c:\buildbot\slave\2015_07_Minecraft_PC\TELLTALE_PC\bin\Shipping\GameApp.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
MinecraftStoryMode.exe
Resource
win11-20240611-en
windows11-21h2-x64
0 signatures
150 seconds
General
-
Target
MinecraftStoryMode.exe
-
Size
11.6MB
-
MD5
6a971853525ebc34fe62f830b7760ac4
-
SHA1
338587e119f07f3ac562613409680f87ea4e1d9d
-
SHA256
830ea9f1d7bc7b7973f18390f19377da756c1ce30b285fff9eee8d32efa3a1ad
-
SHA512
0122c1f0812ced5cb3f5978febe03880bae5266fb4808e9ef09dc36c7689d5486953ed47e64ee3187c6fd3f06357077e88860b3395f6da396428de47b5e4c25e
-
SSDEEP
196608:WknlWIV6K42Q2R9I4yOggT5Pk+6/vmUr3j29:Wknd6K42QeI4yc58+aek3y9
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource MinecraftStoryMode.exe
Files
-
MinecraftStoryMode.exe.exe windows:5 windows x86 arch:x86
98121f971370cc75e62994ad695adeff
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GetModuleFileNameW
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
SetEnvironmentVariableA
WriteConsoleW
GetProcessHeap
SetStdHandle
GetExitCodeProcess
CreatePipe
CompareStringW
FlushFileBuffers
GetConsoleCP
GetFullPathNameA
GetDriveTypeW
GetCurrentDirectoryW
GetStringTypeW
InterlockedPopEntrySList
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
CreateFileA
GetFileAttributesA
SetFileAttributesA
SetConsoleCtrlHandler
GetTimeZoneInformation
FindFirstFileExA
GetDriveTypeA
PeekNamedPipe
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateProcessA
MoveFileA
GetDateFormatA
GetTimeFormatA
ExitThread
GetSystemTimeAsFileTime
GetFullPathNameW
ExitProcess
CreateSemaphoreW
HeapSetInformation
GetCommandLineA
RtlUnwind
InterlockedCompareExchange
DecodePointer
EncodePointer
LoadLibraryA
InterlockedExchange
LocalAlloc
SetNamedPipeHandleState
TransactNamedPipe
DuplicateHandle
WaitForMultipleObjects
WaitNamedPipeW
GetSystemTime
OpenThread
SuspendThread
GetThreadContext
RtlCaptureContext
TerminateThread
VirtualQueryEx
GetProcessId
SetUnhandledExceptionFilter
GlobalMemoryStatus
GetCurrentProcessId
FlushConsoleInputBuffer
GetStdHandle
GetFileType
GetVersion
FormatMessageA
ExpandEnvironmentStringsA
VerSetConditionMask
VerifyVersionInfoW
SleepEx
GetTickCount
GetTempPathW
CreateFileW
GetFileInformationByHandle
WriteFile
ReadFile
SetFilePointer
SetEndOfFile
lstrlenA
CreateDirectoryW
MoveFileExW
DeleteFileW
FindNextFileW
GetFileAttributesExW
SetFileAttributesW
GetFileAttributesW
GetVersionExW
FormatMessageW
LocalFree
FindFirstFileW
CreateEventW
ResetEvent
SetEvent
ReleaseSemaphore
ResumeThread
CloseHandle
TlsAlloc
TlsGetValue
TlsFree
TlsSetValue
GetSystemInfo
GetComputerNameA
GetVolumeInformationW
GetUserGeoID
IsDebuggerPresent
GetSystemDefaultLangID
GetCurrentThread
SetThreadAffinityMask
SwitchToThread
QueryPerformanceFrequency
InitializeCriticalSection
GetEnvironmentVariableA
FindFirstFileA
FindNextFileA
FindClose
DeleteFileA
CompareFileTime
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
MulDiv
lstrcmpW
GetCurrentProcess
FlushInstructionCache
GetLastError
LoadLibraryW
WideCharToMultiByte
GetStartupInfoW
QueryPerformanceCounter
GetModuleHandleW
WaitForSingleObject
CreateThread
DeleteCriticalSection
HeapLock
HeapUnlock
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
HeapCreate
GlobalMemoryStatusEx
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
RaiseException
GetCurrentThreadId
lstrlenW
GetProcAddress
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
Sleep
FreeLibrary
user32
DefWindowProcW
PeekMessageW
TranslateMessage
DispatchMessageW
CharNextW
GetWindowLongW
SetWindowLongW
MessageBoxW
WaitMessage
DestroyWindow
ShowCursor
GetSysColor
MoveWindow
SetWindowPos
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetParent
GetDlgItem
GetClassNameW
ReleaseCapture
FillRect
UnregisterClassA
GetProcessWindowStation
GetUserObjectInformationW
SetWindowsHookExW
MessageBeep
LoadBitmapW
IsDialogMessageW
CallNextHookEx
UnhookWindowsHookEx
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
SetDlgItemTextW
mouse_event
GetKeyState
CreateDialogParamW
IsWindowVisible
GetAsyncKeyState
GetRawInputData
GetCursorPos
GetCapture
SetCursorPos
GetSystemMetrics
RegisterRawInputDevices
CopyRect
GetActiveWindow
ShowWindow
LoadIconW
wsprintfW
LoadImageW
PostQuitMessage
SetCursor
ClipCursor
AdjustWindowRectEx
GetWindowRect
GetMenu
SetForegroundWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RegisterWindowMessageW
CreateAcceleratorTableW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
IsWindow
SendMessageW
SetFocus
GetFocus
GetWindow
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
winmm
timeEndPeriod
timeGetTime
timeBeginPeriod
ws2_32
__WSAFDIsSet
send
WSACleanup
WSAGetLastError
select
WSAStartup
WSASetLastError
recv
shutdown
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket
connect
sendto
recvfrom
accept
listen
gethostbyname
ioctlsocket
wininet
InternetSetOptionW
HttpAddRequestHeadersW
HttpOpenRequestW
HttpSendRequestW
InternetOpenW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryDataAvailable
InternetConnectW
InternetCloseHandle
InternetReadFile
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
dinput8
DirectInput8Create
d3dx9_43
D3DXLoadSurfaceFromMemory
D3DXLoadSurfaceFromSurface
d3d9
D3DPERF_BeginEvent
D3DPERF_EndEvent
Direct3DCreate9
D3DPERF_GetStatus
fmod
?getSoftwareFormat@System@FMOD@@QAG?AW4FMOD_RESULT@@PAHPAW4FMOD_SPEAKERMODE@@0@Z
FMOD_Memory_GetStats
?release@Sound@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setUserData@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAX@Z
?getOpenState@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAW4FMOD_OPENSTATE@@PAIPA_N2@Z
?getSubSound@Sound@FMOD@@QAG?AW4FMOD_RESULT@@HPAPAV12@@Z
?getNumSubSounds@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?getUserData@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAPAX@Z
?stop@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getCurrentSound@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVSound@2@@Z
?getChannel@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@HPAPAVChannel@2@@Z
?getNumChannels@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?getGroup@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@HPAPAV12@@Z
?getNumGroups@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?getMasterChannelGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVChannelGroup@2@@Z
?getSystemObject@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVSystem@2@@Z
?getChannel@System@FMOD@@QAG?AW4FMOD_RESULT@@HPAPAVChannel@2@@Z
?createSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?getLength@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAII@Z
?setDriver@System@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?getNumDrivers@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?setSoftwareFormat@System@FMOD@@QAG?AW4FMOD_RESULT@@HW4FMOD_SPEAKERMODE@@H@Z
?getVersion@System@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z
?setCallback@System@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PAUFMOD_SYSTEM@@IPAX11@ZI@Z
?setReverbProperties@System@FMOD@@QAG?AW4FMOD_RESULT@@HPBUFMOD_REVERB_PROPERTIES@@@Z
?getAudibility@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PAM@Z
?setPosition@Channel@FMOD@@QAG?AW4FMOD_RESULT@@II@Z
?getPosition@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAII@Z
?setFileSystem@System@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PBDPAIPAPAXPAX@ZP6G?AW43@33@ZP6G?AW43@33I13@ZP6G?AW43@3I3@ZP6G?AW43@PAUFMOD_ASYNCREADINFO@@3@Z9H@Z
FMOD_Memory_Initialize
?set3DAttributes@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_VECTOR@@00@Z
?setVolume@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?setPan@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?setPitch@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?set3DMinMaxDistance@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@MM@Z
?get3DMinMaxDistance@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PAM0@Z
?setParameterFloat@DSP@FMOD@@QAG?AW4FMOD_RESULT@@HM@Z
?setPaused@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?setMode@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@I@Z
?setLoopCount@Channel@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?setCallback@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PAUFMOD_CHANNELCONTROL@@W4FMOD_CHANNELCONTROL_TYPE@@W4FMOD_CHANNELCONTROL_CALLBACK_TYPE@@PAX3@Z@Z
?getUserData@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PAPAX@Z
?setUserData@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PAX@Z
?isPlaying@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?getChannelGroup@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVChannelGroup@2@@Z
?getSystemObject@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVSystem@2@@Z
?release@DSP@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?addDSP@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@HPAVDSP@2@@Z
?setParameterInt@DSP@FMOD@@QAG?AW4FMOD_RESULT@@HH@Z
?createDSPByType@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_DSP_TYPE@@PAPAVDSP@2@@Z
?setReverbProperties@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@HM@Z
?setChannelGroup@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAVChannelGroup@2@@Z
?getNumSyncPoints@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?getLoopPoints@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAII0I@Z
?playSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PAVSound@2@PAVChannelGroup@2@_NPAPAVChannel@2@@Z
?setChannelFormat@DSP@FMOD@@QAG?AW4FMOD_RESULT@@IHW4FMOD_SPEAKERMODE@@@Z
?getDSP@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@HPAPAVDSP@2@@Z
?setMute@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?getVolume@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PAM@Z
?release@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?addGroup@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAV12@_NPAPAVDSPConnection@2@@Z
?createChannelGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDPAPAVChannelGroup@2@@Z
?mixerResume@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?mixerSuspend@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
fmodstudio
?unload@Bank@Studio@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getLoadingState@Bank@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAW4FMOD_STUDIO_LOADING_STATE@@@Z
?isValid@Bank@Studio@FMOD@@QBG_NXZ
?update@System@Studio@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?loadBankFile@System@Studio@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAPAVBank@23@@Z
?getSampleLoadingState@EventDescription@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAW4FMOD_STUDIO_LOADING_STATE@@@Z
?unloadSampleData@EventDescription@Studio@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getEventByID@System@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PBUFMOD_GUID@@PAPAVEventDescription@23@@Z
?loadSampleData@EventDescription@Studio@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?initialize@System@Studio@FMOD@@QAG?AW4FMOD_RESULT@@HIIPAX@Z
?getLowLevelSystem@System@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAPAV13@@Z
?create@System@Studio@FMOD@@SG?AW4FMOD_RESULT@@PAPAV123@I@Z
?release@System@Studio@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?lookupPath@System@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PBUFMOD_GUID@@PADHPAH@Z
?getID@Bus@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAUFMOD_GUID@@@Z
?getBusList@Bank@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAPAVBus@23@HPAH@Z
?getBusCount@Bank@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAH@Z
?getID@EventDescription@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAUFMOD_GUID@@@Z
?getEventList@Bank@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAPAVEventDescription@23@HPAH@Z
?getEventCount@Bank@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAH@Z
?getBankList@System@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAPAVBank@23@HPAH@Z
?getBankCount@System@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAH@Z
?flushCommands@System@Studio@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?set3DAttributes@EventInstance@Studio@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_3D_ATTRIBUTES@@@Z
?is3D@EventDescription@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PA_N@Z
?isValid@EventInstance@Studio@FMOD@@QBG_NXZ
?setVolume@EventInstance@Studio@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?setPaused@EventInstance@Studio@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?stop@EventInstance@Studio@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_STUDIO_STOP_MODE@@@Z
?trigger@CueInstance@Studio@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setValue@ParameterInstance@Studio@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?getParameter@EventInstance@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PBDPAPAVParameterInstance@23@@Z
?getCueByIndex@EventInstance@Studio@FMOD@@QBG?AW4FMOD_RESULT@@HPAPAVCueInstance@23@@Z
?setTimelinePosition@EventInstance@Studio@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?setListenerAttributes@System@Studio@FMOD@@QAG?AW4FMOD_RESULT@@HPBUFMOD_3D_ATTRIBUTES@@@Z
?getParameterCount@EventDescription@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAH@Z
?getParameterByIndex@EventDescription@Studio@FMOD@@QBG?AW4FMOD_RESULT@@HPAUFMOD_STUDIO_PARAMETER_DESCRIPTION@@@Z
?lockChannelGroup@Bus@Studio@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?unlockChannelGroup@Bus@Studio@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?isValid@Bus@Studio@FMOD@@QBG_NXZ
?getChannelGroup@Bus@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAPAVChannelGroup@3@@Z
?setPaused@Bus@Studio@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?setMute@Bus@Studio@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?setFaderLevel@Bus@Studio@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?getBusByID@System@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PBUFMOD_GUID@@PAPAVBus@23@@Z
?setCallback@EventInstance@Studio@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW44@IPAUFMOD_STUDIO_EVENTINSTANCE@@PAX@ZI@Z
?setUserData@EventInstance@Studio@FMOD@@QAG?AW4FMOD_RESULT@@PAX@Z
?getSoundInfo@System@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PBDPAUFMOD_STUDIO_SOUND_INFO@@@Z
?createInstance@EventDescription@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAPAVEventInstance@23@@Z
?start@EventInstance@Studio@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?isValid@ParameterInstance@Studio@FMOD@@QBG_NXZ
?getTimelinePosition@EventInstance@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAH@Z
?getLength@EventDescription@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAH@Z
?getChannelGroup@EventInstance@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAPAVChannelGroup@3@@Z
?getPlaybackState@EventInstance@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAW4FMOD_STUDIO_PLAYBACK_STATE@@@Z
?isOneshot@EventDescription@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PA_N@Z
?isValid@EventDescription@Studio@FMOD@@QBG_NXZ
?release@EventInstance@Studio@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getUserData@EventInstance@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAPAX@Z
?getDescription@ParameterInstance@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAUFMOD_STUDIO_PARAMETER_DESCRIPTION@@@Z
?getParameterByIndex@EventInstance@Studio@FMOD@@QBG?AW4FMOD_RESULT@@HPAPAVParameterInstance@23@@Z
?getParameterCount@EventInstance@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAH@Z
?getUserProperty@EventDescription@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PBDPAUFMOD_STUDIO_USER_PROPERTY@@@Z
comctl32
ord17
_TrackMouseEvent
InitCommonControlsEx
gdi32
CreateDCW
GetBitmapBits
SetStretchBltMode
SetTextColor
SetBkMode
StretchBlt
GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
shell32
ShellExecuteExW
ShellExecuteW
SHGetFolderPathW
ole32
CoCreateGuid
CoSetProxyBlanket
CoInitializeEx
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
oleaut32
SysFreeString
SysStringLen
SysAllocStringLen
SysAllocString
VarUI4FromStr
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysStringByteLen
advapi32
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegQueryValueExW
RegFlushKey
RegEnumKeyExW
RegDeleteKeyW
Sections
.text Size: 8.2MB - Virtual size: 8.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 292KB - Virtual size: 627KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 840KB - Virtual size: 840KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 745KB - Virtual size: 745KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.bind Size: 265KB - Virtual size: 265KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ