D:\work\skycode_2018\bin\x64\MxSetup.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-05-24_064cb8905bfc13f9022041f4c406ff2f_gazer_ryuk.exe
Resource
win7-20240508-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-05-24_064cb8905bfc13f9022041f4c406ff2f_gazer_ryuk.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
2024-05-24_064cb8905bfc13f9022041f4c406ff2f_gazer_ryuk
-
Size
7.1MB
-
MD5
064cb8905bfc13f9022041f4c406ff2f
-
SHA1
7953b6bbc5ede04d02fc99d887b988f844b835a5
-
SHA256
0254e1e4bbcd4f1f72cd5dcef9301284901cf7cf9ba9c325f178daaa2ad7f3ce
-
SHA512
a8c2840e915b6cc26d87c4ab10c96e46b17022afe40262fd863cc65d9e5b1d39a349462579a7718362bace563de245afac943eaf80b77ae2f9c80a1fb7561dad
-
SSDEEP
98304:rJQkTsMA6zPTLmSvLG+46sljXm8ohMQa:rnwMA6zPTyUa+4w
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-05-24_064cb8905bfc13f9022041f4c406ff2f_gazer_ryuk
Files
-
2024-05-24_064cb8905bfc13f9022041f4c406ff2f_gazer_ryuk.exe windows:6 windows x64 arch:x64
755f2af467d8d59063d3c59d3f93014a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
QueryPerformanceCounter
QueryPerformanceFrequency
CreateEventA
CreateWaitableTimerA
CreateThread
TerminateThread
SetEvent
CancelWaitableTimer
WaitForSingleObject
WaitForMultipleObjects
SetWaitableTimer
GetFileTime
CreateDirectoryA
SystemTimeToFileTime
GetCurrentProcessId
CloseHandle
Process32Next
lstrlenA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileInformationByHandle
CreateFileA
CopyFileA
LocalFileTimeToFileTime
CreateToolhelp32Snapshot
GetCommandLineA
Module32First
FindNextFileA
Module32Next
SetFileTime
FindFirstFileA
GetFileAttributesExA
Process32First
GetModuleFileNameA
GetLastError
LoadLibraryA
GetModuleHandleA
GetModuleFileNameW
MultiByteToWideChar
GetVersionExA
SetEndOfFile
HeapSize
WriteConsoleW
GetCurrentDirectoryW
GetFileAttributesExW
GetProcessHeap
SetEnvironmentVariableA
GetLocalTime
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExA
FlushFileBuffers
HeapReAlloc
GetTimeZoneInformation
GetConsoleCP
SetStdHandle
ReadConsoleW
GetConsoleMode
GetStringTypeW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetACP
GetCommandLineW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
RaiseException
EncodePointer
RtlPcToFileHeader
DeleteFileW
GetFileSizeEx
CreateDirectoryW
CreateFileW
SetFilePointer
WriteFile
GetSystemTime
CreateMutexA
GetVersionExW
GetTickCount
MulDiv
FindResourceW
SizeofResource
LockResource
LoadResource
FreeResource
SetLastError
GetFullPathNameW
FindFirstFileW
FindClose
IsBadReadPtr
GetCurrentThreadId
GetFileAttributesW
FlushInstructionCache
GetCurrentProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
Sleep
GetModuleHandleW
RemoveDirectoryA
DeleteFileA
ReleaseMutex
lstrlenW
FindNextFileW
FormatMessageA
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
GetEnvironmentVariableA
MoveFileExA
VerifyVersionInfoA
GetSystemDirectoryA
VerSetConditionMask
SleepEx
InitializeCriticalSectionEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
CreateEventW
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
FreeLibrary
GetProcAddress
LoadLibraryW
OutputDebugStringA
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
FreeEnvironmentStringsW
GlobalUnlock
GlobalLock
GlobalAlloc
LocalFree
user32
SystemParametersInfoW
IntersectRect
UnionRect
IsRectEmpty
EqualRect
PtInRect
SetRect
SetCursor
KillTimer
SetTimer
DestroyWindow
IsWindow
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
CreateWindowExW
GetDlgItem
GetClientRect
MapWindowPoints
GetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
GetParent
InflateRect
LoadCursorW
MonitorFromWindow
GetMonitorInfoW
DestroyCursor
SetFocus
GetFocus
DrawIconEx
GetKeyState
TrackMouseEvent
PostMessageW
PostQuitMessage
AnimateWindow
SetLayeredWindowAttributes
IsIconic
IsZoomed
SendMessageW
ClientToScreen
GetCapture
SetCapture
ReleaseCapture
UpdateWindow
BeginPaint
EndPaint
InvalidateRect
GetActiveWindow
CopyRect
GetWindowRect
GetDC
SetWindowPos
SetWindowTextW
GetCursorPos
CreateCaret
GetCaretBlinkTime
HideCaret
SetCaretPos
ScreenToClient
GetClassNameW
DestroyIcon
OffsetRect
IsMenu
MonitorFromRect
ShowWindow
ReleaseDC
GetWindow
PostMessageA
DefWindowProcA
CreateWindowExA
SetWindowLongPtrA
GetForegroundWindow
MsgWaitForMultipleObjects
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
DrawTextW
IsWindowVisible
GetWindowPlacement
GetSystemMetrics
EnableMenuItem
GetIconInfo
CharNextW
LoadImageW
CreateIconFromResource
LoadBitmapW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetDesktopWindow
SetActiveWindow
EnableWindow
LoadIconW
MessageBoxW
GetSysColor
SetMenuContextHelpId
SetForegroundWindow
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
DeleteMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
CheckMenuItem
DestroyMenu
CreatePopupMenu
IsWindowEnabled
gdi32
Rectangle
GetStockObject
GetClipBox
CreateSolidBrush
CreateFontIndirectW
SetGraphicsMode
SelectObject
SetBkMode
CreateCompatibleDC
CreateBitmap
DeleteObject
CreateRoundRectRgn
EnumFontsW
BitBlt
GetDeviceCaps
SetTextAlign
GdiFlush
GetRegionData
IntersectClipRect
SelectClipRgn
CreateDIBSection
GetObjectW
GetDCOrgEx
StretchBlt
CreateCompatibleBitmap
SetViewportOrgEx
GetCurrentObject
GetViewportOrgEx
GetTextMetricsW
SetWorldTransform
ExtTextOutW
GetTextFaceW
DeleteDC
ExtCreateRegion
EnumFontFamiliesExW
GetCharABCWidthsW
GetFontData
GetGlyphOutlineW
GetOutlineTextMetricsW
GetFontUnicodeRanges
GetGlyphIndicesW
GetTextExtentPointI
AddFontMemResourceEx
RemoveFontMemResourceEx
SetTextColor
advapi32
CryptDestroyKey
CryptEncrypt
CryptSetHashParam
CryptSetKeyParam
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
CryptImportKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
CryptDuplicateHash
shell32
SHGetSpecialFolderPathA
ShellExecuteA
ShellExecuteW
ole32
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateGuid
CoInitialize
CreateBindCtx
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
OleLockRunning
OleInitialize
OleUninitialize
oleaut32
SysAllocString
SysFreeString
shlwapi
StrToIntExW
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
dwmapi
DwmExtendFrameIntoClientArea
DwmSetWindowAttribute
imm32
ImmGetContext
ImmReleaseContext
ImmAssociateContext
netapi32
Netbios
iphlpapi
GetAdaptersInfo
dbghelp
MakeSureDirectoryPathExists
gdiplus
GdipAlloc
GdipFree
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipGraphicsClear
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
ws2_32
sendto
recvfrom
shutdown
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
gethostname
connect
bind
inet_pton
send
recv
freeaddrinfo
WSAGetLastError
closesocket
wldap32
ord79
ord35
ord301
ord200
ord30
ord46
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord211
ord60
ord143
usp10
ScriptItemize
ScriptShape
ScriptFreeCache
opengl32
wglGetProcAddress
wglGetCurrentContext
Exports
Exports
??0cAsyncManager@@QEAA@$$QEAV0@@Z
??0cAsyncManager@@QEAA@AEBV0@@Z
??0cAsyncManager@@QEAA@XZ
??0cEventSystem@@QEAA@$$QEAV0@@Z
??0cEventSystem@@QEAA@AEBV0@@Z
??0cEventSystem@@QEAA@XZ
??0cHttp@@QEAA@$$QEAV0@@Z
??0cHttp@@QEAA@AEBV0@@Z
??0cHttp@@QEAA@XZ
??0cList@@QEAA@AEBV0@@Z
??0cList@@QEAA@XZ
??0cLock@@QEAA@$$QEAV0@@Z
??0cLock@@QEAA@AEBV0@@Z
??0cLock@@QEAA@XZ
??0cStream@@QEAA@$$QEAV0@@Z
??0cStream@@QEAA@AEBV0@@Z
??0cStream@@QEAA@XZ
??0cStreamFile@@QEAA@$$QEAV0@@Z
??0cStreamFile@@QEAA@AEBV0@@Z
??0cStreamFile@@QEAA@XZ
??0cStreamMemory@@QEAA@$$QEAV0@@Z
??0cStreamMemory@@QEAA@AEBV0@@Z
??0cStreamMemory@@QEAA@XZ
??0cString@@QEAA@AEBV0@@Z
??0cString@@QEAA@H@Z
??0cString@@QEAA@PEBDH@Z
??0cStringList@@QEAA@AEBV0@@Z
??0cStringList@@QEAA@XZ
??0cTable@@QEAA@AEBV0@@Z
??0cTable@@QEAA@PEBE@Z
??0cTable@@QEAA@XZ
??0cTask@@QEAA@$$QEAV0@@Z
??0cTask@@QEAA@AEBV0@@Z
??0cTask@@QEAA@XZ
??0cTaskSystem@@QEAA@$$QEAV0@@Z
??0cTaskSystem@@QEAA@AEBV0@@Z
??0cTaskSystem@@QEAA@XZ
??0cThread@@QEAA@$$QEAV0@@Z
??0cThread@@QEAA@AEBV0@@Z
??0cThread@@QEAA@XZ
??0cTimer@@QEAA@$$QEAV0@@Z
??0cTimer@@QEAA@AEBV0@@Z
??0cTimer@@QEAA@XZ
??0cUnicodeString@@QEAA@AEBV0@@Z
??0cUnicodeString@@QEAA@PEB_WH@Z
??0cUnicodeString@@QEAA@XZ
??0sValue@@QEAA@AEBU0@@Z
??0sValue@@QEAA@W4eValueType@@@Z
??0sValueBool@@QEAA@AEBU0@@Z
??0sValueBool@@QEAA@XZ
??0sValueByte@@QEAA@AEBU0@@Z
??0sValueByte@@QEAA@XZ
??0sValueData@@QEAA@AEBU0@@Z
??0sValueData@@QEAA@XZ
??0sValueDouble@@QEAA@AEBU0@@Z
??0sValueDouble@@QEAA@XZ
??0sValueFloat@@QEAA@AEBU0@@Z
??0sValueFloat@@QEAA@XZ
??0sValueInt64@@QEAA@AEBU0@@Z
??0sValueInt64@@QEAA@XZ
??0sValueInt@@QEAA@AEBU0@@Z
??0sValueInt@@QEAA@XZ
??0sValueList@@QEAA@AEBU0@@Z
??0sValueList@@QEAA@XZ
??0sValueShort@@QEAA@AEBU0@@Z
??0sValueShort@@QEAA@XZ
??0sValueString@@QEAA@AEBU0@@Z
??0sValueString@@QEAA@XZ
??0sValueTable@@QEAA@AEBU0@@Z
??0sValueTable@@QEAA@XZ
??1cList@@UEAA@XZ
??1cString@@QEAA@XZ
??1cStringList@@QEAA@XZ
??1cTable@@UEAA@XZ
??1cUnicodeString@@QEAA@XZ
??1sValue@@UEAA@XZ
??1sValueBool@@UEAA@XZ
??1sValueByte@@UEAA@XZ
??1sValueData@@UEAA@XZ
??1sValueDouble@@UEAA@XZ
??1sValueFloat@@UEAA@XZ
??1sValueInt64@@UEAA@XZ
??1sValueInt@@UEAA@XZ
??1sValueList@@UEAA@XZ
??1sValueShort@@UEAA@XZ
??1sValueString@@UEAA@XZ
??1sValueTable@@UEAA@XZ
??4cAsyncManager@@QEAAAEAV0@$$QEAV0@@Z
??4cAsyncManager@@QEAAAEAV0@AEBV0@@Z
??4cEventSystem@@QEAAAEAV0@$$QEAV0@@Z
??4cEventSystem@@QEAAAEAV0@AEBV0@@Z
??4cHttp@@QEAAAEAV0@$$QEAV0@@Z
??4cHttp@@QEAAAEAV0@AEBV0@@Z
??4cList@@QEAAAEAV0@AEBV0@@Z
??4cLock@@QEAAAEAV0@$$QEAV0@@Z
??4cLock@@QEAAAEAV0@AEBV0@@Z
??4cStream@@QEAAAEAV0@$$QEAV0@@Z
??4cStream@@QEAAAEAV0@AEBV0@@Z
??4cStreamFile@@QEAAAEAV0@$$QEAV0@@Z
??4cStreamFile@@QEAAAEAV0@AEBV0@@Z
??4cStreamMemory@@QEAAAEAV0@$$QEAV0@@Z
??4cStreamMemory@@QEAAAEAV0@AEBV0@@Z
??4cString@@QEAAAEAV0@AEBV0@@Z
??4cString@@QEAAAEAV0@D@Z
??4cString@@QEAAAEAV0@PEBD@Z
??4cStringList@@QEAAAEAV0@AEBV0@@Z
??4cTable@@QEAAAEAV0@AEBV0@@Z
??4cTask@@QEAAAEAV0@$$QEAV0@@Z
??4cTask@@QEAAAEAV0@AEBV0@@Z
??4cTaskSystem@@QEAAAEAV0@$$QEAV0@@Z
??4cTaskSystem@@QEAAAEAV0@AEBV0@@Z
??4cThread@@QEAAAEAV0@$$QEAV0@@Z
??4cThread@@QEAAAEAV0@AEBV0@@Z
??4cTimer@@QEAAAEAV0@$$QEAV0@@Z
??4cTimer@@QEAAAEAV0@AEBV0@@Z
??4cUnicodeString@@QEAAAEAV0@AEBV0@@Z
??4cUnicodeString@@QEAAAEAV0@PEB_W@Z
??4cUtil@@QEAAAEAV0@$$QEAV0@@Z
??4cUtil@@QEAAAEAV0@AEBV0@@Z
??4sValue@@QEAAAEAU0@AEBU0@@Z
??4sValueBool@@QEAAAEAU0@AEBU0@@Z
??4sValueByte@@QEAAAEAU0@AEBU0@@Z
??4sValueData@@QEAAAEAU0@AEBU0@@Z
??4sValueDouble@@QEAAAEAU0@AEBU0@@Z
??4sValueFloat@@QEAAAEAU0@AEBU0@@Z
??4sValueInt64@@QEAAAEAU0@AEBU0@@Z
??4sValueInt@@QEAAAEAU0@AEBU0@@Z
??4sValueList@@QEAAAEAU0@AEBU0@@Z
??4sValueShort@@QEAAAEAU0@AEBU0@@Z
??4sValueString@@QEAAAEAU0@AEBU0@@Z
??4sValueTable@@QEAAAEAU0@AEBU0@@Z
??8cString@@QEBA_NAEBV0@@Z
??8cString@@QEBA_NPEBD@Z
??8cUnicodeString@@QEBA_NAEBV0@@Z
??8cUnicodeString@@QEBA_NPEB_W@Z
??9cString@@QEBA_NAEBV0@@Z
??9cString@@QEBA_NPEBD@Z
??9cUnicodeString@@QEBA_NAEBV0@@Z
??9cUnicodeString@@QEBA_NPEB_W@Z
??HcString@@QEBA?AV0@AEBV0@@Z
??HcString@@QEBA?AV0@D@Z
??HcString@@QEBA?AV0@PEBD@Z
??McString@@QEBA_NAEBV0@@Z
??McString@@QEBA_NPEBD@Z
??McUnicodeString@@QEBA_NAEBV0@@Z
??McUnicodeString@@QEBA_NPEB_W@Z
??OcString@@QEBA_NAEBV0@@Z
??OcString@@QEBA_NPEBD@Z
??OcUnicodeString@@QEBA_NAEBV0@@Z
??OcUnicodeString@@QEBA_NPEB_W@Z
??YcString@@QEAAAEAV0@AEBV0@@Z
??YcString@@QEAAAEAV0@D@Z
??YcString@@QEAAAEAV0@PEBD@Z
??YcUnicodeString@@QEAAAEAV0@AEBV0@@Z
??YcUnicodeString@@QEAAAEAV0@PEB_W@Z
??_7cAsyncManager@@6B@
??_7cEventSystem@@6B@
??_7cHttp@@6B@
??_7cList@@6B@
??_7cLock@@6B@
??_7cStream@@6B@
??_7cStreamFile@@6B@
??_7cStreamMemory@@6B@
??_7cTable@@6B@
??_7cTask@@6B@
??_7cTaskSystem@@6B@
??_7cThread@@6B@
??_7cTimer@@6B@
??_7sValue@@6B@
??_7sValueBool@@6B@
??_7sValueByte@@6B@
??_7sValueData@@6B@
??_7sValueDouble@@6B@
??_7sValueFloat@@6B@
??_7sValueInt64@@6B@
??_7sValueInt@@6B@
??_7sValueList@@6B@
??_7sValueShort@@6B@
??_7sValueString@@6B@
??_7sValueTable@@6B@
?EMPTY@cString@@2V1@A
?EMPTY@cUnicodeString@@2V1@A
?addBool@cList@@QEAAX_N@Z
?addBool@cTable@@QEAAXPEBD_N@Z
?addByte@cList@@QEAAXE@Z
?addByte@cTable@@QEAAXPEBDE@Z
?addData@cTable@@QEAAXPEBDPEBXH@Z
?addDouble@cList@@QEAAXN@Z
?addDouble@cTable@@QEAAXPEBDN@Z
?addFloat@cList@@QEAAXM@Z
?addFloat@cTable@@QEAAXPEBDM@Z
?addInt64@cList@@QEAAX_J@Z
?addInt64@cTable@@QEAAXPEBD_J@Z
?addInt@cList@@QEAAXH@Z
?addInt@cTable@@QEAAXPEBDH@Z
?addList@cList@@QEAAPEAV1@XZ
?addList@cTable@@QEAAPEAVcList@@PEBD@Z
?addShort@cList@@QEAAXF@Z
?addShort@cTable@@QEAAXPEBDF@Z
?addString@cList@@QEAAXPEBD@Z
?addString@cTable@@QEAAXPEBD0H@Z
?addTable@cList@@QEAAPEAVcTable@@XZ
?addTable@cTable@@QEAAPEAV1@PEBD@Z
?addValue@cList@@QEAAXPEAUsValue@@@Z
?addValue@cTable@@QEAAXPEBDPEAUsValue@@@Z
?aesDecryptCBC@cUtil@@SAXPEBEPEAEPEBXHPEAX@Z
?aesEncryptCBC@cUtil@@SAXPEBEPEAEPEBXHPEAX@Z
?ansiToUnicode@cUtil@@SA?AVcUnicodeString@@PEBD@Z
?ansiToUtf8@cUtil@@SA?AVcString@@PEBD@Z
?append@cString@@QEAAXAEBV1@@Z
?append@cString@@QEAAXD@Z
?append@cString@@QEAAXPEBDH@Z
?append@cStringList@@QEAAXPEBDH@Z
?append@cUnicodeString@@QEAAXPEB_WH@Z
?base64Decode@cUtil@@SAXPEBDHPEAEPEAH@Z
?base64Encode@cUtil@@SA?AVcString@@PEBXH@Z
?base64Encode@cUtil@@SAXPEBXHPEADPEAH@Z
?clear@cList@@QEAAXXZ
?clear@cString@@QEAAXXZ
?clear@cTable@@QEAAXXZ
?clone@cList@@QEBAPEAV1@XZ
?clone@cTable@@QEBAPEAV1@XZ
?clone@sValue@@UEBAPEAU1@XZ
?clone@sValueBool@@UEBAPEAUsValue@@XZ
?clone@sValueByte@@UEBAPEAUsValue@@XZ
?clone@sValueData@@UEBAPEAUsValue@@XZ
?clone@sValueDouble@@UEBAPEAUsValue@@XZ
?clone@sValueFloat@@UEBAPEAUsValue@@XZ
?clone@sValueInt64@@UEBAPEAUsValue@@XZ
?clone@sValueInt@@UEBAPEAUsValue@@XZ
?clone@sValueList@@UEBAPEAUsValue@@XZ
?clone@sValueShort@@UEBAPEAUsValue@@XZ
?clone@sValueString@@UEBAPEAUsValue@@XZ
?clone@sValueTable@@UEBAPEAUsValue@@XZ
?compare@cString@@QEBAHAEBV1@_N@Z
?compare@cString@@QEBAHPEBD_N@Z
?compare@cString@@SAHPEBX0@Z
?copyDirectory@cUtil@@SA_NPEBD0@Z
?copyFile@cUtil@@SA_NPEBD0_N@Z
?create@sValue@@SAPEAU1@W4eValueType@@@Z
?createDirectory@cUtil@@SA_NPEBD@Z
?decodeUri@cUtil@@SA?AVcString@@PEBDH@Z
?deleteDirectory@cUtil@@SA_NPEBD@Z
?deleteFile@cUtil@@SA_NPEBD@Z
?encodeUri@cUtil@@SA?AVcString@@PEBDH@Z
?encodeUriComponent@cUtil@@SA?AVcString@@PEBDH@Z
?endWith@cString@@QEBA_NPEBD_N@Z
?execute@cUtil@@SA_NPEBD0@Z
?fetch@cTable@@QEAAPEAUsKeyValue@@PEBDH@Z
?find@cString@@QEBAHDH@Z
?find@cString@@QEBAHPEBDH_N@Z
?find@cTable@@QEBAPEAUsValue@@PEBD@Z
?find@cUnicodeString@@QEBAHPEB_W@Z
?find@cUnicodeString@@QEBAH_W@Z
?findFile@cUtil@@SA?AVcString@@PEBD0_N@Z
?findFiles@cUtil@@SAXAEAV?$cArray@VcString@@H@@PEBD1_N22D@Z
?formPath@cUtil@@SAHPEADD@Z
?format@cString@@SA?AV1@PEBDZZ
?fromJson@cTable@@QEAA_NPEBDH@Z
?generateGuid@cUtil@@SA?AVcString@@_N@Z
?getBase64DecodeLength@cUtil@@SAHH@Z
?getBase64EncodeLength@cUtil@@SAHH@Z
?getBool@cList@@QEBA_NH@Z
?getBool@cTable@@QEBA_NPEBD_N@Z
?getByte@cList@@QEBAEH@Z
?getByte@cTable@@QEBAEPEBDE@Z
?getCommandLines@cUtil@@SA?AVcStringList@@XZ
?getCount@cList@@QEBAHXZ
?getCrc32@cUtil@@SAIPEBXHI@Z
?getData@cTable@@QEBAPEBXPEBDPEAH@Z
?getDouble@cList@@QEBANH@Z
?getDouble@cTable@@QEBANPEBDN@Z
?getFileDir@cUtil@@SA?AVcString@@PEBD@Z
?getFileExt@cUtil@@SA?AVcString@@PEBD@Z
?getFileInfo@cUtil@@SA_NPEBDAEAHAEA_JAEA_N@Z
?getFileMD5@cUtil@@SA?AVcString@@PEBD_N@Z
?getFileMD5@cUtil@@SA_NPEBDPEAE@Z
?getFileName@cUtil@@SA?AVcString@@PEBD@Z
?getFileNameWithoutExt@cUtil@@SA?AVcString@@PEBD@Z
?getFileSha256@cUtil@@SA?AVcString@@PEBD_N@Z
?getFileSha256@cUtil@@SA_NPEBDPEAE@Z
?getFileSize@cUtil@@SA_JPEBD@Z
?getFileTime@cUtil@@SA_NPEBDPEA_J11@Z
?getFloat@cList@@QEBAMH@Z
?getFloat@cTable@@QEBAMPEBDM@Z
?getHmacSha256@cUtil@@SAXPEBXH0HPEAE@Z
?getHmacSha256String@cUtil@@SA?AVcString@@PEBXH0H_N@Z
?getInt64@cList@@QEBA_JH@Z
?getInt64@cTable@@QEBA_JPEBD_J@Z
?getInt@cList@@QEBAHH@Z
?getInt@cTable@@QEBAHPEBDH@Z
?getList@cList@@QEBAPEAV1@H@Z
?getList@cTable@@QEBAPEAVcList@@PEBD@Z
?getMD5@cUtil@@SA?AVcString@@PEBXH_N@Z
?getMD5@cUtil@@SAXPEBXHPEAE@Z
?getMac@cUtil@@SA?AVcString@@XZ
?getMac@cUtil@@SAXPEAE@Z
?getMacs@cUtil@@SAHPEAEH@Z
?getModuleName@cUtil@@SA?AVcString@@PEAX@Z
?getModulePath@cUtil@@SAPEBDPEAX@Z
?getRoamingPath@cUtil@@SAPEBDXZ
?getSha1@cUtil@@SAXPEBXHPEAE@Z
?getSha256@cUtil@@SAXPEBXHPEAE@Z
?getSha256String@cUtil@@SA?AVcString@@PEBXH_N@Z
?getShort@cList@@QEBAFH@Z
?getShort@cTable@@QEBAFPEBDF@Z
?getStreamSha256@cUtil@@SA?AVcString@@PEAVcStream@@_N@Z
?getString@cList@@QEBAPEBDH@Z
?getString@cTable@@QEBAPEBDPEBD0@Z
?getTable@cList@@QEBAPEAVcTable@@H@Z
?getTable@cTable@@QEBAPEAV1@PEBD@Z
?getTimeString@cUtil@@SA?AVcString@@_JPEBDH@Z
?hexToInt@cUtil@@SAHPEBD@Z
?hexToString@cUtil@@SA?AVcString@@PEBEH_N@Z
?insert@cString@@QEAAXHPEBDH@Z
?insert@cUnicodeString@@QEAAXHPEB_WH@Z
?isFileExist@cUtil@@SA_NPEBD@Z
?isFileRunning@cUtil@@SA_NPEBD@Z
?isRunning@cUtil@@SA_NPEBD@Z
?isUrl@cUtil@@SA_NPEBD@Z
?load@cTable@@QEAA_NPEBD@Z
?loadJson@cTable@@QEAA_NPEBD@Z
?loadTextFile@cUtil@@SA?AVcString@@PEBD@Z
?makeSureDirExists@cUtil@@SA_NPEBD@Z
?memcmpIgnoreCase@cUtil@@SAHPEBD0H@Z
?openUrl@cUtil@@SA_NPEBD@Z
?parseUrl@cUtil@@SAXPEBDPEAVcString@@1PEAH1@Z
?qrEncode@cUtil@@SAXPEBDHAEAPEAEAEAH@Z
?read@cList@@QEAAPEBEPEBE@Z
?read@cList@@UEAAHPEAVcStream@@@Z
?read@cTable@@QEAAPEBEPEBE@Z
?read@cTable@@UEAAHPEAVcStream@@@Z
?read@sValue@@UEAAHPEAVcStream@@@Z
?read@sValue@@UEAAPEBEPEBE@Z
?read@sValueBool@@UEAAHPEAVcStream@@@Z
?read@sValueBool@@UEAAPEBEPEBE@Z
?read@sValueByte@@UEAAHPEAVcStream@@@Z
?read@sValueByte@@UEAAPEBEPEBE@Z
?read@sValueData@@UEAAHPEAVcStream@@@Z
?read@sValueData@@UEAAPEBEPEBE@Z
?read@sValueDouble@@UEAAHPEAVcStream@@@Z
?read@sValueDouble@@UEAAPEBEPEBE@Z
?read@sValueFloat@@UEAAHPEAVcStream@@@Z
?read@sValueFloat@@UEAAPEBEPEBE@Z
?read@sValueInt64@@UEAAHPEAVcStream@@@Z
?read@sValueInt64@@UEAAPEBEPEBE@Z
?read@sValueInt@@UEAAHPEAVcStream@@@Z
?read@sValueInt@@UEAAPEBEPEBE@Z
?read@sValueList@@UEAAHPEAVcStream@@@Z
?read@sValueList@@UEAAPEBEPEBE@Z
?read@sValueShort@@UEAAHPEAVcStream@@@Z
?read@sValueShort@@UEAAPEBEPEBE@Z
?read@sValueString@@UEAAHPEAVcStream@@@Z
?read@sValueString@@UEAAPEBEPEBE@Z
?read@sValueTable@@UEAAHPEAVcStream@@@Z
?read@sValueTable@@UEAAPEBEPEBE@Z
?readLength@sValue@@SAHPEAVcStream@@AEAH@Z
?readLength@sValue@@SAPEBEPEBEAEAH@Z
?release@cList@@QEAAXXZ
?release@cTable@@QEAAXXZ
?remove@cList@@QEAAXH@Z
?remove@cString@@QEAAXHH@Z
?remove@cTable@@QEAAXPEBD@Z
?remove@cUnicodeString@@QEAAXHH@Z
?removeLast@cString@@QEAAXXZ
?replace@cString@@QEAAXPEBD0@Z
?replace@cUnicodeString@@QEAAXPEB_W0@Z
?reserve@cList@@QEAAXH@Z
?reserve@cString@@QEAAXH@Z
?reserve@cStringList@@QEAAXH@Z
?reserve@cTable@@QEAAXH@Z
?reserve@cUnicodeString@@QEAAXH@Z
?rfind@cString@@QEBAHD@Z
?rfind@cUnicodeString@@QEBAH_W@Z
?save@cTable@@QEAA_NPEBD@Z
?saveJson@cTable@@QEAA_NPEBD_N@Z
?saveTextFile@cUtil@@SA_NPEBD0@Z
?selectDirectory@cUtil@@SA?AVcString@@PEAXPEBD@Z
?selectFile@cUtil@@SA?AVcString@@PEAXPEBD111_N2PEAH@Z
?setFileTime@cUtil@@SA_NPEBD_J11@Z
?setValue@sValueData@@QEAAXPEBXH@Z
?setValue@sValueString@@QEAAXPEBDH@Z
?sleep@cUtil@@SAXH@Z
?split@cString@@QEBA?AVcStringList@@D@Z
?startWith@cString@@QEBA_NPEBD_N@Z
?strcmpIgnoreCase@cUtil@@SAHPEBD0@Z
?stringToHex@cUtil@@SAXPEBDPEAEH@Z
?stringToTime@cUtil@@SA_JPEBD@Z
?substr@cString@@QEBA?AV1@HH@Z
?swap@cString@@QEAAXAEAV1@@Z
?swap@cUnicodeString@@QEAAXAEAV1@@Z
?toJson@cTable@@QEAAPEBD_N@Z
?toLowerCase@cString@@QEAAXXZ
?toLowerCase@cUnicodeString@@QEAAXXZ
?toLowerCase@cUtil@@SAXPEAD@Z
?toUpperCase@cString@@QEAAXXZ
?toUpperCase@cUnicodeString@@QEAAXXZ
?trim@cString@@QEAAXXZ
?uncompress@cUtil@@SAHPEAXHPEBXH@Z
?unicodeToAnsi@cUtil@@SA?AVcString@@PEB_W@Z
?unicodeToUtf8@cUtil@@SA?AVcString@@PEB_W@Z
?utf8ToAnsi@cUtil@@SA?AVcString@@PEBD@Z
?utf8ToUnicode@cUtil@@SA?AVcUnicodeString@@PEBD@Z
?write@cList@@QEBAPEAEPEAE@Z
?write@cList@@UEAAHPEAVcStream@@@Z
?write@cTable@@QEBAPEAEPEAE@Z
?write@cTable@@UEAAHPEAVcStream@@@Z
?write@sValue@@UEAAHPEAVcStream@@@Z
?write@sValue@@UEBAPEAEPEAE@Z
?write@sValueBool@@UEAAHPEAVcStream@@@Z
?write@sValueBool@@UEBAPEAEPEAE@Z
?write@sValueByte@@UEAAHPEAVcStream@@@Z
?write@sValueByte@@UEBAPEAEPEAE@Z
?write@sValueData@@UEAAHPEAVcStream@@@Z
?write@sValueData@@UEBAPEAEPEAE@Z
?write@sValueDouble@@UEAAHPEAVcStream@@@Z
?write@sValueDouble@@UEBAPEAEPEAE@Z
?write@sValueFloat@@UEAAHPEAVcStream@@@Z
?write@sValueFloat@@UEBAPEAEPEAE@Z
?write@sValueInt64@@UEAAHPEAVcStream@@@Z
?write@sValueInt64@@UEBAPEAEPEAE@Z
?write@sValueInt@@UEAAHPEAVcStream@@@Z
?write@sValueInt@@UEBAPEAEPEAE@Z
?write@sValueList@@UEAAHPEAVcStream@@@Z
?write@sValueList@@UEBAPEAEPEAE@Z
?write@sValueShort@@UEAAHPEAVcStream@@@Z
?write@sValueShort@@UEBAPEAEPEAE@Z
?write@sValueString@@UEAAHPEAVcStream@@@Z
?write@sValueString@@UEBAPEAEPEAE@Z
?write@sValueTable@@UEAAHPEAVcStream@@@Z
?write@sValueTable@@UEBAPEAEPEAE@Z
?writeJson@cList@@UEAAHPEAVcStream@@_N@Z
?writeJson@cTable@@UEAAHPEAVcStream@@_N@Z
?writeJson@sValue@@UEAAHPEAVcStream@@@Z
?writeJson@sValueBool@@UEAAHPEAVcStream@@@Z
?writeJson@sValueByte@@UEAAHPEAVcStream@@@Z
?writeJson@sValueData@@UEAAHPEAVcStream@@@Z
?writeJson@sValueDouble@@UEAAHPEAVcStream@@@Z
?writeJson@sValueFloat@@UEAAHPEAVcStream@@@Z
?writeJson@sValueInt64@@UEAAHPEAVcStream@@@Z
?writeJson@sValueInt@@UEAAHPEAVcStream@@@Z
?writeJson@sValueList@@UEAAHPEAVcStream@@@Z
?writeJson@sValueShort@@UEAAHPEAVcStream@@@Z
?writeJson@sValueString@@UEAAHPEAVcStream@@@Z
?writeJson@sValueTable@@UEAAHPEAVcStream@@@Z
?writeJsonFormatted@cList@@QEAAHPEAVcStream@@HH@Z
?writeJsonFormatted@cTable@@QEAAHPEAVcStream@@HH@Z
?writeLength@sValue@@SAHPEAVcStream@@H@Z
?writeLength@sValue@@SAPEAEPEAEH@Z
createFileStream
createList
createLock
createMemoryStream
createMemoryStreamFromBuffer
createTable
createThread
createZip
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
Sections
.text Size: 5.2MB - Virtual size: 5.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 203KB - Virtual size: 390KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 289KB - Virtual size: 288KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 220B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 274KB - Virtual size: 273KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ