J40M1RPFXWGIGFC04GDK8YDPFNFW5FF1FUWHNHL
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
QKNM5NMWZO2OKDWPK3COLF1PKYJ8CI4BZ28.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
QKNM5NMWZO2OKDWPK3COLF1PKYJ8CI4BZ28.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral3
Sample
Y79IVWDNW95AXJYRNC41RN49QWGCIS1VJLK23.exe
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral4
Sample
Y79IVWDNW95AXJYRNC41RN49QWGCIS1VJLK23.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
4d498ae8e98888c43803af5f6072a5f9_JaffaCakes118
-
Size
2.5MB
-
MD5
4d498ae8e98888c43803af5f6072a5f9
-
SHA1
32cadd0a941ec4db151cdb6a4d1e56aaebf2f682
-
SHA256
8d679216707e488dc79e56c8c2e3f755f726e4b2a7dde24b4dd451a00fc7c664
-
SHA512
270fe48dd65353781179d7bc24d09633bff6a913766456a15be8c58b40d99b3bf4603a2448462dd1e755217ee85938d87a0046d34894b7cc9ab440c45e8fef05
-
SSDEEP
49152:E9oFZRuUxIjYXmNC3Bv45VNzBZeTV9nuGXHqpKUJkmdNlZ20uShi2R7:E9oFZQOLsCRvGTVUTPuG3qTZNa01hPR7
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/QKNM5NMWZO2OKDWPK3COLF1PKYJ8CI4BZ28
Files
-
4d498ae8e98888c43803af5f6072a5f9_JaffaCakes118.zip
-
QKNM5NMWZO2OKDWPK3COLF1PKYJ8CI4BZ28.dll windows:5 windows x86 arch:x86
8581de159879d4b53473ca2303cba518
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
Imports
winmm
PlaySoundW
wininet
InternetCloseHandle
InternetReadFile
InternetOpenW
InternetOpenUrlW
winspool.drv
DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW
comctl32
ImageList_GetImageInfo
FlatSB_SetScrollInfo
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage
shell32
SHGetSpecialFolderLocation
IsUserAnAdmin
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
user32
DdeSetUserHandle
CopyImage
SetMenuItemInfoW
GetMenuItemInfoW
DefFrameProcW
GetDlgCtrlID
FrameRect
VkKeyScanA
RegisterWindowMessageW
GetMenuStringW
FillRect
DdeCmpStringHandles
SendMessageA
IsClipboardFormatAvailable
EnumWindows
ShowOwnedPopups
GetClassInfoW
GetScrollRange
SetActiveWindow
GetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
EnumChildWindows
SendNotifyMessageW
GetScrollBarInfo
UnhookWindowsHookEx
SetCapture
GetCapture
ShowCaret
CreatePopupMenu
GetMenuItemID
CharLowerBuffW
PostMessageW
SetWindowLongW
IsZoomed
SetParent
DrawMenuBar
SetSystemCursor
GetClientRect
IsChild
IsIconic
CallNextHookEx
DdeDisconnect
ShowWindow
GetWindowTextW
SetForegroundWindow
GetAsyncKeyState
IsDialogMessageW
DestroyWindow
RegisterClassW
EndMenu
CharNextW
GetFocus
GetDC
SetFocus
ReleaseDC
mouse_event
ExitWindowsEx
GetClassLongW
SetScrollRange
DrawTextW
PeekMessageA
MessageBeep
SetClassLongW
RemovePropW
AttachThreadInput
GetSubMenu
DestroyIcon
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
GetMessageTime
DdeNameService
DdeAccessData
LoadStringW
CreateMenu
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
GetSysColorBrush
GetWindowDC
DdeQueryConvInfo
DrawTextExW
CharLowerBuffA
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
GetSysColor
EnableScrollBar
TrackPopupMenu
keybd_event
DrawIconEx
DdePostAdvise
GetClassNameW
DdeCreateDataHandle
GetMessagePos
GetIconInfo
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
SetCursorPos
GetCursorPos
SetMenu
GetMenuState
GetMenu
SetRect
GetKeyState
GetCursor
KillTimer
WaitMessage
TranslateMDISysAccel
GetWindowPlacement
CreateWindowExW
GetMessageW
GetDCEx
PeekMessageW
MonitorFromWindow
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
DdeUnaccessData
MapVirtualKeyW
IsWindowUnicode
DispatchMessageW
CreateAcceleratorTableW
DefMDIChildProcW
GetSystemMenu
SetScrollPos
GetScrollPos
DdeClientTransaction
InflateRect
DrawFocusRect
ReleaseCapture
LoadCursorW
DdeConnect
ScrollWindow
GetLastActivePopup
DdeUninitialize
GetSystemMetrics
CharUpperBuffW
SetClipboardData
GetClipboardData
ClientToScreen
SetWindowPlacement
DdeFreeStringHandle
GetMonitorInfoW
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
EnableWindow
GetWindowThreadProcessId
RedrawWindow
EndPaint
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
ActivateKeyboardLayout
GetParent
MonitorFromRect
InsertMenuItemW
DdeQueryStringA
GetPropW
MessageBoxW
SetPropW
UpdateWindow
MsgWaitForMultipleObjects
VkKeyScanW
DestroyMenu
SetWindowsHookExW
EmptyClipboard
AdjustWindowRectEx
IsWindow
DrawIcon
EnumThreadWindows
InvalidateRect
SetKeyboardState
GetKeyboardState
ScreenToClient
DrawFrameControl
DdeFreeDataHandle
SetCursor
CreateIcon
DdeInitializeA
RemoveMenu
DdeCreateStringHandleA
GetKeyboardLayoutNameW
OpenClipboard
TranslateMessage
MapWindowPoints
EnumDisplayMonitors
CountClipboardFormats
CallWindowProcW
CloseClipboard
DestroyCursor
PostMessageA
CharUpperBuffA
CopyIcon
PostQuitMessage
DdeGetLastError
ShowScrollBar
EnableMenuItem
HideCaret
FindWindowExW
MonitorFromPoint
LoadIconW
SystemParametersInfoW
GetWindow
GetWindowRect
GetWindowLongW
InsertMenuW
PostThreadMessageW
IsWindowEnabled
IsDialogMessageA
FindWindowW
GetKeyboardLayout
DeleteMenu
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
oleaut32
GetErrorInfo
SysFreeString
VariantClear
VariantInit
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
GetActiveObject
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType
advapi32
RegSetValueExW
RegConnectRegistryW
OpenThreadToken
GetUserNameW
SetSecurityDescriptorSacl
RegQueryInfoKeyW
IsValidAcl
RegUnLoadKeyW
IsValidSid
RegSaveKeyW
GetLengthSid
RegReplaceKeyW
GetSidSubAuthority
GetTokenInformation
AddAccessAllowedAce
LookupAccountSidW
RegCreateKeyExW
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
InitializeAcl
RegLoadKeyW
RegEnumKeyExW
AdjustTokenPrivileges
SetSecurityDescriptorGroup
GetSidIdentifierAuthority
SetSecurityInfo
RegDeleteKeyW
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegOpenKeyExA
AllocateAndInitializeSid
FreeSid
RegDeleteValueW
RegFlushKey
RegQueryValueExW
RegQueryValueExA
RegEnumValueW
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegCloseKey
RegRestoreKeyW
netapi32
NetWkstaGetInfo
NetApiBufferFree
msvcrt
memcpy
memset
winhttp
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption
kernel32
SetFileAttributesW
GetFileType
SetFileTime
FlushViewOfFile
QueryDosDeviceW
GetACP
GetStringTypeExW
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TlsAlloc
OpenFileMappingW
TerminateThread
QueryPerformanceFrequency
SetProcessWorkingSetSize
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
HeapAlloc
ExitProcess
GetCPInfoExW
GlobalSize
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
GetUserDefaultLCID
MapViewOfFileEx
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
MapViewOfFile
LoadLibraryA
GetVolumeInformationW
ResetEvent
OpenEventW
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
GetLogicalDrives
GetFileAttributesExW
LockResource
LoadLibraryExW
TerminateProcess
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
GlobalFindAtomW
VirtualQuery
GlobalFree
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
GetStringTypeExA
LoadResource
SuspendThread
GetTickCount
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
GlobalLock
SetThreadPriority
VirtualAlloc
GetTempPathW
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetLogicalDriveStringsW
WinExec
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
SignalObjectAndWait
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
TlsFree
GetConsoleOutputCP
UnmapViewOfFile
GetConsoleCP
lstrlenW
CompareStringA
SetEndOfFile
QueryPerformanceCounter
WaitForSingleObjectEx
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
SystemTimeToFileTime
EnumResourceNamesW
DeleteFileW
IsDBCSLeadByteEx
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
TzSpecificLocalTimeToSystemTime
PulseEvent
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale
wsock32
gethostbyaddr
WSACleanup
gethostbyname
bind
gethostname
closesocket
WSAGetLastError
connect
inet_addr
getpeername
WSAAsyncSelect
WSAAsyncGetServByName
WSACancelAsyncRequest
send
ntohs
htons
WSAStartup
getservbyname
getsockname
listen
socket
recv
inet_ntoa
ioctlsocket
WSAAsyncGetHostByName
ole32
OleRegEnumVerbs
IsAccelerator
CreateBindCtx
MkParseDisplayName
CoCreateInstance
CoUninitialize
IsEqualGUID
ProgIDFromCLSID
CreateStreamOnHGlobal
OleInitialize
CLSIDFromProgID
OleUninitialize
CoGetClassObject
CoInitialize
CoTaskMemFree
OleDraw
CoTaskMemAlloc
StringFromCLSID
OleSetMenuDescriptor
gdi32
Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
CloseEnhMetaFile
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
CreatePenIndirect
SetMapMode
CreateFontIndirectW
PolyBezier
LPtoDP
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
CreateEnhMetaFileW
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
CreateEllipticRgn
Rectangle
SaveDC
DeleteDC
BitBlt
FrameRgn
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
CombineRgn
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries
Exports
Exports
Sections
iyyv!o&( Size: 3.7MB - Virtual size: 3.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
nI%EbN_r Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
<7_sv8-= Size: 76KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
!mDR'&>R Size: - Virtual size: 544KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
2`8SZTQs Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
O35jmJZ( Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.4BwA=Iz Size: 512B - Virtual size: 211B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
)><%%)4E Size: 512B - Virtual size: 69B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QXg!z<8" Size: 549KB - Virtual size: 549KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
E+;KS_^; Size: 333KB - Virtual size: 333KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
!nuOW`5p Size: 313KB - Virtual size: 312KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
VJ6HHB14GA6MKWJNZ0615VH3M2
-
Y79IVWDNW95AXJYRNC41RN49QWGCIS1VJLK23.exe windows:5 windows x86 arch:x86
6ae531f3439aee07e850dbb1ac7115a4
Code Sign
48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignNot Before15-06-2016 00:00Not After15-06-2024 00:00SubjectCN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
42:f7:ce:c0:08:6a:c8:87:bb:81:ba:16Certificate
IssuerCN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BENot Before24-01-2018 09:39Not After04-07-2020 06:50SubjectCN=AutoIt Consulting Ltd,O=AutoIt Consulting Ltd,L=Birmingham,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
13:b7:74:ee:59:e3:5e:c6:06:26:16:89Certificate
IssuerCN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BENot Before28-02-2018 10:00Not After18-03-2029 10:00SubjectCN=GlobalSign TSA for Advanced - G3 - 002-02,O=GMO GlobalSign K.K.,C=JPExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
04:00:00:00:00:01:31:89:c6:50:04Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignNot Before02-08-2011 10:00Not After29-03-2029 10:00SubjectCN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageCertSign
KeyUsageCRLSign
04:00:00:00:00:01:21:58:53:08:a2Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignNot Before18-03-2009 10:00Not After18-03-2029 10:00SubjectCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
ef:6a:b2:a0:69:2a:c4:4c:10:3d:fd:54:f2:65:c9:56:36:40:84:e1:a9:e6:56:a1:6d:7f:5d:d8:5d:7b:03:94Signer
Actual PE Digestef:6a:b2:a0:69:2a:c4:4c:10:3d:fd:54:f2:65:c9:56:36:40:84:e1:a9:e6:56:a1:6d:7f:5d:d8:5d:7b:03:94Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
wsock32
WSACleanup
socket
inet_ntoa
setsockopt
ntohs
recvfrom
ioctlsocket
htons
WSAStartup
__WSAFDIsSet
select
accept
listen
bind
closesocket
WSAGetLastError
recv
sendto
send
inet_addr
gethostbyname
gethostname
connect
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
winmm
timeGetTime
waveOutSetVolume
mciSendStringW
comctl32
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create
mpr
WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W
wininet
InternetQueryDataAvailable
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetConnectW
psapi
GetProcessMemoryInfo
iphlpapi
IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho
userenv
DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW
uxtheme
IsThemeActive
kernel32
DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetModuleFileNameW
SetCurrentDirectoryW
GetShortPathNameW
DeleteFileW
FindNextFileW
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
GetCurrentProcess
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
SetErrorMode
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
LoadLibraryW
VirtualAlloc
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentThread
CloseHandle
EnterCriticalSection
GetFullPathNameW
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetLongPathNameW
SetEnvironmentVariableA
user32
AdjustWindowRectEx
CopyImage
SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
SetRect
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
MonitorFromRect
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterHotKey
CheckMenuRadioItem
CharLowerBuffW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
LoadImageW
GetClassNameW
gdi32
StrokePath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
GetDeviceCaps
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
DeleteDC
GetPixel
CreateDCW
GetStockObject
GetTextFaceW
CreateFontW
SetTextColor
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
StrokeAndFillPath
comdlg32
GetOpenFileNameW
GetSaveFileNameW
advapi32
GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
RegCreateKeyExW
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
AddAce
SetSecurityDescriptorDacl
GetUserNameW
InitiateSystemShutdownExW
shell32
DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish
ole32
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
IIDFromString
CoSetProxyBlanket
CoCreateInstanceEx
oleaut32
CreateDispTypeInfo
VariantCopyInd
SysReAllocString
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
CreateStdDispatch
VarR8FromDec
SafeArrayGetVartype
OleLoadPicture
QueryPathOfRegTypeLi
LoadTypeLibEx
RegisterTypeLi
RegisterTypeLibForUser
VariantCopy
VariantClear
UnRegisterTypeLibForUser
UnRegisterTypeLi
DispCallFunc
VariantChangeType
SysStringLen
VariantTimeToSystemTime
SysAllocString
VariantInit
Sections
.text Size: 570KB - Virtual size: 569KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 191KB - Virtual size: 191KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 54KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ