setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe
Size

10.1MB
MD5

0eb08d747e86f80d1f9113ad61b895a5
SHA1

13299ea9b00ab8d4eec23205ef7df188ef254cd8
SHA256

edefd3658904d1667df3686401e6c3d59d0d244b195b412f1c16a7582773b860
SHA512

953cec89b6ec0c0574950a0153e20235acd99355a84f389e50b31ff6992f446de55db26e0503205271799e0f32908a55ae12503f02ef91aca5fcacadeb8be6fb
SSDEEP

196608:va0/fgwjPOzWQki2M81TP/82wqUrU9IV33EhuVHck77H4vJR8WgMlfRWIaMZ:C0H1zakiKBPAqUrUi3srY7HWJOWRjWW

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/LogEx.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/linker.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsreport.exe
unpack001/$PLUGINSDIR/nsreportc.exe
unpack001/$PLUGINSDIR/nsreportc64.exe
unpack001/bin/grizzlyflt.sys
unpack001/bin/grizzlyflt64.sys
unpack001/bin/grizzlykrn.sys
unpack001/bin/grizzlykrn64.sys
unpack001/bin/nsreport.exe
unpack001/bin/nsreportc.exe
unpack001/bin/nsreportc64.exe

Files

setup.exe
.exe windows:5 windows x86 arch:x86

79816339b53ffe40dc34edbae4af71e4

Code Sign

48:f2:79:ee:b5:3d:d0:69:bb:7a:f7:27:0f:6d:dc:ae
Certificate

Issuer

CN=NANO Security LLC

Not Before

06/10/2021, 21:00

Not After

31/12/2039, 23:59

Subject

CN=NANO Security LLC

Extended Key Usages

ExtKeyUsageCodeSigning

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:9d:75:c5:0c:77:4e:c9:a8:32:d5:bc
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/02/2024, 14:05

Not After

14/02/2025, 14:05

Subject

SERIALNUMBER=1093254010387,CN=NANO Security LLC,O=NANO Security LLC,STREET=ul 50-y Armii\, 6,L=Bryansk,ST=Bryansk Oblast,C=RU,1.2.840.113549.1.9.1=#0c11636f6d70616e79406e616e6f61762e7275,1.3.6.1.4.1.311.60.2.1.2=#130e427279616e736b204f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:7c:fe:24:36:9e:7a:c6:8a:da:4d:d7:7a:9c:23:97:bb:64:b4:27:56:5e:b1:fa:d0:6e:a4:40:b3:c7:3d:59
Signer

Actual PE Digest

0d:7c:fe:24:36:9e:7a:c6:8a:da:4d:d7:7a:9c:23:97:bb:64:b4:27:56:5e:b1:fa:d0:6e:a4:40:b3:c7:3d:59

Digest Algorithm

sha256

PE Digest Matches

true

0d:7c:fe:24:36:9e:7a:c6:8a:da:4d:d7:7a:9c:23:97:bb:64:b4:27:56:5e:b1:fa:d0:6e:a4:40:b3:c7:3d:59
Signer

Actual PE Digest

0d:7c:fe:24:36:9e:7a:c6:8a:da:4d:d7:7a:9c:23:97:bb:64:b4:27:56:5e:b1:fa:d0:6e:a4:40:b3:c7:3d:59

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringW
WritePrivateProfileStringW
MoveFileW
MultiByteToWideChar
WideCharToMultiByte
GetFileSize
GetTickCount
GetModuleFileNameW
GetCommandLineW
SetEnvironmentVariableW
GetTempPathW
SetErrorMode
GetCurrentProcess
ExitProcess
GetVersion
GetWindowsDirectoryW
CopyFileW
GetDiskFreeSpaceW
CreateThread
lstrlenA
GlobalUnlock
lstrcpynW
lstrlenW
CreateDirectoryW
CreateFileW
GetTempFileNameW
RemoveDirectoryW
WriteFile
GetLastError
CreateProcessW
GetSystemDirectoryW
GetModuleHandleA
GetProcAddress
lstrcmpiA
lstrcpyA
lstrcpyW
lstrcatW
MoveFileExW
lstrcmpiW
lstrcmpW
MulDiv
GlobalFree
GlobalAlloc
LoadLibraryExW
GetModuleHandleW
FreeLibrary
GetExitCodeProcess
Sleep
WaitForSingleObject
CloseHandle
SetFileTime
SetFilePointer
SetFileAttributesW
ReadFile
GetShortPathNameW
ExpandEnvironmentStringsW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CompareFileTime
SearchPathW
SetCurrentDirectoryW
GlobalLock

user32

EndDialog
CheckDlgButton
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
IsWindowEnabled
GetSystemMetrics
GetSystemMenu
CreatePopupMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
GetWindowRect
SetCursor
ScreenToClient
GetSysColor
GetWindowLongW
SetClassLongW
DialogBoxParamW
LoadCursorW
SystemParametersInfoW
wsprintfA
DispatchMessageW
PeekMessageW
SetDlgItemTextW
GetDlgItemTextW
CharNextA
CharPrevW
MessageBoxIndirectW
GetMessagePos
CharNextW
ExitWindowsEx
SetWindowTextW
SetTimer
CreateDialogParamW
DestroyWindow
LoadImageW
FindWindowExW
IsWindowVisible
SetWindowPos
CreateWindowExW
GetClassInfoW
RegisterClassW
LoadBitmapW
CallWindowProcW
SetWindowLongW
ReleaseDC
GetDC
SetForegroundWindow
EnableWindow
GetDlgItem
ShowWindow
IsWindow
PostQuitMessage
SendMessageTimeoutW
SendMessageW
wsprintfW
FillRect
GetClientRect
EndPaint
BeginPaint
DrawTextW
DefWindowProcW
InvalidateRect

gdi32

SetBkColor
GetDeviceCaps
SetTextColor
SetBkMode
SelectObject
DeleteObject
CreateFontIndirectW
CreateBrushIndirect

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
SHFileOperationW
ShellExecuteW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
SetFileSecurityW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW

comctl32

ImageList_Create
ImageList_Destroy
ord17
ImageList_AddMasked

ole32

OleInitialize
OleUninitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 352KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:6 windows x86 arch:x86

2ed77e01961352b9d2ff2119043404b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpW
lstrcpyW
lstrlenW
MulDiv
GlobalFree
GlobalAlloc
GetModuleHandleW
lstrcpynW

user32

SetDlgItemTextW
SendDlgItemMessageW
GetDC
SetWindowTextW
LoadIconW
EndDialog
ShowWindow
SendMessageW
DialogBoxParamW

gdi32

DeleteObject
GetDeviceCaps
CreateFontIndirectW

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 726B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LogEx.dll
.dll windows:5 windows x86 arch:x86

bdd53a56197f8e1b1c8f0d478c5db507

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\bin\Release\pdb\nanonsis.pdb

Imports

netapi32

NetApiBufferFree
NetUserEnum

psapi

EnumProcesses
GetProcessMemoryInfo
GetDeviceDriverFileNameW
EnumProcessModules
GetModuleFileNameExW
GetProcessImageFileNameW
EnumDeviceDrivers
GetPerformanceInfo

mpr

WNetGetConnectionW
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

wldap32

ord45
ord50
ord27
ord41
ord33
ord60
ord211
ord46
ord143
ord22
ord35
ord79
ord30
ord200
ord32
ord301
ord26

gdiplus

GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHICON
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipAlloc

wintrust

CryptCATAdminReleaseContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpDetectAutoProxyConfigUrl
WinHttpCheckPlatform
WinHttpGetProxyForUrl

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification
WTSQueryUserToken

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
CM_Get_Child
CM_Get_Device_IDW
CM_Get_DevNode_Status
CM_Get_Device_ID_Size
CM_Get_Sibling
CM_Request_Device_EjectW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW

kernel32

EncodePointer
LCMapStringW
GetLocaleInfoW
CreateWaitableTimerA
GetStringTypeExW
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
Sleep
GetCurrentThreadId
ExitProcess
GetSystemTimeAsFileTime
GetTickCount
CreateSemaphoreA
ReleaseSemaphore
LoadLibraryW
GetProcAddress
CreateEventA
SetEvent
GetCurrentProcess
WaitForSingleObjectEx
CloseHandle
DuplicateHandle
GetProcessHeap
HeapAlloc
HeapFree
LocalFree
GetLastError
FindClose
RemoveDirectoryW
SetFileAttributesW
FindFirstFileExW
FindFirstFileW
FindNextFileW
CompareStringW
LoadLibraryA
GetModuleHandleA
HeapReAlloc
HeapDestroy
DecodePointer
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
HeapSize
RaiseException
PostQueuedCompletionStatus
SetErrorMode
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsFree
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
CreateEventW
GetCurrentThread
GetCurrentProcessId
WaitForSingleObject
WaitForMultipleObjects
VirtualAlloc
VirtualFree
OpenProcess
GetExitCodeProcess
SetUnhandledExceptionFilter
CreateThread
OpenThread
SetLastError
SuspendThread
ResumeThread
ReleaseMutex
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
CreateProcessW
CreateFileW
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetSystemInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetThreadPriority
GetThreadPriority
DeviceIoControl
IsDebuggerPresent
ExpandEnvironmentStringsW
QueryDosDeviceW
GetComputerNameW
GetVersionExW
ProcessIdToSessionId
GetModuleHandleW
GetFileSizeEx
GetEnvironmentVariableW
GetDriveTypeW
GetTempPathW
CreateDirectoryW
GetFullPathNameW
GetFileAttributesW
DeleteFileW
CopyFileW
MoveFileExW
GetThreadTimes
QueryPerformanceCounter
QueryPerformanceFrequency
GetTimeZoneInformation
FreeLibrary
GetNativeSystemInfo
VerSetConditionMask
InterlockedCompareExchange
VirtualProtect
TerminateThread
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
ReadFile
FormatMessageW
TlsGetValue
TlsSetValue
SetWaitableTimer
VerifyVersionInfoW
TerminateProcess
GetProcessId
WriteFile
SetHandleInformation
CreatePipe
PeekNamedPipe
SleepEx
CreateWaitableTimerW
GetFileAttributesExW
GetVolumeInformationW
LockFileEx
UnlockFileEx
GetStdHandle
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFilePointerEx
GetFileTime
SetFileTime
WaitForMultipleObjectsEx
AllocConsole
FreeConsole
AttachConsole
OpenMutexW
OpenEventW
GetWindowsDirectoryW
OutputDebugStringW
OpenEventA
ResetEvent
GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeW
WaitNamedPipeW
CancelIo
DisconnectNamedPipe
SetNamedPipeHandleState
GetSystemDirectoryW
LocalAlloc
GetProcessTimes
GetProcessWorkingSetSize
SetProcessWorkingSetSize
ReadProcessMemory
CompareFileTime
GetPriorityClass
IsWow64Process
Process32FirstW
Process32NextW
GetFileType
GetShortPathNameW
GetVolumePathNameW
GlobalAlloc
GlobalFree
GetDiskFreeSpaceExW
GetLogicalDrives
VirtualQueryEx
GetFileSize
SetPriorityClass
GetSystemPowerStatus
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
Module32FirstW
Module32NextW
GlobalMemoryStatusEx
IsProcessorFeaturePresent
GetFileInformationByHandle
GetLongPathNameW
GetLogicalDriveStringsW
GetSystemTimes
DefineDosDeviceW
DebugBreak
InitializeCriticalSection
PulseEvent
CreateProcessA
GetFullPathNameA
GetCPInfo
IsDBCSLeadByte
FormatMessageA
ExpandEnvironmentStringsA
GetSystemDirectoryA
VerifyVersionInfoA
lstrcpynW
GetModuleHandleExW
SwitchToFiber
UnhandledExceptionFilter
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GlobalMemoryStatus
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTime
SystemTimeToFileTime
InitializeSListHead
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
SetConsoleCtrlHandler
VirtualQuery
ExitThread
FreeLibraryAndExitThread
SetStdHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameA
GetConsoleCP
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetCurrentDirectoryW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetStringTypeW
GetCommandLineA
SetEnvironmentVariableA
WriteConsoleW
GetCommandLineW
DeleteFiber

user32

ReleaseDC
GetDC
UpdateWindow
GetKeyState
SendMessageW
CallWindowProcW
PostQuitMessage
MsgWaitForMultipleObjects
GetParent
PostMessageW
MessageBoxW
GetMessageW
RedrawWindow
RegisterClassExW
CreateWindowExW
DestroyWindow
SetTimer
KillTimer
OpenDesktopW
OpenInputDesktop
GetIconInfo
EnumDesktopWindows
SwitchDesktop
CloseDesktop
GetUserObjectInformationW
ExitWindowsEx
GetWindowPlacement
IsIconic
ValidateRect
GetClientRect
GetWindowLongW
SetWindowLongW
FindWindowExW
TranslateMessage
DispatchMessageW
DefWindowProcW
PeekMessageW
GetSystemMetrics
DestroyIcon
SetUserObjectSecurity
GetForegroundWindow
GetWindowRect
GetSysColor
SetSysColors
LoadStringA
GetProcessWindowStation
wsprintfW
IsWindow
EnumThreadWindows
SetForegroundWindow
SystemParametersInfoW
GetWindowThreadProcessId
GetClassNameW
EnumWindows
GetShellWindow
GetDesktopWindow
IsWindowVisible
LoadStringW

gdi32

GetBitmapBits
GetObjectW
DeleteObject

advapi32

OpenThreadToken
CloseServiceHandle
GetTokenInformation
AdjustTokenPrivileges
LookupAccountSidW
LookupPrivilegeValueW
ImpersonateLoggedOnUser
ControlService
CreateProcessAsUserW
GetSecurityDescriptorDacl
AllocateAndInitializeSid
FreeSid
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetNamedSecurityInfoW
GetUserNameW
CheckTokenMembership
ConvertSidToStringSidW
DuplicateTokenEx
SetTokenInformation
SaferCreateLevel
SaferCloseLevel
SaferComputeTokenFromLevel
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
ImpersonateSelf
PrivilegeCheck
DecryptFileW
IsValidSid
EqualSid
GetSidLengthRequired
OpenProcessToken
RevertToSelf
CreateServiceW
InitializeSid
GetLengthSid
CopySid
InitializeAcl
GetAclInformation
AddAce
GetAce
GetNamedSecurityInfoW
InitiateSystemShutdownExW
ChangeServiceConfigW
DeleteService
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
SetSecurityInfo
GetSecurityInfo
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegOpenCurrentUser
RegOpenUserClassesRoot
StartServiceW
QueryServiceStatusEx
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
ChangeServiceConfig2W

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW
SHGetFolderPathAndSubDirW
SHChangeNotify
SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CreateStreamOnHGlobal
CoInitializeSecurity
CoCreateGuid
CoSetProxyBlanket
StringFromGUID2
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitializeEx

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

ws2_32

shutdown
socket
getpeername
getsockopt
WSAIoctl
getaddrinfo
freeaddrinfo
recvfrom
select
gethostname
getnameinfo
send
htonl
ioctlsocket
closesocket
WSAGetLastError
WSACleanup
WSAStartup
recv
listen
getsockname
connect
bind
accept
__WSAFDIsSet
gethostbyname
ntohs
inet_ntoa
WSCWriteProviderOrder
WSCInstallProvider
WSCDeinstallProvider
WSCEnumProtocols
WSCGetProviderPath
WSASocketW
WSASend
WSASetLastError
setsockopt
ntohl
sendto
htons

shlwapi

ord437
SHCreateStreamOnFileEx
SHDeleteKeyW
StrRetToStrW
PathCombineW
PathIsFileSpecW
PathIsUNCW
PathGetDriveNumberW

userenv

ExpandEnvironmentStringsForUserW
CreateEnvironmentBlock
GetProfilesDirectoryW
DestroyEnvironmentBlock
UnloadUserProfile

pdh

PdhCloseQuery
PdhCollectQueryData
PdhOpenQueryW
PdhGetFormattedCounterValue

Exports

Exports

ActivateAvx
CheckInstalled
CheckNanolsp
CheckNanosvcConnection
Clean
Close
ClosePackage
DataPacket
DownloadFile
DownloadFileStrict
EnumerateYandex
ExecDropUac
Exit
ExtractPackageAuto
ExtractPackageFile
ExtractStaFiles
ExtractZipFile
FindAnotherAvx
GetAntivirusInfo
GetLastStatus
Init
LogInfo
OpenPackage
PostConfig
PostInstall
PreInit
ProxySetup
QueryStatus
Refresh
RegexMath
RegisterFunction
Rem
RemoveAllLinks
RemoveLsp
RemoveMsc
Reset
RunAction
StrFunc
UpdateConfig
UserAbort
ValidateFile
VersionCheck
Write
WriteUsbInfo
ap2t
dc
show
stop

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 231KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 355KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:6 windows x86 arch:x86

127a02894b36e3dd18bd638b1758f9f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalSize
GlobalFree
lstrcpynW
lstrcpyW
VirtualAlloc
VirtualFree
VirtualProtect
FreeLibrary
GetModuleHandleW
GetProcAddress
lstrlenW
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 910B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/free-vs-pro-en.bmp
$PLUGINSDIR/free-vs-pro-ru.bmp
$PLUGINSDIR/help-en.html
.html
$PLUGINSDIR/help-ru.html
.html
$PLUGINSDIR/linker.dll
.dll windows:5 windows x86 arch:x86

a0eaa72880e9223bdb51db01eccc0f1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

LoadCursorW
CreateCursor
GetFocus
DrawTextW
BeginPaint
GetWindowRect
SetCursor
ClientToScreen
GetClientRect
PtInRect
GetDC
DrawFocusRect
InvalidateRect
GetWindowLongW
ReleaseDC
SetWindowLongW
DestroyCursor
EndPaint
SetFocus
SetWindowPos
IsWindow
ReleaseCapture
SendMessageW
UpdateWindow
CallWindowProcW
SetCapture

gdi32

GetObjectW
SelectObject
DeleteObject
SetBkMode
CreateFontIndirectW
SetTextColor
GetStockObject

shell32

ShellExecuteW

kernel32

lstrcpynW
GlobalFree
lstrcpyW
GlobalAlloc
GetModuleHandleW

Exports

Exports

Link
Unload

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 278B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:6 windows x86 arch:x86

0be17d9c7e14b81db1cd743c7f16bd3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
MulDiv
GlobalFree
lstrcpynW
lstrcpyW
lstrcmpiW
GetFileAttributesW
GetCurrentDirectoryW
GlobalAlloc
SetCurrentDirectoryW

user32

CreateWindowExW
IsWindow
DestroyWindow
ShowWindow
GetMessageW
CreateDialogParamW
GetDlgItem
SetTimer
KillTimer
DrawTextW
SetPropW
GetPropW
RemovePropW
CallWindowProcW
GetWindowRect
SetCursor
MapWindowPoints
GetSysColor
DrawFocusRect
GetWindowLongW
SetWindowLongW
LoadCursorW
IsDialogMessageW
wsprintfW
MapDialogRect
GetClientRect
DispatchMessageW
GetWindowTextW
TranslateMessage
CharPrevW
CharNextW
SendMessageW
SetWindowPos

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsreport.exe
.exe windows:5 windows x86 arch:x86

ef7c6dd66e17abba41413a8cd324e53e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\bin\Release\pdb\nsreport.pdb

Imports

comctl32

CreateStatusWindowW
ord17

psapi

GetPerformanceInfo

wtsapi32

WTSQueryUserToken

kernel32

SetEvent
HeapReAlloc
DecodePointer
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
HeapSize
RaiseException
PostQueuedCompletionStatus
SetErrorMode
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsFree
TerminateProcess
ReadFile
SetHandleInformation
CreatePipe
PeekNamedPipe
CreateProcessW
MultiByteToWideChar
WideCharToMultiByte
GetSystemInfo
GetCurrentThread
GetCurrentProcess
GetCurrentProcessId
WaitForSingleObjectEx
LocalFree
OpenProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
OpenThread
SetThreadPriority
DeviceIoControl
GetCommandLineW
QueryDosDeviceW
GetComputerNameW
GetVersionExW
ProcessIdToSessionId
GetTickCount
GetModuleHandleW
GetFileSizeEx
FindClose
GetEnvironmentVariableW
GetDriveTypeW
CreateDirectoryW
RemoveDirectoryW
GetFullPathNameW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileExW
FindNextFileW
CopyFileW
MoveFileExW
CreateEventW
WaitForMultipleObjects
VirtualAlloc
VirtualFree
SetUnhandledExceptionFilter
CreateThread
SetLastError
ResumeThread
ReleaseMutex
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
WTSGetActiveConsoleSessionId
CreateSemaphoreA
ReleaseSemaphore
DuplicateHandle
GetTempFileNameW
GetModuleHandleA
QueryPerformanceFrequency
GetTimeZoneInformation
GetNativeSystemInfo
VerSetConditionMask
InterlockedCompareExchange
VirtualProtect
TerminateThread
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
FormatMessageW
TlsGetValue
TlsSetValue
SetWaitableTimer
VerifyVersionInfoW
GetProcessId
SleepEx
CreateWaitableTimerW
GetFileAttributesExW
FindFirstFileW
GetVolumeInformationW
LockFileEx
UnlockFileEx
GetStdHandle
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
GetFileTime
SetFileTime
GetSystemTimeAsFileTime
WaitForMultipleObjectsEx
AllocConsole
FreeConsole
AttachConsole
OpenMutexW
OpenEventW
GetWindowsDirectoryW
OutputDebugStringW
ReadConsoleW
GetConsoleMode
GetConsoleCP
SetStdHandle
GetCurrentDirectoryW
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
VirtualQuery
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileType
SetConsoleCtrlHandler
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
IsDebuggerPresent
GetStringTypeExA
GetUserDefaultLCID
LCMapStringA
GetStringTypeExW
FormatMessageA
SystemTimeToFileTime
CreateWaitableTimerA
OpenEventA
ResetEvent
GetCPInfo
LoadLibraryA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CopyFileExA
GetUserDefaultUILanguage
CreateFileW
QueryPerformanceCounter
GetTempPathW
SetFilePointer
WriteFile
GetLastError
GetExitCodeProcess
ExitProcess
HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
WaitForSingleObject
Sleep
GetCurrentThreadId
CreateEventA
FreeLibrary
GetProcAddress
GetModuleFileNameW
LoadLibraryW
GetSystemTime
IsValidCodePage
GetOEMCP
GetCommandLineA
SetEnvironmentVariableA
SetDllDirectoryW
GetThreadTimes
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetStringTypeW
WriteConsoleW

user32

GetClientRect
SendMessageW
CallWindowProcW
CreateWindowExW
ShowWindow
SetWindowPos
IsIconic
DialogBoxParamW
EndDialog
GetDlgItem
SetDlgItemTextW
GetDlgItemTextA
GetMonitorInfoW
MonitorFromPoint
SystemParametersInfoW
LoadStringW
LoadStringA
LoadIconW
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
GetClassNameW
EnumWindows
SetWindowLongW
GetDlgItemTextW
GetCursorPos
MessageBeep
MessageBoxW
GetWindowRect
GetWindowLongW
GetDC
AllowSetForegroundWindow
SetForegroundWindow
SetActiveWindow
DrawTextExW
EnableWindow
KillTimer
SetTimer
GetKeyState

gdi32

SaveDC
RestoreDC
DeleteDC
CreateCompatibleDC
SelectObject

comdlg32

GetSaveFileNameA

advapi32

FreeSid
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
SaferComputeTokenFromLevel
SaferCloseLevel
SaferCreateLevel
SetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
ImpersonateLoggedOnUser
GetUserNameW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
OpenThreadToken
OpenProcessToken
RevertToSelf
CheckTokenMembership

shell32

SHCreateDirectoryExW
ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW
SHGetFolderPathAndSubDirW

ole32

StringFromGUID2
CoCreateGuid
CoCreateInstance
CoInitialize

ws2_32

WSACleanup
WSAStartup

shlwapi

ord437
PathGetDriveNumberW

userenv

UnloadUserProfile
CreateEnvironmentBlock
DestroyEnvironmentBlock

Exports

Exports

GetExtension
GetNanoCtx

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsreportc.exe
.exe windows:5 windows x86 arch:x86

78d306dd59c14cdd7717231d19fbbe16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\bin\Release\pdb\nsreportc.pdb

Imports

psapi

GetModuleBaseNameW
GetModuleFileNameExW
EnumDeviceDrivers
GetDeviceDriverFileNameW
GetProcessMemoryInfo
GetProcessImageFileNameW
EnumProcesses
GetPerformanceInfo
EnumProcessModules

netapi32

NetUserEnum
NetUserGetLocalGroups
NetApiBufferFree

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetGetConnectionW

userenv

ExpandEnvironmentStringsForUserW
UnloadUserProfile
DestroyEnvironmentBlock
CreateEnvironmentBlock

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord143

wintrust

WinVerifyTrust
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration
WinHttpOpen
WinHttpDetectAutoProxyConfigUrl
WinHttpCloseHandle
WinHttpCheckPlatform
WinHttpGetProxyForUrl

wininet

InternetConnectW
InternetCloseHandle
InternetOpenW

ws2_32

WSASocketW
WSCGetProviderPath
WSCEnumProtocols
WSCDeinstallProvider
WSASetLastError
setsockopt
ntohl
htons
htonl
gethostname
WSCInstallProvider
WSCWriteProviderOrder
inet_ntoa
gethostbyname
sendto
recvfrom
__WSAFDIsSet
freeaddrinfo
getaddrinfo
WSAStartup
WSACleanup
WSAGetLastError
closesocket
WSASend
WSAIoctl
accept
bind
getnameinfo
connect
getsockname
listen
ntohs
recv
select
send
shutdown
ioctlsocket
socket
getpeername
getsockopt

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

gdiplus

GdipCreateBitmapFromScan0
GdipSaveImageToStream
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipGetImageEncodersSize
GdipCreateBitmapFromHICON
GdipGetImageEncoders
GdipAlloc
GdiplusShutdown

wtsapi32

WTSUnRegisterSessionNotification
WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSRegisterSessionNotification

setupapi

CM_Get_Sibling
CM_Request_Device_EjectW
SetupDiGetClassDevsW
CM_Get_DevNode_Status
CM_Get_Device_ID_Size
CM_Get_Device_IDW
CM_Get_Child
SetupDiEnumDeviceInterfaces
SetupDiGetClassImageIndex
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInterfaceW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDescriptionW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassImageList

kernel32

GetSystemDirectoryA
VerifyVersionInfoA
GetStringTypeW
EncodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
CreateWaitableTimerA
GetStringTypeExW
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
IsDebuggerPresent
UnhandledExceptionFilter
InitializeSListHead
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
VirtualQuery
SetConsoleCtrlHandler
ExitThread
FreeLibraryAndExitThread
SetStdHandle
ExpandEnvironmentStringsA
GetCommandLineA
GetACP
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
GetOEMCP
ConvertThreadToFiber
SetEnvironmentVariableA
SetEnvironmentVariableW
GlobalMemoryStatus
GetConsoleMode
SetConsoleMode
WriteConsoleW
ReadConsoleA
ReadConsoleW
FormatMessageA
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
LoadLibraryA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetSystemInfo
GetNativeSystemInfo
Sleep
GetCurrentProcess
GetCurrentProcessId
CloseHandle
InterlockedDecrement
GlobalFree
GlobalMemoryStatusEx
LocalAlloc
LocalFree
OpenProcess
OpenThread
GetThreadPriorityBoost
GetThreadTimes
GetThreadIOPendingFlag
GetLastError
SetErrorMode
ReadProcessMemory
ReadFile
SetFilePointer
FindClose
GetFileTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
ExpandEnvironmentStringsW
GetWindowsDirectoryW
GetDllDirectoryW
CreateFileW
FindFirstFileW
FindNextFileW
QueryPerformanceCounter
QueryPerformanceFrequency
GetVersionExW
IsWow64Process
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
LoadLibraryExW
FreeLibrary
GlobalAlloc
FormatMessageW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
CreateSemaphoreA
ReleaseSemaphore
LoadLibraryW
CreateEventA
SetEvent
GetCurrentThread
GetCurrentThreadId
WaitForSingleObjectEx
WaitForSingleObject
WaitForMultipleObjectsEx
DuplicateHandle
GetProcessHeap
HeapAlloc
HeapFree
GetProcessTimes
GetStdHandle
WriteFile
GetLogicalDriveStringsW
CreateProcessW
GetTempPathW
SetDllDirectoryW
QueryDosDeviceW
GetUserDefaultUILanguage
AttachConsole
HeapReAlloc
HeapDestroy
DecodePointer
InterlockedIncrement
InterlockedExchange
InterlockedExchangeAdd
HeapSize
RaiseException
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsFree
GetFileSize
GetFileAttributesW
CopyFileW
MultiByteToWideChar
SetFileTime
GetCurrentDirectoryW
CreateDirectoryW
GetFileInformationByHandle
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
CreateEventW
SleepEx
GetProcessWorkingSetSize
SetProcessWorkingSetSize
TerminateProcess
GetThreadPriority
SuspendThread
ResumeThread
CompareFileTime
TlsGetValue
CreateWaitableTimerW
SetWaitableTimer
GetPriorityClass
ProcessIdToSessionId
SetLastError
GetVolumeInformationW
SetFilePointerEx
GetFileType
GetFileAttributesExW
FindFirstFileExW
OpenEventA
ResetEvent
GetShortPathNameW
DeviceIoControl
GetVolumePathNameW
GetDiskFreeSpaceExW
GetLogicalDrives
VirtualQueryEx
SetThreadPriority
GetDriveTypeW
SetPriorityClass
GetSystemPowerStatus
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
WTSGetActiveConsoleSessionId
Module32FirstW
Module32NextW
IsProcessorFeaturePresent
OpenEventW
WaitForMultipleObjects
GetFullPathNameA
SetEndOfFile
SetFileAttributesW
DeleteFileW
MoveFileExW
GetEnvironmentVariableW
GetLongPathNameW
GetSystemTimes
DefineDosDeviceW
GetModuleFileNameW
RemoveDirectoryW
GetFullPathNameW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineW
GetComputerNameW
VirtualAlloc
VirtualFree
GetExitCodeProcess
SetUnhandledExceptionFilter
CreateThread
ReleaseMutex
CreateMutexW
VerSetConditionMask
InterlockedCompareExchange
VirtualProtect
TerminateThread
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
TlsSetValue
VerifyVersionInfoW
GetProcessId
SetHandleInformation
CreatePipe
PeekNamedPipe
ExitProcess
LockFileEx
UnlockFileEx
FlushFileBuffers
AllocConsole
FreeConsole
OpenMutexW
OutputDebugStringW
InitializeCriticalSection
PulseEvent
CreateProcessA
GetFileSizeEx

user32

GetClassNameW
EnumWindows
GetShellWindow
GetParent
GetWindowLongW
SetSysColors
GetSysColor
GetWindowRect
GetForegroundWindow
MsgWaitForMultipleObjects
IsIconic
IsWindowVisible
GetWindowPlacement
MessageBoxW
PeekMessageW
GetUserObjectInformationW
CloseDesktop
SwitchDesktop
EnumDesktopWindows
OpenInputDesktop
LoadStringA
OpenDesktopW
KillTimer
SetTimer
DestroyWindow
CreateWindowExW
RegisterClassExW
GetWindowThreadProcessId
SystemParametersInfoW
GetProcessWindowStation
GetKeyState
GetIconInfo
DestroyIcon
SetUserObjectSecurity
EnumThreadWindows
SetForegroundWindow
ExitWindowsEx
PostQuitMessage
IsWindow
DefWindowProcW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetDesktopWindow
SendMessageW
GetSystemMetrics
LoadStringW

gdi32

GetBitmapBits
DeleteObject
GetObjectW

advapi32

GetUserNameW
StartServiceW
OpenProcessToken
LookupAccountNameW
RegCloseKey
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
CloseServiceHandle
EnumServicesStatusW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
ConvertSidToStringSidW
BackupEventLogW
CloseEventLog
OpenEventLogW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
ImpersonateSelf
RevertToSelf
OpenThreadToken
GetTokenInformation
AdjustTokenPrivileges
PrivilegeCheck
LookupAccountSidW
LookupPrivilegeValueW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetNamedSecurityInfoW
BuildTrusteeWithNameW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
ImpersonateLoggedOnUser
DecryptFileW
IsValidSid
EqualSid
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetLengthSid
CopySid
InitializeAcl
GetAclInformation
AddAce
GetAce
SetNamedSecurityInfoW
InitiateSystemShutdownExW
ChangeServiceConfigW
ChangeServiceConfig2W
ControlService
CreateServiceW
DeleteService
RegOpenUserClassesRoot
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SaferComputeTokenFromLevel
SaferCloseLevel
SaferCreateLevel
SetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
CheckTokenMembership
RegOpenCurrentUser
SetSecurityInfo
GetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
AllocateAndInitializeSid
RegDeleteValueW
QueryServiceStatusEx

shell32

SHChangeNotify
SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
CommandLineToArgvW
SHCreateDirectoryExW
SHGetFolderPathAndSubDirW
SHGetFolderPathW
ShellExecuteExW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CreateStreamOnHGlobal
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoCreateGuid
CoUninitialize

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

shlwapi

PathGetDriveNumberW
SHCreateStreamOnFileEx
SHDeleteKeyW
StrRetToStrW
PathCombineW
PathIsFileSpecW
PathIsUNCW
ord437
SHGetValueW

pdh

PdhCollectQueryData
PdhCloseQuery
PdhGetFormattedCounterValue
PdhOpenQueryW

Exports

Exports

GetExtension
GetNanoCtx

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 166KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsreportc64.exe
.exe windows:5 windows x64 arch:x64

e667ba5b1c1469027cf10ba1076719ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

O:\bin\Release\pdb\nsreportc64.pdb

Imports

psapi

GetModuleBaseNameW
GetModuleFileNameExW
EnumDeviceDrivers
GetDeviceDriverFileNameW
GetProcessMemoryInfo
GetProcessImageFileNameW
GetPerformanceInfo
EnumProcesses
EnumProcessModules

netapi32

NetUserEnum
NetUserGetLocalGroups
NetApiBufferFree

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetGetConnectionW

userenv

DestroyEnvironmentBlock
UnloadUserProfile
ExpandEnvironmentStringsForUserW
CreateEnvironmentBlock

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
WinVerifyTrust

ws2_32

WSAGetLastError
closesocket
ioctlsocket
htonl
htons
ntohl
setsockopt
WSAStartup
WSACleanup
WSASetLastError
WSCWriteProviderOrder32
WSCWriteProviderOrder
WSCInstallProvider64_32
WSCInstallProvider
WSCDeinstallProvider32
WSCDeinstallProvider
WSCEnumProtocols
WSCGetProviderPath
WSASocketW
WSASend

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdiplus

GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipCreateBitmapFromHICON
GdipGetImageEncoders

setupapi

CM_Request_Device_EjectW
CM_Get_Sibling
CM_Get_DevNode_Status
CM_Get_Device_ID_Size
CM_Get_Device_IDW
CM_Get_Child
SetupDiEnumDeviceInterfaces
SetupDiGetClassImageIndex
SetupDiGetClassImageList
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInterfaceW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDescriptionW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification
WTSQueryUserToken
WTSEnumerateSessionsW

kernel32

GetStringTypeW
RtlPcToFileHeader
EncodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
CreateWaitableTimerA
FormatMessageA
GetStringTypeExW
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
IsDebuggerPresent
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
LoadLibraryA
GetModuleHandleA
LoadLibraryW
GetModuleHandleW
GetProcAddress
FreeLibrary
GetSystemInfo
GetNativeSystemInfo
GetCurrentProcess
GetCurrentProcessId
CloseHandle
GlobalMemoryStatusEx
LocalAlloc
LocalFree
OpenProcess
OpenThread
GetThreadPriorityBoost
GetThreadTimes
GetThreadIOPendingFlag
GetLastError
SetErrorMode
ReadProcessMemory
ReadFile
SetFilePointer
FindClose
GetFileTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
ExpandEnvironmentStringsW
GetWindowsDirectoryW
GetDllDirectoryW
CreateFileW
FindFirstFileW
FindNextFileW
GetVersionExW
IsWow64Process
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
LoadLibraryExW
GlobalAlloc
GlobalFree
FormatMessageW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
CreateSemaphoreA
ReleaseSemaphore
CreateEventA
SetEvent
GetCurrentThread
GetCurrentThreadId
WaitForSingleObjectEx
WaitForSingleObject
WaitForMultipleObjectsEx
DuplicateHandle
GetProcessHeap
HeapAlloc
HeapFree
RtlCaptureContext
GetStdHandle
WriteFile
GetLogicalDriveStringsW
CreateProcessW
GetTempPathW
SetDllDirectoryW
QueryDosDeviceW
GetUserDefaultUILanguage
AttachConsole
HeapReAlloc
HeapDestroy
DecodePointer
HeapSize
RaiseException
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsFree
GetFileSize
GetFileAttributesW
CopyFileW
MultiByteToWideChar
SetFileTime
GetCurrentDirectoryW
CreateDirectoryW
GetFileInformationByHandle
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
CreateEventW
SleepEx
GetProcessWorkingSetSize
SetProcessWorkingSetSize
TerminateProcess
GetThreadPriority
SuspendThread
ResumeThread
CompareFileTime
TlsGetValue
CreateWaitableTimerW
SetWaitableTimer
GetPriorityClass
ProcessIdToSessionId
SetLastError
GetVolumeInformationW
SetFilePointerEx
GetFileAttributesExW
FindFirstFileExW
GetFileType
GetShortPathNameW
OpenEventA
ResetEvent
DeviceIoControl
GetVolumePathNameW
GetDiskFreeSpaceExW
GetLogicalDrives
Sleep
VirtualQueryEx
SetThreadPriority
GetDriveTypeW
SetPriorityClass
GetSystemPowerStatus
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
WTSGetActiveConsoleSessionId
Module32FirstW
Module32NextW
IsProcessorFeaturePresent
OpenEventW
WaitForMultipleObjects
GetFileSizeEx
SetEndOfFile
SetFileAttributesW
DeleteFileW
MoveFileExW
GetEnvironmentVariableW
GetLongPathNameW
GetSystemTimes
DefineDosDeviceW
GetModuleFileNameW
RemoveDirectoryW
GetFullPathNameW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineW
GetComputerNameW
VirtualAlloc
VirtualFree
GetExitCodeProcess
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
ReleaseMutex
CreateMutexW
QueryPerformanceCounter
QueryPerformanceFrequency
VerSetConditionMask
VirtualProtect
TerminateThread
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
TlsSetValue
VerifyVersionInfoW
LockFileEx
UnlockFileEx
FlushFileBuffers
AllocConsole
FreeConsole
OpenMutexW
GetProcessId
SetHandleInformation
CreatePipe
PeekNamedPipe
ExitProcess
OutputDebugStringW
RtlVirtualUnwind
UnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
VirtualQuery
SetConsoleCtrlHandler
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetCommandLineA
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
SetStdHandle
ReadConsoleW
IsValidCodePage
GetOEMCP
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleW
GetProcessTimes
CreateThread

user32

GetKeyState
SetUserObjectSecurity
GetIconInfo
LoadStringA
DestroyIcon
KillTimer
SetTimer
DestroyWindow
SwitchDesktop
CloseDesktop
GetUserObjectInformationW
TranslateMessage
DispatchMessageW
PeekMessageW
ExitWindowsEx
PostQuitMessage
GetWindowPlacement
IsWindowVisible
IsIconic
MessageBoxW
GetForegroundWindow
GetWindowRect
GetSysColor
SetSysColors
GetWindowLongW
GetWindowLongPtrW
CreateWindowExW
RegisterClassExW
GetParent
GetShellWindow
EnumWindows
GetClassNameW
GetWindowThreadProcessId
SystemParametersInfoW
PostMessageW
IsWindow
SetForegroundWindow
EnumThreadWindows
GetMessageW
GetSystemMetrics
LoadStringW
SendMessageW
EnumDesktopWindows
GetDesktopWindow
OpenDesktopW
OpenInputDesktop
MsgWaitForMultipleObjects
DefWindowProcW

gdi32

GetBitmapBits
GetObjectW
DeleteObject

advapi32

GetUserNameW
CheckTokenMembership
OpenEventLogW
OpenProcessToken
LookupAccountNameW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
CloseServiceHandle
EnumServicesStatusW
OpenSCManagerW
ImpersonateSelf
RevertToSelf
OpenThreadToken
GetTokenInformation
AdjustTokenPrivileges
PrivilegeCheck
LookupAccountSidW
LookupPrivilegeValueW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetNamedSecurityInfoW
BuildTrusteeWithNameW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
ImpersonateLoggedOnUser
DecryptFileW
IsValidSid
EqualSid
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetLengthSid
CopySid
InitializeAcl
GetAclInformation
AddAce
GetAce
SetNamedSecurityInfoW
InitiateSystemShutdownExW
CloseEventLog
BackupEventLogW
CreateProcessAsUserW
ChangeServiceConfigW
ChangeServiceConfig2W
ControlService
CreateServiceW
DeleteService
QueryServiceStatusEx
StartServiceW
RegOpenUserClassesRoot
RegOpenCurrentUser
RegDeleteValueW
AllocateAndInitializeSid
FreeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityInfo
SetSecurityInfo
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
ConvertSidToStringSidW
DuplicateTokenEx
SaferComputeTokenFromLevel
SaferCloseLevel
SaferCreateLevel
SetTokenInformation

shell32

SHGetFolderPathW
SHChangeNotify
SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
CommandLineToArgvW
SHCreateDirectoryExW
ShellExecuteExW
SHGetFolderPathAndSubDirW

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoCreateGuid
StringFromGUID2
CoSetProxyBlanket
CoInitializeSecurity
CreateStreamOnHGlobal

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

shlwapi

StrRetToStrW
PathGetDriveNumberW
SHCreateStreamOnFileEx
SHDeleteKeyW
PathCombineW
PathIsFileSpecW
PathIsUNCW
ord437
SHGetValueW

pdh

PdhCloseQuery
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhOpenQueryW

Exports

Exports

GetExtension
GetNanoCtx

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/yandex_toolbar.bmp
bin/grizzlyflt.sys
.sys windows:6 windows x86 arch:x86

08d51a3f5008d8517fa3828e68809dc5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\bin\Release\pdb\grizzlyflt.pdb

Imports

fltmgr.sys

FltCreateFile
FltClose
FltGetRoutineAddress
FltAllocateContext
FltSetStreamContext
FltSetStreamHandleContext
FltGetStreamContext
FltGetStreamHandleContext
FltReleaseContext
FltDoCompletionProcessingWhenSafe
FltRegisterFilter
FltUnregisterFilter
FltStartFiltering
FltGetFileNameInformation
FltReleaseFileNameInformation
FltParseFileName
FltGetDestinationFileNameInformation
FltQueryInformationFile
FltCancelFileOpen
FltSetInstanceContext
FltDeleteStreamHandleContext
FltGetInstanceContext
FltGetVolumeProperties
FltCreateCommunicationPort
FltCloseCommunicationPort
FltCloseClientPort
FltSendMessage
FltBuildDefaultSecurityDescriptor
FltFreeSecurityDescriptor
FltGetRequestorProcessId

ntoskrnl.exe

RtlGetVersion
KeQuerySystemTime
ExAllocatePoolWithTag
ExFreePoolWithTag
ExSystemTimeToLocalTime
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
ZwOpenKey
RtlEqualString
PsGetCurrentThreadId
memcpy
memset
RtlTimeToTimeFields
KeClearEvent
KeSetEvent
KeWaitForMultipleObjects
KeWaitForSingleObject
PsCreateSystemThread
PsTerminateSystemThread
ZwCreateFile
ZwOpenFile
ZwWriteFile
ZwDeleteFile
ZwQueryDirectoryFile
_vsnprintf
_vsnwprintf
memmove
RtlCompareMemory
wcsncmp
ZwQueryInformationFile
ZwReadFile
RtlPrefixUnicodeString
IoFileObjectType
RtlUpcaseUnicodeChar
RtlEqualUnicodeString
ZwOpenProcess
wcsrchr
KeDelayExecutionThread
InterlockedPopEntrySList
InterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
IoAllocateErrorLogEntry
IoGetStackLimits
IoGetTopLevelIrp
IoWriteErrorLogEntry
ZwQueryValueKey
ZwSetValueKey
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
PsSetCreateProcessNotifyRoutine
PsGetCurrentProcessId
ZwDuplicateObject
_allmul
ExAllocatePoolWithQuotaTag
PsGetVersion
RtlImageDirectoryEntryToData
ZwQuerySystemInformation
KeBugCheckEx
RtlUnwind
DbgPrintEx
MmGetSystemRoutineAddress
RtlInitUnicodeString
RtlInitString
strrchr
KeInitializeEvent

hal

ExReleaseFastMutex
ExAcquireFastMutex
KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 798B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/grizzlyflt64.sys
.sys windows:6 windows x64 arch:x64

6972661e1fd1f051da8ddd3825bc5a5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

O:\bin\Release\pdb\grizzlyflt64.pdb

Imports

fltmgr.sys

FltCreateFile
FltClose
FltGetRoutineAddress
FltAllocateContext
FltSetStreamContext
FltSetStreamHandleContext
FltGetStreamContext
FltGetStreamHandleContext
FltReleaseContext
FltDoCompletionProcessingWhenSafe
FltRegisterFilter
FltUnregisterFilter
FltStartFiltering
FltGetFileNameInformation
FltReleaseFileNameInformation
FltParseFileName
FltGetDestinationFileNameInformation
FltQueryInformationFile
FltCancelFileOpen
FltSetInstanceContext
FltDeleteStreamHandleContext
FltGetInstanceContext
FltGetVolumeProperties
FltCreateCommunicationPort
FltCloseCommunicationPort
FltCloseClientPort
FltSendMessage
FltBuildDefaultSecurityDescriptor
FltFreeSecurityDescriptor
FltGetRequestorProcessId

ntoskrnl.exe

strrchr
RtlInitString
RtlInitUnicodeString
MmGetSystemRoutineAddress
DbgPrintEx
RtlTimeToTimeFields
RtlGetVersion
ExAllocatePoolWithTag
ExFreePoolWithTag
ExSystemTimeToLocalTime
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
ZwOpenKey
RtlEqualString
PsGetCurrentThreadId
__C_specific_handler
KeInitializeEvent
KeClearEvent
KeSetEvent
KeWaitForMultipleObjects
KeWaitForSingleObject
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
PsCreateSystemThread
PsTerminateSystemThread
ZwCreateFile
ZwOpenFile
ZwWriteFile
ZwDeleteFile
ZwQueryDirectoryFile
_vsnprintf
_vsnwprintf
RtlCompareMemory
strcmp
wcsncmp
ZwQueryInformationFile
ZwReadFile
RtlPrefixUnicodeString
IoFileObjectType
RtlUpcaseUnicodeChar
RtlEqualUnicodeString
ZwOpenProcess
wcsrchr
KeDelayExecutionThread
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
IoAllocateErrorLogEntry
IoGetStackLimits
IoGetTopLevelIrp
IoWriteErrorLogEntry
ZwQueryValueKey
ZwSetValueKey
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
PsSetCreateProcessNotifyRoutine
PsGetCurrentProcessId
ZwDuplicateObject
ExAllocatePoolWithQuotaTag
PsGetVersion
RtlImageDirectoryEntryToData
ZwQuerySystemInformation
KeBugCheckEx

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/grizzlykrn.sys
.sys windows:6 windows x86 arch:x86

65017e466c160808c98da27eb9438d74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\bin\Release\pdb\grizzlykrn.pdb

Imports

ntoskrnl.exe

KeQuerySystemTime
ExAllocatePoolWithTag
ExFreePoolWithTag
ExSystemTimeToLocalTime
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
ObfDereferenceObject
ZwCreateFile
ZwOpenFile
ZwWriteFile
ZwClose
PsGetCurrentThreadId
ZwDeleteFile
ZwQueryDirectoryFile
_vsnprintf
_vsnwprintf
memcpy
memset
strrchr
RtlInitString
MmGetSystemRoutineAddress
RtlGetVersion
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
IoAllocateMdl
IoFreeMdl
ZwOpenKey
RtlEqualString
MmIsAddressValid
MmUserProbeAddress
NtBuildNumber
wcsncmp
RtlCompareMemory
ZwQueryInformationFile
ZwReadFile
RtlPrefixUnicodeString
_allmul
IoAllocateIrp
IoBuildDeviceIoControlRequest
IofCallDriver
IoFreeIrp
IoGetDeviceObjectPointer
IoGetDeviceAttachmentBaseRef
RtlEqualUnicodeString
ObfReferenceObject
IoDriverObjectType
ObOpenObjectByName
_stricmp
ProbeForRead
CmRegisterCallback
CmUnRegisterCallback
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
PsSetCreateProcessNotifyRoutine
PsGetCurrentProcessId
PsGetProcessId
PsGetThreadProcessId
PsLookupThreadByThreadId
PsProcessType
PsThreadType
KeServiceDescriptorTable
memmove
KeWaitForSingleObject
RtlAppendUnicodeStringToString
KeInitializeMutex
KeReleaseMutex
KeDelayExecutionThread
IoAllocateErrorLogEntry
IoBuildSynchronousFsdRequest
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoInitializeRemoveLockEx
IoReleaseRemoveLockAndWaitEx
IoWriteErrorLogEntry
ObReferenceObjectByPointer
ZwQueryValueKey
ZwSetValueKey
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
ZwOpenProcess
KeAttachProcess
KeDetachProcess
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ObQueryNameString
ZwDuplicateObject
IoFileObjectType
MmHighestUserAddress
MmSystemRangeStart
PsGetProcessPeb
RtlMapGenericMask
RtlUnwind
ObOpenObjectByPointer
IoDeviceObjectType
IoCreateDevice
ZwSetSecurityObject
RtlGetOwnerSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetSaclSecurityDescriptor
SeCaptureSecurityDescriptor
RtlLengthSecurityDescriptor
_snwprintf
RtlCreateSecurityDescriptor
RtlLengthSid
SeExports
IoIsWdmVersionAvailable
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
_wcsnicmp
wcschr
RtlFreeUnicodeString
ZwCreateKey
ExAllocatePoolWithQuotaTag
PsGetVersion
RtlImageDirectoryEntryToData
ZwQuerySystemInformation
KeBugCheckEx
KeWaitForMultipleObjects
KeSetEvent
KeClearEvent
KeInitializeEvent
RtlTimeToTimeFields
DbgPrintEx
wcsrchr
RtlInitUnicodeString

hal

KfLowerIrql
ExReleaseFastMutex
ExAcquireFastMutex
KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/grizzlykrn64.sys
.sys windows:6 windows x64 arch:x64

9dfcf2c27b978373329cebfd76dde818

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

O:\bin\Release\pdb\grizzlykrn64.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
DbgPrintEx
RtlTimeToTimeFields
KeInitializeEvent
KeClearEvent
KeSetEvent
KeWaitForMultipleObjects
KeWaitForSingleObject
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ExAllocatePoolWithTag
ExFreePoolWithTag
ExAcquireFastMutex
ExReleaseFastMutex
ExSystemTimeToLocalTime
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
ObfDereferenceObject
ZwCreateFile
ZwOpenFile
ZwWriteFile
ZwClose
PsGetCurrentThreadId
ZwDeleteFile
ZwQueryDirectoryFile
_vsnprintf
_vsnwprintf
__C_specific_handler
strrchr
RtlInitString
MmGetSystemRoutineAddress
RtlGetVersion
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
IoFreeMdl
ZwOpenKey
RtlEqualString
MmIsAddressValid
NtBuildNumber
wcsncmp
RtlCompareMemory
ZwQueryInformationFile
ZwReadFile
RtlPrefixUnicodeString
strcmp
IoAllocateIrp
IoBuildDeviceIoControlRequest
IofCallDriver
IoFreeIrp
IoGetDeviceObjectPointer
IoGetDeviceAttachmentBaseRef
RtlEqualUnicodeString
KeLowerIrql
KfRaiseIrql
ObfReferenceObject
IoDriverObjectType
ObOpenObjectByName
CmRegisterCallback
CmUnRegisterCallback
PsSetCreateProcessNotifyRoutine
PsProcessType
PsThreadType
wcsrchr
RtlAppendUnicodeStringToString
KeInitializeMutex
KeReleaseMutex
KeDelayExecutionThread
IoAllocateErrorLogEntry
IoBuildSynchronousFsdRequest
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
IoReleaseRemoveLockAndWaitEx
IoWriteErrorLogEntry
ObReferenceObjectByPointer
ZwQueryValueKey
ZwSetValueKey
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
PsGetCurrentProcessId
ZwOpenProcess
KeAttachProcess
KeDetachProcess
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ObQueryNameString
ZwDuplicateObject
IoFileObjectType
MmHighestUserAddress
MmSystemRangeStart
PsGetProcessPeb
RtlMapGenericMask
PsGetProcessId
PsGetThreadProcessId
ObOpenObjectByPointer
IoDeviceObjectType
IoCreateDevice
ZwSetSecurityObject
RtlGetOwnerSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetSaclSecurityDescriptor
SeCaptureSecurityDescriptor
RtlLengthSecurityDescriptor
_snwprintf
RtlCreateSecurityDescriptor
RtlLengthSid
SeExports
IoIsWdmVersionAvailable
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
_wcsnicmp
wcschr
RtlFreeUnicodeString
ZwCreateKey
ExAllocatePoolWithQuotaTag
PsGetVersion
RtlImageDirectoryEntryToData
ZwQuerySystemInformation
KeBugCheckEx

Sections

.text
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/license.key
bin/nsreport.exe
.exe windows:5 windows x86 arch:x86

ef7c6dd66e17abba41413a8cd324e53e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\bin\Release\pdb\nsreport.pdb

Imports

comctl32

CreateStatusWindowW
ord17

psapi

GetPerformanceInfo

wtsapi32

WTSQueryUserToken

kernel32

SetEvent
HeapReAlloc
DecodePointer
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
HeapSize
RaiseException
PostQueuedCompletionStatus
SetErrorMode
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsFree
TerminateProcess
ReadFile
SetHandleInformation
CreatePipe
PeekNamedPipe
CreateProcessW
MultiByteToWideChar
WideCharToMultiByte
GetSystemInfo
GetCurrentThread
GetCurrentProcess
GetCurrentProcessId
WaitForSingleObjectEx
LocalFree
OpenProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
OpenThread
SetThreadPriority
DeviceIoControl
GetCommandLineW
QueryDosDeviceW
GetComputerNameW
GetVersionExW
ProcessIdToSessionId
GetTickCount
GetModuleHandleW
GetFileSizeEx
FindClose
GetEnvironmentVariableW
GetDriveTypeW
CreateDirectoryW
RemoveDirectoryW
GetFullPathNameW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileExW
FindNextFileW
CopyFileW
MoveFileExW
CreateEventW
WaitForMultipleObjects
VirtualAlloc
VirtualFree
SetUnhandledExceptionFilter
CreateThread
SetLastError
ResumeThread
ReleaseMutex
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
WTSGetActiveConsoleSessionId
CreateSemaphoreA
ReleaseSemaphore
DuplicateHandle
GetTempFileNameW
GetModuleHandleA
QueryPerformanceFrequency
GetTimeZoneInformation
GetNativeSystemInfo
VerSetConditionMask
InterlockedCompareExchange
VirtualProtect
TerminateThread
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
FormatMessageW
TlsGetValue
TlsSetValue
SetWaitableTimer
VerifyVersionInfoW
GetProcessId
SleepEx
CreateWaitableTimerW
GetFileAttributesExW
FindFirstFileW
GetVolumeInformationW
LockFileEx
UnlockFileEx
GetStdHandle
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
GetFileTime
SetFileTime
GetSystemTimeAsFileTime
WaitForMultipleObjectsEx
AllocConsole
FreeConsole
AttachConsole
OpenMutexW
OpenEventW
GetWindowsDirectoryW
OutputDebugStringW
ReadConsoleW
GetConsoleMode
GetConsoleCP
SetStdHandle
GetCurrentDirectoryW
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
VirtualQuery
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileType
SetConsoleCtrlHandler
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
IsDebuggerPresent
GetStringTypeExA
GetUserDefaultLCID
LCMapStringA
GetStringTypeExW
FormatMessageA
SystemTimeToFileTime
CreateWaitableTimerA
OpenEventA
ResetEvent
GetCPInfo
LoadLibraryA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CopyFileExA
GetUserDefaultUILanguage
CreateFileW
QueryPerformanceCounter
GetTempPathW
SetFilePointer
WriteFile
GetLastError
GetExitCodeProcess
ExitProcess
HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
WaitForSingleObject
Sleep
GetCurrentThreadId
CreateEventA
FreeLibrary
GetProcAddress
GetModuleFileNameW
LoadLibraryW
GetSystemTime
IsValidCodePage
GetOEMCP
GetCommandLineA
SetEnvironmentVariableA
SetDllDirectoryW
GetThreadTimes
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetStringTypeW
WriteConsoleW

user32

GetClientRect
SendMessageW
CallWindowProcW
CreateWindowExW
ShowWindow
SetWindowPos
IsIconic
DialogBoxParamW
EndDialog
GetDlgItem
SetDlgItemTextW
GetDlgItemTextA
GetMonitorInfoW
MonitorFromPoint
SystemParametersInfoW
LoadStringW
LoadStringA
LoadIconW
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
GetClassNameW
EnumWindows
SetWindowLongW
GetDlgItemTextW
GetCursorPos
MessageBeep
MessageBoxW
GetWindowRect
GetWindowLongW
GetDC
AllowSetForegroundWindow
SetForegroundWindow
SetActiveWindow
DrawTextExW
EnableWindow
KillTimer
SetTimer
GetKeyState

gdi32

SaveDC
RestoreDC
DeleteDC
CreateCompatibleDC
SelectObject

comdlg32

GetSaveFileNameA

advapi32

FreeSid
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
SaferComputeTokenFromLevel
SaferCloseLevel
SaferCreateLevel
SetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
ImpersonateLoggedOnUser
GetUserNameW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
OpenThreadToken
OpenProcessToken
RevertToSelf
CheckTokenMembership

shell32

SHCreateDirectoryExW
ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW
SHGetFolderPathAndSubDirW

ole32

StringFromGUID2
CoCreateGuid
CoCreateInstance
CoInitialize

ws2_32

WSACleanup
WSAStartup

shlwapi

ord437
PathGetDriveNumberW

userenv

UnloadUserProfile
CreateEnvironmentBlock
DestroyEnvironmentBlock

Exports

Exports

GetExtension
GetNanoCtx

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/nsreportc.exe
.exe windows:5 windows x86 arch:x86

78d306dd59c14cdd7717231d19fbbe16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\bin\Release\pdb\nsreportc.pdb

Imports

psapi

GetModuleBaseNameW
GetModuleFileNameExW
EnumDeviceDrivers
GetDeviceDriverFileNameW
GetProcessMemoryInfo
GetProcessImageFileNameW
EnumProcesses
GetPerformanceInfo
EnumProcessModules

netapi32

NetUserEnum
NetUserGetLocalGroups
NetApiBufferFree

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetGetConnectionW

userenv

ExpandEnvironmentStringsForUserW
UnloadUserProfile
DestroyEnvironmentBlock
CreateEnvironmentBlock

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord143

wintrust

WinVerifyTrust
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration
WinHttpOpen
WinHttpDetectAutoProxyConfigUrl
WinHttpCloseHandle
WinHttpCheckPlatform
WinHttpGetProxyForUrl

wininet

InternetConnectW
InternetCloseHandle
InternetOpenW

ws2_32

WSASocketW
WSCGetProviderPath
WSCEnumProtocols
WSCDeinstallProvider
WSASetLastError
setsockopt
ntohl
htons
htonl
gethostname
WSCInstallProvider
WSCWriteProviderOrder
inet_ntoa
gethostbyname
sendto
recvfrom
__WSAFDIsSet
freeaddrinfo
getaddrinfo
WSAStartup
WSACleanup
WSAGetLastError
closesocket
WSASend
WSAIoctl
accept
bind
getnameinfo
connect
getsockname
listen
ntohs
recv
select
send
shutdown
ioctlsocket
socket
getpeername
getsockopt

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

gdiplus

GdipCreateBitmapFromScan0
GdipSaveImageToStream
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipGetImageEncodersSize
GdipCreateBitmapFromHICON
GdipGetImageEncoders
GdipAlloc
GdiplusShutdown

wtsapi32

WTSUnRegisterSessionNotification
WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSRegisterSessionNotification

setupapi

CM_Get_Sibling
CM_Request_Device_EjectW
SetupDiGetClassDevsW
CM_Get_DevNode_Status
CM_Get_Device_ID_Size
CM_Get_Device_IDW
CM_Get_Child
SetupDiEnumDeviceInterfaces
SetupDiGetClassImageIndex
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInterfaceW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDescriptionW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassImageList

kernel32

GetSystemDirectoryA
VerifyVersionInfoA
GetStringTypeW
EncodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
CreateWaitableTimerA
GetStringTypeExW
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
IsDebuggerPresent
UnhandledExceptionFilter
InitializeSListHead
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
VirtualQuery
SetConsoleCtrlHandler
ExitThread
FreeLibraryAndExitThread
SetStdHandle
ExpandEnvironmentStringsA
GetCommandLineA
GetACP
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
GetOEMCP
ConvertThreadToFiber
SetEnvironmentVariableA
SetEnvironmentVariableW
GlobalMemoryStatus
GetConsoleMode
SetConsoleMode
WriteConsoleW
ReadConsoleA
ReadConsoleW
FormatMessageA
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
LoadLibraryA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetSystemInfo
GetNativeSystemInfo
Sleep
GetCurrentProcess
GetCurrentProcessId
CloseHandle
InterlockedDecrement
GlobalFree
GlobalMemoryStatusEx
LocalAlloc
LocalFree
OpenProcess
OpenThread
GetThreadPriorityBoost
GetThreadTimes
GetThreadIOPendingFlag
GetLastError
SetErrorMode
ReadProcessMemory
ReadFile
SetFilePointer
FindClose
GetFileTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
ExpandEnvironmentStringsW
GetWindowsDirectoryW
GetDllDirectoryW
CreateFileW
FindFirstFileW
FindNextFileW
QueryPerformanceCounter
QueryPerformanceFrequency
GetVersionExW
IsWow64Process
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
LoadLibraryExW
FreeLibrary
GlobalAlloc
FormatMessageW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
CreateSemaphoreA
ReleaseSemaphore
LoadLibraryW
CreateEventA
SetEvent
GetCurrentThread
GetCurrentThreadId
WaitForSingleObjectEx
WaitForSingleObject
WaitForMultipleObjectsEx
DuplicateHandle
GetProcessHeap
HeapAlloc
HeapFree
GetProcessTimes
GetStdHandle
WriteFile
GetLogicalDriveStringsW
CreateProcessW
GetTempPathW
SetDllDirectoryW
QueryDosDeviceW
GetUserDefaultUILanguage
AttachConsole
HeapReAlloc
HeapDestroy
DecodePointer
InterlockedIncrement
InterlockedExchange
InterlockedExchangeAdd
HeapSize
RaiseException
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsFree
GetFileSize
GetFileAttributesW
CopyFileW
MultiByteToWideChar
SetFileTime
GetCurrentDirectoryW
CreateDirectoryW
GetFileInformationByHandle
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
CreateEventW
SleepEx
GetProcessWorkingSetSize
SetProcessWorkingSetSize
TerminateProcess
GetThreadPriority
SuspendThread
ResumeThread
CompareFileTime
TlsGetValue
CreateWaitableTimerW
SetWaitableTimer
GetPriorityClass
ProcessIdToSessionId
SetLastError
GetVolumeInformationW
SetFilePointerEx
GetFileType
GetFileAttributesExW
FindFirstFileExW
OpenEventA
ResetEvent
GetShortPathNameW
DeviceIoControl
GetVolumePathNameW
GetDiskFreeSpaceExW
GetLogicalDrives
VirtualQueryEx
SetThreadPriority
GetDriveTypeW
SetPriorityClass
GetSystemPowerStatus
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
WTSGetActiveConsoleSessionId
Module32FirstW
Module32NextW
IsProcessorFeaturePresent
OpenEventW
WaitForMultipleObjects
GetFullPathNameA
SetEndOfFile
SetFileAttributesW
DeleteFileW
MoveFileExW
GetEnvironmentVariableW
GetLongPathNameW
GetSystemTimes
DefineDosDeviceW
GetModuleFileNameW
RemoveDirectoryW
GetFullPathNameW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineW
GetComputerNameW
VirtualAlloc
VirtualFree
GetExitCodeProcess
SetUnhandledExceptionFilter
CreateThread
ReleaseMutex
CreateMutexW
VerSetConditionMask
InterlockedCompareExchange
VirtualProtect
TerminateThread
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
TlsSetValue
VerifyVersionInfoW
GetProcessId
SetHandleInformation
CreatePipe
PeekNamedPipe
ExitProcess
LockFileEx
UnlockFileEx
FlushFileBuffers
AllocConsole
FreeConsole
OpenMutexW
OutputDebugStringW
InitializeCriticalSection
PulseEvent
CreateProcessA
GetFileSizeEx

user32

GetClassNameW
EnumWindows
GetShellWindow
GetParent
GetWindowLongW
SetSysColors
GetSysColor
GetWindowRect
GetForegroundWindow
MsgWaitForMultipleObjects
IsIconic
IsWindowVisible
GetWindowPlacement
MessageBoxW
PeekMessageW
GetUserObjectInformationW
CloseDesktop
SwitchDesktop
EnumDesktopWindows
OpenInputDesktop
LoadStringA
OpenDesktopW
KillTimer
SetTimer
DestroyWindow
CreateWindowExW
RegisterClassExW
GetWindowThreadProcessId
SystemParametersInfoW
GetProcessWindowStation
GetKeyState
GetIconInfo
DestroyIcon
SetUserObjectSecurity
EnumThreadWindows
SetForegroundWindow
ExitWindowsEx
PostQuitMessage
IsWindow
DefWindowProcW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetDesktopWindow
SendMessageW
GetSystemMetrics
LoadStringW

gdi32

GetBitmapBits
DeleteObject
GetObjectW

advapi32

GetUserNameW
StartServiceW
OpenProcessToken
LookupAccountNameW
RegCloseKey
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
CloseServiceHandle
EnumServicesStatusW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
ConvertSidToStringSidW
BackupEventLogW
CloseEventLog
OpenEventLogW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
ImpersonateSelf
RevertToSelf
OpenThreadToken
GetTokenInformation
AdjustTokenPrivileges
PrivilegeCheck
LookupAccountSidW
LookupPrivilegeValueW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetNamedSecurityInfoW
BuildTrusteeWithNameW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
ImpersonateLoggedOnUser
DecryptFileW
IsValidSid
EqualSid
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetLengthSid
CopySid
InitializeAcl
GetAclInformation
AddAce
GetAce
SetNamedSecurityInfoW
InitiateSystemShutdownExW
ChangeServiceConfigW
ChangeServiceConfig2W
ControlService
CreateServiceW
DeleteService
RegOpenUserClassesRoot
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SaferComputeTokenFromLevel
SaferCloseLevel
SaferCreateLevel
SetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
CheckTokenMembership
RegOpenCurrentUser
SetSecurityInfo
GetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
AllocateAndInitializeSid
RegDeleteValueW
QueryServiceStatusEx

shell32

SHChangeNotify
SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
CommandLineToArgvW
SHCreateDirectoryExW
SHGetFolderPathAndSubDirW
SHGetFolderPathW
ShellExecuteExW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CreateStreamOnHGlobal
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoCreateGuid
CoUninitialize

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

shlwapi

PathGetDriveNumberW
SHCreateStreamOnFileEx
SHDeleteKeyW
StrRetToStrW
PathCombineW
PathIsFileSpecW
PathIsUNCW
ord437
SHGetValueW

pdh

PdhCollectQueryData
PdhCloseQuery
PdhGetFormattedCounterValue
PdhOpenQueryW

Exports

Exports

GetExtension
GetNanoCtx

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 166KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/nsreportc64.exe
.exe windows:5 windows x64 arch:x64

e667ba5b1c1469027cf10ba1076719ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

O:\bin\Release\pdb\nsreportc64.pdb

Imports

psapi

GetModuleBaseNameW
GetModuleFileNameExW
EnumDeviceDrivers
GetDeviceDriverFileNameW
GetProcessMemoryInfo
GetProcessImageFileNameW
GetPerformanceInfo
EnumProcesses
EnumProcessModules

netapi32

NetUserEnum
NetUserGetLocalGroups
NetApiBufferFree

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetGetConnectionW

userenv

DestroyEnvironmentBlock
UnloadUserProfile
ExpandEnvironmentStringsForUserW
CreateEnvironmentBlock

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
WinVerifyTrust

ws2_32

WSAGetLastError
closesocket
ioctlsocket
htonl
htons
ntohl
setsockopt
WSAStartup
WSACleanup
WSASetLastError
WSCWriteProviderOrder32
WSCWriteProviderOrder
WSCInstallProvider64_32
WSCInstallProvider
WSCDeinstallProvider32
WSCDeinstallProvider
WSCEnumProtocols
WSCGetProviderPath
WSASocketW
WSASend

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdiplus

GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipCreateBitmapFromHICON
GdipGetImageEncoders

setupapi

CM_Request_Device_EjectW
CM_Get_Sibling
CM_Get_DevNode_Status
CM_Get_Device_ID_Size
CM_Get_Device_IDW
CM_Get_Child
SetupDiEnumDeviceInterfaces
SetupDiGetClassImageIndex
SetupDiGetClassImageList
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInterfaceW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDescriptionW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification
WTSQueryUserToken
WTSEnumerateSessionsW

kernel32

GetStringTypeW
RtlPcToFileHeader
EncodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
CreateWaitableTimerA
FormatMessageA
GetStringTypeExW
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
IsDebuggerPresent
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
LoadLibraryA
GetModuleHandleA
LoadLibraryW
GetModuleHandleW
GetProcAddress
FreeLibrary
GetSystemInfo
GetNativeSystemInfo
GetCurrentProcess
GetCurrentProcessId
CloseHandle
GlobalMemoryStatusEx
LocalAlloc
LocalFree
OpenProcess
OpenThread
GetThreadPriorityBoost
GetThreadTimes
GetThreadIOPendingFlag
GetLastError
SetErrorMode
ReadProcessMemory
ReadFile
SetFilePointer
FindClose
GetFileTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
ExpandEnvironmentStringsW
GetWindowsDirectoryW
GetDllDirectoryW
CreateFileW
FindFirstFileW
FindNextFileW
GetVersionExW
IsWow64Process
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
LoadLibraryExW
GlobalAlloc
GlobalFree
FormatMessageW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
CreateSemaphoreA
ReleaseSemaphore
CreateEventA
SetEvent
GetCurrentThread
GetCurrentThreadId
WaitForSingleObjectEx
WaitForSingleObject
WaitForMultipleObjectsEx
DuplicateHandle
GetProcessHeap
HeapAlloc
HeapFree
RtlCaptureContext
GetStdHandle
WriteFile
GetLogicalDriveStringsW
CreateProcessW
GetTempPathW
SetDllDirectoryW
QueryDosDeviceW
GetUserDefaultUILanguage
AttachConsole
HeapReAlloc
HeapDestroy
DecodePointer
HeapSize
RaiseException
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsFree
GetFileSize
GetFileAttributesW
CopyFileW
MultiByteToWideChar
SetFileTime
GetCurrentDirectoryW
CreateDirectoryW
GetFileInformationByHandle
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
CreateEventW
SleepEx
GetProcessWorkingSetSize
SetProcessWorkingSetSize
TerminateProcess
GetThreadPriority
SuspendThread
ResumeThread
CompareFileTime
TlsGetValue
CreateWaitableTimerW
SetWaitableTimer
GetPriorityClass
ProcessIdToSessionId
SetLastError
GetVolumeInformationW
SetFilePointerEx
GetFileAttributesExW
FindFirstFileExW
GetFileType
GetShortPathNameW
OpenEventA
ResetEvent
DeviceIoControl
GetVolumePathNameW
GetDiskFreeSpaceExW
GetLogicalDrives
Sleep
VirtualQueryEx
SetThreadPriority
GetDriveTypeW
SetPriorityClass
GetSystemPowerStatus
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
WTSGetActiveConsoleSessionId
Module32FirstW
Module32NextW
IsProcessorFeaturePresent
OpenEventW
WaitForMultipleObjects
GetFileSizeEx
SetEndOfFile
SetFileAttributesW
DeleteFileW
MoveFileExW
GetEnvironmentVariableW
GetLongPathNameW
GetSystemTimes
DefineDosDeviceW
GetModuleFileNameW
RemoveDirectoryW
GetFullPathNameW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineW
GetComputerNameW
VirtualAlloc
VirtualFree
GetExitCodeProcess
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
ReleaseMutex
CreateMutexW
QueryPerformanceCounter
QueryPerformanceFrequency
VerSetConditionMask
VirtualProtect
TerminateThread
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
TlsSetValue
VerifyVersionInfoW
LockFileEx
UnlockFileEx
FlushFileBuffers
AllocConsole
FreeConsole
OpenMutexW
GetProcessId
SetHandleInformation
CreatePipe
PeekNamedPipe
ExitProcess
OutputDebugStringW
RtlVirtualUnwind
UnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
VirtualQuery
SetConsoleCtrlHandler
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetCommandLineA
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
SetStdHandle
ReadConsoleW
IsValidCodePage
GetOEMCP
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleW
GetProcessTimes
CreateThread

user32

GetKeyState
SetUserObjectSecurity
GetIconInfo
LoadStringA
DestroyIcon
KillTimer
SetTimer
DestroyWindow
SwitchDesktop
CloseDesktop
GetUserObjectInformationW
TranslateMessage
DispatchMessageW
PeekMessageW
ExitWindowsEx
PostQuitMessage
GetWindowPlacement
IsWindowVisible
IsIconic
MessageBoxW
GetForegroundWindow
GetWindowRect
GetSysColor
SetSysColors
GetWindowLongW
GetWindowLongPtrW
CreateWindowExW
RegisterClassExW
GetParent
GetShellWindow
EnumWindows
GetClassNameW
GetWindowThreadProcessId
SystemParametersInfoW
PostMessageW
IsWindow
SetForegroundWindow
EnumThreadWindows
GetMessageW
GetSystemMetrics
LoadStringW
SendMessageW
EnumDesktopWindows
GetDesktopWindow
OpenDesktopW
OpenInputDesktop
MsgWaitForMultipleObjects
DefWindowProcW

gdi32

GetBitmapBits
GetObjectW
DeleteObject

advapi32

GetUserNameW
CheckTokenMembership
OpenEventLogW
OpenProcessToken
LookupAccountNameW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
CloseServiceHandle
EnumServicesStatusW
OpenSCManagerW
ImpersonateSelf
RevertToSelf
OpenThreadToken
GetTokenInformation
AdjustTokenPrivileges
PrivilegeCheck
LookupAccountSidW
LookupPrivilegeValueW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetNamedSecurityInfoW
BuildTrusteeWithNameW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
ImpersonateLoggedOnUser
DecryptFileW
IsValidSid
EqualSid
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetLengthSid
CopySid
InitializeAcl
GetAclInformation
AddAce
GetAce
SetNamedSecurityInfoW
InitiateSystemShutdownExW
CloseEventLog
BackupEventLogW
CreateProcessAsUserW
ChangeServiceConfigW
ChangeServiceConfig2W
ControlService
CreateServiceW
DeleteService
QueryServiceStatusEx
StartServiceW
RegOpenUserClassesRoot
RegOpenCurrentUser
RegDeleteValueW
AllocateAndInitializeSid
FreeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityInfo
SetSecurityInfo
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
ConvertSidToStringSidW
DuplicateTokenEx
SaferComputeTokenFromLevel
SaferCloseLevel
SaferCreateLevel
SetTokenInformation

shell32

SHGetFolderPathW
SHChangeNotify
SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
CommandLineToArgvW
SHCreateDirectoryExW
ShellExecuteExW
SHGetFolderPathAndSubDirW

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoCreateGuid
StringFromGUID2
CoSetProxyBlanket
CoInitializeSecurity
CreateStreamOnHGlobal

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

shlwapi

StrRetToStrW
PathGetDriveNumberW
SHCreateStreamOnFileEx
SHDeleteKeyW
PathCombineW
PathIsFileSpecW
PathIsUNCW
ord437
SHGetValueW

pdh

PdhCloseQuery
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhOpenQueryW

Exports

Exports

GetExtension
GetNanoCtx

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
homepage.url

Sharing

General

Malware Config

Signatures

Files

79816339b53ffe40dc34edbae4af71e4

Code Sign

48:f2:79:ee:b5:3d:d0:69:bb:7a:f7:27:0f:6d:dc:aeCertificate

Extended Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

4a:9d:75:c5:0c:77:4e:c9:a8:32:d5:bcCertificate

Extended Key Usages

Key Usages

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

0d:7c:fe:24:36:9e:7a:c6:8a:da:4d:d7:7a:9c:23:97:bb:64:b4:27:56:5e:b1:fa:d0:6e:a4:40:b3:c7:3d:59Signer

0d:7c:fe:24:36:9e:7a:c6:8a:da:4d:d7:7a:9c:23:97:bb:64:b4:27:56:5e:b1:fa:d0:6e:a4:40:b3:c7:3d:59Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 170KB

.ndata Size: - Virtual size: 352KB

.rsrc Size: 101KB - Virtual size: 101KB

2ed77e01961352b9d2ff2119043404b3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 726B

.data Size: - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 232B

bdd53a56197f8e1b1c8f0d478c5db507

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

psapi

mpr

wldap32

gdiplus

wintrust

48:f2:79:ee:b5:3d:d0:69:bb:7a:f7:27:0f:6d:dc:ae
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

4a:9d:75:c5:0c:77:4e:c9:a8:32:d5:bc
Certificate

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

0d:7c:fe:24:36:9e:7a:c6:8a:da:4d:d7:7a:9c:23:97:bb:64:b4:27:56:5e:b1:fa:d0:6e:a4:40:b3:c7:3d:59
Signer

0d:7c:fe:24:36:9e:7a:c6:8a:da:4d:d7:7a:9c:23:97:bb:64:b4:27:56:5e:b1:fa:d0:6e:a4:40:b3:c7:3d:59
Signer

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 170KB

.ndata
Size: - Virtual size: 352KB

.rsrc
Size: 101KB - Virtual size: 101KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 726B

.data
Size: - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 232B

.text
Size: 6.1MB - Virtual size: 6.1MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 231KB - Virtual size: 1.4MB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 355KB - Virtual size: 355KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 910B

.data
Size: 512B - Virtual size: 68B

.reloc
Size: 512B - Virtual size: 464B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 268B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 278B

.text
Size: 4KB - Virtual size: 4KB