new[.]7z | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

new.7z
Size

12.7MB
MD5

89b5e08a3dec44fe9ee843691776b34f
SHA1

5a357fd4b559600658285b38f2a15bd359aa87f7
SHA256

5339854835f35efbead47f0316f3c5b6c7622d9f8524f3965db9dab856da5710
SHA512

858d0900a4b346c1d3137920dbc55d8aa05ffd40febcbd390d3bcc8ede318ae345703447853073c72ad752c8c68df164340ed2ec5eb30a4450660078d51e16b3
SSDEEP

393216:I9iXQZSoaT59dTs7yitAFc9KJHF8yBzk48WeRu2g:ai4SLT59VsXYc03T4N42g

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FileApp.exe
unpack001/res/InkObj.dll
unpack001/res/Windows.UI.Xaml.dll
unpack001/res/ieframe.dll
unpack001/res/msftedit.dll
unpack001/res/wpnapps.dll

Files

new.7z
.7z

Password: 1234
FileApp.exe
.exe windows:4 windows x86 arch:x86

Password: 1234

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

worldofsoft9.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
res/InkObj.dll
.dll regsvr32 windows:10 windows x86 arch:x86

Password: 1234

d4507c7f09be29de7cd221acbab1d940

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

InkObj.pdb

Imports

msvcrt

?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
??0exception@@QAE@ABQBD@Z
_vsnwprintf
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_beginthreadex
wcscpy_s
realloc
wcscat_s
malloc
free
_purecall
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler4_common
_lock
floor
ceil
_ftol2_sse
_ftol2
__RTDynamicCast
_CIsqrt
_CIsin
_wcsnicmp
_wcsicmp
fclose
fputws
_wfopen
_errno
_endthreadex
wcsncmp
_vsnprintf
memcmp
_CIatan2
_CIcos
__CxxFrameHandler3
_unlock
memset

ntdll

EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlReportException

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

CreateWaitableTimerExW
WaitForSingleObject
SetWaitableTimer
ReleaseMutex
CancelWaitableTimer
CreateMutexW
InitializeCriticalSectionEx
InitializeCriticalSection
SetEvent
DeleteCriticalSection
WaitForMultipleObjectsEx
EnterCriticalSection
AcquireSRWLockExclusive
ResetEvent
LeaveCriticalSection
ReleaseSRWLockExclusive
OpenEventW
OpenMutexW
TryEnterCriticalSection
CreateEventW
InitializeCriticalSectionAndSpinCount

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
OpenProcessToken
QueueUserAPC
TerminateProcess

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
FreeLibrary
DisableThreadLibraryCalls
LoadLibraryExA
GetProcAddress
LoadLibraryExW
GetModuleHandleW
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW

api-ms-win-core-string-l2-1-0

CharNextW
CharPrevW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegCloseKey
RegGetValueW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualProtect
OpenFileMappingW
UnmapViewOfFile
VirtualAlloc
VirtualQuery
MapViewOfFile

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetVersion
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapReAlloc
HeapCreate
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-1

RemoveVectoredExceptionHandler
AddVectoredExceptionHandler

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc
LocalFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-synch-l1-2-0

WakeConditionVariable
Sleep
SleepConditionVariableCS
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeConditionVariable

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrlenW
lstrcpynW
lstrcpyW
lstrcatW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock
GlobalSize

user32

SetFocus
GetSysColor
RegisterClipboardFormatW
GetWindow
SetPropW
CallNextHookEx
UnhookWindowsHookEx
GetPropW
MsgWaitForMultipleObjects
TrackMouseEvent
FillRect
LoadImageW
GetWindowRect
GetWindowThreadProcessId
GetAncestor
GetClientRect
PeekMessageW
DrawFocusRect
RegisterClassW
SetWindowsHookExW
CallWindowProcW
GetClassInfoW
CreateWindowExW
ScreenToClient
CreateIconIndirect
GetSystemMetrics
SetCursor
GetCursorPos
DestroyCursor
SetWindowLongW
DispatchMessageW
ShowWindow
TranslateMessage
GetMessageW
SystemParametersInfoW
LoadCursorW
KillTimer
wsprintfW
GetClassInfoExW
SetTimer
RedrawWindow
GetUpdateRgn
PostMessageW
MapWindowPoints
MsgWaitForMultipleObjectsEx
IsChild
CopyRect
SetRect
InflateRect
RegisterClassExW
SetRectEmpty
GetKeyboardLayout
InvalidateRect
IsRectEmpty
GetFocus
IntersectRect
DefWindowProcW
BeginPaint
GetWindowLongW
EndPaint
IsWindow
EqualRect
GetKeyState
PtInRect
RegisterWindowMessageW
ReleaseDC
UnionRect
GetDC
DestroyWindow
DestroyAcceleratorTable
OffsetRect
SetWindowRgn
SetWindowPos
SendMessageW

gdi32

GetTextMetricsW
GetRgnBox
GetObjectW
SetBkMode
GetClipBox
GdiFlush
BitBlt
CreateDIBSection
PatBlt
CreateBitmap
OffsetRgn
GetRandomRgn
IntersectClipRect
DPtoLP
CombineTransform
FillRgn
PathToRegion
ExtSelectClipRgn
CombineRgn
EndPath
Polygon
BeginPath
Ellipse
SetWorldTransform
SelectClipRgn
CreateSolidBrush
SetPolyFillMode
SetROP2
GetClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetMapMode
GetWindowOrgEx
GetViewportOrgEx
GetWorldTransform
GetGraphicsMode
SetLayout
SetMetaFileBitsEx
Rectangle
CreateCompatibleBitmap
GetStockObject
LineTo
MoveToEx
CreatePenIndirect
DeleteObject
PolyBezier
Polyline
SelectObject
ExtCreatePen
CreatePen
SetViewportExtEx
CreateCompatibleDC
GetTextColor
GetObjectType
DeleteEnhMetaFile
CopyEnhMetaFileW
CloseEnhMetaFile
CreateEnhMetaFileW
CreateRectRgnIndirect
CreateMetaFileW
SetWindowExtEx
CreateDCW
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC
CloseMetaFile
DeleteMetaFile
GetDeviceCaps

ole32

OleSetClipboard
OleRegEnumVerbs
CreateDataCache
CreateOleAdviseHolder
OleRegGetMiscStatus
CreateDataAdviseHolder
CoLoadLibrary
CoRegisterMessageFilter
OleFlushClipboard
WriteClassStg
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleRegEnumFormatEtc
ReleaseStgMedium
OleRegGetUserType
OleGetClipboard

api-ms-win-core-localization-l1-2-0

IsValidLocale
GetSystemDefaultLCID

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-atoms-l1-1-0

GlobalAddAtomW
GlobalDeleteAtom

gdiplus

GdipAddPathLine2
GdipAddPathBezier
GdipSetPenStartCap
GdipSetPathFillMode
GdipResetPath
GdipDrawEllipse
GdipFillRegion
GdipDeletePath
GdipFillPath
GdipCreatePath
GdipGetPenColor
GdipWidenPath
GdipWindingModeOutline
GdipGetPenFillType
GdipSetPenMode
GdipSetPenLineJoin
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetClipRegion
GdipResetClip
GdipCreateRegion
GdipCreateRegionPath
GdipSetPenEndCap
GdipDeleteRegion
GdipCombineRegionPath
GdipCloneImage
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipAddPathPolygon
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipDrawLines
GdipAddPathEllipse
GdipGetPenWidth
GdipSetPenWidth
GdipDeletePen
GdipCreatePen1
GdipDisposeImage
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipAlloc
GdipFree
GdipEmfToWmfBits
GdipFillEllipse
GdipDrawPath

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InvokeIDispatch

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
res/Windows.UI.Xaml.dll
.dll windows:10 windows x64 arch:x64

Password: 1234

5bdb058d8bd5a4fb017b7e63aab20627

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

windows.ui.xaml.pdb

Imports

msvcp_win

??0facet@locale@std@@IEAA@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
?_Incref@facet@locale@std@@UEAAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?widen@?$ctype@G@std@@QEBAGD@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
_Wcscoll
_Wcsxfrm
??1_Locinfo@std@@QEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$collate@G@std@@2V0locale@2@A
??0_Lockit@std@@QEAA@H@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
??1_Lockit@std@@QEAA@XZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?tolower@?$ctype@G@std@@QEBAGG@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?setf@ios_base@std@@QEAAHHH@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@G@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
_Mtx_lock
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
_Mtx_init_in_situ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?flags@ios_base@std@@QEBAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
_Mtx_destroy_in_situ
?_Throw_C_error@std@@YAXH@Z
??1facet@locale@std@@MEAA@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
_Mtx_unlock
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-string-l1-1-0

memset
wcscspn
wcscmp
wcsncmp

api-ms-win-crt-math-l1-1-0

cosf
ceilf
atan2f
_isnan
_finite
fminf
fmaxf
_fdtest
floorf
fmodf
logf
sinf
tanf
sqrtf

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_invoke_watson

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
_o__wcstoi64
memmove
_o__wsplitpath_s
_o__wtoi
_o_abort
_o_bsearch
_o_calloc
_o_ceil
_o_cos
_o_exp
_o_floor
_o_fmod
_o_free
_o_isalpha
_o_isspace
_o_iswalnum
_o_iswblank
_o_iswcntrl
_o_iswdigit
_o_iswgraph
_o_iswprint
_o_iswpunct
_o_iswspace
_o_log
_o_log2f
_o_lroundf
_o_malloc
_o_pow
_o_powf
_o_realloc
_o_round
_o_sin
_o_terminate
_o_tolower
_o_toupper
_o_towlower
_o_towupper
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstod
_o_wcstol
_o_wcstoll
_o_wcstoul
_o_wcstoull
wcsstr
__std_type_info_compare
wcschr
strchr
__C_specific_handler
wcsrchr
__CxxFrameHandler3
_o__execute_onexit_table
_o__errno
_o__dtest
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__beginthreadex
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

LoadResource
GetModuleHandleExW
GetProcAddress
SizeofResource
FreeLibrary
FindResourceExW
LoadLibraryExW
LockResource
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureError
GetFeatureEnabledState
SubscribeFeatureStateChangeNotification
RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification

api-ms-win-core-synch-l1-1-0

OpenEventW
CreateSemaphoreExW
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
SetEvent
TryAcquireSRWLockExclusive
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
WaitForSingleObject
LeaveCriticalSection
ResetEvent
OpenMutexW
ReleaseMutex
CreateEventW
CreateMutexW
ReleaseSRWLockExclusive
ReleaseSemaphore
AcquireSRWLockShared
CreateMutexExW
CreateEventExW
WaitForMultipleObjectsEx
ReleaseSRWLockShared
AcquireSRWLockExclusive
InitializeCriticalSectionEx
OpenSemaphoreW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapSize
HeapDestroy
HeapCreate
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
TraceEvent
GetTraceLoggerHandle
RegisterTraceGuidsW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolCleanupGroup
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolWork
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolWait
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolWait
SetThreadpoolTimer
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks

api-ms-win-core-processthreads-l1-1-0

TlsFree
SetPriorityClass
SwitchToThread
GetPriorityClass
GetCurrentThreadId
OpenProcessToken
GetProcessId
GetCurrentProcessId
SetThreadPriority
TlsAlloc
GetThreadPriority
TlsGetValue
TlsSetValue
TerminateProcess
GetCurrentThread
GetExitCodeProcess
CreateThread
GetCurrentProcess
OpenThreadToken

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetTickCount64
GetSystemTimeAsFileTime
GetVersionExW
GetSystemInfo
GetWindowsDirectoryW

api-ms-win-core-localization-l1-2-0

SetProcessPreferredUILanguages
GetLocaleInfoW
GetLocaleInfoEx
FormatMessageW
GetThreadUILanguage
LocaleNameToLCID
LCMapStringEx
ResolveLocaleName
GetUserDefaultLCID
FindNLSStringEx

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-featurestaging-l1-1-1

GetFeatureVariant

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventRegister
EventProviderEnabled
EventUnregister
EventActivityIdControl

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-wow64-l1-1-0

Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection

coremessaging

CreateDispatcherQueueController
CoreUICreate

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureStackBackTrace

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegQueryInfoKeyW
RegGetValueW
RegEnumKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringEx
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeExW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceInitialize
Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-rtcore-ntuser-window-l1-1-0

SetTimer
GetAncestor
SetParent
GetClientRect
GetFocus
GetMessageW
DispatchMessageW
RegisterWindowMessageW
IsWindow
KillTimer
TranslateMessage
GetWindow
PostQuitMessage
GetDesktopWindow
GetQueueStatus
SetWindowLongW
ScreenToClient
SetWindowLongPtrW
GetWindowThreadProcessId
RegisterClassW
GetWindowLongPtrW
PostMessageW
FindWindowW
GetCursorPos
SendMessageW
GetWindowRect
GetMessageTime
GetWindowTextW
DefWindowProcW
GetPropW
RemovePropW
SetPropW
ClientToScreen
ShowWindow
SetWindowPos
DestroyWindow
CreateWindowExW
RegisterClassExW
PeekMessageW
GetClassInfoW
IsChild
GetClassNameW
EnumChildWindows
SetFocus
CallWindowProcW
GetParent
GetForegroundWindow

api-ms-win-core-shlwapi-legacy-l1-1-0

PathAddBackslashW
PathFindExtensionW
PathRemoveFileSpecW
PathCombineW

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

GetPointerFrameInfoHistory
GetPointerDeviceProperties
EnableMouseInPointer
GetPointerDevices
GetPointerDeviceRects
GetPointerInfo

api-ms-win-core-kernel32-legacy-l1-1-1

PowerClearRequest
PowerCreateRequest
PowerSetRequest

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-processtopology-obsolete-l1-1-0

GetProcessAffinityMask

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo
QueryFullProcessImageNameW

api-ms-win-core-file-l1-1-0

GetFileAttributesW
ReadFile
GetFileSize
GetFileSizeEx
SetEndOfFile
GetTempFileNameW
CreateFileW
WriteFile
SetFilePointerEx
GetFileTime

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess
GetThreadTimes

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualProtect
VirtualFree
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
VirtualAlloc

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW
SearchPathW

api-ms-win-security-base-l1-1-0

GetSidSubAuthority
GetSidSubAuthorityCount
DuplicateTokenEx
GetTokenInformation
AccessCheck
DuplicateToken

api-ms-win-core-url-l1-1-0

PathCreateFromUrlW
UrlCanonicalizeW
UrlCreateFromPathW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-timezone-l1-1-0

GetDynamicTimeZoneInformation
SystemTimeToFileTime

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

ntdll

RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlClearBits
RtlInitializeBitMap
NtQueryInformationThread
NtSetInformationVirtualMemory
RtlFindClearBitsAndSet
RtlRaiseException
RtlAreBitsClear
RtlInitializeSRWLock
RtlCompareMemory
RtlAcquireSRWLockExclusive
RtlCopyUnicodeString
RtlNtStatusToDosError
ZwQueryWnfStateData
RtlInitUnicodeString
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlQueryPackageClaims
NtQuerySecurityAttributesToken
RtlIsMultiSessionSku
RtlGetDeviceFamilyInfoEnum
RtlPublishWnfStateData
RtlFreeHeap
RtlAllocateHeap
NtPowerInformation
RtlReleaseSRWLockExclusive

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalAlloc
LocalAlloc

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-provider-l1-1-0

GetSecurityInfo

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx

api-ms-win-dx-d3dkmt-l1-1-0

GdiEntry13

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

bcp47langs

LanguageListAsMuiForm
Bcp47GetAbbreviation
Bcp47GetLanguageName
Bcp47FromLcid
Bcp47GetNlsForm
Bcp47FromHkl
GetFontFallbackLanguageList
SetApplicationLanguageOverride
ClearApplicationLanguageOverride
GetApplicationLanguages

combase

ord157
ord90
ord134

iertutil

PrivateCoInternetCombineIUri
ord811

dcomp

ord1040
ord1045

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCSpnW
QISearch

Exports

Exports

CreateString
CreateXamlUIPresenter
DeleteString
DisableDeferredInvoke
DllCanUnloadNow
DllGetActivationFactory
DllMain
GetDependencyObjectAddress
GetErrorContextIndex
GetGlobalModuleParams
GetStringLen
GetStringRawBuffer
InitializeXamlDiagnosticsEx
OverrideXamlMetadataProvider
OverrideXamlResourcePropertyBag

Sections

.text
Size: 11.5MB - Virtual size: 11.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 726KB - Virtual size: 726KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
res/ieframe.dll
.dll regsvr32 windows:10 windows x86 arch:x86

Password: 1234

f10234065b76f9bdf678ec45951de298

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ieframe.pdb

Imports

shlwapi

ord158
StrRetToStrW
StrCmpNA
PathGetArgsW
StrStrA
ord596
SHRegCreateUSKeyW
SHRegWriteUSValueW
PathMakeSystemFolderW
UrlIsNoHistoryW
ord433
ColorHLSToRGB
ColorRGBToHLS
ord225
PathMakePrettyW
PathIsContentTypeW
GetMenuPosFromID
PathCompactPathExW
PathCompactPathW
StrFromTimeIntervalW
StrFormatKBSizeW
StrRetToBSTR
StrRetToBufW
AssocQueryStringByKeyW
StrFormatByteSizeW
AssocGetPerceivedType
UrlCanonicalizeA
AssocCreate
AssocIsDangerous
ord168
ord172
PathIsDirectoryW
PathIsNetworkPathW
AssocQueryKeyW
AssocQueryStringW
ord354
PathUndecorateW
ord388
ord157
SHCreateShellPalette

msvcrt

toupper
sprintf_s
rand_s
wcsncpy_s
_vsnwprintf_s
strnlen
fgets
_wfopen
fclose
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler4_common
_onexit
__dllonexit
isalpha
strtol
_ui64tow_s
iswalnum
_snwscanf_s
_isnan
_wcsdup
memset
memmove_s
_vsnprintf
_wcsnicmp
memcpy_s
bsearch_s
_vsnwprintf
_CIacos
_CIcos
_CIexp
_CIpow
_CIsin
_CIsqrt
_ftol2
_ftol2_sse
ceil
floor
memcmp
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
bsearch
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
wcstol
_wcslwr
strrchr
wcscspn
__CxxFrameHandler3
_stricmp
atoi
isxdigit
towlower
qsort
_wtol
_wtof
_wmakepath_s
_wsplitpath_s
_ultow_s
swscanf_s
iswxdigit
_difftime64
_time64
_i64tow_s
wcstoul
isalnum
isdigit
srand
rand
_wcstoui64
strchr
strncpy_s
realloc
iswdigit
iswascii
iswalpha
wcspbrk
wcscat_s
wcscpy_s
wcsrchr
malloc
strstr
_wcsicmp
_errno
free
wcsnlen
wcsstr
wcstok_s
wcsncmp
iswspace
_itow_s
_wtoi
wcschr

kernel32

QueueUserWorkItem
GetModuleHandleExA
LoadLibraryA
GetThreadPriority
IsDBCSLeadByte
CompareFileTime
GetCurrentProcess
DuplicateHandle
SetEvent
MoveFileExW
CreateFileW
OpenProcess
OpenThread
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
Sleep
CreateProcessW
UnmapViewOfFile
OpenEventW
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
GetFileAttributesExW
FindFirstFileW
GlobalAlloc
GlobalFree
GetShortPathNameW
GetLongPathNameW
GlobalLock
GlobalUnlock
GetSystemDirectoryA
lstrcmpiA
AcquireSRWLockShared
ReleaseSRWLockShared
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
GetFullPathNameW
GlobalSize
GetSystemDirectoryW
CreateMutexW
WideCharToMultiByte
MultiByteToWideChar
CopyFileW
GetTempPathW
GetTempFileNameW
GetFileSize
ReadFile
GetPackagesByPackageFamily
SystemTimeToFileTime
GetSystemDefaultLCID
GetVersionExW
GetProductInfo
LocalReAlloc
GetSystemTimeAsFileTime
InitializeCriticalSection
IsWow64Process
CompareStringOrdinal
GetWindowsDirectoryW
ExpandEnvironmentStringsW
FindFirstStreamW
FindNextStreamW
FindClose
OpenMutexW
CreateEventW
ResetEvent
WriteFile
CreateThread
CompareStringW
GetSystemInfo
GetSystemDefaultLocaleName
GetUserDefaultLocaleName
MulDiv
GlobalReAlloc
GetUserDefaultLCID
SetCurrentDirectoryW
RegisterApplicationRestart
RaiseException
InitializeSRWLock
GetTickCount64
TryEnterCriticalSection
WaitForMultipleObjectsEx
InitializeCriticalSectionAndSpinCount
QueryFullProcessImageNameW
GetExitCodeThread
FindFirstFileExW
FindNextFileW
SetThreadPriority
GetFileTime
SetFileTime
GetFinalPathNameByHandleW
ReOpenFile
GetFileAttributesW
GetPrivateProfileIntW
CreateEventExW
GetSystemTime
HeapDestroy
VirtualProtect
VirtualAlloc
VirtualQuery
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDateFormatW
GetSystemWow64DirectoryA
LocalSize
CreateMutexA
SetThreadExecutionState
GetFileSizeEx
TerminateThread
TlsGetValue
GetComputerNameW
GetProcessId
WaitForMultipleObjects
CreateFileMappingW
MapViewOfFile
GetTimeFormatW
HeapReAlloc
MoveFileW
SetFileAttributesW
GetThreadUILanguage
EncodePointer
WerRegisterCustomMetadata
SetUnhandledExceptionFilter
SetProcessShutdownParameters
GetExitCodeProcess
TlsSetValue
HeapSetInformation
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
lstrcmpiW
lstrcmpW
QueryPerformanceFrequency
QueryPerformanceCounter
FindResourceW
LoadResource
LockResource
SizeofResource
CreateSemaphoreW
VerSetConditionMask
VerifyVersionInfoW
GetStringScripts
CreateWaitableTimerW
SetWaitableTimerEx
CancelWaitableTimer
LocaleNameToLCID
GetSystemPreferredUILanguages
ResolveLocaleName
GetUserDefaultLangID
GetSystemDefaultLangID
SetEnvironmentVariableW
ResumeThread
TerminateProcess
CheckRemoteDebuggerPresent
GetGeoInfoW
GetUserGeoID
lstrlenW
lstrlenA
GetFileInformationByHandle
SetWaitableTimer
WaitForThreadpoolWorkCallbacks
GetAtomNameW
InitOnceBeginInitialize
InitOnceComplete
RtlCaptureStackBackTrace
GetThreadLocale
GetDriveTypeW
EnumUILanguagesW
SystemTimeToTzSpecificLocalTime
GetDateFormatEx
GetTimeFormatEx
SetFilePointer
FindNLSStringEx
GetNumberFormatEx
CreateEventA
GetNativeSystemInfo
GetVersionExA
OpenFileMappingW
GetCommandLineW
WritePrivateProfileStringW
GetSystemWow64DirectoryW
GetLocaleInfoW
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetPrivateProfileStringW
LoadLibraryW
LoadLibraryExA
VirtualFree
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
UnhandledExceptionFilter
WakeAllConditionVariable
SleepConditionVariableSRW
GetCurrentThread
FlushViewOfFile
FlushFileBuffers
SetEndOfFile
LCMapStringW
GetDiskFreeSpaceExW
CompareStringEx
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RegisterWaitForSingleObject
InitializeSListHead
UnlockFile
LockFile
SetFileInformationByHandle
GetUserPreferredUILanguages
K32EnumProcessModules
CreateProcessA
WinExec
K32EnumProcesses
Wow64RevertWow64FsRedirection
K32GetModuleFileNameExW
Wow64DisableWow64FsRedirection
GetLogicalDriveStringsW
QueryDosDeviceW
GetLocaleInfoEx
GetCurrentDirectoryW
FreeResource
GetTimeZoneInformationForYear
TzSpecificLocalTimeToSystemTime
VirtualQueryEx
SetThreadPreferredUILanguages
GetThreadPreferredUILanguages
FreeLibraryAndExitThread
GetVersion
FindAtomW
DeleteAtom
AddAtomW
SetProcessWorkingSetSizeEx
FindResourceExW
SearchPathW
CopyFile2
WritePrivateProfileSectionW
CreateFile2
GetUserDefaultUILanguage
GlobalDeleteAtom
GlobalAddAtomW
GetTickCount
ReleaseActCtx
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetModuleFileNameW
LocalAlloc
LocalFree
DecodePointer
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitOnceExecuteOnce
IsDebuggerPresent
DebugBreak
TlsFree
FreeLibrary
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
CreateMutexExW
HeapAlloc
CloseHandle
OpenSemaphoreW
TlsAlloc
WaitForSingleObjectEx
DisableThreadLibraryCalls
OutputDebugStringW
GetLastError
FormatMessageW
GetACP
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
LoadLibraryExW
GetProcAddress
LocalFileTimeToFileTime
GetStringTypeW
SetErrorMode
GetEnvironmentVariableW
PackageNameAndPublisherIdFromFamilyName
GetProcessIdOfThread

api-ms-win-downlevel-advapi32-l1-1-0

GetAclInformation
DeleteAce
RegEnumValueA
EventProviderEnabled
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
InitializeAcl
RegGetValueW
OpenProcessToken
RegQueryValueExW
EventWriteTransfer
GetSecurityDescriptorDacl
AddAce
RegDeleteTreeW
RegEnumKeyExW
TraceEvent
EventUnregister
RegOpenKeyExA
RegQueryInfoKeyW
EventRegister
RegEnumValueW
RegCreateKeyExA
EventWriteEx
RegSetValueExA
RegQueryValueExA
MakeAbsoluteSD
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
OpenThreadToken
RegOpenCurrentUser
RegSetValueExW
GetTokenInformation
IsValidSid
RegDeleteValueW
EventWrite
CheckTokenMembership
CreateProcessAsUserW
GetLengthSid
GetSecurityDescriptorSacl
GetAce
CopySid
GetKernelObjectSecurity
AddAccessAllowedAceEx

api-ms-win-downlevel-user32-l1-1-0

CharLowerBuffW
CharUpperA
LoadStringW
CharPrevW
CharNextW
CharUpperW
LoadStringA
CharLowerW
IsCharAlphaNumericW

api-ms-win-downlevel-shlwapi-l1-1-0

StrCmpLogicalW
PathFileExistsW
UrlGetPartW
UrlCombineA
PathIsRootW
PathIsFileSpecW
StrChrNW
PathParseIconLocationW
SHRegGetUSValueW
UrlApplySchemeW
StrPBrkW
PathFindNextComponentW
SHRegEnumUSKeyW
SHLoadIndirectString
SHRegQueryUSValueW
PathIsRelativeW
PathSearchAndQualifyW
PathIsUNCServerShareW
UrlCreateFromPathW
ParseURLW
SHRegSetUSValueW
StrSpnW
StrStrIA
PathIsUNCW
PathRemoveFileSpecA
StrStrIW
StrCmpW
StrCmpNIW
PathFindFileNameA
StrCmpNIA
StrCmpIW
PathUnquoteSpacesW
PathRemoveFileSpecW
PathFindExtensionW
PathIsPrefixW
PathRemoveBackslashW
UrlIsW
UrlCombineW
StrTrimA
StrCmpCW
PathRemoveBlanksW
PathStripPathW
StrChrW
HashData
PathQuoteSpacesW
StrDupW
StrCmpNICA
PathFindExtensionA
IsInternetESCEnabled
PathStripToRootW
PathFindFileNameW
UrlUnescapeA
PathRemoveExtensionW
StrTrimW
StrCmpNW
StrRStrIW
StrStrW
StrChrIW
StrToIntW
PathIsURLW
StrCmpCA
UrlGetLocationW
QISearch
UrlEscapeW
PathCreateFromUrlAlloc
SHRegGetBoolUSValueW
SHRegOpenUSKeyW
SHRegDeleteUSValueW
SHRegCloseUSKey
UrlCanonicalizeW
StrDupA
PathCreateFromUrlW
UrlUnescapeW
StrCmpNICW
PathGetDriveNumberW
GetAcceptLanguagesW
StrRChrW
PathIsUNCServerW
StrCmpNCW
StrToIntExW
StrToInt64ExW
SHRegOpenUSKeyA

api-ms-win-downlevel-shell32-l1-1-0

GetCurrentProcessExplicitAppUserModelID
SetCurrentProcessExplicitAppUserModelID
CommandLineToArgvW

api-ms-win-downlevel-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-downlevel-normaliz-l1-1-0

IdnToAscii

ntdll

RtlUnicodeStringToAnsiString
RtlFreeAnsiString
NtQuerySystemInformation
RtlPublishWnfStateData
NtClose
NtQueryLicenseValue
RtlIpv4AddressToStringExW
RtlIpv4StringToAddressExW
RtlIpv6StringToAddressExW
RtlIpv6AddressToStringExW

advapi32

EventSetInformation
IsTextUnicode
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegQueryValueW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
RegSetKeyValueW
RegOpenKeyW
CryptGenRandom
RegCreateKeyA
RegDeleteKeyW
CryptAcquireContextW
CryptReleaseContext
RegEnumKeyW
RegDeleteKeyA
CryptSetHashParam
CryptVerifySignatureW
CryptDestroyKey
CryptEncrypt
CryptGetKeyParam
CryptDeriveKey
CryptSetKeyParam
GetSecurityInfo
SetSecurityInfo

gdi32

CreateSolidBrush
CreatePen
CreateDIBSection
CreateRectRgn
CreateFontW
LineTo
MoveToEx
Rectangle
CreatePalette
CreateFontIndirectA
GetObjectA
GetRgnBox
OffsetRgn
ExtCreateRegion
GetRegionData
RectVisible
GetDCBrushColor
GetDIBits
GetBrushOrgEx
DeleteEnhMetaFile
GetPixel
SetPixel
GdiTransparentBlt
GdiGradientFill
PlayEnhMetaFile
SetStretchBltMode
GdiAlphaBlend
GetCurrentObject
GetClipRgn
CreateHalftonePalette
CreatePolygonRgn
ExcludeClipRect
GetTextAlign
SetTextAlign
GetTextExtentPointW
SetViewportExtEx
CombineRgn
SetRectRgn
EqualRgn
PtInRegion
CreateRoundRectRgn
StretchBlt
GdiFlush
SetLayout
GetClipBox
SetDCPenColor
SetDCBrushColor
GetTextColor
GetBkMode
GetTextExtentExPointW
ExtTextOutW
CreateBitmap
OffsetWindowOrgEx
SelectClipRgn
GetLayout
CreatePatternBrush
CreateDIBPatternBrushPt
StretchDIBits
GetBkColor
SetBrushOrgEx
PatBlt
DeleteObject
SelectObject
GetTextExtentPoint32W
GetObjectW
GetDeviceCaps
SetBkColor
CreateFontIndirectW
GetTextMetricsW
SetTextColor
SetBkMode
TextOutW
DeleteDC
RestoreDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
CreateDCW
IntersectClipRect
CreateDCA
CreateEnhMetaFileA
CloseEnhMetaFile
CreateMetaFileW
SetWindowExtEx
CloseMetaFile
CreateRectRgnIndirect
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetPaletteEntries
SetPaletteEntries
SelectPalette
RealizePalette

user32

GetFocus
SetWindowsHookExW
InsertMenuW
SetMenuDefaultItem
GetClassNameW
GetPropW
SetDlgItemTextW
ShowWindow
SetFocus
GetWindowRect
SetWindowTextW
GetClientRect
GetWindowInfo
AdjustWindowRect
SetWindowPos
GetComboBoxInfo
MonitorFromWindow
GetMonitorInfoW
GetDlgItemTextW
SetPropW
RemovePropW
SetThreadDpiAwarenessContext
GetDesktopWindow
RegisterWindowMessageA
RegisterClassExW
ClientToScreen
MoveWindow
GetKeyState
TranslateMessage
DispatchMessageW
WaitMessage
GetAsyncKeyState
IsDialogMessageW
MapWindowPoints
DestroyIcon
CheckDlgButton
CopyIcon
InvalidateRect
LoadMenuW
SetMenuItemInfoW
TrackPopupMenu
GetDlgCtrlID
SetTimer
GetShellWindow
SetForegroundWindow
GetLastActivePopup
MonitorFromRect
OffsetRect
IntersectRect
InsertMenuItemW
GetMessagePos
TrackPopupMenuEx
AppendMenuW
SetRectEmpty
IsRectEmpty
CheckRadioButton
GetSysColor
DrawIconEx
DeleteMenu
GetMenuItemID
WinHelpW
PeekMessageW
MsgWaitForMultipleObjectsEx
PostQuitMessage
GetMessageTime
AttachThreadInput
GetWindow
EndPaint
BeginPaint
DestroyAcceleratorTable
GetMessageW
TranslateAcceleratorW
CopyAcceleratorTableW
GetWindowTextW
MessageBeep
KillTimer
LoadAcceleratorsW
GetCursorPos
CreateMenu
CheckMenuRadioItem
UnionRect
PtInRect
CallWindowProcW
EqualRect
SetWindowRgn
ScreenToClient
GetDoubleClickTime
GetCapture
DrawTextW
SetClipboardViewer
ChangeClipboardChain
WindowFromPoint
GetClassInfoExW
wsprintfW
FillRect
GetWindowTextLengthW
GetSystemMenu
IsIconic
FlashWindowEx
GetClipboardFormatNameW
LockSetForegroundWindow
DdeCreateDataHandle
DdeQueryStringW
DdeGetData
GetForegroundWindow
DdeConnect
DdeClientTransaction
DdeDisconnect
DdeCreateStringHandleW
DdeFreeStringHandle
DdeFreeDataHandle
DdeInitializeW
DdeUninitialize
DdeNameService
SetCursorPos
SetCapture
ReleaseCapture
EnumWindows
GetActiveWindow
IsHungAppWindow
GetWindowDC
GetSysColorBrush
InflateRect
DrawFocusRect
TrackMouseEvent
SendInput
SetRect
GetGUIThreadInfo
SetProcessDpiAwarenessContext
DestroyWindow
ShowOwnedPopups
PostThreadMessageW
GetWindowPlacement
MonitorFromPoint
CopyRect
GetTitleBarInfo
IsZoomed
EnumThreadWindows
GetKeyboardState
SetKeyboardState
PrintWindow
InSendMessage
GetMenuState
GetQueueStatus
RedrawWindow
WaitForInputIdle
ChildWindowFromPointEx
NotifyWinEvent
GetMessageExtraInfo
LoadBitmapW
SystemParametersInfoA
GetDialogBaseUnits
GetScrollInfo
SetScrollInfo
ShowScrollBar
SetScrollPos
GetLastInputInfo
SetWindowPlacement
ReplyMessage
AnimateWindow
SetActiveWindow
ChangeWindowMessageFilterEx
GetClassWord
EnumDesktopWindows
EnumDisplayMonitors
OpenClipboard
GetClipboardData
CloseClipboard
GetKeyboardLayout
GetDpiForWindow
GetDpiForSystem
SystemParametersInfoForDpi
GetSystemMetricsForDpi
FindWindowW
wvsprintfW
VkKeyScanExW
DrawEdge
GetClipCursor
GetNextDlgTabItem
GetMenuStringW
AdjustWindowRectEx
GetUpdateRect
ValidateRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
UpdateLayeredWindow
SetClipboardData
DrawTextExW
ShowCaret
HideCaret
GetCaretBlinkTime
EndMenu
ScrollWindowEx
UpdateWindow
SetLayeredWindowAttributes
GetRawInputData
DrawFrameControl
RegisterRawInputDevices
GetCursor
SendNotifyMessageW
SetMenu
ChildWindowFromPoint
VkKeyScanW
GetMenuItemRect
GetTopWindow
GetDlgItemInt
SetDlgItemInt
EnumDisplaySettingsW
EmptyClipboard
CharPrevA
CharNextA
GetSubMenu
GetMenuItemCount
GetMenuItemInfoW
EnumChildWindows
PostMessageW
GetParent
DestroyMenu
SendMessageW
ReleaseDC
GetDC
GetSystemMetrics
UnregisterClassW
SendDlgItemMessageW
LoadIconW
RegisterWindowMessageW
LoadImageW
UnhookWindowsHookEx
IsWindow
FindWindowExW
SendMessageTimeoutW
IsWindowEnabled
GetWindowThreadProcessId
RegisterClipboardFormatW
IsWindowVisible
AllowSetForegroundWindow
EnableWindow
GetAncestor
SetWindowLongA
GetWindowLongA
SendMessageA
SetParent
SystemParametersInfoW
FindWindowA
CreateWindowExW
DefWindowProcW
GetMenuDefaultItem
CreatePopupMenu
LoadCursorW
SetCursor
IsChild
MsgWaitForMultipleObjects
DialogBoxParamW
MessageBoxW
IsDlgButtonChecked
GetWindowLongW
SetWindowLongW
EndDialog
GetDlgItem
RegisterClassW
GetClassInfoW
CheckMenuItem
CreateDialogParamW
MessageBoxIndirectW
MapVirtualKeyW
GetKeyNameTextW
FrameRect
GetIconInfo
LoadCursorFromFileW
CreateIconIndirect
IsProcessDPIAware
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetClassLongW
GetWindowRgnBox
SubtractRect
CreateCaret
DestroyCaret
SetCaretPos
GetPropA
SetPropA
RemovePropA
CallNextHookEx
EnableMenuItem
CopyImage
RemoveMenu

ole32

StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleSave
StgCreateDocfileOnILockBytes
CoInitialize
CreateBindCtx
ReleaseStgMedium
CoAllowSetForegroundWindow
OleRegGetUserType
MkParseDisplayName
OleGetClipboard
OleInitialize
DoDragDrop
OleUninitialize
OleDraw
StgCreateDocfile
OleCreateFromData
OleRun
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegEnumVerbs
WriteClassStm
OleSaveToStream
OleLoadFromStream
CreateDataAdviseHolder
RevokeDragDrop
RegisterDragDrop
GetRunningObjectTable
OleSetClipboard
CoFileTimeNow
OleFlushClipboard
ReadClassStm
HBITMAP_UserSize
HBITMAP_UserMarshal
HBITMAP_UserUnmarshal
OleSetContainedObject
RoGetAgileReference
CoGetObject
PropVariantCopy
CoTaskMemRealloc

oleaut32

VarBstrCmp
VariantTimeToSystemTime
SysAllocString
LoadTypeLi
SystemTimeToVariantTime
VariantInit
SafeArrayRedim
SafeArrayCopy
OleCreatePropertyFrame
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetDim
OleCreatePropertyFrameIndirect
SafeArrayPutElement
SafeArrayGetVartype
SysAllocStringByteLen
VariantChangeType
LoadRegTypeLi
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayAccessData
VariantCopyInd
VariantCopy
SysReAllocStringLen
SysStringByteLen
SysStringLen
SafeArrayDestroy
SysAllocStringLen
VariantClear
SysReAllocString
SysFreeString

shell32

DuplicateIcon
SHSetLocalizedName
SHGetFolderPathAndSubDirW
SHPathPrepareForWriteW
SHCreateItemFromParsingName
ord43
ExtractIconExW
ord17
ord18
SHBindToObject
SHOpenFolderAndSelectItems
ord19
ord190
ord98
SHGetPathFromIDListW
SHGetDesktopFolder
SHParseDisplayName
ord75
ord6
ord162
ord74
ord171
SHChangeNotify
SHGetSpecialFolderPathW
ShellExecuteExW
SHCreateItemInKnownFolder
ord85
SHAppBarMessage
ord2
ord4
ShellAboutW
SHGetKnownFolderIDList
ord644
SHGetKnownFolderItem
ord129
SHCreateItemWithParent
ord727
ord71
SHGetSpecialFolderLocation
SHCreateItemFromIDList
ord23
ord22
ord24
ord153
ord67
ord68
ord193
SHCreateShellItemArrayFromDataObject
SHBrowseForFolderW
ShellExecuteW
ord174
ord196
ord195
ExtractIconW
ord62
DragQueryFileW
SHCreateDirectoryExW
ord59
ord152
SHGetInstanceExplorer
SHCreateShellItemArrayFromIDLists
ord155
SHGetKnownFolderPath
SHBindToParent
ord88
SHGetFolderPathW
ord680
ord846
ord165
SHCreateDefaultExtractIcon
ord83
ord747
SHGetFolderLocation
ord27
ord134
ord16
ord136
Shell_GetCachedImageIndexW
SHGetFileInfoW
ord77
ord73
ord645
ShellExecuteA
ord25
SHFileOperationW
Shell_NotifyIconA
Shell_NotifyIconW
SHGetFolderPathA
ord100
ord176
ord21
ord132
ord147
ord102
ord164
SHOpenWithDialog
SHBindToFolderIDListParent

iertutil

ord683
ord36
ord174
ord72
ord62
ord231
ord157
ord50
ord311
ord312
ord314
ord175
ord230
ord201
ord205
ord97
ord88
ord86
ord700
ord73
ord137
ord93
ord209
ord87
ord685
ord39
ord608
ord609
ord466
ord302
ord660
ord202
ord66
ord60
ord203
ord204
ord206
IntlPercentEncodeNormalize
ord163
ord16
ord57
ord99
ord37
ord686
ord55
ResetIDNLanguageData
ord764
ord775
ord30
ord140
ord282
ord281
ord688
ord300
ord681
ord799
ord46
ord41
ord684
ord820
ord98
ord80
ord77
ord601
ord71
ord170
ord78
ord90
ord56
ord54
ord65
ord45
ord35
ord134
ord34
ord33
ord795
GetIUriPriv
ord794
CreateUriWithFragment
ord139
ord40
ord96
ord76
CreateIUriBuilder
ord679
ord91
ord89
ord28
ord24
ord100
ord49
ord59
ord155
ord67
ord916
ord150
ord701
ord95
ord70
ord61
ord64
ord68
ord63
ord153
ord20
ord151
ord793
ord398
ord166
ord792
ord790
ord58
ord138
ord32
ord44
ord304
ord303
ord42
CreateUri
ord594
ord81
ord74
ord79
ord85
ord796
ord232
ord791
ord597
ord654
ord663
ord397
ord301
ord682
ord687
ord652
ord662
ord668
ord658
ord672
ord677
ord653
ord669
ord678
ord670
ord650
ord657
ord655
ord651
ord665
ord661
ord675
ord656
ord690
ord84
ord172
ord17
ord124
ord82

rpcrt4

RpcServerInqBindingHandle
I_RpcBindingInqLocalClientPID
UuidCreateSequential
UuidEqual

netapi32

NetApiBufferFree
NetGetJoinInformation

version

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

kernelbase

GetEffectivePackageStatusForUser
ChrCmpIW
GetSystemDefaultUILanguage
OpenGlobalizationUserSettingsKey
lstrcmpA
LCIDToLocaleName
GetStagedPackageOrigin

userenv

GetProfileType

winhttp

WinHttpGetIEProxyConfigForCurrentUser

Exports

Exports

AddUrlToFavorites
CORLockDownProvider
CreateExtensionGuidEnumerator
DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllUnregisterServer
DoAddToFavDlg
DoAddToFavDlgW
DoBlobDownload
DoFileDownload
DoFileDownloadEx
DoOrganizeFavDlg
DoOrganizeFavDlgW
DoPrivacyDlg
ExportCookieFileByProcessW
HlinkFindFrame
HlinkFrameNavigate
HlinkFrameNavigateNHL
IEAssociateThreadWithTab
IECancelSaveFile
IECreateDirectory
IECreateFile
IEDeleteFile
IEDisassociateThreadWithTab
IEFindFirstFile
IEGetFileAttributesEx
IEGetProtectedModeCookie
IEGetWriteableFolderPath
IEGetWriteableHKCU
IEInPrivateFilteringEnabled
IEIsInPrivateBrowsing
IEIsProtectedModeProcess
IEIsProtectedModeURL
IELaunchManageAddOnsUI
IELaunchURL
IEMoveFileEx
IERefreshElevationPolicy
IERegCreateKeyEx
IERegSetValueEx
IERegisterWritableRegistryKey
IERegisterWritableRegistryValue
IERemoveDirectory
IESaveFile
IESetProtectedModeCookie
IESetProtectedModeCookieEx
IEShowOpenFileDialog
IEShowSaveFileDialog
IETrackingProtectionEnabled
IEUnregisterWritableRegistry
ImportCookieFileByProcessW
ImportPrivacySettings
OpenURL
SHAddSubscribeFavorite
SetQueryNetSessionCount
SoftwareUpdateMessageBox
TriggerFileDownload
URLQualifyA
URLQualifyW

Sections

.text
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ExtTel
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 341KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
res/msftedit.dll
.dll windows:10 windows x86 arch:x86

Password: 1234

a827a08e6371240d179292de645ee60b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msftedit.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcsnlen
wcsncmp
strnlen
memset
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__register_onexit_function
_o__seh_filter_dll
_o__crt_atexit
memmove
_o__wcsicmp
_o__wcsnicmp
_o_ceil
_o_free
_o_iswdigit
_o_iswpunct
_o_iswspace
_o_malloc
_o_qsort
_o_realloc
_o_strncpy_s
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstod
_o_wmemcpy_s
_except_handler4_common
__CxxFrameHandler3
_CxxThrowException
_o__configure_narrow_argv
_o__CIsqrt
_o__CIpow
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
wcschr
wcsstr
memcmp
memcpy

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
CreateMutexExW
LeaveCriticalSection
ReleaseMutex
WaitForMultipleObjectsEx
CreateEventW
ReleaseSemaphore
ReleaseSRWLockShared
ReleaseSRWLockExclusive
SetEvent
CreateEventExW
InitializeSRWLock
AcquireSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObjectEx
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
ResetEvent

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetSystemDefaultLCID
GetSystemDefaultLangID
GetLocaleInfoW
IsValidCodePage
GetLocaleInfoEx
GetUserDefaultLCID
LocaleNameToLCID
ResolveLocaleName
LCMapStringEx
GetThreadLocale

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
TlsSetValue
GetCurrentProcess
TlsGetValue
TlsFree
TlsAlloc

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetModuleHandleW
LoadResource
GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls
LoadStringW
FreeLibrary

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
WaitForThreadpoolWorkCallbacks

api-ms-win-core-string-l1-1-0

GetStringTypeExW
CompareStringEx
MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetTickCount64
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
RoOriginateErrorW

oleaut32

VariantInit
SysFreeString
SysAllocStringByteLen
VariantClear
SafeArrayGetElement

api-ms-win-core-file-l1-1-0

GetFileType
WriteFile
CreateFileW
SetFilePointer
ReadFile

api-ms-win-core-atoms-l1-1-0

FindAtomA

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegGetValueW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

ntdll

WinSqmIncrementDWORD
SbSelectProcedure
WinSqmIsOptedIn

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
GlobalAlloc

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalLock
GlobalReAlloc
GlobalHandle
GlobalFlags
GlobalUnlock

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CreateTextServices
DllGetActivationFactory
DllGetVersion
GetMathAlphanumeric
GetMathAlphanumericCode
IID_IRichEditOle
IID_IRichEditOleCallback
IID_IRicheditUiaNotificationOverrides
IID_IRicheditUiaOverrides
IID_IRicheditWindowlessAccessibility
IID_ITextDocument2
IID_ITextHost
IID_ITextHost2
IID_ITextServices
IID_ITextServices2
MathBuildDown
MathBuildUp
MathTranslate
RichEdit10ANSIWndProc
RichEditANSIWndProc
RichEditWndProc
SetCustomTextOutHandlerEx
SetTextServicesDpiCalculationOverride
ShutdownTextServices
_DisableOleinitCheck@0

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
res/wpnapps.dll
.dll windows:10 windows x86 arch:x86

Password: 1234

1b10f6f4648743144a368021f07ce78c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wpnapps.pdb

Imports

msvcp_win

?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG0@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
_Query_perf_counter
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
_Query_perf_frequency
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
??0facet@locale@std@@IAE@I@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?tolower@?$ctype@G@std@@QBEPBGPAGPBG@Z
?tolower@?$ctype@G@std@@QBEGG@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
??1facet@locale@std@@MAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?id@?$collate@G@std@@2V0locale@2@A
?__ExceptionPtrCreate@@YAXPAX@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?__ExceptionPtrDestroy@@YAXPAX@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Xlength_error@std@@YAXPBD@Z
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
_Wcsxfrm
?good@ios_base@std@@QBE_NXZ
?_Xbad_alloc@std@@YAXXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
_Wcscoll
?_Incref@facet@locale@std@@UAEXXZ
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
??1_Locinfo@std@@QAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?width@ios_base@std@@QAE_J_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
??1_Lockit@std@@QAE@XZ
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?_XGetLastError@std@@YAXXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?widen@?$ctype@G@std@@QBEGD@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?__ExceptionPtrCurrentException@@YAXPAX@Z
?c_str@?$_Yarn@D@std@@QBEPBDXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??Bid@locale@std@@QAEIXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Locinfo@std@@QAE@PBD@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??0_Lockit@std@@QAE@H@Z

api-ms-win-crt-string-l1-1-0

wcsncmp
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__wcsicmp
_o_ceil
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_strncpy_s
_o_strtol
_o_terminate
_o_toupper
_o_wcstoul
_except_handler4_common
_CxxThrowException
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
wcsrchr
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
memcmp
wcschr
strchr
__std_terminate
__CxxFrameHandler3
_o__callnewh
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
SizeofResource
FindResourceExW
GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls
LoadStringW
GetProcAddress
LoadResource
LockResource

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
Sleep

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateMutexExW
CreateEventW
ResetEvent
InitializeSRWLock
ReleaseMutex
AcquireSRWLockShared
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseSemaphore
EnterCriticalSection
InitializeCriticalSection
CreateSemaphoreExW
CreateEventExW
SetEvent
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
SetUnhandledExceptionFilter
GetLastError

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl
EventUnregister
EventSetInformation
EventRegister
EventProviderEnabled

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
OpenThreadToken
GetProcessId
OpenProcessToken
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

UuidCreate
NdrDllGetClassObject
NdrDllCanUnloadNow
I_RpcBindingInqLocalClientPID
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
CStdStubBuffer_QueryInterface
NdrOleAllocate
IUnknown_AddRef_Proxy
CStdStubBuffer_Connect
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
NdrStubForwardingFunction
NdrStubCall2
RpcServerInqCallAttributesW

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient6
ObjectStublessClient17
ObjectStublessClient14
ObjectStublessClient10
ObjectStublessClient24
CStdStubBuffer2_Connect
NdrProxyForwardingFunction4
ObjectStublessClient25
ObjectStublessClient16
ObjectStublessClient19
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction3
ObjectStublessClient13
ObjectStublessClient7
CStdStubBuffer2_Disconnect
ObjectStublessClient23
ObjectStublessClient15
ObjectStublessClient20
ObjectStublessClient18
ObjectStublessClient3
ObjectStublessClient22
NdrProxyForwardingFunction5
ObjectStublessClient21
CStdStubBuffer2_CountRefs
ObjectStublessClient11
ObjectStublessClient12

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
TraceMessage
UnregisterTraceGuids
GetTraceLoggerHandle

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlFreeHeap
NtQueryInformationToken
NtQuerySystemInformation
RtlInitUnicodeString
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlIsMultiUsersInSessionSku
RtlGetDeviceFamilyInfoEnum
WinSqmAddToStreamEx

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-security-base-l1-1-0

GetTokenInformation
IsWellKnownSid
GetSidSubAuthority
DuplicateTokenEx
GetSidSubAuthorityCount

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

api-ms-win-core-winrt-propertysetprivate-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList
InitializeSListHead

rmclient

RmAccessCheck

combase

ord148
ord168
ord154

api-ms-win-crt-math-l1-1-0

_fdtest

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegGetValueW
RegQueryValueExW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsValidCharW
PathIsFileSpecW
PathFindFileNameW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

xmllite

CreateXmlReader
CreateXmlReaderInputWithEncodingCodePage

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-rtcore-ntuser-shell-l1-1-0

GetShellWindow

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

twinapi.appcore

ord3
ord2

shcore

ord223

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 903KB - Virtual size: 902KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 6.7MB - Virtual size: 6.7MB

.sdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 98KB - Virtual size: 98KB

.reloc Size: 512B - Virtual size: 12B

Password: 1234

d4507c7f09be29de7cd221acbab1d940

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-synch-l1-2-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

user32

gdi32

ole32

api-ms-win-core-localization-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-atoms-l1-1-0

gdiplus

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 42KB - Virtual size: 45KB

.idata Size: 12KB - Virtual size: 11KB

.didat Size: 512B - Virtual size: 208B

.rsrc Size: 184KB - Virtual size: 184KB

.reloc Size: 83KB - Virtual size: 83KB

Password: 1234

5bdb058d8bd5a4fb017b7e63aab20627

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

.text
Size: 6.7MB - Virtual size: 6.7MB

.sdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 98KB - Virtual size: 98KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 42KB - Virtual size: 45KB

.idata
Size: 12KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 208B

.rsrc
Size: 184KB - Virtual size: 184KB

.reloc
Size: 83KB - Virtual size: 83KB