winlog[.]exe[.]dll[.]hijack[.]avutil[.]dll[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

winlog.exe.dll.hijack.avutil.dll.rar
Size

18.2MB
MD5

17634ba0278668538129008e21233e4c
SHA1

c187b6950e51b4236985697574f10dcb8e33fece
SHA256

b1bd33f681dcd18c51e9ae7f59b7daa04109f32e10eaa33b1257a3ba5865bcdf
SHA512

dbf4272bf367856fe41866fcaf391797e2e325eef0d95b822acc0e743c40fd05caf36e5a547158c9420fd05e2e7d4bb2658031ec59de2e60d2524870196bf565
SSDEEP

393216:1Q6nDoDGAqsSJ2Jen7Bi00LByzQepjz9IOtB2IiV7+:uQaBcoen7B3ABbgFiVq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/avutil.dll

Files

winlog.exe.dll.hijack.avutil.dll.rar
.rar
avutil.dll
.dll windows:5 windows x86 arch:x86

b509a411c33b5c73b35d9ec43a489595

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winspool.drv

DocumentPropertiesW

comctl32

ImageList_GetImageInfo

shell32

SHGetFolderPathW

user32

MoveWindow

version

GetFileVersionInfoSizeW

urlmon

URLDownloadToFileW

oleaut32

SafeArrayPutElement

advapi32

RegSetValueExW

netapi32

NetWkstaGetInfo

msvcrt

memcpy

kernel32

GetVersion
GetVersionExW

wsock32

gethostbyaddr

ole32

IsEqualGUID

gdi32

Pie

magnification

MagSetWindowSource

Exports

Exports

InterlockedCompareExchange@12
TMethodImplementationIntercept
TMethodImplementationIntercept
TMethodImplementationIntercept
TMethodImplementationIntercept
__dbk_fcall_wrapper
__dbk_fcall_wrapper
__dbk_fcall_wrapper
__dbk_fcall_wrapper
av_add_q
av_add_stable
av_adler32_update
av_aes_alloc
av_aes_crypt
av_aes_init
av_aes_size
av_append_path_component
av_asprintf
av_audio_fifo_alloc
av_audio_fifo_drain
av_audio_fifo_free
av_audio_fifo_read
av_audio_fifo_realloc
av_audio_fifo_reset
av_audio_fifo_size
av_audio_fifo_space
av_audio_fifo_write
av_base64_decode
av_base64_encode
av_basename
av_blowfish_crypt
av_blowfish_crypt_ecb
av_blowfish_init
av_bmg_get
av_bprint_append_data
av_bprint_channel_layout
av_bprint_chars
av_bprint_clear
av_bprint_escape
av_bprint_finalize
av_bprint_get_buffer
av_bprint_init
av_bprint_init_for_buffer
av_bprint_strftime
av_bprintf
av_buffer_alloc
av_buffer_allocz
av_buffer_create
av_buffer_default_free
av_buffer_get_opaque
av_buffer_get_ref_count
av_buffer_is_writable
av_buffer_make_writable
av_buffer_pool_get
av_buffer_pool_init
av_buffer_pool_uninit
av_buffer_realloc
av_buffer_ref
av_buffer_unref
av_calloc
av_camellia_alloc
av_camellia_crypt
av_camellia_init
av_camellia_size
av_cast5_alloc
av_cast5_crypt
av_cast5_crypt2
av_cast5_init
av_cast5_size
av_channel_layout_extract_channel
av_chroma_location_name
av_color_primaries_name
av_color_range_name
av_color_space_name
av_color_transfer_name
av_compare_mod
av_compare_ts
av_cpu_count
av_crc
av_crc_get_table
av_crc_init
av_ctz
av_d2q
av_d2str
av_default_get_category
av_default_item_name
av_des_crypt
av_des_init
av_des_mac
av_dict_copy
av_dict_count
av_dict_free
av_dict_get
av_dict_get_string
av_dict_parse_string
av_dict_set
av_dict_set_int
av_dirname
av_display_matrix_flip
av_display_rotation_get
av_display_rotation_set
av_div_q
av_downmix_info_update_side_data
av_dynarray2_add
av_dynarray_add
av_dynarray_add_nofree
av_escape
av_expr_eval
av_expr_free
av_expr_parse
av_expr_parse_and_eval
av_fast_malloc
av_fast_realloc
av_fifo_alloc
av_fifo_alloc_array
av_fifo_drain
av_fifo_free
av_fifo_freep
av_fifo_generic_read
av_fifo_generic_write
av_fifo_grow
av_fifo_realloc2
av_fifo_reset
av_fifo_size
av_fifo_space
av_file_map
av_file_unmap
av_find_best_pix_fmt_of_2
av_find_info_tag
av_find_nearest_q_idx
av_fopen_utf8
av_force_cpu_flags
av_frame_alloc
av_frame_clone
av_frame_copy
av_frame_copy_props
av_frame_free
av_frame_get_best_effort_timestamp
av_frame_get_buffer
av_frame_get_channel_layout
av_frame_get_channels
av_frame_get_color_range
av_frame_get_colorspace
av_frame_get_decode_error_flags
av_frame_get_metadata
av_frame_get_pkt_duration
av_frame_get_pkt_pos
av_frame_get_pkt_size
av_frame_get_plane_buffer
av_frame_get_qp_table
av_frame_get_sample_rate
av_frame_get_side_data
av_frame_is_writable
av_frame_make_writable
av_frame_move_ref
av_frame_new_side_data
av_frame_ref
av_frame_remove_side_data
av_frame_set_best_effort_timestamp
av_frame_set_channel_layout
av_frame_set_channels
av_frame_set_color_range
av_frame_set_colorspace
av_frame_set_decode_error_flags
av_frame_set_metadata
av_frame_set_pkt_duration
av_frame_set_pkt_pos
av_frame_set_pkt_size
av_frame_set_qp_table
av_frame_set_sample_rate
av_frame_side_data_name
av_frame_unref
av_free
av_freep
av_gcd
av_get_alt_sample_fmt
av_get_bits_per_pixel
av_get_bytes_per_sample
av_get_channel_description
av_get_channel_layout
av_get_channel_layout_channel_index
av_get_channel_layout_nb_channels
av_get_channel_layout_string
av_get_channel_name
av_get_colorspace_name
av_get_cpu_flags
av_get_default_channel_layout
av_get_double
av_get_int
av_get_known_color_name
av_get_media_type_string
av_get_packed_sample_fmt
av_get_padded_bits_per_pixel
av_get_picture_type_char
av_get_pix_fmt
av_get_pix_fmt_loss
av_get_pix_fmt_name
av_get_pix_fmt_string
av_get_planar_sample_fmt
av_get_q
av_get_random_seed
av_get_sample_fmt
av_get_sample_fmt_name
av_get_sample_fmt_string
av_get_standard_channel_layout
av_get_string
av_get_time_base_q
av_get_token
av_gettime
av_gettime_relative
av_gettime_relative_is_monotonic
av_hash_alloc
av_hash_final
av_hash_final_b64
av_hash_final_bin
av_hash_final_hex
av_hash_freep
av_hash_get_name
av_hash_get_size
av_hash_init
av_hash_names
av_hash_update
av_hmac_alloc
av_hmac_calc
av_hmac_final
av_hmac_free
av_hmac_init
av_hmac_update
av_image_alloc
av_image_check_sar
av_image_check_size
av_image_copy
av_image_copy_plane
av_image_copy_to_buffer
av_image_fill_arrays
av_image_fill_linesizes
av_image_fill_max_pixsteps
av_image_fill_pointers
av_image_get_buffer_size
av_image_get_linesize
av_int_list_length_for_size
av_isdigit
av_isgraph
av_isspace
av_isxdigit
av_lfg_init
av_log
av_log2
av_log2_16bit
av_log_default_callback
av_log_format_line
av_log_get_flags
av_log_get_level
av_log_set_callback
av_log_set_flags
av_log_set_level
av_lzo1x_decode
av_malloc
av_mallocz
av_match_list
av_match_name
av_max_alloc
av_md5_alloc
av_md5_final
av_md5_init
av_md5_size
av_md5_sum
av_md5_update
av_memcpy_backptr
av_memdup
av_mul_q
av_murmur3_alloc
av_murmur3_final
av_murmur3_init
av_murmur3_init_seeded
av_murmur3_update
av_nearer_q
av_next_option
av_opt_child_class_next
av_opt_child_next
av_opt_copy
av_opt_eval_double
av_opt_eval_flags
av_opt_eval_float
av_opt_eval_int
av_opt_eval_int64
av_opt_eval_q
av_opt_find
av_opt_find2
av_opt_flag_is_set
av_opt_free
av_opt_freep_ranges
av_opt_get
av_opt_get_channel_layout
av_opt_get_dict_val
av_opt_get_double
av_opt_get_image_size
av_opt_get_int
av_opt_get_key_value
av_opt_get_pixel_fmt
av_opt_get_q
av_opt_get_sample_fmt
av_opt_get_video_rate
av_opt_is_set_to_default
av_opt_is_set_to_default_by_name
av_opt_next
av_opt_ptr
av_opt_query_ranges
av_opt_query_ranges_default
av_opt_serialize
av_opt_set
av_opt_set_bin
av_opt_set_channel_layout
av_opt_set_defaults
av_opt_set_defaults2
av_opt_set_dict
av_opt_set_dict2
av_opt_set_dict_val
av_opt_set_double
av_opt_set_from_string
av_opt_set_image_size
av_opt_set_int
av_opt_set_pixel_fmt
av_opt_set_q
av_opt_set_sample_fmt
av_opt_set_video_rate
av_opt_show2
av_parse_color
av_parse_cpu_caps
av_parse_cpu_flags
av_parse_ratio
av_parse_time
av_parse_video_rate
av_parse_video_size
av_pix_fmt_count_planes
av_pix_fmt_desc_get
av_pix_fmt_desc_get_id
av_pix_fmt_desc_next
av_pix_fmt_descriptors
av_pix_fmt_get_chroma_sub_sample
av_pix_fmt_swap_endianness
av_pixelutils_get_sad_fn
av_rc4_crypt
av_rc4_init
av_read_image_line
av_realloc
av_realloc_array
av_realloc_f
av_reallocp
av_reallocp_array
av_reduce
av_rescale
av_rescale_delta
av_rescale_q
av_rescale_q_rnd
av_rescale_rnd
av_reverse
av_ripemd_alloc
av_ripemd_final
av_ripemd_init
av_ripemd_size
av_ripemd_update
av_sample_fmt_is_planar
av_samples_alloc
av_samples_alloc_array_and_samples
av_samples_copy
av_samples_fill_arrays
av_samples_get_buffer_size
av_samples_set_silence
av_set_cpu_flags_mask
av_set_double
av_set_int
av_set_options_string
av_set_q
av_set_string3
av_sha512_alloc
av_sha512_final
av_sha512_init
av_sha512_size
av_sha512_update
av_sha_alloc
av_sha_final
av_sha_init
av_sha_size
av_sha_update
av_small_strptime
av_stereo3d_alloc
av_stereo3d_create_side_data
av_strcasecmp
av_strdup
av_strerror
av_stristart
av_stristr
av_strlcat
av_strlcatf
av_strlcpy
av_strncasecmp
av_strndup
av_strnstr
av_strstart
av_strtod
av_strtok
av_sub_q
av_tempfile
av_thread_message_queue_alloc
av_thread_message_queue_free
av_thread_message_queue_recv
av_thread_message_queue_send
av_thread_message_queue_set_err_recv
av_thread_message_queue_set_err_send
av_timecode_adjust_ntsc_framenum2
av_timecode_check_frame_rate
av_timecode_get_smpte_from_framenum
av_timecode_init
av_timecode_init_from_string
av_timecode_make_mpeg_tc_string
av_timecode_make_smpte_tc_string
av_timecode_make_string
av_timegm
av_tree_destroy
av_tree_enumerate
av_tree_find
av_tree_insert
av_tree_node_alloc
av_tree_node_size
av_twofish_alloc
av_twofish_crypt
av_twofish_init
av_twofish_size
av_usleep
av_utf8_decode
av_util_ffversion
av_vbprintf
av_vlog
av_write_image_line
av_xtea_crypt
av_xtea_init
avpriv_alloc_fixed_dsp
avpriv_cga_font
avpriv_emms_yasm
avpriv_float_dsp_alloc
avpriv_float_dsp_init
avpriv_frame_get_metadatap
avpriv_get_gamma_from_trc
avpriv_init_lls
avpriv_open
avpriv_report_missing_feature
avpriv_request_sample
avpriv_scalarproduct_float_c
avpriv_set_systematic_pal2
avpriv_solve_lls
avpriv_vga16_font
avutil_configuration
avutil_license
avutil_version
custom_aligned_free
custom_aligned_malloc
custom_aligned_realloc
dbkFCallWrapperAddr
dbkFCallWrapperAddr
dbkFCallWrapperAddr
dbkFCallWrapperAddr
ff_butterflies_float_sse
ff_check_pixfmt_descriptors
ff_cpu_cpuid
ff_cpu_cpuid_test
ff_cpu_xgetbv
ff_evaluate_lls_sse2
ff_float_dsp_init_x86
ff_get_channel_layout
ff_get_cpu_flags_x86
ff_init_lls_x86
ff_log2_tab
ff_scalarproduct_float_sse
ff_update_lls_avx
ff_update_lls_sse2
ff_vector_dmul_scalar_avx
ff_vector_dmul_scalar_sse2
ff_vector_fmac_scalar_avx
ff_vector_fmac_scalar_fma3
ff_vector_fmac_scalar_sse
ff_vector_fmul_add_avx
ff_vector_fmul_add_fma3
ff_vector_fmul_add_sse
ff_vector_fmul_avx
ff_vector_fmul_reverse_avx
ff_vector_fmul_reverse_sse
ff_vector_fmul_scalar_sse
ff_vector_fmul_sse
ff_vector_fmul_window_3dnowext
ff_vector_fmul_window_sse
outstanding_malloc_count
vso_get_mem_manager
vso_set_mem_manager

Sections

.text
Size: - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 30KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ZhV
Size: - Virtual size: 39.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l}U
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.p_$
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
load.bat
winlog.exe
.exe windows:5 windows x86 arch:x86

79056a8ee27da483e5fb00ff29982a49

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

bf:e7:a6:9f:40:b4:5d:48:64:56:dc:59:bb:91:86:cd
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/04/2018, 00:00

Not After

05/04/2020, 23:59

Subject

CN=VSO SOFTWARE,OU=IT,O=VSO SOFTWARE,POSTALCODE=31400,STREET=1ER ETAGE BATIMENT A,L=TOULOUSE,ST=Occitanie,C=FR,2.5.4.18=#13053331343030

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:8c:f2:bf:f8:8d:b4:cf:0b:bb:c8:85:21:42:9e:ac:79:af:b9:54
Signer

Actual PE Digest

52:8c:f2:bf:f8:8d:b4:cf:0b:bb:c8:85:21:42:9e:ac:79:af:b9:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

d3d9

Direct3DCreate9

shlwapi

PathCanonicalizeW
PathRelativePathToW
PathFindOnPathW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CopyImage
MoveWindow
SetMenuItemInfoW
GetMenuItemInfoW
DefFrameProcW
SetCaretPos
GetCaretPos
DrawTextA
ScrollWindowEx
GetDlgCtrlID
FrameRect
RegisterWindowMessageW
GetMenuStringW
FillRect
ClipCursor
SendMessageA
IsClipboardFormatAvailable
EnumWindows
ShowOwnedPopups
GetClassInfoExW
GetClassInfoW
GetScrollRange
SetActiveWindow
GetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
EnumChildWindows
SendNotifyMessageW
GetScrollBarInfo
UnhookWindowsHookEx
SetCapture
GetCapture
CreatePopupMenu
ShowCaret
GetMenuItemID
DestroyCaret
CharLowerBuffW
PostMessageW
SetWindowLongW
DrawMenuBar
IsZoomed
SetParent
InvalidateRgn
GetClientRect
IsChild
IntersectRect
IsIconic
CallNextHookEx
ShowWindow
SetForegroundWindow
GetWindowTextW
GetAsyncKeyState
GetWindowTextLengthW
DestroyWindow
IsDialogMessageW
RegisterClassW
EndMenu
CharNextW
GetFocus
GetDC
SetFocus
ReleaseDC
ExitWindowsEx
GetClassLongW
DrawTextW
SetScrollRange
PeekMessageA
MessageBeep
SetClassLongW
SetRectEmpty
LockWindowUpdate
RemovePropW
AttachThreadInput
GetSubMenu
EqualRect
DestroyIcon
IsWindowVisible
DispatchMessageA
PtInRect
UnregisterClassW
GetTopWindow
SendMessageW
GetMessageTime
NotifyWinEvent
GetComboBoxInfo
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetWindowRgn
ShowWindowAsync
GetMenuItemCount
GetSysColorBrush
GetWindowDC
DrawTextExW
CharLowerBuffA
EnumClipboardFormats
ScrollDC
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
GetSysColor
EnableScrollBar
TrackPopupMenu
DrawIconEx
GetClassNameW
GetMessagePos
GetIconInfo
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
SetCursorPos
GetCursorPos
SetMenu
GetMenuState
GetMenu
SetRect
GetKeyState
IsRectEmpty
ValidateRect
IsCharAlphaW
GetCursor
CopyRect
KillTimer
BeginDeferWindowPos
WaitMessage
TranslateMDISysAccel
GetWindowPlacement
GetClipboardFormatNameW
CreateIconIndirect
GetMenuItemRect
CreateWindowExW
ChildWindowFromPoint
GetMessageW
GetDCEx
PeekMessageW
MonitorFromWindow
RegisterDeviceNotificationW
GetUpdateRect
MessageBoxA
SetTimer
WindowFromPoint
BeginPaint
DrawStateW
RegisterClipboardFormatW
DrawAnimatedRects
MapVirtualKeyW
OffsetRect
IsWindowUnicode
DispatchMessageW
CreateAcceleratorTableW
DefMDIChildProcW
WaitForInputIdle
GetSystemMenu
SetScrollPos
GetScrollPos
InflateRect
DrawFocusRect
ReleaseCapture
LoadCursorW
ScrollWindow
GetLastActivePopup
MessageBoxIndirectW
GetSystemMetrics
CharUpperBuffW
ClientToScreen
SetClipboardData
GetClipboardData
SetWindowPlacement
InvertRect
GetMonitorInfoW
CheckMenuItem
CharUpperW
UnregisterDeviceNotification
DefWindowProcW
GetForegroundWindow
ToAscii
EnableWindow
GetShellWindow
GetWindowThreadProcessId
RedrawWindow
EndPaint
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
ActivateKeyboardLayout
GetParent
CreateCaret
MonitorFromRect
InsertMenuItemW
GetPropW
MessageBoxW
SetPropW
UpdateWindow
MsgWaitForMultipleObjects
DestroyMenu
SetWindowsHookExW
GetDoubleClickTime
EmptyClipboard
GetDlgItem
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
SetKeyboardState
GetKeyboardState
DrawFrameControl
ScreenToClient
IsCharAlphaNumericW
WindowFromDC
SetCursor
CreateIcon
RemoveMenu
SubtractRect
GetKeyboardLayoutNameW
OpenClipboard
TranslateMessage
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
CharUpperBuffA
CopyIcon
PostQuitMessage
ShowScrollBar
LoadImageW
EnableMenuItem
DeferWindowPos
HideCaret
EndDeferWindowPos
FindWindowExW
MonitorFromPoint
LoadIconW
SystemParametersInfoW
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
PostThreadMessageW
IsWindowEnabled
IsDialogMessageA
FindWindowW
DeleteMenu
GetKeyboardLayout

olepro32

OleLoadPicture

oleaut32

SafeArrayPutElement
SetErrorInfo
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SafeArrayAccessData
LoadTypeLibEx
SysReAllocStringLen
SafeArrayCreate
CreateErrorInfo
SafeArrayGetElement
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
RegisterTypeLib
VariantCopyInd
VariantChangeType

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegSetValueExW
RegSetValueExA
RegConnectRegistryW
RegEnumKeyW
RegCreateKeyW
OpenThreadToken
SetSecurityDescriptorSacl
RegQueryInfoKeyW
CryptGenRandom
RegUnLoadKeyW
CryptReleaseContext
IsValidSid
RegSaveKeyW
PrivilegeCheck
GetLengthSid
RegOpenKeyW
RegReplaceKeyW
GetSidSubAuthority
GetTokenInformation
AddAccessAllowedAce
LookupAccountSidW
RegCreateKeyExW
CryptAcquireContextW
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
InitializeAcl
RegLoadKeyW
RegEnumKeyExW
SetSecurityDescriptorGroup
GetSidIdentifierAuthority
RegDeleteKeyW
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegOpenKeyExA
AllocateAndInitializeSid
FreeSid
RegDeleteValueW
RegFlushKey
RegQueryValueExW
RegQueryValueExA
RegEnumValueW
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegCloseKey
RegRestoreKeyW

msvcrt

sscanf
qsort
isupper
isalpha
isalnum
toupper
memchr
memcmp
memcpy
memset
isprint
_setjmp
isspace
iscntrl
longjmp
isxdigit
ispunct
isgraph
islower
tolower

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

SetFileTime
GetFileType
FlushViewOfFile
GetACP
GetStringTypeExW
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
GetCurrentProcessId
Beep
TerminateThread
IsDebuggerPresent
GetFullPathNameW
FindNextFileW
GlobalSize
GetCPInfoExW
GetSystemTime
WriteProcessMemory
SetFilePointerEx
EnumSystemLocalesW
CreateWaitableTimerW
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
FreeLibrary
HeapDestroy
DosDateTimeToFileTime
GetUserDefaultLCID
MapViewOfFileEx
SetLastError
WaitNamedPipeW
GetModuleFileNameW
GetLastError
GlobalAlloc
GlobalUnlock
OpenMutexW
CompareStringW
CreateThread
CreateMutexW
LoadLibraryA
ResetEvent
GetVolumeInformationW
OpenEventW
RaiseException
FindFirstChangeNotificationW
FormatMessageW
GetCurrentThread
GetLogicalDrives
IsBadReadPtr
BackupSeek
ExpandEnvironmentStringsW
LoadLibraryExW
MoveFileWithProgressW
FileTimeToSystemTime
GetShortPathNameW
EnumSystemCodePagesW
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
Sleep
SetFilePointer
FlushFileBuffers
LoadResource
RemoveVectoredExceptionHandler
SuspendThread
GetTickCount
WaitForMultipleObjects
GetFileSize
GetStartupInfoW
GetFileAttributesW
VerLanguageNameW
GetThreadPriority
SetThreadPriority
VirtualAlloc
GetSystemInfo
GetTempPathW
LeaveCriticalSection
SetWaitableTimer
GetLogicalDriveStringsW
HeapCreate
VerSetConditionMask
GetDiskFreeSpaceW
GetUserDefaultUILanguage
GetConsoleOutputCP
GetModuleFileNameA
CompareStringA
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
HeapFree
WideCharToMultiByte
MultiByteToWideChar
FindClose
LoadLibraryW
SetEvent
FreeEnvironmentStringsW
GetLocaleInfoW
BackupWrite
GetLocalTime
WaitForSingleObject
DeleteCriticalSection
SetErrorMode
GetComputerNameW
SleepEx
IsValidLocale
VirtualFreeEx
LocalAlloc
WaitForMultipleObjectsEx
SetFileAttributesW
QueryDosDeviceW
VirtualProtect
CreateSemaphoreW
ReadProcessMemory
OpenFileMappingW
QueryPerformanceFrequency
VirtualFree
FlushInstructionCache
ExitProcess
HeapAlloc
FindNextChangeNotification
GetLongPathNameW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
TryEnterCriticalSection
CompareFileTime
FileTimeToDosDateTime
ReadFile
CreateProcessW
TransactNamedPipe
HeapSize
FindResourceW
lstrlenA
CopyFileW
AddVectoredExceptionHandler
lstrcmpA
MapViewOfFile
MulDiv
GetVersion
GetDriveTypeW
GetComputerNameExW
FreeResource
SetThreadExecutionState
MoveFileW
GlobalAddAtomW
GetSystemTimeAsFileTime
OpenProcess
SwitchToThread
GetExitCodeThread
BackupRead
OutputDebugStringW
LocalFileTimeToFileTime
GetFileAttributesExW
SetNamedPipeHandleState
GlobalMemoryStatusEx
SetPriorityClass
TerminateProcess
LockResource
GetPriorityClass
GetCurrentThreadId
UnhandledExceptionFilter
MoveFileExW
PeekNamedPipe
GlobalFree
EnterCriticalSection
ReleaseMutex
GetStringTypeExA
GlobalDeleteAtom
SetCurrentDirectoryW
GetCurrentDirectoryW
InitializeCriticalSection
GlobalLock
GetCurrentProcess
GetCommandLineW
GetProcAddress
ResumeThread
VirtualAllocEx
GetVersionExW
VerifyVersionInfoW
GetWindowsDirectoryW
GetEnvironmentStringsW
GetProcessAffinityMask
DeviceIoControl
SignalObjectAndWait
LCMapStringW
FindFirstFileW
UnmapViewOfFile
GetConsoleCP
GlobalHandle
CallNamedPipeW
FindResourceA
lstrlenW
QueryPerformanceCounter
SetEndOfFile
CopyFileExW
lstrcmpW
ReleaseSemaphore
SystemTimeToFileTime
CreateFileW
EnumResourceNamesW
GetDriveTypeA
DeleteFileW
SetThreadAffinityMask
FindCloseChangeNotification
GetEnvironmentVariableW
WriteFile
GetFileInformationByHandle
FindFirstFileExW
CreateFileMappingW
ExitThread
TlsGetValue
GetDateFormatW
PulseEvent
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
GetOverlappedResult
EnumCalendarInfoW
RemoveDirectoryW
OpenSemaphoreW
GlobalMemoryStatus
CreateEventW
SetThreadLocale
GetThreadLocale

shfolder

SHGetFolderPathW

wsock32

accept
htons
ntohs
getsockopt
setsockopt
select
WSAStartup
__WSAFDIsSet
WSACleanup
getsockname
listen
gethostbyname
bind
closesocket
inet_ntoa
socket
recv
ioctlsocket
WSAGetLastError
connect
shutdown
inet_addr
send

crypt32

CertGetNameStringA
CryptVerifyMessageSignature
CryptDecodeObject
CryptQueryObject
CertFreeCertificateContext
CryptMsgGetParam
CryptMsgClose

gdiplus

GdipFillEllipseI
GdipCloneImage
GdipDrawBezier
GdipDrawImagePointsRectI
GdipSetPenDashOffset
GdipGetPenDashOffset
GdipCreateFontFromDC
GdipClonePath
GdipIsVisibleRegionRect
GdipSetClipHrgn
GdipSetPixelOffsetMode
GdipGetLineColors
GdipSetClipPath
GdipGetEmHeight
GdipGetRegionBoundsI
GdipDrawPie
GdipFillRectangle
GdipGetPageUnit
GdipSetPageUnit
GdipGetLineGammaCorrection
GdipGetRegionDataSize
GdipFillClosedCurveI
GdipAddPathPolygon
GdipCombineRegionPath
GdipCreateMetafileFromFile
GdipRestoreGraphics
GdipResetPath
GdipGetFontSize
GdipResetImageAttributes
GdipGetCustomLineCapBaseCap
GdipAddPathEllipse
GdipCreateHBITMAPFromBitmap
GdipSetImageAttributesRemapTable
GdipFillPie
GdipDrawCurve2
GdipCreateHatchBrush
GdipSetPenDashStyle
GdipGetPenDashStyle
GdipSetLineGammaCorrection
GdipGetLineBlendCount
GdipGetSolidFillColor
GdipGetImageBounds
GdipSetSolidFillColor
GdipSetLineLinearBlend
GdipLoadImageFromFile
GdipGetPenCompoundCount
GdipAddPathEllipseI
GdipScaleMatrix
GdipGetLineWrapMode
GdipSetLineWrapMode
GdipSetLineColors
GdipCloneBrush
GdipGetMetafileHeaderFromFile
GdipSaveAdd
GdipGetGenericFontFamilyMonospace
GdipRecordMetafileI
GdipCreateFromHDC
GdipGetClipBounds
GdipSetImageAttributesOutputChannelColorProfile
GdipDeletePath
GdipIsVisibleClipEmpty
GdipIsVisibleRegionRectI
GdipIsVisiblePoint
GdipGetPenWidth
GdipSetPenWidth
GdipShearMatrix
GdipSetClipGraphics
GdipGetStringFormatDigitSubstitution
GdipDisposeImageAttributes
GdipCreateMatrix3
GdipRecordMetafileFileName
GdipGetFontUnit
GdipGetImageRawFormat
GdiplusShutdown
GdipRecordMetafileStream
GdipSetLinePresetBlend
GdipDrawImagePointsI
GdipCreateBitmapFromStream
GdipTranslateRegion
GdipEnumerateMetafileDestPoint
GdipGetVisibleClipBoundsI
GdipGetLineRect
GdipDeleteCachedBitmap
GdipSetImageAttributesColorMatrix
GdipGetHatchStyle
GdipDrawClosedCurve2
GdipDrawArc
GdipAlloc
GdipClosePathFigure
GdipDrawImageI
GdipAddPathCurve
GdipGetPenMiterLimit
GdipSetPenMiterLimit
GdipAddPathLineI
GdipGetStringFormatTrimming
GdipSetPropertyItem
GdipGetPropertyItem
GdipAddPathCurveI
GdipCreatePath
GdipCreatePen1
GdipFlattenPath
GdipVectorTransformMatrixPoints
GdipClonePen
GdipDrawCurveI
GdipGetFontStyle
GdipGetImageAttributesAdjustedPalette
GdipDeletePen
GdipCreateBitmapFromStreamICM
GdipSetPenDashCap197819
GdipEnumerateMetafileDestPointsI
GdipGetPageScale
GdipSetPageScale
GdipCreateFromHDC2
GdipTransformPath
GdipMultiplyLineTransform
GdipCreateLineBrushFromRectWithAngleI
GdipFree
GdipCreateTexture2
GdipBeginContainer
GdipResetTextureTransform
GdipAddPathPolygonI
GdipReversePath
GdipGetFontHeight
GdipGetPenCompoundArray
GdipGetLineSpacing
GdipTranslateWorldTransform
GdipGetPenMode
GdipDrawLinesI
GdipAddPathClosedCurve2I
GdipCreateRegionHrgn
GdipEnumerateMetafileSrcRectDestRectI
GdipCreateRegionPath
GdipSetPenCustomEndCap
GdiplusStartup
GdipGetImageEncoders
GdipImageRotateFlip
GdipVectorTransformMatrixPointsI
GdipGetTextureTransform
GdipMultiplyMatrix
GdipDrawCurve
GdipAddPathBeziersI
GdipGetMetafileHeaderFromEmf
GdipGetMetafileHeaderFromWmf
GdipDisposeImage
GdipSetClipRect
GdipCreatePath2I
GdipGetHatchForegroundColor
GdipGetCustomLineCapStrokeCaps
GdipGetClipBoundsI
GdipSetCustomLineCapStrokeCaps
GdipClosePathFigures
GdipMultiplyPenTransform
GdipGetClip
GdipCreateBitmapFromHBITMAP
GdipCreateRegion
GdipScaleLineTransform
GdipAddPathClosedCurve2
GdipGetPenDashArray
GdipSetPenDashArray
GdipResetClip
GdipAddPathStringI
GdipDrawCachedBitmap
GdipGetRegionScansCount
GdipGetTextureImage
GdipEnumerateMetafileSrcRectDestRect
GdipGetImageType
GdipDrawBezierI
GdipSetImageAttributesThreshold
GdipGetMetafileDownLevelRasterizationLimit
GdipSetMetafileDownLevelRasterizationLimit
GdipGetWorldTransform
GdipIsVisiblePathPoint
GdipGetPathWorldBoundsI
GdipAddPathLine2
GdipCombineRegionRectI
GdipSetWorldTransform
GdipGetAllPropertyItems
GdipAddPathCurve2I
GdipAddPathCurve3I
GdipDrawPolygonI
GdipRecordMetafileFileNameI
GdipGetGenericFontFamilySerif
GdipDrawLine
GdipEnumerateMetafileDestPoints
GdipDrawCurve3
GdipGetPathWorldBounds
GdipGetHemfFromMetafile
GdipDrawPath
GdipGetPenFillType
GdipDrawRectangle
GdipCreateBitmapFromHICON
GdipTranslateTextureTransform
GdipSetImageAttributesNoOp
GdipTranslateMatrix
GdipFillRectangles
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipSetCompositingMode
GdipGetPropertyIdList
GdipDeleteStringFormat
GdipGetCompositingQuality
GdipSetCompositingQuality
GdipTranslateClipI
GdipGetDpiX
GdipSetLineSigmaBlend
GdipTransformMatrixPoints
GdipIsVisiblePathPointI
GdipCreateSolidFill
GdipBitmapSetResolution
GdipDrawRectangles
GdipGetGenericFontFamilySansSerif
GdipCreateBitmapFromGraphics
GdipGetMetafileHeaderFromStream
GdipSetImageAttributesGamma
GdipScaleWorldTransform
GdipIsMatrixInvertible
GdipDrawDriverString
GdipCreateFontFamilyFromName
GdipCreateMatrix2
GdipCreateBitmapFromResource
GdipIsVisibleRegionPoint
GdipCreateMetafileFromEmf
GdipCreateMetafileFromWmf
GdipCreateRegionRect
GdipCreateMatrix
GdipEndContainer
GdipComment
GdipGetImageVerticalResolution
GdipLoadImageFromStreamICM
GdipGetStringFormatTabStopCount
GdipCreateMetafileFromWmfFile
GdipGetCustomLineCapBaseInset
GdipSetCustomLineCapBaseInset
GdipIsInfiniteRegion
GdipResetWorldTransform
GdipImageGetFrameCount
GdipEnumerateMetafileSrcRectDestPointsI
GdipDrawImagePointsRect
GdipDrawPolygon
GdipDrawEllipse
GdipGetPathPoints
GdipAddPathArc
GdipIsClipEmpty
GdipGetCellDescent
GdipCreatePen2
GdipDrawClosedCurve
GdipGetMetafileHeaderFromMetafile
GdipDrawArcI
GdipRotateMatrix
GdipIsEqualRegion
GdipDrawPieI
GdipGetRenderingOrigin
GdipDeleteFont
GdipDeleteCustomLineCap
GdipGetStringFormatFlags
GdipSetStringFormatFlags
GdipCreateCachedBitmap
GdipMeasureDriverString
GdipRemovePropertyItem
GdipGetRegionHRgn
GdipIsStyleAvailable
GdipSetPenCompoundArray
GdipResetLineTransform
GdipGetImagePixelFormat
GdipGetImageHeight
GdipSaveGraphics
GdipCreateImageAttributes
GdipCombineRegionRegion
GdipCreateLineBrush
GdipFillPolygon
GdipDrawImageRect
GdipAddPathBezier
GdipFillEllipse
GdipDrawImageRectI
GdipRotatePenTransform
GdipSetTextureTransform
GdipGetFontHeightGivenDPI
GdipMeasureString
GdipAddPathBeziers
GdipEmfToWmfBits
GdipFillClosedCurve
GdipSetCustomLineCapBaseCap
GdipFillPolygonI
GdipBitmapLockBits
GdipLoadImageFromStream
GdipGetStringFormatTabStops
GdipCreateFont
GdipDrawImage
GdipAddPathRectangles
GdipDrawClosedCurveI
GdipCreateLineBrushFromRectI
GdipIsMatrixIdentity
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipFillPath
GdipFillClosedCurve2I
GdipCreateTexture2I
GdipCloneImageAttributes
GdipEnumerateMetafileDestRect
GdipBeginContainerI
GdipGetTextureWrapMode
GdipDeleteFontFamily
GdipGetLogFontA
GdipGraphicsClear
GdipAddPathPie
GdipDeleteRegion
GdipGetPropertySize
GdipAddPathCurve3
GdipCreateHalftonePalette
GdipLoadImageFromFileICM
GdipBitmapGetPixel
GdipCreateTexture
GdipBitmapSetPixel
GdipGetPenColor
GdipSetPenColor
GdipGetPenTransform
GdipSetPenTransform
GdipDrawLines
GdipCreateMetafileFromStream
GdipCreateFromHWND
GdipGetCellAscent
GdipCreateRegionRgnData
GdipCreateBitmapFromFile
GdipAddPathLine
GdipWindingModeOutline
GdipGetRegionBounds
GdipCreateHICONFromBitmap
GdipGetPixelOffsetMode
GdipGetImageThumbnail
GdipGetImagePaletteSize
GdipAddPathString
GdipGetImageWidth
GdipSaveAddImage
GdipTranslateLineTransform
GdipGetBrushType
GdipGetEncoderParameterListSize
GdipIsOutlineVisiblePathPointI
GdipGetHatchBackgroundColor
GdipTransformRegion
GdipSetPathMarker
GdipGetLinePresetBlendCount
GdipGetFontCollectionFamilyList
GdipAddPathPath
GdipSetStringFormatTrimming
GdipRotateLineTransform
GdipStringFormatGetGenericDefault
GdipGetPathLastPoint
GdipAddPathClosedCurveI
GdipGetFamilyName
GdipRecordMetafile
GdipCreateStringFormat
GdipFillPieI
GdipIsVisibleRect
GdipBeginContainer2
GdipDeleteMatrix
GdipFillClosedCurve2
GdipDrawBeziers
GdipMultiplyWorldTransform
GdipPlayMetafileRecord
GdipGetLogFontW
GdipIsOutlineVisiblePathPoint
GdipCreateLineBrushFromRectWithAngle
GdipGetPathTypes
GdipAddPathLine2I
GdipGetImageDimension
GdipSetPenLineCap197819
GdipEnumerateMetafileSrcRectDestPointI
GdipCreateFontFromLogfontW
GdipGetInterpolationMode
GdipSetInterpolationMode
GdipCloneStringFormat
GdipCreateFromHWNDICM
GdipDeleteGraphics
GdipCreateBitmapFromFileICM
GdipGetLinePresetBlend
GdipCloneBitmapArea
GdipSetLineTransform
GdipGetLineTransform
GdipFillRectangleI
GdipGetStringFormatHotkeyPrefix
GdipCloneFontFamily
GdipSetPenMode
GdipGetPenCustomStartCap
GdipSetPenCustomStartCap
GdipScalePenTransform
GdipAddPathArcI
GdipMultiplyTextureTransform
GdipDrawRectangleI
GdipCreateRegionRectI
GdipCreateLineBrushI
GdipGetImageFlags
GdipGetLineRectI
GdipTransformMatrixPointsI
GdipDrawImageRectRect
GdipSaveImageToStream
GdipResetPenTransform
GdipAddPathPieI
GdipEnumerateMetafileSrcRectDestPoint
GdipFlush
GdipTranslateRegionI
GdipGetPointCount
GdipTranslateClip
GdipCreateMatrix3I
GdipDrawImagePointRectI
GdipTransformPoints
GdipGetLineBlend
GdipBitmapUnlockBits
GdipSetLineBlend
GdipCloneBitmapAreaI
GdipDrawRectanglesI
GdipImageSelectActiveFrame
GdipCreateBitmapFromGdiDib
GdipIsEmptyRegion
GdipCreateBitmapFromScan0
GdipCreateLineBrushFromRect
GdipAddPathClosedCurve
GdipAddPathRectangle
GdipTransformPointsI
GdipDrawImagePointRect
GdipDrawString
GdipGetImageGraphicsContext
GdipGetMatrixElements
GdipCreateTextureIA
GdipSetImagePalette
GdipGetImagePalette
GdipGetStringFormatMeasurableCharacterRangeCount
GdipStartPathFigure
GdipSetMatrixElements
GdipIsMatrixEqual
GdipIsVisibleRectI
GdipGetPenCustomEndCap
GdipStringFormatGetGenericTypographic
GdipGetStringFormatLineAlign
GdipSetStringFormatLineAlign
GdipGetTextContrast
GdipSetTextContrast
GdipDrawEllipseI
GdipGetImageHorizontalResolution
GdipAddPathCurve2
GdipImageGetFrameDimensionsCount
GdipEnumerateMetafileSrcRectDestPoints
GdipCreatePath2
GdipCreateFontFromLogfontA
GdipSetClipRectI
GdipGetFamily
GdipDrawCurve2I
GdipDrawCurve3I
GdipGetRegionScansI
GdipSaveImageToFile
GdipCloneRegion
GdipIsVisiblePointI
GdipSetStringFormatMeasurableCharacterRanges
GdipSetImageAttributesToIdentity
GdipFillRectanglesI
GdipGetCustomLineCapStrokeJoin
GdipGetPenEndCap
GdipSetPenEndCap
GdipSetCustomLineCapStrokeJoin
GdipSetPenStartCap
GdipGetNearestColor
GdipSetStringFormatDigitSubstitution
GdipGetDpiY
GdipSetEmpty
GdipSetImageAttributesColorKeys
GdipGetPathPointsI
GdipGetPropertyCount
GdipGetRegionData
GdipInvertMatrix
GdipGetStringFormatAlign
GdipSetStringFormatAlign
GdipGetPathData
GdipCloneFont
GdipAddPathBezierI
GdipRotateWorldTransform
GdipGetVisibleClipBounds
GdipSetRenderingOrigin
GdipImageGetFrameDimensionsList
GdipSetInfinite
GdipScaleTextureTransform
GdipFillRegion
GdipSetPenLineJoin
GdipAddPathRectangleI
GdipTranslatePenTransform
GdipDrawBeziersI
GdipGetCompositingMode
GdipCloneMatrix
GdipRecordMetafileStreamI
GdipGetCustomLineCapWidthScale
GdipSetCustomLineCapWidthScale
GdipDrawImagePoints
GdipRotateTextureTransform
GdipSetClipRegion
GdipMeasureCharacterRanges
GdipGetPenDashCount
GdipDrawClosedCurve2I
GdipGetPropertyItemSize
GdipEnumerateMetafileDestRectI
GdipGetPathFillMode
GdipSetPathFillMode
GdipSetStringFormatHotkeyPrefix

gdi32

AddFontMemResourceEx
SetPaletteEntries
Pie
SetBkMode
GetRandomRgn
CreateCompatibleBitmap
CreatePolygonRgn
BeginPath
GetEnhMetaFileHeader
CloseEnhMetaFile
RectVisible
AngleArc
CloseFigure
StrokeAndFillPath
ResizePalette
SetAbortProc
SetTextColor
GetTextColor
StretchBlt
PathToRegion
SetArcDirection
ExtSelectClipRgn
RoundRect
SelectClipRgn
RestoreDC
FillPath
SetRectRgn
GetTextMetricsW
RemoveFontResourceW
GetWindowOrgEx
SetPixelV
CreatePalette
CreateDCW
CreateICW
CreatePen
FillRgn
PolyBezierTo
GetStockObject
CreateSolidBrush
GetBkMode
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
SetTextCharacterExtra
GetTextCharacterExtra
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
CreatePenIndirect
SetBitmapBits
GetEnhMetaFilePaletteEntries
SetMapMode
GetMapMode
CreateFontIndirectW
PolyBezier
ExtCreatePen
GetBitmapDimensionEx
LPtoDP
GetNearestColor
EndDoc
GetObjectW
GetCurrentObject
GetWinMetaFileBits
SetROP2
GetTextExtentExPointW
PtVisible
GetEnhMetaFileDescriptionW
CreateEllipticRgnIndirect
ArcTo
CreateEnhMetaFileW
Arc
CreateRectRgnIndirect
PolylineTo
TextOutW
SelectPalette
SetGraphicsMode
ExcludeClipRect
SetWindowOrgEx
MaskBlt
CreatePatternBrush
EndPage
EndPath
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
GetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
GetGlyphOutlineW
CreateBrushIndirect
StrokePath
PatBlt
SelectClipPath
SetEnhMetaFileBits
PlgBlt
Rectangle
DeleteDC
SaveDC
BitBlt
FrameRgn
SetWorldTransform
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
GetClipRgn
Polyline
IntersectClipRect
CreateBitmap
CombineRgn
SetWinMetaFileBits
CreateDIBitmap
GetStretchBltMode
CreateDIBSection
SetStretchBltMode
GetDIBits
ExtCreateRegion
LineTo
GetRgnBox
EnumFontFamiliesW
EnumFontsW
SetWindowExtEx
CreateHalftonePalette
DeleteObject
SelectObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
OffsetRgn
GetBkColor
SetBkColor
CreateCompatibleDC
GetObjectA
GetBrushOrgEx
GetCurrentPositionEx
SetDCPenColor
GetNearestPaletteIndex
SetTextAlign
GetTextAlign
RemoveFontMemResourceEx
CreateRoundRectRgn
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetViewportExtEx
SetPixel
PolyPolyline
EnumFontFamiliesExW
StretchDIBits
WidenPath
GetPaletteEntries

mpr

WNetGetUniversalNameW
WNetGetConnectionW

winmm

waveOutOpen
sndPlaySoundW
waveOutUnprepareHeader
waveOutGetDevCapsW
waveOutReset
timeGetTime
waveOutPause
waveOutGetPosition
mciSendStringW
waveOutSetVolume
waveOutGetVolume
waveOutPrepareHeader
waveOutRestart
waveOutWrite
waveOutClose

oleacc

LresultFromObject

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comdlg32

ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_DrawIndirect
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

SHBrowseForFolderW
DragQueryFileW
SHGetSpecialFolderLocation
Shell_NotifyIconW
ShellExecuteExW
SHGetPathFromIDListW
ExtractIconW
SHGetFileInfoW
SHGetFolderPathW
SHGetMalloc
SHGetDesktopFolder
SHChangeNotify
SHFileOperationW
ShellExecuteW

imagehlp

ImageEnumerateCertificates
ImageGetCertificateData
ImageGetCertificateHeader

ole32

CreateDataAdviseHolder
CoCreateGuid
CoCreateInstance
OleGetClipboard
OleSetClipboard
IsEqualGUID
OleFlushClipboard
CreateStreamOnHGlobal
CLSIDFromProgID
CoInitialize
CoTaskMemAlloc
DoDragDrop
StringFromCLSID
RevokeDragDrop
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
ReleaseStgMedium
RegisterDragDrop
CoLockObjectExternal
OleInitialize
OleUninitialize
CoInitializeEx
CoDisconnectObject
CoTaskMemFree

msdmo

MoFreeMediaType

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 17.8MB - Virtual size: 17.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 870KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 159B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 132B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b509a411c33b5c73b35d9ec43a489595

Headers

File Characteristics

Imports

winspool.drv

comctl32

shell32

user32

version

urlmon

oleaut32

advapi32

netapi32

msvcrt

kernel32

wsock32

ole32

gdi32

magnification

Exports

Exports

Sections

.text Size: - Virtual size: 4.0MB

.itext Size: - Virtual size: 11KB

.data Size: - Virtual size: 69KB

.bss Size: - Virtual size: 30KB

.idata Size: - Virtual size: 14KB

.didata Size: - Virtual size: 3KB

.edata Size: - Virtual size: 13KB

.rdata Size: - Virtual size: 69B

.ZhV Size: - Virtual size: 39.2MB

.l}U Size: 512B - Virtual size: 148B

.p_$ Size: 9.4MB - Virtual size: 9.4MB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 1024B - Virtual size: 884B

79056a8ee27da483e5fb00ff29982a49

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

bf:e7:a6:9f:40:b4:5d:48:64:56:dc:59:bb:91:86:cdCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

52:8c:f2:bf:f8:8d:b4:cf:0b:bb:c8:85:21:42:9e:ac:79:af:b9:54Signer

Headers

File Characteristics

Imports

d3d9

shlwapi

version

user32

olepro32

oleaut32

netapi32

advapi32

msvcrt

winhttp

kernel32

shfolder

wsock32

crypt32

gdiplus

gdi32

mpr

winmm

oleacc

winspool.drv

comdlg32

comctl32

.text
Size: - Virtual size: 4.0MB

.itext
Size: - Virtual size: 11KB

.data
Size: - Virtual size: 69KB

.bss
Size: - Virtual size: 30KB

.idata
Size: - Virtual size: 14KB

.didata
Size: - Virtual size: 3KB

.edata
Size: - Virtual size: 13KB

.rdata
Size: - Virtual size: 69B

.ZhV
Size: - Virtual size: 39.2MB

.l}U
Size: 512B - Virtual size: 148B

.p_$
Size: 9.4MB - Virtual size: 9.4MB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 1024B - Virtual size: 884B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

bf:e7:a6:9f:40:b4:5d:48:64:56:dc:59:bb:91:86:cd
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

52:8c:f2:bf:f8:8d:b4:cf:0b:bb:c8:85:21:42:9e:ac:79:af:b9:54
Signer

.text
Size: 17.8MB - Virtual size: 17.8MB

.itext
Size: 63KB - Virtual size: 62KB

.data
Size: 1.3MB - Virtual size: 1.3MB

.bss
Size: - Virtual size: 870KB

.idata
Size: 40KB - Virtual size: 40KB

.didata
Size: 30KB - Virtual size: 29KB

.edata
Size: 512B - Virtual size: 159B

.tls
Size: - Virtual size: 132B

.rdata
Size: 512B - Virtual size: 93B

.reloc
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 5.5MB - Virtual size: 5.5MB