C:\Users\tickr\Downloads\SecHex-Spoofy-main\SecHex-Spoofy-main\SecHex-GUI\SecHex-GUI\obj\Debug\net6.0-windows\SecHex-GUI.pdb
Static task
static1
1 signatures
General
-
Target
y.rar
-
Size
25.6MB
-
MD5
5a2b03efea4448db47d91a0da65bba42
-
SHA1
cd03e07b8626d687c7e85eac12b51ba70e8bceb3
-
SHA256
cc8450a066cd42b6bd2619468db3cc9df6fa00b963253132fb454ed7312cf2a5
-
SHA512
0083259a412677f48c5d6ee0ca11ba05bd5fde1d1832b595963524241cebe4e4b6a5e4212de5f14a8e30169d938ee8079d1bec98019621f1cde55ffed591b645
-
SSDEEP
786432:X4Ti/XJdFod6aKcz1aSgeJBEt3XuywDtaVX5nOdr:XxfJzoddz1aPeLEBXunpaJV+r
Score
3/10
Malware Config
Signatures
-
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/SecHex-Spoofy V1.5.8 (testing)/SecHex-GUI.dll unpack001/SecHex-Spoofy V1.5.8 (testing)/SecHex-GUI.exe unpack001/хохол.exe
Files
-
y.rar.rar
-
SecHex-Spoofy V1.5.8 (testing)/Logs/2024-03-11_22-03-22.txt
-
SecHex-Spoofy V1.5.8 (testing)/Logs/2024-03-12_15-54-41.txt
-
SecHex-Spoofy V1.5.8 (testing)/Logs/2024-03-13_15-42-20.txt
-
SecHex-Spoofy V1.5.8 (testing)/Logs/2024-03-13_15-47-54.txt
-
SecHex-Spoofy V1.5.8 (testing)/Logs/2024-03-16_13-05-55.txt
-
SecHex-Spoofy V1.5.8 (testing)/Logs/2024-03-16_13-13-45.txt
-
SecHex-Spoofy V1.5.8 (testing)/Logs/2024-05-20_20-41-55.txt
-
SecHex-Spoofy V1.5.8 (testing)/Logs/2024-06-20_20-12-39.txt
-
SecHex-Spoofy V1.5.8 (testing)/Logs/2024-06-20_20-15-56.txt
-
SecHex-Spoofy V1.5.8 (testing)/Logs/2024-06-20_20-21-05.txt
-
SecHex-Spoofy V1.5.8 (testing)/Logs/2024-06-20_20-48-11.txt
-
SecHex-Spoofy V1.5.8 (testing)/SecHex-GUI.deps.json
-
SecHex-Spoofy V1.5.8 (testing)/SecHex-GUI.dll.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
SecHex-Spoofy V1.5.8 (testing)/SecHex-GUI.exe.exe windows:6 windows x64 arch:x64
6dbf27f4c70fe2c8ed3e0122ba75d641
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb
Imports
kernel32
FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
FindClose
MultiByteToWideChar
GetLastError
GetFileAttributesExW
GetFullPathNameW
GetProcAddress
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EnterCriticalSection
FindFirstFileExW
OutputDebugStringW
LoadLibraryA
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW
user32
MessageBoxW
shell32
ShellExecuteW
advapi32
RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey
api-ms-win-crt-runtime-l1-1-0
_exit
__p___argc
_initterm_e
_initterm
_get_initial_wide_environment
_invalid_parameter_noinfo_noreturn
_initialize_wide_environment
_configure_wide_argv
_initialize_onexit_table
_set_app_type
__p___wargv
_seh_filter_exe
_register_onexit_function
_cexit
terminate
_errno
exit
abort
_crt_atexit
_c_exit
_register_thread_local_exe_atexit_callback
api-ms-win-crt-stdio-l1-1-0
setvbuf
fflush
_wfopen
__stdio_common_vswprintf
__stdio_common_vfwprintf
_set_fmode
__stdio_common_vsprintf_s
__acrt_iob_func
fputwc
fputws
__p__commode
api-ms-win-crt-heap-l1-1-0
_set_new_mode
_callnewh
free
malloc
calloc
api-ms-win-crt-string-l1-1-0
wcsnlen
strcpy_s
_wcsdup
strcspn
wcsncmp
toupper
api-ms-win-crt-convert-l1-1-0
_wtoi
wcstoul
api-ms-win-crt-locale-l1-1-0
setlocale
___lc_locale_name_func
localeconv
_unlock_locales
_lock_locales
___mb_cur_max_func
_configthreadlocale
__pctype_func
___lc_codepage_func
api-ms-win-crt-math-l1-1-0
frexp
__setusermatherr
api-ms-win-crt-time-l1-1-0
_gmtime64_s
_time64
wcsftime
Sections
.text Size: 95KB - Virtual size: 95KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 37KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 792B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
SecHex-Spoofy V1.5.8 (testing)/SecHex-GUI.pdb
-
SecHex-Spoofy V1.5.8 (testing)/SecHex-GUI.runtimeconfig.json
-
SecHex-Spoofy V1.5.8 (testing)/runtimes/win/lib/net6.0/System.Diagnostics.EventLog.Messages.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:03:04:c1:03:19:7e:c6:05:e4:04:00:00:00:00:03:04Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/08/2022, 20:23Not After03/08/2023, 20:23SubjectCN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d9:08:7d:66:d6:d3:8c:c8:85:be:d7:e5:46:51:30:28:98:c0:24:c2:c8:84:d4:42:90:85:01:8a:b9:ef:93:16Signer
Actual PE Digestd9:08:7d:66:d6:d3:8c:c8:85:be:d7:e5:46:51:30:28:98:c0:24:c2:c8:84:d4:42:90:85:01:8a:b9:ef:93:16Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
/_/artifacts/obj/System.Diagnostics.EventLog.Messages/Release/netstandard2.0/System.Diagnostics.EventLog.Messages.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 768KB - Virtual size: 768KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
SecHex-Spoofy V1.5.8 (testing)/runtimes/win/lib/net6.0/System.Diagnostics.EventLog.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:03:04:c1:03:19:7e:c6:05:e4:04:00:00:00:00:03:04Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/08/2022, 20:23Not After03/08/2023, 20:23SubjectCN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
7e:15:f2:f2:93:b7:bb:eb:ce:6e:33:2d:ee:b9:dc:26:e5:d8:2b:ee:e7:41:85:6e:4b:ca:13:c5:3f:8b:4a:51Signer
Actual PE Digest7e:15:f2:f2:93:b7:bb:eb:ce:6e:33:2d:ee:b9:dc:26:e5:d8:2b:ee:e7:41:85:6e:4b:ca:13:c5:3f:8b:4a:51Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
/_/artifacts/obj/System.Diagnostics.EventLog/Release/net6.0-windows/System.Diagnostics.EventLog.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 126KB - Virtual size: 126KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
SecHex-Spoofy V1.5.8 (testing)/runtimes/win/lib/net6.0/System.ServiceProcess.ServiceController.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:03:04:c1:03:19:7e:c6:05:e4:04:00:00:00:00:03:04Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/08/2022, 20:23Not After03/08/2023, 20:23SubjectCN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0d:f7:50:6d:f3:32:dc:46:09:d0:05:57:b5:84:52:9e:5f:b1:0d:0e:3e:1c:33:b8:ed:f4:f7:a8:f8:d2:95:d9Signer
Actual PE Digest0d:f7:50:6d:f3:32:dc:46:09:d0:05:57:b5:84:52:9e:5f:b1:0d:0e:3e:1c:33:b8:ed:f4:f7:a8:f8:d2:95:d9Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
/_/artifacts/obj/System.ServiceProcess.ServiceController/Release/net6.0-windows/System.ServiceProcess.ServiceController.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 53KB - Virtual size: 53KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
SecHex-Spoofy V1.5.8 (testing)/runtimes/win/lib/netcoreapp3.0/System.Runtime.WindowsRuntime.UI.Xaml.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
41:9f:43:a5:7d:13:db:2d:93:64:40:44:d7:e4:bb:f3:a0:f7:87:b1:6a:f3:ef:2d:c8:2f:20:05:40:d4:5a:d1Signer
Actual PE Digest41:9f:43:a5:7d:13:db:2d:93:64:40:44:d7:e4:bb:f3:a0:f7:87:b1:6a:f3:ef:2d:c8:2f:20:05:40:d4:5a:d1Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
/_/artifacts/obj/System.Runtime.WindowsRuntime.UI.Xaml/netcoreapp3.0-Windows_NT-Release/System.Runtime.WindowsRuntime.UI.Xaml.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
SecHex-Spoofy V1.5.8 (testing)/runtimes/win/lib/netcoreapp3.0/System.Runtime.WindowsRuntime.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
db:66:18:e1:73:4c:89:d3:9b:59:b2:6f:e8:ed:2d:14:fe:35:76:f6:9d:11:40:d8:52:0d:45:8d:de:81:92:43Signer
Actual PE Digestdb:66:18:e1:73:4c:89:d3:9b:59:b2:6f:e8:ed:2d:14:fe:35:76:f6:9d:11:40:d8:52:0d:45:8d:de:81:92:43Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
/_/artifacts/obj/System.Runtime.WindowsRuntime/netcoreapp3.0-Windows_NT-Release/System.Runtime.WindowsRuntime.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 118KB - Virtual size: 118KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
хохол.exe.exe windows:6 windows x86 arch:x86
d2f20a650dd6d8767ff7bfdc9e862500
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
GetUserNameA
RegCloseKey
RegConnectRegistryW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegLoadKeyW
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExA
RegSetValueExW
RegUnLoadKeyW
kernel32
CloseHandle
CompareStringW
CreateDirectoryA
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileW
CreateMutexA
CreateSemaphoreA
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
EnumCalendarInfoW
EnumResourceNamesW
EnumSystemLocalesW
ExitProcess
ExitThread
FindClose
FindFirstFileW
FindResourceA
FindResourceW
FormatMessageW
FreeEnvironmentStringsA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCPInfoExW
GetCommandLineA
GetCommandLineW
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStrings
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDrives
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
MulDiv
MultiByteToWideChar
OpenMutexA
OpenThread
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
ReleaseSemaphore
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SuspendThread
SwitchToThread
TerminateThread
Thread32First
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
lstrcmpW
lstrlenA
lstrlenW
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
winspool.drv
ClosePrinter
DocumentPropertiesW
EnumPrintersW
ord203
OpenPrinterW
comctl32
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageW
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
ord17
InitializeFlatSB
_TrackMouseEvent
comdlg32
FindTextW
gdi32
AbortDoc
AngleArc
Arc
ArcTo
BitBlt
Chord
CombineRgn
CopyEnhMetaFileW
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreateICW
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesExW
EnumFontsW
ExcludeClipRect
ExtCreatePen
ExtCreateRegion
ExtFloodFill
ExtTextOutW
FrameRgn
GdiFlush
GetBitmapBits
GetBkMode
GetBrushOrgEx
GetClipBox
GetCurrentObject
GetCurrentPositionEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetNearestPaletteIndex
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetStretchBltMode
GetSystemPaletteEntries
GetTextColor
GetTextExtentPoint32W
GetTextExtentPointW
GetTextMetricsW
GetViewportOrgEx
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
Pie
PlayEnhMetaFile
PolyBezier
PolyBezierTo
PolyPolyline
Polygon
Polyline
RealizePalette
RectVisible
Rectangle
ResizePalette
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDCPenColor
SetDIBColorTable
SetDIBits
SetEnhMetaFileBits
SetGraphicsMode
SetMapMode
SetPixel
SetROP2
SetRectRgn
SetStretchBltMode
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWinMetaFileBits
SetWindowExtEx
SetWindowOrgEx
SetWorldTransform
StartDocW
StartPage
StretchBlt
StretchDIBits
UnrealizeObject
shell32
SHAppBarMessage
Shell_NotifyIconW
user32
ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcW
CharLowerBuffW
CharLowerW
CharNextW
CharUpperBuffW
CharUpperW
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CopyIcon
CopyImage
CountClipboardFormats
CreateAcceleratorTableW
CreateCaret
CreateIcon
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndMenu
EndPaint
EnumChildWindows
EnumClipboardFormats
EnumDisplayMonitors
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetCaretPos
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameW
GetClientRect
GetClipboardData
GetComboBoxInfo
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuItemRect
GetMenuState
GetMenuStringW
GetMessageExtraInfo
GetMessagePos
GetMessageTime
GetMonitorInfoW
GetParent
GetPropW
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InflateRect
InsertMenuItemW
InsertMenuW
InvalidateRect
IsCharAlphaNumericW
IsCharAlphaW
IsChild
IsClipboardFormatAvailable
IsDialogMessageA
IsDialogMessageW
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringW
LockWindowUpdate
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OffsetRect
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
PostThreadMessageA
PtInRect
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
ScrollWindowEx
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetCaretPos
SetClassLongW
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetKeyboardState
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExA
SetWindowsHookExW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackMouseEvent
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
ValidateRect
WaitMessage
WindowFromPoint
wsprintfA
winmm
PlaySoundA
ole32
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
IsEqualGUID
OleInitialize
OleUninitialize
oleaut32
GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit
Exports
Exports
@$xp$6TForm1
@$xp$6TForm2
@$xp$6TForm3
@$xp$6TForm4
@@Unit1@Finalize
@@Unit1@Initialize
@@Unit2@Finalize
@@Unit2@Initialize
@@Unit3@Finalize
@@Unit3@Initialize
@@Unit4@Finalize
@@Unit4@Initialize
_Form1
_Form2
_Form3
_Form4
___CPPdebugHook
___setRaiseListFuncAddr
__dbk_fcall_wrapper
dbkFCallWrapperAddr
Sections
.text Size: 3.3MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 370KB - Virtual size: 528KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 15KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didata Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 29.2MB - Virtual size: 29.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 265KB - Virtual size: 268KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ