v[.]3[.]9[.]lntsaII3r_win_64-86_set-up+P0rtbIExt3[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

v.3.9.lntsaII3r_win_64-86_set-up+P0rtbIExt3.zip
Size

13.1MB
MD5

2482b33df4f894dcffaf2c4c3d509df7
SHA1

377c05d913da409f49711484ada645a13ca9f4d1
SHA256

0a9899ae035bde4be5bfbab6a7bc45afc4db9b3dc0fa29eb3cca6240b181c5bc
SHA512

b852a00d867118d3e4327fb7cb0ef2c58c1189cb1cb3fe1ecc06ceffa99b8975b62d977d5b888ba7c65f580f365b87b9330017d77fb179129485e22f1a37dc93
SSDEEP

393216:TlhjTGEaNMroedavn+Rnubzg6ihW7joKK:TlhjHDT0//bzticM

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/iesysprep.dll
unpack001/ir32_32.dll
unpack001/tak_deco_lib.dll

Files

v.3.9.lntsaII3r_win_64-86_set-up+P0rtbIExt3.zip
.zip
ReadMe(!).txt
Setup.exe
.exe windows:6 windows x64 arch:x64

431fd873e01da83e36fb2391db3ba3bc

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ec:8e:4d:a0:9c:b5:89:45:35:4f:74:64:bc:20:c2:29
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

09/09/2021, 00:00

Not After

08/09/2024, 23:59

Subject

CN=Florian Heidenreich,O=Florian Heidenreich,ST=Sachsen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:96:cb:71:d4:09:b1:9c:09:11:b8:49:e5:42:44:43:5a:af:49:ce:df:a4:60:7f:1c:97:05:a4:01:1f:8e:a1
Signer

Actual PE Digest

48:96:cb:71:d4:09:b1:9c:09:11:b8:49:e5:42:44:43:5a:af:49:ce:df:a4:60:7f:1c:97:05:a4:01:1f:8e:a1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Y:\build\binaries\mp3tag\Mp3tag64.pdb

Imports

shlwapi

PathIsRelativeW
StrCmpLogicalW
PathCompactPathW
PathStripToRootW
PathRemoveFileSpecW
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
ord219
PathQuoteSpacesW
PathIsUNCW
PathSearchAndQualifyW
PathRelativePathToW
ord12

uxtheme

EndBufferedPaint
DrawThemeParentBackground
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetThemeMargins
GetThemeInt
SetWindowTheme
OpenThemeData
GetThemeColor
CloseThemeData
GetThemeBackgroundContentRect
DrawThemeBackground
BufferedPaintSetAlpha
BeginBufferedPaint
DrawThemeText

kernel32

CompareStringOrdinal
LoadLibraryExW
VirtualProtect
GetACP
OutputDebugStringA
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
EncodePointer
lstrcmpW
GlobalFindAtomW
CompareStringW
GetVersionExW
lstrcmpA
CompareStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
SuspendThread
ResumeThread
GetProfileIntW
GetDiskFreeSpaceW
ReplaceFileW
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetThreadLocale
GetFileSizeEx
LocalFileTimeToFileTime
CreateSemaphoreW
GetAtomNameW
GlobalFlags
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SetErrorMode
FindResourceExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
UnregisterWait
RegisterWaitForSingleObject
SetThreadGroupAffinity
GetThreadGroupAffinity
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformationEx
GetLogicalProcessorInformation
GetCurrentProcessorNumberEx
SignalObjectAndWait
GetSystemTime
SystemTimeToTzSpecificLocalTime
ExpandEnvironmentStringsW
FileTimeToSystemTime
GetVolumeInformationW
GetDiskFreeSpaceExW
GetNativeSystemInfo
TryEnterCriticalSection
HeapCreate
GetFullPathNameA
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
CreateFileA
DeleteFileA
HeapCompact
LockFileEx
GetTickCount
GetConsoleScreenBufferInfo
GetModuleHandleA
AreFileApisANSI
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
Beep
GetTimeZoneInformation
GetOEMCP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
IsValidLocale
ExitProcess
GetStdHandle
VirtualQuery
VirtualAlloc
GetSystemInfo
GetFileType
SetStdHandle
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
HeapQueryInformation
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
GetCPInfo
CompareStringEx
CreateSymbolicLinkW
GetFileInformationByHandleEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateEventExW
InitOnceExecuteOnce
SetFileInformationByHandle
LCMapStringEx
GetLocaleInfoEx
RtlPcToFileHeader
RtlCaptureStackBackTrace
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
InitOnceBeginInitialize
InitOnceComplete
GetExitCodeThread
SwitchToThread
TryAcquireSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockShared
GetStringTypeW
TryAcquireSRWLockExclusive
FormatMessageA
RaiseException
GetWindowsDirectoryW
GetSystemDirectoryW
VerifyVersionInfoW
VerSetConditionMask
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetTimeFormatW
GetDateFormatW
GetLocalTime
GetThreadPriority
ReadDirectoryChangesW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
InitializeCriticalSectionAndSpinCount
WriteFile
ReadFile
SetEndOfFile
SetFilePointer
CreateProcessW
lstrcatW
GetCommandLineW
SetCurrentDirectoryW
GetCurrentDirectoryW
RemoveDirectoryW
CreateDirectoryW
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFullPathNameW
SetFileTime
GetFileTime
GetLongPathNameW
GetShortPathNameW
GetFileAttributesExW
GetFileSize
MoveFileExW
GetTickCount64
MoveFileW
SetFileAttributesW
CopyFileW
DeleteFileW
SetConsoleCtrlHandler
CreateMutexW
SleepEx
SetEvent
GetCurrentThread
SetThreadPriority
SleepConditionVariableCS
WakeConditionVariable
InitializeConditionVariable
HeapDestroy
DecodePointer
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
NormalizeString
IsNormalizedString
GetTempFileNameW
LCMapStringW
GetStringTypeExW
LCMapStringA
LoadLibraryA
GetStringTypeExA
GetUserDefaultLCID
CreateSemaphoreExW
CreateMutexExW
GlobalGetAtomNameW
GetVersion
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
OutputDebugStringW
IsDebuggerPresent
FindNextFileW
lstrcpynW
GetEnvironmentVariableW
WaitForMultipleObjects
MulDiv
Sleep
GetFileAttributesW
TerminateThread
CreateThread
QueryPerformanceFrequency
QueryPerformanceCounter
lstrcpyW
LocalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GlobalSize
WaitForSingleObject
ResetEvent
CreateEventW
FreeLibrary
GetDriveTypeW
SetLastError
LocalFree
lstrcmpiW
lstrlenW
EnumSystemLocalesW
FindClose
FindFirstFileW
GetLocaleInfoW
WideCharToMultiByte
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
HeapFree
GetModuleHandleW
HeapAlloc
GetProcessHeap
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
GlobalDeleteAtom
TzSpecificLocalTimeToSystemTime
GlobalAddAtomW
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
GetLastError
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
GetTempPathW
GetProcAddress
LoadLibraryW
GetModuleFileNameW
SetUnhandledExceptionFilter
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetThreadTimes
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
InterlockedPopEntrySList
QueryDepthSList
RtlUnwind
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToFileTime

user32

LockWindowUpdate
CopyImage
RealChildWindowFromPoint
BeginPaint
InvalidateRgn
EndPaint
SetPropW
SetWindowRgn
IsZoomed
GetScrollInfo
GetClassLongW
GetWindowRgn
MapWindowPoints
IsMenu
AdjustWindowRectEx
DeferWindowPos
TrackMouseEvent
FrameRect
FillRect
SetRect
CopyIcon
DrawEdge
UnionRect
DestroyCursor
GetComboBoxInfo
SetWindowPos
PostThreadMessageW
CreateWindowExW
RegisterClassW
DestroyWindow
DefWindowProcW
GetWindowLongPtrW
DrawTextW
GetIconInfo
CreateIconIndirect
DrawIconEx
CreateMenu
GetMenuItemInfoW
GetMenuState
DeleteMenu
ModifyMenuW
LoadMenuW
SetMenuDefaultItem
SendDlgItemMessageA
SetRectEmpty
UnregisterClassA
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetMessageTime
CallWindowProcW
GetClassInfoW
GetClassInfoExW
IsChild
GetWindowPlacement
SetWindowPlacement
MonitorFromRect
MsgWaitForMultipleObjects
CharUpperBuffW
SendMessageTimeoutW
GetLastActivePopup
MsgWaitForMultipleObjectsEx
PeekMessageW
IsWindowUnicode
GetMessageW
GetMessageA
DispatchMessageA
DestroyAcceleratorTable
LoadAcceleratorsW
DestroyMenu
SetActiveWindow
GetActiveWindow
OpenClipboard
GetDialogBaseUnits
EnableWindow
SendMessageW
MessageBoxW
UpdateWindow
GetAsyncKeyState
KillTimer
SetTimer
PostMessageW
SendDlgItemMessageW
GetDlgItemTextW
MonitorFromWindow
GetMonitorInfoW
CopyRect
SystemParametersInfoW
GetWindowRect
CreatePopupMenu
AppendMenuW
SetDlgItemTextW
GetDlgItem
GetClientRect
InsertMenuW
GetWindow
LoadIconW
GetFocus
GetMessagePos
RegisterClipboardFormatW
IsClipboardFormatAvailable
GetClipboardData
EmptyClipboard
SetClipboardData
GetPriorityClipboardFormat
ReleaseDC
GetDC
DragDetect
GetParent
CheckMenuRadioItem
EnumClipboardFormats
CheckMenuItem
CloseClipboard
GetSubMenu
SetFocus
GetCapture
GetMenu
SetMenu
TrackPopupMenuEx
GetForegroundWindow
ValidateRect
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
GetPropW
RemovePropW
SetWindowLongPtrW
GetClassLongPtrW
GetTopWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
SetScrollInfo
WinHelpW
ShowWindow
MoveWindow
SetDlgItemInt
GetDlgItemInt
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
GetMenuStringW
RemoveMenu
GetKeyNameTextW
MapVirtualKeyW
PostQuitMessage
WaitMessage
ScreenToClient
PtInRect
GetMenuItemCount
GetMenuItemID
ClientToScreen
GetSysColor
WindowFromPoint
SetCursor
LoadCursorW
TranslateMessage
DispatchMessageW
InvalidateRect
GetDlgCtrlID
IsWindow
DestroyIcon
RedrawWindow
GetWindowDC
MapDialogRect
SetCapture
ReleaseCapture
GetSystemMetrics
MessageBeep
IntersectRect
EqualRect
RegisterWindowMessageW
ChangeWindowMessageFilterEx
EnableMenuItem
GetClassNameW
IsWindowVisible
IsIconic
SetForegroundWindow
GetCursorPos
TrackPopupMenu
GetMenuInfo
GetSysColorBrush
SetMenuInfo
DrawMenuBar
MonitorFromPoint
LoadStringA
LoadImageW
LoadStringW
BeginDeferWindowPos
GetWindowThreadProcessId
EndDeferWindowPos
GetDesktopWindow
GetKeyState
InflateRect
OffsetRect
CharLowerBuffW
IsRectEmpty
GetWindowLongW
GetDCEx
UnregisterClassW
CharLowerW
CharUpperW
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
SetWindowLongW
SetParent
GetSystemMenu
ReuseDDElParam
UnpackDDElParam
GetMenuBarInfo
InsertMenuItemW
TranslateAcceleratorW
BringWindowToTop
DrawIcon
TabbedTextOutW
GrayStringW
DrawTextExW
ShowOwnedPopups

gdi32

IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
GetWindowExtEx
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
MoveToEx
TextOutW
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetMapMode
DPtoLP
CreateEllipticRgn
CreateDIBSection
LPtoDP
GetBkColor
CreateFontW
GetCharWidthW
StretchDIBits
EnumFontFamiliesExW
GetViewportExtEx
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
Escape
CreatePatternBrush
CreateHatchBrush
CreateDIBPatternBrushPt
CreateDCW
CopyMetaFileW
SetPixelV
SetDIBits
GetDIBits
Ellipse
ExcludeClipRect
SetPixel
SetBkMode
ExtTextOutW
SetBkColor
CreatePolygonRgn
GetPixel
CreateBitmap
GetWindowOrgEx
FillRgn
CombineRgn
SetRectRgn
OffsetRgn
CreateRectRgn
CreateRectRgnIndirect
ExtCreatePen
CreatePen
DeleteObject
GetDeviceCaps
SelectObject
CreateCompatibleDC
GetObjectW
CreateCompatibleBitmap
BitBlt
DeleteDC
CreateSolidBrush
GetTextExtentPoint32W
CreateFontIndirectW
GetTextMetricsW
GetCurrentObject
CreateDIBitmap
GetTextColor
PatBlt
GetStockObject
StartDocW
SetTextColor

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

SetFileSecurityW
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryInfoKeyW
RegEnumValueW
RegSetValueW
RegEnumKeyW
RegQueryValueW
RegDeleteValueW
GetFileSecurityW
GetUserNameW

shell32

SHGetPathFromIDListW
DragQueryFileW
ShellExecuteW
SHGetFileInfoW
SHCreateItemFromIDList
SHParseDisplayName
SHCreateShellItemArrayFromIDLists
ord155
ord190
SHOpenFolderAndSelectItems
FindExecutableW
SHBindToParent
SHGetDataFromIDListW
SHGetIDListFromObject
SHFileOperationW
SHAddToRecentDocs
ExtractIconW
DragFinish
Shell_NotifyIconW
SHCreateShellItem
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetDesktopFolder
ShellExecuteExW
SHGetMalloc

comctl32

ord410
ImageList_SetBkColor
ImageList_ReplaceIcon
ord345
ord413
ImageList_DragMove
ImageList_DragShowNolock
ImageList_BeginDrag
ImageList_DragEnter
ImageList_GetImageInfo
ImageList_AddMasked
ImageList_DragLeave
ImageList_EndDrag
ord412
ImageList_GetIcon
ImageList_Draw

ole32

ReadFmtUserTypeStg
OleDuplicateData
OleRegGetUserType
SetConvertStg
CoCreateGuid
WriteFmtUserTypeStg
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
PropVariantCopy
CoInitializeEx
OleRun
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
CoRegisterClassObject
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoDisconnectObject
StringFromGUID2
CLSIDFromString
CoGetClassObject
CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
RegisterDragDrop
ReleaseStgMedium
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CreateBindCtx

oleaut32

VariantClear
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
SysReAllocStringLen
SysStringLen
VariantInit
SysFreeString
SysAllocString
SafeArrayCreate
SystemTimeToVariantTime
VarDecFromStr
VarBstrFromDec
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDateFromStr
VariantCopy
SafeArrayPtrOfIndex
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantTimeToSystemTime

oledlg

OleUIBusyW

ws2_32

socket
htons
inet_addr
gethostbyname
WSASetLastError
connect
send
recv
closesocket
select
gethostname
accept
bind
getpeername
getsockname
htonl
inet_ntoa
ntohs
recvfrom
WSAAsyncSelect
WSAGetLastError
WSACleanup
WSAStartup
sendto

gdiplus

GdipDeleteGraphics
GdipSaveImageToStream
GdipFree
GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipLoadImageFromStream
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipGraphicsClear
GdipDrawPath
GdipDrawRectangleI
GdipAddPathArcI
GdipClosePathFigure
GdipStartPathFigure
GdipResetPath
GdipDeletePath
GdipCreatePath
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipDrawImageRectI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdiplusShutdown
GdiplusStartup
GdipSetInterpolationMode
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageFlags
GdipCreateFromHDC
GdipGetImagePixelFormat
GdipCreateHICONFromBitmap
GdipSetSmoothingMode
GdipCreateHBITMAPFromBitmap
GdipLoadImageFromStreamICM

winmm

mciSendCommandW
mciGetErrorStringW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

tak_deco_lib

tak_SSD_Valid
tak_SSD_Destroy
tak_SSD_GetEncoderInfo
tak_SSD_Create_FromStream
tak_SSD_GetStreamInfo

crypt32

CryptUnprotectMemory
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CryptProtectMemory

winhttp

WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpSendRequest
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetStatusCallback
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpWriteData
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpGetDefaultProxyConfiguration
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpQueryOption

bcrypt

BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptOpenAlgorithmProvider

Sections

.text
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 452KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WinEULA.txt
config.prx
.exe windows:5 windows x86 arch:x86

d21794f0d47bb5c7f5977a6500854d85

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:28:14:36:98:54:a8:5f:9b:8f:90:12:67:c0:3c:f2
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/08/2022, 00:00

Not After

29/07/2025, 23:59

Subject

SERIALNUMBER=91110108680456115E,CN=Glarysoft Ltd,O=Glarysoft Ltd,ST=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13104861696469616e204469737472696374,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:28:14:36:98:54:a8:5f:9b:8f:90:12:67:c0:3c:f2
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/08/2022, 00:00

Not After

29/07/2025, 23:59

Subject

SERIALNUMBER=91110108680456115E,CN=Glarysoft Ltd,O=Glarysoft Ltd,ST=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13104861696469616e204469737472696374,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:08:bb:49:63:6e:cf:3f:72:bf:92:cf:45:8b:91:0e:90:0f:7d:11:28:70:03:90:0a:af:8b:19:89:f5:2f:7b
Signer

Actual PE Digest

cc:08:bb:49:63:6e:cf:3f:72:bf:92:cf:45:8b:91:0e:90:0f:7d:11:28:70:03:90:0a:af:8b:19:89:f5:2f:7b

Digest Algorithm

sha256

PE Digest Matches

true

b2:c8:9c:70:dd:00:70:00:00:18:3b:25:00:02:8e:c2:fc:f9:28:b7
Signer

Actual PE Digest

b2:c8:9c:70:dd:00:70:00:00:18:3b:25:00:02:8e:c2:fc:f9:28:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\winapps\mh\trunk\exe\vc\StartupHelper\sourcecode\Release\StartupHelper.pdb

Imports

mfc90u

ord404
ord2597
ord2141
ord4131
ord6635
ord4044
ord611
ord595
ord3489
ord5664
ord4652
ord1493
ord6411
ord3355
ord1665
ord5939
ord4405
ord1607
ord3220
ord5632
ord5167
ord5324
ord1810
ord1809
ord1675
ord3353
ord6408
ord1754
ord1751
ord4345
ord1492
ord4664
ord5602
ord2074
ord5512
ord6800
ord4603
ord3743
ord5154
ord4702
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord3226
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord5650
ord3140
ord4910
ord4682
ord3515
ord2593
ord5653
ord6091
ord4774
ord4815
ord5078
ord613
ord337
ord4631
ord2901
ord4741
ord1533
ord3537
ord6095
ord3622
ord6187
ord6094
ord333
ord3488
ord1354
ord1353
ord2097
ord3543
ord1183
ord3486
ord4527
ord6579
ord4543
ord6577
ord2592
ord744
ord524
ord2069
ord1063
ord663
ord2146
ord1166
ord1064
ord6604
ord4530
ord2904
ord1047
ord2596
ord5008
ord1108
ord367
ord586
ord4000
ord374
ord2130
ord3577
ord2282
ord4512
ord4442
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord4347
ord4996
ord5680
ord5663
ord6018
ord2771
ord2983
ord3112
ord799
ord265
ord266
ord1272
ord1137
ord1254
ord686
ord436
ord792
ord587
ord4728
ord2966
ord3115
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4905
ord4681
ord3670
ord2447
ord636
ord790
ord639
ord2208
ord6482
ord1098
ord4211
ord794
ord589
ord4043
ord4967
ord1318
ord2327
ord316
ord601
ord899
ord1315
ord938
ord1603
ord2478
ord5979
ord6687
ord285
ord5535
ord6079
ord6813
ord1552
ord2551
ord946
ord821
ord2470
ord6096
ord4541
ord4410
ord290
ord1088
ord6659
ord2243
ord6204
ord339
ord289
ord288
ord6164
ord1599
ord809
ord6013
ord935
ord936
ord2702
ord286
ord5851
ord3637
ord2106
ord811
ord280
ord2326
ord2694
ord6529
ord813
ord2537
ord600
ord1143
ord296
ord1248
ord2084
ord1250
ord801

msvcr90

memcpy
memset
towupper
__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
__wargv
__argc
setlocale
_resetstkoflw
?what@exception@std@@UBEPBDXZ
_msize
_purecall
_set_errno
_get_errno
_wtoi64
realloc
_gcvt_s
_fpclass
_HUGE
iswspace
wcsrchr
wcschr
_ui64toa_s
_i64toa_s
isspace
_itoa_s
wcsncmp
wcstod
wcstol
_wcstoui64
_wcstoi64
strtol
_wtoi
wcsnlen
_wcsicmp
_scwprintf
_ultoa_s
strncmp
_strlwr_s
_recalloc
calloc
_itow_s
swprintf_s
_CxxThrowException
malloc
wcscpy_s
wcsncpy_s
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
free
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
memcpy_s

kernel32

GetPrivateProfileSectionW
LocalFree
GetCurrentProcessId
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
SetLastError
LoadLibraryW
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
GetProcAddress
GetModuleHandleW
Sleep
GetTickCount
GetCommandLineW
InterlockedExchange
CreateMutexW
CloseHandle
HeapReAlloc
GetPrivateProfileIntW
HeapFree
GetProcessHeap
HeapAlloc
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetLastError
GetModuleFileNameW
lstrlenW
WaitForSingleObject
HeapDestroy
HeapSize
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection

user32

SendMessageW
AppendMenuW
GetSystemMenu
GetWindowRect
MessageBoxW
GetWindowLongW
SetWindowLongW
UnionRect
GetMenuBarInfo
GetMenuItemID
GetMenuItemCount
GetSysColor
OffsetRect
FrameRect
DrawFrameControl
CopyRect
EnableWindow
IsWindow
InvalidateRect
KillTimer
PtInRect
ReleaseDC
FillRect
GetDC
SystemParametersInfoW
EndPaint
BeginPaint
DrawIcon
GetSystemMetrics
IsIconic
SetTimer
GetClientRect
LoadIconW

gdi32

CreatePen
CreateCompatibleBitmap
CreateSolidBrush
GetObjectW
SetDIBColorTable
GetTextExtentPoint32W
SetBkMode
CreateRoundRectRgn
GetCurrentObject
GetBkMode
CreatePatternBrush
SetBrushOrgEx
FillRgn
FrameRgn
SelectObject
CreateFontW
GetDIBColorTable
StretchBlt
CreateDIBSection
BitBlt
CreateCompatibleDC
DeleteDC
DeleteObject

msimg32

TransparentBlt
GradientFill
AlphaBlend

advapi32

RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW
CommandLineToArgvW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathFileExistsW

ole32

OleInitialize
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocStringLen
VariantClear
SysAllocString
VariantInit
SysFreeString

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?find_last_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

ws2_32

WSASetLastError
GetAddrInfoW
WSAStartup
WSACleanup
closesocket
WSACloseEvent
WSASocketW
WSAGetLastError
WSAConnect
WSAEnumNetworkEvents
WSAResetEvent
WSASend
WSAGetOverlappedResult
WSARecv
WSACreateEvent
WSASetEvent
WSAEventSelect
FreeAddrInfoW

boottime

ord2
GetSetupTime
ord1

gdiplus

GdipDisposeImage
GdipFree
GdiplusShutdown
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdipAlloc

languages

ord5
ord3
ord6
ord8
ord4

config

ord13
ord11

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iesysprep.dll
.dll windows:10 windows x86 arch:x86

a479440598aad110c7a87f620cda7585

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

iesysprep.pdb

Imports

msvcrt

wcsncmp
_except_handler4_common
_amsg_exit
_XcptFilter
_onexit
__dllonexit
_unlock
_lock
_initterm
free
malloc
wcschr
iswalpha
memcpy_s
_vsnwprintf
memset

advapi32

RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegEnumKeyW
RegCloseKey
RegOpenKeyExW
SetSecurityInfo
DeleteAce
GetAce
GetAclInformation
GetSecurityInfo

kernel32

IsWow64Process
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
DecodePointer
EncodePointer
GetCurrentProcess
WideCharToMultiByte
GetLastError
LocalFree
SetLastError
LocalAlloc
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
Sleep
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
GetCurrentProcessId

ole32

CoCreateInstance
CoInitialize
CoUninitialize

shell32

SHCreateItemFromParsingName

shlwapi

StrCmpNIW
ord158
SHDeleteKeyW
SHDeleteValueW
SHRegGetValueW

wdscore

ConstructPartialMsgVW
WdsSetupLogMessageW
CurrentIP

wininet

DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW
FreeUrlCacheSpaceW
FindNextUrlCacheEntryW
FindCloseUrlCache

Exports

Exports

Sysprep_Cleanup_IE
Sysprep_Generalize_IE
Sysprep_Offline_Specialize_IE
Sysprep_Online_Specialize_IE
Sysprep_Specialize_IE

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
imagehlp.dll
.dll windows:10 windows x86 arch:x86

5773e3df1f963127d34e6b4c4995885f

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

94:ff:e0:ad:3b:e5:fb:16:aa:ad:c7:ac:4c:ec:ad:e9:6a:17:32:0e:c5:4f:9e:0a:66:b7:16:7c:e2:0b:02:dd
Signer

Actual PE Digest

94:ff:e0:ad:3b:e5:fb:16:aa:ad:c7:ac:4c:ec:ad:e9:6a:17:32:0e:c5:4f:9e:0a:66:b7:16:7c:e2:0b:02:dd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

imagehlp.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__makepath_s
_o__register_onexit_function
memmove
_o__seh_filter_dll
_o__splitpath_s
_o__stricmp
_o__strnicmp
_o__ultoa_s
_o_atoi
_o_strcat_s
_o_strcpy_s
_o_strncpy_s
_except_handler4_common
_o___std_type_info_destroy_list
strrchr
__CxxFrameHandler3
memcmp
memcpy

ntdll

RtlImageNtHeaderEx
RtlRunOnceExecuteOnce

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TlsAlloc
TlsFree
GetCurrentProcess
GetCurrentThreadId
TlsGetValue
TlsSetValue
TerminateProcess

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

SetFileTime
GetFileSize
SetFileAttributesA
DeleteFileA
WriteFile
SetFilePointer
CreateFileA
SetEndOfFile

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSection

api-ms-win-core-memory-l1-1-0

FlushViewOfFile
MapViewOfFile
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
VirtualQuery
VirtualProtect

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetVersionExA
GetSystemInfo
GetVersion

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-1-0

FreeLibrary
GetProcAddress
LoadLibraryExA
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExA

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-misc-l1-1-0

lstrcmpiA

api-ms-win-core-processenvironment-l1-1-0

SearchPathW

api-ms-win-core-localregistry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventActivityIdControl

Exports

Exports

BindImage
BindImageEx
CheckSumMappedFile
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetImageConfigInformation
GetImageUnusedHeaderBytes
GetSymLoadError
GetTimestampForLoadedLibrary
ImageAddCertificate
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageEnumerateCertificates
ImageGetCertificateData
ImageGetCertificateDataEx
ImageGetCertificateHeader
ImageGetDigestStream
ImageLoad
ImageNtHeader
ImageRemoveCertificate
ImageRvaToSection
ImageRvaToVa
ImageUnload
ImagehlpApiVersion
ImagehlpApiVersionEx
IsBufferCleanOfInvalidMarkers
MakeSureDirectoryPathExists
MapAndLoad
MapDebugInformation
MapFileAndCheckSumA
MapFileAndCheckSumW
ReBaseImage
ReBaseImage64
RemoveInvalidModuleList
RemovePrivateCvSymbolic
RemovePrivateCvSymbolicEx
RemoveRelocations
ReportSymbolLoadSummary
SearchTreeForFile
SetCheckUserInterruptShared
SetImageConfigInformation
SetSymLoadError
SplitSymbols
StackWalk
StackWalk64
StackWalkEx
SymAddrIncludeInlineTrace
SymCleanup
SymCompareInlineTrace
SymEnumSym
SymEnumSymbols
SymEnumSymbolsEx
SymEnumSymbolsExW
SymEnumSymbolsForAddr
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFindFileInPathW
SymFreeDiaString
SymFromAddr
SymFromInlineContext
SymFromInlineContextW
SymFromName
SymFunctionTableAccess
SymFunctionTableAccess64
SymFunctionTableAccess64AccessRoutines
SymGetDiaSession
SymGetExtendedOption
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromInlineContext
SymGetLineFromInlineContextW
SymGetLineFromName
SymGetLineFromName64
SymGetLineNext
SymGetLineNext64
SymGetLinePrev
SymGetLinePrev64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetSearchPath
SymGetSourceFileChecksumW
SymGetSourceFileFromTokenW
SymGetSourceFileTokenW
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymInitialize
SymLoadModule
SymLoadModule64
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymQueryInlineTrace
SymRegisterCallback
SymRegisterCallback64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSetContext
SymSetExtendedOption
SymSetOptions
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetScopeFromInlineContext
SymSetSearchPath
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
TouchFileTimes
UnDecorateSymbolName
UnMapAndLoad
UnmapDebugInformation
UpdateDebugInfoFile
UpdateDebugInfoFileEx

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mrdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ir32_32.dll
.dll windows:10 windows x86 arch:x86

2bbf1ac89142ad94944f8815bfaa87c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ir32_32.pdb

Imports

msvcrt

_XcptFilter
_except_handler4_common
_initterm
malloc
free
_amsg_exit
wcscat_s

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

Exports

Exports

AboutDialogProc
DllMain
DriverDialogProc
DriverProc

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jrtlcg
opengl64.dll
.exe windows:6 windows x64 arch:x64

12c058d908f07eb19d3f1f0a4bb41bef

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:52:fd:13:81:7d:a3:86:5d:e4:84:46:8c:35:09:a5:26:83:ae:ac:37:64:c9:0f:42:89:b7:70:65:88:10:df
Signer

Actual PE Digest

0c:52:fd:13:81:7d:a3:86:5d:e4:84:46:8c:35:09:a5:26:83:ae:ac:37:64:c9:0f:42:89:b7:70:65:88:10:df

Digest Algorithm

sha256

PE Digest Matches

true

b4:28:b6:ea:a9:f1:d8:dd:26:dd:e6:4d:49:5f:06:c6:e0:8c:f6:c4
Signer

Actual PE Digest

b4:28:b6:ea:a9:f1:d8:dd:26:dd:e6:4d:49:5f:06:c6:e0:8c:f6:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CrashReportClient.pdb

Imports

xinput1_3

ord3
ord2

advapi32

CryptReleaseContext
OpenProcessToken
RegDeleteTreeW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegSetValueExW
GetUserNameW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyExW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
RegCloseKey
RegCreateKeyExW

user32

WindowFromPoint
ClipCursor
GetDlgItem
SetDlgItemTextW
GetSystemMetrics
SetForegroundWindow
SetWindowTextW
GetWindowRect
MessageBoxW
ScreenToClient
GetWindowLongW
GetTopWindow
EnumDisplayDevicesW
GetKeyboardLayout
DisableProcessWindowsGhosting
TranslateMessage
DispatchMessageW
GetMessageExtraInfo
SendMessageW
DefWindowProcW
GetRawInputDeviceList
RegisterRawInputDevices
GetRawInputDeviceInfoA
ReleaseDC
GetWindowInfo
EnumDisplayMonitors
SetWindowLongPtrW
GetProcessWindowStation
GetUserObjectInformationW
GetCursorPos
SetCursor
SetCursorPos
ClientToScreen
RegisterClassW
UnregisterClassW
CreateWindowExW
GetClipCursor
DestroyWindow
ShowWindow
SetLayeredWindowAttributes
FlashWindowEx
GetWindowPlacement
SetWindowPlacement
IsIconic
IsZoomed
GetDC
GetForegroundWindow
SetActiveWindow
UpdateWindow
EnableMenuItem
GetSystemMenu
IsWindowEnabled
GetMonitorInfoW
MonitorFromWindow
MonitorFromRect
ShowCursor
AdjustWindowRectEx
GetClientRect
SetWindowRgn
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
MonitorFromPoint
SystemParametersInfoW
EnumDisplaySettingsW
CreateIconIndirect
LoadImageW
LoadIconW
LoadCursorFromFileW
LoadCursorW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassLongPtrW
RegisterClassExW
MoveWindow
MsgWaitForMultipleObjects
SetRect
IsWindow
GetWindowLongPtrW
SetWindowLongW
EnableWindow
ReleaseCapture
SetCapture
GetCapture
MapVirtualKeyW
RegisterTouchWindow
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetKeyState
GetFocus
EndDialog
DialogBoxParamW
SetWindowPos
PostQuitMessage
UnregisterHotKey
RegisterHotKey
PeekMessageW
GetActiveWindow
GetRawInputData
SetFocus

gdi32

PtInRegion
SelectObject
CreateCompatibleDC
DeleteDC
GetTextExtentPoint32W
SwapBuffers
SetPixelFormat
ChoosePixelFormat
GetTextMetricsW
CreateFontW
CreateBitmap
GetDeviceCaps
CreateFontIndirectW
CreateRectRgn
CreateRoundRectRgn
DeleteObject

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertCloseStore
CertOpenSystemStoreW
CertGetNameStringW
CertEnumCertificatesInStore

ws2_32

accept
bind
closesocket
connect
ioctlsocket
getpeername
getsockname
__WSAFDIsSet
htonl
htons
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket
gethostname
WSAStartup
WSACleanup
WSAGetLastError
getaddrinfo
freeaddrinfo
getnameinfo
WSAIoctl
WSASetLastError
getsockopt
inet_pton

wldap32

ord143
ord46
ord211
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60

normaliz

IdnToAscii

dxgi

CreateDXGIFactory1

d3d11

D3D11CreateDevice

d3dcompiler_43

D3DCompile
D3DReflect

dbghelp

SymFunctionTableAccess64
MiniDumpWriteDump
SymRefreshModuleList
StackWalk64
SymFromAddr
SymInitializeW
SymGetLineFromAddr64
SymGetModuleBase64
SymGetModuleInfo64
SymSetOptions
SymGetModuleInfoW64
SymGetOptions

winmm

timeBeginPeriod

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
VerSetConditionMask
RtlCaptureStackBackTrace
CreateToolhelp32Snapshot
K32GetProcessMemoryInfo
K32GetModuleFileNameExW
K32EnumProcessModulesEx
SystemTimeToFileTime
FileTimeToSystemTime
MoveFileW
CopyFileW
ReOpenFile
UnmapViewOfFile
MapViewOfFile
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemInfo
GlobalMemoryStatusEx
GetProcessId
ResumeThread
SuspendThread
OpenThread
GetCurrentProcessId
SetCurrentDirectoryW
GetLongPathNameW
GetTempPathW
OutputDebugStringW
SetThreadErrorMode
PeekNamedPipe
QueryPerformanceFrequency
SetEvent
ReleaseSemaphore
GetEnvironmentVariableW
CreateFileMappingW
GetCurrentDirectoryW
Sleep
GetCurrentProcess
LoadLibraryExA
VirtualQuery
CreateSemaphoreA
GetProcessTimes
TerminateProcess
GetExitCodeProcess
LocalFree
SwitchToThread
VerifyVersionInfoA
GetModuleHandleA
GetSystemDirectoryA
ExpandEnvironmentStringsA
WaitForMultipleObjects
WaitForSingleObjectEx
SleepEx
InitializeCriticalSectionEx
GetTickCount64
FormatMessageA
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
WideCharToMultiByte
MultiByteToWideChar
CreateFiber
DeleteFiber
SwitchToFiber
CreateEventW
GetDateFormatEx
GetTimeFormatEx
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
CreateThread
GetSystemTime
GetSystemTimeAsFileTime
GetLocalTime
GetCurrentThread
SetThreadPriority
ResolveLocaleName
GetCurrencyFormatEx
GetNumberFormatEx
LocaleNameToLCID
LCIDToLocaleName
GetUserGeoID
GetVersionExW
CreateProcessW
GetLogicalProcessorInformationEx
GetNativeSystemInfo
GetGeoInfoW
GetDynamicTimeZoneInformation
GetLocaleInfoEx
FreeLibrary
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
LoadResource
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetACP
GetThreadContext
GetEnvironmentVariableA
GetStartupInfoW
LoadLibraryA
VirtualUnlock
GetLargePageMinimum
FlsSetValue
FlsAlloc
GetModuleHandleExA
SetErrorMode
MulDiv
GlobalFree
SetConsoleWindowInfo
SetConsoleTextAttribute
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
AttachConsole
FreeConsole
AllocConsole
GlobalLock
GlobalUnlock
GlobalAlloc
GetVersion
GetProcessHandleCount
CreateWaitableTimerW
SetWaitableTimer
Process32NextW
DebugBreak
LockResource
Process32FirstW
GetConsoleWindow
SetConsoleCtrlHandler
GetUserDefaultLocaleName
GetUserPreferredUILanguages
GetSystemPowerStatus
VerifyVersionInfoW
GetComputerNameW
QueryFullProcessImageNameW
lstrlenW
FormatMessageW
SetThreadAffinityMask
LoadLibraryW
FindResourceW
InitializeCriticalSection
SetCriticalSectionSpinCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentThreadId
GetStdHandle
GetCommandLineW
FindClose
FindFirstFileW
GetFileType
OpenProcess
WriteConsoleW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
HeapSetInformation
SetHandleInformation
CreatePipe
CreateDirectoryW
CreateFileW
DeleteFileW
FindNextFileW
FlushFileBuffers
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFinalPathNameByHandleW
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
WriteFile
CloseHandle
RaiseException
GetLastError
SetLastError
GetOverlappedResult
ResetEvent
WaitForSingleObject
SizeofResource

comdlg32

ChooseFontW

shell32

ShellExecuteW
ShellExecuteExW
SHGetKnownFolderPath
SHGetFolderPathW
SHCreateItemFromParsingName

ole32

RevokeDragDrop
ReleaseStgMedium
CoCreateInstance
CoUninitialize
CoCreateGuid
CoInitialize
OleInitialize
RegisterDragDrop
CoTaskMemFree
OleUninitialize

oleaut32

VariantCopy
SafeArrayCreateVector
SafeArrayPutElement
SysAllocString
SysFreeString

iphlpapi

GetAdaptersAddresses

setupapi

SetupDiOpenDevRegKey
SetupDiGetClassDevsExW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
CM_Get_Device_IDW

dwmapi

DwmExtendFrameIntoClientArea
DwmGetCompositionTimingInfo
DwmSetWindowAttribute
DwmIsCompositionEnabled

imm32

ImmGetDescriptionW
ImmGetIMEFileNameW
ImmGetProperty
ImmCreateContext
ImmDestroyContext
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow

uiautomationcore

UiaRaiseAutomationPropertyChangedEvent
UiaRaiseAutomationEvent
UiaReturnRawElementProvider
UiaHostProviderFromHwnd
UiaClientsAreListening

winhttp

WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser

opengl32

glPolygonMode
glScissor
glStencilFunc
glStencilMask
glStencilOp
glGetString
glTexImage2D
glTexParameteri
glTexSubImage2D
glGenTextures
glViewport
glEnable
glDisable
wglCreateContext
glBlendFunc
glPixelStorei
wglDeleteContext
wglGetProcAddress
wglMakeCurrent
glBindTexture
glAlphaFunc
glDeleteTextures
glTexEnvi

msvcp140

_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
_Thrd_yield

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

dbgeng

DebugCreate

bcrypt

BCryptGenRandom

vcruntime140

__intrinsic_setjmp
__current_exception_context
__current_exception
__RTDynamicCast
__std_type_info_name
__std_type_info_compare
__RTtypeid
__CxxFrameHandler3
strchr
longjmp
__std_exception_destroy
__std_exception_copy
__std_terminate
memchr
_set_purecall_handler
__C_specific_handler
wcsrchr
strstr
wcschr
_CxxThrowException
_purecall
memcpy
memmove
memset
wcsstr
memcmp
strrchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-convert-l1-1-0

strtod
_wtof
_wtoi64
_wtoi
atoi
wcstod
_wcstoui64
_wcstoi64
_strtoi64
atof
strtol
strtoul
strtoll
wcstoul

api-ms-win-crt-utility-l1-1-0

srand
div
rand
qsort
bsearch

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vfprintf
fputs
fwrite
_read
_write
_close
_open
setbuf
fread
ferror
fclose
_setmode
_fileno
clearerr
_lseeki64
_set_fmode
feof
fseek
ftell
__acrt_iob_func
__stdio_common_vsprintf
fgets
__stdio_common_vsscanf
_wfopen
fopen
__stdio_common_vfwprintf
__stdio_common_vswprintf
fputc
fflush

api-ms-win-crt-string-l1-1-0

isxdigit
tolower
isalpha
strpbrk
wcsncmp
isalnum
_strdup
strcspn
_strnicmp
_stricmp
wcsncpy
isdigit
iswdigit
iswspace
strcmp
isupper
islower
isgraph
strncmp
isspace
strncat
toupper
strncpy
strspn
isprint
iswpunct
iswlower
iswxdigit
iswalpha
iswalnum

api-ms-win-crt-heap-l1-1-0

_heapchk
_set_new_mode
_aligned_free
_aligned_malloc
realloc
_get_heap_handle
calloc
free
malloc

api-ms-win-crt-math-l1-1-0

floor
logf
truncf
floorf
ceil
fmod
ceilf
_dsign
__setusermatherr
_dtest
trunc
modf
_isnan
round
asin
frexp
powf
_finite
cosf
sinf
atan
atan2
cos
log
sin
pow
sqrt
tan

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_getpid
_errno
exit
_invalid_parameter_noinfo_noreturn
_cexit
_crt_atexit
_register_onexit_function
_set_app_type
_initialize_onexit_table
_exit
raise
__sys_nerr
_initterm
strerror
_initterm_e
_beginthreadex
abort
_initialize_narrow_environment
_configure_narrow_argv
_c_exit
_register_thread_local_exe_atexit_callback
signal
terminate
strerror_s
_get_narrow_winmain_command_line

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-conio-l1-1-0

_cputs

api-ms-win-crt-time-l1-1-0

__tzname
_tzset
_gmtime64_s
_gmtime64
_time64
__timezone

api-ms-win-crt-filesystem-l1-1-0

_stat64
_fstat64
_stat64i32
_fstat64i32

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

png_access_version_number
png_benign_error
png_build_grayscale_palette
png_calloc
png_chunk_benign_error
png_chunk_error
png_chunk_warning
png_convert_from_struct_tm
png_convert_from_time_t
png_convert_to_rfc1123
png_create_info_struct
png_create_read_struct
png_create_read_struct_2
png_create_write_struct
png_create_write_struct_2
png_data_freer
png_destroy_info_struct
png_destroy_read_struct
png_destroy_write_struct
png_error
png_free
png_free_data
png_free_default
png_get_IHDR
png_get_PLTE
png_get_bKGD
png_get_bit_depth
png_get_cHRM
png_get_cHRM_fixed
png_get_channels
png_get_chunk_cache_max
png_get_chunk_malloc_max
png_get_color_type
png_get_compression_buffer_size
png_get_compression_type
png_get_copyright
png_get_current_pass_number
png_get_current_row_number
png_get_error_ptr
png_get_filter_type
png_get_gAMA
png_get_gAMA_fixed
png_get_hIST
png_get_header_ver
png_get_header_version
png_get_iCCP
png_get_image_height
png_get_image_width
png_get_int_32
png_get_interlace_type
png_get_io_chunk_name
png_get_io_chunk_type
png_get_io_ptr
png_get_io_state
png_get_libpng_ver
png_get_mem_ptr
png_get_oFFs
png_get_pCAL
png_get_pHYs
png_get_pHYs_dpi
png_get_pixel_aspect_ratio
png_get_pixel_aspect_ratio_fixed
png_get_pixels_per_inch
png_get_pixels_per_meter
png_get_rgb_to_gray_status
png_get_rowbytes
png_get_rows
png_get_sBIT
png_get_sCAL
png_get_sCAL_fixed
png_get_sCAL_s
png_get_sPLT
png_get_sRGB
png_get_signature
png_get_tIME
png_get_tRNS
png_get_text
png_get_uint_16
png_get_uint_31
png_get_uint_32
png_get_unknown_chunks
png_get_user_chunk_ptr
png_get_user_height_max
png_get_user_transform_ptr
png_get_user_width_max
png_get_valid
png_get_x_offset_inches
png_get_x_offset_inches_fixed
png_get_x_offset_microns
png_get_x_offset_pixels
png_get_x_pixels_per_inch
png_get_x_pixels_per_meter
png_get_y_offset_inches
png_get_y_offset_inches_fixed
png_get_y_offset_microns
png_get_y_offset_pixels
png_get_y_pixels_per_inch
png_get_y_pixels_per_meter
png_handle_as_unknown
png_info_init_3
png_init_io
png_longjmp
png_malloc
png_malloc_default
png_malloc_warn
png_permit_mng_features
png_read_end
png_read_image
png_read_info
png_read_png
png_read_row
png_read_rows
png_read_update_info
png_reset_zstream
png_save_int_32
png_save_uint_16
png_save_uint_32
png_set_IHDR
png_set_PLTE
png_set_add_alpha
png_set_bKGD
png_set_background
png_set_background_fixed
png_set_benign_errors
png_set_bgr
png_set_cHRM
png_set_cHRM_fixed
png_set_chunk_cache_max
png_set_chunk_malloc_max
png_set_compression_buffer_size
png_set_compression_level
png_set_compression_mem_level
png_set_compression_method
png_set_compression_strategy
png_set_compression_window_bits
png_set_crc_action
png_set_error_fn
png_set_expand
png_set_expand_16
png_set_expand_gray_1_2_4_to_8
png_set_filler
png_set_filter
png_set_filter_heuristics
png_set_filter_heuristics_fixed
png_set_flush
png_set_gAMA
png_set_gAMA_fixed
png_set_gamma
png_set_gamma_fixed
png_set_gray_to_rgb
png_set_hIST
png_set_iCCP
png_set_interlace_handling
png_set_invalid
png_set_invert_alpha
png_set_invert_mono
png_set_keep_unknown_chunks
png_set_longjmp_fn
png_set_mem_fn
png_set_oFFs
png_set_pCAL
png_set_pHYs
png_set_packing
png_set_packswap
png_set_palette_to_rgb
png_set_quantize
png_set_read_fn
png_set_read_status_fn
png_set_read_user_chunk_fn
png_set_read_user_transform_fn
png_set_rgb_to_gray
png_set_rgb_to_gray_fixed
png_set_rows
png_set_sBIT
png_set_sCAL
png_set_sCAL_fixed
png_set_sCAL_s
png_set_sPLT
png_set_sRGB
png_set_sRGB_gAMA_and_cHRM
png_set_shift
png_set_sig_bytes
png_set_strip_16
png_set_strip_alpha
png_set_swap
png_set_swap_alpha
png_set_tIME
png_set_tRNS
png_set_tRNS_to_alpha
png_set_text
png_set_unknown_chunk_location
png_set_unknown_chunks
png_set_user_limits
png_set_user_transform_info
png_set_write_fn
png_set_write_status_fn
png_set_write_user_transform_fn
png_sig_cmp
png_start_read_image
png_warning
png_write_chunk
png_write_chunk_data
png_write_chunk_end
png_write_chunk_start
png_write_end
png_write_flush
png_write_image
png_write_info
png_write_info_before_PLTE
png_write_png
png_write_row
png_write_rows
png_write_sig

Sections

.text
Size: 11.6MB - Virtual size: 11.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uedbg
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 582KB - Virtual size: 582KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sbtp
tak_deco_lib.dll
.dll windows:5 windows x64 arch:x64

054c3a71efe2d154d9d5da7bc250cf69

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
MessageBoxW
LoadStringW
GetSystemMetrics
CharUpperBuffW
CharUpperW

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
SwitchToThread
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VerSetConditionMask
VerifyVersionInfoW
SetFilePointer
SetEvent
ResetEvent
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
IsValidLocale
GetVersionExW
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFileSize
GetDiskFreeSpaceW
GetCPInfo
FreeLibrary
EnumSystemLocalesW
EnumCalendarInfoW
CreateFileW
CreateEventW
CompareStringW
CloseHandle

winmm

timeGetTime

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr
tak_APE_GetDesc
tak_APE_GetErrorString
tak_APE_GetIndexOfKey
tak_APE_GetItemDesc
tak_APE_GetItemKey
tak_APE_GetItemNum
tak_APE_GetItemValue
tak_APE_GetTextItemValueAsAnsi
tak_APE_ReadOnly
tak_APE_State
tak_APE_Valid
tak_GetCodecName
tak_GetLibraryVersion
tak_GetWaveExtensibleSpeakerMask
tak_SSD_Create_FromFile
tak_SSD_Create_FromFileW
tak_SSD_Create_FromStream
tak_SSD_Destroy
tak_SSD_GetAPEv2Tag
tak_SSD_GetCurFrameBitRate
tak_SSD_GetEncoderInfo
tak_SSD_GetErrorString
tak_SSD_GetFrameSize
tak_SSD_GetMD5
tak_SSD_GetReadPos
tak_SSD_GetSimpleWaveDataDesc
tak_SSD_GetStateInfo
tak_SSD_GetStreamInfo
tak_SSD_GetStreamInfo_V22
tak_SSD_ReadAudio
tak_SSD_ReadSimpleWaveData
tak_SSD_Seek
tak_SSD_State
tak_SSD_Valid

Sections

.text
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 37KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 70B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

431fd873e01da83e36fb2391db3ba3bc

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

ec:8e:4d:a0:9c:b5:89:45:35:4f:74:64:bc:20:c2:29Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

48:96:cb:71:d4:09:b1:9c:09:11:b8:49:e5:42:44:43:5a:af:49:ce:df:a4:60:7f:1c:97:05:a4:01:1f:8e:a1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

uxtheme

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

oledlg

ws2_32

gdiplus

winmm

oleacc

tak_deco_lib

crypt32

winhttp

bcrypt

Sections

.text Size: 8.0MB - Virtual size: 8.0MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 137KB - Virtual size: 189KB

.pdata Size: 452KB - Virtual size: 452KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 1.5MB - Virtual size: 1.5MB

d21794f0d47bb5c7f5977a6500854d85

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:28:14:36:98:54:a8:5f:9b:8f:90:12:67:c0:3c:f2Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:28:14:36:98:54:a8:5f:9b:8f:90:12:67:c0:3c:f2Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

ec:8e:4d:a0:9c:b5:89:45:35:4f:74:64:bc:20:c2:29
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

48:96:cb:71:d4:09:b1:9c:09:11:b8:49:e5:42:44:43:5a:af:49:ce:df:a4:60:7f:1c:97:05:a4:01:1f:8e:a1
Signer

.text
Size: 8.0MB - Virtual size: 8.0MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 137KB - Virtual size: 189KB

.pdata
Size: 452KB - Virtual size: 452KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:28:14:36:98:54:a8:5f:9b:8f:90:12:67:c0:3c:f2
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:28:14:36:98:54:a8:5f:9b:8f:90:12:67:c0:3c:f2
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

cc:08:bb:49:63:6e:cf:3f:72:bf:92:cf:45:8b:91:0e:90:0f:7d:11:28:70:03:90:0a:af:8b:19:89:f5:2f:7b
Signer

b2:c8:9c:70:dd:00:70:00:00:18:3b:25:00:02:8e:c2:fc:f9:28:b7
Signer

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 161KB - Virtual size: 161KB

.reloc
Size: 17KB - Virtual size: 17KB

.text
Size: 29KB - Virtual size: 28KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 2KB - Virtual size: 1KB

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

94:ff:e0:ad:3b:e5:fb:16:aa:ad:c7:ac:4c:ec:ad:e9:6a:17:32:0e:c5:4f:9e:0a:66:b7:16:7c:e2:0b:02:dd
Signer