Behavioral task
behavioral1
Sample
7fbce739e5afb389ca6bab05241a29f7bcea64241ba897cdf2b759822532868c.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral2
Sample
7fbce739e5afb389ca6bab05241a29f7bcea64241ba897cdf2b759822532868c.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
General
-
Target
7fbce739e5afb389ca6bab05241a29f7bcea64241ba897cdf2b759822532868c
-
Size
10.0MB
-
MD5
c66c6dcda1c345a6f861c8257e2125c8
-
SHA1
01bd9e4640192c6d0b79d9e8844e15e572571778
-
SHA256
7fbce739e5afb389ca6bab05241a29f7bcea64241ba897cdf2b759822532868c
-
SHA512
681b3eef54aabc5966c84f272e8d2b2e81c76cd73a1ebdaa9721ba951075884f575777acb70170a5dc5a64f31bbce9f3dc9333a5f4a7dae3c159845fb05dae41
-
SSDEEP
196608:pqUHiUGENtUxUV6ErG35bbp0/2v2qlqi0sDR04cCOz1npM58yJAcB/QLaev:4erq5bS/yNlqi0nCO6JAeQt
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7fbce739e5afb389ca6bab05241a29f7bcea64241ba897cdf2b759822532868c
Files
-
7fbce739e5afb389ca6bab05241a29f7bcea64241ba897cdf2b759822532868c.exe windows:5 windows x86 arch:x86
c23ade394fc388ec67f68e51656aaf55
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
d3d9
Direct3DCreate9
d3dx9_38
D3DXVec2Hermite
D3DXLoadSurfaceFromMemory
D3DXLoadSurfaceFromSurface
D3DXGetPixelShaderProfile
D3DXGetVertexShaderProfile
D3DXCreateSprite
D3DXCreateFontA
D3DXSaveSurfaceToFileW
D3DXCreateTexture
D3DXCreateCubeTexture
D3DXCompileShaderFromFileA
D3DXCompileShader
D3DXGetShaderConstantTableEx
D3DXVec3TransformNormalArray
D3DXVec3TransformCoordArray
D3DXVec3TransformCoord
dinput8
DirectInput8Create
dbghelp
MiniDumpWriteDump
ws2_32
WSASetLastError
bind
closesocket
connect
getsockname
getsockopt
htonl
htons
inet_addr
recv
recvfrom
send
sendto
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
ntohl
inet_ntoa
select
listen
ioctlsocket
accept
__WSAFDIsSet
getservbyname
WSAGetLastError
WSACleanup
WSAStartup
getpeername
ntohs
WSAIoctl
getaddrinfo
freeaddrinfo
gethostname
gethostbyname
socket
shutdown
setsockopt
wininet
InternetCloseHandle
winmm
timeGetTime
mmioOpenA
mmioClose
mmioRead
mmioDescend
mmioAscend
timeKillEvent
timeBeginPeriod
timeEndPeriod
timeSetEvent
timeGetDevCaps
imm32
ImmReleaseContext
ImmGetProperty
ImmSetCandidateWindow
ImmGetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmSetCompositionFontA
ImmSetOpenStatus
ImmGetOpenStatus
ImmSetConversionStatus
ImmGetConversionStatus
ImmGetCompositionStringW
ImmAssociateContext
ImmIsIME
ImmGetContext
ImmGetIMEFileNameA
usp10
ScriptShape
ScriptBreak
ScriptGetGlyphABCWidth
ScriptCacheGetHeight
ScriptLayout
ScriptItemize
ScriptPlace
ScriptTextOut
iphlpapi
GetAdaptersInfo
nxcharacter.2.8.1
NxCreateControllerManager
NxReleaseControllerManager
physxloader.2.8.1
NxGetCookingLib
NxCreatePhysicsSDK
fmodex
?createSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?release@Sound@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?playSound@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_CHANNELINDEX@@PAVSound@2@_NPAPAVChannel@2@@Z
?stop@Channel@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setPaused@Channel@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?setVolume@Channel@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?setFrequency@Channel@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?setMute@Channel@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?setPosition@Channel@FMOD@@QAG?AW4FMOD_RESULT@@II@Z
?setChannelGroup@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAVChannelGroup@2@@Z
?setCallback@Channel@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_CHANNEL_CALLBACKTYPE@@P6G?AW43@PAUFMOD_CHANNEL@@0HII@ZH@Z
?set3DAttributes@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_VECTOR@@0@Z
?set3DMinMaxDistance@Channel@FMOD@@QAG?AW4FMOD_RESULT@@MM@Z
?set3DConeSettings@Channel@FMOD@@QAG?AW4FMOD_RESULT@@MMM@Z
?set3DConeOrientation@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAUFMOD_VECTOR@@@Z
?setMode@Channel@FMOD@@QAG?AW4FMOD_RESULT@@I@Z
?setLoopCount@Channel@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?setUserData@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAX@Z
?release@Geometry@FMOD@@QAG?AW4FMOD_RESULT@@XZ
FMOD_Memory_Initialize
FMOD_Memory_GetStats
FMOD_System_Create
?release@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setOutput@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_OUTPUTTYPE@@@Z
?getDriverCaps@System@FMOD@@QAG?AW4FMOD_RESULT@@HPAIPAH1PAW4FMOD_SPEAKERMODE@@@Z
?getNumChannels@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?getGroup@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@HPAPAV12@@Z
?getNumGroups@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?addGroup@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAV12@@Z
?stop@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getPaused@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?setPaused@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?setPitch@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?setVolume@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?getUserData@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAPAX@Z
?setSoftwareChannels@System@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?getSoftwareChannels@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?setDSPBufferSize@System@FMOD@@QAG?AW4FMOD_RESULT@@IH@Z
?setFileSystem@System@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PBDHPAIPAPAX2@ZP6G?AW43@PAX4@ZP6G?AW43@44I14@ZP6G?AW43@4I4@ZH@Z
?getMasterChannelGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVChannelGroup@2@@Z
?createChannelGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDPAPAVChannelGroup@2@@Z
?getCPUUsage@System@FMOD@@QAG?AW4FMOD_RESULT@@PAM000@Z
?getHardwareChannels@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH00@Z
?getChannelsPlaying@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?getVersion@System@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z
?set3DSpeakerPosition@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_SPEAKER@@MM_N@Z
?set3DListenerAttributes@System@FMOD@@QAG?AW4FMOD_RESULT@@HPBUFMOD_VECTOR@@000@Z
?update@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?close@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?init@System@FMOD@@QAG?AW4FMOD_RESULT@@HIPAX@Z
?setSpeakerMode@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_SPEAKERMODE@@@Z
?setAdvancedSettings@System@FMOD@@QAG?AW4FMOD_RESULT@@PAUFMOD_ADVANCEDSETTINGS@@@Z
version
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
kernel32
GetCommandLineA
CreateEventW
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetStdHandle
PeekNamedPipe
ExpandEnvironmentStringsA
VerSetConditionMask
VerifyVersionInfoA
GlobalMemoryStatusEx
ExitProcess
GetThreadPriority
GetCurrentThread
lstrcmpW
WaitForMultipleObjects
ReleaseSemaphore
GetQueuedCompletionStatus
CreateIoCompletionPort
GetTickCount
CompareStringA
GetSystemDirectoryA
GetEnvironmentVariableA
GetModuleHandleExA
SystemTimeToFileTime
SetEndOfFile
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
GetSystemDefaultLangID
MulDiv
InterlockedExchange
GetFileTime
GetDateFormatA
GetTimeFormatA
GetSystemTime
GetSystemInfo
CopyFileA
VirtualFree
VirtualAlloc
CompareFileTime
DeleteFileA
GetFileAttributesA
SetCurrentDirectoryA
GetModuleFileNameW
GlobalMemoryStatus
GetLocaleInfoA
GetACP
WideCharToMultiByte
LocalAlloc
OutputDebugStringW
FormatMessageA
LocalFree
CreateDirectoryA
CreateDirectoryW
FindFirstFileW
IsWow64Process
GetTimeFormatW
GetDateFormatW
GetCurrentDirectoryW
lstrlenA
Beep
UnhandledExceptionFilter
FlushConsoleInputBuffer
GetLocalTime
SetUnhandledExceptionFilter
GetModuleHandleW
TlsFree
CloseHandle
CreateToolhelp32Snapshot
Process32First
Process32Next
FreeLibrary
GetProcAddress
OpenProcess
GetCurrentProcess
SetLastError
WaitForSingleObject
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
GetVersionExA
MultiByteToWideChar
OutputDebugStringA
HeapDestroy
HeapAlloc
HeapFree
GetProcessHeap
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsGetValue
CreateThread
GetCurrentThreadId
CreateProcessA
InterlockedExchangeAdd
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
SetErrorMode
CreateMutexA
OpenMutexA
GetCurrentDirectoryA
GetPriorityClass
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
SleepEx
QueryPerformanceCounter
QueryPerformanceFrequency
GetShortPathNameA
GetLongPathNameA
GetFileType
GetFileSize
WriteFile
ReadFile
SetFilePointer
CreateFileA
GetOverlappedResult
CancelIo
SetThreadPriority
TerminateThread
SuspendThread
ResumeThread
FindClose
FindFirstFileA
FindNextFileA
InitializeCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventA
HeapCreate
HeapSetInformation
OpenThread
TlsAlloc
TlsSetValue
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
GetQueueStatus
GetSystemMetrics
MsgWaitForMultipleObjects
PostThreadMessageA
SetRect
GetMonitorInfoA
MonitorFromPoint
GetKeyState
LoadIconA
EnableWindow
MapVirtualKeyA
GetFocus
GetActiveWindow
CharNextW
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
PostMessageA
GetKeyboardLayout
EnumDisplaySettingsA
ChangeDisplaySettingsExA
SetWindowLongA
GetWindowLongA
KillTimer
GetForegroundWindow
SetTimer
ChangeDisplaySettingsA
IsIconic
DestroyWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
GetParent
GetWindowRect
CallWindowProcW
FillRect
TranslateAcceleratorW
LoadAcceleratorsA
SetFocus
BringWindowToTop
CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
SetForegroundWindow
ReleaseDC
GetDC
DialogBoxParamA
MessageBoxExA
EndDialog
SendMessageA
CharPrevExA
CharNextExA
LoadStringW
LoadImageA
DestroyIcon
LoadCursorA
GetWindowThreadProcessId
ClipCursor
MessageBoxW
MessageBoxA
AdjustWindowRect
EndPaint
BeginPaint
GetUserObjectInformationW
GetProcessWindowStation
GetClassInfoExA
CloseWindow
UpdateLayeredWindow
IsWindow
AttachThreadInput
wsprintfA
CopyRect
SetRectEmpty
RemovePropA
SetPropA
GetClassInfoA
RegisterClassA
EnumDisplayMonitors
GetPropA
ClientToScreen
SetCursorPos
ShowCursor
GetClientRect
GetKeyboardLayoutList
MoveWindow
LoadCursorFromFileA
GetMenu
TranslateAcceleratorA
DispatchMessageA
ScreenToClient
GetCursorPos
ReleaseCapture
SetCapture
SetClassLongA
PeekMessageW
PeekMessageA
DispatchMessageW
TranslateMessage
DisableProcessWindowsGhosting
GetDesktopWindow
UpdateWindow
GetAsyncKeyState
SetWindowPos
ShowWindow
UnregisterClassA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
RegisterWindowMessageA
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
gdi32
GetDeviceCaps
GetTextExtentPoint32A
SetBkMode
GetTextExtentPoint32W
SetTextColor
SetBkColor
Polygon
AddFontResourceExA
RemoveFontResourceA
GetTextExtentExPointW
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
SelectObject
DeleteObject
CreateFontIndirectA
GetStockObject
DeleteDC
TextOutW
comdlg32
GetOpenFileNameA
advapi32
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegOpenKeyExA
RegQueryValueExA
CryptReleaseContext
CryptAcquireContextA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
shell32
SHGetSpecialFolderPathA
ShellExecuteW
DragAcceptFiles
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderPathW
ole32
CoTaskMemFree
CoTaskMemAlloc
CoFreeUnusedLibraries
CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitialize
CLSIDFromString
OleInitialize
OleUninitialize
OleSetContainedObject
oleaut32
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
VariantClear
SysFreeString
SysAllocString
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantInit
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
odbc32
ord36
ord35
ord31
ord9
ord26
mfc140
ord1044
ord2986
ord8672
ord310
ord2881
ord4705
ord2383
ord2387
ord2241
ord5861
ord1142
ord5096
ord316
ord1692
ord4807
ord5095
ord6936
ord12503
ord1661
ord503
ord1529
shlwapi
PathRemoveFileSpecA
ord12
PathFileExistsA
PathCombineA
gdiplus
GdipFree
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdiplusStartup
GdiplusShutdown
GdipAlloc
msvcp140
?_BADOFF@std@@3_JB
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_W_J@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
??1_Lockit@std@@QAE@XZ
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
?eof@ios_base@std@@QBE_NXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??0_Lockit@std@@QAE@H@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??7ios_base@std@@QBE_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?toupper@?$ctype@D@std@@QBEDD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
netapi32
NetApiBufferFree
NetWkstaGetInfo
crashtrace
?CT_SetAppNationA@@YGXPAD@Z
?CT_SetAppNameA@@YGXPAD@Z
?CT_AddReportFilePathA@@YGHPBD@Z
?CT_SetSize@@YGXI@Z
?CT_SetBase@@YGXI@Z
?CT_SetAppVersionA@@YGXPAD@Z
?CT_SetDumpType@@YGXI@Z
?CT_SetPreErrorHandler@@YGXP6GXPBUEXCEPTION_INFO@COMMON@CT@@@Z@Z
?CT_Install@@YGHV?$BitFlags@$03@COMMON@CT@@@Z
?CT_SetFlags@@YGXV?$BitFlags@$05@COMMON@CT@@@Z
?CT_SetConnectServer@@YGXPADG@Z
?CT_SetUserIDA@@YGXPAD@Z
wldap32
ord301
ord200
ord30
ord79
ord35
ord33
ord143
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
vcruntime140
_purecall
__RTtypeid
strrchr
__vcrt_InitializeCriticalSectionEx
__std_terminate
memset
__std_type_info_compare
strchr
wcsstr
__RTDynamicCast
strstr
__std_exception_destroy
longjmp
_setjmp3
memcmp
__std_type_info_name
__std_exception_copy
_except_handler4_common
memcpy
__CxxFrameHandler3
_CxxThrowException
memchr
memmove
api-ms-win-crt-runtime-l1-1-0
_initterm
_get_narrow_winmain_command_line
_initterm_e
_exit
_set_app_type
_seh_filter_exe
_beginthreadex
_cexit
__sys_nerr
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_getpid
terminate
_controlfp
strerror
_invalid_parameter_noinfo
_c_exit
_controlfp_s
exit
signal
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
raise
_errno
api-ms-win-crt-string-l1-1-0
_wcsicmp
wcscpy_s
_strdup
_strupr
iswalpha
strcpy_s
strcmp
_strnicmp
_stricmp
tolower
toupper
wcsncpy
strcat_s
isalnum
isspace
towlower
towupper
wcsncmp
strtok
strncmp
isxdigit
strncat
isalpha
isupper
strncpy
wmemmove_s
wmemcpy_s
isdigit
strpbrk
api-ms-win-crt-heap-l1-1-0
malloc
calloc
free
_aligned_free
_aligned_malloc
_set_new_mode
realloc
_callnewh
api-ms-win-crt-stdio-l1-1-0
ungetc
setvbuf
_fseeki64
fsetpos
fgetpos
fgetc
ungetwc
fputwc
fgetwc
_wfopen
fwrite
ftell
fseek
fputc
fflush
feof
__stdio_common_vsnprintf_s
__stdio_common_vfscanf
_set_fmode
__stdio_common_vfwprintf
__stdio_common_vswprintf
_read
__p__commode
_open
_close
_write
_filelength
_fileno
fgets
fputs
fread
fopen
ferror
fclose
_setmode
__stdio_common_vfprintf
_lseeki64
__acrt_iob_func
__stdio_common_vsprintf_s
__stdio_common_vsprintf
__stdio_common_vsscanf
_get_stream_buffer_pointers
api-ms-win-crt-math-l1-1-0
_libm_sse2_log10_precise
_libm_sse2_cos_precise
_libm_sse2_sin_precise
_fpclass
_CIatan2
_except1
_libm_sse2_acos_precise
_libm_sse2_asin_precise
_CIfmod
ldexp
__setusermatherr
_libm_sse2_exp_precise
_libm_sse2_sqrt_precise
roundf
_libm_sse2_pow_precise
ceil
_libm_sse2_log_precise
_libm_sse2_tan_precise
floor
api-ms-win-crt-convert-l1-1-0
strtoul
atoi
_atoi64
_i64toa
strtoull
_fcvt_s
_itoa
wcstombs_s
strtol
strtoll
atof
_wtoi
_ecvt_s
api-ms-win-crt-filesystem-l1-1-0
_lock_file
_findfirst64i32
_stat64
_findclose
_findnext64i32
_access
_unlock_file
_fstat64
api-ms-win-crt-utility-l1-1-0
qsort
srand
rand
api-ms-win-crt-time-l1-1-0
_gmtime64
_time64
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-multibyte-l1-1-0
_mbspbrk
dsound
ord2
api-ms-win-crt-conio-l1-1-0
_getch
wtsapi32
WTSSendMessageW
Sections
.text Size: - Virtual size: 11.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 3.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 889KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: - Virtual size: 112B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 951KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.cb_s Size: - Virtual size: 204B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.cb_t Size: - Virtual size: 12B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp3 Size: 9.9MB - Virtual size: 9.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ