Static task
static1
Behavioral task
behavioral1
Sample
c570d9fc3392e66aa1bb01bb336205a33257bb8e5ac4dd3b80cd7266e05bf57d.exe
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral2
Sample
c570d9fc3392e66aa1bb01bb336205a33257bb8e5ac4dd3b80cd7266e05bf57d.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
c570d9fc3392e66aa1bb01bb336205a33257bb8e5ac4dd3b80cd7266e05bf57d
-
Size
1.5MB
-
MD5
90f2c8a3f5c5749914f056eb8a8963da
-
SHA1
c5de7e7de1fc296c8d2a56e65cbb7444ca8b8357
-
SHA256
c570d9fc3392e66aa1bb01bb336205a33257bb8e5ac4dd3b80cd7266e05bf57d
-
SHA512
4014fbb16220017abc9a1024ae51e4dad5a0fa9775d31a486c7dd465b6c2e27a873108499f012e7d109e7b9a5caaabaf9af9659bcbc1b6196acba0dc4c33cb51
-
SSDEEP
24576:rg/zSUQHctxcU/bwafnFlQNCHtg6dzRIvWGuEkXMkXwUCZnw6PH+b0f3+:r2WUQHctxcUzwafnFG0DdzRIKEkXMkXN
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c570d9fc3392e66aa1bb01bb336205a33257bb8e5ac4dd3b80cd7266e05bf57d
Files
-
c570d9fc3392e66aa1bb01bb336205a33257bb8e5ac4dd3b80cd7266e05bf57d.exe windows:4 windows x86 arch:x86
49d789ffc342592cbd86619adec8362e
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
cosmo3d13
??0csBox@@QAE@XZ
?setSize@csBox@@QAEXMMM@Z
?setTexEnable@csContext@@QAEXE@Z
?setTranspEnable@csContext@@QAEXE@Z
?setCullFace@csContext@@QAEXW4CullFaceEnum@1@@Z
??0csHit@@QAE@XZ
??1csHit@@UAE@XZ
??0csLineSet@@QAE@XZ
??0csSphere@@QAE@XZ
?setRadius@csSphere@@QAEXM@Z
?setCenter@csSphere@@QAEXMMM@Z
??0csQuadSet@@QAE@XZ
?edit@csMFVec3f@@QAEPAVcsVec3f@@XZ
?setNormalBind@csGeoSet@@QAEXW4NormalBindEnum@1@@Z
?edit@csMFVec2f@@QAEPAVcsVec2f@@XZ
?edit@csMFInt@@QAEPAHXZ
?removeChild@csGroup@@QAEXH@Z
??0csSwitch@@QAE@XZ
?setGeometry@csShape@@QAEXHPAVcsGeometry@@@Z
?setCenter@csCone@@QAEXMMM@Z
?setWhichChild@csSwitch@@QAEXH@Z
?setScale@csTransform@@QAEXMMM@Z
??0csMaterial@@QAE@XZ
?setSpecularColor@csMaterial@@QAEXMMM@Z
?setDiffuseColor@csMaterial@@QAEXMMM@Z
?setAmbientColor@csMaterial@@QAEXMMM@Z
?setShininess@csMaterial@@QAEXM@Z
?setTransparency@csMaterial@@QAEXM@Z
??0csAppearance@@QAE@XZ
?setMaterial@csAppearance@@QAEXPAVcsMaterial@@@Z
?setLightEnable@csAppearance@@QAEXE@Z
?setTranspMode@csAppearance@@QAEXW4TranspModeEnum@csContext@@@Z
?setTranspEnable@csAppearance@@QAEXE@Z
?setTexEnable@csAppearance@@QAEXE@Z
?setAmbientIntensity@csMaterial@@QAEXM@Z
?setMaterialModeEnable@csAppearance@@QAEXW4MaterialModeEnum@csContext@@@Z
??0csTexture@@QAE@XZ
?setCenter@csBox@@QAEXMMM@Z
?setFileName@csTexture@@QAEXABVcsString@@@Z
??1csString@@QAE@XZ
?setTexture@csAppearance@@QAEXPAVcsTexture@@@Z
?getOrientation@csCamera@@QAEXPAM000@Z
?getPosition@csCamera@@QAEXPAM00@Z
?setOffset@csLOD@@SAXH@Z
?normalize@csVec3f@@QAEMXZ
?transpose@csMatrix4f@@QAEXAAV1@@Z
?xformVec@csVec3f@@QAEXABV1@ABVcsMatrix4f@@@Z
?getWidth@csOrthoCamera@@QAEMXZ
?getHeight@csOrthoCamera@@QAEMXZ
?setAspectRatio@csOrthoCamera@@QAEXM@Z
?setAspectMode@csOrthoCamera@@QAEXW4AspectModeEnum@csFrustum@@@Z
?setHorizFOV@csPerspCamera@@QAEXM@Z
?setVertFOV@csPerspCamera@@QAEXM@Z
?setLightEnable@csContext@@QAEXE@Z
?setDepthEnable@csContext@@QAEXE@Z
?setDepthFunc@csContext@@QAEXW4DepthFuncEnum@1@@Z
?setLocalViewer@csContext@@QAEXE@Z
?setTexMode@csContext@@QAEXW4TexModeEnum@1@@Z
?setTexEnv@csContext@@QAEXW4TexEnvEnum@1@@Z
?setShadeModel@csContext@@QAEXW4ShadeModelEnum@1@@Z
?setTranspMode@csContext@@QAEXW4TranspModeEnum@1@@Z
?pushOverrideGeoProp@csContext@@QAEXPAVcsOverrideGeoProp@@@Z
?popOverrideGeoProp@csContext@@QAEPAVcsOverrideGeoProp@@XZ
?makeRot@csMatrix4f@@QAEXMMMM@Z
?clear@csContext@@QAEXHMMMM@Z
?validateField@csContainer@@IAEXF@Z
?getTranslation@csTransform@@QAEXPAM00@Z
?setWidth@csOrthoCamera@@QAEXM@Z
?setHeight@csOrthoCamera@@QAEXM@Z
?makeEmpty@csSphereBound@@UAEXXZ
?getSphereBound@csNode@@QAEXAAVcsSphereBound@@@Z
?makeEmpty@csBoxBound@@UAEXXZ
?around@csBoxBound@@UAEXQAPBVcsSphereBound@@H@Z
?isEmpty@csSphereBound@@UBEHXZ
?around@csBound@@UAEXPBVcsBoxBound@@@Z
?around@csBound@@UAEXPBVcsSphereBound@@@Z
?addGeometry@csShape@@QAEXPAVcsGeometry@@@Z
?addChild@csGroup@@QAEXPAVcsNode@@@Z
?around@csSphereBound@@UAEXQBVcsVec3f@@H@Z
?extendBy@csSphereBound@@UAEXPBV1@@Z
?extendBy@csBound@@UAEXPBVcsBoxBound@@@Z
?extendBy@csSphereBound@@UAEXABVcsVec3f@@@Z
?contains@csSphereBound@@UBEHPBV1@@Z
?contains@csBound@@UBEHPBVcsBoxBound@@@Z
?contains@csSphereBound@@UBEHABVcsVec3f@@@Z
?isect@csSphereBound@@UBEHPBVcsSeg@@PAM1@Z
?isEmpty@csBoxBound@@UBEHXZ
?around@csBoxBound@@UAEXQAPBV1@H@Z
?around@csBoxBound@@UAEXQBVcsVec3f@@H@Z
?extendBy@csBound@@UAEXPBVcsSphereBound@@@Z
?extendBy@csBoxBound@@UAEXPBV1@@Z
?extendBy@csBoxBound@@UAEXABVcsVec3f@@@Z
?contains@csBound@@UBEHPBVcsSphereBound@@@Z
?contains@csBoxBound@@UBEHPBV1@@Z
?contains@csBoxBound@@UBEHABVcsVec3f@@@Z
?isect@csBoxBound@@UBEHPBVcsSeg@@PAM1@Z
?setCenter@csTransform@@QAEXMMM@Z
?setChildCount@csGroup@@QAEXH@Z
?makeIdent@csMatrix4f@@QAEXXZ
?getMatrix@csTransform@@QAEXAAVcsMatrix4f@@@Z
?setViewport@csContext@@QAEXHHHH@Z
?unref@csObject@@QAEEXZ
?releaseCurrent@csContext@@SAXXZ
?setPosition@csCamera@@QAEXMMM@Z
?setOrientation@csCamera@@QAEXMMMM@Z
?setNearClip@csOrthoCamera@@QAEXM@Z
?setNearClip@csPerspCamera@@QAEXM@Z
?setFarClip@csOrthoCamera@@QAEXM@Z
?setFarClip@csPerspCamera@@QAEXM@Z
??0csEnvironment@@QAE@XZ
??0csPointLight@@QAE@XZ
?setLocation@csPointLight@@QAEXMMM@Z
?setAttenuation@csPointLight@@QAEXMMM@Z
?append@csMFRef@@QAEXPAVcsContainer@@@Z
??0csDirectionalLight@@QAE@XZ
??0csGroup@@QAE@XZ
??0csOrthoCamera@@QAE@XZ
?ref@csObject@@QAEXXZ
??0csPerspCamera@@QAE@XZ
??0csContext@@QAE@PAUHDC__@@@Z
?makeCurrent@csContext@@QAEXPAUHDC__@@@Z
??0csDrawAction@@QAE@XZ
?setCamera@csVFCullAction@@QAEXPAVcsCamera@@@Z
?setColor@csLight@@QAEXMMM@Z
?setIntensity@csLight@@QAEXM@Z
?setAmbientIntensity@csLight@@QAEXM@Z
?setDirection@csDirectionalLight@@QAEXMMM@Z
?setOn@csLight@@QAEXE@Z
?getDirection@csDirectionalLight@@QAEXPAM00@Z
?getColor@csLight@@QAEXPAM00@Z
?getIntensity@csLight@@QAEMXZ
?getAmbientIntensity@csLight@@QAEMXZ
?getOn@csLight@@QAEEXZ
?mult@csRotation@@QAEABV1@ABV1@0@Z
??0csCone@@QAE@XZ
?setBottomRadius@csCone@@QAEXM@Z
?setHeight@csCone@@QAEXM@Z
?setCenter@csCylinder@@QAEXMMM@Z
?setTranslation@csTransform@@QAEXMMM@Z
??0csIndexedFaceSet@@QAE@XZ
??0csIndexSet@@QAE@H@Z
??0csCoordSet3f@@QAE@H@Z
??0csColorSet4f@@QAE@H@Z
??0csTexCoordSet2f@@QAE@H@Z
?setPrimCount@csGeoSet@@QAEXH@Z
?set@csMFInt@@QAEXIH@Z
?set@csMFVec3f@@QAEXIABVcsVec3f@@@Z
?set@csMFVec4f@@QAEXIABVcsVec4f@@@Z
?set@csMFVec2f@@QAEXIABVcsVec2f@@@Z
??0csNormalSet3f@@QAE@H@Z
?setColorSet@csGeoSet@@QAEXPAVcsColorSet@@@Z
?setCoordSet@csGeoSet@@QAEXPAVcsCoordSet@@@Z
?setTexCoordSet@csGeoSet@@QAEXPAVcsTexCoordSet@@@Z
?setCoordIndexSet@csGeoSet@@QAEXPAVcsIndexSet@@@Z
?setColorIndexSet@csGeoSet@@QAEXPAVcsIndexSet@@@Z
?setAppearance@csShape@@QAEXPAVcsAppearance@@@Z
?around@csSphereBound@@UAEXQAPBV1@H@Z
??0csShape@@QAE@XZ
?setTexCoordIndexSet@csGeoSet@@QAEXPAVcsIndexSet@@@Z
?setColorBind@csGeoSet@@QAEXW4ColorBindEnum@1@@Z
?setTexCoordBind@csGeoSet@@QAEXW4TexCoordBindEnum@1@@Z
?setNormalSet@csGeoSet@@QAEXPAVcsNormalSet@@@Z
?setNormalPerVertex@csIndexedFaceSet@@QAEXE@Z
??0csCylinder@@QAE@XZ
?setHeight@csCylinder@@QAEXM@Z
?setRadius@csCylinder@@QAEXM@Z
?setRotation@csTransform@@QAEXMMMM@Z
??0csTransform@@QAE@XZ
?around@csSphereBound@@UAEXQAPBVcsBoxBound@@H@Z
??4csString@@QAEAAV0@PBD@Z
op13_sp
?opFinish@@YAXXZ
?opInit@@YAXXZ
?load@opGenLoader@@QAEPAVcsGroup@@PBD@Z
??0opGenLoader@@QAE@XZ
??1opGenLoader@@QAE@XZ
?opNotify@@YAXW4opSeverity@@W4opError@@PBDZZ
?opSync@@YAHXZ
csbloader13_sp
csdStoreFile_csb
wsock32
getpeername
WSAGetLastError
recv
getsockname
closesocket
gethostname
send
connect
bind
freeimage
_FreeImage_Unload@4
_FreeImage_GetWidth@4
_FreeImage_Load@12
_FreeImage_GetInfoHeader@4
_FreeImage_Allocate@24
_FreeImage_GetInfo@4
_FreeImage_GetBits@4
_FreeImage_GetHeight@4
_FreeImage_ConvertTo24Bits@4
_FreeImage_Rescale@16
_FreeImage_Save@16
opengl32
glGetDoublev
glGetIntegerv
glu32
gluProject
gluUnProject
shlwapi
PathAppendA
user32
DeleteMenu
CreatePopupMenu
InsertMenuItemA
DrawMenuBar
SetParent
SetActiveWindow
GetMenu
SetForegroundWindow
LoadImageA
SetRect
IsWindow
FrameRect
IsWindowVisible
PostMessageA
GetWindow
GetClassNameA
KillTimer
SetTimer
RedrawWindow
GetWindowLongA
SetWindowLongA
InvalidateRect
PtInRect
GetParent
DefWindowProcA
GetWindowRect
GetSysColor
InflateRect
GetMenuItemInfoA
wsprintfA
UpdateWindow
GetActiveWindow
LoadMenuA
GetSubMenu
ModifyMenuA
EnableMenuItem
CheckMenuItem
AppendMenuA
LoadBitmapA
SetMenuItemBitmaps
GetCursorPos
GetWindowDC
GetDlgItem
ReleaseCapture
WindowFromPoint
ScreenToClient
GetDesktopWindow
SetCapture
SendMessageA
PeekMessageA
GetForegroundWindow
GetSystemMetrics
ClientToScreen
GetClientRect
GetDC
ReleaseDC
LoadCursorA
SetCursor
EnableWindow
MessageBoxA
OffsetRect
GetMenuItemCount
AttachThreadInput
SetRectEmpty
ole32
CoRegisterClassObject
CoUninitialize
CoInitialize
StringFromCLSID
CoFreeLibrary
CoRevokeClassObject
CLSIDFromString
CoTaskMemFree
OleRun
CoGetMalloc
CoCreateInstance
oleaut32
VariantChangeType
VariantCopy
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantInit
VariantClear
SysStringLen
SafeArrayCreate
SafeArrayPutElement
SysAllocStringLen
SysFreeString
msvcp60
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Xlen@std@@YAXXZ
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@ios_base@std@@QAEXH_N@Z
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0ios_base@std@@IAE@XZ
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?close@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?_Fpz@std@@3_JB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1locale@std@@QAE@XZ
??_7?$basic_filebuf@DU?$char_traits@D@std@@@std@@6B@
?_Initcvt@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?__Fiopen@std@@YAPAU_iobuf@@PBDH@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
msvcrt
_CIpow
strtok
atof
ceil
mbstowcs
_getdrive
_getdcwd
_chdir
toupper
_chdrive
strncpy
mktime
time
localtime
strftime
atol
strrchr
malloc
_stricmp
atoi
_ftol
fopen
_splitpath
_makepath
remove
fclose
_access
memmove
??2@YAPAXI@Z
__CxxFrameHandler
sprintf
fprintf
_mbscmp
free
_tzset
sscanf
fwrite
strtol
strchr
exit
_mkdir
_rmdir
_purecall
_CxxThrowException
getenv
_CIasin
_except_handler3
strncmp
fgets
gmtime
_setjmp3
longjmp
_mbsicmp
wcslen
_getcwd
fputs
floor
rename
_stat
_snprintf
calloc
_strupr
_beginthreadex
_getpid
vfprintf
ctime
strncat
_setmbcp
setlocale
__p__pctype
_isctype
__p___mb_cur_max
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
strstr
_controlfp
_strnicmp
_itoa
_strdup
_strlwr
mfc42
ord6175
ord6080
ord3198
ord3454
ord4387
ord2399
ord4420
ord5653
ord3172
ord5577
ord1746
ord5243
ord2542
ord2510
ord6336
ord3065
ord3058
ord4696
ord4238
ord1825
ord2725
ord4612
ord4204
ord2558
ord3196
ord3447
ord1205
ord1134
ord2621
ord6117
ord4159
ord411
ord986
ord5214
ord5301
ord561
ord815
ord3738
ord5714
ord4698
ord5302
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4615
ord329
ord5982
ord643
ord4623
ord4426
ord652
ord338
ord4823
ord5683
ord4858
ord1567
ord268
ord702
ord400
ord5849
ord6176
ord2097
ord6846
ord498
ord497
ord4000
ord4129
ord2627
ord1842
ord5910
ord5949
ord5477
ord3916
ord2252
ord794
ord527
ord4440
ord4836
ord2259
ord4541
ord4732
ord2250
ord2429
ord6226
ord6224
ord2418
ord2398
ord2883
ord5851
ord1731
ord978
ord2511
ord2543
ord2544
ord3912
ord3257
ord3225
ord6271
ord6268
ord2568
ord6148
ord6230
ord6232
ord4264
ord1928
ord5981
ord1106
ord2233
ord663
ord565
ord348
ord817
ord4622
ord5715
ord5289
ord5307
ord4699
ord4079
ord2726
ord5303
ord5300
ord3346
ord2396
ord1948
ord4226
ord5791
ord1233
ord2152
ord2393
ord3317
ord354
ord5186
ord3318
ord5442
ord665
ord777
ord2042
ord2593
ord1093
ord4386
ord3221
ord3223
ord5787
ord3693
ord5875
ord6170
ord2244
ord6272
ord6267
ord3911
ord4317
ord2564
ord2122
ord1088
ord556
ord809
ord4456
ord2103
ord1768
ord3692
ord4508
ord4259
ord496
ord1008
ord771
ord4431
ord2054
ord4439
ord5288
ord2528
ord1690
ord4715
ord1908
ord3495
ord2366
ord2293
ord3021
ord4995
ord2109
ord6197
ord4248
ord408
ord706
ord5256
ord1724
ord5282
ord4151
ord5103
ord1865
ord2623
ord5161
ord5162
ord5160
ord4358
ord4742
ord4976
ord4287
ord2729
ord2730
ord6467
ord2727
ord4003
ord2486
ord4258
ord1269
ord3258
ord489
ord768
ord4835
ord5287
ord4854
ord4377
ord4948
ord4905
ord1907
ord3873
ord2463
ord2367
ord4337
ord3472
ord323
ord1640
ord5785
ord640
ord3797
ord4501
ord554
ord6625
ord4163
ord6565
ord6215
ord5255
ord4457
ord2117
ord6000
ord6619
ord620
ord402
ord529
ord6491
ord796
ord4428
ord4437
ord5284
ord2383
ord4153
ord2878
ord2880
ord975
ord3350
ord4468
ord5105
ord5102
ord2391
ord2127
ord3869
ord4246
ord1859
ord6828
ord289
ord5789
ord613
ord2776
ord1083
ord3706
ord4160
ord1140
ord3089
ord470
ord755
ord1232
ord6442
ord6880
ord5621
ord773
ord501
ord3619
ord4275
ord283
ord472
ord5788
ord4297
ord4133
ord6816
ord1168
ord1601
ord1238
ord466
ord465
ord6800
ord6514
ord6478
ord6817
ord6597
ord2299
ord692
ord3639
ord4401
ord2581
ord4219
ord2024
ord2413
ord6366
ord1771
ord609
ord3574
ord4396
ord2575
ord2688
ord4273
ord560
ord1945
ord3874
ord2784
ord4224
ord6648
ord5572
ord3998
ord6907
ord2915
ord3996
ord536
ord859
ord858
ord2642
ord2301
ord693
ord3640
ord3370
ord4402
ord2582
ord4299
ord5037
ord1146
ord1644
ord2863
ord6270
ord2438
ord3654
ord2584
ord4220
ord3914
ord4125
ord4241
ord784
ord810
ord364
ord795
ord3721
ord3733
ord3398
ord2091
ord4533
ord1841
ord2859
ord1641
ord2414
ord6008
ord3626
ord3571
ord1651
ord616
ord3582
ord4398
ord2578
ord4218
ord2023
ord2411
ord3092
ord6199
ord2645
ord4083
ord2149
ord3287
ord2864
ord4464
ord2096
ord2862
ord4272
ord686
ord813
ord303
ord384
ord3734
ord3399
ord5259
ord1726
ord4961
ord4964
ord4890
ord1574
ord1816
ord5265
ord4376
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord324
ord641
ord4710
ord4853
ord4234
ord6055
ord1776
ord5290
ord3402
ord4424
ord567
ord2135
ord818
ord1949
ord4034
ord800
ord535
ord540
ord3597
ord860
ord2289
ord2370
ord6334
ord2818
ord4216
ord1175
ord6329
ord3610
ord656
ord537
ord2302
ord6813
ord6650
ord6591
ord6807
ord6857
ord6823
ord6855
ord6832
ord6859
ord6867
ord6847
ord6814
ord6839
ord1576
ord6858
ord6815
ord6812
ord6845
ord6856
ord6808
ord6835
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4340
kernel32
OpenEventA
FlushViewOfFile
UnmapViewOfFile
GetFileSize
CreateFileMappingA
WaitForMultipleObjects
MapViewOfFile
CreateEventA
ReleaseMutex
CreateMutexA
GetVersionExA
WinExec
LoadLibraryA
FreeLibrary
GetTempFileNameA
InitializeCriticalSection
GetCurrentThreadId
DeleteCriticalSection
HeapDestroy
GetCommandLineA
WideCharToMultiByte
Sleep
ResumeThread
SetEvent
GetProcAddress
GetEnvironmentVariableA
SetEnvironmentVariableA
lstrcpyA
GetModuleHandleA
GetThreadLocale
FormatMessageA
LocalFree
GetFileAttributesA
SetFileAttributesA
GetTempPathA
RemoveDirectoryA
MulDiv
lstrlenA
InterlockedDecrement
GetFileAttributesExA
SystemTimeToFileTime
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateFileA
WriteFile
CloseHandle
GlobalAlloc
GlobalReAlloc
GlobalFree
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
GetLastError
MultiByteToWideChar
DeleteFileA
WaitForSingleObject
CopyFileA
OutputDebugStringA
lstrlenW
GetModuleFileNameA
GetTickCount
GetCurrentProcessId
GetVersion
lstrcmpA
LocalAlloc
ReadFile
ResetEvent
DeviceIoControl
GetPrivateProfileIntA
GetPrivateProfileStringA
GetStartupInfoA
OpenFileMappingA
gdi32
CreatePalette
GetSystemPaletteEntries
PtInRegion
CreateSolidBrush
FillRgn
CreatePolygonRgn
CreateFontIndirectA
CreateDIBitmap
CreateDCA
GetDeviceCaps
SetStretchBltMode
StretchBlt
DeleteDC
GetStockObject
SelectPalette
RealizePalette
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteObject
GetObjectA
GetDIBits
SetPixelFormat
ChoosePixelFormat
SwapBuffers
Polyline
Ellipse
Rectangle
CreatePen
CreateHalftonePalette
GetDIBColorTable
GetTextExtentPoint32A
advapi32
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
GetUserNameA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyA
RegQueryValueExA
shell32
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderPathA
ShellExecuteA
SHGetMalloc
SHBrowseForFolderA
comctl32
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragShowNolock
ImageList_DragMove
ImageList_EndDrag
ImageList_DragLeave
ImageList_AddMasked
ImageList_LoadImageA
version
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 160KB - Virtual size: 158KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 48KB - Virtual size: 306KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 112KB - Virtual size: 109KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ