qbittorrent_5[.]0[.]0_lt20_qt6_x64_setup[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

qbittorrent_5.0.0_lt20_qt6_x64_setup.exe
Size

39.8MB
MD5

7531dfd09cae5f7477c5d18c798fa9b2
SHA1

211826f0c20f7c90d3b52968ebfbf809dd6b9c8d
SHA256

858eb057d8bb2d6bef954d4a42d917dab1b8d99049f0d39b9469cc3f1934e6b9
SHA512

2085ba11dfbbd3ff7a7d98590b27ac64a8a606cf7c62880eefad392d672aafd775a7f2d1acbfcb80a0665721e305f3a6798f14b925411c7b4f2536582cc54947
SSDEEP

786432:703/FLOb0kh+VS2VSLjgb76ZxnxXauhqwcSAKTGVJASST4j/FQ:70ob0kMsLdnxKSqeGvkT4LFQ

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
static1/unpack001/qbittorrent.exe	embeds_openssl

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
qbittorrent_5.0.0_lt20_qt6_x64_setup.exe
unpack001/$PLUGINSDIR/FindProcDLL.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UAC.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsisFirewallW.dll
unpack001/qbittorrent.exe
unpack001/uninst.exe
unpack002/$PLUGINSDIR/FindProcDLL.dll
unpack002/$PLUGINSDIR/LangDLL.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UAC.dll
unpack002/$PLUGINSDIR/nsisFirewallW.dll

Files

qbittorrent_5.0.0_lt20_qt6_x64_setup.exe
.exe windows:4 windows x86 arch:x86

9dda1a1d1f8a1d13ae0297b47046b26e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
WriteFile
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
CopyFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 188KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:5 windows x86 arch:x86

0cd94af3a016a5de4ab9a5a9a02d4173

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyW
CloseHandle
Sleep
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
GetLongPathNameW
lstrcmpiW
QueryDosDeviceW
GetLogicalDriveStringsW
lstrlenW
OpenProcess
GetCurrentProcessId
GetProcAddress
LoadLibraryW
GetVersionExW

Exports

Exports

FindProc
KillProc
WaitProcEnd
WaitProcStart

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

fe3375e7e4529b73ba45ab2246b9269b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrlenW
GlobalAlloc
lstrcmpW
GetModuleHandleW
MulDiv
lstrcpyW
lstrcpynW

user32

SetWindowTextW
SetDlgItemTextW
SendDlgItemMessageW
EndDialog
DialogBoxParamW
LoadIconW
SendMessageW
ShowWindow
GetDC

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 681B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

0ef725341a4aecf8398c0e2132f38049

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetCurrentProcessId
GetCommandLineW
GetProcAddress
CreateThread
GlobalFree
LoadLibraryA
OpenProcess
GlobalAlloc
CreateFileMappingW
Sleep
MapViewOfFile
GetModuleHandleW
UnmapViewOfFile
CreateEventW
SetCurrentDirectoryW
GetVersionExW
GetExitCodeProcess
lstrcatW
LocalFree
GetPrivateProfileStringW
FormatMessageW
GetPrivateProfileIntW
CreateProcessW
CloseHandle
GetLastError
DuplicateHandle
GetCurrentThreadId
lstrlenW
SetEvent
WaitForSingleObject
lstrcmpiW
GetExitCodeThread
GetModuleFileNameW

user32

SetWindowPos
GetClientRect
GetWindowThreadProcessId
SetWindowLongW
DefWindowProcW
GetDlgItem
CallWindowProcW
CallNextHookEx
GetClassNameW
PeekMessageW
DestroyWindow
SendMessageW
SetForegroundWindow
IsWindowVisible
MsgWaitForMultipleObjects
LoadStringW
EndDialog
EnableWindow
DialogBoxParamW
LoadImageW
MessageBoxW
GetWindowLongW
DispatchMessageW
ShowWindow
wsprintfW
CreateDialogParamW
GetWindowRect
IsDialogMessageW
FindWindowExW
CharNextW
CreateWindowExW
LoadIconW
PostMessageW
SetWindowsHookExW
UnhookWindowsHookEx
TranslateMessage

shell32

ShellExecuteExW

advapi32

OpenServiceW
QueryServiceStatus
CloseServiceHandle
OpenProcessToken
OpenSCManagerW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
EqualSid

ole32

CoInitialize

Exports

Exports

_

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

3b477381217c97b22146297f93df2a92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
GetFileAttributesW
lstrcmpiW
MulDiv
lstrlenW
HeapFree
GetProcessHeap
GetCurrentDirectoryW
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
HeapAlloc
SetCurrentDirectoryW

user32

GetPropW
DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
RemovePropW
CharPrevW
GetWindowLongW
DrawTextW
GetWindowTextW
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
MapDialogRect
GetClientRect
CharNextW
SendMessageW
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisFirewallW.dll
.dll windows:4 windows x86 arch:x86

18ecfc7436b69f8c13ec22664f9f1857

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
InterlockedDecrement
LocalFree

user32

wsprintfW

ole32

OleRun
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

GetErrorInfo
SysFreeString
SysAllocString

msvcrt

free
_adjust_fdiv
malloc
_initterm
_CxxThrowException
??2@YAPAXI@Z
??3@YAXPAX@Z
??1type_info@@UAE@XZ
__CxxFrameHandler

Exports

Exports

AddAuthorizedApplication
RemoveAuthorizedApplication

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
qbittorrent.exe
.exe windows:6 windows x64 arch:x64

a4a7b87fbd618b40c156d103553751c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

qbittorrent.pdb

Imports

d3d11

D3D11CreateDevice

dxgi

CreateDXGIFactory2

d3d12

D3D12SerializeVersionedRootSignature
ord102
ord101

uxtheme

OpenThemeData
GetThemeInt
GetThemeEnumValue
GetThemePropertyOrigin
GetThemeColor
GetThemeBool
GetThemeTransitionDuration
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
SetWindowTheme
IsAppThemed
GetCurrentThemeName
IsThemeActive
GetThemeMargins
GetThemePartSize
ord47
CloseThemeData

dwrite

DWriteCreateFactory

gdi32

RemoveFontMemResourceEx
GetTextMetricsW
AddFontResourceExW
RemoveFontResourceExW
GetTextFaceW
GetOutlineTextMetricsW
GetCharWidthI
GetTextExtentPoint32W
EnumFontFamiliesExW
SetWorldTransform
GetDIBits
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsI
GetFontData
CreateFontIndirectW
GetStockObject
GetCharABCWidthsW
SetTextColor
SetBkMode
SetTextAlign
SelectClipRgn
GetRegionData
GdiFlush
CreateDIBSection
CreateCompatibleDC
DeleteDC
SelectObject
DeleteObject
CombineRgn
CreateRectRgn
AddFontMemResourceEx
GetBitmapBits
GetObjectW
CreateBitmap
CreateCompatibleBitmap
ExtTextOutW
CreateDCW
OffsetRgn
SetLayout
BitBlt
SetGraphicsMode
GetDeviceCaps

dwmapi

DwmSetWindowAttribute
DwmGetWindowAttribute
DwmEnableBlurBehindWindow

imm32

ImmGetContext
ImmNotifyIME
ImmReleaseContext
ImmGetOpenStatus
ImmAssociateContextEx
ImmAssociateContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetDefaultIMEWnd
ImmGetCompositionStringW
ImmGetVirtualKey

setupapi

SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiOpenDeviceInterfaceW

shlwapi

AssocQueryStringW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

comdlg32

GetOpenFileNameW
GetSaveFileNameW

d3d9

Direct3DCreate9

mswsock

GetAcceptExSockaddrs
AcceptEx

iphlpapi

ConvertInterfaceNameToLuidW
ConvertInterfaceLuidToGuid
CancelMibChangeNotify2
NotifyUnicastIpAddressChange
ConvertInterfaceLuidToIndex
ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToNameW
GetAdaptersAddresses

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration

oleaut32

SysAllocString
SafeArrayCreateVector
SafeArrayPutElement
SysStringLen
VariantInit
GetErrorInfo
SetErrorInfo
SysFreeString
VariantClear

bcrypt

BCryptFreeBuffer
BCryptEnumContextFunctions
BCryptOpenAlgorithmProvider
BCryptEncrypt
BCryptDestroyKey
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptDecrypt

secur32

InitSecurityInterfaceW
FreeContextBuffer
InitializeSecurityContextW
DecryptMessage
FreeCredentialsHandle
AcquireCredentialsHandleW
QueryContextAttributesW
DeleteSecurityContext
AcceptSecurityContext
EncryptMessage
ApplyControlToken

ncrypt

NCryptSetProperty
NCryptExportKey

crypt32

CertCloseStore
PFXImportCertStore
CertAddStoreToCollection
CertFindChainInStore
CertGetCertificateChain
CertVerifyTimeValidity
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CryptEncodeObject
CertCompareCertificate
CertGetCertificateContextProperty
CertCreateCertificateContext
CertAddCertificateContextToStore
CertOpenSystemStoreW
CertFreeCertificateContext
CertFreeCertificateChain
CertOpenSystemStoreA

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

mpr

WNetGetUniversalNameW

userenv

GetUserProfileDirectoryW

advapi32

CryptCreateHash
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegFlushKey
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumValueW
RegCreateKeyExW
LookupAccountSidW
GetNamedSecurityInfoW
AddAccessAllowedAceEx
AddAccessDeniedAceEx
DuplicateToken
CopySid
SystemFunction036
GetSidSubAuthorityCount
GetSidSubAuthority
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDestroyKey
CryptGetUserKey
CryptEnumProvidersW
CryptDecrypt
CryptExportKey
OpenProcessToken
CryptSetHashParam
CryptDestroyHash
CryptSignHashW
CryptGetProvParam
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegNotifyChangeKeyValue
LookupAccountNameW
GetUserNameW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
FreeSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
GetTokenInformation
InitializeSecurityDescriptor
RegQueryValueExW
RegQueryInfoKeyW

authz

AuthzFreeResourceManager
AuthzInitializeContextFromSid
AuthzInitializeContextFromToken
AuthzFreeContext
AuthzAccessCheck
AuthzInitializeResourceManager

kernel32

GetFileInformationByHandleEx
SystemTimeToTzSpecificLocalTime
FreeLibraryAndExitThread
ExitThread
InterlockedPushEntrySList
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
SetFileTime
SetErrorMode
GetLogicalDrives
GetCurrentDirectoryW
MoveFileW
MoveFileExW
FileTimeToSystemTime
SetFileInformationByHandle
GetTimeZoneInformation
GetStringTypeW
GetVolumePathNamesForVolumeNameW
TzSpecificLocalTimeToSystemTime
VirtualQuery
OpenFileMappingW
GetModuleFileNameW
PeekNamedPipe
CloseThreadpoolWait
CreateThreadpoolWait
LCMapStringEx
DecodePointer
GetCommandLineA
SetStdHandle
EncodePointer
TryAcquireSRWLockExclusive
RtlPcToFileHeader
QueryPerformanceFrequency
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
FindFirstFileExW
FindFirstChangeNotificationW
InterlockedFlushSList
FindNextChangeNotification
GetDiskFreeSpaceExW
GetUserGeoID
GetGeoInfoW
CreateSemaphoreW
K32GetModuleFileNameExW
ExitProcess
GetConsoleOutputCP
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesW
SetEnvironmentVariableW
RtlUnwind
FindCloseChangeNotification
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetLocaleInfoEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
IsValidCodePage
GetOEMCP
WriteConsoleW
SetUnhandledExceptionFilter
AttachConsole
CloseHandle
GetLastError
GetCurrentProcess
GetCurrentThread
SetThreadPriority
SetProcessWorkingSetSizeEx
GetProcAddress
LoadLibraryW
LocalFree
FormatMessageA
FormatMessageW
WideCharToMultiByte
GetCurrentProcessId
ReleaseMutex
WaitForSingleObject
CreateMutexW
OpenMutexW
Sleep
WaitForMultipleObjects
RtlCaptureStackBackTrace
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
QueueUserAPC
TerminateThread
MultiByteToWideChar
GetDriveTypeW
GetVolumePathNameW
CreateFileW
WriteFile
GetSystemDirectoryW
GetFileAttributesW
SetFileAttributesW
SetThreadExecutionState
GetVolumeInformationW
lstrcmpW
GetConsoleWindow
GetLongPathNameW
GetUserDefaultLangID
CreateEventW
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetUserDefaultLocaleName
GetModuleHandleW
GetCurrentThreadId
WTSGetActiveConsoleSessionId
OpenProcess
CheckRemoteDebuggerPresent
GlobalAlloc
GlobalLock
GlobalUnlock
ExpandEnvironmentStringsW
CreateProcessW
GlobalSize
GetACP
GetLocaleInfoW
InitializeCriticalSection
UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
SetWaitableTimer
SetLastError
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
SleepEx
CreateIoCompletionPort
GetFileAttributesExW
LoadLibraryA
CreateDirectoryW
RemoveDirectoryW
CreateHardLinkW
GetFileInformationByHandle
DeleteFileW
CancelIoEx
CreateWaitableTimerA
CancelIo
GetModuleHandleA
GetSystemTimeAsFileTime
FindFirstFileW
FindNextFileW
FindClose
ReadFile
DeviceIoControl
CopyFileW
FlushViewOfFile
CreateFileMappingA
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
SetFileValidData
GetVolumeNameForVolumeMountPointW
WaitForMultipleObjectsEx
WaitNamedPipeW
DisconnectNamedPipe
CreateNamedPipeW
ConnectNamedPipe
ResetEvent
GetOverlappedResult
GlobalFree
GetModuleHandleExW
FreeLibrary
DeleteFiber
SwitchToFiber
CreateFiberEx
VirtualFree
VirtualAlloc
GetSystemInfo
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
SystemTimeToFileTime
GetSystemTime
TryEnterCriticalSection
ReleaseSemaphore
GetExitCodeThread
CreateSemaphoreA
GetEnvironmentVariableW
RtlVirtualUnwind
GetStdHandle
GetFileType
ConvertThreadToFiberEx
ConvertFiberToThread
SetConsoleMode
ReadConsoleA
GetConsoleMode
ReadConsoleW
AreFileApisANSI
HeapCreate
HeapFree
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
SetFilePointer
GetFullPathNameA
UnlockFileEx
GetTempPathW
HeapValidate
HeapSize
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
OutputDebugStringW
CreateFileA
WaitForSingleObjectEx
DeleteFileA
HeapReAlloc
RaiseException
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
GetProcessHeap
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
CompareStringEx
FreeConsole
AllocConsole
WaitForThreadpoolWaitCallbacks
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
TerminateProcess
GetExitCodeProcess
GetProcessId
GetLocalTime
DuplicateHandle
CreateThread
GetThreadPriority
ResumeThread
GetNativeSystemInfo
GetComputerNameExW
CompareStringW
LCMapStringW
IsProcessorFeaturePresent
LocalAlloc
LoadLibraryExW
GetCurrentPackageFullName
LocaleNameToLCID
GetUserDefaultLCID
GetCurrencyFormatW
GetDateFormatW
GetTimeFormatW
GetUserPreferredUILanguages
SetThreadpoolWait

netapi32

NetShareEnum
NetApiBufferFree

ole32

CoTaskMemFree
CoUninitialize
CoCreateGuid
CoCreateInstance
CoLockObjectExternal
StringFromGUID2
RevokeDragDrop
OleInitialize
OleUninitialize
OleGetClipboard
OleFlushClipboard
OleSetClipboard
OleIsCurrentClipboard
DoDragDrop
ReleaseStgMedium
CoGetApartmentType
CoGetObjectContext
CoGetMalloc
RegisterDragDrop
CoInitializeEx
CoCreateFreeThreadedMarshaler

user32

GetDesktopWindow
GetDC
ReleaseDC
GetSystemMetrics
MessageBoxW
GetDisplayConfigBufferSizes
QueryDisplayConfig
GetMonitorInfoW
DisplayConfigGetDeviceInfo
DestroyIcon
IsWindow
GetCaretBlinkTime
GetDoubleClickTime
MessageBeep
UpdateLayeredWindowIndirect
DefWindowProcW
DestroyCursor
GetWindowLongPtrW
GetAncestor
GetCapture
GetClientRect
ClientToScreen
ScreenToClient
SetWindowLongPtrW
GetWindowPlacement
GetWindowRect
GetParent
IsWindowVisible
UpdateLayeredWindow
SetLayeredWindowAttributes
InvalidateRect
MonitorFromPoint
GetDpiForWindow
CreateWindowExW
SetWindowPos
AdjustWindowRectEx
AdjustWindowRectExForDpi
IsTouchWindow
SetWindowTextW
SetParent
ShowWindow
UnregisterTouchWindow
SetForegroundWindow
GetForegroundWindow
IsChild
GetWindow
SetWindowPlacement
IsZoomed
IsIconic
MonitorFromWindow
MoveWindow
GetUpdateRect
BeginPaint
EndPaint
ReleaseCapture
GetMenu
SetWindowRgn
DestroyWindow
SetFocus
SendMessageTimeoutW
GetWindowThreadProcessId
BringWindowToTop
SetActiveWindow
SetCapture
PostMessageW
SetCursor
FlashWindowEx
SendMessageW
RegisterTouchWindow
RegisterWindowMessageW
ChangeWindowMessageFilter
GetKeyboardLayoutList
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
IsValidDpiAwarenessContext
AreDpiAwarenessContextsEqual
GetWindowDpiAwarenessContext
GetThreadDpiAwarenessContext
SetProcessDpiAwarenessContext
GetClassInfoW
SystemParametersInfoW
RegisterClassExW
UnregisterClassW
ChildWindowFromPointEx
WindowFromPoint
EnableNonClientDpiScaling
GetCursorPos
GetFocus
AddClipboardFormatListener
SetClipboardViewer
RemoveClipboardFormatListener
ChangeClipboardChain
IsHungAppWindow
RegisterClipboardFormatW
GetMessageW
GetPointerInfo
SendInput
EnumDisplayMonitors
GetKeyboardLayout
FindWindowA
IsWindowEnabled
CreateCaret
ShowCaret
DestroyCaret
SetCaretPos
GetMenuItemInfoW
SetMenuItemInfoW
ModifyMenuW
RemoveMenu
InsertMenuW
AppendMenuW
CreateMenu
DestroyMenu
CreatePopupMenu
TrackPopupMenu
SetMenu
DrawMenuBar
LoadIconW
GetClipboardFormatNameW
EnumDisplayDevicesW
CreateIconIndirect
CreateCursor
GetCursor
GetCursorInfo
SetCursorPos
LoadCursorW
GetIconInfo
ToUnicode
GetKeyboardState
ToAscii
HiliteMenuItem
SetMenuDefaultItem
TrackPopupMenuEx
PeekMessageW
GetKeyState
MapVirtualKeyW
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetTouchInputInfo
CloseTouchInputHandle
GetPointerType
GetPointerFrameTouchInfo
GetPointerFrameTouchInfoHistory
GetPointerPenInfo
GetPointerPenInfoHistory
SkipPointerFrameMessages
GetPointerDeviceRects
ChangeWindowMessageFilterEx
GetProcessWindowStation
GetUserObjectInformationW
EnumWindows
PostThreadMessageW
CharPrevExA
KillTimer
GetQueueStatus
SetTimer
RegisterClassW
SetCoalescableTimer
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
UnregisterDeviceNotification
RegisterDeviceNotificationW
SystemParametersInfoForDpi
GetSystemMetricsForDpi
GetSysColor
EnableMenuItem
GetSystemMenu
AllowSetForegroundWindow
ShutdownBlockReasonDestroy
ShutdownBlockReasonCreate
LoadImageW
DrawIconEx
AttachThreadInput

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

__WSAFDIsSet
WSAAsyncSelect
accept
bind
select
listen
WSASocketW
WSASetLastError
ntohs
htonl
ntohl
WSACleanup
WSAStartup
WSAHtonl
WSAAccept
WSAConnect
WSANtohl
getaddrinfo
getpeername
WSANtohs
getnameinfo
WSAIoctl
socket
WSASendTo
WSARecvFrom
getsockname
connect
getsockopt
freeaddrinfo
closesocket
WSASend
WSARecv
ioctlsocket
setsockopt
htons
WSAStringToAddressW
WSAAddressToStringW
WSAGetLastError

winmm

timeKillEvent
timeSetEvent
PlaySoundW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

shell32

ord727
ord6
SHGetFileInfoW
SHCreateItemFromParsingName
ShellExecuteW
SHGetPathFromIDListW
SHGetKnownFolderPath
SHCreateItemFromIDList
SHOpenFolderAndSelectItems
ord190
CommandLineToArgvW
SHGetStockIconInfo
ord155
SHGetKnownFolderIDList
ShellExecuteExW
Shell_NotifyIconW
Shell_NotifyIconGetRect
SHGetMalloc
SHBrowseForFolderW

powrprof

SetSuspendState

dbgeng

DebugCreate

Exports

Exports

boost_stacktrace_impl_return_nullptr
qt_startup_hook

Sections

.text
Size: 21.8MB - Virtual size: 21.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12.0MB - Virtual size: 12.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 445KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 788KB - Virtual size: 788KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
qbittorrent.pdb
qt.conf
translations/qt_gl.qm
translations/qt_lt.qm
translations/qt_pt_PT.qm
translations/qt_sl.qm
translations/qt_sv.qm
translations/qtbase_ar.qm
translations/qtbase_bg.qm
translations/qtbase_ca.qm
translations/qtbase_cs.qm
translations/qtbase_da.qm
translations/qtbase_de.qm
translations/qtbase_es.qm
translations/qtbase_fa.qm
translations/qtbase_fi.qm
translations/qtbase_fr.qm
translations/qtbase_gd.qm
translations/qtbase_he.qm
translations/qtbase_hr.qm
translations/qtbase_hu.qm
translations/qtbase_it.qm
translations/qtbase_ja.qm
translations/qtbase_ka.qm
translations/qtbase_ko.qm
translations/qtbase_lv.qm
translations/qtbase_nl.qm
translations/qtbase_nn.qm
translations/qtbase_pl.qm
translations/qtbase_pt_BR.qm
translations/qtbase_ru.qm
translations/qtbase_sk.qm
translations/qtbase_tr.qm
translations/qtbase_uk.qm
translations/qtbase_zh_CN.qm
translations/qtbase_zh_TW.qm
uninst.exe
.exe windows:4 windows x86 arch:x86

9dda1a1d1f8a1d13ae0297b47046b26e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
WriteFile
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
CopyFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 188KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:5 windows x86 arch:x86

0cd94af3a016a5de4ab9a5a9a02d4173

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyW
CloseHandle
Sleep
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
GetLongPathNameW
lstrcmpiW
QueryDosDeviceW
GetLogicalDriveStringsW
lstrlenW
OpenProcess
GetCurrentProcessId
GetProcAddress
LoadLibraryW
GetVersionExW

Exports

Exports

FindProc
KillProc
WaitProcEnd
WaitProcStart

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

fe3375e7e4529b73ba45ab2246b9269b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrlenW
GlobalAlloc
lstrcmpW
GetModuleHandleW
MulDiv
lstrcpyW
lstrcpynW

user32

SetWindowTextW
SetDlgItemTextW
SendDlgItemMessageW
EndDialog
DialogBoxParamW
LoadIconW
SendMessageW
ShowWindow
GetDC

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 681B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

0ef725341a4aecf8398c0e2132f38049

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetCurrentProcessId
GetCommandLineW
GetProcAddress
CreateThread
GlobalFree
LoadLibraryA
OpenProcess
GlobalAlloc
CreateFileMappingW
Sleep
MapViewOfFile
GetModuleHandleW
UnmapViewOfFile
CreateEventW
SetCurrentDirectoryW
GetVersionExW
GetExitCodeProcess
lstrcatW
LocalFree
GetPrivateProfileStringW
FormatMessageW
GetPrivateProfileIntW
CreateProcessW
CloseHandle
GetLastError
DuplicateHandle
GetCurrentThreadId
lstrlenW
SetEvent
WaitForSingleObject
lstrcmpiW
GetExitCodeThread
GetModuleFileNameW

user32

SetWindowPos
GetClientRect
GetWindowThreadProcessId
SetWindowLongW
DefWindowProcW
GetDlgItem
CallWindowProcW
CallNextHookEx
GetClassNameW
PeekMessageW
DestroyWindow
SendMessageW
SetForegroundWindow
IsWindowVisible
MsgWaitForMultipleObjects
LoadStringW
EndDialog
EnableWindow
DialogBoxParamW
LoadImageW
MessageBoxW
GetWindowLongW
DispatchMessageW
ShowWindow
wsprintfW
CreateDialogParamW
GetWindowRect
IsDialogMessageW
FindWindowExW
CharNextW
CreateWindowExW
LoadIconW
PostMessageW
SetWindowsHookExW
UnhookWindowsHookEx
TranslateMessage

shell32

ShellExecuteExW

advapi32

OpenServiceW
QueryServiceStatus
CloseServiceHandle
OpenProcessToken
OpenSCManagerW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
EqualSid

ole32

CoInitialize

Exports

Exports

_

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsisFirewallW.dll
.dll windows:4 windows x86 arch:x86

18ecfc7436b69f8c13ec22664f9f1857

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
InterlockedDecrement
LocalFree

user32

wsprintfW

ole32

OleRun
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

GetErrorInfo
SysFreeString
SysAllocString

msvcrt

free
_adjust_fdiv
malloc
_initterm
_CxxThrowException
??2@YAPAXI@Z
??3@YAXPAX@Z
??1type_info@@UAE@XZ
__CxxFrameHandler

Exports

Exports

AddAuthorizedApplication
RemoveAuthorizedApplication

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9dda1a1d1f8a1d13ae0297b47046b26e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 126KB

.ndata Size: - Virtual size: 188KB

.rsrc Size: 35KB - Virtual size: 35KB

0cd94af3a016a5de4ab9a5a9a02d4173

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 28B

.reloc Size: 512B - Virtual size: 196B

fe3375e7e4529b73ba45ab2246b9269b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 681B

.data Size: 512B - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 352B

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 662B

0ef725341a4aecf8398c0e2132f38049

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

advapi32

ole32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 126KB

.ndata
Size: - Virtual size: 188KB

.rsrc
Size: 35KB - Virtual size: 35KB

.text
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 28B

.reloc
Size: 512B - Virtual size: 196B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 681B

.data
Size: 512B - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 352B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 100B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 638B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 324B

.reloc
Size: 1024B - Virtual size: 546B