D:\nstools\nsSetup\HofoInstallers-2.0\Release\Install_classic.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-07-22_12191795c233cc39c5558a77e384cceb_mafia.exe
Resource
win7-20240704-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-07-22_12191795c233cc39c5558a77e384cceb_mafia.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
2024-07-22_12191795c233cc39c5558a77e384cceb_mafia
-
Size
20.1MB
-
MD5
12191795c233cc39c5558a77e384cceb
-
SHA1
6c5fb6f3f7b30e5783df9846cf49c57537c821b4
-
SHA256
6c5790a368a415cc04f974f1d22f33eea321179de4179d8f8a9d13eacf4ccb27
-
SHA512
c76741d100b85ad3edca597312b61478851374cb451ff3aefb13aae6cc160029dcc1dccd3b1fb94807206a428f1a4777a6287d39207568c456e3c0645d6ee74a
-
SSDEEP
393216:ahaoqQmCPbDhRpkRLHfDpIzW7fxOVxtVSVd7yhEX6rJDYd5umV6RCmJMh/CDTy:BoVvxkxH1aSryiX6lsdF6zuCvy
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-07-22_12191795c233cc39c5558a77e384cceb_mafia
Files
-
2024-07-22_12191795c233cc39c5558a77e384cceb_mafia.exe windows:5 windows x86 arch:x86
c51df0328bd0f5035f8c066bfc5fa868
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
ExitThread
FindClose
GetDriveTypeW
FindFirstFileExW
MoveFileW
GetFullPathNameW
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryW
SetEndOfFile
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleW
ExitProcess
IsProcessorFeaturePresent
WriteFile
GetStdHandle
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
GetTimeZoneInformation
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryW
RtlUnwind
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
GetStringTypeW
SetStdHandle
WriteConsoleW
CreateFileW
FlushFileBuffers
lstrcmpW
lstrcatW
FreeResource
GlobalLock
GlobalUnlock
GetFileSize
ReadFile
FindFirstFileW
FindNextFileW
GlobalFree
WaitForSingleObject
TerminateThread
lstrlenA
GetVersionExW
CreateDirectoryW
GetDiskFreeSpaceExW
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
lstrcpynW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
UnmapViewOfFile
LCMapStringA
GetSystemPowerStatus
lstrcmpiW
GetTempPathW
DeleteFileW
GetSystemWow64DirectoryW
GetSystemDirectoryW
CreateThread
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetLocalTime
InitializeCriticalSection
CreateEventW
ResetEvent
LocalFree
CompareStringW
CloseHandle
GetLastError
CreateMutexW
GetModuleFileNameW
lstrcpyW
GetCurrentThread
SetThreadPriority
GetCurrentProcess
SetPriorityClass
GetTickCount
lstrlenW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GlobalAlloc
TlsGetValue
Sleep
SetEnvironmentVariableA
user32
SetWindowTextW
SetForegroundWindow
IsWindowVisible
DrawIconEx
PostQuitMessage
EnableWindow
CreateWindowExW
ReleaseDC
TranslateMessage
GetDC
GetWindowRect
DispatchMessageW
PostMessageW
GetWindowLongW
DefWindowProcW
LoadIconW
UpdateLayeredWindow
wsprintfW
FindWindowW
IsIconic
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetMessageW
SetWindowLongW
DestroyWindow
UnregisterClassW
MoveWindow
BeginPaint
EndPaint
ShowWindow
GetClientRect
ClientToScreen
SetLayeredWindowAttributes
SetWindowPos
SendMessageW
FillRect
OffsetRect
SetWindowRgn
GetSystemMetrics
SetCursor
LoadCursorW
RegisterClassExW
GetClipboardData
gdi32
DeleteObject
CreateRectRgn
BitBlt
CreateFontIndirectW
GetObjectA
CreateCompatibleDC
CombineRgn
OffsetRgn
SetRectRgn
GetStockObject
GetObjectW
CreateSolidBrush
CreateCompatibleBitmap
SelectObject
DeleteDC
CreateDCW
CreateDIBSection
GetTextExtentPoint32W
ole32
CreateStreamOnHGlobal
CoCreateInstance
OleRun
CoInitialize
CoUninitialize
shlwapi
PathFileExistsW
dbghelp
MiniDumpWriteDump
comdlg32
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW
advapi32
OpenServiceW
RegCreateKeyW
RegSetValueW
RegNotifyChangeKeyValue
RegDeleteValueW
DeleteService
ControlService
StartServiceW
CloseServiceHandle
RegOpenKeyW
CreateServiceW
OpenSCManagerW
RegEnumKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
shell32
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW
SHGetSpecialFolderPathW
oleaut32
SysAllocString
VariantChangeType
VariantInit
VariantClear
SysFreeString
wininet
InternetSetOptionW
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetGetConnectedState
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
FtpOpenFileW
FtpGetFileSize
HttpOpenRequestW
InternetReadFile
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
winmm
mciSendStringW
PlaySoundW
gdiplus
GdipRotateWorldTransform
GdipDrawString
GdipDrawImageRectI
GdipDrawImagePointsI
GdipDrawImageRectRectI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipLoadImageFromStreamICM
GdipTranslateWorldTransform
GdipCloneImage
GdipSaveImageToFile
GdipSaveImageToStream
GdipGetImageWidth
GdipGetImageHeight
GdipImageRotateFlip
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipResetWorldTransform
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDisposeImage
GdipCreateSolidFill
GdipDeleteBrush
GdipSetImageAttributesColorKeys
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipLoadImageFromStream
GdipFree
GdipCloneBrush
crypt32
CertOpenStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertCloseStore
CertFindCertificateInStore
CertCreateCertificateContext
wintrust
WinVerifyTrust
Exports
Exports
??0CLock@@QAE@XZ
??0CNsApp@@QAE@XZ
??0CNsDC@@QAE@PAUHDC__@@AAUtagRECT@@_N2PAUHWND__@@@Z
??0CNsDC@@QAE@XZ
??0CNsDownload@@QAE@XZ
??0CNsFont@@QAE@ABV0@@Z
??0CNsFont@@QAE@XZ
??0CNsImage@@QAE@ABV0@@Z
??0CNsImage@@QAE@XZ
??0CNsInstaller@@QAE@ABV0@@Z
??0CNsInstaller@@QAE@XZ
??0CNsLog@@QAE@ABV0@@Z
??0CNsLog@@QAE@XZ
??0CNsNet@@QAE@XZ
??0CNsPacket@@QAE@ABV0@@Z
??0CNsProcess@@QAE@XZ
??0CNsReg@@QAE@XZ
??0CNsSkin@@QAE@ABV0@@Z
??0CNsSkin@@QAE@XZ
??0CNsThread@@QAE@ABV0@@Z
??0CNsThread@@QAE@XZ
??0CNsUpdate@@QAE@ABV0@@Z
??0CNsUpdate@@QAE@XZ
??0CNsXml@@QAE@ABV0@@Z
??0CNsXml@@QAE@XZ
??0CNsZlib@@QAE@XZ
??0CnsDump@@QAE@ABV0@@Z
??0CnsDump@@QAE@XZ
??1CLock@@QAE@XZ
??1CNsApp@@QAE@XZ
??1CNsDC@@QAE@XZ
??1CNsDownload@@QAE@XZ
??1CNsFont@@QAE@XZ
??1CNsImage@@QAE@XZ
??1CNsInstaller@@QAE@XZ
??1CNsLog@@QAE@XZ
??1CNsNet@@QAE@XZ
??1CNsProcess@@QAE@XZ
??1CNsReg@@QAE@XZ
??1CNsSkin@@QAE@XZ
??1CNsThread@@QAE@XZ
??1CNsUpdate@@QAE@XZ
??1CNsXml@@QAE@XZ
??1CNsZlib@@QAE@XZ
??1CnsDump@@QAE@XZ
??4CLock@@QAEAAV0@ABV0@@Z
??4CNsApp@@QAEAAV0@ABV0@@Z
??4CNsDC@@QAEAAV0@ABV0@@Z
??4CNsDownload@@QAEAAV0@ABV0@@Z
??4CNsFont@@QAEAAV0@ABV0@@Z
??4CNsImage@@QAEAAV0@ABV0@@Z
??4CNsInstaller@@QAEAAV0@ABV0@@Z
??4CNsLog@@QAEAAV0@ABV0@@Z
??4CNsNet@@QAEAAV0@ABV0@@Z
??4CNsPacket@@QAEAAV0@ABV0@@Z
??4CNsProcess@@QAEAAV0@ABV0@@Z
??4CNsReg@@QAEAAV0@ABV0@@Z
??4CNsSkin@@QAEAAV0@ABV0@@Z
??4CNsThread@@QAEAAV0@ABV0@@Z
??4CNsUpdate@@QAEAAV0@ABV0@@Z
??4CNsXml@@QAEAAV0@ABV0@@Z
??4CNsZlib@@QAEAAV0@ABV0@@Z
??4CnsDump@@QAEAAV0@ABV0@@Z
??_B?1??Instance@CNsDownload@@SAAAV1@XZ@51
??_B?1??Instance@CNsLog@@SAAAV1@XZ@51
??_B?1??Instance@CNsNet@@SAAAV1@XZ@51
??_B?1??Instance@CNsProcess@@SAAAV1@XZ@51
??_B?1??Instance@CNsReg@@SAAAV1@XZ@51
??_B?1??Instance@CNsUpdate@@SAAAV1@XZ@51
??_B?1??Instance@CNsXml@@SAAAV1@XZ@51
??_B?1??Instance@CNsZlib@@SAAAV1@XZ@51
?AddDelInfo@CNsInstaller@@AAE_NAAUtagDelInfo@@@Z
?AddMovie@CNsImage@@QAE_NPAUHWND__@@HPB_WHHHHHHHHPAUHDC__@@@Z
?AddMovie@CNsImage@@QAE_NPAUHWND__@@PB_WHHHHHHHHPAUHDC__@@@Z
?AddTask@CNsDownload@@QAEHPB_W0@Z
?AddTimer@CNsThread@@AAEPAUtagNsTimer@@AAU2@@Z
?AutoRun@CNsInstaller@@QAEXXZ
?BmToStream@CNsImage@@QAE_NPAUHBITMAP__@@PAUIStream@@PB_W@Z
?CertExists@@YAHPB_W@Z
?CheckComponent@CNsInstaller@@QAE_NXZ
?CheckDir@CNsInstaller@@QAEXPB_W0@Z
?CheckFont@CNsFont@@QAEHPB_W@Z
?CheckImage@CNsImage@@QAE_NPB_W@Z
?CheckInstalled@@YAHPB_W@Z
?CheckOneInstance@@YAHPB_W0@Z
?CheckUpdate@CNsUpdate@@QAEHPB_WP6GXHHH@ZP6GXH0_J2N@Z@Z
?CompVersion@@YAHPB_W0@Z
?CreateCompatibleBitmapEx@CNsDC@@QAEPAUHBITMAP__@@UtagRECT@@@Z
?CreateDirTree@@YAHPB_W@Z
?CreateFolder@@YAHPB_W@Z
?CreateMemDC@CNsDC@@QAEXPAUHDC__@@AAUtagRECT@@_N2PAUHWND__@@@Z
?CreateNewFont@CNsFont@@AAEPAUHFONT__@@AAUtagFontInfo@@@Z
?CreateShareMem@@YAPAXPB_WK@Z
?CreateShortcut@@YAHPB_W000G0H@Z
?CreateShortcuts@CNsInstaller@@QAEXPAUtagSetupInfo@@@Z
?CreateUID@@YAXPA_WH@Z
?CreateUninstallCfg@CNsInstaller@@QAEXPAUtagSetupInfo@@@Z
?CreateUrlShortcut@@YAHPB_W0@Z
?CreateUserShortcuts@CNsInstaller@@AAEXXZ
?DecodeFile@CNsZlib@@QAEJPB_W0K@Z
?DecodeGZipBuffer@CNsZlib@@QAEJPAEJPAPAEPAJ@Z
?DelTask@CNsDownload@@QAEHPB_W@Z
?DelTray@@YAHPAUHWND__@@@Z
?DesGo@@YAXQBDPADHH@Z
?DisableFsRedirection@@YAXPAPAX@Z
?DoReport@@YAXPB_W00@Z
?DoRun@@YAHPB_W0HH@Z
?DoSetup@CNsInstaller@@AAEXXZ
?DoUpdate@CNsInstaller@@QAEX_N@Z
?DownComponent@CNsInstaller@@AAEXPB_W@Z
?DownNotify@CNsInstaller@@CGXHPB_W_J1N@Z
?DownloadThread@CNsDownload@@CGIPAX@Z
?Draw@CNsDC@@QAEXXZ
?DrawImg@CNsImage@@QAE_NPAUHDC__@@HPB_WHHHHPAUtagRECT@@@Z
?DrawImg@CNsImage@@QAE_NPAUHDC__@@PAUIStream@@HHHHPAUtagRECT@@@Z
?DrawImg@CNsImage@@QAE_NPAUHDC__@@PAVImage@Gdiplus@@HHHHPAUtagRECT@@PAVImageAttributes@4@@Z
?DrawImg@CNsImage@@QAE_NPAUHDC__@@PB_WHHHHPAUtagRECT@@@Z
?DrawImgEx@CNsImage@@QAE_NPAUHDC__@@HPB_WMMMMHHHH@Z
?DrawImgEx@CNsImage@@QAE_NPAUHDC__@@PAUIStream@@MMMMHHHH@Z
?DrawImgEx@CNsImage@@QAE_NPAUHDC__@@PB_WMMMMHHHH@Z
?DrawRotate3D@CNsImage@@QAEXPAUHDC__@@HPB_WHHHHHH@Z
?DrawRotate3D@CNsImage@@QAEXPAUHDC__@@PAUIStream@@HHHHHH@Z
?DrawRotate@CNsImage@@QAE_NPAUHDC__@@HPB_WHHHHH@Z
?DrawRotate@CNsImage@@QAE_NPAUHDC__@@PAUIStream@@HHHHH@Z
?DrawRotate@CNsImage@@QAE_NPAUHDC__@@PB_WHHHHH@Z
?DrawRotateFlip@CNsImage@@QAE_NPAUHDC__@@HPB_WHHHHW4RotateFlipType@Gdiplus@@M@Z
?DrawRotateFlip@CNsImage@@QAE_NPAUHDC__@@PAUIStream@@HHHHW4RotateFlipType@Gdiplus@@M@Z
?DrawRotateFlip@CNsImage@@QAE_NPAUHDC__@@PB_WHHHHW4RotateFlipType@Gdiplus@@M@Z
?DrawSplitH@CNsImage@@AAE_NPAUHDC__@@PAVImage@Gdiplus@@HHHHPAUtagRECT@@H@Z
?DrawSplitV@CNsImage@@AAE_NPAUHDC__@@PAVImage@Gdiplus@@HHHHPAUtagRECT@@HH@Z
?DrawStretchImg@CNsImage@@QAE_NPAUHDC__@@HPB_WHHHHHHHH@Z
?DrawStretchImg@CNsImage@@QAE_NPAUHDC__@@PAUIStream@@HHHHHHHH@Z
?DrawStretchImg@CNsImage@@QAE_NPAUHDC__@@PAVImage@Gdiplus@@HHHHHHHH@Z
?DrawStretchImg@CNsImage@@QAE_NPAUHDC__@@PB_WHHHHHHHH@Z
?DrawString@CNsImage@@QAEXPAUHDC__@@PAUHFONT__@@PB_WHHHHKH_N3H@Z
?DrawTranImg@CNsImage@@QAE_NPAUHDC__@@HPB_WKKHHHH@Z
?DrawTranImg@CNsImage@@QAE_NPAUHDC__@@PAUIStream@@KKHHHH@Z
?DrawTranImg@CNsImage@@QAE_NPAUHDC__@@PB_WKKHHHH@Z
?EasyEncode@@YAXPADH@Z
?EncodeFile@CNsZlib@@QAEJPB_W0H@Z
?ExceptionFilter@CnsDump@@CGJPAU_EXCEPTION_POINTERS@@@Z
?ExecScript@CNsInstaller@@QAEXPB_W@Z
?ExitApp@CNsApp@@QAEXXZ
?ExitThread@CNsThread@@QAEXPAXH@Z
?ExtractFile@CNsInstaller@@AAE_NPAUtagPacketInfo@@PAU_iobuf@@@Z
?ExtractPath@@YAXPA_W@Z
?FileSize@@YA_JPB_W@Z
?FileTime@@YAHPB_WPAU_SYSTEMTIME@@11@Z
?FindRes@CNsSkin@@AAE_NPB_WPAUIStream@@@Z
?ForceLog@CNsLog@@QAEX_N@Z
?FreeSkin@CNsSkin@@QAEXXZ
?GbToTraditional@@YAXPADH@Z
?GetCPUID@@YAXPAD@Z
?GetClipboard@@YAHPA_WH@Z
?GetColorDlg@@YAKPAUHWND__@@K@Z
?GetCurPath@@YAXPA_W@Z
?GetDefaultSize@CNsFont@@QAEHXZ
?GetDesktopPath@@YAHPA_W@Z
?GetEncoderClsid@CNsImage@@QAEHPB_WPAU_GUID@@@Z
?GetFileVer@@YAHPB_WPA_W@Z
?GetFont@CNsFont@@AAEPAUHFONT__@@AAUtagFontInfo@@@Z
?GetFont@CNsFont@@QAEPAUHFONT__@@HPB_WHHH@Z
?GetFtpFile@CNsDownload@@QAEHPB_W0HP6GXH0_J1N@Z00@Z
?GetHttpFile@CNsDownload@@QAEHPB_W0HP6GXH0_J1N@Z@Z
?GetImgSize@CNsImage@@QAE_NHAAH0@Z
?GetImgSize@CNsImage@@QAE_NPB_WAAH1@Z
?GetInfoLen@CNsNet@@QAEHXZ
?GetLogFileName@CNsLog@@AAEXAAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?GetMovieIndex@CNsImage@@QAEHH@Z
?GetNodeAttr@CNsXml@@QAEHPB_W0PA_W@Z
?GetOsName@@YAHPA_W@Z
?GetPathUseSpace@@YA_KPB_W@Z
?GetProcByName@CNsProcess@@QAE_NPB_WPAUtagPROCESSENTRY32W@@@Z
?GetProcList@CNsProcess@@QAE_NAAV?$vector@UtagPROCESSENTRY32W@@V?$allocator@UtagPROCESSENTRY32W@@@std@@@std@@@Z
?GetProgramFilePath@@YAHPA_W@Z
?GetProgramsPath@@YAHPA_W@Z
?GetQuickLaunchPath@@YAHPA_WH@Z
?GetRegInfo@@YAHPAUHKEY__@@PA_W1H1@Z
?GetRegInfo@CNsReg@@QAEHPAUHKEY__@@PA_W1H1@Z
?GetRes@CNsSkin@@QAE_NPB_WPAUIStream@@@Z
?GetResType@CNsSkin@@QAEHXZ
?GetSetupInfo@CNsInstaller@@QAE_NAAUtagSetupInfo@@@Z
?GetSoftVer@@YAHPB_WPA_W@Z
?GetStartMenuPath@@YAHPA_W@Z
?GetThemesPath@CNsSkin@@QAEXPA_W@Z
?GetUrlInfo@@YAHPB_WPADH@Z
?GetUrlInfo@CNsNet@@QAEHPB_WPADH@Z
?GetXmlNode@CNsXml@@QAEHPA_WAAH@Z
?GetXmlNodeCount@@YAHPB_W@Z
?GetXmlNodeCount@CNsXml@@QAEHPB_W@Z
?GetXmlNodeValue2@@YAHPB_WPA_WH@Z
?GetXmlNodeValue3@@YAHPB_WPA_WPAH@Z
?GetXmlNodeValue@@YAHPB_WPA_W@Z
?GetXmlNodeValue@CNsXml@@QAEHPB_WPA_W@Z
?GetXmlNodeValue@CNsXml@@QAEHPB_WPA_WH@Z
?GetXmlNodeValue@CNsXml@@QAEHPB_WPA_WPAH@Z
?HideProcess@CNsProcess@@QAEXH@Z
?ImportCACert@@YAHPAXH@Z
?ImportCertFile@@YAHPB_W@Z
?ImportReg@CNsInstaller@@QAEXXZ
?InitPath@CNsInstaller@@AAEXAAUtagSetupInfo@@@Z
?InitZlib@CNsZlib@@QAEJXZ
?Inject@CNsProcess@@QAE_NKPAXK0K@Z
?Install@CnsDump@@QAEXPB_W0@Z
?InstallComponent@CNsInstaller@@AAEXXZ
?InstallDump@@YAXPB_W0@Z
?InstallFunc@CNsInstaller@@AAE_NXZ
?InstallThread@CNsInstaller@@CGIPAX@Z
?Instance@CNsDownload@@SAAAV1@XZ
?Instance@CNsLog@@SAAAV1@XZ
?Instance@CNsNet@@SAAAV1@XZ
?Instance@CNsProcess@@SAAAV1@XZ
?Instance@CNsReg@@SAAAV1@XZ
?Instance@CNsUpdate@@SAAAV1@XZ
?Instance@CNsXml@@SAAAV1@XZ
?Instance@CNsZlib@@SAAAV1@XZ
?IntToStrSize@@YAX_JPA_W@Z
?IsLockRead@CLock@@QAE_NXZ
?IsLockWrite@CLock@@QAE_NXZ
?KillProcess@CNsProcess@@QAEXK@Z
?KillProcess@CNsProcess@@QAEXPB_W@Z
?KillTimer@CNsThread@@QAEXH@Z
?LnkToRealPath@@YAJPB_WPA_W@Z
?LoadDrv@@YAHPB_W0@Z
?LoadPngFromRes@CNsImage@@AAEPAVImage@Gdiplus@@HPB_W@Z
?LoadProxyConfig@CNsDownload@@QAEXXZ
?LoadProxyConfig@CNsNet@@QAEXXZ
?LoadSkin@CNsSkin@@QAE_NPB_W@Z
?Lock@CLock@@QAEXXZ
?LockRead@CLock@@QAEXXZ
?MD5Go@@YAHPAD0@Z
?MakeSkin@CNsSkin@@QAE_NPB_W0@Z
?MonitorReg@CNsReg@@QAEHPAUHKEY__@@PA_WHP6GXPAX@Z2@Z
?MonitorThread@CNsReg@@SGKPAX@Z
?MovePos@CNsInstaller@@AAEXPAUtagPacketInfo@@PAU_iobuf@@@Z
?MovieThread@CNsImage@@CGIPAX@Z
?MsgLoop@CNsApp@@QAEHXZ
?NsEncode@@YAXQBDPADHH@Z
?NsEncodeFile@@YAHPB_W0@Z
?NsGetStrWidth@@YAHPB_WPAUHWND__@@PAUHFONT__@@@Z
?NsReadFile@@YAHPB_WPAXAAK@Z
?NsResGetBuff@@YAHHPB_WPAX@Z
?NsResGetStream@@YAPAUIStream@@HPB_W@Z
?NsResSave@@YAHHPB_W0@Z
?NsResSize@@YAHHPB_W@Z
?NsResUpdate2@@YAHPB_WH0PAXH@Z
?NsResUpdate@@YAHPB_WH00@Z
?NsWriteFile@@YAHPB_WPAXK@Z
?OpenUrl@@YAXPB_WH@Z
?Parse@@YAHPB_W@Z
?Parse@CNsXml@@QAEHPB_W@Z
?ParseParams@CNsInstaller@@QAEXPB_W@Z
?PauseMP3@@YAXPB_W@Z
?PlayMP3@@YAXPB_WH@Z
?PlayWav@@YAHPB_WH@Z
?Post@CNsNet@@QAEHPB_WPAXHPADH@Z
?ReadShareMem2@@YAHPB_WPAXHH@Z
?ReadShareMem@@YAHPB_WPA_W@Z
?RefreshIconCache@@YAXXZ
?RegFileRelation@@YAXPB_W0000@Z
?RegProtocol@@YAXPB_W0@Z
?ReplaceExeIco@@YAHPB_W0H@Z
?ReplaceSysPath@CNsInstaller@@AAEXAAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?ResumeMP3@@YAXPB_W@Z
?RevertFsRedirection@@YAXPAPAX@Z
?SavePic@CNsImage@@QAE_NPAUHDC__@@UtagRECT@@PB_W2@Z
?SavePic@CNsImage@@QAE_NPAUHWND__@@PB_W1@Z
?SavePic@CNsImage@@QAE_NPB_W00@Z
?SaveScreen@CNsImage@@QAE_NPB_W0@Z
?SaveUpdateCfg@CNsUpdate@@AAEXXZ
?SetAppName@CNsApp@@QAEXPB_W@Z
?SetAutoRun@@YAHPB_WH0@Z
?SetAutoRun@CNsReg@@QAEHPB_WH0@Z
?SetClipboard@@YAHPB_W@Z
?SetDefaultFont@CNsFont@@QAEXHPB_WH@Z
?SetDelay@CNsUpdate@@QAEXH@Z
?SetIcon@@YAHPAUHWND__@@PAUHICON__@@@Z
?SetInst@CNsImage@@QAEXPAUHINSTANCE__@@@Z
?SetMemName@CNsLog@@QAEXPB_WH@Z
?SetPath@CNsUpdate@@QAEXPB_W@Z
?SetPrivilege@@YAHPB_WH@Z
?SetRegInfo@@YAHPAUHKEY__@@PA_W1HPB_W@Z
?SetRegInfo@CNsReg@@QAEHPAUHKEY__@@PA_W1HPB_W@Z
?SetResType@CNsSkin@@QAEXH@Z
?SetRetry@CNsDownload@@QAEXHH@Z
?SetShortcutIcon@@YAHPB_W0@Z
?SetSkinName@CNsSkin@@QAEXPB_W@Z
?SetThemesName@CNsSkin@@QAEXPB_W@Z
?SetTip@@YAHPAUHWND__@@PB_W@Z
?ShowBalloon@@YAHPAUHWND__@@PB_W1H@Z
?ShowLicense@CNsInstaller@@QAEXXZ
?ShowOpenFileDlg@@YAHPA_WHPAUHWND__@@PB_W2H@Z
?ShowSaveFileDlg@@YAHPA_WPAUHWND__@@PB_W2@Z
?ShowSelDir@@YAHPA_WPAUHWND__@@@Z
?ShowTray@@YAHPAUHWND__@@PAUHICON__@@PB_WI@Z
?StartDownload@CNsDownload@@QAEXPB_W0P6GXH0_J1N@ZH@Z
?StartInstall@CNsInstaller@@QAEXPB_WPAUHWND__@@H1@Z
?StartMonitor@@YAXPAUHKEY__@@PB_WHP6GXPAX@Z2@Z
?StartMonitor@CNsReg@@QAEXPAUHKEY__@@PB_WHP6GXPAX@Z2@Z
?StartMovie@CNsImage@@QAEXH@Z
?StartThread@CNsThread@@QAEPAXP6GIPAX@Z0H@Z
?StartTimer@CNsThread@@QAEXHP6GXPAX@ZH0@Z
?StartUpdate@CNsUpdate@@QAEXPB_WP6GXHHH@ZP6GXH0_J2N@Z@Z
?Stop@CNsInstaller@@QAEXXZ
?Stop@CNsNet@@QAEXXZ
?Stop@CNsThread@@QAEXXZ
?StopMP3@@YAXPB_W@Z
?StopMonitor@@YAXXZ
?StopMonitor@CNsReg@@QAEXXZ
?StopMovie@CNsImage@@QAEXH@Z
?StopTask@CNsDownload@@QAEXPB_WH@Z
?StopUpdate@CNsUpdate@@QAEXXZ
?StrToIntSize@@YA_JPB_W@Z
?TimerThread@CNsThread@@CGIPAX@Z
?ToAsc@@YAXPADH@Z
?ToHex@@YAXPADH@Z
?URLEncode@@YAHPA_W@Z
?UnLoadDrv@@YAHPB_W@Z
?UninitZlib@CNsZlib@@QAEXXZ
?Unlock@CLock@@QAEXXZ
?UnlockRead@CLock@@QAEXXZ
?UpdateNotify@CNsInstaller@@CGXHHH@Z
?UpdateThread@CNsUpdate@@CGIPAX@Z
?VerifyFile@CNsUpdate@@QAEHPB_W0H@Z
?VerifySignature@@YAHPB_W@Z
?WaitInstall@CNsInstaller@@AAEXXZ
?WaitUpdate@CNsInstaller@@QAEXXZ
?WriteLog2@CNsLog@@QAAXPB_WZZ
?WriteLog3@CNsLog@@QAAXPB_WZZ
?WriteLog@@YAXPB_W@Z
?WriteLog@CNsLog@@QAEXPB_W@Z
?WriteReg@CNsInstaller@@QAEHPAUtagSetupInfo@@@Z
?WriteShareMem2@@YAHPB_WPAXHH@Z
?WriteShareMem@@YAHPB_W0H@Z
?WriteSkin@CNsSkin@@AAEXPAU_iobuf@@AAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?Zoom@CNsImage@@QAE_NPB_WMHH00@Z
?_ins@?1??Instance@CNsZlib@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsDownload@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsLog@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsNet@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsProcess@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsReg@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsUpdate@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsXml@@SAAAV2@XZ@4V2@A
?gb2big@@YAXPADH@Z
?isCancel@CNsUpdate@@QAEHXZ
?isConnected@@YAHPB_W@Z
?isConnected@CNsNet@@QAEHPB_W@Z
?isDigital@@YAHPBD@Z
?isDir@@YAHPB_W@Z
?isEnableUAC@@YAHXZ
?isEnglish@@YAHXZ
?isError@CNsUpdate@@QAEHXZ
?isExistsMovie@CNsImage@@AAE_NH@Z
?isExistsShareMem@@YAHPB_W@Z
?isGzip@CNsDownload@@AAEHPAX@Z
?isGzip@CNsNet@@QAEHPAX@Z
?isHZ@@YAHPBD@Z
?isLicense@CNsInstaller@@QAE_NXZ
?isLog@CNsLog@@AAE_NXZ
?isNotebook@@YAHXZ
?isRestart@CNsUpdate@@QAEHXZ
?isSimplified@@YAHXZ
?isStop@CNsDownload@@QAEHPB_W@Z
?isStop@CNsImage@@QAE_NH@Z
?isSupportYaHei@CNsFont@@QAEHXZ
?isTraditional@@YAHXZ
?isWin7@@YAHXZ
?isWin8@@YAHXZ
?isWow64@@YAHXZ
?m_bUpdated@CNsInstaller@@0_NA
Sections
.text Size: 271KB - Virtual size: 271KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 60KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 139KB - Virtual size: 138KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ