c:\workroot.SVN\Versions\Version4Utils\bin9r\RegWiz.RW_NANO\RegWizardNano2CertHostID_NoCrypt.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-05-08_4df89148e21bbd60599d6e83fe9fc73d_backswap_magniber.exe
Resource
win7-20231129-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-05-08_4df89148e21bbd60599d6e83fe9fc73d_backswap_magniber.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
2024-05-08_4df89148e21bbd60599d6e83fe9fc73d_backswap_magniber
-
Size
3.8MB
-
MD5
4df89148e21bbd60599d6e83fe9fc73d
-
SHA1
a8af7a878f88b5ead80cc1fb872fa7c2bea6c345
-
SHA256
0c2f252ec55a2b0af5339c572b2f1b4e9dbc358ed84a3d13faaa22bb322a3871
-
SHA512
c070a9d7f72dd63cf4037350538b648b6855c277c345b817511d4f9f6aa8cff259473288dbd453bb8e05ae5edb2a3d9a28ee9264cf6ccf3750d2add19380b408
-
SSDEEP
49152:O8+nd61JIozQxCWwEhCZXkkmLe1In6kwnFC+Z/vPAGd9CkhPqyKbXvjaBV402dmD:ond+JIowwEhChH1CHaD52d4CXUPc2d3
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-05-08_4df89148e21bbd60599d6e83fe9fc73d_backswap_magniber
Files
-
2024-05-08_4df89148e21bbd60599d6e83fe9fc73d_backswap_magniber.exe windows:5 windows x86 arch:x86
43d5ab55b78d08955ee3b6efaba19ea8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
shell32
DragQueryFileA
DragFinish
ExtractIconA
SHFileOperationA
SHGetFileInfoA
ShellExecuteA
version
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA
ole32
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
OleRun
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
OleDuplicateData
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleSetClipboard
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoUninitialize
CoInitializeEx
StringFromGUID2
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemAlloc
CreateStreamOnHGlobal
oleaut32
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
VarDateFromStr
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
RegisterTypeLi
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SafeArrayGetDim
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysReAllocStringLen
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarUI4FromStr
SysAllocString
SysAllocStringLen
VariantClear
VariantInit
VarBstrCmp
VarBstrFromDate
SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime
shlwapi
PathRemoveExtensionA
PathIsUNCA
PathRemoveFileSpecW
PathIsURLW
PathFileExistsA
PathAddBackslashA
PathFindFileNameA
PathAppendA
PathFindExtensionA
PathStripToRootA
oleacc
CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow
kernel32
GlobalAlloc
FileTimeToSystemTime
CreateDirectoryW
GetTickCount
SetLastError
GlobalUnlock
GlobalLock
GlobalSize
GlobalFree
lstrcmpA
InterlockedExchange
CompareStringA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
SetThreadPriority
ResumeThread
WaitForSingleObject
SetEvent
SuspendThread
CreateEventA
GlobalAddAtomA
GetCurrentProcessId
GetStringTypeExA
GetThreadLocale
ReadFile
WriteFile
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetShortPathNameA
CreateFileA
FileTimeToLocalFileTime
GetFileAttributesExA
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
GetFileSizeEx
GetFileTime
FreeResource
GetVersionExA
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetModuleHandleW
GetCurrentDirectoryA
GlobalFlags
GetAtomNameA
GetCPInfo
GetOEMCP
Sleep
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
GetACP
IsValidCodePage
ExitThread
CreateThread
SetStdHandle
GetFileType
LCMapStringA
GetFileAttributesW
GetStdHandle
FatalAppExitA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
VirtualFree
SetEnvironmentVariableA
SetEnvironmentVariableW
GetStringTypeA
GetStringTypeW
SetHandleCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeFormatA
GetDateFormatA
EnumSystemLocalesA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetCurrentDirectoryW
GetCurrentDirectoryW
RemoveDirectoryW
MoveFileW
DeleteFileW
CopyFileW
HeapCreate
HeapSetInformation
HeapAlloc
HeapDestroy
HeapSize
HeapFree
GlobalMemoryStatus
OutputDebugStringA
GetSystemInfo
GetTempPathW
GetTempFileNameW
GetSystemTime
FindNextFileW
GetProcessTimes
GetEnvironmentVariableW
GetCommandLineW
GetDriveTypeA
SetHandleInformation
GetWindowsDirectoryA
ResetEvent
DeviceIoControl
GetLocalTime
IsBadStringPtrW
IsBadStringPtrA
IsBadWritePtr
IsBadReadPtr
GetProfileStringA
GetProfileIntA
WinExec
GetFullPathNameW
SetCurrentDirectoryA
GetExitCodeProcess
CreatePipe
GetDriveTypeW
CreateProcessA
ExpandEnvironmentStringsA
ReleaseSemaphore
OpenSemaphoreA
CreateSemaphoreA
SearchPathA
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
FindResourceExA
GetUserDefaultLCID
GetPrivateProfileStringA
FindClose
FindFirstFileW
SetErrorMode
GetCurrentProcess
GetProcAddress
GetModuleHandleA
VirtualQuery
GetModuleFileNameA
UnmapViewOfFile
CloseHandle
GetFileAttributesA
MapViewOfFile
CreateFileMappingA
GetFileSize
OpenFile
SetFilePointer
SetEndOfFile
CreateDirectoryA
ReleaseMutex
CreateFileMappingW
FlushViewOfFile
MulDiv
IsValidLocale
GetLastError
CreateMutexA
GetModuleFileNameW
GetPrivateProfileSectionA
GetLocaleInfoW
VirtualProtect
FlushInstructionCache
LocalAlloc
GetVersion
GetComputerNameA
SetFileAttributesA
GetPrivateProfileIntA
GetLocaleInfoA
WritePrivateProfileStringA
CopyFileA
GetTempPathA
GetTempFileNameA
MoveFileA
FindFirstFileA
FindNextFileA
DeleteFileA
LoadLibraryExA
FreeLibrary
IsDBCSLeadByte
lstrcmpiA
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
lstrlenW
lstrlenA
CreateFileW
LoadLibraryA
LocalFree
FormatMessageA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
MultiByteToWideChar
lstrcpyA
GetEnvironmentVariableA
LCMapStringW
advapi32
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
GetUserNameW
GetUserNameA
RegSetValueExW
RegQueryValueExW
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
LookupAccountSidW
GetSecurityInfo
RegSetValueA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegCreateKeyA
StartServiceA
OpenServiceA
OpenSCManagerA
CloseServiceHandle
user32
InflateRect
GetMenuItemInfoA
DestroyMenu
TranslateAcceleratorA
BringWindowToTop
SetRectEmpty
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
GetMenuBarInfo
LoadMenuA
ReuseDDElParam
UnpackDDElParam
GetKeyNameTextA
MapVirtualKeyA
GetSystemMenu
SetParent
UnionRect
SetTimer
KillTimer
GetDCEx
LockWindowUpdate
SetCapture
DeleteMenu
GetSysColorBrush
UnregisterClassA
GetDesktopWindow
GetNextDlgTabItem
EndDialog
ScrollWindowEx
MoveWindow
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
GetClassNameA
IsWindow
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetClientRect
GetDialogBaseUnits
GetClassInfoExA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetPropA
GetCapture
SetActiveWindow
ShowWindow
GetPropA
RemovePropA
GetAsyncKeyState
SetFocus
GetWindowRect
GetDlgItem
RegisterClipboardFormatA
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
CharUpperA
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
GetDlgItemTextW
PostThreadMessageA
GetNextDlgGroupItem
InvalidateRgn
MessageBoxA
ShowOwnedPopups
SetWindowsHookExA
CallNextHookEx
wsprintfA
DrawIcon
CallMsgFilterA
SetRect
IsRectEmpty
CopyAcceleratorTableA
DestroyIcon
LoadStringA
SendMessageA
EnableWindow
LoadIconA
LoadBitmapA
PostMessageA
GetClassInfoA
UpdateWindow
InvalidateRect
GetParent
SetCursor
LoadCursorA
CharNextA
MessageBeep
OpenClipboard
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
CloseClipboard
IsWindowVisible
GetKeyState
GetClipboardData
SetWindowTextA
GetWindowTextA
WaitMessage
ReleaseCapture
CreateWindowExA
WindowFromPoint
GetWindowTextLengthA
GetWindowLongA
MessageBoxIndirectA
MessageBoxIndirectW
LoadStringW
CreateDialogIndirectParamA
CreateDialogIndirectParamW
DialogBoxIndirectParamA
DialogBoxParamA
DialogBoxIndirectParamW
DialogBoxParamW
GetMenuItemID
ModifyMenuW
GetSubMenu
GetMenuState
GetMenuStringW
GetMenuItemCount
SetWindowTextW
GetWindowTextW
ReleaseDC
GetDC
GetSystemMetrics
RemoveMenu
InsertMenuA
AppendMenuA
GetMenuStringA
PostQuitMessage
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetFocus
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
gdi32
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
DeleteObject
SelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
StartDocA
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
LineTo
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
CreateCompatibleDC
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetTextExtentPoint32A
GetTextMetricsA
EnumFontFamiliesExA
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
CreateCompatibleBitmap
GetCharWidthA
CreateFontA
StretchDIBits
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateBitmap
CreateDCA
CopyMetaFileA
GetObjectW
GetDeviceCaps
GetStockObject
CreateFontIndirectA
ScaleWindowExtEx
GetObjectA
comdlg32
GetFileTitleA
GetOpenFileNameA
winspool.drv
DocumentPropertiesA
OpenPrinterA
ClosePrinter
wsock32
WSACleanup
select
inet_addr
getpeername
WSAStartup
htons
connect
socket
setsockopt
bind
gethostname
gethostbyname
recv
closesocket
send
ioctlsocket
recvfrom
sendto
gethostbyaddr
netapi32
Netbios
oledlg
ord8
wininet
FtpFindFirstFileW
InternetCloseHandle
InternetCrackUrlW
FtpGetFileW
InternetConnectW
InternetOpenW
FtpDeleteFileW
FtpCreateDirectoryW
FtpOpenFileW
FtpPutFileW
InternetFindNextFileW
urlmon
URLDownloadToFileW
URLDownloadToCacheFileW
comctl32
ord17
ws2_32
ioctlsocket
getprotobyname
getsockopt
__WSAFDIsSet
getsockname
WSAGetLastError
htonl
ntohl
ntohs
Exports
Exports
??0CCSVariant@@QAE@ABUtagCSBLOB@@@Z
??0CCSVariant@@QAE@ABUtagCSVARIANT@@@Z
??0CCSVariant@@QAE@ABUtagPOINT@@@Z
??0CCSVariant@@QAE@ABUtagRECT@@@Z
??0CCSVariant@@QAE@ABUtagRPOINT@@@Z
??0CCSVariant@@QAE@ABUtagRRECT@@@Z
??0CCSVariant@@QAE@ABUtagRSIZE@@@Z
??0CCSVariant@@QAE@ABUtagSIZE@@@Z
??0CCSVariant@@QAE@ABV0@@Z
??0CCSVariant@@QAE@ABVCXString@@@Z
??0CCSVariant@@QAE@ABVCXStringW@@@Z
??0CCSVariant@@QAE@EG@Z
??0CCSVariant@@QAE@GG@Z
??0CCSVariant@@QAE@HG@Z
??0CCSVariant@@QAE@IG@Z
??0CCSVariant@@QAE@JG@Z
??0CCSVariant@@QAE@KG@Z
??0CCSVariant@@QAE@M@Z
??0CCSVariant@@QAE@N@Z
??0CCSVariant@@QAE@PAUICSUnknown@@@Z
??0CCSVariant@@QAE@PBD@Z
??0CCSVariant@@QAE@PBUtagCSVARIANT@@@Z
??0CCSVariant@@QAE@PB_W@Z
??0CSBlob@@QAE@ABUtagCSBLOB@@@Z
??0CSBlob@@QAE@ABV0@@Z
??0CSBlob@@QAE@K@Z
??0CSBlob@@QAE@PBUtagCSBLOB@@@Z
??0CSBlob@@QAE@XZ
??0CXString@@QAE@ABV0@@Z
??0CXString@@QAE@PBD@Z
??0CXString@@QAE@PB_W@Z
??0CXString@@QAE@XZ
??0CXStringW@@QAE@ABV0@@Z
??0CXStringW@@QAE@PBD@Z
??0CXStringW@@QAE@PB_W@Z
??0CXStringW@@QAE@XZ
??1CXString@@UAE@XZ
??1CXStringW@@UAE@XZ
??4CCSVariant@@QAGABV0@ABUtagCSBLOB@@@Z
??4CCSVariant@@QAGABV0@ABUtagCSVARIANT@@@Z
??4CCSVariant@@QAGABV0@ABUtagPOINT@@@Z
??4CCSVariant@@QAGABV0@ABUtagRECT@@@Z
??4CCSVariant@@QAGABV0@ABUtagRPOINT@@@Z
??4CCSVariant@@QAGABV0@ABUtagRRECT@@@Z
??4CCSVariant@@QAGABV0@ABUtagRSIZE@@@Z
??4CCSVariant@@QAGABV0@ABUtagSIZE@@@Z
??4CCSVariant@@QAGABV0@ABV0@@Z
??4CCSVariant@@QAGABV0@ABVCXString@@@Z
??4CCSVariant@@QAGABV0@ABVCXStringW@@@Z
??4CCSVariant@@QAGABV0@E@Z
??4CCSVariant@@QAGABV0@G@Z
??4CCSVariant@@QAGABV0@H@Z
??4CCSVariant@@QAGABV0@I@Z
??4CCSVariant@@QAGABV0@J@Z
??4CCSVariant@@QAGABV0@K@Z
??4CCSVariant@@QAGABV0@M@Z
??4CCSVariant@@QAGABV0@N@Z
??4CCSVariant@@QAGABV0@PAUICSUnknown@@@Z
??4CCSVariant@@QAGABV0@PBUtagCSVARIANT@@@Z
??4CCSVariant@@QAGABV0@QBD@Z
??4CCSVariant@@QAGABV0@QB_W@Z
??4CSBlob@@QAGAAV0@PBUtagCSBLOB@@@Z
??4CXString@@QAEABV0@PB_W@Z
??4CXString@@QAGABV0@ABV0@@Z
??4CXStringW@@QAGABV0@ABV0@@Z
??8CCSVariant@@QBGHABUtagCSVARIANT@@@Z
??8CCSVariant@@QBGHPBUtagCSVARIANT@@@Z
??8CSBlob@@QAGHABUtagCSBLOB@@@Z
??8CSBlob@@QAGHPBUtagCSBLOB@@@Z
??BCCSVariant@@QBE?AUtagCSBLOB@@XZ
??BCCSVariant@@QBE?AUtagPOINT@@XZ
??BCCSVariant@@QBE?AUtagRECT@@XZ
??BCCSVariant@@QBE?AUtagRPOINT@@XZ
??BCCSVariant@@QBE?AUtagRRECT@@XZ
??BCCSVariant@@QBE?AUtagRSIZE@@XZ
??BCCSVariant@@QBE?AUtagSIZE@@XZ
??BCCSVariant@@QBEEXZ
??BCCSVariant@@QBEGXZ
??BCCSVariant@@QBEHXZ
??BCCSVariant@@QBEIXZ
??BCCSVariant@@QBEJXZ
??BCCSVariant@@QBEKXZ
??BCCSVariant@@QBEMXZ
??BCCSVariant@@QBENXZ
??BCCSVariant@@QBEPADXZ
??BCCSVariant@@QBEPAUICSUnknown@@XZ
??BCCSVariant@@QBEPA_WXZ
??H@YG?AVCXString@@ABV0@0@Z
??H@YG?AVCXString@@ABV0@PBD@Z
??H@YG?AVCXString@@ABV0@_W@Z
??H@YG?AVCXString@@PBDABV0@@Z
??H@YG?AVCXString@@_WABV0@@Z
??H@YG?AVCXStringW@@ABV0@0@Z
??H@YG?AVCXStringW@@ABV0@PB_W@Z
??H@YG?AVCXStringW@@ABV0@_W@Z
??H@YG?AVCXStringW@@PB_WABV0@@Z
??H@YG?AVCXStringW@@_WABV0@@Z
?AddDirDelim@CXString@@QAGAAV1@XZ
?AddDirDelim@CXStringW@@QAGAAV1@XZ
?AddFileExtDelim@CXString@@QAGAAV1@XZ
?AddFileExtDelim@CXStringW@@QAGAAV1@XZ
?AllocBuffer@CXString@@IAGXI@Z
?AllocBuffer@CXStringW@@IAGXI@Z
?AssignCopy@CXString@@IAGXPBDI@Z
?AssignCopy@CXStringW@@IAGXPB_WI@Z
?Attach@CCSVariant@@QAGXAAUtagCSVARIANT@@@Z
?BindFromValue@CCSVariant@@QAGHGPAX@Z
?BindToValue@CCSVariant@@QAGHGPAX@Z
?CSVariantBindFromValue@@YGHGPAXPAUtagCSVARIANT@@@Z
?CSVariantBindToValue@@YGHGPAXPAUtagCSVARIANT@@@Z
?CSVariantChangeType@@YGHPAUtagCSVARIANT@@PBU1@G@Z
?CSVariantClear@@YGXPAUtagCSVARIANT@@@Z
?CSVariantCopy@@YGXPAUtagCSVARIANT@@PBU1@@Z
?CSVariantInit@@YGXPAUtagCSVARIANT@@@Z
?ChangeFileExt@CXString@@QAGXPBD@Z
?ChangeFileExt@CXStringW@@QAGXPB_W@Z
?ChangeType@CCSVariant@@QAGHGPAUtagCSVARIANT@@@Z
?CharToOemA@CXString@@QAGXXZ
?CharToOemA@CXStringW@@QAGXXZ
?Clear@CCSVariant@@QAGXXZ
?Clear@CSBlob@@QAGXXZ
?Compare@CXString@@QBGHPBD@Z
?Compare@CXStringW@@QBGHPB_W@Z
?CompareI@CXString@@QBGHPBD@Z
?CompareI@CXStringW@@QBGHPB_W@Z
?CompareIN@CXString@@QBGHPBDH@Z
?CompareIN@CXStringW@@QBGHPB_WH@Z
?CompareN@CXString@@QBGHPBDH@Z
?CompareN@CXStringW@@QBGHPB_WH@Z
?ConcatCopy@CXString@@IAGXPBDI@Z
?ConcatCopy@CXStringW@@IAGXPB_WI@Z
?ConcatCopyTo@CXString@@IAGXIPBDI@Z
?ConcatCopyTo@CXStringW@@IAGXIPB_WI@Z
?Copy@CXString@@QBGIPAD@Z
?Copy@CXString@@QBGIPADI@Z
?Copy@CXStringW@@QBGIPA_W@Z
?Copy@CXStringW@@QBGIPA_WI@Z
?CopyFit@CXString@@QBGIPADI@Z
?CopyFit@CXStringW@@QBGIPA_WI@Z
?Delete@CXString@@QAGAAV1@HH@Z
?Delete@CXStringW@@QAGAAV1@HH@Z
?Detach@CCSVariant@@QAG?AUtagCSVARIANT@@XZ
?Dump_Param@@YGXPAUIParam@@@Z
?Extract@CXString@@QAGHHH@Z
?Extract@CXString@@QBGHHHAAV1@@Z
?Extract@CXStringW@@QAGHHH@Z
?Extract@CXStringW@@QBGHHHAAV1@@Z
?FileExt@CXString@@QBG?AV1@XZ
?FileExt@CXStringW@@QBG?AV1@XZ
?FileName@CXString@@QBG?AV1@XZ
?FileName@CXStringW@@QBG?AV1@XZ
?FilePath@CXString@@QBG?AV1@XZ
?FilePath@CXStringW@@QBG?AV1@XZ
?Find@CXString@@QBGHPBDH@Z
?Find@CXString@@QBGH_WH@Z
?Find@CXStringW@@QBGHPB_WH@Z
?Find@CXStringW@@QBGH_WH@Z
?FindI@CXStringW@@QBGHPB_W@Z
?FindOnOf@CXString@@QBGHPBDH@Z
?FindOnOf@CXStringW@@QBGHPB_WH@Z
?FindReplace@CXString@@QAGHPBD0@Z
?FindReplace@CXString@@QAGHPBD_W@Z
?FindReplace@CXString@@QAGH_W0@Z
?FindReplace@CXString@@QAGH_WPBD@Z
?FindReplace@CXStringW@@QAGHPB_W0@Z
?FindReplace@CXStringW@@QAGHPB_W_W@Z
?FindReplace@CXStringW@@QAGH_W0@Z
?FindReplace@CXStringW@@QAGH_WPB_W@Z
?FindRev@CXString@@QBGH_W@Z
?FindRev@CXStringW@@QBGH_W@Z
?FindRevOnOf@CXString@@QBGHPBD@Z
?FindRevOnOf@CXStringW@@QBGHPB_W@Z
?Fio_ChangeNELock@@YGXPB_W_N@Z
?Fio_CopyFile@@YGXPB_W0H@Z
?Fio_CreateDirectory@@YGXPB_W@Z
?Fio_DeleteDirectory@@YGXPB_W@Z
?Fio_DeleteFile@@YGXPB_W@Z
?Fio_DownloadToCacheFile@@YGPB_WPB_W@Z
?Fio_DownloadToFile@@YGHPB_W0@Z
?Fio_EnableLocking@@YGHH@Z
?Fio_GetCurrentDirectory@@YGXPA_WH@Z
?Fio_GetFileInfo@@YGXPB_WPAUFioFileInfo@@@Z
?Fio_GetSecurityInfo@@YGHPB_WAAVCXStringW@@@Z
?Fio_GetTempFileName@@YGPB_WXZ
?Fio_IsFileExist@@YGHPB_W@Z
?Fio_IsMemFile@@YGHPB_W@Z
?Fio_IsWritableDir@@YGHPB_W@Z
?Fio_IsWritableFile@@YGHPB_W@Z
?Fio_IsWritableFile@@YGHPB_WAAVCXStringW@@@Z
?Fio_LockCount@@YGHPB_W_N@Z
?Fio_LockFile@@YGXPB_W_N@Z
?Fio_Open@@YGPAUIXFile@@PB_WH@Z
?Fio_OpenOut@@YGPAUIXOutFile@@PB_WH@Z
?Fio_PathIsURL@@YGHPB_W@Z
?Fio_RenameFile@@YGXPB_W0@Z
?Fio_SetCurrentDirectory@@YGXPB_W@Z
?Fio_UnlockFile@@YGXPB_W_N@Z
?Fio_UrlCrack@@YGHPB_WAAVCXStringW@@111@Z
?Fio_UrlCreateDirectory@@YGXPB_W@Z
?Fio_UrlDeleteFile@@YGHPB_W@Z
?Fio_UrlGetFileInfo@@YGXPB_WPAUFioFileInfo@@@Z
?Fio_UrlIsWritableDir@@YGHPB_W@Z
?Fio_UrlIsWritableFile@@YGHPB_W@Z
?Fio_UrlOpen@@YGPAUIXFile@@PB_WH@Z
?Fio_UrlOpenOut@@YGPAUIXOutFile@@PB_WH@Z
?Fio_UrlPutFile@@YGHPB_W0@Z
?Format@CXString@@QAAXPBDZZ
?Format@CXStringW@@QAAXPB_WZZ
?FormatV@CXString@@IAGHPBDPAD@Z
?FormatV@CXStringW@@IAGHPB_WPAD@Z
?FreeExtra@CXString@@QAGXXZ
?FreeExtra@CXStringW@@QAGXXZ
?GetAllocSize@CXString@@IBGHXZ
?GetAllocSize@CXStringW@@IBGHXZ
?GetAt@CXString@@QBG_WI@Z
?GetAt@CXStringW@@QBG_WI@Z
?GetBuffer@CXString@@QAGPADH@Z
?GetBuffer@CXStringW@@QAGPA_WH@Z
?GetData@CXString@@QBGPBDI@Z
?GetData@CXStringW@@QBGPB_WI@Z
?GetFileExt@CXString@@QBGHPAD@Z
?GetFileExt@CXString@@QBGPBDXZ
?GetFileExt@CXStringW@@QBGHPA_W@Z
?GetFileExt@CXStringW@@QBGPB_WXZ
?GetFileName@CXString@@QBGHPAD@Z
?GetFileName@CXString@@QBGPBDXZ
?GetFileName@CXStringW@@QBGHPA_W@Z
?GetFileName@CXStringW@@QBGPB_WXZ
?GetFilePath@CXString@@QBGHPAD@Z
?GetFilePath@CXStringW@@QBGHPA_W@Z
?GetLength@CXString@@QBGIXZ
?GetLength@CXStringW@@QBGIXZ
?GetSize@CXString@@QBGII@Z
?GetSize@CXString@@QBGIII@Z
?GetSize@CXString@@QBGIXZ
?GetSize@CXStringW@@QBGII@Z
?GetSize@CXStringW@@QBGIII@Z
?GetSize@CXStringW@@QBGIXZ
?Get_CoreActivity@@YGXPAI0@Z
?Init@CXString@@IAGXXZ
?Init@CXStringW@@IAGXXZ
?Insert@CXString@@QAGAAV1@HPBD@Z
?Insert@CXString@@QAGAAV1@H_W@Z
?Insert@CXStringW@@QAGAAV1@HPB_W@Z
?Insert@CXStringW@@QAGAAV1@H_W@Z
?Load@CXString@@QAGHPAXI@Z
?Load@CXStringW@@QAGHPAXI@Z
?LoadStringNotTransW@@YAHPAUHINSTANCE__@@IPA_WH@Z
?Lower@CXString@@QAGXXZ
?Lower@CXStringW@@QAGXXZ
?Mem_DefaultHeap@@YGPAVIHeap@@I@Z
?Mem_SetLowMemoryNotifySink@@YGXPAVILowMemoryNotifySink@@@Z
?MessageBoxInternalA@@YAHPAXH@Z
?OemToCharA@CXString@@QAGXXZ
?OemToCharA@CXStringW@@QAGXXZ
?Param_Cmp@@YGHPAUIParam@@0@Z
?Param_CopyTo@@YGXPAUIParam@@0@Z
?Param_IniFile2Param@@YGHPB_WPAUIParam@@@Z
?Param_Param2IniFile@@YGHPAUIParam@@PB_W@Z
?Param_Param2String@@YGHPAUIParam@@AAVCXString@@@Z
?Param_String2Param@@YGHAAVCXString@@PAUIParam@@@Z
?ReallocBuffer@CXString@@IAGXI@Z
?ReallocBuffer@CXStringW@@IAGXI@Z
?ReducePathString@CXString@@QAGHH@Z
?ReducePathString@CXStringW@@QAGHH@Z
?Release@CXString@@IAGXXZ
?Release@CXStringW@@IAGXXZ
?ReleaseBuffer@CXString@@QAGXH@Z
?ReleaseBuffer@CXStringW@@QAGXH@Z
?Replace@CXString@@QAGAAV1@HHPBD@Z
?Replace@CXStringW@@QAGAAV1@HHPB_W@Z
?Supp_AddWld@@YAHPB_W@Z
?Supp_GetACP@@YAKXZ
?Supp_GetFont@@YAPAUHFONT__@@XZ
?Supp_Init@@YAHPB_W@Z
?Supp_InitResTranslation@@YAHPAUHINSTANCE__@@@Z
?Supp_IsTranslationEnable@@YAHXZ
?Supp_SetDialogFont@@YAXPAUHWND__@@@Z
?Supp_SetDialogPos@@YAXPAUHWND__@@0I@Z
?Supp_SetTranslationEnable@@YAXH@Z
?Supp_Translate@@YAHPAUHMENU__@@@Z
?Supp_Translate@@YAHPAUHWND__@@@Z
?Supp_Translate@@YAPB_WPBD@Z
?Supp_Translate@@YAPB_WPB_W0@Z
?Supp_Translate@@YAPB_WPB_W@Z
?TrimLeft@CXString@@QAGXXZ
?TrimLeft@CXStringW@@QAGXXZ
?TrimRight@CXString@@QAGXXZ
?TrimRight@CXStringW@@QAGXXZ
?Upper@CXString@@QAGXXZ
?Upper@CXStringW@@QAGXXZ
?__core_activity@@3HA
?hostMultiByteToUnicode@@YAXPBDAAVCXStringW@@@Z
?new_IXStorParam@@YGPAUIParam@@PAUIXStorage@@@Z
?new_MemParam@@YGPAUIParam@@XZ
?new_MemoryHeap@@YGPAVIHeap@@I@Z
HookProc_Install
HookProc_UnInstall
_DeInitResTranslation
_InitResTranslation
_LoadStringNotTrans
_new_IParamIniFile@4
Sections
.text Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.textidx Size: 555KB - Virtual size: 554KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
CONST Size: 512B - Virtual size: 80B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 214KB - Virtual size: 214KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 131KB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ