D:\code\workspace\yebaolauncher\outputdd\Update.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
15c0ed7caebdabad9b34e58f5e8540ef9c281dbe47afc210e9881aa4b49c154a.exe
Resource
win7-20240704-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
15c0ed7caebdabad9b34e58f5e8540ef9c281dbe47afc210e9881aa4b49c154a.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
15c0ed7caebdabad9b34e58f5e8540ef9c281dbe47afc210e9881aa4b49c154a
-
Size
3.0MB
-
MD5
59b3bd0b4159e209b306cc551064ccbc
-
SHA1
08b3ca548734966ec346a7eb384e70d4d01ea9fa
-
SHA256
15c0ed7caebdabad9b34e58f5e8540ef9c281dbe47afc210e9881aa4b49c154a
-
SHA512
74e4dfa8f62293f915649020b23119deb0d2d69200a01dbcdb034a87790373179d5ef623cbaf2cbe1a59e979db8408f5fabe3c954e2d34969532f5dc7672415f
-
SSDEEP
49152:Itjm4I6fq7UrG/tV3TlpY0P++08WUejAX0ljQWS2d:gjm4Iwq7Rza3+08WUejWK
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 15c0ed7caebdabad9b34e58f5e8540ef9c281dbe47afc210e9881aa4b49c154a
Files
-
15c0ed7caebdabad9b34e58f5e8540ef9c281dbe47afc210e9881aa4b49c154a.exe windows:6 windows x86 arch:x86
52ced74da5387ec912f723fdc8b0c7d3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
utilities
?OnInitFinished@?$SObjectImpl@UIObject@SOUI@@@SOUI@@UAEXVxml_node@pugi@@@Z
?SetAttribute@?$SObjectImpl@UIObject@SOUI@@@SOUI@@UAEJPBD0H@Z
?SetAttribute@?$SObjectImpl@UIObject@SOUI@@@SOUI@@UAEJABV?$TStringT@DUchar_traits@SOUI@@@2@0H@Z
?GetBuffer@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAEPA_WH@Z
?Format@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAA?AV12@PB_WZZ
?Right@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QBE?AV12@H@Z
?Compare@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QBEHPB_W@Z
??Y?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAEABV01@PB_W@Z
??4?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAEAAV01@PB_W@Z
??4?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAEAAV01@ABV01@@Z
??1?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAE@XZ
??0?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAE@PB_W@Z
??0?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAE@ABV01@@Z
??0?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@QAE@XZ
?ConcatCopy@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@IAE_NHPB_WH0@Z
?SafeStrlen@?$TStringT@_WUwchar_traits@SOUI@@@SOUI@@SAHPB_W@Z
soui
??0ISlotFunctor@SOUI@@QAE@XZ
?GetClassNameW@SAnimateImgWnd@SOUI@@SAPB_WXZ
??1ISlotFunctor@SOUI@@UAE@XZ
?CenterWindow@CSimpleWnd@SOUI@@QAEHPAUHWND__@@@Z
?SetVisible@SWindow@SOUI@@QAEXHH@Z
?subscribeEvent@SEventSet@SOUI@@QAE_NKABUISlotFunctor@2@@Z
?GetLayoutParam@SWindow@SOUI@@UBEPAUILayoutParam@2@XZ
?GetName@SWindow@SOUI@@UBEPB_WXZ
?GetID@SWindow@SOUI@@UBEHXZ
?IsSiblingsAutoGroupped@SWindow@SOUI@@UAEHXZ
?GetSelectedSiblingInGroup@SWindow@SOUI@@UAEPAV12@XZ
?IsClipClient@SWindow@SOUI@@UAEHXZ
?OnUpdateFloatPosition@SWindow@SOUI@@UAEXABVCRect@2@@Z
?SwndProc@SWindow@SOUI@@MAEHIIJAAJ@Z
?ProcessSwndMessage@SWindow@SOUI@@MAEHIIJAAJ@Z
?SetAttribute@SWindow@SOUI@@UAEJABV?$TStringT@_WUwchar_traits@SOUI@@@2@0H@Z
?GetClassNameW@SStatic@SOUI@@SAPB_WXZ
?GetClassNameW@SProgress@SOUI@@SAPB_WXZ
?GetClassNameW@STabCtrl@SOUI@@SAPB_WXZ
?GetClassNameW@SRichEdit@SOUI@@SAPB_WXZ
?FrameToHost@SwndContainerImpl@SOUI@@MAEXAAUtagRECT@@@Z
?GetAcceleratorMgr@SwndContainerImpl@SOUI@@MAEPAUIAcceleratorMgr@2@XZ
?DestroyWindow@CSimpleWnd@SOUI@@QAEHXZ
?GetObjectClass@SHostWnd@SOUI@@UBEPB_WXZ
?GetObjectType@SHostWnd@SOUI@@UBEHXZ
?IsClass@SHostWnd@SOUI@@UBEHPB_W@Z
?IsLayeredWindow@SHostWnd@SOUI@@MBEHXZ
?_HandleEvent@SHostWnd@SOUI@@UAEHPAVEventArgs@2@@Z
?ProcessWindowMessage@SHostWnd@SOUI@@UAEHPAUHWND__@@IIJAAJK@Z
?OnFinalRelease@?$TObjRefImpl2@UIObjRef@@VSWindow@SOUI@@@SOUI@@UAEXXZ
?getSingleton@?$SSingleton@VSApplication@SOUI@@@SOUI@@SAAAVSApplication@2@XZ
?Release@?$TObjRefImpl@UIObjRef@@@SOUI@@UAEJXZ
?AddRef@?$TObjRefImpl@UIObjRef@@@SOUI@@UAEJXZ
?getSingletonPtr@?$SSingleton@VSApplication@SOUI@@@SOUI@@SAPAVSApplication@2@XZ
??0SHostWnd@SOUI@@QAE@PB_W@Z
??1SHostWnd@SOUI@@UAE@XZ
?Create@SHostWnd@SOUI@@QAEPAUHWND__@@PAU3@KKHHHH@Z
?InitFromXml@SHostWnd@SOUI@@UAEHVxml_node@pugi@@@Z
?DestroyWindow@SHostWnd@SOUI@@QAEHXZ
?SetTimer@SHostWnd@SOUI@@QAEIII@Z
?KillTimer@SHostWnd@SOUI@@QAEHI@Z
?GetClientRect@SHostWnd@SOUI@@UBE?AVCRect@2@XZ
?OnDestroy@SHostWnd@SOUI@@IAEXXZ
?OnFireEvent@SHostWnd@SOUI@@MAEHAAVEventArgs@2@@Z
?GetContainerRect@SHostWnd@SOUI@@MAE?AVCRect@2@XZ
?GetHostHwnd@SHostWnd@SOUI@@MAEPAUHWND__@@XZ
?GetTranslatorContext@SHostWnd@SOUI@@MBEABV?$TStringT@_WUwchar_traits@SOUI@@@2@XZ
?OnGetRenderTarget@SHostWnd@SOUI@@MAEPAUIRenderTarget@2@ABVCRect@2@K@Z
?OnReleaseRenderTarget@SHostWnd@SOUI@@MAEXPAUIRenderTarget@2@ABVCRect@2@K@Z
?OnRedraw@SHostWnd@SOUI@@MAEXABVCRect@2@@Z
?OnReleaseSwndCapture@SHostWnd@SOUI@@MAEHXZ
?OnSetSwndCapture@SHostWnd@SOUI@@MAEKK@Z
?IsTranslucent@SHostWnd@SOUI@@MBEHXZ
?IsSendWheel2Hover@SHostWnd@SOUI@@MBEHXZ
?OnCreateCaret@SHostWnd@SOUI@@MAEHKPAUHBITMAP__@@HH@Z
?OnShowCaret@SHostWnd@SOUI@@MAEHH@Z
?OnSetCaretPos@SHostWnd@SOUI@@MAEHHH@Z
?UpdateWindow@SHostWnd@SOUI@@MAEHXZ
?UpdateTooltip@SHostWnd@SOUI@@MAEXXZ
?RegisterTimelineHandler@SHostWnd@SOUI@@MAEHPAUITimelineHandler@2@@Z
?UnregisterTimelineHandler@SHostWnd@SOUI@@MAEHPAUITimelineHandler@2@@Z
?GetMsgLoop@SHostWnd@SOUI@@MAEPAVSMessageLoop@2@XZ
?GetScriptModule@SHostWnd@SOUI@@MAEPAUIScriptModule@2@XZ
?GetScale@SHostWnd@SOUI@@MBEHXZ
?BeforePaint@SHostWnd@SOUI@@MAEXPAUIRenderTarget@2@AAVSPainter@2@@Z
?AfterPaint@SHostWnd@SOUI@@MAEXPAUIRenderTarget@2@AAVSPainter@2@@Z
?UpdateLayout@SHostWnd@SOUI@@MAEXXZ
?OnLanguageChanged@SHostWnd@SOUI@@MAEJXZ
?OnScaleChanged@SHostWnd@SOUI@@MAEXH@Z
?RequestRelayout@SHostWnd@SOUI@@UAEXKH@Z
?onRootResize@SHostWnd@SOUI@@UAE_NPAVEventArgs@2@@Z
?SetValue@SProgress@SOUI@@QAEHH@Z
?GetWindowTextW@SWindow@SOUI@@UAE?AV?$TStringT@_WUwchar_traits@SOUI@@@2@H@Z
?SetWindowTextW@SWindow@SOUI@@UAEXPB_W@Z
?SetToolTipText@SWindow@SOUI@@UAEXPB_W@Z
?GetToolTipText@SWindow@SOUI@@UAE?AV?$TStringT@_WUwchar_traits@SOUI@@@2@XZ
?GetClientRect@SWindow@SOUI@@UBEXPAUtagRECT@@@Z
?IsContainPoint@SWindow@SOUI@@UBEHABUtagPOINT@@H@Z
?OnColorize@SWindow@SOUI@@MAEXK@Z
?FindChildByName@SWindow@SOUI@@QAEPAV12@PB_WH@Z
?CreateChildren@SWindow@SOUI@@UAEHVxml_node@pugi@@@Z
?SSendMessage@SWindow@SOUI@@QAEJIIJPAH@Z
?GetSelectedChildInGroup@SWindow@SOUI@@UAEPAV12@XZ
?OnSetCursor@SWindow@SOUI@@UAEHABVCPoint@2@@Z
?OnUpdateToolTip@SWindow@SOUI@@UAEHVCPoint@2@AAUSwndToolTipInfo@2@@Z
?OnStateChanging@SWindow@SOUI@@UAEXKK@Z
?OnStateChanged@SWindow@SOUI@@UAEXKK@Z
?OnContentChanged@SWindow@SOUI@@UAEXXZ
?tr@SWindow@SOUI@@UAE?AV?$TStringT@_WUwchar_traits@SOUI@@@2@ABV32@@Z
?SwndFromPoint@SWindow@SOUI@@UAEKVCPoint@2@H@Z
?FireEvent@SWindow@SOUI@@UAEHAAVEventArgs@2@@Z
?OnGetDlgCode@SWindow@SOUI@@UAEIXZ
?IsFocusable@SWindow@SOUI@@UAEHXZ
?OnNcHitTest@SWindow@SOUI@@UAEHVCPoint@2@@Z
?UpdateChildrenPosition@SWindow@SOUI@@UAEXXZ
?OnRelayout@SWindow@SOUI@@UAEHABVCRect@2@@Z
?GetChildrenLayoutRect@SWindow@SOUI@@UAE?AVCRect@2@XZ
?GetDesiredSize@SWindow@SOUI@@UAE?AVCSize@2@HH@Z
?GetDesiredSize@SWindow@SOUI@@UAE?AVCSize@2@PBUtagRECT@@@Z
?NeedRedrawWhenStateChange@SWindow@SOUI@@UAEHXZ
?GetTextRect@SWindow@SOUI@@UAEXPAUtagRECT@@@Z
?DrawTextW@SWindow@SOUI@@UAEXPAUIRenderTarget@2@PB_WHPAUtagRECT@@I@Z
?DrawFocus@SWindow@SOUI@@UAEXPAUIRenderTarget@2@@Z
?GetTrCtx@SWindow@SOUI@@UBEABV?$TStringT@_WUwchar_traits@SOUI@@@2@XZ
?CreateCaret@SWindow@SOUI@@UAEHPAUHBITMAP__@@HH@Z
?ShowCaret@SWindow@SOUI@@UAEXH@Z
?SetCaretPos@SWindow@SOUI@@UAEXHH@Z
?IsDrawToCache@SWindow@SOUI@@MBE_NXZ
?DefAttributeProc@SWindow@SOUI@@MAEJABV?$TStringT@_WUwchar_traits@SOUI@@@2@0H@Z
?AfterAttribute@SWindow@SOUI@@MAEJABV?$TStringT@_WUwchar_traits@SOUI@@@2@0HJ@Z
?GetAttribute@SWindow@SOUI@@MBE?AV?$TStringT@_WUwchar_traits@SOUI@@@2@ABV32@@Z
?RegisterDragDrop@SwndContainerImpl@SOUI@@MAEHKPAUIDropTarget@@@Z
?RevokeDragDrop@SwndContainerImpl@SOUI@@MAEHK@Z
?DoFrameEvent@SwndContainerImpl@SOUI@@MAEJIIJ@Z
?OnSetSwndFocus@SwndContainerImpl@SOUI@@MAEXK@Z
?OnGetSwndCapture@SwndContainerImpl@SOUI@@MAEKXZ
?GetFocus@SwndContainerImpl@SOUI@@MAEKXZ
?GetHover@SwndContainerImpl@SOUI@@MAEKXZ
?RegisterTrackMouseEvent@SwndContainerImpl@SOUI@@MAEHK@Z
?UnregisterTrackMouseEvent@SwndContainerImpl@SOUI@@MAEHK@Z
?MarkWndTreeZorderDirty@SwndContainerImpl@SOUI@@MAEXXZ
?BuildWndTreeZorder@SwndContainerImpl@SOUI@@MAEXXZ
?OnNextFrame@SwndContainerImpl@SOUI@@UAEXXZ
?GetLogManager@SApplication@SOUI@@QAEPAUILog4zManager@2@XZ
?SetCurSel@STabCtrl@SOUI@@QAEHH@Z
?ReflectNotifications@CSimpleWnd@SOUI@@QAEJIIJAAH@Z
?OnFinalMessage@CSimpleWnd@SOUI@@MAEXPAUHWND__@@@Z
??0SObjectInfo@SOUI@@QAE@ABV?$TStringT@_WUwchar_traits@SOUI@@@1@H@Z
?RegisterSystemObjects@SApplication@SOUI@@MAEXXZ
??0SObjectDefaultRegister@SOUI@@QAE@XZ
?GetAlpha@SSkinObjBase@SOUI@@UBEEXZ
?SetAlpha@SSkinObjBase@SOUI@@UAEXE@Z
?Draw@SSkinObjBase@SOUI@@UAEXPAUIRenderTarget@2@PBUtagRECT@@KE@Z
?Draw@SSkinObjBase@SOUI@@UAEXPAUIRenderTarget@2@PBUtagRECT@@K@Z
?GetScale@SSkinObjBase@SOUI@@UBEHXZ
?Scale@SSkinObjBase@SOUI@@UAEPAVISkinObj@2@H@Z
?GetName@SSkinObjBase@SOUI@@UBEPB_WXZ
?SetStates@SSkinImgList@SOUI@@UAEXH@Z
?SetImage@SSkinImgList@SOUI@@UAE_NPAUIBitmap@2@@Z
?GetImage@SSkinImgList@SOUI@@UAEPAUIBitmap@2@XZ
?SetTile@SSkinImgList@SOUI@@UAEXH@Z
?IsTile@SSkinImgList@SOUI@@UAEHXZ
?SetVertical@SSkinImgList@SOUI@@UAEXH@Z
?IsVertical@SSkinImgList@SOUI@@UAEHXZ
?GetClassNameW@SSkinScrollbar@SOUI@@SAPB_WXZ
?GetObjectType@SSkinScrollbar@SOUI@@UBEHXZ
?IsClass@SSkinScrollbar@SOUI@@UBEHPB_W@Z
?SetAttribute@SSkinScrollbar@SOUI@@UAEJABV?$TStringT@_WUwchar_traits@SOUI@@@2@0H@Z
?SendMessageW@CSimpleWnd@SOUI@@QAEJIIJ@Z
?ShowWindow@CSimpleWnd@SOUI@@QAEHH@Z
??1SSkinScrollbar@SOUI@@UAE@XZ
?OnFinalRelease@?$TObjRefImpl@V?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@@SOUI@@UAEXXZ
?Release@?$TObjRefImpl@V?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@@SOUI@@UAEJXZ
?AddRef@?$TObjRefImpl@V?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@@SOUI@@UAEJXZ
?OnInitFinished@?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@UAEXVxml_node@pugi@@@Z
?GetAttribute@?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@UBE?AV?$TStringT@_WUwchar_traits@SOUI@@@2@ABV32@@Z
?SetAttribute@?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@UAEJPBD0H@Z
?SetAttribute@?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@UAEJABV?$TStringT@DUchar_traits@SOUI@@@2@0H@Z
?AfterAttribute@?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@UAEJABV?$TStringT@_WUwchar_traits@SOUI@@@2@0HJ@Z
?GetID@?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@UBEHXZ
?InitFromXml@?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@UAEHVxml_node@pugi@@@Z
?DefAttributeProc@?$SObjectImpl@VISkinObj@SOUI@@@SOUI@@UAEJABV?$TStringT@_WUwchar_traits@SOUI@@@2@0H@Z
??0SSkinScrollbar@SOUI@@QAE@XZ
?_Draw@SSkinScrollbar@SOUI@@MAEXPAUIRenderTarget@2@PBUtagRECT@@KE@Z
?_Scale@SSkinScrollbar@SOUI@@MAEXPAVISkinObj@2@H@Z
?Create@SHostWnd@SOUI@@QAEPAUHWND__@@PAU3@HHHH@Z
?RegisterFactory@SObjectFactoryMgr@SOUI@@QAE_NAAVSObjectFactory@2@_N@Z
?CreateObject@SObjectFactoryMgr@SOUI@@UBEPAUIObject@2@ABVSObjectInfo@2@@Z
?GetSkinSize@SSkinImgList@SOUI@@UAE?AUtagSIZE@@XZ
?IgnoreState@SSkinImgList@SOUI@@UAEHXZ
?GetStates@SSkinImgList@SOUI@@UAEHXZ
?OnColorize@SSkinImgList@SOUI@@UAEXK@Z
?GetExpandMode@SSkinImgList@SOUI@@MAEIXZ
??0SApplication@SOUI@@QAE@PAUIRenderFactory@1@PAUHINSTANCE__@@PB_WABUISystemObjectRegister@1@H@Z
??1SApplication@SOUI@@UAE@XZ
?Run@SApplication@SOUI@@QAEHPAUHWND__@@@Z
?CreateWindowByName@SApplication@SOUI@@UBEPAVSWindow@2@PB_W@Z
?CreateSkinByName@SApplication@SOUI@@UBEPAVISkinObj@2@PB_W@Z
?CreateInterpolatorByName@SApplication@SOUI@@UBEPAUIInterpolator@2@PB_W@Z
?CreateAccProxy@SApplication@SOUI@@UBEPAUIAccProxy@2@PAVSWindow@2@@Z
?CreateAccessible@SApplication@SOUI@@UBEPAUIAccessible@@PAVSWindow@2@@Z
?AddResProvider@SResProviderMgr@SOUI@@QAEXPAUIResProvider@2@PB_W@Z
kernel32
OpenEventW
SetEvent
CloseHandle
LoadLibraryW
SetCurrentDirectoryW
GetProcAddress
GetCurrentProcessId
GetSystemTime
SystemTimeToFileTime
GetEnvironmentVariableW
ReadConsoleA
SetConsoleMode
SwitchToFiber
DeleteFiber
CreateFiber
FormatMessageW
ConvertFiberToThread
ConvertThreadToFiber
SetEndOfFile
WriteConsoleW
GetFullPathNameW
GetCurrentDirectoryW
HeapSize
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
HeapReAlloc
SetConsoleCtrlHandler
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
ExitProcess
GetFileAttributesExW
GetModuleHandleExW
FreeLibraryAndExitThread
LoadLibraryA
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetFilePointer
WriteFile
SetFileAttributesW
SetFileTime
SetLastError
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
GetEnvironmentVariableA
CompareFileTime
MoveFileExA
VerifyVersionInfoW
GetSystemDirectoryW
VerSetConditionMask
SleepEx
RaiseException
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetSystemTimeAsFileTime
LCMapStringEx
FindNextFileW
EncodePointer
SleepConditionVariableSRW
WakeAllConditionVariable
QueryPerformanceFrequency
QueryPerformanceCounter
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FormatMessageA
GetExitCodeThread
WaitForSingleObjectEx
GetCurrentThreadId
FreeLibrary
DeviceIoControl
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcmpW
GetTickCount
lstrcpyW
CopyFileW
lstrcatW
OutputDebugStringW
Sleep
CreateMutexW
GetTempPathW
TerminateProcess
GetCurrentProcess
MultiByteToWideChar
MoveFileW
GetModuleFileNameW
OutputDebugStringA
WideCharToMultiByte
CreateDirectoryW
FindFirstFileW
GetModuleHandleW
CreateProcessW
GetProcessHeap
DeleteCriticalSection
MoveFileExW
DecodePointer
HeapAlloc
Process32FirstW
DeleteFileW
Process32NextW
GetLastError
CreateToolhelp32Snapshot
CreateFileW
WaitForSingleObject
FindClose
InitializeCriticalSectionEx
RemoveDirectoryW
HeapFree
user32
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
EnumWindows
GetPropW
SendMessageW
GetActiveWindow
PostMessageW
OffsetRect
advapi32
RegSetValueExW
CryptDestroyKey
CryptGetKeyParam
CryptEnumProvidersW
CryptSignHashW
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptGenRandom
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptAcquireContextW
CryptEncrypt
RegQueryValueExW
CryptDecrypt
RegOpenKeyExW
RegOpenKeyExA
CryptDeriveKey
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
shell32
SHGetSpecialFolderLocation
ShellExecuteW
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ole32
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
OleInitialize
OleUninitialize
shlwapi
PathIsDirectoryW
StrCmpW
PathFileExistsW
PathCanonicalizeW
PathRemoveFileSpecW
iphlpapi
GetAdaptersInfo
GetIpForwardTable
ws2_32
WSAGetLastError
bind
connect
getpeername
getsockname
send
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
recvfrom
recv
sendto
gethostname
ntohl
closesocket
getsockopt
shutdown
getnameinfo
inet_addr
wintrust
WinVerifyTrust
crypt32
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertOpenSystemStoreA
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertCloseStore
wldap32
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord26
ord27
ord117
ord41
ord208
ord73
ord216
ord14
ord46
ord145
ord219
Sections
.text Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 546KB - Virtual size: 546KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 23KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 548KB - Virtual size: 547KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 82KB - Virtual size: 81KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ