General

Malware Config

Signatures

Files

• doudou_BL_OPENAZ_3_&W66b2626200003b0bW&ai.exe

  .exe windows:4 windows x86 arch:x86

  Password: Cracked

  7eae418c7423834ffc3d79b4300bd6fb

  
  

  Code Sign

  77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed

  Certificate

  Issuer

  CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

  Not Before

  28-07-2020 00:00

  Not After

  28-07-2030 00:00

  Subject

  CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  15:d9:3b:8b:3a:7c:bf:eb:71:00:ff:d4

  Certificate

  Issuer

  CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

  Not Before

  05-09-2023 04:38

  Not After

  05-09-2024 04:38

  Subject

  SERIALNUMBER=91110108MACEHKBQ10,CN=Beijing Xinying Suixing Technology Co.\, Ltd.,O=Beijing Xinying Suixing Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16

  Certificate

  Issuer

  CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

  Not Before

  07-11-2023 17:13

  Not After

  09-12-2034 17:13

  Subject

  CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

  Not Before

  20-06-2018 00:00

  Not After

  10-12-2034 00:00

  Subject

  CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

  Not Before

  10-12-2014 00:00

  Not After

  10-12-2034 00:00

  Subject

  CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  1b:f3:63:a4:be:1a:ce:f7:79:d2:8f:38:8f:cf:b4:d5:98:73:fb:71:b0:04:8d:20:ea:a9:d2:7e:d9:83:3d:13

  Signer

  Actual PE Digest

  1b:f3:63:a4:be:1a:ce:f7:79:d2:8f:38:8f:cf:b4:d5:98:73:fb:71:b0:04:8d:20:ea:a9:d2:7e:d9:83:3d:13

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  SetEnvironmentVariableW

  SetFileAttributesW

  Sleep

  GetTickCount

  GetFileSize

  GetModuleFileNameW

  GetCurrentProcess

  CopyFileW

  SetCurrentDirectoryW

  GetFileAttributesW

  GetWindowsDirectoryW

  GetTempPathW

  GetCommandLineW

  GetVersion

  SetErrorMode

  lstrlenW

  lstrcpynW

  GetDiskFreeSpaceW

  ExitProcess

  MoveFileW

  CreateThread

  GetLastError

  CreateDirectoryW

  CreateProcessW

  RemoveDirectoryW

  lstrcmpiA

  CreateFileW

  GetTempFileNameW

  WriteFile

  lstrcpyA

  MoveFileExW

  lstrcatW

  GetSystemDirectoryW

  GetProcAddress

  GetModuleHandleA

  GetExitCodeProcess

  WaitForSingleObject

  lstrcmpiW

  lstrcmpW

  GetFullPathNameW

  GetShortPathNameW

  SearchPathW

  CompareFileTime

  SetFileTime

  CloseHandle

  ExpandEnvironmentStringsW

  GlobalFree

  GlobalLock

  GlobalUnlock

  GlobalAlloc

  DeleteFileW

  FindFirstFileW

  FindNextFileW

  FindClose

  SetFilePointer

  ReadFile

  MulDiv

  lstrlenA

  WideCharToMultiByte

  MultiByteToWideChar

  WritePrivateProfileStringW

  FreeLibrary

  GetPrivateProfileStringW

  GetModuleHandleW

  LoadLibraryExW

  user32

  GetWindowRect

  GetSystemMenu

  SetClassLongW

  IsWindowEnabled

  SetWindowPos

  GetSysColor

  GetWindowLongW

  SetCursor

  LoadCursorW

  CheckDlgButton

  GetMessagePos

  CallWindowProcW

  IsWindowVisible

  CloseClipboard

  SetClipboardData

  EmptyClipboard

  OpenClipboard

  TrackPopupMenu

  ScreenToClient

  EnableMenuItem

  GetDlgItem

  SetDlgItemTextW

  GetDlgItemTextW

  MessageBoxIndirectW

  CharPrevW

  CharNextA

  wsprintfA

  DispatchMessageW

  PeekMessageW

  GetDC

  ReleaseDC

  EnableWindow

  InvalidateRect

  SendMessageW

  DefWindowProcW

  BeginPaint

  GetClientRect

  FillRect

  SystemParametersInfoW

  EndDialog

  RegisterClassW

  DialogBoxParamW

  CreateWindowExW

  GetClassInfoW

  DestroyWindow

  CharNextW

  ExitWindowsEx

  SetWindowTextW

  LoadImageW

  SetTimer

  ShowWindow

  PostQuitMessage

  wsprintfW

  SetWindowLongW

  FindWindowExW

  IsWindow

  CreatePopupMenu

  AppendMenuW

  GetSystemMetrics

  DrawTextW

  EndPaint

  CreateDialogParamW

  SendMessageTimeoutW

  SetForegroundWindow

  gdi32

  SelectObject

  SetTextColor

  SetBkMode

  CreateFontIndirectW

  CreateBrushIndirect

  DeleteObject

  GetDeviceCaps

  SetBkColor

  shell32

  ShellExecuteExW

  SHGetPathFromIDListW

  SHGetSpecialFolderLocation

  SHGetFileInfoW

  SHFileOperationW

  SHBrowseForFolderW

  advapi32

  AdjustTokenPrivileges

  RegCreateKeyExW

  RegOpenKeyExW

  SetFileSecurityW

  OpenProcessToken

  LookupPrivilegeValueW

  RegEnumValueW

  RegDeleteKeyW

  RegDeleteValueW

  RegCloseKey

  RegSetValueExW

  RegQueryValueExW

  RegEnumKeyW

  comctl32

  ImageList_Create

  ImageList_AddMasked

  ord17

  ImageList_Destroy

  ole32

  OleUninitialize

  OleInitialize

  CoTaskMemFree

  CoCreateInstance

  Sections

  .text

  Size: 25KB - Virtual size: 24KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1KB - Virtual size: 128KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .ndata

  Size: - Virtual size: 104KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 71KB - Virtual size: 70KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/MicrosoftEdgeWebview2Setup.exe

  .exe windows:5 windows x86 arch:x86

  Password: Cracked

  ccc6e30409f96054ca558f4765d32e38

  
  

  Code Sign

  33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3c

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  16-02-2023 20:10

  Not After

  31-01-2024 20:10

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  64:57:97:41:81:d1:09:95:4f:1c:10:95:8c:65:4e:63

  Certificate

  Issuer

  CN=EdgeBuild,O=EdgeBuild,L=Redmond,ST=Washington,C=US

  Not Before

  15-06-2020 23:52

  Not After

  31-12-2039 23:59

  Subject

  CN=EdgeBuild,O=EdgeBuild,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageKeyEncipherment

  0a:ca:d4:26:80:27:33:28:d6:a6:7e:04:98:46:a7:9d:b1:61:e9:8f:2a:b8:9e:87:24:97:87:8f:76:f2:4e:91

  Signer

  Actual PE Digest

  0a:ca:d4:26:80:27:33:28:d6:a6:7e:04:98:46:a7:9d:b1:61:e9:8f:2a:b8:9e:87:24:97:87:8f:76:f2:4e:91

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  0a:ca:d4:26:80:27:33:28:d6:a6:7e:04:98:46:a7:9d:b1:61:e9:8f:2a:b8:9e:87:24:97:87:8f:76:f2:4e:91

  Signer

  Actual PE Digest

  0a:ca:d4:26:80:27:33:28:d6:a6:7e:04:98:46:a7:9d:b1:61:e9:8f:2a:b8:9e:87:24:97:87:8f:76:f2:4e:91

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  mi_exe_stub.pdb

  Imports

  kernel32

  GetStdHandle

  WriteFile

  GetModuleFileNameW

  ExitProcess

  GetModuleHandleExW

  OutputDebugStringW

  HeapAlloc

  HeapFree

  FindClose

  FindFirstFileExW

  FindNextFileW

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCPInfo

  GetCommandLineA

  GetCommandLineW

  MultiByteToWideChar

  WideCharToMultiByte

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  SetStdHandle

  GetFileType

  RaiseException

  LCMapStringW

  GetProcessHeap

  HeapSize

  HeapReAlloc

  FlushFileBuffers

  GetConsoleOutputCP

  GetConsoleMode

  SetFilePointerEx

  CreateFileW

  CloseHandle

  WriteConsoleW

  DecodePointer

  VirtualProtect

  EncodePointer

  QueryPerformanceCounter

  LoadLibraryExW

  GetProcAddress

  FreeLibrary

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  InitializeCriticalSectionAndSpinCount

  DeleteCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  SetLastError

  GetLastError

  RtlUnwind

  TerminateProcess

  GetCurrentProcess

  GetModuleHandleW

  IsProcessorFeaturePresent

  GetStartupInfoW

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  IsDebuggerPresent

  InitializeSListHead

  GetSystemTimeAsFileTime

  GetCurrentThreadId

  GetCurrentProcessId

  GetStringTypeW

  CreateDirectoryW

  SizeofResource

  Wow64DisableWow64FsRedirection

  RemoveDirectoryW

  GetTempPathW

  FormatMessageW

  Wow64RevertWow64FsRedirection

  GetDiskFreeSpaceExW

  LockResource

  DeleteFileW

  FindResourceExW

  LoadResource

  FindResourceW

  HeapDestroy

  LocalFree

  VerSetConditionMask

  CopyFileW

  VerifyVersionInfoW

  GetTempFileNameW

  lstrcmpiW

  CreateMutexW

  WaitForSingleObject

  ReleaseMutex

  CreateEventW

  SetEvent

  CreateThread

  UnmapViewOfFile

  CreateFileMappingW

  MapViewOfFile

  VirtualQuery

  CreateProcessW

  GetExitCodeProcess

  ResetEvent

  WaitForSingleObjectEx

  GetSystemInfo

  LoadLibraryExA

  advapi32

  RegOpenKeyExA

  SetSecurityDescriptorDacl

  GetAclInformation

  SetSecurityDescriptorOwner

  GetSidSubAuthority

  GetSidLengthRequired

  CopySid

  InitializeSid

  IsValidSid

  AddAce

  InitializeSecurityDescriptor

  InitializeAcl

  GetLengthSid

  GetSecurityDescriptorLength

  MakeSelfRelativeSD

  MakeAbsoluteSD

  SetSecurityDescriptorGroup

  RegOpenKeyExW

  RegQueryValueExW

  GetSecurityDescriptorSacl

  GetSecurityDescriptorDacl

  GetSecurityDescriptorGroup

  GetSecurityDescriptorControl

  GetSecurityDescriptorOwner

  RegCloseKey

  RegQueryValueExA

  RegCreateKeyExA

  RegSetValueExW

  RegSetValueExA

  RegDeleteValueA

  ole32

  CoTaskMemFree

  CoUninitialize

  CoInitializeEx

  shell32

  SHGetKnownFolderPath

  ord680

  CommandLineToArgvW

  SHGetFolderPathW

  user32

  CharLowerBuffW

  MessageBoxW

  Sections

  .text

  Size: 105KB - Virtual size: 105KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 35KB - Virtual size: 35KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .didat

  Size: 512B - Virtual size: 44B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1.4MB - Virtual size: 1.4MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/nsProcessW.dll

  .dll windows:5 windows x86 arch:x86

  Password: Cracked

  439074d1c01f7b16781bdf060930814a

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  CloseHandle

  TerminateProcess

  WaitForSingleObject

  GetExitCodeProcess

  OpenProcess

  MultiByteToWideChar

  lstrlenA

  lstrlenW

  LoadLibraryA

  lstrcmpiW

  lstrcpynW

  FreeLibrary

  LocalFree

  LocalAlloc

  GetProcAddress

  LoadLibraryW

  GetVersionExW

  GlobalFree

  GlobalAlloc

  user32

  GetWindowThreadProcessId

  EnumWindows

  wsprintfW

  PostMessageW

  Exports

  Exports

  _CloseProcess

  _FindProcess

  _KillProcess

  _Unload

  Sections

  .text

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1024B - Virtual size: 927B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 436B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 254B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/windowsdesktop-runtime-7.0.11-win-x86.exe

  .exe windows:6 windows x86 arch:x86

  Password: Cracked

  f57d7a40ebfca87e6f8082251d937ed8

  
  

  Code Sign

  33:00:00:03:7c:c9:f6:bc:ed:07:59:ae:08:00:00:00:00:03:7c

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  11-05-2023 19:03

  Not After

  08-05-2024 19:03

  Subject

  CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  e0:ab:a0:01:5d:60:fb:d7:d7:58:fd:98:02:c6:fd:f7:d3:79:6f:b3:8b:6f:33:ad:51:42:74:ef:c9:60:99:06

  Signer

  Actual PE Digest

  e0:ab:a0:01:5d:60:fb:d7:d7:58:fd:98:02:c6:fd:f7:d3:79:6f:b3:8b:6f:33:ad:51:42:74:ef:c9:60:99:06

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  PDB Paths

  C:\agent\_work\138\s\build\ship\x86\burn.pdb

  Imports

  advapi32

  RegCloseKey

  RegOpenKeyExW

  OpenProcessToken

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  InitiateSystemShutdownExW

  GetUserNameW

  RegQueryValueExW

  RegDeleteValueW

  CloseEventLog

  OpenEventLogW

  ReportEventW

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  CreateWellKnownSid

  InitializeAcl

  DecryptFileW

  SetEntriesInAclW

  ChangeServiceConfigW

  CloseServiceHandle

  ControlService

  OpenSCManagerW

  OpenServiceW

  QueryServiceStatus

  SetNamedSecurityInfoW

  CheckTokenMembership

  AllocateAndInitializeSid

  SetEntriesInAclA

  SetSecurityDescriptorOwner

  SetSecurityDescriptorGroup

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  RegSetValueExW

  RegQueryInfoKeyW

  RegEnumValueW

  RegEnumKeyExW

  RegDeleteKeyW

  RegCreateKeyExW

  GetTokenInformation

  CryptDestroyHash

  CryptHashData

  CryptCreateHash

  CryptGetHashParam

  CryptReleaseContext

  CryptAcquireContextW

  QueryServiceConfigW

  user32

  PeekMessageW

  PostMessageW

  IsWindow

  WaitForInputIdle

  PostQuitMessage

  GetMessageW

  TranslateMessage

  MsgWaitForMultipleObjects

  PostThreadMessageW

  GetMonitorInfoW

  MonitorFromPoint

  IsDialogMessageW

  LoadCursorW

  LoadBitmapW

  SetWindowLongW

  GetWindowLongW

  GetCursorPos

  MessageBoxW

  CreateWindowExW

  UnregisterClassW

  RegisterClassW

  DefWindowProcW

  DispatchMessageW

  oleaut32

  VariantInit

  SysAllocString

  VariantClear

  SysFreeString

  gdi32

  DeleteDC

  DeleteObject

  SelectObject

  StretchBlt

  GetObjectW

  CreateCompatibleDC

  shell32

  CommandLineToArgvW

  SHGetFolderPathW

  ShellExecuteExW

  ole32

  CoUninitialize

  CoInitializeEx

  CoInitialize

  StringFromGUID2

  CoCreateInstance

  CoTaskMemFree

  CoInitializeSecurity

  CLSIDFromProgID

  kernel32

  GetCPInfo

  GetOEMCP

  GetACP

  CreateFileW

  CloseHandle

  GetLastError

  HeapSetInformation

  GetModuleHandleW

  GetProcAddress

  LocalFree

  FormatMessageW

  lstrlenA

  lstrlenW

  MultiByteToWideChar

  WideCharToMultiByte

  LCMapStringW

  ExpandEnvironmentStringsW

  CreateDirectoryW

  GetFullPathNameW

  GetTempFileNameW

  GetTempPathW

  Sleep

  GetLocalTime

  GetModuleFileNameW

  CompareStringW

  CreateFileA

  SetFilePointer

  WriteFile

  GetCurrentProcessId

  GetSystemDirectoryW

  LoadLibraryW

  HeapAlloc

  HeapReAlloc

  HeapFree

  HeapSize

  GetCommandLineA

  SetCurrentDirectoryW

  GetCurrentDirectoryW

  DeleteFileW

  FindClose

  FindFirstFileW

  FindNextFileW

  GetFileAttributesW

  RemoveDirectoryW

  SetFileAttributesW

  MoveFileExW

  InitializeCriticalSection

  DeleteCriticalSection

  ReleaseMutex

  GetCurrentProcess

  GetCurrentThreadId

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  CreateProcessW

  GetVersionExW

  VerSetConditionMask

  GetVolumePathNameW

  EnterCriticalSection

  LeaveCriticalSection

  GetSystemTime

  GetWindowsDirectoryW

  GetNativeSystemInfo

  GetCommandLineW

  FreeLibrary

  GetModuleHandleExW

  GetComputerNameW

  VerifyVersionInfoW

  GetDateFormatW

  GetUserDefaultUILanguage

  GetUserDefaultLangID

  GetSystemDefaultLangID

  GetStringTypeW

  ReadFile

  SetFilePointerEx

  DuplicateHandle

  LoadLibraryExW

  CreateEventW

  ProcessIdToSessionId

  ConnectNamedPipe

  SetNamedPipeHandleState

  CreateNamedPipeW

  WaitForSingleObject

  GetProcessId

  OpenProcess

  CreateThread

  GetExitCodeThread

  SetEvent

  WaitForMultipleObjects

  LocalFileTimeToFileTime

  SetEndOfFile

  SetFileTime

  ResetEvent

  DosDateTimeToFileTime

  CompareStringA

  GetExitCodeProcess

  SetThreadExecutionState

  CopyFileExW

  CreateMutexW

  CreateFileMappingW

  MapViewOfFile

  UnmapViewOfFile

  GetThreadLocale

  IsValidCodePage

  FindFirstFileExW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  SetStdHandle

  GetFileSizeEx

  FlushFileBuffers

  GetConsoleCP

  GetConsoleMode

  DecodePointer

  WriteConsoleW

  GetModuleHandleA

  GlobalAlloc

  GlobalFree

  CopyFileW

  VirtualAlloc

  VirtualFree

  SystemTimeToTzSpecificLocalTime

  SystemTimeToFileTime

  GetTimeZoneInformation

  GetSystemInfo

  VirtualProtect

  VirtualQuery

  GetSystemWow64DirectoryW

  GetProcessHeap

  GetFileType

  ExitProcess

  GetStdHandle

  InitializeCriticalSectionAndSpinCount

  SetLastError

  RtlUnwind

  RaiseException

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  IsProcessorFeaturePresent

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  InitializeSListHead

  IsDebuggerPresent

  GetStartupInfoW

  LoadLibraryExA

  rpcrt4

  UuidCreate

  Sections

  .text

  Size: 295KB - Virtual size: 294KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 125KB - Virtual size: 124KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .wixburn

  Size: 512B - Virtual size: 56B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 15KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 15KB - Virtual size: 15KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ