Installer_1[.]27a_TFT_enUS[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Installer_1.27a_TFT_enUS.zip
Size

577.8MB
MD5

4bb11b2a26a66df6a7d5208074218daa
SHA1

58f8e56f5592d859f2664a6e71bdb2ce84696546
SHA256

0d6cb32857564cab8683e899bb63210514f626312d22680a1f24cb66a95ed675
SHA512

8560b38425799f306cc875dcdd8c2c936a5dbc230db3e98a932ea8904132f2f64cbb2add728066e6056a314af7d64bb4752a3abc276d0cdb5c744faf68bc285f
SSDEEP

12582912:n4x9d3CjjYGWPH1L6YN6757kYML0wWqgvd2snagDNsJRP7HEXvNeBRuoBizaYyFe:5jPOu757kYpwWqpsnZsJBHjBRuXzabFe

Score

3^/10

Malware Config

Signatures

Unsigned PE 26 IoCs

Checks for missing Authenticode signature.

resource
unpack002/MSDvbNP.ax
unpack002/MSVidCtl.dll
unpack002/Mpeg2Data.ax
unpack002/bdaplgin.ax
unpack002/bdasup.sys
unpack002/ccdecode.sys
unpack002/ipsink.ax
unpack002/kstvtune.ax
unpack002/kswdmcap.ax
unpack002/ksxbar.ax
unpack002/mpe.sys
unpack002/msdv.sys
unpack002/msdv98se.sys
unpack002/msyuv.dll
unpack002/nabtsfec.sys
unpack002/ndisip.sys
unpack002/psisdecd.dll
unpack002/psisrndr.ax
unpack002/slip.sys
unpack002/streamip.sys
unpack002/vbisurf.ax
unpack002/wstcodec.sys
unpack002/wstdecod.dll
unpack001/War3-1.27-Installer-enUS-TFT/DirectX/DSETUP.dll
unpack001/War3-1.27-Installer-enUS-TFT/DirectX/dsetup32.dll
unpack001/War3-1.27-Installer-enUS-TFT/DirectX/dxsetup.exe

Files

Installer_1.27a_TFT_enUS.zip
.zip

Password: idk
War3-1.27-Installer-enUS-TFT/DirectX/BDA.cab
.cab

Password: idk
MSDvbNP.ax
.dll regsvr32 windows:5 windows x86 arch:x86

Password: idk

bd61e5a03c0af93c60b30cf39184a4a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEvent
CloseHandle
CreateThread
CreateEventA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleA
IsBadWritePtr
GetCurrentProcess
IsBadReadPtr
GetLastError
ResetEvent
WaitForSingleObject
SleepEx
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
TerminateProcess
InitializeCriticalSection
GetModuleFileNameA
MultiByteToWideChar
lstrlenA
InterlockedDecrement
FreeLibrary
InterlockedIncrement
GetVersionExA

msvcrt

wcscmp
??2@YAPAXI@Z
swscanf
memmove
??3@YAXPAX@Z

advapi32

RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegCreateKeyA

user32

wsprintfA
PeekMessageA
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageA

ole32

CoFreeUnusedLibraries
StringFromCLSID
CoCreateInstance
CoGetMalloc
CoUninitialize
CoInitialize
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSVidCtl.dll
.dll regsvr32 windows:5 windows x86 arch:x86

Password: idk

4cab68af3a9d463423ff5188da351b39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
DisableThreadLibraryCalls
lstrcpyA
lstrcatA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
lstrcmpiA
lstrcpynA
GetShortPathNameA
GetModuleHandleA
FormatMessageA
CreateEventA
WaitForSingleObject
ReleaseMutex
CloseHandle
GetLastError
LockResource
LoadResource
FindResourceA
CreateMutexA
SetEvent
ResetEvent
WaitForMultipleObjects
CreateThread
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
VirtualQuery
lstrlenA
VirtualProtect
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
HeapSize
IsBadWritePtr
VirtualAlloc
GetCPInfo
GetOEMCP
SetUnhandledExceptionFilter
WriteFile
VirtualFree
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsAlloc
TlsGetValue
SetLastError
TlsFree
ExitProcess
HeapReAlloc
HeapFree
MultiByteToWideChar
DeleteCriticalSection
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
lstrlenW
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetSystemInfo
InterlockedExchange
HeapAlloc
RaiseException
GetCommandLineA
TlsSetValue
Sleep

ntdll

RtlUnwind

ole32

StringFromCLSID
CoCreateFreeThreadedMarshaler
ProgIDFromCLSID
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CoUninitialize
StringFromGUID2

oleaut32

LoadRegTypeLi
VARIANT_UserMarshal
VARIANT_UserSize
SysAllocString
LoadTypeLi
RegisterTypeLi
VariantClear
VariantCopy
SysAllocStringByteLen
VarUI4FromStr
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
VariantChangeType
SysStringByteLen
SysStringLen
SysAllocStringLen
SetErrorInfo
CreateErrorInfo
VariantInit
VARIANT_UserFree
BSTR_UserSize
SysFreeString
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
VARIANT_UserUnmarshal

user32

CharNextA
LoadStringA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjectsEx
DispatchMessageA

advapi32

RegQueryValueA
RegSetValueA
RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA

rpcrt4

NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
NdrDllUnregisterProxy
NdrDllRegisterProxy
CStdStubBuffer_IsIIDSupported
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
NdrOleFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 297B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mpeg2Data.ax
.dll regsvr32 windows:5 windows x86 arch:x86

Password: idk

244f9b8f61fbb054334418ba678d871c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ResetEvent
WaitForMultipleObjects
LocalAlloc
LocalFree
CreateThread
LocalReAlloc
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleA
TerminateProcess
CreateEventA
GetThreadPriority
SetThreadPriority
GetModuleFileNameA
GetLastError
MultiByteToWideChar
SetEvent
CloseHandle
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
GetCurrentProcess
lstrlenA
LoadLibraryA
InterlockedDecrement
FreeLibrary
InterlockedIncrement
GetVersionExA
GetCurrentThread

msvcrt

_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
malloc
free

winmm

timeKillEvent
timeBeginPeriod
timeEndPeriod
timeSetEvent

advapi32

RegSetValueExA
RegCreateKeyA
RegSetValueA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA

user32

GetQueueStatus
wsprintfA
MsgWaitForMultipleObjects
DispatchMessageA
PeekMessageA
PostThreadMessageA
RegisterWindowMessageA

ole32

CoTaskMemAlloc
CoInitialize
CoFreeUnusedLibraries
CoUninitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bda.inf
bdaplgin.ax
.dll regsvr32 windows:5 windows x86 arch:x86

Password: idk

1dbce2677ed0e9df3b7a82b88863a3d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
FreeLibrary
InterlockedIncrement
GetVersionExA

msvcrt

??3@YAXPAX@Z
_vsnwprintf
??2@YAPAXI@Z

advapi32

RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
RegCreateKeyA

user32

wsprintfA

ole32

CoInitialize
CoCreateInstance
CoUninitialize
StringFromGUID2
CoFreeUnusedLibraries

ksproxy.ax

KsSynchronousDeviceControl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdasetup.inf
bdasup.sys
.dll windows:5 windows x86 arch:x86

Password: idk

6b2b65bafa0dd0cf733b55e44cdea375

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

BdaSup.pdb

Imports

hal

KfReleaseSpinLock
KfAcquireSpinLock

ntoskrnl.exe

ExFreePool
KeInitializeSpinLock
KeTickCount
ExAllocatePoolWithTag
memmove

ks.sys

KsGetParent
KsAddItemToObjectBag
KsRemoveItemFromObjectBag
KsFreeObjectCreateItemsByContext
_KsEdit
KsCreateFilterFactory
KsMergeAutomationTables
KsFilterFactoryUpdateCacheData
KsGetFilterFromIrp
KsPinGetParentFilter
KsFilterAddTopologyConnections
KsGetPinFromIrp
KsFilterCreatePinFactory

Exports

Exports

BdaCheckChanges
BdaCommitChanges
BdaCreateFilterFactory
BdaCreateFilterFactoryEx
BdaCreatePin
BdaCreateTopology
BdaDeletePin
BdaFilterFactoryUpdateCacheData
BdaGetChangeState
BdaInitFilter
BdaMethodCreatePin
BdaMethodCreateTopology
BdaMethodDeletePin
BdaPropertyGetControllingPinId
BdaPropertyGetPinControl
BdaPropertyNodeDescriptors
BdaPropertyNodeEvents
BdaPropertyNodeMethods
BdaPropertyNodeProperties
BdaPropertyNodeTypes
BdaPropertyPinTypes
BdaPropertyTemplateConnections
BdaStartChanges
BdaUninitFilter
BdaValidateNodeProperty

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 211B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 896B - Virtual size: 834B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGECONS
Size: 768B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 768B - Virtual size: 674B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 278B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ccdecode.inf
ccdecode.sys
.sys windows:5 windows x86 arch:x86

d5977c633dbdac9c68f7e446e09a0a9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ccdecode.pdb

Imports

ntoskrnl.exe

KefReleaseSpinLockFromDpcLevel
KeInitializeSpinLock
ExFreePool
KeInitializeEvent
ExAllocatePoolWithTag
KeTickCount
KefAcquireSpinLockAtDpcLevel

hal

ExAcquireFastMutex
KeQueryPerformanceCounter
ExReleaseFastMutex
KfReleaseSpinLock
KfAcquireSpinLock

stream.sys

StreamClassDeviceNotification
StreamClassRegisterAdapter
StreamClassStreamNotification

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 761B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECONS
Size: 256B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 640B - Virtual size: 554B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dx9bda.cat
ipsink.ax
.dll regsvr32 windows:5 windows x86 arch:x86

Password: idk

9c828b85bafb7d0f5f2d6ab092d5473d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ReleaseMutex
WaitForSingleObject
GetVersionExA
ResetEvent
WaitForMultipleObjects
CreateThread
CreateMutexA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
SetEvent
GetModuleHandleA
TerminateProcess
GetCurrentProcess
WaitForSingleObjectEx
CreateEventA
GetLastError
Sleep
IsBadReadPtr
IsBadWritePtr
GetProcAddress
MultiByteToWideChar
GetModuleFileNameA
lstrlenA
InterlockedDecrement
FreeLibrary
InterlockedIncrement

msvcrt

rand
??3@YAXPAX@Z
??2@YAPAXI@Z
free
malloc
_snprintf

advapi32

RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
RegCreateKeyA

user32

wsprintfA

ole32

CoCreateInstance
CoInitialize
StringFromGUID2
CoTaskMemAlloc
CoFreeUnusedLibraries
CoUninitialize

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen

ksproxy.ax

KsSynchronousDeviceControl

iphlpapi

GetUniDirectionalAdapterInfo
GetIpAddrTable

wsock32

htons
WSAStartup
ioctlsocket
setsockopt
bind
closesocket

ws2_32

WSASocketA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kstvtune.ax
.dll windows:5 windows x86 arch:x86

Password: idk

373218214f1164b605815211c9b37c65

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadResource
FindResourceA
GetLastError
SizeofResource
InterlockedCompareExchange
Sleep
CreateFileA
InterlockedExchange
GetProfileIntA
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LockResource
GetACP
MultiByteToWideChar
CreateMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
IsBadWritePtr
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedDecrement
FreeLibrary
InterlockedIncrement
GetVersionExA
InitializeCriticalSection

msvcrt

_purecall
??2@YAPAXI@Z
strtol
??3@YAXPAX@Z

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
RegCloseKey
RegQueryValueExA
RegDeleteValueA
RegSetValueExA

user32

DestroyWindow
DefWindowProcA
wvsprintfA
LoadStringW
GetWindowRect
ShowWindow
GetWindowLongA
GetDlgItemInt
wsprintfA
KillTimer
MessageBoxA
LoadStringA
CheckRadioButton
SetDlgItemTextA
SetDlgItemInt
InvalidateRect
SetWindowLongA
MoveWindow
CreateDialogParamA
GetDesktopWindow
SendMessageA
GetDlgItem
GetAsyncKeyState
PostMessageA
SetTimer
EnableWindow
SetWindowTextA
UpdateWindow

comctl32

ord17

ole32

CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoFreeUnusedLibraries

oleaut32

VariantInit
VariantClear

ksproxy.ax

KsSynchronousDeviceControl

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kswdmcap.ax
.dll regsvr32 windows:5 windows x86 arch:x86

95d6690a876714b701968430fd31ed5a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ResetEvent
WaitForMultipleObjects
VirtualFree
VirtualAlloc
SetLastError
CreateThread
InitializeCriticalSection
ExitThread
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleA
WaitForSingleObjectEx
GetCurrentProcess
InterlockedDecrement
FreeLibrary
InterlockedIncrement
GetModuleFileNameA
Sleep
lstrcmpA
lstrcpyA
lstrcpynA
CreateEventA
GetLastError
DeviceIoControl
GetOverlappedResult
MultiByteToWideChar
lstrlenA
GetVersionExA
TerminateProcess
CloseHandle

mfc42

ord823
ord825

msvcrt

sprintf
_purecall
_ftol
__CxxFrameHandler
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
atoi
strtod

advapi32

RegSetValueExA
RegCreateKeyA
RegSetValueA
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey

user32

SetTimer
KillTimer
wsprintfA
LoadImageA
ShowWindow
SetDlgItemTextA
GetWindowLongA
SetWindowLongA
CreateDialogParamA
MoveWindow
InvalidateRect
DestroyWindow
LoadStringA
LoadStringW
GetWindowRect
GetDesktopWindow
EnableWindow
SetDlgItemInt
MessageBoxA
IsWindowEnabled
GetDlgItemInt
SetRect
IsRectEmpty
SendMessageA
GetWindowTextA
SetWindowTextA
GetDlgItem

comctl32

InitCommonControlsEx

ole32

CoUninitialize
CoFreeUnusedLibraries
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FilterHandleFromPin
PerformDataIntersection
PinFactoryIDFromPin
RedundantKsGetMultiplePinFactoryItems

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ksxbar.ax
.dll windows:5 windows x86 arch:x86

5116cc2556341d796c2a80b165186825

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
WaitForSingleObject
GetLastError
DeviceIoControl
CreateEventA
IsBadWritePtr
CreateFileA
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetACP
MultiByteToWideChar
InterlockedDecrement
FreeLibrary
InterlockedIncrement
GetVersionExA

msvcrt

_purecall
swprintf
wcstombs
??2@YAPAXI@Z
wcslen
??3@YAXPAX@Z

user32

LoadStringA
LoadStringW
GetWindowRect
wvsprintfA
MessageBoxA
SetRect
SetDlgItemTextA
SendMessageA
GetDlgItem
CheckRadioButton
EnableWindow
ShowWindow
DestroyWindow
GetDesktopWindow
InvalidateRect
MoveWindow
CreateDialogParamA
SetWindowLongA
GetWindowLongA

ole32

CoFreeUnusedLibraries
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize

oleaut32

VariantInit
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mpe.inf
mpe.sys
.sys windows:5 windows x86 arch:x86

b709125e5196d69f577afdd8423729ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mpe.pdb

Imports

ntoskrnl.exe

KeTickCount
KeQuerySystemTime
KeInitializeSpinLock
ExAllocatePoolWithTag
ExFreePool
KeBugCheckEx
DbgPrint

hal

KfAcquireSpinLock
KfReleaseSpinLock

stream.sys

StreamClassStreamNotification
StreamClassDeviceNotification
StreamClassRegisterAdapter

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECONS
Size: 128B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msdv.sys
.sys windows:5 windows x86 arch:x86

86f2d51aaa296b59194197c28572822e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

MSDV.pdb

Imports

ntoskrnl.exe

IofCallDriver
ExAllocatePoolWithTag
IoFreeIrp
IoAllocateIrp
KeWaitForSingleObject
KeSetEvent
ExFreePool
KeInitializeEvent
KeReleaseMutex
KeInitializeSpinLock
KeInitializeMutex
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
KeResetEvent
InterlockedExchange
ExQueueWorkItem
KeClearEvent
ObfDereferenceObject
MmMapLockedPages
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
IoCancelIrp
wcscpy
KeTickCount
KeBugCheckEx
KeDelayExecutionThread

hal

KfReleaseSpinLock
KeQueryPerformanceCounter
KeGetCurrentIrql
KfAcquireSpinLock

stream.sys

StreamClassStreamNotification
StreamClassRegisterAdapter
StreamClassGetNextEvent
StreamClassQueryMasterClockSync
StreamClassDeviceNotification

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECONS
Size: 256B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 902B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msdv98se.sys
.sys windows:5 windows x86 arch:x86

c44f46939591a6629aae6b9d01b9dae7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msdv98se.pdb

Imports

ntoskrnl.exe

IoFreeIrp
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
ExAllocatePoolWithTag
IoAllocateIrp
KeInitializeMutex
IoAllocateMdl
MmBuildMdlForNonPagedPool
IoFreeMdl
KeReleaseMutex
ExFreePool
KeSetEvent
KeClearEvent
KeInitializeSpinLock
ExfInterlockedInsertTailList
ExfInterlockedRemoveHeadList
MmMapLockedPages
InterlockedDecrement
InterlockedIncrement
KeResetEvent
wcscpy
KeTickCount
KeBugCheckEx
KeDelayExecutionThread

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeQueryPerformanceCounter
KeGetCurrentIrql

stream.sys

StreamClassStreamNotification
StreamClassDeviceNotification
StreamClassGetNextEvent
StreamClassQueryMasterClockSync
StreamClassRegisterAdapter

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECONS
Size: 256B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msyuv.dll
.dll windows:5 windows x86 arch:x86

317bb2a83416a509406d650a33ce001a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
VirtualFree
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleA
LocalFree
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LocalAlloc

msvcrt

_ftol
wcscpy

gdi32

GetSystemPaletteEntries

user32

GetDesktopWindow
MessageBoxW
ReleaseDC
GetDC

winmm

DefDriverProc
GetDriverModuleHandle

Exports

Exports

DriverProc

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nabtsfec.inf
nabtsfec.sys
.sys windows:5 windows x86 arch:x86

49970d1ef884a17567a446f9fea4d52c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

nabtsfec.pdb

Imports

ntoskrnl.exe

KefReleaseSpinLockFromDpcLevel
KeInitializeSpinLock
KefAcquireSpinLockAtDpcLevel
ExFreePool
ObfDereferenceObject
IofCallDriver
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
RtlInitUnicodeString
ExAllocatePoolWithTag
KeRestoreFloatingPointState
KeSaveFloatingPointState
KeTickCount
KeBugCheckEx
KeInitializeEvent

hal

KfReleaseSpinLock
KfAcquireSpinLock
ExReleaseFastMutex
KeQueryPerformanceCounter
ExAcquireFastMutex

stream.sys

StreamClassDeviceNotification
StreamClassRegisterAdapter
StreamClassStreamNotification

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1007B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECONS
Size: 256B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 896B - Virtual size: 784B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ndisip.inf
ndisip.sys
.sys windows:5 windows x86 arch:x86

0a8485ddb79fcd7268b3706841e511d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ndisip.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
IoCreateDevice
IoCreateSymbolicLink
RtlInitUnicodeString
IofCompleteRequest

ndis.sys

NdisFreePacketPool
NdisMSetAttributesEx
NdisAllocateMemory
NdisFreeMemory
NdisAllocatePacket
NdisAdjustBufferLength
NdisAllocateSpinLock
NdisReleaseSpinLock
NdisAcquireSpinLock
NdisFreePacket
NdisMRegisterMiniport
NdisInitializeWrapper
NdisFreeBufferPool
NdisAllocateBuffer
NdisFreeBuffer
NdisAllocatePacketPool
NdisAllocateBufferPool

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 708B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
psisdecd.dll
.dll regsvr32 windows:5 windows x86 arch:x86

a63eb4bfb67dc3602cfc27e862114741

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
lstrcmpiA
IsDBCSLeadByte
lstrcpynA
HeapDestroy
lstrcpyA
lstrcatA
GetModuleFileNameA
DisableThreadLibraryCalls
FreeLibrary
GetProcAddress
LoadLibraryA
SizeofResource
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
lstrlenW
LockResource
GetModuleHandleA
CloseHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
FlushFileBuffers
WideCharToMultiByte
MultiByteToWideChar
Sleep
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
LeaveCriticalSection
GetShortPathNameA
EnterCriticalSection
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetCPInfo
GetOEMCP
GetACP
LocalFree
InterlockedExchange
TlsSetValue
GetCommandLineA
GetVersionExA
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
ExitProcess
TlsFree
SetLastError
TlsGetValue
TlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
HeapSize
SetUnhandledExceptionFilter

ntdll

RtlUnwind

winmm

timeGetTime

advapi32

RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegEnumKeyExA

user32

CharNextA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoCreateFreeThreadedMarshaler

oleaut32

SysStringByteLen
SysAllocStringByteLen
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
VariantClear
VariantCopy
VariantInit
SysAllocString
SysFreeString
VariantChangeType

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
psisrndr.ax
.dll regsvr32 windows:5 windows x86 arch:x86

89452c43805800f5fc649a24f8bcf44d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetACP
WideCharToMultiByte
GetModuleFileNameA
GetLastError
GetTickCount
QueryPerformanceCounter
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
lstrlenA
LoadLibraryA
FreeLibrary
GetVersionExA

msvcrt

??3@YAXPAX@Z
_purecall
??2@YAPAXI@Z

advapi32

RegSetValueA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyA

user32

wsprintfA
wvsprintfA

ole32

CoUninitialize
StringFromGUID2
CoTaskMemFree
CoFreeUnusedLibraries
CoInitialize
CoTaskMemAlloc
CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
slip.inf
slip.sys
.sys windows:5 windows x86 arch:x86

3f9db7809b38aa51c5daad51c58fe7a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

slip.pdb

Imports

ntoskrnl.exe

KeTickCount
ExFreePool
ExAllocatePoolWithTag
DbgBreakPoint
KeQuerySystemTime
KeInitializeSpinLock

hal

KfAcquireSpinLock
KfReleaseSpinLock

stream.sys

StreamClassStreamNotification
StreamClassDeviceNotification
StreamClassRegisterAdapter

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 263B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECONS
Size: 128B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 206B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
streamip.inf
streamip.sys
.sys windows:5 windows x86 arch:x86

024e69c1aa1ed511e6751546ba958390

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

streamip.pdb

Imports

ntoskrnl.exe

IofCallDriver
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
ObfReferenceObject
ObfDereferenceObject
KeInitializeSpinLock
RtlInitUnicodeString
DbgPrint
ExFreePool
KeTickCount
ExAllocatePoolWithTag

hal

KfAcquireSpinLock
KfReleaseSpinLock

stream.sys

StreamClassDeviceNotification
StreamClassGetNextEvent
StreamClassStreamNotification
StreamClassRegisterAdapter

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECONS
Size: 128B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 640B - Virtual size: 612B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 594B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vbisurf.ax
.dll regsvr32 windows:5 windows x86 arch:x86

ae48a05a15c768aaec63afcf3810c760

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
FreeLibrary
GetTickCount
InterlockedExchange
QueryPerformanceCounter
WaitForSingleObject
CloseHandle
SetErrorMode
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
ResetEvent
SetEvent
CreateEventA
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
GetLastError
MultiByteToWideChar
lstrlenA
GetVersionExA

msvcrt

??2@YAPAXI@Z
??3@YAXPAX@Z

ddraw

DirectDrawCreateEx
DirectDrawEnumerateExA

advapi32

RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
RegCreateKeyA

user32

wsprintfA

ole32

CoTaskMemAlloc
CoInitialize
CoFreeUnusedLibraries
CoTaskMemFree
StringFromGUID2
CoUninitialize
CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wst_czec.fon
wst_engl.fon
wst_fren.fon
wst_germ.fon
wst_ital.fon
wst_span.fon
wst_swed.fon
wstcodec.inf
wstcodec.sys
.sys windows:5 windows x86 arch:x86

5e94d6115bae4fe6e2b87706af1a8293

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wstcodec.pdb

Imports

hal

KfReleaseSpinLock
KfAcquireSpinLock
KeQueryPerformanceCounter

ntoskrnl.exe

IoCreateSymbolicLink
ExFreePool
KeInitializeSpinLock
KeTickCount
ExAllocatePoolWithTag
RtlInitUnicodeString

stream.sys

StreamClassDeviceNotification
StreamClassRegisterAdapter
StreamClassStreamNotification

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wstdecod.dll
.dll regsvr32 windows:5 windows x86 arch:x86

af4f8f6981ea7fd495566925fe5b0cf2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
TerminateProcess
GetProcAddress
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLastError
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
MultiByteToWideChar
lstrlenA
GetVersionExA
GetModuleHandleA
MulDiv
IsBadReadPtr
IsBadWritePtr
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

msvcrt

free
malloc
??2@YAPAXI@Z
sprintf
sscanf
??3@YAXPAX@Z

gdi32

CreateCompatibleDC
DeleteDC
CreateFontIndirectA
SetBkMode
DeleteObject
CreateDIBSection
SelectObject
SetTextColor
ExtTextOutA
SetBkColor
GetTextMetricsA
GetSystemPaletteEntries
GetDeviceCaps
GetTextColor

user32

LoadStringA
LoadStringW
GetWindowRect
GetDesktopWindow
DestroyWindow
InvalidateRect
CreateDialogParamA
SetWindowLongA
wsprintfA
SetRect
SetTimer
KillTimer
IsRectEmpty
ReleaseDC
GetDC
UnregisterClassA
SendMessageTimeoutA
DefWindowProcA
ShowWindow
CreateWindowExA
GetWindowLongA
GetWindowTextA
MessageBeep
IsDlgButtonChecked
GetDlgItem
SendMessageA
SetWindowTextA
CheckDlgButton
RegisterClassA
MoveWindow

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegSetValueA
RegCreateKeyA
RegDeleteKeyA

ole32

CoTaskMemFree
StringFromGUID2
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
CoTaskMemAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
War3-1.27-Installer-enUS-TFT/DirectX/BDANT.cab
.cab
War3-1.27-Installer-enUS-TFT/DirectX/BDAXP.cab
.cab
War3-1.27-Installer-enUS-TFT/DirectX/DSETUP.dll
.dll windows:5 windows x86 arch:x86

bf78a72e9482796575907cf30b9c2864

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DSETUP.pdb

Imports

kernel32

lstrcatA
lstrcpyA
IsBadWritePtr
lstrlenA
GetModuleFileNameA
SetLastError
MultiByteToWideChar
LocalFree
LocalAlloc
lstrcmpiA
WideCharToMultiByte
lstrcmpA
GetSystemDefaultLCID
IsBadStringPtrA
IsBadReadPtr
IsBadStringPtrW
lstrlenW
lstrcpynA
GetWindowsDirectoryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsSetValue
GetCommandLineA
HeapFree
HeapAlloc
HeapReAlloc
GetLocalTime
ExitProcess
GetModuleHandleA
TlsFree
TlsGetValue
TlsAlloc
SetHandleCount
GetStdHandle
GetCurrentDirectoryA
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
SetFilePointer
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
CreateFileA
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
SetEndOfFile
GetProcessHeap
ReadFile
GetSystemDirectoryA
SetCurrentDirectoryA
GetVersionExA
LoadLibraryA
GetProcAddress
OutputDebugStringA
CreateMutexA
GetLastError
CloseHandle
GetFileType
FreeLibrary

user32

wsprintfW
CharNextA
wsprintfA
GetKeyboardType
DestroyWindow
SetFocus
CreateDialogParamA
SetDlgItemTextA
MessageBoxA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegSetValueExW
RegCreateKeyExW
RegQueryValueExA

winmm

mmioRead
mmioDescend
mmioOpenA
mmioClose

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ole32

StringFromGUID2

Exports

Exports

DirectXDeviceDriverSetupA
DirectXDeviceDriverSetupW
DirectXLoadString
DirectXRegisterApplicationA
DirectXRegisterApplicationW
DirectXSetupA
DirectXSetupCallback
DirectXSetupGetEULAA
DirectXSetupGetEULAW
DirectXSetupGetFileVersion
DirectXSetupGetVersion
DirectXSetupIsEng
DirectXSetupIsJapan
DirectXSetupIsJapanNec
DirectXSetupSetCallback
DirectXSetupShowEULA
DirectXSetupW
DirectXUnRegisterApplication

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
War3-1.27-Installer-enUS-TFT/DirectX/DirectX.cab
.cab
War3-1.27-Installer-enUS-TFT/DirectX/ManagedDX.CAB
.cab
War3-1.27-Installer-enUS-TFT/DirectX/dsetup32.dll
.dll windows:5 windows x86 arch:x86

baef0ec21a3430d89e98a197f991db2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dsetup32.pdb

Imports

kernel32

GetFileAttributesA
FindClose
FindFirstFileA
lstrcpyA
GetPrivateProfileSectionA
CloseHandle
CreateFileA
SetFileAttributesA
FindNextFileA
lstrcmpA
GetSystemDirectoryA
CreateDirectoryA
lstrcatA
GetSystemDefaultLCID
GetCurrentProcess
GetShortPathNameA
GetModuleFileNameA
GetPrivateProfileSectionNamesA
GetSystemInfo
WideCharToMultiByte
GetDiskFreeSpaceA
GetModuleHandleA
CopyFileA
ReadFile
GetFileSize
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetPrivateProfileStringA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LoadLibraryExA
GetTempFileNameA
GetDriveTypeA
GetCurrentDirectoryA
ExpandEnvironmentStringsA
GetTempPathA
MultiByteToWideChar
MoveFileExA
CompareStringA
SetFileTime
GetFileTime
Sleep
CreateMutexA
LoadResource
FindResourceA
IsBadWritePtr
LockResource
SizeofResource
SetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetLastError
SetUnhandledExceptionFilter
TlsSetValue
GetCommandLineA
GetLocalTime
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
TlsFree
TlsGetValue
TlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
VirtualProtect
VirtualQuery
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
SetStdHandle
FlushFileBuffers
RtlUnwind
InterlockedExchange
SetFilePointer
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEndOfFile
GetProcessHeap
DeleteFileA
lstrlenA
lstrcmpiA
GetVersionExA
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
OutputDebugStringA
UnhandledExceptionFilter
lstrcpynA

gdi32

GetDeviceCaps

user32

MessageBoxA
CreateDialogParamA
SetFocus
DestroyWindow
DialogBoxParamA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
GetDesktopWindow
wsprintfA
EndDialog
SetDlgItemTextA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
LoadStringA
GetKeyboardType
CharLowerA
CharNextA
SendMessageA
GetDlgItem
SendDlgItemMessageA
ShowWindow

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA

shlwapi

SHDeleteKeyA

winmm

mmioOpenA
mmioRead
mmioClose
mmioDescend

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

SHFileOperationA

ole32

StringFromGUID2

Exports

Exports

DirectXLoadString
DirectXSetupCallback
DirectXSetupSetCallback
DirectXSetupShowEULA
iDirectXSetup
iDirectXSetupGetEULA

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
War3-1.27-Installer-enUS-TFT/DirectX/dxnt.cab
.cab
War3-1.27-Installer-enUS-TFT/DirectX/dxsetup.exe
.exe windows:5 windows x86 arch:x86

4450b53726ee9c67ff8c34237d39a8b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

DXSETUP.pdb

Imports

kernel32

GetSystemDirectoryA
GetModuleHandleA
CreateThread
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrcatA
CreateMutexA
SetErrorMode
GetModuleFileNameA
GetCurrentDirectoryA
GetCurrentProcess
CreateFileA
GetFileSize
ReadFile
CloseHandle
lstrlenA
lstrcpyA
FindFirstFileA
FindClose
GetLastError
lstrcmpiA
GetVersionExA
LoadLibraryA
GetProcAddress
GetProcessHeap
SetEndOfFile
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetFilePointer
FlushFileBuffers
SetStdHandle
InterlockedExchange
RtlUnwind
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
GetCPInfo
GetOEMCP
GetACP
LCMapStringW
MultiByteToWideChar
LCMapStringA
VirtualQuery
GetSystemInfo
VirtualProtect
FreeLibrary
GetWindowsDirectoryA
OutputDebugStringA
lstrcpynA
GetStartupInfoA
GetCommandLineA
GetLocalTime
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsFree
SetLastError
TlsSetValue
TlsGetValue
TlsAlloc
HeapDestroy
HeapCreate
VirtualFree
HeapFree
EnterCriticalSection
LeaveCriticalSection
HeapAlloc

advapi32

RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
AdjustTokenPrivileges

gdi32

GetDeviceCaps
CreateFontIndirectA
SelectObject
CreateCompatibleDC
DeleteDC
StretchBlt
GetObjectA
DeleteObject

user32

MessageBoxA
LoadStringA
LoadImageA
wsprintfA
SystemParametersInfoA
SendDlgItemMessageA
SetWindowTextA
GetWindowLongA
PostMessageA
GetParent
SetDlgItemTextA
GetDlgItem
SendMessageA
ShowWindow
SetWindowLongA
GetAsyncKeyState
ExitWindowsEx
EnumWindows
GetWindowTextA
GetClassNameA
SetForegroundWindow
SetFocus
CharLowerA
GetDC
ReleaseDC

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

comctl32

CreatePropertySheetPageA
PropertySheetA
ord17

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 407KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
War3-1.27-Installer-enUS-TFT/Installer Tome.mpq
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Info.plist
.xml
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/MacOS/Installer
.macho macos arch:x86
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/PkgInfo
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Resources/Alert.icns
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Resources/CD.icns
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Resources/English.lproj/Localizable.strings
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Resources/Error.png
.png
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Resources/French.lproj/Localizable.strings
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Resources/German.lproj/Localizable.strings
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Resources/Icon.icns
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Resources/InstallerMainWindow-ui.nib
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Resources/Italian.lproj/Localizable.strings
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Resources/Japanese.lproj/Localizable.strings
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Resources/Message.png
.png
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Resources/Polish.lproj/Localizable.strings
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Resources/Portugese.lproj/Localizable.strings
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Resources/Russian.lproj/Localizable.strings
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Resources/SkinUpdater.mpq
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Resources/Spanish.lproj/Localizable.strings
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Resources/Warning.png
.png
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Resources/en_GB.lproj/Localizable.strings
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Resources/ko.lproj/Localizable.strings
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Resources/zh_CN.lproj/Localizable.strings
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/Resources/zh_TW.lproj/Localizable.strings
War3-1.27-Installer-enUS-TFT/Installer.app/Contents/_CodeSignature/CodeResources
.xml
War3-1.27-Installer-enUS-TFT/Installer.exe
.exe windows:5 windows x86 arch:x86

4a4ce5a46da6844e11a243cc578d2281

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:d9:00:6d:6b:07:5e:81:fc:79:87:59:6b:6b:5e:56
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14-11-2015 00:00

Not After

18-01-2018 12:00

Subject

CN=Blizzard Entertainment\, Inc.,O=Blizzard Entertainment\, Inc.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ee:0f:bd:3f:e9:ca:4a:a4:8d:d1:58:35:8f:9a:b1:c5:6c:e3:b1:3b
Signer

Actual PE Digest

ee:0f:bd:3f:e9:ca:4a:a4:8d:d1:58:35:8f:9a:b1:c5:6c:e3:b1:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\classic\BAMInstallers\Release\Installer.pdb

Imports

comctl32

ord17

kernel32

TlsFree
LoadLibraryExW
InterlockedPushEntrySList
SetLastError
VirtualQuery
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetStringTypeW
GetFileType
CompareStringW
LCMapStringW
DecodePointer
ReadFile
GetConsoleMode
ReadConsoleW
SetFilePointerEx
OutputDebugStringA
OutputDebugStringW
CreateThread
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetProcessHeap
SetConsoleCtrlHandler
GetTimeZoneInformation
FlushFileBuffers
GetConsoleCP
HeapSize
HeapReAlloc
WriteConsoleW
LoadLibraryA
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
EncodePointer
RtlUnwind
RaiseException
TerminateProcess
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
CreateProcessA
FreeLibraryAndExitThread
ExitThread
GetFullPathNameW
Module32Next
Module32First
Process32Next
Process32First
IsBadStringPtrA
SystemTimeToFileTime
CreateFileMappingW
GetTickCount
QueryPerformanceFrequency
GetThreadPriority
SetThreadPriority
SetNamedPipeHandleState
WaitNamedPipeW
CreateNamedPipeW
ConnectNamedPipe
WriteFileEx
ReadFileEx
GetOverlappedResult
DisconnectNamedPipe
GetProcessId
OpenProcess
CreateFileMappingA
GlobalMemoryStatus
GlobalMemoryStatusEx
InitializeCriticalSection
InterlockedCompareExchange
SetThreadAffinityMask
GetProcessAffinityMask
GetVersionExA
GetSystemInfo
SetFileValidData
DeleteFileW
SetFileAttributesW
SetFileTime
GetFileInformationByHandle
RemoveDirectoryW
MoveFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileAttributesExW
GetCompressedFileSizeW
GetFileSizeEx
CreateFileA
FormatMessageA
Module32NextW
Module32FirstW
GetModuleHandleA
IsBadReadPtr
GetComputerNameW
FindFirstFileW
CreateProcessW
GetFileAttributesW
QueryPerformanceCounter
IsProcessorFeaturePresent
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
DebugBreak
GetModuleHandleW
WriteFile
Sleep
VirtualFree
VirtualAlloc
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
GetVolumeInformationW
MoveFileExW
CreateFileW
GetWindowsDirectoryW
GetTempPathW
GetDriveTypeW
SetFilePointer
SetEndOfFile
GetFileSize
GetCurrentThread
GetShortPathNameW
LocalFree
LocalAlloc
GetCurrentProcessId
lstrcatW
LoadLibraryW
GetProcAddress
FreeLibrary
GlobalFree
GlobalAlloc
GetUserDefaultLangID
CreateEventW
CloseHandle
GetLastError
GetCurrentProcess
CreateDirectoryW
GetExitCodeProcess
GetVersion
GetLocalTime
IsBadWritePtr
ResumeThread
GetThreadContext
SuspendThread
OpenThread
Thread32Next
Thread32First
CreateToolhelp32Snapshot
lstrcpynA
InterlockedDecrement
WaitForSingleObject
InterlockedIncrement
DeleteFileA
GetTempPathA
GetDiskFreeSpaceW
LoadResource
FindResourceExW
LockResource
FreeResource
SizeofResource
GetComputerNameA
GetDiskFreeSpaceExW
MulDiv
UnmapViewOfFile
FileTimeToSystemTime
MapViewOfFile

ole32

CoUninitialize
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
OleCreateStaticFromData
StgCreateDocfileOnILockBytes
OleSetContainedObject
OleCreate
CoCreateInstance
CoInitialize

msimg32

TransparentBlt
AlphaBlend

rpcrt4

UuidFromStringW

setupapi

CM_Get_Parent
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
CM_Get_Device_IDA

user32

PostQuitMessage
RegisterClassExW
CreateWindowExW
DestroyWindow
ShowWindow
DefWindowProcW
MoveWindow
IsWindowVisible
GetShellWindow
GetActiveWindow
DrawIcon
DrawFocusRect
GetFocus
InflateRect
CopyImage
DestroyIcon
PostMessageW
SendMessageW
ExitWindowsEx
PeekMessageW
TrackMouseEvent
IsDialogMessageW
DispatchMessageW
TranslateMessage
GetMessageW
DialogBoxParamW
DrawIconEx
SetRect
IsZoomed
TrackPopupMenu
SetMenuDefaultItem
EnableMenuItem
RemoveMenu
GetScrollInfo
LoadImageW
GetDlgCtrlID
SetLayeredWindowAttributes
LoadCursorFromFileW
SystemParametersInfoW
PtInRect
OffsetRect
CopyRect
ClientToScreen
RemovePropW
GetPropW
SetPropW
GetSystemMetrics
GetCapture
wsprintfA
SetWindowPos
GetForegroundWindow
GetDC
CreateDialogParamW
LoadBitmapW
GetAsyncKeyState
SetWindowLongW
GetWindowLongW
GetSystemMenu
CallWindowProcW
SetCursor
ReleaseCapture
SetCapture
CheckDlgButton
GetDlgItemTextW
GetParent
EnableWindow
SetFocus
SetDlgItemTextW
GetDlgItem
EndDialog
GetSysColor
LoadIconW
LoadCursorW
GetWindowThreadProcessId
EnumWindows
FindWindowW
EnumChildWindows
WindowFromPoint
ScreenToClient
GetCursorPos
MessageBoxW
AdjustWindowRect
GetWindowRect
GetClientRect
SetWindowTextW
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
SetForegroundWindow
UpdateWindow
KillTimer
SetTimer
MapVirtualKeyW
IsIconic
FillRect
IsWindow
SetWindowRgn
IsWindowEnabled
GetWindowTextW
DrawTextW

gdi32

MoveToEx
SetBkColor
GetStockObject
CreateCompatibleBitmap
BitBlt
ExtTextOutW
SetTextAlign
RemoveFontResourceExW
AddFontResourceExW
GetTextExtentPoint32W
GetOutlineTextMetricsW
CreateScalableFontResourceW
GetObjectW
SetTextColor
CreateFontIndirectW
CreateDIBSection
DeleteObject
StretchBlt
SetBkMode
SelectObject
DeleteDC
CreateCompatibleDC
CreateRectRgn
CreateEllipticRgn
CreatePolygonRgn
GetDeviceCaps
CreateSolidBrush
SaveDC
RestoreDC
CreatePen
Rectangle
SetPixel
LineTo
GetPixel
CreateRectRgnIndirect
SelectClipRgn
GetTextColor

advapi32

AccessCheck
AdjustTokenPrivileges
DuplicateTokenEx
GetTokenInformation
GetUserNameW
RegQueryInfoKeyW
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExW
SystemFunction036
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
FreeSid
AllocateAndInitializeSid
OpenThreadToken
LookupPrivilegeValueW
DuplicateToken
OpenProcessToken

shell32

ExtractIconExW
SHGetFolderPathW
ShellExecuteExW
FindExecutableA
ShellExecuteExA
SHChangeNotify
SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
ExtractIconW
Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW

oleaut32

VariantClear
OleLoadPicture
VariantInit
SysAllocString

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

HttpSendRequestA
InternetSetStatusCallbackA
InternetSetCookieW
HttpOpenRequestA
InternetQueryOptionW
InternetCrackUrlA
HttpQueryInfoA
InternetReadFileExA
InternetCloseHandle
InternetConnectA
InternetSetOptionA
InternetOpenA

ws2_32

WSAGetLastError
ioctlsocket
accept
closesocket
listen
bind
htonl
connect
setsockopt
socket
gethostbyname
gethostname
getsockopt
inet_ntoa
htons
WSASetLastError
send
select
__WSAFDIsSet
WSACleanup
WSAStartup
recv

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 162KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: idk

Password: idk

Password: idk

bd61e5a03c0af93c60b30cf39184a4a7

Headers

File Characteristics

Imports

kernel32

msvcrt

advapi32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 43KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

Password: idk

4cab68af3a9d463423ff5188da351b39

Headers

File Characteristics

Imports

kernel32

ntdll

ole32

oleaut32

user32

advapi32

rpcrt4

Exports

Exports

Sections

.text Size: 241KB - Virtual size: 240KB

.orpc Size: 512B - Virtual size: 297B

.data Size: 18KB - Virtual size: 20KB

.rsrc Size: 183KB - Virtual size: 182KB

.reloc Size: 27KB - Virtual size: 26KB

Password: idk

244f9b8f61fbb054334418ba678d871c

Headers

File Characteristics

Imports

kernel32

msvcrt

winmm

advapi32

user32

ole32

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 48KB

.data Size: 512B - Virtual size: 308B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

Password: idk

1dbce2677ed0e9df3b7a82b88863a3d4

Headers

File Characteristics

Imports

kernel32

msvcrt

advapi32

user32

ole32

ksproxy.ax

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 248B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 43KB - Virtual size: 43KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 241KB - Virtual size: 240KB

.orpc
Size: 512B - Virtual size: 297B

.data
Size: 18KB - Virtual size: 20KB

.rsrc
Size: 183KB - Virtual size: 182KB

.reloc
Size: 27KB - Virtual size: 26KB

.text
Size: 49KB - Virtual size: 48KB

.data
Size: 512B - Virtual size: 308B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 248B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 256B - Virtual size: 211B

.data
Size: 128B - Virtual size: 52B

.edata
Size: 896B - Virtual size: 834B

PAGECONS
Size: 768B - Virtual size: 652B

INIT
Size: 768B - Virtual size: 674B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 384B - Virtual size: 278B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 768B - Virtual size: 761B

.data
Size: 1024B - Virtual size: 980B

PAGECONS
Size: 256B - Virtual size: 144B

INIT
Size: 640B - Virtual size: 554B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 512B - Virtual size: 436B

.text
Size: 10KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 232B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB