293611ae6bdb0517260724485a9d669c9040dc69b2c1f282b5fefd174edfb4e7[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

293611ae6bdb0517260724485a9d669c9040dc69b2c1f282b5fefd174edfb4e7.7z
Size

1.7MB
MD5

1ca8702c199ccb5f0df6171e5a24b988
SHA1

83cc6364251743ff3a0c3f766a8687d0c7b893d3
SHA256

293611ae6bdb0517260724485a9d669c9040dc69b2c1f282b5fefd174edfb4e7
SHA512

30892d88088c120eb062c680f21d2249f4e85e06df794d192f2800d51f1d70def47dd200c4a9c7a30af8e648e9193cfa1ca9218e350e1eb67e8d44ea4f090288
SSDEEP

49152:eCamQX69R9KxdK6iVqImROHQzD4MtT033EiQPmI3Q:96w486i8ImRZ3dB0nGHQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Installer/ActivationClient.dll
unpack001/Installer/ActivationManager.dll
unpack001/Installer/ActiveSyncProvider.dll
unpack001/Installer/DirectX2D.dll
unpack001/Installer/Installer.exe
unpack001/Installer/Serilog.dll
unpack001/Installer/archivelog.dll
unpack001/Installer/d2patch.dll

Files

293611ae6bdb0517260724485a9d669c9040dc69b2c1f282b5fefd174edfb4e7.7z
.7z
Installer/ActivationClient.dll
.dll windows:10 windows x64 arch:x64

990e2e3d39b051401c6258185671ddf8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ActivationClient.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memcpy
_o_free
_o_malloc
__C_specific_handler
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler3
_CxxThrowException

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateMutexExW
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
OpenSemaphoreW
WaitForSingleObjectEx
CreateSemaphoreExW
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemRealloc
CoSetProxyBlanket
CoTaskMemFree

api-ms-win-core-winrt-propertysetprivate-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

combase

ord140

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Installer/ActivationManager.dll
.dll windows:10 windows x64 arch:x64

8e483267164a95ffc3654e63209eed12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ActivationManager.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__ui64tow_s
_o__wcsicmp
memmove
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcstok_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
wcschr
wcsrchr
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__get_errno
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memmove_s
wcscspn
wcscmp
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameA
GetProcAddress

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSemaphoreExW
AcquireSRWLockShared
ReleaseMutex
ReleaseSRWLockShared
CreateMutexExW
InitializeCriticalSection
DeleteCriticalSection
OpenEventW
WaitForSingleObject
InitializeCriticalSectionEx
InitializeSRWLock
LeaveCriticalSection
ResetEvent
CreateEventW
ReleaseSemaphore
SetEvent
EnterCriticalSection
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
CreateEventExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
GetProcessHeap
HeapDestroy
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
RoTransformError
GetRestrictedErrorInfo
RoOriginateErrorW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait
SetThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolWait

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentProcess
TerminateProcess
OpenProcessToken
GetCurrentProcessId
CreateProcessAsUserW
SetThreadToken
GetProcessId
CreateThread
SetThreadPriority
GetThreadId
GetCurrentThreadId
OpenThread
GetCurrentThread
ProcessIdToSessionId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

SysFreeString

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventUnregister
EventProviderEnabled

ntdll

RtlCopySid
RtlLengthSid
NtOpenProcessToken
NtClose
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlWakeAllConditionVariable
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlGetDeviceFamilyInfoEnum
RtlIsMultiSessionSku
NtOpenProcessTokenEx
NtQueryInformationToken
RtlIsParentOfChildAppContainer
RtlNtStatusToDosError
RtlQueryTokenHostIdAsUlong64
RtlExpandEnvironmentStrings
NtQuerySecurityAttributesToken
NtTerminateProcess
RtlInitUnicodeString
RtlCapabilityCheck
NtQueryInformationProcess
RtlFreeHeap
RtlAllocateHeap
RtlSleepConditionVariableSRW
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-com-l1-1-0

CoCancelCall
CoCreateFreeThreadedMarshaler
CoGetApartmentType
CoResumeClassObjects
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoGetStdMarshalEx
CoDisableCallCancellation
CoUninitialize
CoWaitForMultipleHandles
CoCreateGuid
CoImpersonateClient
CoRevertToSelf
CoRegisterClassObject
CoGetCallContext
CoGetCallerTID
CoRevokeClassObject
CoGetMalloc
CoAddRefServerProcess
CoTaskMemAlloc
CoTaskMemRealloc
CoEnableCallCancellation
CoReleaseServerProcess
CLSIDFromString
CoIncrementMTAUsage
CoCreateInstance
CoTaskMemFree

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance
RoRevokeActivationFactories
RoRegisterActivationFactories

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize
Sleep

api-ms-win-core-winrt-string-l1-1-0

WindowsConcatString
WindowsCreateString
WindowsDeleteStringBuffer
WindowsStringHasEmbeddedNull
WindowsPreallocateStringBuffer
WindowsPromoteStringBuffer
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsIsStringEmpty
WindowsDeleteString
WindowsSubstringWithSpecifiedLength
WindowsCreateStringReference

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetTickCount64
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetWindowsDirectoryW

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-appmodel-runtime-internal-l1-1-3

CouldMultiUserAppsBehaviorBePossibleForPackage

api-ms-win-appmodel-runtime-internal-l1-1-4

IsOnDemandRegistrationSupportedForExtensionCategory
GetExtensionApplicationUserModelId

api-ms-win-appmodel-runtime-internal-l1-1-1

GetPackageStatusForUser
GetPackageFullNameFromToken
GetPackageStatus

api-ms-win-appmodel-runtime-internal-l1-1-0

GetPackageApplicationPropertyString
GetPackageApplicationContext

api-ms-win-appmodel-runtime-internal-l1-1-6

OpenPackageInfoByFullNameForMachine

api-ms-win-appmodel-runtime-internal-l1-1-2

GetEffectivePackageStatusForUser

appxdeploymentclient

ord68

twinapi.appcore

ord2
ord3

msvcp_win

??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?exceptions@ios_base@std@@QEAAXH@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??Bios_base@std@@QEBA_NXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
LocalReAlloc

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegGetValueW
RegDeleteTreeW
RegOpenCurrentUser
RegQueryInfoKeyW
RegQueryValueExW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
RoOriginateLanguageException
IsErrorPropagationEnabled

api-ms-win-core-com-private-l1-1-0

CoGetErrorInfo
CoSetErrorInfo
CoRevokeRacActivationToken
CoRegisterRacActivationToken

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_SetSite
IUnknown_QueryService

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-psm-key-l1-1-1

PsmCreateKeyWithDynamicId

api-ms-win-core-psm-key-l1-1-0

PsmCreateKey
PsmGetKeyFromToken
PsmGetKeyFromProcess

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW
StartServiceW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

rpcrt4

RpcBindingFree
RpcAsyncCancelCall
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcServerInqCallAttributesW
RpcRevertToSelf
RpcImpersonateClient
RpcStringFreeW
RpcBindingSetAuthInfoExW
I_RpcBindingInqLocalClientPID
Ndr64AsyncClientCall
RpcAsyncInitializeHandle
RpcAsyncCompleteCall
I_RpcExceptionFilter

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-winrt-propertysetprivate-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
GetTokenInformation
DuplicateTokenEx
RevertToSelf
IsWellKnownSid
GetLengthSid
GetAce
FreeSid
CopySid
IsValidSid
ImpersonateLoggedOnUser

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpLogicalW
StrCmpIW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

api-ms-win-appmodel-identity-l1-2-0

AppXGetOSMaxVersionTested

coremessaging

CoreUICreate
CoreUICreateEx
MsgBlobCreateShared
MsgRelease
MsgStringCreateShared

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathIsPrefixW
PathIsRelativeW

api-ms-win-core-winrt-registration-l1-1-0

RoGetActivatableClassRegistration

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchRemoveFileSpec
PathAllocCombine

api-ms-win-core-file-l1-1-0

GetFileAttributesW

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer
UnregisterWaitEx

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W

profapi

ord102
ord101

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW

api-ms-win-security-sddlparsecond-l1-1-0

LocalGetStringForCondition

mpr

WNetGetConnectionW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCurrentDirectoryW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

combase

ord140
ord159
ord79
ord65

api-ms-win-shcore-stream-l1-1-0

IStream_Write

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-appmodel-state-l1-2-0

OpenStateExplicit
CloseState
GetSystemAppDataKey

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

DisableAppXDebuggingForPackage
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
EnableAppXDebuggingForPackage
FreeAppXLaunchContext
GetPackageExecutionContextForAumid
GetPackageExecutionContextForAumidAndUser
GetPackageExecutionContextForDeviceFamilyName
GetPackageExecutionContextForPackageByFullName
PostCreateProcessAppXActivation
PrepareAppXActivation
RegisterAppXPackageIfNecessary
RegisterAppXPackageIfNecessary2

Sections

.text
Size: 567KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Installer/ActiveSyncProvider.dll
.dll windows:10 windows x64 arch:x64

71de13c0bb143d06cad7973a4df93a64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ActiveSyncProvider.pdb

Imports

msvcrt

_wcstoui64
_i64tow_s
iswspace
iswcntrl
_wcsdup
memmove_s
__CxxFrameHandler3
?terminate@@YAXXZ
wcstol
_vsnprintf
strnlen
_vsnprintf_s
wcspbrk
_vscwprintf
_vswprintf_p_l
_vscwprintf_p_l
_vsprintf_p_l
_vscprintf_p_l
wcsnlen
wcsstr
iswdigit
wcstok_s
_vsnwprintf_s
wcschr
_snwprintf_s
wcsncmp
wcstod
_ltow_s
swscanf_s
free
_wcsicmp
_ultow_s
wcstoul
_wtoi
_itow_s
_wtol
malloc
_callnewh
_strnicmp
_purecall
memcpy_s
_vsnwprintf
__C_specific_handler
_XcptFilter
_amsg_exit
_initterm
_lock
_unlock
__dllonexit
_wcstoi64
_onexit
_errno
realloc
memset
memmove
memcpy
memcmp
memchr
floor
_wcsnicmp
wcsrchr
swscanf
wcscmp

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlReportException

syncutil

ord268
ord35
GetSessionSyncStats
AggregateAccountSyncStats
GetAccountSyncStats
ord24
ord48
ord52
ord51
IsFirstSyncEver
GetCurrentSyncStats
ord21
ord453
DeviceNeedsProvisioning
ord89
CoCreateInstanceElevated
AcquireDataStoreLock
ord470
ord28
ord26
GetAuthCertTargetAndUser
CredVaultDelete
CredVaultWrite
CredVaultRead
ord702
IsMatchingClientCertificateEx
ord118
ord121
ord120
CreateAuthHandler
ord442
ord94
ord31
ord22
ord274
ord273
ord701
ord66
ord67
ord256
ReleaseDataStoreLock
ord18
GetAADToken
ord410
ord500
ord503
ord501
ord505
ord109
ord87
ord269
IsValidAADAuthUri
GetGoldenPartnershipId
ord23
ord461
ord464
GetDefaultStoreDirty
SetDefaultStoreDirty
GetMsaCustomerId
InitializeMeContact
ord462
ord463
ord242
ord33
ord296
ord744
ord743
ord745
ReadPasswordForPartnership
ord747
ord746
ord69
ord68
ord257
GetCurrentSyncStatsForStore
SetOutgoingMessageSizeLimit
GetOutgoingMessageSizeLimit
ord34
AcquireDataStoreLockEx
ord17
AggregateSessionSyncStats
InitializeSyncStatus
SyncSqmUpdateStats
ord106
ord53
ord103
ord105
ord502
ord29
ord275
ord93
ord15
ord739
ord56
ord111
ord451
ord452
ord440
InitializeMsaStore
VerifyDataStoreLockOwner
ord9
DeleteHttpTransport
GetSyncWorkOnBehalfTicket
SetSyncWorkOnBehalfTicket
ord10
ord86
ord88
ord287
ord285
ord27
ord471
ord30
ord44

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
FreeLibrary
FreeLibraryAndExitThread
GetModuleHandleW
LoadStringW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
Sleep

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSectionEx
WaitForSingleObjectEx
EnterCriticalSection
InitializeCriticalSection
WaitForSingleObject
OpenSemaphoreW
AcquireSRWLockExclusive
InitializeSRWLock
LeaveCriticalSection
ReleaseSRWLockExclusive
CreateMutexExW
DeleteCriticalSection
ResetEvent
CreateSemaphoreExW
ReleaseMutex
CreateEventW
SetEvent
CreateEventExW
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapReAlloc
HeapAlloc
HeapSize
HeapValidate
HeapCompact
HeapDestroy
HeapCreate

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError
RaiseException

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoInitializeEx
CoGetMalloc
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateGuid
CoGetApartmentType
CoWaitForMultipleObjects
CoCreateFreeThreadedMarshaler
CoUninitialize
CoCreateInstance
CoTaskMemAlloc

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
CreateThread
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
IsValidCodePage
FormatMessageW
GetSystemDefaultLCID
GetACP

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

VarBstrCat
SysAllocStringByteLen
SafeArrayGetElement
SystemTimeToVariantTime
SafeArrayLock
VariantTimeToSystemTime
SafeArrayCreateVector
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SysStringByteLen
SafeArrayDestroy
VariantChangeType
VariantCopyInd
SysAllocString
SafeArrayPutElement
SysAllocStringLen
SysStringLen
SafeArrayRedim
SafeArrayCreate
VariantInit
VariantCopy
VariantClear
SysFreeString
SafeArrayUnlock

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetTickCount64
GetSystemTime
GetTickCount
GetLocalTime

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegDeleteTreeW
RegDeleteValueW
RegQueryValueExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
GlobalFree

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
CompareFileTime

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCreateString
WindowsDuplicateString

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

accountaccessor

UnenrollAndMarkAccountForDeletion

cemapi

CreateMAPITableWalker
SetConversationId
IsMessageClassReadRequest
GetMAPIStorePropTags
MAPILogonEx
MAPIFreeBuffer
FreeProws
HrGetOneProp
MAPIUninitialize
HrSetOneProp
GetMsgClassEnum
GetNamedPropTag
MAPIInitialize
MAPIAllocateBuffer
GetMsgStoreFromMessage
USOIDfromCEENTRYID

userdatalanguageutil

GetNarrowSzCodepage
ConvertToWideStream
GetWideSzAlloc
UninitializeLanguageUtil
InitializeLanguageUtil
GetMultiLanguage2
IsLocalePseudoLoc

userdatatimeutil

AdjustGMTForAllDayAppts
AdjustForAllDayAppts
GetCurrentLocalTime
FileTimeToVariantTime
ConvertVariantTimeToFileTime
ConvertLocalVariantTimeToFileTime
FileTimeToLocalFileTimeEx
DaysBetweenFT
FileTimeToTzSpecificVariantTime
MinutesBetweenFT
FileTimeAdjustUTCToTz

userdatatypehelperutil

BytesToDigits
UsOidToTaskUdmId
UsOidToContactUdmId
UsOidToCalendarUdmId
EcUidToGlobalObjId
TrimWhiteSpaces
EcGlobalObjIdToUid
MapiIdToEmailUdmId
StringToBytes
CompressWhitespaceNW
SplitString
GetStreamSize
FormatPoomIdToString
StreamFromStringW
ReadStreamContent

networkhelper

SyncPdcReference_WatchdogReport
ReportSyncProgress
GetOrCreateNullPowerDependencyCoordinatorManager
CHttpTransport_CreateInstance
SyncWerReportGenerator
SyncPdcReference_WatchdogsEnabled
IsNetworkConnectionCostRestricted

pimstore

GetAppointmentUniqueId
GetBlankName
CreateOutlookApp

mccspal

ord31
ord30
ord32

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathMatchSpecW
PathFindExtensionW

Exports

Exports

CreateMassObject
CreateSyncServiceLayer
DllCanUnloadNow
DllGetClassObject
DownloadEmailAttachment
DownloadEmailBody
GetActiveSyncServerProbeInstance
GetConversationSyncEnabled
GetOutlookExtensionSupportForAccount
GetOutlookExtensionSupportFromAccessor
GetUserInfoForUnconfiguredAccount
HandleEasMeetingResponseForAppointment
HandleEasMeetingResponseForMeetingNotification
InitializeSyncStatus
IsEnabledForSync
IsErrorCatastrophic
IsValidOutlookExtensionVersion
MarkPeopleFolderForResync
OneStopFactory
SyncGetMAPISession
SyncGetMessageStore
SyncGetSpecialFolder
SyncMgrPurgeFolderProvider
SyncMgrPurgeProviderStore
SyncMgrRemovePolicy
SyncSqmUpdateStats
UpdateEasTrackingSchema
WriteStoreCapabilityProps
WriteStoreContentTypesProps

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Installer/DirectX2D.dll
.dll windows:4 windows x86 arch:x86

01b62986414563f843fca13d7f8ffe1c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
FindFirstFileA
Sleep
TlsGetValue
GetModuleFileNameA
GetStartupInfoA
GetLocaleInfoW
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
GetProcAddress
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetLastError
CloseHandle
ReadFile
SetFilePointer
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
OutputDebugStringA
SetHandleCount
GetStdHandle
GetFileType
GetLocaleInfoA
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
LCMapStringW
InterlockedIncrement
SetStdHandle
FlushFileBuffers
CreateFileA
LCMapStringA
GetStringTypeA
GetStringTypeW
LoadLibraryA
SetEndOfFile

user32

ShowCursor
DestroyWindow
LoadImageA
SetFocus
UpdateWindow
ShowWindow
DefWindowProcA
RegisterClassA
GetSystemMetrics
CreateWindowExA

gdi32

DeleteObject
GetObjectA

ddraw

DirectDrawCreate
DirectDrawEnumerateA

Exports

Exports

?_reDisplaySetFillMode@@YIKW4reFILLMODE@@@Z
@_reBitmapBlitToBitmap@36
@_reBitmapBlitToLFB@36
@_reBitmapClear@24
@_reBitmapCreate@20
@_reBitmapDestroy@4
@_reBitmapGetColourKey@12
@_reBitmapGetReadPtr@12
@_reBitmapGetWritePtr@12
@_reBitmapLoad@16
@_reBitmapLoadRaw@24
@_reBitmapLoadToLFB@8
@_reBitmapReleaseReadPtr@8
@_reBitmapReleaseWritePtr@8
@_reBitmapRemap@8
@_reBitmapSetColourKey@12
@_reDisplayAddState@8
@_reDisplayClearBuffer@20
@_reDisplayCloseVideo@0
@_reDisplayCopyLFBtoLFB@12
@_reDisplayCreate@4
@_reDisplayDestroy@4
@_reDisplayDrawIndexedTri@8
@_reDisplayDrawNativeTri@4
@_reDisplayDrawTri@4
@_reDisplayEndFrame@0
@_reDisplayFlipToGDI@0
@_reDisplayGetDeviceName@12
@_reDisplayGetLFBDC@8
@_reDisplayGetLFBReadPtr@12
@_reDisplayGetLFBWritePtr@12
@_reDisplayGetNaughtyData@8
@_reDisplayGetNumDevices@4
@_reDisplayGetPalette@8
@_reDisplayHWAcc3D@0
@_reDisplayHWAccBlit@0
@_reDisplayInitFrame@4
@_reDisplayOpenVideo@20
@_reDisplayQueryVideoMode@12
@_reDisplayReleaseLFBDC@8
@_reDisplayReleaseLFBReadPtr@8
@_reDisplayReleaseLFBWritePtr@8
@_reDisplayRemoveState@8
@_reDisplayRenderFrame@4
@_reDisplaySetDevice@4
@_reDisplaySetPalette@8
@_reDisplaySetViewport@24
@_reDisplayStartFrame@0
@_reDisplaySwapBuffers@0
@_reDisplayWaitTOF@0
@_rePaletteCreate332Pal@4
@_rePaletteCreate@8
@_rePaletteDestroy@4
@_rePaletteGetPalEntries@16
@_rePaletteLoadPalFile@8
@_rePaletteLoadPalRes@8
@_rePaletteSetPalEntries@16
@_reStateActivate@4
@_reStateAddIndexedTri@24
@_reStateAddTri@12
@_reStateCreate@4
@_reStateDestroy@4
@_reStateInit@4
@_reStateSetAlpha@8
@_reStateSetCalcScreenCoords@8
@_reStateSetClipRect@20
@_reStateSetColour@16
@_reStateSetCullMode@8
@_reStateSetDepthBufferMode@8
@_reStateSetFOV@12
@_reStateSetGlobalPointList@8
@_reStateSetRenderMode@8
@_reStateSetSoftwareClip@8
@_reStateSetTexture@12
ghOwnerInstance
ghOwnerWindow
pgLastError

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Installer/Environment.ini
Installer/Installer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Reverbnation.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Installer/Other/Settings/Environment.ini
Installer/Other/Settings/OBSettings.json
Installer/Other/Settings/RLSettings.json
Installer/Serilog.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/src/Serilog/obj/Release/netstandard2.1/Serilog.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Installer/archivelog.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\LZMA-SDK\src\SevenZip-NetStandard\obj\Release\netstandard2.0\SevenZip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Installer/boot.sdi
Installer/bopomofo.uce
Installer/d2patch.dll
.dll windows:4 windows x86 arch:x86

760e19b379614e8d7247a171d264ee1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

d2cmp

ord10079

d2common

ord10385
ord10596
ord10085
ord10295
ord10424
ord10313
ord10315
ord10316
ord10314
ord10296
ord10057
ord10034
ord10045
ord10336
ord10037
ord11205
ord10513
ord10426
ord10666
ord10298
ord10519
ord10077
ord10062
ord10066
ord10342
ord10521
ord10425
ord10099
ord10035
ord10329
ord10326
ord10487
ord10920
ord10039
ord11073
ord10074
ord10075
ord10931
ord10924
ord10076
ord10071
ord10081
ord10073
ord10056
ord10078
ord10582
ord10626
ord10600
ord10068
ord10067
ord10079
ord10080
ord10229
ord10137
ord11229
ord11230
ord10038
ord10001
ord10391
ord10189
ord10187
ord10178
ord10177
ord11029
ord10963
ord10968
ord10947
ord10948
ord10397
ord10368
ord10304
ord10755
ord10305
ord10277
ord10754
ord10810
ord10881
ord10708
ord10709
ord10442
ord10331
ord10328
ord10720
ord10853
ord10719
ord10175
ord10176
ord10707
ord10826
ord11114
ord10564
ord10427
ord10311
ord10312
ord10280
ord10710
ord10711
ord10281
ord10690
ord10357
ord11012
ord11011
ord10518
ord10949
ord10731
ord10618
ord10701
ord10751
ord10954
ord10514
ord10523
ord10535
ord10462
ord10524
ord10258
ord10871
ord10695
ord11107
ord10283
ord10261
ord10386
ord10352
ord10348
ord10262
ord10517
ord10439
ord10750
ord10781
ord10782
ord10257
ord10756
ord10839
ord10736
ord10520
ord10759
ord10765
ord10840
ord10242
ord10270
ord10770
ord10768
ord10299
ord10785
ord10767
ord10265
ord10376
ord10872
ord10855
ord10820
ord10616
ord10811
ord10795
ord10833
ord10263
ord10264
ord10783
ord10246
ord10409
ord10250
ord10243
ord10854
ord10284
ord10384
ord10351
ord10350
ord10332
ord10249
ord10282
ord10307
ord10964
ord10566
ord10565
ord10289
ord10689
ord10369
ord10290
ord10322
ord10957
ord10321
ord10253
ord10455
ord10444
ord10443
ord10447
ord10448
ord10254
ord10835
ord10255
ord10267
ord10271
ord10638
ord10367
ord10276
ord10446
ord10445
ord10449
ord10450
ord10722
ord10601
ord11108
ord11109
ord10771
ord10266
ord10749
ord10525
ord10822
ord10619
ord10816
ord10821
ord10746
ord10567
ord10735
ord10516
ord10918
ord10693
ord10717
ord10828
ord10260
ord10697
ord10699
ord10655
ord10300
ord10240
ord10475
ord10470
ord10526
ord10138
ord10042
ord10599
ord10602
ord10732
ord10623
ord10604
ord10866
ord10870
ord11231
ord10608
ord10875
ord10607
ord10868
ord10873
ord10913
ord10694
ord10733
ord10874
ord10914
ord10691
ord10793
ord10772
ord10792
ord10773
ord10791
ord10696
ord10812
ord10706
ord10704
ord10702
ord10700
ord10698
ord10715
ord10713
ord10863
ord10865
ord10817
ord10815
ord10864
ord10869
ord10753
ord10728
ord10789
ord10862
ord10799
ord10797
ord10882
ord10726
ord10724
ord10718
ord10876
ord10631
ord10802
ord10082
ord10527
ord10241
ord10725
ord10723
ord10883
ord10659
ord11115
ord11116
ord11126
ord10992
ord11034
ord11128
ord10415
ord11119
ord11218
ord11217
ord10398
ord10148
ord10150
ord11129
ord10142
ord10184
ord10182
ord10170
ord10179
ord10146
ord11136
ord11123
ord11121
ord10466
ord10480
ord10589
ord11127
ord11120
ord11124
ord10562
ord11095
ord10118
ord11098
ord11096
ord11094
ord11117
ord11135
ord10990
ord10437
ord10997
ord10996
ord10991
ord11140
ord11141
ord10402
ord10403
ord10401
ord11143
ord11005
ord11004
ord10594
ord11220
ord10465
ord10998
ord10127
ord10147
ord10234
ord10128
ord11142
ord11125
ord10994
ord10995
ord10201
ord10486
ord10528
ord10463
ord10477
ord10478
ord10476
ord10102
ord11036
ord10188
ord10185
ord11122
ord11003
ord11002
ord10473
ord11006
ord10976
ord10407
ord10119
ord10198
ord11137
ord10124
ord11130
ord11062
ord10945
ord11075
ord10960
ord10893
ord10344
ord11056
ord11068
ord10583
ord11082
ord11086
ord11084
ord10629
ord10902
ord10909
ord10901
ord10468
ord10481
ord10471
ord10472
ord10559
ord10917
ord10912
ord11050
ord10324
ord10134
ord10106
ord10161
ord10143
ord10557
ord10493
ord11060
ord10469
ord10363
ord10378
ord10373
ord11057
ord10154
ord10323
ord10984
ord10985
ord10190
ord10186
ord10180
ord10217
ord10222
ord10895
ord10530
ord10490
ord11067
ord10206
ord10191
ord10158
ord10163
ord10162
ord10095
ord10046
ord10025
ord10113
ord10096
ord10592
ord11063
ord11074
ord10059
ord10097
ord10090
ord11072
ord11025
ord11064
ord10122
ord10210
ord10030
ord10974
ord10515
ord10590
ord11017
ord10121
ord10560
ord10136
ord10668
ord10396
ord10624
ord10458
ord10394
ord10120
ord10625
ord10919
ord10047
ord11182
ord11181
ord11183
ord11186
ord11185
ord11189
ord10627
ord10087
ord10060
ord10459
ord10933
ord10428
ord10393
ord10395
ord10337
ord10285
ord11088
ord11065
ord10563
ord10291
ord10434
ord10581
ord10966
ord11023
ord10432
ord10431
ord10892
ord10400
ord10399
ord11147
ord11152
ord11177
ord11151
ord10086
ord11146
ord10429
ord10485
ord10474
ord10660
ord10420

d2net

ord10011
ord10019
ord10021
ord10020
ord10016
ord10006
ord10014
ord10012
ord10010
ord10015
ord10024

fog

ord10046
ord10023
ord10050
ord10029
ord10030
ord10045
ord10137
ord10086
ord10025
ord10024
ord10055
ord10142
ord10143
ord10147
ord10042
ord10127
ord10128
ord10126
gdwBitMasks
ord10118
ord10119
ord10120
ord10115
ord10018

storm

ord501
ord403
ord405
ord502
ord506
ord491
ord423
ord509
ord401

kernel32

RtlUnwind
InterlockedIncrement
GetProcAddress
GetStringTypeW
GetModuleHandleA
LoadLibraryA
GetStringTypeA
GetACP
CreateFileA
GetTickCount
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
IsBadCodePtr
EnterCriticalSection
Sleep
QueryPerformanceCounter
OutputDebugStringA
QueryPerformanceFrequency
GetLocalTime
SetEndOfFile
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
HeapFree
HeapReAlloc
HeapAlloc
HeapSize
HeapDestroy
GetOEMCP
InterlockedDecrement
VirtualFree
CloseHandle
WriteFile
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
IsBadWritePtr
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapCreate
SetFilePointer
SetUnhandledExceptionFilter
IsBadReadPtr
VirtualAlloc
GetCPInfo
MultiByteToWideChar
SetStdHandle
LCMapStringW
LCMapStringA
FlushFileBuffers

user32

PtInRect
wsprintfA
CopyRect

winmm

timeGetTime

Sections

.text
Size: 804KB - Virtual size: 801KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Installer/jsscriptforpatch.pdb

Sharing

General

Malware Config

Signatures

Files

990e2e3d39b051401c6258185671ddf8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-propertysetprivate-l1-1-1

api-ms-win-shcore-taskpool-l1-1-0

combase

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 692B

8e483267164a95ffc3654e63209eed12

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-eventing-provider-l1-1-0

ntdll

api-ms-win-core-util-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-appmodel-runtime-internal-l1-1-3

api-ms-win-appmodel-runtime-internal-l1-1-4

api-ms-win-appmodel-runtime-internal-l1-1-1

api-ms-win-appmodel-runtime-internal-l1-1-0

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 692B

.text
Size: 567KB - Virtual size: 567KB

.rdata
Size: 169KB - Virtual size: 168KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 29KB - Virtual size: 29KB

.didat
Size: 1024B - Virtual size: 832B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB