NcaSvc.pdb
Static task
static1
1 signatures
General
-
Target
WebCruiserPro.rar
-
Size
3.8MB
-
MD5
dca7f33d768a81e62fa5b3a36b115904
-
SHA1
d1a4a95d895214f8de3534123c0e4cb2e596bafd
-
SHA256
a5d75866a30e38a63b2241e393a5e7395c0f98d3f6254eac5e7da1ae86942e0c
-
SHA512
27b37350edc5bae10ed1b11bc8f459ed78a8736189e8eb3351174a1f38cde0bc02f002001cbe13602f3809545338770f3fa049cf26a08b42c18d9569b8b39ebf
-
SSDEEP
98304:JwyJMuDBQ1JLGbpO5lq0QmPEpRwqyFOlIBQRtt0G64:1Jbrpoq0URzhdRtt0y
Score
3/10
Malware Config
Signatures
-
Unsigned PE 8 IoCs
Checks for missing Authenticode signature.
resource unpack001/WebCruiserPro/WebCruiserPro/Interop.SHDocVw.dll unpack001/WebCruiserPro/WebCruiserPro/NcaSvc.dll unpack001/WebCruiserPro/WebCruiserPro/WebCruiserWVS.exe unpack001/WebCruiserPro/WebCruiserPro/lib/Interop.SHDocVw.dll unpack001/WebCruiserPro/WebCruiserPro/lib/Ionic.Zip.dll unpack001/WebCruiserPro/WebCruiserPro/lib/Launcher.exe unpack001/WebCruiserPro/WebCruiserPro/lib/wcw.exe unpack001/WebCruiserPro/WebCruiserPro/mstscax.dll
Files
-
WebCruiserPro.rar.rar
-
WebCruiserPro/WebCruiserPro/Interop.SHDocVw.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 124KB - Virtual size: 120KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
WebCruiserPro/WebCruiserPro/NcaSvc.dll.dll windows:10 windows x64 arch:x64
be040105def20e0c8f67a8a06bf21b12
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
malloc
memset
_wcsnicmp
free
_amsg_exit
_XcptFilter
_vsnprintf_s
wcschr
_wcsicmp
_vsnwprintf
strchr
__C_specific_handler
memcpy
_initterm
wcscmp
api-ms-win-eventing-classicprovider-l1-1-0
GetTraceEnableLevel
UnregisterTraceGuids
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceMessage
GetTraceEnableFlags
api-ms-win-core-synch-l1-1-0
AcquireSRWLockExclusive
SetEvent
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
WaitForSingleObjectEx
CreateEventW
ReleaseSRWLockShared
SetWaitableTimer
DeleteCriticalSection
WaitForSingleObject
ResetEvent
InitializeSRWLock
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
CreateWaitableTimerW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-threadpool-l1-2-0
CreateThreadpoolWork
SubmitThreadpoolWork
LeaveCriticalSectionWhenCallbackReturns
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CloseThreadpoolWork
CloseThreadpoolTimer
api-ms-win-eventing-provider-l1-1-0
EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister
api-ms-win-service-core-l1-1-0
RegisterServiceCtrlHandlerExW
SetServiceStatus
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError
api-ms-win-core-processthreads-l1-1-0
CreateProcessAsUserW
QueueUserAPC
CreateProcessW
TerminateProcess
GetCurrentProcessId
ResumeThread
GetCurrentProcess
GetCurrentThreadId
SetThreadToken
OpenProcessToken
GetCurrentThread
OpenThreadToken
CreateThread
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
LoadStringW
oleaut32
SysFreeString
VariantInit
SysAllocString
VariantClear
api-ms-win-core-com-l1-1-0
CoInitializeEx
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
ws2_32
GetAddrInfoW
WSACleanup
InetPtonW
WSAStartup
FreeAddrInfoW
iphlpapi
IcmpCloseHandle
Icmp6SendEcho2
NotifyIpInterfaceChange
Icmp6CreateFile
FreeMibTable
CreateSortedAddressPairs
CancelMibChangeNotify2
GetAdaptersAddresses
NotifyUnicastIpAddressChange
NotifyRouteChange2
api-ms-win-security-sddl-l1-1-0
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
api-ms-win-security-base-l1-1-0
DuplicateTokenEx
GetLengthSid
RevertToSelf
EqualSid
GetTokenInformation
CopySid
CheckTokenMembership
AccessCheck
rpcrt4
RpcServerInqBindings
RpcServerRegisterIfEx
RpcEpUnregister
RpcStringFreeW
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
Ndr64AsyncServerCallAll
NdrServerCallAll
NdrAsyncServerCall
NdrServerCall2
RpcBindingVectorFree
RpcServerUnregisterIfEx
I_RpcBindingIsClientLocal
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcBindingInqAuthClientW
UuidEqual
RpcEpRegisterW
RpcServerUseProtseqW
RpcAsyncCompleteCall
RpcAsyncAbortCall
RpcImpersonateClient
RpcRevertToSelf
api-ms-win-core-file-l1-1-0
WriteFile
ReadFile
CreateFileW
GetTempFileNameW
GetLongPathNameW
SetFilePointer
api-ms-win-core-file-l1-2-0
GetTempPathW
userenv
DestroyEnvironmentBlock
CreateEnvironmentBlock
RegisterGPNotification
UnregisterGPNotification
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
api-ms-win-service-management-l1-1-0
CloseServiceHandle
OpenSCManagerW
OpenServiceW
api-ms-win-service-management-l2-1-0
NotifyServiceStatusChangeW
api-ms-win-core-synch-l1-2-0
InitializeConditionVariable
Sleep
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
SleepConditionVariableCS
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlCompareMemory
winhttp
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpSendRequest
WinHttpSetStatusCallback
WinHttpCloseHandle
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount64
GetSystemTime
dnsapi
DnsFreePolicyConfig
DnsGetPolicyTableInfo
sspicli
FreeContextBuffer
GetUserNameExW
DeleteSecurityContext
InitializeSecurityContextW
QuerySecurityPackageInfoW
FreeCredentialsHandle
AcquireCredentialsHandleW
RevertSecurityContext
ImpersonateSecurityContext
AcceptSecurityContext
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-registry-l1-1-0
RegOpenKeyExW
RegCreateKeyExW
RegEnumValueW
RegCloseKey
RegNotifyChangeKeyValue
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapAlloc
HeapFree
api-ms-win-core-debug-l1-1-0
OutputDebugStringA
bcrypt
BCryptGetFipsAlgorithmMode
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-shlwapi-legacy-l1-1-0
PathCanonicalizeW
ntdll
EtwTraceMessage
RtlIpv6AddressToStringW
WinSqmIsOptedIn
WinSqmSetDWORD
umpdc
PdcNotificationClientUnregister
PdcNotificationClientRegister
api-ms-win-security-lsalookup-l1-1-0
LookupAccountSidLocalW
httpprxp
ProxyHelperProviderConnectToServer
ProxyHelperProviderRegisterForEventNotification
ProxyHelperProviderUnregisterEventNotification
ProxyHelperProviderDisconnectFromServer
kernel32
GetComputerNameW
CreateJobObjectW
RegisterWaitForSingleObject
UnregisterWaitEx
TerminateJobObject
UnregisterWait
AssignProcessToJobObject
fwpuclnt
FwpmNetEventSubscribe4
FwpmNetEventUnsubscribe0
FwpmEngineClose0
FwpmEngineOpen0
firewallapi
FWChangeNotificationDestroy
FWChangeNotificationCreate
Exports
Exports
ServiceMain
SvchostPushServiceGlobals
Sections
.text Size: 113KB - Virtual size: 113KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 596B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
WebCruiserPro/WebCruiserPro/Readme.html.html
-
WebCruiserPro/WebCruiserPro/WebCruiser.png.png
-
WebCruiserPro/WebCruiserPro/WebCruiser01.png.png
-
WebCruiserPro/WebCruiserPro/WebCruiserWVS.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 254KB - Virtual size: 254KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
WebCruiserPro/WebCruiserPro/lib/Interop.SHDocVw.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 124KB - Virtual size: 120KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
WebCruiserPro/WebCruiserPro/lib/Ionic.Zip.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 478KB - Virtual size: 477KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
WebCruiserPro/WebCruiserPro/lib/LICENCE.dat.zip
-
WebCruiserPro/WebCruiserPro/lib/Launcher.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
WebCruiserPro/WebCruiserPro/lib/Readme.html.html
-
WebCruiserPro/WebCruiserPro/lib/WebCruiser.png.png
-
WebCruiserPro/WebCruiserPro/lib/WebCruiser01.png.png
-
WebCruiserPro/WebCruiserPro/lib/wcw.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Data\U2\Program\WebCruiserWVS\WebCruiserWVS\obj\Release\WebCruiserWVS.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 386KB - Virtual size: 386KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
WebCruiserPro/WebCruiserPro/mstscax.dll.dll regsvr32 windows:10 windows x64 arch:x64
6040dc80a09960397e448f384516c856
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
mstscax.pdb
Imports
msvcrt
_ultow
wcsncat_s
wcstoul
wcsftime
tolower
towupper
_itow_s
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
??0exception@@QEAA@XZ
_ltow
printf
isalpha
??1exception@@UEAA@XZ
memcpy
memcmp
_wfopen_s
log10f
log10
log
floorf
floor
exp
cos
_waccess_s
_wfopen
vswprintf_s
wcsnlen
swscanf_s
wcschr
_strnicmp
_strlwr_s
_vsnprintf
memcpy_s
wcstol
iswdigit
iswspace
toupper
wcstombs_s
_wcsnicmp
wcstok
wcsrchr
realloc
wcscat_s
wcsncmp
bsearch
isdigit
memchr
wcsstr
vsprintf_s
_resetstkoflw
towlower
swprintf_s
_aligned_free
memmove
memset
pow
sin
sqrt
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_aligned_malloc
_XcptFilter
free
_callnewh
time
gmtime
srand
rand
fclose
fprintf
fwrite
_wtoi
__CxxFrameHandler3
wcstok_s
_itoa_s
wcscspn
sprintf_s
_ltow_s
memmove_s
_stricmp
_vscwprintf
wcsncpy_s
malloc
_wcsicmp
_vsnwprintf
wcscpy_s
calloc
strtok_s
_wtol
strncmp
iswalnum
wcspbrk
_wcslwr
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_errno
_purecall
ceilf
ceil
atan2
_CxxThrowException
wcscmp
ntdll
RtlFreeUnicodeString
NtSetInformationFile
RtlStringFromGUID
RtlAreBitsSet
RtlClearBits
RtlInitializeBitMap
RtlFindClearBitsAndSet
RtlNtStatusToDosError
RtlInitString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtDeviceIoControlFile
NtClose
NtReadFile
NtWriteFile
RtlEnumerateGenericTableWithoutSplaying
RtlLookupElementGenericTable
RtlDeleteElementGenericTable
RtlInsertElementGenericTable
RtlEnumerateGenericTable
RtlInitializeGenericTable
NtOpenSection
RtlAppendUnicodeToString
NtDuplicateObject
RtlGetLastNtStatus
RtlVerifyVersionInfo
kernel32
LocalAlloc
ExpandEnvironmentStringsW
CreateTimerQueueTimer
GetACP
CompareStringW
TryAcquireSRWLockExclusive
DeleteTimerQueueTimer
LocalFree
LoadLibraryA
K32GetModuleFileNameExW
IsDBCSLeadByte
CreateDirectoryW
TerminateThread
lstrcmpA
GetVersion
GetModuleHandleA
LoadLibraryExW
CreateFileW
DuplicateHandle
DeleteFileW
GetFileAttributesW
SetFileAttributesW
SetFilePointer
WriteFile
ReadFile
CreateMutexW
GetDiskFreeSpaceW
GetSystemTime
GetTimeFormatW
GetDateFormatW
FormatMessageW
GetNumberFormatW
GlobalHandle
LoadResource
GetSystemDefaultLangID
GetVersionExA
GetTempPathW
GetModuleFileNameW
TlsGetValue
TlsSetValue
PostQueuedCompletionStatus
VerifyVersionInfoW
GlobalAlloc
GlobalLock
GlobalUnlock
VerSetConditionMask
GetFullPathNameW
GetSystemFirmwareTable
GetModuleHandleW
GlobalFree
IsWow64Process
GetComputerNameA
InterlockedFlushSList
CreateEventW
SetEvent
WaitForSingleObject
ResetEvent
CreateThread
SetErrorMode
CreateWaitableTimerW
SetWaitableTimer
QueryPerformanceFrequency
WaitForMultipleObjectsEx
CancelWaitableTimer
GetComputerNameExW
InitializeSListHead
GetDriveTypeW
GetCPInfo
ResumeThread
FlushFileBuffers
DeviceIoControl
FindCloseChangeNotification
QueryDosDeviceW
FindFirstChangeNotificationW
FindNextChangeNotification
GetVolumeInformationW
GetFileInformationByHandle
GetFileAttributesExW
GetVersionExW
SetFileTime
RemoveDirectoryW
MoveFileW
LockFileEx
GlobalDeleteAtom
LockFile
GlobalAddAtomW
UnlockFile
EscapeCommFunction
GetCommState
SetCommState
TransmitCommChar
WaitCommEvent
SetCommTimeouts
GetCommTimeouts
SetupComm
GetCommMask
TlsFree
TlsAlloc
LoadLibraryW
GetSystemDirectoryW
SetCommMask
CreateFileMappingW
CloseHandle
PurgeComm
GetCommModemStatus
GetLastError
ClearCommError
GetCommProperties
GetCommConfig
SleepConditionVariableSRW
WakeAllConditionVariable
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
DecodePointer
EncodePointer
VirtualAlloc
VirtualFree
HeapDestroy
HeapReAlloc
HeapSize
LoadLibraryExA
VirtualProtect
DisableThreadLibraryCalls
SizeofResource
lstrcmpiW
CreateEventExW
GetTimeZoneInformation
GetLocalTime
OpenThread
SwitchToThread
InitializeCriticalSection
GetComputerNameW
Beep
TrySubmitThreadpoolCallback
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
GetDefaultCommConfigW
FindFirstVolumeW
GetModuleHandleExA
GetProcAddress
FindNextVolumeW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
GetVolumePathNamesForVolumeNameW
FindVolumeClose
OpenProcess
GetWindowsDirectoryW
CreateIoCompletionPort
GetQueuedCompletionStatus
GetTempFileNameW
CreateProcessW
FreeLibrary
SystemTimeToFileTime
GetCommandLineW
GlobalSize
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CreateThreadpool
InitializeCriticalSectionAndSpinCount
SetThreadPriority
ProcessIdToSessionId
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
GetOverlappedResult
GetTickCount64
DisconnectNamedPipe
CreateThreadpoolIo
CancelThreadpoolIo
StartThreadpoolIo
CloseThreadpoolIo
BindIoCompletionCallback
CancelIo
SearchPathW
SetLastError
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
UnmapViewOfFile
MultiByteToWideChar
FindResourceExW
MapViewOfFile
WideCharToMultiByte
DeactivateActCtx
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
GetModuleHandleExW
QueryActCtxW
OutputDebugStringA
PowerCreateRequest
PowerSetRequest
PowerClearRequest
NormalizeString
MulDiv
lstrcmpW
RaiseException
VirtualQuery
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
ReleaseSemaphore
ReleaseMutex
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
HeapAlloc
CreateMutexExW
GetProcessHeap
DebugBreak
IsDebuggerPresent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
GetFileSize
OpenEventW
OpenMutexW
OpenFileMappingW
GetSystemInfo
GetActiveProcessorCount
GetProcessAffinityMask
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
SetEndOfFile
FindFirstFileW
FindNextFileW
FindClose
GetFileSizeEx
SetFilePointerEx
CompareStringEx
GetNativeSystemInfo
WaitForMultipleObjects
IsProcessorFeaturePresent
CreateWaitableTimerExW
GetExitCodeThread
FreeLibraryAndExitThread
CreateSemaphoreW
QueueUserWorkItem
WaitForThreadpoolIoCallbacks
gdi32
GdiDrawStream
GetDeviceCaps
CreateRectRgn
SetRectRgn
OffsetRgn
DPtoLP
IntersectClipRect
CreateRectRgnIndirect
GetRgnBox
ExtCreateRegion
CreateSolidBrush
CreatePalette
RestoreDC
TextOutW
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
CreateMetaFileW
OffsetWindowOrgEx
GetDIBColorTable
CreateDCW
GetPaletteEntries
GetClipBox
GetNearestColor
SetDIBColorTable
GetRegionData
PtInRegion
CreateFontIndirectW
SetPixel
GetTextExtentPoint32W
ExtTextOutW
CreatePolygonRgn
GetMapMode
GetTextExtentPointW
GetClipRgn
UpdateColors
GetPixel
GetNearestPaletteIndex
GetSystemPaletteEntries
CombineRgn
CreateDIBPatternBrushPt
CreateBrushIndirect
DeleteObject
CreatePen
LPtoDP
DeleteDC
SelectObject
SetStretchBltMode
StretchBlt
CreateDIBitmap
CreateCompatibleDC
SetBitmapBits
CreateBitmap
CreateCompatibleBitmap
CreateDIBSection
SelectPalette
GetObjectW
GetCurrentObject
FillRgn
FrameRgn
Polygon
Ellipse
SetPolyFillMode
Rectangle
LineTo
MoveToEx
SetROP2
RealizePalette
PatBlt
SetDCBrushColor
GetStockObject
SelectClipRgn
GdiFlush
SetBrushOrgEx
GetBrushOrgEx
SetBkMode
SetMetaFileBitsEx
GetMetaFileBitsEx
PlayMetaFile
GetBkMode
BitBlt
StretchDIBits
SetBkColor
SetTextColor
SetTextAlign
GetTextAlign
advapi32
RegEnumValueW
IsTextUnicode
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegDeleteKeyValueW
RegSetKeyValueW
RegEnumKeyW
RegFlushKey
CryptGenRandom
CryptAcquireContextW
RegQueryInfoKeyW
EventUnregister
EventRegister
CopySid
GetLengthSid
OpenProcessToken
EventWriteTransfer
GetTokenInformation
CryptReleaseContext
CryptSetProvParam
CredFree
CredUnmarshalCredentialW
RegGetValueW
GetUserNameA
RegDeleteKeyW
CredIsMarshaledCredentialW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CredReadW
CredWriteW
CredGetSessionTypes
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
CredDeleteW
EventActivityIdControl
RegNotifyChangeKeyValue
CredReadDomainCredentialsW
CredWriteDomainCredentialsW
GetFileSecurityW
GetSecurityDescriptorLength
SetFileSecurityW
CryptDestroyKey
CredProtectW
CredUnprotectW
SystemFunction036
TraceEvent
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
TraceMessage
user32
UpdateLayeredWindow
RedrawWindow
GetIconInfo
DrawIconEx
SetForegroundWindow
RegisterHotKey
UnregisterHotKey
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetTopWindow
OffsetRect
UnionRect
EnumChildWindows
EnumDisplayMonitors
EnumDisplayDevicesW
CopyIcon
PostThreadMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
CharNextW
IsChild
CallWindowProcW
DrawTextW
SetWindowLongW
EnumThreadWindows
AllowSetForegroundWindow
MonitorFromPoint
UnregisterClassA
CharLowerW
GetWindowDC
FillRect
IntersectRect
SetTimer
LoadCursorW
SetWindowPos
ShowWindow
KillTimer
DestroyWindow
UnregisterClassW
GetClassInfoW
RegisterClassW
CreateWindowExW
SetPropW
GetKeyState
SetParent
MoveWindow
GetKeyboardType
ScreenToClient
GetCapture
SetCursorPos
ClientToScreen
SetFocus
MapVirtualKeyW
GetSystemMetrics
UnhookWinEvent
keybd_event
GetCursorPos
GetRawInputData
GetAncestor
GetKeyboardLayoutNameW
TrackMouseEvent
DefWindowProcW
GetWindowLongPtrW
FlashWindow
GetWindowRect
EndPaint
SetWindowLongPtrW
GetLastInputInfo
CharPrevA
CharNextA
SetWinEventHook
EndDeferWindowPos
DeferWindowPos
GetGUIThreadInfo
BeginDeferWindowPos
GetClassNameW
GetActiveWindow
FindWindowExW
SendMessageTimeoutW
DispatchMessageW
GetMessageW
PostQuitMessage
ValidateRect
SetWindowTextW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnableWindow
UpdateWindow
RegisterClassExW
GetClassInfoExW
IsRectEmpty
GetWindowLongW
GetParent
RemovePropW
SetRectEmpty
LoadStringW
LoadIconW
GetSystemMenu
EnableMenuItem
SetWindowPlacement
CloseWindow
GetWindowPlacement
SystemParametersInfoA
LockWindowUpdate
GetSysColor
SetScrollPos
AdjustWindowRect
ShowScrollBar
SetScrollInfo
GetCursorInfo
LoadMenuW
DialogBoxParamW
CheckDlgButton
EndDialog
IsDlgButtonChecked
SetDlgItemTextW
GetDlgItem
GetProcessDefaultLayout
GetDlgCtrlID
MonitorFromRect
GetLastActivePopup
SetLayeredWindowAttributes
GetSubMenu
TrackPopupMenuEx
SetClassLongPtrW
GetClassLongPtrW
GetMenuItemInfoW
IsWindowEnabled
DestroyMenu
CreateDialogParamW
AnimateWindow
GetKeyboardLayoutNameA
GetKeyboardLayout
SendDlgItemMessageW
GetNextDlgTabItem
GetDlgItemTextW
InflateRect
GetSysColorBrush
EnumDisplaySettingsW
CopyRect
GetClipboardFormatNameW
SetRect
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
CreateIconIndirect
IsClipboardFormatAvailable
DestroyIcon
LoadImageW
EqualRect
DefDlgProcW
GetDesktopWindow
DestroyCursor
PeekMessageW
SendInput
ShowCursor
MapWindowPoints
IsWindow
SetWindowRgn
SetActiveWindow
IsIconic
IsZoomed
RegisterWindowMessageW
GetWindow
IsWindowVisible
FindWindowW
CreateCursor
GetClientRect
SendMessageW
ReleaseDC
GetDC
InvalidateRect
RegisterClipboardFormatW
MessageBeep
GetMessageExtraInfo
GetWindowRgn
GetAsyncKeyState
AttachThreadInput
RegisterRawInputDevices
PtInRect
CallNextHookEx
GetWindowThreadProcessId
SetWindowsHookExW
SetCursor
FlashWindowEx
SetCapture
ReleaseCapture
GetForegroundWindow
GetFocus
UnhookWindowsHookEx
BeginPaint
PostMessageW
GetKeyboardState
SetMenuItemInfoW
d2d1
ord1
dwrite
DWriteCreateFactory
cfgmgr32
CM_MapCrToWin32Err
CM_Locate_DevNodeW
CM_Get_Parent
CM_Get_Device_ID_Size
CM_Get_Device_IDW
CM_Get_Device_Interface_PropertyW
msacm32
acmDriverEnum
acmFormatTagDetailsW
acmDriverOpen
acmStreamOpen
acmFormatSuggest
acmStreamUnprepareHeader
acmStreamConvert
acmStreamPrepareHeader
acmStreamSize
acmDriverClose
acmStreamClose
dwmapi
DwmSetWindowAttribute
DwmGetWindowAttribute
pdh
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhCloseQuery
PdhOpenQueryW
PdhRemoveCounter
PdhCollectQueryData
secur32
EncryptMessage
AcceptSecurityContext
DeleteSecurityContext
QueryContextAttributesW
AcquireCredentialsHandleW
SetContextAttributesW
FreeCredentialsHandle
InitializeSecurityContextW
LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaFreeReturnBuffer
DecryptMessage
LsaLookupAuthenticationPackage
InitSecurityInterfaceW
QuerySecurityPackageInfoW
FreeContextBuffer
GetUserNameExW
LsaCallAuthenticationPackage
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
uxtheme
SetWindowTheme
GetCurrentThemeName
setupapi
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsExW
CM_Get_Sibling
SetupDiOpenClassRegKeyExW
CM_Get_DevNode_Registry_PropertyW
CM_Get_Child
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiCreateDeviceInfoList
SetupDiOpenDevRegKey
SetupDiOpenDeviceInfoW
iphlpapi
CreateSortedAddressPairs
FreeMibTable
rpcrt4
NdrMesTypeDecode3
NdrMesTypeEncode3
NdrMesTypeFree3
MesDecodeBufferHandleCreate
RpcStringFreeW
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
MesHandleFree
MesEncodeDynBufferHandleCreate
UuidToStringW
CStdStubBuffer_AddRef
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
IUnknown_Release_Proxy
NdrDllUnregisterProxy
CStdStubBuffer_Invoke
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
NdrDllRegisterProxy
NdrDllGetClassObject
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
I_RpcExceptionFilter
NdrDllCanUnloadNow
dxgi
CreateDXGIFactory1
imm32
ImmGetContext
ImmAssociateContext
ncrypt
NCryptFreeObject
NCryptSetProperty
netapi32
NetGetJoinInformation
NetApiBufferFree
d3d11
D3D11CreateDevice
bcrypt
BCryptHashData
BCryptImportKeyPair
BCryptCreateHash
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptImportKey
BCryptEncrypt
BCryptFinishHash
BCryptDestroyKey
api-ms-win-core-path-l1-1-0
PathCchCanonicalize
Exports
Exports
DllCanUnloadNow
DllCancelAuthentication
DllGetClaimsToken
DllGetClassObject
DllGetTscCtlVer
DllLogoffClaimsToken
DllRegisterServer
DllSetAuthProperties
DllSetClaimsToken
DllUnregisterServer
Sections
.text Size: 5.6MB - Virtual size: 5.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 61KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 173KB - Virtual size: 172KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 79KB - Virtual size: 79KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ