Static task
static1
Behavioral task
behavioral1
Sample
52551d7b56727b3c369fa013996c1cc41b222ea81fc57e028387539f435e2d62_NeikiAnalytics.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral2
Sample
52551d7b56727b3c369fa013996c1cc41b222ea81fc57e028387539f435e2d62_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
52551d7b56727b3c369fa013996c1cc41b222ea81fc57e028387539f435e2d62_NeikiAnalytics.exe
-
Size
77KB
-
MD5
fa26605ad8d121ac793bde0f423edb10
-
SHA1
ef4b4708f339e4ae257fbe35d60bce13a60831b9
-
SHA256
52551d7b56727b3c369fa013996c1cc41b222ea81fc57e028387539f435e2d62
-
SHA512
82df6aef2e9135f0f48972d170049b2911b5dba4e249e93942507b0f273e09d10520ac9ce060da8edbf5ac1d3efd9cf4b3778e17b69d8dd2329a700631ddf35a
-
SSDEEP
768:zvxuLFPedFLjXH70xkbEUvJ9jGW6siO+zFiKgbjxI5MxYSEe384r0eM:zvs0Db//jGr7FQKgbWcYtkc
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 52551d7b56727b3c369fa013996c1cc41b222ea81fc57e028387539f435e2d62_NeikiAnalytics.exe
Files
-
52551d7b56727b3c369fa013996c1cc41b222ea81fc57e028387539f435e2d62_NeikiAnalytics.exe.exe windows:4 windows x86 arch:x86
c79ec51124441d1207c85495808211c1
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
vaeasql
??0CoMazStmt@@QAE@XZ
?GetData@CoMazStmt@@QAEPAVVaeDataSet@@XZ
??0VaeDataSet@@QAE@XZ
?GetError@CoMazStmt@@QAEXPAF0PAVVaxnString@@@Z
?NumRows@VaeDataSet@@QBEIXZ
?AddRow@VaeDataSet@@QAEHABVCStringArray@@@Z
?GetItem@VaeDataSet@@QBEPBDII@Z
??1CoMazStmt@@UAE@XZ
?SetSQLText@CoMazStmt@@QAEHPBD@Z
?DoSQL@CoMazStmt@@QAEHXZ
?SetSession@CoMazStmt@@QAEXPAVCoMazSes@@@Z
vao
??0VaoPropertySheet@@QAE@PBDPAVCWnd@@I@Z
??0VaoDBNoButtons@@QAE@PBDPAVCWnd@@I@Z
?GetType@VaoObject@@QBE?AW4VaoType@1@XZ
?GetName@VaoObject@@QBEABVVaxnString@@XZ
nzmo
?OnDragOver@NzmAttrGroupObject@@SAKPAVCOleDataObject@@K@Z
?OnDragOver@NzmSubjectObject@@SAKPAVCOleDataObject@@K@Z
?SetOssContext@NzmSubjectObject@@QAEXPAUnzctx@@@Z
??0NzmApplicationObject@@QAE@XZ
??0NzmApplicationTypeObject@@QAE@XZ
??0NzmAttrGroupObject@@QAE@XZ
??0NzmAttributeObject@@QAE@XZ
?SetOssContext@NzmCertificateObject@@QAEXPAUnzctx@@@Z
?SetRequested@NzmCertificateObject@@QAEXH@Z
?OnDragOver@NzmAttributeObject@@SAKPAVCOleDataObject@@K@Z
??0NzmCertificateObject@@QAE@XZ
??0NzmSubjectObject@@QAE@XZ
?OnDragOver@NzmApplicationObject@@SAKPAVCOleDataObject@@K@Z
?SetCreateLike@NzmSubjectObject@@QAEXH@Z
??0NzmSubjectObject@@QAE@PAUnzctx@@@Z
??0NzmCertificateObject@@QAE@PAUnzctx@@@Z
vaxa
?CheckInterrupt@VaxaDBDetailView@@QAEHXZ
??0VaxaDBFrame@@IAE@XZ
??1VaxaDBFrame@@UAE@XZ
?OnAddCommonToolbarItems@VaxaDBFrame@@QAEXI@Z
?OnAddCommonMenus@VaxaDBFrame@@QAEXIH@Z
?InitInstance@VaxaDBApp@@UAEHABVCString@@0@Z
?messageMap@VaxaDBApp@@1UAFX_MSGMAP@@B
?messageMap@VaxaDBDoc@@1UAFX_MSGMAP@@B
?SetAppToolbarItems@VaxaDBFrame@@QAEXIPAII@Z
?OnUpdateVmdbPauseResume@VaxaDBDoc@@UAEXPAVCCmdUI@@@Z
?classVaxaDBDoc@VaxaDBDoc@@2UCRuntimeClass@@B
?OnUpdateVmdbStop@VaxaDBDoc@@UAEXPAVCCmdUI@@@Z
??0VaxaDBApp@@QAE@XZ
?OnUpdateVmdbRecord@VaxaDBDoc@@UAEXPAVCCmdUI@@@Z
?GetAboutBoxVersion@VaxaDBApp@@SA?AVVaxnString@@XZ
?OnPauseResume@VaxaDBDoc@@UAEXXZ
?OnRecording@VaxaDBDoc@@UAEXXZ
?OnStop@VaxaDBDoc@@UAEXXZ
?CanHandleObjectType@VaxaDoc@@MBEHW4VaoType@VaoObject@@@Z
?TranslateServiceName@VaxaDoc@@MAE?AVVaxnString@@ABV2@@Z
?Refresh@VaxaDBDoc@@UAEXXZ
?OnNewSession@VaxaDoc@@MAEXABVVaxaCredential@@@Z
?SetFocusedObj@VaxaDoc@@UAEHW4VaoType@VaoObject@@ABVVaxnString@@1PAVCWnd@@PAVCoMazSes@@@Z
?OnSerializeSession@VaxaDoc@@MAEXABVVaxaCredential@@@Z
?UserVerified@VaxaDoc@@UAEHXZ
?OnFinishEmbeddedLaunch@VaxaDBDoc@@UAEXXZ
?GetSessObject@VaxaDoc@@UAEPAVVaoSessObject@@W4VaoType@VaoObject@@ABVVaxnString@@PAVCoMazSes@@W4ObjectRole@1@IV5@@Z
?GetFocusedObjSessionName@VaxaDoc@@QAE?AVVaxnString@@XZ
?GetDetailView@VaxaDBDoc@@QBEPAVVaxaDBDetailView@@XZ
?GetRepositorySession@VaxaDoc@@UAEPAVCoMazSes@@XZ
?GetBaseSession@VaxaDoc@@UAEPAVCoMazSes@@ABVVaxnString@@00HHHW4VaxaCredentialRole@VaxaCredential@@@Z
?GetSession@VaxaDoc@@UAEPAVCoMazSes@@XZ
?GetSession@VaxaDoc@@UAEPAVCoMazSes@@ABVVaxnString@@00HHHW4VaxaCredentialRole@VaxaCredential@@@Z
?GetEnableRoleSession@VaxaDoc@@UAEPAVCoMazSes@@XZ
?GetDispatchMap@VaxaDBDoc@@MBEPBUAFX_DISPMAP@@XZ
??1VaxaDBDoc@@UAE@XZ
??0VaxaDBDoc@@IAE@XZ
?OnNewDocument@VaxaDBDoc@@UAEHXZ
?OnCloseDocument@VaxaDBDoc@@UAEXXZ
?Serialize@VaxaDBDoc@@UAEXAAVCArchive@@@Z
?GetNextSelection@VaxaDBDoc@@QBEPAVVaxcRtreeCtrlNode@@AAPAU__POSITION@@@Z
?GetFirstSelectionPos@VaxaDBDoc@@QBEPAU__POSITION@@XZ
?IsTreeFocused@VaxaDBDoc@@QBEHXZ
?classVaxaDBDetailView@VaxaDBDetailView@@2UCRuntimeClass@@B
?messageMap@VaxaDBDetailView@@1UAFX_MSGMAP@@B
?OnAddToMCWRightMenu@VaxaDBDetailView@@IAEJIJ@Z
?OnDatabaseDown@VaxaDBDetailView@@UAEHXZ
?RefreshMCWFromRepository@VaxaDBDetailView@@UAEXXZ
?OnRowDblClick@VaxaDBDetailView@@UAEXPAVVaxcRowItemBase@@@Z
?GetRowObjectType@VaxaDBDetailView@@UAE?AW4VaoType@VaoObject@@PAVVaxcRowItemBase@@@Z
?MultipleSelected@VaxaDBDetailView@@UAEXXZ
?MixedTypesSelected@VaxaDBDetailView@@UAEXXZ
?SetRowImage@VaxaDBDetailView@@UAEXPAVVaxcRowItemBase@@@Z
?SetMCWImages@VaxaDBDetailView@@UAEXPAVVaxcListWidget@@@Z
?PreProcessData@VaxaDBDetailView@@UAEXPAVVaeDataSet@@@Z
?GetScrollParameters@VaxaDBDetailView@@UAEXAAHAAUtagSIZE@@11@Z
?CreateFloatingView@VaxAikoView@@UAEPAV1@PAUCRuntimeClass@@PAVVaxaMainframe@@@Z
?DisplaySplitView@VaxAikoView@@UAEXPAV1@@Z
?NavQuickEdit@VaxAikoView@@UAEXXZ
?VaxaCreateObject@VaxAikoView@@UAEXXZ
?CreateLikeObject@VaxAikoView@@UAEXXZ
?NavAlter@VaxAikoView@@UAEXXZ
?NavDrop@VaxAikoView@@UAEXXZ
?SetFilter@VaxAikoView@@UAEXXZ
?GetTree@VaxAikoView@@UAEPAVVaxcRtreeCtrl@@XZ
?OnDraw@VaxaDBDetailView@@UAEXPAVCDC@@@Z
??1VaxaDBDetailView@@UAE@XZ
??0VaxaDBDetailView@@IAE@XZ
?OnInitialUpdate@VaxaDBDetailView@@UAEXXZ
?OnUpdate@VaxaDBDetailView@@UAEXPAVCView@@JPAVCObject@@@Z
?OnSize@VaxaDBDetailView@@QAEXIHH@Z
?DisplayDBBanner@VaxaDBDetailView@@QAEXXZ
?CreatePropertySheet@VaxaDBDetailView@@UAEPAVVaoSessPropertySheet@@W4VaoType@VaoObject@@PBDPAVCWnd@@@Z
?VaoObjectSelected@VaxaDBDetailView@@UAEXPAVVaoSessObject@@@Z
?DestroyObject@VaxaDoc@@QAEHPAVVaoObject@@W4ObjectRole@1@@Z
?SetBitmap@VaxaDBDetailView@@QAEHVVaxnString@@@Z
?CleanUp@VaxaDBDetailView@@QAEHXZ
?SetMCW@VaxaDBDetailView@@QAEXPAVVaxcListWidget@@H@Z
?GetMCW@VaxaDBDetailView@@QAEPAVVaxcListWidget@@XZ
?classVaxaDBFrame@VaxaDBFrame@@2UCRuntimeClass@@B
?OnSize@VaxaDBTreeView@@QAEXIHH@Z
?OnUpdate@VaxaDBTreeView@@UAEXPAVCView@@JPAVCObject@@@Z
?OnInitialUpdate@VaxaDBTreeView@@UAEXXZ
??1VaxaDBTreeView@@UAE@XZ
??0VaxaDBTreeView@@IAE@XZ
?OnDraw@VaxAikoView@@MAEXPAVCDC@@@Z
?GetTree@VaxaDBTreeView@@UAEPAVVaxcRtreeCtrl@@XZ
?SetFilter@VaxaDBTreeView@@UAEXXZ
?GetScrollParameters@VaxAikoView@@MAEXAAHAAUtagSIZE@@11@Z
?RefreshTree@VaxaDBTreeView@@UAEXW4VaoType@VaoObject@@@Z
?GetRootNodeLabel@VaxaDBTreeView@@UAE?AVVaxnString@@XZ
?OnItemInsert@VaxaDBTreeView@@MAEXPAUtagNMHDR@@PAJ@Z
?OnItemDelete@VaxaDBTreeView@@MAEXPAUtagNMHDR@@PAJ@Z
?messageMap@VaxaDBTreeView@@1UAFX_MSGMAP@@B
?classVaxaDBTreeView@VaxaDBTreeView@@2UCRuntimeClass@@B
?GetFocusedObj@VaxaDBDoc@@QAEPAVVaoObject@@XZ
?NumSelected@VaxaDBDoc@@QBEIXZ
?IsRHSFocused@VaxaDBDoc@@QBEHXZ
?IsContainerFocused@VaxaDBDoc@@QBEHXZ
?NumMCWSelected@VaxaDBDoc@@QBEIXZ
?OnObjectCreate@VaxaDBFrame@@QAEXW4VaoType@VaoObject@@KVVaxnString@@1@Z
?OnObjectCreatelike@VaxaDBFrame@@QAEXXZ
?OnCommand@VaxaDBFrame@@UAEHIJ@Z
?GetFocusedObjType@VaxaDoc@@QAE?AW4VaoType@VaoObject@@XZ
?GetFocusedObjName@VaxaDoc@@QAE?AVVaxnString@@XZ
?OnUpdateAlwaysAvailable@VaxaDBFrame@@QAEXPAVCCmdUI@@@Z
?messageMap@VaxaDBFrame@@1UAFX_MSGMAP@@B
?RunChangeConnectDialog@VaxaDoc@@UAEHXZ
?RunChangeReConnectDialog@VaxaDoc@@UAEHXZ
??1VaxaDBApp@@UAE@XZ
?RunConnectDialog@VaxaDoc@@UAEHXZ
?ReleaseSession@VaxaDoc@@UAEXAAPAVCoMazSes@@@Z
?LaunchLoginDialog@VaxaDoc@@UAEHPAVVaxnString@@00PAW4VaxaCredentialRole@VaxaCredential@@PAPAVCoMazSes@@PAPAV4@HHH@Z
?PreCreateWindow@VaxaDBFrame@@UAEHAAUtagCREATESTRUCTA@@@Z
?OnCreateClient@VaxaDBFrame@@UAEHPAUtagCREATESTRUCTA@@PAUCCreateContext@@@Z
?LaunchObjectDialog@VaxaMainframe@@UAEHPAVVaoObject@@PAVVaoPropertySheet@@@Z
?LaunchSessDialog@VaxaMainframe@@UAEHPAVVaoSessObject@@PAVVaoPropertySheet@@@Z
?DismissObjectDialog@VaxaMainframe@@UAEHPAVVaoObject@@@Z
?DismissSessDialog@VaxaMainframe@@UAEHPAVVaoSessObject@@@Z
?DismissAllDialogs@VaxaMainframe@@UAEHXZ
?OnHelpContents@VaxaMainframe@@UAEXXZ
?TreeIsVisible@VaxaMainframe@@MAEHXZ
?GetTreeViewClass@VaxaDBFrame@@UBEPAUCRuntimeClass@@XZ
?PreCreateObject@VaxaDBFrame@@UAEXPAVVaoSessObject@@K@Z
?OnUpdateVaxaCreate@VaxaDBFrame@@UAEXPAVCCmdUI@@@Z
?OnUpdateVaxaCreateLike@VaxaDBFrame@@UAEXPAVCCmdUI@@@Z
?OnUpdateVaxaDrop@VaxaDBFrame@@UAEXPAVCCmdUI@@@Z
?OnChangeDatabase@VaxaDBFrame@@UAEHXZ
?OnChangeDatabaseReConnect@VaxaDBFrame@@UAEHXZ
?GetHeightInfo@VaxaDBFrame@@UAEXAAH0@Z
?GetLoggingMenuPosFromRight@VaxaDBFrame@@UAEIXZ
?QueryEndApp@VaxaDBFrame@@UAEHXZ
?UpdateMenus@VaxaDBFrame@@UAEXXZ
vaxc
?RM_ADD_TO_MENU@VaxcRightMenu@@2IB
?AppendMenuItem@VaxcRightMenu@@QAEXIVVaxnString@@I@Z
vaxct
?GetListId@VaxcRtreeCtrlNode@@QBEABVVaxnString@@XZ
?GetVisibleParentNode@VaxcRtreeCtrlNode@@QAEPAV1@XZ
?IsInst@VaxcRtreeCtrlNode@@QBEHXZ
?InsertColumn@VaxcListWidget@@QAEHABVVaxnString@@HHH@Z
?GetVaoType@VaxcRtreeCtrlNode@@QAE?AW4VaoType@VaoObject@@XZ
?Sort@VaxcListWidget@@QAEXH@Z
?SetColumnWidth@VaxcListWidget@@QAEHHH@Z
?SizeToFitAllRows@VaxcListWidget@@QAEXHHH@Z
?GetUniqueID@VaxcRtreeCtrlNode@@QBEABVVaxnString@@XZ
?Create@VaxcListWidget@@QAEHPAVCWnd@@IK@Z
??0VaxcDataListWidget@@QAE@XZ
?GetSession@VaxcRtreeCtrlNode@@QAEPAVCoMazSes@@XZ
?ReSort@VaxcListWidget@@QAEXXZ
?messageMap@VaxcListWidget@@1UAFX_MSGMAP@@B
?GetVaoType@VaxctTok@@QAE?AW4VaoType@VaoObject@@XZ
?GetFirstAncestorInstToken@VaxctStr@@QAEPAVVaxctTok@@W4VaoType@VaoObject@@PAV2@@Z
?ParseContextStr@VaxctStr@@QAEXVVaxnString@@@Z
?GetContext@VaxcRtreeCtrlNode@@QBEABVVaxnString@@XZ
??1VaxctStr@@UAE@XZ
??0VaxctStr@@QAE@XZ
?BuildRightMenu@VaxcRtreeProxy@@UAEHPAVVaxcRtreeCtrlNode@@IJI@Z
?BuildMenuArraysForRelTools@VaxcRtreeProxy@@UAEHPAVVaxcRtreeCtrlNode@@PAVCStringArray@@PAVCUIntArray@@@Z
?OnDrop@VaxcRtreeProxyCont@@UAEHPAVCOleDataObject@@KPAVVaxcRtreeCtrlNode@@@Z
?CreateSession@VaxcRtreeProxyCont@@UAEPAVCoMazSes@@PAVVaxcRtreeCtrlNode@@@Z
??0VaxcRtreeProxyCont@@IAE@XZ
??1VaxcRtreeProxyCont@@UAE@XZ
?HasFilterEnabled@VaxcRtreeCtrlNode@@QAEHXZ
?GetNameFilter@VaxcRtreeCtrlNode@@QBEABVVaxnString@@XZ
?GetTree@VaxcRtreeCtrlNode@@QAEPAVVaxcRtreeCtrl@@XZ
?OnItemExpanding@VaxcRtreeCtrl@@MAEXPAUtagNMHDR@@PAJ@Z
?ProcessFetchError@VaxcRtreeCtrl@@MAEHPAVVaxcRtreeCtrlNode@@@Z
?CreateImageList@VaxcRtreeCtrl@@MAEHI@Z
?GetCustomGroupList@VaxcRtreeCtrl@@MAEHABVVaxnString@@AAPAVVaeDataSet@@@Z
?SetNodeVtp@VaxcRtreeCtrl@@MAEXPAVVaxcRtreeCtrlNode@@0@Z
?NodeStateCheck@VaxcRtreeCtrl@@MAEXW4VaoType@VaoObject@@PAVVaxcRtreeCtrlNode@@@Z
?PropogateSessions@VaxcRtreeCtrl@@UAEXPAVVaxcRtreeCtrlNode@@@Z
?GetMessageMap@VaxcRtreeCtrl@@MBEPBUAFX_MSGMAP@@XZ
??0VaxcRtreeCtrl@@QAE@XZ
??1VaxcRtreeCtrl@@UAE@XZ
?SetSortNoninstChildren@VaxcRtreeCtrl@@QAEXH@Z
?AddChild@VaxcRtreeCtrlNode@@QAEXPAV1@@Z
?InitializeNodelist@VaxcRtreeCtrl@@QAEXPAVCPtrList@@@Z
?Initialize@VaxcRtreeCtrlNode@@QAEXXZ
??0VaxcRtreeCtrlNode@@QAE@VVaxnString@@0HHHW4NodeType@0@W4VaoType@VaoObject@@HPAVVaxcRtreeProxy@@PAVVaxcRtreeCtrl@@@Z
??0VaxcRtreeProxyGroup@@QAE@XZ
vaxn
??1VaxnString@@UAE@XZ
??BVaxnString@@QBEPBDXZ
??H@YA?AVVaxnString@@ABV0@PBD@Z
??4VaxnString@@QAEABV0@ABV0@@Z
??H@YA?AVVaxnString@@ABV0@0@Z
??8@YAHABVVaxnString@@PBD@Z
??BVaxnString@@QAEAAVCString@@XZ
??0VaxnString@@QAE@XZ
?LoadMessage@VaxnString@@QAEHIPBDH@Z
??0VaxnString@@QAE@ABV0@@Z
?ConvertToInteger@VaxnString@@QBEHAAH@Z
??4VaxnString@@QAEABV0@PBD@Z
??0VaxnString@@QAE@PBD@Z
?Format@VaxnString@@QAAXPBDZZ
??9@YAHABVVaxnString@@PBD@Z
vaxs
?GetActivePane@VaxsPanedWnd@@UAEPAVVaxsPane@@XZ
vaxx
?OraTrace@@YAXPBDZZ
?OraAssertFailedLine@@YAHPBDH@Z
nz80
nzuexi1_init_return
nzdst_terminate
vobmgr
?vob_repository_manager@@YA?AW4vobmgr_status_t@@W4vobmgr_opt_t@@ABVCString@@1HHPAVVOB_Refresh@@PAVCWnd@@@Z
mfc42
ord6376
ord5065
ord4899
ord5627
ord4588
ord3514
ord5025
ord6344
ord2991
ord1576
ord3417
ord1776
ord5752
ord4657
ord4628
ord5501
ord5090
ord4416
ord5000
ord4605
ord3106
ord5021
ord4491
ord4494
ord5002
ord4916
ord4640
ord4517
ord5020
ord2171
ord2437
ord4950
ord3187
ord4826
ord4861
ord4957
ord5128
ord5127
ord5092
ord4563
ord4155
ord4370
ord1729
ord5824
ord4493
ord2371
ord4388
ord4382
ord6329
ord720
ord420
ord3353
ord3268
ord4037
ord5956
ord5508
ord2548
ord4645
ord2058
ord971
ord501
ord1083
ord6194
ord3442
ord2563
ord4653
ord749
ord457
ord4626
ord3281
ord4038
ord5075
ord4537
ord4993
ord4522
ord4980
ord4646
ord4912
ord5108
ord5018
ord4857
ord4688
ord4717
ord4937
ord4932
ord4927
ord4990
ord3407
ord4958
ord1895
ord2864
ord541
ord5861
ord801
ord1168
ord3663
ord1081
ord4457
ord5641
ord715
ord415
ord3664
ord5823
ord5282
ord4151
ord5472
ord3742
ord2120
ord4147
ord5883
ord6064
ord2626
ord2627
ord2494
ord5871
ord4460
ord2104
ord5495
ord736
ord442
ord554
ord450
ord439
ord739
ord807
ord747
ord4427
ord5252
ord4436
ord1665
ord2649
ord5285
ord5237
ord4077
ord4154
ord2878
ord2879
ord3403
ord5476
ord975
ord5012
ord3350
ord4303
ord4467
ord5103
ord5100
ord3059
ord2390
ord2723
ord4470
ord5656
ord5006
ord1695
ord2441
ord3254
ord4946
ord4251
ord1886
ord4681
ord4685
ord4671
ord4450
ord6215
ord6009
ord3256
ord5981
ord2379
ord441
ord2521
ord1669
ord268
ord2175
ord1265
ord3769
ord1832
ord2394
ord1567
ord2652
ord738
ord4432
ord5260
ord1725
ord3748
ord5290
ord5240
ord4083
ord6055
ord4960
ord4963
ord4524
ord4529
ord4526
ord4543
ord4545
ord4531
ord4889
ord4349
ord4341
ord4892
ord4512
ord4962
ord5122
ord4589
ord4613
ord4614
ord1200
ord1223
ord2623
ord1206
ord4430
ord4623
ord3280
ord3261
ord6175
ord6081
ord3198
ord3454
ord4387
ord2402
ord4860
ord4956
ord5654
ord3172
ord5577
ord1747
ord5742
ord5244
ord2542
ord2510
ord6336
ord3066
ord3060
ord4697
ord3250
ord3787
ord3449
ord1003
ord4612
ord4610
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord459
ord825
ord743
ord5500
ord6354
ord6352
ord5716
ord5717
ord2036
ord986
ord6137
ord5914
ord520
ord823
ord4159
ord2621
ord1199
ord1205
ord800
ord537
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord4554
ord3749
ord1894
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord5953
ord3097
ord4710
ord1876
ord266
ord2014
ord6395
ord5455
ord3298
ord4483
ord1781
ord2793
ord2955
ord2858
ord5652
ord5019
ord5106
ord4921
ord5003
ord4730
ord4669
ord4490
ord4345
ord4338
ord4647
ord5022
ord4492
msvcrt
__CxxFrameHandler
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
__p__acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_setmbcp
kernel32
GetStartupInfoA
GetModuleHandleA
user32
GetParent
SendMessageA
InvalidateRect
SetRect
EnableWindow
Sections
.text Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ