3dd2e12ce60a4e546aa321ae364e76d70b77a421b2c43ba72ff6bf66725f6306

Sharing

Copy URL Twitter E-mail

General

Target

3dd2e12ce60a4e546aa321ae364e76d70b77a421b2c43ba72ff6bf66725f6306
Size

12.9MB
MD5

5a3e8924cfe9587cbb2b33a779b34052
SHA1

f4a07950760afdb230690375de98d1acf0fbad77
SHA256

3dd2e12ce60a4e546aa321ae364e76d70b77a421b2c43ba72ff6bf66725f6306
SHA512

45e90395772f2efb05dbb958a8c662cc24a4096c821055c918ed725ff6dc7091669031e0c95801d587252426c2bc3c203cbea60af80b578204f5211b0c81df3c
SSDEEP

393216:HkRq47/yDzqABDmA0KCdZpcPSo6mSDovMF:HcqWNY2dZpRo6RovMF

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
3dd2e12ce60a4e546aa321ae364e76d70b77a421b2c43ba72ff6bf66725f6306
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/data/flutter_assets/images/xlog-decoder.exe
unpack001/desktop_drop_plugin.dll
unpack001/flutter_windows.dll
unpack001/mars_xlog_decoder_gui.exe
unpack001/native_context_menu_plugin.dll
unpack001/uninst.exe
unpack001/window_manager_plugin.dll

Files

3dd2e12ce60a4e546aa321ae364e76d70b77a421b2c43ba72ff6bf66725f6306
.exe windows:4 windows x86 arch:x86

f4639a0b3116c2cfc71144b88a929cfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

lstrcmpiA
CreateFileW
GetTempFileNameW
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
WriteFile
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
SetEnvironmentVariableW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

4b45b7e00344a87332fbd12653854d1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetModuleHandleW
CloseHandle
SetEndOfFile
SetCurrentDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc
WriteFile
SetFilePointer

user32

LoadCursorW
SetWindowRgn
GetDlgCtrlID
CloseClipboard
DrawFocusRect
OpenClipboard
DrawTextW
SetCursor
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
GetClientRect
ShowWindow
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
CallWindowProcW
PostMessageW
MessageBoxW
GetSysColor
CharNextW
wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
GetWindowLongW
EnableMenuItem
PtInRect
MapWindowPoints
GetClipboardData

gdi32

SetTextColor
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectW

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
make_unicode
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
data/app.so
.elf linux x64
data/flutter_assets/AssetManifest.json
data/flutter_assets/FontManifest.json
data/flutter_assets/NOTICES.Z
.gz
NOTICES.Z
data/flutter_assets/fonts/MaterialIcons-Regular.otf
data/flutter_assets/images/app_icon.png
.png
data/flutter_assets/images/error.png
.png
data/flutter_assets/images/folder.png
.png
data/flutter_assets/images/success.png
.png
data/flutter_assets/images/xlog-decoder
.macho macos arch:arm64 arch:x64
data/flutter_assets/images/xlog-decoder.exe
.exe windows:4 windows x64 arch:x64

0fa24a4b4223fb66cae96bfdf388a423

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

bcrypt

BCryptGenRandom

kernel32

DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
RaiseException
RtlUnwindEx
RtlVirtualUnwind
VirtualQuery
__C_specific_handler
AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
CancelIo
CloseHandle
CompareStringOrdinal
CopyFileExW
CreateDirectoryW
CreateEventW
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateHardLinkW
CreateMutexA
CreateNamedPipeW
CreateProcessW
CreateSymbolicLinkW
CreateThread
CreateToolhelp32Snapshot
DeleteFileW
DeviceIoControl
DuplicateHandle
ExitProcess
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FlushViewOfFile
FormatMessageW
FreeEnvironmentStringsW
GetCommandLineW
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessId
GetStartupInfoA
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetWindowsDirectoryW
HeapAlloc
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
LoadLibraryA
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExW
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleW
ReadFile
ReadFileEx
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RemoveDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
SetConsoleMode
SetConsoleTextAttribute
SetCurrentDirectoryW
SetEnvironmentVariableW
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetThreadStackGuarantee
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SleepEx
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnmapViewOfFile
VirtualProtect
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFileEx

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_assert
_cexit
_commode
_errno
_fmode
_fpreset
_initterm
_lock
_onexit
_unlock
clock
abort
calloc
exit
fflush
fprintf
fputc
free
fwrite
localeconv
malloc
memcmp
memcpy
memmove
memset
qsort
signal
strerror
strlen
strncmp
vfprintf
wcslen

ntdll

NtCreateFile
NtReadFile
NtWriteFile
RtlNtStatusToDosError

userenv

GetUserProfileDirectoryW

ws2_32

WSACleanup
WSADuplicateSocketW
WSAGetLastError
WSARecv
WSASend
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
ioctlsocket
listen
recv
recvfrom
select
send
sendto
setsockopt
shutdown

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
OpenProcessToken
SystemFunction036

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 554KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/35
Size: 965KB - Virtual size: 964KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/47
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/61
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/73
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/86
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/97
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/113
Size: 528KB - Virtual size: 527KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/127
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/143
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/159
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/flutter_assets/packages/cupertino_icons/assets/CupertinoIcons.ttf
data/flutter_assets/packages/macos_ui/fonts/SFProTTF/SFProText-Regular.ttf
data/flutter_assets/packages/window_manager/images/ic_chrome_close.png
.png
data/flutter_assets/packages/window_manager/images/ic_chrome_maximize.png
.png
data/flutter_assets/packages/window_manager/images/ic_chrome_minimize.png
.png
data/flutter_assets/packages/window_manager/images/ic_chrome_unmaximize.png
.png
data/icudtl.dat
desktop_drop_plugin.dll
.dll windows:6 windows x64 arch:x64

7154f3edd7daffaa8c085c02616928a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

flutter_windows

FlutterDesktopPluginRegistrarSetDestructionHandler
FlutterDesktopViewGetHWND
FlutterDesktopPluginRegistrarGetView
FlutterDesktopMessengerSend
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSetCallback
FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopTextureRegistrarRegisterExternalTexture

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GlobalUnlock
GlobalLock
WideCharToMultiByte
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry

user32

ScreenToClient

shell32

DragQueryFileW

ole32

OleUninitialize
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
OleInitialize

msvcp140

?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Xlength_error@std@@YAXPEBD@Z
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

vcruntime140

memcpy
memmove
memset
__std_terminate
__current_exception
__current_exception_context
__C_specific_handler
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
memcmp

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initterm
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initialize_narrow_environment
_invoke_watson
terminate
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

Exports

Exports

DesktopDropPluginRegisterWithRegistrar

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
flutter_window.obj
flutter_windows.dll
.dll windows:5 windows x64 arch:x64

462c7c8dc825cd31e8ec07f164051e15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\b\s\w\ir\cache\builder\src\out\host_release\flutter_windows.dll.pdb

Imports

advapi32

RegGetValueW
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
SystemFunction036
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegDeleteKeyW

iphlpapi

GetAdaptersAddresses

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

oleaut32

LoadRegTypeLi
SysFreeString
SysStringLen
SafeArrayCreateVector
LoadTypeLi
VariantCopy
VariantClear
VarUI4FromStr
SafeArrayPutElement
SafeArrayAccessData
VariantInit
SafeArrayDestroy
SysAllocString
SafeArrayUnaccessData

psapi

GetProcessMemoryInfo

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreateSequential

ws2_32

socket
WSAIoctl
getaddrinfo
closesocket
shutdown
connect
setsockopt
freeaddrinfo
recv
send
WSARecv
WSASend
ioctlsocket
WSARecvFrom
gethostname
htons
ntohs
WSAAddressToStringW
WSAStartup
getsockname
getpeername
getnameinfo
InetPtonW
InetNtopW
bind
listen
WSASocketW
getsockopt
WSAGetLastError
WSASendTo
WSASetLastError

imm32

ImmGetCompositionStringW
ImmReleaseContext
ImmSetCompositionStringW
ImmNotifyIME
ImmGetContext
ImmSetCandidateWindow
ImmSetCompositionWindow

user32

TrackMouseEvent
ReleaseCapture
SetCapture
GetWindowThreadProcessId
RegisterTouchWindow
SetCaretPos
GetFocus
DestroyCaret
CreateCaret
DefWindowProcW
GetWindowLongPtrW
SetTimer
KillTimer
PostMessageW
UnregisterClassW
GetClientRect
RegisterClassW
SetWindowLongPtrW
CreateWindowExW
GetTouchInputInfo
EmptyClipboard
SystemParametersInfoW
CloseClipboard
GetClipboardData
OpenClipboard
ScreenToClient
GetCursorPos
SetCursor
IsWindowVisible
LoadCursorW
NotifyWinEvent
ClientToScreen
MonitorFromPoint
ReleaseDC
GetDC
MonitorFromWindow
MapVirtualKeyW
GetKeyState
SendInput
CloseTouchInputHandle
PeekMessageW
SetClipboardData
IsIconic
IsWindow
InvalidateRect
DefWindowProcA
LoadCursorA
CharNextW
IsClipboardFormatAvailable
WindowFromDC
RegisterClassA
CreateWindowExA
UnregisterClassA
DestroyWindow
GetMessageExtraInfo

gdi32

GetPixelFormat
SwapBuffers
DescribePixelFormat
SetPixelFormat
ChoosePixelFormat
SetDIBitsToDevice
GetDeviceCaps

opengl32

wglGetProcAddress
wglGetCurrentContext

bcrypt

BCryptGenRandom

oleacc

LresultFromObject

uiautomationcore

UiaRaiseAutomationEvent
UiaRaiseAutomationPropertyChangedEvent

dxgi

CreateDXGIFactory
CreateDXGIFactory1

d3d9

Direct3DCreate9
D3DPERF_GetStatus
D3DPERF_SetMarker
D3DPERF_BeginEvent
D3DPERF_EndEvent

kernel32

LCMapStringW
CompareStringW
GetCPInfo
GetTickCount
GetModuleHandleExW
QueueUserWorkItem
GetStringTypeW
EncodePointer
RtlPcToFileHeader
GetExitCodeThread
GetLocaleInfoW
TryEnterCriticalSection
AreFileApisANSI
GetFileAttributesExW
FindFirstFileExW
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
SwitchToThread
ReadConsoleW
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
WaitForSingleObjectEx
ResetEvent
SetEvent
IsDebuggerPresent
SetFilePointerEx
GetTempFileNameA
GetTempPathA
GetEnvironmentVariableA
LoadLibraryExA
GetModuleHandleExA
GetModuleHandleA
VerifyVersionInfoW
VerSetConditionMask
LocaleNameToLCID
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SleepConditionVariableSRW
VirtualQuery
SetThreadPriority
GetCurrentThread
QueryPerformanceCounter
QueryPerformanceFrequency
GetCommandLineW
WakeAllConditionVariable
WakeConditionVariable
SleepConditionVariableCS
InitializeConditionVariable
TlsFree
SetFileTime
DeviceIoControl
CopyFileExW
CreateSymbolicLinkW
GetFullPathNameW
UnlockFileEx
LockFileEx
VirtualProtect
SetFileAttributesW
MoveFileExW
GetConsoleScreenBufferInfo
GetExitCodeProcess
UnregisterWait
RegisterWaitForSingleObject
CreateNamedPipeW
GetCurrentProcessId
TerminateProcess
OpenProcess
WaitForMultipleObjects
CreateEventW
CreateProcessW
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLocaleName
GetDriveTypeW
PeekNamedPipe
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
CreateThread
ExitThread
FreeLibraryAndExitThread
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
SetEnvironmentVariableW
WriteConsoleW
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
GetThreadTimes
GetVersionExW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetQueuedCompletionStatus
ReadDirectoryChangesW
WriteFile
PostQueuedCompletionStatus
GetFileType
OpenThread
CancelIoEx
CreateIoCompletionPort
SetStdHandle
SetConsoleMode
GetConsoleMode
GetStdHandle
SetConsoleCP
SetConsoleOutputCP
GetConsoleCP
GetConsoleOutputCP
SetConsoleCtrlHandler
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetFinalPathNameByHandleA
ExitProcess
TryAcquireSRWLockExclusive
ReadFile
GetFileSizeEx
LoadLibraryA
GetProcAddress
GetLastError
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetThreadPreferredUILanguages
GetLocaleInfoEx
GetCurrentThreadId
FormatMessageW
OutputDebugStringW
LocalFree
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
DecodePointer
GetProcessHeap
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
WideCharToMultiByte
MultiByteToWideChar
CreateSemaphoreW
CloseHandle
WaitForSingleObject
ReleaseSemaphore
RaiseException
GetTempPathW
CreateDirectoryW
CreateFileW
GetCurrentProcess
DuplicateHandle
GetFileInformationByHandle
GetFileAttributesW
RemoveDirectoryW
DeleteFileW
SetFilePointer
SetEndOfFile
FlushViewOfFile
FlushFileBuffers
MoveFileW
FindFirstFileW
FindNextFileW
FindClose
GetFinalPathNameByHandleW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateWaitableTimerW
SetWaitableTimer
LoadLibraryW
FreeLibrary
GetModuleFileNameA
Sleep
GetSystemInfo
VirtualFree
VirtualAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
GetSystemTimeAsFileTime
CreateFileA
FormatMessageA
InitOnceExecuteOnce
InitializeSRWLock
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
TlsGetValue
TlsAlloc
SetLastError
TlsSetValue
GetNativeSystemInfo
OutputDebugStringA
RtlUnwind

crypt32

CertCloseStore
CertOpenStore
CertEnumCertificatesInStore
CertFreeCertificateContext

Exports

Exports

??0PlatformMethods@angle@@QEAA@XZ
??4PlatformMethods@angle@@QEAAAEAU01@$$QEAU01@@Z
??4PlatformMethods@angle@@QEAAAEAU01@AEBU01@@Z
ANGLEGetDisplayPlatform
ANGLEResetDisplayPlatform
FlutterDesktopEngineCreate
FlutterDesktopEngineDestroy
FlutterDesktopEngineGetMessenger
FlutterDesktopEngineGetPluginRegistrar
FlutterDesktopEngineProcessMessages
FlutterDesktopEngineReloadPlatformBrightness
FlutterDesktopEngineReloadSystemFonts
FlutterDesktopEngineRun
FlutterDesktopGetDpiForHWND
FlutterDesktopGetDpiForMonitor
FlutterDesktopMessengerSend
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSetCallback
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopPluginRegistrarGetView
FlutterDesktopPluginRegistrarRegisterTopLevelWindowProcDelegate
FlutterDesktopPluginRegistrarSetDestructionHandler
FlutterDesktopPluginRegistrarUnregisterTopLevelWindowProcDelegate
FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopResyncOutputStreams
FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopViewControllerCreate
FlutterDesktopViewControllerDestroy
FlutterDesktopViewControllerForceRedraw
FlutterDesktopViewControllerGetEngine
FlutterDesktopViewControllerGetView
FlutterDesktopViewControllerHandleTopLevelWindowProc
FlutterDesktopViewGetHWND

Sections

.text
Size: 10.3MB - Virtual size: 10.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 358KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 398KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
generated_plugin_registrant.obj
main.obj
mars_xlo.239C9B1E.tlog/CL.command.1.tlog
mars_xlo.239C9B1E.tlog/CustomBuild.command.1.tlog
mars_xlo.239C9B1E.tlog/CustomBuild.read.1.tlog
mars_xlo.239C9B1E.tlog/CustomBuild.write.1.tlog
mars_xlo.239C9B1E.tlog/mars_xlog_decoder_gui.lastbuildstate
mars_xlog_decoder_gui.exe
.exe windows:6 windows x64 arch:x64

e7788a945ff148a7866144c1b929d7c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

desktop_drop_plugin

DesktopDropPluginRegisterWithRegistrar

native_context_menu_plugin

NativeContextMenuPluginRegisterWithRegistrar

window_manager_plugin

WindowManagerPluginRegisterWithRegistrar

flutter_windows

FlutterDesktopEngineGetMessenger
FlutterDesktopViewGetHWND
FlutterDesktopResyncOutputStreams
FlutterDesktopMessengerSetCallback
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSend
FlutterDesktopViewControllerHandleTopLevelWindowProc
FlutterDesktopViewControllerGetView
FlutterDesktopViewControllerDestroy
FlutterDesktopViewControllerCreate
FlutterDesktopEngineGetPluginRegistrar
FlutterDesktopEngineReloadSystemFonts
FlutterDesktopEngineDestroy
FlutterDesktopEngineCreate
FlutterDesktopGetDpiForMonitor

kernel32

GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryA
GetProcAddress
GetModuleHandleW
FreeLibrary
AllocConsole
WideCharToMultiByte
AttachConsole
LocalFree
GetCommandLineW
IsDebuggerPresent

user32

DestroyWindow
MoveWindow
SetWindowPos
SetFocus
GetClientRect
CreateWindowExW
SetWindowLongPtrW
SetParent
LoadCursorW
LoadIconW
MonitorFromPoint
GetMessageW
UnregisterClassW
GetWindowLongPtrW
TranslateMessage
DispatchMessageW
RegisterClassW
PostQuitMessage
DefWindowProcW

shell32

CommandLineToArgvW

ole32

CoInitializeEx
CoUninitialize

msvcp140

?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_function_call@std@@YAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?sync_with_stdio@ios_base@std@@SA_N_N@Z
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
__C_specific_handler
__current_exception
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__current_exception_context
memcmp
memmove
__std_terminate
memset

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
terminate
_exit
_c_exit
_invalid_parameter_noinfo_noreturn
_invoke_watson
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_register_thread_local_exe_atexit_callback
_crt_atexit
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_cexit

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
freopen_s
_fileno
_dup2
_set_fmode

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mars_xlog_decoder_gui.log
native_context_menu_plugin.dll
.dll windows:6 windows x64 arch:x64

7472525ac5e3ef90b94456746d075471

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

flutter_windows

FlutterDesktopViewGetHWND
FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopMessengerSetCallback
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSend
FlutterDesktopPluginRegistrarUnregisterTopLevelWindowProcDelegate
FlutterDesktopPluginRegistrarRegisterTopLevelWindowProcDelegate
FlutterDesktopPluginRegistrarGetView
FlutterDesktopPluginRegistrarSetDestructionHandler

user32

CreatePopupMenu
GetAncestor
GetCursorPos
GetWindowRect
TrackPopupMenu
RemoveMenu
AppendMenuW
GetMenuItemCount
SendMessageW

msvcp140

_Query_perf_counter
_Query_perf_frequency
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Xbad_function_call@std@@YAXXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z

vcruntime140

_CxxThrowException
__std_exception_destroy
__std_exception_copy
__C_specific_handler
memset
memmove
memcpy
memcmp
__std_type_info_destroy_list
__std_terminate

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_cexit
_configure_narrow_argv
_crt_atexit
_initterm_e
_initterm
_execute_onexit_table
_register_onexit_function
_beginthreadex
abort
_initialize_onexit_table
_invoke_watson
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

kernel32

ReleaseSRWLockExclusive
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep
AcquireSRWLockExclusive

Exports

Exports

NativeContextMenuPluginRegisterWithRegistrar

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

f4639a0b3116c2cfc71144b88a929cfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

lstrcmpiA
CreateFileW
GetTempFileNameW
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
WriteFile
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
SetEnvironmentVariableW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
win32_window.obj
window_manager_plugin.dll
.dll windows:6 windows x64 arch:x64

f3811bcd01bdb8eefe0f279b1bb44587

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

flutter_windows

FlutterDesktopViewGetHWND
FlutterDesktopPluginRegistrarSetDestructionHandler
FlutterDesktopPluginRegistrarGetView
FlutterDesktopPluginRegistrarRegisterTopLevelWindowProcDelegate
FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopMessengerSetCallback
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSend
FlutterDesktopPluginRegistrarUnregisterTopLevelWindowProcDelegate

kernel32

InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
GetVersion
FreeLibrary
GetProcAddress
LoadLibraryW
AcquireSRWLockExclusive
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
ReleaseSRWLockExclusive

user32

PostMessageW
PostQuitMessage
SetLayeredWindowAttributes
GetAncestor
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
GetWindow
SetClassLongW
GetClassLongW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
SetRectEmpty
AdjustWindowRectEx
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SetForegroundWindow
ReleaseCapture
GetActiveWindow
IsZoomed
IsWindowVisible
GetWindowPlacement
SetWindowPos
SendMessageW
ShowWindow
ShowWindowAsync

ole32

CoInitialize
CoCreateInstance

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Xbad_function_call@std@@YAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z

dwmapi

DwmExtendFrameIntoClientArea

vcruntime140

__std_terminate
memcpy
memcmp
memmove
memset
__C_specific_handler
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_invoke_watson
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_initialize_onexit_table
_initialize_narrow_environment

Exports

Exports

WindowManagerPluginRegisterWithRegistrar

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4639a0b3116c2cfc71144b88a929cfd

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 170KB

.ndata Size: - Virtual size: 72KB

.rsrc Size: 17KB - Virtual size: 16KB

4b45b7e00344a87332fbd12653854d1a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 648B

0fa24a4b4223fb66cae96bfdf388a423

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

kernel32

msvcrt

ntdll

userenv

ws2_32

advapi32

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.data Size: 1024B - Virtual size: 976B

.rdata Size: 296KB - Virtual size: 295KB

.pdata Size: 61KB - Virtual size: 60KB

.xdata Size: 107KB - Virtual size: 107KB

.bss Size: - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 7KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 170KB

.ndata
Size: - Virtual size: 72KB

.rsrc
Size: 17KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 648B

.text
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 1024B - Virtual size: 976B

.rdata
Size: 296KB - Virtual size: 295KB

.pdata
Size: 61KB - Virtual size: 60KB

.xdata
Size: 107KB - Virtual size: 107KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 7KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 10KB - Virtual size: 10KB

/4
Size: 2KB - Virtual size: 2KB

/19
Size: 554KB - Virtual size: 553KB

/35
Size: 965KB - Virtual size: 964KB

/47
Size: 17KB - Virtual size: 17KB

/61
Size: 406KB - Virtual size: 406KB

/73
Size: 9KB - Virtual size: 9KB

/86
Size: 1.3MB - Virtual size: 1.3MB

/97
Size: 512B - Virtual size: 180B

/113
Size: 528KB - Virtual size: 527KB

/127
Size: 13KB - Virtual size: 12KB

/143
Size: 31KB - Virtual size: 31KB

/159
Size: 1KB - Virtual size: 1KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 364B

.text
Size: 10.3MB - Virtual size: 10.3MB

.rdata
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 358KB - Virtual size: 425KB

.pdata
Size: 398KB - Virtual size: 397KB

.reloc
Size: 124KB - Virtual size: 124KB