modiloader | Malware[.]zip

Resubmissions

10-05-2024 17:13

240510-vrrk4sgd7t 10

10-05-2024 17:09

240510-vphv7abd29 10

Sharing

Copy URL

Twitter E-mail

General

Target

Malware.zip
Size

29.6MB
MD5

a183e3b120b7ca0a5db957a18a8c8845
SHA1

4936d61e6925e48b4f9d9db46183ecc4959a5758
SHA256

64c665b2dbdaca4a20aaef96d625091757008c88b49d71070e4eefcd45d986d8
SHA512

3db1ca29268109dd43dae4f5d8e75ae537f5408fc9cf1dc2192eeaf251e5f970d7649cbcbecfac4a9533292164d14965424617a559960280ed0b78ade57ff240
SSDEEP

786432:Xxn+oCm/Da8WA3C5BENmtAWzdVTkqGY8NEXcJap4DFZEwnT:XxH/W8WAS5BENmtZ1kqGYi8pwTnT

Score

10^/10

upx stealer system 305419896 modiloader xworm revengerat cobaltstrike zeppelin

Malware Config

Extracted

Family

xworm

Attributes

Install_directory
%AppData%
install_file
XClient.exe
pastebin_url
https://pastebin.com/raw/2jTT3Lnj

Extracted

Family

revengerat

Botnet

system

yj233.e1.luyouxia.net:20645

Mutex

RV_MUTEX-GeVqDyMpzZJHO

Extracted

Family

cobaltstrike

Botnet

305419896

http://47.91.237.42:8443/__utm.gif

Attributes

access_type
512
beacon_type
2048
host
47.91.237.42,/__utm.gif
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
polling_time
60000
port_number
8443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS7zRQv7EhhTkbgDrCNBsNay7lzQFmcC/GWwjOq93nKwPSszjIKgtW8nwhtoRhr6MFZx4DSYFdeuJDrtJNcTZz2C/LgZzhSQJmhiEqCkVqPPCfK1C6S4PzDrzy9L794rPLOuoewlGAXgiH5/Ae2aC5k2wedRNfes3DJZDDCaJJYwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0)
watermark
305419896

Signatures

Cobaltstrike family
cobaltstrike

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/High Priority/XClient.exe	family_xworm

Detects Zeppelin payload 1 IoCs

resource	yara_rule
static1/unpack001/default.exe	family_zeppelin

ModiLoader Second Stage 1 IoCs

resource	yara_rule
static1/unpack001/High Priority/)}ì~)J0ø‰º!Ã²@x&ÚâØaßHÍôõ.exe	modiloader_stage2

Modiloader family
modiloader

RevengeRat Executable 1 IoCs

stealer

resource	yara_rule
static1/unpack001/High Priority/file.exe	revengerat

Revengerat family
revengerat
Xworm family
xworm
Zeppelin family
zeppelin

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/High Priority/5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe	upx
static1/unpack001/High Priority/good.exe	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/High Priority/temp5.exe	autoit_exe

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack001/High Priority/)}ì~)J0ø‰º!Ã²@x&ÚâØaßHÍôõ.exe
unpack001/High Priority/2019-09-02_22-41-10.exe
unpack001/High Priority/31.exe
unpack001/High Priority/5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe
unpack001/High Priority/Client-2.exe
unpack001/High Priority/ComparevalidatorIgamerefreshable.exe
unpack001/High Priority/XClient.exe
unpack001/High Priority/criticalupdate01.exe
unpack001/High Priority/file.exe
unpack001/High Priority/good.exe
unpack003/out.upx
unpack001/High Priority/temp5.exe
unpack001/cobaltstrike_shellcode.exe
unpack001/default.exe
unpack001/mouse_2.exe
unpack001/oof.exe

Files

Malware.zip
.zip
High Priority/)}ì~)J0ø‰º!Ã²@x&ÚâØaßHÍôõ.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
High Priority/2019-09-02_22-41-10.exe
.exe windows:5 windows x86 arch:x86

0b940f4d2992021389a241ab8513fc6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\huzufawapijoh_fabujavonud39_mihugimosomofexepag-vatipado.pdb

Imports

kernel32

DuplicateHandle
lstrcatA
ExitThread
GetModuleHandleA
GetLastError
CloseHandle
LocalAlloc
GetProcAddress
WTSGetActiveConsoleSessionId
GlobalFix
GetTickCount
GetCurrencyFormatA
LocalShrink
lstrlenA
PeekConsoleInputW
GetHandleInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
EncodePointer
RaiseException
SetLastError
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
LCMapStringW
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
GetStringTypeW
ReadConsoleW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
DecodePointer
CreateFileW
WriteConsoleW
HeapSize
HeapReAlloc
SetEndOfFile

advapi32

CreateProcessAsUserA
AdjustTokenPrivileges

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
High Priority/31.exe
.exe windows:4 windows x86 arch:x86

5877688b4859ffd051f6be3b8e0cd533

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
free
_wcsicmp
wcslen
wcscpy
wcscmp
memcpy
tolower
wcscat
malloc

kernel32

GetModuleHandleW
HeapCreate
GetStdHandle
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
GetExitCodeProcess
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetNativeSystemInfo
GetShortPathNameW
GetWindowsDirectoryW
GetSystemDirectoryW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
Sleep
GetProcAddress
GetVersionExW
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject

user32

CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
DestroyWindow
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
EnableWindow
GetSystemMetrics
CreateWindowExW
SetWindowLongW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos

gdi32

GetStockObject

comctl32

InitCommonControlsEx

shell32

ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW

winmm

timeBeginPeriod

ole32

CoInitialize
CoTaskMemFree

shlwapi

PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW

Sections

.code
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12.4MB - Virtual size: 12.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
High Priority/5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 296KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
High Priority/Client-2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
High Priority/ComparevalidatorIgamerefreshable.exe
.exe windows:5 windows x86 arch:x86

3c977911c8eee24abac5edc906e5e72c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsW
LoadLibraryW
GetStringTypeW
HeapCreate
HeapSize
SetHandleCount
FlushFileBuffers
GetConsoleCP
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
IsProcessorFeaturePresent
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetEnvironmentStringsW
TlsFree
GetCurrentProcessId
TlsGetValue
TlsAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
VirtualProtect
GetModuleFileNameW
GetStdHandle
WriteConsoleW
HeapReAlloc
HeapFree
HeapAlloc
EncodePointer
DecodePointer
RtlUnwind
SetStdHandle
LocalFree
SetLastError
QueryPerformanceCounter
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
TlsSetValue
CreateFileW
GetCommState
SetErrorMode
GetLogicalDrives
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetComputerNameExW
GetConsoleMode
CreateEventA
WaitForSingleObject
IsDBCSLeadByte
lstrcmpiA
LoadLibraryExA
lstrlenA
lstrlenW
InitializeCriticalSectionAndSpinCount
RaiseException
FreeLibrary
WriteFile
SetFileTime
CreateDirectoryA
DosDateTimeToFileTime
SystemTimeToFileTime
GetCurrentProcess
DuplicateHandle
GetFileType
SetFilePointer
ExitProcess
GetCurrentDirectoryA
GetModuleFileNameA
FindResourceA
LoadResource
FreeResource
SizeofResource
LockResource
GetLastError
GetModuleHandleA
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
CreateFileA
GetFileSize
CloseHandle
ReadFile
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
GetProcAddress
GetACP
MultiByteToWideChar
MulDiv
GetTickCount
GetLocalTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetVersionExA
InitializeCriticalSection
Sleep
GetCurrentThreadId

user32

MessageBoxA
SetWindowRgn
wvsprintfA
OffsetRect
SystemParametersInfoA
CharPrevA
DrawTextA
UnionRect
GetActiveWindow
GetUpdateRect
IsWindowVisible
SetRect
MessageBoxW
GetDlgItem
CheckMenuRadioItem
GetDCEx
IsZoomed
GetWindowRect
UpdateWindow
MoveWindow
DestroyWindow
ReleaseDC
GetDC
ReleaseCapture
SetCapture
FillRect
LockWindowUpdate
SetClassLongA
GetClassLongA
AttachThreadInput
CopyImage
SetScrollPos
AppendMenuW
TrackPopupMenu
InvalidateRect
InvalidateRgn
DefWindowProcA
GetMenuCheckMarkDimensions
GetClientRect
SetTimer
EndPaint
BeginPaint
PtInRect
ScreenToClient
ClientToScreen
GetGUIThreadInfo
ShowWindow
SetFocus
SetCursor
LoadCursorA
CharNextA
IntersectRect
GetParent
GetMonitorInfoA
MonitorFromWindow
MapWindowPoints
GetFocus
GetCursorPos
SendMessageA
SetWindowPos
IsRectEmpty
GetWindowTextLengthA
EnableWindow
SetWindowTextA
GetCaretPos
GetCaretBlinkTime
GetWindowTextA
CreateCaret
HideCaret
ShowCaret
SetCaretPos
GetSysColor
GetKeyState
GetWindowLongA
KillTimer
PostMessageA
SetPropA
GetPropA
CallWindowProcA
GetClassInfoExA
CreateWindowExA
SetWindowLongA
IsWindow
DispatchMessageA
TranslateMessage
GetMessageA
DialogBoxIndirectParamA
EnableMenuItem
GetSystemMenu
CreateAcceleratorTableA
RegisterClassExA
RegisterClassA
GetWindow
IsIconic

gdi32

GetStockObject
CreateFontIndirectA
GetObjectA
SetBkMode
SetTextColor
CreatePatternBrush
CreateSolidBrush
DeleteObject
GetDeviceCaps
RoundRect
TextOutA
CreatePen
GetCharABCWidthsA
ExtSelectClipRgn
GdiFlush
CreateFontA
Escape
ExtEscape
EnumObjects
CreateDCA
SetDCPenColor
DeleteDC
SetWindowOrgEx
Rectangle
RestoreDC
BitBlt
SaveDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetTextMetricsA
SelectClipRgn
CombineRgn
CreateRectRgnIndirect
GetClipBox
CreateRoundRectRgn
StretchBlt
SetStretchBltMode
ExtTextOutA
SetBkColor
LineTo
MoveToEx
GetTextExtentPoint32A
CreateDIBSection
CreatePenIndirect

comdlg32

GetOpenFileNameA

advapi32

MakeAbsoluteSD2
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
IsValidSecurityDescriptor
LookupPrivilegeValueW
LsaAddAccountRights
LookupPrivilegeNameA
RegSetValueExA
RegQueryInfoKeyW
RegDeleteValueA

shell32

ShellExecuteA

ole32

OleLockRunning
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
OleUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
CLSIDFromProgID

oleaut32

BSTR_UserSize
VarUI4FromStr
SysAllocStringLen
VariantInit
VariantClear
SysFreeString
SysAllocString

gdiplus

GdipGetImageWidth
GdipGetImageHeight
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipGetFamily
GdipCreateFontFromDC
GdipCloneBrush
GdipSetTextRenderingHint
GdipCreateStringFormat
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipDrawString
GdipGraphicsClear
GdipDrawImage
GdipDeleteFontFamily
GdipDeleteBrush
GdipDeleteStringFormat
GdipDeleteFont
GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipFree
GdipAlloc
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCreateFromHDC
GdipDrawImageRectI
GdipImageSelectActiveFrame
GdipDeleteGraphics
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipCreateFontFromLogfontA

imm32

ImmSetCompositionFontA
ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

comctl32

_TrackMouseEvent
ord17

winmm

mmioWrite
mmioCreateChunk
mmioOpenW
mmioAscend

urlmon

CreateAsyncBindCtx

msacm32

acmDriverOpen

netapi32

NetWkstaUserGetInfo

iphlpapi

GetIpNetTable

avifil32

AVIMakeCompressedStream

wsnmp32

ord501

d2d1

ord1

dwrite

DWriteCreateFactory

Sections

.text
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
High Priority/OnlineInstaller.exe
.exe windows:5 windows x86 arch:x86

5bd730b74335de2d8c76ffbc12562b9c

Code Sign

4b:09:b3:90:25:06:78:23:32:99:e9:10:70:86:52:e0
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

14-05-2015 06:20

Not After

14-05-2016 06:51

Subject

CN=Shanghai Talkus Information Co.LTD.,O=Shanghai Talkus Information Co.LTD.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09-07-1999 18:31

Not After

09-07-2019 18:40

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bd:97:4f:10:ca:6a:09:15:96:cd:31:82:d7:81:68:8f:5d:52:1f:5d
Signer

Actual PE Digest

bd:97:4f:10:ca:6a:09:15:96:cd:31:82:d7:81:68:8f:5d:52:1f:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\john\Desktop\PRC20180304\Release\InstallerDrvMini.pdb

Imports

kernel32

CreateEventW
SetEvent
SetFilePointer
GetTempPathW
CopyFileW
GetCommandLineW
GetSystemInfo
CreateThread
FlushFileBuffers
GetModuleFileNameW
SizeofResource
LoadLibraryW
GetSystemDirectoryW
GetModuleHandleW
WaitForSingleObject
LockResource
CreateDirectoryW
GetCurrentProcess
CreateProcessW
LoadResource
FreeLibrary
FindResourceW
GetNativeSystemInfo
GetFullPathNameW
GetSystemDefaultLangID
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
HeapFree
HeapAlloc
LoadLibraryA
GetProcAddress
SystemTimeToFileTime
CloseHandle
DeleteCriticalSection
DecodePointer
GetLastError
RaiseException
CreateFileW
ReadFile
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LoadLibraryExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetOEMCP
IsValidCodePage
GetCurrentThreadId
HeapSize
GetStdHandle
GetModuleHandleExW
LCMapStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
InitializeCriticalSectionAndSpinCount
WriteFile
GetTickCount
GetFileSize
SetCurrentDirectoryW
GetCurrentDirectoryW
GetACP
FreeResource
ExitProcess
MulDiv
GetFileType
SetFileTime
DuplicateHandle
DosDateTimeToFileTime
GetLocalTime
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GlobalLock
GlobalUnlock
EncodePointer
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
IsDebuggerPresent
OutputDebugStringW
IsProcessorFeaturePresent
RtlUnwind
HeapReAlloc
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TerminateProcess

user32

PostQuitMessage
GetActiveWindow
GetSystemMetrics
MessageBoxW
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetWindowRgn
MoveWindow
GetSysColor
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
SetRect
wsprintfW
GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsWindow
ShowWindow
SetWindowPos
IsIconic
SetFocus
EnableWindow
GetMenu
SetPropW
GetPropW
GetClientRect
GetWindowRect
AdjustWindowRectEx
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
LoadCursorW
LoadImageW
MonitorFromWindow
GetMonitorInfoW
DestroyWindow
IsWindowVisible
CharNextW
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetCursorPos
ScreenToClient
MapWindowPoints
IntersectRect
UnionRect
IsRectEmpty
PtInRect
wvsprintfW
SetCursor
InflateRect
OffsetRect
IsZoomed
SetWindowRgn
CharPrevW
DrawTextW
FillRect

advapi32

RegOpenKeyExA
LookupPrivilegeValueW
RegQueryInfoKeyW
RegQueryValueExW
OpenSCManagerW
OpenProcessToken
CloseServiceHandle
CreateServiceW
RegOpenKeyExW
RegEnumKeyExW
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
RegOpenKeyW
StartServiceW

ole32

CLSIDFromProgID
OleLockRunning
CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CLSIDFromString
CoCreateGuid

iphlpapi

GetAdaptersInfo

wininet

HttpQueryInfoA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle

gdiplus

GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipCreateLineBrushI
GdipDeleteBrush
GdipDrawString
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipGetFamily
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteFontFamily
GdipDrawImageRectI
GdipDrawImage
GdipGraphicsClear
GdipCreateBitmapFromScan0
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipDeleteGraphics
GdipCreateFromHDC
GdipCloneBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount

imagehlp

CheckSumMappedFile

comctl32

_TrackMouseEvent
ord17

imm32

ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmGetContext

gdi32

SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
LineTo
TextOutW
ExtTextOutW
GdiFlush
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
ExtSelectClipRgn
CreateRoundRectRgn
SelectClipRgn
GetObjectW
GetTextMetricsW
SelectObject
SaveDC
RestoreDC
Rectangle
GetStockObject
CreatePatternBrush
PtInRegion
CreateRectRgn
GetObjectA
GetDeviceCaps
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetWindowOrgEx
RoundRect
MoveToEx

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

Exports

Exports

??0CActiveXUI@DuiLib@@QAE@ABV01@@Z
??0CActiveXUI@DuiLib@@QAE@XZ
??0CButtonUI@DuiLib@@QAE@ABV01@@Z
??0CButtonUI@DuiLib@@QAE@XZ
??0CCheckBoxUI@DuiLib@@QAE@ABV01@@Z
??0CCheckBoxUI@DuiLib@@QAE@XZ
??0CChildLayoutUI@DuiLib@@QAE@ABV01@@Z
??0CChildLayoutUI@DuiLib@@QAE@XZ
??0CComboUI@DuiLib@@QAE@ABV01@@Z
??0CComboUI@DuiLib@@QAE@XZ
??0CContainerUI@DuiLib@@QAE@ABV01@@Z
??0CContainerUI@DuiLib@@QAE@XZ
??0CControlUI@DuiLib@@QAE@ABV01@@Z
??0CControlUI@DuiLib@@QAE@XZ
??0CDateTimeUI@DuiLib@@QAE@ABV01@@Z
??0CDateTimeUI@DuiLib@@QAE@XZ
??0CDelegateBase@DuiLib@@QAE@ABV01@@Z
??0CDelegateBase@DuiLib@@QAE@PAX0@Z
??0CDialogBuilder@DuiLib@@QAE@XZ
??0CDuiPoint@DuiLib@@QAE@ABUtagPOINT@@@Z
??0CDuiPoint@DuiLib@@QAE@J@Z
??0CDuiPoint@DuiLib@@QAE@JJ@Z
??0CDuiPoint@DuiLib@@QAE@PB_W@Z
??0CDuiPoint@DuiLib@@QAE@XZ
??0CDuiPtrArray@DuiLib@@QAE@ABV01@@Z
??0CDuiPtrArray@DuiLib@@QAE@H@Z
??0CDuiRect@DuiLib@@QAE@ABUtagRECT@@@Z
??0CDuiRect@DuiLib@@QAE@JJJJ@Z
??0CDuiRect@DuiLib@@QAE@PB_W@Z
??0CDuiRect@DuiLib@@QAE@XZ
??0CDuiSize@DuiLib@@QAE@ABUtagSIZE@@@Z
??0CDuiSize@DuiLib@@QAE@JJ@Z
??0CDuiSize@DuiLib@@QAE@PB_W@Z
??0CDuiSize@DuiLib@@QAE@UtagRECT@@@Z
??0CDuiSize@DuiLib@@QAE@XZ
??0CDuiString@DuiLib@@QAE@ABV01@@Z
??0CDuiString@DuiLib@@QAE@PB_WH@Z
??0CDuiString@DuiLib@@QAE@XZ
??0CDuiString@DuiLib@@QAE@_W@Z
??0CDuiStringPtrMap@DuiLib@@QAE@H@Z
??0CDuiValArray@DuiLib@@QAE@HH@Z
??0CEditUI@DuiLib@@QAE@ABV01@@Z
??0CEditUI@DuiLib@@QAE@XZ
??0CEventSource@DuiLib@@QAE@ABV01@@Z
??0CEventSource@DuiLib@@QAE@XZ
??0CGifAnimUI@DuiLib@@QAE@ABV01@@Z
??0CGifAnimUI@DuiLib@@QAE@XZ
??0CHorizontalLayoutUI@DuiLib@@QAE@ABV01@@Z
??0CHorizontalLayoutUI@DuiLib@@QAE@XZ
??0CHyperLinkUI@DuiLib@@QAE@ABV01@@Z
??0CHyperLinkUI@DuiLib@@QAE@XZ
??0CLabelUI@DuiLib@@QAE@ABV01@@Z
??0CLabelUI@DuiLib@@QAE@XZ
??0CListContainerElementUI@DuiLib@@QAE@ABV01@@Z
??0CListContainerElementUI@DuiLib@@QAE@XZ
??0CListElementUI@DuiLib@@QAE@ABV01@@Z
??0CListElementUI@DuiLib@@QAE@XZ
??0CListHBoxElementUI@DuiLib@@QAE@ABV01@@Z
??0CListHBoxElementUI@DuiLib@@QAE@XZ
??0CListHeaderItemUI@DuiLib@@QAE@ABV01@@Z
??0CListHeaderItemUI@DuiLib@@QAE@XZ
??0CListHeaderUI@DuiLib@@QAE@ABV01@@Z
??0CListHeaderUI@DuiLib@@QAE@XZ
??0CListLabelElementUI@DuiLib@@QAE@ABV01@@Z
??0CListLabelElementUI@DuiLib@@QAE@XZ
??0CListTextElementUI@DuiLib@@QAE@ABV01@@Z
??0CListTextElementUI@DuiLib@@QAE@XZ
??0CListUI@DuiLib@@QAE@ABV01@@Z
??0CListUI@DuiLib@@QAE@XZ
??0CMarkup@DuiLib@@QAE@PB_W@Z
??0CMarkupNode@DuiLib@@AAE@PAVCMarkup@1@H@Z
??0CMarkupNode@DuiLib@@AAE@XZ
??0CNotifyPump@DuiLib@@QAE@ABV01@@Z
??0CNotifyPump@DuiLib@@QAE@XZ
??0COptionUI@DuiLib@@QAE@ABV01@@Z
??0COptionUI@DuiLib@@QAE@XZ
??0CPaintManagerUI@DuiLib@@QAE@ABV01@@Z
??0CPaintManagerUI@DuiLib@@QAE@XZ
??0CProgressUI@DuiLib@@QAE@ABV01@@Z
??0CProgressUI@DuiLib@@QAE@XZ
??0CRichEditUI@DuiLib@@QAE@ABV01@@Z
??0CRichEditUI@DuiLib@@QAE@XZ
??0CScrollBarUI@DuiLib@@QAE@ABV01@@Z
??0CScrollBarUI@DuiLib@@QAE@XZ
??0CSliderUI@DuiLib@@QAE@ABV01@@Z
??0CSliderUI@DuiLib@@QAE@XZ
??0CTabLayoutUI@DuiLib@@QAE@ABV01@@Z
??0CTabLayoutUI@DuiLib@@QAE@XZ
??0CTextUI@DuiLib@@QAE@ABV01@@Z
??0CTextUI@DuiLib@@QAE@XZ
??0CTileLayoutUI@DuiLib@@QAE@ABV01@@Z
??0CTileLayoutUI@DuiLib@@QAE@XZ
??0CTreeNodeUI@DuiLib@@QAE@ABV01@@Z
??0CTreeNodeUI@DuiLib@@QAE@PAV01@@Z
??0CTreeViewUI@DuiLib@@QAE@ABV01@@Z
??0CTreeViewUI@DuiLib@@QAE@XZ
??0CVerticalLayoutUI@DuiLib@@QAE@ABV01@@Z
??0CVerticalLayoutUI@DuiLib@@QAE@XZ
??0CWaitCursor@DuiLib@@QAE@XZ
??0CWebBrowserUI@DuiLib@@QAE@ABV01@@Z
??0CWebBrowserUI@DuiLib@@QAE@XZ
??0CWindowWnd@DuiLib@@QAE@ABV01@@Z
??0CWindowWnd@DuiLib@@QAE@XZ
??0CWndShadow@@QAE@ABV0@@Z
??0CWndShadow@@QAE@XZ
??0IMessageFilterUI@DuiLib@@QAE@ABV01@@Z
??0IMessageFilterUI@DuiLib@@QAE@XZ
??0INotifyUI@DuiLib@@QAE@ABV01@@Z
??0INotifyUI@DuiLib@@QAE@XZ
??0ITranslateAccelerator@DuiLib@@QAE@ABV01@@Z
??0ITranslateAccelerator@DuiLib@@QAE@XZ
??0STRINGorID@DuiLib@@QAE@I@Z
??0STRINGorID@DuiLib@@QAE@PB_W@Z
??0WindowImplBase@DuiLib@@QAE@ABV01@@Z
??0WindowImplBase@DuiLib@@QAE@XZ
??0tagTDrawInfo@DuiLib@@QAE@ABU01@@Z
??0tagTDrawInfo@DuiLib@@QAE@PB_W@Z
??0tagTDrawInfo@DuiLib@@QAE@XZ
??0tagTFontInfo@DuiLib@@QAE@ABU01@@Z
??0tagTFontInfo@DuiLib@@QAE@XZ
??0tagTImageInfo@DuiLib@@QAE@ABU01@@Z
??0tagTImageInfo@DuiLib@@QAE@XZ
??0tagTResInfo@DuiLib@@QAE@ABU01@@Z
??0tagTResInfo@DuiLib@@QAE@XZ
??1CActiveXUI@DuiLib@@UAE@XZ
??1CButtonUI@DuiLib@@UAE@XZ
??1CCheckBoxUI@DuiLib@@UAE@XZ
??1CChildLayoutUI@DuiLib@@UAE@XZ
??1CComboUI@DuiLib@@UAE@XZ
??1CContainerUI@DuiLib@@UAE@XZ
??1CControlUI@DuiLib@@MAE@XZ
??1CDateTimeUI@DuiLib@@UAE@XZ
??1CDelegateBase@DuiLib@@UAE@XZ
??1CDialogBuilder@DuiLib@@QAE@XZ
??1CDuiPtrArray@DuiLib@@QAE@XZ
??1CDuiString@DuiLib@@QAE@XZ
??1CDuiStringPtrMap@DuiLib@@QAE@XZ
??1CDuiValArray@DuiLib@@QAE@XZ
??1CEditUI@DuiLib@@UAE@XZ
??1CEventSource@DuiLib@@QAE@XZ
??1CGifAnimUI@DuiLib@@UAE@XZ
??1CHorizontalLayoutUI@DuiLib@@UAE@XZ
??1CHyperLinkUI@DuiLib@@UAE@XZ
??1CLabelUI@DuiLib@@UAE@XZ
??1CListContainerElementUI@DuiLib@@UAE@XZ
??1CListElementUI@DuiLib@@UAE@XZ
??1CListHBoxElementUI@DuiLib@@UAE@XZ
??1CListHeaderItemUI@DuiLib@@UAE@XZ
??1CListHeaderUI@DuiLib@@UAE@XZ
??1CListLabelElementUI@DuiLib@@UAE@XZ
??1CListTextElementUI@DuiLib@@UAE@XZ
??1CListUI@DuiLib@@UAE@XZ
??1CMarkup@DuiLib@@QAE@XZ
??1CNotifyPump@DuiLib@@QAE@XZ
??1COptionUI@DuiLib@@UAE@XZ
??1CPaintManagerUI@DuiLib@@QAE@XZ
??1CProgressUI@DuiLib@@UAE@XZ
??1CRenderClip@DuiLib@@QAE@XZ
??1CRichEditUI@DuiLib@@UAE@XZ
??1CScrollBarUI@DuiLib@@UAE@XZ
??1CSliderUI@DuiLib@@UAE@XZ
??1CTabLayoutUI@DuiLib@@UAE@XZ
??1CTextUI@DuiLib@@UAE@XZ
??1CTileLayoutUI@DuiLib@@UAE@XZ
??1CTreeNodeUI@DuiLib@@UAE@XZ
??1CTreeViewUI@DuiLib@@UAE@XZ
??1CVerticalLayoutUI@DuiLib@@UAE@XZ
??1CWaitCursor@DuiLib@@QAE@XZ
??1CWebBrowserUI@DuiLib@@UAE@XZ
??1CWndShadow@@UAE@XZ
??1WindowImplBase@DuiLib@@UAE@XZ
??1tagTDrawInfo@DuiLib@@QAE@XZ
??1tagTFontInfo@DuiLib@@QAE@XZ
??1tagTImageInfo@DuiLib@@QAE@XZ
??1tagTResInfo@DuiLib@@QAE@XZ
??4CActiveXUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CButtonUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CCheckBoxUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CChildLayoutUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CComboUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CContainerUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CControlUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CDateTimeUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CDelegateBase@DuiLib@@QAEAAV01@ABV01@@Z
??4CDialogBuilder@DuiLib@@QAEAAV01@ABV01@@Z
??4CDuiPoint@DuiLib@@QAEAAV01@ABV01@@Z
??4CDuiPtrArray@DuiLib@@QAEAAV01@ABV01@@Z
??4CDuiRect@DuiLib@@QAEAAV01@ABV01@@Z
??4CDuiSize@DuiLib@@QAEAAV01@ABV01@@Z
??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z
??4CDuiString@DuiLib@@QAEABV01@PBD@Z
??4CDuiString@DuiLib@@QAEABV01@PB_W@Z
??4CDuiString@DuiLib@@QAEABV01@_W@Z
??4CDuiStringPtrMap@DuiLib@@QAEAAV01@ABV01@@Z
??4CDuiValArray@DuiLib@@QAEAAV01@ABV01@@Z
??4CEditUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CEventSource@DuiLib@@QAEAAV01@ABV01@@Z
??4CGifAnimUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CHorizontalLayoutUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CHyperLinkUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CLabelUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListContainerElementUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListElementUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListHBoxElementUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListHeaderItemUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListHeaderUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListLabelElementUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListTextElementUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CMarkup@DuiLib@@QAEAAV01@ABV01@@Z
??4CMarkupNode@DuiLib@@QAEAAV01@ABV01@@Z
??4CNotifyPump@DuiLib@@QAEAAV01@ABV01@@Z
??4COptionUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CPaintManagerUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CProgressUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CRenderClip@DuiLib@@QAEAAV01@ABV01@@Z
??4CRenderEngine@DuiLib@@QAEAAV01@ABV01@@Z
??4CRichEditUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CScrollBarUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CSliderUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CTabLayoutUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CTextUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CTileLayoutUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CTreeNodeUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CTreeViewUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CVerticalLayoutUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CWaitCursor@DuiLib@@QAEAAV01@ABV01@@Z
??4CWebBrowserUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CWindowWnd@DuiLib@@QAEAAV01@ABV01@@Z
??4CWndShadow@@QAEAAV0@ABV0@@Z
??4IMessageFilterUI@DuiLib@@QAEAAV01@ABV01@@Z
??4INotifyUI@DuiLib@@QAEAAV01@ABV01@@Z
??4ITranslateAccelerator@DuiLib@@QAEAAV01@ABV01@@Z
??4STRINGorID@DuiLib@@QAEAAV01@ABV01@@Z
??4WindowImplBase@DuiLib@@QAEAAV01@ABV01@@Z
??4tagTDrawInfo@DuiLib@@QAEAAU01@ABU01@@Z
??4tagTEventUI@DuiLib@@QAEAAU01@ABU01@@Z
??4tagTFontInfo@DuiLib@@QAEAAU01@ABU01@@Z
??4tagTImageInfo@DuiLib@@QAEAAU01@ABU01@@Z
??4tagTPercentInfo@DuiLib@@QAEAAU01@ABU01@@Z
??4tagTResInfo@DuiLib@@QAEAAU01@ABU01@@Z
??8CDuiString@DuiLib@@QBE_NPB_W@Z
??9CDuiString@DuiLib@@QBE_NPB_W@Z
??ACDuiPtrArray@DuiLib@@QBEPAXH@Z
??ACDuiString@DuiLib@@QBE_WH@Z
??ACDuiStringPtrMap@DuiLib@@QBEPB_WH@Z
??ACDuiValArray@DuiLib@@QBEPAXH@Z
??BCDuiString@DuiLib@@QBEPB_WXZ
??BCEventSource@DuiLib@@QAE_NXZ
??BCWindowWnd@DuiLib@@QBEPAUHWND__@@XZ
??BCWndShadow@@QBEPAUHWND__@@XZ
??HCDuiString@DuiLib@@QBE?AV01@ABV01@@Z
??HCDuiString@DuiLib@@QBE?AV01@PB_W@Z
??MCDuiString@DuiLib@@QBE_NPB_W@Z
??NCDuiString@DuiLib@@QBE_NPB_W@Z
??OCDuiString@DuiLib@@QBE_NPB_W@Z
??PCDuiString@DuiLib@@QBE_NPB_W@Z
??RCDelegateBase@DuiLib@@QAE_NPAX@Z
??RCEventSource@DuiLib@@QAE_NPAX@Z
??YCDuiString@DuiLib@@QAEABV01@ABV01@@Z
??YCDuiString@DuiLib@@QAEABV01@PBD@Z
??YCDuiString@DuiLib@@QAEABV01@PB_W@Z
??YCDuiString@DuiLib@@QAEABV01@_W@Z
??YCEventSource@DuiLib@@QAEXABVCDelegateBase@1@@Z
??YCEventSource@DuiLib@@QAEXP6A_NPAX@Z@Z
??ZCEventSource@DuiLib@@QAEXABVCDelegateBase@1@@Z
??ZCEventSource@DuiLib@@QAEXP6A_NPAX@Z@Z
??_7CActiveXUI@DuiLib@@6BCControlUI@1@@
??_7CActiveXUI@DuiLib@@6BIMessageFilterUI@1@@
??_7CButtonUI@DuiLib@@6B@
??_7CCheckBoxUI@DuiLib@@6B@
??_7CChildLayoutUI@DuiLib@@6BCControlUI@1@@
??_7CChildLayoutUI@DuiLib@@6BIContainerUI@1@@
??_7CComboUI@DuiLib@@6B@
??_7CComboUI@DuiLib@@6BCControlUI@1@@
??_7CComboUI@DuiLib@@6BIContainerUI@1@@
??_7CContainerUI@DuiLib@@6BCControlUI@1@@
??_7CContainerUI@DuiLib@@6BIContainerUI@1@@
??_7CControlUI@DuiLib@@6B@
??_7CDateTimeUI@DuiLib@@6B@
??_7CDelegateBase@DuiLib@@6B@
??_7CEditUI@DuiLib@@6B@
??_7CGifAnimUI@DuiLib@@6B@
??_7CHorizontalLayoutUI@DuiLib@@6BCControlUI@1@@
??_7CHorizontalLayoutUI@DuiLib@@6BIContainerUI@1@@
??_7CHyperLinkUI@DuiLib@@6B@
??_7CLabelUI@DuiLib@@6B@
??_7CListContainerElementUI@DuiLib@@6B@
??_7CListContainerElementUI@DuiLib@@6BCControlUI@1@@
??_7CListContainerElementUI@DuiLib@@6BIContainerUI@1@@
??_7CListElementUI@DuiLib@@6BCControlUI@1@@
??_7CListElementUI@DuiLib@@6BIListItemUI@1@@
??_7CListHBoxElementUI@DuiLib@@6B@
??_7CListHBoxElementUI@DuiLib@@6BCControlUI@1@@
??_7CListHBoxElementUI@DuiLib@@6BIContainerUI@1@@
??_7CListHeaderItemUI@DuiLib@@6B@
??_7CListHeaderUI@DuiLib@@6BCControlUI@1@@
??_7CListHeaderUI@DuiLib@@6BIContainerUI@1@@
??_7CListLabelElementUI@DuiLib@@6BCControlUI@1@@
??_7CListLabelElementUI@DuiLib@@6BIListItemUI@1@@
??_7CListTextElementUI@DuiLib@@6BCControlUI@1@@
??_7CListTextElementUI@DuiLib@@6BIListItemUI@1@@
??_7CListUI@DuiLib@@6B@
??_7CListUI@DuiLib@@6BCControlUI@1@@
??_7CListUI@DuiLib@@6BIContainerUI@1@@
??_7CNotifyPump@DuiLib@@6B@
??_7COptionUI@DuiLib@@6B@
??_7CProgressUI@DuiLib@@6B@
??_7CRichEditUI@DuiLib@@6B@
??_7CRichEditUI@DuiLib@@6BCControlUI@1@@
??_7CRichEditUI@DuiLib@@6BIContainerUI@1@@
??_7CScrollBarUI@DuiLib@@6B@
??_7CSliderUI@DuiLib@@6B@
??_7CTabLayoutUI@DuiLib@@6BCControlUI@1@@
??_7CTabLayoutUI@DuiLib@@6BIContainerUI@1@@
??_7CTextUI@DuiLib@@6B@
??_7CTileLayoutUI@DuiLib@@6BCControlUI@1@@
??_7CTileLayoutUI@DuiLib@@6BIContainerUI@1@@
??_7CTreeNodeUI@DuiLib@@6B@
??_7CTreeNodeUI@DuiLib@@6BCControlUI@1@@
??_7CTreeNodeUI@DuiLib@@6BIContainerUI@1@@
??_7CTreeViewUI@DuiLib@@6BCControlUI@1@@
??_7CTreeViewUI@DuiLib@@6BCListUI@1@@
??_7CTreeViewUI@DuiLib@@6BIContainerUI@1@@
??_7CTreeViewUI@DuiLib@@6BINotifyUI@1@@
??_7CVerticalLayoutUI@DuiLib@@6BCControlUI@1@@
??_7CVerticalLayoutUI@DuiLib@@6BIContainerUI@1@@
??_7CWebBrowserUI@DuiLib@@6BCControlUI@1@@
??_7CWebBrowserUI@DuiLib@@6BIDispatch@@@
??_7CWebBrowserUI@DuiLib@@6BIDocHostUIHandler@@@
??_7CWebBrowserUI@DuiLib@@6BIMessageFilterUI@1@@
??_7CWebBrowserUI@DuiLib@@6BIOleCommandTarget@@@
??_7CWebBrowserUI@DuiLib@@6BIServiceProvider@@@
??_7CWebBrowserUI@DuiLib@@6BITranslateAccelerator@1@@
??_7CWindowWnd@DuiLib@@6B@
??_7CWndShadow@@6B@
??_7IMessageFilterUI@DuiLib@@6B@
??_7INotifyUI@DuiLib@@6B@
??_7ITranslateAccelerator@DuiLib@@6B@
??_7WindowImplBase@DuiLib@@6BCNotifyPump@1@@
??_7WindowImplBase@DuiLib@@6BCWindowWnd@1@@
??_7WindowImplBase@DuiLib@@6BIDialogBuilderCallback@1@@
??_7WindowImplBase@DuiLib@@6BIMessageFilterUI@1@@
??_7WindowImplBase@DuiLib@@6BINotifyUI@1@@
??_FCDuiPtrArray@DuiLib@@QAEXXZ
??_FCDuiStringPtrMap@DuiLib@@QAEXXZ
??_FCMarkup@DuiLib@@QAEXXZ
??_FCTreeNodeUI@DuiLib@@QAEXXZ
?Activate@CButtonUI@DuiLib@@UAE_NXZ
?Activate@CComboUI@DuiLib@@UAE_NXZ
?Activate@CControlUI@DuiLib@@UAE_NXZ
?Activate@CHyperLinkUI@DuiLib@@UAE_NXZ
?Activate@CListContainerElementUI@DuiLib@@UAE_NXZ
?Activate@CListElementUI@DuiLib@@UAE_NXZ
?Activate@COptionUI@DuiLib@@UAE_NXZ
?Add@CComboUI@DuiLib@@UAE_NPAVCControlUI@2@@Z
?Add@CContainerUI@DuiLib@@UAE_NPAVCControlUI@2@@Z
?Add@CDuiPtrArray@DuiLib@@QAE_NPAX@Z
?Add@CDuiValArray@DuiLib@@QAE_NPBX@Z
?Add@CListUI@DuiLib@@UAE_NPAVCControlUI@2@@Z
?Add@CTabLayoutUI@DuiLib@@UAE_NPAVCControlUI@2@@Z
?Add@CTreeNodeUI@DuiLib@@UAE_NPAVCControlUI@2@@Z
?Add@CTreeViewUI@DuiLib@@UAE_NPAVCControlUI@2@@Z
?AddAt@CComboUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z
?AddAt@CContainerUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z
?AddAt@CListUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z
?AddAt@CTabLayoutUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z
?AddAt@CTreeNodeUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z
?AddAt@CTreeViewUI@DuiLib@@QAEJPAVCTreeNodeUI@2@H@Z
?AddAt@CTreeViewUI@DuiLib@@QAE_NPAVCTreeNodeUI@2@0@Z
?AddAt@CTreeViewUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z
?AddChildNode@CTreeNodeUI@DuiLib@@QAE_NPAV12@@Z
?AddCustomAttribute@CControlUI@DuiLib@@QAEXPB_W0@Z
?AddDefaultAttributeList@CPaintManagerUI@DuiLib@@QAEXPB_W0_N@Z
?AddDelayedCleanup@CPaintManagerUI@DuiLib@@QAEXPAVCControlUI@2@@Z
?AddFont@CPaintManagerUI@DuiLib@@QAEPAUHFONT__@@HPB_WH_N111@Z
?AddImage@CPaintManagerUI@DuiLib@@QAEPBUtagTImageInfo@2@PB_W0K_N1@Z
?AddImage@CPaintManagerUI@DuiLib@@QAEPBUtagTImageInfo@2@PB_WPAUHBITMAP__@@HH_N2@Z
?AddMessageFilter@CPaintManagerUI@DuiLib@@QAE_NPAVIMessageFilterUI@2@@Z
?AddMouseLeaveNeeded@CPaintManagerUI@DuiLib@@QAEXPAVCControlUI@2@@Z
?AddMultiLanguageString@CPaintManagerUI@DuiLib@@SAXHPB_W@Z
?AddNativeWindow@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@PAUHWND__@@@Z
?AddNotifier@CPaintManagerUI@DuiLib@@QAE_NPAVINotifyUI@2@@Z
?AddOptionGroup@CPaintManagerUI@DuiLib@@QAE_NPB_WPAVCControlUI@2@@Z
?AddPostPaint@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@@Z
?AddPreMessageFilter@CPaintManagerUI@DuiLib@@QAE_NPAVIMessageFilterUI@2@@Z
?AddRef@CWebBrowserUI@DuiLib@@UAGKXZ
?AddTranslateAccelerator@CPaintManagerUI@DuiLib@@QAE_NPAVITranslateAccelerator@2@@Z
?AddVirtualWnd@CNotifyPump@DuiLib@@QAE_NVCDuiString@2@PAV12@@Z
?AddWindowCustomAttribute@CPaintManagerUI@DuiLib@@QAEXPB_W0@Z
?AdjustColor@CRenderEngine@DuiLib@@SAKKFFF@Z
?AdjustImage@CRenderEngine@DuiLib@@SAX_NPAUtagTImageInfo@2@FFF@Z
?AdjustImagesHSL@CPaintManagerUI@DuiLib@@AAEXXZ
?AdjustSharedImagesHSL@CPaintManagerUI@DuiLib@@CAXXZ
?Append@CDuiString@DuiLib@@QAEXPB_W@Z
?AppendText@CRichEditUI@DuiLib@@QAEHPB_W_N@Z
?Assign@CDuiString@DuiLib@@QAEXPB_WH@Z
?AttachDialog@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@@Z
?BeforeNavigate2@CWebBrowserUI@DuiLib@@IAEXPAUIDispatch@@AAPAUtagVARIANT@@1111AAPAF@Z
?CalLocation@CTreeNodeUI@DuiLib@@AAEPAV12@PAV12@@Z
?CenterWindow@CWindowWnd@DuiLib@@QAEXXZ
?CharFromPos@CRichEditUI@DuiLib@@QBEHVCDuiPoint@2@@Z
?CheckBoxSelected@CTreeNodeUI@DuiLib@@QAEX_N@Z
?Clear@CRichEditUI@DuiLib@@QAEXXZ
?Clear@tagTDrawInfo@DuiLib@@QAEXXZ
?Close@CWindowWnd@DuiLib@@QAEXI@Z
?CommandStateChange@CWebBrowserUI@DuiLib@@IAEXJF@Z
?Compare@CDuiString@DuiLib@@QBEHPB_W@Z
?CompareNoCase@CDuiString@DuiLib@@QBEHPB_W@Z
?Copy@CRichEditUI@DuiLib@@QAEXXZ
?Create@CDialogBuilder@DuiLib@@QAEPAVCControlUI@2@PAVIDialogBuilderCallback@2@PAVCPaintManagerUI@2@PAV32@@Z
?Create@CDialogBuilder@DuiLib@@QAEPAVCControlUI@2@VSTRINGorID@2@PB_WPAVIDialogBuilderCallback@2@PAVCPaintManagerUI@2@PAV32@@Z
?Create@CWindowWnd@DuiLib@@QAEPAUHWND__@@PAU3@PB_WKKHHHHPAUHMENU__@@@Z
?Create@CWindowWnd@DuiLib@@QAEPAUHWND__@@PAU3@PB_WKKUtagRECT@@PAUHMENU__@@@Z
?Create@CWndShadow@@QAEXPAUHWND__@@@Z
?CreateARGB32Bitmap@CRenderEngine@DuiLib@@SAPAUHBITMAP__@@PAUHDC__@@HHPAPAK@Z
?CreateControl@CActiveXUI@DuiLib@@QAE_NPB_W@Z
?CreateControl@CActiveXUI@DuiLib@@QAE_NU_GUID@@@Z
?CreateControl@WindowImplBase@DuiLib@@UAEPAVCControlUI@2@PB_W@Z
?CreateDuiWindow@CWindowWnd@DuiLib@@QAEPAUHWND__@@PAU3@PB_WKK@Z
?Cut@CRichEditUI@DuiLib@@QAEXXZ
?DUI__Trace@DuiLib@@YAXPB_WZZ
?DUI__TraceMsg@DuiLib@@YAPB_WI@Z
?Deflate@CDuiRect@DuiLib@@QAEXHH@Z
?Delete@CControlUI@DuiLib@@UAEXXZ
?DeleteGif@CGifAnimUI@DuiLib@@AAEXXZ
?DoCreateControl@CActiveXUI@DuiLib@@MAE_NXZ
?DoCreateControl@CWebBrowserUI@DuiLib@@UAE_NXZ
?DoEvent@CButtonUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CComboUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CContainerUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CControlUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CDateTimeUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CEditUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CGifAnimUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CHorizontalLayoutUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CHyperLinkUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CLabelUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CListContainerElementUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CListElementUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CListHeaderItemUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CListLabelElementUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CListTextElementUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CListUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CRichEditUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CScrollBarUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CSliderUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CTextUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CTreeNodeUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CVerticalLayoutUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoInit@CComboUI@DuiLib@@UAEXXZ
?DoInit@CControlUI@DuiLib@@UAEXXZ
?DoInit@CGifAnimUI@DuiLib@@UAEXXZ
?DoInit@CRichEditUI@DuiLib@@UAEXXZ
?DoPaint@CActiveXUI@DuiLib@@UAE_NPAUHDC__@@ABUtagRECT@@PAVCControlUI@2@@Z
?DoPaint@CComboUI@DuiLib@@UAE_NPAUHDC__@@ABUtagRECT@@PAVCControlUI@2@@Z
?DoPaint@CContainerUI@DuiLib@@UAE_NPAUHDC__@@ABUtagRECT@@PAVCControlUI@2@@Z
?DoPaint@CControlUI@DuiLib@@UAE_NPAUHDC__@@ABUtagRECT@@PAV12@@Z
?DoPaint@CGifAnimUI@DuiLib@@UAE_NPAUHDC__@@ABUtagRECT@@PAVCControlUI@2@@Z
?DoPaint@CListContainerElementUI@DuiLib@@UAE_NPAUHDC__@@ABUtagRECT@@PAVCControlUI@2@@Z
?DoPaint@CListHBoxElementUI@DuiLib@@UAE_NPAUHDC__@@ABUtagRECT@@PAVCControlUI@2@@Z
?DoPaint@CListLabelElementUI@DuiLib@@UAE_NPAUHDC__@@ABUtagRECT@@PAVCControlUI@2@@Z
?DoPaint@CRichEditUI@DuiLib@@UAE_NPAUHDC__@@ABUtagRECT@@PAVCControlUI@2@@Z
?DoPaint@CScrollBarUI@DuiLib@@UAE_NPAUHDC__@@ABUtagRECT@@PAVCControlUI@2@@Z
?DoPostPaint@CControlUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?DoPostPaint@CHorizontalLayoutUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?DoPostPaint@CVerticalLayoutUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?DocumentComplete@CWebBrowserUI@DuiLib@@IAEXPAUIDispatch@@AAPAUtagVARIANT@@@Z
?Download@CWebBrowserUI@DuiLib@@UAGJPAUIMoniker@@PAUIBindCtx@@KJPAU_tagBINDINFO@@PB_W3I@Z
?DrawColor@CRenderEngine@DuiLib@@SAXPAUHDC__@@ABUtagRECT@@K@Z
?DrawFrame@CGifAnimUI@DuiLib@@AAEXPAUHDC__@@@Z
?DrawGradient@CRenderEngine@DuiLib@@SAXPAUHDC__@@ABUtagRECT@@KK_NH@Z
?DrawHtmlText@CRenderEngine@DuiLib@@SAXPAUHDC__@@PAVCPaintManagerUI@2@AAUtagRECT@@PB_WKPAU5@PAVCDuiString@2@AAHHI@Z
?DrawImage@CControlUI@DuiLib@@QAE_NPAUHDC__@@AAUtagTDrawInfo@2@@Z
?DrawImage@CRenderEngine@DuiLib@@SAXPAUHDC__@@PAUHBITMAP__@@ABUtagRECT@@222_NE333@Z
?DrawImage@CRenderEngine@DuiLib@@SA_NPAUHDC__@@PAVCPaintManagerUI@2@ABUtagRECT@@2AAUtagTDrawInfo@2@@Z
?DrawItemBk@CListContainerElementUI@DuiLib@@QAEXPAUHDC__@@ABUtagRECT@@@Z
?DrawItemBk@CListElementUI@DuiLib@@QAEXPAUHDC__@@ABUtagRECT@@@Z
?DrawItemText@CListContainerElementUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?DrawItemText@CListLabelElementUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?DrawItemText@CListTextElementUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?DrawLine@CRenderEngine@DuiLib@@SAXPAUHDC__@@ABUtagRECT@@HKH@Z
?DrawRect@CRenderEngine@DuiLib@@SAXPAUHDC__@@ABUtagRECT@@HKH@Z
?DrawRoundRect@CRenderEngine@DuiLib@@SAXPAUHDC__@@ABUtagRECT@@HHHKH@Z
?DrawTextW@CRenderEngine@DuiLib@@SAXPAUHDC__@@PAVCPaintManagerUI@2@AAUtagRECT@@PB_WKHI@Z
?Empty@CDuiPtrArray@DuiLib@@QAEXXZ
?Empty@CDuiRect@DuiLib@@QAEXXZ
?Empty@CDuiString@DuiLib@@QAEXXZ
?Empty@CDuiValArray@DuiLib@@QAEXXZ
?EmptyUndoBuffer@CRichEditUI@DuiLib@@QAEXXZ
?EnableModeless@CWebBrowserUI@DuiLib@@UAGJH@Z
?EnableScrollBar@CContainerUI@DuiLib@@UAEX_N0@Z
?EnableScrollBar@CListUI@DuiLib@@UAEX_N0@Z
?EndDown@CContainerUI@DuiLib@@UAEXXZ
?EndDown@CListUI@DuiLib@@UAEXXZ
?EndDown@CRichEditUI@DuiLib@@UAEXXZ
?EndRight@CContainerUI@DuiLib@@UAEXXZ
?EndRight@CListUI@DuiLib@@UAEXXZ
?EndRight@CRichEditUI@DuiLib@@UAEXXZ
?EnsureVisible@CListUI@DuiLib@@QAEXH@Z

Sections

.text
Size: 413KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.3MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
High Priority/XClient.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
High Priority/criticalupdate01.exe
.exe windows:5 windows x86 arch:x86

bf5a4aa99e5b160f8521cadd6bfe73b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

kernel32

RaiseException
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

ole32

OleInitialize

oleaut32

SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
VariantInit
SysFreeString
SysAllocString

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
High Priority/file.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
High Priority/good.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 40.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 124KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

MyFunc87

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 40.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
High Priority/temp5.exe
.exe windows:5 windows x86 arch:x86

eb97e4fc5518ac300a92a11673825e0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
socket
inet_ntoa
setsockopt
ntohs
recvfrom
ioctlsocket
htons
WSAStartup
__WSAFDIsSet
select
accept
listen
bind
closesocket
WSAGetLastError
recv
sendto
send
inet_addr
gethostbyname
gethostname
connect

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetConnectW

psapi

GetProcessMemoryInfo

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
SetCurrentDirectoryW
GetLongPathNameW
GetShortPathNameW
DeleteFileW
FindNextFileW
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
LoadLibraryW
VirtualAlloc
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentThread
CloseHandle
GetFullPathNameW
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
FindClose
SetEnvironmentVariableA

user32

AdjustWindowRectEx
CopyImage
SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
SetRect
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
MonitorFromRect
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterHotKey
CheckMenuRadioItem
CharLowerBuffW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
LoadImageW
GetClassNameW

gdi32

StrokePath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
GetDeviceCaps
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
DeleteDC
GetPixel
CreateDCW
GetStockObject
GetTextFaceW
CreateFontW
SetTextColor
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
StrokeAndFillPath

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
RegCreateKeyExW
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
AddAce
SetSecurityDescriptorDacl
GetUserNameW
InitiateSystemShutdownExW

shell32

DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoSetProxyBlanket
CoCreateInstanceEx
CoInitializeSecurity

oleaut32

LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
RegisterTypeLi
CreateStdDispatch
DispCallFunc
VariantChangeType
SysStringLen
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
VariantCopy
VariantClear
OleLoadPicture
QueryPathOfRegTypeLi
RegisterTypeLibForUser
UnRegisterTypeLibForUser
UnRegisterTypeLi
CreateDispTypeInfo
SysAllocString
VariantInit

Sections

.text
Size: 567KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.8MB - Virtual size: 9.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cobaltstrike_shellcode.exe
.exe windows:4 windows x86 arch:x86

829da329ce140d873b4a8bde2cbfaa7e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateThread
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_iob
_lock
_onexit
_unlock
_winmajor
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdyr
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
default.exe
.exe windows:4 windows x86 arch:x86

8acb34bed3caa60cae3f08f75d53f727

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
MessageBoxA
LoadStringA
GetSystemMetrics
DispatchMessageA
CharNextW
CharLowerBuffW
CharNextA
CharLowerBuffA
CharLowerA
CharUpperA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
WriteProcessMemory
WriteFile
WaitForSingleObject
VirtualQuery
VirtualAllocEx
TerminateThread
TerminateProcess
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesW
SetEvent
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
OpenProcess
MoveFileW
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalAlloc
GetVersionExA
GetUserDefaultLangID
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesW
GetFileAttributesA
GetExitCodeThread
GetEnvironmentVariableW
GetEnvironmentVariableA
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitThread
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DuplicateHandle
DeleteFileW
DeleteCriticalSection
CreateThread
CreateRemoteThread
CreateProcessW
CreateProcessA
CreatePipe
CreateFileW
CreateFileA
CreateEventA
CreateDirectoryW
CopyFileW
CompareStringW
CompareStringA
CloseHandle
Sleep

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
HttpAddRequestHeadersA

shell32

ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1.0MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
file.exe
.exe windows:6 windows x64 arch:x64

f6df573862725a7261d77e9eebaebd3a

Code Sign

10:09:14:04:5e:a7:b9:84:46:f2:30:f4:af:c1:c8:12
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,OU=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-05-2024 11:17

Not After

10-05-2025 11:17

Subject

CN=Microsoft Code Signing PCA 2011,OU=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:2f:4e:99:fa:ad:57:e8:3c:ad:a6:f9:b4:e4:70:c0:ee:fe:df:ee:55:f4:e6:22:0f:4a:45:95:92:7b:b1:85
Signer

Actual PE Digest

0e:2f:4e:99:fa:ad:57:e8:3c:ad:a6:f9:b4:e4:70:c0:ee:fe:df:ee:55:f4:e6:22:0f:4a:45:95:92:7b:b1:85

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
DuplicateTokenEx
OpenThreadToken
RevertToSelf
ImpersonateLoggedOnUser
CheckTokenMembership
EventWrite
EventRegister
EventEnabled

bcrypt

BCryptGenerateSymmetricKey
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptCloseAlgorithmProvider

kernel32

TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
CloseThreadpoolIo
MultiByteToWideChar
GetStdHandle
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetCalendarInfoEx
CompareStringOrdinal
CompareStringEx
FindNLSStringEx
GetLocaleInfoEx
ResolveLocaleName
GetUserPreferredUILanguages
FindStringOrdinal
GetTickCount64
GetCurrentProcess
GetCurrentThread
WaitForSingleObject
Sleep
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
DeleteCriticalSection
LocalFree
EnterCriticalSection
SleepConditionVariableCS
LeaveCriticalSection
WakeConditionVariable
QueryPerformanceCounter
InitializeCriticalSection
InitializeConditionVariable
WaitForMultipleObjectsEx
GetLastError
QueryPerformanceFrequency
SetLastError
GetFullPathNameW
GetLongPathNameW
WideCharToMultiByte
LocalAlloc
GetConsoleOutputCP
GetProcAddress
RaiseFailFastException
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
LocaleNameToLCID
LCMapStringEx
EnumTimeFormatsEx
EnumCalendarInfoExEx
CopyFileExW
CreateDirectoryW
CreateFileW
DeleteFileW
DeleteVolumeMountPointW
CreateSymbolicLinkW
DeviceIoControl
ExpandEnvironmentStringsW
FindNextFileW
FindClose
FindFirstFileExW
FlushFileBuffers
FreeLibrary
GetCurrentDirectoryW
GetFileAttributesExW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileType
GetFinalPathNameByHandleW
GetLogicalDrives
GetModuleFileNameW
GetOverlappedResult
GetSystemDirectoryW
GetVolumeInformationW
LoadLibraryExW
MoveFileExW
ReadFile
RemoveDirectoryW
ReplaceFileW
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetThreadErrorMode
GetDynamicTimeZoneInformation
GetTimeZoneInformation
WriteFile
GetCurrentProcessorNumberEx
CloseHandle
SetEvent
CreateEventExW
GetEnvironmentVariableW
FormatMessageW
CreateThread
ResumeThread
DuplicateHandle
GetThreadPriority
SetThreadPriority
GetCPInfoExW
GetConsoleMode
WriteConsoleW
GetConsoleWindow
LoadLibraryA
GetModuleHandleA
FreeConsole
AllocConsole
VirtualAllocEx
GetExitCodeProcess
CreateProcessW
TerminateProcess
OpenProcess
K32EnumProcesses
GetProcessId
QueryFullProcessImageNameW
CreatePipe
GetConsoleCP
FlushProcessWriteBuffers
GetCurrentThreadId
WaitForSingleObjectEx
VirtualQuery
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
QueryInformationJobObject
GetModuleHandleW
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
ResetEvent
DebugBreak
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetCurrentProcessId

ole32

CoGetApartmentType
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
CoCreateGuid
CoWaitForMultipleHandles
CoInitializeEx

user32

LoadStringW

api-ms-win-crt-math-l1-1-0

__setusermatherr
sin
modf
tan
ceil
cos
floor
pow

api-ms-win-crt-heap-l1-1-0

calloc
malloc
_callnewh
_set_new_mode
free

api-ms-win-crt-string-l1-1-0

strncpy_s
_stricmp
strcpy_s
_wcsicmp
strcmp
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_exit
__p___argc
_initterm_e
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
exit
_initterm
_get_initial_wide_environment
abort
__p___wargv
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_seh_filter_exe
_set_app_type
_initialize_wide_environment
_configure_wide_argv

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__p__commode
__stdio_common_vfprintf
__stdio_common_vsscanf
_set_fmode
__acrt_iob_func

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

DotNetRuntimeDebugHeader

Sections

.text
Size: 461KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

hydrated
Size: - Virtual size: 553KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 926KB - Virtual size: 926KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.m4lw4r3
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mouse_2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 981KB - Virtual size: 981KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
oof.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 202KB - Virtual size: 202KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 3KB

.idata Size: 5KB - Virtual size: 4KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 48B

.reloc Size: 10KB - Virtual size: 10KB

.rsrc Size: 384KB - Virtual size: 384KB

0b940f4d2992021389a241ab8513fc6b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 110KB - Virtual size: 110KB

.data Size: 3KB - Virtual size: 4.7MB

.gfids Size: 1024B - Virtual size: 4KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 5KB - Virtual size: 5KB

5877688b4859ffd051f6be3b8e0cd533

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

comctl32

shell32

winmm

ole32

shlwapi

Sections

.code Size: 14KB - Virtual size: 13KB

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 12.4MB - Virtual size: 12.4MB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: 348KB - Virtual size: 348KB

UPX1 Size: 296KB - Virtual size: 300KB

.rsrc Size: 24KB - Virtual size: 24KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 78KB - Virtual size: 77KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

3c977911c8eee24abac5edc906e5e72c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

CODE
Size: 202KB - Virtual size: 202KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 5KB - Virtual size: 4KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 48B

.reloc
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 384KB - Virtual size: 384KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 110KB - Virtual size: 110KB

.data
Size: 3KB - Virtual size: 4.7MB

.gfids
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 5KB - Virtual size: 5KB

.code
Size: 14KB - Virtual size: 13KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 12.4MB - Virtual size: 12.4MB

UPX0
Size: 348KB - Virtual size: 348KB

UPX1
Size: 296KB - Virtual size: 300KB

.rsrc
Size: 24KB - Virtual size: 24KB

.text
Size: 78KB - Virtual size: 77KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 612KB - Virtual size: 612KB

.rdata
Size: 113KB - Virtual size: 112KB

.data
Size: 15KB - Virtual size: 30KB

.rsrc
Size: 122KB - Virtual size: 122KB

.reloc
Size: 34KB - Virtual size: 33KB

4b:09:b3:90:25:06:78:23:32:99:e9:10:70:86:52:e0
Certificate

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

bd:97:4f:10:ca:6a:09:15:96:cd:31:82:d7:81:68:8f:5d:52:1f:5d
Signer

.text
Size: 413KB - Virtual size: 413KB

.rdata
Size: 224KB - Virtual size: 223KB

.data
Size: 2.3MB - Virtual size: 2.4MB

.rsrc
Size: 596KB - Virtual size: 595KB

.reloc
Size: 25KB - Virtual size: 25KB

.text
Size: 63KB - Virtual size: 63KB

.rsrc
Size: 108KB - Virtual size: 107KB