Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
Overview
overview
7Static
static
35e08cec644...18.exe
windows7-x64
75e08cec644...18.exe
windows10-2004-x64
7$COMMONFIL...m2.dll
windows7-x64
1$COMMONFIL...m2.dll
windows10-2004-x64
1$COMMONFIL...od.dll
windows7-x64
1$COMMONFIL...od.dll
windows10-2004-x64
1$PLUGINSDI...64.dll
windows7-x64
3$PLUGINSDI...64.dll
windows10-2004-x64
3$PLUGINSDI...RL.dll
windows7-x64
3$PLUGINSDI...RL.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...sh.dll
windows7-x64
3$PLUGINSDI...sh.dll
windows10-2004-x64
3$PLUGINSDIR/inetc.dll
windows7-x64
3$PLUGINSDIR/inetc.dll
windows10-2004-x64
3Orca.exe
windows7-x64
1Orca.exe
windows10-2004-x64
1darice.msi
windows7-x64
6darice.msi
windows10-2004-x64
6mergemod.msi
windows7-x64
6mergemod.msi
windows10-2004-x64
6orca.chm
windows7-x64
1orca.chm
windows10-2004-x64
1orca.msi
windows7-x64
3orca.msi
windows10-2004-x64
3Static task
static1
Behavioral task
behavioral1
Sample
5e08cec64431cf635ea445607cb855b3_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5e08cec64431cf635ea445607cb855b3_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$COMMONFILES/Microsoft Shared/MSI Tools/evalcom2.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$COMMONFILES/Microsoft Shared/MSI Tools/evalcom2.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
$COMMONFILES/Microsoft Shared/MSI Tools/mergemod.dll
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
$COMMONFILES/Microsoft Shared/MSI Tools/mergemod.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/Base64.dll
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/Base64.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/BrandingURL.dll
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/BrandingURL.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/blowfish.dll
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/blowfish.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/inetc.dll
Resource
win7-20240705-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/inetc.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
Orca.exe
Resource
win7-20240704-en
Behavioral task
behavioral20
Sample
Orca.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
darice.msi
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
darice.msi
Resource
win10v2004-20240709-en
Behavioral task
behavioral23
Sample
mergemod.msi
Resource
win7-20240704-en
Behavioral task
behavioral24
Sample
mergemod.msi
Resource
win10v2004-20240704-en
Behavioral task
behavioral25
Sample
orca.chm
Resource
win7-20240704-en
Behavioral task
behavioral26
Sample
orca.chm
Resource
win10v2004-20240709-en
Behavioral task
behavioral27
Sample
orca.msi
Resource
win7-20240704-en
Behavioral task
behavioral28
Sample
orca.msi
Resource
win10v2004-20240709-en
Target
5e08cec64431cf635ea445607cb855b3_JaffaCakes118
Size
1.1MB
MD5
5e08cec64431cf635ea445607cb855b3
SHA1
afa2b14aa97cda9d6e321e8b42776d21f9cc6139
SHA256
a84b55526423c0924718408c2d4ff9f809feac4be4fe20d8d39db2e71afee3e3
SHA512
e9352a8c9722f27b2561ff04e1893489da457b5f9183dd0443ae71d8544638489fe9a60dcc80617c62378d202362b2be4f43441ed71153b52cebcc66dcec0005
SSDEEP
24576:yg1z3FunCsy7s9OwIL0WWiVg8gu6TuappxwKqHfinmwk:ygd4UYswM0JaX6PeHfQ6
Checks for missing Authenticode signature.
resource |
---|
unpack001/$COMMONFILES/Microsoft Shared/MSI Tools/evalcom2.dll |
unpack001/$COMMONFILES/Microsoft Shared/MSI Tools/mergemod.dll |
unpack001/$PLUGINSDIR/Base64.dll |
unpack001/$PLUGINSDIR/BrandingURL.dll |
unpack001/$PLUGINSDIR/InstallOptions.dll |
unpack001/$PLUGINSDIR/System.dll |
unpack001/$PLUGINSDIR/blowfish.dll |
unpack001/$PLUGINSDIR/inetc.dll |
unpack001/Orca.exe |
resource | yara_rule |
---|---|
sample | nsis_installer_1 |
sample | nsis_installer_2 |
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageContentCommitment
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
KeyUsageDigitalSignature
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
evalcom2.pdb
RtlUnwind
InterlockedIncrement
InterlockedDecrement
OutputDebugStringW
GetTempFileNameW
GetTempPathW
FindClose
FindFirstFileW
DeleteFileW
SetFileAttributesW
CopyFileW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
ExitProcess
GetProcAddress
GetModuleHandleA
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
LoadLibraryA
SetFilePointer
MultiByteToWideChar
InterlockedExchange
VirtualQuery
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
VirtualProtect
GetSystemInfo
FlushFileBuffers
CloseHandle
ord141
ord8
ord32
ord159
ord160
ord163
ord92
ord118
ord20
ord116
ord165
ord30
ord34
ord49
ord94
ord137
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
mergemod.pdb
_except_handler3
?terminate@@YAXXZ
malloc
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
free
swscanf
_vsnprintf
iswdigit
wcschr
_wtol
wcsrchr
wcsncpy
iswupper
wcscmp
_purecall
_CxxThrowException
_vsnwprintf
wcscat
wcsncmp
swprintf
wcslen
wcscpy
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
CreateDirectoryW
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
lstrcpynW
lstrcpyW
lstrcatW
CreateDirectoryA
WideCharToMultiByte
GetLastError
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
GetModuleFileNameA
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
WriteFile
SetFilePointer
CreateFileW
CreateFileA
CloseHandle
ReadFile
FreeLibrary
GetProcAddress
LoadLibraryA
GetFileAttributesW
GetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
DeleteFileW
DeleteFileA
GetTempFileNameW
GetTempFileNameA
GetUserDefaultLCID
lstrlenA
lstrlenW
MultiByteToWideChar
RegDeleteKeyA
RegEnumKeyExW
RegEnumKeyExA
RegCloseKey
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExA
RegCreateKeyExW
RegOpenKeyExA
RegOpenKeyExW
RegSetValueExA
IsCharAlphaA
CharNextExA
IsCharUpperA
UnRegisterTypeLi
VariantInit
SysFreeString
RegisterTypeLi
SysAllocString
LoadTypeLi
ord17
ord121
ord118
ord20
ord115
ord119
ord26
ord165
ord8
ord120
ord125
ord19
ord171
ord163
ord160
ord159
ord32
ord166
ord158
ord116
ord78
ord48
ord150
ord92
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
TerminateProcess
memset
atoi
_crt_debugger_hook
Decrypt
Encrypt
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
lstrcpyA
GlobalFree
GetWindowRect
SetCapture
InvalidateRect
SendMessageA
GetCapture
ClientToScreen
EnableWindow
LoadImageA
SetPropA
SetWindowLongA
GetWindowLongA
GetDlgItem
PtInRect
ReleaseCapture
SetCursor
GetPropA
CallWindowProcA
RedrawWindow
GetObjectA
SetTextColor
CreateFontIndirectA
ShellExecuteA
Set
Unload
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc
MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect
SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject
SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
CoTaskMemFree
dialog
initDialog
show
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect
wsprintfA
StringFromGUID2
CLSIDFromString
Alloc
Call
Copy
Free
Get
Int64Op
Store
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
Decrypt
Encrypt
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
_mbschr
_adjust_fdiv
malloc
_initterm
free
_mbsrchr
strtoul
memset
_mbsstr
strtol
CloseHandle
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
GetLastError
GlobalFree
lstrcmpiA
DeleteFileA
SleepEx
SetFilePointer
GetTickCount
lstrcatA
GetFileSize
CreateFileA
MessageBoxA
GetParent
ShowWindow
PostMessageA
SetWindowTextA
GetWindowTextA
IsWindow
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
SetWindowLongA
GetWindowLongA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SendMessageA
HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile
ord17
get
head
post
put
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
orca.pdb
ord5261
ord4370
ord4992
ord2506
ord6048
ord1767
ord5276
ord4419
ord3592
ord802
ord800
ord2362
ord2294
ord4229
ord6898
ord3871
ord540
ord6195
ord5977
ord6330
ord3296
ord6211
ord2810
ord861
ord538
ord3281
ord6896
ord3905
ord4270
ord2857
ord542
ord324
ord2088
ord384
ord3991
ord4704
ord1197
ord4847
ord6565
ord5597
ord3494
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord692
ord4638
ord4212
ord2568
ord4391
ord3347
ord3572
ord5618
ord6237
ord3798
ord2932
ord858
ord1165
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord616
ord2293
ord535
ord941
ord3312
ord2634
ord5568
ord2910
ord4197
ord6279
ord5706
ord5679
ord3516
ord798
ord5461
ord4124
ord2755
ord5188
ord533
ord860
ord940
ord942
ord801
ord6139
ord541
ord6451
ord2637
ord4272
ord1081
ord5616
ord715
ord5819
ord3659
ord415
ord3568
ord1899
ord5155
ord5156
ord5154
ord4899
ord4736
ord4970
ord4942
ord4352
ord4371
ord5283
ord4829
ord768
ord489
ord4253
ord4472
ord3084
ord5871
ord283
ord293
ord3087
ord6024
ord361
ord6325
ord6399
ord6398
ord1594
ord2350
ord5886
ord1662
ord2644
ord537
ord3447
ord6874
ord1172
ord1817
ord4233
ord6654
ord2756
ord818
ord6076
ord6171
ord996
ord3170
ord5601
ord4690
ord3053
ord3060
ord6332
ord2502
ord2534
ord5239
ord5736
ord1739
ord5573
ord3167
ord5649
ord4414
ord2391
ord4381
ord3449
ord3193
ord4617
ord4420
ord652
ord3517
ord338
ord4817
ord2753
ord922
ord5852
ord5605
ord2757
ord3688
ord2855
ord3614
ord2854
ord2572
ord4394
ord3625
ord682
ord813
ord1841
ord4583
ord4582
ord4893
ord4364
ord4886
ord4526
ord5070
ord4335
ord4343
ord4884
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord4103
ord4397
ord5236
ord3743
ord1719
ord4426
ord4239
ord2442
ord4128
ord4292
ord2746
ord5784
ord713
ord6168
ord640
ord5785
ord1633
ord323
ord6238
ord2235
ord4458
ord6193
ord2444
ord4717
ord5249
ord3749
ord2575
ord3366
ord3636
ord303
ord4158
ord1834
ord4237
ord794
ord2715
ord2382
ord3054
ord5094
ord5097
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord4421
ord674
ord796
ord807
ord3476
ord5248
ord6116
ord2244
ord6065
ord6063
ord3479
ord771
ord2520
ord1008
ord497
ord810
ord686
ord2082
ord357
ord5024
ord527
ord1941
ord6228
ord6226
ord6144
ord2560
ord6264
ord6267
ord3220
ord3252
ord3907
ord2536
ord2535
ord2503
ord978
ord1724
ord5847
ord2878
ord2390
ord2410
ord6220
ord6222
ord2421
ord2242
ord4726
ord4535
ord5473
ord2251
ord4830
ord4434
ord3386
ord3715
ord554
ord529
ord366
ord2914
ord2486
ord2618
ord2619
ord5867
ord5996
ord2109
ord2112
ord4451
ord4199
ord1826
ord4224
ord5228
ord1177
ord1173
ord1561
ord5264
ord4828
ord2355
ord5061
ord4629
ord4601
ord4710
ord4744
ord4602
ord5010
ord4369
ord4846
ord355
ord4606
ord4604
ord5214
ord617
ord296
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord815
ord561
ord2717
ord2550
ord925
ord5297
ord5208
ord5499
ord2627
ord986
ord520
ord4154
ord6113
ord2613
ord3694
ord3393
ord3728
ord3995
ord6004
ord3298
ord3282
ord6137
ord5855
ord3714
ord793
ord3696
ord500
ord772
ord6138
ord4219
ord2290
ord2354
ord2291
ord927
ord5600
ord4215
ord2576
ord3649
ord2430
ord2858
ord1637
ord6266
ord5906
ord4608
ord4607
ord4294
ord2108
ord2081
ord1088
ord2114
ord556
ord2527
ord3288
ord4688
ord5142
ord6688
ord3693
ord765
ord6303
ord4162
ord521
ord711
ord413
ord1105
ord414
ord3657
ord5817
ord1569
ord3993
ord6003
ord693
ord3635
ord3365
ord4396
ord2574
ord641
ord656
ord3605
ord609
ord3569
ord4390
ord2567
ord795
ord567
ord3716
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord3397
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord6051
ord2371
ord2859
ord1143
ord1634
ord3566
ord2406
ord3621
ord823
_adjust_fdiv
wcsncpy
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_vsnwprintf
_iob
fputws
atoi
_vsnprintf
_wcsicmp
iswupper
printf
iswdigit
wcscat
__CxxFrameHandler
wcscmp
_wtol
_wtoi
swprintf
wcschr
wcslen
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
__dllonexit
_onexit
_controlfp
?terminate@@YAXXZ
wcscpy
_purecall
__p__commode
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
GetUserNameW
CreateFileW
ReadFile
GetLastError
lstrlenW
MulDiv
MultiByteToWideChar
ConnectNamedPipe
CreateThread
CreateNamedPipeW
SearchPathW
GetCurrentDirectoryW
WideCharToMultiByte
GlobalUnlock
GlobalLock
CloseHandle
GlobalAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
WriteFile
GetSystemTime
SystemTimeToFileTime
InterlockedIncrement
CompareStringW
InterlockedDecrement
lstrcpyW
GetFileAttributesW
CreateDirectoryW
GetTempFileNameW
DeleteFileW
lstrcatW
GetTempPathW
GetVersionExA
LoadLibraryA
GetProcAddress
IsValidCodePage
GetTextExtentPoint32W
Rectangle
SelectObject
GetDeviceCaps
CreateFontW
CreatePen
GetStockObject
GetObjectW
CreateSolidBrush
GetTextMetricsW
RedrawWindow
GetSystemMenu
EnableMenuItem
GetMessagePos
GetCursorPos
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
GetClipboardData
CloseClipboard
OpenClipboard
BringWindowToTop
CheckMenuRadioItem
PtInRect
ScreenToClient
ClientToScreen
LoadMenuW
GetSubMenu
GetWindowLongW
SetWindowLongW
PostMessageW
GetDesktopWindow
UpdateWindow
IsWindowEnabled
LoadBitmapW
SendMessageW
GetFocus
GetParent
EnableWindow
IsWindowVisible
ShowScrollBar
IsCharUpperW
IsCharUpperA
InvalidateRect
GetClientRect
FillRect
GetWindowRect
GetDC
ReleaseDC
GetSystemMetrics
GetKeyState
SetActiveWindow
RegisterWindowMessageW
SetFocus
IsWindow
ord109
ord39
ord123
ord35
ord100
ord90
ord19
ord121
ord24
ord186
ord20
ord120
ord153
ord151
ord22
ord92
ord28
ord48
ord30
ord150
ord17
ord14
ord129
ord155
ord66
ord8
ord165
ord163
ord160
ord159
ord32
ord118
ord26
ord115
ord166
ord116
ord119
ord158
ord125
ord78
CoUninitialize
StgOpenStorage
StgCreateDocfile
CoCreateGuid
CoCreateInstance
CoInitialize
SysAllocString
SysFreeString
DragFinish
SHBrowseForFolderW
DragQueryFileW
SHGetPathFromIDListW
ImageList_AddMasked
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ