C:\src\NSIS-ApplicationID\ReleaseUnicode\ApplicationID.pdb
Static task
static1
1 signatures
General
-
Target
weave.and.downgrader (1).zip
-
Size
3.9MB
-
MD5
c530067f13ad8c4a60edf40d27725429
-
SHA1
55fbe7ce97f8b664113d384f1827e2b41c3d9d97
-
SHA256
5d89339ed847ae0aa23901696d8a0c74c9b5d55e86d5cb2301f837132494df54
-
SHA512
8a2a4bb062b20ad13a62d4a16d5cd9d2795ffb41d945394e9c29231b99d081c7c548bf025fe0b4894d85a425700f3f05cb84c0b3689280ee9bd55e84ff6ad4f5
-
SSDEEP
98304:8baDnxaiYZ4vdI04AcxraTR+3Yi3BX9ciVnhtKqW5xLeFsinw7w:LD8LOVIXxryRMlvh0qWXLInw7w
Score
3/10
Malware Config
Signatures
-
Unsigned PE 7 IoCs
Checks for missing Authenticode signature.
resource unpack001/Weave.Manager_1.0.1_x64-setup.exe unpack002/$PLUGINSDIR/ApplicationID.dll unpack002/$PLUGINSDIR/StartMenu.dll unpack002/$PLUGINSDIR/System.dll unpack002/$PLUGINSDIR/nsDialogs.dll unpack002/$PLUGINSDIR/nsis_tauri_utils.dll unpack002/Weave Manager.exe
Files
-
weave.and.downgrader (1).zip.zip
-
Weave.Manager_1.0.1_x64-setup.exe.exe windows:4 windows x86 arch:x86
61259b55b8912888e90f516ca08dc514
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW
shell32
SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
ole32
OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree
comctl32
ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
user32
GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu
gdi32
SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject
kernel32
GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
Sections
.text Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 180KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/ApplicationID.dll.dll windows:6 windows x86 arch:x86
8c45ff8a205d07c8c17066afebcdfc91
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
lstrcpynW
GlobalAlloc
GlobalFree
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
GetLastError
FreeLibrary
LoadLibraryExW
InterlockedFlushSList
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetACP
GetStdHandle
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
HeapSize
CreateFileW
shell32
SHCreateItemFromParsingName
SHGetPropertyStoreFromParsingName
ole32
CoCreateInstance
CoInitialize
CoUninitialize
shlwapi
SHStrDupW
Exports
Exports
Set
UninstallJumpLists
UninstallPinnedItem
Sections
.text Size: 124KB - Virtual size: 123KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 1024B - Virtual size: 552B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/StartMenu.dll.dll windows:4 windows x86 arch:x86
80469f6834e579db68a646d49780b9d5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrcatW
FindClose
FindNextFileW
lstrcmpW
GetModuleHandleW
lstrcmpiW
MulDiv
lstrcpynW
GlobalAlloc
lstrcpyW
FindFirstFileW
GlobalFree
user32
GetMessageW
TranslateMessage
PostMessageW
DispatchMessageW
GetDlgItem
GetWindowLongW
CheckDlgButton
ShowWindow
LoadIconW
GetClientRect
MoveWindow
DestroyWindow
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextW
SendMessageW
IsDlgButtonChecked
GetWindowTextW
CreateDialogParamW
SetWindowLongW
wsprintfW
ScreenToClient
IsDialogMessageW
CallWindowProcW
gdi32
GetTextMetricsW
SelectObject
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ole32
CoTaskMemFree
Exports
Exports
Init
Select
Show
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 296B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 578B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
fc0224e99e736751432961db63a41b76
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError
user32
wsprintfW
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 867B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 120B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 662B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/modern-wizard.bmp
-
$PLUGINSDIR/nsDialogs.dll.dll windows:4 windows x86 arch:x86
6b5c4f7d679059f68f1269aad3a5cecd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc
user32
DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW
gdi32
SetTextColor
shell32
SHBrowseForFolderW
SHGetPathFromIDListW
comdlg32
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
ole32
CoTaskMemFree
Exports
Exports
Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 638B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/nsis_tauri_utils.dll.dll windows:6 windows x86 arch:x86
b392d57756ec58e18fc530625caf424c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
advapi32
SystemFunction036
kernel32
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
CloseHandle
Sleep
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
lstrcpyW
GlobalFree
GlobalAlloc
lstrcpynW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsSetValue
GetCurrentThread
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
GetStdHandle
GetLastError
GetConsoleMode
WaitForSingleObject
WriteConsoleW
SetLastError
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
GetModuleHandleW
FormatMessageW
CreateFileW
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
FindClose
SetHandleInformation
CreateThread
SetThreadStackGuarantee
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId
GetCurrentProcessId
user32
CreateWindowExW
ShowWindow
SendMessageW
SetWindowPos
GetWindowLongW
SetWindowTextW
FindWindowExW
ws2_32
getpeername
select
listen
bind
connect
recv
send
accept
ioctlsocket
getsockname
WSACleanup
WSASend
WSARecv
WSAStartup
setsockopt
getsockopt
closesocket
WSASocketW
WSAGetLastError
getaddrinfo
freeaddrinfo
bcrypt
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGenRandom
vcruntime140
memmove
__std_type_info_destroy_list
__CxxFrameHandler3
memcmp
memset
memcpy
_except_handler4_common
api-ms-win-crt-runtime-l1-1-0
_execute_onexit_table
_initialize_onexit_table
_cexit
_initterm
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
Exports
Exports
Download
FindProcess
KillProcess
SemverCompare
Sections
.text Size: 513KB - Virtual size: 512KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 536KB - Virtual size: 536KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Weave Manager.exe.exe windows:6 windows x64 arch:x64
1858b52b486b1247066fa8a0e49f77a0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
D:\a\Weave-Manager\Weave-Manager\src-tauri\target\release\deps\weave_manager.pdb
Imports
kernel32
WriteConsoleW
MultiByteToWideChar
UpdateProcThreadAttribute
CreateThread
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
WaitForMultipleObjects
ReadFileEx
GetCurrentThread
GetSystemTimeAsFileTime
GetTempPathW
CreateNamedPipeW
GetFullPathNameW
ExitProcess
SetUnhandledExceptionFilter
CreateEventW
CopyFileExW
GetFinalPathNameByHandleW
CreateHardLinkW
CreateSymbolicLinkW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
CreateMutexA
FindClose
FindNextFileW
ReleaseMutex
HeapReAlloc
QueryPerformanceFrequency
WakeConditionVariable
WakeAllConditionVariable
GetProcessId
TerminateProcess
GetCurrentThreadId
WriteFileEx
GetStdHandle
SetFilePointerEx
SetFileInformationByHandle
GetCommandLineW
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
IsProcessorFeaturePresent
RtlUnwindEx
RtlPcToFileHeader
LoadLibraryExW
RaiseException
GetEnvironmentVariableW
Sleep
GetModuleHandleA
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
CancelIo
QueryPerformanceCounter
EncodePointer
CreateFileW
CreateSemaphoreW
ReadDirectoryChangesW
ReleaseSemaphore
GetCurrentProcess
DuplicateHandle
CreatePipe
RtlVirtualUnwind
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
LoadLibraryW
InitializeSListHead
LCIDToLocaleName
GetUserDefaultUILanguage
IsDebuggerPresent
UnhandledExceptionFilter
WaitForSingleObject
FormatMessageW
TryAcquireSRWLockExclusive
lstrlenW
SetFileTime
GetProcessHeap
GetLastError
FreeLibrary
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcAddress
TlsAlloc
LocalFree
ReleaseSRWLockShared
AcquireSRWLockShared
SleepConditionVariableSRW
CompareStringOrdinal
DeleteProcThreadAttributeList
FreeEnvironmentStringsW
DeviceIoControl
GetVolumeInformationW
GetDriveTypeW
GetSystemInfo
LoadLibraryA
HeapFree
SetHandleInformation
SleepEx
GetCurrentProcessId
HeapAlloc
GetDiskFreeSpaceExW
GetLogicalDrives
GlobalMemoryStatusEx
GetTickCount64
ReadProcessMemory
VirtualQueryEx
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
GetExitCodeProcess
GetProcessIoCounters
GetSystemTimes
ReadFile
GetOverlappedResult
GetProcessTimes
SetFileCompletionNotificationModes
OpenProcess
GetFileInformationByHandle
GetConsoleMode
SetFileAttributesW
MoveFileExW
TlsGetValue
GetModuleHandleW
TlsSetValue
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CloseHandle
TlsFree
comctl32
RemoveWindowSubclass
TaskDialogIndirect
SetWindowSubclass
DefSubclassProc
user32
TrackPopupMenu
SetMenuItemInfoW
CheckMenuItem
EnableMenuItem
GetSystemMenu
ShowWindow
SetWindowLongW
GetCursorPos
DestroyAcceleratorTable
SendInput
SetForegroundWindow
SetWindowDisplayAffinity
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
MonitorFromPoint
EnumDisplayMonitors
CreateIcon
IsProcessDPIAware
CreateMenu
MonitorFromWindow
SystemParametersInfoA
GetWindowLongPtrW
IsWindowVisible
ClipCursor
CreatePopupMenu
ShowCursor
AdjustWindowRectEx
GetMonitorInfoW
GetMenu
SetWindowPos
ReleaseCapture
GetWindowRect
GetRawInputData
AppendMenuW
SetMenu
SendMessageW
DestroyIcon
CreateAcceleratorTableW
RedrawWindow
ValidateRect
IsIconic
PostQuitMessage
GetActiveWindow
FlashWindowEx
GetKeyboardLayout
SetCursor
ToUnicodeEx
GetMessageA
DispatchMessageA
CloseTouchInputHandle
GetForegroundWindow
SetCursorPos
ScreenToClient
GetTouchInputInfo
VkKeyScanW
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
GetKeyboardState
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterClassExW
RegisterWindowMessageA
DestroyWindow
EnumChildWindows
TrackMouseEvent
PostMessageW
MonitorFromRect
LoadCursorW
InvalidateRgn
ClientToScreen
GetClientRect
GetWindowLongW
GetUpdateRect
PeekMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
GetDC
GetClipCursor
SetWindowPlacement
GetWindowPlacement
ChangeDisplaySettingsExW
DefWindowProcW
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW
RegisterClassW
CreateWindowExW
IsWindow
RegisterTouchWindow
GetSystemMetrics
ole32
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
RegisterDragDrop
OleInitialize
RevokeDragDrop
CoSetProxyBlanket
CoInitializeSecurity
shell32
DragFinish
CommandLineToArgvW
ShellExecuteW
DragQueryFileW
SHGetKnownFolderPath
Shell_NotifyIconW
SHAppBarMessage
Shell_NotifyIconGetRect
gdi32
CreateRectRgn
GetDeviceCaps
DeleteObject
dwmapi
DwmEnableBlurBehindWindow
advapi32
LookupAccountSidW
GetLengthSid
IsValidSid
OpenProcessToken
GetTokenInformation
RegGetValueW
RegCloseKey
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
CopySid
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
SystemFunction036
oleaut32
SysFreeString
SysStringLen
VariantClear
GetErrorInfo
SetErrorInfo
SysAllocString
uxtheme
SetWindowTheme
bcrypt
BCryptGenRandom
secur32
LsaEnumerateLogonSessions
FreeContextBuffer
InitializeSecurityContextW
AcceptSecurityContext
EncryptMessage
AcquireCredentialsHandleA
ApplyControlToken
LsaGetLogonSessionData
LsaFreeReturnBuffer
DeleteSecurityContext
QueryContextAttributesW
FreeCredentialsHandle
DecryptMessage
ws2_32
WSASend
WSAIoctl
send
shutdown
setsockopt
getaddrinfo
freeaddrinfo
WSAGetLastError
closesocket
getsockname
WSACleanup
WSAStartup
getpeername
WSASocketW
bind
connect
ioctlsocket
recv
getsockopt
crypt32
CertGetCertificateChain
CertFreeCertificateChain
CertDuplicateCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateStore
CertVerifyCertificateChainPolicy
CertDuplicateCertificateContext
CertFreeCertificateContext
ntdll
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCancelIoFileEx
RtlGetVersion
NtReadFile
NtWriteFile
NtQuerySystemInformation
NtQueryInformationProcess
NtCreateFile
pdh
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhCollectQueryData
PdhCloseQuery
PdhRemoveCounter
PdhAddEnglishCounterW
powrprof
CallNtPowerInformation
iphlpapi
FreeMibTable
GetIfEntry2
GetIfTable2
GetAdaptersAddresses
netapi32
NetUserGetInfo
NetApiBufferFree
NetUserEnum
NetUserGetLocalGroups
psapi
GetPerformanceInfo
GetModuleFileNameExW
api-ms-win-crt-math-l1-1-0
__setusermatherr
floor
round
pow
trunc
api-ms-win-crt-string-l1-1-0
wcsncmp
wcslen
_wcsicmp
strcpy_s
api-ms-win-crt-convert-l1-1-0
wcstol
_ultow_s
api-ms-win-crt-heap-l1-1-0
_callnewh
_set_new_mode
malloc
free
calloc
api-ms-win-crt-runtime-l1-1-0
_set_app_type
_register_onexit_function
_seh_filter_exe
_initialize_onexit_table
__p___argv
__p___argc
_register_thread_local_exe_atexit_callback
_c_exit
_get_initial_narrow_environment
terminate
abort
_configure_narrow_argv
_exit
exit
_initterm_e
_initterm
_crt_atexit
_initialize_narrow_environment
_cexit
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__p__commode
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 6.3MB - Virtual size: 6.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4.1MB - Virtual size: 4.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 321KB - Virtual size: 320KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 83KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 54KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
downgradeweave.bat.bat .vbs