kernel32.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8e8e4be80436616b9b30c0c6331b6d87_JaffaCakes118.dll
Resource
win7-20240729-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
8e8e4be80436616b9b30c0c6331b6d87_JaffaCakes118.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
8e8e4be80436616b9b30c0c6331b6d87_JaffaCakes118
-
Size
878KB
-
MD5
8e8e4be80436616b9b30c0c6331b6d87
-
SHA1
5d93d171dee739234b104cb5e4ef5725e5a965e0
-
SHA256
47c620eb56a407c20f75170900895a262650fc279e149366e0059e864cf15c31
-
SHA512
8b65a44ea552e240f208b2872ab03e89bbb7c87e275e4bb17d3e7392c2b3761428391bfa2c9138b11374d523164f3a9074c3c5fd58375b7507714a5cedb48093
-
SSDEEP
12288:8+zqQTpTS1Oj5H541pKjI6oCiWoLCuPLTb3wgIecp3gnJNM35dHKdzAvLj47a4R7:8YqPQ5zeHLCu0gfcp3gnG7sJQM9B
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8e8e4be80436616b9b30c0c6331b6d87_JaffaCakes118
Files
-
8e8e4be80436616b9b30c0c6331b6d87_JaffaCakes118.dll windows:6 windows x86 arch:x86
777cf84bbd2e3a431798a3b95c1930c8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
ntdll
_aullrem
RtlExitUserProcess
RtlExitUserThread
RtlInitializeExceptionChain
memcpy
NtFsControlFile
NtCreateFile
_wcsnicmp
RtlAllocateHeap
RtlFreeHeap
memset
NtOpenFile
NtQueryInformationFile
NtQueryEaFile
RtlLengthSecurityDescriptor
NtQuerySecurityObject
NtSetEaFile
NtSetSecurityObject
NtSetInformationFile
CsrClientCallServer
NtClose
NtDeviceIoControlFile
RtlReleaseSRWLockExclusive
LdrAddRefDll
RtlAcquireSRWLockExclusive
NtQueryValueKey
NtOpenKey
RtlInitUnicodeString
NtFlushKey
NtSetValueKey
NtCreateKey
_memicmp
memmove
RtlNtStatusToDosError
wcscspn
RtlUnicodeToMultiByteSize
RtlFreeUnicodeString
RtlDnsHostNameToComputerName
RtlUnicodeStringToAnsiString
RtlxUnicodeStringToAnsiSize
NlsMbCodePageTag
RtlInitUnicodeStringEx
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCreateUnicodeStringFromAsciiz
wcschr
wcsstr
RtlPrefixString
_wcsicmp
RtlGetFullPathName_U
RtlGetCurrentDirectory_U
RtlSetCurrentDirectory_U
NtQueryInformationProcess
RtlSetCurrentTransaction
RtlGetCurrentTransaction
RtlFreeAnsiString
RtlTimeToTimeFields
RtlTimeFieldsToTime
_allmul
RtlInitializeSRWLock
NtQuerySystemInformation
NtSetSystemInformation
_vsnwprintf
RtlAcquirePrivilege
RtlReleasePrivilege
NtSetSystemTime
RtlCutoverTimeToSystemTime
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlUnicodeStringToInteger
RtlpCheckDynamicTimeZoneInformation
DbgBreakPoint
RtlFreeSid
RtlSetSaclSecurityDescriptor
RtlAddMandatoryAce
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
RtlCreateSecurityDescriptor
RtlAllocateAndInitializeSid
DbgPrint
NtOpenProcess
CsrGetProcessId
DbgUiDebugActiveProcess
DbgUiConnectToDbg
DbgUiIssueRemoteBreakin
NtSetInformationDebugObject
DbgUiGetThreadDebugObject
NtQueryInformationThread
NtFlushInstructionCache
DbgUiConvertStateChangeStructure
DbgUiWaitStateChange
DbgUiContinue
DbgUiStopDebugging
RtlReleaseRelativeName
RtlDosPathNameToRelativeNtPathName_U
RtlIsDosDeviceName_U
RtlEqualUnicodeString
RtlDestroyAtomTable
RtlCreateAtomTable
NtDeleteAtom
RtlDeleteAtomFromAtomTable
NtAddAtom
RtlAddAtomToAtomTable
NtFindAtom
RtlLookupAtomInAtomTable
NtQueryInformationAtom
RtlQueryAtomInAtomTable
RtlMultiByteToUnicodeN
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeSize
RtlPrefixUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlFormatCurrentUserKeyPath
NtEnumerateValueKey
NtDeleteValueKey
RtlIsTextUnicode
NtReadFile
NtAllocateVirtualMemory
NtUnlockFile
NtLockFile
RtlDosPathNameToNtPathName_U
RtlCopyUnicodeString
NtFreeVirtualMemory
NtWriteFile
CsrVerifyRegion
RtlGetLongestNtPathLength
NtEnumerateKey
RtlEqualString
CsrFreeCaptureBuffer
CsrCaptureMessageString
CsrAllocateCaptureBuffer
RtlCharToInteger
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlUpcaseUnicodeChar
RtlUpcaseUnicodeString
CsrAllocateMessagePointer
NtQueryObject
RtlCompareMemory
NtQueryDirectoryObject
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtOpenDirectoryObject
NtSetInformationToken
NtOpenProcessToken
RtlQueryElevationFlags
NtQuerySection
NtCreateSection
EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlNtStatusToDosErrorNoTeb
RtlSetLastWin32Error
NtCreateIoCompletion
NtSetIoCompletion
NtRemoveIoCompletion
RtlDeactivateActivationContextUnsafeFast
NtRemoveIoCompletionEx
RtlActivateActivationContextUnsafeFast
NtSetInformationProcess
NtQueryDirectoryFile
NtNotifyChangeDirectoryFile
NtWaitForSingleObject
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDeleteCriticalSection
NtQueryVolumeInformationFile
NtCancelIoFileEx
NtCancelSynchronousIoFile
NtCancelIoFile
NtReadFileScatter
NtWriteFileGather
RtlWow64EnableFsRedirection
RtlWow64EnableFsRedirectionEx
NtFlushBuffersFile
NtOpenSection
NtMapViewOfSection
NtFlushVirtualMemory
RtlFlushSecureMemoryCache
NtUnmapViewOfSection
NtQueryAttributesFile
NtQueryFullAttributesFile
RtlUnicodeStringToOemString
RtlDetermineDosPathNameType_U
NtCreateKeyTransacted
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlGetAce
RtlQueryInformationAcl
RtlEqualSid
RtlDosPathNameToNtPathName_U_WithStatus
NtRaiseHardError
RtlGetThreadErrorMode
RtlGetLastNtStatus
NtQuerySystemEnvironmentValueEx
RtlGUIDFromString
NtSetSystemEnvironmentValueEx
RtlInitString
RtlUnlockHeap
RtlIsValidHandle
RtlLockHeap
RtlGetUserInfoHeap
RtlSizeHeap
RtlFreeHandle
RtlCompactHeap
RtlImageNtHeader
RtlRegisterSecureMemoryCacheCallback
RtlDeregisterSecureMemoryCacheCallback
RtlSetUserValueHeap
RtlAllocateHandle
RtlReAllocateHeap
NtDuplicateObject
NtSetInformationObject
RtlOemStringToUnicodeString
NtSetInformationThread
NtOpenThreadToken
LdrQueryImageFileExecutionOptions
CsrClientConnectToServer
RtlCreateTagHeap
LdrSetDllManifestProber
RtlSetUnhandledExceptionFilter
RtlSetThreadPoolStartFunc
RtlEncodePointer
RtlCleanUpTEBLangLists
_stricmp
RtlCreateHeap
RtlDestroyHeap
RtlQueryHeapInformation
RtlValidateHeap
RtlGetProcessHeaps
RtlWalkHeap
RtlSetHeapInformation
RtlInitializeHandleTable
RtlExtendedLargeIntegerDivide
NtCreateMailslotFile
RtlFormatMessageEx
RtlFindMessage
LdrUnloadAlternateResourceModule
LdrRemoveLoadAsDataTable
LdrUnloadDll
LdrDisableThreadCalloutsForDll
RtlCreateUnicodeString
RtlInitAnsiStringEx
strchr
LdrUnlockLoaderLock
LdrLockLoaderLock
LdrGetDllHandle
RtlComputePrivatizedDllName_U
RtlPcToFileHeader
LdrGetProcedureAddress
RtlGetProductInfo
RtlGetVersion
RtlVerifyVersionInfo
LdrAccessResource
LdrFindResourceDirectory_U
LdrpResGetRCConfig
RtlImageDirectoryEntryToData
LdrpResGetResourceDirectory
LdrFindResource_U
LdrResFindResource
LdrResFindResourceDirectory
LdrpResGetMappingSize
LdrLoadAlternateResourceModule
LdrLoadAlternateResourceModuleEx
LdrEnumerateLoadedModules
strtoul
RtlCultureNameToLCID
NtQueryVirtualMemory
wcsrchr
LdrGetFileNameFromLoadAsDataTable
wcstoul
LdrAddLoadAsDataTable
RtlDosApplyFileIsolationRedirection_Ustr
LdrLoadDll
LdrGetDllHandleEx
_strcmpi
NtCreateEvent
NtCreateNamedPipeFile
RtlDefaultNpAcl
_alldiv
_allshl
RtlDosSearchPath_Ustr
RtlQueryEnvironmentVariable_U
RtlAnsiCharToUnicodeChar
RtlIntegerToChar
NtSetVolumeInformationFile
RtlIsNameLegalDOS8Dot3
RtlSetThreadErrorMode
NtQueryPerformanceCounter
NtPowerInformation
NtInitiatePowerAction
NtSetThreadExecutionState
NtRequestWakeupLatency
NtGetDevicePowerState
NtIsSystemResumeAutomatic
NtRequestDeviceWakeup
NtCancelDeviceWakeupRequest
RtlDestroyProcessParameters
RtlCreateProcessParametersEx
wcspbrk
NtWriteVirtualMemory
NtTerminateProcess
RtlRaiseStatus
RtlCompareUnicodeString
RtlQueryRegistryValues
NtCreateJobSet
NtCreateJobObject
RtlSubAuthoritySid
RtlInitializeSid
NtQueryInformationToken
RtlGetNativeSystemInformation
RtlDestroyEnvironment
NtAssignProcessToJobObject
NtRemoveProcessDebug
NtResumeThread
LdrQueryImageFileKeyOption
NtCreateUserProcess
RtlGetFullPathName_UstrEx
RtlCreateEnvironmentEx
RtlxAnsiStringToUnicodeSize
NtReplacePartitionUnit
RtlxOemStringToUnicodeSize
NlsMbOemCodePageTag
RtlxUnicodeStringToOemSize
NtOpenPrivateNamespace
NtDeletePrivateNamespace
RtlCreateBoundaryDescriptor
RtlAddSIDToBoundaryDescriptor
_alloca_probe
RtlReleasePebLock
RtlQueryEnvironmentVariable
RtlAcquirePebLock
NtCreatePrivateNamespace
RtlInitializeCriticalSectionAndSpinCount
RtlInitializeCriticalSectionEx
NtOpenEvent
NtSetEvent
NtClearEvent
NtPulseEvent
NtCreateSemaphore
NtOpenSemaphore
NtReleaseSemaphore
NtCreateMutant
NtOpenMutant
NtReleaseMutant
NtWaitForMultipleObjects
NtCreateTimer
NtOpenTimer
NtSetTimer
NtCancelTimer
RtlSleepConditionVariableCS
RtlSleepConditionVariableSRW
RtlRunOnceExecuteOnce
RtlRunOnceBeginInitialize
RtlRunOnceComplete
NtSignalAndWaitForSingleObject
strrchr
NtOpenThread
NtGetContextThread
NtSetContextThread
NtSuspendThread
NtDelayExecution
RtlFindClearBitsAndSet
RtlClearBits
RtlAreBitsSet
TpCaptureCaller
RtlReleaseActivationContext
NtQueueApcThread
RtlQueryInformationActivationContext
RtlFlsAlloc
RtlProcessFlsData
RtlFlsFree
RtlCreateUserStack
RtlFreeActivationContextStack
RtlAllocateActivationContextStack
RtlFreeUserStack
NtYieldExecution
NtTerminateThread
RtlActivateActivationContextEx
NtCreateThreadEx
TpCheckTerminateWorker
RtlCaptureStackBackTrace
RtlDestroyQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlCreateQueryDebugBuffer
NtQueryEvent
RtlCreateEnvironment
RtlFreeOemString
RtlCopyLuid
toupper
isdigit
atol
tolower
NtOpenJobObject
NtTerminateJobObject
NtQueryInformationJobObject
NtSetInformationJobObject
NtIsProcessInJob
RtlAddRefActivationContext
RtlZombifyActivationContext
RtlActivateActivationContext
RtlDeactivateActivationContext
RtlGetActiveActivationContext
DbgPrintEx
RtlpApplyLengthFunction
RtlGetLengthWithoutLastFullDosOrNtPathElement
RtlpEnsureBufferSize
RtlMultiAppendUnicodeStringBuffer
RtlGetThreadPreferredUILanguages
RtlQueryActivationContextApplicationSettings
RtlSetThreadPreferredUILanguages
RtlImageNtHeaderEx
RtlCreateActivationContext
RtlDoesFileExists_U
RtlFindActivationContextSectionString
RtlFindActivationContextSectionGuid
CsrCaptureMessageMultiUnicodeStringsInPlace
NtApphelpCacheControl
RtlFindCharInUnicodeString
RtlNtPathNameToDosPathName
RtlEncodeSystemPointer
RtlDecodeSystemPointer
bsearch
RtlComputeImportTableHash
CsrCaptureMessageBuffer
RtlSetEnvironmentStrings
RtlSetEnvironmentVariable
RtlSetEnvironmentVar
RtlExpandEnvironmentStrings
RtlUnicodeToOemN
RtlExpandEnvironmentStrings_U
NtReadVirtualMemory
NtProtectVirtualMemory
NtLockVirtualMemory
NtUnlockVirtualMemory
NtAllocateUserPhysicalPages
NtFreeUserPhysicalPages
NtMapUserPhysicalPages
NtMapUserPhysicalPagesScatter
NtGetWriteWatch
NtResetWriteWatch
RtlDeregisterWait
RtlDeregisterWaitEx
RtlQueueWorkItem
RtlSetIoCompletionCallback
RtlCreateTimerQueue
RtlCreateTimer
RtlUpdateTimer
RtlDeleteTimer
RtlDeleteTimerQueueEx
RtlRegisterWait
RtlRaiseException
RtlDecodePointer
wcsncmp
RtlLcidToLocaleName
wcsncpy
LdrFindResourceEx_U
RtlUnhandledExceptionFilter
RtlCompareUnicodeStrings
NtSetDefaultLocale
EtwEventEnabled
RtlLocaleNameToLcid
RtlpMuiFreeLangRegistryInfo
qsort
RtlpIsQualifiedLanguage
RtlpGetLCIDFromLangInfoNode
RtlpGetNameFromLangInfoNode
NtQueryInstallUILanguage
RtlLCIDToCultureName
RtlpLoadUserUIByPolicy
RtlpLoadMachineUIByPolicy
RtlpCreateProcessRegistryInfo
RtlpInitializeLangRegistryInfo
_wcslwr
_wtol
RtlIntegerToUnicodeString
_ui64tow
_aulldiv
RtlGetFileMUIPath
RtlGetUILanguageInfo
RtlpGetSystemDefaultUILanguage
RtlpQueryDefaultUILanguage
RtlGetSystemPreferredUILanguages
RtlGetUserPreferredUILanguages
RtlpConvertLCIDsToCultureNames
RtlpConvertCultureNamesToLCIDs
RtlNormalizeString
RtlIsNormalizedString
RtlIdnToAscii
RtlIdnToNameprepUnicode
RtlIdnToUnicode
NtGetNlsSectionPtr
NtInitializeNlsFiles
RtlOpenCurrentUser
_strlwr
strncat
RtlUnwind
TpAllocPool
Exports
Exports
AcquireSRWLockExclusive
AcquireSRWLockShared
ActivateActCtx
AddAtomA
AddAtomW
AddConsoleAliasA
AddConsoleAliasW
AddLocalAlternateComputerNameA
AddLocalAlternateComputerNameW
AddRefActCtx
AddSIDToBoundaryDescriptor
AddSecureMemoryCacheCallback
AddVectoredContinueHandler
AddVectoredExceptionHandler
AdjustCalendarDate
AllocConsole
AllocateUserPhysicalPages
AllocateUserPhysicalPagesNuma
ApplicationRecoveryFinished
ApplicationRecoveryInProgress
AreFileApisANSI
AssignProcessToJobObject
AttachConsole
BackupRead
BackupSeek
BackupWrite
BaseCheckAppcompatCache
BaseCheckRunApp
BaseCleanupAppcompatCacheSupport
BaseDumpAppcompatCache
BaseFlushAppcompatCache
BaseGenerateAppCompatData
BaseInitAppcompatCacheSupport
BaseIsAppcompatInfrastructureDisabled
BaseQueryModuleData
BaseThreadInitThunk
BaseUpdateAppcompatCache
BasepCheckBadapp
BasepCheckWinSaferRestrictions
BasepFreeAppCompatData
Beep
BeginUpdateResourceA
BeginUpdateResourceW
BindIoCompletionCallback
BuildCommDCBA
BuildCommDCBAndTimeoutsA
BuildCommDCBAndTimeoutsW
BuildCommDCBW
CallNamedPipeA
CallNamedPipeW
CallbackMayRunLong
CancelDeviceWakeupRequest
CancelIo
CancelIoEx
CancelSynchronousIo
CancelThreadpoolIo
CancelTimerQueueTimer
CancelWaitableTimer
ChangeTimerQueueTimer
CheckElevation
CheckElevationEnabled
CheckForReadOnlyResource
CheckNameLegalDOS8Dot3A
CheckNameLegalDOS8Dot3W
CheckRemoteDebuggerPresent
ClearCommBreak
ClearCommError
CloseConsoleHandle
CloseHandle
ClosePrivateNamespace
CloseProfileUserMapping
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolIo
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CmdBatNotification
CommConfigDialogA
CommConfigDialogW
CompareCalendarDates
CompareFileTime
CompareStringA
CompareStringEx
CompareStringOrdinal
CompareStringW
ConnectNamedPipe
ConsoleMenuControl
ContinueDebugEvent
ConvertCalDateTimeToSystemTime
ConvertDefaultLocale
ConvertFiberToThread
ConvertNLSDayOfWeekToWin32DayOfWeek
ConvertSystemTimeToCalDateTime
ConvertThreadToFiber
ConvertThreadToFiberEx
CopyFileA
CopyFileExA
CopyFileExW
CopyFileTransactedA
CopyFileTransactedW
CopyFileW
CopyLZFile
CreateActCtxA
CreateActCtxW
CreateBoundaryDescriptorA
CreateBoundaryDescriptorW
CreateConsoleScreenBuffer
CreateDirectoryA
CreateDirectoryExA
CreateDirectoryExW
CreateDirectoryTransactedA
CreateDirectoryTransactedW
CreateDirectoryW
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateFiber
CreateFiberEx
CreateFileA
CreateFileMappingA
CreateFileMappingNumaA
CreateFileMappingNumaW
CreateFileMappingW
CreateFileTransactedA
CreateFileTransactedW
CreateFileW
CreateHardLinkA
CreateHardLinkTransactedA
CreateHardLinkTransactedW
CreateHardLinkW
CreateIoCompletionPort
CreateJobObjectA
CreateJobObjectW
CreateJobSet
CreateMailslotA
CreateMailslotW
CreateMemoryResourceNotification
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateNamedPipeA
CreateNamedPipeW
CreatePipe
CreatePrivateNamespaceA
CreatePrivateNamespaceW
CreateProcessA
CreateProcessInternalA
CreateProcessInternalW
CreateProcessW
CreateRemoteThread
CreateSemaphoreA
CreateSemaphoreExA
CreateSemaphoreExW
CreateSemaphoreW
CreateSocketHandle
CreateSymbolicLinkA
CreateSymbolicLinkTransactedA
CreateSymbolicLinkTransactedW
CreateSymbolicLinkW
CreateTapePartition
CreateThread
CreateThreadpool
CreateThreadpoolCleanupGroup
CreateThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateTimerQueue
CreateTimerQueueTimer
CreateToolhelp32Snapshot
CreateWaitableTimerA
CreateWaitableTimerExA
CreateWaitableTimerExW
CreateWaitableTimerW
DeactivateActCtx
DebugActiveProcess
DebugActiveProcessStop
DebugBreak
DebugBreakProcess
DebugSetProcessKillOnExit
DecodePointer
DecodeSystemPointer
DefineDosDeviceA
DefineDosDeviceW
DelayLoadFailureHook
DeleteAtom
DeleteBoundaryDescriptor
DeleteCriticalSection
DeleteFiber
DeleteFileA
DeleteFileTransactedA
DeleteFileTransactedW
DeleteFileW
DeleteProcThreadAttributeList
DeleteTimerQueue
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeleteVolumeMountPointA
DeleteVolumeMountPointW
DeviceIoControl
DisableThreadLibraryCalls
DisassociateCurrentThreadFromCallback
DisconnectNamedPipe
DnsHostnameToComputerNameA
DnsHostnameToComputerNameW
DosDateTimeToFileTime
DosPathToSessionPathA
DosPathToSessionPathW
DuplicateConsoleHandle
DuplicateHandle
EncodePointer
EncodeSystemPointer
EndUpdateResourceA
EndUpdateResourceW
EnterCriticalSection
EnumCalendarInfoA
EnumCalendarInfoExA
EnumCalendarInfoExEx
EnumCalendarInfoExW
EnumCalendarInfoW
EnumDateFormatsA
EnumDateFormatsExA
EnumDateFormatsExEx
EnumDateFormatsExW
EnumDateFormatsW
EnumLanguageGroupLocalesA
EnumLanguageGroupLocalesW
EnumResourceLanguagesA
EnumResourceLanguagesExA
EnumResourceLanguagesExW
EnumResourceLanguagesW
EnumResourceNamesA
EnumResourceNamesExA
EnumResourceNamesExW
EnumResourceNamesW
EnumResourceTypesA
EnumResourceTypesExA
EnumResourceTypesExW
EnumResourceTypesW
EnumSystemCodePagesA
EnumSystemCodePagesW
EnumSystemFirmwareTables
EnumSystemGeoID
EnumSystemLanguageGroupsA
EnumSystemLanguageGroupsW
EnumSystemLocalesA
EnumSystemLocalesEx
EnumSystemLocalesW
EnumTimeFormatsA
EnumTimeFormatsEx
EnumTimeFormatsW
EnumUILanguagesA
EnumUILanguagesW
EnumerateLocalComputerNamesA
EnumerateLocalComputerNamesW
EraseTape
EscapeCommFunction
ExitProcess
ExitThread
ExitVDM
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ExpungeConsoleCommandHistoryA
ExpungeConsoleCommandHistoryW
FatalAppExitA
FatalAppExitW
FatalExit
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FillConsoleOutputCharacterW
FindActCtxSectionGuid
FindActCtxSectionStringA
FindActCtxSectionStringW
FindAtomA
FindAtomW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileNameTransactedW
FindFirstFileNameW
FindFirstFileTransactedA
FindFirstFileTransactedW
FindFirstFileW
FindFirstStreamTransactedW
FindFirstStreamW
FindFirstVolumeA
FindFirstVolumeMountPointA
FindFirstVolumeMountPointW
FindFirstVolumeW
FindNLSString
FindNLSStringEx
FindNextChangeNotification
FindNextFileA
FindNextFileNameW
FindNextFileW
FindNextStreamW
FindNextVolumeA
FindNextVolumeMountPointA
FindNextVolumeMountPointW
FindNextVolumeW
FindResourceA
FindResourceExA
FindResourceExW
FindResourceW
FindVolumeClose
FindVolumeMountPointClose
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushConsoleInputBuffer
FlushFileBuffers
FlushInstructionCache
FlushProcessWriteBuffers
FlushViewOfFile
FoldStringA
FoldStringW
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
FreeResource
FreeUserPhysicalPages
GenerateConsoleCtrlEvent
GetACP
GetApplicationRecoveryCallback
GetApplicationRestartSettings
GetAtomNameA
GetAtomNameW
GetBinaryType
GetBinaryTypeA
GetBinaryTypeW
GetCPFileNameFromRegistry
GetCPInfo
GetCPInfoExA
GetCPInfoExW
GetCalendarDateFormat
GetCalendarDateFormatEx
GetCalendarDaysInMonth
GetCalendarDifferenceInDays
GetCalendarInfoA
GetCalendarInfoEx
GetCalendarInfoW
GetCalendarMonthsInYear
GetCalendarSupportedDateRange
GetCalendarWeekNumber
GetComPlusPackageInstallStatus
GetCommConfig
GetCommMask
GetCommModemStatus
GetCommProperties
GetCommState
GetCommTimeouts
GetCommandLineA
GetCommandLineW
GetCompressedFileSizeA
GetCompressedFileSizeTransactedA
GetCompressedFileSizeTransactedW
GetCompressedFileSizeW
GetComputerNameA
GetComputerNameExA
GetComputerNameExW
GetComputerNameW
GetConsoleAliasA
GetConsoleAliasExesA
GetConsoleAliasExesLengthA
GetConsoleAliasExesLengthW
GetConsoleAliasExesW
GetConsoleAliasW
GetConsoleAliasesA
GetConsoleAliasesLengthA
GetConsoleAliasesLengthW
GetConsoleAliasesW
GetConsoleCP
GetConsoleCharType
GetConsoleCommandHistoryA
GetConsoleCommandHistoryLengthA
GetConsoleCommandHistoryLengthW
GetConsoleCommandHistoryW
GetConsoleCursorInfo
GetConsoleCursorMode
GetConsoleDisplayMode
GetConsoleFontInfo
GetConsoleFontSize
GetConsoleHardwareState
GetConsoleHistoryInfo
GetConsoleInputExeNameA
GetConsoleInputExeNameW
GetConsoleInputWaitHandle
GetConsoleKeyboardLayoutNameA
GetConsoleKeyboardLayoutNameW
GetConsoleMode
GetConsoleNlsMode
GetConsoleOriginalTitleA
GetConsoleOriginalTitleW
GetConsoleOutputCP
GetConsoleProcessList
GetConsoleScreenBufferInfo
GetConsoleScreenBufferInfoEx
GetConsoleSelectionInfo
GetConsoleTitleA
GetConsoleTitleW
GetConsoleWindow
GetCurrencyFormatA
GetCurrencyFormatEx
GetCurrencyFormatW
GetCurrentActCtx
GetCurrentConsoleFont
GetCurrentConsoleFontEx
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatEx
GetDateFormatW
GetDefaultCommConfigA
GetDefaultCommConfigW
GetDevicePowerState
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDllDirectoryA
GetDllDirectoryW
GetDriveTypeA
GetDriveTypeW
GetDurationFormat
GetDurationFormatEx
GetDynamicTimeZoneInformation
GetEnvironmentStrings
GetEnvironmentStringsA
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetErrorMode
GetExitCodeProcess
GetExitCodeThread
GetExpandedNameA
GetExpandedNameW
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesTransactedA
GetFileAttributesTransactedW
GetFileAttributesW
GetFileBandwidthReservation
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileMUIInfo
GetFileMUIPath
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleA
GetFinalPathNameByHandleW
GetFirmwareEnvironmentVariableA
GetFirmwareEnvironmentVariableW
GetFullPathNameA
GetFullPathNameTransactedA
GetFullPathNameTransactedW
GetFullPathNameW
GetGeoInfoA
GetGeoInfoW
GetHandleContext
GetHandleInformation
GetLargePageMinimum
GetLargestConsoleWindowSize
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetLogicalDrives
GetLogicalProcessorInformation
GetLongPathNameA
GetLongPathNameTransactedA
GetLongPathNameTransactedW
GetLongPathNameW
Sections
.text Size: 818KB - Virtual size: 818KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
`h Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE