FindDevice
FindProcess
KillProcess
Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
e6947908ecfa3f110fe380e07a2941e1b558e12f0481ea8b6075658b06661262.exe
Resource
win7-20240708-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
e6947908ecfa3f110fe380e07a2941e1b558e12f0481ea8b6075658b06661262.exe
Resource
win10v2004-20240730-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Processes.dll
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Processes.dll
Resource
win10v2004-20240730-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral5
Sample
EHPClientAgent.exe
Resource
win7-20240705-en
windows7-x64
13 signatures
150 seconds
Behavioral task
behavioral6
Sample
EHPClientAgent.exe
Resource
win10v2004-20240730-en
windows10-2004-x64
13 signatures
150 seconds
General
-
Target
e6947908ecfa3f110fe380e07a2941e1b558e12f0481ea8b6075658b06661262.exe
-
Size
10.8MB
-
MD5
b7cfa25321334064893666ecc2bcf9da
-
SHA1
5829e85e9bb196a42d71b83206d777951dd7f90e
-
SHA256
e6947908ecfa3f110fe380e07a2941e1b558e12f0481ea8b6075658b06661262
-
SHA512
d208640e74d27ecd3fbda1d1cccfdc15e97d210522a6e99d836c227fc19c7275234383907c6c40e3d073c6f1cce30ce7f987d4000dd3ce3f2c0c5883d593fdc5
-
SSDEEP
196608:TUc4/rSpnbNqe46I8/rtiswWjSUevQ6CE7V+dRIW0uXQnDTjH3uDb:4pYpxjftisrSUevQ6Cc+jj6DTaDb
Score
3/10
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource e6947908ecfa3f110fe380e07a2941e1b558e12f0481ea8b6075658b06661262.exe unpack001/$PLUGINSDIR/Processes.dll -
NSIS installer 2 IoCs
resource yara_rule sample nsis_installer_1 sample nsis_installer_2
Files
-
e6947908ecfa3f110fe380e07a2941e1b558e12f0481ea8b6075658b06661262.exe.exe windows:4 windows x86 arch:x86
7fa974366048f9c551ef45714595665e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA
user32
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
shell32
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
advapi32
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 36KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/Processes.dll.dll windows:4 windows x86 arch:x86
f5edecae12589e705677a6e272ad0394
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
CloseHandle
TerminateProcess
GlobalFree
lstrcpyA
GetCommandLineA
GetVersionExA
ExitProcess
GetModuleHandleA
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
UnhandledExceptionFilter
DisableThreadLibraryCalls
WriteFile
SetFilePointer
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
GetLocaleInfoA
VirtualProtect
GetSystemInfo
user32
FindWindowA
GetDesktopWindow
wsprintfA
UpdateWindow
Exports
Exports
Sections
.text Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
EHPClientAgent.exe.exe windows:5 windows x86 arch:x86
98d708e4e4d3d4ebeebff964f68d645b
Code Sign
29:29:27:11:6b:76:ce:7e:bf:ac:cc:58:4a:7f:29:dfCertificate
IssuerCN=Bangkok Medical SoftwareNot Before11/02/2015, 04:04Not After31/12/2039, 23:59SubjectCN=Bangkok Medical SoftwareExtended Key Usages
ExtKeyUsageCodeSigning
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before03/05/2023, 00:00Not After02/08/2034, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
cc:3f:bf:23:b7:86:61:3c:66:0c:d5:ec:6d:3d:20:7a:52:f1:9f:26Signer
Actual PE Digestcc:3f:bf:23:b7:86:61:3c:66:0c:d5:ec:6d:3d:20:7a:52:f1:9f:26Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
oleaut32
SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
GetActiveObject
UnRegisterTypeLib
RegisterTypeLib
LoadTypeLib
VariantInit
SafeArrayCopy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayRedim
SafeArrayDestroy
SafeArrayDestroyDescriptor
SafeArrayCreate
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetLBound
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
advapi32
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
RegUnLoadKeyW
RegSetValueExA
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExA
RegQueryValueW
RegQueryInfoKeyW
RegOpenKeyExA
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueA
RegDeleteValueW
RegDeleteKeyA
RegDeleteKeyW
RegCreateKeyExA
RegCreateKeyExW
RegConnectRegistryW
OpenProcessToken
LookupPrivilegeValueW
LookupAccountNameW
IsValidSid
InitializeSecurityDescriptor
GetUserNameA
GetUserNameW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
QueryServiceStatus
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
user32
LoadStringW
MessageBoxA
CharNextW
CreateWindowExA
CreateWindowExW
WindowFromPoint
WindowFromDC
WaitMessage
VkKeyScanW
ValidateRect
UpdateWindow
UnregisterClassA
UnregisterClassW
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
ToUnicode
TabbedTextOutW
SystemParametersInfoW
SubtractRect
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextA
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRectEmpty
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetClassLongW
SetCapture
SetActiveWindow
SendNotifyMessageW
SendMessageTimeoutA
SendMessageA
SendMessageW
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassA
RegisterClassW
RedrawWindow
PtInRect
PostThreadMessageA
PostThreadMessageW
PostQuitMessage
PostMessageA
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
OemToCharBuffA
OemToCharA
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MoveWindow
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LockWindowUpdate
LoadStringA
LoadKeyboardLayoutW
LoadImageA
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericW
IsCharAlphaW
InvalidateRgn
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextA
GetWindowTextW
GetWindowRgn
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowLongW
GetWindowDC
GetUpdateRgn
GetUpdateRect
GetTopWindow
GetTabbedTextExtentW
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMessageA
GetMessageW
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassNameW
GetClassLongW
GetClassInfoW
GetCaretPos
GetCapture
GetAsyncKeyState
GetAncestor
GetActiveWindow
FrameRect
FindWindowExW
FindWindowA
FindWindowW
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndMenu
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextA
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DrawCaption
DragDetect
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DeferWindowPos
DefWindowProcA
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CountClipboardFormats
CopyImage
CopyIcon
CloseClipboard
ClipCursor
ClientToScreen
ChildWindowFromPointEx
CheckMenuItem
CharUpperBuffW
CharUpperW
CharLowerBuffW
CharLowerW
CallWindowProcA
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
BeginDeferWindowPos
AttachThreadInput
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharUpperA
CharToOemBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
kernel32
lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
Sleep
VirtualFree
VirtualAlloc
SwitchToThread
GetACP
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryW
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCurrentDirectoryW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpiW
lstrcmpA
lstrcmpW
lstrcatA
WriteProcessMemory
WritePrivateProfileStringW
WinExec
WaitNamedPipeW
WaitForSingleObjectEx
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualUnlock
VirtualQueryEx
VirtualProtectEx
VirtualProtect
VirtualLock
VerifyVersionInfoW
VerLanguageNameW
UnmapViewOfFile
TryEnterCriticalSection
TerminateThread
TerminateProcess
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
SuspendThread
SleepEx
SizeofResource
SignalObjectAndWait
SetVolumeLabelW
SetUnhandledExceptionFilter
SetThreadPriority
SetThreadLocale
SetNamedPipeHandleState
SetLastError
SetFileTime
SetFileAttributesA
SetFileAttributesW
SetEvent
SetErrorMode
SetEnvironmentVariableW
SetConsoleTextAttribute
ResumeThread
ResetEvent
RemoveDirectoryA
RemoveDirectoryW
ReleaseSemaphore
ReleaseMutex
ReadProcessMemory
QueryPerformanceFrequency
QueryDosDeviceW
PulseEvent
PostQueuedCompletionStatus
IsDebuggerPresent
OutputDebugStringA
OpenProcess
OpenMutexW
OpenFileMappingA
OpenFileMappingW
OpenEventW
MulDiv
MoveFileW
MapViewOfFileEx
MapViewOfFile
LockResource
LocalSize
LocalFileTimeToFileTime
LoadResource
LoadLibraryExA
LoadLibraryW
LCMapStringW
IsDBCSLeadByte
IsBadReadPtr
InitializeCriticalSectionAndSpinCount
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalMemoryStatus
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetVersionExA
GetVersionExW
GetUserDefaultLCID
GetTimeZoneInformation
GetTimeFormatW
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathA
GetTempPathW
GetTempFileNameW
GetSystemTimeAsFileTime
GetSystemTime
GetSystemDirectoryW
GetStringTypeExA
GetStringTypeExW
GetShortPathNameW
GetProfileStringW
GetProfileIntW
GetPrivateProfileStringW
GetModuleHandleA
GetModuleFileNameA
GetLogicalDriveStringsW
GetLocaleInfoA
GetLocalTime
GetFullPathNameW
GetFileTime
GetFileAttributesExW
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableW
GetEnvironmentStringsW
GetDriveTypeW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDateFormatA
GetDateFormatW
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetComputerNameA
GetComputerNameW
GetCommandLineA
GetCPInfoExW
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FreeEnvironmentStringsW
FormatMessageA
FormatMessageW
FlushViewOfFile
FlushInstructionCache
FlushFileBuffers
FindResourceA
FindResourceW
FindNextFileA
FindNextFileW
FindFirstFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
EnumSystemLocalesW
EnumCalendarInfoW
DuplicateHandle
DosDateTimeToFileTime
DeleteFileA
DeleteFileW
CreateSemaphoreW
CreateProcessA
CreateProcessW
CreatePipe
CreateMutexA
CreateMutexW
CreateIoCompletionPort
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateEventA
CreateEventW
CreateDirectoryA
CreateDirectoryW
CopyFileA
CopyFileW
CompareStringA
Beep
VerSetConditionMask
GetQueuedCompletionStatus
GetVolumePathNamesForVolumeNameW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetStringTypeW
msimg32
AlphaBlend
gdi32
WidenPath
UpdateColors
UnrealizeObject
TranslateCharsetInfo
TextOutA
TextOutW
StrokePath
StretchDIBits
StretchBlt
StartPage
StartDocA
StartDocW
SetWorldTransform
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextJustification
SetTextColor
SetTextAlign
SetStretchBltMode
SetRectRgn
SetROP2
SetPolyFillMode
SetPixelV
SetPixel
SetMetaRgn
SetMapperFlags
SetMapMode
SetGraphicsMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetArcDirection
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SelectClipPath
ScaleWindowExtEx
SaveDC
RoundRect
RestoreDC
ResizePalette
ResetDCW
Rectangle
RectVisible
RectInRegion
RealizePalette
PtVisible
PtInRegion
PolylineTo
Polyline
Polygon
PolyPolyline
PolyPolygon
PolyBezierTo
PolyBezier
PlayEnhMetaFileRecord
PlayEnhMetaFile
Pie
PathToRegion
PatBlt
OffsetWindowOrgEx
OffsetRgn
OffsetClipRgn
MoveToEx
ModifyWorldTransform
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWorldTransform
GetWindowOrgEx
GetWindowExtEx
GetWinMetaFileBits
GetViewportOrgEx
GetViewportExtEx
GetTextMetricsA
GetTextMetricsW
GetTextFaceA
GetTextFaceW
GetTextExtentPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentExPointW
GetTextColor
GetTextCharsetInfo
GetTextCharset
GetTextAlign
GetSystemPaletteEntries
GetStretchBltMode
GetStockObject
GetRgnBox
GetRandomRgn
GetROP2
GetPolyFillMode
GetPixel
GetPaletteEntries
GetOutlineTextMetricsA
GetOutlineTextMetricsW
GetObjectType
GetObjectW
GetNearestPaletteIndex
GetNearestColor
GetMapMode
GetGlyphIndicesW
GetFontUnicodeRanges
GetFontData
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipRgn
GetClipBox
GetCharacterPlacementW
GetCharWidthI
GetCharWidthA
GetCharABCWidthsFloatW
GetBrushOrgEx
GetBkMode
GetBitmapBits
GetAspectRatioFilterEx
GetArcDirection
GdiFlush
FrameRgn
FillRgn
FillPath
ExtTextOutW
ExtSelectClipRgn
ExtFloodFill
ExtCreateRegion
ExtCreatePen
ExcludeClipRect
Escape
EqualRgn
EnumFontsW
EnumFontFamiliesExW
EnumFontFamiliesW
EnumEnhMetaFile
EndPath
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
DPtoLP
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreatePolygonRgn
CreatePenIndirect
CreatePen
CreatePatternBrush
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectA
CreateFontIndirectW
CreateFontA
CreateFontW
CreateEnhMetaFileW
CreateEllipticRgn
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineTransform
CombineRgn
CloseFigure
CloseEnhMetaFile
Chord
BitBlt
BeginPath
ArcTo
Arc
AngleArc
AbortDoc
SetLayout
version
VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
mpr
WNetOpenEnumW
WNetGetUniversalNameW
WNetEnumResourceW
WNetCloseEnum
ole32
OleUninitialize
OleInitialize
WriteClassStg
StgIsStorageFile
StgOpenStorage
StgCreateDocfile
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
StringFromGUID2
CLSIDFromProgID
ProgIDFromCLSID
CLSIDFromString
StringFromCLSID
CoCreateInstance
CoDisconnectObject
CoUninitialize
CoInitialize
IsEqualGUID
comctl32
InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_AddMasked
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls
shell32
SHGetFileInfoW
ShellExecuteExA
ShellExecuteA
ShellExecuteW
Shell_NotifyIconW
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetPathFromIDListA
wininet
InternetAttemptConnect
InternetWriteFile
InternetSetStatusCallback
InternetSetOptionA
InternetReadFile
InternetQueryDataAvailable
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpQueryInfoA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
HttpSendRequestExA
InternetCrackUrlA
comdlg32
PrintDlgW
GetSaveFileNameA
GetSaveFileNameW
GetOpenFileNameW
wsock32
__WSAFDIsSet
WSACleanup
WSAStartup
WSAGetLastError
gethostbyname
socket
shutdown
setsockopt
sendto
send
select
recvfrom
recv
ntohs
listen
ioctlsocket
inet_ntoa
inet_addr
htons
getsockopt
getsockname
connect
closesocket
bind
accept
imagehlp
ImageDirectoryEntryToData
ImageGetCertificateData
ImageGetCertificateHeader
ImageEnumerateCertificates
shfolder
SHGetFolderPathW
imm32
ImmGetVirtualKey
winspool.drv
SetFormW
OpenPrinterW
GetFormW
EnumPrintersW
DocumentPropertiesW
DeviceCapabilitiesW
ClosePrinter
AddFormW
GetDefaultPrinterW
winmm
waveOutGetNumDevs
timeSetEvent
timeKillEvent
timeGetTime
timeGetDevCaps
timeEndPeriod
timeBeginPeriod
sndPlaySoundW
PlaySoundW
ws2_32
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
socket
shutdown
setsockopt
send
select
recv
inet_addr
htons
getsockopt
ioctlsocket
connect
closesocket
fontsub
CreateFontPackage
usp10
ScriptShape
ScriptLayout
ScriptItemize
iphlpapi
GetAdaptersInfo
crypt32
CertFreeCertificateContext
CertGetNameStringA
CryptVerifyMessageSignature
Exports
Exports
madTraceProcess
Sections
.text Size: 15.2MB - Virtual size: 15.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 57KB - Virtual size: 56KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 366KB - Virtual size: 366KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 678KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 85B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: - Virtual size: 688B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 7.4MB - Virtual size: 7.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ