r8p[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

r8p.exe
Size

769.9MB
MD5

6cf14ed8a95feb8800843627e2ec03bc
SHA1

32112dfc3bafc40140af09354288b29790d42af7
SHA256

3a84d12bad1426f87e3ef91772834be1a9d8f975b25c1840caec5b0bb85449bf
SHA512

96bc016dc3838e5a8b994242a1ece1babb3f42fef981492df4010aa85efabc5b55e3b75c0b49e7131502d798f62b5865819f11d2f190e43df0c35df4934de21b
SSDEEP

25165824:oCh6EMqCmx5p5eS3HOMvzb9+uVHksiHQK2AaMo/j8zmypR+f:Hh3CmykHzXjEXAj8LpRA

Score

3^/10

Malware Config

Signatures

Unsigned PE 62 IoCs

Checks for missing Authenticode signature.

resource
r8p.exe
unpack001/$PLUGINSDIR/Aero.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/w7tbp.dll
unpack001/$PROGRAMFILES/StartIsBack/Styles/Windows 7.msstyles
unpack001/$PROGRAMFILES/StartIsBack/msimg32.dll
unpack001/$PROGRAMFILES64/StartAllBack/Styles/Windows 7.msstyles
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/10240/10240.msstyles
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/10240/Shell/NormalColor/en-US/shellstyle.dll.mui
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/10240/Shell/NormalColor/shellstyle.dll
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/10586/10586.msstyles
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/10586/Shell/NormalColor/en-US/shellstyle.dll.mui
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/10586/Shell/NormalColor/shellstyle.dll
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/8/Shell/NormalColor/en-US/shellstyle.dll.mui
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/8/Shell/NormalColor/shellstyle.dll
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/8/aero7.msstyles
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/8/aero7.old.msstyles
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/BasicRound/BasicRound.msstyles
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/BasicRound/Shell/NormalColor/en-US/shellstyle.dll.mui
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/BasicRound/Shell/NormalColor/shellstyle.dll
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/BasicRound/en-US/BasicRound.msstyles.mui
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/BasicSquare/BasicSquare.msstyles
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/BasicSquare/Shell/NormalColor/en-US/shellstyle.dll.mui
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/BasicSquare/Shell/NormalColor/shellstyle.dll
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/BasicSquare/en-US/BasicSquare.msstyles.mui
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/Redstone/Redstone.msstyles
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/Redstone/en-US/shellstyle.dll.mui
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/Redstone/shell/NormalColor/en-US/shellstyle.dll (2).mui1
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/Redstone/shell/NormalColor/en-US/shellstyle.dll.mui
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/Redstone/shell/NormalColor/shellstyle.dll
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/Redstone/shell/NormalColor2/en-US/shellstyle.dll.mui
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/Redstone/shell/NormalColor2/shellstyle.dll
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/RoundClear/AeroRoundClear.msstyles
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/RoundClear/Shell/NormalColor/en-US/shellstyle.dll.mui
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/RoundClear/Shell/NormalColor/shellstyle.dll
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/RoundClear/en-US/AeroRoundClear.msstyles.mui
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/RoundShiny/AeroRoundShiny.msstyles
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/RoundShiny/Shell/NormalColor/en-US/shellstyle.dll.mui
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/RoundShiny/Shell/NormalColor/shellstyle.dll
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/RoundShiny/en-US/AeroRoundShiny.msstyles.mui
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/SquareClear/AeroSquareClear.msstyles
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/SquareClear/Shell/NormalColor/en-US/shellstyle.dll.mui
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/SquareClear/Shell/NormalColor/shellstyle.dll
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/SquareClear/en-US/AeroSquareClear.msstyles.mui
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/SquareShiny/AeroSquareShiny.msstyles
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/SquareShiny/Shell/NormalColor/en-US/shellstyle.dll.mui
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/SquareShiny/Shell/NormalColor/shellstyle.dll
unpack001/$WINDIR/Resources/Themes/Windows Aero/Styles/SquareShiny/en-US/AeroSquareShiny.msstyles.mui
unpack001/incontrol.exe
unpack001/theme8.exe
unpack002/$PLUGINSDIR/SysRestore.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsDialogs.dll
unpack002/$PLUGINSDIR/nsisFile.dll
unpack002/Uninstall.exe
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/nsDialogs.dll
unpack001/themeui.dll.tmp
unpack001/uxinit.dll.tmp
unpack001/uxtheme.dll.tmp

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

r8p.exe
.exe windows:4 windows x86 arch:x86

96ab939b3b55d317ed1968d099ccc72c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SetFileSecurityW

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectW
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileW
CreateDirectoryW
CreateFileW
CreateProcessW
CreateThread
DeleteFileW
ExitProcess
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetDiskFreeSpaceW
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetShortPathNameW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetTickCount
GetVersionExW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryExW
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryW
SearchPathW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetFileAttributesW
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
lstrcatW
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpyA
lstrcpynW
lstrlenA
lstrlenW

ole32

CoCreateInstance
CoTaskMemFree
IIDFromString
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderW
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW

user32

AppendMenuW
BeginPaint
CallWindowProcW
CharNextA
CharNextW
CharPrevW
CheckDlgButton
CloseClipboard
CreateDialogParamW
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExW
GetClassInfoW
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextW
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongW
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadCursorW
LoadImageW
MessageBoxIndirectW
OpenClipboard
PeekMessageW
PostQuitMessage
RegisterClassW
ReleaseDC
ScreenToClient
SendMessageTimeoutW
SendMessageW
SetClassLongW
SetClipboardData
SetCursor
SetDlgItemTextW
SetForegroundWindow
SetTimer
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
TrackPopupMenu
wsprintfA
wsprintfW

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 127KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 512B - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Aero.dll
.dll windows:5 windows x86 arch:x86

6bcef5c7392f7360db57c0f16c2c06f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynW
lstrcpyW
GetVersion
LoadLibraryW
GetProcAddress
GlobalAlloc
lstrcmpiW
GlobalFree

user32

SetPropW
GetWindowRect
DestroyWindow
IsWindow
SetLayeredWindowAttributes
SetWindowLongW
GetWindowLongW
GetWindowTextW
GetDlgItem
GetPropW
BeginPaint
GetClientRect
SendMessageW
EndPaint
GetSysColorBrush
FillRect
DrawTextW
InvalidateRect
CallWindowProcW
MapWindowPoints

gdi32

CreateSolidBrush
DeleteDC
RestoreDC
BitBlt
CreateDIBSection
SaveDC
CreateCompatibleDC
SetBkMode
SelectObject
DeleteObject

Exports

Exports

Apply

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 618B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard-2.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

3b477381217c97b22146297f93df2a92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
GetFileAttributesW
lstrcmpiW
MulDiv
lstrlenW
HeapFree
GetProcessHeap
GetCurrentDirectoryW
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
HeapAlloc
SetCurrentDirectoryW

user32

GetPropW
DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
RemovePropW
CharPrevW
GetWindowLongW
DrawTextW
GetWindowTextW
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
MapDialogRect
GetClientRect
CharNextW
SendMessageW
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

68b7023f8923dd087549802f8fa631c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

user32

CharNextExA
CharNextW
CharPrevW
FindWindowExW
wsprintfW
SendMessageW

kernel32

GetCommandLineW
lstrcpynW
ExitProcess
GetCurrentProcess
GetModuleHandleA
GetProcAddress
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreatePipe
GetVersion
DeleteFileW
lstrcmpiW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/w7tbp.dll
.dll windows:4 windows x86 arch:x86

fdb9d529772752ac356e92b3e3221b71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SetWindowLongA
SendMessageA
FindWindowExA
CallWindowProcA

ole32

CoCreateInstance

Exports

Exports

Start

Sections

.text
Size: 1024B - Virtual size: 738B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/StartIsBack/StartIsBack64.dll
.dll windows:6 windows x64 arch:x64

d57b4b49381ae613ed3593ac3ab63e4b

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02/02/2023, 13:11

Not After

03/02/2024, 13:11

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:5a:d3:fe:e6:02:f4:55:7f:8c:d6:a5:af:78:36:2e:2e:f7:4c:fe:f8:80:9b:ea:82:2c:70:76:61:74:3d:ea
Signer

Actual PE Digest

e4:5a:d3:fe:e6:02:f4:55:7f:8c:d6:a5:af:78:36:2e:2e:f7:4c:fe:f8:80:9b:ea:82:2c:70:76:61:74:3d:ea

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\DEVEL\StartIsBackPlusPlus\Release\StartIsBack64.pdb

Imports

shlwapi

PathParseIconLocationW
PathAddBackslashW
StrStrIW
UrlIsW
PathCreateFromUrlW
PathFindExtensionW
StrCmpNW
SHOpenRegStream2W
ord12
PathRemoveBlanksW
SHGetValueW
StrCmpW
SHCreateStreamOnFileW
PathFindFileNameW
PathFileExistsW
PathRemoveBackslashW
StrToIntW
ord16
PathRemoveFileSpecW
PathAppendW
StrNCatW
SHSetValueW
StrStrW
PathIsRelativeW
ord172
PathIsDirectoryW
PathIsUNCW
ord174
ord256
PathIsFileSpecW
PathStripToRootW
PathIsRootW
ord168
StrCmpIW
PathIsNetworkPathW
ord388
ord215
ord158
StrStrIA
StrCSpnA
SHRegGetValueW
StrCmpNIW
ord487
StrCpyNW
SHStrDupW

dwmapi

DwmEnableBlurBehindWindow
DwmGetWindowAttribute
DwmSetWindowAttribute
DwmExtendFrameIntoClientArea

uxtheme

SetWindowTheme
BeginBufferedPaint
EndBufferedPaint
OpenThemeData
GetThemeInt
DrawThemeTextEx
CloseThemeData
GetThemeColor
DrawThemeBackground
DrawThemeParentBackground
BufferedPaintSetAlpha
GetThemeBackgroundContentRect
ord47
GetThemePartSize
GetBufferedPaintTargetDC
GetThemeEnumValue
GetThemeFont
GetThemeBool
GetThemeRect
GetThemeTextExtent
GetThemeMargins
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
GetThemePropertyOrigin
IsThemePartDefined
GetWindowTheme
GetThemeMetric
GetThemeBackgroundExtent

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsDeleteString

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

msvcrt

wcscpy_s
wcscat_s
malloc
free
_vsnwprintf
isspace
_wcsnicmp
isprint
wcstok_s
wcsstr
vswprintf_s
_wcsicmp
??3@YAXPEAX@Z
atoi
__C_specific_handler
_unlock
__dllonexit
_lock
_onexit
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_XcptFilter
_initterm
_amsg_exit
memmove
wcsncmp
vsprintf_s
??2@YAPEAX_K@Z
tolower
wcschr
memcpy
memcmp
memset

kernel32

SleepEx
TerminateProcess
IsBadReadPtr
GetUserDefaultLangID
ExitThread
GetPrivateProfileIntW
GetPrivateProfileStringW
MapViewOfFile
UnmapViewOfFile
lstrcatW
lstrcpynW
GetApplicationUserModelId
OpenProcess
GetWindowsDirectoryW
LoadLibraryW
DeleteFileW
MoveFileExW
LocalAlloc
LocalFree
TlsAlloc
TlsGetValue
TlsSetValue
QueueUserWorkItem
CompareStringOrdinal
CompareFileTime
GetTempPathW
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
lstrcmpiA
GetCurrentProcessId
ProcessIdToSessionId
FindPackagesByPackageFamily
PackageFamilyNameFromFullName
GetModuleFileNameW
GlobalLock
GlobalUnlock
DisableThreadLibraryCalls
GetModuleHandleExW
GlobalAddAtomW
GetUserDefaultUILanguage
GetComputerNameExW
OpenEventW
LoadResource
SizeofResource
DebugBreak
lstrcpynA
RtlVirtualUnwind
RtlLookupFunctionEntry
QueryPerformanceCounter
GetLastError
LoadLibraryA
FindResourceW
RtlCaptureContext
OutputDebugStringA
GetSystemWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
lstrlenW
CreateFileW
DeviceIoControl
CloseHandle
lstrcpyA
lstrlenA
lstrcatA
GetSystemTimeAsFileTime
FileTimeToSystemTime
lstrcpyW
lstrcmpiW
GetUserPreferredUILanguages
MulDiv
VirtualProtect
GetFileAttributesExW
WaitForSingleObject
CreateThread
SetThreadPriority
Sleep
GetTickCount
GetModuleHandleW
GetCurrentThreadId
GetAtomNameW
lstrcmpW
CreateThreadpoolWork
InitializeCriticalSection
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThread
SubmitThreadpoolWork
ExpandEnvironmentStringsW
GetCurrentProcess
CreateProcessW
CreateFileA
GetSystemFirmwareTable
GlobalAlloc
GlobalFree
GetProcAddress
LoadLibraryExW
FreeLibrary
QueueUserAPC
SetEvent
RaiseException
CreateEventW
ParseApplicationUserModelId
GetPackagesByPackageFamily
FindFirstFileW
FindNextFileW
FindClose
MoveFileW
InitOnceExecuteOnce
RegisterWaitForSingleObject
UnregisterWaitEx
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
DeleteTimerQueueTimer
CreateTimerQueueTimer
GetVersionExW
OpenMutexW

user32

EndDeferWindowPos
IsWindowVisible
GetWindow
GetWindowLongW
MapWindowPoints
LockSetForegroundWindow
GetFocus
IsWindow
SetFocus
SetLayeredWindowAttributes
PeekMessageW
SystemParametersInfoW
NotifyWinEvent
ShowWindow
GetParent
DispatchMessageW
GetMessagePos
WindowFromPoint
ScreenToClient
ClientToScreen
TrackMouseEvent
GetCapture
GetNextDlgGroupItem
CreatePopupMenu
InsertMenuW
LoadMenuW
GetMenuStringW
GetSubMenu
DestroyMenu
CheckMenuItem
RegisterWindowMessageW
GetClassWord
GetSystemMetrics
InflateRect
PrintWindow
GetAsyncKeyState
BeginDeferWindowPos
CallNextHookEx
SetWinEventHook
UnhookWinEvent
SetWindowsHookExW
TrackPopupMenuEx
IsCharAlphaNumericA
RegisterClassExW
DestroyIcon
PostQuitMessage
GetCursorPos
MonitorFromPoint
GetWindowTextW
SetWindowTextW
MsgWaitForMultipleObjectsEx
SetCursor
SetMenuDefaultItem
CreateDialogParamW
GetDlgItemTextW
SetDlgItemTextW
IntersectRect
SendDlgItemMessageW
DrawFocusRect
EndDialog
GetSysColorBrush
GetActiveWindow
SetMenuInfo
GetMenuItemCount
GetMenuItemInfoW
DeleteMenu
SetMenuItemInfoW
TrackPopupMenu
TranslateMessage
GetMenuItemID
GetMenuDefaultItem
GetDC
PtInRect
InvalidateRect
GetMenuState
ExitWindowsEx
GetDoubleClickTime
EnableWindow
WindowFromDC
CallWindowProcW
CharLowerW
SetCapture
ReleaseCapture
DrawTextW
FillRect
IsRectEmpty
EqualRect
ModifyMenuW
EnumDisplayMonitors
DrawEdge
DrawTextExW
LoadImageW
GetRawInputDeviceInfoW
GetRawInputData
RegisterRawInputDevices
GetMessageW
GetRawInputDeviceList
EnumThreadWindows
DrawIconEx
UnionRect
UnregisterClassW
MonitorFromRect
SetForegroundWindow
GetWindowRgnBox
GetLayeredWindowAttributes
IsIconic
GetForegroundWindow
SetRectEmpty
EnumWindows
CheckDlgButton
IsDlgButtonChecked
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetCursorPos
UnhookWindowsHookEx
UnregisterHotKey
RegisterHotKey
AllowSetForegroundWindow
SwitchToThisWindow
SetActiveWindow
RegisterClipboardFormatW
GetMessageExtraInfo
SetWindowLongW
ChildWindowFromPointEx
LookupIconIdFromDirectoryEx
PostThreadMessageW
SetRect
GetMonitorInfoW
RegisterClassW
LoadCursorW
DeferWindowPos
DestroyWindow
SetWindowLongPtrW
GetWindowRgn
UpdateLayeredWindow
GetWindowDC
MonitorFromWindow
IsChild
GetGUIThreadInfo
GetAncestor
DefWindowProcW
RemovePropW
GetWindowLongPtrW
SetWindowPos
SetTimer
FindWindowW
KillTimer
GetShellWindow
CreateWindowExW
GetWindowThreadProcessId
FindWindowExW
DialogBoxParamW
EndPaint
OffsetRect
GetWindowRect
GetWindowInfo
BeginPaint
SetPropW
GetPropW
GetDlgItem
GetComboBoxInfo
GetClassNameW
ReleaseDC
GetDCEx
PostMessageW
SendMessageW
RedrawWindow
EnumChildWindows
GetClientRect
SetWindowRgn
GetSysColor
CreateIconIndirect
GetKeyState
wsprintfW
LoadStringW
wsprintfA
SendNotifyMessageW

gdi32

GetLayout
GetCharWidth32W
CreateFontW
RestoreDC
ExcludeClipRect
SaveDC
GdiFlush
GetRgnBox
CombineRgn
CreateRectRgnIndirect
GetStockObject
ExtTextOutW
CreateSolidBrush
SetBkColor
SetTextColor
BitBlt
SetLayout
CreateRectRgn
DeleteObject
CreateBitmap
DeleteDC
GdiAlphaBlend
GetObjectW
SelectObject
CreateCompatibleDC
CreateDIBSection
GetTextExtentExPointW
OffsetClipRgn
SelectClipRgn
StretchBlt
GetDeviceCaps
StretchDIBits
OffsetRgn
GetBoundsRect
SetBoundsRect
GetClipBox
GetCurrentObject
GetBkMode
SetBkMode
TextOutW
GetBkColor
GetTextColor
GetTextExtentPointW
SetWindowOrgEx
CreateFontIndirectW

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryInfoKeyW
RegCreateKeyW
RegSetKeyValueW
RegGetValueW
RegDeleteKeyValueW
RegOpenKeyExW
RegEnumKeyW
RegNotifyChangeKeyValue
RegOpenKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyW
InitiateShutdownW
GetUserNameW
RegQueryValueExA
RegDeleteValueA

shell32

ord155
ord152
ord16
ord18
ord25
ord190
ord256
SHCreateDataObject
SHCreateDefaultContextMenu
AssocCreateForClasses
SHCreateShellItemArrayFromIDLists
SHCreateItemFromParsingName
ord6
SHCreateShellItemArrayFromDataObject
SHAssocEnumHandlers
SHGetKnownFolderPath
ord100
SHBindToObject
ord846
ord27
ord21
ord68
SHGetKnownFolderIDList
Shell_NotifyIconGetRect
ShellExecuteW
SHCreateItemInKnownFolder
SHGetPropertyStoreForWindow
SHGetIDListFromObject
SHCreateItemFromIDList
SHCreateDefaultExtractIcon
SHGetFolderPathW
SHChangeNotify
SHGetNameFromIDList
ord162
SHGetFileInfoW
Shell_GetCachedImageIndexW
SHOpenFolderAndSelectItems
SHGetSpecialFolderPathW
ord193
SHBindToParent
ord22
ord134
ord132
ord23
ord727
ord17
SHGetFolderLocation
SHGetDesktopFolder
ord98
SHParseDisplayName
ord88
ord644
ord645
ord4
ord2
SHCreateItemWithParent
ord62
SHFileOperationW
SHGetStockIconInfo

ole32

CoInitialize
CoUninitialize
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoGetInterfaceAndReleaseStream
CoCreateInstance
RegisterDragDrop
RevokeDragDrop
StringFromGUID2
ReleaseStgMedium
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoTaskMemAlloc
CoTaskMemFree
PropVariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
LoadSystemOrb2
PickGlyphDlg
RemoteInit

Sections

.text
Size: 383KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/StartIsBack/StartIsBackCfg.exe
.exe windows:5 windows x86 arch:x86

3f273b259fcb74bcdfc8d43b5992ca69

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02/02/2023, 13:11

Not After

03/02/2024, 13:11

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:99:40:ce:6c:83:a2:ef:b2:e3:a0:ac:0a:4a:9a:a2:71:3d:cd:ea:1e:80:4c:40:9a:f6:84:0e:15:01:e2:93
Signer

Actual PE Digest

51:99:40:ce:6c:83:a2:ef:b2:e3:a0:ac:0a:4a:9a:a2:71:3d:cd:ea:1e:80:4c:40:9a:f6:84:0e:15:01:e2:93

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
RegSetValueExW
RegSetKeySecurity
RegQueryInfoKeyW
RegGetKeySecurity
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
SetNamedSecurityInfoW
SetEntriesInAclW
RegDeleteTreeW
RegDeleteKeyExW

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateLayeredWindow
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
TrackMouseEvent
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRectEmpty
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongW
SetCapture
SetActiveWindow
SendNotifyMessageW
SendMessageTimeoutW
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MapWindowPoints
MapVirtualKeyW
LoadKeyboardLayoutW
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
ExitWindowsEx
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
wsprintfW
SwitchToThisWindow
SetProcessDefaultLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
lstrcpyA
lstrcpyW
lstrcmpiW
lstrcmpW
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualProtectEx
UnmapViewOfFile
SwitchToThread
SizeofResource
SignalObjectAndWait
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
QueueUserWorkItem
OpenProcess
OpenFileMappingW
OpenEventW
MulDiv
MoveFileExW
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsBadReadPtr
InitializeCriticalSection
GlobalFindAtomW
GlobalDeleteAtom
GlobalAddAtomW
GetVersionExW
GetTempPathW
GetSystemTime
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FormatMessageW
FindResourceW
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateProcessW
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
AddAtomW
CheckElevationEnabled
GetSystemWindowsDirectoryW
IsWow64Process
GetUserPreferredUILanguages

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
PlayEnhMetaFile
PatBlt
OffsetRgn
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetTextColor
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBkColor
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExcludeClipRect
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectW
CreateFontW
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
BitBlt
GdiAlphaBlend
SetLayout
GetLayout

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CLSIDFromString

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_AddMasked
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

shell32

ShellExecuteExW
ShellExecuteW
SHFileOperationW
ExtractIconExW
SHGetSpecialFolderPathW
SHAddToRecentDocs
ord896
SHDefExtractIconW
ILSaveToStream
ILLoadFromStreamEx

comdlg32

ChooseColorW

gdiplus

GdipDrawImageRectRectI
GdipDrawImageRectI
GdipDrawImageRect
GdipDrawImageI
GdipFillRectangleI
GdipFillRectangle
GdipSetInterpolationMode
GdipSetCompositingMode
GdipReleaseDC
GdipGetDC
GdipDeleteGraphics
GdipCreateFromHDC
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipDisposeImage
GdipLoadImageFromFile
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

shlwapi

SHAutoComplete
PathIsSystemFolderW
PathRemoveFileSpecW
PathParseIconLocationW
PathIsNetworkPathW
PathCanonicalizeW
PathAppendW
PathAddBackslashW
StrCatW
StrDupW
SHLoadIndirectString
SHOpenRegStream2W

ntdll

RtlAdjustPrivilege

uxtheme

ord16
ord7
ord92
ord121
ord120
ord50
SetWindowTheme

shcore

GetDpiForMonitor

crypt32

CryptStringToBinaryA

wintrust

WinVerifyTrust

Sections

.text
Size: 769KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES/StartIsBack/Styles/Windows 7.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/StartIsBack/msimg32.dll
.dll windows:1 windows x86 arch:x86

122bb6929b3599de2bbbecaee258c0bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
LoadLibraryA
WriteProcessMemory
lstrcatA

advapi32

RegCreateKeyExA
RegDeleteKeyExA

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
vSetDdrawflag

Sections

.text
Size: 1024B - Virtual size: 1022B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/StartAllBack/StartAllBackX64.dll
.dll windows:6 windows x64 arch:x64

79b497465d93a0f2cee8170971eb7807

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02/02/2023, 13:11

Not After

03/02/2024, 13:11

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:84:c1:54:b0:ae:30:24:92:9a:46:9b:81:96:85:a0:4a:85:8b:67:43:71:7d:9a:07:55:e4:c9:9c:c1:e3:95
Signer

Actual PE Digest

a1:84:c1:54:b0:ae:30:24:92:9a:46:9b:81:96:85:a0:4a:85:8b:67:43:71:7d:9a:07:55:e4:c9:9c:c1:e3:95

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\StartAllBack\StartIsBack11\Release\StartAllBackX64.pdb

Imports

shlwapi

StrNCatW
StrCpyNW
StrCmpNIW
ord219
PathParseIconLocationW
PathAddBackslashW
StrStrIW
StrCSpnA
StrStrIA
HashData
StrStrNIW
ord158
ord215
StrTrimW
ord513
ord212
ord512
ord184
ord388
PathIsNetworkPathW
StrCmpIW
ord168
PathIsRootW
PathStripToRootW
PathIsFileSpecW
ord256
PathRemoveExtensionW
PathIsUNCW
PathIsDirectoryW
PathIsRelativeW
SHRegGetValueW
PathAppendW
SHStrDupW
UrlIsW
PathCreateFromUrlW
PathFindExtensionW
StrCmpNW
ord176
SHOpenRegStream2W
ord12
PathRemoveBlanksW
ord174
ord172
SHGetValueW
StrCmpW
SHCreateStreamOnFileW
PathFindFileNameW
PathRemoveBackslashW
PathFileExistsW
StrToIntW
ord16
StrStrW
PathRemoveFileSpecW
ord487

dwmapi

DwmEnableBlurBehindWindow
DwmSetWindowAttribute
DwmExtendFrameIntoClientArea
ord138
ord141
DwmTransitionOwnedWindow
ord139
ord113
ord159
ord163
ord164
ord187
DwmGetWindowAttribute
DwmInvalidateIconicBitmaps
DwmFlush
DwmSetIconicThumbnail
ord140
DwmUpdateThumbnailProperties

uxtheme

IsThemePartDefined
GetThemePropertyOrigin
GetThemeTextExtent
GetThemeRect
GetThemeBackgroundExtent
GetThemeBackgroundRegion
GetThemeBool
GetThemeFont
GetThemeMetric
ord121
ord120
ord126
ord50
ord138
ord140
ord135
ord49
ord74
ord133
ord132
GetThemeMargins
GetWindowTheme
GetBufferedPaintTargetDC
GetThemePartSize
GetCurrentThemeName
EndBufferedAnimation
DrawThemeBackground
SetWindowTheme
GetThemeBackgroundContentRect
SetWindowThemeAttribute
OpenThemeData
GetThemeBitmap
CloseThemeData
GetThemeInt
BeginBufferedPaint
EndBufferedPaint
GetThemeEnumValue
GetThemeColor
ord47
DrawThemeParentBackground
OpenThemeDataForDpi
DrawThemeTextEx
BufferedPaintSetAlpha
IsThemeBackgroundPartiallyTransparent

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory
RoInitialize
RoUninitialize

ntdll

RtlCaptureContext
NtQueryWnfStateData
RtlAdjustPrivilege
NtQueryInformationToken
RtlInitUnicodeString

msvcrt

strcmp
sin
memset
memmove
memcpy
memcmp
vsprintf_s
??2@YAPEAX_K@Z
wcschr
_wcsnicmp
wcscpy_s
wcscat_s
wcsncmp
malloc
free
_wcsicmp
vswprintf_s
isspace
tolower
isprint
_vsnwprintf
wcsstr
wcstok_s
abort
__C_specific_handler
wcsncpy_s
??_U@YAPEAX_K@Z
_wtoi
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
atoi
??1type_info@@UEAA@XZ
__dllonexit
_unlock
wcscmp
_lock
_onexit
__CxxFrameHandler3
_XcptFilter
_initterm
_amsg_exit
cos
acos
bsearch

gdi32

CreateDIBSection
GetCharWidth32W
GetGlyphIndicesW
GetLayout
SelectClipRgn
OffsetClipRgn
GetObjectType
StretchDIBits
GetTextExtentExPointW
SetBkMode
GetDCDpiScaleValue
GdiDrawStream
TextOutW
CreateCompatibleDC
GetBitmapBits
GetDCBrushColor
StretchBlt
GetBkColor
GetBkMode
SetBoundsRect
GetBoundsRect
OffsetRgn
CreateCompatibleBitmap
SetViewportOrgEx
GetTextExtentPoint32W
GetDeviceCaps
AddFontResourceExW
SelectObject
GetObjectW
GdiAlphaBlend
DeleteDC
CreateBitmap
DeleteObject
SetBitmapBits
CreateRectRgn
GetClipBox
CreateSolidBrush
CreateFontIndirectW
GetTextExtentPointW
SetLayout
BitBlt
SaveDC
ExcludeClipRect
RestoreDC
SetBkColor
GetStockObject
SetTextColor
ExtTextOutW
CreateRectRgnIndirect
GetCurrentObject
CombineRgn
GetRgnBox
GdiFlush
SetWindowOrgEx
GetTextColor
CreateFontW

user32

RegisterWindowMessageW
GetWindowLongPtrW
SendMessageTimeoutW
GetWindowLongW
SetWindowLongPtrW
GetSystemMetricsForDpi
SetWindowRgn
RemovePropW
SendMessageW
GetClassNameW
EnumChildWindows
DefWindowProcW
EqualRect
IsZoomed
SetClassLongPtrW
GetSysColorBrush
RegisterClassW
TrackPopupMenu
TrackPopupMenuEx
GetMenuItemInfoW
InvalidateRect
SystemParametersInfoForDpi
InflateRect
SetFocus
GetDoubleClickTime
SetWindowPos
ShowWindow
IsWindowVisible
RedrawWindow
GetDCEx
ReleaseDC
FillRect
GetDlgItem
BeginPaint
EndPaint
GetWindowInfo
OffsetRect
GetWindowDC
GetClassLongPtrW
GetSystemMetrics
GetComboBoxInfo
SystemParametersInfoW
FindWindowW
UpdateWindow
AnimateWindow
DrawFocusRect
LoadImageW
UnhookWindowsHookEx
CallNextHookEx
SetPropW
GetWindowThreadProcessId
SetWinEventHook
CreateWindowExW
GetGUIThreadInfo
IsChild
MonitorFromWindow
UpdateLayeredWindow
GetWindowRgn
DestroyWindow
GetMonitorInfoW
SetRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetWindow
LockSetForegroundWindow
GetFocus
IsWindow
SetLayeredWindowAttributes
PeekMessageW
NotifyWinEvent
DispatchMessageW
GetMessagePos
WindowFromPoint
ScreenToClient
ClientToScreen
TrackMouseEvent
GetCapture
GetNextDlgGroupItem
CreatePopupMenu
InsertMenuW
LoadMenuW
GetMenuStringW
GetSubMenu
DestroyMenu
CheckMenuRadioItem
GetMenuItemCount
CheckMenuItem
ReleaseCapture
PtInRect
DragDetect
SetCapture
SetMenuItemBitmaps
DrawTextW
UnhookWinEvent
IsCharAlphaNumericA
RegisterClassExW
DestroyIcon
PostQuitMessage
SetThreadDpiAwarenessContext
GetCursorPos
MonitorFromPoint
SetWindowTextW
MsgWaitForMultipleObjectsEx
SetForegroundWindow
GetForegroundWindow
SetMenuDefaultItem
CreateDialogParamW
GetDlgItemTextW
SetDlgItemTextW
IntersectRect
SendDlgItemMessageW
EndDialog
DialogBoxParamW
GetActiveWindow
GetIconInfo
WindowFromDC
GetMessageExtraInfo
GetMenuBarInfo
GetMenuInfo
SetMenuInfo
GetSystemMenu
IsMenu
SetMessageExtraInfo
SetMenuItemInfoW
DeleteMenu
AppendMenuW
GetMenuItemID
TranslateMessage
GetMenuDefaultItem
GetAsyncKeyState
GetDC
GetShellWindow
ExitWindowsEx
GetMenuState
EnableWindow
IsCharAlphaNumericW
IsCharAlphaW
CharNextW
CallWindowProcW
CharLowerW
EnumThreadWindows
SetSysColors
SystemParametersInfoA
GetDesktopWindow
LoadImageA
SwitchToThisWindow
GetLayeredWindowAttributes
IsRectEmpty
UnregisterClassW
MonitorFromRect
FrameRect
InternalGetWindowText
GetWindowPlacement
IsIconic
CopyRect
ShowWindowAsync
PrintWindow
ModifyMenuW
EnumDisplayMonitors
DrawEdge
DrawTextExW
GetUpdateRect
SetWindowLongW
CalculatePopupWindowPosition
DrawIconEx
UnionRect
GetWindowRgnBox
SetRectEmpty
EnumWindows
CheckDlgButton
IsDlgButtonChecked
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetCursorInfo
AllowSetForegroundWindow
CopyImage
SetCursorPos
SubtractRect
PostThreadMessageW
RegisterHotKey
GetDpiForSystem
SetActiveWindow
RegisterClipboardFormatW
ChildWindowFromPointEx
InsertMenuItemW
GetMessageW
GetCurrentInputMessageSource
GetCIMSSM
KillTimer
SetTimer
GetDpiForWindow
GetClientRect
GetPropW
GetAncestor
MapWindowPoints
GetWindowRect
GetParent
GetWindowTextW
FindWindowExW
PostMessageW
LoadStringW
GetSysColor
LoadCursorW
SetCursor
CreateIconIndirect
GetKeyState
wsprintfW
wsprintfA
GetClassWord
SetWindowCompositionAttribute
GetWindowBand
ord2509
ord2510
SetWindowBand
ord2005
SetWindowsHookExW
GetDpiForMonitorInternal

kernel32

GetTempPathW
SetFileAttributesW
GetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
lstrcmpiA
SetUnhandledExceptionFilter
ProcessIdToSessionId
LCMapStringW
GetModuleFileNameW
CreateProcessW
CreateTimerQueueTimer
DeleteTimerQueueTimer
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
MoveFileW
lstrcpynW
TlsSetValue
TlsAlloc
FindPackagesByPackageFamily
TlsGetValue
GetPackagesByPackageFamily
ParseApplicationUserModelId
QueueUserAPC
QueueUserWorkItem
GlobalFree
GlobalAlloc
GetSystemFirmwareTable
CreateFileA
Sleep
SetEvent
UnregisterWaitEx
RegisterWaitForSingleObject
ExpandEnvironmentStringsW
SubmitThreadpoolWork
GetCurrentThread
GetThreadPriority
LocalFree
LocalAlloc
MoveFileExW
DeleteFileW
CreateThreadpool
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
FindFirstFileW
FindNextFileW
FindClose
LoadLibraryW
GetWindowsDirectoryW
OpenProcess
QueryFullProcessImageNameW
CreateMutexW
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
ResolveDelayLoadedAPI
GetProcessId
IsBadReadPtr
TerminateProcess
ExitThread
GlobalLock
GlobalUnlock
IsBadCodePtr
GetApplicationUserModelId
GetVersionExW
DisableThreadLibraryCalls
GetCurrentActCtx
GlobalAddAtomW
GetUserDefaultUILanguage
GetComputerNameExW
DebugBreak
lstrcpynA
RtlVirtualUnwind
RtlLookupFunctionEntry
CompareFileTime
DeleteCriticalSection
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
GetModuleHandleExW
GetCurrentProcessId
CreateEventW
QueryPerformanceCounter
UnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
DelayLoadFailureHook
WaitForSingleObjectEx
SleepEx
IsWow64Process2
PackageFamilyNameFromFullName
GetSystemWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
lstrlenW
CreateFileW
DeviceIoControl
CloseHandle
lstrcpyA
OutputDebugStringA
lstrlenA
lstrcatA
GetSystemTimeAsFileTime
FileTimeToSystemTime
lstrcpyW
lstrcmpiW
RaiseException
GetUserPreferredUILanguages
MulDiv
VirtualProtect
GetFileAttributesExW
InitOnceExecuteOnce
GetProcAddress
GetCurrentThreadId
LoadLibraryExW
InitOnceBeginInitialize
InitOnceComplete
lstrcmpW
FindResourceW
LoadResource
SizeofResource
CompareStringOrdinal
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
InitializeCriticalSection
WaitForSingleObject
CreateThread
SetThreadPriority
GetTickCount
ActivateActCtx
DeactivateActCtx
FindAtomW
AddAtomW
DeleteAtom
FreeLibrary
OpenEventW

advapi32

RegSetValueW
GetUserNameW
RegQueryValueW
RegEnumKeyExW
RegDeleteTreeW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegDeleteKeyValueW
RegEnumKeyW
RegOpenKeyW
GetSidSubAuthority
RegGetValueW
RegSetKeyValueW
RegCreateKeyW
RegQueryInfoKeyW
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegQueryValueA
RegOpenKeyExA

shell32

ord85
SHFileOperationW
SHAppBarMessage
ord62
ord645
ord644
SHCreateItemWithParent
ord155
ord152
ord16
ord18
ord25
ord190
ord256
SHCreateDataObject
SHCreateDefaultContextMenu
AssocCreateForClasses
SHCreateShellItemArrayFromIDLists
SHGetStockIconInfo
SHCreateItemFromParsingName
ord6
SHCreateShellItemArrayFromDataObject
SHAssocEnumHandlers
SHGetKnownFolderPath
ord100
SHBindToObject
ShellExecuteExW
ord846
ord27
ord21
ord68
SHGetKnownFolderIDList
ord22
ord132
ord2
ord4
ord134
SHGetFileInfoW
SHGetIDListFromObject
SHCreateItemInKnownFolder
SHGetPropertyStoreForWindow
ShellExecuteW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHCreateItemFromIDList
SHCreateDefaultExtractIcon
SHGetFolderPathW
SHChangeNotify
SHGetNameFromIDList
ord162
Shell_GetCachedImageIndexW
SHOpenFolderAndSelectItems
SHGetSpecialFolderPathW
ord193
SHBindToParent
ord23
ord727
ord17
SHGetFolderLocation
SHGetDesktopFolder
ord98
SHParseDisplayName
ord88

ole32

StringFromGUID2
CoInitializeEx
CreateStreamOnHGlobal
CoGetInterfaceAndReleaseStream
ReleaseStgMedium
CoAllowSetForegroundWindow
CoCreateFreeThreadedMarshaler
PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoWaitForMultipleHandles
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoInitialize
RevokeDragDrop
RegisterDragDrop
CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GlassControls
LoadSVG
LoadSVGOrb
PickGlyphDlg
Startup
UninstallW
Uninstall_AllUsersW

Sections

.text
Size: 491KB - Virtual size: 490KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/StartAllBack/Styles/Windows 7.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/AeroRoundShiny-Architecture.theme
$WINDIR/Resources/Themes/AeroRoundShiny-Characters.theme
$WINDIR/Resources/Themes/AeroRoundShiny-Default.theme
$WINDIR/Resources/Themes/AeroRoundShiny-Landscapes.theme
$WINDIR/Resources/Themes/AeroRoundShiny-Nature.theme
$WINDIR/Resources/Themes/AeroRoundShiny-Scenes.theme
$WINDIR/Resources/Themes/Windows Aero/Cursors/Install.inf
$WINDIR/Resources/Themes/Windows Aero/Cursors/aero_alt.cur
$WINDIR/Resources/Themes/Windows Aero/Cursors/aero_arrow.cur
$WINDIR/Resources/Themes/Windows Aero/Cursors/aero_busy.ani
$WINDIR/Resources/Themes/Windows Aero/Cursors/aero_ew.cur
$WINDIR/Resources/Themes/Windows Aero/Cursors/aero_helpsel.cur
$WINDIR/Resources/Themes/Windows Aero/Cursors/aero_link.cur
$WINDIR/Resources/Themes/Windows Aero/Cursors/aero_move.cur
$WINDIR/Resources/Themes/Windows Aero/Cursors/aero_nesw.cur
$WINDIR/Resources/Themes/Windows Aero/Cursors/aero_ns.cur
$WINDIR/Resources/Themes/Windows Aero/Cursors/aero_nwse.cur
$WINDIR/Resources/Themes/Windows Aero/Cursors/aero_pen.cur
$WINDIR/Resources/Themes/Windows Aero/Cursors/aero_prec.cur
$WINDIR/Resources/Themes/Windows Aero/Cursors/aero_select.cur
$WINDIR/Resources/Themes/Windows Aero/Cursors/aero_unavail.cur
$WINDIR/Resources/Themes/Windows Aero/Cursors/aero_up.cur
$WINDIR/Resources/Themes/Windows Aero/Cursors/aero_working.ani
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Afternoon/Desktop.ini
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Afternoon/Windows Balloon.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Afternoon/Windows Battery Critical.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Afternoon/Windows Battery Low.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Afternoon/Windows Critical Stop.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Afternoon/Windows Default.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Afternoon/Windows Ding.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Afternoon/Windows Error.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Afternoon/Windows Exclamation.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Afternoon/Windows Feed Discovered.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Afternoon/Windows Hardware Fail.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Afternoon/Windows Hardware Insert.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Afternoon/Windows Hardware Remove.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Afternoon/Windows Information Bar.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Afternoon/Windows Logoff Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Afternoon/Windows Logon Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Afternoon/Windows Navigation Start.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Afternoon/Windows Notify.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Afternoon/Windows Pop-up Blocked.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Afternoon/Windows Print complete.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Afternoon/Windows User Account Control.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Calligraphy/Desktop.ini
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Calligraphy/Windows Balloon.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Calligraphy/Windows Battery Critical.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Calligraphy/Windows Battery Low.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Calligraphy/Windows Critical Stop.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Calligraphy/Windows Default.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Calligraphy/Windows Ding.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Calligraphy/Windows Error.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Calligraphy/Windows Exclamation.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Calligraphy/Windows Feed Discovered.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Calligraphy/Windows Hardware Fail.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Calligraphy/Windows Hardware Insert.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Calligraphy/Windows Hardware Remove.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Calligraphy/Windows Information Bar.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Calligraphy/Windows Logoff Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Calligraphy/Windows Logon Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Calligraphy/Windows Navigation Start.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Calligraphy/Windows Notify.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Calligraphy/Windows Pop-up Blocked.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Calligraphy/Windows Print complete.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Calligraphy/Windows User Account Control.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Characters/Desktop.ini
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Characters/Windows Balloon.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Characters/Windows Battery Critical.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Characters/Windows Battery Low.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Characters/Windows Critical Stop.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Characters/Windows Default.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Characters/Windows Ding.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Characters/Windows Error.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Characters/Windows Exclamation.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Characters/Windows Feed Discovered.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Characters/Windows Hardware Fail.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Characters/Windows Hardware Insert.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Characters/Windows Hardware Remove.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Characters/Windows Information Bar.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Characters/Windows Logoff Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Characters/Windows Logon Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Characters/Windows Navigation Start.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Characters/Windows Notify.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Characters/Windows Pop-up Blocked.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Characters/Windows Print complete.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Characters/Windows User Account Control.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Cityscape/Desktop.ini
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Cityscape/Windows Balloon.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Cityscape/Windows Battery Critical.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Cityscape/Windows Battery Low.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Cityscape/Windows Critical Stop.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Cityscape/Windows Default.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Cityscape/Windows Ding.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Cityscape/Windows Error.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Cityscape/Windows Exclamation.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Cityscape/Windows Feed Discovered.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Cityscape/Windows Hardware Fail.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Cityscape/Windows Hardware Insert.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Cityscape/Windows Hardware Remove.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Cityscape/Windows Information Bar.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Cityscape/Windows Logoff Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Cityscape/Windows Logon Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Cityscape/Windows Navigation Start.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Cityscape/Windows Notify.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Cityscape/Windows Pop-up Blocked.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Cityscape/Windows Print complete.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Cityscape/Windows User Account Control.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Delta/Desktop.ini
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Delta/Windows Balloon.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Delta/Windows Battery Critical.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Delta/Windows Battery Low.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Delta/Windows Critical Stop.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Delta/Windows Default.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Delta/Windows Ding.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Delta/Windows Error.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Delta/Windows Exclamation.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Delta/Windows Feed Discovered.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Delta/Windows Hardware Fail.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Delta/Windows Hardware Insert.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Delta/Windows Hardware Remove.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Delta/Windows Information Bar.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Delta/Windows Logoff Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Delta/Windows Logon Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Delta/Windows Navigation Start.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Delta/Windows Notify.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Delta/Windows Pop-up Blocked.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Delta/Windows Print complete.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Delta/Windows User Account Control.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Festival/Desktop.ini
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Festival/Windows Balloon.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Festival/Windows Battery Critical.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Festival/Windows Battery Low.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Festival/Windows Critical Stop.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Festival/Windows Default.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Festival/Windows Ding.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Festival/Windows Error.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Festival/Windows Exclamation.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Festival/Windows Feed Discovered.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Festival/Windows Hardware Fail.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Festival/Windows Hardware Insert.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Festival/Windows Hardware Remove.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Festival/Windows Information Bar.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Festival/Windows Logoff Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Festival/Windows Logon Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Festival/Windows Navigation Start.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Festival/Windows Notify.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Festival/Windows Pop-up Blocked.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Festival/Windows Print complete.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Festival/Windows User Account Control.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Garden/Desktop.ini
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Garden/Windows Balloon.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Garden/Windows Battery Critical.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Garden/Windows Battery Low.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Garden/Windows Critical Stop.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Garden/Windows Default.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Garden/Windows Ding.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Garden/Windows Error.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Garden/Windows Exclamation.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Garden/Windows Feed Discovered.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Garden/Windows Hardware Fail.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Garden/Windows Hardware Insert.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Garden/Windows Hardware Remove.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Garden/Windows Information Bar.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Garden/Windows Logoff Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Garden/Windows Logon Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Garden/Windows Navigation Start.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Garden/Windows Notify.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Garden/Windows Pop-up Blocked.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Garden/Windows Print complete.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Garden/Windows User Account Control.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Heritage/Desktop.ini
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Heritage/Windows Balloon.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Heritage/Windows Battery Critical.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Heritage/Windows Battery Low.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Heritage/Windows Critical Stop.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Heritage/Windows Default.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Heritage/Windows Ding.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Heritage/Windows Error.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Heritage/Windows Exclamation.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Heritage/Windows Feed Discovered.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Heritage/Windows Hardware Fail.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Heritage/Windows Hardware Insert.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Heritage/Windows Hardware Remove.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Heritage/Windows Information Bar.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Heritage/Windows Logoff Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Heritage/Windows Logon Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Heritage/Windows Navigation Start.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Heritage/Windows Notify.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Heritage/Windows Pop-up Blocked.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Heritage/Windows Print complete.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Heritage/Windows User Account Control.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Landscapes/Desktop.ini
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Landscapes/Windows Balloon.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Landscapes/Windows Battery Critical.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Landscapes/Windows Battery Low.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Landscapes/Windows Critical Stop.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Landscapes/Windows Default.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Landscapes/Windows Ding.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Landscapes/Windows Error.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Landscapes/Windows Exclamation.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Landscapes/Windows Feed Discovered.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Landscapes/Windows Hardware Fail.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Landscapes/Windows Hardware Insert.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Landscapes/Windows Hardware Remove.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Landscapes/Windows Information Bar.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Landscapes/Windows Logoff Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Landscapes/Windows Logon Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Landscapes/Windows Navigation Start.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Landscapes/Windows Notify.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Landscapes/Windows Pop-up Blocked.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Landscapes/Windows Print complete.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Landscapes/Windows User Account Control.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Quirky/Desktop.ini
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Quirky/Windows Balloon.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Quirky/Windows Battery Critical.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Quirky/Windows Battery Low.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Quirky/Windows Critical Stop.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Quirky/Windows Default.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Quirky/Windows Ding.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Quirky/Windows Error.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Quirky/Windows Exclamation.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Quirky/Windows Feed Discovered.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Quirky/Windows Hardware Fail.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Quirky/Windows Hardware Insert.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Quirky/Windows Hardware Remove.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Quirky/Windows Information Bar.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Quirky/Windows Logoff Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Quirky/Windows Logon Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Quirky/Windows Navigation Start.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Quirky/Windows Notify.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Quirky/Windows Pop-up Blocked.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Quirky/Windows Print complete.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Quirky/Windows User Account Control.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Raga/Desktop.ini
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Raga/Windows Balloon.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Raga/Windows Battery Critical.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Raga/Windows Battery Low.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Raga/Windows Critical Stop.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Raga/Windows Default.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Raga/Windows Ding.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Raga/Windows Error.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Raga/Windows Exclamation.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Raga/Windows Feed Discovered.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Raga/Windows Hardware Fail.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Raga/Windows Hardware Insert.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Raga/Windows Hardware Remove.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Raga/Windows Information Bar.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Raga/Windows Logoff Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Raga/Windows Logon Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Raga/Windows Navigation Start.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Raga/Windows Notify.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Raga/Windows Pop-up Blocked.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Raga/Windows Print complete.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Raga/Windows User Account Control.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Random/Info.txt
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Random/Speech Disambiguation.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Random/Speech Misrecognition.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Random/Speech Off.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Random/Speech On.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Random/Speech Sleep.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Random/chimes.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Random/chord.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Random/ding.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Random/flourish.mid
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Random/ir_begin.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Random/ir_end.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Random/ir_inter.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Random/notify.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Random/onestop.mid
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Random/recycle.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Random/ringout.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Random/tada.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Random/town.mid
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Savanna/Desktop.ini
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Savanna/Windows Balloon.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Savanna/Windows Battery Critical.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Savanna/Windows Battery Low.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Savanna/Windows Critical Stop.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Savanna/Windows Default.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Savanna/Windows Ding.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Savanna/Windows Error.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Savanna/Windows Exclamation.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Savanna/Windows Feed Discovered.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Savanna/Windows Hardware Fail.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Savanna/Windows Hardware Insert.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Savanna/Windows Hardware Remove.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Savanna/Windows Information Bar.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Savanna/Windows Logoff Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Savanna/Windows Logon Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Savanna/Windows Navigation Start.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Savanna/Windows Notify.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Savanna/Windows Pop-up Blocked.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Savanna/Windows Print complete.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Savanna/Windows User Account Control.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Sonata/Desktop.ini
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Sonata/Windows Balloon.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Sonata/Windows Battery Critical.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Sonata/Windows Battery Low.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Sonata/Windows Critical Stop.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Sonata/Windows Default.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Sonata/Windows Ding.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Sonata/Windows Error.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Sonata/Windows Exclamation.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Sonata/Windows Feed Discovered.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Sonata/Windows Hardware Fail.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Sonata/Windows Hardware Insert.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Sonata/Windows Hardware Remove.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Sonata/Windows Information Bar.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Sonata/Windows Logoff Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Sonata/Windows Logon Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Sonata/Windows Navigation Start.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Sonata/Windows Notify.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Sonata/Windows Pop-up Blocked.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Sonata/Windows Print complete.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Sonata/Windows User Account Control.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Balloon.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Battery Critical.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Battery Low.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Critical Stop.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Default.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Ding.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Error.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Exclamation.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Feed Discovered.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Hardware Fail.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Hardware Insert.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Hardware Remove.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Information Bar.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Logoff Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Logon Sound.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Menu Command.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Minimize.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Navigation Start.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Notify.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Pop-up Blocked.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Print complete.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Recycle.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Restore.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Ringin.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Ringout.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Shutdown.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows Startup.wav
$WINDIR/Resources/Themes/Windows Aero/SoundSchemes/Windows/Windows User Account Control.wav
$WINDIR/Resources/Themes/Windows Aero/Styles/10240/10240.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/10240/Shell/NormalColor/en-US/shellstyle.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/10240/Shell/NormalColor/shellstyle.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 345KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/10586/10586.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/10586/Shell/NormalColor/en-US/shellstyle.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/10586/Shell/NormalColor/shellstyle.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 345KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/8/Shell/NormalColor/en-US/shellstyle.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/8/Shell/NormalColor/shellstyle.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 345KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/8/aero7.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/8/aero7.old.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/BasicRound/BasicRound.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/BasicRound/Logo.png
.png
$WINDIR/Resources/Themes/Windows Aero/Styles/BasicRound/Shell/NormalColor/en-US/shellstyle.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/BasicRound/Shell/NormalColor/shellstyle.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 717KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/BasicRound/Thumbs.db
$WINDIR/Resources/Themes/Windows Aero/Styles/BasicRound/en-US/BasicRound.msstyles.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/BasicSquare/BasicSquare.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/BasicSquare/Logo.png
.png
$WINDIR/Resources/Themes/Windows Aero/Styles/BasicSquare/Shell/NormalColor/en-US/shellstyle.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/BasicSquare/Shell/NormalColor/shellstyle.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 717KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/BasicSquare/Thumbs.db
$WINDIR/Resources/Themes/Windows Aero/Styles/BasicSquare/en-US/BasicSquare.msstyles.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/Redstone/Redstone.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/Redstone/en-US/shellstyle.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/Redstone/shell/NormalColor/en-US/shellstyle.dll (2).mui1
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/Redstone/shell/NormalColor/en-US/shellstyle.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/Redstone/shell/NormalColor/shellstyle.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Sections

.rsrc
Size: 972KB - Virtual size: 972KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/Redstone/shell/NormalColor2/en-US/shellstyle.dll.mui
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/Redstone/shell/NormalColor2/shellstyle.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 342KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/RoundClear/AeroRoundClear.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/RoundClear/Logo.png
.png
$WINDIR/Resources/Themes/Windows Aero/Styles/RoundClear/Shell/NormalColor/en-US/shellstyle.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/RoundClear/Shell/NormalColor/shellstyle.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 717KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/RoundClear/Thumbs.db
$WINDIR/Resources/Themes/Windows Aero/Styles/RoundClear/en-US/AeroRoundClear.msstyles.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/RoundShiny/AeroRoundShiny.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/RoundShiny/Logo.png
.png
$WINDIR/Resources/Themes/Windows Aero/Styles/RoundShiny/Shell/NormalColor/en-US/shellstyle.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/RoundShiny/Shell/NormalColor/shellstyle.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 717KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/RoundShiny/Thumbs.db
$WINDIR/Resources/Themes/Windows Aero/Styles/RoundShiny/en-US/AeroRoundShiny.msstyles.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/SquareClear/AeroSquareClear.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/SquareClear/Logo.png
.png
$WINDIR/Resources/Themes/Windows Aero/Styles/SquareClear/Shell/NormalColor/en-US/shellstyle.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/SquareClear/Shell/NormalColor/shellstyle.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 717KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/SquareClear/Thumbs.db
$WINDIR/Resources/Themes/Windows Aero/Styles/SquareClear/en-US/AeroSquareClear.msstyles.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/SquareShiny/AeroSquareShiny.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/SquareShiny/Logo.png
.png
$WINDIR/Resources/Themes/Windows Aero/Styles/SquareShiny/Shell/NormalColor/en-US/shellstyle.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/SquareShiny/Shell/NormalColor/shellstyle.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 717KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/Styles/SquareShiny/en-US/AeroSquareShiny.msstyles.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Resources/Themes/Windows Aero/ThemeFiles/10240/AeroRoundShiny-Architecture.theme
$WINDIR/Resources/Themes/Windows Aero/ThemeFiles/10240/AeroRoundShiny-Characters.theme
$WINDIR/Resources/Themes/Windows Aero/ThemeFiles/10240/AeroRoundShiny-Default.theme
$WINDIR/Resources/Themes/Windows Aero/ThemeFiles/10240/AeroRoundShiny-Landscapes.theme
$WINDIR/Resources/Themes/Windows Aero/ThemeFiles/10240/AeroRoundShiny-Nature.theme
$WINDIR/Resources/Themes/Windows Aero/ThemeFiles/10240/AeroRoundShiny-Scenes.theme
$WINDIR/Resources/Themes/Windows Aero/ThemeFiles/Current/AeroRoundShiny-Architecture.theme
$WINDIR/Resources/Themes/Windows Aero/ThemeFiles/Current/AeroRoundShiny-Characters.theme
$WINDIR/Resources/Themes/Windows Aero/ThemeFiles/Current/AeroRoundShiny-Default.theme
$WINDIR/Resources/Themes/Windows Aero/ThemeFiles/Current/AeroRoundShiny-Landscapes.theme
$WINDIR/Resources/Themes/Windows Aero/ThemeFiles/Current/AeroRoundShiny-Nature.theme
$WINDIR/Resources/Themes/Windows Aero/ThemeFiles/Current/AeroRoundShiny-Scenes.theme
$WINDIR/System32/OpenTheme.dll
.dll windows:6 windows x64 arch:x64

3304b5d4fdb8684b95cd15b7033f5f77

Code Sign

12:76:97:f2:09:ae:19:f0:de:c4:5a
Certificate

Issuer

CN=GLOBALTRUST 2020,O=e-commerce monitoring GmbH,C=AT

Not Before

16/02/2021, 00:00

Not After

10/06/2040, 00:00

Subject

CN=GLOBALTRUST 2020 CODESIGNING 1,O=e-commerce monitoring GmbH,C=AT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:39:eb:b2:b5:aa:b6:f1:9e:69:be
Certificate

Issuer

CN=GLOBALTRUST 2020 CODESIGNING 1,O=e-commerce monitoring GmbH,C=AT

Not Before

05/07/2023, 15:14

Not After

08/07/2024, 17:14

Subject

CN=namazso.eu,O=namazso,L=Debrecen,C=HU,1.2.840.113549.1.9.1=#0c1061646d696e406e616d617a736f2e6575

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:60:61:64:40:b2:16:0d:c2:c0:5a:aa:c4:b6:29:e0:21:ba:23:62:0c:da:e2:a9:4b:f2:1e:30:72:fe:49:33
Signer

Actual PE Digest

ee:60:61:64:40:b2:16:0d:c2:c0:5a:aa:c4:b6:29:e0:21:ba:23:62:0c:da:e2:a9:4b:f2:1e:30:72:fe:49:33

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

LdrDisableThreadCalloutsForDll
NtQueryInformationToken
NtCreateEvent
NtProtectVirtualMemory
_wcsnicmp
vswprintf_s
RtlInitUnicodeString

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 330B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SAB.exe
.exe windows:6 windows x64 arch:x64

ad3431370c5650939f6ad3d7023cc918

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02/02/2023, 13:11

Not After

03/02/2024, 13:11

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:5e:a7:67:02:3c:e6:88:04:24:4e:4c:b2:fc:27:dc:be:a5:d2:a4:de:38:dc:bc:fc:3f:cc:32:83:df:43:da
Signer

Actual PE Digest

72:5e:a7:67:02:3c:e6:88:04:24:4e:4c:b2:fc:27:dc:be:a5:d2:a4:de:38:dc:bc:fc:3f:cc:32:83:df:43:da

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
_exit
_ismbblead
_cexit
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
free
_commode
_fmode
__getmainargs
wcsncpy_s
wcscat_s
__set_app_type
memmove
?terminate@@YAXXZ
memcpy
_XcptFilter
wcscpy_s
_beginthreadex
malloc
memset

kernel32

GetCurrentDirectoryW
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetExitCodeProcess
GetTickCount
GetModuleHandleW
GetCurrentProcessId
SetCurrentDirectoryW
GetCurrentThreadId
GetFileAttributesW
WaitForSingleObject
GetTempPathW
GetModuleFileNameW
GetCommandLineW
CreateDirectoryW
CloseHandle
ReadFile
WriteFile
SetFilePointer
CreateFileW
GetLastError

user32

GetSysColorBrush
PostQuitMessage
GetMessageW
CreateDialogParamW
FindWindowExW
FillRect
SendMessageW
ShowWindow
DispatchMessageW

gdi32

GetStockObject
GetClipBox

shell32

ShellExecuteExW
SHFileOperationW

ole32

CoInitialize

comctl32

ord344
ord17

shlwapi

StrStrIW

dwmapi

DwmSetWindowAttribute
DwmExtendFrameIntoClientArea

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SIB10.exe
.exe windows:6 windows x86 arch:x86

b630fa236ce275df86813af5b4f05d53

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/02/2024, 14:45

Not After

10/03/2027, 14:45

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

81:06:24:27:62:e3:0a:7e:5f:65:1c:af:4d:31:82:43:45:44:57:16:7d:2d:43:76:50:4e:f0:d4:8c:02:e4:39
Signer

Actual PE Digest

81:06:24:27:62:e3:0a:7e:5f:65:1c:af:4d:31:82:43:45:44:57:16:7d:2d:43:76:50:4e:f0:d4:8c:02:e4:39

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
wcsncpy_s
wcscpy_s
wcscat_s
memmove
_beginthreadex
memset
memcpy
malloc
free

kernel32

SetFilePointer
GetProcAddress
FreeLibrary
RaiseException
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetModuleHandleW
GetModuleFileNameW
GetTickCount
GetCurrentThreadId
GetExitCodeProcess
GetCurrentProcessId
WaitForSingleObject
GetTempPathW
GetFileAttributesW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetCommandLineW
CreateFileW
ReadFile
LoadLibraryExA
WriteFile
CloseHandle
GetLastError

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SIB8.exe
.exe windows:4 windows x86 arch:x86

0b96bfb4aed20508029b028a4dff1761

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

24
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

24/10/2007, 22:01

Not After

24/10/2017, 22:01

Subject

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:17
Certificate

Issuer

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

26/11/2012, 07:32

Not After

27/11/2014, 12:00

Subject

CN=STANISLAV ZINUKHOV,L=Moscow,ST=Moscow City,C=RU,1.2.840.113549.1.9.1=#0c1474696869792e6d6f7a6740676d61696c2e636f6d,2.5.4.13=#131065536d4c6831656f306a6f3652464135

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

92:11:ce:87:a5:4c:63:18:e0:2b:b9:e0:3a:ce:26:22:20:79:6a:ee
Signer

Actual PE Digest

92:11:ce:87:a5:4c:63:18:e0:2b:b9:e0:3a:ce:26:22:20:79:6a:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantClear
SysAllocString

user32

SendMessageA
SetTimer
KillTimer
DialogBoxParamA
SetWindowLongA
GetWindowLongA
SetWindowTextW
SetWindowTextA
LoadIconA
LoadStringW
LoadStringA
CharUpperW
CharUpperA
DestroyWindow
EndDialog
PostMessageA
ShowWindow
MessageBoxW
GetDlgItem
DialogBoxParamW

shell32

ShellExecuteExA

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memcpy
free
malloc
_CxxThrowException
_purecall
memmove
__CxxFrameHandler
memcmp

kernel32

CloseHandle
GetStartupInfoA
GetModuleHandleA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventA
VirtualFree
VirtualAlloc
Sleep
WaitForMultipleObjects
GetStdHandle
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileA
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
GetTempPathA
GetTempPathW
GetCurrentDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
GetFullPathNameA
GetFullPathNameW
DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
SetFileAttributesA
SetFileAttributesW
SetLastError
CreateFileW
SetFileTime
FormatMessageA
FormatMessageW
LocalFree
GetModuleFileNameA
GetModuleFileNameW
GetLastError
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
GetCommandLineW
WaitForSingleObject
CreateProcessA

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SIB9.exe
.exe windows:4 windows x86 arch:x86

0b96bfb4aed20508029b028a4dff1761

Code Sign

52:71:f4:61:4e:0f:58:c8:9f:ee:1f:a7:21:1d:73:08
Certificate

Issuer

CN=StartCom Class 2 Object CA,OU=StartCom Certification Authority,O=StartCom Ltd.,C=IL

Not Before

05/02/2016, 00:15

Not After

05/02/2018, 00:15

Subject

CN=Stanislav Zinukhov,O=Stanislav Zinukhov,L=Moscow,ST=Moscow City,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6c:3b:d2:7e:dd:3c:94:9e:95:8e:28:a9:b3:c7:57:a0
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

16/12/2015, 01:00

Not After

16/12/2030, 01:00

Subject

CN=StartCom Class 2 Object CA,OU=StartCom Certification Authority,O=StartCom Ltd.,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d
Certificate

Issuer

CN=StartCom Certification Authority G2,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

be:86:82:21:8e:0a:a0:cd:0b:41:b2:1d:5c:5f:be:a8:7a:7c:51:b6:40:42:3b:08:b3:aa:9f:34:75:54:0d:a7
Signer

Actual PE Digest

be:86:82:21:8e:0a:a0:cd:0b:41:b2:1d:5c:5f:be:a8:7a:7c:51:b6:40:42:3b:08:b3:aa:9f:34:75:54:0d:a7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantClear
SysAllocString

user32

SendMessageA
SetTimer
KillTimer
DialogBoxParamA
SetWindowLongA
GetWindowLongA
SetWindowTextW
SetWindowTextA
LoadIconA
LoadStringW
LoadStringA
CharUpperW
CharUpperA
DestroyWindow
EndDialog
PostMessageA
ShowWindow
MessageBoxW
GetDlgItem
DialogBoxParamW

shell32

ShellExecuteExA

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memcpy
free
malloc
_CxxThrowException
_purecall
memmove
__CxxFrameHandler
memcmp

kernel32

CloseHandle
GetStartupInfoA
GetModuleHandleA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventA
VirtualFree
VirtualAlloc
Sleep
WaitForMultipleObjects
GetStdHandle
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileA
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
GetTempPathA
GetTempPathW
GetCurrentDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
GetFullPathNameA
GetFullPathNameW
DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
SetFileAttributesA
SetFileAttributesW
SetLastError
CreateFileW
SetFileTime
FormatMessageA
FormatMessageW
LocalFree
GetModuleFileNameA
GetModuleFileNameW
GetLastError
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
GetCommandLineW
WaitForSingleObject
CreateProcessA

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
explorer.bat
incontrol.exe
.exe windows:5 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 11KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
theme8.exe
.exe windows:4 windows x86 arch:x86

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 248KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SysRestore.dll
.dll windows:5 windows x86 arch:x86

985dc42ba384582f88fa4ebd866cc9b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalAlloc
lstrcpyW
lstrcpynW
GetProcAddress
LoadLibraryW
SetLastError
FreeLibrary
GetLastError

user32

wsprintfW

Exports

Exports

FinishRestorePoint
RemoveRestorePoint
StartRestorePoint
StartUnRestorePoint

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 587B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 514B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisFile.dll
.dll windows:4 windows x86 arch:x86

bc2dec22623add29834c35d9141fa2a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
lstrlenW
MultiByteToWideChar
WriteFile
SetFilePointer
SetEndOfFile
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
_wtoi
_itow
memmove
memcmp
memchr
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

BinToHex
FileFindBytes
FileReadBytes
FileTruncate
FileWriteBytes
HexToBin

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 731B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 218B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/image.bmp
Uninstall.exe
.exe windows:4 windows x86 arch:x86

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 248KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
themeui.dll.tmp
.dll windows:10 windows x64 arch:x64

5e52d91d49ed07eb890e9a0a6c21f0e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ThemeUI.pdb

Imports

msvcrt

__CxxFrameHandler3
sqrtf
_vsnwprintf
_vsnprintf
strchr
memcpy_s
_CxxThrowException
memcmp
memmove
memcpy
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
swscanf_s
wcschr
towupper
malloc
free
_wtoi
memset
wcscmp

shcore

SHDeleteValueW
SHRegSetPathW
ord290
ord162
ord170
SHUnicodeToUnicode
SHStrDupW
SHCreateStreamOnFileEx
ord190
SHCreateThreadWithHandle
IStream_Reset
ord142
ord292
IStream_Size
SHRegGetValueW
SHRegGetPathW
IsOS
ord222
SHCreateThread
ord123
SHDeleteKeyW
IUnknown_Set
IUnknown_SetSite
SHGetValueW
SHSetValueW

shell32

ord147
ord28
SHCreateItemFromIDList
SHFileOperationW
ord102
SHChangeNotify
SHCreateItemWithParent
ord18
SHCreateShellItemArrayFromIDLists
SHCreateShellItemArrayFromShellItem
SHQueryRecycleBinW
ord152
ord846
ord25
ord27
ord825
ord100
SHGetNameFromIDList
ord155
SHGetIDListFromObject
ord92
ExtractIconW
SHCreateItemFromParsingName
ord24
SHGetKnownFolderPath
SHGetFolderPathEx
SHParseDisplayName

shlwapi

PathIsFileSpecW
PathFindExtensionW
PathRemoveExtensionW
PathCombineW
StrStrW
PathAppendW
StrToIntW
PathQuoteSpacesW
StrCmpIW
StrDupW
StrCmpNW
UrlCompareW
PathRemoveFileSpecW
StrRStrIW
PathIsPrefixW
ord487
PathIsRelativeW
ord466
SHRegGetUSValueW
UrlEscapeW
ord464
StrCmpNIW
PathUnExpandEnvStringsW
StrStrIW
PathCommonPrefixW
ord433
PathAddBackslashW
ord448
PathIsDirectoryW
PathFindNextComponentW
StrFormatByteSizeW
PathStripToRootW
PathRemoveFileSpecA
PathStripPathA
StrRChrA
StrToIntExW
StrRChrW
StrChrW
ord460
PathFindFileNameW
ord23
StrCmpW
ord219
ord154
ord158
PathFileExistsW

api-ms-win-core-com-l1-1-1

CoTaskMemFree
StringFromGUID2
CoCreateGuid
StringFromCLSID
CreateStreamOnHGlobal
CoTaskMemRealloc
PropVariantClear
CoReleaseMarshalData
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoGetMalloc
CoUninitialize
CoInitializeEx
CLSIDFromString
CoTaskMemAlloc
CoCreateInstance

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-sysinfo-l1-2-1

GetSystemDirectoryW
GetTickCount
GetWindowsDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegGetValueW
RegCreateKeyExW
RegEnumValueW
RegEnumKeyExW
RegCloseKey

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
GetModuleHandleW
FreeLibraryAndExitThread
LoadStringW
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-errorhandling-l1-1-1

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
ReleaseSRWLockExclusive
ResetEvent
Sleep
DeleteCriticalSection
InitOnceComplete
WaitForSingleObject
SetEvent
OpenEventW
CreateEventW
InitializeCriticalSection
AcquireSRWLockExclusive
EnterCriticalSection
ReleaseMutex
CreateMutexW
LeaveCriticalSection

api-ms-win-core-debug-l1-1-1

IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
OpenProcessToken
GetCurrentThread
CreateProcessW
TerminateProcess
GetCurrentThreadId
GetExitCodeThread
OpenThreadToken
GetCurrentProcessId
ResumeThread
CreateThread

api-ms-win-core-heap-l1-2-0

HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-file-l1-2-1

LocalFileTimeToFileTime
GetFileAttributesExW
FindFirstFileExW
GetTempFileNameW
WriteFile
SetFileTime
SetFileAttributesW
GetDiskFreeSpaceExW
GetTempPathW
DeleteFileW
CompareFileTime
FindClose
FindNextFileW
FindFirstFileW
GetLongPathNameW
GetFileSize
SetFilePointer
ReadFile
CreateDirectoryW
CreateFileW
FileTimeToLocalFileTime

api-ms-win-core-string-l2-1-0

CharNextW
CharUpperBuffW
IsCharUpperW
CharLowerW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-localization-l1-2-1

FormatMessageW
LCMapStringW
GetLocaleInfoW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchRenameExtension
PathCchAddExtension
PathCchCombine

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
CreateThreadpoolWork
SubmitThreadpoolWork

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-rtlsupport-l1-2-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-memory-l1-1-2

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
ActivateActCtx
ReleaseActCtx
DeactivateActCtx

api-ms-win-core-kernel32-legacy-l1-1-1

MulDiv
DosDateTimeToFileTime
FileTimeToDosDateTime

api-ms-win-core-localization-obsolete-l1-3-0

GetNumberFormatW
GetUserDefaultUILanguage

api-ms-win-core-privateprofile-l1-1-1

GetPrivateProfileStringW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrlenW

ntdll

WinSqmAddToStream
WinSqmIsOptedIn
WinSqmSetDWORD
WinSqmIncrementDWORD
EtwEventActivityIdControl
EtwEventWriteTransfer
EtwEventSetInformation
EtwEventUnregister
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwEventWrite
EtwTraceMessage

gdi32

SetMagicColors
GetStockObject
ExtFloodFill
GetPixel
SetStretchBltMode
StretchBlt
CreateCompatibleBitmap
SaveDC
RestoreDC
CreateRectRgn
GetRegionData
GdiAlphaBlend
BitBlt
SetLayout
DeleteObject
SelectObject
CreateCompatibleDC
CreateDIBSection
CreateSolidBrush
CreateFontIndirectW
SetBkMode
SetTextColor
GetObjectW
GetDeviceCaps
DeleteDC

user32

GetDlgCtrlID
InvalidateRect
DrawIconEx
MoveWindow
EnumChildWindows
EndTask
SendMessageTimeoutW
SetWindowLongW
LoadIconW
SetDlgItemTextW
SetDlgItemInt
IsDlgButtonChecked
CheckDlgButton
GetDlgItemInt
DestroyIcon
LoadBitmapW
SendDlgItemMessageW
RegisterClassW
GetClassInfoW
RedrawWindow
CallWindowProcW
GetWindow
IsWindow
GetDlgItem
EnableWindow
SendMessageW
GetFocus
LoadImageW
WaitForInputIdle
DrawTextW
GetWindowLongW
OffsetRect
GetSysColorBrush
GetMonitorInfoW
MonitorFromPoint
ValidateRect
SetForegroundWindow
ShowWindow
FillRect
GetClientRect
DefWindowProcW
EndPaint
BeginPaint
PostQuitMessage
KillTimer
DestroyWindow
SetTimer
GetWindowLongPtrW
GetMessageW
CreateWindowExW
CreateWindowInBand
GetSystemMetrics
SystemParametersInfoW
GetShellWindow
UnregisterClassW
SetWindowLongPtrW
RegisterClassExW
SendNotifyMessageW
FindWindowW
OpenIcon
CopyRect
InflateRect
MessageBoxW
PostThreadMessageW
LoadCursorW
SetCursor
SetSysColors
GetSysColor
ReleaseDC
GetDC
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
PostMessageW
GetParent
FindWindowExW
EnumWindows
GetClassNameW

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall

Sections

.text
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uxinit.dll.tmp
.dll windows:10 windows x64 arch:x64

2a467bac5f9b6cd47d53cda99bafc74c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

UXInit.pdb

Imports

msvcrt

memcmp
memcpy
_XcptFilter
_vsnwprintf
memmove
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
rand_s
wcschr
_wcsicmp
wcsrchr
memcpy_s
free
_amsg_exit
memset

api-ms-win-core-processthreads-l1-1-2

OpenProcessToken
OpenThreadToken
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
SetThreadToken
TerminateProcess
GetCurrentProcess
ExitThread

api-ms-win-core-errorhandling-l1-1-1

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-synch-l1-2-0

ResetEvent
Sleep
CreateSemaphoreExW
CreateEventW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-2-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-memory-l1-1-2

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-kernel32-legacy-l1-1-1

UnregisterWait
RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

ntdll

RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
RtlUnhandledExceptionFilter
NtCreateSection
NtOpenSection
NtConnectPort
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtClose
NtSetInformationThread
NtDuplicateToken
RtlImageNtHeader
NtQuerySystemInformation
RtlNtStatusToDosError
NtCreateEvent
RtlInitUnicodeString
NtRequestWaitReplyPort
EtwEventUnregister
EtwEventRegister
RtlDecompressBufferEx

user32

GetDpiForMonitorInternal
IsProcessDPIAware
GetDC
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetThreadDesktop
ReleaseDC
EnumDisplayDevicesW
EnumDisplaySettingsW
SystemParametersInfoW
GetSystemMetrics
GetWindowDC
EnumDisplayMonitors

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
SizeofResource
LoadLibraryExW
FindResourceExW
GetProcAddress
LoadResource
LockResource
GetModuleHandleW

api-ms-win-core-file-l1-2-1

ReadFile
GetFileSize
WriteFile
SetFilePointer
CreateFileW

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegEnumValueW
RegCloseKey
RegDeleteValueW
RegOpenCurrentUser
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

api-ms-win-eventing-provider-l1-1-0

EventWrite

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrlenW

api-ms-win-core-localization-obsolete-l1-3-0

GetUserDefaultUILanguage

api-ms-win-shcore-scaling-l1-1-1

UnregisterScaleChangeEvent
RegisterScaleChangeEvent

gdi32

SetBitmapAttributes
CreateDIBSection
CreateSessionMappedDIBSection
DeleteObject
GetDeviceCaps
ClearBitmapAttributes

Exports

Exports

ThemeUserLogoff
ThemeUserLogon
ThemeUserStartShell
ThemeUserTSReconnect
ThemeWatchForStart
ThemesOnCreateSession
ThemesOnDisconnect
ThemesOnEarlyCreateSession
ThemesOnLogoff
ThemesOnLogon
ThemesOnReconnect
ThemesOnTerminateSession

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uxstyle1507.exe
.exe windows:5 windows x86 arch:x86

963226e6bbe29f87aa49b92b4ae9a4f1

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:e2:b6:98:76:9f:ba:3f:4f:f9:08:34:be:f0:f2:a6:64
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

08/09/2014, 14:55

Not After

09/10/2015, 14:55

Subject

CN=The Within Network\, LLC,O=The Within Network\, LLC,L=Purcellville,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:4b:19:d8:f1:52:ff:00:ee:93:4b:90:3e:0b:fe:5b:4f:be:d8:e6
Signer

Actual PE Digest

02:4b:19:d8:f1:52:ff:00:ee:93:4b:90:3e:0b:fe:5b:4f:be:d8:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\src\wix39r2\build\ship\x86\burn.pdb

Imports

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegCloseKey
RegQueryValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
QueryServiceConfigW
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegOpenKeyExW

user32

GetMessageW
PeekMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
TranslateMessage
DefWindowProcW
RegisterClassW
UnregisterClassW
CreateWindowExW
MessageBoxW
GetCursorPos
GetWindowLongW
SetWindowLongW
DispatchMessageW
LoadCursorW
IsDialogMessageW
MonitorFromPoint
GetMonitorInfoW
PostThreadMessageW
MsgWaitForMultipleObjects
LoadBitmapW

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

gdi32

SelectObject
DeleteObject
GetObjectW
StretchBlt
CreateCompatibleDC
DeleteDC

shell32

ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoInitializeEx
CoUninitialize
CoInitializeSecurity
CLSIDFromProgID
CoInitialize
CoTaskMemFree
CoCreateInstance
StringFromGUID2

kernel32

VerSetConditionMask
FreeLibrary
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
lstrlenW
GetModuleHandleExW
GetSystemDirectoryW
GetTempPathW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetComputerNameW
VerifyVersionInfoW
GetVolumePathNameW
CompareStringW
GetDateFormatW
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ExpandEnvironmentStringsW
GetFileAttributesW
ReadFile
SetFilePointerEx
CreateFileW
CreateProcessW
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
LoadLibraryW
lstrlenA
RemoveDirectoryW
CreateEventW
GetCurrentProcessId
ProcessIdToSessionId
LocalFree
OpenProcess
GetProcessId
WaitForSingleObject
WriteFile
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
GetVersionExW
SetFileAttributesW
FindFirstFileW
FindNextFileW
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
CompareStringA
SetCurrentDirectoryW
GetCurrentDirectoryW
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
GetLastError
GetCurrentThreadId
VirtualFree
VirtualAlloc
MoveFileExW
CopyFileW
DeleteFileW
GetFileSizeEx
GlobalFree
GlobalAlloc
GetModuleHandleA
GetCurrentProcess
HeapSetInformation
GetFullPathNameW
CreateDirectoryW
TlsAlloc
CloseHandle
Sleep
ReleaseMutex
DeleteCriticalSection
FindClose
InitializeCriticalSection
TerminateProcess
InitializeCriticalSectionAndSpinCount
GetTempFileNameW
FormatMessageW
GetLocalTime
SetFilePointer
FlushFileBuffers
WriteConsoleW
SetStdHandle
LCMapStringW
HeapSize
HeapReAlloc
GetConsoleMode
GetConsoleCP
OutputDebugStringW
RtlUnwind
LoadLibraryExW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
HeapFree
RaiseException
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
HeapAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
GetCommandLineW
SetLastError
EncodePointer
DecodePointer
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW

cabinet

ord20
ord23
ord22

crypt32

CertGetCertificateContextProperty
CryptHashPublicKeyInfo

msi

ord238
ord111
ord173
ord45
ord205
ord90
ord141
ord169
ord70
ord88
ord190
ord171
ord118
ord115
ord125
ord17
ord137
ord116
ord8

rpcrt4

UuidCreate

wininet

InternetErrorDlg
InternetOpenW
InternetConnectW
InternetCloseHandle
InternetReadFile
InternetSetOptionW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
InternetCrackUrlW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathCanonicalizeW

Sections

.text
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uxtheme.dll.tmp
.dll windows:10 windows x64 arch:x64

fef614feb9b293798156ec8572866a15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

UxTheme.pdb

Imports

msvcrt

fflush
fputws
fwprintf
memmove
??1type_info@@UEAA@XZ
_CxxThrowException
atan
cos
floor
fmodf
memcmp
rand
_purecall
free
wcschr
memset
wcscspn
_snwprintf_s
_wtof
_wtoi
_wcsicmp
_wsplitpath_s
wcstol
_vsnwprintf
memcpy_s
pow
_XcptFilter
_amsg_exit
malloc
_initterm
sqrt
__C_specific_handler
_lock
_unlock
__dllonexit
_onexit
__CxxFrameHandler3
bsearch_s
memcpy
rand_s
wcscmp

api-ms-win-core-libraryloader-l1-2-0

LockResource
GetModuleFileNameW
SizeofResource
DisableThreadLibraryCalls
LoadStringW
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameA
LoadResource
FindResourceExW
FreeLibrary
FreeLibraryAndExitThread

api-ms-win-core-synch-l1-2-0

CreateSemaphoreExW
ReleaseSRWLockShared
InitOnceComplete
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
Sleep
InitOnceBeginInitialize
WaitForSingleObject
AcquireSRWLockExclusive
InitializeCriticalSection
ReleaseMutex
CreateMutexW
ReleaseSRWLockExclusive
AcquireSRWLockShared
EnterCriticalSection
InitializeSRWLock
LeaveCriticalSection

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
GetSystemInfo
GetVersionExW

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
OpenProcessToken
TlsGetValue
GetCurrentProcessId
TerminateProcess
TlsSetValue
TlsFree
CreateThread
SetThreadPriority
ResumeThread
OpenThreadToken
GetCurrentProcess
SetThreadToken
GetCurrentThread
TlsAlloc

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-file-l1-2-1

GetFullPathNameW
GetFileTime
SetFilePointer
GetFileAttributesW
GetFileSize
FindFirstFileW
FindNextFileW
FindClose
CreateFileW
ReadFile

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringOrdinal
MultiByteToWideChar
CompareStringW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-error-l1-1-1

RoOriginateErrorW
RoOriginateError

api-ms-win-security-base-l1-2-0

ImpersonateLoggedOnUser
RevertToSelf
GetTokenInformation
IsValidSid
GetLengthSid
CopySid
CheckTokenMembership
SetKernelObjectSecurity

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenCurrentUser
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
RegGetValueW

api-ms-win-core-memory-l1-1-2

CreateFileMappingW
MapViewOfFile
OpenFileMappingW
VirtualAlloc
VirtualFree
UnmapViewOfFile

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-localization-l1-2-1

FormatMessageW
GetACP

api-ms-win-core-debug-l1-1-1

OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-rtlsupport-l1-2-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-heap-l1-2-0

HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
HeapCreate

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
ActivateActCtx
DeactivateActCtx
CreateActCtxW

api-ms-win-core-atoms-l1-1-0

DeleteAtom
AddAtomW
GetAtomNameW

api-ms-win-core-kernel32-legacy-l1-1-1

MulDiv

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW
lstrlenW

api-ms-win-core-shlwapi-obsolete-l1-2-0

StrRStrIW

api-ms-win-core-localization-obsolete-l1-3-0

GetUserDefaultUILanguage

ntdll

wcsspn
wcstok_s
strchr
SbSelectProcedure
NtCreateSection
NtOpenSection
NtClose
NtConnectPort
RtlInitUnicodeString
NtRequestWaitReplyPort
RtlInitializeCriticalSection
RtlGetThreadLangIdByIndex
EtwEventSetInformation
EtwEventWriteTransfer
EtwEventUnregister
EtwEventRegister
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlInitializeSRWLock
EtwEventWrite
wcstoul

gdi32

SelectClipPath
ClearBitmapAttributes
CreateSessionMappedDIBSection
GetBoundsRect
SetBoundsRect
GdiTransparentBlt
PatBlt
GetTextMetricsW
StrokeAndFillPath
AbortPath
ExtCreatePen
CombineRgn
ExtCreateRegion
SetDIBits
SetBrushOrgEx
GetClipBox
RectVisible
CreatePatternBrush
GetDIBits
GetTextAlign
SetTextAlign
SetBitmapAttributes
GetViewportOrgEx
GetWindowOrgEx
GetCurrentObject
GetRgnBox
SetBkMode
SetTextColor
GdiDrawStream
GetRegionData
SetLayout
Arc
GdiGradientFill
PtInRegion
CreateFontIndirectW
StretchBlt
SetStretchBltMode
GdiAlphaBlend
CreateRectRgnIndirect
SetWindowOrgEx
SetViewportOrgEx
GdiFlush
GetDeviceCaps
OffsetRgn
LPtoDP
GetRandomRgn
GetLayout
DeleteDC
CreateDIBSection
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
ExcludeClipRect
GetObjectType
PathToRegion
GetBkColor
ExtTextOutW
SetBkColor
SelectClipRgn
BitBlt
Ellipse
EndPath
BeginPath
RoundRect
Rectangle
GetStockObject
CreateSolidBrush
CreatePen
IntersectClipRect
CreateRectRgn
GetClipRgn
SelectObject
CreateDIBitmap
DeleteObject

user32

EnumDisplayMonitors
GetDpiForMonitorInternal
EnumDisplaySettingsW
EnumDisplayDevicesW
IsProcessDPIAware
GetThreadDesktop
GetClassLongPtrW
SendMessageTimeoutW
GetMenuInfo
IsMenu
CallNextHookEx
AllowSetForegroundWindow
IsWindow
UnhookWindowsHookEx
SetWindowsHookExW
GetShellWindow
FindWindowW
GetWindowPlacement
AdjustWindowRectEx
SystemParametersInfoA
RegisterDManipHook
RegisterUserApiHook
CopyImage
SetMenuItemInfoW
GetWindowDPI
FillRect
DrawMenuBar
GetWindowDC
SetRect
IntersectRect
IsRectEmpty
GetMenuItemCount
GetMenuBarInfo
GetKeyState
GetMessagePos
ReleaseDC
DrawTextExW
MonitorFromRect
IsServerSideWindow
DefFrameProcW
ValidateRect
GetWindowRect
GetSysColorBrush
MapWindowPoints
OffsetRect
EqualRect
SetTimer
KillTimer
RedrawWindow
WindowFromDC
PaintMenuBar
IsWindowRedirectedForPrint
IsWindowVisible
PtInRect
DrawIconEx
DrawEdge
ClientToScreen
GetCapture
DispatchMessageW
ReleaseCapture
PeekMessageW
MsgWaitForMultipleObjectsEx
SetCapture
DrawTextW
DestroyIcon
GetSystemMetrics
LoadIconW
GetWindowTextW
CopyRect
InternalGetWindowText
InflateRect
CalcMenuBar
SetRectEmpty
GetProcessWindowStation
SetWindowRgn
IsWindowInDestroy
InvalidateRect
GetWindowRgnBox
GetForegroundWindow
IsIconic
GetUserObjectInformationW
GetWindowInfo
GetParent
SendNotifyMessageW
GetWindowLongPtrW
SystemParametersInfoW
CreateIconIndirect
GetIconInfo
GetMenuItemInfoW
GetSystemMenu
GetTitleBarInfo
IsZoomed
GetMonitorInfoW
GetSysColor
IsTopLevelWindow
IsWindowBroadcastingDpiToChildren
MonitorFromWindow
IsChildWindowDpiMessageEnabled
SendMessageW
GetAncestor
GetDpiMetrics
GetClientRect
GetClassLongW
SetWindowPos
IsThreadDesktopComposited
TrackMouseEvent
CallWindowProcW
SetWindowLongW
SetWindowLongPtrW
GetWindowLongW
DefWindowProcW
GetDCEx
IsChild
GetWindowThreadProcessId
PostMessageW
ord2525
ord2527
GetDesktopWindow
GetPropW
GetDC
SetPropW
RemovePropW
GetWindow
SetSysColors
SetProcessDPIAware
EnumChildWindows
GetClassNameW
EnumDesktopsW
CloseDesktop
EnumDesktopWindows
OpenDesktopW
GetGUIThreadInfo

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

BeginBufferedAnimation
BeginBufferedPaint
BeginPanningFeedback
BufferedPaintClear
BufferedPaintInit
BufferedPaintRenderAnimation
BufferedPaintSetAlpha
BufferedPaintStopAllAnimations
BufferedPaintUnInit
CloseThemeData
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DrawThemeBackground
DrawThemeBackgroundEx
DrawThemeEdge
DrawThemeIcon
DrawThemeParentBackground
DrawThemeParentBackgroundEx
DrawThemeText
DrawThemeTextEx
EnableThemeDialogTexture
EnableTheming
EndBufferedAnimation
EndBufferedPaint
EndPanningFeedback
GetBufferedPaintBits
GetBufferedPaintDC
GetBufferedPaintTargetDC
GetBufferedPaintTargetRect
GetColorFromPreference
GetCurrentThemeName
GetImmersiveColorFromColorSetEx
GetImmersiveUserColorSetPreference
GetThemeAnimationProperty
GetThemeAnimationTransform
GetThemeAppProperties
GetThemeBackgroundContentRect
GetThemeBackgroundExtent
GetThemeBackgroundRegion
GetThemeBitmap
GetThemeBool
GetThemeColor
GetThemeDocumentationProperty
GetThemeEnumValue
GetThemeFilename
GetThemeFont
GetThemeInt
GetThemeIntList
GetThemeMargins
GetThemeMetric
GetThemePartSize
GetThemePosition
GetThemePropertyOrigin
GetThemeRect
GetThemeStream
GetThemeString
GetThemeSysBool
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysFont
GetThemeSysInt
GetThemeSysSize
GetThemeSysString
GetThemeTextExtent
GetThemeTextMetrics
GetThemeTimingFunction
GetThemeTransitionDuration
GetUserColorPreference
GetWindowTheme
HitTestThemeBackground
IsAppThemed
IsCompositionActive
IsThemeActive
IsThemeBackgroundPartiallyTransparent
IsThemeDialogTextureEnabled
IsThemePartDefined
OpenThemeData
OpenThemeDataEx
SetThemeAppProperties
SetWindowTheme
SetWindowThemeAttribute
ThemeInitApiHook
UpdatePanningFeedback

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96ab939b3b55d317ed1968d099ccc72c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

Sections

.text Size: 37KB - Virtual size: 36KB

.data Size: 512B - Virtual size: 224B

.rdata Size: 42KB - Virtual size: 41KB

.bss Size: - Virtual size: 127KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 512B - Virtual size: 164KB

.rsrc Size: 71KB - Virtual size: 71KB

.reloc Size: 2KB - Virtual size: 2KB

6bcef5c7392f7360db57c0f16c2c06f5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: - Virtual size: 148B

.rsrc Size: 1024B - Virtual size: 840B

.reloc Size: 1024B - Virtual size: 618B

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 662B

3b477381217c97b22146297f93df2a92

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 638B

68b7023f8923dd087549802f8fa631c3

Headers

DLL Characteristics

File Characteristics

.text
Size: 37KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 224B

.rdata
Size: 42KB - Virtual size: 41KB

.bss
Size: - Virtual size: 127KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 512B - Virtual size: 164KB

.rsrc
Size: 71KB - Virtual size: 71KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: - Virtual size: 148B

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 1024B - Virtual size: 618B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 638B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 420B

.text
Size: 1024B - Virtual size: 738B

.data
Size: - Virtual size: 20B

.reloc
Size: 512B - Virtual size: 92B

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

e4:5a:d3:fe:e6:02:f4:55:7f:8c:d6:a5:af:78:36:2e:2e:f7:4c:fe:f8:80:9b:ea:82:2c:70:76:61:74:3d:ea
Signer

.text
Size: 383KB - Virtual size: 382KB

.rdata
Size: 93KB - Virtual size: 93KB

.data
Size: 3KB - Virtual size: 6KB

.pdata
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 145KB - Virtual size: 145KB

.reloc
Size: 3KB - Virtual size: 2KB