TMLoader-win32[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

TMLoader-win32.exe
Size

4.6MB
MD5

8baaf648ae315e9b11ce9f129c46387a
SHA1

456e33704f8cbebaf9b6a5195699ff74f61c274f
SHA256

37e1c125cf31402ed94f27de32589402e0ee3100767d977f017a26f4af7e1080
SHA512

d8d77fca9d80f5964ef407b8923c655d550ea0f6ff384c0d5ca0a0ef8af87a4576f349bb17d81d95bdc0aa25e1b8bbcb2058543ca1e84f6f7affde5b80bee567
SSDEEP

98304:kTaLH1ilWv3ju18I+NNOBXFNgPG8qb2xZKH4VbFat:kQ4lgk8rSQqb2SH4VbYt

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
static1/unpack001/TMLoader.exe	embeds_openssl

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
TMLoader-win32.exe
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/ShimRun.exe
unpack001/TMLoader.exe
unpack001/Uninstall.exe
unpack002/$PLUGINSDIR/UserInfo.dll
unpack001/sciter.dll

Files

TMLoader-win32.exe
.exe windows:4 windows x86 arch:x86

f4639a0b3116c2cfc71144b88a929cfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

lstrcmpiA
CreateFileW
GetTempFileNameW
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
WriteFile
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
SetEnvironmentVariableW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

85f08eb0cbec010ecbc287fa68321173

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetModuleHandleW
CloseHandle
SetEndOfFile
GetPrivateProfileIntW
SetFilePointer
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
GetPrivateProfileStringW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
WriteFile
GlobalAlloc

user32

PtInRect
LoadCursorW
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
MessageBoxW
GetSysColor
CharNextW
wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
MapWindowPoints

gdi32

SetTextColor
CreateCompatibleDC
GetObjectW
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderW
SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
make_unicode
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSIS.InstallOptions.ini
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

646971a3aef724d6f553f40ae84fe26b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
lstrcatW
FindClose
FindNextFileW
lstrcmpW
MulDiv
GlobalFree
lstrcpynW
GlobalAlloc
lstrcmpiW
FindFirstFileW
lstrcpyW

user32

TranslateMessage
GetMessageW
IsDialogMessageW
DispatchMessageW
CallWindowProcW
GetWindowLongW
CheckDlgButton
ShowWindow
LoadIconW
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextW
SendMessageW
IsDlgButtonChecked
GetWindowTextW
DestroyWindow
GetDlgItem
CreateDialogParamW
SetWindowLongW
wsprintfW
PostMessageW

gdi32

GetTextMetricsW
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

68e847ed6763e00454edac87b3abd95a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
GetUserNameW

kernel32

GlobalAlloc
CloseHandle
GlobalFree
GetLastError
GetCurrentProcess
GetCurrentThread
GetVersion
GetProcAddress
GetModuleHandleA
lstrcpynW

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 714B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 705B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
ShimRun.exe
.exe windows:6 windows x86 arch:x86

fbdca8271cdf020364267e88368c1c26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Projects\VisualStudio\TMLoader\ShimRun.pdb

Imports

kernel32

CloseHandle
CompareStringW
CreateFileW
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTempPathW
GetTimeFormatW
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MultiByteToWideChar
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WideCharToMultiByte
WriteConsoleW
WriteFile

user32

MessageBoxW

shell32

ShellExecuteW

Sections

.text
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TMLoader.exe
.exe windows:6 windows x86 arch:x86

d9d0897a7f23a96543457d9f8735b886

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
CreateProcessAsUserA
CryptAcquireContextA
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptGenRandom
CryptGetHashParam
CryptHashData
CryptReleaseContext
DeregisterEventSource
DuplicateTokenEx
EqualSid
FreeSid
GetTokenInformation
ImpersonateLoggedOnUser
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegisterEventSourceW
ReportEventW
RevertToSelf
SetTokenInformation

kernel32

AreFileApisANSI
AttachConsole
CheckRemoteDebuggerPresent
CloseHandle
CompareFileTime
CompareStringW
ConvertFiberToThread
ConvertThreadToFiber
CopyFileW
CreateDirectoryW
CreateEventW
CreateFiber
CreateFileW
CreateHardLinkW
CreatePipe
CreateProcessA
CreateProcessW
CreateRemoteThread
CreateSemaphoreA
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFiber
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocaleInfoW
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDefaultLCID
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LocalFree
LockResource
MoveFileExA
MoveFileExW
MultiByteToWideChar
OpenProcess
OpenThread
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
Process32FirstW
Process32NextW
ProcessIdToSessionId
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserWorkItem
RaiseException
ReadConsoleA
ReadConsoleW
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetConsoleMode
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetProcessDEPPolicy
SetStdHandle
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepEx
SwitchToFiber
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoW
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteProcessMemory

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
MessageBoxW
WaitForInputIdle

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExA

ole32

CoCreateInstance
CoGetMalloc
CoInitialize
CoUninitialize
CreateBindCtx
GetRunningObjectTable

oleaut32

VariantChangeType
VariantClear
VariantInit

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

bcrypt

BCryptCreateHash
BCryptDecrypt
BCryptDestroyHash
BCryptDestroyKey
BCryptDuplicateHash
BCryptEncrypt
BCryptFinishHash
BCryptGetProperty
BCryptHashData
BCryptImportKey
BCryptSetProperty

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetEvent
WSASetLastError
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
getpeername
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

psapi

EnumProcesses
GetModuleFileNameExW
GetProcessImageFileNameW

shlwapi

SHQueryValueExW

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertOpenSystemStoreW

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 760KB - Virtual size: 760KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

f4639a0b3116c2cfc71144b88a929cfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

lstrcmpiA
CreateFileW
GetTempFileNameW
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
WriteFile
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
SetEnvironmentVariableW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

68e847ed6763e00454edac87b3abd95a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
GetUserNameW

kernel32

GlobalAlloc
CloseHandle
GlobalFree
GetLastError
GetCurrentProcess
GetCurrentThread
GetVersion
GetProcAddress
GetModuleHandleA
lstrcpynW

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 714B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 705B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
sciter.dll
.dll windows:6 windows x86 arch:x86

2ccd939b04066aa5c1a5ad230185807f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\sciter\sciter\sdk.js\bin\windows\x32\sciter.pdb

Imports

ws2_32

GetAddrInfoW
WSAIoctl
WSARecv
connect
socket
getsockname
getpeername
listen
FreeAddrInfoW
freeaddrinfo
getaddrinfo
select
ioctlsocket
WSASocketW
htons
WSASend
ntohl
ntohs
WSASetLastError
WSAStartup
WSASendTo
closesocket
getsockopt
setsockopt
htonl
WSAGetLastError
bind
WSARecvFrom
shutdown

wininet

HttpSendRequestA
HttpQueryInfoA
InternetConnectA
HttpOpenRequestA
HttpQueryInfoW
InternetReadFile
InternetSetOptionW
InternetOpenA
InternetErrorDlg
InternetCloseHandle
InternetQueryOptionW

shell32

ord74
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW
CommandLineToArgvW
SHGetFileInfoW
ord727
ShellExecuteExW
DragQueryFileW
ShellExecuteW
SHGetSpecialFolderPathW

advapi32

OpenProcessToken
RegQueryValueExW
GetUserNameW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegOpenKeyExW
SystemFunction036
RegCloseKey

ole32

CoTaskMemFree
CoCreateInstance
CoCreateGuid
StringFromCLSID
OleInitialize
OleUninitialize
CoUninitialize
ReleaseStgMedium
DoDragDrop
RevokeDragDrop
RegisterDragDrop
CreateStreamOnHGlobal
CoInitialize
CoTaskMemAlloc
CoFreeUnusedLibraries

oleaut32

SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreateVector
SysFreeString
SysAllocStringLen

gdi32

CreateFontW
EnumFontFamiliesExW
GetObjectW
CreateSolidBrush
SetLayout
GetStockObject
StartPage
EndDoc
CreateDCW
GetObjectA
StartDocW
EndPage
BitBlt
StretchDIBits
DeleteObject
CreateBitmap
GetClipBox
SaveDC
SetViewportOrgEx
RestoreDC
AddFontMemResourceEx
GetGlyphIndicesW
CreateCompatibleDC
CreateDIBSection
GetDIBits
SelectObject
DeleteDC
GetDeviceCaps
GetFontUnicodeRanges
SetMapMode

comdlg32

GetSaveFileNameW
GetOpenFileNameW
PrintDlgW
CommDlgExtendedError

winspool.drv

ord203

kernel32

HeapReAlloc
DeleteFileW
EnumSystemLocalesW
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
InitializeSListHead
RtlUnwind
RaiseException
DecodePointer
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
GetCommandLineA
GetStringTypeW
SetThreadPriority
InitializeCriticalSectionEx
lstrlenW
FormatMessageW
LocalAlloc
LocalSize
WaitForMultipleObjects
lstrcmpW
LoadLibraryW
GetThreadPriority
GetTickCount
WaitForSingleObjectEx
GetExitCodeThread
LCMapStringEx
IsValidLocale
HeapSize
MultiByteToWideChar
VerSetConditionMask
VerifyVersionInfoW
GetFullPathNameW
GetModuleFileNameW
QueryPerformanceCounter
QueryPerformanceFrequency
WideCharToMultiByte
CompareStringW
GetLocaleInfoW
GetNumberFormatW
GetCurrencyFormatW
GetDateFormatW
GetTimeFormatW
GetComputerNameW
GetUserDefaultLCID
GetSystemDefaultLCID
LoadLibraryExW
GetProcAddress
FindFirstFileW
FindNextFileW
FindClose
GetSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
FileTimeToSystemTime
Sleep
OutputDebugStringW
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CloseHandle
SetFilePointer
SetEndOfFile
MulDiv
GetTempPathA
GetTempFileNameA
GetLastError
GetFileAttributesW
FreeLibrary
GetCurrentThreadId
GetCPInfo
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalSize
GlobalFree
SleepConditionVariableCS
TlsSetValue
EnterCriticalSection
GetCurrentProcess
ReleaseSemaphore
TryAcquireSRWLockExclusive
WakeAllConditionVariable
WakeConditionVariable
LeaveCriticalSection
InitializeCriticalSection
InitializeConditionVariable
WaitForSingleObject
ResumeThread
DuplicateHandle
CreateEventW
ReleaseSRWLockExclusive
SetEvent
GetCurrentThread
AcquireSRWLockExclusive
TlsAlloc
GetNativeSystemInfo
DeleteCriticalSection
CreateSemaphoreW
TlsGetValue
TlsFree
SetLastError
SetEnvironmentVariableW
GetConsoleTitleW
GetEnvironmentVariableW
GetTempPathW
GetVersionExW
FreeEnvironmentStringsW
GetSystemInfo
GetCurrentDirectoryW
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
SetErrorMode
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetConsoleMode
GetFileType
LocalFree
FormatMessageA
DebugBreak
GetModuleHandleA
LoadLibraryA
ReadFile
SetNamedPipeHandleState
CreateNamedPipeA
WriteFile
RegisterWaitForSingleObject
UnregisterWait
CreateNamedPipeW
PeekNamedPipe
QueueUserWorkItem
CancelSynchronousIo
CreateFileA
GetNamedPipeHandleStateW
CancelIoEx
SwitchToThread
WaitNamedPipeW
ConnectNamedPipe
FlushFileBuffers
CreateDirectoryW
GetFileInformationByHandleEx
GetFileSizeEx
GetDiskFreeSpaceW
DeviceIoControl
RemoveDirectoryW
SetFileTime
ReOpenFile
CreateHardLinkW
GetFileInformationByHandle
SetFilePointerEx
MoveFileExW
CopyFileW
CreateSymbolicLinkW
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleMode
GetConsoleCursorInfo
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleInputW
ReadConsoleW
ResetEvent
WriteConsoleInputW
FillConsoleOutputAttribute
WriteConsoleW
GetNumberOfConsoleInputEvents
SetConsoleCursorPosition
SetHandleInformation
CancelIo
SetFileCompletionNotificationModes
GetLongPathNameW
GetShortPathNameW
ReadDirectoryChangesW
SetInformationJobObject
AssignProcessToJobObject
TerminateProcess
CreateJobObjectW
UnregisterWaitEx
LCMapStringW
CreateProcessW
GetExitCodeProcess
GetStartupInfoW
GetStdHandle
ExitProcess
VirtualFree
VirtualAlloc
HeapFree
GetCommandLineW
HeapAlloc
GetProcessHeap
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetStdHandle
GetConsoleOutputCP
GetFileAttributesExW
SetFileAttributesW

user32

IsWindowVisible
GetWindowPlacement
GetParent
SetParent
RegisterClassW
UnregisterClassW
EndPaint
BeginPaint
SendMessageW
ReleaseCapture
GetForegroundWindow
CreateWindowExW
SetTimer
MoveWindow
SetWindowLongW
ShowWindow
DefWindowProcW
MapWindowPoints
DestroyWindow
WindowFromPoint
SetForegroundWindow
IsIconic
ScreenToClient
ClientToScreen
RegisterWindowMessageW
LoadIconW
RegisterClassExW
AdjustWindowRectEx
SetClassLongW
GetClassLongW
PostMessageW
KillTimer
GetMessageExtraInfo
GetAsyncKeyState
GetMessageTime
IsZoomed
IsWindowUnicode
GetFocus
SetFocus
AnimateWindow
SetScrollInfo
GetScrollInfo
GetWindowTextW
SetWindowTextW
SetCapture
GetCapture
CallNextHookEx
SetWindowsHookExW
InvalidateRect
GetActiveWindow
IsChild
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
EnumThreadWindows
IsRectEmpty
GetWindow
FlashWindowEx
RegisterHotKey
UnregisterHotKey
MonitorFromPoint
CreateMenu
GetMenuItemCount
RemoveMenu
InsertMenuW
GetMenu
SetMenu
GetKeyboardLayout
CreateCaret
DestroyCaret
SetCaretPos
FindWindowW
SetClipboardData
EnumClipboardFormats
CountClipboardFormats
GetCursorPos
GetClientRect
CloseClipboard
EmptyClipboard
SetWindowPos
SetCursor
OpenClipboard
RegisterClipboardFormatW
GetDesktopWindow
MessageBeep
NotifyWinEvent
GetDoubleClickTime
IsWindowEnabled
EnableWindow
IsWindow
GetWindowThreadProcessId
GetSystemMetrics
DestroyIcon
DrawIconEx
GetIconInfo
CreateIconIndirect
LoadCursorFromFileA
LoadCursorW
DestroyCursor
GetSysColor
ReleaseDC
GetDC
GetWindowLongW
GetWindowRect
GetKeyState
MonitorFromWindow
EnumDisplayMonitors
MsgWaitForMultipleObjects
GetMonitorInfoW
PeekMessageW
UpdateWindow
CallMsgFilterW
EnumDisplayDevicesW
PostQuitMessage
SystemParametersInfoW
GetMessageW
MapVirtualKeyW
DispatchMessageW
TranslateMessage
GetClipboardData
UnhookWindowsHookEx
UpdateLayeredWindow
SetActiveWindow
MessageBoxW
PostThreadMessageW
GetQueueStatus
IsClipboardFormatAvailable

userenv

GetUserProfileDirectoryW

shlwapi

PathIsRelativeW

winmm

timeSetEvent
timeBeginPeriod
timeEndPeriod
timeGetTime
timeKillEvent

comctl32

ImageList_GetIconSize
ImageList_Destroy
ImageList_DrawEx

oleacc

LresultFromObject
AccessibleObjectFromWindow

imm32

ImmGetContext
ImmGetCompositionStringW
ImmIsIME
ImmReleaseContext
ImmAssociateContextEx
ImmNotifyIME
ImmSetCandidateWindow

usp10

ScriptFreeCache
ScriptApplyDigitSubstitution
ScriptPlace
ScriptBreak
ScriptItemize
ScriptShape

gdiplus

GdipDeletePath
GdipAddPathArcI
GdipAddPathLineI
GdipFillPath
GdipGetClipBoundsI
GdipCreateLineBrush
GdipMultiplyLineTransform
GdipCreateMatrix2
GdipSetLinePresetBlend
GdipSetLineWrapMode
GdipAddPathEllipse
GdipCreatePathGradientFromPath
GdipSetPathGradientPresetBlend
GdipSetPathGradientWrapMode
GdipSetPathGradientCenterPoint
GdipSetPathGradientTransform
GdipCreatePen1
GdipDeletePen
GdipDrawPath
GdipFillRectanglesI
GdipDrawLine
GdipSetClipRectI
GdipSetClipPath
GdipTranslateWorldTransform
GdipFillRectangleI
GdipSaveGraphics
GdipRestoreGraphics
GdipBeginContainer2
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipSetClipRect
GdipGetPathWorldBounds
GdipClonePath
GdipAddPathRectangleI
GdipGetImageHeight
GdipGetImageWidth
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipSetSmoothingMode
GdipEndContainer
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRect
GdipTransformPoints
GdipMultiplyWorldTransform
GdipSetWorldTransform
GdipCreateMatrix
GdipDeleteMatrix
GdipGetWorldTransform
GdipGetMatrixElements
GdipTranslateMatrix
GdipRotateMatrix
GdipScaleMatrix
GdipShearMatrix
GdipGetBrushType
GdipGetSolidFillColor
GdipCreateTexture
GdipFillEllipse
GdipDrawEllipse
GdipFillPie
GdipDrawPie
GdipDrawArc
GdipFillRectangle
GdipDrawRectangle
GdipResetPath
GdipIsVisiblePathPoint
GdipStartPathFigure
GdipAddPathLine
GdipClosePathFigure
GdipSetPathFillMode
GdipAddPathArc
GdipAddPathBezier
GdipSetPageUnit
GdipSetCompositingQuality
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipCreateFromHWND
GdipCreateFromHDC
GdipCreatePen2
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenLineJoin
GdipSetPenMiterLimit
GdipSetPenDashStyle
GdipSetPenDashArray
GdipSetPenDashOffset
GdipGetFontSize
GdipDeleteFont
GdipGetCellAscent
GdipCreateFontFromDC
GdipGetLineSpacing
GdipGetEmHeight
GdipCreateFontFromLogfontA
GdipGetFamily
GdipDeleteFontFamily
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromGraphics
GdipDrawImageI
GdipCreateHBITMAPFromBitmap
GdipDrawDriverString
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipCreatePath
GdipGetSmoothingMode

Exports

Exports

SciterAPI

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ui/layouts/default/icon.png
.png
ui/layouts/default/index.css
ui/layouts/default/index.html
.html
ui/layouts/default/index.jsx
.js
ui/layouts/default/index.tsx
.js
ui/layouts/loader.d.ts
ui/layouts/sciter.d.ts
.js
ui/layouts/tsconfig.json
ui/styles/apprentice.css
ui/styles/dark.css
ui/styles/dracula.css
ui/styles/gruvbox-dark.css
ui/styles/gruvbox-light.css
ui/styles/light.css
ui/styles/material.css
ui/styles/papercolor-dark.css
ui/styles/papercolor-light.css
ui/styles/solarized-dark.css
ui/styles/solarized-light.css
ui/styles/tender.css
ui/styles/tokyo-night-dark.css
ui/styles/tokyo-night-light.css
ui/styles/windows-95-light.css
ui/styles/windows-95.css

Sharing

General

Malware Config

Signatures

Files

f4639a0b3116c2cfc71144b88a929cfd

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 126KB

.ndata Size: - Virtual size: 96KB

.rsrc Size: 48KB - Virtual size: 47KB

85f08eb0cbec010ecbc287fa68321173

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

646971a3aef724d6f553f40ae84fe26b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 1024B - Virtual size: 578B

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 662B

68e847ed6763e00454edac87b3abd95a

Headers

DLL Characteristics

File Characteristics

Imports

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 126KB

.ndata
Size: - Virtual size: 96KB

.rsrc
Size: 48KB - Virtual size: 47KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 578B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 1024B - Virtual size: 714B

.rdata
Size: 1024B - Virtual size: 705B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 512B - Virtual size: 240B

.text
Size: 295KB - Virtual size: 295KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 760KB - Virtual size: 760KB

.data
Size: 52KB - Virtual size: 68KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 152KB - Virtual size: 152KB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 126KB

.ndata
Size: - Virtual size: 96KB

.rsrc
Size: 48KB - Virtual size: 47KB