qbittorrent_5[.]0[.]0_x64_setup[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

qbittorrent_5.0.0_x64_setup.exe
Size

37.5MB
MD5

bef1037fb5f78d34dd95e353699db74a
SHA1

7c29e428056fe381afe1f741e04464bb4db4ce88
SHA256

f48ea5324636766d96c27132b31368a304373535cc1fbc400d5d8d4b30fe1693
SHA512

56defd53e6b07f65db7dd85ffff9164358d4a4eeb613c737a82c4ea976f9a5c502b91c389bbdd56fa83db05424bde9c91d2494f7ab541d546d3f3ba8c41e9ea4
SSDEEP

786432:7dCpKYOSSaVS5HWSWELqPsrxOKZo8xjqcGwpawIP9DNU/:7dj/SShWZG2/ojXhIPU/

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
static1/unpack001/qbittorrent.exe	embeds_openssl

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
qbittorrent_5.0.0_x64_setup.exe
unpack001/$PLUGINSDIR/FindProcDLL.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UAC.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsisFirewallW.dll
unpack001/qbittorrent.exe
unpack001/uninst.exe
unpack002/$PLUGINSDIR/FindProcDLL.dll
unpack002/$PLUGINSDIR/LangDLL.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UAC.dll
unpack002/$PLUGINSDIR/nsisFirewallW.dll

Files

qbittorrent_5.0.0_x64_setup.exe
.exe windows:4 windows x86 arch:x86

9dda1a1d1f8a1d13ae0297b47046b26e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
WriteFile
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
CopyFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 188KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:5 windows x86 arch:x86

0cd94af3a016a5de4ab9a5a9a02d4173

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyW
CloseHandle
Sleep
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
GetLongPathNameW
lstrcmpiW
QueryDosDeviceW
GetLogicalDriveStringsW
lstrlenW
OpenProcess
GetCurrentProcessId
GetProcAddress
LoadLibraryW
GetVersionExW

Exports

Exports

FindProc
KillProc
WaitProcEnd
WaitProcStart

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

fe3375e7e4529b73ba45ab2246b9269b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrlenW
GlobalAlloc
lstrcmpW
GetModuleHandleW
MulDiv
lstrcpyW
lstrcpynW

user32

SetWindowTextW
SetDlgItemTextW
SendDlgItemMessageW
EndDialog
DialogBoxParamW
LoadIconW
SendMessageW
ShowWindow
GetDC

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 681B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

0ef725341a4aecf8398c0e2132f38049

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetCurrentProcessId
GetCommandLineW
GetProcAddress
CreateThread
GlobalFree
LoadLibraryA
OpenProcess
GlobalAlloc
CreateFileMappingW
Sleep
MapViewOfFile
GetModuleHandleW
UnmapViewOfFile
CreateEventW
SetCurrentDirectoryW
GetVersionExW
GetExitCodeProcess
lstrcatW
LocalFree
GetPrivateProfileStringW
FormatMessageW
GetPrivateProfileIntW
CreateProcessW
CloseHandle
GetLastError
DuplicateHandle
GetCurrentThreadId
lstrlenW
SetEvent
WaitForSingleObject
lstrcmpiW
GetExitCodeThread
GetModuleFileNameW

user32

SetWindowPos
GetClientRect
GetWindowThreadProcessId
SetWindowLongW
DefWindowProcW
GetDlgItem
CallWindowProcW
CallNextHookEx
GetClassNameW
PeekMessageW
DestroyWindow
SendMessageW
SetForegroundWindow
IsWindowVisible
MsgWaitForMultipleObjects
LoadStringW
EndDialog
EnableWindow
DialogBoxParamW
LoadImageW
MessageBoxW
GetWindowLongW
DispatchMessageW
ShowWindow
wsprintfW
CreateDialogParamW
GetWindowRect
IsDialogMessageW
FindWindowExW
CharNextW
CreateWindowExW
LoadIconW
PostMessageW
SetWindowsHookExW
UnhookWindowsHookEx
TranslateMessage

shell32

ShellExecuteExW

advapi32

OpenServiceW
QueryServiceStatus
CloseServiceHandle
OpenProcessToken
OpenSCManagerW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
EqualSid

ole32

CoInitialize

Exports

Exports

_

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

3b477381217c97b22146297f93df2a92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
GetFileAttributesW
lstrcmpiW
MulDiv
lstrlenW
HeapFree
GetProcessHeap
GetCurrentDirectoryW
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
HeapAlloc
SetCurrentDirectoryW

user32

GetPropW
DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
RemovePropW
CharPrevW
GetWindowLongW
DrawTextW
GetWindowTextW
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
MapDialogRect
GetClientRect
CharNextW
SendMessageW
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisFirewallW.dll
.dll windows:4 windows x86 arch:x86

18ecfc7436b69f8c13ec22664f9f1857

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
InterlockedDecrement
LocalFree

user32

wsprintfW

ole32

OleRun
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

GetErrorInfo
SysFreeString
SysAllocString

msvcrt

free
_adjust_fdiv
malloc
_initterm
_CxxThrowException
??2@YAPAXI@Z
??3@YAXPAX@Z
??1type_info@@UAE@XZ
__CxxFrameHandler

Exports

Exports

AddAuthorizedApplication
RemoveAuthorizedApplication

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
qbittorrent.exe
.exe windows:6 windows x64 arch:x64

d7fe1989b38d66b5cd44fd34b83300fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

qbittorrent.pdb

Imports

d3d11

D3D11CreateDevice

dxgi

CreateDXGIFactory2

d3d12

D3D12SerializeVersionedRootSignature
ord102
ord101

uxtheme

GetThemeColor
GetThemePropertyOrigin
GetThemeEnumValue
GetThemeInt
GetThemeBool
GetThemeTransitionDuration
GetCurrentThemeName
CloseThemeData
ord47
IsThemeBackgroundPartiallyTransparent
OpenThemeData
GetThemePartSize
GetThemeMargins
IsThemeActive
IsAppThemed
SetWindowTheme
GetThemeBackgroundRegion

dwrite

DWriteCreateFactory

gdi32

GdiFlush
CreateDIBSection
CreateCompatibleDC
SelectClipRgn
SelectObject
DeleteObject
CombineRgn
CreateRectRgn
DeleteDC
GetBitmapBits
GetDIBits
GetObjectW
CreateBitmap
CreateCompatibleBitmap
CreateDCW
OffsetRgn
SetLayout
BitBlt
GetDeviceCaps
ExtTextOutW
SetTextAlign
SetBkMode
SetTextColor
GetCharABCWidthsW
GetCharABCWidthsI
GetCharABCWidthsFloatW
GetGlyphOutlineW
SetWorldTransform
SetGraphicsMode
GetTextExtentPoint32W
GetCharWidthI
GetStockObject
GetTextFaceW
RemoveFontResourceExW
AddFontResourceExW
GetTextMetricsW
GetOutlineTextMetricsW
RemoveFontMemResourceEx
AddFontMemResourceEx
EnumFontFamiliesExW
GetFontData
CreateFontIndirectW
GetRegionData

dwmapi

DwmSetWindowAttribute
DwmGetWindowAttribute
DwmEnableBlurBehindWindow

imm32

ImmNotifyIME
ImmReleaseContext
ImmGetOpenStatus
ImmAssociateContextEx
ImmAssociateContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey
ImmGetCompositionStringW
ImmGetDefaultIMEWnd
ImmGetContext

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDeviceInterfaceW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey

shlwapi

AssocQueryStringW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

comdlg32

GetOpenFileNameW
GetSaveFileNameW

d3d9

Direct3DCreate9

wsock32

ord1142
socket
WSAStartup
getpeername
__WSAFDIsSet
accept
bind
closesocket
select
WSACleanup
getsockname
ntohl
htonl
ntohs
WSASetLastError
WSAGetLastError
htons
setsockopt
listen
inet_ntoa
getsockopt
ord1141
connect

iphlpapi

ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToIndex
GetAdaptersAddresses
CancelMibChangeNotify2
ConvertInterfaceLuidToGuid
ConvertInterfaceNameToLuidW
NotifyUnicastIpAddressChange
ConvertInterfaceLuidToNameW

winhttp

WinHttpGetProxyForUrl
WinHttpOpen
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle

oleaut32

SysAllocString
VariantClear
VariantInit
GetErrorInfo
SysStringLen
SetErrorInfo
SafeArrayPutElement
SafeArrayCreateVector
SysFreeString

secur32

AcceptSecurityContext
DeleteSecurityContext
QueryContextAttributesW
EncryptMessage
FreeCredentialsHandle
DecryptMessage
InitializeSecurityContextW
ApplyControlToken
AcquireCredentialsHandleW
FreeContextBuffer
InitSecurityInterfaceW

bcrypt

BCryptDecrypt
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptFreeBuffer
BCryptDestroyKey
BCryptEncrypt
BCryptEnumContextFunctions

ncrypt

NCryptSetProperty
NCryptExportKey

crypt32

CertAddCertificateContextToStore
CertOpenSystemStoreW
CertGetCertificateContextProperty
CertCompareCertificate
CryptEncodeObject
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateChain
CertDuplicateCertificateContext
CertVerifyTimeValidity
CertGetCertificateChain
CertOpenSystemStoreA
CertFindChainInStore
CertAddStoreToCollection
PFXImportCertStore
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertCreateCertificateContext

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

mpr

WNetGetUniversalNameW

userenv

GetUserProfileDirectoryW

advapi32

CryptEnumProvidersW
FreeSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
GetTokenInformation
InitializeSecurityDescriptor
RegFlushKey
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumValueW
RegCreateKeyExW
LookupAccountSidW
GetNamedSecurityInfoW
AddAccessAllowedAceEx
AddAccessDeniedAceEx
DuplicateToken
CopySid
SystemFunction036
GetSidSubAuthorityCount
GetSidSubAuthority
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDecrypt
CryptExportKey
CryptCreateHash
CryptSetHashParam
CryptDestroyHash
CryptSignHashW
CryptAcquireContextW
CryptGetUserKey
CryptDestroyKey
CryptGenRandom
CryptGetProvParam
CryptReleaseContext
RegNotifyChangeKeyValue
LookupAccountNameW
GetUserNameW
RegQueryValueExW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
SetSecurityDescriptorOwner

authz

AuthzInitializeResourceManager
AuthzFreeResourceManager
AuthzInitializeContextFromSid
AuthzInitializeContextFromToken
AuthzFreeContext
AuthzAccessCheck

kernel32

SetFileTime
GetFileInformationByHandleEx
GetVolumePathNamesForVolumeNameW
TzSpecificLocalTimeToSystemTime
VirtualQuery
OpenFileMappingW
GetModuleFileNameW
PeekNamedPipe
CloseThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
GetUserPreferredUILanguages
GetTimeFormatW
GetDateFormatW
GetCurrencyFormatW
GetUserDefaultLCID
LocaleNameToLCID
GetCurrentPackageFullName
LoadLibraryExW
LocalAlloc
IsProcessorFeaturePresent
SystemTimeToTzSpecificLocalTime
FreeLibraryAndExitThread
ExitThread
GetLogicalDrives
GetCurrentDirectoryW
MoveFileW
MoveFileExW
FileTimeToSystemTime
SetFileInformationByHandle
GetTimeZoneInformation
FindFirstFileExW
FindFirstChangeNotificationW
FindCloseChangeNotification
FindNextChangeNotification
SetErrorMode
GetVolumeNameForVolumeMountPointW
GetDiskFreeSpaceExW
GetUserGeoID
GetGeoInfoW
CreateSemaphoreW
K32GetModuleFileNameExW
ExitProcess
LCMapStringW
CompareStringW
GetComputerNameExW
GetNativeSystemInfo
ResumeThread
GetThreadPriority
SwitchToThread
CreateThread
GetConsoleOutputCP
SetConsoleCtrlHandler
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
GetCommandLineA
SetStdHandle
EncodePointer
TryAcquireSRWLockExclusive
RtlPcToFileHeader
QueryPerformanceFrequency
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
IsValidLocale
EnumSystemLocalesW
SetEnvironmentVariableW
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetLocaleInfoEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
IsValidCodePage
GetOEMCP
WriteConsoleW
OutputDebugStringW
CloseHandle
GetCurrentProcess
GetCurrentThread
SetThreadPriority
GetProcAddress
LoadLibraryW
LocalFree
FormatMessageA
FormatMessageW
WideCharToMultiByte
GetCurrentProcessId
GetLastError
ReleaseMutex
WaitForSingleObject
CreateMutexW
OpenMutexW
Sleep
WaitForMultipleObjects
RtlCaptureStackBackTrace
MultiByteToWideChar
GetDriveTypeW
GetVolumePathNameW
CreateFileW
WriteFile
GetSystemDirectoryW
GetFileAttributesW
SetFileAttributesW
SetThreadExecutionState
GetVolumeInformationW
lstrcmpW
GetConsoleWindow
GetLongPathNameW
GetUserDefaultLangID
CreateEventW
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetUserDefaultLocaleName
GetModuleHandleW
GetCurrentThreadId
WTSGetActiveConsoleSessionId
OpenProcess
CheckRemoteDebuggerPresent
GlobalAlloc
GlobalLock
GlobalUnlock
ExpandEnvironmentStringsW
CreateProcessW
GlobalSize
GetACP
GetLocaleInfoW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
PostQueuedCompletionStatus
SetWaitableTimer
SetLastError
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
SetEvent
TerminateThread
QueueUserAPC
SleepEx
CreateIoCompletionPort
GetFileAttributesExW
CreateDirectoryW
RemoveDirectoryW
CreateHardLinkW
GetFileInformationByHandle
DeleteFileW
CopyFileW
ReadFile
FindFirstFileW
GetFileSizeEx
FindNextFileW
DeviceIoControl
SetEndOfFile
FindClose
LoadLibraryA
GetOverlappedResult
SetFilePointerEx
CreateEventA
CreateWaitableTimerA
CancelIoEx
CancelIo
GetModuleHandleA
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
WaitForMultipleObjectsEx
WaitNamedPipeW
DisconnectNamedPipe
CreateNamedPipeW
ConnectNamedPipe
ResetEvent
GlobalFree
GetModuleHandleExW
FreeLibrary
DeleteFiber
SwitchToFiber
CreateFiberEx
VirtualFree
VirtualAlloc
GetSystemInfo
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
SystemTimeToFileTime
GetSystemTime
TryEnterCriticalSection
ReleaseSemaphore
GetExitCodeThread
CreateSemaphoreA
GetEnvironmentVariableW
RtlVirtualUnwind
GetStdHandle
GetFileType
ConvertThreadToFiberEx
ConvertFiberToThread
SetConsoleMode
ReadConsoleA
GetConsoleMode
ReadConsoleW
AreFileApisANSI
HeapCreate
HeapFree
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
SetFilePointer
GetFullPathNameA
UnlockFileEx
GetTempPathW
HeapValidate
HeapSize
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
DuplicateHandle
FlushViewOfFile
CreateFileA
WaitForSingleObjectEx
DeleteFileA
HeapReAlloc
RaiseException
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
GetProcessHeap
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
CompareStringEx
FreeConsole
AllocConsole
AttachConsole
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
TerminateProcess
GetExitCodeProcess
GetProcessId
GetLocalTime

netapi32

NetShareEnum
NetApiBufferFree

ole32

CoTaskMemFree
CoUninitialize
CoCreateGuid
CoCreateInstance
CoLockObjectExternal
StringFromGUID2
RevokeDragDrop
OleInitialize
OleUninitialize
OleGetClipboard
OleFlushClipboard
OleSetClipboard
OleIsCurrentClipboard
DoDragDrop
ReleaseStgMedium
CoGetApartmentType
CoGetObjectContext
CoGetMalloc
RegisterDragDrop
CoInitializeEx
CoCreateFreeThreadedMarshaler

user32

DrawIconEx
RegisterDeviceNotificationW
UnregisterDeviceNotification
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjectsEx
SetCoalescableTimer
RegisterClassW
SetTimer
GetQueueStatus
KillTimer
CharPrevExA
PostThreadMessageW
EnumWindows
ShutdownBlockReasonCreate
ShutdownBlockReasonDestroy
AllowSetForegroundWindow
GetSystemMenu
EnableMenuItem
GetSysColor
GetSystemMetricsForDpi
SystemParametersInfoForDpi
SystemParametersInfoW
DestroyWindow
GetDesktopWindow
GetDC
ReleaseDC
GetSystemMetrics
MessageBoxW
GetDisplayConfigBufferSizes
QueryDisplayConfig
GetMonitorInfoW
DisplayConfigGetDeviceInfo
DestroyIcon
IsWindow
GetCaretBlinkTime
GetDoubleClickTime
MessageBeep
UpdateLayeredWindowIndirect
DefWindowProcW
DestroyCursor
GetWindowLongPtrW
GetAncestor
GetCapture
GetClientRect
ClientToScreen
ScreenToClient
SetWindowLongPtrW
GetWindowPlacement
GetWindowRect
GetParent
IsWindowVisible
UpdateLayeredWindow
SetLayeredWindowAttributes
InvalidateRect
MonitorFromPoint
GetDpiForWindow
CreateWindowExW
SetWindowPos
AdjustWindowRectEx
AdjustWindowRectExForDpi
IsTouchWindow
SetWindowTextW
SetParent
ShowWindow
UnregisterTouchWindow
SetForegroundWindow
GetForegroundWindow
IsChild
GetWindow
SetWindowPlacement
IsZoomed
IsIconic
MonitorFromWindow
MoveWindow
GetUpdateRect
BeginPaint
EndPaint
ReleaseCapture
GetMenu
SetWindowRgn
AttachThreadInput
SetFocus
SendMessageTimeoutW
GetWindowThreadProcessId
BringWindowToTop
SetActiveWindow
SetCapture
PostMessageW
SetCursor
FlashWindowEx
SendMessageW
RegisterTouchWindow
RegisterWindowMessageW
ChangeWindowMessageFilter
GetKeyboardLayoutList
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
IsValidDpiAwarenessContext
AreDpiAwarenessContextsEqual
GetWindowDpiAwarenessContext
GetThreadDpiAwarenessContext
SetProcessDpiAwarenessContext
GetClassInfoW
LoadImageW
RegisterClassExW
UnregisterClassW
ChildWindowFromPointEx
WindowFromPoint
EnableNonClientDpiScaling
GetCursorPos
GetFocus
AddClipboardFormatListener
SetClipboardViewer
RemoveClipboardFormatListener
ChangeClipboardChain
IsHungAppWindow
RegisterClipboardFormatW
GetMessageW
GetPointerInfo
SendInput
EnumDisplayMonitors
GetKeyboardLayout
FindWindowA
IsWindowEnabled
CreateCaret
ShowCaret
DestroyCaret
SetCaretPos
GetMenuItemInfoW
SetMenuItemInfoW
ModifyMenuW
RemoveMenu
InsertMenuW
AppendMenuW
CreateMenu
DestroyMenu
CreatePopupMenu
TrackPopupMenu
SetMenu
DrawMenuBar
LoadIconW
GetClipboardFormatNameW
EnumDisplayDevicesW
CreateIconIndirect
CreateCursor
GetCursor
GetCursorInfo
SetCursorPos
LoadCursorW
GetIconInfo
ToUnicode
GetKeyboardState
ToAscii
HiliteMenuItem
SetMenuDefaultItem
TrackPopupMenuEx
PeekMessageW
GetKeyState
MapVirtualKeyW
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetTouchInputInfo
CloseTouchInputHandle
GetPointerType
GetPointerFrameTouchInfo
GetPointerFrameTouchInfoHistory
GetPointerPenInfo
GetPointerPenInfoHistory
SkipPointerFrameMessages
GetPointerDeviceRects
ChangeWindowMessageFilterEx
GetProcessWindowStation
GetUserObjectInformationW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

WSAAsyncSelect
WSAAddressToStringW
WSAHtonl
WSAAccept
WSAConnect
WSAStringToAddressW
freeaddrinfo
WSARecv
getaddrinfo
WSASocketW
WSASend
WSARecvFrom
WSASendTo
WSAIoctl
getnameinfo
WSANtohs
WSANtohl

winmm

timeKillEvent
timeSetEvent
PlaySoundW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

shell32

SHGetStockIconInfo
SHGetFileInfoW
ord727
SHCreateItemFromIDList
SHGetKnownFolderIDList
CommandLineToArgvW
ord190
SHOpenFolderAndSelectItems
SHGetKnownFolderPath
ShellExecuteW
ord6
ord155
SHCreateItemFromParsingName
ShellExecuteExW
Shell_NotifyIconW
Shell_NotifyIconGetRect
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW

powrprof

SetSuspendState

dbgeng

DebugCreate

Exports

Exports

boost_stacktrace_impl_return_nullptr
qt_startup_hook

Sections

.text
Size: 21.3MB - Virtual size: 21.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11.9MB - Virtual size: 11.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 415KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 763KB - Virtual size: 762KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
qbittorrent.pdb
qt.conf
translations/qt_gl.qm
translations/qt_lt.qm
translations/qt_pt_PT.qm
translations/qt_sl.qm
translations/qt_sv.qm
translations/qtbase_ar.qm
translations/qtbase_bg.qm
translations/qtbase_ca.qm
translations/qtbase_cs.qm
translations/qtbase_da.qm
translations/qtbase_de.qm
translations/qtbase_es.qm
translations/qtbase_fa.qm
translations/qtbase_fi.qm
translations/qtbase_fr.qm
translations/qtbase_gd.qm
translations/qtbase_he.qm
translations/qtbase_hr.qm
translations/qtbase_hu.qm
translations/qtbase_it.qm
translations/qtbase_ja.qm
translations/qtbase_ka.qm
translations/qtbase_ko.qm
translations/qtbase_lv.qm
translations/qtbase_nl.qm
translations/qtbase_nn.qm
translations/qtbase_pl.qm
translations/qtbase_pt_BR.qm
translations/qtbase_ru.qm
translations/qtbase_sk.qm
translations/qtbase_tr.qm
translations/qtbase_uk.qm
translations/qtbase_zh_CN.qm
translations/qtbase_zh_TW.qm
uninst.exe
.exe windows:4 windows x86 arch:x86

9dda1a1d1f8a1d13ae0297b47046b26e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
WriteFile
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
CopyFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 188KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:5 windows x86 arch:x86

0cd94af3a016a5de4ab9a5a9a02d4173

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyW
CloseHandle
Sleep
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
GetLongPathNameW
lstrcmpiW
QueryDosDeviceW
GetLogicalDriveStringsW
lstrlenW
OpenProcess
GetCurrentProcessId
GetProcAddress
LoadLibraryW
GetVersionExW

Exports

Exports

FindProc
KillProc
WaitProcEnd
WaitProcStart

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

fe3375e7e4529b73ba45ab2246b9269b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrlenW
GlobalAlloc
lstrcmpW
GetModuleHandleW
MulDiv
lstrcpyW
lstrcpynW

user32

SetWindowTextW
SetDlgItemTextW
SendDlgItemMessageW
EndDialog
DialogBoxParamW
LoadIconW
SendMessageW
ShowWindow
GetDC

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 681B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

0ef725341a4aecf8398c0e2132f38049

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetCurrentProcessId
GetCommandLineW
GetProcAddress
CreateThread
GlobalFree
LoadLibraryA
OpenProcess
GlobalAlloc
CreateFileMappingW
Sleep
MapViewOfFile
GetModuleHandleW
UnmapViewOfFile
CreateEventW
SetCurrentDirectoryW
GetVersionExW
GetExitCodeProcess
lstrcatW
LocalFree
GetPrivateProfileStringW
FormatMessageW
GetPrivateProfileIntW
CreateProcessW
CloseHandle
GetLastError
DuplicateHandle
GetCurrentThreadId
lstrlenW
SetEvent
WaitForSingleObject
lstrcmpiW
GetExitCodeThread
GetModuleFileNameW

user32

SetWindowPos
GetClientRect
GetWindowThreadProcessId
SetWindowLongW
DefWindowProcW
GetDlgItem
CallWindowProcW
CallNextHookEx
GetClassNameW
PeekMessageW
DestroyWindow
SendMessageW
SetForegroundWindow
IsWindowVisible
MsgWaitForMultipleObjects
LoadStringW
EndDialog
EnableWindow
DialogBoxParamW
LoadImageW
MessageBoxW
GetWindowLongW
DispatchMessageW
ShowWindow
wsprintfW
CreateDialogParamW
GetWindowRect
IsDialogMessageW
FindWindowExW
CharNextW
CreateWindowExW
LoadIconW
PostMessageW
SetWindowsHookExW
UnhookWindowsHookEx
TranslateMessage

shell32

ShellExecuteExW

advapi32

OpenServiceW
QueryServiceStatus
CloseServiceHandle
OpenProcessToken
OpenSCManagerW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
EqualSid

ole32

CoInitialize

Exports

Exports

_

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsisFirewallW.dll
.dll windows:4 windows x86 arch:x86

18ecfc7436b69f8c13ec22664f9f1857

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
InterlockedDecrement
LocalFree

user32

wsprintfW

ole32

OleRun
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

GetErrorInfo
SysFreeString
SysAllocString

msvcrt

free
_adjust_fdiv
malloc
_initterm
_CxxThrowException
??2@YAPAXI@Z
??3@YAXPAX@Z
??1type_info@@UAE@XZ
__CxxFrameHandler

Exports

Exports

AddAuthorizedApplication
RemoveAuthorizedApplication

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9dda1a1d1f8a1d13ae0297b47046b26e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 126KB

.ndata Size: - Virtual size: 188KB

.rsrc Size: 35KB - Virtual size: 35KB

0cd94af3a016a5de4ab9a5a9a02d4173

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 28B

.reloc Size: 512B - Virtual size: 196B

fe3375e7e4529b73ba45ab2246b9269b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 681B

.data Size: 512B - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 352B

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 662B

0ef725341a4aecf8398c0e2132f38049

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

advapi32

ole32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 126KB

.ndata
Size: - Virtual size: 188KB

.rsrc
Size: 35KB - Virtual size: 35KB

.text
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 28B

.reloc
Size: 512B - Virtual size: 196B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 681B

.data
Size: 512B - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 352B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 100B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 638B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 324B

.reloc
Size: 1024B - Virtual size: 546B