__FineObjUsed
Behavioral task
behavioral1
Sample
3daef5a6c03b85fe0f3fb82d6faaa7dd_JaffaCakes118.exe
Resource
win7-20240708-en
windows7-x64
1 signatures
150 seconds
General
-
Target
3daef5a6c03b85fe0f3fb82d6faaa7dd_JaffaCakes118
-
Size
3.0MB
-
MD5
3daef5a6c03b85fe0f3fb82d6faaa7dd
-
SHA1
3ac24fcc16f585ad4bef725a665069cd779528c5
-
SHA256
fe19b98bd93b2a8fcd20c6b9d81fd0b46c6a37357a53153b286ec1c69b5dbc0a
-
SHA512
76141c9b6cf4819d1a7f03f175b5f0c2b94688624d6a05a32594fb6a92d7a316be643537d398cc5d141245d009d415e1277ce43e5a1bc37dafa69265f60133fb
-
SSDEEP
24576:lyax/qClGXKfEkrqXfBPuWPrtvdQ1Qdf4dUpJ0LzcupkqptxZbu5sHXcDR7Kf5Lb:VNgXaiVTtK5xZbupDRGxXPD
Score
5/10
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3daef5a6c03b85fe0f3fb82d6faaa7dd_JaffaCakes118
Files
-
3daef5a6c03b85fe0f3fb82d6faaa7dd_JaffaCakes118.exe windows:4 windows x86 arch:x86
b2caeac7faf9e4e47ae3d514f8b50942
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
WaitForSingleObject
CloseHandle
InitializeCriticalSection
InterlockedDecrement
SetThreadPriority
WriteFile
GetMailslotInfo
ReadFile
GetLogicalDrives
GetComputerNameA
FileTimeToSystemTime
ExitProcess
GetVersion
FreeLibrary
GlobalAlloc
GetLastError
GetUserDefaultLangID
GetSystemDefaultLangID
GlobalDeleteAtom
Sleep
SystemTimeToFileTime
LeaveCriticalSection
EnterCriticalSection
CreateThread
DeleteCriticalSection
GlobalSize
SizeofResource
LoadResource
LockResource
GetACP
GetTickCount
GlobalMemoryStatus
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
lstrcpynA
InterlockedIncrement
SetLastError
LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
InterlockedExchange
CompareStringA
GetCurrentProcessId
GetCommandLineW
LocalFree
GetSystemTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
advapi32
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
user32
CheckMenuItem
ValidateRect
GetMessageTime
CheckMenuRadioItem
GetDlgCtrlID
ArrangeIconicWindows
CascadeWindows
TileWindows
GetForegroundWindow
DrawCaption
GetSystemMenu
EmptyClipboard
OpenClipboard
DestroyWindow
GetLastActivePopup
PostQuitMessage
EnableScrollBar
SetScrollPos
GetScrollPos
MessageBeep
DeleteMenu
GetUpdateRect
GetCursor
MoveWindow
EnableMenuItem
AdjustWindowRect
RemoveMenu
DrawIconEx
GetActiveWindow
GetIconInfo
FrameRect
ShowScrollBar
SetCursorPos
DrawIcon
WindowFromPoint
CopyRect
FillRect
RedrawWindow
DestroyIcon
SetParent
GetDlgItem
DrawFrameControl
TrackPopupMenuEx
DestroyCursor
GetWindowThreadProcessId
TranslateMessage
GetMenuItemCount
GetMenuItemID
CopyImage
IsChild
CloseClipboard
SetClipboardData
GetKeyboardLayout
CreateCaret
GetDesktopWindow
IsWindowEnabled
SetCaretPos
ShowCaret
IsIconic
GetWindow
HideCaret
DestroyCaret
DrawEdge
InvertRect
GetCapture
ReleaseCapture
SetCursor
GetDC
ReleaseDC
GetFocus
GetMessagePos
ScreenToClient
ClientToScreen
IsWindowVisible
GetSubMenu
CreatePopupMenu
MessageBoxA
AdjustWindowRectEx
TrackPopupMenu
SetWindowPos
GetSystemMetrics
SetForegroundWindow
SetActiveWindow
DrawFocusRect
GetKeyState
KillTimer
SetTimer
GetSysColorBrush
GetSysColor
GetAsyncKeyState
GetCursorPos
GetWindowRect
GetClientRect
InvalidateRect
IsWindow
UpdateWindow
SetMenuDefaultItem
GetMenuDefaultItem
GetMenuState
ReuseDDElParam
UnpackDDElParam
SetFocus
SetMenu
DestroyMenu
GetMenu
IsZoomed
GetDoubleClickTime
GetParent
SetCapture
GetWindowDC
shell32
ExtractIconExA
SHGetSpecialFolderLocation
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetMalloc
gdi32
Rectangle
PatBlt
GetDeviceCaps
CreateRectRgnIndirect
CreateCompatibleBitmap
DeleteDC
CombineRgn
GetClipRgn
CreateRectRgn
SetRectRgn
GetRegionData
LPtoDP
PtVisible
RectVisible
Escape
PtInRegion
AbortDoc
OffsetRgn
InvertRgn
FillRgn
GetStockObject
GetRgnBox
FrameRgn
SetBrushOrgEx
DeleteObject
DPtoLP
BitBlt
CreateCompatibleDC
RealizePalette
SetBkMode
SelectObject
SetMapMode
CreatePalette
CreateDIBitmap
SelectPalette
GetMapMode
CreatePen
GetTextColor
SelectClipRgn
GetViewportOrgEx
GetWindowOrgEx
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
CreateBitmapIndirect
SetBkColor
SetTextColor
StretchBlt
GetDIBits
CreateDIBSection
StretchDIBits
comdlg32
CommDlgExtendedError
msi
ord111
ord70
ord43
fineobj
?GetFineObjectsVersion@FObj@@YAHXZ
?GetModuleFileNameW@FileSystem@FObj@@YA?AVCUnicodeString@2@PAUHINSTANCE__@@@Z
?GetRoot@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
?StrDel@CString@FObj@@QAEXHH@Z
?Format@FObj@@YA?AVCString@1@PBDZZ
?GetAsFileTimeGmt@CTime@FObj@@QBEXAAU_FILETIME@@@Z
?ReplaceExt@FileSystem@FObj@@YAXAAVCUnicodeString@2@ABV32@@Z
?GetPosition64@CFile@FObj@@QBE_JXZ
?GetFileName@CFile@FObj@@UBE?AVCUnicodeString@2@XZ
?Read@CFile@FObj@@UAEHPAXH@Z
?GetPosition@CFile@FObj@@UBEHXZ
?Seek@CFile@FObj@@UAEHHW4TSeekPosition@CBaseFile@2@@Z
?SetLength@CFile@FObj@@UAEXH@Z
?GetLength@CFile@FObj@@UBEHXZ
?Flush@CFile@FObj@@UAEXXZ
?UnicodeName@CArchive@FObj@@QBE?AVCUnicodeString@2@XZ
?MakeReverse@CUnicodeString@FObj@@QAEXXZ
?GetPath@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
?getWritePtr@CArchive@FObj@@AAEPAXH@Z
?Close@CMemoryFile@FObj@@UAEXXZ
??0CTime@FObj@@QAE@ABU_FILETIME@@@Z
?AddPathSeparator@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
?MakeUpper@CString@FObj@@QAEXXZ
?assignStr@CString@FObj@@AAEXPBDH@Z
??1CUnicodeSet@FObj@@QAE@XZ
??0CUnicodeSet@FObj@@QAE@PBG@Z
?GetStatus@CFile@FObj@@SAXABVCUnicodeString@2@AAUCFileStatus@2@@Z
?Body@CUnicodeStringBody@FObj@@QAEPAGXZ
?HashKey@@YAHPBG@Z
?SetStringValue@CRegistryKey@FObj@@QAE_NPBG0@Z
??0CTime@FObj@@AAE@_J@Z
?GetAsFileTime@CTime@FObj@@QBEXAAU_FILETIME@@@Z
?UnicodeStr@FObj@@YA?AVCUnicodeString@1@ABVCRect@1@@Z
?Value@FObj@@YA_NABVCUnicodeString@1@AAVCRect@1@@Z
?SetRelativeApplicationDataPath@FileSystem@FObj@@YAXABVCUnicodeString@2@@Z
?GetApplicationDataPath@FileSystem@FObj@@YA?AVCUnicodeString@2@W4TApplicationDataPathType@12@@Z
?RelativePath@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@0@Z
?GetPathType@FileSystem@FObj@@YA?AW4TPathType@12@ABVCUnicodeString@2@@Z
??1CCacheSetupColor@FObj@@UAE@XZ
??0CCacheSetupColor@FObj@@QAE@ABVCUnicodeString@1@0KW4TSetupType@1@@Z
??0rational@FObj@@QAE@H@Z
?UnregisterCreateObjectFunction@FObj@@YAXABVtype_info@@@Z
?RegisterCreateObjectFunction@FObj@@YAXP6A?AV?$CPtr@VIObject@FObj@@@1@XZABVtype_info@@ABVCUnicodeString@1@@Z
?CreateZeroTime@CTime@FObj@@SA?AV12@XZ
?MakeFullPath@FileSystem@FObj@@YAXAAVCUnicodeString@2@@Z
?MakeLower@CUnicodeString@FObj@@QAEXXZ
?GetStringValueNames@CRegistryKey@FObj@@QBEXAAV?$CArray@VCUnicodeString@FObj@@VCurrentMemoryManager@2@@2@@Z
?Close@CRegistryKey@FObj@@QAEXXZ
??0CRegistryKey@FObj@@QAE@_N@Z
?Open@CRegistryKey@FObj@@QAEXPAUHKEY__@@PBG@Z
?GetValueType@CRegistryKey@FObj@@QBEKPBG@Z
?QueryValue@CRegistryKey@FObj@@QBEHPBGPAXH@Z
??1CRegistryKey@FObj@@QAE@XZ
?QueryStringValue@CRegistryKey@FObj@@QBE?AVCUnicodeString@2@PBG0@Z
?Clean@FObj@@YAXXZ
?TrimLeft@CUnicodeString@FObj@@QAEXXZ
?AddResourcePrefix@FObj@@YAXPBG0@Z
?Initialize@FObj@@YA_NPBG0@Z
?SetCurrentLanguageCode@FObj@@YAXH@Z
?AddResourceModule@FObj@@YAXPAUHINSTANCE__@@@Z
?LoadModule@FObj@@YAPAUHINSTANCE__@@PBG@Z
?SetAppTitle@FObj@@YAXABVCUnicodeString@1@@Z
?Abort@CFile@FObj@@UAEXXZ
??0CTreeBase@FObj@@QAE@XZ
?HashKey@@YAHPBD@Z
?Value@CString@FObj@@QBE_NAAIH@Z
?Mid@CString@FObj@@QBE?AV12@HH@Z
?Trim@CString@FObj@@QAEXXZ
?GetAppTitle@FObj@@YA?AVCUnicodeString@1@XZ
?ERR_BAD_INI_FILE@FObj@@3VCError@1@A
?Str@FObj@@YA?AVCString@1@KH@Z
?ERR_FILE_NOT_FOUND@FObj@@3VCMessage@1@A
?SetMainWindow@FObj@@YAXPAUHWND__@@@Z
?GetSystemLanguageIdFromInterfaceCode@FObj@@YAGH@Z
?Write@CFile@FObj@@UAEXPBXH@Z
?Close@CFile@FObj@@UAEXXZ
?Split@FileSystem@FObj@@YAXABVCUnicodeString@2@AAV?$CArray@VCUnicodeString@FObj@@VCurrentMemoryManager@2@@2@@Z
?Move@FileSystem@FObj@@YAXABVCUnicodeString@2@0@Z
?getReadPtr@CArchive@FObj@@AAEPBXH@Z
??1CMessageHandler@FObj@@UAE@XZ
?GetAsSystemTime@CTime@FObj@@QBEXAAU_SYSTEMTIME@@@Z
?Trace@FObj@@YAXPBGZZ
?allocPage@CBlockManager@FObj@@AAEXXZ
??1CBlockManager@FObj@@UAE@XZ
??0CBlockManager@FObj@@QAE@HH@Z
?Attach@CMemoryFile@FObj@@QAEXPAEHH@Z
?SetLength@CMemoryFile@FObj@@UAEXH@Z
?Detach@CMemoryFile@FObj@@QAEPAEXZ
??0CFile@FObj@@QAE@ABVCUnicodeString@1@I@Z
?Begin@CMessageHandlerSwitcher@FObj@@QAEXXZ
?CreateFromFileTimeGmt@CTime@FObj@@SA?AV12@ABU_FILETIME@@@Z
?Get@CSetupStringArray@FObj@@UAEXAAV?$CArray@VCUnicodeString@FObj@@VCurrentMemoryManager@2@@2@@Z
??1CCacheSetupStringArray@FObj@@UAE@XZ
??0CCacheSetupStringArray@FObj@@QAE@ABVCUnicodeString@1@0W4TSetupType@1@@Z
?UnicodeStr@FObj@@YA?AVCUnicodeString@1@KH@Z
?Value@CUnicodeString@FObj@@QBE_NAAKH@Z
?GetEXEDir@FileSystem@FObj@@YA?AVCUnicodeString@2@XZ
?IsWindows2000@FObj@@YA_NXZ
?GetSpecialFolder@FileSystem@FObj@@YA?AVCUnicodeString@2@W4TSpecialFolder@12@@Z
?SetBufferLength@CUnicodeString@FObj@@QAEXH@Z
??0CSetupStringArray@FObj@@QAE@ABVCUnicodeString@1@0W4TSetupType@1@@Z
??1CSetupStringArray@FObj@@UAE@XZ
?GetDefaultString@CSetupStringArray@FObj@@UBE?AVCUnicodeString@2@XZ
?ConvertFromString@CSetupStringArray@FObj@@MBEXVCUnicodeString@2@AAV?$CArray@VCUnicodeString@FObj@@VCurrentMemoryManager@2@@2@@Z
?ConvertToString@CSetupStringArray@FObj@@MBE?AVCUnicodeString@2@ABV?$CArray@VCUnicodeString@FObj@@VCurrentMemoryManager@2@@2@@Z
??0CString@FObj@@QAE@PBGI@Z
?ReadSmallValue@CArchive@FObj@@QAEHXZ
?IsRegisteredClassName@FObj@@YA_NABVCUnicodeString@1@@Z
??5FObj@@YAAAVCArchive@0@AAV10@AAVCString@0@@Z
?GetObjectClassName@FObj@@YA?AVCUnicodeString@1@PBVIObject@1@@Z
??0CMemoryFile@FObj@@QAE@H@Z
??0CArchive@FObj@@QAE@PAVCBaseFile@1@W4TDirection@01@H@Z
?Close@CArchive@FObj@@QAEXXZ
?GetLength@CMemoryFile@FObj@@UBEHXZ
??1CArchive@FObj@@UAE@XZ
??1CMemoryFile@FObj@@UAE@XZ
?HasRegisteredClassName@FObj@@YA_NABVtype_info@@@Z
??6FObj@@YAAAVCArchive@0@AAV10@ABVCString@0@@Z
?WriteSmallValue@CArchive@FObj@@QAEXH@Z
?SerializeVersion@CArchive@FObj@@QAEHH@Z
?GetTickCount@CTime@FObj@@SA?AV12@XZ
??5FObj@@YAAAVCArchive@0@AAV10@AAVCUnicodeString@0@@Z
??6FObj@@YAAAVCArchive@0@AAV10@ABVCUnicodeString@0@@Z
?Sprintf@FObj@@YA?AVCUnicodeString@1@PBGZZ
?MakeUpper@CUnicodeString@FObj@@QAEXXZ
?CommonPref@CUnicodeString@FObj@@QBEHPBGH@Z
?Split@FileSystem@FObj@@YAXABVCUnicodeString@2@AAV32@111@Z
?Merge@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@000@Z
??1CException@FObj@@UAE@XZ
??2CException@FObj@@SAPAXI@Z
??0CException@FObj@@QAE@XZ
??3CException@FObj@@SAXPAX@Z
?Warning@CException@FObj@@UBEXXZ
?MessageID@FObj@@YAHABVCMessage@1@@Z
?LoadDLL@FObj@@YAPAUHINSTANCE__@@PBG@Z
?ERR_CANT_LOAD_DLL@FObj@@3VCError@1@A
??1CCriticalSection@FObj@@QAE@XZ
??0CCriticalSection@FObj@@QAE@XZ
?Left@CString@FObj@@QBE?AV12@H@Z
?Open@CFile@FObj@@QAEXABVCUnicodeString@2@I@Z
?ReadRecord@CFile@FObj@@QAEXPAXH@Z
?ERR_BAD_TEXT_FILE@FObj@@3VCError@1@A
?GetEXEFileName@FileSystem@FObj@@YA?AVCUnicodeString@2@XZ
?CharPos@CUnicodeString@FObj@@QBEHGH@Z
?Mid@CUnicodeString@FObj@@QBE?AV12@H@Z
?ERR_BAD_ARCHIVE@FObj@@3VCError@1@A
?fillBuffer@CArchive@FObj@@AAEXH@Z
?ERR_BAD_ARCHIVE_VERSION@FObj@@3VCError@1@A
?Read@CArchive@FObj@@QAEXPAXH@Z
?Flush@CArchive@FObj@@QAEXXZ
??9CRect@FObj@@QBE_NABUtagRECT@@@Z
?Write@CArchive@FObj@@QAEXPBXH@Z
?New@TempFile@FObj@@YA?AVCUnicodeString@2@PBG@Z
?Delete@TempFile@FObj@@YAXABVCUnicodeString@2@@Z
?ReadText@CFile@FObj@@SA?AVCUnicodeString@2@ABV32@I@Z
?NewInDir@TempFile@FObj@@YA?AVCUnicodeString@2@ABV32@PBG@Z
?MakePermanent@TempFile@FObj@@YAXABVCUnicodeString@2@0@Z
?GetMainWindow@FObj@@YAPAUHWND__@@XZ
?UnicodeStr@FObj@@YA?AVCUnicodeString@1@N@Z
?GetAt@CUnicodeString@FObj@@QBEGH@Z
??YCUnicodeString@FObj@@QAEAAV01@ABV01@@Z
?DoMessage@CMessageHandlerSwitcher@FObj@@SAHPAUHWND__@@PBG1I@Z
?GetCurrentLanguageCode@FObj@@YAHXZ
?UnicodeStr@CMessage@FObj@@QBE?AVCUnicodeString@2@H@Z
?Copy@FileSystem@FObj@@YAXABVCUnicodeString@2@0@Z
?NumberOfLanguages@FObj@@YAHXZ
?GetLanguageCode@FObj@@YAHH@Z
?GetLanguageDisplayName@FObj@@YA?AVCUnicodeString@1@H@Z
?GetFilesInDir@FileSystem@FObj@@YAXABVCUnicodeString@2@AAV?$CArray@VCUnicodeString@FObj@@VCurrentMemoryManager@2@@2@0@Z
?IsUNCRootPath@FileSystem@FObj@@YA_NABVCUnicodeString@2@@Z
?GetDrive@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
?StrDel@CUnicodeString@FObj@@QAEXH@Z
?GetBufferSetLength@CUnicodeString@FObj@@QAEPAGH@Z
?SpanExcluding@CUnicodeString@FObj@@QBE?AV12@PBGH@Z
?GetExt@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
?CheckName@FileSystem@FObj@@YA_NABVCUnicodeString@2@@Z
??0CUnicodeString@FObj@@QAE@PBDI@Z
?MessageBoxW@FObj@@YAHPBGH@Z
?ThrowUserException@FObj@@YAXXZ
?IsRectEmpty@CRect@FObj@@SA_NABUtagRECT@@@Z
?PtInRect@CRect@FObj@@QBE_NUtagPOINT@@@Z
??0CUnicodeString@FObj@@QAE@PBG@Z
?destroy@CUnicodeStringBody@FObj@@QAEXXZ
??1CUnicodeString@FObj@@QAE@XZ
??0CSetupBase@FObj@@IAE@ABVCUnicodeString@1@0W4TSetupType@1@@Z
??_7CSetupBase@FObj@@6B@
??3@YAXPAX@Z
?DecRef@CUnicodeStringBody@FObj@@QAEXXZ
?GetString@CSetupBase@FObj@@QBE?AVCUnicodeString@2@XZ
?SetString@CSetupBase@FObj@@QAEXABVCUnicodeString@2@@Z
?Value@CUnicodeString@FObj@@QBE_NAA_N@Z
?UnicodeStr@FObj@@YA?AVCUnicodeString@1@_N@Z
??1CCriticalSectionLock@FObj@@QAE@XZ
??1CMemoryManagerSwitcher@FObj@@QAE@XZ
??0CMemoryManagerSwitcher@FObj@@QAE@PAVIMemoryManager@1@@Z
??0CCriticalSectionLock@FObj@@QAE@PAVCCriticalSection@1@_N@Z
?cacheSetupSection@FObj@@3VCCriticalSection@1@A
??0CMessage@FObj@@QAE@PBGH@Z
??1CMessage@FObj@@QAE@XZ
?GenAssert@FObj@@YAXPBGJ@Z
?MessageBoxW@FObj@@YAHAAVCMessage@1@H@Z
?emptyStringBody@CUnicodeStringBody@FObj@@2V12@A
??1CSetupBase@FObj@@MAE@XZ
??0CUnicodeString@FObj@@QAE@XZ
?UnicodeStr@FObj@@YA?AVCUnicodeString@1@JH@Z
?Value@CUnicodeString@FObj@@QBE_NAAHH@Z
?concatStr@CUnicodeString@FObj@@CAPAVCUnicodeStringBody@2@PBGH0H@Z
??2@YAPAXI@Z
?UnicodeStr@CMessage@FObj@@QBE?AVCUnicodeString@2@XZ
?SubstParam@CMessage@FObj@@QBE?AVCUnicodeString@2@ABV32@@Z
??0CUnicodeString@FObj@@QAE@GH@Z
?replaceStr@CUnicodeString@FObj@@AAEXHHPBGH@Z
?DoCreateObject@FObj@@YA?AV?$CPtr@VIObject@FObj@@@1@ABVCUnicodeString@1@@Z
?reduce@rational@FObj@@CAXAA_J0@Z
?GenCheck@FObj@@YAXAAVCError@1@PBG11@Z
?ERR_DIVIDE_ZERO@FObj@@3VCError@1@A
?IntersectRect@CRect@FObj@@QAE_NABUtagRECT@@0@Z
?UnionRect@CRect@FObj@@QAE_NABUtagRECT@@0@Z
??0rational@FObj@@QAE@HH@Z
?ERR_RATIONAL_OVERFLOW@FObj@@3VCError@1@A
??0CRect@FObj@@QAE@HHHH@Z
??0CUnicodeString@FObj@@QAE@ABV01@@Z
??4CUnicodeString@FObj@@QAEAAV01@ABV01@@Z
?assignStr@CUnicodeString@FObj@@AAEXPBGH@Z
?SetAt@CUnicodeString@FObj@@QAEXHG@Z
?concatStr@CUnicodeString@FObj@@AAEXPBGH@Z
?FindResourceW@FObj@@YAPAUHINSTANCE__@@PBG0@Z
??0CUnicodeString@FObj@@QAE@PBGH@Z
?UpperPrimeNumber@FObj@@YAHH@Z
?BitSetElementsTable@FObj@@3QBEB
?Delete@CException@FObj@@QAEXXZ
?Warning@FObj@@YAXPAVCException@1@@Z
?SubstParam@CMessage@FObj@@QBE?AVCUnicodeString@2@ABV32@0@Z
?SubstParam@CMessage@FObj@@QBE?AVCUnicodeString@2@ABV32@00@Z
?UnicodeFormat@CTime@FObj@@QBE?AVCUnicodeString@2@PBG@Z
??1CString@FObj@@QAE@XZ
?destroy@CStringBody@FObj@@QAEXXZ
?CreateString@CUnicodeString@FObj@@QBE?AVCString@2@I@Z
?AccessDir@FileSystem@FObj@@YA_NABVCUnicodeString@2@@Z
?DelTree@FileSystem@FObj@@YAXABVCUnicodeString@2@@Z
?SetAttributes@FileSystem@FObj@@YAXABVCUnicodeString@2@K@Z
?GetAttributes@FileSystem@FObj@@YAKABVCUnicodeString@2@@Z
?MakeDir@FileSystem@FObj@@YAXABVCUnicodeString@2@@Z
?Left@CUnicodeString@FObj@@QBE?AV12@H@Z
??0CTime@FObj@@QAE@HHHHHHHH@Z
?Mid@CUnicodeString@FObj@@QBE?AV12@HH@Z
?Right@CUnicodeString@FObj@@QBE?AV12@H@Z
?ThrowCOMException@FObj@@YAXJPAUIErrorInfo@@@Z
?ThrowMemoryException@FObj@@YAXXZ
?emptyStringBody@CStringBody@FObj@@2V12@A
?CreateUnicodeString@CString@FObj@@QBE?AVCUnicodeString@2@I@Z
??0CString@FObj@@QAE@PBD@Z
?ReleaseBuffer@CString@FObj@@QAEXH@Z
?GetBuffer@CString@FObj@@QAEPADH@Z
?SetBufferLength@CString@FObj@@QAEXH@Z
?Trim@CUnicodeString@FObj@@QAEXXZ
??1CFile@FObj@@UAE@XZ
??0CFile@FObj@@QAE@XZ
?Remove@FileSystem@FObj@@YAXABVCUnicodeString@2@@Z
?AccessFile@FileSystem@FObj@@YA_NABVCUnicodeString@2@I@Z
?Merge@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@00@Z
?GetTemporaryDir@TempFile@FObj@@YA?AVCUnicodeString@2@XZ
?Open@CFile@FObj@@QAEXABVCUnicodeString@2@IK@Z
?StrDel@CUnicodeString@FObj@@QAEXHH@Z
?GetBuffer@CUnicodeString@FObj@@QAEPAGH@Z
?GetBufferSetLength@CString@FObj@@QAEPADH@Z
?concatStr@CString@FObj@@AAEXPBDH@Z
??0CString@FObj@@QAE@DH@Z
?Str@FObj@@YA?AVCString@1@HH@Z
?concatStr@CString@FObj@@CAPAVCStringBody@2@PBDH0H@Z
?Format@FObj@@YA?AVCUnicodeString@1@PBGZZ
?DecRef@CStringBody@FObj@@QAEXXZ
?GetName@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
??1CIniFile@FObj@@QAE@XZ
??0CIniFile@FObj@@QAE@ABVCUnicodeString@1@@Z
?Merge@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@0@Z
?FindLanguageIndex@FObj@@YAHH@Z
?GetString@CIniFile@FObj@@QBE?AVCUnicodeString@2@ABV32@00@Z
?CombinePath@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@0@Z
?CompareNoCase@CUnicodeString@FObj@@QBEHPBG@Z
?SetString@CIniFile@FObj@@QAEXABVCUnicodeString@2@00@Z
??_V@YAXPAX@Z
?CmpNames@FileSystem@FObj@@YAHPBVCUnicodeString@2@0@Z
??0CError@FObj@@QAE@PBGH@Z
??1CError@FObj@@QAE@XZ
?ShowWarning@CMessageHandler@FObj@@UAEXPAVCException@2@@Z
??1CMessageBoxHandler@FObj@@UAE@XZ
?GetCurrentMessageHandler@FObj@@YAPAVCMessageHandler@1@XZ
??_7CMessageHandler@FObj@@6B@
?GetDefaultReturnValue@CMessageHandler@FObj@@SAHI@Z
??1CMessageHandlerSwitcher@FObj@@QAE@XZ
??0CMessageHandlerSwitcher@FObj@@QAE@PAVCMessageHandler@1@_N1@Z
?End@CMessageHandlerSwitcher@FObj@@QAEXXZ
?GetSystemDir@FileSystem@FObj@@YA?AVCUnicodeString@2@XZ
?MergePath@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@0@Z
?GetNameExt@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
?NormalizePath@FileSystem@FObj@@YAXAAVCUnicodeString@2@@Z
?GetFilesInDir@FileSystem@FObj@@YAXABVCUnicodeString@2@AAV?$CArray@UCFileInfo@FileSystem@FObj@@VCurrentMemoryManager@3@@2@0@Z
?Cmp@CUnicodeString@FObj@@SAHPBV12@0@Z
?CmpNoCase@CUnicodeString@FObj@@SAHPBV12@0@Z
?GetDrivePath@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
?CanonicalizePath@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
?ThrowFileException@FObj@@YAXW4TType@CFileException@1@ABVCUnicodeString@1@@Z
?UnicodeName@CFile@FObj@@QBE?AVCUnicodeString@2@XZ
?RemoveIgnoreErrors@FileSystem@FObj@@YA_NABVCUnicodeString@2@@Z
?ReleaseBuffer@CUnicodeString@FObj@@QAEXH@Z
?InflateRect@CRect@FObj@@QAEXHHHH@Z
?insertStr@CUnicodeString@FObj@@AAEXPBGHH@Z
??0CSize@FObj@@QAE@HH@Z
??0CCacheSetupEnum@FObj@@QAE@ABVCUnicodeString@1@0HPBUCEnumItem@1@W4TSetupType@1@@Z
??1CCacheSetupEnum@FObj@@UAE@XZ
??1CSetupEnum@FObj@@UAE@XZ
??0CSetupEnum@FObj@@QAE@ABVCUnicodeString@1@0HPBUCEnumItem@1@W4TSetupType@1@@Z
?IsWindows95@FObj@@YA_NXZ
?IsWindowsNT@FObj@@YA_NXZ
?CopyObject@FObj@@YAXPBVIObject@1@PAV21@@Z
?ReverseFind@CUnicodeString@FObj@@QBEHG@Z
?DeleteAll@CListBase@FObj@@QAEXXZ
??0CRect@FObj@@QAE@UtagPOINT@@UtagSIZE@@@Z
??_7CListBase@FObj@@6B@
??_7CListNodeBase@FObj@@6B@
??1CListNodeBase@FObj@@UAE@XZ
?Detach@CListNodeBase@FObj@@QAEXXZ
?NumberOfChildren@CListBase@FObj@@QBEHXZ
?InsertPrev@CListNodeBase@FObj@@QAEXPAV12@@Z
?InsertNext@CListNodeBase@FObj@@QAEXPAV12@@Z
?DetachAll@CListBase@FObj@@QAEXXZ
??_U@YAPAXI@Z
?ERR_NO_GDI_RESOURCE@FObj@@3VCError@1@A
?LoadStringW@FObj@@YA_NHAAVCUnicodeString@1@@Z
??1CVerInfo@FObj@@QAE@XZ
?GetFixedFileInfo@CVerInfo@FObj@@QAE_NAAUtagVS_FIXEDFILEINFO@@@Z
??0CVerInfo@FObj@@QAE@ABVCUnicodeString@1@@Z
?GenCheckLastError@FObj@@YAXK@Z
?UnicodeStr@FObj@@YA?AVCUnicodeString@1@IH@Z
?Value@CUnicodeString@FObj@@QBE_NAAIH@Z
?Value@CUnicodeString@FObj@@QBE_NAAN@Z
?TrimRight@CUnicodeString@FObj@@QAEXXZ
?IsWindowsXP@FObj@@YA_NXZ
?make@rational@FObj@@CA?AV12@_J0@Z
??0CPoint@FObj@@QAE@UtagSIZE@@@Z
??GCPoint@FObj@@QBE?AVCSize@1@UtagPOINT@@@Z
msvcrt
_wcmdln
__wgetmainargs
exit
_initterm
rand
_XcptFilter
_exit
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__setusermatherr
_adjust_fdiv
_lseek
__p__commode
_beginthreadex
_controlfp
free
__CxxFrameHandler
realloc
malloc
_close
__RTtypeid
_vsnwprintf
strchr
qsort
_wcsicoll
wcsncpy
wcspbrk
wcstoul
_open
swscanf
wcscpy
isalpha
isdigit
_wcsdup
_wcsnicmp
strstr
__RTDynamicCast
isalnum
_write
_read
wcsstr
time
_ftol
memmove
_purecall
wcscmp
wcslen
wcschr
_CxxThrowException
strncpy
wcscoll
comctl32
ImageList_SetImageCount
ImageList_Add
ImageList_Destroy
ImageList_GetImageInfo
ord8
ImageList_GetImageCount
ImageList_Draw
ImageList_GetIcon
ImageList_GetIconSize
_TrackMouseEvent
ImageList_Replace
ImageList_AddMasked
ImageList_ReplaceIcon
oleaut32
SystemTimeToVariantTime
VariantChangeType
OleTranslateColor
GetErrorInfo
SafeArrayPutElement
VariantCopy
SafeArrayCreate
SysStringLen
VariantInit
LoadRegTypeLi
SysAllocStringLen
SetErrorInfo
SafeArrayGetDim
SysFreeString
SysAllocString
VariantClear
CreateErrorInfo
ole32
CoTaskMemFree
OleInitialize
ReleaseStgMedium
CoDisconnectObject
StringFromCLSID
OleSetClipboard
CoCreateGuid
StringFromGUID2
fineobjfc
ord4079
ord3633
ord2576
ord4888
ord2340
ord6025
ord1101
ord6564
ord2260
ord6250
ord2581
ord4400
ord4517
ord3216
ord2214
ord354
ord6386
ord4714
ord5725
ord6560
ord6382
ord691
ord342
ord5679
ord5125
ord1538
ord4702
ord4707
ord4376
ord4422
ord4764
ord4762
ord4893
ord2113
ord6056
ord6341
ord2595
ord1772
ord3429
ord3128
ord1577
ord3428
ord4179
ord2287
ord4045
ord2278
ord3946
ord5662
ord3243
ord5711
ord2596
ord2338
ord5891
ord3038
ord879
ord3534
ord3158
ord6595
ord6502
ord2227
ord4511
ord512
ord6582
ord6466
ord2873
ord324
ord323
ord6369
ord4220
ord1384
ord5528
ord4380
ord2330
ord3547
ord1782
ord5883
ord4192
ord1316
ord4727
ord548
ord3025
ord5564
ord4332
ord4312
ord4317
ord3518
ord5132
ord4182
ord1529
ord1522
ord4139
ord2291
ord859
ord5514
ord5515
ord5712
ord4196
ord6078
ord3045
ord1661
ord5958
ord3251
ord5956
ord284
ord3936
ord4923
ord6000
ord6589
ord4281
ord6253
ord3862
ord5825
ord3789
ord4111
ord4602
ord6610
ord1275
ord1291
ord4521
ord5348
ord4249
ord4239
ord5126
ord368
ord3975
ord1062
ord6563
ord4821
ord4968
ord1182
ord4495
ord2431
ord5566
ord5568
ord5609
ord5178
ord2316
ord6013
ord1302
ord6270
ord3986
ord5086
?SetWndProcExceptionHandler@FObj@@YAP6AJPAVCException@1@PAUtagMSG@@@ZP6AJ01@Z@Z
ord3768
ord2336
ord5370
ord3985
ord645
ord583
ord290
ord886
ord5573
ord5158
ord5183
ord3900
ord5176
ord3103
ord2109
ord3745
ord5590
ord2255
ord4264
ord6285
ord6598
ord6507
ord4474
ord4233
ord4476
ord2761
ord4859
ord6251
ord1787
ord878
ord577
ord2959
ord1335
ord557
ord6555
ord4475
ord2350
ord3691
ord6113
ord945
ord1205
ord6611
ord554
ord463
ord283
ord2324
ord638
ord6516
ord6349
ord460
ord3236
ord2849
ord4254
ord5567
ord5371
ord794
ord454
ord3029
ord6266
ord6282
ord3081
ord6281
ord6446
ord3557
ord1777
ord845
ord3507
ord2660
ord3830
ord6403
ord5764
ord2266
ord1369
ord1042
ord6177
ord1803
ord2729
ord724
ord383
ord3127
ord4141
ord6398
ord1229
ord909
ord4392
ord1798
ord5121
ord5105
ord6129
ord1813
ord1814
ord3864
ord3835
ord3836
ord775
ord433
ord2145
ord2250
ord3850
ord5996
ord3847
ord3310
ord5993
ord5578
ord3603
ord2872
ord4058
ord4061
ord6102
ord3694
ord3695
ord3692
ord2821
ord5824
ord4073
ord6100
ord6118
ord3943
ord2343
ord5856
ord2327
ord1485
ord1495
ord5286
ord6532
ord5665
ord793
ord453
ord3364
ord4415
ord3110
ord3028
ord1474
ord2345
ord4582
ord3933
ord4725
ord4802
ord4656
ord4132
ord4650
ord5916
ord501
ord6581
ord6464
ord4516
ord5139
ord4824
ord5942
ord3898
ord1589
ord4185
ord2090
ord5006
ord6293
ord4127
ord5149
ord3606
ord2352
ord1710
ord6286
ord3553
ord4901
ord1542
ord5135
ord2158
ord1789
ord5146
ord2707
ord2882
ord3007
ord4247
ord2870
ord3011
ord2710
ord2815
ord2701
ord3651
ord3652
ord3646
ord2813
ord3901
ord4420
ord4204
ord1744
ord676
ord5857
ord6145
ord6506
ord6597
ord4375
ord4378
ord4717
ord4145
ord4709
ord4913
ord4115
ord4123
ord4530
ord4706
ord4318
ord4333
ord4331
ord4313
ord4316
ord4311
ord4790
ord4787
ord3931
ord5945
ord1590
ord5114
ord5159
ord4652
ord4222
ord3552
ord1541
ord5134
ord4213
ord884
ord582
ord4291
ord2128
ord3356
ord1451
ord300
ord3413
ord3454
ord657
ord3957
ord4072
ord5648
ord482
ord5999
ord5647
ord275
ord3406
ord2288
ord4180
ord5115
ord4203
ord589
ord6394
ord2574
ord3944
ord2822
ord4258
ord6103
ord2344
ord6565
ord4292
ord4648
ord1297
ord1370
ord6393
ord6562
ord4320
ord4114
ord4121
ord4705
ord4789
ord4786
ord5944
ord5150
ord1540
ord1749
ord367
ord846
ord4074
ord5620
ord2825
ord4526
ord5383
ord3859
ord1462
ord436
ord4262
ord5741
ord637
ord5649
ord282
ord493
ord6098
ord1473
ord4080
ord4895
ord4437
ord4879
ord4577
ord4898
ord4991
ord4733
ord4307
ord4639
ord4723
ord4897
ord4309
ord4308
ord4227
ord4721
ord4881
ord4601
ord4321
ord2871
ord2971
ord2093
ord1267
ord2429
ord2102
ord2794
ord4938
ord4941
ord4081
ord3107
ord4838
ord3163
ord2593
ord2592
ord3897
ord5111
ord5151
ord2353
ord1477
ord4217
ord4207
ord546
ord713
ord857
ord5714
ord3250
ord1930
ord6101
ord5534
ord3604
ord2699
ord4484
ord4438
ord1586
ord6277
ord2127
ord1676
ord4043
ord4175
ord3109
ord3362
ord4154
ord734
ord633
ord1593
ord6119
ord4576
ord2348
ord3874
ord2658
ord1274
ord6069
ord3953
langinfo
?LinguisticCaseDifferenceOnly@LangInfo@@SI_NFFFK@Z
?GetLanguageId@LangInfo@@SIFPBD@Z
?GetLetterFromUnicode@LangInfo@@SIFG@Z
?languagesCount@LangInfo@@0HB
?GetLanguageDigitsSuffixes@LangInfo@@SIABVCLetterSet@@F@Z
?GetLanguageDigitsPrefixes@LangInfo@@SIABVCLetterSet@@F@Z
?GetLanguageDigits@LangInfo@@SIABVCLetterSet@@F@Z
?GetLanguageIgnorableLetters@LangInfo@@SIABVCLetterSet@@F@Z
?GetLanguageInterwordPunctuators@LangInfo@@SIABVCLetterSet@@F@Z
?GetLanguageSuffixes@LangInfo@@SIABVCLetterSet@@F@Z
?GetLanguagePrefixes@LangInfo@@SIABVCLetterSet@@F@Z
?GetLanguageAlphabet@LangInfo@@SIABVCLetterSet@@F@Z
??0CLetterSet@@QAE@PBD@Z
?DigitLetters@LangInfo@@2VCLetterSet@@A
?LinguisticLetters@LangInfo@@2VCLetterSet@@B
?IsCodePageOfType@LangInfo@@SI_NHW4CodePageType@@@Z
?IsValidCodePage@LangInfo@@SI_NH@Z
?codePagesCount@LangInfo@@0HB
?TranslateUnicodeToChars@LangInfo@@SI_NPBGPADHH@Z
?GetCodePageFromLanguage@LangInfo@@SIHFW4CodePageType@@@Z
?GetLetterSetFromCodePage@LangInfo@@SIABVCLetterSet@@H@Z
?GetExternalLanguageName@LangInfo@@SI?AVCUnicodeString@FObj@@F@Z
?TranslateToUnicode@LangInfo@@SIXPBDPAGHH@Z
?GetCodePageFromAnsiID@LangInfo@@SIHI@Z
?IsValidCodePageAnsiID@LangInfo@@SI_NI@Z
?GetLanguageFromLCID@LangInfo@@SIFK@Z
?GetUnicodeFromLetter@LangInfo@@SIGF@Z
?LinguisticUpperCase@LangInfo@@SIFFFK@Z
?GetPrimaryLanguage@LangInfo@@SIFF@Z
?GetExternalCodePageName@LangInfo@@SI?AVCUnicodeString@FObj@@H@Z
?GetCodePage@LangInfo@@SIHPBD@Z
?IsValidLanguageId@LangInfo@@SI_NF@Z
?GetSystemCodePage@LangInfo@@SIHW4CodePageType@@@Z
?GetUserDefaultLanguage@LangInfo@@SIFXZ
?IsValidUnicodeScript@LangInfo@@SI_NF@Z
?scriptsCount@LangInfo@@0HB
?IsValidLetter@LangInfo@@SI_NF@Z
?GetExternalUnicodeScriptName@LangInfo@@SI?AVCUnicodeString@FObj@@F@Z
?GetUnicodeScriptSymbolsRange@LangInfo@@SIXFAAG0@Z
?charsToLetters@LangInfo@@0QBQBFB
trs
ord1
mpr
WNetOpenEnumA
WNetGetUniversalNameA
WNetEnumResourceA
WNetCloseEnum
Exports
Exports
Sections
.text Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 440KB - Virtual size: 437KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 180KB - Virtual size: 212KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 168KB - Virtual size: 166KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.UPX0 Size: 104KB - Virtual size: 252KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE