D:\code\workspace\yebaoinstall\output\YeBaoInstall.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-06-14_d764cbaf61c80a24a15ca11166463d0d_magniber_revil.exe
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-06-14_d764cbaf61c80a24a15ca11166463d0d_magniber_revil.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
2024-06-14_d764cbaf61c80a24a15ca11166463d0d_magniber_revil
-
Size
3.7MB
-
MD5
d764cbaf61c80a24a15ca11166463d0d
-
SHA1
8ddfd0d86187f6a443ef8a4b8e0284e471df278c
-
SHA256
077ed7608546d13fd4e70618ac19e5407211af2e977470eac78c7078233d64ba
-
SHA512
0bc65f600a699cddd9fdf55593edcddd57594354c4669a40a9f836fb8c5c4051eb42396c3639c4e7ddc072470e230c687a8ea351d62d82e101ab7593a62a2c90
-
SSDEEP
49152:18Zp4yQ0q6mzxJCV1S90JJdInwO+PlXKiR0piAipMAdTMKjPvZcVeTeqLG:1qp4FCy90JJdInwPXKaiiLpMeDZc
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-06-14_d764cbaf61c80a24a15ca11166463d0d_magniber_revil
Files
-
2024-06-14_d764cbaf61c80a24a15ca11166463d0d_magniber_revil.exe windows:6 windows x86 arch:x86
261f9ff695fe641fc72fa433e5051094
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
utilities
??1?$TStringT@DUchar_traits@SOUI@@@SOUI@@QAE@XZ
??0?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAE@XZ
??0?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAE@PB_W@Z
??1?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAE@XZ
?GetLength@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QBEHXZ
?IsEmpty@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QBE_NXZ
??B?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QBEPB_WXZ
??4?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAEAAV01@ABV01@@Z
?Find@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QBEHPB_WH@Z
?Format@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAA?AV12@PB_WZZ
?SetAttribute@?$SObjectImpl@UIObject@SOUI@@@SOUI@@UAEJABV?$TStringT@DUchar_traits@SOUI@@@2@0H@Z
?SetAttribute@?$SObjectImpl@UIObject@SOUI@@@SOUI@@UAEJPBD0H@Z
?GetObjectType@?$SObjectImpl@UIObject@SOUI@@@SOUI@@UBEHXZ
?OnInitFinished@?$SObjectImpl@UIObject@SOUI@@@SOUI@@UAEXVxml_node@pugi@@@Z
?SafeStrlen@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@SAHPB_W@Z
?ConcatCopy@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@IAE_NHPB_WH0@Z
??0?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAE@ABV01@@Z
??4?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAEAAV01@PB_W@Z
?SouiCalloc@soui_mem_wrapper@SOUI@@SAPAXII@Z
??0?$TStringT@DUchar_traits@SOUI@@@SOUI@@QAE@PBD@Z
?GetData@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@IBEPAUTStringData@2@XZ
?GetData@?$TStringT@DUchar_traits@SOUI@@@SOUI@@IBEPAUTStringData@2@XZ
?Mid@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QBE?AV12@HH@Z
??A?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QBE_WH@Z
?Mid@?$TStringT@DUchar_traits@SOUI@@@SOUI@@QBE?AV12@HH@Z
??B?$TStringT@DUchar_traits@SOUI@@@SOUI@@QBEPBDXZ
??A?$TStringT@DUchar_traits@SOUI@@@SOUI@@QBEDH@Z
?GetLength@?$TStringT@DUchar_traits@SOUI@@@SOUI@@QBEHXZ
?SouiFree@soui_mem_wrapper@SOUI@@SAXPAX@Z
soui
?OnFinalMessage@CSimpleWnd@SOUI@@MAEXPAUHWND__@@@Z
?SetCurSel@STabCtrl@SOUI@@QAEHH@Z
?GetObjectClass@SHostDialog@SOUI@@UBEPB_WXZ
?GetObjectType@SHostDialog@SOUI@@UBEHXZ
?IsClass@SHostDialog@SOUI@@UBEHPB_W@Z
?GetMsgLoop@SHostDialog@SOUI@@MAEPAVSMessageLoop@2@XZ
?_HandleEvent@SHostDialog@SOUI@@UAEHPAVEventArgs@2@@Z
??0SHostDialog@SOUI@@QAE@PB_W@Z
??1SHostDialog@SOUI@@UAE@XZ
?ReflectNotifications@CSimpleWnd@SOUI@@QAEJIIJAAH@Z
?DoModalEx@SHostDialog@SOUI@@UAEHPAUHWND__@@@Z
?EndDialog@SHostDialog@SOUI@@UAEXH@Z
?OnOK@SHostDialog@SOUI@@IAEXXZ
?OnCancel@SHostDialog@SOUI@@IAEXXZ
?Move@SWindow@SOUI@@QAEXHHHH@Z
?RegisterSystemObjects@SApplication@SOUI@@MAEXXZ
??0SObjectDefaultRegister@SOUI@@QAE@XZ
?CreateResProvider@SOUI@@YAHW4BUILTIN_RESTYPE@1@PAPAUIObjRef@@@Z
?Create@SHostWnd@SOUI@@QAEPAUHWND__@@PAU3@HHHH@Z
?CreateObject@SObjectFactoryMgr@SOUI@@UBEPAUIObject@2@ABVSObjectInfo@2@@Z
??0SApplication@SOUI@@QAE@PAUIRenderFactory@1@PAUHINSTANCE__@@PB_WABUISystemObjectRegister@1@H@Z
??1SApplication@SOUI@@UAE@XZ
?Run@SApplication@SOUI@@QAEHPAUHWND__@@@Z
?CreateWindowByName@SApplication@SOUI@@UBEPAVSWindow@2@PB_W@Z
?CreateSkinByName@SApplication@SOUI@@UBEPAVISkinObj@2@PB_W@Z
?CreateInterpolatorByName@SApplication@SOUI@@UBEPAUIInterpolator@2@PB_W@Z
?CreateAccProxy@SApplication@SOUI@@UBEPAUIAccProxy@2@PAVSWindow@2@@Z
?CreateAccessible@SApplication@SOUI@@UBEPAUIAccessible@@PAVSWindow@2@@Z
?AddResProvider@SResProviderMgr@SOUI@@QAEXPAUIResProvider@2@PB_W@Z
?CenterWindow@CSimpleWnd@SOUI@@QAEHPAUHWND__@@@Z
?GetClassNameW@SWindow@SOUI@@SAPB_WXZ
?GetObjectType@SWindow@SOUI@@UBEHXZ
?GetLayoutParam@SWindow@SOUI@@UBEPAUILayoutParam@2@XZ
?GetName@SWindow@SOUI@@UBEPB_WXZ
?GetID@SWindow@SOUI@@UBEHXZ
?IsSiblingsAutoGroupped@SWindow@SOUI@@UAEHXZ
?GetSelectedSiblingInGroup@SWindow@SOUI@@UAEPAV12@XZ
?IsClipClient@SWindow@SOUI@@UAEHXZ
?OnUpdateFloatPosition@SWindow@SOUI@@UAEXABVCRect@2@@Z
?SwndProc@SWindow@SOUI@@MAEHIIJAAJ@Z
?ProcessSwndMessage@SWindow@SOUI@@MAEHIIJAAJ@Z
?SetAttribute@SWindow@SOUI@@UAEJABV?$TStringT@_WUwchar_traits@SOUI@@@2@0H@Z
?GetClassNameW@SStatic@SOUI@@SAPB_WXZ
?GetClassNameW@SImageButton@SOUI@@SAPB_WXZ
?GetClassNameW@SImageWnd@SOUI@@SAPB_WXZ
?GetClassNameW@SProgress@SOUI@@SAPB_WXZ
?GetClassNameW@SCheckBox@SOUI@@SAPB_WXZ
?GetClassNameW@STabCtrl@SOUI@@SAPB_WXZ
?GetCurSel@STabCtrl@SOUI@@QAEHXZ
?GetClassNameW@SRichEdit@SOUI@@SAPB_WXZ
?GetObjectType@SwndContainerImpl@SOUI@@UBEHXZ
?FrameToHost@SwndContainerImpl@SOUI@@MAEXAAUtagRECT@@@Z
?GetAcceleratorMgr@SwndContainerImpl@SOUI@@MAEPAUIAcceleratorMgr@2@XZ
?DestroyWindow@CSimpleWnd@SOUI@@QAEHXZ
?SendMessageW@CSimpleWnd@SOUI@@QAEJIIJ@Z
?PostMessageW@CSimpleWnd@SOUI@@QAEHIIJ@Z
?ShowWindow@CSimpleWnd@SOUI@@QAEHH@Z
?GetObjectClass@SHostWnd@SOUI@@UBEPB_WXZ
?GetObjectType@SHostWnd@SOUI@@UBEHXZ
?IsClass@SHostWnd@SOUI@@UBEHPB_W@Z
?IsLayeredWindow@SHostWnd@SOUI@@MBEHXZ
?_HandleEvent@SHostWnd@SOUI@@UAEHPAVEventArgs@2@@Z
?ProcessWindowMessage@SHostWnd@SOUI@@UAEHPAUHWND__@@IIJAAJK@Z
?OnFinalRelease@?$TObjRefImpl2@UIObjRef@@VSWindow@SOUI@@@SOUI@@UAEXXZ
?getSingleton@?$SSingleton@VSApplication@SOUI@@@SOUI@@SAAAVSApplication@2@XZ
?Release@?$TObjRefImpl@UIObjRef@@@SOUI@@UAEJXZ
?AddRef@?$TObjRefImpl@UIObjRef@@@SOUI@@UAEJXZ
?getSingletonPtr@?$SSingleton@VSApplication@SOUI@@@SOUI@@SAPAVSApplication@2@XZ
??0SHostWnd@SOUI@@QAE@PB_W@Z
??1SHostWnd@SOUI@@UAE@XZ
?InitFromXml@SHostWnd@SOUI@@UAEHVxml_node@pugi@@@Z
?DestroyWindow@SHostWnd@SOUI@@QAEHXZ
?SetTimer@SHostWnd@SOUI@@QAEIII@Z
?KillTimer@SHostWnd@SOUI@@QAEHI@Z
?GetClientRect@SHostWnd@SOUI@@UBE?AVCRect@2@XZ
?OnFireEvent@SHostWnd@SOUI@@MAEHAAVEventArgs@2@@Z
?GetContainerRect@SHostWnd@SOUI@@MAE?AVCRect@2@XZ
?GetHostHwnd@SHostWnd@SOUI@@MAEPAUHWND__@@XZ
?GetTranslatorContext@SHostWnd@SOUI@@MBEABV?$TStringT@_WUwchar_traits@SOUI@@@2@XZ
?OnGetRenderTarget@SHostWnd@SOUI@@MAEPAUIRenderTarget@2@ABVCRect@2@K@Z
?OnReleaseRenderTarget@SHostWnd@SOUI@@MAEXPAUIRenderTarget@2@ABVCRect@2@K@Z
?OnRedraw@SHostWnd@SOUI@@MAEXABVCRect@2@@Z
?OnReleaseSwndCapture@SHostWnd@SOUI@@MAEHXZ
?OnSetSwndCapture@SHostWnd@SOUI@@MAEKK@Z
?IsTranslucent@SHostWnd@SOUI@@MBEHXZ
?IsSendWheel2Hover@SHostWnd@SOUI@@MBEHXZ
?OnCreateCaret@SHostWnd@SOUI@@MAEHKPAUHBITMAP__@@HH@Z
?OnShowCaret@SHostWnd@SOUI@@MAEHH@Z
?OnSetCaretPos@SHostWnd@SOUI@@MAEHHH@Z
?UpdateWindow@SHostWnd@SOUI@@MAEHXZ
?UpdateTooltip@SHostWnd@SOUI@@MAEXXZ
?RegisterTimelineHandler@SHostWnd@SOUI@@MAEHPAUITimelineHandler@2@@Z
?UnregisterTimelineHandler@SHostWnd@SOUI@@MAEHPAUITimelineHandler@2@@Z
?GetMsgLoop@SHostWnd@SOUI@@MAEPAVSMessageLoop@2@XZ
?GetScriptModule@SHostWnd@SOUI@@MAEPAUIScriptModule@2@XZ
?GetScale@SHostWnd@SOUI@@MBEHXZ
?BeforePaint@SHostWnd@SOUI@@MAEXPAUIRenderTarget@2@AAVSPainter@2@@Z
?AfterPaint@SHostWnd@SOUI@@MAEXPAUIRenderTarget@2@AAVSPainter@2@@Z
?UpdateLayout@SHostWnd@SOUI@@MAEXXZ
?OnLanguageChanged@SHostWnd@SOUI@@MAEJXZ
?OnScaleChanged@SHostWnd@SOUI@@MAEXH@Z
?RequestRelayout@SHostWnd@SOUI@@UAEXKH@Z
?onRootResize@SHostWnd@SOUI@@UAE_NPAVEventArgs@2@@Z
?SetValue@SProgress@SOUI@@QAEHH@Z
?DoModal@SHostDialog@SOUI@@UAEHPAUHWND__@@@Z
?GetWindowTextW@SWindow@SOUI@@UAE?AV?$TStringT@_WUwchar_traits@SOUI@@@2@H@Z
?SetWindowTextW@SWindow@SOUI@@UAEXPB_W@Z
?SetToolTipText@SWindow@SOUI@@UAEXPB_W@Z
?GetToolTipText@SWindow@SOUI@@UAE?AV?$TStringT@_WUwchar_traits@SOUI@@@2@XZ
?IsChecked@SWindow@SOUI@@QAEHXZ
?EnableWindow@SWindow@SOUI@@QAEXHH@Z
?SetVisible@SWindow@SOUI@@QAEXHH@Z
?GetClientRect@SWindow@SOUI@@UBEXPAUtagRECT@@@Z
?IsContainPoint@SWindow@SOUI@@UBEHABUtagPOINT@@H@Z
?OnColorize@SWindow@SOUI@@MAEXK@Z
?FindChildByName@SWindow@SOUI@@QAEPAV12@PB_WH@Z
?CreateChildren@SWindow@SOUI@@UAEHVxml_node@pugi@@@Z
?GetSelectedChildInGroup@SWindow@SOUI@@UAEPAV12@XZ
?OnSetCursor@SWindow@SOUI@@UAEHABVCPoint@2@@Z
?OnUpdateToolTip@SWindow@SOUI@@UAEHVCPoint@2@AAUSwndToolTipInfo@2@@Z
?OnStateChanging@SWindow@SOUI@@UAEXKK@Z
?OnStateChanged@SWindow@SOUI@@UAEXKK@Z
?OnContentChanged@SWindow@SOUI@@UAEXXZ
?tr@SWindow@SOUI@@UAE?AV?$TStringT@_WUwchar_traits@SOUI@@@2@ABV32@@Z
?SwndFromPoint@SWindow@SOUI@@UAEKVCPoint@2@H@Z
?FireEvent@SWindow@SOUI@@UAEHAAVEventArgs@2@@Z
?OnGetDlgCode@SWindow@SOUI@@UAEIXZ
?IsFocusable@SWindow@SOUI@@UAEHXZ
?OnNcHitTest@SWindow@SOUI@@UAEHVCPoint@2@@Z
?UpdateChildrenPosition@SWindow@SOUI@@UAEXXZ
?OnRelayout@SWindow@SOUI@@UAEHABVCRect@2@@Z
?GetChildrenLayoutRect@SWindow@SOUI@@UAE?AVCRect@2@XZ
?GetDesiredSize@SWindow@SOUI@@UAE?AVCSize@2@HH@Z
?GetDesiredSize@SWindow@SOUI@@UAE?AVCSize@2@PBUtagRECT@@@Z
?NeedRedrawWhenStateChange@SWindow@SOUI@@UAEHXZ
?GetTextRect@SWindow@SOUI@@UAEXPAUtagRECT@@@Z
?DrawTextW@SWindow@SOUI@@UAEXPAUIRenderTarget@2@PB_WHPAUtagRECT@@I@Z
?DrawFocus@SWindow@SOUI@@UAEXPAUIRenderTarget@2@@Z
?GetTrCtx@SWindow@SOUI@@UBEABV?$TStringT@_WUwchar_traits@SOUI@@@2@XZ
?CreateCaret@SWindow@SOUI@@UAEHPAUHBITMAP__@@HH@Z
?ShowCaret@SWindow@SOUI@@UAEXH@Z
?SetCaretPos@SWindow@SOUI@@UAEXHH@Z
?IsDrawToCache@SWindow@SOUI@@MBE_NXZ
?DefAttributeProc@SWindow@SOUI@@MAEJABV?$TStringT@_WUwchar_traits@SOUI@@@2@0H@Z
?AfterAttribute@SWindow@SOUI@@MAEJABV?$TStringT@_WUwchar_traits@SOUI@@@2@0HJ@Z
?GetAttribute@SWindow@SOUI@@MBE?AV?$TStringT@_WUwchar_traits@SOUI@@@2@ABV32@@Z
?RegisterDragDrop@SwndContainerImpl@SOUI@@MAEHKPAUIDropTarget@@@Z
?RevokeDragDrop@SwndContainerImpl@SOUI@@MAEHK@Z
?DoFrameEvent@SwndContainerImpl@SOUI@@MAEJIIJ@Z
?OnSetSwndFocus@SwndContainerImpl@SOUI@@MAEXK@Z
?OnGetSwndCapture@SwndContainerImpl@SOUI@@MAEKXZ
?GetFocus@SwndContainerImpl@SOUI@@MAEKXZ
?GetHover@SwndContainerImpl@SOUI@@MAEKXZ
?RegisterTrackMouseEvent@SwndContainerImpl@SOUI@@MAEHK@Z
?UnregisterTrackMouseEvent@SwndContainerImpl@SOUI@@MAEHK@Z
?MarkWndTreeZorderDirty@SwndContainerImpl@SOUI@@MAEXXZ
?BuildWndTreeZorder@SwndContainerImpl@SOUI@@MAEXXZ
?OnNextFrame@SwndContainerImpl@SOUI@@UAEXXZ
?GetLogManager@SApplication@SOUI@@QAEPAUILog4zManager@2@XZ
kernel32
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
HeapSize
GetTimeZoneInformation
HeapReAlloc
SetConsoleCtrlHandler
ReadConsoleW
FlushFileBuffers
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
GetCurrentThread
HeapFree
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
GetFileAttributesExW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
CompareFileTime
MoveFileExA
GetTickCount
VerifyVersionInfoW
GetSystemDirectoryW
VerSetConditionMask
SleepEx
GetVersionExW
SetFilePointer
ReadFile
WriteFile
GetFileSize
GetCommandLineW
SetFileTime
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
IsDebuggerPresent
GetCPInfo
CompareStringEx
GetStringTypeW
CreateSymbolicLinkW
GetFileInformationByHandleEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
InitOnceExecuteOnce
SetFileInformationByHandle
LCMapStringEx
GetLocaleInfoEx
LocalFree
EncodePointer
QueryPerformanceFrequency
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
FormatMessageA
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetNativeSystemInfo
GetExitCodeThread
SwitchToThread
WaitForSingleObjectEx
GetCurrentThreadId
SetLastError
MultiByteToWideChar
CopyFileW
FindResourceW
LoadResource
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
GetSystemTime
SystemTimeToFileTime
GetEnvironmentVariableW
ReadConsoleA
SetConsoleMode
SwitchToFiber
DeleteFiber
CreateFiber
FormatMessageW
GetCommandLineA
GetCurrentDirectoryW
LockResource
GetFullPathNameW
WriteConsoleW
SetEndOfFile
SetFileAttributesW
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
GetTempPathW
GlobalFree
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
GetLastError
CloseHandle
DecodePointer
DeleteCriticalSection
CreateProcessW
OutputDebugStringA
Sleep
OutputDebugStringW
GetCurrentProcessId
WideCharToMultiByte
GetModuleFileNameW
LoadLibraryW
SetCurrentDirectoryW
GetProcAddress
FreeLibrary
CreateDirectoryW
FindFirstFileW
FindNextFileW
DeviceIoControl
TerminateProcess
RemoveDirectoryW
FindClose
CreateFileW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
DeleteFileW
Process32FirstW
MoveFileExW
GetModuleHandleW
MoveFileW
SizeofResource
CreateMutexW
user32
UnregisterClassW
GetUserObjectInformationW
GetProcessWindowStation
wsprintfW
GetActiveWindow
PostMessageW
GetPropW
SendMessageW
MessageBoxW
EnumWindows
advapi32
CryptAcquireContextW
CryptSignHashW
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptGenRandom
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyKey
CryptGetKeyParam
CryptEnumProvidersW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
RegCloseKey
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
RegDeleteKeyW
RegCreateKeyExW
DeleteService
ControlService
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
OpenServiceW
RegQueryValueExW
shell32
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
SHGetSpecialFolderPathW
ole32
CoCreateInstance
CoUninitialize
CoInitialize
OleInitialize
OleUninitialize
CoTaskMemFree
oleaut32
SysFreeString
SysAllocString
VariantClear
shlwapi
PathRemoveExtensionW
PathRemoveFileSpecW
PathFindFileNameW
StrCmpW
PathCanonicalizeW
PathIsDirectoryW
PathFileExistsW
netapi32
NetApiBufferFree
NetWkstaGetInfo
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
wininet
InternetSetOptionW
wintrust
WinVerifyTrust
winhttp
WinHttpCrackUrl
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpConnect
ws2_32
gethostbyname
getnameinfo
htonl
WSACleanup
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
ntohl
gethostname
sendto
listen
ioctlsocket
__WSAFDIsSet
recvfrom
freeaddrinfo
getaddrinfo
select
accept
closesocket
recv
send
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
shutdown
crypt32
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertOpenSystemStoreA
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertGetIntendedKeyUsage
CertCloseStore
wldap32
ord219
ord133
ord216
ord14
ord46
ord142
ord79
ord208
ord167
ord127
ord27
ord26
ord147
ord301
ord73
ord117
ord41
ord145
Sections
.text Size: 2.6MB - Virtual size: 2.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 625KB - Virtual size: 625KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 397KB - Virtual size: 396KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 104KB - Virtual size: 103KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ