nano-antivirus-1-0-146-91291[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

nano-antivirus-1-0-146-91291.exe
Size

10.1MB
MD5

1879980dbb55e5f8272b9e3db6f179fb
SHA1

dadf53ac237aeea8f1f358377ec35923fe6aa843
SHA256

5e5e48065ac966e57db8527bb6bbc5b310044936a91c4ad5047fff0f0989a3ed
SHA512

bfc50e02d949279c490e3b2bc4f4142312e8e9109e77d5134f851bbcb5e844d86e3da28c1d6654caa51819bb0e398685a8ef6b217777225a33e768ff82b0ed03
SSDEEP

196608:so8NYuZdm6H3dO+3bClCGaCMtGpM/bpw6uXQdLIrXtRs423qUZZ3Mh9:WGuZAYqlI/bJdMtRsHqUZY9

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/LogEx.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/linker.dll
unpack001/$PLUGINSDIR/nanoreport.exe
unpack001/$PLUGINSDIR/nanoreportc.exe
unpack001/$PLUGINSDIR/nanoreportc64.exe
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/bin/nanoflt.sys
unpack001/bin/nanoflt64.sys
unpack001/bin/nanokrn.sys
unpack001/bin/nanokrn64.sys
unpack001/bin/nanoreport.exe
unpack001/bin/nanoreportc.exe
unpack001/bin/nanoreportc64.exe

Files

nano-antivirus-1-0-146-91291.exe
.exe windows:5 windows x86 arch:x86

79816339b53ffe40dc34edbae4af71e4

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2016, 00:00

Not After

16/03/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:fc:5f:ae:a6:7c:cb:4c:61:e9:e6:2d
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

16/06/2020, 08:22

Not After

16/06/2023, 13:26

Subject

CN=NANO Security LLC,O=NANO Security LLC,L=Bryansk,ST=Bryansk Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:1e:6f:f3:33:a3:96:b1:00:1e:e9:1f
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

15/06/2020, 13:26

Not After

16/06/2023, 13:26

Subject

CN=NANO Security LLC,O=NANO Security LLC,L=Bryansk,ST=Bryansk Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:8a:28:81:98:6c:ae:18:b8:4a:96:57:67:ae:97:f6:ba:d8:e2:a3:b9:a2:c0:4c:f5:0b:4b:d8:b5:82:97:85
Signer

Actual PE Digest

32:8a:28:81:98:6c:ae:18:b8:4a:96:57:67:ae:97:f6:ba:d8:e2:a3:b9:a2:c0:4c:f5:0b:4b:d8:b5:82:97:85

Digest Algorithm

sha256

PE Digest Matches

true

b1:5d:7f:98:eb:d8:b6:4d:5b:3e:6c:7d:1c:1f:5b:49:a8:45:cc:a6
Signer

Actual PE Digest

b1:5d:7f:98:eb:d8:b6:4d:5b:3e:6c:7d:1c:1f:5b:49:a8:45:cc:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringW
WritePrivateProfileStringW
MoveFileW
MultiByteToWideChar
WideCharToMultiByte
GetFileSize
GetTickCount
GetModuleFileNameW
GetCommandLineW
SetEnvironmentVariableW
GetTempPathW
SetErrorMode
GetCurrentProcess
ExitProcess
GetVersion
GetWindowsDirectoryW
CopyFileW
GetDiskFreeSpaceW
CreateThread
lstrlenA
GlobalUnlock
lstrcpynW
lstrlenW
CreateDirectoryW
CreateFileW
GetTempFileNameW
RemoveDirectoryW
WriteFile
GetLastError
CreateProcessW
GetSystemDirectoryW
GetModuleHandleA
GetProcAddress
lstrcmpiA
lstrcpyA
lstrcpyW
lstrcatW
MoveFileExW
lstrcmpiW
lstrcmpW
MulDiv
GlobalFree
GlobalAlloc
LoadLibraryExW
GetModuleHandleW
FreeLibrary
GetExitCodeProcess
Sleep
WaitForSingleObject
CloseHandle
SetFileTime
SetFilePointer
SetFileAttributesW
ReadFile
GetShortPathNameW
ExpandEnvironmentStringsW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CompareFileTime
SearchPathW
SetCurrentDirectoryW
GlobalLock

user32

EndDialog
CheckDlgButton
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
IsWindowEnabled
GetSystemMetrics
GetSystemMenu
CreatePopupMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
GetWindowRect
SetCursor
ScreenToClient
GetSysColor
GetWindowLongW
SetClassLongW
DialogBoxParamW
LoadCursorW
SystemParametersInfoW
wsprintfA
DispatchMessageW
PeekMessageW
SetDlgItemTextW
GetDlgItemTextW
CharNextA
CharPrevW
MessageBoxIndirectW
GetMessagePos
CharNextW
ExitWindowsEx
SetWindowTextW
SetTimer
CreateDialogParamW
DestroyWindow
LoadImageW
FindWindowExW
IsWindowVisible
SetWindowPos
CreateWindowExW
GetClassInfoW
RegisterClassW
LoadBitmapW
CallWindowProcW
SetWindowLongW
ReleaseDC
GetDC
SetForegroundWindow
EnableWindow
GetDlgItem
ShowWindow
IsWindow
PostQuitMessage
SendMessageTimeoutW
SendMessageW
wsprintfW
FillRect
GetClientRect
EndPaint
BeginPaint
DrawTextW
DefWindowProcW
InvalidateRect

gdi32

SetBkColor
GetDeviceCaps
SetTextColor
SetBkMode
SelectObject
DeleteObject
CreateFontIndirectW
CreateBrushIndirect

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
SHFileOperationW
ShellExecuteW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
SetFileSecurityW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW

comctl32

ImageList_Create
ImageList_Destroy
ord17
ImageList_AddMasked

ole32

OleInitialize
OleUninitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 352KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:6 windows x86 arch:x86

2ed77e01961352b9d2ff2119043404b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpW
lstrcpyW
lstrlenW
MulDiv
GlobalFree
GlobalAlloc
GetModuleHandleW
lstrcpynW

user32

SetDlgItemTextW
SendDlgItemMessageW
GetDC
SetWindowTextW
LoadIconW
EndDialog
ShowWindow
SendMessageW
DialogBoxParamW

gdi32

DeleteObject
GetDeviceCaps
CreateFontIndirectW

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 726B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LogEx.dll
.dll windows:5 windows x86 arch:x86

35b4571924ee07c8078f9b8e225cd69f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

o:\avx\pub\bin\Release\pdb\nanonsis.pdb

Imports

netapi32

NetApiBufferFree
NetUserEnum

psapi

EnumDeviceDrivers
GetDeviceDriverFileNameW
GetProcessMemoryInfo
EnumProcessModules
GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses
GetPerformanceInfo

mpr

WNetGetConnectionW
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

wldap32

ord50
ord41
ord22
ord27
ord32
ord60
ord211
ord46
ord143
ord33
ord45
ord35
ord79
ord30
ord200
ord301
ord26

gdiplus

GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHICON
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipAlloc

wintrust

CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
WinVerifyTrust
CryptCATAdminAcquireContext

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpGetDefaultProxyConfiguration
WinHttpGetProxyForUrl
WinHttpDetectAutoProxyConfigUrl
WinHttpCheckPlatform
WinHttpGetIEProxyConfigForCurrentUser

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSFreeMemory
WTSQueryUserToken
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
CM_Get_Child
CM_Get_Device_IDW
CM_Get_DevNode_Status
CM_Get_Device_ID_Size
CM_Get_Sibling
CM_Request_Device_EjectW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW

kernel32

EncodePointer
SwitchToThread
LCMapStringW
GetLocaleInfoW
CreateWaitableTimerA
GetStringTypeExW
LCMapStringA
GetUserDefaultLCID
Sleep
GetCurrentThreadId
ExitProcess
GetSystemTimeAsFileTime
GetTickCount
CreateSemaphoreA
ReleaseSemaphore
LoadLibraryW
GetProcAddress
CreateEventA
SetEvent
GetCurrentProcess
WaitForSingleObjectEx
CloseHandle
DuplicateHandle
GetProcessHeap
HeapAlloc
HeapFree
LocalFree
GetLastError
FindClose
RemoveDirectoryW
SetFileAttributesW
FindFirstFileExW
FindFirstFileW
FindNextFileW
CompareStringW
LoadLibraryA
GetModuleHandleA
HeapReAlloc
HeapDestroy
DecodePointer
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
HeapSize
RaiseException
PostQueuedCompletionStatus
SetErrorMode
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsFree
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
CreateEventW
GetCurrentThread
GetCurrentProcessId
WaitForSingleObject
WaitForMultipleObjects
VirtualAlloc
VirtualFree
OpenProcess
GetExitCodeProcess
SetUnhandledExceptionFilter
CreateThread
OpenThread
SetLastError
SuspendThread
ResumeThread
ReleaseMutex
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
CreateProcessW
CreateFileW
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetSystemInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetThreadPriority
GetThreadPriority
DeviceIoControl
GetCommandLineW
GetStringTypeExA
QueryDosDeviceW
GetComputerNameW
GetVersionExW
ProcessIdToSessionId
GetModuleHandleW
GetFileSizeEx
GetEnvironmentVariableW
GetDriveTypeW
GetTempPathW
CreateDirectoryW
GetFullPathNameW
GetFileAttributesW
DeleteFileW
CopyFileW
MoveFileExW
GetThreadTimes
QueryPerformanceCounter
QueryPerformanceFrequency
GetTimeZoneInformation
FreeLibrary
GetNativeSystemInfo
VerSetConditionMask
InterlockedCompareExchange
VirtualProtect
TerminateThread
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
ReadFile
FormatMessageW
TlsGetValue
TlsSetValue
SetWaitableTimer
VerifyVersionInfoW
GetFileAttributesExW
SleepEx
CreateWaitableTimerW
TerminateProcess
GetProcessId
WriteFile
SetHandleInformation
CreatePipe
PeekNamedPipe
WaitForMultipleObjectsEx
GetStdHandle
SetFilePointer
SetFilePointerEx
AllocConsole
FreeConsole
AttachConsole
OpenMutexW
OpenEventW
GetWindowsDirectoryW
GetVolumeInformationW
LockFileEx
UnlockFileEx
FlushFileBuffers
SetEndOfFile
GetFileTime
SetFileTime
OutputDebugStringW
OpenEventA
ResetEvent
GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeW
WaitNamedPipeW
CancelIo
DisconnectNamedPipe
SetNamedPipeHandleState
GetSystemDirectoryW
GetVolumePathNameW
GetFileType
GetShortPathNameW
GlobalAlloc
GlobalFree
GetDiskFreeSpaceExW
GetLogicalDrives
LocalAlloc
GetProcessTimes
GetProcessWorkingSetSize
SetProcessWorkingSetSize
ReadProcessMemory
CompareFileTime
GetPriorityClass
IsWow64Process
Process32FirstW
Process32NextW
VirtualQueryEx
GetFileSize
SetPriorityClass
GetSystemPowerStatus
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
Module32FirstW
Module32NextW
GlobalMemoryStatusEx
IsProcessorFeaturePresent
GetFileInformationByHandle
GetLongPathNameW
GetLogicalDriveStringsW
GetSystemTimes
DefineDosDeviceW
DebugBreak
InitializeCriticalSection
PulseEvent
CreateProcessA
GetFullPathNameA
GetCPInfo
IsDBCSLeadByte
FormatMessageA
ExpandEnvironmentStringsA
GetSystemDirectoryA
VerifyVersionInfoA
lstrcpynW
GetModuleHandleExW
SwitchToFiber
IsDebuggerPresent
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GlobalMemoryStatus
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTime
SystemTimeToFileTime
UnhandledExceptionFilter
InitializeSListHead
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
SetConsoleCtrlHandler
VirtualQuery
ExitThread
FreeLibraryAndExitThread
SetStdHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameA
GetConsoleCP
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetCurrentDirectoryW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetStringTypeW
GetCommandLineA
SetEnvironmentVariableA
WriteConsoleW
ExpandEnvironmentStringsW
DeleteFiber

user32

ReleaseDC
GetDC
UpdateWindow
SendMessageW
CallWindowProcW
PostQuitMessage
MsgWaitForMultipleObjects
GetParent
PostMessageW
MessageBoxW
GetMessageW
RedrawWindow
RegisterClassExW
CreateWindowExW
DestroyWindow
OpenDesktopW
OpenInputDesktop
EnumDesktopWindows
SwitchDesktop
GetKeyState
CloseDesktop
GetUserObjectInformationW
ExitWindowsEx
GetWindowPlacement
IsIconic
GetSystemMetrics
GetForegroundWindow
ValidateRect
GetClientRect
GetWindowLongW
SetWindowLongW
FindWindowExW
TranslateMessage
DispatchMessageW
DefWindowProcW
PeekMessageW
GetWindowRect
GetIconInfo
GetSysColor
SetSysColors
GetDesktopWindow
GetShellWindow
EnumWindows
LoadStringA
GetProcessWindowStation
wsprintfW
IsWindow
DestroyIcon
SetUserObjectSecurity
EnumThreadWindows
SetForegroundWindow
KillTimer
SetTimer
SystemParametersInfoW
GetClassNameW
GetWindowThreadProcessId
IsWindowVisible
LoadStringW

gdi32

GetBitmapBits
GetObjectW
DeleteObject

advapi32

OpenThreadToken
RegEnumValueW
GetTokenInformation
AdjustTokenPrivileges
LookupAccountSidW
LookupPrivilegeValueW
ImpersonateLoggedOnUser
RegQueryInfoKeyW
CreateProcessAsUserW
GetSecurityDescriptorDacl
AllocateAndInitializeSid
FreeSid
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetNamedSecurityInfoW
GetUserNameW
CheckTokenMembership
ConvertSidToStringSidW
DuplicateTokenEx
SetTokenInformation
SaferCreateLevel
SaferCloseLevel
SaferComputeTokenFromLevel
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
ImpersonateSelf
PrivilegeCheck
DecryptFileW
IsValidSid
EqualSid
GetSidLengthRequired
InitializeSid
OpenProcessToken
RevertToSelf
InitiateSystemShutdownExW
GetLengthSid
CopySid
InitializeAcl
GetAclInformation
AddAce
GetAce
GetNamedSecurityInfoW
RegOpenUserClassesRoot
RegOpenCurrentUser
RegDeleteValueW
ChangeServiceConfigW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
SetSecurityInfo
GetSecurityInfo
StartServiceW
QueryServiceStatusEx
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
RegEnumKeyExW

shell32

CommandLineToArgvW
SHGetFolderPathW
SHGetFolderPathAndSubDirW
ShellExecuteExW
SHChangeNotify
SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
StringFromGUID2
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateGuid

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

ws2_32

gethostbyname
getpeername
getsockopt
WSAIoctl
getaddrinfo
freeaddrinfo
recvfrom
sendto
shutdown
getnameinfo
socket
htons
htonl
ioctlsocket
closesocket
WSAGetLastError
WSACleanup
WSAStartup
send
select
recv
listen
getsockname
connect
bind
accept
__WSAFDIsSet
ntohs
inet_ntoa
WSCWriteProviderOrder
WSCInstallProvider
WSCDeinstallProvider
WSCEnumProtocols
WSCGetProviderPath
WSASocketW
WSASend
WSASetLastError
setsockopt
gethostname
ntohl

shlwapi

ord437
SHDeleteKeyW
SHCreateStreamOnFileEx
StrRetToStrW
PathCombineW
PathIsFileSpecW
PathIsUNCW
PathGetDriveNumberW

userenv

ExpandEnvironmentStringsForUserW
CreateEnvironmentBlock
GetProfilesDirectoryW
DestroyEnvironmentBlock
UnloadUserProfile

pdh

PdhGetFormattedCounterValue
PdhCloseQuery
PdhCollectQueryData
PdhOpenQueryW

Exports

Exports

ActivateAvx
CheckInstalled
CheckNanolsp
CheckNanosvcConnection
Clean
Close
ClosePackage
DataPacket
DownloadFile
DownloadFileStrict
EnumerateYandex
ExecDropUac
Exit
ExtractPackageAuto
ExtractPackageFile
ExtractStaFiles
ExtractZipFile
FindAnotherAvx
GetAntivirusInfo
GetLastStatus
Init
LogInfo
OpenPackage
PostConfig
PostInstall
PreInit
ProxySetup
QueryStatus
Refresh
RegexMath
RegisterFunction
Rem
RemoveAllLinks
RemoveLsp
RemoveMsc
Reset
RunAction
StrFunc
UpdateConfig
UserAbort
ValidateFile
VersionCheck
Write
WriteUsbInfo
ap2t
dc
show
stop

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 228KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 354KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:6 windows x86 arch:x86

127a02894b36e3dd18bd638b1758f9f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalSize
GlobalFree
lstrcpynW
lstrcpyW
VirtualAlloc
VirtualFree
VirtualProtect
FreeLibrary
GetModuleHandleW
GetProcAddress
lstrlenW
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 910B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/free-vs-pro-en.bmp
$PLUGINSDIR/free-vs-pro-ru.bmp
$PLUGINSDIR/help-en.html
.html
$PLUGINSDIR/help-ru.html
.html
$PLUGINSDIR/linker.dll
.dll windows:5 windows x86 arch:x86

a0eaa72880e9223bdb51db01eccc0f1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

LoadCursorW
CreateCursor
GetFocus
DrawTextW
BeginPaint
GetWindowRect
SetCursor
ClientToScreen
GetClientRect
PtInRect
GetDC
DrawFocusRect
InvalidateRect
GetWindowLongW
ReleaseDC
SetWindowLongW
DestroyCursor
EndPaint
SetFocus
SetWindowPos
IsWindow
ReleaseCapture
SendMessageW
UpdateWindow
CallWindowProcW
SetCapture

gdi32

GetObjectW
SelectObject
DeleteObject
SetBkMode
CreateFontIndirectW
SetTextColor
GetStockObject

shell32

ShellExecuteW

kernel32

lstrcpynW
GlobalFree
lstrcpyW
GlobalAlloc
GetModuleHandleW

Exports

Exports

Link
Unload

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 278B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nanoreport.exe
.exe windows:5 windows x86 arch:x86

86a5d0e10e16c53f3c5fd77f73f9c9e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

o:\avx\pub\bin\Release\pdb\nanoreport.pdb

Imports

comctl32

CreateStatusWindowW
ord17

psapi

GetPerformanceInfo

wtsapi32

WTSQueryUserToken

kernel32

SetEvent
HeapReAlloc
DecodePointer
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
HeapSize
RaiseException
PostQueuedCompletionStatus
SetErrorMode
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsFree
TerminateProcess
ReadFile
SetHandleInformation
CreatePipe
PeekNamedPipe
CreateProcessW
MultiByteToWideChar
WideCharToMultiByte
GetSystemInfo
GetCurrentThread
GetCurrentProcess
GetCurrentProcessId
WaitForSingleObjectEx
LocalFree
OpenProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
OpenThread
SetThreadPriority
DeviceIoControl
GetCommandLineW
QueryDosDeviceW
GetComputerNameW
GetVersionExW
ProcessIdToSessionId
GetTickCount
GetModuleHandleW
GetFileSizeEx
FindClose
GetEnvironmentVariableW
GetDriveTypeW
CreateDirectoryW
RemoveDirectoryW
GetFullPathNameW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileExW
FindNextFileW
CopyFileW
MoveFileExW
CreateEventW
WaitForMultipleObjects
VirtualAlloc
VirtualFree
SetUnhandledExceptionFilter
CreateThread
SetLastError
ResumeThread
ReleaseMutex
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
WTSGetActiveConsoleSessionId
CreateSemaphoreA
ReleaseSemaphore
DuplicateHandle
GetTempFileNameW
GetModuleHandleA
QueryPerformanceFrequency
GetTimeZoneInformation
GetNativeSystemInfo
VerSetConditionMask
InterlockedCompareExchange
VirtualProtect
TerminateThread
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
FormatMessageW
TlsGetValue
TlsSetValue
SetWaitableTimer
VerifyVersionInfoW
GetFileAttributesExW
FindFirstFileW
SleepEx
CreateWaitableTimerW
GetProcessId
GetSystemTimeAsFileTime
WaitForMultipleObjectsEx
GetStdHandle
SetFilePointerEx
AllocConsole
FreeConsole
AttachConsole
OpenMutexW
OpenEventW
GetWindowsDirectoryW
GetVolumeInformationW
LockFileEx
UnlockFileEx
FlushFileBuffers
SetEndOfFile
GetFileTime
SetFileTime
OutputDebugStringW
ReadConsoleW
GetConsoleMode
GetConsoleCP
SetStdHandle
GetCurrentDirectoryW
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
VirtualQuery
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileType
SetConsoleCtrlHandler
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
IsDebuggerPresent
GetStringTypeExA
GetUserDefaultLCID
LCMapStringA
GetStringTypeExW
FormatMessageA
SystemTimeToFileTime
CreateWaitableTimerA
OpenEventA
ResetEvent
GetCPInfo
LoadLibraryA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CopyFileExA
GetUserDefaultUILanguage
CreateFileW
QueryPerformanceCounter
GetTempPathW
SetFilePointer
WriteFile
GetLastError
GetExitCodeProcess
ExitProcess
HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
WaitForSingleObject
Sleep
GetCurrentThreadId
CreateEventA
FreeLibrary
GetProcAddress
GetModuleFileNameW
LoadLibraryW
GetSystemTime
IsValidCodePage
GetOEMCP
GetCommandLineA
SetEnvironmentVariableA
SetDllDirectoryW
GetThreadTimes
GetLocaleInfoW
LCMapStringW
CompareStringW
SwitchToThread
EncodePointer
GetStringTypeW
WriteConsoleW

user32

SetWindowPos
GetDlgItem
SetDlgItemTextW
GetDlgItemTextA
EndDialog
DialogBoxParamW
ShowWindow
CreateWindowExW
CallWindowProcW
SendMessageW
IsIconic
GetDlgItemTextW
GetMonitorInfoW
MonitorFromPoint
SystemParametersInfoW
LoadStringW
LoadStringA
LoadIconW
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
GetClassNameW
EnumWindows
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBeep
MessageBoxW
GetWindowRect
GetClientRect
GetDC
AllowSetForegroundWindow
SetForegroundWindow
SetActiveWindow
DrawTextExW
EnableWindow
KillTimer
SetTimer
GetKeyState

gdi32

SaveDC
RestoreDC
DeleteDC
CreateCompatibleDC
SelectObject

comdlg32

GetSaveFileNameA

advapi32

FreeSid
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
SaferComputeTokenFromLevel
SaferCloseLevel
SaferCreateLevel
SetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
ImpersonateLoggedOnUser
GetUserNameW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
OpenThreadToken
OpenProcessToken
RevertToSelf
CheckTokenMembership

shell32

CommandLineToArgvW
SHGetFolderPathW
SHCreateDirectoryExW
SHGetFolderPathAndSubDirW
ShellExecuteExW

ole32

StringFromGUID2
CoCreateGuid
CoCreateInstance
CoInitialize

ws2_32

WSACleanup
WSAStartup

shlwapi

PathGetDriveNumberW
ord437

userenv

UnloadUserProfile
DestroyEnvironmentBlock
CreateEnvironmentBlock

Exports

Exports

GetExtension
GetNanoCtx

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nanoreportc.exe
.exe windows:5 windows x86 arch:x86

97954377570225fce3dd0eaca0882e25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

o:\avx\pub\bin\Release\pdb\nanoreportc.pdb

Imports

psapi

GetModuleBaseNameW
GetModuleFileNameExW
EnumDeviceDrivers
GetDeviceDriverFileNameW
GetProcessMemoryInfo
GetProcessImageFileNameW
EnumProcesses
GetPerformanceInfo
EnumProcessModules

netapi32

NetUserEnum
NetUserGetLocalGroups
NetApiBufferFree

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetGetConnectionW

userenv

DestroyEnvironmentBlock
UnloadUserProfile
ExpandEnvironmentStringsForUserW
CreateEnvironmentBlock

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord143

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpDetectAutoProxyConfigUrl
WinHttpCheckPlatform
WinHttpGetDefaultProxyConfiguration
WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpOpen

wininet

InternetOpenW
InternetCloseHandle
InternetConnectW

ws2_32

WSCGetProviderPath
WSCEnumProtocols
WSCDeinstallProvider
WSASend
WSASetLastError
setsockopt
ntohl
htons
htonl
WSAStartup
WSCInstallProvider
WSCWriteProviderOrder
__WSAFDIsSet
gethostname
sendto
recvfrom
bind
freeaddrinfo
getaddrinfo
WSACleanup
WSAGetLastError
closesocket
WSASocketW
accept
WSAIoctl
connect
getnameinfo
getsockname
inet_ntoa
listen
ntohs
recv
select
send
shutdown
socket
ioctlsocket
gethostbyname
getpeername
getsockopt

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

gdiplus

GdipCreateBitmapFromScan0
GdipSaveImageToStream
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipGetImageEncodersSize
GdipCreateBitmapFromHICON
GdipGetImageEncoders
GdipAlloc
GdipCloneImage

wtsapi32

WTSUnRegisterSessionNotification
WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSRegisterSessionNotification

setupapi

CM_Get_Sibling
CM_Request_Device_EjectW
SetupDiGetClassDevsW
CM_Get_DevNode_Status
CM_Get_Device_ID_Size
CM_Get_Device_IDW
CM_Get_Child
SetupDiEnumDeviceInterfaces
SetupDiGetClassImageIndex
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInterfaceW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDescriptionW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassImageList

kernel32

GetSystemDirectoryA
VerifyVersionInfoA
GetModuleHandleExW
GetStringTypeW
EncodePointer
SwitchToThread
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
CreateWaitableTimerA
GetStringTypeExW
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
IsDebuggerPresent
UnhandledExceptionFilter
InitializeSListHead
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
VirtualQuery
SetConsoleCtrlHandler
ExitThread
FreeLibraryAndExitThread
SetStdHandle
GetCommandLineA
GetACP
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
SwitchToFiber
DeleteFiber
GetOEMCP
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GlobalMemoryStatus
SetEnvironmentVariableA
SetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
WriteConsoleW
ReadConsoleW
ExpandEnvironmentStringsA
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
LoadLibraryA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetSystemInfo
GetNativeSystemInfo
Sleep
GetCurrentProcess
GetCurrentProcessId
CloseHandle
InterlockedDecrement
GlobalFree
GlobalMemoryStatusEx
LocalAlloc
LocalFree
OpenProcess
OpenThread
GetThreadPriorityBoost
GetThreadTimes
GetThreadIOPendingFlag
GetLastError
SetErrorMode
ReadProcessMemory
ReadFile
SetFilePointer
FindClose
GetFileTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
ExpandEnvironmentStringsW
GetWindowsDirectoryW
GetDllDirectoryW
CreateFileW
FindFirstFileW
FindNextFileW
QueryPerformanceCounter
QueryPerformanceFrequency
GetVersionExW
IsWow64Process
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
LoadLibraryExW
FreeLibrary
GlobalAlloc
FormatMessageW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
CreateSemaphoreA
ReleaseSemaphore
LoadLibraryW
CreateEventA
SetEvent
GetCurrentThread
GetCurrentThreadId
WaitForSingleObjectEx
WaitForSingleObject
WaitForMultipleObjectsEx
DuplicateHandle
GetProcessHeap
HeapAlloc
HeapFree
GetProcessTimes
GetStdHandle
WriteFile
GetLogicalDriveStringsW
CreateProcessW
GetTempPathW
SetDllDirectoryW
QueryDosDeviceW
GetUserDefaultUILanguage
AttachConsole
HeapReAlloc
HeapDestroy
DecodePointer
InterlockedIncrement
InterlockedExchange
InterlockedExchangeAdd
HeapSize
RaiseException
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsFree
GetFileSize
GetFileAttributesW
CopyFileW
MultiByteToWideChar
SetFileTime
GetCurrentDirectoryW
CreateDirectoryW
GetFileInformationByHandle
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
DeviceIoControl
GetVolumePathNameW
GetFileType
CreateEventW
GetFileAttributesExW
FindFirstFileExW
GetShortPathNameW
SleepEx
SetLastError
TlsGetValue
CreateWaitableTimerW
SetWaitableTimer
GetVolumeInformationW
GetDiskFreeSpaceExW
SetFilePointerEx
GetLogicalDrives
OpenEventW
ResetEvent
WaitForMultipleObjects
GetProcessWorkingSetSize
SetProcessWorkingSetSize
TerminateProcess
GetThreadPriority
SuspendThread
ResumeThread
CompareFileTime
GetPriorityClass
ProcessIdToSessionId
VirtualQueryEx
SetThreadPriority
GetDriveTypeW
SetPriorityClass
GetSystemPowerStatus
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
WTSGetActiveConsoleSessionId
Module32FirstW
Module32NextW
OpenEventA
IsProcessorFeaturePresent
GetFileSizeEx
FormatMessageA
SetFileAttributesW
DeleteFileW
MoveFileExW
GetEnvironmentVariableW
GetLongPathNameW
GetSystemTimes
DefineDosDeviceW
GetModuleFileNameW
RemoveDirectoryW
GetFullPathNameW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineW
GetComputerNameW
VirtualAlloc
VirtualFree
GetExitCodeProcess
SetUnhandledExceptionFilter
CreateThread
ReleaseMutex
CreateMutexW
VerSetConditionMask
InterlockedCompareExchange
VirtualProtect
TerminateThread
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
TlsSetValue
VerifyVersionInfoW
GetProcessId
SetHandleInformation
CreatePipe
PeekNamedPipe
AllocConsole
FreeConsole
OpenMutexW
ExitProcess
LockFileEx
UnlockFileEx
FlushFileBuffers
OutputDebugStringW
InitializeCriticalSection
PulseEvent
CreateProcessA
GetFullPathNameA
SetEndOfFile

user32

SetTimer
SystemParametersInfoW
GetWindowThreadProcessId
GetClassNameW
EnumWindows
GetShellWindow
GetParent
GetWindowLongW
SetSysColors
GetSysColor
GetWindowRect
GetForegroundWindow
MsgWaitForMultipleObjects
MessageBoxW
IsWindowVisible
GetWindowPlacement
ExitWindowsEx
PeekMessageW
GetUserObjectInformationW
CloseDesktop
LoadStringA
SwitchDesktop
EnumDesktopWindows
OpenInputDesktop
OpenDesktopW
DestroyWindow
CreateWindowExW
KillTimer
LoadStringW
IsWindow
GetProcessWindowStation
GetKeyState
GetIconInfo
DestroyIcon
SetUserObjectSecurity
EnumThreadWindows
IsIconic
RegisterClassExW
SetForegroundWindow
PostQuitMessage
DefWindowProcW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetDesktopWindow
SendMessageW
GetSystemMetrics

gdi32

GetBitmapBits
GetObjectW
DeleteObject

advapi32

CheckTokenMembership
CreateServiceW
DeleteService
OpenProcessToken
LookupAccountNameW
RegCloseKey
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
CloseServiceHandle
EnumServicesStatusW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
ConvertSidToStringSidW
BackupEventLogW
CloseEventLog
OpenEventLogW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
ImpersonateSelf
RevertToSelf
OpenThreadToken
GetTokenInformation
AdjustTokenPrivileges
PrivilegeCheck
LookupAccountSidW
LookupPrivilegeValueW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetNamedSecurityInfoW
BuildTrusteeWithNameW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
ImpersonateLoggedOnUser
DecryptFileW
IsValidSid
EqualSid
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetLengthSid
CopySid
InitializeAcl
GetAclInformation
AddAce
GetAce
SetNamedSecurityInfoW
RegOpenUserClassesRoot
RegOpenCurrentUser
RegDeleteValueW
InitiateSystemShutdownExW
ChangeServiceConfigW
ChangeServiceConfig2W
QueryServiceStatusEx
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SaferComputeTokenFromLevel
SaferCloseLevel
SaferCreateLevel
SetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
StartServiceW
GetUserNameW
SetSecurityInfo
GetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
AllocateAndInitializeSid
ControlService

shell32

SHChangeNotify
SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
CommandLineToArgvW
SHCreateDirectoryExW
SHGetFolderPathAndSubDirW
SHGetFolderPathW
ShellExecuteExW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CreateStreamOnHGlobal
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoCreateGuid
CoUninitialize

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

shlwapi

PathGetDriveNumberW
SHDeleteKeyW
SHCreateStreamOnFileEx
StrRetToStrW
PathCombineW
PathIsFileSpecW
PathIsUNCW
ord437
SHGetValueW

pdh

PdhCollectQueryData
PdhCloseQuery
PdhGetFormattedCounterValue
PdhOpenQueryW

Exports

Exports

GetExtension
GetNanoCtx

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nanoreportc64.exe
.exe windows:5 windows x64 arch:x64

27a04bd29bf130a2e5618a927f323770

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

o:\avx\pub\bin\Release\pdb\nanoreportc64.pdb

Imports

psapi

GetPerformanceInfo
EnumProcesses
GetProcessImageFileNameW
GetProcessMemoryInfo
GetDeviceDriverFileNameW
EnumDeviceDrivers
GetModuleFileNameExW
GetModuleBaseNameW
EnumProcessModules

netapi32

NetUserEnum
NetUserGetLocalGroups
NetApiBufferFree

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetGetConnectionW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
ExpandEnvironmentStringsForUserW
UnloadUserProfile

wintrust

CryptCATAdminReleaseContext
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseCatalogContext

ws2_32

WSAStartup
closesocket
ioctlsocket
htonl
htons
ntohl
setsockopt
WSAGetLastError
WSACleanup
WSASetLastError
WSCWriteProviderOrder32
WSCWriteProviderOrder
WSCInstallProvider64_32
WSCInstallProvider
WSCDeinstallProvider32
WSCDeinstallProvider
WSCEnumProtocols
WSCGetProviderPath
WSASend
WSASocketW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

gdiplus

GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDisposeImage
GdipSaveImageToStream
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHICON
GdipCreateBitmapFromScan0

setupapi

SetupDiGetDeviceInstanceIdW
SetupDiGetClassImageList
CM_Request_Device_EjectW
CM_Get_Sibling
CM_Get_DevNode_Status
CM_Get_Device_ID_Size
CM_Get_Device_IDW
CM_Get_Child
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDescriptionW
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiCreateDeviceInterfaceW
SetupDiDestroyDeviceInfoList
SetupDiGetClassImageIndex
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces

wtsapi32

WTSQueryUserToken
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification
WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW

kernel32

GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
CreateWaitableTimerA
FormatMessageA
GetStringTypeExW
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
IsDebuggerPresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
LoadLibraryA
GetModuleHandleA
LoadLibraryW
GetModuleHandleW
GetProcAddress
FreeLibrary
GetSystemInfo
GetNativeSystemInfo
GetCurrentProcess
GetCurrentProcessId
CloseHandle
GlobalMemoryStatusEx
LocalAlloc
LocalFree
OpenProcess
OpenThread
GetThreadPriorityBoost
GetThreadTimes
GetThreadIOPendingFlag
GetLastError
SetErrorMode
ReadProcessMemory
ReadFile
SetFilePointer
FindClose
GetFileTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
ExpandEnvironmentStringsW
GetWindowsDirectoryW
GetDllDirectoryW
CreateFileW
FindFirstFileW
FindNextFileW
GetVersionExW
IsWow64Process
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
LoadLibraryExW
GlobalAlloc
GlobalFree
FormatMessageW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
CreateSemaphoreA
ReleaseSemaphore
CreateEventA
SetEvent
GetCurrentThread
GetCurrentThreadId
WaitForSingleObjectEx
WaitForSingleObject
WaitForMultipleObjectsEx
DuplicateHandle
GetProcessHeap
HeapAlloc
HeapFree
GetProcessTimes
UnhandledExceptionFilter
WriteFile
GetLogicalDriveStringsW
CreateProcessW
GetTempPathW
SetDllDirectoryW
QueryDosDeviceW
GetUserDefaultUILanguage
AttachConsole
HeapReAlloc
HeapDestroy
DecodePointer
HeapSize
RaiseException
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsFree
GetFileSize
GetFileAttributesW
CopyFileW
MultiByteToWideChar
SetFileTime
GetCurrentDirectoryW
CreateDirectoryW
GetFileInformationByHandle
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetShortPathNameW
CreateEventW
SleepEx
SetLastError
SwitchToThread
CreateWaitableTimerW
SetWaitableTimer
GetVolumeInformationW
GetDiskFreeSpaceExW
SetFilePointerEx
GetLogicalDrives
OpenEventW
ResetEvent
WaitForMultipleObjects
GetProcessWorkingSetSize
SetProcessWorkingSetSize
TerminateProcess
GetThreadPriority
SuspendThread
ResumeThread
CompareFileTime
GetPriorityClass
ProcessIdToSessionId
Sleep
VirtualQueryEx
SetThreadPriority
DeviceIoControl
GetDriveTypeW
SetPriorityClass
GetSystemPowerStatus
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
WTSGetActiveConsoleSessionId
Module32FirstW
Module32NextW
OpenEventA
IsProcessorFeaturePresent
GetVolumePathNameW
GetFileType
GetFileAttributesExW
FindFirstFileExW
GetSystemTimes
GetFileSizeEx
SetEndOfFile
SetFileAttributesW
DeleteFileW
MoveFileExW
DefineDosDeviceW
GetEnvironmentVariableW
GetLongPathNameW
GetModuleFileNameW
RemoveDirectoryW
GetFullPathNameW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineW
GetComputerNameW
VirtualAlloc
VirtualFree
GetExitCodeProcess
SetUnhandledExceptionFilter
GetStartupInfoW
ReleaseMutex
CreateMutexW
QueryPerformanceCounter
QueryPerformanceFrequency
VerSetConditionMask
VirtualProtect
TerminateThread
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
TlsSetValue
VerifyVersionInfoW
GetProcessId
SetHandleInformation
CreatePipe
PeekNamedPipe
AllocConsole
FreeConsole
OpenMutexW
ExitProcess
LockFileEx
UnlockFileEx
FlushFileBuffers
OutputDebugStringW
InitializeSListHead
RtlUnwindEx
VirtualQuery
SetConsoleCtrlHandler
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetCommandLineA
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
SetStdHandle
ReadConsoleW
IsValidCodePage
GetOEMCP
SetEnvironmentVariableA
SetEnvironmentVariableW
EncodePointer
WriteConsoleW
RtlPcToFileHeader
GetStringTypeW
TlsGetValue
GetStdHandle
CreateThread

user32

SetForegroundWindow
EnumThreadWindows
SetTimer
LoadStringA
MessageBoxW
DestroyIcon
GetIconInfo
LoadStringW
SendMessageW
GetDesktopWindow
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
DefWindowProcW
PostQuitMessage
RegisterClassExW
CreateWindowExW
DestroyWindow
OpenDesktopW
OpenInputDesktop
EnumDesktopWindows
SwitchDesktop
CloseDesktop
SetUserObjectSecurity
GetUserObjectInformationW
PeekMessageW
ExitWindowsEx
GetWindowPlacement
IsWindowVisible
IsIconic
MsgWaitForMultipleObjects
GetForegroundWindow
GetWindowRect
GetSysColor
SetSysColors
GetWindowLongW
GetKeyState
GetSystemMetrics
GetWindowLongPtrW
GetParent
GetShellWindow
EnumWindows
GetClassNameW
GetWindowThreadProcessId
SystemParametersInfoW
KillTimer
IsWindow

gdi32

GetBitmapBits
DeleteObject
GetObjectW

advapi32

OpenProcessToken
OpenEventLogW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
ImpersonateSelf
LookupAccountNameW
RegCloseKey
RevertToSelf
OpenThreadToken
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
CloseServiceHandle
GetTokenInformation
EnumServicesStatusW
OpenSCManagerW
AdjustTokenPrivileges
PrivilegeCheck
LookupAccountSidW
LookupPrivilegeValueW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetNamedSecurityInfoW
BuildTrusteeWithNameW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
DecryptFileW
IsValidSid
EqualSid
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetLengthSid
CopySid
InitializeAcl
GetAclInformation
AddAce
GetAce
SetNamedSecurityInfoW
ImpersonateLoggedOnUser
RegOpenUserClassesRoot
RegOpenCurrentUser
CloseEventLog
BackupEventLogW
RegDeleteValueW
InitiateSystemShutdownExW
ChangeServiceConfigW
ChangeServiceConfig2W
ControlService
CreateServiceW
DeleteService
QueryServiceStatusEx
StartServiceW
AllocateAndInitializeSid
FreeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityInfo
SetSecurityInfo
GetUserNameW
CheckTokenMembership
CreateProcessAsUserW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
ConvertSidToStringSidW
DuplicateTokenEx
SaferComputeTokenFromLevel
SaferCloseLevel
SaferCreateLevel
SetTokenInformation

shell32

SHGetFolderPathW
SHChangeNotify
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
CommandLineToArgvW
SHCreateDirectoryExW
ShellExecuteExW
SHGetFolderPathAndSubDirW
SHGetFileInfoW

ole32

StringFromGUID2
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemFree
CoCreateGuid
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

shlwapi

SHDeleteKeyW
SHGetValueW
ord437
PathIsUNCW
PathIsFileSpecW
PathCombineW
StrRetToStrW
SHCreateStreamOnFileEx
PathGetDriveNumberW

pdh

PdhGetFormattedCounterValue
PdhCloseQuery
PdhCollectQueryData
PdhOpenQueryW

Exports

Exports

GetExtension
GetNanoCtx

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:6 windows x86 arch:x86

0be17d9c7e14b81db1cd743c7f16bd3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
MulDiv
GlobalFree
lstrcpynW
lstrcpyW
lstrcmpiW
GetFileAttributesW
GetCurrentDirectoryW
GlobalAlloc
SetCurrentDirectoryW

user32

CreateWindowExW
IsWindow
DestroyWindow
ShowWindow
GetMessageW
CreateDialogParamW
GetDlgItem
SetTimer
KillTimer
DrawTextW
SetPropW
GetPropW
RemovePropW
CallWindowProcW
GetWindowRect
SetCursor
MapWindowPoints
GetSysColor
DrawFocusRect
GetWindowLongW
SetWindowLongW
LoadCursorW
IsDialogMessageW
wsprintfW
MapDialogRect
GetClientRect
DispatchMessageW
GetWindowTextW
TranslateMessage
CharPrevW
CharNextW
SendMessageW
SetWindowPos

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/yandex_toolbar.bmp
bin/license.key
bin/nanoflt.sys
.sys windows:6 windows x86 arch:x86

08d51a3f5008d8517fa3828e68809dc5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

o:\avx\pub\bin\Release\pdb\nanoflt.pdb

Imports

fltmgr.sys

FltCreateFile
FltClose
FltGetRoutineAddress
FltAllocateContext
FltSetStreamContext
FltSetStreamHandleContext
FltGetStreamContext
FltGetStreamHandleContext
FltReleaseContext
FltDoCompletionProcessingWhenSafe
FltRegisterFilter
FltUnregisterFilter
FltStartFiltering
FltGetFileNameInformation
FltReleaseFileNameInformation
FltParseFileName
FltGetDestinationFileNameInformation
FltQueryInformationFile
FltCancelFileOpen
FltSetInstanceContext
FltDeleteStreamHandleContext
FltGetInstanceContext
FltGetVolumeProperties
FltCreateCommunicationPort
FltCloseCommunicationPort
FltCloseClientPort
FltSendMessage
FltBuildDefaultSecurityDescriptor
FltFreeSecurityDescriptor
FltGetRequestorProcessId

ntoskrnl.exe

RtlGetVersion
KeQuerySystemTime
ExAllocatePoolWithTag
ExFreePoolWithTag
ExSystemTimeToLocalTime
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
ZwOpenKey
RtlEqualString
PsGetCurrentThreadId
memcpy
memset
RtlTimeToTimeFields
KeClearEvent
KeSetEvent
KeWaitForMultipleObjects
KeWaitForSingleObject
PsCreateSystemThread
PsTerminateSystemThread
ZwCreateFile
ZwOpenFile
ZwWriteFile
ZwDeleteFile
ZwQueryDirectoryFile
_vsnprintf
_vsnwprintf
memmove
RtlCompareMemory
wcsncmp
ZwQueryInformationFile
ZwReadFile
RtlPrefixUnicodeString
IoFileObjectType
RtlUpcaseUnicodeChar
RtlEqualUnicodeString
ZwOpenProcess
wcsrchr
KeDelayExecutionThread
InterlockedPopEntrySList
InterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
IoAllocateErrorLogEntry
IoGetStackLimits
IoGetTopLevelIrp
IoWriteErrorLogEntry
ZwQueryValueKey
ZwSetValueKey
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
PsSetCreateProcessNotifyRoutine
PsGetCurrentProcessId
ZwDuplicateObject
_allmul
ExAllocatePoolWithQuotaTag
PsGetVersion
RtlImageDirectoryEntryToData
ZwQuerySystemInformation
KeBugCheckEx
RtlUnwind
DbgPrintEx
MmGetSystemRoutineAddress
RtlInitUnicodeString
RtlInitString
strrchr
KeInitializeEvent

hal

ExReleaseFastMutex
ExAcquireFastMutex
KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 798B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/nanoflt64.sys
.sys windows:6 windows x64 arch:x64

6972661e1fd1f051da8ddd3825bc5a5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

o:\avx\pub\bin\Release\pdb\nanoflt64.pdb

Imports

fltmgr.sys

FltCreateFile
FltClose
FltGetRoutineAddress
FltAllocateContext
FltSetStreamContext
FltSetStreamHandleContext
FltGetStreamContext
FltGetStreamHandleContext
FltReleaseContext
FltDoCompletionProcessingWhenSafe
FltRegisterFilter
FltUnregisterFilter
FltStartFiltering
FltGetFileNameInformation
FltReleaseFileNameInformation
FltParseFileName
FltGetDestinationFileNameInformation
FltQueryInformationFile
FltCancelFileOpen
FltSetInstanceContext
FltDeleteStreamHandleContext
FltGetInstanceContext
FltGetVolumeProperties
FltCreateCommunicationPort
FltCloseCommunicationPort
FltCloseClientPort
FltSendMessage
FltBuildDefaultSecurityDescriptor
FltFreeSecurityDescriptor
FltGetRequestorProcessId

ntoskrnl.exe

strrchr
RtlInitString
RtlInitUnicodeString
MmGetSystemRoutineAddress
DbgPrintEx
RtlTimeToTimeFields
RtlGetVersion
ExAllocatePoolWithTag
ExFreePoolWithTag
ExSystemTimeToLocalTime
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
ZwOpenKey
RtlEqualString
PsGetCurrentThreadId
__C_specific_handler
KeInitializeEvent
KeClearEvent
KeSetEvent
KeWaitForMultipleObjects
KeWaitForSingleObject
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
PsCreateSystemThread
PsTerminateSystemThread
ZwCreateFile
ZwOpenFile
ZwWriteFile
ZwDeleteFile
ZwQueryDirectoryFile
_vsnprintf
_vsnwprintf
RtlCompareMemory
strcmp
wcsncmp
ZwQueryInformationFile
ZwReadFile
RtlPrefixUnicodeString
IoFileObjectType
RtlUpcaseUnicodeChar
RtlEqualUnicodeString
ZwOpenProcess
wcsrchr
KeDelayExecutionThread
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
IoAllocateErrorLogEntry
IoGetStackLimits
IoGetTopLevelIrp
IoWriteErrorLogEntry
ZwQueryValueKey
ZwSetValueKey
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
PsSetCreateProcessNotifyRoutine
PsGetCurrentProcessId
ZwDuplicateObject
ExAllocatePoolWithQuotaTag
PsGetVersion
RtlImageDirectoryEntryToData
ZwQuerySystemInformation
KeBugCheckEx

Sections

.text
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/nanokrn.sys
.sys windows:6 windows x86 arch:x86

65017e466c160808c98da27eb9438d74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

o:\avx\pub\bin\Release\pdb\nanokrn.pdb

Imports

ntoskrnl.exe

KeQuerySystemTime
ExAllocatePoolWithTag
ExFreePoolWithTag
ExSystemTimeToLocalTime
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
ObfDereferenceObject
ZwCreateFile
ZwOpenFile
ZwWriteFile
ZwClose
PsGetCurrentThreadId
ZwDeleteFile
ZwQueryDirectoryFile
_vsnprintf
_vsnwprintf
memcpy
memset
strrchr
RtlInitString
MmGetSystemRoutineAddress
RtlGetVersion
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
IoAllocateMdl
IoFreeMdl
ZwOpenKey
RtlEqualString
MmIsAddressValid
MmUserProbeAddress
NtBuildNumber
wcsncmp
RtlCompareMemory
ZwQueryInformationFile
ZwReadFile
RtlPrefixUnicodeString
_allmul
IoAllocateIrp
IoBuildDeviceIoControlRequest
IofCallDriver
IoFreeIrp
IoGetDeviceObjectPointer
IoGetDeviceAttachmentBaseRef
RtlEqualUnicodeString
ObfReferenceObject
IoDriverObjectType
ObOpenObjectByName
_stricmp
ProbeForRead
CmRegisterCallback
CmUnRegisterCallback
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
PsSetCreateProcessNotifyRoutine
PsGetCurrentProcessId
PsGetProcessId
PsGetThreadProcessId
PsLookupThreadByThreadId
PsProcessType
PsThreadType
KeServiceDescriptorTable
memmove
KeWaitForSingleObject
RtlAppendUnicodeStringToString
KeInitializeMutex
KeReleaseMutex
KeDelayExecutionThread
IoAllocateErrorLogEntry
IoBuildSynchronousFsdRequest
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoInitializeRemoveLockEx
IoReleaseRemoveLockAndWaitEx
IoWriteErrorLogEntry
ObReferenceObjectByPointer
ZwQueryValueKey
ZwSetValueKey
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
ZwOpenProcess
KeAttachProcess
KeDetachProcess
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ObQueryNameString
ZwDuplicateObject
IoFileObjectType
MmHighestUserAddress
MmSystemRangeStart
PsGetProcessPeb
RtlMapGenericMask
RtlUnwind
ObOpenObjectByPointer
IoDeviceObjectType
IoCreateDevice
ZwSetSecurityObject
RtlGetOwnerSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetSaclSecurityDescriptor
SeCaptureSecurityDescriptor
RtlLengthSecurityDescriptor
_snwprintf
RtlCreateSecurityDescriptor
RtlLengthSid
SeExports
IoIsWdmVersionAvailable
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
_wcsnicmp
wcschr
RtlFreeUnicodeString
ZwCreateKey
ExAllocatePoolWithQuotaTag
PsGetVersion
RtlImageDirectoryEntryToData
ZwQuerySystemInformation
KeBugCheckEx
KeWaitForMultipleObjects
KeSetEvent
KeClearEvent
KeInitializeEvent
RtlTimeToTimeFields
DbgPrintEx
wcsrchr
RtlInitUnicodeString

hal

KfLowerIrql
ExReleaseFastMutex
ExAcquireFastMutex
KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/nanokrn64.sys
.sys windows:6 windows x64 arch:x64

9dfcf2c27b978373329cebfd76dde818

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

o:\avx\pub\bin\Release\pdb\nanokrn64.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
DbgPrintEx
RtlTimeToTimeFields
KeInitializeEvent
KeClearEvent
KeSetEvent
KeWaitForMultipleObjects
KeWaitForSingleObject
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ExAllocatePoolWithTag
ExFreePoolWithTag
ExAcquireFastMutex
ExReleaseFastMutex
ExSystemTimeToLocalTime
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
ObfDereferenceObject
ZwCreateFile
ZwOpenFile
ZwWriteFile
ZwClose
PsGetCurrentThreadId
ZwDeleteFile
ZwQueryDirectoryFile
_vsnprintf
_vsnwprintf
__C_specific_handler
strrchr
RtlInitString
MmGetSystemRoutineAddress
RtlGetVersion
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
IoFreeMdl
ZwOpenKey
RtlEqualString
MmIsAddressValid
NtBuildNumber
wcsncmp
RtlCompareMemory
ZwQueryInformationFile
ZwReadFile
RtlPrefixUnicodeString
strcmp
IoAllocateIrp
IoBuildDeviceIoControlRequest
IofCallDriver
IoFreeIrp
IoGetDeviceObjectPointer
IoGetDeviceAttachmentBaseRef
RtlEqualUnicodeString
KeLowerIrql
KfRaiseIrql
ObfReferenceObject
IoDriverObjectType
ObOpenObjectByName
CmRegisterCallback
CmUnRegisterCallback
PsSetCreateProcessNotifyRoutine
PsProcessType
PsThreadType
wcsrchr
RtlAppendUnicodeStringToString
KeInitializeMutex
KeReleaseMutex
KeDelayExecutionThread
IoAllocateErrorLogEntry
IoBuildSynchronousFsdRequest
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
IoReleaseRemoveLockAndWaitEx
IoWriteErrorLogEntry
ObReferenceObjectByPointer
ZwQueryValueKey
ZwSetValueKey
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
PsGetCurrentProcessId
ZwOpenProcess
KeAttachProcess
KeDetachProcess
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ObQueryNameString
ZwDuplicateObject
IoFileObjectType
MmHighestUserAddress
MmSystemRangeStart
PsGetProcessPeb
RtlMapGenericMask
PsGetProcessId
PsGetThreadProcessId
ObOpenObjectByPointer
IoDeviceObjectType
IoCreateDevice
ZwSetSecurityObject
RtlGetOwnerSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetSaclSecurityDescriptor
SeCaptureSecurityDescriptor
RtlLengthSecurityDescriptor
_snwprintf
RtlCreateSecurityDescriptor
RtlLengthSid
SeExports
IoIsWdmVersionAvailable
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
_wcsnicmp
wcschr
RtlFreeUnicodeString
ZwCreateKey
ExAllocatePoolWithQuotaTag
PsGetVersion
RtlImageDirectoryEntryToData
ZwQuerySystemInformation
KeBugCheckEx

Sections

.text
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/nanoreport.exe
.exe windows:5 windows x86 arch:x86

86a5d0e10e16c53f3c5fd77f73f9c9e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

o:\avx\pub\bin\Release\pdb\nanoreport.pdb

Imports

comctl32

CreateStatusWindowW
ord17

psapi

GetPerformanceInfo

wtsapi32

WTSQueryUserToken

kernel32

SetEvent
HeapReAlloc
DecodePointer
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
HeapSize
RaiseException
PostQueuedCompletionStatus
SetErrorMode
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsFree
TerminateProcess
ReadFile
SetHandleInformation
CreatePipe
PeekNamedPipe
CreateProcessW
MultiByteToWideChar
WideCharToMultiByte
GetSystemInfo
GetCurrentThread
GetCurrentProcess
GetCurrentProcessId
WaitForSingleObjectEx
LocalFree
OpenProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
OpenThread
SetThreadPriority
DeviceIoControl
GetCommandLineW
QueryDosDeviceW
GetComputerNameW
GetVersionExW
ProcessIdToSessionId
GetTickCount
GetModuleHandleW
GetFileSizeEx
FindClose
GetEnvironmentVariableW
GetDriveTypeW
CreateDirectoryW
RemoveDirectoryW
GetFullPathNameW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileExW
FindNextFileW
CopyFileW
MoveFileExW
CreateEventW
WaitForMultipleObjects
VirtualAlloc
VirtualFree
SetUnhandledExceptionFilter
CreateThread
SetLastError
ResumeThread
ReleaseMutex
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
WTSGetActiveConsoleSessionId
CreateSemaphoreA
ReleaseSemaphore
DuplicateHandle
GetTempFileNameW
GetModuleHandleA
QueryPerformanceFrequency
GetTimeZoneInformation
GetNativeSystemInfo
VerSetConditionMask
InterlockedCompareExchange
VirtualProtect
TerminateThread
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
FormatMessageW
TlsGetValue
TlsSetValue
SetWaitableTimer
VerifyVersionInfoW
GetFileAttributesExW
FindFirstFileW
SleepEx
CreateWaitableTimerW
GetProcessId
GetSystemTimeAsFileTime
WaitForMultipleObjectsEx
GetStdHandle
SetFilePointerEx
AllocConsole
FreeConsole
AttachConsole
OpenMutexW
OpenEventW
GetWindowsDirectoryW
GetVolumeInformationW
LockFileEx
UnlockFileEx
FlushFileBuffers
SetEndOfFile
GetFileTime
SetFileTime
OutputDebugStringW
ReadConsoleW
GetConsoleMode
GetConsoleCP
SetStdHandle
GetCurrentDirectoryW
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
VirtualQuery
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileType
SetConsoleCtrlHandler
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
IsDebuggerPresent
GetStringTypeExA
GetUserDefaultLCID
LCMapStringA
GetStringTypeExW
FormatMessageA
SystemTimeToFileTime
CreateWaitableTimerA
OpenEventA
ResetEvent
GetCPInfo
LoadLibraryA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CopyFileExA
GetUserDefaultUILanguage
CreateFileW
QueryPerformanceCounter
GetTempPathW
SetFilePointer
WriteFile
GetLastError
GetExitCodeProcess
ExitProcess
HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
WaitForSingleObject
Sleep
GetCurrentThreadId
CreateEventA
FreeLibrary
GetProcAddress
GetModuleFileNameW
LoadLibraryW
GetSystemTime
IsValidCodePage
GetOEMCP
GetCommandLineA
SetEnvironmentVariableA
SetDllDirectoryW
GetThreadTimes
GetLocaleInfoW
LCMapStringW
CompareStringW
SwitchToThread
EncodePointer
GetStringTypeW
WriteConsoleW

user32

SetWindowPos
GetDlgItem
SetDlgItemTextW
GetDlgItemTextA
EndDialog
DialogBoxParamW
ShowWindow
CreateWindowExW
CallWindowProcW
SendMessageW
IsIconic
GetDlgItemTextW
GetMonitorInfoW
MonitorFromPoint
SystemParametersInfoW
LoadStringW
LoadStringA
LoadIconW
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
GetClassNameW
EnumWindows
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBeep
MessageBoxW
GetWindowRect
GetClientRect
GetDC
AllowSetForegroundWindow
SetForegroundWindow
SetActiveWindow
DrawTextExW
EnableWindow
KillTimer
SetTimer
GetKeyState

gdi32

SaveDC
RestoreDC
DeleteDC
CreateCompatibleDC
SelectObject

comdlg32

GetSaveFileNameA

advapi32

FreeSid
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
SaferComputeTokenFromLevel
SaferCloseLevel
SaferCreateLevel
SetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
ImpersonateLoggedOnUser
GetUserNameW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
OpenThreadToken
OpenProcessToken
RevertToSelf
CheckTokenMembership

shell32

CommandLineToArgvW
SHGetFolderPathW
SHCreateDirectoryExW
SHGetFolderPathAndSubDirW
ShellExecuteExW

ole32

StringFromGUID2
CoCreateGuid
CoCreateInstance
CoInitialize

ws2_32

WSACleanup
WSAStartup

shlwapi

PathGetDriveNumberW
ord437

userenv

UnloadUserProfile
DestroyEnvironmentBlock
CreateEnvironmentBlock

Exports

Exports

GetExtension
GetNanoCtx

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/nanoreportc.exe
.exe windows:5 windows x86 arch:x86

97954377570225fce3dd0eaca0882e25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

o:\avx\pub\bin\Release\pdb\nanoreportc.pdb

Imports

psapi

GetModuleBaseNameW
GetModuleFileNameExW
EnumDeviceDrivers
GetDeviceDriverFileNameW
GetProcessMemoryInfo
GetProcessImageFileNameW
EnumProcesses
GetPerformanceInfo
EnumProcessModules

netapi32

NetUserEnum
NetUserGetLocalGroups
NetApiBufferFree

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetGetConnectionW

userenv

DestroyEnvironmentBlock
UnloadUserProfile
ExpandEnvironmentStringsForUserW
CreateEnvironmentBlock

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord143

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpDetectAutoProxyConfigUrl
WinHttpCheckPlatform
WinHttpGetDefaultProxyConfiguration
WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpOpen

wininet

InternetOpenW
InternetCloseHandle
InternetConnectW

ws2_32

WSCGetProviderPath
WSCEnumProtocols
WSCDeinstallProvider
WSASend
WSASetLastError
setsockopt
ntohl
htons
htonl
WSAStartup
WSCInstallProvider
WSCWriteProviderOrder
__WSAFDIsSet
gethostname
sendto
recvfrom
bind
freeaddrinfo
getaddrinfo
WSACleanup
WSAGetLastError
closesocket
WSASocketW
accept
WSAIoctl
connect
getnameinfo
getsockname
inet_ntoa
listen
ntohs
recv
select
send
shutdown
socket
ioctlsocket
gethostbyname
getpeername
getsockopt

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

gdiplus

GdipCreateBitmapFromScan0
GdipSaveImageToStream
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipGetImageEncodersSize
GdipCreateBitmapFromHICON
GdipGetImageEncoders
GdipAlloc
GdipCloneImage

wtsapi32

WTSUnRegisterSessionNotification
WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSRegisterSessionNotification

setupapi

CM_Get_Sibling
CM_Request_Device_EjectW
SetupDiGetClassDevsW
CM_Get_DevNode_Status
CM_Get_Device_ID_Size
CM_Get_Device_IDW
CM_Get_Child
SetupDiEnumDeviceInterfaces
SetupDiGetClassImageIndex
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInterfaceW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDescriptionW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassImageList

kernel32

GetSystemDirectoryA
VerifyVersionInfoA
GetModuleHandleExW
GetStringTypeW
EncodePointer
SwitchToThread
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
CreateWaitableTimerA
GetStringTypeExW
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
IsDebuggerPresent
UnhandledExceptionFilter
InitializeSListHead
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
VirtualQuery
SetConsoleCtrlHandler
ExitThread
FreeLibraryAndExitThread
SetStdHandle
GetCommandLineA
GetACP
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
SwitchToFiber
DeleteFiber
GetOEMCP
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GlobalMemoryStatus
SetEnvironmentVariableA
SetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
WriteConsoleW
ReadConsoleW
ExpandEnvironmentStringsA
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
LoadLibraryA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetSystemInfo
GetNativeSystemInfo
Sleep
GetCurrentProcess
GetCurrentProcessId
CloseHandle
InterlockedDecrement
GlobalFree
GlobalMemoryStatusEx
LocalAlloc
LocalFree
OpenProcess
OpenThread
GetThreadPriorityBoost
GetThreadTimes
GetThreadIOPendingFlag
GetLastError
SetErrorMode
ReadProcessMemory
ReadFile
SetFilePointer
FindClose
GetFileTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
ExpandEnvironmentStringsW
GetWindowsDirectoryW
GetDllDirectoryW
CreateFileW
FindFirstFileW
FindNextFileW
QueryPerformanceCounter
QueryPerformanceFrequency
GetVersionExW
IsWow64Process
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
LoadLibraryExW
FreeLibrary
GlobalAlloc
FormatMessageW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
CreateSemaphoreA
ReleaseSemaphore
LoadLibraryW
CreateEventA
SetEvent
GetCurrentThread
GetCurrentThreadId
WaitForSingleObjectEx
WaitForSingleObject
WaitForMultipleObjectsEx
DuplicateHandle
GetProcessHeap
HeapAlloc
HeapFree
GetProcessTimes
GetStdHandle
WriteFile
GetLogicalDriveStringsW
CreateProcessW
GetTempPathW
SetDllDirectoryW
QueryDosDeviceW
GetUserDefaultUILanguage
AttachConsole
HeapReAlloc
HeapDestroy
DecodePointer
InterlockedIncrement
InterlockedExchange
InterlockedExchangeAdd
HeapSize
RaiseException
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsFree
GetFileSize
GetFileAttributesW
CopyFileW
MultiByteToWideChar
SetFileTime
GetCurrentDirectoryW
CreateDirectoryW
GetFileInformationByHandle
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
DeviceIoControl
GetVolumePathNameW
GetFileType
CreateEventW
GetFileAttributesExW
FindFirstFileExW
GetShortPathNameW
SleepEx
SetLastError
TlsGetValue
CreateWaitableTimerW
SetWaitableTimer
GetVolumeInformationW
GetDiskFreeSpaceExW
SetFilePointerEx
GetLogicalDrives
OpenEventW
ResetEvent
WaitForMultipleObjects
GetProcessWorkingSetSize
SetProcessWorkingSetSize
TerminateProcess
GetThreadPriority
SuspendThread
ResumeThread
CompareFileTime
GetPriorityClass
ProcessIdToSessionId
VirtualQueryEx
SetThreadPriority
GetDriveTypeW
SetPriorityClass
GetSystemPowerStatus
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
WTSGetActiveConsoleSessionId
Module32FirstW
Module32NextW
OpenEventA
IsProcessorFeaturePresent
GetFileSizeEx
FormatMessageA
SetFileAttributesW
DeleteFileW
MoveFileExW
GetEnvironmentVariableW
GetLongPathNameW
GetSystemTimes
DefineDosDeviceW
GetModuleFileNameW
RemoveDirectoryW
GetFullPathNameW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineW
GetComputerNameW
VirtualAlloc
VirtualFree
GetExitCodeProcess
SetUnhandledExceptionFilter
CreateThread
ReleaseMutex
CreateMutexW
VerSetConditionMask
InterlockedCompareExchange
VirtualProtect
TerminateThread
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
TlsSetValue
VerifyVersionInfoW
GetProcessId
SetHandleInformation
CreatePipe
PeekNamedPipe
AllocConsole
FreeConsole
OpenMutexW
ExitProcess
LockFileEx
UnlockFileEx
FlushFileBuffers
OutputDebugStringW
InitializeCriticalSection
PulseEvent
CreateProcessA
GetFullPathNameA
SetEndOfFile

user32

SetTimer
SystemParametersInfoW
GetWindowThreadProcessId
GetClassNameW
EnumWindows
GetShellWindow
GetParent
GetWindowLongW
SetSysColors
GetSysColor
GetWindowRect
GetForegroundWindow
MsgWaitForMultipleObjects
MessageBoxW
IsWindowVisible
GetWindowPlacement
ExitWindowsEx
PeekMessageW
GetUserObjectInformationW
CloseDesktop
LoadStringA
SwitchDesktop
EnumDesktopWindows
OpenInputDesktop
OpenDesktopW
DestroyWindow
CreateWindowExW
KillTimer
LoadStringW
IsWindow
GetProcessWindowStation
GetKeyState
GetIconInfo
DestroyIcon
SetUserObjectSecurity
EnumThreadWindows
IsIconic
RegisterClassExW
SetForegroundWindow
PostQuitMessage
DefWindowProcW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetDesktopWindow
SendMessageW
GetSystemMetrics

gdi32

GetBitmapBits
GetObjectW
DeleteObject

advapi32

CheckTokenMembership
CreateServiceW
DeleteService
OpenProcessToken
LookupAccountNameW
RegCloseKey
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
CloseServiceHandle
EnumServicesStatusW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
ConvertSidToStringSidW
BackupEventLogW
CloseEventLog
OpenEventLogW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
ImpersonateSelf
RevertToSelf
OpenThreadToken
GetTokenInformation
AdjustTokenPrivileges
PrivilegeCheck
LookupAccountSidW
LookupPrivilegeValueW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetNamedSecurityInfoW
BuildTrusteeWithNameW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
ImpersonateLoggedOnUser
DecryptFileW
IsValidSid
EqualSid
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetLengthSid
CopySid
InitializeAcl
GetAclInformation
AddAce
GetAce
SetNamedSecurityInfoW
RegOpenUserClassesRoot
RegOpenCurrentUser
RegDeleteValueW
InitiateSystemShutdownExW
ChangeServiceConfigW
ChangeServiceConfig2W
QueryServiceStatusEx
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SaferComputeTokenFromLevel
SaferCloseLevel
SaferCreateLevel
SetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
StartServiceW
GetUserNameW
SetSecurityInfo
GetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
AllocateAndInitializeSid
ControlService

shell32

SHChangeNotify
SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
CommandLineToArgvW
SHCreateDirectoryExW
SHGetFolderPathAndSubDirW
SHGetFolderPathW
ShellExecuteExW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CreateStreamOnHGlobal
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoCreateGuid
CoUninitialize

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

shlwapi

PathGetDriveNumberW
SHDeleteKeyW
SHCreateStreamOnFileEx
StrRetToStrW
PathCombineW
PathIsFileSpecW
PathIsUNCW
ord437
SHGetValueW

pdh

PdhCollectQueryData
PdhCloseQuery
PdhGetFormattedCounterValue
PdhOpenQueryW

Exports

Exports

GetExtension
GetNanoCtx

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/nanoreportc64.exe
.exe windows:5 windows x64 arch:x64

27a04bd29bf130a2e5618a927f323770

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

o:\avx\pub\bin\Release\pdb\nanoreportc64.pdb

Imports

psapi

GetPerformanceInfo
EnumProcesses
GetProcessImageFileNameW
GetProcessMemoryInfo
GetDeviceDriverFileNameW
EnumDeviceDrivers
GetModuleFileNameExW
GetModuleBaseNameW
EnumProcessModules

netapi32

NetUserEnum
NetUserGetLocalGroups
NetApiBufferFree

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetGetConnectionW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
ExpandEnvironmentStringsForUserW
UnloadUserProfile

wintrust

CryptCATAdminReleaseContext
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseCatalogContext

ws2_32

WSAStartup
closesocket
ioctlsocket
htonl
htons
ntohl
setsockopt
WSAGetLastError
WSACleanup
WSASetLastError
WSCWriteProviderOrder32
WSCWriteProviderOrder
WSCInstallProvider64_32
WSCInstallProvider
WSCDeinstallProvider32
WSCDeinstallProvider
WSCEnumProtocols
WSCGetProviderPath
WSASend
WSASocketW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

gdiplus

GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDisposeImage
GdipSaveImageToStream
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHICON
GdipCreateBitmapFromScan0

setupapi

SetupDiGetDeviceInstanceIdW
SetupDiGetClassImageList
CM_Request_Device_EjectW
CM_Get_Sibling
CM_Get_DevNode_Status
CM_Get_Device_ID_Size
CM_Get_Device_IDW
CM_Get_Child
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDescriptionW
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiCreateDeviceInterfaceW
SetupDiDestroyDeviceInfoList
SetupDiGetClassImageIndex
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces

wtsapi32

WTSQueryUserToken
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification
WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW

kernel32

GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
CreateWaitableTimerA
FormatMessageA
GetStringTypeExW
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
IsDebuggerPresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
LoadLibraryA
GetModuleHandleA
LoadLibraryW
GetModuleHandleW
GetProcAddress
FreeLibrary
GetSystemInfo
GetNativeSystemInfo
GetCurrentProcess
GetCurrentProcessId
CloseHandle
GlobalMemoryStatusEx
LocalAlloc
LocalFree
OpenProcess
OpenThread
GetThreadPriorityBoost
GetThreadTimes
GetThreadIOPendingFlag
GetLastError
SetErrorMode
ReadProcessMemory
ReadFile
SetFilePointer
FindClose
GetFileTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
ExpandEnvironmentStringsW
GetWindowsDirectoryW
GetDllDirectoryW
CreateFileW
FindFirstFileW
FindNextFileW
GetVersionExW
IsWow64Process
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
LoadLibraryExW
GlobalAlloc
GlobalFree
FormatMessageW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
CreateSemaphoreA
ReleaseSemaphore
CreateEventA
SetEvent
GetCurrentThread
GetCurrentThreadId
WaitForSingleObjectEx
WaitForSingleObject
WaitForMultipleObjectsEx
DuplicateHandle
GetProcessHeap
HeapAlloc
HeapFree
GetProcessTimes
UnhandledExceptionFilter
WriteFile
GetLogicalDriveStringsW
CreateProcessW
GetTempPathW
SetDllDirectoryW
QueryDosDeviceW
GetUserDefaultUILanguage
AttachConsole
HeapReAlloc
HeapDestroy
DecodePointer
HeapSize
RaiseException
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsFree
GetFileSize
GetFileAttributesW
CopyFileW
MultiByteToWideChar
SetFileTime
GetCurrentDirectoryW
CreateDirectoryW
GetFileInformationByHandle
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetShortPathNameW
CreateEventW
SleepEx
SetLastError
SwitchToThread
CreateWaitableTimerW
SetWaitableTimer
GetVolumeInformationW
GetDiskFreeSpaceExW
SetFilePointerEx
GetLogicalDrives
OpenEventW
ResetEvent
WaitForMultipleObjects
GetProcessWorkingSetSize
SetProcessWorkingSetSize
TerminateProcess
GetThreadPriority
SuspendThread
ResumeThread
CompareFileTime
GetPriorityClass
ProcessIdToSessionId
Sleep
VirtualQueryEx
SetThreadPriority
DeviceIoControl
GetDriveTypeW
SetPriorityClass
GetSystemPowerStatus
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
WTSGetActiveConsoleSessionId
Module32FirstW
Module32NextW
OpenEventA
IsProcessorFeaturePresent
GetVolumePathNameW
GetFileType
GetFileAttributesExW
FindFirstFileExW
GetSystemTimes
GetFileSizeEx
SetEndOfFile
SetFileAttributesW
DeleteFileW
MoveFileExW
DefineDosDeviceW
GetEnvironmentVariableW
GetLongPathNameW
GetModuleFileNameW
RemoveDirectoryW
GetFullPathNameW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineW
GetComputerNameW
VirtualAlloc
VirtualFree
GetExitCodeProcess
SetUnhandledExceptionFilter
GetStartupInfoW
ReleaseMutex
CreateMutexW
QueryPerformanceCounter
QueryPerformanceFrequency
VerSetConditionMask
VirtualProtect
TerminateThread
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
TlsSetValue
VerifyVersionInfoW
GetProcessId
SetHandleInformation
CreatePipe
PeekNamedPipe
AllocConsole
FreeConsole
OpenMutexW
ExitProcess
LockFileEx
UnlockFileEx
FlushFileBuffers
OutputDebugStringW
InitializeSListHead
RtlUnwindEx
VirtualQuery
SetConsoleCtrlHandler
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetCommandLineA
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
SetStdHandle
ReadConsoleW
IsValidCodePage
GetOEMCP
SetEnvironmentVariableA
SetEnvironmentVariableW
EncodePointer
WriteConsoleW
RtlPcToFileHeader
GetStringTypeW
TlsGetValue
GetStdHandle
CreateThread

user32

SetForegroundWindow
EnumThreadWindows
SetTimer
LoadStringA
MessageBoxW
DestroyIcon
GetIconInfo
LoadStringW
SendMessageW
GetDesktopWindow
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
DefWindowProcW
PostQuitMessage
RegisterClassExW
CreateWindowExW
DestroyWindow
OpenDesktopW
OpenInputDesktop
EnumDesktopWindows
SwitchDesktop
CloseDesktop
SetUserObjectSecurity
GetUserObjectInformationW
PeekMessageW
ExitWindowsEx
GetWindowPlacement
IsWindowVisible
IsIconic
MsgWaitForMultipleObjects
GetForegroundWindow
GetWindowRect
GetSysColor
SetSysColors
GetWindowLongW
GetKeyState
GetSystemMetrics
GetWindowLongPtrW
GetParent
GetShellWindow
EnumWindows
GetClassNameW
GetWindowThreadProcessId
SystemParametersInfoW
KillTimer
IsWindow

gdi32

GetBitmapBits
DeleteObject
GetObjectW

advapi32

OpenProcessToken
OpenEventLogW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
ImpersonateSelf
LookupAccountNameW
RegCloseKey
RevertToSelf
OpenThreadToken
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
CloseServiceHandle
GetTokenInformation
EnumServicesStatusW
OpenSCManagerW
AdjustTokenPrivileges
PrivilegeCheck
LookupAccountSidW
LookupPrivilegeValueW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetNamedSecurityInfoW
BuildTrusteeWithNameW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
DecryptFileW
IsValidSid
EqualSid
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetLengthSid
CopySid
InitializeAcl
GetAclInformation
AddAce
GetAce
SetNamedSecurityInfoW
ImpersonateLoggedOnUser
RegOpenUserClassesRoot
RegOpenCurrentUser
CloseEventLog
BackupEventLogW
RegDeleteValueW
InitiateSystemShutdownExW
ChangeServiceConfigW
ChangeServiceConfig2W
ControlService
CreateServiceW
DeleteService
QueryServiceStatusEx
StartServiceW
AllocateAndInitializeSid
FreeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityInfo
SetSecurityInfo
GetUserNameW
CheckTokenMembership
CreateProcessAsUserW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
ConvertSidToStringSidW
DuplicateTokenEx
SaferComputeTokenFromLevel
SaferCloseLevel
SaferCreateLevel
SetTokenInformation

shell32

SHGetFolderPathW
SHChangeNotify
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
CommandLineToArgvW
SHCreateDirectoryExW
ShellExecuteExW
SHGetFolderPathAndSubDirW
SHGetFileInfoW

ole32

StringFromGUID2
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemFree
CoCreateGuid
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

shlwapi

SHDeleteKeyW
SHGetValueW
ord437
PathIsUNCW
PathIsFileSpecW
PathCombineW
StrRetToStrW
SHCreateStreamOnFileEx
PathGetDriveNumberW

pdh

PdhGetFormattedCounterValue
PdhCloseQuery
PdhCollectQueryData
PdhOpenQueryW

Exports

Exports

GetExtension
GetNanoCtx

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
homepage.url

Sharing

General

Malware Config

Signatures

Files

79816339b53ffe40dc34edbae4af71e4

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51Certificate

Extended Key Usages

Key Usages

2e:fc:5f:ae:a6:7c:cb:4c:61:e9:e6:2dCertificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:25:07:1d:f9:afCertificate

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

34:1e:6f:f3:33:a3:96:b1:00:1e:e9:1fCertificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

32:8a:28:81:98:6c:ae:18:b8:4a:96:57:67:ae:97:f6:ba:d8:e2:a3:b9:a2:c0:4c:f5:0b:4b:d8:b5:82:97:85Signer

b1:5d:7f:98:eb:d8:b6:4d:5b:3e:6c:7d:1c:1f:5b:49:a8:45:cc:a6Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 170KB

.ndata Size: - Virtual size: 352KB

.rsrc Size: 112KB - Virtual size: 112KB

2ed77e01961352b9d2ff2119043404b3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 726B

.data Size: - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 232B

35b4571924ee07c8078f9b8e225cd69f

Headers

DLL Characteristics

File Characteristics

PDB Paths

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

2e:fc:5f:ae:a6:7c:cb:4c:61:e9:e6:2d
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

34:1e:6f:f3:33:a3:96:b1:00:1e:e9:1f
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

32:8a:28:81:98:6c:ae:18:b8:4a:96:57:67:ae:97:f6:ba:d8:e2:a3:b9:a2:c0:4c:f5:0b:4b:d8:b5:82:97:85
Signer

b1:5d:7f:98:eb:d8:b6:4d:5b:3e:6c:7d:1c:1f:5b:49:a8:45:cc:a6
Signer

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 170KB

.ndata
Size: - Virtual size: 352KB

.rsrc
Size: 112KB - Virtual size: 112KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 726B

.data
Size: - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 232B

.text
Size: 6.1MB - Virtual size: 6.1MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 228KB - Virtual size: 1.4MB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 354KB - Virtual size: 353KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 910B

.data
Size: 512B - Virtual size: 68B

.reloc
Size: 512B - Virtual size: 464B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 268B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 278B