General

Malware Config

Signatures

Files

• GHO浏览工具.exe

  .exe windows:5 windows x86 arch:x86

  4bc81ab8bb32bcf18dfabd25a55c481f

  
  

  Code Sign

  7a:f6:bc:fb:b1:e1:56:94:0b:4f:4e:50:1f:85:7c:e3

  Certificate

  Issuer

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  12-10-2017 00:00

  Not After

  24-10-2018 23:59

  Subject

  CN=Symantec Corporation,OU=Endpoint Management Group,O=Symantec Corporation,L=Mountain View,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  10-12-2013 00:00

  Not After

  09-12-2023 23:59

  Subject

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  61:19:93:e4:00:00:00:00:00:1c

  Certificate

  Issuer

  CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  22-02-2011 19:25

  Not After

  22-02-2021 19:35

  Subject

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  7a:f6:bc:fb:b1:e1:56:94:0b:4f:4e:50:1f:85:7c:e3

  Certificate

  Issuer

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  12-10-2017 00:00

  Not After

  24-10-2018 23:59

  Subject

  CN=Symantec Corporation,OU=Endpoint Management Group,O=Symantec Corporation,L=Mountain View,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  10-12-2013 00:00

  Not After

  09-12-2023 23:59

  Subject

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  61:19:93:e4:00:00:00:00:00:1c

  Certificate

  Issuer

  CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  22-02-2011 19:25

  Not After

  22-02-2021 19:35

  Subject

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12

  Certificate

  Issuer

  CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  12-01-2016 00:00

  Not After

  11-01-2031 23:59

  Subject

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6

  Certificate

  Issuer

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  02-01-2017 00:00

  Not After

  01-04-2028 23:59

  Subject

  CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  e5:5b:c9:18:9d:d0:dd:01:74:51:4a:ae:32:d2:b6:ed:da:c3:b4:0b:2c:eb:31:5e:82:0b:d2:5b:78:9f:77:8d

  Signer

  Actual PE Digest

  e5:5b:c9:18:9d:d0:dd:01:74:51:4a:ae:32:d2:b6:ed:da:c3:b4:0b:2c:eb:31:5e:82:0b:d2:5b:78:9f:77:8d

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  c9:18:67:96:59:19:c8:83:05:85:a0:26:bd:b2:59:62:3f:40:bc:f0

  Signer

  Actual PE Digest

  c9:18:67:96:59:19:c8:83:05:85:a0:26:bd:b2:59:62:3f:40:bc:f0

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  c:\Jenkins\workspace\GIF_Release_Windows\Ghost\GSSTrunk\Ghost\explorer\vs2008\Win32\Release\enterprise\GhostExp.pdb

  Imports

  version

  VerQueryValueW

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  GetFileVersionInfoSizeA

  GetFileVersionInfoA

  VerQueryValueA

  kernel32

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  SetHandleCount

  GetFileType

  FatalAppExitA

  GetTimeZoneInformation

  CompareStringW

  EnumSystemLocalesA

  IsValidLocale

  GetStringTypeW

  GetConsoleMode

  GetLocaleInfoW

  WriteConsoleA

  WriteConsoleW

  SetStdHandle

  SetEnvironmentVariableA

  GetFullPathNameA

  GetModuleFileNameA

  GetModuleHandleA

  FormatMessageW

  ReadProcessMemory

  GetOverlappedResult

  VirtualUnlock

  SetProcessWorkingSetSize

  VirtualLock

  GetBinaryTypeA

  SetProcessAffinityMask

  GetCurrentProcess

  LoadLibraryA

  GetLocaleInfoA

  GetUserDefaultLCID

  CloseHandle

  GetLastError

  GetCurrentThread

  SetCurrentDirectoryA

  GetDiskFreeSpaceA

  GetProcAddress

  GetLongPathNameA

  WideCharToMultiByte

  FindResourceA

  SizeofResource

  LockResource

  LoadResource

  MultiByteToWideChar

  GetFileAttributesA

  lstrcpyA

  lstrlenA

  FreeLibrary

  GlobalAlloc

  lstrcmpA

  GlobalLock

  InterlockedExchange

  CompareStringA

  GetEnvironmentVariableW

  GetLocalTime

  GetThreadTimes

  GetProcessWorkingSetSize

  GetProcessTimes

  QueryPerformanceCounter

  VirtualProtectEx

  FindResourceW

  GetThreadContext

  GetFileAttributesExW

  FindNextFileW

  BackupRead

  BackupSeek

  SetFileAttributesW

  FindFirstFileW

  GetFullPathNameW

  GetVolumeInformationW

  GetDiskFreeSpaceExW

  GetDiskFreeSpaceW

  MoveFileW

  RemoveDirectoryW

  DeleteFileW

  CreateDirectoryW

  GetFileInformationByHandle

  GetDriveTypeW

  ExpandEnvironmentStringsW

  SetVolumeMountPointW

  GetVolumeNameForVolumeMountPointW

  DeleteVolumeMountPointW

  DefineDosDeviceW

  ResetEvent

  GetLogicalDrives

  GetSystemTime

  GlobalMemoryStatus

  GetProcessHeap

  HeapAlloc

  HeapFree

  DeviceIoControl

  GetWindowsDirectoryA

  GetSystemDirectoryA

  WaitForMultipleObjects

  ReleaseMutex

  CreateMutexA

  ReleaseSemaphore

  CreateSemaphoreA

  GetProfileIntA

  InterlockedCompareExchange

  EnumResourceLanguagesA

  ConvertDefaultLocale

  GetCurrentThreadId

  GlobalDeleteAtom

  SetLastError

  GlobalUnlock

  SetThreadPriority

  ResumeThread

  WaitForSingleObject

  SetEvent

  SuspendThread

  CreateEventA

  GlobalAddAtomA

  GetCurrentProcessId

  GetVersionExA

  lstrcmpW

  GlobalFindAtomA

  GlobalGetAtomNameA

  FreeResource

  GetPrivateProfileIntA

  WritePrivateProfileStringA

  GetPrivateProfileStringA

  GetTickCount

  GetModuleFileNameW

  InterlockedDecrement

  MulDiv

  lstrlenW

  LocalFree

  FormatMessageA

  GlobalSize

  CopyFileA

  GlobalFree

  MoveFileA

  DeleteFileA

  GetStringTypeExA

  GetThreadLocale

  lstrcmpiA

  ReadFile

  WriteFile

  SetFilePointer

  FlushFileBuffers

  LockFile

  UnlockFile

  SetEndOfFile

  GetFileSize

  DuplicateHandle

  FindClose

  FindFirstFileA

  GetVolumeInformationA

  GetShortPathNameA

  CreateFileA

  GetCurrentDirectoryA

  GlobalFlags

  LocalAlloc

  LeaveCriticalSection

  TlsGetValue

  EnterCriticalSection

  GlobalReAlloc

  GlobalHandle

  InitializeCriticalSection

  TlsAlloc

  TlsSetValue

  LocalReAlloc

  DeleteCriticalSection

  TlsFree

  InterlockedIncrement

  GetCPInfo

  GetOEMCP

  GetAtomNameA

  FileTimeToSystemTime

  SystemTimeToFileTime

  GetModuleHandleW

  SetErrorMode

  FileTimeToLocalFileTime

  GetFileAttributesExA

  LocalFileTimeToFileTime

  SetFileTime

  SetFileAttributesA

  GetFileSizeEx

  GetFileTime

  CreateFileW

  GetExitCodeThread

  CreateThread

  RaiseException

  IsDebuggerPresent

  Sleep

  ExitProcess

  LoadLibraryW

  DebugBreak

  GetExitCodeProcess

  CreateProcessW

  GetFileAttributesW

  GetCurrentDirectoryW

  SetUnhandledExceptionFilter

  TerminateThread

  GetLogicalDriveStringsA

  GetDriveTypeA

  FreeEnvironmentStringsA

  UnhandledExceptionFilter

  TerminateProcess

  LCMapStringW

  LCMapStringA

  SetConsoleCtrlHandler

  GetDateFormatA

  GetTimeFormatA

  VirtualProtect

  ExitThread

  GetStartupInfoA

  GetCommandLineA

  RtlUnwind

  GetSystemTimeAsFileTime

  GetACP

  GetConsoleOutputCP

  GetConsoleCP

  IsDBCSLeadByteEx

  IsValidCodePage

  GetStdHandle

  OpenProcess

  GetStringTypeA

  GetSystemInfo

  VirtualAlloc

  VirtualFree

  VirtualQuery

  GetVersionExW

  OutputDebugStringA

  SetCurrentDirectoryW

  CreateEventW

  GetBinaryTypeW

  FindResourceExA

  InitializeCriticalSectionAndSpinCount

  CreateDirectoryA

  GetTempFileNameA

  GetTempPathA

  user32

  IsChild

  GetCapture

  GetClassLongA

  GetClassNameA

  SetPropA

  GetPropA

  RemovePropA

  IsWindow

  SetFocus

  GetWindowTextLengthA

  GetForegroundWindow

  SetActiveWindow

  BeginDeferWindowPos

  WinHelpA

  GetTopWindow

  DestroyWindow

  UnhookWindowsHookEx

  GetMessageTime

  GetMessagePos

  MapWindowPoints

  IsDialogMessageA

  TrackPopupMenuEx

  RegisterWindowMessageA

  RegisterClipboardFormatA

  RemoveMenu

  InsertMenuA

  AppendMenuA

  GetMenuStringA

  FillRect

  TabbedTextOutA

  DrawTextA

  DrawTextExA

  GrayStringA

  TrackPopupMenu

  SetMenu

  ClientToScreen

  GetWindowDC

  BeginPaint

  EndPaint

  GetNextDlgTabItem

  CreateDialogIndirectParamA

  IsDlgButtonChecked

  SetDlgItemInt

  IsWindowVisible

  GetActiveWindow

  DispatchMessageA

  GetKeyState

  PeekMessageA

  GetDesktopWindow

  CharUpperA

  DeleteMenu

  SetWindowTextA

  CheckDlgButton

  GetDlgItemInt

  CheckRadioButton

  EndDeferWindowPos

  GetDlgItemTextA

  MoveWindow

  ShowWindow

  ScrollWindowEx

  TranslateMessage

  SendMessageA

  GetWindowTextA

  UpdateWindow

  MessageBoxA

  EnumWindows

  ReleaseDC

  GetClientRect

  GetDC

  DialogBoxParamA

  LoadStringA

  GetDlgItem

  SetDlgItemTextA

  SendDlgItemMessageA

  LoadIconA

  EndDialog

  SetCapture

  WindowFromPoint

  LoadCursorA

  ReleaseCapture

  WaitMessage

  GetSysColorBrush

  DestroyIcon

  TranslateAcceleratorA

  BringWindowToTop

  CreatePopupMenu

  InsertMenuItemA

  InvalidateRect

  LoadAcceleratorsA

  GetMenuBarInfo

  DestroyMenu

  LoadMenuA

  ReuseDDElParam

  UnpackDDElParam

  SetRect

  SetTimer

  KillTimer

  InflateRect

  GetMenuItemInfoA

  PostThreadMessageA

  UnregisterClassA

  GetDialogBaseUnits

  GetKeyNameTextA

  MapVirtualKeyA

  IsRectEmpty

  GetSystemMenu

  SetParent

  UnionRect

  GetDCEx

  LockWindowUpdate

  CloseClipboard

  SetClipboardData

  EmptyClipboard

  OpenClipboard

  MessageBeep

  RegisterDeviceNotificationA

  ScrollWindow

  wsprintfA

  PostQuitMessage

  PostMessageA

  EnableWindow

  CheckMenuItem

  EnableMenuItem

  GetMenuState

  ModifyMenuA

  GetParent

  GetFocus

  LoadBitmapA

  GetMenuCheckMarkDimensions

  SetMenuItemBitmaps

  GetMessageA

  ValidateRect

  SetScrollRange

  GetScrollRange

  SetScrollPos

  GetScrollPos

  SetForegroundWindow

  ShowScrollBar

  GetSubMenu

  GetMenuItemID

  GetMenuItemCount

  CreateWindowExA

  GetClassInfoExA

  GetClassInfoA

  RegisterClassA

  GetSysColor

  AdjustWindowRectEx

  ScreenToClient

  EqualRect

  DeferWindowPos

  GetScrollInfo

  SetScrollInfo

  SetWindowPlacement

  CopyRect

  GetDlgCtrlID

  DefWindowProcA

  CallWindowProcA

  PtInRect

  GetMenu

  SetWindowLongA

  SetWindowPos

  IntersectRect

  SystemParametersInfoA

  IsIconic

  GetWindowPlacement

  GetWindow

  GetWindowRect

  OffsetRect

  SetRectEmpty

  IsZoomed

  GetSystemMetrics

  GetWindowThreadProcessId

  GetWindowLongA

  GetLastActivePopup

  IsWindowEnabled

  ShowOwnedPopups

  SetCursor

  SetWindowsHookExA

  CallNextHookEx

  RedrawWindow

  SetCursorPos

  DestroyCursor

  IsClipboardFormatAvailable

  MsgWaitForMultipleObjects

  DrawIcon

  SetWindowRgn

  InSendMessage

  WindowFromDC

  CopyAcceleratorTableA

  CreateMenu

  GetTabbedTextExtentA

  SendNotifyMessageA

  GetOpenClipboardWindow

  GetClipboardOwner

  GetClipboardViewer

  GetCaretPos

  GetInputState

  GetQueueStatus

  GetProcessWindowStation

  GetCursorPos

  gdi32

  SetAbortProc

  AbortDoc

  EndDoc

  GetViewportOrgEx

  Rectangle

  CreateEllipticRgn

  LPtoDP

  Ellipse

  GetNearestColor

  EndPage

  GetPolyFillMode

  GetROP2

  GetStretchBltMode

  GetTextColor

  GetTextAlign

  GetTextFaceA

  GetTextExtentPointA

  GetWindowOrgEx

  CreateMetaFileA

  CloseMetaFile

  DeleteMetaFile

  StartPage

  GetBkMode

  StretchDIBits

  CreateFontA

  GetCharWidthA

  DPtoLP

  PatBlt

  GetMapMode

  CombineRgn

  SetRectRgn

  CreateRectRgnIndirect

  GetBkColor

  CreateCompatibleBitmap

  CreateHatchBrush

  CreateSolidBrush

  ExtCreatePen

  CreatePen

  PlayMetaFile

  EnumMetaFile

  GetObjectType

  PlayMetaFileRecord

  SelectPalette

  CreateCompatibleDC

  CreatePatternBrush

  CreateDIBPatternBrushPt

  DeleteDC

  ExtSelectClipRgn

  PolyBezierTo

  PolylineTo

  PolyDraw

  ArcTo

  GetCurrentPositionEx

  ScaleWindowExtEx

  SetWindowExtEx

  OffsetWindowOrgEx

  SetWindowOrgEx

  ScaleViewportExtEx

  SetViewportExtEx

  OffsetViewportOrgEx

  SetViewportOrgEx

  Escape

  ExtTextOutA

  TextOutA

  RectVisible

  PtVisible

  StartDocA

  GetPixel

  BitBlt

  GetWindowExtEx

  GetViewportExtEx

  SelectClipPath

  CreateRectRgn

  GetClipRgn

  SelectClipRgn

  SetColorAdjustment

  SetArcDirection

  SetMapperFlags

  SetTextCharacterExtra

  SetTextJustification

  SetTextAlign

  MoveToEx

  LineTo

  OffsetClipRgn

  IntersectClipRect

  ExcludeClipRect

  SetMapMode

  ModifyWorldTransform

  SetWorldTransform

  SetGraphicsMode

  SetStretchBltMode

  SetROP2

  SetPolyFillMode

  SetBkMode

  RestoreDC

  SaveDC

  CreateDCA

  CopyMetaFileA

  GetDeviceCaps

  SetBkColor

  SetTextColor

  GetClipBox

  GetDCOrgEx

  GetTextMetricsA

  CreateBitmap

  DeleteObject

  GetStockObject

  GetObjectA

  CreateFontIndirectA

  SelectObject

  GetTextExtentPoint32A

  comdlg32

  GetFileTitleA

  winspool.drv

  DocumentPropertiesA

  GetJobA

  ClosePrinter

  OpenPrinterA

  advapi32

  LookupPrivilegeValueA

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  CreateServiceA

  StartServiceA

  OpenSCManagerA

  OpenServiceA

  SetFileSecurityW

  GetFileSecurityW

  GetFileSecurityA

  SetFileSecurityA

  RegCloseKey

  RegQueryValueExA

  RegOpenKeyExA

  FreeSid

  EqualSid

  AllocateAndInitializeSid

  GetTokenInformation

  OpenProcessToken

  OpenThreadToken

  RegDeleteKeyA

  RegEnumKeyA

  RegOpenKeyA

  RegQueryValueA

  RegCreateKeyExA

  RegSetValueExA

  RegDeleteValueA

  RegSetValueA

  RegCreateKeyA

  RegOpenKeyExW

  RegSetValueExW

  RegCreateKeyExW

  RegQueryValueExW

  RegQueryInfoKeyW

  RegDeleteKeyW

  RegDeleteValueW

  RegisterServiceCtrlHandlerW

  StartServiceCtrlDispatcherW

  QueryServiceConfigW

  ControlService

  RegNotifyChangeKeyValue

  SetServiceStatus

  QueryServiceStatus

  StartServiceW

  SetNamedSecurityInfoW

  OpenServiceW

  OpenSCManagerW

  DeleteService

  CloseServiceHandle

  CreateServiceW

  shell32

  SHGetPathFromIDListW

  SHBrowseForFolderW

  SHGetFolderLocation

  ShellExecuteA

  FindExecutableA

  SHGetFileInfoA

  ExtractIconA

  DragFinish

  ShellExecuteExA

  DragQueryFileA

  comctl32

  InitCommonControlsEx

  shlwapi

  PathRemoveFileSpecW

  PathFindFileNameA

  PathRemoveExtensionA

  PathFindExtensionA

  PathIsUNCA

  PathAddBackslashA

  PathStripToRootA

  ole32

  StgCreateDocfile

  StgOpenStorage

  StgIsStorageFile

  CreateOleAdviseHolder

  CoGetMalloc

  OleSetMenuDescriptor

  OleQueryCreateFromData

  OleQueryLinkFromData

  CoInitialize

  CreateFileMoniker

  CreateDataAdviseHolder

  OleIsRunning

  StringFromGUID2

  CoRegisterMessageFilter

  OleFlushClipboard

  OleIsCurrentClipboard

  OleSetClipboard

  CoRevokeClassObject

  CoRegisterClassObject

  CoGetClassObject

  CoDisconnectObject

  CoInitializeEx

  CoCreateInstance

  CoSetProxyBlanket

  CoUninitialize

  OleDuplicateData

  CoTaskMemAlloc

  ReleaseStgMedium

  CreateBindCtx

  CoTreatAsClass

  StringFromCLSID

  ReadClassStg

  ReadFmtUserTypeStg

  OleRegGetUserType

  WriteClassStg

  WriteFmtUserTypeStg

  SetConvertStg

  OleInitialize

  CoFreeUnusedLibraries

  OleUninitialize

  CoTaskMemFree

  CreateGenericComposite

  CreateItemMoniker

  OleGetIconOfClass

  OleCreateLinkToFile

  OleCreateFromFile

  OleSetContainedObject

  GetHGlobalFromILockBytes

  StgOpenStorageOnILockBytes

  OleLoad

  OleCreate

  OleCreateStaticFromData

  OleCreateLinkFromData

  OleCreateFromData

  OleLockRunning

  OleSaveToStream

  WriteClassStm

  OleSave

  CreateILockBytesOnHGlobal

  StgCreateDocfileOnILockBytes

  OleDestroyMenuDescriptor

  OleCreateMenuDescriptor

  IsAccelerator

  OleTranslateAccelerator

  OleRegGetMiscStatus

  OleRegEnumVerbs

  OleGetClipboard

  DoDragDrop

  RevokeDragDrop

  CoLockObjectExternal

  RegisterDragDrop

  CLSIDFromString

  OleRun

  CLSIDFromProgID

  CreateStreamOnHGlobal

  GetRunningObjectTable

  oleaut32

  LoadTypeLi

  RegisterTypeLi

  VarBstrFromDate

  VarCyFromStr

  VarDecFromStr

  VarBstrFromDec

  VarBstrFromCy

  VarDateFromStr

  SysReAllocStringLen

  SystemTimeToVariantTime

  VariantTimeToSystemTime

  SafeArrayDestroyDescriptor

  SafeArrayDestroyData

  SafeArrayDestroy

  SafeArrayUnlock

  SafeArrayLock

  SafeArrayPutElement

  SafeArrayPtrOfIndex

  SafeArrayGetElement

  SafeArrayCopy

  SafeArrayAllocDescriptor

  LoadRegTypeLi

  VariantCopy

  SafeArrayRedim

  SafeArrayCreate

  SafeArrayGetDim

  SafeArrayGetElemsize

  SafeArrayGetLBound

  SafeArrayGetUBound

  SafeArrayAccessData

  SafeArrayUnaccessData

  SysStringByteLen

  SysAllocStringByteLen

  SysFreeString

  SysStringLen

  SysAllocStringLen

  VariantInit

  VariantChangeType

  VariantClear

  GetErrorInfo

  SetErrorInfo

  CreateErrorInfo

  SysAllocString

  SafeArrayAllocData

  dbghelp

  MiniDumpWriteDump

  SymGetTypeInfo

  StackWalk

  SymEnumSymbols

  SymSetContext

  SymFunctionTableAccess

  SymGetModuleBase

  SymSetOptions

  SymLoadModule

  SymGetLineFromAddr

  SymCleanup

  SymInitialize

  SymFromAddr

  SymGetModuleInfo

  imagehlp

  ImageGetCertificateHeader

  ImageRemoveCertificate

  rpcrt4

  UuidCreate

  secur32

  DeleteSecurityContext

  FreeCredentialsHandle

  QueryContextAttributesA

  AcquireCredentialsHandleA

  InitializeSecurityContextW

  CompleteAuthToken

  DecryptMessage

  EncryptMessage

  ws2_32

  recv

  ioctlsocket

  closesocket

  ntohl

  send

  htons

  connect

  bind

  setsockopt

  shutdown

  WSAStartup

  WSACleanup

  htonl

  getprotobyname

  WSAIoctl

  WSAEnumNetworkEvents

  ntohs

  getservbyport

  getservbyname

  gethostname

  inet_addr

  gethostbyname

  recvfrom

  sendto

  WSAGetLastError

  WSASocketA

  accept

  WSAEventSelect

  listen

  socket

  netapi32

  Netbios

  Sections

  .text

  Size: 2.6MB - Virtual size: 2.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 565KB - Virtual size: 564KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 68KB - Virtual size: 146KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .mixcrt

  Size: 512B - Virtual size: 1B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 230KB - Virtual size: 230KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ