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 33B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.unwante
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
renderer_d.exe
.exe windows:5 windows x86 arch:x86

85ea70de3b08ed5a94cc640506ce7888

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\work\rgsc\src\dev_ng\rage\3rdparty\Berkelium\win32\renderer_exe_d.pdb

Imports

renderer_d

?forkedProcessHook@Berkelium@@YAXP6APAVBrokerServices@sandbox@@XZP6APAVTargetServices@3@XZP6A_NW4DepEnforcement@3@@Z@Z

kernel32

GetExitCodeProcess
GetThreadContext
AssignProcessToJobObject
WriteProcessMemory
MapViewOfFile
CreateFileMappingW
InterlockedIncrement
InterlockedDecrement
RegisterWaitForSingleObject
UnregisterWaitEx
GetVersionExW
CreateJobObjectW
CreateMutexW
SearchPathW
GetCurrentProcessId
CreateNamedPipeW
CreateProcessW
OpenEventW
VirtualFreeEx
VirtualAllocEx
VirtualProtectEx
GetFileAttributesW
QueryDosDeviceW
GetLongPathNameW
CreateFileW
GetCurrentDirectoryW
lstrlenW
DebugBreak
VirtualQuery
WideCharToMultiByte
ReadProcessMemory
GetModuleFileNameW
SuspendThread
DeleteFileW
SetFilePointer
ReleaseMutex
WriteFile
LoadLibraryW
FormatMessageA
GetModuleHandleA
Sleep
RaiseException
IsDebuggerPresent
FormatMessageW
GetCommandLineW
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
RtlCaptureStackBackTrace
GetCurrentThread
ExpandEnvironmentStringsW
CompareStringA
CreateFileA
GetLocaleInfoW
ReadFile
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetStringTypeA
GetDateFormatA
GetTimeFormatA
VirtualAlloc
HeapReAlloc
HeapSize
GetProcessHeap
HeapAlloc
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
FreeLibrary
InterlockedCompareExchange
SignalObjectAndWait
SetEnvironmentVariableA
InterlockedExchange
LocalFree
ResumeThread
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
DuplicateHandle
ResetEvent
GetQueuedCompletionStatus
SetEvent
TerminateJobObject
PostQueuedCompletionStatus
CloseHandle
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
CreateIoCompletionPort
CreateEventW
CreateThread
GetLastError
SetLastError
SetInformationJobObject
GetTickCount
TerminateProcess
GetModuleHandleW
GetProcAddress
GetCurrentProcess
CompareStringW
OutputDebugStringA
GetACP
SetConsoleCtrlHandler
OutputDebugStringW
VirtualFree
HeapFree
HeapCreate
HeapDestroy
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteConsoleW
GetFileType
GetStdHandle
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
ExitProcess
lstrlenA
LoadLibraryA
HeapValidate
IsBadReadPtr
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
FatalAppExitA
QueryPerformanceCounter
GetModuleFileNameA
FreeEnvironmentStringsA

user32

CreateDesktopW
UserHandleGrantAccess
CreateWindowStationW
GetProcessWindowStation
GetThreadDesktop
SetProcessWindowStation
GetDesktopWindow
CloseWindowStation
GetUserObjectInformationW
GetPropW
CharUpperW
WaitForInputIdle
GetClassNameW
GetKeyState
MessageBoxW
RemovePropW
SetPropW
GetWindowLongW
SetWindowLongW
wsprintfW
SystemParametersInfoW
CloseDesktop

advapi32

RevertToSelf
RegNotifyChangeKeyValue
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
ConvertSidToStringSidW
RegCreateKeyExW
SetEntriesInAclW
GetSecurityInfo
CreateWellKnownSid
CopySid
LookupPrivilegeValueW
GetTokenInformation
EqualSid
DuplicateToken
CreateRestrictedToken
DuplicateTokenEx
OpenProcessToken
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityInfo
CreateProcessAsUserW
SetThreadToken
RegDisablePredefinedCache
RegOpenKeyExW
RegCloseKey

shell32

CommandLineToArgvW

ole32

PropVariantClear

shlwapi

SHDeleteKeyW
SHStrDupW

dbghelp

StackWalk64
SymFunctionTableAccess64
SymGetModuleBase64
SymGetLineFromAddr64
SymFromAddr
SymInitialize
SymSetOptions

Exports

Exports

_TargetCreateEventW@20
_TargetCreateNamedPipeW@36
_TargetCreateProcessA@44
_TargetCreateProcessW@44
_TargetNtCreateFile@48
_TargetNtCreateKey@32
_TargetNtMapViewOfSection@44
_TargetNtOpenFile@28
_TargetNtOpenKey@16
_TargetNtOpenKeyEx@20
_TargetNtOpenProcess@20
_TargetNtOpenProcessToken@16
_TargetNtOpenProcessTokenEx@20
_TargetNtOpenThread@20
_TargetNtOpenThreadToken@20
_TargetNtOpenThreadTokenEx@24
_TargetNtQueryAttributesFile@12
_TargetNtQueryFullAttributesFile@12
_TargetNtSetInformationFile@24
_TargetNtSetInformationThread@20
_TargetNtUnmapViewOfSection@12
_TargetOpenEventW@16
g_interceptions
g_nt
g_originals
g_shared_IPC_size
g_shared_delayed_integrity_level
g_shared_policy_size
g_shared_section

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

316e75cbedd944b4dfe7dfc2f8453f42

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

opengl32

winmm

Exports

Exports

Sections

.text Size: 109KB - Virtual size: 108KB

.rdata Size: 111KB - Virtual size: 110KB

.data Size: 19KB - Virtual size: 26KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 14KB

b844bfa40321c91226f7e16830b29d15

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

userenv

rpcrt4

oleacc

riched20

version

psapi

winmm

gdi32

usp10

secur32

Exports

Exports

Sections

.text Size: 19.2MB - Virtual size: 19.2MB

.rdata Size: 4.8MB - Virtual size: 4.8MB

.data Size: 234KB - Virtual size: 861KB

.tls Size: 512B - Virtual size: 33B

.unwante Size: 3KB - Virtual size: 3KB

.rsrc Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 1.0MB - Virtual size: 1.0MB

68802fa5d3e24fc1af91e2038218d38e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

renderer

kernel32

user32

advapi32

shell32

ole32

shlwapi

dbghelp

Exports

Exports

Sections

.text Size: 448KB - Virtual size: 448KB

.rdata Size: 108KB - Virtual size: 107KB

.data Size: 6KB - Virtual size: 16KB

.rsrc Size: 288KB - Virtual size: 287KB

.reloc Size: 17KB - Virtual size: 16KB

eafe278c562adaa5fe86727e35ffa4ff

.text
Size: 109KB - Virtual size: 108KB

.rdata
Size: 111KB - Virtual size: 110KB

.data
Size: 19KB - Virtual size: 26KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB

.text
Size: 19.2MB - Virtual size: 19.2MB

.rdata
Size: 4.8MB - Virtual size: 4.8MB

.data
Size: 234KB - Virtual size: 861KB

.tls
Size: 512B - Virtual size: 33B

.unwante
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 1.0MB - Virtual size: 1.0MB

.text
Size: 448KB - Virtual size: 448KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 6KB - Virtual size: 16KB

.rsrc
Size: 288KB - Virtual size: 287KB

.reloc
Size: 17KB - Virtual size: 16KB

.text
Size: 53.8MB - Virtual size: 53.8MB

.rdata
Size: 54.3MB - Virtual size: 54.3MB

.data
Size: 834KB - Virtual size: 1.6MB

.tls
Size: 512B - Virtual size: 33B

.unwante
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 1.8MB - Virtual size: 1.8MB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 275KB - Virtual size: 274KB

.data
Size: 8KB - Virtual size: 19KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 348KB - Virtual size: 348KB

.reloc
Size: 38KB - Virtual size: 38KB