kernel32.pdb
Overview
overview
7Static
static
7account V2.0.exe
windows7-x64
7account V2.0.exe
windows10-2004-x64
7help.chm
windows7-x64
1help.chm
windows10-2004-x64
1ico/新云软件.url
windows7-x64
1ico/新云软件.url
windows10-2004-x64
1kernel32.dll
windows7-x64
3kernel32.dll
windows10-2004-x64
3ntdll.dll
windows7-x64
3ntdll.dll
windows10-2004-x64
3shlwapi.dll
windows7-x64
3shlwapi.dll
windows10-2004-x64
3官方网站.url
windows7-x64
1官方网站.url
windows10-2004-x64
1Behavioral task
behavioral1
Sample
account V2.0.exe
Resource
win7-20240705-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
account V2.0.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
5 signatures
150 seconds
Behavioral task
behavioral3
Sample
help.chm
Resource
win7-20240708-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
help.chm
Resource
win10v2004-20240709-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral5
Sample
ico/新云软件.url
Resource
win7-20240708-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral6
Sample
ico/新云软件.url
Resource
win10v2004-20240709-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral7
Sample
kernel32.dll
Resource
win7-20240708-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral8
Sample
kernel32.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral9
Sample
ntdll.dll
Resource
win7-20240704-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral10
Sample
ntdll.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral11
Sample
shlwapi.dll
Resource
win7-20240708-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral12
Sample
shlwapi.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral13
Sample
官方网站.url
Resource
win7-20240705-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral14
Sample
官方网站.url
Resource
win10v2004-20240709-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
71ab589c9c90cd6548814a8a677eacee_JaffaCakes118
-
Size
3.7MB
-
MD5
71ab589c9c90cd6548814a8a677eacee
-
SHA1
6f81363ab77440ed593a544cc12602b5c9e9ff31
-
SHA256
905e3de1eca7261ea5bfe356ffc7c44017998521e9e872c9870247e9677b0eff
-
SHA512
db885fba552914b8fd704078ea60450beb3cfd1b43d5537d439ed2bbb397a0086d19cbdd7ce4e8241982a8a2f4eb9d67c7c31c40201c9457380ea02f6d32ba2a
-
SSDEEP
98304:Y2PE0OD60YRIHtfAu3+TsDQIjW+d6HDBJh5U+6o4sylzcJjqSl:/P1+60YUREqak6ND5UBo8dijHl
Score
7/10
Malware Config
Signatures
-
resource yara_rule static1/unpack001/account V2.0.exe upx -
Unsigned PE 5 IoCs
Checks for missing Authenticode signature.
resource unpack001/account V2.0.exe unpack002/out.upx unpack001/kernel32.dll unpack001/ntdll.dll unpack001/shlwapi.dll
Files
-
71ab589c9c90cd6548814a8a677eacee_JaffaCakes118.rar
-
account V2.0.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 364KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
help.chm.chm
-
ico/add.ico
-
ico/bak.ico
-
ico/conifg.ico
-
ico/del.ico
-
ico/exit.ico
-
ico/help.ico
-
ico/look.ico
-
ico/pw.ico
-
ico/新云软件.url.url
-
kernel32.dll.dll windows:5 windows x86 arch:x86
acf57332eed5cdcdbd0cad6f75b825b3
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
ntdll
_wcsnicmp
NtFsControlFile
NtCreateFile
RtlAllocateHeap
RtlFreeHeap
NtOpenFile
NtQueryInformationFile
NtQueryEaFile
RtlLengthSecurityDescriptor
NtQuerySecurityObject
NtSetEaFile
NtSetSecurityObject
NtSetInformationFile
CsrClientCallServer
NtDeviceIoControlFile
NtClose
RtlInitUnicodeString
wcscspn
RtlUnicodeToMultiByteSize
wcslen
_memicmp
memmove
NtQueryValueKey
NtOpenKey
NtFlushKey
NtSetValueKey
NtCreateKey
RtlNtStatusToDosError
RtlFreeUnicodeString
RtlDnsHostNameToComputerName
wcsncpy
RtlUnicodeStringToAnsiString
RtlxUnicodeStringToAnsiSize
NlsMbCodePageTag
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCreateUnicodeStringFromAsciiz
wcschr
wcsstr
RtlPrefixString
_wcsicmp
RtlGetFullPathName_U
RtlGetCurrentDirectory_U
NtQueryInformationProcess
RtlUnicodeStringToOemString
RtlReleasePebLock
RtlEqualUnicodeString
RtlAcquirePebLock
RtlFreeAnsiString
RtlSetCurrentDirectory_U
RtlTimeToTimeFields
NtSetSystemTime
RtlTimeFieldsToTime
NtQuerySystemInformation
RtlSetTimeZoneInformation
NtSetSystemInformation
RtlCutoverTimeToSystemTime
_allmul
NtEnumerateKey
RtlOpenCurrentUser
RtlQueryRegistryValues
_itow
DbgBreakPoint
RtlFreeSid
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
RtlAllocateAndInitializeSid
DbgPrint
NtOpenProcess
CsrGetProcessId
DbgUiDebugActiveProcess
DbgUiConnectToDbg
DbgUiIssueRemoteBreakin
NtSetInformationDebugObject
DbgUiGetThreadDebugObject
NtQueryInformationThread
DbgUiConvertStateChangeStructure
DbgUiWaitStateChange
DbgUiContinue
DbgUiStopDebugging
RtlDosPathNameToNtPathName_U
RtlIsDosDeviceName_U
RtlCreateAtomTable
NtAddAtom
RtlAddAtomToAtomTable
NtFindAtom
RtlLookupAtomInAtomTable
NtDeleteAtom
RtlDeleteAtomFromAtomTable
NtQueryInformationAtom
RtlQueryAtomInAtomTable
RtlOemStringToUnicodeString
RtlMultiByteToUnicodeN
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeSize
RtlPrefixUnicodeString
RtlLeaveCriticalSection
RtlEnterCriticalSection
NtEnumerateValueKey
RtlIsTextUnicode
NtReadFile
NtAllocateVirtualMemory
NtUnlockFile
NtLockFile
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlCopyUnicodeString
NtFreeVirtualMemory
NtWriteFile
RtlCreateUnicodeString
RtlFormatCurrentUserKeyPath
RtlGetLongestNtPathLength
NtDuplicateObject
NtQueryKey
NtDeleteValueKey
RtlEqualString
CsrFreeCaptureBuffer
CsrCaptureMessageString
CsrAllocateCaptureBuffer
strncpy
RtlCharToInteger
RtlUpcaseUnicodeChar
RtlUpcaseUnicodeString
CsrAllocateMessagePointer
NtQueryObject
wcscmp
RtlCompareMemory
NtQueryDirectoryObject
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtOpenDirectoryObject
NtCreateIoCompletion
NtSetIoCompletion
NtRemoveIoCompletion
NtSetInformationProcess
NtQueryDirectoryFile
RtlDeleteCriticalSection
NtNotifyChangeDirectoryFile
NtWaitForSingleObject
RtlInitializeCriticalSection
NtQueryVolumeInformationFile
NtFlushBuffersFile
RtlDeactivateActivationContextUnsafeFast
RtlActivateActivationContextUnsafeFast
NtCancelIoFile
NtReadFileScatter
NtWriteFileGather
wcscpy
NtOpenSection
NtMapViewOfSection
NtFlushVirtualMemory
RtlFlushSecureMemoryCache
NtUnmapViewOfSection
NtCreateSection
NtQueryFullAttributesFile
swprintf
NtQueryAttributesFile
RtlDetermineDosPathNameType_U
NtRaiseHardError
NtQuerySystemEnvironmentValueEx
RtlGUIDFromString
NtSetSystemEnvironmentValueEx
RtlInitString
RtlUnlockHeap
RtlSetUserValueHeap
RtlFreeHandle
RtlAllocateHandle
RtlLockHeap
RtlSizeHeap
RtlGetUserInfoHeap
RtlReAllocateHeap
RtlIsValidHandle
RtlCompactHeap
RtlImageNtHeader
NtProtectVirtualMemory
NtQueryVirtualMemory
NtLockVirtualMemory
NtUnlockVirtualMemory
NtFlushInstructionCache
NtAllocateUserPhysicalPages
NtFreeUserPhysicalPages
NtMapUserPhysicalPages
NtMapUserPhysicalPagesScatter
NtGetWriteWatch
NtResetWriteWatch
NtSetInformationObject
CsrNewThread
CsrClientConnectToServer
RtlCreateTagHeap
LdrSetDllManifestProber
RtlSetThreadPoolStartFunc
RtlEncodePointer
_stricmp
wcscat
RtlCreateHeap
RtlDestroyHeap
RtlExtendHeap
RtlQueryTagHeap
RtlUsageHeap
RtlValidateHeap
RtlGetProcessHeaps
RtlWalkHeap
RtlSetHeapInformation
RtlQueryHeapInformation
RtlInitializeHandleTable
RtlExtendedLargeIntegerDivide
NtCreateMailslotFile
RtlFormatMessage
RtlFindMessage
LdrUnloadDll
LdrUnloadAlternateResourceModule
LdrDisableThreadCalloutsForDll
strchr
LdrGetDllHandle
LdrUnlockLoaderLock
LdrAddRefDll
RtlComputePrivatizedDllName_U
RtlPcToFileHeader
LdrLockLoaderLock
RtlGetVersion
RtlVerifyVersionInfo
LdrEnumerateLoadedModules
RtlUnicodeStringToInteger
LdrLoadAlternateResourceModule
RtlDosApplyFileIsolationRedirection_Ustr
LdrLoadDll
LdrGetProcedureAddress
LdrFindResource_U
LdrAccessResource
LdrFindResourceDirectory_U
RtlImageDirectoryEntryToData
_strcmpi
NtSetInformationThread
NtOpenThreadToken
NtCreateNamedPipeFile
RtlDefaultNpAcl
RtlDosSearchPath_Ustr
RtlInitUnicodeStringEx
RtlQueryEnvironmentVariable_U
RtlAnsiCharToUnicodeChar
RtlIntegerToChar
NtSetVolumeInformationFile
RtlIsNameLegalDOS8Dot3
NtQueryPerformanceCounter
sprintf
NtPowerInformation
NtInitiatePowerAction
NtSetThreadExecutionState
NtRequestWakeupLatency
NtGetDevicePowerState
NtIsSystemResumeAutomatic
NtRequestDeviceWakeup
NtCancelDeviceWakeupRequest
NtWriteVirtualMemory
LdrShutdownProcess
NtTerminateProcess
RtlRaiseStatus
RtlSetEnvironmentVariable
RtlExpandEnvironmentStrings_U
NtReadVirtualMemory
RtlCompareUnicodeString
NtCreateJobSet
NtCreateJobObject
NtIsProcessInJob
RtlEqualSid
RtlSubAuthoritySid
RtlInitializeSid
NtQueryInformationToken
NtOpenProcessToken
NtResumeThread
NtAssignProcessToJobObject
CsrCaptureMessageMultiUnicodeStringsInPlace
NtCreateThread
NtCreateProcessEx
LdrQueryImageFileExecutionOptions
RtlDestroyEnvironment
NtQuerySection
NtQueryInformationJobObject
RtlGetNativeSystemInformation
RtlxAnsiStringToUnicodeSize
NtOpenEvent
NtQueryEvent
NtTerminateThread
wcsrchr
NlsMbOemCodePageTag
RtlxUnicodeStringToOemSize
NtAdjustPrivilegesToken
RtlImpersonateSelf
wcsncmp
RtlDestroyProcessParameters
RtlCreateProcessParameters
RtlInitializeCriticalSectionAndSpinCount
NtSetEvent
NtClearEvent
NtPulseEvent
NtCreateSemaphore
NtOpenSemaphore
NtReleaseSemaphore
NtCreateMutant
NtOpenMutant
NtReleaseMutant
NtSignalAndWaitForSingleObject
NtWaitForMultipleObjects
NtDelayExecution
NtCreateTimer
NtOpenTimer
NtSetTimer
NtCancelTimer
NtCreateEvent
RtlCopyLuid
strrchr
_vsnwprintf
RtlReleaseActivationContext
RtlActivateActivationContextEx
RtlQueryInformationActivationContext
NtOpenThread
LdrShutdownThread
RtlFreeThreadActivationContextStack
NtGetContextThread
NtSetContextThread
NtSuspendThread
RtlRaiseException
RtlDecodePointer
towlower
RtlClearBits
RtlFindClearBitsAndSet
RtlAreBitsSet
NtQueueApcThread
NtYieldExecution
RtlRegisterWait
RtlDeregisterWait
RtlDeregisterWaitEx
RtlQueueWorkItem
RtlSetIoCompletionCallback
RtlCreateTimerQueue
RtlCreateTimer
RtlUpdateTimer
RtlDeleteTimer
RtlDeleteTimerQueueEx
CsrIdentifyAlertableThread
RtlApplicationVerifierStop
_alloca_probe
RtlDestroyQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlCreateQueryDebugBuffer
RtlCreateEnvironment
RtlFreeOemString
strstr
toupper
isdigit
atol
tolower
NtOpenJobObject
NtTerminateJobObject
NtSetInformationJobObject
RtlAddRefActivationContext
RtlZombifyActivationContext
RtlActivateActivationContext
RtlDeactivateActivationContext
RtlGetActiveActivationContext
DbgPrintEx
LdrDestroyOutOfProcessImage
LdrAccessOutOfProcessResource
LdrFindCreateProcessManifest
LdrCreateOutOfProcessImage
RtlNtStatusToDosErrorNoTeb
RtlpApplyLengthFunction
RtlGetLengthWithoutLastFullDosOrNtPathElement
RtlpEnsureBufferSize
RtlMultiAppendUnicodeStringBuffer
_snwprintf
RtlCreateActivationContext
RtlFindActivationContextSectionString
RtlFindActivationContextSectionGuid
_allshl
RtlNtPathNameToDosPathName
RtlUnhandledExceptionFilter
CsrCaptureMessageBuffer
NtQueryInstallUILanguage
NtQueryDefaultUILanguage
wcspbrk
RtlGetDaclSecurityDescriptor
NtCreateDirectoryObject
_wcslwr
_wtol
RtlIntegerToUnicodeString
NtQueryDefaultLocale
_strlwr
RtlUnwind
Exports
Exports
ActivateActCtx
AddAtomA
AddAtomW
AddConsoleAliasA
AddConsoleAliasW
AddLocalAlternateComputerNameA
AddLocalAlternateComputerNameW
AddRefActCtx
AddVectoredExceptionHandler
AllocConsole
AllocateUserPhysicalPages
AreFileApisANSI
AssignProcessToJobObject
AttachConsole
BackupRead
BackupSeek
BackupWrite
BaseCheckAppcompatCache
BaseCleanupAppcompatCache
BaseCleanupAppcompatCacheSupport
BaseDumpAppcompatCache
BaseFlushAppcompatCache
BaseInitAppcompatCache
BaseInitAppcompatCacheSupport
BaseProcessInitPostImport
BaseQueryModuleData
BaseUpdateAppcompatCache
BasepCheckWinSaferRestrictions
Beep
BeginUpdateResourceA
BeginUpdateResourceW
BindIoCompletionCallback
BuildCommDCBA
BuildCommDCBAndTimeoutsA
BuildCommDCBAndTimeoutsW
BuildCommDCBW
CallNamedPipeA
CallNamedPipeW
CancelDeviceWakeupRequest
CancelIo
CancelTimerQueueTimer
CancelWaitableTimer
ChangeTimerQueueTimer
CheckNameLegalDOS8Dot3A
CheckNameLegalDOS8Dot3W
CheckRemoteDebuggerPresent
ClearCommBreak
ClearCommError
CloseConsoleHandle
CloseHandle
CloseProfileUserMapping
CmdBatNotification
CommConfigDialogA
CommConfigDialogW
CompareFileTime
CompareStringA
CompareStringW
ConnectNamedPipe
ConsoleMenuControl
ContinueDebugEvent
ConvertDefaultLocale
ConvertFiberToThread
ConvertThreadToFiber
CopyFileA
CopyFileExA
CopyFileExW
CopyFileW
CopyLZFile
CreateActCtxA
CreateActCtxW
CreateConsoleScreenBuffer
CreateDirectoryA
CreateDirectoryExA
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFiber
CreateFiberEx
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateHardLinkA
CreateHardLinkW
CreateIoCompletionPort
CreateJobObjectA
CreateJobObjectW
CreateJobSet
CreateMailslotA
CreateMailslotW
CreateMemoryResourceNotification
CreateMutexA
CreateMutexW
CreateNamedPipeA
CreateNamedPipeW
CreateNlsSecurityDescriptor
CreatePipe
CreateProcessA
CreateProcessInternalA
CreateProcessInternalW
CreateProcessInternalWSecure
CreateProcessW
CreateRemoteThread
CreateSemaphoreA
CreateSemaphoreW
CreateSocketHandle
CreateTapePartition
CreateThread
CreateTimerQueue
CreateTimerQueueTimer
CreateToolhelp32Snapshot
CreateVirtualBuffer
CreateWaitableTimerA
CreateWaitableTimerW
DeactivateActCtx
DebugActiveProcess
DebugActiveProcessStop
DebugBreak
DebugBreakProcess
DebugSetProcessKillOnExit
DecodePointer
DecodeSystemPointer
DefineDosDeviceA
DefineDosDeviceW
DelayLoadFailureHook
DeleteAtom
DeleteCriticalSection
DeleteFiber
DeleteFileA
DeleteFileW
DeleteTimerQueue
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeleteVolumeMountPointA
DeleteVolumeMountPointW
DeviceIoControl
DisableThreadLibraryCalls
DisconnectNamedPipe
DnsHostnameToComputerNameA
DnsHostnameToComputerNameW
DosDateTimeToFileTime
DosPathToSessionPathA
DosPathToSessionPathW
DuplicateConsoleHandle
DuplicateHandle
EncodePointer
EncodeSystemPointer
EndUpdateResourceA
EndUpdateResourceW
EnterCriticalSection
EnumCalendarInfoA
EnumCalendarInfoExA
EnumCalendarInfoExW
EnumCalendarInfoW
EnumDateFormatsA
EnumDateFormatsExA
EnumDateFormatsExW
EnumDateFormatsW
EnumLanguageGroupLocalesA
EnumLanguageGroupLocalesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceNamesA
EnumResourceNamesW
EnumResourceTypesA
EnumResourceTypesW
EnumSystemCodePagesA
EnumSystemCodePagesW
EnumSystemGeoID
EnumSystemLanguageGroupsA
EnumSystemLanguageGroupsW
EnumSystemLocalesA
EnumSystemLocalesW
EnumTimeFormatsA
EnumTimeFormatsW
EnumUILanguagesA
EnumUILanguagesW
EnumerateLocalComputerNamesA
EnumerateLocalComputerNamesW
EraseTape
EscapeCommFunction
ExitProcess
ExitThread
ExitVDM
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ExpungeConsoleCommandHistoryA
ExpungeConsoleCommandHistoryW
ExtendVirtualBuffer
FatalAppExitA
FatalAppExitW
FatalExit
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FillConsoleOutputCharacterW
FindActCtxSectionGuid
FindActCtxSectionStringA
FindActCtxSectionStringW
FindAtomA
FindAtomW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileW
FindFirstVolumeA
FindFirstVolumeMountPointA
FindFirstVolumeMountPointW
FindFirstVolumeW
FindNextChangeNotification
FindNextFileA
FindNextFileW
FindNextVolumeA
FindNextVolumeMountPointA
FindNextVolumeMountPointW
FindNextVolumeW
FindResourceA
FindResourceExA
FindResourceExW
FindResourceW
FindVolumeClose
FindVolumeMountPointClose
FlushConsoleInputBuffer
FlushFileBuffers
FlushInstructionCache
FlushViewOfFile
FoldStringA
FoldStringW
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeResource
FreeUserPhysicalPages
FreeVirtualBuffer
GenerateConsoleCtrlEvent
GetACP
GetAtomNameA
GetAtomNameW
GetBinaryType
GetBinaryTypeA
GetBinaryTypeW
GetCPFileNameFromRegistry
GetCPInfo
GetCPInfoExA
GetCPInfoExW
GetCalendarInfoA
GetCalendarInfoW
GetComPlusPackageInstallStatus
GetCommConfig
GetCommMask
GetCommModemStatus
GetCommProperties
GetCommState
GetCommTimeouts
GetCommandLineA
GetCommandLineW
GetCompressedFileSizeA
GetCompressedFileSizeW
GetComputerNameA
GetComputerNameExA
GetComputerNameExW
GetComputerNameW
GetConsoleAliasA
GetConsoleAliasExesA
GetConsoleAliasExesLengthA
GetConsoleAliasExesLengthW
GetConsoleAliasExesW
GetConsoleAliasW
GetConsoleAliasesA
GetConsoleAliasesLengthA
GetConsoleAliasesLengthW
GetConsoleAliasesW
GetConsoleCP
GetConsoleCharType
GetConsoleCommandHistoryA
GetConsoleCommandHistoryLengthA
GetConsoleCommandHistoryLengthW
GetConsoleCommandHistoryW
GetConsoleCursorInfo
GetConsoleCursorMode
GetConsoleDisplayMode
GetConsoleFontInfo
GetConsoleFontSize
GetConsoleHardwareState
GetConsoleInputExeNameA
GetConsoleInputExeNameW
GetConsoleInputWaitHandle
GetConsoleKeyboardLayoutNameA
GetConsoleKeyboardLayoutNameW
GetConsoleMode
GetConsoleNlsMode
GetConsoleOutputCP
GetConsoleProcessList
GetConsoleScreenBufferInfo
GetConsoleSelectionInfo
GetConsoleTitleA
GetConsoleTitleW
GetConsoleWindow
GetCurrencyFormatA
GetCurrencyFormatW
GetCurrentActCtx
GetCurrentConsoleFont
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatW
GetDefaultCommConfigA
GetDefaultCommConfigW
GetDefaultSortkeySize
GetDevicePowerState
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDllDirectoryA
GetDllDirectoryW
GetDriveTypeA
GetDriveTypeW
GetEnvironmentStrings
GetEnvironmentStringsA
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetExpandedNameA
GetExpandedNameW
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFirmwareEnvironmentVariableA
GetFirmwareEnvironmentVariableW
GetFullPathNameA
GetFullPathNameW
GetGeoInfoA
GetGeoInfoW
GetHandleContext
GetHandleInformation
GetLargestConsoleWindowSize
GetLastError
GetLinguistLangSize
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetLogicalDrives
GetLogicalProcessorInformation
GetLongPathNameA
GetLongPathNameW
GetMailslotInfo
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetNamedPipeHandleStateA
GetNamedPipeHandleStateW
GetNamedPipeInfo
GetNativeSystemInfo
GetNextVDMCommand
GetNlsSectionName
GetNumaAvailableMemory
GetNumaAvailableMemoryNode
GetNumaHighestNodeNumber
GetNumaNodeProcessorMask
GetNumaProcessorMap
GetNumaProcessorNode
GetNumberFormatA
GetNumberFormatW
GetNumberOfConsoleFonts
GetNumberOfConsoleInputEvents
GetNumberOfConsoleMouseButtons
GetOEMCP
GetOverlappedResult
GetPriorityClass
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileStructA
GetPrivateProfileStructW
GetProcAddress
GetProcessAffinityMask
GetProcessDEPPolicy
GetProcessHandleCount
GetProcessHeap
GetProcessHeaps
GetProcessId
GetProcessIoCounters
GetProcessPriorityBoost
GetProcessShutdownParameters
GetProcessTimes
GetProcessVersion
GetProcessWorkingSetSize
GetProfileIntA
GetProfileIntW
GetProfileSectionA
GetProfileSectionW
GetProfileStringA
GetProfileStringW
GetQueuedCompletionStatus
GetShortPathNameA
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExA
GetStringTypeExW
GetStringTypeW
GetSystemDEPPolicy
GetSystemDefaultLCID
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemPowerStatus
GetSystemRegistryQuota
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetSystemTimes
GetSystemWindowsDirectoryA
GetSystemWindowsDirectoryW
GetSystemWow64DirectoryA
GetSystemWow64DirectoryW
GetTapeParameters
GetTapePosition
GetTapeStatus
GetTempFileNameA
GetTempFileNameW
GetTempPathA
GetTempPathW
GetThreadContext
GetThreadIOPendingFlag
GetThreadLocale
GetThreadPriority
GetThreadPriorityBoost
GetThreadSelectorEntry
GetThreadTimes
GetTickCount
GetTimeFormatA
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultUILanguage
GetUserGeoID
GetVDMCurrentDirectories
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationA
GetVolumeInformationW
GetVolumeNameForVolumeMountPointA
GetVolumeNameForVolumeMountPointW
GetVolumePathNameA
GetVolumePathNameW
GetVolumePathNamesForVolumeNameA
GetVolumePathNamesForVolumeNameW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetWriteWatch
GlobalAddAtomA
GlobalAddAtomW
GlobalAlloc
GlobalCompact
GlobalDeleteAtom
GlobalFindAtomA
GlobalFindAtomW
GlobalFix
GlobalFlags
Sections
.text Size: 524KB - Virtual size: 524KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 565KB - Virtual size: 564KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ksoft.mdb
-
ntdll.dll.dll windows:5 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
ntdll.pdb
Exports
Exports
CsrAllocateCaptureBuffer
CsrAllocateMessagePointer
CsrCaptureMessageBuffer
CsrCaptureMessageMultiUnicodeStringsInPlace
CsrCaptureMessageString
CsrCaptureTimeout
CsrClientCallServer
CsrClientConnectToServer
CsrFreeCaptureBuffer
CsrGetProcessId
CsrIdentifyAlertableThread
CsrNewThread
CsrProbeForRead
CsrProbeForWrite
CsrSetPriorityClass
DbgBreakPoint
DbgPrint
DbgPrintEx
DbgPrintReturnControlC
DbgPrompt
DbgQueryDebugFilterState
DbgSetDebugFilterState
DbgUiConnectToDbg
DbgUiContinue
DbgUiConvertStateChangeStructure
DbgUiDebugActiveProcess
DbgUiGetThreadDebugObject
DbgUiIssueRemoteBreakin
DbgUiRemoteBreakin
DbgUiSetThreadDebugObject
DbgUiStopDebugging
DbgUiWaitStateChange
DbgUserBreakPoint
KiFastSystemCall
KiFastSystemCallRet
KiIntSystemCall
KiRaiseUserExceptionDispatcher
KiUserApcDispatcher
KiUserCallbackDispatcher
KiUserExceptionDispatcher
LdrAccessOutOfProcessResource
LdrAccessResource
LdrAddRefDll
LdrAlternateResourcesEnabled
LdrCreateOutOfProcessImage
LdrDestroyOutOfProcessImage
LdrDisableThreadCalloutsForDll
LdrEnumResources
LdrEnumerateLoadedModules
LdrFindCreateProcessManifest
LdrFindEntryForAddress
LdrFindResourceDirectory_U
LdrFindResourceEx_U
LdrFindResource_U
LdrFlushAlternateResourceModules
LdrGetDllHandle
LdrGetDllHandleEx
LdrGetProcedureAddress
LdrHotPatchRoutine
LdrInitShimEngineDynamic
LdrInitializeThunk
LdrLoadAlternateResourceModule
LdrLoadDll
LdrLockLoaderLock
LdrProcessRelocationBlock
LdrQueryImageFileExecutionOptions
LdrQueryProcessModuleInformation
LdrSetAppCompatDllRedirectionCallback
LdrSetDllManifestProber
LdrShutdownProcess
LdrShutdownThread
LdrUnloadAlternateResourceModule
LdrUnloadDll
LdrUnlockLoaderLock
LdrVerifyImageMatchesChecksum
NlsAnsiCodePage
NlsMbCodePageTag
NlsMbOemCodePageTag
NtAcceptConnectPort
NtAccessCheck
NtAccessCheckAndAuditAlarm
NtAccessCheckByType
NtAccessCheckByTypeAndAuditAlarm
NtAccessCheckByTypeResultList
NtAccessCheckByTypeResultListAndAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
NtAddAtom
NtAddBootEntry
NtAdjustGroupsToken
NtAdjustPrivilegesToken
NtAlertResumeThread
NtAlertThread
NtAllocateLocallyUniqueId
NtAllocateUserPhysicalPages
NtAllocateUuids
NtAllocateVirtualMemory
NtAreMappedFilesTheSame
NtAssignProcessToJobObject
NtCallbackReturn
NtCancelDeviceWakeupRequest
NtCancelIoFile
NtCancelTimer
NtClearEvent
NtClose
NtCloseObjectAuditAlarm
NtCompactKeys
NtCompareTokens
NtCompleteConnectPort
NtCompressKey
NtConnectPort
NtContinue
NtCreateDebugObject
NtCreateDirectoryObject
NtCreateEvent
NtCreateEventPair
NtCreateFile
NtCreateIoCompletion
NtCreateJobObject
NtCreateJobSet
NtCreateKey
NtCreateKeyedEvent
NtCreateMailslotFile
NtCreateMutant
NtCreateNamedPipeFile
NtCreatePagingFile
NtCreatePort
NtCreateProcess
NtCreateProcessEx
NtCreateProfile
NtCreateSection
NtCreateSemaphore
NtCreateSymbolicLinkObject
NtCreateThread
NtCreateTimer
NtCreateToken
NtCreateWaitablePort
NtCurrentTeb
NtDebugActiveProcess
NtDebugContinue
NtDelayExecution
NtDeleteAtom
NtDeleteBootEntry
NtDeleteFile
NtDeleteKey
NtDeleteObjectAuditAlarm
NtDeleteValueKey
NtDeviceIoControlFile
NtDisplayString
NtDuplicateObject
NtDuplicateToken
NtEnumerateBootEntries
NtEnumerateKey
NtEnumerateSystemEnvironmentValuesEx
NtEnumerateValueKey
NtExtendSection
NtFilterToken
NtFindAtom
NtFlushBuffersFile
NtFlushInstructionCache
NtFlushKey
NtFlushVirtualMemory
NtFlushWriteBuffer
NtFreeUserPhysicalPages
NtFreeVirtualMemory
NtFsControlFile
NtGetContextThread
NtGetDevicePowerState
NtGetPlugPlayEvent
NtGetWriteWatch
NtImpersonateAnonymousToken
NtImpersonateClientOfPort
NtImpersonateThread
NtInitializeRegistry
NtInitiatePowerAction
NtIsProcessInJob
NtIsSystemResumeAutomatic
NtListenPort
NtLoadDriver
NtLoadKey
NtLoadKey2
NtLockFile
NtLockProductActivationKeys
NtLockRegistryKey
NtLockVirtualMemory
NtMakePermanentObject
NtMakeTemporaryObject
NtMapUserPhysicalPages
NtMapUserPhysicalPagesScatter
NtMapViewOfSection
NtModifyBootEntry
NtNotifyChangeDirectoryFile
NtNotifyChangeKey
NtNotifyChangeMultipleKeys
NtOpenDirectoryObject
NtOpenEvent
NtOpenEventPair
NtOpenFile
NtOpenIoCompletion
NtOpenJobObject
NtOpenKey
NtOpenKeyedEvent
NtOpenMutant
NtOpenObjectAuditAlarm
NtOpenProcess
NtOpenProcessToken
NtOpenProcessTokenEx
NtOpenSection
NtOpenSemaphore
NtOpenSymbolicLinkObject
NtOpenThread
NtOpenThreadToken
NtOpenThreadTokenEx
NtOpenTimer
NtPlugPlayControl
NtPowerInformation
NtPrivilegeCheck
NtPrivilegeObjectAuditAlarm
NtPrivilegedServiceAuditAlarm
NtProtectVirtualMemory
NtPulseEvent
NtQueryAttributesFile
NtQueryBootEntryOrder
NtQueryBootOptions
NtQueryDebugFilterState
NtQueryDefaultLocale
NtQueryDefaultUILanguage
NtQueryDirectoryFile
NtQueryDirectoryObject
NtQueryEaFile
NtQueryEvent
NtQueryFullAttributesFile
NtQueryInformationAtom
NtQueryInformationFile
NtQueryInformationJobObject
NtQueryInformationPort
NtQueryInformationProcess
NtQueryInformationThread
NtQueryInformationToken
NtQueryInstallUILanguage
NtQueryIntervalProfile
NtQueryIoCompletion
NtQueryKey
NtQueryMultipleValueKey
NtQueryMutant
NtQueryObject
NtQueryOpenSubKeys
NtQueryPerformanceCounter
NtQueryPortInformationProcess
NtQueryQuotaInformationFile
NtQuerySection
NtQuerySecurityObject
NtQuerySemaphore
NtQuerySymbolicLinkObject
NtQuerySystemEnvironmentValue
NtQuerySystemEnvironmentValueEx
NtQuerySystemInformation
NtQuerySystemTime
NtQueryTimer
NtQueryTimerResolution
NtQueryValueKey
NtQueryVirtualMemory
NtQueryVolumeInformationFile
NtQueueApcThread
NtRaiseException
NtRaiseHardError
NtReadFile
NtReadFileScatter
NtReadRequestData
NtReadVirtualMemory
NtRegisterThreadTerminatePort
NtReleaseKeyedEvent
NtReleaseMutant
NtReleaseSemaphore
NtRemoveIoCompletion
NtRemoveProcessDebug
NtRenameKey
NtReplaceKey
NtReplyPort
NtReplyWaitReceivePort
NtReplyWaitReceivePortEx
NtReplyWaitReplyPort
NtRequestDeviceWakeup
NtRequestPort
NtRequestWaitReplyPort
NtRequestWakeupLatency
NtResetEvent
NtResetWriteWatch
NtRestoreKey
NtResumeProcess
NtResumeThread
NtSaveKey
NtSaveKeyEx
NtSaveMergedKeys
NtSecureConnectPort
NtSetBootEntryOrder
NtSetBootOptions
NtSetContextThread
NtSetDebugFilterState
NtSetDefaultHardErrorPort
NtSetDefaultLocale
NtSetDefaultUILanguage
NtSetEaFile
NtSetEvent
NtSetEventBoostPriority
NtSetHighEventPair
NtSetHighWaitLowEventPair
NtSetInformationDebugObject
NtSetInformationFile
NtSetInformationJobObject
NtSetInformationKey
NtSetInformationObject
NtSetInformationProcess
NtSetInformationThread
NtSetInformationToken
NtSetIntervalProfile
NtSetIoCompletion
NtSetLdtEntries
NtSetLowEventPair
NtSetLowWaitHighEventPair
NtSetQuotaInformationFile
NtSetSecurityObject
NtSetSystemEnvironmentValue
NtSetSystemEnvironmentValueEx
NtSetSystemInformation
NtSetSystemPowerState
NtSetSystemTime
NtSetThreadExecutionState
NtSetTimer
NtSetTimerResolution
NtSetUuidSeed
NtSetValueKey
NtSetVolumeInformationFile
NtShutdownSystem
NtSignalAndWaitForSingleObject
NtStartProfile
NtStopProfile
NtSuspendProcess
NtSuspendThread
NtSystemDebugControl
NtTerminateJobObject
NtTerminateProcess
NtTerminateThread
NtTestAlert
NtTraceEvent
NtTranslateFilePath
NtUnloadDriver
NtUnloadKey
NtUnloadKeyEx
NtUnlockFile
NtUnlockVirtualMemory
NtUnmapViewOfSection
NtVdmControl
NtWaitForDebugEvent
NtWaitForKeyedEvent
NtWaitForMultipleObjects
NtWaitForSingleObject
NtWaitHighEventPair
NtWaitLowEventPair
NtWriteFile
NtWriteFileGather
NtWriteRequestData
NtWriteVirtualMemory
NtYieldExecution
PfxFindPrefix
PfxInitialize
PfxInsertPrefix
PfxRemovePrefix
PropertyLengthAsVariant
RtlAbortRXact
RtlAbsoluteToSelfRelativeSD
RtlAcquirePebLock
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlActivateActivationContext
RtlActivateActivationContextEx
RtlActivateActivationContextUnsafeFast
RtlAddAccessAllowedAce
RtlAddAccessAllowedAceEx
RtlAddAccessAllowedObjectAce
RtlAddAccessDeniedAce
RtlAddAccessDeniedAceEx
RtlAddAccessDeniedObjectAce
RtlAddAce
RtlAddActionToRXact
RtlAddAtomToAtomTable
RtlAddAttributeActionToRXact
RtlAddAuditAccessAce
RtlAddAuditAccessAceEx
RtlAddAuditAccessObjectAce
RtlAddCompoundAce
RtlAddRange
RtlAddRefActivationContext
RtlAddRefMemoryStream
RtlAddVectoredExceptionHandler
RtlAddressInSectionTable
RtlAdjustPrivilege
RtlAllocateAndInitializeSid
RtlAllocateHandle
RtlAllocateHeap
RtlAnsiCharToUnicodeChar
RtlAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlAppendAsciizToString
RtlAppendPathElement
RtlAppendStringToString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlApplicationVerifierStop
RtlApplyRXact
RtlApplyRXactNoFlush
RtlAreAllAccessesGranted
RtlAreAnyAccessesGranted
RtlAreBitsClear
RtlAreBitsSet
RtlAssert
RtlAssert2
RtlCancelTimer
RtlCaptureContext
RtlCaptureStackBackTrace
RtlCaptureStackContext
RtlCharToInteger
RtlCheckForOrphanedCriticalSections
RtlCheckProcessParameters
RtlCheckRegistryKey
RtlClearAllBits
RtlClearBits
RtlCloneMemoryStream
RtlCommitMemoryStream
RtlCompactHeap
RtlCompareMemory
RtlCompareMemoryUlong
RtlCompareString
RtlCompareUnicodeString
RtlCompressBuffer
RtlComputeCrc32
RtlComputeImportTableHash
RtlComputePrivatizedDllName_U
RtlConsoleMultiByteToUnicodeN
RtlConvertExclusiveToShared
RtlConvertLongToLargeInteger
RtlConvertPropertyToVariant
RtlConvertSharedToExclusive
RtlConvertSidToUnicodeString
RtlConvertToAutoInheritSecurityObject
RtlConvertUiListToApiList
RtlConvertUlongToLargeInteger
RtlConvertVariantToProperty
RtlCopyLuid
RtlCopyLuidAndAttributesArray
RtlCopyMemoryStreamTo
RtlCopyOutOfProcessMemoryStreamTo
RtlCopyRangeList
RtlCopySecurityDescriptor
RtlCopySid
RtlCopySidAndAttributesArray
RtlCopyString
RtlCopyUnicodeString
RtlCreateAcl
RtlCreateActivationContext
RtlCreateAndSetSD
RtlCreateAtomTable
RtlCreateBootStatusDataFile
RtlCreateEnvironment
RtlCreateHeap
RtlCreateProcessParameters
RtlCreateQueryDebugBuffer
RtlCreateRegistryKey
RtlCreateSecurityDescriptor
RtlCreateSystemVolumeInformationFolder
RtlCreateTagHeap
RtlCreateTimer
RtlCreateTimerQueue
RtlCreateUnicodeString
RtlCreateUnicodeStringFromAsciiz
RtlCreateUserProcess
RtlCreateUserSecurityObject
RtlCreateUserThread
RtlCustomCPToUnicodeN
RtlCutoverTimeToSystemTime
RtlDeNormalizeProcessParams
RtlDeactivateActivationContext
RtlDeactivateActivationContextUnsafeFast
RtlDebugPrintTimes
RtlDecodePointer
RtlDecodeSystemPointer
RtlDecompressBuffer
RtlDecompressFragment
RtlDefaultNpAcl
RtlDelete
RtlDeleteAce
RtlDeleteAtomFromAtomTable
RtlDeleteCriticalSection
RtlDeleteElementGenericTable
RtlDeleteElementGenericTableAvl
RtlDeleteNoSplay
RtlDeleteOwnersRanges
RtlDeleteRange
RtlDeleteRegistryValue
RtlDeleteResource
RtlDeleteSecurityObject
Sections
.text Size: 488KB - Virtual size: 487KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 62KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
shlwapi.dll.dll windows:5 windows x86 arch:x86
3874baf26fd1a53b36c70fbf70c24eda
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
shlwapi.pdb
Imports
advapi32
RegCloseKey
GetCurrentHwProfileA
OpenThreadToken
RegEnumValueW
RegSetValueExW
RegSetValueW
RegSetValueA
RegQueryValueExW
RegQueryValueW
RegQueryValueA
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyW
RegDeleteKeyA
RegQueryInfoKeyA
RegDeleteValueA
RegEnumValueA
RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryValueExA
GetTokenInformation
OpenProcessToken
GetAce
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessDeniedAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
GetUserNameA
GetUserNameW
RegCreateKeyA
RegCreateKeyW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumKeyExW
RegOpenKeyA
RegOpenKeyExA
gdi32
EnumFontFamiliesA
EnumFontFamiliesW
EnumFontFamiliesExA
EnumFontFamiliesExW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextFaceA
GetTextFaceW
GetCharacterPlacementA
GetCharacterPlacementW
CreateFontA
CreateFontW
CreateMetaFileA
CreateMetaFileW
StartDocA
StartDocW
GetTextExtentPointW
ExtTextOutA
GetDIBits
CreatePalette
GetSystemPaletteEntries
CreateCompatibleDC
DeleteObject
GetPaletteEntries
CreateHalftonePalette
GetStockObject
GetDeviceCaps
CreateBitmap
CreateCompatibleBitmap
SelectObject
GetTextExtentPointA
CreateFontIndirectA
CreateFontIndirectW
GetObjectA
GetObjectW
GetTextMetricsA
GetTextMetricsW
SetTextColor
SetBkMode
ExtTextOutW
SetBkColor
GetCharWidthA
GetCharWidth32W
CreateColorSpaceA
CreateColorSpaceW
CreateDCA
CreateDCW
CreateICA
DeleteDC
CreateICW
kernel32
GetWindowsDirectoryA
SetLastError
LeaveCriticalSection
FlushFileBuffers
WriteFile
SetFilePointer
CreateFileA
EnterCriticalSection
GetSystemTime
GetCurrentThreadId
GetTickCount
IsDBCSLeadByte
GetCPInfo
lstrcmpA
GetThreadLocale
CompareStringA
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ExpandEnvironmentStringsA
GetFileAttributesA
SetErrorMode
GetFullPathNameA
SearchPathA
GetSystemDirectoryA
SetFileAttributesA
LCMapStringA
FindClose
FindNextFileA
FindFirstFileA
SetFileTime
GetEnvironmentVariableA
CreateEventW
EnumResourceNamesA
EnumResourceNamesW
FindNextFileW
SizeofResource
LockResource
LoadResource
FindResourceA
IsBadReadPtr
IsBadStringPtrW
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
CreateDirectoryA
CreateDirectoryW
CreateFileW
DeleteFileA
DeleteFileW
FindFirstFileW
DebugBreak
FormatMessageA
FormatMessageW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetFileAttributesW
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameW
GetSystemDirectoryW
SearchPathW
GetModuleHandleA
GetModuleHandleW
SetFileAttributesW
GetNumberFormatA
GetNumberFormatW
GetFullPathNameW
GetShortPathNameA
GetShortPathNameW
GetStringTypeExA
GetStringTypeExW
GetPrivateProfileIntA
QueryPerformanceFrequency
GetProfileStringA
GetProfileStringW
GetTempFileNameA
GetTempFileNameW
GetTempPathA
GetTempPathW
GetWindowsDirectoryW
GetEnvironmentVariableW
LoadLibraryExA
LoadLibraryExW
CompareStringW
CopyFileA
CopyFileW
MoveFileA
MoveFileW
OpenEventA
OpenEventW
OutputDebugStringA
OutputDebugStringW
RemoveDirectoryA
RemoveDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
CreateMutexA
CreateMutexW
ExpandEnvironmentStringsW
CreateSemaphoreA
CreateSemaphoreW
LoadLibraryW
GetTimeFormatA
GetTimeFormatW
GetDateFormatA
GetDateFormatW
WritePrivateProfileStringA
WritePrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileStringW
WritePrivateProfileStructA
WritePrivateProfileStructW
GetPrivateProfileStructA
GetPrivateProfileStructW
CreateProcessA
CreateProcessW
GlobalAddAtomA
GlobalAddAtomW
GlobalFindAtomA
GlobalFindAtomW
lstrcpyA
FreeLibrary
LCMapStringW
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
FileTimeToLocalFileTime
InterlockedIncrement
InterlockedDecrement
CompareFileTime
ReadFile
GetFileSize
TlsSetValue
TlsGetValue
GlobalMemoryStatus
GlobalDeleteAtom
GetProcessVersion
GetComputerNameW
GetCurrentThread
FreeLibraryAndExitThread
CreateThread
VirtualQuery
GetACP
GetUserDefaultLCID
IsBadWritePtr
InterlockedExchange
SetEndOfFile
GetFileInformationByHandle
LocalSize
SleepEx
QueueUserAPC
ExitThread
GetVersionExA
InterlockedCompareExchange
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreA
HeapDestroy
HeapAlloc
HeapCreate
DeviceIoControl
GetSystemPowerStatus
Sleep
RaiseException
GetPrivateProfileSectionW
WaitForMultipleObjectsEx
GetFileTime
lstrcmpW
QueryPerformanceCounter
lstrcpynA
LoadLibraryA
GetProcAddress
CreateEventA
SetEvent
GetModuleFileNameA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetCurrentProcessId
OpenProcess
GetCurrentProcess
CloseHandle
DuplicateHandle
lstrcmpiA
lstrlenA
lstrlenW
GetLastError
WideCharToMultiByte
MultiByteToWideChar
LocalReAlloc
LocalAlloc
LocalFree
DisableThreadLibraryCalls
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
TlsFree
GetPrivateProfileIntW
FindResourceW
GetFileAttributesExW
msvcrt
_adjust_fdiv
malloc
_initterm
free
_strlwr
_wtol
_except_handler3
wcslen
memmove
_vsnwprintf
_vsnprintf
user32
CreateAcceleratorTableW
CreateDialogIndirectParamA
CreateDialogIndirectParamW
CreateDialogParamA
CreateDialogParamW
DefWindowProcA
DefWindowProcW
DialogBoxIndirectParamA
DialogBoxIndirectParamW
DialogBoxParamA
DialogBoxParamW
DispatchMessageA
DispatchMessageW
GetClassLongW
GetMessageA
GetMessageW
GetWindowLongA
GetWindowLongW
GetWindowTextLengthA
GetWindowTextLengthW
IsDialogMessageA
IsDialogMessageW
LoadAcceleratorsA
LoadAcceleratorsW
LoadBitmapA
LoadBitmapW
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
CreateIconFromResource
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
LoadImageA
DeleteMenu
DestroyMenu
SystemParametersInfoA
DrawTextA
CopyRect
OffsetRect
GetSysColor
GetWindowThreadProcessId
IsWindow
TrackPopupMenu
TrackPopupMenuEx
LoadStringW
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostThreadMessageA
PostThreadMessageW
SetWindowLongA
SetWindowLongW
SetWindowsHookExA
SetWindowsHookExW
TranslateAcceleratorA
TranslateAcceleratorW
wvsprintfW
GetMenuItemInfoW
InsertMenuItemA
InsertMenuItemW
DdeInitializeA
DdeInitializeW
CharLowerW
CharToOemA
CharToOemW
CharUpperW
CreateWindowExA
CreateWindowExW
DrawTextW
FindWindowExA
FindWindowExW
GetClassInfoA
GetClassInfoW
GetClassNameW
GetClipboardFormatNameA
GetClipboardFormatNameW
MessageBoxA
MessageBoxW
GetPropA
GetPropW
GetWindowTextW
LoadImageW
CreateMenu
SetMenuContextHelpId
LoadMenuA
LoadMenuW
GetMenuStringA
GetMenuStringW
InsertMenuA
InsertMenuW
MessageBoxIndirectA
MessageBoxIndirectW
ModifyMenuA
ModifyMenuW
OemToCharA
OemToCharW
RegisterClassA
RegisterClassW
RegisterClipboardFormatA
RegisterClipboardFormatW
RegisterWindowMessageA
RegisterWindowMessageW
RemovePropA
RemovePropW
SendMessageTimeoutA
SendMessageW
SetPropA
SetPropW
SetWindowTextW
SystemParametersInfoW
UnregisterClassA
UnregisterClassW
VkKeyScanA
VkKeyScanW
WinHelpW
DrawTextExA
DrawTextExW
SetMenuItemInfoA
SetMenuItemInfoW
RegisterClassExA
RegisterClassExW
GetClassInfoExA
GetClassInfoExW
DdeCreateStringHandleA
DdeCreateStringHandleW
DdeQueryStringA
DdeQueryStringW
FindWindowW
SendDlgItemMessageW
SendMessageTimeoutW
DestroyAcceleratorTable
GetKeyState
SetParent
GetParent
RemoveMenu
GetSubMenu
EnumChildWindows
IsWindowUnicode
EnableMenuItem
CheckMenuItem
DeferWindowPos
MapWindowPoints
SendDlgItemMessageA
SetWindowPos
GetWindowRect
EndDeferWindowPos
BeginDeferWindowPos
EnableWindow
ShowWindow
SetFocus
IsDlgButtonChecked
EndDialog
MsgWaitForMultipleObjects
IsChild
GetMenuDefaultItem
CreatePopupMenu
SetCursor
FindWindowA
EnumWindows
TranslateMessage
UpdateWindow
InvalidateRect
EndPaint
BeginPaint
DrawFocusRect
GetFocus
ValidateRect
EqualRect
GetUpdateRect
GetDesktopWindow
BroadcastSystemMessage
CharNextW
CreateAcceleratorTableA
CopyAcceleratorTableW
CopyAcceleratorTableA
CharUpperBuffW
CharLowerBuffW
CallMsgFilterW
CallMsgFilterA
CallWindowProcW
CallWindowProcA
GetDlgItem
GetClientRect
SendMessageA
SetWindowTextA
CharUpperA
CharPrevA
GetDC
GetIconInfo
DrawIconEx
CreateIconIndirect
ReleaseDC
DestroyIcon
CharNextA
GetClassLongA
SetTimer
KillTimer
GetWindowTextA
GetClassNameA
GetSystemMetrics
GetMenuItemCount
GetMenuItemInfoA
WinHelpA
LoadStringA
Exports
Exports
AssocCreate
AssocGetPerceivedType
AssocIsDangerous
AssocQueryKeyA
AssocQueryKeyW
AssocQueryStringA
AssocQueryStringByKeyA
AssocQueryStringByKeyW
AssocQueryStringW
ChrCmpIA
ChrCmpIW
ColorAdjustLuma
ColorHLSToRGB
ColorRGBToHLS
DelayLoadFailureHook
DllGetVersion
GetAcceptLanguagesA
GetAcceptLanguagesW
GetMenuPosFromID
HashData
IntlStrEqWorkerA
IntlStrEqWorkerW
IsCharSpaceA
IsCharSpaceW
PathAddBackslashA
PathAddBackslashW
PathAddExtensionA
PathAddExtensionW
PathAppendA
PathAppendW
PathBuildRootA
PathBuildRootW
PathCanonicalizeA
PathCanonicalizeW
PathCombineA
PathCombineW
PathCommonPrefixA
PathCommonPrefixW
PathCompactPathA
PathCompactPathExA
PathCompactPathExW
PathCompactPathW
PathCreateFromUrlA
PathCreateFromUrlW
PathFileExistsA
PathFileExistsW
PathFindExtensionA
PathFindExtensionW
PathFindFileNameA
PathFindFileNameW
PathFindNextComponentA
PathFindNextComponentW
PathFindOnPathA
PathFindOnPathW
PathFindSuffixArrayA
PathFindSuffixArrayW
PathGetArgsA
PathGetArgsW
PathGetCharTypeA
PathGetCharTypeW
PathGetDriveNumberA
PathGetDriveNumberW
PathIsContentTypeA
PathIsContentTypeW
PathIsDirectoryA
PathIsDirectoryEmptyA
PathIsDirectoryEmptyW
PathIsDirectoryW
PathIsFileSpecA
PathIsFileSpecW
PathIsLFNFileSpecA
PathIsLFNFileSpecW
PathIsNetworkPathA
PathIsNetworkPathW
PathIsPrefixA
PathIsPrefixW
PathIsRelativeA
PathIsRelativeW
PathIsRootA
PathIsRootW
PathIsSameRootA
PathIsSameRootW
PathIsSystemFolderA
PathIsSystemFolderW
PathIsUNCA
PathIsUNCServerA
PathIsUNCServerShareA
PathIsUNCServerShareW
PathIsUNCServerW
PathIsUNCW
PathIsURLA
PathIsURLW
PathMakePrettyA
PathMakePrettyW
PathMakeSystemFolderA
PathMakeSystemFolderW
PathMatchSpecA
PathMatchSpecW
PathParseIconLocationA
PathParseIconLocationW
PathQuoteSpacesA
PathQuoteSpacesW
PathRelativePathToA
PathRelativePathToW
PathRemoveArgsA
PathRemoveArgsW
PathRemoveBackslashA
PathRemoveBackslashW
PathRemoveBlanksA
PathRemoveBlanksW
PathRemoveExtensionA
PathRemoveExtensionW
PathRemoveFileSpecA
PathRemoveFileSpecW
PathRenameExtensionA
PathRenameExtensionW
PathSearchAndQualifyA
PathSearchAndQualifyW
PathSetDlgItemPathA
PathSetDlgItemPathW
PathSkipRootA
PathSkipRootW
PathStripPathA
PathStripPathW
PathStripToRootA
PathStripToRootW
PathUnExpandEnvStringsA
PathUnExpandEnvStringsW
PathUndecorateA
PathUndecorateW
PathUnmakeSystemFolderA
PathUnmakeSystemFolderW
PathUnquoteSpacesA
PathUnquoteSpacesW
SHAllocShared
SHAutoComplete
SHCopyKeyA
SHCopyKeyW
SHCreateShellPalette
SHCreateStreamOnFileA
SHCreateStreamOnFileEx
SHCreateStreamOnFileW
SHCreateStreamWrapper
SHCreateThread
SHCreateThreadRef
SHDeleteEmptyKeyA
SHDeleteEmptyKeyW
SHDeleteKeyA
SHDeleteKeyW
SHDeleteOrphanKeyA
SHDeleteOrphanKeyW
SHDeleteValueA
SHDeleteValueW
SHEnumKeyExA
SHEnumKeyExW
SHEnumValueA
SHEnumValueW
SHFreeShared
SHGetInverseCMAP
SHGetThreadRef
SHGetValueA
SHGetValueW
SHGetViewStatePropertyBag
SHIsLowMemoryMachine
SHLoadIndirectString
SHLockShared
SHOpenRegStream2A
SHOpenRegStream2W
SHOpenRegStreamA
SHOpenRegStreamW
SHQueryInfoKeyA
SHQueryInfoKeyW
SHQueryValueExA
SHQueryValueExW
SHRegCloseUSKey
SHRegCreateUSKeyA
SHRegCreateUSKeyW
SHRegDeleteEmptyUSKeyA
SHRegDeleteEmptyUSKeyW
SHRegDeleteUSValueA
SHRegDeleteUSValueW
SHRegDuplicateHKey
SHRegEnumUSKeyA
SHRegEnumUSKeyW
SHRegEnumUSValueA
SHRegEnumUSValueW
SHRegGetBoolUSValueA
SHRegGetBoolUSValueW
SHRegGetPathA
SHRegGetPathW
SHRegGetUSValueA
SHRegGetUSValueW
SHRegGetValueA
SHRegGetValueW
SHRegOpenUSKeyA
SHRegOpenUSKeyW
SHRegQueryInfoUSKeyA
SHRegQueryInfoUSKeyW
SHRegQueryUSValueA
SHRegQueryUSValueW
SHRegSetPathA
SHRegSetPathW
SHRegSetUSValueA
SHRegSetUSValueW
SHRegWriteUSValueA
SHRegWriteUSValueW
SHRegisterValidateTemplate
SHReleaseThreadRef
SHSetThreadRef
SHSetValueA
SHSetValueW
SHSkipJunction
SHStrDupA
SHStrDupW
SHUnlockShared
StrCSpnA
StrCSpnIA
StrCSpnIW
StrCSpnW
StrCatBuffA
StrCatBuffW
StrCatChainW
StrCatW
StrChrA
StrChrIA
StrChrIW
StrChrNIW
StrChrNW
StrChrW
StrCmpCA
StrCmpCW
StrCmpICA
StrCmpICW
StrCmpIW
StrCmpLogicalW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrCmpNW
StrCmpW
StrCpyNW
StrCpyW
StrDupA
StrDupW
StrFormatByteSize64A
StrFormatByteSizeA
StrFormatByteSizeW
StrFormatKBSizeA
StrFormatKBSizeW
StrFromTimeIntervalA
StrFromTimeIntervalW
StrIsIntlEqualA
StrIsIntlEqualW
StrNCatA
StrNCatW
StrPBrkA
StrPBrkW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrIA
StrRStrIW
StrRetToBSTR
StrRetToBufA
StrRetToBufW
StrRetToStrA
StrRetToStrW
StrSpnA
StrSpnW
StrStrA
StrStrIA
StrStrIW
StrStrNIW
StrStrNW
StrStrW
StrToInt64ExA
StrToInt64ExW
StrToIntA
StrToIntExA
StrToIntExW
StrToIntW
StrTrimA
StrTrimW
UrlApplySchemeA
UrlApplySchemeW
UrlCanonicalizeA
UrlCanonicalizeW
UrlCombineA
UrlCombineW
UrlCompareA
UrlCompareW
UrlCreateFromPathA
UrlCreateFromPathW
UrlEscapeA
UrlEscapeW
UrlGetLocationA
UrlGetLocationW
UrlGetPartA
UrlGetPartW
UrlHashA
UrlHashW
UrlIsA
UrlIsNoHistoryA
UrlIsNoHistoryW
UrlIsOpaqueA
UrlIsOpaqueW
UrlIsW
UrlUnescapeA
UrlUnescapeW
wnsprintfA
wnsprintfW
wvnsprintfA
wvnsprintfW
Sections
.text Size: 431KB - Virtual size: 430KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
使用说明.txt
-
官方网站.url
-
默认密码.txt